npm - web-agent-bridge - Versions diffs - 3.3.0 → 3.8.1 - Mend

web-agent-bridge 3.3.0 → 3.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (312) hide show

package/LICENSE +84 -72
package/README.ar.md +1563 -1286
package/README.md +137 -1764
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -237
package/bin/wab-init.js +244 -0
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -0
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -0
package/examples/cpanel-wab-dns.js +114 -0
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -0
package/examples/gcp-dns-wab.js +76 -0
package/examples/governance-agent.js +169 -0
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -0
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -0
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -0
package/examples/self-discovery.js +106 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -0
package/examples/wab-verify.js +60 -0
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +93 -93
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -8
package/public/.well-known/wab.json +28 -0
package/public/activate.html +448 -0
package/public/adopt.html +236 -0
package/public/adoption-metrics.html +188 -0
package/public/agent-workspace.html +359 -349
package/public/ai.html +198 -198
package/public/api.html +397 -413
package/public/azure-dns-integration.html +289 -0
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -0
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -0
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1401 -1235
package/public/dashboard-shieldlink.html +295 -0
package/public/dashboard.html +711 -706
package/public/dns.html +436 -507
package/public/docs.html +588 -587
package/public/enterprise-mesh.ar.html +80 -0
package/public/enterprise-mesh.html +81 -0
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -0
package/public/governance.ar.html +70 -0
package/public/governance.html +69 -0
package/public/growth.html +465 -463
package/public/index.html +1372 -1070
package/public/integrations.html +556 -556
package/public/js/activate.js +449 -0
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +117 -31
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -0
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/l-preview.html +242 -0
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/milestones.html +346 -0
package/public/one-click.html +779 -0
package/public/openapi.json +669 -580
package/public/partners.ar.html +145 -0
package/public/partners.html +143 -0
package/public/phone-shield.html +281 -281
package/public/plesk-integration.html +375 -0
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -0
package/public/provider-sandbox.html +134 -0
package/public/providers.html +359 -0
package/public/refusals.html +172 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -0
package/public/ring4.html +292 -0
package/public/robots.txt +99 -87
package/public/route53-integration.html +531 -0
package/public/score.html +263 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -8
package/public/shieldlink.html +244 -0
package/public/shieldqr.html +231 -0
package/public/sitemap.xml +19 -1
package/public/terms.html +256 -256
package/public/trust-graph-api.ar.html +92 -0
package/public/trust-graph-api.html +91 -0
package/public/wab-features.html +560 -0
package/public/wab-trust.html +200 -0
package/public/wab-truth.html +375 -0
package/public/wab-vs-protocols.html +210 -0
package/public/whitepaper.html +449 -0
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/auto-discovery.js +301 -0
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -0
package/sdk/index.d.ts +464 -464
package/sdk/index.js +649 -636
package/sdk/multi-agent.js +318 -318
package/sdk/package.json +2 -2
package/sdk/safe-mode.js +221 -0
package/sdk/safety-shield.js +219 -219
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +412 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +790 -531
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/api-tier.js +170 -0
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -157
package/server/middleware/wab-trust.js +141 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/006_growth_suite.sql +138 -0
package/server/migrations/007_governance.sql +106 -0
package/server/migrations/008_plans.sql +144 -0
package/server/migrations/009_shieldqr.sql +30 -0
package/server/migrations/010_extended_trust.sql +33 -0
package/server/migrations/011_outreach.sql +47 -0
package/server/migrations/012_shieldlink.sql +116 -0
package/server/migrations/013_ct_monitor.sql +13 -0
package/server/migrations/014_wab_advanced_features.sql +128 -0
package/server/migrations/015_wab_truth_layer.sql +101 -0
package/server/migrations/016_ring4_external_trust.sql +84 -0
package/server/migrations/017_ring4_extensions.sql +69 -0
package/server/migrations/018_commercial_foundations.sql +167 -0
package/server/migrations/019_unify_tier_constraints.sql +133 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -681
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/activate.js +478 -0
package/server/routes/admin-outreach.js +239 -0
package/server/routes/admin-plans.js +76 -0
package/server/routes/admin-premium.js +674 -671
package/server/routes/admin-shieldlink.js +137 -0
package/server/routes/admin-shieldqr.js +90 -0
package/server/routes/admin-trust-monitor.js +139 -0
package/server/routes/admin.js +550 -261
package/server/routes/adopt.js +61 -0
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api-keys.js +127 -0
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -45
package/server/routes/commander.js +316 -316
package/server/routes/customer-shieldlink.js +133 -0
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -154
package/server/routes/diagnose.js +373 -0
package/server/routes/discovery.js +2348 -417
package/server/routes/enterprise-mesh.js +170 -0
package/server/routes/gateway.js +173 -173
package/server/routes/governance-saas.js +203 -0
package/server/routes/governance.js +208 -0
package/server/routes/growth.js +1048 -0
package/server/routes/intent.js +328 -0
package/server/routes/license.js +251 -251
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/partners.js +201 -0
package/server/routes/plans.js +33 -0
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -0
package/server/routes/reputation.js +411 -0
package/server/routes/ring4.js +885 -0
package/server/routes/runtime.js +2148 -2148
package/server/routes/shieldlink.js +70 -0
package/server/routes/shieldqr.js +88 -0
package/server/routes/sovereign.js +465 -465
package/server/routes/truth-layer.js +670 -0
package/server/routes/universal.js +200 -200
package/server/routes/unsubscribe.js +51 -0
package/server/routes/wab-api.js +850 -850
package/server/routes/wab-cache.js +282 -0
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/secrets/wab-signing-key.pem +3 -0
package/server/secrets/wab-signing-pub.pem +3 -0
package/server/security/cross-site-redactor.js +196 -196
package/server/security/dry-run.js +180 -180
package/server/security/human-gate-rate-limit.js +147 -147
package/server/security/human-gate-transports.js +178 -178
package/server/security/human-gate.js +281 -281
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -245
package/server/security/reward-guard.js +171 -171
package/server/security/rollback-store.js +239 -239
package/server/security/token-scope.js +404 -404
package/server/security/url-policy.js +139 -139
package/server/services/adoption-agent.js +182 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -601
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -555
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -292
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -204
package/server/services/fairness-engine.js +409 -0
package/server/services/fairness.js +420 -0
package/server/services/governance.js +466 -0
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/outreach-agent.js +312 -0
package/server/services/plans.js +214 -0
package/server/services/plugins.js +771 -771
package/server/services/premium.js +1 -1
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -0
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldlink.js +492 -0
package/server/services/shieldqr.js +322 -0
package/server/services/sovereign-shield.js +542 -542
package/server/services/ssl-ct-monitor.js +224 -0
package/server/services/ssl-inspector.js +42 -0
package/server/services/ssl-monitor.js +167 -0
package/server/services/stripe.js +206 -192
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +662 -662
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -0
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -228
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/templates/ring4/banking-sovereign.yaml +55 -0
package/templates/ring4/ecommerce-sovereign.yaml +58 -0
package/templates/ring4/healthcare-sovereign.yaml +60 -0

package/examples/dns-discovery-agent.js ADDED Viewed

@@ -0,0 +1,166 @@
+#!/usr/bin/env node
+'use strict';
+/**
+ * Official WAB DNS Discovery consumer (multi-site).
+ *
+ * Proves the full value chain per domain:
+ *   1) discover via _wab TXT
+ *   2) fetch wab.json endpoint
+ *   3) call agent endpoints (/api/wab/discover, /api/wab/ping)
+ *
+ * Usage:
+ *   node examples/dns-discovery-agent.js webagentbridge.com example.com
+ */
+const { verify } = require('../packages/dns-verify/src');
+const { safeFetch } = require('../server/utils/safe-fetch');
+function sanitizeDomain(raw) {
+  return String(raw || '')
+    .trim()
+    .toLowerCase()
+    .replace(/^https?:\/\//, '')
+    .replace(/\/.*$/, '')
+    .replace(/:\d+$/, '')
+    .replace(/^www\./, '');
+}
+function parseEndpoint(record) {
+  if (!record || !record.parsed) return null;
+  return record.parsed.endpoint || null;
+}
+function logStep(ok, label, detail) {
+  const icon = ok ? 'OK' : 'NO';
+  const extra = detail ? ` - ${detail}` : '';
+  console.log(`[${icon}] ${label}${extra}`);
+}
+async function runDomain(domain) {
+  console.log('\n=== ' + domain + ' ===');
+  const result = {
+    domain,
+    dns: null,
+    endpoint: null,
+    wabJson: null,
+    discover: null,
+    ping: null,
+    ok: false,
+  };
+  const proof = await verify(domain, { timeoutMs: 6000 }).catch((err) => ({
+    ok: false,
+    records: [{ type: '_wab', error: err.message }],
+  }));
+  const wabRecord = (proof.records || []).find((r) => r.type === '_wab') || null;
+  result.dns = wabRecord;
+  logStep(!!(wabRecord && wabRecord.ok), 'DNS discovery', wabRecord && (wabRecord.error || wabRecord.fqdn));
+  const endpoint = parseEndpoint(wabRecord);
+  result.endpoint = endpoint;
+  if (!endpoint) {
+    logStep(false, 'wab.json endpoint', 'missing endpoint= in _wab record');
+    return result;
+  }
+  logStep(true, 'wab.json endpoint', endpoint);
+  const endpointUrl = new URL(endpoint);
+  const allowList = [domain, '*.' + domain, endpointUrl.hostname, '*.' + endpointUrl.hostname]
+    .filter((v, i, a) => a.indexOf(v) === i);
+  try {
+    const wabRes = await safeFetch(endpointUrl.toString(), { headers: { accept: 'application/json' } }, {
+      requireHttps: true,
+      allowList,
+      timeoutMs: 8000,
+      maxBytes: 1024 * 1024,
+      allowedContentTypes: ['application/json', 'application/ld+json', 'text/plain'],
+    });
+    const wabJson = await wabRes.json();
+    result.wabJson = wabJson;
+    logStep(wabRes.ok, 'Fetch wab.json', wabRes.status + ' ' + (wabJson.provider && wabJson.provider.name || 'unknown provider'));
+  } catch (err) {
+    logStep(false, 'Fetch wab.json', err.message);
+    return result;
+  }
+  const origin = endpointUrl.origin;
+  const discoverUrl = origin + '/api/wab/discover';
+  const fallbackDiscoverUrl = origin + '/agent-bridge.json';
+  try {
+    const discoverRes = await safeFetch(discoverUrl, { headers: { accept: 'application/json' } }, {
+      requireHttps: true,
+      allowList,
+      timeoutMs: 8000,
+      maxBytes: 1024 * 1024,
+      allowedContentTypes: ['application/json'],
+    });
+    if (discoverRes.ok) {
+      const discoverJson = await discoverRes.json();
+      result.discover = discoverJson;
+      logStep(true, 'Agent discover', 'GET /api/wab/discover');
+    } else {
+      const fallbackRes = await safeFetch(fallbackDiscoverUrl, { headers: { accept: 'application/json' } }, {
+        requireHttps: true,
+        allowList,
+        timeoutMs: 8000,
+        maxBytes: 1024 * 1024,
+        allowedContentTypes: ['application/json'],
+      });
+      const fallbackJson = await fallbackRes.json().catch(() => ({}));
+      if (fallbackRes.ok) {
+        result.discover = fallbackJson;
+        logStep(true, 'Agent discover', `fallback /agent-bridge.json (discover HTTP ${discoverRes.status})`);
+      } else {
+        logStep(false, 'Agent discover', `discover HTTP ${discoverRes.status}; fallback HTTP ${fallbackRes.status}`);
+      }
+    }
+  } catch (err) {
+    logStep(false, 'Agent discover', err.message);
+  }
+  try {
+    const pingRes = await safeFetch(origin + '/api/wab/ping', { headers: { accept: 'application/json' } }, {
+      requireHttps: true,
+      allowList,
+      timeoutMs: 8000,
+      maxBytes: 512 * 1024,
+      allowedContentTypes: ['application/json'],
+    });
+    const pingJson = await pingRes.json();
+    result.ping = pingJson;
+    logStep(pingRes.ok, 'Agent execute', 'GET /api/wab/ping => pong=' + !!(pingJson.result && pingJson.result.pong));
+  } catch (err) {
+    logStep(false, 'Agent execute', err.message);
+  }
+  result.ok = !!(result.dns && result.dns.ok && result.wabJson && result.ping);
+  return result;
+}
+async function main() {
+  const domains = process.argv.slice(2).map(sanitizeDomain).filter(Boolean);
+  if (domains.length === 0) {
+    console.error('Usage: node examples/dns-discovery-agent.js <domain1> [domain2] [...]');
+    process.exit(1);
+  }
+  const outputs = [];
+  for (const domain of domains) {
+    outputs.push(await runDomain(domain));
+  }
+  const passed = outputs.filter((o) => o.ok).length;
+  console.log('\nSummary: ' + passed + '/' + outputs.length + ' domains passed full flow');
+  if (passed !== outputs.length) process.exitCode = 2;
+}
+main().catch((err) => {
+  console.error('Fatal:', err && err.stack || err);
+  process.exit(1);
+});

package/examples/gcp-dns-wab.js ADDED Viewed

@@ -0,0 +1,76 @@
+#!/usr/bin/env node
+/**
+ * gcp-dns-wab.js — enable/disable WAB DNS Discovery TXT record on Google Cloud DNS.
+ *
+ * Usage:
+ *   node gcp-dns-wab.js enable  example.com my-project example-com
+ *   node gcp-dns-wab.js disable example.com my-project example-com
+ *   node gcp-dns-wab.js status  example.com
+ *
+ * Auth: uses Application Default Credentials (run `gcloud auth application-default login`)
+ *       or set GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account.json
+ *
+ * Required: @google-cloud/dns
+ *   npm install @google-cloud/dns
+ */
+'use strict';
+const fetch = (() => { try { return require('node-fetch'); } catch { return globalThis.fetch; } })();
+const { DNS } = require('@google-cloud/dns');
+const [,, action, domain, projectId, zoneName] = process.argv;
+const WAB_BASE = process.env.WAB_BASE_URL  || 'https://www.webagentbridge.com';
+const ENDPOINT = process.env.WAB_ENDPOINT  || `https://${domain}/.well-known/wab.json`;
+if (!action || !domain) { console.error('Usage: node gcp-dns-wab.js <enable|disable|status> <domain> [projectId] [zoneName]'); process.exit(1); }
+if (!['enable','disable','status'].includes(action)) { console.error('Action must be: enable | disable | status'); process.exit(1); }
+if (action !== 'status' && (!projectId || !zoneName)) { console.error('projectId and zoneName required for enable/disable'); process.exit(1); }
+async function getRecordTemplate() {
+  const j = await (await fetch(`${WAB_BASE}/api/discovery/provider/record-template?domain=${encodeURIComponent(domain)}&endpoint=${encodeURIComponent(ENDPOINT)}`)).json();
+  if (!j.record || !j.record.value) throw new Error('Could not fetch WAB record template');
+  const v = j.record.value;
+  return v.startsWith('"') ? v : `"${v}"`;
+}
+async function main() {
+  console.log(`[WAB] Action: ${action} | Domain: ${domain}`);
+  if (action === 'status') {
+    const j = await (await fetch(`${WAB_BASE}/api/discovery/provider/status?domain=${encodeURIComponent(domain)}`)).json();
+    console.log(`[WAB] Status: ${j.status}`);
+    console.log(JSON.stringify(j, null, 2));
+    return;
+  }
+  const dns  = new DNS({ projectId });
+  const zone = dns.zone(zoneName);
+  const fqdn = `_wab.${domain}.`;
+  const [existing] = await zone.getRecords({ type: 'TXT', name: fqdn });
+  console.log(`[GCP] Existing _wab TXT records: ${existing.length}`);
+  if (action === 'enable') {
+    const txtVal = await getRecordTemplate();
+    console.log(`[WAB] TXT value: ${txtVal}`);
+    const newRecord = zone.record('txt', { name: fqdn, ttl: 3600, data: txtVal });
+    if (existing.length) {
+      const [change] = await zone.createChange({ delete: existing, add: newRecord });
+      console.log(`[GCP] Replaced (change id=${change.id}, status=${change.metadata.status})`);
+    } else {
+      const [change] = await zone.createChange({ add: newRecord });
+      console.log(`[GCP] Created (change id=${change.id}, status=${change.metadata.status})`);
+    }
+    console.log('[WAB] WAB Discovery ENABLED.');
+  }
+  if (action === 'disable') {
+    if (!existing.length) { console.log('[GCP] No _wab record found — already disabled.'); return; }
+    const [change] = await zone.createChange({ delete: existing });
+    console.log(`[GCP] Deleted (change id=${change.id}, status=${change.metadata.status})`);
+    console.log('[WAB] WAB Discovery DISABLED.');
+  }
+}
+main().catch(err => { console.error('[ERROR]', err.message); process.exit(1); });

package/examples/governance-agent.js ADDED Viewed

@@ -0,0 +1,169 @@
+#!/usr/bin/env node
+/**
+ * WAB Governance Demo
+ * ───────────────────
+ * Walks through the full Layer-3 governance pipeline:
+ *
+ *   1) register agent → get one-time token
+ *   2) define permission boundaries (Stripe read-only + refund <$50 + ClickUp write)
+ *   3) try a forbidden action  → DENIED
+ *   4) try an allowed action   → ALLOWED + audited
+ *   5) try a high-value refund → APPROVAL_REQUIRED → human approves → executed
+ *   6) verify audit chain      → tamper-evident
+ *   7) kill switch             → all subsequent actions DENIED
+ *
+ * Run:
+ *   node examples/governance-agent.js
+ *   WAB_API=http://localhost:3000 node examples/governance-agent.js
+ */
+'use strict';
+const { WABGovernance } = require('../sdk');
+const API = process.env.WAB_API || 'http://localhost:3000';
+const c = {
+  reset: '\x1b[0m', dim: '\x1b[2m', bold: '\x1b[1m',
+  green: '\x1b[32m', red: '\x1b[31m', yellow: '\x1b[33m',
+  blue: '\x1b[34m', cyan: '\x1b[36m', magenta: '\x1b[35m',
+};
+const log  = (msg) => console.log(msg);
+const head = (n, msg) => log(`\n${c.bold}${c.cyan}── ${n}. ${msg} ──${c.reset}`);
+const ok   = (m) => log(`  ${c.green}✓${c.reset} ${m}`);
+const no   = (m) => log(`  ${c.red}✗${c.reset} ${m}`);
+const info = (m) => log(`  ${c.dim}${m}${c.reset}`);
+async function main() {
+  log(`${c.bold}${c.magenta}WAB Agent Governance Demo${c.reset}  ${c.dim}(API: ${API})${c.reset}`);
+  // ── 1) Register a fresh agent identity
+  head(1, 'Register agent');
+  const reg = await WABGovernance.register({
+    apiBase: API,
+    displayName: 'Demo Agent — Stripe + ClickUp',
+    metadata: { demo: true, created: Date.now() },
+  });
+  ok(`agent_id   = ${reg.agent_id}`);
+  ok(`agent_token (shown ONCE) = ${reg.agent_token.slice(0, 12)}…`);
+  const gov = new WABGovernance({
+    apiBase:    API,
+    agentId:    reg.agent_id,
+    agentToken: reg.agent_token,
+    // Auto-approve in this demo (a real app would post to Slack/email).
+    onApprovalRequired: async (req) => {
+      info(`[human approval] resource=${req.resource} action=${req.action} amount=${req.amount}`);
+      info('[human approval] auto-approving in demo (3s think...)');
+      await sleep(3000);
+      return 'approved';
+    },
+    approvalTimeoutMs: 30_000,
+  });
+  // ── 2) Define policies
+  head(2, 'Define permission boundaries');
+  await gov.definePolicy({ resource: 'stripe', action: 'read',  scope: 'customers' });
+  ok('stripe:read on customers');
+  await gov.definePolicy({
+    resource: 'stripe', action: 'write', scope: 'refunds',
+    max_amount: 50, currency: 'USD', daily_cap: 200,
+  });
+  ok('stripe:write on refunds  (max $50/call, $200/day)');
+  await gov.definePolicy({
+    resource: 'stripe', action: 'write', scope: 'refunds-large',
+    max_amount: 5000, currency: 'USD', requires_approval: true,
+  });
+  ok('stripe:write on refunds-large  (≤$5000, REQUIRES HUMAN APPROVAL)');
+  await gov.definePolicy({
+    resource: 'clickup', action: 'write', scope: 'tasks', per_call_rate: 30,
+  });
+  ok('clickup:write on tasks  (rate-limited 30/min)');
+  // ── 3) Forbidden action
+  head(3, 'Attempt forbidden action: gmail:write');
+  try {
+    await gov.guard({ resource: 'gmail', action: 'write', scope: 'inbox' },
+      async () => { throw new Error('should not run'); });
+    no('UNEXPECTED: action ran (governance failed)');
+  } catch (e) {
+    ok(`correctly blocked: ${e.message}`);
+  }
+  // ── 4) Allowed read
+  head(4, 'Allowed action: stripe:read on customers');
+  const r = await gov.guard(
+    { resource: 'stripe', action: 'read', scope: 'customers' },
+    async () => ({ count: 12, sample: [{ id: 'cus_abc', email: 'demo@x' }] }),
+  );
+  ok(`executed in ${r.elapsed_ms}ms — result keys: ${Object.keys(r.result).join(', ')}`);
+  // ── 5) Small refund: under cap, no approval
+  head(5, 'Small refund: $9.99 (under cap)');
+  const r2 = await gov.guard(
+    { resource: 'stripe', action: 'write', scope: 'refunds',
+      amount: 9.99, currency: 'USD',
+      params: { charge: 'ch_xyz', reason: 'duplicate' } },
+    async () => ({ refund_id: 're_demo_' + Date.now(), status: 'succeeded' }),
+  );
+  ok(`refund posted: ${r2.result.refund_id}`);
+  // ── 6) Refund OVER per-call cap → DENIED instantly
+  head(6, 'Refund $9999 with cap=$50 → DENY');
+  try {
+    await gov.guard(
+      { resource: 'stripe', action: 'write', scope: 'refunds',
+        amount: 9999, currency: 'USD' },
+      async () => 'should not run',
+    );
+    no('UNEXPECTED: action ran');
+  } catch (e) {
+    ok(`correctly blocked: ${e.message}`);
+  }
+  // ── 7) Large refund routed through approval gate
+  head(7, 'Large refund $499.99 → APPROVAL GATE');
+  const r3 = await gov.guard(
+    { resource: 'stripe', action: 'write', scope: 'refunds-large',
+      amount: 499.99, currency: 'USD',
+      params: { charge: 'ch_big', reason: 'fraud_dispute' },
+      reason: 'high_value_refund_requires_review' },
+    async () => ({ refund_id: 're_big_' + Date.now(), status: 'succeeded' }),
+  );
+  ok(`approved + executed: ${r3.result.refund_id}`);
+  // ── 8) Audit log + chain verification
+  head(8, 'Audit log + tamper check');
+  const audit = await gov.getAudit({ limit: 20 });
+  info(`last ${audit.audit.length} events:`);
+  for (const ev of audit.audit.slice(0, 8)) {
+    const tag = ev.decision === 'deny' ? c.red : ev.decision === 'pending' ? c.yellow : c.green;
+    log(`    ${tag}${(ev.decision || '·').padEnd(8)}${c.reset}` +
+        ` ${(ev.event_type || '').padEnd(18)} ${ev.resource || ''}/${ev.action || ''}` +
+        ` ${ev.scope ? '['+ev.scope+'] ' : ''}${ev.amount ? '$'+ev.amount : ''}`);
+  }
+  const v = await gov.verifyAudit();
+  if (v.ok) ok(`chain verified: ${v.count} entries, head=${(v.head || '').slice(0, 12)}…`);
+  else      no(`chain BROKEN at id=${v.broken_at}`);
+  // ── 9) Kill switch
+  head(9, 'Kill switch');
+  await gov.kill('demo_complete');
+  ok('agent killed');
+  try {
+    await gov.guard({ resource: 'stripe', action: 'read', scope: 'customers' },
+      async () => 'should not run');
+    no('UNEXPECTED: action ran after kill');
+  } catch (e) {
+    ok(`post-kill action blocked: ${e.message}`);
+  }
+  log(`\n${c.bold}${c.green}✓ Demo complete${c.reset}\n`);
+}
+function sleep(ms) { return new Promise((r) => setTimeout(r, ms)); }
+main().catch((e) => {
+  console.error(`\n${c.red}Demo failed:${c.reset}`, e.message);
+  process.exit(1);
+});

package/examples/mcp-agent.js CHANGED Viewed

@@ -1,94 +1,94 @@
-/**
- * Example: Using WAB sites via the MCP adapter
- *
- * The WAB-MCP adapter exposes every WAB site action as an MCP tool,
- * so any MCP-compatible AI agent (Claude, GPT, etc.) can interact
- * with WAB-enabled websites through a uniform tool interface.
- *
- * Usage:
- *   node examples/mcp-agent.js <site-url>
- */
-const { WABMCPAdapter } = require('../wab-mcp-adapter');
-const TARGET = process.argv[2] || 'http://localhost:3000';
-async function main() {
-  console.log('\n  WAB → MCP Adapter Demo');
-  console.log(`  Target: ${TARGET}\n`);
-  const adapter = new WABMCPAdapter({
-    siteUrl: TARGET,
-    transport: 'http'
-  });
-  // Step 1: Discover site capabilities
-  console.log('1. Discovering WAB capabilities...');
-  const discovery = await adapter.discover();
-  if (discovery) {
-    console.log(`   Provider: ${discovery.provider?.name || 'unknown'}`);
-    console.log(`   Domain:   ${discovery.provider?.domain || 'unknown'}`);
-    console.log(`   Tier:     ${discovery.capabilities?.tier || 'free'}`);
-    console.log(`   Features: ${(discovery.capabilities?.features || []).join(', ')}`);
-    if (discovery.fairness) {
-      console.log(`   Fairness: score=${discovery.fairness.neutrality_score}, independent=${discovery.fairness.is_independent}`);
-    }
-  } else {
-    console.log('   No discovery document found (site may not have WAB configured)');
-  }
-  // Step 2: List MCP tools
-  console.log('\n2. Available MCP tools:');
-  const tools = await adapter.getTools();
-  tools.forEach(tool => {
-    const params = tool.input_schema?.properties
-      ? Object.keys(tool.input_schema.properties).join(', ')
-      : 'none';
-    console.log(`   - ${tool.name}: ${tool.description} (params: ${params})`);
-  });
-  // Step 3: Execute built-in tools
-  console.log('\n3. Executing wab_get_page_info...');
-  try {
-    const infoResult = await adapter.executeTool('wab_get_page_info', {});
-    const info = infoResult.content;
-    if (infoResult.is_error) {
-      console.log(`   Error: ${info.error}`);
-    } else {
-      console.log(`   Title:   ${info.title || 'N/A'}`);
-      console.log(`   Version: ${info.bridgeVersion || 'N/A'}`);
-      console.log(`   Domain:  ${info.domain || 'N/A'}`);
-    }
-  } catch (err) {
-    console.log(`   Error: ${err.message}`);
-  }
-  // Step 4: Search the fairness registry
-  console.log('\n4. Fairness-weighted search (demo):');
-  try {
-    const searchResult = await adapter.executeTool('wab_fairness_search', {
-      query: 'e-commerce',
-      limit: 5
-    });
-    const search = searchResult.content;
-    if (searchResult.is_error) {
-      console.log(`   Error: ${search.error}`);
-    } else if (search.results?.length) {
-      search.results.forEach(r => {
-        console.log(`   - ${r.name} (${r.domain}) — score: ${r.final_score}`);
-      });
-    } else {
-      console.log('   No sites registered in directory yet.');
-    }
-  } catch (err) {
-    console.log(`   Registry not available: ${err.message}`);
-  }
-  console.log('\nDone. In a real MCP integration, these tools would be');
-  console.log('exposed to Claude/GPT via the MCP tool-use protocol.\n');
-}
-main().catch(err => {
-  console.error('Error:', err.message);
-  process.exit(1);
-});
+/**
+ * Example: Using WAB sites via the MCP adapter
+ *
+ * The WAB-MCP adapter exposes every WAB site action as an MCP tool,
+ * so any MCP-compatible AI agent (Claude, GPT, etc.) can interact
+ * with WAB-enabled websites through a uniform tool interface.
+ *
+ * Usage:
+ *   node examples/mcp-agent.js <site-url>
+ */
+const { WABMCPAdapter } = require('../wab-mcp-adapter');
+const TARGET = process.argv[2] || 'http://localhost:3000';
+async function main() {
+  console.log('\n  WAB → MCP Adapter Demo');
+  console.log(`  Target: ${TARGET}\n`);
+  const adapter = new WABMCPAdapter({
+    siteUrl: TARGET,
+    transport: 'http'
+  });
+  // Step 1: Discover site capabilities
+  console.log('1. Discovering WAB capabilities...');
+  const discovery = await adapter.discover();
+  if (discovery) {
+    console.log(`   Provider: ${discovery.provider?.name || 'unknown'}`);
+    console.log(`   Domain:   ${discovery.provider?.domain || 'unknown'}`);
+    console.log(`   Tier:     ${discovery.capabilities?.tier || 'free'}`);
+    console.log(`   Features: ${(discovery.capabilities?.features || []).join(', ')}`);
+    if (discovery.fairness) {
+      console.log(`   Fairness: score=${discovery.fairness.neutrality_score}, independent=${discovery.fairness.is_independent}`);
+    }
+  } else {
+    console.log('   No discovery document found (site may not have WAB configured)');
+  }
+  // Step 2: List MCP tools
+  console.log('\n2. Available MCP tools:');
+  const tools = await adapter.getTools();
+  tools.forEach(tool => {
+    const params = tool.input_schema?.properties
+      ? Object.keys(tool.input_schema.properties).join(', ')
+      : 'none';
+    console.log(`   - ${tool.name}: ${tool.description} (params: ${params})`);
+  });
+  // Step 3: Execute built-in tools
+  console.log('\n3. Executing wab_get_page_info...');
+  try {
+    const infoResult = await adapter.executeTool('wab_get_page_info', {});
+    const info = infoResult.content;
+    if (infoResult.is_error) {
+      console.log(`   Error: ${info.error}`);
+    } else {
+      console.log(`   Title:   ${info.title || 'N/A'}`);
+      console.log(`   Version: ${info.bridgeVersion || 'N/A'}`);
+      console.log(`   Domain:  ${info.domain || 'N/A'}`);
+    }
+  } catch (err) {
+    console.log(`   Error: ${err.message}`);
+  }
+  // Step 4: Search the fairness registry
+  console.log('\n4. Fairness-weighted search (demo):');
+  try {
+    const searchResult = await adapter.executeTool('wab_fairness_search', {
+      query: 'e-commerce',
+      limit: 5
+    });
+    const search = searchResult.content;
+    if (searchResult.is_error) {
+      console.log(`   Error: ${search.error}`);
+    } else if (search.results?.length) {
+      search.results.forEach(r => {
+        console.log(`   - ${r.name} (${r.domain}) — score: ${r.final_score}`);
+      });
+    } else {
+      console.log('   No sites registered in directory yet.');
+    }
+  } catch (err) {
+    console.log(`   Registry not available: ${err.message}`);
+  }
+  console.log('\nDone. In a real MCP integration, these tools would be');
+  console.log('exposed to Claude/GPT via the MCP tool-use protocol.\n');
+}
+main().catch(err => {
+  console.error('Error:', err.message);
+  process.exit(1);
+});