npm - web-agent-bridge - Versions diffs - 2.3.1 → 2.4.0 - Mend

web-agent-bridge 2.3.1 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/README.ar.md +506 -31
package/README.md +574 -47
package/bin/agent-runner.js +10 -1
package/package.json +1 -1
package/public/agent-workspace.html +347 -0
package/public/browser.html +484 -0
package/public/css/agent-workspace.css +1713 -0
package/public/index.html +94 -0
package/public/js/agent-workspace.js +1740 -0
package/sdk/index.d.ts +83 -0
package/sdk/index.js +115 -1
package/sdk/package.json +1 -1
package/server/config/secrets.js +13 -5
package/server/index.js +183 -4
package/server/middleware/adminAuth.js +6 -1
package/server/middleware/auth.js +11 -2
package/server/middleware/rateLimits.js +78 -2
package/server/migrations/003_ads_integer_cents.sql +33 -0
package/server/models/db.js +126 -25
package/server/routes/admin.js +16 -2
package/server/routes/ads.js +130 -0
package/server/routes/agent-workspace.js +378 -0
package/server/routes/api.js +21 -2
package/server/routes/auth.js +26 -6
package/server/routes/sovereign.js +78 -0
package/server/routes/universal.js +177 -0
package/server/routes/wab-api.js +20 -5
package/server/services/agent-chat.js +506 -0
package/server/services/agent-symphony.js +6 -0
package/server/services/agent-tasks.js +1807 -0
package/server/services/fairness-engine.js +409 -0
package/server/services/plugins.js +27 -3
package/server/services/price-intelligence.js +565 -0
package/server/services/price-shield.js +1137 -0
package/server/services/search-engine.js +357 -0
package/server/services/security.js +513 -0
package/server/services/universal-scraper.js +661 -0
package/server/ws.js +61 -1

package/server/routes/agent-workspace.js ADDED Viewed

@@ -0,0 +1,378 @@
+/**
+ * WAB Agent Workspace — Server-side Route & API
+ * ════════════════════════════════════════════════════════════════════════
+ * Premium workspace endpoints for the 4-panel agent workspace.
+ * Handles subscriptions, workspace sessions, agent execution, and admin stats.
+ */
+const express = require('express');
+const router = express.Router();
+const crypto = require('crypto');
+const { authenticateToken } = require('../middleware/auth');
+const { authenticateAdmin } = require('../middleware/adminAuth');
+const { db } = require('../models/db');
+// ─── Schema ──────────────────────────────────────────────────────────
+db.exec(`
+  CREATE TABLE IF NOT EXISTS workspace_subscriptions (
+    id TEXT PRIMARY KEY,
+    user_id TEXT NOT NULL,
+    plan TEXT NOT NULL DEFAULT 'free' CHECK(plan IN ('free','starter','pro','enterprise')),
+    status TEXT NOT NULL DEFAULT 'active' CHECK(status IN ('active','cancelled','expired','suspended')),
+    tasks_today INTEGER DEFAULT 0,
+    tasks_total INTEGER DEFAULT 0,
+    deals_completed INTEGER DEFAULT 0,
+    total_savings REAL DEFAULT 0,
+    last_task_date TEXT,
+    created_at TEXT DEFAULT (datetime('now')),
+    expires_at TEXT,
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+  );
+  CREATE TABLE IF NOT EXISTS workspace_sessions (
+    id TEXT PRIMARY KEY,
+    user_id TEXT NOT NULL,
+    session_token TEXT NOT NULL,
+    active INTEGER DEFAULT 1,
+    panels_state TEXT DEFAULT '{}',
+    last_activity TEXT DEFAULT (datetime('now')),
+    created_at TEXT DEFAULT (datetime('now')),
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+  );
+  CREATE TABLE IF NOT EXISTS workspace_deals (
+    id TEXT PRIMARY KEY,
+    user_id TEXT NOT NULL,
+    task_id TEXT,
+    offer_source TEXT,
+    offer_title TEXT,
+    original_price REAL,
+    final_price REAL,
+    savings REAL DEFAULT 0,
+    status TEXT DEFAULT 'presented' CHECK(status IN ('presented','clicked','agent_executing','login_required','completed','failed')),
+    deal_url TEXT,
+    requires_login INTEGER DEFAULT 0,
+    login_method TEXT,
+    created_at TEXT DEFAULT (datetime('now')),
+    completed_at TEXT,
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+  );
+  CREATE TABLE IF NOT EXISTS workspace_analytics (
+    id TEXT PRIMARY KEY,
+    user_id TEXT,
+    event_type TEXT NOT NULL,
+    event_data TEXT DEFAULT '{}',
+    created_at TEXT DEFAULT (datetime('now'))
+  );
+  CREATE INDEX IF NOT EXISTS idx_ws_subs_user ON workspace_subscriptions(user_id);
+  CREATE INDEX IF NOT EXISTS idx_ws_sessions_user ON workspace_sessions(user_id);
+  CREATE INDEX IF NOT EXISTS idx_ws_deals_user ON workspace_deals(user_id);
+  CREATE INDEX IF NOT EXISTS idx_ws_analytics_type ON workspace_analytics(event_type);
+  CREATE INDEX IF NOT EXISTS idx_ws_analytics_date ON workspace_analytics(created_at);
+`);
+// ─── Plan Limits ─────────────────────────────────────────────────────
+const PLAN_LIMITS = {
+  free:       { dailyTasks: 5,   maxResults: 3,  negotiation: false, agentExecute: false },
+  starter:    { dailyTasks: 30,  maxResults: 10, negotiation: true,  agentExecute: false },
+  pro:        { dailyTasks: -1,  maxResults: 20, negotiation: true,  agentExecute: true  },
+  enterprise: { dailyTasks: -1,  maxResults: 50, negotiation: true,  agentExecute: true  },
+};
+// ─── Prepared Statements ─────────────────────────────────────────────
+const stmts = {
+  getSub: db.prepare('SELECT * FROM workspace_subscriptions WHERE user_id = ? AND status = ?'),
+  insertSub: db.prepare(`INSERT INTO workspace_subscriptions (id, user_id, plan, status) VALUES (?, ?, ?, 'active')`),
+  updateSubPlan: db.prepare('UPDATE workspace_subscriptions SET plan = ?, status = ? WHERE user_id = ? AND status = ?'),
+  incrementTasks: db.prepare(`UPDATE workspace_subscriptions SET tasks_today = tasks_today + 1, tasks_total = tasks_total + 1, last_task_date = date('now') WHERE user_id = ? AND status = 'active'`),
+  resetDailyTasks: db.prepare(`UPDATE workspace_subscriptions SET tasks_today = 0 WHERE last_task_date < date('now')`),
+  addDealSavings: db.prepare(`UPDATE workspace_subscriptions SET deals_completed = deals_completed + 1, total_savings = total_savings + ? WHERE user_id = ? AND status = 'active'`),
+  insertSession: db.prepare('INSERT INTO workspace_sessions (id, user_id, session_token) VALUES (?, ?, ?)'),
+  getSession: db.prepare('SELECT * FROM workspace_sessions WHERE session_token = ? AND active = 1'),
+  endSession: db.prepare("UPDATE workspace_sessions SET active = 0 WHERE session_token = ?"),
+  insertDeal: db.prepare('INSERT INTO workspace_deals (id, user_id, task_id, offer_source, offer_title, original_price, final_price, savings, deal_url, requires_login) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'),
+  updateDealStatus: db.prepare('UPDATE workspace_deals SET status = ?, completed_at = datetime(\'now\') WHERE id = ?'),
+  getUserDeals: db.prepare('SELECT * FROM workspace_deals WHERE user_id = ? ORDER BY created_at DESC LIMIT ?'),
+  logEvent: db.prepare('INSERT INTO workspace_analytics (id, user_id, event_type, event_data) VALUES (?, ?, ?, ?)'),
+};
+// Reset daily task counts
+try { stmts.resetDailyTasks.run(); } catch (_) {}
+// ─── User Routes ─────────────────────────────────────────────────────
+/**
+ * GET /api/workspace/subscription — Get user's workspace subscription
+ */
+router.get('/subscription', authenticateToken, (req, res) => {
+  let sub = stmts.getSub.get(req.user.id, 'active');
+  if (!sub) {
+    // Auto-create free subscription
+    const id = crypto.randomUUID();
+    stmts.insertSub.run(id, req.user.id, 'free');
+    sub = stmts.getSub.get(req.user.id, 'active');
+  }
+  const limits = PLAN_LIMITS[sub.plan] || PLAN_LIMITS.free;
+  const remaining = limits.dailyTasks < 0 ? -1 : Math.max(0, limits.dailyTasks - (sub.tasks_today || 0));
+  res.json({
+    plan: sub.plan,
+    status: sub.status,
+    tasksToday: sub.tasks_today,
+    tasksTotal: sub.tasks_total,
+    dealsCompleted: sub.deals_completed,
+    totalSavings: sub.total_savings,
+    limits,
+    remainingTasks: remaining,
+    createdAt: sub.created_at,
+  });
+});
+/**
+ * POST /api/workspace/subscription — Upgrade/change plan
+ */
+router.post('/subscription', authenticateToken, (req, res) => {
+  const { plan } = req.body;
+  if (!PLAN_LIMITS[plan]) return res.status(400).json({ error: 'Invalid plan' });
+  let sub = stmts.getSub.get(req.user.id, 'active');
+  if (sub) {
+    stmts.updateSubPlan.run(plan, 'active', req.user.id, 'active');
+  } else {
+    const id = crypto.randomUUID();
+    stmts.insertSub.run(id, req.user.id, plan);
+  }
+  logEvent(req.user.id, 'plan_changed', { plan });
+  res.json({ success: true, plan });
+});
+/**
+ * POST /api/workspace/check-limits — Check if user can execute a task
+ */
+router.post('/check-limits', authenticateToken, (req, res) => {
+  const sub = stmts.getSub.get(req.user.id, 'active');
+  if (!sub) return res.json({ allowed: true, plan: 'free' }); // New user
+  const limits = PLAN_LIMITS[sub.plan] || PLAN_LIMITS.free;
+  if (limits.dailyTasks >= 0 && sub.tasks_today >= limits.dailyTasks) {
+    return res.json({
+      allowed: false,
+      reason: 'daily_limit',
+      plan: sub.plan,
+      limit: limits.dailyTasks,
+      used: sub.tasks_today,
+    });
+  }
+  stmts.incrementTasks.run(req.user.id);
+  res.json({ allowed: true, plan: sub.plan, remaining: limits.dailyTasks < 0 ? -1 : limits.dailyTasks - sub.tasks_today - 1 });
+});
+/**
+ * POST /api/workspace/deal — Record a deal action
+ */
+router.post('/deal', authenticateToken, (req, res) => {
+  const { taskId, source, title, originalPrice, finalPrice, url, requiresLogin } = req.body;
+  const savings = originalPrice && finalPrice ? originalPrice - finalPrice : 0;
+  const id = crypto.randomUUID();
+  stmts.insertDeal.run(id, req.user.id, taskId || null, source || '', title || '', originalPrice || 0, finalPrice || 0, savings, url || '', requiresLogin ? 1 : 0);
+  logEvent(req.user.id, 'deal_created', { dealId: id, source, savings });
+  res.json({ dealId: id, savings });
+});
+/**
+ * POST /api/workspace/deal/:id/status — Update deal status
+ */
+router.post('/deal/:id/status', authenticateToken, (req, res) => {
+  const { status } = req.body;
+  const valid = ['clicked', 'agent_executing', 'login_required', 'completed', 'failed'];
+  if (!valid.includes(status)) return res.status(400).json({ error: 'Invalid status' });
+  stmts.updateDealStatus.run(status, req.params.id);
+  if (status === 'completed') {
+    // Update savings in subscription
+    const deal = db.prepare('SELECT savings FROM workspace_deals WHERE id = ?').get(req.params.id);
+    if (deal) {
+      stmts.addDealSavings.run(deal.savings || 0, req.user.id);
+    }
+  }
+  logEvent(req.user.id, 'deal_status', { dealId: req.params.id, status });
+  res.json({ success: true });
+});
+/**
+ * GET /api/workspace/deals — Get user's deal history
+ */
+router.get('/deals', authenticateToken, (req, res) => {
+  const limit = Math.min(parseInt(req.query.limit) || 20, 100);
+  const deals = stmts.getUserDeals.all(req.user.id, limit);
+  res.json({ deals });
+});
+/**
+ * POST /api/workspace/event — Log workspace analytics event
+ */
+router.post('/event', authenticateToken, (req, res) => {
+  const { type, data } = req.body;
+  if (!type) return res.status(400).json({ error: 'Event type required' });
+  logEvent(req.user.id, type, data || {});
+  res.json({ ok: true });
+});
+// ─── Admin Routes ────────────────────────────────────────────────────
+/**
+ * GET /api/workspace/admin/stats — Global workspace stats
+ */
+router.get('/admin/stats', authenticateAdmin, (req, res) => {
+  const totalUsers = db.prepare('SELECT COUNT(*) as c FROM workspace_subscriptions').get()?.c || 0;
+  const activeToday = db.prepare("SELECT COUNT(*) as c FROM workspace_subscriptions WHERE last_task_date = date('now')").get()?.c || 0;
+  const totalTasks = db.prepare('SELECT SUM(tasks_total) as c FROM workspace_subscriptions').get()?.c || 0;
+  const totalDeals = db.prepare('SELECT SUM(deals_completed) as c FROM workspace_subscriptions').get()?.c || 0;
+  const totalSavings = db.prepare('SELECT SUM(total_savings) as c FROM workspace_subscriptions').get()?.c || 0;
+  const planBreakdown = db.prepare(`
+    SELECT plan, COUNT(*) as count, SUM(tasks_total) as tasks, SUM(total_savings) as savings
+    FROM workspace_subscriptions WHERE status = 'active' GROUP BY plan
+  `).all();
+  const recentEvents = db.prepare(`
+    SELECT event_type, COUNT(*) as count
+    FROM workspace_analytics
+    WHERE created_at > datetime('now', '-24 hours')
+    GROUP BY event_type ORDER BY count DESC LIMIT 10
+  `).all();
+  const dailyTasks = db.prepare(`
+    SELECT date(created_at) as day, COUNT(*) as count
+    FROM workspace_analytics
+    WHERE event_type IN ('task_started','deal_created') AND created_at > datetime('now', '-30 days')
+    GROUP BY day ORDER BY day
+  `).all();
+  res.json({
+    totalUsers,
+    activeToday,
+    totalTasks,
+    totalDeals,
+    totalSavings,
+    planBreakdown,
+    recentEvents,
+    dailyTasks,
+  });
+});
+/**
+ * GET /api/workspace/admin/subscriptions — List all subscriptions
+ */
+router.get('/admin/subscriptions', authenticateAdmin, (req, res) => {
+  const page = Math.max(1, parseInt(req.query.page) || 1);
+  const limit = Math.min(parseInt(req.query.limit) || 50, 200);
+  const offset = (page - 1) * limit;
+  const subs = db.prepare(`
+    SELECT ws.*, u.email, u.name
+    FROM workspace_subscriptions ws
+    LEFT JOIN users u ON ws.user_id = u.id
+    ORDER BY ws.created_at DESC LIMIT ? OFFSET ?
+  `).all(limit, offset);
+  const total = db.prepare('SELECT COUNT(*) as c FROM workspace_subscriptions').get()?.c || 0;
+  res.json({ subscriptions: subs, total, page, pages: Math.ceil(total / limit) });
+});
+/**
+ * PUT /api/workspace/admin/subscription/:userId — Admin update subscription
+ */
+router.put('/admin/subscription/:userId', authenticateAdmin, (req, res) => {
+  const { plan, status } = req.body;
+  if (plan && !PLAN_LIMITS[plan]) return res.status(400).json({ error: 'Invalid plan' });
+  if (plan) {
+    stmts.updateSubPlan.run(plan, status || 'active', req.params.userId, 'active');
+  }
+  if (status && !plan) {
+    db.prepare('UPDATE workspace_subscriptions SET status = ? WHERE user_id = ? AND status = ?')
+      .run(status, req.params.userId, 'active');
+  }
+  res.json({ success: true });
+});
+/**
+ * GET /api/workspace/admin/deals — List all deals
+ */
+router.get('/admin/deals', authenticateAdmin, (req, res) => {
+  const page = Math.max(1, parseInt(req.query.page) || 1);
+  const limit = Math.min(parseInt(req.query.limit) || 50, 200);
+  const offset = (page - 1) * limit;
+  const deals = db.prepare(`
+    SELECT wd.*, u.email, u.name as user_name
+    FROM workspace_deals wd
+    LEFT JOIN users u ON wd.user_id = u.id
+    ORDER BY wd.created_at DESC LIMIT ? OFFSET ?
+  `).all(limit, offset);
+  const total = db.prepare('SELECT COUNT(*) as c FROM workspace_deals').get()?.c || 0;
+  const totalSavings = db.prepare('SELECT SUM(savings) as s FROM workspace_deals WHERE status = ?').get('completed')?.s || 0;
+  res.json({ deals, total, totalSavings, page, pages: Math.ceil(total / limit) });
+});
+/**
+ * GET /api/workspace/admin/analytics — Workspace analytics dashboard
+ */
+router.get('/admin/analytics', authenticateAdmin, (req, res) => {
+  const days = Math.min(parseInt(req.query.days) || 30, 90);
+  const eventsByType = db.prepare(`
+    SELECT event_type, COUNT(*) as count
+    FROM workspace_analytics
+    WHERE created_at > datetime('now', '-${days} days')
+    GROUP BY event_type ORDER BY count DESC
+  `).all();
+  const dailyActivity = db.prepare(`
+    SELECT date(created_at) as day, COUNT(*) as events,
+      COUNT(DISTINCT user_id) as unique_users
+    FROM workspace_analytics
+    WHERE created_at > datetime('now', '-${days} days')
+    GROUP BY day ORDER BY day
+  `).all();
+  const topUsers = db.prepare(`
+    SELECT ws.user_id, u.email, u.name, ws.plan, ws.tasks_total, ws.deals_completed, ws.total_savings
+    FROM workspace_subscriptions ws
+    LEFT JOIN users u ON ws.user_id = u.id
+    ORDER BY ws.tasks_total DESC LIMIT 20
+  `).all();
+  res.json({ eventsByType, dailyActivity, topUsers });
+});
+// ─── Helpers ─────────────────────────────────────────────────────────
+function logEvent(userId, type, data) {
+  try {
+    stmts.logEvent.run(crypto.randomUUID(), userId || null, type, JSON.stringify(data));
+  } catch (_) {}
+}
+module.exports = router;

package/server/routes/api.js CHANGED Viewed

@@ -1,12 +1,17 @@
 const express = require('express');
 const router = express.Router();
 const { authenticateToken } = require('../middleware/auth');
+const { apiLimiter } = require('../middleware/rateLimits');
+const { validateDomain, validateSiteConfig, sanitizeInput, auditLog } = require('../services/security');
 const {
   addSite, findSitesByUser, findSiteById,
   updateSiteConfig, updateSiteTier, deleteSite,
   getAnalyticsBySite, getAnalyticsTimeline
 } = require('../models/db');
+// Apply general API rate limit to all routes
+router.use(apiLimiter);
 // ─── Sites ──────────────────────────────────────────────────────────────
 router.get('/sites', authenticateToken, (req, res) => {
@@ -26,8 +31,16 @@ router.post('/sites', authenticateToken, (req, res) => {
     return res.status(400).json({ error: 'Domain and name are required' });
   }
+  if (!validateDomain(domain)) {
+    return res.status(400).json({ error: 'Invalid domain format. Must be a valid hostname (e.g., example.com)' });
+  }
+  const cleanName = sanitizeInput(name, 200);
+  const cleanDesc = description ? sanitizeInput(description, 500) : undefined;
   try {
-    const site = addSite({ userId: req.user.id, domain, name, description, tier });
+    const site = addSite({ userId: req.user.id, domain: domain.toLowerCase().trim(), name: cleanName, description: cleanDesc, tier });
+    auditLog({ actorType: 'user', actorId: String(req.user.id), action: 'site_created', resource: 'site', resourceId: String(site.id), ip: req.ip });
     res.status(201).json({ site });
   } catch (err) {
     res.status(500).json({ error: 'Failed to create site' });
@@ -46,11 +59,17 @@ router.put('/sites/:id/config', authenticateToken, (req, res) => {
   const { config } = req.body;
   if (!config) return res.status(400).json({ error: 'Config is required' });
+  const validation = validateSiteConfig(config);
+  if (!validation.valid) {
+    return res.status(400).json({ error: validation.error });
+  }
   try {
-    const r = updateSiteConfig.run(JSON.stringify(config), req.params.id, req.user.id);
+    const r = updateSiteConfig.run(JSON.stringify(validation.config), req.params.id, req.user.id);
     if (r.changes === 0) {
       return res.status(404).json({ error: 'Site not found' });
     }
+    auditLog({ actorType: 'user', actorId: String(req.user.id), action: 'site_config_updated', resource: 'site', resourceId: req.params.id, ip: req.ip });
     res.json({ success: true });
   } catch (err) {
     res.status(500).json({ error: 'Failed to update config' });

package/server/routes/auth.js CHANGED Viewed

@@ -2,21 +2,31 @@ const express = require('express');
 const router = express.Router();
 const { registerUser, loginUser, findUserById } = require('../models/db');
 const { generateToken, authenticateToken } = require('../middleware/auth');
+const { authLimiter, registerLimiter } = require('../middleware/rateLimits');
+const { validateEmail, sanitizeInput, auditLog, revokeJWT } = require('../services/security');
-router.post('/register', (req, res) => {
+router.post('/register', registerLimiter, (req, res) => {
   const { email, password, name, company } = req.body;
   if (!email || !password || !name) {
     return res.status(400).json({ error: 'Email, password, and name are required' });
   }
-  if (password.length < 8) {
-    return res.status(400).json({ error: 'Password must be at least 8 characters' });
+  if (!validateEmail(email)) {
+    return res.status(400).json({ error: 'Invalid email format' });
   }
+  if (password.length < 8 || password.length > 128) {
+    return res.status(400).json({ error: 'Password must be between 8 and 128 characters' });
+  }
+  const cleanName = sanitizeInput(name, 100);
+  const cleanCompany = company ? sanitizeInput(company, 100) : undefined;
   try {
-    const user = registerUser({ email, password, name, company });
+    const user = registerUser({ email: email.toLowerCase().trim(), password, name: cleanName, company: cleanCompany });
     const token = generateToken(user);
+    auditLog({ actorType: 'user', actorId: String(user.id), action: 'register', ip: req.ip });
     res.status(201).json({ user, token });
   } catch (err) {
     if (err.message.includes('UNIQUE constraint')) {
@@ -26,22 +36,32 @@ router.post('/register', (req, res) => {
   }
 });
-router.post('/login', (req, res) => {
+router.post('/login', authLimiter, (req, res) => {
   const { email, password } = req.body;
   if (!email || !password) {
     return res.status(400).json({ error: 'Email and password are required' });
   }
-  const user = loginUser({ email, password });
+  const user = loginUser({ email: email.toLowerCase().trim(), password });
   if (!user) {
+    auditLog({ actorType: 'user', action: 'login_failed', details: { email: email.toLowerCase().trim() }, ip: req.ip, outcome: 'denied', severity: 'warning' });
     return res.status(401).json({ error: 'Invalid email or password' });
   }
   const token = generateToken(user);
+  auditLog({ actorType: 'user', actorId: String(user.id), action: 'login', ip: req.ip });
   res.json({ user, token });
 });
+router.post('/logout', authenticateToken, (req, res) => {
+  if (req._rawToken) {
+    revokeJWT(req._rawToken, 'user_logout');
+    auditLog({ actorType: 'user', actorId: String(req.user.id), action: 'logout', ip: req.ip });
+  }
+  res.json({ success: true });
+});
 router.get('/me', authenticateToken, (req, res) => {
   const user = findUserById.get(req.user.id);
   if (!user) return res.status(404).json({ error: 'User not found' });

package/server/routes/sovereign.js CHANGED Viewed

@@ -12,6 +12,7 @@ const { authenticateToken } = require('../middleware/auth');
 const reputation = require('../services/reputation');
 const negotiation = require('../services/negotiation');
 const verification = require('../services/verification');
+const priceShield = require('../services/price-shield');
 // ═══════════════════════════════════════════════════════════════════════
 // REPUTATION API
@@ -304,4 +305,81 @@ router.get('/dashboard/sovereign', authenticateToken, (req, res) => {
   res.json(dashboardData);
 });
+// ═══════════════════════════════════════════════════════════════════════
+// DYNAMIC PRICING SHIELD API
+// ═══════════════════════════════════════════════════════════════════════
+// Get available identity personas
+router.get('/price-shield/personas', (req, res) => {
+  res.json(priceShield.getPersonas());
+});
+// Create a new price scan
+router.post('/price-shield/scans', (req, res) => {
+  const { siteId, url, itemName, category } = req.body;
+  if (!url) {
+    return res.status(400).json({ error: 'url is required' });
+  }
+  const result = priceShield.createScan({ siteId, url, itemName, category });
+  res.json(result);
+});
+// Record a probe result for a scan
+router.post('/price-shield/scans/:scanId/probes', (req, res) => {
+  const { personaId, priceText, currency, responseHeaders, cookiesReceived, durationMs } = req.body;
+  if (!personaId || !priceText) {
+    return res.status(400).json({ error: 'personaId and priceText are required' });
+  }
+  const result = priceShield.recordProbe(req.params.scanId, {
+    personaId, priceText, currency, responseHeaders, cookiesReceived, durationMs
+  });
+  if (result.error) return res.status(400).json(result);
+  res.json(result);
+});
+// Analyze a scan (after probes are recorded)
+router.post('/price-shield/scans/:scanId/analyze', (req, res) => {
+  const result = priceShield.analyzeScan(req.params.scanId);
+  if (result.error) return res.status(400).json(result);
+  res.json(result);
+});
+// Quick scan — all-in-one (provide probes + get analysis)
+router.post('/price-shield/quick-scan', (req, res) => {
+  const { url, itemName, siteId, category, probes } = req.body;
+  if (!url || !probes || !Array.isArray(probes) || probes.length < 2) {
+    return res.status(400).json({ error: 'url and at least 2 probes are required' });
+  }
+  const result = priceShield.quickScan({ url, itemName, siteId, category, probes });
+  if (result.error) return res.status(400).json(result);
+  res.json(result);
+});
+// Get scan report
+router.get('/price-shield/scans/:scanId', (req, res) => {
+  const result = priceShield.getScanReport(req.params.scanId);
+  if (result.error) return res.status(404).json(result);
+  res.json(result);
+});
+// Get global price shield statistics
+router.get('/price-shield/stats', (req, res) => {
+  res.json(priceShield.getGlobalStats());
+});
+// Get price history for a URL
+router.get('/price-shield/history', (req, res) => {
+  const url = req.query.url;
+  if (!url) return res.status(400).json({ error: 'url query parameter is required' });
+  const limit = Math.min(parseInt(req.query.limit) || 30, 100);
+  res.json(priceShield.getPriceHistory(url, limit));
+});
+// Get manipulation log for a site
+router.get('/price-shield/manipulations/:siteId', (req, res) => {
+  const limit = Math.min(parseInt(req.query.limit) || 20, 100);
+  const result = priceShield.getGlobalStats();
+  res.json(result.topManipulators.find(m => m.siteId === req.params.siteId) || { siteId: req.params.siteId, incidents: 0 });
+});
 module.exports = router;