@seasonkoh/webaz 0.1.24 → 0.1.26

package/dist/pwa/routes/flash-sales.js

@@ -1,3 +1,4 @@
+import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 /** 拿商品（含 variant）当前生效的 flash sale；多重叠时取价最低。orders 下单也会用。 */
 export function getActiveFlashSale(db, productId, variantId) {
     const variantClause = variantId
@@ -18,12 +19,14 @@ export function getActiveFlashSale(db, productId, variantId) {
     return db.prepare(sql).get(...args);
 }
 export function registerFlashSalesRoutes(app, deps) {
+    // db 仍在 destructure 中——传给同步 getActiveFlashSale(订单金钱路径消费,随 money batch 迁);
+    // 本文件的 handler 已走 RFC-016 异步 seam(dbOne/dbAll/dbRun)
     const { db, generateId, auth, broadcastSystemEvent } = deps;
-    app.post('/api/products/:product_id/flash-sale', (req, res) => {
+    app.post('/api/products/:product_id/flash-sale', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const product = db.prepare('SELECT id, seller_id, price, has_variants FROM products WHERE id = ? AND status = \'active\'').get(req.params.product_id);
+        const product = await dbOne('SELECT id, seller_id, price, has_variants FROM products WHERE id = ? AND status = \'active\'', [req.params.product_id]);
         if (!product)
             return void res.status(404).json({ error: '商品不存在或已下架' });
         if (product.seller_id !== user.id)
@@ -50,7 +53,7 @@ export function registerFlashSalesRoutes(app, deps) {
         if (variant_id) {
             if (!product.has_variants)
                 return void res.status(400).json({ error: '该商品无规格，不可绑定 variant' });
-            const v = db.prepare('SELECT id FROM product_variants WHERE id = ? AND product_id = ? AND is_active = 1').get(variant_id, product.id);
+            const v = await dbOne('SELECT id FROM product_variants WHERE id = ? AND product_id = ? AND is_active = 1', [variant_id, product.id]);
             if (!v)
                 return void res.status(400).json({ error: 'variant 不存在' });
             variantId = String(variant_id);
@@ -60,15 +63,14 @@ export function registerFlashSalesRoutes(app, deps) {
         }
         const maxQty = Number.isFinite(Number(max_qty)) ? Math.max(0, Number(max_qty)) : 0;
         // 防重叠：同 product+variant 不能有进行中的促销
-        const conflict = db.prepare(`
+        const conflict = await dbOne(`
       SELECT id FROM flash_sales WHERE product_id = ? AND ${variantId ? 'variant_id = ?' : 'variant_id IS NULL'}
         AND is_active = 1 AND ends_at > datetime('now') LIMIT 1
-    `).get(...(variantId ? [product.id, variantId] : [product.id]));
+    `, variantId ? [product.id, variantId] : [product.id]);
         if (conflict)
             return void res.status(409).json({ error: '已有进行中的促销，请先结束', existing_id: conflict.id });
         const id = generateId('fls');
-        db.prepare(`INSERT INTO flash_sales (id, seller_id, product_id, variant_id, sale_price, original_price, max_qty, starts_at, ends_at) VALUES (?,?,?,?,?,?,?,?,?)`)
-            .run(id, user.id, product.id, variantId, salePrice, Number(product.price), maxQty, new Date(startsT).toISOString(), new Date(endsT).toISOString());
+        await dbRun(`INSERT INTO flash_sales (id, seller_id, product_id, variant_id, sale_price, original_price, max_qty, starts_at, ends_at) VALUES (?,?,?,?,?,?,?,?,?)`, [id, user.id, product.id, variantId, salePrice, Number(product.price), maxQty, new Date(startsT).toISOString(), new Date(endsT).toISOString()]);
         try {
             broadcastSystemEvent('flash_sale', '⚡', `限时促销创建 ${product.id} · ${salePrice}/${product.price} WAZ`, product.id);
         }
@@ -82,25 +84,25 @@ export function registerFlashSalesRoutes(app, deps) {
         res.json({ sale });
     });
     // seller 自己的 flash sales（全部状态）
-    app.get('/api/sellers/me/flash-sales', (req, res) => {
+    app.get('/api/sellers/me/flash-sales', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const rows = db.prepare(`
+        const rows = await dbAll(`
       SELECT f.*, p.title as product_title
       FROM flash_sales f
       JOIN products p ON p.id = f.product_id
       WHERE f.seller_id = ?
       ORDER BY f.ends_at DESC LIMIT 100
-    `).all(user.id);
+    `, [user.id]);
         res.json({ items: rows });
     });
     // 取消（仅 seller 自己，且未开始）
-    app.delete('/api/flash-sales/:id', (req, res) => {
+    app.delete('/api/flash-sales/:id', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const f = db.prepare('SELECT seller_id, starts_at FROM flash_sales WHERE id = ?').get(req.params.id);
+        const f = await dbOne('SELECT seller_id, starts_at FROM flash_sales WHERE id = ?', [req.params.id]);
         if (!f)
             return void res.status(404).json({ error: 'flash sale 不存在' });
         if (f.seller_id !== user.id)
@@ -108,12 +110,12 @@ export function registerFlashSalesRoutes(app, deps) {
         if (new Date(f.starts_at).getTime() <= Date.now()) {
             return void res.status(400).json({ error: '已开始的促销不可取消，请设置 is_active=0 提前结束' });
         }
-        db.prepare('DELETE FROM flash_sales WHERE id = ?').run(req.params.id);
+        await dbRun('DELETE FROM flash_sales WHERE id = ?', [req.params.id]);
         res.json({ success: true });
     });
     // buyer 视角：当前全平台正在进行的 flash sales（首屏 discovery）
-    app.get('/api/flash-sales/live', (req, res) => {
-        const rows = db.prepare(`
+    app.get('/api/flash-sales/live', async (req, res) => {
+        const rows = await dbAll(`
       SELECT f.id, f.product_id, f.variant_id, f.sale_price, f.original_price, f.ends_at, f.max_qty, f.sold_count,
              p.title, p.images, p.category,
              u.handle as seller_handle, u.name as seller_name
@@ -124,7 +126,7 @@ export function registerFlashSalesRoutes(app, deps) {
         AND f.starts_at <= datetime('now') AND f.ends_at > datetime('now')
         AND (f.max_qty = 0 OR f.sold_count < f.max_qty)
       ORDER BY f.ends_at ASC LIMIT 100
-    `).all();
+    `);
         res.json({ items: rows });
     });
 }

package/dist/pwa/routes/follows.js

@@ -1,31 +1,32 @@
+import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerFollowsRoutes(app, deps) {
-    const { db, auth, generateId } = deps;
-    app.get('/api/follows/:user_id/status', (req, res) => {
+    // db 已走 RFC-016 异步 seam(dbOne/dbAll/dbRun),不再直接用 deps.db
+    const { auth, generateId } = deps;
+    app.get('/api/follows/:user_id/status', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const r = db.prepare("SELECT 1 FROM follows WHERE follower_id=? AND followee_id=?").get(user.id, req.params.user_id);
-        const followers = db.prepare("SELECT COUNT(*) as n FROM follows WHERE followee_id=?").get(req.params.user_id).n;
-        const following = db.prepare("SELECT COUNT(*) as n FROM follows WHERE follower_id=?").get(req.params.user_id).n;
+        const r = await dbOne("SELECT 1 FROM follows WHERE follower_id=? AND followee_id=?", [user.id, req.params.user_id]);
+        const followers = (await dbOne("SELECT COUNT(*) as n FROM follows WHERE followee_id=?", [req.params.user_id])).n;
+        const following = (await dbOne("SELECT COUNT(*) as n FROM follows WHERE follower_id=?", [req.params.user_id])).n;
         res.json({ following: !!r, followers, following_count: following });
     });
-    app.post('/api/follows/:user_id', (req, res) => {
+    app.post('/api/follows/:user_id', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         if (user.id === req.params.user_id)
             return void res.json({ error: '不能关注自己' });
-        const target = db.prepare("SELECT id FROM users WHERE id=?").get(req.params.user_id);
+        const target = await dbOne("SELECT id FROM users WHERE id=?", [req.params.user_id]);
         if (!target)
             return void res.json({ error: '用户不存在' });
-        const result = db.prepare("INSERT OR IGNORE INTO follows (follower_id, followee_id) VALUES (?, ?)").run(user.id, req.params.user_id);
+        const result = await dbRun("INSERT OR IGNORE INTO follows (follower_id, followee_id) VALUES (?, ?)", [user.id, req.params.user_id]);
         // 2026-05-24 新关注 → 通知被关注者（仅首次关注时；重复点击不重发）
         if (result.changes > 0) {
             try {
-                const followerName = db.prepare("SELECT name, handle FROM users WHERE id = ?").get(user.id);
+                const followerName = await dbOne("SELECT name, handle FROM users WHERE id = ?", [user.id]);
                 const display = followerName?.handle ? '@' + followerName.handle : followerName?.name || 'someone';
-                db.prepare(`INSERT INTO notifications (id, user_id, type, title, body, order_id) VALUES (?,?,?,?,?,?)`)
-                    .run(generateId('ntf'), req.params.user_id, 'social', `🤝 新关注`, `${display} 关注了你`, null);
+                await dbRun(`INSERT INTO notifications (id, user_id, type, title, body, order_id) VALUES (?,?,?,?,?,?)`, [generateId('ntf'), req.params.user_id, 'social', `🤝 新关注`, `${display} 关注了你`, null]);
             }
             catch (e) {
                 console.error('[follow notif]', e);
@@ -33,51 +34,51 @@ export function registerFollowsRoutes(app, deps) {
         }
         res.json({ ok: true, following: true });
     });
-    app.delete('/api/follows/:user_id', (req, res) => {
+    app.delete('/api/follows/:user_id', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        db.prepare("DELETE FROM follows WHERE follower_id=? AND followee_id=?").run(user.id, req.params.user_id);
+        await dbRun("DELETE FROM follows WHERE follower_id=? AND followee_id=?", [user.id, req.params.user_id]);
         res.json({ ok: true, following: false });
     });
-    app.get('/api/follows/me', (req, res) => {
+    app.get('/api/follows/me', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const followers = db.prepare(`
+        const followers = await dbAll(`
       SELECT u.id, u.name, u.role, f.created_at
       FROM follows f JOIN users u ON u.id = f.follower_id
       WHERE f.followee_id = ? ORDER BY f.created_at DESC LIMIT 100
-    `).all(user.id);
-        const following = db.prepare(`
+    `, [user.id]);
+        const following = await dbAll(`
       SELECT u.id, u.name, u.role, f.created_at
       FROM follows f JOIN users u ON u.id = f.followee_id
       WHERE f.follower_id = ? ORDER BY f.created_at DESC LIMIT 100
-    `).all(user.id);
+    `, [user.id]);
         res.json({ followers, following });
     });
     // Wave D-1: 关注卖家动态 feed — new_product + restock 合并 + 去重
-    app.get('/api/follows/feed', (req, res) => {
+    app.get('/api/follows/feed', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const limit = Math.min(100, Math.max(10, Number(req.query.limit) || 50));
-        const followees = db.prepare(`SELECT followee_id FROM follows WHERE follower_id = ?`).all(user.id);
+        const followees = await dbAll(`SELECT followee_id FROM follows WHERE follower_id = ?`, [user.id]);
         if (followees.length === 0)
             return void res.json({ items: [] });
         const ids = followees.map(f => f.followee_id);
         const placeholders = ids.map(() => '?').join(',');
         // 新品（近 30 天 active）
-        const newProducts = db.prepare(`
+        const newProducts = await dbAll(`
       SELECT 'new_product' as type, p.created_at as ts, p.id as product_id, p.title, p.price, p.stock, p.category, p.images,
              u.id as seller_id, u.name as seller_name, u.handle as seller_handle
       FROM products p JOIN users u ON u.id = p.seller_id
       WHERE p.seller_id IN (${placeholders}) AND p.status = 'active'
         AND p.created_at > datetime('now', '-30 days')
       ORDER BY p.created_at DESC LIMIT 100
-    `).all(...ids);
+    `, ids);
         // 重新上架 / 补货（近 7 天 updated_at > created_at + 1 天，stock > 0）
-        const restocks = db.prepare(`
+        const restocks = await dbAll(`
       SELECT 'restock' as type, p.updated_at as ts, p.id as product_id, p.title, p.price, p.stock, p.category, p.images,
              u.id as seller_id, u.name as seller_name, u.handle as seller_handle
       FROM products p JOIN users u ON u.id = p.seller_id
@@ -86,7 +87,7 @@ export function registerFollowsRoutes(app, deps) {
         AND p.updated_at > datetime('now', '-7 days')
         AND p.updated_at > datetime(p.created_at, '+1 days')
       ORDER BY p.updated_at DESC LIMIT 30
-    `).all(...ids);
+    `, ids);
         // 合并 + 去重（同 product 同时 new + restock → 优先 new）
         const seen = new Set();
         const merged = [];

package/dist/pwa/routes/governance-auto-deactivate.js

@@ -1,8 +1,10 @@
+// RFC-016 Phase 1 — cron 候选扫描读 → async seam;逐用户卸任的 db.transaction 写仍同步(Phase 3 迁 pg)。
+import { dbAll } from '../../layer0-foundation/L0-1-database/db.js';
 /**
  * Run one auto-deactivate sweep. Returns deactivation report for caller
  * (cron caller logs to console; admin endpoint can call directly for query).
  */
-export function runAutoDeactivateSweep(deps) {
+export async function runAutoDeactivateSweep(deps) {
     const { db, generateId, getProtocolParam } = deps;
     const thresholdCount = Number(getProtocolParam('governance_auto_deactivate_threshold_count', 5));
     const thresholdPct = Number(getProtocolParam('governance_auto_deactivate_threshold_pct', 0.3));
@@ -15,7 +17,7 @@ export function runAutoDeactivateSweep(deps) {
     // (verifier_stats is the source-of-truth for confirmed_wrong; server.ts:5387 increments it
     // on overturn, admin-verifier-flow.ts:130 decrements it on appeal success — exactly the
     // "confirmed_wrong" signal playbook §6.2 requires.)
-    const candidates = db.prepare(`
+    const candidates = await dbAll(`
     SELECT u.id AS user_id, u.roles,
            vs.tasks_done, vs.tasks_wrong
     FROM users u
@@ -25,7 +27,7 @@ export function runAutoDeactivateSweep(deps) {
       AND vs.tasks_done >= ?
       AND vs.tasks_wrong >= ?
       AND (CAST(vs.tasks_wrong AS REAL) / CAST(vs.tasks_done AS REAL)) >= ?
-  `).all(minSample, thresholdCount, thresholdPct);
+  `, [minSample, thresholdCount, thresholdPct]);
     const result = { scanned: candidates.length, deactivated: [] };
     const cooldownUntil = Math.floor(Date.now() / 1000) + cooldownDays * 86400;
     for (const c of candidates) {
@@ -43,8 +45,18 @@ export function runAutoDeactivateSweep(deps) {
                 }
                 if (!roles.includes('verifier'))
                     return; // already deactivated
-                const wrongPct = c.tasks_wrong / c.tasks_done;
-                const reason = `confirmed_wrong_count=${c.tasks_wrong}/${c.tasks_done} (${(wrongPct * 100).toFixed(1)}%) ≥ threshold (count=${thresholdCount}, pct=${(thresholdPct * 100).toFixed(0)}%, min_sample=${minSample})`;
+                // Codex #231 P1:扫描与本 tx 之间 verifier_stats 可能变化(申诉成功/纠正会减 tasks_wrong)。
+                // 必须在 tx 内重读 stats 并基于重读值重算阈值,否则会用陈旧的越线结果误卸任。
+                const vs = db.prepare("SELECT tasks_done, tasks_wrong FROM verifier_stats WHERE user_id = ?").get(c.user_id);
+                if (!vs)
+                    return; // stats 行已不存在
+                const tasksDone = Number(vs.tasks_done);
+                const tasksWrong = Number(vs.tasks_wrong);
+                const overThreshold = tasksDone > 0 && tasksDone >= minSample && tasksWrong >= thresholdCount && (tasksWrong / tasksDone) >= thresholdPct;
+                if (!overThreshold)
+                    return; // 重读后已不再越线 → 不写任何东西
+                const wrongPct = tasksWrong / tasksDone;
+                const reason = `confirmed_wrong_count=${tasksWrong}/${tasksDone} (${(wrongPct * 100).toFixed(1)}%) ≥ threshold (count=${thresholdCount}, pct=${(thresholdPct * 100).toFixed(0)}%, min_sample=${minSample})`;
                 // 1. UPDATE all active rows → inactive
                 db.prepare("UPDATE governance_applications SET status = 'inactive' WHERE user_id = ? AND role = 'verifier' AND status = 'active'").run(c.user_id);
                 // 2. INSERT auto_deactivate row(audit + appeal source)
@@ -69,8 +81,8 @@ export function runAutoDeactivateSweep(deps) {
                 result.deactivated.push({
                     user_id: c.user_id,
                     role: 'verifier',
-                    tasks_done: c.tasks_done,
-                    tasks_wrong: c.tasks_wrong,
+                    tasks_done: tasksDone,
+                    tasks_wrong: tasksWrong,
                     wrong_pct: wrongPct,
                     reason,
                 });
@@ -93,9 +105,9 @@ export function runAutoDeactivateSweep(deps) {
 export function startAutoDeactivateCron(deps) {
     const hours = Number(deps.getProtocolParam('governance_auto_deactivate_cron_hours', 24));
     const ms = Math.max(1, hours) * 60 * 60 * 1000;
-    setInterval(() => {
+    setInterval(async () => {
         try {
-            const r = runAutoDeactivateSweep(deps);
+            const r = await runAutoDeactivateSweep(deps);
             if (r.deactivated.length > 0) {
                 console.log(`[gov-auto-deactivate] swept ${r.scanned} candidates, deactivated ${r.deactivated.length}:`, r.deactivated.map(d => `${d.user_id}(${d.tasks_wrong}/${d.tasks_done})`).join(', '));
             }