npm - web-agent-bridge - Versions diffs - 2.3.0 → 2.4.0 - Mend

web-agent-bridge 2.3.0 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

package/README.ar.md +506 -31
package/README.md +574 -47
package/bin/agent-runner.js +10 -1
package/package.json +12 -4
package/public/agent-workspace.html +347 -0
package/public/browser.html +484 -0
package/public/commander-dashboard.html +243 -0
package/public/css/agent-workspace.css +1713 -0
package/public/css/premium.css +317 -317
package/public/demo.html +259 -259
package/public/index.html +738 -644
package/public/js/agent-workspace.js +1740 -0
package/public/mesh-dashboard.html +309 -382
package/public/premium-dashboard.html +2487 -2487
package/public/premium.html +791 -791
package/public/script/wab.min.js +124 -87
package/script/ai-agent-bridge.js +154 -84
package/sdk/agent-mesh.js +287 -171
package/sdk/commander.js +262 -0
package/sdk/index.d.ts +83 -0
package/sdk/index.js +374 -260
package/sdk/package.json +1 -1
package/server/config/secrets.js +13 -5
package/server/index.js +191 -5
package/server/middleware/adminAuth.js +6 -1
package/server/middleware/auth.js +11 -2
package/server/middleware/rateLimits.js +78 -2
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -0
package/server/models/db.js +121 -1
package/server/routes/admin-premium.js +671 -671
package/server/routes/admin.js +16 -2
package/server/routes/ads.js +130 -0
package/server/routes/agent-workspace.js +378 -0
package/server/routes/api.js +21 -2
package/server/routes/auth.js +26 -6
package/server/routes/commander.js +316 -0
package/server/routes/mesh.js +370 -201
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/sovereign.js +78 -0
package/server/routes/universal.js +177 -0
package/server/routes/wab-api.js +20 -5
package/server/services/agent-chat.js +506 -0
package/server/services/agent-learning.js +230 -77
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +260 -67
package/server/services/agent-symphony.js +553 -517
package/server/services/agent-tasks.js +1807 -0
package/server/services/commander.js +738 -0
package/server/services/edge-compute.js +440 -0
package/server/services/fairness-engine.js +409 -0
package/server/services/local-ai.js +389 -0
package/server/services/plugins.js +771 -747
package/server/services/price-intelligence.js +565 -0
package/server/services/price-shield.js +1137 -0
package/server/services/search-engine.js +357 -0
package/server/services/security.js +513 -0
package/server/services/self-healing.js +843 -843
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +661 -0
package/server/services/vision.js +871 -871
package/server/ws.js +61 -1
package/public/admin/dashboard.html +0 -848
package/public/admin/login.html +0 -84
package/public/video/tutorial.mp4 +0 -0

package/server/index.js CHANGED Viewed

@@ -11,7 +11,10 @@ const rateLimit = require('express-rate-limit');
 const path = require('path');
 const { setupWebSocket } = require('./ws');
 const { runMigrations } = require('./utils/migrate');
-const { maybeBootstrapAdmin } = require('./models/db');
+const { maybeBootstrapAdmin, db } = require('./models/db');
+const { initSearchEngine, search, getSuggestions, getTrendingSearches, getSearchStats, purgeOldCache } = require('./services/search-engine');
+const { processMessage: agentChat } = require('./services/agent-chat');
+const agentTasks = require('./services/agent-tasks');
 const authRoutes = require('./routes/auth');
 const apiRoutes = require('./routes/api');
@@ -20,6 +23,15 @@ const adminRoutes = require('./routes/admin');
 const billingRoutes = require('./routes/billing');
 const sovereignRoutes = require('./routes/sovereign');
 const meshRoutes = require('./routes/mesh');
+const commanderRoutes = require('./routes/commander');
+const adsRoutes = require('./routes/ads');
+const wabApiRoutes = require('./routes/wab-api');
+const noscriptRoutes = require('./routes/noscript');
+const discoveryRoutes = require('./routes/discovery');
+const premiumRoutes = require('./routes/premium');
+const adminPremiumRoutes = require('./routes/admin-premium');
+const workspaceRoutes = require('./routes/agent-workspace');
+const universalRoutes = require('./routes/universal');
 const { handleWebhookRequest } = require('./services/stripe');
 const app = express();
@@ -60,14 +72,16 @@ app.use(
       directives: {
         defaultSrc: ["'self'"],
         scriptSrc,
-        styleSrc,
+        scriptSrcAttr: scriptSrc,
+        styleSrc: [...styleSrc, 'https://fonts.googleapis.com'],
         imgSrc: ["'self'", 'data:', 'https:'],
         connectSrc: ["'self'", 'ws:', 'wss:'],
-        fontSrc: ["'self'", 'https:', 'data:'],
-        frameSrc: ["'none'"],
+        fontSrc: ["'self'", 'https://fonts.gstatic.com', 'https:', 'data:'],
+        frameSrc: ["'self'", 'https:', 'http:'],
         frameAncestors: ["'none'"],
         objectSrc: ["'none'"],
-        baseUri: ["'self'"]
+        baseUri: ["'self'"],
+        formAction: ["'self'"]
       }
     },
     crossOriginEmbedderPolicy: false
@@ -115,6 +129,52 @@ app.use('/api/admin', apiLimiter, adminRoutes);
 app.use('/api/billing', apiLimiter, billingRoutes);
 app.use('/api/sovereign', apiLimiter, sovereignRoutes);
 app.use('/api/mesh', apiLimiter, meshRoutes);
+app.use('/api/commander', apiLimiter, commanderRoutes);
+app.use('/api/ads', apiLimiter, adsRoutes);
+app.use('/api/wab', wabApiRoutes);
+app.use('/api/noscript', apiLimiter, noscriptRoutes);
+app.use('/api/discovery', apiLimiter, discoveryRoutes);
+app.use('/api/premium', apiLimiter, premiumRoutes);
+app.use('/api/admin/premium', apiLimiter, adminPremiumRoutes);
+app.use('/api/workspace', apiLimiter, workspaceRoutes);
+app.use('/api/universal', apiLimiter, universalRoutes);
+// ─── WAB Search Engine ────────────────────────────────────────────────
+const searchLimiter = rateLimit({
+  windowMs: 60 * 1000,
+  max: 30,
+  standardHeaders: true,
+  legacyHeaders: false,
+  message: { error: 'Too many search requests, please slow down' }
+});
+app.get('/api/search', searchLimiter, async (req, res) => {
+  const q = (req.query.q || '').trim();
+  if (!q) return res.json({ results: [], cached: false });
+  if (q.length > 200) return res.status(400).json({ error: 'Query too long' });
+  const crypto = require('crypto');
+  const ipHash = crypto.createHash('sha256').update(req.ip || '').digest('hex').slice(0, 16);
+  const result = await search(q, ipHash);
+  res.json(result);
+});
+app.get('/api/search/suggest', searchLimiter, (req, res) => {
+  const q = (req.query.q || '').trim();
+  if (!q) return res.json({ suggestions: [] });
+  const suggestions = getSuggestions(q, 8);
+  res.json({ suggestions });
+});
+app.get('/api/search/trending', apiLimiter, (req, res) => {
+  const trending = getTrendingSearches(10);
+  res.json({ trending });
+});
+app.get('/api/search/stats', apiLimiter, (req, res) => {
+  const stats = getSearchStats();
+  res.json(stats);
+});
 app.get('/dashboard', (req, res) => {
   res.sendFile(path.join(__dirname, '..', 'public', 'dashboard.html'));
@@ -122,6 +182,9 @@ app.get('/dashboard', (req, res) => {
 app.get('/mesh-dashboard', (req, res) => {
   res.sendFile(path.join(__dirname, '..', 'public', 'mesh-dashboard.html'));
 });
+app.get('/commander-dashboard', (req, res) => {
+  res.sendFile(path.join(__dirname, '..', 'public', 'commander-dashboard.html'));
+});
 app.get('/docs', (req, res) => {
   res.sendFile(path.join(__dirname, '..', 'public', 'docs.html'));
 });
@@ -146,6 +209,125 @@ app.get('/terms', (req, res) => {
 app.get('/cookies', (req, res) => {
   res.sendFile(path.join(__dirname, '..', 'public', 'cookies.html'));
 });
+app.get('/browser', (req, res) => {
+  res.sendFile(path.join(__dirname, '..', 'public', 'browser.html'));
+});
+app.get('/workspace', (req, res) => {
+  res.sendFile(path.join(__dirname, '..', 'public', 'agent-workspace.html'));
+});
+// Browser downloads
+app.use('/downloads', express.static(path.join(__dirname, '..', 'downloads'), {
+  maxAge: '1d',
+  setHeaders: (res, filePath) => {
+    res.set('Content-Disposition', 'attachment');
+  }
+}));
+// Agent chat endpoint for WAB Browser — Real AI Agent
+const chatLimiter = rateLimit({
+  windowMs: 60 * 1000,
+  max: 20,
+  standardHeaders: true,
+  legacyHeaders: false,
+  message: { error: 'Too many messages, please slow down' }
+});
+app.post('/api/wab/agent-chat', chatLimiter, async (req, res) => {
+  const { message, context, sessionId, taskId, taskAction } = req.body || {};
+  if (!message || typeof message !== 'string') {
+    return res.status(400).json({ error: 'Message required' });
+  }
+  if (message.length > 3000) {
+    return res.status(400).json({ error: 'Message too long' });
+  }
+  const sid = sessionId || req.ip || 'anonymous';
+  try {
+    // ── Task actions (user responding to an active task) ──
+    if (taskId && taskAction) {
+      if (taskAction === 'answer') {
+        const result = agentTasks.answerClarification(taskId, message);
+        if (result.status === 'planning') {
+          // Auto-execute after planning
+          const execResult = await agentTasks.executeTask(taskId);
+          return res.json({ ...execResult, type: 'task' });
+        }
+        return res.json({ ...result, type: 'task' });
+      }
+      if (taskAction === 'select') {
+        const idx = parseInt(message.replace(/\D/g, '')) - 1;
+        const result = agentTasks.selectOffer(taskId, idx);
+        return res.json({ ...result, type: 'task' });
+      }
+      if (taskAction === 'cancel') {
+        const result = agentTasks.cancelTask(taskId);
+        return res.json({ ...result, type: 'task' });
+      }
+    }
+    // ── Check if user wants to select from existing offers ──
+    if (!taskId) {
+      const selectMatch = message.match(/(?:اختر|اخت(?:ا|ي)ر|select|choose|pick)\s*(\d+)/i);
+      if (selectMatch) {
+        const tasks = agentTasks.getSessionTasks(sid, 1);
+        if (tasks.length > 0 && tasks[0].status === 'presenting') {
+          const idx = parseInt(selectMatch[1]) - 1;
+          const result = agentTasks.selectOffer(tasks[0].id, idx);
+          return res.json({ ...result, type: 'task' });
+        }
+      }
+    }
+    // ── Detect URL paste — create URL negotiation task ──
+    const urlData = agentTasks.parseBookingUrl(message);
+    if (urlData) {
+      const task = agentTasks.createUrlTask(sid, message, urlData);
+      const execResult = await agentTasks.executeUrlTask(task.taskId);
+      return res.json({ ...execResult, type: 'task', urlData });
+    }
+    // ── Detect if this is a task-type request (booking, shopping, etc.) ──
+    const intent = agentTasks.detectIntent(message);
+    if (intent.confidence >= 0.7 && intent.intent !== 'general') {
+      const task = agentTasks.createTask(sid, message);
+      if (task.status === 'clarifying') {
+        return res.json({ ...task, type: 'task' });
+      }
+      // If requirements are complete, auto-execute
+      const execResult = await agentTasks.executeTask(task.taskId);
+      return res.json({ ...execResult, type: 'task' });
+    }
+    // ── Regular chat (not a task) ──
+    const chatContext = {
+      url: context?.url || '',
+      platform: context?.platform || 'unknown',
+      sessionId: sid,
+    };
+    const result = await agentChat(message, chatContext);
+    res.json(result);
+  } catch (err) {
+    console.error('[agent-chat] Error:', err.message);
+    res.json({ reply: '🤖 عذراً، حدث خطأ. حاول مرة أخرى.', type: 'text' });
+  }
+});
+// Agent task status & history
+app.get('/api/wab/agent-task/:id', chatLimiter, (req, res) => {
+  const state = agentTasks.getTaskState(req.params.id);
+  if (!state) return res.status(404).json({ error: 'Task not found' });
+  res.json(state);
+});
+app.get('/api/wab/agent-tasks', chatLimiter, (req, res) => {
+  const sid = req.query.sessionId || req.ip || 'anonymous';
+  const tasks = agentTasks.getSessionTasks(sid, 20);
+  res.json({ tasks });
+});
 const pkg = require('../package.json');
 app.use(`/v${pkg.version.split('.')[0]}`, express.static(path.join(__dirname, '..', 'script')));
@@ -163,6 +345,10 @@ if (process.env.NODE_ENV !== 'test') {
   console.log('Running database migrations...');
   runMigrations();
   maybeBootstrapAdmin();
+  initSearchEngine(db);
+  // Purge old search cache every hour
+  setInterval(purgeOldCache, 60 * 60 * 1000);
   const server = http.createServer(app);
   setupWebSocket(server);

package/server/middleware/adminAuth.js CHANGED Viewed

@@ -1,9 +1,10 @@
 const { signAdminToken, verifyAdminToken } = require('../config/secrets');
+const { isJWTRevoked } = require('../services/security');
 function generateAdminToken(admin) {
   return signAdminToken(
     { id: admin.id, email: admin.email, name: admin.name, role: admin.role, isAdmin: true },
-    { expiresIn: '12h' }
+    { expiresIn: '4h' }
   );
 }
@@ -16,11 +17,15 @@ function authenticateAdmin(req, res, next) {
   }
   try {
+    if (isJWTRevoked(token)) {
+      return res.status(403).json({ error: 'Token has been revoked' });
+    }
     const decoded = verifyAdminToken(token);
     if (!decoded.isAdmin) {
       return res.status(403).json({ error: 'Admin privileges required' });
     }
     req.admin = decoded;
+    req._rawToken = token;
     next();
   } catch (err) {
     return res.status(403).json({ error: 'Invalid or expired admin token' });

package/server/middleware/auth.js CHANGED Viewed

@@ -1,9 +1,10 @@
 const { signUserToken, verifyUserToken } = require('../config/secrets');
+const { isJWTRevoked } = require('../services/security');
 function generateToken(user) {
   return signUserToken(
     { id: user.id, email: user.email, name: user.name },
-    { expiresIn: '7d' }
+    { expiresIn: '24h' }
   );
 }
@@ -16,8 +17,13 @@ function authenticateToken(req, res, next) {
   }
   try {
+    // Check revocation list
+    if (isJWTRevoked(token)) {
+      return res.status(403).json({ error: 'Token has been revoked' });
+    }
     const decoded = verifyUserToken(token);
     req.user = decoded;
+    req._rawToken = token;
     next();
   } catch (err) {
     return res.status(403).json({ error: 'Invalid or expired token' });
@@ -30,7 +36,10 @@ function optionalAuth(req, res, next) {
   if (token) {
     try {
-      req.user = verifyUserToken(token);
+      if (!isJWTRevoked(token)) {
+        req.user = verifyUserToken(token);
+        req._rawToken = token;
+      }
     } catch (e) {
       // ignore invalid tokens for optional auth
     }

package/server/middleware/rateLimits.js CHANGED Viewed

@@ -1,9 +1,75 @@
 /**
- * Stricter rate limits for license token / track endpoints (used inside license router).
+ * Comprehensive rate limits for all security-sensitive endpoints.
  */
 const rateLimit = require('express-rate-limit');
+// ─── Auth endpoints ──────────────────────────────────────────────────
+const authLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 10,
+  standardHeaders: true,
+  legacyHeaders: false,
+  message: { error: 'Too many authentication attempts, please try again later' }
+});
+const registerLimiter = rateLimit({
+  windowMs: 60 * 60 * 1000,
+  max: 5,
+  standardHeaders: true,
+  legacyHeaders: false,
+  message: { error: 'Too many registration attempts, please try again later' }
+});
+const adminLoginLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 5,
+  standardHeaders: true,
+  legacyHeaders: false,
+  message: { error: 'Too many admin login attempts, please try again later' }
+});
+// ─── WAB API endpoints ───────────────────────────────────────────────
+const wabAuthenticateLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 20,
+  standardHeaders: true,
+  legacyHeaders: false,
+  keyGenerator: (req) => `${req.ip}:${req.body?.siteId || req.body?.apiKey || 'anon'}`,
+  message: { error: 'Too many WAB authentication attempts' }
+});
+const wabActionLimiter = rateLimit({
+  windowMs: 60 * 1000,
+  max: 60,
+  standardHeaders: true,
+  legacyHeaders: false,
+  keyGenerator: (req) => `${req.ip}:${req.wabSession?.siteId || 'anon'}`,
+  message: { error: 'Too many action requests, please slow down' }
+});
+// ─── General API endpoints ───────────────────────────────────────────
+const apiLimiter = rateLimit({
+  windowMs: 60 * 1000,
+  max: 100,
+  standardHeaders: true,
+  legacyHeaders: false,
+  message: { error: 'Too many requests, please try again later' }
+});
+const searchLimiter = rateLimit({
+  windowMs: 60 * 1000,
+  max: 30,
+  standardHeaders: true,
+  legacyHeaders: false,
+  message: { error: 'Too many search requests' }
+});
+// ─── License endpoints (existing) ────────────────────────────────────
 const licenseTokenLimiter = rateLimit({
   windowMs: 15 * 60 * 1000,
   max: 30,
@@ -21,4 +87,14 @@ const licenseTrackLimiter = rateLimit({
   message: { error: 'Too many track requests, please try again later' }
 });
-module.exports = { licenseTokenLimiter, licenseTrackLimiter };
+module.exports = {
+  authLimiter,
+  registerLimiter,
+  adminLoginLimiter,
+  wabAuthenticateLimiter,
+  wabActionLimiter,
+  apiLimiter,
+  searchLimiter,
+  licenseTokenLimiter,
+  licenseTrackLimiter,
+};