web-agent-bridge 2.4.0 → 2.5.0

package/server/control-plane/index.js

@@ -0,0 +1,301 @@
+'use strict';
+
+/**
+ * WAB Control Plane
+ *
+ * Management layer for the Agent OS. Handles:
+ * - Agent lifecycle management
+ * - Policy enforcement
+ * - Deployment management
+ * - Configuration distribution
+ *
+ * The Control Plane is separated from the Data Plane.
+ * It decides WHAT to do and WHO can do it.
+ * The Data Plane executes the actual work.
+ */
+
+const crypto = require('crypto');
+const { bus } = require('../runtime/event-bus');
+const { identity } = require('../security');
+
+// ─── Agent Lifecycle Manager ────────────────────────────────────────────────
+
+class AgentManager {
+  constructor() {
+    this._deployments = new Map();  // deploymentId → deployment config
+    this._assignments = new Map();  // agentId → Set<siteId>
+    this._healthChecks = new Map(); // agentId → last health check
+  }
+
+  /**
+   * Deploy an agent to the runtime
+   */
+  deploy(agentId, config = {}) {
+    const agent = identity.getAgent(agentId);
+    if (!agent) throw new Error(`Agent not found: ${agentId}`);
+
+    const deploymentId = `deploy_${crypto.randomBytes(12).toString('hex')}`;
+    const deployment = {
+      id: deploymentId,
+      agentId,
+      config: {
+        autoRestart: config.autoRestart !== false,
+        maxRetries: config.maxRetries || 5,
+        healthCheckInterval: config.healthCheckInterval || 60_000,
+        resources: {
+          maxMemory: config.maxMemory || 256 * 1024 * 1024,
+          maxCpu: config.maxCpu || 80,   // percentage
+          maxTasks: config.maxTasks || 10,
+        },
+        environment: config.environment || 'production',
+        version: config.version || '1.0.0',
+      },
+      status: 'deployed',
+      restartCount: 0,
+      deployedAt: Date.now(),
+      lastHealthCheck: null,
+    };
+
+    this._deployments.set(deploymentId, deployment);
+    bus.emit('agent.deployed', { agentId, deploymentId });
+
+    return deployment;
+  }
+
+  /**
+   * Assign agent to sites
+   */
+  assign(agentId, siteIds) {
+    if (!this._assignments.has(agentId)) this._assignments.set(agentId, new Set());
+    const set = this._assignments.get(agentId);
+    for (const siteId of siteIds) set.add(siteId);
+    bus.emit('agent.assigned', { agentId, sites: siteIds });
+  }
+
+  /**
+   * Unassign agent from sites
+   */
+  unassign(agentId, siteIds) {
+    const set = this._assignments.get(agentId);
+    if (!set) return;
+    for (const siteId of siteIds) set.delete(siteId);
+  }
+
+  /**
+   * Get sites assigned to an agent
+   */
+  getAssignments(agentId) {
+    const set = this._assignments.get(agentId);
+    return set ? [...set] : [];
+  }
+
+  /**
+   * Record a health check
+   */
+  recordHealthCheck(agentId, health) {
+    this._healthChecks.set(agentId, {
+      ...health,
+      timestamp: Date.now(),
+      status: health.healthy ? 'healthy' : 'unhealthy',
+    });
+
+    if (!health.healthy) {
+      bus.emit('agent.unhealthy', { agentId, reason: health.reason || 'unknown' });
+    }
+  }
+
+  /**
+   * Get agent health
+   */
+  getHealth(agentId) {
+    return this._healthChecks.get(agentId) || null;
+  }
+
+  /**
+   * Undeploy an agent
+   */
+  undeploy(deploymentId) {
+    const deployment = this._deployments.get(deploymentId);
+    if (deployment) {
+      deployment.status = 'undeployed';
+      bus.emit('agent.undeployed', { agentId: deployment.agentId, deploymentId });
+    }
+  }
+
+  /**
+   * List all deployments
+   */
+  listDeployments(filter = {}) {
+    const result = [];
+    for (const [, d] of this._deployments) {
+      if (filter.status && d.status !== filter.status) continue;
+      if (filter.agentId && d.agentId !== filter.agentId) continue;
+      result.push(d);
+    }
+    return result;
+  }
+}
+
+// ─── Policy Engine ──────────────────────────────────────────────────────────
+
+class PolicyEngine {
+  constructor() {
+    this._policies = new Map();    // policyId → policy definition
+    this._bindings = new Map();    // entityId → Set<policyId>
+  }
+
+  /**
+   * Create a policy
+   */
+  createPolicy(policy) {
+    const policyId = `policy_${crypto.randomBytes(12).toString('hex')}`;
+    const def = {
+      id: policyId,
+      name: policy.name || 'Unnamed Policy',
+      description: policy.description || '',
+      type: policy.type || 'agent', // agent, site, global
+
+      // Rules
+      rules: (policy.rules || []).map(r => ({
+        id: `rule_${crypto.randomBytes(6).toString('hex')}`,
+        action: r.action, // allow, deny, require
+        resource: r.resource, // capability, selector, domain, rate
+        condition: r.condition || {}, // { equals, contains, pattern, min, max }
+        effect: r.effect || 'deny', // allow, deny, audit
+      })),
+
+      // Rate limits
+      rateLimit: policy.rateLimit || null,
+
+      // Time constraints
+      schedule: policy.schedule || null, // { start, end, timezone, days: [] }
+
+      priority: policy.priority || 0,
+      enabled: policy.enabled !== false,
+      createdAt: Date.now(),
+    };
+
+    this._policies.set(policyId, def);
+    return def;
+  }
+
+  /**
+   * Bind a policy to an entity (agent, site, global)
+   */
+  bind(entityId, policyId) {
+    if (!this._bindings.has(entityId)) this._bindings.set(entityId, new Set());
+    this._bindings.get(entityId).add(policyId);
+  }
+
+  /**
+   * Unbind a policy
+   */
+  unbind(entityId, policyId) {
+    const bindings = this._bindings.get(entityId);
+    if (bindings) bindings.delete(policyId);
+  }
+
+  /**
+   * Evaluate policies for an entity against an action
+   */
+  evaluate(entityId, action, context = {}) {
+    const policyIds = this._bindings.get(entityId) || new Set();
+    const globalIds = this._bindings.get('*') || new Set();
+    const allIds = new Set([...policyIds, ...globalIds]);
+
+    const results = [];
+    let finalEffect = 'allow'; // default allow
+
+    // Sort policies by priority
+    const policies = [];
+    for (const pid of allIds) {
+      const policy = this._policies.get(pid);
+      if (policy && policy.enabled) policies.push(policy);
+    }
+    policies.sort((a, b) => b.priority - a.priority);
+
+    for (const policy of policies) {
+      for (const rule of policy.rules) {
+        if (rule.action !== action && rule.action !== '*') continue;
+
+        const match = this._evaluateCondition(rule.condition, context);
+        if (match) {
+          results.push({
+            policyId: policy.id,
+            policyName: policy.name,
+            ruleId: rule.id,
+            effect: rule.effect,
+            resource: rule.resource,
+          });
+
+          if (rule.effect === 'deny') finalEffect = 'deny';
+        }
+      }
+    }
+
+    return {
+      allowed: finalEffect === 'allow',
+      effect: finalEffect,
+      evaluatedPolicies: results,
+    };
+  }
+
+  /**
+   * Evaluate a rule condition
+   */
+  _evaluateCondition(condition, context) {
+    if (!condition || Object.keys(condition).length === 0) return true;
+
+    for (const [key, value] of Object.entries(condition)) {
+      const contextValue = context[key];
+      if (contextValue === undefined) return false;
+
+      if (typeof value === 'object' && value !== null) {
+        if (value.equals !== undefined && contextValue !== value.equals) return false;
+        if (value.contains && !String(contextValue).includes(value.contains)) return false;
+        if (value.pattern && !new RegExp(value.pattern).test(String(contextValue))) return false;
+        if (value.min !== undefined && contextValue < value.min) return false;
+        if (value.max !== undefined && contextValue > value.max) return false;
+        if (value.in && !value.in.includes(contextValue)) return false;
+      } else {
+        if (contextValue !== value) return false;
+      }
+    }
+    return true;
+  }
+
+  /**
+   * Get policy
+   */
+  getPolicy(policyId) {
+    return this._policies.get(policyId) || null;
+  }
+
+  /**
+   * List policies
+   */
+  listPolicies(entityId) {
+    if (entityId) {
+      const ids = this._bindings.get(entityId) || new Set();
+      return [...ids].map(id => this._policies.get(id)).filter(Boolean);
+    }
+    return Array.from(this._policies.values());
+  }
+
+  /**
+   * Delete a policy
+   */
+  deletePolicy(policyId) {
+    this._policies.delete(policyId);
+    for (const [, bindings] of this._bindings) {
+      bindings.delete(policyId);
+    }
+  }
+}
+
+// ─── Singletons ─────────────────────────────────────────────────────────────
+
+const agentManager = new AgentManager();
+const policyEngine = new PolicyEngine();
+
+module.exports = { AgentManager, PolicyEngine, agentManager, policyEngine };

package/server/data-plane/index.js

@@ -0,0 +1,354 @@
+'use strict';
+
+/**
+ * WAB Data Plane
+ *
+ * Execution engine that actually does the work:
+ * - Browser automation (via puppeteer/playwright or bridge)
+ * - API execution
+ * - Workflow orchestration
+ * - DOM abstraction (semantic actions instead of raw selectors)
+ *
+ * The Data Plane only executes what the Control Plane authorizes.
+ */
+
+const { bus } = require('../runtime/event-bus');
+const { tracer, metrics } = require('../observability');
+const { isolation } = require('../security');
+
+// ─── Semantic DOM Abstraction ───────────────────────────────────────────────
+
+/**
+ * Maps semantic actions to site-specific implementations.
+ * Instead of click('.add-to-cart'), you call execute('checkout.addItem', { productId })
+ */
+class SemanticActionResolver {
+  constructor() {
+    this._mappings = new Map(); // `${domain}:${semanticAction}` → implementation
+    this._defaults = new Map(); // semanticAction → default implementation
+  }
+
+  /**
+   * Register a semantic action mapping for a domain
+   */
+  register(domain, semanticAction, implementation) {
+    const key = `${domain}:${semanticAction}`;
+    this._mappings.set(key, {
+      domain,
+      action: semanticAction,
+      selector: implementation.selector || null,
+      handler: implementation.handler || null,
+      params: implementation.params || {},
+      strategy: implementation.strategy || 'selector', // selector, handler, api
+      confidence: implementation.confidence || 1.0,
+      lastVerified: Date.now(),
+    });
+  }
+
+  /**
+   * Register a default semantic action (fallback)
+   */
+  registerDefault(semanticAction, implementation) {
+    this._defaults.set(semanticAction, implementation);
+  }
+
+  /**
+   * Resolve a semantic action to a concrete implementation
+   */
+  resolve(domain, semanticAction) {
+    const key = `${domain}:${semanticAction}`;
+    let impl = this._mappings.get(key);
+
+    // Try wildcard domain
+    if (!impl) {
+      const wildKey = `*:${semanticAction}`;
+      impl = this._mappings.get(wildKey);
+    }
+
+    // Try default
+    if (!impl) {
+      impl = this._defaults.get(semanticAction);
+    }
+
+    return impl || null;
+  }
+
+  /**
+   * List all semantic actions for a domain
+   */
+  listActions(domain) {
+    const actions = [];
+    for (const [key, impl] of this._mappings) {
+      if (key.startsWith(`${domain}:`) || key.startsWith('*:')) {
+        actions.push({
+          action: impl.action,
+          domain: impl.domain,
+          strategy: impl.strategy,
+          confidence: impl.confidence,
+        });
+      }
+    }
+    return actions;
+  }
+}
+
+// ─── Task Executor ──────────────────────────────────────────────────────────
+
+class Executor {
+  constructor() {
+    this._resolver = new SemanticActionResolver();
+    this._handlers = new Map();
+    this._stats = { executed: 0, succeeded: 0, failed: 0 };
+
+    // Register built-in semantic actions defaults
+    this._registerDefaults();
+  }
+
+  get resolver() { return this._resolver; }
+
+  /**
+   * Register an execution handler
+   */
+  registerHandler(type, handler) {
+    this._handlers.set(type, handler);
+  }
+
+  /**
+   * Execute a task
+   */
+  async execute(task, context = {}) {
+    const { traceId, spanId } = tracer.startTrace(`execute:${task.type || 'general'}`);
+    const endTimer = metrics.startTimer('executor.task.duration', { type: task.type || 'general' });
+
+    try {
+      // Check site isolation
+      if (task.siteId && task.agentId) {
+        if (!isolation.canAccess(task.siteId, task.agentId)) {
+          throw new Error(`Agent ${task.agentId} denied access to site ${task.siteId}`);
+        }
+        isolation.enter(task.siteId, task.agentId);
+      }
+
+      let result;
+
+      // Route to handler based on task type
+      const handler = this._handlers.get(task.type);
+      if (handler) {
+        result = await handler(task, { ...context, traceId, spanId, resolver: this._resolver });
+      } else if (task.type === 'semantic') {
+        result = await this._executeSemantic(task, traceId);
+      } else if (task.type === 'pipeline') {
+        result = await this._executePipeline(task, traceId);
+      } else if (task.type === 'parallel') {
+        result = await this._executeParallel(task, traceId);
+      } else {
+        throw new Error(`Unknown task type: ${task.type}`);
+      }
+
+      this._stats.executed++;
+      this._stats.succeeded++;
+      metrics.increment('executor.tasks.success', 1, { type: task.type });
+
+      tracer.endSpan(traceId, spanId, { success: true });
+      endTimer();
+
+      bus.emit('executor.completed', {
+        taskId: task.id,
+        type: task.type,
+        traceId,
+        duration: endTimer(),
+      });
+
+      return { success: true, result, traceId };
+    } catch (err) {
+      this._stats.executed++;
+      this._stats.failed++;
+      metrics.increment('executor.tasks.failure', 1, { type: task.type });
+
+      tracer.endSpan(traceId, spanId, { error: err.message });
+      endTimer();
+
+      bus.emit('executor.failed', {
+        taskId: task.id,
+        type: task.type,
+        error: err.message,
+        traceId,
+      });
+
+      return { success: false, error: err.message, traceId };
+    } finally {
+      // Leave site isolation
+      if (task.siteId && task.agentId) {
+        isolation.leave(task.siteId, task.agentId);
+      }
+    }
+  }
+
+  /**
+   * Execute a semantic action (domain.action instead of raw selector)
+   */
+  async _executeSemantic(task, traceId) {
+    const { domain, action, params } = task;
+    if (!domain || !action) throw new Error('Semantic tasks require domain and action');
+
+    const span = tracer.startSpan(traceId, `semantic:${domain}.${action}`);
+
+    const impl = this._resolver.resolve(task.siteDomain || '*', `${domain}.${action}`);
+    if (!impl) {
+      tracer.endSpan(traceId, span.id, { error: 'No implementation' });
+      throw new Error(`No semantic action found: ${domain}.${action}`);
+    }
+
+    tracer.addEvent(traceId, span.id, 'resolved', {
+      strategy: impl.strategy,
+      confidence: impl.confidence,
+    });
+
+    let result;
+    if (impl.strategy === 'handler' && impl.handler) {
+      result = await impl.handler(params);
+    } else if (impl.strategy === 'api') {
+      result = { delegated: 'api', endpoint: impl.selector, params };
+    } else {
+      result = {
+        resolvedSelector: impl.selector,
+        params: { ...impl.params, ...params },
+        confidence: impl.confidence,
+      };
+    }
+
+    tracer.endSpan(traceId, span.id, { success: true });
+    return result;
+  }
+
+  /**
+   * Execute a pipeline (sequential steps)
+   */
+  async _executePipeline(task, traceId) {
+    const steps = task.steps || [];
+    const results = [];
+    let previousResult = null;
+
+    for (let i = 0; i < steps.length; i++) {
+      const step = steps[i];
+      const span = tracer.startSpan(traceId, `pipeline:step:${i}:${step.action || step.type}`);
+
+      try {
+        const stepTask = {
+          ...step,
+          type: step.type || 'semantic',
+          input: previousResult,
+          siteId: task.siteId,
+          agentId: task.agentId,
+          siteDomain: task.siteDomain,
+        };
+
+        const result = await this.execute(stepTask, { parentTraceId: traceId });
+        previousResult = result.result;
+        results.push({ step: i, success: true, result: result.result });
+
+        tracer.endSpan(traceId, span.id, { success: true });
+
+        if (!result.success && (task.stopOnError !== false)) {
+          throw new Error(`Pipeline step ${i} failed: ${result.error}`);
+        }
+      } catch (err) {
+        tracer.endSpan(traceId, span.id, { error: err.message });
+        results.push({ step: i, success: false, error: err.message });
+        if (task.stopOnError !== false) throw err;
+      }
+    }
+
+    return { steps: results, totalSteps: steps.length };
+  }
+
+  /**
+   * Execute tasks in parallel
+   */
+  async _executeParallel(task, traceId) {
+    const tasks = task.tasks || [];
+    const span = tracer.startSpan(traceId, `parallel:${tasks.length}_tasks`);
+
+    const promises = tasks.map((t, i) => {
+      const subTask = {
+        ...t,
+        type: t.type || 'semantic',
+        siteId: task.siteId,
+        agentId: task.agentId,
+        siteDomain: task.siteDomain,
+      };
+      return this.execute(subTask, { parentTraceId: traceId })
+        .then(r => ({ index: i, ...r }))
+        .catch(e => ({ index: i, success: false, error: e.message }));
+    });
+
+    const results = await Promise.all(promises);
+    tracer.endSpan(traceId, span.id, { success: true, count: results.length });
+
+    return { results, totalTasks: tasks.length };
+  }
+
+  /**
+   * Register default semantic actions
+   */
+  _registerDefaults() {
+    // Commerce domain
+    this._resolver.registerDefault('checkout.addItem', {
+      selector: '[data-action="add-to-cart"], .add-to-cart, #add-to-cart',
+      strategy: 'selector',
+      confidence: 0.8,
+    });
+
+    this._resolver.registerDefault('checkout.viewCart', {
+      selector: '[data-action="view-cart"], .cart-icon, #cart',
+      strategy: 'selector',
+      confidence: 0.7,
+    });
+
+    this._resolver.registerDefault('checkout.submit', {
+      selector: '[data-action="checkout"], .checkout-btn, #checkout',
+      strategy: 'selector',
+      confidence: 0.7,
+    });
+
+    this._resolver.registerDefault('search.query', {
+      selector: 'input[type="search"], input[name="q"], #search',
+      strategy: 'selector',
+      confidence: 0.8,
+    });
+
+    this._resolver.registerDefault('search.submit', {
+      selector: 'button[type="submit"], .search-btn',
+      strategy: 'selector',
+      confidence: 0.7,
+    });
+
+    this._resolver.registerDefault('auth.login', {
+      selector: 'form[action*="login"], #login-form',
+      strategy: 'selector',
+      confidence: 0.7,
+    });
+
+    this._resolver.registerDefault('navigation.next', {
+      selector: 'a[rel="next"], .next-page, .pagination .next',
+      strategy: 'selector',
+      confidence: 0.7,
+    });
+
+    this._resolver.registerDefault('content.read', {
+      selector: 'main, article, .content, #content',
+      strategy: 'selector',
+      confidence: 0.8,
+    });
+  }
+
+  getStats() {
+    return { ...this._stats };
+  }
+}
+
+// ─── Singleton ──────────────────────────────────────────────────────────────
+
+const executor = new Executor();
+
+module.exports = { Executor, SemanticActionResolver, executor };

package/server/index.js

@@ -32,6 +32,7 @@ const premiumRoutes = require('./routes/premium');
 const adminPremiumRoutes = require('./routes/admin-premium');
 const workspaceRoutes = require('./routes/agent-workspace');
 const universalRoutes = require('./routes/universal');
+const runtimeRoutes = require('./routes/runtime');
 const { handleWebhookRequest } = require('./services/stripe');
 
 const app = express();
@@ -138,6 +139,7 @@ app.use('/api/premium', apiLimiter, premiumRoutes);
 app.use('/api/admin/premium', apiLimiter, adminPremiumRoutes);
 app.use('/api/workspace', apiLimiter, workspaceRoutes);
 app.use('/api/universal', apiLimiter, universalRoutes);
+app.use('/api/os', apiLimiter, runtimeRoutes);
 
 // ─── WAB Search Engine ────────────────────────────────────────────────