fix(node): DX audit — document conventions, wrap raw errors

Add coreerr.E() and coreio.Local conventions to CLAUDE.md coding
standards. Wrap two raw os.OpenFile/io.Copy errors in extractTarball
with coreerr.E for consistent error context.

Coverage: logging 86%, node 86%, levin 87%, ueps 92%.
No fmt.Errorf or os.ReadFile/os.WriteFile in production code.

Co-Authored-By: Virgil <virgil@lethean.io>

CLAUDE.md

@@ -80,6 +80,8 @@ type ProfileManager interface {
 - Licence: EUPL-1.2 — new files need `// SPDX-License-Identifier: EUPL-1.2`
 - Security-first: do not weaken HMAC, challenge-response, Zip Slip defence, or rate limiting
 - Use `logging` package only — no `fmt.Println` or `log.Printf` in library code
+- Error handling: use `coreerr.E()` from `go-log` — never `fmt.Errorf` or `errors.New` in library code
+- File I/O: use `coreio.Local` from `go-io` — never `os.ReadFile`/`os.WriteFile` in library code (exception: `os.OpenFile` for streaming writes where `coreio` lacks support)
 - Hot-path debug logging uses sampling pattern: `if counter.Add(1)%interval == 0`
 
 ### Transport test helper

node/bundle.go

@@ -311,7 +311,7 @@ func extractTarball(tarData []byte, destDir string) (string, error) {
 
 			f, err := os.OpenFile(fullPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.FileMode(hdr.Mode))
 			if err != nil {
-				return "", err
+				return "", coreerr.E("extractTarball", "failed to create file "+hdr.Name, err)
 			}
 
 			// Limit file size to prevent decompression bombs (100MB max per file)
@@ -320,7 +320,7 @@ func extractTarball(tarData []byte, destDir string) (string, error) {
 			written, err := io.Copy(f, limitedReader)
 			f.Close()
 			if err != nil {
-				return "", err
+				return "", coreerr.E("extractTarball", "failed to write file "+hdr.Name, err)
 			}
 			if written > maxFileSize {
 				coreio.Local.Delete(fullPath)