npm - web-agent-bridge - Versions diffs - 3.0.0 → 3.3.0 - Mend

web-agent-bridge 3.0.0 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (202) hide show

package/LICENSE +72 -21
package/README.ar.md +1286 -1073
package/README.md +1764 -1535
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -138
package/bin/wab.js +80 -80
package/examples/bidi-agent.js +119 -119
package/examples/cross-site-agent.js +91 -91
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/puppeteer-agent.js +108 -108
package/examples/saas-dashboard/README.md +55 -55
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +17 -3
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/ai-plugin.json +28 -0
package/public/.well-known/security.txt +8 -0
package/public/agent-workspace.html +349 -347
package/public/ai.html +198 -196
package/public/api.html +413 -0
package/public/browser.html +486 -484
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -208
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1235 -1235
package/public/dashboard.html +706 -704
package/public/demo.html +1770 -1
package/public/dns.html +507 -0
package/public/docs.html +587 -585
package/public/feed.xml +89 -89
package/public/growth.html +463 -0
package/public/index.html +341 -9
package/public/integrations.html +556 -0
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +31 -31
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/llms-full.txt +360 -309
package/public/llms.txt +125 -86
package/public/login.html +85 -83
package/public/mesh-dashboard.html +328 -328
package/public/openapi.json +580 -580
package/public/phone-shield.html +281 -0
package/public/premium-dashboard.html +2489 -2487
package/public/premium.html +793 -791
package/public/privacy.html +297 -295
package/public/register.html +105 -103
package/public/robots.txt +87 -87
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -0
package/public/terms.html +256 -254
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/commander.js +262 -262
package/sdk/index.d.ts +464 -464
package/sdk/index.js +18 -1
package/sdk/multi-agent.js +318 -318
package/sdk/package.json +12 -1
package/sdk/safety-shield.js +219 -0
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +367 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +175 -19
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +681 -681
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/admin-premium.js +671 -671
package/server/routes/admin.js +261 -261
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -378
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +45 -45
package/server/routes/commander.js +316 -316
package/server/routes/demo-showcase.js +332 -0
package/server/routes/demo-store.js +154 -0
package/server/routes/discovery.js +417 -406
package/server/routes/gateway.js +173 -0
package/server/routes/license.js +251 -240
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/runtime.js +2148 -2147
package/server/routes/sovereign.js +465 -385
package/server/routes/universal.js +200 -177
package/server/routes/wab-api.js +850 -491
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/security/cross-site-redactor.js +196 -0
package/server/security/dry-run.js +180 -0
package/server/security/human-gate-rate-limit.js +147 -0
package/server/security/human-gate-transports.js +178 -0
package/server/security/human-gate.js +281 -0
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -0
package/server/security/reward-guard.js +171 -0
package/server/security/rollback-store.js +239 -0
package/server/security/token-scope.js +404 -0
package/server/security/url-policy.js +139 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -575
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -539
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -0
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +204 -204
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -616
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -0
package/server/services/modules/agent-firewall.js +90 -0
package/server/services/modules/bounty.js +89 -0
package/server/services/modules/collective-bargaining.js +92 -0
package/server/services/modules/dark-pattern.js +66 -0
package/server/services/modules/gov-intelligence.js +45 -0
package/server/services/modules/neural.js +55 -0
package/server/services/modules/notary.js +49 -0
package/server/services/modules/price-time-machine.js +86 -0
package/server/services/modules/protocol.js +104 -0
package/server/services/negotiation.js +439 -439
package/server/services/plugins.js +771 -771
package/server/services/premium.js +1 -1
package/server/services/price-intelligence.js +566 -565
package/server/services/price-shield.js +1137 -1137
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/sovereign-shield.js +542 -0
package/server/services/stripe.js +192 -192
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +662 -661
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -0
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/server/services/fairness-engine.js +0 -409
package/server/services/fairness.js +0 -420

package/server/routes/discovery.js CHANGED Viewed

@@ -1,406 +1,417 @@
-/**
- * WAB Discovery Protocol — Auto-generated discovery documents and
- * public registry of WAB-enabled sites with fairness scoring.
- */
-const express = require('express');
-const router = express.Router();
-const { findSiteById, db } = require('../models/db');
-const { authenticateToken } = require('../middleware/auth');
-const {
-  calculateNeutralityScore,
-  fairnessWeightedSearch,
-  registerInDirectory,
-  getDirectoryListings,
-  generateFairnessReport
-} = require('../services/fairness');
-const WAB_VERSION = '1.2.0';
-// ─── Helpers ─────────────────────────────────────────────────────────
-function findSiteByDomain(domain) {
-  if (!domain) return null;
-  const normalized = domain.toLowerCase().replace(/^www\./, '');
-  return db.prepare(
-    "SELECT * FROM sites WHERE LOWER(REPLACE(domain, 'www.', '')) = ? AND active = 1 LIMIT 1"
-  ).get(normalized);
-}
-function getRequestDomain(req) {
-  const origin = req.get('origin');
-  if (origin) {
-    try { return new URL(origin).hostname; } catch (_) {}
-  }
-  const host = req.get('host');
-  if (host) return host.split(':')[0];
-  return req.hostname;
-}
-function parseSiteConfig(site) {
-  try { return JSON.parse(site.config || '{}'); } catch (_) { return {}; }
-}
-function buildDiscoveryDocument(site) {
-  const config = parseSiteConfig(site);
-  const perms = config.agentPermissions || {};
-  const restrictions = config.restrictions || {};
-  const features = config.features || {};
-  const enabledActions = Object.entries(perms)
-    .filter(([, v]) => v)
-    .map(([k]) => k);
-  const featureList = ['auto_discovery', 'noscript_fallback'];
-  if (features.advancedAnalytics) featureList.push('advanced_analytics');
-  if (features.realTimeUpdates) featureList.push('real_time_updates');
-  if (perms.apiAccess) featureList.push('api_access');
-  const dirEntry = db.prepare('SELECT * FROM wab_directory WHERE site_id = ?').get(site.id);
-  const neutralityScore = calculateNeutralityScore(site);
-  return {
-    wab_version: WAB_VERSION,
-    generated_at: new Date().toISOString(),
-    provider: {
-      name: site.name,
-      domain: site.domain,
-      category: (dirEntry && dirEntry.category) || config.category || 'general',
-      description: site.description || ''
-    },
-    capabilities: {
-      commands: enabledActions,
-      permissions: perms,
-      tier: site.tier,
-      transport: ['js_global', 'http', 'websocket'],
-      features: featureList
-    },
-    agent_access: {
-      bridge_script: '/script/ai-agent-bridge.js',
-      api_base: '/api/wab',
-      websocket: '/ws/analytics',
-      noscript: `/api/noscript/bridge/${site.id}`,
-      discovery: `/api/discovery/${site.id}`
-    },
-    fairness: {
-      is_independent: dirEntry ? !!dirEntry.is_independent : false,
-      commission_rate: dirEntry ? dirEntry.commission_rate : 0,
-      direct_benefit: dirEntry ? (dirEntry.direct_benefit || '') : '',
-      neutrality_score: neutralityScore
-    },
-    security: {
-      session_required: true,
-      origin_validation: true,
-      rate_limit: (restrictions.rateLimit && restrictions.rateLimit.maxCallsPerMinute) || 60,
-      sandbox: true
-    },
-    endpoints: {
-      authenticate: '/api/wab/authenticate',
-      discover: `/api/wab/discover?siteId=${site.id}`,
-      actions: `/api/wab/actions?siteId=${site.id}`,
-      execute: '/api/wab/actions/{actionName}',
-      read: '/api/wab/read',
-      page_info: `/api/wab/page-info?siteId=${site.id}`,
-      search: '/api/wab/search',
-      ping: '/api/wab/ping',
-      token_exchange: '/api/license/token',
-      bridge_page: `/api/noscript/bridge/${site.id}`
-    }
-  };
-}
-// ═════════════════════════════════════════════════════════════════════
-// 1. GET /.well-known/wab.json — Standard discovery location
-// ═════════════════════════════════════════════════════════════════════
-function buildSelfDiscovery() {
-  return {
-    wab_version: WAB_VERSION,
-    protocol: '1.0',
-    generated_at: new Date().toISOString(),
-    provider: {
-      name: 'Web Agent Bridge',
-      domain: 'webagentbridge.com',
-      category: 'developer-tools',
-      description: 'Open protocol and runtime for AI agent ↔ website interaction. The OpenAPI for human-facing web pages.'
-    },
-    capabilities: {
-      commands: ['read', 'navigate', 'search', 'discover'],
-      permissions: { readContent: true, navigate: true, apiAccess: true },
-      tier: 'platform',
-      transport: ['http', 'javascript', 'websocket'],
-      features: [
-        'discovery_protocol', 'fairness_engine', 'mcp_adapter',
-        'noscript_fallback', 'agent_sdk', 'wordpress_plugin',
-        'openapi_spec', 'llms_txt', 'atom_feed'
-      ]
-    },
-    agent_access: {
-      bridge_script: '/script/ai-agent-bridge.js',
-      api_base: '/api/wab',
-      websocket: '/ws/analytics',
-      discovery: '/agent-bridge.json',
-      llms_txt: '/llms.txt',
-      llms_full_txt: '/llms-full.txt',
-      openapi: '/openapi.json',
-      ai_assets: '/.well-known/ai-assets.json',
-      atom_feed: '/feed.xml',
-      sitemap: '/sitemap.xml'
-    },
-    fairness: {
-      is_independent: true,
-      commission_rate: 0,
-      direct_benefit: 'Open-source protocol maintainer',
-      neutrality_score: 100
-    },
-    security: {
-      session_required: false,
-      origin_validation: true,
-      rate_limit: 60,
-      sandbox: true
-    },
-    endpoints: {
-      discover: '/api/wab/discover',
-      actions: '/api/wab/actions',
-      execute: '/api/wab/execute',
-      ping: '/api/wab/ping',
-      search: '/api/wab/search',
-      registry: '/api/discovery/registry',
-      plans: '/api/plans',
-      page_info: '/api/wab/page-info'
-    },
-    ecosystem: {
-      npm: 'https://www.npmjs.com/package/web-agent-bridge',
-      github: 'https://github.com/abokenan444/web-agent-bridge',
-      security: 'https://socket.dev/npm/package/web-agent-bridge',
-      mcp_adapter: 'https://www.npmjs.com/package/wab-mcp-adapter',
-      wordpress: 'https://github.com/abokenan444/web-agent-bridge/tree/master/web-agent-bridge-wordpress',
-      specification: 'https://github.com/abokenan444/web-agent-bridge/blob/master/docs/SPEC.md'
-    }
-  };
-}
-router.get('/.well-known/wab.json', (req, res) => {
-  try {
-    const domain = getRequestDomain(req);
-    const site = findSiteByDomain(domain);
-    if (!site) {
-      if (domain === 'webagentbridge.com' || domain === 'www.webagentbridge.com' || domain === 'localhost') {
-        res.set('Cache-Control', 'public, max-age=300');
-        res.set('X-WAB-Version', WAB_VERSION);
-        return res.json(buildSelfDiscovery());
-      }
-      return res.status(404).json({
-        error: 'No WAB-enabled site found for this domain',
-        domain,
-        hint: 'Register your site at /dashboard to enable WAB discovery'
-      });
-    }
-    const doc = buildDiscoveryDocument(site);
-    res.set('Cache-Control', 'public, max-age=300');
-    res.set('X-WAB-Version', WAB_VERSION);
-    res.json(doc);
-  } catch (err) {
-    res.status(500).json({ error: 'Failed to generate discovery document' });
-  }
-});
-// ═════════════════════════════════════════════════════════════════════
-// 2. GET /agent-bridge.json — Alternative discovery location
-// ═════════════════════════════════════════════════════════════════════
-router.get('/agent-bridge.json', (req, res) => {
-  try {
-    const domain = getRequestDomain(req);
-    const site = findSiteByDomain(domain);
-    if (!site) {
-      if (domain === 'webagentbridge.com' || domain === 'www.webagentbridge.com' || domain === 'localhost') {
-        res.set('Cache-Control', 'public, max-age=300');
-        res.set('X-WAB-Version', WAB_VERSION);
-        return res.json(buildSelfDiscovery());
-      }
-      return res.status(404).json({
-        error: 'No WAB-enabled site found for this domain',
-        domain,
-        hint: 'Register your site at /dashboard to enable WAB discovery'
-      });
-    }
-    const doc = buildDiscoveryDocument(site);
-    res.set('Cache-Control', 'public, max-age=300');
-    res.set('X-WAB-Version', WAB_VERSION);
-    res.json(doc);
-  } catch (err) {
-    res.status(500).json({ error: 'Failed to generate discovery document' });
-  }
-});
-// ═════════════════════════════════════════════════════════════════════
-// 3. GET /api/discovery/registry — Public registry with fairness scoring
-//    (defined BEFORE :siteId to avoid route shadowing)
-// ═════════════════════════════════════════════════════════════════════
-router.get('/api/discovery/registry', (req, res) => {
-  try {
-    const category = req.query.category || 'all';
-    const limit = Math.min(parseInt(req.query.limit) || 50, 200);
-    const offset = parseInt(req.query.offset) || 0;
-    const listings = getDirectoryListings(category, { limit, offset });
-    const registry = listings.map(entry => ({
-      siteId: entry.id,
-      name: entry.name,
-      domain: entry.domain,
-      description: entry.description || '',
-      category: entry.category || 'general',
-      tier: entry.tier,
-      neutrality_score: entry.neutrality_score || 0,
-      is_independent: !!entry.is_independent,
-      tags: safeParseTags(entry.tags),
-      discovery_url: `/api/discovery/${entry.id}`
-    }));
-    res.json({
-      wab_version: WAB_VERSION,
-      total: registry.length,
-      category,
-      listings: registry
-    });
-  } catch (err) {
-    res.status(500).json({ error: 'Failed to fetch registry' });
-  }
-});
-// ═════════════════════════════════════════════════════════════════════
-// 4. POST /api/discovery/register — Register site in WAB directory
-// ═════════════════════════════════════════════════════════════════════
-router.post('/api/discovery/register', authenticateToken, (req, res) => {
-  try {
-    const { siteId, category, tags, is_independent, commission_rate, direct_benefit, trust_signature } = req.body;
-    if (!siteId) {
-      return res.status(400).json({ error: 'siteId is required' });
-    }
-    const site = findSiteById.get(siteId);
-    if (!site) {
-      return res.status(404).json({ error: 'Site not found' });
-    }
-    if (site.user_id !== req.user.id) {
-      return res.status(403).json({ error: 'You do not own this site' });
-    }
-    const result = registerInDirectory(siteId, {
-      category,
-      tags,
-      is_independent,
-      commission_rate,
-      direct_benefit,
-      trust_signature
-    });
-    if (!result.success) {
-      return res.status(400).json({ error: result.error });
-    }
-    const report = generateFairnessReport(siteId);
-    res.status(201).json({
-      success: true,
-      registration: result,
-      fairness_report: report
-    });
-  } catch (err) {
-    res.status(500).json({ error: 'Failed to register site' });
-  }
-});
-// ═════════════════════════════════════════════════════════════════════
-// 5. GET /api/discovery/search — Search WAB sites (fairness-weighted)
-// ═════════════════════════════════════════════════════════════════════
-router.get('/api/discovery/search', (req, res) => {
-  try {
-    const query = req.query.q || '';
-    const category = req.query.category || null;
-    const limit = Math.min(parseInt(req.query.limit) || 20, 100);
-    let sql = `
-      SELECT s.*, d.category, d.tags, d.is_independent, d.commission_rate,
-             d.direct_benefit, d.neutrality_score, d.trust_signature
-      FROM wab_directory d
-      JOIN sites s ON d.site_id = s.id AND s.active = 1
-      WHERE d.listed = 1
-    `;
-    const params = [];
-    if (category) {
-      sql += ' AND d.category = ?';
-      params.push(category);
-    }
-    sql += ' ORDER BY d.neutrality_score DESC LIMIT ?';
-    params.push(limit * 3);
-    const candidates = db.prepare(sql).all(...params);
-    const results = fairnessWeightedSearch(query, candidates).slice(0, limit);
-    res.json({
-      wab_version: WAB_VERSION,
-      query,
-      total: results.length,
-      results: results.map(r => ({
-        siteId: r.id,
-        name: r.name,
-        domain: r.domain,
-        description: r.description || '',
-        category: r.category || 'general',
-        tier: r.tier,
-        neutrality_score: r._neutralityScore,
-        is_independent: r._isIndependent,
-        relevance_score: r._relevance,
-        fairness_boost: r._fairnessBoost,
-        final_score: r._finalScore,
-        tags: safeParseTags(r.tags),
-        discovery_url: `/api/discovery/${r.id}`
-      }))
-    });
-  } catch (err) {
-    res.status(500).json({ error: 'Search failed' });
-  }
-});
-// ═════════════════════════════════════════════════════════════════════
-// 6. GET /api/discovery/:siteId — Discovery doc for a specific site
-//    (defined AFTER named routes to prevent shadowing)
-// ═════════════════════════════════════════════════════════════════════
-router.get('/api/discovery/:siteId', (req, res) => {
-  try {
-    const site = findSiteById.get(req.params.siteId);
-    if (!site || !site.active) {
-      return res.status(404).json({ error: 'Site not found' });
-    }
-    const doc = buildDiscoveryDocument(site);
-    res.set('Cache-Control', 'public, max-age=300');
-    res.set('X-WAB-Version', WAB_VERSION);
-    res.json(doc);
-  } catch (err) {
-    res.status(500).json({ error: 'Failed to generate discovery document' });
-  }
-});
-// ─── Utility ─────────────────────────────────────────────────────────
-function safeParseTags(tags) {
-  if (Array.isArray(tags)) return tags;
-  try { return JSON.parse(tags || '[]'); } catch (_) { return []; }
-}
-module.exports = router;
+/**
+ * WAB Discovery Protocol — Auto-generated discovery documents and
+ * public registry of WAB-enabled sites with fairness scoring.
+ */
+const express = require('express');
+const router = express.Router();
+const { findSiteById, db } = require('../models/db');
+const { authenticateToken } = require('../middleware/auth');
+// Fairness module is proprietary — provide stubs when not available
+let calculateNeutralityScore, fairnessWeightedSearch, registerInDirectory, getDirectoryListings, generateFairnessReport;
+try {
+  ({
+    calculateNeutralityScore,
+    fairnessWeightedSearch,
+    registerInDirectory,
+    getDirectoryListings,
+    generateFairnessReport
+  } = require('../services/fairness'));
+} catch {
+  calculateNeutralityScore = () => ({ score: 0, label: 'unrated' });
+  fairnessWeightedSearch = (_q, candidates) => candidates;
+  registerInDirectory = () => ({});
+  getDirectoryListings = () => [];
+  generateFairnessReport = () => ({ status: 'unavailable' });
+}
+const WAB_VERSION = '1.2.0';
+// ─── Helpers ─────────────────────────────────────────────────────────
+function findSiteByDomain(domain) {
+  if (!domain) return null;
+  const normalized = domain.toLowerCase().replace(/^www\./, '');
+  return db.prepare(
+    "SELECT * FROM sites WHERE LOWER(REPLACE(domain, 'www.', '')) = ? AND active = 1 LIMIT 1"
+  ).get(normalized);
+}
+function getRequestDomain(req) {
+  const origin = req.get('origin');
+  if (origin) {
+    try { return new URL(origin).hostname; } catch (_) {}
+  }
+  const host = req.get('host');
+  if (host) return host.split(':')[0];
+  return req.hostname;
+}
+function parseSiteConfig(site) {
+  try { return JSON.parse(site.config || '{}'); } catch (_) { return {}; }
+}
+function buildDiscoveryDocument(site) {
+  const config = parseSiteConfig(site);
+  const perms = config.agentPermissions || {};
+  const restrictions = config.restrictions || {};
+  const features = config.features || {};
+  const enabledActions = Object.entries(perms)
+    .filter(([, v]) => v)
+    .map(([k]) => k);
+  const featureList = ['auto_discovery', 'noscript_fallback'];
+  if (features.advancedAnalytics) featureList.push('advanced_analytics');
+  if (features.realTimeUpdates) featureList.push('real_time_updates');
+  if (perms.apiAccess) featureList.push('api_access');
+  const dirEntry = db.prepare('SELECT * FROM wab_directory WHERE site_id = ?').get(site.id);
+  const neutralityScore = calculateNeutralityScore(site);
+  return {
+    wab_version: WAB_VERSION,
+    generated_at: new Date().toISOString(),
+    provider: {
+      name: site.name,
+      domain: site.domain,
+      category: (dirEntry && dirEntry.category) || config.category || 'general',
+      description: site.description || ''
+    },
+    capabilities: {
+      commands: enabledActions,
+      permissions: perms,
+      tier: site.tier,
+      transport: ['js_global', 'http', 'websocket'],
+      features: featureList
+    },
+    agent_access: {
+      bridge_script: '/script/ai-agent-bridge.js',
+      api_base: '/api/wab',
+      websocket: '/ws/analytics',
+      noscript: `/api/noscript/bridge/${site.id}`,
+      discovery: `/api/discovery/${site.id}`
+    },
+    fairness: {
+      is_independent: dirEntry ? !!dirEntry.is_independent : false,
+      commission_rate: dirEntry ? dirEntry.commission_rate : 0,
+      direct_benefit: dirEntry ? (dirEntry.direct_benefit || '') : '',
+      neutrality_score: neutralityScore
+    },
+    security: {
+      session_required: true,
+      origin_validation: true,
+      rate_limit: (restrictions.rateLimit && restrictions.rateLimit.maxCallsPerMinute) || 60,
+      sandbox: true
+    },
+    endpoints: {
+      authenticate: '/api/wab/authenticate',
+      discover: `/api/wab/discover?siteId=${site.id}`,
+      actions: `/api/wab/actions?siteId=${site.id}`,
+      execute: '/api/wab/actions/{actionName}',
+      read: '/api/wab/read',
+      page_info: `/api/wab/page-info?siteId=${site.id}`,
+      search: '/api/wab/search',
+      ping: '/api/wab/ping',
+      token_exchange: '/api/license/token',
+      bridge_page: `/api/noscript/bridge/${site.id}`
+    }
+  };
+}
+// ═════════════════════════════════════════════════════════════════════
+// 1. GET /.well-known/wab.json — Standard discovery location
+// ═════════════════════════════════════════════════════════════════════
+function buildSelfDiscovery() {
+  return {
+    wab_version: WAB_VERSION,
+    protocol: '1.0',
+    generated_at: new Date().toISOString(),
+    provider: {
+      name: 'Web Agent Bridge',
+      domain: 'webagentbridge.com',
+      category: 'developer-tools',
+      description: 'Open protocol and runtime for AI agent ↔ website interaction. The OpenAPI for human-facing web pages.'
+    },
+    capabilities: {
+      commands: ['read', 'navigate', 'search', 'discover'],
+      permissions: { readContent: true, navigate: true, apiAccess: true },
+      tier: 'platform',
+      transport: ['http', 'javascript', 'websocket'],
+      features: [
+        'discovery_protocol', 'fairness_engine', 'mcp_adapter',
+        'noscript_fallback', 'agent_sdk', 'wordpress_plugin',
+        'openapi_spec', 'llms_txt', 'atom_feed'
+      ]
+    },
+    agent_access: {
+      bridge_script: '/script/ai-agent-bridge.js',
+      api_base: '/api/wab',
+      websocket: '/ws/analytics',
+      discovery: '/agent-bridge.json',
+      llms_txt: '/llms.txt',
+      llms_full_txt: '/llms-full.txt',
+      openapi: '/openapi.json',
+      ai_assets: '/.well-known/ai-assets.json',
+      atom_feed: '/feed.xml',
+      sitemap: '/sitemap.xml'
+    },
+    fairness: {
+      is_independent: true,
+      commission_rate: 0,
+      direct_benefit: 'Open-source protocol maintainer',
+      neutrality_score: 100
+    },
+    security: {
+      session_required: false,
+      origin_validation: true,
+      rate_limit: 60,
+      sandbox: true
+    },
+    endpoints: {
+      discover: '/api/wab/discover',
+      actions: '/api/wab/actions',
+      execute: '/api/wab/execute',
+      ping: '/api/wab/ping',
+      search: '/api/wab/search',
+      registry: '/api/discovery/registry',
+      plans: '/api/plans',
+      page_info: '/api/wab/page-info'
+    },
+    ecosystem: {
+      npm: 'https://www.npmjs.com/package/web-agent-bridge',
+      github: 'https://github.com/abokenan444/web-agent-bridge',
+      security: 'https://socket.dev/npm/package/web-agent-bridge',
+      mcp_adapter: 'https://www.npmjs.com/package/wab-mcp-adapter',
+      wordpress: 'https://github.com/abokenan444/web-agent-bridge/tree/master/web-agent-bridge-wordpress',
+      specification: 'https://github.com/abokenan444/web-agent-bridge/blob/master/docs/SPEC.md'
+    }
+  };
+}
+router.get('/.well-known/wab.json', (req, res) => {
+  try {
+    const domain = getRequestDomain(req);
+    const site = findSiteByDomain(domain);
+    if (!site) {
+      if (domain === 'webagentbridge.com' || domain === 'www.webagentbridge.com' || domain === 'localhost') {
+        res.set('Cache-Control', 'public, max-age=300');
+        res.set('X-WAB-Version', WAB_VERSION);
+        return res.json(buildSelfDiscovery());
+      }
+      return res.status(404).json({
+        error: 'No WAB-enabled site found for this domain',
+        domain,
+        hint: 'Register your site at /dashboard to enable WAB discovery'
+      });
+    }
+    const doc = buildDiscoveryDocument(site);
+    res.set('Cache-Control', 'public, max-age=300');
+    res.set('X-WAB-Version', WAB_VERSION);
+    res.json(doc);
+  } catch (err) {
+    res.status(500).json({ error: 'Failed to generate discovery document' });
+  }
+});
+// ═════════════════════════════════════════════════════════════════════
+// 2. GET /agent-bridge.json — Alternative discovery location
+// ═════════════════════════════════════════════════════════════════════
+router.get('/agent-bridge.json', (req, res) => {
+  try {
+    const domain = getRequestDomain(req);
+    const site = findSiteByDomain(domain);
+    if (!site) {
+      if (domain === 'webagentbridge.com' || domain === 'www.webagentbridge.com' || domain === 'localhost') {
+        res.set('Cache-Control', 'public, max-age=300');
+        res.set('X-WAB-Version', WAB_VERSION);
+        return res.json(buildSelfDiscovery());
+      }
+      return res.status(404).json({
+        error: 'No WAB-enabled site found for this domain',
+        domain,
+        hint: 'Register your site at /dashboard to enable WAB discovery'
+      });
+    }
+    const doc = buildDiscoveryDocument(site);
+    res.set('Cache-Control', 'public, max-age=300');
+    res.set('X-WAB-Version', WAB_VERSION);
+    res.json(doc);
+  } catch (err) {
+    res.status(500).json({ error: 'Failed to generate discovery document' });
+  }
+});
+// ═════════════════════════════════════════════════════════════════════
+// 3. GET /api/discovery/registry — Public registry with fairness scoring
+//    (defined BEFORE :siteId to avoid route shadowing)
+// ═════════════════════════════════════════════════════════════════════
+router.get('/api/discovery/registry', (req, res) => {
+  try {
+    const category = req.query.category || 'all';
+    const limit = Math.min(parseInt(req.query.limit) || 50, 200);
+    const offset = parseInt(req.query.offset) || 0;
+    const listings = getDirectoryListings(category, { limit, offset });
+    const registry = listings.map(entry => ({
+      siteId: entry.id,
+      name: entry.name,
+      domain: entry.domain,
+      description: entry.description || '',
+      category: entry.category || 'general',
+      tier: entry.tier,
+      neutrality_score: entry.neutrality_score || 0,
+      is_independent: !!entry.is_independent,
+      tags: safeParseTags(entry.tags),
+      discovery_url: `/api/discovery/${entry.id}`
+    }));
+    res.json({
+      wab_version: WAB_VERSION,
+      total: registry.length,
+      category,
+      listings: registry
+    });
+  } catch (err) {
+    res.status(500).json({ error: 'Failed to fetch registry' });
+  }
+});
+// ═════════════════════════════════════════════════════════════════════
+// 4. POST /api/discovery/register — Register site in WAB directory
+// ═════════════════════════════════════════════════════════════════════
+router.post('/api/discovery/register', authenticateToken, (req, res) => {
+  try {
+    const { siteId, category, tags, is_independent, commission_rate, direct_benefit, trust_signature } = req.body;
+    if (!siteId) {
+      return res.status(400).json({ error: 'siteId is required' });
+    }
+    const site = findSiteById.get(siteId);
+    if (!site) {
+      return res.status(404).json({ error: 'Site not found' });
+    }
+    if (site.user_id !== req.user.id) {
+      return res.status(403).json({ error: 'You do not own this site' });
+    }
+    const result = registerInDirectory(siteId, {
+      category,
+      tags,
+      is_independent,
+      commission_rate,
+      direct_benefit,
+      trust_signature
+    });
+    if (!result.success) {
+      return res.status(400).json({ error: result.error });
+    }
+    const report = generateFairnessReport(siteId);
+    res.status(201).json({
+      success: true,
+      registration: result,
+      fairness_report: report
+    });
+  } catch (err) {
+    res.status(500).json({ error: 'Failed to register site' });
+  }
+});
+// ═════════════════════════════════════════════════════════════════════
+// 5. GET /api/discovery/search — Search WAB sites (fairness-weighted)
+// ═════════════════════════════════════════════════════════════════════
+router.get('/api/discovery/search', (req, res) => {
+  try {
+    const query = req.query.q || '';
+    const category = req.query.category || null;
+    const limit = Math.min(parseInt(req.query.limit) || 20, 100);
+    let sql = `
+      SELECT s.*, d.category, d.tags, d.is_independent, d.commission_rate,
+             d.direct_benefit, d.neutrality_score, d.trust_signature
+      FROM wab_directory d
+      JOIN sites s ON d.site_id = s.id AND s.active = 1
+      WHERE d.listed = 1
+    `;
+    const params = [];
+    if (category) {
+      sql += ' AND d.category = ?';
+      params.push(category);
+    }
+    sql += ' ORDER BY d.neutrality_score DESC LIMIT ?';
+    params.push(limit * 3);
+    const candidates = db.prepare(sql).all(...params);
+    const results = fairnessWeightedSearch(query, candidates).slice(0, limit);
+    res.json({
+      wab_version: WAB_VERSION,
+      query,
+      total: results.length,
+      results: results.map(r => ({
+        siteId: r.id,
+        name: r.name,
+        domain: r.domain,
+        description: r.description || '',
+        category: r.category || 'general',
+        tier: r.tier,
+        neutrality_score: r._neutralityScore,
+        is_independent: r._isIndependent,
+        relevance_score: r._relevance,
+        fairness_boost: r._fairnessBoost,
+        final_score: r._finalScore,
+        tags: safeParseTags(r.tags),
+        discovery_url: `/api/discovery/${r.id}`
+      }))
+    });
+  } catch (err) {
+    res.status(500).json({ error: 'Search failed' });
+  }
+});
+// ═════════════════════════════════════════════════════════════════════
+// 6. GET /api/discovery/:siteId — Discovery doc for a specific site
+//    (defined AFTER named routes to prevent shadowing)
+// ═════════════════════════════════════════════════════════════════════
+router.get('/api/discovery/:siteId', (req, res) => {
+  try {
+    const site = findSiteById.get(req.params.siteId);
+    if (!site || !site.active) {
+      return res.status(404).json({ error: 'Site not found' });
+    }
+    const doc = buildDiscoveryDocument(site);
+    res.set('Cache-Control', 'public, max-age=300');
+    res.set('X-WAB-Version', WAB_VERSION);
+    res.json(doc);
+  } catch (err) {
+    res.status(500).json({ error: 'Failed to generate discovery document' });
+  }
+});
+// ─── Utility ─────────────────────────────────────────────────────────
+function safeParseTags(tags) {
+  if (Array.isArray(tags)) return tags;
+  try { return JSON.parse(tags || '[]'); } catch (_) { return []; }
+}
+module.exports = router;