@seasonkoh/webaz 0.1.24 → 0.1.25

package/dist/pwa/routes/promoter.js

@@ -1,61 +1,63 @@
+import { dbOne, dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerPromoterRoutes(app, deps) {
     const { db, auth, isAllowedSponsor } = deps;
-    app.get('/api/promoter/dashboard', (req, res) => {
+    void db; // RFC-016: 本文件已全量走异步 seam;db 仍在 deps 由调用方注入,此处不直接使用
+    app.get('/api/promoter/dashboard', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const userId = user.id;
-        const l1 = db.prepare("SELECT COUNT(*) as n FROM users WHERE sponsor_id = ?").get(userId).n;
-        const l2 = db.prepare(`
+        const l1 = (await dbOne("SELECT COUNT(*) as n FROM users WHERE sponsor_id = ?", [userId])).n;
+        const l2 = (await dbOne(`
       SELECT COUNT(*) as n FROM users
       WHERE sponsor_id IN (SELECT id FROM users WHERE sponsor_id = ?)
-    `).get(userId).n;
-        const l3 = db.prepare(`
+    `, [userId])).n;
+        const l3 = (await dbOne(`
       SELECT COUNT(*) as n FROM users
       WHERE sponsor_id IN (
         SELECT id FROM users WHERE sponsor_id IN (SELECT id FROM users WHERE sponsor_id = ?)
       )
-    `).get(userId).n;
-        const earned = db.prepare(`
+    `, [userId])).n;
+        const earned = await dbAll(`
       SELECT level, COUNT(*) as orders, COALESCE(SUM(amount),0) as total
       FROM commission_records WHERE beneficiary_id = ?
       GROUP BY level
-    `).all(userId);
+    `, [userId]);
         const byLevel = { 1: { orders: 0, total: 0 }, 2: { orders: 0, total: 0 }, 3: { orders: 0, total: 0 } };
         for (const r of earned)
             byLevel[r.level] = { orders: r.orders, total: r.total };
         const grand = byLevel[1].total + byLevel[2].total + byLevel[3].total;
-        const recent = db.prepare(`
+        const recent = await dbAll(`
       SELECT cr.id, cr.order_id, cr.level, cr.amount, cr.rate, cr.created_at,
              u.name as source_buyer_name
       FROM commission_records cr
       LEFT JOIN users u ON u.id = cr.source_buyer_id
       WHERE cr.beneficiary_id = ?
       ORDER BY cr.created_at DESC LIMIT 20
-    `).all(userId);
-        const me = db.prepare("SELECT sponsor_id, sponsor_path, region FROM users WHERE id = ?").get(userId);
-        const mySponsor = me?.sponsor_id ? db.prepare("SELECT name FROM users WHERE id = ?").get(me.sponsor_id) : null;
-        const myUser = db.prepare("SELECT total_left_pv, total_right_pv, left_child_id, right_child_id, placement_id, placement_side FROM users WHERE id = ?").get(userId);
-        const leftChildName = myUser?.left_child_id ? db.prepare("SELECT name FROM users WHERE id = ?").get(myUser.left_child_id)?.name : null;
-        const rightChildName = myUser?.right_child_id ? db.prepare("SELECT name FROM users WHERE id = ?").get(myUser.right_child_id)?.name : null;
-        const myPlacementName = myUser?.placement_id ? db.prepare("SELECT name FROM users WHERE id = ?").get(myUser.placement_id)?.name : null;
-        const scoreAgg = db.prepare(`
+    `, [userId]);
+        const me = (await dbOne("SELECT sponsor_id, sponsor_path, region FROM users WHERE id = ?", [userId]));
+        const mySponsor = me?.sponsor_id ? (await dbOne("SELECT name FROM users WHERE id = ?", [me.sponsor_id])) : null;
+        const myUser = await dbOne("SELECT total_left_pv, total_right_pv, left_child_id, right_child_id, placement_id, placement_side FROM users WHERE id = ?", [userId]);
+        const leftChildName = myUser?.left_child_id ? (await dbOne("SELECT name FROM users WHERE id = ?", [myUser.left_child_id]))?.name : null;
+        const rightChildName = myUser?.right_child_id ? (await dbOne("SELECT name FROM users WHERE id = ?", [myUser.right_child_id]))?.name : null;
+        const myPlacementName = myUser?.placement_id ? (await dbOne("SELECT name FROM users WHERE id = ?", [myUser.placement_id]))?.name : null;
+        const scoreAgg = (await dbOne(`
       SELECT
         COALESCE(SUM(CASE WHEN settled_at IS NULL THEN score ELSE 0 END),0) as pending_score,
         COALESCE(SUM(CASE WHEN settled_at IS NOT NULL THEN waz_amount ELSE 0 END),0) as settled_waz,
         COUNT(*) as total_hits
       FROM binary_score_records WHERE user_id = ?
-    `).get(userId);
-        const recentBinary = db.prepare(`
+    `, [userId]));
+        const recentBinary = await dbAll(`
       SELECT id, tier, score, settled_at, waz_amount, created_at
       FROM binary_score_records WHERE user_id = ?
       ORDER BY created_at DESC LIMIT 10
-    `).all(userId);
-        const tiers = db.prepare("SELECT tier, pv_threshold, score_per_hit FROM binary_tier_config WHERE active=1 ORDER BY tier ASC").all();
+    `, [userId]);
+        const tiers = await dbAll("SELECT tier, pv_threshold, score_per_hit FROM binary_tier_config WHERE active=1 ORDER BY tier ASC");
         const canL1Share = isAllowedSponsor(userId);
-        const completedOrders = db.prepare("SELECT COUNT(*) as n FROM orders WHERE buyer_id = ? AND status = 'completed'").get(userId).n;
-        const overrideRow = db.prepare("SELECT l1_share_override FROM users WHERE id = ?").get(userId);
-        const shareableProducts = db.prepare(`
+        const completedOrders = (await dbOne("SELECT COUNT(*) as n FROM orders WHERE buyer_id = ? AND status = 'completed'", [userId])).n;
+        const overrideRow = await dbOne("SELECT l1_share_override FROM users WHERE id = ?", [userId]);
+        const shareableProducts = await dbAll(`
       SELECT p.id, p.title, p.price, p.category, p.commission_rate,
         (SELECT COUNT(*) FROM orders o WHERE o.product_id = p.id AND o.status = 'completed') as total_sales,
         COALESCE((SELECT SUM(cr.amount) FROM commission_records cr
@@ -66,20 +68,20 @@ export function registerPromoterRoutes(app, deps) {
         AND p.commission_rate IS NOT NULL AND p.commission_rate > 0
         AND p.status = 'active'
       ORDER BY my_earned DESC, total_sales DESC LIMIT 20
-    `).all(userId, userId);
-        const earnedLast30 = db.prepare(`
+    `, [userId, userId]);
+        const earnedLast30 = (await dbOne(`
       SELECT COALESCE(SUM(amount),0) as total FROM commission_records
       WHERE beneficiary_id = ? AND created_at >= datetime('now','-30 days')
-    `).get(userId).total;
-        const earnedPrev30 = db.prepare(`
+    `, [userId])).total;
+        const earnedPrev30 = (await dbOne(`
       SELECT COALESCE(SUM(amount),0) as total FROM commission_records
       WHERE beneficiary_id = ? AND created_at >= datetime('now','-60 days')
         AND created_at < datetime('now','-30 days')
-    `).get(userId).total;
-        const wazLast30 = db.prepare(`
+    `, [userId])).total;
+        const wazLast30 = (await dbOne(`
       SELECT COALESCE(SUM(waz_amount),0) as total FROM binary_score_records
       WHERE user_id = ? AND settled_at >= datetime('now','-30 days')
-    `).get(userId).total;
+    `, [userId])).total;
         const projection = {
             last_30_commission: earnedLast30,
             prev_30_commission: earnedPrev30,
@@ -99,7 +101,7 @@ export function registerPromoterRoutes(app, deps) {
             else
                 insights.push({ type: 'balanced', level: 'success', text: `双腿均衡度 ${(ratio * 100).toFixed(0)}% — 对碰节奏健康` });
         }
-        const lastInvite = db.prepare(`SELECT MAX(created_at) as t FROM users WHERE sponsor_id = ?`).get(userId);
+        const lastInvite = (await dbOne(`SELECT MAX(created_at) as t FROM users WHERE sponsor_id = ?`, [userId]));
         if (lastInvite.t) {
             const days = Math.floor((Date.now() - new Date(lastInvite.t).getTime()) / 86400_000);
             if (days > 14)
@@ -121,10 +123,10 @@ export function registerPromoterRoutes(app, deps) {
         if (shareableProducts.length > 0 && grand === 0) {
             insights.push({ type: 'first_share', level: 'info', text: `你有 ${shareableProducts.length} 个可分享商品但暂无成交 — 试着把链接发给身边的人` });
         }
-        const treeNode = (uid) => {
+        const treeNode = async (uid) => {
             if (!uid)
                 return null;
-            const u = db.prepare("SELECT id, name, total_left_pv, total_right_pv, left_child_id, right_child_id FROM users WHERE id = ?").get(uid);
+            const u = await dbOne("SELECT id, name, total_left_pv, total_right_pv, left_child_id, right_child_id FROM users WHERE id = ?", [uid]);
             if (!u)
                 return null;
             return {
@@ -135,25 +137,29 @@ export function registerPromoterRoutes(app, deps) {
                 right_id: u.right_child_id ?? null,
             };
         };
-        const me_node = treeNode(userId);
-        const left_node = treeNode(myUser?.left_child_id);
-        const right_node = treeNode(myUser?.right_child_id);
+        const me_node = await treeNode(userId);
+        const left_node = await treeNode(myUser?.left_child_id);
+        const right_node = await treeNode(myUser?.right_child_id);
         const binaryTree = {
             me: me_node,
             left: left_node,
             right: right_node,
-            ll: treeNode(left_node?.left_id),
-            lr: treeNode(left_node?.right_id),
-            rl: treeNode(right_node?.left_id),
-            rr: treeNode(right_node?.right_id),
+            ll: await treeNode(left_node?.left_id),
+            lr: await treeNode(left_node?.right_id),
+            rl: await treeNode(right_node?.left_id),
+            rr: await treeNode(right_node?.right_id),
         };
-        const meCard = db.prepare("SELECT permanent_code, handle FROM users WHERE id = ?").get(userId);
-        const codeForLink = meCard?.permanent_code || userId;
+        const meCard = await dbOne("SELECT permanent_code, handle FROM users WHERE id = ?", [userId]);
+        // invite links use permanent_code ONLY — never fall back to user_id (would leak usr_xxx into ?ref).
+        const codeForLink = meCard?.permanent_code || null;
+        const host = `${req.protocol}://${req.get('host')}`;
         res.json({
             user_id: userId,
             permanent_code: meCard?.permanent_code || null,
             handle: meCard?.handle || null,
-            referral_link: `${req.protocol}://${req.get('host')}/i/${codeForLink}`,
+            invite_code_available: !!codeForLink,
+            referral_link: codeForLink ? `${host}/i/${codeForLink}` : null,
+            invite_unavailable_reason: codeForLink ? null : 'permanent_code_missing — refresh or contact support',
             region: me?.region || 'global',
             my_sponsor: mySponsor ? { id: me.sponsor_id, name: mySponsor.name } : null,
             permissions: {
@@ -176,8 +182,8 @@ export function registerPromoterRoutes(app, deps) {
             projection,
             insights,
             atomic: {
-                left_invite_url: `${req.protocol}://${req.get('host')}/i/${codeForLink}-L`,
-                right_invite_url: `${req.protocol}://${req.get('host')}/i/${codeForLink}-R`,
+                left_invite_url: codeForLink ? `${host}/i/${codeForLink}-L` : null,
+                right_invite_url: codeForLink ? `${host}/i/${codeForLink}-R` : null,
                 total_left_pv: Number(myUser?.total_left_pv ?? 0),
                 total_right_pv: Number(myUser?.total_right_pv ?? 0),
                 left_child: myUser?.left_child_id ? { id: myUser.left_child_id, name: leftChildName } : null,
@@ -191,18 +197,18 @@ export function registerPromoterRoutes(app, deps) {
         });
     });
     // 直推 L1 列表
-    app.get('/api/promoter/team', (req, res) => {
+    app.get('/api/promoter/team', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const userId = user.id;
-        const rows = db.prepare(`
+        const rows = await dbAll(`
       SELECT u.id, u.name, u.created_at, u.region,
         (SELECT COUNT(*) FROM users WHERE sponsor_id = u.id) as their_l1,
         COALESCE((SELECT SUM(amount) FROM commission_records WHERE beneficiary_id = ? AND source_buyer_id = u.id), 0) as my_earned_from_them
       FROM users u WHERE u.sponsor_id = ?
       ORDER BY u.created_at DESC LIMIT 100
-    `).all(userId, userId);
+    `, [userId, userId]);
         res.json({ team: rows });
     });
 }

package/dist/pwa/routes/public-build-tasks.js

@@ -0,0 +1,19 @@
+import { listBuildTasksWithAgentMetadata, getBuildTaskWithAgentMetadata, validateTaskFilters, withContributionReadEnvelope } from '../../layer2-business/L2-9-contribution/build-task-read.js';
+export function registerPublicBuildTasksRoutes(app, deps) {
+    const { db, errorRes } = deps;
+    app.get('/api/public/build-tasks', (req, res) => {
+        const v = validateTaskFilters(req.query);
+        if (!v.ok)
+            return void errorRes(res, 400, v.code, v.detail); // fail-closed: bad filter → typed 400
+        const tasks = listBuildTasksWithAgentMetadata(db, v.filters, 'public');
+        res.json(withContributionReadEnvelope({ tasks }));
+    });
+    app.get('/api/public/build-tasks/:id', (req, res) => {
+        // 'public' scope already restricts to audience=public + status=open; a non-visible task returns null →
+        // 404 (same as truly-missing, so existence of a restricted/internal task is never disclosed).
+        const task = getBuildTaskWithAgentMetadata(db, String(req.params.id), 'public');
+        if (!task)
+            return void errorRes(res, 404, 'NOT_FOUND', '任务不存在');
+        res.json(withContributionReadEnvelope({ task }));
+    });
+}

package/dist/pwa/routes/public-utils.js

@@ -2,6 +2,7 @@ import path from 'node:path';
 import { readFileSync } from 'node:fs';
 import { fileURLToPath } from 'node:url';
 import { SOFTWARE_VERSION, CONTRACT_VERSION } from '../../version.js';
+import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 import { capabilityMatrix } from '../endpoint-actions.js';
 import { buildEntityDictionary } from '../entity-dictionary.js';
 import { buildGoalIndex } from '../goal-index.js';
@@ -13,13 +14,13 @@ import { buildNegativeSpace } from '../negative-space.js';
 import { buildAcpProductFeed } from '../acp-feed.js';
 export function registerPublicUtilsRoutes(app, deps) {
     const { db, MASTER_SEED, NODE_ENV, SERVICE_START_MS, rateLimitOk, generateManifest, getUser, logError, issuerAddress } = deps;
-    app.get('/api/health', (_req, res) => {
+    app.get('/api/health', async (_req, res) => {
         const t0 = Date.now();
         let dbOk = false;
         let dbLatency = 0;
         try {
             const t1 = Date.now();
-            const r = db.prepare('SELECT 1 as ok').get();
+            const r = await dbOne('SELECT 1 as ok');
             dbLatency = Date.now() - t1;
             dbOk = r?.ok === 1;
         }
@@ -37,7 +38,7 @@ export function registerPublicUtilsRoutes(app, deps) {
             check_ms: Date.now() - t0,
         });
     });
-    app.post('/api/mcp-telemetry', (req, res) => {
+    app.post('/api/mcp-telemetry', async (req, res) => {
         const ip = req.ip || 'unknown';
         if (!rateLimitOk(ip))
             return void res.status(429).json({ error: 'rate-limited' });
@@ -55,17 +56,17 @@ export function registerPublicUtilsRoutes(app, deps) {
         const uih = typeof user_id_hash === 'string' && /^[0-9a-f]{1,32}$/.test(user_id_hash) ? user_id_hash : null;
         const sv = typeof server_version === 'string' && server_version.length <= 32 ? server_version : null;
         try {
-            db.prepare(`
+            await dbRun(`
         INSERT INTO mcp_tool_calls (tool_name, user_id_hash, server_version, outcome, latency_ms)
         VALUES (?, ?, ?, ?, ?)
-      `).run(tool_name, uih, sv, outcome, Math.round(lat));
+      `, [tool_name, uih, sv, outcome, Math.round(lat)]);
         }
         catch { /* swallow — never fail telemetry */ }
         res.json({ ok: true });
     });
-    app.get('/api/system-flags', (_req, res) => {
-        const requireRef = db.prepare("SELECT value FROM system_state WHERE key='require_ref_to_register'").get()?.value === '1';
-        const inviteRotation = db.prepare("SELECT value FROM system_state WHERE key='invite_rotation_enabled'").get()?.value === '1';
+    app.get('/api/system-flags', async (_req, res) => {
+        const requireRef = (await dbOne("SELECT value FROM system_state WHERE key='require_ref_to_register'"))?.value === '1';
+        const inviteRotation = (await dbOne("SELECT value FROM system_state WHERE key='invite_rotation_enabled'"))?.value === '1';
         // #1049 Turnstile 公钥(若启用),前端注册表单 widget 用
         const turnstileSiteKey = process.env.TURNSTILE_SITE_KEY || null;
         res.json({
@@ -79,11 +80,11 @@ export function registerPublicUtilsRoutes(app, deps) {
     //   /api/protocol-status              — JSON API 别名(同份内容)
     // 内容:network_state(协议处于哪一阶段 + 诚实免责) + issuers(信任锚地址 + 轮换历史)
     // 信任锚是 Phase 4 凭证(/api/me/agents/:prefix/passport)的验签依据,陌生第三方靠这个端点找到"webaz 官方地址"。
-    function buildProtocolManifest() {
-        const phase = db.prepare("SELECT value FROM system_state WHERE key='protocol_phase'").get()?.value || 'pre_launch';
+    async function buildProtocolManifest() {
+        const phase = (await dbOne("SELECT value FROM system_state WHERE key='protocol_phase'"))?.value || 'pre_launch';
         // real_users = 已绑 Passkey 的账号数(我们的"真人"定义);pre-launch 应当 ≈0
-        const realUsers = db.prepare("SELECT COUNT(DISTINCT user_id) AS n FROM webauthn_credentials").get()?.n ?? 0;
-        const issuerActiveSince = db.prepare("SELECT value FROM system_state WHERE key='issuer_active_since'").get()?.value || '2026-05-30';
+        const realUsers = (await dbOne("SELECT COUNT(DISTINCT user_id) AS n FROM webauthn_credentials"))?.n ?? 0;
+        const issuerActiveSince = (await dbOne("SELECT value FROM system_state WHERE key='issuer_active_since'"))?.value || '2026-05-30';
         return {
             name: 'WebAZ Protocol',
             // RFC-011 §④ 两轴版本(单一来源 src/version.ts):
@@ -152,11 +153,12 @@ export function registerPublicUtilsRoutes(app, deps) {
                 change_feed: 'https://webaz.xyz/api/agent/changes', // ④ 契约变更 + 指纹 + 弃用
                 verifiability_index: 'https://webaz.xyz/.well-known/webaz-verifiability.json', // ⑤ 什么可验+怎么验
                 economic_participation: 'https://webaz.xyz/.well-known/webaz-economic.json', // ⑧ value-participant 角色经济条款(费率实时)
+                launch_pulse: 'https://webaz.xyz/.well-known/webaz-launch-pulse.json', // L2 follow-the-launch:诚实 live 计数 + 动量 + 里程碑
                 negative_space: 'https://webaz.xyz/.well-known/webaz-negative-space.json', // ② 负空间(禁区 + 限额 + 后果阶梯)
                 event_stream: 'https://webaz.xyz/api/agent/events?since=<cursor>', // ⑥ 事件游标流(party-gated,需 auth)
                 passport: 'https://webaz.xyz/api/me/agents/:apiKeyPrefix/passport', // ⑤ 可验护照
                 did: 'https://webaz.xyz/.well-known/did.json',
-                acp_product_feed: 'https://webaz.xyz/.well-known/webaz-acp-feed.json', // RFC-015 P0 — ACP 风格商品发现 feed(只读;is_eligible_checkout=false)
+                acp_product_feed: 'https://webaz.xyz/.well-known/webaz-acp-feed.json', // RFC-015 P0 — ACP-inspired 商品【发现】投影(非 strict ACP-ingestable;只读;is_eligible_checkout=false;见 feed.compatibility)
             },
             // 路线图 — 回应"知道还有哪些没做"的诚实化第三层。哲学:公开当前到达点 + 已知未做项,不承诺时间表。
             roadmap: {
@@ -183,13 +185,66 @@ export function registerPublicUtilsRoutes(app, deps) {
             },
         };
     }
-    app.get('/.well-known/webaz-protocol.json', (_req, res) => {
+    app.get('/.well-known/webaz-protocol.json', async (_req, res) => {
         res.setHeader('Cache-Control', 'public, max-age=300'); // 5min 边缘缓存,降轮询
-        res.json(buildProtocolManifest());
+        res.json(await buildProtocolManifest());
     });
-    app.get('/api/protocol-status', (_req, res) => {
+    app.get('/api/protocol-status', async (_req, res) => {
         res.setHeader('Cache-Control', 'public, max-age=300');
-        res.json(buildProtocolManifest());
+        res.json(await buildProtocolManifest());
+    });
+    // L2 onboarding「follow the launch」(2026-06-08):pre-launch 没有"买"作为回访理由,
+    //   给早期信徒一个【诚实】的"看协议苏醒"面 —— 真实计数 + 7d 动量 + 里程碑(firsts),零粉饰。
+    //   纯公开读(无 auth),网站侧(不进 MCP 包,Railway 部署即生效)。
+    // RFC-016 Phase 0 试点:本函数改用异步 DB seam(dbOne)。其余 call site 后续分批迁。
+    async function buildLaunchPulse() {
+        const count = async (sql) => ((await dbOne(sql))?.n ?? 0);
+        const firstAt = async (sql) => ((await dbOne(sql))?.t ?? null);
+        const phase = (await dbOne("SELECT value FROM system_state WHERE key='protocol_phase'"))?.value || 'pre_launch';
+        const [passkey, sellers, products, completed, disputesResolved, newPasskey7d, orders7d, firstSeller, firstProduct, firstOrder, firstCompleted, firstDispute] = await Promise.all([
+            count("SELECT COUNT(DISTINCT user_id) AS n FROM webauthn_credentials"),
+            count("SELECT COUNT(*) AS n FROM users WHERE roles LIKE '%seller%' AND (deleted_at IS NULL OR deleted_at = '')"),
+            count("SELECT COUNT(*) AS n FROM products WHERE status='active'"),
+            count("SELECT COUNT(*) AS n FROM orders WHERE status='completed'"),
+            count("SELECT COUNT(*) AS n FROM disputes WHERE status='resolved'"),
+            count("SELECT COUNT(DISTINCT user_id) AS n FROM webauthn_credentials WHERE created_at > datetime('now','-7 day')"),
+            count("SELECT COUNT(*) AS n FROM orders WHERE created_at > datetime('now','-7 day')"),
+            firstAt("SELECT MIN(created_at) AS t FROM users WHERE roles LIKE '%seller%'"),
+            firstAt("SELECT MIN(created_at) AS t FROM products"),
+            firstAt("SELECT MIN(created_at) AS t FROM orders"),
+            firstAt("SELECT MIN(updated_at) AS t FROM orders WHERE status='completed'"),
+            firstAt("SELECT MIN(resolved_at) AS t FROM disputes WHERE status='resolved'"),
+        ]);
+        return {
+            phase,
+            as_of: new Date().toISOString(),
+            note: 'Honest pre-launch pulse — real counts, zero inflation. Watch the protocol wake up; come back to see it grow.',
+            participants: { passkey_bound_humans: passkey, sellers },
+            catalog: { active_products: products },
+            activity: {
+                completed_orders: completed,
+                disputes_resolved: disputesResolved,
+                new_passkey_humans_7d: newPasskey7d,
+                orders_7d: orders7d,
+            },
+            milestones: {
+                first_seller_at: firstSeller,
+                first_product_listed_at: firstProduct,
+                first_order_at: firstOrder,
+                first_order_completed_at: firstCompleted,
+                first_dispute_resolved_at: firstDispute,
+            },
+            next: 'Public launch unlocks real settlement. Follow it / get notified at launch + request an invite: https://webaz.xyz/#welcome',
+            honesty: 'Pre-launch: WAZ is a simulated test currency; no real money settles yet. These numbers are the live protocol state, not market-size or investment signal.',
+        };
+    }
+    app.get('/.well-known/webaz-launch-pulse.json', async (_req, res) => {
+        res.setHeader('Cache-Control', 'public, max-age=120');
+        res.json(await buildLaunchPulse());
+    });
+    app.get('/api/launch-pulse', async (_req, res) => {
+        res.setHeader('Cache-Control', 'public, max-age=120');
+        res.json(await buildLaunchPulse());
     });
     // RFC-011 §② — agent 可读能力矩阵(写边界 action-scope + 敏感读 scope)。
     //   live = 直接序列化 enforce 用的规则表(src/pwa/endpoint-actions.ts),doc=code 零漂移。
@@ -266,32 +321,39 @@ export function registerPublicUtilsRoutes(app, deps) {
     });
     // RFC-011 §⑧ 经济参与索引 —— value-participant 角色 × 赚什么/押什么/担什么责,
     //   费率【实时】从 protocol_params 读(doc=code,永不和 enforced 经济漂移)。
-    const liveParam = (key, fallback) => {
-        const row = db.prepare('SELECT value, type FROM protocol_params WHERE key = ?').get(key);
-        if (!row)
-            return fallback;
-        if (row.type === 'number')
-            return Number(row.value);
-        if (row.type === 'boolean')
-            return (row.value === 'true' || row.value === '1');
-        return row.value;
+    // RFC-016: 一次性异步预取全部 protocol_params → Map,再返回同步 getter,喂给
+    //   buildEconomicParticipation / buildNegativeSpace(保持其同步签名,不动共享 module),仍是 doc=code 实时读。
+    const loadLiveParam = async () => {
+        const paramRows = await dbAll('SELECT key, value, type FROM protocol_params');
+        const paramMap = new Map(paramRows.map(r => [r.key, r]));
+        return (key, fallback) => {
+            const row = paramMap.get(key);
+            if (!row)
+                return fallback;
+            if (row.type === 'number')
+                return Number(row.value);
+            if (row.type === 'boolean')
+                return (row.value === 'true' || row.value === '1');
+            return row.value;
+        };
     };
-    const economic = (_req, res) => {
+    const economic = async (_req, res) => {
         res.setHeader('Cache-Control', 'public, max-age=300');
-        res.json(buildEconomicParticipation(liveParam));
+        res.json(buildEconomicParticipation(await loadLiveParam()));
     };
     app.get('/.well-known/webaz-economic.json', economic);
     app.get('/api/agent/economic-participation', economic);
     // RFC-011 §② 负空间 —— 禁区 + enforced 限额 + 后果阶梯(per-agent 速率实时读)。
-    const negativeSpace = (_req, res) => {
+    const negativeSpace = async (_req, res) => {
         res.setHeader('Cache-Control', 'public, max-age=300');
-        res.json(buildNegativeSpace(liveParam));
+        res.json(buildNegativeSpace(await loadLiveParam()));
     };
     app.get('/.well-known/webaz-negative-space.json', negativeSpace);
     app.get('/api/agent/negative-space', negativeSpace);
-    // RFC-015 P0 —— ACP product feed:把现有商品投影成 OpenAI Agentic Commerce 的 feed 形状,
-    //   让 ACP/ChatGPT agent 能【发现】WebAZ 商品(只读,无钱)。诚实门控:is_eligible_checkout 恒 false
-    //   (ACP /complete 是卡+PSP,WebAZ 未接);currency=WAZ 是模拟单位。详见 buildAcpProductFeed + RFC-015。
+    // RFC-015 P0 —— ACP-inspired 商品【发现】投影:把现有商品投影成 OpenAI Agentic Commerce 的 feed 形状,
+    //   让 ACP/ChatGPT agent 能【发现】WebAZ 商品(只读,无钱)。【非 strict ACP-ingestable feed】(Codex #151):
+    //   currency=WAZ 非 ISO 4217、is_eligible_checkout 恒 false(ACP /complete 是卡+PSP,WebAZ 未接)、
+    //   不发 target_countries/store_country 等商家必填字段 —— 非合规点逐条见 feed.compatibility。详见 buildAcpProductFeed + RFC-015。
     const acpFeed = (_req, res) => {
         res.setHeader('Cache-Control', 'public, max-age=300');
         res.json(buildAcpProductFeed(db));
@@ -338,8 +400,8 @@ export function registerPublicUtilsRoutes(app, deps) {
             ],
         });
     });
-    app.get('/api/editor-picks', (_req, res) => {
-        const products = db.prepare(`
+    app.get('/api/editor-picks', async (_req, res) => {
+        const products = await dbAll(`
       SELECT ep.id, ep.target_id, ep.title, ep.note, ep.starts_at, ep.ends_at, ep.sort_order,
         p.title as product_title, p.price, p.images, p.category,
         u.handle as seller_handle
@@ -348,30 +410,30 @@ export function registerPublicUtilsRoutes(app, deps) {
       JOIN users u ON u.id = p.seller_id
       WHERE ep.kind = 'product' AND ep.starts_at <= datetime('now') AND ep.ends_at > datetime('now')
       ORDER BY ep.sort_order ASC, ep.created_at DESC LIMIT 20
-    `).all();
-        const sellers = db.prepare(`
+    `);
+        const sellers = await dbAll(`
       SELECT ep.id, ep.target_id, ep.title, ep.note, ep.starts_at, ep.ends_at, ep.sort_order,
         u.handle, u.name, u.shop_banner_url, u.bio
       FROM editor_picks ep
       JOIN users u ON u.id = ep.target_id AND u.role = 'seller'
       WHERE ep.kind = 'seller' AND ep.starts_at <= datetime('now') AND ep.ends_at > datetime('now')
       ORDER BY ep.sort_order ASC, ep.created_at DESC LIMIT 20
-    `).all();
+    `);
         res.json({ products, sellers });
     });
-    app.get('/api/manifest', (_req, res) => {
-        res.json(generateManifest(db));
+    app.get('/api/manifest', async (_req, res) => {
+        res.json(await generateManifest(db));
     });
     // W3.5-B 治理上岗公开 stats(docs/GOVERNANCE-ONBOARDING.md)
     // 无 auth — agent / 用户 / 第三方都可读;不暴露 PII
-    app.get('/api/governance/onboarding-stats', (_req, res) => {
+    app.get('/api/governance/onboarding-stats', async (_req, res) => {
         res.setHeader('Cache-Control', 'public, max-age=300');
         try {
             // active counts(users.roles 含 arbitrator / verifier 的人数,fixture 也算)
-            const arbitratorCount = db.prepare(`SELECT COUNT(*) AS n FROM users WHERE roles LIKE '%arbitrator%' AND (deleted_at IS NULL OR deleted_at = '')`).get()?.n ?? 0;
-            const verifierCount = db.prepare(`SELECT COUNT(*) AS n FROM users WHERE roles LIKE '%verifier%' AND (deleted_at IS NULL OR deleted_at = '')`).get()?.n ?? 0;
+            const arbitratorCount = (await dbOne(`SELECT COUNT(*) AS n FROM users WHERE roles LIKE '%arbitrator%' AND (deleted_at IS NULL OR deleted_at = '')`))?.n ?? 0;
+            const verifierCount = (await dbOne(`SELECT COUNT(*) AS n FROM users WHERE roles LIKE '%verifier%' AND (deleted_at IS NULL OR deleted_at = '')`))?.n ?? 0;
             // pending applications
-            const pendingCount = db.prepare(`SELECT COUNT(*) AS n FROM governance_applications WHERE status = 'pending_onboarding'`).get()?.n ?? 0;
+            const pendingCount = (await dbOne(`SELECT COUNT(*) AS n FROM governance_applications WHERE status = 'pending_onboarding'`))?.n ?? 0;
             // 资格门槛 snapshot(给前端 pre-check 显示)
             // ⚠️ 2026-06-03 #4 修:此前这里 dump 装饰性 protocol_params.governance_onboarding.*,
             //   与代码实际 enforce 的门槛不符(例 min_completed_orders param=5,但代码 arbitrator 要 50 /
@@ -380,10 +442,10 @@ export function registerPublicUtilsRoutes(app, deps) {
             // ⚠️ 必须与 server.ts checkArbitratorEligibility / checkVerifierEligibility 保持同步。
             const eligibility = {
                 arbitrator: { registration_days: 90, completed_orders: 50, reputation: 300, balance_waz: 500, email_verified: true, zero_disputes_lost: true, never_suspended: true },
-                verifier: { registration_days: 60, completed_orders: 20, email_verified: true, zero_disputes_lost: true, never_suspended: true },
+                verifier: { registration_days: 60, completed_orders: 20, reputation: 110, balance_waz: 200, email_verified: true, zero_disputes_lost: true, never_suspended: true },
             };
             // quiz_pass_score 是真正被代码读取的 param(governance-onboarding.ts quiz-submit),保留。
-            const quizPassRow = db.prepare(`SELECT value FROM protocol_params WHERE key = 'governance_onboarding.quiz_pass_score'`).get();
+            const quizPassRow = await dbOne(`SELECT value FROM protocol_params WHERE key = 'governance_onboarding.quiz_pass_score'`);
             const quizPassScore = Number(quizPassRow?.value ?? 80);
             res.json({
                 phase: 'A',

package/dist/pwa/routes/push.js

@@ -1,17 +1,20 @@
-/** web-push 失败回调：删除已失效订阅。导出以备 P1-5 任务调用。 */
-export function cleanupStaleSubscription(db, endpoint) {
+import { dbOne, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
+/** web-push 失败回调：删除已失效订阅。导出以备 P1-5 任务调用。
+ *  RFC-016: db 参数保留(调用方签名兼容),内部走异步 seam(同实例,setSeamDb)。 */
+export async function cleanupStaleSubscription(_db, endpoint) {
     if (!endpoint)
         return;
-    db.prepare('DELETE FROM push_subscriptions WHERE endpoint = ?').run(endpoint);
+    await dbRun('DELETE FROM push_subscriptions WHERE endpoint = ?', [endpoint]);
 }
 export function registerPushRoutes(app, deps) {
-    const { db, generateId, auth, vapidPublicKey } = deps;
+    // db 已走 RFC-016 异步 seam(dbOne/dbRun),不再直接用 deps.db
+    const { generateId, auth, vapidPublicKey } = deps;
     app.get('/api/push/vapid-public-key', (_req, res) => {
         if (!vapidPublicKey)
             return void res.status(503).json({ error: '推送未配置，请联系管理员设置 VAPID_PUBLIC_KEY' });
         res.json({ key: vapidPublicKey });
     });
-    app.post('/api/push/subscribe', (req, res) => {
+    app.post('/api/push/subscribe', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -21,34 +24,32 @@ export function registerPushRoutes(app, deps) {
         }
         const id = generateId('psub');
         // 同 user + endpoint 视作重新订阅
-        const existing = db.prepare('SELECT id FROM push_subscriptions WHERE user_id = ? AND endpoint = ?').get(user.id, String(endpoint));
+        const existing = await dbOne('SELECT id FROM push_subscriptions WHERE user_id = ? AND endpoint = ?', [user.id, String(endpoint)]);
         if (existing) {
-            db.prepare('UPDATE push_subscriptions SET p256dh = ?, auth = ?, user_agent = ?, enabled = 1 WHERE id = ?')
-                .run(String(keys.p256dh), String(keys.auth), user_agent ? String(user_agent).slice(0, 200) : null, existing.id);
+            await dbRun('UPDATE push_subscriptions SET p256dh = ?, auth = ?, user_agent = ?, enabled = 1 WHERE id = ?', [String(keys.p256dh), String(keys.auth), user_agent ? String(user_agent).slice(0, 200) : null, existing.id]);
             return void res.json({ success: true, id: existing.id });
         }
-        db.prepare(`INSERT INTO push_subscriptions (id, user_id, endpoint, p256dh, auth, user_agent) VALUES (?,?,?,?,?,?)`)
-            .run(id, user.id, String(endpoint), String(keys.p256dh), String(keys.auth), user_agent ? String(user_agent).slice(0, 200) : null);
+        await dbRun(`INSERT INTO push_subscriptions (id, user_id, endpoint, p256dh, auth, user_agent) VALUES (?,?,?,?,?,?)`, [id, user.id, String(endpoint), String(keys.p256dh), String(keys.auth), user_agent ? String(user_agent).slice(0, 200) : null]);
         res.json({ success: true, id });
     });
-    app.delete('/api/push/subscribe', (req, res) => {
+    app.delete('/api/push/subscribe', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const { endpoint } = req.body || {};
         if (endpoint) {
-            db.prepare('DELETE FROM push_subscriptions WHERE user_id = ? AND endpoint = ?').run(user.id, String(endpoint));
+            await dbRun('DELETE FROM push_subscriptions WHERE user_id = ? AND endpoint = ?', [user.id, String(endpoint)]);
         }
         else {
-            db.prepare('DELETE FROM push_subscriptions WHERE user_id = ?').run(user.id);
+            await dbRun('DELETE FROM push_subscriptions WHERE user_id = ?', [user.id]);
         }
         res.json({ success: true });
     });
-    app.get('/api/push/status', (req, res) => {
+    app.get('/api/push/status', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const cnt = db.prepare('SELECT COUNT(*) as n FROM push_subscriptions WHERE user_id = ? AND enabled = 1').get(user.id).n;
+        const cnt = (await dbOne('SELECT COUNT(*) as n FROM push_subscriptions WHERE user_id = ? AND enabled = 1', [user.id])).n;
         res.json({ subscribed: cnt > 0, count: cnt, vapid_configured: !!vapidPublicKey });
     });
 }