npm - web-agent-bridge - Versions diffs - 3.2.0 → 3.4.0 - Mend

web-agent-bridge 3.2.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (256) hide show

package/LICENSE +84 -72
package/README.ar.md +1304 -1152
package/README.md +298 -1635
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -138
package/bin/wab-init.js +223 -0
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -0
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -0
package/examples/cpanel-wab-dns.js +114 -0
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -0
package/examples/gcp-dns-wab.js +76 -0
package/examples/governance-agent.js +169 -0
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -0
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -0
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -0
package/examples/wab-verify.js +60 -0
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +19 -6
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -0
package/public/.well-known/wab.json +28 -0
package/public/activate.html +368 -0
package/public/adoption-metrics.html +188 -0
package/public/agent-workspace.html +349 -349
package/public/ai.html +198 -198
package/public/api.html +413 -412
package/public/azure-dns-integration.html +289 -0
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -0
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -0
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1263 -1235
package/public/dashboard.html +707 -706
package/public/dns.html +436 -0
package/public/docs.html +588 -587
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -0
package/public/growth.html +465 -463
package/public/index.html +1266 -982
package/public/integrations.html +556 -0
package/public/js/activate.js +145 -0
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +65 -31
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -0
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/openapi.json +669 -580
package/public/phone-shield.html +281 -0
package/public/plesk-integration.html +375 -0
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -0
package/public/provider-sandbox.html +134 -0
package/public/providers.html +359 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -0
package/public/robots.txt +99 -87
package/public/route53-integration.html +531 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -0
package/public/shieldqr.html +231 -0
package/public/sitemap.xml +6 -0
package/public/terms.html +256 -256
package/public/wab-trust.html +200 -0
package/public/wab-vs-protocols.html +210 -0
package/public/whitepaper.html +449 -0
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/auto-discovery.js +288 -0
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -0
package/sdk/index.d.ts +464 -464
package/sdk/index.js +25 -1
package/sdk/multi-agent.js +318 -318
package/sdk/package.json +2 -2
package/sdk/safe-mode.js +221 -0
package/sdk/safety-shield.js +219 -0
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +367 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +670 -427
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/007_governance.sql +106 -0
package/server/migrations/008_plans.sql +144 -0
package/server/migrations/009_shieldqr.sql +30 -0
package/server/migrations/010_extended_trust.sql +33 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -681
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/admin-plans.js +76 -0
package/server/routes/admin-premium.js +673 -671
package/server/routes/admin-shieldqr.js +90 -0
package/server/routes/admin-trust-monitor.js +83 -0
package/server/routes/admin.js +549 -261
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -45
package/server/routes/commander.js +316 -316
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -0
package/server/routes/discovery.js +2348 -417
package/server/routes/gateway.js +173 -157
package/server/routes/governance.js +208 -0
package/server/routes/license.js +251 -240
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/plans.js +33 -0
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -0
package/server/routes/runtime.js +2148 -2147
package/server/routes/shieldqr.js +88 -0
package/server/routes/sovereign.js +465 -385
package/server/routes/universal.js +200 -185
package/server/routes/wab-api.js +850 -501
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/security/cross-site-redactor.js +196 -0
package/server/security/dry-run.js +180 -0
package/server/security/human-gate-rate-limit.js +147 -0
package/server/security/human-gate-transports.js +178 -0
package/server/security/human-gate.js +281 -0
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -0
package/server/security/reward-guard.js +171 -0
package/server/security/rollback-store.js +239 -0
package/server/security/token-scope.js +404 -0
package/server/security/url-policy.js +139 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -575
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -539
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -261
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -204
package/server/services/governance.js +466 -0
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/plans.js +214 -0
package/server/services/plugins.js +771 -771
package/server/services/premium.js +1 -1
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -0
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldqr.js +322 -0
package/server/services/sovereign-shield.js +542 -0
package/server/services/ssl-inspector.js +42 -0
package/server/services/ssl-monitor.js +167 -0
package/server/services/stripe.js +205 -192
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +662 -661
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -0
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -0
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/public/score.html +0 -263
package/server/migrations/006_growth_suite.sql +0 -138
package/server/routes/growth.js +0 -962
package/server/services/fairness-engine.js +0 -409
package/server/services/fairness.js +0 -420

package/server/migrations/007_governance.sql ADDED Viewed

@@ -0,0 +1,106 @@
+-- ═══════════════════════════════════════════════════════════════════
+-- WAB Agent Governance Layer
+-- Permission Boundaries · Approval Gates · Tamper-Evident Audit Log
+-- Kill Switch · Spend Limits
+-- ═══════════════════════════════════════════════════════════════════
+-- Agents registered for governance (one row per agent identity).
+CREATE TABLE IF NOT EXISTS gov_agents (
+  agent_id      TEXT PRIMARY KEY,
+  owner_id      TEXT,                       -- user_id of owner (nullable for unauthed)
+  display_name  TEXT,
+  token_hash    TEXT NOT NULL,              -- sha256(agent_token); used to authenticate the agent
+  status        TEXT NOT NULL DEFAULT 'alive' CHECK(status IN ('alive','killed','suspended')),
+  killed_at     TEXT,
+  killed_reason TEXT,
+  metadata      TEXT,                       -- JSON
+  created_at    TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at    TEXT NOT NULL DEFAULT (datetime('now'))
+);
+-- Permission policies. One row = one rule. Evaluated allow-list style.
+CREATE TABLE IF NOT EXISTS gov_policies (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  agent_id      TEXT NOT NULL,
+  resource      TEXT NOT NULL,              -- e.g. "stripe", "gmail", "clickup", "domain:example.com"
+  action        TEXT NOT NULL,              -- "read" | "write" | "execute" | "*"
+  scope         TEXT,                       -- optional: e.g. "refunds", "inbox", "tasks/123"
+  max_amount    REAL,                       -- monetary cap per single action
+  currency      TEXT DEFAULT 'USD',
+  daily_cap     REAL,                       -- monetary cap per 24h rolling
+  per_call_rate INTEGER,                    -- max calls per minute
+  requires_approval INTEGER NOT NULL DEFAULT 0,  -- 1 = always send to human gate
+  effect        TEXT NOT NULL DEFAULT 'allow' CHECK(effect IN ('allow','deny')),
+  expires_at    TEXT,
+  created_at    TEXT NOT NULL DEFAULT (datetime('now')),
+  FOREIGN KEY (agent_id) REFERENCES gov_agents(agent_id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_gov_policies_agent ON gov_policies(agent_id);
+CREATE INDEX IF NOT EXISTS idx_gov_policies_lookup ON gov_policies(agent_id, resource, action);
+-- Append-only audit log with HMAC hash chain (tamper-evident).
+-- prev_hash → hash chain links every entry; breaking the chain detects tampering.
+CREATE TABLE IF NOT EXISTS gov_audit (
+  id           INTEGER PRIMARY KEY AUTOINCREMENT,
+  agent_id     TEXT NOT NULL,
+  ts           TEXT NOT NULL DEFAULT (datetime('now')),
+  event_type   TEXT NOT NULL,               -- 'check' | 'execute' | 'deny' | 'approval_request' | 'approval_decision' | 'kill' | 'policy_change' | 'note'
+  resource     TEXT,
+  action       TEXT,
+  scope        TEXT,
+  amount       REAL,
+  currency     TEXT,
+  decision     TEXT,                        -- 'allow' | 'deny' | 'pending' | 'approved' | 'rejected'
+  reason       TEXT,
+  params_json  TEXT,                        -- redacted parameter snapshot
+  result_json  TEXT,
+  prev_hash    TEXT,                        -- prior entry's hash
+  hash         TEXT NOT NULL,               -- HMAC(secret, prev_hash || row_payload)
+  FOREIGN KEY (agent_id) REFERENCES gov_agents(agent_id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_gov_audit_agent_ts ON gov_audit(agent_id, ts);
+CREATE INDEX IF NOT EXISTS idx_gov_audit_event ON gov_audit(agent_id, event_type);
+-- Approval requests. Async — agent requests, human resolves later.
+CREATE TABLE IF NOT EXISTS gov_approvals (
+  request_id    TEXT PRIMARY KEY,
+  agent_id      TEXT NOT NULL,
+  resource      TEXT NOT NULL,
+  action        TEXT NOT NULL,
+  scope         TEXT,
+  amount        REAL,
+  currency      TEXT,
+  params_json   TEXT,
+  reason        TEXT,                       -- why approval is required
+  status        TEXT NOT NULL DEFAULT 'pending' CHECK(status IN ('pending','approved','rejected','expired','cancelled')),
+  decided_by    TEXT,                       -- user_id of approver
+  decided_at    TEXT,
+  decided_note  TEXT,
+  expires_at    TEXT,                       -- auto-expire pending requests
+  created_at    TEXT NOT NULL DEFAULT (datetime('now')),
+  FOREIGN KEY (agent_id) REFERENCES gov_agents(agent_id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_gov_approvals_pending ON gov_approvals(agent_id, status);
+-- Spend tracker (per agent, per resource, sliding window).
+-- Rebuilt rolling-style; we just append on every monetary action.
+CREATE TABLE IF NOT EXISTS gov_spend (
+  id           INTEGER PRIMARY KEY AUTOINCREMENT,
+  agent_id     TEXT NOT NULL,
+  resource     TEXT NOT NULL,
+  amount       REAL NOT NULL,
+  currency     TEXT NOT NULL DEFAULT 'USD',
+  ts           TEXT NOT NULL DEFAULT (datetime('now')),
+  ref          TEXT,                        -- audit_id or external ref
+  FOREIGN KEY (agent_id) REFERENCES gov_agents(agent_id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_gov_spend_window ON gov_spend(agent_id, resource, ts);
+-- Rate-limit token buckets (lightweight; we keep counters).
+CREATE TABLE IF NOT EXISTS gov_rate (
+  agent_id     TEXT NOT NULL,
+  resource     TEXT NOT NULL,
+  window_start TEXT NOT NULL,               -- ISO timestamp (minute-resolution)
+  count        INTEGER NOT NULL DEFAULT 0,
+  PRIMARY KEY (agent_id, resource, window_start)
+);

package/server/migrations/008_plans.sql ADDED Viewed

@@ -0,0 +1,144 @@
+-- Migration 008: Plans Management
+-- Database-driven plans + feature catalog so admins can add/edit plans,
+-- toggle which features each plan includes, and have changes flow live to
+-- the landing page pricing section AND the Stripe checkout flow.
+--
+-- Backwards-compatible: legacy code paths that look up tiers by slug
+-- ('free' | 'starter' | 'pro' | 'enterprise') keep working — those slugs
+-- are seeded as plan ids below.
+--
+-- An older `plans` table (different schema: tier/price/etc.) may exist from
+-- a previous admin dashboard iteration. Its rows are pure default seeds with
+-- no FK references, so we drop it and recreate with the new schema.
+DROP TABLE IF EXISTS plans;
+CREATE TABLE plans (
+  id              TEXT PRIMARY KEY,            -- slug, lowercase, e.g. 'free' / 'pro' / 'business' / 'enterprise'
+  name            TEXT NOT NULL,
+  tagline         TEXT,
+  description     TEXT,
+  price_cents     INTEGER NOT NULL DEFAULT 0,
+  currency        TEXT NOT NULL DEFAULT 'EUR',
+  billing_period  TEXT NOT NULL DEFAULT 'month'
+                  CHECK(billing_period IN ('month','year','one_time','custom')),
+  stripe_price_id TEXT,
+  cta_type        TEXT NOT NULL DEFAULT 'checkout'
+                  CHECK(cta_type IN ('checkout','register','contact','external')),
+  cta_label       TEXT,
+  cta_url         TEXT,
+  highlight       INTEGER NOT NULL DEFAULT 0,
+  is_public       INTEGER NOT NULL DEFAULT 1,
+  is_archived     INTEGER NOT NULL DEFAULT 0,
+  sort_order      INTEGER NOT NULL DEFAULT 100,
+  features_json   TEXT NOT NULL DEFAULT '{}',
+  limits_json     TEXT NOT NULL DEFAULT '{}',
+  created_at      DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updated_at      DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_plans_public_archived ON plans(is_public, is_archived, sort_order);
+CREATE TABLE IF NOT EXISTS feature_catalog (
+  feature_key     TEXT PRIMARY KEY,
+  label           TEXT NOT NULL,
+  description     TEXT,
+  category        TEXT NOT NULL DEFAULT 'general',
+  is_open_source  INTEGER NOT NULL DEFAULT 0,
+  sort_order      INTEGER NOT NULL DEFAULT 100,
+  created_at      DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+-- Feature catalog (open-source / always-free first, then paid features)
+INSERT OR IGNORE INTO feature_catalog (feature_key, label, description, category, is_open_source, sort_order) VALUES
+  -- Always-free / open core
+  ('protocol',              'WAP Protocol Core',           'Open Web Agent Protocol — schema, discovery, permissions',  'core',          1, 10),
+  ('sdk',                   'SDK & Client Runtime',        'JavaScript SDK and client integrations',                    'core',          1, 20),
+  ('browserExecution',      'Browser Execution Layer',     'Basic browser automation primitives',                       'core',          1, 30),
+  ('adapters',              'MCP / REST / Browser Adapters','Adapters for MCP, REST APIs, and browser back-ends',       'core',          1, 40),
+  ('registryRead',          'Public Registry (read-only)', 'Browse commands, sites and templates',                      'core',          1, 50),
+  ('agentRegistration',     'Agent Registration',          'Register agents and obtain credentials',                    'core',          1, 60),
+  ('basicAuth',             'Basic Authentication',        'API keys and basic auth flows',                             'core',          1, 70),
+  ('discovery',             'DNS / .well-known Discovery', 'Service discovery via DNS TXT and /.well-known/',           'core',          1, 80),
+  ('capabilityNegotiation', 'Capability Negotiation',      'Capability handshake between agent and site',               'core',          1, 90),
+  ('semanticActions',       'Semantic Actions',            'Built-in semantic actions catalog',                         'core',          1,100),
+  ('communityTemplates',    'Community Templates',         'Public template library',                                   'core',          1,110),
+  -- Workspace / orchestration
+  ('workspace',             'Control Plane / Workspace',   'Web dashboard, monitoring and agent management',            'workspace',     0,200),
+  ('advancedOrchestration', 'Advanced Orchestration',      'Scheduling, retries, pipelines, distributed execution',     'workspace',     0,210),
+  ('observability',         'Observability',               'Tracing, metrics, logs and performance insights',           'workspace',     0,220),
+  ('failureAnalysis',       'Failure Analysis',            'Debugging tools and root-cause reports',                    'workspace',     0,230),
+  ('replayEngine',          'Replay Engine',               'Record and replay agent runs',                              'workspace',     0,240),
+  ('advancedAnalytics',     'Advanced Analytics',          'Detailed analytics dashboards and exports',                 'workspace',     0,250),
+  ('dataExtraction',        'Data Extraction',             'Structured data extraction and export',                     'workspace',     0,260),
+  ('agentMemory',           'Agent Memory Engine',         'Persistent context and long-term memory for agents',        'workspace',     0,270),
+  ('llmInference',          'LLM Inference',               'Built-in LLM inference via the platform',                   'workspace',     0,280),
+  -- Premium / business
+  ('hostedRuntime',         'Hosted Runtime (Cloud Exec)', 'Auto-scaling hosted execution environment',                 'premium',       0,300),
+  ('marketplace',           'Marketplace (Publish & Sell)','Publish agents and templates on the marketplace',           'premium',       0,310),
+  ('certification',         'Agent Certification',         'Verified agent identity badge',                             'premium',       0,320),
+  ('trafficIntelligence',   'Traffic Intelligence',        'Agent profiling, anomaly detection and reporting',          'premium',       0,330),
+  ('exploitShield',         'Exploit Shield',              'Block malicious agents at the edge',                        'premium',       0,340),
+  ('visionAnalysis',        'Vision Analysis',             'Visual page inspection (computer-vision pipeline)',         'premium',       0,350),
+  ('swarmExecution',        'Swarm / Multi-Agent',         'Coordinated multi-agent (swarm) execution',                 'premium',       0,360),
+  ('auditLog',              'Audit Logs',                  'Tamper-evident HMAC-chained audit history',                 'premium',       0,370),
+  ('customDomain',          'Custom Domain / White-label', 'Serve the workspace on your own domain',                    'premium',       0,380),
+  ('governanceLayer',       'Agent Governance Layer',      'Policies, approvals, kill switch and spend limits',         'premium',       0,390),
+  -- Enterprise
+  ('enterpriseSecurity',    'Enterprise Security',         'Request signing, IP allowlists, SSO/SAML',                  'enterprise',    0,400),
+  ('prioritySupport',       'Priority Support',            'Dedicated SLA-backed support channel',                      'enterprise',    0,410),
+  ('sla',                   'Uptime SLA',                  'Contractual uptime SLA',                                    'enterprise',    0,420),
+  ('customDevelopment',     'Custom Development',          'Bespoke engineering and integrations',                      'enterprise',    0,430),
+  ('dedicatedInfra',        'Dedicated Infrastructure',    'Isolated single-tenant deployment',                         'enterprise',    0,440);
+-- Seed the four canonical plans (admin can edit/add later).
+-- features_json keys MUST match feature_catalog.feature_key.
+INSERT OR IGNORE INTO plans
+  (id, name, tagline, description, price_cents, currency, billing_period, cta_type, cta_label, cta_url, highlight, sort_order, features_json, limits_json)
+VALUES
+  ('free',
+   'Free',
+   'Open-source core, forever free',
+   'WAP protocol, SDK, discovery and the entire open-source surface — for developers and integrators.',
+   0, 'EUR', 'month',
+   'register', 'Get started for free', '/register',
+   0, 10,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true}',
+   '{"agents":3,"tasksPerDay":50,"executionsPerDay":100,"sessions":5,"maxConcurrency":2,"replayRecordings":10,"computeMinutesPerDay":10,"storageMB":50,"webhooks":1,"customAgents":1,"apiCallsPerMinute":20}'
+  ),
+  ('pro',
+   'Pro',
+   'For developers shipping production agents',
+   'Everything in Free plus the workspace, observability, replay engine, advanced orchestration and analytics.',
+   1000, 'EUR', 'month',
+   'checkout', 'Start Pro', NULL,
+   1, 20,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true,"workspace":true,"advancedOrchestration":true,"observability":true,"failureAnalysis":true,"replayEngine":true,"advancedAnalytics":true,"dataExtraction":true,"agentMemory":true,"llmInference":true}',
+   '{"agents":25,"tasksPerDay":2000,"executionsPerDay":5000,"sessions":50,"maxConcurrency":10,"replayRecordings":500,"computeMinutesPerDay":180,"storageMB":2000,"webhooks":10,"customAgents":10,"apiCallsPerMinute":120}'
+  ),
+  ('business',
+   'Business',
+   'All paid features, ready for scale',
+   'Everything in Pro plus hosted runtime, marketplace, vision, swarm, traffic intelligence, exploit shield, audit logs, custom domain and governance.',
+   2900, 'EUR', 'month',
+   'checkout', 'Start Business', NULL,
+   0, 30,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true,"workspace":true,"advancedOrchestration":true,"observability":true,"failureAnalysis":true,"replayEngine":true,"advancedAnalytics":true,"dataExtraction":true,"agentMemory":true,"llmInference":true,"hostedRuntime":true,"marketplace":true,"certification":true,"trafficIntelligence":true,"exploitShield":true,"visionAnalysis":true,"swarmExecution":true,"auditLog":true,"customDomain":true,"governanceLayer":true}',
+   '{"agents":100,"tasksPerDay":20000,"executionsPerDay":50000,"sessions":250,"maxConcurrency":40,"replayRecordings":5000,"computeMinutesPerDay":600,"storageMB":10000,"webhooks":50,"customAgents":50,"apiCallsPerMinute":300}'
+  ),
+  ('enterprise',
+   'Enterprise',
+   'Custom-built for organisations',
+   'Everything in Business plus enterprise security, dedicated infrastructure, custom development, priority support and a contractual uptime SLA. Pricing is tailored to your scope.',
+   0, 'EUR', 'custom',
+   'contact', 'Contact sales', 'mailto:sales@webagentbridge.com',
+   0, 40,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true,"workspace":true,"advancedOrchestration":true,"observability":true,"failureAnalysis":true,"replayEngine":true,"advancedAnalytics":true,"dataExtraction":true,"agentMemory":true,"llmInference":true,"hostedRuntime":true,"marketplace":true,"certification":true,"trafficIntelligence":true,"exploitShield":true,"visionAnalysis":true,"swarmExecution":true,"auditLog":true,"customDomain":true,"governanceLayer":true,"enterpriseSecurity":true,"prioritySupport":true,"sla":true,"customDevelopment":true,"dedicatedInfra":true}',
+   '{"agents":-1,"tasksPerDay":-1,"executionsPerDay":-1,"sessions":-1,"maxConcurrency":-1,"replayRecordings":-1,"computeMinutesPerDay":-1,"storageMB":-1,"webhooks":-1,"customAgents":-1,"apiCallsPerMinute":-1}'
+  );

package/server/migrations/009_shieldqr.sql ADDED Viewed

@@ -0,0 +1,30 @@
+-- Migration 009: WAB ShieldQR scan history + reports
+CREATE TABLE IF NOT EXISTS shieldqr_scans (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  url           TEXT NOT NULL,
+  host          TEXT,
+  level         TEXT NOT NULL CHECK(level IN ('green','yellow','red')),
+  score         INTEGER NOT NULL DEFAULT 0,
+  signals_json  TEXT NOT NULL DEFAULT '[]',
+  trust_ok      INTEGER NOT NULL DEFAULT 0,
+  ssl_ok        INTEGER NOT NULL DEFAULT 0,
+  user_id       TEXT,
+  ip            TEXT,
+  user_agent    TEXT,
+  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_shieldqr_scans_host_created ON shieldqr_scans(host, created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_shieldqr_scans_level_created ON shieldqr_scans(level, created_at DESC);
+CREATE TABLE IF NOT EXISTS shieldqr_reports (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  scan_id       INTEGER REFERENCES shieldqr_scans(id) ON DELETE SET NULL,
+  url           TEXT NOT NULL,
+  reason        TEXT,
+  reporter_id   TEXT,
+  reporter_ip   TEXT,
+  status        TEXT NOT NULL DEFAULT 'open' CHECK(status IN ('open','reviewing','resolved','rejected')),
+  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP,
+  resolved_at   DATETIME
+);
+CREATE INDEX IF NOT EXISTS idx_shieldqr_reports_status ON shieldqr_reports(status, created_at DESC);

package/server/migrations/010_extended_trust.sql ADDED Viewed

@@ -0,0 +1,33 @@
+-- Migration 010: WAB Extended Trust — Certificate Companion & SSL Health Monitoring
+-- Per-domain SSL certificate history (Certificate Transparency log) +
+-- live SSL monitoring state for the trust dashboard.
+CREATE TABLE IF NOT EXISTS cert_history (
+  id                INTEGER PRIMARY KEY AUTOINCREMENT,
+  host              TEXT NOT NULL,
+  fingerprint_sha256 TEXT NOT NULL,
+  issuer            TEXT,
+  subject           TEXT,
+  serial            TEXT,
+  valid_from        TEXT,
+  valid_to          TEXT,
+  observed_at       DATETIME DEFAULT CURRENT_TIMESTAMP,
+  source            TEXT DEFAULT 'monitor'  -- 'monitor' | 'shieldqr' | 'sign'
+);
+CREATE INDEX IF NOT EXISTS idx_cert_history_host_observed ON cert_history(host, observed_at DESC);
+CREATE UNIQUE INDEX IF NOT EXISTS idx_cert_history_host_fp ON cert_history(host, fingerprint_sha256);
+CREATE TABLE IF NOT EXISTS ssl_monitor (
+  host              TEXT PRIMARY KEY,
+  fingerprint_sha256 TEXT,
+  issuer            TEXT,
+  valid_to          TEXT,
+  days_until_expiry INTEGER,
+  status            TEXT,                  -- 'active' | 'expiring' | 'expired' | 'error'
+  error             TEXT,
+  last_checked_at   DATETIME,
+  last_alert_at     DATETIME,
+  enabled           INTEGER NOT NULL DEFAULT 1,
+  owner_user_id     TEXT
+);
+CREATE INDEX IF NOT EXISTS idx_ssl_monitor_status ON ssl_monitor(status, valid_to);

package/server/models/adapters/index.js CHANGED Viewed

@@ -1,33 +1,33 @@
-/**
- * Database Adapter Interface
- *
- * WAB supports multiple database backends via adapters.
- * Set DB_ADAPTER environment variable to choose: sqlite (default), postgresql, mysql
- *
- * For PostgreSQL:
- *   npm install pg
- *   DB_ADAPTER=postgresql DATABASE_URL=postgres://user:pass@host:5432/wab
- *
- * For MySQL:
- *   npm install mysql2
- *   DB_ADAPTER=mysql DATABASE_URL=mysql://user:pass@host:3306/wab
- */
-const adapter = process.env.DB_ADAPTER || 'sqlite';
-let db;
-switch (adapter) {
-  case 'postgresql':
-  case 'postgres':
-    db = require('./postgresql');
-    break;
-  case 'mysql':
-    db = require('./mysql');
-    break;
-  case 'sqlite':
-  default:
-    db = require('./sqlite');
-    break;
-}
-module.exports = db;
+/**
+ * Database Adapter Interface
+ *
+ * WAB supports multiple database backends via adapters.
+ * Set DB_ADAPTER environment variable to choose: sqlite (default), postgresql, mysql
+ *
+ * For PostgreSQL:
+ *   npm install pg
+ *   DB_ADAPTER=postgresql DATABASE_URL=postgres://user:pass@host:5432/wab
+ *
+ * For MySQL:
+ *   npm install mysql2
+ *   DB_ADAPTER=mysql DATABASE_URL=mysql://user:pass@host:3306/wab
+ */
+const adapter = process.env.DB_ADAPTER || 'sqlite';
+let db;
+switch (adapter) {
+  case 'postgresql':
+  case 'postgres':
+    db = require('./postgresql');
+    break;
+  case 'mysql':
+    db = require('./mysql');
+    break;
+  case 'sqlite':
+  default:
+    db = require('./sqlite');
+    break;
+}
+module.exports = db;