@seasonkoh/webaz 0.1.23 → 0.1.25

package/dist/pwa/routes/orders-create.js

@@ -2,8 +2,55 @@ import { buildCartMandate, buildPaymentMandate, signMandate } from './ap2-mandat
 // RFC-014 PR3 — 金额走整数 base-units;钱包写绝对值(防 REAL 浮点加法 dust)。
 import { toUnits, toDecimal, mulQty, mulRate } from '../../money.js';
 import { applyWalletDelta } from '../../ledger.js';
+import { dbOne } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam(仅下单事务外的预检查;事务内 escrow/INSERT 保持同步)
+// 店铺推荐 → 商品三级归因的【懒升级】(sync,跑在下单事务内、getProductShareChain 之前)。
+// 严格门槛(任一不满足则不升级,绝不覆盖已有有效直接归因):
+//   ① 无未过期的现有商品归因(direct share 优先,不被店铺推荐覆盖)
+//   ② 该 seller 下有未过期的 shop_referral_attribution(recipient=buyer)
+//   ③ referrer ≠ buyer、referrer ≠ seller、referrer 非 sys/internal
+//   ④ referrer rewards_opted_in=1 且通过 isAllowedSponsor(经济边界)
+//   ⑤ referrer 自己 completed 买过【同一个】商品,且该订单的【完成时间 ≤ 店铺推荐锚定时间】——
+//      必须"先真实成交同款、后分享店铺",不允许先 touch 旧店铺锚点、事后补购同款再反向升级。
+//      完成时间取 order_state_history 中 to_status='completed' 的 MIN(created_at);无 history 行时
+//      兼容回退 orders.updated_at(绝不用 orders.created_at 当完成时间)。
+// 通过后写 product_share_attribution(shareable_id=NULL,带 shop_referral_verified_purchase provenance);
+// 已有但过期的行可被刷新。不改任何结算数学,只新增一条归因来源。模块级导出供测试直测。
+export function maybePromoteShopReferralToProductAttribution(db, opts, productId, sellerId, buyerId) {
+    const liveDirect = db.prepare("SELECT 1 FROM product_share_attribution WHERE product_id = ? AND recipient_id = ? AND expires_at > datetime('now')").get(productId, buyerId);
+    if (liveDirect)
+        return; // ① 已有有效归因(含直接分享)→ 绝不覆盖
+    const referral = db.prepare("SELECT referrer_id, ref_code, created_at FROM shop_referral_attribution WHERE seller_id = ? AND recipient_id = ? AND expires_at > datetime('now')").get(sellerId, buyerId);
+    if (!referral)
+        return; // ②
+    const r = referral.referrer_id;
+    if (r === buyerId || r === sellerId || r === 'sys_protocol' || r === opts.internalAuditorId)
+        return; // ③ (referrer===seller → 记录关系但不升级分润)
+    const optedIn = db.prepare("SELECT rewards_opted_in FROM users WHERE id = ?").get(r)?.rewards_opted_in === 1;
+    if (!optedIn || !opts.isAllowedSponsor(r))
+        return; // ④
+    const qual = db.prepare(`
+    SELECT o.id FROM orders o
+    WHERE o.buyer_id = ? AND o.product_id = ? AND o.status = 'completed'
+      AND COALESCE(
+            (SELECT MIN(h.created_at) FROM order_state_history h WHERE h.order_id = o.id AND h.to_status = 'completed'),
+            o.updated_at
+          ) <= ?
+    ORDER BY o.created_at ASC LIMIT 1
+  `).get(r, productId, referral.created_at);
+    if (!qual)
+        return; // ⑤ 推荐人没在【锚定店铺之前】真实成交过同款 → 不升级
+    const hadRow = db.prepare("SELECT 1 FROM product_share_attribution WHERE product_id = ? AND recipient_id = ?").get(productId, buyerId);
+    if (hadRow) {
+        db.prepare("UPDATE product_share_attribution SET sharer_id = ?, shareable_id = NULL, created_at = datetime('now'), expires_at = datetime('now','+30 days'), source_type = 'shop_referral_verified_purchase', source_ref = ?, source_shop_seller_id = ?, source_qualified_order_id = ? WHERE product_id = ? AND recipient_id = ?")
+            .run(r, referral.ref_code, sellerId, qual.id, productId, buyerId);
+    }
+    else {
+        db.prepare("INSERT INTO product_share_attribution (product_id, recipient_id, sharer_id, shareable_id, expires_at, source_type, source_ref, source_shop_seller_id, source_qualified_order_id) VALUES (?,?,?,NULL,datetime('now','+30 days'),'shop_referral_verified_purchase',?,?,?)")
+            .run(productId, buyerId, r, referral.ref_code, sellerId, qual.id);
+    }
+}
 export function registerOrdersCreateRoutes(app, deps) {
-    const { db, auth, isTrustedRole, generateId, generateRecipientCode, DONATION_VALID_PCTS, INTERNAL_AUDITOR_ID, addHours, getActiveFlashSale, applyCouponToOrder, getProtocolParam, getProductShareChain, isAllowedSponsor, checkStockAndMaybeDelist, auditSponsorChainCross, appendOrderEvent, transition, notifyTransition, shouldAutoAccept, ensureCharityRep, broadcastSystemEvent, signPassport, issuerAddress } = deps;
+    const { db, auth, isTrustedRole, generateId, generateRecipientCode, DONATION_VALID_PCTS, INTERNAL_AUDITOR_ID, addHours, getActiveFlashSale, applyCouponToOrder, getProtocolParam, getProductShareChain, isAllowedSponsor, resolveInviteCodeRef, checkStockAndMaybeDelist, auditSponsorChainCross, appendOrderEvent, transition, notifyTransition, shouldAutoAccept, ensureCharityRep, broadcastSystemEvent, signPassport, issuerAddress } = deps;
     app.post('/api/orders', async (req, res) => {
         const user = auth(req, res);
         if (!user)
@@ -16,8 +63,8 @@ export function registerOrdersCreateRoutes(app, deps) {
         // 2026-05-23 P0 audit fix 2.1：agent_attestations spend_cap 强制
         const apiKey = req.headers.authorization?.replace('Bearer ', '');
         if (apiKey) {
-            const cap = db.prepare(`SELECT spend_cap_per_order, spend_cap_daily FROM agent_attestations
-        WHERE api_key = ? AND user_id = ? AND revoked_at IS NULL`).get(apiKey, user.id);
+            const cap = await dbOne(`SELECT spend_cap_per_order, spend_cap_daily FROM agent_attestations
+        WHERE api_key = ? AND user_id = ? AND revoked_at IS NULL`, [apiKey, user.id]);
             if (cap) {
                 const estQty = Math.max(1, Math.floor(Number(req.body?.quantity ?? 1)));
                 const estPrice = Number(req.body?.expected_price ?? 0);
@@ -30,9 +77,8 @@ export function registerOrdersCreateRoutes(app, deps) {
                     });
                 }
                 if (cap.spend_cap_daily != null) {
-                    const todaySpent = db.prepare(`SELECT COALESCE(SUM(total_amount), 0) as t
-            FROM orders WHERE buyer_id = ? AND created_at > datetime('now', '-24 hours') AND status != 'cancelled'`)
-                        .get(user.id).t;
+                    const todaySpent = (await dbOne(`SELECT COALESCE(SUM(total_amount), 0) as t
+            FROM orders WHERE buyer_id = ? AND created_at > datetime('now', '-24 hours') AND status != 'cancelled'`, [user.id])).t;
                     if (todaySpent + estTotal > cap.spend_cap_daily) {
                         return void res.status(403).json({
                             error: `24h 累计 ${todaySpent}+${estTotal} 超 agent 日上限 ${cap.spend_cap_daily} WAZ（用户设定）`,
@@ -93,17 +139,16 @@ export function registerOrdersCreateRoutes(app, deps) {
                 deliveryWindowJson = JSON.stringify({ day_type: dt, time_range: tr, flexible: fl });
             }
         }
-        const product = db.prepare(`SELECT p.*, u.id as seller_uid FROM products p
-      JOIN users u ON p.seller_id = u.id WHERE p.id = ? AND p.status = 'active'`).get(product_id);
+        const product = await dbOne(`SELECT p.*, u.id as seller_uid FROM products p
+      JOIN users u ON p.seller_id = u.id WHERE p.id = ? AND p.status = 'active'`, [product_id]);
         if (!product)
             return void res.json({ error: '商品不存在或已下架' });
         let variant = null;
         if (Number(product.has_variants) === 1) {
             if (!variant_id)
                 return void res.json({ error: '该商品需选择规格', error_code: 'VARIANT_REQUIRED' });
-            const v = db.prepare(`SELECT id, price_override, stock, options_json
-        FROM product_variants WHERE id = ? AND product_id = ? AND is_active = 1`)
-                .get(variant_id, product_id);
+            const v = await dbOne(`SELECT id, price_override, stock, options_json
+        FROM product_variants WHERE id = ? AND product_id = ? AND is_active = 1`, [variant_id, product_id]);
             if (!v)
                 return void res.json({ error: '规格不存在或已下架' });
             if (Number(v.stock) < reqQty)
@@ -151,6 +196,9 @@ export function registerOrdersCreateRoutes(app, deps) {
             couponDiscount = result.discount || 0;
         }
         // 验证 session_token（如果提供）
+        // RFC-016: 价格锁是【一次性】消费 — SELECT 校验 → mark used 之间【不能有 await】,
+        //   否则两个并发下单会都读到 used_at=NULL 再各自 mark,复用同一 token(Codex #224)。
+        //   故整块保持同步 better-sqlite3 调用(Node 单线程内原子,无让步);Phase 3 随订单路径迁 pg 行锁。
         if (session_token) {
             const session = db.prepare(`
         SELECT * FROM price_sessions WHERE token = ? AND product_id = ? AND user_id = ?
@@ -188,7 +236,8 @@ export function registerOrdersCreateRoutes(app, deps) {
         const insurancePremium = toDecimal(insurancePremiumU);
         const totalAmount = toDecimal(totalAmountU);
         const donationAmount = toDecimal(donationAmountU);
-        const wallet = db.prepare('SELECT balance FROM wallets WHERE user_id = ?').get(user.id);
+        // 友好预检查(读):真正的守恒在下面的同步事务内(applyWalletDelta 绝对值落库)。
+        const wallet = await dbOne('SELECT balance FROM wallets WHERE user_id = ?', [user.id]);
         if (!wallet)
             return void res.status(500).json({ error: '钱包记录缺失', error_code: 'WALLET_MISSING' });
         if (toUnits(wallet.balance) < totalAmountU + donationAmountU)
@@ -203,10 +252,13 @@ export function registerOrdersCreateRoutes(app, deps) {
                 const buyer = db.prepare("SELECT sponsor_id, sponsor_path, region FROM users WHERE id = ?").get(user.id);
                 // 孤儿用户首次绑 sponsor：buyer 无 sponsor + 客户端传 sponsor_hint
                 // 校验：① 非自己 ② 防环路 ③ hint 必须是 verified buyer
-                const sponsorHint = (typeof req.body.sponsor_hint === 'string' && req.body.sponsor_hint) ? String(req.body.sponsor_hint) : null;
-                if (!buyer.sponsor_id && sponsorHint && sponsorHint !== user.id) {
+                // sponsor_hint from the client is now an invite code (permanent_code [+ -L/-R]) — resolve it to a
+                // user id first; usr_xxx / @handle / handle no longer bind a sponsor (matches the narrowed surface).
+                const sponsorHintRaw = (typeof req.body.sponsor_hint === 'string' && req.body.sponsor_hint) ? String(req.body.sponsor_hint) : null;
+                const sponsorHintRef = sponsorHintRaw ? resolveInviteCodeRef(sponsorHintRaw) : null;
+                if (!buyer.sponsor_id && sponsorHintRef && sponsorHintRef.userId !== user.id) {
                     const hint = db.prepare("SELECT id, sponsor_path FROM users WHERE id = ? AND id NOT IN ('sys_protocol', ?)")
-                        .get(sponsorHint, INTERNAL_AUDITOR_ID);
+                        .get(sponsorHintRef.userId, INTERNAL_AUDITOR_ID);
                     if (hint && isAllowedSponsor(hint.id)) {
                         const hintPath = hint.sponsor_path || '';
                         if (!hintPath.split('>').includes(user.id)) {
@@ -222,6 +274,9 @@ export function registerOrdersCreateRoutes(app, deps) {
                     const r = db.prepare("SELECT max_levels FROM region_config WHERE region = ? AND active = 1").get(buyer?.region || 'global');
                     return r?.max_levels ?? 3;
                 })();
+                // 店铺推荐懒升级:在反推商品链【之前】尝试把"店铺推荐 + 推荐人真实成交过同款"升级为本商品归因,
+                // 这样本订单快照就能拿到 L1/L2/L3(不覆盖已有有效直接归因)。
+                maybePromoteShopReferralToProductAttribution(db, { internalAuditorId: INTERNAL_AUDITOR_ID, isAllowedSponsor }, product.id, product.seller_uid, user.id);
                 // 商品分享奖励链（per-product），与 PV 系统 sponsor_path 完全解耦
                 // 反推方向：谁分享了 product 给 buyer? → 该 sharer 是 L1
                 const productChain = getProductShareChain(product.id, user.id, 3);
@@ -233,11 +288,11 @@ export function registerOrdersCreateRoutes(app, deps) {
                 const buyerRegionSnapshot = buyer?.region || 'global';
                 // P2P：若为 P2P 商品，下单时快照 content_hash（争议时凭买家所见 hash 判定）
                 const contentHashSnapshot = (Number(product.p2p_mode) === 1 && product.content_hash) ? String(product.content_hash) : null;
-                // RFC-008 stage 1：赔付背书快照。起步免赔付阶段(require_seller_stake=0)= 0 → 违约只退款不没收、不印钱、零门槛。
-                //   ⚠️ "要求质押"档(=1,下单锁 stake、backing=total×stake_rate(信誉))属后续【收紧】阶段,届时在此计算并锁定。
-                const stakeBacking = Number(getProtocolParam('require_seller_stake', 0)) === 1
-                    ? 0 // TODO(tighten stage): backing = total × stakeRate(seller reputation) + 在此 lock balance→staked
-                    : 0;
+                // RFC-008 stage 1：赔付背书快照恒为 0 → 违约只退款不没收、不印钱、零门槛(起步免赔付)。
+                //   stake-required 模式(require_seller_stake=1)【尚未实现】且该 param 已被 governance 锁在 0(max=0,
+                //   见 server.ts DEFAULT_PARAMS + 迁移,Codex #111)—— 故不读它(读了也只会是 0),避免"假开关"误导。
+                //   Phase 3 钱路径迁移时在此按信誉算 backing = total×stake_rate 并原子锁 balance→staked、放开该 param。
+                const stakeBacking = 0;
                 db.prepare(`INSERT INTO orders (
           id, product_id, buyer_id, seller_id, quantity, unit_price, total_amount, escrow_amount,
           status, shipping_address, notes, pay_deadline, accept_deadline, ship_deadline,

package/dist/pwa/routes/orders-read.js

@@ -1,12 +1,13 @@
 // RFC-011 §⑥ 事件游标流(纯 db 函数,party-gated)
 import { listOrderEventsSince } from '../../layer0-foundation/L0-2-state-machine/order-chain.js';
+import { dbOne, dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerOrdersReadRoutes(app, deps) {
     const { db, auth, getOrderStatus, getOrderChain, verifyOrderChain, getOrderDispute } = deps;
-    app.get('/api/orders', (req, res) => {
+    app.get('/api/orders', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const orders = db.prepare(`
+        const orders = await dbAll(`
       SELECT o.*, p.title as product_title, p.images,
         ub.name as buyer_name, us.name as seller_name
       FROM orders o
@@ -15,7 +16,7 @@ export function registerOrdersReadRoutes(app, deps) {
       JOIN users us ON o.seller_id = us.id
       WHERE o.buyer_id = ? OR o.seller_id = ? OR o.logistics_id = ?
       ORDER BY o.created_at DESC LIMIT 50
-    `).all(user.id, user.id, user.id);
+    `, [user.id, user.id, user.id]);
         // B2 隐私购物：列表里也做相同 mask（防 seller/logistics 通过列表绕过详情 mask）
         for (const o of orders) {
             if (Number(o.anonymous_recipient) === 1 && o.buyer_id !== user.id) {
@@ -28,7 +29,7 @@ export function registerOrdersReadRoutes(app, deps) {
         res.json(orders);
     });
     // Wave D-2: 订单导出 CSV
-    app.get('/api/orders/export', (req, res) => {
+    app.get('/api/orders/export', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -47,7 +48,7 @@ export function registerOrdersReadRoutes(app, deps) {
             params.push(to);
         }
         const EXPORT_LIMIT = 5000;
-        const rows = db.prepare(`
+        const rows = await dbAll(`
       SELECT o.id, o.created_at, o.status, o.quantity, o.unit_price, o.total_amount,
              o.coupon_discount, o.variant_options_snapshot, o.shipping_address,
              p.title as product_title, p.category,
@@ -59,7 +60,7 @@ export function registerOrdersReadRoutes(app, deps) {
       JOIN users us ON us.id = o.seller_id
       WHERE ${where.join(' AND ')}
       ORDER BY o.created_at DESC LIMIT ?
-    `).all(...params, EXPORT_LIMIT + 1);
+    `, [...params, EXPORT_LIMIT + 1]);
         // P1-4: 触达上限 → X-Truncated 头
         const truncated = rows.length > EXPORT_LIMIT;
         if (truncated)
@@ -99,38 +100,38 @@ export function registerOrdersReadRoutes(app, deps) {
         res.send('' + lines.join('\n'));
     });
     // 订单签名链 — 当事人 + arbitrator + admin 可查
-    app.get('/api/orders/:id/chain', (req, res) => {
+    app.get('/api/orders/:id/chain', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const order = db.prepare('SELECT buyer_id, seller_id, logistics_id FROM orders WHERE id = ?').get(req.params.id);
+        const order = await dbOne('SELECT buyer_id, seller_id, logistics_id FROM orders WHERE id = ?', [req.params.id]);
         if (!order)
             return void res.status(404).json({ error: '订单不存在' });
         const uid = user.id;
         const isParty = uid === order.buyer_id || uid === order.seller_id || uid === order.logistics_id || user.role === 'arbitrator' || user.role === 'admin';
         if (!isParty)
             return void res.status(403).json({ error: '无权查看此订单链' });
-        const chain = getOrderChain(db, req.params.id);
-        const verification = verifyOrderChain(db, req.params.id);
+        const chain = await getOrderChain(db, req.params.id);
+        const verification = await verifyOrderChain(db, req.params.id);
         res.json({ chain, verification });
     });
     // RFC-011 §⑥:事件游标流 —— 集成方 agent 拉"自 cursor 以来与我相关的订单变化"(agent 拉,非 webhook)。
     //   party-gated(只见自己当事的订单事件,= /chain 同口径,不变量 2:活性 ≤ 读边界);
     //   结构性事件 + 哈希链字段(验链防篡改),完整 payload 仍走 party-gated /chain。
-    app.get('/api/agent/events', (req, res) => {
+    app.get('/api/agent/events', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const since = typeof req.query.since === 'string' ? req.query.since : undefined;
         const limit = Number(req.query.limit) || 50;
-        const r = listOrderEventsSince(db, user.id, since, limit);
+        const r = await listOrderEventsSince(db, user.id, since, limit);
         res.setHeader('Cache-Control', 'no-store'); // 事件流不缓存
         res.json({
             ...r,
             note: 'Cursor stream of order events you are party to. Pass ?since=<next_cursor> to page. Pull, not push. event_hash+prev_event_hash verify chain integrity; full payload via GET /api/orders/:id/chain.',
         });
     });
-    app.get('/api/orders/:id', (req, res) => {
+    app.get('/api/orders/:id', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -145,8 +146,8 @@ export function registerOrdersReadRoutes(app, deps) {
         }
         // M8: 二手订单从 secondhand_items 查；商家订单从 products 查
         const product = order.source === 'secondhand'
-            ? (() => {
-                const si = db.prepare('SELECT title, price, images FROM secondhand_items WHERE id = ?').get(order.product_id);
+            ? await (async () => {
+                const si = await dbOne('SELECT title, price, images FROM secondhand_items WHERE id = ?', [order.product_id]);
                 if (!si)
                     return null;
                 try {
@@ -156,10 +157,10 @@ export function registerOrdersReadRoutes(app, deps) {
                     return { title: si.title, price: si.price, images: [] };
                 }
             })()
-            : db.prepare('SELECT id, title, price, images, return_days FROM products WHERE id = ?').get(order.product_id);
-        const dispute = getOrderDispute(db, req.params.id);
+            : await dbOne('SELECT id, title, price, images, return_days FROM products WHERE id = ?', [order.product_id]);
+        const dispute = await getOrderDispute(db, req.params.id);
         // 为每条历史记录附上证据描述
-        const history = statusInfo.history.map(h => {
+        const history = await Promise.all(statusInfo.history.map(async (h) => {
             // P1 fix: 单条脏 evidence_ids 不应封死整个 order 详情
             let ids = [];
             try {
@@ -169,10 +170,10 @@ export function registerOrdersReadRoutes(app, deps) {
             }
             catch { }
             const evidenceItems = ids.length
-                ? db.prepare(`SELECT description, type FROM evidence WHERE id IN (${ids.map(() => '?').join(',')})`).all(...ids)
+                ? await dbAll(`SELECT description, type FROM evidence WHERE id IN (${ids.map(() => '?').join(',')})`, ids)
                 : [];
             return { ...h, evidence_items: evidenceItems };
-        });
+        }));
         // 物流跟踪摘要：从历史中提取所有物流操作的证据
         const LOGISTICS_STEPS = ['shipped', 'picked_up', 'in_transit', 'delivered'];
         const trackingInfo = history

package/dist/pwa/routes/p2p-products.js

@@ -1,7 +1,9 @@
+import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerP2pProductsRoutes(app, deps) {
-    const { db, auth, generateId, verifyP2pSig, isValidPeerEndpoint, isFreshSignedAt, P2P_TITLE_MAX, P2P_THUMB_MAX, P2P_DAILY_CAP, RFQ_MAX_PRICE, RFQ_MAX_QTY } = deps;
+    // db 已走 RFC-016 异步 seam(dbOne/dbAll/dbRun),不再直接用 deps.db
+    const { auth, generateId, verifyP2pSig, isValidPeerEndpoint, isFreshSignedAt, P2P_TITLE_MAX, P2P_THUMB_MAX, P2P_DAILY_CAP, RFQ_MAX_PRICE, RFQ_MAX_QTY } = deps;
     // 发布 / 重发 P2P 商品
-    app.post('/api/p2p-products', (req, res) => {
+    app.post('/api/p2p-products', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -40,26 +42,36 @@ export function registerP2pProductsRoutes(app, deps) {
         if (thumbnail && thumbnail.length > P2P_THUMB_MAX)
             return void res.json({ error: `thumbnail 超过 ${P2P_THUMB_MAX} 字节` });
         // 频率限制
-        const today = db.prepare("SELECT COUNT(1) as n FROM products WHERE seller_id = ? AND p2p_mode = 1 AND created_at > datetime('now','-1 day')").get(user.id).n;
+        const today = (await dbOne("SELECT COUNT(1) as n FROM products WHERE seller_id = ? AND p2p_mode = 1 AND created_at > datetime('now','-1 day')", [user.id])).n;
         if (today >= P2P_DAILY_CAP)
             return void res.json({ error: `今日 P2P 上架已达上限 ${P2P_DAILY_CAP}` });
         const category = String(body.category || 'general');
         const region = String(body.region || user.region || '全国');
         const id = generateId('p');
-        db.prepare(`
+        await dbRun(`
       INSERT INTO products (id, seller_id, title, description, price, stock, status, images, ship_regions,
         handling_hours, commission_rate, category_id, stake_amount, p2p_mode, content_hash, peer_endpoint,
         content_signature, content_signed_at)
       VALUES (?,?,?,?,?,?,'active',?,?,24,0.10,'cat_default',0,1,?,?,?,?)
-    `).run(id, user.id, title, `[P2P] ${title}（完整详情见卖家节点）`, price, stock, thumbnail ? JSON.stringify([thumbnail]) : '[]', region, contentHash, peerEndpoint || null, signature, signedAt);
+    `, [
+            id, user.id, title,
+            `[P2P] ${title}（完整详情见卖家节点）`,
+            price, stock,
+            thumbnail ? JSON.stringify([thumbnail]) : '[]',
+            region,
+            contentHash,
+            peerEndpoint || null,
+            signature,
+            signedAt,
+        ]);
         res.json({ id, content_hash: contentHash });
     });
     // 更新（重发 hash + signature，价格/库存/标题可改；旧 hash 给在途订单保留）
-    app.patch('/api/p2p-products/:id', (req, res) => {
+    app.patch('/api/p2p-products/:id', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const product = db.prepare("SELECT * FROM products WHERE id = ? AND p2p_mode = 1").get(req.params.id);
+        const product = await dbOne("SELECT * FROM products WHERE id = ? AND p2p_mode = 1", [req.params.id]);
         if (!product)
             return void res.status(404).json({ error: 'P2P 商品不存在' });
         if (product.seller_id !== user.id)
@@ -128,28 +140,28 @@ export function registerP2pProductsRoutes(app, deps) {
             return void res.json({ error: '无任何修改' });
         updates.push("updated_at = datetime('now')");
         args.push(req.params.id);
-        db.prepare(`UPDATE products SET ${updates.join(', ')} WHERE id = ?`).run(...args);
+        await dbRun(`UPDATE products SET ${updates.join(', ')} WHERE id = ?`, args);
         res.json({ success: true });
     });
     // 下架（保留行 + status='warehouse'，在途订单 hash 仍可证）
-    app.delete('/api/p2p-products/:id', (req, res) => {
+    app.delete('/api/p2p-products/:id', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const product = db.prepare("SELECT seller_id, status FROM products WHERE id = ? AND p2p_mode = 1").get(req.params.id);
+        const product = await dbOne("SELECT seller_id, status FROM products WHERE id = ? AND p2p_mode = 1", [req.params.id]);
         if (!product)
             return void res.status(404).json({ error: 'P2P 商品不存在' });
         if (product.seller_id !== user.id)
             return void res.status(403).json({ error: '仅卖家本人可下架' });
-        const pendingOrders = db.prepare("SELECT COUNT(1) as n FROM orders WHERE product_id = ? AND status NOT IN ('completed','cancelled','refunded','expired')").get(req.params.id).n;
+        const pendingOrders = (await dbOne("SELECT COUNT(1) as n FROM orders WHERE product_id = ? AND status NOT IN ('completed','cancelled','refunded','expired')", [req.params.id])).n;
         if (pendingOrders > 0)
             return void res.json({ error: `该商品有 ${pendingOrders} 个进行中订单，无法下架` });
-        db.prepare("UPDATE products SET status = 'warehouse', updated_at = datetime('now') WHERE id = ?").run(req.params.id);
+        await dbRun("UPDATE products SET status = 'warehouse', updated_at = datetime('now') WHERE id = ?", [req.params.id]);
         res.json({ success: true });
     });
     // 公开：列表
-    app.get('/api/p2p-products', (_req, res) => {
-        const rows = db.prepare(`
+    app.get('/api/p2p-products', async (_req, res) => {
+        const rows = await dbAll(`
       SELECT p.id, p.seller_id, p.title, p.price, p.stock, p.images as thumbnail_json,
         p.ship_regions as region, p.content_hash, p.peer_endpoint, p.content_signed_at,
         u.handle as seller_handle, u.region as seller_region
@@ -158,19 +170,19 @@ export function registerP2pProductsRoutes(app, deps) {
       WHERE p.status = 'active' AND p.stock > 0 AND p.p2p_mode = 1
       ORDER BY p.created_at DESC
       LIMIT 50
-    `).all();
+    `);
         res.json({ items: rows });
     });
     // 公开：详情（含 hash + peer_endpoint）
-    app.get('/api/p2p-products/:id', (req, res) => {
-        const row = db.prepare(`
+    app.get('/api/p2p-products/:id', async (req, res) => {
+        const row = await dbOne(`
       SELECT p.id, p.seller_id, p.title, p.price, p.stock, p.images as thumbnail_json,
         p.ship_regions as region, p.content_hash, p.peer_endpoint, p.content_signature, p.content_signed_at,
         u.handle as seller_handle, u.region as seller_region, u.permanent_code as seller_code
       FROM products p
       LEFT JOIN users u ON u.id = p.seller_id
       WHERE p.id = ? AND p.p2p_mode = 1
-    `).get(req.params.id);
+    `, [req.params.id]);
         if (!row)
             return void res.status(404).json({ error: 'P2P 商品不存在' });
         res.json({ product: row });