web-agent-bridge 2.5.0 → 2.6.0

package/server/routes/runtime.js

@@ -19,11 +19,86 @@ const router = express.Router();
 const protocol = require('../protocol');
 const { runtime, bus } = require('../runtime');
 const { logger, tracer, metrics } = require('../observability');
+const { failureAnalyzer } = require('../observability/failure-analysis');
 const { identity, signer, isolation } = require('../security');
 const { agentManager, policyEngine } = require('../control-plane');
 const { executor } = require('../data-plane');
 const { llm } = require('../llm');
 const { commandRegistry, siteRegistry, templateRegistry } = require('../registry');
+const { certificationEngine } = require('../registry/certification');
+const { adapterManager, mcpAdapter, restAdapter, browserAdapter } = require('../adapters');
+const { replayEngine } = require('../runtime/replay');
+const { sessionEngine } = require('../runtime/session-engine');
+
+// ═══════════════════════════════════════════════════════════════════════════
+// AUTH MIDDLEWARE
+// ═══════════════════════════════════════════════════════════════════════════
+
+/**
+ * Authenticate requests via API key or session token.
+ * Public endpoints (protocol info, agent registration, health) bypass auth.
+ */
+const PUBLIC_PATHS = [
+  '/protocol',
+  '/agents/register',
+  '/agents/authenticate',
+  '/observability/health',
+  '/llm/models',
+  '/llm/status',
+  '/registry/commands',
+  '/registry/sites',
+  '/registry/templates',
+];
+
+function authMiddleware(req, res, next) {
+  // Allow public GET endpoints
+  const matchesPublic = PUBLIC_PATHS.some(p =>
+    req.path === p || (req.method === 'GET' && req.path.startsWith(p))
+  );
+  if (matchesPublic) return next();
+
+  // Check session token
+  const authHeader = req.headers['authorization'];
+  if (authHeader && authHeader.startsWith('Bearer ')) {
+    const token = authHeader.slice(7);
+    const session = identity.validateSession(token);
+    if (session) {
+      req.agentId = session.agentId;
+      req.session = session;
+      return next();
+    }
+  }
+
+  // Check API key
+  const apiKey = req.headers['x-wab-key'];
+  if (apiKey) {
+    const ip = req.ip || req.connection?.remoteAddress;
+    const session = identity.authenticate(apiKey, ip);
+    if (session) {
+      req.agentId = session.agentId;
+      req.session = session;
+      return next();
+    }
+  }
+
+  // Check agent ID header (for internal/trusted calls)
+  const agentHeader = req.headers['x-wab-agent'];
+  if (agentHeader) {
+    const agent = identity.getAgent(agentHeader);
+    if (agent && agent.status === 'active') {
+      req.agentId = agentHeader;
+      return next();
+    }
+  }
+
+  // No auth on non-mutation GET requests (read-only)
+  if (req.method === 'GET') return next();
+
+  metrics.increment('auth.rejected');
+  return res.status(401).json({ error: 'Authentication required. Provide X-WAB-Key or Authorization: Bearer <token>' });
+}
+
+router.use(authMiddleware);
 
 // ═══════════════════════════════════════════════════════════════════════════
 // PROTOCOL ENDPOINTS
@@ -443,6 +518,11 @@ router.get('/observability/health', (req, res) => {
   };
   health.executor = executor.getStats();
   health.llm = llm.getStatus();
+  health.adapters = adapterManager.getStats();
+  health.replay = replayEngine.getStats();
+  health.sessions = sessionEngine.getStats();
+  health.failures = failureAnalyzer.getStats();
+  health.certification = certificationEngine.getStats();
   res.json(health);
 });
 
@@ -722,4 +802,335 @@ protocolHandler.handle('wab.commerce.compare', async (payload) => {
   });
 });
 
+// ═══════════════════════════════════════════════════════════════════════════
+// ADAPTERS
+// ═══════════════════════════════════════════════════════════════════════════
+
+/**
+ * List adapters
+ */
+router.get('/adapters', (req, res) => {
+  res.json({ adapters: adapterManager.list() });
+});
+
+/**
+ * Adapter stats
+ */
+router.get('/adapters/stats', (req, res) => {
+  res.json(adapterManager.getStats());
+});
+
+/**
+ * MCP: list tools
+ */
+router.get('/adapters/mcp/tools', (req, res) => {
+  const commands = protocol.schema.listCommands();
+  res.json(mcpAdapter.handleListTools(commands));
+});
+
+/**
+ * MCP: call tool
+ */
+router.post('/adapters/mcp/call', async (req, res) => {
+  try {
+    const result = await mcpAdapter.handleCallTool(req.body, async (wapReq) => {
+      const request = protocol.createRequest(wapReq.command, wapReq.payload);
+      return protocolHandler.process(request);
+    });
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+/**
+ * REST adapter: register endpoint
+ */
+router.post('/adapters/rest/endpoints', (req, res) => {
+  try {
+    const endpoint = restAdapter.registerEndpoint(req.body.id, req.body);
+    res.json(endpoint);
+  } catch (err) {
+    res.status(400).json({ error: err.message });
+  }
+});
+
+/**
+ * REST adapter: list endpoints
+ */
+router.get('/adapters/rest/endpoints', (req, res) => {
+  res.json({ endpoints: restAdapter.listEndpoints() });
+});
+
+/**
+ * REST adapter: execute
+ */
+router.post('/adapters/rest/execute', async (req, res) => {
+  try {
+    const result = await restAdapter.execute(req.body.endpoint, req.body.params);
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+/**
+ * Browser adapter: list semantic mappings
+ */
+router.get('/adapters/browser/mappings', (req, res) => {
+  res.json({ mappings: browserAdapter.listMappings() });
+});
+
+/**
+ * Browser adapter: resolve semantic action
+ */
+router.post('/adapters/browser/resolve', (req, res) => {
+  const { domain, action, params } = req.body;
+  const plan = browserAdapter.fromWAP({ domain, action, params });
+  if (!plan) return res.status(404).json({ error: 'No mapping for this semantic action' });
+  res.json(plan);
+});
+
+/**
+ * Browser adapter: register mapping
+ */
+router.post('/adapters/browser/mappings', (req, res) => {
+  const { domainAction, plan } = req.body;
+  if (!domainAction || !plan) return res.status(400).json({ error: 'domainAction and plan required' });
+  browserAdapter.registerMapping(domainAction, plan);
+  res.json({ success: true });
+});
+
+// ═══════════════════════════════════════════════════════════════════════════
+// REPLAY ENGINE
+// ═══════════════════════════════════════════════════════════════════════════
+
+/**
+ * List recordings
+ */
+router.get('/replay/recordings', (req, res) => {
+  res.json({ recordings: replayEngine.listRecordings(parseInt(req.query.limit) || 50) });
+});
+
+/**
+ * Get recording
+ */
+router.get('/replay/recordings/:taskId', (req, res) => {
+  const rec = replayEngine.getRecording(req.params.taskId);
+  if (!rec) return res.status(404).json({ error: 'Recording not found' });
+  res.json(rec);
+});
+
+/**
+ * Replay a task
+ */
+router.post('/replay/:taskId', async (req, res) => {
+  try {
+    const result = await replayEngine.replay(req.params.taskId, {
+      verify: req.body.verify !== false,
+      continueOnMismatch: !!req.body.continueOnMismatch,
+    });
+    res.json(result);
+  } catch (err) {
+    res.status(400).json({ error: err.message });
+  }
+});
+
+/**
+ * Diff two recordings
+ */
+router.get('/replay/diff/:taskId1/:taskId2', (req, res) => {
+  const diff = replayEngine.diff(req.params.taskId1, req.params.taskId2);
+  if (!diff) return res.status(404).json({ error: 'One or both recordings not found' });
+  res.json(diff);
+});
+
+/**
+ * Replay stats
+ */
+router.get('/replay/stats', (req, res) => {
+  res.json(replayEngine.getStats());
+});
+
+// ═══════════════════════════════════════════════════════════════════════════
+// SESSION ENGINE
+// ═══════════════════════════════════════════════════════════════════════════
+
+/**
+ * Create browser session
+ */
+router.post('/sessions', (req, res) => {
+  const session = sessionEngine.create(req.body);
+  res.json(session);
+});
+
+/**
+ * List sessions
+ */
+router.get('/sessions', (req, res) => {
+  const sessions = sessionEngine.list({
+    agentId: req.query.agentId,
+    siteId: req.query.siteId,
+    state: req.query.state,
+  }, parseInt(req.query.limit) || 50);
+  res.json({ sessions, total: sessions.length });
+});
+
+/**
+ * Get session
+ */
+router.get('/sessions/:sessionId', (req, res) => {
+  const session = sessionEngine.get(req.params.sessionId);
+  if (!session) return res.status(404).json({ error: 'Session not found or expired' });
+  res.json(session);
+});
+
+/**
+ * Export session
+ */
+router.get('/sessions/:sessionId/export', (req, res) => {
+  const data = sessionEngine.export(req.params.sessionId);
+  if (!data) return res.status(404).json({ error: 'Session not found' });
+  res.json(data);
+});
+
+/**
+ * Import session
+ */
+router.post('/sessions/import', (req, res) => {
+  const session = sessionEngine.import(req.body);
+  res.json(session);
+});
+
+/**
+ * Set cookies
+ */
+router.post('/sessions/:sessionId/cookies', (req, res) => {
+  sessionEngine.setCookies(req.params.sessionId, req.body.cookies || []);
+  res.json({ success: true });
+});
+
+/**
+ * Get cookies
+ */
+router.get('/sessions/:sessionId/cookies', (req, res) => {
+  const cookies = sessionEngine.getCookies(req.params.sessionId, req.query.domain);
+  res.json({ cookies });
+});
+
+/**
+ * Set storage
+ */
+router.post('/sessions/:sessionId/storage', (req, res) => {
+  const { key, value, type } = req.body;
+  sessionEngine.setStorage(req.params.sessionId, key, value, type);
+  res.json({ success: true });
+});
+
+/**
+ * Destroy session
+ */
+router.delete('/sessions/:sessionId', (req, res) => {
+  sessionEngine.destroy(req.params.sessionId);
+  res.json({ success: true });
+});
+
+// ═══════════════════════════════════════════════════════════════════════════
+// FAILURE ANALYSIS
+// ═══════════════════════════════════════════════════════════════════════════
+
+/**
+ * Query failures
+ */
+router.get('/failures', (req, res) => {
+  const failures = failureAnalyzer.query({
+    classification: req.query.classification,
+    severity: req.query.severity,
+    agentId: req.query.agentId,
+    taskId: req.query.taskId,
+    retryable: req.query.retryable === 'true' ? true : req.query.retryable === 'false' ? false : undefined,
+    since: parseInt(req.query.since) || undefined,
+  }, parseInt(req.query.limit) || 50);
+  res.json({ failures, total: failures.length });
+});
+
+/**
+ * Get failure
+ */
+router.get('/failures/:failureId', (req, res) => {
+  const failure = failureAnalyzer.getFailure(req.params.failureId);
+  if (!failure) return res.status(404).json({ error: 'Failure not found' });
+  res.json(failure);
+});
+
+/**
+ * Get failure patterns
+ */
+router.get('/failures/analysis/patterns', (req, res) => {
+  res.json({ patterns: failureAnalyzer.getPatterns() });
+});
+
+/**
+ * Get failure summary
+ */
+router.get('/failures/analysis/summary', (req, res) => {
+  res.json(failureAnalyzer.getSummary(parseInt(req.query.since) || 0));
+});
+
+/**
+ * Classify a failure manually
+ */
+router.post('/failures/classify', (req, res) => {
+  const { error, context } = req.body;
+  if (!error) return res.status(400).json({ error: 'error object required' });
+  const classification = failureAnalyzer.classify(error, context || {});
+  res.json(classification);
+});
+
+// ═══════════════════════════════════════════════════════════════════════════
+// CERTIFICATION
+// ═══════════════════════════════════════════════════════════════════════════
+
+/**
+ * Verify a site
+ */
+router.post('/certification/verify', async (req, res) => {
+  try {
+    const { domain, probeData } = req.body;
+    if (!domain) return res.status(400).json({ error: 'domain required' });
+    const result = await certificationEngine.verify(domain, probeData || {});
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+/**
+ * Get certificate
+ */
+router.get('/certification/:domain', (req, res) => {
+  const cert = certificationEngine.getCertificate(req.params.domain);
+  if (!cert) return res.status(404).json({ error: 'No active certificate for this domain' });
+  res.json(cert);
+});
+
+/**
+ * List certificates
+ */
+router.get('/certification', (req, res) => {
+  const certs = certificationEngine.listCertificates({
+    level: req.query.level,
+    minScore: parseInt(req.query.minScore) || undefined,
+  }, parseInt(req.query.limit) || 50);
+  res.json({ certificates: certs, total: certs.length });
+});
+
+/**
+ * Revoke certificate
+ */
+router.delete('/certification/:domain', (req, res) => {
+  certificationEngine.revoke(req.params.domain);
+  res.json({ success: true });
+});
+
 module.exports = router;

package/server/runtime/replay.js

@@ -0,0 +1,264 @@
+'use strict';
+
+/**
+ * Deterministic Replay Engine
+ *
+ * Records all task inputs/outputs/side-effects for deterministic replay.
+ * Enables debugging, testing, and verification of agent workflows.
+ */
+
+const crypto = require('crypto');
+const { bus } = require('../runtime/event-bus');
+
+class ReplayEngine {
+  constructor() {
+    this._recordings = new Map();  // taskId → Recording
+    this._maxRecordings = 5000;
+    this._recordingEnabled = true;
+  }
+
+  /**
+   * Start recording a task execution
+   */
+  startRecording(taskId, input) {
+    if (!this._recordingEnabled) return null;
+
+    const recording = {
+      id: `rec_${crypto.randomBytes(8).toString('hex')}`,
+      taskId,
+      input: this._deepClone(input),
+      steps: [],
+      sideEffects: [],
+      startedAt: Date.now(),
+      completedAt: null,
+      output: null,
+      error: null,
+      checksum: null,
+      replayable: true,
+    };
+
+    this._recordings.set(taskId, recording);
+    this._evict();
+    return recording.id;
+  }
+
+  /**
+   * Record a step in the execution
+   */
+  recordStep(taskId, step) {
+    const rec = this._recordings.get(taskId);
+    if (!rec) return;
+
+    rec.steps.push({
+      index: rec.steps.length,
+      type: step.type,
+      action: step.action,
+      input: this._deepClone(step.input),
+      output: this._deepClone(step.output),
+      duration: step.duration || 0,
+      timestamp: Date.now(),
+    });
+  }
+
+  /**
+   * Record a side effect (network call, DOM mutation, storage write, etc.)
+   */
+  recordSideEffect(taskId, effect) {
+    const rec = this._recordings.get(taskId);
+    if (!rec) return;
+
+    rec.sideEffects.push({
+      index: rec.sideEffects.length,
+      type: effect.type,    // 'network', 'dom', 'storage', 'event'
+      target: effect.target,
+      data: this._deepClone(effect.data),
+      timestamp: Date.now(),
+      reversible: effect.reversible !== false,
+    });
+  }
+
+  /**
+   * Complete a recording
+   */
+  completeRecording(taskId, output, error = null) {
+    const rec = this._recordings.get(taskId);
+    if (!rec) return null;
+
+    rec.completedAt = Date.now();
+    rec.output = this._deepClone(output);
+    rec.error = error ? { message: error.message, code: error.code } : null;
+    rec.checksum = this._computeChecksum(rec);
+
+    bus.emit('replay.recording.complete', { taskId, recordingId: rec.id, steps: rec.steps.length });
+    return rec;
+  }
+
+  /**
+   * Replay a recorded task
+   * Returns the replay plan (steps to execute) with recorded outputs for verification
+   */
+  async replay(taskId, options = {}) {
+    const rec = this._recordings.get(taskId);
+    if (!rec) throw new Error(`No recording found for task ${taskId}`);
+    if (!rec.completedAt) throw new Error('Recording not yet complete');
+
+    const replayResult = {
+      recordingId: rec.id,
+      taskId,
+      originalInput: rec.input,
+      originalOutput: rec.output,
+      steps: [],
+      match: true,
+      verificationMode: options.verify !== false,
+      replayedAt: Date.now(),
+    };
+
+    // In verification mode, run each step and compare outputs
+    if (options.executor && options.verify !== false) {
+      for (const step of rec.steps) {
+        try {
+          const replayOutput = await options.executor(step);
+          const outputMatch = this._deepEqual(step.output, replayOutput);
+
+          replayResult.steps.push({
+            index: step.index,
+            action: step.action,
+            originalOutput: step.output,
+            replayOutput,
+            match: outputMatch,
+          });
+
+          if (!outputMatch) {
+            replayResult.match = false;
+            if (!options.continueOnMismatch) break;
+          }
+        } catch (err) {
+          replayResult.steps.push({
+            index: step.index,
+            action: step.action,
+            error: err.message,
+            match: false,
+          });
+          replayResult.match = false;
+          if (!options.continueOnMismatch) break;
+        }
+      }
+    } else {
+      // Dry-run mode: just return the recorded steps
+      replayResult.steps = rec.steps.map(s => ({
+        index: s.index,
+        action: s.action,
+        input: s.input,
+        output: s.output,
+        duration: s.duration,
+      }));
+    }
+
+    bus.emit('replay.completed', { taskId, match: replayResult.match });
+    return replayResult;
+  }
+
+  /**
+   * Get recording
+   */
+  getRecording(taskId) {
+    return this._recordings.get(taskId) || null;
+  }
+
+  /**
+   * List recordings
+   */
+  listRecordings(limit = 50) {
+    const all = Array.from(this._recordings.values());
+    return all.slice(-limit).reverse().map(r => ({
+      id: r.id,
+      taskId: r.taskId,
+      steps: r.steps.length,
+      sideEffects: r.sideEffects.length,
+      startedAt: r.startedAt,
+      completedAt: r.completedAt,
+      hasError: !!r.error,
+      checksum: r.checksum,
+    }));
+  }
+
+  /**
+   * Compare two recordings
+   */
+  diff(taskId1, taskId2) {
+    const r1 = this._recordings.get(taskId1);
+    const r2 = this._recordings.get(taskId2);
+    if (!r1 || !r2) return null;
+
+    const diffs = [];
+    const maxSteps = Math.max(r1.steps.length, r2.steps.length);
+
+    for (let i = 0; i < maxSteps; i++) {
+      const s1 = r1.steps[i];
+      const s2 = r2.steps[i];
+
+      if (!s1 || !s2) {
+        diffs.push({ index: i, type: 'missing', in: s1 ? 'recording2' : 'recording1' });
+      } else if (!this._deepEqual(s1.output, s2.output)) {
+        diffs.push({ index: i, type: 'output_mismatch', action: s1.action, output1: s1.output, output2: s2.output });
+      }
+    }
+
+    return {
+      match: diffs.length === 0,
+      inputMatch: this._deepEqual(r1.input, r2.input),
+      outputMatch: this._deepEqual(r1.output, r2.output),
+      diffs,
+    };
+  }
+
+  /**
+   * Enable/disable recording
+   */
+  setEnabled(enabled) {
+    this._recordingEnabled = enabled;
+  }
+
+  getStats() {
+    return {
+      totalRecordings: this._recordings.size,
+      enabled: this._recordingEnabled,
+      maxRecordings: this._maxRecordings,
+    };
+  }
+
+  // ── Internal ──
+
+  _computeChecksum(rec) {
+    const data = JSON.stringify({
+      input: rec.input,
+      steps: rec.steps.map(s => ({ action: s.action, output: s.output })),
+      output: rec.output,
+    });
+    return crypto.createHash('sha256').update(data).digest('hex').slice(0, 16);
+  }
+
+  _deepClone(obj) {
+    if (obj === undefined || obj === null) return obj;
+    try {
+      return JSON.parse(JSON.stringify(obj));
+    } catch {
+      return obj;
+    }
+  }
+
+  _deepEqual(a, b) {
+    return JSON.stringify(a) === JSON.stringify(b);
+  }
+
+  _evict() {
+    if (this._recordings.size <= this._maxRecordings) return;
+    const keys = Array.from(this._recordings.keys());
+    const toRemove = keys.slice(0, keys.length - this._maxRecordings);
+    for (const k of toRemove) this._recordings.delete(k);
+  }
+}
+
+const replayEngine = new ReplayEngine();
+
+module.exports = { ReplayEngine, replayEngine };