@ucptools/validator 1.0.0

package/api/badge.js

@@ -0,0 +1,185 @@
+/**
+ * Vercel Serverless Function: Generate AI Commerce Ready Badge
+ * GET /api/badge?domain=example.com&style=flat
+ *
+ * Returns an SVG badge showing the AI readiness grade
+ */
+
+const GRADE_COLORS = {
+  A: { bg: '#16A34A', text: '#DCFCE7' },
+  B: { bg: '#2563EB', text: '#DBEAFE' },
+  C: { bg: '#CA8A04', text: '#FEF9C3' },
+  D: { bg: '#EA580C', text: '#FED7AA' },
+  F: { bg: '#DC2626', text: '#FEE2E2' },
+};
+
+const READINESS_LABELS = {
+  A: 'AI Commerce Ready',
+  B: 'Mostly Ready',
+  C: 'Partially Ready',
+  D: 'Limited Readiness',
+  F: 'Not Ready',
+};
+
+function generateFlatBadge(grade, domain, score) {
+  const colors = GRADE_COLORS[grade] || GRADE_COLORS.F;
+  const label = READINESS_LABELS[grade] || 'Not Ready';
+
+  return `<svg xmlns="http://www.w3.org/2000/svg" width="180" height="20" role="img" aria-label="AI Commerce: ${grade}">
+  <title>AI Commerce: Grade ${grade} - ${label}</title>
+  <linearGradient id="s" x2="0" y2="100%">
+    <stop offset="0" stop-color="#bbb" stop-opacity=".1"/>
+    <stop offset="1" stop-opacity=".1"/>
+  </linearGradient>
+  <clipPath id="r">
+    <rect width="180" height="20" rx="3" fill="#fff"/>
+  </clipPath>
+  <g clip-path="url(#r)">
+    <rect width="95" height="20" fill="#555"/>
+    <rect x="95" width="85" height="20" fill="${colors.bg}"/>
+    <rect width="180" height="20" fill="url(#s)"/>
+  </g>
+  <g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="11">
+    <text x="48.5" y="14">AI Commerce</text>
+    <text x="137.5" y="14" font-weight="bold">${grade} ${score}/100</text>
+  </g>
+</svg>`;
+}
+
+function generateFlatSquareBadge(grade, domain, score) {
+  const colors = GRADE_COLORS[grade] || GRADE_COLORS.F;
+  const label = READINESS_LABELS[grade] || 'Not Ready';
+
+  return `<svg xmlns="http://www.w3.org/2000/svg" width="180" height="20" role="img" aria-label="AI Commerce: ${grade}">
+  <title>AI Commerce: Grade ${grade} - ${label}</title>
+  <g shape-rendering="crispEdges">
+    <rect width="95" height="20" fill="#555"/>
+    <rect x="95" width="85" height="20" fill="${colors.bg}"/>
+  </g>
+  <g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="11">
+    <text x="48.5" y="14">AI Commerce</text>
+    <text x="137.5" y="14" font-weight="bold">${grade} ${score}/100</text>
+  </g>
+</svg>`;
+}
+
+function generateLargeBadge(grade, domain, score) {
+  const colors = GRADE_COLORS[grade] || GRADE_COLORS.F;
+  const label = READINESS_LABELS[grade] || 'Not Ready';
+
+  return `<svg xmlns="http://www.w3.org/2000/svg" width="200" height="80" role="img" aria-label="AI Commerce Ready: ${grade}">
+  <title>AI Commerce: Grade ${grade} - ${label}</title>
+  <defs>
+    <linearGradient id="grad" x1="0%" y1="0%" x2="100%" y2="100%">
+      <stop offset="0%" style="stop-color:#2E86AB;stop-opacity:1" />
+      <stop offset="50%" style="stop-color:#36B5A2;stop-opacity:1" />
+      <stop offset="100%" style="stop-color:#47C97A;stop-opacity:1" />
+    </linearGradient>
+  </defs>
+  <rect width="200" height="80" rx="8" fill="#1A2B3C"/>
+  <rect x="2" y="2" width="196" height="76" rx="6" fill="none" stroke="url(#grad)" stroke-width="2"/>
+
+  <!-- Grade circle -->
+  <circle cx="40" cy="40" r="25" fill="${colors.bg}"/>
+  <text x="40" y="47" text-anchor="middle" font-family="Verdana,Geneva,sans-serif" font-size="24" font-weight="bold" fill="#fff">${grade}</text>
+
+  <!-- Text -->
+  <text x="75" y="30" font-family="Verdana,Geneva,sans-serif" font-size="11" fill="#94A3B8">AI Commerce</text>
+  <text x="75" y="48" font-family="Verdana,Geneva,sans-serif" font-size="14" font-weight="bold" fill="#fff">${label}</text>
+  <text x="75" y="65" font-family="Verdana,Geneva,sans-serif" font-size="10" fill="#94A3B8">Score: ${score}/100 • ucptools.dev</text>
+</svg>`;
+}
+
+function generateMiniBadge(grade) {
+  const colors = GRADE_COLORS[grade] || GRADE_COLORS.F;
+
+  return `<svg xmlns="http://www.w3.org/2000/svg" width="40" height="20" role="img" aria-label="Grade ${grade}">
+  <title>AI Commerce Grade ${grade}</title>
+  <rect width="40" height="20" rx="3" fill="${colors.bg}"/>
+  <text x="20" y="14" text-anchor="middle" font-family="Verdana,Geneva,sans-serif" font-size="11" font-weight="bold" fill="#fff">${grade}</text>
+</svg>`;
+}
+
+export default async function handler(req, res) {
+  // CORS headers
+  res.setHeader('Access-Control-Allow-Origin', '*');
+  res.setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+  res.setHeader('Cache-Control', 'public, max-age=3600'); // Cache for 1 hour
+
+  if (req.method === 'OPTIONS') {
+    return res.status(200).end();
+  }
+
+  if (req.method !== 'GET') {
+    return res.status(405).json({ error: 'Method not allowed' });
+  }
+
+  const { domain, style = 'flat', grade: staticGrade, score: staticScore } = req.query;
+
+  // If static grade provided (for previews), use that
+  if (staticGrade) {
+    const grade = staticGrade.toUpperCase();
+    const score = parseInt(staticScore) || (grade === 'A' ? 95 : grade === 'B' ? 82 : grade === 'C' ? 71 : grade === 'D' ? 55 : 30);
+
+    res.setHeader('Content-Type', 'image/svg+xml');
+
+    switch (style) {
+      case 'flat-square':
+        return res.send(generateFlatSquareBadge(grade, '', score));
+      case 'large':
+        return res.send(generateLargeBadge(grade, '', score));
+      case 'mini':
+        return res.send(generateMiniBadge(grade));
+      default:
+        return res.send(generateFlatBadge(grade, '', score));
+    }
+  }
+
+  if (!domain) {
+    return res.status(400).json({ error: 'Missing required parameter: domain' });
+  }
+
+  const cleanDomain = domain.replace(/^https?:\/\//, '').replace(/\/$/, '').split('/')[0];
+
+  try {
+    // Fetch validation data from our own API
+    const baseUrl = process.env.VERCEL_URL
+      ? `https://${process.env.VERCEL_URL}`
+      : 'https://ucptools.dev';
+
+    const validateRes = await fetch(`${baseUrl}/api/validate`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ domain: cleanDomain }),
+    });
+
+    if (!validateRes.ok) {
+      throw new Error('Validation failed');
+    }
+
+    const data = await validateRes.json();
+    const grade = data.ai_readiness?.grade || 'F';
+    const score = data.ai_readiness?.score || 0;
+
+    res.setHeader('Content-Type', 'image/svg+xml');
+
+    switch (style) {
+      case 'flat-square':
+        return res.send(generateFlatSquareBadge(grade, cleanDomain, score));
+      case 'large':
+        return res.send(generateLargeBadge(grade, cleanDomain, score));
+      case 'mini':
+        return res.send(generateMiniBadge(grade));
+      default:
+        return res.send(generateFlatBadge(grade, cleanDomain, score));
+    }
+  } catch (error) {
+    // Return a gray "unknown" badge on error
+    res.setHeader('Content-Type', 'image/svg+xml');
+    return res.send(`<svg xmlns="http://www.w3.org/2000/svg" width="180" height="20" role="img">
+  <rect width="180" height="20" rx="3" fill="#9CA3AF"/>
+  <text x="90" y="14" text-anchor="middle" font-family="Verdana,Geneva,sans-serif" font-size="11" fill="#fff">AI Commerce • Unknown</text>
+</svg>`);
+  }
+}

package/api/benchmark.js

@@ -0,0 +1,177 @@
+/**
+ * Vercel Serverless Function: Benchmark Statistics
+ *
+ * POST /api/benchmark - Record a new validation score
+ * GET /api/benchmark - Get benchmark statistics and percentile
+ *
+ * Privacy: Only stores aggregate statistics, not individual domains
+ */
+
+import pg from 'pg';
+
+const { Pool } = pg;
+
+let pool = null;
+
+function getPool() {
+  if (!pool) {
+    pool = new Pool({
+      connectionString: process.env.DATABASE_URL,
+      ssl: { rejectUnauthorized: false },
+      max: 5,
+      idleTimeoutMillis: 30000,
+    });
+  }
+  return pool;
+}
+
+/**
+ * Get the score bucket for a given score (0, 10, 20, ..., 100)
+ */
+function getScoreBucket(score) {
+  return Math.floor(score / 10) * 10;
+}
+
+/**
+ * Calculate percentile for a given score based on distribution
+ */
+async function calculatePercentile(pool, score) {
+  const result = await pool.query(`
+    SELECT
+      score_bucket,
+      count,
+      SUM(count) OVER (ORDER BY score_bucket) as cumulative
+    FROM benchmark_stats
+    ORDER BY score_bucket
+  `);
+
+  const summary = await pool.query('SELECT total_validations FROM benchmark_summary WHERE id = 1');
+  const total = summary.rows[0]?.total_validations || 0;
+
+  if (total === 0) {
+    return 50; // Default to 50th percentile if no data
+  }
+
+  const scoreBucket = getScoreBucket(score);
+  let belowCount = 0;
+
+  for (const row of result.rows) {
+    if (row.score_bucket < scoreBucket) {
+      belowCount = row.cumulative;
+    } else if (row.score_bucket === scoreBucket) {
+      // For the current bucket, count half of it (assume uniform distribution within bucket)
+      belowCount = (row.cumulative - row.count) + Math.floor(row.count / 2);
+      break;
+    }
+  }
+
+  return Math.round((belowCount / total) * 100);
+}
+
+/**
+ * Record a new validation score
+ */
+async function recordScore(pool, score) {
+  const bucket = getScoreBucket(score);
+
+  // Increment the bucket count
+  await pool.query(`
+    UPDATE benchmark_stats
+    SET count = count + 1
+    WHERE score_bucket = $1
+  `, [bucket]);
+
+  // Update summary statistics
+  await pool.query(`
+    UPDATE benchmark_summary
+    SET
+      total_validations = total_validations + 1,
+      avg_score = (avg_score * total_validations + $1) / (total_validations + 1),
+      updated_at = NOW()
+    WHERE id = 1
+  `, [score]);
+}
+
+/**
+ * Get benchmark statistics
+ */
+async function getStats(pool) {
+  const summary = await pool.query('SELECT * FROM benchmark_summary WHERE id = 1');
+  const distribution = await pool.query('SELECT score_bucket, count FROM benchmark_stats ORDER BY score_bucket');
+
+  const stats = summary.rows[0] || { total_validations: 0, avg_score: 0 };
+
+  return {
+    total_validations: stats.total_validations,
+    avg_score: Math.round(stats.avg_score * 10) / 10,
+    distribution: distribution.rows.reduce((acc, row) => {
+      acc[row.score_bucket] = row.count;
+      return acc;
+    }, {}),
+    updated_at: stats.updated_at,
+  };
+}
+
+export default async function handler(req, res) {
+  // CORS headers
+  res.setHeader('Access-Control-Allow-Origin', '*');
+  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+
+  if (req.method === 'OPTIONS') {
+    return res.status(200).end();
+  }
+
+  if (!process.env.DATABASE_URL) {
+    return res.status(500).json({ error: 'Database not configured' });
+  }
+
+  const pool = getPool();
+
+  try {
+    if (req.method === 'POST') {
+      // Record a new score
+      const { score } = req.body;
+
+      if (typeof score !== 'number' || score < 0 || score > 100) {
+        return res.status(400).json({ error: 'Invalid score. Must be a number between 0 and 100.' });
+      }
+
+      await recordScore(pool, score);
+      const percentile = await calculatePercentile(pool, score);
+      const stats = await getStats(pool);
+
+      return res.status(200).json({
+        recorded: true,
+        percentile,
+        stats: {
+          total_validations: stats.total_validations,
+          avg_score: stats.avg_score,
+        }
+      });
+
+    } else if (req.method === 'GET') {
+      // Get benchmark statistics
+      const score = req.query.score ? parseInt(req.query.score, 10) : null;
+      const stats = await getStats(pool);
+
+      const response = {
+        stats,
+      };
+
+      // If score provided, calculate percentile
+      if (score !== null && !isNaN(score) && score >= 0 && score <= 100) {
+        response.percentile = await calculatePercentile(pool, score);
+      }
+
+      return res.status(200).json(response);
+
+    } else {
+      return res.status(405).json({ error: 'Method not allowed' });
+    }
+
+  } catch (error) {
+    console.error('Benchmark API error:', error);
+    return res.status(500).json({ error: 'Internal server error' });
+  }
+}

package/api/directory-stats.ts

@@ -0,0 +1,29 @@
+/**
+ * Vercel Serverless Function: Directory Statistics
+ * GET /api/directory-stats
+ */
+
+import type { VercelRequest, VercelResponse } from '@vercel/node';
+import { getDirectoryStats } from '../src/services/directory.js';
+
+export default async function handler(req: VercelRequest, res: VercelResponse) {
+  res.setHeader('Access-Control-Allow-Origin', '*');
+  res.setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+
+  if (req.method === 'OPTIONS') {
+    return res.status(200).end();
+  }
+
+  if (req.method !== 'GET') {
+    return res.status(405).json({ error: 'Method not allowed' });
+  }
+
+  try {
+    const stats = await getDirectoryStats();
+    return res.status(200).json(stats);
+  } catch (error: any) {
+    console.error('Directory stats error:', error);
+    return res.status(500).json({ error: 'Internal server error' });
+  }
+}

package/api/directory.ts

@@ -0,0 +1,73 @@
+/**
+ * Vercel Serverless Function: UCP Merchant Directory
+ *
+ * GET /api/directory - List merchants with pagination and filters
+ * POST /api/directory - Submit a new merchant to the directory
+ */
+
+import type { VercelRequest, VercelResponse } from '@vercel/node';
+import { listMerchants, submitMerchant } from '../src/services/directory.js';
+
+export default async function handler(req: VercelRequest, res: VercelResponse) {
+  // CORS handled by vercel.json, but keep for local dev
+  res.setHeader('Access-Control-Allow-Origin', '*');
+  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+
+  if (req.method === 'OPTIONS') {
+    return res.status(200).end();
+  }
+
+  try {
+    if (req.method === 'GET') {
+      const result = await listMerchants({
+        page: parseInt(req.query.page as string) || 1,
+        limit: parseInt(req.query.limit as string) || 20,
+        category: req.query.category as string,
+        country: req.query.country as string,
+        search: req.query.search as string,
+        sort: req.query.sort as 'score' | 'domain' | 'displayName' | 'createdAt',
+        order: req.query.order as 'asc' | 'desc',
+      });
+
+      return res.status(200).json(result);
+    }
+
+    if (req.method === 'POST') {
+      const { domain, displayName, description, logoUrl, websiteUrl, category, countryCode } = req.body;
+
+      if (!domain) {
+        return res.status(400).json({ error: 'Missing required field: domain' });
+      }
+
+      const result = await submitMerchant({
+        domain,
+        displayName,
+        description,
+        logoUrl,
+        websiteUrl,
+        category,
+        countryCode,
+      });
+
+      if (!result.success) {
+        return res.status(400).json({
+          error: result.error,
+          details: result.details,
+        });
+      }
+
+      return res.status(201).json({
+        success: true,
+        message: 'Merchant added to directory',
+        merchant: result.merchant,
+        directoryUrl: `https://ucptools.dev/directory#${result.merchant?.domain}`,
+      });
+    }
+
+    return res.status(405).json({ error: 'Method not allowed' });
+  } catch (error: any) {
+    console.error('Directory API error:', error);
+    return res.status(500).json({ error: 'Internal server error' });
+  }
+}

package/api/generate-compliance.js

@@ -0,0 +1,143 @@
+/**
+ * Vercel Serverless Function: GDPR/Privacy Compliance Generator
+ * POST /api/generate-compliance
+ *
+ * Generates privacy policy addendums and consent language for agentic commerce.
+ *
+ * Request body:
+ *   {
+ *     "companyName": "Your Company",
+ *     "companyEmail": "privacy@example.com",
+ *     "dpoEmail": "dpo@example.com",
+ *     "regions": ["eu", "uk", "california"],
+ *     "platforms": ["openai", "google"],
+ *     "lawfulBasis": "contract",
+ *     "includeMarketingConsent": true,
+ *     "includeDataRetention": true,
+ *     "retentionPeriodYears": 7
+ *   }
+ *
+ * GET /api/generate-compliance
+ *   Returns available options for regions, platforms, and lawful bases.
+ */
+
+export default async function handler(req, res) {
+    // Handle CORS
+    res.setHeader('Access-Control-Allow-Origin', '*');
+    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+    res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+
+    if (req.method === 'OPTIONS') {
+        return res.status(200).end();
+    }
+
+    // GET: Return available options
+    if (req.method === 'GET') {
+        try {
+            const {
+                getAvailableRegions,
+                getLawfulBasisOptions,
+                getAiPlatformOptions,
+            } = await import('../src/compliance/index.js');
+
+            return res.status(200).json({
+                success: true,
+                options: {
+                    regions: getAvailableRegions(),
+                    lawfulBases: getLawfulBasisOptions(),
+                    platforms: getAiPlatformOptions(),
+                },
+            });
+        } catch (error) {
+            console.error('Error getting options:', error);
+            return res.status(500).json({
+                error: 'Failed to get options',
+                message: error.message,
+            });
+        }
+    }
+
+    // POST: Generate compliance documents
+    if (req.method === 'POST') {
+        try {
+            const {
+                companyName,
+                companyEmail,
+                companyAddress,
+                dpoEmail,
+                regions,
+                platforms,
+                lawfulBasis,
+                includeMarketingConsent,
+                includeDataRetention,
+                retentionPeriodYears,
+                additionalProcessors,
+            } = req.body || {};
+
+            // Validate required fields
+            if (!companyName || companyName.trim() === '') {
+                return res.status(400).json({
+                    error: 'Missing company name',
+                    message: 'Please provide your company name',
+                });
+            }
+
+            if (!regions || regions.length === 0) {
+                return res.status(400).json({
+                    error: 'Missing regions',
+                    message: 'Please select at least one compliance region',
+                });
+            }
+
+            if (!platforms || platforms.length === 0) {
+                return res.status(400).json({
+                    error: 'Missing platforms',
+                    message: 'Please select at least one AI platform',
+                });
+            }
+
+            if (!lawfulBasis) {
+                return res.status(400).json({
+                    error: 'Missing lawful basis',
+                    message: 'Please select a lawful basis for processing',
+                });
+            }
+
+            // Import the generator
+            const { generateComplianceDocuments } = await import('../src/compliance/index.js');
+
+            // Generate documents
+            const result = generateComplianceDocuments({
+                companyName: companyName.trim(),
+                companyEmail: companyEmail || `privacy@${companyName.toLowerCase().replace(/\s+/g, '')}.com`,
+                companyAddress,
+                dpoEmail,
+                regions,
+                platforms,
+                lawfulBasis,
+                includeMarketingConsent: includeMarketingConsent || false,
+                includeDataRetention: includeDataRetention || false,
+                retentionPeriodYears: retentionPeriodYears || 7,
+                additionalProcessors,
+            });
+
+            return res.status(200).json({
+                success: true,
+                ...result,
+            });
+
+        } catch (error) {
+            console.error('Compliance generation error:', error);
+            return res.status(500).json({
+                error: 'Generation failed',
+                message: error.message || 'An unexpected error occurred',
+            });
+        }
+    }
+
+    // Method not allowed
+    return res.status(405).json({
+        error: 'Method not allowed',
+        message: 'Use GET for options or POST to generate documents',
+    });
+}