web-agent-bridge 3.3.0 → 3.4.0

package/server/migrations/008_plans.sql

@@ -0,0 +1,144 @@
+-- Migration 008: Plans Management
+-- Database-driven plans + feature catalog so admins can add/edit plans,
+-- toggle which features each plan includes, and have changes flow live to
+-- the landing page pricing section AND the Stripe checkout flow.
+--
+-- Backwards-compatible: legacy code paths that look up tiers by slug
+-- ('free' | 'starter' | 'pro' | 'enterprise') keep working — those slugs
+-- are seeded as plan ids below.
+--
+-- An older `plans` table (different schema: tier/price/etc.) may exist from
+-- a previous admin dashboard iteration. Its rows are pure default seeds with
+-- no FK references, so we drop it and recreate with the new schema.
+
+DROP TABLE IF EXISTS plans;
+
+CREATE TABLE plans (
+  id              TEXT PRIMARY KEY,            -- slug, lowercase, e.g. 'free' / 'pro' / 'business' / 'enterprise'
+  name            TEXT NOT NULL,
+  tagline         TEXT,
+  description     TEXT,
+  price_cents     INTEGER NOT NULL DEFAULT 0,
+  currency        TEXT NOT NULL DEFAULT 'EUR',
+  billing_period  TEXT NOT NULL DEFAULT 'month'
+                  CHECK(billing_period IN ('month','year','one_time','custom')),
+  stripe_price_id TEXT,
+  cta_type        TEXT NOT NULL DEFAULT 'checkout'
+                  CHECK(cta_type IN ('checkout','register','contact','external')),
+  cta_label       TEXT,
+  cta_url         TEXT,
+  highlight       INTEGER NOT NULL DEFAULT 0,
+  is_public       INTEGER NOT NULL DEFAULT 1,
+  is_archived     INTEGER NOT NULL DEFAULT 0,
+  sort_order      INTEGER NOT NULL DEFAULT 100,
+  features_json   TEXT NOT NULL DEFAULT '{}',
+  limits_json     TEXT NOT NULL DEFAULT '{}',
+  created_at      DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updated_at      DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE INDEX IF NOT EXISTS idx_plans_public_archived ON plans(is_public, is_archived, sort_order);
+
+CREATE TABLE IF NOT EXISTS feature_catalog (
+  feature_key     TEXT PRIMARY KEY,
+  label           TEXT NOT NULL,
+  description     TEXT,
+  category        TEXT NOT NULL DEFAULT 'general',
+  is_open_source  INTEGER NOT NULL DEFAULT 0,
+  sort_order      INTEGER NOT NULL DEFAULT 100,
+  created_at      DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+-- Feature catalog (open-source / always-free first, then paid features)
+INSERT OR IGNORE INTO feature_catalog (feature_key, label, description, category, is_open_source, sort_order) VALUES
+  -- Always-free / open core
+  ('protocol',              'WAP Protocol Core',           'Open Web Agent Protocol — schema, discovery, permissions',  'core',          1, 10),
+  ('sdk',                   'SDK & Client Runtime',        'JavaScript SDK and client integrations',                    'core',          1, 20),
+  ('browserExecution',      'Browser Execution Layer',     'Basic browser automation primitives',                       'core',          1, 30),
+  ('adapters',              'MCP / REST / Browser Adapters','Adapters for MCP, REST APIs, and browser back-ends',       'core',          1, 40),
+  ('registryRead',          'Public Registry (read-only)', 'Browse commands, sites and templates',                      'core',          1, 50),
+  ('agentRegistration',     'Agent Registration',          'Register agents and obtain credentials',                    'core',          1, 60),
+  ('basicAuth',             'Basic Authentication',        'API keys and basic auth flows',                             'core',          1, 70),
+  ('discovery',             'DNS / .well-known Discovery', 'Service discovery via DNS TXT and /.well-known/',           'core',          1, 80),
+  ('capabilityNegotiation', 'Capability Negotiation',      'Capability handshake between agent and site',               'core',          1, 90),
+  ('semanticActions',       'Semantic Actions',            'Built-in semantic actions catalog',                         'core',          1,100),
+  ('communityTemplates',    'Community Templates',         'Public template library',                                   'core',          1,110),
+
+  -- Workspace / orchestration
+  ('workspace',             'Control Plane / Workspace',   'Web dashboard, monitoring and agent management',            'workspace',     0,200),
+  ('advancedOrchestration', 'Advanced Orchestration',      'Scheduling, retries, pipelines, distributed execution',     'workspace',     0,210),
+  ('observability',         'Observability',               'Tracing, metrics, logs and performance insights',           'workspace',     0,220),
+  ('failureAnalysis',       'Failure Analysis',            'Debugging tools and root-cause reports',                    'workspace',     0,230),
+  ('replayEngine',          'Replay Engine',               'Record and replay agent runs',                              'workspace',     0,240),
+  ('advancedAnalytics',     'Advanced Analytics',          'Detailed analytics dashboards and exports',                 'workspace',     0,250),
+  ('dataExtraction',        'Data Extraction',             'Structured data extraction and export',                     'workspace',     0,260),
+  ('agentMemory',           'Agent Memory Engine',         'Persistent context and long-term memory for agents',        'workspace',     0,270),
+  ('llmInference',          'LLM Inference',               'Built-in LLM inference via the platform',                   'workspace',     0,280),
+
+  -- Premium / business
+  ('hostedRuntime',         'Hosted Runtime (Cloud Exec)', 'Auto-scaling hosted execution environment',                 'premium',       0,300),
+  ('marketplace',           'Marketplace (Publish & Sell)','Publish agents and templates on the marketplace',           'premium',       0,310),
+  ('certification',         'Agent Certification',         'Verified agent identity badge',                             'premium',       0,320),
+  ('trafficIntelligence',   'Traffic Intelligence',        'Agent profiling, anomaly detection and reporting',          'premium',       0,330),
+  ('exploitShield',         'Exploit Shield',              'Block malicious agents at the edge',                        'premium',       0,340),
+  ('visionAnalysis',        'Vision Analysis',             'Visual page inspection (computer-vision pipeline)',         'premium',       0,350),
+  ('swarmExecution',        'Swarm / Multi-Agent',         'Coordinated multi-agent (swarm) execution',                 'premium',       0,360),
+  ('auditLog',              'Audit Logs',                  'Tamper-evident HMAC-chained audit history',                 'premium',       0,370),
+  ('customDomain',          'Custom Domain / White-label', 'Serve the workspace on your own domain',                    'premium',       0,380),
+  ('governanceLayer',       'Agent Governance Layer',      'Policies, approvals, kill switch and spend limits',         'premium',       0,390),
+
+  -- Enterprise
+  ('enterpriseSecurity',    'Enterprise Security',         'Request signing, IP allowlists, SSO/SAML',                  'enterprise',    0,400),
+  ('prioritySupport',       'Priority Support',            'Dedicated SLA-backed support channel',                      'enterprise',    0,410),
+  ('sla',                   'Uptime SLA',                  'Contractual uptime SLA',                                    'enterprise',    0,420),
+  ('customDevelopment',     'Custom Development',          'Bespoke engineering and integrations',                      'enterprise',    0,430),
+  ('dedicatedInfra',        'Dedicated Infrastructure',    'Isolated single-tenant deployment',                         'enterprise',    0,440);
+
+-- Seed the four canonical plans (admin can edit/add later).
+-- features_json keys MUST match feature_catalog.feature_key.
+INSERT OR IGNORE INTO plans
+  (id, name, tagline, description, price_cents, currency, billing_period, cta_type, cta_label, cta_url, highlight, sort_order, features_json, limits_json)
+VALUES
+  ('free',
+   'Free',
+   'Open-source core, forever free',
+   'WAP protocol, SDK, discovery and the entire open-source surface — for developers and integrators.',
+   0, 'EUR', 'month',
+   'register', 'Get started for free', '/register',
+   0, 10,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true}',
+   '{"agents":3,"tasksPerDay":50,"executionsPerDay":100,"sessions":5,"maxConcurrency":2,"replayRecordings":10,"computeMinutesPerDay":10,"storageMB":50,"webhooks":1,"customAgents":1,"apiCallsPerMinute":20}'
+  ),
+
+  ('pro',
+   'Pro',
+   'For developers shipping production agents',
+   'Everything in Free plus the workspace, observability, replay engine, advanced orchestration and analytics.',
+   1000, 'EUR', 'month',
+   'checkout', 'Start Pro', NULL,
+   1, 20,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true,"workspace":true,"advancedOrchestration":true,"observability":true,"failureAnalysis":true,"replayEngine":true,"advancedAnalytics":true,"dataExtraction":true,"agentMemory":true,"llmInference":true}',
+   '{"agents":25,"tasksPerDay":2000,"executionsPerDay":5000,"sessions":50,"maxConcurrency":10,"replayRecordings":500,"computeMinutesPerDay":180,"storageMB":2000,"webhooks":10,"customAgents":10,"apiCallsPerMinute":120}'
+  ),
+
+  ('business',
+   'Business',
+   'All paid features, ready for scale',
+   'Everything in Pro plus hosted runtime, marketplace, vision, swarm, traffic intelligence, exploit shield, audit logs, custom domain and governance.',
+   2900, 'EUR', 'month',
+   'checkout', 'Start Business', NULL,
+   0, 30,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true,"workspace":true,"advancedOrchestration":true,"observability":true,"failureAnalysis":true,"replayEngine":true,"advancedAnalytics":true,"dataExtraction":true,"agentMemory":true,"llmInference":true,"hostedRuntime":true,"marketplace":true,"certification":true,"trafficIntelligence":true,"exploitShield":true,"visionAnalysis":true,"swarmExecution":true,"auditLog":true,"customDomain":true,"governanceLayer":true}',
+   '{"agents":100,"tasksPerDay":20000,"executionsPerDay":50000,"sessions":250,"maxConcurrency":40,"replayRecordings":5000,"computeMinutesPerDay":600,"storageMB":10000,"webhooks":50,"customAgents":50,"apiCallsPerMinute":300}'
+  ),
+
+  ('enterprise',
+   'Enterprise',
+   'Custom-built for organisations',
+   'Everything in Business plus enterprise security, dedicated infrastructure, custom development, priority support and a contractual uptime SLA. Pricing is tailored to your scope.',
+   0, 'EUR', 'custom',
+   'contact', 'Contact sales', 'mailto:sales@webagentbridge.com',
+   0, 40,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true,"workspace":true,"advancedOrchestration":true,"observability":true,"failureAnalysis":true,"replayEngine":true,"advancedAnalytics":true,"dataExtraction":true,"agentMemory":true,"llmInference":true,"hostedRuntime":true,"marketplace":true,"certification":true,"trafficIntelligence":true,"exploitShield":true,"visionAnalysis":true,"swarmExecution":true,"auditLog":true,"customDomain":true,"governanceLayer":true,"enterpriseSecurity":true,"prioritySupport":true,"sla":true,"customDevelopment":true,"dedicatedInfra":true}',
+   '{"agents":-1,"tasksPerDay":-1,"executionsPerDay":-1,"sessions":-1,"maxConcurrency":-1,"replayRecordings":-1,"computeMinutesPerDay":-1,"storageMB":-1,"webhooks":-1,"customAgents":-1,"apiCallsPerMinute":-1}'
+  );

package/server/migrations/009_shieldqr.sql

@@ -0,0 +1,30 @@
+-- Migration 009: WAB ShieldQR scan history + reports
+CREATE TABLE IF NOT EXISTS shieldqr_scans (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  url           TEXT NOT NULL,
+  host          TEXT,
+  level         TEXT NOT NULL CHECK(level IN ('green','yellow','red')),
+  score         INTEGER NOT NULL DEFAULT 0,
+  signals_json  TEXT NOT NULL DEFAULT '[]',
+  trust_ok      INTEGER NOT NULL DEFAULT 0,
+  ssl_ok        INTEGER NOT NULL DEFAULT 0,
+  user_id       TEXT,
+  ip            TEXT,
+  user_agent    TEXT,
+  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_shieldqr_scans_host_created ON shieldqr_scans(host, created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_shieldqr_scans_level_created ON shieldqr_scans(level, created_at DESC);
+
+CREATE TABLE IF NOT EXISTS shieldqr_reports (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  scan_id       INTEGER REFERENCES shieldqr_scans(id) ON DELETE SET NULL,
+  url           TEXT NOT NULL,
+  reason        TEXT,
+  reporter_id   TEXT,
+  reporter_ip   TEXT,
+  status        TEXT NOT NULL DEFAULT 'open' CHECK(status IN ('open','reviewing','resolved','rejected')),
+  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP,
+  resolved_at   DATETIME
+);
+CREATE INDEX IF NOT EXISTS idx_shieldqr_reports_status ON shieldqr_reports(status, created_at DESC);

package/server/migrations/010_extended_trust.sql

@@ -0,0 +1,33 @@
+-- Migration 010: WAB Extended Trust — Certificate Companion & SSL Health Monitoring
+-- Per-domain SSL certificate history (Certificate Transparency log) +
+-- live SSL monitoring state for the trust dashboard.
+
+CREATE TABLE IF NOT EXISTS cert_history (
+  id                INTEGER PRIMARY KEY AUTOINCREMENT,
+  host              TEXT NOT NULL,
+  fingerprint_sha256 TEXT NOT NULL,
+  issuer            TEXT,
+  subject           TEXT,
+  serial            TEXT,
+  valid_from        TEXT,
+  valid_to          TEXT,
+  observed_at       DATETIME DEFAULT CURRENT_TIMESTAMP,
+  source            TEXT DEFAULT 'monitor'  -- 'monitor' | 'shieldqr' | 'sign'
+);
+CREATE INDEX IF NOT EXISTS idx_cert_history_host_observed ON cert_history(host, observed_at DESC);
+CREATE UNIQUE INDEX IF NOT EXISTS idx_cert_history_host_fp ON cert_history(host, fingerprint_sha256);
+
+CREATE TABLE IF NOT EXISTS ssl_monitor (
+  host              TEXT PRIMARY KEY,
+  fingerprint_sha256 TEXT,
+  issuer            TEXT,
+  valid_to          TEXT,
+  days_until_expiry INTEGER,
+  status            TEXT,                  -- 'active' | 'expiring' | 'expired' | 'error'
+  error             TEXT,
+  last_checked_at   DATETIME,
+  last_alert_at     DATETIME,
+  enabled           INTEGER NOT NULL DEFAULT 1,
+  owner_user_id     TEXT
+);
+CREATE INDEX IF NOT EXISTS idx_ssl_monitor_status ON ssl_monitor(status, valid_to);

package/server/models/adapters/mysql.js

@@ -10,7 +10,7 @@
 
 const mysql = require('mysql2/promise');
 const bcrypt = require('bcryptjs');
-const { v4: uuidv4 } = require('uuid');
+const { randomUUID: uuidv4 } = require('crypto');
 
 const pool = mysql.createPool(process.env.DATABASE_URL);
 

package/server/models/adapters/postgresql.js

@@ -10,7 +10,7 @@
 
 const { Pool } = require('pg');
 const bcrypt = require('bcryptjs');
-const { v4: uuidv4 } = require('uuid');
+const { randomUUID: uuidv4 } = require('crypto');
 
 const pool = new Pool({ connectionString: process.env.DATABASE_URL });
 

package/server/models/db.js

@@ -3,7 +3,7 @@ const path = require('path');
 const fs = require('fs');
 const crypto = require('crypto');
 const bcrypt = require('bcryptjs');
-const { v4: uuidv4 } = require('uuid');
+const { randomUUID: uuidv4 } = require('crypto');
 const { encryptOptional, decryptOptional } = require('../utils/secureFields');
 
 const isTest = process.env.NODE_ENV === 'test';
@@ -205,6 +205,65 @@ db.exec(`
   CREATE INDEX IF NOT EXISTS idx_wab_ads_status ON wab_ads(status);
   CREATE INDEX IF NOT EXISTS idx_ad_events_ad ON ad_events(ad_id);
   CREATE INDEX IF NOT EXISTS idx_ad_events_created ON ad_events(created_at);
+
+  -- ─── DNS Provider Account System (v1.3) ────────────────────────────
+  -- Stores user-supplied credentials (encrypted at rest) for managed
+  -- one-click WAB DNS Discovery enable/disable across DNS providers
+  -- and registrars. Credentials never leave the server unencrypted.
+  CREATE TABLE IF NOT EXISTS provider_accounts (
+    id TEXT PRIMARY KEY,
+    user_id TEXT NOT NULL,
+    provider_type TEXT NOT NULL CHECK(provider_type IN (
+      'cloudflare','route53','azure','gcp','cpanel','plesk','godaddy','namecheap'
+    )),
+    label TEXT NOT NULL,
+    credentials TEXT NOT NULL,
+    config TEXT DEFAULT '{}',
+    status TEXT DEFAULT 'pending' CHECK(status IN ('pending','active','error','disabled')),
+    last_test_at TEXT,
+    last_test_ok INTEGER DEFAULT 0,
+    last_test_error TEXT,
+    last_sync_at TEXT,
+    domains_count INTEGER DEFAULT 0,
+    created_at TEXT DEFAULT (datetime('now')),
+    updated_at TEXT,
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+  );
+  CREATE INDEX IF NOT EXISTS idx_provider_accounts_user ON provider_accounts(user_id);
+  CREATE INDEX IF NOT EXISTS idx_provider_accounts_type ON provider_accounts(provider_type);
+
+  CREATE TABLE IF NOT EXISTS provider_domains (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    account_id TEXT NOT NULL,
+    domain TEXT NOT NULL,
+    zone_id TEXT,
+    wab_enabled INTEGER DEFAULT 0,
+    wab_record_value TEXT,
+    last_action TEXT,
+    last_action_at TEXT,
+    last_action_status TEXT,
+    last_action_error TEXT,
+    created_at TEXT DEFAULT (datetime('now')),
+    updated_at TEXT,
+    FOREIGN KEY (account_id) REFERENCES provider_accounts(id) ON DELETE CASCADE,
+    UNIQUE(account_id, domain)
+  );
+  CREATE INDEX IF NOT EXISTS idx_provider_domains_account ON provider_domains(account_id);
+  CREATE INDEX IF NOT EXISTS idx_provider_domains_domain ON provider_domains(domain);
+
+  CREATE TABLE IF NOT EXISTS provider_action_log (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    account_id TEXT NOT NULL,
+    domain TEXT,
+    action TEXT NOT NULL,
+    status TEXT NOT NULL,
+    duration_ms INTEGER,
+    detail TEXT,
+    created_at TEXT DEFAULT (datetime('now')),
+    FOREIGN KEY (account_id) REFERENCES provider_accounts(id) ON DELETE CASCADE
+  );
+  CREATE INDEX IF NOT EXISTS idx_provider_action_log_account_time
+    ON provider_action_log(account_id, created_at DESC);
 `);
 
 function generateLicenseKey() {

package/server/routes/admin-plans.js

@@ -0,0 +1,76 @@
+/**
+ * Admin Plans API — full CRUD over the plans/feature-catalog tables.
+ * Mounted under /api/admin/plans (auth handled in server/index.js wiring).
+ */
+'use strict';
+
+const express = require('express');
+const router = express.Router();
+const { authenticateAdmin } = require('../middleware/adminAuth');
+const { auditLog } = require('../services/security');
+const plans = require('../services/plans');
+
+router.use(authenticateAdmin);
+
+router.get('/', (req, res) => {
+  res.json({
+    plans: plans.listPlans({ includeArchived: true }),
+    features: plans.listFeatures(),
+  });
+});
+
+router.get('/:id', (req, res) => {
+  const p = plans.getPlan(req.params.id);
+  if (!p) return res.status(404).json({ error: 'plan not found' });
+  res.json({ plan: p });
+});
+
+router.post('/', (req, res) => {
+  try {
+    const created = plans.createPlan(req.body || {});
+    auditLog({ actorType: 'admin', actorId: String(req.admin.id), action: 'plan_create',
+      details: { id: created.id }, ip: req.ip });
+    res.status(201).json({ plan: created });
+  } catch (err) {
+    res.status(400).json({ error: err.message });
+  }
+});
+
+router.put('/:id', (req, res) => {
+  try {
+    const updated = plans.updatePlan(req.params.id, req.body || {});
+    auditLog({ actorType: 'admin', actorId: String(req.admin.id), action: 'plan_update',
+      details: { id: req.params.id, fields: Object.keys(req.body || {}) }, ip: req.ip });
+    res.json({ plan: updated });
+  } catch (err) {
+    const status = /not found/i.test(err.message) ? 404 : 400;
+    res.status(status).json({ error: err.message });
+  }
+});
+
+router.put('/:id/features/:feature', (req, res) => {
+  try {
+    const included = req.body && req.body.included !== undefined ? !!req.body.included : true;
+    const updated = plans.setPlanFeature(req.params.id, req.params.feature, included);
+    auditLog({ actorType: 'admin', actorId: String(req.admin.id), action: 'plan_feature_toggle',
+      details: { id: req.params.id, feature: req.params.feature, included }, ip: req.ip });
+    res.json({ plan: updated });
+  } catch (err) {
+    const status = /not found/i.test(err.message) ? 404 : 400;
+    res.status(status).json({ error: err.message });
+  }
+});
+
+router.delete('/:id', (req, res) => {
+  try {
+    const archived = plans.deletePlan(req.params.id);
+    auditLog({ actorType: 'admin', actorId: String(req.admin.id), action: 'plan_archive',
+      details: { id: req.params.id }, ip: req.ip, severity: 'warning' });
+    res.json({ plan: archived });
+  } catch (err) {
+    const status = /not found/i.test(err.message) ? 404 : 400;
+    res.status(status).json({ error: err.message });
+  }
+});
+
+module.exports = router;

package/server/routes/admin-premium.js

@@ -472,9 +472,11 @@ router.delete('/plugins/:pluginId', (req, res) => {
 // ═══════════════════════════════════════════════════════════════════════
 
 function getTierPrices() {
-  const plans = db.prepare('SELECT tier, price FROM plans').all();
   const prices = { free: 0, starter: 900, pro: 2900, enterprise: 9900 };
-  for (const p of plans) prices[p.tier] = p.price;
+  try {
+    const plans = db.prepare(`SELECT id AS tier, price_cents AS price FROM plans WHERE is_archived = 0`).all();
+    for (const p of plans) prices[p.tier] = p.price;
+  } catch (_) { /* fall back to defaults */ }
   return prices;
 }
 const TIER_PRICES = new Proxy({}, { get: function(_, tier) { return getTierPrices()[tier] || 0; } });

package/server/routes/admin-shieldqr.js

@@ -0,0 +1,90 @@
+/**
+ * Admin ShieldQR — moderate user-submitted reports + browse recent scans.
+ *   GET  /api/admin/shieldqr/reports?status=open
+ *   PUT  /api/admin/shieldqr/reports/:id   { status }
+ *   GET  /api/admin/shieldqr/scans?host=&level=&limit=
+ *   GET  /api/admin/shieldqr/stats
+ */
+'use strict';
+
+const express = require('express');
+const Database = require('better-sqlite3');
+const path = require('path');
+const { authenticateAdmin } = require('../middleware/adminAuth');
+const { auditLog } = require('../services/security');
+
+const router = express.Router();
+router.use(authenticateAdmin);
+
+const DATA_DIR = process.env.NODE_ENV === 'test'
+  ? path.join(__dirname, '..', '..', 'data-test')
+  : (process.env.DATA_DIR || path.join(__dirname, '..', '..', 'data'));
+const DB_FILE = process.env.NODE_ENV === 'test' ? 'wab-test.db' : 'wab.db';
+
+let _db = null;
+function db() {
+  if (!_db) { _db = new Database(path.join(DATA_DIR, DB_FILE)); }
+  return _db;
+}
+
+const VALID_STATUSES = new Set(['open', 'reviewing', 'resolved', 'rejected']);
+const VALID_LEVELS = new Set(['green', 'yellow', 'red']);
+
+router.get('/reports', (req, res) => {
+  const status = req.query.status && VALID_STATUSES.has(req.query.status) ? req.query.status : null;
+  const limit = Math.min(parseInt(req.query.limit, 10) || 100, 500);
+  const sql = status
+    ? `SELECT r.*, s.level, s.score, s.host
+         FROM shieldqr_reports r
+         LEFT JOIN shieldqr_scans s ON s.id = r.scan_id
+        WHERE r.status = ? ORDER BY r.created_at DESC LIMIT ?`
+    : `SELECT r.*, s.level, s.score, s.host
+         FROM shieldqr_reports r
+         LEFT JOIN shieldqr_scans s ON s.id = r.scan_id
+        ORDER BY r.created_at DESC LIMIT ?`;
+  const rows = status ? db().prepare(sql).all(status, limit) : db().prepare(sql).all(limit);
+  res.json({ reports: rows, count: rows.length });
+});
+
+router.put('/reports/:id', (req, res) => {
+  const id = parseInt(req.params.id, 10);
+  const status = req.body && req.body.status;
+  if (!Number.isFinite(id) || !VALID_STATUSES.has(status)) {
+    return res.status(400).json({ error: 'invalid id or status' });
+  }
+  const info = db().prepare('UPDATE shieldqr_reports SET status = ? WHERE id = ?').run(status, id);
+  if (info.changes === 0) { return res.status(404).json({ error: 'report not found' }); }
+  auditLog({
+    actorType: 'admin', actorId: String(req.admin.id),
+    action: 'shieldqr_report_update',
+    details: { id, status }, ip: req.ip,
+  });
+  res.json({ ok: true, id, status });
+});
+
+router.get('/scans', (req, res) => {
+  const limit = Math.min(parseInt(req.query.limit, 10) || 100, 500);
+  const where = []; const params = [];
+  if (req.query.host) { where.push('host = ?'); params.push(String(req.query.host).toLowerCase()); }
+  if (req.query.level && VALID_LEVELS.has(req.query.level)) {
+    where.push('level = ?'); params.push(req.query.level);
+  }
+  const sql = `SELECT id, url, host, level, score, trust_ok, ssl_ok, created_at
+                 FROM shieldqr_scans
+                 ${where.length ? 'WHERE ' + where.join(' AND ') : ''}
+                 ORDER BY created_at DESC LIMIT ?`;
+  const rows = db().prepare(sql).all(...params, limit);
+  res.json({ scans: rows, count: rows.length });
+});
+
+router.get('/stats', (req, res) => {
+  const totalScans = db().prepare('SELECT COUNT(*) AS n FROM shieldqr_scans').get().n;
+  const byLevel = db().prepare('SELECT level, COUNT(*) AS n FROM shieldqr_scans GROUP BY level').all();
+  const reportsByStatus = db().prepare('SELECT status, COUNT(*) AS n FROM shieldqr_reports GROUP BY status').all();
+  const recent24h = db().prepare(
+    "SELECT COUNT(*) AS n FROM shieldqr_scans WHERE created_at >= datetime('now','-1 day')"
+  ).get().n;
+  res.json({ totalScans, recent24h, byLevel, reportsByStatus });
+});
+
+module.exports = router;

package/server/routes/admin-trust-monitor.js

@@ -0,0 +1,83 @@
+/**
+ * Admin Trust Monitor — SSL health + cert history (Extended Trust Layer).
+ *   GET  /api/admin/trust-monitor/sites      — list ssl_monitor rows
+ *   POST /api/admin/trust-monitor/check      { host } — re-check one host
+ *   POST /api/admin/trust-monitor/sweep      — re-check every site
+ *   GET  /api/admin/trust-monitor/history    ?host= — cert_history rows
+ *   GET  /api/admin/trust-monitor/stats
+ */
+'use strict';
+
+const express = require('express');
+const Database = require('better-sqlite3');
+const path = require('path');
+const { authenticateAdmin } = require('../middleware/adminAuth');
+const { auditLog } = require('../services/security');
+const monitor = require('../services/ssl-monitor');
+
+const router = express.Router();
+router.use(authenticateAdmin);
+
+const DATA_DIR = process.env.NODE_ENV === 'test'
+  ? path.join(__dirname, '..', '..', 'data-test')
+  : (process.env.DATA_DIR || path.join(__dirname, '..', '..', 'data'));
+const DB_FILE = process.env.NODE_ENV === 'test' ? 'wab-test.db' : 'wab.db';
+
+let _db = null;
+function db() { if (!_db) { _db = new Database(path.join(DATA_DIR, DB_FILE)); } return _db; }
+
+router.get('/sites', (req, res) => {
+  const rows = db().prepare(`
+    SELECT host, fingerprint_sha256, issuer, valid_to, days_until_expiry,
+           status, error, last_checked_at, last_alert_at
+      FROM ssl_monitor ORDER BY
+      CASE status WHEN 'expired' THEN 0 WHEN 'error' THEN 1 WHEN 'expiring' THEN 2 ELSE 3 END,
+      days_until_expiry ASC
+  `).all();
+  res.json({ sites: rows, count: rows.length });
+});
+
+router.post('/check', async (req, res) => {
+  const host = (req.body && req.body.host || '').trim().toLowerCase();
+  if (!host) return res.status(400).json({ error: 'host required' });
+  try {
+    const r = await monitor.checkHost(host, { source: 'admin' });
+    auditLog({ actorType: 'admin', actorId: String(req.admin.id),
+      action: 'trust_check', details: { host, status: r.status }, ip: req.ip });
+    res.json(r);
+  } catch (e) { res.status(500).json({ error: e.message }); }
+});
+
+router.post('/sweep', async (req, res) => {
+  try {
+    const rs = await monitor.runSweep();
+    auditLog({ actorType: 'admin', actorId: String(req.admin.id),
+      action: 'trust_sweep', details: { count: rs.length }, ip: req.ip });
+    res.json({ count: rs.length, results: rs });
+  } catch (e) { res.status(500).json({ error: e.message }); }
+});
+
+router.get('/history', (req, res) => {
+  const host = (req.query.host || '').toLowerCase();
+  const limit = Math.min(parseInt(req.query.limit, 10) || 100, 500);
+  const sql = host
+    ? `SELECT * FROM cert_history WHERE host = ? ORDER BY observed_at DESC LIMIT ?`
+    : `SELECT * FROM cert_history ORDER BY observed_at DESC LIMIT ?`;
+  const rows = host ? db().prepare(sql).all(host, limit) : db().prepare(sql).all(limit);
+  res.json({ history: rows, count: rows.length });
+});
+
+router.get('/stats', (req, res) => {
+  const total = db().prepare('SELECT COUNT(*) AS n FROM ssl_monitor').get().n;
+  const byStatus = db().prepare('SELECT status, COUNT(*) AS n FROM ssl_monitor GROUP BY status').all();
+  const expiringSoon = db().prepare(
+    "SELECT COUNT(*) AS n FROM ssl_monitor WHERE status = 'expiring'"
+  ).get().n;
+  const expired = db().prepare(
+    "SELECT COUNT(*) AS n FROM ssl_monitor WHERE status = 'expired'"
+  ).get().n;
+  const certHistory = db().prepare('SELECT COUNT(*) AS n FROM cert_history').get().n;
+  res.json({ total, byStatus, expiringSoon, expired, certHistory });
+});
+
+module.exports = router;