@seasonkoh/webaz 0.1.21 → 0.1.23

package/dist/money.js

@@ -0,0 +1,106 @@
+/**
+ * Money — 协议资金的【唯一】算术面(RFC-014 option A:整数最小单位)。
+ *
+ * 背景:此前金额用 JS float(SQLite REAL + number + Math.round(x*100)/100),除不尽的金额
+ *   (33.33 @ 7% 等)会在【个体钱包】留浮点尘(staked=3.3299999999983)。聚合守恒安全(残差0,
+ *   靠 residual-absorption),但接真实 USDC(整数 base-unit)对账时会变成真裂缝。诊断见
+ *   tests/test-money-precision-adversarial.ts。
+ *
+ * 表示:1 WAZ = 1,000,000 base-units(6 位小数,与 USDC base-units 对齐 → 链上对账 1:1)。
+ *   全部算术在【整数 base-units】上做(精确),只在显示层转回 2 位小数。
+ *   类型用 number 整数(安全到 ±2^53 ≈ 9.007e9 WAZ,模拟币足够);链上 USDC 边界 viem 已用 BigInt。
+ *
+ * 守恒利器:allocate() 用最大余数法把总额拆成整数桶且【精确求和 = 总额】——从源头消灭 dust,
+ *   且天然守恒(不增发/不丢)。mulRate() 单次舍入到整数单位。
+ *
+ * 用法(RFC-014 港口策略):资金热路径(engine.settle* / orders / 佣金 / dispute / skill …)
+ *   一律 toUnits 进 → 在 units 上 add/sub/mulRate/allocate → toUnits 出存库;显示层用 format。
+ *   全部港口完成后 schema 改 INTEGER(PR6),届时 toUnits/toDecimal 退化为存取边界。
+ */
+export const MONEY_SCALE = 1_000_000; // 1 WAZ = 1e6 base-units(6 dp,USDC 对齐)
+const MAX_SAFE = Number.MAX_SAFE_INTEGER; // 2^53 - 1 ≈ 9.007e15 units ≈ 9.007e9 WAZ
+function assertUnits(u, ctx) {
+    if (!Number.isFinite(u) || !Number.isInteger(u))
+        throw new Error(`money[${ctx}]: 非整数 units: ${u}`);
+    if (Math.abs(u) > MAX_SAFE)
+        throw new Error(`money[${ctx}]: units 超出安全整数范围: ${u}`);
+}
+/** 十进制 WAZ(number/string)→ 整数 base-units(四舍五入到最近 unit)。存量 REAL 价格的入口。 */
+export function toUnits(decimal) {
+    const n = typeof decimal === 'string' ? Number(decimal) : decimal;
+    if (!Number.isFinite(n))
+        throw new Error(`money.toUnits: 非有限数: ${decimal}`);
+    const u = Math.round(n * MONEY_SCALE);
+    assertUnits(u, 'toUnits');
+    return u;
+}
+/** 整数 base-units → 十进制 number(兼容/显示边界;返回 float,仅用于显示或与遗留 REAL 字段衔接)。 */
+export function toDecimal(units) {
+    assertUnits(units, 'toDecimal');
+    return units / MONEY_SCALE;
+}
+/** 整数 base-units → 定点字符串(默认 2 位,WAZ 展示)。整数运算舍入,不靠 float toFixed。 */
+export function format(units, dp = 2) {
+    assertUnits(units, 'format');
+    const neg = units < 0;
+    let abs = Math.abs(units);
+    const grain = Math.round(MONEY_SCALE / 10 ** dp); // dp=2 → 1e4 units 为一格
+    abs = Math.round(abs / grain) * grain; // 舍入到 dp 粒度(整数运算)
+    const whole = Math.floor(abs / MONEY_SCALE);
+    const fracUnits = abs - whole * MONEY_SCALE;
+    const fracStr = dp > 0 ? '.' + String(Math.floor(fracUnits / grain)).padStart(dp, '0') : '';
+    return (neg ? '-' : '') + String(whole) + fracStr;
+}
+export function add(a, b) { const r = a + b; assertUnits(r, 'add'); return r; }
+export function sub(a, b) { const r = a - b; assertUnits(r, 'sub'); return r; }
+export function sum(xs) { return xs.reduce((acc, x) => add(acc, x), 0); }
+/** 单价 × 整数数量(精确)。 */
+export function mulQty(unit, qty) {
+    if (!Number.isInteger(qty) || qty < 0)
+        throw new Error(`money.mulQty: qty 非非负整数: ${qty}`);
+    const r = unit * qty;
+    assertUnits(r, 'mulQty');
+    return r;
+}
+/** 金额 × 费率(rate 如 0.07);结果【单次】舍入到整数 base-units。守恒由 allocate 负责,勿用多次 mulRate 凑总额。 */
+export function mulRate(amount, rate) {
+    if (!Number.isFinite(rate) || rate < 0)
+        throw new Error(`money.mulRate: rate 非法: ${rate}`);
+    assertUnits(amount, 'mulRate');
+    const r = Math.round(amount * rate);
+    assertUnits(r, 'mulRate');
+    return r;
+}
+/** clamp 到 [0, cap](cap 省略=只防负)。用于"不超过余额/不超过原佣金"等上限。 */
+export function clamp(units, lo = 0, hi = MAX_SAFE) {
+    assertUnits(units, 'clamp');
+    return Math.max(lo, Math.min(hi, units));
+}
+/**
+ * 把 total 按整数权重拆成 N 桶,【精确求和 = total】(最大余数法)。
+ *   - 守恒:Σ 输出 === total,无 dust、不增发/不丢。
+ *   - 余数(floor 后差额)按小数部分从大到小逐 1 派发(确定性、稳定)。
+ *   - 全 0 权重 → 全 0 桶(调用方决定 total 的去向,通常落 reserve)。
+ * 用于佣金/罚没/分润等"一笔总额分给多方"的场景,替代逐项 round 造成的不守恒。
+ */
+export function allocate(total, weights) {
+    assertUnits(total, 'allocate');
+    if (weights.some(w => !Number.isFinite(w) || w < 0))
+        throw new Error(`money.allocate: 权重含负/非法`);
+    const W = weights.reduce((a, b) => a + b, 0);
+    if (W <= 0)
+        return weights.map(() => 0);
+    const raw = weights.map(w => (total * w) / W);
+    const floor = raw.map(Math.floor);
+    const used = floor.reduce((a, b) => a + b, 0);
+    let remainder = total - used; // 整数,0..N-1(total≥0 时)
+    const out = floor.slice();
+    const order = raw.map((r, i) => ({ i, frac: r - Math.floor(r) })).sort((a, b) => b.frac - a.frac || a.i - b.i);
+    for (let k = 0; remainder > 0 && k < order.length; k++, remainder--)
+        out[order[k].i] += 1;
+    // total 为负数的极端情况(理论上不该发生)兜底:把残余补到最后一桶,守恒优先
+    if (remainder !== 0)
+        out[out.length - 1] += remainder;
+    out.forEach((u, i) => assertUnits(u, `allocate[${i}]`));
+    return out;
+}

package/dist/pwa/acp-feed.js

@@ -0,0 +1,103 @@
+const BASE = 'https://webaz.xyz';
+// ACP availability 枚举(spec):in_stock | out_of_stock | pre_order | backorder | unknown
+function availability(stock) {
+    const n = Number(stock);
+    if (!Number.isFinite(n))
+        return 'unknown';
+    return n > 0 ? 'in_stock' : 'out_of_stock';
+}
+// 绝对化图片 URL(相对路径 → https://webaz.xyz/...);已是 http(s) 的原样返回
+function absolutizeImg(raw) {
+    if (typeof raw !== 'string' || !raw.trim())
+        return null;
+    const s = raw.trim();
+    if (/^https?:\/\//i.test(s))
+        return s;
+    return BASE + (s.startsWith('/') ? s : '/' + s);
+}
+// description 必须 plain text(spec)→ 去 HTML 标签 + 折叠空白 + 截 5000
+function plainText(raw, max) {
+    if (typeof raw !== 'string')
+        return '';
+    return raw.replace(/<[^>]*>/g, ' ').replace(/\s+/g, ' ').trim().slice(0, max);
+}
+export function buildAcpProductFeed(db, opts = {}) {
+    const limit = Math.min(Math.max(opts.limit ?? 2000, 1), 5000);
+    let rows = [];
+    try {
+        rows = db.prepare(`
+      SELECT p.id, p.title, p.description, p.price, p.currency, p.stock, p.category,
+             p.images, p.brand, p.model, p.return_days, p.product_type,
+             p.seller_id, u.name AS seller_name
+      FROM products p
+      LEFT JOIN users u ON u.id = p.seller_id
+      WHERE p.status = 'active'
+      ORDER BY p.created_at DESC
+      LIMIT ?
+    `).all(limit);
+    }
+    catch {
+        rows = [];
+    }
+    const products = rows.map((p) => {
+        let imgs = [];
+        try {
+            const arr = JSON.parse(p.images || '[]');
+            if (Array.isArray(arr))
+                imgs = arr.map(absolutizeImg).filter((x) => !!x);
+        }
+        catch { /* malformed → no images */ }
+        const returnDays = Number(p.return_days);
+        const hasReturn = Number.isFinite(returnDays) && returnDays > 0;
+        const item = {
+            item_id: p.id, // 稳定商品 ID(spec: max 100)
+            title: (p.title || '').slice(0, 150), // spec: max 150
+            description: plainText(p.description, 5000), // spec: plain text, max 5000
+            url: `${BASE}/#order-product/${p.id}`, // 商品详情页(SPA hash,200)
+            // price: spec = Number + ISO 4217 code。WAZ 非 ISO 4217 → 见 feed 级 _disclosures.currency
+            price: { amount: Number(p.price), currency: p.currency || 'WAZ' },
+            availability: availability(p.stock),
+            is_digital: p.product_type === 'digital',
+            seller_name: (p.seller_name || p.seller_id).slice(0, 70),
+            seller_url: `${BASE}/#u/${p.seller_id}`,
+            // 诚实门控:可发现 ≠ 可经 ACP 购买(ACP /complete 是卡+PSP,WebAZ 未接 —— RFC-015)
+            is_eligible_search: true,
+            is_eligible_checkout: false,
+            is_eligible_ads: false,
+        };
+        if (imgs.length) {
+            item.image_url = imgs[0];
+            if (imgs.length > 1)
+                item.additional_image_urls = imgs.slice(1).join(',');
+        }
+        if (p.brand)
+            item.brand = String(p.brand).slice(0, 70);
+        if (p.model)
+            item.mpn = String(p.model).slice(0, 70);
+        if (p.category)
+            item.product_category = String(p.category);
+        if (hasReturn) {
+            item.accepts_returns = true;
+            item.return_deadline_in_days = Math.round(returnDays);
+        }
+        return item;
+    });
+    return {
+        feed_version: 1,
+        generated_at: new Date().toISOString(),
+        source: 'WebAZ',
+        spec: {
+            based_on: 'OpenAI Agentic Commerce Protocol — product feed',
+            api_version_observed: '2025-09-12',
+            reference: 'https://developers.openai.com/commerce/specs/feed',
+            rfc: `${BASE}/docs/INTEGRATOR.md`,
+        },
+        _disclosures: {
+            phase: 'pre-launch',
+            currency: "Each item's price.currency is the protocol's SIMULATED pre-launch internal unit (WAZ, or legacy 'DCP'), NOT an ISO 4217 fiat currency. No real money is involved.",
+            checkout: 'is_eligible_checkout is false for every item: ACP checkout is not yet wired. Products are DISCOVERABLE via ACP, not yet PURCHASABLE via ACP. Native WebAZ checkout + escrow + state machine govern real purchases (see RFC-015).',
+        },
+        product_count: products.length,
+        products,
+    };
+}

package/dist/pwa/economic-participation.js

@@ -22,7 +22,7 @@ export function buildEconomicParticipation(getParam) {
         note: 'RFC-011 §⑧. The roles by which an external actor enters the protocol VALUE flow (earns fees / posts collateral / bears conserved liability) — the highest liability tier (value_participant). Rates & thresholds are read LIVE from protocol_params at request time (doc=code: this index can never drift from the enforced economics). Honesty: roles marked status=live are enforced today; status=scaffolded means the hook exists but generic third-party onboarding awaits its own RFC + real demand (enters-core test).',
         principles: {
             fairness: ['public & transparent', 'liability follows the responsible party', 'zero cost to the faultless party'],
-            conservation: 'Every settlement conserves value: a forfeit F is REDISTRIBUTED (protocol ≤ its fee, fund_base excluded / buyer up to 50% / promoters capped at original commission / residual → commission_reserve) — never minted. See engine.settleFault.',
+            conservation: 'Every settlement conserves value: a forfeit F is REDISTRIBUTED (protocol ≤ its fee, fund_base excluded / promoters capped at their original commission / the harmed buyer gets ≥50% of the post-fee remainder AND absorbs any unused-commission residual — so the buyer can exceed 50%) — never minted. See engine.settleFault.',
             bootstrap_no_forfeit: 'RFC-008: an order with stake_backing=0 (bootstrap / require_seller_stake=0) incurs ZERO forfeit and never touches the participant\'s free balance. Real forfeit applies only to staked orders.',
         },
         enter_value_flow: 'A value participant is in the accountability net via api_key→passport AND collateral/reputation-bound. Highest liability tier. See /.well-known/webaz-integration.json#liability_tiers.value_participant.',

package/dist/pwa/integration-contract.js

@@ -15,10 +15,14 @@ export function buildIntegrationContract() {
         contract_version: CONTRACT_VERSION,
         software_version: SOFTWARE_VERSION,
         thesis: 'WebAZ is agent-native: you integrate by your agent reading this machine-readable contract and self-integrating — we do NOT build a bespoke API/auth/webhook layer per integrator. The protocol provides rules + semantics + boundaries + accountability + eventing + verifiability + settlement. See docs/RFC-011.',
+        // 源码仓库 launch 前私有 —— 公开声明,防"自称开源但 GitHub 404"被读成 vaporware。
+        source_status: 'The source repo (github.com/seasonsagents-art/webaz) is PRIVATE until the W8 public launch, so GitHub links in these surfaces may return 404 until then — they open at launch, not a dead project. The full machine-readable spec is ALREADY public via these /.well-known/* surfaces; an agent never needs the repo to integrate or verify.',
         // 外部 agent 的第一道问题:"我怎么从匿名读升到能写?" —— 入口必须自答(不依赖 GitHub)。
         access: {
+            browse_first: 'No account needed to START: browse the live catalog at https://webaz.xyz/#discover and read every well-known surface below anonymously. Try before you commit.',
             anonymous_read: 'no credential needed — public GET endpoints + the well-known surfaces below.',
             get_api_key: 'an api_key requires a REAL HUMAN to register at https://webaz.xyz (invite code + Passkey). Agents CANNOT self-register — this is the accountability root ("every agent has an accountable human behind it"). After the human gets the key, set it as the agent\'s bearer token.',
+            how_to_get_invite: 'Pre-launch is invite-gated for Sybil resistance. Request one by leaving your email at https://webaz.xyz/#welcome (or email contact@webaz.xyz). You can browse + read everything WITHOUT an invite — it is only needed to register and write.',
             then: 'declare your write scope at POST /api/me/agents/declarations (scope tokens from the capability matrix §②); a Passkey-bound human is exempt from scope declaration. See onboarding (③).',
             tiers: 'anonymous_read → authenticated_write (api_key→passport) → value_participant (collateral). See liability_tiers below.',
         },

package/dist/pwa/public/app.js

@@ -20959,7 +20959,7 @@ window.handleArbitrate = async (disputeId) => {
       const amtEl = document.querySelector(`.arb-liable-amount[data-party="${partyId}"]`)
       const amt = parseFloat(amtEl?.value || '0')
       if (!amt || amt <= 0) {
-        msgEl.innerHTML = alert$('error', `${t('请填写 ')}${chk.dataset.name}${t(' 的赔付金额')}`); return
+        msgEl.innerHTML = alert$('error', `${t('请填写 ')}${escHtml(chk.dataset.name)}${t(' 的赔付金额')}`); return
       }
       const entry = { user_id: partyId, role: chk.dataset.role, amount: amt }
       const insuranceChk = document.querySelector(`.arb-liable-insurance[data-party="${partyId}"]`)
@@ -22122,8 +22122,9 @@ async function renderSeller(app) {
 
   const skillsSection = sellerSubTab === 'skills' ? `
     <div style="font-size:12px;color:#6b7280;margin-bottom:10px">${t('Skill 自动化 · 让 Agent 替你接单/报价/发货')}</div>
-    <div id="skill-mgmt-content">${loading$()}</div>
   ` : ''
+  // 注:Skill 真实内容由下方 #my-skills-list 同步渲染(mySkills 已同步就绪);
+  //    此前这里有个 #skill-mgmt-content loading$() 占位但全文件无人填充 → spinner 永转,已删除。
 
   const productsSection = sellerSubTab === 'products' ? `
     <div style="display:flex;justify-content:space-between;align-items:center;margin-bottom:12px">
@@ -25200,7 +25201,7 @@ window.doWithdraw = async () => {
     msgEl.innerHTML = ''
     return
   }
-  msgEl.innerHTML = alert$('success', `✅ ${res.message}`)
+  msgEl.innerHTML = alert$('success', `✅ ${escHtml(res.message)}`)
   setTimeout(() => renderWallet(document.getElementById('app')), 2000)
 }
 
@@ -26636,7 +26637,7 @@ async function renderSkillPublish(app) {
         <textarea class="form-control" id="skm-preview" rows="3" maxlength="500" placeholder="${t('展示部分内容吸引购买，可留空')}" style="font-size:13px;resize:vertical;margin-bottom:12px"></textarea>
 
         <div style="font-size:12px;color:#374151;font-weight:600;margin-bottom:6px">${t('技能正文（购买后解锁）')}</div>
-        <textarea class="form-control" id="skm-content" rows="8" maxlength="20000" placeholder="${t('完整的模板 / 提示词 / 指南 / 清单内容…')}" style="font-size:13px;resize:vertical"></textarea>
+        <textarea class="form-control" id="skm-body" rows="8" maxlength="20000" placeholder="${t('完整的模板 / 提示词 / 指南 / 清单内容…')}" style="font-size:13px;resize:vertical"></textarea>
       </div></div>
       <div id="skm-publish-msg" style="margin-bottom:8px"></div>
       <button class="btn btn-primary" style="width:100%;font-size:14px;padding:10px" onclick="doSkmPublish()">${t('提交审核')}</button>
@@ -26655,7 +26656,7 @@ window.doSkmPublish = async () => {
   const price = parseFloat(document.getElementById('skm-price')?.value) || 0
   const summary = document.getElementById('skm-summary')?.value?.trim()
   const preview = document.getElementById('skm-preview')?.value?.trim()
-  const content = document.getElementById('skm-content')?.value
+  const content = document.getElementById('skm-body')?.value
   const msg = document.getElementById('skm-publish-msg')
   if (!title || title.length < 2) { msg.innerHTML = alert$('error', t('请填写标题')); return }
   if (!content || !content.trim()) { msg.innerHTML = alert$('error', t('请填写技能正文内容')); return }
@@ -27554,7 +27555,7 @@ async function renderListingFollow(app, listingId) {
   if (!state.user) { location.hash = '#login'; return }
   if (state.user.role !== 'seller') { app.innerHTML = `<div style="padding:24px">${alert$('warn', t('仅卖家可跟卖'))}</div>`; return }
   const r = await GET('/listings/' + encodeURIComponent(listingId))
-  if (r?.error) { app.innerHTML = `<div style="padding:24px">${alert$('error', r.error)}</div>`; return }
+  if (r?.error) { app.innerHTML = `<div style="padding:24px">${alert$('error', escHtml(r.error))}</div>`; return }
   const l = r.listing
 
   app.innerHTML = `
@@ -33287,7 +33288,7 @@ window.submitNote = async (orderId, parentId, draftKey) => {
       body: buf,
     })
     const j = await upResp.json()
-    if (!upResp.ok || j.error) { msg.innerHTML = alert$('error', t('图片上传失败') + `：${j.error}`); btn.disabled = false; return }
+    if (!upResp.ok || j.error) { msg.innerHTML = alert$('error', t('图片上传失败') + `：${escHtml(j.error)}`); btn.disabled = false; return }
     hashes.push(hash)
   }
   // 步骤 2: 创建笔记（带 parent_id 时为转发）

package/dist/pwa/public/index.html

@@ -3,7 +3,20 @@
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover">
-  <title>WebAZ</title>
+  <title>WebAZ — Agent-native decentralized commerce protocol</title>
+  <!-- Crawler / agent discoverability (static, no-JS): so a fetch of this page returns real meaning, not an empty shell. -->
+  <meta name="description" content="WebAZ is an open, agent-native decentralized commerce protocol. Every order is escrow-protected and flows through a state machine; on timeout the protocol auto-rules fault and executes remedy. Buyers get escrow + automatic refunds + transparent seller reputation, price history and arbitration precedents; AI agents browse, order, compare and fulfill via MCP. Pre-launch (simulated test currency, no real settlement yet).">
+  <link rel="canonical" href="https://webaz.xyz/">
+  <meta property="og:type" content="website">
+  <meta property="og:site_name" content="WebAZ">
+  <meta property="og:url" content="https://webaz.xyz/">
+  <meta property="og:title" content="WebAZ — Agent-native decentralized commerce protocol">
+  <meta property="og:description" content="Escrow-protected, state-machine commerce: timeouts auto-rule fault + remedy. Buyers get escrow + auto-refund + transparent reputation; AI agents transact via MCP. Pre-launch.">
+  <meta property="og:image" content="https://webaz.xyz/webaz-logo.png">
+  <meta name="twitter:card" content="summary_large_image">
+  <meta name="twitter:title" content="WebAZ — Agent-native decentralized commerce protocol">
+  <meta name="twitter:description" content="Escrow-protected, state-machine commerce. Buyers: escrow + auto-refund + transparent reputation. Agents transact via MCP. Pre-launch.">
+  <meta name="twitter:image" content="https://webaz.xyz/webaz-logo.png">
   <link rel="stylesheet" href="/style.css">
   <link rel="manifest" href="/manifest.json">
   <link rel="icon" type="image/svg+xml" href="/icon.svg">
@@ -15,6 +28,19 @@
 </head>
 <body>
   <div id="app"></div>
+  <!-- No-JS / crawler fallback: real content for fetchers that don't run the SPA (fixes "scrape only sees an empty <title>"). -->
+  <noscript>
+    <main style="max-width:680px;margin:40px auto;padding:0 20px;font-family:system-ui,sans-serif;line-height:1.7;color:#1f2937">
+      <h1>WebAZ — Agent-native decentralized commerce protocol</h1>
+      <p>WebAZ is an open, agent-native decentralized commerce protocol. Every order is escrow-protected and flows through a state machine; if a responsible party times out, the protocol automatically rules fault and executes the remedy.</p>
+      <p><strong>For buyers:</strong> funds are held in escrow and released only after you confirm receipt; sellers who don't accept/ship/deliver in time trigger an automatic refund; disputes are decided with evidence + neutral arbitration; seller reputation, price history and arbitration precedents are public before you buy.</p>
+      <p><strong>For AI agents:</strong> browse, compare, order and track fulfillment via the Model Context Protocol (MCP). Protocol state is public at <a href="/.well-known/webaz-protocol.json">/.well-known/webaz-protocol.json</a>; the integration contract is at <a href="/.well-known/webaz-integration.json">/.well-known/webaz-integration.json</a>.</p>
+      <p><strong>Status:</strong> pre-launch — WAZ is a simulated test currency; no real money settles yet.</p>
+      <p><strong>Browse now — no account needed:</strong> <a href="/#discover">/#discover</a> · <strong>Want in?</strong> Pre-launch is invite-gated; request an invite (leave your email) at <a href="/#welcome">/#welcome</a>.</p>
+      <p style="color:#6b7280;font-size:14px">Source repo opens at public launch — <a href="https://github.com/seasonsagents-art/webaz">github.com/seasonsagents-art/webaz</a> may 404 until then; the full machine-readable spec is already public at <a href="/.well-known/webaz-integration.json">/.well-known/webaz-integration.json</a>.</p>
+      <p style="color:#6b7280;font-size:14px">This page is an interactive app and needs JavaScript for full functionality.</p>
+    </main>
+  </noscript>
   <script src="/i18n.js"></script>
   <script src="/app.js"></script>
 </body>

package/dist/pwa/routes/auction.js

@@ -1,3 +1,6 @@
+// RFC-014 PR6 — 拍卖 stake 锁定/释放走整数 base-units + 绝对值落库。
+import { toUnits } from '../../money.js';
+import { applyWalletDelta } from '../../ledger.js';
 // ─── 拍卖常量（域内）──────────────────────────────────────────
 const AUC_MAX_WINDOW_MIN = 14 * 24 * 60; // 14 天上限
 const AUC_MIN_WINDOW_MIN = 5;
@@ -118,7 +121,7 @@ export function registerAuctionRoutes(app, deps) {
           seller_stake_locked, notes)
         VALUES (?,?,?,?,?,?,?,?,?,?,?,?,datetime('now', '+' || ? || ' minutes'),?,?,?)
       `).run(id, user.id, body.listing_id ? String(body.listing_id) : null, productId, title, body.spec_json ? JSON.stringify(body.spec_json) : null, qty, cat, startingPrice, startingPrice, minIncrement, reservePrice, windowMin, sniperExtend, sellerStake, body.notes ? String(body.notes).slice(0, 500) : null);
-            db.prepare('UPDATE wallets SET balance = balance - ?, staked = staked + ? WHERE user_id = ?').run(sellerStake, sellerStake, user.id);
+            applyWalletDelta(db, user.id, { balance: -toUnits(sellerStake), staked: toUnits(sellerStake) });
             if (productId)
                 db.prepare("UPDATE products SET status = 'auction_pending', updated_at = datetime('now') WHERE id = ?").run(productId);
         })();
@@ -346,19 +349,19 @@ export function registerAuctionRoutes(app, deps) {
             if (myPrev) {
                 db.prepare("UPDATE auction_bids SET status = 'outbid', resolved_at = datetime('now') WHERE id = ?").run(myPrev.id);
                 if (myPrev.stake_locked > 0)
-                    db.prepare('UPDATE wallets SET balance = balance + ?, staked = staked - ? WHERE user_id = ?').run(myPrev.stake_locked, myPrev.stake_locked, user.id);
+                    applyWalletDelta(db, user.id, { balance: toUnits(myPrev.stake_locked), staked: -toUnits(myPrev.stake_locked) });
             }
             // 释放别人的最高 active bid
             const others = db.prepare("SELECT id, buyer_id, stake_locked FROM auction_bids WHERE auction_id = ? AND status = 'active' AND buyer_id != ?").all(req.params.id, user.id);
             for (const o of others) {
                 db.prepare("UPDATE auction_bids SET status = 'outbid', resolved_at = datetime('now') WHERE id = ?").run(o.id);
                 if (o.stake_locked > 0)
-                    db.prepare('UPDATE wallets SET balance = balance + ?, staked = staked - ? WHERE user_id = ?').run(o.stake_locked, o.stake_locked, o.buyer_id);
+                    applyWalletDelta(db, o.buyer_id, { balance: toUnits(o.stake_locked), staked: -toUnits(o.stake_locked) });
             }
             // 插入新 bid
             db.prepare(`INSERT INTO auction_bids (id, auction_id, buyer_id, price, stake_locked) VALUES (?,?,?,?,?)`)
                 .run(id, req.params.id, user.id, price, stake);
-            db.prepare('UPDATE wallets SET balance = balance - ?, staked = staked + ? WHERE user_id = ?').run(stake, stake, user.id);
+            applyWalletDelta(db, user.id, { balance: -toUnits(stake), staked: toUnits(stake) });
             // P1 #9：卖家 stake 动态补足（5% × current_price，余额不足则尽量补）
             const targetSellerStake = Math.max(1, Math.round(price * AUC_SELLER_STAKE_PCT * 100) / 100);
             const curSellerStake = Number(fresh.seller_stake_locked) || 0;
@@ -367,7 +370,7 @@ export function registerAuctionRoutes(app, deps) {
                 const sWal = db.prepare('SELECT balance FROM wallets WHERE user_id = ?').get(auc.seller_id);
                 const canTopup = sWal ? Math.min(delta, Number(sWal.balance)) : 0;
                 if (canTopup > 0) {
-                    db.prepare('UPDATE wallets SET balance = balance - ?, staked = staked + ? WHERE user_id = ?').run(canTopup, canTopup, auc.seller_id);
+                    applyWalletDelta(db, auc.seller_id, { balance: -toUnits(canTopup), staked: toUnits(canTopup) });
                     db.prepare('UPDATE auctions SET seller_stake_locked = seller_stake_locked + ? WHERE id = ?').run(canTopup, req.params.id);
                     sellerTopup = canTopup;
                 }
@@ -420,7 +423,7 @@ export function registerAuctionRoutes(app, deps) {
         db.transaction(() => {
             db.prepare("UPDATE auctions SET status = 'cancelled', updated_at = datetime('now') WHERE id = ?").run(req.params.id);
             if (sellerStake > 0)
-                db.prepare('UPDATE wallets SET balance = balance + ?, staked = staked - ? WHERE user_id = ?').run(sellerStake, sellerStake, user.id);
+                applyWalletDelta(db, user.id, { balance: toUnits(sellerStake), staked: -toUnits(sellerStake) });
             if (auc.product_id)
                 db.prepare("UPDATE products SET status = 'active', updated_at = datetime('now') WHERE id = ? AND status = 'auction_pending'").run(auc.product_id);
         })();

package/dist/pwa/routes/disputes-write.js

@@ -1,6 +1,9 @@
 import express from 'express';
 // RFC-007 stage 5：客观拒单仲裁翻案直接复用 L0 状态机/结算(纯 db 函数,无副作用)
 import { transition, settleFault, settleDeclinedNoFault } from '../../layer0-foundation/L0-2-state-machine/engine.js';
+// RFC-014 PR5 — 争议后佣金/基金 clawback 走整数 base-units + 绝对值落库。
+import { toUnits, toDecimal, mulRate } from '../../money.js';
+import { applyWalletDelta } from '../../ledger.js';
 export function registerDisputesWriteRoutes(app, deps) {
     const { db, auth, generateId, detectFraud, errorRes, isEligibleArbitrator, requireHumanPresence, getDisputeDetails, respondToDispute, arbitrateDispute, addPartyEvidence, requestEvidence, markEvidenceExpiry, uploadEvidence, EVIDENCE_MAX_BYTES, EVIDENCE_ALLOWED_MIME, appendOrderEvent, FUND_BASE_RATE, settleCommission, depositToFund, calculatePv, recordDisputeReputation, issueAgentStrike, publishDisputeCase, logAdminAction, snfSend, getProtocolParam } = deps;
     // ── RFC-007 stage 5：客观拒单【临时判责】的仲裁翻案 ─────────────────────────────
@@ -194,12 +197,11 @@ export function registerDisputesWriteRoutes(app, deps) {
                         return;
                     const total = Number(order.total_amount);
                     const commRate = Number(order.snapshot_commission_rate ?? 0);
-                    const commPool = Math.round(total * commRate * 100) / 100;
-                    const fundBase = Math.round(total * FUND_BASE_RATE() * 100) / 100;
-                    const deduct = commPool + fundBase;
+                    const deductU = mulRate(toUnits(total), commRate) + mulRate(toUnits(total), FUND_BASE_RATE());
+                    const deduct = toDecimal(deductU);
                     const sellerWallet = db.prepare("SELECT balance FROM wallets WHERE user_id = ?").get(order.seller_id);
-                    if (sellerWallet && sellerWallet.balance >= deduct) {
-                        db.prepare("UPDATE wallets SET balance = balance - ?, earned = earned - ? WHERE user_id = ?").run(deduct, deduct, order.seller_id);
+                    if (sellerWallet && toUnits(sellerWallet.balance) >= deductU) {
+                        applyWalletDelta(db, order.seller_id, { balance: -deductU, earned: -deductU });
                         const { redirected: disputeRedirected } = settleCommission(dispute.order_id);
                         depositToFund(dispute.order_id, disputeRedirected);
                         const productRow = db.prepare("SELECT category_id FROM products WHERE id = ?").get(order.product_id);
@@ -248,13 +250,12 @@ export function registerDisputesWriteRoutes(app, deps) {
                     if (effectiveBase <= 0)
                         return;
                     const commRate = Number(order.snapshot_commission_rate ?? 0);
-                    const commPool = Math.round(effectiveBase * commRate * 100) / 100;
-                    const fundBase = Math.round(effectiveBase * FUND_BASE_RATE() * 100) / 100;
-                    const deduct = Math.round((commPool + fundBase) * 100) / 100;
+                    const deductU = mulRate(toUnits(effectiveBase), commRate) + mulRate(toUnits(effectiveBase), FUND_BASE_RATE());
+                    const deduct = toDecimal(deductU);
                     const sellerWallet = db.prepare("SELECT balance FROM wallets WHERE user_id = ?").get(order.seller_id);
-                    if (sellerWallet && sellerWallet.balance >= deduct) {
-                        if (deduct > 0) {
-                            db.prepare("UPDATE wallets SET balance = balance - ?, earned = earned - ? WHERE user_id = ?").run(deduct, deduct, order.seller_id);
+                    if (sellerWallet && toUnits(sellerWallet.balance) >= deductU) {
+                        if (deductU > 0) {
+                            applyWalletDelta(db, order.seller_id, { balance: -deductU, earned: -deductU });
                         }
                         const { redirected } = settleCommission(dispute.order_id, effectiveBase);
                         depositToFund(dispute.order_id, redirected, effectiveBase);

package/dist/pwa/routes/orders-create.js

@@ -1,4 +1,7 @@
 import { buildCartMandate, buildPaymentMandate, signMandate } from './ap2-mandate.js';
+// RFC-014 PR3 — 金额走整数 base-units;钱包写绝对值(防 REAL 浮点加法 dust)。
+import { toUnits, toDecimal, mulQty, mulRate } from '../../money.js';
+import { applyWalletDelta } from '../../ledger.js';
 export function registerOrdersCreateRoutes(app, deps) {
     const { db, auth, isTrustedRole, generateId, generateRecipientCode, DONATION_VALID_PCTS, INTERNAL_AUDITOR_ID, addHours, getActiveFlashSale, applyCouponToOrder, getProtocolParam, getProductShareChain, isAllowedSponsor, checkStockAndMaybeDelist, auditSponsorChainCross, appendOrderEvent, transition, notifyTransition, shouldAutoAccept, ensureCharityRep, broadcastSystemEvent, signPassport, issuerAddress } = deps;
     app.post('/api/orders', async (req, res) => {
@@ -170,18 +173,25 @@ export function registerOrdersCreateRoutes(app, deps) {
             db.prepare(`UPDATE price_sessions SET used_at = datetime('now') WHERE token = ?`).run(session_token);
         }
         const basePrice = product.price;
-        // 多件：subtotal = basePrice * qty，减 coupon，再加保险（按 subtotal 计费）
-        const subtotal = Math.round(basePrice * reqQty * 100) / 100;
-        const priceAfterCoupon = Math.max(0, Math.round((subtotal - couponDiscount) * 100) / 100);
+        // RFC-014:全部金额在整数 base-units 上算(精确),再 toDecimal 落库/响应。
+        //   多件：subtotal = basePrice × qty，减 coupon，再加保险（按 subtotal 计费）
+        const basePriceU = toUnits(basePrice);
+        const subtotalU = mulQty(basePriceU, reqQty);
+        const priceAfterCouponU = Math.max(0, subtotalU - toUnits(couponDiscount));
         const insuranceRate = getProtocolParam('order_insurance_rate', 0.01);
-        const insurancePremium = buy_insurance ? Math.round(priceAfterCoupon * insuranceRate * 100) / 100 : 0;
-        const totalAmount = Math.max(0, Math.round((priceAfterCoupon + insurancePremium) * 100) / 100);
+        const insurancePremiumU = buy_insurance ? mulRate(priceAfterCouponU, insuranceRate) : 0;
+        const totalAmountU = Math.max(0, priceAfterCouponU + insurancePremiumU);
         // B5 主动捐赠 — 按订单总额 × 比例算（额外扣款，进 charity_fund）
-        const donationAmount = donationPctNum > 0 ? Math.round(totalAmount * donationPctNum * 100) / 100 : 0;
+        const donationAmountU = donationPctNum > 0 ? mulRate(totalAmountU, donationPctNum) : 0;
+        // decimal 视图(落库 / 下游 AP2 / 响应,均为 base-unit 干净值)
+        const subtotal = toDecimal(subtotalU);
+        const insurancePremium = toDecimal(insurancePremiumU);
+        const totalAmount = toDecimal(totalAmountU);
+        const donationAmount = toDecimal(donationAmountU);
         const wallet = db.prepare('SELECT balance FROM wallets WHERE user_id = ?').get(user.id);
         if (!wallet)
             return void res.status(500).json({ error: '钱包记录缺失', error_code: 'WALLET_MISSING' });
-        if (wallet.balance < totalAmount + donationAmount)
+        if (toUnits(wallet.balance) < totalAmountU + donationAmountU)
             return void res.json({ error: `余额不足：需 ${(totalAmount + donationAmount).toFixed(2)} WAZ（含 ${donationAmount} WAZ 捐赠），当前 ${wallet.balance} WAZ` });
         const now = new Date();
         const orderId = generateId('ord');
@@ -259,13 +269,14 @@ export function registerOrdersCreateRoutes(app, deps) {
                 catch (e) {
                     console.warn('[order-chain] genesis event failed:', e.message);
                 }
-                db.prepare('UPDATE wallets SET balance = balance - ?, escrowed = escrowed + ? WHERE user_id = ?')
-                    .run(totalAmount, totalAmount, user.id);
+                // RFC-014:钱包托管锁定走绝对值落库(整数 base-units)
+                applyWalletDelta(db, user.id, { balance: -totalAmountU, escrowed: totalAmountU });
                 // B5：捐赠 — 从 balance 扣 + 进 charity_fund + 记一笔 donation txn（事务内原子）
-                if (donationAmount > 0) {
-                    db.prepare('UPDATE wallets SET balance = balance - ? WHERE user_id = ?').run(donationAmount, user.id);
-                    db.prepare(`UPDATE charity_fund SET balance = balance + ?, total_donated = total_donated + ?, updated_at = datetime('now') WHERE id = 'main'`)
-                        .run(donationAmount, donationAmount);
+                if (donationAmountU > 0) {
+                    applyWalletDelta(db, user.id, { balance: -donationAmountU });
+                    const cf = db.prepare("SELECT COALESCE(balance,0) balance, COALESCE(total_donated,0) total_donated FROM charity_fund WHERE id = 'main'").get();
+                    db.prepare(`UPDATE charity_fund SET balance = ?, total_donated = ?, updated_at = datetime('now') WHERE id = 'main'`)
+                        .run(toDecimal(toUnits(cf?.balance ?? 0) + donationAmountU), toDecimal(toUnits(cf?.total_donated ?? 0) + donationAmountU));
                     db.prepare(`INSERT INTO charity_fund_txns (id, kind, from_user_id, to_user_id, amount, related_order_id, note)
                       VALUES (?, 'donation', ?, NULL, ?, ?, ?)`).run(generateId('cft'), user.id, donationAmount, orderId, `下单时捐赠 ${(donationPctNum * 100).toFixed(1)}%`);
                     // 同步 charity_reputation（捐款荣誉）

package/dist/pwa/routes/public-utils.js

@@ -10,6 +10,7 @@ import { buildIntegrationContract } from '../integration-contract.js';
 import { buildVerifiabilityIndex } from '../verifiability-index.js';
 import { buildEconomicParticipation } from '../economic-participation.js';
 import { buildNegativeSpace } from '../negative-space.js';
+import { buildAcpProductFeed } from '../acp-feed.js';
 export function registerPublicUtilsRoutes(app, deps) {
     const { db, MASTER_SEED, NODE_ENV, SERVICE_START_MS, rateLimitOk, generateManifest, getUser, logError, issuerAddress } = deps;
     app.get('/api/health', (_req, res) => {
@@ -90,6 +91,21 @@ export function registerPublicUtilsRoutes(app, deps) {
             //   software_version = 本代码 npm/release semver(= package.json,自动同步,永不漂移)
             schema_version: CONTRACT_VERSION,
             software_version: SOFTWARE_VERSION,
+            // 给【终端用户/买家】的一句话价值主张 —— 陌生 agent / 爬虫抓 manifest 第一眼就懂"对买家有什么用",
+            //   不只是抽象 tagline + 技术 description。与 MCP webaz_info.for_end_user 对齐(两个发现面一致)。
+            for_end_user: {
+                one_liner: 'Shop with built-in protection: every order is escrow-held and only released after you confirm receipt; if the seller is late, you are auto-refunded. / 自带保护的购物:每笔订单托管,确认收货才放款;卖家超时自动退款给你。',
+                why_use: [
+                    'Escrow on every order — money released only after you confirm receipt (or auto-confirm window).',
+                    'Automatic fault ruling — seller fails to accept/ship/deliver in time → auto-refund, no haggling.',
+                    'Disputes with evidence + neutral arbitration.',
+                    'Decision-ready transparency — seller reputation, price history and arbitration precedents are public before you buy.',
+                    'Agent-native — your AI agent can compare, order and track fulfillment via MCP.',
+                ],
+                honesty: 'Pre-launch: WAZ is a simulated test currency; no real money settles yet.',
+                try_it: 'Browse now, no account needed → https://webaz.xyz/#discover',
+                get_access: 'Want to register? Pre-launch is invite-gated — request an invite at https://webaz.xyz/#welcome (browsing needs no invite).',
+            },
             network_state: {
                 phase,
                 real_users_on_canonical: realUsers,
@@ -117,6 +133,8 @@ export function registerPublicUtilsRoutes(app, deps) {
             },
             // 公开披露文档(#1050) — 协议层"钱怎么流"的源真理(协议外可读)
             disclosures: {
+                // 源码仓库 launch 前私有,下列 github 链接可能 404(launch 时开),不是死项目;机器可读 spec 已全在 /.well-known/*。
+                source_status: 'repo private until W8 public launch — github.com links below may 404 until then (they open at launch); the full spec is already public via /.well-known/*.',
                 economic_model: 'https://github.com/seasonsagents-art/webaz/blob/main/docs/ECONOMIC-MODEL.md',
                 mlm_compliance: 'https://github.com/seasonsagents-art/webaz/blob/main/docs/MLM-COMPLIANCE.md',
                 agent_governance: 'https://github.com/seasonsagents-art/webaz/blob/main/docs/AGENT-GOVERNANCE.md',
@@ -138,6 +156,7 @@ export function registerPublicUtilsRoutes(app, deps) {
                 event_stream: 'https://webaz.xyz/api/agent/events?since=<cursor>', // ⑥ 事件游标流(party-gated,需 auth)
                 passport: 'https://webaz.xyz/api/me/agents/:apiKeyPrefix/passport', // ⑤ 可验护照
                 did: 'https://webaz.xyz/.well-known/did.json',
+                acp_product_feed: 'https://webaz.xyz/.well-known/webaz-acp-feed.json', // RFC-015 P0 — ACP 风格商品发现 feed(只读;is_eligible_checkout=false)
             },
             // 路线图 — 回应"知道还有哪些没做"的诚实化第三层。哲学:公开当前到达点 + 已知未做项,不承诺时间表。
             roadmap: {
@@ -270,6 +289,15 @@ export function registerPublicUtilsRoutes(app, deps) {
     };
     app.get('/.well-known/webaz-negative-space.json', negativeSpace);
     app.get('/api/agent/negative-space', negativeSpace);
+    // RFC-015 P0 —— ACP product feed:把现有商品投影成 OpenAI Agentic Commerce 的 feed 形状,
+    //   让 ACP/ChatGPT agent 能【发现】WebAZ 商品(只读,无钱)。诚实门控:is_eligible_checkout 恒 false
+    //   (ACP /complete 是卡+PSP,WebAZ 未接);currency=WAZ 是模拟单位。详见 buildAcpProductFeed + RFC-015。
+    const acpFeed = (_req, res) => {
+        res.setHeader('Cache-Control', 'public, max-age=300');
+        res.json(buildAcpProductFeed(db));
+    };
+    app.get('/.well-known/webaz-acp-feed.json', acpFeed);
+    app.get('/api/agent/acp-feed', acpFeed);
     // W3C DID Document(B.6 b DID 短期 mapping,2026-05-30):
     //   did:web:webaz.xyz 通过 HTTPS 解析到这里(W3C did:web spec §3.2)
     //   verificationMethod 用 EcdsaSecp256k1RecoveryMethod2020 + CAIP-10 blockchainAccountId