npm - web-agent-bridge - Versions diffs - 3.2.0 → 3.4.0 - Mend

web-agent-bridge 3.2.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (256) hide show

package/LICENSE +84 -72
package/README.ar.md +1304 -1152
package/README.md +298 -1635
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -138
package/bin/wab-init.js +223 -0
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -0
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -0
package/examples/cpanel-wab-dns.js +114 -0
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -0
package/examples/gcp-dns-wab.js +76 -0
package/examples/governance-agent.js +169 -0
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -0
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -0
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -0
package/examples/wab-verify.js +60 -0
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +19 -6
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -0
package/public/.well-known/wab.json +28 -0
package/public/activate.html +368 -0
package/public/adoption-metrics.html +188 -0
package/public/agent-workspace.html +349 -349
package/public/ai.html +198 -198
package/public/api.html +413 -412
package/public/azure-dns-integration.html +289 -0
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -0
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -0
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1263 -1235
package/public/dashboard.html +707 -706
package/public/dns.html +436 -0
package/public/docs.html +588 -587
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -0
package/public/growth.html +465 -463
package/public/index.html +1266 -982
package/public/integrations.html +556 -0
package/public/js/activate.js +145 -0
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +65 -31
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -0
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/openapi.json +669 -580
package/public/phone-shield.html +281 -0
package/public/plesk-integration.html +375 -0
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -0
package/public/provider-sandbox.html +134 -0
package/public/providers.html +359 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -0
package/public/robots.txt +99 -87
package/public/route53-integration.html +531 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -0
package/public/shieldqr.html +231 -0
package/public/sitemap.xml +6 -0
package/public/terms.html +256 -256
package/public/wab-trust.html +200 -0
package/public/wab-vs-protocols.html +210 -0
package/public/whitepaper.html +449 -0
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/auto-discovery.js +288 -0
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -0
package/sdk/index.d.ts +464 -464
package/sdk/index.js +25 -1
package/sdk/multi-agent.js +318 -318
package/sdk/package.json +2 -2
package/sdk/safe-mode.js +221 -0
package/sdk/safety-shield.js +219 -0
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +367 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +670 -427
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/007_governance.sql +106 -0
package/server/migrations/008_plans.sql +144 -0
package/server/migrations/009_shieldqr.sql +30 -0
package/server/migrations/010_extended_trust.sql +33 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -681
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/admin-plans.js +76 -0
package/server/routes/admin-premium.js +673 -671
package/server/routes/admin-shieldqr.js +90 -0
package/server/routes/admin-trust-monitor.js +83 -0
package/server/routes/admin.js +549 -261
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -45
package/server/routes/commander.js +316 -316
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -0
package/server/routes/discovery.js +2348 -417
package/server/routes/gateway.js +173 -157
package/server/routes/governance.js +208 -0
package/server/routes/license.js +251 -240
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/plans.js +33 -0
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -0
package/server/routes/runtime.js +2148 -2147
package/server/routes/shieldqr.js +88 -0
package/server/routes/sovereign.js +465 -385
package/server/routes/universal.js +200 -185
package/server/routes/wab-api.js +850 -501
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/security/cross-site-redactor.js +196 -0
package/server/security/dry-run.js +180 -0
package/server/security/human-gate-rate-limit.js +147 -0
package/server/security/human-gate-transports.js +178 -0
package/server/security/human-gate.js +281 -0
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -0
package/server/security/reward-guard.js +171 -0
package/server/security/rollback-store.js +239 -0
package/server/security/token-scope.js +404 -0
package/server/security/url-policy.js +139 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -575
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -539
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -261
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -204
package/server/services/governance.js +466 -0
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/plans.js +214 -0
package/server/services/plugins.js +771 -771
package/server/services/premium.js +1 -1
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -0
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldqr.js +322 -0
package/server/services/sovereign-shield.js +542 -0
package/server/services/ssl-inspector.js +42 -0
package/server/services/ssl-monitor.js +167 -0
package/server/services/stripe.js +205 -192
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +662 -661
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -0
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -0
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/public/score.html +0 -263
package/server/migrations/006_growth_suite.sql +0 -138
package/server/routes/growth.js +0 -962
package/server/services/fairness-engine.js +0 -409
package/server/services/fairness.js +0 -420

package/examples/puppeteer-agent.js CHANGED Viewed

@@ -1,108 +1,108 @@
-/**
- * Example: Basic AI Agent using Puppeteer + WAB
- *
- * This agent connects to a website that has the Web Agent Bridge script installed,
- * discovers available actions, and executes them.
- *
- * Prerequisites:
- *   npm install puppeteer
- *
- * Usage:
- *   node examples/puppeteer-agent.js <url>
- */
-const puppeteer = require('puppeteer');
-const TARGET_URL = process.argv[2] || 'http://localhost:3000';
-async function main() {
-  console.log(`\n🤖 WAB Puppeteer Agent`);
-  console.log(`   Target: ${TARGET_URL}\n`);
-  const browser = await puppeteer.launch({ headless: true });
-  const page = await browser.newPage();
-  // Navigate to the target site
-  await page.goto(TARGET_URL, { waitUntil: 'networkidle2' });
-  console.log(`✓ Page loaded: ${await page.title()}`);
-  // Wait for WAB bridge to be ready
-  const hasBridge = await page.evaluate(() => {
-    return new Promise((resolve) => {
-      if (window.AICommands && window.AICommands._ready) {
-        resolve(true);
-      } else {
-        // Wait up to 5 seconds for bridge
-        const timeout = setTimeout(() => resolve(false), 5000);
-        document.addEventListener('wab:ready', () => {
-          clearTimeout(timeout);
-          resolve(true);
-        });
-      }
-    });
-  });
-  if (!hasBridge) {
-    console.log('✗ Web Agent Bridge not found on this page.');
-    await browser.close();
-    return;
-  }
-  console.log('✓ Web Agent Bridge detected\n');
-  // Step 1: Get page info
-  const pageInfo = await page.evaluate(() => window.AICommands.getPageInfo());
-  console.log('📄 Page Info:');
-  console.log(`   Title: ${pageInfo.title}`);
-  console.log(`   URL: ${pageInfo.url}`);
-  console.log(`   Bridge Version: ${pageInfo.bridgeVersion}`);
-  console.log(`   Tier: ${pageInfo.tier}`);
-  console.log(`   Actions Available: ${pageInfo.actionsCount}`);
-  console.log(`   Rate Limit Remaining: ${pageInfo.rateLimitRemaining}\n`);
-  // Step 2: Discover all available actions
-  const actions = await page.evaluate(() => window.AICommands.getActions());
-  console.log(`🔍 Discovered ${actions.length} actions:`);
-  actions.forEach((action) => {
-    console.log(`   • ${action.name} (${action.trigger}) — ${action.description}`);
-    if (action.fields) {
-      action.fields.forEach((f) => {
-        console.log(`     └─ ${f.name}: ${f.type}${f.required ? ' (required)' : ''}`);
-      });
-    }
-  });
-  // Step 3: Read content from the page
-  const content = await page.evaluate(() => {
-    return window.AICommands.readContent('h1') || window.AICommands.readContent('title');
-  });
-  if (content && content.success) {
-    console.log(`\n📖 Page heading: "${content.text}"`);
-  }
-  // Step 4: Execute a click action (first available)
-  const clickAction = actions.find((a) => a.trigger === 'click');
-  if (clickAction) {
-    console.log(`\n▶ Executing action: "${clickAction.name}"`);
-    const result = await page.evaluate(
-      (name) => window.AICommands.execute(name),
-      clickAction.name
-    );
-    console.log(`   Result: ${result.success ? '✓ Success' : '✗ ' + result.error}`);
-  }
-  // Step 5: List permissions
-  const permissions = pageInfo.permissions;
-  console.log('\n🔐 Permissions:');
-  Object.entries(permissions).forEach(([key, value]) => {
-    console.log(`   ${value ? '✓' : '✗'} ${key}`);
-  });
-  console.log('\n✓ Agent session complete.');
-  await browser.close();
-}
-main().catch((err) => {
-  console.error('Agent error:', err.message);
-  process.exit(1);
-});
+/**
+ * Example: Basic AI Agent using Puppeteer + WAB
+ *
+ * This agent connects to a website that has the Web Agent Bridge script installed,
+ * discovers available actions, and executes them.
+ *
+ * Prerequisites:
+ *   npm install puppeteer
+ *
+ * Usage:
+ *   node examples/puppeteer-agent.js <url>
+ */
+const puppeteer = require('puppeteer');
+const TARGET_URL = process.argv[2] || 'http://localhost:3000';
+async function main() {
+  console.log(`\n🤖 WAB Puppeteer Agent`);
+  console.log(`   Target: ${TARGET_URL}\n`);
+  const browser = await puppeteer.launch({ headless: true });
+  const page = await browser.newPage();
+  // Navigate to the target site
+  await page.goto(TARGET_URL, { waitUntil: 'networkidle2' });
+  console.log(`✓ Page loaded: ${await page.title()}`);
+  // Wait for WAB bridge to be ready
+  const hasBridge = await page.evaluate(() => {
+    return new Promise((resolve) => {
+      if (window.AICommands && window.AICommands._ready) {
+        resolve(true);
+      } else {
+        // Wait up to 5 seconds for bridge
+        const timeout = setTimeout(() => resolve(false), 5000);
+        document.addEventListener('wab:ready', () => {
+          clearTimeout(timeout);
+          resolve(true);
+        });
+      }
+    });
+  });
+  if (!hasBridge) {
+    console.log('✗ Web Agent Bridge not found on this page.');
+    await browser.close();
+    return;
+  }
+  console.log('✓ Web Agent Bridge detected\n');
+  // Step 1: Get page info
+  const pageInfo = await page.evaluate(() => window.AICommands.getPageInfo());
+  console.log('📄 Page Info:');
+  console.log(`   Title: ${pageInfo.title}`);
+  console.log(`   URL: ${pageInfo.url}`);
+  console.log(`   Bridge Version: ${pageInfo.bridgeVersion}`);
+  console.log(`   Tier: ${pageInfo.tier}`);
+  console.log(`   Actions Available: ${pageInfo.actionsCount}`);
+  console.log(`   Rate Limit Remaining: ${pageInfo.rateLimitRemaining}\n`);
+  // Step 2: Discover all available actions
+  const actions = await page.evaluate(() => window.AICommands.getActions());
+  console.log(`🔍 Discovered ${actions.length} actions:`);
+  actions.forEach((action) => {
+    console.log(`   • ${action.name} (${action.trigger}) — ${action.description}`);
+    if (action.fields) {
+      action.fields.forEach((f) => {
+        console.log(`     └─ ${f.name}: ${f.type}${f.required ? ' (required)' : ''}`);
+      });
+    }
+  });
+  // Step 3: Read content from the page
+  const content = await page.evaluate(() => {
+    return window.AICommands.readContent('h1') || window.AICommands.readContent('title');
+  });
+  if (content && content.success) {
+    console.log(`\n📖 Page heading: "${content.text}"`);
+  }
+  // Step 4: Execute a click action (first available)
+  const clickAction = actions.find((a) => a.trigger === 'click');
+  if (clickAction) {
+    console.log(`\n▶ Executing action: "${clickAction.name}"`);
+    const result = await page.evaluate(
+      (name) => window.AICommands.execute(name),
+      clickAction.name
+    );
+    console.log(`   Result: ${result.success ? '✓ Success' : '✗ ' + result.error}`);
+  }
+  // Step 5: List permissions
+  const permissions = pageInfo.permissions;
+  console.log('\n🔐 Permissions:');
+  Object.entries(permissions).forEach(([key, value]) => {
+    console.log(`   ${value ? '✓' : '✗'} ${key}`);
+  });
+  console.log('\n✓ Agent session complete.');
+  await browser.close();
+}
+main().catch((err) => {
+  console.error('Agent error:', err.message);
+  process.exit(1);
+});

package/examples/route53-wab-dns.js ADDED Viewed

@@ -0,0 +1,144 @@
+#!/usr/bin/env node
+/**
+ * route53-wab-dns.js
+ * -------------------
+ * CLI tool: enable or disable WAB DNS Discovery TXT record on AWS Route 53.
+ *
+ * Usage:
+ *   AWS_ACCESS_KEY_ID=… AWS_SECRET_ACCESS_KEY=… \
+ *     node route53-wab-dns.js enable  example.com [HOSTED_ZONE_ID]
+ *
+ *   AWS_ACCESS_KEY_ID=… AWS_SECRET_ACCESS_KEY=… \
+ *     node route53-wab-dns.js disable example.com [HOSTED_ZONE_ID]
+ *
+ *   node route53-wab-dns.js status example.com
+ *
+ * Optional env vars:
+ *   AWS_REGION          (default: us-east-1)
+ *   WAB_BASE_URL        (default: https://www.webagentbridge.com)
+ *   WAB_ENDPOINT        (override the wab.json URL in the TXT record)
+ *
+ * Required: @aws-sdk/client-route-53
+ *   npm install @aws-sdk/client-route-53
+ */
+'use strict';
+const {
+  Route53Client,
+  ChangeResourceRecordSetsCommand,
+  ListHostedZonesByNameCommand,
+  ListResourceRecordSetsCommand,
+} = require('@aws-sdk/client-route-53');
+const fetch = (() => {
+  try { return require('node-fetch'); }
+  catch { return globalThis.fetch; }
+})();
+const [,, action, domain, zoneIdArg] = process.argv;
+const REGION   = process.env.AWS_REGION    || 'us-east-1';
+const WAB_BASE = process.env.WAB_BASE_URL  || 'https://www.webagentbridge.com';
+const ENDPOINT = process.env.WAB_ENDPOINT  || `https://${domain}/.well-known/wab.json`;
+if (!action || !domain) {
+  console.error('Usage: node route53-wab-dns.js <enable|disable|status> <domain> [zone-id]');
+  process.exit(1);
+}
+if (!['enable','disable','status'].includes(action)) {
+  console.error('Action must be: enable | disable | status');
+  process.exit(1);
+}
+if (action !== 'status' && (!process.env.AWS_ACCESS_KEY_ID || !process.env.AWS_SECRET_ACCESS_KEY)) {
+  console.error('Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env variables');
+  process.exit(1);
+}
+const client = new Route53Client({ region: REGION });
+async function getRecordTemplate() {
+  const url = `${WAB_BASE}/api/discovery/provider/record-template?domain=${encodeURIComponent(domain)}&endpoint=${encodeURIComponent(ENDPOINT)}`;
+  const j   = await (await fetch(url)).json();
+  if (!j.record || !j.record.value) throw new Error('Could not fetch WAB record template');
+  // Route 53 requires double-quoted TXT value
+  const v = j.record.value;
+  return v.startsWith('"') ? v : `"${v}"`;
+}
+async function resolveZoneId() {
+  if (zoneIdArg) return zoneIdArg;
+  console.log(`[R53] Resolving hosted zone for ${domain}…`);
+  const r = await client.send(new ListHostedZonesByNameCommand({ DNSName: domain, MaxItems: '1' }));
+  const zone = (r.HostedZones || []).find(z => z.Name === `${domain}.`);
+  if (!zone) throw new Error(`No hosted zone found for "${domain}"`);
+  return zone.Id.replace('/hostedzone/', '');
+}
+async function getCurrentRecord(zoneId) {
+  const r = await client.send(new ListResourceRecordSetsCommand({
+    HostedZoneId: zoneId,
+    StartRecordName: `_wab.${domain}`,
+    StartRecordType: 'TXT',
+    MaxItems: '1',
+  }));
+  return (r.ResourceRecordSets || []).find(
+    rr => rr.Name === `_wab.${domain}.` && rr.Type === 'TXT'
+  ) || null;
+}
+async function main() {
+  console.log(`[WAB] Action: ${action} | Domain: ${domain}`);
+  if (action === 'status') {
+    const j = await (await fetch(`${WAB_BASE}/api/discovery/provider/status?domain=${encodeURIComponent(domain)}`)).json();
+    console.log(`[WAB] Status: ${j.status}`);
+    console.log(JSON.stringify(j, null, 2));
+    return;
+  }
+  const zoneId  = await resolveZoneId();
+  console.log(`[R53] Zone ID: ${zoneId}`);
+  if (action === 'enable') {
+    const txtVal = await getRecordTemplate();
+    console.log(`[WAB] TXT value: ${txtVal}`);
+    await client.send(new ChangeResourceRecordSetsCommand({
+      HostedZoneId: zoneId,
+      ChangeBatch: {
+        Comment: 'WAB DNS Discovery enable',
+        Changes: [{
+          Action: 'UPSERT',
+          ResourceRecordSet: {
+            Name: `_wab.${domain}`,
+            Type: 'TXT',
+            TTL:  3600,
+            ResourceRecords: [{ Value: txtVal }],
+          },
+        }],
+      },
+    }));
+    console.log('[R53] UPSERT applied');
+    console.log('[WAB] WAB Discovery ENABLED. Propagation may take up to 60 s.');
+  }
+  if (action === 'disable') {
+    const existing = await getCurrentRecord(zoneId);
+    if (!existing) {
+      console.log('[R53] No _wab TXT record found — already disabled.');
+      return;
+    }
+    await client.send(new ChangeResourceRecordSetsCommand({
+      HostedZoneId: zoneId,
+      ChangeBatch: {
+        Comment: 'WAB DNS Discovery disable',
+        Changes: [{ Action: 'DELETE', ResourceRecordSet: existing }],
+      },
+    }));
+    console.log('[R53] Record deleted');
+    console.log('[WAB] WAB Discovery DISABLED.');
+  }
+}
+main().catch(err => { console.error('[ERROR]', err.message); process.exit(1); });

package/examples/saas-dashboard/README.md CHANGED Viewed

@@ -1,55 +1,55 @@
-# SaaS Dashboard Example (Notion-style)
-A practical setup for internal dashboards where agents read KPIs and trigger safe workflows.
-## Embed
-```html
-<script src="https://webagentbridge.com/script/wab.min.js"></script>
-<script>
-window.WAB.init({
-  name: 'Acme SaaS Dashboard',
-  actions: {
-    getKpiCards: {
-      description: 'Return KPI card values from dashboard widgets',
-      run: function () {
-        var cards = Array.from(document.querySelectorAll('[data-kpi-card]')).map(function (card) {
-          return {
-            key: card.getAttribute('data-kpi-card'),
-            label: (card.querySelector('[data-kpi-label]') || {}).textContent || null,
-            value: (card.querySelector('[data-kpi-value]') || {}).textContent || null
-          };
-        });
-        return { success: true, cards: cards };
-      }
-    },
-    openCustomerById: {
-      description: 'Open customer panel using data-customer-id selector',
-      params: [{ name: 'customerId', type: 'string', required: true }],
-      run: function (params) {
-        var id = String(params.customerId || '').trim();
-        if (!id) return { success: false, error: 'customerId is required' };
-        var row = document.querySelector('[data-customer-id="' + CSS.escape(id) + '"]');
-        if (!row) return { success: false, error: 'Customer not found' };
-        row.click();
-        return { success: true, customerId: id };
-      }
-    },
-    triggerInvoiceReminder: {
-      description: 'Trigger existing invoice reminder button from dashboard row',
-      params: [{ name: 'invoiceId', type: 'string', required: true }],
-      run: function (params) {
-        var id = String(params.invoiceId || '').trim();
-        if (!id) return { success: false, error: 'invoiceId is required' };
-        var btn = document.querySelector('[data-invoice-id="' + CSS.escape(id) + '"] [data-action="send-reminder"]');
-        if (!btn) return { success: false, error: 'Reminder action not found for invoice' };
-        btn.click();
-        return { success: true, invoiceId: id };
-      }
-    }
-  }
-});
-</script>
-```
-The selectors use data attributes so actions stay stable across UI redesigns.
+# SaaS Dashboard Example (Notion-style)
+A practical setup for internal dashboards where agents read KPIs and trigger safe workflows.
+## Embed
+```html
+<script src="https://webagentbridge.com/script/wab.min.js"></script>
+<script>
+window.WAB.init({
+  name: 'Acme SaaS Dashboard',
+  actions: {
+    getKpiCards: {
+      description: 'Return KPI card values from dashboard widgets',
+      run: function () {
+        var cards = Array.from(document.querySelectorAll('[data-kpi-card]')).map(function (card) {
+          return {
+            key: card.getAttribute('data-kpi-card'),
+            label: (card.querySelector('[data-kpi-label]') || {}).textContent || null,
+            value: (card.querySelector('[data-kpi-value]') || {}).textContent || null
+          };
+        });
+        return { success: true, cards: cards };
+      }
+    },
+    openCustomerById: {
+      description: 'Open customer panel using data-customer-id selector',
+      params: [{ name: 'customerId', type: 'string', required: true }],
+      run: function (params) {
+        var id = String(params.customerId || '').trim();
+        if (!id) return { success: false, error: 'customerId is required' };
+        var row = document.querySelector('[data-customer-id="' + CSS.escape(id) + '"]');
+        if (!row) return { success: false, error: 'Customer not found' };
+        row.click();
+        return { success: true, customerId: id };
+      }
+    },
+    triggerInvoiceReminder: {
+      description: 'Trigger existing invoice reminder button from dashboard row',
+      params: [{ name: 'invoiceId', type: 'string', required: true }],
+      run: function (params) {
+        var id = String(params.invoiceId || '').trim();
+        if (!id) return { success: false, error: 'invoiceId is required' };
+        var btn = document.querySelector('[data-invoice-id="' + CSS.escape(id) + '"] [data-action="send-reminder"]');
+        if (!btn) return { success: false, error: 'Reminder action not found for invoice' };
+        btn.click();
+        return { success: true, invoiceId: id };
+      }
+    }
+  }
+});
+</script>
+```
+The selectors use data attributes so actions stay stable across UI redesigns.

package/examples/safe-mode-agent.js ADDED Viewed

@@ -0,0 +1,96 @@
+/**
+ * Demo3 — Safe Mode Agent
+ *
+ * Shows the difference between a domain that has WAB enabled (full trust,
+ * full execute) and one that doesn't (read-only / blocked).
+ *
+ *   node examples/safe-mode-agent.js wab-site.com untrusted-site.com
+ *
+ * Or pass --policy=strict|standard|permissive to change the gate.
+ */
+'use strict';
+const { WABSafeMode } = require('../sdk');
+const args = process.argv.slice(2);
+const flags = {};
+const domains = [];
+for (const a of args) {
+  if (a.startsWith('--')) {
+    const [k, v] = a.replace(/^--/, '').split('=');
+    flags[k] = v ?? true;
+  } else domains.push(a);
+}
+if (domains.length === 0) {
+  console.error('Usage: node examples/safe-mode-agent.js <domain1> [<domain2> ...] [--policy=standard]');
+  console.error('       [--api=https://your-wab.example.com]');
+  process.exit(2);
+}
+const safe = new WABSafeMode({
+  apiBase: flags.api || process.env.WAB_API_BASE || 'https://webagentbridge.com',
+  policy:  flags.policy || 'standard',
+});
+const COLOR = {
+  reset: '\x1b[0m', dim: '\x1b[2m', bold: '\x1b[1m',
+  green: '\x1b[32m', yellow: '\x1b[33m', red: '\x1b[31m', cyan: '\x1b[36m',
+};
+function color(c, s) { return process.stdout.isTTY ? `${COLOR[c]}${s}${COLOR.reset}` : s; }
+function levelColor(l) { return l >= 3 ? 'green' : l === 2 ? 'cyan' : l === 1 ? 'yellow' : 'red'; }
+async function checkOne(d) {
+  const t0 = Date.now();
+  const v = await safe.evaluate(d, { live: !!flags.live });
+  const elapsed = Date.now() - t0;
+  console.log('');
+  console.log(color('bold', `── ${v.domain} ──────────────────────────────`));
+  console.log(`Level    : ${color(levelColor(v.level), `L${v.level}`)} (${v.score_label} ${v.score})`);
+  console.log(`Verdict  : ${color(v.verdict === 'allow' ? 'green' : v.verdict === 'restrict' ? 'yellow' : 'red', v.verdict.toUpperCase())}`);
+  console.log(`Execute  : ${v.allow_execute ? color('green', '✓ allowed') : color('red', '✗ blocked')}`);
+  console.log(`Read     : ${v.allow_read    ? color('green', '✓ allowed') : color('red', '✗ blocked')}`);
+  console.log(`Reason   : ${v.reason}`);
+  if (v.reasons && v.reasons.length) {
+    for (const r of v.reasons) {
+      const sev = r.severity === 'deny' ? 'red' : r.severity === 'restrict' ? 'yellow' : 'dim';
+      console.log(color('dim', '         · ') + color(sev, `[${r.severity}] ${r.code}`) + ' ' + (r.message || ''));
+    }
+  }
+  console.log(color('dim', `         (policy=${v.policy}, ${elapsed}ms)`));
+  // Simulate the agent acting under Safe Mode
+  try {
+    if (v.allow_execute) {
+      await safe.guardExecute(v.domain, async () => {
+        console.log(color('green', `         → Agent: executing full action on ${v.domain}`));
+      });
+    } else if (v.allow_read) {
+      await safe.guardRead(v.domain, async () => {
+        console.log(color('yellow', `         → Agent: read-only mode on ${v.domain}`));
+      });
+    } else {
+      console.log(color('red', `         → Agent: refusing to interact with ${v.domain}`));
+    }
+  } catch (err) {
+    console.log(color('red', `         → ${err.message}`));
+  }
+}
+(async () => {
+  console.log(color('bold', `WAB Safe Mode demo — policy=${safe.policy} api=${safe.apiBase}`));
+  for (const d of domains) {
+    try { await checkOne(d); } catch (e) { console.error(`Error checking ${d}: ${e.message}`); }
+  }
+  console.log('');
+  // Pick the most trusted target if multiple were given
+  if (domains.length > 1) {
+    const best = await safe.pickBest(domains);
+    if (best) {
+      console.log(color('bold', `Recommended target: `) + color(levelColor(best.level), best.domain) +
+        color('dim', ` (L${best.level}, score ${best.score})`));
+    }
+  }
+})();