@seasonkoh/webaz 0.1.25 → 0.1.26

package/dist/pwa/public/whitepaper/en/index.html

@@ -0,0 +1,153 @@
+<!-- GENERATED from docs/WHITEPAPER.md by scripts/build-whitepaper-html.ts — DO NOT EDIT BY HAND. Run: npm run build:whitepaper -->
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>WebAZ Founding Whitepaper v0.1</title>
+  <style>
+    :root { color-scheme: light }
+    * { box-sizing: border-box }
+    body { margin: 0; background: #fff; color: #18181B;
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Noto Sans SC', Helvetica, Arial, sans-serif;
+      -webkit-font-smoothing: antialiased; line-height: 1.7 }
+    .wp { max-width: 720px; margin: 0 auto; padding: 24px 20px 80px }
+    .wp-nav { display: flex; justify-content: space-between; align-items: center; gap: 12px;
+      font-size: 14px; padding: 8px 0 24px; border-bottom: 1px solid #E4E4E7; margin-bottom: 32px }
+    .wp-nav a { color: #3F3F46; text-decoration: none }
+    .wp-nav a:hover { color: #18181B; text-decoration: underline }
+    .wp-lang .cur { color: #A1A1AA }
+    h1 { font-size: clamp(28px, 6vw, 40px); font-weight: 700; line-height: 1.2; letter-spacing: -0.01em; margin: 8px 0 28px }
+    h2 { font-size: clamp(19px, 3.6vw, 24px); font-weight: 600; line-height: 1.3; margin: 44px 0 12px; color: #27272A }
+    p { font-size: 16px; color: #3F3F46; margin: 0 0 16px }
+    .wp-foot { margin-top: 56px; padding-top: 20px; border-top: 1px solid #E4E4E7;
+      font-size: 12px; color: #A1A1AA; line-height: 1.6 }
+    @media (max-width: 640px) { .wp { padding: 20px 18px 64px } }
+  </style>
+</head>
+<body>
+  <main class="wp">
+    <nav class="wp-nav">
+      <a href="/#welcome">← Home</a>
+      <span class="wp-lang"><span class="cur">EN</span> / <a href="/whitepaper/zh-CN">中文</a></span>
+    </nav>
+      <h1>WebAZ Founding Whitepaper v0.1</h1>
+      <h2>Status</h2>
+      <p>WebAZ is pre-launch and under active development. This paper is a founding statement and protocol direction, not an investment document, not a token paper, and not a promise of income, reward, ownership, or redemption.</p>
+      <h2>Abstract</h2>
+      <p>WebAZ is an agent-native commerce and contribution protocol.</p>
+      <p>It begins from a simple belief: in the age of AI, the most valuable thing is participation.</p>
+      <p>Every person's existence and participation are real value. A person should not need to repeatedly prove their reality to every platform, employer, algorithm, or electronic fence before being allowed to contribute. To exist, to think, to act, to build, to help, to improve something, and to leave evidence of one's participation are already forms of value.</p>
+      <p>I think, therefore I am.</p>
+      <p>In WebAZ, we extend that idea into the AI age:</p>
+      <p>I participate, therefore I am seen.</p>
+      <p>WebAZ is an attempt to build a new commercial civilization: one where humans and agents work together, where contribution leaves evidence, where rules are transparent, where AI assists but humans remain accountable, and where participation is not reserved for those already inside the largest companies or platforms.</p>
+      <h2>1. The Value of Participation</h2>
+      <p>For a long time, companies and platforms built moats by enclosing users, data, traffic, sellers, workers, and creators inside walls.</p>
+      <p>Those walls made participation conditional. They decided who could enter, who could be discovered, who could sell, who could be trusted, and whose work would be remembered.</p>
+      <p>AI changes this.</p>
+      <p>When individuals can work with agents, execution is no longer reserved for large organizations. A person with an agent can build, sell, audit, translate, review, test, coordinate, and contribute. The moat of the AI age is not a wall around users. The moat is the living participation of people who choose to build together.</p>
+      <p>WebAZ is built on that belief.</p>
+      <p>We do not need to fear having no moat against powerful companies. Our participation is the moat. Our evidence is the moat. Our shared protocol is the moat. A civilization built by participants is harder to enclose than a platform built around captured users.</p>
+      <p>WebAZ does not begin by attacking companies or capital. It begins by making them less absolute.</p>
+      <p>Companies and capital may still exist, but they should no longer be the only gates through which people reach opportunity. WebAZ is built for a future where technology lowers the threshold to participate, where AI amplifies individuals instead of replacing them, and where open protocols make commercial participation available to anyone willing to build.</p>
+      <p>Let the old page turn.</p>
+      <p>From today, every step can count.</p>
+      <h2>2. Why WebAZ Exists</h2>
+      <p>The internet made publishing open. Open source made code collaboration open. AI agents may now make execution open.</p>
+      <p>But commerce is still largely trapped inside platforms.</p>
+      <p>Sellers depend on channels they do not own. Buyers often cannot verify why something is recommended. Contributors can create value that disappears into a company, queue, or forgotten issue. Workers can be laid off after years of contribution with little durable record of what they made possible. Builders outside major institutions may have ability, but not access.</p>
+      <p>WebAZ exists because this should not be the only path.</p>
+      <p>A person should be able to participate without first being hired by a large company. A small seller should be able to serve buyers through agents without surrendering the entire relationship to a platform. A contributor should be able to make a real improvement, attach evidence to it, and later claim that work. An AI agent should be able to execute useful work, but not pretend to be the accountable human behind it.</p>
+      <p>WebAZ is for people who still want to build after being ignored.</p>
+      <h2>3. What WebAZ Is</h2>
+      <p>WebAZ is not only an application. It is a protocol layer.</p>
+      <p>It has a PWA interface for humans and an MCP interface for AI agents. Both connect to the same underlying rules: product listings, orders, escrow, fulfillment, disputes, verification, task coordination, contributor records, audit trails, and governance boundaries.</p>
+      <p>The core idea is simple:</p>
+      <p>Code is rule. Protocol is trust.</p>
+      <p>A rule that exists only in marketing does not count. A promise that is not reflected in code is not a protocol. A contribution that cannot be traced is too easy to erase. A decision that leaves no audit trail is too easy to abuse.</p>
+      <p>WebAZ therefore treats transparency, auditability, and accountability as design requirements, not decoration.</p>
+      <h2>4. What WebAZ Is Not</h2>
+      <p>WebAZ is not a finished production economy.</p>
+      <p>WebAZ is not a guarantee of income.</p>
+      <p>WebAZ is not a token speculation project.</p>
+      <p>WebAZ is not a platform that sells ranking, sells user data, or asks users to trust hidden rules.</p>
+      <p>WebAZ is not an AI system that automatically judges human value.</p>
+      <p>WebAZ is not fully decentralized today. Its intended path is progressive decentralization: start with clear founder accountability, public rules, protected invariants, and a concrete codebase; then move more authority to contributors and governance as the community, safety mechanisms, and audit capacity mature.</p>
+      <p>Honesty matters more than grand claims. If WebAZ is early, it should say early. If a feature is not enforced in code, it should not be advertised as complete. If contribution value is uncommitted, it should be labeled uncommitted.</p>
+      <h2>5. Humans and Agents</h2>
+      <p>WebAZ is agent-native, but not agent-ruled.</p>
+      <p>AI agents can search, compare, draft, translate, test, audit, summarize, and execute bounded tasks. They can help a seller manage listings, help a buyer navigate choices, help a maintainer review proposals, or help a contributor produce a pull request.</p>
+      <p>But an agent is not the final moral or legal actor.</p>
+      <p>In WebAZ, the accountable party is a real human or organization. Agents may execute; humans decide. Agents may recommend; humans approve. Agents may draft; humans publish. Agents may help review; humans remain responsible for final judgment.</p>
+      <p>This distinction is central. It prevents WebAZ from becoming a black-box system where people are silently rejected, ranked down, or erased by automated judgment.</p>
+      <p>AI should expand participation, not replace accountability.</p>
+      <h2>6. Contribution Recognition</h2>
+      <p>WebAZ is built around a principle:</p>
+      <p>Contribute first, claim later.</p>
+      <p>A person should be able to start small: fix a typo, improve a translation, report a bug, write a test, propose a task, submit a pull request, or bring an agent to help with a bounded change.</p>
+      <p>That work should be remembered.</p>
+      <p>But being remembered is not the same as being promised money. WebAZ records contribution evidence, attribution, provenance, and review status. It does not promise a reward formula, payout, percentage, token, income, or redemption right from contribution alone.</p>
+      <p>This boundary matters. It protects contributors from false promises and protects the protocol from becoming a hype machine.</p>
+      <p>The promise is narrower and more important:</p>
+      <p>Real contributions should not disappear.</p>
+      <h2>7. The Task Board</h2>
+      <p>For WebAZ to welcome outside contributors, it cannot rely on vague goodwill. It needs a practical coordination layer.</p>
+      <p>A formal task should tell a human or agent what to do, why it matters, which files are allowed, which paths are forbidden, what actions are prohibited, how to verify the result, where to submit the pull request, and what &quot;done&quot; means.</p>
+      <p>This is why WebAZ uses an agent-ready task model. A participant's agent should be able to discover a public task, inspect the execution boundary, claim it when appropriate, submit a PR, and report verification results.</p>
+      <p>High-risk work is different. Anything involving funds, production secrets, user data, authentication, governance, migrations, or deployment must go through stricter review and human-in-the-loop boundaries.</p>
+      <p>Low-risk tasks should be easy to start. High-risk tasks should be hard to misuse.</p>
+      <h2>8. Commerce and Trust</h2>
+      <p>WebAZ also explores agent-native commerce.</p>
+      <p>A buyer should be able to delegate search, comparison, price locking, ordering, status tracking, and dispute initiation to an agent. A seller should be able to list products, accept orders, fulfill shipments, answer questions, and eventually expose skills or automation to buyer agents.</p>
+      <p>But commerce without trust becomes extraction.</p>
+      <p>WebAZ therefore treats order state, escrow, disputes, verification, audit logs, reputation, and claim challenges as protocol concerns. The goal is not to ask users to trust a platform. The goal is to make the rules visible enough that users, agents, maintainers, and reviewers can inspect what happened.</p>
+      <p>Trust should be built from state, evidence, and accountability.</p>
+      <h2>9. Governance</h2>
+      <p>WebAZ begins with founder accountability, but it should not end there.</p>
+      <p>The project's governance direction is progressive decentralization. Early phases require stronger founder and maintainer responsibility because the system is not yet mature enough to safely decentralize every decision. Over time, as contributors grow, audit practices improve, and protocol invariants stabilize, authority should move toward broader contributor governance.</p>
+      <p>Some rules are load-bearing:</p>
+      <p>No data theft. No lies. No favoritism. No abuse. No manipulation. Minimal intervention. Algorithmic transparency. Participant accountability.</p>
+      <p>These are not slogans. They are review criteria. They should shape code, UI, APIs, docs, admin tools, task boards, and public claims.</p>
+      <p>A governance system that cannot protect its own principles is only performance. WebAZ must become more open without becoming careless.</p>
+      <h2>10. Current Status</h2>
+      <p>WebAZ is pre-launch and under active development.</p>
+      <p>The codebase already contains core protocol surfaces: PWA, MCP, marketplace flows, order lifecycle, disputes, contributor entry, task coordination, admin panels, audit trails, and early governance documents.</p>
+      <p>But WebAZ should not claim production maturity before it has earned it. Metrics, user counts, economic settlement status, decentralization status, and safety guarantees must be stated honestly at the time of release.</p>
+      <p>At this stage, the correct invitation is not:</p>
+      <p>Trust us, everything is finished.</p>
+      <p>The correct invitation is:</p>
+      <p>Read the rules. Inspect the code. Start with a small task. Help build the protocol.</p>
+      <h2>11. How to Participate</h2>
+      <p>There are many ways to begin.</p>
+      <p>Read the repository. Read the contributor entry. Pick a small public task. Suggest a missing task. File a bug. Improve a document. Add a test. Submit a PR. Bring your agent, but keep a real human accountable. Sign commits. Explain what changed, why it matters, and how it was verified.</p>
+      <p>Participation does not require permission from a large platform.</p>
+      <p>It requires clarity, evidence, and responsibility.</p>
+      <p>WebAZ should be especially welcoming to people who have been overlooked elsewhere: laid-off workers, entrepreneurs, independent sellers, open-source contributors, builders outside major companies, and employees whose real ability has been hidden by their job title.</p>
+      <p>A protocol cannot promise that every contribution will become valuable. But it can refuse to erase sincere work.</p>
+      <h2>12. Boundaries</h2>
+      <p>WebAZ must be careful with its own language.</p>
+      <p>It should not promise employment. It should not promise rewards. It should not promise ownership where no legal structure exists. It should not claim full decentralization while founder or maintainer controls still exist. It should not imply that AI can decide the worth of a person's work.</p>
+      <p>A stronger statement is also a more honest one:</p>
+      <p>WebAZ is building the infrastructure for contribution to be visible, attributable, reviewable, and eventually governable by the people who build it.</p>
+      <p>That is enough for v0.1.</p>
+      <h2>13. Closing Manifesto</h2>
+      <p>WebAZ is not asking people to return to the old game with better tools.</p>
+      <p>It is asking us to turn the page.</p>
+      <p>The age of enclosing users behind walls is ending. The age of participation is beginning. Companies and capital will not disappear overnight, but their monopoly over opportunity can be weakened when people, agents, code, and open protocols work together.</p>
+      <p>WebAZ is built for that transition.</p>
+      <p>Not everyone will contribute in the same way. Some will write code. Some will sell. Some will review. Some will translate. Some will test. Some will propose. Some will simply show up early and help the protocol become understandable to the next person.</p>
+      <p>All of it matters.</p>
+      <p>WebAZ is for the seller who does not want to be trapped by one platform.</p>
+      <p>It is for the contributor whose work should not vanish into a forgotten queue.</p>
+      <p>It is for the laid-off engineer, the entrepreneur, the quiet operator, the translator, the reviewer, the tester, the designer, the maintainer, and the person who was never given the right title but kept solving real problems anyway.</p>
+      <p>It is for humans with agents, not humans replaced by agents.</p>
+      <p>WebAZ cannot promise that every contribution will be rewarded. It can promise to build toward a world where contribution is harder to erase.</p>
+      <p>Code can be reproduced.</p>
+      <p>People cannot.</p>
+      <p>From today, every step can count.</p>
+      <p>WebAZ belongs to everyone who builds it.</p>
+    <footer class="wp-foot">Generated from docs/WHITEPAPER.md — edit the source, not this file.</footer>
+  </main>
+</body>
+</html>

package/dist/pwa/public/whitepaper/zh-CN/index.html

@@ -0,0 +1,153 @@
+<!-- GENERATED from docs/WHITEPAPER.zh-CN.md by scripts/build-whitepaper-html.ts — DO NOT EDIT BY HAND. Run: npm run build:whitepaper -->
+<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>WebAZ 创始白皮书 v0.1</title>
+  <style>
+    :root { color-scheme: light }
+    * { box-sizing: border-box }
+    body { margin: 0; background: #fff; color: #18181B;
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Noto Sans SC', Helvetica, Arial, sans-serif;
+      -webkit-font-smoothing: antialiased; line-height: 1.7 }
+    .wp { max-width: 720px; margin: 0 auto; padding: 24px 20px 80px }
+    .wp-nav { display: flex; justify-content: space-between; align-items: center; gap: 12px;
+      font-size: 14px; padding: 8px 0 24px; border-bottom: 1px solid #E4E4E7; margin-bottom: 32px }
+    .wp-nav a { color: #3F3F46; text-decoration: none }
+    .wp-nav a:hover { color: #18181B; text-decoration: underline }
+    .wp-lang .cur { color: #A1A1AA }
+    h1 { font-size: clamp(28px, 6vw, 40px); font-weight: 700; line-height: 1.2; letter-spacing: -0.01em; margin: 8px 0 28px }
+    h2 { font-size: clamp(19px, 3.6vw, 24px); font-weight: 600; line-height: 1.3; margin: 44px 0 12px; color: #27272A }
+    p { font-size: 16px; color: #3F3F46; margin: 0 0 16px }
+    .wp-foot { margin-top: 56px; padding-top: 20px; border-top: 1px solid #E4E4E7;
+      font-size: 12px; color: #A1A1AA; line-height: 1.6 }
+    @media (max-width: 640px) { .wp { padding: 20px 18px 64px } }
+  </style>
+</head>
+<body>
+  <main class="wp">
+    <nav class="wp-nav">
+      <a href="/#welcome">← 返回首页</a>
+      <span class="wp-lang"><a href="/whitepaper/en">EN</a> / <span class="cur">中文</span></span>
+    </nav>
+      <h1>WebAZ 创始白皮书 v0.1</h1>
+      <h2>状态说明</h2>
+      <p>WebAZ 当前处于 pre-launch 和持续开发阶段。本文是创始说明和协议方向，不是投资文件，不是 token 白皮书，也不是收入、奖励、所有权或兑付承诺。</p>
+      <h2>摘要</h2>
+      <p>WebAZ 是一个 agent-native 的商业与贡献协议。</p>
+      <p>它从一个简单的信念出发：在 AI 时代，最重要、最有价值的是参与。</p>
+      <p>每一个人的存在和参与，本身就是真实的价值。一个人不应该为了贡献、建设、交易或表达，不断向平台、雇主、算法或电子围栏证明自己真实存在。存在、思考、行动、建设、帮助、改进某件事，并留下参与的证据，这些本身就是价值。</p>
+      <p>我思故我在。</p>
+      <p>在 WebAZ 里，我们把这句话带入 AI 时代：</p>
+      <p>我参与，故我被看见。</p>
+      <p>WebAZ 试图建设一种新的商业文明：人和 agent 可以一起参与，贡献会留下证据，规则可以被审计，AI 可以辅助，但最终责任仍由人承担；参与机会不应只属于已经站在大公司和大平台内部的人。</p>
+      <h2>1. 参与的价值</h2>
+      <p>很长一段时间，公司和平台通过围住用户、数据、流量、商家、劳动者和创作者来建立护城河。</p>
+      <p>那些围墙让参与变成一种被许可的事情。谁能进入，谁能被发现，谁能销售，谁能被信任，谁的贡献会被记住，都由平台决定。</p>
+      <p>AI 正在改变这一切。</p>
+      <p>当个人可以和 agent 一起工作，执行力就不再只属于大型组织。一个带着 agent 的人，可以建设、销售、审核、翻译、测试、协调和贡献。AI 时代真正的护城河，不再是围住用户的墙，而是愿意一起建设的人持续参与所形成的生命力。</p>
+      <p>WebAZ 建立在这个信念之上。</p>
+      <p>面对强大的公司，我们不需要担心自己没有护城河。我们的参与就是护城河。我们的证据就是护城河。我们的共同协议就是护城河。由参与者共同建设的文明，比围猎用户的平台更难被圈住。</p>
+      <p>WebAZ 不从攻击公司或资本开始，而是从削弱它们对参与机会的垄断开始。</p>
+      <p>公司和资本仍然可能存在，但它们不应该继续成为通往机会的唯一入口。WebAZ 是为这样一个未来而建：科技降低参与门槛，AI 放大个人而不是替代个人，开放协议让每一个愿意建设的人都能进入商业文明。</p>
+      <p>翻篇。</p>
+      <p>从今天开始，每一步都可以算数。</p>
+      <h2>2. 为什么需要 WebAZ</h2>
+      <p>互联网让发布变得开放。开源让代码协作变得开放。AI agent 可能让执行力变得开放。</p>
+      <p>但商业仍然被大量平台锁住。</p>
+      <p>卖家依赖自己并不真正拥有的渠道。买家很难知道推荐为什么出现。贡献者可以创造价值，却被遗忘在公司、队列、issue 或离职记录之外。很多人在岗位上长期解决真实问题，但一旦组织变化，他们的贡献就像没有发生过。大机构之外的建设者可能有能力，却没有入口。</p>
+      <p>WebAZ 之所以存在，是因为这不应该是唯一道路。</p>
+      <p>一个人不应该必须先被大公司雇佣，才能参与建设。一个小卖家不应该为了服务买家，把全部关系交给平台。一个贡献者不应该只能把工作交出去，却无法留下证据。一个 AI agent 可以执行工作，但不能冒充背后的责任人。</p>
+      <p>WebAZ 是为那些被忽视之后仍然想建设的人而生的。</p>
+      <h2>3. WebAZ 是什么</h2>
+      <p>WebAZ 不只是一个应用，而是一层协议。</p>
+      <p>它有人类使用的 PWA，也有 AI agent 使用的 MCP 接口。两者连接同一套底层规则：商品、订单、托管、履约、争议、验证、任务协调、贡献记录、审计轨迹和治理边界。</p>
+      <p>WebAZ 的核心表达是：</p>
+      <p>代码即规则，协议即信任。</p>
+      <p>只存在于宣传里的规则，不算规则。没有被代码执行的承诺，不算协议。无法追踪的贡献，太容易被抹掉。没有审计轨迹的决策，太容易被滥用。</p>
+      <p>因此，透明、可审计、可问责，不是 WebAZ 的装饰，而是设计要求。</p>
+      <h2>4. WebAZ 不是什么</h2>
+      <p>WebAZ 不是已经完成的生产经济体。</p>
+      <p>WebAZ 不保证收入。</p>
+      <p>WebAZ 不是 token 炒作项目。</p>
+      <p>WebAZ 不是一个出售排序、出售用户数据、要求用户相信隐藏规则的平台。</p>
+      <p>WebAZ 不是一个由 AI 自动裁决人类价值的系统。</p>
+      <p>WebAZ 今天也不能宣称已经完全去中心化。它的方向是渐进式去中心化：先从明确的创始人责任、公开规则、受保护的协议不变量和真实代码库开始；随着社区、审计能力和安全机制成熟，再逐步把更多权力交给贡献者和治理结构。</p>
+      <p>诚实比宏大的口号更重要。早期就说早期。没有代码执行的功能，就不要宣传为已经完成。贡献价值仍未承诺，就必须标注为 uncommitted。</p>
+      <h2>5. 人与 Agent</h2>
+      <p>WebAZ 是 agent-native，但不是 agent-ruled。</p>
+      <p>AI agent 可以搜索、比较、起草、翻译、测试、审计、总结和执行有边界的任务。它可以帮助卖家管理商品，帮助买家做选择，帮助管理员整理建议，帮助贡献者提交 PR。</p>
+      <p>但 agent 不是最终的道德或法律主体。</p>
+      <p>在 WebAZ 里，真正承担责任的是人或组织。Agent 可以执行，但人做决定。Agent 可以建议，但人来确认。Agent 可以起草，但人来发布。Agent 可以辅助审核，但最终判断必须留下人的责任。</p>
+      <p>这一点非常重要。它防止 WebAZ 变成一个黑箱系统，让人被 AI 静默拒绝、降权或抹去。</p>
+      <p>AI 应该扩大参与，而不是替代责任。</p>
+      <h2>6. 贡献如何被看见</h2>
+      <p>WebAZ 的贡献原则是：</p>
+      <p>先贡献，后认领。</p>
+      <p>一个人应该可以从很小的事情开始：修一个错字，补一条翻译，报告一个 bug，写一个测试，提出一个任务建议，提交一个 PR，或者带着自己的 agent 完成一个清晰的小任务。</p>
+      <p>这些工作应该被记住。</p>
+      <p>但被记住不等于承诺金钱。WebAZ 记录贡献证据、署名、来源、审核状态和可认领关系。它不因为一次贡献本身承诺奖励公式、兑付、百分比、token、收入或任何未来收益。</p>
+      <p>这个边界很重要。它保护贡献者不被虚假承诺吸引，也保护协议不变成炒作机器。</p>
+      <p>WebAZ 的承诺更窄，但更重要：</p>
+      <p>真实贡献不应消失。</p>
+      <h2>7. 任务板</h2>
+      <p>如果 WebAZ 要欢迎外部贡献者，就不能只依赖模糊的善意。它需要一套实际的协调层。</p>
+      <p>一个正式任务应该告诉人或 agent：要做什么，为什么重要，允许改哪些文件，禁止碰哪些路径，禁止做哪些动作，如何验证结果，PR 应该提交到哪里，怎样才算完成。</p>
+      <p>这就是 WebAZ 需要 agent-ready task model 的原因。参与者的 agent 应该能发现公开任务、理解执行边界、在合适时认领、提交 PR，并报告验证结果。</p>
+      <p>高风险任务必须不同处理。任何涉及资金、生产密钥、真实用户数据、认证、治理、数据库迁移或部署的任务，都必须进入更严格的审核和真人在环流程。</p>
+      <p>低风险任务应该容易开始。高风险任务应该难以被滥用。</p>
+      <h2>8. 商业与信任</h2>
+      <p>WebAZ 也在探索 agent-native commerce。</p>
+      <p>买家应该可以把搜索、比较、锁价、下单、查状态和发起争议交给 agent。卖家应该可以上架商品、接单、发货、回答问题，并逐步向买家 agent 暴露自己的服务能力。</p>
+      <p>但没有信任的商业会变成掠夺。</p>
+      <p>因此 WebAZ 把订单状态、托管、争议、验证、审计日志、声誉和 claim challenge 都视为协议层问题。目标不是让用户相信一个平台，而是让规则足够可见，使用户、agent、维护者和审核者都能检查到底发生了什么。</p>
+      <p>信任应该来自状态、证据和责任。</p>
+      <h2>9. 治理</h2>
+      <p>WebAZ 从创始人责任开始，但不应该停在那里。</p>
+      <p>WebAZ 的治理方向是渐进式去中心化。早期阶段需要更强的创始人和维护者责任，因为系统还不成熟，不适合把所有决定都立刻交出去。随着贡献者增加、审计实践成熟、协议不变量稳定，权力应该逐步交给更广泛的贡献者治理。</p>
+      <p>有些规则是承重墙：</p>
+      <p>不偷数据。不撒谎。不偏袒。不滥用。不操纵。最小介入。算法透明。参与者可问责。</p>
+      <p>这些不是口号，而是 review 标准。它们应该影响代码、UI、API、文档、管理员工具、任务板和公开表述。</p>
+      <p>一个无法保护自身原则的治理系统，只是表演。WebAZ 必须变得更开放，但不能变得更草率。</p>
+      <h2>10. 当前状态</h2>
+      <p>WebAZ 当前处于 pre-launch 和持续开发阶段。</p>
+      <p>代码库已经包含核心协议界面：PWA、MCP、市场交易路径、订单生命周期、争议、贡献者入口、任务协调、管理员面板、审计轨迹和早期治理文档。</p>
+      <p>但 WebAZ 不应该在真正成熟之前声称已经成熟。指标、用户规模、经济结算状态、去中心化状态和安全保证，都必须在发布时诚实说明。</p>
+      <p>这个阶段正确的邀请不是：</p>
+      <p>相信我们，一切都完成了。</p>
+      <p>而是：</p>
+      <p>阅读规则。检查代码。从小任务开始。一起把协议建出来。</p>
+      <h2>11. 如何参与</h2>
+      <p>参与 WebAZ 可以从很多地方开始。</p>
+      <p>阅读仓库。阅读贡献者入口。认领一个小任务。提出一个缺失任务。报告 bug。改进文档。补测试。提交 PR。带上你的 agent，但保留一个真实的人作为责任主体。签署 commit。说明你改了什么、为什么改、如何验证。</p>
+      <p>参与不应该依赖大平台许可。</p>
+      <p>它需要的是清晰、证据和责任。</p>
+      <p>WebAZ 尤其应该欢迎那些在别处被忽视的人：被裁员的人，创业者，独立卖家，开源贡献者，大公司之外的建设者，以及那些真实能力被岗位名称遮住的人。</p>
+      <p>一个协议不能承诺每一份贡献都会变成回报。但它可以拒绝让真诚的工作被抹去。</p>
+      <h2>12. 边界</h2>
+      <p>WebAZ 必须谨慎使用自己的语言。</p>
+      <p>它不应该承诺雇佣关系。不应该承诺奖励。不应该在法律结构尚不存在时承诺所有权。不应该在创始人或维护者控制仍然存在时宣称完全去中心化。不应该暗示 AI 可以决定人的贡献价值。</p>
+      <p>更强的表达，往往也是更诚实的表达：</p>
+      <p>WebAZ 正在建设一套基础设施，让贡献变得可见、可署名、可审核，并最终能被建设它的人共同治理。</p>
+      <p>对于 v0.1，这已经足够。</p>
+      <h2>13. 结语</h2>
+      <p>WebAZ 不是让人带着更强的工具，回到旧游戏里继续竞争。</p>
+      <p>WebAZ 想做的是翻篇。</p>
+      <p>筑起围墙围猎用户的时代正在过去。参与的时代正在开始。公司和资本不会一夜之间消失，但当人、agent、代码和开放协议一起工作时，它们对机会的垄断会被削弱。</p>
+      <p>WebAZ 正是为这个转变而建。</p>
+      <p>每个人参与的方式不一样。有人写代码，有人销售，有人审核，有人翻译，有人测试，有人提建议，也有人只是早早来到这里，帮助这个协议变得更容易被下一个人理解。</p>
+      <p>这些都算数。</p>
+      <p>WebAZ 是给不想被单一平台困住的卖家。</p>
+      <p>给不希望贡献消失在队列里的贡献者。</p>
+      <p>给被裁员的工程师，创业者，沉默的运营者，翻译者，审核者，测试者，设计者，维护者，以及那些从未得到合适头衔、却一直在解决真实问题的人。</p>
+      <p>WebAZ 是给带着 agent 的人，而不是用 agent 替代人。</p>
+      <p>WebAZ 不能承诺每一份贡献都会得到奖励。它能承诺的是：持续建设一个让贡献更难被抹去的世界。</p>
+      <p>代码可以复现。</p>
+      <p>而你不能被替代。</p>
+      <p>从今天开始，你走的每一步，都可以算数。</p>
+      <p>WebAZ 属于所有建设它的人。</p>
+    <footer class="wp-foot">由 docs/WHITEPAPER.zh-CN.md 生成 —— 改源文件,不要改本文件。</footer>
+  </main>
+</body>
+</html>

package/dist/pwa/routes/admin-atomic.js

@@ -1,21 +1,27 @@
 export function registerAdminAtomicRoutes(app, deps) {
-    const { requireProtocolAdmin, processPvLedger, runBinarySettlement, executeSafeSettlementCron } = deps;
+    const { requireProtocolAdmin, processPvLedger, runBinarySettlement, executeSafeSettlementCron, logAdminAction } = deps;
     app.post('/api/admin/atomic/process-ledger', (req, res) => {
         const admin = requireProtocolAdmin(req, res);
         if (!admin)
             return;
-        res.json({ processed: processPvLedger() });
+        const processed = processPvLedger();
+        logAdminAction(admin.id, 'atomic_process_ledger', 'protocol', null, { processed });
+        res.json({ processed });
     });
     app.post('/api/admin/atomic/run-settlement', (req, res) => {
         const admin = requireProtocolAdmin(req, res);
         if (!admin)
             return;
-        res.json({ settled: runBinarySettlement() });
+        const settled = runBinarySettlement();
+        logAdminAction(admin.id, 'atomic_run_settlement', 'protocol', null, { settled });
+        res.json({ settled });
     });
     app.post('/api/admin/atomic/distribute', (req, res) => {
         const admin = requireProtocolAdmin(req, res);
         if (!admin)
             return;
-        res.json(executeSafeSettlementCron());
+        const result = executeSafeSettlementCron();
+        logAdminAction(admin.id, 'atomic_distribute', 'protocol', null, { result });
+        res.json(result);
     });
 }

package/dist/pwa/routes/admin-moderation.js

@@ -1,7 +1,7 @@
 import { dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerAdminModerationRoutes(app, deps) {
     // db 已全量走 RFC-016 异步 seam(dbAll/dbRun),不再直接用 deps.db
-    const { requireUsersAdmin, generateId, authFailures, INTERNAL_AUDITOR_ID, broadcastSystemEvent } = deps;
+    const { requireUsersAdmin, generateId, authFailures, INTERNAL_AUDITOR_ID, broadcastSystemEvent, logAdminAction } = deps;
     // ─── KYC ──────────────────────────────────────────────────────
     app.get('/api/admin/kyc/pending', async (req, res) => {
         const admin = requireUsersAdmin(req, res);
@@ -19,6 +19,12 @@ export function registerAdminModerationRoutes(app, deps) {
         if (!admin)
             return;
         await dbRun(`UPDATE kyc_records SET status = 'approved', reviewed_by = ?, reviewed_at = datetime('now') WHERE user_id = ?`, [admin.id, req.params.user_id]);
+        try {
+            logAdminAction(admin.id, 'kyc_approve', 'user', req.params.user_id, {});
+        }
+        catch (e) {
+            console.error('[kyc_approve audit]', e);
+        }
         try {
             await dbRun(`INSERT INTO notifications (id, user_id, title, body, order_id) VALUES (?,?,?,?,?)`, [generateId('ntf'), req.params.user_id, '✓ KYC 认证通过', '你的实名认证已通过', null]);
         }
@@ -33,6 +39,12 @@ export function registerAdminModerationRoutes(app, deps) {
         if (!reason)
             return void res.status(400).json({ error: '需填写拒绝原因' });
         await dbRun(`UPDATE kyc_records SET status = 'rejected', reject_reason = ?, reviewed_by = ?, reviewed_at = datetime('now') WHERE user_id = ?`, [reason, admin.id, req.params.user_id]);
+        try {
+            logAdminAction(admin.id, 'kyc_reject', 'user', req.params.user_id, { reason });
+        }
+        catch (e) {
+            console.error('[kyc_reject audit]', e);
+        }
         try {
             await dbRun(`INSERT INTO notifications (id, user_id, title, body, order_id) VALUES (?,?,?,?,?)`, [generateId('ntf'), req.params.user_id, '✗ KYC 认证被拒', reason, null]);
         }
@@ -101,6 +113,12 @@ export function registerAdminModerationRoutes(app, deps) {
         await dbRun(`INSERT INTO user_moderation (user_id, suspended, reason, suspended_by, suspended_at)
       VALUES (?, 1, ?, ?, datetime('now'))
       ON CONFLICT(user_id) DO UPDATE SET suspended = 1, reason = excluded.reason, suspended_by = excluded.suspended_by, suspended_at = excluded.suspended_at`, [req.params.user_id, reasonStr, admin.id]);
+        try {
+            logAdminAction(admin.id, 'risk_suspend', 'user', req.params.user_id, { reason: reasonStr });
+        }
+        catch (e) {
+            console.error('[risk_suspend audit]', e);
+        }
         try {
             broadcastSystemEvent('user_suspended', '⚠', `用户 ${req.params.user_id} 被风控暂停: ${reasonStr}`, req.params.user_id);
         }
@@ -112,6 +130,12 @@ export function registerAdminModerationRoutes(app, deps) {
         if (!admin)
             return;
         await dbRun(`UPDATE user_moderation SET suspended = 0 WHERE user_id = ?`, [req.params.user_id]);
+        try {
+            logAdminAction(admin.id, 'risk_unsuspend', 'user', req.params.user_id, {});
+        }
+        catch (e) {
+            console.error('[risk_unsuspend audit]', e);
+        }
         res.json({ success: true });
     });
 }

package/dist/pwa/routes/admin-ops.js

@@ -1,6 +1,6 @@
 import { dbOne, dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerAdminOpsRoutes(app, deps) {
-    const { db, auth, requireUsersAdmin, hasAdminPermission, INTERNAL_AUDITOR_ID, ADMIN_EXPORT_LIMIT, csvEscapeAdmin, anthropic, applyDecayIfDue, computeValueBadges } = deps;
+    const { db, auth, requireUsersAdmin, hasAdminPermission, INTERNAL_AUDITOR_ID, ADMIN_EXPORT_LIMIT, csvEscapeAdmin, anthropic, applyDecayIfDue, computeValueBadges, logAdminAction } = deps;
     app.get('/api/admin/export/:kind', async (req, res) => {
         const admin = requireUsersAdmin(req, res);
         if (!admin)
@@ -105,9 +105,20 @@ export function registerAdminOpsRoutes(app, deps) {
         const user = auth(req, res);
         if (!user)
             return;
+        // gate 维持现状(任一 admin);收紧到 requireUsersAdmin / protocol 权限是 gate 变更(非纯增量),留作 follow-up。
         if (user.role !== 'admin')
             return void res.status(403).json({ error: '仅管理员' });
-        const r = applyDecayIfDue(db, { force: !!req.body?.force });
+        const force = !!req.body?.force;
+        const r = applyDecayIfDue(db, { force });
+        // 审计:管理员触发的全局声誉衰减 → 记触发者 + 入参 + 结果(无论是否真正执行,记录这次触发)。
+        try {
+            logAdminAction(user.id, 'reputation_decay', 'protocol', null, {
+                force, applied: r?.applied ?? null, affected: r?.affected ?? null, rate: r?.rate ?? null,
+            });
+        }
+        catch (e) {
+            console.error('[reputation_decay audit]', e);
+        }
         res.json(r);
     });
     app.get('/api/admin/errors', async (req, res) => {

package/dist/pwa/routes/admin-users-query.js

@@ -1,7 +1,7 @@
 import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerAdminUsersQueryRoutes(app, deps) {
     // db 已全量走 RFC-016 异步 seam(dbOne/dbAll/dbRun),不再直接用 deps.db
-    const { requireUsersAdmin, adminCanOperateOn, isRootAdmin, isAllowedSponsor, maskApiKey, computeLightTags, getAdminScope, getSellerDailyLimit, todayStartISO, broadcastSystemEvent, INTERNAL_AUDITOR_ID } = deps;
+    const { requireUsersAdmin, adminCanOperateOn, isRootAdmin, isAllowedSponsor, maskApiKey, computeLightTags, getAdminScope, getSellerDailyLimit, todayStartISO, broadcastSystemEvent, INTERNAL_AUDITOR_ID, logAdminAction } = deps;
     // P1-1: 按 handle / id 任意角色查找
     app.get('/api/admin/users/lookup', async (req, res) => {
         const admin = requireUsersAdmin(req, res);
@@ -110,6 +110,17 @@ export function registerAdminUsersQueryRoutes(app, deps) {
             }
         }
         const ok = results.filter(r => r.status === 'ok').length;
+        try {
+            // 防审计行膨胀:批量上限本就 ≤200,但仍只记前 50 个 id + 计数(truncated 标记),保证单行有界。
+            const okIds = results.filter(r => r.status === 'ok').map(r => r.user_id);
+            logAdminAction(admin.id, 'users_batch_' + String(action), 'user', null, {
+                action, reason: reasonStr, applied: ok, requested: user_ids.length,
+                user_ids: okIds.slice(0, 50), user_ids_truncated: okIds.length > 50,
+            });
+        }
+        catch (e) {
+            console.error('[users_batch audit]', e);
+        }
         try {
             broadcastSystemEvent('admin_bulk_' + action, '🛡', `${admin.id} 批量${action === 'suspend' ? '暂停' : '解封'} ${ok} 用户`, null);
         }

package/dist/pwa/routes/admin-wallet-ops.js

@@ -1,7 +1,7 @@
 import { dbOne, dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerAdminWalletOpsRoutes(app, deps) {
     // db 已走 RFC-016 异步 seam(dbOne/dbAll),不再直接用 deps.db
-    const { requireProtocolAdmin, adminAuth, getPublicClient, getUsdcAddr, getUsdcAbi, getHotWalletAddr, wazToUsdc, getIsMainnet, getNetwork, executeWithdrawal } = deps;
+    const { requireProtocolAdmin, adminAuth, getPublicClient, getUsdcAddr, getUsdcAbi, getHotWalletAddr, wazToUsdc, getIsMainnet, getNetwork, executeWithdrawal, logAdminAction, resolveProtocolAdminSoft } = deps;
     // P2-5: protocol 权限（区域 admin 看不到全局热钱包）
     app.get('/api/admin/hot-wallet/status', async (req, res) => {
         const admin = requireProtocolAdmin(req, res);
@@ -58,11 +58,34 @@ export function registerAdminWalletOpsRoutes(app, deps) {
         res.json(list);
     });
     app.post('/api/admin/withdrawals/:id/approve', async (req, res) => {
-        if (!adminAuth(req, res))
-            return;
+        // 双轨过渡鉴权:优先认登录的 protocol-admin(Bearer)→ 记其真实 admin id;
+        // 否则回落到共享 ADMIN_KEY(adminAuth,既有运维路径,行为不变)→ actor 记中性标记 'admin_key'。
+        // 仅认 protocol 权限的 admin;非 protocol 的 Bearer 不放行(soft 解析返回 null),不扩大访问面,只精确归属。
+        let actorId = 'admin_key';
+        let authMethod = 'admin_key';
+        const bearerAdmin = resolveProtocolAdminSoft(req);
+        if (bearerAdmin) {
+            actorId = String(bearerAdmin.id);
+            authMethod = 'bearer_admin';
+        }
+        else {
+            if (!adminAuth(req, res))
+                return;
+        }
+        // 出金前读取目标(user + amount),便于审计;执行后用真实 txHash 记一条 admin_audit_log。
+        const wr = await dbOne('SELECT user_id, amount FROM withdrawal_requests WHERE id = ?', [req.params.id]);
         const result = await executeWithdrawal(req.params.id).catch(e => ({ success: false, error: e.message, txHash: undefined }));
         if (!result.success)
             return void res.json({ error: result.error });
+        // 审计时机:仅在出金成功后写。actor = 真实 admin id(bearer_admin)或中性标记 'admin_key';不写任何密钥。
+        try {
+            logAdminAction(actorId, 'withdrawal_approve', 'withdrawal', req.params.id, {
+                user_id: wr?.user_id ?? null, amount: wr?.amount ?? null, tx_hash: result.txHash, network: getNetwork(), auth_method: authMethod,
+            });
+        }
+        catch (e) {
+            console.error('[withdrawal_approve audit]', e);
+        }
         res.json({ success: true, tx_hash: result.txHash });
     });
 }

package/dist/pwa/routes/auction.js

@@ -56,7 +56,7 @@ export function fireDueAuctionReminders(db, generateId) {
     return { fired };
 }
 export function registerAuctionRoutes(app, deps) {
-    const { db, auth, generateId, RFQ_MAX_QTY, RFQ_MAX_PRICE, LISTING_CATEGORIES, isListingCategoryKey, requireProtocolAdmin } = deps;
+    const { db, auth, generateId, RFQ_MAX_QTY, RFQ_MAX_PRICE, LISTING_CATEGORIES, isListingCategoryKey, requireProtocolAdmin, logAdminAction } = deps;
     // 卖家发起拍卖
     app.post('/api/auctions', async (req, res) => {
         const user = auth(req, res);
@@ -473,6 +473,8 @@ export function registerAuctionRoutes(app, deps) {
         const admin = requireProtocolAdmin(req, res);
         if (!admin)
             return;
-        res.json(fireDueAuctionReminders(db, generateId));
+        const result = fireDueAuctionReminders(db, generateId);
+        logAdminAction(admin.id, 'auction_reminders_run', 'protocol', null, { result });
+        res.json(result);
     });
 }

package/dist/pwa/routes/auth-read.js

@@ -17,7 +17,15 @@ export function registerAuthReadRoutes(app, deps) {
         const region = user.region || 'global';
         const maxLevels = getRegionMaxLevels(region);
         const pvEnabled = (await dbOne("SELECT pv_enabled FROM region_config WHERE region = ?", [region]))?.pv_enabled ?? 0;
-        res.json({ ...user, api_key: undefined, roles, wallet: wallet || null, region_max_levels: maxLevels, region_pv_enabled: Number(pvEnabled) === 1 ? 1 : 0 });
+        // 恢复能力标志(供首页"无恢复方式"横幅 + 凭证清单徽章用)。password_hash 不外泄,只回布尔。
+        const passkeyCount = (await dbOne('SELECT COUNT(*) AS n FROM webauthn_credentials WHERE user_id = ?', [user.id]))?.n ?? 0;
+        res.json({
+            ...user, api_key: undefined, password_hash: undefined,
+            roles, wallet: wallet || null, region_max_levels: maxLevels, region_pv_enabled: Number(pvEnabled) === 1 ? 1 : 0,
+            email_verified: !!user.email_verified,
+            has_password: !!user.password_hash,
+            has_passkey: Number(passkeyCount) > 0,
+        });
     });
     app.get('/api/profile', async (req, res) => {
         const user = auth(req, res);
@@ -43,6 +51,7 @@ export function registerAuthReadRoutes(app, deps) {
             phone: user.phone ?? null,
             phone_verified: !!user.phone_verified,
             has_password: !!user.password_hash,
+            has_passkey: ((await dbOne('SELECT COUNT(*) AS n FROM webauthn_credentials WHERE user_id = ?', [user.id]))?.n ?? 0) > 0,
             region: user.region ?? 'global',
             region_max_levels: getRegionMaxLevels(user.region || 'global'),
             region_pv_enabled: (((await dbOne("SELECT pv_enabled FROM region_config WHERE region = ?", [user.region || 'global']))?.pv_enabled ?? 0) === 1 ? 1 : 0),