web-agent-bridge 3.3.0 → 3.4.0

package/examples/safe-mode-agent.js

@@ -0,0 +1,96 @@
+/**
+ * Demo3 — Safe Mode Agent
+ *
+ * Shows the difference between a domain that has WAB enabled (full trust,
+ * full execute) and one that doesn't (read-only / blocked).
+ *
+ *   node examples/safe-mode-agent.js wab-site.com untrusted-site.com
+ *
+ * Or pass --policy=strict|standard|permissive to change the gate.
+ */
+
+'use strict';
+
+const { WABSafeMode } = require('../sdk');
+
+const args = process.argv.slice(2);
+const flags = {};
+const domains = [];
+for (const a of args) {
+  if (a.startsWith('--')) {
+    const [k, v] = a.replace(/^--/, '').split('=');
+    flags[k] = v ?? true;
+  } else domains.push(a);
+}
+if (domains.length === 0) {
+  console.error('Usage: node examples/safe-mode-agent.js <domain1> [<domain2> ...] [--policy=standard]');
+  console.error('       [--api=https://your-wab.example.com]');
+  process.exit(2);
+}
+
+const safe = new WABSafeMode({
+  apiBase: flags.api || process.env.WAB_API_BASE || 'https://webagentbridge.com',
+  policy:  flags.policy || 'standard',
+});
+
+const COLOR = {
+  reset: '\x1b[0m', dim: '\x1b[2m', bold: '\x1b[1m',
+  green: '\x1b[32m', yellow: '\x1b[33m', red: '\x1b[31m', cyan: '\x1b[36m',
+};
+function color(c, s) { return process.stdout.isTTY ? `${COLOR[c]}${s}${COLOR.reset}` : s; }
+function levelColor(l) { return l >= 3 ? 'green' : l === 2 ? 'cyan' : l === 1 ? 'yellow' : 'red'; }
+
+async function checkOne(d) {
+  const t0 = Date.now();
+  const v = await safe.evaluate(d, { live: !!flags.live });
+  const elapsed = Date.now() - t0;
+
+  console.log('');
+  console.log(color('bold', `── ${v.domain} ──────────────────────────────`));
+  console.log(`Level    : ${color(levelColor(v.level), `L${v.level}`)} (${v.score_label} ${v.score})`);
+  console.log(`Verdict  : ${color(v.verdict === 'allow' ? 'green' : v.verdict === 'restrict' ? 'yellow' : 'red', v.verdict.toUpperCase())}`);
+  console.log(`Execute  : ${v.allow_execute ? color('green', '✓ allowed') : color('red', '✗ blocked')}`);
+  console.log(`Read     : ${v.allow_read    ? color('green', '✓ allowed') : color('red', '✗ blocked')}`);
+  console.log(`Reason   : ${v.reason}`);
+  if (v.reasons && v.reasons.length) {
+    for (const r of v.reasons) {
+      const sev = r.severity === 'deny' ? 'red' : r.severity === 'restrict' ? 'yellow' : 'dim';
+      console.log(color('dim', '         · ') + color(sev, `[${r.severity}] ${r.code}`) + ' ' + (r.message || ''));
+    }
+  }
+  console.log(color('dim', `         (policy=${v.policy}, ${elapsed}ms)`));
+
+  // Simulate the agent acting under Safe Mode
+  try {
+    if (v.allow_execute) {
+      await safe.guardExecute(v.domain, async () => {
+        console.log(color('green', `         → Agent: executing full action on ${v.domain}`));
+      });
+    } else if (v.allow_read) {
+      await safe.guardRead(v.domain, async () => {
+        console.log(color('yellow', `         → Agent: read-only mode on ${v.domain}`));
+      });
+    } else {
+      console.log(color('red', `         → Agent: refusing to interact with ${v.domain}`));
+    }
+  } catch (err) {
+    console.log(color('red', `         → ${err.message}`));
+  }
+}
+
+(async () => {
+  console.log(color('bold', `WAB Safe Mode demo — policy=${safe.policy} api=${safe.apiBase}`));
+  for (const d of domains) {
+    try { await checkOne(d); } catch (e) { console.error(`Error checking ${d}: ${e.message}`); }
+  }
+  console.log('');
+
+  // Pick the most trusted target if multiple were given
+  if (domains.length > 1) {
+    const best = await safe.pickBest(domains);
+    if (best) {
+      console.log(color('bold', `Recommended target: `) + color(levelColor(best.level), best.domain) +
+        color('dim', ` (L${best.level}, score ${best.score})`));
+    }
+  }
+})();

package/examples/wab-sign.js

@@ -0,0 +1,74 @@
+#!/usr/bin/env node
+/**
+ * wab-sign — generate Ed25519 keys and sign WAB discovery manifests.
+ *
+ * Usage:
+ *   wab-sign keygen                            # print a new keypair (save private offline)
+ *   wab-sign sign  manifest.json key.priv      # sign a manifest, write manifest.signed.json
+ *   wab-sign txt   <pubkey-b64> <endpoint>     # print the matching _wab TXT line
+ *
+ * Examples:
+ *   $ node wab-sign.js keygen > keys.json
+ *   $ jq -r .private_key keys.json > key.priv
+ *   $ node wab-sign.js sign wab.json key.priv
+ *
+ *   $ node wab-sign.js txt <(jq -r .public_key keys.json) https://example.com/.well-known/wab.json
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const { generateKeyPair, signManifest, fingerprint } = require(
+  // try the bundled service first; fall back to a local copy if invoked from a downloads/ extract
+  fs.existsSync(path.join(__dirname, '..', 'server', 'services', 'wab-crypto.js'))
+    ? path.join(__dirname, '..', 'server', 'services', 'wab-crypto.js')
+    : './wab-crypto'
+);
+
+const [,, cmd, a1, a2] = process.argv;
+
+function usage() {
+  console.error('Usage:');
+  console.error('  wab-sign keygen');
+  console.error('  wab-sign sign <manifest.json> <key.priv>');
+  console.error('  wab-sign txt  <public-key-b64>  <endpoint-url>');
+  process.exit(1);
+}
+
+if (!cmd) usage();
+
+if (cmd === 'keygen') {
+  const kp = generateKeyPair();
+  process.stdout.write(JSON.stringify(kp, null, 2) + '\n');
+  process.stderr.write('\n[!] private_key is shown ONLY here. Save it offline immediately.\n');
+  process.stderr.write('[!] Publish public_key in your _wab DNS TXT as: pk=ed25519:' + kp.public_key + '\n');
+  process.exit(0);
+}
+
+if (cmd === 'sign') {
+  if (!a1 || !a2) usage();
+  const manifest = JSON.parse(fs.readFileSync(a1, 'utf8'));
+  const priv = fs.readFileSync(a2, 'utf8').trim();
+  const signed = signManifest(manifest, priv);
+  const out = a1.replace(/\.json$/, '') + '.signed.json';
+  fs.writeFileSync(out, JSON.stringify(signed, null, 2) + '\n');
+  console.log(`[OK] Signed manifest written: ${out}`);
+  console.log(`[OK] Signature key_id: ${signed.signature.key_id}`);
+  console.log(`[OK] Upload ${out} to https://${manifest.domain || '<your-domain>'}/.well-known/wab.json`);
+  process.exit(0);
+}
+
+if (cmd === 'txt') {
+  if (!a1 || !a2) usage();
+  const pub = a1.trim();
+  const endpoint = a2.trim();
+  if (!/^https:\/\//i.test(endpoint)) { console.error('endpoint must be HTTPS'); process.exit(1); }
+  const fp = fingerprint(pub);
+  console.log(`# _wab.${endpoint.replace(/^https?:\/\//,'').replace(/\/.*$/,'')}  TXT record:`);
+  console.log(`v=wab1; endpoint=${endpoint}; pk=ed25519:${pub}`);
+  console.log(`# key_id (fingerprint): ${fp}`);
+  process.exit(0);
+}
+
+usage();

package/examples/wab-verify.js

@@ -0,0 +1,60 @@
+#!/usr/bin/env node
+/**
+ * wab-verify — full trust check on a domain's WAB DNS Discovery setup.
+ *
+ * Usage:
+ *   wab-verify <domain>                  # full DNS + DNSSEC + signature trust report
+ *   wab-verify --json <domain>           # JSON output (for CI / scripts)
+ *   wab-verify --strict <domain>         # exit non-zero unless trust_score == 100
+ *
+ * Hits the public WAB Trust API at /api/discovery/trust/:domain.
+ * Override base URL with WAB_BASE_URL=https://your-instance.example.com
+ */
+
+'use strict';
+
+const fetch = (() => { try { return require('node-fetch'); } catch { return globalThis.fetch; } })();
+
+const args = process.argv.slice(2);
+const json   = args.includes('--json');
+const strict = args.includes('--strict');
+const domain = args.find(a => !a.startsWith('--'));
+const BASE   = process.env.WAB_BASE_URL || 'https://www.webagentbridge.com';
+
+if (!domain) {
+  console.error('Usage: wab-verify [--json] [--strict] <domain>');
+  process.exit(2);
+}
+
+(async () => {
+  const r = await fetch(`${BASE}/api/discovery/trust/${encodeURIComponent(domain)}`);
+  if (!r.ok) { console.error(`HTTP ${r.status}`); process.exit(2); }
+  const data = await r.json();
+
+  if (json) {
+    process.stdout.write(JSON.stringify(data, null, 2) + '\n');
+  } else {
+    const c = data.checks || {};
+    const tick = (b) => b ? '✓' : '✗';
+    console.log(`\nWAB Trust Report — ${data.domain}`);
+    console.log('═'.repeat(50));
+    console.log(`  Trust Score:   ${data.trust_score}/100   [${data.trust_label.toUpperCase()}]`);
+    console.log('  ──────────────────────────────────────────────');
+    console.log(`  ${tick(c.dns_resolved)}  DNS _wab record present`);
+    console.log(`  ${tick(c.dnssec_verified)}  DNSSEC verified (AD flag)`);
+    console.log(`  ${tick(c.has_public_key)}  Public key in DNS (pk=${c.pk_algorithm || '—'})`);
+    console.log(`  ${tick(c.https_endpoint && c.manifest_fetched)}  HTTPS manifest reachable`);
+    console.log(`  ${tick(c.signature_valid)}  Manifest signature valid`);
+    console.log('  ──────────────────────────────────────────────');
+    if (data.public_key) console.log(`  Key ID: ${data.public_key.fingerprint}  (ed25519)`);
+    if (data.endpoint)   console.log(`  Endpoint: ${data.endpoint}`);
+    if (data.findings && data.findings.length) {
+      console.log('\n  Findings:');
+      for (const f of data.findings) console.log('    • ' + f);
+    }
+    console.log('');
+  }
+
+  if (strict && data.trust_score < 100) process.exit(1);
+  process.exit(0);
+})().catch(err => { console.error('[ERROR]', err.message); process.exit(2); });

package/package.json

@@ -1,13 +1,14 @@
 {
   "name": "web-agent-bridge",
-  "version": "3.3.0",
-  "description": "Open AI↔Web protocol & agent platform: standardized command interface, sovereign browser, phone shield, DNS discovery, agent mesh, and unified API gateway for safe AI–website interaction",
+  "version": "3.4.0",
+  "description": "Open AI↔Web protocol & agent platform: standardized command interface, sovereign browser, ShieldQR trust verifier, SSL health monitor, zero-config adoption (Cloudflare/Vercel/Netlify/Next.js), DNS discovery, agent mesh, and unified API gateway for safe AI–website interaction",
   "author": "Web Agent Bridge <dev@webagentbridge.com>",
   "main": "server/index.js",
   "bin": {
     "web-agent-bridge": "./bin/cli.js",
     "wab": "./bin/cli.js",
-    "wab-agent": "./bin/cli.js"
+    "wab-agent": "./bin/cli.js",
+    "wab-init": "./bin/wab-init.js"
   },
   "scripts": {
     "start": "node server/index.js",
@@ -74,9 +75,8 @@
     "express-rate-limit": "^7.4.1",
     "helmet": "^8.0.0",
     "jsonwebtoken": "^9.0.2",
-    "nodemailer": "^8.0.3",
+    "nodemailer": "^8.0.7",
     "stripe": "^20.4.1",
-    "uuid": "^10.0.0",
     "ws": "^8.20.0"
   },
   "devDependencies": {

package/public/.well-known/wab.json

@@ -0,0 +1,28 @@
+{
+  "payload": {
+    "version": "wab1",
+    "type": "wab.trust",
+    "host": "www.webagentbridge.com",
+    "endpoint": "https://www.webagentbridge.com",
+    "issued_at": "2026-05-07T15:39:11.684Z",
+    "expires_at": "2027-05-07T15:39:11.684Z",
+    "capabilities": {
+      "discovery": true,
+      "shieldqr": true,
+      "governance": true,
+      "plans_api": "/api/plans",
+      "scan_api": "/api/shieldqr/scan"
+    },
+    "trust": {
+      "pk": "ed25519:sjxdiyuM+fnu2N6aLyk1VrDPkYgE5p0+pGb2sl3Y6hg=",
+      "ssl": {
+        "thumbprint": "420c036a9bc9ecf11292042e5bce9b82595497b81cbf051787e97318ed36d9da",
+        "expires": "2026-06-19T14:10:20.000Z",
+        "days_until_expiry": 42,
+        "issuer": "Let's Encrypt",
+        "status": "active"
+      }
+    }
+  },
+  "signature": "ed25519:S4GLDJCRNe1HR6lIYm0lUQqK1izP8BjbzU1n83pE/E+k6Zc6g/doOhd6OZNElhdAzwfczhut7LRuEgzn1oAxDw=="
+}

package/public/activate.html

@@ -0,0 +1,368 @@
+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Activate WAB Discovery in One Click — Web Agent Bridge</title>
+  <meta name="description" content="Add one DNS TXT record and make your website instantly discoverable by AI agents. Step-by-step guide for Cloudflare, cPanel, GoDaddy, Namecheap and more.">
+  <link rel="preconnect" href="https://fonts.googleapis.com">
+  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+  <style>body{background:#0a0e1a;color:#f0f4ff;font-family:Inter,-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;margin:0;min-height:100vh}</style>
+  <link rel="preload" href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800;900&family=JetBrains+Mono:wght@400;500;600&display=swap" as="style" onload="this.onload=null;this.rel='stylesheet'">
+  <noscript><link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800;900&family=JetBrains+Mono:wght@400;500;600&display=swap" rel="stylesheet"></noscript>
+  <link rel="stylesheet" href="/css/styles.css?v=3.2.0">
+  <style>
+    /* ─── Page-specific styles ─── */
+    .activate-hero {
+      padding: 120px 24px 60px;
+      text-align: center;
+      background: radial-gradient(ellipse 80% 60% at 50% 0%, rgba(99,102,241,0.18) 0%, transparent 70%);
+    }
+    .activate-hero h1 {
+      font-size: clamp(2rem, 5vw, 3.5rem);
+      font-weight: 900;
+      line-height: 1.1;
+      margin-bottom: 1.2rem;
+    }
+    .activate-hero .subtitle {
+      font-size: 1.2rem;
+      color: #94a3b8;
+      max-width: 640px;
+      margin: 0 auto 2rem;
+    }
+    .lang-toggle {
+      display: flex;
+      gap: 8px;
+      justify-content: center;
+      margin-bottom: 2.5rem;
+    }
+    .lang-toggle button {
+      padding: 8px 20px;
+      border-radius: 20px;
+      border: 1.5px solid #334155;
+      background: transparent;
+      color: #94a3b8;
+      cursor: pointer;
+      font-size: 0.9rem;
+      transition: all 0.2s;
+    }
+    .lang-toggle button.active {
+      background: linear-gradient(135deg, #6366f1, #8b5cf6);
+      border-color: transparent;
+      color: #fff;
+      font-weight: 600;
+    }
+    /* Steps */
+    .steps-section {
+      max-width: 860px;
+      margin: 0 auto;
+      padding: 0 24px 80px;
+    }
+    .steps-section h2 {
+      font-size: 1.8rem;
+      font-weight: 700;
+      margin-bottom: 2rem;
+      color: #e2e8f0;
+    }
+    .step-card {
+      background: rgba(30,41,59,0.7);
+      border: 1px solid rgba(99,102,241,0.2);
+      border-radius: 16px;
+      padding: 28px 32px;
+      margin-bottom: 24px;
+      position: relative;
+      overflow: hidden;
+    }
+    .step-card::before {
+      content: '';
+      position: absolute;
+      top: 0; left: 0;
+      width: 4px; height: 100%;
+      background: linear-gradient(180deg, #6366f1, #8b5cf6);
+      border-radius: 4px 0 0 4px;
+    }
+    .step-number {
+      display: inline-flex;
+      align-items: center;
+      justify-content: center;
+      width: 36px; height: 36px;
+      background: linear-gradient(135deg, #6366f1, #8b5cf6);
+      border-radius: 50%;
+      font-weight: 700;
+      font-size: 0.95rem;
+      margin-bottom: 12px;
+    }
+    .step-card h3 {
+      font-size: 1.15rem;
+      font-weight: 700;
+      margin: 0 0 10px;
+      color: #e2e8f0;
+    }
+    .step-card p {
+      color: #94a3b8;
+      margin: 0 0 16px;
+      line-height: 1.7;
+    }
+    .step-card .code-block {
+      background: #0f172a;
+      border: 1px solid #1e293b;
+      border-radius: 10px;
+      padding: 16px 20px;
+      font-family: 'JetBrains Mono', monospace;
+      font-size: 0.85rem;
+      color: #a5f3fc;
+      overflow-x: auto;
+      margin-top: 12px;
+    }
+    .step-card .code-block .label {
+      color: #64748b;
+      font-size: 0.78rem;
+      display: block;
+      margin-bottom: 6px;
+    }
+    .step-card .code-block .key { color: #f472b6; }
+    .step-card .code-block .val { color: #34d399; }
+    /* Screenshot */
+    .step-screenshot {
+      width: 100%;
+      border-radius: 10px;
+      border: 1px solid rgba(99,102,241,0.25);
+      margin-top: 16px;
+    }
+    /* Provider tabs */
+    .provider-tabs {
+      display: flex;
+      gap: 8px;
+      flex-wrap: wrap;
+      margin-bottom: 20px;
+    }
+    .provider-tab {
+      padding: 8px 16px;
+      border-radius: 8px;
+      border: 1px solid #334155;
+      background: transparent;
+      color: #94a3b8;
+      cursor: pointer;
+      font-size: 0.85rem;
+      transition: all 0.2s;
+    }
+    .provider-tab.active {
+      background: rgba(99,102,241,0.2);
+      border-color: #6366f1;
+      color: #a5b4fc;
+    }
+    .provider-content { display: none; }
+    .provider-content.active { display: block; }
+    /* Video section */
+    .video-section {
+      max-width: 860px;
+      margin: 0 auto;
+      padding: 0 24px 80px;
+    }
+    .video-section h2 {
+      font-size: 1.8rem;
+      font-weight: 700;
+      margin-bottom: 1.5rem;
+      color: #e2e8f0;
+    }
+    .video-wrapper {
+      background: #0f172a;
+      border: 1px solid rgba(99,102,241,0.25);
+      border-radius: 16px;
+      overflow: hidden;
+      aspect-ratio: 16/9;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+    }
+    .video-wrapper video {
+      width: 100%;
+      height: 100%;
+      object-fit: cover;
+    }
+    /* Verifier CTA */
+    .verifier-cta {
+      background: linear-gradient(135deg, rgba(99,102,241,0.15), rgba(139,92,246,0.15));
+      border: 1px solid rgba(99,102,241,0.3);
+      border-radius: 20px;
+      padding: 48px 32px;
+      text-align: center;
+      max-width: 640px;
+      margin: 0 auto 80px;
+    }
+    .verifier-cta h2 {
+      font-size: 1.6rem;
+      font-weight: 700;
+      margin-bottom: 12px;
+    }
+    .verifier-cta p {
+      color: #94a3b8;
+      margin-bottom: 24px;
+    }
+    /* Badge */
+    .badge-row {
+      display: flex;
+      gap: 12px;
+      flex-wrap: wrap;
+      justify-content: center;
+      margin-bottom: 2rem;
+    }
+    .badge-img {
+      height: 28px;
+    }
+    /* RTL support */
+    html[dir="rtl"] .step-card::before {
+      left: auto; right: 0;
+      border-radius: 0 4px 4px 0;
+    }
+    html[dir="rtl"] .step-card {
+      text-align: right;
+    }
+  </style>
+</head>
+<body>
+  <!-- ═══════════ NAVBAR ═══════════ -->
+  <nav class="navbar" id="navbar">
+    <div class="container">
+      <a href="/" class="navbar-brand">
+        <div class="brand-icon">⚡</div>
+        <span>WAB</span>
+      </a>
+      <ul class="navbar-links">
+        <li><a href="/" data-i18n="nav_home">Home</a></li>
+        <li><a href="/integrations" data-i18n="nav_integrations">Integrations</a></li>
+        <li><a href="/dns" data-i18n="nav_dns">DNS Discovery</a></li>
+        <li><a href="/phone-shield" data-i18n="nav_phone">Phone Shield</a></li>
+        <li><a href="/sovereign" data-i18n="nav_sovereign">Sovereign</a></li>
+        <li><a href="/docs" data-i18n="nav_docs">Docs</a></li>
+      </ul>
+      <div class="navbar-actions">
+        <a href="/login" class="btn btn-ghost" data-wab-auth="guest">Sign In</a>
+        <a href="/dashboard" class="btn btn-ghost" data-wab-auth="signed-in" style="display:none">Dashboard</a>
+        <a href="/register" class="btn btn-primary btn-sm" data-wab-auth="guest">Get Started</a>
+      </div>
+      <button class="mobile-menu-btn">☰</button>
+    </div>
+  </nav>
+
+  <!-- ═══════════ HERO ═══════════ -->
+  <section class="activate-hero">
+    <div class="badge-row">
+      <img src="https://img.shields.io/badge/DNS%20Discovery-One--Click-6366f1?style=flat-square&logo=dns&logoColor=white" alt="One-Click DNS Discovery" class="badge-img">
+      <img src="https://img.shields.io/badge/Protocol-WAB%20v1-8b5cf6?style=flat-square" alt="WAB v1" class="badge-img">
+      <img src="https://img.shields.io/badge/Verified-Live%20on%20webagentbridge.com-10b981?style=flat-square" alt="Live Verified" class="badge-img">
+    </div>
+    <div class="lang-toggle">
+      <button id="btnEn" class="active" onclick="setActivateLang('en')">English</button>
+      <button id="btnAr" onclick="setActivateLang('ar')">العربية</button>
+    </div>
+    <h1 data-i18n="hero_title">Activate WAB Discovery<br><span class="gradient-text">in One Click</span></h1>
+    <p class="subtitle" data-i18n="hero_sub">Add a single DNS TXT record and make your website instantly discoverable by AI agents — no code changes required.</p>
+    <div style="display:flex;gap:12px;justify-content:center;flex-wrap:wrap;">
+      <a href="#steps" class="btn btn-primary btn-lg" data-i18n="cta_guide">View Setup Guide</a>
+      <a href="/dns" class="btn btn-secondary btn-lg" data-i18n="cta_verify">Live Verifier</a>
+    </div>
+  </section>
+
+  <!-- ═══════════ VIDEO ═══════════ -->
+  <section class="video-section">
+    <h2 data-i18n="video_title">Watch: Full Setup in 40 Seconds</h2>
+    <div class="video-wrapper">
+      <video controls poster="/img/dns-video-poster.jpg">
+        <source src="/videos/dns_discovery_demo.mp4" type="video/mp4">
+        <p data-i18n="video_fallback">Your browser does not support the video tag. <a href="/videos/dns_discovery_demo.mp4">Download the video</a>.</p>
+      </video>
+    </div>
+  </section>
+
+  <!-- ═══════════ STEPS ═══════════ -->
+  <section class="steps-section" id="steps">
+    <h2 data-i18n="steps_title">Step-by-Step Setup Guide</h2>
+
+    <!-- Step 1 -->
+    <div class="step-card">
+      <div class="step-number">1</div>
+      <h3 data-i18n="step1_title">Log In to Your DNS Provider</h3>
+      <p data-i18n="step1_desc">Sign in to your domain registrar or DNS hosting dashboard. Common providers include Cloudflare, cPanel, GoDaddy, and Namecheap. Navigate to the DNS Management or DNS Records section.</p>
+      <div class="provider-tabs">
+        <button class="provider-tab active" onclick="showProvider('cloudflare', this)">Cloudflare</button>
+        <button class="provider-tab" onclick="showProvider('cpanel', this)">cPanel</button>
+        <button class="provider-tab" onclick="showProvider('godaddy', this)">GoDaddy</button>
+        <button class="provider-tab" onclick="showProvider('namecheap', this)">Namecheap</button>
+      </div>
+      <div id="prov-cloudflare" class="provider-content active">
+        <p style="color:#94a3b8;font-size:0.9rem;" data-i18n="prov_cloudflare">Go to <strong>dash.cloudflare.com</strong> → Select your domain → Click <strong>DNS</strong> in the top navigation → Click <strong>+ Add record</strong>.</p>
+      </div>
+      <div id="prov-cpanel" class="provider-content">
+        <p style="color:#94a3b8;font-size:0.9rem;" data-i18n="prov_cpanel">Log in to cPanel → Scroll to <strong>Domains</strong> section → Click <strong>Zone Editor</strong> → Click <strong>Manage</strong> next to your domain → Click <strong>+ Add Record</strong>.</p>
+      </div>
+      <div id="prov-godaddy" class="provider-content">
+        <p style="color:#94a3b8;font-size:0.9rem;" data-i18n="prov_godaddy">Log in to <strong>godaddy.com</strong> → My Products → Click <strong>DNS</strong> next to your domain → Click <strong>Add New Record</strong>.</p>
+      </div>
+      <div id="prov-namecheap" class="provider-content">
+        <p style="color:#94a3b8;font-size:0.9rem;" data-i18n="prov_namecheap">Log in to <strong>namecheap.com</strong> → Domain List → Click <strong>Manage</strong> → Click <strong>Advanced DNS</strong> tab → Click <strong>Add New Record</strong>.</p>
+      </div>
+    </div>
+
+    <!-- Step 2 -->
+    <div class="step-card">
+      <div class="step-number">2</div>
+      <h3 data-i18n="step2_title">Add the TXT Record</h3>
+      <p data-i18n="step2_desc">Create a new DNS TXT record with exactly these values. Replace <code style="color:#a5f3fc">yourdomain.com</code> with your actual domain.</p>
+      <div class="code-block">
+        <span class="label">DNS TXT Record</span>
+        <span class="key">Type:</span>  <span class="val">TXT</span><br>
+        <span class="key">Name:</span>  <span class="val">_wab</span><br>
+        <span class="key">Value:</span> <span class="val">v=wab1; endpoint=https://yourdomain.com/.well-known/wab.json</span><br>
+        <span class="key">TTL:</span>   <span class="val">Auto (3600)</span>
+      </div>
+    </div>
+
+    <!-- Step 3 -->
+    <div class="step-card">
+      <div class="step-number">3</div>
+      <h3 data-i18n="step3_title">Create the wab.json Capabilities File</h3>
+      <p data-i18n="step3_desc">Create the file <code style="color:#a5f3fc">/.well-known/wab.json</code> on your web server. This file describes your site's capabilities to AI agents.</p>
+      <div class="code-block">
+        <span class="label">/.well-known/wab.json</span>
+        {<br>
+        &nbsp;&nbsp;<span class="key">"version"</span>: <span class="val">"wab1"</span>,<br>
+        &nbsp;&nbsp;<span class="key">"name"</span>: <span class="val">"Your Site Name"</span>,<br>
+        &nbsp;&nbsp;<span class="key">"description"</span>: <span class="val">"What your site does"</span>,<br>
+        &nbsp;&nbsp;<span class="key">"endpoint"</span>: <span class="val">"https://yourdomain.com/.well-known/wab.json"</span>,<br>
+        &nbsp;&nbsp;<span class="key">"capabilities"</span>: [<span class="val">"browse"</span>, <span class="val">"api"</span>]<br>
+        }
+      </div>
+    </div>
+
+    <!-- Step 4 -->
+    <div class="step-card">
+      <div class="step-number">4</div>
+      <h3 data-i18n="step4_title">Verify Your Setup</h3>
+      <p data-i18n="step4_desc">DNS propagation takes a few minutes. Use the Live Verifier to confirm your record is active. The verifier queries DNS over HTTPS (DoH) — no data is sent to our servers.</p>
+      <div style="background:#0f172a;border:1px solid #1e293b;border-radius:10px;padding:20px;margin-top:12px;">
+        <div style="display:flex;gap:12px;align-items:center;flex-wrap:wrap;">
+          <input id="activateDomain" type="text" placeholder="yourdomain.com" style="flex:1;min-width:200px;padding:10px 16px;background:#1e293b;border:1px solid #334155;border-radius:8px;color:#f0f4ff;font-size:0.9rem;outline:none;">
+          <button id="activateVerifyBtn" style="padding:10px 24px;background:linear-gradient(135deg,#6366f1,#8b5cf6);border:none;border-radius:8px;color:#fff;font-weight:600;cursor:pointer;font-size:0.9rem;" data-i18n="verify_btn">Verify Now</button>
+        </div>
+        <div id="activateResult" style="margin-top:16px;font-family:'JetBrains Mono',monospace;font-size:0.82rem;display:none;"></div>
+      </div>
+    </div>
+  </section>
+
+  <!-- ═══════════ CTA ═══════════ -->
+  <div style="padding:0 24px;">
+    <div class="verifier-cta">
+      <h2 data-i18n="cta_title">Your Domain is Now AI-Ready</h2>
+      <p data-i18n="cta_desc">Once verified, AI agents using the WAB protocol can discover your site's capabilities automatically — no manual configuration needed on their end.</p>
+      <div style="display:flex;gap:12px;justify-content:center;flex-wrap:wrap;">
+        <a href="/dns" class="btn btn-primary" data-i18n="cta_full_guide">Full DNS Guide</a>
+        <a href="/docs" class="btn btn-secondary" data-i18n="cta_docs">Read the Docs</a>
+      </div>
+    </div>
+  </div>
+
+  <script src="/js/auth-nav.js"></script>
+  <script src="/js/activate.js"></script>
+</body>
+</html>