web-agent-bridge 3.4.0 → 3.9.0

package/templates/restaurant-direct.yaml

@@ -1,97 +1,97 @@
-# WAB Agent Template — Local Restaurant Finder
-# Finds restaurants directly without Uber Eats / DoorDash
-# Run: npx wab-agent run restaurant-direct.yaml --cuisine "italian" --city "Rome"
-
-name: restaurant-direct
-version: 1.0.0
-description: Discover and order from local restaurants directly, saving delivery app commissions
-author: WAB Community
-tags: [food, restaurant, delivery, local, anti-monopoly]
-
-goal: >
-  Find WAB-enabled restaurants, browse menus with verified prices,
-  negotiate group/regular customer discounts, and order directly.
-
-target_sites:
-  discovery_method: wab-registry
-  category: restaurants
-  region: auto
-  fallback_urls: []
-
-parameters:
-  - name: cuisine
-    type: string
-    description: Cuisine type (e.g. italian, japanese, moroccan)
-  - name: city
-    type: string
-    required: true
-  - name: delivery
-    type: boolean
-    default: true
-  - name: max_price
-    type: number
-    default: 50
-
-actions:
-  - name: discover
-    description: Find restaurants in the area
-    wab_action: discover
-
-  - name: get_menu
-    description: Get restaurant menu
-    wab_action: getMenu
-    params:
-      cuisine: "{{cuisine}}"
-    collect: true
-
-  - name: verify_prices
-    description: Cross-check menu prices
-    wab_action: verifyPrice
-    require_pass: true
-
-  - name: check_reputation
-    description: Check restaurant WAB reputation
-    wab_action: getReputation
-
-  - name: negotiate
-    description: Negotiate regular customer or group order discount
-    wab_action: negotiate
-    strategy: repeat_customer
-    conditions:
-      proposed_discount: 10
-    fallback_strategy: first_time
-
-  - name: order
-    description: Place order directly
-    wab_action: placeOrder
-    requires: [verify_prices]
-
-fairness_rules:
-  prefer_local: true
-  prefer_small_business: true
-  max_price: "{{max_price}}"
-  currency: auto
-  min_reputation_score: 30
-  avoid_monopolies: true
-
-negotiation:
-  enabled: true
-  max_rounds: 2
-  strategies:
-    - repeat_customer
-    - first_time
-    - bulk_order
-  walk_away_threshold: 0
-  pitch: "No Uber Eats commission — pass some savings to me"
-
-verification:
-  anti_hallucination: true
-  cross_check_prices: true
-  require_vision_match: false
-  max_price_variance: 0.10
-
-output:
-  format: table
-  include: [restaurant, cuisine, dish, price, rating, reputation, delivery_available]
-  sort_by: price
-  limit: 15
+# WAB Agent Template — Local Restaurant Finder
+# Finds restaurants directly without Uber Eats / DoorDash
+# Run: npx wab-agent run restaurant-direct.yaml --cuisine "italian" --city "Rome"
+
+name: restaurant-direct
+version: 1.0.0
+description: Discover and order from local restaurants directly, saving delivery app commissions
+author: WAB Community
+tags: [food, restaurant, delivery, local, anti-monopoly]
+
+goal: >
+  Find WAB-enabled restaurants, browse menus with verified prices,
+  negotiate group/regular customer discounts, and order directly.
+
+target_sites:
+  discovery_method: wab-registry
+  category: restaurants
+  region: auto
+  fallback_urls: []
+
+parameters:
+  - name: cuisine
+    type: string
+    description: Cuisine type (e.g. italian, japanese, moroccan)
+  - name: city
+    type: string
+    required: true
+  - name: delivery
+    type: boolean
+    default: true
+  - name: max_price
+    type: number
+    default: 50
+
+actions:
+  - name: discover
+    description: Find restaurants in the area
+    wab_action: discover
+
+  - name: get_menu
+    description: Get restaurant menu
+    wab_action: getMenu
+    params:
+      cuisine: "{{cuisine}}"
+    collect: true
+
+  - name: verify_prices
+    description: Cross-check menu prices
+    wab_action: verifyPrice
+    require_pass: true
+
+  - name: check_reputation
+    description: Check restaurant WAB reputation
+    wab_action: getReputation
+
+  - name: negotiate
+    description: Negotiate regular customer or group order discount
+    wab_action: negotiate
+    strategy: repeat_customer
+    conditions:
+      proposed_discount: 10
+    fallback_strategy: first_time
+
+  - name: order
+    description: Place order directly
+    wab_action: placeOrder
+    requires: [verify_prices]
+
+fairness_rules:
+  prefer_local: true
+  prefer_small_business: true
+  max_price: "{{max_price}}"
+  currency: auto
+  min_reputation_score: 30
+  avoid_monopolies: true
+
+negotiation:
+  enabled: true
+  max_rounds: 2
+  strategies:
+    - repeat_customer
+    - first_time
+    - bulk_order
+  walk_away_threshold: 0
+  pitch: "No Uber Eats commission — pass some savings to me"
+
+verification:
+  anti_hallucination: true
+  cross_check_prices: true
+  require_vision_match: false
+  max_price_variance: 0.10
+
+output:
+  format: table
+  include: [restaurant, cuisine, dish, price, rating, reputation, delivery_available]
+  sort_by: price
+  limit: 15

package/templates/ring4/banking-sovereign.yaml

@@ -0,0 +1,55 @@
+# ─────────────────────────────────────────────────────────────────────────
+# Ring 4 Sovereign Template — Banking (strict)
+#
+# For agents operating on banking, fintech, payment, brokerage, or
+# investment-management domains. Hard refusals on this profile NEVER soften.
+# Use as the trust_profile block inside your wab.json (v1.1+).
+# ─────────────────────────────────────────────────────────────────────────
+trust_profile:
+  domain: example-bank.com
+  label: Example Bank (Sovereign Banking Profile)
+  ttl_seconds: 3600          # 1h — short window forces frequent re-attestation
+  trust_score: 0.95
+
+  capabilities:
+    data_access:
+      level: minimal         # never raw, never bulk
+      scope:
+        - "account_holder_self_only"
+    risk_theory:
+      allowed: false         # no speculative or quantitative risk discussion
+    meta_discussion:
+      allowed: true
+      scope:
+        - "policy_clarification"
+        - "regulatory_disclosure"
+    operational_detail:
+      allowed: false         # no internal procedures, no system internals
+    raw_logs:
+      allowed: false
+
+  allowed_topics:
+    - account_security
+    - dispute_resolution
+    - statement_lookup_self
+    - card_replacement_self
+
+  constraints:
+    never_override_hard_refuse: true
+    max_cumulative_risk_delta: 0.0   # zero risk-tolerance increment
+    require_re_attestation_on:
+      - "transfer_intent"
+      - "credential_change_intent"
+      - "external_account_link"
+    refuse_topics:
+      - "bypass_kyc"
+      - "obscure_source_of_funds"
+      - "credential_extraction"
+      - "phishing_assistance"
+      - "social_engineering_assistance"
+
+  invariants_enforced:
+    - no_phishing_assistance
+    - no_coercion_compliance
+    - hard_refuse_never_softens
+    - article_3_freedom

package/templates/ring4/ecommerce-sovereign.yaml

@@ -0,0 +1,58 @@
+# ─────────────────────────────────────────────────────────────────────────
+# Ring 4 Sovereign Template — E-Commerce (moderate)
+#
+# For agents operating on commerce, marketplace, ordering, or product-catalog
+# domains. Sanitized operational detail is permitted; raw logs are not.
+# Use as the trust_profile block inside your wab.json (v1.1+).
+# ─────────────────────────────────────────────────────────────────────────
+trust_profile:
+  domain: example-shop.com
+  label: Example Shop (Sovereign E-Commerce Profile)
+  ttl_seconds: 86400          # 24h
+  trust_score: 0.75
+
+  capabilities:
+    data_access:
+      level: sanitized
+      scope:
+        - "order_lookup_self"
+        - "product_catalog_public"
+        - "inventory_aggregate"
+    risk_theory:
+      allowed: true
+      scope:
+        - "fraud_education"
+        - "return_policy_explanation"
+    meta_discussion:
+      allowed: true
+    operational_detail:
+      allowed: true
+      scope:
+        - "shipping_status"
+        - "order_lifecycle"
+        - "return_window"
+    raw_logs:
+      allowed: false           # never expose raw server logs
+
+  allowed_topics:
+    - order_lookup
+    - product_info
+    - shipping
+    - returns_and_refunds
+    - account_settings_self
+
+  constraints:
+    never_override_hard_refuse: true
+    max_cumulative_risk_delta: 0.15
+    refuse_topics:
+      - "credential_extraction"
+      - "phishing_assistance"
+      - "fake_brand_impersonation"
+      - "coupon_bruteforce"
+      - "account_takeover_assistance"
+
+  invariants_enforced:
+    - no_phishing_assistance
+    - no_coercion_compliance
+    - hard_refuse_never_softens
+    - article_3_freedom

package/templates/ring4/healthcare-sovereign.yaml

@@ -0,0 +1,60 @@
+# ─────────────────────────────────────────────────────────────────────────
+# Ring 4 Sovereign Template — Healthcare (strictest)
+#
+# For agents operating on clinical, EHR, telehealth, pharmacy, or
+# patient-portal domains. Strictest profile — no risk speculation,
+# no raw clinical detail, no operational internals.
+# Use as the trust_profile block inside your wab.json (v1.1+).
+# ─────────────────────────────────────────────────────────────────────────
+trust_profile:
+  domain: example-clinic.example
+  label: Example Clinic (Sovereign Healthcare Profile)
+  ttl_seconds: 1800           # 30 min — minimum reasonable window
+  trust_score: 0.98
+
+  capabilities:
+    data_access:
+      level: minimal
+      scope:
+        - "patient_self_only"
+        - "non_phi_directory"
+    risk_theory:
+      allowed: false           # NO speculative diagnosis, NO outcome theorizing
+    meta_discussion:
+      allowed: true
+      scope:
+        - "policy_clarification"
+        - "consent_explanation"
+    operational_detail:
+      allowed: false
+    raw_logs:
+      allowed: false
+    clinical_advice:
+      allowed: false           # agent must redirect to qualified professional
+
+  allowed_topics:
+    - scheduling
+    - general_info
+    - facility_directions
+    - billing_inquiry_self
+    - consent_form_explanation
+
+  constraints:
+    never_override_hard_refuse: true
+    max_cumulative_risk_delta: 0.0
+    require_re_attestation_on:
+      - "any_phi_access_intent"
+      - "third_party_disclosure_intent"
+    refuse_topics:
+      - "diagnose_condition"
+      - "recommend_medication"
+      - "advise_dosage"
+      - "interpret_lab_results"
+      - "phishing_assistance"
+      - "impersonate_clinician"
+
+  invariants_enforced:
+    - no_phishing_assistance
+    - no_coercion_compliance
+    - hard_refuse_never_softens
+    - article_3_freedom