@seasonkoh/webaz 0.1.7 → 0.1.9

package/dist/pwa/routes/admin-wallet-ops.js

@@ -0,0 +1,66 @@
+export function registerAdminWalletOpsRoutes(app, deps) {
+    const { db, requireProtocolAdmin, adminAuth, getPublicClient, getUsdcAddr, getUsdcAbi, getHotWalletAddr, wazToUsdc, getIsMainnet, getNetwork, executeWithdrawal } = deps;
+    // P2-5: protocol 权限（区域 admin 看不到全局热钱包）
+    app.get('/api/admin/hot-wallet/status', async (req, res) => {
+        const admin = requireProtocolAdmin(req, res);
+        if (!admin)
+            return;
+        try {
+            const pc = getPublicClient();
+            const hw = getHotWalletAddr();
+            const usdcBal = await pc.readContract({
+                address: getUsdcAddr(), abi: getUsdcAbi(), functionName: 'balanceOf', args: [hw],
+            });
+            const ethBal = await pc.getBalance({ address: hw });
+            const pending = db.prepare("SELECT COALESCE(SUM(amount), 0) as t FROM withdrawal_requests WHERE status = 'pending'").get();
+            const pendingUsdc = wazToUsdc(Number(pending.t));
+            res.json({
+                address: hw,
+                usdc_balance: Number(usdcBal) / 1e6,
+                eth_balance: Number(ethBal) / 1e18,
+                pending_withdrawals_waz: pending.t,
+                pending_withdrawals_usdc: pendingUsdc,
+                shortfall_usdc: Math.max(0, pendingUsdc - Number(usdcBal) / 1e6),
+                chain: getIsMainnet() ? 'base-mainnet' : 'base-sepolia',
+                network: getNetwork(),
+            });
+        }
+        catch (e) {
+            res.status(500).json({ error: 'RPC 读取失败: ' + e.message });
+        }
+    });
+    // Legacy x-admin-key 入口：仅余额
+    app.get('/api/admin/hot-wallet', async (req, res) => {
+        if (!adminAuth(req, res))
+            return;
+        const hw = getHotWalletAddr();
+        try {
+            const balance = await getPublicClient().readContract({
+                address: getUsdcAddr(), abi: getUsdcAbi(),
+                functionName: 'balanceOf', args: [hw],
+            });
+            res.json({ address: hw, usdc_balance: Number(balance) / 1e6 });
+        }
+        catch (e) {
+            res.json({ address: hw, usdc_balance: null, error: e.message });
+        }
+    });
+    app.get('/api/admin/withdrawals', (req, res) => {
+        if (!adminAuth(req, res))
+            return;
+        const list = db.prepare(`
+      SELECT wr.*, u.name as user_name
+      FROM withdrawal_requests wr JOIN users u ON wr.user_id = u.id
+      WHERE wr.status = 'pending' ORDER BY wr.created_at ASC
+    `).all();
+        res.json(list);
+    });
+    app.post('/api/admin/withdrawals/:id/approve', async (req, res) => {
+        if (!adminAuth(req, res))
+            return;
+        const result = await executeWithdrawal(req.params.id).catch(e => ({ success: false, error: e.message, txHash: undefined }));
+        if (!result.success)
+            return void res.json({ error: result.error });
+        res.json({ success: true, tx_hash: result.txHash });
+    });
+}

package/dist/pwa/routes/agent-buy.js

@@ -0,0 +1,215 @@
+export function registerAgentBuyRoutes(app, deps) {
+    const { db, auth, safeFetch, rateLimitOk, generateId, anthropic, AnthropicCtor, formatProductForAgent, checkStockAndMaybeDelist, addHours, transition, notifyTransition, shouldAutoAccept } = deps;
+    app.post('/api/agent-buy', async (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        if (user.role !== 'buyer')
+            return void res.json({ error: '仅买家可使用智能下单' });
+        const { source_url, shipping_address, auto_buy = false, user_api_key } = req.body;
+        if (!source_url)
+            return void res.json({ error: '请提供商品链接' });
+        if (auto_buy && !shipping_address)
+            return void res.json({ error: '自动下单需提供收货地址' });
+        if (!rateLimitOk(req.ip || 'unknown', 6, 60_000))
+            return void res.status(429).json({ error: '请求过于频繁，请稍后再试' });
+        let html = '';
+        try {
+            const ctrl = new AbortController();
+            const timer = setTimeout(() => ctrl.abort(), 10000);
+            const resp = await safeFetch(String(source_url), {
+                signal: ctrl.signal,
+                headers: {
+                    'User-Agent': 'Mozilla/5.0 (compatible; WebAZ/1.0; +https://webaz.xyz)',
+                    'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8',
+                },
+            });
+            clearTimeout(timer);
+            html = (await resp.text()).slice(0, 20000);
+        }
+        catch (e) {
+            const msg = e.message;
+            if (msg.startsWith('ssrf_'))
+                return void res.json({ error: '链接指向私网/localhost 或经 redirect 触达内部地址，已拦截' });
+            return void res.json({ error: `无法访问该链接：${msg}` });
+        }
+        const client = (typeof user_api_key === 'string' && user_api_key.trim().startsWith('sk-ant-'))
+            ? new AnthropicCtor({ apiKey: user_api_key.trim() })
+            : anthropic;
+        let source;
+        try {
+            const msg = await client.messages.create({
+                model: 'claude-haiku-4-5-20251001',
+                max_tokens: 512,
+                messages: [{ role: 'user', content: `从以下网页提取商品关键信息，仅返回JSON：
+{
+  "title": "商品全名",
+  "price_cny": 数字或null,
+  "category": "分类",
+  "search_terms": ["独立短词1","独立短词2","独立短词3"]
+}
+search_terms 是3-5个独立的中文短词（每个2-4个汉字），用于在数据库里搜索同类商品。
+例：九阳炒菜机器人 → ["炒菜机","九阳","炒菜机器人","自动炒菜"]
+HTML：${html}` }],
+            });
+            const text = msg.content[0].type === 'text' ? msg.content[0].text : '';
+            const m = text.match(/\{[\s\S]*\}/);
+            if (!m)
+                throw new Error('no json');
+            source = JSON.parse(m[0]);
+        }
+        catch {
+            return void res.json({ error: '无法从链接提取商品信息，请尝试其他链接' });
+        }
+        if (!source.title)
+            return void res.json({ error: '链接无法提取商品信息（可能需要登录或动态渲染）' });
+        const urlMatchIds = db.prepare(`
+      SELECT DISTINCT product_id FROM product_external_links WHERE url = ? AND verified = 1
+    `).all(source_url).map(r => r.product_id);
+        const urlMatchProducts = urlMatchIds.length > 0
+            ? db.prepare(`
+          SELECT p.*, u.name as seller_name,
+            COALESCE(rs.total_points, 0) as rep_points, COALESCE(rs.level, 'new') as rep_level
+          FROM products p
+          JOIN users u ON p.seller_id = u.id
+          LEFT JOIN reputation_scores rs ON rs.user_id = p.seller_id
+          WHERE p.id IN (${urlMatchIds.map(() => '?').join(',')}) AND p.status = 'active' AND p.stock > 0
+        `).all(...urlMatchIds)
+            : [];
+        let keywordProducts = [];
+        if (urlMatchProducts.length < 3) {
+            const rawTerms = Array.isArray(source.search_terms) ? source.search_terms : [];
+            if (rawTerms.length === 0) {
+                const t = source.title;
+                for (let i = 0; i + 2 <= t.length && rawTerms.length < 4; i += 2)
+                    rawTerms.push(t.slice(i, i + 4));
+            }
+            const terms = rawTerms.filter((t) => t && t.length >= 2).slice(0, 6);
+            if (terms.length > 0) {
+                const termClauses = terms.map(() => `p.title LIKE ? ESCAPE '\\' OR p.description LIKE ? ESCAPE '\\'`).join(' OR ');
+                const termParams = terms.flatMap((t) => { const e = t.replace(/[\\%_]/g, '\\$&'); return [`%${e}%`, `%${e}%`]; });
+                const catClause = source.category ? ` OR p.category = ?` : '';
+                const catParam = source.category ? [source.category] : [];
+                const alreadyIds = urlMatchProducts.map(p => p.id);
+                const excludeClause = alreadyIds.length > 0 ? ` AND p.id NOT IN (${alreadyIds.map(() => '?').join(',')})` : '';
+                keywordProducts = db.prepare(`
+          SELECT p.*, u.name as seller_name,
+            COALESCE(rs.total_points, 0) as rep_points, COALESCE(rs.level, 'new') as rep_level
+          FROM products p
+          JOIN users u ON p.seller_id = u.id
+          LEFT JOIN reputation_scores rs ON rs.user_id = p.seller_id
+          WHERE p.status = 'active' AND p.stock > 0
+            AND (${termClauses}${catClause})${excludeClause}
+          ORDER BY rep_points DESC, p.price ASC LIMIT ${5 - urlMatchProducts.length}
+        `).all(...termParams, ...catParam, ...alreadyIds);
+            }
+        }
+        const webazProducts = [...urlMatchProducts, ...keywordProducts];
+        const webazFormatted = webazProducts.map(p => ({
+            ...formatProductForAgent(p),
+            url_match: urlMatchIds.includes(p.id),
+        }));
+        let decision;
+        try {
+            const msg = await client.messages.create({
+                model: 'claude-haiku-4-5-20251001',
+                max_tokens: 512,
+                messages: [{ role: 'user', content: `你是一个购物助手。用户想买以下商品，我们找到了 WebAZ 平台上的替代选项，请做出购买建议。
+
+原商品：
+- 标题：${source.title}
+- 原平台价格：${source.price_cny ? `¥${source.price_cny} CNY` : '未知'}
+- 链接：${source_url}
+
+WebAZ 平台替代方案（WAZ ≈ CNY）：
+${webazFormatted.length > 0 ? JSON.stringify(webazFormatted.map(p => ({
+                            id: p.id,
+                            title: p.title,
+                            price: p.price,
+                            agent_summary: p.agent_summary,
+                            seller: p.seller_name,
+                            rep: p.rep_level,
+                        })), null, 2) : '暂无匹配商品'}
+
+仅返回JSON（不要其他文字）：
+{
+  "recommendation": "buy_webaz" | "buy_source" | "no_match",
+  "best_product_id": "WebAZ商品ID（recommendation=buy_webaz时填写，否则null）",
+  "reason": "一句话购买建议，说明为什么选这个方案（包含价格对比、售后优势等）",
+  "savings_note": "省了多少或更优在哪（简短，可null）"
+}` }],
+            });
+            const text = msg.content[0].type === 'text' ? msg.content[0].text : '';
+            const m = text.match(/\{[\s\S]*\}/);
+            if (!m)
+                throw new Error('no json');
+            decision = JSON.parse(m[0]);
+        }
+        catch {
+            decision = { recommendation: 'no_match', reason: '无法完成比价分析，请手动选购' };
+        }
+        let orderId = null;
+        let sessionToken = null;
+        let verifiedPrice = null;
+        if (auto_buy && decision.recommendation === 'buy_webaz' && decision.best_product_id) {
+            const product = db.prepare(`SELECT * FROM products WHERE id = ? AND status = 'active'`)
+                .get(decision.best_product_id);
+            if (product && Number(product.has_variants) === 1) {
+                decision.reason = (decision.reason || '') + ' · 该商品需手动选规格，跳过 auto_buy';
+            }
+            else if (product && product.stock > 0) {
+                const wallet = db.prepare('SELECT balance FROM wallets WHERE user_id = ?').get(user.id);
+                if (wallet.balance >= product.price) {
+                    const now = new Date();
+                    const expiresAt = new Date(now.getTime() + 10 * 60_000);
+                    sessionToken = generateId('pst');
+                    db.prepare(`INSERT INTO price_sessions (token, product_id, user_id, price, quantity, created_at, expires_at) VALUES (?,?,?,?,1,?,?)`)
+                        .run(sessionToken, product.id, user.id, product.price, now.toISOString(), expiresAt.toISOString());
+                    verifiedPrice = product.price;
+                    const oId = generateId('ord');
+                    const totalAmount = product.price;
+                    const seller = db.prepare('SELECT id FROM users WHERE id = ?').get(product.seller_id);
+                    db.prepare(`INSERT INTO orders (
+            id, product_id, buyer_id, seller_id, quantity, unit_price, total_amount, escrow_amount,
+            status, shipping_address, notes, pay_deadline, accept_deadline, ship_deadline,
+            pickup_deadline, delivery_deadline, confirm_deadline
+          ) VALUES (?,?,?,?,1,?,?,?,'created',?,?,?,?,?,?,?,?)`).run(oId, product.id, user.id, seller.id, totalAmount, totalAmount, totalAmount, shipping_address, `[智能下单] ${decision.reason}`, addHours(now, 24), addHours(now, 48), addHours(now, 120), addHours(now, 168), addHours(now, 336), addHours(now, 408));
+                    db.prepare('UPDATE wallets SET balance = balance - ?, escrowed = escrowed + ? WHERE user_id = ?')
+                        .run(totalAmount, totalAmount, user.id);
+                    db.prepare('UPDATE products SET stock = stock - 1 WHERE id = ?').run(product.id);
+                    checkStockAndMaybeDelist(String(product.id));
+                    db.prepare(`UPDATE price_sessions SET used_at = datetime('now') WHERE token = ?`).run(sessionToken);
+                    transition(db, oId, 'paid', user.id, [], '智能下单：模拟支付完成');
+                    notifyTransition(db, oId, 'created', 'paid');
+                    if (shouldAutoAccept(db, oId)) {
+                        const sys = db.prepare("SELECT id FROM users WHERE id = 'sys_protocol'").get();
+                        if (sys) {
+                            const ar = transition(db, oId, 'accepted', sys.id, [], '⚡ auto_accept Skill 自动接单');
+                            if (ar.success)
+                                notifyTransition(db, oId, 'paid', 'accepted');
+                        }
+                    }
+                    orderId = oId;
+                }
+            }
+        }
+        const bestProduct = decision.best_product_id
+            ? webazFormatted.find(p => p.id === decision.best_product_id) ?? null
+            : null;
+        res.json({
+            source: {
+                title: source.title,
+                price_cny: source.price_cny ?? null,
+                url: source_url,
+            },
+            webaz_products: webazFormatted.slice(0, 3),
+            recommendation: decision.recommendation,
+            best_product: bestProduct,
+            reason: decision.reason,
+            savings_note: decision.savings_note ?? null,
+            auto_bought: !!orderId,
+            order_id: orderId,
+            verified_price: verifiedPrice,
+        });
+    });
+}

package/dist/pwa/routes/agent-governance.js

@@ -0,0 +1,341 @@
+import { computeAgentPassport } from '../../layer1-agent/L1-2-identity/agent-passport.js';
+export function registerAgentGovernanceRoutes(app, deps) {
+    const { db, generateId, auth, requireRootAdmin, invalidateAgentBlockedCache, requireHumanPresence, issueAgentStrike, custodianFingerprint, signPassport, issuerAddress } = deps;
+    // /api/me/agents — 列出本账号所有 agent + declaration / strikes
+    app.get('/api/me/agents', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const keys = db.prepare(`SELECT api_key FROM users WHERE id = ? UNION SELECT api_key FROM agent_reputation WHERE user_id = ?`).all(user.id, user.id);
+        const items = keys.map(k => {
+            const decl = db.prepare(`SELECT operator_name, operator_contact, purpose, declared_scope, attestations, repo_url, revoked_at FROM agent_declarations WHERE api_key = ?`).get(k.api_key);
+            // P1 fix 4.4：附 signals JSON
+            const rep = db.prepare(`SELECT trust_score, level, signals, last_calculated_at FROM agent_reputation WHERE api_key = ?`).get(k.api_key);
+            if (rep && rep.signals) {
+                try {
+                    rep.signals = JSON.parse(rep.signals);
+                }
+                catch {
+                    rep.signals = null;
+                }
+            }
+            const calls30d = db.prepare(`SELECT COUNT(*) as n FROM agent_call_log WHERE api_key = ? AND created_at > datetime('now', '-30 days')`).get(k.api_key).n;
+            const last = db.prepare(`SELECT endpoint, method, status_code, created_at FROM agent_call_log WHERE api_key = ? ORDER BY created_at DESC LIMIT 1`).get(k.api_key);
+            const strikes = db.prepare(`SELECT severity, reason_code, issued_at, expires_at, appeal_status FROM agent_strikes WHERE api_key = ? ORDER BY issued_at DESC LIMIT 5`).all(k.api_key);
+            let passport = null;
+            try {
+                passport = computeAgentPassport(db, k.api_key, user.id, custodianFingerprint);
+            }
+            catch { /* read-only, never break the list */ }
+            return {
+                api_key_prefix: k.api_key.slice(0, 12) + '...',
+                api_key_full: k.api_key === user.api_key ? k.api_key : null,
+                declaration: decl || null,
+                reputation: rep || null,
+                calls_30d: calls30d,
+                last_call: last || null,
+                recent_strikes: strikes,
+                passport,
+            };
+        });
+        // Phase 2 监护人总览(只读/软绑定):真人态 + 旗下 agent 聚合 + 连带
+        const hasPasskey = (db.prepare('SELECT COUNT(*) AS n FROM webauthn_credentials WHERE user_id = ?').get(user.id)?.n || 0) > 0;
+        const pps = items.map(i => i.passport).filter(Boolean);
+        const depthRank = { shallow: 0, medium: 1, deep: 2, profound: 3 };
+        const deepest = pps.reduce((d, p) => (depthRank[p.engagement_depth] ?? 0) > (depthRank[d] ?? 0) ? p.engagement_depth : d, 'shallow');
+        const custodian = {
+            fingerprint: custodianFingerprint(user.id),
+            has_passkey: hasPasskey,
+            agent_count: items.length,
+            max_risk: pps.reduce((m, p) => Math.max(m, p.risk_score), 0),
+            high_risk_count: pps.filter(p => p.risk_score >= 50).length,
+            deepest_engagement: pps.length ? deepest : null,
+        };
+        res.json({ items, custodian });
+    });
+    // Phase 4：签名可移植护照导出(VC/DID,跨协议 ecrecover 可验)。owner 自取自己 agent 的凭证。
+    app.get('/api/me/agents/:apiKeyPrefix/passport', async (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const prefix = String(req.params.apiKeyPrefix || '').replace('...', '');
+        if (prefix.length < 6)
+            return void res.status(400).json({ error: 'apiKeyPrefix 太短' });
+        const keys = db.prepare(`SELECT api_key FROM users WHERE id = ? UNION SELECT api_key FROM agent_reputation WHERE user_id = ?`).all(user.id, user.id);
+        const match = keys.find(k => k.api_key.startsWith(prefix));
+        if (!match)
+            return void res.status(404).json({ error: '未找到该 agent(或不属于你)' });
+        const pp = computeAgentPassport(db, match.api_key, user.id, custodianFingerprint);
+        const issued_at = new Date().toISOString();
+        const expires_at = new Date(Date.now() + 7 * 86400_000).toISOString();
+        const issuer = issuerAddress();
+        const keyPrefix = match.api_key.slice(0, 12) + '...';
+        const bp = pp.behavior_profile;
+        // 规范化签名串(verifier 用相同格式重建 → verifyMessage(issuer, canonical, signature))
+        const canonical = `webaz-agent-passport|v1|${issuer}|${issued_at}|${expires_at}|${pp.custodian_fingerprint}|${keyPrefix}|risk=${pp.risk_score}|depth=${pp.engagement_depth}|bp=${bp.query},${bp.transact},${bp.govern}`;
+        let signature = '';
+        try {
+            signature = await signPassport(canonical);
+        }
+        catch (e) {
+            return void res.status(503).json({ error: '签名服务暂不可用', detail: e.message });
+        }
+        res.json({
+            type: 'WebAZAgentPassport', version: 1,
+            issuer: 'did:webaz:' + issuer, issuer_address: issuer,
+            issued_at, expires_at,
+            subject: { custodian_fingerprint: pp.custodian_fingerprint, agent_key_prefix: keyPrefix },
+            claims: { risk_score: pp.risk_score, engagement_depth: pp.engagement_depth, behavior_profile: bp },
+            canonical, signature,
+            verify: { scheme: 'eip191', how: 'verifyMessage(issuer_address, canonical, signature)' },
+        });
+    });
+    app.get('/api/me/agents/:apiKeyPrefix/log', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const prefix = String(req.params.apiKeyPrefix || '').replace(/[^A-Za-z0-9_]/g, '').slice(0, 32);
+        if (prefix.length < 8)
+            return void res.status(400).json({ error: 'apiKeyPrefix 至少 8 字符' });
+        const targetKey = db.prepare(`SELECT api_key FROM users WHERE id = ? AND api_key LIKE ? || '%'
+      UNION SELECT api_key FROM agent_reputation WHERE user_id = ? AND api_key LIKE ? || '%'`)
+            .get(user.id, prefix, user.id, prefix);
+        if (!targetKey)
+            return void res.status(404).json({ error: '未找到匹配的 agent api_key（仅可查本人的）' });
+        const limit = Math.min(500, Math.max(10, Number(req.query.limit) || 100));
+        const rows = db.prepare(`SELECT endpoint, method, status_code, created_at FROM agent_call_log
+      WHERE api_key = ? AND created_at > datetime('now', '-30 days') ORDER BY id DESC LIMIT ?`).all(targetKey.api_key, limit);
+        res.json({ items: rows });
+    });
+    app.post('/api/me/agents/declarations', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const b = req.body;
+        const targetApiKey = b.api_key ? String(b.api_key) : user.api_key;
+        const ownership = db.prepare(`SELECT id FROM users WHERE id = ? AND api_key = ?
+      UNION SELECT user_id as id FROM agent_reputation WHERE user_id = ? AND api_key = ?`)
+            .get(user.id, targetApiKey, user.id, targetApiKey);
+        if (!ownership)
+            return void res.status(403).json({ error: 'api_key 不属于本账号' });
+        const operator_name = String(b.operator_name || '').trim().slice(0, 60);
+        if (operator_name.length < 2)
+            return void res.status(400).json({ error: 'operator_name 2-60 字' });
+        const operator_contact = String(b.operator_contact || '').trim().slice(0, 120);
+        if (operator_contact.length < 3)
+            return void res.status(400).json({ error: 'operator_contact 必填' });
+        const purpose = String(b.purpose || '').trim().slice(0, 200);
+        if (purpose.length < 5)
+            return void res.status(400).json({ error: 'purpose 5-200 字' });
+        let scopeJson;
+        try {
+            const s = b.declared_scope;
+            if (!s || typeof s !== 'object')
+                return void res.status(400).json({ error: 'declared_scope 必须是对象' });
+            scopeJson = JSON.stringify(s).slice(0, 2000);
+        }
+        catch {
+            return void res.status(400).json({ error: 'declared_scope 无法序列化' });
+        }
+        const attestationsJson = b.attestations && typeof b.attestations === 'object' ? JSON.stringify(b.attestations).slice(0, 2000) : null;
+        const repo_url = b.repo_url ? String(b.repo_url).slice(0, 200) : null;
+        const homepage = b.homepage ? String(b.homepage).slice(0, 200) : null;
+        db.prepare(`INSERT INTO agent_declarations (
+      api_key, user_id, operator_name, operator_contact, purpose, declared_scope, attestations, repo_url, homepage
+    ) VALUES (?,?,?,?,?,?,?,?,?)
+    ON CONFLICT(api_key) DO UPDATE SET
+      operator_name = excluded.operator_name,
+      operator_contact = excluded.operator_contact,
+      purpose = excluded.purpose,
+      declared_scope = excluded.declared_scope,
+      attestations = excluded.attestations,
+      repo_url = excluded.repo_url,
+      homepage = excluded.homepage,
+      revoked_at = NULL,
+      updated_at = datetime('now')`).run(targetApiKey, user.id, operator_name, operator_contact, purpose, scopeJson, attestationsJson, repo_url, homepage);
+        invalidateAgentBlockedCache(targetApiKey);
+        res.json({ ok: true });
+    });
+    // 用户撤销 agent（铁律 §4 human presence）
+    app.post('/api/me/agents/:apiKeyPrefix/revoke', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const prefix = String(req.params.apiKeyPrefix || '').replace(/[^A-Za-z0-9_]/g, '').slice(0, 32);
+        if (prefix.length < 8)
+            return void res.status(400).json({ error: 'apiKeyPrefix 至少 8 字符' });
+        const targetKey = db.prepare(`SELECT api_key FROM users WHERE id = ? AND api_key LIKE ? || '%'
+      UNION SELECT api_key FROM agent_reputation WHERE user_id = ? AND api_key LIKE ? || '%'`)
+            .get(user.id, prefix, user.id, prefix);
+        if (!targetKey)
+            return void res.status(404).json({ error: '未找到匹配的 agent api_key' });
+        const hpCheck = requireHumanPresence(user.id, 'agent_revoke', (req.body || {}).webauthn_token, 'require_human_presence_for_agent_revoke', () => true);
+        if (!hpCheck.ok)
+            return void res.status(412).json({ error: hpCheck.reason, error_code: hpCheck.error_code });
+        const reason = String((req.body || {}).reason || '').slice(0, 300);
+        db.prepare(`INSERT INTO agent_revocations (target_kind, target_value, revoked_by, revoked_by_role, reason)
+      VALUES ('api_key', ?, ?, 'self', ?)
+      ON CONFLICT(target_kind, target_value, revoked_by) DO NOTHING`).run(targetKey.api_key, user.id, reason);
+        db.prepare(`UPDATE agent_declarations SET revoked_at = datetime('now'), revoked_reason = ? WHERE api_key = ?`).run(reason, targetKey.api_key);
+        invalidateAgentBlockedCache(targetKey.api_key);
+        res.json({ ok: true });
+    });
+    // 撤销同 operator 名下所有 agent（仅撤销本用户给 operator 旗下 agent 的 attestation）
+    app.post('/api/me/agents/operators/:operator_name/revoke', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const opName = String(req.params.operator_name || '').trim().slice(0, 60);
+        if (opName.length < 2)
+            return void res.status(400).json({ error: 'operator_name 至少 2 字' });
+        const hpCheck = requireHumanPresence(user.id, 'agent_revoke', (req.body || {}).webauthn_token, 'require_human_presence_for_agent_revoke', () => true);
+        if (!hpCheck.ok)
+            return void res.status(412).json({ error: hpCheck.reason, error_code: hpCheck.error_code });
+        const reason = String((req.body || {}).reason || '').slice(0, 300);
+        const affected = db.prepare(`UPDATE agent_attestations SET revoked_at = datetime('now')
+      WHERE user_id = ? AND revoked_at IS NULL
+        AND api_key IN (SELECT api_key FROM agent_declarations WHERE operator_name = ?)`)
+            .run(user.id, opName);
+        db.prepare(`INSERT INTO agent_revocations (target_kind, target_value, revoked_by, revoked_by_role, reason)
+      VALUES ('operator_name', ?, ?, 'self', ?)
+      ON CONFLICT(target_kind, target_value, revoked_by) DO NOTHING`).run(opName, user.id, reason);
+        const keys = db.prepare(`SELECT api_key FROM agent_declarations WHERE operator_name = ?`).all(opName);
+        for (const k of keys)
+            invalidateAgentBlockedCache(k.api_key);
+        res.json({ ok: true, attestations_revoked: affected.changes });
+    });
+    // P0 audit fix 4.2: 申诉 strike
+    app.post('/api/me/agents/strikes/:strikeId/appeal', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const strikeId = Number(req.params.strikeId);
+        if (!Number.isInteger(strikeId) || strikeId <= 0)
+            return void res.status(400).json({ error: 'strikeId 必须是正整数' });
+        const strike = db.prepare(`SELECT id, api_key, user_id, severity, issued_at, appeal_status FROM agent_strikes WHERE id = ?`).get(strikeId);
+        if (!strike)
+            return void res.status(404).json({ error: 'strike 不存在' });
+        if (strike.user_id !== user.id)
+            return void res.status(403).json({ error: '只能申诉自己 agent 的 strike' });
+        if (strike.appeal_status !== 'none')
+            return void res.status(409).json({ error: `已申诉过（状态：${strike.appeal_status}）` });
+        const issuedAt = new Date(String(strike.issued_at).replace(' ', 'T') + 'Z').getTime();
+        if (Date.now() - issuedAt > 30 * 86400_000)
+            return void res.status(410).json({ error: '已过 30 天申诉窗口' });
+        const reason = String((req.body || {}).reason || '').trim().slice(0, 500);
+        if (reason.length < 10)
+            return void res.status(400).json({ error: '申诉理由 ≥10 字' });
+        db.prepare(`UPDATE agent_strikes SET appeal_status = 'pending', appeal_reason = ? WHERE id = ?`).run(reason, strikeId);
+        res.json({ ok: true, message: '申诉已提交，等待 root admin 审核' });
+    });
+    // Admin: 审核 strike 申诉
+    app.post('/api/admin/agent-strikes/:strikeId/decide', (req, res) => {
+        const user = requireRootAdmin(req, res);
+        if (!user)
+            return;
+        const strikeId = Number(req.params.strikeId);
+        if (!Number.isInteger(strikeId) || strikeId <= 0)
+            return void res.status(400).json({ error: 'strikeId 必须是正整数' });
+        const decision = String((req.body || {}).decision || '');
+        if (!['approved', 'denied'].includes(decision))
+            return void res.status(400).json({ error: 'decision 必须是 approved / denied' });
+        const strike = db.prepare(`SELECT id, api_key, appeal_status FROM agent_strikes WHERE id = ?`).get(strikeId);
+        if (!strike)
+            return void res.status(404).json({ error: 'strike 不存在' });
+        if (strike.appeal_status !== 'pending')
+            return void res.status(409).json({ error: `当前状态 ${strike.appeal_status} 不可裁决` });
+        db.prepare(`UPDATE agent_strikes SET appeal_status = ?, appeal_decided_by = ?, appeal_decided_at = datetime('now') WHERE id = ?`)
+            .run(decision, user.id, strikeId);
+        invalidateAgentBlockedCache(strike.api_key);
+        // P1 fix 5.3: appeal approved → 恢复因 strike 自动停用的 skills
+        if (decision === 'approved') {
+            try {
+                const uRow = db.prepare(`SELECT id FROM users WHERE api_key = ?`).get(strike.api_key);
+                if (uRow) {
+                    const r = db.prepare(`UPDATE skills SET active = 1, disabled_by_strike_at = NULL
+            WHERE seller_id = ? AND disabled_by_strike_at IS NOT NULL AND active = 0`).run(uRow.id);
+                    if (r.changes > 0)
+                        console.log(`[appeal approved→skill] restored ${r.changes} skills for ${uRow.id}`);
+                }
+            }
+            catch (e) {
+                console.error('[appeal skills restore]', e);
+            }
+        }
+        res.json({ ok: true, decision });
+    });
+    // Admin: 列出待审 strike 申诉
+    app.get('/api/admin/agent-strikes/pending', (req, res) => {
+        const user = requireRootAdmin(req, res);
+        if (!user)
+            return;
+        const rows = db.prepare(`SELECT s.id, s.api_key, s.user_id, u.handle, s.severity, s.reason_code, s.reason_detail, s.issued_at, s.appeal_reason
+      FROM agent_strikes s JOIN users u ON u.id = s.user_id
+      WHERE s.appeal_status = 'pending' ORDER BY s.id DESC LIMIT 100`).all();
+        res.json({ items: rows });
+    });
+    // P1 fix 4.3: admin 主动 issue strike
+    app.post('/api/admin/agent-strikes/issue', (req, res) => {
+        const adminUser = requireRootAdmin(req, res);
+        if (!adminUser)
+            return;
+        const b = req.body;
+        const apiKey = String(b.api_key || '').trim();
+        if (apiKey.length < 8)
+            return void res.status(400).json({ error: 'api_key 必填' });
+        const targetUser = db.prepare(`SELECT id, handle FROM users WHERE api_key = ?`).get(apiKey);
+        if (!targetUser)
+            return void res.status(404).json({ error: '未找到该 api_key' });
+        const reasonCode = String(b.reason_code || '').trim().slice(0, 40);
+        if (!/^[a-z_]{3,40}$/.test(reasonCode))
+            return void res.status(400).json({ error: 'reason_code 必须是 3-40 位 [a-z_]（如 fake_shipment / spam）' });
+        const reasonDetail = b.reason_detail ? String(b.reason_detail).slice(0, 500) : null;
+        const initialSeverity = (b.severity ? String(b.severity) : 'warning');
+        if (!['warning', 'suspend_7d', 'permanent'].includes(initialSeverity)) {
+            return void res.status(400).json({ error: 'severity 必须是 warning / suspend_7d / permanent' });
+        }
+        const result = issueAgentStrike({
+            apiKey, userId: targetUser.id,
+            reasonCode, reasonDetail: reasonDetail || undefined,
+            reportedBy: adminUser.id,
+            relatedRef: b.related_ref ? String(b.related_ref) : undefined,
+            initialSeverity,
+        });
+        res.json({ ok: true, target_handle: targetUser.handle, ...result });
+    });
+    // bilateral attestation（用户批准某 agent 的 scope）
+    app.post('/api/me/agents/attestations', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const b = req.body;
+        const apiKey = String(b.api_key || '');
+        if (!apiKey)
+            return void res.status(400).json({ error: 'api_key 必填' });
+        const decl = db.prepare(`SELECT declared_scope, operator_name, purpose FROM agent_declarations WHERE api_key = ? AND revoked_at IS NULL`).get(apiKey);
+        if (!decl)
+            return void res.status(404).json({ error: '该 agent 未声明 / 已撤销，无法授权' });
+        let approvedScopeJson;
+        try {
+            const s = b.approved_scope;
+            if (!s || typeof s !== 'object')
+                return void res.status(400).json({ error: 'approved_scope 必须是对象' });
+            approvedScopeJson = JSON.stringify(s).slice(0, 2000);
+        }
+        catch {
+            return void res.status(400).json({ error: 'approved_scope 无法序列化' });
+        }
+        const spendCapPerOrder = b.spend_cap_per_order != null ? Math.max(0, Number(b.spend_cap_per_order)) : null;
+        const spendCapDaily = b.spend_cap_daily != null ? Math.max(0, Number(b.spend_cap_daily)) : null;
+        const id = generateId('aat');
+        db.prepare(`INSERT INTO agent_attestations (id, api_key, user_id, approved_scope, spend_cap_per_order, spend_cap_daily)
+      VALUES (?,?,?,?,?,?)
+      ON CONFLICT(api_key, user_id) DO UPDATE SET
+        approved_scope = excluded.approved_scope,
+        spend_cap_per_order = excluded.spend_cap_per_order,
+        spend_cap_daily = excluded.spend_cap_daily,
+        revoked_at = NULL,
+        granted_at = datetime('now')`).run(id, apiKey, user.id, approvedScopeJson, spendCapPerOrder, spendCapDaily);
+        res.json({ ok: true });
+    });
+}

package/dist/pwa/routes/agent-reputation.js

@@ -0,0 +1,34 @@
+export function registerAgentReputationRoutes(app, deps) {
+    const { auth, getAgentTrustCached, getRawModeMinTrust } = deps;
+    app.get('/api/agents/me/reputation', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const key = req.headers.authorization?.replace('Bearer ', '') ?? '';
+        const t = getAgentTrustCached(key);
+        if (!t)
+            return void res.status(404).json({ error: 'agent_not_found' });
+        const min = getRawModeMinTrust();
+        res.json({
+            api_key_prefix: key.slice(0, 12) + '…',
+            user_id: t.user_id,
+            trust_score: t.trust_score,
+            level: t.level,
+            signals: t.signals,
+            raw_mode_enabled: t.trust_score >= min,
+            raw_mode_min_trust: min,
+        });
+    });
+    app.get('/api/admin/agents/:api_key/reputation', (req, res) => {
+        const admin = auth(req, res);
+        if (!admin)
+            return;
+        if (admin.role !== 'admin')
+            return void res.status(403).json({ error: '仅管理员可查询其他 agent' });
+        const target = req.params.api_key;
+        const t = getAgentTrustCached(target);
+        if (!t)
+            return void res.status(404).json({ error: 'agent_not_found' });
+        res.json(t);
+    });
+}