@seasonkoh/webaz 0.1.7 → 0.1.9

package/dist/layer2-business/L2-notes/note-photo-storage.js

@@ -0,0 +1,133 @@
+// 笔记图片 — 内容寻址 blob 存储（复用 evidence-storage 模式）
+// 原则：买家无 P2P 节点 → server 持有 blob + hash；图片 hash 跨笔记唯一（防剽窃）
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+import { createHash } from 'crypto';
+const NOTE_PHOTO_DIR = path.join(os.homedir(), '.webaz', 'note-photos');
+if (!fs.existsSync(NOTE_PHOTO_DIR))
+    fs.mkdirSync(NOTE_PHOTO_DIR, { recursive: true });
+export const NOTE_PHOTO_MAX_BYTES = 5 * 1024 * 1024; // 5MB / 张 — 比证据更小（笔记图典型 JPG）
+export const NOTE_PHOTO_ALLOWED_MIME = new Set([
+    'image/jpeg', 'image/png', 'image/webp',
+]);
+function blobPathFor(hash) {
+    const sub = hash.slice(0, 2);
+    const dir = path.join(NOTE_PHOTO_DIR, sub);
+    if (!fs.existsSync(dir))
+        fs.mkdirSync(dir, { recursive: true });
+    return path.join(dir, hash);
+}
+export function blobPathForHash(hash) {
+    return blobPathFor(hash);
+}
+export function noteBlobExists(hash) {
+    return fs.existsSync(blobPathFor(hash));
+}
+// 写 blob，返回是否 dedup（已存在则不重写）
+export function writeNotePhoto(blob, declaredHash, mime) {
+    if (!blob || blob.length === 0)
+        throw new Error('photo_empty');
+    if (blob.length > NOTE_PHOTO_MAX_BYTES)
+        throw new Error('photo_too_large');
+    if (!NOTE_PHOTO_ALLOWED_MIME.has(mime))
+        throw new Error('photo_mime_not_allowed');
+    const actualHash = createHash('sha256').update(blob).digest('hex');
+    if (actualHash !== declaredHash)
+        throw new Error('photo_hash_mismatch');
+    const bp = blobPathFor(actualHash);
+    if (fs.existsSync(bp))
+        return { hash: actualHash, dedup: true, size: blob.length };
+    fs.writeFileSync(bp, blob);
+    return { hash: actualHash, dedup: false, size: blob.length };
+}
+export function readNotePhoto(hash) {
+    if (!/^[0-9a-f]{64}$/.test(hash))
+        throw new Error('photo_bad_hash');
+    const bp = blobPathFor(hash);
+    if (!fs.existsSync(bp))
+        throw new Error('photo_not_found');
+    const blob = fs.readFileSync(bp);
+    // 完整性二次校验
+    const actualHash = createHash('sha256').update(blob).digest('hex');
+    if (actualHash !== hash)
+        throw new Error('photo_corrupted');
+    // mime 用 magic byte 嗅探（不依赖 db 字段）
+    const mime = sniffImageMime(blob);
+    return { blob, mime };
+}
+function sniffImageMime(b) {
+    if (b.length >= 3 && b[0] === 0xFF && b[1] === 0xD8 && b[2] === 0xFF)
+        return 'image/jpeg';
+    if (b.length >= 8 && b[0] === 0x89 && b[1] === 0x50 && b[2] === 0x4E && b[3] === 0x47)
+        return 'image/png';
+    if (b.length >= 12 && b[8] === 0x57 && b[9] === 0x45 && b[10] === 0x42 && b[11] === 0x50)
+        return 'image/webp';
+    return 'application/octet-stream';
+}
+// 清理孤儿 blob — disk 上有但 note_photo_index 没引用的 hash
+// graceMs：刚上传但还没创建笔记的图片需要保留窗口（默认 1 小时）
+//   - 用户先 POST /api/notes/photo 拿 hash
+//   - 再 POST /api/shareables 把 hash 写进 note_photo_index
+//   - 中间窗口（典型 几十秒）误删会让上传白费
+// 由 cron 每天调一次（与 evidence cleanup 同节奏）
+export function cleanupOrphanNotePhotos(db, graceMs = 60 * 60 * 1000) {
+    if (!fs.existsSync(NOTE_PHOTO_DIR))
+        return { swept: 0, bytes: 0 };
+    let swept = 0;
+    let bytes = 0;
+    const now = Date.now();
+    let subs;
+    try {
+        subs = fs.readdirSync(NOTE_PHOTO_DIR);
+    }
+    catch {
+        return { swept: 0, bytes: 0 };
+    }
+    for (const sub of subs) {
+        const subPath = path.join(NOTE_PHOTO_DIR, sub);
+        let stat;
+        try {
+            stat = fs.statSync(subPath);
+        }
+        catch {
+            continue;
+        }
+        if (!stat.isDirectory())
+            continue;
+        let files;
+        try {
+            files = fs.readdirSync(subPath);
+        }
+        catch {
+            continue;
+        }
+        for (const fname of files) {
+            if (!/^[0-9a-f]{64}$/.test(fname))
+                continue; // 跳过非内容寻址文件
+            const fp = path.join(subPath, fname);
+            let fstat;
+            try {
+                fstat = fs.statSync(fp);
+            }
+            catch {
+                continue;
+            }
+            // Math.max(0, ...) 防文件系统亚毫秒级时间戳偏差导致 age 为负
+            // 否则 graceMs=0 时永远 skip（mtime 取自 stat 可能比 Date.now() 大几十微秒）
+            const age = Math.max(0, now - fstat.mtimeMs);
+            if (age < graceMs)
+                continue; // grace 窗口内保留
+            const row = db.prepare(`SELECT 1 FROM note_photo_index WHERE hash = ?`).get(fname);
+            if (!row) {
+                try {
+                    bytes += fstat.size;
+                    fs.unlinkSync(fp);
+                    swept++;
+                }
+                catch { /* 并发清理或权限错误 */ }
+            }
+        }
+    }
+    return { swept, bytes };
+}

package/dist/layer3-trust/L3-1-dispute-engine/dispute-engine.js

@@ -140,7 +140,7 @@ export function respondToDispute(db, disputeId, responderId, notes, evidenceIds)
   `).run(notes, JSON.stringify(evidenceIds), disputeId);
     return {
         success: true,
-        message: '反驳证据已提交，争议进入仲裁阶段。仲裁员将在 72 小时内做出裁定。',
+        message: '反驳证据已提交，争议进入仲裁阶段。仲裁员将在 120 小时（5 天）内做出裁定，超时协议自动判初诉方胜。',
     };
 }
 export function arbitrateDispute(db, disputeId, arbitratorId, ruling, reason, refundAmount, liabilityParties, liablePartyId // 指定责任方 user_id（用于 partial_refund 第三方责任场景）
@@ -333,7 +333,7 @@ function executeLiabilitySplit(db, orderId, liabilityParties, buyerRefund) {
                     .run(stakeAmount, stakeAmount, sellerId);
             }
         }
-        transition(db, orderId, 'cancelled', sysUser.id, [], `争议裁定：责任分配，退款买家 ${actualRefund} WAZ`);
+        transition(db, orderId, 'refunded_partial', sysUser.id, [], `争议裁定：责任分配，退款买家 ${actualRefund} WAZ`);
     })();
     return {
         success: true,
@@ -411,7 +411,7 @@ function executeSettlement(db, orderId, ruling, refundAmount, liablePartyId) {
                     db.prepare('UPDATE wallets SET balance = balance + ? WHERE user_id = ?').run(penalty, buyerId);
                 }
             }
-            transition(db, orderId, 'cancelled', sysUser.id, [], `争议裁定：退款买家，质押惩罚 ${penalty} WAZ`);
+            transition(db, orderId, 'refunded_full', sysUser.id, [], `争议裁定：退款买家，质押惩罚 ${penalty} WAZ`);
         })();
         return {
             success: true,
@@ -440,7 +440,7 @@ function executeSettlement(db, orderId, ruling, refundAmount, liablePartyId) {
                 db.prepare('UPDATE wallets SET staked = staked - ?, balance = balance + ? WHERE user_id = ?')
                     .run(stakeAmount, stakeAmount, sellerId);
             }
-            transition(db, orderId, 'completed', sysUser.id, [], '争议裁定：卖家胜诉，资金释放完成');
+            transition(db, orderId, 'resolved_for_seller', sysUser.id, [], '争议裁定：卖家胜诉，资金释放完成');
         })();
         return {
             success: true,
@@ -493,7 +493,7 @@ function executeSettlement(db, orderId, ruling, refundAmount, liablePartyId) {
                     // 4. 赔偿金给买家
                     db.prepare('UPDATE wallets SET balance = balance + ? WHERE user_id = ?').run(actualRefund, buyerId);
                 }
-                transition(db, orderId, 'completed', sysUser.id, [], `争议裁定：第三方责任赔偿 ${actualRefund} WAZ，卖家全额结算`);
+                transition(db, orderId, 'refunded_partial', sysUser.id, [], `争议裁定：第三方责任赔偿 ${actualRefund} WAZ，卖家全额结算`);
             })();
             return {
                 success: true,
@@ -524,7 +524,7 @@ function executeSettlement(db, orderId, ruling, refundAmount, liablePartyId) {
                     db.prepare('UPDATE wallets SET staked = staked - ?, balance = balance + ? WHERE user_id = ?')
                         .run(stakeAmount, stakeReturn, sellerId);
                 }
-                transition(db, orderId, 'cancelled', sysUser.id, [], `争议裁定：部分退款 ${refund} WAZ`);
+                transition(db, orderId, 'refunded_partial', sysUser.id, [], `争议裁定：部分退款 ${refund} WAZ`);
             })();
             return {
                 success: true,

package/dist/layer3-trust/L3-1-dispute-engine/evidence-storage.js

@@ -0,0 +1,246 @@
+// L0-4 证据上传通道 — 内容寻址 blob 存储 + HMAC 签名 + 哈希再校验 + TTL 清理
+// 原则：信息谁创造谁存储；server 只存 blob + hash + sig；过期自动清理
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+import { createHash, createHmac } from 'crypto';
+import { generateId } from '../../layer0-foundation/L0-1-database/schema.js';
+const EVIDENCE_DIR = path.join(os.homedir(), '.webaz', 'evidence');
+if (!fs.existsSync(EVIDENCE_DIR))
+    fs.mkdirSync(EVIDENCE_DIR, { recursive: true });
+export const EVIDENCE_MAX_BYTES = 20 * 1024 * 1024;
+export const EVIDENCE_ALLOWED_MIME = new Set([
+    'image/jpeg', 'image/png', 'image/webp', 'image/gif',
+    'video/mp4', 'video/webm', 'video/quicktime',
+    'application/pdf',
+    'text/plain',
+]);
+export const EVIDENCE_TTL_DAYS_AFTER_RESOLVED = 90;
+function blobPathFor(hash) {
+    const sub = hash.slice(0, 2);
+    const dir = path.join(EVIDENCE_DIR, sub);
+    if (!fs.existsSync(dir))
+        fs.mkdirSync(dir, { recursive: true });
+    return path.join(dir, hash);
+}
+export function ensureEvidenceColumns(db) {
+    const cols = [
+        `ALTER TABLE evidence ADD COLUMN size INTEGER DEFAULT 0`,
+        `ALTER TABLE evidence ADD COLUMN mime TEXT`,
+        `ALTER TABLE evidence ADD COLUMN sig TEXT`,
+        `ALTER TABLE evidence ADD COLUMN dispute_id TEXT`,
+        `ALTER TABLE evidence ADD COLUMN expires_at TEXT`,
+        `ALTER TABLE evidence ADD COLUMN withdrawn_at TEXT`,
+        `ALTER TABLE evidence ADD COLUMN filename TEXT`,
+        // 跨窗反诈一致性：W4 仲裁陈述/证据描述也跑 detectFraud
+        `ALTER TABLE evidence ADD COLUMN flag_reasons TEXT`,
+    ];
+    for (const stmt of cols) {
+        try {
+            db.exec(stmt);
+        }
+        catch { /* 列已存在 */ }
+    }
+    try {
+        db.exec('CREATE INDEX IF NOT EXISTS idx_evidence_dispute ON evidence(dispute_id)');
+    }
+    catch { }
+    try {
+        db.exec('CREATE INDEX IF NOT EXISTS idx_evidence_uploader ON evidence(uploader_id)');
+    }
+    catch { }
+    try {
+        db.exec('CREATE INDEX IF NOT EXISTS idx_evidence_expires ON evidence(expires_at)');
+    }
+    catch { }
+}
+function canonicalEvidenceMeta(m) {
+    return [m.uploaderId, m.disputeId, m.hash, String(m.size), m.mime, m.description].join('|');
+}
+function isPartyOrArbitrator(db, disputeId, userId) {
+    const dispute = db.prepare('SELECT order_id, initiator_id, defendant_id, assigned_arbitrators FROM disputes WHERE id = ?').get(disputeId);
+    if (!dispute)
+        return false;
+    const order = db.prepare('SELECT buyer_id, seller_id, logistics_id FROM orders WHERE id = ?').get(dispute.order_id);
+    const arbitrators = JSON.parse(dispute.assigned_arbitrators || '[]');
+    const parties = new Set([
+        order?.buyer_id, order?.seller_id, order?.logistics_id,
+        dispute.initiator_id, dispute.defendant_id,
+        ...arbitrators,
+    ].filter(Boolean));
+    return parties.has(userId);
+}
+export function uploadEvidence(db, args) {
+    if (!args.blob || args.blob.length === 0)
+        throw new Error('evidence_empty');
+    if (args.blob.length > EVIDENCE_MAX_BYTES)
+        throw new Error('evidence_too_large');
+    if (!EVIDENCE_ALLOWED_MIME.has(args.mime))
+        throw new Error('evidence_mime_not_allowed');
+    if (!args.description || args.description.length < 4)
+        throw new Error('evidence_description_too_short');
+    if (args.description.length > 500)
+        throw new Error('evidence_description_too_long');
+    const actualHash = createHash('sha256').update(args.blob).digest('hex');
+    if (actualHash !== args.declaredHash)
+        throw new Error('evidence_hash_mismatch');
+    const dispute = db.prepare('SELECT order_id, status FROM disputes WHERE id = ?').get(args.disputeId);
+    if (!dispute)
+        throw new Error('dispute_not_found');
+    if (dispute.status === 'resolved' || dispute.status === 'dismissed') {
+        throw new Error('dispute_already_closed');
+    }
+    if (!isPartyOrArbitrator(db, args.disputeId, args.uploaderId)) {
+        throw new Error('not_dispute_party');
+    }
+    const sig = createHmac('sha256', args.uploaderApiKey)
+        .update(canonicalEvidenceMeta({
+        uploaderId: args.uploaderId,
+        disputeId: args.disputeId,
+        hash: actualHash,
+        size: args.blob.length,
+        mime: args.mime,
+        description: args.description,
+    })).digest('hex');
+    const bp = blobPathFor(actualHash);
+    const blobExists = fs.existsSync(bp);
+    const evType = args.mime.startsWith('image/') ? 'photo'
+        : args.mime.startsWith('video/') ? 'video'
+            : args.mime === 'application/pdf' ? 'document'
+                : 'document';
+    const eid = generateId('evt');
+    // 审计加固（A）：DB INSERT + party_evidence_ids 更新一个事务；blob 落盘放到 commit 后
+    // 这样 INSERT 失败 → blob 没写 → 无孤儿；blob 写失败 → tombstone row
+    db.transaction(() => {
+        db.prepare(`
+      INSERT INTO evidence (id, order_id, uploader_id, type, description, file_path, file_hash, size, mime, sig, dispute_id, filename)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `).run(eid, dispute.order_id, args.uploaderId, evType, args.description, `evidence/${actualHash.slice(0, 2)}/${actualHash}`, actualHash, args.blob.length, args.mime, sig, args.disputeId, args.filename || null);
+        const d = db.prepare('SELECT party_evidence_ids FROM disputes WHERE id = ?').get(args.disputeId);
+        if (d) {
+            const arr = JSON.parse(d.party_evidence_ids || '[]');
+            arr.push(eid);
+            db.prepare('UPDATE disputes SET party_evidence_ids = ? WHERE id = ?').run(JSON.stringify(arr), args.disputeId);
+        }
+    })();
+    // INSERT 已提交后再落盘；写失败 → 立刻 tombstone（withdrawn_at）防止 readEvidence 返 evidence_blob_missing 给参与方
+    if (!blobExists) {
+        try {
+            fs.writeFileSync(bp, args.blob);
+        }
+        catch (e) {
+            db.prepare(`UPDATE evidence SET withdrawn_at = datetime('now') WHERE id = ?`).run(eid);
+            throw new Error('evidence_blob_write_failed');
+        }
+    }
+    return { id: eid, hash: actualHash, sig, dedup: blobExists, size: args.blob.length };
+}
+export function readEvidenceBlob(db, evidenceId, requesterId) {
+    const ev = db.prepare('SELECT id, dispute_id, file_hash, mime, filename, withdrawn_at FROM evidence WHERE id = ?').get(evidenceId);
+    if (!ev)
+        throw new Error('evidence_not_found');
+    if (ev.withdrawn_at)
+        throw new Error('evidence_withdrawn');
+    if (!isPartyOrArbitrator(db, ev.dispute_id, requesterId)) {
+        throw new Error('not_dispute_party');
+    }
+    const bp = blobPathFor(ev.file_hash);
+    if (!fs.existsSync(bp))
+        throw new Error('evidence_blob_missing');
+    const blob = fs.readFileSync(bp);
+    const actualHash = createHash('sha256').update(blob).digest('hex');
+    if (actualHash !== ev.file_hash)
+        throw new Error('evidence_corrupted');
+    return {
+        blob,
+        mime: ev.mime || 'application/octet-stream',
+        filename: ev.filename || null,
+        hash: ev.file_hash,
+    };
+}
+export function withdrawEvidence(db, evidenceId, uploaderId) {
+    const ev = db.prepare('SELECT uploader_id, dispute_id, withdrawn_at FROM evidence WHERE id = ?').get(evidenceId);
+    if (!ev)
+        throw new Error('evidence_not_found');
+    if (ev.uploader_id !== uploaderId)
+        throw new Error('not_uploader');
+    if (ev.withdrawn_at)
+        return;
+    const dispute = db.prepare('SELECT status FROM disputes WHERE id = ?').get(ev.dispute_id);
+    if (dispute && (dispute.status === 'resolved' || dispute.status === 'dismissed')) {
+        throw new Error('dispute_closed_cannot_withdraw');
+    }
+    db.prepare(`UPDATE evidence SET withdrawn_at = datetime('now') WHERE id = ?`).run(evidenceId);
+    const d = db.prepare('SELECT party_evidence_ids FROM disputes WHERE id = ?').get(ev.dispute_id);
+    if (d) {
+        const arr = JSON.parse(d.party_evidence_ids || '[]');
+        const filtered = arr.filter(x => x !== evidenceId);
+        db.prepare('UPDATE disputes SET party_evidence_ids = ? WHERE id = ?').run(JSON.stringify(filtered), ev.dispute_id);
+    }
+}
+export function listEvidence(db, disputeId, requesterId) {
+    if (!isPartyOrArbitrator(db, disputeId, requesterId)) {
+        throw new Error('not_dispute_party');
+    }
+    return db.prepare(`
+    SELECT id, uploader_id, type, description, file_hash, size, mime, sig, filename, created_at, withdrawn_at
+    FROM evidence
+    WHERE dispute_id = ?
+    ORDER BY created_at ASC
+  `).all(disputeId);
+}
+export function markEvidenceExpiry(db, disputeId) {
+    const exp = new Date(Date.now() + EVIDENCE_TTL_DAYS_AFTER_RESOLVED * 24 * 3600 * 1000).toISOString();
+    db.prepare(`UPDATE evidence SET expires_at = ? WHERE dispute_id = ? AND expires_at IS NULL`).run(exp, disputeId);
+}
+export function cleanupExpiredEvidence(db) {
+    const candidates = db.prepare(`
+    SELECT DISTINCT file_hash FROM evidence
+    WHERE (withdrawn_at IS NOT NULL OR (expires_at IS NOT NULL AND datetime(expires_at) < datetime('now')))
+      AND file_hash IS NOT NULL
+  `).all();
+    let swept = 0;
+    let bytes = 0;
+    for (const c of candidates) {
+        const live = db.prepare(`
+      SELECT 1 FROM evidence
+      WHERE file_hash = ?
+        AND withdrawn_at IS NULL
+        AND (expires_at IS NULL OR datetime(expires_at) >= datetime('now'))
+      LIMIT 1
+    `).get(c.file_hash);
+        if (live)
+            continue;
+        const bp = blobPathFor(c.file_hash);
+        if (fs.existsSync(bp)) {
+            try {
+                bytes += fs.statSync(bp).size;
+                fs.unlinkSync(bp);
+                swept++;
+            }
+            catch { /* concurrent cleanup */ }
+        }
+    }
+    return { swept, bytes };
+}
+export function verifyEvidenceSig(db, evidenceId) {
+    const ev = db.prepare(`
+    SELECT e.id, e.uploader_id, e.dispute_id, e.file_hash, e.size, e.mime, e.description, e.sig,
+           u.api_key
+    FROM evidence e JOIN users u ON u.id = e.uploader_id
+    WHERE e.id = ?
+  `).get(evidenceId);
+    if (!ev)
+        return { ok: false, reason: 'evidence_not_found' };
+    if (!ev.sig)
+        return { ok: false, reason: 'no_sig' };
+    const expected = createHmac('sha256', ev.api_key).update(canonicalEvidenceMeta({
+        uploaderId: ev.uploader_id,
+        disputeId: ev.dispute_id,
+        hash: ev.file_hash,
+        size: ev.size,
+        mime: ev.mime,
+        description: ev.description,
+    })).digest('hex');
+    return expected === ev.sig ? { ok: true } : { ok: false, reason: 'sig_mismatch' };
+}

package/dist/layer4-economics/L4-3-reputation/reputation-engine.js

@@ -41,6 +41,49 @@ export function initReputationSchema(db) {
 
     CREATE INDEX IF NOT EXISTS idx_rep_events_user ON reputation_events(user_id, created_at DESC);
   `);
+    // 衰减时间戳列（月衰减幂等保护）
+    try {
+        db.exec(`ALTER TABLE reputation_scores ADD COLUMN last_decay_at TEXT`);
+    }
+    catch { }
+}
+// ─── 月衰减 — 防躺平 ─────────────────────────────────────────
+// 月降 2%，年损 ≈22%；equilibrium 在月赚 100 分时 = 5000（Legend tier）
+// 启动时调用，last_decay_at ≥25 天才会触发 — 重启幂等
+const DECAY_RATE = 0.02;
+const DECAY_MIN_INTERVAL_DAYS = 25;
+export function applyDecayIfDue(db, opts) {
+    if (!opts?.force) {
+        // 检查上次衰减时间 — 任一卖家 last_decay_at < 25 天则跳过
+        const recent = db.prepare(`
+      SELECT MAX(last_decay_at) as latest FROM reputation_scores
+      WHERE last_decay_at IS NOT NULL
+    `).get();
+        if (recent?.latest) {
+            const lastMs = new Date(recent.latest.replace(' ', 'T') + 'Z').getTime();
+            const daysSince = (Date.now() - lastMs) / 86400_000;
+            if (daysSince < DECAY_MIN_INTERVAL_DAYS) {
+                return { applied: false, affected: 0, rate: DECAY_RATE, reason: `last_decay ${daysSince.toFixed(1)}d ago — skip` };
+            }
+        }
+    }
+    const rows = db.prepare(`SELECT user_id, total_points, level FROM reputation_scores WHERE total_points > 0`).all();
+    let affected = 0;
+    const tx = db.transaction(() => {
+        for (const r of rows) {
+            const newTotal = Math.max(0, Math.floor(r.total_points * (1 - DECAY_RATE)));
+            if (newTotal === r.total_points)
+                continue; // 0 分跳过
+            const newLevel = getLevelWithHysteresis(newTotal, r.level).key;
+            db.prepare(`UPDATE reputation_scores SET total_points = ?, level = ?, last_decay_at = datetime('now'), updated_at = datetime('now') WHERE user_id = ?`)
+                .run(newTotal, newLevel, r.user_id);
+            affected++;
+        }
+        // 也给 last_decay_at 已 NULL 的 0 分卖家盖个戳，避免下次重跑全表
+        db.prepare(`UPDATE reputation_scores SET last_decay_at = datetime('now') WHERE last_decay_at IS NULL`).run();
+    });
+    tx();
+    return { applied: true, affected, rate: DECAY_RATE };
 }
 export const LEVELS = [
     { key: 'new', label: '新手', icon: '🌱', minPoints: 0, stakeDiscount: 0, searchBoost: 0, badge: '' },
@@ -57,6 +100,27 @@ export function getLevel(points) {
     }
     return level;
 }
+// 落级缓冲（hysteresis）— 防一次违约直接掉等级
+// 升级用 minPoints，落级须低于 (minPoints - buffer)；buffer 约 5–10% 当前下限
+const FALL_BUFFER = {
+    new: 0,
+    trusted: 50, // 200 升 → 150 落
+    quality: 100, // 800 升 → 700 落
+    star: 150, // 2000 升 → 1850 落
+    legend: 250, // 5000 升 → 4750 落
+};
+export function getLevelWithHysteresis(points, currentLevel) {
+    const target = getLevel(points);
+    if (!currentLevel || currentLevel === 'new')
+        return target;
+    const curIdx = LEVELS.findIndex(l => l.key === currentLevel);
+    const tgtIdx = LEVELS.findIndex(l => l.key === target.key);
+    if (tgtIdx >= curIdx)
+        return target; // 升级 / 不变：直通
+    // 降级：仅当 points 跌破 (currentMin - buffer) 时真落，否则维持当前等级
+    const cur = LEVELS[curIdx];
+    return points >= cur.minPoints - (FALL_BUFFER[cur.key] || 0) ? cur : target;
+}
 const EVENT_POINTS = {
     order_completed: (role) => role === 'seller' ? 10 : role === 'logistics' ? 8 : 5,
     fast_accept: () => 5,
@@ -66,6 +130,12 @@ const EVENT_POINTS = {
     dispute_won: () => 8,
     dispute_lost: () => -25,
     timeout_violation: () => -40,
+    claim_upheld_against: () => -15,
+    claim_dismissed_false: () => -10,
+    claim_correct: () => 5,
+    rating_received_good: () => 3,
+    rating_received_neutral: () => 0,
+    rating_received_bad: () => -5,
 };
 // ─── 写入声誉事件 ─────────────────────────────────────────────
 export function recordRepEvent(db, userId, eventType, reason, orderId, role) {
@@ -95,7 +165,7 @@ export function recordRepEvent(db, userId, eventType, reason, orderId, role) {
       violations        = violations + ?,
       level             = ?,
       updated_at        = datetime('now')
-    WHERE user_id = ?`).run(newTotal, isDone ? 1 : 0, isDisputeWon ? 1 : 0, isDisputeLost ? 1 : 0, isViolation ? 1 : 0, getLevel(newTotal).key, userId);
+    WHERE user_id = ?`).run(newTotal, isDone ? 1 : 0, isDisputeWon ? 1 : 0, isDisputeLost ? 1 : 0, isViolation ? 1 : 0, getLevelWithHysteresis(newTotal, existing.level).key, userId);
     }
 }
 // ─── 订单结算时一次性记录所有声誉事件 ────────────────────────
@@ -163,6 +233,30 @@ export function recordViolationReputation(db, orderId, faultStatus) {
     if (faultStatus === 'fault_buyer' && order.buyer_id)
         recordRepEvent(db, order.buyer_id, 'timeout_violation', '超时违约（买家）', orderId);
 }
+// ─── 评价反哺声誉 ─────────────────────────────────────────────
+// L2-5 评价系统钩子：1-5 星 → 4 档信号
+//   5/4 星 → rating_received_good   (+3)
+//   3 星   → rating_received_neutral ( 0)，仅留档
+//   2/1 星 → rating_received_bad    (-5)
+// 给 reviewer 自己也记 0 分入账事件，防"打低分换分"且为审计提供痕迹
+export function recordRatingReputation(db, args) {
+    const { orderId, revieweeId, revieweeRole, stars } = args;
+    let eventType;
+    let reason;
+    if (stars >= 4) {
+        eventType = 'rating_received_good';
+        reason = `收到 ${stars} 星好评`;
+    }
+    else if (stars === 3) {
+        eventType = 'rating_received_neutral';
+        reason = '收到 3 星中评';
+    }
+    else {
+        eventType = 'rating_received_bad';
+        reason = `收到 ${stars} 星差评`;
+    }
+    recordRepEvent(db, revieweeId, eventType, reason, orderId, revieweeRole);
+}
 // ─── 争议结算时记录声誉 ───────────────────────────────────────
 export function recordDisputeReputation(db, orderId, winnerId, loserId) {
     recordRepEvent(db, winnerId, 'dispute_won', '争议胜诉', orderId);

package/dist/layer4-economics/L4-4-skill-market/skill-engine.js

@@ -58,34 +58,61 @@ export function initSkillSchema(db) {
     CREATE INDEX IF NOT EXISTS idx_sub_user      ON skill_subscriptions(user_id, active);
   `);
 }
-// Skill 类型对应的元信息（描述给 Agent 看）
+// Skill 类型对应的元信息（描述给 Agent 看；双语支持）
 export const SKILL_TYPE_META = {
     catalog_sync: {
         label: '目录同步',
+        label_en: 'Catalog sync',
         icon: '🔄',
         description: '将卖家的外部商品目录（Amazon/Shopify/自定义）同步到 DCP，买家 Agent 订阅后可优先发现这些商品。',
+        description_en: 'Sync seller external catalogs (Amazon/Shopify/custom) to DCP — subscribed buyer agents discover these first.',
     },
     auto_accept: {
         label: '自动接单',
+        label_en: 'Auto accept',
         icon: '⚡',
         description: '买家下单后卖家立即自动接受（无需手动确认），减少买家等待，提升转化率。',
+        description_en: 'Auto-accept incoming orders without manual confirmation — reduces buyer wait and lifts conversion.',
+    },
+    auto_bid: {
+        label: '自动报价',
+        label_en: 'Auto bid',
+        icon: '🤖',
+        description: 'RFQ 求购单创建时，按预设规则（类目/地区/ETA/价格策略）自动向匹配的 RFQ 提交 bid，捕获急单流量。',
+        description_en: 'When an RFQ is posted, auto-submit a bid by your rules (category/region/ETA/strategy) — captures urgent demand.',
     },
     price_negotiation: {
         label: '价格协商',
+        label_en: 'Price negotiation',
         icon: '🤝',
         description: '允许买家 Agent 在指定范围内自动议价，无需人工参与价格谈判。',
+        description_en: 'Allow buyer agents to auto-negotiate within set bounds — no human required.',
     },
     quality_guarantee: {
         label: '质量承诺',
+        label_en: 'Quality guarantee',
         icon: '🛡️',
         description: '卖家额外质押 DCP 作为质量保证金，问题订单买家可获得额外赔偿。',
+        description_en: 'Seller stakes extra WAZ as quality bond — buyer gets additional compensation on disputes.',
     },
     instant_ship: {
         label: '极速发货',
+        label_en: 'Instant ship',
         icon: '🚀',
         description: '卖家承诺 24h 内发货，违约自动赔付。适合现货充足的卖家。',
+        description_en: 'Seller commits to shipping within 24h; auto-payout on violation.',
     },
 };
+// 各 skill_type 的默认 config（QA 轮 16 P2：publish 不传 config → config_preview 空 {}）
+// publish 时若 config 缺省，套用这里的合理默认，agent 可后续 PATCH 调整
+export const DEFAULT_SKILL_CONFIG = {
+    catalog_sync: { source: 'custom', auto_refresh_hours: 24 },
+    auto_accept: { enabled: true, max_order_value: null },
+    auto_bid: { enabled: true, categories: ['standard'], regions: [], max_eta_h: 24, bid_strategy: 'cheapest_undercut', undercut_pct: 0.05, max_price_cap: null, daily_cap: 20, cooldown_min: 60 },
+    price_negotiation: { enabled: true, min_accept_pct: 0.85, max_rounds: 3 },
+    quality_guarantee: { bond_amount: 0, compensation_pct: 0.5 },
+    instant_ship: { ship_within_hours: 24, penalty_pct: 0.1 },
+};
 export function publishSkill(db, input) {
     const seller = db.prepare('SELECT id, role, name FROM users WHERE id = ?').get(input.sellerId);
     if (!seller)
@@ -97,7 +124,9 @@ export function publishSkill(db, input) {
     if (exists)
         throw new Error('你已发布过同名同类型的 Skill，请先修改现有 Skill');
     const id = generateId('skl');
-    const config = JSON.stringify(input.config ?? {});
+    // QA 轮 16 P2：config 缺省时套用 per-type 默认（避免 config_preview 空 {}）
+    const hasConfig = input.config && Object.keys(input.config).length > 0;
+    const config = JSON.stringify(hasConfig ? input.config : (DEFAULT_SKILL_CONFIG[input.skillType] ?? {}));
     db.prepare(`
     INSERT INTO skills (id, seller_id, name, description, category, skill_type, config, price_per_use)
     VALUES (?, ?, ?, ?, ?, ?, ?, ?)