web-agent-bridge 3.2.0 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +84 -72
- package/README.ar.md +1304 -1152
- package/README.md +298 -1635
- package/bin/agent-runner.js +474 -474
- package/bin/cli.js +237 -138
- package/bin/wab-init.js +223 -0
- package/bin/wab.js +80 -80
- package/examples/azure-dns-wab.js +83 -0
- package/examples/bidi-agent.js +119 -119
- package/examples/cloudflare-wab-dns.js +121 -0
- package/examples/cpanel-wab-dns.js +114 -0
- package/examples/cross-site-agent.js +91 -91
- package/examples/dns-discovery-agent.js +166 -0
- package/examples/gcp-dns-wab.js +76 -0
- package/examples/governance-agent.js +169 -0
- package/examples/mcp-agent.js +94 -94
- package/examples/next-app-router/README.md +44 -44
- package/examples/plesk-wab-dns.js +103 -0
- package/examples/puppeteer-agent.js +108 -108
- package/examples/route53-wab-dns.js +144 -0
- package/examples/saas-dashboard/README.md +55 -55
- package/examples/safe-mode-agent.js +96 -0
- package/examples/shopify-hydrogen/README.md +74 -74
- package/examples/vision-agent.js +171 -171
- package/examples/wab-sign.js +74 -0
- package/examples/wab-verify.js +60 -0
- package/examples/wordpress-elementor/README.md +77 -77
- package/package.json +19 -6
- package/public/.well-known/agent-tools.json +180 -180
- package/public/.well-known/ai-assets.json +59 -59
- package/public/.well-known/security.txt +8 -0
- package/public/.well-known/wab.json +28 -0
- package/public/activate.html +368 -0
- package/public/adoption-metrics.html +188 -0
- package/public/agent-workspace.html +349 -349
- package/public/ai.html +198 -198
- package/public/api.html +413 -412
- package/public/azure-dns-integration.html +289 -0
- package/public/browser.html +486 -486
- package/public/cloudflare-integration.html +380 -0
- package/public/commander-dashboard.html +243 -243
- package/public/cookies.html +210 -210
- package/public/cpanel-integration.html +398 -0
- package/public/css/agent-workspace.css +1713 -1713
- package/public/css/premium.css +317 -317
- package/public/css/styles.css +1263 -1235
- package/public/dashboard.html +707 -706
- package/public/dns.html +436 -0
- package/public/docs.html +588 -587
- package/public/feed.xml +89 -89
- package/public/gcp-dns-integration.html +318 -0
- package/public/growth.html +465 -463
- package/public/index.html +1266 -982
- package/public/integrations.html +556 -0
- package/public/js/activate.js +145 -0
- package/public/js/agent-workspace.js +1740 -1740
- package/public/js/auth-nav.js +65 -31
- package/public/js/auth-redirect.js +12 -12
- package/public/js/cookie-consent.js +56 -56
- package/public/js/dns.js +438 -0
- package/public/js/wab-demo-page.js +721 -721
- package/public/js/ws-client.js +74 -74
- package/public/llms-full.txt +360 -360
- package/public/llms.txt +125 -125
- package/public/login.html +85 -85
- package/public/mesh-dashboard.html +328 -328
- package/public/openapi.json +669 -580
- package/public/phone-shield.html +281 -0
- package/public/plesk-integration.html +375 -0
- package/public/premium-dashboard.html +2489 -2489
- package/public/premium.html +793 -793
- package/public/privacy.html +297 -297
- package/public/provider-onboarding.html +172 -0
- package/public/provider-sandbox.html +134 -0
- package/public/providers.html +359 -0
- package/public/register.html +105 -105
- package/public/registrar-integrations.html +141 -0
- package/public/robots.txt +99 -87
- package/public/route53-integration.html +531 -0
- package/public/script/wab-consent.d.ts +36 -36
- package/public/script/wab-consent.js +104 -104
- package/public/script/wab-schema.js +131 -131
- package/public/script/wab.d.ts +108 -108
- package/public/script/wab.min.js +580 -580
- package/public/security.txt +8 -0
- package/public/shieldqr.html +231 -0
- package/public/sitemap.xml +6 -0
- package/public/terms.html +256 -256
- package/public/wab-trust.html +200 -0
- package/public/wab-vs-protocols.html +210 -0
- package/public/whitepaper.html +449 -0
- package/script/ai-agent-bridge.js +1754 -1754
- package/sdk/README.md +99 -99
- package/sdk/agent-mesh.js +449 -449
- package/sdk/auto-discovery.js +288 -0
- package/sdk/commander.js +262 -262
- package/sdk/governance.js +262 -0
- package/sdk/index.d.ts +464 -464
- package/sdk/index.js +25 -1
- package/sdk/multi-agent.js +318 -318
- package/sdk/package.json +2 -2
- package/sdk/safe-mode.js +221 -0
- package/sdk/safety-shield.js +219 -0
- package/sdk/schema-discovery.js +83 -83
- package/server/adapters/index.js +520 -520
- package/server/config/plans.js +367 -367
- package/server/config/secrets.js +102 -102
- package/server/control-plane/index.js +301 -301
- package/server/data-plane/index.js +354 -354
- package/server/index.js +670 -427
- package/server/llm/index.js +404 -404
- package/server/middleware/adminAuth.js +35 -35
- package/server/middleware/auth.js +50 -50
- package/server/middleware/featureGate.js +88 -88
- package/server/middleware/rateLimits.js +100 -100
- package/server/middleware/sensitiveAction.js +157 -0
- package/server/migrations/001_add_analytics_indexes.sql +7 -7
- package/server/migrations/002_premium_features.sql +418 -418
- package/server/migrations/003_ads_integer_cents.sql +33 -33
- package/server/migrations/004_agent_os.sql +158 -158
- package/server/migrations/005_marketplace_metering.sql +126 -126
- package/server/migrations/007_governance.sql +106 -0
- package/server/migrations/008_plans.sql +144 -0
- package/server/migrations/009_shieldqr.sql +30 -0
- package/server/migrations/010_extended_trust.sql +33 -0
- package/server/models/adapters/index.js +33 -33
- package/server/models/adapters/mysql.js +183 -183
- package/server/models/adapters/postgresql.js +172 -172
- package/server/models/adapters/sqlite.js +7 -7
- package/server/models/db.js +740 -681
- package/server/observability/failure-analysis.js +337 -337
- package/server/observability/index.js +394 -394
- package/server/protocol/capabilities.js +223 -223
- package/server/protocol/index.js +243 -243
- package/server/protocol/schema.js +584 -584
- package/server/registry/certification.js +271 -271
- package/server/registry/index.js +326 -326
- package/server/routes/admin-plans.js +76 -0
- package/server/routes/admin-premium.js +673 -671
- package/server/routes/admin-shieldqr.js +90 -0
- package/server/routes/admin-trust-monitor.js +83 -0
- package/server/routes/admin.js +549 -261
- package/server/routes/ads.js +130 -130
- package/server/routes/agent-workspace.js +540 -540
- package/server/routes/api.js +150 -150
- package/server/routes/auth.js +71 -71
- package/server/routes/billing.js +57 -45
- package/server/routes/commander.js +316 -316
- package/server/routes/demo-showcase.js +332 -332
- package/server/routes/demo-store.js +154 -0
- package/server/routes/discovery.js +2348 -417
- package/server/routes/gateway.js +173 -157
- package/server/routes/governance.js +208 -0
- package/server/routes/license.js +251 -240
- package/server/routes/mesh.js +469 -469
- package/server/routes/noscript.js +543 -543
- package/server/routes/plans.js +33 -0
- package/server/routes/premium-v2.js +686 -686
- package/server/routes/premium.js +724 -724
- package/server/routes/providers.js +650 -0
- package/server/routes/runtime.js +2148 -2147
- package/server/routes/shieldqr.js +88 -0
- package/server/routes/sovereign.js +465 -385
- package/server/routes/universal.js +200 -185
- package/server/routes/wab-api.js +850 -501
- package/server/runtime/container-worker.js +111 -111
- package/server/runtime/container.js +448 -448
- package/server/runtime/distributed-worker.js +362 -362
- package/server/runtime/event-bus.js +210 -210
- package/server/runtime/index.js +253 -253
- package/server/runtime/queue.js +599 -599
- package/server/runtime/replay.js +666 -666
- package/server/runtime/sandbox.js +266 -266
- package/server/runtime/scheduler.js +534 -534
- package/server/runtime/session-engine.js +293 -293
- package/server/runtime/state-manager.js +188 -188
- package/server/security/cross-site-redactor.js +196 -0
- package/server/security/dry-run.js +180 -0
- package/server/security/human-gate-rate-limit.js +147 -0
- package/server/security/human-gate-transports.js +178 -0
- package/server/security/human-gate.js +281 -0
- package/server/security/index.js +368 -368
- package/server/security/intent-engine.js +245 -0
- package/server/security/reward-guard.js +171 -0
- package/server/security/rollback-store.js +239 -0
- package/server/security/token-scope.js +404 -0
- package/server/security/url-policy.js +139 -0
- package/server/services/agent-chat.js +506 -506
- package/server/services/agent-learning.js +601 -575
- package/server/services/agent-memory.js +625 -625
- package/server/services/agent-mesh.js +555 -539
- package/server/services/agent-symphony.js +717 -717
- package/server/services/agent-tasks.js +1807 -1807
- package/server/services/api-key-engine.js +292 -261
- package/server/services/cluster.js +894 -894
- package/server/services/commander.js +738 -738
- package/server/services/edge-compute.js +440 -440
- package/server/services/email.js +233 -204
- package/server/services/governance.js +466 -0
- package/server/services/hosted-runtime.js +205 -205
- package/server/services/lfd.js +635 -635
- package/server/services/local-ai.js +389 -389
- package/server/services/marketplace.js +270 -270
- package/server/services/metering.js +182 -182
- package/server/services/modules/affiliate-intelligence.js +93 -93
- package/server/services/modules/agent-firewall.js +90 -90
- package/server/services/modules/bounty.js +89 -89
- package/server/services/modules/collective-bargaining.js +92 -92
- package/server/services/modules/dark-pattern.js +66 -66
- package/server/services/modules/gov-intelligence.js +45 -45
- package/server/services/modules/neural.js +55 -55
- package/server/services/modules/notary.js +49 -49
- package/server/services/modules/price-time-machine.js +86 -86
- package/server/services/modules/protocol.js +104 -104
- package/server/services/negotiation.js +439 -439
- package/server/services/plans.js +214 -0
- package/server/services/plugins.js +771 -771
- package/server/services/premium.js +1 -1
- package/server/services/price-intelligence.js +566 -566
- package/server/services/price-shield.js +1137 -1137
- package/server/services/provider-clients.js +740 -0
- package/server/services/reputation.js +465 -465
- package/server/services/search-engine.js +357 -357
- package/server/services/security.js +513 -513
- package/server/services/self-healing.js +843 -843
- package/server/services/shieldqr.js +322 -0
- package/server/services/sovereign-shield.js +542 -0
- package/server/services/ssl-inspector.js +42 -0
- package/server/services/ssl-monitor.js +167 -0
- package/server/services/stripe.js +205 -192
- package/server/services/swarm.js +788 -788
- package/server/services/universal-scraper.js +662 -661
- package/server/services/verification.js +481 -481
- package/server/services/vision.js +1163 -1163
- package/server/services/wab-crypto.js +178 -0
- package/server/utils/cache.js +125 -125
- package/server/utils/migrate.js +81 -81
- package/server/utils/safe-fetch.js +228 -0
- package/server/utils/secureFields.js +50 -50
- package/server/ws.js +161 -161
- package/templates/artisan-marketplace.yaml +104 -104
- package/templates/book-price-scout.yaml +98 -98
- package/templates/electronics-price-tracker.yaml +108 -108
- package/templates/flight-deal-hunter.yaml +113 -113
- package/templates/freelancer-direct.yaml +116 -116
- package/templates/grocery-price-compare.yaml +93 -93
- package/templates/hotel-direct-booking.yaml +113 -113
- package/templates/local-services.yaml +98 -98
- package/templates/olive-oil-tunisia.yaml +88 -88
- package/templates/organic-farm-fresh.yaml +101 -101
- package/templates/restaurant-direct.yaml +97 -97
- package/public/score.html +0 -263
- package/server/migrations/006_growth_suite.sql +0 -138
- package/server/routes/growth.js +0 -962
- package/server/services/fairness-engine.js +0 -409
- package/server/services/fairness.js +0 -420
|
@@ -1,271 +1,271 @@
|
|
|
1
|
-
'use strict';
|
|
2
|
-
|
|
3
|
-
/**
|
|
4
|
-
* Agent Certification System
|
|
5
|
-
*
|
|
6
|
-
* Verifies that sites are agent-compatible, issues badges/certificates,
|
|
7
|
-
* and enforces compliance checks for the WAP ecosystem.
|
|
8
|
-
*/
|
|
9
|
-
|
|
10
|
-
const crypto = require('crypto');
|
|
11
|
-
const { bus } = require('../runtime/event-bus');
|
|
12
|
-
|
|
13
|
-
const CertLevel = {
|
|
14
|
-
NONE: 'none',
|
|
15
|
-
BASIC: 'basic', // Has WAB script, basic commands exposed
|
|
16
|
-
STANDARD: 'standard', // Structured data, capability negotiation
|
|
17
|
-
PREMIUM: 'premium', // Full WAP support, semantic actions, discovery
|
|
18
|
-
SOVEREIGN: 'sovereign', // P2P, no intermediary, full protocol
|
|
19
|
-
};
|
|
20
|
-
|
|
21
|
-
class CertificationEngine {
|
|
22
|
-
constructor() {
|
|
23
|
-
this._certificates = new Map(); // domain → Certificate
|
|
24
|
-
this._checks = this._defaultChecks();
|
|
25
|
-
}
|
|
26
|
-
|
|
27
|
-
/**
|
|
28
|
-
* Verify a site's agent compatibility
|
|
29
|
-
*/
|
|
30
|
-
async verify(domain, probeData = {}) {
|
|
31
|
-
const result = {
|
|
32
|
-
domain,
|
|
33
|
-
timestamp: Date.now(),
|
|
34
|
-
level: CertLevel.NONE,
|
|
35
|
-
checks: [],
|
|
36
|
-
score: 0,
|
|
37
|
-
maxScore: 0,
|
|
38
|
-
badge: null,
|
|
39
|
-
expiresAt: null,
|
|
40
|
-
};
|
|
41
|
-
|
|
42
|
-
// Run all checks
|
|
43
|
-
for (const check of this._checks) {
|
|
44
|
-
result.maxScore += check.weight;
|
|
45
|
-
const checkResult = {
|
|
46
|
-
name: check.name,
|
|
47
|
-
category: check.category,
|
|
48
|
-
weight: check.weight,
|
|
49
|
-
passed: false,
|
|
50
|
-
details: null,
|
|
51
|
-
};
|
|
52
|
-
|
|
53
|
-
try {
|
|
54
|
-
const passed = check.test(probeData);
|
|
55
|
-
checkResult.passed = passed;
|
|
56
|
-
if (passed) result.score += check.weight;
|
|
57
|
-
} catch (err) {
|
|
58
|
-
checkResult.details = err.message;
|
|
59
|
-
}
|
|
60
|
-
|
|
61
|
-
result.checks.push(checkResult);
|
|
62
|
-
}
|
|
63
|
-
|
|
64
|
-
// Determine certification level
|
|
65
|
-
const ratio = result.maxScore > 0 ? result.score / result.maxScore : 0;
|
|
66
|
-
if (ratio >= 0.9) result.level = CertLevel.SOVEREIGN;
|
|
67
|
-
else if (ratio >= 0.7) result.level = CertLevel.PREMIUM;
|
|
68
|
-
else if (ratio >= 0.5) result.level = CertLevel.STANDARD;
|
|
69
|
-
else if (ratio >= 0.25) result.level = CertLevel.BASIC;
|
|
70
|
-
|
|
71
|
-
// Generate certificate if passes basic
|
|
72
|
-
if (result.level !== CertLevel.NONE) {
|
|
73
|
-
const cert = this._issueCertificate(domain, result);
|
|
74
|
-
result.badge = cert.badge;
|
|
75
|
-
result.expiresAt = cert.expiresAt;
|
|
76
|
-
result.certificateId = cert.id;
|
|
77
|
-
}
|
|
78
|
-
|
|
79
|
-
bus.emit('certification.verified', {
|
|
80
|
-
domain,
|
|
81
|
-
level: result.level,
|
|
82
|
-
score: result.score,
|
|
83
|
-
maxScore: result.maxScore,
|
|
84
|
-
});
|
|
85
|
-
|
|
86
|
-
return result;
|
|
87
|
-
}
|
|
88
|
-
|
|
89
|
-
/**
|
|
90
|
-
* Get certificate for a domain
|
|
91
|
-
*/
|
|
92
|
-
getCertificate(domain) {
|
|
93
|
-
const cert = this._certificates.get(domain);
|
|
94
|
-
if (!cert) return null;
|
|
95
|
-
if (cert.expiresAt < Date.now()) {
|
|
96
|
-
this._certificates.delete(domain);
|
|
97
|
-
return null;
|
|
98
|
-
}
|
|
99
|
-
return cert;
|
|
100
|
-
}
|
|
101
|
-
|
|
102
|
-
/**
|
|
103
|
-
* List all active certificates
|
|
104
|
-
*/
|
|
105
|
-
listCertificates(filters = {}, limit = 50) {
|
|
106
|
-
const now = Date.now();
|
|
107
|
-
let certs = Array.from(this._certificates.values()).filter(c => c.expiresAt >= now);
|
|
108
|
-
|
|
109
|
-
if (filters.level) certs = certs.filter(c => c.level === filters.level);
|
|
110
|
-
if (filters.minScore) certs = certs.filter(c => c.score >= filters.minScore);
|
|
111
|
-
|
|
112
|
-
return certs.slice(0, limit).map(c => ({
|
|
113
|
-
id: c.id,
|
|
114
|
-
domain: c.domain,
|
|
115
|
-
level: c.level,
|
|
116
|
-
score: c.score,
|
|
117
|
-
maxScore: c.maxScore,
|
|
118
|
-
issuedAt: c.issuedAt,
|
|
119
|
-
expiresAt: c.expiresAt,
|
|
120
|
-
badge: c.badge,
|
|
121
|
-
}));
|
|
122
|
-
}
|
|
123
|
-
|
|
124
|
-
/**
|
|
125
|
-
* Revoke a certificate
|
|
126
|
-
*/
|
|
127
|
-
revoke(domain) {
|
|
128
|
-
this._certificates.delete(domain);
|
|
129
|
-
bus.emit('certification.revoked', { domain });
|
|
130
|
-
}
|
|
131
|
-
|
|
132
|
-
/**
|
|
133
|
-
* Get badge URL for a certification level
|
|
134
|
-
*/
|
|
135
|
-
getBadge(level) {
|
|
136
|
-
return `/badge/agent-${level}.svg`;
|
|
137
|
-
}
|
|
138
|
-
|
|
139
|
-
getStats() {
|
|
140
|
-
return {
|
|
141
|
-
totalCertificates: this._certificates.size,
|
|
142
|
-
byLevel: this._countByLevel(),
|
|
143
|
-
checks: this._checks.length,
|
|
144
|
-
};
|
|
145
|
-
}
|
|
146
|
-
|
|
147
|
-
// ── Internal ──
|
|
148
|
-
|
|
149
|
-
_issueCertificate(domain, result) {
|
|
150
|
-
const id = `cert_${crypto.randomBytes(8).toString('hex')}`;
|
|
151
|
-
const cert = {
|
|
152
|
-
id,
|
|
153
|
-
domain,
|
|
154
|
-
level: result.level,
|
|
155
|
-
score: result.score,
|
|
156
|
-
maxScore: result.maxScore,
|
|
157
|
-
checks: result.checks.map(c => ({ name: c.name, passed: c.passed })),
|
|
158
|
-
issuedAt: Date.now(),
|
|
159
|
-
expiresAt: Date.now() + 90 * 24 * 3600_000, // 90 days
|
|
160
|
-
badge: this.getBadge(result.level),
|
|
161
|
-
signature: this._signCertificate(id, domain, result.level),
|
|
162
|
-
};
|
|
163
|
-
|
|
164
|
-
this._certificates.set(domain, cert);
|
|
165
|
-
return cert;
|
|
166
|
-
}
|
|
167
|
-
|
|
168
|
-
_signCertificate(id, domain, level) {
|
|
169
|
-
const secret = process.env.WAB_CERT_SECRET || 'wab-certification-key';
|
|
170
|
-
return crypto
|
|
171
|
-
.createHmac('sha256', secret)
|
|
172
|
-
.update(`${id}:${domain}:${level}`)
|
|
173
|
-
.digest('hex')
|
|
174
|
-
.slice(0, 32);
|
|
175
|
-
}
|
|
176
|
-
|
|
177
|
-
_countByLevel() {
|
|
178
|
-
const counts = {};
|
|
179
|
-
for (const cert of this._certificates.values()) {
|
|
180
|
-
counts[cert.level] = (counts[cert.level] || 0) + 1;
|
|
181
|
-
}
|
|
182
|
-
return counts;
|
|
183
|
-
}
|
|
184
|
-
|
|
185
|
-
_defaultChecks() {
|
|
186
|
-
return [
|
|
187
|
-
{
|
|
188
|
-
name: 'wab_script_present',
|
|
189
|
-
category: 'integration',
|
|
190
|
-
weight: 10,
|
|
191
|
-
test: (data) => !!(data.hasWABScript || data.wabVersion),
|
|
192
|
-
},
|
|
193
|
-
{
|
|
194
|
-
name: 'well_known_discovery',
|
|
195
|
-
category: 'protocol',
|
|
196
|
-
weight: 10,
|
|
197
|
-
test: (data) => !!(data.wellKnown || data.agentToolsJson),
|
|
198
|
-
},
|
|
199
|
-
{
|
|
200
|
-
name: 'structured_metadata',
|
|
201
|
-
category: 'data',
|
|
202
|
-
weight: 8,
|
|
203
|
-
test: (data) => !!(data.jsonLd || data.structuredData || data.openGraph),
|
|
204
|
-
},
|
|
205
|
-
{
|
|
206
|
-
name: 'semantic_actions',
|
|
207
|
-
category: 'protocol',
|
|
208
|
-
weight: 10,
|
|
209
|
-
test: (data) => !!(data.semanticActions && data.semanticActions.length > 0),
|
|
210
|
-
},
|
|
211
|
-
{
|
|
212
|
-
name: 'capability_negotiation',
|
|
213
|
-
category: 'security',
|
|
214
|
-
weight: 10,
|
|
215
|
-
test: (data) => !!data.capabilityNegotiation,
|
|
216
|
-
},
|
|
217
|
-
{
|
|
218
|
-
name: 'command_schema',
|
|
219
|
-
category: 'protocol',
|
|
220
|
-
weight: 8,
|
|
221
|
-
test: (data) => !!(data.commands && data.commands.length > 0),
|
|
222
|
-
},
|
|
223
|
-
{
|
|
224
|
-
name: 'https_enabled',
|
|
225
|
-
category: 'security',
|
|
226
|
-
weight: 5,
|
|
227
|
-
test: (data) => data.https !== false,
|
|
228
|
-
},
|
|
229
|
-
{
|
|
230
|
-
name: 'cors_agent_friendly',
|
|
231
|
-
category: 'security',
|
|
232
|
-
weight: 5,
|
|
233
|
-
test: (data) => !!data.corsAllowsAgents,
|
|
234
|
-
},
|
|
235
|
-
{
|
|
236
|
-
name: 'rate_limit_info',
|
|
237
|
-
category: 'fairness',
|
|
238
|
-
weight: 5,
|
|
239
|
-
test: (data) => !!data.rateLimitInfo,
|
|
240
|
-
},
|
|
241
|
-
{
|
|
242
|
-
name: 'error_handling',
|
|
243
|
-
category: 'reliability',
|
|
244
|
-
weight: 5,
|
|
245
|
-
test: (data) => !!data.errorSchemaProvided,
|
|
246
|
-
},
|
|
247
|
-
{
|
|
248
|
-
name: 'data_privacy_declaration',
|
|
249
|
-
category: 'compliance',
|
|
250
|
-
weight: 7,
|
|
251
|
-
test: (data) => !!(data.privacyPolicy || data.dataUsagePolicy),
|
|
252
|
-
},
|
|
253
|
-
{
|
|
254
|
-
name: 'agent_terms_of_service',
|
|
255
|
-
category: 'compliance',
|
|
256
|
-
weight: 7,
|
|
257
|
-
test: (data) => !!data.agentTOS,
|
|
258
|
-
},
|
|
259
|
-
{
|
|
260
|
-
name: 'p2p_sovereign_support',
|
|
261
|
-
category: 'sovereignty',
|
|
262
|
-
weight: 10,
|
|
263
|
-
test: (data) => !!data.sovereignMode,
|
|
264
|
-
},
|
|
265
|
-
];
|
|
266
|
-
}
|
|
267
|
-
}
|
|
268
|
-
|
|
269
|
-
const certificationEngine = new CertificationEngine();
|
|
270
|
-
|
|
271
|
-
module.exports = { CertificationEngine, CertLevel, certificationEngine };
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* Agent Certification System
|
|
5
|
+
*
|
|
6
|
+
* Verifies that sites are agent-compatible, issues badges/certificates,
|
|
7
|
+
* and enforces compliance checks for the WAP ecosystem.
|
|
8
|
+
*/
|
|
9
|
+
|
|
10
|
+
const crypto = require('crypto');
|
|
11
|
+
const { bus } = require('../runtime/event-bus');
|
|
12
|
+
|
|
13
|
+
const CertLevel = {
|
|
14
|
+
NONE: 'none',
|
|
15
|
+
BASIC: 'basic', // Has WAB script, basic commands exposed
|
|
16
|
+
STANDARD: 'standard', // Structured data, capability negotiation
|
|
17
|
+
PREMIUM: 'premium', // Full WAP support, semantic actions, discovery
|
|
18
|
+
SOVEREIGN: 'sovereign', // P2P, no intermediary, full protocol
|
|
19
|
+
};
|
|
20
|
+
|
|
21
|
+
class CertificationEngine {
|
|
22
|
+
constructor() {
|
|
23
|
+
this._certificates = new Map(); // domain → Certificate
|
|
24
|
+
this._checks = this._defaultChecks();
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
/**
|
|
28
|
+
* Verify a site's agent compatibility
|
|
29
|
+
*/
|
|
30
|
+
async verify(domain, probeData = {}) {
|
|
31
|
+
const result = {
|
|
32
|
+
domain,
|
|
33
|
+
timestamp: Date.now(),
|
|
34
|
+
level: CertLevel.NONE,
|
|
35
|
+
checks: [],
|
|
36
|
+
score: 0,
|
|
37
|
+
maxScore: 0,
|
|
38
|
+
badge: null,
|
|
39
|
+
expiresAt: null,
|
|
40
|
+
};
|
|
41
|
+
|
|
42
|
+
// Run all checks
|
|
43
|
+
for (const check of this._checks) {
|
|
44
|
+
result.maxScore += check.weight;
|
|
45
|
+
const checkResult = {
|
|
46
|
+
name: check.name,
|
|
47
|
+
category: check.category,
|
|
48
|
+
weight: check.weight,
|
|
49
|
+
passed: false,
|
|
50
|
+
details: null,
|
|
51
|
+
};
|
|
52
|
+
|
|
53
|
+
try {
|
|
54
|
+
const passed = check.test(probeData);
|
|
55
|
+
checkResult.passed = passed;
|
|
56
|
+
if (passed) result.score += check.weight;
|
|
57
|
+
} catch (err) {
|
|
58
|
+
checkResult.details = err.message;
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
result.checks.push(checkResult);
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
// Determine certification level
|
|
65
|
+
const ratio = result.maxScore > 0 ? result.score / result.maxScore : 0;
|
|
66
|
+
if (ratio >= 0.9) result.level = CertLevel.SOVEREIGN;
|
|
67
|
+
else if (ratio >= 0.7) result.level = CertLevel.PREMIUM;
|
|
68
|
+
else if (ratio >= 0.5) result.level = CertLevel.STANDARD;
|
|
69
|
+
else if (ratio >= 0.25) result.level = CertLevel.BASIC;
|
|
70
|
+
|
|
71
|
+
// Generate certificate if passes basic
|
|
72
|
+
if (result.level !== CertLevel.NONE) {
|
|
73
|
+
const cert = this._issueCertificate(domain, result);
|
|
74
|
+
result.badge = cert.badge;
|
|
75
|
+
result.expiresAt = cert.expiresAt;
|
|
76
|
+
result.certificateId = cert.id;
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
bus.emit('certification.verified', {
|
|
80
|
+
domain,
|
|
81
|
+
level: result.level,
|
|
82
|
+
score: result.score,
|
|
83
|
+
maxScore: result.maxScore,
|
|
84
|
+
});
|
|
85
|
+
|
|
86
|
+
return result;
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
/**
|
|
90
|
+
* Get certificate for a domain
|
|
91
|
+
*/
|
|
92
|
+
getCertificate(domain) {
|
|
93
|
+
const cert = this._certificates.get(domain);
|
|
94
|
+
if (!cert) return null;
|
|
95
|
+
if (cert.expiresAt < Date.now()) {
|
|
96
|
+
this._certificates.delete(domain);
|
|
97
|
+
return null;
|
|
98
|
+
}
|
|
99
|
+
return cert;
|
|
100
|
+
}
|
|
101
|
+
|
|
102
|
+
/**
|
|
103
|
+
* List all active certificates
|
|
104
|
+
*/
|
|
105
|
+
listCertificates(filters = {}, limit = 50) {
|
|
106
|
+
const now = Date.now();
|
|
107
|
+
let certs = Array.from(this._certificates.values()).filter(c => c.expiresAt >= now);
|
|
108
|
+
|
|
109
|
+
if (filters.level) certs = certs.filter(c => c.level === filters.level);
|
|
110
|
+
if (filters.minScore) certs = certs.filter(c => c.score >= filters.minScore);
|
|
111
|
+
|
|
112
|
+
return certs.slice(0, limit).map(c => ({
|
|
113
|
+
id: c.id,
|
|
114
|
+
domain: c.domain,
|
|
115
|
+
level: c.level,
|
|
116
|
+
score: c.score,
|
|
117
|
+
maxScore: c.maxScore,
|
|
118
|
+
issuedAt: c.issuedAt,
|
|
119
|
+
expiresAt: c.expiresAt,
|
|
120
|
+
badge: c.badge,
|
|
121
|
+
}));
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
/**
|
|
125
|
+
* Revoke a certificate
|
|
126
|
+
*/
|
|
127
|
+
revoke(domain) {
|
|
128
|
+
this._certificates.delete(domain);
|
|
129
|
+
bus.emit('certification.revoked', { domain });
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
/**
|
|
133
|
+
* Get badge URL for a certification level
|
|
134
|
+
*/
|
|
135
|
+
getBadge(level) {
|
|
136
|
+
return `/badge/agent-${level}.svg`;
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
getStats() {
|
|
140
|
+
return {
|
|
141
|
+
totalCertificates: this._certificates.size,
|
|
142
|
+
byLevel: this._countByLevel(),
|
|
143
|
+
checks: this._checks.length,
|
|
144
|
+
};
|
|
145
|
+
}
|
|
146
|
+
|
|
147
|
+
// ── Internal ──
|
|
148
|
+
|
|
149
|
+
_issueCertificate(domain, result) {
|
|
150
|
+
const id = `cert_${crypto.randomBytes(8).toString('hex')}`;
|
|
151
|
+
const cert = {
|
|
152
|
+
id,
|
|
153
|
+
domain,
|
|
154
|
+
level: result.level,
|
|
155
|
+
score: result.score,
|
|
156
|
+
maxScore: result.maxScore,
|
|
157
|
+
checks: result.checks.map(c => ({ name: c.name, passed: c.passed })),
|
|
158
|
+
issuedAt: Date.now(),
|
|
159
|
+
expiresAt: Date.now() + 90 * 24 * 3600_000, // 90 days
|
|
160
|
+
badge: this.getBadge(result.level),
|
|
161
|
+
signature: this._signCertificate(id, domain, result.level),
|
|
162
|
+
};
|
|
163
|
+
|
|
164
|
+
this._certificates.set(domain, cert);
|
|
165
|
+
return cert;
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
_signCertificate(id, domain, level) {
|
|
169
|
+
const secret = process.env.WAB_CERT_SECRET || 'wab-certification-key';
|
|
170
|
+
return crypto
|
|
171
|
+
.createHmac('sha256', secret)
|
|
172
|
+
.update(`${id}:${domain}:${level}`)
|
|
173
|
+
.digest('hex')
|
|
174
|
+
.slice(0, 32);
|
|
175
|
+
}
|
|
176
|
+
|
|
177
|
+
_countByLevel() {
|
|
178
|
+
const counts = {};
|
|
179
|
+
for (const cert of this._certificates.values()) {
|
|
180
|
+
counts[cert.level] = (counts[cert.level] || 0) + 1;
|
|
181
|
+
}
|
|
182
|
+
return counts;
|
|
183
|
+
}
|
|
184
|
+
|
|
185
|
+
_defaultChecks() {
|
|
186
|
+
return [
|
|
187
|
+
{
|
|
188
|
+
name: 'wab_script_present',
|
|
189
|
+
category: 'integration',
|
|
190
|
+
weight: 10,
|
|
191
|
+
test: (data) => !!(data.hasWABScript || data.wabVersion),
|
|
192
|
+
},
|
|
193
|
+
{
|
|
194
|
+
name: 'well_known_discovery',
|
|
195
|
+
category: 'protocol',
|
|
196
|
+
weight: 10,
|
|
197
|
+
test: (data) => !!(data.wellKnown || data.agentToolsJson),
|
|
198
|
+
},
|
|
199
|
+
{
|
|
200
|
+
name: 'structured_metadata',
|
|
201
|
+
category: 'data',
|
|
202
|
+
weight: 8,
|
|
203
|
+
test: (data) => !!(data.jsonLd || data.structuredData || data.openGraph),
|
|
204
|
+
},
|
|
205
|
+
{
|
|
206
|
+
name: 'semantic_actions',
|
|
207
|
+
category: 'protocol',
|
|
208
|
+
weight: 10,
|
|
209
|
+
test: (data) => !!(data.semanticActions && data.semanticActions.length > 0),
|
|
210
|
+
},
|
|
211
|
+
{
|
|
212
|
+
name: 'capability_negotiation',
|
|
213
|
+
category: 'security',
|
|
214
|
+
weight: 10,
|
|
215
|
+
test: (data) => !!data.capabilityNegotiation,
|
|
216
|
+
},
|
|
217
|
+
{
|
|
218
|
+
name: 'command_schema',
|
|
219
|
+
category: 'protocol',
|
|
220
|
+
weight: 8,
|
|
221
|
+
test: (data) => !!(data.commands && data.commands.length > 0),
|
|
222
|
+
},
|
|
223
|
+
{
|
|
224
|
+
name: 'https_enabled',
|
|
225
|
+
category: 'security',
|
|
226
|
+
weight: 5,
|
|
227
|
+
test: (data) => data.https !== false,
|
|
228
|
+
},
|
|
229
|
+
{
|
|
230
|
+
name: 'cors_agent_friendly',
|
|
231
|
+
category: 'security',
|
|
232
|
+
weight: 5,
|
|
233
|
+
test: (data) => !!data.corsAllowsAgents,
|
|
234
|
+
},
|
|
235
|
+
{
|
|
236
|
+
name: 'rate_limit_info',
|
|
237
|
+
category: 'fairness',
|
|
238
|
+
weight: 5,
|
|
239
|
+
test: (data) => !!data.rateLimitInfo,
|
|
240
|
+
},
|
|
241
|
+
{
|
|
242
|
+
name: 'error_handling',
|
|
243
|
+
category: 'reliability',
|
|
244
|
+
weight: 5,
|
|
245
|
+
test: (data) => !!data.errorSchemaProvided,
|
|
246
|
+
},
|
|
247
|
+
{
|
|
248
|
+
name: 'data_privacy_declaration',
|
|
249
|
+
category: 'compliance',
|
|
250
|
+
weight: 7,
|
|
251
|
+
test: (data) => !!(data.privacyPolicy || data.dataUsagePolicy),
|
|
252
|
+
},
|
|
253
|
+
{
|
|
254
|
+
name: 'agent_terms_of_service',
|
|
255
|
+
category: 'compliance',
|
|
256
|
+
weight: 7,
|
|
257
|
+
test: (data) => !!data.agentTOS,
|
|
258
|
+
},
|
|
259
|
+
{
|
|
260
|
+
name: 'p2p_sovereign_support',
|
|
261
|
+
category: 'sovereignty',
|
|
262
|
+
weight: 10,
|
|
263
|
+
test: (data) => !!data.sovereignMode,
|
|
264
|
+
},
|
|
265
|
+
];
|
|
266
|
+
}
|
|
267
|
+
}
|
|
268
|
+
|
|
269
|
+
const certificationEngine = new CertificationEngine();
|
|
270
|
+
|
|
271
|
+
module.exports = { CertificationEngine, CertLevel, certificationEngine };
|