@seasonkoh/webaz 0.1.24 → 0.1.26

package/dist/layer2-business/L2-9-contribution/task-proposal-ai-store.js

@@ -0,0 +1,99 @@
+import { createHash } from 'node:crypto';
+import { generateId } from '../../layer0-foundation/L0-1-database/schema.js';
+export function initTaskProposalAiSchema(db) {
+    // CREATE only (no ALTER) — additive, never blocks an existing fresh-DB boot.
+    db.exec(`CREATE TABLE IF NOT EXISTS task_proposal_ai_suggestions (
+    id            TEXT PRIMARY KEY,
+    proposal_id   TEXT NOT NULL,
+    reviewer_type TEXT NOT NULL DEFAULT 'ai',
+    model         TEXT,
+    provider      TEXT,
+    input_hash    TEXT,
+    input_summary TEXT,
+    output_json   TEXT NOT NULL,
+    created_at    TEXT NOT NULL DEFAULT (datetime('now'))
+  )`);
+    db.exec(`CREATE INDEX IF NOT EXISTS idx_tpai_proposal ON task_proposal_ai_suggestions(proposal_id, created_at DESC)`);
+}
+/** Read the fields the recommender needs (keeps the route free of direct SQL). */
+export function getProposalLite(db, id) {
+    return db.prepare('SELECT id, title, summary, suggested_area, source_ref, expected_outcome FROM task_proposals WHERE id = ?').get(id) ?? null;
+}
+const CATEGORY_KEYWORDS = {
+    docs: ['doc', 'readme', '文档', 'guide'], i18n: ['i18n', 'translat', '翻译', 'locale'],
+    tests: ['test', '测试', 'spec'], ui: ['ui', 'page', 'button', '界面', 'pwa', 'css'],
+    api: ['api', 'endpoint', 'route'], schema: ['schema', 'migration', 'table', '字段'],
+    infra: ['ci', 'deploy', 'infra', 'pipeline', 'docker'], governance: ['governance', 'charter', '治理', 'rfc'],
+    audit: ['audit', 'security', '审计', '安全'], code: ['fix', 'bug', 'refactor', 'implement', '实现', '修复'],
+};
+const HIGH_RISK_KEYWORDS = ['wallet', 'withdraw', 'fund', 'money', 'settle', 'escrow', 'payment', 'reward', 'schema', 'migration', 'auth', 'admin', 'key', '资金', '钱包', '提现', '结算', '权限', '密钥'];
+const norm = (s) => s.toLowerCase().replace(/[^a-z0-9一-鿿]+/g, ' ').trim();
+/**
+ * Deterministic local heuristic recommendation (stub for a future model). Read-only; never decides.
+ */
+export function recommendForProposal(db, p) {
+    const text = norm(`${p.title} ${p.summary} ${p.suggested_area ?? ''}`);
+    // category
+    let category = 'other';
+    let best = 0;
+    for (const [cat, kws] of Object.entries(CATEGORY_KEYWORDS)) {
+        const hits = kws.filter(k => text.includes(k)).length;
+        if (hits > best) {
+            best = hits;
+            category = cat;
+        }
+    }
+    // risk
+    const risk = HIGH_RISK_KEYWORDS.some(k => text.includes(k)) ? 'high' : (p.summary.length > 400 ? 'medium' : 'low');
+    // effort by summary size
+    const effort = p.summary.length > 600 ? 'large' : p.summary.length > 200 ? 'medium' : 'small';
+    // missing info flags
+    const missing_info = [];
+    if (p.summary.trim().length < 40)
+        missing_info.push('summary too short — needs concrete scope / acceptance');
+    if (!p.source_ref)
+        missing_info.push('no source_ref (file / RFC / issue reference)');
+    if (!p.expected_outcome)
+        missing_info.push('no expected_outcome (definition of done)');
+    // duplicate likelihood: normalized-title overlap vs existing proposals + build_tasks
+    const titleNorm = norm(p.title);
+    const titleWords = new Set(titleNorm.split(' ').filter(w => w.length >= 3));
+    let dupScore = 0;
+    if (titleWords.size > 0) {
+        const others = db.prepare(`SELECT title FROM task_proposals WHERE id != ? UNION ALL SELECT title FROM build_tasks`).all(p.id);
+        for (const o of others) {
+            const ow = new Set(norm(o.title).split(' ').filter(w => w.length >= 3));
+            let inter = 0;
+            for (const w of titleWords)
+                if (ow.has(w))
+                    inter++;
+            const jac = inter / (titleWords.size + ow.size - inter || 1);
+            if (jac > dupScore)
+                dupScore = jac;
+        }
+    }
+    const duplicate_likelihood = dupScore >= 0.6 ? 'high' : dupScore >= 0.3 ? 'medium' : 'low';
+    const recommendation = {
+        category, risk, effort, missing_info, duplicate_likelihood,
+        suggested: {
+            title: p.title,
+            area: p.suggested_area ?? category,
+            description: p.summary,
+            acceptance_criteria: p.expected_outcome ? [String(p.expected_outcome).slice(0, 500)] : [],
+            verification_commands: [],
+        },
+    };
+    return { recommendation, model: 'heuristic-v1', provider: 'local' };
+}
+/** Persist an AI suggestion as evidence (accountability metadata). Returns the row id. */
+export function insertAiSuggestion(db, args) {
+    const id = generateId('tpai');
+    const inputHash = createHash('sha256').update(args.inputSummary).digest('hex');
+    db.prepare(`INSERT INTO task_proposal_ai_suggestions (id, proposal_id, reviewer_type, model, provider, input_hash, input_summary, output_json)
+    VALUES (?,?,?,?,?,?,?,?)`).run(id, args.proposalId, args.reviewerType ?? 'ai', args.model ?? null, args.provider ?? null, inputHash, args.inputSummary.slice(0, 1000), args.outputJson);
+    return { id };
+}
+export function listAiSuggestions(db, proposalId) {
+    return db.prepare(`SELECT id, proposal_id, reviewer_type, model, provider, input_summary, output_json, created_at
+    FROM task_proposal_ai_suggestions WHERE proposal_id = ? ORDER BY created_at DESC LIMIT 20`).all(proposalId);
+}

package/dist/layer2-business/L2-9-contribution/task-proposal-draft.js

@@ -0,0 +1,191 @@
+import { createBuildTask, logTaskEvent } from './build-tasks-engine.js';
+import { insertBuildTaskAgentMetadata, getBuildTaskAgentMetadata, setBuildTaskAudience, RISK_LEVELS, TASK_TYPES } from './build-task-agent-metadata-store.js';
+import { reviewTaskProposal } from './task-proposal-store.js';
+/** Source-proposal ↔ draft-task link (lets a draft preserve its origin WITHOUT marking the proposal terminal). */
+export function initTaskProposalDraftLinkSchema(db) {
+    db.exec(`CREATE TABLE IF NOT EXISTS task_proposal_draft_links (
+    task_id     TEXT PRIMARY KEY,
+    proposal_id TEXT NOT NULL,
+    created_by  TEXT NOT NULL,
+    created_at  TEXT NOT NULL DEFAULT (datetime('now'))
+  )`);
+    // UNIQUE: one draft per source proposal (aligns the DB with the createDraftFromProposal business rule).
+    db.exec(`CREATE UNIQUE INDEX IF NOT EXISTS idx_tpdl_proposal ON task_proposal_draft_links(proposal_id)`);
+}
+const strList = (v) => Array.isArray(v) ? v.slice(0, 50).map(s => String(s).slice(0, 500)).filter(s => s.trim()) : [];
+const txt = (v) => (v ?? '').trim();
+/** Handoff fields an executable agent task must carry. Returns the list of missing ones (empty = complete). */
+function missingHandoff(f) {
+    const missing = [];
+    if (!txt(f.title))
+        missing.push('title');
+    if (!txt(f.description))
+        missing.push('summary/description (reason)');
+    if (f.allowed_paths.length === 0)
+        missing.push('allowed_paths (execution boundary)');
+    if (f.prohibited_actions.length === 0)
+        missing.push('forbidden_actions');
+    if (f.acceptance_criteria.length === 0)
+        missing.push('acceptance_criteria');
+    if (f.verification_commands.length === 0)
+        missing.push('verification_commands');
+    if (f.deliverables.length === 0)
+        missing.push('deliverables');
+    if (!txt(f.expected_results))
+        missing.push('expected_results');
+    if (!txt(f.definition_of_done))
+        missing.push('definition_of_done');
+    return missing;
+}
+/**
+ * Create an UNPUBLISHED draft (internal build_task) from a non-terminal proposal and record the
+ * source-proposal ↔ draft link. Does NOT mark the proposal 'converted' (acceptance happens at publish).
+ * Returns the new draft task id.
+ */
+export function createDraftFromProposal(db, a) {
+    // 1) proposal must exist + be non-terminal (only new / needs_info → draft). Pre-check before creating anything.
+    const prop = db.prepare('SELECT id, status FROM task_proposals WHERE id = ?').get(a.proposalId);
+    if (!prop)
+        return { error: 'proposal not found', error_code: 'PROPOSAL_NOT_FOUND' };
+    if (prop.status === 'rejected' || prop.status === 'converted')
+        return { error: `proposal already ${prop.status}`, error_code: 'PROPOSAL_TERMINAL' };
+    // one draft per proposal (without using a terminal proposal status as the guard)
+    const existingLink = db.prepare('SELECT task_id FROM task_proposal_draft_links WHERE proposal_id = ?').get(a.proposalId);
+    if (existingLink)
+        return { error: `a task draft already exists for this proposal (${existingLink.task_id})`, error_code: 'PROPOSAL_HAS_DRAFT' };
+    // draft risk stays low/medium (high/critical metadata rules are out of scope for this PR)
+    const riskLevel = (a.riskLevel === 'medium') ? 'medium' : 'low';
+    if (a.riskLevel && !RISK_LEVELS.includes(a.riskLevel))
+        return { error: 'invalid risk_level', error_code: 'BAD_RISK_LEVEL' };
+    if (a.riskLevel === 'high' || a.riskLevel === 'critical')
+        return { error: 'draft risk_level must be low or medium (high/critical deferred)', error_code: 'RISK_TOO_HIGH_FOR_DRAFT' };
+    const taskType = (a.taskType && TASK_TYPES.includes(a.taskType)) ? a.taskType : 'other';
+    // 2) assemble the agent-handoff fields and VALIDATE completeness BEFORE creating anything — the existing
+    //    task model requires these to be executable, so we never create an incomplete/orphan task.
+    const allowed = strList(a.allowedPaths);
+    const prohibited = strList(a.forbiddenActions);
+    const accept = strList(a.acceptanceCriteria);
+    const verify = strList(a.verificationCommands);
+    const deliver = strList(a.deliverables);
+    const description = txt(a.description);
+    const dod = txt(a.definitionOfDone).slice(0, 1000);
+    const expected = (txt(a.expectedResults) || description).slice(0, 1000);
+    const missing = missingHandoff({ title: txt(a.title), description, allowed_paths: allowed, prohibited_actions: prohibited, acceptance_criteria: accept, verification_commands: verify, deliverables: deliver, expected_results: expected, definition_of_done: dod });
+    if (missing.length > 0)
+        return { error: `draft incomplete — provide: ${missing.join(', ')}`, error_code: 'DRAFT_INCOMPLETE', missing };
+    // 3) create the formal task via the trusted path (creator = admin → accountability)
+    const created = createBuildTask(db, { creatorId: a.adminId, title: a.title, area: a.area ?? undefined, description: a.description ?? undefined, rfcRef: a.sourceRef ?? undefined });
+    if ('error' in created)
+        return created;
+    const taskId = created.id;
+    // 4) attach agent_metadata as an INTERNAL draft (hidden + unclaimable via the existing read/participation
+    //    guards). auto_claimable defaults TRUE so once published the task enters the normal agent claim flow
+    //    (maintainer may opt human-only with autoClaimable:false). While audience='internal' it is unclaimable.
+    const caps = strList(a.requiredCapabilities);
+    if (caps.length === 0)
+        caps.push('general');
+    const meta = {
+        task_type: taskType,
+        source_ref: a.sourceRef ?? null,
+        allowed_paths: allowed,
+        forbidden_paths: strList(a.forbiddenPaths),
+        prohibited_actions: prohibited,
+        risk_level: riskLevel,
+        audience: 'internal',
+        agent_autonomy: 'human_in_the_loop',
+        auto_claimable: a.autoClaimable !== false,
+        required_capabilities: caps,
+        acceptance_criteria: accept,
+        verification_commands: verify,
+        expected_results: expected,
+        deliverables: deliver,
+        definition_of_done: dod,
+        estimated_duration_min_minutes: 0,
+        estimated_duration_max_minutes: 0,
+        estimated_context_size: 'small',
+        estimated_agent_budget: 'minimal',
+        value_state: 'uncommitted',
+        contribution_type: 'task',
+        accountable_party_required: true,
+    };
+    insertBuildTaskAgentMetadata(db, taskId, meta);
+    // 5) record the source-proposal ↔ draft link (accountability) — WITHOUT marking the proposal converted;
+    //    the proposal stays non-terminal until an explicit human publish.
+    db.prepare('INSERT INTO task_proposal_draft_links (task_id, proposal_id, created_by) VALUES (?,?,?)').run(taskId, a.proposalId, a.adminId);
+    return { draft_task_id: taskId };
+}
+/** Admin list of UNPUBLISHED drafts (internal, open) + their source proposal id (via the draft-link table). */
+export function listDraftBuildTasks(db) {
+    return db.prepare(`
+    SELECT t.id, t.title, t.area, t.description, t.rfc_ref, t.status, t.created_by, t.created_at,
+           m.risk_level, m.audience, m.auto_claimable,
+           l.proposal_id AS source_proposal_id
+    FROM build_tasks t
+    JOIN build_task_agent_metadata m ON m.task_id = t.id
+    LEFT JOIN task_proposal_draft_links l ON l.task_id = t.id
+    WHERE m.audience = 'internal' AND t.status = 'open'
+    ORDER BY t.created_at DESC LIMIT 200
+  `).all();
+}
+/**
+ * Validate that a draft carries enough agent-handoff info to be executed by another participant's agent.
+ * Returns the list of missing fields (empty = complete). Gate for publish — never publish an incomplete task.
+ */
+export function validateDraftForPublish(task, meta) {
+    return missingHandoff({
+        title: txt(task.title), description: txt(task.description),
+        allowed_paths: meta.allowed_paths ?? [], prohibited_actions: meta.prohibited_actions ?? [],
+        acceptance_criteria: meta.acceptance_criteria ?? [], verification_commands: meta.verification_commands ?? [],
+        deliverables: meta.deliverables ?? [], expected_results: txt(meta.expected_results), definition_of_done: txt(meta.definition_of_done),
+    });
+}
+/**
+ * PUBLISH a draft → audience 'public' (now on the board / claimable via the existing flow). Explicit
+ * human/admin action only; validates agent-handoff completeness first (never publishes an incomplete task).
+ * This is also where the source proposal is marked 'converted' (converted_ref=task id, reviewer=actor) —
+ * acceptance happens at publish, not at draft creation. The canonical repo / PR target is the protocol-wide
+ * canonical contribution target enforced by the existing submit path — it is not stored per-task.
+ *
+ * Evidence-chain guard: the linked proposal is validated BEFORE anything is published. If it was rejected (or
+ * converted to a different task) since draft creation, publish is refused (409) and the task stays internal —
+ * so a public, claimable task can never coexist with a rejected source proposal. The audience flip + proposal
+ * conversion run in one transaction (both or neither).
+ */
+export function publishDraftBuildTask(db, taskId, adminId) {
+    const meta = getBuildTaskAgentMetadata(db, taskId);
+    if (!meta)
+        return { error: 'task has no draft metadata', error_code: 'NOT_A_DRAFT' };
+    if (meta.audience !== 'internal')
+        return { error: 'task is not an internal draft', error_code: 'NOT_DRAFT_AUDIENCE' };
+    const t = db.prepare('SELECT status, title, description FROM build_tasks WHERE id = ?').get(taskId);
+    if (!t)
+        return { error: 'task not found', error_code: 'NOT_FOUND' };
+    const missing = validateDraftForPublish(t, meta);
+    if (missing.length > 0)
+        return { error: `draft incomplete — fill before publish: ${missing.join(', ')}`, error_code: 'DRAFT_INCOMPLETE', missing };
+    // validate the linked proposal FIRST — do not publish on top of a rejected / elsewhere-converted proposal.
+    const link = db.prepare('SELECT proposal_id FROM task_proposal_draft_links WHERE task_id = ?').get(taskId);
+    let proposalToConvert = null;
+    if (link) {
+        const prop = db.prepare('SELECT status, converted_ref FROM task_proposals WHERE id = ?').get(link.proposal_id);
+        if (prop) {
+            if (prop.status === 'rejected')
+                return { error: 'source proposal was rejected — cannot publish', error_code: 'PROPOSAL_REJECTED' };
+            if (prop.status === 'converted' && prop.converted_ref !== taskId)
+                return { error: 'source proposal already converted to a different task', error_code: 'PROPOSAL_CONVERTED_ELSEWHERE' };
+            if (prop.status === 'new' || prop.status === 'needs_info')
+                proposalToConvert = link.proposal_id;
+        }
+    }
+    // all validation passed → publish atomically: flip audience + (if applicable) mark the proposal converted.
+    db.transaction(() => {
+        setBuildTaskAudience(db, taskId, 'public');
+        logTaskEvent(db, taskId, adminId, t.status, t.status, 'published from draft (audience → public)');
+        if (proposalToConvert) {
+            const rv = reviewTaskProposal(db, proposalToConvert, adminId, 'converted', `published as formal task ${taskId}`, taskId);
+            if ('error' in rv)
+                throw new Error(`proposal conversion failed: ${rv.code}`); // rollback the audience flip
+        }
+    })();
+    return { ok: true, task_id: taskId };
+}

package/dist/layer2-business/L2-9-contribution/task-proposal-store.js

@@ -0,0 +1,129 @@
+import { generateId } from '../../layer0-foundation/L0-1-database/schema.js';
+export const PROPOSAL_STATUSES = ['new', 'needs_info', 'rejected', 'converted'];
+export const REVIEW_TARGETS = ['needs_info', 'rejected', 'converted']; // 'new' is the initial state only
+const TITLE_MIN = 3, TITLE_MAX = 200, SUMMARY_MAX = 2000, AREA_MAX = 64, OUTCOME_MAX = 2000, SOURCE_MAX = 500, LOGIN_MAX = 100, NOTE_MAX = 2000, CONVERTED_REF_MAX = 500;
+const CREATE_TABLE = `
+  CREATE TABLE IF NOT EXISTS task_proposals (
+    id                    TEXT PRIMARY KEY,
+    title                 TEXT NOT NULL CHECK (length(trim(title)) >= 3 AND length(title) <= 200),
+    summary               TEXT NOT NULL CHECK (length(trim(summary)) >= 1 AND length(summary) <= 2000),
+    suggested_area        TEXT CHECK (suggested_area IS NULL OR length(suggested_area) <= 64),
+    expected_outcome      TEXT CHECK (expected_outcome IS NULL OR length(expected_outcome) <= 2000),
+    source_ref            TEXT CHECK (source_ref IS NULL OR length(source_ref) <= 500),
+    proposer_account_id   TEXT,
+    proposer_github_login TEXT CHECK (proposer_github_login IS NULL OR length(proposer_github_login) <= 100),
+    status                TEXT NOT NULL DEFAULT 'new' CHECK (status IN ('new','needs_info','rejected','converted')),
+    reviewer_id           TEXT,
+    review_note           TEXT CHECK (review_note IS NULL OR length(review_note) <= 2000),
+    converted_ref         TEXT CHECK (converted_ref IS NULL OR length(converted_ref) <= 500),
+    created_at            TEXT NOT NULL DEFAULT (datetime('now')),
+    updated_at            TEXT NOT NULL DEFAULT (datetime('now'))
+  )
+`;
+const CREATE_INDEX = `CREATE INDEX IF NOT EXISTS idx_task_proposals_status ON task_proposals(status, created_at DESC)`;
+export function initTaskProposalSchema(db) {
+    db.exec(CREATE_TABLE);
+    db.exec(CREATE_INDEX);
+}
+/** Validate a public submission — fail-closed: bad/oversized fields are rejected, never silently truncated. */
+export function validateProposalInput(body) {
+    const b = (body ?? {});
+    const bad = (code, message) => ({ ok: false, code, message });
+    const asStr = (v) => (typeof v === 'string' ? v : v == null ? null : '__invalid__');
+    const titleRaw = asStr(b.title);
+    if (titleRaw === '__invalid__')
+        return bad('INVALID_TITLE', 'title must be a string');
+    const title = (titleRaw ?? '').trim();
+    if (title.length < TITLE_MIN)
+        return bad('TITLE_TOO_SHORT', `title must be at least ${TITLE_MIN} chars`);
+    if (title.length > TITLE_MAX)
+        return bad('TITLE_TOO_LONG', `title must be at most ${TITLE_MAX} chars`);
+    const summaryRaw = asStr(b.summary ?? b.reason);
+    if (summaryRaw === '__invalid__')
+        return bad('INVALID_SUMMARY', 'summary must be a string');
+    const summary = (summaryRaw ?? '').trim();
+    if (summary.length < 1)
+        return bad('SUMMARY_REQUIRED', 'summary (reason) is required');
+    if (summary.length > SUMMARY_MAX)
+        return bad('SUMMARY_TOO_LONG', `summary must be at most ${SUMMARY_MAX} chars`);
+    const optLen = (v, max, code) => {
+        if (v == null)
+            return null;
+        if (typeof v !== 'string')
+            return { code };
+        if (v.length > max)
+            return { code };
+        return v;
+    };
+    const area = optLen(b.suggested_area, AREA_MAX, 'SUGGESTED_AREA_TOO_LONG');
+    if (area && typeof area === 'object')
+        return bad(area.code, 'suggested_area invalid/too long');
+    const outcome = optLen(b.expected_outcome, OUTCOME_MAX, 'EXPECTED_OUTCOME_TOO_LONG');
+    if (outcome && typeof outcome === 'object')
+        return bad(outcome.code, 'expected_outcome invalid/too long');
+    const source = optLen(b.source_ref, SOURCE_MAX, 'SOURCE_REF_TOO_LONG');
+    if (source && typeof source === 'object')
+        return bad(source.code, 'source_ref invalid/too long');
+    const login = optLen(b.proposer_github_login, LOGIN_MAX, 'GITHUB_LOGIN_TOO_LONG');
+    if (login && typeof login === 'object')
+        return bad(login.code, 'proposer_github_login invalid/too long');
+    return { ok: true, input: { title, summary, suggested_area: area, expected_outcome: outcome, source_ref: source, proposer_github_login: login } };
+}
+const DEDUP_WINDOW = '-1 hours'; // SQLite datetime modifier — a recent-window duplicate guard
+/* eslint-disable @typescript-eslint/no-explicit-any */
+/**
+ * Insert a new proposal (status='new'). proposer_account_id is NEVER taken from the body (anti-spoof).
+ * Dedup (anti-flood): if an identical proposal already exists in the recent window — same non-empty
+ * `source_ref`, OR same (title, summary) — NO new row is inserted; returns `{ duplicate, existing_id }`.
+ */
+export function insertTaskProposal(db, input, proposerAccountId = null) {
+    const src = input.source_ref ?? null;
+    const dup = db.prepare(`SELECT id FROM task_proposals
+    WHERE created_at > datetime('now', ?)
+      AND (((? IS NOT NULL) AND source_ref = ?) OR (title = ? AND summary = ?))
+    ORDER BY created_at DESC LIMIT 1`).get(DEDUP_WINDOW, src, src, input.title, input.summary);
+    if (dup)
+        return { duplicate: true, existing_id: dup.id };
+    const id = generateId('tp');
+    db.prepare(`INSERT INTO task_proposals (id, title, summary, suggested_area, expected_outcome, source_ref, proposer_account_id, proposer_github_login, status)
+    VALUES (@id, @title, @summary, @suggested_area, @expected_outcome, @source_ref, @proposer_account_id, @proposer_github_login, 'new')`).run({
+        id, title: input.title, summary: input.summary,
+        suggested_area: input.suggested_area ?? null, expected_outcome: input.expected_outcome ?? null,
+        source_ref: src, proposer_account_id: proposerAccountId,
+        proposer_github_login: input.proposer_github_login ?? null,
+    });
+    return { id, status: 'new' };
+}
+export function listTaskProposals(db, filter = {}) {
+    const where = [];
+    const params = [];
+    if (filter.status && PROPOSAL_STATUSES.includes(filter.status)) {
+        where.push('status = ?');
+        params.push(filter.status);
+    }
+    return db.prepare(`SELECT id, title, summary, suggested_area, expected_outcome, source_ref, proposer_account_id,
+    proposer_github_login, status, reviewer_id, review_note, converted_ref, created_at, updated_at FROM task_proposals
+    ${where.length ? 'WHERE ' + where.join(' AND ') : ''} ORDER BY created_at DESC LIMIT 200`).all(...params);
+}
+/**
+ * Review a proposal: needs_info / rejected / converted. NO build_task is created here (conversion is a
+ * later manual maintainer step — deferred). Terminal states (rejected/converted) cannot be re-reviewed.
+ * `convertedRef` (only meaningful for `converted`) records the link to the real task / PR / release /
+ * product decision — the non-code contribution evidence chain { proposer → reviewer → converted_ref }.
+ * Recording only; no reward/score is computed.
+ */
+export function reviewTaskProposal(db, id, reviewerId, status, note, convertedRef) {
+    if (!REVIEW_TARGETS.includes(status))
+        return { error: 'status must be needs_info | rejected | converted', code: 'BAD_STATUS' };
+    if (convertedRef != null && (typeof convertedRef !== 'string' || convertedRef.length > CONVERTED_REF_MAX))
+        return { error: 'converted_ref invalid/too long', code: 'CONVERTED_REF_TOO_LONG' };
+    const cur = db.prepare('SELECT status FROM task_proposals WHERE id = ?').get(id);
+    if (!cur)
+        return { error: 'proposal not found', code: 'NOT_FOUND' };
+    if (cur.status === 'rejected' || cur.status === 'converted')
+        return { error: `proposal already ${cur.status}`, code: 'ALREADY_TERMINAL' };
+    const ref = status === 'converted' && typeof convertedRef === 'string' && convertedRef.trim() ? convertedRef.trim() : null;
+    db.prepare(`UPDATE task_proposals SET status = ?, reviewer_id = ?, review_note = ?, converted_ref = ?, updated_at = datetime('now') WHERE id = ?`)
+        .run(status, reviewerId, note ? String(note).slice(0, NOTE_MAX) : null, ref, id);
+    return { id, status, converted_ref: ref };
+}

package/dist/layer2-business/L2-notes/note-photo-storage.js

@@ -4,6 +4,7 @@ import * as fs from 'fs';
 import * as path from 'path';
 import * as os from 'os';
 import { createHash } from 'crypto';
+import { dbOne } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 seam(纯读)
 const NOTE_PHOTO_DIR = path.join(os.homedir(), '.webaz', 'note-photos');
 if (!fs.existsSync(NOTE_PHOTO_DIR))
     fs.mkdirSync(NOTE_PHOTO_DIR, { recursive: true });
@@ -71,7 +72,8 @@ function sniffImageMime(b) {
 //   - 再 POST /api/shareables 把 hash 写进 note_photo_index
 //   - 中间窗口（典型 几十秒）误删会让上传白费
 // 由 cron 每天调一次（与 evidence cleanup 同节奏）
-export function cleanupOrphanNotePhotos(db, graceMs = 60 * 60 * 1000) {
+// RFC-016 Phase 1:cron 清理 —— db 部分是纯读(查引用),迁异步 seam;文件删除为 fs 操作(非 db)。调用点 server.ts:9262 cron,inTx=false。
+export async function cleanupOrphanNotePhotos(_db, graceMs = 60 * 60 * 1000) {
     if (!fs.existsSync(NOTE_PHOTO_DIR))
         return { swept: 0, bytes: 0 };
     let swept = 0;
@@ -118,7 +120,7 @@ export function cleanupOrphanNotePhotos(db, graceMs = 60 * 60 * 1000) {
             const age = Math.max(0, now - fstat.mtimeMs);
             if (age < graceMs)
                 continue; // grace 窗口内保留
-            const row = db.prepare(`SELECT 1 FROM note_photo_index WHERE hash = ?`).get(fname);
+            const row = await dbOne(`SELECT 1 FROM note_photo_index WHERE hash = ?`, [fname]);
             if (!row) {
                 try {
                     bytes += fstat.size;

package/dist/layer3-trust/L3-1-dispute-engine/dispute-engine.js

@@ -13,6 +13,7 @@
  *   arbitrate 是 Iron-Rule 真人动作(需 Passkey) · 协议级改动审批见 CHARTER §3.2
  */
 import { generateId } from '../../layer0-foundation/L0-1-database/schema.js';
+import { dbOne, dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 seam(纯读)
 import { transition } from '../../layer0-foundation/L0-2-state-machine/engine.js';
 // RFC-014 PR5 — 争议资金处置走整数 base-units + 绝对值落库 + allocate 精确拆分。
 import { toUnits, toDecimal, mulRate, allocate } from '../../money.js';
@@ -646,21 +647,22 @@ export function submitEvidenceForRequest(db, requestId, submitterId, evidenceTyp
 /**
  * 查询争议的所有证据请求（含已提交内容）
  */
-export function getEvidenceRequests(db, disputeId) {
-    const rows = db.prepare(`
+// RFC-016 Phase 1:纯读 → 异步 seam(db 参数保留签名兼容,内部走 dbAll/dbOne;调用点全部已确认不在 db.transaction 内)。
+export async function getEvidenceRequests(_db, disputeId) {
+    const rows = await dbAll(`
     SELECT r.*, u.name as requested_from_name, u.role as requested_from_role
     FROM dispute_evidence_requests r
     LEFT JOIN users u ON r.requested_from_id = u.id
     WHERE r.dispute_id = ?
     ORDER BY r.created_at ASC
-  `).all(disputeId);
-    return rows.map(r => {
+  `, [disputeId]);
+    return await Promise.all(rows.map(async (r) => {
         const ids = JSON.parse(r.submitted_evidence_ids || '[]');
         const items = ids.length
-            ? db.prepare(`SELECT * FROM evidence WHERE id IN (${ids.map(() => '?').join(',')})`).all(...ids)
+            ? await dbAll(`SELECT * FROM evidence WHERE id IN (${ids.map(() => '?').join(',')})`, ids)
             : [];
         return { ...r, submitted_items: items };
-    });
+    }));
 }
 /** 生成锚定哈希（Phase 0 模拟；Phase 2 用 IPFS/链上替换） */
 function generateAnchorHash(content) {
@@ -673,8 +675,8 @@ function generateAnchorHash(content) {
     return `0x${h.toString(16).padStart(8, '0')}${ts}`;
 }
 // ─── 查询函数 ─────────────────────────────────────────────────
-export function getDisputeDetails(db, disputeId) {
-    return db.prepare(`
+export async function getDisputeDetails(_db, disputeId) {
+    return (await dbOne(`
     SELECT d.*,
       u1.name as initiator_name, u1.role as initiator_role,
       u2.name as defendant_name, u2.role as defendant_role
@@ -682,10 +684,10 @@ export function getDisputeDetails(db, disputeId) {
     LEFT JOIN users u1 ON d.initiator_id = u1.id
     LEFT JOIN users u2 ON d.defendant_id = u2.id
     WHERE d.id = ?
-  `).get(disputeId);
+  `, [disputeId])) ?? null;
 }
-export function getOrderDispute(db, orderId) {
-    return db.prepare(`
+export async function getOrderDispute(_db, orderId) {
+    return (await dbOne(`
     SELECT d.*,
       u1.name as initiator_name, u1.role as initiator_role,
       u2.name as defendant_name, u2.role as defendant_role
@@ -694,10 +696,10 @@ export function getOrderDispute(db, orderId) {
     LEFT JOIN users u2 ON d.defendant_id = u2.id
     WHERE d.order_id = ? AND d.status NOT IN ('resolved', 'dismissed')
     ORDER BY d.created_at DESC LIMIT 1
-  `).get(orderId);
+  `, [orderId])) ?? null;
 }
-export function getOpenDisputes(db) {
-    return db.prepare(`
+export async function getOpenDisputes(_db) {
+    return await dbAll(`
     SELECT d.*,
       u1.name as initiator_name, u1.role as initiator_role,
       u2.name as defendant_name, u2.role as defendant_role,
@@ -708,7 +710,7 @@ export function getOpenDisputes(db) {
     LEFT JOIN orders o ON d.order_id = o.id
     WHERE d.status IN ('open', 'in_review')
     ORDER BY d.created_at ASC
-  `).all();
+  `);
 }
 // ─── 工具函数 ─────────────────────────────────────────────────
 function addHours(date, hours) {

package/dist/layer3-trust/L3-1-dispute-engine/evidence-storage.js

@@ -5,6 +5,7 @@ import * as path from 'path';
 import * as os from 'os';
 import { createHash, createHmac } from 'crypto';
 import { generateId } from '../../layer0-foundation/L0-1-database/schema.js';
+import { dbOne, dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 seam(纯读)
 const EVIDENCE_DIR = path.join(os.homedir(), '.webaz', 'evidence');
 if (!fs.existsSync(EVIDENCE_DIR))
     fs.mkdirSync(EVIDENCE_DIR, { recursive: true });
@@ -135,8 +136,10 @@ export function uploadEvidence(db, args) {
     }
     return { id: eid, hash: actualHash, sig, dedup: blobExists, size: args.blob.length };
 }
-export function readEvidenceBlob(db, evidenceId, requesterId) {
-    const ev = db.prepare('SELECT id, dispute_id, file_hash, mime, filename, withdrawn_at FROM evidence WHERE id = ?').get(evidenceId);
+// RFC-016 Phase 1:纯读 → 异步 seam(db 参数保留签名兼容;调用点均 inTx=false)。
+//   注:isPartyOrArbitrator(被同步写 uploadEvidence 复用)保持同步,留 Phase 3;async 读内同步调用它 OK(其 db.prepare 仍同步)。
+export async function readEvidenceBlob(db, evidenceId, requesterId) {
+    const ev = await dbOne('SELECT id, dispute_id, file_hash, mime, filename, withdrawn_at FROM evidence WHERE id = ?', [evidenceId]);
     if (!ev)
         throw new Error('evidence_not_found');
     if (ev.withdrawn_at)
@@ -178,16 +181,16 @@ export function withdrawEvidence(db, evidenceId, uploaderId) {
         db.prepare('UPDATE disputes SET party_evidence_ids = ? WHERE id = ?').run(JSON.stringify(filtered), ev.dispute_id);
     }
 }
-export function listEvidence(db, disputeId, requesterId) {
+export async function listEvidence(db, disputeId, requesterId) {
     if (!isPartyOrArbitrator(db, disputeId, requesterId)) {
         throw new Error('not_dispute_party');
     }
-    return db.prepare(`
+    return await dbAll(`
     SELECT id, uploader_id, type, description, file_hash, size, mime, sig, filename, created_at, withdrawn_at
     FROM evidence
     WHERE dispute_id = ?
     ORDER BY created_at ASC
-  `).all(disputeId);
+  `, [disputeId]);
 }
 export function markEvidenceExpiry(db, disputeId) {
     const exp = new Date(Date.now() + EVIDENCE_TTL_DAYS_AFTER_RESOLVED * 24 * 3600 * 1000).toISOString();
@@ -223,13 +226,13 @@ export function cleanupExpiredEvidence(db) {
     }
     return { swept, bytes };
 }
-export function verifyEvidenceSig(db, evidenceId) {
-    const ev = db.prepare(`
+export async function verifyEvidenceSig(_db, evidenceId) {
+    const ev = await dbOne(`
     SELECT e.id, e.uploader_id, e.dispute_id, e.file_hash, e.size, e.mime, e.description, e.sig,
            u.api_key
     FROM evidence e JOIN users u ON u.id = e.uploader_id
     WHERE e.id = ?
-  `).get(evidenceId);
+  `, [evidenceId]);
     if (!ev)
         return { ok: false, reason: 'evidence_not_found' };
     if (!ev.sig)

package/dist/layer4-economics/L4-3-reputation/reputation-engine.js

@@ -15,6 +15,7 @@
  *   -25  争议败诉                        -40  超时违约
  */
 import { generateId } from '../../layer0-foundation/L0-1-database/schema.js';
+import { dbOne } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 seam(纯读)
 // ─── Schema ───────────────────────────────────────────────────
 export function initReputationSchema(db) {
     db.exec(`
@@ -286,15 +287,15 @@ export function getReputation(db, userId) {
 export function getReputationByUserId(db, userId) {
     return getReputation(db, userId);
 }
+// RFC-016 Phase 1:纯读 → 异步 seam(db 参数保留签名兼容,内部走 dbOne,同实例 setSeamDb)。
+// 调用点全部已确认不在 db.transaction 内(mcp 1967/2210 · products-create.ts:122 · url-claim.ts:120)。
 /** 获取用户的搜索加成（用于商品排序） */
-export function getSearchBoost(db, userId) {
-    const score = db.prepare('SELECT total_points FROM reputation_scores WHERE user_id = ?').get(userId);
-    const points = score?.total_points ?? 0;
-    return getLevel(points).searchBoost;
+export async function getSearchBoost(_db, userId) {
+    const score = await dbOne('SELECT total_points FROM reputation_scores WHERE user_id = ?', [userId]);
+    return getLevel(score?.total_points ?? 0).searchBoost;
 }
 /** 获取用户的质押折扣（用于上架商品时的质押计算） */
-export function getStakeDiscount(db, userId) {
-    const score = db.prepare('SELECT total_points FROM reputation_scores WHERE user_id = ?').get(userId);
-    const points = score?.total_points ?? 0;
-    return getLevel(points).stakeDiscount;
+export async function getStakeDiscount(_db, userId) {
+    const score = await dbOne('SELECT total_points FROM reputation_scores WHERE user_id = ?', [userId]);
+    return getLevel(score?.total_points ?? 0).stakeDiscount;
 }