@seasonkoh/webaz 0.1.26 → 0.1.27

package/dist/pwa/routes/public-utils.js

@@ -66,12 +66,10 @@ export function registerPublicUtilsRoutes(app, deps) {
     });
     app.get('/api/system-flags', async (_req, res) => {
         const requireRef = (await dbOne("SELECT value FROM system_state WHERE key='require_ref_to_register'"))?.value === '1';
-        const inviteRotation = (await dbOne("SELECT value FROM system_state WHERE key='invite_rotation_enabled'"))?.value === '1';
         // #1049 Turnstile 公钥(若启用),前端注册表单 widget 用
         const turnstileSiteKey = process.env.TURNSTILE_SITE_KEY || null;
         res.json({
             require_ref_to_register: requireRef,
-            invite_rotation_enabled: inviteRotation,
             turnstile_site_key: turnstileSiteKey,
         });
     });
@@ -134,13 +132,12 @@ export function registerPublicUtilsRoutes(app, deps) {
             },
             // 公开披露文档(#1050) — 协议层"钱怎么流"的源真理(协议外可读)
             disclosures: {
-                // 源码仓库 launch 前私有,下列 github 链接可能 404(launch 时开),不是死项目;机器可读 spec 已全在 /.well-known/*。
-                source_status: 'repo private until W8 public launch — github.com links below may 404 until then (they open at launch); the full spec is already public via /.well-known/*.',
-                economic_model: 'https://github.com/seasonsagents-art/webaz/blob/main/docs/ECONOMIC-MODEL.md',
-                mlm_compliance: 'https://github.com/seasonsagents-art/webaz/blob/main/docs/MLM-COMPLIANCE.md',
-                agent_governance: 'https://github.com/seasonsagents-art/webaz/blob/main/docs/AGENT-GOVERNANCE.md',
-                protocol_compatibility: 'https://github.com/seasonsagents-art/webaz/blob/main/docs/PROTOCOL-COMPATIBILITY-AUDIT-2026-05-30.md',
-                changelog: 'https://github.com/seasonsagents-art/webaz/blob/main/CHANGELOG.md',
+                // 源码仓库已公开(github.com/webaz-protocol/webaz);机器可读 spec 也全在 /.well-known/*。
+                source_status: 'repo is public (github.com/webaz-protocol/webaz); the full spec is also available via /.well-known/*.',
+                economic_model: 'https://github.com/webaz-protocol/webaz/blob/main/docs/ECONOMIC-MODEL.md',
+                mlm_compliance: 'https://github.com/webaz-protocol/webaz/blob/main/docs/PARTICIPATION-ATTRIBUTION-COMPLIANCE.md',
+                agent_governance: 'https://github.com/webaz-protocol/webaz/blob/main/docs/AGENT-GOVERNANCE.md',
+                changelog: 'https://github.com/webaz-protocol/webaz/blob/main/CHANGELOG.md',
                 // RFC-011 §②:agent 可读能力矩阵(写边界 action-scope + 敏感读 scope),live doc=code
                 capability_matrix: 'https://webaz.xyz/.well-known/webaz-capabilities.json',
             },
@@ -457,9 +454,9 @@ export function registerPublicUtilsRoutes(app, deps) {
                 eligibility,
                 quiz_pass_score: quizPassScore,
                 spec_urls: {
-                    onboarding: 'https://github.com/seasonsagents-art/webaz/blob/main/docs/GOVERNANCE-ONBOARDING.md',
-                    playbook: 'https://github.com/seasonsagents-art/webaz/blob/main/docs/ARBITRATION-PLAYBOOK.md',
-                    leaderboard: 'https://github.com/seasonsagents-art/webaz/blob/main/docs/GOVERNANCE-LEADERBOARD-SPEC.md',
+                    onboarding: 'https://github.com/webaz-protocol/webaz/blob/main/docs/GOVERNANCE-ONBOARDING.md',
+                    playbook: 'https://github.com/webaz-protocol/webaz/blob/main/docs/ARBITRATION-PLAYBOOK.md',
+                    leaderboard: 'https://github.com/webaz-protocol/webaz/blob/main/docs/GOVERNANCE-LEADERBOARD-SPEC.md',
                 },
             });
         }

package/dist/pwa/routes/referral.js

@@ -1,7 +1,8 @@
-import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
+import { dbOne, dbAll } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
+import { genuineSalePredicate } from '../../layer0-foundation/L0-2-state-machine/genuine-sale.js'; // 真实成交单一真相源
 export function registerReferralRoutes(app, deps) {
     // db 已全量走 RFC-016 异步 seam(dbOne/dbAll/dbRun),不再直接用 deps.db
-    const { auth, requireProtocolAdmin, logAdminAction, issueInviteSlot, inviteRotationLookup } = deps;
+    const { auth } = deps;
     // B-1: 个人邀请 dashboard
     app.get('/api/referral/me', async (req, res) => {
         const user = auth(req, res);
@@ -36,28 +37,6 @@ export function registerReferralRoutes(app, deps) {
             },
         });
     });
-    // 公开邀请码轮询（开关 ON 时）
-    app.post('/api/invite/rotate', async (_req, res) => {
-        const enabled = (await dbOne("SELECT value FROM system_state WHERE key='invite_rotation_enabled'"))?.value === '1';
-        if (!enabled)
-            return void res.status(403).json({ error: '邀请码获取暂未开放', enabled: false });
-        const slot = issueInviteSlot();
-        const u = inviteRotationLookup(slot);
-        if (!u)
-            return void res.status(503).json({ error: `轮询用户未就绪，请联系管理员`, enabled: true });
-        res.json({ enabled: true, code: u.code });
-    });
-    // protocol 开关
-    app.post('/api/admin/invite-rotation/toggle', async (req, res) => {
-        const admin = requireProtocolAdmin(req, res);
-        if (!admin)
-            return;
-        const { enabled } = req.body;
-        const v = enabled ? '1' : '0';
-        await dbRun("INSERT OR REPLACE INTO system_state (key, value) VALUES ('invite_rotation_enabled', ?)", [v]);
-        logAdminAction(admin.id, 'invite_rotation_toggle', 'system', 'invite_rotation_enabled', { value: v });
-        res.json({ success: true, enabled: !!enabled });
-    });
     // RFC-003 #1122: 生成商品分享链接(把 MCP webaz_share_link 的本地计算搬到服务端,
     // 让 MCP NETWORK 模式可代理)。RFC-002 §3.5 valuation-layer gate:需 rewards opt-in。
     // pre-public 去左右码:不再接受/返回 side,放置侧别由注册时系统自动决定。
@@ -77,7 +56,7 @@ export function registerReferralRoutes(app, deps) {
             };
             const minOrders = await getParam('rewards_opt_in.min_completed_orders', 1);
             const requirePasskey = await getParam('rewards_opt_in.require_passkey', 1);
-            const totalCompleted = (await dbOne("SELECT COUNT(*) as n FROM orders WHERE buyer_id = ? AND status = 'completed'", [userId])).n;
+            const totalCompleted = (await dbOne(`SELECT COUNT(*) as n FROM orders WHERE buyer_id = ? AND ${genuineSalePredicate('orders')}`, [userId])).n; // 真实成交,排除退款/违约
             const passkeyCount = (await dbOne("SELECT COUNT(*) as n FROM webauthn_credentials WHERE user_id = ?", [userId])).n;
             const missing = [];
             if (totalCompleted < minOrders)
@@ -101,7 +80,7 @@ export function registerReferralRoutes(app, deps) {
         if (!product)
             return void res.status(404).json({ error: '商品不存在或已下架', error_code: 'PRODUCT_NOT_FOUND' });
         // pre-public 去左右码:分享链接不再计算/携带 side(放置侧别由注册时系统自动决定)
-        const completed = (await dbOne("SELECT COUNT(*) as n FROM orders WHERE buyer_id = ? AND status = 'completed'", [userId])).n;
+        const completed = (await dbOne(`SELECT COUNT(*) as n FROM orders WHERE buyer_id = ? AND ${genuineSalePredicate('orders')}`, [userId])).n; // 真实成交,排除退款/违约
         const override = (await dbOne("SELECT l1_share_override FROM users WHERE id = ?", [userId]))?.l1_share_override ?? 0;
         const canL1 = override === 1 || (override === 0 && completed > 0);
         const rate = Number(product.commission_rate ?? 0);

package/dist/pwa/routes/rewards-apply.js

@@ -1,5 +1,6 @@
 import { createHash } from 'node:crypto';
 import { dbOne } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
+import { genuineSalePredicate } from '../../layer0-foundation/L0-2-state-machine/genuine-sale.js'; // 真实成交单一真相源
 function sha256_hex(s) {
     return createHash('sha256').update(s).digest('hex');
 }
@@ -26,7 +27,7 @@ export function registerRewardsApplyRoutes(app, deps) {
             state = 'auto_downgraded';
         else
             state = 'never_activated';
-        const completedOrders = (await dbOne("SELECT COUNT(*) AS n FROM orders WHERE buyer_id = ? AND status = 'completed'", [userId])).n;
+        const completedOrders = (await dbOne(`SELECT COUNT(*) AS n FROM orders WHERE buyer_id = ? AND ${genuineSalePredicate('orders')}`, [userId])).n; // 真实成交,排除退款/违约
         const passkeyCount = (await dbOne("SELECT COUNT(*) AS n FROM webauthn_credentials WHERE user_id = ?", [userId])).n;
         const minOrders = Number(getProtocolParam('rewards_opt_in.min_completed_orders', 1));
         const requirePasskey = Number(getProtocolParam('rewards_opt_in.require_passkey', 1));
@@ -103,7 +104,7 @@ export function registerRewardsApplyRoutes(app, deps) {
         }
         // 5. Pre-conditions (re-check inside server)
         const minOrders = Number(getProtocolParam('rewards_opt_in.min_completed_orders', 1));
-        const completedOrders = (await dbOne("SELECT COUNT(*) AS n FROM orders WHERE buyer_id = ? AND status = 'completed'", [userId])).n;
+        const completedOrders = (await dbOne(`SELECT COUNT(*) AS n FROM orders WHERE buyer_id = ? AND ${genuineSalePredicate('orders')}`, [userId])).n; // 真实成交,排除退款/违约
         if (completedOrders < minOrders)
             return void errorRes(res, 403, 'INSUFFICIENT_ORDERS', `需 ${minOrders} 笔已完成订单,目前 ${completedOrders}`);
         const requirePasskey = Number(getProtocolParam('rewards_opt_in.require_passkey', 1));

package/dist/pwa/routes/share-redirects.js

@@ -158,7 +158,7 @@ export function registerShareRedirectsRoutes(app, deps) {
     // 邀请短链 /i/CODE — invite-code ONLY (permanent_code, 兼容旧的 -L/-R 后缀). usr_xxx / @handle / 裸 handle
     // 一律 404(不再做 handle 解析)。pre-public 去左右码:/i/CODE 与旧 /i/CODE-L、/i/CODE-R 一律
     // 规范化重定向到 /?ref=CODE(丢弃 side;放置侧别由注册时系统自动决定),旧链接/二维码仍可用。
-    // 不受 invite_rotation_enabled 影响:已有用户分享出的 /i/CODE 链接和二维码必须始终可用。
+    // 不受注册门控开关影响:已有用户分享出的 /i/CODE 链接和二维码必须始终可用。
     app.get('/i/:code', (req, res) => {
         const ref = resolveInviteCodeRef(String(req.params.code || ''));
         if (!ref)

package/dist/pwa/routes/shareables-interactions.js

@@ -1,4 +1,5 @@
 import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
+import { genuineSalePredicate } from '../../layer0-foundation/L0-2-state-machine/genuine-sale.js'; // 真实成交单一真相源
 export function registerShareablesInteractionsRoutes(app, deps) {
     const { db, auth, generateId, rateLimitOk, piiSanitize, detectFraud, commentBlocklistHit, llmModerateComment, parseMentions, notifyMentions } = deps;
     app.post('/api/shareables/:id/click', async (req, res) => {
@@ -21,7 +22,7 @@ export function registerShareablesInteractionsRoutes(app, deps) {
         if (sh.owner_id === user.id)
             return void res.json({ error: '不能给自己点赞' });
         // P1 Sybil 软门槛：至少完成过 1 笔订单（不限购买该商品，只需活跃用户）
-        const completed = (await dbOne("SELECT COUNT(1) as n FROM orders WHERE buyer_id = ? AND status = 'completed'", [user.id])).n;
+        const completed = (await dbOne(`SELECT COUNT(1) as n FROM orders WHERE buyer_id = ? AND ${genuineSalePredicate('orders')}`, [user.id])).n; // 真实成交,排除退款/违约
         if (completed < 1)
             return void res.json({ error: '完成首笔购买后才能点赞（防止刷赞）' });
         // P0 fix：SELECT existing 进 transaction

package/dist/pwa/routes/task-proposals.js

@@ -1,15 +1,25 @@
-import { validateProposalInput, insertTaskProposal, listTaskProposals, reviewTaskProposal } from '../../layer2-business/L2-9-contribution/task-proposal-store.js';
+import { validateProposalInput, insertTaskProposal, listTaskProposals, listMyProposals, reviewTaskProposal } from '../../layer2-business/L2-9-contribution/task-proposal-store.js';
 import { withUncommittedValueBoundary } from '../../layer2-business/L2-9-contribution/contribution-display-envelope.js';
 import { getCanonicalContributionTarget } from '../../layer2-business/L2-9-contribution/canonical-contribution-target.js';
-import { createDraftFromProposal, listDraftBuildTasks, publishDraftBuildTask } from '../../layer2-business/L2-9-contribution/task-proposal-draft.js';
+import { createDraftFromProposal, listDraftBuildTasks, getDraftBuildTaskDetail, publishDraftBuildTask, discardDraft, withdrawPublishedTask } from '../../layer2-business/L2-9-contribution/task-proposal-draft.js';
 import { recommendForProposal, insertAiSuggestion, listAiSuggestions, getProposalLite } from '../../layer2-business/L2-9-contribution/task-proposal-ai-store.js';
 const AI_NOTICE = 'AI suggestion — assistant only, NOT a decision. A human maintainer must explicitly create / publish / reject the formal task. AI never auto-publishes, auto-rejects, hides proposals, or assigns reward / credit.';
 const PROPOSAL_NOTICE = 'A task proposal is a SUGGESTION in the maintainer review inbox. It is NOT a contribution fact, formal participation, or any reward / payout / score, and it never appears on the public task board until a maintainer reviews and (manually) converts it. source_ref is a reference only; the canonical contribution target is fixed by trusted config.';
 function withProposalEnvelope(payload) {
     return withUncommittedValueBoundary({ ...payload, proposal_notice: PROPOSAL_NOTICE, canonical_contribution_target: getCanonicalContributionTarget() });
 }
+// Agent-readable next-step hint per status (the channel is agent-native both ways).
+function nextActionFor(status) {
+    switch (status) {
+        case 'new': return 'Awaiting maintainer review — no action needed.';
+        case 'needs_info': return 'Maintainer needs more detail. Submit an updated proposal (webaz_feedback type=proposal) referencing this id; see public_reply for what is missing.';
+        case 'rejected': return 'Not converted to a task. See public_reply for the reason; you may submit a revised proposal.';
+        case 'converted': return 'Converted to a task. See converted_ref for the linked task / PR / decision.';
+        default: return 'No action.';
+    }
+}
 export function registerTaskProposalsRoutes(app, deps) {
-    const { db, errorRes, requireSupportAdmin, rateLimitOk } = deps;
+    const { db, errorRes, requireSupportAdmin, rateLimitOk, auth, resolveUser } = deps;
     // public submit — anonymous; proposer_account_id is never taken from the body (anti-spoof).
     app.post('/api/public/task-proposals', (req, res) => {
         // anti-flood: per-IP rate limit (counts every attempt, before validation) then a recent-window dedup.
@@ -19,10 +29,23 @@ export function registerTaskProposalsRoutes(app, deps) {
         const v = validateProposalInput(req.body);
         if (!v.ok)
             return void errorRes(res, 400, v.code, v.message);
-        const result = insertTaskProposal(db, v.input, null);
+        // Link to the submitter when authenticated (account id comes from the session, NEVER the body — anti-spoof);
+        // anonymous submit still works (account id null) — it just won't show up in "my proposals".
+        const submitter = resolveUser(req);
+        const accountId = submitter ? String(submitter.id) : null;
+        const result = insertTaskProposal(db, v.input, accountId);
         if ('duplicate' in result)
             return void errorRes(res, 409, 'DUPLICATE_PROPOSAL', '相同建议已在收件箱中,请勿重复提交', { existing_id: result.existing_id });
-        res.json(withProposalEnvelope({ proposal: { id: result.id, status: result.status } }));
+        res.json(withProposalEnvelope({ proposal: { id: result.id, status: result.status }, linked_to_account: !!accountId }));
+    });
+    // proposer-facing read: the caller's OWN proposals + status + public_reply (agent-readable). No review_note; own rows only.
+    app.get('/api/me/task-proposals', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        // case_id threads the whole case (proposal → task → PR). For a proposal it is the proposal's own id.
+        const proposals = listMyProposals(db, String(user.id)).map(p => ({ ...p, case_id: p.id, next_action: nextActionFor(String(p.status)) }));
+        res.json(withProposalEnvelope({ proposals }));
     });
     // admin list (maintainer only)
     app.get('/api/admin/task-proposals', (req, res) => {
@@ -30,15 +53,17 @@ export function registerTaskProposalsRoutes(app, deps) {
         if (!admin)
             return;
         const status = typeof req.query.status === 'string' ? req.query.status : undefined;
-        res.json(withProposalEnvelope({ proposals: listTaskProposals(db, { status }) }));
+        // case_id = the proposal's own id (the case originates at the proposal); shown in the management inbox.
+        const proposals = listTaskProposals(db, { status }).map(p => ({ ...p, case_id: p.id }));
+        res.json(withProposalEnvelope({ proposals }));
     });
     // admin review (maintainer only): needs_info | rejected | converted — no build_task is created here.
     app.post('/api/admin/task-proposals/:id/review', (req, res) => {
         const admin = requireSupportAdmin(req, res);
         if (!admin)
             return;
-        const { status, note, converted_ref } = req.body ?? {};
-        const result = reviewTaskProposal(db, String(req.params.id), admin.id, String(status), note, converted_ref);
+        const { status, note, converted_ref, public_reply } = req.body ?? {};
+        const result = reviewTaskProposal(db, String(req.params.id), admin.id, String(status), note, converted_ref, public_reply);
         if ('error' in result) {
             const code = result.code === 'NOT_FOUND' ? 404 : result.code === 'ALREADY_TERMINAL' ? 409 : 400;
             return void errorRes(res, code, result.code, result.error);
@@ -90,6 +115,11 @@ export function registerTaskProposalsRoutes(app, deps) {
             definitionOfDone: b.definition_of_done ?? null,
             expectedResults: b.expected_results ?? null,
             autoClaimable: b.auto_claimable === false ? false : undefined,
+            // optional real effort estimate (#34/#5); if omitted the draft is a 0–0 placeholder and publish is fail-closed.
+            estimatedDurationMinMinutes: typeof b.estimated_duration_min_minutes === 'number' ? b.estimated_duration_min_minutes : undefined,
+            estimatedDurationMaxMinutes: typeof b.estimated_duration_max_minutes === 'number' ? b.estimated_duration_max_minutes : undefined,
+            estimatedAgentBudget: b.estimated_agent_budget,
+            estimatedContextSize: b.estimated_context_size,
             riskLevel: b.risk_level, taskType: b.task_type, note: b.note ?? null,
         });
         if ('error' in r) {
@@ -105,12 +135,30 @@ export function registerTaskProposalsRoutes(app, deps) {
             return;
         res.json(withProposalEnvelope({ drafts: listDraftBuildTasks(db) }));
     });
+    // full stored body of ONE unpublished internal draft — for PRE-PUBLISH PREVIEW (publish against visible content).
+    app.get('/api/admin/build-task-drafts/:id', (req, res) => {
+        const admin = requireSupportAdmin(req, res);
+        if (!admin)
+            return;
+        const draft = getDraftBuildTaskDetail(db, String(req.params.id));
+        if (!draft)
+            return void errorRes(res, 404, 'NOT_FOUND', 'draft not found (or not an unpublished internal draft)');
+        res.json(withProposalEnvelope({ draft }));
+    });
     // PUBLISH a draft → public open task — explicit human/admin action; records the acting admin
     app.post('/api/admin/build-task-drafts/:id/publish', (req, res) => {
         const admin = requireSupportAdmin(req, res);
         if (!admin)
             return;
-        const r = publishDraftBuildTask(db, String(req.params.id), admin.id);
+        const b = (req.body ?? {});
+        // a published task MUST carry a real effort estimate (#34/#5). The maintainer supplies it here when the
+        // draft is still a 0–0 placeholder; without it publishDraftBuildTask fails closed (DRAFT_ESTIMATE_REQUIRED).
+        const r = publishDraftBuildTask(db, String(req.params.id), admin.id, {
+            minMinutes: typeof b.estimated_duration_min_minutes === 'number' ? b.estimated_duration_min_minutes : undefined,
+            maxMinutes: typeof b.estimated_duration_max_minutes === 'number' ? b.estimated_duration_max_minutes : undefined,
+            budget: b.estimated_agent_budget,
+            contextSize: b.estimated_context_size,
+        });
         if ('error' in r) {
             const code = r.error_code === 'NOT_FOUND' ? 404
                 : (r.error_code === 'PROPOSAL_REJECTED' || r.error_code === 'PROPOSAL_CONVERTED_ELSEWHERE') ? 409 : 400;
@@ -118,4 +166,32 @@ export function registerTaskProposalsRoutes(app, deps) {
         }
         res.json(withProposalEnvelope({ published: { task_id: r.task_id, published: true }, published_by: admin.id }));
     });
+    // DISCARD an unpublished internal draft (soft-delete → frees the proposal's draft slot; provenance retained).
+    // Fail-closed: refuses a published / claimed draft or an already-converted source proposal. Scope = discard only.
+    app.post('/api/admin/build-task-drafts/:id/discard', (req, res) => {
+        const admin = requireSupportAdmin(req, res);
+        if (!admin)
+            return;
+        const r = discardDraft(db, String(req.params.id), admin.id);
+        if ('error' in r) {
+            const code = r.error_code === 'NOT_FOUND' ? 404
+                : (r.error_code === 'ALREADY_PUBLISHED' || r.error_code === 'DRAFT_CLAIMED' || r.error_code === 'ALREADY_CONVERTED') ? 409 : 400;
+            return void errorRes(res, code, r.error_code, r.error);
+        }
+        res.json(withProposalEnvelope({ discarded: { task_id: r.task_id, status: 'discarded', already_discarded: !!r.already_discarded }, discarded_by: admin.id }));
+    });
+    // RECOVERY: withdraw an UNCLAIMED published task off the board + reopen its source proposal (so a corrected
+    // draft can be built). Fail-closed: refuses a claimed task or a non-published task. Soft-delete (provenance kept).
+    app.post('/api/admin/build-tasks/:id/withdraw', (req, res) => {
+        const admin = requireSupportAdmin(req, res);
+        if (!admin)
+            return;
+        const r = withdrawPublishedTask(db, String(req.params.id), admin.id);
+        if ('error' in r) {
+            const code = r.error_code === 'NOT_FOUND' ? 404
+                : (r.error_code === 'TASK_CLAIMED' || r.error_code === 'NOT_PUBLISHED') ? 409 : 400;
+            return void errorRes(res, code, r.error_code, r.error);
+        }
+        res.json(withProposalEnvelope({ withdrawn: { task_id: r.task_id, reopened_proposal_id: r.reopened_proposal_id }, withdrawn_by: admin.id }));
+    });
 }

package/dist/pwa/routes/users-public.js

@@ -62,8 +62,7 @@ export function registerUsersPublicRoutes(app, deps) {
         const rightChildName = u.right_child_id ? (await dbOne("SELECT name FROM users WHERE id = ?", [u.right_child_id]))?.name : null;
         const leftPv = Number(u.total_left_pv ?? 0);
         const rightPv = Number(u.total_right_pv ?? 0);
-        // pre-public de-MLM: PV 对碰为 pre-launch、未启用 —— public 端口不再暴露弱腿 / 对碰收益指标
-        // (weak_leg_pv / pending_score / settled_waz / total_hits)。位置 + 左右区 PV 仅作为参与记录保留。
+        // 匹配奖励引擎已切除(#401):public 端口只保留位置 + 左右区 PV 作为参与记录,不暴露任何奖励指标。
         res.json({
             id: u.id,
             name: u.name,
@@ -263,13 +262,11 @@ export function registerUsersPublicRoutes(app, deps) {
         if (isOwner) {
             const w = await dbOne('SELECT balance, earned FROM wallets WHERE user_id = ?', [me.id]);
             const pv = await dbOne("SELECT total_left_pv, total_right_pv FROM users WHERE id = ?", [me.id]);
-            const score = (await dbOne("SELECT COALESCE(SUM(score),0) as s FROM binary_score_records WHERE user_id = ? AND settled_at IS NULL", [me.id])).s;
             privateStats = {
                 wallet_balance: Number(w?.balance ?? 0),
                 wallet_earned: Number(w?.earned ?? 0),
                 total_left_pv: Number(pv?.total_left_pv ?? 0),
                 total_right_pv: Number(pv?.total_right_pv ?? 0),
-                pending_score: Number(score),
             };
         }
         // D2 信誉徽章墙

package/dist/pwa/routes/wallet-read.js

@@ -175,26 +175,14 @@ export function registerWalletReadRoutes(app, deps) {
             if (commMap[key])
                 commMap[key] = { count: r.cnt, total: Number(r.total.toFixed(2)) };
         }
-        const binary = (await dbOne(`
-      SELECT
-        COUNT(CASE WHEN settled_at IS NOT NULL THEN 1 END) as settled_cnt,
-        COALESCE(SUM(CASE WHEN settled_at IS NOT NULL THEN waz_amount END), 0) as settled_waz,
-        COALESCE(SUM(CASE WHEN settled_at IS NULL THEN score END), 0) as pending_score
-      FROM binary_score_records WHERE user_id = ?
-    `, [user.id]));
+        // matching-rewards income removed — engine excised (#401). Income = affiliate commission (real sales) + own sales.
         const sales = (await dbOne(`
       SELECT COUNT(*) as cnt, COALESCE(SUM(total_amount),0) as total
       FROM orders WHERE seller_id = ? AND status = 'completed'
     `, [user.id]));
-        const totalIncome = commMap.l1.total + commMap.l2.total + commMap.l3.total +
-            Number(binary.settled_waz) + Number(sales.total);
+        const totalIncome = commMap.l1.total + commMap.l2.total + commMap.l3.total + Number(sales.total);
         res.json({
             commissions: commMap,
-            binary: {
-                settled_count: binary.settled_cnt,
-                settled_waz: Number(Number(binary.settled_waz).toFixed(2)),
-                pending_score: Number(Number(binary.pending_score).toFixed(2)),
-            },
             sales: { count: sales.cnt, total: Number(Number(sales.total).toFixed(2)) },
             total_income: Number(totalIncome.toFixed(2)),
         });

package/dist/pwa/routes/webauthn.js

@@ -73,7 +73,7 @@ export function registerWebauthnRoutes(app, deps) {
         if (!user)
             return;
         const purpose = String(req.body?.purpose || '').trim();
-        const allowed = new Set(['withdraw', 'change-password', 'reveal-key', 'region', 'delete_passkey', 'governance_apply', 'governance_activate', 'governance_resign', 'governance_appeal_resolve', 'rewards_apply', 'rewards_deactivate', 'identity_claim']);
+        const allowed = new Set(['withdraw', 'change-password', 'reveal-key', 'region', 'delete_passkey', 'governance_apply', 'governance_activate', 'governance_resign', 'governance_appeal_resolve', 'rewards_apply', 'rewards_deactivate', 'identity_claim', 'operator_claim_unlink']);
         if (!allowed.has(purpose))
             return void res.status(400).json({ error: 'invalid purpose' });
         const purpose_data = req.body?.purpose_data ?? null;