npm - @seasonkoh/webaz - Versions diffs - 0.1.22 → 0.1.24 - Mend

@seasonkoh/webaz 0.1.22 → 0.1.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/layer0-foundation/L0-2-state-machine/engine.js +11 -16
package/dist/layer1-agent/L1-1-mcp-server/server.js +697 -250
package/dist/pwa/economic-participation.js +1 -1
package/dist/pwa/integration-contract.js +4 -0
package/dist/pwa/public/index.html +2 -1
package/dist/pwa/routes/public-utils.js +17 -0
package/dist/pwa/routes/referral.js +81 -0
package/package.json +1 -1

package/dist/pwa/economic-participation.js CHANGED Viewed

@@ -22,7 +22,7 @@ export function buildEconomicParticipation(getParam) {
         note: 'RFC-011 §⑧. The roles by which an external actor enters the protocol VALUE flow (earns fees / posts collateral / bears conserved liability) — the highest liability tier (value_participant). Rates & thresholds are read LIVE from protocol_params at request time (doc=code: this index can never drift from the enforced economics). Honesty: roles marked status=live are enforced today; status=scaffolded means the hook exists but generic third-party onboarding awaits its own RFC + real demand (enters-core test).',
         principles: {
             fairness: ['public & transparent', 'liability follows the responsible party', 'zero cost to the faultless party'],
-            conservation: 'Every settlement conserves value: a forfeit F is REDISTRIBUTED (protocol ≤ its fee, fund_base excluded / buyer up to 50% / promoters capped at original commission / residual → commission_reserve) — never minted. See engine.settleFault.',
+            conservation: 'Every settlement conserves value: a forfeit F is REDISTRIBUTED (protocol ≤ its fee, fund_base excluded / promoters capped at their original commission / the harmed buyer gets ≥50% of the post-fee remainder AND absorbs any unused-commission residual — so the buyer can exceed 50%) — never minted. See engine.settleFault.',
             bootstrap_no_forfeit: 'RFC-008: an order with stake_backing=0 (bootstrap / require_seller_stake=0) incurs ZERO forfeit and never touches the participant\'s free balance. Real forfeit applies only to staked orders.',
         },
         enter_value_flow: 'A value participant is in the accountability net via api_key→passport AND collateral/reputation-bound. Highest liability tier. See /.well-known/webaz-integration.json#liability_tiers.value_participant.',

package/dist/pwa/integration-contract.js CHANGED Viewed

@@ -15,10 +15,14 @@ export function buildIntegrationContract() {
         contract_version: CONTRACT_VERSION,
         software_version: SOFTWARE_VERSION,
         thesis: 'WebAZ is agent-native: you integrate by your agent reading this machine-readable contract and self-integrating — we do NOT build a bespoke API/auth/webhook layer per integrator. The protocol provides rules + semantics + boundaries + accountability + eventing + verifiability + settlement. See docs/RFC-011.',
+        // 源码仓库 launch 前私有 —— 公开声明,防"自称开源但 GitHub 404"被读成 vaporware。
+        source_status: 'The source repo (github.com/seasonsagents-art/webaz) is PRIVATE until the W8 public launch, so GitHub links in these surfaces may return 404 until then — they open at launch, not a dead project. The full machine-readable spec is ALREADY public via these /.well-known/* surfaces; an agent never needs the repo to integrate or verify.',
         // 外部 agent 的第一道问题:"我怎么从匿名读升到能写?" —— 入口必须自答(不依赖 GitHub)。
         access: {
+            browse_first: 'No account needed to START: browse the live catalog at https://webaz.xyz/#discover and read every well-known surface below anonymously. Try before you commit.',
             anonymous_read: 'no credential needed — public GET endpoints + the well-known surfaces below.',
             get_api_key: 'an api_key requires a REAL HUMAN to register at https://webaz.xyz (invite code + Passkey). Agents CANNOT self-register — this is the accountability root ("every agent has an accountable human behind it"). After the human gets the key, set it as the agent\'s bearer token.',
+            how_to_get_invite: 'Pre-launch is invite-gated for Sybil resistance. Request one by leaving your email at https://webaz.xyz/#welcome (or email contact@webaz.xyz). You can browse + read everything WITHOUT an invite — it is only needed to register and write.',
             then: 'declare your write scope at POST /api/me/agents/declarations (scope tokens from the capability matrix §②); a Passkey-bound human is exempt from scope declaration. See onboarding (③).',
             tiers: 'anonymous_read → authenticated_write (api_key→passport) → value_participant (collateral). See liability_tiers below.',
         },

package/dist/pwa/public/index.html CHANGED Viewed

@@ -36,7 +36,8 @@
       <p><strong>For buyers:</strong> funds are held in escrow and released only after you confirm receipt; sellers who don't accept/ship/deliver in time trigger an automatic refund; disputes are decided with evidence + neutral arbitration; seller reputation, price history and arbitration precedents are public before you buy.</p>
       <p><strong>For AI agents:</strong> browse, compare, order and track fulfillment via the Model Context Protocol (MCP). Protocol state is public at <a href="/.well-known/webaz-protocol.json">/.well-known/webaz-protocol.json</a>; the integration contract is at <a href="/.well-known/webaz-integration.json">/.well-known/webaz-integration.json</a>.</p>
       <p><strong>Status:</strong> pre-launch — WAZ is a simulated test currency; no real money settles yet.</p>
-      <p>Browse: <a href="/#discover">/#discover</a> · Learn more: <a href="/#welcome">/#welcome</a> · Source: <a href="https://github.com/seasonsagents-art/webaz">github.com/seasonsagents-art/webaz</a></p>
+      <p><strong>Browse now — no account needed:</strong> <a href="/#discover">/#discover</a> · <strong>Want in?</strong> Pre-launch is invite-gated; request an invite (leave your email) at <a href="/#welcome">/#welcome</a>.</p>
+      <p style="color:#6b7280;font-size:14px">Source repo opens at public launch — <a href="https://github.com/seasonsagents-art/webaz">github.com/seasonsagents-art/webaz</a> may 404 until then; the full machine-readable spec is already public at <a href="/.well-known/webaz-integration.json">/.well-known/webaz-integration.json</a>.</p>
       <p style="color:#6b7280;font-size:14px">This page is an interactive app and needs JavaScript for full functionality.</p>
     </main>
   </noscript>

package/dist/pwa/routes/public-utils.js CHANGED Viewed

@@ -91,6 +91,21 @@ export function registerPublicUtilsRoutes(app, deps) {
             //   software_version = 本代码 npm/release semver(= package.json,自动同步,永不漂移)
             schema_version: CONTRACT_VERSION,
             software_version: SOFTWARE_VERSION,
+            // 给【终端用户/买家】的一句话价值主张 —— 陌生 agent / 爬虫抓 manifest 第一眼就懂"对买家有什么用",
+            //   不只是抽象 tagline + 技术 description。与 MCP webaz_info.for_end_user 对齐(两个发现面一致)。
+            for_end_user: {
+                one_liner: 'Shop with built-in protection: every order is escrow-held and only released after you confirm receipt; if the seller is late, you are auto-refunded. / 自带保护的购物:每笔订单托管,确认收货才放款;卖家超时自动退款给你。',
+                why_use: [
+                    'Escrow on every order — money released only after you confirm receipt (or auto-confirm window).',
+                    'Automatic fault ruling — seller fails to accept/ship/deliver in time → auto-refund, no haggling.',
+                    'Disputes with evidence + neutral arbitration.',
+                    'Decision-ready transparency — seller reputation, price history and arbitration precedents are public before you buy.',
+                    'Agent-native — your AI agent can compare, order and track fulfillment via MCP.',
+                ],
+                honesty: 'Pre-launch: WAZ is a simulated test currency; no real money settles yet.',
+                try_it: 'Browse now, no account needed → https://webaz.xyz/#discover',
+                get_access: 'Want to register? Pre-launch is invite-gated — request an invite at https://webaz.xyz/#welcome (browsing needs no invite).',
+            },
             network_state: {
                 phase,
                 real_users_on_canonical: realUsers,
@@ -118,6 +133,8 @@ export function registerPublicUtilsRoutes(app, deps) {
             },
             // 公开披露文档(#1050) — 协议层"钱怎么流"的源真理(协议外可读)
             disclosures: {
+                // 源码仓库 launch 前私有,下列 github 链接可能 404(launch 时开),不是死项目;机器可读 spec 已全在 /.well-known/*。
+                source_status: 'repo private until W8 public launch — github.com links below may 404 until then (they open at launch); the full spec is already public via /.well-known/*.',
                 economic_model: 'https://github.com/seasonsagents-art/webaz/blob/main/docs/ECONOMIC-MODEL.md',
                 mlm_compliance: 'https://github.com/seasonsagents-art/webaz/blob/main/docs/MLM-COMPLIANCE.md',
                 agent_governance: 'https://github.com/seasonsagents-art/webaz/blob/main/docs/AGENT-GOVERNANCE.md',

package/dist/pwa/routes/referral.js CHANGED Viewed

@@ -55,4 +55,85 @@ export function registerReferralRoutes(app, deps) {
         logAdminAction(admin.id, 'invite_rotation_toggle', 'system', 'invite_rotation_enabled', { value: v });
         res.json({ success: true, enabled: !!enabled });
     });
+    // RFC-003 #1122: 生成商品分享链接(把 MCP webaz_share_link 的本地计算搬到服务端,
+    // 让 MCP NETWORK 模式可代理)。RFC-002 §3.5 valuation-layer gate:需 rewards opt-in。
+    // 与 PWA pickPreferredSide 对齐的 side 选择(team_count | pv_count)。
+    app.get('/api/share-link', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const userId = user.id;
+        const productId = String(req.query.product_id || '');
+        const sideArg = String(req.query.side || 'auto');
+        if (!productId)
+            return void res.status(400).json({ error: 'product_id required', error_code: 'PRODUCT_ID_REQUIRED' });
+        const optIn = db.prepare("SELECT rewards_opted_in FROM users WHERE id = ?").get(userId)?.rewards_opted_in ?? 0;
+        if (optIn !== 1) {
+            const getParam = (key, def) => {
+                const r = db.prepare("SELECT value FROM protocol_params WHERE key = ?").get(key);
+                return r ? Number(r.value) : def;
+            };
+            const minOrders = getParam('rewards_opt_in.min_completed_orders', 1);
+            const requirePasskey = getParam('rewards_opt_in.require_passkey', 1);
+            const totalCompleted = db.prepare("SELECT COUNT(*) as n FROM orders WHERE buyer_id = ? AND status = 'completed'").get(userId).n;
+            const passkeyCount = db.prepare("SELECT COUNT(*) as n FROM webauthn_credentials WHERE user_id = ?").get(userId).n;
+            const missing = [];
+            if (totalCompleted < minOrders)
+                missing.push(`completed_orders ${totalCompleted}/${minOrders}`);
+            if (requirePasskey === 1 && passkeyCount === 0)
+                missing.push('passkey_not_registered');
+            if (missing.length === 0)
+                missing.push('application_not_submitted');
+            return void res.status(403).json({
+                error: 'rewards_opt_in_required',
+                message: 'Share-link generation is a valuation-layer action — requires builder-identity opt-in (RFC-002 §3.5)',
+                missing_requirements: missing,
+                next_steps: [
+                    'Open PWA #me → tap "申请共建身份 / Apply for builder identity"',
+                    'Read the 8-second disclosure (cannot skip)',
+                    'Submit application — pre-checks run server-side',
+                ],
+            });
+        }
+        const product = db.prepare("SELECT id, title, price, commission_rate FROM products WHERE id = ? AND status='active'").get(productId);
+        if (!product)
+            return void res.status(404).json({ error: '商品不存在或已下架', error_code: 'PRODUCT_NOT_FOUND' });
+        let side = 'right';
+        if (sideArg === 'left' || sideArg === 'right') {
+            side = sideArg;
+        }
+        else {
+            const u = db.prepare("SELECT placement_pref, total_left_pv, total_right_pv, left_count, right_count FROM users WHERE id = ?")
+                .get(userId);
+            const pref = u?.placement_pref || 'team_count';
+            if (pref === 'pv_count') {
+                const since = new Date(Date.now() - 90 * 24 * 60 * 60 * 1000).toISOString().slice(0, 19).replace('T', ' ');
+                const w = db.prepare(`SELECT COALESCE(SUM(consumed_left_pv),0) AS l, COALESCE(SUM(consumed_right_pv),0) AS r
+                              FROM binary_score_records WHERE user_id = ? AND created_at >= ?`)
+                    .get(userId, since);
+                const leftPv = Number(u?.total_left_pv ?? 0) + Number(w.l);
+                const rightPv = Number(u?.total_right_pv ?? 0) + Number(w.r);
+                side = leftPv <= rightPv ? 'left' : 'right';
+            }
+            else {
+                side = (Number(u?.left_count ?? 0) <= Number(u?.right_count ?? 0)) ? 'left' : 'right';
+            }
+        }
+        const completed = db.prepare("SELECT COUNT(*) as n FROM orders WHERE buyer_id = ? AND status = 'completed'").get(userId).n;
+        const override = db.prepare("SELECT l1_share_override FROM users WHERE id = ?").get(userId)?.l1_share_override ?? 0;
+        const canL1 = override === 1 || (override === 0 && completed > 0);
+        const rate = Number(product.commission_rate ?? 0);
+        const link = `/?ref=${userId}&side=${side}#order-product/${productId}`;
+        res.json({
+            product: { id: product.id, title: product.title, price: product.price, commission_rate: rate },
+            share_link: link,
+            full_url_hint: 'Prepend webaz.xyz (production) to get the absolute URL',
+            side,
+            binary_explanation: `New user via this link → placed in your ${side === 'left' ? '🔵 left' : '🟢 right'} subtree (tail anchor)`,
+            commission_eligibility: canL1
+                ? `You will earn 3-tier commission: L1=${(rate * 0.70 * 100).toFixed(1)}% L2=${(rate * 0.20 * 100).toFixed(1)}% L3=${(rate * 0.10 * 100).toFixed(1)}% of sale price`
+                : 'You are NOT verified yet (need 1 completed purchase). 3-tier commission will be skipped, but points-matching still builds.',
+            next_steps: 'Share on TikTok / WeChat / Telegram. New user clicks → 30-day attribution window starts.',
+        });
+    });
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@seasonkoh/webaz",
-  "version": "0.1.22",
+  "version": "0.1.24",
   "description": "[PRE-LAUNCH] Agent-native decentralized commerce protocol. Humans and AI agents trade on the same protocol via MCP tools. ⚠️ Repository currently private until W8 public launch — GitHub links may return 404. See https://webaz.xyz for status.",
   "main": "dist/mcp.js",
   "bin": {