npm - web-agent-bridge - Versions diffs - 3.3.0 → 3.8.1 - Mend

web-agent-bridge 3.3.0 → 3.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (312) hide show

package/LICENSE +84 -72
package/README.ar.md +1563 -1286
package/README.md +137 -1764
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -237
package/bin/wab-init.js +244 -0
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -0
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -0
package/examples/cpanel-wab-dns.js +114 -0
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -0
package/examples/gcp-dns-wab.js +76 -0
package/examples/governance-agent.js +169 -0
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -0
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -0
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -0
package/examples/self-discovery.js +106 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -0
package/examples/wab-verify.js +60 -0
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +93 -93
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -8
package/public/.well-known/wab.json +28 -0
package/public/activate.html +448 -0
package/public/adopt.html +236 -0
package/public/adoption-metrics.html +188 -0
package/public/agent-workspace.html +359 -349
package/public/ai.html +198 -198
package/public/api.html +397 -413
package/public/azure-dns-integration.html +289 -0
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -0
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -0
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1401 -1235
package/public/dashboard-shieldlink.html +295 -0
package/public/dashboard.html +711 -706
package/public/dns.html +436 -507
package/public/docs.html +588 -587
package/public/enterprise-mesh.ar.html +80 -0
package/public/enterprise-mesh.html +81 -0
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -0
package/public/governance.ar.html +70 -0
package/public/governance.html +69 -0
package/public/growth.html +465 -463
package/public/index.html +1372 -1070
package/public/integrations.html +556 -556
package/public/js/activate.js +449 -0
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +117 -31
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -0
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/l-preview.html +242 -0
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/milestones.html +346 -0
package/public/one-click.html +779 -0
package/public/openapi.json +669 -580
package/public/partners.ar.html +145 -0
package/public/partners.html +143 -0
package/public/phone-shield.html +281 -281
package/public/plesk-integration.html +375 -0
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -0
package/public/provider-sandbox.html +134 -0
package/public/providers.html +359 -0
package/public/refusals.html +172 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -0
package/public/ring4.html +292 -0
package/public/robots.txt +99 -87
package/public/route53-integration.html +531 -0
package/public/score.html +263 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -8
package/public/shieldlink.html +244 -0
package/public/shieldqr.html +231 -0
package/public/sitemap.xml +19 -1
package/public/terms.html +256 -256
package/public/trust-graph-api.ar.html +92 -0
package/public/trust-graph-api.html +91 -0
package/public/wab-features.html +560 -0
package/public/wab-trust.html +200 -0
package/public/wab-truth.html +375 -0
package/public/wab-vs-protocols.html +210 -0
package/public/whitepaper.html +449 -0
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/auto-discovery.js +301 -0
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -0
package/sdk/index.d.ts +464 -464
package/sdk/index.js +649 -636
package/sdk/multi-agent.js +318 -318
package/sdk/package.json +2 -2
package/sdk/safe-mode.js +221 -0
package/sdk/safety-shield.js +219 -219
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +412 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +790 -531
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/api-tier.js +170 -0
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -157
package/server/middleware/wab-trust.js +141 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/006_growth_suite.sql +138 -0
package/server/migrations/007_governance.sql +106 -0
package/server/migrations/008_plans.sql +144 -0
package/server/migrations/009_shieldqr.sql +30 -0
package/server/migrations/010_extended_trust.sql +33 -0
package/server/migrations/011_outreach.sql +47 -0
package/server/migrations/012_shieldlink.sql +116 -0
package/server/migrations/013_ct_monitor.sql +13 -0
package/server/migrations/014_wab_advanced_features.sql +128 -0
package/server/migrations/015_wab_truth_layer.sql +101 -0
package/server/migrations/016_ring4_external_trust.sql +84 -0
package/server/migrations/017_ring4_extensions.sql +69 -0
package/server/migrations/018_commercial_foundations.sql +167 -0
package/server/migrations/019_unify_tier_constraints.sql +133 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -681
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/activate.js +478 -0
package/server/routes/admin-outreach.js +239 -0
package/server/routes/admin-plans.js +76 -0
package/server/routes/admin-premium.js +674 -671
package/server/routes/admin-shieldlink.js +137 -0
package/server/routes/admin-shieldqr.js +90 -0
package/server/routes/admin-trust-monitor.js +139 -0
package/server/routes/admin.js +550 -261
package/server/routes/adopt.js +61 -0
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api-keys.js +127 -0
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -45
package/server/routes/commander.js +316 -316
package/server/routes/customer-shieldlink.js +133 -0
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -154
package/server/routes/diagnose.js +373 -0
package/server/routes/discovery.js +2348 -417
package/server/routes/enterprise-mesh.js +170 -0
package/server/routes/gateway.js +173 -173
package/server/routes/governance-saas.js +203 -0
package/server/routes/governance.js +208 -0
package/server/routes/growth.js +1048 -0
package/server/routes/intent.js +328 -0
package/server/routes/license.js +251 -251
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/partners.js +201 -0
package/server/routes/plans.js +33 -0
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -0
package/server/routes/reputation.js +411 -0
package/server/routes/ring4.js +885 -0
package/server/routes/runtime.js +2148 -2148
package/server/routes/shieldlink.js +70 -0
package/server/routes/shieldqr.js +88 -0
package/server/routes/sovereign.js +465 -465
package/server/routes/truth-layer.js +670 -0
package/server/routes/universal.js +200 -200
package/server/routes/unsubscribe.js +51 -0
package/server/routes/wab-api.js +850 -850
package/server/routes/wab-cache.js +282 -0
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/secrets/wab-signing-key.pem +3 -0
package/server/secrets/wab-signing-pub.pem +3 -0
package/server/security/cross-site-redactor.js +196 -196
package/server/security/dry-run.js +180 -180
package/server/security/human-gate-rate-limit.js +147 -147
package/server/security/human-gate-transports.js +178 -178
package/server/security/human-gate.js +281 -281
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -245
package/server/security/reward-guard.js +171 -171
package/server/security/rollback-store.js +239 -239
package/server/security/token-scope.js +404 -404
package/server/security/url-policy.js +139 -139
package/server/services/adoption-agent.js +182 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -601
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -555
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -292
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -204
package/server/services/fairness-engine.js +409 -0
package/server/services/fairness.js +420 -0
package/server/services/governance.js +466 -0
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/outreach-agent.js +312 -0
package/server/services/plans.js +214 -0
package/server/services/plugins.js +771 -771
package/server/services/premium.js +1 -1
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -0
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldlink.js +492 -0
package/server/services/shieldqr.js +322 -0
package/server/services/sovereign-shield.js +542 -542
package/server/services/ssl-ct-monitor.js +224 -0
package/server/services/ssl-inspector.js +42 -0
package/server/services/ssl-monitor.js +167 -0
package/server/services/stripe.js +206 -192
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +662 -662
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -0
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -228
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/templates/ring4/banking-sovereign.yaml +55 -0
package/templates/ring4/ecommerce-sovereign.yaml +58 -0
package/templates/ring4/healthcare-sovereign.yaml +60 -0

package/server/migrations/006_growth_suite.sql ADDED Viewed

@@ -0,0 +1,138 @@
+-- Growth Suite v2.5 — Tables for Bounty, Score, Data Marketplace,
+-- Email Protection, Affiliate Intelligence, Trust Layer
+-- ═══ Bounty Network ═══
+CREATE TABLE IF NOT EXISTS bounty_reporters (
+  id TEXT PRIMARY KEY,
+  user_id TEXT,
+  token TEXT UNIQUE NOT NULL,
+  display_name TEXT NOT NULL DEFAULT 'Anonymous',
+  credits INTEGER DEFAULT 0,
+  total_reports INTEGER DEFAULT 0,
+  verified_reports INTEGER DEFAULT 0,
+  created_at TEXT DEFAULT (datetime('now')),
+  FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE SET NULL
+);
+CREATE INDEX IF NOT EXISTS idx_bounty_reporters_token ON bounty_reporters(token);
+CREATE INDEX IF NOT EXISTS idx_bounty_reporters_user ON bounty_reporters(user_id);
+CREATE TABLE IF NOT EXISTS bounties (
+  id TEXT PRIMARY KEY,
+  reporter_id TEXT NOT NULL,
+  url TEXT NOT NULL,
+  fingerprint TEXT NOT NULL,
+  category TEXT DEFAULT 'phishing',
+  description TEXT,
+  evidence TEXT,
+  status TEXT DEFAULT 'PENDING' CHECK(status IN ('PENDING','VERIFIED','REJECTED','DUPLICATE')),
+  reward_tier TEXT,
+  credits_awarded INTEGER DEFAULT 0,
+  scan_result TEXT,
+  submitted_at TEXT DEFAULT (datetime('now')),
+  verified_at TEXT,
+  FOREIGN KEY (reporter_id) REFERENCES bounty_reporters(id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_bounties_fingerprint ON bounties(fingerprint);
+CREATE INDEX IF NOT EXISTS idx_bounties_reporter ON bounties(reporter_id);
+CREATE INDEX IF NOT EXISTS idx_bounties_status ON bounties(status);
+-- ═══ WAB Score Cache ═══
+CREATE TABLE IF NOT EXISTS wab_scores (
+  domain TEXT PRIMARY KEY,
+  overall_score INTEGER DEFAULT 0,
+  fairness_score INTEGER DEFAULT 0,
+  security_score INTEGER DEFAULT 0,
+  grade TEXT,
+  grade_label TEXT,
+  details TEXT DEFAULT '{}',
+  computed_at TEXT DEFAULT (datetime('now')),
+  expires_at TEXT
+);
+CREATE INDEX IF NOT EXISTS idx_wab_scores_grade ON wab_scores(grade);
+-- ═══ Trust Layer ═══
+CREATE TABLE IF NOT EXISTS trust_manifests (
+  domain TEXT PRIMARY KEY,
+  manifest TEXT NOT NULL,
+  verified INTEGER DEFAULT 0,
+  verification_result TEXT DEFAULT '{}',
+  last_verified_at TEXT,
+  registered_at TEXT DEFAULT (datetime('now'))
+);
+-- ═══ Data Marketplace ═══
+CREATE TABLE IF NOT EXISTS datasets (
+  id TEXT PRIMARY KEY,
+  category TEXT NOT NULL,
+  title TEXT NOT NULL,
+  description TEXT,
+  record_count INTEGER DEFAULT 0,
+  format TEXT DEFAULT 'json',
+  price_base REAL DEFAULT 0,
+  sample_data TEXT,
+  metadata TEXT DEFAULT '{}',
+  active INTEGER DEFAULT 1,
+  created_at TEXT DEFAULT (datetime('now')),
+  updated_at TEXT DEFAULT (datetime('now'))
+);
+CREATE INDEX IF NOT EXISTS idx_datasets_category ON datasets(category);
+CREATE TABLE IF NOT EXISTS dataset_purchases (
+  id TEXT PRIMARY KEY,
+  user_id TEXT,
+  dataset_id TEXT NOT NULL,
+  license_type TEXT DEFAULT 'RESEARCH',
+  price_paid REAL DEFAULT 0,
+  status TEXT DEFAULT 'completed',
+  purchased_at TEXT DEFAULT (datetime('now')),
+  FOREIGN KEY (dataset_id) REFERENCES datasets(id) ON DELETE CASCADE
+);
+-- ═══ Email Scan Log ═══
+CREATE TABLE IF NOT EXISTS email_scans (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  sender_domain TEXT,
+  urls_found INTEGER DEFAULT 0,
+  critical_count INTEGER DEFAULT 0,
+  warning_count INTEGER DEFAULT 0,
+  overall_risk TEXT DEFAULT 'SAFE',
+  risk_score INTEGER DEFAULT 0,
+  scanned_at TEXT DEFAULT (datetime('now'))
+);
+CREATE INDEX IF NOT EXISTS idx_email_scans_risk ON email_scans(overall_risk);
+-- ═══ Affiliate Intelligence ═══
+CREATE TABLE IF NOT EXISTS affiliate_reports (
+  id TEXT PRIMARY KEY,
+  network_id TEXT NOT NULL,
+  risk_level TEXT DEFAULT 'LOW',
+  fraud_types TEXT DEFAULT '[]',
+  trust_score INTEGER DEFAULT 100,
+  details TEXT DEFAULT '{}',
+  analyzed_at TEXT DEFAULT (datetime('now'))
+);
+CREATE INDEX IF NOT EXISTS idx_affiliate_reports_network ON affiliate_reports(network_id);
+-- ═══ Seed: Default Datasets ═══
+INSERT OR IGNORE INTO datasets (id, category, title, description, record_count, format, price_base, sample_data)
+VALUES
+  ('ds-threat-intel', 'THREAT_INTEL', 'Real-Time Threat Intelligence Feed',
+   'Live phishing, malware, and scam URL data aggregated from 47 threat databases. Updated continuously with sub-minute latency.',
+   2847000, 'jsonl', 49.99,
+   '[{"url":"http://paypa1-login.xyz","risk":98,"type":"phishing","detected":"2026-04-19"},{"url":"http://free-prize-claim.com","risk":87,"type":"scam","detected":"2026-04-19"}]'),
+  ('ds-platform-fair', 'PLATFORM_FAIR', 'Platform Fairness Scores',
+   'Quarterly transparency scores for 500+ e-commerce marketplaces covering hidden fees, return policies, dark patterns, and seller fairness.',
+   523, 'json', 29.99,
+   '[{"domain":"amazon.com","score":86,"grade":"A-","hidden_fees":false,"dark_patterns":2},{"domain":"aliexpress.com","score":68,"grade":"C+","hidden_fees":true,"dark_patterns":7}]'),
+  ('ds-affiliate-intel', 'AFFILIATE_INTEL', 'Affiliate Intelligence Report',
+   'Commission benchmarks, fraud pattern analysis, and network reliability scores across all major affiliate platforms.',
+   856, 'json', 39.99,
+   '[{"network":"amazon_associates","trust":82,"shaving_risk":"LOW","avg_payout_days":28},{"network":"clickbank","trust":61,"shaving_risk":"MEDIUM","avg_payout_days":45}]'),
+  ('ds-email-threats', 'EMAIL_THREATS', 'Email Phishing Signatures',
+   'Curated database of phishing email patterns, sender reputation data, and URL fingerprints for email security.',
+   1250000, 'jsonl', 59.99,
+   '[{"pattern":"account.*verif","risk":92,"type":"credential_phishing"},{"pattern":"prize.*claim.*now","risk":88,"type":"advance_fee_scam"}]'),
+  ('ds-price-history', 'PRICE_HISTORY', 'E-Commerce Price Trends',
+   'Historical price tracking data for Amazon, eBay, and Alibaba. Ideal for price comparison and deal-finding AI agents.',
+   5400000, 'csv', 79.99,
+   '[{"product":"Sony WH-1000XM5","amazon_price":298,"ebay_price":275,"trend":"dropping"},{"product":"iPad Air M2","amazon_price":599,"ebay_price":569,"trend":"stable"}]');

package/server/migrations/007_governance.sql ADDED Viewed

@@ -0,0 +1,106 @@
+-- ═══════════════════════════════════════════════════════════════════
+-- WAB Agent Governance Layer
+-- Permission Boundaries · Approval Gates · Tamper-Evident Audit Log
+-- Kill Switch · Spend Limits
+-- ═══════════════════════════════════════════════════════════════════
+-- Agents registered for governance (one row per agent identity).
+CREATE TABLE IF NOT EXISTS gov_agents (
+  agent_id      TEXT PRIMARY KEY,
+  owner_id      TEXT,                       -- user_id of owner (nullable for unauthed)
+  display_name  TEXT,
+  token_hash    TEXT NOT NULL,              -- sha256(agent_token); used to authenticate the agent
+  status        TEXT NOT NULL DEFAULT 'alive' CHECK(status IN ('alive','killed','suspended')),
+  killed_at     TEXT,
+  killed_reason TEXT,
+  metadata      TEXT,                       -- JSON
+  created_at    TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at    TEXT NOT NULL DEFAULT (datetime('now'))
+);
+-- Permission policies. One row = one rule. Evaluated allow-list style.
+CREATE TABLE IF NOT EXISTS gov_policies (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  agent_id      TEXT NOT NULL,
+  resource      TEXT NOT NULL,              -- e.g. "stripe", "gmail", "clickup", "domain:example.com"
+  action        TEXT NOT NULL,              -- "read" | "write" | "execute" | "*"
+  scope         TEXT,                       -- optional: e.g. "refunds", "inbox", "tasks/123"
+  max_amount    REAL,                       -- monetary cap per single action
+  currency      TEXT DEFAULT 'USD',
+  daily_cap     REAL,                       -- monetary cap per 24h rolling
+  per_call_rate INTEGER,                    -- max calls per minute
+  requires_approval INTEGER NOT NULL DEFAULT 0,  -- 1 = always send to human gate
+  effect        TEXT NOT NULL DEFAULT 'allow' CHECK(effect IN ('allow','deny')),
+  expires_at    TEXT,
+  created_at    TEXT NOT NULL DEFAULT (datetime('now')),
+  FOREIGN KEY (agent_id) REFERENCES gov_agents(agent_id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_gov_policies_agent ON gov_policies(agent_id);
+CREATE INDEX IF NOT EXISTS idx_gov_policies_lookup ON gov_policies(agent_id, resource, action);
+-- Append-only audit log with HMAC hash chain (tamper-evident).
+-- prev_hash → hash chain links every entry; breaking the chain detects tampering.
+CREATE TABLE IF NOT EXISTS gov_audit (
+  id           INTEGER PRIMARY KEY AUTOINCREMENT,
+  agent_id     TEXT NOT NULL,
+  ts           TEXT NOT NULL DEFAULT (datetime('now')),
+  event_type   TEXT NOT NULL,               -- 'check' | 'execute' | 'deny' | 'approval_request' | 'approval_decision' | 'kill' | 'policy_change' | 'note'
+  resource     TEXT,
+  action       TEXT,
+  scope        TEXT,
+  amount       REAL,
+  currency     TEXT,
+  decision     TEXT,                        -- 'allow' | 'deny' | 'pending' | 'approved' | 'rejected'
+  reason       TEXT,
+  params_json  TEXT,                        -- redacted parameter snapshot
+  result_json  TEXT,
+  prev_hash    TEXT,                        -- prior entry's hash
+  hash         TEXT NOT NULL,               -- HMAC(secret, prev_hash || row_payload)
+  FOREIGN KEY (agent_id) REFERENCES gov_agents(agent_id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_gov_audit_agent_ts ON gov_audit(agent_id, ts);
+CREATE INDEX IF NOT EXISTS idx_gov_audit_event ON gov_audit(agent_id, event_type);
+-- Approval requests. Async — agent requests, human resolves later.
+CREATE TABLE IF NOT EXISTS gov_approvals (
+  request_id    TEXT PRIMARY KEY,
+  agent_id      TEXT NOT NULL,
+  resource      TEXT NOT NULL,
+  action        TEXT NOT NULL,
+  scope         TEXT,
+  amount        REAL,
+  currency      TEXT,
+  params_json   TEXT,
+  reason        TEXT,                       -- why approval is required
+  status        TEXT NOT NULL DEFAULT 'pending' CHECK(status IN ('pending','approved','rejected','expired','cancelled')),
+  decided_by    TEXT,                       -- user_id of approver
+  decided_at    TEXT,
+  decided_note  TEXT,
+  expires_at    TEXT,                       -- auto-expire pending requests
+  created_at    TEXT NOT NULL DEFAULT (datetime('now')),
+  FOREIGN KEY (agent_id) REFERENCES gov_agents(agent_id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_gov_approvals_pending ON gov_approvals(agent_id, status);
+-- Spend tracker (per agent, per resource, sliding window).
+-- Rebuilt rolling-style; we just append on every monetary action.
+CREATE TABLE IF NOT EXISTS gov_spend (
+  id           INTEGER PRIMARY KEY AUTOINCREMENT,
+  agent_id     TEXT NOT NULL,
+  resource     TEXT NOT NULL,
+  amount       REAL NOT NULL,
+  currency     TEXT NOT NULL DEFAULT 'USD',
+  ts           TEXT NOT NULL DEFAULT (datetime('now')),
+  ref          TEXT,                        -- audit_id or external ref
+  FOREIGN KEY (agent_id) REFERENCES gov_agents(agent_id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_gov_spend_window ON gov_spend(agent_id, resource, ts);
+-- Rate-limit token buckets (lightweight; we keep counters).
+CREATE TABLE IF NOT EXISTS gov_rate (
+  agent_id     TEXT NOT NULL,
+  resource     TEXT NOT NULL,
+  window_start TEXT NOT NULL,               -- ISO timestamp (minute-resolution)
+  count        INTEGER NOT NULL DEFAULT 0,
+  PRIMARY KEY (agent_id, resource, window_start)
+);

package/server/migrations/008_plans.sql ADDED Viewed

@@ -0,0 +1,144 @@
+-- Migration 008: Plans Management
+-- Database-driven plans + feature catalog so admins can add/edit plans,
+-- toggle which features each plan includes, and have changes flow live to
+-- the landing page pricing section AND the Stripe checkout flow.
+--
+-- Backwards-compatible: legacy code paths that look up tiers by slug
+-- ('free' | 'starter' | 'pro' | 'enterprise') keep working — those slugs
+-- are seeded as plan ids below.
+--
+-- An older `plans` table (different schema: tier/price/etc.) may exist from
+-- a previous admin dashboard iteration. Its rows are pure default seeds with
+-- no FK references, so we drop it and recreate with the new schema.
+DROP TABLE IF EXISTS plans;
+CREATE TABLE plans (
+  id              TEXT PRIMARY KEY,            -- slug, lowercase, e.g. 'free' / 'pro' / 'business' / 'enterprise'
+  name            TEXT NOT NULL,
+  tagline         TEXT,
+  description     TEXT,
+  price_cents     INTEGER NOT NULL DEFAULT 0,
+  currency        TEXT NOT NULL DEFAULT 'EUR',
+  billing_period  TEXT NOT NULL DEFAULT 'month'
+                  CHECK(billing_period IN ('month','year','one_time','custom')),
+  stripe_price_id TEXT,
+  cta_type        TEXT NOT NULL DEFAULT 'checkout'
+                  CHECK(cta_type IN ('checkout','register','contact','external')),
+  cta_label       TEXT,
+  cta_url         TEXT,
+  highlight       INTEGER NOT NULL DEFAULT 0,
+  is_public       INTEGER NOT NULL DEFAULT 1,
+  is_archived     INTEGER NOT NULL DEFAULT 0,
+  sort_order      INTEGER NOT NULL DEFAULT 100,
+  features_json   TEXT NOT NULL DEFAULT '{}',
+  limits_json     TEXT NOT NULL DEFAULT '{}',
+  created_at      DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updated_at      DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_plans_public_archived ON plans(is_public, is_archived, sort_order);
+CREATE TABLE IF NOT EXISTS feature_catalog (
+  feature_key     TEXT PRIMARY KEY,
+  label           TEXT NOT NULL,
+  description     TEXT,
+  category        TEXT NOT NULL DEFAULT 'general',
+  is_open_source  INTEGER NOT NULL DEFAULT 0,
+  sort_order      INTEGER NOT NULL DEFAULT 100,
+  created_at      DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+-- Feature catalog (open-source / always-free first, then paid features)
+INSERT OR IGNORE INTO feature_catalog (feature_key, label, description, category, is_open_source, sort_order) VALUES
+  -- Always-free / open core
+  ('protocol',              'WAP Protocol Core',           'Open Web Agent Protocol — schema, discovery, permissions',  'core',          1, 10),
+  ('sdk',                   'SDK & Client Runtime',        'JavaScript SDK and client integrations',                    'core',          1, 20),
+  ('browserExecution',      'Browser Execution Layer',     'Basic browser automation primitives',                       'core',          1, 30),
+  ('adapters',              'MCP / REST / Browser Adapters','Adapters for MCP, REST APIs, and browser back-ends',       'core',          1, 40),
+  ('registryRead',          'Public Registry (read-only)', 'Browse commands, sites and templates',                      'core',          1, 50),
+  ('agentRegistration',     'Agent Registration',          'Register agents and obtain credentials',                    'core',          1, 60),
+  ('basicAuth',             'Basic Authentication',        'API keys and basic auth flows',                             'core',          1, 70),
+  ('discovery',             'DNS / .well-known Discovery', 'Service discovery via DNS TXT and /.well-known/',           'core',          1, 80),
+  ('capabilityNegotiation', 'Capability Negotiation',      'Capability handshake between agent and site',               'core',          1, 90),
+  ('semanticActions',       'Semantic Actions',            'Built-in semantic actions catalog',                         'core',          1,100),
+  ('communityTemplates',    'Community Templates',         'Public template library',                                   'core',          1,110),
+  -- Workspace / orchestration
+  ('workspace',             'Control Plane / Workspace',   'Web dashboard, monitoring and agent management',            'workspace',     0,200),
+  ('advancedOrchestration', 'Advanced Orchestration',      'Scheduling, retries, pipelines, distributed execution',     'workspace',     0,210),
+  ('observability',         'Observability',               'Tracing, metrics, logs and performance insights',           'workspace',     0,220),
+  ('failureAnalysis',       'Failure Analysis',            'Debugging tools and root-cause reports',                    'workspace',     0,230),
+  ('replayEngine',          'Replay Engine',               'Record and replay agent runs',                              'workspace',     0,240),
+  ('advancedAnalytics',     'Advanced Analytics',          'Detailed analytics dashboards and exports',                 'workspace',     0,250),
+  ('dataExtraction',        'Data Extraction',             'Structured data extraction and export',                     'workspace',     0,260),
+  ('agentMemory',           'Agent Memory Engine',         'Persistent context and long-term memory for agents',        'workspace',     0,270),
+  ('llmInference',          'LLM Inference',               'Built-in LLM inference via the platform',                   'workspace',     0,280),
+  -- Premium / business
+  ('hostedRuntime',         'Hosted Runtime (Cloud Exec)', 'Auto-scaling hosted execution environment',                 'premium',       0,300),
+  ('marketplace',           'Marketplace (Publish & Sell)','Publish agents and templates on the marketplace',           'premium',       0,310),
+  ('certification',         'Agent Certification',         'Verified agent identity badge',                             'premium',       0,320),
+  ('trafficIntelligence',   'Traffic Intelligence',        'Agent profiling, anomaly detection and reporting',          'premium',       0,330),
+  ('exploitShield',         'Exploit Shield',              'Block malicious agents at the edge',                        'premium',       0,340),
+  ('visionAnalysis',        'Vision Analysis',             'Visual page inspection (computer-vision pipeline)',         'premium',       0,350),
+  ('swarmExecution',        'Swarm / Multi-Agent',         'Coordinated multi-agent (swarm) execution',                 'premium',       0,360),
+  ('auditLog',              'Audit Logs',                  'Tamper-evident HMAC-chained audit history',                 'premium',       0,370),
+  ('customDomain',          'Custom Domain / White-label', 'Serve the workspace on your own domain',                    'premium',       0,380),
+  ('governanceLayer',       'Agent Governance Layer',      'Policies, approvals, kill switch and spend limits',         'premium',       0,390),
+  -- Enterprise
+  ('enterpriseSecurity',    'Enterprise Security',         'Request signing, IP allowlists, SSO/SAML',                  'enterprise',    0,400),
+  ('prioritySupport',       'Priority Support',            'Dedicated SLA-backed support channel',                      'enterprise',    0,410),
+  ('sla',                   'Uptime SLA',                  'Contractual uptime SLA',                                    'enterprise',    0,420),
+  ('customDevelopment',     'Custom Development',          'Bespoke engineering and integrations',                      'enterprise',    0,430),
+  ('dedicatedInfra',        'Dedicated Infrastructure',    'Isolated single-tenant deployment',                         'enterprise',    0,440);
+-- Seed the four canonical plans (admin can edit/add later).
+-- features_json keys MUST match feature_catalog.feature_key.
+INSERT OR IGNORE INTO plans
+  (id, name, tagline, description, price_cents, currency, billing_period, cta_type, cta_label, cta_url, highlight, sort_order, features_json, limits_json)
+VALUES
+  ('free',
+   'Free',
+   'Open-source core, forever free',
+   'WAP protocol, SDK, discovery and the entire open-source surface — for developers and integrators.',
+   0, 'EUR', 'month',
+   'register', 'Get started for free', '/register',
+   0, 10,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true}',
+   '{"agents":3,"tasksPerDay":50,"executionsPerDay":100,"sessions":5,"maxConcurrency":2,"replayRecordings":10,"computeMinutesPerDay":10,"storageMB":50,"webhooks":1,"customAgents":1,"apiCallsPerMinute":20}'
+  ),
+  ('pro',
+   'Pro',
+   'For developers shipping production agents',
+   'Everything in Free plus the workspace, observability, replay engine, advanced orchestration and analytics.',
+   1000, 'EUR', 'month',
+   'checkout', 'Start Pro', NULL,
+   1, 20,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true,"workspace":true,"advancedOrchestration":true,"observability":true,"failureAnalysis":true,"replayEngine":true,"advancedAnalytics":true,"dataExtraction":true,"agentMemory":true,"llmInference":true}',
+   '{"agents":25,"tasksPerDay":2000,"executionsPerDay":5000,"sessions":50,"maxConcurrency":10,"replayRecordings":500,"computeMinutesPerDay":180,"storageMB":2000,"webhooks":10,"customAgents":10,"apiCallsPerMinute":120}'
+  ),
+  ('business',
+   'Business',
+   'All paid features, ready for scale',
+   'Everything in Pro plus hosted runtime, marketplace, vision, swarm, traffic intelligence, exploit shield, audit logs, custom domain and governance.',
+   2900, 'EUR', 'month',
+   'checkout', 'Start Business', NULL,
+   0, 30,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true,"workspace":true,"advancedOrchestration":true,"observability":true,"failureAnalysis":true,"replayEngine":true,"advancedAnalytics":true,"dataExtraction":true,"agentMemory":true,"llmInference":true,"hostedRuntime":true,"marketplace":true,"certification":true,"trafficIntelligence":true,"exploitShield":true,"visionAnalysis":true,"swarmExecution":true,"auditLog":true,"customDomain":true,"governanceLayer":true}',
+   '{"agents":100,"tasksPerDay":20000,"executionsPerDay":50000,"sessions":250,"maxConcurrency":40,"replayRecordings":5000,"computeMinutesPerDay":600,"storageMB":10000,"webhooks":50,"customAgents":50,"apiCallsPerMinute":300}'
+  ),
+  ('enterprise',
+   'Enterprise',
+   'Custom-built for organisations',
+   'Everything in Business plus enterprise security, dedicated infrastructure, custom development, priority support and a contractual uptime SLA. Pricing is tailored to your scope.',
+   0, 'EUR', 'custom',
+   'contact', 'Contact sales', 'mailto:sales@webagentbridge.com',
+   0, 40,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true,"workspace":true,"advancedOrchestration":true,"observability":true,"failureAnalysis":true,"replayEngine":true,"advancedAnalytics":true,"dataExtraction":true,"agentMemory":true,"llmInference":true,"hostedRuntime":true,"marketplace":true,"certification":true,"trafficIntelligence":true,"exploitShield":true,"visionAnalysis":true,"swarmExecution":true,"auditLog":true,"customDomain":true,"governanceLayer":true,"enterpriseSecurity":true,"prioritySupport":true,"sla":true,"customDevelopment":true,"dedicatedInfra":true}',
+   '{"agents":-1,"tasksPerDay":-1,"executionsPerDay":-1,"sessions":-1,"maxConcurrency":-1,"replayRecordings":-1,"computeMinutesPerDay":-1,"storageMB":-1,"webhooks":-1,"customAgents":-1,"apiCallsPerMinute":-1}'
+  );

package/server/migrations/009_shieldqr.sql ADDED Viewed

@@ -0,0 +1,30 @@
+-- Migration 009: WAB ShieldQR scan history + reports
+CREATE TABLE IF NOT EXISTS shieldqr_scans (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  url           TEXT NOT NULL,
+  host          TEXT,
+  level         TEXT NOT NULL CHECK(level IN ('green','yellow','red')),
+  score         INTEGER NOT NULL DEFAULT 0,
+  signals_json  TEXT NOT NULL DEFAULT '[]',
+  trust_ok      INTEGER NOT NULL DEFAULT 0,
+  ssl_ok        INTEGER NOT NULL DEFAULT 0,
+  user_id       TEXT,
+  ip            TEXT,
+  user_agent    TEXT,
+  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_shieldqr_scans_host_created ON shieldqr_scans(host, created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_shieldqr_scans_level_created ON shieldqr_scans(level, created_at DESC);
+CREATE TABLE IF NOT EXISTS shieldqr_reports (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  scan_id       INTEGER REFERENCES shieldqr_scans(id) ON DELETE SET NULL,
+  url           TEXT NOT NULL,
+  reason        TEXT,
+  reporter_id   TEXT,
+  reporter_ip   TEXT,
+  status        TEXT NOT NULL DEFAULT 'open' CHECK(status IN ('open','reviewing','resolved','rejected')),
+  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP,
+  resolved_at   DATETIME
+);
+CREATE INDEX IF NOT EXISTS idx_shieldqr_reports_status ON shieldqr_reports(status, created_at DESC);

package/server/migrations/010_extended_trust.sql ADDED Viewed

@@ -0,0 +1,33 @@
+-- Migration 010: WAB Extended Trust — Certificate Companion & SSL Health Monitoring
+-- Per-domain SSL certificate history (Certificate Transparency log) +
+-- live SSL monitoring state for the trust dashboard.
+CREATE TABLE IF NOT EXISTS cert_history (
+  id                INTEGER PRIMARY KEY AUTOINCREMENT,
+  host              TEXT NOT NULL,
+  fingerprint_sha256 TEXT NOT NULL,
+  issuer            TEXT,
+  subject           TEXT,
+  serial            TEXT,
+  valid_from        TEXT,
+  valid_to          TEXT,
+  observed_at       DATETIME DEFAULT CURRENT_TIMESTAMP,
+  source            TEXT DEFAULT 'monitor'  -- 'monitor' | 'shieldqr' | 'sign'
+);
+CREATE INDEX IF NOT EXISTS idx_cert_history_host_observed ON cert_history(host, observed_at DESC);
+CREATE UNIQUE INDEX IF NOT EXISTS idx_cert_history_host_fp ON cert_history(host, fingerprint_sha256);
+CREATE TABLE IF NOT EXISTS ssl_monitor (
+  host              TEXT PRIMARY KEY,
+  fingerprint_sha256 TEXT,
+  issuer            TEXT,
+  valid_to          TEXT,
+  days_until_expiry INTEGER,
+  status            TEXT,                  -- 'active' | 'expiring' | 'expired' | 'error'
+  error             TEXT,
+  last_checked_at   DATETIME,
+  last_alert_at     DATETIME,
+  enabled           INTEGER NOT NULL DEFAULT 1,
+  owner_user_id     TEXT
+);
+CREATE INDEX IF NOT EXISTS idx_ssl_monitor_status ON ssl_monitor(status, valid_to);

package/server/migrations/011_outreach.sql ADDED Viewed

@@ -0,0 +1,47 @@
+-- Outreach Agent — site analysis + email queue + suppression list
+-- Strict human-in-the-loop: drafts default to 'pending' and require admin approval.
+CREATE TABLE IF NOT EXISTS outreach_targets (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  site_url TEXT NOT NULL,
+  host TEXT NOT NULL,
+  contact_email TEXT,
+  detected_lang TEXT,
+  site_kind TEXT,
+  signals_json TEXT,
+  suggested_features_json TEXT,
+  draft_subject TEXT,
+  draft_body_html TEXT,
+  draft_body_text TEXT,
+  status TEXT NOT NULL DEFAULT 'pending',
+  -- pending | approved | sending | sent | failed | suppressed | skipped
+  unsubscribe_token TEXT,
+  error_message TEXT,
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+  sent_at TEXT
+);
+CREATE INDEX IF NOT EXISTS idx_outreach_status ON outreach_targets(status);
+CREATE INDEX IF NOT EXISTS idx_outreach_host ON outreach_targets(host);
+CREATE INDEX IF NOT EXISTS idx_outreach_email ON outreach_targets(contact_email);
+CREATE TABLE IF NOT EXISTS outreach_suppression (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  email_or_host TEXT NOT NULL UNIQUE,
+  reason TEXT,
+  created_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+CREATE TABLE IF NOT EXISTS outreach_log (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  target_id INTEGER,
+  event TEXT NOT NULL,
+  -- scanned | drafted | approved | sent | failed | bounced | unsubscribed | opened
+  details TEXT,
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  FOREIGN KEY (target_id) REFERENCES outreach_targets(id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_outreach_log_target ON outreach_log(target_id);
+CREATE INDEX IF NOT EXISTS idx_outreach_log_event ON outreach_log(event);

package/server/migrations/012_shieldlink.sql ADDED Viewed

@@ -0,0 +1,116 @@
+-- Migration 012: WAB ShieldLink (Verified Links / Anti-Phishing for premium customers)
+--
+-- Tables:
+--   shieldlink_brands       — verified brand identities (one row per verified site)
+--   shieldlink_keys         — per-site Ed25519 signing keys (private key encrypted at rest)
+--   shieldlink_links        — issued signed links (sessions / payment / invoice)
+--   shieldlink_link_events  — open / scan / report events for issued links
+--   shieldlink_reports      — phishing reports submitted by anyone
+--   shieldlink_name_holds   — reserved/blocked brand display names
+CREATE TABLE IF NOT EXISTS shieldlink_brands (
+  id             INTEGER PRIMARY KEY AUTOINCREMENT,
+  site_id        TEXT NOT NULL,                                                 -- FK -> sites.id
+  domain         TEXT NOT NULL UNIQUE,
+  display_name   TEXT NOT NULL,
+  display_name_normalized TEXT NOT NULL,
+  category       TEXT,                                                          -- 'bank' | 'payments' | 'gov' | 'ecommerce' | 'other'
+  country        TEXT,
+  logo_url       TEXT,
+  status         TEXT NOT NULL DEFAULT 'pending' CHECK(status IN ('pending','verified','rejected','suspended')),
+  verified_badge INTEGER NOT NULL DEFAULT 0,
+  reputation     INTEGER NOT NULL DEFAULT 100,
+  notes          TEXT,
+  reviewed_by    TEXT,
+  reviewed_at    DATETIME,
+  created_at     DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updated_at     DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_shieldlink_brands_status ON shieldlink_brands(status);
+CREATE INDEX IF NOT EXISTS idx_shieldlink_brands_normalized ON shieldlink_brands(display_name_normalized);
+CREATE TABLE IF NOT EXISTS shieldlink_keys (
+  id              INTEGER PRIMARY KEY AUTOINCREMENT,
+  brand_id        INTEGER NOT NULL REFERENCES shieldlink_brands(id) ON DELETE CASCADE,
+  public_key      TEXT NOT NULL,                                                 -- base64 raw 32-byte
+  private_key_enc TEXT NOT NULL,                                                 -- base64(AES-256-GCM(priv))
+  fingerprint     TEXT NOT NULL,
+  active          INTEGER NOT NULL DEFAULT 1,
+  created_at      DATETIME DEFAULT CURRENT_TIMESTAMP,
+  rotated_at      DATETIME
+);
+CREATE INDEX IF NOT EXISTS idx_shieldlink_keys_brand ON shieldlink_keys(brand_id, active);
+CREATE TABLE IF NOT EXISTS shieldlink_links (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  token         TEXT NOT NULL UNIQUE,                                           -- short opaque public id
+  brand_id      INTEGER NOT NULL REFERENCES shieldlink_brands(id) ON DELETE CASCADE,
+  site_id       TEXT NOT NULL,
+  target_url    TEXT NOT NULL,                                                  -- the actual URL we redirect to after preview
+  purpose       TEXT NOT NULL CHECK(purpose IN ('payment','invoice','login','generic')),
+  amount_cents  INTEGER,
+  currency      TEXT,
+  payee_name    TEXT,
+  reference     TEXT,                                                           -- merchant invoice/session id
+  signature     TEXT NOT NULL,                                                  -- base64 ed25519 signature over canonical payload
+  key_id        TEXT NOT NULL,                                                  -- fingerprint of the signing key
+  payload_json  TEXT NOT NULL,                                                  -- canonical signed payload, for verifier to re-check
+  status        TEXT NOT NULL DEFAULT 'active' CHECK(status IN ('active','revoked','expired')),
+  expires_at    DATETIME NOT NULL,
+  created_by    TEXT,                                                           -- user_id who issued
+  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP,
+  revoked_at    DATETIME,
+  revoke_reason TEXT
+);
+CREATE INDEX IF NOT EXISTS idx_shieldlink_links_brand ON shieldlink_links(brand_id, created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_shieldlink_links_status ON shieldlink_links(status, expires_at);
+CREATE TABLE IF NOT EXISTS shieldlink_link_events (
+  id          INTEGER PRIMARY KEY AUTOINCREMENT,
+  link_id     INTEGER NOT NULL REFERENCES shieldlink_links(id) ON DELETE CASCADE,
+  event       TEXT NOT NULL CHECK(event IN ('open','confirm','cancel','flag','verify_fail')),
+  ip          TEXT,
+  user_agent  TEXT,
+  ref         TEXT,
+  created_at  DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_shieldlink_link_events_link ON shieldlink_link_events(link_id, created_at DESC);
+CREATE TABLE IF NOT EXISTS shieldlink_reports (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  link_id       INTEGER REFERENCES shieldlink_links(id) ON DELETE SET NULL,
+  url           TEXT NOT NULL,
+  reason        TEXT,
+  reporter_ip   TEXT,
+  reporter_id   TEXT,
+  status        TEXT NOT NULL DEFAULT 'open' CHECK(status IN ('open','reviewing','resolved','rejected')),
+  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP,
+  resolved_at   DATETIME
+);
+CREATE INDEX IF NOT EXISTS idx_shieldlink_reports_status ON shieldlink_reports(status, created_at DESC);
+CREATE TABLE IF NOT EXISTS shieldlink_name_holds (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  pattern       TEXT NOT NULL,                                                  -- normalized name or regex
+  pattern_kind  TEXT NOT NULL DEFAULT 'literal' CHECK(pattern_kind IN ('literal','regex')),
+  reason        TEXT,
+  created_by    TEXT,
+  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+CREATE UNIQUE INDEX IF NOT EXISTS uq_shieldlink_name_holds ON shieldlink_name_holds(pattern, pattern_kind);
+-- Seed common impersonation targets (Saudi banks + payment networks).
+-- Brands themselves can register and claim these names by proving DNS ownership.
+INSERT OR IGNORE INTO shieldlink_name_holds (pattern, pattern_kind, reason)
+VALUES
+  ('stcpay', 'literal', 'High-value impersonation target'),
+  ('stc-pay', 'literal', 'High-value impersonation target'),
+  ('alrajhi', 'literal', 'High-value impersonation target'),
+  ('alrajhibank', 'literal', 'High-value impersonation target'),
+  ('snb', 'literal', 'High-value impersonation target'),
+  ('riyadbank', 'literal', 'High-value impersonation target'),
+  ('mada', 'literal', 'High-value impersonation target'),
+  ('sarie', 'literal', 'High-value impersonation target'),
+  ('paypal', 'literal', 'High-value impersonation target'),
+  ('visa', 'literal', 'High-value impersonation target'),
+  ('mastercard', 'literal', 'High-value impersonation target');

package/server/migrations/013_ct_monitor.sql ADDED Viewed

@@ -0,0 +1,13 @@
+-- Migration 013: Certificate Transparency Monitor
+-- Adds CT-log tracking columns to ssl_monitor so the WAB Trust Layer
+-- can detect new certificates issued (and re-sign wab.json) automatically.
+-- cert_history.source already exists from 010_extended_trust.sql; the
+-- 'ct_log' value is added implicitly (column has no CHECK constraint).
+ALTER TABLE ssl_monitor ADD COLUMN ct_monitor_enabled INTEGER NOT NULL DEFAULT 1;
+ALTER TABLE ssl_monitor ADD COLUMN ct_last_checked    TEXT;
+ALTER TABLE ssl_monitor ADD COLUMN ct_pending_resign  INTEGER NOT NULL DEFAULT 0;
+ALTER TABLE ssl_monitor ADD COLUMN ct_last_thumbprint TEXT;
+CREATE INDEX IF NOT EXISTS idx_ssl_monitor_ct_pending
+  ON ssl_monitor(ct_pending_resign, ct_last_checked);