@seasonkoh/webaz 0.1.28 → 0.1.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (111) hide show
  1. package/README.md +3 -2
  2. package/README.zh-CN.md +7 -6
  3. package/dist/currency.js +16 -0
  4. package/dist/deposit-rails.js +52 -0
  5. package/dist/direct-pay-aml-monitor.js +67 -0
  6. package/dist/direct-pay-aml-review.js +40 -0
  7. package/dist/direct-pay-base-bond-entry.js +5 -0
  8. package/dist/direct-pay-bond-rail-clearance.js +94 -0
  9. package/dist/direct-pay-compliance-ingress.js +145 -0
  10. package/dist/direct-pay-controls.js +136 -0
  11. package/dist/direct-pay-create.js +162 -0
  12. package/dist/direct-pay-deferral-quota.js +43 -0
  13. package/dist/direct-pay-disclosures.js +44 -0
  14. package/dist/direct-pay-eligibility.js +46 -0
  15. package/dist/direct-pay-fee-ar.js +241 -0
  16. package/dist/direct-pay-launch-readiness.js +108 -0
  17. package/dist/direct-pay-launch-summary.js +68 -0
  18. package/dist/direct-pay-ledger.js +94 -0
  19. package/dist/direct-receive-account-qr.js +77 -0
  20. package/dist/direct-receive-accounts.js +82 -0
  21. package/dist/direct-receive-deferral.js +142 -0
  22. package/dist/direct-receive-deposits.js +260 -0
  23. package/dist/direct-receive-payment-instruction.js +26 -0
  24. package/dist/fx-rates.js +71 -0
  25. package/dist/layer0-foundation/L0-1-database/schema.js +531 -1
  26. package/dist/layer0-foundation/L0-2-state-machine/genuine-sale.js +15 -5
  27. package/dist/layer0-foundation/L0-2-state-machine/transitions.js +41 -0
  28. package/dist/layer0-foundation/L0-5-manifest/manifest.js +1 -1
  29. package/dist/layer1-agent/L1-1-mcp-server/cli.js +64 -0
  30. package/dist/layer1-agent/L1-1-mcp-server/network-mode.js +11 -0
  31. package/dist/layer1-agent/L1-1-mcp-server/server.js +18 -16
  32. package/dist/layer4-economics/L4-4-skill-market/skill-engine.js +4 -4
  33. package/dist/ledger.js +12 -3
  34. package/dist/mcp.js +23 -4
  35. package/dist/merchant-bond-domain.js +64 -0
  36. package/dist/merchant-bond-exposure.js +78 -0
  37. package/dist/merchant-bond-watcher.js +26 -0
  38. package/dist/payment-rails.js +29 -0
  39. package/dist/product-verification.js +93 -0
  40. package/dist/pwa/acp-feed.js +3 -2
  41. package/dist/pwa/contract-fingerprint.js +3 -0
  42. package/dist/pwa/direct-pay-guards.js +20 -0
  43. package/dist/pwa/direct-pay-order-redaction.js +24 -0
  44. package/dist/pwa/endpoint-actions.js +3 -0
  45. package/dist/pwa/public/app-ai.js +10 -10
  46. package/dist/pwa/public/app-chat-poll.js +29 -0
  47. package/dist/pwa/public/app-create-kinds.js +17 -0
  48. package/dist/pwa/public/app-direct-pay-accounts.js +141 -0
  49. package/dist/pwa/public/app-direct-pay-buyer.js +72 -0
  50. package/dist/pwa/public/app-direct-pay-compliance.js +67 -0
  51. package/dist/pwa/public/app-direct-pay-deferral-admin.js +72 -0
  52. package/dist/pwa/public/app-direct-pay-deferral.js +61 -0
  53. package/dist/pwa/public/app-direct-pay-fee-center.js +33 -0
  54. package/dist/pwa/public/app-direct-pay-fee-ops.js +112 -0
  55. package/dist/pwa/public/app-direct-pay-product-verify.js +103 -0
  56. package/dist/pwa/public/app-direct-pay-readiness.js +38 -0
  57. package/dist/pwa/public/app-direct-pay-store-verify.js +100 -0
  58. package/dist/pwa/public/app-direct-pay.js +227 -0
  59. package/dist/pwa/public/app-discover.js +20 -20
  60. package/dist/pwa/public/app-external-links.js +32 -0
  61. package/dist/pwa/public/app-listings.js +4 -4
  62. package/dist/pwa/public/app-prelaunch-waz.js +39 -0
  63. package/dist/pwa/public/app-price.js +55 -0
  64. package/dist/pwa/public/app-product-media.js +15 -0
  65. package/dist/pwa/public/app-profile.js +6 -6
  66. package/dist/pwa/public/app-seller.js +5 -5
  67. package/dist/pwa/public/app-shop.js +19 -19
  68. package/dist/pwa/public/app.js +142 -146
  69. package/dist/pwa/public/i18n.js +398 -197
  70. package/dist/pwa/public/index.html +17 -0
  71. package/dist/pwa/public/openapi.json +495 -1
  72. package/dist/pwa/routes/admin-analytics.js +4 -2
  73. package/dist/pwa/routes/admin-direct-receive-deposits.js +321 -0
  74. package/dist/pwa/routes/buyer-feeds.js +2 -1
  75. package/dist/pwa/routes/chat.js +6 -1
  76. package/dist/pwa/routes/dashboards.js +2 -1
  77. package/dist/pwa/routes/direct-pay-availability.js +196 -0
  78. package/dist/pwa/routes/direct-pay-disclosure-acks.js +74 -0
  79. package/dist/pwa/routes/direct-pay-timeouts.js +71 -0
  80. package/dist/pwa/routes/direct-receive-accounts.js +155 -0
  81. package/dist/pwa/routes/direct-receive-payment-instructions.js +45 -0
  82. package/dist/pwa/routes/fx.js +12 -0
  83. package/dist/pwa/routes/leaderboard.js +47 -9
  84. package/dist/pwa/routes/listings.js +2 -2
  85. package/dist/pwa/routes/logistics.js +4 -0
  86. package/dist/pwa/routes/manifests.js +38 -0
  87. package/dist/pwa/routes/me-data.js +5 -2
  88. package/dist/pwa/routes/orders-action.js +117 -9
  89. package/dist/pwa/routes/orders-create.js +4 -0
  90. package/dist/pwa/routes/orders-read.js +36 -0
  91. package/dist/pwa/routes/p2p-products.js +2 -2
  92. package/dist/pwa/routes/products-create.js +5 -3
  93. package/dist/pwa/routes/products-links.js +34 -0
  94. package/dist/pwa/routes/products-list.js +2 -1
  95. package/dist/pwa/routes/products-update.js +22 -2
  96. package/dist/pwa/routes/promoter.js +3 -0
  97. package/dist/pwa/routes/referral.js +4 -0
  98. package/dist/pwa/routes/returns.js +26 -1
  99. package/dist/pwa/routes/rewards-apply.js +10 -5
  100. package/dist/pwa/routes/rewards-clearing-mature.js +96 -0
  101. package/dist/pwa/routes/rewards-escrow-expire.js +6 -2
  102. package/dist/pwa/routes/shops.js +2 -1
  103. package/dist/pwa/routes/url-claim.js +2 -2
  104. package/dist/pwa/routes/users-public.js +8 -0
  105. package/dist/pwa/routes/wallet-read.js +3 -0
  106. package/dist/pwa/routes/webauthn.js +1 -1
  107. package/dist/pwa/server.js +59 -102
  108. package/dist/runtime/webaz-schema-helpers.js +104 -0
  109. package/dist/store-verification.js +77 -0
  110. package/dist/version.js +1 -1
  111. package/package.json +71 -2
@@ -51,8 +51,25 @@
51
51
  <script src="/app-account.js"></script>
52
52
  <script src="/app-shop.js"></script>
53
53
  <script src="/app-listings.js"></script>
54
+ <script src="/app-external-links.js"></script>
55
+ <script src="/app-product-media.js"></script>
56
+ <script src="/app-create-kinds.js"></script>
57
+ <script src="/app-price.js"></script>
54
58
  <script src="/app-seller.js"></script>
55
59
  <script src="/app-agents.js"></script>
60
+ <script src="/app-direct-pay.js"></script>
61
+ <script src="/app-direct-pay-readiness.js"></script>
62
+ <script src="/app-direct-pay-deferral.js"></script>
63
+ <script src="/app-direct-pay-deferral-admin.js"></script>
64
+ <script src="/app-direct-pay-product-verify.js"></script>
65
+ <script src="/app-direct-pay-store-verify.js"></script>
66
+ <script src="/app-direct-pay-compliance.js"></script>
67
+ <script src="/app-direct-pay-fee-ops.js"></script>
68
+ <script src="/app-direct-pay-fee-center.js"></script>
69
+ <script src="/app-direct-pay-accounts.js"></script>
70
+ <script src="/app-direct-pay-buyer.js"></script>
71
+ <script src="/app-prelaunch-waz.js"></script>
72
+ <script src="/app-chat-poll.js"></script>
56
73
  <script src="/app.js"></script>
57
74
  </body>
58
75
  </html>
@@ -3,7 +3,7 @@
3
3
  "info": {
4
4
  "title": "WebAZ Protocol API",
5
5
  "version": "0.4.14",
6
- "description": "Auto-generated endpoint inventory (673 endpoints, 17 with full schema). See docs/ for design context."
6
+ "description": "Auto-generated endpoint inventory (717 endpoints, 17 with full schema). See docs/ for design context."
7
7
  },
8
8
  "servers": [
9
9
  {
@@ -605,6 +605,227 @@
605
605
  ]
606
606
  }
607
607
  },
608
+ "/api/admin/direct-receive/aml-flags": {
609
+ "post": {
610
+ "summary": "POST /api/admin/direct-receive/aml-flags",
611
+ "tags": [
612
+ "admin"
613
+ ],
614
+ "security": [
615
+ {
616
+ "bearerAuth": []
617
+ }
618
+ ]
619
+ }
620
+ },
621
+ "/api/admin/direct-receive/aml-flags/:id/review": {
622
+ "post": {
623
+ "summary": "route 只做 auth + gate + 参数校验 + 调 reviewAmlFlag(唯一 review writer,原子改 flag + 写 audit)。",
624
+ "tags": [
625
+ "admin"
626
+ ],
627
+ "security": [
628
+ {
629
+ "bearerAuth": []
630
+ }
631
+ ]
632
+ }
633
+ },
634
+ "/api/admin/direct-receive/deferrals": {
635
+ "get": {
636
+ "summary": "GET /api/admin/direct-receive/deferrals?status=pending — ROOT 审批队列(默认全部;可按 status 过滤)。纯读。",
637
+ "tags": [
638
+ "admin"
639
+ ],
640
+ "security": [
641
+ {
642
+ "bearerAuth": []
643
+ }
644
+ ]
645
+ }
646
+ },
647
+ "/api/admin/direct-receive/deferrals/:id/approve": {
648
+ "post": {
649
+ "summary": "Passkey purpose_data 绑定【完整审批条款】(deferral_id + reduced_quota_factor + grace_days):签 A 批 B / 改条款一律拒。",
650
+ "tags": [
651
+ "admin"
652
+ ],
653
+ "security": [
654
+ {
655
+ "bearerAuth": []
656
+ }
657
+ ]
658
+ }
659
+ },
660
+ "/api/admin/direct-receive/deferrals/:id/reject": {
661
+ "post": {
662
+ "summary": "POST /api/admin/direct-receive/deferrals/:id/reject — ROOT + 真人 Passkey 拒绝缓交。purpose_data 绑 deferral_id。",
663
+ "tags": [
664
+ "admin"
665
+ ],
666
+ "security": [
667
+ {
668
+ "bearerAuth": []
669
+ }
670
+ ]
671
+ }
672
+ },
673
+ "/api/admin/direct-receive/deposits/:id/confirm-production": {
674
+ "post": {
675
+ "summary": "当前恒 fail-closed(无 legal-cleared rail → assert 抛 → PRODUCTION_RAIL_NOT_CLEARED)。",
676
+ "tags": [
677
+ "admin"
678
+ ],
679
+ "security": [
680
+ {
681
+ "bearerAuth": []
682
+ }
683
+ ]
684
+ }
685
+ },
686
+ "/api/admin/direct-receive/fee-account/:seller_id": {
687
+ "get": {
688
+ "summary": "只读诊断,不写、无 Passkey(读不授权能力);卖家私密财务,买家/卖家拿不到此 admin 视图。",
689
+ "tags": [
690
+ "admin"
691
+ ],
692
+ "security": [
693
+ {
694
+ "bearerAuth": []
695
+ }
696
+ ]
697
+ }
698
+ },
699
+ "/api/admin/direct-receive/fee-adjust": {
700
+ "post": {
701
+ "summary": "≠ 退款(不动真钱,只调记账)。purpose_data 绑 seller_id+delta_units+reason。",
702
+ "tags": [
703
+ "admin"
704
+ ],
705
+ "security": [
706
+ {
707
+ "bearerAuth": []
708
+ }
709
+ ]
710
+ }
711
+ },
712
+ "/api/admin/direct-receive/fee-prepay": {
713
+ "post": {
714
+ "summary": "不碰 buyer wallet/escrow/order/settlement/refund;非买家 escrow/保证金/penalty。本轮无\"余额退款\"(仅正向预付款登记)。",
715
+ "tags": [
716
+ "admin"
717
+ ],
718
+ "security": [
719
+ {
720
+ "bearerAuth": []
721
+ }
722
+ ]
723
+ }
724
+ },
725
+ "/api/admin/direct-receive/fee-refund": {
726
+ "post": {
727
+ "summary": "amount ≤ 当前 available(helper 同事务校验)。append-only + audit。purpose_data 绑 seller_id+amount_units+method+evidence_ref。",
728
+ "tags": [
729
+ "admin"
730
+ ],
731
+ "security": [
732
+ {
733
+ "bearerAuth": []
734
+ }
735
+ ]
736
+ }
737
+ },
738
+ "/api/admin/direct-receive/kyb-reviews": {
739
+ "post": {
740
+ "summary": "Passkey purpose_data 绑定【完整写入内容】(user_id+status+provider_ref+expires_at):签 A 写 B 一律拒。",
741
+ "tags": [
742
+ "admin"
743
+ ],
744
+ "security": [
745
+ {
746
+ "bearerAuth": []
747
+ }
748
+ ]
749
+ }
750
+ },
751
+ "/api/admin/direct-receive/product-verifications": {
752
+ "get": {
753
+ "summary": "GET /api/admin/direct-receive/product-verifications?status=submitted — ROOT 审核队列(默认全部)。纯读。",
754
+ "tags": [
755
+ "admin"
756
+ ],
757
+ "security": [
758
+ {
759
+ "bearerAuth": []
760
+ }
761
+ ]
762
+ }
763
+ },
764
+ "/api/admin/direct-receive/product-verifications/:id/review": {
765
+ "post": {
766
+ "summary": "Passkey purpose_data 绑 verification_id + decision:签 A 用 B / 改结论一律拒。verify = 放行该产品直付(逐品,绝不放行全部)。",
767
+ "tags": [
768
+ "admin"
769
+ ],
770
+ "security": [
771
+ {
772
+ "bearerAuth": []
773
+ }
774
+ ]
775
+ }
776
+ },
777
+ "/api/admin/direct-receive/readiness": {
778
+ "post": {
779
+ "summary": "含 KYB/sanctions/AML/base-bond/rail clearance 全细节)。只读诊断(不写库、不 flip launch);ROOT 专用,买家/卖家拿不到。",
780
+ "tags": [
781
+ "admin"
782
+ ],
783
+ "security": [
784
+ {
785
+ "bearerAuth": []
786
+ }
787
+ ]
788
+ }
789
+ },
790
+ "/api/admin/direct-receive/sanctions-screenings": {
791
+ "post": {
792
+ "summary": "purpose_data 绑定 user_id+status+provider_ref+expires_at。",
793
+ "tags": [
794
+ "admin"
795
+ ],
796
+ "security": [
797
+ {
798
+ "bearerAuth": []
799
+ }
800
+ ]
801
+ }
802
+ },
803
+ "/api/admin/direct-receive/store-verifications": {
804
+ "get": {
805
+ "summary": "GET /api/admin/direct-receive/store-verifications?status=submitted — ROOT 审核队列(默认全部)。纯读。",
806
+ "tags": [
807
+ "admin"
808
+ ],
809
+ "security": [
810
+ {
811
+ "bearerAuth": []
812
+ }
813
+ ]
814
+ }
815
+ },
816
+ "/api/admin/direct-receive/store-verifications/:id/review": {
817
+ "post": {
818
+ "summary": "POST /api/admin/direct-receive/store-verifications/:id/review — ROOT + 真人 Passkey 核店铺 + 勾选逐品豁免。",
819
+ "tags": [
820
+ "admin"
821
+ ],
822
+ "security": [
823
+ {
824
+ "bearerAuth": []
825
+ }
826
+ ]
827
+ }
828
+ },
608
829
  "/api/admin/disputes": {
609
830
  "get": {
610
831
  "summary": "GET /api/admin/disputes",
@@ -3242,6 +3463,241 @@
3242
3463
  ]
3243
3464
  }
3244
3465
  },
3466
+ "/api/direct-pay/availability": {
3467
+ "get": {
3468
+ "summary": "GET /api/direct-pay/availability?product_id=... — 该商品(以 qty=1 计)当前是否可直付 + 不可用原因(脱敏)。",
3469
+ "tags": [],
3470
+ "security": [
3471
+ {
3472
+ "bearerAuth": []
3473
+ }
3474
+ ]
3475
+ }
3476
+ },
3477
+ "/api/direct-pay/disclosure-acks": {
3478
+ "post": {
3479
+ "summary": "POST — 记录一次 ack(D1 pre_select / D2 pre_confirm)。需现场真人(Passkey + gate token)。幂等(INSERT OR IGNORE)。",
3480
+ "tags": [],
3481
+ "security": [
3482
+ {
3483
+ "bearerAuth": []
3484
+ }
3485
+ ]
3486
+ }
3487
+ },
3488
+ "/api/direct-pay/disclosure-acks/:orderId": {
3489
+ "get": {
3490
+ "summary": "GET — 查询某单两次 ack 状态 + 买家视角披露文案(无卖家机制)。只读(本人),不需 gate token。",
3491
+ "tags": [],
3492
+ "security": [
3493
+ {
3494
+ "bearerAuth": []
3495
+ }
3496
+ ]
3497
+ }
3498
+ },
3499
+ "/api/direct-receive/accounts": {
3500
+ "get": {
3501
+ "summary": "── list(本人;不返回 raw QR,只含 qr_image_ref)──",
3502
+ "tags": [],
3503
+ "security": [
3504
+ {
3505
+ "bearerAuth": []
3506
+ }
3507
+ ]
3508
+ },
3509
+ "post": {
3510
+ "summary": "── add(Passkey)──",
3511
+ "tags": [],
3512
+ "security": [
3513
+ {
3514
+ "bearerAuth": []
3515
+ }
3516
+ ]
3517
+ }
3518
+ },
3519
+ "/api/direct-receive/accounts/:id": {
3520
+ "delete": {
3521
+ "summary": "── deactivate(Passkey + owner)──",
3522
+ "tags": [],
3523
+ "security": [
3524
+ {
3525
+ "bearerAuth": []
3526
+ }
3527
+ ]
3528
+ },
3529
+ "put": {
3530
+ "summary": "── update(Passkey + owner)──",
3531
+ "tags": [],
3532
+ "security": [
3533
+ {
3534
+ "bearerAuth": []
3535
+ }
3536
+ ]
3537
+ }
3538
+ },
3539
+ "/api/direct-receive/accounts/:id/qr": {
3540
+ "get": {
3541
+ "summary": "── QR preview(owner-only read;硬化转发;不存在/非本人 → 404)──",
3542
+ "tags": [],
3543
+ "security": [
3544
+ {
3545
+ "bearerAuth": []
3546
+ }
3547
+ ]
3548
+ },
3549
+ "put": {
3550
+ "summary": "── upload / replace QR(Passkey + owner;immutable content-addressed store)──",
3551
+ "tags": [],
3552
+ "security": [
3553
+ {
3554
+ "bearerAuth": []
3555
+ }
3556
+ ]
3557
+ }
3558
+ },
3559
+ "/api/direct-receive/deferral": {
3560
+ "get": {
3561
+ "summary": "GET /api/direct-receive/deferral — 卖家本人缓交状态:最新一条申请(脱敏:不含 admin 身份)+ 是否当前生效(active)。",
3562
+ "tags": [],
3563
+ "security": [
3564
+ {
3565
+ "bearerAuth": []
3566
+ }
3567
+ ]
3568
+ },
3569
+ "post": {
3570
+ "summary": "POST /api/direct-receive/deferral — 卖家申请缓交。helper 强制:单一活跃、periodDays 正整数、id 唯一。",
3571
+ "tags": [],
3572
+ "security": [
3573
+ {
3574
+ "bearerAuth": []
3575
+ }
3576
+ ]
3577
+ }
3578
+ },
3579
+ "/api/direct-receive/my-fee-account": {
3580
+ "get": {
3581
+ "summary": "仅本人(requireSeller),买家拿不到;只读、不碰任何资金动作。供 seller fee center 展示。",
3582
+ "tags": [],
3583
+ "security": [
3584
+ {
3585
+ "bearerAuth": []
3586
+ }
3587
+ ]
3588
+ }
3589
+ },
3590
+ "/api/direct-receive/payment-instruction": {
3591
+ "delete": {
3592
+ "summary": "DELETE — 停用卖家当前 active 收款说明(软停用,留历史为 inactive)。停用后 create route fail-closed。",
3593
+ "tags": [],
3594
+ "security": [
3595
+ {
3596
+ "bearerAuth": []
3597
+ }
3598
+ ]
3599
+ },
3600
+ "get": {
3601
+ "summary": "GET — 卖家本人当前 active 收款说明;无则 instruction:null(200,显式空状态,便于 UI 渲染“尚未设置”)。",
3602
+ "tags": [],
3603
+ "security": [
3604
+ {
3605
+ "bearerAuth": []
3606
+ }
3607
+ ]
3608
+ },
3609
+ "put": {
3610
+ "summary": "PUT — 设置/替换卖家当前 active 收款说明。instruction 必填、trim、长度上限;label 可选、trim、长度上限。",
3611
+ "tags": [],
3612
+ "security": [
3613
+ {
3614
+ "bearerAuth": []
3615
+ }
3616
+ ]
3617
+ }
3618
+ },
3619
+ "/api/direct-receive/product-verification": {
3620
+ "post": {
3621
+ "summary": "POST /api/direct-receive/product-verification — 卖家为某产品申领验证码(单一活跃 per product)。",
3622
+ "tags": [],
3623
+ "security": [
3624
+ {
3625
+ "bearerAuth": []
3626
+ }
3627
+ ]
3628
+ },
3629
+ "put": {
3630
+ "summary": "PUT /api/direct-receive/product-verification — 卖家为某产品提交外部商品链接(链接仅存储,WebAZ 不抓取)。",
3631
+ "tags": [],
3632
+ "security": [
3633
+ {
3634
+ "bearerAuth": []
3635
+ }
3636
+ ]
3637
+ }
3638
+ },
3639
+ "/api/direct-receive/product-verifications": {
3640
+ "get": {
3641
+ "summary": "GET /api/direct-receive/product-verifications — 卖家本人所有产品的认证状态(逐产品)。",
3642
+ "tags": [],
3643
+ "security": [
3644
+ {
3645
+ "bearerAuth": []
3646
+ }
3647
+ ]
3648
+ }
3649
+ },
3650
+ "/api/direct-receive/readiness": {
3651
+ "get": {
3652
+ "summary": "绝不下发 raw blocker / KYB·制裁·AML 分项(见 sellerDirectPayReadinessView)。只读 self(auth 用户自身 id)。",
3653
+ "tags": [],
3654
+ "security": [
3655
+ {
3656
+ "bearerAuth": []
3657
+ }
3658
+ ]
3659
+ }
3660
+ },
3661
+ "/api/direct-receive/selectable-accounts": {
3662
+ "get": {
3663
+ "summary": "⚠️ 只下发元数据 method/currency/label —— instruction 原文与 QR 受披露门保护,D1/D2 ack 后才随订单快照给买家。",
3664
+ "tags": [],
3665
+ "security": [
3666
+ {
3667
+ "bearerAuth": []
3668
+ }
3669
+ ]
3670
+ }
3671
+ },
3672
+ "/api/direct-receive/store-verification": {
3673
+ "get": {
3674
+ "summary": "GET /api/direct-receive/store-verification — 卖家本人店铺认证状态(脱敏 DTO,含豁免位)。",
3675
+ "tags": [],
3676
+ "security": [
3677
+ {
3678
+ "bearerAuth": []
3679
+ }
3680
+ ]
3681
+ },
3682
+ "post": {
3683
+ "summary": "POST /api/direct-receive/store-verification — 卖家申领店铺验证码(单一活跃 per seller)。",
3684
+ "tags": [],
3685
+ "security": [
3686
+ {
3687
+ "bearerAuth": []
3688
+ }
3689
+ ]
3690
+ },
3691
+ "put": {
3692
+ "summary": "PUT /api/direct-receive/store-verification — 卖家提交店铺外链(仅存储,不抓取)。",
3693
+ "tags": [],
3694
+ "security": [
3695
+ {
3696
+ "bearerAuth": []
3697
+ }
3698
+ ]
3699
+ }
3700
+ },
3245
3701
  "/api/disputes": {
3246
3702
  "get": {
3247
3703
  "summary": "仲裁员:查看所有开放争议",
@@ -3815,6 +4271,13 @@
3815
4271
  ]
3816
4272
  }
3817
4273
  },
4274
+ "/api/fx/rates": {
4275
+ "get": {
4276
+ "summary": "GET /api/fx/rates",
4277
+ "tags": [],
4278
+ "security": []
4279
+ }
4280
+ },
3818
4281
  "/api/governance/onboarding-stats": {
3819
4282
  "get": {
3820
4283
  "summary": "无 auth — agent / 用户 / 第三方都可读;不暴露 PII",
@@ -4271,6 +4734,13 @@
4271
4734
  ]
4272
4735
  }
4273
4736
  },
4737
+ "/api/manifests/:hash/thumb": {
4738
+ "get": {
4739
+ "summary": "Only the low-res thumbnail is exposed (never full-res / metadata / other columns).",
4740
+ "tags": [],
4741
+ "security": []
4742
+ }
4743
+ },
4274
4744
  "/api/manifests/by-anchor/:anchor": {
4275
4745
  "get": {
4276
4746
  "summary": "GET /api/manifests/by-anchor/:anchor",
@@ -4862,6 +5332,19 @@
4862
5332
  ]
4863
5333
  }
4864
5334
  },
5335
+ "/api/orders/:id/direct-pay-qr": {
5336
+ "get": {
5337
+ "summary": "取【当时那一版】图字节。未 ack / 非买家 / 无 QR / 非 direct_p2p → 统一 404(不枚举,不泄露)。图字节不入 order JSON。",
5338
+ "tags": [
5339
+ "order"
5340
+ ],
5341
+ "security": [
5342
+ {
5343
+ "bearerAuth": []
5344
+ }
5345
+ ]
5346
+ }
5347
+ },
4865
5348
  "/api/orders/:id/force-timeout-check": {
4866
5349
  "post": {
4867
5350
  "summary": "手动触发超时判责(当事人)",
@@ -5364,6 +5847,17 @@
5364
5847
  "security": []
5365
5848
  }
5366
5849
  },
5850
+ "/api/products/:id/external-links": {
5851
+ "get": {
5852
+ "summary": "array the seller workbench consumes; that stays untouched). Only public-safe columns are returned.",
5853
+ "tags": [],
5854
+ "security": [
5855
+ {
5856
+ "bearerAuth": []
5857
+ }
5858
+ ]
5859
+ }
5860
+ },
5367
5861
  "/api/products/:id/get-or-create-share": {
5368
5862
  "post": {
5369
5863
  "summary": "获取或创建商品 shareable(被 sharePromoLink 用,走 /s/<id> 短链)",
@@ -259,10 +259,12 @@ export function registerAdminAnalyticsRoutes(app, deps) {
259
259
  const nowSec = Math.floor(Date.now() / 1000);
260
260
  const escrowByStatus = await dbAll(`SELECT status, COUNT(*) AS n, COALESCE(SUM(amount),0) AS total
261
261
  FROM pending_commission_escrow GROUP BY status`);
262
+ // RFC-018: these "pending escrow" stats mean opt-out escrow (matures_at IS NULL); clearing rows
263
+ // (matures_at NOT NULL) don't expire-to-reserve and would mislabel "expiring soon".
262
264
  const escrowPendingByPath = await dbAll(`SELECT attribution_path, COUNT(*) AS n, COALESCE(SUM(amount),0) AS total
263
- FROM pending_commission_escrow WHERE status='pending' GROUP BY attribution_path`);
265
+ FROM pending_commission_escrow WHERE status='pending' AND matures_at IS NULL GROUP BY attribution_path`);
264
266
  const expiringSoon = (await dbOne(`SELECT COUNT(*) AS n, COALESCE(SUM(amount),0) AS total
265
- FROM pending_commission_escrow WHERE status='pending' AND expires_at <= ?`, [nowSec + 86400]));
267
+ FROM pending_commission_escrow WHERE status='pending' AND matures_at IS NULL AND expires_at <= ?`, [nowSec + 86400]));
266
268
  // 3. consent 版本:当前 major + 仍停留在旧 major 上的 opted-in 用户数(= auto_downgrade 候选)
267
269
  const currentMajor = await dbOne(`SELECT version, effective_at FROM rewards_consent_texts WHERE change_class='major' ORDER BY effective_at DESC LIMIT 1`);
268
270
  let staleConsentOptedIn = 0;