web-agent-bridge 3.2.0 → 3.4.0

package/server/services/modules/agent-firewall.js

@@ -1,90 +1,90 @@
-/**
- * WAB Agent Firewall (01-agent-firewall) — PUBLIC API, PRIVATE DETECTION LOGIC
- * Scans URLs and content for prompt injections, phishing, and dark patterns.
- * API is open, deep detection rules are closed.
- *
- * Powered by WAB — Web Agent Bridge
- * https://www.webagentbridge.com
- */
-
-'use strict';
-
-const crypto = require('crypto');
-
-const BASIC_THREATS = [
-  /ignore\s+(all\s+)?previous\s+instructions/gi,
-  /you\s+are\s+now\s+in\s+developer\s+mode/gi,
-  /disregard\s+(your\s+)?(prior\s+|previous\s+)?instructions/gi,
-  /<\s*script[^>]*>.*?<\/\s*script\s*>/gis,
-  /transfer\s+\$?\d+.*?to\s+(?:wallet|account|address)/gi,
-  /data:text\/html.*base64/gi,
-  /javascript:void/gi,
-];
-
-const MALICIOUS_DOMAINS = new Set([
-  'paypa1.com', 'amaz0n.com', 'g00gle.com', 'faceb00k.com',
-  'secure-paypal-login.com', 'amazon-security-alert.com',
-]);
-
-let deepDetection;
-try { deepDetection = require('./firewall-engine'); } catch { deepDetection = null; }
-
-const scanLog = [];
-
-function createRouter(express) {
-  const router = express.Router();
-
-  router.post('/scan', (req, res) => {
-    const { url: targetUrl, content, agent_id } = req.body;
-    const startTime = Date.now();
-
-    const urlThreats = [];
-    const contentThreats = [];
-    let riskScore = 0;
-
-    if (targetUrl) {
-      try {
-        const parsed = new URL(targetUrl);
-        const hostname = parsed.hostname.toLowerCase();
-        if (MALICIOUS_DOMAINS.has(hostname)) { urlThreats.push({ type: 'MALICIOUS_DOMAIN', severity: 'CRITICAL', detail: hostname }); riskScore += 40; }
-        if (/[^\x00-\x7F]/.test(hostname)) { urlThreats.push({ type: 'HOMOGRAPH_ATTACK', severity: 'HIGH', detail: hostname }); riskScore += 25; }
-        if (/(?:password|token|apikey|secret)=/i.test(targetUrl)) { urlThreats.push({ type: 'DATA_EXFILTRATION', severity: 'HIGH', detail: 'Sensitive params in URL' }); riskScore += 25; }
-      } catch { urlThreats.push({ type: 'INVALID_URL', severity: 'LOW' }); }
-    }
-
-    if (content && typeof content === 'string') {
-      for (const pattern of BASIC_THREATS) {
-        const matches = content.match(pattern);
-        if (matches) { contentThreats.push({ type: 'PROMPT_INJECTION', matches: matches.slice(0, 3), count: matches.length }); riskScore += 30; }
-      }
-      if (deepDetection) {
-        const deep = deepDetection.analyze(content, targetUrl);
-        contentThreats.push(...(deep.threats || []));
-        riskScore += deep.score || 0;
-      }
-    }
-
-    riskScore = Math.min(100, riskScore);
-    const verdict = riskScore === 0 ? 'CLEAN' : riskScore > 50 ? 'BLOCKED' : 'WARNING';
-    const scanId = crypto.randomBytes(8).toString('hex');
-
-    scanLog.push({ scan_id: scanId, url: targetUrl, verdict, risk_score: riskScore, timestamp: new Date().toISOString() });
-    if (scanLog.length > 5000) scanLog.splice(0, scanLog.length - 5000);
-
-    res.json({
-      scan_id: scanId, verdict, risk_score: riskScore,
-      url_threats: urlThreats, content_threats: contentThreats,
-      processing_time_ms: Date.now() - startTime, scanned_at: new Date().toISOString(),
-    });
-  });
-
-  router.get('/stats', (req, res) => {
-    let blocked = 0, warnings = 0;
-    for (const s of scanLog) { if (s.verdict === 'BLOCKED') blocked++; if (s.verdict === 'WARNING') warnings++; }
-    res.json({ total_scans: scanLog.length, blocked, warnings, clean: scanLog.length - blocked - warnings });
-  });
-
-  return router;
-}
-
-module.exports = { createRouter };
+/**
+ * WAB Agent Firewall (01-agent-firewall) — PUBLIC API, PRIVATE DETECTION LOGIC
+ * Scans URLs and content for prompt injections, phishing, and dark patterns.
+ * API is open, deep detection rules are closed.
+ *
+ * Powered by WAB — Web Agent Bridge
+ * https://www.webagentbridge.com
+ */
+
+'use strict';
+
+const crypto = require('crypto');
+
+const BASIC_THREATS = [
+  /ignore\s+(all\s+)?previous\s+instructions/gi,
+  /you\s+are\s+now\s+in\s+developer\s+mode/gi,
+  /disregard\s+(your\s+)?(prior\s+|previous\s+)?instructions/gi,
+  /<\s*script[^>]*>.*?<\/\s*script\s*>/gis,
+  /transfer\s+\$?\d+.*?to\s+(?:wallet|account|address)/gi,
+  /data:text\/html.*base64/gi,
+  /javascript:void/gi,
+];
+
+const MALICIOUS_DOMAINS = new Set([
+  'paypa1.com', 'amaz0n.com', 'g00gle.com', 'faceb00k.com',
+  'secure-paypal-login.com', 'amazon-security-alert.com',
+]);
+
+let deepDetection;
+try { deepDetection = require('./firewall-engine'); } catch { deepDetection = null; }
+
+const scanLog = [];
+
+function createRouter(express) {
+  const router = express.Router();
+
+  router.post('/scan', (req, res) => {
+    const { url: targetUrl, content, agent_id } = req.body;
+    const startTime = Date.now();
+
+    const urlThreats = [];
+    const contentThreats = [];
+    let riskScore = 0;
+
+    if (targetUrl) {
+      try {
+        const parsed = new URL(targetUrl);
+        const hostname = parsed.hostname.toLowerCase();
+        if (MALICIOUS_DOMAINS.has(hostname)) { urlThreats.push({ type: 'MALICIOUS_DOMAIN', severity: 'CRITICAL', detail: hostname }); riskScore += 40; }
+        if (/[^\x00-\x7F]/.test(hostname)) { urlThreats.push({ type: 'HOMOGRAPH_ATTACK', severity: 'HIGH', detail: hostname }); riskScore += 25; }
+        if (/(?:password|token|apikey|secret)=/i.test(targetUrl)) { urlThreats.push({ type: 'DATA_EXFILTRATION', severity: 'HIGH', detail: 'Sensitive params in URL' }); riskScore += 25; }
+      } catch { urlThreats.push({ type: 'INVALID_URL', severity: 'LOW' }); }
+    }
+
+    if (content && typeof content === 'string') {
+      for (const pattern of BASIC_THREATS) {
+        const matches = content.match(pattern);
+        if (matches) { contentThreats.push({ type: 'PROMPT_INJECTION', matches: matches.slice(0, 3), count: matches.length }); riskScore += 30; }
+      }
+      if (deepDetection) {
+        const deep = deepDetection.analyze(content, targetUrl);
+        contentThreats.push(...(deep.threats || []));
+        riskScore += deep.score || 0;
+      }
+    }
+
+    riskScore = Math.min(100, riskScore);
+    const verdict = riskScore === 0 ? 'CLEAN' : riskScore > 50 ? 'BLOCKED' : 'WARNING';
+    const scanId = crypto.randomBytes(8).toString('hex');
+
+    scanLog.push({ scan_id: scanId, url: targetUrl, verdict, risk_score: riskScore, timestamp: new Date().toISOString() });
+    if (scanLog.length > 5000) scanLog.splice(0, scanLog.length - 5000);
+
+    res.json({
+      scan_id: scanId, verdict, risk_score: riskScore,
+      url_threats: urlThreats, content_threats: contentThreats,
+      processing_time_ms: Date.now() - startTime, scanned_at: new Date().toISOString(),
+    });
+  });
+
+  router.get('/stats', (req, res) => {
+    let blocked = 0, warnings = 0;
+    for (const s of scanLog) { if (s.verdict === 'BLOCKED') blocked++; if (s.verdict === 'WARNING') warnings++; }
+    res.json({ total_scans: scanLog.length, blocked, warnings, clean: scanLog.length - blocked - warnings });
+  });
+
+  return router;
+}
+
+module.exports = { createRouter };

package/server/services/modules/bounty.js

@@ -1,89 +1,89 @@
-/**
- * WAB Bounty Network (09-bounty-network) — PUBLIC API, PRIVATE VERIFICATION RULES
- * Bug bounty and threat reporting network.
- * Report interface is open, verification rules are closed.
- *
- * Powered by WAB — Web Agent Bridge
- * https://www.webagentbridge.com
- */
-
-'use strict';
-
-const crypto = require('crypto');
-
-const reportStore = new Map();
-const rewardStore = new Map();
-
-const CATEGORIES = ['dark_pattern', 'price_manipulation', 'fake_reviews', 'hidden_fees', 'data_harvesting', 'accessibility_violation', 'misleading_ads', 'forced_subscription'];
-const SEVERITY_REWARDS = { LOW: 10, MEDIUM: 50, HIGH: 200, CRITICAL: 500 };
-
-let verifyReport;
-try { verifyReport = require('./bounty-verification'); } catch { verifyReport = null; }
-
-function createRouter(express) {
-  const router = express.Router();
-
-  router.post('/report', (req, res) => {
-    const { platform, url: targetUrl, category, description, evidence_html, reporter_token } = req.body;
-    if (!platform || !targetUrl || !category || !description) {
-      return res.status(400).json({ error: 'platform, url, category, and description required' });
-    }
-    if (!CATEGORIES.includes(category)) {
-      return res.status(400).json({ error: `Invalid category. Valid: ${CATEGORIES.join(', ')}` });
-    }
-
-    const reportId = 'RPT-' + crypto.randomBytes(8).toString('hex').toUpperCase();
-    const reporterHash = crypto.createHmac('sha256', process.env.WAB_SECRET || 'wab-bounty-salt')
-      .update(reporter_token || crypto.randomBytes(16).toString('hex')).digest('hex').substring(0, 16);
-
-    const report = {
-      report_id: reportId, platform, url: targetUrl, category, description,
-      reporter_hash: reporterHash, severity: null, reward_usd: 0,
-      status: 'SUBMITTED', submitted_at: new Date().toISOString(),
-      verified: false, verification_notes: null,
-    };
-
-    if (verifyReport) {
-      const verification = verifyReport(report, evidence_html);
-      report.severity = verification.severity;
-      report.verified = verification.verified;
-      report.reward_usd = verification.verified ? (SEVERITY_REWARDS[verification.severity] || 0) : 0;
-      report.status = verification.verified ? 'VERIFIED' : 'PENDING_REVIEW';
-    } else {
-      report.status = 'PENDING_REVIEW';
-    }
-
-    reportStore.set(reportId, report);
-    res.status(201).json(report);
-  });
-
-  router.get('/report/:id', (req, res) => {
-    const report = reportStore.get(req.params.id);
-    if (!report) return res.status(404).json({ error: 'Report not found' });
-    res.json(report);
-  });
-
-  router.get('/categories', (req, res) => {
-    res.json({ categories: CATEGORIES, severity_rewards_usd: SEVERITY_REWARDS });
-  });
-
-  router.get('/leaderboard', (req, res) => {
-    const reporters = {};
-    for (const r of reportStore.values()) {
-      if (r.verified) { reporters[r.reporter_hash] = (reporters[r.reporter_hash] || 0) + r.reward_usd; }
-    }
-    const leaderboard = Object.entries(reporters).map(([hash, total]) => ({ reporter_hash: hash, total_rewards_usd: total }))
-      .sort((a, b) => b.total_rewards_usd - a.total_rewards_usd).slice(0, 20);
-    res.json({ leaderboard });
-  });
-
-  router.get('/stats', (req, res) => {
-    let verified = 0, totalReward = 0;
-    for (const r of reportStore.values()) { if (r.verified) { verified++; totalReward += r.reward_usd; } }
-    res.json({ total_reports: reportStore.size, verified_reports: verified, total_rewards_usd: totalReward, categories: CATEGORIES.length });
-  });
-
-  return router;
-}
-
-module.exports = { createRouter };
+/**
+ * WAB Bounty Network (09-bounty-network) — PUBLIC API, PRIVATE VERIFICATION RULES
+ * Bug bounty and threat reporting network.
+ * Report interface is open, verification rules are closed.
+ *
+ * Powered by WAB — Web Agent Bridge
+ * https://www.webagentbridge.com
+ */
+
+'use strict';
+
+const crypto = require('crypto');
+
+const reportStore = new Map();
+const rewardStore = new Map();
+
+const CATEGORIES = ['dark_pattern', 'price_manipulation', 'fake_reviews', 'hidden_fees', 'data_harvesting', 'accessibility_violation', 'misleading_ads', 'forced_subscription'];
+const SEVERITY_REWARDS = { LOW: 10, MEDIUM: 50, HIGH: 200, CRITICAL: 500 };
+
+let verifyReport;
+try { verifyReport = require('./bounty-verification'); } catch { verifyReport = null; }
+
+function createRouter(express) {
+  const router = express.Router();
+
+  router.post('/report', (req, res) => {
+    const { platform, url: targetUrl, category, description, evidence_html, reporter_token } = req.body;
+    if (!platform || !targetUrl || !category || !description) {
+      return res.status(400).json({ error: 'platform, url, category, and description required' });
+    }
+    if (!CATEGORIES.includes(category)) {
+      return res.status(400).json({ error: `Invalid category. Valid: ${CATEGORIES.join(', ')}` });
+    }
+
+    const reportId = 'RPT-' + crypto.randomBytes(8).toString('hex').toUpperCase();
+    const reporterHash = crypto.createHmac('sha256', process.env.WAB_SECRET || 'wab-bounty-salt')
+      .update(reporter_token || crypto.randomBytes(16).toString('hex')).digest('hex').substring(0, 16);
+
+    const report = {
+      report_id: reportId, platform, url: targetUrl, category, description,
+      reporter_hash: reporterHash, severity: null, reward_usd: 0,
+      status: 'SUBMITTED', submitted_at: new Date().toISOString(),
+      verified: false, verification_notes: null,
+    };
+
+    if (verifyReport) {
+      const verification = verifyReport(report, evidence_html);
+      report.severity = verification.severity;
+      report.verified = verification.verified;
+      report.reward_usd = verification.verified ? (SEVERITY_REWARDS[verification.severity] || 0) : 0;
+      report.status = verification.verified ? 'VERIFIED' : 'PENDING_REVIEW';
+    } else {
+      report.status = 'PENDING_REVIEW';
+    }
+
+    reportStore.set(reportId, report);
+    res.status(201).json(report);
+  });
+
+  router.get('/report/:id', (req, res) => {
+    const report = reportStore.get(req.params.id);
+    if (!report) return res.status(404).json({ error: 'Report not found' });
+    res.json(report);
+  });
+
+  router.get('/categories', (req, res) => {
+    res.json({ categories: CATEGORIES, severity_rewards_usd: SEVERITY_REWARDS });
+  });
+
+  router.get('/leaderboard', (req, res) => {
+    const reporters = {};
+    for (const r of reportStore.values()) {
+      if (r.verified) { reporters[r.reporter_hash] = (reporters[r.reporter_hash] || 0) + r.reward_usd; }
+    }
+    const leaderboard = Object.entries(reporters).map(([hash, total]) => ({ reporter_hash: hash, total_rewards_usd: total }))
+      .sort((a, b) => b.total_rewards_usd - a.total_rewards_usd).slice(0, 20);
+    res.json({ leaderboard });
+  });
+
+  router.get('/stats', (req, res) => {
+    let verified = 0, totalReward = 0;
+    for (const r of reportStore.values()) { if (r.verified) { verified++; totalReward += r.reward_usd; } }
+    res.json({ total_reports: reportStore.size, verified_reports: verified, total_rewards_usd: totalReward, categories: CATEGORIES.length });
+  });
+
+  return router;
+}
+
+module.exports = { createRouter };

package/server/services/modules/collective-bargaining.js

@@ -1,92 +1,92 @@
-/**
- * WAB Collective Bargaining (04-collective-bargaining) — PUBLIC JOIN API, PRIVATE MATCHING ENGINE
- * Groups buyers to negotiate bulk discounts.
- * Join interface is open, matching engine is closed.
- *
- * Powered by WAB — Web Agent Bridge
- * https://www.webagentbridge.com
- */
-
-'use strict';
-
-const crypto = require('crypto');
-
-const demandPools = new Map();
-const NEGOTIATION_THRESHOLDS = {
-  electronics: { minBuyers: 10, targetDiscount: 0.15 },
-  travel: { minBuyers: 5, targetDiscount: 0.20 },
-  fashion: { minBuyers: 20, targetDiscount: 0.25 },
-  software: { minBuyers: 50, targetDiscount: 0.30 },
-  default: { minBuyers: 15, targetDiscount: 0.15 },
-};
-
-let matchingEngine;
-try { matchingEngine = require('./bargaining-engine'); } catch { matchingEngine = null; }
-
-function createRouter(express) {
-  const router = express.Router();
-
-  router.post('/join', (req, res) => {
-    const { platform, product_id, product_name, category, current_price, currency, max_price } = req.body;
-    if (!platform || !product_id || !current_price) {
-      return res.status(400).json({ error: 'platform, product_id, and current_price required' });
-    }
-
-    const poolKey = `${platform}:${product_id}`;
-    if (!demandPools.has(poolKey)) {
-      const cat = category || 'default';
-      const threshold = NEGOTIATION_THRESHOLDS[cat] || NEGOTIATION_THRESHOLDS.default;
-      demandPools.set(poolKey, {
-        id: 'POOL-' + crypto.randomBytes(8).toString('hex').toUpperCase(),
-        platform, product_id, product_name: product_name || product_id,
-        category: cat, current_price: parseFloat(current_price), currency: currency || 'USD',
-        target_price: parseFloat((current_price * (1 - threshold.targetDiscount)).toFixed(2)),
-        target_discount_pct: Math.round(threshold.targetDiscount * 100),
-        min_buyers: threshold.minBuyers, members: 0, status: 'OPEN',
-        created_at: new Date().toISOString(),
-      });
-    }
-
-    const pool = demandPools.get(poolKey);
-    if (pool.status !== 'OPEN') return res.status(400).json({ error: 'Pool is not open' });
-    pool.members++;
-
-    if (matchingEngine && pool.members >= pool.min_buyers) {
-      const deal = matchingEngine.negotiate(pool);
-      pool.status = deal ? 'DEAL_REACHED' : 'NEGOTIATING';
-    }
-
-    res.json({
-      success: true, pool_id: pool.id, member_count: pool.members, status: pool.status,
-      progress_pct: Math.min(100, Math.round(pool.members / pool.min_buyers * 100)),
-      members_needed: Math.max(0, pool.min_buyers - pool.members),
-      target_price: pool.target_price, target_discount_pct: pool.target_discount_pct,
-    });
-  });
-
-  router.get('/pools', (req, res) => {
-    const pools = Array.from(demandPools.values()).map(p => ({
-      pool_id: p.id, platform: p.platform, product_name: p.product_name,
-      current_price: p.current_price, target_price: p.target_price,
-      members: p.members, min_buyers: p.min_buyers, status: p.status,
-      progress_pct: Math.min(100, Math.round(p.members / p.min_buyers * 100)),
-    }));
-    res.json({ total: pools.length, pools: pools.filter(p => p.status === 'OPEN').slice(0, 50) });
-  });
-
-  router.get('/pool/:id', (req, res) => {
-    const pool = Array.from(demandPools.values()).find(p => p.id === req.params.id);
-    if (!pool) return res.status(404).json({ error: 'Pool not found' });
-    res.json(pool);
-  });
-
-  router.get('/stats', (req, res) => {
-    let totalMembers = 0, activePoolsCount = 0;
-    for (const p of demandPools.values()) { totalMembers += p.members; if (p.status === 'OPEN') activePoolsCount++; }
-    res.json({ total_pools: demandPools.size, active_pools: activePoolsCount, total_participants: totalMembers });
-  });
-
-  return router;
-}
-
-module.exports = { createRouter };
+/**
+ * WAB Collective Bargaining (04-collective-bargaining) — PUBLIC JOIN API, PRIVATE MATCHING ENGINE
+ * Groups buyers to negotiate bulk discounts.
+ * Join interface is open, matching engine is closed.
+ *
+ * Powered by WAB — Web Agent Bridge
+ * https://www.webagentbridge.com
+ */
+
+'use strict';
+
+const crypto = require('crypto');
+
+const demandPools = new Map();
+const NEGOTIATION_THRESHOLDS = {
+  electronics: { minBuyers: 10, targetDiscount: 0.15 },
+  travel: { minBuyers: 5, targetDiscount: 0.20 },
+  fashion: { minBuyers: 20, targetDiscount: 0.25 },
+  software: { minBuyers: 50, targetDiscount: 0.30 },
+  default: { minBuyers: 15, targetDiscount: 0.15 },
+};
+
+let matchingEngine;
+try { matchingEngine = require('./bargaining-engine'); } catch { matchingEngine = null; }
+
+function createRouter(express) {
+  const router = express.Router();
+
+  router.post('/join', (req, res) => {
+    const { platform, product_id, product_name, category, current_price, currency, max_price } = req.body;
+    if (!platform || !product_id || !current_price) {
+      return res.status(400).json({ error: 'platform, product_id, and current_price required' });
+    }
+
+    const poolKey = `${platform}:${product_id}`;
+    if (!demandPools.has(poolKey)) {
+      const cat = category || 'default';
+      const threshold = NEGOTIATION_THRESHOLDS[cat] || NEGOTIATION_THRESHOLDS.default;
+      demandPools.set(poolKey, {
+        id: 'POOL-' + crypto.randomBytes(8).toString('hex').toUpperCase(),
+        platform, product_id, product_name: product_name || product_id,
+        category: cat, current_price: parseFloat(current_price), currency: currency || 'USD',
+        target_price: parseFloat((current_price * (1 - threshold.targetDiscount)).toFixed(2)),
+        target_discount_pct: Math.round(threshold.targetDiscount * 100),
+        min_buyers: threshold.minBuyers, members: 0, status: 'OPEN',
+        created_at: new Date().toISOString(),
+      });
+    }
+
+    const pool = demandPools.get(poolKey);
+    if (pool.status !== 'OPEN') return res.status(400).json({ error: 'Pool is not open' });
+    pool.members++;
+
+    if (matchingEngine && pool.members >= pool.min_buyers) {
+      const deal = matchingEngine.negotiate(pool);
+      pool.status = deal ? 'DEAL_REACHED' : 'NEGOTIATING';
+    }
+
+    res.json({
+      success: true, pool_id: pool.id, member_count: pool.members, status: pool.status,
+      progress_pct: Math.min(100, Math.round(pool.members / pool.min_buyers * 100)),
+      members_needed: Math.max(0, pool.min_buyers - pool.members),
+      target_price: pool.target_price, target_discount_pct: pool.target_discount_pct,
+    });
+  });
+
+  router.get('/pools', (req, res) => {
+    const pools = Array.from(demandPools.values()).map(p => ({
+      pool_id: p.id, platform: p.platform, product_name: p.product_name,
+      current_price: p.current_price, target_price: p.target_price,
+      members: p.members, min_buyers: p.min_buyers, status: p.status,
+      progress_pct: Math.min(100, Math.round(p.members / p.min_buyers * 100)),
+    }));
+    res.json({ total: pools.length, pools: pools.filter(p => p.status === 'OPEN').slice(0, 50) });
+  });
+
+  router.get('/pool/:id', (req, res) => {
+    const pool = Array.from(demandPools.values()).find(p => p.id === req.params.id);
+    if (!pool) return res.status(404).json({ error: 'Pool not found' });
+    res.json(pool);
+  });
+
+  router.get('/stats', (req, res) => {
+    let totalMembers = 0, activePoolsCount = 0;
+    for (const p of demandPools.values()) { totalMembers += p.members; if (p.status === 'OPEN') activePoolsCount++; }
+    res.json({ total_pools: demandPools.size, active_pools: activePoolsCount, total_participants: totalMembers });
+  });
+
+  return router;
+}
+
+module.exports = { createRouter };