web-agent-bridge 2.3.1 → 2.5.0

package/server/registry/index.js

@@ -0,0 +1,326 @@
+'use strict';
+
+/**
+ * WAB Registry - Agent & Command Registry
+ *
+ * Ecosystem foundation (like npm for agents):
+ * - Command registry (registered site capabilities)
+ * - Agent registry (available agents & their capabilities)
+ * - Site registry (WAB-enabled sites)
+ * - Template registry (reusable agent workflows)
+ */
+
+const crypto = require('crypto');
+const { bus } = require('../runtime/event-bus');
+const { metrics } = require('../observability');
+
+// ─── Command Registry ───────────────────────────────────────────────────────
+
+class CommandRegistry {
+  constructor() {
+    this._commands = new Map();    // commandId → command definition
+    this._siteCommands = new Map(); // siteId → Set<commandId>
+    this._categories = new Map();   // category → Set<commandId>
+  }
+
+  /**
+   * Register a command that a site supports
+   */
+  register(siteId, command) {
+    const commandId = `cmd_${crypto.randomBytes(12).toString('hex')}`;
+    const entry = {
+      id: commandId,
+      siteId,
+      name: command.name,
+      description: command.description || '',
+      category: command.category || 'general',
+      version: command.version || '1.0.0',
+      input: command.input || {},   // JSON Schema
+      output: command.output || {}, // JSON Schema
+      capabilities: command.capabilities || [],
+      examples: command.examples || [],
+      tags: command.tags || [],
+      deprecated: command.deprecated || false,
+      registeredAt: Date.now(),
+      usageCount: 0,
+      lastUsed: null,
+    };
+
+    this._commands.set(commandId, entry);
+
+    // Index by site
+    if (!this._siteCommands.has(siteId)) this._siteCommands.set(siteId, new Set());
+    this._siteCommands.get(siteId).add(commandId);
+
+    // Index by category
+    if (!this._categories.has(entry.category)) this._categories.set(entry.category, new Set());
+    this._categories.get(entry.category).add(commandId);
+
+    metrics.increment('registry.commands.registered');
+    bus.emit('registry.command.registered', { commandId, siteId, name: command.name });
+
+    return entry;
+  }
+
+  /**
+   * Search commands
+   */
+  search(query = {}) {
+    const results = [];
+
+    for (const [, cmd] of this._commands) {
+      if (query.siteId && cmd.siteId !== query.siteId) continue;
+      if (query.category && cmd.category !== query.category) continue;
+      if (query.name && !cmd.name.toLowerCase().includes(query.name.toLowerCase())) continue;
+      if (query.tag && !cmd.tags.includes(query.tag)) continue;
+      if (query.capability) {
+        if (!cmd.capabilities.some(c => c.includes(query.capability))) continue;
+      }
+      results.push(cmd);
+    }
+
+    // Sort by usage
+    results.sort((a, b) => b.usageCount - a.usageCount);
+    return results.slice(0, query.limit || 50);
+  }
+
+  /**
+   * Get commands for a site
+   */
+  getSiteCommands(siteId) {
+    const ids = this._siteCommands.get(siteId);
+    if (!ids) return [];
+    return [...ids].map(id => this._commands.get(id)).filter(Boolean);
+  }
+
+  /**
+   * Get command by ID
+   */
+  getCommand(commandId) {
+    return this._commands.get(commandId) || null;
+  }
+
+  /**
+   * Track command usage
+   */
+  trackUsage(commandId) {
+    const cmd = this._commands.get(commandId);
+    if (cmd) {
+      cmd.usageCount++;
+      cmd.lastUsed = Date.now();
+    }
+  }
+
+  /**
+   * Get categories with counts
+   */
+  getCategories() {
+    const cats = {};
+    for (const [cat, ids] of this._categories) {
+      cats[cat] = ids.size;
+    }
+    return cats;
+  }
+
+  /**
+   * Unregister all commands for a site
+   */
+  unregisterSite(siteId) {
+    const ids = this._siteCommands.get(siteId);
+    if (!ids) return;
+    for (const id of ids) {
+      const cmd = this._commands.get(id);
+      if (cmd) {
+        const catIds = this._categories.get(cmd.category);
+        if (catIds) catIds.delete(id);
+      }
+      this._commands.delete(id);
+    }
+    this._siteCommands.delete(siteId);
+  }
+
+  getStats() {
+    return {
+      totalCommands: this._commands.size,
+      totalSites: this._siteCommands.size,
+      categories: this.getCategories(),
+    };
+  }
+}
+
+// ─── Site Registry ──────────────────────────────────────────────────────────
+
+class SiteRegistry {
+  constructor() {
+    this._sites = new Map(); // domain → site entry
+  }
+
+  /**
+   * Register a WAB-enabled site
+   */
+  register(domain, info) {
+    const entry = {
+      domain,
+      name: info.name || domain,
+      description: info.description || '',
+      tier: info.tier || 'free',
+      protocolVersion: info.protocolVersion || '1.0.0',
+      capabilities: info.capabilities || [],
+      endpoints: {
+        discover: info.discoverUrl || `https://${domain}/.well-known/wab.json`,
+        execute: info.executeUrl || `https://${domain}/api/wab/execute`,
+        negotiate: info.negotiateUrl || null,
+      },
+      verified: info.verified || false,
+      registeredAt: Date.now(),
+      lastSeen: Date.now(),
+      commandCount: 0,
+      agentVisits: 0,
+    };
+
+    this._sites.set(domain, entry);
+    metrics.increment('registry.sites.registered');
+    bus.emit('registry.site.registered', { domain });
+    return entry;
+  }
+
+  /**
+   * Get site info
+   */
+  getSite(domain) {
+    return this._sites.get(domain) || null;
+  }
+
+  /**
+   * Search sites
+   */
+  search(query = {}) {
+    const results = [];
+    for (const [, site] of this._sites) {
+      if (query.tier && site.tier !== query.tier) continue;
+      if (query.capability && !site.capabilities.includes(query.capability)) continue;
+      if (query.name && !site.name.toLowerCase().includes(query.name.toLowerCase())) continue;
+      if (query.verified !== undefined && site.verified !== query.verified) continue;
+      results.push(site);
+    }
+    results.sort((a, b) => b.agentVisits - a.agentVisits);
+    return results.slice(0, query.limit || 50);
+  }
+
+  /**
+   * Track a visit
+   */
+  trackVisit(domain) {
+    const site = this._sites.get(domain);
+    if (site) {
+      site.agentVisits++;
+      site.lastSeen = Date.now();
+    }
+  }
+
+  /**
+   * List all sites
+   */
+  listSites(limit = 100) {
+    return Array.from(this._sites.values()).slice(0, limit);
+  }
+
+  getStats() {
+    return {
+      totalSites: this._sites.size,
+      verifiedSites: Array.from(this._sites.values()).filter(s => s.verified).length,
+    };
+  }
+}
+
+// ─── Template Registry ──────────────────────────────────────────────────────
+
+class TemplateRegistry {
+  constructor() {
+    this._templates = new Map(); // templateId → template
+  }
+
+  /**
+   * Register a workflow template
+   */
+  register(template) {
+    const templateId = template.id || `tmpl_${crypto.randomBytes(12).toString('hex')}`;
+    const entry = {
+      id: templateId,
+      name: template.name,
+      description: template.description || '',
+      category: template.category || 'general',
+      author: template.author || 'system',
+      version: template.version || '1.0.0',
+
+      // Workflow definition
+      steps: template.steps || [],
+      variables: template.variables || {},
+      requiredCapabilities: template.requiredCapabilities || [],
+
+      // Metadata
+      tags: template.tags || [],
+      downloads: 0,
+      rating: 0,
+      reviews: 0,
+      registeredAt: Date.now(),
+    };
+
+    this._templates.set(templateId, entry);
+    metrics.increment('registry.templates.registered');
+    return entry;
+  }
+
+  /**
+   * Get a template
+   */
+  getTemplate(templateId) {
+    return this._templates.get(templateId) || null;
+  }
+
+  /**
+   * Search templates
+   */
+  search(query = {}) {
+    const results = [];
+    for (const [, tmpl] of this._templates) {
+      if (query.category && tmpl.category !== query.category) continue;
+      if (query.name && !tmpl.name.toLowerCase().includes(query.name.toLowerCase())) continue;
+      if (query.tag && !tmpl.tags.includes(query.tag)) continue;
+      results.push(tmpl);
+    }
+    results.sort((a, b) => b.downloads - a.downloads);
+    return results.slice(0, query.limit || 50);
+  }
+
+  /**
+   * Track template download
+   */
+  trackDownload(templateId) {
+    const tmpl = this._templates.get(templateId);
+    if (tmpl) tmpl.downloads++;
+  }
+
+  listTemplates(limit = 50) {
+    return Array.from(this._templates.values()).slice(0, limit);
+  }
+
+  getStats() {
+    return { totalTemplates: this._templates.size };
+  }
+}
+
+// ─── Singletons ─────────────────────────────────────────────────────────────
+
+const commandRegistry = new CommandRegistry();
+const siteRegistry = new SiteRegistry();
+const templateRegistry = new TemplateRegistry();
+
+module.exports = {
+  CommandRegistry,
+  SiteRegistry,
+  TemplateRegistry,
+  commandRegistry,
+  siteRegistry,
+  templateRegistry,
+};

package/server/routes/admin.js

@@ -6,6 +6,8 @@
 const express = require('express');
 const router = express.Router();
 const { authenticateAdmin, generateAdminToken } = require('../middleware/adminAuth');
+const { adminLoginLimiter } = require('../middleware/rateLimits');
+const { auditLog, revokeJWT } = require('../services/security');
 const {
   loginAdmin, findAdminById, createAdmin,
   getAllUsers, getAllSites, getAdminStats, getPlatformAnalytics,
@@ -23,17 +25,29 @@ const { createCheckoutSession, createPortalSession, isStripeConfigured, getStrip
 
 // ─── Auth ──────────────────────────────────────────────────────────────
 
-router.post('/login', (req, res) => {
+router.post('/login', adminLoginLimiter, (req, res) => {
   const { email, password } = req.body;
   if (!email || !password) return res.status(400).json({ error: 'Email and password required' });
 
   const admin = loginAdmin({ email, password });
-  if (!admin) return res.status(401).json({ error: 'Invalid credentials' });
+  if (!admin) {
+    auditLog({ actorType: 'admin', action: 'admin_login_failed', details: { email }, ip: req.ip, outcome: 'denied', severity: 'warning' });
+    return res.status(401).json({ error: 'Invalid credentials' });
+  }
 
   const token = generateAdminToken(admin);
+  auditLog({ actorType: 'admin', actorId: String(admin.id), action: 'admin_login', ip: req.ip });
   res.json({ admin, token });
 });
 
+router.post('/logout', authenticateAdmin, (req, res) => {
+  if (req._rawToken) {
+    revokeJWT(req._rawToken, 'admin_logout');
+    auditLog({ actorType: 'admin', actorId: String(req.admin.id), action: 'admin_logout', ip: req.ip });
+  }
+  res.json({ success: true });
+});
+
 router.get('/me', authenticateAdmin, (req, res) => {
   const admin = findAdminById(req.admin.id);
   if (!admin) return res.status(404).json({ error: 'Admin not found' });

package/server/routes/ads.js

@@ -0,0 +1,130 @@
+const express = require('express');
+const router = express.Router();
+const crypto = require('crypto');
+const rateLimit = require('express-rate-limit');
+const { authenticateAdmin } = require('../middleware/adminAuth');
+const {
+  submitAd,
+  getActiveAds,
+  getAllAds,
+  getPendingAds,
+  getAdById,
+  updateAdStatus,
+  deleteAd,
+  recordAdEvent,
+  getAdStats
+} = require('../models/db');
+
+// ─── Rate Limiters ────────────────────────────────────────────────────
+const eventLimiter = rateLimit({
+  windowMs: 60 * 1000,
+  max: 30,
+  keyGenerator: (req) => crypto.createHash('sha256').update(req.ip || '').digest('hex').slice(0, 16),
+  standardHeaders: true,
+  legacyHeaders: false,
+  message: { error: 'Too many ad events, slow down' }
+});
+
+const submitLimiter = rateLimit({
+  windowMs: 60 * 60 * 1000,
+  max: 5,
+  keyGenerator: (req) => crypto.createHash('sha256').update(req.ip || '').digest('hex').slice(0, 16),
+  standardHeaders: true,
+  legacyHeaders: false,
+  message: { error: 'Too many ad submissions, try again later' }
+});
+
+// ─── Public Routes ────────────────────────────────────────────────────
+
+// GET /api/ads/active — returns active approved ads for browser
+router.get('/active', (req, res) => {
+  const position = req.query.position || null;
+  const ads = getActiveAds(position);
+  res.json(ads);
+});
+
+// POST /api/ads/impression — record ad impression
+router.post('/impression', eventLimiter, (req, res) => {
+  const { adId } = req.body;
+  if (!adId || typeof adId !== 'string' || adId.length > 50) return res.status(400).json({ error: 'adId required' });
+  const ipHash = crypto.createHash('sha256').update(req.ip || '').digest('hex').slice(0, 16);
+  recordAdEvent(adId, 'impression', ipHash);
+  res.json({ ok: true });
+});
+
+// POST /api/ads/click — record ad click
+router.post('/click', eventLimiter, (req, res) => {
+  const { adId } = req.body;
+  if (!adId || typeof adId !== 'string' || adId.length > 50) return res.status(400).json({ error: 'adId required' });
+  const ipHash = crypto.createHash('sha256').update(req.ip || '').digest('hex').slice(0, 16);
+  recordAdEvent(adId, 'click', ipHash);
+  res.json({ ok: true });
+});
+
+// POST /api/ads/submit — public ad submission (advertiser applies)
+router.post('/submit', submitLimiter, (req, res) => {
+  const { title, description, imageUrl, targetUrl, advertiserName, advertiserEmail, position, budgetCents, cpcCents, cpiCents, expiresAt } = req.body;
+  if (!title || !targetUrl || !advertiserName || !advertiserEmail) {
+    return res.status(400).json({ error: 'title, targetUrl, advertiserName, advertiserEmail required' });
+  }
+  // Input length validation
+  if (title.length > 200 || (description && description.length > 1000) || advertiserName.length > 100 || advertiserEmail.length > 254) {
+    return res.status(400).json({ error: 'Field too long' });
+  }
+  // Email format validation
+  if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(advertiserEmail)) {
+    return res.status(400).json({ error: 'Invalid email format' });
+  }
+  // URL validation
+  try { new URL(targetUrl); } catch { return res.status(400).json({ error: 'Invalid targetUrl' }); }
+  if (imageUrl) { try { new URL(imageUrl); } catch { return res.status(400).json({ error: 'Invalid imageUrl' }); } }
+
+  const ad = submitAd({ title, description, imageUrl, targetUrl, advertiserName, advertiserEmail, position, budgetCents, cpcCents, cpiCents, expiresAt });
+  res.json({ ok: true, ad });
+});
+
+// ─── Admin Routes ─────────────────────────────────────────────────────
+
+// GET /api/ads/admin/all — list all ads
+router.get('/admin/all', authenticateAdmin, (req, res) => {
+  res.json(getAllAds());
+});
+
+// GET /api/ads/admin/pending — list pending ads
+router.get('/admin/pending', authenticateAdmin, (req, res) => {
+  res.json(getPendingAds());
+});
+
+// GET /api/ads/admin/stats — ad system stats
+router.get('/admin/stats', authenticateAdmin, (req, res) => {
+  res.json(getAdStats());
+});
+
+// GET /api/ads/admin/:id — single ad details
+router.get('/admin/:id', authenticateAdmin, (req, res) => {
+  const ad = getAdById(req.params.id);
+  if (!ad) return res.status(404).json({ error: 'Ad not found' });
+  res.json(ad);
+});
+
+// PUT /api/ads/admin/:id/status — approve/reject/pause
+router.put('/admin/:id/status', authenticateAdmin, (req, res) => {
+  const { status } = req.body;
+  if (!['approved', 'rejected', 'paused', 'expired'].includes(status)) {
+    return res.status(400).json({ error: 'Invalid status' });
+  }
+  const ad = getAdById(req.params.id);
+  if (!ad) return res.status(404).json({ error: 'Ad not found' });
+  updateAdStatus(req.params.id, status, req.admin.id);
+  res.json({ ok: true, status });
+});
+
+// DELETE /api/ads/admin/:id — delete ad
+router.delete('/admin/:id', authenticateAdmin, (req, res) => {
+  const ad = getAdById(req.params.id);
+  if (!ad) return res.status(404).json({ error: 'Ad not found' });
+  deleteAd(req.params.id);
+  res.json({ ok: true });
+});
+
+module.exports = router;