@seasonkoh/webaz 0.1.26 → 0.1.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (99) hide show
  1. package/LICENSE +2 -2
  2. package/NOTICE +24 -3
  3. package/README.md +74 -330
  4. package/README.zh-CN.md +419 -0
  5. package/dist/layer0-foundation/L0-2-state-machine/genuine-sale.js +21 -0
  6. package/dist/layer0-foundation/L0-5-manifest/manifest.js +8 -3
  7. package/dist/layer1-agent/L1-1-mcp-server/auth.js +13 -1
  8. package/dist/layer1-agent/L1-1-mcp-server/network-mode.js +69 -0
  9. package/dist/layer1-agent/L1-1-mcp-server/server.js +270 -82
  10. package/dist/layer2-business/L2-9-contribution/admin-coordination-ingestion-engine.js +181 -0
  11. package/dist/layer2-business/L2-9-contribution/admin-coordination-resolver.js +114 -0
  12. package/dist/layer2-business/L2-9-contribution/admin-coordination-store.js +251 -0
  13. package/dist/layer2-business/L2-9-contribution/admin-operator-claim-workflow.js +390 -0
  14. package/dist/layer2-business/L2-9-contribution/build-task-agent-metadata-store.js +24 -0
  15. package/dist/layer2-business/L2-9-contribution/build-task-participation.js +6 -2
  16. package/dist/layer2-business/L2-9-contribution/build-task-quota.js +337 -0
  17. package/dist/layer2-business/L2-9-contribution/build-task-read.js +25 -2
  18. package/dist/layer2-business/L2-9-contribution/build-tasks-engine.js +57 -7
  19. package/dist/layer2-business/L2-9-contribution/canonical-contribution-target.js +1 -1
  20. package/dist/layer2-business/L2-9-contribution/contribution-facts-read.js +66 -0
  21. package/dist/layer2-business/L2-9-contribution/task-proposal-draft.js +187 -18
  22. package/dist/layer2-business/L2-9-contribution/task-proposal-store.js +29 -4
  23. package/dist/ledger.js +1 -1
  24. package/dist/pwa/admin-audit.js +38 -0
  25. package/dist/pwa/anti-abuse-thresholds.js +135 -0
  26. package/dist/pwa/cf-origin-guard.js +33 -0
  27. package/dist/pwa/contract-fingerprint.js +1 -0
  28. package/dist/pwa/data/onboarding-cases.js +2 -2
  29. package/dist/pwa/data/onboarding-quiz.js +1 -1
  30. package/dist/pwa/economic-participation.js +2 -2
  31. package/dist/pwa/integration-contract.js +46 -4
  32. package/dist/pwa/internal/pv-settlement.js +12 -0
  33. package/dist/pwa/internal/wallet-signer.js +26 -0
  34. package/dist/pwa/public/app-account.js +977 -0
  35. package/dist/pwa/public/app-admin.js +608 -0
  36. package/dist/pwa/public/app-agents.js +63 -0
  37. package/dist/pwa/public/app-ai.js +2162 -0
  38. package/dist/pwa/public/app-contribution.js +836 -0
  39. package/dist/pwa/public/app-discover.js +1296 -0
  40. package/dist/pwa/public/app-listings.js +226 -0
  41. package/dist/pwa/public/app-profile.js +1692 -0
  42. package/dist/pwa/public/app-seller.js +199 -0
  43. package/dist/pwa/public/app-shop.js +1145 -0
  44. package/dist/pwa/public/app.js +15075 -23960
  45. package/dist/pwa/public/i18n.js +31 -28
  46. package/dist/pwa/public/index.html +11 -1
  47. package/dist/pwa/public/openapi.json +4851 -2776
  48. package/dist/pwa/pv-kill-switch.js +31 -0
  49. package/dist/pwa/routes/admin-admins.js +48 -1
  50. package/dist/pwa/routes/admin-analytics.js +1 -10
  51. package/dist/pwa/routes/admin-atomic.js +4 -17
  52. package/dist/pwa/routes/admin-operator-claims.js +280 -0
  53. package/dist/pwa/routes/admin-reports.js +4 -26
  54. package/dist/pwa/routes/admin-tokenomics.js +2 -76
  55. package/dist/pwa/routes/admin-users-lifecycle.js +1 -14
  56. package/dist/pwa/routes/admin-users-query.js +23 -1
  57. package/dist/pwa/routes/admin-wallet-ops.js +1 -1
  58. package/dist/pwa/routes/agent-grants.js +255 -0
  59. package/dist/pwa/routes/auth-read.js +1 -5
  60. package/dist/pwa/routes/auth-register.js +3 -13
  61. package/dist/pwa/routes/build-task-quota.js +113 -0
  62. package/dist/pwa/routes/claim-verify.js +15 -11
  63. package/dist/pwa/routes/contribution-facts.js +18 -0
  64. package/dist/pwa/routes/dispute-cases.js +5 -4
  65. package/dist/pwa/routes/growth.js +3 -3
  66. package/dist/pwa/routes/orders-action.js +27 -10
  67. package/dist/pwa/routes/orders-create.js +1 -1
  68. package/dist/pwa/routes/products-meta.js +19 -6
  69. package/dist/pwa/routes/profile-placement.js +1 -1
  70. package/dist/pwa/routes/promoter.js +10 -29
  71. package/dist/pwa/routes/public-build-tasks.js +5 -1
  72. package/dist/pwa/routes/public-utils.js +9 -12
  73. package/dist/pwa/routes/referral.js +5 -26
  74. package/dist/pwa/routes/rewards-apply.js +3 -2
  75. package/dist/pwa/routes/share-redirects.js +1 -1
  76. package/dist/pwa/routes/shareables-interactions.js +2 -1
  77. package/dist/pwa/routes/task-proposals.js +85 -9
  78. package/dist/pwa/routes/users-public.js +1 -4
  79. package/dist/pwa/routes/wallet-read.js +2 -14
  80. package/dist/pwa/routes/webauthn.js +7 -2
  81. package/dist/pwa/server-schema.js +9 -0
  82. package/dist/pwa/server.js +319 -2034
  83. package/dist/runtime/agent-grant-scopes.js +128 -0
  84. package/dist/runtime/agent-grant-verifier.js +67 -0
  85. package/dist/runtime/agent-pairing.js +60 -0
  86. package/dist/runtime/apply-webaz-runtime-schema.js +15 -0
  87. package/dist/runtime/webaz-schema-helpers.js +1848 -0
  88. package/dist/settlement-math.js +3 -3
  89. package/dist/version.js +6 -4
  90. package/package.json +43 -8
  91. package/dist/index.js +0 -182
  92. package/dist/pwa/public/docs/ECONOMIC-MODEL.md +0 -287
  93. package/dist/pwa/public/docs/INTEGRATOR.md +0 -67
  94. package/dist/pwa/public/docs/META-RULES-FULL.md +0 -543
  95. package/dist/test-dispute.js +0 -153
  96. package/dist/test-manifest.js +0 -61
  97. package/dist/test-mcp-tools.js +0 -135
  98. package/dist/test-reputation.js +0 -116
  99. package/dist/test-skill-market.js +0 -101
package/dist/pwa/public/app-agents.js ADDED
@@ -0,0 +1,63 @@
1
+ // WebAZ — Connected agents domain (RFC-020 PR-D2 / app-agents.js)
2
+ //
3
+ // Loaded as a CLASSIC script BEFORE app.js (index.html). Top-level functions are
4
+ // global; cross-file globals (GET/POST/state/shell/t/escHtml/fmtTime/navigate/
5
+ // loading$/alert$/toast) resolve at call time. No import/export.
6
+ //
7
+ // Human-facing security view: the list of delegation grants the human authorized
8
+ // for AI agents (RFC-020). Reads GET /api/agent-grants (scope/status/expiry +
9
+ // recent-use from the audit log, PR-D1) and revokes via the existing
10
+ // POST /api/agent-grants/:id/revoke. READ + revoke only — no money/order path,
11
+ // no grant issuance (that is the Passkey pairing flow), no risk scopes.
12
+
13
+ async function renderConnectedAgents(app) {
14
+ if (!state.user) { app.innerHTML = shell(`<div class="empty">${t('请先登录')}</div>`, 'me'); return }
15
+ app.innerHTML = shell(loading$(), 'me')
16
+ const r = await GET('/agent-grants')
17
+ if (r.error) { app.innerHTML = shell(alert$('error', r.error), 'me'); return }
18
+ const grants = r.grants || []
19
+
20
+ const body = grants.length === 0
21
+ ? `<div class="empty" style="padding:40px 16px;text-align:center">
22
+ <div style="font-size:32px;margin-bottom:8px">🔌</div>
23
+ <div style="font-weight:600;margin-bottom:4px">${t('尚无已连接的 Agent')}</div>
24
+ <div style="color:#9ca3af;font-size:12px">${t('AI agent 通过 webaz_pair 配对、经你 Passkey 批准后出现在这里')}</div>
25
+ </div>`
26
+ : grants.map(g => {
27
+ const revoked = g.status === 'revoked'
28
+ const expired = !revoked && !g.active
29
+ const badge = revoked
30
+ ? `<span style="font-size:11px;color:#6b7280;background:#f3f4f6;padding:2px 8px;border-radius:999px">${t('已撤销')}</span>`
31
+ : expired
32
+ ? `<span style="font-size:11px;color:#b45309;background:#fef3c7;padding:2px 8px;border-radius:999px">${t('已过期')}</span>`
33
+ : `<span style="font-size:11px;color:#16a34a;background:#dcfce7;padding:2px 8px;border-radius:999px">${t('有效')}</span>`
34
+ const caps = (g.capabilities || []).map(c => `<span style="font-size:10px;color:#4f46e5;background:#eef2ff;padding:1px 6px;border-radius:4px;margin-right:4px">${escHtml(String(c.capability || c))}</span>`).join('')
35
+ const lastUsed = g.last_used_at
36
+ ? `${t('最近使用')} ${fmtTime(g.last_used_at)} · ${g.use_count} ${t('次调用')}`
37
+ : t('从未使用')
38
+ return `<div class="card" style="margin-bottom:10px;padding:14px">
39
+ <div style="display:flex;justify-content:space-between;align-items:center;margin-bottom:6px">
40
+ <div style="font-weight:600">${escHtml(g.agent_label || t('未命名 Agent'))}</div>
41
+ ${badge}
42
+ </div>
43
+ <div style="margin-bottom:6px">${caps || `<span style="font-size:11px;color:#9ca3af">${t('仅安全只读权限')}</span>`}</div>
44
+ <div style="font-size:11px;color:#9ca3af">${t('有效期至')} ${g.expires_at ? fmtTime(g.expires_at) : '—'}</div>
45
+ <div style="font-size:11px;color:#9ca3af">${lastUsed}</div>
46
+ ${revoked || expired ? '' : `<button class="btn btn-sm" style="margin-top:8px;color:#dc2626;border-color:#fecaca" onclick="revokeAgentGrant('${escHtml(g.grant_id)}')">${t('撤销访问')}</button>`}
47
+ </div>`
48
+ }).join('')
49
+
50
+ app.innerHTML = shell(`
51
+ <div class="page-header"><h2>${t('🔌 已连接的 Agent')}</h2></div>
52
+ <div style="font-size:12px;color:#6b7280;padding:0 4px 12px">${t('这些是你授权给 AI agent 的委托凭证(作用域受限、短期、可随时撤销)。它们不是你的账号或密钥,永远无法动用资金、投票或改密钥。')}</div>
53
+ ${body}
54
+ `, 'me')
55
+ }
56
+
57
+ async function revokeAgentGrant(grantId) {
58
+ if (!confirm(t('确认撤销此 Agent 的访问权限?该凭证将立即失效。'))) return
59
+ const r = await POST(`/agent-grants/${grantId}/revoke`, {})
60
+ if (r.error) { toast$(r.error, 'error'); return }
61
+ toast$(t('已撤销该 Agent 的访问'))
62
+ renderConnectedAgents(document.getElementById('app'))
63
+ }