npm - web-agent-bridge - Versions diffs - 2.3.0 → 2.4.0 - Mend

web-agent-bridge 2.3.0 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

package/README.ar.md +506 -31
package/README.md +574 -47
package/bin/agent-runner.js +10 -1
package/package.json +12 -4
package/public/agent-workspace.html +347 -0
package/public/browser.html +484 -0
package/public/commander-dashboard.html +243 -0
package/public/css/agent-workspace.css +1713 -0
package/public/css/premium.css +317 -317
package/public/demo.html +259 -259
package/public/index.html +738 -644
package/public/js/agent-workspace.js +1740 -0
package/public/mesh-dashboard.html +309 -382
package/public/premium-dashboard.html +2487 -2487
package/public/premium.html +791 -791
package/public/script/wab.min.js +124 -87
package/script/ai-agent-bridge.js +154 -84
package/sdk/agent-mesh.js +287 -171
package/sdk/commander.js +262 -0
package/sdk/index.d.ts +83 -0
package/sdk/index.js +374 -260
package/sdk/package.json +1 -1
package/server/config/secrets.js +13 -5
package/server/index.js +191 -5
package/server/middleware/adminAuth.js +6 -1
package/server/middleware/auth.js +11 -2
package/server/middleware/rateLimits.js +78 -2
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -0
package/server/models/db.js +121 -1
package/server/routes/admin-premium.js +671 -671
package/server/routes/admin.js +16 -2
package/server/routes/ads.js +130 -0
package/server/routes/agent-workspace.js +378 -0
package/server/routes/api.js +21 -2
package/server/routes/auth.js +26 -6
package/server/routes/commander.js +316 -0
package/server/routes/mesh.js +370 -201
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/sovereign.js +78 -0
package/server/routes/universal.js +177 -0
package/server/routes/wab-api.js +20 -5
package/server/services/agent-chat.js +506 -0
package/server/services/agent-learning.js +230 -77
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +260 -67
package/server/services/agent-symphony.js +553 -517
package/server/services/agent-tasks.js +1807 -0
package/server/services/commander.js +738 -0
package/server/services/edge-compute.js +440 -0
package/server/services/fairness-engine.js +409 -0
package/server/services/local-ai.js +389 -0
package/server/services/plugins.js +771 -747
package/server/services/price-intelligence.js +565 -0
package/server/services/price-shield.js +1137 -0
package/server/services/search-engine.js +357 -0
package/server/services/security.js +513 -0
package/server/services/self-healing.js +843 -843
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +661 -0
package/server/services/vision.js +871 -871
package/server/ws.js +61 -1
package/public/admin/dashboard.html +0 -848
package/public/admin/login.html +0 -84
package/public/video/tutorial.mp4 +0 -0

package/server/ws.js CHANGED Viewed

@@ -1,20 +1,58 @@
 const WebSocket = require('ws');
 const { verifyUserToken, verifyAdminToken } = require('./config/secrets');
 const { findSiteById } = require('./models/db');
+const { isJWTRevoked, auditLog } = require('./services/security');
 // Map of siteId → Set of WebSocket clients
 const siteClients = new Map();
+// Per-IP connection tracking
+const ipConnections = new Map();
+const MAX_CONNECTIONS_PER_IP = 10;
+const AUTH_TIMEOUT_MS = 10_000;
+const MAX_MESSAGE_SIZE = 4096;
+const MSG_RATE_WINDOW = 60_000;
+const MSG_RATE_MAX = 30;
 function setupWebSocket(server) {
-  const wss = new WebSocket.Server({ server, path: '/ws/analytics' });
+  const wss = new WebSocket.Server({ server, path: '/ws/analytics', maxPayload: MAX_MESSAGE_SIZE });
   wss.on('connection', (ws, req) => {
     let authenticatedSiteId = null;
+    const clientIP = req.headers['x-forwarded-for']?.split(',')[0]?.trim() || req.socket.remoteAddress || 'unknown';
+    // ── Per-IP connection limit ──
+    const currentCount = ipConnections.get(clientIP) || 0;
+    if (currentCount >= MAX_CONNECTIONS_PER_IP) {
+      ws.close(1013, 'Too many connections');
+      return;
+    }
+    ipConnections.set(clientIP, currentCount + 1);
+    // ── Auth timeout — close if not authenticated within 10s ──
+    const authTimer = setTimeout(() => {
+      if (!authenticatedSiteId) {
+        ws.close(4001, 'Authentication timeout');
+      }
+    }, AUTH_TIMEOUT_MS);
+    // ── Message rate limiter ──
+    const msgTimestamps = [];
     ws.isAlive = true;
     ws.on('pong', () => { ws.isAlive = true; });
     ws.on('message', (data) => {
+      // Rate limit messages
+      const now = Date.now();
+      msgTimestamps.push(now);
+      while (msgTimestamps.length > 0 && msgTimestamps[0] < now - MSG_RATE_WINDOW) {
+        msgTimestamps.shift();
+      }
+      if (msgTimestamps.length > MSG_RATE_MAX) {
+        ws.close(4008, 'Message rate limit exceeded');
+        return;
+      }
       try {
         const msg = JSON.parse(data);
@@ -24,6 +62,13 @@ function setupWebSocket(server) {
             return;
           }
+          // Check JWT revocation before verifying
+          if (isJWTRevoked(msg.token)) {
+            ws.send(JSON.stringify({ type: 'error', message: 'Token has been revoked' }));
+            ws.close(4003, 'Token revoked');
+            return;
+          }
           let decoded;
           let isAdmin = false;
           try {
@@ -34,6 +79,7 @@ function setupWebSocket(server) {
               isAdmin = decoded.isAdmin === true;
             } catch {
               ws.send(JSON.stringify({ type: 'error', message: 'Invalid message or auth failed' }));
+              auditLog({ actorType: 'system', action: 'ws_auth_failed', ip: clientIP, outcome: 'denied', severity: 'warning' });
               return;
             }
           }
@@ -46,12 +92,16 @@ function setupWebSocket(server) {
             }
           }
+          clearTimeout(authTimer);
           authenticatedSiteId = msg.siteId;
           if (!siteClients.has(msg.siteId)) {
             siteClients.set(msg.siteId, new Set());
           }
           siteClients.get(msg.siteId).add(ws);
           ws.send(JSON.stringify({ type: 'auth:success', siteId: msg.siteId }));
+        } else if (!authenticatedSiteId) {
+          // Reject all non-auth messages before authentication
+          ws.send(JSON.stringify({ type: 'error', message: 'Authentication required' }));
         }
       } catch (e) {
         ws.send(JSON.stringify({ type: 'error', message: 'Invalid message or auth failed' }));
@@ -59,6 +109,12 @@ function setupWebSocket(server) {
     });
     ws.on('close', () => {
+      clearTimeout(authTimer);
+      // Decrement IP connection count
+      const count = ipConnections.get(clientIP) || 1;
+      if (count <= 1) ipConnections.delete(clientIP);
+      else ipConnections.set(clientIP, count - 1);
       if (authenticatedSiteId && siteClients.has(authenticatedSiteId)) {
         siteClients.get(authenticatedSiteId).delete(ws);
         if (siteClients.get(authenticatedSiteId).size === 0) {
@@ -66,6 +122,10 @@ function setupWebSocket(server) {
         }
       }
     });
+    ws.on('error', () => {
+      clearTimeout(authTimer);
+    });
   });
   const interval = setInterval(() => {