npm - web-agent-bridge - Versions diffs - 3.4.0 → 3.8.1 - Mend

web-agent-bridge 3.4.0 → 3.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (310) hide show

package/LICENSE +84 -84
package/README.ar.md +1563 -1304
package/README.md +137 -298
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -237
package/bin/wab-init.js +244 -223
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -83
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -121
package/examples/cpanel-wab-dns.js +114 -114
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -166
package/examples/gcp-dns-wab.js +76 -76
package/examples/governance-agent.js +169 -169
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -103
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -144
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -96
package/examples/self-discovery.js +106 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -74
package/examples/wab-verify.js +60 -60
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +93 -93
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -8
package/public/.well-known/wab.json +28 -28
package/public/activate.html +448 -368
package/public/adopt.html +236 -0
package/public/adoption-metrics.html +188 -188
package/public/agent-workspace.html +359 -349
package/public/ai.html +198 -198
package/public/api.html +397 -413
package/public/azure-dns-integration.html +289 -289
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -380
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -398
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1401 -1263
package/public/dashboard-shieldlink.html +295 -0
package/public/dashboard.html +711 -707
package/public/dns.html +436 -436
package/public/docs.html +588 -588
package/public/enterprise-mesh.ar.html +80 -0
package/public/enterprise-mesh.html +81 -0
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -318
package/public/governance.ar.html +70 -0
package/public/governance.html +69 -0
package/public/growth.html +465 -465
package/public/index.html +1372 -1266
package/public/integrations.html +556 -556
package/public/js/activate.js +449 -145
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +117 -65
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -438
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/l-preview.html +242 -0
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/milestones.html +346 -0
package/public/one-click.html +779 -0
package/public/openapi.json +669 -669
package/public/partners.ar.html +145 -0
package/public/partners.html +143 -0
package/public/phone-shield.html +281 -281
package/public/plesk-integration.html +375 -375
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -172
package/public/provider-sandbox.html +134 -134
package/public/providers.html +359 -359
package/public/refusals.html +172 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -141
package/public/ring4.html +292 -0
package/public/robots.txt +99 -99
package/public/route53-integration.html +531 -531
package/public/score.html +263 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -8
package/public/shieldlink.html +244 -0
package/public/shieldqr.html +231 -231
package/public/sitemap.xml +13 -1
package/public/terms.html +256 -256
package/public/trust-graph-api.ar.html +92 -0
package/public/trust-graph-api.html +91 -0
package/public/wab-features.html +560 -0
package/public/wab-trust.html +200 -200
package/public/wab-truth.html +375 -0
package/public/wab-vs-protocols.html +210 -210
package/public/whitepaper.html +449 -449
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/auto-discovery.js +301 -288
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -262
package/sdk/index.d.ts +464 -464
package/sdk/index.js +649 -649
package/sdk/multi-agent.js +318 -318
package/sdk/safe-mode.js +221 -221
package/sdk/safety-shield.js +219 -219
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +412 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +790 -670
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/api-tier.js +170 -0
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -157
package/server/middleware/wab-trust.js +141 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/006_growth_suite.sql +138 -0
package/server/migrations/007_governance.sql +106 -106
package/server/migrations/008_plans.sql +144 -144
package/server/migrations/009_shieldqr.sql +30 -30
package/server/migrations/010_extended_trust.sql +33 -33
package/server/migrations/011_outreach.sql +47 -0
package/server/migrations/012_shieldlink.sql +116 -0
package/server/migrations/013_ct_monitor.sql +13 -0
package/server/migrations/014_wab_advanced_features.sql +128 -0
package/server/migrations/015_wab_truth_layer.sql +101 -0
package/server/migrations/016_ring4_external_trust.sql +84 -0
package/server/migrations/017_ring4_extensions.sql +69 -0
package/server/migrations/018_commercial_foundations.sql +167 -0
package/server/migrations/019_unify_tier_constraints.sql +133 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -740
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/activate.js +478 -0
package/server/routes/admin-outreach.js +239 -0
package/server/routes/admin-plans.js +76 -76
package/server/routes/admin-premium.js +674 -673
package/server/routes/admin-shieldlink.js +137 -0
package/server/routes/admin-shieldqr.js +90 -90
package/server/routes/admin-trust-monitor.js +139 -83
package/server/routes/admin.js +550 -549
package/server/routes/adopt.js +61 -0
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api-keys.js +127 -0
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -57
package/server/routes/commander.js +316 -316
package/server/routes/customer-shieldlink.js +133 -0
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -154
package/server/routes/diagnose.js +373 -0
package/server/routes/discovery.js +2348 -2348
package/server/routes/enterprise-mesh.js +170 -0
package/server/routes/gateway.js +173 -173
package/server/routes/governance-saas.js +203 -0
package/server/routes/governance.js +208 -208
package/server/routes/growth.js +1048 -0
package/server/routes/intent.js +328 -0
package/server/routes/license.js +251 -251
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/partners.js +201 -0
package/server/routes/plans.js +33 -33
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -650
package/server/routes/reputation.js +411 -0
package/server/routes/ring4.js +885 -0
package/server/routes/runtime.js +2148 -2148
package/server/routes/shieldlink.js +70 -0
package/server/routes/shieldqr.js +88 -88
package/server/routes/sovereign.js +465 -465
package/server/routes/truth-layer.js +670 -0
package/server/routes/universal.js +200 -200
package/server/routes/unsubscribe.js +51 -0
package/server/routes/wab-api.js +850 -850
package/server/routes/wab-cache.js +282 -0
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/secrets/wab-signing-key.pem +3 -0
package/server/secrets/wab-signing-pub.pem +3 -0
package/server/security/cross-site-redactor.js +196 -196
package/server/security/dry-run.js +180 -180
package/server/security/human-gate-rate-limit.js +147 -147
package/server/security/human-gate-transports.js +178 -178
package/server/security/human-gate.js +281 -281
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -245
package/server/security/reward-guard.js +171 -171
package/server/security/rollback-store.js +239 -239
package/server/security/token-scope.js +404 -404
package/server/security/url-policy.js +139 -139
package/server/services/adoption-agent.js +182 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -601
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -555
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -292
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -233
package/server/services/fairness-engine.js +409 -0
package/server/services/fairness.js +420 -0
package/server/services/governance.js +466 -466
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/outreach-agent.js +312 -0
package/server/services/plans.js +214 -214
package/server/services/plugins.js +771 -771
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -740
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldlink.js +492 -0
package/server/services/shieldqr.js +322 -322
package/server/services/sovereign-shield.js +542 -542
package/server/services/ssl-ct-monitor.js +224 -0
package/server/services/ssl-inspector.js +42 -42
package/server/services/ssl-monitor.js +167 -167
package/server/services/stripe.js +206 -205
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +662 -662
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -178
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -228
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/templates/ring4/banking-sovereign.yaml +55 -0
package/templates/ring4/ecommerce-sovereign.yaml +58 -0
package/templates/ring4/healthcare-sovereign.yaml +60 -0

package/server/services/outreach-agent.js ADDED Viewed

@@ -0,0 +1,312 @@
+/**
+ * Outreach Agent — site analysis, language detection, multilingual email drafts.
+ *
+ * Pipeline (per target URL):
+ *   1) discover() to extract metadata
+ *   2) Detect language from <html lang>, <meta>, content sniffing
+ *   3) Detect site kind (ecommerce / saas / blog / news / agency / static)
+ *   4) Pick relevant WAB features
+ *   5) Try to find a public contact email (mailto: in /, /contact, /about)
+ *   6) Compose subject + body in detected language
+ *
+ * STRICT HUMAN-IN-THE-LOOP:
+ *   • All drafts saved with status='pending'.
+ *   • Sending requires admin approval and respects the suppression list,
+ *     a global hourly throttle, and per-recipient cooldown (30 days).
+ */
+'use strict';
+const https = require('node:https');
+const http = require('node:http');
+const tls = require('node:tls');
+const crypto = require('node:crypto');
+const { URL } = require('node:url');
+const { discover } = require('../../sdk/auto-discovery');
+// ─── Defaults ─────────────────────────────────────────────────────────
+const FETCH_TIMEOUT = 9000;
+const USER_AGENT = 'WAB-OutreachAgent/1.0 (+https://www.webagentbridge.com/about)';
+const SUPPORTED_LANGS = ['en', 'ar', 'fr', 'es', 'de'];
+const FALLBACK_LANG = 'en';
+// ─── Tiny HTTP fetcher (no external deps) ─────────────────────────────
+function _fetch(urlStr, { timeoutMs = FETCH_TIMEOUT, maxBytes = 600 * 1024, headers = {} } = {}) {
+  return new Promise((resolve) => {
+    let url;
+    try { url = new URL(urlStr); } catch { return resolve(null); }
+    const lib = url.protocol === 'http:' ? http : https;
+    const req = lib.request({
+      method: 'GET',
+      host: url.hostname,
+      port: url.port || (url.protocol === 'http:' ? 80 : 443),
+      path: url.pathname + url.search,
+      headers: { 'user-agent': USER_AGENT, accept: 'text/html,*/*;q=0.8', ...headers },
+      timeout: timeoutMs,
+      rejectUnauthorized: false
+    }, (res) => {
+      // follow up to one redirect
+      if ([301, 302, 303, 307, 308].includes(res.statusCode) && res.headers.location && !headers._followed) {
+        try {
+          const next = new URL(res.headers.location, url).toString();
+          res.destroy();
+          return resolve(_fetch(next, { timeoutMs, maxBytes, headers: { ...headers, _followed: 1 } }));
+        } catch { /* fall through */ }
+      }
+      const chunks = []; let len = 0;
+      res.on('data', (c) => {
+        len += c.length;
+        if (len > maxBytes) { res.destroy(); return; }
+        chunks.push(c);
+      });
+      res.on('end', () => resolve({ status: res.statusCode, headers: res.headers, body: Buffer.concat(chunks).toString('utf8').slice(0, maxBytes) }));
+      res.on('error', () => resolve(null));
+    });
+    req.on('error', () => resolve(null));
+    req.on('timeout', () => { req.destroy(); resolve(null); });
+    req.end();
+  });
+}
+// ─── Language detection ──────────────────────────────────────────────
+function _detectLang(env, html) {
+  // 1) <html lang="..."> attribute
+  const m1 = (html || '').match(/<html[^>]*\blang\s*=\s*["']?([a-zA-Z\-]{2,8})/i);
+  if (m1) return _normalizeLang(m1[1]);
+  // 2) <meta http-equiv="content-language"> or <meta name="language">
+  const m2 = (html || '').match(/<meta[^>]*(?:http-equiv\s*=\s*["']?content-language|name\s*=\s*["']?(?:language|og:locale))["']?[^>]*content\s*=\s*["']?([a-zA-Z_\-]{2,8})/i);
+  if (m2) return _normalizeLang(m2[1]);
+  // 3) discover() locale hint
+  if (env && env.site && env.site.locale) return _normalizeLang(env.site.locale);
+  // 4) Content sniff (very light)
+  const text = (html || '').replace(/<[^>]+>/g, ' ').slice(0, 4000);
+  if (/[\u0600-\u06FF]/.test(text)) return 'ar';
+  if (/\b(le|la|les|des|nous|vous|votre|pour|avec|aussi|merci|bienvenue)\b/i.test(text)) return 'fr';
+  if (/\b(que|para|los|las|gracias|bienvenido|nuestro|también)\b/i.test(text)) return 'es';
+  if (/\b(und|der|die|das|für|mit|wir|sie|willkommen|unser)\b/i.test(text)) return 'de';
+  return FALLBACK_LANG;
+}
+function _normalizeLang(l) {
+  if (!l) return FALLBACK_LANG;
+  const base = String(l).toLowerCase().split(/[-_]/)[0];
+  return SUPPORTED_LANGS.includes(base) ? base : FALLBACK_LANG;
+}
+// ─── Site kind heuristics ────────────────────────────────────────────
+function _detectKind(env, html) {
+  const signals = [];
+  let kind = 'static';
+  const h = (html || '').toLowerCase();
+  if (/\bschema\.org\/product/i.test(html || '') || (env.products && env.products.length >= 2)) {
+    kind = 'ecommerce'; signals.push('schema.org/Product');
+  } else if (/<meta[^>]*woocommerce|wp-content\/plugins\/woocommerce|cdn\.shopify\.com|shopify\.com/i.test(html || '')) {
+    kind = 'ecommerce'; signals.push('shop platform');
+  } else if (/wp-content|wp-includes|wp-json/i.test(html || '')) {
+    kind = 'wordpress'; signals.push('wordpress');
+  } else if (/__next|next\.config|\/_next\//i.test(html || '')) {
+    kind = 'nextjs'; signals.push('nextjs');
+  } else if (/\bpricing\b|\bsign\s*up\b|\bsubscription\b|\bsaas\b|\bapi\b/i.test(h)) {
+    kind = 'saas'; signals.push('saas keywords');
+  } else if (/\bblog\b|\barticle\b|<article/i.test(html || '')) {
+    kind = 'blog'; signals.push('blog');
+  }
+  if (env.sitemap && env.sitemap.length > 50) signals.push(`sitemap(${env.sitemap.length})`);
+  return { kind, signals };
+}
+// ─── Feature suggestions per kind ────────────────────────────────────
+function _suggestFeatures(kind, env) {
+  const base = ['DNS Discovery (one-click activation)', 'wab.json action manifest'];
+  const map = {
+    ecommerce: [...base, 'ShieldQR signed catalog & checkout', 'SSL Monitor (cert expiry alerts)', 'Phone Shield for refund/order disputes', 'Schema discovery for AI shopping agents'],
+    saas:      [...base, 'Scoped tokens (rate-limited agent API keys)', 'Governance audit chain (HMAC tamper-evident logs)', 'Plans Gateway for tier upsell', 'Human-Gate for sensitive actions'],
+    wordpress: [...base, 'WordPress plugin (1-click install)', 'Comment shield + spam suppression', 'wab.json auto-generated from posts'],
+    nextjs:    [...base, '@webagentbridge/next zero-config middleware', 'Edge functions for /.well-known/wab.json', 'Auto-discovery of API routes'],
+    blog:      [...base, 'Sitemap → AI-readable index', 'Newsletter subscribe action for agents', 'Article schema for citation'],
+    news:      [...base, 'Article action manifest', 'DNS Discovery for AI assistants'],
+    static:    [...base, 'Cloudflare Worker zero-config snippet', 'Static .well-known/wab.json file']
+  };
+  const out = map[kind] || base;
+  if (env && env.products && env.products.length) out.push('Schema discovery (product graph already detected)');
+  return Array.from(new Set(out)).slice(0, 6);
+}
+// ─── Find a public contact email (mailto: only) ───────────────────────
+async function _findContactEmail(baseUrl) {
+  const candidates = ['/', '/contact', '/contact-us', '/contact.html', '/about', '/about-us', '/imprint', '/legal', '/contacto', '/kontakt', '/contactez-nous'];
+  const seen = new Set();
+  for (const path of candidates) {
+    try {
+      const u = new URL(path, baseUrl).toString();
+      if (seen.has(u)) continue; seen.add(u);
+      const r = await _fetch(u, { timeoutMs: 5000 });
+      if (!r || !r.body) continue;
+      const matches = r.body.match(/mailto:([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,})/g) || [];
+      const emails = matches.map((m) => m.replace(/^mailto:/, '').toLowerCase()).filter((e) => !/no-?reply|donot|wordpress@|admin@example/i.test(e));
+      if (emails.length) return { email: emails[0], source: u };
+    } catch { /* ignore */ }
+  }
+  return null;
+}
+// ─── TLS fingerprint (best effort) ────────────────────────────────────
+function _tlsFp(host, timeoutMs = 5000) {
+  return new Promise((resolve) => {
+    let done = false;
+    try {
+      const sock = tls.connect({ host, port: 443, servername: host, rejectUnauthorized: false }, () => {
+        if (done) return; done = true;
+        const c = sock.getPeerCertificate(false);
+        const fp = c && c.fingerprint256 ? String(c.fingerprint256).replace(/:/g, '').toLowerCase() : null;
+        sock.end(); resolve(fp);
+      });
+      sock.setTimeout(timeoutMs, () => { if (!done) { done = true; sock.destroy(); resolve(null); } });
+      sock.on('error', () => { if (!done) { done = true; resolve(null); } });
+    } catch { resolve(null); }
+  });
+}
+// ─── Multilingual templates ──────────────────────────────────────────
+const T = {
+  en: {
+    subject: (site) => `Make ${site} discoverable to AI agents — open protocol, 5-minute setup`,
+    greeting: (name) => `Hi ${name || 'there'},`,
+    intro: (site, kind) => `I noticed ${site} looks like a great ${kind} site. We built <b>Web Agent Bridge (WAB)</b> — an open AI ↔ Web protocol that lets AI agents (ChatGPT, Claude, Gemini, etc.) safely interact with your site through declared, signed actions instead of fragile HTML scraping.`,
+    why: 'Why now:',
+    cta: 'Try the one-click adoption agent',
+    closing: 'Best,',
+    signature: 'The Web Agent Bridge team',
+    unsubscribe: 'Don\'t want emails like this? Unsubscribe here',
+    footnote: 'Open Core — MIT-licensed core, opt-in commercial features. No tracking pixels in this email.'
+  },
+  ar: {
+    rtl: true,
+    subject: (site) => `اجعل ${site} قابلًا للاكتشاف من قِبَل وكلاء الذكاء الاصطناعي — بروتوكول مفتوح، إعداد في 5 دقائق`,
+    greeting: (name) => `مرحبًا${name ? ' ' + name : ''}،`,
+    intro: (site, kind) => `لاحظنا أن موقع ${site} يبدو موقع <b>${kind}</b> رائعًا. لقد قمنا ببناء <b>Web Agent Bridge (WAB)</b> — بروتوكول مفتوح للويب يربط بين وكلاء الذكاء الاصطناعي (ChatGPT، Claude، Gemini …) وموقعك عبر إجراءات مُعلنة وموقَّعة بدلاً من تحليل HTML الهش.`,
+    why: 'لماذا الآن:',
+    cta: 'جرّب وكيل التبنّي بنقرة واحدة',
+    closing: 'مع أطيب التحيات،',
+    signature: 'فريق Web Agent Bridge',
+    unsubscribe: 'لا ترغب في تلقّي مثل هذه الرسائل؟ إلغاء الاشتراك من هنا',
+    footnote: 'مفتوح المصدر (Open Core) — رخصة MIT للجزء الأساسي، ميزات تجارية اختيارية. لا توجد أيّة بكسلات تتبّع في هذا البريد.'
+  },
+  fr: {
+    subject: (site) => `Rendez ${site} découvrable par les agents IA — protocole ouvert, configuration en 5 minutes`,
+    greeting: (name) => `Bonjour${name ? ' ' + name : ''},`,
+    intro: (site, kind) => `Nous avons remarqué que ${site} semble être un excellent site ${kind}. Nous avons créé <b>Web Agent Bridge (WAB)</b> — un protocole IA ↔ Web ouvert qui permet aux agents IA (ChatGPT, Claude, Gemini, etc.) d'interagir avec votre site via des actions déclarées et signées plutôt que via du scraping HTML fragile.`,
+    why: 'Pourquoi maintenant :',
+    cta: 'Essayez l\'agent d\'adoption en un clic',
+    closing: 'Cordialement,',
+    signature: 'L\'équipe Web Agent Bridge',
+    unsubscribe: 'Vous ne souhaitez pas recevoir de tels emails ? Désabonnez-vous ici',
+    footnote: 'Open Core — noyau sous licence MIT, fonctionnalités commerciales optionnelles. Aucun pixel de suivi dans cet email.'
+  },
+  es: {
+    subject: (site) => `Haz que ${site} sea descubrible para agentes de IA — protocolo abierto, 5 min`,
+    greeting: (name) => `Hola${name ? ' ' + name : ''},`,
+    intro: (site, kind) => `Hemos visto que ${site} parece un excelente sitio ${kind}. Creamos <b>Web Agent Bridge (WAB)</b> — un protocolo IA ↔ Web abierto que permite que los agentes (ChatGPT, Claude, Gemini, etc.) interactúen con tu sitio mediante acciones declaradas y firmadas en lugar de scraping frágil.`,
+    why: 'Por qué ahora:',
+    cta: 'Prueba el agente de adopción de un clic',
+    closing: 'Saludos,',
+    signature: 'El equipo de Web Agent Bridge',
+    unsubscribe: '¿No deseas recibir estos correos? Cancela la suscripción aquí',
+    footnote: 'Open Core — núcleo MIT, funciones comerciales opcionales. Sin píxeles de seguimiento.'
+  },
+  de: {
+    subject: (site) => `Mach ${site} für KI-Agenten auffindbar — offenes Protokoll, in 5 Minuten`,
+    greeting: (name) => `Hallo${name ? ' ' + name : ''},`,
+    intro: (site, kind) => `Uns ist aufgefallen, dass ${site} eine ausgezeichnete ${kind}-Seite zu sein scheint. Wir haben <b>Web Agent Bridge (WAB)</b> entwickelt — ein offenes KI ↔ Web-Protokoll, mit dem KI-Agenten (ChatGPT, Claude, Gemini …) sicher mit Ihrer Website über deklarierte, signierte Aktionen interagieren statt über fragiles HTML-Scraping.`,
+    why: 'Warum jetzt:',
+    cta: 'Probieren Sie den 1-Klick-Adoptionsagenten',
+    closing: 'Beste Grüße,',
+    signature: 'Das Web Agent Bridge Team',
+    unsubscribe: 'Keine solchen E-Mails mehr? Hier abmelden',
+    footnote: 'Open Core — MIT-lizenzierter Kern, optionale kommerzielle Funktionen. Keine Tracking-Pixel.'
+  }
+};
+function _esc(s) { return String(s == null ? '' : s).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;'); }
+function _composeEmail({ host, kind, lang, features, recipientName, unsubscribeUrl, adoptUrl }) {
+  const t = T[lang] || T[FALLBACK_LANG];
+  const dir = t.rtl ? 'rtl' : 'ltr';
+  const align = t.rtl ? 'right' : 'left';
+  const subject = t.subject(host);
+  const featList = features.map((f) => `<li>${_esc(f)}</li>`).join('');
+  const html = `<div dir="${dir}" style="font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,Arial,sans-serif;max-width:620px;margin:0 auto;background:#0a0e1a;color:#e8eeff;padding:32px;border-radius:14px;text-align:${align};line-height:1.6">
+  <div style="text-align:center;margin-bottom:18px"><img src="https://www.webagentbridge.com/images/wab-logo-128.png" alt="WAB" width="64" height="64" style="border-radius:12px"/></div>
+  <p style="margin:0 0 14px">${_esc(t.greeting(recipientName))}</p>
+  <p style="margin:0 0 14px">${t.intro(_esc(host), _esc(kind))}</p>
+  <p style="margin:18px 0 6px;color:#a8b3cf"><b>${_esc(t.why)}</b></p>
+  <ul style="margin:0 0 18px;padding-${t.rtl ? 'right' : 'left'}:22px;color:#cfe7ff">${featList}</ul>
+  <p style="margin:22px 0"><a href="${_esc(adoptUrl)}" style="display:inline-block;background:linear-gradient(135deg,#7c5cff,#22d3ee);color:#0a0e1a;font-weight:700;padding:12px 22px;border-radius:10px;text-decoration:none">${_esc(t.cta)}</a></p>
+  <p style="margin:0 0 6px">${_esc(t.closing)}</p>
+  <p style="margin:0 0 18px;color:#a8b3cf">${_esc(t.signature)}<br><a href="https://www.webagentbridge.com" style="color:#22d3ee">webagentbridge.com</a></p>
+  <hr style="border:0;border-top:1px solid #1f2a44;margin:18px 0"/>
+  <p style="font-size:12px;color:#6a7793;margin:0 0 6px">${_esc(t.footnote)}</p>
+  <p style="font-size:12px;color:#6a7793;margin:0"><a href="${_esc(unsubscribeUrl)}" style="color:#6a7793">${_esc(t.unsubscribe)}</a></p>
+</div>`;
+  const text = `${t.greeting(recipientName)}\n\n${host} — ${kind}.\n\nWeb Agent Bridge (WAB) — open AI↔Web protocol.\n\n${t.why}\n${features.map((f) => '  • ' + f).join('\n')}\n\n${t.cta}: ${adoptUrl}\n\n${t.closing}\n${t.signature}\nhttps://www.webagentbridge.com\n\n${t.footnote}\n${t.unsubscribe}: ${unsubscribeUrl}\n`;
+  return { subject, html, text, lang, dir };
+}
+// ─── Public API ───────────────────────────────────────────────────────
+/**
+ * Analyze a single URL and return a draft outreach package (no email sent).
+ *
+ * @param {string} siteUrl
+ * @param {object} [opts]
+ * @returns {Promise<object>}
+ */
+async function analyzeSite(siteUrl, opts = {}) {
+  if (!siteUrl) return { ok: false, error: 'missing url' };
+  if (!/^https?:\/\//i.test(siteUrl)) siteUrl = `https://${siteUrl}`;
+  let host, baseUrl;
+  try { const u = new URL(siteUrl); host = u.hostname; baseUrl = `${u.protocol}//${u.hostname}`; }
+  catch { return { ok: false, error: 'invalid url' }; }
+  const env = await discover(baseUrl, { timeoutMs: opts.timeoutMs || FETCH_TIMEOUT });
+  const root = await _fetch(baseUrl, { timeoutMs: 6000 });
+  const html = (root && root.body) || '';
+  const lang = _detectLang(env, html);
+  const { kind, signals } = _detectKind(env, html);
+  const features = _suggestFeatures(kind, env);
+  const contact = await _findContactEmail(baseUrl);
+  const tlsFp = await _tlsFp(host);
+  const unsubToken = crypto.randomBytes(16).toString('hex');
+  const publicBase = opts.publicBase || 'https://www.webagentbridge.com';
+  const unsubscribeUrl = `${publicBase}/unsubscribe?token=${unsubToken}`;
+  const adoptUrl = `${publicBase}/adopt?url=${encodeURIComponent(baseUrl)}`;
+  const draft = _composeEmail({
+    host, kind, lang, features,
+    recipientName: '',
+    unsubscribeUrl, adoptUrl
+  });
+  return {
+    ok: true,
+    site_url: baseUrl,
+    host,
+    contact_email: contact ? contact.email : null,
+    contact_source: contact ? contact.source : null,
+    detected_lang: lang,
+    site_kind: kind,
+    signals,
+    suggested_features: features,
+    tls_fingerprint: tlsFp,
+    unsubscribe_token: unsubToken,
+    draft
+  };
+}
+module.exports = {
+  analyzeSite,
+  // exported for the route + tests
+  _detectLang, _detectKind, _suggestFeatures, _composeEmail, SUPPORTED_LANGS
+};