npm - @seasonkoh/webaz - Versions diffs - 0.1.24 → 0.1.26 - Mend

@seasonkoh/webaz 0.1.24 → 0.1.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (195) hide show

package/README.md +5 -1
package/dist/layer0-foundation/L0-1-database/db-backends/pg-backend.js +51 -0
package/dist/layer0-foundation/L0-1-database/db-backends/sql-dialect-datetime.js +437 -0
package/dist/layer0-foundation/L0-1-database/db-backends/sql-placeholders.js +98 -0
package/dist/layer0-foundation/L0-1-database/db.js +65 -0
package/dist/layer0-foundation/L0-2-state-machine/order-chain.js +13 -11
package/dist/layer0-foundation/L0-2-state-machine/transitions.js +1 -1
package/dist/layer0-foundation/L0-5-manifest/manifest.js +13 -11
package/dist/layer1-agent/L1-1-mcp-server/server.js +288 -208
package/dist/layer1-agent/L1-2-external-anchor/anchor-engine.js +14 -12
package/dist/layer2-business/L2-6-notifications/notification-engine.js +8 -5
package/dist/layer2-business/L2-7-snf/snf-engine.js +16 -14
package/dist/layer2-business/L2-8-feedback/build-feedback-engine.js +18 -10
package/dist/layer2-business/L2-9-contribution/build-reputation-engine.js +37 -23
package/dist/layer2-business/L2-9-contribution/build-task-agent-metadata-store.js +182 -0
package/dist/layer2-business/L2-9-contribution/build-task-participation.js +47 -0
package/dist/layer2-business/L2-9-contribution/build-task-read.js +222 -0
package/dist/layer2-business/L2-9-contribution/build-tasks-engine.js +11 -3
package/dist/layer2-business/L2-9-contribution/canonical-contribution-target.js +16 -0
package/dist/layer2-business/L2-9-contribution/contribution-display-envelope.js +40 -0
package/dist/layer2-business/L2-9-contribution/contribution-score-contract.js +36 -0
package/dist/layer2-business/L2-9-contribution/contribution-score-evidence.js +61 -0
package/dist/layer2-business/L2-9-contribution/github-credential/canonical.js +60 -0
package/dist/layer2-business/L2-9-contribution/github-credential/github-credential.schema.js +140 -0
package/dist/layer2-business/L2-9-contribution/github-credential/github-fetch-adapter.js +437 -0
package/dist/layer2-business/L2-9-contribution/github-credential/self-consistency.js +38 -0
package/dist/layer2-business/L2-9-contribution/github-credential/verifier.js +231 -0
package/dist/layer2-business/L2-9-contribution/github-credential-ingestion-engine.js +145 -0
package/dist/layer2-business/L2-9-contribution/github-credential-store.js +115 -0
package/dist/layer2-business/L2-9-contribution/identity-binding-engine.js +134 -0
package/dist/layer2-business/L2-9-contribution/identity-binding-store.js +101 -0
package/dist/layer2-business/L2-9-contribution/identity-claim-challenge-engine.js +126 -0
package/dist/layer2-business/L2-9-contribution/identity-claim-challenge-store.js +30 -0
package/dist/layer2-business/L2-9-contribution/identity-claim-discovery.js +55 -0
package/dist/layer2-business/L2-9-contribution/identity-claim-engine.js +109 -0
package/dist/layer2-business/L2-9-contribution/identity-claim-fact-precondition.js +22 -0
package/dist/layer2-business/L2-9-contribution/identity-claim-proof-verifier.js +97 -0
package/dist/layer2-business/L2-9-contribution/identity-claim-read.js +59 -0
package/dist/layer2-business/L2-9-contribution/task-proposal-ai-store.js +99 -0
package/dist/layer2-business/L2-9-contribution/task-proposal-draft.js +191 -0
package/dist/layer2-business/L2-9-contribution/task-proposal-store.js +129 -0
package/dist/layer2-business/L2-notes/note-photo-storage.js +4 -2
package/dist/layer3-trust/L3-1-dispute-engine/dispute-engine.js +17 -15
package/dist/layer3-trust/L3-1-dispute-engine/evidence-storage.js +11 -8
package/dist/layer4-economics/L4-3-reputation/reputation-engine.js +9 -8
package/dist/layer4-economics/L4-4-skill-market/skill-engine.js +11 -8
package/dist/layer4-economics/L4-4-skill-market/skill-listing-engine.js +22 -16
package/dist/pwa/acp-feed.js +13 -1
package/dist/pwa/admin-bearer-auth.js +21 -0
package/dist/pwa/contract-fingerprint.js +2 -0
package/dist/pwa/email-delivery.js +127 -0
package/dist/pwa/endpoint-actions.js +5 -1
package/dist/pwa/goal-index.js +8 -8
package/dist/pwa/human-presence.js +62 -0
package/dist/pwa/public/app.js +1485 -283
package/dist/pwa/public/i18n.js +297 -59
package/dist/pwa/public/index.html +1 -0
package/dist/pwa/public/openapi.json +5 -5
package/dist/pwa/public/whitepaper/en/index.html +153 -0
package/dist/pwa/public/whitepaper/zh-CN/index.html +153 -0
package/dist/pwa/rate-limit.js +22 -0
package/dist/pwa/routes/account-deletion.js +15 -13
package/dist/pwa/routes/addresses.js +10 -9
package/dist/pwa/routes/admin-admins.js +13 -14
package/dist/pwa/routes/admin-analytics.js +109 -69
package/dist/pwa/routes/admin-atomic.js +10 -4
package/dist/pwa/routes/admin-catalog.js +13 -11
package/dist/pwa/routes/admin-editor-picks.js +15 -10
package/dist/pwa/routes/admin-events.js +5 -3
package/dist/pwa/routes/admin-health.js +2 -1
package/dist/pwa/routes/admin-moderation.js +50 -29
package/dist/pwa/routes/admin-ops.js +35 -23
package/dist/pwa/routes/admin-protocol-params.js +16 -19
package/dist/pwa/routes/admin-reports.js +23 -21
package/dist/pwa/routes/admin-tokenomics.js +26 -25
package/dist/pwa/routes/admin-users-lifecycle.js +37 -40
package/dist/pwa/routes/admin-users-query.js +65 -53
package/dist/pwa/routes/admin-verifier-flow.js +82 -41
package/dist/pwa/routes/admin-verifier-whitelist.js +55 -27
package/dist/pwa/routes/admin-wallet-ops.js +32 -7
package/dist/pwa/routes/agent-buy.js +46 -22
package/dist/pwa/routes/agent-governance.js +52 -56
package/dist/pwa/routes/ai.js +7 -5
package/dist/pwa/routes/analytics.js +43 -41
package/dist/pwa/routes/anchors.js +19 -20
package/dist/pwa/routes/announcements.js +13 -13
package/dist/pwa/routes/arbitrator.js +97 -31
package/dist/pwa/routes/auction.js +157 -116
package/dist/pwa/routes/auth-login.js +6 -4
package/dist/pwa/routes/auth-read.js +21 -10
package/dist/pwa/routes/auth-register.js +111 -26
package/dist/pwa/routes/auth-sessions.js +12 -11
package/dist/pwa/routes/blocklist.js +16 -15
package/dist/pwa/routes/build-feedback.js +10 -9
package/dist/pwa/routes/build-reputation.js +6 -2
package/dist/pwa/routes/build-tasks.js +45 -13
package/dist/pwa/routes/buyer-feeds.js +27 -25
package/dist/pwa/routes/cart.js +16 -15
package/dist/pwa/routes/charity.js +212 -150
package/dist/pwa/routes/chat.js +42 -43
package/dist/pwa/routes/checkin-tasks.js +10 -9
package/dist/pwa/routes/checkout-helpers.js +12 -10
package/dist/pwa/routes/claim-initiators.js +34 -14
package/dist/pwa/routes/claim-verify.js +86 -53
package/dist/pwa/routes/claim-voting.js +43 -18
package/dist/pwa/routes/contribution-identity.js +164 -0
package/dist/pwa/routes/contribution-score.js +19 -0
package/dist/pwa/routes/coupons.js +19 -16
package/dist/pwa/routes/dashboards.js +18 -16
package/dist/pwa/routes/dispute-cases.js +25 -24
package/dist/pwa/routes/disputes-read.js +45 -51
package/dist/pwa/routes/disputes-write.js +124 -61
package/dist/pwa/routes/evidence.js +9 -9
package/dist/pwa/routes/external-anchors.js +13 -12
package/dist/pwa/routes/feedback.js +29 -33
package/dist/pwa/routes/flash-sales.js +18 -16
package/dist/pwa/routes/follows.js +25 -24
package/dist/pwa/routes/governance-auto-deactivate.js +21 -9
package/dist/pwa/routes/governance-onboarding.js +70 -59
package/dist/pwa/routes/group-buys.js +22 -22
package/dist/pwa/routes/growth.js +34 -31
package/dist/pwa/routes/import-product.js +12 -10
package/dist/pwa/routes/kyc.js +9 -8
package/dist/pwa/routes/leaderboard.js +20 -18
package/dist/pwa/routes/listings.js +23 -22
package/dist/pwa/routes/logistics.js +10 -8
package/dist/pwa/routes/manifests.js +27 -27
package/dist/pwa/routes/me-data.js +23 -21
package/dist/pwa/routes/notifications.js +7 -6
package/dist/pwa/routes/offers.js +30 -12
package/dist/pwa/routes/orders-action.js +51 -29
package/dist/pwa/routes/orders-create.js +75 -20
package/dist/pwa/routes/orders-read.js +21 -20
package/dist/pwa/routes/p2p-products.js +30 -18
package/dist/pwa/routes/payments-governance.js +61 -56
package/dist/pwa/routes/peers.js +9 -8
package/dist/pwa/routes/pin-receipts.js +13 -13
package/dist/pwa/routes/products-aliases.js +12 -10
package/dist/pwa/routes/products-claims.js +36 -17
package/dist/pwa/routes/products-create.js +53 -38
package/dist/pwa/routes/products-crud.js +17 -16
package/dist/pwa/routes/products-links.js +49 -26
package/dist/pwa/routes/products-list.js +6 -4
package/dist/pwa/routes/products-meta.js +40 -39
package/dist/pwa/routes/products-update.js +19 -5
package/dist/pwa/routes/profile-credentials.js +20 -19
package/dist/pwa/routes/profile-identity.js +14 -13
package/dist/pwa/routes/profile-location.js +7 -6
package/dist/pwa/routes/profile-placement.js +20 -19
package/dist/pwa/routes/profile-prefs.js +11 -11
package/dist/pwa/routes/promoter.js +58 -66
package/dist/pwa/routes/public-build-tasks.js +19 -0
package/dist/pwa/routes/public-utils.js +108 -46
package/dist/pwa/routes/push.js +16 -15
package/dist/pwa/routes/ratings.js +92 -32
package/dist/pwa/routes/recover-key.js +66 -26
package/dist/pwa/routes/referral.js +37 -52
package/dist/pwa/routes/reputation.js +3 -2
package/dist/pwa/routes/returns.js +76 -73
package/dist/pwa/routes/reviews.js +41 -18
package/dist/pwa/routes/rewards-apply.js +16 -15
package/dist/pwa/routes/rewards-auto-downgrade.js +9 -7
package/dist/pwa/routes/rewards-escrow-expire.js +7 -5
package/dist/pwa/routes/rfqs.js +163 -85
package/dist/pwa/routes/search.js +16 -14
package/dist/pwa/routes/secondhand.js +25 -22
package/dist/pwa/routes/seller-quota.js +24 -26
package/dist/pwa/routes/share-redirects.js +60 -55
package/dist/pwa/routes/shareables-interactions.js +34 -35
package/dist/pwa/routes/shareables.js +55 -51
package/dist/pwa/routes/shop-referral.js +58 -0
package/dist/pwa/routes/shops.js +25 -20
package/dist/pwa/routes/signaling.js +10 -9
package/dist/pwa/routes/skill-market.js +16 -16
package/dist/pwa/routes/skills.js +15 -14
package/dist/pwa/routes/snf.js +14 -13
package/dist/pwa/routes/tags.js +10 -9
package/dist/pwa/routes/task-proposals.js +121 -0
package/dist/pwa/routes/trial.js +72 -52
package/dist/pwa/routes/trusted-kpi.js +20 -18
package/dist/pwa/routes/url-claim.js +67 -28
package/dist/pwa/routes/users-public.js +62 -70
package/dist/pwa/routes/variants.js +12 -13
package/dist/pwa/routes/verifier-user.js +61 -21
package/dist/pwa/routes/verify-tasks.js +49 -25
package/dist/pwa/routes/waitlist.js +16 -15
package/dist/pwa/routes/wallet-read.js +75 -37
package/dist/pwa/routes/wallet-write.js +12 -9
package/dist/pwa/routes/webauthn.js +25 -26
package/dist/pwa/routes/webhooks.js +26 -26
package/dist/pwa/routes/welcome.js +45 -50
package/dist/pwa/routes/wishlist-qa.js +29 -32
package/dist/pwa/server.js +304 -90
package/dist/version.js +1 -1
package/package.json +76 -3

package/dist/pwa/routes/charity.js CHANGED Viewed

@@ -1,4 +1,11 @@
 import { createHash, createHmac, randomBytes } from 'node:crypto';
+import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js';
+// RFC-016 Phase 1 — 仅端点纯校验读/公开列表/读回 + 单语句标记/CAS/通知写 → async seam。
+// 保持同步(Phase 3 再用 pg tx/行锁):
+//   - 模块级 helper ensureCharityRep(被多个 tx 内部调用)/ isCharityBlocked(为一致性);
+//   - 两个 cron 函数 expireCharityWishes / autoAcceptExpiredRepayments 整体(逐项 db.transaction 写,
+//     由 server.ts 同步 runEnforcement 调用,不动该扫描循环);
+//   - 所有端点 db.transaction 钱块(发布/确认/取消/还愿/响应/捐款/下架/拨款)。
 // ─── 域常量 ───────────────────────────────────────────────
 const CHARITY_CATEGORIES = ['medical', 'education', 'daily', 'elderly', 'disaster', 'tech', 'other'];
 const CHARITY_CATEGORY_LABEL = {
@@ -129,7 +136,7 @@ export function autoAcceptExpiredRepayments(db) {
 export function registerCharityRoutes(app, deps) {
     const { db, auth, generateId, rateLimitOk, getUser, isTrustedRole, requireContentAdmin, requireProtocolAdmin, fireWebhooks } = deps;
     // POST /api/wishes — 发布愿望
-    app.post('/api/wishes', (req, res) => {
+    app.post('/api/wishes', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -154,7 +161,7 @@ export function registerCharityRoutes(app, deps) {
         const windowHours = Math.max(CHARITY_WINDOW_MIN_HOURS, Math.min(CHARITY_WINDOW_MAX_HOURS, Math.floor(Number(body.window_hours || 168))));
         const allowPublic = body.allow_public ? 1 : 0;
         // 月度上限
-        const monthly = db.prepare("SELECT COUNT(1) as n FROM wishes WHERE user_id = ? AND created_at > datetime('now','-30 days')").get(user.id).n;
+        const monthly = (await dbOne("SELECT COUNT(1) as n FROM wishes WHERE user_id = ? AND created_at > datetime('now','-30 days')", [user.id])).n;
         if (monthly >= CHARITY_MONTHLY_WISH_CAP)
             return void res.json({ error: `月度许愿上限 ${CHARITY_MONTHLY_WISH_CAP} 个，请下月再来` });
         // 现金类需托管
@@ -169,7 +176,7 @@ export function registerCharityRoutes(app, deps) {
             // 卖家承诺托管：可选 — 锁仓 0 表示纯协调（不推荐），>0 表示真托管
             const lockSelf = body.escrow_self ? Number(body.target_waz) : 0;
             if (lockSelf > 0) {
-                const w = db.prepare('SELECT balance FROM wallets WHERE user_id = ?').get(user.id);
+                const w = await dbOne('SELECT balance FROM wallets WHERE user_id = ?', [user.id]);
                 if (!w || w.balance < lockSelf)
                     return void res.json({ error: '余额不足以自托管' });
                 escrow = lockSelf;
@@ -179,19 +186,30 @@ export function registerCharityRoutes(app, deps) {
         // P2.1 修复：去掉 secret_keep_safe（无 reveal 端点用不上，节省一次握手）
         const commitHash = createHash('sha256').update(`${user.id}|${randomBytes(16).toString('hex')}|${id}|${Date.now()}`).digest('hex');
         const wisherHandle = charityAnonHandle(user.id, id, 'wisher');
-        db.transaction(() => {
-            db.prepare(`INSERT INTO wishes (id, user_id, wisher_handle, category, title, content, target_kind, target_waz, escrow_locked, commit_hash, allow_public, expires_at)
-                  VALUES (?,?,?,?,?,?,?,?,?,?,?, datetime('now', '+' || ? || ' hours'))`).run(id, user.id, wisherHandle, cat, title, content, targetKind, targetWaz, escrow, commitHash, allowPublic, windowHours);
-            if (escrow > 0) {
-                db.prepare('UPDATE wallets SET balance = balance - ?, staked = staked + ? WHERE user_id = ?').run(escrow, escrow, user.id);
-            }
-            ensureCharityRep(db, user.id);
-            db.prepare("UPDATE charity_reputation SET wishes_made = wishes_made + 1, last_active = datetime('now') WHERE user_id = ?").run(user.id);
-        })();
+        // Codex #238 P1:await 余额预检与同步 tx 间有 yield;escrow 扣款带 balance>=escrow 守卫,
+        // changes!==1 即并发已花掉余额 → 抛回滚(连带回滚已插 wish),杜绝超额自助托管。
+        try {
+            db.transaction(() => {
+                db.prepare(`INSERT INTO wishes (id, user_id, wisher_handle, category, title, content, target_kind, target_waz, escrow_locked, commit_hash, allow_public, expires_at)
+                    VALUES (?,?,?,?,?,?,?,?,?,?,?, datetime('now', '+' || ? || ' hours'))`).run(id, user.id, wisherHandle, cat, title, content, targetKind, targetWaz, escrow, commitHash, allowPublic, windowHours);
+                if (escrow > 0) {
+                    const d = db.prepare('UPDATE wallets SET balance = balance - ?, staked = staked + ? WHERE user_id = ? AND balance >= ?').run(escrow, escrow, user.id, escrow);
+                    if (d.changes !== 1)
+                        throw new Error('CHARITY_INSUFFICIENT_BALANCE');
+                }
+                ensureCharityRep(db, user.id);
+                db.prepare("UPDATE charity_reputation SET wishes_made = wishes_made + 1, last_active = datetime('now') WHERE user_id = ?").run(user.id);
+            })();
+        }
+        catch (e) {
+            if (e.message === 'CHARITY_INSUFFICIENT_BALANCE')
+                return void res.json({ error: '余额不足，无法锁定自助托管金' });
+            throw e;
+        }
         res.json({ id, wisher_handle: wisherHandle, escrow_locked: escrow });
     });
     // GET /api/wishes — 浏览（匿名可访问）
-    app.get('/api/wishes', (req, res) => {
+    app.get('/api/wishes', async (req, res) => {
         const where = ["status IN ('open','claimed')"];
         const args = [];
         if (req.query.category && isCharityCategory(String(req.query.category))) {
@@ -215,7 +233,7 @@ export function registerCharityRoutes(app, deps) {
             args.push('%' + qE + '%', '%' + qE + '%');
         }
         const limit = Math.min(100, Math.max(1, Number(req.query.limit) || 30));
-        const rows = db.prepare(`
+        const rows = await dbAll(`
       SELECT id, wisher_handle, category, title,
              substr(content, 1, 120) as content_preview,
              target_kind, target_waz, escrow_locked, status, allow_public,
@@ -224,29 +242,29 @@ export function registerCharityRoutes(app, deps) {
       WHERE ${where.join(' AND ')}
       ORDER BY created_at DESC
       LIMIT ?
-    `).all(...args, limit);
+    `, [...args, limit]);
         res.json({ items: rows, categories: CHARITY_CATEGORIES, category_labels: CHARITY_CATEGORY_LABEL });
     });
     // GET /api/wishes/:id — 详情
-    app.get('/api/wishes/:id', (req, res) => {
+    app.get('/api/wishes/:id', async (req, res) => {
         const id = req.params.id;
-        const w = db.prepare(`SELECT * FROM wishes WHERE id = ?`).get(id);
+        const w = await dbOne(`SELECT * FROM wishes WHERE id = ?`, [id]);
         if (!w)
             return void res.json({ error: '愿望不存在' });
         const me = getUser(req);
         const isWisher = !!me && me.id === w.user_id;
         const isFulfiller = !!me && me.id === w.fulfiller_user_id;
-        const fulfillments = db.prepare(`
+        const fulfillments = await dbAll(`
       SELECT id, fulfiller_handle, proof_hash, proof_note, status,
              confirmed_at, disclose_wisher, disclose_fulfiller, disclosed_at, created_at
       FROM wish_fulfillments WHERE wish_id = ?
       ORDER BY created_at DESC
-    `).all(id);
-        const repayments = db.prepare(`
+    `, [id]);
+        const repayments = await dbAll(`
       SELECT id, fulfillment_id, amount, note, status, responded_at, auto_expire_at, created_at
       FROM wish_repayments WHERE wish_id = ?
       ORDER BY created_at DESC
-    `).all(id);
+    `, [id]);
         res.json({
             id: w.id, wisher_handle: w.wisher_handle, category: w.category, title: w.title,
             content: w.content, target_kind: w.target_kind, target_waz: w.target_waz,
@@ -260,7 +278,7 @@ export function registerCharityRoutes(app, deps) {
     // POST /api/wishes/:id/fulfill — 圆梦人认领
     // #1018 改名：原 /claim path 与 claim-initiators 的 wish_claim_task (fraud claim) 冲突
     // /claim 让 fraud-claim 独占（与 secondhand/auctions 三垂类对称）
-    app.post('/api/wishes/:id/fulfill', (req, res) => {
+    app.post('/api/wishes/:id/fulfill', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -270,29 +288,28 @@ export function registerCharityRoutes(app, deps) {
         const blocked = isCharityBlocked(db, user.id);
         if (blocked.blocked)
             return void res.json({ error: `已被暂时禁言：${blocked.reason}`, blocklist_reason: blocked.reason, blocklist_until: blocked.until });
-        const w = db.prepare(`SELECT user_id, status FROM wishes WHERE id = ?`).get(id);
+        const w = await dbOne(`SELECT user_id, status FROM wishes WHERE id = ?`, [id]);
         if (!w)
             return void res.json({ error: '愿望不存在' });
         if (w.status !== 'open')
             return void res.json({ error: '该愿望已被认领或已结束' });
         if (w.user_id === user.id) {
             // 反自施善（防自己给自己许愿圆满，套取威望）：直接封锁 30 天
-            db.prepare("INSERT OR REPLACE INTO charity_blocklist (user_id, reason, until) VALUES (?, 'self_fulfill_fraud', datetime('now','+30 days'))").run(user.id);
+            await dbRun("INSERT OR REPLACE INTO charity_blocklist (user_id, reason, until) VALUES (?, 'self_fulfill_fraud', datetime('now','+30 days'))", [user.id]);
             return void res.json({ error: '禁止圆自己的愿。已封锁 30 天。' });
         }
-        const monthly = db.prepare("SELECT COUNT(1) as n FROM wishes WHERE fulfiller_user_id = ? AND claimed_at > datetime('now','-30 days')").get(user.id).n;
+        const monthly = (await dbOne("SELECT COUNT(1) as n FROM wishes WHERE fulfiller_user_id = ? AND claimed_at > datetime('now','-30 days')", [user.id])).n;
         if (monthly >= CHARITY_MONTHLY_FULFILL_CAP)
             return void res.json({ error: `月度施善上限 ${CHARITY_MONTHLY_FULFILL_CAP} 次` });
-        const claimRes = db.prepare(`UPDATE wishes SET status='claimed', fulfiller_user_id=?, claimed_at=datetime('now')
-                WHERE id = ? AND status='open'`).run(user.id, id);
+        const claimRes = await dbRun(`UPDATE wishes SET status='claimed', fulfiller_user_id=?, claimed_at=datetime('now')
+                WHERE id = ? AND status='open'`, [user.id, id]);
         if (claimRes.changes === 0)
             return void res.json({ error: '该愿望已被他人认领，请刷新' });
         // P2.4 通知：许愿人收到"你的愿望被认领"
         try {
-            const t = db.prepare('SELECT title FROM wishes WHERE id = ?').get(id).title;
-            db.prepare(`INSERT INTO notifications (id, user_id, wish_id, type, title, body, created_at)
-                  VALUES (?,?,?,'wish_claimed',?,?,datetime('now'))`)
-                .run(generateId('ntf'), w.user_id, id, '🤝 你的愿望被认领', `「${t}」 施善人已开始行动，请等待证据`);
+            const t = (await dbOne('SELECT title FROM wishes WHERE id = ?', [id])).title;
+            await dbRun(`INSERT INTO notifications (id, user_id, wish_id, type, title, body, created_at)
+                  VALUES (?,?,?,'wish_claimed',?,?,datetime('now'))`, [generateId('ntf'), w.user_id, id, '🤝 你的愿望被认领', `「${t}」 施善人已开始行动，请等待证据`]);
         }
         catch (e) {
             console.error('[charity notify claim]', e);
@@ -300,14 +317,14 @@ export function registerCharityRoutes(app, deps) {
         res.json({ ok: true, claim_timeout_hours: CHARITY_CLAIM_TIMEOUT_HOURS });
     });
     // POST /api/wishes/:id/proof — 提交证据
-    app.post('/api/wishes/:id/proof', (req, res) => {
+    app.post('/api/wishes/:id/proof', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         if (!rateLimitOk(req.ip || '', 30, 60_000))
             return void res.status(429).json({ error: '请求过于频繁' });
         const id = req.params.id;
-        const w = db.prepare(`SELECT user_id, fulfiller_user_id, status FROM wishes WHERE id = ?`).get(id);
+        const w = await dbOne(`SELECT user_id, fulfiller_user_id, status FROM wishes WHERE id = ?`, [id]);
         if (!w)
             return void res.json({ error: '愿望不存在' });
         if (w.fulfiller_user_id !== user.id)
@@ -323,14 +340,13 @@ export function registerCharityRoutes(app, deps) {
         const sig = createHmac('sha256', user.api_key).update(`${id}|${proofHash}`).digest('hex');
         const fid = generateId('wf');
         const handle = charityAnonHandle(user.id, id, 'fulfiller');
-        db.prepare(`INSERT INTO wish_fulfillments (id, wish_id, fulfiller_user_id, fulfiller_handle, proof_hash, proof_note, fulfiller_sig)
-                VALUES (?,?,?,?,?,?,?)`).run(fid, id, user.id, handle, proofHash, proofNote, sig);
+        await dbRun(`INSERT INTO wish_fulfillments (id, wish_id, fulfiller_user_id, fulfiller_handle, proof_hash, proof_note, fulfiller_sig)
+                VALUES (?,?,?,?,?,?,?)`, [fid, id, user.id, handle, proofHash, proofNote, sig]);
         // P2.4 通知：许愿人收到"施善证据已提交，请确认"
         try {
-            const t = db.prepare('SELECT title FROM wishes WHERE id = ?').get(id).title;
-            db.prepare(`INSERT INTO notifications (id, user_id, wish_id, type, title, body, created_at)
-                  VALUES (?,?,?,'wish_proof',?,?,datetime('now'))`)
-                .run(generateId('ntf'), w.user_id, id, '📤 施善证据已提交', `「${t}」 请尽快确认（14 天不响应会自动确认）`);
+            const t = (await dbOne('SELECT title FROM wishes WHERE id = ?', [id])).title;
+            await dbRun(`INSERT INTO notifications (id, user_id, wish_id, type, title, body, created_at)
+                  VALUES (?,?,?,'wish_proof',?,?,datetime('now'))`, [generateId('ntf'), w.user_id, id, '📤 施善证据已提交', `「${t}」 请尽快确认（14 天不响应会自动确认）`]);
         }
         catch (e) {
             console.error('[charity notify proof]', e);
@@ -338,14 +354,14 @@ export function registerCharityRoutes(app, deps) {
         res.json({ id: fid, fulfiller_handle: handle, signature: sig });
     });
     // POST /api/wishes/:id/confirm — 许愿人确认
-    app.post('/api/wishes/:id/confirm', (req, res) => {
+    app.post('/api/wishes/:id/confirm', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         if (!rateLimitOk(req.ip || '', 30, 60_000))
             return void res.status(429).json({ error: '请求过于频繁' });
         const id = req.params.id;
-        const w = db.prepare(`SELECT * FROM wishes WHERE id = ?`).get(id);
+        const w = await dbOne(`SELECT * FROM wishes WHERE id = ?`, [id]);
         if (!w)
             return void res.json({ error: '愿望不存在' });
         if (w.user_id !== user.id)
@@ -353,7 +369,7 @@ export function registerCharityRoutes(app, deps) {
         if (w.status !== 'claimed')
             return void res.json({ error: '当前状态不可确认' });
         const fid = String(req.body.fulfillment_id || '');
-        const wf = db.prepare(`SELECT * FROM wish_fulfillments WHERE id = ? AND wish_id = ?`).get(fid, id);
+        const wf = await dbOne(`SELECT * FROM wish_fulfillments WHERE id = ? AND wish_id = ?`, [fid, id]);
         if (!wf)
             return void res.json({ error: '证据不存在' });
         if (wf.status !== 'proof_pending')
@@ -388,9 +404,8 @@ export function registerCharityRoutes(app, deps) {
             return void res.json({ error: '该证据已被处理，请刷新' });
         // P2.4 通知：施善人收到"许愿人已确认"
         try {
-            db.prepare(`INSERT INTO notifications (id, user_id, wish_id, type, title, body, created_at)
-                  VALUES (?,?,?,'wish_confirmed',?,?,datetime('now'))`)
-                .run(generateId('ntf'), w.fulfiller_user_id, id, '✓ 许愿人已确认圆梦', `「${w.title}」 +10 威望已入账`);
+            await dbRun(`INSERT INTO notifications (id, user_id, wish_id, type, title, body, created_at)
+                  VALUES (?,?,?,'wish_confirmed',?,?,datetime('now'))`, [generateId('ntf'), w.fulfiller_user_id, id, '✓ 许愿人已确认圆梦', `「${w.title}」 +10 威望已入账`]);
         }
         catch (e) {
             console.error('[charity notify confirm]', e);
@@ -400,19 +415,19 @@ export function registerCharityRoutes(app, deps) {
         res.json({ ok: true, wisher_sig: wisherSig });
     });
     // POST /api/wishes/:id/disclose — 申请公开（双方同意才公开）
-    app.post('/api/wishes/:id/disclose', (req, res) => {
+    app.post('/api/wishes/:id/disclose', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const id = req.params.id;
-        const w = db.prepare(`SELECT user_id, fulfiller_user_id, status, allow_public FROM wishes WHERE id = ?`).get(id);
+        const w = await dbOne(`SELECT user_id, fulfiller_user_id, status, allow_public FROM wishes WHERE id = ?`, [id]);
         if (!w)
             return void res.json({ error: '愿望不存在' });
         if (w.status !== 'completed')
             return void res.json({ error: '仅完成后可申请公开' });
         if (!w.allow_public)
             return void res.json({ error: '该愿望已声明保持匿名，不可公开' });
-        const wf = db.prepare(`SELECT id, disclose_wisher, disclose_fulfiller FROM wish_fulfillments WHERE wish_id = ? AND status='confirmed' ORDER BY created_at DESC LIMIT 1`).get(id);
+        const wf = await dbOne(`SELECT id, disclose_wisher, disclose_fulfiller FROM wish_fulfillments WHERE wish_id = ? AND status='confirmed' ORDER BY created_at DESC LIMIT 1`, [id]);
         if (!wf)
             return void res.json({ error: '未找到对应证据' });
         let update = null;
@@ -422,64 +437,74 @@ export function registerCharityRoutes(app, deps) {
             update = 'disclose_fulfiller = 1';
         else
             return void res.json({ error: '非当事人不可申请公开' });
-        db.prepare(`UPDATE wish_fulfillments SET ${update} WHERE id = ?`).run(wf.id);
+        await dbRun(`UPDATE wish_fulfillments SET ${update} WHERE id = ?`, [wf.id]);
         // 双方都同意 → 标记 disclosed_at
-        const both = db.prepare(`SELECT disclose_wisher, disclose_fulfiller FROM wish_fulfillments WHERE id = ?`).get(wf.id);
+        const both = (await dbOne(`SELECT disclose_wisher, disclose_fulfiller FROM wish_fulfillments WHERE id = ?`, [wf.id]));
         let disclosed = false;
         if (both.disclose_wisher && both.disclose_fulfiller) {
-            db.prepare(`UPDATE wish_fulfillments SET disclosed_at = datetime('now') WHERE id = ?`).run(wf.id);
+            await dbRun(`UPDATE wish_fulfillments SET disclosed_at = datetime('now') WHERE id = ?`, [wf.id]);
             disclosed = true;
         }
         res.json({ ok: true, disclosed, wisher_agreed: !!both.disclose_wisher, fulfiller_agreed: !!both.disclose_fulfiller });
     });
     // POST /api/wishes/:id/cancel — 许愿人取消（仅 open 状态）
-    app.post('/api/wishes/:id/cancel', (req, res) => {
+    app.post('/api/wishes/:id/cancel', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const id = req.params.id;
-        const w = db.prepare(`SELECT user_id, status, escrow_locked FROM wishes WHERE id = ?`).get(id);
+        const w = await dbOne(`SELECT user_id, status, escrow_locked FROM wishes WHERE id = ?`, [id]);
         if (!w)
             return void res.json({ error: '愿望不存在' });
         if (w.user_id !== user.id)
             return void res.json({ error: '仅许愿人可取消' });
         if (w.status !== 'open')
             return void res.json({ error: '已认领或已完成的愿望不可取消' });
-        db.transaction(() => {
-            db.prepare("UPDATE wishes SET status='cancelled' WHERE id = ?").run(id);
-            if (w.escrow_locked > 0) {
-                db.prepare('UPDATE wallets SET balance = balance + ?, staked = staked - ? WHERE user_id = ?').run(w.escrow_locked, w.escrow_locked, user.id);
-            }
-        })();
+        // Codex #238 P1:tx 内先 CAS open→cancelled,changes!==1 即并发已认领/取消 → 抛回滚,先于释放 escrow,杜绝双退。
+        try {
+            db.transaction(() => {
+                const c = db.prepare("UPDATE wishes SET status='cancelled' WHERE id = ? AND status = 'open'").run(id);
+                if (c.changes !== 1)
+                    throw new Error('WISH_NOT_OPEN');
+                if (w.escrow_locked > 0) {
+                    db.prepare('UPDATE wallets SET balance = balance + ?, staked = staked - ? WHERE user_id = ?').run(w.escrow_locked, w.escrow_locked, user.id);
+                }
+            })();
+        }
+        catch (e) {
+            if (e.message === 'WISH_NOT_OPEN')
+                return void res.json({ error: '已认领或已完成的愿望不可取消' });
+            throw e;
+        }
         res.json({ ok: true });
     });
     // GET /api/charity/me — 我的慈善档案
-    app.get('/api/charity/me', (req, res) => {
+    app.get('/api/charity/me', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         ensureCharityRep(db, user.id);
-        const rep = db.prepare(`SELECT * FROM charity_reputation WHERE user_id = ?`).get(user.id);
-        const myWishes = db.prepare(`SELECT id, wisher_handle, category, title, status, target_kind, target_waz, expires_at, created_at, completed_at
-                                 FROM wishes WHERE user_id = ? ORDER BY created_at DESC LIMIT 50`).all(user.id);
-        const myFulfilled = db.prepare(`
+        const rep = await dbOne(`SELECT * FROM charity_reputation WHERE user_id = ?`, [user.id]);
+        const myWishes = await dbAll(`SELECT id, wisher_handle, category, title, status, target_kind, target_waz, expires_at, created_at, completed_at
+                                 FROM wishes WHERE user_id = ? ORDER BY created_at DESC LIMIT 50`, [user.id]);
+        const myFulfilled = await dbAll(`
       SELECT w.id, w.title, w.category, w.target_kind, w.target_waz, w.status, w.completed_at, wf.fulfiller_handle, wf.status as wf_status
       FROM wish_fulfillments wf JOIN wishes w ON w.id = wf.wish_id
       WHERE wf.fulfiller_user_id = ? ORDER BY wf.created_at DESC LIMIT 50
-    `).all(user.id);
+    `, [user.id]);
         // 待我响应的还愿
-        const pendingRepays = db.prepare(`
+        const pendingRepays = await dbAll(`
       SELECT r.id, r.wish_id, r.amount, r.note, r.auto_expire_at, w.title
       FROM wish_repayments r JOIN wishes w ON w.id = r.wish_id
       WHERE r.fulfiller_user_id = ? AND r.status = 'offered'
       ORDER BY r.created_at DESC
-    `).all(user.id);
+    `, [user.id]);
         res.json({ reputation: rep, my_wishes: myWishes, my_fulfillments: myFulfilled, pending_repayments: pendingRepays });
     });
     // GET /api/charity/stories — 公开披露的故事板
-    app.get('/api/charity/stories', (req, res) => {
+    app.get('/api/charity/stories', async (req, res) => {
         const limit = Math.min(100, Math.max(1, Number(req.query.limit) || 30));
-        const rows = db.prepare(`
+        const rows = await dbAll(`
       SELECT w.id, w.category, w.title, w.content, w.target_kind, w.target_waz, w.completed_at,
              wf.disclosed_at, wf.proof_note,
              uw.handle as wisher_name, uw.region as wisher_region,
@@ -491,11 +516,11 @@ export function registerCharityRoutes(app, deps) {
       WHERE wf.disclosed_at IS NOT NULL
       ORDER BY wf.disclosed_at DESC
       LIMIT ?
-    `).all(limit);
+    `, [limit]);
         res.json({ items: rows });
     });
     // 还愿：许愿人发起
-    app.post('/api/wishes/:id/repay', (req, res) => {
+    app.post('/api/wishes/:id/repay', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -506,7 +531,7 @@ export function registerCharityRoutes(app, deps) {
         const amount = Number(body.amount);
         if (!Number.isFinite(amount) || amount < CHARITY_REPAY_MIN)
             return void res.json({ error: `金额需 ≥ ${CHARITY_REPAY_MIN} WAZ` });
-        const w = db.prepare(`SELECT user_id, fulfiller_user_id, status FROM wishes WHERE id = ?`).get(id);
+        const w = await dbOne(`SELECT user_id, fulfiller_user_id, status FROM wishes WHERE id = ?`, [id]);
         if (!w)
             return void res.json({ error: '愿望不存在' });
         if (w.user_id !== user.id)
@@ -514,29 +539,44 @@ export function registerCharityRoutes(app, deps) {
         if (w.status !== 'completed')
             return void res.json({ error: '仅已施善完成的愿望可还愿' });
         const fid = String(body.fulfillment_id || '');
-        const wf = db.prepare(`SELECT id, status FROM wish_fulfillments WHERE id = ? AND wish_id = ?`).get(fid, id);
+        const wf = await dbOne(`SELECT id, status FROM wish_fulfillments WHERE id = ? AND wish_id = ?`, [fid, id]);
         if (!wf || wf.status !== 'confirmed')
             return void res.json({ error: '证据不存在或未确认' });
         // 已发起的等待中还愿不可重复
-        const existing = db.prepare(`SELECT id FROM wish_repayments WHERE wish_id = ? AND status = 'offered'`).get(id);
+        const existing = await dbOne(`SELECT id FROM wish_repayments WHERE wish_id = ? AND status = 'offered'`, [id]);
         if (existing)
             return void res.json({ error: '已有进行中的还愿，请等待对方响应' });
         // 余额检查 + 锁仓
-        const wallet = db.prepare(`SELECT balance FROM wallets WHERE user_id = ?`).get(user.id);
+        const wallet = await dbOne(`SELECT balance FROM wallets WHERE user_id = ?`, [user.id]);
         if (!wallet || wallet.balance < amount)
             return void res.json({ error: '余额不足' });
         const rid = generateId('repay');
-        db.transaction(() => {
-            db.prepare(`INSERT INTO wish_repayments (id, wish_id, fulfillment_id, wisher_user_id, fulfiller_user_id, amount, note, locked, auto_expire_at)
-                  VALUES (?,?,?,?,?,?,?,?, datetime('now', '+${CHARITY_REPAY_AUTO_ACCEPT_DAYS} days'))`).run(rid, id, fid, user.id, w.fulfiller_user_id, amount, body.note ? String(body.note).slice(0, 300) : null, amount);
-            db.prepare(`UPDATE wallets SET balance = balance - ?, staked = staked + ? WHERE user_id = ?`).run(amount, amount, user.id);
-        })();
+        // Codex #238 P1:tx 内重检无并发 offered 还愿 + 余额守卫锁仓,任一失败回滚已插 repayment。
+        try {
+            db.transaction(() => {
+                const dup = db.prepare(`SELECT id FROM wish_repayments WHERE wish_id = ? AND status = 'offered'`).get(id);
+                if (dup)
+                    throw new Error('REPAY_EXISTS');
+                db.prepare(`INSERT INTO wish_repayments (id, wish_id, fulfillment_id, wisher_user_id, fulfiller_user_id, amount, note, locked, auto_expire_at)
+                    VALUES (?,?,?,?,?,?,?,?, datetime('now', '+${CHARITY_REPAY_AUTO_ACCEPT_DAYS} days'))`).run(rid, id, fid, user.id, w.fulfiller_user_id, amount, body.note ? String(body.note).slice(0, 300) : null, amount);
+                const d = db.prepare(`UPDATE wallets SET balance = balance - ?, staked = staked + ? WHERE user_id = ? AND balance >= ?`).run(amount, amount, user.id, amount);
+                if (d.changes !== 1)
+                    throw new Error('REPAY_INSUFFICIENT_BALANCE');
+            })();
+        }
+        catch (e) {
+            const m = e.message;
+            if (m === 'REPAY_EXISTS')
+                return void res.json({ error: '已有进行中的还愿，请等待对方响应' });
+            if (m === 'REPAY_INSUFFICIENT_BALANCE')
+                return void res.json({ error: '余额不足' });
+            throw e;
+        }
         // P2.4 通知：施善人收到"有人向你还愿"
         try {
-            const t = db.prepare('SELECT title FROM wishes WHERE id = ?').get(id).title;
-            db.prepare(`INSERT INTO notifications (id, user_id, wish_id, type, title, body, created_at)
-                  VALUES (?,?,?,'wish_repay',?,?,datetime('now'))`)
-                .run(generateId('ntf'), w.fulfiller_user_id, id, `🙏 有人向你还愿 ${amount} WAZ`, `「${t}」 可接受或谢绝转入慈善基金（7 天不响应自动接受）`);
+            const t = (await dbOne('SELECT title FROM wishes WHERE id = ?', [id])).title;
+            await dbRun(`INSERT INTO notifications (id, user_id, wish_id, type, title, body, created_at)
+                  VALUES (?,?,?,'wish_repay',?,?,datetime('now'))`, [generateId('ntf'), w.fulfiller_user_id, id, `🙏 有人向你还愿 ${amount} WAZ`, `「${t}」 可接受或谢绝转入慈善基金（7 天不响应自动接受）`]);
         }
         catch (e) {
             console.error('[charity notify repay]', e);
@@ -544,7 +584,7 @@ export function registerCharityRoutes(app, deps) {
         res.json({ id: rid, auto_accept_in_days: CHARITY_REPAY_AUTO_ACCEPT_DAYS });
     });
     // 施善人响应还愿（accept / decline_to_fund）
-    app.post('/api/wishes/:id/repay/:rid/respond', (req, res) => {
+    app.post('/api/wishes/:id/repay/:rid/respond', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -555,7 +595,7 @@ export function registerCharityRoutes(app, deps) {
         const choice = String(req.body.choice || '');
         if (!['accept', 'decline_to_fund'].includes(choice))
             return void res.json({ error: 'choice 必须是 accept 或 decline_to_fund' });
-        const r = db.prepare(`SELECT * FROM wish_repayments WHERE id = ? AND wish_id = ?`).get(rid, id);
+        const r = await dbOne(`SELECT * FROM wish_repayments WHERE id = ? AND wish_id = ?`, [rid, id]);
         if (!r)
             return void res.json({ error: '还愿不存在' });
         if (r.fulfiller_user_id !== user.id)
@@ -602,10 +642,9 @@ export function registerCharityRoutes(app, deps) {
         // P2.4 通知：许愿人收到响应
         try {
             const label = choice === 'accept' ? '已接受你的还愿' : '谢绝接受 · 已转入慈善基金';
-            const t = db.prepare('SELECT title FROM wishes WHERE id = ?').get(id).title;
-            db.prepare(`INSERT INTO notifications (id, user_id, wish_id, type, title, body, created_at)
-                  VALUES (?,?,?,'wish_repay_resp',?,?,datetime('now'))`)
-                .run(generateId('ntf'), r.wisher_user_id, id, `🌸 ${label}`, `「${t}」 ${choice === 'accept' ? '施善人已接受还愿' : '+8 威望已入账（含 +3 转捐荣誉）'}`);
+            const t = (await dbOne('SELECT title FROM wishes WHERE id = ?', [id])).title;
+            await dbRun(`INSERT INTO notifications (id, user_id, wish_id, type, title, body, created_at)
+                  VALUES (?,?,?,'wish_repay_resp',?,?,datetime('now'))`, [generateId('ntf'), r.wisher_user_id, id, `🌸 ${label}`, `「${t}」 ${choice === 'accept' ? '施善人已接受还愿' : '+8 威望已入账（含 +3 转捐荣誉）'}`]);
         }
         catch (e) {
             console.error('[charity notify repay resp]', e);
@@ -613,7 +652,7 @@ export function registerCharityRoutes(app, deps) {
         res.json({ ok: true, choice });
     });
     // 任何人捐款给慈善基金
-    app.post('/api/charity/fund/donate', (req, res) => {
+    app.post('/api/charity/fund/donate', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -626,47 +665,57 @@ export function registerCharityRoutes(app, deps) {
         const amount = Number(body.amount);
         if (!Number.isFinite(amount) || amount < CHARITY_DONATION_MIN)
             return void res.json({ error: `捐款需 ≥ ${CHARITY_DONATION_MIN} WAZ` });
-        const wallet = db.prepare(`SELECT balance FROM wallets WHERE user_id = ?`).get(user.id);
+        const wallet = await dbOne(`SELECT balance FROM wallets WHERE user_id = ?`, [user.id]);
         if (!wallet || wallet.balance < amount)
             return void res.json({ error: '余额不足' });
         // 当日已得荣誉上限
-        const todayHonor = db.prepare(`SELECT IFNULL(SUM(amount),0) as s FROM charity_fund_txns WHERE kind='donation' AND from_user_id = ? AND created_at > datetime('now','-1 day')`).get(user.id).s;
+        const todayHonor = (await dbOne(`SELECT IFNULL(SUM(amount),0) as s FROM charity_fund_txns WHERE kind='donation' AND from_user_id = ? AND created_at > datetime('now','-1 day')`, [user.id])).s;
         const remain = Math.max(0, CHARITY_DONATION_DAILY_HONOR_CAP - todayHonor);
         const honor = Math.min(amount, remain); // 1 WAZ = 1 honor，封顶 50/日
-        db.transaction(() => {
-            db.prepare(`UPDATE wallets SET balance = balance - ? WHERE user_id = ?`).run(amount, user.id);
-            db.prepare(`UPDATE charity_fund SET balance = balance + ?, total_donated = total_donated + ?, updated_at = datetime('now') WHERE id = 'main'`).run(amount, amount);
-            db.prepare(`INSERT INTO charity_fund_txns (id, kind, from_user_id, to_user_id, amount, note)
-                  VALUES (?, 'donation', ?, NULL, ?, ?)`).run(generateId('cft'), user.id, amount, body.note ? String(body.note).slice(0, 300) : null);
-            ensureCharityRep(db, user.id);
-            db.prepare(`UPDATE charity_reputation SET donation_total = donation_total + ?, donation_honor = donation_honor + ?, prestige_score = prestige_score + ?, last_active = datetime('now') WHERE user_id = ?`).run(amount, honor, honor, user.id);
-            const s = db.prepare('SELECT prestige_score FROM charity_reputation WHERE user_id = ?').get(user.id).prestige_score;
-            db.prepare('UPDATE charity_reputation SET badge_tier = ? WHERE user_id = ?').run(charityBadgeTier(s), user.id);
-        })();
+        // Codex #238 P1:扣款带 balance>=amount 守卫,changes!==1 → 余额已变 → 抛回滚,基金不入账
+        try {
+            db.transaction(() => {
+                const d = db.prepare(`UPDATE wallets SET balance = balance - ? WHERE user_id = ? AND balance >= ?`).run(amount, user.id, amount);
+                if (d.changes !== 1)
+                    throw new Error('DONATE_INSUFFICIENT_BALANCE');
+                db.prepare(`UPDATE charity_fund SET balance = balance + ?, total_donated = total_donated + ?, updated_at = datetime('now') WHERE id = 'main'`).run(amount, amount);
+                db.prepare(`INSERT INTO charity_fund_txns (id, kind, from_user_id, to_user_id, amount, note)
+                    VALUES (?, 'donation', ?, NULL, ?, ?)`).run(generateId('cft'), user.id, amount, body.note ? String(body.note).slice(0, 300) : null);
+                ensureCharityRep(db, user.id);
+                db.prepare(`UPDATE charity_reputation SET donation_total = donation_total + ?, donation_honor = donation_honor + ?, prestige_score = prestige_score + ?, last_active = datetime('now') WHERE user_id = ?`).run(amount, honor, honor, user.id);
+                const s = db.prepare('SELECT prestige_score FROM charity_reputation WHERE user_id = ?').get(user.id).prestige_score;
+                db.prepare('UPDATE charity_reputation SET badge_tier = ? WHERE user_id = ?').run(charityBadgeTier(s), user.id);
+            })();
+        }
+        catch (e) {
+            if (e.message === 'DONATE_INSUFFICIENT_BALANCE')
+                return void res.json({ error: '余额不足' });
+            throw e;
+        }
         // 📡 Webhook fire — 通知 donor 自己（可订阅自己的捐款历史）
         fireWebhooks('charity.donation', { amount, note: body.note || null, honor_earned: honor }, [user.id]).catch(e => console.error('[webhook]', e));
         res.json({ ok: true, amount, honor_earned: honor, daily_cap_remaining: Math.max(0, remain - honor) });
     });
     // GET 基金概况 + 最近流水
-    app.get('/api/charity/fund', (_req, res) => {
-        const fund = db.prepare(`SELECT * FROM charity_fund WHERE id = 'main'`).get();
-        const recent = db.prepare(`
+    app.get('/api/charity/fund', async (_req, res) => {
+        const fund = await dbOne(`SELECT * FROM charity_fund WHERE id = 'main'`, []);
+        const recent = await dbAll(`
       SELECT cft.id, cft.kind, cft.amount, cft.note, cft.created_at,
              u.handle as donor_handle, u.region as donor_region
       FROM charity_fund_txns cft
       LEFT JOIN users u ON u.id = cft.from_user_id
       ORDER BY cft.created_at DESC LIMIT 50
-    `).all();
-        const topDonors = db.prepare(`
+    `, []);
+        const topDonors = await dbAll(`
       SELECT u.handle, u.region, cr.donation_total, cr.donation_honor
       FROM charity_reputation cr JOIN users u ON u.id = cr.user_id
       WHERE cr.donation_total > 0
       ORDER BY cr.donation_total DESC LIMIT 20
-    `).all();
+    `, []);
         res.json({ fund, recent, top_donors: topDonors });
     });
     // P2.3 — 举报愿望
-    app.post('/api/wishes/:id/report', (req, res) => {
+    app.post('/api/wishes/:id/report', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -678,32 +727,31 @@ export function registerCharityRoutes(app, deps) {
         if (!['spam', 'fraud', 'inappropriate', 'other'].includes(reason))
             return void res.json({ error: 'reason 无效' });
         const note = body.note ? String(body.note).slice(0, 300) : null;
-        const exists = db.prepare('SELECT 1 FROM wishes WHERE id = ?').get(id);
+        const exists = await dbOne('SELECT 1 FROM wishes WHERE id = ?', [id]);
         if (!exists)
             return void res.json({ error: '愿望不存在' });
         try {
-            db.prepare(`INSERT INTO wish_reports (id, wish_id, reporter_id, reason, note) VALUES (?,?,?,?,?)`)
-                .run(generateId('wr'), id, user.id, reason, note);
+            await dbRun(`INSERT INTO wish_reports (id, wish_id, reporter_id, reason, note) VALUES (?,?,?,?,?)`, [generateId('wr'), id, user.id, reason, note]);
         }
         catch {
             return void res.json({ error: '你已举报过此愿望' });
         }
         // 3 个不同举报人 → 自动隐藏（status='disputed'）
-        const cnt = db.prepare("SELECT COUNT(1) as n FROM wish_reports WHERE wish_id = ? AND status = 'pending'").get(id).n;
+        const cnt = (await dbOne("SELECT COUNT(1) as n FROM wish_reports WHERE wish_id = ? AND status = 'pending'", [id])).n;
         if (cnt >= 3) {
-            db.prepare("UPDATE wishes SET status = 'disputed' WHERE id = ? AND status IN ('open','claimed')").run(id);
+            await dbRun("UPDATE wishes SET status = 'disputed' WHERE id = ? AND status IN ('open','claimed')", [id]);
         }
         res.json({ ok: true, total_reports: cnt, auto_hidden: cnt >= 3 });
     });
     // ─── admin 慈善管理 ─────────────────────────────────────────
-    app.get('/api/admin/wish-reports', (req, res) => {
+    app.get('/api/admin/wish-reports', async (req, res) => {
         const admin = requireContentAdmin(req, res);
         if (!admin)
             return;
         const status = String(req.query.status || 'pending');
         const where = status === 'all' ? '1=1' : 'wr.status = ?';
         const args = status === 'all' ? [] : [status];
-        const rows = db.prepare(`
+        const rows = await dbAll(`
       SELECT wr.id, wr.wish_id, wr.reporter_id, wr.reason, wr.note, wr.status, wr.created_at,
              w.title as wish_title, w.user_id as wish_owner_id, w.status as wish_status,
              u.handle as reporter_handle
@@ -712,47 +760,50 @@ export function registerCharityRoutes(app, deps) {
       LEFT JOIN users u ON u.id = wr.reporter_id
       WHERE ${where}
       ORDER BY wr.created_at DESC LIMIT 200
-    `).all(...args);
+    `, args);
         res.json({ items: rows });
     });
-    app.patch('/api/admin/wish-reports/:id', (req, res) => {
+    app.patch('/api/admin/wish-reports/:id', async (req, res) => {
         const admin = requireContentAdmin(req, res);
         if (!admin)
             return;
         const action = String(req.body.action || '');
         if (!['dismiss', 'actioned'].includes(action))
             return void res.json({ error: 'action 必须是 dismiss 或 actioned' });
-        const r = db.prepare(`UPDATE wish_reports SET status = ? WHERE id = ?`).run(action === 'dismiss' ? 'dismissed' : 'actioned', req.params.id);
+        const r = await dbRun(`UPDATE wish_reports SET status = ? WHERE id = ?`, [action === 'dismiss' ? 'dismissed' : 'actioned', req.params.id]);
         if (r.changes === 0)
             return void res.json({ error: '举报不存在' });
         try {
-            db.prepare(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail) VALUES (?,?,?,?,?,?)`)
-                .run(generateId('audit'), admin.id, 'wish_report_' + action, 'wish_report', req.params.id, null);
+            await dbRun(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail) VALUES (?,?,?,?,?,?)`, [generateId('audit'), admin.id, 'wish_report_' + action, 'wish_report', req.params.id, null]);
         }
         catch { }
         res.json({ ok: true, status: action === 'dismiss' ? 'dismissed' : 'actioned' });
     });
-    app.post('/api/admin/wishes/:id/takedown', (req, res) => {
+    app.post('/api/admin/wishes/:id/takedown', async (req, res) => {
         const admin = requireContentAdmin(req, res);
         if (!admin)
             return;
         const reason = String(req.body.reason || '').trim();
         if (!reason)
             return void res.json({ error: '必须填写下架原因' });
-        const w = db.prepare(`SELECT user_id, status, escrow_locked FROM wishes WHERE id = ?`).get(req.params.id);
+        const w = await dbOne(`SELECT user_id, status, escrow_locked FROM wishes WHERE id = ?`, [req.params.id]);
         if (!w)
             return void res.json({ error: '愿望不存在' });
         db.transaction(() => {
-            db.prepare(`UPDATE wishes SET status='cancelled' WHERE id = ?`).run(req.params.id);
-            if (w.escrow_locked > 0) {
+            // Codex #238 P1 + #247 复审:CAS open/claimed/disputed→cancelled。仅当本次真正完成该转换(changes===1)
+            // 才释放 escrow——若已是 escrow 已释放终态(completed/cancelled)则不重复释放,避免双退;审计始终记录。
+            // 'disputed' = 被 3 个举报人自动隐藏(line 734),escrow 仍锁定未释放,故必须纳入释放集合,否则
+            // 现金愿望先被举报隐藏再被 takedown 时 staked 会永久卡死。
+            const c = db.prepare(`UPDATE wishes SET status='cancelled' WHERE id = ? AND status IN ('open','claimed','disputed')`).run(req.params.id);
+            if (c.changes === 1 && w.escrow_locked > 0) {
                 db.prepare(`UPDATE wallets SET balance = balance + ?, staked = staked - ? WHERE user_id = ?`).run(w.escrow_locked, w.escrow_locked, w.user_id);
             }
             db.prepare(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail) VALUES (?,?,?,?,?,?)`)
-                .run(generateId('audit'), admin.id, 'wish_takedown', 'wish', req.params.id, JSON.stringify({ reason }));
+                .run(generateId('audit'), admin.id, 'wish_takedown', 'wish', req.params.id, JSON.stringify({ reason, escrow_released: c.changes === 1 && w.escrow_locked > 0 }));
         })();
         res.json({ ok: true });
     });
-    app.post('/api/admin/charity/fund/disburse', (req, res) => {
+    app.post('/api/admin/charity/fund/disburse', async (req, res) => {
         const admin = requireProtocolAdmin(req, res);
         if (!admin)
             return;
@@ -766,51 +817,62 @@ export function registerCharityRoutes(app, deps) {
             return void res.json({ error: 'to_user_id 必填' });
         if (!note)
             return void res.json({ error: '必须填写拨款用途（写入审计）' });
-        const targetUser = db.prepare(`SELECT id, name FROM users WHERE id = ?`).get(toUserId);
+        const targetUser = await dbOne(`SELECT id, name FROM users WHERE id = ?`, [toUserId]);
         if (!targetUser)
             return void res.json({ error: '收款用户不存在' });
-        const fund = db.prepare(`SELECT balance FROM charity_fund WHERE id = 'main'`).get();
+        const fund = (await dbOne(`SELECT balance FROM charity_fund WHERE id = 'main'`, []));
         if (fund.balance < amount)
             return void res.json({ error: `基金余额不足 (当前 ${fund.balance})` });
-        db.transaction(() => {
-            db.prepare(`UPDATE charity_fund SET balance = balance - ?, total_disbursed = total_disbursed + ?, updated_at = datetime('now') WHERE id = 'main'`).run(amount, amount);
-            db.prepare(`UPDATE wallets SET balance = balance + ? WHERE user_id = ?`).run(amount, toUserId);
-            db.prepare(`INSERT INTO charity_fund_txns (id, kind, from_user_id, to_user_id, amount, note) VALUES (?, 'disburse', NULL, ?, ?, ?)`)
-                .run(generateId('cft'), toUserId, amount, note);
-            db.prepare(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail) VALUES (?,?,?,?,?,?)`)
-                .run(generateId('audit'), admin.id, 'charity_disburse', 'user', toUserId, JSON.stringify({ amount, note }));
-            try {
-                db.prepare(`INSERT INTO notifications (id, user_id, type, title, body, created_at) VALUES (?,?,'charity_disburse',?,?,datetime('now'))`)
-                    .run(generateId('ntf'), toUserId, `💰 慈善基金拨款 +${amount} WAZ`, note);
-            }
-            catch { }
-        })();
+        // Codex #238 P1:基金扣款带 balance>=amount 守卫(WHERE id='main' AND balance>=?),changes!==1 →
+        // 余额在 await 预检后已变 → 抛回滚,先于给收款人入账,杜绝基金超额拨款。
+        try {
+            db.transaction(() => {
+                const f = db.prepare(`UPDATE charity_fund SET balance = balance - ?, total_disbursed = total_disbursed + ?, updated_at = datetime('now') WHERE id = 'main' AND balance >= ?`).run(amount, amount, amount);
+                if (f.changes !== 1)
+                    throw new Error('FUND_INSUFFICIENT');
+                db.prepare(`UPDATE wallets SET balance = balance + ? WHERE user_id = ?`).run(amount, toUserId);
+                db.prepare(`INSERT INTO charity_fund_txns (id, kind, from_user_id, to_user_id, amount, note) VALUES (?, 'disburse', NULL, ?, ?, ?)`)
+                    .run(generateId('cft'), toUserId, amount, note);
+                db.prepare(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail) VALUES (?,?,?,?,?,?)`)
+                    .run(generateId('audit'), admin.id, 'charity_disburse', 'user', toUserId, JSON.stringify({ amount, note }));
+                try {
+                    db.prepare(`INSERT INTO notifications (id, user_id, type, title, body, created_at) VALUES (?,?,'charity_disburse',?,?,datetime('now'))`)
+                        .run(generateId('ntf'), toUserId, `💰 慈善基金拨款 +${amount} WAZ`, note);
+                }
+                catch { }
+            })();
+        }
+        catch (e) {
+            if (e.message === 'FUND_INSUFFICIENT')
+                return void res.json({ error: `基金余额不足` });
+            throw e;
+        }
         res.json({ ok: true, amount, to_user: targetUser.name });
     });
-    app.get('/api/admin/charity/fund', (req, res) => {
+    app.get('/api/admin/charity/fund', async (req, res) => {
         const admin = requireProtocolAdmin(req, res);
         if (!admin)
             return;
-        const fund = db.prepare(`SELECT * FROM charity_fund WHERE id = 'main'`).get();
-        const recent = db.prepare(`
+        const fund = await dbOne(`SELECT * FROM charity_fund WHERE id = 'main'`, []);
+        const recent = await dbAll(`
       SELECT cft.*, uf.name as from_name, ut.name as to_name
       FROM charity_fund_txns cft
       LEFT JOIN users uf ON uf.id = cft.from_user_id
       LEFT JOIN users ut ON ut.id = cft.to_user_id
       ORDER BY cft.created_at DESC LIMIT 100
-    `).all();
+    `, []);
         res.json({ fund, recent });
     });
     // 慈善排行
-    app.get('/api/charity/leaderboard', (_req, res) => {
-        const rows = db.prepare(`
+    app.get('/api/charity/leaderboard', async (_req, res) => {
+        const rows = await dbAll(`
       SELECT cr.prestige_score, cr.wishes_fulfilled, cr.wishes_made, cr.badge_tier,
              u.handle, u.region
       FROM charity_reputation cr JOIN users u ON u.id = cr.user_id
       WHERE cr.prestige_score > 0
       ORDER BY cr.prestige_score DESC, cr.wishes_fulfilled DESC
       LIMIT 50
-    `).all();
+    `, []);
         res.json({ items: rows });
     });
 }