@seasonkoh/webaz 0.1.26 → 0.1.28

package/dist/pwa/integration-contract.js

@@ -5,7 +5,7 @@
  */
 import { SOFTWARE_VERSION, CONTRACT_VERSION } from '../version.js';
 const BASE = 'https://webaz.xyz';
-const GH = 'https://github.com/seasonsagents-art/webaz/blob/main';
+const GH = 'https://github.com/webaz-protocol/webaz/blob/main';
 // 集成必需文档(规则 + onboarding)由协议自身 serve —— 外部 agent 必须能读到它被约束的规则,
 // 不能指向私有 repo 的 GitHub 链接(对外 404)。RFC/审计是 provenance,留 GH(随 repo 公开解锁)。
 const DOCS = `${BASE}/docs`;
@@ -15,8 +15,49 @@ export function buildIntegrationContract() {
         contract_version: CONTRACT_VERSION,
         software_version: SOFTWARE_VERSION,
         thesis: 'WebAZ is agent-native: you integrate by your agent reading this machine-readable contract and self-integrating — we do NOT build a bespoke API/auth/webhook layer per integrator. The protocol provides rules + semantics + boundaries + accountability + eventing + verifiability + settlement. See docs/RFC-011.',
-        // 源码仓库 launch 前私有 —— 公开声明,防"自称开源但 GitHub 404"被读成 vaporware。
-        source_status: 'The source repo (github.com/seasonsagents-art/webaz) is PRIVATE until the W8 public launch, so GitHub links in these surfaces may return 404 until then — they open at launch, not a dead project. The full machine-readable spec is ALREADY public via these /.well-known/* surfaces; an agent never needs the repo to integrate or verify.',
+        // 源码仓库已公开(github.com/webaz-protocol/webaz);机器可读 spec 也在 /.well-known/*。
+        source_status: 'The source repo (github.com/webaz-protocol/webaz) is public (open source). The full machine-readable spec is also available via these /.well-known/* surfaces; an agent never needs the repo to integrate or verify.',
+        // 60 秒冷启动 —— 一个从没见过 WebAZ、没有登录态、没有内部上下文的陌生 agent,一次 fetch 就能自我定位:
+        // 这是什么 / 从哪开始 / 匿名能做什么 / 鉴权才能做什么 / 安全的第一步 / 怎么提建议参与共建。离散字段(非散文)便于解析。
+        // 贡献边界(RFC-017)前置声明:建议 ≠ 贡献事实 ≠ 奖励,避免任何经济/兑现承诺暗示。
+        agent_quickstart: {
+            what_is_webaz: 'An agent-native, open commerce protocol: humans and AI agents transact on the same state-machine-governed protocol — and can also help build the protocol itself. Pre-launch: simulated test currency, no real money settles yet.',
+            canonical_start_url: `${BASE}/.well-known/webaz-integration.json`,
+            read_this_first: [`${BASE}/.well-known/webaz-integration.json (this document)`, `${DOCS}/INTEGRATOR.md`],
+            public_readonly_entrypoints: [
+                `${BASE}/.well-known/webaz-protocol.json`,
+                `${BASE}/.well-known/webaz-capabilities.json`,
+                `${BASE}/.well-known/webaz-entities.json`,
+                `${BASE}/.well-known/webaz-goals.json`,
+                `${BASE}/api/protocol-status`,
+                `${BASE}/api/agent/changes`,
+                `${BASE}/api/public/build-tasks`,
+            ],
+            anonymous_allowed_actions: [
+                'read every /.well-known/* surface + public GET endpoints (no credential)',
+                'browse the live catalog at /#discover',
+                'discover open build tasks — GET /api/public/build-tasks (MCP: webaz_contribute action=list_open)',
+                'submit a build/improvement suggestion — POST /api/public/task-proposals (MCP: webaz_contribute action=suggest); no key required',
+            ],
+            authenticated_required_actions: [
+                'any write / transact (register, order, list, fulfil, dispute)',
+                'claim or submit a build task (MCP: webaz_contribute action=claim / submit)',
+                'track your own suggestions (MCP: webaz_contribute action=my_suggestions)',
+            ],
+            how_to_authenticate: `An api_key requires a REAL HUMAN to register (invite + Passkey) at ${BASE}/#welcome — agents CANNOT self-register; this is the accountability root. Browsing and reading need no key.`,
+            safe_next_actions: [
+                '1. Read this contract + INTEGRATOR.md to learn the boundaries (anonymous vs. authenticated).',
+                '2. Browse anonymously: the catalog (/#discover) and the well-known surfaces above.',
+                '3. To improve the protocol: discover open tasks or submit a suggestion — both keyless (see proposal_flow).',
+                '4. To transact: have your accountable human get an invite + api_key, then declare scope (§③).',
+            ],
+            proposal_flow: {
+                discover: 'GET /api/public/build-tasks (or MCP webaz_contribute action=list_open) — open, public, no key.',
+                suggest: 'POST /api/public/task-proposals (or MCP webaz_contribute action=suggest) — anonymous OK; lands in the maintainer review inbox.',
+                after_submit: 'A human maintainer reviews. A suggestion never auto-publishes to the task board and is never auto-accepted; conversion to a formal task is manual.',
+            },
+            contribution_boundary: 'A suggestion is a proposal in the maintainer review inbox — NOT a contribution fact, NOT formal participation, and NOT any economic or redemption right. Recorded contribution is facts / evidence / attribution only (RFC-017); it confers no payment and no entitlement.',
+        },
         // 外部 agent 的第一道问题:"我怎么从匿名读升到能写?" —— 入口必须自答(不依赖 GitHub)。
         access: {
             browse_first: 'No account needed to START: browse the live catalog at https://webaz.xyz/#discover and read every well-known surface below anonymously. Try before you commit.',
@@ -60,8 +101,9 @@ export function buildIntegrationContract() {
         enters_core_test: 'A capability enters the protocol (vs integrator self-solving) iff ALL: ≥N independent integrators need it × needs cross-party trust/verification × cannot be reconstructed from already-exposed data.',
         iron_rule: 'arbitrate / vote / agent_revoke / delete_passkey / large withdraw require a live WebAuthn ceremony regardless of declared scope.',
         references: {
+            // RFC-011 is the public formalization of the agent-native integration audit; the audit doc itself is
+            // an internal artifact (not in the public tree), so it is not advertised as a reference here.
             rfc_011: `${GH}/docs/rfcs/RFC-011-agent-native-integration-contract.md`,
-            audit: `${GH}/docs/AGENT-NATIVE-INTEGRATION-AUDIT.md`,
             manifest: `${BASE}/.well-known/webaz-protocol.json`,
         },
     };

package/dist/pwa/internal/pv-settlement.js

@@ -0,0 +1,12 @@
+/**
+ * Excised stub factory. Accepts the same deps as the original engine (so the call site is unchanged) but
+ * returns no-op functions. Deps are intentionally unused.
+ */
+export function createPvSettlementEngine(_deps) {
+    return {
+        // 匹配结算已切除:不匹配、不产生 Score、不动 PV 腿。永远返回 0。
+        runBinarySettlement: () => 0,
+        // 兑付已切除:永远 disabled,从不发放。
+        executeSafeSettlementCron: () => ({ periodId: '', status: 'disabled' }),
+    };
+}

package/dist/pwa/internal/wallet-signer.js

@@ -0,0 +1,26 @@
+import { privateKeyToAccount, privateKeyToAddress } from 'viem/accounts';
+import { createHmac } from 'node:crypto';
+/** Seed string for the hot-wallet role (also the issuer role today — see Phase 0.5). */
+export const HOT_WALLET_SEED = 'platform-hot-wallet';
+/**
+ * In-process signer derived from a single master seed (current production behavior; dev/testnet).
+ * `privKey(role) = 0x<HMAC-SHA256(masterSeed, role)>` — byte-for-byte identical to the legacy
+ * `derivePrivKey` in server.ts, so addresses / signatures do not change.
+ *
+ * Phase 1+ will provide `createKmsSigner(...)` / `createSafeSigner(...)` implementing the same
+ * interface, selected via the `HOT_WALLET_SIGNER` env var.
+ */
+export function createLocalSeedSigner(masterSeed) {
+    const privKey = (role) => `0x${createHmac('sha256', masterSeed).update(role).digest('hex')}`;
+    // Issuer currently shares the hot-wallet key (unchanged address). Phase 0.5 points it at a
+    // dedicated key + dual-key credential verification; do NOT change this seed before that.
+    const ISSUER_SEED = HOT_WALLET_SEED;
+    return {
+        hotAccount: () => privateKeyToAccount(privKey(HOT_WALLET_SEED)),
+        hotAddress: () => privateKeyToAddress(privKey(HOT_WALLET_SEED)),
+        depositAccount: (userId) => privateKeyToAccount(privKey(userId)),
+        depositAddress: (userId) => privateKeyToAddress(privKey(userId)),
+        issuerSignMessage: (message) => privateKeyToAccount(privKey(ISSUER_SEED)).signMessage({ message }),
+        issuerAddress: () => privateKeyToAddress(privKey(ISSUER_SEED)),
+    };
+}