web-agent-bridge 3.8.1 → 3.9.1

package/README.ar.md

@@ -15,6 +15,8 @@
 
 **البروتوكول والمنصة المفتوحة للتفاعل بين الذكاء الاصطناعي والويب — واجهة أوامر موحّدة، متصفح سيادي، درع هاتف، اكتشاف عبر DNS، شبكة وكلاء، وبوابة API موحّدة لتفاعل آمن بين الذكاء الاصطناعي والمواقع.**
 
+> **جديد في الإصدار 3.9 — ATP (المُكوِّن الأساسي لمعاملات الوكلاء):** عقود نوايا موقَّعة، معاملات لا تتكرر (idempotent)، إيصالات Ed25519 قابلة للتحقق علنياً بدون مصادقة، وآلية تعويض صريحة. هذا هو **طبقة الثقة + المعاملات** التي تنقُص التجارة الوكيلة. [راجع المواصفة §21](docs/SPEC.md#21-agent-transaction-primitive-atp--v390) · [صفحة ATP العامة](public/atp.html).
+
 🌐 **الموقع الرسمي:** [https://webagentbridge.com](https://webagentbridge.com) — جرّب مساحة عمل الوكيل الذكي ولوحات التحكم والعديد من الميزات الأخرى مباشرة.
 
 يتيح WAB لأصحاب المواقع إضافة سكريبت يكشف واجهة `window.AICommands` لوكلاء الذكاء الاصطناعي. بدلاً من تحليل شيفرة HTML المعقدة، يقرأ الوكيل قائمة الإجراءات المتاحة وينفذها بدقة وأمان.

package/README.md

@@ -3,12 +3,14 @@
   <img src="https://raw.githubusercontent.com/abokenan444/web-agent-bridge/master/public/images/wab-logo-large.png" alt="Web Agent Bridge Logo" width="180" />
 
   <h1>Web Agent Bridge (WAB)</h1>
-  <p><b>The open AI ↔ Web protocol & agent platform.</b></p>
-  <p><i>robots.txt told bots what NOT to do. WAB tells AI agents what they CAN do.</i></p>
+  <p><b>The trust + transaction layer for agentic commerce.</b></p>
+  <p><i>Signed intent contracts · idempotent transactions · Ed25519-verifiable receipts · explicit compensation.</i></p>
+  <p><i>robots.txt told bots what NOT to do. WAB tells AI agents what they CAN do — and proves what they did.</i></p>
 
   [![npm](https://img.shields.io/npm/v/web-agent-bridge?color=blue&style=flat-square)](https://www.npmjs.com/package/web-agent-bridge)
   [![License: Open Core](https://img.shields.io/badge/License-Open_Core-blue.svg?style=flat-square)](LICENSE)
-  [![Tests](https://img.shields.io/badge/Tests-428%2F428_passing-22c55e?style=flat-square&logo=jest&logoColor=white)](tests)
+  [![Tests](https://img.shields.io/badge/Tests-445%2F445_passing-22c55e?style=flat-square&logo=jest&logoColor=white)](tests)
+  [![ATP](https://img.shields.io/badge/ATP-v3.9.0-7c3aed?style=flat-square)](docs/SPEC.md#21-agent-transaction-primitive-atp--v390)
   [![Discord](https://img.shields.io/badge/Discord-Join-5865F2?style=flat-square&logo=discord&logoColor=white)](https://discord.gg/NnbpJYEF)
 
   <br />
@@ -31,6 +33,38 @@ AI agents today guess their way through the web — DOM scraping, brittle select
 
 ---
 
+## ATP — Agent Transaction Primitive *(new in v3.9)*
+
+WAB v3.9 introduces the **Agent Transaction Primitive (ATP)** — the missing trust + transaction layer for agentic commerce.
+
+```
+Intent  →  Authorize  →  Transact  →  Receipt  →  (Compensate)
+contract    single-use     idempotent   Ed25519-     explicit
++ scope     nonce burn     UNIQUE key   signed       rollback
++ spend cap                              JSON
+```
+
+- **Intent contracts** — the user's signed authorization (scope, spend cap, expiry, single-use nonce).
+- **Idempotent execution** — `UNIQUE (intent_id, idempotency_key)`: retries can never double-execute.
+- **Signed receipts** — Ed25519 over canonical JSON; verifiable via the **public** `/api/atp/receipts/verify` endpoint with zero auth.
+- **Compensation** — explicit rollback that decrements the intent's spend counter.
+
+```js
+const { ATPClient } = require('web-agent-bridge/sdk');
+const atp = new ATPClient({ baseUrl: 'https://api.webagentbridge.com', token: USER_JWT });
+
+const intent = await atp.createIntent({ purpose: 'buy 1 widget', scope: { actions: ['cart.add','checkout'] }, max_spend_cents: 5000, currency: 'EUR' });
+await atp.authorizeIntent(intent.id);
+const tx = await atp.beginTransaction({ intent_id: intent.id, idempotency_key: 'order-42', amount_cents: 4200 });
+await atp.transition(tx.id, 'executing'); await atp.transition(tx.id, 'executed'); await atp.transition(tx.id, 'settled');
+const r = await atp.issueReceipt(tx.id);                       // signed
+const v = await atp.verifyReceipt({ receiptId: r.receipt_id }); // public, no auth
+```
+
+Full spec: [`docs/SPEC.md` §21](docs/SPEC.md#21-agent-transaction-primitive-atp--v390) · Public docs page: [`/atp.html`](public/atp.html).
+
+---
+
 ## Quick start (60 seconds)
 
 ```bash

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "web-agent-bridge",
-  "version": "3.8.1",
-  "description": "Open AI↔Web protocol & agent platform: standardized command interface, sovereign browser, ShieldQR trust verifier, SSL health monitor, zero-config adoption (Cloudflare/Vercel/Netlify/Next.js), DNS discovery, agent mesh, and unified API gateway for safe AI–website interaction",
+  "version": "3.9.1",
+  "description": "Agent Transaction Bridge — the trust + transaction layer for agentic commerce. Signed intent contracts, idempotent transactions, Ed25519-verifiable receipts, explicit compensation. Plus the original WAB stack: sovereign browser, ShieldQR, SSL health, DNS discovery, agent mesh, and unified gateway for safe AI–website interaction.",
   "author": "Web Agent Bridge <dev@webagentbridge.com>",
   "main": "server/index.js",
   "bin": {

package/public/atp.html

@@ -0,0 +1,174 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <title>Agent Transaction Primitive (ATP) · Web Agent Bridge</title>
+  <meta name="description" content="The first-class primitive for trusted agent execution: signed intent contracts, idempotent transactions, and cryptographically verifiable receipts." />
+  <link rel="stylesheet" href="/css/main.css" />
+  <style>
+    :root { --bg:#0a0e14; --fg:#e6edf3; --muted:#8b949e; --accent:#7ee787; --line:#30363d; --card:#161b22; }
+    body { background:var(--bg); color:var(--fg); font:16px/1.6 -apple-system,BlinkMacSystemFont,"Segoe UI",sans-serif; margin:0; padding:0; }
+    main { max-width:980px; margin:0 auto; padding:48px 24px 96px; }
+    h1 { font-size:2.5rem; margin:0 0 8px; letter-spacing:-0.02em; }
+    h2 { font-size:1.5rem; margin:48px 0 12px; border-bottom:1px solid var(--line); padding-bottom:8px; }
+    h3 { font-size:1.1rem; margin:24px 0 8px; color:var(--accent); }
+    p.lede { font-size:1.2rem; color:var(--muted); margin:0 0 32px; max-width:720px; }
+    .badge { display:inline-block; background:#1f6feb22; color:#79c0ff; border:1px solid #1f6feb55; padding:2px 10px; border-radius:99px; font-size:0.85rem; font-weight:600; }
+    .grid { display:grid; grid-template-columns:repeat(auto-fit,minmax(240px,1fr)); gap:16px; margin:24px 0; }
+    .card { background:var(--card); border:1px solid var(--line); border-radius:8px; padding:20px; }
+    .card h3 { margin-top:0; color:var(--accent); }
+    .card p { color:var(--muted); font-size:0.95rem; margin:0; }
+    pre { background:#010409; border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; font-size:0.85rem; color:#c9d1d9; }
+    code { font-family:ui-monospace,SFMono-Regular,Consolas,monospace; }
+    .lifecycle { display:flex; gap:8px; align-items:center; margin:24px 0; flex-wrap:wrap; }
+    .lifecycle .step { flex:1; min-width:140px; background:var(--card); border:1px solid var(--line); padding:16px; border-radius:6px; text-align:center; }
+    .lifecycle .step b { display:block; font-size:1.1rem; color:var(--accent); margin-bottom:4px; }
+    .lifecycle .arrow { color:var(--muted); font-size:1.5rem; }
+    table { width:100%; border-collapse:collapse; margin:16px 0; }
+    th, td { text-align:left; padding:10px 12px; border-bottom:1px solid var(--line); font-size:0.95rem; }
+    th { color:var(--accent); font-weight:600; }
+    .tier { display:inline-block; padding:1px 8px; border-radius:4px; font-size:0.8rem; font-weight:600; }
+    .tier-free { background:#3fb95022; color:#7ee787; border:1px solid #3fb95055; }
+    .tier-pro { background:#1f6feb22; color:#79c0ff; border:1px solid #1f6feb55; }
+    .tier-business { background:#bf8b3022; color:#e3b341; border:1px solid #bf8b3055; }
+    .tier-enterprise { background:#a371f722; color:#d2a8ff; border:1px solid #a371f755; }
+    nav.top { position:sticky; top:0; background:rgba(10,14,20,0.9); backdrop-filter:blur(8px); border-bottom:1px solid var(--line); padding:12px 24px; }
+    nav.top a { color:var(--fg); text-decoration:none; margin-right:20px; font-weight:500; }
+    nav.top a:hover { color:var(--accent); }
+  </style>
+</head>
+<body>
+  <nav class="top">
+    <a href="/">WAB</a>
+    <a href="/atp.html"><b>ATP</b></a>
+    <a href="/docs.html">Docs</a>
+    <a href="/premium.html">Pricing</a>
+    <a href="/login.html">Login</a>
+  </nav>
+  <main>
+    <span class="badge">v3.9.0 · the keystone primitive</span>
+    <h1>Agent Transaction Primitive</h1>
+    <p class="lede">
+      WAB is no longer just a discovery and execution protocol — it is the
+      <b>trust + transaction layer</b> for agentic commerce. ATP makes four
+      guarantees first-class: a signed intent contract from the human,
+      idempotent execution, a cryptographically verifiable receipt, and
+      explicit compensation.
+    </p>
+
+    <h2>The lifecycle</h2>
+    <div class="lifecycle">
+      <div class="step"><b>1 · Intent</b>The user declares scope, spend cap, expiry. Single-use nonce.</div>
+      <div class="arrow">→</div>
+      <div class="step"><b>2 · Authorize</b>The user confirms. The contract is now binding on the agent.</div>
+      <div class="arrow">→</div>
+      <div class="step"><b>3 · Transact</b>Idempotent execution under the intent. Every step is logged.</div>
+      <div class="arrow">→</div>
+      <div class="step"><b>4 · Receipt</b>Ed25519-signed canonical JSON. Anyone can verify it.</div>
+      <div class="arrow">→</div>
+      <div class="step"><b>5 · Compensate</b>If something goes wrong, the rollback path is explicit.</div>
+    </div>
+
+    <h2>Why this matters</h2>
+    <div class="grid">
+      <div class="card">
+        <h3>For users</h3>
+        <p>You see exactly what you authorized, what the agent did, and you can verify the receipt later — even without WAB online.</p>
+      </div>
+      <div class="card">
+        <h3>For agents</h3>
+        <p>No more retries causing double-charges. <code>idempotency-key</code> + the intent's spend cap make safe execution structural, not aspirational.</p>
+      </div>
+      <div class="card">
+        <h3>For sites</h3>
+        <p>Every transaction comes with a signed proof of consent. Disputes become deterministic, not he-said-she-said.</p>
+      </div>
+      <div class="card">
+        <h3>For ecosystems</h3>
+        <p>The protocol is open. The verification endpoint is public. The receipt format is canonical JSON. No vendor lock-in.</p>
+      </div>
+    </div>
+
+    <h2>Quick start</h2>
+<pre><code>// Node 18+ — install: npm i web-agent-bridge
+const { ATPClient } = require('web-agent-bridge/sdk');
+
+const atp = new ATPClient({ baseUrl: 'https://webagentbridge.com', token: USER_JWT });
+
+// 1) The human declares the contract.
+const intent = await atp.createIntent({
+  purpose: 'Buy a book ≤ €30',
+  scope: { actions: ['search','add_to_cart','checkout'] },
+  spend_cap_cents: 3000,
+  ttl_seconds: 600,
+});
+
+// 2) The human confirms.
+await atp.authorizeIntent(intent.id);
+
+// 3) The agent executes — idempotent by key.
+const tx = await atp.beginTransaction({
+  intent_id: intent.id, amount_cents: 1500,
+  idempotency_key: 'order-' + Date.now(),
+});
+await atp.transition(tx.id, 'executing');
+await atp.step(tx.id, { action: 'checkout.confirm', evidence: { order_id: 'X1' } });
+await atp.transition(tx.id, 'executed');
+await atp.transition(tx.id, 'settled');
+
+// 4) Signed receipt — anyone can verify.
+const receipt = await atp.issueReceipt(tx.id);
+const verification = await atp.verifyReceipt(receipt.id);
+console.log(verification.verification.ok); // true</code></pre>
+
+    <h2>The signed receipt</h2>
+    <p>Every receipt is a canonical JSON document signed with Ed25519. The public verification endpoint (<code>POST /api/atp/receipts/verify</code>) requires <b>no authentication</b> — that is the whole point. Anyone can hold a receipt accountable.</p>
+<pre><code>{
+  "type": "atp.receipt.v1",
+  "receipt_id": "atp_rcpt_…",
+  "transaction": { "id": "atp_tx_…", "status": "settled", "amount_cents": 1500, … },
+  "intent":      { "id": "atp_int_…", "purpose": "Buy a book ≤ €30", "scope": { … }, … },
+  "steps":       [ { "seq": 1, "action": "checkout.confirm", "state": "succeeded" } ],
+  "signature":   {
+    "algorithm": "ed25519",
+    "value":     "BASE64…",
+    "key_id":    "16-char fingerprint",
+    "public_key":"BASE64…",
+    "signed_at": "ISO-8601"
+  }
+}</code></pre>
+
+    <h2>Open core · paid features</h2>
+    <p>The protocol and verification stay open so the standard can spread. Higher throughput, persistent key binding, and enterprise features fund the work.</p>
+    <table>
+      <thead><tr><th>Capability</th><th>Tier</th><th>Notes</th></tr></thead>
+      <tbody>
+        <tr><td>Protocol spec &amp; SDK</td><td><span class="tier tier-free">open source</span></td><td>MIT licensed. Implement it anywhere.</td></tr>
+        <tr><td>Public receipt verification (no auth)</td><td><span class="tier tier-free">open source</span></td><td>Anyone can verify any ATP receipt.</td></tr>
+        <tr><td>Intent creation</td><td><span class="tier tier-free">free</span></td><td>10/day on Free, 50/day on Starter.</td></tr>
+        <tr><td>Receipts with persistent site key binding</td><td><span class="tier tier-pro">pro</span></td><td>500 intents/day. Continuity of trust across receipts.</td></tr>
+        <tr><td>Idempotent execution at scale</td><td><span class="tier tier-pro">pro</span></td><td>Higher quotas, audit export.</td></tr>
+        <tr><td>Compensation flows + retry classification</td><td><span class="tier tier-business">business</span></td><td>5 000 intents/day, webhook subscriptions.</td></tr>
+        <tr><td>HSM-backed signing, custom workflows, SLA</td><td><span class="tier tier-enterprise">enterprise</span></td><td>Unlimited, dedicated settlement queue.</td></tr>
+      </tbody>
+    </table>
+
+    <h2>Security posture</h2>
+    <ul>
+      <li><b>Single-use nonces.</b> Authorization burns the nonce in <code>atp_nonces</code> — replays fail at the DB layer.</li>
+      <li><b>State machine in the DB.</b> CHECK constraints make illegal transitions unrepresentable, not just unlikely.</li>
+      <li><b>Idempotency.</b> <code>UNIQUE (intent_id, idempotency_key)</code> means retries can never double-execute.</li>
+      <li><b>Spend cap on every transition.</b> Enforced server-side, not in the agent.</li>
+      <li><b>Canonical JSON signing.</b> RFC 8785-style key ordering means a tampered receipt cannot pass verification.</li>
+      <li><b>Public verify rate-limited.</b> 120 req/min per IP, cryptographic check is the answer.</li>
+    </ul>
+
+    <h2>Reference</h2>
+    <p>Full API in <a href="/docs.html">/docs.html</a> and machine-readable spec in <code>docs/SPEC.md</code>. Mount path: <code>/api/atp</code>. Source: <a href="https://github.com/abokenan444/web-agent-bridge">github.com/abokenan444/web-agent-bridge</a>.</p>
+
+    <h2>We run our own business on it</h2>
+    <p>WAB doesn't just publish this protocol &mdash; it bills its own customers with it. Every subscription processed through webagentbridge.com produces a publicly-verifiable Ed25519 receipt. Audit the books at <a href="/transparency.html"><b>/transparency.html</b></a>.</p>
+  </main>
+</body>
+</html>

package/public/transparency.html

@@ -0,0 +1,285 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>WAB Transparency — Live ATP Receipts for Every Subscription</title>
+<meta name="description" content="WAB doesn't just build the trust layer for agentic commerce — it runs its own business on it. Every subscription processed through webagentbridge.com is an ATP transaction with a public Ed25519 receipt.">
+<meta property="og:title" content="WAB Transparency — Live ATP Receipts">
+<meta property="og:description" content="Every WAB subscription produces a publicly-verifiable Ed25519 receipt. Audit the books, byte by byte.">
+<link rel="icon" href="/assets/favicon.svg" type="image/svg+xml">
+<style>
+  :root {
+    --bg:#0b0d12; --bg2:#11141b; --fg:#e6e8ec; --muted:#8a93a6;
+    --accent:#7c5cff; --accent2:#22d3ee; --ok:#10b981; --bad:#ef4444;
+    --border:#1f2430;
+  }
+  * { box-sizing:border-box; }
+  body {
+    margin:0; font-family: 'SF Pro Display', -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, sans-serif;
+    background: radial-gradient(1200px 600px at 20% -10%, rgba(124,92,255,.18), transparent 60%),
+                radial-gradient(900px 500px at 90% 10%, rgba(34,211,238,.12), transparent 55%),
+                var(--bg);
+    color:var(--fg); line-height:1.55; min-height:100vh;
+  }
+  a { color:var(--accent2); text-decoration:none; }
+  a:hover { text-decoration:underline; }
+  .container { max-width: 1100px; margin: 0 auto; padding: 0 24px; }
+  header.top {
+    padding: 22px 0; border-bottom:1px solid var(--border);
+    display:flex; align-items:center; justify-content:space-between;
+  }
+  .brand { font-weight:700; letter-spacing:.2px; }
+  .brand span { color: var(--accent); }
+  nav a { margin-left: 18px; color: var(--muted); font-size:14px; }
+  nav a:hover { color: var(--fg); }
+
+  .hero { padding: 70px 0 50px; text-align:center; }
+  .hero .eyebrow {
+    display:inline-block; padding:6px 14px; border-radius:999px;
+    background: rgba(124,92,255,.12); color:#c8bdff; font-size:12px;
+    letter-spacing:.18em; text-transform:uppercase; border:1px solid rgba(124,92,255,.35);
+  }
+  .hero h1 {
+    font-size: clamp(34px, 5vw, 56px); margin: 18px 0 14px; line-height:1.08;
+    background: linear-gradient(180deg, #fff 30%, #b8c0d4 100%);
+    -webkit-background-clip: text; -webkit-text-fill-color: transparent;
+    font-weight: 800; letter-spacing:-.5px;
+  }
+  .hero p.sub { color: var(--muted); max-width: 780px; margin: 0 auto; font-size:18px; }
+  .hero p.tag { margin-top: 22px; font-size: 15px; color:#cdd5e3; }
+  .hero p.tag strong { color: var(--fg); }
+
+  .stats {
+    display:grid; grid-template-columns: repeat(4, 1fr); gap: 14px;
+    margin: 36px 0 12px;
+  }
+  .stat {
+    background: linear-gradient(180deg, rgba(255,255,255,.03), rgba(255,255,255,.01));
+    border:1px solid var(--border); border-radius:14px; padding:18px;
+  }
+  .stat .k { color: var(--muted); font-size:12px; letter-spacing:.08em; text-transform:uppercase; }
+  .stat .v { font-size: 26px; font-weight: 700; margin-top:6px; }
+  .stat .v small { color: var(--muted); font-size:13px; font-weight:500; }
+  @media (max-width: 720px) { .stats { grid-template-columns: repeat(2, 1fr); } }
+
+  section { padding: 30px 0; }
+  h2 { font-size: 24px; margin: 28px 0 14px; letter-spacing:-.3px; }
+
+  .feed {
+    background: var(--bg2); border: 1px solid var(--border); border-radius: 14px; overflow:hidden;
+  }
+  table { width:100%; border-collapse: collapse; font-size: 14px; }
+  th, td { padding: 12px 14px; text-align: left; border-bottom: 1px solid var(--border); }
+  th { background: rgba(255,255,255,.02); color: var(--muted); font-weight: 600;
+       font-size: 12px; letter-spacing:.08em; text-transform:uppercase; }
+  tr:last-child td { border-bottom: 0; }
+  tr:hover td { background: rgba(124,92,255,.04); }
+  .mono { font-family: ui-monospace, "JetBrains Mono", Menlo, monospace; font-size: 12.5px; }
+  .receipt-id { color: var(--accent2); }
+  .tier { display:inline-block; padding:3px 8px; border-radius:6px; font-size:11px;
+          font-weight:700; text-transform:uppercase; letter-spacing:.06em; }
+  .tier.starter   { background: rgba(34,211,238,.15);  color:#7ee9ff; }
+  .tier.pro       { background: rgba(124,92,255,.18);  color:#c8bdff; }
+  .tier.business  { background: rgba(16,185,129,.18);  color:#7feac3; }
+  .tier.enterprise{ background: rgba(245,158,11,.18);  color:#ffd58a; }
+  .badge-verify {
+    display:inline-flex; align-items:center; gap:6px;
+    background: rgba(16,185,129,.12); color: var(--ok); padding: 4px 10px;
+    border-radius:999px; font-size:12px; font-weight:600; border:1px solid rgba(16,185,129,.3);
+    cursor:pointer; transition: all .15s;
+  }
+  .badge-verify:hover { background: rgba(16,185,129,.22); }
+  .badge-verify.bad { background: rgba(239,68,68,.12); color:var(--bad); border-color: rgba(239,68,68,.3); }
+  .badge-verify.loading { opacity:.6; }
+
+  .empty { padding:38px 18px; text-align:center; color: var(--muted); }
+  .empty code { background: var(--bg); padding:2px 6px; border-radius:4px; color: var(--accent2); }
+
+  .how {
+    background: var(--bg2); border:1px solid var(--border); border-radius:14px;
+    padding: 22px 24px; margin: 24px 0;
+  }
+  .how ol { padding-left: 20px; margin: 8px 0 0; }
+  .how li { margin: 8px 0; color:#cdd5e3; }
+  .how code { background: var(--bg); padding:2px 6px; border-radius:4px;
+              color: var(--accent2); font-size: 12.5px; }
+
+  footer {
+    border-top:1px solid var(--border); margin-top: 60px; padding: 30px 0;
+    color: var(--muted); font-size: 13px; text-align:center;
+  }
+  footer a { color: var(--muted); margin: 0 10px; }
+</style>
+</head>
+<body>
+<header class="top">
+  <div class="container" style="display:flex;align-items:center;justify-content:space-between;width:100%;">
+    <div class="brand">Web Agent Bridge <span>·</span> Transparency</div>
+    <nav>
+      <a href="/">Home</a>
+      <a href="/atp.html">ATP Spec</a>
+      <a href="/docs.html">Docs</a>
+      <a href="/premium.html">Pricing</a>
+    </nav>
+  </div>
+</header>
+
+<main>
+  <section class="hero">
+    <div class="container">
+      <div class="eyebrow">Eat your own cooking</div>
+      <h1>Every subscription is a public, signed receipt.</h1>
+      <p class="sub">
+        WAB doesn't just build the trust layer for agentic commerce — it runs its own
+        business on it. Every dollar that flows into webagentbridge.com is itself an
+        ATP transaction with a publicly-verifiable Ed25519 receipt.
+      </p>
+      <p class="tag">
+        <strong>This page reads directly from the production ATP ledger.</strong>
+        Click <em>Verify</em> on any row to re-check the signature in your browser.
+      </p>
+
+      <div class="stats" id="stats">
+        <div class="stat"><div class="k">Receipts issued</div><div class="v" id="s-count">—</div></div>
+        <div class="stat"><div class="k">Total settled</div><div class="v" id="s-total">—</div></div>
+        <div class="stat"><div class="k">First receipt</div><div class="v" id="s-first">—</div></div>
+        <div class="stat"><div class="k">Latest receipt</div><div class="v" id="s-last">—</div></div>
+      </div>
+    </div>
+  </section>
+
+  <section>
+    <div class="container">
+      <h2>Live receipt feed</h2>
+      <div class="feed">
+        <table>
+          <thead>
+            <tr>
+              <th>Issued</th>
+              <th>Tier</th>
+              <th>Amount</th>
+              <th>Receipt ID</th>
+              <th>Key</th>
+              <th style="text-align:right;">Signature</th>
+            </tr>
+          </thead>
+          <tbody id="rows">
+            <tr><td colspan="6" class="empty">Loading public ATP ledger…</td></tr>
+          </tbody>
+        </table>
+      </div>
+
+      <div class="how">
+        <h2 style="margin-top:0;">How to audit this yourself</h2>
+        <ol>
+          <li>List receipts: <code>GET /api/atp/platform/receipts?limit=50</code></li>
+          <li>Fetch full signed body: <code>GET /api/atp/receipts/&lt;receipt_id&gt;</code></li>
+          <li>Verify Ed25519 signature: <code>POST /api/atp/receipts/verify</code> with <code>{"receipt_id":"…"}</code></li>
+          <li>Or verify offline: every receipt embeds its own public key under <code>signature.public_key</code>. The canonical body is the receipt JSON with the <code>signature</code> field removed.</li>
+        </ol>
+      </div>
+    </div>
+  </section>
+</main>
+
+<footer>
+  <div class="container">
+    <div>WAB · <a href="/atp.html">ATP Protocol</a> · <a href="/docs.html">Docs</a> · <a href="/privacy.html">Privacy</a> · <a href="/terms.html">Terms</a></div>
+    <div style="margin-top:8px;">Receipts shown on this page are real, generated automatically when payments settle on Stripe.</div>
+  </div>
+</footer>
+
+<script>
+const $ = (id) => document.getElementById(id);
+
+function fmtMoney(cents, currency) {
+  const v = (cents || 0) / 100;
+  try { return new Intl.NumberFormat('en-US', { style: 'currency', currency: currency || 'USD' }).format(v); }
+  catch { return `${v.toFixed(2)} ${currency || ''}`; }
+}
+function fmtDate(s) {
+  if (!s) return '—';
+  const d = new Date(s.replace(' ', 'T') + (s.includes('Z') ? '' : 'Z'));
+  if (isNaN(+d)) return s;
+  return d.toISOString().replace('T', ' ').slice(0, 16) + ' UTC';
+}
+function shortId(id, n = 12) { return id ? id.slice(0, n) + '…' : '—'; }
+
+async function loadStats() {
+  try {
+    const r = await fetch('/api/atp/platform/stats').then(r => r.json());
+    const s = r.data || {};
+    $('s-count').innerHTML = (s.receipts || 0).toLocaleString();
+    // total_cents is mixed currency; show approximate USD-equivalent string with note
+    $('s-total').innerHTML = `${fmtMoney(s.total_cents || 0, 'USD')} <small>gross</small>`;
+    $('s-first').innerHTML = s.first_at ? fmtDate(s.first_at) : '—';
+    $('s-last').innerHTML  = s.last_at  ? fmtDate(s.last_at)  : '—';
+  } catch (e) {
+    $('s-count').textContent = 'n/a';
+  }
+}
+
+async function verifyReceipt(receiptId, btn) {
+  btn.classList.add('loading');
+  btn.textContent = 'verifying…';
+  try {
+    const r = await fetch('/api/atp/receipts/verify', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ receipt_id: receiptId })
+    }).then(r => r.json());
+    btn.classList.remove('loading');
+    if (r.ok && r.verification && r.verification.ok) {
+      btn.classList.remove('bad');
+      btn.innerHTML = '✓ signature valid';
+    } else {
+      btn.classList.add('bad');
+      btn.textContent = '✗ ' + ((r.verification && r.verification.reason) || 'invalid');
+    }
+  } catch (e) {
+    btn.classList.remove('loading');
+    btn.classList.add('bad');
+    btn.textContent = '✗ network';
+  }
+}
+
+async function loadReceipts() {
+  try {
+    const r = await fetch('/api/atp/platform/receipts?limit=50').then(r => r.json());
+    const rows = (r.data || []);
+    const tb = $('rows');
+    if (!rows.length) {
+      tb.innerHTML = `<tr><td colspan="6" class="empty">
+        No platform receipts yet. Receipts appear automatically when Stripe settles a subscription.<br>
+        Try the protocol with your own intent at <code>/atp.html</code>.
+      </td></tr>`;
+      return;
+    }
+    tb.innerHTML = rows.map(row => `
+      <tr>
+        <td>${fmtDate(row.issued_at)}</td>
+        <td><span class="tier ${(row.tier || '').toLowerCase()}">${row.tier || '—'}</span></td>
+        <td class="mono">${fmtMoney(row.amount_cents, row.currency)}</td>
+        <td class="mono receipt-id" title="${row.receipt_id}">
+          <a href="/api/atp/receipts/${row.receipt_id}" target="_blank" rel="noopener">${shortId(row.receipt_id, 22)}</a>
+        </td>
+        <td class="mono">${shortId(row.key_id, 10)}</td>
+        <td style="text-align:right;">
+          <button class="badge-verify" data-rid="${row.receipt_id}">Verify</button>
+        </td>
+      </tr>
+    `).join('');
+    tb.querySelectorAll('.badge-verify').forEach(btn => {
+      btn.addEventListener('click', () => verifyReceipt(btn.dataset.rid, btn));
+    });
+  } catch (e) {
+    $('rows').innerHTML = `<tr><td colspan="6" class="empty">Failed to load: ${e.message}</td></tr>`;
+  }
+}
+
+loadStats();
+loadReceipts();
+</script>
+</body>
+</html>

package/sdk/atp.js

@@ -0,0 +1,103 @@
+'use strict';
+
+/**
+ * WAB ATP Client — Agent Transaction Primitive (v3.9.0)
+ *
+ * A tiny, zero-dependency client (uses global fetch from Node 18+) that
+ * lets agents drive the four ATP lifecycle steps against a WAB server:
+ *
+ *   1. createIntent()    — declare what the user authorized
+ *   2. authorizeIntent() — user confirms the contract
+ *   3. beginTransaction() / step() / transition() — idempotent execution
+ *   4. issueReceipt()    — fetch the signed receipt
+ *   5. verifyReceipt()   — public verification (no auth)
+ *
+ * Example:
+ *   const atp = new ATPClient({ baseUrl: 'https://webagentbridge.com', token: jwt });
+ *   const intent = await atp.createIntent({
+ *     purpose: 'Buy a book ≤ €30',
+ *     scope: { actions: ['search','add_to_cart','checkout'] },
+ *     spend_cap_cents: 3000, ttl_seconds: 600,
+ *   });
+ *   await atp.authorizeIntent(intent.id);
+ *   const tx = await atp.beginTransaction({
+ *     intent_id: intent.id, amount_cents: 1500,
+ *     idempotency_key: `order-${Date.now()}`,
+ *   });
+ *   await atp.transition(tx.id, 'executing');
+ *   await atp.step(tx.id, { action: 'checkout.confirm', evidence: { order_id: 'X1' } });
+ *   await atp.transition(tx.id, 'executed');
+ *   await atp.transition(tx.id, 'settled');
+ *   const receipt = await atp.issueReceipt(tx.id);
+ *   const ok = await atp.verifyReceipt(receipt.id);
+ *   console.log('verified?', ok.verification.ok);
+ */
+
+class ATPError extends Error {
+  constructor(message, { status, code, body } = {}) {
+    super(message);
+    this.name = 'ATPError';
+    this.status = status;
+    this.code = code;
+    this.body = body;
+  }
+}
+
+class ATPClient {
+  constructor({ baseUrl, token = null, fetchImpl = null } = {}) {
+    if (!baseUrl) throw new Error('ATPClient: baseUrl required');
+    this.baseUrl = baseUrl.replace(/\/$/, '');
+    this.token = token;
+    this._fetch = fetchImpl || (typeof fetch !== 'undefined' ? fetch : null);
+    if (!this._fetch) throw new Error('ATPClient: no fetch available (Node 18+ or supply fetchImpl)');
+  }
+
+  async _req(method, path, { body, headers = {}, auth = true } = {}) {
+    const h = { 'content-type': 'application/json', ...headers };
+    if (auth && this.token) h.authorization = `Bearer ${this.token}`;
+    const res = await this._fetch(this.baseUrl + path, {
+      method,
+      headers: h,
+      body: body ? JSON.stringify(body) : undefined,
+    });
+    let json = null;
+    try { json = await res.json(); } catch { /* non-JSON body */ }
+    if (!res.ok || (json && json.ok === false)) {
+      throw new ATPError(json?.message || `HTTP ${res.status}`, {
+        status: res.status, code: json?.error, body: json,
+      });
+    }
+    return json && json.data !== undefined ? json.data : json;
+  }
+
+  // ── Intents ───────────────────────────────────────────────────────────────
+  createIntent(body)            { return this._req('POST', '/api/atp/intents', { body }); }
+  listIntents(params = {})      {
+    const q = new URLSearchParams(params).toString();
+    return this._req('GET', '/api/atp/intents' + (q ? '?' + q : ''));
+  }
+  getIntent(id)                 { return this._req('GET', `/api/atp/intents/${encodeURIComponent(id)}`); }
+  authorizeIntent(id)           { return this._req('POST', `/api/atp/intents/${encodeURIComponent(id)}/authorize`); }
+  revokeIntent(id, reason)      { return this._req('POST', `/api/atp/intents/${encodeURIComponent(id)}/revoke`, { body: { reason } }); }
+
+  // ── Transactions ──────────────────────────────────────────────────────────
+  beginTransaction(body) {
+    const { idempotency_key, ...rest } = body;
+    const headers = idempotency_key ? { 'idempotency-key': idempotency_key } : {};
+    return this._req('POST', '/api/atp/transactions', { body: rest, headers });
+  }
+  getTransaction(id)            { return this._req('GET', `/api/atp/transactions/${encodeURIComponent(id)}`); }
+  step(id, body)                { return this._req('POST', `/api/atp/transactions/${encodeURIComponent(id)}/steps`, { body }); }
+  transition(id, to, extra = {}) { return this._req('POST', `/api/atp/transactions/${encodeURIComponent(id)}/transition`, { body: { to, ...extra } }); }
+  compensate(id, reason)        { return this._req('POST', `/api/atp/transactions/${encodeURIComponent(id)}/compensate`, { body: { reason } }); }
+
+  // ── Receipts ──────────────────────────────────────────────────────────────
+  issueReceipt(txId)            { return this._req('POST', `/api/atp/transactions/${encodeURIComponent(txId)}/receipt`); }
+  getReceipt(receiptId)         { return this._req('GET', `/api/atp/receipts/${encodeURIComponent(receiptId)}`, { auth: false }); }
+  verifyReceipt(input) {
+    const body = typeof input === 'string' ? { id: input } : { receipt: input };
+    return this._req('POST', '/api/atp/receipts/verify', { body, auth: false });
+  }
+}
+
+module.exports = { ATPClient, ATPError };