web-agent-bridge 3.0.0 → 3.3.0

package/server/services/metering.js

@@ -1,182 +1,182 @@
-'use strict';
-
-/**
- * Usage Metering Service
- *
- * Tracks executions, agents, compute time, API calls, and storage per agent/site.
- * Enforces plan limits and records overages for billing.
- */
-
-const db = require('../models/db').db || require('../models/db');
-const { getLimit, isUnlimited, USAGE_PRICING } = require('../config/plans');
-const { bus } = require('../runtime/event-bus');
-
-// ─── Storage ────────────────────────────────────────────────────────
-
-// In-memory counters with periodic flush to DB
-const _counters = new Map(); // key → { count, lastReset }
-
-function _key(entityId, metric) {
-  return `${entityId}:${metric}`;
-}
-
-function _today() {
-  return new Date().toISOString().slice(0, 10); // YYYY-MM-DD
-}
-
-function _getCounter(entityId, metric) {
-  const key = _key(entityId, metric);
-  const entry = _counters.get(key);
-  const today = _today();
-
-  // Reset daily counters
-  if (!entry || entry.lastReset !== today) {
-    _counters.set(key, { count: 0, lastReset: today, overage: 0 });
-    return _counters.get(key);
-  }
-  return entry;
-}
-
-// ─── Public API ─────────────────────────────────────────────────────
-
-/**
- * Record a usage event and check limits
- * @returns {{ allowed: boolean, current: number, limit: number, overage: boolean }}
- */
-function record(entityId, metric, tier, amount = 1) {
-  const counter = _getCounter(entityId, metric);
-  const limit = getLimit(tier, metric);
-
-  counter.count += amount;
-
-  // Unlimited
-  if (isUnlimited(tier, metric)) {
-    bus.emit('metering.recorded', { entityId, metric, amount, current: counter.count });
-    return { allowed: true, current: counter.count, limit: -1, overage: false };
-  }
-
-  const isOver = counter.count > limit;
-  if (isOver) {
-    counter.overage += amount;
-    bus.emit('metering.overage', { entityId, metric, current: counter.count, limit, overage: counter.overage });
-  } else {
-    bus.emit('metering.recorded', { entityId, metric, amount, current: counter.count });
-  }
-
-  return {
-    allowed: !isOver,
-    current: counter.count,
-    limit,
-    overage: isOver,
-    overageAmount: isOver ? counter.overage : 0,
-    overageCost: isOver ? counter.overage * (USAGE_PRICING[metric]?.price || 0) : 0,
-  };
-}
-
-/**
- * Check if a usage would exceed the limit (without recording)
- */
-function check(entityId, metric, tier, amount = 1) {
-  const counter = _getCounter(entityId, metric);
-  const limit = getLimit(tier, metric);
-
-  if (isUnlimited(tier, metric)) {
-    return { allowed: true, current: counter.count, limit: -1, remaining: Infinity };
-  }
-
-  const remaining = Math.max(0, limit - counter.count);
-  return {
-    allowed: counter.count + amount <= limit,
-    current: counter.count,
-    limit,
-    remaining,
-  };
-}
-
-/**
- * Get current usage for an entity
- */
-function getUsage(entityId, tier) {
-  const metrics = [
-    'agents', 'tasksPerDay', 'executionsPerDay', 'sessions',
-    'computeMinutesPerDay', 'apiCallsPerMinute',
-  ];
-
-  const usage = {};
-  for (const metric of metrics) {
-    const counter = _getCounter(entityId, metric);
-    const limit = getLimit(tier, metric);
-    usage[metric] = {
-      current: counter.count,
-      limit: isUnlimited(tier, metric) ? -1 : limit,
-      percentage: isUnlimited(tier, metric) ? 0 : (limit > 0 ? Math.round((counter.count / limit) * 100) : 0),
-      overage: counter.overage || 0,
-    };
-  }
-
-  return usage;
-}
-
-/**
- * Get usage summary for billing
- */
-function getBillingSummary(entityId) {
-  const overages = {};
-  let totalCost = 0;
-
-  for (const [key, counter] of _counters) {
-    if (!key.startsWith(entityId + ':')) continue;
-    if (counter.overage > 0) {
-      const metric = key.split(':')[1];
-      const pricing = USAGE_PRICING[metric];
-      const cost = pricing ? counter.overage * pricing.price : 0;
-      overages[metric] = {
-        overage: counter.overage,
-        unitPrice: pricing?.price || 0,
-        cost,
-      };
-      totalCost += cost;
-    }
-  }
-
-  return { entityId, overages, totalCost, period: _today() };
-}
-
-/**
- * Reset counters (for testing or admin)
- */
-function reset(entityId, metric = null) {
-  if (metric) {
-    _counters.delete(_key(entityId, metric));
-  } else {
-    for (const key of _counters.keys()) {
-      if (key.startsWith(entityId + ':')) _counters.delete(key);
-    }
-  }
-}
-
-/**
- * Get global stats
- */
-function getStats() {
-  let totalEntities = new Set();
-  let totalEvents = 0;
-  for (const [key, counter] of _counters) {
-    totalEntities.add(key.split(':')[0]);
-    totalEvents += counter.count;
-  }
-  return {
-    trackedEntities: totalEntities.size,
-    totalEvents,
-    counterEntries: _counters.size,
-  };
-}
-
-module.exports = {
-  record,
-  check,
-  getUsage,
-  getBillingSummary,
-  reset,
-  getStats,
-};
+'use strict';
+
+/**
+ * Usage Metering Service
+ *
+ * Tracks executions, agents, compute time, API calls, and storage per agent/site.
+ * Enforces plan limits and records overages for billing.
+ */
+
+const db = require('../models/db').db || require('../models/db');
+const { getLimit, isUnlimited, USAGE_PRICING } = require('../config/plans');
+const { bus } = require('../runtime/event-bus');
+
+// ─── Storage ────────────────────────────────────────────────────────
+
+// In-memory counters with periodic flush to DB
+const _counters = new Map(); // key → { count, lastReset }
+
+function _key(entityId, metric) {
+  return `${entityId}:${metric}`;
+}
+
+function _today() {
+  return new Date().toISOString().slice(0, 10); // YYYY-MM-DD
+}
+
+function _getCounter(entityId, metric) {
+  const key = _key(entityId, metric);
+  const entry = _counters.get(key);
+  const today = _today();
+
+  // Reset daily counters
+  if (!entry || entry.lastReset !== today) {
+    _counters.set(key, { count: 0, lastReset: today, overage: 0 });
+    return _counters.get(key);
+  }
+  return entry;
+}
+
+// ─── Public API ─────────────────────────────────────────────────────
+
+/**
+ * Record a usage event and check limits
+ * @returns {{ allowed: boolean, current: number, limit: number, overage: boolean }}
+ */
+function record(entityId, metric, tier, amount = 1) {
+  const counter = _getCounter(entityId, metric);
+  const limit = getLimit(tier, metric);
+
+  counter.count += amount;
+
+  // Unlimited
+  if (isUnlimited(tier, metric)) {
+    bus.emit('metering.recorded', { entityId, metric, amount, current: counter.count });
+    return { allowed: true, current: counter.count, limit: -1, overage: false };
+  }
+
+  const isOver = counter.count > limit;
+  if (isOver) {
+    counter.overage += amount;
+    bus.emit('metering.overage', { entityId, metric, current: counter.count, limit, overage: counter.overage });
+  } else {
+    bus.emit('metering.recorded', { entityId, metric, amount, current: counter.count });
+  }
+
+  return {
+    allowed: !isOver,
+    current: counter.count,
+    limit,
+    overage: isOver,
+    overageAmount: isOver ? counter.overage : 0,
+    overageCost: isOver ? counter.overage * (USAGE_PRICING[metric]?.price || 0) : 0,
+  };
+}
+
+/**
+ * Check if a usage would exceed the limit (without recording)
+ */
+function check(entityId, metric, tier, amount = 1) {
+  const counter = _getCounter(entityId, metric);
+  const limit = getLimit(tier, metric);
+
+  if (isUnlimited(tier, metric)) {
+    return { allowed: true, current: counter.count, limit: -1, remaining: Infinity };
+  }
+
+  const remaining = Math.max(0, limit - counter.count);
+  return {
+    allowed: counter.count + amount <= limit,
+    current: counter.count,
+    limit,
+    remaining,
+  };
+}
+
+/**
+ * Get current usage for an entity
+ */
+function getUsage(entityId, tier) {
+  const metrics = [
+    'agents', 'tasksPerDay', 'executionsPerDay', 'sessions',
+    'computeMinutesPerDay', 'apiCallsPerMinute',
+  ];
+
+  const usage = {};
+  for (const metric of metrics) {
+    const counter = _getCounter(entityId, metric);
+    const limit = getLimit(tier, metric);
+    usage[metric] = {
+      current: counter.count,
+      limit: isUnlimited(tier, metric) ? -1 : limit,
+      percentage: isUnlimited(tier, metric) ? 0 : (limit > 0 ? Math.round((counter.count / limit) * 100) : 0),
+      overage: counter.overage || 0,
+    };
+  }
+
+  return usage;
+}
+
+/**
+ * Get usage summary for billing
+ */
+function getBillingSummary(entityId) {
+  const overages = {};
+  let totalCost = 0;
+
+  for (const [key, counter] of _counters) {
+    if (!key.startsWith(entityId + ':')) continue;
+    if (counter.overage > 0) {
+      const metric = key.split(':')[1];
+      const pricing = USAGE_PRICING[metric];
+      const cost = pricing ? counter.overage * pricing.price : 0;
+      overages[metric] = {
+        overage: counter.overage,
+        unitPrice: pricing?.price || 0,
+        cost,
+      };
+      totalCost += cost;
+    }
+  }
+
+  return { entityId, overages, totalCost, period: _today() };
+}
+
+/**
+ * Reset counters (for testing or admin)
+ */
+function reset(entityId, metric = null) {
+  if (metric) {
+    _counters.delete(_key(entityId, metric));
+  } else {
+    for (const key of _counters.keys()) {
+      if (key.startsWith(entityId + ':')) _counters.delete(key);
+    }
+  }
+}
+
+/**
+ * Get global stats
+ */
+function getStats() {
+  let totalEntities = new Set();
+  let totalEvents = 0;
+  for (const [key, counter] of _counters) {
+    totalEntities.add(key.split(':')[0]);
+    totalEvents += counter.count;
+  }
+  return {
+    trackedEntities: totalEntities.size,
+    totalEvents,
+    counterEntries: _counters.size,
+  };
+}
+
+module.exports = {
+  record,
+  check,
+  getUsage,
+  getBillingSummary,
+  reset,
+  getStats,
+};

package/server/services/modules/affiliate-intelligence.js

@@ -0,0 +1,93 @@
+/**
+ * WAB Affiliate Intelligence (10-affiliate-intelligence) — PUBLIC API, PRIVATE DB
+ * Detects affiliate link manipulation and cookie stuffing.
+ * API is open, detection database is closed.
+ *
+ * Powered by WAB — Web Agent Bridge
+ * https://www.webagentbridge.com
+ */
+
+'use strict';
+
+const crypto = require('crypto');
+const url = require('url');
+
+const scanStore = new Map();
+
+let affiliateDb;
+try { affiliateDb = require('./affiliate-db'); } catch { affiliateDb = null; }
+
+const KNOWN_AFFILIATE_PARAMS = ['ref', 'aff', 'affiliate', 'partner', 'utm_source', 'tag', 'associate', 'clickid', 'subid', 'irclickid', 'gclid', 'fbclid'];
+const COOKIE_STUFFING_INDICATORS = ['iframe[style*="display:none"]', 'iframe[width="0"]', 'img[src*="click"]', 'img[width="1"][height="1"]'];
+
+function createRouter(express) {
+  const router = express.Router();
+
+  router.post('/scan-url', (req, res) => {
+    const { target_url } = req.body;
+    if (!target_url) return res.status(400).json({ error: 'target_url required' });
+
+    try {
+      const parsed = new URL(target_url);
+      const affiliateParams = [];
+      for (const [key, value] of parsed.searchParams) {
+        if (KNOWN_AFFILIATE_PARAMS.includes(key.toLowerCase())) {
+          affiliateParams.push({ param: key, value, type: 'affiliate_tracking' });
+        }
+      }
+
+      const hasRedirect = /\/(click|go|redirect|track|aff|out)\//i.test(parsed.pathname);
+      let manipulation = null;
+      if (affiliateDb) {
+        manipulation = affiliateDb.checkManipulation(target_url, affiliateParams);
+      }
+
+      const scanId = 'ASCAN-' + crypto.randomBytes(6).toString('hex').toUpperCase();
+      const result = {
+        scan_id: scanId, url: target_url, hostname: parsed.hostname,
+        affiliate_params: affiliateParams, has_affiliate: affiliateParams.length > 0,
+        has_redirect_chain: hasRedirect, manipulation_detected: manipulation,
+        risk_level: affiliateParams.length > 2 ? 'HIGH' : affiliateParams.length > 0 ? 'MEDIUM' : 'LOW',
+        scanned_at: new Date().toISOString(),
+      };
+      scanStore.set(scanId, result);
+      res.json(result);
+    } catch (e) {
+      res.status(400).json({ error: 'Invalid URL: ' + e.message });
+    }
+  });
+
+  router.post('/scan-html', (req, res) => {
+    const { html, page_url } = req.body;
+    if (!html) return res.status(400).json({ error: 'html content required' });
+
+    const findings = [];
+    for (const indicator of COOKIE_STUFFING_INDICATORS) {
+      const tag = indicator.split('[')[0];
+      const attrMatch = indicator.match(/\[([^\]]+)\]/g) || [];
+      if (new RegExp(`<${tag}[^>]*${attrMatch.map(a => a.slice(1, -1).replace('*', '.*')).join('[^>]*')}`, 'gi').test(html)) {
+        findings.push({ type: 'COOKIE_STUFFING', indicator, severity: 'HIGH' });
+      }
+    }
+
+    const hiddenIframes = (html.match(/<iframe[^>]*(?:display\s*:\s*none|width\s*=\s*["']?0|height\s*=\s*["']?0)[^>]*>/gi) || []).length;
+    const trackingPixels = (html.match(/<img[^>]*(?:width\s*=\s*["']?1["']?\s+height\s*=\s*["']?1|height\s*=\s*["']?1["']?\s+width\s*=\s*["']?1)[^>]*>/gi) || []).length;
+
+    res.json({
+      page_url: page_url || 'unknown', cookie_stuffing_indicators: findings,
+      hidden_iframes: hiddenIframes, tracking_pixels: trackingPixels,
+      risk_level: findings.length > 0 || hiddenIframes > 2 ? 'HIGH' : trackingPixels > 5 ? 'MEDIUM' : 'LOW',
+      scanned_at: new Date().toISOString(),
+    });
+  });
+
+  router.get('/stats', (req, res) => {
+    let high = 0, manipulations = 0;
+    for (const s of scanStore.values()) { if (s.risk_level === 'HIGH') high++; if (s.manipulation_detected) manipulations++; }
+    res.json({ total_scans: scanStore.size, high_risk: high, manipulations_detected: manipulations });
+  });
+
+  return router;
+}
+
+module.exports = { createRouter };

package/server/services/modules/agent-firewall.js

@@ -0,0 +1,90 @@
+/**
+ * WAB Agent Firewall (01-agent-firewall) — PUBLIC API, PRIVATE DETECTION LOGIC
+ * Scans URLs and content for prompt injections, phishing, and dark patterns.
+ * API is open, deep detection rules are closed.
+ *
+ * Powered by WAB — Web Agent Bridge
+ * https://www.webagentbridge.com
+ */
+
+'use strict';
+
+const crypto = require('crypto');
+
+const BASIC_THREATS = [
+  /ignore\s+(all\s+)?previous\s+instructions/gi,
+  /you\s+are\s+now\s+in\s+developer\s+mode/gi,
+  /disregard\s+(your\s+)?(prior\s+|previous\s+)?instructions/gi,
+  /<\s*script[^>]*>.*?<\/\s*script\s*>/gis,
+  /transfer\s+\$?\d+.*?to\s+(?:wallet|account|address)/gi,
+  /data:text\/html.*base64/gi,
+  /javascript:void/gi,
+];
+
+const MALICIOUS_DOMAINS = new Set([
+  'paypa1.com', 'amaz0n.com', 'g00gle.com', 'faceb00k.com',
+  'secure-paypal-login.com', 'amazon-security-alert.com',
+]);
+
+let deepDetection;
+try { deepDetection = require('./firewall-engine'); } catch { deepDetection = null; }
+
+const scanLog = [];
+
+function createRouter(express) {
+  const router = express.Router();
+
+  router.post('/scan', (req, res) => {
+    const { url: targetUrl, content, agent_id } = req.body;
+    const startTime = Date.now();
+
+    const urlThreats = [];
+    const contentThreats = [];
+    let riskScore = 0;
+
+    if (targetUrl) {
+      try {
+        const parsed = new URL(targetUrl);
+        const hostname = parsed.hostname.toLowerCase();
+        if (MALICIOUS_DOMAINS.has(hostname)) { urlThreats.push({ type: 'MALICIOUS_DOMAIN', severity: 'CRITICAL', detail: hostname }); riskScore += 40; }
+        if (/[^\x00-\x7F]/.test(hostname)) { urlThreats.push({ type: 'HOMOGRAPH_ATTACK', severity: 'HIGH', detail: hostname }); riskScore += 25; }
+        if (/(?:password|token|apikey|secret)=/i.test(targetUrl)) { urlThreats.push({ type: 'DATA_EXFILTRATION', severity: 'HIGH', detail: 'Sensitive params in URL' }); riskScore += 25; }
+      } catch { urlThreats.push({ type: 'INVALID_URL', severity: 'LOW' }); }
+    }
+
+    if (content && typeof content === 'string') {
+      for (const pattern of BASIC_THREATS) {
+        const matches = content.match(pattern);
+        if (matches) { contentThreats.push({ type: 'PROMPT_INJECTION', matches: matches.slice(0, 3), count: matches.length }); riskScore += 30; }
+      }
+      if (deepDetection) {
+        const deep = deepDetection.analyze(content, targetUrl);
+        contentThreats.push(...(deep.threats || []));
+        riskScore += deep.score || 0;
+      }
+    }
+
+    riskScore = Math.min(100, riskScore);
+    const verdict = riskScore === 0 ? 'CLEAN' : riskScore > 50 ? 'BLOCKED' : 'WARNING';
+    const scanId = crypto.randomBytes(8).toString('hex');
+
+    scanLog.push({ scan_id: scanId, url: targetUrl, verdict, risk_score: riskScore, timestamp: new Date().toISOString() });
+    if (scanLog.length > 5000) scanLog.splice(0, scanLog.length - 5000);
+
+    res.json({
+      scan_id: scanId, verdict, risk_score: riskScore,
+      url_threats: urlThreats, content_threats: contentThreats,
+      processing_time_ms: Date.now() - startTime, scanned_at: new Date().toISOString(),
+    });
+  });
+
+  router.get('/stats', (req, res) => {
+    let blocked = 0, warnings = 0;
+    for (const s of scanLog) { if (s.verdict === 'BLOCKED') blocked++; if (s.verdict === 'WARNING') warnings++; }
+    res.json({ total_scans: scanLog.length, blocked, warnings, clean: scanLog.length - blocked - warnings });
+  });
+
+  return router;
+}
+
+module.exports = { createRouter };

package/server/services/modules/bounty.js

@@ -0,0 +1,89 @@
+/**
+ * WAB Bounty Network (09-bounty-network) — PUBLIC API, PRIVATE VERIFICATION RULES
+ * Bug bounty and threat reporting network.
+ * Report interface is open, verification rules are closed.
+ *
+ * Powered by WAB — Web Agent Bridge
+ * https://www.webagentbridge.com
+ */
+
+'use strict';
+
+const crypto = require('crypto');
+
+const reportStore = new Map();
+const rewardStore = new Map();
+
+const CATEGORIES = ['dark_pattern', 'price_manipulation', 'fake_reviews', 'hidden_fees', 'data_harvesting', 'accessibility_violation', 'misleading_ads', 'forced_subscription'];
+const SEVERITY_REWARDS = { LOW: 10, MEDIUM: 50, HIGH: 200, CRITICAL: 500 };
+
+let verifyReport;
+try { verifyReport = require('./bounty-verification'); } catch { verifyReport = null; }
+
+function createRouter(express) {
+  const router = express.Router();
+
+  router.post('/report', (req, res) => {
+    const { platform, url: targetUrl, category, description, evidence_html, reporter_token } = req.body;
+    if (!platform || !targetUrl || !category || !description) {
+      return res.status(400).json({ error: 'platform, url, category, and description required' });
+    }
+    if (!CATEGORIES.includes(category)) {
+      return res.status(400).json({ error: `Invalid category. Valid: ${CATEGORIES.join(', ')}` });
+    }
+
+    const reportId = 'RPT-' + crypto.randomBytes(8).toString('hex').toUpperCase();
+    const reporterHash = crypto.createHmac('sha256', process.env.WAB_SECRET || 'wab-bounty-salt')
+      .update(reporter_token || crypto.randomBytes(16).toString('hex')).digest('hex').substring(0, 16);
+
+    const report = {
+      report_id: reportId, platform, url: targetUrl, category, description,
+      reporter_hash: reporterHash, severity: null, reward_usd: 0,
+      status: 'SUBMITTED', submitted_at: new Date().toISOString(),
+      verified: false, verification_notes: null,
+    };
+
+    if (verifyReport) {
+      const verification = verifyReport(report, evidence_html);
+      report.severity = verification.severity;
+      report.verified = verification.verified;
+      report.reward_usd = verification.verified ? (SEVERITY_REWARDS[verification.severity] || 0) : 0;
+      report.status = verification.verified ? 'VERIFIED' : 'PENDING_REVIEW';
+    } else {
+      report.status = 'PENDING_REVIEW';
+    }
+
+    reportStore.set(reportId, report);
+    res.status(201).json(report);
+  });
+
+  router.get('/report/:id', (req, res) => {
+    const report = reportStore.get(req.params.id);
+    if (!report) return res.status(404).json({ error: 'Report not found' });
+    res.json(report);
+  });
+
+  router.get('/categories', (req, res) => {
+    res.json({ categories: CATEGORIES, severity_rewards_usd: SEVERITY_REWARDS });
+  });
+
+  router.get('/leaderboard', (req, res) => {
+    const reporters = {};
+    for (const r of reportStore.values()) {
+      if (r.verified) { reporters[r.reporter_hash] = (reporters[r.reporter_hash] || 0) + r.reward_usd; }
+    }
+    const leaderboard = Object.entries(reporters).map(([hash, total]) => ({ reporter_hash: hash, total_rewards_usd: total }))
+      .sort((a, b) => b.total_rewards_usd - a.total_rewards_usd).slice(0, 20);
+    res.json({ leaderboard });
+  });
+
+  router.get('/stats', (req, res) => {
+    let verified = 0, totalReward = 0;
+    for (const r of reportStore.values()) { if (r.verified) { verified++; totalReward += r.reward_usd; } }
+    res.json({ total_reports: reportStore.size, verified_reports: verified, total_rewards_usd: totalReward, categories: CATEGORIES.length });
+  });
+
+  return router;
+}
+
+module.exports = { createRouter };