web-agent-bridge 3.2.0 → 3.4.0

package/examples/shopify-hydrogen/README.md

@@ -1,74 +1,74 @@
-# Shopify Hydrogen + WAB
-
-This example wires WAB into a Hydrogen storefront client component and exposes practical commerce actions.
-
-## Install
-
-```bash
-npm install @web-agent-bridge/react
-```
-
-## Component
-
-Create `app/components/WabHydrogenBridge.tsx`:
-
-```tsx
-'use client';
-
-import { useEffect } from 'react';
-import { WABProvider, useWAB, useWABAction } from '@web-agent-bridge/react';
-
-function BridgeInner() {
-  const { ready, discover, instance } = useWAB({
-    name: 'Hydrogen Storefront',
-    actions: {
-      getCartCount: {
-        description: 'Return cart item count from cart badge',
-        run: () => {
-          const badge = document.querySelector('[data-cart-count], .cart-count');
-          const value = Number((badge?.textContent || '0').trim()) || 0;
-          return { count: value };
-        }
-      },
-      addFirstVisibleProductToCart: {
-        description: 'Click the first visible add-to-cart button on the page',
-        run: () => {
-          const btn = Array.from(document.querySelectorAll('button, a')).find((el) =>
-            /add\s*to\s*cart/i.test((el.textContent || '').trim())
-          );
-          if (!btn) return { success: false, error: 'No add-to-cart button found' };
-          (btn as HTMLElement).click();
-          return { success: true };
-        }
-      }
-    }
-  });
-
-  const { run: runGetCartCount, result: cartCount } = useWABAction<{ count: number }>('getCartCount', {
-    instance
-  });
-
-  useEffect(() => {
-    if (!ready) return;
-    discover().then((doc) => console.log('WAB discover:', doc));
-    runGetCartCount().catch(() => {});
-  }, [ready, discover, runGetCartCount]);
-
-  return (
-    <div>
-      <p>WAB status: {ready ? 'ready' : 'loading'}</p>
-      <p>Cart count: {cartCount?.count ?? 0}</p>
-    </div>
-  );
-}
-
-export default function WabHydrogenBridge() {
-  return (
-    <WABProvider scriptSrc="https://webagentbridge.com/script/wab.min.js">
-      <BridgeInner />
-    </WABProvider>
-  );
-}
-```
-
-Import this component inside any Hydrogen page so WAB is available to agents.
+# Shopify Hydrogen + WAB
+
+This example wires WAB into a Hydrogen storefront client component and exposes practical commerce actions.
+
+## Install
+
+```bash
+npm install @web-agent-bridge/react
+```
+
+## Component
+
+Create `app/components/WabHydrogenBridge.tsx`:
+
+```tsx
+'use client';
+
+import { useEffect } from 'react';
+import { WABProvider, useWAB, useWABAction } from '@web-agent-bridge/react';
+
+function BridgeInner() {
+  const { ready, discover, instance } = useWAB({
+    name: 'Hydrogen Storefront',
+    actions: {
+      getCartCount: {
+        description: 'Return cart item count from cart badge',
+        run: () => {
+          const badge = document.querySelector('[data-cart-count], .cart-count');
+          const value = Number((badge?.textContent || '0').trim()) || 0;
+          return { count: value };
+        }
+      },
+      addFirstVisibleProductToCart: {
+        description: 'Click the first visible add-to-cart button on the page',
+        run: () => {
+          const btn = Array.from(document.querySelectorAll('button, a')).find((el) =>
+            /add\s*to\s*cart/i.test((el.textContent || '').trim())
+          );
+          if (!btn) return { success: false, error: 'No add-to-cart button found' };
+          (btn as HTMLElement).click();
+          return { success: true };
+        }
+      }
+    }
+  });
+
+  const { run: runGetCartCount, result: cartCount } = useWABAction<{ count: number }>('getCartCount', {
+    instance
+  });
+
+  useEffect(() => {
+    if (!ready) return;
+    discover().then((doc) => console.log('WAB discover:', doc));
+    runGetCartCount().catch(() => {});
+  }, [ready, discover, runGetCartCount]);
+
+  return (
+    <div>
+      <p>WAB status: {ready ? 'ready' : 'loading'}</p>
+      <p>Cart count: {cartCount?.count ?? 0}</p>
+    </div>
+  );
+}
+
+export default function WabHydrogenBridge() {
+  return (
+    <WABProvider scriptSrc="https://webagentbridge.com/script/wab.min.js">
+      <BridgeInner />
+    </WABProvider>
+  );
+}
+```
+
+Import this component inside any Hydrogen page so WAB is available to agents.

package/examples/vision-agent.js

@@ -1,171 +1,171 @@
-/**
- * Example: Vision-based AI Agent using WAB
- *
- * This agent demonstrates how a "vision" or "natural language" AI agent
- * (like OpenAI Operator, Claude Computer Use, etc.) can interact with
- * WAB using descriptive intent instead of explicit action names.
- *
- * The agent describes what it wants to do in natural language,
- * and the IntentResolver matches it to available WAB actions.
- *
- * HOW IT WORKS:
- *   The IntentResolver is a LOCAL, keyword-based NLP mapper — it does NOT
- *   call any external AI/ML API. It scores WAB actions against the intent
- *   string using word overlap, category bonuses, and synonym matching.
- *   This keeps the example dependency-free and easy to understand.
- *
- *   To integrate a real LLM (e.g., OpenAI, Claude), replace the
- *   IntentResolver.resolve() method with an API call that returns the
- *   best-matching action name from the available actions list.
- *
- * Prerequisites:
- *   npm install puppeteer
- *
- * Usage:
- *   node examples/vision-agent.js <url>
- */
-
-const puppeteer = require('puppeteer');
-
-const TARGET_URL = process.argv[2] || 'http://localhost:3000';
-
-// ─── Intent Resolver: maps natural language to WAB actions ────────────
-// This is a lightweight LOCAL resolver (no external API calls).
-// It uses keyword matching, synonym expansion, and category heuristics.
-class IntentResolver {
-  constructor(actions) {
-    this.actions = actions;
-  }
-
-  /**
-   * Find the best matching action for a natural language intent.
-   * Uses keyword matching and description similarity.
-   * @param {string} intent — Natural language description (e.g., "sign up for an account")
-   * @returns {{ action: object, confidence: number } | null}
-   */
-  resolve(intent) {
-    const intentLower = intent.toLowerCase();
-    const intentWords = intentLower.split(/\s+/);
-    let bestMatch = null;
-    let bestScore = 0;
-
-    for (const action of this.actions) {
-      const descLower = (action.description + ' ' + action.name).toLowerCase();
-      let score = 0;
-
-      // Exact name match
-      if (intentLower.includes(action.name.replace(/_/g, ' '))) {
-        score += 5;
-      }
-
-      // Word overlap scoring
-      for (const word of intentWords) {
-        if (word.length < 3) continue;
-        if (descLower.includes(word)) score += 1;
-      }
-
-      // Category bonus
-      if (action.category === 'navigation' && /navigate|go to|open|visit/i.test(intent)) score += 2;
-      if (action.trigger === 'fill_and_submit' && /fill|submit|sign up|register|login|form/i.test(intent)) score += 2;
-      if (action.trigger === 'click' && /click|press|tap|select|button/i.test(intent)) score += 1;
-
-      // Synonym matching
-      const synonyms = {
-        'sign up': ['register', 'create account', 'signup'],
-        'log in': ['login', 'sign in', 'signin'],
-        'search': ['find', 'look for', 'query'],
-        'submit': ['send', 'post', 'confirm'],
-        'navigate': ['go to', 'open', 'visit']
-      };
-
-      for (const [key, syns] of Object.entries(synonyms)) {
-        if (syns.some(s => intentLower.includes(s)) && descLower.includes(key)) score += 3;
-        if (intentLower.includes(key) && syns.some(s => descLower.includes(s))) score += 3;
-      }
-
-      if (score > bestScore) {
-        bestScore = score;
-        bestMatch = action;
-      }
-    }
-
-    if (!bestMatch || bestScore < 1) return null;
-
-    const confidence = Math.min(1, bestScore / 10);
-    return { action: bestMatch, confidence };
-  }
-}
-
-// ─── Vision Agent ─────────────────────────────────────────────────────
-async function main() {
-  console.log(`\n👁️  WAB Vision Agent`);
-  console.log(`   Target: ${TARGET_URL}\n`);
-
-  const browser = await puppeteer.launch({ headless: true });
-  const page = await browser.newPage();
-
-  await page.goto(TARGET_URL, { waitUntil: 'networkidle2' });
-  console.log(`✓ Page loaded: ${await page.title()}`);
-
-  // Wait for bridge
-  await page.waitForFunction(() => typeof window.AICommands !== 'undefined', { timeout: 10000 });
-  console.log('✓ WAB bridge detected\n');
-
-  // Get available actions
-  const actions = await page.evaluate(() => window.AICommands.getActions());
-  const resolver = new IntentResolver(actions);
-
-  console.log(`📋 Available actions: ${actions.length}`);
-  actions.forEach(a => console.log(`   • ${a.name} — ${a.description}`));
-
-  // ── Simulate vision agent intents ─────────────────────────────────
-  const intents = [
-    'I want to create a new account',
-    'Take me to the documentation page',
-    'Click the login button',
-    'Show me the dashboard'
-  ];
-
-  console.log('\n🧠 Resolving natural language intents:\n');
-
-  for (const intent of intents) {
-    const match = resolver.resolve(intent);
-
-    if (match) {
-      console.log(`  Intent: "${intent}"`);
-      console.log(`  → Action: ${match.action.name} (${match.action.trigger})`);
-      console.log(`  → Confidence: ${(match.confidence * 100).toFixed(0)}%`);
-      console.log(`  → Description: ${match.action.description}`);
-
-      // Execute if confidence is high enough
-      if (match.confidence >= 0.3) {
-        const result = await page.evaluate(
-          (name) => window.AICommands.execute(name),
-          match.action.name
-        );
-        console.log(`  → Executed: ${result.success ? '✓' : '✗ ' + result.error}`);
-      } else {
-        console.log(`  → Skipped: confidence too low`);
-      }
-    } else {
-      console.log(`  Intent: "${intent}"`);
-      console.log(`  → No matching action found`);
-    }
-    console.log('');
-  }
-
-  // ── Demonstrate page info with security context ───────────────────
-  const pageInfo = await page.evaluate(() => window.AICommands.getPageInfo());
-  console.log('📊 Page Info:');
-  console.log(`   Security sandbox: ${pageInfo.security.sandboxActive ? '✓ Active' : '✗ Inactive'}`);
-  console.log(`   Self-healing: ${pageInfo.selfHealing.tracked} tracked, ${pageInfo.selfHealing.healed} healed`);
-  console.log(`   Stealth mode: ${pageInfo.stealthMode ? 'Enabled' : 'Disabled'}`);
-
-  console.log('\n✓ Vision agent session complete.');
-  await browser.close();
-}
-
-main().catch((err) => {
-  console.error('Agent error:', err.message);
-  process.exit(1);
-});
+/**
+ * Example: Vision-based AI Agent using WAB
+ *
+ * This agent demonstrates how a "vision" or "natural language" AI agent
+ * (like OpenAI Operator, Claude Computer Use, etc.) can interact with
+ * WAB using descriptive intent instead of explicit action names.
+ *
+ * The agent describes what it wants to do in natural language,
+ * and the IntentResolver matches it to available WAB actions.
+ *
+ * HOW IT WORKS:
+ *   The IntentResolver is a LOCAL, keyword-based NLP mapper — it does NOT
+ *   call any external AI/ML API. It scores WAB actions against the intent
+ *   string using word overlap, category bonuses, and synonym matching.
+ *   This keeps the example dependency-free and easy to understand.
+ *
+ *   To integrate a real LLM (e.g., OpenAI, Claude), replace the
+ *   IntentResolver.resolve() method with an API call that returns the
+ *   best-matching action name from the available actions list.
+ *
+ * Prerequisites:
+ *   npm install puppeteer
+ *
+ * Usage:
+ *   node examples/vision-agent.js <url>
+ */
+
+const puppeteer = require('puppeteer');
+
+const TARGET_URL = process.argv[2] || 'http://localhost:3000';
+
+// ─── Intent Resolver: maps natural language to WAB actions ────────────
+// This is a lightweight LOCAL resolver (no external API calls).
+// It uses keyword matching, synonym expansion, and category heuristics.
+class IntentResolver {
+  constructor(actions) {
+    this.actions = actions;
+  }
+
+  /**
+   * Find the best matching action for a natural language intent.
+   * Uses keyword matching and description similarity.
+   * @param {string} intent — Natural language description (e.g., "sign up for an account")
+   * @returns {{ action: object, confidence: number } | null}
+   */
+  resolve(intent) {
+    const intentLower = intent.toLowerCase();
+    const intentWords = intentLower.split(/\s+/);
+    let bestMatch = null;
+    let bestScore = 0;
+
+    for (const action of this.actions) {
+      const descLower = (action.description + ' ' + action.name).toLowerCase();
+      let score = 0;
+
+      // Exact name match
+      if (intentLower.includes(action.name.replace(/_/g, ' '))) {
+        score += 5;
+      }
+
+      // Word overlap scoring
+      for (const word of intentWords) {
+        if (word.length < 3) continue;
+        if (descLower.includes(word)) score += 1;
+      }
+
+      // Category bonus
+      if (action.category === 'navigation' && /navigate|go to|open|visit/i.test(intent)) score += 2;
+      if (action.trigger === 'fill_and_submit' && /fill|submit|sign up|register|login|form/i.test(intent)) score += 2;
+      if (action.trigger === 'click' && /click|press|tap|select|button/i.test(intent)) score += 1;
+
+      // Synonym matching
+      const synonyms = {
+        'sign up': ['register', 'create account', 'signup'],
+        'log in': ['login', 'sign in', 'signin'],
+        'search': ['find', 'look for', 'query'],
+        'submit': ['send', 'post', 'confirm'],
+        'navigate': ['go to', 'open', 'visit']
+      };
+
+      for (const [key, syns] of Object.entries(synonyms)) {
+        if (syns.some(s => intentLower.includes(s)) && descLower.includes(key)) score += 3;
+        if (intentLower.includes(key) && syns.some(s => descLower.includes(s))) score += 3;
+      }
+
+      if (score > bestScore) {
+        bestScore = score;
+        bestMatch = action;
+      }
+    }
+
+    if (!bestMatch || bestScore < 1) return null;
+
+    const confidence = Math.min(1, bestScore / 10);
+    return { action: bestMatch, confidence };
+  }
+}
+
+// ─── Vision Agent ─────────────────────────────────────────────────────
+async function main() {
+  console.log(`\n👁️  WAB Vision Agent`);
+  console.log(`   Target: ${TARGET_URL}\n`);
+
+  const browser = await puppeteer.launch({ headless: true });
+  const page = await browser.newPage();
+
+  await page.goto(TARGET_URL, { waitUntil: 'networkidle2' });
+  console.log(`✓ Page loaded: ${await page.title()}`);
+
+  // Wait for bridge
+  await page.waitForFunction(() => typeof window.AICommands !== 'undefined', { timeout: 10000 });
+  console.log('✓ WAB bridge detected\n');
+
+  // Get available actions
+  const actions = await page.evaluate(() => window.AICommands.getActions());
+  const resolver = new IntentResolver(actions);
+
+  console.log(`📋 Available actions: ${actions.length}`);
+  actions.forEach(a => console.log(`   • ${a.name} — ${a.description}`));
+
+  // ── Simulate vision agent intents ─────────────────────────────────
+  const intents = [
+    'I want to create a new account',
+    'Take me to the documentation page',
+    'Click the login button',
+    'Show me the dashboard'
+  ];
+
+  console.log('\n🧠 Resolving natural language intents:\n');
+
+  for (const intent of intents) {
+    const match = resolver.resolve(intent);
+
+    if (match) {
+      console.log(`  Intent: "${intent}"`);
+      console.log(`  → Action: ${match.action.name} (${match.action.trigger})`);
+      console.log(`  → Confidence: ${(match.confidence * 100).toFixed(0)}%`);
+      console.log(`  → Description: ${match.action.description}`);
+
+      // Execute if confidence is high enough
+      if (match.confidence >= 0.3) {
+        const result = await page.evaluate(
+          (name) => window.AICommands.execute(name),
+          match.action.name
+        );
+        console.log(`  → Executed: ${result.success ? '✓' : '✗ ' + result.error}`);
+      } else {
+        console.log(`  → Skipped: confidence too low`);
+      }
+    } else {
+      console.log(`  Intent: "${intent}"`);
+      console.log(`  → No matching action found`);
+    }
+    console.log('');
+  }
+
+  // ── Demonstrate page info with security context ───────────────────
+  const pageInfo = await page.evaluate(() => window.AICommands.getPageInfo());
+  console.log('📊 Page Info:');
+  console.log(`   Security sandbox: ${pageInfo.security.sandboxActive ? '✓ Active' : '✗ Inactive'}`);
+  console.log(`   Self-healing: ${pageInfo.selfHealing.tracked} tracked, ${pageInfo.selfHealing.healed} healed`);
+  console.log(`   Stealth mode: ${pageInfo.stealthMode ? 'Enabled' : 'Disabled'}`);
+
+  console.log('\n✓ Vision agent session complete.');
+  await browser.close();
+}
+
+main().catch((err) => {
+  console.error('Agent error:', err.message);
+  process.exit(1);
+});

package/examples/wab-sign.js

@@ -0,0 +1,74 @@
+#!/usr/bin/env node
+/**
+ * wab-sign — generate Ed25519 keys and sign WAB discovery manifests.
+ *
+ * Usage:
+ *   wab-sign keygen                            # print a new keypair (save private offline)
+ *   wab-sign sign  manifest.json key.priv      # sign a manifest, write manifest.signed.json
+ *   wab-sign txt   <pubkey-b64> <endpoint>     # print the matching _wab TXT line
+ *
+ * Examples:
+ *   $ node wab-sign.js keygen > keys.json
+ *   $ jq -r .private_key keys.json > key.priv
+ *   $ node wab-sign.js sign wab.json key.priv
+ *
+ *   $ node wab-sign.js txt <(jq -r .public_key keys.json) https://example.com/.well-known/wab.json
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const { generateKeyPair, signManifest, fingerprint } = require(
+  // try the bundled service first; fall back to a local copy if invoked from a downloads/ extract
+  fs.existsSync(path.join(__dirname, '..', 'server', 'services', 'wab-crypto.js'))
+    ? path.join(__dirname, '..', 'server', 'services', 'wab-crypto.js')
+    : './wab-crypto'
+);
+
+const [,, cmd, a1, a2] = process.argv;
+
+function usage() {
+  console.error('Usage:');
+  console.error('  wab-sign keygen');
+  console.error('  wab-sign sign <manifest.json> <key.priv>');
+  console.error('  wab-sign txt  <public-key-b64>  <endpoint-url>');
+  process.exit(1);
+}
+
+if (!cmd) usage();
+
+if (cmd === 'keygen') {
+  const kp = generateKeyPair();
+  process.stdout.write(JSON.stringify(kp, null, 2) + '\n');
+  process.stderr.write('\n[!] private_key is shown ONLY here. Save it offline immediately.\n');
+  process.stderr.write('[!] Publish public_key in your _wab DNS TXT as: pk=ed25519:' + kp.public_key + '\n');
+  process.exit(0);
+}
+
+if (cmd === 'sign') {
+  if (!a1 || !a2) usage();
+  const manifest = JSON.parse(fs.readFileSync(a1, 'utf8'));
+  const priv = fs.readFileSync(a2, 'utf8').trim();
+  const signed = signManifest(manifest, priv);
+  const out = a1.replace(/\.json$/, '') + '.signed.json';
+  fs.writeFileSync(out, JSON.stringify(signed, null, 2) + '\n');
+  console.log(`[OK] Signed manifest written: ${out}`);
+  console.log(`[OK] Signature key_id: ${signed.signature.key_id}`);
+  console.log(`[OK] Upload ${out} to https://${manifest.domain || '<your-domain>'}/.well-known/wab.json`);
+  process.exit(0);
+}
+
+if (cmd === 'txt') {
+  if (!a1 || !a2) usage();
+  const pub = a1.trim();
+  const endpoint = a2.trim();
+  if (!/^https:\/\//i.test(endpoint)) { console.error('endpoint must be HTTPS'); process.exit(1); }
+  const fp = fingerprint(pub);
+  console.log(`# _wab.${endpoint.replace(/^https?:\/\//,'').replace(/\/.*$/,'')}  TXT record:`);
+  console.log(`v=wab1; endpoint=${endpoint}; pk=ed25519:${pub}`);
+  console.log(`# key_id (fingerprint): ${fp}`);
+  process.exit(0);
+}
+
+usage();

package/examples/wab-verify.js

@@ -0,0 +1,60 @@
+#!/usr/bin/env node
+/**
+ * wab-verify — full trust check on a domain's WAB DNS Discovery setup.
+ *
+ * Usage:
+ *   wab-verify <domain>                  # full DNS + DNSSEC + signature trust report
+ *   wab-verify --json <domain>           # JSON output (for CI / scripts)
+ *   wab-verify --strict <domain>         # exit non-zero unless trust_score == 100
+ *
+ * Hits the public WAB Trust API at /api/discovery/trust/:domain.
+ * Override base URL with WAB_BASE_URL=https://your-instance.example.com
+ */
+
+'use strict';
+
+const fetch = (() => { try { return require('node-fetch'); } catch { return globalThis.fetch; } })();
+
+const args = process.argv.slice(2);
+const json   = args.includes('--json');
+const strict = args.includes('--strict');
+const domain = args.find(a => !a.startsWith('--'));
+const BASE   = process.env.WAB_BASE_URL || 'https://www.webagentbridge.com';
+
+if (!domain) {
+  console.error('Usage: wab-verify [--json] [--strict] <domain>');
+  process.exit(2);
+}
+
+(async () => {
+  const r = await fetch(`${BASE}/api/discovery/trust/${encodeURIComponent(domain)}`);
+  if (!r.ok) { console.error(`HTTP ${r.status}`); process.exit(2); }
+  const data = await r.json();
+
+  if (json) {
+    process.stdout.write(JSON.stringify(data, null, 2) + '\n');
+  } else {
+    const c = data.checks || {};
+    const tick = (b) => b ? '✓' : '✗';
+    console.log(`\nWAB Trust Report — ${data.domain}`);
+    console.log('═'.repeat(50));
+    console.log(`  Trust Score:   ${data.trust_score}/100   [${data.trust_label.toUpperCase()}]`);
+    console.log('  ──────────────────────────────────────────────');
+    console.log(`  ${tick(c.dns_resolved)}  DNS _wab record present`);
+    console.log(`  ${tick(c.dnssec_verified)}  DNSSEC verified (AD flag)`);
+    console.log(`  ${tick(c.has_public_key)}  Public key in DNS (pk=${c.pk_algorithm || '—'})`);
+    console.log(`  ${tick(c.https_endpoint && c.manifest_fetched)}  HTTPS manifest reachable`);
+    console.log(`  ${tick(c.signature_valid)}  Manifest signature valid`);
+    console.log('  ──────────────────────────────────────────────');
+    if (data.public_key) console.log(`  Key ID: ${data.public_key.fingerprint}  (ed25519)`);
+    if (data.endpoint)   console.log(`  Endpoint: ${data.endpoint}`);
+    if (data.findings && data.findings.length) {
+      console.log('\n  Findings:');
+      for (const f of data.findings) console.log('    • ' + f);
+    }
+    console.log('');
+  }
+
+  if (strict && data.trust_score < 100) process.exit(1);
+  process.exit(0);
+})().catch(err => { console.error('[ERROR]', err.message); process.exit(2); });