@seasonkoh/webaz 0.1.7 → 0.1.9

package/dist/layer1-agent/L1-2-external-anchor/anchor-engine.js

@@ -0,0 +1,324 @@
+/**
+ * L1-2 · 外置存证锚（External Content Anchor）
+ *
+ * 协议立场：第三方平台（淘宝 / JD / 抖店 / 小红书 / 1688 / Amazon...）
+ * 是 WebAZ 的"外置存储"，平台不持有大字节，仅持有：
+ *   - 卖家对 (URL, canonical_extract) 的 HMAC 签名
+ *   - content_hash（sha256 of canonical）
+ *   - 用户共识网络的验证回执
+ *   - 卖家自己节点的 fallback URL（硬件兜底）
+ *
+ * 三层兜底：
+ *   Tier 1  第三方平台 (CDN, 主源) — 平台 ToS 不阻挡用户浏览
+ *   Tier 2  卖家自己节点 seller_node_url — 平台失效时仍可拉
+ *   Tier 3  WebAZ 协议索引 (本表) — hash + 签名 + ownership 验证
+ *
+ * 反 scraping 立场：服务器从不主动 fetch 外平台。所有 canonical
+ * 提取由客户端 / verifier 节点完成，本表只接受**提交 + 签名**。
+ *
+ * Ownership 验证流程：
+ *   1. 卖家想绑外平台账号 → 服务器发 ownership_token = "WAZ-V-{8hex}"
+ *   2. 卖家在外平台 listing 描述 / 店铺简介里嵌入 token
+ *   3. 任一用户 (verifier 角色或他人) 打开外链确认 token 存在 → 提交 verify
+ *   4. 2+ 独立 verifier 一致确认 → ownership_verified = 'community'
+ *      （卖家自报为 'self_claimed'，可疑度较高，需后续社区验证）
+ */
+import crypto from 'crypto';
+import { generateId } from '../../layer0-foundation/L0-1-database/schema.js';
+export function initExternalAnchorSchema(db) {
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS external_anchors (
+      id                   TEXT PRIMARY KEY,
+      seller_id            TEXT NOT NULL,
+      product_id           TEXT,                       -- NULL = 店铺级 anchor，非具体商品
+      platform             TEXT NOT NULL,              -- 'taobao' | 'jd' | 'douyin' | 'amazon' | ...
+      external_url         TEXT NOT NULL,
+      canonical_json       TEXT NOT NULL,              -- 客户端提取的 canonical JSON
+      content_hash         TEXT NOT NULL,              -- sha256(canonical_json)
+      signature            TEXT NOT NULL,              -- HMAC-SHA256(seller_api_key, canonical_json)
+      seller_node_url      TEXT,                       -- 卖家自有节点兜底 URL（可选）
+      ownership_token      TEXT,                       -- 当前生效的 ownership 验证 token
+      ownership_token_at   TEXT,                       -- token 发放时间
+      ownership_verified   TEXT DEFAULT 'none',        -- OwnershipLevel
+      ownership_verified_at TEXT,
+      verify_count         INTEGER DEFAULT 0,          -- community 验证累积票数
+      last_verified_at     TEXT,
+      revoked              INTEGER DEFAULT 0,
+      revoked_at           TEXT,
+      revoked_reason       TEXT,
+      posted_at            TEXT DEFAULT (datetime('now'))
+    );
+    CREATE TABLE IF NOT EXISTS external_anchor_verifications (
+      id                          TEXT PRIMARY KEY,
+      anchor_id                   TEXT NOT NULL,
+      verifier_id                 TEXT NOT NULL,
+      verifier_role               TEXT NOT NULL,
+      submitted_canonical_json    TEXT NOT NULL,
+      submitted_content_hash      TEXT NOT NULL,
+      content_matches             INTEGER NOT NULL,     -- 0/1
+      token_found                 INTEGER NOT NULL,     -- 0/1（如果 anchor 在做 ownership 验证）
+      verified_at                 TEXT DEFAULT (datetime('now')),
+      notes                       TEXT,
+      UNIQUE(anchor_id, verifier_id)                   -- 一人一锚一票
+    );
+  `);
+    try {
+        db.exec('CREATE INDEX IF NOT EXISTS idx_anchor_seller ON external_anchors(seller_id, revoked)');
+    }
+    catch { }
+    try {
+        db.exec('CREATE INDEX IF NOT EXISTS idx_anchor_product ON external_anchors(product_id, revoked)');
+    }
+    catch { }
+    try {
+        db.exec('CREATE INDEX IF NOT EXISTS idx_anchor_platform ON external_anchors(platform, revoked)');
+    }
+    catch { }
+    try {
+        db.exec('CREATE INDEX IF NOT EXISTS idx_anchor_verif ON external_anchor_verifications(anchor_id, verified_at DESC)');
+    }
+    catch { }
+    // #6 验证激励：seller 创建 anchor 时可付 verification_fee → community 升级时按正确投票均分给 verifier
+    for (const stmt of [
+        'ALTER TABLE external_anchors ADD COLUMN verification_fee REAL DEFAULT 0',
+        'ALTER TABLE external_anchors ADD COLUMN fee_paid_out INTEGER DEFAULT 0',
+        'ALTER TABLE external_anchor_verifications ADD COLUMN reward_amount REAL DEFAULT 0',
+    ]) {
+        try {
+            db.exec(stmt);
+        }
+        catch { /* 已存在 */ }
+    }
+}
+// 推荐 verification_fee 默认值（前端给的提示，实际由 seller 决定，可为 0 = 不开启 community 验证）
+export const ANCHOR_VERIFICATION_FEE_RECOMMENDED = 2.0;
+function canonicalSerialize(obj) {
+    if (obj === null || obj === undefined)
+        return JSON.stringify(obj);
+    if (Array.isArray(obj))
+        return '[' + obj.map(canonicalSerialize).join(',') + ']';
+    if (typeof obj === 'object') {
+        const keys = Object.keys(obj).sort();
+        return '{' + keys.map(k => JSON.stringify(k) + ':' + canonicalSerialize(obj[k])).join(',') + '}';
+    }
+    return JSON.stringify(obj);
+}
+export function sha256Hex(input) {
+    return crypto.createHash('sha256').update(input).digest('hex');
+}
+const VALID_PLATFORMS = new Set([
+    'taobao', 'tmall', 'jd', 'pdd', 'douyin', '1688',
+    'xiaohongshu', 'weidian', 'shopify',
+    'amazon', 'shopee', 'lazada', 'aliexpress',
+    'instagram', 'tiktok', 'youtube',
+    'other',
+]);
+export function createAnchor(db, args) {
+    if (!VALID_PLATFORMS.has(args.platform))
+        throw new Error('anchor_unknown_platform:' + args.platform);
+    if (!/^https?:\/\//i.test(args.externalUrl))
+        throw new Error('anchor_invalid_url');
+    if (!args.canonical || typeof args.canonical !== 'object')
+        throw new Error('anchor_invalid_canonical');
+    const seller = db.prepare('SELECT api_key, role FROM users WHERE id = ?').get(args.sellerId);
+    if (!seller)
+        throw new Error('anchor_seller_not_found');
+    if (seller.role !== 'seller')
+        throw new Error('anchor_only_seller_can_anchor');
+    // 修复 ultrareview bug_003：product_id 给了就必须验卖家是商品归属人，
+    // 否则任何卖家能往别人的 product 页"插"自己的外置存证（impersonation）
+    if (args.productId) {
+        const p = db.prepare('SELECT seller_id FROM products WHERE id = ?').get(args.productId);
+        if (!p)
+            throw new Error('anchor_product_not_found');
+        if (p.seller_id !== args.sellerId)
+            throw new Error('anchor_not_product_owner');
+    }
+    // 修复 ultrareview bug_013：之前同 URL 重新声明会洗掉之前的 disputed verdict —
+    // 拒绝在 disputed 状态下重声明，必须先 revokeAnchor 走显式撤销路径
+    const prior = db.prepare('SELECT id, ownership_verified FROM external_anchors WHERE seller_id = ? AND external_url = ? AND revoked = 0').get(args.sellerId, args.externalUrl);
+    if (prior?.ownership_verified === 'disputed') {
+        throw new Error('anchor_disputed_must_clear_first');
+    }
+    // canonical_json 严格 key 排序，让 sender / verifier 算出同样 hash
+    const canonJson = canonicalSerialize(args.canonical);
+    if (canonJson.length > 64 * 1024)
+        throw new Error('anchor_canonical_too_large');
+    const contentHash = sha256Hex(canonJson);
+    const signature = crypto.createHmac('sha256', seller.api_key).update(canonJson).digest('hex');
+    // 同卖家 + 同 URL 视为重新声明（先撤旧再发新）— 仅在非 disputed 时允许
+    db.prepare('UPDATE external_anchors SET revoked = 1, revoked_at = datetime(\'now\'), revoked_reason = ? WHERE seller_id = ? AND external_url = ? AND revoked = 0').run('superseded', args.sellerId, args.externalUrl);
+    // #6 验证激励费 — 可选，从 seller 钱包扣款锁入 anchor 的奖励池
+    const fee = Math.max(0, Math.round(Number(args.verificationFee || 0) * 100) / 100);
+    if (fee > 0) {
+        const w = db.prepare('SELECT balance FROM wallets WHERE user_id = ?').get(args.sellerId);
+        if (!w || w.balance < fee)
+            throw new Error('anchor_insufficient_balance_for_fee');
+        db.prepare('UPDATE wallets SET balance = balance - ? WHERE user_id = ?').run(fee, args.sellerId);
+    }
+    const id = generateId('xa');
+    db.prepare(`
+    INSERT INTO external_anchors
+      (id, seller_id, product_id, platform, external_url, canonical_json, content_hash, signature, seller_node_url, verification_fee)
+    VALUES (?,?,?,?,?,?,?,?,?,?)
+  `).run(id, args.sellerId, args.productId || null, args.platform, args.externalUrl, canonJson, contentHash, signature, args.sellerNodeUrl || null, fee);
+    return { id, content_hash: contentHash, signature, verification_fee: fee };
+}
+export function verifyAnchorSignature(db, anchorId) {
+    const r = db.prepare('SELECT seller_id, canonical_json, content_hash, signature FROM external_anchors WHERE id = ?').get(anchorId);
+    if (!r)
+        return { ok: false, reason: 'not_found' };
+    const reHash = sha256Hex(r.canonical_json);
+    if (reHash !== r.content_hash)
+        return { ok: false, reason: 'content_hash_mismatch' };
+    const seller = db.prepare('SELECT api_key FROM users WHERE id = ?').get(r.seller_id);
+    if (!seller)
+        return { ok: false, reason: 'seller_not_found' };
+    const sig = crypto.createHmac('sha256', seller.api_key).update(r.canonical_json).digest('hex');
+    return sig === r.signature ? { ok: true } : { ok: false, reason: 'signature_mismatch' };
+}
+export function revokeAnchor(db, anchorId, sellerId, reason) {
+    const r = db.prepare('SELECT seller_id, revoked FROM external_anchors WHERE id = ?').get(anchorId);
+    if (!r)
+        return { ok: false, reason: 'not_found' };
+    if (r.seller_id !== sellerId)
+        return { ok: false, reason: 'not_owner' };
+    if (r.revoked)
+        return { ok: false, reason: 'already_revoked' };
+    db.prepare('UPDATE external_anchors SET revoked = 1, revoked_at = datetime(\'now\'), revoked_reason = ? WHERE id = ?').run(reason.slice(0, 200), anchorId);
+    return { ok: true };
+}
+// 服务器发 ownership token — 卖家把它嵌到外平台 listing 描述里证明自己是 url 主人
+export function issueOwnershipToken(db, anchorId, sellerId) {
+    const r = db.prepare('SELECT seller_id, revoked FROM external_anchors WHERE id = ?').get(anchorId);
+    if (!r)
+        return { ok: false, reason: 'not_found' };
+    if (r.seller_id !== sellerId)
+        return { ok: false, reason: 'not_owner' };
+    if (r.revoked)
+        return { ok: false, reason: 'revoked' };
+    const token = 'WAZ-V-' + crypto.randomBytes(4).toString('hex').toUpperCase();
+    db.prepare(`UPDATE external_anchors SET ownership_token = ?, ownership_token_at = datetime('now'), ownership_verified = 'self_claimed' WHERE id = ?`).run(token, anchorId);
+    return { ok: true, token };
+}
+// 任一用户作为 verifier 提交独立 canonical + ownership token 检查
+export function submitVerification(db, args) {
+    const anchor = db.prepare('SELECT * FROM external_anchors WHERE id = ?').get(args.anchorId);
+    if (!anchor)
+        return { ok: false, reason: 'not_found' };
+    if (anchor.revoked)
+        return { ok: false, reason: 'revoked' };
+    if (anchor.seller_id === args.verifierId)
+        return { ok: false, reason: 'self_verify_disallowed' };
+    // 重复提交检查（UNIQUE 约束兜底）
+    const dup = db.prepare('SELECT id FROM external_anchor_verifications WHERE anchor_id = ? AND verifier_id = ?').get(args.anchorId, args.verifierId);
+    if (dup)
+        return { ok: false, reason: 'already_verified' };
+    const subCanon = canonicalSerialize(args.submittedCanonical);
+    const subHash = sha256Hex(subCanon);
+    const matches = subHash === anchor.content_hash;
+    db.prepare(`
+    INSERT INTO external_anchor_verifications
+      (id, anchor_id, verifier_id, verifier_role, submitted_canonical_json, submitted_content_hash, content_matches, token_found, notes)
+    VALUES (?,?,?,?,?,?,?,?,?)
+  `).run(generateId('xav'), args.anchorId, args.verifierId, args.verifierRole, subCanon, subHash, matches ? 1 : 0, args.tokenFoundInExternal ? 1 : 0, (args.notes || '').slice(0, 500));
+    // 更新 anchor 累积票数 + 自动升级 ownership 等级
+    const stats = db.prepare(`
+    SELECT COUNT(*) as total, SUM(content_matches) as match_cnt, SUM(token_found) as tok_cnt
+    FROM external_anchor_verifications WHERE anchor_id = ?
+  `).get(args.anchorId);
+    // 多数表决 + Sybil 防护（迭代修复 ultrareview bug_004 + bug_008）
+    // 之前 community 只要 2 个 token 票 + 67% match — 2 个 sockpuppet 账号就能伪造 badge
+    // 现在：community 升级**必须** 来自 verifier / arbitrator 角色，且 ≥3 个独立角色投票
+    //       disputed 仍由任一身份 ≥2 票触发（社区警示门槛低）
+    //   community  ← verifier_role_match_cnt ≥ 3 AND token_found ≥ 2 AND ratio ≥ 67%
+    //   disputed   ← mismatch ≥ 2 AND ratio < 67%
+    //   其他       ← self_claimed
+    // 受信角色票统计（只算 verifier / arbitrator，普通 buyer/seller 不算 community 升级票）
+    const trustedStats = db.prepare(`
+    SELECT COUNT(*) as total, SUM(content_matches) as match_cnt, SUM(token_found) as tok_cnt
+    FROM external_anchor_verifications
+    WHERE anchor_id = ? AND verifier_role IN ('verifier', 'arbitrator')
+  `).get(args.anchorId);
+    const mismatchCnt = stats.total - stats.match_cnt;
+    const matchRatio = stats.total > 0 ? stats.match_cnt / stats.total : 0;
+    let newLevel = anchor.ownership_verified || 'none';
+    if (mismatchCnt >= 2 && matchRatio < 0.67) {
+        newLevel = 'disputed';
+    }
+    else if (trustedStats.match_cnt >= 3 && trustedStats.tok_cnt >= 2 && matchRatio >= 0.67 && anchor.ownership_token) {
+        newLevel = 'community';
+    }
+    else if (anchor.ownership_token) {
+        newLevel = anchor.ownership_verified === 'community' ? 'community' : 'self_claimed';
+    }
+    const wasCommunity = anchor.ownership_verified === 'community';
+    db.prepare(`UPDATE external_anchors SET
+    verify_count = ?, last_verified_at = datetime('now'),
+    ownership_verified = ?,
+    ownership_verified_at = CASE WHEN ? = 'community' AND ownership_verified != 'community' THEN datetime('now') ELSE ownership_verified_at END
+    WHERE id = ?`).run(stats.total, newLevel, newLevel, args.anchorId);
+    // #6 验证激励：刚升级到 community → 分发 verification_fee 给所有 matching verifier/arbitrator
+    let rewardPaid = 0;
+    if (newLevel === 'community' && !wasCommunity) {
+        rewardPaid = distributeAnchorRewards(db, args.anchorId);
+    }
+    return { ok: true, matches, token_found: args.tokenFoundInExternal, ownership_level: newLevel, reward_paid: rewardPaid };
+}
+// #6 验证奖励分发 — 在 anchor 首次升 community 时调用
+// 把 verification_fee 均分给所有 content_matches=1 的 verifier/arbitrator 角色投票者
+// 幂等：fee_paid_out=1 后再调用返回 0
+// 调用方：通常由 submitVerification 自动触发；也可被管理员手动重发（先重置 fee_paid_out）
+export function distributeAnchorRewards(db, anchorId) {
+    const a = db.prepare(`SELECT verification_fee, fee_paid_out, ownership_verified FROM external_anchors WHERE id = ?`).get(anchorId);
+    if (!a)
+        return 0;
+    if (a.fee_paid_out)
+        return 0;
+    if (!a.verification_fee || a.verification_fee <= 0) {
+        // 没费可分，标 paid_out 防重复扫描
+        db.prepare(`UPDATE external_anchors SET fee_paid_out = 1 WHERE id = ?`).run(anchorId);
+        return 0;
+    }
+    if (a.ownership_verified !== 'community')
+        return 0; // 只在 community 才发放
+    // 找正确投票的可信角色（与 community 升级条件一致）
+    const winners = db.prepare(`
+    SELECT id, verifier_id FROM external_anchor_verifications
+    WHERE anchor_id = ? AND verifier_role IN ('verifier', 'arbitrator') AND content_matches = 1
+    ORDER BY verified_at ASC
+  `).all(anchorId);
+    if (winners.length === 0) {
+        db.prepare(`UPDATE external_anchors SET fee_paid_out = 1 WHERE id = ?`).run(anchorId);
+        return 0;
+    }
+    const share = Math.round((a.verification_fee / winners.length) * 100) / 100;
+    let actualPaid = 0;
+    db.transaction(() => {
+        for (const w of winners) {
+            // 确保 wallet 存在
+            db.prepare(`INSERT OR IGNORE INTO wallets (user_id, balance) VALUES (?, 0)`).run(w.verifier_id);
+            db.prepare(`UPDATE wallets SET balance = balance + ?, earned = earned + ? WHERE user_id = ?`).run(share, share, w.verifier_id);
+            db.prepare(`UPDATE external_anchor_verifications SET reward_amount = ? WHERE id = ?`).run(share, w.id);
+            actualPaid += share;
+        }
+        // 浮点精度：实际 paid 可能比 fee 略少 (e.g. 5/3=1.66×3=4.98)，差额留 anchor 不发
+        db.prepare(`UPDATE external_anchors SET fee_paid_out = 1 WHERE id = ?`).run(anchorId);
+    })();
+    return Math.round(actualPaid * 100) / 100;
+}
+export function getAnchor(db, anchorId) {
+    const row = db.prepare('SELECT * FROM external_anchors WHERE id = ?').get(anchorId);
+    if (!row)
+        return null;
+    const verifs = db.prepare('SELECT id, verifier_id, verifier_role, content_matches, token_found, verified_at FROM external_anchor_verifications WHERE anchor_id = ? ORDER BY verified_at DESC LIMIT 20').all(anchorId);
+    return { ...row, verifications: verifs };
+}
+export function listAnchorsByProduct(db, productId) {
+    return db.prepare(`SELECT id, seller_id, platform, external_url, content_hash, ownership_verified, verify_count, seller_node_url, posted_at, revoked
+                     FROM external_anchors WHERE product_id = ? AND revoked = 0 ORDER BY posted_at DESC`).all(productId);
+}
+export function listAnchorsBySeller(db, sellerId) {
+    return db.prepare(`SELECT id, product_id, platform, external_url, content_hash, ownership_verified, verify_count, seller_node_url, posted_at, revoked
+                     FROM external_anchors WHERE seller_id = ? ORDER BY revoked ASC, posted_at DESC LIMIT 200`).all(sellerId);
+}

package/dist/layer1-agent/L1-2-identity/agent-passport.js

@@ -0,0 +1,100 @@
+const HALF_LIFE_DAYS = 30; // 衰减半衰期(默认 30 天)
+// endpoint+method → 行为桶
+function bucketOf(endpoint, method) {
+    const e = String(endpoint || '');
+    const m = String(method || 'GET').toUpperCase();
+    if (/vote|arbitrate|governance|protocol-params|claim-tasks|disputes\/[^/]+\/(arbitrate|respond)/.test(e))
+        return 'govern';
+    if (m === 'GET')
+        return 'query';
+    // 非 GET 的业务写 → 交易类
+    if (/orders|products|bids|rfqs|wallet|skill-market|secondhand|auction|p2p|trial|claim/.test(e))
+        return 'transact';
+    return 'transact'; // 其余写操作也归交易类(保守)
+}
+const round2 = (n) => Math.round(n * 100) / 100;
+const clamp = (n, lo, hi) => Math.max(lo, Math.min(hi, n));
+/**
+ * 纯只读派生。fingerprintFn 由上层注入(用协议 secret hash 监护人 id)。
+ * 所有可选表/列查询用 try 包裹,缺失时退化为 0,绝不抛。
+ */
+export function computeAgentPassport(db, apiKey, ownerId, fingerprintFn) {
+    // ── 行为画像 + 调用量(30 天)──
+    const rows = (() => {
+        try {
+            return db.prepare(`SELECT endpoint, method FROM agent_call_log WHERE api_key = ? AND created_at > datetime('now','-30 days')`).all(apiKey);
+        }
+        catch {
+            return [];
+        }
+    })();
+    const counts = { query: 0, transact: 0, govern: 0 };
+    for (const r of rows)
+        counts[bucketOf(r.endpoint, r.method)]++;
+    const calls30d = rows.length;
+    const denom = calls30d || 1;
+    const behavior_profile = {
+        query: round2(counts.query / denom),
+        transact: round2(counts.transact / denom),
+        govern: round2(counts.govern / denom),
+    };
+    const governance_calls_30d = counts.govern;
+    // ── 风险分 ──
+    // 1) 429 高频(主攻击信号)+ 其余 4xx/5xx,按事件年龄做 30d 半衰期衰减(90d 窗口)
+    let rlWeighted = 0;
+    let errWeighted = 0;
+    try {
+        const bad = db.prepare(`
+      SELECT status_code AS sc, (julianday('now') - julianday(created_at)) AS age_days
+      FROM agent_call_log
+      WHERE api_key = ? AND status_code >= 400 AND created_at > datetime('now','-90 days')
+    `).all(apiKey);
+        for (const b of bad) {
+            const w = Math.pow(0.5, Math.max(0, b.age_days) / HALF_LIFE_DAYS);
+            if (Number(b.sc) === 429)
+                rlWeighted += w;
+            else
+                errWeighted += w;
+        }
+    }
+    catch { /* no call log */ }
+    // 2) 纠纷败诉(监护人级,结构罚)
+    let disputeLoss = 0;
+    try {
+        disputeLoss = db.prepare(`SELECT COUNT(*) AS n FROM disputes WHERE defendant_id = ? AND ruling_type IN ('refund_buyer','partial_refund')`).get(ownerId).n;
+    }
+    catch { /* table/col absent */ }
+    // 3) sybil 簇:同注册 IP 的他户数(结构罚)。注册 IP 在 registration_audit_log。
+    let sybilExcess = 0;
+    try {
+        const me = db.prepare(`SELECT ip_hash FROM registration_audit_log WHERE user_id = ? ORDER BY id DESC LIMIT 1`).get(ownerId);
+        if (me?.ip_hash) {
+            const sz = db.prepare(`SELECT COUNT(DISTINCT user_id) AS n FROM registration_audit_log WHERE ip_hash = ?`).get(me.ip_hash).n;
+            sybilExcess = Math.max(0, sz - 3); // ≤3 视为正常(家庭/NAT)
+        }
+    }
+    catch { /* table absent */ }
+    const risk_score = clamp(Math.round(Math.min(40, rlWeighted * 4) + // 429 高频 → 最多 40
+        Math.min(15, errWeighted * 1.5) + // 其余错误 → 最多 15
+        Math.min(25, disputeLoss * 8) + // 纠纷败诉 → 最多 25
+        Math.min(20, sybilExcess * 5) // sybil 簇 → 最多 20
+    ), 0, 100);
+    // ── 参与深度 ──
+    let engagement_depth;
+    if (governance_calls_30d > 0 || calls30d >= 1000)
+        engagement_depth = 'profound';
+    else if (calls30d >= 100 || counts.transact >= 20)
+        engagement_depth = 'deep';
+    else if (calls30d >= 10 || counts.transact >= 1)
+        engagement_depth = 'medium';
+    else
+        engagement_depth = 'shallow';
+    return {
+        risk_score,
+        engagement_depth,
+        behavior_profile,
+        custodian_fingerprint: fingerprintFn(ownerId),
+        calls_30d: calls30d,
+        governance_calls_30d,
+    };
+}

package/dist/layer2-business/L2-6-notifications/notification-engine.js

@@ -31,7 +31,7 @@ const RULES = {
     'created→paid': {
         recipients: ['seller'],
         title: '🛍️ 新订单',
-        body: ctx => `${ctx.buyerName} 下单了「${ctx.productTitle}」，金额 ${ctx.totalAmount} DCP。请在 24h 内接单，否则自动退款。`,
+        body: ctx => `${ctx.buyerName} 下单了「${ctx.productTitle}」，金额 ${ctx.totalAmount} WAZ。请在 24h 内接单，否则自动退款。`,
     },
     'paid→accepted': {
         recipients: ['buyer'],
@@ -41,7 +41,7 @@ const RULES = {
     'paid→cancelled': {
         recipients: ['buyer'],
         title: '❌ 订单已取消',
-        body: ctx => `订单「${ctx.productTitle}」已取消，${ctx.totalAmount} DCP 将原路退回。`,
+        body: ctx => `订单「${ctx.productTitle}」已取消，${ctx.totalAmount} WAZ 将原路退回。`,
     },
     'accepted→shipped': {
         recipients: ['buyer'],
@@ -53,6 +53,14 @@ const RULES = {
         title: '🚚 物流已揽收',
         body: ctx => `包裹已由${ctx.logisticsName ?? '物流方'}揽收，正在运输中。`,
     },
+    'picked_up→in_transit': {
+        recipients: ['buyer'],
+        title: '🚛 包裹运输中',
+        body: ctx => `你的「${ctx.productTitle}」正在运输途中。`,
+    },
+    // 注：曾有 'accepted→cancelled' 通知规则 — 但 VALID_TRANSITIONS 不允许 accepted 直接到
+    // cancelled（只能走 disputed 或 fault_seller）。该规则永不触发，已删除。
+    // 若以后开"卖家接单后主动取消"通道，需先在 L0-2 状态机加 transition，再恢复此规则。
     'in_transit→delivered': {
         recipients: ['buyer'],
         title: '📬 包裹已投递',
@@ -61,7 +69,7 @@ const RULES = {
     'delivered→confirmed': {
         recipients: ['seller'],
         title: '💰 买家确认收货',
-        body: ctx => `${ctx.buyerName} 已确认收货，${ctx.totalAmount} DCP 结算中。`,
+        body: ctx => `${ctx.buyerName} 已确认收货，${ctx.totalAmount} WAZ 结算中。`,
     },
     'confirmed→completed': {
         recipients: ['seller'],
@@ -101,12 +109,12 @@ const RULES = {
     'disputed→cancelled': {
         recipients: ['buyer', 'seller'],
         title: '⚖️ 争议裁定：退款买家',
-        body: ctx => `订单「${ctx.productTitle}」争议已裁定，${ctx.totalAmount} DCP 已退回买家。`,
+        body: ctx => `订单「${ctx.productTitle}」争议已裁定，${ctx.totalAmount} WAZ 已退回买家。`,
     },
     'paid→fault_seller': {
         recipients: ['buyer', 'seller'],
         title: '⏰ 卖家超时违约',
-        body: ctx => `卖家超时未接单，订单已自动取消，${ctx.totalAmount} DCP 退款处理中。`,
+        body: ctx => `卖家超时未接单，订单已自动取消，${ctx.totalAmount} WAZ 退款处理中。`,
     },
     'accepted→fault_seller': {
         recipients: ['buyer', 'seller'],
@@ -215,3 +223,62 @@ export function markRead(db, userId, notifId) {
         db.prepare('UPDATE notifications SET read = 1 WHERE user_id = ?').run(userId);
     }
 }
+// ─── 截止时间临近提醒 — 防"超时被判违约才知道"────────────────
+// 每次扫描幂等：每个 (order_id, reminder_type) 只发一次
+// reminder_type 形如 'reminder:accept_6h' / 'reminder:ship_12h' / 'reminder:confirm_24h'
+const REMINDER_THRESHOLDS = [
+    // 卖家：付款后 6h 内未接单 → 提醒卖家
+    { status: 'paid', deadlineCol: 'accept_deadline', hoursBefore: 6,
+        recipientRole: 'seller', type: 'reminder:accept_6h',
+        title: '⏰ 还有 6h 接单截止',
+        body: ctx => `订单「${ctx.productTitle}」还有 6 小时未接单将被判违约（扣信誉 + 自动退款）。` },
+    // 卖家：发货截止前 12h 提醒
+    { status: 'accepted', deadlineCol: 'ship_deadline', hoursBefore: 12,
+        recipientRole: 'seller', type: 'reminder:ship_12h',
+        title: '⏰ 还有 12h 发货截止',
+        body: ctx => `订单「${ctx.productTitle}」还有 12 小时未发货将被判违约，请抓紧时间。` },
+    // 物流：揽收截止前 6h
+    { status: 'shipped', deadlineCol: 'pickup_deadline', hoursBefore: 6,
+        recipientRole: 'logistics', type: 'reminder:pickup_6h',
+        title: '⏰ 还有 6h 揽收截止',
+        body: ctx => `订单「${ctx.productTitle}」还有 6 小时未揽收将被判违约。` },
+    // 物流：投递截止前 12h
+    { status: 'in_transit', deadlineCol: 'delivery_deadline', hoursBefore: 12,
+        recipientRole: 'logistics', type: 'reminder:delivery_12h',
+        title: '⏰ 还有 12h 投递截止',
+        body: ctx => `订单「${ctx.productTitle}」还有 12 小时未投递将被判违约。` },
+    // 买家：确认收货截止前 24h
+    { status: 'delivered', deadlineCol: 'confirm_deadline', hoursBefore: 24,
+        recipientRole: 'buyer', type: 'reminder:confirm_24h',
+        title: '⏰ 还有 24h 自动确认',
+        body: ctx => `「${ctx.productTitle}」已送达，24 小时内未确认将自动确认收货 + 释放资金，如有问题请发起争议。` },
+];
+export function scanDeadlineReminders(db) {
+    const details = [];
+    const nowMs = Date.now();
+    for (const r of REMINDER_THRESHOLDS) {
+        // 候选订单：当前状态 + deadline 在 (now, now+hoursBefore) 之间
+        const targetMs = nowMs + r.hoursBefore * 3600_000;
+        // datetime() wrap on LHS — addHours 用 ISO 'T' 格式存，SQLite datetime('now') 返空格格式，
+        // 同日 prefix 相同时 lex 比较 'T'(0x54) > ' '(0x20) 会让所有 same-day deadline 跳出窗口
+        const sql = `SELECT id, ${r.deadlineCol} as dl, buyer_id, seller_id, logistics_id FROM orders WHERE status = ? AND ${r.deadlineCol} IS NOT NULL AND datetime(${r.deadlineCol}) > datetime('now') AND datetime(${r.deadlineCol}) <= datetime(?)`;
+        const rows = db.prepare(sql).all(r.status, new Date(targetMs).toISOString().replace('T', ' ').slice(0, 19));
+        for (const row of rows) {
+            const recipientId = r.recipientRole === 'buyer' ? row.buyer_id :
+                r.recipientRole === 'seller' ? row.seller_id :
+                    r.recipientRole === 'logistics' ? row.logistics_id : null;
+            if (!recipientId)
+                continue;
+            // 幂等：该 (order, type) 是否已发过
+            const exists = db.prepare(`SELECT 1 FROM notifications WHERE order_id = ? AND type = ? LIMIT 1`).get(row.id, r.type);
+            if (exists)
+                continue;
+            const ctx = getOrderCtx(db, row.id);
+            if (!ctx)
+                continue;
+            createNotification(db, recipientId, row.id, r.type, r.title, r.body(ctx, r.hoursBefore));
+            details.push({ orderId: row.id, type: r.type });
+        }
+    }
+    return { sent: details.length, details };
+}