npm - web-agent-bridge - Versions diffs - 1.1.1 → 1.1.2 - Mend

web-agent-bridge 1.1.1 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

package/LICENSE +21 -21
package/README.ar.md +446 -446
package/README.md +844 -844
package/bin/cli.js +80 -80
package/bin/wab.js +80 -80
package/docs/DEPLOY.md +118 -118
package/docs/SPEC.md +1540 -1540
package/examples/bidi-agent.js +119 -119
package/examples/mcp-agent.js +94 -94
package/examples/puppeteer-agent.js +108 -108
package/examples/vision-agent.js +171 -171
package/package.json +78 -78
package/public/admin/dashboard.html +848 -848
package/public/admin/login.html +84 -84
package/public/cookies.html +208 -208
package/public/css/styles.css +1235 -1235
package/public/dashboard.html +704 -704
package/public/docs.html +585 -585
package/public/index.html +332 -332
package/public/js/auth-nav.js +31 -31
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/ws-client.js +74 -74
package/public/login.html +83 -83
package/public/privacy.html +295 -295
package/public/register.html +103 -103
package/public/terms.html +254 -254
package/script/ai-agent-bridge.js +1513 -1513
package/sdk/README.md +55 -55
package/sdk/index.js +203 -203
package/sdk/package.json +14 -14
package/server/config/secrets.js +92 -92
package/server/index.js +181 -181
package/server/middleware/adminAuth.js +30 -30
package/server/middleware/auth.js +41 -41
package/server/middleware/rateLimits.js +24 -24
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +561 -561
package/server/routes/admin.js +247 -247
package/server/routes/api.js +138 -138
package/server/routes/auth.js +51 -51
package/server/routes/billing.js +45 -45
package/server/routes/discovery.js +329 -329
package/server/routes/license.js +240 -240
package/server/routes/noscript.js +543 -543
package/server/routes/wab-api.js +476 -476
package/server/services/email.js +204 -204
package/server/services/fairness.js +420 -420
package/server/services/stripe.js +192 -192
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/secureFields.js +50 -50
package/server/ws.js +101 -101
package/wab-mcp-adapter/README.md +136 -136
package/wab-mcp-adapter/index.js +555 -555
package/wab-mcp-adapter/package.json +17 -17
package/public/css/premium.css +0 -317
package/public/premium-dashboard.html +0 -2075
package/public/premium.html +0 -791
package/server/migrations/002_premium_features.sql +0 -418
package/server/routes/premium.js +0 -724
package/server/services/premium.js +0 -1680

package/server/middleware/auth.js CHANGED Viewed

@@ -1,41 +1,41 @@
-const { signUserToken, verifyUserToken } = require('../config/secrets');
-function generateToken(user) {
-  return signUserToken(
-    { id: user.id, email: user.email, name: user.name },
-    { expiresIn: '7d' }
-  );
-}
-function authenticateToken(req, res, next) {
-  const authHeader = req.headers['authorization'];
-  const token = authHeader && authHeader.split(' ')[1];
-  if (!token) {
-    return res.status(401).json({ error: 'Access token required' });
-  }
-  try {
-    const decoded = verifyUserToken(token);
-    req.user = decoded;
-    next();
-  } catch (err) {
-    return res.status(403).json({ error: 'Invalid or expired token' });
-  }
-}
-function optionalAuth(req, res, next) {
-  const authHeader = req.headers['authorization'];
-  const token = authHeader && authHeader.split(' ')[1];
-  if (token) {
-    try {
-      req.user = verifyUserToken(token);
-    } catch (e) {
-      // ignore invalid tokens for optional auth
-    }
-  }
-  next();
-}
-module.exports = { generateToken, authenticateToken, optionalAuth };
+const { signUserToken, verifyUserToken } = require('../config/secrets');
+function generateToken(user) {
+  return signUserToken(
+    { id: user.id, email: user.email, name: user.name },
+    { expiresIn: '7d' }
+  );
+}
+function authenticateToken(req, res, next) {
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1];
+  if (!token) {
+    return res.status(401).json({ error: 'Access token required' });
+  }
+  try {
+    const decoded = verifyUserToken(token);
+    req.user = decoded;
+    next();
+  } catch (err) {
+    return res.status(403).json({ error: 'Invalid or expired token' });
+  }
+}
+function optionalAuth(req, res, next) {
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1];
+  if (token) {
+    try {
+      req.user = verifyUserToken(token);
+    } catch (e) {
+      // ignore invalid tokens for optional auth
+    }
+  }
+  next();
+}
+module.exports = { generateToken, authenticateToken, optionalAuth };

package/server/middleware/rateLimits.js CHANGED Viewed

@@ -1,24 +1,24 @@
-/**
- * Stricter rate limits for license token / track endpoints (used inside license router).
- */
-const rateLimit = require('express-rate-limit');
-const licenseTokenLimiter = rateLimit({
-  windowMs: 15 * 60 * 1000,
-  max: 30,
-  standardHeaders: true,
-  legacyHeaders: false,
-  message: { error: 'Too many token requests, please try again later' }
-});
-const licenseTrackLimiter = rateLimit({
-  windowMs: 60 * 1000,
-  max: 300,
-  standardHeaders: true,
-  legacyHeaders: false,
-  keyGenerator: (req) => `${req.ip}:${req.body?.sessionToken || req.body?.siteId || 'anon'}`,
-  message: { error: 'Too many track requests, please try again later' }
-});
-module.exports = { licenseTokenLimiter, licenseTrackLimiter };
+/**
+ * Stricter rate limits for license token / track endpoints (used inside license router).
+ */
+const rateLimit = require('express-rate-limit');
+const licenseTokenLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 30,
+  standardHeaders: true,
+  legacyHeaders: false,
+  message: { error: 'Too many token requests, please try again later' }
+});
+const licenseTrackLimiter = rateLimit({
+  windowMs: 60 * 1000,
+  max: 300,
+  standardHeaders: true,
+  legacyHeaders: false,
+  keyGenerator: (req) => `${req.ip}:${req.body?.sessionToken || req.body?.siteId || 'anon'}`,
+  message: { error: 'Too many track requests, please try again later' }
+});
+module.exports = { licenseTokenLimiter, licenseTrackLimiter };

package/server/migrations/001_add_analytics_indexes.sql CHANGED Viewed

@@ -1,7 +1,7 @@
--- Migration 001: Add composite indexes for analytics performance
--- Created: 2024-12-01
-CREATE INDEX IF NOT EXISTS idx_analytics_site_action ON analytics(site_id, action_name);
-CREATE INDEX IF NOT EXISTS idx_analytics_site_created ON analytics(site_id, created_at);
-CREATE INDEX IF NOT EXISTS idx_subscriptions_user ON subscriptions(user_id);
-CREATE INDEX IF NOT EXISTS idx_subscriptions_status ON subscriptions(status);
+-- Migration 001: Add composite indexes for analytics performance
+-- Created: 2024-12-01
+CREATE INDEX IF NOT EXISTS idx_analytics_site_action ON analytics(site_id, action_name);
+CREATE INDEX IF NOT EXISTS idx_analytics_site_created ON analytics(site_id, created_at);
+CREATE INDEX IF NOT EXISTS idx_subscriptions_user ON subscriptions(user_id);
+CREATE INDEX IF NOT EXISTS idx_subscriptions_status ON subscriptions(status);

package/server/models/adapters/index.js CHANGED Viewed

@@ -1,33 +1,33 @@
-/**
- * Database Adapter Interface
- *
- * WAB supports multiple database backends via adapters.
- * Set DB_ADAPTER environment variable to choose: sqlite (default), postgresql, mysql
- *
- * For PostgreSQL:
- *   npm install pg
- *   DB_ADAPTER=postgresql DATABASE_URL=postgres://user:pass@host:5432/wab
- *
- * For MySQL:
- *   npm install mysql2
- *   DB_ADAPTER=mysql DATABASE_URL=mysql://user:pass@host:3306/wab
- */
-const adapter = process.env.DB_ADAPTER || 'sqlite';
-let db;
-switch (adapter) {
-  case 'postgresql':
-  case 'postgres':
-    db = require('./postgresql');
-    break;
-  case 'mysql':
-    db = require('./mysql');
-    break;
-  case 'sqlite':
-  default:
-    db = require('./sqlite');
-    break;
-}
-module.exports = db;
+/**
+ * Database Adapter Interface
+ *
+ * WAB supports multiple database backends via adapters.
+ * Set DB_ADAPTER environment variable to choose: sqlite (default), postgresql, mysql
+ *
+ * For PostgreSQL:
+ *   npm install pg
+ *   DB_ADAPTER=postgresql DATABASE_URL=postgres://user:pass@host:5432/wab
+ *
+ * For MySQL:
+ *   npm install mysql2
+ *   DB_ADAPTER=mysql DATABASE_URL=mysql://user:pass@host:3306/wab
+ */
+const adapter = process.env.DB_ADAPTER || 'sqlite';
+let db;
+switch (adapter) {
+  case 'postgresql':
+  case 'postgres':
+    db = require('./postgresql');
+    break;
+  case 'mysql':
+    db = require('./mysql');
+    break;
+  case 'sqlite':
+  default:
+    db = require('./sqlite');
+    break;
+}
+module.exports = db;

package/server/models/adapters/mysql.js CHANGED Viewed

@@ -1,183 +1,183 @@
-/**
- * MySQL Adapter for WAB
- *
- * Prerequisites: npm install mysql2
- * Set DATABASE_URL=mysql://user:pass@host:3306/wab
- *
- * This adapter implements the same interface as the SQLite adapter
- * so it can be used as a drop-in replacement.
- */
-const mysql = require('mysql2/promise');
-const bcrypt = require('bcryptjs');
-const { v4: uuidv4 } = require('uuid');
-const pool = mysql.createPool(process.env.DATABASE_URL);
-// Initialize tables
-async function initDB() {
-  const conn = await pool.getConnection();
-  try {
-    await conn.query(`
-      CREATE TABLE IF NOT EXISTS users (
-        id VARCHAR(36) PRIMARY KEY,
-        email VARCHAR(255) UNIQUE NOT NULL,
-        password VARCHAR(255) NOT NULL,
-        name VARCHAR(255) NOT NULL,
-        company VARCHAR(255),
-        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-        updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
-      )
-    `);
-    await conn.query(`
-      CREATE TABLE IF NOT EXISTS sites (
-        id VARCHAR(36) PRIMARY KEY,
-        user_id VARCHAR(36) NOT NULL,
-        domain VARCHAR(255) NOT NULL,
-        name VARCHAR(255) NOT NULL,
-        description TEXT,
-        tier ENUM('free','starter','pro','enterprise') DEFAULT 'free',
-        license_key VARCHAR(30) UNIQUE NOT NULL,
-        api_key VARCHAR(50) UNIQUE,
-        config JSON,
-        active BOOLEAN DEFAULT TRUE,
-        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-        updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
-        FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
-        INDEX idx_sites_domain (domain),
-        INDEX idx_sites_license (license_key)
-      )
-    `);
-    await conn.query(`
-      CREATE TABLE IF NOT EXISTS analytics (
-        id INT AUTO_INCREMENT PRIMARY KEY,
-        site_id VARCHAR(36) NOT NULL,
-        action_name VARCHAR(255) NOT NULL,
-        agent_id VARCHAR(255),
-        trigger_type VARCHAR(50),
-        success BOOLEAN,
-        metadata JSON,
-        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-        FOREIGN KEY (site_id) REFERENCES sites(id) ON DELETE CASCADE,
-        INDEX idx_analytics_site (site_id),
-        INDEX idx_analytics_created (created_at)
-      )
-    `);
-    await conn.query(`
-      CREATE TABLE IF NOT EXISTS subscriptions (
-        id VARCHAR(36) PRIMARY KEY,
-        user_id VARCHAR(36) NOT NULL,
-        site_id VARCHAR(36) NOT NULL,
-        tier ENUM('free','starter','pro','enterprise') NOT NULL,
-        status ENUM('active','cancelled','expired','trial') DEFAULT 'active',
-        started_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-        expires_at TIMESTAMP NULL,
-        FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
-        FOREIGN KEY (site_id) REFERENCES sites(id) ON DELETE CASCADE
-      )
-    `);
-  } finally {
-    conn.release();
-  }
-}
-initDB().catch(console.error);
-function generateLicenseKey() {
-  const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
-  const segments = [];
-  for (let s = 0; s < 4; s++) {
-    let seg = '';
-    for (let i = 0; i < 5; i++) seg += chars[Math.floor(Math.random() * chars.length)];
-    segments.push(seg);
-  }
-  return `WAB-${segments.join('-')}`;
-}
-function generateApiKey() {
-  return `wab_${uuidv4().replace(/-/g, '')}`;
-}
-// ─── User Operations ──────────────────────────────────────────────────
-async function registerUser({ email, password, name, company }) {
-  const id = uuidv4();
-  const hashed = bcrypt.hashSync(password, 12);
-  await pool.execute(
-    'INSERT INTO users (id, email, password, name, company) VALUES (?, ?, ?, ?, ?)',
-    [id, email, hashed, name, company || null]
-  );
-  return { id, email, name, company };
-}
-async function loginUser({ email, password }) {
-  const [rows] = await pool.execute('SELECT * FROM users WHERE email = ?', [email]);
-  const user = rows[0];
-  if (!user) return null;
-  if (!bcrypt.compareSync(password, user.password)) return null;
-  return { id: user.id, email: user.email, name: user.name, company: user.company };
-}
-// ─── Site Operations ──────────────────────────────────────────────────
-async function addSite({ userId, domain, name, description, tier }) {
-  const id = uuidv4();
-  const licenseKey = generateLicenseKey();
-  const apiKey = generateApiKey();
-  const config = JSON.stringify({
-    agentPermissions: { readContent: true, click: true, fillForms: false, scroll: true, navigate: false, apiAccess: false, automatedLogin: false, extractData: false },
-    features: { advancedAnalytics: false, realTimeUpdates: false },
-    restrictions: { allowedSelectors: [], blockedSelectors: ['.private', '[data-private]'], rateLimit: { maxCallsPerMinute: 60 } },
-    logging: { enabled: false, level: 'basic' }
-  });
-  await pool.execute(
-    'INSERT INTO sites (id, user_id, domain, name, description, tier, license_key, api_key, config) VALUES (?,?,?,?,?,?,?,?,?)',
-    [id, userId, domain, name, description || '', tier || 'free', licenseKey, apiKey, config]
-  );
-  return { id, domain, name, licenseKey, apiKey, tier: tier || 'free' };
-}
-// ─── Analytics ────────────────────────────────────────────────────────
-async function recordAnalytic({ siteId, actionName, agentId, triggerType, success, metadata }) {
-  await pool.execute(
-    'INSERT INTO analytics (site_id, action_name, agent_id, trigger_type, success, metadata) VALUES (?,?,?,?,?,?)',
-    [siteId, actionName, agentId || null, triggerType || null, success ? 1 : 0, JSON.stringify(metadata || {})]
-  );
-}
-// ─── License Verification ─────────────────────────────────────────────
-async function verifyLicense(domain, licenseKey) {
-  const [rows] = await pool.execute(
-    'SELECT * FROM sites WHERE domain = ? AND license_key = ? AND active = TRUE', [domain, licenseKey]
-  );
-  const site = rows[0];
-  if (!site) {
-    const [byKey] = await pool.execute('SELECT * FROM sites WHERE license_key = ? AND active = TRUE', [licenseKey]);
-    if (byKey[0]) return { valid: false, error: 'Domain mismatch', tier: 'free' };
-    return { valid: false, error: 'Invalid license key', tier: 'free' };
-  }
-  const tierPermissions = {
-    free: { apiAccess: false, automatedLogin: false, extractData: false, advancedAnalytics: false },
-    starter: { apiAccess: false, automatedLogin: true, extractData: false, advancedAnalytics: true },
-    pro: { apiAccess: true, automatedLogin: true, extractData: true, advancedAnalytics: true },
-    enterprise: { apiAccess: true, automatedLogin: true, extractData: true, advancedAnalytics: true }
-  };
-  const config = typeof site.config === 'string' ? JSON.parse(site.config) : site.config;
-  return {
-    valid: true,
-    tier: site.tier,
-    permissions: { ...config.agentPermissions, ...tierPermissions[site.tier] },
-    restrictions: config.restrictions,
-    features: config.features,
-    siteId: site.id
-  };
-}
-module.exports = {
-  registerUser,
-  loginUser,
-  addSite,
-  recordAnalytic,
-  verifyLicense,
-  pool
-};
+/**
+ * MySQL Adapter for WAB
+ *
+ * Prerequisites: npm install mysql2
+ * Set DATABASE_URL=mysql://user:pass@host:3306/wab
+ *
+ * This adapter implements the same interface as the SQLite adapter
+ * so it can be used as a drop-in replacement.
+ */
+const mysql = require('mysql2/promise');
+const bcrypt = require('bcryptjs');
+const { v4: uuidv4 } = require('uuid');
+const pool = mysql.createPool(process.env.DATABASE_URL);
+// Initialize tables
+async function initDB() {
+  const conn = await pool.getConnection();
+  try {
+    await conn.query(`
+      CREATE TABLE IF NOT EXISTS users (
+        id VARCHAR(36) PRIMARY KEY,
+        email VARCHAR(255) UNIQUE NOT NULL,
+        password VARCHAR(255) NOT NULL,
+        name VARCHAR(255) NOT NULL,
+        company VARCHAR(255),
+        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
+      )
+    `);
+    await conn.query(`
+      CREATE TABLE IF NOT EXISTS sites (
+        id VARCHAR(36) PRIMARY KEY,
+        user_id VARCHAR(36) NOT NULL,
+        domain VARCHAR(255) NOT NULL,
+        name VARCHAR(255) NOT NULL,
+        description TEXT,
+        tier ENUM('free','starter','pro','enterprise') DEFAULT 'free',
+        license_key VARCHAR(30) UNIQUE NOT NULL,
+        api_key VARCHAR(50) UNIQUE,
+        config JSON,
+        active BOOLEAN DEFAULT TRUE,
+        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+        FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
+        INDEX idx_sites_domain (domain),
+        INDEX idx_sites_license (license_key)
+      )
+    `);
+    await conn.query(`
+      CREATE TABLE IF NOT EXISTS analytics (
+        id INT AUTO_INCREMENT PRIMARY KEY,
+        site_id VARCHAR(36) NOT NULL,
+        action_name VARCHAR(255) NOT NULL,
+        agent_id VARCHAR(255),
+        trigger_type VARCHAR(50),
+        success BOOLEAN,
+        metadata JSON,
+        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        FOREIGN KEY (site_id) REFERENCES sites(id) ON DELETE CASCADE,
+        INDEX idx_analytics_site (site_id),
+        INDEX idx_analytics_created (created_at)
+      )
+    `);
+    await conn.query(`
+      CREATE TABLE IF NOT EXISTS subscriptions (
+        id VARCHAR(36) PRIMARY KEY,
+        user_id VARCHAR(36) NOT NULL,
+        site_id VARCHAR(36) NOT NULL,
+        tier ENUM('free','starter','pro','enterprise') NOT NULL,
+        status ENUM('active','cancelled','expired','trial') DEFAULT 'active',
+        started_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        expires_at TIMESTAMP NULL,
+        FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
+        FOREIGN KEY (site_id) REFERENCES sites(id) ON DELETE CASCADE
+      )
+    `);
+  } finally {
+    conn.release();
+  }
+}
+initDB().catch(console.error);
+function generateLicenseKey() {
+  const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+  const segments = [];
+  for (let s = 0; s < 4; s++) {
+    let seg = '';
+    for (let i = 0; i < 5; i++) seg += chars[Math.floor(Math.random() * chars.length)];
+    segments.push(seg);
+  }
+  return `WAB-${segments.join('-')}`;
+}
+function generateApiKey() {
+  return `wab_${uuidv4().replace(/-/g, '')}`;
+}
+// ─── User Operations ──────────────────────────────────────────────────
+async function registerUser({ email, password, name, company }) {
+  const id = uuidv4();
+  const hashed = bcrypt.hashSync(password, 12);
+  await pool.execute(
+    'INSERT INTO users (id, email, password, name, company) VALUES (?, ?, ?, ?, ?)',
+    [id, email, hashed, name, company || null]
+  );
+  return { id, email, name, company };
+}
+async function loginUser({ email, password }) {
+  const [rows] = await pool.execute('SELECT * FROM users WHERE email = ?', [email]);
+  const user = rows[0];
+  if (!user) return null;
+  if (!bcrypt.compareSync(password, user.password)) return null;
+  return { id: user.id, email: user.email, name: user.name, company: user.company };
+}
+// ─── Site Operations ──────────────────────────────────────────────────
+async function addSite({ userId, domain, name, description, tier }) {
+  const id = uuidv4();
+  const licenseKey = generateLicenseKey();
+  const apiKey = generateApiKey();
+  const config = JSON.stringify({
+    agentPermissions: { readContent: true, click: true, fillForms: false, scroll: true, navigate: false, apiAccess: false, automatedLogin: false, extractData: false },
+    features: { advancedAnalytics: false, realTimeUpdates: false },
+    restrictions: { allowedSelectors: [], blockedSelectors: ['.private', '[data-private]'], rateLimit: { maxCallsPerMinute: 60 } },
+    logging: { enabled: false, level: 'basic' }
+  });
+  await pool.execute(
+    'INSERT INTO sites (id, user_id, domain, name, description, tier, license_key, api_key, config) VALUES (?,?,?,?,?,?,?,?,?)',
+    [id, userId, domain, name, description || '', tier || 'free', licenseKey, apiKey, config]
+  );
+  return { id, domain, name, licenseKey, apiKey, tier: tier || 'free' };
+}
+// ─── Analytics ────────────────────────────────────────────────────────
+async function recordAnalytic({ siteId, actionName, agentId, triggerType, success, metadata }) {
+  await pool.execute(
+    'INSERT INTO analytics (site_id, action_name, agent_id, trigger_type, success, metadata) VALUES (?,?,?,?,?,?)',
+    [siteId, actionName, agentId || null, triggerType || null, success ? 1 : 0, JSON.stringify(metadata || {})]
+  );
+}
+// ─── License Verification ─────────────────────────────────────────────
+async function verifyLicense(domain, licenseKey) {
+  const [rows] = await pool.execute(
+    'SELECT * FROM sites WHERE domain = ? AND license_key = ? AND active = TRUE', [domain, licenseKey]
+  );
+  const site = rows[0];
+  if (!site) {
+    const [byKey] = await pool.execute('SELECT * FROM sites WHERE license_key = ? AND active = TRUE', [licenseKey]);
+    if (byKey[0]) return { valid: false, error: 'Domain mismatch', tier: 'free' };
+    return { valid: false, error: 'Invalid license key', tier: 'free' };
+  }
+  const tierPermissions = {
+    free: { apiAccess: false, automatedLogin: false, extractData: false, advancedAnalytics: false },
+    starter: { apiAccess: false, automatedLogin: true, extractData: false, advancedAnalytics: true },
+    pro: { apiAccess: true, automatedLogin: true, extractData: true, advancedAnalytics: true },
+    enterprise: { apiAccess: true, automatedLogin: true, extractData: true, advancedAnalytics: true }
+  };
+  const config = typeof site.config === 'string' ? JSON.parse(site.config) : site.config;
+  return {
+    valid: true,
+    tier: site.tier,
+    permissions: { ...config.agentPermissions, ...tierPermissions[site.tier] },
+    restrictions: config.restrictions,
+    features: config.features,
+    siteId: site.id
+  };
+}
+module.exports = {
+  registerUser,
+  loginUser,
+  addSite,
+  recordAnalytic,
+  verifyLicense,
+  pool
+};