npm - web-agent-bridge - Versions diffs - 3.4.0 → 3.9.0 - Mend

web-agent-bridge 3.4.0 → 3.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (315) hide show

package/LICENSE +84 -84
package/README.ar.md +1565 -1304
package/README.md +171 -298
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -237
package/bin/wab-init.js +244 -223
package/bin/wab.js +80 -80
package/examples/azure-dns-wab.js +83 -83
package/examples/bidi-agent.js +119 -119
package/examples/cloudflare-wab-dns.js +121 -121
package/examples/cpanel-wab-dns.js +114 -114
package/examples/cross-site-agent.js +91 -91
package/examples/dns-discovery-agent.js +166 -166
package/examples/gcp-dns-wab.js +76 -76
package/examples/governance-agent.js +169 -169
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/plesk-wab-dns.js +103 -103
package/examples/puppeteer-agent.js +108 -108
package/examples/route53-wab-dns.js +144 -144
package/examples/saas-dashboard/README.md +55 -55
package/examples/safe-mode-agent.js +96 -96
package/examples/self-discovery.js +106 -0
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wab-sign.js +74 -74
package/examples/wab-verify.js +60 -60
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +93 -93
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -8
package/public/.well-known/wab.json +28 -28
package/public/activate.html +448 -368
package/public/adopt.html +236 -0
package/public/adoption-metrics.html +188 -188
package/public/agent-workspace.html +359 -349
package/public/ai.html +198 -198
package/public/api.html +397 -413
package/public/atp.html +171 -0
package/public/azure-dns-integration.html +289 -289
package/public/browser.html +486 -486
package/public/cloudflare-integration.html +380 -380
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/cpanel-integration.html +398 -398
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1401 -1263
package/public/dashboard-shieldlink.html +295 -0
package/public/dashboard.html +711 -707
package/public/dns.html +436 -436
package/public/docs.html +588 -588
package/public/enterprise-mesh.ar.html +80 -0
package/public/enterprise-mesh.html +81 -0
package/public/feed.xml +89 -89
package/public/gcp-dns-integration.html +318 -318
package/public/governance.ar.html +70 -0
package/public/governance.html +69 -0
package/public/growth.html +465 -465
package/public/index.html +1372 -1266
package/public/integrations.html +556 -556
package/public/js/activate.js +449 -145
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +117 -65
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/dns.js +438 -438
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/l-preview.html +242 -0
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/milestones.html +346 -0
package/public/one-click.html +779 -0
package/public/openapi.json +669 -669
package/public/partners.ar.html +145 -0
package/public/partners.html +143 -0
package/public/phone-shield.html +281 -281
package/public/plesk-integration.html +375 -375
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/provider-onboarding.html +172 -172
package/public/provider-sandbox.html +134 -134
package/public/providers.html +359 -359
package/public/refusals.html +172 -0
package/public/register.html +105 -105
package/public/registrar-integrations.html +141 -141
package/public/ring4.html +292 -0
package/public/robots.txt +99 -99
package/public/route53-integration.html +531 -531
package/public/score.html +263 -0
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -8
package/public/shieldlink.html +244 -0
package/public/shieldqr.html +231 -231
package/public/sitemap.xml +13 -1
package/public/terms.html +256 -256
package/public/trust-graph-api.ar.html +92 -0
package/public/trust-graph-api.html +91 -0
package/public/wab-features.html +560 -0
package/public/wab-trust.html +200 -200
package/public/wab-truth.html +375 -0
package/public/wab-vs-protocols.html +210 -210
package/public/whitepaper.html +449 -449
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/atp.js +103 -0
package/sdk/auto-discovery.js +301 -288
package/sdk/commander.js +262 -262
package/sdk/governance.js +262 -262
package/sdk/index.d.ts +464 -464
package/sdk/index.js +653 -649
package/sdk/multi-agent.js +318 -318
package/sdk/safe-mode.js +221 -221
package/sdk/safety-shield.js +219 -219
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +412 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +793 -670
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/api-tier.js +170 -0
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -157
package/server/middleware/wab-trust.js +141 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/migrations/006_growth_suite.sql +138 -0
package/server/migrations/007_governance.sql +106 -106
package/server/migrations/008_plans.sql +144 -144
package/server/migrations/009_shieldqr.sql +30 -30
package/server/migrations/010_extended_trust.sql +33 -33
package/server/migrations/011_outreach.sql +47 -0
package/server/migrations/012_shieldlink.sql +116 -0
package/server/migrations/013_ct_monitor.sql +13 -0
package/server/migrations/014_wab_advanced_features.sql +128 -0
package/server/migrations/015_wab_truth_layer.sql +101 -0
package/server/migrations/016_ring4_external_trust.sql +84 -0
package/server/migrations/017_ring4_extensions.sql +69 -0
package/server/migrations/018_commercial_foundations.sql +167 -0
package/server/migrations/019_unify_tier_constraints.sql +133 -0
package/server/migrations/020_agent_transaction_primitive.sql +119 -0
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +740 -740
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/activate.js +478 -0
package/server/routes/admin-outreach.js +239 -0
package/server/routes/admin-plans.js +76 -76
package/server/routes/admin-premium.js +674 -673
package/server/routes/admin-shieldlink.js +137 -0
package/server/routes/admin-shieldqr.js +90 -90
package/server/routes/admin-trust-monitor.js +139 -83
package/server/routes/admin.js +550 -549
package/server/routes/adopt.js +61 -0
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api-keys.js +127 -0
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +57 -57
package/server/routes/commander.js +316 -316
package/server/routes/customer-shieldlink.js +133 -0
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -154
package/server/routes/diagnose.js +373 -0
package/server/routes/discovery.js +2348 -2348
package/server/routes/enterprise-mesh.js +170 -0
package/server/routes/gateway.js +173 -173
package/server/routes/governance-saas.js +203 -0
package/server/routes/governance.js +208 -208
package/server/routes/growth.js +1048 -0
package/server/routes/intent.js +328 -0
package/server/routes/license.js +251 -251
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/partners.js +201 -0
package/server/routes/plans.js +33 -33
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/providers.js +650 -650
package/server/routes/reputation.js +411 -0
package/server/routes/ring4.js +885 -0
package/server/routes/runtime.js +2148 -2148
package/server/routes/shieldlink.js +70 -0
package/server/routes/shieldqr.js +88 -88
package/server/routes/sovereign.js +465 -465
package/server/routes/transactions.js +233 -0
package/server/routes/truth-layer.js +670 -0
package/server/routes/universal.js +200 -200
package/server/routes/unsubscribe.js +51 -0
package/server/routes/wab-api.js +850 -850
package/server/routes/wab-cache.js +282 -0
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/secrets/wab-signing-key.pem +3 -0
package/server/secrets/wab-signing-pub.pem +3 -0
package/server/security/cross-site-redactor.js +196 -196
package/server/security/dry-run.js +180 -180
package/server/security/human-gate-rate-limit.js +147 -147
package/server/security/human-gate-transports.js +178 -178
package/server/security/human-gate.js +281 -281
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -245
package/server/security/reward-guard.js +171 -171
package/server/security/rollback-store.js +239 -239
package/server/security/token-scope.js +404 -404
package/server/security/url-policy.js +139 -139
package/server/services/adoption-agent.js +182 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -601
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -555
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -292
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +233 -233
package/server/services/fairness-engine.js +409 -0
package/server/services/fairness.js +420 -0
package/server/services/governance.js +466 -466
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/outreach-agent.js +312 -0
package/server/services/plans.js +214 -214
package/server/services/plugins.js +771 -771
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/provider-clients.js +740 -740
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/shieldlink.js +492 -0
package/server/services/shieldqr.js +322 -322
package/server/services/sovereign-shield.js +542 -542
package/server/services/ssl-ct-monitor.js +224 -0
package/server/services/ssl-inspector.js +42 -42
package/server/services/ssl-monitor.js +167 -167
package/server/services/stripe.js +206 -205
package/server/services/swarm.js +788 -788
package/server/services/transactions.js +525 -0
package/server/services/universal-scraper.js +662 -662
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/services/wab-crypto.js +178 -178
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -228
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/templates/ring4/banking-sovereign.yaml +55 -0
package/templates/ring4/ecommerce-sovereign.yaml +58 -0
package/templates/ring4/healthcare-sovereign.yaml +60 -0

package/public/provider-onboarding.html CHANGED Viewed

@@ -1,172 +1,172 @@
-<!DOCTYPE html>
-<html lang="en" dir="ltr">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>WAB DNS Discovery Provider Onboarding</title>
-  <meta name="description" content="Integrate WAB DNS Discovery into DNS providers and registrars with one-click enable/disable flow.">
-  <link rel="stylesheet" href="/css/styles.css?v=3.3.0">
-  <style>
-    body { background:#0a1222; color:#e6edf8; }
-    .hero { padding:110px 24px 40px; text-align:center; }
-    .hero h1 { font-size:clamp(1.9rem,4vw,3rem); margin-bottom:10px; }
-    .hero p { color:#9fb1d3; max-width:820px; margin:0 auto; line-height:1.7; }
-    .wrap { max-width:1100px; margin:0 auto; padding:0 20px 70px; }
-    .grid { display:grid; gap:14px; grid-template-columns:repeat(auto-fit,minmax(280px,1fr)); }
-    .card { background:linear-gradient(180deg,rgba(17,24,39,.9),rgba(12,18,31,.96)); border:1px solid rgba(148,163,184,.2); border-radius:14px; padding:16px; }
-    .card h3 { margin:0 0 8px; color:#fcd34d; }
-    .card p, .card li { color:#c7d2ea; line-height:1.65; font-size:.93rem; }
-    .card ul { margin:6px 0 0 20px; }
-    .badge { display:inline-block; margin:6px 0; padding:4px 9px; border-radius:999px; font-size:.73rem; font-weight:700; color:#fde68a; border:1px solid rgba(250,204,21,.45); background:rgba(250,204,21,.12); }
-    pre, code { font-family:Consolas, Menlo, Monaco, monospace; }
-    pre { background:#020617; border:1px solid rgba(148,163,184,.25); border-radius:10px; padding:11px; color:#c4b5fd; overflow:auto; font-size:.82rem; line-height:1.5; }
-    .actions { display:flex; flex-wrap:wrap; gap:10px; margin-top:12px; }
-    .actions a { text-decoration:none; }
-    .btn-mini { display:inline-block; padding:8px 12px; border-radius:9px; font-size:.83rem; font-weight:700; }
-    .btn-primary { background:linear-gradient(135deg,#f59e0b,#b45309); color:#fff; }
-    .btn-secondary { background:rgba(148,163,184,.16); border:1px solid rgba(148,163,184,.35); color:#e6edf8; }
-  </style>
-</head>
-<body>
-  <section class="hero">
-    <h1>Provider Onboarding: One-Click WAB DNS Discovery</h1>
-    <p>
-      Add WAB DNS Discovery to your DNS platform or registrar panel so domain owners can enable or disable AI discoverability
-      with a single toggle, just like SSL activation.
-    </p>
-  </section>
-  <div class="wrap">
-    <div class="grid">
-      <div class="card">
-        <h3>1) Fetch Protocol Manifest</h3>
-        <span class="badge">Machine contract</span>
-        <pre>GET /api/discovery/provider/manifest</pre>
-        <p>Use this endpoint to lock integration against a stable protocol definition.</p>
-      </div>
-      <div class="card">
-        <h3>2) Build TXT Record Template</h3>
-        <span class="badge">Per-domain payload</span>
-        <pre>GET /api/discovery/provider/record-template?domain=example.com</pre>
-        <p>Returns ready-to-write values for DNS API calls in your enable-toggle flow.</p>
-      </div>
-      <div class="card">
-        <h3>3) Verify Status</h3>
-        <span class="badge">UI state source</span>
-        <pre>GET /api/discovery/provider/status?domain=example.com</pre>
-        <p>Map status to your UI toggle badges:</p>
-        <ul>
-          <li>enabled: DNS + endpoint verified</li>
-          <li>partial: DNS found, endpoint issue</li>
-          <li>disabled: no valid TXT record</li>
-        </ul>
-      </div>
-      <div class="card">
-        <h3>4) Batch Verification + Callback</h3>
-        <span class="badge">Registrar dashboards</span>
-        <pre>POST /api/discovery/provider/verify-batch
-{
-  "domains": ["example.com", "shop.example.com"],
-  "include_agent_run": false,
-  "callback_url": "https://provider.example/webhooks/wab",
-  "callback_secret": "shared-secret"
-}</pre>
-        <p>
-          Optional callback pushes final result to your webhook endpoint with request id and optional HMAC signature.
-        </p>
-      </div>
-      <div class="card">
-        <h3>5) Webhook Signature Verification</h3>
-        <span class="badge">Security</span>
-        <p>
-          Verify the <code>x-wab-signature</code> header on your callback endpoint to confirm the request came from WAB.
-          The signature is <code>HMAC-SHA256(requestBody, callbackSecret)</code> encoded as hex.
-        </p>
-        <p><strong>Node.js</strong></p>
-        <pre>const crypto = require('crypto');
-function verifyWabSignature(rawBody, receivedSig, secret) {
-  const expected = crypto
-    .createHmac('sha256', secret)
-    .update(rawBody)            // raw Buffer or string
-    .digest('hex');
-  // constant-time compare to prevent timing attacks
-  return crypto.timingSafeEqual(
-    Buffer.from(expected, 'utf8'),
-    Buffer.from(receivedSig, 'utf8')
-  );
-}
-// Express example
-app.post('/webhooks/wab', express.raw({ type: '*/*' }), (req, res) => {
-  const sig = req.headers['x-wab-signature'];
-  if (!verifyWabSignature(req.body, sig, process.env.WAB_CALLBACK_SECRET)) {
-    return res.status(401).send('Invalid signature');
-  }
-  const payload = JSON.parse(req.body.toString());
-  // … process payload
-  res.sendStatus(200);
-});</pre>
-        <p><strong>Python (Flask)</strong></p>
-        <pre>import hmac, hashlib
-from flask import Flask, request, abort
-app = Flask(__name__)
-WAB_SECRET = os.environ['WAB_CALLBACK_SECRET']
-@app.route('/webhooks/wab', methods=['POST'])
-def wab_webhook():
-    sig = request.headers.get('x-wab-signature', '')
-    expected = hmac.new(
-        WAB_SECRET.encode(), request.data, hashlib.sha256
-    ).hexdigest()
-    if not hmac.compare_digest(expected, sig):
-        abort(401)
-    payload = request.get_json(force=True)
-    # … process payload
-    return '', 200</pre>
-      </div>
-      <div class="card">
-        <h3>Enable/Disable Flow</h3>
-        <span class="badge">One-click UX</span>
-        <ul>
-          <li>Enable: write TXT, verify, show enabled</li>
-          <li>Disable: delete TXT, verify, show disabled</li>
-          <li>Retry verification until propagation converges</li>
-        </ul>
-      </div>
-      <div class="card">
-        <h3>Integration Endpoints</h3>
-        <pre>/api/discovery/provider/manifest
-/api/discovery/provider/record-template
-/api/discovery/provider/enable-plan
-/api/discovery/provider/status
-/api/discovery/provider/verify-batch</pre>
-        <div class="actions">
-          <a class="btn-mini btn-primary" href="/api/discovery/provider/manifest" target="_blank" rel="noopener">Open Manifest</a>
-          <a class="btn-mini btn-secondary" href="/api/discovery/provider/record-template?domain=webagentbridge.com" target="_blank" rel="noopener">Open Template Example</a>
-          <a class="btn-mini btn-secondary" href="/provider-sandbox">Open Provider Sandbox</a>
-          <a class="btn-mini btn-primary" href="/cloudflare-integration">Cloudflare One-Click</a>
-          <a class="btn-mini btn-primary" href="/cpanel-integration">cPanel One-Click</a>
-          <a class="btn-mini btn-primary" href="/route53-integration">Route 53 One-Click</a>
-          <a class="btn-mini btn-primary" href="/plesk-integration">Plesk One-Click</a>
-          <a class="btn-mini btn-primary" href="/gcp-dns-integration">Google Cloud DNS</a>
-          <a class="btn-mini btn-primary" href="/azure-dns-integration">Azure DNS One-Click</a>
-          <a class="btn-mini btn-primary" href="/registrar-integrations">GoDaddy / Namecheap CLI</a>
-          <a class="btn-mini btn-secondary" href="/adoption-metrics">Adoption Metrics</a>
-          <a class="btn-mini btn-primary" href="/wab-trust">Trust Layer (v1.3)</a>
-          <a class="btn-mini btn-secondary" href="/wab-vs-protocols">WAB vs Other Protocols</a>
-          <a class="btn-mini btn-secondary" href="/downloads/wab-dns-provider.postman_collection.json" target="_blank" rel="noopener">Download Postman Collection</a>
-          <a class="btn-mini btn-secondary" href="/dns">Open DNS Page</a>
-        </div>
-      </div>
-    </div>
-  </div>
-</body>
-</html>
+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>WAB DNS Discovery Provider Onboarding</title>
+  <meta name="description" content="Integrate WAB DNS Discovery into DNS providers and registrars with one-click enable/disable flow.">
+  <link rel="stylesheet" href="/css/styles.css?v=3.3.0">
+  <style>
+    body { background:#0a1222; color:#e6edf8; }
+    .hero { padding:110px 24px 40px; text-align:center; }
+    .hero h1 { font-size:clamp(1.9rem,4vw,3rem); margin-bottom:10px; }
+    .hero p { color:#9fb1d3; max-width:820px; margin:0 auto; line-height:1.7; }
+    .wrap { max-width:1100px; margin:0 auto; padding:0 20px 70px; }
+    .grid { display:grid; gap:14px; grid-template-columns:repeat(auto-fit,minmax(280px,1fr)); }
+    .card { background:linear-gradient(180deg,rgba(17,24,39,.9),rgba(12,18,31,.96)); border:1px solid rgba(148,163,184,.2); border-radius:14px; padding:16px; }
+    .card h3 { margin:0 0 8px; color:#fcd34d; }
+    .card p, .card li { color:#c7d2ea; line-height:1.65; font-size:.93rem; }
+    .card ul { margin:6px 0 0 20px; }
+    .badge { display:inline-block; margin:6px 0; padding:4px 9px; border-radius:999px; font-size:.73rem; font-weight:700; color:#fde68a; border:1px solid rgba(250,204,21,.45); background:rgba(250,204,21,.12); }
+    pre, code { font-family:Consolas, Menlo, Monaco, monospace; }
+    pre { background:#020617; border:1px solid rgba(148,163,184,.25); border-radius:10px; padding:11px; color:#c4b5fd; overflow:auto; font-size:.82rem; line-height:1.5; }
+    .actions { display:flex; flex-wrap:wrap; gap:10px; margin-top:12px; }
+    .actions a { text-decoration:none; }
+    .btn-mini { display:inline-block; padding:8px 12px; border-radius:9px; font-size:.83rem; font-weight:700; }
+    .btn-primary { background:linear-gradient(135deg,#f59e0b,#b45309); color:#fff; }
+    .btn-secondary { background:rgba(148,163,184,.16); border:1px solid rgba(148,163,184,.35); color:#e6edf8; }
+  </style>
+</head>
+<body>
+  <section class="hero">
+    <h1>Provider Onboarding: One-Click WAB DNS Discovery</h1>
+    <p>
+      Add WAB DNS Discovery to your DNS platform or registrar panel so domain owners can enable or disable AI discoverability
+      with a single toggle, just like SSL activation.
+    </p>
+  </section>
+  <div class="wrap">
+    <div class="grid">
+      <div class="card">
+        <h3>1) Fetch Protocol Manifest</h3>
+        <span class="badge">Machine contract</span>
+        <pre>GET /api/discovery/provider/manifest</pre>
+        <p>Use this endpoint to lock integration against a stable protocol definition.</p>
+      </div>
+      <div class="card">
+        <h3>2) Build TXT Record Template</h3>
+        <span class="badge">Per-domain payload</span>
+        <pre>GET /api/discovery/provider/record-template?domain=example.com</pre>
+        <p>Returns ready-to-write values for DNS API calls in your enable-toggle flow.</p>
+      </div>
+      <div class="card">
+        <h3>3) Verify Status</h3>
+        <span class="badge">UI state source</span>
+        <pre>GET /api/discovery/provider/status?domain=example.com</pre>
+        <p>Map status to your UI toggle badges:</p>
+        <ul>
+          <li>enabled: DNS + endpoint verified</li>
+          <li>partial: DNS found, endpoint issue</li>
+          <li>disabled: no valid TXT record</li>
+        </ul>
+      </div>
+      <div class="card">
+        <h3>4) Batch Verification + Callback</h3>
+        <span class="badge">Registrar dashboards</span>
+        <pre>POST /api/discovery/provider/verify-batch
+{
+  "domains": ["example.com", "shop.example.com"],
+  "include_agent_run": false,
+  "callback_url": "https://provider.example/webhooks/wab",
+  "callback_secret": "shared-secret"
+}</pre>
+        <p>
+          Optional callback pushes final result to your webhook endpoint with request id and optional HMAC signature.
+        </p>
+      </div>
+      <div class="card">
+        <h3>5) Webhook Signature Verification</h3>
+        <span class="badge">Security</span>
+        <p>
+          Verify the <code>x-wab-signature</code> header on your callback endpoint to confirm the request came from WAB.
+          The signature is <code>HMAC-SHA256(requestBody, callbackSecret)</code> encoded as hex.
+        </p>
+        <p><strong>Node.js</strong></p>
+        <pre>const crypto = require('crypto');
+function verifyWabSignature(rawBody, receivedSig, secret) {
+  const expected = crypto
+    .createHmac('sha256', secret)
+    .update(rawBody)            // raw Buffer or string
+    .digest('hex');
+  // constant-time compare to prevent timing attacks
+  return crypto.timingSafeEqual(
+    Buffer.from(expected, 'utf8'),
+    Buffer.from(receivedSig, 'utf8')
+  );
+}
+// Express example
+app.post('/webhooks/wab', express.raw({ type: '*/*' }), (req, res) => {
+  const sig = req.headers['x-wab-signature'];
+  if (!verifyWabSignature(req.body, sig, process.env.WAB_CALLBACK_SECRET)) {
+    return res.status(401).send('Invalid signature');
+  }
+  const payload = JSON.parse(req.body.toString());
+  // … process payload
+  res.sendStatus(200);
+});</pre>
+        <p><strong>Python (Flask)</strong></p>
+        <pre>import hmac, hashlib
+from flask import Flask, request, abort
+app = Flask(__name__)
+WAB_SECRET = os.environ['WAB_CALLBACK_SECRET']
+@app.route('/webhooks/wab', methods=['POST'])
+def wab_webhook():
+    sig = request.headers.get('x-wab-signature', '')
+    expected = hmac.new(
+        WAB_SECRET.encode(), request.data, hashlib.sha256
+    ).hexdigest()
+    if not hmac.compare_digest(expected, sig):
+        abort(401)
+    payload = request.get_json(force=True)
+    # … process payload
+    return '', 200</pre>
+      </div>
+      <div class="card">
+        <h3>Enable/Disable Flow</h3>
+        <span class="badge">One-click UX</span>
+        <ul>
+          <li>Enable: write TXT, verify, show enabled</li>
+          <li>Disable: delete TXT, verify, show disabled</li>
+          <li>Retry verification until propagation converges</li>
+        </ul>
+      </div>
+      <div class="card">
+        <h3>Integration Endpoints</h3>
+        <pre>/api/discovery/provider/manifest
+/api/discovery/provider/record-template
+/api/discovery/provider/enable-plan
+/api/discovery/provider/status
+/api/discovery/provider/verify-batch</pre>
+        <div class="actions">
+          <a class="btn-mini btn-primary" href="/api/discovery/provider/manifest" target="_blank" rel="noopener">Open Manifest</a>
+          <a class="btn-mini btn-secondary" href="/api/discovery/provider/record-template?domain=webagentbridge.com" target="_blank" rel="noopener">Open Template Example</a>
+          <a class="btn-mini btn-secondary" href="/provider-sandbox">Open Provider Sandbox</a>
+          <a class="btn-mini btn-primary" href="/cloudflare-integration">Cloudflare One-Click</a>
+          <a class="btn-mini btn-primary" href="/cpanel-integration">cPanel One-Click</a>
+          <a class="btn-mini btn-primary" href="/route53-integration">Route 53 One-Click</a>
+          <a class="btn-mini btn-primary" href="/plesk-integration">Plesk One-Click</a>
+          <a class="btn-mini btn-primary" href="/gcp-dns-integration">Google Cloud DNS</a>
+          <a class="btn-mini btn-primary" href="/azure-dns-integration">Azure DNS One-Click</a>
+          <a class="btn-mini btn-primary" href="/registrar-integrations">GoDaddy / Namecheap CLI</a>
+          <a class="btn-mini btn-secondary" href="/adoption-metrics">Adoption Metrics</a>
+          <a class="btn-mini btn-primary" href="/wab-trust">Trust Layer (v1.3)</a>
+          <a class="btn-mini btn-secondary" href="/wab-vs-protocols">WAB vs Other Protocols</a>
+          <a class="btn-mini btn-secondary" href="/downloads/wab-dns-provider.postman_collection.json" target="_blank" rel="noopener">Download Postman Collection</a>
+          <a class="btn-mini btn-secondary" href="/dns">Open DNS Page</a>
+        </div>
+      </div>
+    </div>
+  </div>
+</body>
+</html>

package/public/provider-sandbox.html CHANGED Viewed

@@ -1,134 +1,134 @@
-<!DOCTYPE html>
-<html lang="en" dir="ltr">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>WAB Provider Sandbox</title>
-  <meta name="description" content="Interactive sandbox for DNS providers and registrars to test WAB DNS Discovery APIs.">
-  <link rel="stylesheet" href="/css/styles.css?v=3.3.0">
-  <style>
-    body { background:#081123; color:#e8efff; }
-    .hero { padding:100px 20px 30px; text-align:center; }
-    .hero h1 { font-size:clamp(1.8rem,4vw,2.8rem); margin-bottom:8px; }
-    .hero p { color:#9eb1d8; max-width:820px; margin:0 auto; }
-    .wrap { max-width:1100px; margin:0 auto; padding:0 18px 70px; }
-    .panel { background:linear-gradient(180deg,rgba(17,24,39,.92),rgba(10,16,30,.96)); border:1px solid rgba(148,163,184,.2); border-radius:14px; padding:14px; margin-bottom:14px; }
-    .panel h3 { margin:0 0 8px; color:#fcd34d; }
-    .row { display:grid; grid-template-columns:2fr 1fr; gap:10px; }
-    @media (max-width:760px) { .row { grid-template-columns:1fr; } }
-    label { display:block; font-size:.8rem; color:#a8b7d7; margin-bottom:5px; }
-    input, select, textarea { width:100%; background:#0b162a; border:1px solid rgba(148,163,184,.28); color:#e8efff; border-radius:10px; padding:10px; font-family:Consolas, monospace; font-size:.85rem; }
-    textarea { min-height:90px; }
-    .actions { display:flex; gap:8px; flex-wrap:wrap; margin-top:8px; }
-    button { background:linear-gradient(135deg,#f59e0b,#b45309); color:#fff; border:none; border-radius:10px; padding:9px 12px; cursor:pointer; font-weight:700; font-size:.82rem; }
-    button.alt { background:linear-gradient(135deg,#334155,#1f2937); }
-    pre { background:#020617; border:1px solid rgba(148,163,184,.26); border-radius:10px; padding:12px; color:#c4b5fd; overflow:auto; min-height:180px; }
-    .hint { color:#9eb1d8; font-size:.84rem; }
-  </style>
-</head>
-<body>
-  <section class="hero">
-    <h1>Provider Sandbox</h1>
-    <p>Run provider integration APIs end-to-end: manifest, record template, status, one-click plan, and batch verify.</p>
-  </section>
-  <div class="wrap">
-    <div class="panel">
-      <h3>Request Builder</h3>
-      <div class="row">
-        <div>
-          <label>Domain</label>
-          <input id="domain" value="webagentbridge.com" placeholder="example.com">
-        </div>
-        <div>
-          <label>Action</label>
-          <select id="action">
-            <option value="enable">enable</option>
-            <option value="disable">disable</option>
-          </select>
-        </div>
-      </div>
-      <div class="row" style="margin-top:8px;">
-        <div>
-          <label>Batch Domains (comma separated)</label>
-          <input id="batchDomains" value="webagentbridge.com, example.com">
-        </div>
-        <div>
-          <label>Include Agent Run</label>
-          <select id="includeAgentRun">
-            <option value="false" selected>false</option>
-            <option value="true">true</option>
-          </select>
-        </div>
-      </div>
-      <div class="actions">
-        <button onclick="runManifest()">Manifest</button>
-        <button onclick="runTemplate()">Record Template</button>
-        <button onclick="runStatus()">Status</button>
-        <button onclick="runPlan()">Enable/Disable Plan</button>
-        <button onclick="runBatch()">Verify Batch</button>
-        <button class="alt" onclick="clearOut()">Clear</button>
-      </div>
-      <p class="hint">Tip: use this page during provider integration QA before shipping one-click toggle in production.</p>
-    </div>
-    <div class="panel">
-      <h3>Response</h3>
-      <pre id="out">{}</pre>
-    </div>
-  </div>
-  <script>
-    async function call(url, opts) {
-      const out = document.getElementById('out');
-      out.textContent = 'Loading ' + url + ' ...';
-      try {
-        const res = await fetch(url, opts || {});
-        const data = await res.json().catch(() => ({}));
-        out.textContent = JSON.stringify({ http_status: res.status, data: data }, null, 2);
-      } catch (err) {
-        out.textContent = JSON.stringify({ error: String(err) }, null, 2);
-      }
-    }
-    function getDomain() {
-      return (document.getElementById('domain').value || '').trim();
-    }
-    function runManifest() {
-      call('/api/discovery/provider/manifest');
-    }
-    function runTemplate() {
-      const d = getDomain();
-      call('/api/discovery/provider/record-template?domain=' + encodeURIComponent(d));
-    }
-    function runStatus() {
-      const d = getDomain();
-      call('/api/discovery/provider/status?domain=' + encodeURIComponent(d));
-    }
-    function runPlan() {
-      const d = getDomain();
-      const action = document.getElementById('action').value;
-      call('/api/discovery/provider/enable-plan?domain=' + encodeURIComponent(d) + '&action=' + encodeURIComponent(action));
-    }
-    function runBatch() {
-      const raw = (document.getElementById('batchDomains').value || '');
-      const domains = raw.split(',').map((s) => s.trim()).filter(Boolean);
-      const includeAgentRun = document.getElementById('includeAgentRun').value === 'true';
-      call('/api/discovery/provider/verify-batch', {
-        method: 'POST',
-        headers: { 'content-type': 'application/json', accept: 'application/json' },
-        body: JSON.stringify({ domains: domains, include_agent_run: includeAgentRun })
-      });
-    }
-    function clearOut() {
-      document.getElementById('out').textContent = '{}';
-    }
-  </script>
-</body>
-</html>
+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>WAB Provider Sandbox</title>
+  <meta name="description" content="Interactive sandbox for DNS providers and registrars to test WAB DNS Discovery APIs.">
+  <link rel="stylesheet" href="/css/styles.css?v=3.3.0">
+  <style>
+    body { background:#081123; color:#e8efff; }
+    .hero { padding:100px 20px 30px; text-align:center; }
+    .hero h1 { font-size:clamp(1.8rem,4vw,2.8rem); margin-bottom:8px; }
+    .hero p { color:#9eb1d8; max-width:820px; margin:0 auto; }
+    .wrap { max-width:1100px; margin:0 auto; padding:0 18px 70px; }
+    .panel { background:linear-gradient(180deg,rgba(17,24,39,.92),rgba(10,16,30,.96)); border:1px solid rgba(148,163,184,.2); border-radius:14px; padding:14px; margin-bottom:14px; }
+    .panel h3 { margin:0 0 8px; color:#fcd34d; }
+    .row { display:grid; grid-template-columns:2fr 1fr; gap:10px; }
+    @media (max-width:760px) { .row { grid-template-columns:1fr; } }
+    label { display:block; font-size:.8rem; color:#a8b7d7; margin-bottom:5px; }
+    input, select, textarea { width:100%; background:#0b162a; border:1px solid rgba(148,163,184,.28); color:#e8efff; border-radius:10px; padding:10px; font-family:Consolas, monospace; font-size:.85rem; }
+    textarea { min-height:90px; }
+    .actions { display:flex; gap:8px; flex-wrap:wrap; margin-top:8px; }
+    button { background:linear-gradient(135deg,#f59e0b,#b45309); color:#fff; border:none; border-radius:10px; padding:9px 12px; cursor:pointer; font-weight:700; font-size:.82rem; }
+    button.alt { background:linear-gradient(135deg,#334155,#1f2937); }
+    pre { background:#020617; border:1px solid rgba(148,163,184,.26); border-radius:10px; padding:12px; color:#c4b5fd; overflow:auto; min-height:180px; }
+    .hint { color:#9eb1d8; font-size:.84rem; }
+  </style>
+</head>
+<body>
+  <section class="hero">
+    <h1>Provider Sandbox</h1>
+    <p>Run provider integration APIs end-to-end: manifest, record template, status, one-click plan, and batch verify.</p>
+  </section>
+  <div class="wrap">
+    <div class="panel">
+      <h3>Request Builder</h3>
+      <div class="row">
+        <div>
+          <label>Domain</label>
+          <input id="domain" value="webagentbridge.com" placeholder="example.com">
+        </div>
+        <div>
+          <label>Action</label>
+          <select id="action">
+            <option value="enable">enable</option>
+            <option value="disable">disable</option>
+          </select>
+        </div>
+      </div>
+      <div class="row" style="margin-top:8px;">
+        <div>
+          <label>Batch Domains (comma separated)</label>
+          <input id="batchDomains" value="webagentbridge.com, example.com">
+        </div>
+        <div>
+          <label>Include Agent Run</label>
+          <select id="includeAgentRun">
+            <option value="false" selected>false</option>
+            <option value="true">true</option>
+          </select>
+        </div>
+      </div>
+      <div class="actions">
+        <button onclick="runManifest()">Manifest</button>
+        <button onclick="runTemplate()">Record Template</button>
+        <button onclick="runStatus()">Status</button>
+        <button onclick="runPlan()">Enable/Disable Plan</button>
+        <button onclick="runBatch()">Verify Batch</button>
+        <button class="alt" onclick="clearOut()">Clear</button>
+      </div>
+      <p class="hint">Tip: use this page during provider integration QA before shipping one-click toggle in production.</p>
+    </div>
+    <div class="panel">
+      <h3>Response</h3>
+      <pre id="out">{}</pre>
+    </div>
+  </div>
+  <script>
+    async function call(url, opts) {
+      const out = document.getElementById('out');
+      out.textContent = 'Loading ' + url + ' ...';
+      try {
+        const res = await fetch(url, opts || {});
+        const data = await res.json().catch(() => ({}));
+        out.textContent = JSON.stringify({ http_status: res.status, data: data }, null, 2);
+      } catch (err) {
+        out.textContent = JSON.stringify({ error: String(err) }, null, 2);
+      }
+    }
+    function getDomain() {
+      return (document.getElementById('domain').value || '').trim();
+    }
+    function runManifest() {
+      call('/api/discovery/provider/manifest');
+    }
+    function runTemplate() {
+      const d = getDomain();
+      call('/api/discovery/provider/record-template?domain=' + encodeURIComponent(d));
+    }
+    function runStatus() {
+      const d = getDomain();
+      call('/api/discovery/provider/status?domain=' + encodeURIComponent(d));
+    }
+    function runPlan() {
+      const d = getDomain();
+      const action = document.getElementById('action').value;
+      call('/api/discovery/provider/enable-plan?domain=' + encodeURIComponent(d) + '&action=' + encodeURIComponent(action));
+    }
+    function runBatch() {
+      const raw = (document.getElementById('batchDomains').value || '');
+      const domains = raw.split(',').map((s) => s.trim()).filter(Boolean);
+      const includeAgentRun = document.getElementById('includeAgentRun').value === 'true';
+      call('/api/discovery/provider/verify-batch', {
+        method: 'POST',
+        headers: { 'content-type': 'application/json', accept: 'application/json' },
+        body: JSON.stringify({ domains: domains, include_agent_run: includeAgentRun })
+      });
+    }
+    function clearOut() {
+      document.getElementById('out').textContent = '{}';
+    }
+  </script>
+</body>
+</html>