web-agent-bridge 2.3.1 → 2.5.0

package/sdk/index.d.ts

@@ -209,3 +209,256 @@ export declare class WABMultiAgent {
   /** Close all browser sessions. */
   close(): Promise<void>;
 }
+
+// ─── WABUniversalAgent — Works on ANY page, no bridge needed ───────────
+
+export interface UniversalAnalysis {
+  url: string;
+  domain: string;
+  products?: Array<{
+    name?: string;
+    price?: number;
+    currency?: string;
+    originalPrice?: number;
+    rating?: number;
+    method?: string;
+  }>;
+  fairness?: {
+    total: number;
+    category: string;
+    breakdown: Record<string, number>;
+    wabBridge?: { installed: boolean; bonus?: number; hasNegotiation?: boolean };
+    platform?: { size: string; commission: number };
+  };
+  darkPatterns?: Array<{ type: string; severity?: string; matches?: string[] }>;
+  alerts?: Array<{ title: string; description?: string; severity?: string }>;
+}
+
+export interface UniversalDeal {
+  name?: string;
+  source?: string;
+  domain?: string;
+  priceUsd?: number;
+  rating?: number;
+  url?: string;
+  compositeScore?: number;
+  wabBridge?: boolean;
+  canNegotiate?: boolean;
+  fairness?: { total: number; category: string };
+}
+
+export interface UniversalDealsResult {
+  deals: UniversalDeal[];
+  insights?: Array<{ icon?: string; text: string }>;
+  sourcesChecked?: number;
+}
+
+export interface UniversalFairness {
+  domain: string;
+  total: number;
+  category: string;
+  breakdown: Record<string, number>;
+  wabBridge?: { installed: boolean; bonus?: number };
+  platform?: { size: string; commission: number };
+}
+
+export declare class WABUniversalAgent {
+  constructor(serverUrl?: string);
+
+  /** Extract products, prices, and metadata from any URL. */
+  extract(url: string): Promise<any>;
+
+  /** Full analysis: extract + fairness + fraud detection + dark patterns. */
+  analyze(url: string): Promise<UniversalAnalysis>;
+
+  /** Compare prices across multiple sources. */
+  compare(query: string, category?: string): Promise<any>;
+
+  /** Find and rank the best deals with fairness scoring. */
+  deals(query: string, category?: string, lang?: string): Promise<UniversalDealsResult>;
+
+  /** Get fairness score for a domain. */
+  fairness(domain: string): Promise<UniversalFairness>;
+
+  /** Detect dark patterns on a URL. */
+  darkPatterns(url: string): Promise<any>;
+
+  /** Get price history for a domain. */
+  priceHistory(domain: string): Promise<any>;
+
+  /** Get top fairness-scored sites. */
+  topFair(limit?: number): Promise<any>;
+
+  /** Get all known competing sources. */
+  sources(): Promise<any>;
+}
+
+// ─── WABAgentOS — Agent OS Runtime Client ──────────────────────────────
+
+export interface WABAgentOSOptions {
+  /** WAB server base URL (default http://localhost:3000). */
+  serverUrl?: string;
+  /** Pre-registered agent ID. */
+  agentId?: string;
+  /** Pre-registered API key. */
+  apiKey?: string;
+  /** Active session token. */
+  sessionToken?: string;
+}
+
+export interface AgentRegistration {
+  agentId: string;
+  apiKey: string;
+  message: string;
+}
+
+export interface AgentSession {
+  sessionToken?: string;
+  agentId: string;
+  expiresAt: number;
+}
+
+export interface ProtocolInfo {
+  protocol: string;
+  version: string;
+  commands: Array<{
+    name: string;
+    version: string;
+    category: string;
+    description: string;
+    capabilities: string[];
+  }>;
+  capabilities: string[];
+  permissionLevels: Record<string, number>;
+}
+
+export interface TaskSubmitResult {
+  taskId: string;
+  state: string;
+}
+
+export interface TaskInfo {
+  taskId: string;
+  type: string;
+  state: string;
+  priority: number;
+  result?: any;
+  error?: string;
+  createdAt: number;
+  startedAt?: number;
+  completedAt?: number;
+}
+
+export interface ExecuteResult {
+  success: boolean;
+  result?: any;
+  error?: string;
+  traceId?: string;
+  duration?: number;
+}
+
+export interface RegistryCommand {
+  id: string;
+  siteId: string;
+  name: string;
+  description: string;
+  category: string;
+  version: string;
+  tags: string[];
+  usageCount: number;
+}
+
+export interface RegistrySite {
+  domain: string;
+  name: string;
+  tier: string;
+  capabilities: string[];
+  verified: boolean;
+}
+
+export interface RegistryTemplate {
+  id: string;
+  name: string;
+  description: string;
+  category: string;
+  steps: any[];
+  downloads: number;
+}
+
+export interface HealthInfo {
+  runtime: any;
+  identity: any;
+  registry: any;
+  executor: any;
+  llm: any;
+}
+
+export interface LLMCompletionResult {
+  text: string;
+  provider: string;
+  model: string;
+  tokens?: { input: number; output: number; total: number };
+  cached?: boolean;
+}
+
+export declare class WABAgentOS {
+  agentId: string | null;
+  apiKey: string | null;
+  sessionToken: string | null;
+
+  constructor(options?: WABAgentOSOptions);
+
+  // Agent Identity
+  register(name: string, type: string, capabilities?: string[]): Promise<AgentRegistration>;
+  authenticate(apiKey?: string): Promise<AgentSession>;
+  negotiateCapabilities(capabilities: string[], siteId?: string): Promise<any>;
+
+  // Protocol
+  getProtocol(): Promise<ProtocolInfo>;
+  sendMessage(command: string, payload?: Record<string, unknown>): Promise<any>;
+
+  // Tasks
+  submitTask(task: Record<string, unknown>): Promise<TaskSubmitResult>;
+  getTask(taskId: string): Promise<TaskInfo>;
+  listTasks(state?: string, limit?: number): Promise<{ tasks: TaskInfo[]; total: number }>;
+  cancelTask(taskId: string): Promise<{ success: boolean }>;
+  pauseTask(taskId: string): Promise<{ success: boolean }>;
+  resumeTask(taskId: string): Promise<{ success: boolean }>;
+
+  // Execution
+  execute(command: Record<string, unknown>): Promise<ExecuteResult>;
+  executeSemantic(domain: string, action: string, params?: Record<string, unknown>): Promise<ExecuteResult>;
+  executePipeline(steps: Array<Record<string, unknown>>): Promise<ExecuteResult>;
+  resolveAction(domain: string, action: string, siteDomain?: string): Promise<any>;
+
+  // Registry
+  searchCommands(query?: Record<string, string>): Promise<{ commands: RegistryCommand[]; total: number }>;
+  registerCommand(siteId: string, command: Record<string, unknown>): Promise<RegistryCommand>;
+  searchSites(query?: Record<string, string>): Promise<{ sites: RegistrySite[]; total: number }>;
+  registerSite(domain: string, info: Record<string, unknown>): Promise<RegistrySite>;
+  searchTemplates(query?: Record<string, string>): Promise<{ templates: RegistryTemplate[]; total: number }>;
+  getTemplate(templateId: string): Promise<RegistryTemplate>;
+
+  // LLM
+  complete(prompt: string, options?: Record<string, unknown>): Promise<LLMCompletionResult>;
+  embed(text: string, options?: Record<string, unknown>): Promise<any>;
+  listModels(): Promise<{ models: any[] }>;
+
+  // Observability
+  getMetrics(): Promise<any>;
+  getTraces(query?: Record<string, string>): Promise<any>;
+  getTrace(traceId: string): Promise<any>;
+  getLogs(query?: Record<string, string>): Promise<any>;
+  getHealth(): Promise<HealthInfo>;
+
+  // Events (SSE)
+  subscribe(filter: string | null, onEvent: (data: any) => void): EventSource;
+
+  // Policies
+  createPolicy(policy: Record<string, unknown>): Promise<any>;
+  evaluatePolicy(entityId: string, action: string, context?: Record<string, unknown>): Promise<any>;
+
+  // Deploy
+  deploy(config?: Record<string, unknown>): Promise<any>;
+  listDeployments(query?: Record<string, string>): Promise<any>;
+}

package/sdk/index.js

@@ -254,7 +254,366 @@ class WABAgent {
   }
 }
 
+/**
+ * WABUniversalAgent — Works on ANY page, no bridge script needed.
+ * Uses server-side extraction, analysis, and comparison APIs.
+ */
+class WABUniversalAgent {
+  /**
+   * @param {string} [serverUrl='http://localhost:3000'] — WAB server URL
+   */
+  constructor(serverUrl = 'http://localhost:3000') {
+    this.serverUrl = serverUrl.replace(/\/$/, '');
+  }
+
+  /** @private */
+  async _post(path, body) {
+    const res = await fetch(`${this.serverUrl}${path}`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    });
+    if (!res.ok) throw new Error(`WAB API error ${res.status}: ${await res.text()}`);
+    return res.json();
+  }
+
+  /** @private */
+  async _get(path) {
+    const res = await fetch(`${this.serverUrl}${path}`);
+    if (!res.ok) throw new Error(`WAB API error ${res.status}: ${await res.text()}`);
+    return res.json();
+  }
+
+  /**
+   * Extract products, prices, and metadata from any URL.
+   * @param {string} url
+   * @returns {Promise<object>}
+   */
+  async extract(url) {
+    return this._post('/api/universal/extract', { url });
+  }
+
+  /**
+   * Full analysis: extract + fairness + fraud detection + dark patterns.
+   * @param {string} url
+   * @returns {Promise<object>}
+   */
+  async analyze(url) {
+    return this._post('/api/universal/analyze', { url });
+  }
+
+  /**
+   * Compare prices across multiple sources.
+   * @param {string} query — Product or service to search for
+   * @param {string} [category='product'] — 'product', 'hotel', 'flight'
+   * @returns {Promise<object>}
+   */
+  async compare(query, category = 'product') {
+    return this._post('/api/universal/compare', { query, category });
+  }
+
+  /**
+   * Find and rank the best deals with fairness scoring.
+   * @param {string} query
+   * @param {string} [category='product']
+   * @param {string} [lang='en']
+   * @returns {Promise<object>}
+   */
+  async deals(query, category = 'product', lang = 'en') {
+    return this._post('/api/universal/deals', { query, category, lang });
+  }
+
+  /**
+   * Get fairness score for a domain.
+   * @param {string} domain
+   * @returns {Promise<object>}
+   */
+  async fairness(domain) {
+    return this._post('/api/universal/fairness', { domain });
+  }
+
+  /**
+   * Detect dark patterns on a URL.
+   * @param {string} url
+   * @returns {Promise<object>}
+   */
+  async darkPatterns(url) {
+    return this._post('/api/universal/dark-patterns', { url });
+  }
+
+  /**
+   * Get price history for a domain.
+   * @param {string} domain
+   * @returns {Promise<object>}
+   */
+  async priceHistory(domain) {
+    return this._get(`/api/universal/history?domain=${encodeURIComponent(domain)}`);
+  }
+
+  /**
+   * Get top fairness-scored sites.
+   * @param {number} [limit=20]
+   * @returns {Promise<object>}
+   */
+  async topFair(limit = 20) {
+    return this._get(`/api/universal/top-fair?limit=${limit}`);
+  }
+
+  /**
+   * Get all known competing sources.
+   * @returns {Promise<object>}
+   */
+  async sources() {
+    return this._get('/api/universal/sources');
+  }
+}
+
 const { WABMultiAgent } = require('./multi-agent');
 const { WABAgentMesh } = require('./agent-mesh');
 
-module.exports = { WABAgent, WABMultiAgent, WABAgentMesh };
+// ─── WAB Agent OS Client ────────────────────────────────────────────────────
+
+/**
+ * WABAgentOS — Client for the Agent OS runtime.
+ * Provides access to protocol, tasks, execution, registry, observability, and LLM.
+ */
+class WABAgentOS {
+  /**
+   * @param {object} options
+   * @param {string} options.serverUrl — WAB server base URL
+   * @param {string} [options.agentId] — Pre-registered agent ID
+   * @param {string} [options.apiKey] — Pre-registered API key
+   * @param {string} [options.sessionToken] — Active session token
+   */
+  constructor(options = {}) {
+    this.serverUrl = (options.serverUrl || 'http://localhost:3000').replace(/\/$/, '');
+    this.agentId = options.agentId || null;
+    this.apiKey = options.apiKey || null;
+    this.sessionToken = options.sessionToken || null;
+    this._base = `${this.serverUrl}/api/os`;
+  }
+
+  // ─── Agent Identity ───────────────────────────────────────────────────
+
+  async register(name, type, capabilities = []) {
+    const res = await this._post('/agents/register', { name, type, capabilities });
+    this.agentId = res.agentId;
+    this.apiKey = res.apiKey;
+    return res;
+  }
+
+  async authenticate(apiKey) {
+    const res = await this._post('/agents/authenticate', { apiKey: apiKey || this.apiKey });
+    if (res.sessionToken) this.sessionToken = res.sessionToken;
+    return res;
+  }
+
+  async negotiateCapabilities(capabilities, siteId) {
+    return this._post(`/agents/${this.agentId}/capabilities`, { capabilities, siteId });
+  }
+
+  // ─── Protocol ─────────────────────────────────────────────────────────
+
+  async getProtocol() {
+    return this._get('/protocol');
+  }
+
+  async sendMessage(command, payload = {}) {
+    return this._post('/protocol/message', { command, payload, agentId: this.agentId });
+  }
+
+  // ─── Tasks ────────────────────────────────────────────────────────────
+
+  async submitTask(task) {
+    return this._post('/tasks', task);
+  }
+
+  async getTask(taskId) {
+    return this._get(`/tasks/${taskId}`);
+  }
+
+  async listTasks(state, limit) {
+    const params = [];
+    if (state) params.push(`state=${state}`);
+    if (limit) params.push(`limit=${limit}`);
+    return this._get(`/tasks${params.length ? '?' + params.join('&') : ''}`);
+  }
+
+  async cancelTask(taskId) {
+    return this._delete(`/tasks/${taskId}`);
+  }
+
+  async pauseTask(taskId) {
+    return this._post(`/tasks/${taskId}/pause`);
+  }
+
+  async resumeTask(taskId) {
+    return this._post(`/tasks/${taskId}/resume`);
+  }
+
+  // ─── Execution ────────────────────────────────────────────────────────
+
+  async execute(command) {
+    return this._post('/execute', command);
+  }
+
+  async executeSemantic(domain, action, params = {}) {
+    return this._post('/execute/semantic', { domain, action, params, agentId: this.agentId });
+  }
+
+  async executePipeline(steps) {
+    return this._post('/execute/pipeline', { steps });
+  }
+
+  async resolveAction(domain, action, siteDomain) {
+    const params = `domain=${domain}&action=${action}${siteDomain ? `&siteDomain=${siteDomain}` : ''}`;
+    return this._get(`/execute/resolve?${params}`);
+  }
+
+  // ─── Registry ─────────────────────────────────────────────────────────
+
+  async searchCommands(query = {}) {
+    const params = Object.entries(query).map(([k, v]) => `${k}=${encodeURIComponent(v)}`).join('&');
+    return this._get(`/registry/commands${params ? '?' + params : ''}`);
+  }
+
+  async registerCommand(siteId, command) {
+    return this._post('/registry/commands', { siteId, ...command });
+  }
+
+  async searchSites(query = {}) {
+    const params = Object.entries(query).map(([k, v]) => `${k}=${encodeURIComponent(v)}`).join('&');
+    return this._get(`/registry/sites${params ? '?' + params : ''}`);
+  }
+
+  async registerSite(domain, info) {
+    return this._post('/registry/sites', { domain, ...info });
+  }
+
+  async searchTemplates(query = {}) {
+    const params = Object.entries(query).map(([k, v]) => `${k}=${encodeURIComponent(v)}`).join('&');
+    return this._get(`/registry/templates${params ? '?' + params : ''}`);
+  }
+
+  async getTemplate(templateId) {
+    return this._get(`/registry/templates/${templateId}`);
+  }
+
+  // ─── LLM ──────────────────────────────────────────────────────────────
+
+  async complete(prompt, options = {}) {
+    return this._post('/llm/complete', { prompt, options });
+  }
+
+  async embed(text, options = {}) {
+    return this._post('/llm/embed', { text, options });
+  }
+
+  async listModels() {
+    return this._get('/llm/models');
+  }
+
+  // ─── Observability ────────────────────────────────────────────────────
+
+  async getMetrics() {
+    return this._get('/observability/metrics');
+  }
+
+  async getTraces(query = {}) {
+    const params = Object.entries(query).map(([k, v]) => `${k}=${encodeURIComponent(v)}`).join('&');
+    return this._get(`/observability/traces${params ? '?' + params : ''}`);
+  }
+
+  async getTrace(traceId) {
+    return this._get(`/observability/traces/${traceId}`);
+  }
+
+  async getLogs(query = {}) {
+    const params = Object.entries(query).map(([k, v]) => `${k}=${encodeURIComponent(v)}`).join('&');
+    return this._get(`/observability/logs${params ? '?' + params : ''}`);
+  }
+
+  async getHealth() {
+    return this._get('/observability/health');
+  }
+
+  // ─── Events (SSE) ────────────────────────────────────────────────────
+
+  subscribe(filter, onEvent) {
+    if (typeof EventSource === 'undefined') {
+      throw new Error('EventSource not available. Use a polyfill for Node.js.');
+    }
+    const url = `${this._base}/events${filter ? '?filter=' + encodeURIComponent(filter) : ''}`;
+    const es = new EventSource(url);
+    es.onmessage = (e) => {
+      try { onEvent(JSON.parse(e.data)); } catch { onEvent(e.data); }
+    };
+    return es; // Call es.close() to unsubscribe
+  }
+
+  // ─── Policies ─────────────────────────────────────────────────────────
+
+  async createPolicy(policy) {
+    return this._post('/policies', policy);
+  }
+
+  async evaluatePolicy(entityId, action, context = {}) {
+    return this._post('/policies/evaluate', { entityId, action, context });
+  }
+
+  // ─── Deploy ───────────────────────────────────────────────────────────
+
+  async deploy(config = {}) {
+    return this._post('/deployments', { agentId: this.agentId, config });
+  }
+
+  async listDeployments(query = {}) {
+    const params = Object.entries(query).map(([k, v]) => `${k}=${encodeURIComponent(v)}`).join('&');
+    return this._get(`/deployments${params ? '?' + params : ''}`);
+  }
+
+  // ─── HTTP Helpers ─────────────────────────────────────────────────────
+
+  async _get(path) {
+    const url = `${this._base}${path}`;
+    const headers = this._headers();
+    const res = await fetch(url, { headers });
+    if (!res.ok) {
+      const body = await res.json().catch(() => ({ error: res.statusText }));
+      throw new Error(body.error || `HTTP ${res.status}`);
+    }
+    return res.json();
+  }
+
+  async _post(path, body) {
+    const url = `${this._base}${path}`;
+    const headers = { ...this._headers(), 'Content-Type': 'application/json' };
+    const res = await fetch(url, { method: 'POST', headers, body: JSON.stringify(body) });
+    if (!res.ok) {
+      const data = await res.json().catch(() => ({ error: res.statusText }));
+      throw new Error(data.error || `HTTP ${res.status}`);
+    }
+    return res.json();
+  }
+
+  async _delete(path) {
+    const url = `${this._base}${path}`;
+    const headers = this._headers();
+    const res = await fetch(url, { method: 'DELETE', headers });
+    if (!res.ok) {
+      const data = await res.json().catch(() => ({ error: res.statusText }));
+      throw new Error(data.error || `HTTP ${res.status}`);
+    }
+    return res.json();
+  }
+
+  _headers() {
+    const h = {};
+    if (this.sessionToken) h['Authorization'] = `Bearer ${this.sessionToken}`;
+    else if (this.apiKey) h['X-WAB-Key'] = this.apiKey;
+    if (this.agentId) h['X-WAB-Agent'] = this.agentId;
+    return h;
+  }
+}
+
+module.exports = { WABAgent, WABUniversalAgent, WABMultiAgent, WABAgentMesh, WABAgentOS };

package/sdk/package.json

@@ -1,6 +1,6 @@
 {
   "name": "web-agent-bridge-sdk",
-  "version": "2.3.0",
+  "version": "2.5.0",
   "description": "SDK for building AI agents that interact with Web Agent Bridge (WAB)",
   "main": "index.js",
   "license": "MIT",

package/server/config/secrets.js

@@ -33,10 +33,12 @@ function isProd() {
 function assertSecretsAtStartup() {
   if (isTest()) return;
   if (isProd() && !process.env.JWT_SECRET) {
-    _autoUserSecret = generateAutoSecret('JWT_SECRET');
+    console.error('[WAB] FATAL: JWT_SECRET is not set in production. Refusing to start with insecure defaults.');
+    process.exit(1);
   }
   if (isProd() && !process.env.JWT_SECRET_ADMIN) {
-    _autoAdminSecret = generateAutoSecret('JWT_SECRET_ADMIN');
+    console.error('[WAB] FATAL: JWT_SECRET_ADMIN is not set in production. Refusing to start with insecure defaults.');
+    process.exit(1);
   }
 }
 
@@ -44,14 +46,20 @@ function getJwtUserSecret() {
   if (isTest()) {
     return process.env.JWT_SECRET || 'test-secret-key-for-testing';
   }
-  return process.env.JWT_SECRET || _autoUserSecret || 'dev-user-secret-change-in-development';
+  if (process.env.JWT_SECRET) return process.env.JWT_SECRET;
+  // Dev mode: generate ephemeral secret per process (not hardcoded)
+  if (!_autoUserSecret) _autoUserSecret = generateAutoSecret('JWT_SECRET');
+  return _autoUserSecret;
 }
 
 function getJwtAdminSecret() {
   if (isTest()) {
-    return process.env.JWT_SECRET_ADMIN || process.env.JWT_SECRET || 'test-secret-key-for-testing-admin';
+    return process.env.JWT_SECRET_ADMIN || 'test-secret-key-for-testing-admin';
   }
-  return process.env.JWT_SECRET_ADMIN || process.env.JWT_SECRET || _autoAdminSecret || _autoUserSecret || 'dev-admin-secret-change-in-development';
+  if (process.env.JWT_SECRET_ADMIN) return process.env.JWT_SECRET_ADMIN;
+  // Dev mode: generate separate ephemeral secret (never share with user secret)
+  if (!_autoAdminSecret) _autoAdminSecret = generateAutoSecret('JWT_SECRET_ADMIN');
+  return _autoAdminSecret;
 }
 
 function signUserToken(payload, options = {}) {