npm - web-agent-bridge - Versions diffs - 3.3.0 → 3.8.1 - Mend

web-agent-bridge 3.3.0 → 3.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (312) hide show

package/LICENSE +84 -72
package/README.ar.md +1563 -1286
package/README.md +137 -1764
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -237
package/bin/wab-init.js +244 -0
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -0
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -0
package/examples/cpanel-wab-dns.js +114 -0
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -0
package/examples/gcp-dns-wab.js +76 -0
package/examples/governance-agent.js +169 -0
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -0
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -0
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -0
package/examples/self-discovery.js +106 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -0
package/examples/wab-verify.js +60 -0
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +93 -93
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -8
package/public/.well-known/wab.json +28 -0
package/public/activate.html +448 -0
package/public/adopt.html +236 -0
package/public/adoption-metrics.html +188 -0
package/public/agent-workspace.html +359 -349
package/public/ai.html +198 -198
package/public/api.html +397 -413
package/public/azure-dns-integration.html +289 -0
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -0
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -0
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1401 -1235
package/public/dashboard-shieldlink.html +295 -0
package/public/dashboard.html +711 -706
package/public/dns.html +436 -507
package/public/docs.html +588 -587
package/public/enterprise-mesh.ar.html +80 -0
package/public/enterprise-mesh.html +81 -0
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -0
package/public/governance.ar.html +70 -0
package/public/governance.html +69 -0
package/public/growth.html +465 -463
package/public/index.html +1372 -1070
package/public/integrations.html +556 -556
package/public/js/activate.js +449 -0
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +117 -31
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -0
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/l-preview.html +242 -0
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/milestones.html +346 -0
package/public/one-click.html +779 -0
package/public/openapi.json +669 -580
package/public/partners.ar.html +145 -0
package/public/partners.html +143 -0
package/public/phone-shield.html +281 -281
package/public/plesk-integration.html +375 -0
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -0
package/public/provider-sandbox.html +134 -0
package/public/providers.html +359 -0
package/public/refusals.html +172 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -0
package/public/ring4.html +292 -0
package/public/robots.txt +99 -87
package/public/route53-integration.html +531 -0
package/public/score.html +263 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -8
package/public/shieldlink.html +244 -0
package/public/shieldqr.html +231 -0
package/public/sitemap.xml +19 -1
package/public/terms.html +256 -256
package/public/trust-graph-api.ar.html +92 -0
package/public/trust-graph-api.html +91 -0
package/public/wab-features.html +560 -0
package/public/wab-trust.html +200 -0
package/public/wab-truth.html +375 -0
package/public/wab-vs-protocols.html +210 -0
package/public/whitepaper.html +449 -0
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/auto-discovery.js +301 -0
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -0
package/sdk/index.d.ts +464 -464
package/sdk/index.js +649 -636
package/sdk/multi-agent.js +318 -318
package/sdk/package.json +2 -2
package/sdk/safe-mode.js +221 -0
package/sdk/safety-shield.js +219 -219
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +412 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +790 -531
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/api-tier.js +170 -0
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -157
package/server/middleware/wab-trust.js +141 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/006_growth_suite.sql +138 -0
package/server/migrations/007_governance.sql +106 -0
package/server/migrations/008_plans.sql +144 -0
package/server/migrations/009_shieldqr.sql +30 -0
package/server/migrations/010_extended_trust.sql +33 -0
package/server/migrations/011_outreach.sql +47 -0
package/server/migrations/012_shieldlink.sql +116 -0
package/server/migrations/013_ct_monitor.sql +13 -0
package/server/migrations/014_wab_advanced_features.sql +128 -0
package/server/migrations/015_wab_truth_layer.sql +101 -0
package/server/migrations/016_ring4_external_trust.sql +84 -0
package/server/migrations/017_ring4_extensions.sql +69 -0
package/server/migrations/018_commercial_foundations.sql +167 -0
package/server/migrations/019_unify_tier_constraints.sql +133 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -681
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/activate.js +478 -0
package/server/routes/admin-outreach.js +239 -0
package/server/routes/admin-plans.js +76 -0
package/server/routes/admin-premium.js +674 -671
package/server/routes/admin-shieldlink.js +137 -0
package/server/routes/admin-shieldqr.js +90 -0
package/server/routes/admin-trust-monitor.js +139 -0
package/server/routes/admin.js +550 -261
package/server/routes/adopt.js +61 -0
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api-keys.js +127 -0
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -45
package/server/routes/commander.js +316 -316
package/server/routes/customer-shieldlink.js +133 -0
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -154
package/server/routes/diagnose.js +373 -0
package/server/routes/discovery.js +2348 -417
package/server/routes/enterprise-mesh.js +170 -0
package/server/routes/gateway.js +173 -173
package/server/routes/governance-saas.js +203 -0
package/server/routes/governance.js +208 -0
package/server/routes/growth.js +1048 -0
package/server/routes/intent.js +328 -0
package/server/routes/license.js +251 -251
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/partners.js +201 -0
package/server/routes/plans.js +33 -0
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -0
package/server/routes/reputation.js +411 -0
package/server/routes/ring4.js +885 -0
package/server/routes/runtime.js +2148 -2148
package/server/routes/shieldlink.js +70 -0
package/server/routes/shieldqr.js +88 -0
package/server/routes/sovereign.js +465 -465
package/server/routes/truth-layer.js +670 -0
package/server/routes/universal.js +200 -200
package/server/routes/unsubscribe.js +51 -0
package/server/routes/wab-api.js +850 -850
package/server/routes/wab-cache.js +282 -0
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/secrets/wab-signing-key.pem +3 -0
package/server/secrets/wab-signing-pub.pem +3 -0
package/server/security/cross-site-redactor.js +196 -196
package/server/security/dry-run.js +180 -180
package/server/security/human-gate-rate-limit.js +147 -147
package/server/security/human-gate-transports.js +178 -178
package/server/security/human-gate.js +281 -281
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -245
package/server/security/reward-guard.js +171 -171
package/server/security/rollback-store.js +239 -239
package/server/security/token-scope.js +404 -404
package/server/security/url-policy.js +139 -139
package/server/services/adoption-agent.js +182 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -601
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -555
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -292
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -204
package/server/services/fairness-engine.js +409 -0
package/server/services/fairness.js +420 -0
package/server/services/governance.js +466 -0
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/outreach-agent.js +312 -0
package/server/services/plans.js +214 -0
package/server/services/plugins.js +771 -771
package/server/services/premium.js +1 -1
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -0
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldlink.js +492 -0
package/server/services/shieldqr.js +322 -0
package/server/services/sovereign-shield.js +542 -542
package/server/services/ssl-ct-monitor.js +224 -0
package/server/services/ssl-inspector.js +42 -0
package/server/services/ssl-monitor.js +167 -0
package/server/services/stripe.js +206 -192
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +662 -662
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -0
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -228
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/templates/ring4/banking-sovereign.yaml +55 -0
package/templates/ring4/ecommerce-sovereign.yaml +58 -0
package/templates/ring4/healthcare-sovereign.yaml +60 -0

package/public/security.txt CHANGED Viewed

@@ -1,8 +1,8 @@
-Contact: mailto:security@webagentbridge.com
-Expires: 2027-04-26T00:00:00.000Z
-Encryption: https://www.webagentbridge.com/.well-known/pgp-key.txt
-Acknowledgments: https://www.webagentbridge.com/security#hall-of-fame
-Preferred-Languages: en, ar
-Canonical: https://www.webagentbridge.com/.well-known/security.txt
-Policy: https://www.webagentbridge.com/security
-Hiring: https://www.webagentbridge.com/security#bug-bounty
+Contact: mailto:security@webagentbridge.com
+Expires: 2027-04-26T00:00:00.000Z
+Encryption: https://www.webagentbridge.com/.well-known/pgp-key.txt
+Acknowledgments: https://www.webagentbridge.com/security#hall-of-fame
+Preferred-Languages: en, ar
+Canonical: https://www.webagentbridge.com/.well-known/security.txt
+Policy: https://www.webagentbridge.com/security
+Hiring: https://www.webagentbridge.com/security#bug-bounty

package/public/shieldlink.html ADDED Viewed

@@ -0,0 +1,244 @@
+<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8" />
+<meta name="viewport" content="width=device-width,initial-scale=1" />
+<title>WAB ShieldLink — Verified Links for Banks &amp; Brands</title>
+<meta name="description" content="Sender-signed, anti-phishing links from verified brands. Cryptographically signed, DNS-anchored, no install required for end users." />
+<meta property="og:title" content="WAB ShieldLink — Verified Links" />
+<meta property="og:description" content="Anti-phishing verified links for banks, payment processors, and businesses. Anyone can verify; no app install required." />
+<meta property="og:url" content="https://www.webagentbridge.com/shieldlink" />
+<link rel="canonical" href="https://www.webagentbridge.com/shieldlink" />
+<style>
+  :root{--bg:#0b1220;--fg:#fff;--muted:#94a3b8;--card:#111a2e;--border:#1f2a44;--accent:#22d3a3;--warn:#f59e0b;--bad:#ef4444}
+  *{box-sizing:border-box}
+  body{margin:0;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,Arial,sans-serif;background:var(--bg);color:var(--fg);line-height:1.6}
+  .wrap{max-width:1100px;margin:0 auto;padding:24px}
+  header{display:flex;justify-content:space-between;align-items:center;padding:18px 0}
+  header a.logo{color:#fff;text-decoration:none;font-weight:700;font-size:18px}
+  nav a{color:var(--muted);margin-left:20px;text-decoration:none;font-size:14px}
+  nav a:hover{color:#fff}
+  [dir="rtl"] nav a{margin-left:0;margin-right:20px}
+  .hero{padding:60px 0 40px;text-align:center}
+  .pill{display:inline-block;background:rgba(34,211,163,.15);color:var(--accent);padding:6px 14px;border-radius:99px;font-size:12px;font-weight:600;letter-spacing:.5px;text-transform:uppercase}
+  h1{font-size:44px;line-height:1.15;margin:18px 0 16px}
+  .lede{color:var(--muted);font-size:18px;max-width:720px;margin:0 auto 26px}
+  .cta{display:inline-block;background:var(--accent);color:#0b1220;font-weight:700;padding:14px 28px;border-radius:8px;text-decoration:none;margin:6px}
+  .cta.ghost{background:transparent;color:#fff;border:1px solid var(--border)}
+  .grid{display:grid;grid-template-columns:repeat(auto-fit,minmax(260px,1fr));gap:18px;margin:42px 0}
+  .card{background:var(--card);border:1px solid var(--border);border-radius:12px;padding:20px}
+  .card h3{margin:0 0 8px;font-size:18px}
+  .card p{color:var(--muted);font-size:14px;margin:0}
+  .demo{background:var(--card);border:1px solid var(--border);border-radius:12px;padding:24px;margin:28px 0}
+  .demo h2{margin:0 0 14px}
+  .preview{display:flex;gap:16px;flex-wrap:wrap}
+  .preview .col{flex:1;min-width:220px;background:#0f1730;border:1px solid var(--border);border-radius:10px;overflow:hidden}
+  .preview .head{padding:12px;color:#fff;font-weight:600;font-size:14px}
+  .preview .head.ok{background:#0a9d58}
+  .preview .head.warn{background:#f59e0b;color:#1f2933}
+  .preview .head.bad{background:#dc2626}
+  .preview ul{margin:0;padding:14px 18px;color:var(--muted);font-size:13px}
+  .preview li{margin:4px 0}
+  section{padding:36px 0;border-top:1px solid var(--border)}
+  h2{font-size:28px;margin:0 0 14px}
+  .steps{counter-reset:step;list-style:none;padding:0}
+  .steps li{padding:14px 0 14px 56px;position:relative;color:var(--muted)}
+  .steps li::before{counter-increment:step;content:counter(step);position:absolute;left:0;top:14px;width:36px;height:36px;border-radius:50%;background:var(--accent);color:#0b1220;font-weight:700;display:flex;align-items:center;justify-content:center}
+  [dir="rtl"] .steps li{padding:14px 56px 14px 0}
+  [dir="rtl"] .steps li::before{left:auto;right:0}
+  .steps li b{color:#fff;display:block;margin-bottom:2px}
+  table{width:100%;border-collapse:collapse;margin:20px 0;font-size:14px}
+  th,td{text-align:left;padding:12px;border-bottom:1px solid var(--border)}
+  th{color:var(--accent);font-size:13px;text-transform:uppercase;letter-spacing:.4px}
+  [dir="rtl"] th,[dir="rtl"] td{text-align:right}
+  .price{display:grid;grid-template-columns:repeat(auto-fit,minmax(220px,1fr));gap:18px}
+  .plan{background:var(--card);border:1px solid var(--border);border-radius:12px;padding:24px}
+  .plan.pro{border-color:var(--accent)}
+  .plan h3{margin:0 0 4px}
+  .plan .p{font-size:32px;font-weight:700;margin:6px 0 12px}
+  .plan ul{padding-left:18px;color:var(--muted);font-size:14px;margin:0}
+  [dir="rtl"] .plan ul{padding-left:0;padding-right:18px}
+  footer{text-align:center;color:var(--muted);font-size:13px;padding:36px 0;border-top:1px solid var(--border)}
+  .lang{cursor:pointer;color:var(--muted);text-decoration:none}
+  .lang:hover{color:#fff}
+  @media(max-width:640px){h1{font-size:32px}.hero{padding:36px 0 24px}}
+</style>
+</head>
+<body>
+<div class="wrap">
+  <header>
+    <a class="logo" href="/">Web Agent Bridge</a>
+    <nav>
+      <a href="/">Home</a>
+      <a href="/pricing.html" data-en="Pricing" data-ar="الأسعار">Pricing</a>
+      <a href="/dashboard.html" data-en="Dashboard" data-ar="لوحة التحكم">Dashboard</a>
+      <a class="lang" id="lang-toggle">عربي</a>
+    </nav>
+  </header>
+  <div class="hero">
+    <span class="pill" data-en="WAB ShieldLink · New" data-ar="شيلد لينك · جديد">WAB ShieldLink · New</span>
+    <h1 data-en="Verified links from real banks &amp; brands."
+        data-ar="روابط موثّقة من البنوك والعلامات الحقيقية.">
+      Verified links from real banks &amp; brands.
+    </h1>
+    <p class="lede" data-en="Stop phishing at the link layer. Banks, payment processors, telcos, and businesses sign every link they send. Anyone who clicks sees a Trust Preview before reaching the destination. No install. No browser extension. Just better trust on the open web."
+       data-ar="أوقف التصيّد عند طبقة الرابط. البنوك ومزوّدو الدفع والشركات يوقّعون كل رابط يرسلونه، وعند فتحه يظهر لأي مستخدم معاينة موثوقة قبل الوصول إلى الوجهة. بدون أي تطبيق أو إضافة متصفح.">
+      Stop phishing at the link layer. Banks, payment processors, telcos, and businesses sign every link they send. Anyone who clicks sees a Trust Preview before reaching the destination. No install. No browser extension.
+    </p>
+    <a class="cta" href="/register.html" data-en="Get verified — start free" data-ar="ابدأ التوثيق — مجاناً">Get verified — start free</a>
+    <a class="cta ghost" href="#how" data-en="How it works" data-ar="كيف يعمل">How it works</a>
+  </div>
+  <div class="demo">
+    <h2 data-en="What end-users see" data-ar="ما يراه المستخدم">What end-users see</h2>
+    <p style="color:var(--muted);margin:0 0 16px" data-en="Every signed link opens a Trust Preview before redirecting. Recipients see the real brand, the real amount, and the real expiry — verified by Ed25519 signature."
+       data-ar="كل رابط موقّع يفتح معاينة موثوقة قبل إعادة التوجيه. يرى المستخدم اسم الجهة الحقيقية والمبلغ ومدة الصلاحية، مُتحقَّق منها بتوقيع Ed25519.">
+    </p>
+    <div class="preview">
+      <div class="col"><div class="head ok">✓ <span data-en="Verified — Bank Example" data-ar="موثّق — بنك مثال">Verified — Bank Example</span></div>
+        <ul>
+          <li><b data-en="Brand:" data-ar="الجهة:">Brand:</b> Bank Example <span style="color:var(--accent)">●</span></li>
+          <li><b data-en="Payee:" data-ar="المستفيد:">Payee:</b> ACME LLC</li>
+          <li><b data-en="Amount:" data-ar="المبلغ:">Amount:</b> 240.00 SAR</li>
+          <li><b data-en="Domain match:" data-ar="مطابقة النطاق:">Domain match:</b> ✓</li>
+          <li><b data-en="Signature:" data-ar="التوقيع:">Signature:</b> ✓ Ed25519</li>
+        </ul>
+      </div>
+      <div class="col"><div class="head warn">⚠ <span data-en="Caution — pending review" data-ar="تنبيه — قيد المراجعة">Caution — pending review</span></div>
+        <ul>
+          <li><b data-en="Brand:" data-ar="الجهة:">Brand:</b> NewMerchant</li>
+          <li><b data-en="Status:" data-ar="الحالة:">Status:</b> brand_unverified</li>
+          <li><b data-en="Signature:" data-ar="التوقيع:">Signature:</b> ✓</li>
+        </ul>
+      </div>
+      <div class="col"><div class="head bad">✕ <span data-en="Blocked — phishing" data-ar="محظور — تصيّد">Blocked — phishing</span></div>
+        <ul>
+          <li><b data-en="Reason:" data-ar="السبب:">Reason:</b> revoked · many_reports</li>
+          <li><b data-en="Signature:" data-ar="التوقيع:">Signature:</b> ✕</li>
+        </ul>
+      </div>
+    </div>
+  </div>
+  <section id="how">
+    <h2 data-en="How it works" data-ar="كيف يعمل">How it works</h2>
+    <ol class="steps">
+      <li><b data-en="Verify your domain (DNS TXT)" data-ar="وثّق نطاقك عبر سجل DNS TXT">Verify your domain (DNS TXT)</b>
+        <span data-en="Add the WAB trust record to your DNS — the same root every modern protocol uses (no CA required)."
+              data-ar="أضف سجل ثقة WAB إلى DNS الخاص بك — نفس الأساس الذي تستخدمه البروتوكولات الحديثة (بدون مرجع تصديق).">
+        </span>
+      </li>
+      <li><b data-en="Apply for a Verified Brand badge" data-ar="قدّم طلب شارة الجهة الموثّقة">Apply for a Verified Brand badge</b>
+        <span data-en="Submit your display name. Lookalikes (Levenshtein distance ≤ 2) are auto-rejected, and reserved names like 'mada' or 'paypal' require admin review."
+              data-ar="أدخل اسم الجهة. الأسماء المتشابهة (مسافة Levenshtein ≤ 2) تُرفض تلقائياً، والأسماء المحجوزة مثل 'مدى' أو 'PayPal' تتطلب مراجعة الإدارة.">
+        </span>
+      </li>
+      <li><b data-en="Sign every link you send" data-ar="وقّع كل رابط ترسله">Sign every link you send</b>
+        <span data-en="Call POST /api/customer/shieldlink/sites/:siteId/sign with the destination, amount, payee, and expiry. Get back a short link like https://www.webagentbridge.com/l/abc123."
+              data-ar="استدعِ POST /api/customer/shieldlink/sites/:siteId/sign بالوجهة والمبلغ والمستفيد ومدة الصلاحية، لتحصل على رابط قصير مثل https://www.webagentbridge.com/l/abc123.">
+        </span>
+      </li>
+      <li><b data-en="Anyone verifies — no app needed" data-ar="أي شخص يتحقق — بدون تطبيق">Anyone verifies — no app needed</b>
+        <span data-en="When the recipient opens the link, the Trust Preview verifies the Ed25519 signature, fetches your DNS-anchored public key, and shows a green / yellow / red verdict before redirect."
+              data-ar="عند فتح المستلم للرابط، تتحقق المعاينة الموثوقة من التوقيع، وتجلب المفتاح العام من DNS، ثم تعرض حكماً أخضر/أصفر/أحمر قبل التحويل.">
+        </span>
+      </li>
+    </ol>
+  </section>
+  <section>
+    <h2 data-en="Why it stops phishing" data-ar="لماذا يوقف التصيّد">Why it stops phishing</h2>
+    <div class="grid">
+      <div class="card"><h3 data-en="Identity = domain ownership" data-ar="الهوية = ملكية النطاق">Identity = domain ownership</h3>
+        <p data-en="Only the proven owner of bank.example can sign links carrying the brand 'Bank Example'. No CA, no manual paperwork — DNS + DNSSEC are the trust root."
+           data-ar="فقط المالك الموثّق لـ bank.example يستطيع توقيع روابط تحمل اسم 'Bank Example'. لا حاجة لمرجع تصديق ولا أوراق — DNS وDNSSEC هما جذر الثقة.">
+        </p></div>
+      <div class="card"><h3 data-en="Lookalike protection" data-ar="حماية من الأسماء المتشابهة">Lookalike protection</h3>
+        <p data-en="The registry rejects any display name within Levenshtein distance 2 of an existing verified brand, plus a reserved-name list for high-value targets (banks, payment networks)."
+           data-ar="السجل يرفض أي اسم بمسافة Levenshtein ≤ 2 من جهة موثّقة قائمة، إضافة لقائمة أسماء محجوزة للأهداف عالية القيمة (البنوك وشبكات الدفع).">
+        </p></div>
+      <div class="card"><h3 data-en="Cryptographic, not cosmetic" data-ar="تشفير، وليس مجرد شكل">Cryptographic, not cosmetic</h3>
+        <p data-en="Every link is signed with Ed25519. Tampering invalidates the signature. The Trust Preview won't show green unless the math checks out."
+           data-ar="كل رابط موقّع بـ Ed25519. أي تعديل يُبطل التوقيع، ولن تظهر المعاينة باللون الأخضر إلا إذا تحققت الرياضيات.">
+        </p></div>
+      <div class="card"><h3 data-en="Community reports" data-ar="بلاغات المجتمع">Community reports</h3>
+        <p data-en="Recipients can report a link in one tap. Multiple open reports flip the verdict to red and trigger admin review automatically."
+           data-ar="يمكن للمستلم الإبلاغ عن أي رابط بضغطة واحدة. تعدد البلاغات يحوّل الحكم إلى الأحمر ويفعّل المراجعة تلقائياً.">
+        </p></div>
+      <div class="card"><h3 data-en="Revocable in real time" data-ar="قابل للإلغاء فوراً">Revocable in real time</h3>
+        <p data-en="If a campaign goes wrong, revoke a single link or rotate your signing key from the dashboard — every future verification reflects it instantly."
+           data-ar="إذا حدث خطأ في حملة ما، يمكنك إلغاء رابط واحد أو تدوير مفتاح التوقيع من لوحة التحكم — كل تحقق لاحق ينعكس فوراً.">
+        </p></div>
+      <div class="card"><h3 data-en="Zero install for end users" data-ar="بدون تثبيت لدى المستخدم">Zero install for end users</h3>
+        <p data-en="Anyone with a browser benefits. The sender pays for verification; the recipient just clicks."
+           data-ar="أي مستخدم لديه متصفح يستفيد. المرسل يدفع مقابل التوثيق، والمستلم يضغط فقط.">
+        </p></div>
+    </div>
+  </section>
+  <section>
+    <h2 data-en="API" data-ar="واجهة البرمجة">API</h2>
+    <table>
+      <thead><tr>
+        <th data-en="Endpoint" data-ar="نقطة النهاية">Endpoint</th>
+        <th data-en="Auth" data-ar="المصادقة">Auth</th>
+        <th data-en="Purpose" data-ar="الغرض">Purpose</th>
+      </tr></thead>
+      <tbody>
+        <tr><td><code>POST /api/customer/shieldlink/sites/:siteId/brand</code></td><td>User</td><td data-en="Apply for verified brand" data-ar="طلب جهة موثّقة">Apply for verified brand</td></tr>
+        <tr><td><code>POST /api/customer/shieldlink/sites/:siteId/sign</code></td><td>User · Pro+</td><td data-en="Sign a link" data-ar="توقيع رابط">Sign a link</td></tr>
+        <tr><td><code>GET /api/customer/shieldlink/sites/:siteId/links</code></td><td>User · Pro+</td><td data-en="List signed links" data-ar="قائمة الروابط الموقّعة">List signed links</td></tr>
+        <tr><td><code>POST /api/customer/shieldlink/sites/:siteId/links/:id/revoke</code></td><td>User · Pro+</td><td data-en="Revoke a link" data-ar="إلغاء رابط">Revoke a link</td></tr>
+        <tr><td><code>GET /api/shieldlink/verify?token=…</code></td><td data-en="Public" data-ar="عام">Public</td><td data-en="Verify a token (used by Trust Preview)" data-ar="التحقق من رمز رابط">Verify a token</td></tr>
+        <tr><td><code>POST /api/shieldlink/report</code></td><td data-en="Public" data-ar="عام">Public</td><td data-en="Report a phishing link" data-ar="الإبلاغ عن رابط تصيّد">Report a phishing link</td></tr>
+      </tbody>
+    </table>
+  </section>
+  <section>
+    <h2 data-en="Pricing" data-ar="الأسعار">Pricing</h2>
+    <div class="price">
+      <div class="plan"><h3>Free / Starter</h3><div class="p" data-en="Not included" data-ar="غير متاح">Not included</div>
+        <ul><li data-en="Verify links others sent" data-ar="التحقق من روابط الآخرين">Verify links others sent</li><li data-en="Submit phishing reports" data-ar="إرسال البلاغات">Submit phishing reports</li></ul>
+      </div>
+      <div class="plan pro"><h3>Pro · $99/mo</h3><div class="p">✓</div>
+        <ul>
+          <li data-en="Verified Brand badge (after review)" data-ar="شارة الجهة الموثّقة (بعد المراجعة)">Verified Brand badge (after review)</li>
+          <li data-en="Sign unlimited links" data-ar="توقيع روابط غير محدودة">Sign unlimited links</li>
+          <li data-en="Revocation + key rotation" data-ar="إلغاء + تدوير المفاتيح">Revocation + key rotation</li>
+          <li data-en="Per-link analytics" data-ar="تحليلات لكل رابط">Per-link analytics</li>
+        </ul>
+      </div>
+      <div class="plan"><h3>Enterprise</h3><div class="p" data-en="Custom" data-ar="مخصّص">Custom</div>
+        <ul>
+          <li data-en="Everything in Pro" data-ar="كل ما في Pro">Everything in Pro</li>
+          <li data-en="Custom domain for /l/ links" data-ar="نطاق مخصّص لروابط /l/">Custom domain for /l/ links</li>
+          <li data-en="BYOK signing keys, on-prem option" data-ar="مفاتيح خاصة بك أو نشر داخلي">BYOK signing keys, on-prem option</li>
+          <li data-en="Priority brand review &amp; SLA" data-ar="مراجعة فورية واتفاقية مستوى خدمة">Priority review &amp; SLA</li>
+        </ul>
+      </div>
+    </div>
+    <p style="text-align:center;margin-top:24px"><a class="cta" href="/register.html" data-en="Start with Pro" data-ar="ابدأ بخطة Pro">Start with Pro</a></p>
+  </section>
+  <footer>
+    <p>© Web Agent Bridge · <a href="/" style="color:var(--muted)">webagentbridge.com</a></p>
+  </footer>
+</div>
+<script>
+  (function(){
+    const html = document.documentElement;
+    const btn = document.getElementById('lang-toggle');
+    function set(lang){
+      html.setAttribute('lang', lang);
+      html.setAttribute('dir', lang === 'ar' ? 'rtl' : 'ltr');
+      document.querySelectorAll('[data-en]').forEach(el => el.textContent = el.getAttribute('data-' + lang) || el.getAttribute('data-en'));
+      btn.textContent = lang === 'ar' ? 'English' : 'عربي';
+    }
+    btn.onclick = () => set(html.getAttribute('lang') === 'ar' ? 'en' : 'ar');
+    if ((navigator.language||'').startsWith('ar')) set('ar');
+  })();
+</script>
+</body>
+</html>

package/public/shieldqr.html ADDED Viewed

@@ -0,0 +1,231 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>WAB ShieldQR — Scan QR codes safely</title>
+  <meta name="description" content="Scan any QR code in your browser and instantly verify the destination with WAB ShieldQR — DNS trust, Ed25519 signatures, SSL inspection.">
+  <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap" rel="stylesheet">
+  <link rel="stylesheet" href="/css/styles.css">
+  <style>
+    body { font-family: 'Inter', system-ui, sans-serif; margin:0; background:#0f172a; color:#e2e8f0; min-height:100vh; }
+    .wrap { max-width: 720px; margin: 0 auto; padding: 28px 18px 60px; }
+    h1 { font-size: 1.8rem; margin: 0 0 6px; display:flex; align-items:center; gap:10px; }
+    .sub { color:#94a3b8; margin: 0 0 22px; }
+    .card { background:#1e293b; border:1px solid #334155; border-radius:14px; padding:18px; margin-bottom:16px; }
+    #reader { width:100%; border-radius:10px; overflow:hidden; background:#000; }
+    #reader video { width:100%; max-height:60vh; }
+    .controls { display:flex; gap:8px; flex-wrap:wrap; margin-top:10px; }
+    .btn { padding:10px 16px; border-radius:8px; border:none; font-weight:600; cursor:pointer; font-size:.95rem; }
+    .btn-primary { background:#6366f1; color:#fff; }
+    .btn-primary:hover { background:#4f46e5; }
+    .btn-secondary { background:#334155; color:#e2e8f0; }
+    .btn-danger { background:#dc2626; color:#fff; }
+    .btn-success { background:#16a34a; color:#fff; }
+    input[type=text] { flex:1; min-width:200px; padding:10px 12px; border-radius:8px; border:1px solid #475569; background:#0f172a; color:#e2e8f0; font-size:.95rem; }
+    .verdict { padding:18px; border-radius:14px; border:2px solid; }
+    .verdict.green  { border-color:#16a34a; background:rgba(22,163,74,.08); }
+    .verdict.yellow { border-color:#ca8a04; background:rgba(202,138,4,.08); }
+    .verdict.red    { border-color:#dc2626; background:rgba(220,38,38,.08); }
+    .verdict h2 { margin:0 0 6px; font-size:1.4rem; }
+    .verdict .score { font-size:2.4rem; font-weight:800; }
+    .verdict .url { font-family: ui-monospace, Menlo, monospace; font-size:.85rem; word-break: break-all; color:#cbd5e1; margin: 6px 0 12px; }
+    .signals { margin-top:10px; }
+    .signal { padding:8px 10px; border-radius:8px; background:#0f172a; margin-bottom:6px; font-size:.85rem; display:flex; gap:8px; align-items:flex-start; }
+    .signal .sev { font-size:.7rem; font-weight:700; padding:1px 6px; border-radius:4px; text-transform:uppercase; flex-shrink:0; }
+    .sev-low    { background:#0ea5e9; color:#fff; }
+    .sev-medium { background:#ca8a04; color:#fff; }
+    .sev-high   { background:#dc2626; color:#fff; }
+    .meta { display:grid; grid-template-columns:repeat(auto-fit, minmax(140px,1fr)); gap:8px; margin-top:10px; font-size:.85rem; }
+    .meta div { background:#0f172a; padding:8px 10px; border-radius:8px; }
+    .meta .lbl { color:#94a3b8; font-size:.7rem; text-transform:uppercase; letter-spacing:.04em; }
+    .hidden { display:none !important; }
+    .footer-note { color:#64748b; font-size:.8rem; text-align:center; margin-top:30px; }
+    a { color:#a5b4fc; }
+  </style>
+  <!-- html5-qrcode loader (CSP-allowed origin) -->
+  <script src="https://unpkg.com/html5-qrcode@2.3.8/html5-qrcode.min.js"></script>
+</head>
+<body>
+<div class="wrap">
+  <h1>🛡️ WAB ShieldQR</h1>
+  <p class="sub">Scan any QR code in your browser. We verify the destination with DNS trust records, Ed25519 signatures, and live SSL inspection — <strong>before</strong> you ever open the link.</p>
+  <div class="card">
+    <div id="reader"></div>
+    <div class="controls">
+      <button id="startCam" class="btn btn-primary">📷 Start camera</button>
+      <button id="stopCam"  class="btn btn-secondary hidden">⏹ Stop</button>
+    </div>
+  </div>
+  <div class="card">
+    <strong>Or paste a URL manually:</strong>
+    <div class="controls" style="margin-top:8px;">
+      <input id="manualUrl" type="text" placeholder="https://example.com/...">
+      <button id="manualScan" class="btn btn-primary">Verify</button>
+    </div>
+  </div>
+  <div id="result" class="card hidden"></div>
+  <p class="footer-note">
+    Powered by <a href="/">Web Agent Bridge</a> · ShieldQR is open and free for everyone ·
+    <a href="/api/shieldqr/recent" target="_blank">Recent scans</a>
+  </p>
+</div>
+<script>
+(function () {
+  const el = (id) => document.getElementById(id);
+  const H = (s) => String(s == null ? '' : s).replace(/[&<>"']/g, (c) =>
+    ({'&':'&amp;','<':'&lt;','>':'&gt;','"':'&quot;',"'":'&#39;'}[c]));
+  let scanner = null; let lastResult = null;
+  function startCamera() {
+    if (typeof Html5Qrcode === 'undefined') {
+      alert('QR library failed to load. Check your network or use the manual URL field.');
+      return;
+    }
+    el('startCam').classList.add('hidden');
+    el('stopCam').classList.remove('hidden');
+    scanner = new Html5Qrcode('reader');
+    scanner.start(
+      { facingMode: 'environment' },
+      { fps: 10, qrbox: { width: 260, height: 260 } },
+      (decodedText) => {
+        scanner.stop().catch(() => {});
+        el('startCam').classList.remove('hidden');
+        el('stopCam').classList.add('hidden');
+        verify(decodedText);
+      },
+      () => {} // ignore per-frame errors
+    ).catch((err) => {
+      alert('Camera error: ' + err);
+      el('startCam').classList.remove('hidden');
+      el('stopCam').classList.add('hidden');
+    });
+  }
+  function stopCamera() {
+    if (!scanner) return;
+    scanner.stop().catch(() => {}).finally(() => {
+      el('startCam').classList.remove('hidden');
+      el('stopCam').classList.add('hidden');
+      scanner = null;
+    });
+  }
+  async function verify(url) {
+    const result = el('result');
+    result.classList.remove('hidden');
+    result.innerHTML = '<div style="text-align:center;padding:20px;">⏳ Verifying <strong>' + H(url) + '</strong>…</div>';
+    try {
+      const r = await fetch('/api/shieldqr/scan', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ url }),
+      });
+      const data = await r.json();
+      if (!r.ok) throw new Error(data.error || 'scan failed');
+      lastResult = data;
+      renderVerdict(data, url);
+    } catch (err) {
+      result.innerHTML = '<div style="color:#fca5a5;text-align:center;padding:20px;">❌ ' + H(err.message) + '</div>';
+    }
+  }
+  function renderVerdict(d, url) {
+    const lvl = d.level || 'yellow';
+    const icon = { green: '✅', yellow: '⚠️', red: '🛑' }[lvl] || '⚠️';
+    const headline = { green: 'Safe — verified', yellow: 'Caution — incomplete trust', red: 'Dangerous — do not open' }[lvl];
+    const sslDays = d.ssl && d.ssl.days_until_expiry != null ? d.ssl.days_until_expiry : '—';
+    const trustOk = d.trust && d.trust.ok ? '✅ Signed' : '—';
+    const dnsOk   = d.dns && Array.isArray(d.dns.discovery) && d.dns.discovery.length ? '✅ Present' : '—';
+    const signals = (d.signals || []).map((s) => `
+      <div class="signal">
+        <span class="sev sev-${H(s.severity || 'low')}">${H(s.severity || 'low')}</span>
+        <div><strong>${H(s.id || '')}</strong> — ${H(s.message || '')}</div>
+      </div>
+    `).join('') || '<div class="signal"><span class="sev sev-low">ok</span><div>No signals raised.</div></div>';
+    const openBtn = lvl === 'green'
+      ? `<a class="btn btn-success" href="${H(url)}" target="_blank" rel="noopener noreferrer">Open destination →</a>`
+      : `<button class="btn btn-danger" data-action="forceOpen">Open anyway (risky)</button>`;
+    el('result').innerHTML = `
+      <div class="verdict ${H(lvl)}">
+        <div style="display:flex;justify-content:space-between;align-items:flex-start;gap:14px;flex-wrap:wrap;">
+          <div>
+            <h2>${icon} ${H(headline)}</h2>
+            <div class="url">${H(url)}</div>
+          </div>
+          <div style="text-align:right;">
+            <div class="score">${d.score ?? '—'}</div>
+            <div style="font-size:.7rem;color:#94a3b8;text-transform:uppercase;letter-spacing:.05em;">score / 100</div>
+          </div>
+        </div>
+        <div class="meta">
+          <div><div class="lbl">Host</div>${H(d.host || '—')}</div>
+          <div><div class="lbl">DNS _wab</div>${dnsOk}</div>
+          <div><div class="lbl">Signed wab.json</div>${trustOk}</div>
+          <div><div class="lbl">SSL valid for</div>${sslDays} days</div>
+        </div>
+        <div class="signals">${signals}</div>
+        <div class="controls" style="margin-top:14px;">
+          ${openBtn}
+          <button class="btn btn-secondary" data-action="rescan">Scan another</button>
+          <button class="btn btn-danger" data-action="report">Report this URL</button>
+        </div>
+      </div>
+    `;
+    el('result').querySelector('[data-action="rescan"]').addEventListener('click', () => {
+      el('result').classList.add('hidden');
+      el('manualUrl').value = '';
+    });
+    const forceBtn = el('result').querySelector('[data-action="forceOpen"]');
+    if (forceBtn) {
+      forceBtn.addEventListener('click', () => {
+        if (confirm('This site has not been verified as safe. Open anyway?')) {
+          window.open(url, '_blank', 'noopener,noreferrer');
+        }
+      });
+    }
+    el('result').querySelector('[data-action="report"]').addEventListener('click', () => reportUrl(url));
+  }
+  async function reportUrl(url) {
+    const reason = prompt('Why are you reporting this URL? (e.g. phishing, malware, scam)');
+    if (!reason || reason.trim().length < 4) return;
+    try {
+      const r = await fetch('/api/shieldqr/report', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ url, reason: reason.trim(), scan_id: lastResult && lastResult.scan_id }),
+      });
+      const data = await r.json();
+      if (!r.ok) throw new Error(data.error || 'report failed');
+      alert('Thank you — your report has been submitted.');
+    } catch (err) {
+      alert('Report failed: ' + err.message);
+    }
+  }
+  el('startCam').addEventListener('click', startCamera);
+  el('stopCam').addEventListener('click', stopCamera);
+  el('manualScan').addEventListener('click', () => {
+    const u = el('manualUrl').value.trim();
+    if (u) verify(u);
+  });
+  el('manualUrl').addEventListener('keydown', (e) => {
+    if (e.key === 'Enter') { e.preventDefault(); el('manualScan').click(); }
+  });
+})();
+</script>
+</body>
+</html>

package/public/sitemap.xml CHANGED Viewed

@@ -2,16 +2,34 @@
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
   <url>
     <loc>https://webagentbridge.com/</loc>
-    <lastmod>2026-03-28</lastmod>
+    <lastmod>2026-05-13</lastmod>
     <changefreq>weekly</changefreq>
     <priority>1.0</priority>
   </url>
+  <url>
+    <loc>https://webagentbridge.com/ring4</loc>
+    <lastmod>2026-05-13</lastmod>
+    <changefreq>weekly</changefreq>
+    <priority>0.95</priority>
+  </url>
+  <url>
+    <loc>https://webagentbridge.com/milestones</loc>
+    <lastmod>2026-05-13</lastmod>
+    <changefreq>weekly</changefreq>
+    <priority>0.9</priority>
+  </url>
   <url>
     <loc>https://webagentbridge.com/docs</loc>
     <lastmod>2026-03-28</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.9</priority>
   </url>
+  <url>
+    <loc>https://webagentbridge.com/whitepaper</loc>
+    <lastmod>2026-05-03</lastmod>
+    <changefreq>yearly</changefreq>
+    <priority>0.95</priority>
+  </url>
   <url>
     <loc>https://webagentbridge.com/premium</loc>
     <lastmod>2026-03-28</lastmod>