npm - web-agent-bridge - Versions diffs - 3.3.0 → 3.8.1 - Mend

web-agent-bridge 3.3.0 → 3.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (312) hide show

package/LICENSE +84 -72
package/README.ar.md +1563 -1286
package/README.md +137 -1764
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -237
package/bin/wab-init.js +244 -0
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -0
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -0
package/examples/cpanel-wab-dns.js +114 -0
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -0
package/examples/gcp-dns-wab.js +76 -0
package/examples/governance-agent.js +169 -0
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -0
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -0
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -0
package/examples/self-discovery.js +106 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -0
package/examples/wab-verify.js +60 -0
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +93 -93
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -8
package/public/.well-known/wab.json +28 -0
package/public/activate.html +448 -0
package/public/adopt.html +236 -0
package/public/adoption-metrics.html +188 -0
package/public/agent-workspace.html +359 -349
package/public/ai.html +198 -198
package/public/api.html +397 -413
package/public/azure-dns-integration.html +289 -0
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -0
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -0
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1401 -1235
package/public/dashboard-shieldlink.html +295 -0
package/public/dashboard.html +711 -706
package/public/dns.html +436 -507
package/public/docs.html +588 -587
package/public/enterprise-mesh.ar.html +80 -0
package/public/enterprise-mesh.html +81 -0
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -0
package/public/governance.ar.html +70 -0
package/public/governance.html +69 -0
package/public/growth.html +465 -463
package/public/index.html +1372 -1070
package/public/integrations.html +556 -556
package/public/js/activate.js +449 -0
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +117 -31
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -0
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/l-preview.html +242 -0
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/milestones.html +346 -0
package/public/one-click.html +779 -0
package/public/openapi.json +669 -580
package/public/partners.ar.html +145 -0
package/public/partners.html +143 -0
package/public/phone-shield.html +281 -281
package/public/plesk-integration.html +375 -0
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -0
package/public/provider-sandbox.html +134 -0
package/public/providers.html +359 -0
package/public/refusals.html +172 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -0
package/public/ring4.html +292 -0
package/public/robots.txt +99 -87
package/public/route53-integration.html +531 -0
package/public/score.html +263 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -8
package/public/shieldlink.html +244 -0
package/public/shieldqr.html +231 -0
package/public/sitemap.xml +19 -1
package/public/terms.html +256 -256
package/public/trust-graph-api.ar.html +92 -0
package/public/trust-graph-api.html +91 -0
package/public/wab-features.html +560 -0
package/public/wab-trust.html +200 -0
package/public/wab-truth.html +375 -0
package/public/wab-vs-protocols.html +210 -0
package/public/whitepaper.html +449 -0
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/auto-discovery.js +301 -0
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -0
package/sdk/index.d.ts +464 -464
package/sdk/index.js +649 -636
package/sdk/multi-agent.js +318 -318
package/sdk/package.json +2 -2
package/sdk/safe-mode.js +221 -0
package/sdk/safety-shield.js +219 -219
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +412 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +790 -531
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/api-tier.js +170 -0
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -157
package/server/middleware/wab-trust.js +141 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/006_growth_suite.sql +138 -0
package/server/migrations/007_governance.sql +106 -0
package/server/migrations/008_plans.sql +144 -0
package/server/migrations/009_shieldqr.sql +30 -0
package/server/migrations/010_extended_trust.sql +33 -0
package/server/migrations/011_outreach.sql +47 -0
package/server/migrations/012_shieldlink.sql +116 -0
package/server/migrations/013_ct_monitor.sql +13 -0
package/server/migrations/014_wab_advanced_features.sql +128 -0
package/server/migrations/015_wab_truth_layer.sql +101 -0
package/server/migrations/016_ring4_external_trust.sql +84 -0
package/server/migrations/017_ring4_extensions.sql +69 -0
package/server/migrations/018_commercial_foundations.sql +167 -0
package/server/migrations/019_unify_tier_constraints.sql +133 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -681
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/activate.js +478 -0
package/server/routes/admin-outreach.js +239 -0
package/server/routes/admin-plans.js +76 -0
package/server/routes/admin-premium.js +674 -671
package/server/routes/admin-shieldlink.js +137 -0
package/server/routes/admin-shieldqr.js +90 -0
package/server/routes/admin-trust-monitor.js +139 -0
package/server/routes/admin.js +550 -261
package/server/routes/adopt.js +61 -0
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api-keys.js +127 -0
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -45
package/server/routes/commander.js +316 -316
package/server/routes/customer-shieldlink.js +133 -0
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -154
package/server/routes/diagnose.js +373 -0
package/server/routes/discovery.js +2348 -417
package/server/routes/enterprise-mesh.js +170 -0
package/server/routes/gateway.js +173 -173
package/server/routes/governance-saas.js +203 -0
package/server/routes/governance.js +208 -0
package/server/routes/growth.js +1048 -0
package/server/routes/intent.js +328 -0
package/server/routes/license.js +251 -251
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/partners.js +201 -0
package/server/routes/plans.js +33 -0
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -0
package/server/routes/reputation.js +411 -0
package/server/routes/ring4.js +885 -0
package/server/routes/runtime.js +2148 -2148
package/server/routes/shieldlink.js +70 -0
package/server/routes/shieldqr.js +88 -0
package/server/routes/sovereign.js +465 -465
package/server/routes/truth-layer.js +670 -0
package/server/routes/universal.js +200 -200
package/server/routes/unsubscribe.js +51 -0
package/server/routes/wab-api.js +850 -850
package/server/routes/wab-cache.js +282 -0
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/secrets/wab-signing-key.pem +3 -0
package/server/secrets/wab-signing-pub.pem +3 -0
package/server/security/cross-site-redactor.js +196 -196
package/server/security/dry-run.js +180 -180
package/server/security/human-gate-rate-limit.js +147 -147
package/server/security/human-gate-transports.js +178 -178
package/server/security/human-gate.js +281 -281
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -245
package/server/security/reward-guard.js +171 -171
package/server/security/rollback-store.js +239 -239
package/server/security/token-scope.js +404 -404
package/server/security/url-policy.js +139 -139
package/server/services/adoption-agent.js +182 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -601
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -555
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -292
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -204
package/server/services/fairness-engine.js +409 -0
package/server/services/fairness.js +420 -0
package/server/services/governance.js +466 -0
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/outreach-agent.js +312 -0
package/server/services/plans.js +214 -0
package/server/services/plugins.js +771 -771
package/server/services/premium.js +1 -1
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -0
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldlink.js +492 -0
package/server/services/shieldqr.js +322 -0
package/server/services/sovereign-shield.js +542 -542
package/server/services/ssl-ct-monitor.js +224 -0
package/server/services/ssl-inspector.js +42 -0
package/server/services/ssl-monitor.js +167 -0
package/server/services/stripe.js +206 -192
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +662 -662
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -0
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -228
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/templates/ring4/banking-sovereign.yaml +55 -0
package/templates/ring4/ecommerce-sovereign.yaml +58 -0
package/templates/ring4/healthcare-sovereign.yaml +60 -0

package/public/cloudflare-integration.html ADDED Viewed

@@ -0,0 +1,380 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <title>WAB DNS — Cloudflare One-Click Integration</title>
+  <link rel="stylesheet" href="/css/main.css">
+  <style>
+    body { font-family: system-ui, sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 0; }
+    .page { max-width: 860px; margin: 0 auto; padding: 40px 20px 80px; }
+    h1 { font-size: 1.7rem; margin-bottom: 6px; }
+    .sub { color: #94a3b8; margin-bottom: 32px; font-size: .97rem; }
+    .card { background: #1e293b; border-radius: 10px; padding: 24px; margin-bottom: 24px; }
+    h2 { font-size: 1.1rem; margin: 0 0 14px; }
+    label { display: block; font-size: .85rem; color: #94a3b8; margin-bottom: 4px; margin-top: 14px; }
+    label:first-child { margin-top: 0; }
+    input[type=text], input[type=password] {
+      width: 100%; box-sizing: border-box; background: #0f172a; border: 1px solid #334155;
+      color: #e2e8f0; border-radius: 6px; padding: 9px 12px; font-size: .93rem;
+    }
+    input:focus { outline: 2px solid #6366f1; border-color: transparent; }
+    .row { display: flex; gap: 12px; }
+    .row > * { flex: 1; }
+    .actions { display: flex; gap: 10px; margin-top: 20px; flex-wrap: wrap; }
+    .btn { padding: 9px 20px; border-radius: 7px; border: none; cursor: pointer; font-size: .92rem; font-weight: 600; transition: opacity .15s; }
+    .btn:hover { opacity: .85; }
+    .btn:disabled { opacity: .45; cursor: not-allowed; }
+    .btn-enable  { background: #22c55e; color: #000; }
+    .btn-disable { background: #ef4444; color: #fff; }
+    .btn-verify  { background: #6366f1; color: #fff; }
+    .btn-secondary { background: #334155; color: #e2e8f0; }
+    #statusBar { margin-top: 18px; min-height: 36px; padding: 10px 14px; border-radius: 7px; background: #0f172a; font-size: .88rem; color: #94a3b8; display: none; }
+    #statusBar.ok   { display: block; color: #4ade80; border: 1px solid #166534; }
+    #statusBar.err  { display: block; color: #f87171; border: 1px solid #7f1d1d; }
+    #statusBar.info { display: block; color: #93c5fd; border: 1px solid #1e3a5f; }
+    pre { background: #0f172a; border-radius: 7px; padding: 14px 16px; font-size: .82rem; color: #94a3b8; overflow-x: auto; white-space: pre-wrap; word-break: break-word; margin: 14px 0 0; }
+    .badge { display: inline-block; padding: 2px 9px; border-radius: 12px; font-size: .74rem; font-weight: 700; background: #1d4ed8; color: #bfdbfe; margin-left: 8px; vertical-align: middle; }
+    .badge.green { background: #14532d; color: #86efac; }
+    .badge.red   { background: #7f1d1d; color: #fca5a5; }
+    .step { counter-increment: step; display: flex; gap: 14px; margin-bottom: 18px; }
+    .step-num { flex-shrink: 0; width: 28px; height: 28px; border-radius: 50%; background: #334155; color: #e2e8f0; font-size: .82rem; font-weight: 700; display: flex; align-items: center; justify-content: center; }
+    .step-body { flex: 1; padding-top: 3px; }
+    a { color: #818cf8; }
+    code { background: #0f172a; padding: 1px 5px; border-radius: 4px; font-size: .88em; }
+    .tab-bar { display: flex; gap: 4px; margin-bottom: 14px; }
+    .tab { padding: 5px 14px; border-radius: 6px; cursor: pointer; font-size: .84rem; background: #0f172a; color: #94a3b8; border: 1px solid #334155; }
+    .tab.active { background: #6366f1; color: #fff; border-color: transparent; }
+    .tab-panel { display: none; }
+    .tab-panel.active { display: block; }
+  </style>
+</head>
+<body>
+<div class="page">
+  <h1>Cloudflare × WAB DNS Discovery</h1>
+  <p class="sub">
+    One-click enable or disable the WAB DNS Discovery TXT record for any domain managed in Cloudflare.
+    Uses the <a href="https://developers.cloudflare.com/api/" target="_blank" rel="noopener">Cloudflare API</a> directly from your browser — your token never leaves your device.
+  </p>
+  <!-- ── STEP 1: credentials ── -->
+  <div class="card">
+    <h2>1. Cloudflare Credentials</h2>
+    <label>API Token <span style="color:#94a3b8;font-weight:400">(needs <code>Zone:DNS:Edit</code> permission)</span></label>
+    <input type="password" id="cfToken" placeholder="eyJhbGci…" autocomplete="off">
+    <p style="margin:8px 0 0;font-size:.82rem;color:#64748b">
+      Create a scoped token at
+      <a href="https://dash.cloudflare.com/profile/api-tokens" target="_blank" rel="noopener">dash.cloudflare.com → API Tokens</a>.
+      Select template <strong>Edit zone DNS</strong> and restrict to the zone you need.
+    </p>
+  </div>
+  <!-- ── STEP 2: domain ── -->
+  <div class="card">
+    <h2>2. Domain</h2>
+    <div class="row">
+      <div>
+        <label>Root domain (Cloudflare zone)</label>
+        <input type="text" id="cfDomain" placeholder="example.com">
+      </div>
+      <div>
+        <label>Endpoint URL <span style="color:#94a3b8;font-weight:400">(leave blank for auto)</span></label>
+        <input type="text" id="cfEndpoint" placeholder="https://example.com/.well-known/wab.json">
+      </div>
+    </div>
+  </div>
+  <!-- ── STEP 3: actions ── -->
+  <div class="card">
+    <h2>3. Actions</h2>
+    <div class="actions">
+      <button class="btn btn-enable"    id="btnEnable"  onclick="cfAction('enable')">✓ Enable WAB Discovery</button>
+      <button class="btn btn-disable"   id="btnDisable" onclick="cfAction('disable')">✗ Disable WAB Discovery</button>
+      <button class="btn btn-verify"    id="btnVerify"  onclick="cfVerify()">⟳ Verify Status</button>
+      <button class="btn btn-secondary" onclick="window.open('/provider-sandbox','_blank')">Open Sandbox</button>
+    </div>
+    <div id="statusBar"></div>
+    <pre id="jsonOut" style="display:none"></pre>
+  </div>
+  <!-- ── HOW IT WORKS ── -->
+  <div class="card">
+    <h2>How it works</h2>
+    <div style="counter-reset:step">
+      <div class="step">
+        <div class="step-num">1</div>
+        <div class="step-body">Fetch the WAB <strong>record template</strong> for your domain (<code>GET /api/discovery/provider/record-template</code>) to get the exact TXT value.</div>
+      </div>
+      <div class="step">
+        <div class="step-num">2</div>
+        <div class="step-body">Resolve the Cloudflare <strong>Zone ID</strong> from the domain name (<code>GET /zones?name=…</code>).</div>
+      </div>
+      <div class="step">
+        <div class="step-num">3</div>
+        <div class="step-body"><strong>Enable:</strong> look up existing <code>_wab</code> TXT record → create it if absent, or update it if the value changed.<br>
+        <strong>Disable:</strong> look up the record → delete it if found.</div>
+      </div>
+      <div class="step">
+        <div class="step-num">4</div>
+        <div class="step-body">Call <code>GET /api/discovery/provider/status?domain=…</code> to confirm WAB sees the record live (DNS propagation may take up to 60 s).</div>
+      </div>
+    </div>
+  </div>
+  <!-- ── CODE SNIPPETS ── -->
+  <div class="card">
+    <h2>Code Snippets</h2>
+    <div class="tab-bar">
+      <div class="tab active" onclick="switchTab('nodejs')">Node.js</div>
+      <div class="tab" onclick="switchTab('curl')">cURL</div>
+      <div class="tab" onclick="switchTab('python')">Python</div>
+    </div>
+    <div id="tab-nodejs" class="tab-panel active">
+<pre>// npm install node-fetch
+const fetch = require('node-fetch');
+const CF_TOKEN = process.env.CF_API_TOKEN;
+const DOMAIN   = 'example.com';
+const WAB_ENDPOINT = `https://${DOMAIN}/.well-known/wab.json`;
+const TXT_VALUE = `v=wab1; endpoint=${WAB_ENDPOINT}`;
+async function cfHeaders() {
+  return { Authorization: `Bearer ${CF_TOKEN}`, 'Content-Type': 'application/json' };
+}
+async function getZoneId(domain) {
+  const r = await fetch(`https://api.cloudflare.com/client/v4/zones?name=${domain}`, { headers: await cfHeaders() });
+  const j = await r.json();
+  if (!j.success || !j.result[0]) throw new Error('Zone not found');
+  return j.result[0].id;
+}
+async function enableWAB() {
+  const zoneId = await getZoneId(DOMAIN);
+  const base = `https://api.cloudflare.com/client/v4/zones/${zoneId}/dns_records`;
+  // check existing
+  const list = await (await fetch(`${base}?type=TXT&name=_wab.${DOMAIN}`, { headers: await cfHeaders() })).json();
+  if (list.result && list.result[0]) {
+    // update
+    const id = list.result[0].id;
+    await fetch(`${base}/${id}`, { method: 'PUT', headers: await cfHeaders(),
+      body: JSON.stringify({ type: 'TXT', name: `_wab.${DOMAIN}`, content: TXT_VALUE, ttl: 3600 }) });
+    console.log('Updated _wab TXT record');
+  } else {
+    await fetch(base, { method: 'POST', headers: await cfHeaders(),
+      body: JSON.stringify({ type: 'TXT', name: `_wab.${DOMAIN}`, content: TXT_VALUE, ttl: 3600 }) });
+    console.log('Created _wab TXT record');
+  }
+}
+async function disableWAB() {
+  const zoneId = await getZoneId(DOMAIN);
+  const base = `https://api.cloudflare.com/client/v4/zones/${zoneId}/dns_records`;
+  const list = await (await fetch(`${base}?type=TXT&name=_wab.${DOMAIN}`, { headers: await cfHeaders() })).json();
+  if (list.result && list.result[0]) {
+    await fetch(`${base}/${list.result[0].id}`, { method: 'DELETE', headers: await cfHeaders() });
+    console.log('Deleted _wab TXT record');
+  } else {
+    console.log('No _wab record found (already disabled)');
+  }
+}
+enableWAB().catch(console.error);
+</pre>
+    </div>
+    <div id="tab-curl" class="tab-panel">
+<pre># 1. Get Zone ID
+ZONE=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=example.com" \
+  -H "Authorization: Bearer $CF_API_TOKEN" | jq -r '.result[0].id')
+# 2. Create TXT record
+curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records" \
+  -H "Authorization: Bearer $CF_API_TOKEN" \
+  -H "Content-Type: application/json" \
+  --data '{
+    "type":    "TXT",
+    "name":    "_wab.example.com",
+    "content": "v=wab1; endpoint=https://example.com/.well-known/wab.json",
+    "ttl":     3600
+  }'
+# Delete (disable)
+REC=$(curl -s "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records?type=TXT&name=_wab.example.com" \
+  -H "Authorization: Bearer $CF_API_TOKEN" | jq -r '.result[0].id')
+curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records/$REC" \
+  -H "Authorization: Bearer $CF_API_TOKEN"
+</pre>
+    </div>
+    <div id="tab-python" class="tab-panel">
+<pre>import os, requests
+CF_TOKEN = os.environ['CF_API_TOKEN']
+DOMAIN   = 'example.com'
+HEADERS  = {'Authorization': f'Bearer {CF_TOKEN}', 'Content-Type': 'application/json'}
+TXT_VAL  = f'v=wab1; endpoint=https://{DOMAIN}/.well-known/wab.json'
+def zone_id():
+    r = requests.get(f'https://api.cloudflare.com/client/v4/zones?name={DOMAIN}', headers=HEADERS)
+    return r.json()['result'][0]['id']
+def enable_wab():
+    zid = zone_id()
+    base = f'https://api.cloudflare.com/client/v4/zones/{zid}/dns_records'
+    lst = requests.get(f'{base}?type=TXT&name=_wab.{DOMAIN}', headers=HEADERS).json()
+    payload = {'type': 'TXT', 'name': f'_wab.{DOMAIN}', 'content': TXT_VAL, 'ttl': 3600}
+    if lst['result']:
+        requests.put(f'{base}/{lst["result"][0]["id"]}', json=payload, headers=HEADERS)
+        print('Updated')
+    else:
+        requests.post(base, json=payload, headers=HEADERS)
+        print('Created')
+def disable_wab():
+    zid = zone_id()
+    base = f'https://api.cloudflare.com/client/v4/zones/{zid}/dns_records'
+    lst = requests.get(f'{base}?type=TXT&name=_wab.{DOMAIN}', headers=HEADERS).json()
+    if lst['result']:
+        requests.delete(f'{base}/{lst["result"][0]["id"]}', headers=HEADERS)
+        print('Deleted')
+    else:
+        print('Already disabled')
+enable_wab()
+</pre>
+    </div>
+  </div>
+  <p style="text-align:center;margin-top:30px;font-size:.85rem;color:#475569">
+    <a href="/provider-onboarding">← Back to Provider Onboarding</a> ·
+    <a href="/provider-sandbox">Provider Sandbox</a> ·
+    <a href="/dns">DNS Discovery</a>
+  </p>
+</div>
+<script>
+function switchTab(name) {
+  document.querySelectorAll('.tab').forEach(t => t.classList.remove('active'));
+  document.querySelectorAll('.tab-panel').forEach(p => p.classList.remove('active'));
+  document.querySelector(`#tab-${name}`).classList.add('active');
+  event.target.classList.add('active');
+}
+function setStatus(msg, type) {
+  const bar = document.getElementById('statusBar');
+  bar.textContent = msg;
+  bar.className = type;
+}
+function showJson(obj) {
+  const pre = document.getElementById('jsonOut');
+  pre.textContent = JSON.stringify(obj, null, 2);
+  pre.style.display = 'block';
+}
+function getInputs() {
+  const token  = document.getElementById('cfToken').value.trim();
+  const domain = document.getElementById('cfDomain').value.trim().toLowerCase().replace(/^https?:\/\//, '').replace(/\/$/, '');
+  const ep     = document.getElementById('cfEndpoint').value.trim() || `https://${domain}/.well-known/wab.json`;
+  return { token, domain, ep };
+}
+async function cfHeaders(token) {
+  return { 'Authorization': `Bearer ${token}`, 'Content-Type': 'application/json' };
+}
+async function getZoneId(token, domain) {
+  const r = await fetch(`https://api.cloudflare.com/client/v4/zones?name=${encodeURIComponent(domain)}`, {
+    headers: await cfHeaders(token)
+  });
+  const j = await r.json();
+  if (!j.success || !j.result || !j.result[0]) throw new Error(`Zone not found for "${domain}". Make sure the domain is in your Cloudflare account.`);
+  return j.result[0].id;
+}
+async function cfAction(action) {
+  const { token, domain, ep } = getInputs();
+  if (!token) return setStatus('Please enter your Cloudflare API Token.', 'err');
+  if (!domain) return setStatus('Please enter a domain name.', 'err');
+  document.getElementById(`btn${action === 'enable' ? 'Enable' : 'Disable'}`).disabled = true;
+  setStatus('Fetching WAB record template…', 'info');
+  try {
+    // 1. get record value from WAB
+    const tplRes = await fetch(`/api/discovery/provider/record-template?domain=${encodeURIComponent(domain)}&endpoint=${encodeURIComponent(ep)}`);
+    const tpl    = await tplRes.json();
+    const txtVal = tpl.record && tpl.record.value;
+    if (!txtVal) throw new Error('Could not fetch WAB record template.');
+    setStatus('Resolving Cloudflare Zone ID…', 'info');
+    const zoneId = await getZoneId(token, domain);
+    const baseUrl = `https://api.cloudflare.com/client/v4/zones/${zoneId}/dns_records`;
+    const cfHdr   = await cfHeaders(token);
+    const listUrl = `${baseUrl}?type=TXT&name=_wab.${domain}`;
+    setStatus('Looking up existing _wab TXT record…', 'info');
+    const listRes = await fetch(listUrl, { headers: cfHdr });
+    const listJ   = await listRes.json();
+    const existing = listJ.result && listJ.result[0];
+    let resultJson;
+    if (action === 'enable') {
+      const body = JSON.stringify({ type: 'TXT', name: `_wab.${domain}`, content: txtVal, ttl: 3600 });
+      if (existing) {
+        setStatus(`Updating existing record (id=${existing.id})…`, 'info');
+        const r = await fetch(`${baseUrl}/${existing.id}`, { method: 'PUT', headers: cfHdr, body });
+        resultJson = await r.json();
+        if (!resultJson.success) throw new Error(JSON.stringify(resultJson.errors));
+        setStatus(`✓ _wab TXT record updated for ${domain}. DNS propagation may take up to 60 s.`, 'ok');
+      } else {
+        setStatus('Creating new _wab TXT record…', 'info');
+        const r = await fetch(baseUrl, { method: 'POST', headers: cfHdr, body });
+        resultJson = await r.json();
+        if (!resultJson.success) throw new Error(JSON.stringify(resultJson.errors));
+        setStatus(`✓ _wab TXT record created for ${domain}. WAB Discovery is now ENABLED.`, 'ok');
+      }
+    } else {
+      // disable
+      if (!existing) {
+        setStatus(`No _wab TXT record found for ${domain} — already disabled.`, 'ok');
+        showJson({ note: 'no record found', domain });
+        return;
+      }
+      setStatus(`Deleting record (id=${existing.id})…`, 'info');
+      const r = await fetch(`${baseUrl}/${existing.id}`, { method: 'DELETE', headers: cfHdr });
+      resultJson = await r.json();
+      if (!resultJson.success) throw new Error(JSON.stringify(resultJson.errors));
+      setStatus(`✓ _wab TXT record deleted for ${domain}. WAB Discovery is now DISABLED.`, 'ok');
+    }
+    showJson(resultJson);
+  } catch (err) {
+    setStatus(`Error: ${err.message}`, 'err');
+  } finally {
+    document.getElementById('btnEnable').disabled  = false;
+    document.getElementById('btnDisable').disabled = false;
+  }
+}
+async function cfVerify() {
+  const { domain } = getInputs();
+  if (!domain) return setStatus('Please enter a domain name.', 'err');
+  setStatus('Checking WAB status via DNS…', 'info');
+  try {
+    const r = await fetch(`/api/discovery/provider/status?domain=${encodeURIComponent(domain)}`);
+    const j = await r.json();
+    const st = j.status;
+    if (st === 'enabled')  setStatus(`✓ ${domain} — WAB Discovery is ENABLED (record verified).`, 'ok');
+    else if (st === 'partial') setStatus(`⚠ ${domain} — DNS found but endpoint has issues (status: partial).`, 'info');
+    else setStatus(`✗ ${domain} — WAB Discovery is DISABLED (no valid TXT record found).`, 'err');
+    showJson(j);
+  } catch (err) {
+    setStatus(`Verify error: ${err.message}`, 'err');
+  }
+}
+</script>
+</body>
+</html>