npm - @seasonkoh/webaz - Versions diffs - 0.1.8 → 0.1.9 - Mend

@seasonkoh/webaz 0.1.8 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (153) hide show

package/LICENSE +48 -0
package/README.md +156 -20
package/dist/layer0-foundation/L0-1-database/schema.js +5 -4
package/dist/layer0-foundation/L0-2-state-machine/engine.js +228 -7
package/dist/layer0-foundation/L0-2-state-machine/order-chain.js +156 -0
package/dist/layer0-foundation/L0-2-state-machine/transitions.js +53 -12
package/dist/layer0-foundation/L0-5-manifest/manifest.js +14 -1
package/dist/layer1-agent/L1-1-mcp-server/auth.js +1 -1
package/dist/layer1-agent/L1-1-mcp-server/server.js +3543 -852
package/dist/layer1-agent/L1-2-external-anchor/anchor-engine.js +324 -0
package/dist/layer1-agent/L1-2-identity/agent-passport.js +100 -0
package/dist/layer2-business/L2-6-notifications/notification-engine.js +72 -5
package/dist/layer2-business/L2-7-snf/snf-engine.js +287 -0
package/dist/layer2-business/L2-anchor-registry/anchor-registry.js +396 -0
package/dist/layer2-business/L2-notes/note-photo-storage.js +133 -0
package/dist/layer3-trust/L3-1-dispute-engine/dispute-engine.js +6 -6
package/dist/layer3-trust/L3-1-dispute-engine/evidence-storage.js +246 -0
package/dist/layer4-economics/L4-3-reputation/reputation-engine.js +95 -1
package/dist/layer4-economics/L4-4-skill-market/skill-engine.js +31 -2
package/dist/layer4-economics/L4-4-skill-market/skill-listing-engine.js +358 -0
package/dist/pwa/public/app.js +31230 -2345
package/dist/pwa/public/i18n.js +5282 -111
package/dist/pwa/public/icon.svg +11 -0
package/dist/pwa/public/index.html +4 -1
package/dist/pwa/public/manifest.json +39 -4
package/dist/pwa/public/openapi.json +5946 -0
package/dist/pwa/public/style.css +278 -5
package/dist/pwa/public/sw.js +41 -2
package/dist/pwa/public/vendor/jsQR.js +10102 -0
package/dist/pwa/public/webaz-logo.png +0 -0
package/dist/pwa/routes/account-deletion.js +53 -0
package/dist/pwa/routes/addresses.js +105 -0
package/dist/pwa/routes/admin-admins.js +151 -0
package/dist/pwa/routes/admin-analytics.js +253 -0
package/dist/pwa/routes/admin-atomic.js +21 -0
package/dist/pwa/routes/admin-catalog.js +64 -0
package/dist/pwa/routes/admin-editor-picks.js +45 -0
package/dist/pwa/routes/admin-events.js +60 -0
package/dist/pwa/routes/admin-health.js +66 -0
package/dist/pwa/routes/admin-moderation.js +120 -0
package/dist/pwa/routes/admin-ops.js +179 -0
package/dist/pwa/routes/admin-protocol-params.js +79 -0
package/dist/pwa/routes/admin-reports.js +154 -0
package/dist/pwa/routes/admin-tokenomics.js +113 -0
package/dist/pwa/routes/admin-users-lifecycle.js +237 -0
package/dist/pwa/routes/admin-users-query.js +390 -0
package/dist/pwa/routes/admin-verifier-flow.js +126 -0
package/dist/pwa/routes/admin-verifier-whitelist.js +111 -0
package/dist/pwa/routes/admin-wallet-ops.js +66 -0
package/dist/pwa/routes/agent-buy.js +215 -0
package/dist/pwa/routes/agent-governance.js +341 -0
package/dist/pwa/routes/agent-reputation.js +34 -0
package/dist/pwa/routes/ai.js +101 -0
package/dist/pwa/routes/analytics.js +272 -0
package/dist/pwa/routes/anchors.js +169 -0
package/dist/pwa/routes/announcements.js +110 -0
package/dist/pwa/routes/arbitrator.js +117 -0
package/dist/pwa/routes/auction.js +436 -0
package/dist/pwa/routes/auth-login.js +40 -0
package/dist/pwa/routes/auth-read.js +66 -0
package/dist/pwa/routes/auth-register.js +138 -0
package/dist/pwa/routes/auth-sessions.js +62 -0
package/dist/pwa/routes/blocklist.js +60 -0
package/dist/pwa/routes/buyer-feeds.js +224 -0
package/dist/pwa/routes/cart.js +155 -0
package/dist/pwa/routes/charity.js +816 -0
package/dist/pwa/routes/chat.js +318 -0
package/dist/pwa/routes/checkin-tasks.js +122 -0
package/dist/pwa/routes/checkout-helpers.js +85 -0
package/dist/pwa/routes/claim-initiators.js +88 -0
package/dist/pwa/routes/claim-verify.js +615 -0
package/dist/pwa/routes/claim-voting.js +114 -0
package/dist/pwa/routes/claim-withdrawals.js +20 -0
package/dist/pwa/routes/coupons.js +165 -0
package/dist/pwa/routes/dashboards.js +99 -0
package/dist/pwa/routes/dispute-cases.js +267 -0
package/dist/pwa/routes/disputes-read.js +358 -0
package/dist/pwa/routes/disputes-write.js +475 -0
package/dist/pwa/routes/evidence.js +86 -0
package/dist/pwa/routes/external-anchors.js +107 -0
package/dist/pwa/routes/feedback.js +270 -0
package/dist/pwa/routes/flash-sales.js +130 -0
package/dist/pwa/routes/follows.js +103 -0
package/dist/pwa/routes/group-buys.js +208 -0
package/dist/pwa/routes/growth.js +199 -0
package/dist/pwa/routes/import-product.js +153 -0
package/dist/pwa/routes/kyc.js +40 -0
package/dist/pwa/routes/leaderboard.js +149 -0
package/dist/pwa/routes/listings.js +281 -0
package/dist/pwa/routes/logistics.js +35 -0
package/dist/pwa/routes/manifests.js +126 -0
package/dist/pwa/routes/me-data.js +101 -0
package/dist/pwa/routes/notifications.js +48 -0
package/dist/pwa/routes/offers.js +96 -0
package/dist/pwa/routes/orders-action.js +285 -0
package/dist/pwa/routes/orders-create.js +339 -0
package/dist/pwa/routes/orders-read.js +180 -0
package/dist/pwa/routes/p2p-products.js +178 -0
package/dist/pwa/routes/payments-governance.js +311 -0
package/dist/pwa/routes/peers.js +34 -0
package/dist/pwa/routes/pin-receipts.js +39 -0
package/dist/pwa/routes/products-aliases.js +119 -0
package/dist/pwa/routes/products-claims.js +60 -0
package/dist/pwa/routes/products-create.js +206 -0
package/dist/pwa/routes/products-crud.js +73 -0
package/dist/pwa/routes/products-links.js +129 -0
package/dist/pwa/routes/products-list.js +424 -0
package/dist/pwa/routes/products-meta.js +155 -0
package/dist/pwa/routes/products-update.js +125 -0
package/dist/pwa/routes/profile-credentials.js +105 -0
package/dist/pwa/routes/profile-identity.js +174 -0
package/dist/pwa/routes/profile-location.js +35 -0
package/dist/pwa/routes/profile-placement.js +70 -0
package/dist/pwa/routes/profile-prefs.js +93 -0
package/dist/pwa/routes/promoter.js +208 -0
package/dist/pwa/routes/public-utils.js +170 -0
package/dist/pwa/routes/push.js +54 -0
package/dist/pwa/routes/ratings.js +220 -0
package/dist/pwa/routes/recover-key.js +100 -0
package/dist/pwa/routes/referral.js +58 -0
package/dist/pwa/routes/reputation.js +34 -0
package/dist/pwa/routes/returns.js +493 -0
package/dist/pwa/routes/reviews.js +81 -0
package/dist/pwa/routes/rfqs.js +443 -0
package/dist/pwa/routes/search.js +172 -0
package/dist/pwa/routes/secondhand.js +278 -0
package/dist/pwa/routes/seller-quota.js +225 -0
package/dist/pwa/routes/share-redirects.js +164 -0
package/dist/pwa/routes/shareables-interactions.js +212 -0
package/dist/pwa/routes/shareables.js +470 -0
package/dist/pwa/routes/shops.js +98 -0
package/dist/pwa/routes/signaling.js +43 -0
package/dist/pwa/routes/skill-market.js +173 -0
package/dist/pwa/routes/skills.js +174 -0
package/dist/pwa/routes/snf.js +126 -0
package/dist/pwa/routes/tags.js +47 -0
package/dist/pwa/routes/trial.js +333 -0
package/dist/pwa/routes/trusted-kpi.js +87 -0
package/dist/pwa/routes/url-claim.js +113 -0
package/dist/pwa/routes/users-public.js +317 -0
package/dist/pwa/routes/variants.js +156 -0
package/dist/pwa/routes/verifier-user.js +107 -0
package/dist/pwa/routes/verify-tasks.js +120 -0
package/dist/pwa/routes/waitlist.js +65 -0
package/dist/pwa/routes/wallet-read.js +218 -0
package/dist/pwa/routes/wallet-write.js +273 -0
package/dist/pwa/routes/webauthn.js +188 -0
package/dist/pwa/routes/webhooks.js +162 -0
package/dist/pwa/routes/welcome.js +226 -0
package/dist/pwa/routes/wishlist-qa.js +135 -0
package/dist/pwa/security/ssrf.js +110 -0
package/dist/pwa/server.js +9247 -2097
package/package.json +8 -3

package/dist/pwa/routes/group-buys.js ADDED Viewed

@@ -0,0 +1,208 @@
+const VALID_GB_DISCOUNT_MIN = 0.05;
+const VALID_GB_DISCOUNT_MAX = 0.50;
+/** 结算团购 — 成团创建订单 + 退差价；未达成全员退款。export 仅供 cron。 */
+export function settleGroupBuy(db, generateId, broadcastSystemEvent, gbId) {
+    const gb = db.prepare('SELECT * FROM group_buys WHERE id = ? AND status = \'active\'').get(gbId);
+    if (!gb)
+        return;
+    const participants = db.prepare(`SELECT * FROM group_buy_participants WHERE group_buy_id = ? AND status = 'pending'`).all(gbId);
+    const joined = participants.length;
+    const targetMet = joined >= Number(gb.target_count);
+    const product = db.prepare('SELECT * FROM products WHERE id = ?').get(gb.product_id);
+    if (!product)
+        return;
+    const originalPrice = Number(product.price);
+    const finalPrice = Math.round(originalPrice * (1 - Number(gb.discount_pct)) * 100) / 100;
+    db.transaction(() => {
+        if (targetMet) {
+            // 为每位 participant 创建 order（简化：status=paid，escrow=finalPrice，差价退回 balance）
+            for (const p of participants) {
+                const orderId = generateId('ord');
+                const refund = originalPrice - finalPrice;
+                const now = new Date();
+                db.prepare(`INSERT INTO orders (id, product_id, buyer_id, seller_id, quantity, unit_price, total_amount, escrow_amount,
+          status, shipping_address, notes, pay_deadline, accept_deadline, ship_deadline,
+          pickup_deadline, delivery_deadline, confirm_deadline, source, variant_id)
+          VALUES (?,?,?,?,1,?,?,?, 'paid', ?, ?, ?, ?, ?, ?, ?, ?, 'group_buy', ?)`)
+                    .run(orderId, gb.product_id, p.buyer_id, gb.seller_id, finalPrice, finalPrice, finalPrice, p.shipping_address, `[团购 ${gbId}] -${(Number(gb.discount_pct) * 100).toFixed(0)}%`, new Date(now).toISOString(), new Date(now.getTime() + 48 * 3600000).toISOString(), new Date(now.getTime() + 120 * 3600000).toISOString(), new Date(now.getTime() + 168 * 3600000).toISOString(), new Date(now.getTime() + 336 * 3600000).toISOString(), new Date(now.getTime() + 408 * 3600000).toISOString(), gb.variant_id || null);
+                // escrow 调整：buyer 已锁原价 → 释放差价，留 finalPrice
+                db.prepare('UPDATE wallets SET balance = balance + ?, escrowed = escrowed - ? WHERE user_id = ?').run(refund, refund, p.buyer_id);
+                db.prepare(`UPDATE group_buy_participants SET status = 'fulfilled', order_id = ? WHERE id = ?`).run(orderId, p.id);
+            }
+            db.prepare(`UPDATE group_buys SET status = 'succeeded', settled_at = datetime('now') WHERE id = ?`).run(gbId);
+            try {
+                broadcastSystemEvent('group_buy_success', '🎉', `团购 ${gbId} 成团 ${joined} 人，-${(Number(gb.discount_pct) * 100).toFixed(0)}%`, String(gb.product_id));
+            }
+            catch { }
+        }
+        else {
+            // 失败：全员退款
+            for (const p of participants) {
+                db.prepare('UPDATE wallets SET balance = balance + ?, escrowed = escrowed - ? WHERE user_id = ?').run(p.escrow_amount, p.escrow_amount, p.buyer_id);
+                db.prepare(`UPDATE group_buy_participants SET status = 'refunded' WHERE id = ?`).run(p.id);
+            }
+            db.prepare(`UPDATE group_buys SET status = 'failed', settled_at = datetime('now') WHERE id = ?`).run(gbId);
+            try {
+                broadcastSystemEvent('group_buy_failed', '⏰', `团购 ${gbId} 未达成（${joined}/${gb.target_count}）`, String(gb.product_id));
+            }
+            catch { }
+        }
+    })();
+}
+/** Cron 扫描：过期未成团 → 失败结算。server.ts setInterval 调用。 */
+export function sweepExpiredGroupBuys(db, generateId, broadcastSystemEvent) {
+    const expired = db.prepare(`SELECT id FROM group_buys WHERE status = 'active' AND ends_at <= datetime('now')`).all();
+    for (const e of expired) {
+        try {
+            settleGroupBuy(db, generateId, broadcastSystemEvent, e.id);
+        }
+        catch (err) {
+            console.error('[gb sweep]', err);
+        }
+    }
+}
+export function registerGroupBuysRoutes(app, deps) {
+    const { db, generateId, auth, isTrustedRole, errorRes, broadcastSystemEvent } = deps;
+    // 卖家开团
+    app.post('/api/group-buys', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const { product_id, variant_id, target_count, discount_pct, duration_hours } = req.body || {};
+        if (!product_id)
+            return void res.status(400).json({ error: 'product_id 必填' });
+        const p = db.prepare('SELECT id, seller_id, price, has_variants FROM products WHERE id = ? AND status = \'active\'').get(product_id);
+        if (!p)
+            return void res.status(404).json({ error: '商品不存在或已下架' });
+        if (p.seller_id !== user.id)
+            return void res.status(403).json({ error: '仅自己商品可开团' });
+        const target = Math.max(2, Math.min(50, Number(target_count) || 3));
+        const disc = Number(discount_pct);
+        if (!Number.isFinite(disc) || disc < VALID_GB_DISCOUNT_MIN || disc > VALID_GB_DISCOUNT_MAX) {
+            return void res.status(400).json({ error: `discount_pct 必须在 ${VALID_GB_DISCOUNT_MIN} ~ ${VALID_GB_DISCOUNT_MAX} 之间` });
+        }
+        const hours = Math.max(1, Math.min(168, Number(duration_hours) || 24));
+        const endsAt = new Date(Date.now() + hours * 3600 * 1000).toISOString();
+        if (Number(p.has_variants) === 1 && !variant_id)
+            return void res.status(400).json({ error: '该商品有规格，请指定 variant_id' });
+        if (variant_id) {
+            const v = db.prepare('SELECT id FROM product_variants WHERE id = ? AND product_id = ? AND is_active = 1').get(variant_id, p.id);
+            if (!v)
+                return void res.status(400).json({ error: 'variant 不存在' });
+        }
+        const id = generateId('gb');
+        db.prepare(`INSERT INTO group_buys (id, seller_id, product_id, variant_id, target_count, discount_pct, ends_at) VALUES (?,?,?,?,?,?,?)`)
+            .run(id, user.id, p.id, variant_id || null, target, disc, endsAt);
+        try {
+            broadcastSystemEvent('group_buy_created', '👥', `团购创建 ${id} · 目标 ${target} 人 · ${(disc * 100).toFixed(0)}% off`, p.id);
+        }
+        catch { }
+        res.json({ success: true, id, ends_at: endsAt });
+    });
+    // 公开列表
+    app.get('/api/group-buys/live', (_req, res) => {
+        const rows = db.prepare(`
+      SELECT gb.*, p.title as product_title, p.price as original_price, p.images, p.category,
+        u.handle as seller_handle, u.name as seller_name,
+        (SELECT COUNT(*) FROM group_buy_participants WHERE group_buy_id = gb.id AND status != 'refunded') as joined_count
+      FROM group_buys gb
+      JOIN products p ON p.id = gb.product_id
+      JOIN users u ON u.id = gb.seller_id
+      WHERE gb.status = 'active' AND gb.ends_at > datetime('now')
+      ORDER BY gb.ends_at ASC LIMIT 100
+    `).all();
+        res.json({ items: rows });
+    });
+    // 详情 + participants
+    app.get('/api/group-buys/:id', (req, res) => {
+        const gb = db.prepare(`
+      SELECT gb.*, p.title as product_title, p.price as original_price, p.images, p.category,
+        u.handle as seller_handle, u.name as seller_name
+      FROM group_buys gb
+      JOIN products p ON p.id = gb.product_id
+      JOIN users u ON u.id = gb.seller_id
+      WHERE gb.id = ?
+    `).get(req.params.id);
+        if (!gb)
+            return void res.status(404).json({ error: '团购不存在' });
+        const participants = db.prepare(`
+      SELECT p.id, p.buyer_id, p.status, p.created_at, u.handle as buyer_handle
+      FROM group_buy_participants p JOIN users u ON u.id = p.buyer_id
+      WHERE p.group_buy_id = ? AND p.status != 'refunded'
+      ORDER BY p.created_at ASC
+    `).all(req.params.id);
+        res.json({ ...gb, participants });
+    });
+    // 加入团购
+    app.post('/api/group-buys/:id/join', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        if (isTrustedRole(user))
+            return void errorRes(res, 403, 'TRUSTED_ROLE_NO_TRADE', '受信角色无购物功能');
+        const { shipping_address } = req.body || {};
+        if (!shipping_address)
+            return void res.status(400).json({ error: '请填写收货地址' });
+        const gb = db.prepare('SELECT id, seller_id, product_id, status, target_count, ends_at, discount_pct FROM group_buys WHERE id = ?').get(req.params.id);
+        if (!gb)
+            return void res.status(404).json({ error: '团购不存在' });
+        if (gb.status !== 'active')
+            return void res.status(400).json({ error: '团购非活跃状态' });
+        if (new Date(gb.ends_at) <= new Date())
+            return void res.status(400).json({ error: '团购已结束' });
+        if (gb.seller_id === user.id)
+            return void res.status(400).json({ error: '不可加入自己的团购' });
+        const existing = db.prepare('SELECT id FROM group_buy_participants WHERE group_buy_id = ? AND buyer_id = ? AND status != \'refunded\'').get(gb.id, user.id);
+        if (existing)
+            return void res.status(400).json({ error: '已加入此团购' });
+        const product = db.prepare('SELECT price FROM products WHERE id = ?').get(gb.product_id);
+        if (!product)
+            return void res.status(500).json({ error: '商品记录缺失' });
+        const escrow = Number(product.price);
+        const wallet = db.prepare('SELECT balance FROM wallets WHERE user_id = ?').get(user.id);
+        if (!wallet || wallet.balance < escrow)
+            return void res.status(400).json({ error: `余额不足：需 ${escrow} WAZ` });
+        const id = generateId('gbp');
+        db.transaction(() => {
+            db.prepare(`INSERT INTO group_buy_participants (id, group_buy_id, buyer_id, shipping_address, escrow_amount) VALUES (?,?,?,?,?)`)
+                .run(id, gb.id, user.id, String(shipping_address).slice(0, 200), escrow);
+            db.prepare('UPDATE wallets SET balance = balance - ?, escrowed = escrowed + ? WHERE user_id = ?').run(escrow, escrow, user.id);
+        })();
+        const joined = db.prepare(`SELECT COUNT(*) as n FROM group_buy_participants WHERE group_buy_id = ? AND status != 'refunded'`).get(gb.id).n;
+        if (joined >= gb.target_count) {
+            try {
+                settleGroupBuy(db, generateId, broadcastSystemEvent, gb.id);
+            }
+            catch (e) {
+                console.error('[gb settle]', e);
+            }
+        }
+        try {
+            broadcastSystemEvent('group_buy_join', '👥', `团购 ${gb.id} 新成员 (${joined}/${gb.target_count})`, gb.id);
+        }
+        catch { }
+        res.json({ success: true, id, joined_count: joined, target_count: gb.target_count });
+    });
+    // 离开团购
+    app.delete('/api/group-buys/:id/leave', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const p = db.prepare(`SELECT p.id, p.escrow_amount, p.status, gb.status as gb_status FROM group_buy_participants p
+      JOIN group_buys gb ON gb.id = p.group_buy_id
+      WHERE p.group_buy_id = ? AND p.buyer_id = ?`).get(req.params.id, user.id);
+        if (!p)
+            return void res.status(404).json({ error: '未加入此团购' });
+        if (p.status === 'fulfilled')
+            return void res.status(400).json({ error: '团购已成团，无法退出' });
+        if (p.status === 'refunded')
+            return void res.status(400).json({ error: '已退款' });
+        if (p.gb_status !== 'active')
+            return void res.status(400).json({ error: '团购已结算，无法退出' });
+        db.transaction(() => {
+            db.prepare(`UPDATE group_buy_participants SET status = 'refunded' WHERE id = ?`).run(p.id);
+            db.prepare('UPDATE wallets SET balance = balance + ?, escrowed = escrowed - ? WHERE user_id = ?').run(p.escrow_amount, p.escrow_amount, user.id);
+        })();
+        res.json({ success: true });
+    });
+}

package/dist/pwa/routes/growth.js ADDED Viewed

@@ -0,0 +1,199 @@
+const GROWTH_TASK_CATALOG = [
+    // 第 1 关：新手起步
+    { id: 'first_purchase', chapter: 1,
+        title_zh: '完成首笔购买', title_en: 'Complete first purchase',
+        desc_zh: '解锁分享奖励资格', desc_en: 'Unlocks share-commission eligibility',
+        cta: { label_zh: '去发现', label_en: 'Browse', href: '#buy' },
+        evaluate: c => c.completed_orders >= 1 },
+    { id: 'default_address', chapter: 1,
+        title_zh: '设置默认配送地址', title_en: 'Set default shipping address',
+        desc_zh: '智能下单将按地址过滤可派送商品', desc_en: 'Smart-order filters by your address',
+        cta: { label_zh: '去填写', label_en: 'Set up', href: '#profile' },
+        evaluate: c => !!c.default_address_line1 },
+    { id: 'profile_bio', chapter: 1,
+        title_zh: '写一句话简介', title_en: 'Write a one-line bio',
+        desc_zh: '让买家知道你是谁', desc_en: 'Let buyers know who you are',
+        cta: { label_zh: '去设置', label_en: 'Set up', href: '#profile' },
+        evaluate: c => !!(c.bio && c.bio.trim()) },
+    { id: 'profile_anchor', chapter: 1,
+        title_zh: '设置流量口令', title_en: 'Set your search anchor',
+        desc_zh: '从抖音 / 小红书引流到 WebAZ', desc_en: 'Funnel traffic from TikTok / Xiaohongshu',
+        cta: { label_zh: '去设置', label_en: 'Set up', href: '#profile' },
+        evaluate: c => !!(c.search_anchor && c.search_anchor.trim()) },
+    // 第 2 关：开始分享
+    { id: 'first_l1', chapter: 2,
+        title_zh: '你推荐的第一个人完成注册', title_en: 'Your first referral signs up',
+        desc_zh: '通过你的邀请链让一人注册', desc_en: 'One sign-up via your referral link',
+        cta: { label_zh: '复制邀请链', label_en: 'Copy invite link', action: 'scrollToShareTools' },
+        evaluate: c => c.team_l1 >= 1 },
+    { id: 'first_shareable', chapter: 2,
+        title_zh: '添加首个外部分享链', title_en: 'Add first external share link',
+        desc_zh: 'YouTube / TikTok / 小红书 链接绑商品', desc_en: 'Link YouTube / TikTok / etc. to a product',
+        cta: { label_zh: '添加', label_en: 'Add', action: 'openAddExternalModal' },
+        evaluate: c => c.shareables_count >= 1 },
+    { id: 'first_commission', chapter: 2,
+        title_zh: '拿到第一笔分享佣金', title_en: 'Earn first share commission',
+        desc_zh: '分享链产生第一笔成交', desc_en: 'A share link generates its first sale',
+        evaluate: c => c.earnings_grand > 0 },
+    // 第 3 关：团队建设
+    { id: 'first_manifest', chapter: 3,
+        title_zh: '创作首个原生内容', title_en: 'Create first native content',
+        desc_zh: 'P2P 流转 + pin 收益', desc_en: 'P2P-distributed + pin rewards',
+        cta: { label_zh: '创作', label_en: 'Create', action: 'openCreateNativeModal' },
+        evaluate: c => c.manifests_count >= 1 },
+    { id: 'team_5', chapter: 3,
+        title_zh: '推荐网络达到 5 人', title_en: 'Referral network reaches 5',
+        desc_zh: '稳定贡献从这里开始', desc_en: 'Steady contribution starts here',
+        evaluate: c => c.team_total >= 5 },
+    { id: 'tier1_match', chapter: 3,
+        title_zh: '持续贡献阶段 1', title_en: 'Contribution stage 1',
+        desc_zh: '推荐网络贡献达到第一阶段标准', desc_en: 'Referral-network contribution reaches stage-1 threshold',
+        evaluate: c => c.weak_leg_pv >= 30000 },
+    // 第 4 关：分享达人
+    { id: 'monthly_100', chapter: 4,
+        title_zh: '月度推荐收益 100 WAZ', title_en: 'Monthly referral income 100 WAZ',
+        desc_zh: '近 30 日累计推荐返利 ≥ 100 WAZ', desc_en: 'Last-30-day referral rewards ≥ 100 WAZ',
+        evaluate: c => c.last_30_total >= 100 },
+    { id: 'team_50', chapter: 4,
+        title_zh: '推荐网络达到 50 人', title_en: 'Referral network reaches 50',
+        desc_zh: '正式跻身分享达人', desc_en: 'Officially a share pro',
+        evaluate: c => c.team_total >= 50 },
+];
+function buildGrowthTaskCtx(db, userId) {
+    const u = db.prepare("SELECT bio, search_anchor, default_address_json, default_address_text FROM users WHERE id = ?").get(userId);
+    let line1 = null;
+    try {
+        const a = JSON.parse(u?.default_address_json || 'null');
+        line1 = a?.line1 || null;
+    }
+    catch { }
+    if (!line1 && u?.default_address_text)
+        line1 = u.default_address_text; // legacy 兜底
+    const completed = db.prepare("SELECT COUNT(*) AS n FROM orders WHERE buyer_id = ? AND status = 'completed'").get(userId).n;
+    const l1 = db.prepare("SELECT COUNT(*) AS n FROM users WHERE sponsor_id = ?").get(userId).n;
+    const teamTotal = db.prepare(`
+    SELECT COUNT(*) AS n FROM users
+    WHERE sponsor_id = ?
+       OR sponsor_id IN (SELECT id FROM users WHERE sponsor_id = ?)
+       OR sponsor_id IN (SELECT id FROM users WHERE sponsor_id IN (SELECT id FROM users WHERE sponsor_id = ?))
+  `).get(userId, userId, userId).n;
+    const grand = db.prepare("SELECT COALESCE(SUM(amount),0) AS s FROM commission_records WHERE beneficiary_id = ?").get(userId).s;
+    const sCount = db.prepare("SELECT COUNT(*) AS n FROM shareables WHERE owner_id = ? AND status = 'active'").get(userId).n;
+    const mCount = db.prepare("SELECT COUNT(*) AS n FROM manifest_registry WHERE owner_id = ? AND status = 'active'").get(userId).n;
+    const pv = db.prepare("SELECT total_left_pv, total_right_pv FROM users WHERE id = ?").get(userId);
+    const weakLeg = Math.min(Number(pv?.total_left_pv || 0), Number(pv?.total_right_pv || 0));
+    const comm30 = db.prepare(`SELECT COALESCE(SUM(amount),0) AS s FROM commission_records WHERE beneficiary_id = ? AND created_at >= datetime('now','-30 days')`).get(userId).s;
+    const waz30 = db.prepare(`SELECT COALESCE(SUM(waz_amount),0) AS s FROM binary_score_records WHERE user_id = ? AND settled_at >= datetime('now','-30 days')`).get(userId).s;
+    return {
+        userId,
+        bio: u?.bio || null,
+        search_anchor: u?.search_anchor || null,
+        default_address_line1: line1,
+        completed_orders: completed,
+        team_l1: l1,
+        team_total: teamTotal,
+        earnings_grand: grand,
+        shareables_count: sCount,
+        manifests_count: mCount,
+        weak_leg_pv: weakLeg,
+        last_30_total: comm30 + waz30,
+    };
+}
+function evaluateGrowthTasks(db, userId, lang = 'zh') {
+    const ctx = buildGrowthTaskCtx(db, userId);
+    const logs = db.prepare("SELECT task_id, status, claimed_at, completed_at FROM growth_task_log WHERE user_id = ?").all(userId);
+    const logMap = new Map(logs.map(l => [l.task_id, l]));
+    const out = [];
+    for (const t of GROWTH_TASK_CATALOG) {
+        const done = t.evaluate(ctx);
+        const log = logMap.get(t.id);
+        let status;
+        let completed_at = log?.completed_at || null;
+        if (done) {
+            if (!log || log.status !== 'completed') {
+                db.prepare(`INSERT OR REPLACE INTO growth_task_log (user_id, task_id, status, claimed_at, completed_at)
+                    VALUES (?,?,?,?,datetime('now'))`).run(userId, t.id, 'completed', log?.claimed_at || null);
+                completed_at = new Date().toISOString().slice(0, 19).replace('T', ' ');
+            }
+            status = 'completed';
+        }
+        else if (log?.status === 'skipped')
+            status = 'skipped';
+        else if (log?.status === 'claimed')
+            status = 'claimed';
+        else
+            status = 'available';
+        out.push({
+            id: t.id, chapter: t.chapter,
+            title: lang === 'en' ? t.title_en : t.title_zh,
+            desc: lang === 'en' ? t.desc_en : t.desc_zh,
+            status,
+            cta: t.cta ? { label: lang === 'en' ? t.cta.label_en : t.cta.label_zh, href: t.cta.href, action: t.cta.action } : undefined,
+            claimed_at: log?.claimed_at || null,
+            completed_at,
+        });
+    }
+    const summary = {
+        available: out.filter(t => t.status === 'available').length,
+        claimed: out.filter(t => t.status === 'claimed').length,
+        completed: out.filter(t => t.status === 'completed').length,
+        skipped: out.filter(t => t.status === 'skipped').length,
+        chapter_progress: [1, 2, 3, 4].map(ch => {
+            const chTasks = out.filter(t => t.chapter === ch);
+            const chDone = chTasks.filter(t => t.status === 'completed').length;
+            return { chapter: ch, total: chTasks.length, completed: chDone };
+        }),
+    };
+    return { tasks: out, summary };
+}
+export function registerGrowthRoutes(app, deps) {
+    const { db, auth } = deps;
+    app.get('/api/growth/tasks', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const lang = String(req.headers['accept-language'] || '').startsWith('en') ? 'en' : 'zh';
+        res.json(evaluateGrowthTasks(db, user.id, lang));
+    });
+    app.post('/api/growth/tasks/:id/claim', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const taskId = req.params.id;
+        if (!GROWTH_TASK_CATALOG.find(t => t.id === taskId))
+            return void res.json({ error: 'unknown task' });
+        const existing = db.prepare("SELECT status, completed_at FROM growth_task_log WHERE user_id = ? AND task_id = ?").get(user.id, taskId);
+        if (existing?.status === 'completed')
+            return void res.json({ error: '该任务已完成' });
+        db.prepare(`INSERT OR REPLACE INTO growth_task_log (user_id, task_id, status, claimed_at, completed_at)
+                VALUES (?,?,?,datetime('now'),NULL)`).run(user.id, taskId, 'claimed');
+        res.json({ success: true, status: 'claimed' });
+    });
+    app.post('/api/growth/tasks/:id/skip', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const taskId = req.params.id;
+        if (!GROWTH_TASK_CATALOG.find(t => t.id === taskId))
+            return void res.json({ error: 'unknown task' });
+        const existing = db.prepare("SELECT status FROM growth_task_log WHERE user_id = ? AND task_id = ?").get(user.id, taskId);
+        if (existing?.status === 'completed')
+            return void res.json({ error: '该任务已完成，无法跳过' });
+        db.prepare(`INSERT OR REPLACE INTO growth_task_log (user_id, task_id, status, claimed_at, completed_at)
+                VALUES (?,?,?,NULL,NULL)`).run(user.id, taskId, 'skipped');
+        res.json({ success: true, status: 'skipped' });
+    });
+    app.post('/api/growth/tasks/:id/reset', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const taskId = req.params.id;
+        if (!GROWTH_TASK_CATALOG.find(t => t.id === taskId))
+            return void res.json({ error: 'unknown task' });
+        const existing = db.prepare("SELECT status FROM growth_task_log WHERE user_id = ? AND task_id = ?").get(user.id, taskId);
+        if (existing?.status === 'completed')
+            return void res.json({ error: '已完成任务无法重置' });
+        db.prepare("DELETE FROM growth_task_log WHERE user_id = ? AND task_id = ?").run(user.id, taskId);
+        res.json({ success: true, status: 'available' });
+    });
+}

package/dist/pwa/routes/import-product.js ADDED Viewed

@@ -0,0 +1,153 @@
+export function registerImportProductRoutes(app, deps) {
+    const { db, auth, safeFetch, rateLimitOk, generateId, checkSellerCanList, anthropic, AnthropicCtor, FREE_IMPORT_LIMIT } = deps;
+    app.post('/api/import-product', async (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        if (user.role !== 'seller')
+            return void res.json({ error: '仅卖家可使用导入功能' });
+        const quotaCheck = checkSellerCanList(user);
+        if (!quotaCheck.ok)
+            return void res.json({ error: quotaCheck.reason });
+        const { url, user_api_key } = req.body;
+        if (!url)
+            return void res.json({ error: '请提供商品链接' });
+        if (!rateLimitOk(req.ip || 'unknown', 6, 60_000))
+            return void res.status(429).json({ error: '请求过于频繁，请稍后再试' });
+        const selfClaim = db.prepare(`
+      SELECT p.id as product_id, p.title FROM product_external_links pel
+      JOIN products p ON pel.product_id = p.id
+      WHERE pel.url = ? AND p.seller_id = ?
+    `).get(url, user.id);
+        if (selfClaim) {
+            return void res.json({ error: `您已上架过来自此链接的商品「${selfClaim.title}」，不能重复关联相同外部链接` });
+        }
+        const otherClaim = db.prepare(`
+      SELECT p.id as product_id FROM product_external_links pel
+      JOIN products p ON pel.product_id = p.id
+      WHERE pel.url = ? AND pel.verified = 1 AND p.seller_id != ?
+    `).get(url, user.id);
+        if (otherClaim) {
+            return void res.json({
+                conflict: true,
+                url,
+                message: '此链接已被其他商家认领上架。如需认领归属，请发起链接认领验证任务。',
+            });
+        }
+        const usingOwnKey = typeof user_api_key === 'string' && user_api_key.trim().startsWith('sk-ant-');
+        if (!usingOwnKey) {
+            const todayCount = db.prepare(`SELECT COUNT(*) as cnt FROM import_logs WHERE user_id = ? AND created_at >= datetime('now', '-1 day')`).get(user.id).cnt;
+            if (todayCount >= FREE_IMPORT_LIMIT) {
+                return void res.json({
+                    error: `今日免费导入次数已用完（${FREE_IMPORT_LIMIT} 次/天）。请在导入面板填入你自己的 Anthropic API Key 以继续使用。`,
+                    quota_exceeded: true,
+                    used: todayCount,
+                    limit: FREE_IMPORT_LIMIT,
+                });
+            }
+        }
+        let html = '';
+        try {
+            const controller = new AbortController();
+            const timer = setTimeout(() => controller.abort(), 10000);
+            const resp = await safeFetch(String(url), {
+                signal: controller.signal,
+                headers: {
+                    'User-Agent': 'Mozilla/5.0 (compatible; WebAZ/1.0; +https://webaz.xyz)',
+                    'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8',
+                },
+            });
+            clearTimeout(timer);
+            const raw = await resp.text();
+            html = raw.slice(0, 30000);
+        }
+        catch (e) {
+            const msg = e instanceof Error ? e.message : String(e);
+            if (msg.startsWith('ssrf_'))
+                return void res.json({ error: '链接指向私网/localhost 或经 redirect 触达内部地址，已拦截' });
+            return void res.json({ error: `无法访问该链接：${msg}` });
+        }
+        const avgPrices = db.prepare(`
+      SELECT category, AVG(price) as avg_price, MIN(price) as min_price, MAX(price) as max_price, COUNT(*) as cnt
+      FROM products WHERE status = 'active' GROUP BY category
+    `).all();
+        const priceContext = avgPrices.map(r => `${r.category || '未分类'}：均价 ${r.avg_price?.toFixed(0)} WAZ，最低 ${r.min_price} WAZ，最高 ${r.max_price} WAZ（${r.cnt} 件商品）`).join('\n');
+        const client = usingOwnKey
+            ? new AnthropicCtor({ apiKey: user_api_key.trim() })
+            : anthropic;
+        let extracted;
+        try {
+            const message = await client.messages.create({
+                model: 'claude-haiku-4-5-20251001',
+                max_tokens: 1024,
+                messages: [{
+                        role: 'user',
+                        content: `你是一个电商商品信息提取助手，服务于 AI Agent 商业协议平台。从以下网页 HTML 中提取商品信息，返回精简结构化 JSON。
+网页来源 URL：${url}
+WebAZ 平台各类目价格参考（WAZ ≈ CNY）：
+${priceContext || '暂无参考数据'}
+只返回 JSON，不要其他文字：
+{
+  "title": "商品标题（简洁，50字以内）",
+  "description": "面向 AI Agent 的商品描述：核心参数+适用场景，100字以内，无营销话术",
+  "specs": {"规格名":"规格值"},
+  "brand": "品牌（找不到填null）",
+  "model": "型号或规格编号（找不到填null）",
+  "original_price": 原平台价格数字（CNY，找不到填null）,
+  "suggested_price": 建议WAZ定价（参考原价和平台均价，有竞争力）,
+  "price_reasoning": "定价理由（1句）",
+  "category": "茶具/家居/食品/服装/手工/电子（其他填空）",
+  "stock": 建议库存（默认1）,
+  "weight_kg": 重量数字（找不到填null）,
+  "handling_hours": 备货时间小时数（默认24）,
+  "ship_regions": "全国",
+  "estimated_days": {"华东":2,"全国":5},
+  "return_days": 退货天数（默认7）,
+  "return_condition": "退货条件（如未拆封/任意原因）",
+  "warranty_days": 质保天数（默认0）,
+  "fragile": false,
+  "tags": ["标签1","标签2"]
+}
+HTML（前30000字符）：
+${html}`,
+                    }],
+            });
+            const text = message.content[0].type === 'text' ? message.content[0].text : '';
+            const jsonMatch = text.match(/\{[\s\S]*\}/);
+            if (!jsonMatch)
+                throw new Error('未能提取 JSON');
+            extracted = JSON.parse(jsonMatch[0]);
+        }
+        catch (e) {
+            const msg = e instanceof Error ? e.message : String(e);
+            return void res.json({ error: `AI 解析失败：${msg}` });
+        }
+        const title = typeof extracted.title === 'string' ? extracted.title.trim() : '';
+        const description = typeof extracted.description === 'string' ? extracted.description.trim() : '';
+        if (!title || title.length < 2) {
+            return void res.json({
+                error: '该链接无法提取商品信息（可能需要登录、或为动态渲染页面）。建议使用京东/亚马逊/独立站链接，或改用手动上架。',
+                suggestion: 'manual',
+            });
+        }
+        if (!description || description.length < 5) {
+            extracted.description = title;
+        }
+        if (!usingOwnKey) {
+            db.prepare(`INSERT INTO import_logs (id, user_id) VALUES (?, ?)`).run(generateId('iml'), user.id);
+        }
+        const usedToday = usingOwnKey ? 0 : db.prepare(`SELECT COUNT(*) as cnt FROM import_logs WHERE user_id = ? AND created_at >= datetime('now', '-1 day')`).get(user.id).cnt;
+        res.json({
+            success: true,
+            source_url: url,
+            source_price: extracted.original_price ?? null,
+            used_own_key: usingOwnKey,
+            quota: usingOwnKey ? null : { used: usedToday, limit: FREE_IMPORT_LIMIT, remaining: FREE_IMPORT_LIMIT - usedToday },
+            ...extracted,
+        });
+    });
+}

package/dist/pwa/routes/kyc.js ADDED Viewed

@@ -0,0 +1,40 @@
+import { createHash } from 'crypto';
+export function registerKycRoutes(app, deps) {
+    const { db, auth, MASTER_SEED } = deps;
+    const VALID_KYC_ID_TYPES = new Set(['passport', 'national_id', 'driver_license', 'other']);
+    app.post('/api/kyc/submit', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const { real_name, id_type, id_number } = req.body || {};
+        if (!real_name || String(real_name).trim().length < 2)
+            return void res.status(400).json({ error: '真实姓名不能为空' });
+        if (!VALID_KYC_ID_TYPES.has(String(id_type)))
+            return void res.status(400).json({ error: 'id_type 无效' });
+        if (!id_number || String(id_number).trim().length < 6)
+            return void res.status(400).json({ error: '证件号无效' });
+        const idStr = String(id_number).trim();
+        const idHash = createHash('sha256').update(idStr + MASTER_SEED).digest('hex');
+        const idLast4 = idStr.slice(-4);
+        // 已存在？必须先 admin reject 或允许重新提交
+        const existing = db.prepare('SELECT status FROM kyc_records WHERE user_id = ?').get(user.id);
+        if (existing && existing.status === 'approved')
+            return void res.status(400).json({ error: '已通过认证，无需重复提交' });
+        if (existing && existing.status === 'pending')
+            return void res.status(400).json({ error: '审核中，请耐心等待' });
+        db.prepare(`INSERT INTO kyc_records (user_id, real_name, id_type, id_number_hash, id_number_last4, status, submitted_at)
+      VALUES (?,?,?,?,?,'pending', datetime('now'))
+      ON CONFLICT(user_id) DO UPDATE SET real_name = excluded.real_name, id_type = excluded.id_type,
+        id_number_hash = excluded.id_number_hash, id_number_last4 = excluded.id_number_last4,
+        status = 'pending', reject_reason = NULL, submitted_at = datetime('now')`)
+            .run(user.id, String(real_name).trim().slice(0, 60), String(id_type), idHash, idLast4);
+        res.json({ success: true, status: 'pending' });
+    });
+    app.get('/api/kyc/me', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const row = db.prepare('SELECT status, id_type, id_number_last4, reject_reason, submitted_at, reviewed_at FROM kyc_records WHERE user_id = ?').get(user.id);
+        res.json({ kyc: row || null });
+    });
+}