@seasonkoh/webaz 0.1.8 → 0.1.9

package/dist/layer0-foundation/L0-2-state-machine/order-chain.js

@@ -0,0 +1,156 @@
+/**
+ * L0-2b · 订单签名链
+ *
+ * 每个订单的状态转换 append 到一条 hash-chained 签名事件里。
+ * 关键性质：
+ *   1. 防篡改 — 每事件含 prev_event_hash，改任一历史事件会让后续 hash 不匹配
+ *   2. 防伪造 — 每事件含 HMAC-SHA256 签名（用 actor 的 api_key 签），server 也无法替 actor 凭空写新事件
+ *   3. 可独立验证 — 任何人拿到完整链 + 各 actor api_key（仲裁场景）可以离线 replay
+ *   4. 不替代而是补强 order_state_history — 旧表保留作为人类可读的状态历史
+ *
+ * 与 Mobazha 的 serialized_*_signature 字段同思路；区别：
+ *   - Mobazha 用 protobuf + 多方签名（buyer + vendor + moderator）
+ *   - 我们 MVP 用 JSON + HMAC（API key），实现简单。可日后升级到 Ed25519 非对称签名
+ */
+import crypto from 'crypto';
+import { generateId } from '../L0-1-database/schema.js';
+export function initOrderChainSchema(db) {
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS order_events (
+      id              TEXT PRIMARY KEY,
+      order_id        TEXT NOT NULL,
+      seq             INTEGER NOT NULL,        -- 0,1,2... 序号
+      prev_event_hash TEXT,                    -- 上一个事件的 event_hash（genesis = null）
+      event_hash      TEXT NOT NULL,           -- sha256(canonical_payload) 本事件的指纹
+      event_type      TEXT NOT NULL,           -- 'open' | 'transition' | 'cancel' ...
+      from_status     TEXT,
+      to_status       TEXT NOT NULL,
+      actor_id        TEXT NOT NULL,
+      actor_role      TEXT NOT NULL,
+      payload_json    TEXT NOT NULL,           -- 完整事件载荷（canonical 序列化）
+      signature       TEXT NOT NULL,           -- HMAC-SHA256(actor_api_key, canonical_payload)
+      signed_at       TEXT NOT NULL,
+      created_at      TEXT DEFAULT (datetime('now'))
+    )
+  `);
+    try {
+        db.exec('CREATE INDEX IF NOT EXISTS idx_oevt_order ON order_events(order_id, seq)');
+    }
+    catch { }
+    try {
+        db.exec('CREATE INDEX IF NOT EXISTS idx_oevt_actor ON order_events(actor_id, created_at DESC)');
+    }
+    catch { }
+}
+// canonical_payload — 递归 stringify，每层 key 字母序
+// 修复 ultrareview bug_012：浅排序让嵌套对象用插入序，破坏"独立验证"承诺
+// （已知问题：arbitration_ruling 时 liability_parties 是嵌套数组）
+// 与 anchor-engine.ts:canonicalSerialize 算法一致 — 两个协议层产同样 hash
+export function canonicalSerialize(obj) {
+    if (obj === null || obj === undefined)
+        return JSON.stringify(obj);
+    if (Array.isArray(obj))
+        return '[' + obj.map(canonicalSerialize).join(',') + ']';
+    if (typeof obj === 'object') {
+        const keys = Object.keys(obj).sort();
+        return '{' + keys.map(k => JSON.stringify(k) + ':' + canonicalSerialize(obj[k])).join(',') + '}';
+    }
+    return JSON.stringify(obj);
+}
+export function computeEventHash(canonicalPayload) {
+    return crypto.createHash('sha256').update(canonicalPayload).digest('hex');
+}
+export function computeEventSignature(canonicalPayload, actorApiKey) {
+    return crypto.createHmac('sha256', actorApiKey).update(canonicalPayload).digest('hex');
+}
+// 主入口 — 在 transaction 内调用，写一条事件到链尾
+export function appendOrderEvent(db, args) {
+    const actor = db.prepare('SELECT api_key FROM users WHERE id = ?').get(args.actorId);
+    if (!actor)
+        throw new Error(`actor_not_found:${args.actorId}`);
+    const last = db.prepare(`SELECT seq, event_hash FROM order_events WHERE order_id = ? ORDER BY seq DESC LIMIT 1`).get(args.orderId);
+    const seq = last ? last.seq + 1 : 0;
+    const prevHash = last ? last.event_hash : null;
+    const signedAt = new Date().toISOString();
+    const payload = {
+        order_id: args.orderId,
+        seq,
+        prev_event_hash: prevHash,
+        event_type: args.eventType,
+        from_status: args.fromStatus,
+        to_status: args.toStatus,
+        actor_id: args.actorId,
+        actor_role: args.actorRole,
+        signed_at: signedAt,
+        ...(args.extra || {}),
+    };
+    const canon = canonicalSerialize(payload);
+    const eventHash = computeEventHash(canon);
+    const signature = computeEventSignature(canon, actor.api_key);
+    const id = generateId('oevt');
+    db.prepare(`INSERT INTO order_events
+       (id, order_id, seq, prev_event_hash, event_hash, event_type, from_status, to_status,
+        actor_id, actor_role, payload_json, signature, signed_at)
+     VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)`).run(id, args.orderId, seq, prevHash, eventHash, args.eventType, args.fromStatus, args.toStatus, args.actorId, args.actorRole, canon, signature, signedAt);
+    return { id, seq, event_hash: eventHash };
+}
+// 验证整条链 — 仲裁时或任何审计场景可调
+export function verifyOrderChain(db, orderId) {
+    const rows = db.prepare(`SELECT seq, prev_event_hash, event_hash, payload_json, signature, actor_id
+       FROM order_events WHERE order_id = ? ORDER BY seq ASC`).all(orderId);
+    if (rows.length === 0)
+        return { ok: false, total: 0, verified: 0, reason: 'empty_chain' };
+    // 修复 ultrareview bug_007：transition() 的 appendOrderEvent 是 try-catch 软失败
+    // （legacy actor 缺 api_key 等场景），但 order_state_history 仍会 commit。
+    // 检测：chain 行数应该至少等于 history 行数（chain ≥ history，因为可能有 open genesis 事件无 history）
+    // 不等就说明有 silent drop，链不完整 — UI 不应再显示"验证通过"
+    const histCount = db.prepare(`SELECT COUNT(*) as n FROM order_state_history WHERE order_id = ?`).get(orderId);
+    if (histCount && rows.length < histCount.n) {
+        return { ok: false, total: rows.length, verified: 0, reason: 'chain_incomplete', history_count: histCount.n };
+    }
+    let prevHash = null;
+    for (const r of rows) {
+        // 1. prev hash 链续
+        if (r.prev_event_hash !== prevHash) {
+            return { ok: false, total: rows.length, verified: r.seq, firstBrokenSeq: r.seq, reason: 'prev_hash_mismatch' };
+        }
+        // 2. event_hash = sha256(payload)
+        const reHash = computeEventHash(r.payload_json);
+        if (reHash !== r.event_hash) {
+            return { ok: false, total: rows.length, verified: r.seq, firstBrokenSeq: r.seq, reason: 'event_hash_mismatch' };
+        }
+        // 3. signature 用 actor api_key 验
+        const actor = db.prepare('SELECT api_key FROM users WHERE id = ?').get(r.actor_id);
+        if (!actor)
+            return { ok: false, total: rows.length, verified: r.seq, firstBrokenSeq: r.seq, reason: 'actor_not_found' };
+        const reSig = computeEventSignature(r.payload_json, actor.api_key);
+        if (reSig !== r.signature) {
+            return { ok: false, total: rows.length, verified: r.seq, firstBrokenSeq: r.seq, reason: 'signature_mismatch' };
+        }
+        prevHash = r.event_hash;
+    }
+    return { ok: true, total: rows.length, verified: rows.length };
+}
+export function getOrderChain(db, orderId) {
+    const rows = db.prepare(`SELECT seq, event_type, from_status, to_status, actor_id, actor_role, signed_at,
+            event_hash, prev_event_hash, signature, payload_json
+       FROM order_events WHERE order_id = ? ORDER BY seq ASC`).all(orderId);
+    return rows.map(r => ({
+        seq: r.seq,
+        event_type: r.event_type,
+        from_status: r.from_status || null,
+        to_status: r.to_status,
+        actor_id: r.actor_id,
+        actor_role: r.actor_role,
+        signed_at: r.signed_at,
+        event_hash: r.event_hash,
+        prev_event_hash: r.prev_event_hash || null,
+        signature: r.signature,
+        payload: (() => { try {
+            return JSON.parse(r.payload_json);
+        }
+        catch {
+            return {};
+        } })(),
+    }));
+}

package/dist/layer0-foundation/L0-2-state-machine/transitions.js

@@ -45,30 +45,32 @@ export const VALID_TRANSITIONS = {
         description: '卖家将包裹交给物流，提交发货证明'
     },
     // ── 物流揽收 ──────────────────────────────────────────────
+    // Phase 1（2026-05-27）：seller 自选 self-fulfill 也可驱动这 3 个 transition（详见 docs/LOGISTICS-PHASING.md）
+    // Phase 2 logistics 市场启用后会按 order.fulfillment_mode 限定真实 logistics 角色
     'shipped→picked_up': {
-        allowedRoles: ['logistics'],
+        allowedRoles: ['seller', 'logistics'],
         deadlineField: 'pickup_deadline',
         requiresEvidence: true,
         evidenceHint: '上传：揽收扫描记录 + 当前GPS位置',
         autoFaultState: 'fault_logistics',
         faultParty: 'logistics',
-        description: '物流方确认已揽收，包裹完整'
+        description: '物流方（或 self-fulfill 卖家）确认已揽收，包裹完整'
     },
     // ── 运输中更新 ─────────────────────────────────────────────
     'picked_up→in_transit': {
-        allowedRoles: ['logistics', 'system'],
+        allowedRoles: ['seller', 'logistics', 'system'],
         requiresEvidence: false,
-        description: '包裹开始运输（可自动触发）'
+        description: '包裹开始运输（可自动触发；self-fulfill 时由 seller 主动）'
     },
     // ── 物流投递 ──────────────────────────────────────────────
     'in_transit→delivered': {
-        allowedRoles: ['logistics'],
+        allowedRoles: ['seller', 'logistics'],
         deadlineField: 'delivery_deadline',
         requiresEvidence: true,
         evidenceHint: '上传：投递照片（含门牌号）+ 收件人签收/GPS坐标',
         autoFaultState: 'fault_logistics',
         faultParty: 'logistics',
-        description: '物流确认投递完成，提交投递证明'
+        description: '物流方（或 self-fulfill 卖家）确认投递完成，提交投递证明'
     },
     // ── 买家确认 ──────────────────────────────────────────────
     'delivered→confirmed': {
@@ -116,18 +118,50 @@ export const VALID_TRANSITIONS = {
         evidenceHint: '上传：收到货物的照片 + 问题描述',
         description: '买家收货后发现货不对版或货损'
     },
-    // ── 仲裁结束 ──────────────────────────────────────────────
+    // ── 仲裁结束（旧粗粒度，保留兼容）─────────────────────────
     'disputed→completed': {
-        allowedRoles: ['arbitrator', 'system'], // system = 超时自动裁定
+        allowedRoles: ['arbitrator', 'system'],
         requiresEvidence: false,
         evidenceHint: '上传仲裁裁定书',
-        description: '仲裁员完成裁定，释放资金给卖家'
+        description: '仲裁员完成裁定，释放资金给卖家（旧粗粒度）'
     },
     'disputed→cancelled': {
-        allowedRoles: ['arbitrator', 'system'], // system = 超时自动裁定
+        allowedRoles: ['arbitrator', 'system'],
         requiresEvidence: false,
         evidenceHint: '上传仲裁裁定书',
-        description: '仲裁裁定取消交易，全额退款给买家'
+        description: '仲裁裁定取消交易，全额退款给买家（旧粗粒度）'
+    },
+    // ── 仲裁结案细化（模块 B）─────────────────────────────────
+    'disputed→resolved_for_seller': {
+        allowedRoles: ['arbitrator', 'system'],
+        requiresEvidence: false,
+        description: '仲裁裁定卖家胜诉，资金释放给卖家'
+    },
+    'disputed→refunded_partial': {
+        allowedRoles: ['arbitrator', 'system'],
+        requiresEvidence: false,
+        description: '仲裁裁定部分退款给买家'
+    },
+    'disputed→refunded_full': {
+        allowedRoles: ['arbitrator', 'system'],
+        requiresEvidence: false,
+        description: '仲裁裁定全额退款给买家，订单作废'
+    },
+    'disputed→dispute_dismissed': {
+        allowedRoles: ['arbitrator', 'system'],
+        requiresEvidence: false,
+        description: '争议被驳回（无效）'
+    },
+    // ── 超时通用兜底（system 触发）─────────────────────────────
+    'paid→expired': {
+        allowedRoles: ['system'],
+        requiresEvidence: false,
+        description: '订单超时自动失败（通用兜底）'
+    },
+    'accepted→expired': {
+        allowedRoles: ['system'],
+        requiresEvidence: false,
+        description: '订单超时自动失败（通用兜底）'
     },
     // ── 正常完成 ──────────────────────────────────────────────
     'confirmed→completed': {
@@ -184,7 +218,7 @@ export const VALID_TRANSITIONS = {
         description: '买家违约：资金转给卖家，扣除买家质押'
     },
 };
-/** 给定当前状态，返回「当前应该由谁来操作」 */
+/** 给定当前状态，返回「当前应该由谁来操作」（market-fulfill 默认表） */
 export const CURRENT_RESPONSIBLE = {
     created: 'buyer', // 等买家付款
     paid: 'seller', // 等卖家接单
@@ -195,3 +229,10 @@ export const CURRENT_RESPONSIBLE = {
     delivered: 'buyer', // 等买家确认
     disputed: 'arbitrator', // 等仲裁处理
 };
+/** Phase 1 self-fulfill 覆盖表：seller 一人承担 shipped/picked_up/in_transit 全程 */
+export const CURRENT_RESPONSIBLE_SELF_FULFILL = {
+    ...CURRENT_RESPONSIBLE,
+    shipped: 'seller',
+    picked_up: 'seller',
+    in_transit: 'seller',
+};

package/dist/layer0-foundation/L0-5-manifest/manifest.js

@@ -131,6 +131,19 @@ const ROLES = {
         key_rights: ['每笔成交自动获得 5% 物流费', '违约赔付有责任上限'],
         key_duties: ['48h 内揽收', '7天内完成投递', '必须上传揽收和投递证明'],
     },
+    reviewer: {
+        label: '测评员',
+        description: '结构化商品测评。通过 trial_campaign 申请试用免单，收货后写真实评价。',
+        stake_required: false,
+        entry_action: 'webaz_register(role=reviewer)',
+        workflow: [
+            'webaz_claim_verify(action=apply, campaign_id)  → 申请测评免单',
+            'webaz_place_order(...)  → 中签后正常下单（卖家承担费用）',
+            'webaz_update_order(action=confirm, evidence="评价文+照片")  → 收货后提交真实评价',
+        ],
+        key_rights: ['通过试用获得免费样品（中签后）', '真实评价获得声誉加成', '与其他测评员协议级竞争公平'],
+        key_duties: ['评价必须基于真实使用体验', '不得评价自己关联的卖家', '提交评价的 deadline 跟普通买家一致'],
+    },
     arbitrator: {
         label: '仲裁员',
         description: '处理争议案件，做出裁定。需要公正客观，裁定结果永久上链。',
@@ -139,7 +152,7 @@ const ROLES = {
         workflow: [
             'webaz_dispute(action=list_open)  → 查看所有待处理争议',
             'webaz_dispute(action=view, dispute_id)  → 查看争议详情和双方证据',
-            'webaz_dispute(action=arbitrate, ruling=refund_buyer|release_seller|partial_refund, ruling_reason)  → 做出裁定',
+            'webaz_dispute(action=arbitrate, ruling=refund_buyer|release_seller|partial_refund, ruling_reason)  → 做出裁定 ⚠️ 需 PWA + Passkey（Iron-Rule）',
         ],
         key_rights: ['查看所有争议详情', '做出三种裁定选择', '仲裁超时后系统自动裁定（保护所有人）'],
         key_duties: ['120h 内完成裁定（否则系统自动退款买家）', '裁定必须提供理由（永久记录）', '保持公正客观'],

package/dist/layer1-agent/L1-1-mcp-server/auth.js

@@ -7,7 +7,7 @@ export function authenticate(db, apiKey) {
     if (!apiKey || apiKey === '')
         return null;
     return db
-        .prepare('SELECT id, name, role, roles, api_key FROM users WHERE api_key = ?')
+        .prepare('SELECT id, name, handle, role, roles, api_key FROM users WHERE api_key = ?')
         .get(apiKey);
 }
 export function requireAuth(db, apiKey) {