npm - web-agent-bridge - Versions diffs - 3.3.0 → 3.4.0 - Mend

web-agent-bridge 3.3.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (83) hide show

package/LICENSE +12 -0
package/README.ar.md +18 -0
package/README.md +198 -1664
package/bin/wab-init.js +223 -0
package/examples/azure-dns-wab.js +83 -0
package/examples/cloudflare-wab-dns.js +121 -0
package/examples/cpanel-wab-dns.js +114 -0
package/examples/dns-discovery-agent.js +166 -0
package/examples/gcp-dns-wab.js +76 -0
package/examples/governance-agent.js +169 -0
package/examples/plesk-wab-dns.js +103 -0
package/examples/route53-wab-dns.js +144 -0
package/examples/safe-mode-agent.js +96 -0
package/examples/wab-sign.js +74 -0
package/examples/wab-verify.js +60 -0
package/package.json +5 -5
package/public/.well-known/wab.json +28 -0
package/public/activate.html +368 -0
package/public/adoption-metrics.html +188 -0
package/public/api.html +1 -1
package/public/azure-dns-integration.html +289 -0
package/public/cloudflare-integration.html +380 -0
package/public/cpanel-integration.html +398 -0
package/public/css/styles.css +28 -0
package/public/dashboard.html +1 -0
package/public/dns.html +101 -172
package/public/docs.html +1 -0
package/public/gcp-dns-integration.html +318 -0
package/public/growth.html +4 -2
package/public/index.html +227 -31
package/public/integrations.html +1 -1
package/public/js/activate.js +145 -0
package/public/js/auth-nav.js +34 -0
package/public/js/dns.js +438 -0
package/public/openapi.json +89 -0
package/public/plesk-integration.html +375 -0
package/public/premium.html +1 -1
package/public/provider-onboarding.html +172 -0
package/public/provider-sandbox.html +134 -0
package/public/providers.html +359 -0
package/public/registrar-integrations.html +141 -0
package/public/robots.txt +12 -0
package/public/route53-integration.html +531 -0
package/public/shieldqr.html +231 -0
package/public/sitemap.xml +6 -0
package/public/wab-trust.html +200 -0
package/public/wab-vs-protocols.html +210 -0
package/public/whitepaper.html +449 -0
package/sdk/auto-discovery.js +288 -0
package/sdk/governance.js +262 -0
package/sdk/index.js +13 -0
package/sdk/package.json +2 -2
package/sdk/safe-mode.js +221 -0
package/server/index.js +144 -5
package/server/migrations/007_governance.sql +106 -0
package/server/migrations/008_plans.sql +144 -0
package/server/migrations/009_shieldqr.sql +30 -0
package/server/migrations/010_extended_trust.sql +33 -0
package/server/models/adapters/mysql.js +1 -1
package/server/models/adapters/postgresql.js +1 -1
package/server/models/db.js +60 -1
package/server/routes/admin-plans.js +76 -0
package/server/routes/admin-premium.js +4 -2
package/server/routes/admin-shieldqr.js +90 -0
package/server/routes/admin-trust-monitor.js +83 -0
package/server/routes/admin.js +289 -1
package/server/routes/billing.js +16 -4
package/server/routes/discovery.js +1933 -2
package/server/routes/governance.js +208 -0
package/server/routes/plans.js +33 -0
package/server/routes/providers.js +650 -0
package/server/routes/shieldqr.js +88 -0
package/server/services/email.js +29 -0
package/server/services/governance.js +466 -0
package/server/services/plans.js +214 -0
package/server/services/premium.js +1 -1
package/server/services/provider-clients.js +740 -0
package/server/services/shieldqr.js +322 -0
package/server/services/ssl-inspector.js +42 -0
package/server/services/ssl-monitor.js +167 -0
package/server/services/stripe.js +18 -5
package/server/services/vision.js +1 -1
package/server/services/wab-crypto.js +178 -0

package/public/adoption-metrics.html ADDED Viewed

@@ -0,0 +1,188 @@
+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>WAB Adoption Metrics — Live Dashboard</title>
+  <meta name="description" content="Live adoption metrics for the WAB DNS Discovery protocol: domain coverage, readiness rates, value scores, use-case distribution, and trend data over 30 days.">
+  <link rel="stylesheet" href="/css/styles.css?v=3.3.0">
+  <style>
+    body { background:#081123; color:#e8efff; }
+    .hero { padding:100px 20px 24px; text-align:center; }
+    .hero h1 { font-size:clamp(1.8rem,4vw,2.6rem); margin-bottom:6px; }
+    .hero p { color:#9eb1d8; max-width:820px; margin:0 auto; }
+    .wrap { max-width:1180px; margin:0 auto; padding:0 18px 70px; }
+    .kpis { display:grid; grid-template-columns:repeat(auto-fit,minmax(180px,1fr)); gap:12px; margin-bottom:18px; }
+    .kpi { background:linear-gradient(180deg,rgba(17,24,39,.92),rgba(10,16,30,.96)); border:1px solid rgba(148,163,184,.2); border-radius:14px; padding:14px; text-align:center; }
+    .kpi .v { font-size:1.7rem; font-weight:800; color:#fcd34d; line-height:1.1; }
+    .kpi .l { font-size:.78rem; color:#9eb1d8; margin-top:6px; text-transform:uppercase; letter-spacing:.6px; }
+    .panel { background:linear-gradient(180deg,rgba(17,24,39,.92),rgba(10,16,30,.96)); border:1px solid rgba(148,163,184,.2); border-radius:14px; padding:16px; margin-bottom:16px; }
+    .panel h3 { margin:0 0 10px; color:#fcd34d; font-size:1rem; }
+    .grid2 { display:grid; grid-template-columns:1fr 1fr; gap:14px; }
+    @media (max-width:760px) { .grid2 { grid-template-columns:1fr; } }
+    table { width:100%; border-collapse:collapse; font-size:.84rem; }
+    th, td { padding:8px 10px; text-align:left; border-bottom:1px solid rgba(148,163,184,.14); }
+    th { color:#a8b7d7; font-weight:600; font-size:.74rem; text-transform:uppercase; letter-spacing:.5px; }
+    td.num { text-align:right; font-variant-numeric:tabular-nums; color:#c4b5fd; }
+    .bar { display:inline-block; height:10px; background:linear-gradient(90deg,#f59e0b,#b45309); border-radius:6px; vertical-align:middle; }
+    .pill { display:inline-block; padding:2px 8px; border-radius:999px; background:#1f2937; color:#a8b7d7; font-size:.72rem; }
+    .pill.ok { background:#064e3b; color:#a7f3d0; }
+    .pill.warn { background:#78350f; color:#fcd34d; }
+    .empty { color:#7a8db0; font-size:.84rem; padding:14px; text-align:center; }
+    .meta { color:#7a8db0; font-size:.78rem; text-align:right; margin-bottom:8px; }
+    .spark { display:flex; gap:2px; align-items:flex-end; height:60px; padding-top:6px; }
+    .spark .b { flex:1; background:#fcd34d; min-height:2px; border-radius:2px 2px 0 0; }
+    .spark .b:hover { background:#fef3c7; }
+    .day-row { display:flex; align-items:center; gap:8px; font-size:.78rem; padding:3px 0; }
+    .day-row .d { width:90px; color:#9eb1d8; font-variant-numeric:tabular-nums; }
+    .day-row .n { width:38px; text-align:right; color:#c4b5fd; font-variant-numeric:tabular-nums; }
+    .day-row .b-track { flex:1; background:rgba(148,163,184,.1); border-radius:4px; overflow:hidden; height:8px; }
+    .day-row .b-fill { height:100%; background:linear-gradient(90deg,#f59e0b,#fcd34d); }
+    a { color:#fcd34d; }
+  </style>
+</head>
+<body>
+  <section class="hero">
+    <h1>WAB Adoption Metrics</h1>
+    <p>Live dashboard powered by every <code>/api/discovery/usage-proof</code> run. Tracks domain coverage, agent readiness, end-to-end value, and use-case distribution across the WAB DNS Discovery protocol.</p>
+  </section>
+  <div class="wrap">
+    <div class="meta" id="meta">Loading…</div>
+    <div class="kpis" id="kpis"></div>
+    <div class="grid2">
+      <div class="panel">
+        <h3>Daily activity (last 30 days)</h3>
+        <div id="daily" class="empty">Loading…</div>
+      </div>
+      <div class="panel">
+        <h3>Top use-cases</h3>
+        <div id="useCases" class="empty">Loading…</div>
+      </div>
+    </div>
+    <div class="grid2">
+      <div class="panel">
+        <h3>Top domains</h3>
+        <div id="topDomains" class="empty">Loading…</div>
+      </div>
+      <div class="panel">
+        <h3>Recent runs</h3>
+        <div id="recent" class="empty">Loading…</div>
+      </div>
+    </div>
+    <div class="panel" style="text-align:center;color:#9eb1d8;font-size:.86rem;">
+      Want your domain on this dashboard? Run any <a href="/dns">WAB DNS</a> usage proof —
+      verify cryptographic trust at <a href="/wab-trust">/wab-trust</a> —
+      or one-click enable via
+      <a href="/cloudflare-integration">Cloudflare</a>,
+      <a href="/route53-integration">Route 53</a>,
+      <a href="/azure-dns-integration">Azure DNS</a>,
+      <a href="/gcp-dns-integration">Google Cloud DNS</a>,
+      <a href="/cpanel-integration">cPanel</a>,
+      <a href="/plesk-integration">Plesk</a>, or
+      <a href="/registrar-integrations">GoDaddy / Namecheap</a>.
+    </div>
+  </div>
+  <script>
+    const fmt = (n, d = 0) => Number(n || 0).toLocaleString(undefined, { maximumFractionDigits: d });
+    const pct = (n) => (Number(n || 0) * 100).toFixed(1) + '%';
+    function kpi(label, value) {
+      return `<div class="kpi"><div class="v">${value}</div><div class="l">${label}</div></div>`;
+    }
+    function renderDaily(rows) {
+      if (!rows || !rows.length) { return '<div class="empty">No runs in the last 30 days yet.</div>'; }
+      const max = Math.max(...rows.map(r => r.runs), 1);
+      return rows.map(r => `
+        <div class="day-row">
+          <div class="d">${r.day}</div>
+          <div class="b-track"><div class="b-fill" style="width:${(r.runs / max) * 100}%"></div></div>
+          <div class="n">${r.runs}</div>
+        </div>
+      `).join('');
+    }
+    function renderUseCases(rows) {
+      if (!rows || !rows.length) { return '<div class="empty">No use-case data yet.</div>'; }
+      const max = Math.max(...rows.map(r => r.runs), 1);
+      return `<table>
+        <thead><tr><th>Use case</th><th class="num">Runs</th><th class="num">Ready</th><th class="num">Avg score</th></tr></thead>
+        <tbody>${rows.map(r => `
+          <tr>
+            <td>${r.use_case || '—'}</td>
+            <td class="num">${fmt(r.runs)}</td>
+            <td class="num">${fmt(r.ready)}</td>
+            <td class="num">${fmt(r.avg_value_score, 2)}</td>
+          </tr>
+        `).join('')}</tbody>
+      </table>`;
+    }
+    function renderTopDomains(rows) {
+      if (!rows || !rows.length) { return '<div class="empty">No domains tracked yet.</div>'; }
+      return `<table>
+        <thead><tr><th>Domain</th><th class="num">Runs</th><th class="num">Ready</th><th class="num">Avg score</th></tr></thead>
+        <tbody>${rows.map(r => `
+          <tr>
+            <td>${r.domain}</td>
+            <td class="num">${fmt(r.runs)}</td>
+            <td class="num">${fmt(r.ready)}</td>
+            <td class="num">${fmt(r.avg_value_score, 2)}</td>
+          </tr>
+        `).join('')}</tbody>
+      </table>`;
+    }
+    function renderRecent(rows) {
+      if (!rows || !rows.length) { return '<div class="empty">No recent runs.</div>'; }
+      return `<table>
+        <thead><tr><th>Domain</th><th>Use case</th><th class="num">Score</th><th class="num">When</th></tr></thead>
+        <tbody>${rows.map(r => `
+          <tr>
+            <td>${r.domain}</td>
+            <td>${r.preferred_use_case || '—'} ${r.readiness_ok ? '<span class="pill ok">ready</span>' : '<span class="pill warn">pending</span>'}</td>
+            <td class="num">${fmt(r.value_score, 2)}</td>
+            <td class="num">${r.created_at ? r.created_at.replace('T',' ').slice(0,16) : ''}</td>
+          </tr>
+        `).join('')}</tbody>
+      </table>`;
+    }
+    async function load() {
+      const r = await fetch('/api/discovery/adoption-metrics');
+      if (!r.ok) {
+        document.getElementById('meta').textContent = 'Failed to load metrics: HTTP ' + r.status;
+        return;
+      }
+      const data = await r.json();
+      const t = data.totals || {};
+      document.getElementById('kpis').innerHTML = [
+        kpi('Total runs',        fmt(t.total_runs)),
+        kpi('Unique domains',    fmt(t.unique_domains)),
+        kpi('Readiness rate',    pct(t.readiness_rate)),
+        kpi('Avg value score',   fmt(t.avg_value_score, 2)),
+        kpi('Avg end-to-end',    fmt(t.avg_end_to_end_ms) + ' ms'),
+        kpi('Exec success rate', pct(t.success_rate)),
+      ].join('');
+      document.getElementById('daily').innerHTML      = renderDaily(data.daily_last_30);
+      document.getElementById('useCases').innerHTML   = renderUseCases(data.by_use_case);
+      document.getElementById('topDomains').innerHTML = renderTopDomains(data.top_domains);
+      document.getElementById('recent').innerHTML     = renderRecent(data.recent_runs);
+      document.getElementById('meta').textContent     = 'Live · generated ' + (data.generated_at || '').replace('T',' ').slice(0,19) + ' UTC';
+    }
+    load().catch(err => {
+      document.getElementById('meta').textContent = 'Error loading metrics: ' + err.message;
+    });
+  </script>
+</body>
+</html>

package/public/api.html CHANGED Viewed

@@ -76,7 +76,7 @@
         <a href="/dashboard" class="btn btn-ghost" data-wab-auth="signed-in" style="display:none">Dashboard</a>
         <a href="/register" class="btn btn-primary btn-sm" data-wab-auth="guest">Get Started</a>
       </div>
-      <button class="mobile-menu-btn" onclick="document.querySelector('.navbar-links').classList.toggle('active')">☰</button>
+      <button class="mobile-menu-btn" >☰</button>
     </div>
   </nav>

package/public/azure-dns-integration.html ADDED Viewed

@@ -0,0 +1,289 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <title>WAB DNS — Azure DNS Integration</title>
+  <link rel="stylesheet" href="/css/main.css">
+  <style>
+    body { font-family: system-ui, sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 0; }
+    .page { max-width: 880px; margin: 0 auto; padding: 40px 20px 80px; }
+    h1 { font-size: 1.7rem; margin-bottom: 6px; }
+    .sub { color: #94a3b8; margin-bottom: 32px; font-size: .97rem; }
+    .card { background: #1e293b; border-radius: 10px; padding: 24px; margin-bottom: 24px; }
+    h2 { font-size: 1.1rem; margin: 0 0 14px; }
+    label { display: block; font-size: .85rem; color: #94a3b8; margin-bottom: 4px; margin-top: 14px; }
+    label:first-child { margin-top: 0; }
+    input[type=text], input[type=password] {
+      width: 100%; box-sizing: border-box; background: #0f172a; border: 1px solid #334155;
+      color: #e2e8f0; border-radius: 6px; padding: 9px 12px; font-size: .93rem;
+    }
+    input:focus { outline: 2px solid #6366f1; border-color: transparent; }
+    .row { display: flex; gap: 12px; }
+    .row > * { flex: 1; }
+    .actions { display: flex; gap: 10px; margin-top: 20px; flex-wrap: wrap; }
+    .btn { padding: 9px 20px; border-radius: 7px; border: none; cursor: pointer; font-size: .92rem; font-weight: 600; }
+    .btn:hover { opacity: .85; }
+    .btn:disabled { opacity: .45; cursor: not-allowed; }
+    .btn-enable    { background: #0078d4; color: #fff; }
+    .btn-disable   { background: #ef4444; color: #fff; }
+    .btn-verify    { background: #6366f1; color: #fff; }
+    .btn-secondary { background: #334155; color: #e2e8f0; }
+    #statusBar { margin-top: 18px; min-height: 36px; padding: 10px 14px; border-radius: 7px; background: #0f172a; font-size: .88rem; color: #94a3b8; display: none; }
+    #statusBar.ok   { display: block; color: #4ade80; border: 1px solid #166534; }
+    #statusBar.err  { display: block; color: #f87171; border: 1px solid #7f1d1d; }
+    #statusBar.info { display: block; color: #93c5fd; border: 1px solid #1e3a5f; }
+    pre { background: #0f172a; border-radius: 7px; padding: 14px 16px; font-size: .82rem; color: #94a3b8; overflow-x: auto; white-space: pre-wrap; word-break: break-word; margin: 14px 0 0; }
+    code { background: #0f172a; padding: 1px 5px; border-radius: 4px; font-size: .88em; }
+    .tab-bar { display: flex; gap: 4px; margin-bottom: 14px; }
+    .tab { padding: 5px 14px; border-radius: 6px; cursor: pointer; font-size: .84rem; background: #0f172a; color: #94a3b8; border: 1px solid #334155; }
+    .tab.active { background: #6366f1; color: #fff; border-color: transparent; }
+    .tab-panel { display: none; }
+    .tab-panel.active { display: block; }
+    .info-box { background: #0c2340; border: 1px solid #1e3a5f; border-radius: 8px; padding: 12px 16px; font-size: .87rem; color: #93c5fd; margin-bottom: 18px; }
+    a { color: #818cf8; }
+  </style>
+</head>
+<body>
+<div class="page">
+  <h1>Azure DNS × WAB Discovery</h1>
+  <p class="sub">
+    Enable or disable the WAB DNS Discovery TXT record on any Azure DNS zone via the
+    <a href="https://learn.microsoft.com/en-us/rest/api/dns/" target="_blank" rel="noopener">Azure DNS REST API</a>.
+  </p>
+  <div class="info-box">
+    ℹ <strong>Bearer token required.</strong>
+    Generate via: <code>az account get-access-token --resource https://management.azure.com/</code>
+    or use a Service Principal with the <code>DNS Zone Contributor</code> role.
+    Token expires in ~60 minutes.
+  </div>
+  <!-- ── STEP 1: token ── -->
+  <div class="card">
+    <h2>1. Authentication</h2>
+    <label>Azure Bearer Token <span style="color:#64748b;font-weight:400">(stays in browser memory)</span></label>
+    <input type="password" id="azToken" placeholder="eyJ0eXAiOi…" autocomplete="off">
+    <p style="margin:8px 0 0;font-size:.82rem;color:#64748b">
+      Quick command: <code>az account get-access-token --resource https://management.azure.com/ --query accessToken -o tsv</code>
+    </p>
+  </div>
+  <!-- ── STEP 2: zone ── -->
+  <div class="card">
+    <h2>2. Subscription, Resource Group, Zone</h2>
+    <div class="row">
+      <div>
+        <label>Subscription ID</label>
+        <input type="text" id="azSub" placeholder="00000000-0000-0000-0000-000000000000">
+      </div>
+      <div>
+        <label>Resource Group</label>
+        <input type="text" id="azRg" placeholder="my-resource-group">
+      </div>
+    </div>
+    <div class="row">
+      <div>
+        <label>DNS Zone Name</label>
+        <input type="text" id="azZone" placeholder="example.com">
+      </div>
+      <div>
+        <label>Domain <span style="color:#64748b;font-weight:400">(usually same as zone)</span></label>
+        <input type="text" id="azDomain" placeholder="example.com">
+      </div>
+    </div>
+    <label>Endpoint URL <span style="color:#64748b;font-weight:400">(blank = auto)</span></label>
+    <input type="text" id="azEndpoint" placeholder="https://example.com/.well-known/wab.json">
+  </div>
+  <!-- ── STEP 3: actions ── -->
+  <div class="card">
+    <h2>3. Actions</h2>
+    <div class="actions">
+      <button class="btn btn-enable"    id="btnEnable"  onclick="azAction('enable')">✓ Enable WAB Discovery</button>
+      <button class="btn btn-disable"   id="btnDisable" onclick="azAction('disable')">✗ Disable WAB Discovery</button>
+      <button class="btn btn-verify"    id="btnVerify"  onclick="azVerify()">⟳ Verify Status</button>
+      <button class="btn btn-secondary" onclick="window.open('/provider-sandbox','_blank')">Open Sandbox</button>
+    </div>
+    <div id="statusBar"></div>
+    <pre id="jsonOut" style="display:none"></pre>
+  </div>
+  <!-- ── CODE SNIPPETS ── -->
+  <div class="card">
+    <h2>Code Snippets</h2>
+    <div class="tab-bar">
+      <div class="tab active" onclick="switchTab('cli')">Azure CLI</div>
+      <div class="tab" onclick="switchTab('ps')">PowerShell</div>
+      <div class="tab" onclick="switchTab('tf')">Terraform</div>
+    </div>
+    <div id="tab-cli" class="tab-panel active">
+<pre># Enable
+az network dns record-set txt add-record \
+  --resource-group my-rg \
+  --zone-name example.com \
+  --record-set-name _wab \
+  --value "v=wab1; endpoint=https://example.com/.well-known/wab.json"
+# Disable
+az network dns record-set txt delete \
+  --resource-group my-rg \
+  --zone-name example.com \
+  --name _wab \
+  --yes
+</pre>
+    </div>
+    <div id="tab-ps" class="tab-panel">
+<pre># PowerShell with Az.Dns module
+$txt = New-AzDnsRecordConfig -Value "v=wab1; endpoint=https://example.com/.well-known/wab.json"
+New-AzDnsRecordSet `
+  -Name "_wab" -RecordType TXT -Ttl 3600 `
+  -ZoneName "example.com" -ResourceGroupName "my-rg" `
+  -DnsRecords $txt
+# Disable
+Remove-AzDnsRecordSet -Name "_wab" -RecordType TXT `
+  -ZoneName "example.com" -ResourceGroupName "my-rg" -Confirm:$false
+</pre>
+    </div>
+    <div id="tab-tf" class="tab-panel">
+<pre>resource "azurerm_dns_txt_record" "wab_discovery" {
+  name                = "_wab"
+  zone_name           = "example.com"
+  resource_group_name = "my-rg"
+  ttl                 = 3600
+  record {
+    value = "v=wab1; endpoint=https://example.com/.well-known/wab.json"
+  }
+}
+</pre>
+    </div>
+  </div>
+  <!-- ── IAM ── -->
+  <div class="card">
+    <h2>Required Role</h2>
+    <p style="font-size:.85rem;color:#94a3b8;margin:0 0 10px">
+      Use the built-in <strong>DNS Zone Contributor</strong> role scoped to the zone (or RG).
+      Required actions:
+    </p>
+<pre>Microsoft.Network/dnsZones/TXT/read
+Microsoft.Network/dnsZones/TXT/write
+Microsoft.Network/dnsZones/TXT/delete</pre>
+  </div>
+  <p style="text-align:center;margin-top:30px;font-size:.85rem;color:#475569">
+    <a href="/provider-onboarding">← Provider Onboarding</a> ·
+    <a href="/cloudflare-integration">Cloudflare</a> ·
+    <a href="/route53-integration">Route 53</a> ·
+    <a href="/gcp-dns-integration">Google Cloud DNS</a> ·
+    <a href="/dns">DNS Discovery</a>
+  </p>
+</div>
+<script>
+function switchTab(name) {
+  document.querySelectorAll('.tab').forEach(t => t.classList.remove('active'));
+  document.querySelectorAll('.tab-panel').forEach(p => p.classList.remove('active'));
+  document.querySelector(`#tab-${name}`).classList.add('active');
+  event.target.classList.add('active');
+}
+function setStatus(msg, type) { const b = document.getElementById('statusBar'); b.textContent = msg; b.className = type; }
+function showJson(o) { const p = document.getElementById('jsonOut'); p.textContent = JSON.stringify(o, null, 2); p.style.display = 'block'; }
+function getInputs() {
+  return {
+    token:   document.getElementById('azToken').value.trim(),
+    sub:     document.getElementById('azSub').value.trim(),
+    rg:      document.getElementById('azRg').value.trim(),
+    zone:    document.getElementById('azZone').value.trim(),
+    domain:  document.getElementById('azDomain').value.trim().toLowerCase().replace(/^https?:\/\//, '').replace(/\/$/, ''),
+    ep:      document.getElementById('azEndpoint').value.trim(),
+  };
+}
+async function azReq(token, method, path, body) {
+  const r = await fetch(`https://management.azure.com${path}?api-version=2018-05-01`, {
+    method,
+    headers: { 'Authorization': `Bearer ${token}`, 'Content-Type': 'application/json' },
+    body: body ? JSON.stringify(body) : undefined,
+  });
+  const txt = await r.text();
+  if (r.status === 404) return null;
+  if (!r.ok) {
+    let parsed; try { parsed = JSON.parse(txt); } catch {}
+    throw new Error(`Azure ${r.status}: ${parsed?.error?.message || txt.slice(0, 300)}`);
+  }
+  try { return JSON.parse(txt); } catch { return txt; }
+}
+async function azAction(action) {
+  const inp = getInputs();
+  if (!inp.token)  return setStatus('Please paste an Azure bearer token.', 'err');
+  if (!inp.sub)    return setStatus('Please enter the Subscription ID.', 'err');
+  if (!inp.rg)     return setStatus('Please enter the Resource Group.', 'err');
+  if (!inp.zone)   return setStatus('Please enter the DNS zone name.', 'err');
+  if (!inp.domain) inp.domain = inp.zone;
+  document.getElementById('btnEnable').disabled  = true;
+  document.getElementById('btnDisable').disabled = true;
+  try {
+    const ep = inp.ep || `https://${inp.domain}/.well-known/wab.json`;
+    setStatus('Fetching WAB record template…', 'info');
+    const tpl = await (await fetch(`/api/discovery/provider/record-template?domain=${encodeURIComponent(inp.domain)}&endpoint=${encodeURIComponent(ep)}`)).json();
+    const txtVal = tpl.record && tpl.record.value;
+    if (!txtVal) throw new Error('Could not fetch WAB record template.');
+    // Azure stores record name relative to zone — usually "_wab" if zone == domain, else "_wab.subdomain"
+    const recName = inp.domain === inp.zone ? '_wab' : `_wab.${inp.domain.replace(`.${inp.zone}`, '')}`;
+    const path    = `/subscriptions/${inp.sub}/resourceGroups/${inp.rg}/providers/Microsoft.Network/dnsZones/${inp.zone}/TXT/${recName}`;
+    if (action === 'enable') {
+      // PUT replaces the record set entirely (atomic upsert)
+      const body = {
+        properties: {
+          TTL: 3600,
+          TXTRecords: [{ value: [txtVal] }]
+        }
+      };
+      setStatus(`Submitting PUT to Azure DNS for ${recName}.${inp.zone}…`, 'info');
+      const out = await azReq(inp.token, 'PUT', path, body);
+      setStatus(`✓ TXT record set for ${recName}.${inp.zone}. WAB Discovery is ENABLED.`, 'ok');
+      showJson(out);
+    } else {
+      setStatus('Deleting TXT record set…', 'info');
+      const out = await azReq(inp.token, 'DELETE', path);
+      if (out === null) {
+        setStatus(`No _wab TXT record found for ${inp.zone} — already disabled.`, 'ok');
+        showJson({ note: 'no record found' });
+      } else {
+        setStatus(`✓ TXT record deleted. WAB Discovery is DISABLED.`, 'ok');
+        showJson({ deleted: recName, zone: inp.zone });
+      }
+    }
+  } catch (err) {
+    setStatus(`Error: ${err.message}`, 'err');
+  } finally {
+    document.getElementById('btnEnable').disabled  = false;
+    document.getElementById('btnDisable').disabled = false;
+  }
+}
+async function azVerify() {
+  const { domain, zone } = getInputs();
+  const d = domain || zone;
+  if (!d) return setStatus('Please enter a domain.', 'err');
+  setStatus('Checking WAB status…', 'info');
+  try {
+    const j = await (await fetch(`/api/discovery/provider/status?domain=${encodeURIComponent(d)}`)).json();
+    if (j.status === 'enabled')      setStatus(`✓ ${d} — ENABLED.`, 'ok');
+    else if (j.status === 'partial') setStatus(`⚠ ${d} — partial.`, 'info');
+    else setStatus(`✗ ${d} — DISABLED.`, 'err');
+    showJson(j);
+  } catch (err) { setStatus(`Verify error: ${err.message}`, 'err'); }
+}
+</script>
+</body>
+</html>