@seasonkoh/webaz 0.1.24 → 0.1.26

package/dist/pwa/routes/verify-tasks.js

@@ -1,20 +1,24 @@
+import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerVerifyTasksRoutes(app, deps) {
+    // 只读/单写站点走 RFC-016 异步 seam;db 保留:submit 是"提交→封顶→结算"裁决资金路径,
+    // 提交 CAS + 计票 + seal-CAS 必须原子(db.transaction);settleTask(发奖/扣权,server.ts 无状态门)
+    // 在 tx 提交后只对真正封顶的那一票触发,防并发双结算双发奖。Phase 3 迁 pg 行锁。
     const { db, auth, assignVerifiers, settleTask, getVerifierStats } = deps;
     // 卖家确认：已在原平台添加验证码 → 任务进入分配池
-    app.post('/api/verify-tasks/:id/confirm', (req, res) => {
+    app.post('/api/verify-tasks/:id/confirm', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const task = db.prepare(`SELECT * FROM verify_tasks WHERE id = ? AND status IN ('code_issued','open')`).get(req.params.id);
+        const task = await dbOne(`SELECT * FROM verify_tasks WHERE id = ? AND status IN ('code_issued','open')`, [req.params.id]);
         if (!task)
             return void res.json({ error: '任务不存在或已结束' });
-        const product = db.prepare('SELECT seller_id FROM products WHERE id = ?').get(task.product_id);
+        const product = await dbOne('SELECT seller_id FROM products WHERE id = ?', [task.product_id]);
         if (!product || product.seller_id !== user.id)
             return void res.status(403).json({ error: '无权限' });
         if (task.status === 'open') {
             return void res.json({ success: true, already_open: true, message: '任务已在验证中，无需重复确认' });
         }
-        db.prepare(`UPDATE verify_tasks SET status='open' WHERE id=?`).run(req.params.id);
+        await dbRun(`UPDATE verify_tasks SET status='open' WHERE id=?`, [req.params.id]);
         try {
             assignVerifiers(req.params.id);
         }
@@ -22,26 +26,26 @@ export function registerVerifyTasksRoutes(app, deps) {
         res.json({ success: true, message: '任务已提交到验证池，等待审核员确认' });
     });
     // 卖家：查询某商品的进行中验证任务（供编辑页展示验证码）
-    app.get('/api/verify-tasks/by-product/:productId', (req, res) => {
+    app.get('/api/verify-tasks/by-product/:productId', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const product = db.prepare('SELECT seller_id FROM products WHERE id = ?').get(req.params.productId);
+        const product = await dbOne('SELECT seller_id FROM products WHERE id = ?', [req.params.productId]);
         if (!product || product.seller_id !== user.id)
             return void res.status(403).json({ error: '无权限' });
-        const tasks = db.prepare(`
+        const tasks = await dbAll(`
       SELECT id, type, url, code, status, expires_at, created_at,
         (SELECT COUNT(*) FROM verify_submissions WHERE task_id = verify_tasks.id AND submitted_at IS NOT NULL) as submissions_done
       FROM verify_tasks WHERE product_id = ? AND status IN ('code_issued','open') ORDER BY created_at DESC
-    `).all(req.params.productId);
+    `, [req.params.productId]);
         res.json(tasks);
     });
     // 卖家：查询我发起的所有认领任务（用于"查看任务进度"页）
-    app.get('/api/verify-tasks/my-claims', (req, res) => {
+    app.get('/api/verify-tasks/my-claims', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const tasks = db.prepare(`
+        const tasks = await dbAll(`
       SELECT vt.id, vt.type, vt.url, vt.code, vt.status, vt.result,
              vt.verifiers_needed, vt.expires_at, vt.created_at, vt.settled_at,
              p.title as product_title, p.id as product_id,
@@ -51,14 +55,14 @@ export function registerVerifyTasksRoutes(app, deps) {
       WHERE p.seller_id = ?
       ORDER BY vt.created_at DESC
       LIMIT 30
-    `).all(user.id);
+    `, [user.id]);
         res.json(tasks);
     });
-    app.get('/api/verify-tasks/mine', (req, res) => {
+    app.get('/api/verify-tasks/mine', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const tasks = db.prepare(`
+        const tasks = await dbAll(`
       SELECT vt.id, vt.type, vt.url, vt.verifiers_needed, vt.reward_per_verifier, vt.expires_at,
         vs.id as sub_id, vs.submitted_at, vs.verdict,
         (SELECT COUNT(*) FROM verify_submissions WHERE task_id = vt.id AND submitted_at IS NOT NULL) as submissions_done
@@ -66,40 +70,60 @@ export function registerVerifyTasksRoutes(app, deps) {
       JOIN verify_submissions vs ON vs.task_id = vt.id AND vs.verifier_id = ?
       WHERE vt.status = 'open'
       ORDER BY vt.created_at DESC
-    `).all(user.id);
+    `, [user.id]);
         const stats = getVerifierStats(user.id);
         res.json({ tasks, stats });
     });
     // 验证者：提交验证结果（填入式）
-    app.post('/api/verify-tasks/:id/submit', (req, res) => {
+    app.post('/api/verify-tasks/:id/submit', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const { submission } = req.body;
-        const sub = db.prepare(`SELECT * FROM verify_submissions WHERE task_id = ? AND verifier_id = ?`)
-            .get(req.params.id, user.id);
+        const sub = await dbOne(`SELECT * FROM verify_submissions WHERE task_id = ? AND verifier_id = ?`, [req.params.id, user.id]);
         if (!sub)
             return void res.json({ error: '未分配到此任务' });
         if (sub.submitted_at)
             return void res.json({ error: '已提交过' });
-        const task = db.prepare('SELECT * FROM verify_tasks WHERE id = ? AND status = ?').get(req.params.id, 'open');
+        const task = await dbOne('SELECT * FROM verify_tasks WHERE id = ? AND status = ?', [req.params.id, 'open']);
         if (!task)
             return void res.json({ error: '任务已结束或不存在' });
         if (new Date(task.expires_at) < new Date())
             return void res.json({ error: '任务已过期' });
-        db.prepare(`UPDATE verify_submissions SET submission=?, submitted_at=datetime('now') WHERE task_id=? AND verifier_id=?`)
-            .run((submission ?? '').trim(), req.params.id, user.id);
-        const doneCount = db.prepare(`SELECT COUNT(*) as n FROM verify_submissions WHERE task_id = ? AND submitted_at IS NOT NULL`).get(req.params.id).n;
-        if (doneCount >= task.verifiers_needed)
+        // 裁决原子段:CAS 写本验证者未提交的行(防同人并发双提交)→ 计票 → 达标则 CAS 翻 open→settling。
+        // 返回 didReach=true 仅给真正把任务翻到结算态的那一票。
+        const submissionText = (submission ?? '').trim();
+        let didReach = false;
+        try {
+            didReach = db.transaction(() => {
+                const upd = db.prepare(`UPDATE verify_submissions SET submission=?, submitted_at=datetime('now') WHERE task_id=? AND verifier_id=? AND submitted_at IS NULL`)
+                    .run(submissionText, req.params.id, user.id);
+                if (upd.changes === 0)
+                    throw new Error('ALREADY_SUBMITTED');
+                const doneCount = db.prepare(`SELECT COUNT(*) as n FROM verify_submissions WHERE task_id = ? AND submitted_at IS NOT NULL`).get(req.params.id).n;
+                if (doneCount < task.verifiers_needed)
+                    return false;
+                const seal = db.prepare(`UPDATE verify_tasks SET status='settling' WHERE id=? AND status='open'`).run(req.params.id);
+                return seal.changes === 1;
+            })();
+        }
+        catch (e) {
+            if (e.message === 'ALREADY_SUBMITTED')
+                return void res.json({ error: '已提交过' });
+            console.error('[verify-tasks submit tx]', e.message);
+            return void res.status(500).json({ error: '提交失败,请重试' });
+        }
+        // 结算在事务提交后只对触发封顶的那一票执行(settleTask 自身写 status='settled' + 发奖)。
+        if (didReach)
             settleTask(req.params.id);
         res.json({ success: true, message: '提交成功，等待其他验证者完成后自动结算' });
     });
     // 公开验证大厅 — 仅显示分配给我的未提交任务
-    app.get('/api/verify-tasks/open', (req, res) => {
+    app.get('/api/verify-tasks/open', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const tasks = db.prepare(`
+        const tasks = await dbAll(`
       SELECT vt.id, vt.type, vt.url, vt.reward_per_verifier, vt.expires_at,
         (SELECT COUNT(*) FROM verify_submissions WHERE task_id=vt.id AND submitted_at IS NOT NULL) as done,
         vt.verifiers_needed
@@ -108,7 +132,7 @@ export function registerVerifyTasksRoutes(app, deps) {
       WHERE vt.status = 'open'
       ORDER BY vt.created_at ASC
       LIMIT 10
-    `).all(user.id);
+    `, [user.id]);
         res.json(tasks);
     });
     app.get('/api/verify-stats', (req, res) => {

package/dist/pwa/routes/waitlist.js

@@ -1,12 +1,14 @@
+import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerWaitlistRoutes(app, deps) {
-    const { db, auth, isTrustedRole, errorRes } = deps;
-    app.post('/api/products/:product_id/waitlist', (req, res) => {
+    // db 已走 RFC-016 异步 seam(dbOne/dbAll/dbRun),不再直接用 deps.db
+    const { auth, isTrustedRole, errorRes } = deps;
+    app.post('/api/products/:product_id/waitlist', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         if (isTrustedRole(user))
             return void errorRes(res, 403, 'TRUSTED_ROLE_NO_TRADE', '受信角色无购物功能');
-        const p = db.prepare('SELECT id, seller_id, status, stock FROM products WHERE id = ?').get(req.params.product_id);
+        const p = await dbOne('SELECT id, seller_id, status, stock FROM products WHERE id = ?', [req.params.product_id]);
         if (!p)
             return void res.status(404).json({ error: '商品不存在' });
         if (p.seller_id === user.id)
@@ -17,22 +19,21 @@ export function registerWaitlistRoutes(app, deps) {
             return void res.status(400).json({ error: '商品有货，无需排队 — 直接下单即可' });
         const qty = Math.max(1, Math.min(99, Number(req.body?.desired_qty) || 1));
         const note = req.body?.note ? String(req.body.note).slice(0, 200) : null;
-        db.prepare(`INSERT OR REPLACE INTO product_waitlist (user_id, product_id, desired_qty, note) VALUES (?,?,?,?)`)
-            .run(user.id, req.params.product_id, qty, note);
+        await dbRun(`INSERT OR REPLACE INTO product_waitlist (user_id, product_id, desired_qty, note) VALUES (?,?,?,?)`, [user.id, req.params.product_id, qty, note]);
         res.json({ success: true });
     });
-    app.delete('/api/products/:product_id/waitlist', (req, res) => {
+    app.delete('/api/products/:product_id/waitlist', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        db.prepare('DELETE FROM product_waitlist WHERE user_id = ? AND product_id = ?').run(user.id, req.params.product_id);
+        await dbRun('DELETE FROM product_waitlist WHERE user_id = ? AND product_id = ?', [user.id, req.params.product_id]);
         res.json({ success: true });
     });
-    app.get('/api/waitlist', (req, res) => {
+    app.get('/api/waitlist', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const rows = db.prepare(`
+        const rows = await dbAll(`
       SELECT w.product_id, w.desired_qty, w.note, w.notified_at, w.created_at,
              p.title, p.price, p.stock, p.status as product_status, p.category,
              u.name as seller_name, u.handle as seller_handle
@@ -41,25 +42,25 @@ export function registerWaitlistRoutes(app, deps) {
       JOIN users u ON u.id = p.seller_id
       WHERE w.user_id = ?
       ORDER BY w.created_at DESC LIMIT 200
-    `).all(user.id);
+    `, [user.id]);
         res.json({ items: rows });
     });
-    app.get('/api/products/:product_id/waitlist/check', (req, res) => {
+    app.get('/api/products/:product_id/waitlist/check', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const exists = db.prepare('SELECT 1 FROM product_waitlist WHERE user_id = ? AND product_id = ?').get(user.id, req.params.product_id);
+        const exists = await dbOne('SELECT 1 FROM product_waitlist WHERE user_id = ? AND product_id = ?', [user.id, req.params.product_id]);
         res.json({ in_waitlist: !!exists });
     });
     // seller 查 waitlist count（决定备多少货）
-    app.get('/api/products/:product_id/waitlist/count', (req, res) => {
+    app.get('/api/products/:product_id/waitlist/count', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const p = db.prepare('SELECT seller_id FROM products WHERE id = ?').get(req.params.product_id);
+        const p = await dbOne('SELECT seller_id FROM products WHERE id = ?', [req.params.product_id]);
         if (!p || p.seller_id !== user.id)
             return void res.status(403).json({ error: '仅卖家可看' });
-        const r = db.prepare(`SELECT COUNT(*) as cnt, COALESCE(SUM(desired_qty), 0) as total_qty FROM product_waitlist WHERE product_id = ? AND notified_at IS NULL`).get(req.params.product_id);
+        const r = (await dbOne(`SELECT COUNT(*) as cnt, COALESCE(SUM(desired_qty), 0) as total_qty FROM product_waitlist WHERE product_id = ? AND notified_at IS NULL`, [req.params.product_id]));
         res.json({ pending_users: r.cnt, total_desired: r.total_qty });
     });
 }

package/dist/pwa/routes/wallet-read.js

@@ -1,18 +1,20 @@
+import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerWalletReadRoutes(app, deps) {
-    const { db, auth, isTrustedRole, generateId, verifyPassword, deriveDepositAddress, getProtocolParam, getPublicClient, getIsMainnet, getActiveChainId, getUsdcContract, getNetwork } = deps;
+    // db 已全量走 RFC-016 异步 seam(dbOne/dbAll/dbRun),不再直接用 deps.db
+    const { auth, isTrustedRole, generateId, verifyPassword, deriveDepositAddress, getProtocolParam, getPublicClient, getIsMainnet, getActiveChainId, getUsdcContract, getNetwork } = deps;
     // 钱包状态
-    app.get('/api/wallet', (req, res) => {
+    app.get('/api/wallet', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         if (isTrustedRole(user))
             return void res.status(403).json({ error: '受信角色无钱包', error_code: 'TRUSTED_ROLE_NO_WALLET' });
-        const wallet = db.prepare('SELECT * FROM wallets WHERE user_id = ?').get(user.id);
+        const wallet = await dbOne('SELECT * FROM wallets WHERE user_id = ?', [user.id]);
         if (!wallet)
             return void res.status(500).json({ error: '钱包记录缺失', error_code: 'WALLET_MISSING' });
         if (!wallet.deposit_address) {
             const addr = deriveDepositAddress(user.id);
-            db.prepare('UPDATE wallets SET deposit_address = ? WHERE user_id = ?').run(addr, user.id);
+            await dbRun('UPDATE wallets SET deposit_address = ? WHERE user_id = ?', [addr, user.id]);
             wallet.deposit_address = addr;
         }
         res.json(wallet);
@@ -22,7 +24,7 @@ export function registerWalletReadRoutes(app, deps) {
         const user = auth(req, res);
         if (!user)
             return;
-        const wallet = db.prepare('SELECT deposit_address FROM wallets WHERE user_id = ?').get(user.id);
+        const wallet = await dbOne('SELECT deposit_address FROM wallets WHERE user_id = ?', [user.id]);
         if (!wallet?.deposit_address)
             return void res.status(404).json({ error: '充值地址未生成' });
         try {
@@ -52,16 +54,16 @@ export function registerWalletReadRoutes(app, deps) {
         });
     });
     // 白名单 GET / POST / DELETE
-    app.get('/api/wallet/whitelist', (req, res) => {
+    app.get('/api/wallet/whitelist', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const rows = db.prepare(`
+        const rows = await dbAll(`
       SELECT id, address, label, added_at, activates_at
       FROM withdrawal_whitelist
       WHERE user_id = ? AND revoked_at IS NULL
       ORDER BY added_at DESC
-    `).all(user.id);
+    `, [user.id]);
         const now = Date.now();
         res.json({
             whitelist: rows.map(r => ({
@@ -70,7 +72,7 @@ export function registerWalletReadRoutes(app, deps) {
             })),
         });
     });
-    app.post('/api/wallet/whitelist', (req, res) => {
+    app.post('/api/wallet/whitelist', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -85,39 +87,38 @@ export function registerWalletReadRoutes(app, deps) {
             return void res.json({ error: '请输入有效的以太坊地址' });
         // P0-1: 统一小写存储
         const address = addressRaw.toLowerCase();
-        const existing = db.prepare(`SELECT id, revoked_at FROM withdrawal_whitelist WHERE user_id = ? AND address = ?`).get(user.id, address);
+        const existing = await dbOne(`SELECT id, revoked_at FROM withdrawal_whitelist WHERE user_id = ? AND address = ?`, [user.id, address]);
         if (existing && !existing.revoked_at)
             return void res.json({ error: '该地址已在白名单中' });
         const id = generateId('wl');
         const activatesAt = new Date(Date.now() + 24 * 3600_000).toISOString().slice(0, 19).replace('T', ' ');
         if (existing) {
-            db.prepare(`UPDATE withdrawal_whitelist
+            await dbRun(`UPDATE withdrawal_whitelist
                   SET revoked_at = NULL, added_at = datetime('now'), activates_at = ?, label = ?, id = ?
-                  WHERE user_id = ? AND address = ?`)
-                .run(activatesAt, label || null, id, user.id, address);
+                  WHERE user_id = ? AND address = ?`, [activatesAt, label || null, id, user.id, address]);
         }
         else {
-            db.prepare(`INSERT INTO withdrawal_whitelist (id, user_id, address, label, activates_at)
-                  VALUES (?,?,?,?,?)`).run(id, user.id, address, label || null, activatesAt);
+            await dbRun(`INSERT INTO withdrawal_whitelist (id, user_id, address, label, activates_at)
+                  VALUES (?,?,?,?,?)`, [id, user.id, address, label || null, activatesAt]);
         }
         res.json({ ok: true, id, activates_at: activatesAt, message: '地址已添加，24 小时冷却期后可用于提现' });
     });
-    app.delete('/api/wallet/whitelist/:id', (req, res) => {
+    app.delete('/api/wallet/whitelist/:id', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const row = db.prepare(`SELECT user_id FROM withdrawal_whitelist WHERE id = ?`).get(req.params.id);
+        const row = await dbOne(`SELECT user_id FROM withdrawal_whitelist WHERE id = ?`, [req.params.id]);
         if (!row || row.user_id !== user.id)
             return void res.status(404).json({ error: '地址不存在' });
-        db.prepare(`UPDATE withdrawal_whitelist SET revoked_at = datetime('now') WHERE id = ?`).run(req.params.id);
+        await dbRun(`UPDATE withdrawal_whitelist SET revoked_at = datetime('now') WHERE id = ?`, [req.params.id]);
         res.json({ ok: true });
     });
     // 我的提现记录
-    app.get('/api/wallet/withdrawals', (req, res) => {
+    app.get('/api/wallet/withdrawals', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const list = db.prepare(`SELECT id, to_address, amount, status, created_at, tx_hash FROM withdrawal_requests WHERE user_id = ? ORDER BY created_at DESC LIMIT 10`).all(user.id);
+        const list = await dbAll(`SELECT id, to_address, amount, status, created_at, tx_hash FROM withdrawal_requests WHERE user_id = ? ORDER BY created_at DESC LIMIT 10`, [user.id]);
         res.json(list);
     });
     // 我的充值记录（含确认进度）
@@ -140,8 +141,8 @@ export function registerWalletReadRoutes(app, deps) {
         const user = auth(req, res);
         if (!user)
             return;
-        const list = db.prepare(`SELECT tx_hash, amount, credited_waz, block_number, swept, confirmed_at, block_at_seen, created_at
-       FROM deposit_txns WHERE user_id = ? ORDER BY created_at DESC LIMIT 10`).all(user.id);
+        const list = await dbAll(`SELECT tx_hash, amount, credited_waz, block_number, swept, confirmed_at, block_at_seen, created_at
+       FROM deposit_txns WHERE user_id = ? ORDER BY created_at DESC LIMIT 10`, [user.id]);
         const requiredConf = getProtocolParam('usdc_required_confirmations', 12);
         let latestBlock = null;
         if (list.some(r => !r.confirmed_at)) {
@@ -159,32 +160,32 @@ export function registerWalletReadRoutes(app, deps) {
         });
         res.json(enriched);
     });
-    // 收入构成：分享 / 双轨对碰 / 销售
-    app.get('/api/wallet/income', (req, res) => {
+    // 收入构成：销售 / 分享归因 / PV 记录(pre-launch,若适用)
+    app.get('/api/wallet/income', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const commByLevel = db.prepare(`
+        const commByLevel = await dbAll(`
       SELECT level, COUNT(*) as cnt, COALESCE(SUM(amount),0) as total
       FROM commission_records WHERE beneficiary_id = ? GROUP BY level
-    `).all(user.id);
+    `, [user.id]);
         const commMap = { l1: { count: 0, total: 0 }, l2: { count: 0, total: 0 }, l3: { count: 0, total: 0 } };
         for (const r of commByLevel) {
             const key = `l${r.level}`;
             if (commMap[key])
                 commMap[key] = { count: r.cnt, total: Number(r.total.toFixed(2)) };
         }
-        const binary = db.prepare(`
+        const binary = (await dbOne(`
       SELECT
         COUNT(CASE WHEN settled_at IS NOT NULL THEN 1 END) as settled_cnt,
         COALESCE(SUM(CASE WHEN settled_at IS NOT NULL THEN waz_amount END), 0) as settled_waz,
         COALESCE(SUM(CASE WHEN settled_at IS NULL THEN score END), 0) as pending_score
       FROM binary_score_records WHERE user_id = ?
-    `).get(user.id);
-        const sales = db.prepare(`
+    `, [user.id]));
+        const sales = (await dbOne(`
       SELECT COUNT(*) as cnt, COALESCE(SUM(total_amount),0) as total
       FROM orders WHERE seller_id = ? AND status = 'completed'
-    `).get(user.id);
+    `, [user.id]));
         const totalIncome = commMap.l1.total + commMap.l2.total + commMap.l3.total +
             Number(binary.settled_waz) + Number(sales.total);
         res.json({
@@ -199,20 +200,57 @@ export function registerWalletReadRoutes(app, deps) {
         });
     });
     // P0 测试充值（Phase 0 专用）
-    app.post('/api/wallet/topup', (req, res) => {
+    // 测试水龙头(faucet)— 资金铸造路径,fail-safe **默认关闭**(Codex #187/#222 / task #1128)。
+    //   1) 环境门禁(见 isFaucetAllowed):**绝不靠 NODE_ENV 的默认值**关闭铸币路径 —— 本仓库不设 NODE_ENV,
+    //      生产全靠 Railway 面板注入;旧代码 `NODE_ENV || 'development'` 若漏设会把 faucet 在生产打开。
+    //      现在:显式 production → 永远关;部署平台(Railway 注入 RAILWAY_ENVIRONMENT)→ 默认关,
+    //      仅显式 WEBAZ_ENABLE_TEST_FAUCET=1 才开;本地(无平台信号 + dev/test/未设)→ 开。
+    //   2) cap 原子化:单条 `balance = MIN(5000, balance + ?)`,并发/Phase 3 pg 下都不会越过 5000。
+    //   3) Phase 3 资金路径:迁 pg 时应移到 wallet-write + SELECT...FOR UPDATE 行锁。
+    const FAUCET_ALLOWED = isFaucetAllowed({
+        nodeEnv: process.env.NODE_ENV,
+        onDeployPlatform: !!(process.env.RAILWAY_ENVIRONMENT || process.env.RAILWAY_PROJECT_ID || process.env.RAILWAY_SERVICE_ID),
+        explicitEnableFlag: process.env.WEBAZ_ENABLE_TEST_FAUCET === '1',
+    });
+    app.post('/api/wallet/topup', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
+        if (!FAUCET_ALLOWED)
+            return void res.status(403).json({ error: '充值水龙头仅在测试环境开放', error_code: 'FAUCET_DISABLED' });
         if (isTrustedRole(user))
             return void res.status(403).json({ error: '受信角色无钱包', error_code: 'TRUSTED_ROLE_NO_WALLET' });
         const amount = Math.min(1000, Math.max(1, Number(req.body?.amount) || 500));
-        const wallet = db.prepare('SELECT balance FROM wallets WHERE user_id = ?').get(user.id);
-        if (!wallet)
+        const before = await dbOne('SELECT balance FROM wallets WHERE user_id = ?', [user.id]);
+        if (!before)
             return void res.status(500).json({ error: '钱包记录缺失', error_code: 'WALLET_MISSING' });
-        if (wallet.balance >= 5000)
+        if (before.balance >= 5000)
             return void res.json({ error: '余额已达上限 5000 WAZ，无需充值' });
-        const actual = Math.min(amount, 5000 - wallet.balance);
-        db.prepare('UPDATE wallets SET balance = balance + ? WHERE user_id = ?').run(actual, user.id);
-        res.json({ success: true, added: actual, new_balance: wallet.balance + actual });
+        // 原子封顶:无论并发,balance 永不超 5000(MIN 在单条 UPDATE 内对当前值求值)。
+        await dbRun('UPDATE wallets SET balance = MIN(5000, balance + ?) WHERE user_id = ?', [amount, user.id]);
+        const after = (await dbOne('SELECT balance FROM wallets WHERE user_id = ?', [user.id])).balance;
+        res.json({ success: true, added: Math.round((after - before.balance) * 100) / 100, new_balance: after, capped: after >= 5000 });
     });
 }
+/**
+ * Faucet (WAZ mint path) gate — fail-safe DEFAULT-CLOSED (task #1128 / Codex #187/#222).
+ *
+ * The repo never sets NODE_ENV; production relies on the Railway dashboard injecting it. So a
+ * mint path must NOT lean on a `NODE_ENV || 'development'` default to stay shut — an unset
+ * NODE_ENV in prod would open it. Rules (in order):
+ *   1. explicit NODE_ENV==='production' → CLOSED (even if the enable flag is mis-set).
+ *   2. explicit enable flag (WEBAZ_ENABLE_TEST_FAUCET=1) → OPEN (staging/test boxes opt in).
+ *   3. on a deploy platform (Railway injects RAILWAY_ENVIRONMENT/PROJECT/SERVICE) without the
+ *      flag → CLOSED — this is the fail-safe for a misconfigured/unset NODE_ENV in prod.
+ *   4. off-platform (local dev) → OPEN only for unset / 'development' / 'test'; any other
+ *      explicit value → CLOSED.
+ */
+export function isFaucetAllowed(e) {
+    if (e.nodeEnv === 'production')
+        return false;
+    if (e.explicitEnableFlag)
+        return true;
+    if (e.onDeployPlatform)
+        return false;
+    return e.nodeEnv === undefined || e.nodeEnv === 'development' || e.nodeEnv === 'test';
+}

package/dist/pwa/routes/wallet-write.js

@@ -1,4 +1,5 @@
 import { verifyMessage } from 'viem';
+import { dbOne, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerWalletWriteRoutes(app, deps) {
     const { db, auth, isTrustedRole, generateId, getProtocolParam, consumeGateToken, issueCode, findActiveCode, maskEmail, LARGE_WITHDRAW_THRESHOLD } = deps;
     // Wave G-1: 签名挑战 — 5min 一次性 nonce
@@ -59,20 +60,20 @@ export function registerWalletWriteRoutes(app, deps) {
         }
         // 已通过签名校验 → 加入白名单，免 24h 冷却（activates_at = NOW）
         const addrLc = String(address).toLowerCase();
-        const existing = db.prepare('SELECT id, revoked_at FROM withdrawal_whitelist WHERE user_id = ? AND address = ?').get(user.id, addrLc);
+        const existing = await dbOne('SELECT id, revoked_at FROM withdrawal_whitelist WHERE user_id = ? AND address = ?', [user.id, addrLc]);
         if (existing) {
-            db.prepare(`UPDATE withdrawal_whitelist SET activates_at = datetime('now'), revoked_at = NULL,
-        signature_verified_at = datetime('now'), label = COALESCE(?, label) WHERE id = ?`)
-                .run(label || null, existing.id);
+            await dbRun(`UPDATE withdrawal_whitelist SET activates_at = datetime('now'), revoked_at = NULL,
+        signature_verified_at = datetime('now'), label = COALESCE(?, label) WHERE id = ?`, [label || null, existing.id]);
             return void res.json({ success: true, id: existing.id, activated: true });
         }
         const id = generateId('wl');
-        db.prepare(`INSERT INTO withdrawal_whitelist (id, user_id, address, label, activates_at, signature_verified_at)
-      VALUES (?,?,?,?,datetime('now'),datetime('now'))`)
-            .run(id, user.id, addrLc, label ? String(label).slice(0, 30) : null);
+        await dbRun(`INSERT INTO withdrawal_whitelist (id, user_id, address, label, activates_at, signature_verified_at)
+      VALUES (?,?,?,?,datetime('now'),datetime('now'))`, [id, user.id, addrLc, label ? String(label).slice(0, 30) : null]);
         res.json({ success: true, id, activated: true });
     });
     // 提现申请
+    // RFC-016: withdraw + confirm 是铁律资金转出路径,余额扣减是裸顺序写(非 db.transaction)。
+    // 保持整体同步,Phase 3 随资金路径整体迁 pg(BEGIN + SELECT...FOR UPDATE 行锁),不在此引入 await 间隙。
     app.post('/api/wallet/withdraw', (req, res) => {
         const user = auth(req, res);
         if (!user)
@@ -129,8 +130,10 @@ export function registerWalletWriteRoutes(app, deps) {
         //   资金转出 = 真人在场(spec §4 铁律,与 vote/arbitrate/agent_revoke 同档)。
         //   email-OTP 在 agent 威胁模型下不足(agent 可读监护人收件箱);故弃用旧的"非 Passkey → email 兜底"路径。
         //   未注册 Passkey 的账户:不能提现,先去「安全」绑 Passkey(pre-launch 0 真用户,推动资金操作 Passkey 化)。
-        const hpEnabled = Number(getProtocolParam('require_human_presence_for_withdraw', 1)) === 1;
-        if (hpEnabled) {
+        // Codex #100 P1:提现真人 Passkey 是【铁律】,绝不可被任何 protocol param 关闭 → 无条件执行,不读开关。
+        //   (旧代码 if (require_human_presence_for_withdraw===1) 让 protocol admin 把它设 0 即可绕过铁律。)
+        //   该 param 已锁死 value=min=max=1,仅作展示(见 server.ts DEFAULT_PARAMS + 启动迁移)。
+        {
             const hasPasskeyRow = db.prepare('SELECT COUNT(*) as n FROM webauthn_credentials WHERE user_id = ?').get(user.id);
             const hasPasskey = (hasPasskeyRow?.n || 0) > 0;
             if (!hasPasskey) {