@seasonkoh/webaz 0.1.24 → 0.1.26

package/dist/pwa/routes/coupons.js

@@ -1,3 +1,4 @@
+import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 /** 计算 coupon 适用 + 折扣。跨域调用：orders 下单流程会用。 */
 export function applyCouponToOrder(db, couponCode, sellerId, productId, totalAmount) {
     const code = couponCode.trim().toUpperCase();
@@ -36,8 +37,9 @@ export function applyCouponToOrder(db, couponCode, sellerId, productId, totalAmo
     return { ok: true, coupon, discount };
 }
 export function registerCouponsRoutes(app, deps) {
-    const { db, generateId, auth, isTrustedRole, safeRoles, errorRes } = deps;
-    app.post('/api/coupons', (req, res) => {
+    // db 已走 RFC-016 异步 seam(dbOne/dbAll/dbRun);applyCouponToOrder 仍同步(订单/结算金钱路径,随 money batch 一起迁)
+    const { generateId, auth, isTrustedRole, safeRoles, errorRes } = deps;
+    app.post('/api/coupons', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -62,7 +64,7 @@ export function registerCouponsRoutes(app, deps) {
         if (discount_type === 'percentage' && dv > 90)
             return void res.status(400).json({ error: 'percentage 最高 90' });
         if (scope === 'product') {
-            const p = db.prepare('SELECT seller_id FROM products WHERE id = ?').get(scope_id);
+            const p = await dbOne('SELECT seller_id FROM products WHERE id = ?', [scope_id]);
             if (!p)
                 return void res.status(404).json({ error: '商品不存在' });
             if (p.seller_id !== user.id)
@@ -74,8 +76,9 @@ export function registerCouponsRoutes(app, deps) {
         }
         const id = generateId('cpn');
         try {
-            db.prepare(`INSERT INTO coupons (id, seller_id, code, scope, scope_id, discount_type, discount_value, min_order_amount, max_uses, starts_at, expires_at) VALUES (?,?,?,?,?,?,?,?,?,?,?)`)
-                .run(id, user.id, codeStr, scope, scope_id || null, discount_type, dv, Number(min_order_amount) || 0, Number(max_uses) || 0, starts_at || null, expires_at || null);
+            await dbRun(`INSERT INTO coupons (id, seller_id, code, scope, scope_id, discount_type, discount_value, min_order_amount, max_uses, starts_at, expires_at) VALUES (?,?,?,?,?,?,?,?,?,?,?)`, [id, user.id, codeStr, scope, scope_id || null, discount_type, dv,
+                Number(min_order_amount) || 0, Number(max_uses) || 0,
+                starts_at || null, expires_at || null]);
         }
         catch {
             return void res.status(409).json({ error: '此 code 已存在（每个卖家 code 唯一）' });
@@ -83,13 +86,13 @@ export function registerCouponsRoutes(app, deps) {
         res.json({ success: true, id, code: codeStr });
     });
     // buyer 视角：全平台 + 已购卖家店铺/单品券 + 历史
-    app.get('/api/coupons/available', (req, res) => {
+    app.get('/api/coupons/available', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         if (isTrustedRole(user))
             return void errorRes(res, 403, 'TRUSTED_ROLE_NO_TRADE', '受信角色无购物功能');
-        const purchasedSellers = db.prepare(`SELECT DISTINCT seller_id FROM orders WHERE buyer_id = ?`).all(user.id);
+        const purchasedSellers = await dbAll(`SELECT DISTINCT seller_id FROM orders WHERE buyer_id = ?`, [user.id]);
         const sellerIds = purchasedSellers.map(r => r.seller_id);
         const placeholders = sellerIds.length > 0 ? sellerIds.map(() => '?').join(',') : '';
         const sellerCondition = sellerIds.length > 0 ? `OR (c.seller_id IN (${placeholders}) AND c.scope IN ('shop','product'))` : '';
@@ -112,8 +115,8 @@ export function registerCouponsRoutes(app, deps) {
         c.created_at DESC
       LIMIT 100
     `;
-        const rows = db.prepare(sql).all(...sellerIds);
-        const history = db.prepare(`
+        const rows = await dbAll(sql, sellerIds);
+        const history = await dbAll(`
       SELECT o.id as order_id, o.created_at, o.coupon_discount,
              c.code, c.scope, c.discount_type, c.discount_value,
              p.title as product_title
@@ -122,23 +125,23 @@ export function registerCouponsRoutes(app, deps) {
       JOIN products p ON p.id = o.product_id
       WHERE o.buyer_id = ? AND o.coupon_id IS NOT NULL
       ORDER BY o.created_at DESC LIMIT 50
-    `).all(user.id);
+    `, [user.id]);
         res.json({ available: rows, history });
     });
-    app.get('/api/coupons/mine', (req, res) => {
+    app.get('/api/coupons/mine', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const rows = db.prepare(`
+        const rows = await dbAll(`
       SELECT * FROM coupons WHERE seller_id = ? ORDER BY created_at DESC LIMIT 100
-    `).all(user.id);
+    `, [user.id]);
         res.json({ items: rows });
     });
-    app.patch('/api/coupons/:id', (req, res) => {
+    app.patch('/api/coupons/:id', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const coupon = db.prepare('SELECT * FROM coupons WHERE id = ? AND seller_id = ?').get(req.params.id, user.id);
+        const coupon = await dbOne('SELECT * FROM coupons WHERE id = ? AND seller_id = ?', [req.params.id, user.id]);
         if (!coupon)
             return void res.status(404).json({ error: '优惠码不存在或无权限' });
         const { is_active, expires_at, max_uses } = req.body || {};
@@ -159,7 +162,7 @@ export function registerCouponsRoutes(app, deps) {
         if (sets.length === 0)
             return void res.status(400).json({ error: '无可更新字段' });
         args.push(req.params.id);
-        db.prepare(`UPDATE coupons SET ${sets.join(', ')} WHERE id = ?`).run(...args);
+        await dbRun(`UPDATE coupons SET ${sets.join(', ')} WHERE id = ?`, args);
         res.json({ success: true });
     });
 }

package/dist/pwa/routes/dashboards.js

@@ -1,13 +1,15 @@
+import { dbOne, dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerDashboardsRoutes(app, deps) {
-    const { db, auth } = deps;
-    app.get('/api/tokenomics/status', (_req, res) => {
-        const gf = db.prepare("SELECT pool_balance FROM global_fund WHERE id = 1").get();
+    // db 已走 RFC-016 异步 seam(dbOne/dbAll),不再直接用 deps.db
+    const { auth } = deps;
+    app.get('/api/tokenomics/status', async (_req, res) => {
+        const gf = await dbOne("SELECT pool_balance FROM global_fund WHERE id = 1");
         const poolBalance = Number(gf?.pool_balance ?? 0);
-        const histRow = db.prepare(`
+        const histRow = (await dbOne(`
       SELECT AVG(deposited_this_period) as avg_dep
       FROM settlement_periods
       WHERE status = 'completed' AND started_at > datetime('now', '-28 days')
-    `).get();
+    `));
         const historyAverage = Math.round(Number(histRow?.avg_dep ?? 0) * 100) / 100;
         let healthLevel = 'cold_start';
         let distributionCap = 1.0;
@@ -23,15 +25,15 @@ export function registerDashboardsRoutes(app, deps) {
             else
                 healthLevel = 'critical';
         }
-        const lastSettled = db.prepare(`
+        const lastSettled = await dbOne(`
       SELECT effective_unit_cash, payout_rate, started_at FROM settlement_periods
       WHERE status = 'completed' ORDER BY started_at DESC LIMIT 1
-    `).get();
-        const recentPaused = db.prepare(`
+    `);
+        const recentPaused = await dbOne(`
       SELECT period_id, started_at, note FROM settlement_periods
       WHERE status = 'paused_low_water' AND started_at > datetime('now', '-7 days')
       ORDER BY started_at DESC LIMIT 1
-    `).get();
+    `);
         res.json({
             pool_balance: poolBalance,
             history_average: historyAverage,
@@ -42,12 +44,12 @@ export function registerDashboardsRoutes(app, deps) {
             last_settlement: lastSettled || null,
         });
     });
-    app.get('/api/shares/dashboard', (req, res) => {
+    app.get('/api/shares/dashboard', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const userId = user.id;
-        const bought = db.prepare(`
+        const bought = await dbAll(`
       SELECT
         o.id as order_id,
         o.updated_at as completed_at,
@@ -65,8 +67,8 @@ export function registerDashboardsRoutes(app, deps) {
       WHERE o.buyer_id = ? AND o.status = 'completed'
       ORDER BY o.updated_at DESC
       LIMIT 50
-    `).all(userId, userId, userId, userId, userId, userId);
-        const highComm = db.prepare(`
+    `, [userId, userId, userId, userId, userId, userId]);
+        const highComm = await dbAll(`
       SELECT p.id, p.title, p.price, p.commission_rate, p.images, p.category,
         (SELECT COUNT(*) FROM orders o WHERE o.product_id = p.id AND o.status = 'completed') as sales_count
       FROM products p
@@ -76,8 +78,8 @@ export function registerDashboardsRoutes(app, deps) {
         AND p.id NOT IN (SELECT product_id FROM orders WHERE buyer_id = ? AND status = 'completed')
       ORDER BY p.commission_rate DESC, sales_count DESC
       LIMIT 10
-    `).all(userId, userId);
-        const myCreations = db.prepare(`
+    `, [userId, userId]);
+        const myCreations = await dbAll(`
       SELECT s.id, s.type, s.title, s.external_platform, s.external_url,
         s.related_product_id, s.related_order_id, s.related_anchor, p.title as product_title,
         s.click_count, s.like_count, s.created_at,
@@ -89,7 +91,7 @@ export function registerDashboardsRoutes(app, deps) {
       WHERE s.owner_id = ? AND s.status = 'active'
       ORDER BY s.created_at DESC
       LIMIT 30
-    `).all(userId);
+    `, [userId]);
         res.json({
             bought_products: bought,
             high_commission_products: highComm,

package/dist/pwa/routes/dispute-cases.js

@@ -1,12 +1,13 @@
+import { dbOne, dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerDisputeCasesRoutes(app, deps) {
     const { db, auth, getUser, generateId, piiSanitize, detectFraud, commentBlocklistHit, llmModerateComment } = deps;
     // 公共发言门槛 — 防新号/小号刷评论/投票
     // 至少满足其一：账户 >= 3 天 / 完成过 >= 1 单 / lifetime_score >= 5
-    function meetsPublicSpeechThreshold(user) {
+    async function meetsPublicSpeechThreshold(user) {
         const lifetime = Number(user.lifetime_score || 0);
         if (lifetime >= 5)
             return { ok: true };
-        const completed = db.prepare(`SELECT COUNT(*) as n FROM orders WHERE (buyer_id = ? OR seller_id = ?) AND status = 'completed'`).get(user.id, user.id).n;
+        const completed = (await dbOne(`SELECT COUNT(*) as n FROM orders WHERE (buyer_id = ? OR seller_id = ?) AND status = 'completed'`, [user.id, user.id])).n;
         if (completed >= 1)
             return { ok: true };
         const created = user.created_at ? new Date(String(user.created_at).replace(' ', 'T') + 'Z').getTime() : 0;
@@ -15,7 +16,7 @@ export function registerDisputeCasesRoutes(app, deps) {
         return { ok: false, reason: '账号需 ≥ 3 天 或 完成 ≥ 1 单 或 lifetime_score ≥ 5 才能公开发言（防小号刷量）' };
     }
     // 公开列表（全网）— 判例库总览
-    app.get('/api/disputes/cases', (req, res) => {
+    app.get('/api/disputes/cases', async (req, res) => {
         const limit = Math.min(50, Math.max(5, Number(req.query.limit) || 20));
         const category = req.query.category ? String(req.query.category) : null;
         const winner = req.query.winner ? String(req.query.winner) : null;
@@ -47,7 +48,7 @@ export function registerDisputeCasesRoutes(app, deps) {
             orderSql = 'comment_count DESC, fairness_yes DESC, published_at DESC';
         else if (sort === 'fair')
             orderSql = 'fairness_yes DESC, comment_count DESC, published_at DESC';
-        const rows = db.prepare(`
+        const rows = await dbAll(`
       SELECT id, product_id, category_tag, winner, resolution, amount_bucket,
         fairness_yes, fairness_no, comment_count, published_at,
         (SELECT title FROM products WHERE id = dispute_cases.product_id) as product_title,
@@ -56,30 +57,30 @@ export function registerDisputeCasesRoutes(app, deps) {
       ${whereSql}
       ORDER BY ${orderSql}
       LIMIT ?
-    `).all(...args, limit);
+    `, [...args, limit]);
         // 类目统计（侧栏过滤用）— 受 q 影响（搜索时只显匹配 q 的类目计数）
         const catCountWhere = q ? `WHERE (ruling_text LIKE ? OR buyer_argument LIKE ? OR seller_argument LIKE ? OR resolution LIKE ?
       OR EXISTS (SELECT 1 FROM products p WHERE p.id = dispute_cases.product_id AND p.title LIKE ?))` : '';
         const catCountArgs = q ? Array(5).fill('%' + q.replace(/[%_]/g, '\\$&') + '%') : [];
-        const categoryCounts = db.prepare(`SELECT category_tag, COUNT(*) as n FROM dispute_cases ${catCountWhere} GROUP BY category_tag ORDER BY n DESC`).all(...catCountArgs);
+        const categoryCounts = await dbAll(`SELECT category_tag, COUNT(*) as n FROM dispute_cases ${catCountWhere} GROUP BY category_tag ORDER BY n DESC`, catCountArgs);
         res.json({ items: rows, category_counts: categoryCounts, total: rows.length, query: q, sort });
     });
     // 公开列表（按商品）
-    app.get('/api/disputes/cases/by-product/:product_id', (req, res) => {
-        const rows = db.prepare(`
+    app.get('/api/disputes/cases/by-product/:product_id', async (req, res) => {
+        const rows = await dbAll(`
       SELECT id, category_tag, winner, resolution, amount_bucket, ruling_text,
         fairness_yes, fairness_no, comment_count, published_at
       FROM dispute_cases
       WHERE product_id = ?
       ORDER BY published_at DESC
       LIMIT 50
-    `).all(req.params.product_id);
+    `, [req.params.product_id]);
         res.json({ items: rows });
     });
     // 案件详情（含评论 + 评论者身份标签）
-    app.get('/api/disputes/cases/:case_id', (req, res) => {
+    app.get('/api/disputes/cases/:case_id', async (req, res) => {
         const me = getUser(req);
-        const c = db.prepare(`SELECT * FROM dispute_cases WHERE id = ?`).get(req.params.case_id);
+        const c = await dbOne(`SELECT * FROM dispute_cases WHERE id = ?`, [req.params.case_id]);
         if (!c)
             return void res.status(404).json({ error: '判例不存在' });
         // 不外露内部 ID（buyer_id/dispute_id/order_id 不返回给前端）
@@ -91,7 +92,7 @@ export function registerDisputeCasesRoutes(app, deps) {
             product_id: c.product_id, seller_id: c.seller_id,
         };
         // 评论 + 自动身份标签
-        const rawComments = db.prepare(`
+        const rawComments = await dbAll(`
       SELECT dc.*, u.handle, u.name, u.role, u.lifetime_score,
         (SELECT COUNT(*) FROM orders o
          WHERE o.buyer_id = dc.commenter_id AND o.product_id = ? AND o.status = 'completed') as bought_count,
@@ -105,7 +106,7 @@ export function registerDisputeCasesRoutes(app, deps) {
         (u.role IN ('verifier','arbitrator')) DESC,
         dc.created_at DESC
       LIMIT 50
-    `).all(c.product_id, c.product_id, c.id);
+    `, [c.product_id, c.product_id, c.id]);
         // 脱敏：anonymous=1 时清除 handle/name/commenter_id（保留贡献标签字段：bought/same_cat/role/lifetime）
         // 验证员/仲裁员角色在脱敏时降级为 'staff'（避免小池子反推身份）
         const anonymize = (row) => {
@@ -116,12 +117,12 @@ export function registerDisputeCasesRoutes(app, deps) {
         };
         // W5: 取所有子回复，按 parent_comment_id 分组挂在 comments 下
         const commentIds = rawComments.map(r => r.id);
-        const rawReplies = commentIds.length > 0 ? db.prepare(`
+        const rawReplies = commentIds.length > 0 ? await dbAll(`
       SELECT r.*, u.handle, u.name, u.role, u.lifetime_score
       FROM dispute_comment_replies r LEFT JOIN users u ON u.id = r.replier_id
       WHERE r.parent_comment_id IN (${commentIds.map(() => '?').join(',')})
       ORDER BY r.created_at ASC
-    `).all(...commentIds) : [];
+    `, commentIds) : [];
         const repliesByParent = new Map();
         for (const r of rawReplies) {
             const pid = String(r.parent_comment_id);
@@ -136,7 +137,7 @@ export function registerDisputeCasesRoutes(app, deps) {
         // 我的公正度投票（如已投）
         let myVote = null;
         if (me) {
-            const v = db.prepare('SELECT vote FROM dispute_fairness_votes WHERE case_id = ? AND voter_id = ?').get(c.id, me.id);
+            const v = await dbOne('SELECT vote FROM dispute_fairness_votes WHERE case_id = ? AND voter_id = ?', [c.id, me.id]);
             myVote = v?.vote || null;
         }
         // 我是否当事人（决定能否评论 / 投票）
@@ -148,10 +149,10 @@ export function registerDisputeCasesRoutes(app, deps) {
         const user = auth(req, res);
         if (!user)
             return;
-        const gate = meetsPublicSpeechThreshold(user);
+        const gate = await meetsPublicSpeechThreshold(user);
         if (!gate.ok)
             return void res.status(403).json({ error: gate.reason, error_code: 'SPEECH_THRESHOLD' });
-        const c = db.prepare(`SELECT id, buyer_id, seller_id, arbitrator_id FROM dispute_cases WHERE id = ?`).get(req.params.case_id);
+        const c = await dbOne(`SELECT id, buyer_id, seller_id, arbitrator_id FROM dispute_cases WHERE id = ?`, [req.params.case_id]);
         if (!c)
             return void res.status(404).json({ error: '判例不存在' });
         if (user.id === c.buyer_id || user.id === c.seller_id || user.id === c.arbitrator_id) {
@@ -194,16 +195,16 @@ export function registerDisputeCasesRoutes(app, deps) {
         const user = auth(req, res);
         if (!user)
             return;
-        const gate = meetsPublicSpeechThreshold(user);
+        const gate = await meetsPublicSpeechThreshold(user);
         if (!gate.ok)
             return void res.status(403).json({ error: gate.reason, error_code: 'SPEECH_THRESHOLD' });
-        const c = db.prepare(`SELECT id, buyer_id, seller_id, arbitrator_id FROM dispute_cases WHERE id = ?`).get(req.params.case_id);
+        const c = await dbOne(`SELECT id, buyer_id, seller_id, arbitrator_id FROM dispute_cases WHERE id = ?`, [req.params.case_id]);
         if (!c)
             return void res.status(404).json({ error: '判例不存在' });
         if (user.id === c.buyer_id || user.id === c.seller_id || user.id === c.arbitrator_id) {
             return void res.status(403).json({ error: '当事人禁止评论', error_code: 'PARTY_NO_COMMENT' });
         }
-        const parent = db.prepare(`SELECT id FROM dispute_comments WHERE id = ? AND case_id = ?`).get(req.params.comment_id, c.id);
+        const parent = await dbOne(`SELECT id FROM dispute_comments WHERE id = ? AND case_id = ?`, [req.params.comment_id, c.id]);
         if (!parent)
             return void res.status(404).json({ error: '父评论不存在' });
         const rawBody = String(req.body?.body || '').trim();
@@ -230,17 +231,17 @@ export function registerDisputeCasesRoutes(app, deps) {
         res.json({ success: true, id: rid, flag_reasons: repReasons });
     });
     // 公正度投票（👍 / 👎）— 一人一案一票
-    app.post('/api/disputes/cases/:case_id/fairness', (req, res) => {
+    app.post('/api/disputes/cases/:case_id/fairness', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const gate = meetsPublicSpeechThreshold(user);
+        const gate = await meetsPublicSpeechThreshold(user);
         if (!gate.ok)
             return void res.status(403).json({ error: gate.reason, error_code: 'SPEECH_THRESHOLD' });
         const vote = req.body?.vote;
         if (vote !== 'yes' && vote !== 'no')
             return void res.status(400).json({ error: 'vote 必须是 yes 或 no' });
-        const c = db.prepare(`SELECT id, buyer_id, seller_id, arbitrator_id FROM dispute_cases WHERE id = ?`).get(req.params.case_id);
+        const c = await dbOne(`SELECT id, buyer_id, seller_id, arbitrator_id FROM dispute_cases WHERE id = ?`, [req.params.case_id]);
         if (!c)
             return void res.status(404).json({ error: '判例不存在' });
         if (user.id === c.buyer_id || user.id === c.seller_id || user.id === c.arbitrator_id) {

package/dist/pwa/routes/disputes-read.js

@@ -1,29 +1,30 @@
+import { dbOne, dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerDisputesReadRoutes(app, deps) {
     const { db, auth, errorRes, getOpenDisputes, getDisputeDetails, getEvidenceRequests, listEvidenceFiles, isEligibleArbitrator } = deps;
     // 仲裁员：查看所有开放争议
-    app.get('/api/disputes', (req, res) => {
+    app.get('/api/disputes', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const elig = isEligibleArbitrator(user.id);
         if (!elig.ok)
             return void errorRes(res, 403, 'NOT_ARBITRATOR', elig.reason || '仅限仲裁员访问');
-        res.json(getOpenDisputes(db));
+        res.json(await getOpenDisputes(db));
     });
     // A2 同类判例推荐
-    app.get('/api/disputes/:id/similar-cases', (req, res) => {
+    app.get('/api/disputes/:id/similar-cases', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const dispute = db.prepare('SELECT id, order_id, reason, initiator_id, defendant_id FROM disputes WHERE id = ?').get(req.params.id);
+        const dispute = await dbOne('SELECT id, order_id, reason, initiator_id, defendant_id FROM disputes WHERE id = ?', [req.params.id]);
         if (!dispute)
             return void res.status(404).json({ error: '争议不存在' });
         const role = user.role;
         if (dispute.initiator_id !== user.id && dispute.defendant_id !== user.id && role !== 'arbitrator') {
             return void res.status(403).json({ error: '无权查看' });
         }
-        const order = db.prepare('SELECT product_id FROM orders WHERE id = ?').get(dispute.order_id);
-        const productCategory = order ? db.prepare('SELECT category FROM products WHERE id = ?').get(order.product_id)?.category : null;
+        const order = await dbOne('SELECT product_id FROM orders WHERE id = ?', [dispute.order_id]);
+        const productCategory = order ? (await dbOne('SELECT category FROM products WHERE id = ?', [order.product_id]))?.category : null;
         const reasonWords = (dispute.reason || '').split(/[\s,，。；\n]+/).filter(w => w.length >= 2).slice(0, 3);
         const results = [];
         const seen = new Set();
@@ -35,7 +36,7 @@ export function registerDisputesReadRoutes(app, deps) {
         };
         // ① 同 product 类目
         if (productCategory) {
-            const r1 = db.prepare(`
+            const r1 = await dbAll(`
         SELECT dc.id, dc.product_id, dc.category_tag, dc.winner, dc.resolution,
           dc.amount_bucket, dc.fairness_yes, dc.comment_count, dc.published_at,
           (SELECT title FROM products WHERE id = dc.product_id) as product_title,
@@ -44,7 +45,7 @@ export function registerDisputesReadRoutes(app, deps) {
         JOIN products p ON p.id = dc.product_id
         WHERE p.category = ? AND (dc.dispute_id IS NULL OR dc.dispute_id != ?)
         ORDER BY dc.published_at DESC LIMIT 3
-      `).all(productCategory, dispute.id);
+      `, [productCategory, dispute.id]);
             r1.forEach(pushIfNew);
         }
         // ② reason 关键词命中 ruling_text / 双方陈述
@@ -53,7 +54,7 @@ export function registerDisputesReadRoutes(app, deps) {
                 if (results.length >= 3)
                     break;
                 const pat = '%' + w.replace(/[%_]/g, '\\$&') + '%';
-                const r2 = db.prepare(`
+                const r2 = await dbAll(`
           SELECT dc.id, dc.product_id, dc.category_tag, dc.winner, dc.resolution,
             dc.amount_bucket, dc.fairness_yes, dc.comment_count, dc.published_at,
             (SELECT title FROM products WHERE id = dc.product_id) as product_title,
@@ -62,13 +63,13 @@ export function registerDisputesReadRoutes(app, deps) {
           WHERE (dc.dispute_id IS NULL OR dc.dispute_id != ?)
             AND (dc.ruling_text LIKE ? OR dc.buyer_argument LIKE ? OR dc.seller_argument LIKE ?)
           ORDER BY dc.published_at DESC LIMIT 3
-        `).all(dispute.id, pat, pat, pat);
+        `, [dispute.id, pat, pat, pat]);
                 r2.forEach(pushIfNew);
             }
         }
         // ③ 兜底：最近 3 条已发布判例
         if (results.length < 3) {
-            const r3 = db.prepare(`
+            const r3 = await dbAll(`
         SELECT dc.id, dc.product_id, dc.category_tag, dc.winner, dc.resolution,
           dc.amount_bucket, dc.fairness_yes, dc.comment_count, dc.published_at,
           (SELECT title FROM products WHERE id = dc.product_id) as product_title,
@@ -76,30 +77,29 @@ export function registerDisputesReadRoutes(app, deps) {
         FROM dispute_cases dc
         WHERE (dc.dispute_id IS NULL OR dc.dispute_id != ?)
         ORDER BY dc.published_at DESC LIMIT 3
-      `).all(dispute.id);
+      `, [dispute.id]);
             r3.forEach(pushIfNew);
         }
         res.json({ items: results.slice(0, 3), product_category: productCategory, reason_keywords: reasonWords });
     });
     // 详情聚合（含 W4 timeline + chain ruling）
-    app.get('/api/disputes/:id', (req, res) => {
+    app.get('/api/disputes/:id', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const dispute = getDisputeDetails(db, req.params.id);
+        const dispute = await getDisputeDetails(db, req.params.id);
         if (!dispute)
             return void res.status(404).json({ error: '争议不存在' });
         const role = user.role;
         // 允许：发起方、被告方、物流方、仲裁员
-        const orderForAuth = db.prepare('SELECT logistics_id FROM orders WHERE id = ?')
-            .get(dispute.order_id);
+        const orderForAuth = await dbOne('SELECT logistics_id FROM orders WHERE id = ?', [dispute.order_id]);
         const isLogisticsParty = orderForAuth?.logistics_id === user.id;
         if (dispute.initiator_id !== user.id && dispute.defendant_id !== user.id
             && !isLogisticsParty && role !== 'arbitrator') {
             return void res.status(403).json({ error: '无权查看此争议' });
         }
         // 原告证据 — 从状态机历史中取 disputed 转移时附带的
-        const hist = db.prepare(`SELECT evidence_ids FROM order_state_history WHERE order_id = ? AND to_status = 'disputed'`).get(dispute.order_id);
+        const hist = await dbOne(`SELECT evidence_ids FROM order_state_history WHERE order_id = ? AND to_status = 'disputed'`, [dispute.order_id]);
         // P1 fix: 单条脏 JSON 不应封死整个 dispute 详情
         const safeJsonArr = (s) => {
             try {
@@ -112,26 +112,24 @@ export function registerDisputesReadRoutes(app, deps) {
         };
         const plaintiffEvidenceIds = hist ? safeJsonArr(hist.evidence_ids) : [];
         const defEvidenceIds = safeJsonArr(dispute.defendant_evidence_ids);
-        const fetchEvidence = (ids) => ids.length
-            ? db.prepare(`SELECT * FROM evidence WHERE id IN (${ids.map(() => '?').join(',')})`).all(...ids)
+        const fetchEvidence = async (ids) => ids.length
+            ? await dbAll(`SELECT * FROM evidence WHERE id IN (${ids.map(() => '?').join(',')})`, ids)
             : [];
-        const evidenceRequests = getEvidenceRequests(db, req.params.id);
+        const evidenceRequests = await getEvidenceRequests(db, req.params.id);
         const myPendingRequests = evidenceRequests.filter((r) => r.requested_from_id === user.id && r.status === 'pending');
-        const order = db.prepare('SELECT buyer_id, seller_id, logistics_id FROM orders WHERE id = ?')
-            .get(dispute.order_id);
+        const order = await dbOne('SELECT buyer_id, seller_id, logistics_id FROM orders WHERE id = ?', [dispute.order_id]);
         const partyIds = [dispute.initiator_id, dispute.defendant_id, order?.logistics_id].filter(Boolean);
-        const parties = [...new Set(partyIds)].map(id => db.prepare('SELECT id, name, role FROM users WHERE id = ?').get(id)).filter(Boolean);
+        const parties = (await Promise.all([...new Set(partyIds)].map(id => dbOne('SELECT id, name, role FROM users WHERE id = ?', [id])))).filter(Boolean);
         const partyEvidenceIds = safeJsonArr(dispute.party_evidence_ids);
-        const orderParties = db.prepare('SELECT buyer_id, seller_id, logistics_id FROM orders WHERE id = ?')
-            .get(dispute.order_id);
+        const orderParties = await dbOne('SELECT buyer_id, seller_id, logistics_id FROM orders WHERE id = ?', [dispute.order_id]);
         const allPartyIds = [
             orderParties?.buyer_id, orderParties?.seller_id, orderParties?.logistics_id,
             dispute.initiator_id, dispute.defendant_id
         ].filter(Boolean);
         const isParty = allPartyIds.includes(user.id);
-        const plaintiffEvidence = fetchEvidence(plaintiffEvidenceIds);
-        const defendantEvidence = fetchEvidence(defEvidenceIds);
-        const partyEvidence = fetchEvidence(partyEvidenceIds);
+        const plaintiffEvidence = await fetchEvidence(plaintiffEvidenceIds);
+        const defendantEvidence = await fetchEvidence(defEvidenceIds);
+        const partyEvidence = await fetchEvidence(partyEvidenceIds);
         // W4 timeline 归一化
         const partyMap = new Map();
         partyMap.set(dispute.initiator_id, 'plaintiff');
@@ -149,15 +147,15 @@ export function registerDisputesReadRoutes(app, deps) {
             return 'unknown';
         };
         const userById = new Map();
-        const loadUser = (uid) => {
+        const loadUser = async (uid) => {
             if (!uid || userById.has(uid))
                 return;
-            const u = db.prepare('SELECT id, name, handle, role FROM users WHERE id = ?').get(uid);
+            const u = await dbOne('SELECT id, name, handle, role FROM users WHERE id = ?', [uid]);
             if (u)
                 userById.set(uid, u);
         };
-        loadUser(dispute.initiator_id);
-        loadUser(dispute.defendant_id);
+        await loadUser(dispute.initiator_id);
+        await loadUser(dispute.defendant_id);
         const events = [];
         // 1) open
         events.push({
@@ -174,8 +172,8 @@ export function registerDisputesReadRoutes(app, deps) {
             },
         });
         // 2) plaintiff evidence
-        const evToEvent = (ev, role) => {
-            loadUser(ev.uploader_id);
+        const evToEvent = async (ev, role) => {
+            await loadUser(ev.uploader_id);
             let fr = [];
             try {
                 fr = ev.flag_reasons ? JSON.parse(String(ev.flag_reasons)) : [];
@@ -204,7 +202,7 @@ export function registerDisputesReadRoutes(app, deps) {
             };
         };
         for (const ev of plaintiffEvidence)
-            events.push(evToEvent(ev, 'plaintiff'));
+            events.push(await evToEvent(ev, 'plaintiff'));
         // 3) defendant response — 用 defendant 第一条证据时间逼近 respond_at
         if (dispute.defendant_notes) {
             const firstDefTs = defendantEvidence[0]?.created_at;
@@ -218,11 +216,11 @@ export function registerDisputesReadRoutes(app, deps) {
             });
         }
         for (const ev of defendantEvidence)
-            events.push(evToEvent(ev, 'defendant'));
+            events.push(await evToEvent(ev, 'defendant'));
         // 4) party evidence (物流等)
         for (const ev of partyEvidence) {
             const r = orderRole(ev.uploader_id);
-            events.push(evToEvent(ev, r === 'unknown' ? 'party' : r));
+            events.push(await evToEvent(ev, r === 'unknown' ? 'party' : r));
         }
         // 5) evidence requests + submitted_items
         for (const r of evidenceRequests) {
@@ -231,7 +229,7 @@ export function registerDisputesReadRoutes(app, deps) {
                 evidenceTypes = JSON.parse(String(r.evidence_types || '[]'));
             }
             catch { }
-            loadUser(r.requested_from_id);
+            await loadUser(r.requested_from_id);
             events.push({
                 id: `req-${r.id}`,
                 type: 'evidence_request',
@@ -252,14 +250,14 @@ export function registerDisputesReadRoutes(app, deps) {
             const submitted = (r.submitted_items || []);
             for (const si of submitted) {
                 const role = orderRole(si.uploader_id);
-                const ev = evToEvent(si, role === 'unknown' ? 'party' : role);
+                const ev = await evToEvent(si, role === 'unknown' ? 'party' : role);
                 ev.meta = { ...(ev.meta || {}), in_response_to: r.id };
                 events.push(ev);
             }
         }
         // 6) ruling — 从 order_events 签名链取
         try {
-            const chainRows = db.prepare(`SELECT actor_id, signed_at, payload_json FROM order_events WHERE order_id = ? ORDER BY seq ASC`).all(dispute.order_id);
+            const chainRows = await dbAll(`SELECT actor_id, signed_at, payload_json FROM order_events WHERE order_id = ? ORDER BY seq ASC`, [dispute.order_id]);
             for (const row of chainRows) {
                 let payload = {};
                 try {
@@ -270,7 +268,7 @@ export function registerDisputesReadRoutes(app, deps) {
                 }
                 const extra = (payload.extra || {});
                 if (extra.action === 'arbitration_ruling' && extra.dispute_id === dispute.id) {
-                    loadUser(row.actor_id);
+                    await loadUser(row.actor_id);
                     events.push({
                         id: `rule-${row.signed_at}`,
                         type: 'ruling',
@@ -324,12 +322,12 @@ export function registerDisputesReadRoutes(app, deps) {
         });
     });
     // 当事人 + 仲裁员可查（meta only，blob 单独拉）
-    app.get('/api/disputes/:id/evidence-list', (req, res) => {
+    app.get('/api/disputes/:id/evidence-list', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         try {
-            const rows = listEvidenceFiles(db, req.params.id, user.id);
+            const rows = await listEvidenceFiles(db, req.params.id, user.id);
             res.json(rows);
         }
         catch (e) {
@@ -338,21 +336,17 @@ export function registerDisputesReadRoutes(app, deps) {
         }
     });
     // 涉案三方（仲裁员选择发证据请求的对象）
-    app.get('/api/disputes/:id/parties', (req, res) => {
+    app.get('/api/disputes/:id/parties', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const dispute = getDisputeDetails(db, req.params.id);
+        const dispute = await getDisputeDetails(db, req.params.id);
         if (!dispute)
             return void res.status(404).json({ error: '争议不存在' });
-        const order = db.prepare('SELECT buyer_id, seller_id, logistics_id FROM orders WHERE id = ?')
-            .get(dispute.order_id);
+        const order = await dbOne('SELECT buyer_id, seller_id, logistics_id FROM orders WHERE id = ?', [dispute.order_id]);
         const partyIds = [dispute.initiator_id, dispute.defendant_id, order?.logistics_id].filter(Boolean);
         const uniqueIds = [...new Set(partyIds)];
-        const parties = uniqueIds.map(id => {
-            const u = db.prepare('SELECT id, name, role FROM users WHERE id = ?').get(id);
-            return u;
-        }).filter(Boolean);
+        const parties = (await Promise.all(uniqueIds.map(id => dbOne('SELECT id, name, role FROM users WHERE id = ?', [id])))).filter(Boolean);
         res.json(parties);
     });
 }