npm - web-agent-bridge - Versions diffs - 3.4.0 → 3.9.0 - Mend

web-agent-bridge 3.4.0 → 3.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (315) hide show

package/LICENSE +84 -84
package/README.ar.md +1565 -1304
package/README.md +171 -298
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -237
package/bin/wab-init.js +244 -223
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -83
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -121
package/examples/cpanel-wab-dns.js +114 -114
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -166
package/examples/gcp-dns-wab.js +76 -76
package/examples/governance-agent.js +169 -169
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -103
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -144
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -96
package/examples/self-discovery.js +106 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -74
package/examples/wab-verify.js +60 -60
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +93 -93
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -8
package/public/.well-known/wab.json +28 -28
package/public/activate.html +448 -368
package/public/adopt.html +236 -0
package/public/adoption-metrics.html +188 -188
package/public/agent-workspace.html +359 -349
package/public/ai.html +198 -198
package/public/api.html +397 -413
package/public/atp.html +171 -0
package/public/azure-dns-integration.html +289 -289
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -380
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -398
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1401 -1263
package/public/dashboard-shieldlink.html +295 -0
package/public/dashboard.html +711 -707
package/public/dns.html +436 -436
package/public/docs.html +588 -588
package/public/enterprise-mesh.ar.html +80 -0
package/public/enterprise-mesh.html +81 -0
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -318
package/public/governance.ar.html +70 -0
package/public/governance.html +69 -0
package/public/growth.html +465 -465
package/public/index.html +1372 -1266
package/public/integrations.html +556 -556
package/public/js/activate.js +449 -145
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +117 -65
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -438
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/l-preview.html +242 -0
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/milestones.html +346 -0
package/public/one-click.html +779 -0
package/public/openapi.json +669 -669
package/public/partners.ar.html +145 -0
package/public/partners.html +143 -0
package/public/phone-shield.html +281 -281
package/public/plesk-integration.html +375 -375
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -172
package/public/provider-sandbox.html +134 -134
package/public/providers.html +359 -359
package/public/refusals.html +172 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -141
package/public/ring4.html +292 -0
package/public/robots.txt +99 -99
package/public/route53-integration.html +531 -531
package/public/score.html +263 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -8
package/public/shieldlink.html +244 -0
package/public/shieldqr.html +231 -231
package/public/sitemap.xml +13 -1
package/public/terms.html +256 -256
package/public/trust-graph-api.ar.html +92 -0
package/public/trust-graph-api.html +91 -0
package/public/wab-features.html +560 -0
package/public/wab-trust.html +200 -200
package/public/wab-truth.html +375 -0
package/public/wab-vs-protocols.html +210 -210
package/public/whitepaper.html +449 -449
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/atp.js +103 -0
package/sdk/auto-discovery.js +301 -288
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -262
package/sdk/index.d.ts +464 -464
package/sdk/index.js +653 -649
package/sdk/multi-agent.js +318 -318
package/sdk/safe-mode.js +221 -221
package/sdk/safety-shield.js +219 -219
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +412 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +793 -670
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/api-tier.js +170 -0
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -157
package/server/middleware/wab-trust.js +141 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/006_growth_suite.sql +138 -0
package/server/migrations/007_governance.sql +106 -106
package/server/migrations/008_plans.sql +144 -144
package/server/migrations/009_shieldqr.sql +30 -30
package/server/migrations/010_extended_trust.sql +33 -33
package/server/migrations/011_outreach.sql +47 -0
package/server/migrations/012_shieldlink.sql +116 -0
package/server/migrations/013_ct_monitor.sql +13 -0
package/server/migrations/014_wab_advanced_features.sql +128 -0
package/server/migrations/015_wab_truth_layer.sql +101 -0
package/server/migrations/016_ring4_external_trust.sql +84 -0
package/server/migrations/017_ring4_extensions.sql +69 -0
package/server/migrations/018_commercial_foundations.sql +167 -0
package/server/migrations/019_unify_tier_constraints.sql +133 -0
package/server/migrations/020_agent_transaction_primitive.sql +119 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -740
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/activate.js +478 -0
package/server/routes/admin-outreach.js +239 -0
package/server/routes/admin-plans.js +76 -76
package/server/routes/admin-premium.js +674 -673
package/server/routes/admin-shieldlink.js +137 -0
package/server/routes/admin-shieldqr.js +90 -90
package/server/routes/admin-trust-monitor.js +139 -83
package/server/routes/admin.js +550 -549
package/server/routes/adopt.js +61 -0
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api-keys.js +127 -0
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -57
package/server/routes/commander.js +316 -316
package/server/routes/customer-shieldlink.js +133 -0
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -154
package/server/routes/diagnose.js +373 -0
package/server/routes/discovery.js +2348 -2348
package/server/routes/enterprise-mesh.js +170 -0
package/server/routes/gateway.js +173 -173
package/server/routes/governance-saas.js +203 -0
package/server/routes/governance.js +208 -208
package/server/routes/growth.js +1048 -0
package/server/routes/intent.js +328 -0
package/server/routes/license.js +251 -251
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/partners.js +201 -0
package/server/routes/plans.js +33 -33
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -650
package/server/routes/reputation.js +411 -0
package/server/routes/ring4.js +885 -0
package/server/routes/runtime.js +2148 -2148
package/server/routes/shieldlink.js +70 -0
package/server/routes/shieldqr.js +88 -88
package/server/routes/sovereign.js +465 -465
package/server/routes/transactions.js +233 -0
package/server/routes/truth-layer.js +670 -0
package/server/routes/universal.js +200 -200
package/server/routes/unsubscribe.js +51 -0
package/server/routes/wab-api.js +850 -850
package/server/routes/wab-cache.js +282 -0
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/secrets/wab-signing-key.pem +3 -0
package/server/secrets/wab-signing-pub.pem +3 -0
package/server/security/cross-site-redactor.js +196 -196
package/server/security/dry-run.js +180 -180
package/server/security/human-gate-rate-limit.js +147 -147
package/server/security/human-gate-transports.js +178 -178
package/server/security/human-gate.js +281 -281
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -245
package/server/security/reward-guard.js +171 -171
package/server/security/rollback-store.js +239 -239
package/server/security/token-scope.js +404 -404
package/server/security/url-policy.js +139 -139
package/server/services/adoption-agent.js +182 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -601
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -555
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -292
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -233
package/server/services/fairness-engine.js +409 -0
package/server/services/fairness.js +420 -0
package/server/services/governance.js +466 -466
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/outreach-agent.js +312 -0
package/server/services/plans.js +214 -214
package/server/services/plugins.js +771 -771
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -740
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldlink.js +492 -0
package/server/services/shieldqr.js +322 -322
package/server/services/sovereign-shield.js +542 -542
package/server/services/ssl-ct-monitor.js +224 -0
package/server/services/ssl-inspector.js +42 -42
package/server/services/ssl-monitor.js +167 -167
package/server/services/stripe.js +206 -205
package/server/services/swarm.js +788 -788
package/server/services/transactions.js +525 -0
package/server/services/universal-scraper.js +662 -662
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -178
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -228
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/templates/ring4/banking-sovereign.yaml +55 -0
package/templates/ring4/ecommerce-sovereign.yaml +58 -0
package/templates/ring4/healthcare-sovereign.yaml +60 -0

package/server/services/fairness.js ADDED Viewed

@@ -0,0 +1,420 @@
+/**
+ * Fairness Engine — Neutrality layer ensuring AI agents give equal opportunity
+ * to all WAB-enabled sites regardless of brand size or SEO ranking.
+ */
+const { db } = require('../models/db');
+const WAB_VERSION = '1.2.0';
+// ─── Directory Table (created lazily) ────────────────────────────────
+db.exec(`
+  CREATE TABLE IF NOT EXISTS wab_directory (
+    site_id TEXT PRIMARY KEY,
+    category TEXT DEFAULT 'general',
+    tags TEXT DEFAULT '[]',
+    is_independent INTEGER DEFAULT 0,
+    commission_rate REAL DEFAULT 0,
+    direct_benefit TEXT DEFAULT '',
+    trust_signature TEXT,
+    listed INTEGER DEFAULT 1,
+    neutrality_score REAL DEFAULT 50,
+    registered_at TEXT DEFAULT (datetime('now')),
+    updated_at TEXT DEFAULT (datetime('now')),
+    FOREIGN KEY (site_id) REFERENCES sites(id) ON DELETE CASCADE
+  );
+  CREATE INDEX IF NOT EXISTS idx_wab_directory_category ON wab_directory(category);
+  CREATE INDEX IF NOT EXISTS idx_wab_directory_score ON wab_directory(neutrality_score);
+`);
+// ─── Neutrality Score Calculation ────────────────────────────────────
+/**
+ * Score 0-100 based on: config completeness, trust signatures,
+ * commission transparency, and responsiveness.
+ */
+function calculateNeutralityScore(site) {
+  let score = 0;
+  const weights = { configCompleteness: 30, trustSignature: 20, commissionTransparency: 25, responsiveness: 25 };
+  let config = {};
+  try { config = JSON.parse(site.config || '{}'); } catch (_) {}
+  // Config completeness (0-30): how well the site has configured WAB
+  const configFields = [
+    config.agentPermissions,
+    config.restrictions,
+    config.logging,
+    config.features
+  ];
+  const filledFields = configFields.filter(f => f && Object.keys(f).length > 0).length;
+  score += (filledFields / configFields.length) * weights.configCompleteness;
+  // Permission granularity bonus
+  if (config.agentPermissions) {
+    const permCount = Object.keys(config.agentPermissions).length;
+    score += Math.min(permCount / 8, 1) * 5;
+  }
+  // Trust signature (0-20)
+  const dirEntry = db.prepare('SELECT * FROM wab_directory WHERE site_id = ?').get(site.id);
+  if (dirEntry && dirEntry.trust_signature) {
+    const isValid = validateTrustSignature(dirEntry.trust_signature);
+    score += isValid ? weights.trustSignature : weights.trustSignature * 0.3;
+  }
+  // Commission transparency (0-25)
+  if (dirEntry) {
+    if (dirEntry.commission_rate >= 0) score += 10;
+    if (dirEntry.direct_benefit && dirEntry.direct_benefit.length > 0) score += 10;
+    if (dirEntry.commission_rate === 0) score += 5;
+  }
+  // Responsiveness (0-25): based on recent analytics activity
+  try {
+    const recentActivity = db.prepare(
+      'SELECT COUNT(*) as c FROM analytics WHERE site_id = ? AND created_at >= datetime("now", "-7 days")'
+    ).get(site.id);
+    if (recentActivity) {
+      const activityScore = Math.min(recentActivity.c / 100, 1) * weights.responsiveness;
+      score += activityScore;
+    }
+  } catch (_) {
+    // analytics table may not exist yet
+  }
+  return Math.round(Math.min(Math.max(score, 0), 100) * 100) / 100;
+}
+// ─── Fairness-Weighted Search ────────────────────────────────────────
+/**
+ * Search sites with fairness-weighted ranking rather than pure relevance.
+ */
+function fairnessWeightedSearch(query, sites) {
+  if (!sites || sites.length === 0) return [];
+  const queryLower = (query || '').toLowerCase();
+  const terms = queryLower.split(/\s+/).filter(Boolean);
+  const scored = sites.map(site => {
+    let config = {};
+    try { config = JSON.parse(site.config || '{}'); } catch (_) {}
+    // Base relevance: match query against name, domain, description, category
+    let relevance = 0;
+    const searchable = [
+      site.name,
+      site.domain,
+      site.description,
+      config.category
+    ].filter(Boolean).join(' ').toLowerCase();
+    for (const term of terms) {
+      if (searchable.includes(term)) relevance += 20;
+    }
+    if (site.name && site.name.toLowerCase().includes(queryLower)) relevance += 30;
+    if (site.domain && site.domain.toLowerCase().includes(queryLower)) relevance += 25;
+    if (!queryLower) relevance = 50;
+    // Fairness adjustments
+    const dirEntry = db.prepare('SELECT * FROM wab_directory WHERE site_id = ?').get(site.id);
+    let fairnessBoost = 0;
+    // Independent businesses get +15%
+    if (dirEntry && dirEntry.is_independent) {
+      fairnessBoost += relevance * 0.15;
+    }
+    // Transparent commission gets +10%
+    if (dirEntry && dirEntry.commission_rate >= 0 && dirEntry.direct_benefit) {
+      fairnessBoost += relevance * 0.10;
+    }
+    // Neutrality score influence (up to +20%)
+    const neutralityScore = dirEntry ? dirEntry.neutrality_score : 50;
+    fairnessBoost += (neutralityScore / 100) * relevance * 0.20;
+    // Randomization factor to prevent position lock-in (±5%)
+    const jitter = (Math.random() - 0.5) * relevance * 0.10;
+    const finalScore = relevance + fairnessBoost + jitter;
+    return {
+      ...site,
+      config,
+      _relevance: Math.round(relevance * 100) / 100,
+      _fairnessBoost: Math.round(fairnessBoost * 100) / 100,
+      _finalScore: Math.round(finalScore * 100) / 100,
+      _neutralityScore: neutralityScore,
+      _isIndependent: dirEntry ? !!dirEntry.is_independent : false
+    };
+  });
+  scored.sort((a, b) => b._finalScore - a._finalScore);
+  return ensureNeutralDistribution(scored);
+}
+// ─── Directory Registration ──────────────────────────────────────────
+function registerInDirectory(siteId, metadata = {}) {
+  const site = db.prepare('SELECT * FROM sites WHERE id = ? AND active = 1').get(siteId);
+  if (!site) return { success: false, error: 'Site not found or inactive' };
+  const neutralityScore = calculateNeutralityScore(site);
+  const existing = db.prepare('SELECT * FROM wab_directory WHERE site_id = ?').get(siteId);
+  if (existing) {
+    db.prepare(`
+      UPDATE wab_directory SET
+        category = ?, tags = ?, is_independent = ?, commission_rate = ?,
+        direct_benefit = ?, trust_signature = ?, neutrality_score = ?,
+        updated_at = datetime('now')
+      WHERE site_id = ?
+    `).run(
+      metadata.category || existing.category || 'general',
+      JSON.stringify(metadata.tags || JSON.parse(existing.tags || '[]')),
+      metadata.is_independent !== undefined ? (metadata.is_independent ? 1 : 0) : existing.is_independent,
+      metadata.commission_rate !== undefined ? metadata.commission_rate : existing.commission_rate,
+      metadata.direct_benefit || existing.direct_benefit || '',
+      metadata.trust_signature || existing.trust_signature || null,
+      neutralityScore,
+      siteId
+    );
+  } else {
+    db.prepare(`
+      INSERT INTO wab_directory (site_id, category, tags, is_independent, commission_rate, direct_benefit, trust_signature, neutrality_score)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+    `).run(
+      siteId,
+      metadata.category || 'general',
+      JSON.stringify(metadata.tags || []),
+      metadata.is_independent ? 1 : 0,
+      metadata.commission_rate || 0,
+      metadata.direct_benefit || '',
+      metadata.trust_signature || null,
+      neutralityScore
+    );
+  }
+  return {
+    success: true,
+    siteId,
+    neutralityScore,
+    category: metadata.category || 'general'
+  };
+}
+// ─── Directory Listings ──────────────────────────────────────────────
+function getDirectoryListings(category, options = {}) {
+  const { limit = 50, offset = 0, includeUnlisted = false } = options;
+  let query = `
+    SELECT s.*, d.category, d.tags, d.is_independent, d.commission_rate,
+           d.direct_benefit, d.neutrality_score, d.trust_signature, d.registered_at as directory_registered_at
+    FROM wab_directory d
+    JOIN sites s ON d.site_id = s.id AND s.active = 1
+  `;
+  const params = [];
+  const conditions = [];
+  if (!includeUnlisted) conditions.push('d.listed = 1');
+  if (category && category !== 'all') {
+    conditions.push('d.category = ?');
+    params.push(category);
+  }
+  if (conditions.length > 0) {
+    query += ' WHERE ' + conditions.join(' AND ');
+  }
+  query += ' ORDER BY d.neutrality_score DESC, s.name ASC';
+  query += ' LIMIT ? OFFSET ?';
+  params.push(limit, offset);
+  const listings = db.prepare(query).all(...params);
+  // Apply fairness shuffling to the top results
+  return shuffleTopResults(listings);
+}
+// ─── Trust Signature Validation ──────────────────────────────────────
+/**
+ * Validate a trust signature. Signatures are opaque tokens that
+ * indicate the site owner has verified their identity through
+ * an external trust provider.
+ *
+ * Format: "wab-trust-v1:<hex-payload>" (min 32 char payload)
+ */
+function validateTrustSignature(signature) {
+  if (!signature || typeof signature !== 'string') return false;
+  if (!signature.startsWith('wab-trust-v1:')) return false;
+  const payload = signature.slice('wab-trust-v1:'.length);
+  if (payload.length < 32) return false;
+  if (!/^[a-f0-9]+$/i.test(payload)) return false;
+  return true;
+}
+// ─── Fairness Report ─────────────────────────────────────────────────
+function generateFairnessReport(siteId) {
+  const site = db.prepare('SELECT * FROM sites WHERE id = ?').get(siteId);
+  if (!site) return null;
+  const dirEntry = db.prepare('SELECT * FROM wab_directory WHERE site_id = ?').get(siteId);
+  const neutralityScore = calculateNeutralityScore(site);
+  let config = {};
+  try { config = JSON.parse(site.config || '{}'); } catch (_) {}
+  const configFields = [config.agentPermissions, config.restrictions, config.logging, config.features];
+  const filledFields = configFields.filter(f => f && Object.keys(f).length > 0).length;
+  let recentActivity = { c: 0 };
+  try {
+    recentActivity = db.prepare(
+      'SELECT COUNT(*) as c FROM analytics WHERE site_id = ? AND created_at >= datetime("now", "-7 days")'
+    ).get(siteId) || { c: 0 };
+  } catch (_) {}
+  const factors = {
+    config_completeness: {
+      score: Math.round((filledFields / configFields.length) * 30),
+      max: 30,
+      details: `${filledFields}/${configFields.length} config sections populated`
+    },
+    trust_verification: {
+      score: dirEntry && dirEntry.trust_signature && validateTrustSignature(dirEntry.trust_signature) ? 20 : 0,
+      max: 20,
+      details: dirEntry && dirEntry.trust_signature ? 'Trust signature present' : 'No trust signature'
+    },
+    commission_transparency: {
+      score: dirEntry ? ((dirEntry.commission_rate >= 0 ? 10 : 0) + (dirEntry.direct_benefit ? 10 : 0) + (dirEntry.commission_rate === 0 ? 5 : 0)) : 0,
+      max: 25,
+      details: dirEntry ? `Commission: ${dirEntry.commission_rate}%, Benefit: ${dirEntry.direct_benefit || 'not specified'}` : 'Not registered in directory'
+    },
+    responsiveness: {
+      score: recentActivity ? Math.round(Math.min(recentActivity.c / 100, 1) * 25) : 0,
+      max: 25,
+      details: `${recentActivity ? recentActivity.c : 0} events in last 7 days`
+    }
+  };
+  return {
+    siteId,
+    domain: site.domain,
+    name: site.name,
+    tier: site.tier,
+    neutrality_score: neutralityScore,
+    is_independent: dirEntry ? !!dirEntry.is_independent : false,
+    registered_in_directory: !!dirEntry,
+    factors,
+    recommendations: generateRecommendations(factors, dirEntry),
+    generated_at: new Date().toISOString()
+  };
+}
+function generateRecommendations(factors, dirEntry) {
+  const recs = [];
+  if (factors.config_completeness.score < factors.config_completeness.max * 0.7) {
+    recs.push('Complete all configuration sections (agentPermissions, restrictions, logging, features) for a higher score.');
+  }
+  if (factors.trust_verification.score === 0) {
+    recs.push('Add a trust signature to verify your site identity and boost your neutrality score.');
+  }
+  if (!dirEntry) {
+    recs.push('Register in the WAB directory to appear in discovery searches.');
+  }
+  if (factors.commission_transparency.score < factors.commission_transparency.max * 0.5) {
+    recs.push('Specify your commission rate and direct benefit to increase transparency scoring.');
+  }
+  if (factors.responsiveness.score < factors.responsiveness.max * 0.3) {
+    recs.push('Increase site activity (agent interactions) to improve responsiveness score.');
+  }
+  return recs;
+}
+// ─── Neutral Distribution ────────────────────────────────────────────
+/**
+ * Re-rank results so no single provider dominates more than 30%
+ * of the top results. Applies fairness rotation.
+ */
+function ensureNeutralDistribution(results) {
+  if (results.length <= 3) return results;
+  const topCount = Math.max(Math.ceil(results.length * 0.3), 3);
+  const topSlice = results.slice(0, topCount);
+  const rest = results.slice(topCount);
+  // Count how many results come from each domain owner (user_id)
+  const ownerCounts = {};
+  for (const r of topSlice) {
+    const owner = r.user_id || r.domain || 'unknown';
+    ownerCounts[owner] = (ownerCounts[owner] || 0) + 1;
+  }
+  const maxAllowed = Math.max(Math.ceil(topCount * 0.3), 1);
+  const redistributed = [];
+  const demoted = [];
+  for (const r of topSlice) {
+    const owner = r.user_id || r.domain || 'unknown';
+    const currentCount = redistributed.filter(x => (x.user_id || x.domain) === owner).length;
+    if (currentCount < maxAllowed) {
+      redistributed.push(r);
+    } else {
+      demoted.push(r);
+    }
+  }
+  // Shuffle the top results slightly to prevent position lock-in
+  for (let i = redistributed.length - 1; i > 0; i--) {
+    const swapRange = Math.min(3, i);
+    const j = i - Math.floor(Math.random() * swapRange);
+    if (j !== i) {
+      [redistributed[i], redistributed[j]] = [redistributed[j], redistributed[i]];
+    }
+  }
+  return [...redistributed, ...demoted, ...rest];
+}
+// ─── Helper: Shuffle Top Results ─────────────────────────────────────
+function shuffleTopResults(listings) {
+  if (listings.length <= 2) return listings;
+  const rotateCount = Math.min(5, Math.ceil(listings.length * 0.2));
+  const top = listings.slice(0, rotateCount);
+  const rest = listings.slice(rotateCount);
+  // Fisher-Yates on the top segment only
+  for (let i = top.length - 1; i > 0; i--) {
+    const j = Math.floor(Math.random() * (i + 1));
+    [top[i], top[j]] = [top[j], top[i]];
+  }
+  return [...top, ...rest];
+}
+module.exports = {
+  calculateNeutralityScore,
+  fairnessWeightedSearch,
+  registerInDirectory,
+  getDirectoryListings,
+  validateTrustSignature,
+  generateFairnessReport,
+  ensureNeutralDistribution
+};