npm - web-agent-bridge - Versions diffs - 3.2.0 → 3.4.0 - Mend

web-agent-bridge 3.2.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (256) hide show

package/LICENSE +84 -72
package/README.ar.md +1304 -1152
package/README.md +298 -1635
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -138
package/bin/wab-init.js +223 -0
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -0
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -0
package/examples/cpanel-wab-dns.js +114 -0
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -0
package/examples/gcp-dns-wab.js +76 -0
package/examples/governance-agent.js +169 -0
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -0
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -0
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -0
package/examples/wab-verify.js +60 -0
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +19 -6
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -0
package/public/.well-known/wab.json +28 -0
package/public/activate.html +368 -0
package/public/adoption-metrics.html +188 -0
package/public/agent-workspace.html +349 -349
package/public/ai.html +198 -198
package/public/api.html +413 -412
package/public/azure-dns-integration.html +289 -0
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -0
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -0
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1263 -1235
package/public/dashboard.html +707 -706
package/public/dns.html +436 -0
package/public/docs.html +588 -587
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -0
package/public/growth.html +465 -463
package/public/index.html +1266 -982
package/public/integrations.html +556 -0
package/public/js/activate.js +145 -0
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +65 -31
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -0
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/openapi.json +669 -580
package/public/phone-shield.html +281 -0
package/public/plesk-integration.html +375 -0
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -0
package/public/provider-sandbox.html +134 -0
package/public/providers.html +359 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -0
package/public/robots.txt +99 -87
package/public/route53-integration.html +531 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -0
package/public/shieldqr.html +231 -0
package/public/sitemap.xml +6 -0
package/public/terms.html +256 -256
package/public/wab-trust.html +200 -0
package/public/wab-vs-protocols.html +210 -0
package/public/whitepaper.html +449 -0
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/auto-discovery.js +288 -0
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -0
package/sdk/index.d.ts +464 -464
package/sdk/index.js +25 -1
package/sdk/multi-agent.js +318 -318
package/sdk/package.json +2 -2
package/sdk/safe-mode.js +221 -0
package/sdk/safety-shield.js +219 -0
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +367 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +670 -427
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/007_governance.sql +106 -0
package/server/migrations/008_plans.sql +144 -0
package/server/migrations/009_shieldqr.sql +30 -0
package/server/migrations/010_extended_trust.sql +33 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -681
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/admin-plans.js +76 -0
package/server/routes/admin-premium.js +673 -671
package/server/routes/admin-shieldqr.js +90 -0
package/server/routes/admin-trust-monitor.js +83 -0
package/server/routes/admin.js +549 -261
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -45
package/server/routes/commander.js +316 -316
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -0
package/server/routes/discovery.js +2348 -417
package/server/routes/gateway.js +173 -157
package/server/routes/governance.js +208 -0
package/server/routes/license.js +251 -240
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/plans.js +33 -0
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -0
package/server/routes/runtime.js +2148 -2147
package/server/routes/shieldqr.js +88 -0
package/server/routes/sovereign.js +465 -385
package/server/routes/universal.js +200 -185
package/server/routes/wab-api.js +850 -501
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/security/cross-site-redactor.js +196 -0
package/server/security/dry-run.js +180 -0
package/server/security/human-gate-rate-limit.js +147 -0
package/server/security/human-gate-transports.js +178 -0
package/server/security/human-gate.js +281 -0
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -0
package/server/security/reward-guard.js +171 -0
package/server/security/rollback-store.js +239 -0
package/server/security/token-scope.js +404 -0
package/server/security/url-policy.js +139 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -575
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -539
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -261
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -204
package/server/services/governance.js +466 -0
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/plans.js +214 -0
package/server/services/plugins.js +771 -771
package/server/services/premium.js +1 -1
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -0
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldqr.js +322 -0
package/server/services/sovereign-shield.js +542 -0
package/server/services/ssl-inspector.js +42 -0
package/server/services/ssl-monitor.js +167 -0
package/server/services/stripe.js +205 -192
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +662 -661
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -0
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -0
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/public/score.html +0 -263
package/server/migrations/006_growth_suite.sql +0 -138
package/server/routes/growth.js +0 -962
package/server/services/fairness-engine.js +0 -409
package/server/services/fairness.js +0 -420

package/public/phone-shield.html ADDED Viewed

@@ -0,0 +1,281 @@
+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>WAB Sovereign Phone Shield</title>
+  <meta name="description" content="Communication protection layer for WAB: threat-intel feed, behavioral IDS, community reporting, and personal vault encryption.">
+  <link rel="preconnect" href="https://fonts.googleapis.com">
+  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+  <link rel="preload" href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&family=JetBrains+Mono:wght@400;500&display=swap" as="style" onload="this.onload=null;this.rel='stylesheet'">
+  <noscript><link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet"></noscript>
+  <link rel="stylesheet" href="/css/styles.css?v=3.2.0">
+  <style>
+    body{background:#070d19;color:#e5edff}
+    .hero{padding:110px 24px 42px;text-align:center}
+    .hero h1{font-size:clamp(2rem,4vw,3rem);margin-bottom:10px}
+    .hero p{max-width:860px;margin:0 auto;color:#99a8c7;line-height:1.7}
+    .lang{display:flex;gap:10px;justify-content:center;margin:0 0 22px}
+    .lang button{border:1px solid rgba(255,255,255,.15);background:rgba(255,255,255,.04);color:#e5edff;padding:8px 14px;border-radius:10px;cursor:pointer}
+    .lang button.active{background:linear-gradient(135deg,#0ea5e9,#2563eb);border-color:transparent}
+    .grid{display:grid;grid-template-columns:repeat(auto-fit,minmax(340px,1fr));gap:18px;max-width:1300px;margin:0 auto;padding:0 20px 32px}
+    .card{background:linear-gradient(180deg,rgba(17,24,39,.9),rgba(12,18,31,.95));border:1px solid rgba(148,163,184,.18);border-radius:16px;padding:18px}
+    .card h3{margin:0 0 8px;font-size:1.07rem}
+    .muted{color:#96a7c7;font-size:.92rem;line-height:1.65}
+    .badge{display:inline-block;background:rgba(16,185,129,.14);border:1px solid rgba(16,185,129,.36);color:#6ee7b7;padding:4px 9px;border-radius:999px;font-size:.73rem;font-weight:700;margin-top:8px}
+    .box{background:rgba(2,6,23,.72);border:1px solid rgba(148,163,184,.2);border-radius:13px;padding:14px;margin-top:12px}
+    .row{display:grid;grid-template-columns:1fr 1fr;gap:10px}
+    @media (max-width:780px){.row{grid-template-columns:1fr}}
+    label{display:block;font-size:.78rem;color:#9fb0ce;margin-bottom:4px}
+    input,textarea,select{width:100%;background:#0a1324;border:1px solid rgba(148,163,184,.27);border-radius:10px;color:#e2e8f0;padding:10px;font-family:Inter,sans-serif}
+    textarea{min-height:98px;resize:vertical}
+    .btn{margin-top:10px;background:linear-gradient(135deg,#0284c7,#1d4ed8);color:#fff;border:none;padding:10px 14px;border-radius:10px;cursor:pointer;font-weight:700}
+    .btn.secondary{background:linear-gradient(135deg,#334155,#1e293b)}
+    pre{background:#020617;border:1px solid rgba(148,163,184,.25);padding:10px;border-radius:10px;font-size:.78rem;color:#a5b4fc;overflow:auto;font-family:'JetBrains Mono',monospace;line-height:1.55;max-height:260px}
+    .stats{display:grid;grid-template-columns:repeat(auto-fit,minmax(180px,1fr));gap:10px}
+    .stat{background:rgba(2,6,23,.66);border:1px solid rgba(148,163,184,.19);border-radius:12px;padding:12px}
+    .stat .k{color:#93a6c7;font-size:.75rem}
+    .stat .v{font-size:1.45rem;font-weight:800;color:#7dd3fc}
+    .status{font-size:.84rem;margin-top:10px}
+    .ok{color:#4ade80}.warn{color:#facc15}.danger{color:#f87171}
+  </style>
+</head>
+<body>
+  <nav class="navbar" id="navbar">
+    <div class="container">
+      <a href="/" class="navbar-brand"><div class="brand-icon">⚡</div><span>WAB</span></a>
+      <ul class="navbar-links">
+        <li><a href="/">Home</a></li>
+        <li><a href="/integrations">Integrations</a></li>
+        <li><a href="/phone-shield" class="active">Phone Shield</a></li>
+        <li><a href="/sovereign">Sovereign</a></li>
+        <li><a href="/docs">Docs</a></li>
+      </ul>
+    </div>
+  </nav>
+  <section class="hero">
+    <div class="lang">
+      <button id="enBtn" class="active" onclick="setLang('en')">English</button>
+      <button id="arBtn" onclick="setLang('ar')">العربية</button>
+    </div>
+    <h1 data-en="Sovereign Phone Shield" data-ar="درع الهاتف السيادي">Sovereign Phone Shield</h1>
+    <p data-en="WAB now extends from browser protection into communication protection: behavioral IDS, local connection risk analysis, community threat intelligence, and personal vault cryptography. This page is fully connected to live endpoints under /api/sovereign/shield." data-ar="يمتد WAB الآن من حماية التصفح إلى حماية الاتصال: كشف سلوكي، تحليل مخاطر الاتصالات محلياً، استخبارات تهديدات مجتمعية، وتشفير الحصن الشخصي. هذه الصفحة متصلة فعلياً بنقاط النهاية الحية تحت /api/sovereign/shield.">WAB now extends from browser protection into communication protection: behavioral IDS, local connection risk analysis, community threat intelligence, and personal vault cryptography. This page is fully connected to live endpoints under /api/sovereign/shield.</p>
+  </section>
+  <section class="grid">
+    <div class="card">
+      <h3 data-en="Live Shield Telemetry" data-ar="قياسات الدرع الحية">Live Shield Telemetry</h3>
+      <p class="muted" data-en="Real-time global stats from the sovereign shield service." data-ar="إحصاءات عالمية لحظية من خدمة الدرع السيادي.">Real-time global stats from the sovereign shield service.</p>
+      <div class="stats" id="stats"></div>
+      <div class="box">
+        <button class="btn secondary" onclick="loadStats()" data-en="Refresh Stats" data-ar="تحديث الإحصاءات">Refresh Stats</button>
+        <button class="btn secondary" onclick="loadEvents()" data-en="Load Events" data-ar="تحميل الأحداث">Load Events</button>
+        <pre id="eventsOut">[]</pre>
+      </div>
+    </div>
+    <div class="card">
+      <h3 data-en="Connection Risk Analyzer" data-ar="محلل مخاطر الاتصال">Connection Risk Analyzer</h3>
+      <p class="muted" data-en="Simulate app traffic and run behavioral analysis to decide: allow, warn, or block." data-ar="حاكي حركة تطبيق وشغّل التحليل السلوكي لتحديد: السماح أو التحذير أو الحجب.">Simulate app traffic and run behavioral analysis to decide: allow, warn, or block.</p>
+      <div class="row">
+        <div><label>App</label><input id="aApp" value="whatsapp"></div>
+        <div><label>Destination</label><input id="aDst" value="cdn-whatsapp-secure.com"></div>
+      </div>
+      <div class="row">
+        <div><label>bytesOut</label><input id="aOut" value="6200000" type="number"></div>
+        <div><label>bytesIn</label><input id="aIn" value="120000" type="number"></div>
+      </div>
+      <div class="row">
+        <div><label>Background</label><select id="aBg"><option value="true">true</option><option value="false">false</option></select></div>
+        <div><label>Mic Access</label><select id="aMic"><option value="true">true</option><option value="false" selected>false</option></select></div>
+      </div>
+      <button class="btn" onclick="analyzeConnection()" data-en="Analyze Connection" data-ar="تحليل الاتصال">Analyze Connection</button>
+      <div id="analysisStatus" class="status"></div>
+      <pre id="analysisOut">{}</pre>
+    </div>
+    <div class="card">
+      <h3 data-en="Personal Cloud Vault (AES-256-GCM)" data-ar="الحصن السحابي الشخصي (AES-256-GCM)">Personal Cloud Vault (AES-256-GCM)</h3>
+      <p class="muted" data-en="Encrypt sensitive text locally via API cryptography endpoint, then decrypt with passphrase." data-ar="شفّر النصوص الحساسة محلياً عبر نقطة تشفير API ثم فكها بكلمة المرور.">Encrypt sensitive text locally via API cryptography endpoint, then decrypt with passphrase.</p>
+      <label data-en="Sensitive Data" data-ar="بيانات حساسة">Sensitive Data</label>
+      <textarea id="vaultPlain">Private notes, credentials, recovery phrase...</textarea>
+      <label data-en="Passphrase" data-ar="عبارة المرور">Passphrase</label>
+      <input id="vaultPass" value="StrongPassphrase-2026">
+      <div class="row">
+        <button class="btn" onclick="encryptVault()" data-en="Encrypt to Vault" data-ar="تشفير إلى الحصن">Encrypt to Vault</button>
+        <button class="btn secondary" onclick="decryptVault()" data-en="Decrypt" data-ar="فك التشفير">Decrypt</button>
+      </div>
+      <pre id="vaultOut">{}</pre>
+    </div>
+    <div class="card">
+      <h3 data-en="Community Threat Intelligence" data-ar="استخبارات التهديدات المجتمعية">Community Threat Intelligence</h3>
+      <p class="muted" data-en="Submit suspicious host fingerprints. After multiple independent reports, indicators are promoted automatically." data-ar="أرسل بصمات مضيفات مشبوهة. بعد تقارير مستقلة متعددة، تتم الترقية تلقائياً كمؤشر تهديد.">Submit suspicious host fingerprints. After multiple independent reports, indicators are promoted automatically.</p>
+      <div class="row">
+        <div><label>Host</label><input id="rHost" value="suspicious-c2-node.xyz"></div>
+        <div><label>Reporter Fingerprint</label><input id="rFinger" value="device-AR-001"></div>
+      </div>
+      <div class="row">
+        <div><label>Severity</label><select id="rSeverity"><option>critical</option><option selected>medium</option><option>low</option></select></div>
+        <div><label>Notes</label><input id="rNotes" value="background exfiltration pattern"></div>
+      </div>
+      <button class="btn" onclick="submitReport()" data-en="Submit Report" data-ar="إرسال التقرير">Submit Report</button>
+      <pre id="reportOut">{}</pre>
+    </div>
+    <div class="card">
+      <h3 data-en="Android/iOS Local Tunnel Integration" data-ar="دمج النفق المحلي لأندرويد و iOS">Android/iOS Local Tunnel Integration</h3>
+      <p class="muted" data-en="Use these production endpoints from your mobile VPN service / Network Extension: register device, heartbeat, then stream packet metadata in batches." data-ar="استخدم نقاط النهاية الإنتاجية التالية من خدمة VPN في الهاتف / Network Extension: سجّل الجهاز، أرسل heartbeat، ثم أرسل ميتاداتا الاتصالات على دفعات.">Use these production endpoints from your mobile VPN service / Network Extension: register device, heartbeat, then stream packet metadata in batches.</p>
+      <div class="box">
+        <pre>POST /api/sovereign/shield/devices/register
+{
+  "deviceFingerprint": "android-uuid-001",
+  "platform": "android",
+  "appVersion": "1.0.0",
+  "osVersion": "14",
+  "model": "Pixel 8"
+}
+POST /api/sovereign/shield/devices/heartbeat
+{
+  "deviceFingerprint": "android-uuid-001",
+  "platform": "android",
+  "batteryLevel": 77,
+  "networkType": "wifi"
+}
+POST /api/sovereign/shield/devices/telemetry
+{
+  "deviceFingerprint": "android-uuid-001",
+  "connections": [
+    {
+      "app": "whatsapp",
+      "destination": "example-host.com",
+      "bytesOut": 220000,
+      "bytesIn": 130000,
+      "background": true,
+      "micAccess": false,
+      "cameraAccess": false,
+      "contactsAccess": false
+    }
+  ]
+}</pre>
+      </div>
+      <div style="display:flex;gap:10px;flex-wrap:wrap;margin-top:10px;">
+        <a class="btn secondary" href="/api/sovereign/shield/devices?limit=20" target="_blank">Devices API</a>
+        <a class="btn secondary" href="/api/sovereign/shield/intel-feed" target="_blank">Intel Feed API</a>
+      </div>
+    </div>
+  </section>
+  <script>
+    const API = '/api/sovereign/shield';
+    let lastVaultPayload = null;
+    function setLang(lang){
+      const ar = lang === 'ar';
+      document.documentElement.lang = lang;
+      document.documentElement.dir = ar ? 'rtl' : 'ltr';
+      document.getElementById('enBtn').classList.toggle('active', !ar);
+      document.getElementById('arBtn').classList.toggle('active', ar);
+      document.querySelectorAll('[data-en]').forEach(el => el.innerHTML = el.getAttribute(ar ? 'data-ar' : 'data-en'));
+      localStorage.setItem('wab-phone-shield-lang', lang);
+    }
+    async function j(url, opts){
+      const r = await fetch(url, opts);
+      const t = await r.text();
+      try { return JSON.parse(t); } catch { return { raw: t, status: r.status }; }
+    }
+    async function loadStats(){
+      const s = await j(API + '/stats');
+      const statsEl = document.getElementById('stats');
+      const rows = [
+        ['Analyzed', s.analyzed || 0],
+        ['Blocked', s.blocked || 0],
+        ['Warned', s.warned || 0],
+        ['Indicators', s.indicators || 0],
+        ['Reports', s.communityReports || 0],
+        ['Intel Ver', s.intelVersion || 0]
+      ];
+      statsEl.innerHTML = rows.map(([k,v]) => `<div class="stat"><div class="k">${k}</div><div class="v">${v}</div></div>`).join('');
+    }
+    async function loadEvents(){
+      const e = await j(API + '/events?limit=20');
+      document.getElementById('eventsOut').textContent = JSON.stringify(e, null, 2);
+    }
+    async function analyzeConnection(){
+      const body = {
+        app: document.getElementById('aApp').value,
+        destination: document.getElementById('aDst').value,
+        bytesOut: Number(document.getElementById('aOut').value || 0),
+        bytesIn: Number(document.getElementById('aIn').value || 0),
+        background: document.getElementById('aBg').value === 'true',
+        micAccess: document.getElementById('aMic').value === 'true'
+      };
+      const out = await j(API + '/analyze-connection', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(body)
+      });
+      document.getElementById('analysisOut').textContent = JSON.stringify(out, null, 2);
+      const st = document.getElementById('analysisStatus');
+      st.className = 'status ' + (out.decision === 'block' ? 'danger' : out.decision === 'warn' ? 'warn' : 'ok');
+      st.textContent = out.decision ? ('Decision: ' + out.decision.toUpperCase() + ' | Risk: ' + out.riskScore) : 'No decision';
+      await loadStats();
+    }
+    async function encryptVault(){
+      const out = await j(API + '/vault/encrypt', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          plaintext: document.getElementById('vaultPlain').value,
+          passphrase: document.getElementById('vaultPass').value
+        })
+      });
+      if (out && out.payload) lastVaultPayload = out.payload;
+      document.getElementById('vaultOut').textContent = JSON.stringify(out, null, 2);
+      await loadStats();
+    }
+    async function decryptVault(){
+      if (!lastVaultPayload) return;
+      const out = await j(API + '/vault/decrypt', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ payload: lastVaultPayload, passphrase: document.getElementById('vaultPass').value })
+      });
+      document.getElementById('vaultOut').textContent = JSON.stringify(out, null, 2);
+      await loadStats();
+    }
+    async function submitReport(){
+      const out = await j(API + '/report', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          host: document.getElementById('rHost').value,
+          reporterFingerprint: document.getElementById('rFinger').value,
+          severity: document.getElementById('rSeverity').value,
+          notes: document.getElementById('rNotes').value
+        })
+      });
+      document.getElementById('reportOut').textContent = JSON.stringify(out, null, 2);
+      await loadStats();
+    }
+    (function boot(){
+      const lang = localStorage.getItem('wab-phone-shield-lang');
+      if (lang === 'ar') setLang('ar');
+      loadStats();
+      loadEvents();
+      setInterval(loadStats, 10000);
+    })();
+  </script>
+</body>
+</html>

package/public/plesk-integration.html ADDED Viewed

@@ -0,0 +1,375 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <title>WAB DNS — Plesk Integration</title>
+  <link rel="stylesheet" href="/css/main.css">
+  <style>
+    body { font-family: system-ui, sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 0; }
+    .page { max-width: 880px; margin: 0 auto; padding: 40px 20px 80px; }
+    h1 { font-size: 1.7rem; margin-bottom: 6px; }
+    .sub { color: #94a3b8; margin-bottom: 32px; font-size: .97rem; }
+    .card { background: #1e293b; border-radius: 10px; padding: 24px; margin-bottom: 24px; }
+    h2 { font-size: 1.1rem; margin: 0 0 14px; }
+    label { display: block; font-size: .85rem; color: #94a3b8; margin-bottom: 4px; margin-top: 14px; }
+    label:first-child { margin-top: 0; }
+    input[type=text], input[type=password], input[type=number] {
+      width: 100%; box-sizing: border-box; background: #0f172a; border: 1px solid #334155;
+      color: #e2e8f0; border-radius: 6px; padding: 9px 12px; font-size: .93rem;
+    }
+    input:focus { outline: 2px solid #6366f1; border-color: transparent; }
+    .row { display: flex; gap: 12px; }
+    .row > * { flex: 1; }
+    .actions { display: flex; gap: 10px; margin-top: 20px; flex-wrap: wrap; }
+    .btn { padding: 9px 20px; border-radius: 7px; border: none; cursor: pointer; font-size: .92rem; font-weight: 600; transition: opacity .15s; }
+    .btn:hover { opacity: .85; }
+    .btn:disabled { opacity: .45; cursor: not-allowed; }
+    .btn-enable    { background: #06b6d4; color: #000; }
+    .btn-disable   { background: #ef4444; color: #fff; }
+    .btn-verify    { background: #6366f1; color: #fff; }
+    .btn-secondary { background: #334155; color: #e2e8f0; }
+    #statusBar { margin-top: 18px; min-height: 36px; padding: 10px 14px; border-radius: 7px; background: #0f172a; font-size: .88rem; color: #94a3b8; display: none; }
+    #statusBar.ok   { display: block; color: #4ade80; border: 1px solid #166534; }
+    #statusBar.err  { display: block; color: #f87171; border: 1px solid #7f1d1d; }
+    #statusBar.info { display: block; color: #93c5fd; border: 1px solid #1e3a5f; }
+    pre { background: #0f172a; border-radius: 7px; padding: 14px 16px; font-size: .82rem; color: #94a3b8; overflow-x: auto; white-space: pre-wrap; word-break: break-word; margin: 14px 0 0; }
+    code { background: #0f172a; padding: 1px 5px; border-radius: 4px; font-size: .88em; }
+    .tab-bar { display: flex; gap: 4px; margin-bottom: 14px; }
+    .tab { padding: 5px 14px; border-radius: 6px; cursor: pointer; font-size: .84rem; background: #0f172a; color: #94a3b8; border: 1px solid #334155; }
+    .tab.active { background: #6366f1; color: #fff; border-color: transparent; }
+    .tab-panel { display: none; }
+    .tab-panel.active { display: block; }
+    .step { display: flex; gap: 14px; margin-bottom: 18px; }
+    .step-num { flex-shrink: 0; width: 28px; height: 28px; border-radius: 50%; background: #334155; color: #e2e8f0; font-size: .82rem; font-weight: 700; display: flex; align-items: center; justify-content: center; }
+    .step-body { flex: 1; padding-top: 3px; }
+    .warning-box { background: #431407; border: 1px solid #9a3412; border-radius: 8px; padding: 12px 16px; font-size: .87rem; color: #fdba74; margin-bottom: 18px; }
+    a { color: #818cf8; }
+  </style>
+</head>
+<body>
+<div class="page">
+  <h1>Plesk × WAB DNS Discovery</h1>
+  <p class="sub">
+    Enable or disable the WAB DNS Discovery TXT record on any Plesk-managed domain via the
+    <a href="https://docs.plesk.com/en-US/obsidian/api-rpc/" target="_blank" rel="noopener">Plesk REST API</a>.
+  </p>
+  <div class="warning-box">
+    ⚠ <strong>Security note:</strong> Plesk credentials and host details are used only client-side to call the Plesk REST API directly.
+    Always use a dedicated <strong>API Key</strong> (Server → Tools &amp; Settings → API Keys) instead of admin password.
+  </div>
+  <!-- ── STEP 1: credentials ── -->
+  <div class="card">
+    <h2>1. Plesk Server Credentials</h2>
+    <div class="row">
+      <div>
+        <label>Plesk Host (FQDN or IP)</label>
+        <input type="text" id="pkHost" placeholder="plesk.example.com">
+      </div>
+      <div>
+        <label>Port</label>
+        <input type="number" id="pkPort" value="8443" min="1" max="65535" style="max-width:120px">
+      </div>
+    </div>
+    <label>Authentication mode</label>
+    <div style="display:flex;gap:14px;margin-top:6px;font-size:.9rem;color:#cbd5e1">
+      <label style="margin:0"><input type="radio" name="pkAuthMode" value="apikey" checked> API Key (recommended)</label>
+      <label style="margin:0"><input type="radio" name="pkAuthMode" value="basic"> Username + Password</label>
+    </div>
+    <div id="pkApiKeyBlock">
+      <label>Plesk API Key</label>
+      <input type="password" id="pkApiKey" placeholder="Paste API key" autocomplete="off">
+    </div>
+    <div id="pkBasicBlock" style="display:none">
+      <div class="row">
+        <div>
+          <label>Username</label>
+          <input type="text" id="pkUser" placeholder="admin" autocomplete="off">
+        </div>
+        <div>
+          <label>Password</label>
+          <input type="password" id="pkPass" autocomplete="off">
+        </div>
+      </div>
+    </div>
+  </div>
+  <!-- ── STEP 2: domain ── -->
+  <div class="card">
+    <h2>2. Domain</h2>
+    <div class="row">
+      <div>
+        <label>Domain</label>
+        <input type="text" id="pkDomain" placeholder="example.com">
+      </div>
+      <div>
+        <label>Endpoint URL <span style="color:#64748b;font-weight:400">(blank = auto)</span></label>
+        <input type="text" id="pkEndpoint" placeholder="https://example.com/.well-known/wab.json">
+      </div>
+    </div>
+  </div>
+  <!-- ── STEP 3: actions ── -->
+  <div class="card">
+    <h2>3. Actions</h2>
+    <div class="actions">
+      <button class="btn btn-enable"    id="btnEnable"  onclick="pkAction('enable')">✓ Enable WAB Discovery</button>
+      <button class="btn btn-disable"   id="btnDisable" onclick="pkAction('disable')">✗ Disable WAB Discovery</button>
+      <button class="btn btn-verify"    id="btnVerify"  onclick="pkVerify()">⟳ Verify Status</button>
+      <button class="btn btn-secondary" onclick="window.open('/provider-sandbox','_blank')">Open Sandbox</button>
+    </div>
+    <div id="statusBar"></div>
+    <pre id="jsonOut" style="display:none"></pre>
+  </div>
+  <!-- ── HOW IT WORKS ── -->
+  <div class="card">
+    <h2>How it works</h2>
+    <div class="step"><div class="step-num">1</div><div class="step-body">Fetch WAB record template (<code>GET /api/discovery/provider/record-template</code>) for TXT value.</div></div>
+    <div class="step"><div class="step-num">2</div><div class="step-body">Resolve the Plesk site ID via <code>GET /api/v2/domains?name=…</code>.</div></div>
+    <div class="step"><div class="step-num">3</div><div class="step-body">Call <code>GET /api/v2/dns/records?domain=…</code> to look up existing <code>_wab</code> TXT records.</div></div>
+    <div class="step"><div class="step-num">4</div><div class="step-body"><strong>Enable:</strong> if missing, <code>POST /api/v2/dns/records</code>; if exists with different value, <code>DELETE</code> + <code>POST</code> (Plesk doesn't support TXT update in place).<br>
+    <strong>Disable:</strong> <code>DELETE /api/v2/dns/records/{id}</code>.</div></div>
+    <div class="step"><div class="step-num">5</div><div class="step-body">Confirm via <code>/api/discovery/provider/status</code>. Run <code>dns-on</code> for the domain if updates aren't propagating.</div></div>
+  </div>
+  <!-- ── CODE SNIPPETS ── -->
+  <div class="card">
+    <h2>Code Snippets</h2>
+    <div class="tab-bar">
+      <div class="tab active" onclick="switchTab('nodejs')">Node.js</div>
+      <div class="tab" onclick="switchTab('curl')">cURL</div>
+      <div class="tab" onclick="switchTab('python')">Python</div>
+    </div>
+    <div id="tab-nodejs" class="tab-panel active">
+<pre>// npm install node-fetch@2
+const fetch = require('node-fetch');
+const HOST   = 'plesk.example.com';
+const PORT   = 8443;
+const APIKEY = process.env.PLESK_API_KEY;
+const DOMAIN = 'example.com';
+const TXT_VAL = `v=wab1; endpoint=https://${DOMAIN}/.well-known/wab.json`;
+const headers = { 'X-API-Key': APIKEY, 'Content-Type': 'application/json' };
+const base    = `https://${HOST}:${PORT}/api/v2`;
+async function getDomainId() {
+  const r = await fetch(`${base}/domains?name=${DOMAIN}`, { headers });
+  const j = await r.json();
+  return j[0] && j[0].id;
+}
+async function listWabRecords() {
+  const r = await fetch(`${base}/dns/records?domain=${DOMAIN}&type=TXT`, { headers });
+  const j = await r.json();
+  return (j || []).filter(rec => rec.host === `_wab.${DOMAIN}.` || rec.host === `_wab.${DOMAIN}`);
+}
+async function enableWAB() {
+  const records = await listWabRecords();
+  if (records.length) {
+    // remove old, then add new (Plesk REST API doesn't allow in-place TXT edit)
+    await fetch(`${base}/dns/records/${records[0].id}`, { method: 'DELETE', headers });
+  }
+  await fetch(`${base}/dns/records`, {
+    method: 'POST', headers,
+    body: JSON.stringify({ domain: DOMAIN, type: 'TXT', host: `_wab.${DOMAIN}`, value: TXT_VAL })
+  });
+  console.log('WAB Discovery ENABLED');
+}
+async function disableWAB() {
+  const records = await listWabRecords();
+  if (!records.length) return console.log('Already disabled.');
+  await fetch(`${base}/dns/records/${records[0].id}`, { method: 'DELETE', headers });
+  console.log('WAB Discovery DISABLED');
+}
+enableWAB().catch(console.error);
+</pre>
+    </div>
+    <div id="tab-curl" class="tab-panel">
+<pre># Plesk API Key auth
+KEY="your-api-key"
+HOST="plesk.example.com:8443"
+DOMAIN="example.com"
+TXT='v=wab1; endpoint=https://example.com/.well-known/wab.json'
+# 1. List existing _wab TXT records
+curl -sk -H "X-API-Key: $KEY" "https://$HOST/api/v2/dns/records?domain=$DOMAIN&type=TXT"
+# 2. Add (enable)
+curl -sk -X POST -H "X-API-Key: $KEY" -H "Content-Type: application/json" \
+  "https://$HOST/api/v2/dns/records" \
+  -d "{\"domain\":\"$DOMAIN\",\"type\":\"TXT\",\"host\":\"_wab.$DOMAIN\",\"value\":\"$TXT\"}"
+# 3. Delete (disable) — replace REC_ID
+curl -sk -X DELETE -H "X-API-Key: $KEY" "https://$HOST/api/v2/dns/records/REC_ID"
+</pre>
+    </div>
+    <div id="tab-python" class="tab-panel">
+<pre>import os, requests
+HOST   = 'plesk.example.com'
+PORT   = 8443
+APIKEY = os.environ['PLESK_API_KEY']
+DOMAIN = 'example.com'
+TXT_VAL = f'v=wab1; endpoint=https://{DOMAIN}/.well-known/wab.json'
+HEADERS = {'X-API-Key': APIKEY, 'Content-Type': 'application/json'}
+BASE    = f'https://{HOST}:{PORT}/api/v2'
+def list_wab():
+    r = requests.get(f'{BASE}/dns/records', params={'domain': DOMAIN, 'type': 'TXT'}, headers=HEADERS, verify=False)
+    return [rec for rec in r.json() if rec['host'].rstrip('.') == f'_wab.{DOMAIN}']
+def enable_wab():
+    for rec in list_wab():
+        requests.delete(f'{BASE}/dns/records/{rec["id"]}', headers=HEADERS, verify=False)
+    requests.post(f'{BASE}/dns/records',
+        json={'domain': DOMAIN, 'type': 'TXT', 'host': f'_wab.{DOMAIN}', 'value': TXT_VAL},
+        headers=HEADERS, verify=False)
+    print('WAB ENABLED')
+def disable_wab():
+    recs = list_wab()
+    if not recs: return print('Already disabled')
+    requests.delete(f'{BASE}/dns/records/{recs[0]["id"]}', headers=HEADERS, verify=False)
+    print('WAB DISABLED')
+enable_wab()
+</pre>
+    </div>
+  </div>
+  <p style="text-align:center;margin-top:30px;font-size:.85rem;color:#475569">
+    <a href="/provider-onboarding">← Provider Onboarding</a> ·
+    <a href="/cloudflare-integration">Cloudflare</a> ·
+    <a href="/cpanel-integration">cPanel</a> ·
+    <a href="/route53-integration">Route 53</a> ·
+    <a href="/dns">DNS Discovery</a>
+  </p>
+</div>
+<script>
+function switchTab(name) {
+  document.querySelectorAll('.tab').forEach(t => t.classList.remove('active'));
+  document.querySelectorAll('.tab-panel').forEach(p => p.classList.remove('active'));
+  document.querySelector(`#tab-${name}`).classList.add('active');
+  event.target.classList.add('active');
+}
+document.querySelectorAll('input[name=pkAuthMode]').forEach(r =>
+  r.addEventListener('change', e => {
+    document.getElementById('pkApiKeyBlock').style.display = e.target.value === 'apikey' ? '' : 'none';
+    document.getElementById('pkBasicBlock').style.display  = e.target.value === 'basic'  ? '' : 'none';
+  })
+);
+function setStatus(msg, type) { const b = document.getElementById('statusBar'); b.textContent = msg; b.className = type; }
+function showJson(o) { const p = document.getElementById('jsonOut'); p.textContent = JSON.stringify(o, null, 2); p.style.display = 'block'; }
+function getInputs() {
+  const mode  = document.querySelector('input[name=pkAuthMode]:checked').value;
+  return {
+    host:   document.getElementById('pkHost').value.trim().replace(/^https?:\/\//, '').replace(/\/$/, ''),
+    port:   document.getElementById('pkPort').value.trim() || '8443',
+    mode,
+    apikey: document.getElementById('pkApiKey').value.trim(),
+    user:   document.getElementById('pkUser').value.trim(),
+    pass:   document.getElementById('pkPass').value.trim(),
+    domain: document.getElementById('pkDomain').value.trim().toLowerCase().replace(/^https?:\/\//, '').replace(/\/$/, ''),
+    ep:     document.getElementById('pkEndpoint').value.trim(),
+  };
+}
+function pkHeaders(inp) {
+  const h = { 'Content-Type': 'application/json' };
+  if (inp.mode === 'apikey') h['X-API-Key'] = inp.apikey;
+  else h['Authorization'] = 'Basic ' + btoa(`${inp.user}:${inp.pass}`);
+  return h;
+}
+async function pkRequest(inp, method, path, body) {
+  const url = `https://${inp.host}:${inp.port}/api/v2${path}`;
+  const opts = { method, headers: pkHeaders(inp), mode: 'cors' };
+  if (body) opts.body = JSON.stringify(body);
+  const r = await fetch(url, opts);
+  const t = await r.text();
+  if (!r.ok) throw new Error(`Plesk ${r.status}: ${t.slice(0, 300)}`);
+  try { return JSON.parse(t); } catch { return t; }
+}
+async function pkAction(action) {
+  const inp = getInputs();
+  if (!inp.host)   return setStatus('Please enter Plesk host.', 'err');
+  if (!inp.domain) return setStatus('Please enter the domain.', 'err');
+  if (inp.mode === 'apikey' && !inp.apikey) return setStatus('Please enter Plesk API Key.', 'err');
+  if (inp.mode === 'basic' && (!inp.user || !inp.pass)) return setStatus('Please enter username and password.', 'err');
+  document.getElementById('btnEnable').disabled  = true;
+  document.getElementById('btnDisable').disabled = true;
+  try {
+    const ep = inp.ep || `https://${inp.domain}/.well-known/wab.json`;
+    setStatus('Fetching WAB record template…', 'info');
+    const tpl = await (await fetch(`/api/discovery/provider/record-template?domain=${encodeURIComponent(inp.domain)}&endpoint=${encodeURIComponent(ep)}`)).json();
+    const txtVal = tpl.record && tpl.record.value;
+    if (!txtVal) throw new Error('Could not fetch WAB record template.');
+    setStatus('Listing existing _wab TXT records…', 'info');
+    const all = await pkRequest(inp, 'GET', `/dns/records?domain=${encodeURIComponent(inp.domain)}&type=TXT`);
+    const existing = (all || []).filter(rec => {
+      const h = (rec.host || '').replace(/\.$/, '');
+      return h === `_wab.${inp.domain}` || h === '_wab';
+    });
+    if (action === 'enable') {
+      // Plesk doesn't support in-place TXT edit; delete then create
+      for (const rec of existing) {
+        setStatus(`Deleting old record id=${rec.id}…`, 'info');
+        await pkRequest(inp, 'DELETE', `/dns/records/${rec.id}`);
+      }
+      setStatus('Creating new _wab TXT record…', 'info');
+      const out = await pkRequest(inp, 'POST', '/dns/records', {
+        domain: inp.domain, type: 'TXT', host: `_wab.${inp.domain}`, value: txtVal
+      });
+      setStatus(`✓ _wab TXT record created for ${inp.domain}. WAB Discovery is ENABLED.`, 'ok');
+      showJson(out);
+    } else {
+      if (!existing.length) {
+        setStatus(`No _wab TXT record found for ${inp.domain} — already disabled.`, 'ok');
+        showJson({ note: 'no record found', domain: inp.domain });
+        return;
+      }
+      for (const rec of existing) {
+        setStatus(`Deleting record id=${rec.id}…`, 'info');
+        await pkRequest(inp, 'DELETE', `/dns/records/${rec.id}`);
+      }
+      setStatus(`✓ _wab TXT record deleted for ${inp.domain}. WAB Discovery is DISABLED.`, 'ok');
+      showJson({ deleted: existing.map(r => r.id), domain: inp.domain });
+    }
+  } catch (err) {
+    setStatus(`Error: ${err.message}`, 'err');
+  } finally {
+    document.getElementById('btnEnable').disabled  = false;
+    document.getElementById('btnDisable').disabled = false;
+  }
+}
+async function pkVerify() {
+  const { domain } = getInputs();
+  if (!domain) return setStatus('Please enter a domain.', 'err');
+  setStatus('Checking WAB status…', 'info');
+  try {
+    const j = await (await fetch(`/api/discovery/provider/status?domain=${encodeURIComponent(domain)}`)).json();
+    if (j.status === 'enabled')      setStatus(`✓ ${domain} — ENABLED.`, 'ok');
+    else if (j.status === 'partial') setStatus(`⚠ ${domain} — partial (DNS ok, endpoint issue).`, 'info');
+    else setStatus(`✗ ${domain} — DISABLED.`, 'err');
+    showJson(j);
+  } catch (err) { setStatus(`Verify error: ${err.message}`, 'err'); }
+}
+</script>
+</body>
+</html>