@seasonkoh/webaz 0.1.24 → 0.1.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (195) hide show
  1. package/README.md +5 -1
  2. package/dist/layer0-foundation/L0-1-database/db-backends/pg-backend.js +51 -0
  3. package/dist/layer0-foundation/L0-1-database/db-backends/sql-dialect-datetime.js +437 -0
  4. package/dist/layer0-foundation/L0-1-database/db-backends/sql-placeholders.js +98 -0
  5. package/dist/layer0-foundation/L0-1-database/db.js +65 -0
  6. package/dist/layer0-foundation/L0-2-state-machine/order-chain.js +13 -11
  7. package/dist/layer0-foundation/L0-2-state-machine/transitions.js +1 -1
  8. package/dist/layer0-foundation/L0-5-manifest/manifest.js +13 -11
  9. package/dist/layer1-agent/L1-1-mcp-server/server.js +288 -208
  10. package/dist/layer1-agent/L1-2-external-anchor/anchor-engine.js +14 -12
  11. package/dist/layer2-business/L2-6-notifications/notification-engine.js +8 -5
  12. package/dist/layer2-business/L2-7-snf/snf-engine.js +16 -14
  13. package/dist/layer2-business/L2-8-feedback/build-feedback-engine.js +18 -10
  14. package/dist/layer2-business/L2-9-contribution/build-reputation-engine.js +37 -23
  15. package/dist/layer2-business/L2-9-contribution/build-task-agent-metadata-store.js +182 -0
  16. package/dist/layer2-business/L2-9-contribution/build-task-participation.js +47 -0
  17. package/dist/layer2-business/L2-9-contribution/build-task-read.js +222 -0
  18. package/dist/layer2-business/L2-9-contribution/build-tasks-engine.js +11 -3
  19. package/dist/layer2-business/L2-9-contribution/canonical-contribution-target.js +16 -0
  20. package/dist/layer2-business/L2-9-contribution/contribution-display-envelope.js +40 -0
  21. package/dist/layer2-business/L2-9-contribution/contribution-score-contract.js +36 -0
  22. package/dist/layer2-business/L2-9-contribution/contribution-score-evidence.js +61 -0
  23. package/dist/layer2-business/L2-9-contribution/github-credential/canonical.js +60 -0
  24. package/dist/layer2-business/L2-9-contribution/github-credential/github-credential.schema.js +140 -0
  25. package/dist/layer2-business/L2-9-contribution/github-credential/github-fetch-adapter.js +437 -0
  26. package/dist/layer2-business/L2-9-contribution/github-credential/self-consistency.js +38 -0
  27. package/dist/layer2-business/L2-9-contribution/github-credential/verifier.js +231 -0
  28. package/dist/layer2-business/L2-9-contribution/github-credential-ingestion-engine.js +145 -0
  29. package/dist/layer2-business/L2-9-contribution/github-credential-store.js +115 -0
  30. package/dist/layer2-business/L2-9-contribution/identity-binding-engine.js +134 -0
  31. package/dist/layer2-business/L2-9-contribution/identity-binding-store.js +101 -0
  32. package/dist/layer2-business/L2-9-contribution/identity-claim-challenge-engine.js +126 -0
  33. package/dist/layer2-business/L2-9-contribution/identity-claim-challenge-store.js +30 -0
  34. package/dist/layer2-business/L2-9-contribution/identity-claim-discovery.js +55 -0
  35. package/dist/layer2-business/L2-9-contribution/identity-claim-engine.js +109 -0
  36. package/dist/layer2-business/L2-9-contribution/identity-claim-fact-precondition.js +22 -0
  37. package/dist/layer2-business/L2-9-contribution/identity-claim-proof-verifier.js +97 -0
  38. package/dist/layer2-business/L2-9-contribution/identity-claim-read.js +59 -0
  39. package/dist/layer2-business/L2-9-contribution/task-proposal-ai-store.js +99 -0
  40. package/dist/layer2-business/L2-9-contribution/task-proposal-draft.js +191 -0
  41. package/dist/layer2-business/L2-9-contribution/task-proposal-store.js +129 -0
  42. package/dist/layer2-business/L2-notes/note-photo-storage.js +4 -2
  43. package/dist/layer3-trust/L3-1-dispute-engine/dispute-engine.js +17 -15
  44. package/dist/layer3-trust/L3-1-dispute-engine/evidence-storage.js +11 -8
  45. package/dist/layer4-economics/L4-3-reputation/reputation-engine.js +9 -8
  46. package/dist/layer4-economics/L4-4-skill-market/skill-engine.js +11 -8
  47. package/dist/layer4-economics/L4-4-skill-market/skill-listing-engine.js +22 -16
  48. package/dist/pwa/acp-feed.js +13 -1
  49. package/dist/pwa/admin-bearer-auth.js +21 -0
  50. package/dist/pwa/contract-fingerprint.js +2 -0
  51. package/dist/pwa/email-delivery.js +127 -0
  52. package/dist/pwa/endpoint-actions.js +5 -1
  53. package/dist/pwa/goal-index.js +8 -8
  54. package/dist/pwa/human-presence.js +62 -0
  55. package/dist/pwa/public/app.js +1485 -283
  56. package/dist/pwa/public/i18n.js +297 -59
  57. package/dist/pwa/public/index.html +1 -0
  58. package/dist/pwa/public/openapi.json +5 -5
  59. package/dist/pwa/public/whitepaper/en/index.html +153 -0
  60. package/dist/pwa/public/whitepaper/zh-CN/index.html +153 -0
  61. package/dist/pwa/rate-limit.js +22 -0
  62. package/dist/pwa/routes/account-deletion.js +15 -13
  63. package/dist/pwa/routes/addresses.js +10 -9
  64. package/dist/pwa/routes/admin-admins.js +13 -14
  65. package/dist/pwa/routes/admin-analytics.js +109 -69
  66. package/dist/pwa/routes/admin-atomic.js +10 -4
  67. package/dist/pwa/routes/admin-catalog.js +13 -11
  68. package/dist/pwa/routes/admin-editor-picks.js +15 -10
  69. package/dist/pwa/routes/admin-events.js +5 -3
  70. package/dist/pwa/routes/admin-health.js +2 -1
  71. package/dist/pwa/routes/admin-moderation.js +50 -29
  72. package/dist/pwa/routes/admin-ops.js +35 -23
  73. package/dist/pwa/routes/admin-protocol-params.js +16 -19
  74. package/dist/pwa/routes/admin-reports.js +23 -21
  75. package/dist/pwa/routes/admin-tokenomics.js +26 -25
  76. package/dist/pwa/routes/admin-users-lifecycle.js +37 -40
  77. package/dist/pwa/routes/admin-users-query.js +65 -53
  78. package/dist/pwa/routes/admin-verifier-flow.js +82 -41
  79. package/dist/pwa/routes/admin-verifier-whitelist.js +55 -27
  80. package/dist/pwa/routes/admin-wallet-ops.js +32 -7
  81. package/dist/pwa/routes/agent-buy.js +46 -22
  82. package/dist/pwa/routes/agent-governance.js +52 -56
  83. package/dist/pwa/routes/ai.js +7 -5
  84. package/dist/pwa/routes/analytics.js +43 -41
  85. package/dist/pwa/routes/anchors.js +19 -20
  86. package/dist/pwa/routes/announcements.js +13 -13
  87. package/dist/pwa/routes/arbitrator.js +97 -31
  88. package/dist/pwa/routes/auction.js +157 -116
  89. package/dist/pwa/routes/auth-login.js +6 -4
  90. package/dist/pwa/routes/auth-read.js +21 -10
  91. package/dist/pwa/routes/auth-register.js +111 -26
  92. package/dist/pwa/routes/auth-sessions.js +12 -11
  93. package/dist/pwa/routes/blocklist.js +16 -15
  94. package/dist/pwa/routes/build-feedback.js +10 -9
  95. package/dist/pwa/routes/build-reputation.js +6 -2
  96. package/dist/pwa/routes/build-tasks.js +45 -13
  97. package/dist/pwa/routes/buyer-feeds.js +27 -25
  98. package/dist/pwa/routes/cart.js +16 -15
  99. package/dist/pwa/routes/charity.js +212 -150
  100. package/dist/pwa/routes/chat.js +42 -43
  101. package/dist/pwa/routes/checkin-tasks.js +10 -9
  102. package/dist/pwa/routes/checkout-helpers.js +12 -10
  103. package/dist/pwa/routes/claim-initiators.js +34 -14
  104. package/dist/pwa/routes/claim-verify.js +86 -53
  105. package/dist/pwa/routes/claim-voting.js +43 -18
  106. package/dist/pwa/routes/contribution-identity.js +164 -0
  107. package/dist/pwa/routes/contribution-score.js +19 -0
  108. package/dist/pwa/routes/coupons.js +19 -16
  109. package/dist/pwa/routes/dashboards.js +18 -16
  110. package/dist/pwa/routes/dispute-cases.js +25 -24
  111. package/dist/pwa/routes/disputes-read.js +45 -51
  112. package/dist/pwa/routes/disputes-write.js +124 -61
  113. package/dist/pwa/routes/evidence.js +9 -9
  114. package/dist/pwa/routes/external-anchors.js +13 -12
  115. package/dist/pwa/routes/feedback.js +29 -33
  116. package/dist/pwa/routes/flash-sales.js +18 -16
  117. package/dist/pwa/routes/follows.js +25 -24
  118. package/dist/pwa/routes/governance-auto-deactivate.js +21 -9
  119. package/dist/pwa/routes/governance-onboarding.js +70 -59
  120. package/dist/pwa/routes/group-buys.js +22 -22
  121. package/dist/pwa/routes/growth.js +34 -31
  122. package/dist/pwa/routes/import-product.js +12 -10
  123. package/dist/pwa/routes/kyc.js +9 -8
  124. package/dist/pwa/routes/leaderboard.js +20 -18
  125. package/dist/pwa/routes/listings.js +23 -22
  126. package/dist/pwa/routes/logistics.js +10 -8
  127. package/dist/pwa/routes/manifests.js +27 -27
  128. package/dist/pwa/routes/me-data.js +23 -21
  129. package/dist/pwa/routes/notifications.js +7 -6
  130. package/dist/pwa/routes/offers.js +30 -12
  131. package/dist/pwa/routes/orders-action.js +51 -29
  132. package/dist/pwa/routes/orders-create.js +75 -20
  133. package/dist/pwa/routes/orders-read.js +21 -20
  134. package/dist/pwa/routes/p2p-products.js +30 -18
  135. package/dist/pwa/routes/payments-governance.js +61 -56
  136. package/dist/pwa/routes/peers.js +9 -8
  137. package/dist/pwa/routes/pin-receipts.js +13 -13
  138. package/dist/pwa/routes/products-aliases.js +12 -10
  139. package/dist/pwa/routes/products-claims.js +36 -17
  140. package/dist/pwa/routes/products-create.js +53 -38
  141. package/dist/pwa/routes/products-crud.js +17 -16
  142. package/dist/pwa/routes/products-links.js +49 -26
  143. package/dist/pwa/routes/products-list.js +6 -4
  144. package/dist/pwa/routes/products-meta.js +40 -39
  145. package/dist/pwa/routes/products-update.js +19 -5
  146. package/dist/pwa/routes/profile-credentials.js +20 -19
  147. package/dist/pwa/routes/profile-identity.js +14 -13
  148. package/dist/pwa/routes/profile-location.js +7 -6
  149. package/dist/pwa/routes/profile-placement.js +20 -19
  150. package/dist/pwa/routes/profile-prefs.js +11 -11
  151. package/dist/pwa/routes/promoter.js +58 -66
  152. package/dist/pwa/routes/public-build-tasks.js +19 -0
  153. package/dist/pwa/routes/public-utils.js +108 -46
  154. package/dist/pwa/routes/push.js +16 -15
  155. package/dist/pwa/routes/ratings.js +92 -32
  156. package/dist/pwa/routes/recover-key.js +66 -26
  157. package/dist/pwa/routes/referral.js +37 -52
  158. package/dist/pwa/routes/reputation.js +3 -2
  159. package/dist/pwa/routes/returns.js +76 -73
  160. package/dist/pwa/routes/reviews.js +41 -18
  161. package/dist/pwa/routes/rewards-apply.js +16 -15
  162. package/dist/pwa/routes/rewards-auto-downgrade.js +9 -7
  163. package/dist/pwa/routes/rewards-escrow-expire.js +7 -5
  164. package/dist/pwa/routes/rfqs.js +163 -85
  165. package/dist/pwa/routes/search.js +16 -14
  166. package/dist/pwa/routes/secondhand.js +25 -22
  167. package/dist/pwa/routes/seller-quota.js +24 -26
  168. package/dist/pwa/routes/share-redirects.js +60 -55
  169. package/dist/pwa/routes/shareables-interactions.js +34 -35
  170. package/dist/pwa/routes/shareables.js +55 -51
  171. package/dist/pwa/routes/shop-referral.js +58 -0
  172. package/dist/pwa/routes/shops.js +25 -20
  173. package/dist/pwa/routes/signaling.js +10 -9
  174. package/dist/pwa/routes/skill-market.js +16 -16
  175. package/dist/pwa/routes/skills.js +15 -14
  176. package/dist/pwa/routes/snf.js +14 -13
  177. package/dist/pwa/routes/tags.js +10 -9
  178. package/dist/pwa/routes/task-proposals.js +121 -0
  179. package/dist/pwa/routes/trial.js +72 -52
  180. package/dist/pwa/routes/trusted-kpi.js +20 -18
  181. package/dist/pwa/routes/url-claim.js +67 -28
  182. package/dist/pwa/routes/users-public.js +62 -70
  183. package/dist/pwa/routes/variants.js +12 -13
  184. package/dist/pwa/routes/verifier-user.js +61 -21
  185. package/dist/pwa/routes/verify-tasks.js +49 -25
  186. package/dist/pwa/routes/waitlist.js +16 -15
  187. package/dist/pwa/routes/wallet-read.js +75 -37
  188. package/dist/pwa/routes/wallet-write.js +12 -9
  189. package/dist/pwa/routes/webauthn.js +25 -26
  190. package/dist/pwa/routes/webhooks.js +26 -26
  191. package/dist/pwa/routes/welcome.js +45 -50
  192. package/dist/pwa/routes/wishlist-qa.js +29 -32
  193. package/dist/pwa/server.js +304 -90
  194. package/dist/version.js +1 -1
  195. package/package.json +76 -3
package/dist/layer0-foundation/L0-2-state-machine/order-chain.js CHANGED
@@ -14,6 +14,7 @@
14
14
  */
15
15
  import crypto from 'crypto';
16
16
  import { generateId } from '../L0-1-database/schema.js';
17
+ import { dbOne, dbAll } from '../L0-1-database/db.js'; // RFC-016 异步 seam(纯读)
17
18
  export function initOrderChainSchema(db) {
18
19
  db.exec(`
19
20
  CREATE TABLE IF NOT EXISTS order_events (
@@ -42,10 +43,11 @@ export function initOrderChainSchema(db) {
42
43
  }
43
44
  catch { }
44
45
  }
45
- export function listOrderEventsSince(db, userId, since, limit) {
46
+ // RFC-016 Phase 1:纯读 → 异步 seam(db 参数保留签名兼容;调用点 orders-read.ts 均 inTx=false,非状态机写路径)
47
+ export async function listOrderEventsSince(_db, userId, since, limit) {
46
48
  const lim = Math.min(200, Math.max(1, Math.floor(limit) || 50));
47
49
  const sinceRid = since && /^\d+$/.test(since) ? Number(since) : 0;
48
- const rows = db.prepare(`
50
+ const rows = await dbAll(`
49
51
  SELECT e.rowid AS rid, e.order_id, e.seq, e.event_type, e.from_status, e.to_status, e.actor_role,
50
52
  e.event_hash, e.prev_event_hash, e.signed_at, e.created_at
51
53
  FROM order_events e
@@ -54,7 +56,7 @@ export function listOrderEventsSince(db, userId, since, limit) {
54
56
  AND e.rowid > ?
55
57
  ORDER BY e.rowid ASC
56
58
  LIMIT ?
57
- `).all(userId, userId, userId, sinceRid, lim);
59
+ `, [userId, userId, userId, sinceRid, lim]);
58
60
  const events = rows.map(r => ({
59
61
  cursor: String(r.rid),
60
62
  order_id: r.order_id, seq: r.seq, event_type: r.event_type,
@@ -118,16 +120,16 @@ export function appendOrderEvent(db, args) {
118
120
  return { id, seq, event_hash: eventHash };
119
121
  }
120
122
  // 验证整条链 — 仲裁时或任何审计场景可调
121
- export function verifyOrderChain(db, orderId) {
122
- const rows = db.prepare(`SELECT seq, prev_event_hash, event_hash, payload_json, signature, actor_id
123
- FROM order_events WHERE order_id = ? ORDER BY seq ASC`).all(orderId);
123
+ export async function verifyOrderChain(_db, orderId) {
124
+ const rows = await dbAll(`SELECT seq, prev_event_hash, event_hash, payload_json, signature, actor_id
125
+ FROM order_events WHERE order_id = ? ORDER BY seq ASC`, [orderId]);
124
126
  if (rows.length === 0)
125
127
  return { ok: false, total: 0, verified: 0, reason: 'empty_chain' };
126
128
  // 修复 ultrareview bug_007:transition() 的 appendOrderEvent 是 try-catch 软失败
127
129
  // (legacy actor 缺 api_key 等场景),但 order_state_history 仍会 commit。
128
130
  // 检测:chain 行数应该至少等于 history 行数(chain ≥ history,因为可能有 open genesis 事件无 history)
129
131
  // 不等就说明有 silent drop,链不完整 — UI 不应再显示"验证通过"
130
- const histCount = db.prepare(`SELECT COUNT(*) as n FROM order_state_history WHERE order_id = ?`).get(orderId);
132
+ const histCount = await dbOne(`SELECT COUNT(*) as n FROM order_state_history WHERE order_id = ?`, [orderId]);
131
133
  if (histCount && rows.length < histCount.n) {
132
134
  return { ok: false, total: rows.length, verified: 0, reason: 'chain_incomplete', history_count: histCount.n };
133
135
  }
@@ -143,7 +145,7 @@ export function verifyOrderChain(db, orderId) {
143
145
  return { ok: false, total: rows.length, verified: r.seq, firstBrokenSeq: r.seq, reason: 'event_hash_mismatch' };
144
146
  }
145
147
  // 3. signature 用 actor api_key 验
146
- const actor = db.prepare('SELECT api_key FROM users WHERE id = ?').get(r.actor_id);
148
+ const actor = await dbOne('SELECT api_key FROM users WHERE id = ?', [r.actor_id]);
147
149
  if (!actor)
148
150
  return { ok: false, total: rows.length, verified: r.seq, firstBrokenSeq: r.seq, reason: 'actor_not_found' };
149
151
  const reSig = computeEventSignature(r.payload_json, actor.api_key);
@@ -154,10 +156,10 @@ export function verifyOrderChain(db, orderId) {
154
156
  }
155
157
  return { ok: true, total: rows.length, verified: rows.length };
156
158
  }
157
- export function getOrderChain(db, orderId) {
158
- const rows = db.prepare(`SELECT seq, event_type, from_status, to_status, actor_id, actor_role, signed_at,
159
+ export async function getOrderChain(_db, orderId) {
160
+ const rows = await dbAll(`SELECT seq, event_type, from_status, to_status, actor_id, actor_role, signed_at,
159
161
  event_hash, prev_event_hash, signature, payload_json
160
- FROM order_events WHERE order_id = ? ORDER BY seq ASC`).all(orderId);
162
+ FROM order_events WHERE order_id = ? ORDER BY seq ASC`, [orderId]);
161
163
  return rows.map(r => ({
162
164
  seq: r.seq,
163
165
  event_type: r.event_type,
package/dist/layer0-foundation/L0-2-state-machine/transitions.js CHANGED
@@ -269,7 +269,7 @@ export const ORDER_STATE_MEANINGS = {
269
269
  fault_buyer: { zh: '买家违约(超时未付,终态)', en: 'buyer fault (payment timeout, terminal)' },
270
270
  fault_seller: { zh: '卖家违约(超时未接/发 或 主动拒单)', en: 'seller fault (accept/ship timeout or active decline)' },
271
271
  fault_logistics: { zh: '物流违约', en: 'logistics fault' },
272
- declined_nofault: { zh: '卖家无责拒单(仲裁认定客观)→ 全退买家+退卖家质押,零罚没(终态)', en: 'seller no-fault decline (arbitration-cleared) → full refund + stake returned, no forfeit (terminal)' },
272
+ declined_nofault: { zh: '卖家无责拒单裁定(仲裁认定客观),待系统结算 completed;全退买家+退卖家质押,零罚没', en: 'seller no-fault decline (arbitration-cleared), pending system settlement completed; full refund + stake returned, no forfeit' },
273
273
  resolved_for_seller: { zh: '仲裁裁卖家胜诉,资金释放(终态)', en: 'arbitration ruled for seller, funds released (terminal)' },
274
274
  refunded_partial: { zh: '仲裁裁部分退款(终态)', en: 'arbitration partial refund (terminal)' },
275
275
  refunded_full: { zh: '仲裁裁全额退款,订单作废(终态)', en: 'arbitration full refund, order voided (terminal)' },
package/dist/layer0-foundation/L0-5-manifest/manifest.js CHANGED
@@ -10,6 +10,7 @@
10
10
  * 2. HTTP GET:<server>/api/manifest
11
11
  * 3. webaz_info 工具返回值中的 manifest 字段
12
12
  */
13
+ import { dbOne } from '../L0-1-database/db.js'; // RFC-016 异步 seam
13
14
  export const MANIFEST_VERSION = '0.1.0';
14
15
  export const MANIFEST_URI = 'webaz://protocol/manifest';
15
16
  // ─── 协议常量(与状态机保持同步)────────────────────────────
@@ -256,9 +257,9 @@ const AGENT_GUIDE = {
256
257
  },
257
258
  };
258
259
  // ─── 生成 Manifest ────────────────────────────────────────────
259
- export function generateManifest(db) {
260
- // 如果传入 db,可以附加实时统计数据
261
- const stats = db ? getLiveStats(db) : null;
260
+ export async function generateManifest(db) {
261
+ // 如果传入 db(=要求附加实时统计),走异步 seam 读取。db 仅作"是否含 live_stats"开关,实际连接来自 setSeamDb。
262
+ const stats = db ? await getLiveStats() : null;
262
263
  return {
263
264
  $schema: 'https://dcp-protocol.io/schema/manifest/v1',
264
265
  $uri: MANIFEST_URI,
@@ -288,15 +289,16 @@ export function generateManifest(db) {
288
289
  live_stats: stats,
289
290
  };
290
291
  }
291
- function getLiveStats(db) {
292
+ async function getLiveStats() {
292
293
  try {
293
- const users = db.prepare('SELECT COUNT(*) as n FROM users WHERE role != ?').get('system').n;
294
- const products = db.prepare("SELECT COUNT(*) as n FROM products WHERE status = 'active'").get().n;
295
- const orders = db.prepare('SELECT COUNT(*) as n FROM orders').get().n;
296
- const completed = db.prepare("SELECT COUNT(*) as n FROM orders WHERE status = 'completed'").get().n;
297
- const disputes = db.prepare('SELECT COUNT(*) as n FROM disputes').get().n;
298
- const skills = db.prepare("SELECT COUNT(*) as n FROM skills WHERE active = 1").get().n;
299
- const totalVolume = db.prepare("SELECT COALESCE(SUM(total_amount),0) as v FROM orders WHERE status = 'completed'").get().v;
294
+ const n = async (sql, params = []) => ((await dbOne(sql, params))?.n ?? 0);
295
+ const users = await n('SELECT COUNT(*) as n FROM users WHERE role != ?', ['system']);
296
+ const products = await n("SELECT COUNT(*) as n FROM products WHERE status = 'active'");
297
+ const orders = await n('SELECT COUNT(*) as n FROM orders');
298
+ const completed = await n("SELECT COUNT(*) as n FROM orders WHERE status = 'completed'");
299
+ const disputes = await n('SELECT COUNT(*) as n FROM disputes');
300
+ const skills = await n("SELECT COUNT(*) as n FROM skills WHERE active = 1");
301
+ const totalVolume = ((await dbOne("SELECT COALESCE(SUM(total_amount),0) as v FROM orders WHERE status = 'completed'"))?.v ?? 0);
300
302
  return { users, active_products: products, total_orders: orders, completed_orders: completed, total_disputes: disputes, active_skills: skills, total_volume_dcp: totalVolume };
301
303
  }
302
304
  catch {