web-agent-bridge 3.4.0 → 3.9.0

package/examples/route53-wab-dns.js

@@ -1,144 +1,144 @@
-#!/usr/bin/env node
-/**
- * route53-wab-dns.js
- * -------------------
- * CLI tool: enable or disable WAB DNS Discovery TXT record on AWS Route 53.
- *
- * Usage:
- *   AWS_ACCESS_KEY_ID=… AWS_SECRET_ACCESS_KEY=… \
- *     node route53-wab-dns.js enable  example.com [HOSTED_ZONE_ID]
- *
- *   AWS_ACCESS_KEY_ID=… AWS_SECRET_ACCESS_KEY=… \
- *     node route53-wab-dns.js disable example.com [HOSTED_ZONE_ID]
- *
- *   node route53-wab-dns.js status example.com
- *
- * Optional env vars:
- *   AWS_REGION          (default: us-east-1)
- *   WAB_BASE_URL        (default: https://www.webagentbridge.com)
- *   WAB_ENDPOINT        (override the wab.json URL in the TXT record)
- *
- * Required: @aws-sdk/client-route-53
- *   npm install @aws-sdk/client-route-53
- */
-
-'use strict';
-
-const {
-  Route53Client,
-  ChangeResourceRecordSetsCommand,
-  ListHostedZonesByNameCommand,
-  ListResourceRecordSetsCommand,
-} = require('@aws-sdk/client-route-53');
-
-const fetch = (() => {
-  try { return require('node-fetch'); }
-  catch { return globalThis.fetch; }
-})();
-
-const [,, action, domain, zoneIdArg] = process.argv;
-
-const REGION   = process.env.AWS_REGION    || 'us-east-1';
-const WAB_BASE = process.env.WAB_BASE_URL  || 'https://www.webagentbridge.com';
-const ENDPOINT = process.env.WAB_ENDPOINT  || `https://${domain}/.well-known/wab.json`;
-
-if (!action || !domain) {
-  console.error('Usage: node route53-wab-dns.js <enable|disable|status> <domain> [zone-id]');
-  process.exit(1);
-}
-if (!['enable','disable','status'].includes(action)) {
-  console.error('Action must be: enable | disable | status');
-  process.exit(1);
-}
-if (action !== 'status' && (!process.env.AWS_ACCESS_KEY_ID || !process.env.AWS_SECRET_ACCESS_KEY)) {
-  console.error('Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env variables');
-  process.exit(1);
-}
-
-const client = new Route53Client({ region: REGION });
-
-async function getRecordTemplate() {
-  const url = `${WAB_BASE}/api/discovery/provider/record-template?domain=${encodeURIComponent(domain)}&endpoint=${encodeURIComponent(ENDPOINT)}`;
-  const j   = await (await fetch(url)).json();
-  if (!j.record || !j.record.value) throw new Error('Could not fetch WAB record template');
-  // Route 53 requires double-quoted TXT value
-  const v = j.record.value;
-  return v.startsWith('"') ? v : `"${v}"`;
-}
-
-async function resolveZoneId() {
-  if (zoneIdArg) return zoneIdArg;
-  console.log(`[R53] Resolving hosted zone for ${domain}…`);
-  const r = await client.send(new ListHostedZonesByNameCommand({ DNSName: domain, MaxItems: '1' }));
-  const zone = (r.HostedZones || []).find(z => z.Name === `${domain}.`);
-  if (!zone) throw new Error(`No hosted zone found for "${domain}"`);
-  return zone.Id.replace('/hostedzone/', '');
-}
-
-async function getCurrentRecord(zoneId) {
-  const r = await client.send(new ListResourceRecordSetsCommand({
-    HostedZoneId: zoneId,
-    StartRecordName: `_wab.${domain}`,
-    StartRecordType: 'TXT',
-    MaxItems: '1',
-  }));
-  return (r.ResourceRecordSets || []).find(
-    rr => rr.Name === `_wab.${domain}.` && rr.Type === 'TXT'
-  ) || null;
-}
-
-async function main() {
-  console.log(`[WAB] Action: ${action} | Domain: ${domain}`);
-
-  if (action === 'status') {
-    const j = await (await fetch(`${WAB_BASE}/api/discovery/provider/status?domain=${encodeURIComponent(domain)}`)).json();
-    console.log(`[WAB] Status: ${j.status}`);
-    console.log(JSON.stringify(j, null, 2));
-    return;
-  }
-
-  const zoneId  = await resolveZoneId();
-  console.log(`[R53] Zone ID: ${zoneId}`);
-
-  if (action === 'enable') {
-    const txtVal = await getRecordTemplate();
-    console.log(`[WAB] TXT value: ${txtVal}`);
-
-    await client.send(new ChangeResourceRecordSetsCommand({
-      HostedZoneId: zoneId,
-      ChangeBatch: {
-        Comment: 'WAB DNS Discovery enable',
-        Changes: [{
-          Action: 'UPSERT',
-          ResourceRecordSet: {
-            Name: `_wab.${domain}`,
-            Type: 'TXT',
-            TTL:  3600,
-            ResourceRecords: [{ Value: txtVal }],
-          },
-        }],
-      },
-    }));
-    console.log('[R53] UPSERT applied');
-    console.log('[WAB] WAB Discovery ENABLED. Propagation may take up to 60 s.');
-  }
-
-  if (action === 'disable') {
-    const existing = await getCurrentRecord(zoneId);
-    if (!existing) {
-      console.log('[R53] No _wab TXT record found — already disabled.');
-      return;
-    }
-    await client.send(new ChangeResourceRecordSetsCommand({
-      HostedZoneId: zoneId,
-      ChangeBatch: {
-        Comment: 'WAB DNS Discovery disable',
-        Changes: [{ Action: 'DELETE', ResourceRecordSet: existing }],
-      },
-    }));
-    console.log('[R53] Record deleted');
-    console.log('[WAB] WAB Discovery DISABLED.');
-  }
-}
-
-main().catch(err => { console.error('[ERROR]', err.message); process.exit(1); });
+#!/usr/bin/env node
+/**
+ * route53-wab-dns.js
+ * -------------------
+ * CLI tool: enable or disable WAB DNS Discovery TXT record on AWS Route 53.
+ *
+ * Usage:
+ *   AWS_ACCESS_KEY_ID=… AWS_SECRET_ACCESS_KEY=… \
+ *     node route53-wab-dns.js enable  example.com [HOSTED_ZONE_ID]
+ *
+ *   AWS_ACCESS_KEY_ID=… AWS_SECRET_ACCESS_KEY=… \
+ *     node route53-wab-dns.js disable example.com [HOSTED_ZONE_ID]
+ *
+ *   node route53-wab-dns.js status example.com
+ *
+ * Optional env vars:
+ *   AWS_REGION          (default: us-east-1)
+ *   WAB_BASE_URL        (default: https://www.webagentbridge.com)
+ *   WAB_ENDPOINT        (override the wab.json URL in the TXT record)
+ *
+ * Required: @aws-sdk/client-route-53
+ *   npm install @aws-sdk/client-route-53
+ */
+
+'use strict';
+
+const {
+  Route53Client,
+  ChangeResourceRecordSetsCommand,
+  ListHostedZonesByNameCommand,
+  ListResourceRecordSetsCommand,
+} = require('@aws-sdk/client-route-53');
+
+const fetch = (() => {
+  try { return require('node-fetch'); }
+  catch { return globalThis.fetch; }
+})();
+
+const [,, action, domain, zoneIdArg] = process.argv;
+
+const REGION   = process.env.AWS_REGION    || 'us-east-1';
+const WAB_BASE = process.env.WAB_BASE_URL  || 'https://www.webagentbridge.com';
+const ENDPOINT = process.env.WAB_ENDPOINT  || `https://${domain}/.well-known/wab.json`;
+
+if (!action || !domain) {
+  console.error('Usage: node route53-wab-dns.js <enable|disable|status> <domain> [zone-id]');
+  process.exit(1);
+}
+if (!['enable','disable','status'].includes(action)) {
+  console.error('Action must be: enable | disable | status');
+  process.exit(1);
+}
+if (action !== 'status' && (!process.env.AWS_ACCESS_KEY_ID || !process.env.AWS_SECRET_ACCESS_KEY)) {
+  console.error('Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env variables');
+  process.exit(1);
+}
+
+const client = new Route53Client({ region: REGION });
+
+async function getRecordTemplate() {
+  const url = `${WAB_BASE}/api/discovery/provider/record-template?domain=${encodeURIComponent(domain)}&endpoint=${encodeURIComponent(ENDPOINT)}`;
+  const j   = await (await fetch(url)).json();
+  if (!j.record || !j.record.value) throw new Error('Could not fetch WAB record template');
+  // Route 53 requires double-quoted TXT value
+  const v = j.record.value;
+  return v.startsWith('"') ? v : `"${v}"`;
+}
+
+async function resolveZoneId() {
+  if (zoneIdArg) return zoneIdArg;
+  console.log(`[R53] Resolving hosted zone for ${domain}…`);
+  const r = await client.send(new ListHostedZonesByNameCommand({ DNSName: domain, MaxItems: '1' }));
+  const zone = (r.HostedZones || []).find(z => z.Name === `${domain}.`);
+  if (!zone) throw new Error(`No hosted zone found for "${domain}"`);
+  return zone.Id.replace('/hostedzone/', '');
+}
+
+async function getCurrentRecord(zoneId) {
+  const r = await client.send(new ListResourceRecordSetsCommand({
+    HostedZoneId: zoneId,
+    StartRecordName: `_wab.${domain}`,
+    StartRecordType: 'TXT',
+    MaxItems: '1',
+  }));
+  return (r.ResourceRecordSets || []).find(
+    rr => rr.Name === `_wab.${domain}.` && rr.Type === 'TXT'
+  ) || null;
+}
+
+async function main() {
+  console.log(`[WAB] Action: ${action} | Domain: ${domain}`);
+
+  if (action === 'status') {
+    const j = await (await fetch(`${WAB_BASE}/api/discovery/provider/status?domain=${encodeURIComponent(domain)}`)).json();
+    console.log(`[WAB] Status: ${j.status}`);
+    console.log(JSON.stringify(j, null, 2));
+    return;
+  }
+
+  const zoneId  = await resolveZoneId();
+  console.log(`[R53] Zone ID: ${zoneId}`);
+
+  if (action === 'enable') {
+    const txtVal = await getRecordTemplate();
+    console.log(`[WAB] TXT value: ${txtVal}`);
+
+    await client.send(new ChangeResourceRecordSetsCommand({
+      HostedZoneId: zoneId,
+      ChangeBatch: {
+        Comment: 'WAB DNS Discovery enable',
+        Changes: [{
+          Action: 'UPSERT',
+          ResourceRecordSet: {
+            Name: `_wab.${domain}`,
+            Type: 'TXT',
+            TTL:  3600,
+            ResourceRecords: [{ Value: txtVal }],
+          },
+        }],
+      },
+    }));
+    console.log('[R53] UPSERT applied');
+    console.log('[WAB] WAB Discovery ENABLED. Propagation may take up to 60 s.');
+  }
+
+  if (action === 'disable') {
+    const existing = await getCurrentRecord(zoneId);
+    if (!existing) {
+      console.log('[R53] No _wab TXT record found — already disabled.');
+      return;
+    }
+    await client.send(new ChangeResourceRecordSetsCommand({
+      HostedZoneId: zoneId,
+      ChangeBatch: {
+        Comment: 'WAB DNS Discovery disable',
+        Changes: [{ Action: 'DELETE', ResourceRecordSet: existing }],
+      },
+    }));
+    console.log('[R53] Record deleted');
+    console.log('[WAB] WAB Discovery DISABLED.');
+  }
+}
+
+main().catch(err => { console.error('[ERROR]', err.message); process.exit(1); });

package/examples/saas-dashboard/README.md

@@ -1,55 +1,55 @@
-# SaaS Dashboard Example (Notion-style)
-
-A practical setup for internal dashboards where agents read KPIs and trigger safe workflows.
-
-## Embed
-
-```html
-<script src="https://webagentbridge.com/script/wab.min.js"></script>
-<script>
-window.WAB.init({
-  name: 'Acme SaaS Dashboard',
-  actions: {
-    getKpiCards: {
-      description: 'Return KPI card values from dashboard widgets',
-      run: function () {
-        var cards = Array.from(document.querySelectorAll('[data-kpi-card]')).map(function (card) {
-          return {
-            key: card.getAttribute('data-kpi-card'),
-            label: (card.querySelector('[data-kpi-label]') || {}).textContent || null,
-            value: (card.querySelector('[data-kpi-value]') || {}).textContent || null
-          };
-        });
-        return { success: true, cards: cards };
-      }
-    },
-    openCustomerById: {
-      description: 'Open customer panel using data-customer-id selector',
-      params: [{ name: 'customerId', type: 'string', required: true }],
-      run: function (params) {
-        var id = String(params.customerId || '').trim();
-        if (!id) return { success: false, error: 'customerId is required' };
-        var row = document.querySelector('[data-customer-id="' + CSS.escape(id) + '"]');
-        if (!row) return { success: false, error: 'Customer not found' };
-        row.click();
-        return { success: true, customerId: id };
-      }
-    },
-    triggerInvoiceReminder: {
-      description: 'Trigger existing invoice reminder button from dashboard row',
-      params: [{ name: 'invoiceId', type: 'string', required: true }],
-      run: function (params) {
-        var id = String(params.invoiceId || '').trim();
-        if (!id) return { success: false, error: 'invoiceId is required' };
-        var btn = document.querySelector('[data-invoice-id="' + CSS.escape(id) + '"] [data-action="send-reminder"]');
-        if (!btn) return { success: false, error: 'Reminder action not found for invoice' };
-        btn.click();
-        return { success: true, invoiceId: id };
-      }
-    }
-  }
-});
-</script>
-```
-
-The selectors use data attributes so actions stay stable across UI redesigns.
+# SaaS Dashboard Example (Notion-style)
+
+A practical setup for internal dashboards where agents read KPIs and trigger safe workflows.
+
+## Embed
+
+```html
+<script src="https://webagentbridge.com/script/wab.min.js"></script>
+<script>
+window.WAB.init({
+  name: 'Acme SaaS Dashboard',
+  actions: {
+    getKpiCards: {
+      description: 'Return KPI card values from dashboard widgets',
+      run: function () {
+        var cards = Array.from(document.querySelectorAll('[data-kpi-card]')).map(function (card) {
+          return {
+            key: card.getAttribute('data-kpi-card'),
+            label: (card.querySelector('[data-kpi-label]') || {}).textContent || null,
+            value: (card.querySelector('[data-kpi-value]') || {}).textContent || null
+          };
+        });
+        return { success: true, cards: cards };
+      }
+    },
+    openCustomerById: {
+      description: 'Open customer panel using data-customer-id selector',
+      params: [{ name: 'customerId', type: 'string', required: true }],
+      run: function (params) {
+        var id = String(params.customerId || '').trim();
+        if (!id) return { success: false, error: 'customerId is required' };
+        var row = document.querySelector('[data-customer-id="' + CSS.escape(id) + '"]');
+        if (!row) return { success: false, error: 'Customer not found' };
+        row.click();
+        return { success: true, customerId: id };
+      }
+    },
+    triggerInvoiceReminder: {
+      description: 'Trigger existing invoice reminder button from dashboard row',
+      params: [{ name: 'invoiceId', type: 'string', required: true }],
+      run: function (params) {
+        var id = String(params.invoiceId || '').trim();
+        if (!id) return { success: false, error: 'invoiceId is required' };
+        var btn = document.querySelector('[data-invoice-id="' + CSS.escape(id) + '"] [data-action="send-reminder"]');
+        if (!btn) return { success: false, error: 'Reminder action not found for invoice' };
+        btn.click();
+        return { success: true, invoiceId: id };
+      }
+    }
+  }
+});
+</script>
+```
+
+The selectors use data attributes so actions stay stable across UI redesigns.

package/examples/safe-mode-agent.js

@@ -1,96 +1,96 @@
-/**
- * Demo3 — Safe Mode Agent
- *
- * Shows the difference between a domain that has WAB enabled (full trust,
- * full execute) and one that doesn't (read-only / blocked).
- *
- *   node examples/safe-mode-agent.js wab-site.com untrusted-site.com
- *
- * Or pass --policy=strict|standard|permissive to change the gate.
- */
-
-'use strict';
-
-const { WABSafeMode } = require('../sdk');
-
-const args = process.argv.slice(2);
-const flags = {};
-const domains = [];
-for (const a of args) {
-  if (a.startsWith('--')) {
-    const [k, v] = a.replace(/^--/, '').split('=');
-    flags[k] = v ?? true;
-  } else domains.push(a);
-}
-if (domains.length === 0) {
-  console.error('Usage: node examples/safe-mode-agent.js <domain1> [<domain2> ...] [--policy=standard]');
-  console.error('       [--api=https://your-wab.example.com]');
-  process.exit(2);
-}
-
-const safe = new WABSafeMode({
-  apiBase: flags.api || process.env.WAB_API_BASE || 'https://webagentbridge.com',
-  policy:  flags.policy || 'standard',
-});
-
-const COLOR = {
-  reset: '\x1b[0m', dim: '\x1b[2m', bold: '\x1b[1m',
-  green: '\x1b[32m', yellow: '\x1b[33m', red: '\x1b[31m', cyan: '\x1b[36m',
-};
-function color(c, s) { return process.stdout.isTTY ? `${COLOR[c]}${s}${COLOR.reset}` : s; }
-function levelColor(l) { return l >= 3 ? 'green' : l === 2 ? 'cyan' : l === 1 ? 'yellow' : 'red'; }
-
-async function checkOne(d) {
-  const t0 = Date.now();
-  const v = await safe.evaluate(d, { live: !!flags.live });
-  const elapsed = Date.now() - t0;
-
-  console.log('');
-  console.log(color('bold', `── ${v.domain} ──────────────────────────────`));
-  console.log(`Level    : ${color(levelColor(v.level), `L${v.level}`)} (${v.score_label} ${v.score})`);
-  console.log(`Verdict  : ${color(v.verdict === 'allow' ? 'green' : v.verdict === 'restrict' ? 'yellow' : 'red', v.verdict.toUpperCase())}`);
-  console.log(`Execute  : ${v.allow_execute ? color('green', '✓ allowed') : color('red', '✗ blocked')}`);
-  console.log(`Read     : ${v.allow_read    ? color('green', '✓ allowed') : color('red', '✗ blocked')}`);
-  console.log(`Reason   : ${v.reason}`);
-  if (v.reasons && v.reasons.length) {
-    for (const r of v.reasons) {
-      const sev = r.severity === 'deny' ? 'red' : r.severity === 'restrict' ? 'yellow' : 'dim';
-      console.log(color('dim', '         · ') + color(sev, `[${r.severity}] ${r.code}`) + ' ' + (r.message || ''));
-    }
-  }
-  console.log(color('dim', `         (policy=${v.policy}, ${elapsed}ms)`));
-
-  // Simulate the agent acting under Safe Mode
-  try {
-    if (v.allow_execute) {
-      await safe.guardExecute(v.domain, async () => {
-        console.log(color('green', `         → Agent: executing full action on ${v.domain}`));
-      });
-    } else if (v.allow_read) {
-      await safe.guardRead(v.domain, async () => {
-        console.log(color('yellow', `         → Agent: read-only mode on ${v.domain}`));
-      });
-    } else {
-      console.log(color('red', `         → Agent: refusing to interact with ${v.domain}`));
-    }
-  } catch (err) {
-    console.log(color('red', `         → ${err.message}`));
-  }
-}
-
-(async () => {
-  console.log(color('bold', `WAB Safe Mode demo — policy=${safe.policy} api=${safe.apiBase}`));
-  for (const d of domains) {
-    try { await checkOne(d); } catch (e) { console.error(`Error checking ${d}: ${e.message}`); }
-  }
-  console.log('');
-
-  // Pick the most trusted target if multiple were given
-  if (domains.length > 1) {
-    const best = await safe.pickBest(domains);
-    if (best) {
-      console.log(color('bold', `Recommended target: `) + color(levelColor(best.level), best.domain) +
-        color('dim', ` (L${best.level}, score ${best.score})`));
-    }
-  }
-})();
+/**
+ * Demo3 — Safe Mode Agent
+ *
+ * Shows the difference between a domain that has WAB enabled (full trust,
+ * full execute) and one that doesn't (read-only / blocked).
+ *
+ *   node examples/safe-mode-agent.js wab-site.com untrusted-site.com
+ *
+ * Or pass --policy=strict|standard|permissive to change the gate.
+ */
+
+'use strict';
+
+const { WABSafeMode } = require('../sdk');
+
+const args = process.argv.slice(2);
+const flags = {};
+const domains = [];
+for (const a of args) {
+  if (a.startsWith('--')) {
+    const [k, v] = a.replace(/^--/, '').split('=');
+    flags[k] = v ?? true;
+  } else domains.push(a);
+}
+if (domains.length === 0) {
+  console.error('Usage: node examples/safe-mode-agent.js <domain1> [<domain2> ...] [--policy=standard]');
+  console.error('       [--api=https://your-wab.example.com]');
+  process.exit(2);
+}
+
+const safe = new WABSafeMode({
+  apiBase: flags.api || process.env.WAB_API_BASE || 'https://webagentbridge.com',
+  policy:  flags.policy || 'standard',
+});
+
+const COLOR = {
+  reset: '\x1b[0m', dim: '\x1b[2m', bold: '\x1b[1m',
+  green: '\x1b[32m', yellow: '\x1b[33m', red: '\x1b[31m', cyan: '\x1b[36m',
+};
+function color(c, s) { return process.stdout.isTTY ? `${COLOR[c]}${s}${COLOR.reset}` : s; }
+function levelColor(l) { return l >= 3 ? 'green' : l === 2 ? 'cyan' : l === 1 ? 'yellow' : 'red'; }
+
+async function checkOne(d) {
+  const t0 = Date.now();
+  const v = await safe.evaluate(d, { live: !!flags.live });
+  const elapsed = Date.now() - t0;
+
+  console.log('');
+  console.log(color('bold', `── ${v.domain} ──────────────────────────────`));
+  console.log(`Level    : ${color(levelColor(v.level), `L${v.level}`)} (${v.score_label} ${v.score})`);
+  console.log(`Verdict  : ${color(v.verdict === 'allow' ? 'green' : v.verdict === 'restrict' ? 'yellow' : 'red', v.verdict.toUpperCase())}`);
+  console.log(`Execute  : ${v.allow_execute ? color('green', '✓ allowed') : color('red', '✗ blocked')}`);
+  console.log(`Read     : ${v.allow_read    ? color('green', '✓ allowed') : color('red', '✗ blocked')}`);
+  console.log(`Reason   : ${v.reason}`);
+  if (v.reasons && v.reasons.length) {
+    for (const r of v.reasons) {
+      const sev = r.severity === 'deny' ? 'red' : r.severity === 'restrict' ? 'yellow' : 'dim';
+      console.log(color('dim', '         · ') + color(sev, `[${r.severity}] ${r.code}`) + ' ' + (r.message || ''));
+    }
+  }
+  console.log(color('dim', `         (policy=${v.policy}, ${elapsed}ms)`));
+
+  // Simulate the agent acting under Safe Mode
+  try {
+    if (v.allow_execute) {
+      await safe.guardExecute(v.domain, async () => {
+        console.log(color('green', `         → Agent: executing full action on ${v.domain}`));
+      });
+    } else if (v.allow_read) {
+      await safe.guardRead(v.domain, async () => {
+        console.log(color('yellow', `         → Agent: read-only mode on ${v.domain}`));
+      });
+    } else {
+      console.log(color('red', `         → Agent: refusing to interact with ${v.domain}`));
+    }
+  } catch (err) {
+    console.log(color('red', `         → ${err.message}`));
+  }
+}
+
+(async () => {
+  console.log(color('bold', `WAB Safe Mode demo — policy=${safe.policy} api=${safe.apiBase}`));
+  for (const d of domains) {
+    try { await checkOne(d); } catch (e) { console.error(`Error checking ${d}: ${e.message}`); }
+  }
+  console.log('');
+
+  // Pick the most trusted target if multiple were given
+  if (domains.length > 1) {
+    const best = await safe.pickBest(domains);
+    if (best) {
+      console.log(color('bold', `Recommended target: `) + color(levelColor(best.level), best.domain) +
+        color('dim', ` (L${best.level}, score ${best.score})`));
+    }
+  }
+})();