@seasonkoh/webaz 0.1.23 → 0.1.25

package/dist/pwa/routes/growth.js

@@ -1,3 +1,4 @@
+import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 const GROWTH_TASK_CATALOG = [
     // 第 1 关：新手起步
     { id: 'first_purchase', chapter: 1,
@@ -59,8 +60,9 @@ const GROWTH_TASK_CATALOG = [
         desc_zh: '正式跻身分享达人', desc_en: 'Officially a share pro',
         evaluate: c => c.team_total >= 50 },
 ];
-function buildGrowthTaskCtx(db, userId) {
-    const u = db.prepare("SELECT bio, search_anchor, default_address_json, default_address_text FROM users WHERE id = ?").get(userId);
+// RFC-016: db 参数保留(签名兼容),内部走异步 seam(同实例,setSeamDb)
+async function buildGrowthTaskCtx(_db, userId) {
+    const u = await dbOne("SELECT bio, search_anchor, default_address_json, default_address_text FROM users WHERE id = ?", [userId]);
     let line1 = null;
     try {
         const a = JSON.parse(u?.default_address_json || 'null');
@@ -69,21 +71,21 @@ function buildGrowthTaskCtx(db, userId) {
     catch { }
     if (!line1 && u?.default_address_text)
         line1 = u.default_address_text; // legacy 兜底
-    const completed = db.prepare("SELECT COUNT(*) AS n FROM orders WHERE buyer_id = ? AND status = 'completed'").get(userId).n;
-    const l1 = db.prepare("SELECT COUNT(*) AS n FROM users WHERE sponsor_id = ?").get(userId).n;
-    const teamTotal = db.prepare(`
+    const completed = (await dbOne("SELECT COUNT(*) AS n FROM orders WHERE buyer_id = ? AND status = 'completed'", [userId])).n;
+    const l1 = (await dbOne("SELECT COUNT(*) AS n FROM users WHERE sponsor_id = ?", [userId])).n;
+    const teamTotal = (await dbOne(`
     SELECT COUNT(*) AS n FROM users
     WHERE sponsor_id = ?
        OR sponsor_id IN (SELECT id FROM users WHERE sponsor_id = ?)
        OR sponsor_id IN (SELECT id FROM users WHERE sponsor_id IN (SELECT id FROM users WHERE sponsor_id = ?))
-  `).get(userId, userId, userId).n;
-    const grand = db.prepare("SELECT COALESCE(SUM(amount),0) AS s FROM commission_records WHERE beneficiary_id = ?").get(userId).s;
-    const sCount = db.prepare("SELECT COUNT(*) AS n FROM shareables WHERE owner_id = ? AND status = 'active'").get(userId).n;
-    const mCount = db.prepare("SELECT COUNT(*) AS n FROM manifest_registry WHERE owner_id = ? AND status = 'active'").get(userId).n;
-    const pv = db.prepare("SELECT total_left_pv, total_right_pv FROM users WHERE id = ?").get(userId);
+  `, [userId, userId, userId])).n;
+    const grand = (await dbOne("SELECT COALESCE(SUM(amount),0) AS s FROM commission_records WHERE beneficiary_id = ?", [userId])).s;
+    const sCount = (await dbOne("SELECT COUNT(*) AS n FROM shareables WHERE owner_id = ? AND status = 'active'", [userId])).n;
+    const mCount = (await dbOne("SELECT COUNT(*) AS n FROM manifest_registry WHERE owner_id = ? AND status = 'active'", [userId])).n;
+    const pv = await dbOne("SELECT total_left_pv, total_right_pv FROM users WHERE id = ?", [userId]);
     const weakLeg = Math.min(Number(pv?.total_left_pv || 0), Number(pv?.total_right_pv || 0));
-    const comm30 = db.prepare(`SELECT COALESCE(SUM(amount),0) AS s FROM commission_records WHERE beneficiary_id = ? AND created_at >= datetime('now','-30 days')`).get(userId).s;
-    const waz30 = db.prepare(`SELECT COALESCE(SUM(waz_amount),0) AS s FROM binary_score_records WHERE user_id = ? AND settled_at >= datetime('now','-30 days')`).get(userId).s;
+    const comm30 = (await dbOne(`SELECT COALESCE(SUM(amount),0) AS s FROM commission_records WHERE beneficiary_id = ? AND created_at >= datetime('now','-30 days')`, [userId])).s;
+    const waz30 = (await dbOne(`SELECT COALESCE(SUM(waz_amount),0) AS s FROM binary_score_records WHERE user_id = ? AND settled_at >= datetime('now','-30 days')`, [userId])).s;
     return {
         userId,
         bio: u?.bio || null,
@@ -99,9 +101,9 @@ function buildGrowthTaskCtx(db, userId) {
         last_30_total: comm30 + waz30,
     };
 }
-function evaluateGrowthTasks(db, userId, lang = 'zh') {
-    const ctx = buildGrowthTaskCtx(db, userId);
-    const logs = db.prepare("SELECT task_id, status, claimed_at, completed_at FROM growth_task_log WHERE user_id = ?").all(userId);
+async function evaluateGrowthTasks(_db, userId, lang = 'zh') {
+    const ctx = await buildGrowthTaskCtx(_db, userId);
+    const logs = await dbAll("SELECT task_id, status, claimed_at, completed_at FROM growth_task_log WHERE user_id = ?", [userId]);
     const logMap = new Map(logs.map(l => [l.task_id, l]));
     const out = [];
     for (const t of GROWTH_TASK_CATALOG) {
@@ -111,8 +113,8 @@ function evaluateGrowthTasks(db, userId, lang = 'zh') {
         let completed_at = log?.completed_at || null;
         if (done) {
             if (!log || log.status !== 'completed') {
-                db.prepare(`INSERT OR REPLACE INTO growth_task_log (user_id, task_id, status, claimed_at, completed_at)
-                    VALUES (?,?,?,?,datetime('now'))`).run(userId, t.id, 'completed', log?.claimed_at || null);
+                await dbRun(`INSERT OR REPLACE INTO growth_task_log (user_id, task_id, status, claimed_at, completed_at)
+                    VALUES (?,?,?,?,datetime('now'))`, [userId, t.id, 'completed', log?.claimed_at || null]);
                 completed_at = new Date().toISOString().slice(0, 19).replace('T', ' ');
             }
             status = 'completed';
@@ -147,53 +149,54 @@ function evaluateGrowthTasks(db, userId, lang = 'zh') {
     return { tasks: out, summary };
 }
 export function registerGrowthRoutes(app, deps) {
+    // db 仍在 destructure 中(传给 evaluateGrowthTasks 的签名);本文件 handler 走 RFC-016 异步 seam
     const { db, auth } = deps;
-    app.get('/api/growth/tasks', (req, res) => {
+    app.get('/api/growth/tasks', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const lang = String(req.headers['accept-language'] || '').startsWith('en') ? 'en' : 'zh';
-        res.json(evaluateGrowthTasks(db, user.id, lang));
+        res.json(await evaluateGrowthTasks(db, user.id, lang));
     });
-    app.post('/api/growth/tasks/:id/claim', (req, res) => {
+    app.post('/api/growth/tasks/:id/claim', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const taskId = req.params.id;
         if (!GROWTH_TASK_CATALOG.find(t => t.id === taskId))
             return void res.json({ error: 'unknown task' });
-        const existing = db.prepare("SELECT status, completed_at FROM growth_task_log WHERE user_id = ? AND task_id = ?").get(user.id, taskId);
+        const existing = await dbOne("SELECT status, completed_at FROM growth_task_log WHERE user_id = ? AND task_id = ?", [user.id, taskId]);
         if (existing?.status === 'completed')
             return void res.json({ error: '该任务已完成' });
-        db.prepare(`INSERT OR REPLACE INTO growth_task_log (user_id, task_id, status, claimed_at, completed_at)
-                VALUES (?,?,?,datetime('now'),NULL)`).run(user.id, taskId, 'claimed');
+        await dbRun(`INSERT OR REPLACE INTO growth_task_log (user_id, task_id, status, claimed_at, completed_at)
+                VALUES (?,?,?,datetime('now'),NULL)`, [user.id, taskId, 'claimed']);
         res.json({ success: true, status: 'claimed' });
     });
-    app.post('/api/growth/tasks/:id/skip', (req, res) => {
+    app.post('/api/growth/tasks/:id/skip', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const taskId = req.params.id;
         if (!GROWTH_TASK_CATALOG.find(t => t.id === taskId))
             return void res.json({ error: 'unknown task' });
-        const existing = db.prepare("SELECT status FROM growth_task_log WHERE user_id = ? AND task_id = ?").get(user.id, taskId);
+        const existing = await dbOne("SELECT status FROM growth_task_log WHERE user_id = ? AND task_id = ?", [user.id, taskId]);
         if (existing?.status === 'completed')
             return void res.json({ error: '该任务已完成，无法跳过' });
-        db.prepare(`INSERT OR REPLACE INTO growth_task_log (user_id, task_id, status, claimed_at, completed_at)
-                VALUES (?,?,?,NULL,NULL)`).run(user.id, taskId, 'skipped');
+        await dbRun(`INSERT OR REPLACE INTO growth_task_log (user_id, task_id, status, claimed_at, completed_at)
+                VALUES (?,?,?,NULL,NULL)`, [user.id, taskId, 'skipped']);
         res.json({ success: true, status: 'skipped' });
     });
-    app.post('/api/growth/tasks/:id/reset', (req, res) => {
+    app.post('/api/growth/tasks/:id/reset', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const taskId = req.params.id;
         if (!GROWTH_TASK_CATALOG.find(t => t.id === taskId))
             return void res.json({ error: 'unknown task' });
-        const existing = db.prepare("SELECT status FROM growth_task_log WHERE user_id = ? AND task_id = ?").get(user.id, taskId);
+        const existing = await dbOne("SELECT status FROM growth_task_log WHERE user_id = ? AND task_id = ?", [user.id, taskId]);
         if (existing?.status === 'completed')
             return void res.json({ error: '已完成任务无法重置' });
-        db.prepare("DELETE FROM growth_task_log WHERE user_id = ? AND task_id = ?").run(user.id, taskId);
+        await dbRun("DELETE FROM growth_task_log WHERE user_id = ? AND task_id = ?", [user.id, taskId]);
         res.json({ success: true, status: 'available' });
     });
 }

package/dist/pwa/routes/import-product.js

@@ -1,5 +1,7 @@
+import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerImportProductRoutes(app, deps) {
-    const { db, auth, safeFetch, rateLimitOk, generateId, checkSellerCanList, anthropic, AnthropicCtor, FREE_IMPORT_LIMIT } = deps;
+    // db 已走 RFC-016 异步 seam(dbOne/dbAll/dbRun),不再直接用 deps.db
+    const { auth, safeFetch, rateLimitOk, generateId, checkSellerCanList, anthropic, AnthropicCtor, FREE_IMPORT_LIMIT } = deps;
     app.post('/api/import-product', async (req, res) => {
         const user = auth(req, res);
         if (!user)
@@ -14,19 +16,19 @@ export function registerImportProductRoutes(app, deps) {
             return void res.json({ error: '请提供商品链接' });
         if (!rateLimitOk(req.ip || 'unknown', 6, 60_000))
             return void res.status(429).json({ error: '请求过于频繁，请稍后再试' });
-        const selfClaim = db.prepare(`
+        const selfClaim = await dbOne(`
       SELECT p.id as product_id, p.title FROM product_external_links pel
       JOIN products p ON pel.product_id = p.id
       WHERE pel.url = ? AND p.seller_id = ?
-    `).get(url, user.id);
+    `, [url, user.id]);
         if (selfClaim) {
             return void res.json({ error: `您已上架过来自此链接的商品「${selfClaim.title}」，不能重复关联相同外部链接` });
         }
-        const otherClaim = db.prepare(`
+        const otherClaim = await dbOne(`
       SELECT p.id as product_id FROM product_external_links pel
       JOIN products p ON pel.product_id = p.id
       WHERE pel.url = ? AND pel.verified = 1 AND p.seller_id != ?
-    `).get(url, user.id);
+    `, [url, user.id]);
         if (otherClaim) {
             return void res.json({
                 conflict: true,
@@ -36,7 +38,7 @@ export function registerImportProductRoutes(app, deps) {
         }
         const usingOwnKey = typeof user_api_key === 'string' && user_api_key.trim().startsWith('sk-ant-');
         if (!usingOwnKey) {
-            const todayCount = db.prepare(`SELECT COUNT(*) as cnt FROM import_logs WHERE user_id = ? AND created_at >= datetime('now', '-1 day')`).get(user.id).cnt;
+            const todayCount = (await dbOne(`SELECT COUNT(*) as cnt FROM import_logs WHERE user_id = ? AND created_at >= datetime('now', '-1 day')`, [user.id])).cnt;
             if (todayCount >= FREE_IMPORT_LIMIT) {
                 return void res.json({
                     error: `今日免费导入次数已用完（${FREE_IMPORT_LIMIT} 次/天）。请在导入面板填入你自己的 Anthropic API Key 以继续使用。`,
@@ -67,10 +69,10 @@ export function registerImportProductRoutes(app, deps) {
                 return void res.json({ error: '链接指向私网/localhost 或经 redirect 触达内部地址，已拦截' });
             return void res.json({ error: `无法访问该链接：${msg}` });
         }
-        const avgPrices = db.prepare(`
+        const avgPrices = await dbAll(`
       SELECT category, AVG(price) as avg_price, MIN(price) as min_price, MAX(price) as max_price, COUNT(*) as cnt
       FROM products WHERE status = 'active' GROUP BY category
-    `).all();
+    `);
         const priceContext = avgPrices.map(r => `${r.category || '未分类'}：均价 ${r.avg_price?.toFixed(0)} WAZ，最低 ${r.min_price} WAZ，最高 ${r.max_price} WAZ（${r.cnt} 件商品）`).join('\n');
         const client = usingOwnKey
             ? new AnthropicCtor({ apiKey: user_api_key.trim() })
@@ -138,9 +140,9 @@ ${html}`,
             extracted.description = title;
         }
         if (!usingOwnKey) {
-            db.prepare(`INSERT INTO import_logs (id, user_id) VALUES (?, ?)`).run(generateId('iml'), user.id);
+            await dbRun(`INSERT INTO import_logs (id, user_id) VALUES (?, ?)`, [generateId('iml'), user.id]);
         }
-        const usedToday = usingOwnKey ? 0 : db.prepare(`SELECT COUNT(*) as cnt FROM import_logs WHERE user_id = ? AND created_at >= datetime('now', '-1 day')`).get(user.id).cnt;
+        const usedToday = usingOwnKey ? 0 : (await dbOne(`SELECT COUNT(*) as cnt FROM import_logs WHERE user_id = ? AND created_at >= datetime('now', '-1 day')`, [user.id])).cnt;
         res.json({
             success: true,
             source_url: url,

package/dist/pwa/routes/kyc.js

@@ -1,8 +1,10 @@
 import { createHash } from 'crypto';
+import { dbOne, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerKycRoutes(app, deps) {
-    const { db, auth, MASTER_SEED } = deps;
+    // db 已走 RFC-016 异步 seam(dbOne/dbRun),不再直接用 deps.db
+    const { auth, MASTER_SEED } = deps;
     const VALID_KYC_ID_TYPES = new Set(['passport', 'national_id', 'driver_license', 'other']);
-    app.post('/api/kyc/submit', (req, res) => {
+    app.post('/api/kyc/submit', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -17,24 +19,23 @@ export function registerKycRoutes(app, deps) {
         const idHash = createHash('sha256').update(idStr + MASTER_SEED).digest('hex');
         const idLast4 = idStr.slice(-4);
         // 已存在？必须先 admin reject 或允许重新提交
-        const existing = db.prepare('SELECT status FROM kyc_records WHERE user_id = ?').get(user.id);
+        const existing = await dbOne('SELECT status FROM kyc_records WHERE user_id = ?', [user.id]);
         if (existing && existing.status === 'approved')
             return void res.status(400).json({ error: '已通过认证，无需重复提交' });
         if (existing && existing.status === 'pending')
             return void res.status(400).json({ error: '审核中，请耐心等待' });
-        db.prepare(`INSERT INTO kyc_records (user_id, real_name, id_type, id_number_hash, id_number_last4, status, submitted_at)
+        await dbRun(`INSERT INTO kyc_records (user_id, real_name, id_type, id_number_hash, id_number_last4, status, submitted_at)
       VALUES (?,?,?,?,?,'pending', datetime('now'))
       ON CONFLICT(user_id) DO UPDATE SET real_name = excluded.real_name, id_type = excluded.id_type,
         id_number_hash = excluded.id_number_hash, id_number_last4 = excluded.id_number_last4,
-        status = 'pending', reject_reason = NULL, submitted_at = datetime('now')`)
-            .run(user.id, String(real_name).trim().slice(0, 60), String(id_type), idHash, idLast4);
+        status = 'pending', reject_reason = NULL, submitted_at = datetime('now')`, [user.id, String(real_name).trim().slice(0, 60), String(id_type), idHash, idLast4]);
         res.json({ success: true, status: 'pending' });
     });
-    app.get('/api/kyc/me', (req, res) => {
+    app.get('/api/kyc/me', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const row = db.prepare('SELECT status, id_type, id_number_last4, reject_reason, submitted_at, reviewed_at FROM kyc_records WHERE user_id = ?').get(user.id);
+        const row = await dbOne('SELECT status, id_type, id_number_last4, reject_reason, submitted_at, reviewed_at FROM kyc_records WHERE user_id = ?', [user.id]);
         res.json({ kyc: row || null });
     });
 }

package/dist/pwa/routes/leaderboard.js

@@ -1,7 +1,9 @@
+import { dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerLeaderboardRoutes(app, deps) {
-    const { db, internalAuditorId, rateLimitOk } = deps;
+    // db 已走 RFC-016 异步 seam(dbAll),不再直接用 deps.db
+    const { internalAuditorId, rateLimitOk } = deps;
     const LB_RATE = 60; // 每 IP/分钟 60 次 — 公开端点防 DoS
-    app.get('/api/leaderboard', (req, res) => {
+    app.get('/api/leaderboard', async (req, res) => {
         const ip = req.ip || 'unknown';
         if (!rateLimitOk(`lb:${ip}`, LB_RATE, 60_000))
             return void res.status(429).json({ error: 'rate-limited' });
@@ -10,7 +12,7 @@ export function registerLeaderboardRoutes(app, deps) {
         if (kind === 'products') {
             // recommend_count 严格语义：完成购买 + 4 星+评价 + 去重 buyer_id（一买家计 1）
             // 排序权重也用 recommend_count 替代旧 unique_sharer_count（任何人分享）
-            const rows = db.prepare(`
+            const rows = await dbAll(`
         SELECT p.id, p.title, p.price, p.total_likes, p.completion_count,
           u.handle as seller_handle, u.name as seller_name,
           (SELECT COUNT(DISTINCT buyer_id) FROM order_ratings r
@@ -24,12 +26,12 @@ export function registerLeaderboardRoutes(app, deps) {
         WHERE p.status = 'active' AND p.stock > 0
         ORDER BY rank_score DESC, p.id DESC
         LIMIT ?
-      `).all(limit);
+      `, [limit]);
             return void res.json({ kind, items: rows });
         }
         if (kind === 'creators') {
             // 创作者维度：聚合自己 shareables 的总点赞 + 关联商品总数
-            const rows = db.prepare(`
+            const rows = await dbAll(`
         SELECT u.id, u.handle, u.name, u.region,
           COUNT(DISTINCT s.related_product_id) as products_shared,
           COUNT(s.id) as shareable_count,
@@ -40,24 +42,24 @@ export function registerLeaderboardRoutes(app, deps) {
         GROUP BY u.id
         ORDER BY total_likes DESC, shareable_count DESC, u.id DESC
         LIMIT ?
-      `).all(limit);
+      `, [limit]);
             return void res.json({ kind, items: rows });
         }
         // B-2: 用户排行 — top buyers / sellers / verifiers
         // 2026-05-23 隐私第一原理：移除 gmv 字段（运营状态私密，防过早 fork）
         if (kind === 'buyers') {
-            const rows = db.prepare(`
+            const rows = await dbAll(`
         SELECT u.id, u.handle, u.name, u.region,
           COUNT(*) as orders_count
         FROM orders o JOIN users u ON u.id = o.buyer_id
         WHERE o.status = 'completed' AND u.id NOT IN ('sys_protocol', ?)
         GROUP BY u.id ORDER BY orders_count DESC, u.id DESC LIMIT ?
-      `).all(internalAuditorId, limit);
+      `, [internalAuditorId, limit]);
             return void res.json({ kind, items: rows });
         }
         if (kind === 'sellers') {
             // 排序改为 评分主导（avg_rating × log(1+rating_count)），不再按 GMV
-            const rows = db.prepare(`
+            const rows = await dbAll(`
         SELECT u.id, u.handle, u.name, u.region,
           COUNT(*) as orders_count,
           (SELECT COALESCE(AVG(stars), 0) FROM order_ratings WHERE seller_id = u.id) as avg_rating,
@@ -67,13 +69,13 @@ export function registerLeaderboardRoutes(app, deps) {
         GROUP BY u.id
         ORDER BY (avg_rating * (1.0 + log(1.0 + rating_count))) DESC, rating_count DESC, orders_count DESC
         LIMIT ?
-      `).all(limit);
+      `, [limit]);
             return void res.json({ kind, items: rows });
         }
         if (kind === 'value_products') {
             // 2026-05-23 S5：极致性价比榜 — 按 value_badge=1 + 同类目 rank 排
             // 排序：rank 越小越靠前（同类目第 1 名最便宜），相同 rank 按 pct 折扣大优先
-            const rows = db.prepare(`
+            const rows = await dbAll(`
         SELECT p.id, p.title, p.price, p.category,
           p.value_badge_rank, p.value_badge_pct, p.value_badge_at,
           p.completion_count, p.total_likes,
@@ -82,14 +84,14 @@ export function registerLeaderboardRoutes(app, deps) {
         LEFT JOIN users u ON u.id = p.seller_id
         WHERE p.value_badge = 1 AND p.status = 'active' AND p.stock > 0
         ORDER BY p.value_badge_rank ASC, p.value_badge_pct DESC LIMIT ?
-      `).all(limit);
+      `, [limit]);
             return void res.json({ kind, items: rows });
         }
         if (kind === 'agents') {
             // 2026-05-22 AG1：Agent 评测竞赛榜单
             // 数据源：agent_reputation（trust_score + level）+ agent_call_log（30d 调用数）
             // 不暴露 api_key（隐私），只展示 user handle + 聚合指标
-            const rows = db.prepare(`
+            const rows = await dbAll(`
         SELECT u.id, u.handle, u.name,
           MAX(ar.trust_score) as trust_score,
           MAX(ar.level) as level,
@@ -103,7 +105,7 @@ export function registerLeaderboardRoutes(app, deps) {
         GROUP BY u.id
         HAVING calls_30d > 0 OR trust_score > 0
         ORDER BY trust_score DESC, calls_30d DESC LIMIT ?
-      `).all(limit);
+      `, [limit]);
             return void res.json({ kind, items: rows });
         }
         if (kind === 'arbitrators') {
@@ -114,7 +116,7 @@ export function registerLeaderboardRoutes(app, deps) {
             // 2026-06-03 #1080 audit: ORDER BY 改为 case_count desc + u.id tie-breaker
             // 移除 fairness_score 作为 secondary sort key — spec §3 禁 composite/multi-key
             // ("display 4 separate dimensions, let user pick sort dimension")
-            const rows = db.prepare(`
+            const rows = await dbAll(`
         SELECT u.id, u.handle, u.name,
           COUNT(dc.id) as cases_count,
           COALESCE(SUM(dc.fairness_yes), 0) as total_yes,
@@ -129,7 +131,7 @@ export function registerLeaderboardRoutes(app, deps) {
         WHERE dc.arbitrator_id IS NOT NULL
         GROUP BY u.id
         ORDER BY cases_count DESC, u.id DESC LIMIT ?
-      `).all(limit);
+      `, [limit]);
             return void res.json({ kind, items: rows });
         }
         if (kind === 'verifiers') {
@@ -139,7 +141,7 @@ export function registerLeaderboardRoutes(app, deps) {
             // 2026-06-03 #1080 audit: ORDER BY 改为 tasks_done desc(spec default case_count desc)
             // + u.id tie-breaker。移除 tasks_correct/accuracy 作为 secondary sort key — 该排序奖励
             // "活跃 + 准确" 隐含 composite,spec §3 明确"最活跃 first ≠ 最好 first"。
-            const rows = db.prepare(`
+            const rows = await dbAll(`
         SELECT u.id, u.handle, u.name,
           vs.tasks_done, vs.tasks_correct, vs.tasks_wrong,
           CASE WHEN vs.tasks_done > 0 THEN ROUND(CAST(vs.tasks_correct AS REAL) / vs.tasks_done, 3) ELSE NULL END as accuracy,
@@ -149,7 +151,7 @@ export function registerLeaderboardRoutes(app, deps) {
         LEFT JOIN verifier_whitelist vw ON vw.user_id = vs.user_id
         WHERE vs.tasks_done >= 1
         ORDER BY vs.tasks_done DESC, u.id DESC LIMIT ?
-      `).all(limit);
+      `, [limit]);
             return void res.json({ kind, items: rows });
         }
         return void res.json({ error: 'kind 必须是 products / creators / buyers / sellers / verifiers / arbitrators / agents / value_products' });

package/dist/pwa/routes/listings.js

@@ -1,3 +1,4 @@
+import { dbOne, dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 const URGENCY_WEIGHTS = {
     now: { price: 0.10, eta: 0.50, trust: 0.20, region: 0.10, fresh: 0.10, eta_hard_max: 4 },
     today: { price: 0.25, eta: 0.35, trust: 0.15, region: 0.15, fresh: 0.10, eta_hard_max: 24 },
@@ -28,12 +29,12 @@ function computeOfferScore(o, urgency, ctx) {
 }
 export function registerListingsRoutes(app, deps) {
     const { db, generateId, auth, LISTING_CATEGORIES, BASE_LISTING_STAKE, VALID_FULFILLMENT_TYPES, isListingCategoryKey } = deps;
-    function sellerCompletedSales(uid) {
-        const r = db.prepare(`SELECT COUNT(1) as n FROM orders WHERE seller_id = ? AND status = 'completed'`).get(uid);
+    async function sellerCompletedSales(uid) {
+        const r = await dbOne(`SELECT COUNT(1) as n FROM orders WHERE seller_id = ? AND status = 'completed'`, [uid]);
         return Number(r?.n ?? 0);
     }
     // 列表搜索（公开）
-    app.get('/api/listings', (req, res) => {
+    app.get('/api/listings', async (req, res) => {
         const q = String(req.query.q || '').trim();
         const category = String(req.query.category || '').trim();
         const limit = Math.min(100, Math.max(1, Number(req.query.limit) || 30));
@@ -50,7 +51,7 @@ export function registerListingsRoutes(app, deps) {
             args.push(category);
         }
         const orderBy = sort === 'popular' ? 'l.total_sales DESC, l.created_at DESC' : 'l.created_at DESC';
-        const rows = db.prepare(`
+        const rows = await dbAll(`
       SELECT l.*,
         (SELECT MIN(p.price) FROM products p WHERE p.listing_id = l.id AND p.status = 'active') as min_price,
         (SELECT COUNT(1)     FROM products p WHERE p.listing_id = l.id AND p.status = 'active') as offer_count
@@ -58,17 +59,17 @@ export function registerListingsRoutes(app, deps) {
       WHERE ${where.join(' AND ')}
       ORDER BY ${orderBy}
       LIMIT ?
-    `).all(...args, limit);
+    `, [...args, limit]);
         res.json({ items: rows, categories: LISTING_CATEGORIES });
     });
     // 我的跟卖
-    app.get('/api/listings/mine', (req, res) => {
+    app.get('/api/listings/mine', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         if (user.role !== 'seller')
             return void res.status(403).json({ error: '仅卖家可用', error_code: 'SELLER_ONLY' });
-        const rows = db.prepare(`
+        const rows = await dbAll(`
       SELECT l.id, l.title, l.category, l.category_path, l.external_id, l.created_at,
         (SELECT COUNT(*) FROM products WHERE listing_id = l.id AND seller_id = ? AND status = 'active') as my_offer_count,
         (SELECT MIN(price) FROM products WHERE listing_id = l.id AND seller_id = ? AND status = 'active') as my_min_price,
@@ -81,18 +82,18 @@ export function registerListingsRoutes(app, deps) {
       )
       ORDER BY l.created_at DESC
       LIMIT 100
-    `).all(user.id, user.id, user.id, user.id);
+    `, [user.id, user.id, user.id, user.id]);
         res.json({ items: rows });
     });
     // 详情 + offers 加权排序
-    app.get('/api/listings/:id', (req, res) => {
-        const listing = db.prepare("SELECT * FROM listings WHERE id = ? AND status != 'blocked'").get(req.params.id);
+    app.get('/api/listings/:id', async (req, res) => {
+        const listing = await dbOne("SELECT * FROM listings WHERE id = ? AND status != 'blocked'", [req.params.id]);
         if (!listing)
             return void res.status(404).json({ error: 'listing 不存在' });
         const urgency = isUrgencyKey(String(req.query.urgency || '')) ? String(req.query.urgency) : 'flex';
         const sortParam = String(req.query.sort || 'smart');
         const sortMode = VALID_OFFER_SORTS.has(sortParam) ? sortParam : 'smart';
-        const offers = db.prepare(`
+        const offers = await dbAll(`
       SELECT p.id, p.seller_id, p.title, p.price, p.stock, p.status,
         p.fulfillment_type, p.eta_hours, p.freshness_ts, p.is_clearance, p.clearance_until,
         p.cold_start_remaining, p.listing_stake_locked, p.ship_regions, p.commission_rate,
@@ -103,7 +104,7 @@ export function registerListingsRoutes(app, deps) {
       FROM products p
       LEFT JOIN users u ON u.id = p.seller_id
       WHERE p.listing_id = ? AND p.status = 'active'
-    `).all(req.params.id);
+    `, [req.params.id]);
         const buyerRegion = req.query.buyer_region ? String(req.query.buyer_region) : null;
         const nowIso = new Date().toISOString();
         if (offers.length) {
@@ -165,7 +166,7 @@ export function registerListingsRoutes(app, deps) {
         res.json({ listing, offers, urgency, sort: sortMode, categories: LISTING_CATEGORIES });
     });
     // 创建 listing（首创者）
-    app.post('/api/listings', (req, res) => {
+    app.post('/api/listings', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -178,26 +179,26 @@ export function registerListingsRoutes(app, deps) {
             return void res.json({ error: '类目无效' });
         const catCfg = LISTING_CATEGORIES[cat];
         if (catCfg.requires_kyc) {
-            const k = db.prepare("SELECT status FROM kyc_records WHERE user_id = ?").get(user.id);
+            const k = await dbOne("SELECT status FROM kyc_records WHERE user_id = ?", [user.id]);
             if (!k || k.status !== 'approved') {
                 return void res.json({ error: `${catCfg.name} 类目需先完成实名认证（KYC）`, error_code: 'KYC_REQUIRED' });
             }
         }
         if (catCfg.min_sales > 0) {
-            const sales = sellerCompletedSales(user.id);
+            const sales = await sellerCompletedSales(user.id);
             if (sales < catCfg.min_sales) {
                 return void res.json({ error: `${catCfg.name} 类目需至少 ${catCfg.min_sales} 单成功历史（当前 ${sales}）` });
             }
         }
         // 首创者 stake = 1.5 × 基础 × 类目倍数
         const stakeRequired = Math.round(BASE_LISTING_STAKE * catCfg.stake_mult * 1.5 * 100) / 100;
-        const wallet = db.prepare('SELECT balance FROM wallets WHERE user_id = ?').get(user.id);
+        const wallet = await dbOne('SELECT balance FROM wallets WHERE user_id = ?', [user.id]);
         if (!wallet || Number(wallet.balance) < stakeRequired) {
             return void res.json({ error: `余额不足，创建 ${catCfg.name} listing 需 ${stakeRequired} WAZ` });
         }
         const externalId = body.external_id ? String(body.external_id).trim() : null;
         if (externalId) {
-            const existing = db.prepare("SELECT id FROM listings WHERE external_id = ? AND status = 'active'").get(externalId);
+            const existing = await dbOne("SELECT id FROM listings WHERE external_id = ? AND status = 'active'", [externalId]);
             if (existing)
                 return void res.json({ error: '该型号已存在 listing，请改为跟卖', listing_id: existing.id, suggestion: 'follow' });
         }
@@ -218,19 +219,19 @@ export function registerListingsRoutes(app, deps) {
         res.json({ id, stake_locked: stakeRequired, category: cat });
     });
     // 跟卖：为已有 listing 创建本卖家的 product（即一个 offer）
-    app.post('/api/listings/:id/offers', (req, res) => {
+    app.post('/api/listings/:id/offers', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         if (user.role !== 'seller')
             return void res.json({ error: '仅卖家可跟卖' });
-        const listing = db.prepare("SELECT id, category, title, cover_image, description FROM listings WHERE id = ? AND status = 'active'").get(req.params.id);
+        const listing = await dbOne("SELECT id, category, title, cover_image, description FROM listings WHERE id = ? AND status = 'active'", [req.params.id]);
         if (!listing)
             return void res.status(404).json({ error: 'listing 不存在或已下架' });
         const cat = String(listing.category);
         const catCfg = isListingCategoryKey(cat) ? LISTING_CATEGORIES[cat] : LISTING_CATEGORIES.general;
         if (catCfg.min_sales > 0) {
-            const sales = sellerCompletedSales(user.id);
+            const sales = await sellerCompletedSales(user.id);
             if (sales < catCfg.min_sales) {
                 return void res.json({ error: `${catCfg.name} 类目跟卖需至少 ${catCfg.min_sales} 单成功历史（当前 ${sales}）` });
             }
@@ -247,12 +248,12 @@ export function registerListingsRoutes(app, deps) {
             return void res.json({ error: 'fulfillment_type 无效' });
         const shipRegions = body.ship_regions ? String(body.ship_regions).trim() : '全国';
         const stakeRequired = Math.round(BASE_LISTING_STAKE * catCfg.stake_mult * 100) / 100;
-        const wallet = db.prepare('SELECT balance FROM wallets WHERE user_id = ?').get(user.id);
+        const wallet = await dbOne('SELECT balance FROM wallets WHERE user_id = ?', [user.id]);
         if (!wallet || Number(wallet.balance) < stakeRequired) {
             return void res.json({ error: `余额不足，跟卖 ${catCfg.name} 需 ${stakeRequired} WAZ` });
         }
         // 一卖家 × 一 listing = 一 offer
-        const existing = db.prepare("SELECT id, status FROM products WHERE listing_id = ? AND seller_id = ? AND status != 'deleted'").get(req.params.id, user.id);
+        const existing = await dbOne("SELECT id, status FROM products WHERE listing_id = ? AND seller_id = ? AND status != 'deleted'", [req.params.id, user.id]);
         if (existing)
             return void res.json({ error: '已存在该商品的 offer，请修改而非新建', offer_id: existing.id });
         const id = generateId('p');

package/dist/pwa/routes/logistics.js

@@ -1,16 +1,18 @@
+import { dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerLogisticsRoutes(app, deps) {
-    const { db, auth } = deps;
-    app.get('/api/logistics/companies', (_req, res) => {
-        const companies = db.prepare(`SELECT id, name FROM users WHERE role = 'logistics' ORDER BY name ASC`).all();
+    // db 已走 RFC-016 异步 seam(dbAll),不再直接用 deps.db
+    const { auth } = deps;
+    app.get('/api/logistics/companies', async (_req, res) => {
+        const companies = await dbAll(`SELECT id, name FROM users WHERE role = 'logistics' ORDER BY name ASC`);
         res.json(companies);
     });
-    app.get('/api/logistics/orders', (req, res) => {
+    app.get('/api/logistics/orders', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         if (user.role !== 'logistics')
             return void res.status(403).json({ error: '仅限物流角色' });
-        const available = db.prepare(`
+        const available = await dbAll(`
       SELECT o.*, p.title as product_title, p.category,
         ub.name as buyer_name, us.name as seller_name
       FROM orders o
@@ -19,8 +21,8 @@ export function registerLogisticsRoutes(app, deps) {
       JOIN users us ON o.seller_id = us.id
       WHERE o.status = 'shipped' AND (o.logistics_id IS NULL OR o.logistics_id = '')
       ORDER BY o.created_at ASC LIMIT 20
-    `).all();
-        const mine = db.prepare(`
+    `);
+        const mine = await dbAll(`
       SELECT o.*, p.title as product_title, p.category,
         ub.name as buyer_name, us.name as seller_name
       FROM orders o
@@ -29,7 +31,7 @@ export function registerLogisticsRoutes(app, deps) {
       JOIN users us ON o.seller_id = us.id
       WHERE o.logistics_id = ? AND o.status IN ('shipped','picked_up','in_transit')
       ORDER BY o.created_at ASC LIMIT 20
-    `).all(user.id);
+    `, [user.id]);
         res.json({ available, mine });
     });
 }