@seasonkoh/webaz 0.1.5 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/layer1-agent/L1-1-mcp-server/server.js +8 -7
  2. package/dist/pwa/server.js +3 -1
  3. package/package.json +1 -1
package/dist/layer1-agent/L1-1-mcp-server/server.js CHANGED
@@ -590,23 +590,24 @@ function handleUpdateOrder(args) {
590
590
  const notes = args.notes ?? '';
591
591
  const evidenceDesc = args.evidence_description ?? '';
592
592
  // 验证订单存在且该用户是参与方
593
- const order = db
593
+ let order = db
594
594
  .prepare('SELECT * FROM orders WHERE id = ?')
595
595
  .get(orderId);
596
596
  if (!order)
597
597
  return { error: `订单不存在:${orderId}` };
598
+ // 物流首次操作:先绑定再做参与方检查
599
+ if ((action === 'pickup' || action === 'transit') &&
600
+ !order.logistics_id &&
601
+ user.role === 'logistics') {
602
+ db.prepare('UPDATE orders SET logistics_id = ? WHERE id = ?').run(user.id, orderId);
603
+ order = db.prepare('SELECT * FROM orders WHERE id = ?').get(orderId);
604
+ }
598
605
  const isParticipant = order.buyer_id === user.id ||
599
606
  order.seller_id === user.id ||
600
607
  order.logistics_id === user.id;
601
608
  if (!isParticipant && user.role !== 'arbitrator') {
602
609
  return { error: '你不是这笔订单的参与方,无法操作' };
603
610
  }
604
- // 如果是物流首次操作,绑定物流方
605
- if ((action === 'pickup' || action === 'transit') &&
606
- order.logistics_id === null &&
607
- user.role === 'logistics') {
608
- db.prepare('UPDATE orders SET logistics_id = ? WHERE id = ?').run(user.id, orderId);
609
- }
610
611
  // action → 状态映射
611
612
  const actionMap = {
612
613
  accept: 'accepted',
package/dist/pwa/server.js CHANGED
@@ -208,7 +208,9 @@ app.get('/api/orders/:id', (req, res) => {
208
208
  if (!statusInfo)
209
209
  return void res.status(404).json({ error: '订单不存在' });
210
210
  const order = statusInfo.order;
211
- if (order.buyer_id !== user.id && order.seller_id !== user.id && order.logistics_id !== user.id && user.role !== 'arbitrator') {
211
+ const isLogisticsPickup = user.role === 'logistics' &&
212
+ !order.logistics_id && order.status === 'shipped';
213
+ if (order.buyer_id !== user.id && order.seller_id !== user.id && order.logistics_id !== user.id && user.role !== 'arbitrator' && !isLogisticsPickup) {
212
214
  return void res.status(403).json({ error: '无权查看此订单' });
213
215
  }
214
216
  const product = db.prepare('SELECT title, price, images FROM products WHERE id = ?').get(order.product_id);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@seasonkoh/webaz",
3
- "version": "0.1.5",
3
+ "version": "0.1.6",
4
4
  "description": "Agent-native decentralized commerce protocol. Humans and AI agents trade on the same protocol via MCP tools.",
5
5
  "main": "dist/mcp.js",
6
6
  "bin": {