@seasonkoh/webaz 0.1.24 → 0.1.25

package/dist/layer2-business/L2-9-contribution/task-proposal-store.js

@@ -0,0 +1,129 @@
+import { generateId } from '../../layer0-foundation/L0-1-database/schema.js';
+export const PROPOSAL_STATUSES = ['new', 'needs_info', 'rejected', 'converted'];
+export const REVIEW_TARGETS = ['needs_info', 'rejected', 'converted']; // 'new' is the initial state only
+const TITLE_MIN = 3, TITLE_MAX = 200, SUMMARY_MAX = 2000, AREA_MAX = 64, OUTCOME_MAX = 2000, SOURCE_MAX = 500, LOGIN_MAX = 100, NOTE_MAX = 2000, CONVERTED_REF_MAX = 500;
+const CREATE_TABLE = `
+  CREATE TABLE IF NOT EXISTS task_proposals (
+    id                    TEXT PRIMARY KEY,
+    title                 TEXT NOT NULL CHECK (length(trim(title)) >= 3 AND length(title) <= 200),
+    summary               TEXT NOT NULL CHECK (length(trim(summary)) >= 1 AND length(summary) <= 2000),
+    suggested_area        TEXT CHECK (suggested_area IS NULL OR length(suggested_area) <= 64),
+    expected_outcome      TEXT CHECK (expected_outcome IS NULL OR length(expected_outcome) <= 2000),
+    source_ref            TEXT CHECK (source_ref IS NULL OR length(source_ref) <= 500),
+    proposer_account_id   TEXT,
+    proposer_github_login TEXT CHECK (proposer_github_login IS NULL OR length(proposer_github_login) <= 100),
+    status                TEXT NOT NULL DEFAULT 'new' CHECK (status IN ('new','needs_info','rejected','converted')),
+    reviewer_id           TEXT,
+    review_note           TEXT CHECK (review_note IS NULL OR length(review_note) <= 2000),
+    converted_ref         TEXT CHECK (converted_ref IS NULL OR length(converted_ref) <= 500),
+    created_at            TEXT NOT NULL DEFAULT (datetime('now')),
+    updated_at            TEXT NOT NULL DEFAULT (datetime('now'))
+  )
+`;
+const CREATE_INDEX = `CREATE INDEX IF NOT EXISTS idx_task_proposals_status ON task_proposals(status, created_at DESC)`;
+export function initTaskProposalSchema(db) {
+    db.exec(CREATE_TABLE);
+    db.exec(CREATE_INDEX);
+}
+/** Validate a public submission — fail-closed: bad/oversized fields are rejected, never silently truncated. */
+export function validateProposalInput(body) {
+    const b = (body ?? {});
+    const bad = (code, message) => ({ ok: false, code, message });
+    const asStr = (v) => (typeof v === 'string' ? v : v == null ? null : '__invalid__');
+    const titleRaw = asStr(b.title);
+    if (titleRaw === '__invalid__')
+        return bad('INVALID_TITLE', 'title must be a string');
+    const title = (titleRaw ?? '').trim();
+    if (title.length < TITLE_MIN)
+        return bad('TITLE_TOO_SHORT', `title must be at least ${TITLE_MIN} chars`);
+    if (title.length > TITLE_MAX)
+        return bad('TITLE_TOO_LONG', `title must be at most ${TITLE_MAX} chars`);
+    const summaryRaw = asStr(b.summary ?? b.reason);
+    if (summaryRaw === '__invalid__')
+        return bad('INVALID_SUMMARY', 'summary must be a string');
+    const summary = (summaryRaw ?? '').trim();
+    if (summary.length < 1)
+        return bad('SUMMARY_REQUIRED', 'summary (reason) is required');
+    if (summary.length > SUMMARY_MAX)
+        return bad('SUMMARY_TOO_LONG', `summary must be at most ${SUMMARY_MAX} chars`);
+    const optLen = (v, max, code) => {
+        if (v == null)
+            return null;
+        if (typeof v !== 'string')
+            return { code };
+        if (v.length > max)
+            return { code };
+        return v;
+    };
+    const area = optLen(b.suggested_area, AREA_MAX, 'SUGGESTED_AREA_TOO_LONG');
+    if (area && typeof area === 'object')
+        return bad(area.code, 'suggested_area invalid/too long');
+    const outcome = optLen(b.expected_outcome, OUTCOME_MAX, 'EXPECTED_OUTCOME_TOO_LONG');
+    if (outcome && typeof outcome === 'object')
+        return bad(outcome.code, 'expected_outcome invalid/too long');
+    const source = optLen(b.source_ref, SOURCE_MAX, 'SOURCE_REF_TOO_LONG');
+    if (source && typeof source === 'object')
+        return bad(source.code, 'source_ref invalid/too long');
+    const login = optLen(b.proposer_github_login, LOGIN_MAX, 'GITHUB_LOGIN_TOO_LONG');
+    if (login && typeof login === 'object')
+        return bad(login.code, 'proposer_github_login invalid/too long');
+    return { ok: true, input: { title, summary, suggested_area: area, expected_outcome: outcome, source_ref: source, proposer_github_login: login } };
+}
+const DEDUP_WINDOW = '-1 hours'; // SQLite datetime modifier — a recent-window duplicate guard
+/* eslint-disable @typescript-eslint/no-explicit-any */
+/**
+ * Insert a new proposal (status='new'). proposer_account_id is NEVER taken from the body (anti-spoof).
+ * Dedup (anti-flood): if an identical proposal already exists in the recent window — same non-empty
+ * `source_ref`, OR same (title, summary) — NO new row is inserted; returns `{ duplicate, existing_id }`.
+ */
+export function insertTaskProposal(db, input, proposerAccountId = null) {
+    const src = input.source_ref ?? null;
+    const dup = db.prepare(`SELECT id FROM task_proposals
+    WHERE created_at > datetime('now', ?)
+      AND (((? IS NOT NULL) AND source_ref = ?) OR (title = ? AND summary = ?))
+    ORDER BY created_at DESC LIMIT 1`).get(DEDUP_WINDOW, src, src, input.title, input.summary);
+    if (dup)
+        return { duplicate: true, existing_id: dup.id };
+    const id = generateId('tp');
+    db.prepare(`INSERT INTO task_proposals (id, title, summary, suggested_area, expected_outcome, source_ref, proposer_account_id, proposer_github_login, status)
+    VALUES (@id, @title, @summary, @suggested_area, @expected_outcome, @source_ref, @proposer_account_id, @proposer_github_login, 'new')`).run({
+        id, title: input.title, summary: input.summary,
+        suggested_area: input.suggested_area ?? null, expected_outcome: input.expected_outcome ?? null,
+        source_ref: src, proposer_account_id: proposerAccountId,
+        proposer_github_login: input.proposer_github_login ?? null,
+    });
+    return { id, status: 'new' };
+}
+export function listTaskProposals(db, filter = {}) {
+    const where = [];
+    const params = [];
+    if (filter.status && PROPOSAL_STATUSES.includes(filter.status)) {
+        where.push('status = ?');
+        params.push(filter.status);
+    }
+    return db.prepare(`SELECT id, title, summary, suggested_area, expected_outcome, source_ref, proposer_account_id,
+    proposer_github_login, status, reviewer_id, review_note, converted_ref, created_at, updated_at FROM task_proposals
+    ${where.length ? 'WHERE ' + where.join(' AND ') : ''} ORDER BY created_at DESC LIMIT 200`).all(...params);
+}
+/**
+ * Review a proposal: needs_info / rejected / converted. NO build_task is created here (conversion is a
+ * later manual maintainer step — deferred). Terminal states (rejected/converted) cannot be re-reviewed.
+ * `convertedRef` (only meaningful for `converted`) records the link to the real task / PR / release /
+ * product decision — the non-code contribution evidence chain { proposer → reviewer → converted_ref }.
+ * Recording only; no reward/score is computed.
+ */
+export function reviewTaskProposal(db, id, reviewerId, status, note, convertedRef) {
+    if (!REVIEW_TARGETS.includes(status))
+        return { error: 'status must be needs_info | rejected | converted', code: 'BAD_STATUS' };
+    if (convertedRef != null && (typeof convertedRef !== 'string' || convertedRef.length > CONVERTED_REF_MAX))
+        return { error: 'converted_ref invalid/too long', code: 'CONVERTED_REF_TOO_LONG' };
+    const cur = db.prepare('SELECT status FROM task_proposals WHERE id = ?').get(id);
+    if (!cur)
+        return { error: 'proposal not found', code: 'NOT_FOUND' };
+    if (cur.status === 'rejected' || cur.status === 'converted')
+        return { error: `proposal already ${cur.status}`, code: 'ALREADY_TERMINAL' };
+    const ref = status === 'converted' && typeof convertedRef === 'string' && convertedRef.trim() ? convertedRef.trim() : null;
+    db.prepare(`UPDATE task_proposals SET status = ?, reviewer_id = ?, review_note = ?, converted_ref = ?, updated_at = datetime('now') WHERE id = ?`)
+        .run(status, reviewerId, note ? String(note).slice(0, NOTE_MAX) : null, ref, id);
+    return { id, status, converted_ref: ref };
+}

package/dist/layer2-business/L2-notes/note-photo-storage.js

@@ -4,6 +4,7 @@ import * as fs from 'fs';
 import * as path from 'path';
 import * as os from 'os';
 import { createHash } from 'crypto';
+import { dbOne } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 seam(纯读)
 const NOTE_PHOTO_DIR = path.join(os.homedir(), '.webaz', 'note-photos');
 if (!fs.existsSync(NOTE_PHOTO_DIR))
     fs.mkdirSync(NOTE_PHOTO_DIR, { recursive: true });
@@ -71,7 +72,8 @@ function sniffImageMime(b) {
 //   - 再 POST /api/shareables 把 hash 写进 note_photo_index
 //   - 中间窗口（典型 几十秒）误删会让上传白费
 // 由 cron 每天调一次（与 evidence cleanup 同节奏）
-export function cleanupOrphanNotePhotos(db, graceMs = 60 * 60 * 1000) {
+// RFC-016 Phase 1:cron 清理 —— db 部分是纯读(查引用),迁异步 seam;文件删除为 fs 操作(非 db)。调用点 server.ts:9262 cron,inTx=false。
+export async function cleanupOrphanNotePhotos(_db, graceMs = 60 * 60 * 1000) {
     if (!fs.existsSync(NOTE_PHOTO_DIR))
         return { swept: 0, bytes: 0 };
     let swept = 0;
@@ -118,7 +120,7 @@ export function cleanupOrphanNotePhotos(db, graceMs = 60 * 60 * 1000) {
             const age = Math.max(0, now - fstat.mtimeMs);
             if (age < graceMs)
                 continue; // grace 窗口内保留
-            const row = db.prepare(`SELECT 1 FROM note_photo_index WHERE hash = ?`).get(fname);
+            const row = await dbOne(`SELECT 1 FROM note_photo_index WHERE hash = ?`, [fname]);
             if (!row) {
                 try {
                     bytes += fstat.size;

package/dist/layer3-trust/L3-1-dispute-engine/dispute-engine.js

@@ -13,6 +13,7 @@
  *   arbitrate 是 Iron-Rule 真人动作(需 Passkey) · 协议级改动审批见 CHARTER §3.2
  */
 import { generateId } from '../../layer0-foundation/L0-1-database/schema.js';
+import { dbOne, dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 seam(纯读)
 import { transition } from '../../layer0-foundation/L0-2-state-machine/engine.js';
 // RFC-014 PR5 — 争议资金处置走整数 base-units + 绝对值落库 + allocate 精确拆分。
 import { toUnits, toDecimal, mulRate, allocate } from '../../money.js';
@@ -646,21 +647,22 @@ export function submitEvidenceForRequest(db, requestId, submitterId, evidenceTyp
 /**
  * 查询争议的所有证据请求（含已提交内容）
  */
-export function getEvidenceRequests(db, disputeId) {
-    const rows = db.prepare(`
+// RFC-016 Phase 1:纯读 → 异步 seam(db 参数保留签名兼容,内部走 dbAll/dbOne;调用点全部已确认不在 db.transaction 内)。
+export async function getEvidenceRequests(_db, disputeId) {
+    const rows = await dbAll(`
     SELECT r.*, u.name as requested_from_name, u.role as requested_from_role
     FROM dispute_evidence_requests r
     LEFT JOIN users u ON r.requested_from_id = u.id
     WHERE r.dispute_id = ?
     ORDER BY r.created_at ASC
-  `).all(disputeId);
-    return rows.map(r => {
+  `, [disputeId]);
+    return await Promise.all(rows.map(async (r) => {
         const ids = JSON.parse(r.submitted_evidence_ids || '[]');
         const items = ids.length
-            ? db.prepare(`SELECT * FROM evidence WHERE id IN (${ids.map(() => '?').join(',')})`).all(...ids)
+            ? await dbAll(`SELECT * FROM evidence WHERE id IN (${ids.map(() => '?').join(',')})`, ids)
             : [];
         return { ...r, submitted_items: items };
-    });
+    }));
 }
 /** 生成锚定哈希（Phase 0 模拟；Phase 2 用 IPFS/链上替换） */
 function generateAnchorHash(content) {
@@ -673,8 +675,8 @@ function generateAnchorHash(content) {
     return `0x${h.toString(16).padStart(8, '0')}${ts}`;
 }
 // ─── 查询函数 ─────────────────────────────────────────────────
-export function getDisputeDetails(db, disputeId) {
-    return db.prepare(`
+export async function getDisputeDetails(_db, disputeId) {
+    return (await dbOne(`
     SELECT d.*,
       u1.name as initiator_name, u1.role as initiator_role,
       u2.name as defendant_name, u2.role as defendant_role
@@ -682,10 +684,10 @@ export function getDisputeDetails(db, disputeId) {
     LEFT JOIN users u1 ON d.initiator_id = u1.id
     LEFT JOIN users u2 ON d.defendant_id = u2.id
     WHERE d.id = ?
-  `).get(disputeId);
+  `, [disputeId])) ?? null;
 }
-export function getOrderDispute(db, orderId) {
-    return db.prepare(`
+export async function getOrderDispute(_db, orderId) {
+    return (await dbOne(`
     SELECT d.*,
       u1.name as initiator_name, u1.role as initiator_role,
       u2.name as defendant_name, u2.role as defendant_role
@@ -694,10 +696,10 @@ export function getOrderDispute(db, orderId) {
     LEFT JOIN users u2 ON d.defendant_id = u2.id
     WHERE d.order_id = ? AND d.status NOT IN ('resolved', 'dismissed')
     ORDER BY d.created_at DESC LIMIT 1
-  `).get(orderId);
+  `, [orderId])) ?? null;
 }
-export function getOpenDisputes(db) {
-    return db.prepare(`
+export async function getOpenDisputes(_db) {
+    return await dbAll(`
     SELECT d.*,
       u1.name as initiator_name, u1.role as initiator_role,
       u2.name as defendant_name, u2.role as defendant_role,
@@ -708,7 +710,7 @@ export function getOpenDisputes(db) {
     LEFT JOIN orders o ON d.order_id = o.id
     WHERE d.status IN ('open', 'in_review')
     ORDER BY d.created_at ASC
-  `).all();
+  `);
 }
 // ─── 工具函数 ─────────────────────────────────────────────────
 function addHours(date, hours) {

package/dist/layer3-trust/L3-1-dispute-engine/evidence-storage.js

@@ -5,6 +5,7 @@ import * as path from 'path';
 import * as os from 'os';
 import { createHash, createHmac } from 'crypto';
 import { generateId } from '../../layer0-foundation/L0-1-database/schema.js';
+import { dbOne, dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 seam(纯读)
 const EVIDENCE_DIR = path.join(os.homedir(), '.webaz', 'evidence');
 if (!fs.existsSync(EVIDENCE_DIR))
     fs.mkdirSync(EVIDENCE_DIR, { recursive: true });
@@ -135,8 +136,10 @@ export function uploadEvidence(db, args) {
     }
     return { id: eid, hash: actualHash, sig, dedup: blobExists, size: args.blob.length };
 }
-export function readEvidenceBlob(db, evidenceId, requesterId) {
-    const ev = db.prepare('SELECT id, dispute_id, file_hash, mime, filename, withdrawn_at FROM evidence WHERE id = ?').get(evidenceId);
+// RFC-016 Phase 1:纯读 → 异步 seam(db 参数保留签名兼容;调用点均 inTx=false)。
+//   注:isPartyOrArbitrator(被同步写 uploadEvidence 复用)保持同步,留 Phase 3;async 读内同步调用它 OK(其 db.prepare 仍同步)。
+export async function readEvidenceBlob(db, evidenceId, requesterId) {
+    const ev = await dbOne('SELECT id, dispute_id, file_hash, mime, filename, withdrawn_at FROM evidence WHERE id = ?', [evidenceId]);
     if (!ev)
         throw new Error('evidence_not_found');
     if (ev.withdrawn_at)
@@ -178,16 +181,16 @@ export function withdrawEvidence(db, evidenceId, uploaderId) {
         db.prepare('UPDATE disputes SET party_evidence_ids = ? WHERE id = ?').run(JSON.stringify(filtered), ev.dispute_id);
     }
 }
-export function listEvidence(db, disputeId, requesterId) {
+export async function listEvidence(db, disputeId, requesterId) {
     if (!isPartyOrArbitrator(db, disputeId, requesterId)) {
         throw new Error('not_dispute_party');
     }
-    return db.prepare(`
+    return await dbAll(`
     SELECT id, uploader_id, type, description, file_hash, size, mime, sig, filename, created_at, withdrawn_at
     FROM evidence
     WHERE dispute_id = ?
     ORDER BY created_at ASC
-  `).all(disputeId);
+  `, [disputeId]);
 }
 export function markEvidenceExpiry(db, disputeId) {
     const exp = new Date(Date.now() + EVIDENCE_TTL_DAYS_AFTER_RESOLVED * 24 * 3600 * 1000).toISOString();
@@ -223,13 +226,13 @@ export function cleanupExpiredEvidence(db) {
     }
     return { swept, bytes };
 }
-export function verifyEvidenceSig(db, evidenceId) {
-    const ev = db.prepare(`
+export async function verifyEvidenceSig(_db, evidenceId) {
+    const ev = await dbOne(`
     SELECT e.id, e.uploader_id, e.dispute_id, e.file_hash, e.size, e.mime, e.description, e.sig,
            u.api_key
     FROM evidence e JOIN users u ON u.id = e.uploader_id
     WHERE e.id = ?
-  `).get(evidenceId);
+  `, [evidenceId]);
     if (!ev)
         return { ok: false, reason: 'evidence_not_found' };
     if (!ev.sig)

package/dist/layer4-economics/L4-3-reputation/reputation-engine.js

@@ -15,6 +15,7 @@
  *   -25  争议败诉                        -40  超时违约
  */
 import { generateId } from '../../layer0-foundation/L0-1-database/schema.js';
+import { dbOne } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 seam(纯读)
 // ─── Schema ───────────────────────────────────────────────────
 export function initReputationSchema(db) {
     db.exec(`
@@ -286,15 +287,15 @@ export function getReputation(db, userId) {
 export function getReputationByUserId(db, userId) {
     return getReputation(db, userId);
 }
+// RFC-016 Phase 1:纯读 → 异步 seam(db 参数保留签名兼容,内部走 dbOne,同实例 setSeamDb)。
+// 调用点全部已确认不在 db.transaction 内(mcp 1967/2210 · products-create.ts:122 · url-claim.ts:120)。
 /** 获取用户的搜索加成（用于商品排序） */
-export function getSearchBoost(db, userId) {
-    const score = db.prepare('SELECT total_points FROM reputation_scores WHERE user_id = ?').get(userId);
-    const points = score?.total_points ?? 0;
-    return getLevel(points).searchBoost;
+export async function getSearchBoost(_db, userId) {
+    const score = await dbOne('SELECT total_points FROM reputation_scores WHERE user_id = ?', [userId]);
+    return getLevel(score?.total_points ?? 0).searchBoost;
 }
 /** 获取用户的质押折扣（用于上架商品时的质押计算） */
-export function getStakeDiscount(db, userId) {
-    const score = db.prepare('SELECT total_points FROM reputation_scores WHERE user_id = ?').get(userId);
-    const points = score?.total_points ?? 0;
-    return getLevel(points).stakeDiscount;
+export async function getStakeDiscount(_db, userId) {
+    const score = await dbOne('SELECT total_points FROM reputation_scores WHERE user_id = ?', [userId]);
+    return getLevel(score?.total_points ?? 0).stakeDiscount;
 }

package/dist/layer4-economics/L4-4-skill-market/skill-engine.js

@@ -16,6 +16,7 @@
  *   - 其他技能目前免费（增强曝光，间接提升成交）
  */
 import { generateId } from '../../layer0-foundation/L0-1-database/schema.js';
+import { dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 seam(纯读)
 import { toUnits, toDecimal } from '../../money.js';
 import { applyWalletDelta } from '../../ledger.js';
 // ─── Schema ───────────────────────────────────────────────────
@@ -135,7 +136,9 @@ export function publishSkill(db, input) {
   `).run(id, input.sellerId, input.name, input.description, input.category ?? 'general', input.skillType, config, input.pricePerUse ?? 0);
     return getSkillById(db, id);
 }
-export function listSkills(db, filter = {}) {
+// RFC-016 Phase 1:纯读 → 异步 seam(db 参数保留签名兼容;调用点均确认不在 db.transaction 内)。
+//   注:getSkillById(被同步写 publishSkill 内部调用)+ shouldAutoAccept(orders-create tx 内)留 Phase 3。
+export async function listSkills(_db, filter = {}) {
     const params = [];
     let sql = `
     SELECT s.*, u.name as seller_name,
@@ -161,7 +164,7 @@ export function listSkills(db, filter = {}) {
     }
     sql += ` ORDER BY s.total_uses DESC, s.rating DESC LIMIT ?`;
     params.push(filter.limit ?? 20);
-    return db.prepare(sql).all(...params);
+    return await dbAll(sql, params);
 }
 export function getSkillById(db, skillId) {
     return db.prepare(`
@@ -170,12 +173,12 @@ export function getSkillById(db, skillId) {
     FROM skills s JOIN users u ON s.seller_id = u.id WHERE s.id = ?
   `).get(skillId);
 }
-export function getMySkills(db, sellerId) {
-    return db.prepare(`
+export async function getMySkills(_db, sellerId) {
+    return await dbAll(`
     SELECT s.*,
       (SELECT COUNT(*) FROM skill_subscriptions ss WHERE ss.skill_id = s.id AND ss.active = 1) as subscriber_count
     FROM skills s WHERE s.seller_id = ? ORDER BY s.created_at DESC
-  `).all(sellerId);
+  `, [sellerId]);
 }
 // ─── 订阅 / 取消订阅 ──────────────────────────────────────────
 export function subscribeSkill(db, userId, skillId, config = {}) {
@@ -195,8 +198,8 @@ export function subscribeSkill(db, userId, skillId, config = {}) {
 export function unsubscribeSkill(db, userId, skillId) {
     db.prepare('UPDATE skill_subscriptions SET active = 0 WHERE skill_id = ? AND user_id = ?').run(skillId, userId);
 }
-export function getMySubscriptions(db, userId) {
-    return db.prepare(`
+export async function getMySubscriptions(_db, userId) {
+    return await dbAll(`
     SELECT s.*, u.name as seller_name, 1 as subscribed,
       (SELECT COUNT(*) FROM skill_subscriptions ss WHERE ss.skill_id = s.id AND ss.active = 1) as subscriber_count
     FROM skill_subscriptions sub
@@ -204,7 +207,7 @@ export function getMySubscriptions(db, userId) {
     JOIN users u ON s.seller_id = u.id
     WHERE sub.user_id = ? AND sub.active = 1
     ORDER BY sub.created_at DESC
-  `).all(userId);
+  `, [userId]);
 }
 // ─── 使用记录 + 佣金 ──────────────────────────────────────────
 /**

package/dist/layer4-economics/L4-4-skill-market/skill-listing-engine.js

@@ -18,6 +18,7 @@
  *   绝不进入 PV 二元匹配 / 推土机三级佣金 / fund_base —— 保持双引擎解耦、规避 PV 合规问题。
  */
 import { generateId } from '../../layer0-foundation/L0-1-database/schema.js';
+import { dbOne, dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 seam(纯读)
 import { toUnits, toDecimal } from '../../money.js';
 import { applyWalletDelta } from '../../ledger.js';
 export const SKILL_KINDS = ['template', 'prompt', 'guide', 'checklist'];
@@ -170,7 +171,9 @@ function getListingRaw(db, id) {
     return db.prepare('SELECT * FROM skill_listings WHERE id = ?').get(id);
 }
 /** 公开列表：仅 approved + active 的技能，不含 content */
-export function listMarket(db, filter = {}) {
+// RFC-016 Phase 1:纯读 → 异步 seam(db 参数保留签名兼容;调用点 skill-market.ts 均 inTx=false)。
+//   注:hasUnlock(被同步写 purchaseListing/readContent 复用)留 Phase 3,故 getMarketDetail 的 owned 检查内联为 dbOne。
+export async function listMarket(_db, filter = {}) {
     const params = [];
     let ownedSelect = '';
     if (filter.viewerId) {
@@ -198,29 +201,32 @@ export function listMarket(db, filter = {}) {
     }
     sql += ' ORDER BY l.total_sales DESC, l.rating DESC, l.created_at DESC LIMIT ?';
     params.push(filter.limit ?? 30);
-    return db.prepare(sql).all(...params);
+    return await dbAll(sql, params);
 }
 /** 公开详情（不含 content）；附加 owned 标记。未上架的仅作者本人可见，防 metadata 泄露 */
-export function getMarketDetail(db, id, viewerId) {
-    const row = db.prepare(`
+export async function getMarketDetail(_db, id, viewerId) {
+    const row = await dbOne(`
     SELECT ${PUBLIC_COLS}, u.name as author_name
     FROM skill_listings l JOIN users u ON l.author_id = u.id
     WHERE l.id = ?
-  `).get(id);
+  `, [id]);
     if (!row)
         return null;
     if (row.status !== 'approved' && row.author_id !== viewerId)
         return null;
-    if (viewerId)
-        row.owned = hasUnlock(db, viewerId, id) ? 1 : 0;
+    if (viewerId) {
+        // owned 检查内联(hasUnlock 被同步写路径复用,留 Phase 3;此处直接走 seam,与 hasUnlock 同 SQL)
+        const unlocked = await dbOne(`SELECT 1 FROM skill_orders o WHERE o.listing_id = ? AND o.buyer_id = ? AND o.billing_mode IN ('free','one_time') LIMIT 1`, [id, viewerId]);
+        row.owned = unlocked ? 1 : 0;
+    }
     return row;
 }
 /** 作者视角：自己的全部技能（含各状态、含 content 由调用方决定是否回传） */
-export function getMyListings(db, authorId) {
-    return db.prepare(`
+export async function getMyListings(_db, authorId) {
+    return await dbAll(`
     SELECT ${PUBLIC_COLS}, l.audit_note, l.reviewed_at, l.total_revenue
     FROM skill_listings l WHERE l.author_id = ? ORDER BY l.created_at DESC
-  `).all(authorId);
+  `, [authorId]);
 }
 // ─── 访问权 / 解锁 ────────────────────────────────────────────
 /** one_time/free 是否已永久解锁（per_use 不算永久解锁） */
@@ -303,8 +309,8 @@ export function readContent(db, userId, listingId, feeRate) {
     return { content: listing.content, billing_mode: listing.billing_mode };
 }
 /** 我的技能库：已解锁(free/one_time)的技能 + per_use 使用过的技能 */
-export function getMyLibrary(db, userId) {
-    return db.prepare(`
+export async function getMyLibrary(_db, userId) {
+    return await dbAll(`
     SELECT ${PUBLIC_COLS}, u.name as author_name, 1 as owned,
       MAX(o.created_at) as last_used
     FROM skill_orders o
@@ -313,15 +319,15 @@ export function getMyLibrary(db, userId) {
     WHERE o.buyer_id = ?
     GROUP BY l.id
     ORDER BY last_used DESC
-  `).all(userId);
+  `, [userId]);
 }
 // ─── 审计（WebAZ content admin）─────────────────────────────────
-export function listPendingAudit(db, limit = 100) {
-    return db.prepare(`
+export async function listPendingAudit(_db, limit = 100) {
+    return await dbAll(`
     SELECT l.*, u.name as author_name
     FROM skill_listings l JOIN users u ON l.author_id = u.id
     WHERE l.status = 'submitted' ORDER BY l.created_at ASC LIMIT ?
-  `).all(limit);
+  `, [limit]);
 }
 export function auditListing(db, listingId, reviewerId, decision, note) {
     const cur = getListingRaw(db, listingId);

package/dist/pwa/acp-feed.js

@@ -87,11 +87,23 @@ export function buildAcpProductFeed(db, opts = {}) {
         generated_at: new Date().toISOString(),
         source: 'WebAZ',
         spec: {
-            based_on: 'OpenAI Agentic Commerce Protocol — product feed',
+            feed_kind: 'acp-inspired-discovery',
+            based_on: 'OpenAI Agentic Commerce Protocol — product feed (SHAPE only; this is a discovery projection, not a strict ACP-ingestable merchant feed)',
             api_version_observed: '2025-09-12',
             reference: 'https://developers.openai.com/commerce/specs/feed',
             rfc: `${BASE}/docs/INTEGRATOR.md`,
         },
+        // Explicit non-compliance so an ACP ingester does NOT treat this as a strict feed (Codex #151).
+        compatibility: {
+            is_strict_acp_ingestable: false,
+            summary: 'Discovery projection that borrows the ACP product-feed shape. It is intentionally NOT a strict ACP-ingestable feed.',
+            non_compliant_points: [
+                'price.currency is SIMULATED WAZ (pre-launch internal unit), not an ISO 4217 fiat currency.',
+                'is_eligible_checkout is false for every item: ACP checkout (card + PSP) is not wired.',
+                'Merchant-level required fields (target_countries, store_country) are not emitted.',
+            ],
+            strict_export: 'A strict/export feed (ISO 4217 + merchant required fields, compliant items only) is deferred to a later RFC-015 phase, after fiat pricing + ACP checkout exist — it would be empty today.',
+        },
         _disclosures: {
             phase: 'pre-launch',
             currency: "Each item's price.currency is the protocol's SIMULATED pre-launch internal unit (WAZ, or legacy 'DCP'), NOT an ISO 4217 fiat currency. No real money is involved.",

package/dist/pwa/contract-fingerprint.js

@@ -33,6 +33,8 @@ export function contractFingerprints() {
 export const CONTRACT_CHANGES = [
     { contract_version: 1, date: '2026-06-06', surface: 'all', kind: 'genesis', summary: 'Contract v1 baseline: capability matrix (§②), entity dictionary + order lifecycle (§①), event cursor stream (§⑥), two version axes (§④).' },
     { contract_version: 2, date: '2026-06-06', surface: 'entity', kind: 'added', summary: '§① entity dictionary gains product + dispute entities (conservative public fields; dispute = redacted dispute_cases) + goal_index pointer. Additive — existing order entity unchanged; agents may ignore.' },
+    { contract_version: 3, date: '2026-06-09', surface: 'entity', kind: 'changed', summary: '§① order lifecycle: corrected declined_nofault state meaning text — it is NOT terminal (transitions declined_nofault→completed on settlement). Dropped the contradictory "(terminal)" label that conflicted with the auto-derived terminal:false. Semantics/state-machine unchanged; text-only clarification for agents reading the entity dictionary.' },
+    { contract_version: 4, date: '2026-06-09', surface: 'capability', kind: 'changed', summary: '§② capability matrix: POST /api/reviews/:type/:id/claim now requires the new "review_claim" action scope instead of being SAFE (unscoped). The review-claim path locks a 5 WAZ stake (escrow), so it belongs under default-deny accountability like other value writes. GET reviews endpoints stay open.', migration: 'A declared agent that calls review claim must add the "review_claim" scope to its api_key (or hold a Passkey, or declare "*"). Passkey-bound humans and "*" agents are unaffected; GET reviews unchanged.' },
 ];
 export function buildChangeFeed() {
     return {

package/dist/pwa/endpoint-actions.js

@@ -31,6 +31,9 @@ export const WRITE_RULES = [
     { method: 'POST', re: /^\/api\/skill-market\/[^/]+\/purchase/, action: 'purchase' },
     { method: 'POST', re: /^\/api\/secondhand\/[^/]+\/order/, action: 'buy_secondhand' },
     { method: 'POST', re: /^\/api\/group-buys\/[^/]+\/join/, action: 'group_buy_join' },
+    // Codex #98 P1:review claim 锁 5 WAZ stake(扣 balance + escrowed)—— 资金写,绝不能落 SAFE,纳入 default-deny 问责门。
+    //   只命中 .../:type/:id/claim;其余 reviews 写无规则 → 落通用 'write'(仍 default-deny),GET reviews 由 endpointToAction(GET) 返回 null。
+    { method: 'POST', re: /^\/api\/reviews\/[^/]+\/[^/]+\/claim$/, action: 'review_claim' },
     // #1115 P1:写 PII(收货地址)。原为 (addresses OR profile/default-address);拆两条等价规则,顺序保持。
     { method: 'WRITE', re: /^\/api\/addresses(\/|$)/, action: 'set_address' },
     { method: 'WRITE', exact: '/api/profile/default-address', action: 'set_address' },
@@ -55,7 +58,8 @@ export const SAFE_WRITE = [
     /^\/api\/me\/(delete-cancel|notify-claim-tasks)/,
     /^\/api\/peers\//, /^\/api\/signaling\//,
     /^\/api\/product-share\/touch$/, /^\/api\/anchor\/[^/]+\/touch$/,
-    /^\/api\/reviews\//,
+    // Codex #98 P1:不再整段放行 /api/reviews/ —— claim 是 5 WAZ 质押资金写,已上提到 WRITE_RULES(review_claim);
+    //   GET reviews(recent / :type/:id/claims)无须写 scope(GET 由 endpointToAction 返回 null,不依赖 SAFE)。
 ];
 function methodMatches(m, method) {
     if (m === 'POST')

package/dist/pwa/goal-index.js

@@ -12,29 +12,29 @@ import { SOFTWARE_VERSION, CONTRACT_VERSION } from '../version.js';
 import { capabilityMatrix } from './endpoint-actions.js';
 const GOALS = [
     // ── discover / buy ──
-    { goal: 'Find a specific product by title/SKU/exact desc', when: 'buyer knows what they want (strict match)', action: 'open', endpoint: 'GET /api/search?query=...', mcp_tool: 'webaz_search', pwa: '#buy', see: '② read scope "search"', notes: 'STRICT — no fuzzy fallback; 0 hits → guide user to #discover (fuzzy is a human action, not agent-automated).' },
-    { goal: 'Match a pasted external link (taobao/douyin/xhs/jd/...)', when: 'buyer pastes an off-site product URL', action: 'open', endpoint: 'GET /api/search?external_link=...', mcp_tool: 'webaz_search', pwa: '#buy', notes: 'matches the anchor registry product fingerprint.' },
+    { goal: 'Find a specific product by title/SKU/exact desc', when: 'buyer knows what they want (strict match)', action: 'open', endpoint: 'GET /api/products?q=...', mcp_tool: 'webaz_search', pwa: '#buy', see: '② read scope "search"', notes: 'protocol-level STRICT alias match (mode=agent), no fuzzy fallback; 0 hits → guide user to #discover (fuzzy is a human action, not agent-automated).' },
+    { goal: 'Match a pasted external link (taobao/douyin/xhs/jd/...)', when: 'buyer pastes an off-site product URL or share text', action: 'open', endpoint: 'POST /api/search-by-link', mcp_tool: 'webaz_search', pwa: '#buy', notes: 'body: { text } (raw paste of share text/URL) OR { external_link: { platform, external_id, external_title, canonical_url } }. Matches the anchor registry product fingerprint.' },
     { goal: "Browse what's popular near me / same city", when: 'geo discovery, no keyword', action: 'search', endpoint: 'GET /api/nearby', mcp_tool: 'webaz_nearby', pwa: '#nearby', see: '② read scope "search"', notes: 'k-anonymity ≥3.' },
     { goal: 'Find used / pre-owned / secondhand items', when: 'pre-owned, separate space from new catalog', action: 'open', endpoint: 'GET /api/secondhand', mcp_tool: 'webaz_secondhand', pwa: '#secondhand', notes: 'webaz_search does NOT return secondhand.' },
     { goal: 'Verify a price before buying', when: 'BEFORE every purchase', action: 'open', endpoint: 'GET /api/products/:id (+ verify)', mcp_tool: 'webaz_verify_price', pwa: '#buy', notes: 'defeats flash-sale/hidden-fee race; protocol only liable for the verified T0 price.' },
     { goal: 'Place an order (buy a catalog product)', when: 'buyer commits to purchase', action: 'place_order', endpoint: 'POST /api/orders', mcp_tool: 'webaz_place_order', pwa: '#buy', see: '① entity order · ⑧ value flow', notes: 'pass expected_price (T0 guard, 409 on drift).' },
     { goal: 'Buy a secondhand item', when: 'order a pre-owned listing', action: 'buy_secondhand', endpoint: 'POST /api/secondhand/:id/order', mcp_tool: 'webaz_secondhand', pwa: '#secondhand' },
     { goal: 'Buy a knowledge skill', when: 'purchase a prompt/template/checklist', action: 'purchase', endpoint: 'POST /api/skill-market/:id/purchase', mcp_tool: 'webaz_skill_market', pwa: '#skill-market', notes: 'content market — distinct from webaz_skill behavior plugins.' },
-    { goal: 'Bid in an auction', when: 'time-windowed price discovery on listed item', action: 'bid', endpoint: 'POST /api/auctions/:id/bid', mcp_tool: 'webaz_bid', pwa: '#auctions', notes: 'anti-snipe time extension.' },
+    { goal: 'Bid in an auction', when: 'time-windowed price discovery on listed item', action: 'bid', endpoint: 'POST /api/auctions/:id/bids', mcp_tool: 'webaz_bid', pwa: '#auctions', notes: 'anti-snipe time extension.' },
     { goal: 'Post a buy request (RFQ) for sellers to quote', when: 'no good match / bulk / custom / wants competing quotes', action: 'rfq', endpoint: 'POST /api/rfqs', mcp_tool: 'webaz_rfq', pwa: '#rfqs', notes: 'reverse match — buyer posts need + 1% stake.' },
     // ── sell / fulfill ──
-    { goal: 'List / update a product', when: 'seller publishes, edits, delists own listing', action: 'list_product', endpoint: 'POST|PUT /api/products', mcp_tool: 'webaz_list_product', pwa: '#me', see: '① entity product', notes: 'system suggests stake ~15% of price (buyer protection).' },
-    { goal: 'Fulfill an order (accept / ship / deliver / pickup)', when: 'seller or logistics advances fulfilment', action: 'fulfill', endpoint: 'POST /api/orders/:id/{accept|ship|deliver|pickup|transit}', mcp_tool: 'webaz_update_order', pwa: '#me', see: '① order lifecycle · ⑦ liability', notes: 'missing a deadline → auto fault (see order lifecycle).' },
-    { goal: 'Confirm receipt (buyer closes the order)', when: 'buyer received the goods', action: 'confirm_order', endpoint: 'POST /api/orders/:id/confirm', mcp_tool: 'webaz_update_order', pwa: '#me', notes: 'auto-confirm on confirm_deadline timeout.' },
+    { goal: 'List / update a product', when: 'seller publishes, edits, delists own listing', action: 'list_product', endpoint: 'POST /api/products · PUT /api/products/:id', mcp_tool: 'webaz_list_product', pwa: '#me', see: '① entity product', notes: 'POST creates, PUT /:id edits/delists. System suggests stake ~15% of price (buyer protection).' },
+    { goal: 'Fulfill an order (accept / ship / deliver / pickup)', when: 'seller or logistics advances fulfilment', action: 'fulfill', endpoint: 'POST /api/orders/:id/action', mcp_tool: 'webaz_update_order', pwa: '#me', see: '① order lifecycle · ⑦ liability', notes: 'single state-machine endpoint; body { action } ∈ {accept|ship|pickup|transit|deliver|confirm|dispute}. Missing a deadline → auto fault.' },
+    { goal: 'Confirm receipt (buyer closes the order)', when: 'buyer received the goods', action: 'confirm_order', endpoint: 'POST /api/orders/:id/action', mcp_tool: 'webaz_update_order', pwa: '#me', notes: 'body { action: "confirm" }. Auto-confirm on confirm_deadline timeout.' },
     // ── dispute / verify ──
     { goal: 'Respond to a dispute as a party', when: 'a counterparty opened a dispute on your order', action: 'dispute_respond', endpoint: 'POST /api/disputes/:id/respond', mcp_tool: 'webaz_dispute', pwa: '#me', see: '① entity dispute · ⑦ liability' },
     { goal: 'Look up public dispute precedents', when: 'assess a seller / understand likely ruling', action: 'open', endpoint: 'GET /api/disputes/cases (+ /by-product/:id)', mcp_tool: 'webaz_dispute', pwa: '#disputes', see: '① entity dispute', notes: 'redacted post-ruling cases; amount is bucketed.' },
     { goal: 'Verify an agent passport / external anchor / AP2 mandate', when: 'check a counterparty/data is genuine', action: 'open', endpoint: 'GET /.well-known/webaz-verifiability.json', mcp_tool: null, pwa: '(n/a)', see: '⑤ verifiability index', notes: 'offline-verifiable where signed; order-chain is integrity-only.' },
     // ── participate / social ──
     { goal: 'Become a value participant (earn/pay/stake)', when: 'integrate as seller/logistics/verifier/insurer/etc.', action: 'open', endpoint: 'GET /.well-known/webaz-economic.json', mcp_tool: null, pwa: '(n/a)', see: '⑧ economic participation', notes: 'roles + live rates + collateral + conserved liability.' },
-    { goal: 'Communicate with a trade counterparty', when: 'ask seller a question / coordinate an order', action: 'chat', endpoint: 'POST /api/conversations', mcp_tool: 'webaz_chat', pwa: '#messages', notes: 'every message attaches to a trade context — not general LLM chat.' },
+    { goal: 'Communicate with a trade counterparty', when: 'ask seller a question / coordinate an order', action: 'chat', endpoint: 'POST /api/conversations/start', mcp_tool: 'webaz_chat', pwa: '#messages', notes: 'start a thread; then POST /api/conversations/:id/messages. Every message attaches to a trade context — not general LLM chat.' },
     { goal: 'Share / refer a product for commission', when: 'promote a listing; attributed sales pay commission', action: 'share', endpoint: 'POST /api/shareables', mcp_tool: 'webaz_shareables', pwa: '#me', see: '⑧ promoter role' },
-    { goal: 'Publish or fund a charity wish / community fund', when: 'community mutual-aid', action: 'charity', endpoint: 'POST /api/wishes · POST /api/charity', mcp_tool: 'webaz_charity', pwa: '#charity', notes: 'distinct from place_order donation_pct.' },
+    { goal: 'Publish or fund a charity wish / community fund', when: 'community mutual-aid', action: 'charity', endpoint: 'POST /api/wishes', mcp_tool: 'webaz_charity', pwa: '#charity', notes: 'publish a wish; fund the shared pool via POST /api/charity/fund/donate. Distinct from place_order donation_pct.' },
     { goal: 'Donate to the community fund', when: 'contribute to the shared fund', action: 'donate', endpoint: 'POST /api/charity/fund/donate', mcp_tool: 'webaz_charity', pwa: '#charity' },
     // ── self state ──
     { goal: 'Set a shipping address (PII write)', when: 'before a shipped order', action: 'set_address', endpoint: 'POST /api/addresses', mcp_tool: 'webaz_default_address', pwa: '#me', see: '② write_action set_address (元规则#3 PII gate)' },