web-agent-bridge 3.4.0 → 3.8.1

package/server/migrations/008_plans.sql

@@ -1,144 +1,144 @@
--- Migration 008: Plans Management
--- Database-driven plans + feature catalog so admins can add/edit plans,
--- toggle which features each plan includes, and have changes flow live to
--- the landing page pricing section AND the Stripe checkout flow.
---
--- Backwards-compatible: legacy code paths that look up tiers by slug
--- ('free' | 'starter' | 'pro' | 'enterprise') keep working — those slugs
--- are seeded as plan ids below.
---
--- An older `plans` table (different schema: tier/price/etc.) may exist from
--- a previous admin dashboard iteration. Its rows are pure default seeds with
--- no FK references, so we drop it and recreate with the new schema.
-
-DROP TABLE IF EXISTS plans;
-
-CREATE TABLE plans (
-  id              TEXT PRIMARY KEY,            -- slug, lowercase, e.g. 'free' / 'pro' / 'business' / 'enterprise'
-  name            TEXT NOT NULL,
-  tagline         TEXT,
-  description     TEXT,
-  price_cents     INTEGER NOT NULL DEFAULT 0,
-  currency        TEXT NOT NULL DEFAULT 'EUR',
-  billing_period  TEXT NOT NULL DEFAULT 'month'
-                  CHECK(billing_period IN ('month','year','one_time','custom')),
-  stripe_price_id TEXT,
-  cta_type        TEXT NOT NULL DEFAULT 'checkout'
-                  CHECK(cta_type IN ('checkout','register','contact','external')),
-  cta_label       TEXT,
-  cta_url         TEXT,
-  highlight       INTEGER NOT NULL DEFAULT 0,
-  is_public       INTEGER NOT NULL DEFAULT 1,
-  is_archived     INTEGER NOT NULL DEFAULT 0,
-  sort_order      INTEGER NOT NULL DEFAULT 100,
-  features_json   TEXT NOT NULL DEFAULT '{}',
-  limits_json     TEXT NOT NULL DEFAULT '{}',
-  created_at      DATETIME DEFAULT CURRENT_TIMESTAMP,
-  updated_at      DATETIME DEFAULT CURRENT_TIMESTAMP
-);
-
-CREATE INDEX IF NOT EXISTS idx_plans_public_archived ON plans(is_public, is_archived, sort_order);
-
-CREATE TABLE IF NOT EXISTS feature_catalog (
-  feature_key     TEXT PRIMARY KEY,
-  label           TEXT NOT NULL,
-  description     TEXT,
-  category        TEXT NOT NULL DEFAULT 'general',
-  is_open_source  INTEGER NOT NULL DEFAULT 0,
-  sort_order      INTEGER NOT NULL DEFAULT 100,
-  created_at      DATETIME DEFAULT CURRENT_TIMESTAMP
-);
-
--- Feature catalog (open-source / always-free first, then paid features)
-INSERT OR IGNORE INTO feature_catalog (feature_key, label, description, category, is_open_source, sort_order) VALUES
-  -- Always-free / open core
-  ('protocol',              'WAP Protocol Core',           'Open Web Agent Protocol — schema, discovery, permissions',  'core',          1, 10),
-  ('sdk',                   'SDK & Client Runtime',        'JavaScript SDK and client integrations',                    'core',          1, 20),
-  ('browserExecution',      'Browser Execution Layer',     'Basic browser automation primitives',                       'core',          1, 30),
-  ('adapters',              'MCP / REST / Browser Adapters','Adapters for MCP, REST APIs, and browser back-ends',       'core',          1, 40),
-  ('registryRead',          'Public Registry (read-only)', 'Browse commands, sites and templates',                      'core',          1, 50),
-  ('agentRegistration',     'Agent Registration',          'Register agents and obtain credentials',                    'core',          1, 60),
-  ('basicAuth',             'Basic Authentication',        'API keys and basic auth flows',                             'core',          1, 70),
-  ('discovery',             'DNS / .well-known Discovery', 'Service discovery via DNS TXT and /.well-known/',           'core',          1, 80),
-  ('capabilityNegotiation', 'Capability Negotiation',      'Capability handshake between agent and site',               'core',          1, 90),
-  ('semanticActions',       'Semantic Actions',            'Built-in semantic actions catalog',                         'core',          1,100),
-  ('communityTemplates',    'Community Templates',         'Public template library',                                   'core',          1,110),
-
-  -- Workspace / orchestration
-  ('workspace',             'Control Plane / Workspace',   'Web dashboard, monitoring and agent management',            'workspace',     0,200),
-  ('advancedOrchestration', 'Advanced Orchestration',      'Scheduling, retries, pipelines, distributed execution',     'workspace',     0,210),
-  ('observability',         'Observability',               'Tracing, metrics, logs and performance insights',           'workspace',     0,220),
-  ('failureAnalysis',       'Failure Analysis',            'Debugging tools and root-cause reports',                    'workspace',     0,230),
-  ('replayEngine',          'Replay Engine',               'Record and replay agent runs',                              'workspace',     0,240),
-  ('advancedAnalytics',     'Advanced Analytics',          'Detailed analytics dashboards and exports',                 'workspace',     0,250),
-  ('dataExtraction',        'Data Extraction',             'Structured data extraction and export',                     'workspace',     0,260),
-  ('agentMemory',           'Agent Memory Engine',         'Persistent context and long-term memory for agents',        'workspace',     0,270),
-  ('llmInference',          'LLM Inference',               'Built-in LLM inference via the platform',                   'workspace',     0,280),
-
-  -- Premium / business
-  ('hostedRuntime',         'Hosted Runtime (Cloud Exec)', 'Auto-scaling hosted execution environment',                 'premium',       0,300),
-  ('marketplace',           'Marketplace (Publish & Sell)','Publish agents and templates on the marketplace',           'premium',       0,310),
-  ('certification',         'Agent Certification',         'Verified agent identity badge',                             'premium',       0,320),
-  ('trafficIntelligence',   'Traffic Intelligence',        'Agent profiling, anomaly detection and reporting',          'premium',       0,330),
-  ('exploitShield',         'Exploit Shield',              'Block malicious agents at the edge',                        'premium',       0,340),
-  ('visionAnalysis',        'Vision Analysis',             'Visual page inspection (computer-vision pipeline)',         'premium',       0,350),
-  ('swarmExecution',        'Swarm / Multi-Agent',         'Coordinated multi-agent (swarm) execution',                 'premium',       0,360),
-  ('auditLog',              'Audit Logs',                  'Tamper-evident HMAC-chained audit history',                 'premium',       0,370),
-  ('customDomain',          'Custom Domain / White-label', 'Serve the workspace on your own domain',                    'premium',       0,380),
-  ('governanceLayer',       'Agent Governance Layer',      'Policies, approvals, kill switch and spend limits',         'premium',       0,390),
-
-  -- Enterprise
-  ('enterpriseSecurity',    'Enterprise Security',         'Request signing, IP allowlists, SSO/SAML',                  'enterprise',    0,400),
-  ('prioritySupport',       'Priority Support',            'Dedicated SLA-backed support channel',                      'enterprise',    0,410),
-  ('sla',                   'Uptime SLA',                  'Contractual uptime SLA',                                    'enterprise',    0,420),
-  ('customDevelopment',     'Custom Development',          'Bespoke engineering and integrations',                      'enterprise',    0,430),
-  ('dedicatedInfra',        'Dedicated Infrastructure',    'Isolated single-tenant deployment',                         'enterprise',    0,440);
-
--- Seed the four canonical plans (admin can edit/add later).
--- features_json keys MUST match feature_catalog.feature_key.
-INSERT OR IGNORE INTO plans
-  (id, name, tagline, description, price_cents, currency, billing_period, cta_type, cta_label, cta_url, highlight, sort_order, features_json, limits_json)
-VALUES
-  ('free',
-   'Free',
-   'Open-source core, forever free',
-   'WAP protocol, SDK, discovery and the entire open-source surface — for developers and integrators.',
-   0, 'EUR', 'month',
-   'register', 'Get started for free', '/register',
-   0, 10,
-   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true}',
-   '{"agents":3,"tasksPerDay":50,"executionsPerDay":100,"sessions":5,"maxConcurrency":2,"replayRecordings":10,"computeMinutesPerDay":10,"storageMB":50,"webhooks":1,"customAgents":1,"apiCallsPerMinute":20}'
-  ),
-
-  ('pro',
-   'Pro',
-   'For developers shipping production agents',
-   'Everything in Free plus the workspace, observability, replay engine, advanced orchestration and analytics.',
-   1000, 'EUR', 'month',
-   'checkout', 'Start Pro', NULL,
-   1, 20,
-   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true,"workspace":true,"advancedOrchestration":true,"observability":true,"failureAnalysis":true,"replayEngine":true,"advancedAnalytics":true,"dataExtraction":true,"agentMemory":true,"llmInference":true}',
-   '{"agents":25,"tasksPerDay":2000,"executionsPerDay":5000,"sessions":50,"maxConcurrency":10,"replayRecordings":500,"computeMinutesPerDay":180,"storageMB":2000,"webhooks":10,"customAgents":10,"apiCallsPerMinute":120}'
-  ),
-
-  ('business',
-   'Business',
-   'All paid features, ready for scale',
-   'Everything in Pro plus hosted runtime, marketplace, vision, swarm, traffic intelligence, exploit shield, audit logs, custom domain and governance.',
-   2900, 'EUR', 'month',
-   'checkout', 'Start Business', NULL,
-   0, 30,
-   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true,"workspace":true,"advancedOrchestration":true,"observability":true,"failureAnalysis":true,"replayEngine":true,"advancedAnalytics":true,"dataExtraction":true,"agentMemory":true,"llmInference":true,"hostedRuntime":true,"marketplace":true,"certification":true,"trafficIntelligence":true,"exploitShield":true,"visionAnalysis":true,"swarmExecution":true,"auditLog":true,"customDomain":true,"governanceLayer":true}',
-   '{"agents":100,"tasksPerDay":20000,"executionsPerDay":50000,"sessions":250,"maxConcurrency":40,"replayRecordings":5000,"computeMinutesPerDay":600,"storageMB":10000,"webhooks":50,"customAgents":50,"apiCallsPerMinute":300}'
-  ),
-
-  ('enterprise',
-   'Enterprise',
-   'Custom-built for organisations',
-   'Everything in Business plus enterprise security, dedicated infrastructure, custom development, priority support and a contractual uptime SLA. Pricing is tailored to your scope.',
-   0, 'EUR', 'custom',
-   'contact', 'Contact sales', 'mailto:sales@webagentbridge.com',
-   0, 40,
-   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true,"workspace":true,"advancedOrchestration":true,"observability":true,"failureAnalysis":true,"replayEngine":true,"advancedAnalytics":true,"dataExtraction":true,"agentMemory":true,"llmInference":true,"hostedRuntime":true,"marketplace":true,"certification":true,"trafficIntelligence":true,"exploitShield":true,"visionAnalysis":true,"swarmExecution":true,"auditLog":true,"customDomain":true,"governanceLayer":true,"enterpriseSecurity":true,"prioritySupport":true,"sla":true,"customDevelopment":true,"dedicatedInfra":true}',
-   '{"agents":-1,"tasksPerDay":-1,"executionsPerDay":-1,"sessions":-1,"maxConcurrency":-1,"replayRecordings":-1,"computeMinutesPerDay":-1,"storageMB":-1,"webhooks":-1,"customAgents":-1,"apiCallsPerMinute":-1}'
-  );
+-- Migration 008: Plans Management
+-- Database-driven plans + feature catalog so admins can add/edit plans,
+-- toggle which features each plan includes, and have changes flow live to
+-- the landing page pricing section AND the Stripe checkout flow.
+--
+-- Backwards-compatible: legacy code paths that look up tiers by slug
+-- ('free' | 'starter' | 'pro' | 'enterprise') keep working — those slugs
+-- are seeded as plan ids below.
+--
+-- An older `plans` table (different schema: tier/price/etc.) may exist from
+-- a previous admin dashboard iteration. Its rows are pure default seeds with
+-- no FK references, so we drop it and recreate with the new schema.
+
+DROP TABLE IF EXISTS plans;
+
+CREATE TABLE plans (
+  id              TEXT PRIMARY KEY,            -- slug, lowercase, e.g. 'free' / 'pro' / 'business' / 'enterprise'
+  name            TEXT NOT NULL,
+  tagline         TEXT,
+  description     TEXT,
+  price_cents     INTEGER NOT NULL DEFAULT 0,
+  currency        TEXT NOT NULL DEFAULT 'EUR',
+  billing_period  TEXT NOT NULL DEFAULT 'month'
+                  CHECK(billing_period IN ('month','year','one_time','custom')),
+  stripe_price_id TEXT,
+  cta_type        TEXT NOT NULL DEFAULT 'checkout'
+                  CHECK(cta_type IN ('checkout','register','contact','external')),
+  cta_label       TEXT,
+  cta_url         TEXT,
+  highlight       INTEGER NOT NULL DEFAULT 0,
+  is_public       INTEGER NOT NULL DEFAULT 1,
+  is_archived     INTEGER NOT NULL DEFAULT 0,
+  sort_order      INTEGER NOT NULL DEFAULT 100,
+  features_json   TEXT NOT NULL DEFAULT '{}',
+  limits_json     TEXT NOT NULL DEFAULT '{}',
+  created_at      DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updated_at      DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE INDEX IF NOT EXISTS idx_plans_public_archived ON plans(is_public, is_archived, sort_order);
+
+CREATE TABLE IF NOT EXISTS feature_catalog (
+  feature_key     TEXT PRIMARY KEY,
+  label           TEXT NOT NULL,
+  description     TEXT,
+  category        TEXT NOT NULL DEFAULT 'general',
+  is_open_source  INTEGER NOT NULL DEFAULT 0,
+  sort_order      INTEGER NOT NULL DEFAULT 100,
+  created_at      DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+-- Feature catalog (open-source / always-free first, then paid features)
+INSERT OR IGNORE INTO feature_catalog (feature_key, label, description, category, is_open_source, sort_order) VALUES
+  -- Always-free / open core
+  ('protocol',              'WAP Protocol Core',           'Open Web Agent Protocol — schema, discovery, permissions',  'core',          1, 10),
+  ('sdk',                   'SDK & Client Runtime',        'JavaScript SDK and client integrations',                    'core',          1, 20),
+  ('browserExecution',      'Browser Execution Layer',     'Basic browser automation primitives',                       'core',          1, 30),
+  ('adapters',              'MCP / REST / Browser Adapters','Adapters for MCP, REST APIs, and browser back-ends',       'core',          1, 40),
+  ('registryRead',          'Public Registry (read-only)', 'Browse commands, sites and templates',                      'core',          1, 50),
+  ('agentRegistration',     'Agent Registration',          'Register agents and obtain credentials',                    'core',          1, 60),
+  ('basicAuth',             'Basic Authentication',        'API keys and basic auth flows',                             'core',          1, 70),
+  ('discovery',             'DNS / .well-known Discovery', 'Service discovery via DNS TXT and /.well-known/',           'core',          1, 80),
+  ('capabilityNegotiation', 'Capability Negotiation',      'Capability handshake between agent and site',               'core',          1, 90),
+  ('semanticActions',       'Semantic Actions',            'Built-in semantic actions catalog',                         'core',          1,100),
+  ('communityTemplates',    'Community Templates',         'Public template library',                                   'core',          1,110),
+
+  -- Workspace / orchestration
+  ('workspace',             'Control Plane / Workspace',   'Web dashboard, monitoring and agent management',            'workspace',     0,200),
+  ('advancedOrchestration', 'Advanced Orchestration',      'Scheduling, retries, pipelines, distributed execution',     'workspace',     0,210),
+  ('observability',         'Observability',               'Tracing, metrics, logs and performance insights',           'workspace',     0,220),
+  ('failureAnalysis',       'Failure Analysis',            'Debugging tools and root-cause reports',                    'workspace',     0,230),
+  ('replayEngine',          'Replay Engine',               'Record and replay agent runs',                              'workspace',     0,240),
+  ('advancedAnalytics',     'Advanced Analytics',          'Detailed analytics dashboards and exports',                 'workspace',     0,250),
+  ('dataExtraction',        'Data Extraction',             'Structured data extraction and export',                     'workspace',     0,260),
+  ('agentMemory',           'Agent Memory Engine',         'Persistent context and long-term memory for agents',        'workspace',     0,270),
+  ('llmInference',          'LLM Inference',               'Built-in LLM inference via the platform',                   'workspace',     0,280),
+
+  -- Premium / business
+  ('hostedRuntime',         'Hosted Runtime (Cloud Exec)', 'Auto-scaling hosted execution environment',                 'premium',       0,300),
+  ('marketplace',           'Marketplace (Publish & Sell)','Publish agents and templates on the marketplace',           'premium',       0,310),
+  ('certification',         'Agent Certification',         'Verified agent identity badge',                             'premium',       0,320),
+  ('trafficIntelligence',   'Traffic Intelligence',        'Agent profiling, anomaly detection and reporting',          'premium',       0,330),
+  ('exploitShield',         'Exploit Shield',              'Block malicious agents at the edge',                        'premium',       0,340),
+  ('visionAnalysis',        'Vision Analysis',             'Visual page inspection (computer-vision pipeline)',         'premium',       0,350),
+  ('swarmExecution',        'Swarm / Multi-Agent',         'Coordinated multi-agent (swarm) execution',                 'premium',       0,360),
+  ('auditLog',              'Audit Logs',                  'Tamper-evident HMAC-chained audit history',                 'premium',       0,370),
+  ('customDomain',          'Custom Domain / White-label', 'Serve the workspace on your own domain',                    'premium',       0,380),
+  ('governanceLayer',       'Agent Governance Layer',      'Policies, approvals, kill switch and spend limits',         'premium',       0,390),
+
+  -- Enterprise
+  ('enterpriseSecurity',    'Enterprise Security',         'Request signing, IP allowlists, SSO/SAML',                  'enterprise',    0,400),
+  ('prioritySupport',       'Priority Support',            'Dedicated SLA-backed support channel',                      'enterprise',    0,410),
+  ('sla',                   'Uptime SLA',                  'Contractual uptime SLA',                                    'enterprise',    0,420),
+  ('customDevelopment',     'Custom Development',          'Bespoke engineering and integrations',                      'enterprise',    0,430),
+  ('dedicatedInfra',        'Dedicated Infrastructure',    'Isolated single-tenant deployment',                         'enterprise',    0,440);
+
+-- Seed the four canonical plans (admin can edit/add later).
+-- features_json keys MUST match feature_catalog.feature_key.
+INSERT OR IGNORE INTO plans
+  (id, name, tagline, description, price_cents, currency, billing_period, cta_type, cta_label, cta_url, highlight, sort_order, features_json, limits_json)
+VALUES
+  ('free',
+   'Free',
+   'Open-source core, forever free',
+   'WAP protocol, SDK, discovery and the entire open-source surface — for developers and integrators.',
+   0, 'EUR', 'month',
+   'register', 'Get started for free', '/register',
+   0, 10,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true}',
+   '{"agents":3,"tasksPerDay":50,"executionsPerDay":100,"sessions":5,"maxConcurrency":2,"replayRecordings":10,"computeMinutesPerDay":10,"storageMB":50,"webhooks":1,"customAgents":1,"apiCallsPerMinute":20}'
+  ),
+
+  ('pro',
+   'Pro',
+   'For developers shipping production agents',
+   'Everything in Free plus the workspace, observability, replay engine, advanced orchestration and analytics.',
+   1000, 'EUR', 'month',
+   'checkout', 'Start Pro', NULL,
+   1, 20,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true,"workspace":true,"advancedOrchestration":true,"observability":true,"failureAnalysis":true,"replayEngine":true,"advancedAnalytics":true,"dataExtraction":true,"agentMemory":true,"llmInference":true}',
+   '{"agents":25,"tasksPerDay":2000,"executionsPerDay":5000,"sessions":50,"maxConcurrency":10,"replayRecordings":500,"computeMinutesPerDay":180,"storageMB":2000,"webhooks":10,"customAgents":10,"apiCallsPerMinute":120}'
+  ),
+
+  ('business',
+   'Business',
+   'All paid features, ready for scale',
+   'Everything in Pro plus hosted runtime, marketplace, vision, swarm, traffic intelligence, exploit shield, audit logs, custom domain and governance.',
+   2900, 'EUR', 'month',
+   'checkout', 'Start Business', NULL,
+   0, 30,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true,"workspace":true,"advancedOrchestration":true,"observability":true,"failureAnalysis":true,"replayEngine":true,"advancedAnalytics":true,"dataExtraction":true,"agentMemory":true,"llmInference":true,"hostedRuntime":true,"marketplace":true,"certification":true,"trafficIntelligence":true,"exploitShield":true,"visionAnalysis":true,"swarmExecution":true,"auditLog":true,"customDomain":true,"governanceLayer":true}',
+   '{"agents":100,"tasksPerDay":20000,"executionsPerDay":50000,"sessions":250,"maxConcurrency":40,"replayRecordings":5000,"computeMinutesPerDay":600,"storageMB":10000,"webhooks":50,"customAgents":50,"apiCallsPerMinute":300}'
+  ),
+
+  ('enterprise',
+   'Enterprise',
+   'Custom-built for organisations',
+   'Everything in Business plus enterprise security, dedicated infrastructure, custom development, priority support and a contractual uptime SLA. Pricing is tailored to your scope.',
+   0, 'EUR', 'custom',
+   'contact', 'Contact sales', 'mailto:sales@webagentbridge.com',
+   0, 40,
+   '{"protocol":true,"sdk":true,"browserExecution":true,"adapters":true,"registryRead":true,"agentRegistration":true,"basicAuth":true,"discovery":true,"capabilityNegotiation":true,"semanticActions":true,"communityTemplates":true,"workspace":true,"advancedOrchestration":true,"observability":true,"failureAnalysis":true,"replayEngine":true,"advancedAnalytics":true,"dataExtraction":true,"agentMemory":true,"llmInference":true,"hostedRuntime":true,"marketplace":true,"certification":true,"trafficIntelligence":true,"exploitShield":true,"visionAnalysis":true,"swarmExecution":true,"auditLog":true,"customDomain":true,"governanceLayer":true,"enterpriseSecurity":true,"prioritySupport":true,"sla":true,"customDevelopment":true,"dedicatedInfra":true}',
+   '{"agents":-1,"tasksPerDay":-1,"executionsPerDay":-1,"sessions":-1,"maxConcurrency":-1,"replayRecordings":-1,"computeMinutesPerDay":-1,"storageMB":-1,"webhooks":-1,"customAgents":-1,"apiCallsPerMinute":-1}'
+  );

package/server/migrations/009_shieldqr.sql

@@ -1,30 +1,30 @@
--- Migration 009: WAB ShieldQR scan history + reports
-CREATE TABLE IF NOT EXISTS shieldqr_scans (
-  id            INTEGER PRIMARY KEY AUTOINCREMENT,
-  url           TEXT NOT NULL,
-  host          TEXT,
-  level         TEXT NOT NULL CHECK(level IN ('green','yellow','red')),
-  score         INTEGER NOT NULL DEFAULT 0,
-  signals_json  TEXT NOT NULL DEFAULT '[]',
-  trust_ok      INTEGER NOT NULL DEFAULT 0,
-  ssl_ok        INTEGER NOT NULL DEFAULT 0,
-  user_id       TEXT,
-  ip            TEXT,
-  user_agent    TEXT,
-  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP
-);
-CREATE INDEX IF NOT EXISTS idx_shieldqr_scans_host_created ON shieldqr_scans(host, created_at DESC);
-CREATE INDEX IF NOT EXISTS idx_shieldqr_scans_level_created ON shieldqr_scans(level, created_at DESC);
-
-CREATE TABLE IF NOT EXISTS shieldqr_reports (
-  id            INTEGER PRIMARY KEY AUTOINCREMENT,
-  scan_id       INTEGER REFERENCES shieldqr_scans(id) ON DELETE SET NULL,
-  url           TEXT NOT NULL,
-  reason        TEXT,
-  reporter_id   TEXT,
-  reporter_ip   TEXT,
-  status        TEXT NOT NULL DEFAULT 'open' CHECK(status IN ('open','reviewing','resolved','rejected')),
-  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP,
-  resolved_at   DATETIME
-);
-CREATE INDEX IF NOT EXISTS idx_shieldqr_reports_status ON shieldqr_reports(status, created_at DESC);
+-- Migration 009: WAB ShieldQR scan history + reports
+CREATE TABLE IF NOT EXISTS shieldqr_scans (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  url           TEXT NOT NULL,
+  host          TEXT,
+  level         TEXT NOT NULL CHECK(level IN ('green','yellow','red')),
+  score         INTEGER NOT NULL DEFAULT 0,
+  signals_json  TEXT NOT NULL DEFAULT '[]',
+  trust_ok      INTEGER NOT NULL DEFAULT 0,
+  ssl_ok        INTEGER NOT NULL DEFAULT 0,
+  user_id       TEXT,
+  ip            TEXT,
+  user_agent    TEXT,
+  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_shieldqr_scans_host_created ON shieldqr_scans(host, created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_shieldqr_scans_level_created ON shieldqr_scans(level, created_at DESC);
+
+CREATE TABLE IF NOT EXISTS shieldqr_reports (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  scan_id       INTEGER REFERENCES shieldqr_scans(id) ON DELETE SET NULL,
+  url           TEXT NOT NULL,
+  reason        TEXT,
+  reporter_id   TEXT,
+  reporter_ip   TEXT,
+  status        TEXT NOT NULL DEFAULT 'open' CHECK(status IN ('open','reviewing','resolved','rejected')),
+  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP,
+  resolved_at   DATETIME
+);
+CREATE INDEX IF NOT EXISTS idx_shieldqr_reports_status ON shieldqr_reports(status, created_at DESC);

package/server/migrations/010_extended_trust.sql

@@ -1,33 +1,33 @@
--- Migration 010: WAB Extended Trust — Certificate Companion & SSL Health Monitoring
--- Per-domain SSL certificate history (Certificate Transparency log) +
--- live SSL monitoring state for the trust dashboard.
-
-CREATE TABLE IF NOT EXISTS cert_history (
-  id                INTEGER PRIMARY KEY AUTOINCREMENT,
-  host              TEXT NOT NULL,
-  fingerprint_sha256 TEXT NOT NULL,
-  issuer            TEXT,
-  subject           TEXT,
-  serial            TEXT,
-  valid_from        TEXT,
-  valid_to          TEXT,
-  observed_at       DATETIME DEFAULT CURRENT_TIMESTAMP,
-  source            TEXT DEFAULT 'monitor'  -- 'monitor' | 'shieldqr' | 'sign'
-);
-CREATE INDEX IF NOT EXISTS idx_cert_history_host_observed ON cert_history(host, observed_at DESC);
-CREATE UNIQUE INDEX IF NOT EXISTS idx_cert_history_host_fp ON cert_history(host, fingerprint_sha256);
-
-CREATE TABLE IF NOT EXISTS ssl_monitor (
-  host              TEXT PRIMARY KEY,
-  fingerprint_sha256 TEXT,
-  issuer            TEXT,
-  valid_to          TEXT,
-  days_until_expiry INTEGER,
-  status            TEXT,                  -- 'active' | 'expiring' | 'expired' | 'error'
-  error             TEXT,
-  last_checked_at   DATETIME,
-  last_alert_at     DATETIME,
-  enabled           INTEGER NOT NULL DEFAULT 1,
-  owner_user_id     TEXT
-);
-CREATE INDEX IF NOT EXISTS idx_ssl_monitor_status ON ssl_monitor(status, valid_to);
+-- Migration 010: WAB Extended Trust — Certificate Companion & SSL Health Monitoring
+-- Per-domain SSL certificate history (Certificate Transparency log) +
+-- live SSL monitoring state for the trust dashboard.
+
+CREATE TABLE IF NOT EXISTS cert_history (
+  id                INTEGER PRIMARY KEY AUTOINCREMENT,
+  host              TEXT NOT NULL,
+  fingerprint_sha256 TEXT NOT NULL,
+  issuer            TEXT,
+  subject           TEXT,
+  serial            TEXT,
+  valid_from        TEXT,
+  valid_to          TEXT,
+  observed_at       DATETIME DEFAULT CURRENT_TIMESTAMP,
+  source            TEXT DEFAULT 'monitor'  -- 'monitor' | 'shieldqr' | 'sign'
+);
+CREATE INDEX IF NOT EXISTS idx_cert_history_host_observed ON cert_history(host, observed_at DESC);
+CREATE UNIQUE INDEX IF NOT EXISTS idx_cert_history_host_fp ON cert_history(host, fingerprint_sha256);
+
+CREATE TABLE IF NOT EXISTS ssl_monitor (
+  host              TEXT PRIMARY KEY,
+  fingerprint_sha256 TEXT,
+  issuer            TEXT,
+  valid_to          TEXT,
+  days_until_expiry INTEGER,
+  status            TEXT,                  -- 'active' | 'expiring' | 'expired' | 'error'
+  error             TEXT,
+  last_checked_at   DATETIME,
+  last_alert_at     DATETIME,
+  enabled           INTEGER NOT NULL DEFAULT 1,
+  owner_user_id     TEXT
+);
+CREATE INDEX IF NOT EXISTS idx_ssl_monitor_status ON ssl_monitor(status, valid_to);

package/server/migrations/011_outreach.sql

@@ -0,0 +1,47 @@
+-- Outreach Agent — site analysis + email queue + suppression list
+-- Strict human-in-the-loop: drafts default to 'pending' and require admin approval.
+
+CREATE TABLE IF NOT EXISTS outreach_targets (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  site_url TEXT NOT NULL,
+  host TEXT NOT NULL,
+  contact_email TEXT,
+  detected_lang TEXT,
+  site_kind TEXT,
+  signals_json TEXT,
+  suggested_features_json TEXT,
+  draft_subject TEXT,
+  draft_body_html TEXT,
+  draft_body_text TEXT,
+  status TEXT NOT NULL DEFAULT 'pending',
+  -- pending | approved | sending | sent | failed | suppressed | skipped
+  unsubscribe_token TEXT,
+  error_message TEXT,
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+  sent_at TEXT
+);
+
+CREATE INDEX IF NOT EXISTS idx_outreach_status ON outreach_targets(status);
+CREATE INDEX IF NOT EXISTS idx_outreach_host ON outreach_targets(host);
+CREATE INDEX IF NOT EXISTS idx_outreach_email ON outreach_targets(contact_email);
+
+CREATE TABLE IF NOT EXISTS outreach_suppression (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  email_or_host TEXT NOT NULL UNIQUE,
+  reason TEXT,
+  created_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+
+CREATE TABLE IF NOT EXISTS outreach_log (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  target_id INTEGER,
+  event TEXT NOT NULL,
+  -- scanned | drafted | approved | sent | failed | bounced | unsubscribed | opened
+  details TEXT,
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  FOREIGN KEY (target_id) REFERENCES outreach_targets(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_outreach_log_target ON outreach_log(target_id);
+CREATE INDEX IF NOT EXISTS idx_outreach_log_event ON outreach_log(event);

package/server/migrations/012_shieldlink.sql

@@ -0,0 +1,116 @@
+-- Migration 012: WAB ShieldLink (Verified Links / Anti-Phishing for premium customers)
+--
+-- Tables:
+--   shieldlink_brands       — verified brand identities (one row per verified site)
+--   shieldlink_keys         — per-site Ed25519 signing keys (private key encrypted at rest)
+--   shieldlink_links        — issued signed links (sessions / payment / invoice)
+--   shieldlink_link_events  — open / scan / report events for issued links
+--   shieldlink_reports      — phishing reports submitted by anyone
+--   shieldlink_name_holds   — reserved/blocked brand display names
+
+CREATE TABLE IF NOT EXISTS shieldlink_brands (
+  id             INTEGER PRIMARY KEY AUTOINCREMENT,
+  site_id        TEXT NOT NULL,                                                 -- FK -> sites.id
+  domain         TEXT NOT NULL UNIQUE,
+  display_name   TEXT NOT NULL,
+  display_name_normalized TEXT NOT NULL,
+  category       TEXT,                                                          -- 'bank' | 'payments' | 'gov' | 'ecommerce' | 'other'
+  country        TEXT,
+  logo_url       TEXT,
+  status         TEXT NOT NULL DEFAULT 'pending' CHECK(status IN ('pending','verified','rejected','suspended')),
+  verified_badge INTEGER NOT NULL DEFAULT 0,
+  reputation     INTEGER NOT NULL DEFAULT 100,
+  notes          TEXT,
+  reviewed_by    TEXT,
+  reviewed_at    DATETIME,
+  created_at     DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updated_at     DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_shieldlink_brands_status ON shieldlink_brands(status);
+CREATE INDEX IF NOT EXISTS idx_shieldlink_brands_normalized ON shieldlink_brands(display_name_normalized);
+
+CREATE TABLE IF NOT EXISTS shieldlink_keys (
+  id              INTEGER PRIMARY KEY AUTOINCREMENT,
+  brand_id        INTEGER NOT NULL REFERENCES shieldlink_brands(id) ON DELETE CASCADE,
+  public_key      TEXT NOT NULL,                                                 -- base64 raw 32-byte
+  private_key_enc TEXT NOT NULL,                                                 -- base64(AES-256-GCM(priv))
+  fingerprint     TEXT NOT NULL,
+  active          INTEGER NOT NULL DEFAULT 1,
+  created_at      DATETIME DEFAULT CURRENT_TIMESTAMP,
+  rotated_at      DATETIME
+);
+CREATE INDEX IF NOT EXISTS idx_shieldlink_keys_brand ON shieldlink_keys(brand_id, active);
+
+CREATE TABLE IF NOT EXISTS shieldlink_links (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  token         TEXT NOT NULL UNIQUE,                                           -- short opaque public id
+  brand_id      INTEGER NOT NULL REFERENCES shieldlink_brands(id) ON DELETE CASCADE,
+  site_id       TEXT NOT NULL,
+  target_url    TEXT NOT NULL,                                                  -- the actual URL we redirect to after preview
+  purpose       TEXT NOT NULL CHECK(purpose IN ('payment','invoice','login','generic')),
+  amount_cents  INTEGER,
+  currency      TEXT,
+  payee_name    TEXT,
+  reference     TEXT,                                                           -- merchant invoice/session id
+  signature     TEXT NOT NULL,                                                  -- base64 ed25519 signature over canonical payload
+  key_id        TEXT NOT NULL,                                                  -- fingerprint of the signing key
+  payload_json  TEXT NOT NULL,                                                  -- canonical signed payload, for verifier to re-check
+  status        TEXT NOT NULL DEFAULT 'active' CHECK(status IN ('active','revoked','expired')),
+  expires_at    DATETIME NOT NULL,
+  created_by    TEXT,                                                           -- user_id who issued
+  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP,
+  revoked_at    DATETIME,
+  revoke_reason TEXT
+);
+CREATE INDEX IF NOT EXISTS idx_shieldlink_links_brand ON shieldlink_links(brand_id, created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_shieldlink_links_status ON shieldlink_links(status, expires_at);
+
+CREATE TABLE IF NOT EXISTS shieldlink_link_events (
+  id          INTEGER PRIMARY KEY AUTOINCREMENT,
+  link_id     INTEGER NOT NULL REFERENCES shieldlink_links(id) ON DELETE CASCADE,
+  event       TEXT NOT NULL CHECK(event IN ('open','confirm','cancel','flag','verify_fail')),
+  ip          TEXT,
+  user_agent  TEXT,
+  ref         TEXT,
+  created_at  DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_shieldlink_link_events_link ON shieldlink_link_events(link_id, created_at DESC);
+
+CREATE TABLE IF NOT EXISTS shieldlink_reports (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  link_id       INTEGER REFERENCES shieldlink_links(id) ON DELETE SET NULL,
+  url           TEXT NOT NULL,
+  reason        TEXT,
+  reporter_ip   TEXT,
+  reporter_id   TEXT,
+  status        TEXT NOT NULL DEFAULT 'open' CHECK(status IN ('open','reviewing','resolved','rejected')),
+  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP,
+  resolved_at   DATETIME
+);
+CREATE INDEX IF NOT EXISTS idx_shieldlink_reports_status ON shieldlink_reports(status, created_at DESC);
+
+CREATE TABLE IF NOT EXISTS shieldlink_name_holds (
+  id            INTEGER PRIMARY KEY AUTOINCREMENT,
+  pattern       TEXT NOT NULL,                                                  -- normalized name or regex
+  pattern_kind  TEXT NOT NULL DEFAULT 'literal' CHECK(pattern_kind IN ('literal','regex')),
+  reason        TEXT,
+  created_by    TEXT,
+  created_at    DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+CREATE UNIQUE INDEX IF NOT EXISTS uq_shieldlink_name_holds ON shieldlink_name_holds(pattern, pattern_kind);
+
+-- Seed common impersonation targets (Saudi banks + payment networks).
+-- Brands themselves can register and claim these names by proving DNS ownership.
+INSERT OR IGNORE INTO shieldlink_name_holds (pattern, pattern_kind, reason)
+VALUES
+  ('stcpay', 'literal', 'High-value impersonation target'),
+  ('stc-pay', 'literal', 'High-value impersonation target'),
+  ('alrajhi', 'literal', 'High-value impersonation target'),
+  ('alrajhibank', 'literal', 'High-value impersonation target'),
+  ('snb', 'literal', 'High-value impersonation target'),
+  ('riyadbank', 'literal', 'High-value impersonation target'),
+  ('mada', 'literal', 'High-value impersonation target'),
+  ('sarie', 'literal', 'High-value impersonation target'),
+  ('paypal', 'literal', 'High-value impersonation target'),
+  ('visa', 'literal', 'High-value impersonation target'),
+  ('mastercard', 'literal', 'High-value impersonation target');

package/server/migrations/013_ct_monitor.sql

@@ -0,0 +1,13 @@
+-- Migration 013: Certificate Transparency Monitor
+-- Adds CT-log tracking columns to ssl_monitor so the WAB Trust Layer
+-- can detect new certificates issued (and re-sign wab.json) automatically.
+-- cert_history.source already exists from 010_extended_trust.sql; the
+-- 'ct_log' value is added implicitly (column has no CHECK constraint).
+
+ALTER TABLE ssl_monitor ADD COLUMN ct_monitor_enabled INTEGER NOT NULL DEFAULT 1;
+ALTER TABLE ssl_monitor ADD COLUMN ct_last_checked    TEXT;
+ALTER TABLE ssl_monitor ADD COLUMN ct_pending_resign  INTEGER NOT NULL DEFAULT 0;
+ALTER TABLE ssl_monitor ADD COLUMN ct_last_thumbprint TEXT;
+
+CREATE INDEX IF NOT EXISTS idx_ssl_monitor_ct_pending
+  ON ssl_monitor(ct_pending_resign, ct_last_checked);