@seasonkoh/webaz 0.1.17 → 0.1.19

package/dist/layer2-business/L2-9-contribution/build-tasks-engine.js

@@ -0,0 +1,180 @@
+import { generateId } from '../../layer0-foundation/L0-1-database/schema.js';
+import { creditBuildReputation, BUILD_POINTS } from './build-reputation-engine.js';
+export const TASK_STATUS = new Set(['open', 'claimed', 'in_review', 'done', 'abandoned']);
+export const TASK_PROVENANCE = new Set(['human', 'ai_assisted', 'ai_authored']);
+const CLAIM_TTL_DAYS = 7; // 认领后多久没进 in_review 自动回 open
+const CREATE_RATE_PER_DAY = 10; // 每人每日建任务上限(反灌水)
+const MAX_ACTIVE_CLAIMS = 5; // 单人同时持有的 claimed+in_review 上限(防"全占坑")
+const TITLE_MAX = 200;
+const TEXT_MAX = 4000;
+export function initBuildTasksSchema(db) {
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS build_tasks (
+      id                 TEXT PRIMARY KEY,            -- bt_xxx
+      title              TEXT NOT NULL,
+      area               TEXT,                        -- search / docs / mcp / dispute / ...(自由建议枚举)
+      description        TEXT,
+      rfc_ref            TEXT,                        -- 关联 RFC(如 RFC-006)
+      status             TEXT NOT NULL DEFAULT 'open',-- open | claimed | in_review | done | abandoned
+      claimer_id         TEXT,
+      claimer_provenance TEXT,                        -- human | ai_assisted | ai_authored(自报)
+      pr_ref             TEXT,                        -- submit 时填(PR 链接 / 编号)
+      claimed_at         TEXT,
+      claim_expires_at   TEXT,                        -- claimed 的 TTL,过期自动回 open
+      created_by         TEXT NOT NULL,
+      resolution         TEXT,                        -- admin 验收说明(done/abandoned)
+      resolved_by        TEXT,
+      created_at         TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at         TEXT NOT NULL DEFAULT (datetime('now'))
+    )
+  `);
+    db.exec(`CREATE INDEX IF NOT EXISTS idx_build_tasks_status ON build_tasks(status, updated_at DESC)`);
+    db.exec(`CREATE INDEX IF NOT EXISTS idx_build_tasks_area   ON build_tasks(area, status)`);
+    db.exec(`CREATE INDEX IF NOT EXISTS idx_build_tasks_claimer ON build_tasks(claimer_id, status)`);
+    // 状态变更审计(可追溯谁在何时改了什么)
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS build_task_events (
+      id          TEXT PRIMARY KEY,              -- btev_xxx
+      task_id     TEXT NOT NULL,
+      actor_id    TEXT,
+      from_status TEXT,
+      to_status   TEXT NOT NULL,
+      note        TEXT,
+      created_at  TEXT NOT NULL DEFAULT (datetime('now'))
+    )
+  `);
+    db.exec(`CREATE INDEX IF NOT EXISTS idx_build_task_events ON build_task_events(task_id, created_at)`);
+}
+function logTaskEvent(db, taskId, actorId, from, to, note) {
+    db.prepare(`INSERT INTO build_task_events (id, task_id, actor_id, from_status, to_status, note) VALUES (?,?,?,?,?,?)`)
+        .run(generateId('btev'), taskId, actorId, from, to, note);
+}
+// 惰性释放过期认领:claimed 且 claim_expires_at 已过 → 回 open(in_review 不动,它有 PR)。
+// 在每次 list / claim 前调用,无需 cron。
+export function releaseExpiredClaims(db) {
+    const expired = db.prepare(`SELECT id FROM build_tasks WHERE status = 'claimed' AND claim_expires_at IS NOT NULL AND claim_expires_at < datetime('now')`).all();
+    for (const t of expired) {
+        db.prepare(`UPDATE build_tasks SET status='open', claimer_id=NULL, claimer_provenance=NULL,
+      claimed_at=NULL, claim_expires_at=NULL, updated_at=datetime('now') WHERE id = ? AND status='claimed'`).run(t.id);
+        logTaskEvent(db, t.id, null, 'claimed', 'open', 'auto-release: claim expired');
+    }
+    return expired.length;
+}
+export function createBuildTask(db, input) {
+    const title = String(input.title || '').trim();
+    if (title.length < 3)
+        return { error: '标题太短(至少 3 字)', error_code: 'TITLE_TOO_SHORT' };
+    if (title.length > TITLE_MAX)
+        return { error: `标题过长(上限 ${TITLE_MAX})`, error_code: 'TITLE_TOO_LONG' };
+    const description = input.description ? String(input.description).slice(0, TEXT_MAX) : null;
+    const area = input.area ? String(input.area).slice(0, 64) : null;
+    const rfcRef = input.rfcRef ? String(input.rfcRef).slice(0, 64) : null;
+    const todayCount = db.prepare(`SELECT COUNT(*) AS n FROM build_tasks WHERE created_by = ? AND created_at > datetime('now','-1 day')`).get(input.creatorId).n;
+    if (todayCount >= CREATE_RATE_PER_DAY) {
+        return { error: `今日建任务已达上限(${CREATE_RATE_PER_DAY}/天)`, error_code: 'RATE_LIMITED' };
+    }
+    const id = generateId('bt');
+    db.prepare(`INSERT INTO build_tasks (id, title, area, description, rfc_ref, status, created_by)
+    VALUES (?,?,?,?,?, 'open', ?)`).run(id, title, area, description, rfcRef, input.creatorId);
+    logTaskEvent(db, id, input.creatorId, null, 'open', 'created');
+    return { id, status: 'open' };
+}
+export function listBuildTasks(db, f = {}) {
+    releaseExpiredClaims(db); // 先回收过期占坑,列表才准
+    const where = [];
+    const params = [];
+    if (f.status && TASK_STATUS.has(f.status)) {
+        where.push('status = ?');
+        params.push(f.status);
+    }
+    if (f.area) {
+        where.push('area = ?');
+        params.push(String(f.area).slice(0, 64));
+    }
+    if (f.claimerId) {
+        where.push('claimer_id = ?');
+        params.push(f.claimerId);
+    }
+    const sql = `SELECT id, title, area, description, rfc_ref, status, claimer_id, claimer_provenance,
+    pr_ref, claimed_at, claim_expires_at, created_by, resolution, created_at, updated_at
+    FROM build_tasks ${where.length ? 'WHERE ' + where.join(' AND ') : ''}
+    ORDER BY (status='open') DESC, updated_at DESC LIMIT 200`;
+    return db.prepare(sql).all(...params);
+}
+export function getBuildTask(db, id) {
+    releaseExpiredClaims(db);
+    const row = db.prepare(`SELECT * FROM build_tasks WHERE id = ?`).get(id);
+    if (!row)
+        return null;
+    row.events = db.prepare(`SELECT actor_id, from_status, to_status, note, created_at FROM build_task_events WHERE task_id = ? ORDER BY created_at`).all(id);
+    return row;
+}
+export function claimBuildTask(db, taskId, userId, provenance) {
+    releaseExpiredClaims(db);
+    const prov = provenance && TASK_PROVENANCE.has(provenance) ? provenance : 'human';
+    const active = db.prepare(`SELECT COUNT(*) AS n FROM build_tasks WHERE claimer_id = ? AND status IN ('claimed','in_review')`).get(userId).n;
+    if (active >= MAX_ACTIVE_CLAIMS) {
+        return { error: `你已持有 ${active} 个进行中的任务(上限 ${MAX_ACTIVE_CLAIMS}),先完成或释放再认领`, error_code: 'TOO_MANY_CLAIMS' };
+    }
+    // 原子认领:只有 open 才能被领;并发下只有一个成功
+    const expiresExpr = `datetime('now','+${CLAIM_TTL_DAYS} days')`;
+    const upd = db.prepare(`UPDATE build_tasks SET status='claimed', claimer_id=?, claimer_provenance=?,
+    claimed_at=datetime('now'), claim_expires_at=${expiresExpr}, updated_at=datetime('now')
+    WHERE id = ? AND status='open'`).run(userId, prov, taskId);
+    if (upd.changes === 0) {
+        const exist = db.prepare(`SELECT status FROM build_tasks WHERE id = ?`).get(taskId);
+        if (!exist)
+            return { error: '任务不存在', error_code: 'NOT_FOUND' };
+        return { error: `任务当前状态为 ${exist.status},不可认领(只有 open 可领)`, error_code: 'NOT_OPEN' };
+    }
+    logTaskEvent(db, taskId, userId, 'open', 'claimed', `provenance=${prov}`);
+    const row = db.prepare(`SELECT claim_expires_at FROM build_tasks WHERE id = ?`).get(taskId);
+    return { id: taskId, status: 'claimed', claim_expires_at: row.claim_expires_at };
+}
+export function submitBuildTask(db, taskId, userId, prRef, note) {
+    const t = db.prepare(`SELECT status, claimer_id FROM build_tasks WHERE id = ?`).get(taskId);
+    if (!t)
+        return { error: '任务不存在', error_code: 'NOT_FOUND' };
+    if (t.claimer_id !== userId)
+        return { error: '只有认领者可提交', error_code: 'NOT_CLAIMER' };
+    if (t.status !== 'claimed')
+        return { error: `任务状态为 ${t.status},仅 claimed 可提交进 in_review`, error_code: 'BAD_STATE' };
+    const pr = prRef ? String(prRef).slice(0, 300) : null;
+    db.prepare(`UPDATE build_tasks SET status='in_review', pr_ref=?, updated_at=datetime('now') WHERE id = ? AND status='claimed'`).run(pr, taskId);
+    logTaskEvent(db, taskId, userId, 'claimed', 'in_review', note ? `pr=${pr || '?'} note=${String(note).slice(0, 200)}` : `pr=${pr || '?'}`);
+    return { id: taskId, status: 'in_review' };
+}
+// 认领者主动放弃 → 回 open(让别人接)
+export function releaseBuildTask(db, taskId, userId) {
+    const t = db.prepare(`SELECT status, claimer_id FROM build_tasks WHERE id = ?`).get(taskId);
+    if (!t)
+        return { error: '任务不存在', error_code: 'NOT_FOUND' };
+    if (t.claimer_id !== userId)
+        return { error: '只有认领者可释放', error_code: 'NOT_CLAIMER' };
+    if (t.status !== 'claimed' && t.status !== 'in_review')
+        return { error: `任务状态为 ${t.status},无可释放`, error_code: 'BAD_STATE' };
+    db.prepare(`UPDATE build_tasks SET status='open', claimer_id=NULL, claimer_provenance=NULL,
+    claimed_at=NULL, claim_expires_at=NULL, pr_ref=NULL, updated_at=datetime('now') WHERE id = ?`).run(taskId);
+    logTaskEvent(db, taskId, userId, t.status, 'open', 'released by claimer');
+    return { id: taskId, status: 'open' };
+}
+// 验收终态 done / abandoned —— **仅 admin/maintainer**(验收=真人,RFC-006 不变量 2)。
+// 注:此处不发奖励/不记 build_reputation;那是 stage 4(独立池)的事。
+export function resolveBuildTask(db, taskId, status, adminId, note) {
+    if (status !== 'done' && status !== 'abandoned')
+        return { error: "status 必须是 done | abandoned", error_code: 'BAD_STATUS' };
+    const t = db.prepare(`SELECT status, claimer_id FROM build_tasks WHERE id = ?`).get(taskId);
+    if (!t)
+        return { error: '任务不存在', error_code: 'NOT_FOUND' };
+    db.prepare(`UPDATE build_tasks SET status=?, resolution=?, resolved_by=?, updated_at=datetime('now') WHERE id = ?`)
+        .run(status, note ? String(note).slice(0, TEXT_MAX) : null, adminId, taskId);
+    logTaskEvent(db, taskId, adminId, t.status, status, note ? String(note).slice(0, 200) : null);
+    // 验收 done → 给认领者记【建设】信誉(独立池;奖励锚真人:仅 Passkey 用户记分)。防重复见 creditBuildReputation。
+    if (status === 'done' && t.claimer_id && t.status !== 'done') {
+        const hasAnchor = ((db.prepare('SELECT COUNT(*) AS n FROM webauthn_credentials WHERE user_id = ?')
+            .get(t.claimer_id)?.n) || 0) > 0;
+        if (hasAnchor)
+            creditBuildReputation(db, t.claimer_id, 'task_done', BUILD_POINTS.task_done, taskId, `task ${taskId} done`);
+    }
+    return { id: taskId, status };
+}

package/dist/pwa/public/app.js

@@ -736,6 +736,7 @@ async function render(page, params) {
     case 'kyc':             return renderKyc(app)
     case 'feedback':        return renderFeedback(app)
     case 'build-feedback':  return renderMyBuildFeedback(app)
+    case 'my-contributions': return renderMyContributions(app)
     case 'admin-feedback':  return renderAdminFeedback(app)
     case 'admin-payments':  return renderAdminPayments(app)
     case 'my-agents':       return renderMyAgents(app)
@@ -9756,6 +9757,54 @@ async function renderMyBuildFeedback(app) {
   `, 'me')
 }
 
+// RFC-006 Gap 2:贡献者【自查】看板 — KPI / 等级 / 限制 + 申诉。仅自查(私密),建设信誉独立池不解锁交易角色。
+async function renderMyContributions(app) {
+  if (!state.user) { renderLogin(); return }
+  app.innerHTML = shell(loading$(), 'me')
+  const p = await GET('/build-reputation/me')
+  if (!p || p.error) { app.innerHTML = shell(`<div class="card" style="padding:16px;color:#b91c1c">${escHtml(p?.error || t('加载失败'))}</div>`, 'me'); return }
+  const lang = window._lang === 'zh' ? 'zh' : 'en'
+  const tier = p.tier || {}
+  const k = p.kpi || {}
+  const stat = (label, val) => `<div class="card" style="padding:10px;text-align:center"><div style="font-size:20px;font-weight:700;color:#4f46e5">${val ?? 0}</div><div style="font-size:11px;color:#6b7280">${label}</div></div>`
+  const provRows = (p.provenance || []).map(x => {
+    const m = { human: t('真人'), ai_assisted: t('AI 辅助'), ai_authored: t('AI 主笔'), unspecified: t('未声明') }
+    return `<span style="font-size:11px;color:#6b7280;margin-right:10px">${m[x.provenance] || x.provenance}: <b>${x.count}</b></span>`
+  }).join('')
+  const restr = (p.restrictions || [])
+  const restrHtml = restr.length === 0
+    ? `<div style="font-size:12px;color:#16a34a">✓ ${t('无限制')}</div>`
+    : restr.map(r => `<div class="card" style="padding:10px;margin-bottom:6px;border-left:3px solid #dc2626">
+        <div style="font-size:12px;color:#dc2626;font-weight:600">${escHtml(String(r.reason_code || ''))} · ${escHtml(String(r.severity || ''))}</div>
+        <div style="font-size:12px;color:#374151">${escHtml(String(r.reason_detail || ''))}</div>
+        <div style="font-size:11px;color:#6b7280;margin-top:4px">${t('如有异议可申诉')} → <code>/api/me/agents/strikes/${escHtml(String(r.id))}/appeal</code></div>
+      </div>`).join('')
+  app.innerHTML = shell(`
+    <h1 class="page-title">🛠️ ${t('我的共建')}</h1>
+    <div style="font-size:12px;color:#6b7280;margin-bottom:14px">${t('你的建设贡献(独立于交易信誉 — 不影响 verifier/仲裁准入)')}</div>
+    <div class="card" style="padding:14px;margin-bottom:12px;background:linear-gradient(135deg,#eef2ff,#faf5ff)">
+      <div style="display:flex;justify-content:space-between;align-items:center">
+        <div><div style="font-size:11px;color:#6b7280">${t('建设等级')}</div><div style="font-size:18px;font-weight:700">${lang === 'zh' ? (tier.label_zh || '') : (tier.label_en || '')}</div></div>
+        <div style="text-align:right"><div style="font-size:11px;color:#6b7280">${t('建设积分')}</div><div style="font-size:18px;font-weight:700;color:#4f46e5">${p.build_points ?? 0}</div></div>
+      </div>
+      <div style="font-size:11px;color:#6b7280;margin-top:8px">${t('当前可参与')}:${lang === 'zh' ? (tier.caps_zh || '') : (tier.caps_en || '')}${tier.next_at ? ` · ${t('下一级')} @ ${tier.next_at}` : ''}</div>
+    </div>
+    <div style="display:grid;grid-template-columns:repeat(3,1fr);gap:8px;margin-bottom:12px">
+      ${stat(t('认领中'), k.tasks_claimed)}
+      ${stat(t('审核中'), k.tasks_in_review)}
+      ${stat(t('已验收'), k.tasks_done)}
+      ${stat(t('提反馈'), k.feedback_submitted)}
+      ${stat(t('被采纳'), k.feedback_accepted)}
+      ${stat(t('提任务'), k.tasks_created)}
+    </div>
+    ${provRows ? `<div class="card" style="padding:10px;margin-bottom:12px"><div style="font-size:11px;color:#6b7280;margin-bottom:4px">${t('署名构成(自报)')}</div>${provRows}</div>` : ''}
+    ${!p.reward_anchored ? `<div class="card" style="padding:10px;margin-bottom:12px;border-left:3px solid #d97706"><div style="font-size:12px;color:#92400e">${t('未绑 Passkey:贡献可受理致谢,但需绑定真人锚点才记入建设信誉。')}</div></div>` : ''}
+    <div style="font-size:13px;font-weight:600;margin:14px 0 6px">${t('限制与申诉')}</div>
+    ${restrHtml}
+    <div style="font-size:11px;color:#9ca3af;margin-top:14px">${t('看板仅自己可见,不做公开排行。')}</div>
+  `, 'me')
+}
+
 // W7 客服 ticket-thread 视图
 const TICKET_TYPE_META = {
   created:       { icon: '🛟', title: '新建工单',   border: '#d97706' },

package/dist/pwa/public/i18n.js

@@ -6047,6 +6047,29 @@ const _EN = {
   '体验问题': 'UX issue',
   '提案': 'Proposal',
   '共建信誉': 'Co-build reputation',
+  // RFC-006 Gap 2:贡献者看板
+  '我的共建': 'My contributions',
+  '你的建设贡献(独立于交易信誉 — 不影响 verifier/仲裁准入)': 'Your building contributions (separate from trade reputation — does NOT gate verifier/arbitrator)',
+  '建设等级': 'Build tier',
+  '建设积分': 'Build points',
+  '当前可参与': 'Can currently do',
+  '下一级': 'Next tier',
+  '认领中': 'Claimed',
+  '审核中': 'In review',
+  '已验收': 'Accepted (done)',
+  '提反馈': 'Feedback sent',
+  '被采纳': 'Accepted',
+  '提任务': 'Tasks created',
+  '署名构成(自报)': 'Authorship (self-declared)',
+  '真人': 'Human',
+  'AI 辅助': 'AI-assisted',
+  'AI 主笔': 'AI-authored',
+  '未声明': 'Unspecified',
+  '未绑 Passkey:贡献可受理致谢,但需绑定真人锚点才记入建设信誉。': 'No Passkey: contributions are acknowledged, but earning build reputation requires a real-person Passkey anchor.',
+  '限制与申诉': 'Restrictions & appeal',
+  '无限制': 'No restrictions',
+  '如有异议可申诉': 'Appeal if you disagree',
+  '看板仅自己可见,不做公开排行。': 'This dashboard is private to you — no public leaderboard.',
 }
 
 window.t = (zh) => window._lang === 'en' ? (_EN[zh] || zh) : zh

package/dist/pwa/routes/build-feedback.js

@@ -1,4 +1,4 @@
-import { submitBuildFeedback, listMyBuildFeedback, getBuildFeedback, adminListBuildFeedback, adminUpdateBuildFeedback, } from '../../layer2-business/L2-8-feedback/build-feedback-engine.js';
+import { submitBuildFeedback, listMyBuildFeedback, getBuildFeedback, adminListBuildFeedback, adminUpdateBuildFeedback, triagePendingBuildFeedback, } from '../../layer2-business/L2-8-feedback/build-feedback-engine.js';
 export function registerBuildFeedbackRoutes(app, deps) {
     const { db, auth, requireSupportAdmin } = deps;
     const hasPasskey = (userId) => ((db.prepare('SELECT COUNT(*) AS n FROM webauthn_credentials WHERE user_id = ?').get(userId)?.n) || 0) > 0;
@@ -52,13 +52,29 @@ export function registerBuildFeedbackRoutes(app, deps) {
         const status = typeof req.query.status === 'string' ? req.query.status : undefined;
         res.json({ feedback: adminListBuildFeedback(db, status) });
     });
+    // RFC-005 Phase 2:AI 自动 triage(advisory)— 批量处理 received 反馈:去重 + 标风险/摘要 + 置 triaged。
+    // 不 resolve、不记功(人类的)。无 AI key 时只做确定性去重 + 置 triaged。
+    // ⚠️ 必须在 /:id 之前声明,否则 'triage' 会被 :id 捕获。
+    app.post('/api/admin/build-feedback/triage', async (req, res) => {
+        if (!requireSupportAdmin(req, res))
+            return;
+        const limit = Math.min(50, Math.max(1, Number((req.body ?? {}).limit) || 20));
+        try {
+            const r = await triagePendingBuildFeedback(db, limit);
+            res.json(r);
+        }
+        catch (e) {
+            res.status(500).json({ error: 'triage failed', detail: String(e.message) });
+        }
+    });
     app.post('/api/admin/build-feedback/:id', (req, res) => {
         const admin = requireSupportAdmin(req, res);
         if (!admin)
             return;
-        const { status, resolution, rfc_draft, credit } = req.body ?? {};
+        const { status, resolution, rfc_draft, credit, promote_to_task } = req.body ?? {};
         const result = adminUpdateBuildFeedback(db, {
-            id: String(req.params.id), status, resolution, rfcDraft: rfc_draft, credit: !!credit, adminId: admin.id,
+            id: String(req.params.id), status, resolution, rfcDraft: rfc_draft, credit: !!credit,
+            promoteToTask: !!promote_to_task, adminId: admin.id,
         });
         if ('error' in result)
             return void res.status(404).json(result);

package/dist/pwa/routes/build-reputation.js

@@ -0,0 +1,10 @@
+import { getBuildProfile } from '../../layer2-business/L2-9-contribution/build-reputation-engine.js';
+export function registerBuildReputationRoutes(app, deps) {
+    const { db, auth } = deps;
+    app.get('/api/build-reputation/me', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        res.json(getBuildProfile(db, user.id));
+    });
+}

package/dist/pwa/routes/build-tasks.js

@@ -0,0 +1,73 @@
+import { createBuildTask, listBuildTasks, getBuildTask, claimBuildTask, submitBuildTask, releaseBuildTask, resolveBuildTask, } from '../../layer2-business/L2-9-contribution/build-tasks-engine.js';
+export function registerBuildTasksRoutes(app, deps) {
+    const { db, auth, requireSupportAdmin } = deps;
+    app.post('/api/build-tasks', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const { title, area, description, rfc_ref } = req.body ?? {};
+        const result = createBuildTask(db, { creatorId: user.id, title, area, description, rfcRef: rfc_ref });
+        if ('error' in result)
+            return void res.status(result.error_code === 'RATE_LIMITED' ? 429 : 400).json(result);
+        res.json(result);
+    });
+    app.get('/api/build-tasks', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const status = typeof req.query.status === 'string' ? req.query.status : undefined;
+        const area = typeof req.query.area === 'string' ? req.query.area : undefined;
+        const claimerId = req.query.mine === '1' ? user.id : undefined;
+        res.json({ tasks: listBuildTasks(db, { status, area, claimerId }) });
+    });
+    app.get('/api/build-tasks/:id', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const row = getBuildTask(db, String(req.params.id));
+        if (!row)
+            return void res.status(404).json({ error: '任务不存在' });
+        res.json(row);
+    });
+    app.post('/api/build-tasks/:id/claim', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const result = claimBuildTask(db, String(req.params.id), user.id, (req.body ?? {}).provenance);
+        if ('error' in result) {
+            const code = result.error_code === 'NOT_FOUND' ? 404 : result.error_code === 'TOO_MANY_CLAIMS' ? 429 : 409;
+            return void res.status(code).json(result);
+        }
+        res.json(result);
+    });
+    app.post('/api/build-tasks/:id/submit', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const { pr_ref, note } = req.body ?? {};
+        const result = submitBuildTask(db, String(req.params.id), user.id, pr_ref, note);
+        if ('error' in result)
+            return void res.status(result.error_code === 'NOT_FOUND' ? 404 : 400).json(result);
+        res.json(result);
+    });
+    app.post('/api/build-tasks/:id/release', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const result = releaseBuildTask(db, String(req.params.id), user.id);
+        if ('error' in result)
+            return void res.status(result.error_code === 'NOT_FOUND' ? 404 : 400).json(result);
+        res.json(result);
+    });
+    // 验收终态 —— 仅 admin/maintainer(验收=真人,RFC-006 不变量 2;不发奖励/不记信誉)
+    app.post('/api/admin/build-tasks/:id/resolve', (req, res) => {
+        const admin = requireSupportAdmin(req, res);
+        if (!admin)
+            return;
+        const { status, note } = req.body ?? {};
+        const result = resolveBuildTask(db, String(req.params.id), String(status), admin.id, note);
+        if ('error' in result)
+            return void res.status(result.error_code === 'NOT_FOUND' ? 404 : 400).json(result);
+        res.json(result);
+    });
+}

package/dist/pwa/routes/orders-create.js

@@ -223,6 +223,11 @@ export function registerOrdersCreateRoutes(app, deps) {
                 const buyerRegionSnapshot = buyer?.region || 'global';
                 // P2P：若为 P2P 商品，下单时快照 content_hash（争议时凭买家所见 hash 判定）
                 const contentHashSnapshot = (Number(product.p2p_mode) === 1 && product.content_hash) ? String(product.content_hash) : null;
+                // RFC-008 stage 1：赔付背书快照。起步免赔付阶段(require_seller_stake=0)= 0 → 违约只退款不没收、不印钱、零门槛。
+                //   ⚠️ "要求质押"档(=1,下单锁 stake、backing=total×stake_rate(信誉))属后续【收紧】阶段,届时在此计算并锁定。
+                const stakeBacking = Number(getProtocolParam('require_seller_stake', 0)) === 1
+                    ? 0 // TODO(tighten stage): backing = total × stakeRate(seller reputation) + 在此 lock balance→staked
+                    : 0;
                 db.prepare(`INSERT INTO orders (
           id, product_id, buyer_id, seller_id, quantity, unit_price, total_amount, escrow_amount,
           status, shipping_address, notes, pay_deadline, accept_deadline, ship_deadline,
@@ -230,8 +235,8 @@ export function registerOrdersCreateRoutes(app, deps) {
           l1_uid, l2_uid, l3_uid, snapshot_commission_rate, buyer_region, content_hash_at_order,
           delivery_window, variant_id, variant_options_snapshot,
           gift_recipient_name, gift_recipient_phone, gift_message, insurance_premium,
-          anonymous_recipient, recipient_code, donation_amount
-        ) VALUES (?,?,?,?,?,?,?,?,'created',?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)`).run(orderId, product.id, user.id, product.seller_uid, reqQty, basePrice, totalAmount, totalAmount, shipping_address, notes || null, addHours(now, 24), addHours(now, 48), addHours(now, 120), addHours(now, 168), addHours(now, 336), addHours(now, 408), l1, l2, l3, snapshotRate, buyerRegionSnapshot, contentHashSnapshot, deliveryWindowJson, variant ? variant.id : null, variant ? variant.options_json : null, giftRecipientName, giftRecipientPhone, giftMessage, insurancePremium, anonymousFlag, recipientCode, donationAmount);
+          anonymous_recipient, recipient_code, donation_amount, stake_backing
+        ) VALUES (?,?,?,?,?,?,?,?,'created',?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)`).run(orderId, product.id, user.id, product.seller_uid, reqQty, basePrice, totalAmount, totalAmount, shipping_address, notes || null, addHours(now, 24), addHours(now, 48), addHours(now, 120), addHours(now, 168), addHours(now, 336), addHours(now, 408), l1, l2, l3, snapshotRate, buyerRegionSnapshot, contentHashSnapshot, deliveryWindowJson, variant ? variant.id : null, variant ? variant.options_json : null, giftRecipientName, giftRecipientPhone, giftMessage, insurancePremium, anonymousFlag, recipientCode, donationAmount, stakeBacking);
                 // 协议层：写 genesis 事件 — order 创建（必然是 buyer 自己）
                 try {
                     appendOrderEvent(db, {

package/dist/pwa/routes/wallet-write.js

@@ -125,14 +125,21 @@ export function registerWalletWriteRoutes(app, deps) {
                 });
             }
         }
-        // WebAuthn gate
-        //   opt-in webauthn_required_for_withdraw → 所有金额都要 Passkey
-        //   #1009 大额自动强制 — 已注册 Passkey + 金额 > LARGE_WITHDRAW_THRESHOLD 一律走 Passkey
-        //   未注册 Passkey 的用户走原邮件确认路径（不强制注册，避免新用户卡死）
-        const hasPasskeyRow = db.prepare('SELECT COUNT(*) as n FROM webauthn_credentials WHERE user_id = ?').get(user.id);
-        const hasPasskey = (hasPasskeyRow?.n || 0) > 0;
-        const forceWebauthnByAmount = amountNum > LARGE_WITHDRAW_THRESHOLD && hasPasskey;
-        if (user.webauthn_required_for_withdraw || forceWebauthnByAmount) {
+        // WebAuthn gate — #1115 全额对齐铁律:**所有**提现都要真人 Passkey 一次性 token。
+        //   资金转出 = 真人在场(spec §4 铁律,与 vote/arbitrate/agent_revoke 同档)。
+        //   email-OTP 在 agent 威胁模型下不足(agent 可读监护人收件箱);故弃用旧的"非 Passkey → email 兜底"路径。
+        //   未注册 Passkey 的账户:不能提现,先去「安全」绑 Passkey(pre-launch 0 真用户,推动资金操作 Passkey 化)。
+        const hpEnabled = Number(getProtocolParam('require_human_presence_for_withdraw', 1)) === 1;
+        if (hpEnabled) {
+            const hasPasskeyRow = db.prepare('SELECT COUNT(*) as n FROM webauthn_credentials WHERE user_id = ?').get(user.id);
+            const hasPasskey = (hasPasskeyRow?.n || 0) > 0;
+            if (!hasPasskey) {
+                return void res.status(403).json({
+                    error: '提现需先绑定 Passkey（资金转出需真人在场，铁律）。请到「安全」页绑定后再试。',
+                    error_code: 'PASSKEY_REQUIRED_FOR_WITHDRAW',
+                    requires_passkey_setup: true,
+                });
+            }
             const token = req.headers['x-webauthn-token'];
             const gate = consumeGateToken(user.id, token, 'withdraw', (data) => {
                 const d = (data || {});
@@ -144,8 +151,7 @@ export function registerWalletWriteRoutes(app, deps) {
                     webauthn_required: true,
                     purpose: 'withdraw',
                     purpose_data: { to_address, amount: amountNum },
-                    force_reason: forceWebauthnByAmount && !user.webauthn_required_for_withdraw
-                        ? `large_withdraw_auto:${LARGE_WITHDRAW_THRESHOLD}` : 'user_opted_in',
+                    force_reason: 'iron_rule_withdraw',
                 });
             }
         }
@@ -167,27 +173,7 @@ export function registerWalletWriteRoutes(app, deps) {
             const mins = Math.ceil((new Date(wl.activates_at.replace(' ', 'T') + 'Z').getTime() - Date.now()) / 60_000);
             return void res.json({ error: `该地址在冷却期内，约 ${mins} 分钟后可用（添加后 24h 强制冷却）` });
         }
-        // 大额提现 → 强制邮件确认
-        const isLarge = amountNum > LARGE_WITHDRAW_THRESHOLD;
-        if (isLarge) {
-            if (!user.email_verified || !user.email) {
-                return void res.json({ error: `大额提现（> ${LARGE_WITHDRAW_THRESHOLD} WAZ）需先绑定邮箱用于二次确认` });
-            }
-            // 不立即扣款 + 不写入正式 pending — 进入 pending_email 阶段，待 confirm
-            const wid = generateId('wdr');
-            db.prepare(`INSERT INTO withdrawal_requests (id, user_id, to_address, amount, status, status_detail)
-                  VALUES (?,?,?,?,?,?)`)
-                .run(wid, user.id, to_address, amountNum, 'pending_email', 'awaiting_email_confirm');
-            issueCode(user.id, 'email', user.email, 'withdraw_confirm:' + wid);
-            return void res.json({
-                success: true,
-                request_id: wid,
-                requires_email_code: true,
-                email: maskEmail(user.email),
-                message: '已发送邮件验证码，请查收并输入 6 位数字以确认提现',
-            });
-        }
-        // 普通额度 → 即时扣款 + pending（admin 处理）
+        // Passkey 已过真人门 → 即时扣款 + pending（admin 处理）。各金额一致(大额二次邮件确认已被 Passkey 取代)。
         const wid = generateId('wdr');
         db.prepare(`INSERT INTO withdrawal_requests (id, user_id, to_address, amount) VALUES (?,?,?,?)`)
             .run(wid, user.id, to_address, amountNum);