fix(devframe): bundle agnostic ohash digest to keep node:crypto out of browser

[antfu]

Summary

• ohash's main entry imports digest from ohash/crypto, whose conditional exports pick node (which imports node:crypto.createHash) when bundled by tsdown. That digest was being inlined into dist/utils/hash.mjs and transitively re-exported through dist/client/index.mjs via rpc/cache.ts, so every browser consumer of devframe/client ended up with a node:crypto import — broken.
• Force the agnostic (pure-JS) variant by aliasing ohash/crypto to the path produced by mlly.resolveSync with conditions: ['import'], skipping the node branch only for this specifier (other deps keep normal resolution).
• Add mlly to the build catalog and to devframe's devDependencies so the build-time resolution is properly declared. No source change needed — the alias is transparent to utils/hash.ts.

Test plan

• pnpm build — grep -RE "node:crypto|createHash" packages/devframe/dist/ returns no matches; bundled hash chunk now embeds ohash/dist/crypto/js/index.mjs.
• pnpm test — 283 tests pass, snapshots in dumps.test.ts.snap unchanged (JS and Node digests are bit-identical for SHA-256 + base64url).
• pnpm lint and pnpm typecheck clean.

[netlify]

✅ Deploy Preview for devfra ready!

Name	Link
🔨 Latest commit	ce2b876
🔍 Latest deploy log	https://app.netlify.com/projects/devfra/deploys/6a02ec7b9997d300086c2cb9
😎 Deploy Preview	https://deploy-preview-6--devfra.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
🤖 Make changes	Run an agent on this branch

---

To edit notification comments on pull requests, go to your Netlify project configuration.