@seasonkoh/webaz 0.1.7 → 0.1.9

package/dist/pwa/routes/account-deletion.js

@@ -0,0 +1,53 @@
+export function registerAccountDeletionRoutes(app, deps) {
+    const { db, auth } = deps;
+    app.post('/api/me/delete-request', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const uid = user.id;
+        const reason = String((req.body || {}).reason || '').slice(0, 500);
+        const blockers = [];
+        const pendingOrders = db.prepare(`SELECT COUNT(*) as n FROM orders WHERE (buyer_id = ? OR seller_id = ?) AND status NOT IN ('completed', 'confirmed', 'cancelled', 'refunded_full', 'refunded_partial')`).get(uid, uid).n;
+        if (pendingOrders > 0)
+            blockers.push(`你有 ${pendingOrders} 个未完成订单，请先处理`);
+        // #1017 fix: dispute_cases 是已结公开判例（无 status 列）；查"未结争议"应走 disputes 表
+        const openDisputes = db.prepare(`SELECT COUNT(*) as n FROM disputes WHERE (initiator_id = ? OR defendant_id = ?) AND status NOT IN ('resolved', 'closed')`).get(uid, uid).n;
+        if (openDisputes > 0)
+            blockers.push(`你有 ${openDisputes} 个未结争议，请先处理`);
+        const wallet = db.prepare(`SELECT balance FROM wallets WHERE user_id = ?`).get(uid);
+        if (wallet && wallet.balance > 0.01)
+            blockers.push(`钱包余额 ${wallet.balance} WAZ — 请先提现`);
+        if (blockers.length > 0)
+            return void res.status(400).json({ error: '账号注销前请先处理', blockers });
+        db.prepare(`INSERT OR REPLACE INTO account_deletion_requests (user_id, requested_at, reason, cancelled_at, pii_wiped_at) VALUES (?, datetime('now'), ?, NULL, NULL)`).run(uid, reason);
+        db.prepare(`UPDATE users SET feed_visible = 0, deleted_requested_at = datetime('now') WHERE id = ?`).run(uid);
+        res.json({
+            ok: true,
+            cooldown_days: 7,
+            wipe_after_days: 14,
+            notice: '账号已进入注销冷却期。7 天内可撤销，14 天后 PII 永久擦除（笔记/订单匿名化保留）。',
+        });
+    });
+    app.post('/api/me/delete-cancel', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const uid = user.id;
+        const req_row = db.prepare(`SELECT * FROM account_deletion_requests WHERE user_id = ? AND cancelled_at IS NULL AND pii_wiped_at IS NULL`).get(uid);
+        if (!req_row)
+            return void res.status(404).json({ error: 'no active deletion request' });
+        const reqTs = new Date(req_row.requested_at.replace(' ', 'T') + 'Z').getTime();
+        if (Date.now() - reqTs > 7 * 86400_000)
+            return void res.status(400).json({ error: '冷却期已过，无法撤销' });
+        db.prepare(`UPDATE account_deletion_requests SET cancelled_at = datetime('now') WHERE user_id = ?`).run(uid);
+        db.prepare(`UPDATE users SET feed_visible = 1, deleted_requested_at = NULL WHERE id = ?`).run(uid);
+        res.json({ ok: true, message: '账号注销已撤销' });
+    });
+    app.get('/api/me/delete-status', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const row = db.prepare(`SELECT requested_at, cancelled_at, pii_wiped_at, reason FROM account_deletion_requests WHERE user_id = ?`).get(user.id);
+        res.json({ deletion_request: row || null });
+    });
+}

package/dist/pwa/routes/addresses.js

@@ -0,0 +1,105 @@
+export function registerAddressesRoutes(app, deps) {
+    const { db, generateId, auth, isTrustedRole, errorRes } = deps;
+    app.get('/api/addresses', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        if (isTrustedRole(user))
+            return void errorRes(res, 403, 'TRUSTED_ROLE_NO_TRADE', '受信角色无购物功能');
+        const rows = db.prepare(`SELECT id, label, recipient, phone, region, detail, is_default, created_at
+      FROM user_addresses WHERE user_id = ? ORDER BY is_default DESC, created_at DESC LIMIT 50`).all(user.id);
+        res.json({ items: rows });
+    });
+    app.post('/api/addresses', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        if (isTrustedRole(user))
+            return void errorRes(res, 403, 'TRUSTED_ROLE_NO_TRADE', '受信角色无购物功能');
+        const { label, recipient, phone, region, detail, is_default } = req.body || {};
+        if (!label || !recipient || !detail)
+            return void res.status(400).json({ error: '标签 / 收件人 / 详细地址必填' });
+        if (String(label).length > 30 || String(recipient).length > 60 || String(detail).length > 200) {
+            return void res.status(400).json({ error: '字段超长（标签≤30, 收件人≤60, 详址≤200）' });
+        }
+        const cnt = db.prepare('SELECT COUNT(*) as n FROM user_addresses WHERE user_id = ?').get(user.id).n;
+        if (cnt >= 20)
+            return void res.status(400).json({ error: '地址数量已达上限 (20)' });
+        const id = generateId('adr');
+        db.transaction(() => {
+            if (is_default || cnt === 0) {
+                db.prepare('UPDATE user_addresses SET is_default = 0 WHERE user_id = ?').run(user.id);
+            }
+            db.prepare(`INSERT INTO user_addresses (id, user_id, label, recipient, phone, region, detail, is_default) VALUES (?,?,?,?,?,?,?,?)`)
+                .run(id, user.id, String(label), String(recipient), phone ? String(phone) : null, region ? String(region) : null, String(detail), (is_default || cnt === 0) ? 1 : 0);
+        })();
+        res.json({ success: true, id });
+    });
+    app.patch('/api/addresses/:id', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const row = db.prepare('SELECT user_id FROM user_addresses WHERE id = ?').get(req.params.id);
+        if (!row)
+            return void res.status(404).json({ error: '地址不存在' });
+        if (row.user_id !== user.id)
+            return void res.status(403).json({ error: '无权限' });
+        const { label, recipient, phone, region, detail, is_default } = req.body || {};
+        const sets = [];
+        const args = [];
+        if (label !== undefined) {
+            sets.push('label = ?');
+            args.push(String(label).slice(0, 30));
+        }
+        if (recipient !== undefined) {
+            sets.push('recipient = ?');
+            args.push(String(recipient).slice(0, 60));
+        }
+        if (phone !== undefined) {
+            sets.push('phone = ?');
+            args.push(phone ? String(phone).slice(0, 30) : null);
+        }
+        if (region !== undefined) {
+            sets.push('region = ?');
+            args.push(region ? String(region).slice(0, 60) : null);
+        }
+        if (detail !== undefined) {
+            sets.push('detail = ?');
+            args.push(String(detail).slice(0, 200));
+        }
+        if (sets.length === 0 && is_default === undefined)
+            return void res.status(400).json({ error: '无可更新字段' });
+        db.transaction(() => {
+            if (sets.length > 0) {
+                sets.push(`updated_at = datetime('now')`);
+                args.push(req.params.id);
+                db.prepare(`UPDATE user_addresses SET ${sets.join(', ')} WHERE id = ?`).run(...args);
+            }
+            if (is_default) {
+                db.prepare('UPDATE user_addresses SET is_default = 0 WHERE user_id = ?').run(user.id);
+                db.prepare('UPDATE user_addresses SET is_default = 1 WHERE id = ?').run(req.params.id);
+            }
+        })();
+        res.json({ success: true });
+    });
+    app.delete('/api/addresses/:id', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const row = db.prepare('SELECT user_id, is_default FROM user_addresses WHERE id = ?').get(req.params.id);
+        if (!row)
+            return void res.status(404).json({ error: '地址不存在' });
+        if (row.user_id !== user.id)
+            return void res.status(403).json({ error: '无权限' });
+        db.transaction(() => {
+            db.prepare('DELETE FROM user_addresses WHERE id = ?').run(req.params.id);
+            // 若删了默认地址，挑一个最近的设为默认
+            if (row.is_default) {
+                const next = db.prepare('SELECT id FROM user_addresses WHERE user_id = ? ORDER BY created_at DESC LIMIT 1').get(user.id);
+                if (next)
+                    db.prepare('UPDATE user_addresses SET is_default = 1 WHERE id = ?').run(next.id);
+            }
+        })();
+        res.json({ success: true });
+    });
+}

package/dist/pwa/routes/admin-admins.js

@@ -0,0 +1,151 @@
+export function registerAdminAdminsRoutes(app, deps) {
+    const { db, generateId, requireAdmin, requireRootAdmin, isRootAdmin, getAdminPermissions, ADMIN_PERMISSIONS } = deps;
+    // GET 全部 admin 列表
+    app.get('/api/admin/admins', (req, res) => {
+        const me = requireAdmin(req, res);
+        if (!me)
+            return;
+        const items = db.prepare(`
+      SELECT id, name, handle, role, admin_type, admin_scope, admin_permissions, email, created_at,
+             (SELECT MAX(created_at) FROM admin_audit_log WHERE admin_id = users.id) AS last_action_at
+      FROM users
+      WHERE role = 'admin' OR (roles IS NOT NULL AND roles LIKE '%admin%')
+      ORDER BY admin_type DESC, created_at ASC
+    `).all();
+        // 普通 admin 视角下 email 脱敏
+        const masked = items.map((u) => {
+            const enriched = { ...u, admin_permissions: u.admin_type === 'root' ? ['all'] : (() => { try {
+                    return JSON.parse(u.admin_permissions || '[]');
+                }
+                catch {
+                    return [];
+                } })() };
+            return isRootAdmin(me) ? enriched : ({ ...enriched, email: u.email ? '***' : null });
+        });
+        res.json({
+            items: masked,
+            my_type: (me.admin_type || 'root'),
+            my_scope: (me.admin_scope || 'global'),
+            my_permissions: getAdminPermissions(me),
+            available_permissions: ADMIN_PERMISSIONS,
+        });
+    });
+    // POST 创建 admin（仅 root）
+    app.post('/api/admin/admins', (req, res) => {
+        const root = requireRootAdmin(req, res);
+        if (!root)
+            return;
+        const body = req.body;
+        const targetUserId = String(body.user_id || '').trim();
+        const adminType = String(body.admin_type || 'regional').trim();
+        const adminScope = String(body.admin_scope || 'global').trim();
+        let adminPerms = [];
+        if (adminType === 'regional') {
+            const raw = body.admin_permissions;
+            if (Array.isArray(raw))
+                adminPerms = raw.map(String).filter(Boolean);
+            else if (typeof raw === 'string')
+                adminPerms = raw.split(',').map(s => s.trim()).filter(Boolean);
+            const validPerms = new Set(['all', ...ADMIN_PERMISSIONS]);
+            for (const p of adminPerms) {
+                if (!validPerms.has(p))
+                    return void res.json({ error: `权限 "${p}" 无效；支持: all / ${ADMIN_PERMISSIONS.join(' / ')}` });
+            }
+            if (adminPerms.length === 0)
+                return void res.json({ error: 'regional admin 必须至少授予一项权限' });
+        }
+        if (!targetUserId)
+            return void res.json({ error: '必须指定 user_id' });
+        if (!['root', 'regional'].includes(adminType))
+            return void res.json({ error: 'admin_type 无效' });
+        if (!['global', 'china', 'us', 'eu', 'india', 'singapore', 'global_north'].includes(adminScope))
+            return void res.json({ error: 'admin_scope 无效' });
+        const target = db.prepare(`SELECT id, role, roles, admin_type FROM users WHERE id = ?`).get(targetUserId);
+        if (!target)
+            return void res.json({ error: '用户不存在' });
+        if (target.admin_type)
+            return void res.json({ error: '该用户已是 admin（' + target.admin_type + '）；如需调整请先撤销再重建' });
+        // 受信角色锁：目标用户不能已有 buyer/seller
+        const targetRoles = (() => { try {
+            return JSON.parse(target.roles || '[]');
+        }
+        catch {
+            return [target.role];
+        } })();
+        const conflictRoles = targetRoles.filter(r => ['buyer', 'seller'].includes(r));
+        if (conflictRoles.length > 0) {
+            return void res.json({ error: `目标用户已有 ${conflictRoles.join('/')} 角色，与 admin 冲突。请先用脚本剥离或换一个纯净账号。` });
+        }
+        const permsJson = adminType === 'root' ? null : JSON.stringify(adminPerms);
+        db.transaction(() => {
+            const newRoles = Array.from(new Set([...targetRoles, 'admin']));
+            db.prepare(`UPDATE users SET role = 'admin', roles = ?, admin_type = ?, admin_scope = ?, admin_permissions = ?, updated_at = datetime('now') WHERE id = ?`)
+                .run(JSON.stringify(newRoles), adminType, adminScope, permsJson, targetUserId);
+            db.prepare(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail) VALUES (?,?,?,?,?,?)`)
+                .run(generateId('audit'), root.id, 'admin_create', 'user', targetUserId, JSON.stringify({ admin_type: adminType, admin_scope: adminScope, admin_permissions: adminPerms }));
+        })();
+        res.json({ ok: true, user_id: targetUserId, admin_type: adminType, admin_scope: adminScope, admin_permissions: adminPerms });
+    });
+    // PATCH 更新权限（root only）
+    app.patch('/api/admin/admins/:id/permissions', (req, res) => {
+        const root = requireRootAdmin(req, res);
+        if (!root)
+            return;
+        const targetId = req.params.id;
+        const body = req.body;
+        const adminScope = body.admin_scope ? String(body.admin_scope) : null;
+        const raw = body.admin_permissions;
+        let adminPerms = [];
+        if (Array.isArray(raw))
+            adminPerms = raw.map(String).filter(Boolean);
+        const validPerms = new Set(['all', ...ADMIN_PERMISSIONS]);
+        for (const p of adminPerms)
+            if (!validPerms.has(p))
+                return void res.json({ error: `权限 "${p}" 无效` });
+        const target = db.prepare(`SELECT id, admin_type FROM users WHERE id = ?`).get(targetId);
+        if (!target?.admin_type)
+            return void res.json({ error: '该用户不是 admin' });
+        if (target.admin_type === 'root')
+            return void res.json({ error: 'root admin 权限不可手动调整（永远是 all）' });
+        if (adminPerms.length === 0)
+            return void res.json({ error: '至少保留一项权限' });
+        db.prepare(`UPDATE users SET admin_permissions = ?${adminScope ? ', admin_scope = ?' : ''} WHERE id = ?`)
+            .run(JSON.stringify(adminPerms), ...(adminScope ? [adminScope, targetId] : [targetId]));
+        db.prepare(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail) VALUES (?,?,?,?,?,?)`)
+            .run(generateId('audit'), root.id, 'admin_update_perms', 'user', targetId, JSON.stringify({ admin_permissions: adminPerms, admin_scope: adminScope }));
+        res.json({ ok: true, admin_permissions: adminPerms, admin_scope: adminScope });
+    });
+    // DELETE 撤销 admin（root only；不能撤自己；至少保留 1 个 root）
+    app.delete('/api/admin/admins/:id', (req, res) => {
+        const root = requireRootAdmin(req, res);
+        if (!root)
+            return;
+        const targetId = req.params.id;
+        if (targetId === root.id)
+            return void res.json({ error: '不能撤销自己' });
+        const target = db.prepare(`SELECT id, name, admin_type FROM users WHERE id = ?`).get(targetId);
+        if (!target || !target.admin_type)
+            return void res.json({ error: '该用户不是 admin' });
+        // 保护：至少保留 1 个 root
+        if (target.admin_type === 'root') {
+            const rootCount = db.prepare(`SELECT COUNT(1) as n FROM users WHERE admin_type = 'root'`).get().n;
+            if (rootCount <= 1)
+                return void res.json({ error: '至少保留 1 个 root admin，不可撤销最后一个' });
+        }
+        db.transaction(() => {
+            const cur = db.prepare(`SELECT roles FROM users WHERE id = ?`).get(targetId);
+            let rolesArr = [];
+            try {
+                rolesArr = JSON.parse(cur.roles || '[]');
+            }
+            catch { }
+            rolesArr = rolesArr.filter(r => r !== 'admin');
+            const newRole = rolesArr[0] || 'buyer';
+            db.prepare(`UPDATE users SET role = ?, roles = ?, admin_type = NULL, admin_scope = NULL, updated_at = datetime('now') WHERE id = ?`)
+                .run(newRole, JSON.stringify(rolesArr), targetId);
+            db.prepare(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail) VALUES (?,?,?,?,?,?)`)
+                .run(generateId('audit'), root.id, 'admin_revoke', 'user', targetId, JSON.stringify({ revoked_type: target.admin_type, new_role: newRole }));
+        })();
+        res.json({ ok: true });
+    });
+}

package/dist/pwa/routes/admin-analytics.js

@@ -0,0 +1,253 @@
+export function registerAdminAnalyticsRoutes(app, deps) {
+    const { db, adminAuth, requireAdmin, requireRootAdmin, getProtocolParam, INTERNAL_AUDITOR_ID } = deps;
+    app.get('/api/admin/usage', (req, res) => {
+        if (!adminAuth(req, res))
+            return;
+        const total = db.prepare(`SELECT COUNT(*) as n FROM mcp_tool_calls`).get();
+        const total24h = db.prepare(`SELECT COUNT(*) as n FROM mcp_tool_calls WHERE ts > datetime('now','-1 day')`).get();
+        const total7d = db.prepare(`SELECT COUNT(*) as n FROM mcp_tool_calls WHERE ts > datetime('now','-7 day')`).get();
+        const totalUsers = db.prepare(`SELECT COUNT(DISTINCT user_id_hash) as n FROM mcp_tool_calls WHERE user_id_hash IS NOT NULL`).get();
+        const wau7d = db.prepare(`SELECT COUNT(DISTINCT user_id_hash) as n FROM mcp_tool_calls WHERE user_id_hash IS NOT NULL AND ts > datetime('now','-7 day')`).get();
+        const dau24h = db.prepare(`SELECT COUNT(DISTINCT user_id_hash) as n FROM mcp_tool_calls WHERE user_id_hash IS NOT NULL AND ts > datetime('now','-1 day')`).get();
+        const byTool = db.prepare(`
+      SELECT tool_name,
+             COUNT(*) AS calls,
+             SUM(CASE WHEN outcome='error' THEN 1 ELSE 0 END) AS errors,
+             ROUND(AVG(latency_ms), 0) AS avg_latency_ms
+      FROM mcp_tool_calls WHERE ts > datetime('now','-7 day')
+      GROUP BY tool_name ORDER BY calls DESC
+    `).all();
+        const byDay = db.prepare(`
+      SELECT substr(ts, 1, 10) AS day,
+             COUNT(*) AS calls,
+             COUNT(DISTINCT user_id_hash) AS distinct_users
+      FROM mcp_tool_calls WHERE ts > datetime('now','-14 day')
+      GROUP BY day ORDER BY day
+    `).all();
+        const byVersion = db.prepare(`
+      SELECT server_version,
+             COUNT(*) AS calls,
+             COUNT(DISTINCT user_id_hash) AS distinct_users
+      FROM mcp_tool_calls WHERE ts > datetime('now','-7 day')
+      GROUP BY server_version ORDER BY calls DESC
+    `).all();
+        res.json({
+            summary: {
+                total_calls: total.n,
+                total_calls_24h: total24h.n,
+                total_calls_7d: total7d.n,
+                distinct_users_all: totalUsers.n,
+                dau_24h: dau24h.n,
+                wau_7d: wau7d.n,
+            },
+            by_tool_7d: byTool,
+            by_day_14d: byDay,
+            by_version_7d: byVersion,
+        });
+    });
+    app.get('/api/admin/auditor', (req, res) => {
+        const user = requireRootAdmin(req, res);
+        if (!user)
+            return;
+        const auditor = db.prepare('SELECT id, name, api_key, created_at FROM users WHERE id = ?')
+            .get(INTERNAL_AUDITOR_ID);
+        if (!auditor)
+            return void res.json({ error: '内部审核账号未初始化' });
+        res.json({ id: auditor.id, name: auditor.name, api_key: auditor.api_key });
+    });
+    app.get('/api/admin/finance/monthly', (req, res) => {
+        const admin = requireAdmin(req, res);
+        if (!admin)
+            return;
+        const months = Math.max(3, Math.min(24, Number(req.query.months) || 12));
+        const feeShop = getProtocolParam('protocol_fee_rate_shop', 0.02);
+        const feeSecondhand = getProtocolParam('protocol_fee_rate_secondhand', 0.01);
+        const orderRows = db.prepare(`
+      SELECT strftime('%Y-%m', created_at) as ym,
+             COALESCE(SUM(CASE WHEN source = 'secondhand' THEN total_amount * ? ELSE total_amount * ? END), 0) as fee,
+             COALESCE(SUM(total_amount), 0) as gmv,
+             COUNT(*) as orders_count
+      FROM orders
+      WHERE status = 'completed'
+        AND created_at > datetime('now', '-' || ? || ' months')
+      GROUP BY ym ORDER BY ym DESC
+    `).all(feeSecondhand, feeShop, months);
+        const rewardRows = db.prepare(`
+      SELECT strftime('%Y-%m', created_at) as ym, COALESCE(SUM(amount), 0) as rewards, COUNT(*) as count
+      FROM platform_reward_log
+      WHERE created_at > datetime('now', '-' || ? || ' months')
+      GROUP BY ym ORDER BY ym DESC
+    `).all(months);
+        const byMonth = new Map();
+        for (const o of orderRows)
+            byMonth.set(o.ym, { ym: o.ym, fee: o.fee, gmv: o.gmv, orders: o.orders_count, rewards: 0, reward_count: 0 });
+        for (const r of rewardRows) {
+            const m = byMonth.get(r.ym);
+            if (m) {
+                m.rewards = r.rewards;
+                m.reward_count = r.count;
+            }
+            else
+                byMonth.set(r.ym, { ym: r.ym, fee: 0, gmv: 0, orders: 0, rewards: r.rewards, reward_count: r.count });
+        }
+        const rows = [...byMonth.values()].sort((a, b) => b.ym.localeCompare(a.ym));
+        const totalFee = rows.reduce((s, r) => s + r.fee, 0);
+        const totalRewards = rows.reduce((s, r) => s + r.rewards, 0);
+        const totalGmv = rows.reduce((s, r) => s + r.gmv, 0);
+        const sysWallet = db.prepare("SELECT balance FROM wallets WHERE user_id = 'sys_protocol'").get();
+        res.json({
+            months,
+            fee_rate_shop: feeShop,
+            fee_rate_secondhand: feeSecondhand,
+            monthly: rows.map(r => ({ ...r, net: r.fee - r.rewards })),
+            totals: {
+                fee_revenue: totalFee,
+                reward_expenditure: totalRewards,
+                net: totalFee - totalRewards,
+                gmv: totalGmv,
+                sys_protocol_balance: Number(sysWallet?.balance || 0),
+            },
+        });
+    });
+    app.get('/api/admin/protocol-kpi', (req, res) => {
+        const admin = requireAdmin(req, res);
+        if (!admin)
+            return;
+        const windowCounts = (label, days) => {
+            const t = `datetime('now','-${days} days')`;
+            const orders = db.prepare(`SELECT COUNT(*) as n, COALESCE(SUM(total_amount),0) as gmv FROM orders WHERE created_at > ${t}`).get();
+            const completed = db.prepare(`SELECT COUNT(*) as n FROM orders WHERE status='completed' AND created_at > ${t}`).get().n;
+            const disputes = db.prepare(`SELECT COUNT(*) as n FROM disputes WHERE created_at > ${t}`).get().n;
+            const refunds = db.prepare(`SELECT COUNT(*) as n FROM return_requests WHERE status='refunded' AND created_at > ${t}`).get().n;
+            const newUsers = db.prepare(`SELECT COUNT(*) as n FROM users WHERE created_at > ${t} AND id NOT IN ('sys_protocol', ?)`).get(INTERNAL_AUDITOR_ID).n;
+            return { label, days, orders: orders.n, gmv: orders.gmv, completed, disputes, refunds, new_users: newUsers,
+                dispute_rate: orders.n > 0 ? disputes / orders.n : 0,
+                refund_rate: completed > 0 ? refunds / completed : 0,
+            };
+        };
+        const dauProxy = db.prepare(`
+      SELECT COUNT(DISTINCT u_id) as n FROM (
+        SELECT buyer_id as u_id FROM orders WHERE created_at > datetime('now', '-1 day')
+        UNION SELECT seller_id FROM orders WHERE created_at > datetime('now', '-1 day')
+        UNION SELECT buyer_id FROM order_ratings WHERE created_at > datetime('now', '-1 day')
+        UNION SELECT user_id FROM daily_checkins WHERE checkin_date >= date('now', '-1 day')
+        UNION SELECT user_id FROM feedback_tickets WHERE created_at > datetime('now', '-1 day')
+      )
+    `).get().n;
+        const mauProxy = db.prepare(`
+      SELECT COUNT(DISTINCT u_id) as n FROM (
+        SELECT buyer_id as u_id FROM orders WHERE created_at > datetime('now', '-30 days')
+        UNION SELECT seller_id FROM orders WHERE created_at > datetime('now', '-30 days')
+        UNION SELECT buyer_id FROM order_ratings WHERE created_at > datetime('now', '-30 days')
+        UNION SELECT user_id FROM daily_checkins WHERE checkin_date >= date('now', '-30 days')
+        UNION SELECT user_id FROM feedback_tickets WHERE created_at > datetime('now', '-30 days')
+      )
+    `).get().n;
+        const userTotals = db.prepare(`
+      SELECT
+        SUM(CASE WHEN role='buyer' THEN 1 ELSE 0 END) as buyers,
+        SUM(CASE WHEN role='seller' THEN 1 ELSE 0 END) as sellers,
+        SUM(CASE WHEN role='logistics' THEN 1 ELSE 0 END) as logistics,
+        SUM(CASE WHEN role='verifier' THEN 1 ELSE 0 END) as verifiers,
+        SUM(CASE WHEN role='arbitrator' THEN 1 ELSE 0 END) as arbitrators,
+        SUM(CASE WHEN role='admin' THEN 1 ELSE 0 END) as admins,
+        COUNT(*) as total
+      FROM users WHERE id NOT IN ('sys_protocol', ?)
+    `).get(INTERNAL_AUDITOR_ID);
+        const sysWallet = db.prepare("SELECT balance FROM wallets WHERE user_id = 'sys_protocol'").get();
+        const totalEscrowed = db.prepare("SELECT COALESCE(SUM(escrowed),0) as t FROM wallets").get().t;
+        const totalStaked = db.prepare("SELECT COALESCE(SUM(staked),0) as t FROM wallets").get().t;
+        const platformRewards = db.prepare("SELECT COALESCE(SUM(amount),0) as t FROM platform_reward_log").get().t;
+        const platformRewardsToday = db.prepare("SELECT COALESCE(SUM(amount),0) as t FROM platform_reward_log WHERE created_at > datetime('now','-1 day')").get().t;
+        const products = db.prepare("SELECT COUNT(*) as n, SUM(CASE WHEN status='active' THEN 1 ELSE 0 END) as active FROM products").get();
+        const ratings = db.prepare("SELECT COUNT(*) as n FROM order_ratings").get().n;
+        const subs = db.prepare("SELECT COUNT(*) as n FROM push_subscriptions WHERE enabled=1").get().n;
+        const trustOpen = db.prepare(`
+      SELECT
+        (SELECT COUNT(*) FROM disputes WHERE status IN ('open','in_review')) as disputes_open,
+        (SELECT COUNT(*) FROM feedback_tickets WHERE status IN ('open','in_progress')) as feedback_open,
+        (SELECT COUNT(*) FROM return_requests WHERE status='pending') as returns_pending
+    `).get();
+        res.json({
+            activity: {
+                dau_proxy: dauProxy,
+                mau_proxy: mauProxy,
+                windows: [windowCounts('24h', 1), windowCounts('7d', 7), windowCounts('30d', 30)],
+            },
+            users: userTotals,
+            finance: {
+                sys_protocol_balance: Number(sysWallet?.balance || 0),
+                total_escrowed: totalEscrowed,
+                total_staked: totalStaked,
+                platform_rewards_cumulative: platformRewards,
+                platform_rewards_today: platformRewardsToday,
+            },
+            content: {
+                products_total: products.n,
+                products_active: products.active,
+                ratings_total: ratings,
+                push_subscriptions: subs,
+            },
+            trust_open: trustOpen,
+        });
+    });
+    app.get('/api/admin/dashboard', (req, res) => {
+        const admin = requireAdmin(req, res);
+        if (!admin)
+            return;
+        const u = db.prepare("SELECT COUNT(*) as n FROM users WHERE id NOT IN ('sys_protocol', ?)").get(INTERNAL_AUDITOR_ID);
+        const sellers = db.prepare("SELECT COUNT(*) as n FROM users WHERE role = 'seller' AND id NOT IN ('sys_protocol', ?)").get(INTERNAL_AUDITOR_ID);
+        const active = db.prepare("SELECT COUNT(*) as n FROM products WHERE status = 'active'").get();
+        const o24 = db.prepare("SELECT COUNT(*) as n, COALESCE(SUM(total_amount),0) as gmv FROM orders WHERE created_at > datetime('now','-1 day')").get();
+        const dOpen = db.prepare("SELECT COUNT(*) as n FROM disputes WHERE status IN ('open','in_review')").get();
+        const vOpen = db.prepare("SELECT COUNT(*) as n FROM verify_tasks WHERE status IN ('open','code_issued')").get();
+        const locked = db.prepare("SELECT COALESCE(SUM(staked + escrowed),0) as t FROM wallets").get();
+        const sus = db.prepare("SELECT COUNT(*) as n FROM user_moderation WHERE suspended = 1").get();
+        const verifierApps = db.prepare("SELECT COUNT(*) as n FROM verifier_applications WHERE status = 'pending'").get();
+        const verifierAppeals = db.prepare("SELECT COUNT(*) as n FROM verifier_appeals WHERE status = 'pending'").get();
+        const quotaApps = db.prepare("SELECT COUNT(*) as n FROM quota_increase_applications WHERE status = 'pending'").get();
+        const listingPaused = db.prepare("SELECT COUNT(*) as n FROM users WHERE listing_paused = 1").get();
+        const activeVerifiers = db.prepare(`
+      SELECT COUNT(*) as n FROM verifier_whitelist vw
+      LEFT JOIN verifier_stats vs ON vs.user_id = vw.user_id
+      WHERE (vw.cooldown_until IS NULL OR vw.cooldown_until < datetime('now'))
+        AND (vs.suspended_until IS NULL OR vs.suspended_until < datetime('now'))
+    `).get();
+        const tokenomics = (() => {
+            const gf = db.prepare("SELECT pool_balance, total_scores_pending, current_n, last_settled_at FROM global_fund WHERE id=1").get();
+            const mb = db.prepare("SELECT balance FROM management_bonus_pool WHERE id=1").get();
+            const pendingLedger = db.prepare("SELECT COUNT(*) as n FROM pv_ledger WHERE processed = 0").get().n;
+            const commCount = db.prepare("SELECT COUNT(*) as n, COALESCE(SUM(amount),0) as t FROM commission_records").get();
+            const dirtyUsers = db.prepare("SELECT COUNT(*) as n FROM users WHERE pv_dirty_at IS NOT NULL").get().n;
+            const matchedTotal = db.prepare("SELECT COUNT(*) as n, COALESCE(SUM(waz_amount),0) as w FROM binary_score_records WHERE settled_at IS NOT NULL").get();
+            return {
+                pool_balance: Number(gf?.pool_balance ?? 0),
+                scores_pending: Number(gf?.total_scores_pending ?? 0),
+                current_n: Number(gf?.current_n ?? 0),
+                last_settled_at: gf?.last_settled_at,
+                management_bonus: Number(mb?.balance ?? 0),
+                ledger_pending: pendingLedger,
+                dirty_users: dirtyUsers,
+                commission_records: commCount.n,
+                commission_total: commCount.t,
+                binary_settled: matchedTotal.n,
+                binary_waz_total: matchedTotal.w,
+            };
+        })();
+        res.json({
+            users: u.n, sellers: sellers.n,
+            products_active: active.n,
+            orders_24h: o24.n, gmv_24h: o24.gmv,
+            disputes_open: dOpen.n,
+            verify_tasks_open: vOpen.n,
+            total_locked: locked.t,
+            users_suspended: sus.n,
+            verifier_apps_pending: verifierApps.n,
+            verifier_appeals_pending: verifierAppeals.n,
+            active_verifiers: activeVerifiers.n,
+            quota_apps_pending: quotaApps.n,
+            listing_paused_count: listingPaused.n,
+            tokenomics,
+        });
+    });
+}

package/dist/pwa/routes/admin-atomic.js

@@ -0,0 +1,21 @@
+export function registerAdminAtomicRoutes(app, deps) {
+    const { requireProtocolAdmin, processPvLedger, runBinarySettlement, executeSafeSettlementCron } = deps;
+    app.post('/api/admin/atomic/process-ledger', (req, res) => {
+        const admin = requireProtocolAdmin(req, res);
+        if (!admin)
+            return;
+        res.json({ processed: processPvLedger() });
+    });
+    app.post('/api/admin/atomic/run-settlement', (req, res) => {
+        const admin = requireProtocolAdmin(req, res);
+        if (!admin)
+            return;
+        res.json({ settled: runBinarySettlement() });
+    });
+    app.post('/api/admin/atomic/distribute', (req, res) => {
+        const admin = requireProtocolAdmin(req, res);
+        if (!admin)
+            return;
+        res.json(executeSafeSettlementCron());
+    });
+}

package/dist/pwa/routes/admin-catalog.js

@@ -0,0 +1,64 @@
+export function registerAdminCatalogRoutes(app, deps) {
+    const { db, requireContentAdmin, logAdminAction } = deps;
+    // ─── 类目 季节性配置 ─────────────────────────────────────
+    app.post('/api/admin/categories/:id/seasonal', (req, res) => {
+        const admin = requireContentAdmin(req, res);
+        if (!admin)
+            return;
+        const { months } = req.body;
+        if (!Array.isArray(months) || months.length === 0) {
+            return void res.json({ error: 'months 必须是非空数组（1-12 的整数）' });
+        }
+        const valid = months.filter(m => Number.isInteger(m) && m >= 1 && m <= 12);
+        if (valid.length === 0)
+            return void res.json({ error: '没有有效的月份（1-12）' });
+        const cat = db.prepare('SELECT id, name FROM product_categories WHERE id = ?').get(req.params.id);
+        if (!cat)
+            return void res.status(404).json({ error: 'category 不存在' });
+        const csv = [...new Set(valid)].sort((a, b) => a - b).join(',');
+        db.prepare('UPDATE product_categories SET seasonal_months = ? WHERE id = ?').run(csv, req.params.id);
+        res.json({ success: true, category: cat.name, seasonal_months: csv });
+    });
+    app.delete('/api/admin/categories/:id/seasonal', (req, res) => {
+        const admin = requireContentAdmin(req, res);
+        if (!admin)
+            return;
+        db.prepare('UPDATE product_categories SET seasonal_months = NULL WHERE id = ?').run(req.params.id);
+        res.json({ success: true });
+    });
+    // ─── 商品 列表 + 强制下架 ───────────────────────────────
+    app.get('/api/admin/products', (req, res) => {
+        const admin = requireContentAdmin(req, res);
+        if (!admin)
+            return;
+        const status = req.query.status;
+        let sql = `SELECT p.id, p.title, p.price, p.stock, p.status, p.category, p.seller_id, p.created_at,
+                      u.name as seller_name
+               FROM products p JOIN users u ON p.seller_id = u.id`;
+        const params = [];
+        if (status && status.trim()) {
+            sql += ` WHERE p.status = ?`;
+            params.push(status);
+        }
+        sql += ` ORDER BY p.created_at DESC LIMIT 100`;
+        res.json({ products: db.prepare(sql).all(...params) });
+    });
+    app.post('/api/admin/products/:id/force-delist', (req, res) => {
+        // P0.5: 需 content 权限（之前仅 requireAdmin）
+        const admin = requireContentAdmin(req, res);
+        if (!admin)
+            return;
+        const { reason } = req.body;
+        const productId = req.params.id;
+        const product = db.prepare("SELECT id, status, title FROM products WHERE id = ?").get(productId);
+        if (!product)
+            return void res.json({ error: '商品不存在' });
+        if (product.status === 'deleted')
+            return void res.json({ error: '商品已删除' });
+        if (product.status === 'paused')
+            return void res.json({ error: '商品已是下架状态' });
+        db.prepare("UPDATE products SET status = 'paused', updated_at = datetime('now') WHERE id = ?").run(productId);
+        logAdminAction(admin.id, 'force_delist', 'product', productId, { reason: reason || null, title: product.title });
+        res.json({ success: true });
+    });
+}