npm - web-agent-bridge - Versions diffs - 3.4.0 → 3.9.0 - Mend

web-agent-bridge 3.4.0 → 3.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (315) hide show

package/LICENSE +84 -84
package/README.ar.md +1565 -1304
package/README.md +171 -298
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -237
package/bin/wab-init.js +244 -223
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -83
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -121
package/examples/cpanel-wab-dns.js +114 -114
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -166
package/examples/gcp-dns-wab.js +76 -76
package/examples/governance-agent.js +169 -169
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -103
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -144
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -96
package/examples/self-discovery.js +106 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -74
package/examples/wab-verify.js +60 -60
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +93 -93
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -8
package/public/.well-known/wab.json +28 -28
package/public/activate.html +448 -368
package/public/adopt.html +236 -0
package/public/adoption-metrics.html +188 -188
package/public/agent-workspace.html +359 -349
package/public/ai.html +198 -198
package/public/api.html +397 -413
package/public/atp.html +171 -0
package/public/azure-dns-integration.html +289 -289
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -380
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -398
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1401 -1263
package/public/dashboard-shieldlink.html +295 -0
package/public/dashboard.html +711 -707
package/public/dns.html +436 -436
package/public/docs.html +588 -588
package/public/enterprise-mesh.ar.html +80 -0
package/public/enterprise-mesh.html +81 -0
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -318
package/public/governance.ar.html +70 -0
package/public/governance.html +69 -0
package/public/growth.html +465 -465
package/public/index.html +1372 -1266
package/public/integrations.html +556 -556
package/public/js/activate.js +449 -145
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +117 -65
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -438
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/l-preview.html +242 -0
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/milestones.html +346 -0
package/public/one-click.html +779 -0
package/public/openapi.json +669 -669
package/public/partners.ar.html +145 -0
package/public/partners.html +143 -0
package/public/phone-shield.html +281 -281
package/public/plesk-integration.html +375 -375
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -172
package/public/provider-sandbox.html +134 -134
package/public/providers.html +359 -359
package/public/refusals.html +172 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -141
package/public/ring4.html +292 -0
package/public/robots.txt +99 -99
package/public/route53-integration.html +531 -531
package/public/score.html +263 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -8
package/public/shieldlink.html +244 -0
package/public/shieldqr.html +231 -231
package/public/sitemap.xml +13 -1
package/public/terms.html +256 -256
package/public/trust-graph-api.ar.html +92 -0
package/public/trust-graph-api.html +91 -0
package/public/wab-features.html +560 -0
package/public/wab-trust.html +200 -200
package/public/wab-truth.html +375 -0
package/public/wab-vs-protocols.html +210 -210
package/public/whitepaper.html +449 -449
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/atp.js +103 -0
package/sdk/auto-discovery.js +301 -288
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -262
package/sdk/index.d.ts +464 -464
package/sdk/index.js +653 -649
package/sdk/multi-agent.js +318 -318
package/sdk/safe-mode.js +221 -221
package/sdk/safety-shield.js +219 -219
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +412 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +793 -670
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/api-tier.js +170 -0
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -157
package/server/middleware/wab-trust.js +141 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/006_growth_suite.sql +138 -0
package/server/migrations/007_governance.sql +106 -106
package/server/migrations/008_plans.sql +144 -144
package/server/migrations/009_shieldqr.sql +30 -30
package/server/migrations/010_extended_trust.sql +33 -33
package/server/migrations/011_outreach.sql +47 -0
package/server/migrations/012_shieldlink.sql +116 -0
package/server/migrations/013_ct_monitor.sql +13 -0
package/server/migrations/014_wab_advanced_features.sql +128 -0
package/server/migrations/015_wab_truth_layer.sql +101 -0
package/server/migrations/016_ring4_external_trust.sql +84 -0
package/server/migrations/017_ring4_extensions.sql +69 -0
package/server/migrations/018_commercial_foundations.sql +167 -0
package/server/migrations/019_unify_tier_constraints.sql +133 -0
package/server/migrations/020_agent_transaction_primitive.sql +119 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -740
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/activate.js +478 -0
package/server/routes/admin-outreach.js +239 -0
package/server/routes/admin-plans.js +76 -76
package/server/routes/admin-premium.js +674 -673
package/server/routes/admin-shieldlink.js +137 -0
package/server/routes/admin-shieldqr.js +90 -90
package/server/routes/admin-trust-monitor.js +139 -83
package/server/routes/admin.js +550 -549
package/server/routes/adopt.js +61 -0
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api-keys.js +127 -0
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -57
package/server/routes/commander.js +316 -316
package/server/routes/customer-shieldlink.js +133 -0
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -154
package/server/routes/diagnose.js +373 -0
package/server/routes/discovery.js +2348 -2348
package/server/routes/enterprise-mesh.js +170 -0
package/server/routes/gateway.js +173 -173
package/server/routes/governance-saas.js +203 -0
package/server/routes/governance.js +208 -208
package/server/routes/growth.js +1048 -0
package/server/routes/intent.js +328 -0
package/server/routes/license.js +251 -251
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/partners.js +201 -0
package/server/routes/plans.js +33 -33
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -650
package/server/routes/reputation.js +411 -0
package/server/routes/ring4.js +885 -0
package/server/routes/runtime.js +2148 -2148
package/server/routes/shieldlink.js +70 -0
package/server/routes/shieldqr.js +88 -88
package/server/routes/sovereign.js +465 -465
package/server/routes/transactions.js +233 -0
package/server/routes/truth-layer.js +670 -0
package/server/routes/universal.js +200 -200
package/server/routes/unsubscribe.js +51 -0
package/server/routes/wab-api.js +850 -850
package/server/routes/wab-cache.js +282 -0
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/secrets/wab-signing-key.pem +3 -0
package/server/secrets/wab-signing-pub.pem +3 -0
package/server/security/cross-site-redactor.js +196 -196
package/server/security/dry-run.js +180 -180
package/server/security/human-gate-rate-limit.js +147 -147
package/server/security/human-gate-transports.js +178 -178
package/server/security/human-gate.js +281 -281
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -245
package/server/security/reward-guard.js +171 -171
package/server/security/rollback-store.js +239 -239
package/server/security/token-scope.js +404 -404
package/server/security/url-policy.js +139 -139
package/server/services/adoption-agent.js +182 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -601
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -555
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -292
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -233
package/server/services/fairness-engine.js +409 -0
package/server/services/fairness.js +420 -0
package/server/services/governance.js +466 -466
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/outreach-agent.js +312 -0
package/server/services/plans.js +214 -214
package/server/services/plugins.js +771 -771
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -740
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldlink.js +492 -0
package/server/services/shieldqr.js +322 -322
package/server/services/sovereign-shield.js +542 -542
package/server/services/ssl-ct-monitor.js +224 -0
package/server/services/ssl-inspector.js +42 -42
package/server/services/ssl-monitor.js +167 -167
package/server/services/stripe.js +206 -205
package/server/services/swarm.js +788 -788
package/server/services/transactions.js +525 -0
package/server/services/universal-scraper.js +662 -662
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -178
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -228
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/templates/ring4/banking-sovereign.yaml +55 -0
package/templates/ring4/ecommerce-sovereign.yaml +58 -0
package/templates/ring4/healthcare-sovereign.yaml +60 -0

package/public/js/activate.js CHANGED Viewed

@@ -1,145 +1,449 @@
-/* activate.js — WAB DNS Discovery Activation Page */
-(function () {
-  'use strict';
-  /* ── Translations ── */
-  var i18n = {
-    en: {
-      nav_home: 'Home', nav_integrations: 'Integrations', nav_dns: 'DNS Discovery',
-      nav_phone: 'Phone Shield', nav_sovereign: 'Sovereign', nav_docs: 'Docs',
-      hero_title: 'Activate WAB Discovery<br><span class="gradient-text">in One Click</span>',
-      hero_sub: 'Add a single DNS TXT record and make your website instantly discoverable by AI agents — no code changes required.',
-      cta_guide: 'View Setup Guide', cta_verify: 'Live Verifier',
-      video_title: 'Watch: Full Setup in 40 Seconds',
-      video_fallback: 'Your browser does not support the video tag.',
-      steps_title: 'Step-by-Step Setup Guide',
-      step1_title: 'Log In to Your DNS Provider',
-      step1_desc: 'Sign in to your domain registrar or DNS hosting dashboard. Common providers include Cloudflare, cPanel, GoDaddy, and Namecheap. Navigate to the DNS Management or DNS Records section.',
-      prov_cloudflare: 'Go to <strong>dash.cloudflare.com</strong> → Select your domain → Click <strong>DNS</strong> in the top navigation → Click <strong>+ Add record</strong>.',
-      prov_cpanel: 'Log in to cPanel → Scroll to <strong>Domains</strong> section → Click <strong>Zone Editor</strong> → Click <strong>Manage</strong> next to your domain → Click <strong>+ Add Record</strong>.',
-      prov_godaddy: 'Log in to <strong>godaddy.com</strong> → My Products → Click <strong>DNS</strong> next to your domain → Click <strong>Add New Record</strong>.',
-      prov_namecheap: 'Log in to <strong>namecheap.com</strong> → Domain List → Click <strong>Manage</strong> → Click <strong>Advanced DNS</strong> tab → Click <strong>Add New Record</strong>.',
-      step2_title: 'Add the TXT Record',
-      step2_desc: 'Create a new DNS TXT record with exactly these values. Replace <code style="color:#a5f3fc">yourdomain.com</code> with your actual domain.',
-      step3_title: 'Create the wab.json Capabilities File',
-      step3_desc: 'Create the file <code style="color:#a5f3fc">/.well-known/wab.json</code> on your web server. This file describes your site\'s capabilities to AI agents.',
-      step4_title: 'Verify Your Setup',
-      step4_desc: 'DNS propagation takes a few minutes. Use the Live Verifier to confirm your record is active. The verifier queries DNS over HTTPS (DoH) — no data is sent to our servers.',
-      verify_btn: 'Verify Now',
-      cta_title: 'Your Domain is Now AI-Ready',
-      cta_desc: 'Once verified, AI agents using the WAB protocol can discover your site\'s capabilities automatically — no manual configuration needed on their end.',
-      cta_full_guide: 'Full DNS Guide', cta_docs: 'Read the Docs'
-    },
-    ar: {
-      nav_home: 'الرئيسية', nav_integrations: 'التكاملات', nav_dns: 'اكتشاف DNS',
-      nav_phone: 'درع الهاتف', nav_sovereign: 'سيادي', nav_docs: 'التوثيق',
-      hero_title: 'فعّل اكتشاف WAB<br><span class="gradient-text">بنقرة واحدة</span>',
-      hero_sub: 'أضف سجل DNS TXT واحداً واجعل موقعك قابلاً للاكتشاف فوراً من قِبَل وكلاء الذكاء الاصطناعي — دون أي تغييرات في الكود.',
-      cta_guide: 'عرض دليل الإعداد', cta_verify: 'المدقق المباشر',
-      video_title: 'شاهد: الإعداد الكامل في 40 ثانية',
-      video_fallback: 'متصفحك لا يدعم تشغيل الفيديو.',
-      steps_title: 'دليل الإعداد خطوة بخطوة',
-      step1_title: 'سجّل الدخول إلى مزود DNS',
-      step1_desc: 'سجّل الدخول إلى مسجّل نطاقك أو لوحة تحكم استضافة DNS. المزودون الشائعون: Cloudflare وcPanel وGoDaddy وNamecheap. انتقل إلى قسم إدارة DNS أو سجلات DNS.',
-      prov_cloudflare: 'اذهب إلى <strong>dash.cloudflare.com</strong> → اختر نطاقك → انقر على <strong>DNS</strong> في التنقل العلوي → انقر على <strong>+ إضافة سجل</strong>.',
-      prov_cpanel: 'سجّل الدخول إلى cPanel → مرّر إلى قسم <strong>النطاقات</strong> → انقر على <strong>محرر المنطقة</strong> → انقر على <strong>إدارة</strong> بجانب نطاقك → انقر على <strong>+ إضافة سجل</strong>.',
-      prov_godaddy: 'سجّل الدخول إلى <strong>godaddy.com</strong> → منتجاتي → انقر على <strong>DNS</strong> بجانب نطاقك → انقر على <strong>إضافة سجل جديد</strong>.',
-      prov_namecheap: 'سجّل الدخول إلى <strong>namecheap.com</strong> → قائمة النطاقات → انقر على <strong>إدارة</strong> → انقر على تبويب <strong>Advanced DNS</strong> → انقر على <strong>إضافة سجل جديد</strong>.',
-      step2_title: 'أضف سجل TXT',
-      step2_desc: 'أنشئ سجل DNS TXT جديداً بهذه القيم بالضبط. استبدل <code style="color:#a5f3fc">yourdomain.com</code> بنطاقك الفعلي.',
-      step3_title: 'أنشئ ملف قدرات wab.json',
-      step3_desc: 'أنشئ الملف <code style="color:#a5f3fc">/.well-known/wab.json</code> على خادم الويب الخاص بك. يصف هذا الملف قدرات موقعك لوكلاء الذكاء الاصطناعي.',
-      step4_title: 'تحقق من إعدادك',
-      step4_desc: 'قد يستغرق انتشار DNS بضع دقائق. استخدم المدقق المباشر للتأكد من أن سجلك نشط. يستعلم المدقق عبر DNS over HTTPS (DoH) — لا يُرسَل أي بيانات إلى خوادمنا.',
-      verify_btn: 'تحقق الآن',
-      cta_title: 'نطاقك جاهز للذكاء الاصطناعي',
-      cta_desc: 'بمجرد التحقق، يمكن لوكلاء الذكاء الاصطناعي الذين يستخدمون بروتوكول WAB اكتشاف قدرات موقعك تلقائياً — دون الحاجة إلى أي إعداد يدوي من جانبهم.',
-      cta_full_guide: 'الدليل الكامل لـ DNS', cta_docs: 'اقرأ التوثيق'
-    }
-  };
-  var currentLang = 'en';
-  window.setActivateLang = function (lang) {
-    currentLang = lang;
-    var t = i18n[lang];
-    var html = document.documentElement;
-    html.setAttribute('lang', lang);
-    html.setAttribute('dir', lang === 'ar' ? 'rtl' : 'ltr');
-    document.querySelectorAll('[data-i18n]').forEach(function (el) {
-      var key = el.getAttribute('data-i18n');
-      if (t[key] !== undefined) el.innerHTML = t[key];
-    });
-    var btnEn = document.getElementById('btnEn');
-    var btnAr = document.getElementById('btnAr');
-    if (btnEn && btnAr) {
-      btnEn.classList.toggle('active', lang === 'en');
-      btnAr.classList.toggle('active', lang === 'ar');
-    }
-  };
-  /* ── Provider tabs ── */
-  window.showProvider = function (name, btn) {
-    document.querySelectorAll('.provider-content').forEach(function (el) { el.classList.remove('active'); });
-    document.querySelectorAll('.provider-tab').forEach(function (el) { el.classList.remove('active'); });
-    var content = document.getElementById('prov-' + name);
-    if (content) content.classList.add('active');
-    if (btn) btn.classList.add('active');
-  };
-  /* ── Live Verifier ── */
-  function verifyDomain() {
-    var input = document.getElementById('activateDomain');
-    var result = document.getElementById('activateResult');
-    if (!input || !result) return;
-    var domain = input.value.trim().replace(/^https?:\/\//, '').replace(/\/.*$/, '');
-    if (!domain) { input.focus(); return; }
-    result.style.display = 'block';
-    result.style.color = '#94a3b8';
-    result.innerHTML = currentLang === 'ar' ? '⏳ جارٍ التحقق...' : '⏳ Verifying...';
-    var url = 'https://cloudflare-dns.com/dns-query?name=_wab.' + encodeURIComponent(domain) + '&type=TXT';
-    fetch(url, { headers: { 'Accept': 'application/dns-json' } })
-      .then(function (r) { return r.json(); })
-      .then(function (data) {
-        var answers = (data.Answer || []).filter(function (a) { return a.type === 16; });
-        if (answers.length === 0) {
-          result.style.color = '#f87171';
-          result.innerHTML = currentLang === 'ar'
-            ? '✗ لم يُعثر على سجل _wab. تأكد من إضافة السجل وانتظر انتشار DNS.'
-            : '✗ No _wab record found. Make sure you added the record and wait for DNS propagation.';
-          return;
-        }
-        var raw = answers[0].data.replace(/^"|"$/g, '');
-        if (raw.indexOf('v=wab1') !== -1) {
-          result.style.color = '#34d399';
-          result.innerHTML = (currentLang === 'ar' ? '✓ سجل WAB صالح. ' : '✓ Valid WAB record found. ') +
-            '<br><span style="color:#a5f3fc">' + raw + '</span>';
-        } else {
-          result.style.color = '#fbbf24';
-          result.innerHTML = (currentLang === 'ar' ? '⚠ سجل TXT موجود لكن ليس سجل WAB صالحاً: ' : '⚠ TXT record found but not a valid WAB record: ') +
-            '<br><span style="color:#a5f3fc">' + raw + '</span>';
-        }
-      })
-      .catch(function () {
-        result.style.color = '#f87171';
-        result.innerHTML = currentLang === 'ar' ? '✗ خطأ في الاتصال. حاول مجدداً.' : '✗ Connection error. Please try again.';
-      });
-  }
-  document.addEventListener('DOMContentLoaded', function () {
-    var btn = document.getElementById('activateVerifyBtn');
-    if (btn) btn.addEventListener('click', verifyDomain);
-    var inp = document.getElementById('activateDomain');
-    if (inp) inp.addEventListener('keydown', function (e) { if (e.key === 'Enter') verifyDomain(); });
-    /* Lang buttons */
-    var btnEn = document.getElementById('btnEn');
-    var btnAr = document.getElementById('btnAr');
-    if (btnEn) btnEn.addEventListener('click', function () { setActivateLang('en'); });
-    if (btnAr) btnAr.addEventListener('click', function () { setActivateLang('ar'); });
-  });
-})();
+/* activate.js — WAB DNS Discovery Activation Page (v3.4.1) */
+(function () {
+  'use strict';
+  // ─── i18n ──────────────────────────────────────────────────────────
+  var i18n = {
+    en: {
+      nav_home: 'Home', nav_integrations: 'Integrations', nav_dns: 'DNS Discovery',
+      nav_phone: 'Phone Shield', nav_sovereign: 'Sovereign', nav_docs: 'Docs',
+      hero_title: 'Activate WAB Discovery<br><span class="gradient-text">in One Click</span>',
+      hero_sub: 'Add a single DNS TXT record and make your website instantly discoverable by AI agents — no code changes required.',
+      cta_guide: 'View Setup Guide', cta_verify: 'Live Verifier',
+      video_title: 'Watch: Full Setup in 40 Seconds',
+      video_fallback: 'Your browser does not support the video tag.',
+      steps_title: 'Step-by-Step Setup Guide',
+      // Step 1 — wab.json (with Adoption Agent generator)
+      step1_title: 'Create your <code style="color:#a5f3fc">/.well-known/wab.json</code> file',
+      step1_desc: 'This file lives on your web server and tells AI agents what your site can do. We\'ll generate one for you — paste your URL and click <strong>Generate</strong>. No data is stored.',
+      step1_path: 'Save the generated JSON at this exact path on your server: <code style="color:#a5f3fc">/.well-known/wab.json</code> — the URL must respond with <code style="color:#a5f3fc">Content-Type: application/json</code>.',
+      gen_btn: 'Generate wab.json',
+      // Step 2 — DNS provider + Cloudflare
+      step2_title: 'Open your DNS provider\'s control panel',
+      step2_desc: 'Sign in to whoever hosts your DNS (often the same place where you bought your domain). Find the <strong>DNS</strong> or <strong>DNS Records</strong> page.',
+      prov_cloudflare: 'Go to <strong>dash.cloudflare.com</strong> → select your domain → click <strong>DNS → Records</strong> in the side menu → click <strong>Add record</strong>.',
+      prov_cpanel: 'Log in to cPanel → in the <strong>Domains</strong> section open <strong>Zone Editor</strong> → click <strong>Manage</strong> next to your domain → click <strong>Add Record</strong> and choose <strong>TXT</strong>.',
+      prov_godaddy: 'Log in to <strong>godaddy.com</strong> → My Products → click <strong>DNS</strong> next to your domain → <strong>Add New Record</strong>.',
+      prov_namecheap: 'Log in to <strong>namecheap.com</strong> → Domain List → <strong>Manage</strong> → <strong>Advanced DNS</strong> tab → <strong>Add New Record</strong>.',
+      cf_title: '⚠ Cloudflare-specific tips (read this if you use Cloudflare):',
+      cf_tip1: '<strong>Page Rules / Cache Rules:</strong> add a rule for <code>*example.com/.well-known/*</code> with <strong>Cache Level: Bypass</strong>. Otherwise your wab.json updates can stay stale for hours.',
+      cf_tip2: '<strong>Email Address Obfuscation:</strong> turn it <strong>OFF</strong> for the <code>/.well-known/</code> path (Scrape Shield → Email Obfuscation). It rewrites JSON content and breaks parsing.',
+      cf_tip3: '<strong>Always Use HTTPS:</strong> keep it ON, but make sure your origin actually serves the file on HTTPS — otherwise Cloudflare returns a redirect loop.',
+      cf_tip4: '<strong>The proxy (orange cloud) is fine for the website itself.</strong> The <code>_wab</code> TXT record has no proxy toggle (TXT records are always DNS-only).',
+      // Step 3 — TXT generator
+      step3_title: 'Add the <code style="color:#a5f3fc">_wab</code> TXT record',
+      step3_desc: 'In the panel you just opened, create a new TXT record. Type your domain below and we\'ll fill in the exact values to copy/paste.',
+      txt_type: 'Type:', txt_name: 'Name / Host:', txt_value: 'Value / Content:', txt_ttl: 'TTL:',
+      copy: 'Copy', copied: 'Copied!',
+      step3_propagate: '<strong>Propagation time:</strong> usually 1–5 minutes. In rare cases up to 24 hours if your old record had a long TTL. Some panels prepend your domain automatically — if you see <code>_wab.yourdomain.com.yourdomain.com</code> after saving, change <strong>Name</strong> to just <code>_wab</code>.',
+      // Step 4 — Diagnostic
+      step4_title: 'Verify everything works',
+      step4_desc: 'Run a full diagnostic. We check the TXT record across three public DNS resolvers, fetch your wab.json, validate its JSON, and warn about Cloudflare cache or wrong Content-Type headers. If something is off, we tell you exactly what to fix.',
+      verify_btn: 'Run Diagnostic',
+      step4_note: 'If the very first check (<em>DNS TXT record at _wab</em>) fails, give DNS another 1–2 minutes and try again — propagation is the most common culprit.',
+      // CTA
+      cta_title: 'Your Domain is Now AI-Ready',
+      cta_desc: 'Once verified, AI agents using the WAB protocol can discover your site\'s capabilities automatically — no manual configuration needed on their end.',
+      cta_full_guide: 'Full DNS Guide', cta_docs: 'Read the Docs',
+      // Diagnostic UI
+      diag_running: 'Running diagnostic… attempt {n} of {max}',
+      diag_passed_all: '✓ All checks passed — your domain is fully AI-ready',
+      diag_passed_with_warnings: '⚠ Working, but with warnings (see below)',
+      diag_failed: '✗ Some checks failed — see the diagnostic table below',
+      diag_summary: '<strong>{pass}</strong> passed · <strong>{warn}</strong> warnings · <strong>{fail}</strong> failed · {info} info',
+      diag_fix: 'Fix:',
+      diag_endpoint: 'Endpoint',
+      // Generator UI
+      gen_running: 'Analyzing your site…',
+      gen_success: '✓ Your wab.json was generated. Save it at <code>/.well-known/wab.json</code> on your web server.',
+      gen_failed: 'We couldn\'t analyze that URL. You can still use the example below as a starting point.',
+      gen_download: 'Download wab.json'
+    },
+    ar: {
+      nav_home: 'الرئيسية', nav_integrations: 'التكاملات', nav_dns: 'اكتشاف DNS',
+      nav_phone: 'درع الهاتف', nav_sovereign: 'سيادي', nav_docs: 'التوثيق',
+      hero_title: 'فعّل اكتشاف WAB<br><span class="gradient-text">بنقرة واحدة</span>',
+      hero_sub: 'أضِف سجل DNS TXT واحدًا واجعل موقعك قابلًا للاكتشاف فورًا من قِبَل وكلاء الذكاء الاصطناعي — دون أي تعديل في الكود.',
+      cta_guide: 'دليل الإعداد', cta_verify: 'المدقّق المباشر',
+      video_title: 'شاهد: الإعداد الكامل في 40 ثانية',
+      video_fallback: 'متصفّحك لا يدعم تشغيل الفيديو.',
+      steps_title: 'دليل الإعداد خطوة بخطوة',
+      // Step 1
+      step1_title: 'أنشئ ملف <code style="color:#a5f3fc">/.well-known/wab.json</code>',
+      step1_desc: 'يوجد هذا الملف على خادم موقعك ويُخبر وكلاء الذكاء الاصطناعي بما يستطيع موقعك فعله. سننشئه نيابةً عنك — الصق رابط موقعك واضغط <strong>إنشاء</strong>. لا نحفظ أي بيانات.',
+      step1_path: 'احفظ الـ JSON المُنشأ في هذا المسار بالضبط على خادمك: <code style="color:#a5f3fc">/.well-known/wab.json</code> — ويجب أن يستجيب الرابط بترويسة <code style="color:#a5f3fc">Content-Type: application/json</code>.',
+      gen_btn: 'إنشاء wab.json',
+      // Step 2
+      step2_title: 'افتح لوحة تحكّم مزوّد DNS',
+      step2_desc: 'سجّل الدخول إلى الجهة التي تستضيف DNS الخاص بك (غالبًا نفس الجهة التي اشتريت منها النطاق). افتح صفحة <strong>DNS</strong> أو <strong>سجلات DNS</strong>.',
+      prov_cloudflare: 'اذهب إلى <strong>dash.cloudflare.com</strong> ← اختر نطاقك ← من القائمة الجانبية اضغط <strong>DNS ← Records</strong> ← اضغط <strong>Add record</strong>.',
+      prov_cpanel: 'سجّل الدخول إلى cPanel ← في قسم <strong>Domains</strong> افتح <strong>Zone Editor</strong> ← اضغط <strong>Manage</strong> بجانب نطاقك ← اضغط <strong>Add Record</strong> واختر <strong>TXT</strong>.',
+      prov_godaddy: 'سجّل الدخول إلى <strong>godaddy.com</strong> ← My Products ← اضغط <strong>DNS</strong> بجانب نطاقك ← <strong>Add New Record</strong>.',
+      prov_namecheap: 'سجّل الدخول إلى <strong>namecheap.com</strong> ← Domain List ← <strong>Manage</strong> ← تبويب <strong>Advanced DNS</strong> ← <strong>Add New Record</strong>.',
+      cf_title: '⚠ ملاحظات خاصة بـ Cloudflare (اقرأها إذا كنت تستخدم Cloudflare):',
+      cf_tip1: '<strong>قواعد الصفحات / Cache Rules:</strong> أضف قاعدة على المسار <code>*example.com/.well-known/*</code> بقيمة <strong>Cache Level: Bypass</strong>. وإلا قد تبقى تحديثات wab.json مخزّنة في الكاش لساعات.',
+      cf_tip2: '<strong>تشويش البريد الإلكتروني (Email Address Obfuscation):</strong> أوقفه <strong>OFF</strong> على مسار <code>/.well-known/</code> (Scrape Shield ← Email Obfuscation)، لأنه يُعدِّل محتوى JSON ويُعطّل تحليله.',
+      cf_tip3: '<strong>Always Use HTTPS:</strong> اتركه مُفعّلاً، لكن تأكّد أنّ خادم الأصل (Origin) فعلاً يُقدّم الملف عبر HTTPS — وإلا ستحدث حلقة إعادة توجيه.',
+      cf_tip4: '<strong>الـ Proxy (السحابة البرتقالية) لا مشكلة فيها للموقع نفسه.</strong> أمّا سجل <code>_wab</code> من نوع TXT فلا يوجد عليه مفتاح Proxy أصلاً (سجلات TXT دائمًا DNS فقط).',
+      // Step 3
+      step3_title: 'أضِف سجل TXT باسم <code style="color:#a5f3fc">_wab</code>',
+      step3_desc: 'في اللوحة التي فتحتَها للتو، أنشئ سجل TXT جديدًا. اكتب نطاقك في الحقل أدناه وسنعبّئ القيم الدقيقة جاهزة للنسخ.',
+      txt_type: 'النوع (Type):', txt_name: 'الاسم / Host:', txt_value: 'القيمة / المحتوى:', txt_ttl: 'TTL:',
+      copy: 'نسخ', copied: 'تم النسخ!',
+      step3_propagate: '<strong>زمن انتشار DNS:</strong> عادةً من 1 إلى 5 دقائق. وقد يصل في حالات نادرة إلى 24 ساعة إذا كان TTL القديم كبيرًا. بعض اللوحات تُضيف اسم النطاق تلقائيًا — إذا رأيت بعد الحفظ <code>_wab.yourdomain.com.yourdomain.com</code> فعدّل قيمة <strong>الاسم</strong> إلى <code>_wab</code> فقط.',
+      // Step 4
+      step4_title: 'تحقّق من أنّ كل شيء يعمل',
+      step4_desc: 'سنُجري فحصًا شاملاً: نتحقّق من سجل TXT عبر ثلاثة محلِّلات DNS عامّة، ونجلب ملف wab.json، ونتحقّق من صحّته، وننبّهك إذا كان Cloudflare يخزّنه في الكاش أو إذا كانت ترويسة Content-Type خاطئة. وإن وُجد خطأ، سنُخبرك بالضبط بما يجب إصلاحه.',
+      verify_btn: 'تشغيل الفحص',
+      step4_note: 'إن فشل أوّل فحص (<em>سجل DNS TXT عند _wab</em>)، أمهِل DNS دقيقة أو دقيقتين ثم أعِد المحاولة — فالانتشار هو السبب الأكثر شيوعًا.',
+      // CTA
+      cta_title: 'نطاقك أصبح جاهزًا للذكاء الاصطناعي',
+      cta_desc: 'بمجرّد التحقّق، يستطيع أي وكيل ذكاء اصطناعي يستخدم بروتوكول WAB أن يكتشف قدرات موقعك تلقائيًا — دون أي إعداد يدوي من جهته.',
+      cta_full_guide: 'الدليل الكامل لـ DNS', cta_docs: 'اقرأ التوثيق',
+      // Diagnostic
+      diag_running: 'جارٍ الفحص… المحاولة {n} من {max}',
+      diag_passed_all: '✓ نجحت جميع الفحوص — نطاقك جاهز تمامًا للذكاء الاصطناعي',
+      diag_passed_with_warnings: '⚠ يعمل، ولكن مع تحذيرات (انظر الجدول أدناه)',
+      diag_failed: '✗ فشِلَت بعض الفحوص — انظر الجدول التشخيصي أدناه',
+      diag_summary: '<strong>{pass}</strong> ناجح · <strong>{warn}</strong> تحذير · <strong>{fail}</strong> فاشل · {info} معلومات',
+      diag_fix: 'الحل:',
+      diag_endpoint: 'نقطة النهاية',
+      gen_running: 'نُحلّل موقعك…',
+      gen_success: '✓ تم إنشاء wab.json. احفظه في المسار <code>/.well-known/wab.json</code> على خادم موقعك.',
+      gen_failed: 'تعذّر تحليل هذا الرابط. يمكنك استخدام المثال أدناه كنقطة انطلاق.',
+      gen_download: 'تنزيل wab.json'
+    }
+  };
+  // Localized fix hints, keyed by check id from /api/diagnose
+  var FIX_HINTS = {
+    en: {
+      dns_txt: 'Add a TXT record: Name=_wab, Value=v=wab1; endpoint=https://yourdomain.com/.well-known/wab.json. Then wait 1–5 minutes.',
+      dns_propagation: 'This is normal during the first 1–10 minutes after adding the record.',
+      dnssec: 'Enable DNSSEC at your registrar (Cloudflare → DNS → Settings → DNSSEC). Optional.',
+      txt_multi_segment: 'Re-paste the value as a single quoted string if your panel allows it.',
+      txt_extra_quotes: 'Edit the TXT record and remove any leading/trailing quote marks from the Value field.',
+      endpoint_https: 'Change your endpoint= URL to start with https:// (not http://).',
+      wabjson_reachable: 'Make sure /.well-known/wab.json exists at the exact URL — and that your firewall/Cloudflare does not block it.',
+      wabjson_content_type: 'Configure your server to send Content-Type: application/json for /.well-known/wab.json. (Many AI clients reject text/html.)',
+      wabjson_valid: 'Validate the file at jsonlint.com — common mistakes: trailing commas, single quotes, BOM, comments.',
+      wabjson_fields: 'Add the missing top-level fields. See https://www.webagentbridge.com/docs for the schema.',
+      wabjson_signed: 'Optional: run `node scripts/sign-wab-domain.js` from the WAB repo to add an Ed25519 signature.',
+      actions_count: 'Add at least one action to actions[] (e.g. "discovery", "search"). Use the generator in Step 1.',
+      tls_cert: 'Renew your TLS certificate (Let\'s Encrypt is free and automatic).',
+      cf_cache: 'Cloudflare is caching wab.json. Add a Page Rule: URL=*example.com/.well-known/* → Cache Level: Bypass.'
+    },
+    ar: {
+      dns_txt: 'أضِف سجل TXT: Name=_wab، Value=v=wab1; endpoint=https://yourdomain.com/.well-known/wab.json. ثم انتظر من 1 إلى 5 دقائق.',
+      dns_propagation: 'هذا طبيعي خلال أوّل 1 إلى 10 دقائق بعد إضافة السجل.',
+      dnssec: 'فعّل DNSSEC من لوحة المسجِّل (Cloudflare ← DNS ← Settings ← DNSSEC). اختياري.',
+      txt_multi_segment: 'الصق القيمة كسلسلة واحدة بين علامتَي اقتباس إن سمحت لوحة التحكّم بذلك.',
+      txt_extra_quotes: 'عدِّل سجل TXT واحذف أيّ علامات اقتباس زائدة من بداية أو نهاية الحقل Value.',
+      endpoint_https: 'غيّر رابط endpoint= ليبدأ بـ https:// (وليس http://).',
+      wabjson_reachable: 'تأكّد أنّ الملف /.well-known/wab.json موجود على هذا الرابط بالضبط، وأنّ Cloudflare أو الجدار الناري لا يحجبه.',
+      wabjson_content_type: 'اضبط خادمك ليُرسل ترويسة Content-Type: application/json للمسار /.well-known/wab.json. (كثير من الوكلاء يرفضون text/html.)',
+      wabjson_valid: 'تحقّق من الملف عبر jsonlint.com — أخطاء شائعة: فاصلة زائدة، اقتباسات مفردة، BOM، تعليقات.',
+      wabjson_fields: 'أضف الحقول الأساسية الناقصة. الـ schema موضّح في https://www.webagentbridge.com/docs.',
+      wabjson_signed: 'اختياري: شغّل `node scripts/sign-wab-domain.js` من مستودع WAB لإضافة توقيع Ed25519.',
+      actions_count: 'أضف إجراءً واحدًا على الأقل في actions[] (مثل "discovery" أو "search"). استخدم المُولِّد في الخطوة 1.',
+      tls_cert: 'جدِّد شهادة TLS (شهادات Let\'s Encrypt مجانية وتلقائية).',
+      cf_cache: 'Cloudflare يُخزِّن wab.json في الكاش. أضِف Page Rule: URL=*example.com/.well-known/* ← Cache Level: Bypass.'
+    }
+  };
+  var currentLang = 'en';
+  function t(key) { return (i18n[currentLang] && i18n[currentLang][key]) || (i18n.en && i18n.en[key]) || key; }
+  function fmt(s, vars) { return s.replace(/\{(\w+)\}/g, function (_, k) { return vars[k] != null ? vars[k] : ''; }); }
+  window.setActivateLang = function (lang) {
+    if (!i18n[lang]) lang = 'en';
+    currentLang = lang;
+    var dict = i18n[lang];
+    var html = document.documentElement;
+    html.setAttribute('lang', lang);
+    html.setAttribute('dir', lang === 'ar' ? 'rtl' : 'ltr');
+    document.querySelectorAll('[data-i18n]').forEach(function (el) {
+      var key = el.getAttribute('data-i18n');
+      if (dict[key] !== undefined) el.innerHTML = dict[key];
+    });
+    var btnEn = document.getElementById('btnEn');
+    var btnAr = document.getElementById('btnAr');
+    if (btnEn && btnAr) {
+      btnEn.classList.toggle('active', lang === 'en');
+      btnAr.classList.toggle('active', lang === 'ar');
+    }
+  };
+  // ─── Provider tabs (kept) ──────────────────────────────────────────
+  window.showProvider = function (name, btn) {
+    document.querySelectorAll('.provider-content').forEach(function (el) { el.classList.remove('active'); });
+    document.querySelectorAll('.provider-tab').forEach(function (el) { el.classList.remove('active'); });
+    var content = document.getElementById('prov-' + name);
+    if (content) content.classList.add('active');
+    if (btn) btn.classList.add('active');
+  };
+  // ─── Helpers ───────────────────────────────────────────────────────
+  function sanitizeDomain(s) {
+    if (!s) return '';
+    return String(s).trim().toLowerCase()
+      .replace(/^https?:\/\//, '').replace(/\/.*$/, '')
+      .replace(/:\d+$/, '').replace(/^www\./, '');
+  }
+  function escapeHtml(s) {
+    return String(s == null ? '' : s).replace(/[&<>"']/g, function (c) {
+      return ({ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' })[c];
+    });
+  }
+  function copyText(text, btn) {
+    var done = function () {
+      if (!btn) return;
+      var orig = btn.textContent;
+      btn.textContent = t('copied');
+      btn.classList.add('copied');
+      setTimeout(function () { btn.textContent = orig; btn.classList.remove('copied'); }, 1400);
+    };
+    if (navigator.clipboard && navigator.clipboard.writeText) {
+      navigator.clipboard.writeText(text).then(done, function () { /* ignore */ });
+    } else {
+      var ta = document.createElement('textarea');
+      ta.value = text; document.body.appendChild(ta); ta.select();
+      try { document.execCommand('copy'); done(); } catch (e) { /* */ }
+      document.body.removeChild(ta);
+    }
+  }
+  // ─── Step 3: interactive TXT generator ─────────────────────────────
+  function updateTxtGen() {
+    var input = document.getElementById('txtGenDomain');
+    var nameEl = document.getElementById('txtGenName');
+    var valEl = document.getElementById('txtGenValue');
+    if (!input || !nameEl || !valEl) return;
+    var d = sanitizeDomain(input.value) || 'yourdomain.com';
+    nameEl.textContent = '_wab';
+    valEl.textContent = 'v=wab1; endpoint=https://' + d + '/.well-known/wab.json';
+  }
+  // ─── Step 1: wab.json generator (uses /api/adopt/suggest) ──────────
+  function generateWabJson() {
+    var input = document.getElementById('genUrl');
+    var out = document.getElementById('genResult');
+    if (!input || !out) return;
+    var url = input.value.trim();
+    if (!url) { input.focus(); return; }
+    if (!/^https?:\/\//i.test(url)) url = 'https://' + url;
+    out.style.display = 'block';
+    out.innerHTML = '<div style="color:#94a3b8;font-size:0.85rem;">⏳ ' + t('gen_running') + '</div>';
+    fetch('/api/adopt/suggest?url=' + encodeURIComponent(url))
+      .then(function (r) { return r.json().then(function (j) { return { ok: r.ok, body: j }; }); })
+      .then(function (res) {
+        var wabJson = (res.body && (res.body.wab_json || res.body.payload)) || null;
+        if (!res.ok || !wabJson) {
+          // Fallback: minimal stub
+          var d = sanitizeDomain(url);
+          wabJson = {
+            version: 'wab1',
+            name: d || 'Your site',
+            description: 'AI agents can discover this site via WAB.',
+            endpoint: 'https://' + (d || 'yourdomain.com') + '/.well-known/wab.json',
+            capabilities: ['browse'],
+            actions: [{ id: 'discovery', method: 'GET', path: '/' }]
+          };
+          renderGenResult(wabJson, /*fallback*/ true);
+        } else {
+          renderGenResult(wabJson, false);
+        }
+        // Also seed the TXT generator domain field
+        var txtInput = document.getElementById('txtGenDomain');
+        if (txtInput && !txtInput.value) {
+          txtInput.value = sanitizeDomain(url);
+          updateTxtGen();
+        }
+      })
+      .catch(function () {
+        var d = sanitizeDomain(url);
+        var stub = {
+          version: 'wab1',
+          name: d || 'Your site',
+          endpoint: 'https://' + (d || 'yourdomain.com') + '/.well-known/wab.json',
+          capabilities: ['browse'],
+          actions: [{ id: 'discovery', method: 'GET', path: '/' }]
+        };
+        renderGenResult(stub, true);
+      });
+  }
+  function renderGenResult(json, isFallback) {
+    var out = document.getElementById('genResult');
+    if (!out) return;
+    var pretty = JSON.stringify(json, null, 2);
+    var dataUrl = 'data:application/json;charset=utf-8,' + encodeURIComponent(pretty);
+    var msg = isFallback ? t('gen_failed') : t('gen_success');
+    var msgColor = isFallback ? '#fbbf24' : '#34d399';
+    out.innerHTML =
+      '<div style="color:' + msgColor + ';font-size:0.85rem;margin-bottom:10px;">' + msg + '</div>' +
+      '<div style="position:relative;">' +
+      '<pre style="background:#0a0e1a;border:1px solid #1e293b;border-radius:8px;padding:14px;color:#a5f3fc;font-size:0.78rem;overflow:auto;max-height:280px;margin:0;">' + escapeHtml(pretty) + '</pre>' +
+      '</div>' +
+      '<div style="display:flex;gap:8px;margin-top:10px;flex-wrap:wrap;">' +
+      '<button class="copy-btn" id="genCopyBtn">' + escapeHtml(t('copy')) + '</button>' +
+      '<a class="copy-btn" href="' + dataUrl + '" download="wab.json" style="text-decoration:none;display:inline-block;">' + escapeHtml(t('gen_download')) + '</a>' +
+      '</div>';
+    var cBtn = document.getElementById('genCopyBtn');
+    if (cBtn) cBtn.addEventListener('click', function () { copyText(pretty, cBtn); });
+  }
+  // ─── Step 4: diagnostic verifier with polling ──────────────────────
+  var POLL_ATTEMPTS = 5;
+  var POLL_DELAY_MS = 6000;
+  function pillFor(status) {
+    var sym = status === 'pass' ? '✓' : status === 'warn' ? '!' : status === 'fail' ? '✗' : 'i';
+    return '<span class="diag-pill ' + status + '">' + sym + '</span>';
+  }
+  function localizedFix(check) {
+    var hint = (FIX_HINTS[currentLang] && FIX_HINTS[currentLang][check.id]) || (FIX_HINTS.en && FIX_HINTS.en[check.id]) || check.fix;
+    return hint || check.fix || '';
+  }
+  function renderDiagnostic(report) {
+    var out = document.getElementById('activateResult');
+    if (!out) return;
+    var headerColor, headerText;
+    if (report.summary.fail > 0) { headerColor = '#f87171'; headerText = t('diag_failed'); }
+    else if (report.summary.warn > 0) { headerColor = '#fbbf24'; headerText = t('diag_passed_with_warnings'); }
+    else { headerColor = '#34d399'; headerText = t('diag_passed_all'); }
+    var summary = fmt(t('diag_summary'), report.summary);
+    var rows = report.checks.map(function (c) {
+      var titleText = c.title || c.id;
+      var detail = c.detail ? '<div class="diag-detail">' + escapeHtml(c.detail) + '</div>' : '';
+      var fix = (c.status !== 'pass' && c.status !== 'info') ? localizedFix(c) : '';
+      var fixBlock = fix ? '<div class="diag-fix"><strong>' + escapeHtml(t('diag_fix')) + '</strong> ' + escapeHtml(fix) + '</div>' : '';
+      return '<div class="diag-row">' +
+        pillFor(c.status) +
+        '<div class="diag-body"><div class="diag-title">' + escapeHtml(titleText) + '</div>' +
+        detail + fixBlock +
+        '</div></div>';
+    }).join('');
+    var endpointRow = report.endpoint
+      ? '<div style="margin-top:10px;font-size:0.78rem;color:#64748b;">' + escapeHtml(t('diag_endpoint')) + ': <span style="color:#a5f3fc;">' + escapeHtml(report.endpoint) + '</span></div>'
+      : '';
+    out.style.display = 'block';
+    out.innerHTML =
+      '<div style="font-weight:600;color:' + headerColor + ';margin-bottom:10px;">' + headerText + '</div>' +
+      '<div class="diag-summary">' + summary + '</div>' +
+      rows + endpointRow;
+  }
+  function pollDiagnose(domain) {
+    var status = document.getElementById('activateStatus');
+    var btn = document.getElementById('activateVerifyBtn');
+    var attempt = 0;
+    var lastReport = null;
+    function tick() {
+      attempt++;
+      if (status) {
+        status.style.display = 'block';
+        status.textContent = '⏳ ' + fmt(t('diag_running'), { n: attempt, max: POLL_ATTEMPTS });
+      }
+      fetch('/api/diagnose?domain=' + encodeURIComponent(domain))
+        .then(function (r) { return r.json(); })
+        .then(function (report) {
+          lastReport = report;
+          // If TXT exists, show result immediately; otherwise keep polling
+          var txtCheck = (report.checks || []).find(function (c) { return c.id === 'dns_txt'; });
+          var txtOk = txtCheck && txtCheck.status === 'pass';
+          if (txtOk || attempt >= POLL_ATTEMPTS) {
+            if (status) status.style.display = 'none';
+            if (btn) btn.disabled = false;
+            renderDiagnostic(report);
+          } else {
+            setTimeout(tick, POLL_DELAY_MS);
+          }
+        })
+        .catch(function () {
+          if (attempt >= POLL_ATTEMPTS) {
+            if (status) status.style.display = 'none';
+            if (btn) btn.disabled = false;
+            var out = document.getElementById('activateResult');
+            if (out) {
+              out.style.display = 'block';
+              out.innerHTML = '<div style="color:#f87171;">' + escapeHtml(currentLang === 'ar' ? '✗ خطأ في الاتصال بخادم الفحص. حاول مجددًا.' : '✗ Could not reach the diagnostic server. Please try again.') + '</div>';
+            }
+          } else {
+            setTimeout(tick, POLL_DELAY_MS);
+          }
+        });
+    }
+    tick();
+  }
+  function startVerify() {
+    var input = document.getElementById('activateDomain');
+    if (!input) return;
+    var domain = sanitizeDomain(input.value);
+    if (!domain) { input.focus(); return; }
+    var btn = document.getElementById('activateVerifyBtn');
+    if (btn) btn.disabled = true;
+    var out = document.getElementById('activateResult');
+    if (out) { out.style.display = 'none'; out.innerHTML = ''; }
+    pollDiagnose(domain);
+  }
+  // ─── Wire up ───────────────────────────────────────────────────────
+  document.addEventListener('DOMContentLoaded', function () {
+    // Verifier
+    var vbtn = document.getElementById('activateVerifyBtn');
+    if (vbtn) vbtn.addEventListener('click', startVerify);
+    var vinp = document.getElementById('activateDomain');
+    if (vinp) vinp.addEventListener('keydown', function (e) { if (e.key === 'Enter') startVerify(); });
+    // Generator
+    var gbtn = document.getElementById('genBtn');
+    if (gbtn) gbtn.addEventListener('click', generateWabJson);
+    var ginp = document.getElementById('genUrl');
+    if (ginp) ginp.addEventListener('keydown', function (e) { if (e.key === 'Enter') generateWabJson(); });
+    // TXT generator
+    var tinp = document.getElementById('txtGenDomain');
+    if (tinp) {
+      tinp.addEventListener('input', updateTxtGen);
+      updateTxtGen();
+    }
+    // Generic copy buttons (data-copy-target="elementId")
+    document.querySelectorAll('[data-copy-target]').forEach(function (b) {
+      b.addEventListener('click', function () {
+        var target = document.getElementById(b.getAttribute('data-copy-target'));
+        if (target) copyText(target.textContent, b);
+      });
+    });
+    // Lang buttons
+    var btnEn = document.getElementById('btnEn');
+    var btnAr = document.getElementById('btnAr');
+    if (btnEn) btnEn.addEventListener('click', function () { setActivateLang('en'); });
+    if (btnAr) btnAr.addEventListener('click', function () { setActivateLang('ar'); });
+  });
+})();