web-agent-bridge 2.5.0 → 2.7.0

package/server/config/plans.js

@@ -0,0 +1,367 @@
+'use strict';
+
+/**
+ * WAB Business Model Configuration
+ *
+ * Defines what is OPEN (free core for adoption) and what is CLOSED (paid for revenue).
+ *
+ * Principle: "Open what creates network effects. Close what creates operational value."
+ *
+ * OPEN (Core — free forever):
+ *   - WAP Protocol (schema, discovery, permissions)
+ *   - SDK + Client Runtime (JS, integrations)
+ *   - Browser Execution Layer (basic)
+ *   - Adapters (MCP, REST, Browser)
+ *   - Registry (read-only — search commands, sites, templates)
+ *   - Basic agent registration & authentication
+ *
+ * CLOSED (Paid — revenue layer):
+ *   - Workspace / Control Plane (dashboard, monitoring, agent management)
+ *   - Advanced Orchestration (scheduling, retries, pipelines, distributed exec)
+ *   - Observability (tracing, analytics, performance insights)
+ *   - Enterprise Security (signing, audit logs, compliance, IP allowlists)
+ *   - Hosted Runtime (cloud execution, auto-scaling)
+ *   - Marketplace commissions (10-20%)
+ */
+
+// ─── Plans ──────────────────────────────────────────────────────────────
+
+const PLANS = {
+  free: {
+    id: 'free',
+    name: 'Free',
+    price: 0,
+    interval: 'month',
+    description: 'Core WAP protocol + SDK for developers & site integration',
+    limits: {
+      agents: 3,
+      tasksPerDay: 50,
+      executionsPerDay: 100,
+      sessions: 5,
+      maxConcurrency: 2,
+      replayRecordings: 10,
+      computeMinutesPerDay: 10,
+      storageMB: 50,
+      webhooks: 1,
+      customAgents: 1,
+      apiCallsPerMinute: 20,
+    },
+    features: {
+      // OPEN — always available
+      protocol: true,
+      sdk: true,
+      browserExecution: true,
+      adapters: true,             // MCP, REST, Browser adapters
+      registryRead: true,         // Browse commands, sites, templates
+      agentRegistration: true,
+      basicAuth: true,
+      discovery: true,            // /.well-known/agent-tools.json
+      capabilityNegotiation: true,
+      semanticActions: true,      // Basic semantic actions
+      communityTemplates: true,
+
+      // CLOSED — not available on free
+      workspace: false,
+      advancedOrchestration: false,
+      observability: false,
+      enterpriseSecurity: false,
+      hostedRuntime: false,
+      marketplace: false,
+      failureAnalysis: false,
+      replayEngine: false,
+      certification: false,
+      llmInference: false,
+      prioritySupport: false,
+      customDomain: false,
+      sla: false,
+      auditLog: false,
+      advancedAnalytics: false,
+      dataExtraction: false,
+      trafficIntelligence: false,
+      exploitShield: false,
+      visionAnalysis: false,
+      swarmExecution: false,
+      agentMemory: false,
+    },
+  },
+
+  starter: {
+    id: 'starter',
+    name: 'Starter',
+    price: 29,
+    interval: 'month',
+    stripePrice: process.env.STRIPE_PRICE_STARTER,
+    description: 'For developers building production agents',
+    limits: {
+      agents: 10,
+      tasksPerDay: 500,
+      executionsPerDay: 1000,
+      sessions: 25,
+      maxConcurrency: 5,
+      replayRecordings: 100,
+      computeMinutesPerDay: 60,
+      storageMB: 500,
+      webhooks: 5,
+      customAgents: 5,
+      apiCallsPerMinute: 60,
+    },
+    features: {
+      // OPEN
+      protocol: true,
+      sdk: true,
+      browserExecution: true,
+      adapters: true,
+      registryRead: true,
+      agentRegistration: true,
+      basicAuth: true,
+      discovery: true,
+      capabilityNegotiation: true,
+      semanticActions: true,
+      communityTemplates: true,
+
+      // PAID — now available
+      workspace: true,
+      advancedOrchestration: true,
+      observability: true,         // Basic observability (metrics, logs)
+      failureAnalysis: true,
+      replayEngine: true,
+      llmInference: true,
+      advancedAnalytics: true,
+      dataExtraction: true,
+      agentMemory: true,
+
+      // Still closed
+      enterpriseSecurity: false,
+      hostedRuntime: false,
+      marketplace: false,
+      certification: false,
+      prioritySupport: false,
+      customDomain: false,
+      sla: false,
+      auditLog: false,
+      trafficIntelligence: false,
+      exploitShield: false,
+      visionAnalysis: false,
+      swarmExecution: false,
+    },
+  },
+
+  pro: {
+    id: 'pro',
+    name: 'Pro',
+    price: 99,
+    interval: 'month',
+    stripePrice: process.env.STRIPE_PRICE_PRO,
+    description: 'For teams & companies running agents at scale',
+    limits: {
+      agents: 50,
+      tasksPerDay: 5000,
+      executionsPerDay: 10000,
+      sessions: 100,
+      maxConcurrency: 20,
+      replayRecordings: 1000,
+      computeMinutesPerDay: 300,
+      storageMB: 5000,
+      webhooks: 25,
+      customAgents: 25,
+      apiCallsPerMinute: 200,
+    },
+    features: {
+      // All OPEN
+      protocol: true, sdk: true, browserExecution: true, adapters: true,
+      registryRead: true, agentRegistration: true, basicAuth: true,
+      discovery: true, capabilityNegotiation: true, semanticActions: true,
+      communityTemplates: true,
+
+      // All Starter features
+      workspace: true, advancedOrchestration: true, observability: true,
+      failureAnalysis: true, replayEngine: true, llmInference: true,
+      advancedAnalytics: true, dataExtraction: true, agentMemory: true,
+
+      // New in Pro
+      hostedRuntime: true,
+      marketplace: true,         // Publish & sell on marketplace
+      certification: true,
+      trafficIntelligence: true,
+      exploitShield: true,
+      visionAnalysis: true,
+      swarmExecution: true,
+      auditLog: true,
+      customDomain: true,
+
+      // Enterprise only
+      enterpriseSecurity: false,
+      prioritySupport: false,
+      sla: false,
+    },
+  },
+
+  enterprise: {
+    id: 'enterprise',
+    name: 'Enterprise',
+    price: null, // Custom pricing
+    interval: 'month',
+    stripePrice: process.env.STRIPE_PRICE_ENTERPRISE,
+    description: 'For organizations needing security, compliance & dedicated support',
+    limits: {
+      agents: -1,        // Unlimited
+      tasksPerDay: -1,
+      executionsPerDay: -1,
+      sessions: -1,
+      maxConcurrency: 100,
+      replayRecordings: -1,
+      computeMinutesPerDay: -1,
+      storageMB: -1,
+      webhooks: -1,
+      customAgents: -1,
+      apiCallsPerMinute: 1000,
+    },
+    features: {
+      // Everything
+      protocol: true, sdk: true, browserExecution: true, adapters: true,
+      registryRead: true, agentRegistration: true, basicAuth: true,
+      discovery: true, capabilityNegotiation: true, semanticActions: true,
+      communityTemplates: true,
+      workspace: true, advancedOrchestration: true, observability: true,
+      failureAnalysis: true, replayEngine: true, llmInference: true,
+      advancedAnalytics: true, dataExtraction: true, agentMemory: true,
+      hostedRuntime: true, marketplace: true, certification: true,
+      trafficIntelligence: true, exploitShield: true, visionAnalysis: true,
+      swarmExecution: true, auditLog: true, customDomain: true,
+
+      // Enterprise exclusive
+      enterpriseSecurity: true,
+      prioritySupport: true,
+      sla: true,
+    },
+  },
+};
+
+// ─── Usage-Based Pricing (Pay-as-you-go overages) ───────────────────
+
+const USAGE_PRICING = {
+  execution: { unit: 'execution', price: 0.001, description: '$0.001 per execution beyond plan limit' },
+  computeMinute: { unit: 'minute', price: 0.01, description: '$0.01 per compute minute beyond plan limit' },
+  storage: { unit: 'MB', price: 0.05, description: '$0.05 per MB/month beyond plan limit' },
+  llmToken: { unit: '1K tokens', price: 0.002, description: '$0.002 per 1K tokens (pass-through + margin)' },
+  agent: { unit: 'agent', price: 2.00, description: '$2/month per additional agent beyond plan limit' },
+};
+
+// ─── Marketplace Commissions ────────────────────────────────────────
+
+const MARKETPLACE = {
+  commission: 0.15,        // 15% platform fee
+  minPrice: 0.99,
+  maxPrice: 999.99,
+  payoutThreshold: 25.00,  // Minimum balance for payout
+  categories: [
+    'automation', 'scraping', 'commerce', 'analytics',
+    'security', 'integration', 'ai-agent', 'template',
+    'adapter', 'plugin',
+  ],
+};
+
+// ─── Feature Gate Mapping ───────────────────────────────────────────
+// Maps API path patterns to required features
+
+const FEATURE_GATES = {
+  // Advanced orchestration
+  '/tasks': { feature: 'advancedOrchestration', methods: ['POST'] },
+  '/tasks/*/pause': { feature: 'advancedOrchestration', methods: ['POST'] },
+  '/tasks/*/resume': { feature: 'advancedOrchestration', methods: ['POST'] },
+  '/execute/pipeline': { feature: 'advancedOrchestration', methods: ['POST'] },
+
+  // Observability (write/analysis — reads are free for basic health)
+  '/observability/metrics': { feature: 'observability', methods: ['GET'] },
+  '/observability/traces': { feature: 'observability', methods: ['GET'] },
+  '/observability/logs': { feature: 'observability', methods: ['GET'] },
+
+  // Replay engine
+  '/replay': { feature: 'replayEngine', methods: ['GET', 'POST'] },
+
+  // Failure analysis
+  '/failures': { feature: 'failureAnalysis', methods: ['GET', 'POST'] },
+
+  // Sessions (beyond free limit)
+  '/sessions': { feature: 'workspace', methods: ['POST'] },
+
+  // Certification
+  '/certification/verify': { feature: 'certification', methods: ['POST'] },
+
+  // LLM
+  '/llm/complete': { feature: 'llmInference', methods: ['POST'] },
+  '/llm/embed': { feature: 'llmInference', methods: ['POST'] },
+
+  // Control plane
+  '/deployments': { feature: 'workspace', methods: ['POST'] },
+  '/policies': { feature: 'workspace', methods: ['POST'] },
+
+  // Signing (enterprise)
+  '/sign': { feature: 'enterpriseSecurity', methods: ['POST'] },
+  '/verify': { feature: 'enterpriseSecurity', methods: ['POST'] },
+
+  // Swarm
+  '/premium/v2/swarm': { feature: 'swarmExecution', methods: ['POST'] },
+
+  // Vision
+  '/premium/v2/vision': { feature: 'visionAnalysis', methods: ['POST'] },
+
+  // Marketplace
+  '/marketplace/publish': { feature: 'marketplace', methods: ['POST'] },
+};
+
+// ─── Helpers ────────────────────────────────────────────────────────
+
+function getPlan(tier) {
+  return PLANS[tier] || PLANS.free;
+}
+
+function getLimit(tier, limitName) {
+  const plan = getPlan(tier);
+  return plan.limits[limitName] ?? 0;
+}
+
+function hasFeature(tier, featureName) {
+  const plan = getPlan(tier);
+  return plan.features[featureName] === true;
+}
+
+function isUnlimited(tier, limitName) {
+  return getLimit(tier, limitName) === -1;
+}
+
+function listPlans(includeEnterprise = true) {
+  const plans = Object.values(PLANS);
+  return includeEnterprise ? plans : plans.filter(p => p.id !== 'enterprise');
+}
+
+function getUpgradePath(currentTier) {
+  const order = ['free', 'starter', 'pro', 'enterprise'];
+  const idx = order.indexOf(currentTier);
+  if (idx === -1 || idx >= order.length - 1) return null;
+  return PLANS[order[idx + 1]];
+}
+
+function checkFeatureGate(path, method) {
+  for (const [pattern, gate] of Object.entries(FEATURE_GATES)) {
+    const regex = new RegExp('^' + pattern.replace(/\*/g, '[^/]+') + '(/|$)');
+    if (regex.test(path) && gate.methods.includes(method)) {
+      return gate.feature;
+    }
+  }
+  return null; // No gate — free access
+}
+
+module.exports = {
+  PLANS,
+  USAGE_PRICING,
+  MARKETPLACE,
+  FEATURE_GATES,
+  getPlan,
+  getLimit,
+  hasFeature,
+  isUnlimited,
+  listPlans,
+  getUpgradePath,
+  checkFeatureGate,
+};

package/server/index.js

@@ -34,6 +34,7 @@ const workspaceRoutes = require('./routes/agent-workspace');
 const universalRoutes = require('./routes/universal');
 const runtimeRoutes = require('./routes/runtime');
 const { handleWebhookRequest } = require('./services/stripe');
+const { runtime } = require('./runtime');
 
 const app = express();
 const PORT = process.env.PORT || 3000;
@@ -355,6 +356,9 @@ if (process.env.NODE_ENV !== 'test') {
   const server = http.createServer(app);
   setupWebSocket(server);
 
+  // Start Agent OS runtime
+  runtime.start();
+
   server.listen(PORT, () => {
     console.log(`\n  ╔══════════════════════════════════════════╗`);
     console.log(`  ║   Web Agent Bridge v${pkg.version}                ║`);

package/server/middleware/featureGate.js

@@ -0,0 +1,88 @@
+'use strict';
+
+/**
+ * Feature Gate Middleware for Agent OS
+ *
+ * Enforces plan-based access control on /api/os/* endpoints.
+ * Checks tier features and usage limits before allowing access.
+ *
+ * OPEN endpoints (always free): protocol, registry read, discovery, adapters read,
+ *   agent registration, basic health, SDK downloads
+ *
+ * GATED endpoints: orchestration, observability details, replay, failure analysis,
+ *   sessions beyond limit, LLM inference, certification, signing, hosted runtime,
+ *   marketplace publish, swarm, vision
+ */
+
+const { checkFeatureGate, hasFeature, getPlan } = require('../config/plans');
+const metering = require('../services/metering');
+const { metrics } = require('../observability');
+
+/**
+ * Feature Gate Middleware
+ * Checks if the requesting agent/user has the required feature in their plan.
+ *
+ * Requires req.agentTier to be set (by auth middleware or license verification).
+ * Falls back to 'free' if not set.
+ */
+function featureGate(req, res, next) {
+  const tier = req.agentTier || req.session?.tier || 'free';
+  const requiredFeature = checkFeatureGate(req.path, req.method);
+
+  // No gate on this endpoint — free access
+  if (!requiredFeature) return next();
+
+  // Check feature
+  if (!hasFeature(tier, requiredFeature)) {
+    metrics.increment('feature_gate.denied', 1, { feature: requiredFeature, tier });
+    const plan = getPlan(tier);
+    return res.status(403).json({
+      error: 'Feature not available on your plan',
+      feature: requiredFeature,
+      currentPlan: tier,
+      upgrade: `This feature requires a higher plan. Visit /api/os/plans for available plans.`,
+      upgradeUrl: '/api/os/plans',
+    });
+  }
+
+  metrics.increment('feature_gate.allowed', 1, { feature: requiredFeature, tier });
+  next();
+}
+
+/**
+ * Usage Limit Middleware
+ * Enforces per-metric limits (executions/day, tasks/day, etc.) based on plan.
+ */
+function usageLimit(metric) {
+  return function (req, res, next) {
+    const tier = req.agentTier || req.session?.tier || 'free';
+    const entityId = req.agentId || req.session?.agentId || req.ip;
+
+    const result = metering.record(entityId, metric, tier);
+
+    if (!result.allowed) {
+      metrics.increment('usage_limit.exceeded', 1, { metric, tier });
+      return res.status(429).json({
+        error: 'Usage limit exceeded',
+        metric,
+        current: result.current,
+        limit: result.limit,
+        overage: result.overageAmount,
+        overageCost: result.overageCost,
+        upgrade: 'Upgrade your plan for higher limits or enable pay-as-you-go overages.',
+        upgradeUrl: '/api/os/plans',
+      });
+    }
+
+    // Attach usage info to response headers
+    if (result.limit > 0) {
+      res.set('X-WAB-Usage-Current', String(result.current));
+      res.set('X-WAB-Usage-Limit', String(result.limit));
+      res.set('X-WAB-Usage-Remaining', String(Math.max(0, result.limit - result.current)));
+    }
+
+    next();
+  };
+}
+
+module.exports = { featureGate, usageLimit };

package/server/migrations/004_agent_os.sql

@@ -0,0 +1,158 @@
+-- Agent OS persistence layer
+-- Stores agents, tasks, deployments, registry data, and audit logs
+
+-- Agent identities
+CREATE TABLE IF NOT EXISTS os_agents (
+  id TEXT PRIMARY KEY,
+  name TEXT NOT NULL,
+  type TEXT NOT NULL DEFAULT 'autonomous',
+  status TEXT NOT NULL DEFAULT 'active',
+  capabilities TEXT DEFAULT '[]',
+  api_key_hash TEXT,
+  public_key TEXT,
+  metadata TEXT DEFAULT '{}',
+  ip_allowlist TEXT DEFAULT '[]',
+  command_count INTEGER DEFAULT 0,
+  created_at INTEGER NOT NULL,
+  last_seen INTEGER
+);
+
+-- Agent sessions
+CREATE TABLE IF NOT EXISTS os_sessions (
+  token TEXT PRIMARY KEY,
+  agent_id TEXT NOT NULL,
+  ip TEXT,
+  expires_at INTEGER NOT NULL,
+  created_at INTEGER NOT NULL,
+  FOREIGN KEY (agent_id) REFERENCES os_agents(id) ON DELETE CASCADE
+);
+
+-- Tasks
+CREATE TABLE IF NOT EXISTS os_tasks (
+  id TEXT PRIMARY KEY,
+  type TEXT NOT NULL,
+  state TEXT NOT NULL DEFAULT 'queued',
+  priority INTEGER DEFAULT 5,
+  agent_id TEXT,
+  params TEXT DEFAULT '{}',
+  result TEXT,
+  error TEXT,
+  retry_count INTEGER DEFAULT 0,
+  max_retries INTEGER DEFAULT 3,
+  depends_on TEXT DEFAULT '[]',
+  created_at INTEGER NOT NULL,
+  started_at INTEGER,
+  completed_at INTEGER,
+  timeout INTEGER DEFAULT 30000
+);
+
+CREATE INDEX IF NOT EXISTS idx_os_tasks_state ON os_tasks(state);
+CREATE INDEX IF NOT EXISTS idx_os_tasks_agent ON os_tasks(agent_id);
+
+-- Deployments
+CREATE TABLE IF NOT EXISTS os_deployments (
+  id TEXT PRIMARY KEY,
+  agent_id TEXT NOT NULL,
+  status TEXT NOT NULL DEFAULT 'active',
+  config TEXT DEFAULT '{}',
+  sites TEXT DEFAULT '[]',
+  health_status TEXT DEFAULT 'unknown',
+  last_health_check INTEGER,
+  created_at INTEGER NOT NULL,
+  FOREIGN KEY (agent_id) REFERENCES os_agents(id) ON DELETE CASCADE
+);
+
+-- Registry: commands
+CREATE TABLE IF NOT EXISTS os_registry_commands (
+  id TEXT PRIMARY KEY,
+  site_id TEXT NOT NULL,
+  name TEXT NOT NULL,
+  description TEXT DEFAULT '',
+  category TEXT DEFAULT 'general',
+  version TEXT DEFAULT '1.0.0',
+  input_schema TEXT DEFAULT '{}',
+  output_schema TEXT DEFAULT '{}',
+  capabilities TEXT DEFAULT '[]',
+  tags TEXT DEFAULT '[]',
+  usage_count INTEGER DEFAULT 0,
+  last_used INTEGER,
+  created_at INTEGER NOT NULL
+);
+
+CREATE INDEX IF NOT EXISTS idx_os_reg_cmd_site ON os_registry_commands(site_id);
+CREATE INDEX IF NOT EXISTS idx_os_reg_cmd_cat ON os_registry_commands(category);
+
+-- Registry: sites
+CREATE TABLE IF NOT EXISTS os_registry_sites (
+  domain TEXT PRIMARY KEY,
+  name TEXT,
+  description TEXT DEFAULT '',
+  tier TEXT DEFAULT 'free',
+  protocol_version TEXT DEFAULT '1.0.0',
+  capabilities TEXT DEFAULT '[]',
+  endpoints TEXT DEFAULT '{}',
+  verified INTEGER DEFAULT 0,
+  agent_visits INTEGER DEFAULT 0,
+  last_seen INTEGER,
+  created_at INTEGER NOT NULL
+);
+
+-- Registry: templates
+CREATE TABLE IF NOT EXISTS os_registry_templates (
+  id TEXT PRIMARY KEY,
+  name TEXT NOT NULL,
+  description TEXT DEFAULT '',
+  category TEXT DEFAULT 'general',
+  author TEXT DEFAULT 'system',
+  version TEXT DEFAULT '1.0.0',
+  steps TEXT DEFAULT '[]',
+  variables TEXT DEFAULT '{}',
+  required_capabilities TEXT DEFAULT '[]',
+  tags TEXT DEFAULT '[]',
+  downloads INTEGER DEFAULT 0,
+  created_at INTEGER NOT NULL
+);
+
+-- Audit log (immutable append-only)
+CREATE TABLE IF NOT EXISTS os_audit_log (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  timestamp INTEGER NOT NULL,
+  agent_id TEXT,
+  action TEXT NOT NULL,
+  resource TEXT,
+  resource_id TEXT,
+  details TEXT DEFAULT '{}',
+  ip TEXT,
+  outcome TEXT DEFAULT 'success'
+);
+
+CREATE INDEX IF NOT EXISTS idx_os_audit_ts ON os_audit_log(timestamp);
+CREATE INDEX IF NOT EXISTS idx_os_audit_agent ON os_audit_log(agent_id);
+
+-- Capability grants
+CREATE TABLE IF NOT EXISTS os_capability_grants (
+  id TEXT PRIMARY KEY,
+  agent_id TEXT NOT NULL,
+  capability TEXT NOT NULL,
+  site_id TEXT DEFAULT '*',
+  max_calls INTEGER,
+  used_calls INTEGER DEFAULT 0,
+  rate_limit TEXT,
+  expires_at INTEGER,
+  status TEXT DEFAULT 'active',
+  created_at INTEGER NOT NULL,
+  FOREIGN KEY (agent_id) REFERENCES os_agents(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_os_cap_agent ON os_capability_grants(agent_id);
+
+-- Policies
+CREATE TABLE IF NOT EXISTS os_policies (
+  id TEXT PRIMARY KEY,
+  name TEXT NOT NULL,
+  description TEXT DEFAULT '',
+  priority INTEGER DEFAULT 0,
+  rules TEXT DEFAULT '[]',
+  entity_bindings TEXT DEFAULT '[]',
+  created_at INTEGER NOT NULL
+);