@seasonkoh/webaz 0.1.18 → 0.1.19

package/dist/layer0-foundation/L0-2-state-machine/engine.js

@@ -199,13 +199,28 @@ function settleFault(db, orderId, faultState) {
         const buyerId = order.buyer_id;
         const sellerId = order.seller_id;
         const isSecondhand = order.source === 'secondhand';
-        // QA 轮 7 P0 修复 — 改 per-order stake
-        // 旧逻辑读 product.stake_amount + stake_locked_at（per-product 模型残留，已废弃）
-        // 新逻辑：stake = order.total_amount × 0.15，下单时已锁，fault 时必然 lock（除非该订单未到 paid）
-        const sellerStakeRate = 0.15;
+        // RFC-008 stage 1（印钱 bug 修复）：违约没收【只按订单的 stake_backing 快照】,绝不假设已锁、绝不超背书。
+        //   旧 bug：无条件 staked -= 0.15×total,但生产下单根本没锁 stake → staked 转负 + 印钱。
+        //   现在：没收 = min(penalty, stake_backing)，从 staked 扣,封顶背书额 → 永不转负、永不印钱。
+        //   起步免赔付(require_seller_stake=0 → backing=0)：没收 0,买家已全额退款,卖家仅掉信誉。
+        //   stage 2(收紧后)：penalty 解耦为 fault_penalty_rate×total + 不足部分扣自由 balance(仅背书订单)。
+        const sellerStakeRate = 0.15; // stage 1 penalty 基数(stage 2 改 fault_penalty_rate=0.30 并解耦)
         const stakeAmount = isSecondhand ? 0 : Math.round(total * sellerStakeRate * 100) / 100;
-        // 订单到 paid 之后 stake 必然 lock（place_order 已扣，余额不足会 reject）
-        const stakeLocked = !isSecondhand && Number(order.total_amount) > 0 && order.status !== 'created';
+        const orderStakeBacking = Math.max(0, Math.round(Number(order.stake_backing || 0) * 100) / 100);
+        // 没收并按 buyer 50% / sys_protocol 50% 分配,返回实扣额(= 0 表示起步免赔付,无没收无印钱)
+        const forfeitBackedStake = (penaltyBase) => {
+            const actualDeduct = Math.min(penaltyBase, orderStakeBacking); // 封顶背书额 → 绝不超已锁、绝不转负
+            if (actualDeduct <= 0)
+                return 0;
+            db.prepare('UPDATE wallets SET staked = staked - ? WHERE user_id = ?').run(actualDeduct, sellerId);
+            const compensation = Math.round(actualDeduct * 0.5 * 100) / 100;
+            const protocolShare = Math.round((actualDeduct - compensation) * 100) / 100;
+            if (compensation > 0)
+                db.prepare('UPDATE wallets SET balance = balance + ? WHERE user_id = ?').run(compensation, buyerId);
+            if (protocolShare > 0)
+                db.prepare('UPDATE wallets SET balance = balance + ? WHERE user_id = ?').run(protocolShare, sysUserId);
+            return actualDeduct;
+        };
         // P0.1：RFQ 路径的 bid_stake_held — fault 时由各分支按规则处理
         const bidStakeHeld = Number(order.bid_stake_held || 0);
         if (faultState === 'fault_seller') {
@@ -222,31 +237,9 @@ function settleFault(db, orderId, faultState) {
                 if (compToSys > 0)
                     db.prepare('UPDATE wallets SET balance = balance + ? WHERE user_id = ?').run(compToSys, sysUserId);
             }
-            // 2. stake 50/50 扣罚（严格资金守恒：实扣多少就分多少，不允许协议印钱）
-            if (stakeAmount > 0) {
-                // 先确定实际可扣金额
-                let actualDeduct = 0;
-                if (stakeLocked) {
-                    // 已锁 → stake 全额扣（必然可扣，因 stake 已 lock 不可挪用）
-                    db.prepare('UPDATE wallets SET staked = staked - ? WHERE user_id = ?').run(stakeAmount, sellerId);
-                    actualDeduct = stakeAmount;
-                }
-                else {
-                    // 未锁 → 从 seller.balance 扣（不足则只扣到 0，差额不发放，不印钱）
-                    const w = db.prepare('SELECT balance FROM wallets WHERE user_id = ?').get(sellerId);
-                    actualDeduct = Math.min(stakeAmount, Number(w?.balance ?? 0));
-                    if (actualDeduct > 0) {
-                        db.prepare('UPDATE wallets SET balance = balance - ? WHERE user_id = ?').run(actualDeduct, sellerId);
-                    }
-                }
-                // 按 actualDeduct 比例分配（buyer 50% + sys_protocol 50%），保证 入 = 出
-                const compensation = Math.round(actualDeduct * 0.5 * 100) / 100;
-                const protocolShare = Math.round((actualDeduct - compensation) * 100) / 100;
-                if (compensation > 0)
-                    db.prepare('UPDATE wallets SET balance = balance + ? WHERE user_id = ?').run(compensation, buyerId);
-                if (protocolShare > 0)
-                    db.prepare('UPDATE wallets SET balance = balance + ? WHERE user_id = ?').run(protocolShare, sysUserId);
-            }
+            // 2. 没收（封顶 stake_backing，绝不印钱）→ buyer 50% / sys_protocol 50%
+            if (stakeAmount > 0)
+                forfeitBackedStake(stakeAmount);
             // 3. 库存回退（非二手）
             if (!isSecondhand)
                 db.prepare('UPDATE products SET stock = stock + 1 WHERE id = ?').run(order.product_id);
@@ -278,27 +271,9 @@ function settleFault(db, orderId, faultState) {
                     if (compToSys > 0)
                         db.prepare('UPDATE wallets SET balance = balance + ? WHERE user_id = ?').run(compToSys, sysUserId);
                 }
-                // 3. stake 50/50 扣罚（seller 违约：自选 self-fulfill 但没送达）
-                if (stakeAmount > 0) {
-                    let actualDeduct = 0;
-                    if (stakeLocked) {
-                        db.prepare('UPDATE wallets SET staked = staked - ? WHERE user_id = ?').run(stakeAmount, sellerId);
-                        actualDeduct = stakeAmount;
-                    }
-                    else {
-                        const w = db.prepare('SELECT balance FROM wallets WHERE user_id = ?').get(sellerId);
-                        actualDeduct = Math.min(stakeAmount, Number(w?.balance ?? 0));
-                        if (actualDeduct > 0) {
-                            db.prepare('UPDATE wallets SET balance = balance - ? WHERE user_id = ?').run(actualDeduct, sellerId);
-                        }
-                    }
-                    const compensation = Math.round(actualDeduct * 0.5 * 100) / 100;
-                    const protocolShare = Math.round((actualDeduct - compensation) * 100) / 100;
-                    if (compensation > 0)
-                        db.prepare('UPDATE wallets SET balance = balance + ? WHERE user_id = ?').run(compensation, buyerId);
-                    if (protocolShare > 0)
-                        db.prepare('UPDATE wallets SET balance = balance + ? WHERE user_id = ?').run(protocolShare, sysUserId);
-                }
+                // 3. 没收（self-fulfill seller 违约；封顶 stake_backing，绝不印钱）→ buyer 50% / sys_protocol 50%
+                if (stakeAmount > 0)
+                    forfeitBackedStake(stakeAmount);
                 // 4. 库存回退
                 if (!isSecondhand)
                     db.prepare('UPDATE products SET stock = stock + 1 WHERE id = ?').run(order.product_id);
@@ -318,9 +293,10 @@ function settleFault(db, orderId, faultState) {
                 if (bidStakeHeld > 0) {
                     db.prepare('UPDATE wallets SET balance = balance + ?, staked = staked - ? WHERE user_id = ?').run(bidStakeHeld, bidStakeHeld, sellerId);
                 }
-                if (stakeAmount > 0 && stakeLocked) {
+                // seller 无责 → 退还其【该单实际背书的 stake】(= stake_backing;起步阶段=0,无可退)
+                if (orderStakeBacking > 0) {
                     db.prepare('UPDATE wallets SET staked = staked - ?, balance = balance + ? WHERE user_id = ?')
-                        .run(stakeAmount, stakeAmount, sellerId);
+                        .run(orderStakeBacking, orderStakeBacking, sellerId);
                 }
                 // 3. 库存回退
                 if (!isSecondhand)

package/dist/layer1-agent/L1-1-mcp-server/server.js

@@ -1359,7 +1359,7 @@ Gate by type: ux_issue/bug (reporting = using) → login only, NO Passkey, anyon
 
 Actions:
 - list_open (default): open tasks (opt. area filter)
-- claim: take an open task; provenance=human|ai_assisted|ai_authored (self-declared, not detected); auto-expires ~7d if not submitted
+- claim: take an open task; provenance=human|ai_assisted|ai_authored (self-declared, not detected); auto-expires ~7d if not submitted. Returns a **handoff** (repo + AGENTS.md + PR flow) — point a coding agent at it to actually do the work; the human needn't know git.
 - submit: mark in_review with pr_ref
 - status: tasks you hold (claimed/in_review)
 - profile: your build dashboard — KPI/tier/restrictions+appeal, self-view (private, no public leaderboard)
@@ -1439,9 +1439,22 @@ async function handleContribute(args) {
         const tid = args.task_id;
         if (!tid)
             return { error: 'task_id required for action=claim' };
-        return apiCall('/api/build-tasks/' + encodeURIComponent(tid) + '/claim', {
+        const r = await apiCall('/api/build-tasks/' + encodeURIComponent(tid) + '/claim', {
             method: 'POST', apiKey, body: { provenance: args.provenance },
         });
+        // RFC-006 断点1(b)交接:认领成功后直接下发"怎么真正动手",让贡献者的【编码 agent】接手 git/PR。
+        //   关键:人不必会 git——人的编码 agent(如 Claude Code)做;人(Passkey 真人)担责。
+        if (!r.error) {
+            r.handoff = {
+                repo: 'https://github.com/seasonsagents-art/webaz',
+                start_here: 'Read AGENTS.md (project map + before-you-code + PR flow), then CONTRIBUTING.md.',
+                do_the_work: 'Point a coding agent (e.g. Claude Code) at the repo; work on a single-topic branch. The buyer/shopping agent is not the coding agent — hand off to one.',
+                pr_flow: 'Commit with DCO sign-off (git commit -s). If AI-authored, add 🤖🤖🤖 to the PR title + a meta-rule trace. Humans merge — no auto-merge.',
+                then: `When the PR is open, report it back: webaz_contribute action=submit task_id=${tid} pr_ref=#<N>.`,
+                human_note: "You don't need to know git — your coding agent does it; you (the Passkey-bound human) stay accountable.",
+            };
+        }
+        return r;
     }
     if (action === 'submit') {
         const tid = args.task_id;

package/dist/layer2-business/L2-8-feedback/build-feedback-engine.js

@@ -2,6 +2,8 @@ import { generateId } from '../../layer0-foundation/L0-1-database/schema.js';
 // RFC-006 不变量 1:建设贡献记入【独立】build_reputation 池,不再写交易 reputation_scores
 //（旧:recordRepEvent('feedback_accepted') 会污染 verifier/arbitrator 准入,已隔离)。
 import { creditBuildReputation, BUILD_POINTS } from '../L2-9-contribution/build-reputation-engine.js';
+// RFC-006 桥(use→build 漏斗补全):采纳的 proposal → 自动建 build_task + 邀请提案人来认领。
+import { createBuildTask } from '../L2-9-contribution/build-tasks-engine.js';
 export const FB_TYPES = new Set(['ux_issue', 'bug', 'proposal']);
 export const FB_SEVERITY = new Set(['low', 'annoying', 'blocking']);
 export const FB_STATUS = new Set(['received', 'triaged', 'in_progress', 'resolved', 'declined', 'duplicate']);
@@ -38,6 +40,8 @@ export function initBuildFeedbackSchema(db) {
         'ALTER TABLE build_feedback ADD COLUMN ai_summary TEXT', // 一句话摘要(给 maintainer 扫)
         'ALTER TABLE build_feedback ADD COLUMN ai_models TEXT', // 参与的模型 + 是否一致
         'ALTER TABLE build_feedback ADD COLUMN ai_triaged_at TEXT',
+        // RFC-006 桥:采纳的 proposal 被 promote 成 build_task 时,记其 task id(use→build 漏斗:反馈→协调)
+        'ALTER TABLE build_feedback ADD COLUMN promoted_task_id TEXT',
     ]) {
         try {
             db.exec(stmt);
@@ -133,7 +137,7 @@ function parse(row) {
     return { ...rest, scene };
 }
 export function listMyBuildFeedback(db, userId) {
-    const rows = db.prepare(`SELECT id, type, area, severity, subject, body, status, dedup_of, resolution, credited_points, created_at, updated_at
+    const rows = db.prepare(`SELECT id, type, area, severity, subject, body, status, dedup_of, resolution, credited_points, promoted_task_id, created_at, updated_at
      FROM build_feedback WHERE user_id = ? ORDER BY created_at DESC LIMIT 100`).all(userId);
     return rows;
 }
@@ -179,7 +183,32 @@ export function adminUpdateBuildFeedback(db, u) {
     WHERE id = ?`).run(newStatus, u.resolution ?? null, u.rfcDraft ?? null, credited, u.adminId, u.id);
     if (newStatus !== fromStatus)
         logEvent(db, u.id, u.adminId, fromStatus, newStatus, u.resolution ?? null);
-    return { ok: true, credited, ...(credit_skipped_no_anchor ? { credit_skipped_no_anchor: true } : {}) };
+    // RFC-006 桥(use→build 漏斗补全):maintainer 采纳提案时可 promote 成可认领的 build_task,
+    //   并【邀请提案人】来认领——把"反馈被采纳"接到"来一起建设",补上漏斗最大断点。
+    //   幂等:已 promote 过(promoted_task_id 非空)不重复建。
+    let promoted_task_id;
+    const already = row.promoted_task_id || null;
+    if (u.promoteToTask && !already && row.type === 'proposal') {
+        const title = (row.subject || row.body || 'contributor proposal').slice(0, 200);
+        const created = createBuildTask(db, {
+            creatorId: u.adminId,
+            title,
+            area: row.area || undefined,
+            description: `From accepted proposal ${u.id} (by ${row.user_id}).\n\n${row.body || ''}`.slice(0, 4000),
+            rfcRef: row.rfc_draft || undefined,
+        });
+        if ('id' in created) {
+            promoted_task_id = created.id;
+            db.prepare('UPDATE build_feedback SET promoted_task_id = ? WHERE id = ?').run(promoted_task_id, u.id);
+            // 邀请提案人:通知 + 反馈闭环里会显示 promoted_task_id
+            try {
+                db.prepare(`INSERT INTO notifications (id, user_id, type, title, body) VALUES (?,?,?,?,?)`).run(generateId('ntf'), row.user_id, 'build_invite', '你的提案被采纳了 — 来一起建设?', `提案「${title}」已被采纳并建成可认领任务 ${promoted_task_id}。在「我的共建」用 webaz_contribute 认领即可参与实现。`);
+            }
+            catch { /* notifications 可选,不阻断 */ }
+            logEvent(db, u.id, u.adminId, newStatus, newStatus, `promoted → task ${promoted_task_id}`);
+        }
+    }
+    return { ok: true, credited, ...(credit_skipped_no_anchor ? { credit_skipped_no_anchor: true } : {}), ...(promoted_task_id ? { promoted_task_id } : {}) };
 }
 // ─── RFC-005 Phase 2:AI triage(advisory)─────────────────────────
 // 给"内部反馈"打标,不碰代码、不 resolve、不记功(那是人类的)。无 key 也能跑(只做确定性去重 + 置 triaged)。

package/dist/layer2-business/L2-9-contribution/build-reputation-engine.js

@@ -57,6 +57,10 @@ export function creditBuildReputation(db, userId, source, points, refId, note) {
     }
     return { credited: points };
 }
+// RFC-006 stage 4(恶意管理)= 复用现有问责中间件,**无需新代码**:
+// build_tasks 是 api_key 写端点,被 strike 至 suspend_7d/permanent 的贡献者已被 isApiKeyBlocked
+// (server.ts)挡在所有写之外,包括建设。strike/blocklist/outlier 对建设贡献自动生效。
+// 看板这里只【展示】当事人的活跃 strike + 申诉入口(透明先于强制);真人申诉走现成 strikes/:id/appeal。
 // 贡献者【自查】档案 —— KPI + 等级 + 来源拆分 + provenance + 限制/惩罚 + 申诉入口。
 // 不变量 3:仅本人可调(路由层 auth);不做公开榜。
 export function getBuildProfile(db, userId) {

package/dist/pwa/routes/build-feedback.js

@@ -71,9 +71,10 @@ export function registerBuildFeedbackRoutes(app, deps) {
         const admin = requireSupportAdmin(req, res);
         if (!admin)
             return;
-        const { status, resolution, rfc_draft, credit } = req.body ?? {};
+        const { status, resolution, rfc_draft, credit, promote_to_task } = req.body ?? {};
         const result = adminUpdateBuildFeedback(db, {
-            id: String(req.params.id), status, resolution, rfcDraft: rfc_draft, credit: !!credit, adminId: admin.id,
+            id: String(req.params.id), status, resolution, rfcDraft: rfc_draft, credit: !!credit,
+            promoteToTask: !!promote_to_task, adminId: admin.id,
         });
         if ('error' in result)
             return void res.status(404).json(result);

package/dist/pwa/routes/orders-create.js

@@ -223,6 +223,11 @@ export function registerOrdersCreateRoutes(app, deps) {
                 const buyerRegionSnapshot = buyer?.region || 'global';
                 // P2P：若为 P2P 商品，下单时快照 content_hash（争议时凭买家所见 hash 判定）
                 const contentHashSnapshot = (Number(product.p2p_mode) === 1 && product.content_hash) ? String(product.content_hash) : null;
+                // RFC-008 stage 1：赔付背书快照。起步免赔付阶段(require_seller_stake=0)= 0 → 违约只退款不没收、不印钱、零门槛。
+                //   ⚠️ "要求质押"档(=1,下单锁 stake、backing=total×stake_rate(信誉))属后续【收紧】阶段,届时在此计算并锁定。
+                const stakeBacking = Number(getProtocolParam('require_seller_stake', 0)) === 1
+                    ? 0 // TODO(tighten stage): backing = total × stakeRate(seller reputation) + 在此 lock balance→staked
+                    : 0;
                 db.prepare(`INSERT INTO orders (
           id, product_id, buyer_id, seller_id, quantity, unit_price, total_amount, escrow_amount,
           status, shipping_address, notes, pay_deadline, accept_deadline, ship_deadline,
@@ -230,8 +235,8 @@ export function registerOrdersCreateRoutes(app, deps) {
           l1_uid, l2_uid, l3_uid, snapshot_commission_rate, buyer_region, content_hash_at_order,
           delivery_window, variant_id, variant_options_snapshot,
           gift_recipient_name, gift_recipient_phone, gift_message, insurance_premium,
-          anonymous_recipient, recipient_code, donation_amount
-        ) VALUES (?,?,?,?,?,?,?,?,'created',?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)`).run(orderId, product.id, user.id, product.seller_uid, reqQty, basePrice, totalAmount, totalAmount, shipping_address, notes || null, addHours(now, 24), addHours(now, 48), addHours(now, 120), addHours(now, 168), addHours(now, 336), addHours(now, 408), l1, l2, l3, snapshotRate, buyerRegionSnapshot, contentHashSnapshot, deliveryWindowJson, variant ? variant.id : null, variant ? variant.options_json : null, giftRecipientName, giftRecipientPhone, giftMessage, insurancePremium, anonymousFlag, recipientCode, donationAmount);
+          anonymous_recipient, recipient_code, donation_amount, stake_backing
+        ) VALUES (?,?,?,?,?,?,?,?,'created',?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)`).run(orderId, product.id, user.id, product.seller_uid, reqQty, basePrice, totalAmount, totalAmount, shipping_address, notes || null, addHours(now, 24), addHours(now, 48), addHours(now, 120), addHours(now, 168), addHours(now, 336), addHours(now, 408), l1, l2, l3, snapshotRate, buyerRegionSnapshot, contentHashSnapshot, deliveryWindowJson, variant ? variant.id : null, variant ? variant.options_json : null, giftRecipientName, giftRecipientPhone, giftMessage, insurancePremium, anonymousFlag, recipientCode, donationAmount, stakeBacking);
                 // 协议层：写 genesis 事件 — order 创建（必然是 buyer 自己）
                 try {
                     appendOrderEvent(db, {

package/dist/pwa/server.js

@@ -531,6 +531,9 @@ for (const stmt of [
     'ALTER TABLE orders ADD COLUMN gift_message TEXT',
     // C-3: 订单保险 — 已支付保费（默认 1%，争议时若卖家余额不足由保险池补足）
     'ALTER TABLE orders ADD COLUMN insurance_premium REAL DEFAULT 0',
+    // RFC-008 stage 1：每单【赔付背书】快照 = 该单实际背书的卖家质押额。
+    //   起步免赔付阶段(require_seller_stake=0)= 0;违约结算只按此数没收,绝不扣未背书的钱 → 根治印钱 bug。
+    'ALTER TABLE orders ADD COLUMN stake_backing REAL DEFAULT 0',
 ]) {
     try {
         db.exec(stmt);
@@ -767,10 +770,14 @@ try {
 catch { }
 // 已注册默认参数（首次启动 seed） — P0-2 加 min/max 边界
 const DEFAULT_PARAMS = [
-    { key: 'protocol_fee_rate_shop', value: '0.02', type: 'number', description: '商家订单平台费率', category: 'fee', min: 0, max: 0.20 },
-    { key: 'protocol_fee_rate_secondhand', value: '0.01', type: 'number', description: '二手订单平台费率', category: 'fee', min: 0, max: 0.20 },
+    // RFC-008:平台费硬帽 2%(=当前稳态 → 治理只能在 0–2% 减免、永不涨)。合计封顶 = 平台费2% + fund_base1% = 3%。宪法级合法性见 CHARTER 修订(单独治理步)。
+    { key: 'protocol_fee_rate_shop', value: '0.02', type: 'number', description: '商家订单平台费率(RFC-008 硬帽 2%,只减不涨;前期可减免)', category: 'fee', min: 0, max: 0.02 },
+    { key: 'protocol_fee_rate_secondhand', value: '0.01', type: 'number', description: '二手订单平台费率(RFC-008 硬帽 2%,只减不涨)', category: 'fee', min: 0, max: 0.02 },
     { key: 'default_commission_rate', value: '0.05', type: 'number', description: '新商品默认分享佣金（对齐小红书 5-10%）', category: 'fee', min: 0, max: 0.50 },
-    { key: 'fund_base_rate', value: '0.01', type: 'number', description: '协议基金池基础费率（每订单固定入池）', category: 'fee', min: 0, max: 0.10 },
+    // RFC-008:fund_base 硬帽 1%;pre-launch 减免到 0(社区基金按真实 GMV 注入,0 GMV 时是无回报的税)。有真实 GMV 再由治理开启(≤1%)。
+    { key: 'fund_base_rate', value: '0', type: 'number', description: '协议基金池基础费率（RFC-008 硬帽 1%;pre-launch 减免=0,有真实 GMV 再由治理开启 ≤1%）', category: 'fee', min: 0, max: 0.01 },
+    // RFC-008:起步免赔付门槛。0 = bootstrap(新商家零质押、违约免赔付只退款+掉信誉,降进入门槛);1 = 要求卖家质押(下单锁 stake、违约真没收)。上轨道后由治理开启。
+    { key: 'require_seller_stake', value: '0', type: 'number', description: 'RFC-008 是否要求卖家质押(0=起步免赔付/零门槛,1=要求质押/真没收)', category: 'fee', min: 0, max: 1 },
     { key: 'checkin_base_reward', value: '0.5', type: 'number', description: '每日签到基础奖励 WAZ', category: 'reward', min: 0, max: 10 },
     { key: 'streak_bonus_7', value: '5', type: 'number', description: '7 天里程碑额外奖励', category: 'reward', min: 0, max: 100 },
     { key: 'streak_bonus_30', value: '20', type: 'number', description: '30 天里程碑额外奖励', category: 'reward', min: 0, max: 500 },
@@ -901,6 +908,31 @@ try {
 catch (e) {
     console.error('[migration #1006]', e);
 }
+// RFC-008 迁移:费帽收紧 + fund_base pre-launch 减免。bounds 是协议护栏 → 无条件强制收窄(幂等)。
+//   平台费帽 → 2%(=稳态,只减不涨);fund_base 帽 → 1%;合计封顶 3%。fund_base 值减免到 0(仅原始 0.01、未被治理改过)。
+try {
+    const feeCap = db.prepare(`UPDATE protocol_params SET max_value = 0.02, updated_at = datetime('now')
+    WHERE key IN ('protocol_fee_rate_shop','protocol_fee_rate_secondhand') AND max_value > 0.02`).run();
+    if (feeCap.changes > 0)
+        console.log(`[migration RFC-008] 平台费硬帽收紧 ${feeCap.changes} 项 → max 2%`);
+    const fbCap = db.prepare(`UPDATE protocol_params SET max_value = 0.01, updated_at = datetime('now')
+    WHERE key = 'fund_base_rate' AND max_value > 0.01`).run();
+    if (fbCap.changes > 0)
+        console.log(`[migration RFC-008] fund_base 硬帽收紧 → max 1%`);
+    const fb = db.prepare(`UPDATE protocol_params SET value = '0', default_value = '0', updated_at = datetime('now')
+    WHERE key = 'fund_base_rate' AND value = '0.01' AND updated_by IS NULL`).run();
+    if (fb.changes > 0) {
+        console.log(`[migration RFC-008] fund_base_rate 0.01 → 0 (pre-launch 减免)`);
+        try {
+            db.prepare(`INSERT INTO protocol_params_log (id, key, old_value, new_value, changed_by, action)
+                       VALUES (?,?,?,?,?,'migrate')`).run(generateId('ppl'), 'fund_base_rate', '0.01', '0', 'migration_RFC-008');
+        }
+        catch { }
+    }
+}
+catch (e) {
+    console.error('[migration RFC-008]', e);
+}
 // Wave G-2: USDC ↔ WAZ 转换助手
 function usdcToWaz(usdc) {
     const rate = getProtocolParam('waz_usdc_rate', 1.0);
@@ -8946,8 +8978,11 @@ function settleOrder(orderId) {
         // 用单语句 UPDATE ... WHERE stake_locked_at IS NULL 原子拿"是否首次"判定，
         // 避免读后写竞态（旧实现两条语句，迁 PG / 多 worker 时可能双锁）
         // M8: 二手商品无 stake 概念，跳过
+        // RFC-008 stage 1：起步免赔付阶段(require_seller_stake=0)不锁 stake —— 与 settleFault 按 stake_backing(=0)结算一致,
+        //   消除"成功时锁 product.stake_amount 但违约按 backing=0 不没收"的旧三口径不一致。收紧档(=1)由后续阶段统一在下单锁。
+        const requireSellerStake = Number(getProtocolParam('require_seller_stake', 0)) === 1;
         let stakeToLock = 0;
-        if (!isSecondhand) {
+        if (!isSecondhand && requireSellerStake) {
             const lockResult = db.prepare(`UPDATE products SET stake_locked_at = datetime('now') WHERE id = ? AND stake_locked_at IS NULL`).run(order.product_id);
             if (lockResult.changes === 1) {
                 const sellerTrust = db.prepare(`SELECT level FROM reputation_scores WHERE user_id = ?`).get(order.seller_id);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@seasonkoh/webaz",
-  "version": "0.1.18",
+  "version": "0.1.19",
   "description": "[PRE-LAUNCH] Agent-native decentralized commerce protocol. Humans and AI agents trade on the same protocol via MCP tools. ⚠️ Repository currently private until W8 public launch — GitHub links may return 404. See https://webaz.xyz for status.",
   "main": "dist/mcp.js",
   "bin": {