npm - web-agent-bridge - Versions diffs - 3.2.0 → 3.4.0 - Mend

web-agent-bridge 3.2.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (256) hide show

package/LICENSE +84 -72
package/README.ar.md +1304 -1152
package/README.md +298 -1635
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -138
package/bin/wab-init.js +223 -0
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -0
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -0
package/examples/cpanel-wab-dns.js +114 -0
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -0
package/examples/gcp-dns-wab.js +76 -0
package/examples/governance-agent.js +169 -0
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -0
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -0
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -0
package/examples/wab-verify.js +60 -0
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +19 -6
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -0
package/public/.well-known/wab.json +28 -0
package/public/activate.html +368 -0
package/public/adoption-metrics.html +188 -0
package/public/agent-workspace.html +349 -349
package/public/ai.html +198 -198
package/public/api.html +413 -412
package/public/azure-dns-integration.html +289 -0
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -0
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -0
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1263 -1235
package/public/dashboard.html +707 -706
package/public/dns.html +436 -0
package/public/docs.html +588 -587
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -0
package/public/growth.html +465 -463
package/public/index.html +1266 -982
package/public/integrations.html +556 -0
package/public/js/activate.js +145 -0
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +65 -31
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -0
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/openapi.json +669 -580
package/public/phone-shield.html +281 -0
package/public/plesk-integration.html +375 -0
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -0
package/public/provider-sandbox.html +134 -0
package/public/providers.html +359 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -0
package/public/robots.txt +99 -87
package/public/route53-integration.html +531 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -0
package/public/shieldqr.html +231 -0
package/public/sitemap.xml +6 -0
package/public/terms.html +256 -256
package/public/wab-trust.html +200 -0
package/public/wab-vs-protocols.html +210 -0
package/public/whitepaper.html +449 -0
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/auto-discovery.js +288 -0
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -0
package/sdk/index.d.ts +464 -464
package/sdk/index.js +25 -1
package/sdk/multi-agent.js +318 -318
package/sdk/package.json +2 -2
package/sdk/safe-mode.js +221 -0
package/sdk/safety-shield.js +219 -0
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +367 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +670 -427
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/007_governance.sql +106 -0
package/server/migrations/008_plans.sql +144 -0
package/server/migrations/009_shieldqr.sql +30 -0
package/server/migrations/010_extended_trust.sql +33 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -681
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/admin-plans.js +76 -0
package/server/routes/admin-premium.js +673 -671
package/server/routes/admin-shieldqr.js +90 -0
package/server/routes/admin-trust-monitor.js +83 -0
package/server/routes/admin.js +549 -261
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -45
package/server/routes/commander.js +316 -316
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -0
package/server/routes/discovery.js +2348 -417
package/server/routes/gateway.js +173 -157
package/server/routes/governance.js +208 -0
package/server/routes/license.js +251 -240
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/plans.js +33 -0
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -0
package/server/routes/runtime.js +2148 -2147
package/server/routes/shieldqr.js +88 -0
package/server/routes/sovereign.js +465 -385
package/server/routes/universal.js +200 -185
package/server/routes/wab-api.js +850 -501
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/security/cross-site-redactor.js +196 -0
package/server/security/dry-run.js +180 -0
package/server/security/human-gate-rate-limit.js +147 -0
package/server/security/human-gate-transports.js +178 -0
package/server/security/human-gate.js +281 -0
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -0
package/server/security/reward-guard.js +171 -0
package/server/security/rollback-store.js +239 -0
package/server/security/token-scope.js +404 -0
package/server/security/url-policy.js +139 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -575
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -539
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -261
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -204
package/server/services/governance.js +466 -0
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/plans.js +214 -0
package/server/services/plugins.js +771 -771
package/server/services/premium.js +1 -1
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -0
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldqr.js +322 -0
package/server/services/sovereign-shield.js +542 -0
package/server/services/ssl-inspector.js +42 -0
package/server/services/ssl-monitor.js +167 -0
package/server/services/stripe.js +205 -192
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +662 -661
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -0
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -0
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/public/score.html +0 -263
package/server/migrations/006_growth_suite.sql +0 -138
package/server/routes/growth.js +0 -962
package/server/services/fairness-engine.js +0 -409
package/server/services/fairness.js +0 -420

package/public/feed.xml CHANGED Viewed

@@ -1,89 +1,89 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom">
-  <title>Web Agent Bridge — Changelog</title>
-  <subtitle>Open protocol for AI agent ↔ website interaction. Release notes and updates.</subtitle>
-  <link href="https://webagentbridge.com/feed.xml" rel="self" type="application/atom+xml"/>
-  <link href="https://webagentbridge.com/" rel="alternate" type="text/html"/>
-  <id>https://webagentbridge.com/</id>
-  <updated>2026-03-28T00:00:00Z</updated>
-  <author>
-    <name>Web Agent Bridge</name>
-    <uri>https://webagentbridge.com</uri>
-  </author>
-  <icon>https://webagentbridge.com/favicon.ico</icon>
-  <rights>MIT License</rights>
-  <category term="AI" label="Artificial Intelligence"/>
-  <category term="web-protocol" label="Web Protocol"/>
-  <category term="automation" label="Automation"/>
-  <entry>
-    <title>v1.2.0 — WAB Protocol Ecosystem Release</title>
-    <link href="https://github.com/abokenan444/web-agent-bridge/releases/tag/v1.2.0" rel="alternate"/>
-    <id>https://webagentbridge.com/releases/v1.2.0</id>
-    <updated>2026-03-28T00:00:00Z</updated>
-    <summary type="html">
-      &lt;p&gt;Major release: WAB Protocol Specification v1.0, MCP Adapter for Claude/GPT integration,
-      Fairness Engine for equitable AI discovery, Discovery Protocol with agent-bridge.json,
-      WordPress plugin with full protocol support, dynamic subscription plan management,
-      NoScript HTTP fallback for JS-disabled environments, Agent SDK with discover/ping/execute methods,
-      and comprehensive OpenAPI documentation.&lt;/p&gt;
-    </summary>
-    <content type="html">
-      &lt;h2&gt;WAB Protocol v1.2.0 — Ecosystem Release&lt;/h2&gt;
-      &lt;h3&gt;Protocol &amp; Specification&lt;/h3&gt;
-      &lt;ul&gt;
-        &lt;li&gt;WAB Protocol Specification v1.0 — Formal spec with Discovery, Command, Lifecycle, Security, and Fairness protocols&lt;/li&gt;
-        &lt;li&gt;Discovery Protocol — Sites publish agent-bridge.json or /.well-known/wab.json&lt;/li&gt;
-        &lt;li&gt;Command Protocol — Standardized JSON format for agent actions&lt;/li&gt;
-        &lt;li&gt;Lifecycle Protocol — Discover → Authenticate → Plan → Execute → Confirm&lt;/li&gt;
-      &lt;/ul&gt;
-      &lt;h3&gt;MCP Integration&lt;/h3&gt;
-      &lt;ul&gt;
-        &lt;li&gt;wab-mcp-adapter — Converts WAB actions into MCP tools&lt;/li&gt;
-        &lt;li&gt;Compatible with Claude, GPT, LangChain, and any MCP-enabled agent&lt;/li&gt;
-      &lt;/ul&gt;
-      &lt;h3&gt;Fairness Engine&lt;/h3&gt;
-      &lt;ul&gt;
-        &lt;li&gt;Neutrality scoring (0–100) for equitable site discovery&lt;/li&gt;
-        &lt;li&gt;Anti-monopoly bias correction in search results&lt;/li&gt;
-        &lt;li&gt;Commission transparency and local business support flags&lt;/li&gt;
-      &lt;/ul&gt;
-      &lt;h3&gt;WordPress Plugin&lt;/h3&gt;
-      &lt;ul&gt;
-        &lt;li&gt;Discovery Protocol endpoints (REST API + rewrite rules)&lt;/li&gt;
-        &lt;li&gt;NoScript meta tags and fallback for HTTP-only agents&lt;/li&gt;
-        &lt;li&gt;Protocol status page in admin settings&lt;/li&gt;
-      &lt;/ul&gt;
-      &lt;h3&gt;Infrastructure&lt;/h3&gt;
-      &lt;ul&gt;
-        &lt;li&gt;Dynamic subscription plan management via admin dashboard&lt;/li&gt;
-        &lt;li&gt;OpenAPI specification for all public endpoints&lt;/li&gt;
-        &lt;li&gt;llms.txt and llms-full.txt for AI model discovery&lt;/li&gt;
-        &lt;li&gt;AI-optimized robots.txt and sitemap.xml&lt;/li&gt;
-      &lt;/ul&gt;
-    </content>
-  </entry>
-  <entry>
-    <title>v1.1.0 — Protocol Specification &amp; MCP Adapter</title>
-    <link href="https://github.com/abokenan444/web-agent-bridge/releases/tag/v1.1.0" rel="alternate"/>
-    <id>https://webagentbridge.com/releases/v1.1.0</id>
-    <updated>2026-03-25T00:00:00Z</updated>
-    <summary type="html">
-      &lt;p&gt;Introduction of the WAB Protocol Specification v1.0, MCP adapter for LLM integration,
-      Discovery Protocol, and Fairness Engine.&lt;/p&gt;
-    </summary>
-  </entry>
-  <entry>
-    <title>v1.0.0 — Initial Release</title>
-    <link href="https://github.com/abokenan444/web-agent-bridge/releases/tag/v1.0.0" rel="alternate"/>
-    <id>https://webagentbridge.com/releases/v1.0.0</id>
-    <updated>2026-03-20T00:00:00Z</updated>
-    <summary type="html">
-      &lt;p&gt;First public release of Web Agent Bridge. Core runtime with AI command registration,
-      client-side bridge script, Express.js server, license management, analytics,
-      and the initial NoScript fallback.&lt;/p&gt;
-    </summary>
-  </entry>
-</feed>
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom">
+  <title>Web Agent Bridge — Changelog</title>
+  <subtitle>Open protocol for AI agent ↔ website interaction. Release notes and updates.</subtitle>
+  <link href="https://webagentbridge.com/feed.xml" rel="self" type="application/atom+xml"/>
+  <link href="https://webagentbridge.com/" rel="alternate" type="text/html"/>
+  <id>https://webagentbridge.com/</id>
+  <updated>2026-03-28T00:00:00Z</updated>
+  <author>
+    <name>Web Agent Bridge</name>
+    <uri>https://webagentbridge.com</uri>
+  </author>
+  <icon>https://webagentbridge.com/favicon.ico</icon>
+  <rights>MIT License</rights>
+  <category term="AI" label="Artificial Intelligence"/>
+  <category term="web-protocol" label="Web Protocol"/>
+  <category term="automation" label="Automation"/>
+  <entry>
+    <title>v1.2.0 — WAB Protocol Ecosystem Release</title>
+    <link href="https://github.com/abokenan444/web-agent-bridge/releases/tag/v1.2.0" rel="alternate"/>
+    <id>https://webagentbridge.com/releases/v1.2.0</id>
+    <updated>2026-03-28T00:00:00Z</updated>
+    <summary type="html">
+      &lt;p&gt;Major release: WAB Protocol Specification v1.0, MCP Adapter for Claude/GPT integration,
+      Fairness Engine for equitable AI discovery, Discovery Protocol with agent-bridge.json,
+      WordPress plugin with full protocol support, dynamic subscription plan management,
+      NoScript HTTP fallback for JS-disabled environments, Agent SDK with discover/ping/execute methods,
+      and comprehensive OpenAPI documentation.&lt;/p&gt;
+    </summary>
+    <content type="html">
+      &lt;h2&gt;WAB Protocol v1.2.0 — Ecosystem Release&lt;/h2&gt;
+      &lt;h3&gt;Protocol &amp; Specification&lt;/h3&gt;
+      &lt;ul&gt;
+        &lt;li&gt;WAB Protocol Specification v1.0 — Formal spec with Discovery, Command, Lifecycle, Security, and Fairness protocols&lt;/li&gt;
+        &lt;li&gt;Discovery Protocol — Sites publish agent-bridge.json or /.well-known/wab.json&lt;/li&gt;
+        &lt;li&gt;Command Protocol — Standardized JSON format for agent actions&lt;/li&gt;
+        &lt;li&gt;Lifecycle Protocol — Discover → Authenticate → Plan → Execute → Confirm&lt;/li&gt;
+      &lt;/ul&gt;
+      &lt;h3&gt;MCP Integration&lt;/h3&gt;
+      &lt;ul&gt;
+        &lt;li&gt;wab-mcp-adapter — Converts WAB actions into MCP tools&lt;/li&gt;
+        &lt;li&gt;Compatible with Claude, GPT, LangChain, and any MCP-enabled agent&lt;/li&gt;
+      &lt;/ul&gt;
+      &lt;h3&gt;Fairness Engine&lt;/h3&gt;
+      &lt;ul&gt;
+        &lt;li&gt;Neutrality scoring (0–100) for equitable site discovery&lt;/li&gt;
+        &lt;li&gt;Anti-monopoly bias correction in search results&lt;/li&gt;
+        &lt;li&gt;Commission transparency and local business support flags&lt;/li&gt;
+      &lt;/ul&gt;
+      &lt;h3&gt;WordPress Plugin&lt;/h3&gt;
+      &lt;ul&gt;
+        &lt;li&gt;Discovery Protocol endpoints (REST API + rewrite rules)&lt;/li&gt;
+        &lt;li&gt;NoScript meta tags and fallback for HTTP-only agents&lt;/li&gt;
+        &lt;li&gt;Protocol status page in admin settings&lt;/li&gt;
+      &lt;/ul&gt;
+      &lt;h3&gt;Infrastructure&lt;/h3&gt;
+      &lt;ul&gt;
+        &lt;li&gt;Dynamic subscription plan management via admin dashboard&lt;/li&gt;
+        &lt;li&gt;OpenAPI specification for all public endpoints&lt;/li&gt;
+        &lt;li&gt;llms.txt and llms-full.txt for AI model discovery&lt;/li&gt;
+        &lt;li&gt;AI-optimized robots.txt and sitemap.xml&lt;/li&gt;
+      &lt;/ul&gt;
+    </content>
+  </entry>
+  <entry>
+    <title>v1.1.0 — Protocol Specification &amp; MCP Adapter</title>
+    <link href="https://github.com/abokenan444/web-agent-bridge/releases/tag/v1.1.0" rel="alternate"/>
+    <id>https://webagentbridge.com/releases/v1.1.0</id>
+    <updated>2026-03-25T00:00:00Z</updated>
+    <summary type="html">
+      &lt;p&gt;Introduction of the WAB Protocol Specification v1.0, MCP adapter for LLM integration,
+      Discovery Protocol, and Fairness Engine.&lt;/p&gt;
+    </summary>
+  </entry>
+  <entry>
+    <title>v1.0.0 — Initial Release</title>
+    <link href="https://github.com/abokenan444/web-agent-bridge/releases/tag/v1.0.0" rel="alternate"/>
+    <id>https://webagentbridge.com/releases/v1.0.0</id>
+    <updated>2026-03-20T00:00:00Z</updated>
+    <summary type="html">
+      &lt;p&gt;First public release of Web Agent Bridge. Core runtime with AI command registration,
+      client-side bridge script, Express.js server, license management, analytics,
+      and the initial NoScript fallback.&lt;/p&gt;
+    </summary>
+  </entry>
+</feed>

package/public/gcp-dns-integration.html ADDED Viewed

@@ -0,0 +1,318 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <title>WAB DNS — Google Cloud DNS Integration</title>
+  <link rel="stylesheet" href="/css/main.css">
+  <style>
+    body { font-family: system-ui, sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 0; }
+    .page { max-width: 880px; margin: 0 auto; padding: 40px 20px 80px; }
+    h1 { font-size: 1.7rem; margin-bottom: 6px; }
+    .sub { color: #94a3b8; margin-bottom: 32px; font-size: .97rem; }
+    .card { background: #1e293b; border-radius: 10px; padding: 24px; margin-bottom: 24px; }
+    h2 { font-size: 1.1rem; margin: 0 0 14px; }
+    label { display: block; font-size: .85rem; color: #94a3b8; margin-bottom: 4px; margin-top: 14px; }
+    label:first-child { margin-top: 0; }
+    input[type=text], input[type=password], textarea {
+      width: 100%; box-sizing: border-box; background: #0f172a; border: 1px solid #334155;
+      color: #e2e8f0; border-radius: 6px; padding: 9px 12px; font-size: .93rem; font-family: inherit;
+    }
+    textarea { font-family: ui-monospace, monospace; min-height: 100px; }
+    input:focus, textarea:focus { outline: 2px solid #6366f1; border-color: transparent; }
+    .row { display: flex; gap: 12px; }
+    .row > * { flex: 1; }
+    .actions { display: flex; gap: 10px; margin-top: 20px; flex-wrap: wrap; }
+    .btn { padding: 9px 20px; border-radius: 7px; border: none; cursor: pointer; font-size: .92rem; font-weight: 600; }
+    .btn:hover { opacity: .85; }
+    .btn:disabled { opacity: .45; cursor: not-allowed; }
+    .btn-enable    { background: #4285f4; color: #fff; }
+    .btn-disable   { background: #ef4444; color: #fff; }
+    .btn-verify    { background: #6366f1; color: #fff; }
+    .btn-secondary { background: #334155; color: #e2e8f0; }
+    #statusBar { margin-top: 18px; min-height: 36px; padding: 10px 14px; border-radius: 7px; background: #0f172a; font-size: .88rem; color: #94a3b8; display: none; }
+    #statusBar.ok   { display: block; color: #4ade80; border: 1px solid #166534; }
+    #statusBar.err  { display: block; color: #f87171; border: 1px solid #7f1d1d; }
+    #statusBar.info { display: block; color: #93c5fd; border: 1px solid #1e3a5f; }
+    pre { background: #0f172a; border-radius: 7px; padding: 14px 16px; font-size: .82rem; color: #94a3b8; overflow-x: auto; white-space: pre-wrap; word-break: break-word; margin: 14px 0 0; }
+    code { background: #0f172a; padding: 1px 5px; border-radius: 4px; font-size: .88em; }
+    .tab-bar { display: flex; gap: 4px; margin-bottom: 14px; }
+    .tab { padding: 5px 14px; border-radius: 6px; cursor: pointer; font-size: .84rem; background: #0f172a; color: #94a3b8; border: 1px solid #334155; }
+    .tab.active { background: #6366f1; color: #fff; border-color: transparent; }
+    .tab-panel { display: none; }
+    .tab-panel.active { display: block; }
+    .step { display: flex; gap: 14px; margin-bottom: 18px; }
+    .step-num { flex-shrink: 0; width: 28px; height: 28px; border-radius: 50%; background: #334155; color: #e2e8f0; font-size: .82rem; font-weight: 700; display: flex; align-items: center; justify-content: center; }
+    .step-body { flex: 1; padding-top: 3px; }
+    .info-box { background: #0c2340; border: 1px solid #1e3a5f; border-radius: 8px; padding: 12px 16px; font-size: .87rem; color: #93c5fd; margin-bottom: 18px; }
+    a { color: #818cf8; }
+  </style>
+</head>
+<body>
+<div class="page">
+  <h1>Google Cloud DNS × WAB Discovery</h1>
+  <p class="sub">
+    Enable or disable the WAB DNS Discovery TXT record on any
+    <a href="https://cloud.google.com/dns/docs/reference/rest/v1" target="_blank" rel="noopener">Cloud DNS</a> managed zone.
+  </p>
+  <div class="info-box">
+    ℹ <strong>OAuth 2.0 Access Token required.</strong>
+    Browser SigV4-style signing isn't supported by Cloud DNS — paste a short-lived OAuth access token instead.
+    Generate one with: <code>gcloud auth print-access-token</code>
+  </div>
+  <!-- ── STEP 1: credentials ── -->
+  <div class="card">
+    <h2>1. Authentication</h2>
+    <label>OAuth 2.0 Access Token <span style="color:#64748b;font-weight:400">(short-lived, browser keeps in memory only)</span></label>
+    <input type="password" id="gcpToken" placeholder="ya29.…" autocomplete="off">
+    <p style="margin:8px 0 0;font-size:.82rem;color:#64748b">
+      Obtain via: <code>gcloud auth print-access-token</code> (with <code>roles/dns.admin</code> on the zone).
+      Token expires in ~60 minutes — re-paste if needed.
+    </p>
+  </div>
+  <!-- ── STEP 2: project + zone + domain ── -->
+  <div class="card">
+    <h2>2. Project &amp; Zone</h2>
+    <div class="row">
+      <div>
+        <label>GCP Project ID</label>
+        <input type="text" id="gcpProject" placeholder="my-gcp-project">
+      </div>
+      <div>
+        <label>Managed Zone Name <span style="color:#64748b;font-weight:400">(not the DNS name)</span></label>
+        <input type="text" id="gcpZone" placeholder="example-com">
+      </div>
+    </div>
+    <div class="row">
+      <div>
+        <label>Domain</label>
+        <input type="text" id="gcpDomain" placeholder="example.com">
+      </div>
+      <div>
+        <label>Endpoint URL <span style="color:#64748b;font-weight:400">(blank = auto)</span></label>
+        <input type="text" id="gcpEndpoint" placeholder="https://example.com/.well-known/wab.json">
+      </div>
+    </div>
+  </div>
+  <!-- ── STEP 3: actions ── -->
+  <div class="card">
+    <h2>3. Actions</h2>
+    <div class="actions">
+      <button class="btn btn-enable"    id="btnEnable"  onclick="gcpAction('enable')">✓ Enable WAB Discovery</button>
+      <button class="btn btn-disable"   id="btnDisable" onclick="gcpAction('disable')">✗ Disable WAB Discovery</button>
+      <button class="btn btn-verify"    id="btnVerify"  onclick="gcpVerify()">⟳ Verify Status</button>
+      <button class="btn btn-secondary" onclick="window.open('/provider-sandbox','_blank')">Open Sandbox</button>
+    </div>
+    <div id="statusBar"></div>
+    <pre id="jsonOut" style="display:none"></pre>
+  </div>
+  <!-- ── HOW IT WORKS ── -->
+  <div class="card">
+    <h2>How it works</h2>
+    <div class="step"><div class="step-num">1</div><div class="step-body">Fetch WAB record template (<code>GET /api/discovery/provider/record-template</code>) for TXT value.</div></div>
+    <div class="step"><div class="step-num">2</div><div class="step-body">Look up existing <code>_wab</code> TXT in the managed zone (<code>GET …/managedZones/{zone}/rrsets</code>).</div></div>
+    <div class="step"><div class="step-num">3</div><div class="step-body">Cloud DNS uses atomic <strong>changes</strong>: <code>POST changes</code> with <code>{additions, deletions}</code>. Enable = add (+ delete old if value differs). Disable = delete.</div></div>
+    <div class="step"><div class="step-num">4</div><div class="step-body">Confirm via <code>/api/discovery/provider/status</code>. Cloud DNS propagation is typically &lt; 60 s.</div></div>
+  </div>
+  <!-- ── CODE SNIPPETS ── -->
+  <div class="card">
+    <h2>Code Snippets</h2>
+    <div class="tab-bar">
+      <div class="tab active" onclick="switchTab('nodejs')">Node.js</div>
+      <div class="tab" onclick="switchTab('gcloud')">gcloud CLI</div>
+      <div class="tab" onclick="switchTab('tf')">Terraform</div>
+    </div>
+    <div id="tab-nodejs" class="tab-panel active">
+<pre>// npm install @google-cloud/dns
+const { DNS } = require('@google-cloud/dns');
+const dns = new DNS({ projectId: 'my-gcp-project' });
+const ZONE   = 'example-com';
+const DOMAIN = 'example.com';
+const TXT_VAL = `"v=wab1; endpoint=https://${DOMAIN}/.well-known/wab.json"`;
+const zone = dns.zone(ZONE);
+const recordSet = zone.record('txt', { name: `_wab.${DOMAIN}.`, ttl: 3600, data: TXT_VAL });
+async function enableWAB() {
+  // delete any existing _wab TXT then add new
+  const [records] = await zone.getRecords({ type: 'TXT', name: `_wab.${DOMAIN}.` });
+  if (records.length) {
+    await zone.deleteRecords(records);
+  }
+  await zone.addRecords([recordSet]);
+  console.log('WAB Discovery ENABLED');
+}
+async function disableWAB() {
+  const [records] = await zone.getRecords({ type: 'TXT', name: `_wab.${DOMAIN}.` });
+  if (!records.length) return console.log('Already disabled');
+  await zone.deleteRecords(records);
+  console.log('WAB Discovery DISABLED');
+}
+enableWAB().catch(console.error);
+</pre>
+    </div>
+    <div id="tab-gcloud" class="tab-panel">
+<pre># Enable: start a transaction, add record, execute
+gcloud dns record-sets transaction start --zone=example-com
+gcloud dns record-sets transaction add \
+  '"v=wab1; endpoint=https://example.com/.well-known/wab.json"' \
+  --name=_wab.example.com. --ttl=3600 --type=TXT --zone=example-com
+gcloud dns record-sets transaction execute --zone=example-com
+# Disable: remove the record
+gcloud dns record-sets transaction start --zone=example-com
+gcloud dns record-sets transaction remove \
+  '"v=wab1; endpoint=https://example.com/.well-known/wab.json"' \
+  --name=_wab.example.com. --ttl=3600 --type=TXT --zone=example-com
+gcloud dns record-sets transaction execute --zone=example-com
+</pre>
+    </div>
+    <div id="tab-tf" class="tab-panel">
+<pre>resource "google_dns_record_set" "wab_discovery" {
+  managed_zone = "example-com"
+  name         = "_wab.example.com."
+  type         = "TXT"
+  ttl          = 3600
+  rrdatas      = ["\"v=wab1; endpoint=https://example.com/.well-known/wab.json\""]
+}
+# Toggle: count = var.wab_enabled ? 1 : 0
+</pre>
+    </div>
+  </div>
+  <!-- ── IAM ── -->
+  <div class="card">
+    <h2>Minimal IAM Role</h2>
+    <p style="font-size:.85rem;color:#94a3b8;margin:0 0 10px">
+      Use a custom role with these permissions on the managed zone:
+    </p>
+<pre>dns.changes.create
+dns.changes.get
+dns.resourceRecordSets.list
+dns.resourceRecordSets.create
+dns.resourceRecordSets.delete</pre>
+  </div>
+  <p style="text-align:center;margin-top:30px;font-size:.85rem;color:#475569">
+    <a href="/provider-onboarding">← Provider Onboarding</a> ·
+    <a href="/cloudflare-integration">Cloudflare</a> ·
+    <a href="/cpanel-integration">cPanel</a> ·
+    <a href="/route53-integration">Route 53</a> ·
+    <a href="/plesk-integration">Plesk</a> ·
+    <a href="/dns">DNS Discovery</a>
+  </p>
+</div>
+<script>
+function switchTab(name) {
+  document.querySelectorAll('.tab').forEach(t => t.classList.remove('active'));
+  document.querySelectorAll('.tab-panel').forEach(p => p.classList.remove('active'));
+  document.querySelector(`#tab-${name}`).classList.add('active');
+  event.target.classList.add('active');
+}
+function setStatus(msg, type) { const b = document.getElementById('statusBar'); b.textContent = msg; b.className = type; }
+function showJson(o) { const p = document.getElementById('jsonOut'); p.textContent = JSON.stringify(o, null, 2); p.style.display = 'block'; }
+function getInputs() {
+  return {
+    token:   document.getElementById('gcpToken').value.trim(),
+    project: document.getElementById('gcpProject').value.trim(),
+    zone:    document.getElementById('gcpZone').value.trim(),
+    domain:  document.getElementById('gcpDomain').value.trim().toLowerCase().replace(/^https?:\/\//, '').replace(/\/$/, ''),
+    ep:      document.getElementById('gcpEndpoint').value.trim(),
+  };
+}
+async function gcpRequest(token, method, path, body) {
+  const r = await fetch(`https://dns.googleapis.com/dns/v1${path}`, {
+    method,
+    headers: { 'Authorization': `Bearer ${token}`, 'Content-Type': 'application/json' },
+    body: body ? JSON.stringify(body) : undefined,
+  });
+  const j = await r.json().catch(() => ({}));
+  if (!r.ok) throw new Error(`Cloud DNS ${r.status}: ${j.error && j.error.message || JSON.stringify(j).slice(0, 300)}`);
+  return j;
+}
+async function gcpAction(action) {
+  const inp = getInputs();
+  if (!inp.token)   return setStatus('Please paste an OAuth access token.', 'err');
+  if (!inp.project) return setStatus('Please enter the GCP Project ID.', 'err');
+  if (!inp.zone)    return setStatus('Please enter the managed zone name.', 'err');
+  if (!inp.domain)  return setStatus('Please enter the domain.', 'err');
+  document.getElementById('btnEnable').disabled  = true;
+  document.getElementById('btnDisable').disabled = true;
+  try {
+    const ep = inp.ep || `https://${inp.domain}/.well-known/wab.json`;
+    setStatus('Fetching WAB record template…', 'info');
+    const tpl = await (await fetch(`/api/discovery/provider/record-template?domain=${encodeURIComponent(inp.domain)}&endpoint=${encodeURIComponent(ep)}`)).json();
+    const rawTxt = tpl.record && tpl.record.value;
+    if (!rawTxt) throw new Error('Could not fetch WAB record template.');
+    // Cloud DNS requires double-quoted TXT value
+    const txtVal = rawTxt.startsWith('"') ? rawTxt : `"${rawTxt}"`;
+    const fqdn   = `_wab.${inp.domain}.`;
+    const base   = `/projects/${inp.project}/managedZones/${inp.zone}`;
+    setStatus('Looking up existing _wab TXT records…', 'info');
+    const list = await gcpRequest(inp.token, 'GET', `${base}/rrsets?name=${encodeURIComponent(fqdn)}&type=TXT`);
+    const existing = (list.rrsets || [])[0] || null;
+    if (action === 'enable') {
+      const additions = [{ name: fqdn, type: 'TXT', ttl: 3600, rrdatas: [txtVal] }];
+      const change = { additions };
+      if (existing && existing.rrdatas && existing.rrdatas[0] === txtVal) {
+        setStatus(`Record already up-to-date for ${inp.domain}. WAB Discovery is ENABLED.`, 'ok');
+        showJson({ note: 'no change needed', existing });
+        return;
+      }
+      if (existing) change.deletions = [existing];
+      setStatus(`Submitting change to Cloud DNS (${existing ? 'replace' : 'create'})…`, 'info');
+      const out = await gcpRequest(inp.token, 'POST', `${base}/changes`, change);
+      setStatus(`✓ _wab TXT ${existing ? 'updated' : 'created'} for ${inp.domain}. Change id=${out.id}, status=${out.status}.`, 'ok');
+      showJson(out);
+    } else {
+      if (!existing) {
+        setStatus(`No _wab TXT record found for ${inp.domain} — already disabled.`, 'ok');
+        showJson({ note: 'no record found' });
+        return;
+      }
+      setStatus('Submitting delete change to Cloud DNS…', 'info');
+      const out = await gcpRequest(inp.token, 'POST', `${base}/changes`, { deletions: [existing] });
+      setStatus(`✓ _wab TXT deleted for ${inp.domain}. WAB Discovery is DISABLED.`, 'ok');
+      showJson(out);
+    }
+  } catch (err) {
+    setStatus(`Error: ${err.message}`, 'err');
+  } finally {
+    document.getElementById('btnEnable').disabled  = false;
+    document.getElementById('btnDisable').disabled = false;
+  }
+}
+async function gcpVerify() {
+  const { domain } = getInputs();
+  if (!domain) return setStatus('Please enter a domain.', 'err');
+  setStatus('Checking WAB status…', 'info');
+  try {
+    const j = await (await fetch(`/api/discovery/provider/status?domain=${encodeURIComponent(domain)}`)).json();
+    if (j.status === 'enabled')      setStatus(`✓ ${domain} — ENABLED.`, 'ok');
+    else if (j.status === 'partial') setStatus(`⚠ ${domain} — partial.`, 'info');
+    else setStatus(`✗ ${domain} — DISABLED.`, 'err');
+    showJson(j);
+  } catch (err) { setStatus(`Verify error: ${err.message}`, 'err'); }
+}
+</script>
+</body>
+</html>