npm - web-agent-bridge - Versions diffs - 3.2.0 → 3.4.0 - Mend

web-agent-bridge 3.2.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (256) hide show

package/LICENSE +84 -72
package/README.ar.md +1304 -1152
package/README.md +298 -1635
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -138
package/bin/wab-init.js +223 -0
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -0
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -0
package/examples/cpanel-wab-dns.js +114 -0
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -0
package/examples/gcp-dns-wab.js +76 -0
package/examples/governance-agent.js +169 -0
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -0
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -0
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -0
package/examples/wab-verify.js +60 -0
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +19 -6
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -0
package/public/.well-known/wab.json +28 -0
package/public/activate.html +368 -0
package/public/adoption-metrics.html +188 -0
package/public/agent-workspace.html +349 -349
package/public/ai.html +198 -198
package/public/api.html +413 -412
package/public/azure-dns-integration.html +289 -0
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -0
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -0
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1263 -1235
package/public/dashboard.html +707 -706
package/public/dns.html +436 -0
package/public/docs.html +588 -587
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -0
package/public/growth.html +465 -463
package/public/index.html +1266 -982
package/public/integrations.html +556 -0
package/public/js/activate.js +145 -0
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +65 -31
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -0
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/openapi.json +669 -580
package/public/phone-shield.html +281 -0
package/public/plesk-integration.html +375 -0
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -0
package/public/provider-sandbox.html +134 -0
package/public/providers.html +359 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -0
package/public/robots.txt +99 -87
package/public/route53-integration.html +531 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -0
package/public/shieldqr.html +231 -0
package/public/sitemap.xml +6 -0
package/public/terms.html +256 -256
package/public/wab-trust.html +200 -0
package/public/wab-vs-protocols.html +210 -0
package/public/whitepaper.html +449 -0
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/auto-discovery.js +288 -0
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -0
package/sdk/index.d.ts +464 -464
package/sdk/index.js +25 -1
package/sdk/multi-agent.js +318 -318
package/sdk/package.json +2 -2
package/sdk/safe-mode.js +221 -0
package/sdk/safety-shield.js +219 -0
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +367 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +670 -427
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/007_governance.sql +106 -0
package/server/migrations/008_plans.sql +144 -0
package/server/migrations/009_shieldqr.sql +30 -0
package/server/migrations/010_extended_trust.sql +33 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -681
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/admin-plans.js +76 -0
package/server/routes/admin-premium.js +673 -671
package/server/routes/admin-shieldqr.js +90 -0
package/server/routes/admin-trust-monitor.js +83 -0
package/server/routes/admin.js +549 -261
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -45
package/server/routes/commander.js +316 -316
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -0
package/server/routes/discovery.js +2348 -417
package/server/routes/gateway.js +173 -157
package/server/routes/governance.js +208 -0
package/server/routes/license.js +251 -240
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/plans.js +33 -0
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -0
package/server/routes/runtime.js +2148 -2147
package/server/routes/shieldqr.js +88 -0
package/server/routes/sovereign.js +465 -385
package/server/routes/universal.js +200 -185
package/server/routes/wab-api.js +850 -501
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/security/cross-site-redactor.js +196 -0
package/server/security/dry-run.js +180 -0
package/server/security/human-gate-rate-limit.js +147 -0
package/server/security/human-gate-transports.js +178 -0
package/server/security/human-gate.js +281 -0
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -0
package/server/security/reward-guard.js +171 -0
package/server/security/rollback-store.js +239 -0
package/server/security/token-scope.js +404 -0
package/server/security/url-policy.js +139 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -575
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -539
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -261
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -204
package/server/services/governance.js +466 -0
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/plans.js +214 -0
package/server/services/plugins.js +771 -771
package/server/services/premium.js +1 -1
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -0
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldqr.js +322 -0
package/server/services/sovereign-shield.js +542 -0
package/server/services/ssl-inspector.js +42 -0
package/server/services/ssl-monitor.js +167 -0
package/server/services/stripe.js +205 -192
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +662 -661
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -0
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -0
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/public/score.html +0 -263
package/server/migrations/006_growth_suite.sql +0 -138
package/server/routes/growth.js +0 -962
package/server/services/fairness-engine.js +0 -409
package/server/services/fairness.js +0 -420

package/server/services/search-engine.js CHANGED Viewed

@@ -1,357 +1,357 @@
-/**
- * WAB Search Engine — Independent search aggregator with caching,
- * ranking, suggestions, and trending queries.
- *
- * All results are served under the WAB brand — no external engine
- * branding is ever exposed to the user.
- */
-const crypto = require('crypto');
-let db;
-function initSearchEngine(database) {
-  db = database;
-  db.exec(`
-    CREATE TABLE IF NOT EXISTS search_cache (
-      query_hash TEXT PRIMARY KEY,
-      query TEXT NOT NULL,
-      results TEXT NOT NULL,
-      source TEXT DEFAULT 'multi',
-      created_at TEXT DEFAULT (datetime('now')),
-      hit_count INTEGER DEFAULT 1
-    );
-    CREATE TABLE IF NOT EXISTS search_history (
-      id INTEGER PRIMARY KEY AUTOINCREMENT,
-      query TEXT NOT NULL,
-      ip_hash TEXT,
-      results_count INTEGER DEFAULT 0,
-      created_at TEXT DEFAULT (datetime('now'))
-    );
-    CREATE TABLE IF NOT EXISTS search_suggestions (
-      query TEXT PRIMARY KEY,
-      frequency INTEGER DEFAULT 1,
-      last_searched TEXT DEFAULT (datetime('now'))
-    );
-    CREATE INDEX IF NOT EXISTS idx_search_cache_created ON search_cache(created_at);
-    CREATE INDEX IF NOT EXISTS idx_search_history_created ON search_history(created_at);
-    CREATE INDEX IF NOT EXISTS idx_search_suggestions_freq ON search_suggestions(frequency DESC);
-  `);
-}
-// ─── Cache Layer ──────────────────────────────────────────────────────
-function queryHash(q) {
-  return crypto.createHash('sha256').update(q.toLowerCase().trim()).digest('hex').slice(0, 32);
-}
-function getCachedResults(query) {
-  const hash = queryHash(query);
-  const row = db.prepare(
-    `SELECT results, created_at FROM search_cache WHERE query_hash = ? AND created_at > datetime('now', '-1 hour')`
-  ).get(hash);
-  if (row) {
-    db.prepare(`UPDATE search_cache SET hit_count = hit_count + 1 WHERE query_hash = ?`).run(hash);
-    return JSON.parse(row.results);
-  }
-  return null;
-}
-function setCachedResults(query, results, source) {
-  const hash = queryHash(query);
-  db.prepare(
-    `INSERT OR REPLACE INTO search_cache (query_hash, query, results, source, created_at, hit_count)
-     VALUES (?, ?, ?, ?, datetime('now'), 1)`
-  ).run(hash, query.toLowerCase().trim(), JSON.stringify(results), source || 'multi');
-}
-// Purge old cache entries (>24h)
-function purgeOldCache() {
-  db.prepare(`DELETE FROM search_cache WHERE created_at < datetime('now', '-1 day')`).run();
-}
-// ─── Search History & Suggestions ─────────────────────────────────────
-function recordSearch(query, ipHash, resultsCount) {
-  db.prepare(
-    `INSERT INTO search_history (query, ip_hash, results_count) VALUES (?, ?, ?)`
-  ).run(query.trim(), ipHash || null, resultsCount);
-  // Update suggestion frequency
-  const normalized = query.toLowerCase().trim();
-  if (normalized.length >= 2 && normalized.length <= 100) {
-    const existing = db.prepare(`SELECT frequency FROM search_suggestions WHERE query = ?`).get(normalized);
-    if (existing) {
-      db.prepare(`UPDATE search_suggestions SET frequency = frequency + 1, last_searched = datetime('now') WHERE query = ?`).run(normalized);
-    } else {
-      db.prepare(`INSERT INTO search_suggestions (query, frequency) VALUES (?, 1)`).run(normalized);
-    }
-  }
-}
-function getSuggestions(prefix, limit = 8) {
-  if (!prefix || prefix.length < 1) return [];
-  const normalized = prefix.toLowerCase().trim();
-  return db.prepare(
-    `SELECT query, frequency FROM search_suggestions
-     WHERE query LIKE ? AND frequency > 0
-     ORDER BY frequency DESC, last_searched DESC LIMIT ?`
-  ).all(normalized + '%', limit).map(r => r.query);
-}
-function getTrendingSearches(limit = 10) {
-  return db.prepare(
-    `SELECT query, COUNT(*) as count FROM search_history
-     WHERE created_at > datetime('now', '-24 hours')
-     GROUP BY LOWER(query) ORDER BY count DESC LIMIT ?`
-  ).all(limit).map(r => ({ query: r.query, count: r.count }));
-}
-function getSearchStats() {
-  const total = db.prepare(`SELECT COUNT(*) as c FROM search_history`).get().c;
-  const today = db.prepare(`SELECT COUNT(*) as c FROM search_history WHERE created_at > datetime('now', '-24 hours')`).get().c;
-  const cached = db.prepare(`SELECT COUNT(*) as c FROM search_cache`).get().c;
-  const uniqueQueries = db.prepare(`SELECT COUNT(DISTINCT LOWER(query)) as c FROM search_history`).get().c;
-  return { total, today, cached, uniqueQueries };
-}
-// ─── Multi-Source Search ──────────────────────────────────────────────
-const UA = 'Mozilla/5.0 (Linux; Android 13) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36';
-const HEADERS = {
-  'User-Agent': UA,
-  'Accept': 'text/html',
-  'Accept-Language': 'en-US,en;q=0.9,ar;q=0.8',
-};
-async function searchDDG(q) {
-  try {
-    const url = 'https://html.duckduckgo.com/html/?q=' + encodeURIComponent(q);
-    const resp = await fetch(url, { headers: HEADERS, signal: AbortSignal.timeout(8000) });
-    const html = await resp.text();
-    const results = [];
-    const resultPattern = /<a[^>]+class="result__a"[^>]+href="([^"]*)"[^>]*>([\s\S]*?)<\/a>/gi;
-    const snippetPattern = /<a[^>]+class="result__snippet"[^>]*>([\s\S]*?)<\/a>/gi;
-    const urls = [], titles = [], snippets = [];
-    let m;
-    while ((m = resultPattern.exec(html)) !== null) {
-      urls.push(m[1]);
-      titles.push(stripHtml(m[2]));
-    }
-    while ((m = snippetPattern.exec(html)) !== null) {
-      snippets.push(decodeEntities(stripHtml(m[1])));
-    }
-    for (let i = 0; i < Math.min(urls.length, 15); i++) {
-      let u = urls[i];
-      const uddg = u.match(/uddg=([^&]+)/);
-      if (uddg) u = decodeURIComponent(uddg[1]);
-      if (!u.startsWith('http')) continue;
-      results.push({ title: titles[i] || u, url: u, snippet: snippets[i] || '', source: 'ddg' });
-    }
-    return results;
-  } catch (e) {
-    return [];
-  }
-}
-async function searchGoogle(q) {
-  try {
-    const url = 'https://www.google.com/search?q=' + encodeURIComponent(q) + '&num=15&hl=en';
-    const resp = await fetch(url, { headers: HEADERS, signal: AbortSignal.timeout(8000) });
-    const html = await resp.text();
-    const results = [];
-    const linkPattern = /<a[^>]+href="\/url\?q=([^&"]+)[^"]*"[^>]*>([\s\S]*?)<\/a>/gi;
-    let m;
-    while ((m = linkPattern.exec(html)) !== null && results.length < 15) {
-      const u = decodeURIComponent(m[1]);
-      if (!u.startsWith('http')) continue;
-      try { if (new URL(u).hostname.includes('google.')) continue; } catch { continue; }
-      const title = stripHtml(m[2]);
-      if (!title) continue;
-      results.push({ title, url: u, snippet: '', source: 'google' });
-    }
-    return results;
-  } catch (e) {
-    return [];
-  }
-}
-async function searchBing(q) {
-  try {
-    const url = 'https://www.bing.com/search?q=' + encodeURIComponent(q) + '&count=15';
-    const resp = await fetch(url, { headers: HEADERS, signal: AbortSignal.timeout(8000) });
-    const html = await resp.text();
-    const results = [];
-    // Bing result links: <a href="URL" h="ID=..."><strong>title</strong></a>
-    const linkPattern = /<li class="b_algo"[^>]*>[\s\S]*?<a[^>]+href="(https?:\/\/[^"]+)"[^>]*>([\s\S]*?)<\/a>[\s\S]*?<p[^>]*>([\s\S]*?)<\/p>/gi;
-    let m;
-    while ((m = linkPattern.exec(html)) !== null && results.length < 15) {
-      const u = m[1];
-      if (!u.startsWith('http')) continue;
-      try { if (new URL(u).hostname.includes('bing.')) continue; } catch { continue; }
-      const title = stripHtml(m[2]);
-      const snippet = decodeEntities(stripHtml(m[3]));
-      if (!title) continue;
-      results.push({ title, url: u, snippet, source: 'bing' });
-    }
-    return results;
-  } catch (e) {
-    return [];
-  }
-}
-// ─── Result Ranking Engine ────────────────────────────────────────────
-function rankResults(allResults) {
-  // Deduplicate by URL (keep the one with the best snippet)
-  const seen = new Map();
-  for (const r of allResults) {
-    const normalizedUrl = normalizeUrl(r.url);
-    const existing = seen.get(normalizedUrl);
-    if (!existing) {
-      seen.set(normalizedUrl, { ...r, sourceCount: 1 });
-    } else {
-      existing.sourceCount++;
-      // Prefer the version with a snippet
-      if (!existing.snippet && r.snippet) {
-        existing.snippet = r.snippet;
-      }
-      // Prefer longer title
-      if (r.title.length > existing.title.length) {
-        existing.title = r.title;
-      }
-    }
-  }
-  const deduplicated = Array.from(seen.values());
-  // Score each result
-  for (const r of deduplicated) {
-    let score = 0;
-    // Multi-source bonus: appearing in multiple engines means higher relevance
-    score += (r.sourceCount - 1) * 30;
-    // Snippet presence
-    if (r.snippet && r.snippet.length > 20) score += 15;
-    // HTTPS bonus
-    if (r.url.startsWith('https://')) score += 5;
-    // Domain diversity: boost independent/small sites
-    const hostname = safeHostname(r.url);
-    const bigTech = ['google.com','youtube.com','facebook.com','amazon.com','apple.com','microsoft.com','twitter.com','x.com','instagram.com','tiktok.com','linkedin.com','reddit.com','pinterest.com'];
-    const isBigTech = bigTech.some(d => hostname === d || hostname.endsWith('.' + d));
-    if (!isBigTech) score += 8;
-    // Trusted TLDs
-    const tld = hostname.split('.').pop();
-    if (['org','edu','gov','dev'].includes(tld)) score += 5;
-    // Penalize very long URLs (likely junk)
-    if (r.url.length > 200) score -= 10;
-    r.score = score;
-  }
-  // Sort by score descending, then by original order
-  deduplicated.sort((a, b) => b.score - a.score);
-  // Return top 15, strip internal fields
-  return deduplicated.slice(0, 15).map(r => ({
-    title: r.title,
-    url: r.url,
-    snippet: r.snippet || '',
-  }));
-}
-// ─── Main Search Function ─────────────────────────────────────────────
-async function search(query, ipHash) {
-  if (!query || !query.trim()) return { results: [], cached: false };
-  const q = query.trim();
-  // Check cache first
-  const cached = getCachedResults(q);
-  if (cached && cached.length > 0) {
-    recordSearch(q, ipHash, cached.length);
-    return { results: cached, cached: true };
-  }
-  // Fetch from all sources in parallel
-  const [ddgResults, googleResults, bingResults] = await Promise.allSettled([
-    searchDDG(q),
-    searchGoogle(q),
-    searchBing(q),
-  ]);
-  const allResults = [
-    ...(ddgResults.status === 'fulfilled' ? ddgResults.value : []),
-    ...(googleResults.status === 'fulfilled' ? googleResults.value : []),
-    ...(bingResults.status === 'fulfilled' ? bingResults.value : []),
-  ];
-  if (allResults.length === 0) {
-    recordSearch(q, ipHash, 0);
-    return { results: [], cached: false };
-  }
-  // Rank and deduplicate
-  const ranked = rankResults(allResults);
-  // Cache results
-  setCachedResults(q, ranked, 'multi');
-  // Record search
-  recordSearch(q, ipHash, ranked.length);
-  return { results: ranked, cached: false };
-}
-// ─── Helpers ──────────────────────────────────────────────────────────
-function stripHtml(s) {
-  return (s || '').replace(/<[^>]+>/g, '').trim();
-}
-function decodeEntities(s) {
-  return (s || '')
-    .replace(/&amp;/g, '&')
-    .replace(/&lt;/g, '<')
-    .replace(/&gt;/g, '>')
-    .replace(/&quot;/g, '"')
-    .replace(/&#x27;/g, "'")
-    .replace(/&#39;/g, "'")
-    .trim();
-}
-function normalizeUrl(url) {
-  try {
-    const u = new URL(url);
-    return u.hostname.replace(/^www\./, '') + u.pathname.replace(/\/$/, '') + u.search;
-  } catch {
-    return url;
-  }
-}
-function safeHostname(url) {
-  try {
-    return new URL(url).hostname.replace(/^www\./, '');
-  } catch {
-    return '';
-  }
-}
-module.exports = {
-  initSearchEngine,
-  search,
-  getSuggestions,
-  getTrendingSearches,
-  getSearchStats,
-  purgeOldCache,
-};
+/**
+ * WAB Search Engine — Independent search aggregator with caching,
+ * ranking, suggestions, and trending queries.
+ *
+ * All results are served under the WAB brand — no external engine
+ * branding is ever exposed to the user.
+ */
+const crypto = require('crypto');
+let db;
+function initSearchEngine(database) {
+  db = database;
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS search_cache (
+      query_hash TEXT PRIMARY KEY,
+      query TEXT NOT NULL,
+      results TEXT NOT NULL,
+      source TEXT DEFAULT 'multi',
+      created_at TEXT DEFAULT (datetime('now')),
+      hit_count INTEGER DEFAULT 1
+    );
+    CREATE TABLE IF NOT EXISTS search_history (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      query TEXT NOT NULL,
+      ip_hash TEXT,
+      results_count INTEGER DEFAULT 0,
+      created_at TEXT DEFAULT (datetime('now'))
+    );
+    CREATE TABLE IF NOT EXISTS search_suggestions (
+      query TEXT PRIMARY KEY,
+      frequency INTEGER DEFAULT 1,
+      last_searched TEXT DEFAULT (datetime('now'))
+    );
+    CREATE INDEX IF NOT EXISTS idx_search_cache_created ON search_cache(created_at);
+    CREATE INDEX IF NOT EXISTS idx_search_history_created ON search_history(created_at);
+    CREATE INDEX IF NOT EXISTS idx_search_suggestions_freq ON search_suggestions(frequency DESC);
+  `);
+}
+// ─── Cache Layer ──────────────────────────────────────────────────────
+function queryHash(q) {
+  return crypto.createHash('sha256').update(q.toLowerCase().trim()).digest('hex').slice(0, 32);
+}
+function getCachedResults(query) {
+  const hash = queryHash(query);
+  const row = db.prepare(
+    `SELECT results, created_at FROM search_cache WHERE query_hash = ? AND created_at > datetime('now', '-1 hour')`
+  ).get(hash);
+  if (row) {
+    db.prepare(`UPDATE search_cache SET hit_count = hit_count + 1 WHERE query_hash = ?`).run(hash);
+    return JSON.parse(row.results);
+  }
+  return null;
+}
+function setCachedResults(query, results, source) {
+  const hash = queryHash(query);
+  db.prepare(
+    `INSERT OR REPLACE INTO search_cache (query_hash, query, results, source, created_at, hit_count)
+     VALUES (?, ?, ?, ?, datetime('now'), 1)`
+  ).run(hash, query.toLowerCase().trim(), JSON.stringify(results), source || 'multi');
+}
+// Purge old cache entries (>24h)
+function purgeOldCache() {
+  db.prepare(`DELETE FROM search_cache WHERE created_at < datetime('now', '-1 day')`).run();
+}
+// ─── Search History & Suggestions ─────────────────────────────────────
+function recordSearch(query, ipHash, resultsCount) {
+  db.prepare(
+    `INSERT INTO search_history (query, ip_hash, results_count) VALUES (?, ?, ?)`
+  ).run(query.trim(), ipHash || null, resultsCount);
+  // Update suggestion frequency
+  const normalized = query.toLowerCase().trim();
+  if (normalized.length >= 2 && normalized.length <= 100) {
+    const existing = db.prepare(`SELECT frequency FROM search_suggestions WHERE query = ?`).get(normalized);
+    if (existing) {
+      db.prepare(`UPDATE search_suggestions SET frequency = frequency + 1, last_searched = datetime('now') WHERE query = ?`).run(normalized);
+    } else {
+      db.prepare(`INSERT INTO search_suggestions (query, frequency) VALUES (?, 1)`).run(normalized);
+    }
+  }
+}
+function getSuggestions(prefix, limit = 8) {
+  if (!prefix || prefix.length < 1) return [];
+  const normalized = prefix.toLowerCase().trim();
+  return db.prepare(
+    `SELECT query, frequency FROM search_suggestions
+     WHERE query LIKE ? AND frequency > 0
+     ORDER BY frequency DESC, last_searched DESC LIMIT ?`
+  ).all(normalized + '%', limit).map(r => r.query);
+}
+function getTrendingSearches(limit = 10) {
+  return db.prepare(
+    `SELECT query, COUNT(*) as count FROM search_history
+     WHERE created_at > datetime('now', '-24 hours')
+     GROUP BY LOWER(query) ORDER BY count DESC LIMIT ?`
+  ).all(limit).map(r => ({ query: r.query, count: r.count }));
+}
+function getSearchStats() {
+  const total = db.prepare(`SELECT COUNT(*) as c FROM search_history`).get().c;
+  const today = db.prepare(`SELECT COUNT(*) as c FROM search_history WHERE created_at > datetime('now', '-24 hours')`).get().c;
+  const cached = db.prepare(`SELECT COUNT(*) as c FROM search_cache`).get().c;
+  const uniqueQueries = db.prepare(`SELECT COUNT(DISTINCT LOWER(query)) as c FROM search_history`).get().c;
+  return { total, today, cached, uniqueQueries };
+}
+// ─── Multi-Source Search ──────────────────────────────────────────────
+const UA = 'Mozilla/5.0 (Linux; Android 13) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36';
+const HEADERS = {
+  'User-Agent': UA,
+  'Accept': 'text/html',
+  'Accept-Language': 'en-US,en;q=0.9,ar;q=0.8',
+};
+async function searchDDG(q) {
+  try {
+    const url = 'https://html.duckduckgo.com/html/?q=' + encodeURIComponent(q);
+    const resp = await fetch(url, { headers: HEADERS, signal: AbortSignal.timeout(8000) });
+    const html = await resp.text();
+    const results = [];
+    const resultPattern = /<a[^>]+class="result__a"[^>]+href="([^"]*)"[^>]*>([\s\S]*?)<\/a>/gi;
+    const snippetPattern = /<a[^>]+class="result__snippet"[^>]*>([\s\S]*?)<\/a>/gi;
+    const urls = [], titles = [], snippets = [];
+    let m;
+    while ((m = resultPattern.exec(html)) !== null) {
+      urls.push(m[1]);
+      titles.push(stripHtml(m[2]));
+    }
+    while ((m = snippetPattern.exec(html)) !== null) {
+      snippets.push(decodeEntities(stripHtml(m[1])));
+    }
+    for (let i = 0; i < Math.min(urls.length, 15); i++) {
+      let u = urls[i];
+      const uddg = u.match(/uddg=([^&]+)/);
+      if (uddg) u = decodeURIComponent(uddg[1]);
+      if (!u.startsWith('http')) continue;
+      results.push({ title: titles[i] || u, url: u, snippet: snippets[i] || '', source: 'ddg' });
+    }
+    return results;
+  } catch (e) {
+    return [];
+  }
+}
+async function searchGoogle(q) {
+  try {
+    const url = 'https://www.google.com/search?q=' + encodeURIComponent(q) + '&num=15&hl=en';
+    const resp = await fetch(url, { headers: HEADERS, signal: AbortSignal.timeout(8000) });
+    const html = await resp.text();
+    const results = [];
+    const linkPattern = /<a[^>]+href="\/url\?q=([^&"]+)[^"]*"[^>]*>([\s\S]*?)<\/a>/gi;
+    let m;
+    while ((m = linkPattern.exec(html)) !== null && results.length < 15) {
+      const u = decodeURIComponent(m[1]);
+      if (!u.startsWith('http')) continue;
+      try { if (new URL(u).hostname.includes('google.')) continue; } catch { continue; }
+      const title = stripHtml(m[2]);
+      if (!title) continue;
+      results.push({ title, url: u, snippet: '', source: 'google' });
+    }
+    return results;
+  } catch (e) {
+    return [];
+  }
+}
+async function searchBing(q) {
+  try {
+    const url = 'https://www.bing.com/search?q=' + encodeURIComponent(q) + '&count=15';
+    const resp = await fetch(url, { headers: HEADERS, signal: AbortSignal.timeout(8000) });
+    const html = await resp.text();
+    const results = [];
+    // Bing result links: <a href="URL" h="ID=..."><strong>title</strong></a>
+    const linkPattern = /<li class="b_algo"[^>]*>[\s\S]*?<a[^>]+href="(https?:\/\/[^"]+)"[^>]*>([\s\S]*?)<\/a>[\s\S]*?<p[^>]*>([\s\S]*?)<\/p>/gi;
+    let m;
+    while ((m = linkPattern.exec(html)) !== null && results.length < 15) {
+      const u = m[1];
+      if (!u.startsWith('http')) continue;
+      try { if (new URL(u).hostname.includes('bing.')) continue; } catch { continue; }
+      const title = stripHtml(m[2]);
+      const snippet = decodeEntities(stripHtml(m[3]));
+      if (!title) continue;
+      results.push({ title, url: u, snippet, source: 'bing' });
+    }
+    return results;
+  } catch (e) {
+    return [];
+  }
+}
+// ─── Result Ranking Engine ────────────────────────────────────────────
+function rankResults(allResults) {
+  // Deduplicate by URL (keep the one with the best snippet)
+  const seen = new Map();
+  for (const r of allResults) {
+    const normalizedUrl = normalizeUrl(r.url);
+    const existing = seen.get(normalizedUrl);
+    if (!existing) {
+      seen.set(normalizedUrl, { ...r, sourceCount: 1 });
+    } else {
+      existing.sourceCount++;
+      // Prefer the version with a snippet
+      if (!existing.snippet && r.snippet) {
+        existing.snippet = r.snippet;
+      }
+      // Prefer longer title
+      if (r.title.length > existing.title.length) {
+        existing.title = r.title;
+      }
+    }
+  }
+  const deduplicated = Array.from(seen.values());
+  // Score each result
+  for (const r of deduplicated) {
+    let score = 0;
+    // Multi-source bonus: appearing in multiple engines means higher relevance
+    score += (r.sourceCount - 1) * 30;
+    // Snippet presence
+    if (r.snippet && r.snippet.length > 20) score += 15;
+    // HTTPS bonus
+    if (r.url.startsWith('https://')) score += 5;
+    // Domain diversity: boost independent/small sites
+    const hostname = safeHostname(r.url);
+    const bigTech = ['google.com','youtube.com','facebook.com','amazon.com','apple.com','microsoft.com','twitter.com','x.com','instagram.com','tiktok.com','linkedin.com','reddit.com','pinterest.com'];
+    const isBigTech = bigTech.some(d => hostname === d || hostname.endsWith('.' + d));
+    if (!isBigTech) score += 8;
+    // Trusted TLDs
+    const tld = hostname.split('.').pop();
+    if (['org','edu','gov','dev'].includes(tld)) score += 5;
+    // Penalize very long URLs (likely junk)
+    if (r.url.length > 200) score -= 10;
+    r.score = score;
+  }
+  // Sort by score descending, then by original order
+  deduplicated.sort((a, b) => b.score - a.score);
+  // Return top 15, strip internal fields
+  return deduplicated.slice(0, 15).map(r => ({
+    title: r.title,
+    url: r.url,
+    snippet: r.snippet || '',
+  }));
+}
+// ─── Main Search Function ─────────────────────────────────────────────
+async function search(query, ipHash) {
+  if (!query || !query.trim()) return { results: [], cached: false };
+  const q = query.trim();
+  // Check cache first
+  const cached = getCachedResults(q);
+  if (cached && cached.length > 0) {
+    recordSearch(q, ipHash, cached.length);
+    return { results: cached, cached: true };
+  }
+  // Fetch from all sources in parallel
+  const [ddgResults, googleResults, bingResults] = await Promise.allSettled([
+    searchDDG(q),
+    searchGoogle(q),
+    searchBing(q),
+  ]);
+  const allResults = [
+    ...(ddgResults.status === 'fulfilled' ? ddgResults.value : []),
+    ...(googleResults.status === 'fulfilled' ? googleResults.value : []),
+    ...(bingResults.status === 'fulfilled' ? bingResults.value : []),
+  ];
+  if (allResults.length === 0) {
+    recordSearch(q, ipHash, 0);
+    return { results: [], cached: false };
+  }
+  // Rank and deduplicate
+  const ranked = rankResults(allResults);
+  // Cache results
+  setCachedResults(q, ranked, 'multi');
+  // Record search
+  recordSearch(q, ipHash, ranked.length);
+  return { results: ranked, cached: false };
+}
+// ─── Helpers ──────────────────────────────────────────────────────────
+function stripHtml(s) {
+  return (s || '').replace(/<[^>]+>/g, '').trim();
+}
+function decodeEntities(s) {
+  return (s || '')
+    .replace(/&amp;/g, '&')
+    .replace(/&lt;/g, '<')
+    .replace(/&gt;/g, '>')
+    .replace(/&quot;/g, '"')
+    .replace(/&#x27;/g, "'")
+    .replace(/&#39;/g, "'")
+    .trim();
+}
+function normalizeUrl(url) {
+  try {
+    const u = new URL(url);
+    return u.hostname.replace(/^www\./, '') + u.pathname.replace(/\/$/, '') + u.search;
+  } catch {
+    return url;
+  }
+}
+function safeHostname(url) {
+  try {
+    return new URL(url).hostname.replace(/^www\./, '');
+  } catch {
+    return '';
+  }
+}
+module.exports = {
+  initSearchEngine,
+  search,
+  getSuggestions,
+  getTrendingSearches,
+  getSearchStats,
+  purgeOldCache,
+};