npm - web-agent-bridge - Versions diffs - 3.4.0 → 3.9.0 - Mend

web-agent-bridge 3.4.0 → 3.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (315) hide show

package/LICENSE +84 -84
package/README.ar.md +1565 -1304
package/README.md +171 -298
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -237
package/bin/wab-init.js +244 -223
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -83
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -121
package/examples/cpanel-wab-dns.js +114 -114
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -166
package/examples/gcp-dns-wab.js +76 -76
package/examples/governance-agent.js +169 -169
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -103
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -144
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -96
package/examples/self-discovery.js +106 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -74
package/examples/wab-verify.js +60 -60
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +93 -93
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -8
package/public/.well-known/wab.json +28 -28
package/public/activate.html +448 -368
package/public/adopt.html +236 -0
package/public/adoption-metrics.html +188 -188
package/public/agent-workspace.html +359 -349
package/public/ai.html +198 -198
package/public/api.html +397 -413
package/public/atp.html +171 -0
package/public/azure-dns-integration.html +289 -289
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -380
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -398
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1401 -1263
package/public/dashboard-shieldlink.html +295 -0
package/public/dashboard.html +711 -707
package/public/dns.html +436 -436
package/public/docs.html +588 -588
package/public/enterprise-mesh.ar.html +80 -0
package/public/enterprise-mesh.html +81 -0
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -318
package/public/governance.ar.html +70 -0
package/public/governance.html +69 -0
package/public/growth.html +465 -465
package/public/index.html +1372 -1266
package/public/integrations.html +556 -556
package/public/js/activate.js +449 -145
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +117 -65
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -438
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/l-preview.html +242 -0
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/milestones.html +346 -0
package/public/one-click.html +779 -0
package/public/openapi.json +669 -669
package/public/partners.ar.html +145 -0
package/public/partners.html +143 -0
package/public/phone-shield.html +281 -281
package/public/plesk-integration.html +375 -375
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -172
package/public/provider-sandbox.html +134 -134
package/public/providers.html +359 -359
package/public/refusals.html +172 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -141
package/public/ring4.html +292 -0
package/public/robots.txt +99 -99
package/public/route53-integration.html +531 -531
package/public/score.html +263 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -8
package/public/shieldlink.html +244 -0
package/public/shieldqr.html +231 -231
package/public/sitemap.xml +13 -1
package/public/terms.html +256 -256
package/public/trust-graph-api.ar.html +92 -0
package/public/trust-graph-api.html +91 -0
package/public/wab-features.html +560 -0
package/public/wab-trust.html +200 -200
package/public/wab-truth.html +375 -0
package/public/wab-vs-protocols.html +210 -210
package/public/whitepaper.html +449 -449
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/atp.js +103 -0
package/sdk/auto-discovery.js +301 -288
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -262
package/sdk/index.d.ts +464 -464
package/sdk/index.js +653 -649
package/sdk/multi-agent.js +318 -318
package/sdk/safe-mode.js +221 -221
package/sdk/safety-shield.js +219 -219
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +412 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +793 -670
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/api-tier.js +170 -0
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -157
package/server/middleware/wab-trust.js +141 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/006_growth_suite.sql +138 -0
package/server/migrations/007_governance.sql +106 -106
package/server/migrations/008_plans.sql +144 -144
package/server/migrations/009_shieldqr.sql +30 -30
package/server/migrations/010_extended_trust.sql +33 -33
package/server/migrations/011_outreach.sql +47 -0
package/server/migrations/012_shieldlink.sql +116 -0
package/server/migrations/013_ct_monitor.sql +13 -0
package/server/migrations/014_wab_advanced_features.sql +128 -0
package/server/migrations/015_wab_truth_layer.sql +101 -0
package/server/migrations/016_ring4_external_trust.sql +84 -0
package/server/migrations/017_ring4_extensions.sql +69 -0
package/server/migrations/018_commercial_foundations.sql +167 -0
package/server/migrations/019_unify_tier_constraints.sql +133 -0
package/server/migrations/020_agent_transaction_primitive.sql +119 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -740
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/activate.js +478 -0
package/server/routes/admin-outreach.js +239 -0
package/server/routes/admin-plans.js +76 -76
package/server/routes/admin-premium.js +674 -673
package/server/routes/admin-shieldlink.js +137 -0
package/server/routes/admin-shieldqr.js +90 -90
package/server/routes/admin-trust-monitor.js +139 -83
package/server/routes/admin.js +550 -549
package/server/routes/adopt.js +61 -0
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api-keys.js +127 -0
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -57
package/server/routes/commander.js +316 -316
package/server/routes/customer-shieldlink.js +133 -0
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -154
package/server/routes/diagnose.js +373 -0
package/server/routes/discovery.js +2348 -2348
package/server/routes/enterprise-mesh.js +170 -0
package/server/routes/gateway.js +173 -173
package/server/routes/governance-saas.js +203 -0
package/server/routes/governance.js +208 -208
package/server/routes/growth.js +1048 -0
package/server/routes/intent.js +328 -0
package/server/routes/license.js +251 -251
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/partners.js +201 -0
package/server/routes/plans.js +33 -33
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -650
package/server/routes/reputation.js +411 -0
package/server/routes/ring4.js +885 -0
package/server/routes/runtime.js +2148 -2148
package/server/routes/shieldlink.js +70 -0
package/server/routes/shieldqr.js +88 -88
package/server/routes/sovereign.js +465 -465
package/server/routes/transactions.js +233 -0
package/server/routes/truth-layer.js +670 -0
package/server/routes/universal.js +200 -200
package/server/routes/unsubscribe.js +51 -0
package/server/routes/wab-api.js +850 -850
package/server/routes/wab-cache.js +282 -0
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/secrets/wab-signing-key.pem +3 -0
package/server/secrets/wab-signing-pub.pem +3 -0
package/server/security/cross-site-redactor.js +196 -196
package/server/security/dry-run.js +180 -180
package/server/security/human-gate-rate-limit.js +147 -147
package/server/security/human-gate-transports.js +178 -178
package/server/security/human-gate.js +281 -281
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -245
package/server/security/reward-guard.js +171 -171
package/server/security/rollback-store.js +239 -239
package/server/security/token-scope.js +404 -404
package/server/security/url-policy.js +139 -139
package/server/services/adoption-agent.js +182 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -601
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -555
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -292
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -233
package/server/services/fairness-engine.js +409 -0
package/server/services/fairness.js +420 -0
package/server/services/governance.js +466 -466
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/outreach-agent.js +312 -0
package/server/services/plans.js +214 -214
package/server/services/plugins.js +771 -771
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -740
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldlink.js +492 -0
package/server/services/shieldqr.js +322 -322
package/server/services/sovereign-shield.js +542 -542
package/server/services/ssl-ct-monitor.js +224 -0
package/server/services/ssl-inspector.js +42 -42
package/server/services/ssl-monitor.js +167 -167
package/server/services/stripe.js +206 -205
package/server/services/swarm.js +788 -788
package/server/services/transactions.js +525 -0
package/server/services/universal-scraper.js +662 -662
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -178
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -228
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/templates/ring4/banking-sovereign.yaml +55 -0
package/templates/ring4/ecommerce-sovereign.yaml +58 -0
package/templates/ring4/healthcare-sovereign.yaml +60 -0

package/server/migrations/019_unify_tier_constraints.sql ADDED Viewed

@@ -0,0 +1,133 @@
+-- ─────────────────────────────────────────────────────────────────────
+-- Migration 019: Unify tier CHECK constraints with canonical plans table
+--
+-- Background:
+--   plans table (008_plans.sql) seeds: free / pro / business / enterprise
+--   Legacy CHECK constraints accepted:  free / starter / pro / enterprise
+--   ⇒ Cannot purchase the canonical 'business' tier because the row would
+--     violate the CHECK constraint on sites.tier, subscriptions.tier,
+--     stripe_subscriptions.tier, free_grants.granted_tier and
+--     workspace_subscriptions.plan.
+--
+-- This migration accepts BOTH 'starter' (legacy / kept for back-compat
+-- with any existing rows or external scripts) AND 'business' (canonical
+-- new tier name).
+--
+-- SQLite-recommended pattern: create new table, copy rows, drop old,
+-- rename new, recreate indexes. defer_foreign_keys lets us do it inside
+-- a single transaction.
+-- ─────────────────────────────────────────────────────────────────────
+PRAGMA defer_foreign_keys = ON;
+-- ── 1) sites ─────────────────────────────────────────────────────────
+CREATE TABLE sites_new (
+  id TEXT PRIMARY KEY,
+  user_id TEXT NOT NULL,
+  domain TEXT NOT NULL,
+  name TEXT NOT NULL,
+  description TEXT,
+  tier TEXT DEFAULT 'free' CHECK(tier IN ('free','starter','pro','business','enterprise')),
+  license_key TEXT UNIQUE NOT NULL,
+  api_key TEXT UNIQUE,
+  config TEXT DEFAULT '{}',
+  active INTEGER DEFAULT 1,
+  created_at TEXT DEFAULT (datetime('now')),
+  updated_at TEXT DEFAULT (datetime('now')),
+  FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+INSERT INTO sites_new SELECT * FROM sites;
+DROP TABLE sites;
+ALTER TABLE sites_new RENAME TO sites;
+CREATE INDEX IF NOT EXISTS idx_sites_domain  ON sites(domain);
+CREATE INDEX IF NOT EXISTS idx_sites_license ON sites(license_key);
+-- ── 2) subscriptions ────────────────────────────────────────────────
+CREATE TABLE subscriptions_new (
+  id TEXT PRIMARY KEY,
+  user_id TEXT NOT NULL,
+  site_id TEXT NOT NULL,
+  tier TEXT NOT NULL CHECK(tier IN ('free','starter','pro','business','enterprise')),
+  status TEXT DEFAULT 'active' CHECK(status IN ('active','cancelled','expired','trial')),
+  started_at TEXT DEFAULT (datetime('now')),
+  expires_at TEXT,
+  FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
+  FOREIGN KEY (site_id) REFERENCES sites(id) ON DELETE CASCADE
+);
+INSERT INTO subscriptions_new SELECT * FROM subscriptions;
+DROP TABLE subscriptions;
+ALTER TABLE subscriptions_new RENAME TO subscriptions;
+-- ── 3) free_grants ──────────────────────────────────────────────────
+CREATE TABLE free_grants_new (
+  id TEXT PRIMARY KEY,
+  user_id TEXT NOT NULL,
+  site_id TEXT,
+  granted_tier TEXT NOT NULL CHECK(granted_tier IN ('starter','pro','business','enterprise')),
+  reason TEXT,
+  granted_by TEXT NOT NULL,
+  granted_at TEXT DEFAULT (datetime('now')),
+  expires_at TEXT,
+  active INTEGER DEFAULT 1,
+  FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
+  FOREIGN KEY (granted_by) REFERENCES admins(id)
+);
+INSERT INTO free_grants_new SELECT * FROM free_grants;
+DROP TABLE free_grants;
+ALTER TABLE free_grants_new RENAME TO free_grants;
+-- ── 4) stripe_subscriptions ─────────────────────────────────────────
+CREATE TABLE stripe_subscriptions_new (
+  id TEXT PRIMARY KEY,
+  user_id TEXT NOT NULL,
+  site_id TEXT NOT NULL,
+  stripe_subscription_id TEXT UNIQUE,
+  stripe_price_id TEXT,
+  tier TEXT NOT NULL CHECK(tier IN ('starter','pro','business','enterprise')),
+  status TEXT DEFAULT 'active' CHECK(status IN ('active','cancelled','past_due','trialing','incomplete')),
+  current_period_start TEXT,
+  current_period_end TEXT,
+  created_at TEXT DEFAULT (datetime('now')),
+  FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
+  FOREIGN KEY (site_id) REFERENCES sites(id) ON DELETE CASCADE
+);
+INSERT INTO stripe_subscriptions_new SELECT * FROM stripe_subscriptions;
+DROP TABLE stripe_subscriptions;
+ALTER TABLE stripe_subscriptions_new RENAME TO stripe_subscriptions;
+-- ── 5) workspace_subscriptions (agent-workspace.js dynamic table) ────
+-- Created on first import of routes/agent-workspace.js. May not exist
+-- in fresh installs that have not loaded that route yet; guard with
+-- a defensive recreate.
+CREATE TABLE IF NOT EXISTS workspace_subscriptions (
+  id TEXT PRIMARY KEY,
+  user_id TEXT NOT NULL,
+  plan TEXT NOT NULL DEFAULT 'free',
+  status TEXT NOT NULL DEFAULT 'active',
+  tasks_today INTEGER DEFAULT 0,
+  tasks_total INTEGER DEFAULT 0,
+  deals_completed INTEGER DEFAULT 0,
+  total_savings REAL DEFAULT 0,
+  last_task_date TEXT,
+  created_at TEXT DEFAULT (datetime('now')),
+  expires_at TEXT,
+  FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+CREATE TABLE workspace_subscriptions_new (
+  id TEXT PRIMARY KEY,
+  user_id TEXT NOT NULL,
+  plan TEXT NOT NULL DEFAULT 'free' CHECK(plan IN ('free','starter','pro','business','enterprise')),
+  status TEXT NOT NULL DEFAULT 'active' CHECK(status IN ('active','cancelled','expired','suspended')),
+  tasks_today INTEGER DEFAULT 0,
+  tasks_total INTEGER DEFAULT 0,
+  deals_completed INTEGER DEFAULT 0,
+  total_savings REAL DEFAULT 0,
+  last_task_date TEXT,
+  created_at TEXT DEFAULT (datetime('now')),
+  expires_at TEXT,
+  FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+INSERT INTO workspace_subscriptions_new SELECT * FROM workspace_subscriptions;
+DROP TABLE workspace_subscriptions;
+ALTER TABLE workspace_subscriptions_new RENAME TO workspace_subscriptions;

package/server/migrations/020_agent_transaction_primitive.sql ADDED Viewed

@@ -0,0 +1,119 @@
+-- ─────────────────────────────────────────────────────────────────────────────
+-- Migration 020 — Agent Transaction Primitive (ATP) — v3.9.0
+--
+-- Promotes WAB from "discover + execute" to "trust + transaction" by
+-- introducing intents, transactions, steps and signed receipts as
+-- first-class primitives.
+--
+--   * atp_intents       — signed human → agent authorization contracts
+--   * atp_transactions  — executions performed under an intent
+--   * atp_steps         — per-step ledger inside a transaction (retry/comp)
+--   * atp_receipts      — cryptographically signed proofs of outcome
+--   * atp_nonces        — single-use nonces to prevent replay
+--
+-- All state machines enforced by CHECK constraints so the DB itself
+-- refuses illegal transitions.
+-- ─────────────────────────────────────────────────────────────────────────────
+-- ── 1) Intents (the human → agent contract) ──────────────────────────────────
+CREATE TABLE IF NOT EXISTS atp_intents (
+  id              TEXT PRIMARY KEY,                     -- atp_int_<ulid>
+  user_id         TEXT NOT NULL,                        -- principal (the human)
+  site_id         TEXT,                                 -- optional binding
+  agent_id        TEXT,                                 -- optional binding (the delegate)
+  purpose         TEXT NOT NULL,                        -- short human-readable purpose
+  scope           TEXT NOT NULL,                        -- JSON: { actions:[], domains:[], constraints:{} }
+  spend_cap_cents INTEGER NOT NULL DEFAULT 0,           -- 0 = no cap (must be explicit)
+  spend_currency  TEXT NOT NULL DEFAULT 'EUR',
+  spent_cents     INTEGER NOT NULL DEFAULT 0,           -- running total against the cap
+  max_executions  INTEGER NOT NULL DEFAULT 1,           -- how many transactions allowed
+  used_executions INTEGER NOT NULL DEFAULT 0,
+  expires_at      TEXT NOT NULL,                        -- ISO-8601, hard cutoff
+  nonce           TEXT NOT NULL UNIQUE,                 -- prevents replay across intents
+  status          TEXT NOT NULL DEFAULT 'draft'
+                  CHECK (status IN ('draft','authorized','consumed','revoked','expired')),
+  authorized_at   TEXT,
+  authorized_by   TEXT,                                 -- user_id of the approver
+  user_signature  TEXT,                                 -- base64 Ed25519 sig of canonical body
+  revoked_at      TEXT,
+  revoked_reason  TEXT,
+  metadata        TEXT NOT NULL DEFAULT '{}',           -- JSON
+  created_at      TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at      TEXT NOT NULL DEFAULT (datetime('now')),
+  FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_atp_intents_user   ON atp_intents(user_id, created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_atp_intents_status ON atp_intents(status, expires_at);
+CREATE INDEX IF NOT EXISTS idx_atp_intents_site   ON atp_intents(site_id);
+-- ── 2) Transactions (executions under an intent) ─────────────────────────────
+CREATE TABLE IF NOT EXISTS atp_transactions (
+  id               TEXT PRIMARY KEY,                    -- atp_tx_<ulid>
+  intent_id        TEXT NOT NULL,
+  site_id          TEXT,
+  agent_id         TEXT,
+  idempotency_key  TEXT NOT NULL,                       -- caller-supplied, unique per intent
+  status           TEXT NOT NULL DEFAULT 'pending'
+                   CHECK (status IN ('pending','executing','executed','settled','failed','compensated')),
+  amount_cents     INTEGER NOT NULL DEFAULT 0,          -- net effect against intent.spend_cap
+  currency         TEXT NOT NULL DEFAULT 'EUR',
+  summary          TEXT,                                -- one-line outcome summary
+  error            TEXT,                                -- failure reason if status='failed'
+  started_at       TEXT,
+  completed_at     TEXT,
+  settled_at       TEXT,
+  compensated_at   TEXT,
+  metadata         TEXT NOT NULL DEFAULT '{}',
+  created_at       TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at       TEXT NOT NULL DEFAULT (datetime('now')),
+  FOREIGN KEY (intent_id) REFERENCES atp_intents(id) ON DELETE CASCADE,
+  UNIQUE (intent_id, idempotency_key)                   -- the core safety guarantee
+);
+CREATE INDEX IF NOT EXISTS idx_atp_tx_intent ON atp_transactions(intent_id, created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_atp_tx_status ON atp_transactions(status, created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_atp_tx_site   ON atp_transactions(site_id, created_at DESC);
+-- ── 3) Steps (granular ledger for retry / compensation) ──────────────────────
+CREATE TABLE IF NOT EXISTS atp_steps (
+  id              INTEGER PRIMARY KEY AUTOINCREMENT,
+  transaction_id  TEXT NOT NULL,
+  seq             INTEGER NOT NULL,                     -- step order, 1..N
+  action          TEXT NOT NULL,                        -- WAB action name (e.g. "checkout.confirm")
+  state           TEXT NOT NULL DEFAULT 'pending'
+                  CHECK (state IN ('pending','running','succeeded','failed','skipped','compensated')),
+  before_snapshot TEXT,                                 -- JSON: site state before step (optional)
+  after_snapshot  TEXT,                                 -- JSON: site state after step
+  evidence        TEXT,                                 -- JSON: arbitrary proof (DOM hash, http trace, …)
+  compensation    TEXT,                                 -- JSON: rollback action descriptor
+  attempts        INTEGER NOT NULL DEFAULT 0,
+  last_error      TEXT,
+  started_at      TEXT,
+  ended_at        TEXT,
+  created_at      TEXT NOT NULL DEFAULT (datetime('now')),
+  FOREIGN KEY (transaction_id) REFERENCES atp_transactions(id) ON DELETE CASCADE,
+  UNIQUE (transaction_id, seq)
+);
+CREATE INDEX IF NOT EXISTS idx_atp_steps_tx ON atp_steps(transaction_id, seq);
+-- ── 4) Receipts (signed proofs of outcome) ───────────────────────────────────
+CREATE TABLE IF NOT EXISTS atp_receipts (
+  id              TEXT PRIMARY KEY,                     -- atp_rcpt_<ulid>
+  transaction_id  TEXT NOT NULL UNIQUE,
+  site_id         TEXT,                                 -- the signing party (if any)
+  algorithm       TEXT NOT NULL DEFAULT 'ed25519',
+  key_id          TEXT,                                 -- fingerprint of signing key
+  canonical_body  TEXT NOT NULL,                        -- the canonicalized JSON that was signed
+  signature       TEXT NOT NULL,                        -- base64 Ed25519 signature
+  public_key      TEXT,                                 -- embedded pub key for offline verification
+  issued_at       TEXT NOT NULL DEFAULT (datetime('now')),
+  FOREIGN KEY (transaction_id) REFERENCES atp_transactions(id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_atp_receipts_site ON atp_receipts(site_id, issued_at DESC);
+-- ── 5) Nonces (single-use, replay protection) ────────────────────────────────
+CREATE TABLE IF NOT EXISTS atp_nonces (
+  nonce       TEXT PRIMARY KEY,
+  user_id     TEXT NOT NULL,
+  consumed_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+CREATE INDEX IF NOT EXISTS idx_atp_nonces_user ON atp_nonces(user_id, consumed_at DESC);

package/server/models/adapters/index.js CHANGED Viewed

@@ -1,33 +1,33 @@
-/**
- * Database Adapter Interface
- *
- * WAB supports multiple database backends via adapters.
- * Set DB_ADAPTER environment variable to choose: sqlite (default), postgresql, mysql
- *
- * For PostgreSQL:
- *   npm install pg
- *   DB_ADAPTER=postgresql DATABASE_URL=postgres://user:pass@host:5432/wab
- *
- * For MySQL:
- *   npm install mysql2
- *   DB_ADAPTER=mysql DATABASE_URL=mysql://user:pass@host:3306/wab
- */
-const adapter = process.env.DB_ADAPTER || 'sqlite';
-let db;
-switch (adapter) {
-  case 'postgresql':
-  case 'postgres':
-    db = require('./postgresql');
-    break;
-  case 'mysql':
-    db = require('./mysql');
-    break;
-  case 'sqlite':
-  default:
-    db = require('./sqlite');
-    break;
-}
-module.exports = db;
+/**
+ * Database Adapter Interface
+ *
+ * WAB supports multiple database backends via adapters.
+ * Set DB_ADAPTER environment variable to choose: sqlite (default), postgresql, mysql
+ *
+ * For PostgreSQL:
+ *   npm install pg
+ *   DB_ADAPTER=postgresql DATABASE_URL=postgres://user:pass@host:5432/wab
+ *
+ * For MySQL:
+ *   npm install mysql2
+ *   DB_ADAPTER=mysql DATABASE_URL=mysql://user:pass@host:3306/wab
+ */
+const adapter = process.env.DB_ADAPTER || 'sqlite';
+let db;
+switch (adapter) {
+  case 'postgresql':
+  case 'postgres':
+    db = require('./postgresql');
+    break;
+  case 'mysql':
+    db = require('./mysql');
+    break;
+  case 'sqlite':
+  default:
+    db = require('./sqlite');
+    break;
+}
+module.exports = db;