web-agent-bridge 3.4.0 → 3.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +84 -84
- package/README.ar.md +1565 -1304
- package/README.md +171 -298
- package/bin/agent-runner.js +474 -474
- package/bin/cli.js +237 -237
- package/bin/wab-init.js +244 -223
- package/bin/wab.js +80 -80
- package/examples/azure-dns-wab.js +83 -83
- package/examples/bidi-agent.js +119 -119
- package/examples/cloudflare-wab-dns.js +121 -121
- package/examples/cpanel-wab-dns.js +114 -114
- package/examples/cross-site-agent.js +91 -91
- package/examples/dns-discovery-agent.js +166 -166
- package/examples/gcp-dns-wab.js +76 -76
- package/examples/governance-agent.js +169 -169
- package/examples/mcp-agent.js +94 -94
- package/examples/next-app-router/README.md +44 -44
- package/examples/plesk-wab-dns.js +103 -103
- package/examples/puppeteer-agent.js +108 -108
- package/examples/route53-wab-dns.js +144 -144
- package/examples/saas-dashboard/README.md +55 -55
- package/examples/safe-mode-agent.js +96 -96
- package/examples/self-discovery.js +106 -0
- package/examples/shopify-hydrogen/README.md +74 -74
- package/examples/vision-agent.js +171 -171
- package/examples/wab-sign.js +74 -74
- package/examples/wab-verify.js +60 -60
- package/examples/wordpress-elementor/README.md +77 -77
- package/package.json +93 -93
- package/public/.well-known/agent-tools.json +180 -180
- package/public/.well-known/ai-assets.json +59 -59
- package/public/.well-known/security.txt +8 -8
- package/public/.well-known/wab.json +28 -28
- package/public/activate.html +448 -368
- package/public/adopt.html +236 -0
- package/public/adoption-metrics.html +188 -188
- package/public/agent-workspace.html +359 -349
- package/public/ai.html +198 -198
- package/public/api.html +397 -413
- package/public/atp.html +171 -0
- package/public/azure-dns-integration.html +289 -289
- package/public/browser.html +486 -486
- package/public/cloudflare-integration.html +380 -380
- package/public/commander-dashboard.html +243 -243
- package/public/cookies.html +210 -210
- package/public/cpanel-integration.html +398 -398
- package/public/css/agent-workspace.css +1713 -1713
- package/public/css/premium.css +317 -317
- package/public/css/styles.css +1401 -1263
- package/public/dashboard-shieldlink.html +295 -0
- package/public/dashboard.html +711 -707
- package/public/dns.html +436 -436
- package/public/docs.html +588 -588
- package/public/enterprise-mesh.ar.html +80 -0
- package/public/enterprise-mesh.html +81 -0
- package/public/feed.xml +89 -89
- package/public/gcp-dns-integration.html +318 -318
- package/public/governance.ar.html +70 -0
- package/public/governance.html +69 -0
- package/public/growth.html +465 -465
- package/public/index.html +1372 -1266
- package/public/integrations.html +556 -556
- package/public/js/activate.js +449 -145
- package/public/js/agent-workspace.js +1740 -1740
- package/public/js/auth-nav.js +117 -65
- package/public/js/auth-redirect.js +12 -12
- package/public/js/cookie-consent.js +56 -56
- package/public/js/dns.js +438 -438
- package/public/js/wab-demo-page.js +721 -721
- package/public/js/ws-client.js +74 -74
- package/public/l-preview.html +242 -0
- package/public/llms-full.txt +360 -360
- package/public/llms.txt +125 -125
- package/public/login.html +85 -85
- package/public/mesh-dashboard.html +328 -328
- package/public/milestones.html +346 -0
- package/public/one-click.html +779 -0
- package/public/openapi.json +669 -669
- package/public/partners.ar.html +145 -0
- package/public/partners.html +143 -0
- package/public/phone-shield.html +281 -281
- package/public/plesk-integration.html +375 -375
- package/public/premium-dashboard.html +2489 -2489
- package/public/premium.html +793 -793
- package/public/privacy.html +297 -297
- package/public/provider-onboarding.html +172 -172
- package/public/provider-sandbox.html +134 -134
- package/public/providers.html +359 -359
- package/public/refusals.html +172 -0
- package/public/register.html +105 -105
- package/public/registrar-integrations.html +141 -141
- package/public/ring4.html +292 -0
- package/public/robots.txt +99 -99
- package/public/route53-integration.html +531 -531
- package/public/score.html +263 -0
- package/public/script/wab-consent.d.ts +36 -36
- package/public/script/wab-consent.js +104 -104
- package/public/script/wab-schema.js +131 -131
- package/public/script/wab.d.ts +108 -108
- package/public/script/wab.min.js +580 -580
- package/public/security.txt +8 -8
- package/public/shieldlink.html +244 -0
- package/public/shieldqr.html +231 -231
- package/public/sitemap.xml +13 -1
- package/public/terms.html +256 -256
- package/public/trust-graph-api.ar.html +92 -0
- package/public/trust-graph-api.html +91 -0
- package/public/wab-features.html +560 -0
- package/public/wab-trust.html +200 -200
- package/public/wab-truth.html +375 -0
- package/public/wab-vs-protocols.html +210 -210
- package/public/whitepaper.html +449 -449
- package/script/ai-agent-bridge.js +1754 -1754
- package/sdk/README.md +99 -99
- package/sdk/agent-mesh.js +449 -449
- package/sdk/atp.js +103 -0
- package/sdk/auto-discovery.js +301 -288
- package/sdk/commander.js +262 -262
- package/sdk/governance.js +262 -262
- package/sdk/index.d.ts +464 -464
- package/sdk/index.js +653 -649
- package/sdk/multi-agent.js +318 -318
- package/sdk/safe-mode.js +221 -221
- package/sdk/safety-shield.js +219 -219
- package/sdk/schema-discovery.js +83 -83
- package/server/adapters/index.js +520 -520
- package/server/config/plans.js +412 -367
- package/server/config/secrets.js +102 -102
- package/server/control-plane/index.js +301 -301
- package/server/data-plane/index.js +354 -354
- package/server/index.js +793 -670
- package/server/llm/index.js +404 -404
- package/server/middleware/adminAuth.js +35 -35
- package/server/middleware/api-tier.js +170 -0
- package/server/middleware/auth.js +50 -50
- package/server/middleware/featureGate.js +88 -88
- package/server/middleware/rateLimits.js +100 -100
- package/server/middleware/sensitiveAction.js +157 -157
- package/server/middleware/wab-trust.js +141 -0
- package/server/migrations/001_add_analytics_indexes.sql +7 -7
- package/server/migrations/002_premium_features.sql +418 -418
- package/server/migrations/003_ads_integer_cents.sql +33 -33
- package/server/migrations/004_agent_os.sql +158 -158
- package/server/migrations/005_marketplace_metering.sql +126 -126
- package/server/migrations/006_growth_suite.sql +138 -0
- package/server/migrations/007_governance.sql +106 -106
- package/server/migrations/008_plans.sql +144 -144
- package/server/migrations/009_shieldqr.sql +30 -30
- package/server/migrations/010_extended_trust.sql +33 -33
- package/server/migrations/011_outreach.sql +47 -0
- package/server/migrations/012_shieldlink.sql +116 -0
- package/server/migrations/013_ct_monitor.sql +13 -0
- package/server/migrations/014_wab_advanced_features.sql +128 -0
- package/server/migrations/015_wab_truth_layer.sql +101 -0
- package/server/migrations/016_ring4_external_trust.sql +84 -0
- package/server/migrations/017_ring4_extensions.sql +69 -0
- package/server/migrations/018_commercial_foundations.sql +167 -0
- package/server/migrations/019_unify_tier_constraints.sql +133 -0
- package/server/migrations/020_agent_transaction_primitive.sql +119 -0
- package/server/models/adapters/index.js +33 -33
- package/server/models/adapters/mysql.js +183 -183
- package/server/models/adapters/postgresql.js +172 -172
- package/server/models/adapters/sqlite.js +7 -7
- package/server/models/db.js +740 -740
- package/server/observability/failure-analysis.js +337 -337
- package/server/observability/index.js +394 -394
- package/server/protocol/capabilities.js +223 -223
- package/server/protocol/index.js +243 -243
- package/server/protocol/schema.js +584 -584
- package/server/registry/certification.js +271 -271
- package/server/registry/index.js +326 -326
- package/server/routes/activate.js +478 -0
- package/server/routes/admin-outreach.js +239 -0
- package/server/routes/admin-plans.js +76 -76
- package/server/routes/admin-premium.js +674 -673
- package/server/routes/admin-shieldlink.js +137 -0
- package/server/routes/admin-shieldqr.js +90 -90
- package/server/routes/admin-trust-monitor.js +139 -83
- package/server/routes/admin.js +550 -549
- package/server/routes/adopt.js +61 -0
- package/server/routes/ads.js +130 -130
- package/server/routes/agent-workspace.js +540 -540
- package/server/routes/api-keys.js +127 -0
- package/server/routes/api.js +150 -150
- package/server/routes/auth.js +71 -71
- package/server/routes/billing.js +57 -57
- package/server/routes/commander.js +316 -316
- package/server/routes/customer-shieldlink.js +133 -0
- package/server/routes/demo-showcase.js +332 -332
- package/server/routes/demo-store.js +154 -154
- package/server/routes/diagnose.js +373 -0
- package/server/routes/discovery.js +2348 -2348
- package/server/routes/enterprise-mesh.js +170 -0
- package/server/routes/gateway.js +173 -173
- package/server/routes/governance-saas.js +203 -0
- package/server/routes/governance.js +208 -208
- package/server/routes/growth.js +1048 -0
- package/server/routes/intent.js +328 -0
- package/server/routes/license.js +251 -251
- package/server/routes/mesh.js +469 -469
- package/server/routes/noscript.js +543 -543
- package/server/routes/partners.js +201 -0
- package/server/routes/plans.js +33 -33
- package/server/routes/premium-v2.js +686 -686
- package/server/routes/premium.js +724 -724
- package/server/routes/providers.js +650 -650
- package/server/routes/reputation.js +411 -0
- package/server/routes/ring4.js +885 -0
- package/server/routes/runtime.js +2148 -2148
- package/server/routes/shieldlink.js +70 -0
- package/server/routes/shieldqr.js +88 -88
- package/server/routes/sovereign.js +465 -465
- package/server/routes/transactions.js +233 -0
- package/server/routes/truth-layer.js +670 -0
- package/server/routes/universal.js +200 -200
- package/server/routes/unsubscribe.js +51 -0
- package/server/routes/wab-api.js +850 -850
- package/server/routes/wab-cache.js +282 -0
- package/server/runtime/container-worker.js +111 -111
- package/server/runtime/container.js +448 -448
- package/server/runtime/distributed-worker.js +362 -362
- package/server/runtime/event-bus.js +210 -210
- package/server/runtime/index.js +253 -253
- package/server/runtime/queue.js +599 -599
- package/server/runtime/replay.js +666 -666
- package/server/runtime/sandbox.js +266 -266
- package/server/runtime/scheduler.js +534 -534
- package/server/runtime/session-engine.js +293 -293
- package/server/runtime/state-manager.js +188 -188
- package/server/secrets/wab-signing-key.pem +3 -0
- package/server/secrets/wab-signing-pub.pem +3 -0
- package/server/security/cross-site-redactor.js +196 -196
- package/server/security/dry-run.js +180 -180
- package/server/security/human-gate-rate-limit.js +147 -147
- package/server/security/human-gate-transports.js +178 -178
- package/server/security/human-gate.js +281 -281
- package/server/security/index.js +368 -368
- package/server/security/intent-engine.js +245 -245
- package/server/security/reward-guard.js +171 -171
- package/server/security/rollback-store.js +239 -239
- package/server/security/token-scope.js +404 -404
- package/server/security/url-policy.js +139 -139
- package/server/services/adoption-agent.js +182 -0
- package/server/services/agent-chat.js +506 -506
- package/server/services/agent-learning.js +601 -601
- package/server/services/agent-memory.js +625 -625
- package/server/services/agent-mesh.js +555 -555
- package/server/services/agent-symphony.js +717 -717
- package/server/services/agent-tasks.js +1807 -1807
- package/server/services/api-key-engine.js +292 -292
- package/server/services/cluster.js +894 -894
- package/server/services/commander.js +738 -738
- package/server/services/edge-compute.js +440 -440
- package/server/services/email.js +233 -233
- package/server/services/fairness-engine.js +409 -0
- package/server/services/fairness.js +420 -0
- package/server/services/governance.js +466 -466
- package/server/services/hosted-runtime.js +205 -205
- package/server/services/lfd.js +635 -635
- package/server/services/local-ai.js +389 -389
- package/server/services/marketplace.js +270 -270
- package/server/services/metering.js +182 -182
- package/server/services/modules/affiliate-intelligence.js +93 -93
- package/server/services/modules/agent-firewall.js +90 -90
- package/server/services/modules/bounty.js +89 -89
- package/server/services/modules/collective-bargaining.js +92 -92
- package/server/services/modules/dark-pattern.js +66 -66
- package/server/services/modules/gov-intelligence.js +45 -45
- package/server/services/modules/neural.js +55 -55
- package/server/services/modules/notary.js +49 -49
- package/server/services/modules/price-time-machine.js +86 -86
- package/server/services/modules/protocol.js +104 -104
- package/server/services/negotiation.js +439 -439
- package/server/services/outreach-agent.js +312 -0
- package/server/services/plans.js +214 -214
- package/server/services/plugins.js +771 -771
- package/server/services/price-intelligence.js +566 -566
- package/server/services/price-shield.js +1137 -1137
- package/server/services/provider-clients.js +740 -740
- package/server/services/reputation.js +465 -465
- package/server/services/search-engine.js +357 -357
- package/server/services/security.js +513 -513
- package/server/services/self-healing.js +843 -843
- package/server/services/shieldlink.js +492 -0
- package/server/services/shieldqr.js +322 -322
- package/server/services/sovereign-shield.js +542 -542
- package/server/services/ssl-ct-monitor.js +224 -0
- package/server/services/ssl-inspector.js +42 -42
- package/server/services/ssl-monitor.js +167 -167
- package/server/services/stripe.js +206 -205
- package/server/services/swarm.js +788 -788
- package/server/services/transactions.js +525 -0
- package/server/services/universal-scraper.js +662 -662
- package/server/services/verification.js +481 -481
- package/server/services/vision.js +1163 -1163
- package/server/services/wab-crypto.js +178 -178
- package/server/utils/cache.js +125 -125
- package/server/utils/migrate.js +81 -81
- package/server/utils/safe-fetch.js +228 -228
- package/server/utils/secureFields.js +50 -50
- package/server/ws.js +161 -161
- package/templates/artisan-marketplace.yaml +104 -104
- package/templates/book-price-scout.yaml +98 -98
- package/templates/electronics-price-tracker.yaml +108 -108
- package/templates/flight-deal-hunter.yaml +113 -113
- package/templates/freelancer-direct.yaml +116 -116
- package/templates/grocery-price-compare.yaml +93 -93
- package/templates/hotel-direct-booking.yaml +113 -113
- package/templates/local-services.yaml +98 -98
- package/templates/olive-oil-tunisia.yaml +88 -88
- package/templates/organic-farm-fresh.yaml +101 -101
- package/templates/restaurant-direct.yaml +97 -97
- package/templates/ring4/banking-sovereign.yaml +55 -0
- package/templates/ring4/ecommerce-sovereign.yaml +58 -0
- package/templates/ring4/healthcare-sovereign.yaml +60 -0
|
@@ -0,0 +1,170 @@
|
|
|
1
|
+
// ═══════════════════════════════════════════════════════════════════════════
|
|
2
|
+
// WAB Enterprise Mesh — license verification (open-source side)
|
|
3
|
+
//
|
|
4
|
+
// The issuance / signing service is operated separately and ships only to
|
|
5
|
+
// paying enterprise customers. This module performs *verification only*:
|
|
6
|
+
//
|
|
7
|
+
// POST /api/enterprise-mesh/verify — verify a signed Ed25519 license token
|
|
8
|
+
// GET /api/enterprise-mesh/jwks — public verification keys
|
|
9
|
+
// POST /api/enterprise-mesh/heartbeat — record a node heartbeat (telemetry)
|
|
10
|
+
// POST /api/enterprise-mesh/admin/register — admin records an issued license
|
|
11
|
+
// POST /api/enterprise-mesh/admin/revoke — admin marks a license revoked
|
|
12
|
+
//
|
|
13
|
+
// License format (compact, base64url chunks): payload.signature.kid
|
|
14
|
+
// payload = { lid, org, tier, seats, features, iat, exp }
|
|
15
|
+
// signature = Ed25519(payload, WAB_LICENSE_SIGN_SK) ← signing happens elsewhere
|
|
16
|
+
//
|
|
17
|
+
// Public keys come from WAB_LICENSE_PUBLIC_KEYS env (JSON map kid→PEM/raw-b64u).
|
|
18
|
+
// ═══════════════════════════════════════════════════════════════════════════
|
|
19
|
+
|
|
20
|
+
'use strict';
|
|
21
|
+
|
|
22
|
+
const express = require('express');
|
|
23
|
+
const crypto = require('crypto');
|
|
24
|
+
const { db } = require('../models/db');
|
|
25
|
+
|
|
26
|
+
const router = express.Router();
|
|
27
|
+
|
|
28
|
+
function adminGate(req, res, next) {
|
|
29
|
+
const expected = process.env.WAB_LICENSE_ADMIN_TOKEN || process.env.WAB_RING4_ADMIN_TOKEN;
|
|
30
|
+
if (!expected) return res.status(503).json({ error: 'admin_disabled' });
|
|
31
|
+
if ((req.headers['x-admin-token'] || '') !== expected) return res.status(401).json({ error: 'unauthorized' });
|
|
32
|
+
next();
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
function loadPublicKeys() {
|
|
36
|
+
const raw = process.env.WAB_LICENSE_PUBLIC_KEYS;
|
|
37
|
+
if (!raw) return {};
|
|
38
|
+
try { return JSON.parse(raw); } catch { return {}; }
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
function b64uDecode(s) { return Buffer.from(String(s).replace(/-/g,'+').replace(/_/g,'/'), 'base64'); }
|
|
42
|
+
|
|
43
|
+
function fingerprint(payloadStr) {
|
|
44
|
+
return crypto.createHash('sha256').update(payloadStr).digest('hex');
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
function verifyToken(token) {
|
|
48
|
+
if (typeof token !== 'string' || !token.includes('.')) return { ok: false, reason: 'malformed' };
|
|
49
|
+
const parts = token.split('.');
|
|
50
|
+
const [payloadB64, sigB64, kid] = parts;
|
|
51
|
+
if (!payloadB64 || !sigB64) return { ok: false, reason: 'malformed' };
|
|
52
|
+
const keys = loadPublicKeys();
|
|
53
|
+
let candidates;
|
|
54
|
+
if (kid && keys[kid]) candidates = [{ kid, pem: keys[kid] }];
|
|
55
|
+
else candidates = Object.entries(keys).map(([k,v]) => ({ kid: k, pem: v }));
|
|
56
|
+
if (candidates.length === 0) return { ok: false, reason: 'no_public_keys_configured' };
|
|
57
|
+
|
|
58
|
+
let payloadStr;
|
|
59
|
+
try { payloadStr = b64uDecode(payloadB64).toString('utf8'); }
|
|
60
|
+
catch { return { ok: false, reason: 'payload_decode_failed' }; }
|
|
61
|
+
let payload;
|
|
62
|
+
try { payload = JSON.parse(payloadStr); }
|
|
63
|
+
catch { return { ok: false, reason: 'payload_json_failed' }; }
|
|
64
|
+
const sig = b64uDecode(sigB64);
|
|
65
|
+
|
|
66
|
+
for (const c of candidates) {
|
|
67
|
+
try {
|
|
68
|
+
let pubKey;
|
|
69
|
+
const pem = c.pem;
|
|
70
|
+
if (typeof pem === 'string' && pem.startsWith('-----BEGIN')) {
|
|
71
|
+
pubKey = crypto.createPublicKey(pem);
|
|
72
|
+
} else {
|
|
73
|
+
const raw = b64uDecode(pem);
|
|
74
|
+
// SPKI prefix for Ed25519 (RFC 8410)
|
|
75
|
+
pubKey = crypto.createPublicKey({
|
|
76
|
+
key: Buffer.concat([Buffer.from('302a300506032b6570032100','hex'), raw]),
|
|
77
|
+
format: 'der', type: 'spki'
|
|
78
|
+
});
|
|
79
|
+
}
|
|
80
|
+
if (crypto.verify(null, Buffer.from(payloadStr, 'utf8'), pubKey, sig)) {
|
|
81
|
+
return { ok: true, payload, kid: c.kid, fingerprint: fingerprint(payloadStr) };
|
|
82
|
+
}
|
|
83
|
+
} catch { /* try next */ }
|
|
84
|
+
}
|
|
85
|
+
return { ok: false, reason: 'signature_invalid' };
|
|
86
|
+
}
|
|
87
|
+
|
|
88
|
+
// ─────────────────────────────────────────────────────────────────────────────
|
|
89
|
+
router.post('/verify', (req, res) => {
|
|
90
|
+
const token = (req.body || {}).token;
|
|
91
|
+
const v = verifyToken(token);
|
|
92
|
+
if (!v.ok) return res.status(400).json({ valid: false, reason: v.reason });
|
|
93
|
+
const p = v.payload;
|
|
94
|
+
const now = Math.floor(Date.now()/1000);
|
|
95
|
+
if (p.exp && now > p.exp) return res.json({ valid: false, reason: 'expired', exp: p.exp });
|
|
96
|
+
if (p.lid) {
|
|
97
|
+
const row = db.prepare(`SELECT status, revoked_reason FROM wab_licenses WHERE license_id = ?`).get(p.lid);
|
|
98
|
+
if (row && row.status === 'revoked') return res.json({ valid: false, reason: 'revoked', revoked_reason: row.revoked_reason });
|
|
99
|
+
}
|
|
100
|
+
res.json({
|
|
101
|
+
valid: true,
|
|
102
|
+
license_id: p.lid,
|
|
103
|
+
org: p.org,
|
|
104
|
+
tier: p.tier,
|
|
105
|
+
seats: p.seats,
|
|
106
|
+
features: p.features || [],
|
|
107
|
+
issued_at: p.iat,
|
|
108
|
+
expires_at: p.exp,
|
|
109
|
+
fingerprint: v.fingerprint,
|
|
110
|
+
kid: v.kid
|
|
111
|
+
});
|
|
112
|
+
});
|
|
113
|
+
|
|
114
|
+
router.get('/jwks', (req, res) => {
|
|
115
|
+
const keys = loadPublicKeys();
|
|
116
|
+
res.json({
|
|
117
|
+
keys: Object.entries(keys).map(([kid, val]) => ({
|
|
118
|
+
kid, kty: 'OKP', crv: 'Ed25519', use: 'sig',
|
|
119
|
+
x: typeof val === 'string' && val.startsWith('-----BEGIN') ? undefined : val,
|
|
120
|
+
pem: typeof val === 'string' && val.startsWith('-----BEGIN') ? val : undefined
|
|
121
|
+
}))
|
|
122
|
+
});
|
|
123
|
+
});
|
|
124
|
+
|
|
125
|
+
router.post('/heartbeat', (req, res) => {
|
|
126
|
+
const token = (req.body || {}).token;
|
|
127
|
+
const v = verifyToken(token);
|
|
128
|
+
if (!v.ok) return res.status(401).json({ ok: false, reason: v.reason });
|
|
129
|
+
const p = v.payload;
|
|
130
|
+
if (!p.lid) return res.status(400).json({ ok: false, reason: 'lid_missing' });
|
|
131
|
+
try {
|
|
132
|
+
db.prepare(`
|
|
133
|
+
INSERT INTO wab_licenses (license_id, fingerprint, tier, owner_org, contact_email, seats, features, issued_at, expires_at)
|
|
134
|
+
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
|
|
135
|
+
ON CONFLICT(license_id) DO NOTHING
|
|
136
|
+
`).run(p.lid, v.fingerprint, p.tier || 'enterprise', p.org || 'unknown', 'noc@local',
|
|
137
|
+
p.seats || 1, JSON.stringify(p.features || []),
|
|
138
|
+
new Date((p.iat||0)*1000).toISOString(), new Date((p.exp||0)*1000).toISOString());
|
|
139
|
+
} catch { /* ignore */ }
|
|
140
|
+
res.json({ ok: true, license_id: p.lid, at: new Date().toISOString() });
|
|
141
|
+
});
|
|
142
|
+
|
|
143
|
+
router.post('/admin/register', adminGate, (req, res) => {
|
|
144
|
+
const b = req.body || {};
|
|
145
|
+
if (!b.license_id || !b.owner_org || !b.contact_email || !b.issued_at || !b.expires_at) {
|
|
146
|
+
return res.status(400).json({ error: 'license_id + owner_org + contact_email + issued_at + expires_at required' });
|
|
147
|
+
}
|
|
148
|
+
try {
|
|
149
|
+
db.prepare(`
|
|
150
|
+
INSERT INTO wab_licenses (license_id, fingerprint, tier, owner_org, contact_email, seats, features, issued_at, expires_at)
|
|
151
|
+
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
|
|
152
|
+
`).run(b.license_id, b.fingerprint || 'unknown', String(b.tier || 'enterprise'),
|
|
153
|
+
b.owner_org, b.contact_email, parseInt(b.seats,10) || 1,
|
|
154
|
+
JSON.stringify(b.features || []), b.issued_at, b.expires_at);
|
|
155
|
+
} catch (e) {
|
|
156
|
+
if (String(e.message).includes('UNIQUE')) return res.status(409).json({ error: 'license_already_registered' });
|
|
157
|
+
return res.status(500).json({ error: 'register_failed', detail: e.message });
|
|
158
|
+
}
|
|
159
|
+
res.json({ ok: true, license_id: b.license_id });
|
|
160
|
+
});
|
|
161
|
+
|
|
162
|
+
router.post('/admin/revoke', adminGate, (req, res) => {
|
|
163
|
+
const { license_id, reason } = req.body || {};
|
|
164
|
+
if (!license_id) return res.status(400).json({ error: 'license_id required' });
|
|
165
|
+
const r = db.prepare(`UPDATE wab_licenses SET status='revoked', revoked_at=datetime('now'), revoked_reason=? WHERE license_id=?`).run(String(reason||'').slice(0,200), license_id);
|
|
166
|
+
if (r.changes === 0) return res.status(404).json({ error: 'license_not_found' });
|
|
167
|
+
res.json({ ok: true, license_id, status: 'revoked' });
|
|
168
|
+
});
|
|
169
|
+
|
|
170
|
+
module.exports = router;
|
package/server/routes/gateway.js
CHANGED
|
@@ -1,173 +1,173 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* WAB API Gateway Routes
|
|
3
|
-
* Single entry point: /api/v1/*
|
|
4
|
-
* All 10 advanced modules behind API key authentication.
|
|
5
|
-
*
|
|
6
|
-
* Powered by WAB — Web Agent Bridge
|
|
7
|
-
* https://www.webagentbridge.com
|
|
8
|
-
*/
|
|
9
|
-
|
|
10
|
-
'use strict';
|
|
11
|
-
|
|
12
|
-
const express = require('express');
|
|
13
|
-
const router = express.Router();
|
|
14
|
-
const { WABKeyEngine } = require('../services/api-key-engine');
|
|
15
|
-
|
|
16
|
-
const engine = new WABKeyEngine();
|
|
17
|
-
|
|
18
|
-
// ─── Module Registry ───────────────────────────────────────────────────────────
|
|
19
|
-
const MODULE_META = {
|
|
20
|
-
'firewall': { name: 'Agent Firewall', plan: 'PRO', file: '../services/modules/agent-firewall' },
|
|
21
|
-
'notary': { name: 'Cryptographic Notary', plan: 'BUSINESS', file: '../services/modules/notary' },
|
|
22
|
-
'dark-pattern': { name: 'Dark Pattern Detector', plan: 'FREE', file: '../services/modules/dark-pattern' },
|
|
23
|
-
'bargaining': { name: 'Collective Bargaining', plan: 'PRO', file: '../services/modules/collective-bargaining' },
|
|
24
|
-
'gov': { name: 'Gov Intelligence', plan: 'BUSINESS', file: '../services/modules/gov-intelligence' },
|
|
25
|
-
'price': { name: 'Price Time Machine', plan: 'FREE', file: '../services/modules/price-time-machine' },
|
|
26
|
-
'neural': { name: 'Neural Engine', plan: 'PRO', file: '../services/modules/neural' },
|
|
27
|
-
'protocol': { name: 'WAB Protocol', plan: 'FREE', file: '../services/modules/protocol' },
|
|
28
|
-
'bounty': { name: 'Bounty Network', plan: 'FREE', file: '../services/modules/bounty' },
|
|
29
|
-
'affiliate': { name: 'Affiliate Intelligence', plan: 'PRO', file: '../services/modules/affiliate-intelligence' },
|
|
30
|
-
};
|
|
31
|
-
|
|
32
|
-
// ─── Extract API Key ──────────────────────────────────────────────────────────
|
|
33
|
-
function extractKey(req) {
|
|
34
|
-
const auth = req.headers['authorization'] || '';
|
|
35
|
-
if (auth.startsWith('Bearer ')) return auth.slice(7).trim();
|
|
36
|
-
if (req.headers['x-wab-key']) return req.headers['x-wab-key'].trim();
|
|
37
|
-
return req.query.api_key || null;
|
|
38
|
-
}
|
|
39
|
-
|
|
40
|
-
// ─── Auth Middleware (with HTTP-method → scope mapping) ──────────────────────
|
|
41
|
-
function methodToScope(method) {
|
|
42
|
-
const m = (method || 'GET').toUpperCase();
|
|
43
|
-
if (m === 'GET' || m === 'HEAD' || m === 'OPTIONS') return 'read';
|
|
44
|
-
if (m === 'DELETE') return 'admin';
|
|
45
|
-
return 'write'; // POST/PUT/PATCH
|
|
46
|
-
}
|
|
47
|
-
|
|
48
|
-
function gatewayAuth(moduleName, requiredScope = null) {
|
|
49
|
-
return (req, res, next) => {
|
|
50
|
-
const apiKey = extractKey(req);
|
|
51
|
-
if (!apiKey) {
|
|
52
|
-
return res.status(401).json({
|
|
53
|
-
error: 'Authentication required', code: 'MISSING_KEY',
|
|
54
|
-
message: 'Include your API key: Authorization: Bearer wab_live_xxx',
|
|
55
|
-
get_key: 'https://www.webagentbridge.com/workspace',
|
|
56
|
-
});
|
|
57
|
-
}
|
|
58
|
-
const scope = requiredScope || methodToScope(req.method);
|
|
59
|
-
const validation = engine.validate(apiKey, moduleName, scope);
|
|
60
|
-
if (!validation.valid) {
|
|
61
|
-
const status = validation.code === 'INSUFFICIENT_PLAN' ? 403
|
|
62
|
-
: validation.code === 'INSUFFICIENT_SCOPE' ? 403
|
|
63
|
-
: validation.code === 'RATE_LIMIT_EXCEEDED' ? 429
|
|
64
|
-
: validation.code === 'QUOTA_EXCEEDED' ? 429
|
|
65
|
-
: 401;
|
|
66
|
-
return res.status(status).json(validation);
|
|
67
|
-
}
|
|
68
|
-
if (validation.rotation && validation.rotation.warning) {
|
|
69
|
-
res.setHeader('X-WAB-Key-Rotation-Due', validation.rotation.rotation_due_at);
|
|
70
|
-
res.setHeader('X-WAB-Key-Rotation-Days', String(validation.rotation.days_until_due));
|
|
71
|
-
}
|
|
72
|
-
req.wabAuth = validation;
|
|
73
|
-
next();
|
|
74
|
-
};
|
|
75
|
-
}
|
|
76
|
-
|
|
77
|
-
// ─── WAB response wrapper ────────────────────────────────────────────────────
|
|
78
|
-
function wabWrap(req, res, next) {
|
|
79
|
-
const originalJson = res.json.bind(res);
|
|
80
|
-
res.json = (data) => {
|
|
81
|
-
const enriched = { ...data, _wab: {
|
|
82
|
-
gateway: 'api.webagentbridge.com', module: req._wabModuleName || 'unknown',
|
|
83
|
-
plan: req.wabAuth ? req.wabAuth.plan_name : 'unknown',
|
|
84
|
-
usage: req.wabAuth ? req.wabAuth.usage : null,
|
|
85
|
-
timestamp: new Date().toISOString(), powered_by: 'WAB — Web Agent Bridge',
|
|
86
|
-
}};
|
|
87
|
-
return originalJson(enriched);
|
|
88
|
-
};
|
|
89
|
-
next();
|
|
90
|
-
}
|
|
91
|
-
|
|
92
|
-
// ─── Public routes (no auth) ──────────────────────────────────────────────────
|
|
93
|
-
router.get('/health', (req, res) => {
|
|
94
|
-
res.json({ status: 'operational', service: 'WAB API Gateway', version: '1.0.0',
|
|
95
|
-
timestamp: new Date().toISOString(), modules: Object.keys(MODULE_META).length,
|
|
96
|
-
docs: 'https://www.webagentbridge.com/api' });
|
|
97
|
-
});
|
|
98
|
-
|
|
99
|
-
router.get('/plans', (req, res) => {
|
|
100
|
-
res.json({ plans: engine.getPlans() });
|
|
101
|
-
});
|
|
102
|
-
|
|
103
|
-
router.get('/modules', (req, res) => {
|
|
104
|
-
res.json({ modules: Object.entries(MODULE_META).map(([id, m]) => ({
|
|
105
|
-
id, name: m.name, min_plan: m.plan,
|
|
106
|
-
endpoints: `https://api.webagentbridge.com/v1/${id}/`,
|
|
107
|
-
}))});
|
|
108
|
-
});
|
|
109
|
-
|
|
110
|
-
// ─── Key Management ─────────────────────────────────────────────────────────
|
|
111
|
-
router.post('/keys/generate', (req, res) => {
|
|
112
|
-
try {
|
|
113
|
-
const result = engine.generateKey(req.body);
|
|
114
|
-
res.status(201).json(result);
|
|
115
|
-
} catch (err) { res.status(400).json({ error: err.message }); }
|
|
116
|
-
});
|
|
117
|
-
|
|
118
|
-
router.post('/keys/validate', (req, res) => {
|
|
119
|
-
const apiKey = extractKey(req);
|
|
120
|
-
const result = engine.validate(apiKey, req.body.module);
|
|
121
|
-
res.status(result.valid ? 200 : 401).json(result);
|
|
122
|
-
});
|
|
123
|
-
|
|
124
|
-
router.get('/keys/usage', (req, res) => {
|
|
125
|
-
const apiKey = extractKey(req);
|
|
126
|
-
if (!apiKey) return res.status(401).json({ error: 'API key required' });
|
|
127
|
-
res.json(engine.getUsage(apiKey));
|
|
128
|
-
});
|
|
129
|
-
|
|
130
|
-
router.post('/keys/revoke', (req, res) => {
|
|
131
|
-
const apiKey = extractKey(req);
|
|
132
|
-
if (!apiKey) return res.status(401).json({ error: 'API key required' });
|
|
133
|
-
res.json(engine.revoke(apiKey, req.body.reason));
|
|
134
|
-
});
|
|
135
|
-
|
|
136
|
-
router.post('/keys/rotate', (req, res) => {
|
|
137
|
-
const apiKey = extractKey(req);
|
|
138
|
-
if (!apiKey) return res.status(401).json({ error: 'API key required' });
|
|
139
|
-
res.json(engine.rotate(apiKey));
|
|
140
|
-
});
|
|
141
|
-
|
|
142
|
-
router.get('/admin/keys', (req, res) => {
|
|
143
|
-
const apiKey = extractKey(req);
|
|
144
|
-
res.json(engine.listKeys(apiKey));
|
|
145
|
-
});
|
|
146
|
-
|
|
147
|
-
// ─── Mount module routers ───────────────────────────────────────────────────
|
|
148
|
-
for (const [moduleId, meta] of Object.entries(MODULE_META)) {
|
|
149
|
-
try {
|
|
150
|
-
const mod = require(meta.file);
|
|
151
|
-
const moduleRouter = mod.createRouter(express);
|
|
152
|
-
router.use(`/${moduleId}`, gatewayAuth(moduleId), (req, res, next) => { req._wabModuleName = meta.name; next(); }, wabWrap, moduleRouter);
|
|
153
|
-
} catch (err) {
|
|
154
|
-
// Module not available — create a stub
|
|
155
|
-
router.use(`/${moduleId}`, gatewayAuth(moduleId), (req, res) => {
|
|
156
|
-
res.status(503).json({ error: `Module '${meta.name}' is temporarily unavailable`, code: 'MODULE_UNAVAILABLE' });
|
|
157
|
-
});
|
|
158
|
-
}
|
|
159
|
-
}
|
|
160
|
-
|
|
161
|
-
// ─── Module listing for admin ── ────────────────────────────────────────────
|
|
162
|
-
router.get('/admin/modules', (req, res) => {
|
|
163
|
-
const apiKey = extractKey(req);
|
|
164
|
-
const validation = engine.validate(apiKey);
|
|
165
|
-
if (!validation.valid) return res.status(401).json(validation);
|
|
166
|
-
|
|
167
|
-
const modules = Object.entries(MODULE_META).map(([id, m]) => ({
|
|
168
|
-
id, name: m.name, min_plan: m.plan, status: 'active',
|
|
169
|
-
}));
|
|
170
|
-
res.json({ modules });
|
|
171
|
-
});
|
|
172
|
-
|
|
173
|
-
module.exports = router;
|
|
1
|
+
/**
|
|
2
|
+
* WAB API Gateway Routes
|
|
3
|
+
* Single entry point: /api/v1/*
|
|
4
|
+
* All 10 advanced modules behind API key authentication.
|
|
5
|
+
*
|
|
6
|
+
* Powered by WAB — Web Agent Bridge
|
|
7
|
+
* https://www.webagentbridge.com
|
|
8
|
+
*/
|
|
9
|
+
|
|
10
|
+
'use strict';
|
|
11
|
+
|
|
12
|
+
const express = require('express');
|
|
13
|
+
const router = express.Router();
|
|
14
|
+
const { WABKeyEngine } = require('../services/api-key-engine');
|
|
15
|
+
|
|
16
|
+
const engine = new WABKeyEngine();
|
|
17
|
+
|
|
18
|
+
// ─── Module Registry ───────────────────────────────────────────────────────────
|
|
19
|
+
const MODULE_META = {
|
|
20
|
+
'firewall': { name: 'Agent Firewall', plan: 'PRO', file: '../services/modules/agent-firewall' },
|
|
21
|
+
'notary': { name: 'Cryptographic Notary', plan: 'BUSINESS', file: '../services/modules/notary' },
|
|
22
|
+
'dark-pattern': { name: 'Dark Pattern Detector', plan: 'FREE', file: '../services/modules/dark-pattern' },
|
|
23
|
+
'bargaining': { name: 'Collective Bargaining', plan: 'PRO', file: '../services/modules/collective-bargaining' },
|
|
24
|
+
'gov': { name: 'Gov Intelligence', plan: 'BUSINESS', file: '../services/modules/gov-intelligence' },
|
|
25
|
+
'price': { name: 'Price Time Machine', plan: 'FREE', file: '../services/modules/price-time-machine' },
|
|
26
|
+
'neural': { name: 'Neural Engine', plan: 'PRO', file: '../services/modules/neural' },
|
|
27
|
+
'protocol': { name: 'WAB Protocol', plan: 'FREE', file: '../services/modules/protocol' },
|
|
28
|
+
'bounty': { name: 'Bounty Network', plan: 'FREE', file: '../services/modules/bounty' },
|
|
29
|
+
'affiliate': { name: 'Affiliate Intelligence', plan: 'PRO', file: '../services/modules/affiliate-intelligence' },
|
|
30
|
+
};
|
|
31
|
+
|
|
32
|
+
// ─── Extract API Key ──────────────────────────────────────────────────────────
|
|
33
|
+
function extractKey(req) {
|
|
34
|
+
const auth = req.headers['authorization'] || '';
|
|
35
|
+
if (auth.startsWith('Bearer ')) return auth.slice(7).trim();
|
|
36
|
+
if (req.headers['x-wab-key']) return req.headers['x-wab-key'].trim();
|
|
37
|
+
return req.query.api_key || null;
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
// ─── Auth Middleware (with HTTP-method → scope mapping) ──────────────────────
|
|
41
|
+
function methodToScope(method) {
|
|
42
|
+
const m = (method || 'GET').toUpperCase();
|
|
43
|
+
if (m === 'GET' || m === 'HEAD' || m === 'OPTIONS') return 'read';
|
|
44
|
+
if (m === 'DELETE') return 'admin';
|
|
45
|
+
return 'write'; // POST/PUT/PATCH
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
function gatewayAuth(moduleName, requiredScope = null) {
|
|
49
|
+
return (req, res, next) => {
|
|
50
|
+
const apiKey = extractKey(req);
|
|
51
|
+
if (!apiKey) {
|
|
52
|
+
return res.status(401).json({
|
|
53
|
+
error: 'Authentication required', code: 'MISSING_KEY',
|
|
54
|
+
message: 'Include your API key: Authorization: Bearer wab_live_xxx',
|
|
55
|
+
get_key: 'https://www.webagentbridge.com/workspace',
|
|
56
|
+
});
|
|
57
|
+
}
|
|
58
|
+
const scope = requiredScope || methodToScope(req.method);
|
|
59
|
+
const validation = engine.validate(apiKey, moduleName, scope);
|
|
60
|
+
if (!validation.valid) {
|
|
61
|
+
const status = validation.code === 'INSUFFICIENT_PLAN' ? 403
|
|
62
|
+
: validation.code === 'INSUFFICIENT_SCOPE' ? 403
|
|
63
|
+
: validation.code === 'RATE_LIMIT_EXCEEDED' ? 429
|
|
64
|
+
: validation.code === 'QUOTA_EXCEEDED' ? 429
|
|
65
|
+
: 401;
|
|
66
|
+
return res.status(status).json(validation);
|
|
67
|
+
}
|
|
68
|
+
if (validation.rotation && validation.rotation.warning) {
|
|
69
|
+
res.setHeader('X-WAB-Key-Rotation-Due', validation.rotation.rotation_due_at);
|
|
70
|
+
res.setHeader('X-WAB-Key-Rotation-Days', String(validation.rotation.days_until_due));
|
|
71
|
+
}
|
|
72
|
+
req.wabAuth = validation;
|
|
73
|
+
next();
|
|
74
|
+
};
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
// ─── WAB response wrapper ────────────────────────────────────────────────────
|
|
78
|
+
function wabWrap(req, res, next) {
|
|
79
|
+
const originalJson = res.json.bind(res);
|
|
80
|
+
res.json = (data) => {
|
|
81
|
+
const enriched = { ...data, _wab: {
|
|
82
|
+
gateway: 'api.webagentbridge.com', module: req._wabModuleName || 'unknown',
|
|
83
|
+
plan: req.wabAuth ? req.wabAuth.plan_name : 'unknown',
|
|
84
|
+
usage: req.wabAuth ? req.wabAuth.usage : null,
|
|
85
|
+
timestamp: new Date().toISOString(), powered_by: 'WAB — Web Agent Bridge',
|
|
86
|
+
}};
|
|
87
|
+
return originalJson(enriched);
|
|
88
|
+
};
|
|
89
|
+
next();
|
|
90
|
+
}
|
|
91
|
+
|
|
92
|
+
// ─── Public routes (no auth) ──────────────────────────────────────────────────
|
|
93
|
+
router.get('/health', (req, res) => {
|
|
94
|
+
res.json({ status: 'operational', service: 'WAB API Gateway', version: '1.0.0',
|
|
95
|
+
timestamp: new Date().toISOString(), modules: Object.keys(MODULE_META).length,
|
|
96
|
+
docs: 'https://www.webagentbridge.com/api' });
|
|
97
|
+
});
|
|
98
|
+
|
|
99
|
+
router.get('/plans', (req, res) => {
|
|
100
|
+
res.json({ plans: engine.getPlans() });
|
|
101
|
+
});
|
|
102
|
+
|
|
103
|
+
router.get('/modules', (req, res) => {
|
|
104
|
+
res.json({ modules: Object.entries(MODULE_META).map(([id, m]) => ({
|
|
105
|
+
id, name: m.name, min_plan: m.plan,
|
|
106
|
+
endpoints: `https://api.webagentbridge.com/v1/${id}/`,
|
|
107
|
+
}))});
|
|
108
|
+
});
|
|
109
|
+
|
|
110
|
+
// ─── Key Management ─────────────────────────────────────────────────────────
|
|
111
|
+
router.post('/keys/generate', (req, res) => {
|
|
112
|
+
try {
|
|
113
|
+
const result = engine.generateKey(req.body);
|
|
114
|
+
res.status(201).json(result);
|
|
115
|
+
} catch (err) { res.status(400).json({ error: err.message }); }
|
|
116
|
+
});
|
|
117
|
+
|
|
118
|
+
router.post('/keys/validate', (req, res) => {
|
|
119
|
+
const apiKey = extractKey(req);
|
|
120
|
+
const result = engine.validate(apiKey, req.body.module);
|
|
121
|
+
res.status(result.valid ? 200 : 401).json(result);
|
|
122
|
+
});
|
|
123
|
+
|
|
124
|
+
router.get('/keys/usage', (req, res) => {
|
|
125
|
+
const apiKey = extractKey(req);
|
|
126
|
+
if (!apiKey) return res.status(401).json({ error: 'API key required' });
|
|
127
|
+
res.json(engine.getUsage(apiKey));
|
|
128
|
+
});
|
|
129
|
+
|
|
130
|
+
router.post('/keys/revoke', (req, res) => {
|
|
131
|
+
const apiKey = extractKey(req);
|
|
132
|
+
if (!apiKey) return res.status(401).json({ error: 'API key required' });
|
|
133
|
+
res.json(engine.revoke(apiKey, req.body.reason));
|
|
134
|
+
});
|
|
135
|
+
|
|
136
|
+
router.post('/keys/rotate', (req, res) => {
|
|
137
|
+
const apiKey = extractKey(req);
|
|
138
|
+
if (!apiKey) return res.status(401).json({ error: 'API key required' });
|
|
139
|
+
res.json(engine.rotate(apiKey));
|
|
140
|
+
});
|
|
141
|
+
|
|
142
|
+
router.get('/admin/keys', (req, res) => {
|
|
143
|
+
const apiKey = extractKey(req);
|
|
144
|
+
res.json(engine.listKeys(apiKey));
|
|
145
|
+
});
|
|
146
|
+
|
|
147
|
+
// ─── Mount module routers ───────────────────────────────────────────────────
|
|
148
|
+
for (const [moduleId, meta] of Object.entries(MODULE_META)) {
|
|
149
|
+
try {
|
|
150
|
+
const mod = require(meta.file);
|
|
151
|
+
const moduleRouter = mod.createRouter(express);
|
|
152
|
+
router.use(`/${moduleId}`, gatewayAuth(moduleId), (req, res, next) => { req._wabModuleName = meta.name; next(); }, wabWrap, moduleRouter);
|
|
153
|
+
} catch (err) {
|
|
154
|
+
// Module not available — create a stub
|
|
155
|
+
router.use(`/${moduleId}`, gatewayAuth(moduleId), (req, res) => {
|
|
156
|
+
res.status(503).json({ error: `Module '${meta.name}' is temporarily unavailable`, code: 'MODULE_UNAVAILABLE' });
|
|
157
|
+
});
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
|
|
161
|
+
// ─── Module listing for admin ── ────────────────────────────────────────────
|
|
162
|
+
router.get('/admin/modules', (req, res) => {
|
|
163
|
+
const apiKey = extractKey(req);
|
|
164
|
+
const validation = engine.validate(apiKey);
|
|
165
|
+
if (!validation.valid) return res.status(401).json(validation);
|
|
166
|
+
|
|
167
|
+
const modules = Object.entries(MODULE_META).map(([id, m]) => ({
|
|
168
|
+
id, name: m.name, min_plan: m.plan, status: 'active',
|
|
169
|
+
}));
|
|
170
|
+
res.json({ modules });
|
|
171
|
+
});
|
|
172
|
+
|
|
173
|
+
module.exports = router;
|