@blamejs/core 0.9.14 → 0.9.16

package/lib/cluster.js

@@ -45,7 +45,7 @@
  */
 var C = require("./constants");
 var clusterProviderDb = require("./cluster-provider-db");
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var lazyRequire = require("./lazy-require");
 var { boot } = require("./log");
 var safeAsync = require("./safe-async");
@@ -428,7 +428,7 @@ function _vaultKeyFingerprint() {
   if (!keys || !keys.publicKey || !keys.ecPublicKey) return null;
   // Domain-separation prefix so this fingerprint can't be confused
   // with a hash of the same bytes computed elsewhere in the framework.
-  return crypto.sha3Hash("blamejs/cluster-state/v1\n" +
+  return bCrypto.sha3Hash("blamejs/cluster-state/v1\n" +
                          keys.publicKey + "\n" +
                          keys.ecPublicKey);
 }

package/lib/compliance-sanctions.js

@@ -483,9 +483,9 @@ function create(opts) {
   // ignorable for the audit-trail use case (operators store the
   // ruleVersion + entry count alongside).
   function snapshot() {
-    var crypto = require("crypto");
+    var nodeCrypto = require("crypto");
     var ids = index.map(function (e) { return e.id; }).sort();
-    var hash = crypto.createHash("sha3-512");
+    var hash = nodeCrypto.createHash("sha3-512");
     for (var i = 0; i < ids.length; i++) hash.update(ids[i]);
     return {
       algorithm:    algorithm,

package/lib/compliance.js

@@ -46,11 +46,10 @@ var sanctions = require("./compliance-sanctions");
 var aiAct     = require("./compliance-ai-act");
 var { ComplianceError } = require("./framework-error");
 
-var audit = lazyRequire(function () { return require("./audit"); });
+var audit         = lazyRequire(function () { return require("./audit"); });
 var retentionMod  = lazyRequire(function () { return require("./retention"); });
-var auditFwk      = lazyRequire(function () { return require("./audit"); });
-var dbMod         = lazyRequire(function () { return require("./db"); });
-var cryptoFieldMod = lazyRequire(function () { return require("./crypto-field"); });
+var db            = lazyRequire(function () { return require("./db"); });
+var cryptoField   = lazyRequire(function () { return require("./crypto-field"); });
 
 // Recognised posture names. Aligns with the compliance-posture
 // vocabulary every guard / retention floor / etc. accepts. Operators
@@ -371,9 +370,9 @@ function set(posture) {
 function _applyPostureCascade(posture) {
   var steps = [
     { primitive: "retention",   resolver: function () { return retentionMod(); } },
-    { primitive: "audit",       resolver: function () { return auditFwk();    } },
-    { primitive: "db",          resolver: function () { return dbMod();        } },
-    { primitive: "cryptoField", resolver: function () { return cryptoFieldMod(); } },
+    { primitive: "audit",       resolver: function () { return audit();       } },
+    { primitive: "db",          resolver: function () { return db();        } },
+    { primitive: "cryptoField", resolver: function () { return cryptoField(); } },
   ];
   for (var i = 0; i < steps.length; i += 1) {
     var step = steps[i];

package/lib/config-drift.js

@@ -35,11 +35,11 @@
  * @card
  *   Monitor + alert when runtime config diverges from a declared baseline.
  */
-var fs = require("node:fs");
-var path = require("node:path");
+var nodeFs = require("node:fs");
+var nodePath = require("node:path");
 var auditSign = require("./audit-sign");
 var canonicalJson = require("./canonical-json");
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var lazyRequire = require("./lazy-require");
 var safeJson = require("./safe-json");
 var validateOpts = require("./validate-opts");
@@ -57,12 +57,12 @@ var SIDECAR_VERSION = 1;
 // Deterministic key order so the same snapshot always hashes to the same
 // digest. Pre-v0.6.67 the in-line implementation silently lost Date /
 // Map / Set / Buffer / BigInt content; the shared walker handles all
-// of those + circular refs. Same bytes as audit-chain / audit-tools /
+// of those + circular renodeFs. Same bytes as audit-chain / audit-tools /
 // pagination would produce for the same input.
 function _stableStringify(value) { return canonicalJson.stringify(value); }
 
 function _hashSnapshot(snapshot) {
-  return crypto.sha3Hash(_stableStringify(snapshot));
+  return bCrypto.sha3Hash(_stableStringify(snapshot));
 }
 
 function _diffShallow(prev, next) {
@@ -155,7 +155,7 @@ function create(opts) {
   // (e.g. operator-tracked metadata that legitimately changes per
   // boot). Captured in the snapshot but never flagged.
   var ignoreKeys = Array.isArray(opts.ignoreKeys) ? opts.ignoreKeys.slice() : [];
-  var sidecarPath = path.join(dataDir,
+  var sidecarPath = nodePath.join(dataDir,
     baselineName === "default" ? SIDECAR_NAME : ("config-baseline-" + baselineName + ".sig"));
 
   function _emit(action, info, outcome) {
@@ -172,9 +172,9 @@ function create(opts) {
   }
 
   function _readSidecar() {
-    if (!fs.existsSync(sidecarPath)) return null;
+    if (!nodeFs.existsSync(sidecarPath)) return null;
     var raw;
-    try { raw = fs.readFileSync(sidecarPath, "utf8"); }
+    try { raw = nodeFs.readFileSync(sidecarPath, "utf8"); }
     catch (_e) { return null; }
     var parsed;
     try { parsed = safeJson.parse(raw); }
@@ -200,8 +200,8 @@ function create(opts) {
       snapshot:         snapshot,
     };
     var tmp = sidecarPath + ".tmp";
-    fs.writeFileSync(tmp, JSON.stringify(payload, null, 2));
-    fs.renameSync(tmp, sidecarPath);
+    nodeFs.writeFileSync(tmp, JSON.stringify(payload, null, 2));
+    nodeFs.renameSync(tmp, sidecarPath);
   }
 
   function _verifySidecar(parsed) {
@@ -366,10 +366,10 @@ function create(opts) {
  */
 function verifyVendorIntegrity(opts) {
   opts = opts || {};
-  var libVendorDir  = opts.libVendorDir  || path.join(process.cwd(), "lib", "vendor");
-  var manifestPath  = opts.manifestPath  || path.join(libVendorDir, "MANIFEST.json");
+  var libVendorDir  = opts.libVendorDir  || nodePath.join(process.cwd(), "lib", "vendor");
+  var manifestPath  = opts.manifestPath  || nodePath.join(libVendorDir, "MANIFEST.json");
   var raw;
-  try { raw = fs.readFileSync(manifestPath, "utf8"); }
+  try { raw = nodeFs.readFileSync(manifestPath, "utf8"); }
   catch (_e) {
     throw _err("VENDOR_MANIFEST_MISSING",
       "vendor MANIFEST.json missing at " + manifestPath, true);
@@ -389,10 +389,10 @@ function verifyVendorIntegrity(opts) {
       var rel = files[kind];
       var expected = hashes[kind];
       if (typeof rel !== "string" || typeof expected !== "string") return;
-      var abs = path.isAbsolute(rel) ? rel : path.join(process.cwd(), rel);
+      var abs = nodePath.isAbsolute(rel) ? rel : nodePath.join(process.cwd(), rel);
       var actual;
       try {
-        var bytes = fs.readFileSync(abs);
+        var bytes = nodeFs.readFileSync(abs);
         actual = "sha256:" + require("node:crypto")
           .createHash("sha256").update(bytes).digest("hex");
       } catch (_e) {

package/lib/config.js

@@ -29,7 +29,7 @@ var lazyRequire = require("./lazy-require");
 var safeAsync = require("./safe-async");
 var { defineClass } = require("./framework-error");
 
-var lazyAudit = lazyRequire(function () { return require("./audit"); });
+var audit = lazyRequire(function () { return require("./audit"); });
 
 var REDACT_MASK = "[REDACTED]";
 
@@ -349,7 +349,7 @@ function loadDbBacked(opts) {
     try { rows = await opts.fetchRows(); }
     catch (e) {
       try {
-        lazyAudit().safeEmit({
+        audit().safeEmit({
           action: "config.reload.failed", outcome: "failure",
           metadata: { phase: "fetch", reason: e && e.message },
         });
@@ -367,7 +367,7 @@ function loadDbBacked(opts) {
           value = await transformValue(row);
         } catch (e) {
           try {
-            lazyAudit().safeEmit({
+            audit().safeEmit({
               action: "config.reload.failed", outcome: "failure",
               metadata: { phase: "transform", key: row.key, reason: e && e.message },
             });
@@ -376,7 +376,7 @@ function loadDbBacked(opts) {
         }
         if (typeof value !== "string") {
           try {
-            lazyAudit().safeEmit({
+            audit().safeEmit({
               action: "config.reload.failed", outcome: "failure",
               metadata: { phase: "transform", key: row.key, reason: "transformValue did not return a string" },
             });
@@ -390,7 +390,7 @@ function loadDbBacked(opts) {
     // applied its newer fetch — my overlay would clobber fresher data.
     if (mySeq <= ticksAppliedMax) {
       try {
-        lazyAudit().safeEmit({
+        audit().safeEmit({
           action: "config.reload.skipped", outcome: "success",
           metadata: { phase: "stale-tick", mySeq: mySeq, appliedMax: ticksAppliedMax },
         });
@@ -408,7 +408,7 @@ function loadDbBacked(opts) {
     }
     catch (e) {
       try {
-        lazyAudit().safeEmit({
+        audit().safeEmit({
           action: "config.reload.failed", outcome: "failure",
           metadata: { phase: "validate", reason: e && e.message },
         });

package/lib/content-credentials.js

@@ -28,7 +28,7 @@
  *   C2PA 2.1 content provenance — sign assets with a manifest declaring origin, edits, AI involvement.
  */
 
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var canonicalJson = require("./canonical-json");
 var validateOpts = require("./validate-opts");
 var audit = require("./audit");
@@ -234,7 +234,7 @@ function sign(manifest, opts) {
   validateOpts.requireNonEmptyString(opts.privateKeyPem,
     "contentCredentials.sign: privateKeyPem", ContentCredentialsError, "BAD_KEY");
   var canonical = canonicalJson.stringify(manifest);
-  var signature = crypto.sign(Buffer.from(canonical, "utf8"), opts.privateKeyPem);
+  var signature = bCrypto.sign(Buffer.from(canonical, "utf8"), opts.privateKeyPem);
   var auditOn = opts.audit !== false;
   if (auditOn) {
     audit.safeEmit({
@@ -299,7 +299,7 @@ function verify(envelope, publicKeyPem, opts) {
   catch (_e) {
     return { valid: false, claims: null, reason: "signature-base64-bad" };
   }
-  var ok = crypto.verify(Buffer.from(canonical, "utf8"), sigBuf, publicKeyPem);
+  var ok = bCrypto.verify(Buffer.from(canonical, "utf8"), sigBuf, publicKeyPem);
   if (!ok) {
     return { valid: false, claims: null, reason: "signature-mismatch" };
   }
@@ -519,7 +519,7 @@ function signCose(manifest, opts) {
   var toBeSigned = Buffer.concat(sigStructureBufs);
 
   // Sign with framework's b.crypto.sign — algorithm picked from the PEM.
-  var signature = crypto.sign(toBeSigned, opts.privateKeyPem);
+  var signature = bCrypto.sign(toBeSigned, opts.privateKeyPem);
 
   // COSE_Sign1 = tagged-18 array [protected, unprotected, payload, signature]
   var coseSign1 = Buffer.concat([

package/lib/credential-hash.js

@@ -41,7 +41,7 @@
  *   Derive a deterministic, verifiable hash for credential lookup (API-key secret, shared bearer token, webhook signing key) without storing the credential itself.
  */
 
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var C = require("./constants");
 var lazyRequire = require("./lazy-require");
 var { FrameworkError } = require("./framework-error");
@@ -73,13 +73,13 @@ function _shake256(secret, length) {
   // crypto.kdf wraps SHAKE256 with arbitrary output length. That's the
   // exact primitive we need — the framework's KDF and credential-hash
   // share one underlying XOF.
-  return crypto.kdf(secret, length);
+  return bCrypto.kdf(secret, length);
 }
 
 
 // auth/password is required lazily because it imports the (large)
 // argon2 vendor; loading it for SHA3-only callers is wasted work.
-var passwordPrimitive = lazyRequire(function () { return require("./auth/password"); });
+var passwordModule = lazyRequire(function () { return require("./auth/password"); });
 
 class CredentialHashError extends FrameworkError {
   constructor(message, code) {
@@ -219,7 +219,7 @@ async function hash(secret, opts) {
   }
   if (algoId === C.CRED_HASH_IDS.ARGON2ID) {
     var plain = Buffer.isBuffer(secret) ? secret.toString("utf8") : secret;
-    var phc = await passwordPrimitive().hash(plain, opts && opts.params);
+    var phc = await passwordModule().hash(plain, opts && opts.params);
     var argonEnv = _envelope(algoId, Buffer.from(phc, "utf8"));
     _emitEvent("credentialHash.hash", 1, { algo: algoName });
     return argonEnv;
@@ -291,7 +291,7 @@ async function verify(secret, envelope) {
       return false;
     }
     var expected = _shake256(secret, decoded.payload.length);
-    var ok = crypto.timingSafeEqual(expected, decoded.payload);
+    var ok = bCrypto.timingSafeEqual(expected, decoded.payload);
     _emitEvent("credentialHash.verify", 1,
       { outcome: ok ? "success" : "failure", algo: algoName });
     return ok;
@@ -300,7 +300,7 @@ async function verify(secret, envelope) {
     var phc = decoded.payload.toString("utf8");
     var plain = Buffer.isBuffer(secret) ? secret.toString("utf8") : secret;
     var argOk = false;
-    try { argOk = await passwordPrimitive().verify(phc, plain); }
+    try { argOk = await passwordModule().verify(phc, plain); }
     catch (_e) { argOk = false; }
     _emitEvent("credentialHash.verify", 1,
       { outcome: argOk ? "success" : "failure", algo: algoName });
@@ -377,7 +377,7 @@ function needsRehash(envelope, opts) {
     // Defer the parameter-lag check to the password primitive's
     // own needsRehash so the threshold stays in one place.
     var phc = decoded.payload.toString("utf8");
-    try { return passwordPrimitive().needsRehash(phc, opts && opts.params); }
+    try { return passwordModule().needsRehash(phc, opts && opts.params); }
     catch (_e) { return true; }
   }
   return false;

package/lib/crypto-field.js

@@ -47,9 +47,9 @@ var vault = require("./vault");
 var { sha3Hash, kdf } = require("./crypto");
 var { HASH_PREFIX, VAULT_PREFIX, TIME } = require("./constants");
 
-var complianceMod = lazyRequire(function () { return require("./compliance"); });
-var dbMod         = lazyRequire(function () { return require("./db"); });
-var auditMod      = lazyRequire(function () { return require("./audit"); });
+var compliance    = lazyRequire(function () { return require("./compliance"); });
+var db            = lazyRequire(function () { return require("./db"); });
+var audit         = lazyRequire(function () { return require("./audit"); });
 
 // F-POSTURE-1 cascade hook + F-RTBF-2 integration. Recording the
 // posture lets eraseRow call b.db.vacuumAfterErase({ mode: "full" })
@@ -88,7 +88,7 @@ function applyPosture(posture) {
   _activePosture = posture;
   var requireVacuum = false;
   try {
-    requireVacuum = complianceMod().postureDefault(posture, "requireVacuumAfterErase") === true;
+    requireVacuum = compliance().postureDefault(posture, "requireVacuumAfterErase") === true;
   } catch (_e) { /* compliance not loaded — record posture only */ }
   return { posture: posture, requireVacuumAfterErase: requireVacuum };
 }
@@ -495,14 +495,14 @@ function eraseRow(table, row) {
   if (_activePosture) {
     var requireVacuum = false;
     try {
-      requireVacuum = complianceMod().postureDefault(
+      requireVacuum = compliance().postureDefault(
         _activePosture, "requireVacuumAfterErase") === true;
     } catch (_e) { /* compliance lookup best-effort */ }
     if (requireVacuum) {
       try {
-        var db = dbMod();
-        if (db && typeof db.vacuumAfterErase === "function") {
-          db.vacuumAfterErase({ mode: "full" });
+        var dbInst = db();
+        if (dbInst && typeof dbInst.vacuumAfterErase === "function") {
+          dbInst.vacuumAfterErase({ mode: "full" });
         }
       } catch (_vacErr) {
         // VACUUM is best-effort at the eraseRow seam — DB might not be
@@ -510,7 +510,7 @@ function eraseRow(table, row) {
         // captures the skip; operators on regulated postures wire the
         // sweep through b.retention which gates erasure on db.init().
         try {
-          auditMod().safeEmit({
+          audit().safeEmit({
             action:  "cryptofield.vacuum.skipped",
             outcome: "failure",
             metadata: {

package/lib/daemon.js

@@ -37,9 +37,9 @@
  *   Long-running process orchestration — supervisor wiring around `b.appShutdown`, foreground signal handling, detached-fork spawn via `b.processSpawn`, PID-file health probes, and a SIGTERM-then-SIGKILL restart policy on stop.
  */
 
-var fs = require("fs");
-var path = require("path");
-var nb = require("./numeric-bounds");
+var nodeFs = require("fs");
+var nodePath = require("path");
+var numericBounds = require("./numeric-bounds");
 var appShutdown = require("./app-shutdown");
 var processSpawn = require("./process-spawn");
 var lazyRequire = require("./lazy-require");
@@ -80,7 +80,7 @@ function _isLivePid(pid) {
 
 function _readPidFile(pidFile) {
   try {
-    var raw = fs.readFileSync(pidFile, "utf8");
+    var raw = nodeFs.readFileSync(pidFile, "utf8");
     var pid = parseInt(String(raw).trim(), 10);
     return isFinite(pid) && pid > 0 ? pid : null;
   } catch (_e) { return null; }
@@ -118,9 +118,9 @@ function _validateStopOpts(opts) {
     "daemon.stop: opts.pidFile", DaemonError, "daemon/bad-pid-file");
   validateOpts.optionalNonEmptyString(opts.signal,
     "daemon.stop: opts.signal", DaemonError, "daemon/bad-signal");
-  nb.requirePositiveFiniteIntIfPresent(opts.timeoutMs,
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.timeoutMs,
     "daemon.stop: opts.timeoutMs", DaemonError, "daemon/bad-timeout");
-  nb.requirePositiveFiniteIntIfPresent(opts.pollMs,
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.pollMs,
     "daemon.stop: opts.pollMs", DaemonError, "daemon/bad-poll");
 }
 
@@ -133,7 +133,7 @@ function _maybeReapStale(pidFile) {
   }
   if (existing === process.pid) return false;
   // Stale: PID is gone (or signal-0 returned ESRCH). Reap + audit.
-  try { fs.unlinkSync(pidFile); } catch (_e) { /* race: another reaper */ }
+  try { nodeFs.unlinkSync(pidFile); } catch (_e) { /* race: another reaper */ }
   _safeAuditEmit("daemon.stale_pid_cleaned", "success", {
     pidFile:  pidFile,
     stalePid: existing,
@@ -146,13 +146,13 @@ function _maybeReapStale(pidFile) {
 // redirect of the current process' stdout/stderr.
 function _openLogFd(logFile) {
   if (typeof logFile !== "string" || logFile.length === 0) return null;
-  atomicFile.ensureDir(path.dirname(logFile));
-  var fd = fs.openSync(logFile, "a", DEFAULT_LOG_FILE_MODE);
+  atomicFile.ensureDir(nodePath.dirname(logFile));
+  var fd = nodeFs.openSync(logFile, "a", DEFAULT_LOG_FILE_MODE);
   return fd;
 }
 
 // Redirect the current process's stdout/stderr file descriptors at the
-// given fd. Implemented via fs.writeSync streams: Node doesn't expose a
+// given fd. Implemented via nodeFs.writeSync streams: Node doesn't expose a
 // portable dup2, so we replace process.stdout.write / process.stderr.write
 // with a writer that pushes to the log fd. This is the standard
 // pattern for foreground daemons that don't want to lose output when
@@ -163,7 +163,7 @@ function _redirectStdio(fd) {
     var enc = typeof encOrCb === "string" ? encOrCb : "utf8";
     var cb  = typeof encOrCb === "function" ? encOrCb : maybeCb;
     var buf = Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk), enc);
-    try { fs.writeSync(fd, buf); }
+    try { nodeFs.writeSync(fd, buf); }
     catch (_e) { /* log fd closed underneath us — drop */ }
     if (typeof cb === "function") cb();
     return true;
@@ -246,21 +246,21 @@ function start(opts) {
         cwd:      typeof opts.cwd === "string" ? opts.cwd : undefined,
       });
     } catch (e) {
-      try { if (typeof logFd === "number") fs.closeSync(logFd); }
+      try { if (typeof logFd === "number") nodeFs.closeSync(logFd); }
       catch (_c) { /* best-effort */ }
       throw new DaemonError("daemon/spawn-failed",
         "daemon.start: spawn failed: " + ((e && e.message) || String(e)));
     }
     // Write the child's PID via atomic temp+rename so a concurrent
     // observer never sees a half-written pidFile.
-    atomicFile.ensureDir(path.dirname(pidFile));
+    atomicFile.ensureDir(nodePath.dirname(pidFile));
     var pidStr = String(child.pid) + "\n";
     atomicFile.writeSync(pidFile, pidStr, { fileMode: 0o600 });
     // Detach so the child survives parent exit.
     try { child.unref(); } catch (_u) { /* best-effort */ }
     if (typeof logFd === "number") {
       // Parent doesn't need its handle to the log; child inherited it.
-      try { fs.closeSync(logFd); } catch (_c) { /* best-effort */ }
+      try { nodeFs.closeSync(logFd); } catch (_c) { /* best-effort */ }
     }
     _safeAuditEmit("daemon.started", "success", {
       pidFile:     pidFile,
@@ -307,7 +307,7 @@ function start(opts) {
         run:  function () {
           try { lock.release(); } catch (_e) { /* best-effort */ }
           if (logFdForeground !== null) {
-            try { fs.closeSync(logFdForeground); } catch (_c) { /* best-effort */ }
+            try { nodeFs.closeSync(logFdForeground); } catch (_c) { /* best-effort */ }
           }
         },
         timeoutMs: C.TIME.seconds(2),
@@ -381,7 +381,7 @@ async function stop(opts) {
   }
   if (!_isLivePid(pid)) {
     // Stale — clean up and report.
-    try { fs.unlinkSync(pidFile); } catch (_e) { /* best-effort */ }
+    try { nodeFs.unlinkSync(pidFile); } catch (_e) { /* best-effort */ }
     _safeAuditEmit("daemon.stale_pid_cleaned", "success", { pidFile: pidFile, stalePid: pid });
     return { stopped: false, pid: pid, reason: "stale" };
   }
@@ -392,7 +392,7 @@ async function stop(opts) {
   catch (e) {
     if (e && e.code === "ESRCH") {
       // Died between read and kill — cleanup + report.
-      try { fs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
+      try { nodeFs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
       _safeAuditEmit("daemon.stopped", "success", {
         pidFile: pidFile, signal: signal, waitMs: Date.now() - t0, escalated: false,
       });
@@ -405,7 +405,7 @@ async function stop(opts) {
   var deadline = t0 + timeoutMs;
   while (Date.now() < deadline) {
     if (!_isLivePid(pid)) {
-      try { fs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
+      try { nodeFs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
       _safeAuditEmit("daemon.stopped", "success", {
         pidFile: pidFile, signal: signal, waitMs: Date.now() - t0, escalated: false,
       });
@@ -428,7 +428,7 @@ async function stop(opts) {
     if (!_isLivePid(pid)) break;
     await safeAsync.sleep(pollMs, { signal: opts.abortSignal });
   }
-  try { fs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
+  try { nodeFs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
   _safeAuditEmit("daemon.stopped", "success", {
     pidFile: pidFile, signal: "SIGKILL", waitMs: Date.now() - t0, escalated: true,
   });

package/lib/db-file-lifecycle.js

@@ -57,9 +57,9 @@
  *   bun:sqlite).
  */
 
-var fs   = require("fs");
+var nodeFs   = require("fs");
 var os   = require("os");
-var path = require("path");
+var nodePath = require("path");
 var atomicFile = require("./atomic-file");
 var C = require("./constants");
 var { generateBytes, generateToken, encryptPacked, decryptPacked } = require("./crypto");
@@ -92,7 +92,7 @@ function _resolveTmpDir(operatorTmpDir, allowDiskFallback) {
   // Linux: /dev/shm is the standard tmpfs mount.
   if (process.platform === "linux") {
     try {
-      var st = fs.statSync("/dev/shm");
+      var st = nodeFs.statSync("/dev/shm");
       if (st && st.isDirectory()) return "/dev/shm";
     } catch (_e) { /* fall through */ }
   }
@@ -115,8 +115,8 @@ function _resolveTmpDir(operatorTmpDir, allowDiskFallback) {
  * Returns an encrypted-DB-file lifecycle handle. Methods:
  *
  *   - `decryptToTmp()` — decrypt the encrypted DB file to a fresh
- *     tmpfs path and return the path. Idempotent: subsequent calls
- *     return the existing path.
+ *     tmpfs path and return the nodePath. Idempotent: subsequent calls
+ *     return the existing nodePath.
  *   - `dbPath` — the resolved plaintext-tmpfs path (set after
  *     `decryptToTmp()` runs).
  *   - `startFlushTimer(db, opts?)` — start a periodic flush timer
@@ -164,15 +164,15 @@ function fileLifecycle(opts) {
   var label = opts.label || "default";
   var encName = opts.encryptedDbName || "db.enc";
   var encPath = opts.encryptedDbPath
-    ? path.resolve(opts.encryptedDbPath)
-    : path.join(opts.dataDir, encName);
+    ? nodePath.resolve(opts.encryptedDbPath)
+    : nodePath.join(opts.dataDir, encName);
   var keyPath = opts.dbKeyPath
-    ? path.resolve(opts.dbKeyPath)
-    : path.join(opts.dataDir, "db.key.enc");
+    ? nodePath.resolve(opts.dbKeyPath)
+    : nodePath.join(opts.dataDir, "db.key.enc");
   var flushIntervalMs = opts.flushIntervalMs || DEFAULT_FLUSH_INTERVAL_MS;
   var tmpDir = _resolveTmpDir(opts.tmpDir, opts.allowDiskFallback === true);
-  if (!fs.existsSync(tmpDir)) fs.mkdirSync(tmpDir, { recursive: true });
-  if (!fs.existsSync(opts.dataDir)) fs.mkdirSync(opts.dataDir, { recursive: true });
+  if (!nodeFs.existsSync(tmpDir)) nodeFs.mkdirSync(tmpDir, { recursive: true });
+  if (!nodeFs.existsSync(opts.dataDir)) nodeFs.mkdirSync(opts.dataDir, { recursive: true });
 
   var dbPath = null;
   var encKey = null;
@@ -181,8 +181,8 @@ function fileLifecycle(opts) {
 
   function _loadOrGenerateKey() {
     if (encKey) return encKey;
-    if (fs.existsSync(keyPath)) {
-      var sealedKey = fs.readFileSync(keyPath, "utf8");
+    if (nodeFs.existsSync(keyPath)) {
+      var sealedKey = nodeFs.readFileSync(keyPath, "utf8");
       var keyB64;
       try { keyB64 = opts.vault.unseal(sealedKey); }
       catch (e) {
@@ -208,10 +208,10 @@ function fileLifecycle(opts) {
   function decryptToTmp() {
     if (decrypted) return dbPath;
     _loadOrGenerateKey();
-    dbPath = path.join(tmpDir, "blamejs-fl-" + label + "-" +
+    dbPath = nodePath.join(tmpDir, "blamejs-fl-" + label + "-" +
       generateToken(TMP_NAME_BYTES) + ".db");
-    if (fs.existsSync(encPath)) {
-      var packed = fs.readFileSync(encPath);
+    if (nodeFs.existsSync(encPath)) {
+      var packed = nodeFs.readFileSync(encPath);
       if (packed.length < 26) {                                                                  // allow:raw-byte-literal — minimum envelope length
         throw new DbFileLifecycleError("db-file-lifecycle/short-envelope",
           "fileLifecycle: " + encPath + " too short to be a valid envelope (" + packed.length + " bytes)");
@@ -231,7 +231,7 @@ function fileLifecycle(opts) {
       label:    label,
       encPath:  encPath,
       dbPath:   dbPath,
-      isEmpty:  !fs.existsSync(encPath),
+      isEmpty:  !nodeFs.existsSync(encPath),
     });
     _emitMetric("decrypted");
     return dbPath;
@@ -246,8 +246,8 @@ function fileLifecycle(opts) {
       try { db.prepare("PRAGMA wal_checkpoint(TRUNCATE)").run(); }
       catch (_e) { /* best-effort — operators on read-only handles or pre-init still flush */ }
     }
-    if (!fs.existsSync(dbPath)) return null;
-    var plain = fs.readFileSync(dbPath);
+    if (!nodeFs.existsSync(dbPath)) return null;
+    var plain = nodeFs.readFileSync(dbPath);
     var packed = encryptPacked(plain, encKey, _aad(opts.dataDir, label));
     atomicFile.writeSync(encPath, packed);
     _emitAudit("flushed", "success", { label: label, bytes: plain.length });
@@ -264,11 +264,11 @@ function fileLifecycle(opts) {
       try { db.prepare("PRAGMA wal_checkpoint(TRUNCATE)").run(); }
       catch (_e) { /* best-effort */ }
     }
-    if (!fs.existsSync(dbPath)) {
+    if (!nodeFs.existsSync(dbPath)) {
       throw new DbFileLifecycleError("db-file-lifecycle/no-source",
         "fileLifecycle.snapshot: " + dbPath + " is missing");
     }
-    var plain = fs.readFileSync(dbPath);
+    var plain = nodeFs.readFileSync(dbPath);
     return encryptPacked(plain, encKey, _aad(opts.dataDir, label));
   }
 
@@ -308,9 +308,9 @@ function fileLifecycle(opts) {
       try { db.close(); } catch (_e) { /* best-effort */ }
     }
     if (fopts.removePlaintext === true && dbPath) {
-      try { fs.unlinkSync(dbPath); } catch (_e) { /* best-effort */ }
-      try { fs.unlinkSync(dbPath + "-wal"); } catch (_e) { /* best-effort */ }
-      try { fs.unlinkSync(dbPath + "-shm"); } catch (_e) { /* best-effort */ }
+      try { nodeFs.unlinkSync(dbPath); } catch (_e) { /* best-effort */ }
+      try { nodeFs.unlinkSync(dbPath + "-wal"); } catch (_e) { /* best-effort */ }
+      try { nodeFs.unlinkSync(dbPath + "-shm"); } catch (_e) { /* best-effort */ }
     }
     _emitAudit("shutdown", "success", { label: label });
   }

package/lib/db-schema.js

@@ -36,7 +36,7 @@
  *                             surfaces a rollback throw without
  *                             swallowing the original error.
  */
-var path = require("path");
+var nodePath = require("path");
 var atomicFile = require("./atomic-file");
 var safeSql = require("./safe-sql");
 
@@ -280,7 +280,7 @@ function runMigrations(database, migrationDir) {
       skipped.push(file);
       continue;
     }
-    var fullPath = path.join(migrationDir, file);
+    var fullPath = nodePath.join(migrationDir, file);
     var mig;
     try {
       // Operator-supplied migration file — by definition not statically