web-agent-bridge 2.9.0 → 3.2.0

package/server/services/modules/affiliate-intelligence.js

@@ -0,0 +1,93 @@
+/**
+ * WAB Affiliate Intelligence (10-affiliate-intelligence) — PUBLIC API, PRIVATE DB
+ * Detects affiliate link manipulation and cookie stuffing.
+ * API is open, detection database is closed.
+ *
+ * Powered by WAB — Web Agent Bridge
+ * https://www.webagentbridge.com
+ */
+
+'use strict';
+
+const crypto = require('crypto');
+const url = require('url');
+
+const scanStore = new Map();
+
+let affiliateDb;
+try { affiliateDb = require('./affiliate-db'); } catch { affiliateDb = null; }
+
+const KNOWN_AFFILIATE_PARAMS = ['ref', 'aff', 'affiliate', 'partner', 'utm_source', 'tag', 'associate', 'clickid', 'subid', 'irclickid', 'gclid', 'fbclid'];
+const COOKIE_STUFFING_INDICATORS = ['iframe[style*="display:none"]', 'iframe[width="0"]', 'img[src*="click"]', 'img[width="1"][height="1"]'];
+
+function createRouter(express) {
+  const router = express.Router();
+
+  router.post('/scan-url', (req, res) => {
+    const { target_url } = req.body;
+    if (!target_url) return res.status(400).json({ error: 'target_url required' });
+
+    try {
+      const parsed = new URL(target_url);
+      const affiliateParams = [];
+      for (const [key, value] of parsed.searchParams) {
+        if (KNOWN_AFFILIATE_PARAMS.includes(key.toLowerCase())) {
+          affiliateParams.push({ param: key, value, type: 'affiliate_tracking' });
+        }
+      }
+
+      const hasRedirect = /\/(click|go|redirect|track|aff|out)\//i.test(parsed.pathname);
+      let manipulation = null;
+      if (affiliateDb) {
+        manipulation = affiliateDb.checkManipulation(target_url, affiliateParams);
+      }
+
+      const scanId = 'ASCAN-' + crypto.randomBytes(6).toString('hex').toUpperCase();
+      const result = {
+        scan_id: scanId, url: target_url, hostname: parsed.hostname,
+        affiliate_params: affiliateParams, has_affiliate: affiliateParams.length > 0,
+        has_redirect_chain: hasRedirect, manipulation_detected: manipulation,
+        risk_level: affiliateParams.length > 2 ? 'HIGH' : affiliateParams.length > 0 ? 'MEDIUM' : 'LOW',
+        scanned_at: new Date().toISOString(),
+      };
+      scanStore.set(scanId, result);
+      res.json(result);
+    } catch (e) {
+      res.status(400).json({ error: 'Invalid URL: ' + e.message });
+    }
+  });
+
+  router.post('/scan-html', (req, res) => {
+    const { html, page_url } = req.body;
+    if (!html) return res.status(400).json({ error: 'html content required' });
+
+    const findings = [];
+    for (const indicator of COOKIE_STUFFING_INDICATORS) {
+      const tag = indicator.split('[')[0];
+      const attrMatch = indicator.match(/\[([^\]]+)\]/g) || [];
+      if (new RegExp(`<${tag}[^>]*${attrMatch.map(a => a.slice(1, -1).replace('*', '.*')).join('[^>]*')}`, 'gi').test(html)) {
+        findings.push({ type: 'COOKIE_STUFFING', indicator, severity: 'HIGH' });
+      }
+    }
+
+    const hiddenIframes = (html.match(/<iframe[^>]*(?:display\s*:\s*none|width\s*=\s*["']?0|height\s*=\s*["']?0)[^>]*>/gi) || []).length;
+    const trackingPixels = (html.match(/<img[^>]*(?:width\s*=\s*["']?1["']?\s+height\s*=\s*["']?1|height\s*=\s*["']?1["']?\s+width\s*=\s*["']?1)[^>]*>/gi) || []).length;
+
+    res.json({
+      page_url: page_url || 'unknown', cookie_stuffing_indicators: findings,
+      hidden_iframes: hiddenIframes, tracking_pixels: trackingPixels,
+      risk_level: findings.length > 0 || hiddenIframes > 2 ? 'HIGH' : trackingPixels > 5 ? 'MEDIUM' : 'LOW',
+      scanned_at: new Date().toISOString(),
+    });
+  });
+
+  router.get('/stats', (req, res) => {
+    let high = 0, manipulations = 0;
+    for (const s of scanStore.values()) { if (s.risk_level === 'HIGH') high++; if (s.manipulation_detected) manipulations++; }
+    res.json({ total_scans: scanStore.size, high_risk: high, manipulations_detected: manipulations });
+  });
+
+  return router;
+}
+
+module.exports = { createRouter };

package/server/services/modules/agent-firewall.js

@@ -0,0 +1,90 @@
+/**
+ * WAB Agent Firewall (01-agent-firewall) — PUBLIC API, PRIVATE DETECTION LOGIC
+ * Scans URLs and content for prompt injections, phishing, and dark patterns.
+ * API is open, deep detection rules are closed.
+ *
+ * Powered by WAB — Web Agent Bridge
+ * https://www.webagentbridge.com
+ */
+
+'use strict';
+
+const crypto = require('crypto');
+
+const BASIC_THREATS = [
+  /ignore\s+(all\s+)?previous\s+instructions/gi,
+  /you\s+are\s+now\s+in\s+developer\s+mode/gi,
+  /disregard\s+(your\s+)?(prior\s+|previous\s+)?instructions/gi,
+  /<\s*script[^>]*>.*?<\/\s*script\s*>/gis,
+  /transfer\s+\$?\d+.*?to\s+(?:wallet|account|address)/gi,
+  /data:text\/html.*base64/gi,
+  /javascript:void/gi,
+];
+
+const MALICIOUS_DOMAINS = new Set([
+  'paypa1.com', 'amaz0n.com', 'g00gle.com', 'faceb00k.com',
+  'secure-paypal-login.com', 'amazon-security-alert.com',
+]);
+
+let deepDetection;
+try { deepDetection = require('./firewall-engine'); } catch { deepDetection = null; }
+
+const scanLog = [];
+
+function createRouter(express) {
+  const router = express.Router();
+
+  router.post('/scan', (req, res) => {
+    const { url: targetUrl, content, agent_id } = req.body;
+    const startTime = Date.now();
+
+    const urlThreats = [];
+    const contentThreats = [];
+    let riskScore = 0;
+
+    if (targetUrl) {
+      try {
+        const parsed = new URL(targetUrl);
+        const hostname = parsed.hostname.toLowerCase();
+        if (MALICIOUS_DOMAINS.has(hostname)) { urlThreats.push({ type: 'MALICIOUS_DOMAIN', severity: 'CRITICAL', detail: hostname }); riskScore += 40; }
+        if (/[^\x00-\x7F]/.test(hostname)) { urlThreats.push({ type: 'HOMOGRAPH_ATTACK', severity: 'HIGH', detail: hostname }); riskScore += 25; }
+        if (/(?:password|token|apikey|secret)=/i.test(targetUrl)) { urlThreats.push({ type: 'DATA_EXFILTRATION', severity: 'HIGH', detail: 'Sensitive params in URL' }); riskScore += 25; }
+      } catch { urlThreats.push({ type: 'INVALID_URL', severity: 'LOW' }); }
+    }
+
+    if (content && typeof content === 'string') {
+      for (const pattern of BASIC_THREATS) {
+        const matches = content.match(pattern);
+        if (matches) { contentThreats.push({ type: 'PROMPT_INJECTION', matches: matches.slice(0, 3), count: matches.length }); riskScore += 30; }
+      }
+      if (deepDetection) {
+        const deep = deepDetection.analyze(content, targetUrl);
+        contentThreats.push(...(deep.threats || []));
+        riskScore += deep.score || 0;
+      }
+    }
+
+    riskScore = Math.min(100, riskScore);
+    const verdict = riskScore === 0 ? 'CLEAN' : riskScore > 50 ? 'BLOCKED' : 'WARNING';
+    const scanId = crypto.randomBytes(8).toString('hex');
+
+    scanLog.push({ scan_id: scanId, url: targetUrl, verdict, risk_score: riskScore, timestamp: new Date().toISOString() });
+    if (scanLog.length > 5000) scanLog.splice(0, scanLog.length - 5000);
+
+    res.json({
+      scan_id: scanId, verdict, risk_score: riskScore,
+      url_threats: urlThreats, content_threats: contentThreats,
+      processing_time_ms: Date.now() - startTime, scanned_at: new Date().toISOString(),
+    });
+  });
+
+  router.get('/stats', (req, res) => {
+    let blocked = 0, warnings = 0;
+    for (const s of scanLog) { if (s.verdict === 'BLOCKED') blocked++; if (s.verdict === 'WARNING') warnings++; }
+    res.json({ total_scans: scanLog.length, blocked, warnings, clean: scanLog.length - blocked - warnings });
+  });
+
+  return router;
+}
+
+module.exports = { createRouter };

package/server/services/modules/bounty.js

@@ -0,0 +1,89 @@
+/**
+ * WAB Bounty Network (09-bounty-network) — PUBLIC API, PRIVATE VERIFICATION RULES
+ * Bug bounty and threat reporting network.
+ * Report interface is open, verification rules are closed.
+ *
+ * Powered by WAB — Web Agent Bridge
+ * https://www.webagentbridge.com
+ */
+
+'use strict';
+
+const crypto = require('crypto');
+
+const reportStore = new Map();
+const rewardStore = new Map();
+
+const CATEGORIES = ['dark_pattern', 'price_manipulation', 'fake_reviews', 'hidden_fees', 'data_harvesting', 'accessibility_violation', 'misleading_ads', 'forced_subscription'];
+const SEVERITY_REWARDS = { LOW: 10, MEDIUM: 50, HIGH: 200, CRITICAL: 500 };
+
+let verifyReport;
+try { verifyReport = require('./bounty-verification'); } catch { verifyReport = null; }
+
+function createRouter(express) {
+  const router = express.Router();
+
+  router.post('/report', (req, res) => {
+    const { platform, url: targetUrl, category, description, evidence_html, reporter_token } = req.body;
+    if (!platform || !targetUrl || !category || !description) {
+      return res.status(400).json({ error: 'platform, url, category, and description required' });
+    }
+    if (!CATEGORIES.includes(category)) {
+      return res.status(400).json({ error: `Invalid category. Valid: ${CATEGORIES.join(', ')}` });
+    }
+
+    const reportId = 'RPT-' + crypto.randomBytes(8).toString('hex').toUpperCase();
+    const reporterHash = crypto.createHmac('sha256', process.env.WAB_SECRET || 'wab-bounty-salt')
+      .update(reporter_token || crypto.randomBytes(16).toString('hex')).digest('hex').substring(0, 16);
+
+    const report = {
+      report_id: reportId, platform, url: targetUrl, category, description,
+      reporter_hash: reporterHash, severity: null, reward_usd: 0,
+      status: 'SUBMITTED', submitted_at: new Date().toISOString(),
+      verified: false, verification_notes: null,
+    };
+
+    if (verifyReport) {
+      const verification = verifyReport(report, evidence_html);
+      report.severity = verification.severity;
+      report.verified = verification.verified;
+      report.reward_usd = verification.verified ? (SEVERITY_REWARDS[verification.severity] || 0) : 0;
+      report.status = verification.verified ? 'VERIFIED' : 'PENDING_REVIEW';
+    } else {
+      report.status = 'PENDING_REVIEW';
+    }
+
+    reportStore.set(reportId, report);
+    res.status(201).json(report);
+  });
+
+  router.get('/report/:id', (req, res) => {
+    const report = reportStore.get(req.params.id);
+    if (!report) return res.status(404).json({ error: 'Report not found' });
+    res.json(report);
+  });
+
+  router.get('/categories', (req, res) => {
+    res.json({ categories: CATEGORIES, severity_rewards_usd: SEVERITY_REWARDS });
+  });
+
+  router.get('/leaderboard', (req, res) => {
+    const reporters = {};
+    for (const r of reportStore.values()) {
+      if (r.verified) { reporters[r.reporter_hash] = (reporters[r.reporter_hash] || 0) + r.reward_usd; }
+    }
+    const leaderboard = Object.entries(reporters).map(([hash, total]) => ({ reporter_hash: hash, total_rewards_usd: total }))
+      .sort((a, b) => b.total_rewards_usd - a.total_rewards_usd).slice(0, 20);
+    res.json({ leaderboard });
+  });
+
+  router.get('/stats', (req, res) => {
+    let verified = 0, totalReward = 0;
+    for (const r of reportStore.values()) { if (r.verified) { verified++; totalReward += r.reward_usd; } }
+    res.json({ total_reports: reportStore.size, verified_reports: verified, total_rewards_usd: totalReward, categories: CATEGORIES.length });
+  });
+
+  return router;
+}
+
+module.exports = { createRouter };

package/server/services/modules/collective-bargaining.js

@@ -0,0 +1,92 @@
+/**
+ * WAB Collective Bargaining (04-collective-bargaining) — PUBLIC JOIN API, PRIVATE MATCHING ENGINE
+ * Groups buyers to negotiate bulk discounts.
+ * Join interface is open, matching engine is closed.
+ *
+ * Powered by WAB — Web Agent Bridge
+ * https://www.webagentbridge.com
+ */
+
+'use strict';
+
+const crypto = require('crypto');
+
+const demandPools = new Map();
+const NEGOTIATION_THRESHOLDS = {
+  electronics: { minBuyers: 10, targetDiscount: 0.15 },
+  travel: { minBuyers: 5, targetDiscount: 0.20 },
+  fashion: { minBuyers: 20, targetDiscount: 0.25 },
+  software: { minBuyers: 50, targetDiscount: 0.30 },
+  default: { minBuyers: 15, targetDiscount: 0.15 },
+};
+
+let matchingEngine;
+try { matchingEngine = require('./bargaining-engine'); } catch { matchingEngine = null; }
+
+function createRouter(express) {
+  const router = express.Router();
+
+  router.post('/join', (req, res) => {
+    const { platform, product_id, product_name, category, current_price, currency, max_price } = req.body;
+    if (!platform || !product_id || !current_price) {
+      return res.status(400).json({ error: 'platform, product_id, and current_price required' });
+    }
+
+    const poolKey = `${platform}:${product_id}`;
+    if (!demandPools.has(poolKey)) {
+      const cat = category || 'default';
+      const threshold = NEGOTIATION_THRESHOLDS[cat] || NEGOTIATION_THRESHOLDS.default;
+      demandPools.set(poolKey, {
+        id: 'POOL-' + crypto.randomBytes(8).toString('hex').toUpperCase(),
+        platform, product_id, product_name: product_name || product_id,
+        category: cat, current_price: parseFloat(current_price), currency: currency || 'USD',
+        target_price: parseFloat((current_price * (1 - threshold.targetDiscount)).toFixed(2)),
+        target_discount_pct: Math.round(threshold.targetDiscount * 100),
+        min_buyers: threshold.minBuyers, members: 0, status: 'OPEN',
+        created_at: new Date().toISOString(),
+      });
+    }
+
+    const pool = demandPools.get(poolKey);
+    if (pool.status !== 'OPEN') return res.status(400).json({ error: 'Pool is not open' });
+    pool.members++;
+
+    if (matchingEngine && pool.members >= pool.min_buyers) {
+      const deal = matchingEngine.negotiate(pool);
+      pool.status = deal ? 'DEAL_REACHED' : 'NEGOTIATING';
+    }
+
+    res.json({
+      success: true, pool_id: pool.id, member_count: pool.members, status: pool.status,
+      progress_pct: Math.min(100, Math.round(pool.members / pool.min_buyers * 100)),
+      members_needed: Math.max(0, pool.min_buyers - pool.members),
+      target_price: pool.target_price, target_discount_pct: pool.target_discount_pct,
+    });
+  });
+
+  router.get('/pools', (req, res) => {
+    const pools = Array.from(demandPools.values()).map(p => ({
+      pool_id: p.id, platform: p.platform, product_name: p.product_name,
+      current_price: p.current_price, target_price: p.target_price,
+      members: p.members, min_buyers: p.min_buyers, status: p.status,
+      progress_pct: Math.min(100, Math.round(p.members / p.min_buyers * 100)),
+    }));
+    res.json({ total: pools.length, pools: pools.filter(p => p.status === 'OPEN').slice(0, 50) });
+  });
+
+  router.get('/pool/:id', (req, res) => {
+    const pool = Array.from(demandPools.values()).find(p => p.id === req.params.id);
+    if (!pool) return res.status(404).json({ error: 'Pool not found' });
+    res.json(pool);
+  });
+
+  router.get('/stats', (req, res) => {
+    let totalMembers = 0, activePoolsCount = 0;
+    for (const p of demandPools.values()) { totalMembers += p.members; if (p.status === 'OPEN') activePoolsCount++; }
+    res.json({ total_pools: demandPools.size, active_pools: activePoolsCount, total_participants: totalMembers });
+  });
+
+  return router;
+}
+
+module.exports = { createRouter };

package/server/services/modules/dark-pattern.js

@@ -0,0 +1,66 @@
+/**
+ * WAB Dark Pattern Detector (03-dark-pattern) — FULLY CLOSED
+ * DSA compliance engine detects all 17 OECD dark patterns.
+ * All detection rules are proprietary.
+ *
+ * Powered by WAB — Web Agent Bridge
+ * https://www.webagentbridge.com
+ */
+
+'use strict';
+
+let darkPatternEngine;
+try { darkPatternEngine = require('./dark-pattern-engine'); } catch { darkPatternEngine = null; }
+
+function createRouter(express) {
+  const router = express.Router();
+
+  router.post('/audit', async (req, res) => {
+    const { url: targetUrl } = req.body;
+    if (!targetUrl) return res.status(400).json({ error: 'url required' });
+    if (!darkPatternEngine) return res.status(503).json({ error: 'Dark pattern engine not available', code: 'MODULE_UNAVAILABLE' });
+    try {
+      const report = await darkPatternEngine.generateReport(targetUrl);
+      res.json(report);
+    } catch (e) { res.status(500).json({ error: e.message }); }
+  });
+
+  router.post('/scan', (req, res) => {
+    const { html, page_url } = req.body;
+    if (!html) return res.status(400).json({ error: 'html content required' });
+    if (!darkPatternEngine) return res.status(503).json({ error: 'Dark pattern engine not available', code: 'MODULE_UNAVAILABLE' });
+    const result = darkPatternEngine.scanContent(html, page_url);
+    res.json(result);
+  });
+
+  router.get('/patterns', (req, res) => {
+    res.json({ total: 17, categories: [
+      { id: 'DP001', name: 'False Urgency', severity: 'HIGH', dsa_article: 'Article 25(1)(a)' },
+      { id: 'DP002', name: 'Scarcity Manipulation', severity: 'HIGH', dsa_article: 'Article 25(1)(a)' },
+      { id: 'DP003', name: 'Hidden Costs', severity: 'CRITICAL', dsa_article: 'Article 25(1)(b)' },
+      { id: 'DP004', name: 'Trick Question', severity: 'HIGH', dsa_article: 'Article 25(1)(c)' },
+      { id: 'DP005', name: 'Roach Motel', severity: 'CRITICAL', dsa_article: 'Article 25(1)(d)' },
+      { id: 'DP006', name: 'Confirmshaming', severity: 'MEDIUM', dsa_article: 'Article 25(1)(a)' },
+      { id: 'DP007', name: 'Forced Continuity', severity: 'CRITICAL', dsa_article: 'Article 25(1)(b)' },
+      { id: 'DP008', name: 'Misdirection', severity: 'MEDIUM', dsa_article: 'Article 25(1)(a)' },
+      { id: 'DP009', name: 'Disguised Ads', severity: 'HIGH', dsa_article: 'Article 26' },
+      { id: 'DP010', name: 'Nagging', severity: 'LOW', dsa_article: 'Article 25(1)(a)' },
+      { id: 'DP011', name: 'Basket Sneaking', severity: 'CRITICAL', dsa_article: 'Article 25(1)(b)' },
+      { id: 'DP012', name: 'Bait and Switch', severity: 'CRITICAL', dsa_article: 'Article 25(1)(b)' },
+      { id: 'DP013', name: 'Privacy Zuckering', severity: 'HIGH', dsa_article: 'Article 25(1)(c)' },
+      { id: 'DP014', name: 'Fake Social Proof', severity: 'HIGH', dsa_article: 'Article 25(1)(a)' },
+      { id: 'DP015', name: 'Interface Interference', severity: 'MEDIUM', dsa_article: 'Article 25(1)(a)' },
+      { id: 'DP016', name: 'Drip Pricing', severity: 'HIGH', dsa_article: 'Article 25(1)(b)' },
+      { id: 'DP017', name: 'Disguised Subscription', severity: 'CRITICAL', dsa_article: 'Article 25(1)(b)' },
+    ]});
+  });
+
+  router.get('/stats', (req, res) => {
+    if (!darkPatternEngine) return res.json({ status: 'engine_not_loaded', patterns_tracked: 17 });
+    res.json(darkPatternEngine.getStats());
+  });
+
+  return router;
+}
+
+module.exports = { createRouter };

package/server/services/modules/gov-intelligence.js

@@ -0,0 +1,45 @@
+/**
+ * WAB Gov Intelligence (05-gov-intelligence) — FULLY CLOSED
+ * Regulatory compliance and government intelligence database.
+ * All data and logic is proprietary.
+ *
+ * Powered by WAB — Web Agent Bridge
+ * https://www.webagentbridge.com
+ */
+
+'use strict';
+
+let govEngine;
+try { govEngine = require('./gov-engine'); } catch { govEngine = null; }
+
+function createRouter(express) {
+  const router = express.Router();
+
+  router.get('/check/:domain', (req, res) => {
+    if (!govEngine) return res.status(503).json({ error: 'Gov intelligence engine not available', code: 'MODULE_UNAVAILABLE' });
+    const result = govEngine.checkDomain(req.params.domain);
+    res.json(result);
+  });
+
+  router.get('/regulations', (req, res) => {
+    const { country, sector } = req.query;
+    if (!govEngine) return res.status(503).json({ error: 'Gov intelligence engine not available', code: 'MODULE_UNAVAILABLE' });
+    res.json(govEngine.getRegulations(country, sector));
+  });
+
+  router.post('/compliance-report', (req, res) => {
+    const { domain, country } = req.body;
+    if (!domain) return res.status(400).json({ error: 'domain required' });
+    if (!govEngine) return res.status(503).json({ error: 'Gov intelligence engine not available', code: 'MODULE_UNAVAILABLE' });
+    res.json(govEngine.generateComplianceReport(domain, country));
+  });
+
+  router.get('/stats', (req, res) => {
+    if (!govEngine) return res.json({ status: 'offline' });
+    res.json(govEngine.getStats());
+  });
+
+  return router;
+}
+
+module.exports = { createRouter };

package/server/services/modules/neural.js

@@ -0,0 +1,55 @@
+/**
+ * WAB Neural Engine (07-neural) — FULLY CLOSED
+ * Local AI inference engine. All logic is proprietary.
+ * Only the API interface is exposed here.
+ *
+ * Powered by WAB — Web Agent Bridge
+ * https://www.webagentbridge.com
+ */
+
+'use strict';
+
+let neuralEngine;
+try { neuralEngine = require('./neural-engine'); } catch { neuralEngine = null; }
+
+function createRouter(express) {
+  const router = express.Router();
+
+  router.post('/analyze-url', (req, res) => {
+    const { url: targetUrl } = req.body;
+    if (!targetUrl) return res.status(400).json({ error: 'url required' });
+    if (!neuralEngine) return res.status(503).json({ error: 'Neural engine not available', code: 'MODULE_UNAVAILABLE' });
+    const result = neuralEngine.analyzeUrl(targetUrl);
+    res.json(result);
+  });
+
+  router.post('/classify', (req, res) => {
+    const { content, categories } = req.body;
+    if (!content) return res.status(400).json({ error: 'content required' });
+    if (!neuralEngine) return res.status(503).json({ error: 'Neural engine not available', code: 'MODULE_UNAVAILABLE' });
+    const result = neuralEngine.classify(content, categories);
+    res.json(result);
+  });
+
+  router.post('/embeddings', (req, res) => {
+    const { text } = req.body;
+    if (!text) return res.status(400).json({ error: 'text required' });
+    if (!neuralEngine) return res.status(503).json({ error: 'Neural engine not available', code: 'MODULE_UNAVAILABLE' });
+    const result = neuralEngine.embed(text);
+    res.json(result);
+  });
+
+  router.get('/models', (req, res) => {
+    if (!neuralEngine) return res.json({ models: [], message: 'Neural engine not loaded' });
+    res.json(neuralEngine.listModels());
+  });
+
+  router.get('/stats', (req, res) => {
+    if (!neuralEngine) return res.json({ status: 'offline' });
+    res.json(neuralEngine.getStats());
+  });
+
+  return router;
+}
+
+module.exports = { createRouter };

package/server/services/modules/notary.js

@@ -0,0 +1,49 @@
+/**
+ * WAB Notary (02-notary) — FULLY CLOSED
+ * Cryptographic certificate system for price discrimination evidence.
+ * Signing algorithm is proprietary.
+ *
+ * Powered by WAB — Web Agent Bridge
+ * https://www.webagentbridge.com
+ */
+
+'use strict';
+
+let notaryEngine;
+try { notaryEngine = require('./notary-engine'); } catch { notaryEngine = null; }
+
+function createRouter(express) {
+  const router = express.Router();
+
+  router.post('/price', (req, res) => {
+    const { platform, productId, priceShown } = req.body;
+    if (!platform || !productId || priceShown === undefined) {
+      return res.status(400).json({ error: 'platform, productId, and priceShown required' });
+    }
+    if (!notaryEngine) return res.status(503).json({ error: 'Notary engine not available', code: 'MODULE_UNAVAILABLE' });
+    const cert = notaryEngine.issuePriceCertificate(req.body);
+    res.status(201).json(cert);
+  });
+
+  router.post('/transaction', (req, res) => {
+    if (!notaryEngine) return res.status(503).json({ error: 'Notary engine not available', code: 'MODULE_UNAVAILABLE' });
+    const cert = notaryEngine.issueTransactionCertificate(req.body);
+    res.status(201).json(cert);
+  });
+
+  router.get('/verify/:certId', (req, res) => {
+    if (!notaryEngine) return res.status(503).json({ error: 'Notary engine not available', code: 'MODULE_UNAVAILABLE' });
+    const result = notaryEngine.verifyCertificate(req.params.certId);
+    if (!result) return res.status(404).json({ error: 'Certificate not found' });
+    res.json(result);
+  });
+
+  router.get('/stats', (req, res) => {
+    if (!notaryEngine) return res.json({ status: 'offline' });
+    res.json(notaryEngine.getStats());
+  });
+
+  return router;
+}
+
+module.exports = { createRouter };

package/server/services/modules/price-time-machine.js

@@ -0,0 +1,86 @@
+/**
+ * WAB Price Time Machine (06-price-time-machine) — PUBLIC API, PRIVATE ENGINE
+ * Historical price tracking and fake discount detection.
+ * API is open, database and detection algorithm are closed.
+ *
+ * Powered by WAB — Web Agent Bridge
+ * https://www.webagentbridge.com
+ */
+
+'use strict';
+
+const crypto = require('crypto');
+
+const priceStore = new Map();
+const alertStore = new Map();
+
+let priceEngine;
+try { priceEngine = require('./price-engine'); } catch { priceEngine = null; }
+
+function createRouter(express) {
+  const router = express.Router();
+
+  router.post('/track', (req, res) => {
+    const { platform, product_id, product_name, price, currency, url: productUrl } = req.body;
+    if (!platform || !product_id || price === undefined) {
+      return res.status(400).json({ error: 'platform, product_id, and price are required' });
+    }
+
+    const key = `${platform}:${product_id}`;
+    if (!priceStore.has(key)) priceStore.set(key, { entries: [], metadata: { platform, product_id, product_name, currency: currency || 'USD', url: productUrl } });
+    const record = priceStore.get(key);
+    record.entries.push({ price: parseFloat(price), timestamp: Date.now(), date: new Date().toISOString() });
+    if (record.entries.length > 5000) record.entries.splice(0, record.entries.length - 5000);
+
+    const prices = record.entries.map(e => e.price);
+    const avg = prices.reduce((a, b) => a + b, 0) / prices.length;
+    const min = Math.min(...prices);
+    const max = Math.max(...prices);
+
+    let fakeDiscount = null;
+    if (priceEngine) {
+      fakeDiscount = priceEngine.detectFakeDiscount(record.entries);
+    }
+
+    res.json({
+      tracked: true, product_id, platform, current_price: price, data_points: record.entries.length,
+      statistics: { average: parseFloat(avg.toFixed(2)), min, max, range_pct: parseFloat(((max - min) / avg * 100).toFixed(1)) },
+      fake_discount: fakeDiscount,
+    });
+  });
+
+  router.get('/history/:platform/:productId', (req, res) => {
+    const key = `${req.params.platform}:${req.params.productId}`;
+    const record = priceStore.get(key);
+    if (!record) return res.status(404).json({ error: 'No price history for this product' });
+    const days = parseInt(req.query.days) || 30;
+    const cutoff = Date.now() - days * 86400000;
+    const filtered = record.entries.filter(e => e.timestamp >= cutoff);
+    res.json({ ...record.metadata, period_days: days, data_points: filtered.length, history: filtered });
+  });
+
+  router.get('/compare', (req, res) => {
+    const { product_name } = req.query;
+    if (!product_name) return res.status(400).json({ error: 'product_name query param required' });
+    const results = [];
+    const search = product_name.toLowerCase();
+    for (const [key, record] of priceStore) {
+      if (record.metadata.product_name && record.metadata.product_name.toLowerCase().includes(search)) {
+        const prices = record.entries.map(e => e.price);
+        results.push({ platform: record.metadata.platform, product_id: record.metadata.product_id, product_name: record.metadata.product_name,
+          current_price: prices[prices.length - 1], lowest_price: Math.min(...prices), highest_price: Math.max(...prices), data_points: prices.length });
+      }
+    }
+    res.json({ query: product_name, results: results.sort((a, b) => a.current_price - b.current_price) });
+  });
+
+  router.get('/stats', (req, res) => {
+    let totalPoints = 0;
+    for (const r of priceStore.values()) totalPoints += r.entries.length;
+    res.json({ products_tracked: priceStore.size, total_data_points: totalPoints, alerts_active: alertStore.size });
+  });
+
+  return router;
+}
+
+module.exports = { createRouter };