web-agent-bridge 1.1.0 → 1.1.1

package/examples/mcp-agent.js

@@ -50,21 +50,30 @@ async function main() {
   // Step 3: Execute built-in tools
   console.log('\n3. Executing wab_get_page_info...');
   try {
-    const info = await adapter.executeTool('wab_get_page_info', {});
-    console.log(`   Title:   ${info.title || 'N/A'}`);
-    console.log(`   Version: ${info.bridgeVersion || 'N/A'}`);
+    const infoResult = await adapter.executeTool('wab_get_page_info', {});
+    const info = infoResult.content;
+    if (infoResult.is_error) {
+      console.log(`   Error: ${info.error}`);
+    } else {
+      console.log(`   Title:   ${info.title || 'N/A'}`);
+      console.log(`   Version: ${info.bridgeVersion || 'N/A'}`);
+      console.log(`   Domain:  ${info.domain || 'N/A'}`);
+    }
   } catch (err) {
-    console.log(`   (Requires bridge script on page: ${err.message})`);
+    console.log(`   Error: ${err.message}`);
   }
 
   // Step 4: Search the fairness registry
   console.log('\n4. Fairness-weighted search (demo):');
   try {
-    const search = await adapter.executeTool('wab_fairness_search', {
+    const searchResult = await adapter.executeTool('wab_fairness_search', {
       query: 'e-commerce',
       limit: 5
     });
-    if (search.results?.length) {
+    const search = searchResult.content;
+    if (searchResult.is_error) {
+      console.log(`   Error: ${search.error}`);
+    } else if (search.results?.length) {
       search.results.forEach(r => {
         console.log(`   - ${r.name} (${r.domain}) — score: ${r.final_score}`);
       });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "web-agent-bridge",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "Open protocol and runtime for AI agents to interact with websites — standardized discovery, commands, and fairness layer for the Agentic Web",
   "main": "server/index.js",
   "bin": {

package/script/ai-agent-bridge.js

@@ -1,5 +1,5 @@
 /**
- * Web Agent Bridge v1.1.0
+ * Web Agent Bridge v1.1.1
  * Open protocol + runtime for AI agent ↔ website interaction
  * https://github.com/web-agent-bridge
  * License: MIT
@@ -7,7 +7,7 @@
 (function (global) {
   'use strict';
 
-  const VERSION = '1.1.0';
+  const VERSION = '1.1.1';
   const PROTOCOL_VERSION = '1.0';
   const LICENSING_SERVER = 'https://api.webagentbridge.com';
   const DISCOVERY_PATHS = ['/agent-bridge.json', '/.well-known/wab.json'];

package/server/index.js

@@ -20,6 +20,7 @@ const adminRoutes = require('./routes/admin');
 const billingRoutes = require('./routes/billing');
 const noscriptRoutes = require('./routes/noscript');
 const discoveryRoutes = require('./routes/discovery');
+const wabApiRoutes = require('./routes/wab-api');
 const { handleWebhookRequest } = require('./services/stripe');
 
 const app = express();
@@ -114,6 +115,7 @@ app.use('/api/license', licenseLimiter, licenseRoutes);
 app.use('/api/admin', apiLimiter, adminRoutes);
 app.use('/api/billing', apiLimiter, billingRoutes);
 app.use('/api/noscript', noscriptRoutes);
+app.use('/api/wab', wabApiRoutes);
 app.use('/', discoveryRoutes);
 
 app.get('/dashboard', (req, res) => {

package/server/routes/discovery.js

@@ -15,7 +15,7 @@ const {
   generateFairnessReport
 } = require('../services/fairness');
 
-const WAB_VERSION = '1.1.0';
+const WAB_VERSION = '1.1.1';
 
 // ─── Helpers ─────────────────────────────────────────────────────────
 
@@ -77,10 +77,10 @@ function buildDiscoveryDocument(site) {
     },
     agent_access: {
       bridge_script: '/script/ai-agent-bridge.js',
-      api_base: '/api/license',
+      api_base: '/api/wab',
       websocket: '/ws/analytics',
-      noscript: '/api/noscript',
-      discovery: '/api/discovery'
+      noscript: `/api/noscript/bridge/${site.id}`,
+      discovery: `/api/discovery/${site.id}`
     },
     fairness: {
       is_independent: dirEntry ? !!dirEntry.is_independent : false,
@@ -95,10 +95,15 @@ function buildDiscoveryDocument(site) {
       sandbox: true
     },
     endpoints: {
+      authenticate: '/api/wab/authenticate',
+      discover: `/api/wab/discover?siteId=${site.id}`,
+      actions: `/api/wab/actions?siteId=${site.id}`,
+      execute: '/api/wab/actions/{actionName}',
+      read: '/api/wab/read',
+      page_info: `/api/wab/page-info?siteId=${site.id}`,
+      search: '/api/wab/search',
+      ping: '/api/wab/ping',
       token_exchange: '/api/license/token',
-      verify: '/api/license/verify',
-      track: '/api/license/track',
-      actions: `/api/discovery/${site.id}`,
       bridge_page: `/api/noscript/bridge/${site.id}`
     }
   };

package/server/routes/noscript.js

@@ -13,7 +13,7 @@ const TRANSPARENT_GIF = Buffer.from(
   'base64'
 );
 
-const WAB_VERSION = '1.1.0';
+const WAB_VERSION = '1.1.1';
 
 // ─── Rate limiter for pixel endpoint (300 req/min per IP) ────────────
 const pixelLimiter = rateLimit({

package/server/routes/wab-api.js

@@ -0,0 +1,476 @@
+/**
+ * WAB Protocol HTTP Transport — RESTful endpoints that implement the
+ * WAB command protocol over HTTP for remote agents and the MCP adapter.
+ *
+ * Every command from the WAB spec (docs/SPEC.md §5) is accessible here
+ * so agents that cannot run JavaScript in a browser can still interact
+ * with WAB-enabled sites via standard HTTP requests.
+ */
+
+const express = require('express');
+const router = express.Router();
+const { findSiteById, findSiteByLicense, recordAnalytic, db } = require('../models/db');
+const { broadcastAnalytic } = require('../ws');
+const {
+  calculateNeutralityScore,
+  fairnessWeightedSearch,
+  getDirectoryListings,
+  generateFairnessReport
+} = require('../services/fairness');
+
+const WAB_VERSION = '1.1.1';
+const PROTOCOL_VERSION = '1.0';
+
+// ─── Session management ──────────────────────────────────────────────
+const sessions = new Map();
+const SESSION_TTL = 3600_000;
+
+setInterval(() => {
+  const now = Date.now();
+  for (const [token, data] of sessions) {
+    if (now > data.expiresAt) sessions.delete(token);
+  }
+}, 300_000);
+
+function generateSessionToken() {
+  const bytes = require('crypto').randomBytes(32);
+  return bytes.toString('hex');
+}
+
+function requireSession(req, res, next) {
+  const auth = req.get('Authorization');
+  if (!auth || !auth.startsWith('Bearer ')) {
+    return res.status(401).json({
+      type: 'error',
+      error: { code: 'auth_required', message: 'Bearer token required in Authorization header' }
+    });
+  }
+  const token = auth.slice(7);
+  const session = sessions.get(token);
+  if (!session || Date.now() > session.expiresAt) {
+    sessions.delete(token);
+    return res.status(401).json({
+      type: 'error',
+      error: { code: 'session_expired', message: 'Session expired or invalid' }
+    });
+  }
+  req.wabSession = session;
+  next();
+}
+
+// ─── Helper: resolve site from request ───────────────────────────────
+function resolveSite(req) {
+  if (req.wabSession) return findSiteById.get(req.wabSession.siteId);
+  const siteId = req.query.siteId || req.body?.siteId;
+  if (siteId) return findSiteById.get(siteId);
+  return null;
+}
+
+function parseSiteConfig(site) {
+  try { return JSON.parse(site.config || '{}'); } catch (_) { return {}; }
+}
+
+function buildCommandResponse(id, result) {
+  return { id: id || null, type: 'success', protocol: PROTOCOL_VERSION, result };
+}
+
+function buildErrorResponse(id, code, message) {
+  return { id: id || null, type: 'error', protocol: PROTOCOL_VERSION, error: { code, message } };
+}
+
+// ═════════════════════════════════════════════════════════════════════
+// POST /api/wab/authenticate — session token exchange
+// ═════════════════════════════════════════════════════════════════════
+
+router.post('/authenticate', (req, res) => {
+  try {
+    const { siteId, apiKey, meta } = req.body;
+    if (!siteId && !apiKey) {
+      return res.status(400).json(buildErrorResponse(null, 'invalid_argument', 'siteId or apiKey required'));
+    }
+
+    let site;
+    if (apiKey) {
+      site = db.prepare('SELECT * FROM sites WHERE api_key = ? AND active = 1').get(apiKey);
+    } else {
+      site = findSiteById.get(siteId);
+    }
+
+    if (!site) {
+      return res.status(404).json(buildErrorResponse(null, 'not_found', 'Site not found or invalid credentials'));
+    }
+
+    const origin = req.get('origin') || '';
+    if (origin) {
+      try {
+        const reqDomain = new URL(origin).hostname.replace(/^www\./, '');
+        const siteDomain = site.domain.replace(/^www\./, '');
+        if (reqDomain !== siteDomain && reqDomain !== 'localhost' && reqDomain !== '127.0.0.1') {
+          return res.status(403).json(buildErrorResponse(null, 'origin_mismatch', 'Origin does not match site domain'));
+        }
+      } catch (_) {}
+    }
+
+    const token = generateSessionToken();
+    sessions.set(token, {
+      siteId: site.id,
+      tier: site.tier,
+      domain: site.domain,
+      agentMeta: meta || {},
+      createdAt: Date.now(),
+      expiresAt: Date.now() + SESSION_TTL
+    });
+
+    res.json(buildCommandResponse(null, {
+      authenticated: true,
+      token,
+      siteId: site.id,
+      tier: site.tier,
+      expiresIn: SESSION_TTL / 1000,
+      permissions: parseSiteConfig(site).agentPermissions || {}
+    }));
+  } catch (err) {
+    res.status(500).json(buildErrorResponse(null, 'internal', 'Authentication failed'));
+  }
+});
+
+// ═════════════════════════════════════════════════════════════════════
+// GET /api/wab/discover — full discovery document
+// ═════════════════════════════════════════════════════════════════════
+
+router.get('/discover', (req, res) => {
+  try {
+    const site = resolveSite(req);
+    if (!site || !site.active) {
+      const domain = (req.get('origin') ? new URL(req.get('origin')).hostname : req.get('host')?.split(':')[0]) || '';
+      const byDomain = db.prepare(
+        'SELECT * FROM sites WHERE LOWER(REPLACE(domain, "www.", "")) = ? AND active = 1 LIMIT 1'
+      ).get(domain.toLowerCase().replace(/^www\./, ''));
+
+      if (!byDomain) {
+        return res.status(404).json(buildErrorResponse(null, 'not_found', 'No WAB site found'));
+      }
+      return res.json(buildCommandResponse(null, buildDiscovery(byDomain)));
+    }
+    res.json(buildCommandResponse(null, buildDiscovery(site)));
+  } catch (err) {
+    res.status(500).json(buildErrorResponse(null, 'internal', 'Discovery failed'));
+  }
+});
+
+// ═════════════════════════════════════════════════════════════════════
+// GET /api/wab/actions — list actions
+// ═════════════════════════════════════════════════════════════════════
+
+router.get('/actions', (req, res) => {
+  try {
+    const site = resolveSite(req);
+    if (!site) return res.status(400).json(buildErrorResponse(null, 'invalid_argument', 'siteId required'));
+
+    const config = parseSiteConfig(site);
+    const perms = config.agentPermissions || {};
+    const category = req.query.category;
+
+    const actions = Object.entries(perms)
+      .filter(([, v]) => v)
+      .map(([name]) => ({
+        name,
+        description: `Permission: ${name}`,
+        trigger: name === 'click' ? 'click' : name === 'fillForms' ? 'fill_and_submit' : name === 'scroll' ? 'scroll' : 'api',
+        category: name === 'navigate' ? 'navigation' : 'general',
+        requiresAuth: ['apiAccess', 'automatedLogin', 'extractData'].includes(name)
+      }));
+
+    const filtered = category ? actions.filter(a => a.category === category) : actions;
+
+    res.json(buildCommandResponse(req.query.id || null, { actions: filtered, total: filtered.length }));
+  } catch (err) {
+    res.status(500).json(buildErrorResponse(null, 'internal', 'Failed to list actions'));
+  }
+});
+
+// ═════════════════════════════════════════════════════════════════════
+// POST /api/wab/actions/:name — execute action (with tracking)
+// ═════════════════════════════════════════════════════════════════════
+
+router.post('/actions/:name', requireSession, (req, res) => {
+  try {
+    const actionName = req.params.name;
+    const site = findSiteById.get(req.wabSession.siteId);
+    if (!site) return res.status(404).json(buildErrorResponse(req.body?.id, 'not_found', 'Site not found'));
+
+    const config = parseSiteConfig(site);
+    const perms = config.agentPermissions || {};
+
+    const permMap = {
+      click: 'click', fill_and_submit: 'fillForms', scroll: 'scroll',
+      navigate: 'navigate', api: 'apiAccess', read: 'readContent', extract: 'extractData'
+    };
+    const requiredPerm = permMap[actionName] || actionName;
+
+    if (!perms[requiredPerm] && !perms[actionName]) {
+      return res.status(403).json(buildErrorResponse(req.body?.id, 'permission_denied',
+        `Action "${actionName}" is not permitted by site configuration`));
+    }
+
+    recordAnalytic({
+      siteId: site.id,
+      actionName,
+      agentId: req.wabSession.agentMeta?.name || 'mcp-agent',
+      triggerType: 'wab_api',
+      success: true,
+      metadata: { params: req.body?.params || {}, transport: 'http' }
+    });
+
+    broadcastAnalytic(site.id, {
+      actionName,
+      agentId: req.wabSession.agentMeta?.name || 'mcp-agent',
+      triggerType: 'wab_api',
+      success: true
+    });
+
+    res.json(buildCommandResponse(req.body?.id, {
+      success: true,
+      action: actionName,
+      siteId: site.id,
+      executed_at: new Date().toISOString(),
+      note: 'Server-side action recorded. For DOM interactions, use the bridge script in-browser.'
+    }));
+  } catch (err) {
+    res.status(500).json(buildErrorResponse(req.body?.id, 'internal', 'Action execution failed'));
+  }
+});
+
+// ═════════════════════════════════════════════════════════════════════
+// POST /api/wab/read — read content (selector-based, requires in-browser)
+// ═════════════════════════════════════════════════════════════════════
+
+router.post('/read', requireSession, (req, res) => {
+  try {
+    const { selector, id } = req.body;
+    if (!selector) {
+      return res.status(400).json(buildErrorResponse(id, 'invalid_argument', 'selector is required'));
+    }
+
+    const site = findSiteById.get(req.wabSession.siteId);
+    if (!site) return res.status(404).json(buildErrorResponse(id, 'not_found', 'Site not found'));
+
+    const config = parseSiteConfig(site);
+    if (!config.agentPermissions?.readContent) {
+      return res.status(403).json(buildErrorResponse(id, 'permission_denied', 'readContent not enabled'));
+    }
+
+    recordAnalytic({
+      siteId: site.id,
+      actionName: 'readContent',
+      agentId: req.wabSession.agentMeta?.name || 'mcp-agent',
+      triggerType: 'wab_api',
+      success: true,
+      metadata: { selector, transport: 'http' }
+    });
+
+    res.json(buildCommandResponse(id, {
+      success: true,
+      selector,
+      note: 'Content reading via HTTP returns metadata only. Use the bridge script in-browser or the noscript bridge for rendered content.',
+      bridge_page: `/api/noscript/bridge/${site.id}`,
+      noscript_endpoints: {
+        pixel: `/api/noscript/pixel/${site.id}`,
+        css: `/api/noscript/css/${site.id}`,
+        bridge: `/api/noscript/bridge/${site.id}`
+      }
+    }));
+  } catch (err) {
+    res.status(500).json(buildErrorResponse(null, 'internal', 'Read failed'));
+  }
+});
+
+// ═════════════════════════════════════════════════════════════════════
+// GET /api/wab/page-info — get page/site metadata
+// ═════════════════════════════════════════════════════════════════════
+
+router.get('/page-info', (req, res) => {
+  try {
+    const site = resolveSite(req);
+    if (!site) return res.status(400).json(buildErrorResponse(null, 'invalid_argument', 'siteId required'));
+
+    const config = parseSiteConfig(site);
+    const neutralityScore = calculateNeutralityScore(site);
+
+    res.json(buildCommandResponse(req.query.id || null, {
+      title: site.name,
+      domain: site.domain,
+      url: `https://${site.domain}`,
+      tier: site.tier,
+      bridgeVersion: WAB_VERSION,
+      protocol: PROTOCOL_VERSION,
+      permissions: config.agentPermissions || {},
+      restrictions: config.restrictions || {},
+      security: {
+        sandboxActive: true,
+        sessionRequired: true,
+        originValidation: true,
+        rateLimit: config.restrictions?.rateLimit?.maxCallsPerMinute || 60
+      },
+      fairness: {
+        neutralityScore,
+        isIndependent: false
+      },
+      endpoints: {
+        discover: `/api/wab/discover?siteId=${site.id}`,
+        actions: `/api/wab/actions?siteId=${site.id}`,
+        authenticate: '/api/wab/authenticate',
+        bridge: `/api/noscript/bridge/${site.id}`,
+        discovery: `/api/discovery/${site.id}`
+      }
+    }));
+  } catch (err) {
+    res.status(500).json(buildErrorResponse(null, 'internal', 'Failed to get page info'));
+  }
+});
+
+// ═════════════════════════════════════════════════════════════════════
+// GET /api/wab/search — fairness-weighted search (MCP adapter uses this)
+// ═════════════════════════════════════════════════════════════════════
+
+router.get('/search', (req, res) => {
+  try {
+    const query = req.query.q || '';
+    const category = req.query.category || null;
+    const limit = Math.min(parseInt(req.query.limit) || 10, 100);
+
+    let sql = `
+      SELECT s.*, d.category, d.tags, d.is_independent, d.commission_rate,
+             d.direct_benefit, d.neutrality_score, d.trust_signature
+      FROM wab_directory d
+      JOIN sites s ON d.site_id = s.id AND s.active = 1
+      WHERE d.listed = 1
+    `;
+    const params = [];
+
+    if (category) {
+      sql += ' AND d.category = ?';
+      params.push(category);
+    }
+
+    sql += ' ORDER BY d.neutrality_score DESC LIMIT ?';
+    params.push(limit * 3);
+
+    const candidates = db.prepare(sql).all(...params);
+    const results = fairnessWeightedSearch(query, candidates).slice(0, limit);
+
+    res.json(buildCommandResponse(req.query.id || null, {
+      query,
+      total: results.length,
+      fairness_applied: true,
+      results: results.map(r => ({
+        siteId: r.id,
+        name: r.name,
+        domain: r.domain,
+        description: r.description || '',
+        category: r.category || 'general',
+        tier: r.tier,
+        neutrality_score: r._neutralityScore,
+        is_independent: r._isIndependent,
+        relevance_score: r._relevance,
+        fairness_boost: r._fairnessBoost,
+        final_score: r._finalScore,
+        endpoints: {
+          discover: `/api/wab/discover?siteId=${r.id}`,
+          actions: `/api/wab/actions?siteId=${r.id}`,
+          bridge: `/api/noscript/bridge/${r.id}`
+        }
+      }))
+    }));
+  } catch (err) {
+    res.status(500).json(buildErrorResponse(null, 'internal', 'Search failed'));
+  }
+});
+
+// ═════════════════════════════════════════════════════════════════════
+// GET /api/wab/ping — health check
+// ═════════════════════════════════════════════════════════════════════
+
+router.get('/ping', (_req, res) => {
+  res.json(buildCommandResponse(null, {
+    pong: true,
+    version: WAB_VERSION,
+    protocol: PROTOCOL_VERSION,
+    timestamp: Date.now(),
+    status: 'healthy'
+  }));
+});
+
+// ─── Discovery document builder ──────────────────────────────────────
+
+function buildDiscovery(site) {
+  const config = parseSiteConfig(site);
+  const perms = config.agentPermissions || {};
+  const features = config.features || {};
+
+  const commands = Object.entries(perms)
+    .filter(([, v]) => v)
+    .map(([name]) => ({
+      name,
+      trigger: name === 'click' ? 'click' : name === 'fillForms' ? 'fill_and_submit' : name === 'scroll' ? 'scroll' : 'api',
+      requiresAuth: ['apiAccess', 'automatedLogin', 'extractData'].includes(name)
+    }));
+
+  const featureList = ['auto_discovery', 'noscript_fallback', 'wab_protocol_api'];
+  if (features.advancedAnalytics) featureList.push('advanced_analytics');
+  if (features.realTimeUpdates) featureList.push('real_time_updates');
+
+  const dirEntry = db.prepare('SELECT * FROM wab_directory WHERE site_id = ?').get(site.id);
+
+  return {
+    wab_version: WAB_VERSION,
+    protocol: PROTOCOL_VERSION,
+    generated_at: new Date().toISOString(),
+    provider: {
+      name: site.name,
+      domain: site.domain,
+      category: dirEntry?.category || 'general',
+      description: site.description || ''
+    },
+    capabilities: {
+      commands,
+      permissions: perms,
+      tier: site.tier,
+      transport: ['js_global', 'http', 'websocket'],
+      features: featureList
+    },
+    agent_access: {
+      bridge_script: '/script/ai-agent-bridge.js',
+      api_base: '/api/wab',
+      websocket: '/ws/analytics',
+      noscript: `/api/noscript/bridge/${site.id}`,
+      discovery: `/api/discovery/${site.id}`
+    },
+    fairness: {
+      is_independent: dirEntry ? !!dirEntry.is_independent : false,
+      commission_rate: dirEntry ? dirEntry.commission_rate : 0,
+      direct_benefit: dirEntry ? (dirEntry.direct_benefit || '') : '',
+      neutrality_score: calculateNeutralityScore(site)
+    },
+    security: {
+      session_required: true,
+      origin_validation: true,
+      rate_limit: config.restrictions?.rateLimit?.maxCallsPerMinute || 60,
+      sandbox: true
+    },
+    endpoints: {
+      authenticate: '/api/wab/authenticate',
+      discover: `/api/wab/discover?siteId=${site.id}`,
+      actions: `/api/wab/actions?siteId=${site.id}`,
+      execute: '/api/wab/actions/{actionName}',
+      read: '/api/wab/read',
+      page_info: `/api/wab/page-info?siteId=${site.id}`,
+      search: '/api/wab/search',
+      ping: '/api/wab/ping',
+      token_exchange: '/api/license/token',
+      bridge_page: `/api/noscript/bridge/${site.id}`
+    }
+  };
+}
+
+module.exports = router;

package/server/services/fairness.js

@@ -5,7 +5,7 @@
 
 const { db } = require('../models/db');
 
-const WAB_VERSION = '1.1.0';
+const WAB_VERSION = '1.1.1';
 
 // ─── Directory Table (created lazily) ────────────────────────────────
 

package/wab-mcp-adapter/README.md

@@ -39,7 +39,7 @@ adapter.close();
 | `siteId` | `string` | `null` | WAB site identifier |
 | `apiKey` | `string` | `null` | API key for authenticated requests |
 | `transport` | `string` | `'http'` | Transport type: `http`, `websocket`, or `direct` |
-| `registryUrl` | `string` | `https://registry.webagentbridge.com` | WAB fairness registry URL |
+| `registryUrl` | `string` | `https://webagentbridge.com` | WAB fairness registry URL |
 | `page` | `object` | — | Puppeteer/Playwright page (required for `direct`) |
 | `wsUrl` | `string` | auto | WebSocket URL (required for `websocket` if no `siteUrl`) |
 | `timeout` | `number` | `15000` | Request timeout in milliseconds |

package/wab-mcp-adapter/index.js

@@ -11,7 +11,7 @@
 'use strict';
 
 const DISCOVERY_PATHS = ['/agent-bridge.json', '/.well-known/wab.json'];
-const DEFAULT_REGISTRY = 'https://registry.webagentbridge.com';
+const DEFAULT_REGISTRY = 'https://webagentbridge.com';
 const DEFAULT_TIMEOUT_MS = 15_000;
 
 // ---------------------------------------------------------------------------
@@ -320,20 +320,35 @@ class WABMCPAdapter {
       }
     }
 
+    if (this.siteId) {
+      try {
+        this._discovery = await jsonFetch(
+          resolveUrl(base, `/api/discovery/${this.siteId}`), {}, this.timeout
+        );
+        this._extractActions(this._discovery);
+        return this._discovery;
+      } catch (err) { lastError = err; }
+    }
+
     try {
-      this._discovery = await this._transport.request('/api/wab/discover');
+      this._discovery = await jsonFetch(
+        resolveUrl(base, '/api/wab/discover'), {}, this.timeout
+      );
+      if (this._discovery.result) this._discovery = this._discovery.result;
       this._extractActions(this._discovery);
       return this._discovery;
-    } catch (err) {
-      lastError = err;
-    }
+    } catch (err) { lastError = err; }
 
     throw new Error(`WAB discovery failed for ${base}: ${lastError?.message}`);
   }
 
   /** @private */
   _extractActions(doc) {
-    this._siteActions = doc.actions || doc.capabilities?.actions || [];
+    const actions = doc.actions || doc.capabilities?.commands || doc.capabilities?.actions || [];
+    this._siteActions = Array.isArray(actions) ? actions.map(a => {
+      if (typeof a === 'string') return { name: a, description: `Permission: ${a}`, trigger: 'api' };
+      return a;
+    }) : [];
   }
 
   // -----------------------------------------------------------------------
@@ -430,7 +445,7 @@ class WABMCPAdapter {
         method: 'POST',
         headers: { 'Content-Type': 'application/json', ...headers },
         body: JSON.stringify({ params: params || {} }),
-      }, this.timeout);
+      }, this.timeout).then(r => r.result || r);
     }
 
     return this._transport.request(`/api/wab/actions/${name}`, { name, data: params || {} });
@@ -446,7 +461,7 @@ class WABMCPAdapter {
         method: 'POST',
         headers: { 'Content-Type': 'application/json', ...this._authHeaders() },
         body: JSON.stringify({ selector }),
-      }, this.timeout);
+      }, this.timeout).then(r => r.result || r);
     }
 
     return this._transport.request('/api/wab/read', { selector });
@@ -455,7 +470,11 @@ class WABMCPAdapter {
   /** @private */
   async _getPageInfo() {
     if (this._transport instanceof HTTPTransport) {
-      return jsonFetch(resolveUrl(this.siteUrl, '/api/wab/page-info'), { headers: this._authHeaders() }, this.timeout);
+      const siteParam = this.siteId ? `?siteId=${this.siteId}` : '';
+      return jsonFetch(
+        resolveUrl(this.siteUrl, `/api/wab/page-info${siteParam}`),
+        { headers: this._authHeaders() }, this.timeout
+      ).then(r => r.result || r);
     }
     return this._transport.request('/api/wab/page-info');
   }
@@ -474,10 +493,12 @@ class WABMCPAdapter {
    * @returns {Promise<object>}
    */
   async _fairnessSearch(query, category, limit = 10) {
-    const params = new URLSearchParams({ q: query, limit: String(limit) });
+    const params = new URLSearchParams({ q: query || '', limit: String(limit) });
     if (category) params.set('category', category);
 
-    return jsonFetch(`${this.registryUrl}/api/search?${params}`, {}, this.timeout);
+    const base = this.siteUrl || this.registryUrl;
+    const result = await jsonFetch(`${base.replace(/\/+$/, '')}/api/wab/search?${params}`, {}, this.timeout);
+    return result.result || result;
   }
 
   // -----------------------------------------------------------------------
@@ -488,7 +509,11 @@ class WABMCPAdapter {
   async _authenticate(apiKey, meta) {
     if (!apiKey) throw new Error('apiKey is required');
 
-    const payload = { apiKey, ...(meta ? { meta } : {}) };
+    const payload = {
+      apiKey,
+      ...(this.siteId ? { siteId: this.siteId } : {}),
+      ...(meta ? { meta } : {})
+    };
 
     if (this._transport instanceof HTTPTransport) {
       const result = await jsonFetch(resolveUrl(this.siteUrl, '/api/wab/authenticate'), {
@@ -496,13 +521,15 @@ class WABMCPAdapter {
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify(payload),
       }, this.timeout);
-      if (result.token) this._sessionToken = result.token;
-      return result;
+      const data = result.result || result;
+      if (data.token) this._sessionToken = data.token;
+      return data;
     }
 
     const result = await this._transport.request('/api/wab/authenticate', payload);
-    if (result.token) this._sessionToken = result.token;
-    return result;
+    const data = result.result || result;
+    if (data.token) this._sessionToken = data.token;
+    return data;
   }
 
   /** @private Build auth headers from session token and/or API key. */

package/wab-mcp-adapter/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wab-mcp-adapter",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "MCP adapter for Web Agent Bridge — expose WAB site capabilities as MCP tools",
   "main": "index.js",
   "keywords": ["wab", "mcp", "ai-agent", "model-context-protocol", "web-agent-bridge"],