@seasonkoh/webaz 0.1.7 → 0.1.9

package/dist/pwa/routes/rfqs.js

@@ -0,0 +1,443 @@
+export function registerRfqsRoutes(app, deps) {
+    const { db, auth, generateId, VALID_RFQ_URGENCIES, VALID_AWARD_MODES, RFQ_MAX_QTY, RFQ_MAX_PRICE, RFQ_DAILY_CAP_PER_BUYER, RFQ_MAX_WINDOW_MIN, RFQ_DEFAULT_WINDOW_MIN, BID_DAILY_CAP_PER_SELLER, BID_STAKE_RATE, VALID_FULFILLMENT_TYPES, isListingCategoryKey, LISTING_CATEGORIES, awardBidAndCreateOrder, notifyMatchedSellers, evaluateAutoBidsForRfq, shouldAutoAccept, transition, notifyTransition } = deps;
+    // 内联押金 helper（小巧、仅 rfq 域用）
+    const buyerRfqDeposit = (maxPrice, qty) => {
+        const base = (maxPrice && qty) ? maxPrice * qty * 0.01 : 0.1;
+        return Math.max(0.1, Math.min(1, Math.round(base * 100) / 100));
+    };
+    const bidStakeFor = (price, qty) => Math.max(0.5, Math.round(price * qty * BID_STAKE_RATE * 100) / 100);
+    // 买家：创建 RFQ
+    app.post('/api/rfqs', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        if (user.role !== 'buyer')
+            return void res.json({ error: '仅买家可发求购单' });
+        const body = req.body;
+        const title = String(body.title || '').trim();
+        if (title.length < 2)
+            return void res.json({ error: '标题至少 2 字' });
+        const qty = Math.max(1, Math.floor(Number(body.qty) || 1));
+        if (qty > RFQ_MAX_QTY)
+            return void res.json({ error: `qty 超出上限 ${RFQ_MAX_QTY}` });
+        const urgency = String(body.urgency || 'flex');
+        if (!VALID_RFQ_URGENCIES.has(urgency))
+            return void res.json({ error: 'urgency 无效' });
+        const awardMode = String(body.award_mode || 'time_window');
+        if (!VALID_AWARD_MODES.has(awardMode))
+            return void res.json({ error: 'award_mode 无效' });
+        const maxPrice = body.max_price != null ? Number(body.max_price) : null;
+        if (maxPrice != null && (!Number.isFinite(maxPrice) || maxPrice <= 0))
+            return void res.json({ error: 'max_price 必须 > 0' });
+        if (maxPrice != null && maxPrice > RFQ_MAX_PRICE)
+            return void res.json({ error: `max_price 超出上限 ${RFQ_MAX_PRICE} WAZ` });
+        const category = String(body.category || 'general');
+        if (!isListingCategoryKey(category))
+            return void res.json({ error: '类目无效' });
+        const explicitWindow = body.award_window_min != null ? Math.max(5, Math.min(RFQ_MAX_WINDOW_MIN, Math.floor(Number(body.award_window_min)))) : null;
+        const windowMin = explicitWindow ?? RFQ_DEFAULT_WINDOW_MIN[urgency];
+        const todayCount = db.prepare("SELECT COUNT(1) as n FROM rfqs WHERE buyer_id = ? AND created_at > datetime('now','-1 day')").get(user.id).n;
+        if (todayCount >= RFQ_DAILY_CAP_PER_BUYER) {
+            return void res.json({ error: `今日已达上限 ${RFQ_DAILY_CAP_PER_BUYER} 单求购` });
+        }
+        const deposit = buyerRfqDeposit(maxPrice, qty);
+        const wallet = db.prepare('SELECT balance FROM wallets WHERE user_id = ?').get(user.id);
+        if (!wallet || Number(wallet.balance) < deposit) {
+            return void res.json({ error: `余额不足，发求购需 ${deposit} WAZ 押金（中标后释放，撤销扣 30%）` });
+        }
+        // P3c：award 自动建单需要收货地址。优先 body，否则 buyer 的默认地址
+        const buyerProfile = db.prepare('SELECT default_address_text, default_address_json FROM users WHERE id = ?').get(user.id);
+        let shippingAddress = body.shipping_address ? String(body.shipping_address).trim() : null;
+        if (!shippingAddress) {
+            if (buyerProfile?.default_address_text)
+                shippingAddress = buyerProfile.default_address_text;
+            else if (buyerProfile?.default_address_json) {
+                try {
+                    const a = JSON.parse(buyerProfile.default_address_json);
+                    const parts = [a.recipient, a.line1, a.line2, a.city, a.state, a.country, a.phone1].filter(Boolean);
+                    if (parts.length)
+                        shippingAddress = parts.join(' / ');
+                }
+                catch { }
+            }
+        }
+        if (!shippingAddress)
+            return void res.json({ error: '请先在个人主页设置默认收货地址，或在发求购时传 shipping_address' });
+        const id = generateId('rfq');
+        const regionRequired = body.region_required ? String(body.region_required) : user.region || null;
+        const fulfillmentRequired = body.fulfillment_required ? JSON.stringify(body.fulfillment_required) : null;
+        db.transaction(() => {
+            db.prepare(`
+        INSERT INTO rfqs (id, buyer_id, listing_id, title, spec_json, qty, category, region_required, urgency,
+          max_price, fulfillment_required, award_mode, award_window_min, deadline_at, buyer_stake_locked, notes, shipping_address)
+        VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,datetime('now', '+' || ? || ' minutes'),?,?,?)
+      `).run(id, user.id, body.listing_id ? String(body.listing_id) : null, title, body.spec_json ? JSON.stringify(body.spec_json) : null, qty, category, regionRequired, urgency, maxPrice, fulfillmentRequired, awardMode, windowMin, windowMin, deposit, body.notes ? String(body.notes) : null, shippingAddress);
+            db.prepare('UPDATE wallets SET balance = balance - ?, staked = staked + ? WHERE user_id = ?').run(deposit, deposit, user.id);
+        })();
+        try {
+            notifyMatchedSellers(id);
+        }
+        catch (e) {
+            console.error('[P3 notify]', e);
+        }
+        let autoBidCount = 0;
+        try {
+            autoBidCount = evaluateAutoBidsForRfq(id);
+        }
+        catch (e) {
+            console.error('[P3e auto_bid]', e);
+        }
+        res.json({ id, deposit, window_min: windowMin, deadline_at_minutes: windowMin, auto_bids: autoBidCount });
+    });
+    // 卖家 RFQ 看板
+    app.get('/api/rfqs', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const where = ["r.status = 'open'", "r.deadline_at > datetime('now')"];
+        const args = [];
+        if (req.query.region) {
+            where.push('(r.region_required IS NULL OR r.region_required = ?)');
+            args.push(String(req.query.region));
+        }
+        if (req.query.category) {
+            where.push('r.category = ?');
+            args.push(String(req.query.category));
+        }
+        if (req.query.urgency && VALID_RFQ_URGENCIES.has(String(req.query.urgency))) {
+            where.push('r.urgency = ?');
+            args.push(String(req.query.urgency));
+        }
+        if (req.query.unbidded === '1') {
+            where.push('r.bid_count = 0');
+        }
+        // #974: q LIKE 搜索（title / notes）
+        if (req.query.q && typeof req.query.q === 'string' && req.query.q.trim()) {
+            const qE = req.query.q.trim().replace(/[\\%_]/g, '\\$&');
+            where.push("(r.title LIKE ? ESCAPE '\\' OR r.notes LIKE ? ESCAPE '\\')");
+            args.push('%' + qE + '%', '%' + qE + '%');
+        }
+        const limit = Math.min(100, Math.max(1, Number(req.query.limit) || 30));
+        const rows = db.prepare(`
+      SELECT r.id, r.title, r.qty, r.category, r.region_required, r.urgency, r.max_price,
+             r.award_mode, r.deadline_at, r.bid_count, r.created_at,
+             (SELECT MIN(price) FROM bids b WHERE b.rfq_id = r.id AND b.status = 'active') as current_lowest_bid,
+             EXISTS(SELECT 1 FROM bids b WHERE b.rfq_id = r.id AND b.seller_id = ? AND b.status = 'active') as i_have_bid
+      FROM rfqs r
+      WHERE ${where.join(' AND ')}
+      ORDER BY r.created_at DESC
+      LIMIT ?
+    `).all(user.id, ...args, limit);
+        res.json({ items: rows, urgencies: ['now', 'today', 'flex'], categories: LISTING_CATEGORIES });
+    });
+    app.get('/api/rfqs/mine', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const rows = db.prepare(`
+      SELECT r.*,
+        (SELECT MIN(price) FROM bids b WHERE b.rfq_id = r.id AND b.status = 'active') as current_lowest_bid
+      FROM rfqs r
+      WHERE r.buyer_id = ?
+      ORDER BY r.created_at DESC
+      LIMIT 100
+    `).all(user.id);
+        res.json({ items: rows });
+    });
+    app.get('/api/rfqs/:id', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const rfq = db.prepare('SELECT * FROM rfqs WHERE id = ?').get(req.params.id);
+        if (!rfq)
+            return void res.status(404).json({ error: 'RFQ 不存在' });
+        const isOwner = rfq.buyer_id === user.id;
+        const bids = db.prepare(`
+      SELECT b.id, b.seller_id, b.price, b.qty_offered, b.eta_hours, b.fulfillment_type, b.note,
+        b.auto_bid_skill, b.status, b.submitted_at, b.offer_id,
+        u.handle as seller_handle, u.region as seller_region,
+        (SELECT COUNT(1) FROM orders WHERE seller_id = b.seller_id AND status = 'completed') as seller_sales
+      FROM bids b
+      LEFT JOIN users u ON u.id = b.seller_id
+      WHERE b.rfq_id = ?
+      ORDER BY b.price ASC, b.submitted_at ASC
+    `).all(req.params.id);
+        // 仅 owner 看全部；第三方只看自己 + 计数
+        const visibleBids = isOwner ? bids : bids.filter(b => b.seller_id === user.id);
+        // P1：非 owner 时 buyer 身份脱敏（防止私下交易）
+        const safeRfq = { ...rfq };
+        if (!isOwner) {
+            const bid = String(rfq.buyer_id || '');
+            safeRfq.buyer_id = '买家 #' + bid.slice(-6);
+            delete safeRfq.shipping_address; // 中标后从订单读
+        }
+        res.json({ rfq: safeRfq, bids: visibleBids, bid_count: bids.length, is_owner: isOwner });
+    });
+    app.delete('/api/rfqs/:id', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const rfq = db.prepare('SELECT * FROM rfqs WHERE id = ?').get(req.params.id);
+        if (!rfq)
+            return void res.status(404).json({ error: 'RFQ 不存在' });
+        if (rfq.buyer_id !== user.id)
+            return void res.status(403).json({ error: '仅买家本人可取消' });
+        if (rfq.status !== 'open')
+            return void res.json({ error: `当前状态 ${rfq.status} 不可取消` });
+        const deposit = Number(rfq.buyer_stake_locked) || 0;
+        const forfeit = Math.round(deposit * 0.30 * 100) / 100;
+        const refund = Math.round((deposit - forfeit) * 100) / 100;
+        db.transaction(() => {
+            db.prepare("UPDATE rfqs SET status = 'cancelled', updated_at = datetime('now') WHERE id = ?").run(req.params.id);
+            if (refund > 0)
+                db.prepare('UPDATE wallets SET balance = balance + ?, staked = staked - ? WHERE user_id = ?').run(refund, deposit, user.id);
+            const activeBids = db.prepare("SELECT id, seller_id, stake_locked FROM bids WHERE rfq_id = ? AND status = 'active'").all(req.params.id);
+            for (const b of activeBids) {
+                db.prepare("UPDATE bids SET status = 'cancelled', resolved_at = datetime('now') WHERE id = ?").run(b.id);
+                if (b.stake_locked > 0)
+                    db.prepare('UPDATE wallets SET balance = balance + ?, staked = staked - ? WHERE user_id = ?').run(b.stake_locked, b.stake_locked, b.seller_id);
+            }
+        })();
+        res.json({ success: true, refund, forfeit, active_bids_released: 0 });
+    });
+    app.post('/api/rfqs/:id/bids', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        if (user.role !== 'seller')
+            return void res.json({ error: '仅卖家可报价' });
+        const rfq = db.prepare('SELECT * FROM rfqs WHERE id = ?').get(req.params.id);
+        if (!rfq)
+            return void res.status(404).json({ error: 'RFQ 不存在' });
+        if (rfq.status !== 'open')
+            return void res.json({ error: `当前状态 ${rfq.status} 不接受报价` });
+        if (String(rfq.deadline_at) <= new Date().toISOString().replace('T', ' ').slice(0, 19)) {
+            return void res.json({ error: '该 RFQ 已过期' });
+        }
+        const body = req.body;
+        const price = Number(body.price);
+        if (!Number.isFinite(price) || price <= 0)
+            return void res.json({ error: 'price 必须 > 0' });
+        if (price > RFQ_MAX_PRICE)
+            return void res.json({ error: `price 超出上限 ${RFQ_MAX_PRICE} WAZ` });
+        if (rfq.max_price && price > Number(rfq.max_price))
+            return void res.json({ error: `超出买家预算 ${rfq.max_price}` });
+        const qtyOffered = Math.max(1, Math.floor(Number(body.qty_offered) || Number(rfq.qty)));
+        if (qtyOffered > RFQ_MAX_QTY)
+            return void res.json({ error: `qty_offered 超出上限 ${RFQ_MAX_QTY}` });
+        const fulfillmentType = String(body.fulfillment_type || 'standard');
+        if (!VALID_FULFILLMENT_TYPES.has(fulfillmentType))
+            return void res.json({ error: 'fulfillment_type 无效' });
+        const today = db.prepare("SELECT COUNT(1) as n FROM bids WHERE seller_id = ? AND submitted_at > datetime('now','-1 day')").get(user.id).n;
+        if (today >= BID_DAILY_CAP_PER_SELLER) {
+            return void res.json({ error: `今日报价已达上限 ${BID_DAILY_CAP_PER_SELLER} 条` });
+        }
+        // 一卖家 × 一 RFQ = 一 bid（已有则用 PATCH）
+        const existing = db.prepare("SELECT id, status FROM bids WHERE rfq_id = ? AND seller_id = ?").get(req.params.id, user.id);
+        if (existing && existing.status === 'active')
+            return void res.json({ error: '已有进行中的 bid，请改用 PATCH 修改', bid_id: existing.id });
+        const stake = bidStakeFor(price, qtyOffered);
+        const wallet = db.prepare('SELECT balance FROM wallets WHERE user_id = ?').get(user.id);
+        if (!wallet || Number(wallet.balance) < stake) {
+            return void res.json({ error: `余额不足，bid 押金 ${stake} WAZ（落选/取消立即释放，中标后转 escrow）` });
+        }
+        const id = generateId('bid');
+        db.transaction(() => {
+            db.prepare(`
+        INSERT INTO bids (id, rfq_id, seller_id, offer_id, price, qty_offered, eta_hours, fulfillment_type, note, stake_locked, auto_bid_skill)
+        VALUES (?,?,?,?,?,?,?,?,?,?,?)
+      `).run(id, req.params.id, user.id, body.offer_id ? String(body.offer_id) : null, price, qtyOffered, body.eta_hours != null ? Number(body.eta_hours) : null, fulfillmentType, body.note ? String(body.note).slice(0, 500) : null, stake, body.auto_bid_skill ? 1 : 0);
+            db.prepare('UPDATE wallets SET balance = balance - ?, staked = staked + ? WHERE user_id = ?').run(stake, stake, user.id);
+            db.prepare(`UPDATE rfqs SET bid_count = bid_count + 1, status = 'open', updated_at = datetime('now') WHERE id = ?`).run(req.params.id);
+        })();
+        try {
+            db.prepare(`INSERT INTO notifications (id, user_id, type, title, body, created_at)
+                  VALUES (?,?,'rfq_bid',?,?,datetime('now'))`)
+                .run(generateId('ntf'), rfq.buyer_id, `💰 新报价 ${price} WAZ`, `RFQ：${rfq.title} · #${req.params.id}`);
+        }
+        catch (e) {
+            console.error('[P3 notify bid]', e);
+        }
+        // P3c.4: first_match 模式 → 立即评估并自动 award
+        let autoAwardedOrder;
+        if (rfq.award_mode === 'first_match') {
+            const okForMatch = !rfq.max_price || price <= Number(rfq.max_price);
+            if (okForMatch) {
+                const newBid = db.prepare('SELECT * FROM bids WHERE id = ?').get(id);
+                let result = { ok: false };
+                try {
+                    db.transaction(() => {
+                        const rfqLatest = db.prepare('SELECT * FROM rfqs WHERE id = ?').get(req.params.id);
+                        if (rfqLatest && rfqLatest.status === 'open') {
+                            result = awardBidAndCreateOrder(rfqLatest, newBid);
+                            if (!result.ok)
+                                throw new Error(result.error || 'first_match award failed');
+                        }
+                    })();
+                    if (result.ok) {
+                        autoAwardedOrder = result.order_id;
+                        try {
+                            db.prepare(`INSERT INTO notifications (id, user_id, type, title, body, created_at)
+                          VALUES (?,?,'rfq_won',?,?,datetime('now'))`)
+                                .run(generateId('ntf'), user.id, `🎉 中标（first_match 自动选）`, `订单 ${result.order_id}`);
+                        }
+                        catch (e) {
+                            console.error('[P3c notify first_match won]', e);
+                        }
+                    }
+                }
+                catch (e) {
+                    console.error('[P3c first_match]', e.message);
+                }
+            }
+        }
+        res.json({ id, stake_locked: stake, auto_awarded_order_id: autoAwardedOrder });
+    });
+    // 卖家：修改 bid（仅 active；stake 差额自动结算）
+    app.patch('/api/bids/:id', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const bid = db.prepare('SELECT * FROM bids WHERE id = ?').get(req.params.id);
+        if (!bid)
+            return void res.status(404).json({ error: 'bid 不存在' });
+        if (bid.seller_id !== user.id)
+            return void res.status(403).json({ error: '仅本人可修改' });
+        if (bid.status !== 'active')
+            return void res.json({ error: `当前状态 ${bid.status} 不可修改` });
+        const rfq = db.prepare('SELECT max_price, status, deadline_at FROM rfqs WHERE id = ?').get(bid.rfq_id);
+        if (!rfq || rfq.status !== 'open')
+            return void res.json({ error: 'RFQ 已不接受改价' });
+        const body = req.body;
+        let newPrice = Number(bid.price);
+        let newQty = Number(bid.qty_offered);
+        let newEta = bid.eta_hours;
+        let newFt = String(bid.fulfillment_type);
+        let newNote = bid.note;
+        if (body.price != null) {
+            const p = Number(body.price);
+            if (!Number.isFinite(p) || p <= 0)
+                return void res.json({ error: 'price 必须 > 0' });
+            if (rfq.max_price && p > Number(rfq.max_price))
+                return void res.json({ error: `超出买家预算 ${rfq.max_price}` });
+            newPrice = p;
+        }
+        if (body.qty_offered != null) {
+            const q = Math.max(1, Math.floor(Number(body.qty_offered)));
+            if (!Number.isFinite(q))
+                return void res.json({ error: 'qty 无效' });
+            newQty = q;
+        }
+        if (body.eta_hours !== undefined)
+            newEta = body.eta_hours != null ? Number(body.eta_hours) : null;
+        if (body.fulfillment_type != null) {
+            const ft = String(body.fulfillment_type);
+            if (!VALID_FULFILLMENT_TYPES.has(ft))
+                return void res.json({ error: 'fulfillment_type 无效' });
+            newFt = ft;
+        }
+        if (body.note !== undefined)
+            newNote = body.note ? String(body.note).slice(0, 500) : null;
+        const oldStake = Number(bid.stake_locked) || 0;
+        const newStake = bidStakeFor(newPrice, newQty);
+        const delta = Math.round((newStake - oldStake) * 100) / 100;
+        if (delta > 0) {
+            const wallet = db.prepare('SELECT balance FROM wallets WHERE user_id = ?').get(user.id);
+            if (!wallet || Number(wallet.balance) < delta) {
+                return void res.json({ error: `余额不足补足 stake 差额 ${delta} WAZ` });
+            }
+        }
+        db.transaction(() => {
+            db.prepare(`UPDATE bids SET price = ?, qty_offered = ?, eta_hours = ?, fulfillment_type = ?, note = ?, stake_locked = ?
+                  WHERE id = ?`).run(newPrice, newQty, newEta, newFt, newNote, newStake, req.params.id);
+            if (delta > 0) {
+                db.prepare('UPDATE wallets SET balance = balance - ?, staked = staked + ? WHERE user_id = ?').run(delta, delta, user.id);
+            }
+            else if (delta < 0) {
+                const back = -delta;
+                db.prepare('UPDATE wallets SET balance = balance + ?, staked = staked - ? WHERE user_id = ?').run(back, back, user.id);
+            }
+        })();
+        res.json({ success: true, stake_locked: newStake, stake_delta: delta });
+    });
+    // 卖家：撤回 bid（释放 stake）
+    app.delete('/api/bids/:id', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const bid = db.prepare('SELECT * FROM bids WHERE id = ?').get(req.params.id);
+        if (!bid)
+            return void res.status(404).json({ error: 'bid 不存在' });
+        if (bid.seller_id !== user.id)
+            return void res.status(403).json({ error: '仅本人可撤回' });
+        if (bid.status !== 'active')
+            return void res.json({ error: `当前状态 ${bid.status} 不可撤回` });
+        const stake = Number(bid.stake_locked) || 0;
+        db.transaction(() => {
+            db.prepare("UPDATE bids SET status = 'cancelled', resolved_at = datetime('now') WHERE id = ?").run(req.params.id);
+            if (stake > 0)
+                db.prepare('UPDATE wallets SET balance = balance + ?, staked = staked - ? WHERE user_id = ?').run(stake, stake, user.id);
+            db.prepare("UPDATE rfqs SET bid_count = MAX(0, bid_count - 1), updated_at = datetime('now') WHERE id = ?").run(String(bid.rfq_id));
+        })();
+        res.json({ success: true, stake_released: stake });
+    });
+    // 买家：选定 winning bid
+    app.post('/api/rfqs/:id/award', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const rfq = db.prepare('SELECT * FROM rfqs WHERE id = ?').get(req.params.id);
+        if (!rfq)
+            return void res.status(404).json({ error: 'RFQ 不存在' });
+        if (rfq.buyer_id !== user.id)
+            return void res.status(403).json({ error: '仅买家本人可选定' });
+        if (rfq.status !== 'open')
+            return void res.json({ error: `当前状态 ${rfq.status} 不可选定` });
+        const bidId = String(req.body.bid_id || '');
+        let winner;
+        if (bidId) {
+            winner = db.prepare("SELECT * FROM bids WHERE id = ? AND rfq_id = ? AND status = 'active'").get(bidId, req.params.id);
+        }
+        else {
+            // P3c.3 提前结算：自动选当前最低价（同 cron 逻辑）
+            winner = db.prepare("SELECT * FROM bids WHERE rfq_id = ? AND status = 'active' ORDER BY price ASC, submitted_at ASC LIMIT 1").get(req.params.id);
+        }
+        if (!winner)
+            return void res.status(404).json({ error: bidId ? 'bid 无效或已失效' : '当前无有效报价可选' });
+        let result = { ok: false };
+        try {
+            db.transaction(() => {
+                result = awardBidAndCreateOrder(rfq, winner);
+                if (!result.ok)
+                    throw new Error(result.error || 'award failed');
+            })();
+        }
+        catch (e) {
+            return void res.status(400).json({ error: result.error || String(e.message) });
+        }
+        // 通知（事务外）：中标
+        try {
+            db.prepare(`INSERT INTO notifications (id, user_id, type, title, body, created_at)
+                  VALUES (?,?,'rfq_won',?,?,datetime('now'))`)
+                .run(generateId('ntf'), winner.seller_id, `🎉 中标：${rfq.title}`, `订单 ${result.order_id}`);
+        }
+        catch (e) {
+            console.error('[P3 notify won]', e);
+        }
+        // auto_accept Skill 触发
+        try {
+            if (shouldAutoAccept(db, result.order_id)) {
+                const sysUser = db.prepare("SELECT id FROM users WHERE id = 'sys_protocol'").get();
+                if (sysUser) {
+                    const ar = transition(db, result.order_id, 'accepted', sysUser.id, [], '⚡ auto_accept Skill 自动接单');
+                    if (ar.success)
+                        notifyTransition(db, result.order_id, 'paid', 'accepted');
+                }
+            }
+        }
+        catch (e) {
+            console.error('[P3c auto_accept]', e);
+        }
+        res.json({ success: true, winning_bid_id: String(winner.id), order_id: result.order_id });
+    });
+}

package/dist/pwa/routes/search.js

@@ -0,0 +1,172 @@
+export function registerSearchRoutes(app, deps) {
+    const { db, auth, applyCouponToOrder, extractUrlFromText, extractTitleFromText, parsePlatformUrl, searchByExternalLink, detectShareCommandFormat, formatProductForAgent } = deps;
+    app.get('/api/coupons/preview', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const { code, product_id } = req.query;
+        if (!code || !product_id)
+            return void res.status(400).json({ error: '需提供 code + product_id' });
+        const p = db.prepare('SELECT seller_id, price FROM products WHERE id = ?').get(product_id);
+        if (!p)
+            return void res.status(404).json({ error: '商品不存在' });
+        const result = applyCouponToOrder(code, p.seller_id, product_id, Number(p.price));
+        if (!result.ok)
+            return void res.json({ ok: false, error: result.error });
+        res.json({ ok: true, discount: result.discount, final_price: Math.max(0, Number(p.price) - (result.discount || 0)) });
+    });
+    app.get('/api/my-products', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const products = db.prepare(`
+      SELECT p.*,
+        CASE WHEN EXISTS (
+          SELECT 1 FROM verify_tasks WHERE product_id=p.id AND status IN ('code_issued','open')
+        ) THEN 1 ELSE 0 END as has_pending_task,
+        CASE WHEN EXISTS (SELECT 1 FROM product_external_links WHERE product_id=p.id AND revoked=1)
+          AND NOT EXISTS (SELECT 1 FROM product_external_links WHERE product_id=p.id AND verified=1 AND (revoked IS NULL OR revoked=0))
+        THEN 1 ELSE 0 END as all_links_revoked
+      FROM products p WHERE p.seller_id = ? ORDER BY p.created_at DESC
+    `).all(user.id);
+        res.json(products);
+    });
+    app.post('/api/search-by-link', (req, res) => {
+        const text = (req.body?.text || '').toString();
+        const ext = (req.body?.external_link ?? null);
+        if (!text && !ext)
+            return void res.json({ error: '请提供 text 或 external_link' });
+        if (text && text.length > 2000)
+            return void res.json({ error: '文本过长（>2000）' });
+        let url = null;
+        let title = null;
+        let meta = null;
+        if (ext && typeof ext === 'object') {
+            if (ext.platform)
+                meta = { platform: ext.platform, external_id: ext.external_id ?? null };
+            if (ext.external_title)
+                title = ext.external_title;
+            if (ext.canonical_url)
+                url = ext.canonical_url;
+        }
+        if (text) {
+            if (!url)
+                url = extractUrlFromText(text);
+            if (!title)
+                title = extractTitleFromText(text);
+            if (!meta && url)
+                meta = parsePlatformUrl(url);
+            if (!url && !title)
+                title = text.trim();
+        }
+        const result = searchByExternalLink({
+            platform: meta?.platform,
+            external_id: meta?.external_id,
+            external_title: title,
+        });
+        let unsupportedHint = null;
+        if (result.matched_by === 'none' && !url && !title && text) {
+            const cmd = detectShareCommandFormat(text);
+            if (cmd) {
+                unsupportedHint = `检测到 ${cmd.hint}，该格式经平台加密，无法直接解析。请改用包含 https:// 链接或「商品名」的分享文本。`;
+            }
+        }
+        res.json({
+            extracted: {
+                url,
+                title,
+                platform: meta?.platform ?? null,
+                external_id: meta?.external_id ?? null,
+            },
+            matched_by: result.matched_by,
+            products: result.products,
+            ...(unsupportedHint ? { unsupported_format: true, hint: unsupportedHint } : {}),
+        });
+    });
+    app.get('/api/search-fuzzy', (req, res) => {
+        const q = String(req.query.q ?? '').trim();
+        const threshold = 0.5;
+        if (!q)
+            return void res.json({ products: [], matched_by: 'none', score_threshold: threshold });
+        if (q.length > 200)
+            return void res.json({ error: '关键词过长（>200）' });
+        const norm = (s) => (s ?? '').normalize('NFKC').replace(/\s+/g, '').toLowerCase();
+        const qn = norm(q);
+        if (!qn)
+            return void res.json({ products: [], matched_by: 'none', score_threshold: threshold });
+        const grams = (s, n = 2) => {
+            if (s.length <= n)
+                return [s];
+            const out = [];
+            for (let i = 0; i + n <= s.length; i++)
+                out.push(s.slice(i, i + n));
+            return out;
+        };
+        const qg = grams(qn);
+        const rows = db.prepare(`
+      SELECT p.*, u.name as seller_name,
+        COALESCE(rs.total_points, 0) as rep_points, COALESCE(rs.level, 'new') as rep_level
+      FROM products p
+      JOIN users u ON p.seller_id = u.id
+      LEFT JOIN reputation_scores rs ON rs.user_id = p.seller_id
+      WHERE p.status = 'active' AND p.stock > 0
+    `).all();
+        const scored = rows
+            .map((r) => {
+            const tn = norm(String(r.title ?? ''));
+            if (tn && tn.includes(qn))
+                return { row: r, score: 1 };
+            let titleScore = 0;
+            if (tn && qg.length) {
+                let hit = 0;
+                for (const g of qg)
+                    if (tn.includes(g))
+                        hit++;
+                titleScore = hit / qg.length;
+            }
+            let descScore = 0;
+            const dn = norm(String(r.description ?? ''));
+            if (dn && qg.length) {
+                let hit = 0;
+                for (const g of qg)
+                    if (dn.includes(g))
+                        hit++;
+                descScore = (hit / qg.length) * 0.6;
+            }
+            return { row: r, score: Math.max(titleScore, descScore) };
+        })
+            .filter((x) => x.score >= threshold)
+            .sort((a, b) => b.score - a.score)
+            .slice(0, 30);
+        res.json({
+            products: scored.map((x) => ({ ...formatProductForAgent(x.row), _score: Number(x.score.toFixed(2)) })),
+            matched_by: scored.length ? 'fuzzy' : 'none',
+            score_threshold: threshold,
+        });
+    });
+    app.get('/api/check-url', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const url = req.query.url;
+        if (!url)
+            return void res.json({ error: '请提供 url 参数' });
+        const selfClaim = db.prepare(`
+      SELECT p.id as product_id, p.title FROM product_external_links pel
+      JOIN products p ON pel.product_id = p.id
+      WHERE pel.url = ? AND p.seller_id = ?
+    `).get(url, user.id);
+        if (selfClaim) {
+            return void res.json({ claimed: true, self: true, product_title: selfClaim.title, message: `您已在商品「${selfClaim.title}」中关联了此链接` });
+        }
+        const otherClaim = db.prepare(`
+      SELECT p.title as product_title FROM product_external_links pel
+      JOIN products p ON pel.product_id = p.id
+      WHERE pel.url = ? AND pel.verified = 1 AND p.seller_id != ?
+    `).get(url, user.id);
+        if (otherClaim) {
+            return void res.json({ claimed: true, self: false, message: `此链接已被其他商家认领，不能直接添加，上架后请在商品编辑页发起认领验证任务` });
+        }
+        res.json({ claimed: false });
+    });
+}