npm - web-agent-bridge - Versions diffs - 3.4.0 → 3.8.1 - Mend

web-agent-bridge 3.4.0 → 3.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (310) hide show

package/LICENSE +84 -84
package/README.ar.md +1563 -1304
package/README.md +137 -298
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -237
package/bin/wab-init.js +244 -223
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -83
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -121
package/examples/cpanel-wab-dns.js +114 -114
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -166
package/examples/gcp-dns-wab.js +76 -76
package/examples/governance-agent.js +169 -169
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -103
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -144
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -96
package/examples/self-discovery.js +106 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -74
package/examples/wab-verify.js +60 -60
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +93 -93
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -8
package/public/.well-known/wab.json +28 -28
package/public/activate.html +448 -368
package/public/adopt.html +236 -0
package/public/adoption-metrics.html +188 -188
package/public/agent-workspace.html +359 -349
package/public/ai.html +198 -198
package/public/api.html +397 -413
package/public/azure-dns-integration.html +289 -289
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -380
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -398
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1401 -1263
package/public/dashboard-shieldlink.html +295 -0
package/public/dashboard.html +711 -707
package/public/dns.html +436 -436
package/public/docs.html +588 -588
package/public/enterprise-mesh.ar.html +80 -0
package/public/enterprise-mesh.html +81 -0
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -318
package/public/governance.ar.html +70 -0
package/public/governance.html +69 -0
package/public/growth.html +465 -465
package/public/index.html +1372 -1266
package/public/integrations.html +556 -556
package/public/js/activate.js +449 -145
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +117 -65
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -438
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/l-preview.html +242 -0
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/milestones.html +346 -0
package/public/one-click.html +779 -0
package/public/openapi.json +669 -669
package/public/partners.ar.html +145 -0
package/public/partners.html +143 -0
package/public/phone-shield.html +281 -281
package/public/plesk-integration.html +375 -375
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -172
package/public/provider-sandbox.html +134 -134
package/public/providers.html +359 -359
package/public/refusals.html +172 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -141
package/public/ring4.html +292 -0
package/public/robots.txt +99 -99
package/public/route53-integration.html +531 -531
package/public/score.html +263 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -8
package/public/shieldlink.html +244 -0
package/public/shieldqr.html +231 -231
package/public/sitemap.xml +13 -1
package/public/terms.html +256 -256
package/public/trust-graph-api.ar.html +92 -0
package/public/trust-graph-api.html +91 -0
package/public/wab-features.html +560 -0
package/public/wab-trust.html +200 -200
package/public/wab-truth.html +375 -0
package/public/wab-vs-protocols.html +210 -210
package/public/whitepaper.html +449 -449
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/auto-discovery.js +301 -288
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -262
package/sdk/index.d.ts +464 -464
package/sdk/index.js +649 -649
package/sdk/multi-agent.js +318 -318
package/sdk/safe-mode.js +221 -221
package/sdk/safety-shield.js +219 -219
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +412 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +790 -670
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/api-tier.js +170 -0
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -157
package/server/middleware/wab-trust.js +141 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/006_growth_suite.sql +138 -0
package/server/migrations/007_governance.sql +106 -106
package/server/migrations/008_plans.sql +144 -144
package/server/migrations/009_shieldqr.sql +30 -30
package/server/migrations/010_extended_trust.sql +33 -33
package/server/migrations/011_outreach.sql +47 -0
package/server/migrations/012_shieldlink.sql +116 -0
package/server/migrations/013_ct_monitor.sql +13 -0
package/server/migrations/014_wab_advanced_features.sql +128 -0
package/server/migrations/015_wab_truth_layer.sql +101 -0
package/server/migrations/016_ring4_external_trust.sql +84 -0
package/server/migrations/017_ring4_extensions.sql +69 -0
package/server/migrations/018_commercial_foundations.sql +167 -0
package/server/migrations/019_unify_tier_constraints.sql +133 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -740
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/activate.js +478 -0
package/server/routes/admin-outreach.js +239 -0
package/server/routes/admin-plans.js +76 -76
package/server/routes/admin-premium.js +674 -673
package/server/routes/admin-shieldlink.js +137 -0
package/server/routes/admin-shieldqr.js +90 -90
package/server/routes/admin-trust-monitor.js +139 -83
package/server/routes/admin.js +550 -549
package/server/routes/adopt.js +61 -0
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api-keys.js +127 -0
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -57
package/server/routes/commander.js +316 -316
package/server/routes/customer-shieldlink.js +133 -0
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -154
package/server/routes/diagnose.js +373 -0
package/server/routes/discovery.js +2348 -2348
package/server/routes/enterprise-mesh.js +170 -0
package/server/routes/gateway.js +173 -173
package/server/routes/governance-saas.js +203 -0
package/server/routes/governance.js +208 -208
package/server/routes/growth.js +1048 -0
package/server/routes/intent.js +328 -0
package/server/routes/license.js +251 -251
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/partners.js +201 -0
package/server/routes/plans.js +33 -33
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -650
package/server/routes/reputation.js +411 -0
package/server/routes/ring4.js +885 -0
package/server/routes/runtime.js +2148 -2148
package/server/routes/shieldlink.js +70 -0
package/server/routes/shieldqr.js +88 -88
package/server/routes/sovereign.js +465 -465
package/server/routes/truth-layer.js +670 -0
package/server/routes/universal.js +200 -200
package/server/routes/unsubscribe.js +51 -0
package/server/routes/wab-api.js +850 -850
package/server/routes/wab-cache.js +282 -0
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/secrets/wab-signing-key.pem +3 -0
package/server/secrets/wab-signing-pub.pem +3 -0
package/server/security/cross-site-redactor.js +196 -196
package/server/security/dry-run.js +180 -180
package/server/security/human-gate-rate-limit.js +147 -147
package/server/security/human-gate-transports.js +178 -178
package/server/security/human-gate.js +281 -281
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -245
package/server/security/reward-guard.js +171 -171
package/server/security/rollback-store.js +239 -239
package/server/security/token-scope.js +404 -404
package/server/security/url-policy.js +139 -139
package/server/services/adoption-agent.js +182 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -601
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -555
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -292
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -233
package/server/services/fairness-engine.js +409 -0
package/server/services/fairness.js +420 -0
package/server/services/governance.js +466 -466
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/outreach-agent.js +312 -0
package/server/services/plans.js +214 -214
package/server/services/plugins.js +771 -771
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -740
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldlink.js +492 -0
package/server/services/shieldqr.js +322 -322
package/server/services/sovereign-shield.js +542 -542
package/server/services/ssl-ct-monitor.js +224 -0
package/server/services/ssl-inspector.js +42 -42
package/server/services/ssl-monitor.js +167 -167
package/server/services/stripe.js +206 -205
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +662 -662
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -178
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -228
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/templates/ring4/banking-sovereign.yaml +55 -0
package/templates/ring4/ecommerce-sovereign.yaml +58 -0
package/templates/ring4/healthcare-sovereign.yaml +60 -0

package/server/routes/intent.js ADDED Viewed

@@ -0,0 +1,328 @@
+/**
+ * server/routes/intent.js
+ * WAB Intent-Aware Routing + Privacy Budget System
+ *
+ * Mounted at /api/intent and /api/privacy
+ *
+ * Intent-Aware Routing endpoints:
+ *   GET  /api/intent/schema/:domain           — Get intent schema for domain
+ *   POST /api/intent/register                 — Site owner registers intent schema
+ *   POST /api/intent/resolve                  — Agent resolves: {domain, intent, context}
+ *   GET  /api/intent/popular/:domain          — Top intents + success rates
+ *
+ * Privacy Budget endpoints:
+ *   GET  /api/privacy/budget/:domain          — Get privacy budget declaration
+ *   POST /api/privacy/budget/declare          — Site owner declares budget
+ *   POST /api/privacy/budget/check            — Agent checks a data request against budget
+ *   GET  /api/privacy/compliance/:domain      — Compliance badges (GDPR/CCPA/LGPD)
+ */
+'use strict';
+const express = require('express');
+const crypto  = require('crypto');
+const intentRouter  = express.Router();
+const privacyRouter = express.Router();
+const { db } = require('../models/db');
+// ─── Schema bootstrap ─────────────────────────────────────────────────────────
+db.exec(`
+  CREATE TABLE IF NOT EXISTS intent_schemas (
+    id INTEGER PRIMARY KEY AUTOINCREMENT, domain TEXT NOT NULL,
+    schema_json TEXT NOT NULL, version INTEGER NOT NULL DEFAULT 1,
+    active INTEGER NOT NULL DEFAULT 1, owner_token_hash TEXT,
+    created_at TEXT NOT NULL DEFAULT (datetime('now')),
+    updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+  );
+  CREATE UNIQUE INDEX IF NOT EXISTS idx_intent_domain ON intent_schemas(domain);
+  CREATE TABLE IF NOT EXISTS intent_resolutions (
+    id INTEGER PRIMARY KEY AUTOINCREMENT, domain TEXT NOT NULL,
+    intent_key TEXT NOT NULL, matched_action TEXT, confidence REAL,
+    context_keys TEXT, created_at TEXT NOT NULL DEFAULT (datetime('now'))
+  );
+  CREATE INDEX IF NOT EXISTS idx_intent_res_domain ON intent_resolutions(domain, created_at DESC);
+  CREATE TABLE IF NOT EXISTS privacy_budgets (
+    domain TEXT PRIMARY KEY, budget_json TEXT NOT NULL,
+    gdpr_compliant INTEGER DEFAULT 0, ccpa_compliant INTEGER DEFAULT 0,
+    lgpd_compliant INTEGER DEFAULT 0, data_residency TEXT,
+    max_fields_per_session INTEGER DEFAULT 5, owner_token_hash TEXT,
+    version INTEGER DEFAULT 1,
+    created_at TEXT NOT NULL DEFAULT (datetime('now')),
+    updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+  );
+`);
+// ─── Helpers ─────────────────────────────────────────────────────────────────
+function normDomain(d) {
+  return String(d || '').toLowerCase().trim()
+    .replace(/^https?:\/\//, '').replace(/\/.*$/, '').replace(/^www\./, '');
+}
+function validDomain(d) {
+  return /^[a-z0-9.-]{3,253}$/.test(d) && d.includes('.');
+}
+/**
+ * Natural-language intent matcher.
+ * Scoring: exact key match (100) > keyword hit in label (80) > keyword hit in synonyms (60)
+ * Returns { action_id, matched_intent_key, confidence, recommended_actions }
+ */
+function matchIntent(intentText, schema) {
+  const intents = schema.intents || {};
+  const lower = intentText.toLowerCase();
+  let bestKey = null, bestScore = 0;
+  for (const [key, def] of Object.entries(intents)) {
+    let score = 0;
+    // Exact key
+    if (lower.includes(key.toLowerCase())) score = Math.max(score, 85);
+    // Label match
+    const label = (def.label || '').toLowerCase();
+    if (label && lower.includes(label)) score = Math.max(score, 80);
+    // Keyword array
+    for (const kw of (def.keywords || [])) {
+      if (lower.includes(kw.toLowerCase())) score = Math.max(score, 65);
+    }
+    // Synonym array
+    for (const syn of (def.synonyms || [])) {
+      if (lower.includes(syn.toLowerCase())) score = Math.max(score, 60);
+    }
+    if (score > bestScore) { bestScore = score; bestKey = key; }
+  }
+  if (!bestKey || bestScore < 30) return null;
+  const def = intents[bestKey];
+  const actions = (def.actions || []).length ? def.actions : def.action_id ? [{ id: def.action_id, label: def.label || bestKey }] : [];
+  return {
+    matched_intent_key: bestKey,
+    confidence: bestScore / 100,
+    recommended_actions: actions,
+    required_fields: def.required_fields || [],
+    optional_fields: def.optional_fields || [],
+    description: def.description || null,
+  };
+}
+// ─── Intent-Aware Routing ─────────────────────────────────────────────────────
+// GET /api/intent/schema/:domain
+intentRouter.get('/schema/:domain', (req, res) => {
+  const domain = normDomain(req.params.domain);
+  if (!validDomain(domain)) return res.status(400).json({ error: 'invalid_domain' });
+  const row = db.prepare(`SELECT schema_json, version, updated_at FROM intent_schemas WHERE domain = ? AND active = 1`).get(domain);
+  if (!row) return res.status(404).json({ error: 'no_intent_schema', domain });
+  try {
+    return res.json({ domain, version: row.version, updated_at: row.updated_at, schema: JSON.parse(row.schema_json) });
+  } catch (_) {
+    return res.status(500).json({ error: 'schema_parse_error' });
+  }
+});
+// POST /api/intent/register
+intentRouter.post('/register', express.json({ limit: '64kb' }), (req, res) => {
+  const { domain, schema, owner_token } = req.body || {};
+  if (!domain || !schema || typeof schema !== 'object') return res.status(400).json({ error: 'missing_fields', required: ['domain', 'schema'] });
+  const d = normDomain(domain);
+  if (!validDomain(d)) return res.status(400).json({ error: 'invalid_domain' });
+  if (!schema.intents || typeof schema.intents !== 'object') return res.status(400).json({ error: 'schema_must_have_intents' });
+  // Validate each intent entry
+  for (const [key, def] of Object.entries(schema.intents)) {
+    if (typeof def !== 'object') return res.status(400).json({ error: 'invalid_intent_definition', key });
+    if (!def.label && !def.actions) return res.status(400).json({ error: 'intent_needs_label_or_actions', key });
+  }
+  const tokenHash = owner_token ? crypto.createHash('sha256').update(String(owner_token)).digest('hex') : null;
+  const existing = db.prepare(`SELECT id, owner_token_hash, version FROM intent_schemas WHERE domain = ?`).get(d);
+  if (existing) {
+    // Allow update only if token matches (or no token was set originally)
+    if (existing.owner_token_hash && tokenHash !== existing.owner_token_hash) {
+      return res.status(403).json({ error: 'invalid_owner_token' });
+    }
+    db.prepare(`UPDATE intent_schemas SET schema_json=?, version=version+1, updated_at=datetime('now'), active=1 WHERE domain=?`)
+      .run(JSON.stringify(schema), d);
+    return res.json({ ok: true, domain: d, action: 'updated', version: existing.version + 1 });
+  }
+  db.prepare(`INSERT INTO intent_schemas (domain, schema_json, owner_token_hash) VALUES (?, ?, ?)`).run(d, JSON.stringify(schema), tokenHash);
+  return res.status(201).json({ ok: true, domain: d, action: 'created', version: 1 });
+});
+// POST /api/intent/resolve
+intentRouter.post('/resolve', express.json({ limit: '8kb' }), (req, res) => {
+  const { domain, intent, context = {} } = req.body || {};
+  if (!domain || !intent) return res.status(400).json({ error: 'missing_fields', required: ['domain', 'intent'] });
+  const d = normDomain(domain);
+  if (!validDomain(d)) return res.status(400).json({ error: 'invalid_domain' });
+  const row = db.prepare(`SELECT schema_json FROM intent_schemas WHERE domain = ? AND active = 1`).get(d);
+  if (!row) return res.status(404).json({ error: 'no_intent_schema', domain: d, hint: 'Register an intent schema via POST /api/intent/register' });
+  let schema;
+  try { schema = JSON.parse(row.schema_json); } catch (_) { return res.status(500).json({ error: 'schema_parse_error' }); }
+  const match = matchIntent(String(intent).slice(0, 500), schema);
+  // Log resolution (no PII — only domain, matched key, context keys)
+  const contextKeys = Object.keys(context).slice(0, 20).map(k => String(k).slice(0, 64));
+  db.prepare(`INSERT INTO intent_resolutions (domain, intent_key, matched_action, confidence, context_keys) VALUES (?, ?, ?, ?, ?)`)
+    .run(d, match?.matched_intent_key || '(no_match)', match?.recommended_actions?.[0]?.id || null, match?.confidence || 0, JSON.stringify(contextKeys));
+  if (!match) {
+    const available = Object.keys(schema.intents || {});
+    return res.status(200).json({
+      domain: d, matched: false, intent,
+      hint: 'No intent matched. Provide one of the available intents.',
+      available_intents: available,
+    });
+  }
+  return res.json({
+    domain: d, matched: true, intent,
+    matched_intent_key: match.matched_intent_key,
+    confidence: match.confidence,
+    recommended_actions: match.recommended_actions,
+    required_fields: match.required_fields,
+    optional_fields: match.optional_fields,
+    description: match.description,
+    resolved_at: new Date().toISOString(),
+  });
+});
+// GET /api/intent/popular/:domain
+intentRouter.get('/popular/:domain', (req, res) => {
+  const domain = normDomain(req.params.domain);
+  if (!validDomain(domain)) return res.status(400).json({ error: 'invalid_domain' });
+  const rows = db.prepare(
+    `SELECT intent_key, COUNT(*) as count, AVG(confidence) as avg_confidence,
+       SUM(CASE WHEN matched_action IS NOT NULL THEN 1 ELSE 0 END) as matched_count
+     FROM intent_resolutions WHERE domain = ? AND created_at > datetime('now', '-30 days')
+     GROUP BY intent_key ORDER BY count DESC LIMIT 20`
+  ).all(domain);
+  return res.json({ domain, popular_intents: rows, window: '30d' });
+});
+// ─── Privacy Budget ───────────────────────────────────────────────────────────
+// Default budget template
+const DEFAULT_BUDGET = {
+  budget_version: '1.0',
+  allowed_data_categories: ['navigation', 'preferences'],
+  disallowed_data_categories: ['biometric', 'financial', 'health'],
+  max_fields_per_session: 5,
+  max_calls_per_minute: 60,
+  retention_policy: 'session_only',
+  purpose_limitation: 'agent_assistance_only',
+  gdpr_compliant: true,
+  ccpa_compliant: true,
+  lgpd_compliant: false,
+  data_residency: 'GLOBAL',
+};
+// GET /api/privacy/budget/:domain
+privacyRouter.get('/budget/:domain', (req, res) => {
+  const domain = normDomain(req.params.domain);
+  if (!validDomain(domain)) return res.status(400).json({ error: 'invalid_domain' });
+  const row = db.prepare(`SELECT * FROM privacy_budgets WHERE domain = ?`).get(domain);
+  if (!row) {
+    return res.json({ domain, budget: DEFAULT_BUDGET, source: 'default', hint: 'This domain has not declared a custom privacy budget. Defaults apply.' });
+  }
+  let budget;
+  try { budget = JSON.parse(row.budget_json); } catch (_) { budget = DEFAULT_BUDGET; }
+  return res.json({
+    domain, budget, source: 'declared', version: row.version,
+    gdpr_compliant: !!row.gdpr_compliant, ccpa_compliant: !!row.ccpa_compliant,
+    lgpd_compliant: !!row.lgpd_compliant, data_residency: row.data_residency,
+    updated_at: row.updated_at,
+  });
+});
+// POST /api/privacy/budget/declare
+privacyRouter.post('/budget/declare', express.json({ limit: '16kb' }), (req, res) => {
+  const { domain, budget, owner_token } = req.body || {};
+  if (!domain || !budget || typeof budget !== 'object') return res.status(400).json({ error: 'missing_fields', required: ['domain', 'budget'] });
+  const d = normDomain(domain);
+  if (!validDomain(d)) return res.status(400).json({ error: 'invalid_domain' });
+  // Validate critical fields
+  if (budget.max_fields_per_session != null && (budget.max_fields_per_session < 1 || budget.max_fields_per_session > 100))
+    return res.status(400).json({ error: 'max_fields_per_session must be 1-100' });
+  const tokenHash = owner_token ? crypto.createHash('sha256').update(String(owner_token)).digest('hex') : null;
+  const existing = db.prepare(`SELECT owner_token_hash, version FROM privacy_budgets WHERE domain = ?`).get(d);
+  if (existing?.owner_token_hash && tokenHash !== existing.owner_token_hash)
+    return res.status(403).json({ error: 'invalid_owner_token' });
+  const merged = { ...DEFAULT_BUDGET, ...budget };
+  const gdpr = merged.gdpr_compliant ? 1 : 0;
+  const ccpa = merged.ccpa_compliant ? 1 : 0;
+  const lgpd = merged.lgpd_compliant ? 1 : 0;
+  db.prepare(`
+    INSERT INTO privacy_budgets (domain, budget_json, gdpr_compliant, ccpa_compliant, lgpd_compliant,
+      data_residency, max_fields_per_session, owner_token_hash)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+    ON CONFLICT(domain) DO UPDATE SET
+      budget_json=excluded.budget_json, gdpr_compliant=excluded.gdpr_compliant,
+      ccpa_compliant=excluded.ccpa_compliant, lgpd_compliant=excluded.lgpd_compliant,
+      data_residency=excluded.data_residency, max_fields_per_session=excluded.max_fields_per_session,
+      version=version+1, updated_at=datetime('now')
+  `).run(d, JSON.stringify(merged), gdpr, ccpa, lgpd, merged.data_residency || 'GLOBAL', merged.max_fields_per_session || 5, tokenHash);
+  return res.status(201).json({ ok: true, domain: d, version: (existing?.version || 0) + 1 });
+});
+// POST /api/privacy/budget/check — Agent checks if a data request is within budget
+privacyRouter.post('/budget/check', express.json({ limit: '8kb' }), (req, res) => {
+  const { domain, requested_fields = [], purpose } = req.body || {};
+  if (!domain) return res.status(400).json({ error: 'missing_domain' });
+  const d = normDomain(domain);
+  if (!validDomain(d)) return res.status(400).json({ error: 'invalid_domain' });
+  const row = db.prepare(`SELECT * FROM privacy_budgets WHERE domain = ?`).get(d);
+  let budget;
+  try { budget = row ? JSON.parse(row.budget_json) : DEFAULT_BUDGET; } catch (_) { budget = DEFAULT_BUDGET; }
+  const fields = Array.isArray(requested_fields) ? requested_fields.slice(0, 50).map(f => String(f)) : [];
+  const maxFields = budget.max_fields_per_session || 5;
+  const disallowed = (budget.disallowed_data_categories || []);
+  const allowed = (budget.allowed_data_categories || []);
+  const withinLimit = fields.length <= maxFields;
+  const violations = [];
+  for (const field of fields) {
+    if (disallowed.some(cat => field.toLowerCase().includes(cat.toLowerCase()))) {
+      violations.push({ field, reason: 'disallowed_category' });
+    }
+  }
+  const approved = withinLimit && violations.length === 0;
+  return res.json({
+    domain: d, approved, field_count: fields.length, max_allowed: maxFields,
+    within_field_limit: withinLimit, violations,
+    gdpr_compliant: !!(row?.gdpr_compliant ?? budget.gdpr_compliant),
+    ccpa_compliant: !!(row?.ccpa_compliant ?? budget.ccpa_compliant),
+    purpose_ok: !purpose || (budget.purpose_limitation === 'any' || budget.purpose_limitation?.includes('agent') !== false),
+    budget_source: row ? 'declared' : 'default',
+    checked_at: new Date().toISOString(),
+  });
+});
+// GET /api/privacy/compliance/:domain — Badge data
+privacyRouter.get('/compliance/:domain', (req, res) => {
+  const domain = normDomain(req.params.domain);
+  if (!validDomain(domain)) return res.status(400).json({ error: 'invalid_domain' });
+  const row = db.prepare(`SELECT gdpr_compliant, ccpa_compliant, lgpd_compliant, data_residency, updated_at FROM privacy_budgets WHERE domain = ?`).get(domain);
+  const badges = [];
+  if (row?.gdpr_compliant) badges.push({ standard: 'GDPR', region: 'EU', color: '#003399' });
+  if (row?.ccpa_compliant) badges.push({ standard: 'CCPA', region: 'US-CA', color: '#003366' });
+  if (row?.lgpd_compliant) badges.push({ standard: 'LGPD', region: 'BR', color: '#009c3b' });
+  return res.json({ domain, badges, declared: !!row, updated_at: row?.updated_at });
+});
+module.exports = { intentRouter, privacyRouter };