@seasonkoh/webaz 0.1.16 → 0.1.17

package/dist/pwa/routes/disputes-write.js

@@ -1,6 +1,6 @@
 import express from 'express';
 export function registerDisputesWriteRoutes(app, deps) {
-    const { db, auth, generateId, detectFraud, errorRes, isEligibleArbitrator, requireHumanPresence, getDisputeDetails, respondToDispute, arbitrateDispute, addPartyEvidence, requestEvidence, markEvidenceExpiry, uploadEvidence, EVIDENCE_MAX_BYTES, EVIDENCE_ALLOWED_MIME, appendOrderEvent, FUND_BASE_RATE, settleCommission, depositToFund, calculatePv, recordDisputeReputation, issueAgentStrike, publishDisputeCase, logAdminAction, snfSend } = deps;
+    const { db, auth, generateId, detectFraud, errorRes, isEligibleArbitrator, requireHumanPresence, getDisputeDetails, respondToDispute, arbitrateDispute, addPartyEvidence, requestEvidence, markEvidenceExpiry, uploadEvidence, EVIDENCE_MAX_BYTES, EVIDENCE_ALLOWED_MIME, appendOrderEvent, FUND_BASE_RATE, settleCommission, depositToFund, calculatePv, recordDisputeReputation, issueAgentStrike, publishDisputeCase, logAdminAction, snfSend, getProtocolParam } = deps;
     // 被诉方反驳
     app.post('/api/disputes/:id/respond', (req, res) => {
         const user = auth(req, res);
@@ -472,4 +472,152 @@ export function registerDisputesWriteRoutes(app, deps) {
             return void res.json({ error: result.error });
         res.json({ success: true, request_id: result.requestId });
     });
+    // ─── task #1093 stage 6: arbitrator_pause / resume auto_judge ─────
+    // Spec: docs/ARBITRATION-PLAYBOOK.md §2.1 (clock conflict resolution)
+    // Freezes the 48h respondent-silence + arbitrate_deadline clocks while
+    // arbitrator legitimately needs more time(e.g., evidence collection).
+    //
+    // Both endpoints require caller is one of dispute.assigned_arbitrators.
+    // Repause(extend) allowed — each pause writes an audit_log entry.
+    // No Iron-Rule Passkey: routine arbitrator action, fully audit-traceable.
+    function isAssignedArbitrator(disputeId, userId) {
+        const row = db.prepare(`SELECT assigned_arbitrators FROM disputes WHERE id = ?`).get(disputeId);
+        if (!row)
+            return false;
+        let arr = [];
+        try {
+            arr = JSON.parse(row.assigned_arbitrators || '[]');
+        }
+        catch {
+            arr = [];
+        }
+        return arr.includes(userId);
+    }
+    function appendAuditLog(disputeId, entry) {
+        // Append-only JSON array. Reads existing audit_log, appends, writes back.
+        const row = db.prepare(`SELECT audit_log FROM disputes WHERE id = ?`).get(disputeId);
+        let arr = [];
+        try {
+            arr = JSON.parse(row?.audit_log || '[]');
+        }
+        catch {
+            arr = [];
+        }
+        arr.push({ ...entry, at: Math.floor(Date.now() / 1000) });
+        db.prepare(`UPDATE disputes SET audit_log = ? WHERE id = ?`).run(JSON.stringify(arr), disputeId);
+    }
+    // task #1093 stage 6 P0 fix:pause 必须扩展 deadline,否则 cron 解冻后立即 auto-judge
+    // 且 /respond 端点硬查 deadline,暂停期间 respondent 提交反驳会被拒
+    function extendIsoDeadlineBySeconds(text, secondsToAdd) {
+        if (!text || secondsToAdd <= 0)
+            return text;
+        const ms = new Date(text).getTime();
+        if (isNaN(ms))
+            return text; // unparseable — leave as is
+        return new Date(ms + secondsToAdd * 1000).toISOString();
+    }
+    app.post('/api/disputes/:id/arbitrator-pause-auto-judge', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const userId = user.id;
+        const disputeId = req.params.id;
+        const body = req.body || {};
+        const reason = String(body.reason || '').trim();
+        const untilTs = Number(body.until_ts || 0);
+        if (!reason || reason.length < 10) {
+            return void errorRes(res, 400, 'REASON_TOO_SHORT', '暂停理由至少 10 字符(写入 audit_log 公示)');
+        }
+        if (!untilTs || untilTs <= Math.floor(Date.now() / 1000)) {
+            return void errorRes(res, 400, 'INVALID_UNTIL_TS', 'until_ts 必须是未来 epoch 秒');
+        }
+        const maxHours = Number(getProtocolParam('arbitration_max_pause_hours', 168));
+        const maxAllowed = Math.floor(Date.now() / 1000) + maxHours * 3600;
+        if (untilTs > maxAllowed) {
+            return void errorRes(res, 400, 'EXCEEDS_MAX_HOURS', `until_ts 超过最大暂停窗口 ${maxHours}h(playbook §2.1)`);
+        }
+        const dispute = db.prepare(`SELECT id, status, ruling_type, assigned_arbitrators, auto_judge_paused_until, respond_deadline, arbitrate_deadline FROM disputes WHERE id = ?`).get(disputeId);
+        if (!dispute)
+            return void errorRes(res, 404, 'NOT_FOUND', 'dispute 不存在');
+        if (dispute.ruling_type) {
+            return void errorRes(res, 409, 'ALREADY_RULED', '已裁决的 dispute 不能暂停自动判定时钟');
+        }
+        if (dispute.status !== 'open' && dispute.status !== 'in_review') {
+            return void errorRes(res, 409, 'WRONG_STATUS', `status='${dispute.status}',只能 pause open / in_review`);
+        }
+        if (!isAssignedArbitrator(disputeId, userId)) {
+            return void errorRes(res, 403, 'NOT_ASSIGNED_ARBITRATOR', '仅 assigned_arbitrators 可暂停自动判定时钟');
+        }
+        // P0 fix:计算 deadline 扩展秒数
+        // - 首次 pause:increment = untilTs - now
+        // - repause(已经 paused):increment = untilTs - existing_paused_until(可能 < 0,clamp 0)
+        // 这样多次 pause 累加正确;repause 缩短无效果(只 audit_log 记)
+        const nowSec = Math.floor(Date.now() / 1000);
+        const baseline = dispute.auto_judge_paused_until && dispute.auto_judge_paused_until > nowSec
+            ? dispute.auto_judge_paused_until
+            : nowSec;
+        const incrementSec = Math.max(0, untilTs - baseline);
+        db.transaction(() => {
+            // 扩展 deadline(若 increment > 0)
+            let newRespondDeadline = dispute.respond_deadline;
+            let newArbitrateDeadline = dispute.arbitrate_deadline;
+            if (incrementSec > 0) {
+                newRespondDeadline = extendIsoDeadlineBySeconds(dispute.respond_deadline, incrementSec);
+                newArbitrateDeadline = extendIsoDeadlineBySeconds(dispute.arbitrate_deadline, incrementSec);
+                db.prepare(`UPDATE disputes SET respond_deadline = ?, arbitrate_deadline = ? WHERE id = ?`)
+                    .run(newRespondDeadline, newArbitrateDeadline, disputeId);
+            }
+            db.prepare(`UPDATE disputes SET auto_judge_paused_until = ?, auto_judge_pause_reason = ? WHERE id = ?`)
+                .run(untilTs, reason, disputeId);
+            appendAuditLog(disputeId, {
+                event: 'arbitrator_pause_auto_judge',
+                actor: userId,
+                reason,
+                until_ts: untilTs,
+                deadline_extended_seconds: incrementSec,
+                is_repause: dispute.auto_judge_paused_until !== null && dispute.auto_judge_paused_until > nowSec,
+                spec_ref: 'playbook §2.1',
+            });
+        })();
+        res.json({
+            success: true,
+            dispute_id: disputeId,
+            paused_until: untilTs,
+            paused_until_iso: new Date(untilTs * 1000).toISOString(),
+            max_hours: maxHours,
+            deadline_extended_seconds: incrementSec,
+            note: incrementSec > 0
+                ? `自动判定时钟已冻结,respond/arbitrate deadline 已延后 ${Math.round(incrementSec / 3600)}h。补证据期满或证据齐全后请显式 resume。`
+                : 'pause 已记录(repause 缩短无 deadline 变化)。',
+        });
+    });
+    app.post('/api/disputes/:id/arbitrator-resume-auto-judge', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const userId = user.id;
+        const disputeId = req.params.id;
+        const dispute = db.prepare(`SELECT id, ruling_type, auto_judge_paused_until FROM disputes WHERE id = ?`).get(disputeId);
+        if (!dispute)
+            return void errorRes(res, 404, 'NOT_FOUND', 'dispute 不存在');
+        if (dispute.ruling_type) {
+            return void errorRes(res, 409, 'ALREADY_RULED', '已裁决的 dispute 不需 resume');
+        }
+        if (!dispute.auto_judge_paused_until) {
+            return void errorRes(res, 409, 'NOT_PAUSED', '当前未暂停,无需 resume');
+        }
+        if (!isAssignedArbitrator(disputeId, userId)) {
+            return void errorRes(res, 403, 'NOT_ASSIGNED_ARBITRATOR', '仅 assigned_arbitrators 可 resume');
+        }
+        db.transaction(() => {
+            db.prepare(`UPDATE disputes SET auto_judge_paused_until = NULL, auto_judge_pause_reason = NULL WHERE id = ?`)
+                .run(disputeId);
+            appendAuditLog(disputeId, {
+                event: 'arbitrator_resume_auto_judge',
+                actor: userId,
+                spec_ref: 'playbook §2.1',
+            });
+        })();
+        res.json({ success: true, dispute_id: disputeId, note: '自动判定时钟已解冻' });
+    });
 }

package/dist/pwa/routes/governance-auto-deactivate.js

@@ -0,0 +1,108 @@
+/**
+ * Run one auto-deactivate sweep. Returns deactivation report for caller
+ * (cron caller logs to console; admin endpoint can call directly for query).
+ */
+export function runAutoDeactivateSweep(deps) {
+    const { db, generateId, getProtocolParam } = deps;
+    const thresholdCount = Number(getProtocolParam('governance_auto_deactivate_threshold_count', 5));
+    const thresholdPct = Number(getProtocolParam('governance_auto_deactivate_threshold_pct', 0.3));
+    const minSample = Number(getProtocolParam('governance_auto_deactivate_min_sample', 10));
+    const cooldownDays = Number(getProtocolParam('governance_resign_cooldown_days', 30));
+    // Candidates: users with role 'verifier' in users.roles JSON
+    //   + verifier_stats with tasks_done ≥ min_sample
+    //   + tasks_wrong ≥ threshold_count
+    //   + tasks_wrong/tasks_done ≥ threshold_pct
+    // (verifier_stats is the source-of-truth for confirmed_wrong; server.ts:5387 increments it
+    // on overturn, admin-verifier-flow.ts:130 decrements it on appeal success — exactly the
+    // "confirmed_wrong" signal playbook §6.2 requires.)
+    const candidates = db.prepare(`
+    SELECT u.id AS user_id, u.roles,
+           vs.tasks_done, vs.tasks_wrong
+    FROM users u
+    JOIN verifier_stats vs ON vs.user_id = u.id
+    WHERE u.roles IS NOT NULL
+      AND u.roles LIKE '%"verifier"%'
+      AND vs.tasks_done >= ?
+      AND vs.tasks_wrong >= ?
+      AND (CAST(vs.tasks_wrong AS REAL) / CAST(vs.tasks_done AS REAL)) >= ?
+  `).all(minSample, thresholdCount, thresholdPct);
+    const result = { scanned: candidates.length, deactivated: [] };
+    const cooldownUntil = Math.floor(Date.now() / 1000) + cooldownDays * 86400;
+    for (const c of candidates) {
+        // Recheck role inside transaction (idempotency + race safety)
+        try {
+            let didDeactivate = false;
+            db.transaction(() => {
+                const u = db.prepare("SELECT roles FROM users WHERE id = ?").get(c.user_id);
+                let roles = [];
+                try {
+                    roles = JSON.parse(u?.roles || '[]');
+                }
+                catch {
+                    roles = [];
+                }
+                if (!roles.includes('verifier'))
+                    return; // already deactivated
+                const wrongPct = c.tasks_wrong / c.tasks_done;
+                const reason = `confirmed_wrong_count=${c.tasks_wrong}/${c.tasks_done} (${(wrongPct * 100).toFixed(1)}%) ≥ threshold (count=${thresholdCount}, pct=${(thresholdPct * 100).toFixed(0)}%, min_sample=${minSample})`;
+                // 1. UPDATE all active rows → inactive
+                db.prepare("UPDATE governance_applications SET status = 'inactive' WHERE user_id = ? AND role = 'verifier' AND status = 'active'").run(c.user_id);
+                // 2. INSERT auto_deactivate row(audit + appeal source)
+                const id = generateId('gapp');
+                db.prepare(`
+          INSERT INTO governance_applications
+            (id, user_id, role, action, status, cooldown_until, appeal_reason)
+          VALUES (?, ?, 'verifier', 'auto_deactivate', 'inactive', ?, ?)
+        `).run(id, c.user_id, cooldownUntil, reason);
+                // Note: appeal_reason field stores the trigger reason (overloaded but keeps schema flat).
+                // The user's appeal text(if they file one)goes on a separate appeal row(action='appeal').
+                // 3. Remove from users.roles JSON
+                const newRoles = roles.filter(r => r !== 'verifier');
+                db.prepare("UPDATE users SET roles = ? WHERE id = ?").run(JSON.stringify(newRoles), c.user_id);
+                // 4. Notify user with appeal link
+                try {
+                    db.prepare(`INSERT INTO notifications (id, user_id, type, title, body, order_id) VALUES (?,?,?,?,?,?)`)
+                        .run(generateId('ntf'), c.user_id, 'governance', '⚠️ 你的 verifier 资格已被自动卸任 / Verifier role auto-deactivated', `${reason}\n\nspec docs/GOVERNANCE-ONBOARDING.md §6.2 §7.2:14 天内可在 #governance-me 提交申诉。\n14-day appeal window opens. Submit appeal at #governance-me.`, null);
+                }
+                catch (_e) { /* notification failure must not block deactivate */ }
+                didDeactivate = true;
+                result.deactivated.push({
+                    user_id: c.user_id,
+                    role: 'verifier',
+                    tasks_done: c.tasks_done,
+                    tasks_wrong: c.tasks_wrong,
+                    wrong_pct: wrongPct,
+                    reason,
+                });
+            })();
+            void didDeactivate;
+        }
+        catch (e) {
+            console.error('[governance-auto-deactivate] error for user', c.user_id, e);
+        }
+    }
+    return result;
+}
+/**
+ * Boot the cron. Registers an interval timer based on the
+ * governance_auto_deactivate_cron_hours protocol param value.
+ *
+ * Does NOT run an immediate sweep on boot — phase A solo maintainer
+ * wants to observe explicitly via admin endpoint first.
+ */
+export function startAutoDeactivateCron(deps) {
+    const hours = Number(deps.getProtocolParam('governance_auto_deactivate_cron_hours', 24));
+    const ms = Math.max(1, hours) * 60 * 60 * 1000;
+    setInterval(() => {
+        try {
+            const r = runAutoDeactivateSweep(deps);
+            if (r.deactivated.length > 0) {
+                console.log(`[gov-auto-deactivate] swept ${r.scanned} candidates, deactivated ${r.deactivated.length}:`, r.deactivated.map(d => `${d.user_id}(${d.tasks_wrong}/${d.tasks_done})`).join(', '));
+            }
+        }
+        catch (e) {
+            console.error('[gov-auto-deactivate-cron]', e);
+        }
+    }, ms);
+    console.log(`⚖️  governance auto-deactivate cron 已启动 (每 ${hours}h, anchor=confirmed_wrong per playbook §6.2)`);
+}