@seasonkoh/webaz 0.1.7 → 0.1.9

package/dist/pwa/routes/skill-market.js

@@ -0,0 +1,173 @@
+import { publishListing, updateListing, delistListing, resubmitListing, listMarket, getMarketDetail, getMyListings, purchaseListing, readContent, getMyLibrary, listPendingAudit, auditListing, } from '../../layer4-economics/L4-4-skill-market/skill-listing-engine.js';
+export function registerSkillMarketRoutes(app, deps) {
+    const { db, generateId, auth, getUser, requireContentAdmin, getProtocolParam } = deps;
+    const feeRate = () => getProtocolParam('skill_fee_rate', 0.05);
+    const notify = (userId, title, body) => {
+        try {
+            db.prepare('INSERT INTO notifications (id, user_id, title, body, order_id) VALUES (?,?,?,?,?)')
+                .run(generateId('ntf'), userId, title, body, null);
+        }
+        catch { /* notifications best-effort */ }
+    };
+    // ─── 公开列表 ───────────────────────────────────────────────
+    app.get('/api/skill-market', (req, res) => {
+        const user = getUser(req);
+        res.json(listMarket(db, {
+            category: req.query.category,
+            skillKind: req.query.kind,
+            billingMode: req.query.billing,
+            query: req.query.q,
+            viewerId: user?.id,
+            limit: 30,
+        }));
+    });
+    // ─── 我发布的（须在 /:id 之前注册）───────────────────────────
+    app.get('/api/skill-market/mine', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        res.json(getMyListings(db, user.id));
+    });
+    // ─── 我的技能库 ─────────────────────────────────────────────
+    app.get('/api/skill-market/library', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        res.json(getMyLibrary(db, user.id));
+    });
+    // ─── 公开详情 ───────────────────────────────────────────────
+    app.get('/api/skill-market/:id', (req, res) => {
+        const user = getUser(req);
+        const detail = getMarketDetail(db, req.params.id, user?.id);
+        if (!detail)
+            return void res.status(404).json({ error: '技能不存在或未上架' });
+        res.json(detail);
+    });
+    // ─── 发布（任意登录用户）────────────────────────────────────
+    app.post('/api/skill-market', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const b = req.body;
+        try {
+            const listing = publishListing(db, {
+                authorId: user.id,
+                title: String(b.title ?? ''),
+                summary: b.summary != null ? String(b.summary) : undefined,
+                preview: b.preview != null ? String(b.preview) : undefined,
+                content: String(b.content ?? ''),
+                category: b.category != null ? String(b.category) : undefined,
+                skillKind: b.skill_kind,
+                billingMode: b.billing_mode,
+                price: b.price != null ? Number(b.price) : 0,
+            });
+            res.json({ success: true, listing });
+        }
+        catch (err) {
+            res.status(400).json({ error: err.message });
+        }
+    });
+    // ─── 修改 ───────────────────────────────────────────────────
+    app.patch('/api/skill-market/:id', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const b = req.body;
+        try {
+            const listing = updateListing(db, req.params.id, user.id, {
+                title: b.title != null ? String(b.title) : undefined,
+                summary: b.summary != null ? String(b.summary) : undefined,
+                preview: b.preview != null ? String(b.preview) : undefined,
+                content: b.content != null ? String(b.content) : undefined,
+                category: b.category != null ? String(b.category) : undefined,
+                skillKind: b.skill_kind,
+                billingMode: b.billing_mode,
+                price: b.price != null ? Number(b.price) : undefined,
+            });
+            res.json({ success: true, listing });
+        }
+        catch (err) {
+            res.status(400).json({ error: err.message });
+        }
+    });
+    // ─── 下架 ───────────────────────────────────────────────────
+    app.post('/api/skill-market/:id/delist', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        try {
+            delistListing(db, req.params.id, user.id);
+            res.json({ success: true });
+        }
+        catch (err) {
+            res.status(400).json({ error: err.message });
+        }
+    });
+    // ─── 重新提交审核 ───────────────────────────────────────────
+    app.post('/api/skill-market/:id/resubmit', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        try {
+            resubmitListing(db, req.params.id, user.id);
+            res.json({ success: true });
+        }
+        catch (err) {
+            res.status(400).json({ error: err.message });
+        }
+    });
+    // ─── 购买 / 解锁（free | one_time）──────────────────────────
+    app.post('/api/skill-market/:id/purchase', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        try {
+            res.json(purchaseListing(db, user.id, req.params.id, feeRate()));
+        }
+        catch (err) {
+            res.status(400).json({ error: err.message });
+        }
+    });
+    // ─── 读取正文（per_use 按次扣费）────────────────────────────
+    app.post('/api/skill-market/:id/read', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        try {
+            res.json(readContent(db, user.id, req.params.id, feeRate()));
+        }
+        catch (err) {
+            res.status(400).json({ error: err.message });
+        }
+    });
+    // ─── Admin：待审列表 ────────────────────────────────────────
+    app.get('/api/admin/skill-market/pending', (req, res) => {
+        const admin = requireContentAdmin(req, res);
+        if (!admin)
+            return;
+        res.json({ items: listPendingAudit(db) });
+    });
+    // ─── Admin：审核 ────────────────────────────────────────────
+    app.post('/api/admin/skill-market/:id/audit', (req, res) => {
+        const admin = requireContentAdmin(req, res);
+        if (!admin)
+            return;
+        const { decision, note } = req.body;
+        if (decision !== 'approve' && decision !== 'reject') {
+            return void res.status(400).json({ error: 'decision 必须是 approve 或 reject' });
+        }
+        try {
+            const listing = auditListing(db, req.params.id, admin.id, decision, note);
+            if (decision === 'approve') {
+                notify(listing.author_id, '✓ 技能审核通过', `「${listing.title}」已上架技能市场`);
+            }
+            else {
+                notify(listing.author_id, '✗ 技能审核未通过', `「${listing.title}」被退回：${note ?? ''}`);
+            }
+            res.json({ success: true, listing });
+        }
+        catch (err) {
+            res.status(400).json({ error: err.message });
+        }
+    });
+}

package/dist/pwa/routes/skills.js

@@ -0,0 +1,174 @@
+import { publishSkill, listSkills, getMySkills, subscribeSkill, unsubscribeSkill, getMySubscriptions, } from '../../layer4-economics/L4-4-skill-market/skill-engine.js';
+const SKILL_TRUST_REQ = {
+    price_negotiation: 'quality',
+    quality_guarantee: 'quality',
+    catalog_sync: 'trusted',
+    auto_accept: 'new',
+    instant_ship: 'new',
+};
+const LEVEL_ORDER = ['new', 'trusted', 'quality', 'legend'];
+export function registerSkillsRoutes(app, deps) {
+    const { db, auth, getUser } = deps;
+    // 公开浏览
+    app.get('/api/skills', (req, res) => {
+        const user = getUser(req);
+        const skills = listSkills(db, {
+            skillType: req.query.type,
+            query: req.query.q,
+            subscriberId: user?.id,
+            limit: 30,
+        });
+        res.json(skills);
+    });
+    app.get('/api/skills/mine', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        res.json(getMySkills(db, user.id));
+    });
+    app.get('/api/skills/subscriptions', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        res.json(getMySubscriptions(db, user.id));
+    });
+    // 发布
+    app.post('/api/skills', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        if (user.role !== 'seller')
+            return void res.json({ error: '只有卖家才能发布 Skill' });
+        const { name, description, category, skill_type, config } = req.body;
+        if (!name || !description || !skill_type)
+            return void res.json({ error: '请填写 name、description、skill_type' });
+        // trust level 门槛
+        const required = SKILL_TRUST_REQ[skill_type] || 'new';
+        if (required !== 'new') {
+            const rep = db.prepare(`SELECT level FROM agent_reputation WHERE api_key = ?`).get(user.api_key);
+            const myLevel = rep?.level || 'new';
+            if (LEVEL_ORDER.indexOf(myLevel) < LEVEL_ORDER.indexOf(required)) {
+                return void res.status(403).json({
+                    error: `发布 ${skill_type} 类型 Skill 需要 ${required}+ 等级（你当前 ${myLevel}）`,
+                    error_code: 'SKILL_TRUST_LEVEL_REQUIRED',
+                    required, current: myLevel,
+                });
+            }
+        }
+        // config 边界
+        const cfg = (config && typeof config === 'object') ? config : {};
+        if (skill_type === 'price_negotiation') {
+            const maxDiscount = Number(cfg.max_discount_pct ?? 0);
+            if (!Number.isFinite(maxDiscount) || maxDiscount < 0 || maxDiscount > 0.5) {
+                return void res.json({ error: 'price_negotiation: max_discount_pct 必须 0-0.5（即 0%-50%）' });
+            }
+            const minQty = Number(cfg.min_quantity ?? 1);
+            if (!Number.isInteger(minQty) || minQty < 1 || minQty > 10000) {
+                return void res.json({ error: 'price_negotiation: min_quantity 必须 1-10000 整数' });
+            }
+        }
+        if (skill_type === 'quality_guarantee') {
+            const guarantee = Number(cfg.guarantee_amount ?? 0);
+            if (!Number.isFinite(guarantee) || guarantee < 0 || guarantee > 100000) {
+                return void res.json({ error: 'quality_guarantee: guarantee_amount 必须 0-100000 WAZ' });
+            }
+            const coverDays = Number(cfg.coverage_days ?? 0);
+            if (!Number.isInteger(coverDays) || coverDays < 0 || coverDays > 365) {
+                return void res.json({ error: 'quality_guarantee: coverage_days 必须 0-365 整数' });
+            }
+        }
+        if (skill_type === 'instant_ship') {
+            const shipHrs = Number(cfg.ship_within_hours ?? 24);
+            if (!Number.isInteger(shipHrs) || shipHrs < 1 || shipHrs > 168) {
+                return void res.json({ error: 'instant_ship: ship_within_hours 必须 1-168 整数（最多 7 天）' });
+            }
+        }
+        if (skill_type === 'auto_accept') {
+            const maxDaily = Number(cfg.max_daily_orders ?? 0);
+            if (cfg.max_daily_orders != null && (!Number.isInteger(maxDaily) || maxDaily < 1 || maxDaily > 10000)) {
+                return void res.json({ error: 'auto_accept: max_daily_orders 必须 1-10000 整数' });
+            }
+        }
+        try {
+            const skill = publishSkill(db, {
+                sellerId: user.id,
+                name, description, category,
+                skillType: skill_type,
+                config: cfg,
+            });
+            res.json({ success: true, skill });
+        }
+        catch (err) {
+            res.json({ error: err.message });
+        }
+    });
+    // 卖家：修改 Skill
+    app.patch('/api/skills/:id', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const skill = db.prepare('SELECT seller_id FROM skills WHERE id = ?').get(req.params.id);
+        if (!skill)
+            return void res.status(404).json({ error: 'Skill 不存在' });
+        if (skill.seller_id !== user.id)
+            return void res.status(403).json({ error: '仅 Skill owner 可修改' });
+        const body = req.body;
+        const updates = [];
+        const args = [];
+        if (body.config !== undefined) {
+            updates.push('config = ?');
+            args.push(JSON.stringify(body.config ?? {}));
+        }
+        if (body.active !== undefined) {
+            updates.push('active = ?');
+            args.push(body.active ? 1 : 0);
+        }
+        if (body.name && typeof body.name === 'string') {
+            updates.push('name = ?');
+            args.push(body.name);
+        }
+        if (body.description && typeof body.description === 'string') {
+            updates.push('description = ?');
+            args.push(body.description);
+        }
+        if (!updates.length)
+            return void res.json({ error: '无任何修改' });
+        args.push(req.params.id);
+        db.prepare(`UPDATE skills SET ${updates.join(', ')} WHERE id = ?`).run(...args);
+        res.json({ success: true });
+    });
+    // 卖家：停用
+    app.post('/api/skills/:id/disable', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const skill = db.prepare('SELECT seller_id FROM skills WHERE id = ?').get(req.params.id);
+        if (!skill)
+            return void res.status(404).json({ error: 'Skill 不存在' });
+        if (skill.seller_id !== user.id)
+            return void res.status(403).json({ error: '仅 Skill owner 可停用' });
+        db.prepare("UPDATE skills SET active = 0 WHERE id = ?").run(req.params.id);
+        res.json({ success: true });
+    });
+    // 订阅
+    app.post('/api/skills/:id/subscribe', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        try {
+            const result = subscribeSkill(db, user.id, req.params.id, req.body?.config ?? {});
+            res.json(result);
+        }
+        catch (err) {
+            res.json({ error: err.message });
+        }
+    });
+    // 取消订阅
+    app.delete('/api/skills/:id/subscribe', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        unsubscribeSkill(db, user.id, req.params.id);
+        res.json({ success: true });
+    });
+}

package/dist/pwa/routes/snf.js

@@ -0,0 +1,126 @@
+import { snfSend, snfPullInbox, snfListInbox, snfAck, snfPendingCount, snfVerify, snfDesignate, snfGetDesignation, snfNack, snfListDeadLetter, snfRevive, } from '../../layer2-business/L2-7-snf/snf-engine.js';
+export function registerSnfRoutes(app, deps) {
+    const { db, auth } = deps;
+    app.post('/api/snf/send', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const { recipient_id, message_type, payload, related_order_id, priority } = req.body || {};
+        if (!recipient_id || !message_type || !payload)
+            return void res.status(400).json({ error: '缺少必要字段' });
+        if (typeof payload !== 'object')
+            return void res.status(400).json({ error: 'payload 必须是 object' });
+        try {
+            const r = snfSend(db, {
+                senderId: user.id,
+                recipientId: String(recipient_id),
+                messageType: String(message_type),
+                payload: payload,
+                relatedOrderId: related_order_id ? String(related_order_id) : null,
+                priority: priority === 1 ? 1 : 0,
+            });
+            res.json({ ok: true, id: r.id, signature: r.signature });
+        }
+        catch (e) {
+            res.status(400).json({ error: e.message });
+        }
+    });
+    // 只读列表（不消费）
+    app.get('/api/snf/inbox', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const limit = Math.min(200, Math.max(1, Number(req.query.limit) || 80));
+        const sinceDays = Math.min(180, Math.max(1, Number(req.query.since_days) || 30));
+        const msgs = snfListInbox(db, user.id, limit, sinceDays);
+        res.json({ items: msgs, count: msgs.length });
+    });
+    // 协议级 pull — 一次性消费，agent / 内部组件用
+    app.get('/api/snf/inbox/pull', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const limit = Math.min(200, Math.max(1, Number(req.query.limit) || 50));
+        const msgs = snfPullInbox(db, user.id, limit);
+        res.json({ items: msgs, count: msgs.length });
+    });
+    // Agent 处理失败 → nack 回放（超 5 次自动死信化）
+    app.post('/api/snf/nack', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const ids = Array.isArray(req.body?.ids) ? req.body.ids.map(String).slice(0, 100) : [];
+        if (ids.length === 0)
+            return void res.json({ error: 'ids 为空' });
+        const error = req.body?.error ? String(req.body.error) : undefined;
+        const r = snfNack(db, user.id, ids, error);
+        res.json({ ok: true, reopened: r.reopened, dead_lettered: r.deadLettered });
+    });
+    app.get('/api/snf/dead-letter', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const limit = Math.min(200, Math.max(1, Number(req.query.limit) || 50));
+        const items = snfListDeadLetter(db, user.id, limit);
+        res.json({ items, count: items.length });
+    });
+    app.post('/api/snf/revive/:id', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const r = snfRevive(db, user.id, String(req.params.id));
+        if (!r.ok) {
+            const status = r.reason === 'not_found' ? 404 : r.reason === 'not_owner' ? 403 : 400;
+            return void res.status(status).json({ error: r.reason });
+        }
+        res.json({ ok: true });
+    });
+    // 显式 ack（无 ids → ack 全部未读）
+    app.post('/api/snf/ack', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const ids = Array.isArray(req.body?.ids) ? req.body.ids.map(String).slice(0, 200) : null;
+        if (ids && ids.length > 0) {
+            const r = snfAck(db, user.id, ids);
+            return void res.json({ ok: true, acked: r.acked });
+        }
+        const all = snfListInbox(db, user.id, 200, 365).filter(m => !m.delivered_at).map(m => m.id);
+        const r = snfAck(db, user.id, all);
+        res.json({ ok: true, acked: r.acked });
+    });
+    app.get('/api/snf/pending', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        res.json({ pending: snfPendingCount(db, user.id) });
+    });
+    // 验签（仅当事人或 arbitrator/admin）
+    app.get('/api/snf/:id/verify', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const r = db.prepare(`SELECT sender_id, recipient_id FROM snf_messages WHERE id = ?`).get(req.params.id);
+        if (!r)
+            return void res.status(404).json({ error: '消息不存在' });
+        const uid = user.id;
+        if (uid !== r.sender_id && uid !== r.recipient_id && user.role !== 'arbitrator' && user.role !== 'admin') {
+            return void res.status(403).json({ error: '无权验证' });
+        }
+        res.json(snfVerify(db, req.params.id));
+    });
+    app.post('/api/snf/designate', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const peers = Array.isArray(req.body?.peers) ? req.body.peers.map(String).slice(0, 5) : [];
+        snfDesignate(db, user.id, peers);
+        res.json({ ok: true, peers });
+    });
+    app.get('/api/snf/designate', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        res.json({ peers: snfGetDesignation(db, user.id), server_implicit: true });
+    });
+}

package/dist/pwa/routes/tags.js

@@ -0,0 +1,47 @@
+export function registerTagsRoutes(app, deps) {
+    const { db } = deps;
+    app.get('/api/tags/:tag/notes', (req, res) => {
+        const tag = String(req.params.tag || '').trim().toLowerCase();
+        if (!tag || tag.length > 30)
+            return void res.status(400).json({ error: 'tag invalid' });
+        const limit = Math.min(50, Math.max(1, Number(req.query.limit) || 30));
+        const rows = db.prepare(`
+      SELECT s.id, s.owner_id, s.owner_code, s.type, s.title, s.native_text,
+             s.related_product_id, s.related_anchor, s.photo_hashes,
+             s.click_count, s.like_count, s.created_at,
+             p.title AS product_title,
+             u.handle as owner_handle, u.name as owner_name,
+             t.created_at as tagged_at
+      FROM shareable_tags t
+      JOIN shareables s ON s.id = t.shareable_id
+      LEFT JOIN products p ON p.id = s.related_product_id
+      LEFT JOIN users u ON u.id = s.owner_id
+      WHERE t.tag = ? AND s.status = 'active'
+      ORDER BY s.created_at DESC LIMIT ?
+    `).all(tag, limit);
+        for (const r of rows) {
+            if (typeof r.photo_hashes === 'string') {
+                try {
+                    r.photo_hashes = JSON.parse(r.photo_hashes);
+                }
+                catch {
+                    r.photo_hashes = [];
+                }
+            }
+        }
+        const stat = db.prepare(`SELECT COUNT(*) as count FROM shareable_tags WHERE tag = ?`).get(tag);
+        res.json({ tag, count: stat.count, items: rows });
+    });
+    // 热门标签：24h + 总数综合排序
+    app.get('/api/tags/trending', (_req, res) => {
+        const rows = db.prepare(`
+      SELECT tag, COUNT(*) as total,
+        SUM(CASE WHEN created_at > datetime('now', '-1 day') THEN 1 ELSE 0 END) as recent_24h
+      FROM shareable_tags
+      GROUP BY tag
+      HAVING total >= 1
+      ORDER BY recent_24h DESC, total DESC LIMIT 20
+    `).all();
+        res.json({ items: rows });
+    });
+}