@blamejs/core 0.9.14 → 0.9.16

package/lib/local-db-thin.js

@@ -53,8 +53,8 @@
  *   localdb.thin.closed     { file }
  */
 
-var fs   = require("fs");
-var path = require("path");
+var nodeFs   = require("fs");
+var nodePath = require("path");
 var lazyRequire = require("./lazy-require");
 var validateOpts = require("./validate-opts");
 var safeSql = require("./safe-sql");
@@ -77,7 +77,7 @@ var NUL_BYTE = String.fromCharCode(0);
 function _validateOpts(opts) {
   validateOpts.requireObject(opts, "localDb.thin", LocalDbThinError, "localdb-thin/bad-opts");
   validateOpts.requireNonEmptyString(opts.file, "file", LocalDbThinError, "localdb-thin/bad-file");
-  // `file` is operator-supplied (daemon's chosen storage path), not
+  // `file` is operator-supplied (daemon's chosen storage nodePath), not
   // request-driven input. Reject NUL bytes defensively — Node's path
   // routines silently truncate at the first NUL, which would let a
   // typo open a different file than the operator intended.
@@ -144,7 +144,7 @@ function thin(opts) {
   _validateOpts(opts);
 
   var auditOn  = opts.audit !== false;
-  // opts.file is operator-config (daemon-author chosen storage path),
+  // opts.file is operator-config (daemon-author chosen storage nodePath),
   // not request-driven input. Validation above already rejected non-
   // strings and NUL bytes. The operator picks the file location; the
   // wrapper opens it as-is.
@@ -168,7 +168,7 @@ function thin(opts) {
 
   // Ensure parent directory exists — operators commonly point this at
   // an OS app-data path that may not exist on first daemon launch.
-  try { fs.mkdirSync(path.dirname(file), { recursive: true }); } catch (_e) { /* best-effort */ }
+  try { nodeFs.mkdirSync(nodePath.dirname(file), { recursive: true }); } catch (_e) { /* best-effort */ }
 
   var database = null;
   var renamedTo = null;
@@ -203,13 +203,13 @@ function thin(opts) {
       var lastRenameErr = null;
       for (var attempt = 0; attempt < 20 && !renamed; attempt += 1) {
         try {
-          if (fs.existsSync(file)) fs.renameSync(file, renamedTo);
+          if (nodeFs.existsSync(file)) nodeFs.renameSync(file, renamedTo);
           renamed = true;
         } catch (re) {
           lastRenameErr = re;
           if (re && (re.code === "EBUSY" || re.code === "EPERM")) {
             // Synchronous spin — don't reach for setTimeout in a
-            // boot-time path. 100ms × 20 = 2s upper bound.
+            // boot-time nodePath. 100ms × 20 = 2s upper bound.
             var until = Date.now() + 100;
             while (Date.now() < until) { /* spin */ }
             continue;
@@ -227,8 +227,8 @@ function thin(opts) {
       // re-attach a half-open journal.
       ["-wal", "-shm"].forEach(function (suffix) {
         var sibling = file + suffix;
-        if (fs.existsSync(sibling)) {
-          try { fs.renameSync(sibling, sibling + ".corrupt-" + stamp); }
+        if (nodeFs.existsSync(sibling)) {
+          try { nodeFs.renameSync(sibling, sibling + ".corrupt-" + stamp); }
           catch (_se) { /* best-effort */ }
         }
       });

package/lib/log-stream-local.js

@@ -23,8 +23,8 @@
  *     fileNamePrefix:     'blamejs'
  *   }
  */
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var zlib = require("zlib");
 var atomicFile = require("./atomic-file");
 var C = require("./constants");
@@ -48,19 +48,19 @@ var _err = LogStreamError.factory;
 function create(config) {
   if (!config || !config.dir) throw new Error("log-stream local requires { dir }");
   var cfg = Object.assign({}, DEFAULTS, config);
-  var dir = path.resolve(cfg.dir);
-  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+  var dir = nodePath.resolve(cfg.dir);
+  if (!nodeFs.existsSync(dir)) nodeFs.mkdirSync(dir, { recursive: true, mode: 0o700 });
 
-  var activePath = path.join(dir, cfg.fileNamePrefix + ".log");
+  var activePath = nodePath.join(dir, cfg.fileNamePrefix + ".log");
   var fd = null;
   var openedAt = 0;
   var bytesWritten = 0;
 
   function _open() {
-    fd = fs.openSync(activePath, "a", cfg.fileMode);
+    fd = nodeFs.openSync(activePath, "a", cfg.fileMode);
     openedAt = Date.now();
     try {
-      var stat = fs.fstatSync(fd);
+      var stat = nodeFs.fstatSync(fd);
       bytesWritten = stat.size;
     } catch (_e) {
       bytesWritten = 0;
@@ -77,20 +77,20 @@ function create(config) {
   function _rotate() {
     try {
       if (fd != null) {
-        try { fs.closeSync(fd); }
+        try { nodeFs.closeSync(fd); }
         catch (e) { log.warn("rotate-close-failed: " + e.message); }
         fd = null;
       }
       // Build rotated filename: blamejs-YYYYMMDDTHHMMSSZ.log
       var stamp = time.toIso8601NoMs(new Date()).replace(/[-:]/g, "");
-      var rotated = path.join(dir, cfg.fileNamePrefix + "-" + stamp + ".log");
-      if (fs.existsSync(activePath)) {
-        fs.renameSync(activePath, rotated);
+      var rotated = nodePath.join(dir, cfg.fileNamePrefix + "-" + stamp + ".log");
+      if (nodeFs.existsSync(activePath)) {
+        nodeFs.renameSync(activePath, rotated);
         if (cfg.compressRotations) {
-          var data = fs.readFileSync(rotated);
+          var data = nodeFs.readFileSync(rotated);
           var gz = zlib.gzipSync(data);
           atomicFile.writeSync(rotated + ".gz", gz, { fileMode: cfg.fileMode });
-          fs.unlinkSync(rotated);
+          nodeFs.unlinkSync(rotated);
         }
       }
       _pruneOld();
@@ -109,7 +109,7 @@ function create(config) {
       includeStat: true,
     }).sort(function (a, b) { return b.mtimeMs - a.mtimeMs; });   // newest first
     for (var i = cfg.keepRotations; i < entries.length; i++) {
-      try { fs.unlinkSync(entries[i].fullPath); } catch (_e) { /* best effort */ }
+      try { nodeFs.unlinkSync(entries[i].fullPath); } catch (_e) { /* best effort */ }
     }
   }
 
@@ -117,15 +117,15 @@ function create(config) {
     if (_shouldRotate()) _rotate();
     var line = JSON.stringify(record) + "\n";
     var buf = Buffer.from(line, "utf8");
-    fs.writeSync(fd, buf, 0, buf.length, null);
+    nodeFs.writeSync(fd, buf, 0, buf.length, null);
     bytesWritten += buf.length;
     return Promise.resolve({ bytes: buf.length });
   }
 
   function close() {
     if (fd != null) {
-      try { fs.fsyncSync(fd); } catch (_e) { /* best effort */ }
-      try { fs.closeSync(fd); }
+      try { nodeFs.fsyncSync(fd); } catch (_e) { /* best effort */ }
+      try { nodeFs.closeSync(fd); }
       catch (e) { log.warn("close-failed: " + e.message); }
       fd = null;
     }

package/lib/log-stream-syslog.js

@@ -30,7 +30,7 @@
 var dgram = require("dgram");
 var net   = require("net");
 var os    = require("os");
-var tls   = require("tls");
+var nodeTls   = require("tls");
 var C = require("./constants");
 var { boot } = require("./log");
 var safeAsync = require("./safe-async");
@@ -223,7 +223,7 @@ function create(config) {
       });
       if (cfg.ca) tlsOpts.ca = cfg.ca;
       if (cfg.servername) tlsOpts.servername = cfg.servername;
-      sock = tls.connect(tlsOpts, onConnect);
+      sock = nodeTls.connect(tlsOpts, onConnect);
     } else {
       sock = net.connect(connectOpts, onConnect);
     }

package/lib/log-stream.js

@@ -55,7 +55,7 @@ var otlpGrpcProto   = require("./log-stream-otlp-grpc");
 var cloudwatchProto = require("./log-stream-cloudwatch");
 var syslogProto     = require("./log-stream-syslog");
 var { boot }        = require("./log");
-var redactor        = require("./redact");
+var redact          = require("./redact");
 var lazyRequire     = require("./lazy-require");
 var protocolDispatcher = require("./protocol-dispatcher");
 var { LogStreamError } = require("./framework-error");
@@ -215,7 +215,7 @@ function emit(level, message, meta) {
     message: message == null ? null : String(message),
   };
   if (meta) {
-    record.meta = redactor.redact(meta);
+    record.meta = redact.redact(meta);
   }
 
   // Fire-and-forget to all sinks. Sink errors don't bubble — they're
@@ -367,7 +367,7 @@ function onIncoming(handler) {
  */
 async function deliverIncoming(payload, opts) {
   opts = opts || {};
-  var redacted = redactor.redact(payload);
+  var redacted = redact.redact(payload);
   // Audit-log the inbound command BEFORE invoking handlers — even handler
   // exceptions don't lose the receipt.
   audit().safeEmit({

package/lib/log.js

@@ -72,7 +72,7 @@ var { FrameworkError } = require("./framework-error");
 //     pulling the whole crypto bundle into the framework's earliest
 //     boot path (request-id middleware needs only generateToken).
 var safeEnv = lazyRequire(function () { return require("./parsers/safe-env"); });
-var crypto  = lazyRequire(function () { return require("./crypto"); });
+var bCrypto = lazyRequire(function () { return require("./crypto"); });
 
 // Request-id correlation token — 8 bytes hex-encoded (16 chars). Short
 // enough to read in a log line, long enough to keep collisions far below
@@ -384,7 +384,7 @@ function create(opts) {
           // 16 random hex chars — short, sufficient correlation entropy.
           // Routes through the framework token primitive so the entropy
           // source matches the rest of the codebase.
-          return crypto().generateToken(REQUEST_ID_BYTES);
+          return bCrypto().generateToken(REQUEST_ID_BYTES);
         };
       return function logRequestIdMiddleware(req, res, next) {
         var inbound = req.headers && req.headers[headerName];

package/lib/mail-bounce.js

@@ -39,7 +39,7 @@
  *   Inbound mail bounce-handler — parse the vendor's webhook DSN / complaint / delivery payload, normalize it into one event shape, classify hard vs soft bounces, and feed an operator-supplied suppression-list hook.
  */
 
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var lazyRequire = require("./lazy-require");
 var mimeParse = require("./mime-parse");
 var numericBounds = require("./numeric-bounds");
@@ -817,7 +817,7 @@ function _foldFieldValue(name, value) {
 }
 
 function _generateBoundary() {
-  return "blamejs-dsn-" + crypto.generateToken(C.BYTES.bytes(12));
+  return "blamejs-dsn-" + bCrypto.generateToken(C.BYTES.bytes(12));
 }
 
 function _buildDsn(opts) {

package/lib/mail-mdn.js

@@ -28,7 +28,7 @@
  *   RFC 3798 / RFC 8098 Message Disposition Notification builder + parser — generate "message read" return-receipts and parse inbound MDNs into a normalized event shape. Auto-generation refuses without explicit operator opt-in to prevent accidental privacy leaks.
  */
 
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var lazyRequire = require("./lazy-require");
 var mimeParse = require("./mime-parse");
 var audit = lazyRequire(function () { return require("./audit"); });
@@ -99,7 +99,7 @@ function _parseDisposition(value) {
 }
 
 function _generateBoundary() {
-  return "blamejs-mdn-" + crypto.generateToken(C.BYTES.bytes(12));
+  return "blamejs-mdn-" + bCrypto.generateToken(C.BYTES.bytes(12));
 }
 
 /**

package/lib/mail-srs.js

@@ -43,7 +43,7 @@
  */
 
 var nodeCrypto    = require("node:crypto");
-var blamejsCrypto = require("./crypto");
+var bCrypto = require("./crypto");
 var validateOpts  = require("./validate-opts");
 var { defineClass } = require("./framework-error");
 
@@ -239,7 +239,7 @@ function create(opts) {
 
 function _timingSafeStringEqual(a, b) {
   if (typeof a !== "string" || typeof b !== "string") return false;
-  return blamejsCrypto.timingSafeEqual(Buffer.from(a, "utf8"), Buffer.from(b, "utf8"));
+  return bCrypto.timingSafeEqual(Buffer.from(a, "utf8"), Buffer.from(b, "utf8"));
 }
 
 module.exports = {

package/lib/mail.js

@@ -56,7 +56,7 @@
  *   SMTP / HTTP-API email send with multipart RFC 5322 message composition, DKIM signing on the way out, and full inbound mail- authentication parsing on the way in.
  */
 var C = require("./constants");
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var lazyRequire = require("./lazy-require");
 var safeBuffer = require("./safe-buffer");
 var audit = lazyRequire(function () { return require("./audit"); });
@@ -64,7 +64,7 @@ var httpClient = lazyRequire(function () { return require("./http-client"); });
 var guardEmail = lazyRequire(function () { return require("./guard-email"); });
 var guardFilename = lazyRequire(function () { return require("./guard-filename"); });
 var fileType = lazyRequire(function () { return require("./file-type"); });
-var mailDkim = require("./mail-dkim");
+var dkim = require("./mail-dkim");
 var mailAuth = require("./mail-auth");
 var mailBimi = require("./mail-bimi");
 var mailUnsubscribe = require("./mail-unsubscribe");
@@ -72,7 +72,7 @@ var net = lazyRequire(function () { return require("net"); });
 var networkDns = lazyRequire(function () { return require("./network-dns"); });
 var nodeUrl = require("url");
 var numericBounds = require("./numeric-bounds");
-var tls = lazyRequire(function () { return require("tls"); });
+var nodeTls = lazyRequire(function () { return require("tls"); });
 var safeJson = require("./safe-json");
 var safeSchema = require("./safe-schema");
 var validateOpts = require("./validate-opts");
@@ -634,7 +634,7 @@ function _newBoundary(label) {
   // convention. RFC 5322 only requires uniqueness within a message,
   // but consistency with how every other identifier in lib/ is built
   // wins over premature differentiation.
-  return "blamejs-" + label + "-" + Date.now() + "-" + crypto.generateToken(C.BYTES.bytes(8));
+  return "blamejs-" + label + "-" + Date.now() + "-" + bCrypto.generateToken(C.BYTES.bytes(8));
 }
 
 // base64-encode the buffer with line wrapping at 76 chars (RFC 2045
@@ -1142,7 +1142,7 @@ function _smtpSend(message, cfg) {
         tlsConnectOpts.host = cfg.host;
         tlsConnectOpts.port = cfg.port;
         if (family === 4 || family === 6) tlsConnectOpts.family = family;
-        attachSocket(tls().connect(tlsConnectOpts));
+        attachSocket(nodeTls().connect(tlsConnectOpts));
       } else {
         var netOpts = { host: cfg.host, port: cfg.port };
         if (family === 4 || family === 6) netOpts.family = family;
@@ -1211,7 +1211,7 @@ function _smtpSend(message, cfg) {
         if (code !== 220) { fail("starttls-rejected (code " + code + ")"); return; }
         var tlsConnectOpts = Object.assign({ socket: socket }, cfg.tlsOpts);
         if (cfg.servername) tlsConnectOpts.servername = cfg.servername;
-        var tlsSocket = tls().connect(tlsConnectOpts, function () {
+        var tlsSocket = nodeTls().connect(tlsConnectOpts, function () {
           upgradedToTLS = true;
           try { socket.removeAllListeners("data"); } catch (_e) { /* listeners migrate to upgraded socket */ }
           attachSocket(tlsSocket);
@@ -1841,7 +1841,7 @@ module.exports = {
   // DKIM-Signature header generation for outbound mail (rsa-sha256
   // default, ed25519-sha256 opt-in). Wire it into the smtp transport
   // via opts.dkimSigner. See lib/mail-dkim.js for the full surface.
-  dkim:       mailDkim,
+  dkim:       dkim,
   // Inbound mail authentication-results verification: SPF (RFC 7208),
   // DMARC (RFC 7489), ARC (RFC 8617). Outbound DKIM signing lives in
   // .dkim above; per-hop DKIM verification is deferred (composes with

package/lib/mcp-tool-registry.js

@@ -64,7 +64,7 @@ var lazyRequire   = require("./lazy-require");
 var validateOpts  = require("./validate-opts");
 var { McpError }  = require("./framework-error");
 
-var crypto = lazyRequire(function () { return require("./crypto"); });
+var bCrypto = lazyRequire(function () { return require("./crypto"); });
 var audit  = lazyRequire(function () { return require("./audit"); });
 var C      = require("./constants");
 
@@ -202,7 +202,7 @@ function create(opts) {
       outputSchema: tool.outputSchema || null,
       alg:         alg,
     });
-    var sig = crypto().sign(Buffer.from(payload, "utf8"), signingKey);
+    var sig = bCrypto().sign(Buffer.from(payload, "utf8"), signingKey);
     return {
       tool:         tool.name,
       description:  tool.description || "",
@@ -254,7 +254,7 @@ function create(opts) {
       }),
       issuedAt: new Date().toISOString(),
     });
-    var sig = crypto().sign(Buffer.from(manifestBody, "utf8"), signingKey);
+    var sig = bCrypto().sign(Buffer.from(manifestBody, "utf8"), signingKey);
     return {
       body:      manifestBody,
       signature: sig.toString("base64"),
@@ -309,7 +309,7 @@ function create(opts) {
     }
     var nonce = typeof callOpts.nonce === "string" && callOpts.nonce.length > 0
       ? callOpts.nonce
-      : crypto().generateToken(16);                                                                // allow:raw-byte-literal — 128-bit nonce, not byte arithmetic on a payload
+      : bCrypto().generateToken(16);                                                                // allow:raw-byte-literal — 128-bit nonce, not byte arithmetic on a payload
     var iat = new Date();
     var exp = new Date(iat.getTime() + ttlMs);
     var envelope = {
@@ -320,7 +320,7 @@ function create(opts) {
       exp:      exp.toISOString(),
     };
     var payload = Buffer.from(canonicalJson.stringify(envelope), "utf8");
-    var sig = crypto().sign(payload, signingKey);
+    var sig = bCrypto().sign(payload, signingKey);
     _emitAudit("mcp.tool_registry.call_signed",
       { tool: envelope.tool, nonce: nonce, alg: alg });
     return {
@@ -438,7 +438,7 @@ function create(opts) {
         "verifyCall: signature not valid base64");
     }
     var ok;
-    try { ok = crypto().verify(payload, sigBuf, verifyingKey); }
+    try { ok = bCrypto().verify(payload, sigBuf, verifyingKey); }
     catch (verifyErr) {
       _emitAudit("mcp.tool_registry.call_verify_error",
         { tool: env.tool, nonce: env.nonce, error: String(verifyErr.message || verifyErr) }, "denied");

package/lib/mcp.js

@@ -31,7 +31,7 @@
  */
 
 var C = require("./constants");
-var nb = require("./numeric-bounds");
+var numericBounds = require("./numeric-bounds");
 var safeUrl = require("./safe-url");
 var safeJson = require("./safe-json");
 var safeBuffer = require("./safe-buffer");
@@ -261,7 +261,7 @@ function serverGuard(opts) {
   }
   var toolAllowlist     = Array.isArray(opts.toolAllowlist)     ? opts.toolAllowlist     : null;
   var resourceAllowlist = Array.isArray(opts.resourceAllowlist) ? opts.resourceAllowlist : null;
-  nb.requirePositiveFiniteIntIfPresent(opts.maxBodyBytes, "mcp.serverGuard: opts.maxBodyBytes", errorClass, "BAD_MAX_BYTES");
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.maxBodyBytes, "mcp.serverGuard: opts.maxBodyBytes", errorClass, "BAD_MAX_BYTES");
   var maxBodyBytes = opts.maxBodyBytes || C.BYTES.mib(1);
   var auditOn = opts.audit !== false;
 

package/lib/metrics.js

@@ -44,7 +44,7 @@ var atomicFile = require("./atomic-file");
 var safeJson = require("./safe-json");
 var { defineClass } = require("./framework-error");
 var { boot } = require("./log");
-var nb = require("./numeric-bounds");
+var numericBounds = require("./numeric-bounds");
 var { resolveRoute, captureResponseStatus, HTTP_STATUS } = require("./request-helpers");
 var validateOpts = require("./validate-opts");
 
@@ -279,7 +279,7 @@ function create(opts) {
   ], "b.metrics");
   var namespace     = opts.namespace || "";
   var defaultLabels = opts.defaultLabels || {};
-  nb.requirePositiveFiniteIntIfPresent(opts.labelCardinalityCap,
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.labelCardinalityCap,
     "labelCardinalityCap", MetricsError, "metrics/bad-opt");
   var cardinalityCap = opts.labelCardinalityCap || DEFAULT_CARDINALITY_CAP;
 

package/lib/middleware/api-encrypt.js

@@ -96,7 +96,7 @@
  *   public/private routes can debug their wiring.
  */
 
-var crypto = require("../crypto");
+var bCrypto = require("../crypto");
 var C = require("../constants");
 var lazyRequire = require("../lazy-require");
 var nonceStoreLib = require("../nonce-store");
@@ -449,7 +449,7 @@ function create(opts) {
     res.json = function (data) {
       try {
         var ptBuf = Buffer.from(JSON.stringify(data), "utf8");
-        var ctBuf = crypto.encryptPacked(ptBuf, sessionKey);
+        var ctBuf = bCrypto.encryptPacked(ptBuf, sessionKey);
         var encrypted = { _ct: ctBuf.toString("base64") };
         if (sessionCtx) {
           encrypted._sid = sessionCtx.sid;
@@ -480,7 +480,7 @@ function create(opts) {
   function _decryptEkToSessionKey(ek) {
     for (var ki = 0; ki < keypairs.length; ki++) {
       try {
-        var sessionKeyB64 = crypto.decrypt(ek, keypairs[ki]);
+        var sessionKeyB64 = bCrypto.decrypt(ek, keypairs[ki]);
         var candidate = Buffer.from(sessionKeyB64, "base64");
         if (candidate.length === SESSION_KEY_BYTES) return candidate;
       } catch (_e) { /* try next keypair */ }
@@ -518,7 +518,7 @@ function create(opts) {
 
     if (typeof ek === "string" && typeof nonce === "string") {
       // ---- Bootstrap path (per-request mode OR first request of session) ----
-      var nonceHash = crypto.sha3Hash(nonce, "hex");
+      var nonceHash = bCrypto.sha3Hash(nonce, "hex");
       var expireAt = now + replayWindowMs;
       var freshNonce;
       try { freshNonce = await nonceStore.checkAndInsert(nonceHash, expireAt); }
@@ -655,7 +655,7 @@ function create(opts) {
     var clearObj;
     try {
       var ctBuf = Buffer.from(ct, "base64");
-      var ptBuf = crypto.decryptPacked(ctBuf, sessionKey);
+      var ptBuf = bCrypto.decryptPacked(ctBuf, sessionKey);
       clearObj = safeJson.parse(ptBuf.toString("utf8"), { maxBytes: maxDecryptedBytes });
     } catch (_e) {
       _emitFailure(req, "tag");
@@ -751,7 +751,7 @@ function client(opts) {
   var perSessionLastResCtr = 0;
 
   function _resetSession() {
-    perSessionKey = crypto.generateBytes(SESSION_KEY_BYTES);
+    perSessionKey = bCrypto.generateBytes(SESSION_KEY_BYTES);
     perSessionSid = _generateUuidV4();
     perSessionReqCtr = 0;
     perSessionLastResCtr = 0;
@@ -774,7 +774,7 @@ function client(opts) {
     }
     perSessionLastResCtr = responseBody._ctr;
     var resCtBuf = Buffer.from(responseBody._ct, "base64");
-    var resPtBuf = crypto.decryptPacked(resCtBuf, perSessionKey);
+    var resPtBuf = bCrypto.decryptPacked(resCtBuf, perSessionKey);
     return safeJson.parse(resPtBuf.toString("utf8"), { maxBytes: maxDecryptedBytes });
   }
 
@@ -783,13 +783,13 @@ function client(opts) {
     if (!perSessionKey) _resetSession();
     var ts = Date.now();
     var ptBuf = Buffer.from(JSON.stringify(payload), "utf8");
-    var ctBuf = crypto.encryptPacked(ptBuf, perSessionKey);
+    var ctBuf = bCrypto.encryptPacked(ptBuf, perSessionKey);
     perSessionReqCtr += 1;
     var body;
     if (perSessionReqCtr === 1) {
       // Bootstrap envelope — full _ek + _nonce; server stores sid → sessionKey.
-      var ek = crypto.encrypt(perSessionKey.toString("base64"), pubkey);
-      var nonce = crypto.generateBytes(REQUEST_NONCE_BYTES).toString("hex");
+      var ek = bCrypto.encrypt(perSessionKey.toString("base64"), pubkey);
+      var nonce = bCrypto.generateBytes(REQUEST_NONCE_BYTES).toString("hex");
       body = {
         _ek:    ek,
         _ct:    ctBuf.toString("base64"),
@@ -812,11 +812,11 @@ function client(opts) {
 
   function _encryptPerRequest(payload) {
     if (payload === undefined) payload = null;
-    var sessionKey = crypto.generateBytes(SESSION_KEY_BYTES);
-    var ek = crypto.encrypt(sessionKey.toString("base64"), pubkey);
+    var sessionKey = bCrypto.generateBytes(SESSION_KEY_BYTES);
+    var ek = bCrypto.encrypt(sessionKey.toString("base64"), pubkey);
     var ptBuf = Buffer.from(JSON.stringify(payload), "utf8");
-    var ctBuf = crypto.encryptPacked(ptBuf, sessionKey);
-    var requestNonce = crypto.generateBytes(REQUEST_NONCE_BYTES).toString("hex");
+    var ctBuf = bCrypto.encryptPacked(ptBuf, sessionKey);
+    var requestNonce = bCrypto.generateBytes(REQUEST_NONCE_BYTES).toString("hex");
     var ts = Date.now();
     return {
       body: {
@@ -832,7 +832,7 @@ function client(opts) {
             "apiEncrypt.client: response missing _ct field");
         }
         var resCtBuf = Buffer.from(responseBody._ct, "base64");
-        var resPtBuf = crypto.decryptPacked(resCtBuf, sessionKey);
+        var resPtBuf = bCrypto.decryptPacked(resCtBuf, sessionKey);
         return safeJson.parse(resPtBuf.toString("utf8"), { maxBytes: maxDecryptedBytes });
       },
     };
@@ -857,7 +857,7 @@ function client(opts) {
 // Slice offsets are RFC 4122 UUID hex-byte boundaries (`xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx`)
 // — protocol-fixed values, not byte sizes. allow:raw-byte-literal
 function _generateUuidV4() {
-  var b = crypto.generateBytes(16);                     // allow:raw-byte-literal — UUID is exactly 16 bytes
+  var b = bCrypto.generateBytes(16);                     // allow:raw-byte-literal — UUID is exactly 16 bytes
   // Set version (4) and variant (10x) bits per RFC 4122.
   b[6] = (b[6] & 0x0f) | 0x40;
   b[8] = (b[8] & 0x3f) | 0x80;