npm - web-agent-bridge - Versions diffs - 3.3.0 → 3.8.1 - Mend

web-agent-bridge 3.3.0 → 3.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (312) hide show

package/LICENSE +84 -72
package/README.ar.md +1563 -1286
package/README.md +137 -1764
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -237
package/bin/wab-init.js +244 -0
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -0
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -0
package/examples/cpanel-wab-dns.js +114 -0
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -0
package/examples/gcp-dns-wab.js +76 -0
package/examples/governance-agent.js +169 -0
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -0
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -0
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -0
package/examples/self-discovery.js +106 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -0
package/examples/wab-verify.js +60 -0
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +93 -93
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -8
package/public/.well-known/wab.json +28 -0
package/public/activate.html +448 -0
package/public/adopt.html +236 -0
package/public/adoption-metrics.html +188 -0
package/public/agent-workspace.html +359 -349
package/public/ai.html +198 -198
package/public/api.html +397 -413
package/public/azure-dns-integration.html +289 -0
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -0
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -0
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1401 -1235
package/public/dashboard-shieldlink.html +295 -0
package/public/dashboard.html +711 -706
package/public/dns.html +436 -507
package/public/docs.html +588 -587
package/public/enterprise-mesh.ar.html +80 -0
package/public/enterprise-mesh.html +81 -0
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -0
package/public/governance.ar.html +70 -0
package/public/governance.html +69 -0
package/public/growth.html +465 -463
package/public/index.html +1372 -1070
package/public/integrations.html +556 -556
package/public/js/activate.js +449 -0
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +117 -31
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -0
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/l-preview.html +242 -0
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/milestones.html +346 -0
package/public/one-click.html +779 -0
package/public/openapi.json +669 -580
package/public/partners.ar.html +145 -0
package/public/partners.html +143 -0
package/public/phone-shield.html +281 -281
package/public/plesk-integration.html +375 -0
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -0
package/public/provider-sandbox.html +134 -0
package/public/providers.html +359 -0
package/public/refusals.html +172 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -0
package/public/ring4.html +292 -0
package/public/robots.txt +99 -87
package/public/route53-integration.html +531 -0
package/public/score.html +263 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -8
package/public/shieldlink.html +244 -0
package/public/shieldqr.html +231 -0
package/public/sitemap.xml +19 -1
package/public/terms.html +256 -256
package/public/trust-graph-api.ar.html +92 -0
package/public/trust-graph-api.html +91 -0
package/public/wab-features.html +560 -0
package/public/wab-trust.html +200 -0
package/public/wab-truth.html +375 -0
package/public/wab-vs-protocols.html +210 -0
package/public/whitepaper.html +449 -0
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/auto-discovery.js +301 -0
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -0
package/sdk/index.d.ts +464 -464
package/sdk/index.js +649 -636
package/sdk/multi-agent.js +318 -318
package/sdk/package.json +2 -2
package/sdk/safe-mode.js +221 -0
package/sdk/safety-shield.js +219 -219
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +412 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +790 -531
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/api-tier.js +170 -0
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -157
package/server/middleware/wab-trust.js +141 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/006_growth_suite.sql +138 -0
package/server/migrations/007_governance.sql +106 -0
package/server/migrations/008_plans.sql +144 -0
package/server/migrations/009_shieldqr.sql +30 -0
package/server/migrations/010_extended_trust.sql +33 -0
package/server/migrations/011_outreach.sql +47 -0
package/server/migrations/012_shieldlink.sql +116 -0
package/server/migrations/013_ct_monitor.sql +13 -0
package/server/migrations/014_wab_advanced_features.sql +128 -0
package/server/migrations/015_wab_truth_layer.sql +101 -0
package/server/migrations/016_ring4_external_trust.sql +84 -0
package/server/migrations/017_ring4_extensions.sql +69 -0
package/server/migrations/018_commercial_foundations.sql +167 -0
package/server/migrations/019_unify_tier_constraints.sql +133 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -681
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/activate.js +478 -0
package/server/routes/admin-outreach.js +239 -0
package/server/routes/admin-plans.js +76 -0
package/server/routes/admin-premium.js +674 -671
package/server/routes/admin-shieldlink.js +137 -0
package/server/routes/admin-shieldqr.js +90 -0
package/server/routes/admin-trust-monitor.js +139 -0
package/server/routes/admin.js +550 -261
package/server/routes/adopt.js +61 -0
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api-keys.js +127 -0
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -45
package/server/routes/commander.js +316 -316
package/server/routes/customer-shieldlink.js +133 -0
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -154
package/server/routes/diagnose.js +373 -0
package/server/routes/discovery.js +2348 -417
package/server/routes/enterprise-mesh.js +170 -0
package/server/routes/gateway.js +173 -173
package/server/routes/governance-saas.js +203 -0
package/server/routes/governance.js +208 -0
package/server/routes/growth.js +1048 -0
package/server/routes/intent.js +328 -0
package/server/routes/license.js +251 -251
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/partners.js +201 -0
package/server/routes/plans.js +33 -0
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -0
package/server/routes/reputation.js +411 -0
package/server/routes/ring4.js +885 -0
package/server/routes/runtime.js +2148 -2148
package/server/routes/shieldlink.js +70 -0
package/server/routes/shieldqr.js +88 -0
package/server/routes/sovereign.js +465 -465
package/server/routes/truth-layer.js +670 -0
package/server/routes/universal.js +200 -200
package/server/routes/unsubscribe.js +51 -0
package/server/routes/wab-api.js +850 -850
package/server/routes/wab-cache.js +282 -0
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/secrets/wab-signing-key.pem +3 -0
package/server/secrets/wab-signing-pub.pem +3 -0
package/server/security/cross-site-redactor.js +196 -196
package/server/security/dry-run.js +180 -180
package/server/security/human-gate-rate-limit.js +147 -147
package/server/security/human-gate-transports.js +178 -178
package/server/security/human-gate.js +281 -281
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -245
package/server/security/reward-guard.js +171 -171
package/server/security/rollback-store.js +239 -239
package/server/security/token-scope.js +404 -404
package/server/security/url-policy.js +139 -139
package/server/services/adoption-agent.js +182 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -601
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -555
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -292
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -204
package/server/services/fairness-engine.js +409 -0
package/server/services/fairness.js +420 -0
package/server/services/governance.js +466 -0
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/outreach-agent.js +312 -0
package/server/services/plans.js +214 -0
package/server/services/plugins.js +771 -771
package/server/services/premium.js +1 -1
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -0
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldlink.js +492 -0
package/server/services/shieldqr.js +322 -0
package/server/services/sovereign-shield.js +542 -542
package/server/services/ssl-ct-monitor.js +224 -0
package/server/services/ssl-inspector.js +42 -0
package/server/services/ssl-monitor.js +167 -0
package/server/services/stripe.js +206 -192
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +662 -662
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -0
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -228
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/templates/ring4/banking-sovereign.yaml +55 -0
package/templates/ring4/ecommerce-sovereign.yaml +58 -0
package/templates/ring4/healthcare-sovereign.yaml +60 -0

package/server/routes/sovereign.js CHANGED Viewed

@@ -1,465 +1,465 @@
-/**
- * Sovereign API Routes
- * ════════════════════════════════════════════════════════════════════════
- * Routes for: Decentralized Reputation, Real-time Negotiation,
- * Anti-Hallucination Shield, and Sovereign Dashboard data.
- */
-const express = require('express');
-const router = express.Router();
-const { authenticateToken } = require('../middleware/auth');
-const reputation = require('../services/reputation');
-const negotiation = require('../services/negotiation');
-const verification = require('../services/verification');
-const priceShield = require('../services/price-shield');
-const sovereignShield = require('../services/sovereign-shield');
-// ═══════════════════════════════════════════════════════════════════════
-// REPUTATION API
-// ═══════════════════════════════════════════════════════════════════════
-// Register an agent for the reputation network
-router.post('/reputation/agents', (req, res) => {
-  const { agentKey } = req.body;
-  if (!agentKey || agentKey.length < 16) {
-    return res.status(400).json({ error: 'agentKey must be at least 16 characters' });
-  }
-  const result = reputation.registerAgent(agentKey);
-  res.json(result);
-});
-// Submit a trust attestation
-router.post('/reputation/attestations', (req, res) => {
-  const { siteId, agentId, interactionType, outcome,
-    priceAccuracy, responseTimeMs, dataIntegrity, visionVerified, details } = req.body;
-  if (!siteId || !agentId || !interactionType || !outcome) {
-    return res.status(400).json({ error: 'siteId, agentId, interactionType, and outcome are required' });
-  }
-  const result = reputation.createAttestation({
-    siteId, agentId, interactionType, outcome,
-    priceAccuracy, responseTimeMs, dataIntegrity, visionVerified, details
-  });
-  if (result.error) return res.status(429).json(result);
-  res.json(result);
-});
-// Get site reputation
-router.get('/reputation/sites/:siteId', (req, res) => {
-  const result = reputation.getReputation(req.params.siteId);
-  res.json(result);
-});
-// Reputation leaderboard
-router.get('/reputation/leaderboard', (req, res) => {
-  const limit = Math.min(parseInt(req.query.limit) || 20, 100);
-  const result = reputation.getReputationLeaderboard(limit);
-  res.json(result);
-});
-// Search by reputation
-router.get('/reputation/search', (req, res) => {
-  const { category = 'all', minScore = 60 } = req.query;
-  const result = reputation.searchByReputation(category, parseFloat(minScore));
-  res.json(result);
-});
-// Verify an attestation
-router.get('/reputation/verify/:attestationId', (req, res) => {
-  const result = reputation.verifyAttestation(req.params.attestationId);
-  res.json(result);
-});
-// Challenge a site's reputation
-router.post('/reputation/challenges', (req, res) => {
-  const { siteId, challengerAgent, reason, evidence } = req.body;
-  if (!siteId || !challengerAgent || !reason) {
-    return res.status(400).json({ error: 'siteId, challengerAgent, and reason are required' });
-  }
-  const result = reputation.challengeReputation(siteId, challengerAgent, reason, evidence);
-  res.json(result);
-});
-// ═══════════════════════════════════════════════════════════════════════
-// NEGOTIATION API
-// ═══════════════════════════════════════════════════════════════════════
-// Create negotiation rules (site owner)
-router.post('/negotiation/rules', authenticateToken, (req, res) => {
-  const { siteId, ruleName, conditionType, discountType, discountValue,
-    maxDiscountPct, minOrderValue, requiresAgentReputation } = req.body;
-  if (!siteId || !ruleName || !conditionType || !discountType || discountValue == null) {
-    return res.status(400).json({ error: 'siteId, ruleName, conditionType, discountType, and discountValue are required' });
-  }
-  const result = negotiation.createRule(siteId, {
-    ruleName, conditionType, discountType, discountValue,
-    maxDiscountPct, minOrderValue, requiresAgentReputation
-  });
-  res.json(result);
-});
-// Get negotiation rules for a site
-router.get('/negotiation/rules/:siteId', (req, res) => {
-  const rules = negotiation.getRules(req.params.siteId);
-  res.json(rules);
-});
-// Update a negotiation rule
-router.put('/negotiation/rules/:ruleId', authenticateToken, (req, res) => {
-  negotiation.updateRule(req.params.ruleId, req.body);
-  res.json({ updated: true });
-});
-// Open negotiation session (agent)
-router.post('/negotiation/sessions', (req, res) => {
-  const { siteId, agentId, itemId, itemName, originalPrice } = req.body;
-  if (!siteId || !agentId || !originalPrice) {
-    return res.status(400).json({ error: 'siteId, agentId, and originalPrice are required' });
-  }
-  const result = negotiation.openSession(siteId, agentId, { itemId, itemName, originalPrice });
-  res.json(result);
-});
-// Agent makes a proposal
-router.post('/negotiation/sessions/:sessionId/propose', (req, res) => {
-  const { strategy, proposedDiscount, arguments: args } = req.body;
-  if (!strategy || proposedDiscount == null) {
-    return res.status(400).json({ error: 'strategy and proposedDiscount are required' });
-  }
-  const result = negotiation.agentPropose(req.params.sessionId, {
-    strategy, proposedDiscount, arguments: args
-  });
-  if (result.error) return res.status(400).json(result);
-  res.json(result);
-});
-// Confirm a deal
-router.post('/negotiation/sessions/:sessionId/confirm', (req, res) => {
-  const result = negotiation.confirmDeal(req.params.sessionId);
-  if (result.error) return res.status(400).json(result);
-  res.json(result);
-});
-// Get negotiation stats for a site
-router.get('/negotiation/stats/:siteId', authenticateToken, (req, res) => {
-  const stats = negotiation.getNegotiationStats(req.params.siteId);
-  res.json(stats);
-});
-// Get agent savings
-router.get('/negotiation/savings/:agentId', (req, res) => {
-  const savings = negotiation.getAgentSavings(req.params.agentId);
-  res.json(savings);
-});
-// ═══════════════════════════════════════════════════════════════════════
-// VERIFICATION (Anti-Hallucination Shield) API
-// ═══════════════════════════════════════════════════════════════════════
-// Verify a price (DOM vs Vision)
-router.post('/verify/price', (req, res) => {
-  const { siteId, agentId, url, domValue, visionValue, category, itemName } = req.body;
-  if (!siteId || !domValue) {
-    return res.status(400).json({ error: 'siteId and domValue are required' });
-  }
-  const result = verification.verifyPrice({
-    siteId, agentId, url, domValue, visionValue, category, itemName
-  });
-  res.json(result);
-});
-// Verify text
-router.post('/verify/text', (req, res) => {
-  const { siteId, agentId, url, domValue, visionValue, fieldName } = req.body;
-  if (!siteId || !domValue) {
-    return res.status(400).json({ error: 'siteId and domValue are required' });
-  }
-  const result = verification.verifyText({
-    siteId, agentId, url, domValue, visionValue, fieldName
-  });
-  res.json(result);
-});
-// Full page verification
-router.post('/verify/page', (req, res) => {
-  const { siteId, agentId, url, domData, visionData } = req.body;
-  if (!siteId || !domData) {
-    return res.status(400).json({ error: 'siteId and domData are required' });
-  }
-  const result = verification.verifyPage({
-    siteId, agentId, url, domData, visionData: visionData || {}
-  });
-  res.json(result);
-});
-// Human confirmation for a verification result
-router.post('/verify/:verificationId/confirm', (req, res) => {
-  const { approved } = req.body;
-  const result = verification.confirmVerification(req.params.verificationId, approved);
-  res.json(result);
-});
-// Get shield stats for a site
-router.get('/verify/stats/:siteId', (req, res) => {
-  const stats = verification.getShieldStats(req.params.siteId);
-  res.json(stats);
-});
-// Get global shield stats
-router.get('/verify/stats', (req, res) => {
-  const stats = verification.getGlobalShieldStats();
-  res.json(stats);
-});
-// Update price benchmark
-router.post('/verify/benchmarks', (req, res) => {
-  const { category, itemPattern, price } = req.body;
-  if (!category || !itemPattern || price == null) {
-    return res.status(400).json({ error: 'category, itemPattern, and price are required' });
-  }
-  verification.updateBenchmark(category, itemPattern, price);
-  res.json({ updated: true });
-});
-// ═══════════════════════════════════════════════════════════════════════
-// SOVEREIGN DASHBOARD DATA API
-// ═══════════════════════════════════════════════════════════════════════
-router.get('/dashboard/sovereign', authenticateToken, (req, res) => {
-  const userId = req.user.id;
-  // Get user's sites
-  const { db: database } = require('../models/db');
-  const sites = database.prepare('SELECT id, domain FROM sites WHERE user_id = ?').all(userId);
-  const dashboardData = {
-    overview: {
-      sitesProtected: sites.length,
-      shieldStatus: 'active'
-    },
-    reputation: {},
-    negotiation: {},
-    shield: {},
-    privacy: { trackingAttempts: 0, intentionsEncrypted: 0, dataShielded: 0 }
-  };
-  // Aggregate data across all user's sites
-  let totalAttestations = 0, totalDeals = 0, totalSaved = 0;
-  let totalChecks = 0, totalBlocked = 0;
-  const siteDetails = [];
-  for (const site of sites) {
-    const rep = reputation.getReputation(site.id);
-    const negStats = negotiation.getNegotiationStats(site.id);
-    const shieldStats = verification.getShieldStats(site.id);
-    totalAttestations += rep.totalAttestations || 0;
-    totalDeals += negStats.deals_made || 0;
-    totalSaved += negStats.total_discount_given || 0;
-    totalChecks += shieldStats.total_checks || 0;
-    totalBlocked += (shieldStats.halted_operations || 0) + (shieldStats.blocked_operations || 0);
-    siteDetails.push({
-      siteId: site.id,
-      domain: site.domain,
-      reputationScore: rep.reputationScore,
-      trustLevel: rep.trustLevel,
-      dealsMade: negStats.deals_made || 0,
-      avgSavings: negStats.avg_savings || 0,
-      integrityRating: shieldStats.integrity_rating
-    });
-  }
-  dashboardData.reputation = {
-    totalAttestations,
-    avgReputationScore: siteDetails.length > 0
-      ? Math.round(siteDetails.reduce((s, d) => s + d.reputationScore, 0) / siteDetails.length)
-      : 50
-  };
-  dashboardData.negotiation = {
-    totalDeals,
-    totalSaved: Math.round(totalSaved * 100) / 100
-  };
-  dashboardData.shield = {
-    totalChecks,
-    threatsBlocked: totalBlocked,
-    integrityScore: siteDetails.length > 0
-      ? Math.round(siteDetails.reduce((s, d) => s + d.integrityRating, 0) / siteDetails.length)
-      : 100
-  };
-  dashboardData.sites = siteDetails;
-  res.json(dashboardData);
-});
-// ═══════════════════════════════════════════════════════════════════════
-// DYNAMIC PRICING SHIELD API
-// ═══════════════════════════════════════════════════════════════════════
-// Get available identity personas
-router.get('/price-shield/personas', (req, res) => {
-  res.json(priceShield.getPersonas());
-});
-// Create a new price scan
-router.post('/price-shield/scans', (req, res) => {
-  const { siteId, url, itemName, category } = req.body;
-  if (!url) {
-    return res.status(400).json({ error: 'url is required' });
-  }
-  const result = priceShield.createScan({ siteId, url, itemName, category });
-  res.json(result);
-});
-// Record a probe result for a scan
-router.post('/price-shield/scans/:scanId/probes', (req, res) => {
-  const { personaId, priceText, currency, responseHeaders, cookiesReceived, durationMs } = req.body;
-  if (!personaId || !priceText) {
-    return res.status(400).json({ error: 'personaId and priceText are required' });
-  }
-  const result = priceShield.recordProbe(req.params.scanId, {
-    personaId, priceText, currency, responseHeaders, cookiesReceived, durationMs
-  });
-  if (result.error) return res.status(400).json(result);
-  res.json(result);
-});
-// Analyze a scan (after probes are recorded)
-router.post('/price-shield/scans/:scanId/analyze', (req, res) => {
-  const result = priceShield.analyzeScan(req.params.scanId);
-  if (result.error) return res.status(400).json(result);
-  res.json(result);
-});
-// Quick scan — all-in-one (provide probes + get analysis)
-router.post('/price-shield/quick-scan', (req, res) => {
-  const { url, itemName, siteId, category, probes } = req.body;
-  if (!url || !probes || !Array.isArray(probes) || probes.length < 2) {
-    return res.status(400).json({ error: 'url and at least 2 probes are required' });
-  }
-  const result = priceShield.quickScan({ url, itemName, siteId, category, probes });
-  if (result.error) return res.status(400).json(result);
-  res.json(result);
-});
-// Get scan report
-router.get('/price-shield/scans/:scanId', (req, res) => {
-  const result = priceShield.getScanReport(req.params.scanId);
-  if (result.error) return res.status(404).json(result);
-  res.json(result);
-});
-// Get global price shield statistics
-router.get('/price-shield/stats', (req, res) => {
-  res.json(priceShield.getGlobalStats());
-});
-// Get price history for a URL
-router.get('/price-shield/history', (req, res) => {
-  const url = req.query.url;
-  if (!url) return res.status(400).json({ error: 'url query parameter is required' });
-  const limit = Math.min(parseInt(req.query.limit) || 30, 100);
-  res.json(priceShield.getPriceHistory(url, limit));
-});
-// Get manipulation log for a site
-router.get('/price-shield/manipulations/:siteId', (req, res) => {
-  const limit = Math.min(parseInt(req.query.limit) || 20, 100);
-  const result = priceShield.getGlobalStats();
-  res.json(result.topManipulators.find(m => m.siteId === req.params.siteId) || { siteId: req.params.siteId, incidents: 0 });
-});
-// ═══════════════════════════════════════════════════════════════════════
-// SOVEREIGN PHONE SHIELD API
-// ═══════════════════════════════════════════════════════════════════════
-// Threat intelligence feed for browser/clients
-router.get('/shield/intel-feed', (req, res) => {
-  res.json(sovereignShield.getIntelFeed());
-});
-// Analyze a live connection/event from client telemetry
-router.post('/shield/analyze-connection', (req, res) => {
-  const result = sovereignShield.analyzeConnection(req.body || {});
-  if (result.error) return res.status(400).json(result);
-  res.json(result);
-});
-// Community threat report (Bounty-Network style)
-router.post('/shield/report', (req, res) => {
-  const result = sovereignShield.submitThreatReport(req.body || {});
-  if (result.error) return res.status(400).json(result);
-  res.json(result);
-});
-// Stats + recent events for dashboard
-router.get('/shield/stats', (req, res) => {
-  res.json(sovereignShield.getStats());
-});
-router.get('/shield/events', (req, res) => {
-  const limit = Math.min(parseInt(req.query.limit) || 50, 200);
-  res.json({ events: sovereignShield.getRecentEvents(limit) });
-});
-// Personal Cloud Vault crypto endpoints
-router.post('/shield/vault/encrypt', (req, res) => {
-  const { plaintext, passphrase } = req.body || {};
-  const result = sovereignShield.encryptVault(plaintext, passphrase);
-  if (result.error) return res.status(400).json(result);
-  res.json(result);
-});
-router.post('/shield/vault/decrypt', (req, res) => {
-  const { payload, passphrase } = req.body || {};
-  const result = sovereignShield.decryptVault(payload, passphrase);
-  if (result.error) return res.status(400).json(result);
-  res.json(result);
-});
-// Device registration + heartbeat for Android/iOS local tunnel clients
-router.post('/shield/devices/register', (req, res) => {
-  const result = sovereignShield.registerDevice(req.body || {});
-  if (result.error) return res.status(400).json(result);
-  res.json(result);
-});
-router.post('/shield/devices/heartbeat', (req, res) => {
-  const result = sovereignShield.heartbeat(req.body || {});
-  if (result.error) return res.status(400).json(result);
-  res.json(result);
-});
-// Batch telemetry ingestion from mobile local VPN / proxy layer
-router.post('/shield/devices/telemetry', (req, res) => {
-  const result = sovereignShield.ingestTelemetryBatch(req.body || {});
-  if (result.error) return res.status(400).json(result);
-  res.json(result);
-});
-router.get('/shield/devices', (req, res) => {
-  const limit = Math.min(parseInt(req.query.limit) || 100, 500);
-  res.json({ devices: sovereignShield.getDevices(limit) });
-});
-router.get('/shield/devices/:deviceFingerprint', (req, res) => {
-  const result = sovereignShield.getDevice(req.params.deviceFingerprint);
-  if (result.error) return res.status(404).json(result);
-  res.json(result);
-});
-module.exports = router;
+/**
+ * Sovereign API Routes
+ * ════════════════════════════════════════════════════════════════════════
+ * Routes for: Decentralized Reputation, Real-time Negotiation,
+ * Anti-Hallucination Shield, and Sovereign Dashboard data.
+ */
+const express = require('express');
+const router = express.Router();
+const { authenticateToken } = require('../middleware/auth');
+const reputation = require('../services/reputation');
+const negotiation = require('../services/negotiation');
+const verification = require('../services/verification');
+const priceShield = require('../services/price-shield');
+const sovereignShield = require('../services/sovereign-shield');
+// ═══════════════════════════════════════════════════════════════════════
+// REPUTATION API
+// ═══════════════════════════════════════════════════════════════════════
+// Register an agent for the reputation network
+router.post('/reputation/agents', (req, res) => {
+  const { agentKey } = req.body;
+  if (!agentKey || agentKey.length < 16) {
+    return res.status(400).json({ error: 'agentKey must be at least 16 characters' });
+  }
+  const result = reputation.registerAgent(agentKey);
+  res.json(result);
+});
+// Submit a trust attestation
+router.post('/reputation/attestations', (req, res) => {
+  const { siteId, agentId, interactionType, outcome,
+    priceAccuracy, responseTimeMs, dataIntegrity, visionVerified, details } = req.body;
+  if (!siteId || !agentId || !interactionType || !outcome) {
+    return res.status(400).json({ error: 'siteId, agentId, interactionType, and outcome are required' });
+  }
+  const result = reputation.createAttestation({
+    siteId, agentId, interactionType, outcome,
+    priceAccuracy, responseTimeMs, dataIntegrity, visionVerified, details
+  });
+  if (result.error) return res.status(429).json(result);
+  res.json(result);
+});
+// Get site reputation
+router.get('/reputation/sites/:siteId', (req, res) => {
+  const result = reputation.getReputation(req.params.siteId);
+  res.json(result);
+});
+// Reputation leaderboard
+router.get('/reputation/leaderboard', (req, res) => {
+  const limit = Math.min(parseInt(req.query.limit) || 20, 100);
+  const result = reputation.getReputationLeaderboard(limit);
+  res.json(result);
+});
+// Search by reputation
+router.get('/reputation/search', (req, res) => {
+  const { category = 'all', minScore = 60 } = req.query;
+  const result = reputation.searchByReputation(category, parseFloat(minScore));
+  res.json(result);
+});
+// Verify an attestation
+router.get('/reputation/verify/:attestationId', (req, res) => {
+  const result = reputation.verifyAttestation(req.params.attestationId);
+  res.json(result);
+});
+// Challenge a site's reputation
+router.post('/reputation/challenges', (req, res) => {
+  const { siteId, challengerAgent, reason, evidence } = req.body;
+  if (!siteId || !challengerAgent || !reason) {
+    return res.status(400).json({ error: 'siteId, challengerAgent, and reason are required' });
+  }
+  const result = reputation.challengeReputation(siteId, challengerAgent, reason, evidence);
+  res.json(result);
+});
+// ═══════════════════════════════════════════════════════════════════════
+// NEGOTIATION API
+// ═══════════════════════════════════════════════════════════════════════
+// Create negotiation rules (site owner)
+router.post('/negotiation/rules', authenticateToken, (req, res) => {
+  const { siteId, ruleName, conditionType, discountType, discountValue,
+    maxDiscountPct, minOrderValue, requiresAgentReputation } = req.body;
+  if (!siteId || !ruleName || !conditionType || !discountType || discountValue == null) {
+    return res.status(400).json({ error: 'siteId, ruleName, conditionType, discountType, and discountValue are required' });
+  }
+  const result = negotiation.createRule(siteId, {
+    ruleName, conditionType, discountType, discountValue,
+    maxDiscountPct, minOrderValue, requiresAgentReputation
+  });
+  res.json(result);
+});
+// Get negotiation rules for a site
+router.get('/negotiation/rules/:siteId', (req, res) => {
+  const rules = negotiation.getRules(req.params.siteId);
+  res.json(rules);
+});
+// Update a negotiation rule
+router.put('/negotiation/rules/:ruleId', authenticateToken, (req, res) => {
+  negotiation.updateRule(req.params.ruleId, req.body);
+  res.json({ updated: true });
+});
+// Open negotiation session (agent)
+router.post('/negotiation/sessions', (req, res) => {
+  const { siteId, agentId, itemId, itemName, originalPrice } = req.body;
+  if (!siteId || !agentId || !originalPrice) {
+    return res.status(400).json({ error: 'siteId, agentId, and originalPrice are required' });
+  }
+  const result = negotiation.openSession(siteId, agentId, { itemId, itemName, originalPrice });
+  res.json(result);
+});
+// Agent makes a proposal
+router.post('/negotiation/sessions/:sessionId/propose', (req, res) => {
+  const { strategy, proposedDiscount, arguments: args } = req.body;
+  if (!strategy || proposedDiscount == null) {
+    return res.status(400).json({ error: 'strategy and proposedDiscount are required' });
+  }
+  const result = negotiation.agentPropose(req.params.sessionId, {
+    strategy, proposedDiscount, arguments: args
+  });
+  if (result.error) return res.status(400).json(result);
+  res.json(result);
+});
+// Confirm a deal
+router.post('/negotiation/sessions/:sessionId/confirm', (req, res) => {
+  const result = negotiation.confirmDeal(req.params.sessionId);
+  if (result.error) return res.status(400).json(result);
+  res.json(result);
+});
+// Get negotiation stats for a site
+router.get('/negotiation/stats/:siteId', authenticateToken, (req, res) => {
+  const stats = negotiation.getNegotiationStats(req.params.siteId);
+  res.json(stats);
+});
+// Get agent savings
+router.get('/negotiation/savings/:agentId', (req, res) => {
+  const savings = negotiation.getAgentSavings(req.params.agentId);
+  res.json(savings);
+});
+// ═══════════════════════════════════════════════════════════════════════
+// VERIFICATION (Anti-Hallucination Shield) API
+// ═══════════════════════════════════════════════════════════════════════
+// Verify a price (DOM vs Vision)
+router.post('/verify/price', (req, res) => {
+  const { siteId, agentId, url, domValue, visionValue, category, itemName } = req.body;
+  if (!siteId || !domValue) {
+    return res.status(400).json({ error: 'siteId and domValue are required' });
+  }
+  const result = verification.verifyPrice({
+    siteId, agentId, url, domValue, visionValue, category, itemName
+  });
+  res.json(result);
+});
+// Verify text
+router.post('/verify/text', (req, res) => {
+  const { siteId, agentId, url, domValue, visionValue, fieldName } = req.body;
+  if (!siteId || !domValue) {
+    return res.status(400).json({ error: 'siteId and domValue are required' });
+  }
+  const result = verification.verifyText({
+    siteId, agentId, url, domValue, visionValue, fieldName
+  });
+  res.json(result);
+});
+// Full page verification
+router.post('/verify/page', (req, res) => {
+  const { siteId, agentId, url, domData, visionData } = req.body;
+  if (!siteId || !domData) {
+    return res.status(400).json({ error: 'siteId and domData are required' });
+  }
+  const result = verification.verifyPage({
+    siteId, agentId, url, domData, visionData: visionData || {}
+  });
+  res.json(result);
+});
+// Human confirmation for a verification result
+router.post('/verify/:verificationId/confirm', (req, res) => {
+  const { approved } = req.body;
+  const result = verification.confirmVerification(req.params.verificationId, approved);
+  res.json(result);
+});
+// Get shield stats for a site
+router.get('/verify/stats/:siteId', (req, res) => {
+  const stats = verification.getShieldStats(req.params.siteId);
+  res.json(stats);
+});
+// Get global shield stats
+router.get('/verify/stats', (req, res) => {
+  const stats = verification.getGlobalShieldStats();
+  res.json(stats);
+});
+// Update price benchmark
+router.post('/verify/benchmarks', (req, res) => {
+  const { category, itemPattern, price } = req.body;
+  if (!category || !itemPattern || price == null) {
+    return res.status(400).json({ error: 'category, itemPattern, and price are required' });
+  }
+  verification.updateBenchmark(category, itemPattern, price);
+  res.json({ updated: true });
+});
+// ═══════════════════════════════════════════════════════════════════════
+// SOVEREIGN DASHBOARD DATA API
+// ═══════════════════════════════════════════════════════════════════════
+router.get('/dashboard/sovereign', authenticateToken, (req, res) => {
+  const userId = req.user.id;
+  // Get user's sites
+  const { db: database } = require('../models/db');
+  const sites = database.prepare('SELECT id, domain FROM sites WHERE user_id = ?').all(userId);
+  const dashboardData = {
+    overview: {
+      sitesProtected: sites.length,
+      shieldStatus: 'active'
+    },
+    reputation: {},
+    negotiation: {},
+    shield: {},
+    privacy: { trackingAttempts: 0, intentionsEncrypted: 0, dataShielded: 0 }
+  };
+  // Aggregate data across all user's sites
+  let totalAttestations = 0, totalDeals = 0, totalSaved = 0;
+  let totalChecks = 0, totalBlocked = 0;
+  const siteDetails = [];
+  for (const site of sites) {
+    const rep = reputation.getReputation(site.id);
+    const negStats = negotiation.getNegotiationStats(site.id);
+    const shieldStats = verification.getShieldStats(site.id);
+    totalAttestations += rep.totalAttestations || 0;
+    totalDeals += negStats.deals_made || 0;
+    totalSaved += negStats.total_discount_given || 0;
+    totalChecks += shieldStats.total_checks || 0;
+    totalBlocked += (shieldStats.halted_operations || 0) + (shieldStats.blocked_operations || 0);
+    siteDetails.push({
+      siteId: site.id,
+      domain: site.domain,
+      reputationScore: rep.reputationScore,
+      trustLevel: rep.trustLevel,
+      dealsMade: negStats.deals_made || 0,
+      avgSavings: negStats.avg_savings || 0,
+      integrityRating: shieldStats.integrity_rating
+    });
+  }
+  dashboardData.reputation = {
+    totalAttestations,
+    avgReputationScore: siteDetails.length > 0
+      ? Math.round(siteDetails.reduce((s, d) => s + d.reputationScore, 0) / siteDetails.length)
+      : 50
+  };
+  dashboardData.negotiation = {
+    totalDeals,
+    totalSaved: Math.round(totalSaved * 100) / 100
+  };
+  dashboardData.shield = {
+    totalChecks,
+    threatsBlocked: totalBlocked,
+    integrityScore: siteDetails.length > 0
+      ? Math.round(siteDetails.reduce((s, d) => s + d.integrityRating, 0) / siteDetails.length)
+      : 100
+  };
+  dashboardData.sites = siteDetails;
+  res.json(dashboardData);
+});
+// ═══════════════════════════════════════════════════════════════════════
+// DYNAMIC PRICING SHIELD API
+// ═══════════════════════════════════════════════════════════════════════
+// Get available identity personas
+router.get('/price-shield/personas', (req, res) => {
+  res.json(priceShield.getPersonas());
+});
+// Create a new price scan
+router.post('/price-shield/scans', (req, res) => {
+  const { siteId, url, itemName, category } = req.body;
+  if (!url) {
+    return res.status(400).json({ error: 'url is required' });
+  }
+  const result = priceShield.createScan({ siteId, url, itemName, category });
+  res.json(result);
+});
+// Record a probe result for a scan
+router.post('/price-shield/scans/:scanId/probes', (req, res) => {
+  const { personaId, priceText, currency, responseHeaders, cookiesReceived, durationMs } = req.body;
+  if (!personaId || !priceText) {
+    return res.status(400).json({ error: 'personaId and priceText are required' });
+  }
+  const result = priceShield.recordProbe(req.params.scanId, {
+    personaId, priceText, currency, responseHeaders, cookiesReceived, durationMs
+  });
+  if (result.error) return res.status(400).json(result);
+  res.json(result);
+});
+// Analyze a scan (after probes are recorded)
+router.post('/price-shield/scans/:scanId/analyze', (req, res) => {
+  const result = priceShield.analyzeScan(req.params.scanId);
+  if (result.error) return res.status(400).json(result);
+  res.json(result);
+});
+// Quick scan — all-in-one (provide probes + get analysis)
+router.post('/price-shield/quick-scan', (req, res) => {
+  const { url, itemName, siteId, category, probes } = req.body;
+  if (!url || !probes || !Array.isArray(probes) || probes.length < 2) {
+    return res.status(400).json({ error: 'url and at least 2 probes are required' });
+  }
+  const result = priceShield.quickScan({ url, itemName, siteId, category, probes });
+  if (result.error) return res.status(400).json(result);
+  res.json(result);
+});
+// Get scan report
+router.get('/price-shield/scans/:scanId', (req, res) => {
+  const result = priceShield.getScanReport(req.params.scanId);
+  if (result.error) return res.status(404).json(result);
+  res.json(result);
+});
+// Get global price shield statistics
+router.get('/price-shield/stats', (req, res) => {
+  res.json(priceShield.getGlobalStats());
+});
+// Get price history for a URL
+router.get('/price-shield/history', (req, res) => {
+  const url = req.query.url;
+  if (!url) return res.status(400).json({ error: 'url query parameter is required' });
+  const limit = Math.min(parseInt(req.query.limit) || 30, 100);
+  res.json(priceShield.getPriceHistory(url, limit));
+});
+// Get manipulation log for a site
+router.get('/price-shield/manipulations/:siteId', (req, res) => {
+  const limit = Math.min(parseInt(req.query.limit) || 20, 100);
+  const result = priceShield.getGlobalStats();
+  res.json(result.topManipulators.find(m => m.siteId === req.params.siteId) || { siteId: req.params.siteId, incidents: 0 });
+});
+// ═══════════════════════════════════════════════════════════════════════
+// SOVEREIGN PHONE SHIELD API
+// ═══════════════════════════════════════════════════════════════════════
+// Threat intelligence feed for browser/clients
+router.get('/shield/intel-feed', (req, res) => {
+  res.json(sovereignShield.getIntelFeed());
+});
+// Analyze a live connection/event from client telemetry
+router.post('/shield/analyze-connection', (req, res) => {
+  const result = sovereignShield.analyzeConnection(req.body || {});
+  if (result.error) return res.status(400).json(result);
+  res.json(result);
+});
+// Community threat report (Bounty-Network style)
+router.post('/shield/report', (req, res) => {
+  const result = sovereignShield.submitThreatReport(req.body || {});
+  if (result.error) return res.status(400).json(result);
+  res.json(result);
+});
+// Stats + recent events for dashboard
+router.get('/shield/stats', (req, res) => {
+  res.json(sovereignShield.getStats());
+});
+router.get('/shield/events', (req, res) => {
+  const limit = Math.min(parseInt(req.query.limit) || 50, 200);
+  res.json({ events: sovereignShield.getRecentEvents(limit) });
+});
+// Personal Cloud Vault crypto endpoints
+router.post('/shield/vault/encrypt', (req, res) => {
+  const { plaintext, passphrase } = req.body || {};
+  const result = sovereignShield.encryptVault(plaintext, passphrase);
+  if (result.error) return res.status(400).json(result);
+  res.json(result);
+});
+router.post('/shield/vault/decrypt', (req, res) => {
+  const { payload, passphrase } = req.body || {};
+  const result = sovereignShield.decryptVault(payload, passphrase);
+  if (result.error) return res.status(400).json(result);
+  res.json(result);
+});
+// Device registration + heartbeat for Android/iOS local tunnel clients
+router.post('/shield/devices/register', (req, res) => {
+  const result = sovereignShield.registerDevice(req.body || {});
+  if (result.error) return res.status(400).json(result);
+  res.json(result);
+});
+router.post('/shield/devices/heartbeat', (req, res) => {
+  const result = sovereignShield.heartbeat(req.body || {});
+  if (result.error) return res.status(400).json(result);
+  res.json(result);
+});
+// Batch telemetry ingestion from mobile local VPN / proxy layer
+router.post('/shield/devices/telemetry', (req, res) => {
+  const result = sovereignShield.ingestTelemetryBatch(req.body || {});
+  if (result.error) return res.status(400).json(result);
+  res.json(result);
+});
+router.get('/shield/devices', (req, res) => {
+  const limit = Math.min(parseInt(req.query.limit) || 100, 500);
+  res.json({ devices: sovereignShield.getDevices(limit) });
+});
+router.get('/shield/devices/:deviceFingerprint', (req, res) => {
+  const result = sovereignShield.getDevice(req.params.deviceFingerprint);
+  if (result.error) return res.status(404).json(result);
+  res.json(result);
+});
+module.exports = router;