@agent-score/commerce 1.2.0 → 1.3.0

package/dist/discovery/index.d.mts

@@ -1,5 +1,5 @@
-import { R as RailKey, C as CompatibleClients } from '../agent_instructions-d3UWTdam.mjs';
-export { c as compatibleClientsByRails } from '../agent_instructions-d3UWTdam.mjs';
+import { R as RailKey, C as CompatibleClients } from '../agent_instructions-DiMSGkdm.mjs';
+export { f as compatibleClientsByRails } from '../agent_instructions-DiMSGkdm.mjs';
 
 /**
  * Build a sample x402 accepts entry for a CAIP-2 network. Looks up the USDC asset
@@ -180,6 +180,40 @@ interface WellKnownMppInput {
  */
 declare function buildWellKnownMpp(input: WellKnownMppInput): Record<string, unknown>;
 
+/**
+ * `buildWellKnownX402`: emits the x402scan v1 `/.well-known/x402` discovery shape.
+ *
+ * x402scan accepts three discovery strategies (OpenAPI > `/.well-known/x402` > endpoint
+ * probe). Most AgentScore merchants already publish a richer `/.well-known/mpp.json`,
+ * but x402scan's strict parser only reads the v1 shape, so we emit both. The two
+ * coexist on different paths.
+ *
+ * Spec (verbatim, x402scan):
+ *
+ *   {
+ *     "version": 1,
+ *     "resources": ["POST /api/route", ...]
+ *   }
+ *
+ * Resource entries are `"METHOD /path"` strings, not objects. Runtime 402 behavior
+ * is authoritative over this static metadata.
+ */
+interface WellKnownX402Resource {
+    /** HTTP method, uppercase: `'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE'`. */
+    method: string;
+    /** Path, leading slash: `'/purchase'`. */
+    path: string;
+}
+interface BuildWellKnownX402Input {
+    /** Invocable, payment-required routes. Each entry becomes `"METHOD /path"`. */
+    resources: WellKnownX402Resource[];
+}
+interface WellKnownX402Document {
+    version: 1;
+    resources: string[];
+}
+declare function buildWellKnownX402(input: BuildWellKnownX402Input): WellKnownX402Document;
+
 interface LlmsTxtIdentitySectionInput {
     /** When true, include the AgentScore identity-paths explanation (wallet vs operator-token). */
     agentscore?: boolean;
@@ -199,7 +233,7 @@ interface LlmsTxtIdentitySectionInput {
 declare function llmsTxtIdentitySection(input?: LlmsTxtIdentitySectionInput): string;
 interface LlmsTxtPaymentSectionInput {
     /** Symbolic rail names supported. */
-    rails: ('tempo-mainnet' | 'tempo-testnet' | 'x402-base-mainnet' | 'x402-base-sepolia' | 'x402-solana-mainnet' | 'x402-solana-devnet' | 'stripe-spt' | string)[];
+    rails: ('tempo-mainnet' | 'tempo-testnet' | 'x402-base-mainnet' | 'x402-base-sepolia' | 'mpp-solana-mainnet' | 'mpp-solana-devnet' | 'stripe-spt' | string)[];
     /** Merchant URL — used in the example commands. */
     appUrl: string;
     /**
@@ -253,8 +287,20 @@ declare function buildLlmsTxt(input: BuildLlmsTxtInput): string;
  */
 /**
  * Standard AgentScore identity security schemes. Plug into `components.securitySchemes`.
+ *
+ * Includes `siwx` (Sign-In With X) per the x402scan discovery spec so identity-gated
+ * operations can declare `security: [{ siwx: [] }]` and stay classified as identity-only,
+ * not paid.
  */
 declare function agentscoreSecuritySchemes(): Record<string, unknown>;
+/**
+ * Sign-In With X security scheme entry, per the x402scan discovery spec.
+ *
+ * Reference it on identity-gated (but free) operations as
+ * `security: [{ siwx: [] }]`. Do NOT also attach `x-payment-info` to those routes,
+ * x402scan will misclassify them as paid.
+ */
+declare function siwxSecurityScheme(): Record<string, unknown>;
 /**
  * Standard AgentScore denial response schemas. Plug into `components.schemas` so OpenAPI
  * validators understand the 403 body shape across denial codes.
@@ -266,6 +312,84 @@ declare function agentscoreDenialSchemas(): Record<string, unknown>;
  * fields a typical merchant emits via build402Body.
  */
 declare function agentscorePaymentRequiredSchema(): Record<string, unknown>;
+/**
+ * Per-operation `x-payment-info` extension, per the x402scan discovery spec.
+ *
+ * Every payment-required OpenAPI operation should carry this block alongside a
+ * 402 response. Tells discovery crawlers (x402scan, agent CLIs) the static price
+ * and which protocols the route accepts. Runtime 402 behavior is authoritative
+ * over this static metadata; the static side is for indexability.
+ *
+ * @example fixed price across x402 + MPP Tempo
+ * ```ts
+ * Object.assign(operation, {
+ *   ...xPaymentInfoExtension({
+ *     price: { mode: 'fixed', currency: 'USD', amount: '0.10' },
+ *     protocols: [
+ *       { x402: {} },
+ *       { mpp: { method: 'tempo/charge', intent: 'pay', currency: 'USD' } },
+ *     ],
+ *   }),
+ *   responses: {
+ *     '200': {...},
+ *     '402': { description: 'Payment Required' },
+ *   },
+ * });
+ * ```
+ */
+interface XPaymentInfoFixedPrice {
+    mode: 'fixed';
+    currency: string;
+    amount: string;
+}
+interface XPaymentInfoDynamicPrice {
+    mode: 'dynamic';
+    currency: string;
+    min: string;
+    max: string;
+}
+type XPaymentInfoPrice = XPaymentInfoFixedPrice | XPaymentInfoDynamicPrice;
+interface XPaymentInfoX402Protocol {
+    x402: Record<string, unknown>;
+}
+interface XPaymentInfoMppProtocol {
+    mpp: {
+        method: string;
+        intent: string;
+        currency: string;
+    };
+}
+type XPaymentInfoProtocol = XPaymentInfoX402Protocol | XPaymentInfoMppProtocol;
+interface XPaymentInfoInput {
+    price: XPaymentInfoPrice;
+    protocols: XPaymentInfoProtocol[];
+}
+declare function xPaymentInfoExtension(input: XPaymentInfoInput): {
+    'x-payment-info': {
+        price: XPaymentInfoPrice;
+        protocols: XPaymentInfoProtocol[];
+    };
+};
+/**
+ * `info.x-guidance` extension, per the x402scan discovery spec. Spread into your
+ * OpenAPI document's `info` block to give agents a high-level prose description
+ * of how to use the API. Discovery crawlers surface this on the listing page.
+ *
+ * @example
+ * ```ts
+ * const spec = {
+ *   openapi: '3.1.0',
+ *   info: {
+ *     title: 'My Merchant API',
+ *     version: '1.0',
+ *     ...xGuidanceExtension('Wine merchant. POST /purchase with a verified operator token...'),
+ *   },
+ * };
+ * ```
+ */
+declare function xGuidanceExtension(text: string): {
+    'x-guidance': string;
+};
 interface BuildAgentScoreOpenApiSnippetsInput {
     /** Include security schemes in the snippet. Default true. */
     security?: boolean;
@@ -411,7 +535,7 @@ interface SkillMdLink {
 interface BuildSkillMdInput {
     /** Skill manifest identifier — kebab-case per agentskills.io spec: 1-64 chars, lowercase
      *  alphanumeric + hyphens, no leading/trailing/consecutive hyphens. Validated at build
-     *  time; invalid names throw. e.g. 'martin-estate-wine-commerce'. */
+     *  time; invalid names throw. e.g. 'example-merchant-commerce'. */
     name: string;
     /** Skill description — agentskills.io spec: 1-1024 chars, non-empty. Should describe both
      *  what the skill does AND when to use it; imperative phrasing recommended ("Use when…").
@@ -435,7 +559,7 @@ interface BuildSkillMdInput {
     /** Additional caller-defined metadata entries — flat key/value strings nested under
      *  `metadata:`. Spec requires string values. */
     metadata?: Record<string, string | number>;
-    /** Human display name (e.g. "Martin Estate Winery"). */
+    /** Human display name (e.g. "Example Merchant"). */
     merchantName: string;
     /** Optional one-line tagline appearing under the title. */
     tagline?: string;
@@ -498,4 +622,4 @@ interface BuildSkillMdInput {
  */
 declare function buildSkillMd(input: BuildSkillMdInput): string;
 
-export { type BazaarDiscoveryConfig, type BuildAgentScoreOpenApiSnippetsInput, type BuildLlmsTxtInput, type BuildSkillMdInput, CompatibleClients, type DiscoveryProbeOptions, type DiscoveryProbeResponse, type LlmsTxtIdentitySectionInput, type LlmsTxtPaymentSectionInput, type NoindexNonDiscoveryOptions, type PaymentMethodConfig, RailKey, type RequestLike, type SkillMdEndpoint, type SkillMdIdentityRequirements, type SkillMdLink, type SkillMdShippingPolicy, type WellKnownMppInput, agentscoreDenialSchemas, agentscoreOpenApiSnippets, agentscorePaymentRequiredSchema, agentscoreSecuritySchemes, applyNoindexHeader, buildDiscoveryProbeResponse, buildLlmsTxt, buildSkillMd, buildWellKnownMpp, createBazaarDiscovery, defaultDiscoveryPaths, isDiscoveryPath, isDiscoveryProbeRequest, llmsTxtIdentitySection, llmsTxtPaymentSection, noindexNonDiscoveryPaths, noindexNonDiscoveryPathsExpress, noindexNonDiscoveryPathsFastify, sampleX402AcceptForNetwork, wrapNoindexResponse };
+export { type BazaarDiscoveryConfig, type BuildAgentScoreOpenApiSnippetsInput, type BuildLlmsTxtInput, type BuildSkillMdInput, type BuildWellKnownX402Input, CompatibleClients, type DiscoveryProbeOptions, type DiscoveryProbeResponse, type LlmsTxtIdentitySectionInput, type LlmsTxtPaymentSectionInput, type NoindexNonDiscoveryOptions, type PaymentMethodConfig, RailKey, type RequestLike, type SkillMdEndpoint, type SkillMdIdentityRequirements, type SkillMdLink, type SkillMdShippingPolicy, type WellKnownMppInput, type WellKnownX402Document, type WellKnownX402Resource, type XPaymentInfoDynamicPrice, type XPaymentInfoFixedPrice, type XPaymentInfoInput, type XPaymentInfoMppProtocol, type XPaymentInfoPrice, type XPaymentInfoProtocol, type XPaymentInfoX402Protocol, agentscoreDenialSchemas, agentscoreOpenApiSnippets, agentscorePaymentRequiredSchema, agentscoreSecuritySchemes, applyNoindexHeader, buildDiscoveryProbeResponse, buildLlmsTxt, buildSkillMd, buildWellKnownMpp, buildWellKnownX402, createBazaarDiscovery, defaultDiscoveryPaths, isDiscoveryPath, isDiscoveryProbeRequest, llmsTxtIdentitySection, llmsTxtPaymentSection, noindexNonDiscoveryPaths, noindexNonDiscoveryPathsExpress, noindexNonDiscoveryPathsFastify, sampleX402AcceptForNetwork, siwxSecurityScheme, wrapNoindexResponse, xGuidanceExtension, xPaymentInfoExtension };

package/dist/discovery/index.d.ts

@@ -1,5 +1,5 @@
-import { R as RailKey, C as CompatibleClients } from '../agent_instructions-d3UWTdam.js';
-export { c as compatibleClientsByRails } from '../agent_instructions-d3UWTdam.js';
+import { R as RailKey, C as CompatibleClients } from '../agent_instructions-DiMSGkdm.js';
+export { f as compatibleClientsByRails } from '../agent_instructions-DiMSGkdm.js';
 
 /**
  * Build a sample x402 accepts entry for a CAIP-2 network. Looks up the USDC asset
@@ -180,6 +180,40 @@ interface WellKnownMppInput {
  */
 declare function buildWellKnownMpp(input: WellKnownMppInput): Record<string, unknown>;
 
+/**
+ * `buildWellKnownX402`: emits the x402scan v1 `/.well-known/x402` discovery shape.
+ *
+ * x402scan accepts three discovery strategies (OpenAPI > `/.well-known/x402` > endpoint
+ * probe). Most AgentScore merchants already publish a richer `/.well-known/mpp.json`,
+ * but x402scan's strict parser only reads the v1 shape, so we emit both. The two
+ * coexist on different paths.
+ *
+ * Spec (verbatim, x402scan):
+ *
+ *   {
+ *     "version": 1,
+ *     "resources": ["POST /api/route", ...]
+ *   }
+ *
+ * Resource entries are `"METHOD /path"` strings, not objects. Runtime 402 behavior
+ * is authoritative over this static metadata.
+ */
+interface WellKnownX402Resource {
+    /** HTTP method, uppercase: `'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE'`. */
+    method: string;
+    /** Path, leading slash: `'/purchase'`. */
+    path: string;
+}
+interface BuildWellKnownX402Input {
+    /** Invocable, payment-required routes. Each entry becomes `"METHOD /path"`. */
+    resources: WellKnownX402Resource[];
+}
+interface WellKnownX402Document {
+    version: 1;
+    resources: string[];
+}
+declare function buildWellKnownX402(input: BuildWellKnownX402Input): WellKnownX402Document;
+
 interface LlmsTxtIdentitySectionInput {
     /** When true, include the AgentScore identity-paths explanation (wallet vs operator-token). */
     agentscore?: boolean;
@@ -199,7 +233,7 @@ interface LlmsTxtIdentitySectionInput {
 declare function llmsTxtIdentitySection(input?: LlmsTxtIdentitySectionInput): string;
 interface LlmsTxtPaymentSectionInput {
     /** Symbolic rail names supported. */
-    rails: ('tempo-mainnet' | 'tempo-testnet' | 'x402-base-mainnet' | 'x402-base-sepolia' | 'x402-solana-mainnet' | 'x402-solana-devnet' | 'stripe-spt' | string)[];
+    rails: ('tempo-mainnet' | 'tempo-testnet' | 'x402-base-mainnet' | 'x402-base-sepolia' | 'mpp-solana-mainnet' | 'mpp-solana-devnet' | 'stripe-spt' | string)[];
     /** Merchant URL — used in the example commands. */
     appUrl: string;
     /**
@@ -253,8 +287,20 @@ declare function buildLlmsTxt(input: BuildLlmsTxtInput): string;
  */
 /**
  * Standard AgentScore identity security schemes. Plug into `components.securitySchemes`.
+ *
+ * Includes `siwx` (Sign-In With X) per the x402scan discovery spec so identity-gated
+ * operations can declare `security: [{ siwx: [] }]` and stay classified as identity-only,
+ * not paid.
  */
 declare function agentscoreSecuritySchemes(): Record<string, unknown>;
+/**
+ * Sign-In With X security scheme entry, per the x402scan discovery spec.
+ *
+ * Reference it on identity-gated (but free) operations as
+ * `security: [{ siwx: [] }]`. Do NOT also attach `x-payment-info` to those routes,
+ * x402scan will misclassify them as paid.
+ */
+declare function siwxSecurityScheme(): Record<string, unknown>;
 /**
  * Standard AgentScore denial response schemas. Plug into `components.schemas` so OpenAPI
  * validators understand the 403 body shape across denial codes.
@@ -266,6 +312,84 @@ declare function agentscoreDenialSchemas(): Record<string, unknown>;
  * fields a typical merchant emits via build402Body.
  */
 declare function agentscorePaymentRequiredSchema(): Record<string, unknown>;
+/**
+ * Per-operation `x-payment-info` extension, per the x402scan discovery spec.
+ *
+ * Every payment-required OpenAPI operation should carry this block alongside a
+ * 402 response. Tells discovery crawlers (x402scan, agent CLIs) the static price
+ * and which protocols the route accepts. Runtime 402 behavior is authoritative
+ * over this static metadata; the static side is for indexability.
+ *
+ * @example fixed price across x402 + MPP Tempo
+ * ```ts
+ * Object.assign(operation, {
+ *   ...xPaymentInfoExtension({
+ *     price: { mode: 'fixed', currency: 'USD', amount: '0.10' },
+ *     protocols: [
+ *       { x402: {} },
+ *       { mpp: { method: 'tempo/charge', intent: 'pay', currency: 'USD' } },
+ *     ],
+ *   }),
+ *   responses: {
+ *     '200': {...},
+ *     '402': { description: 'Payment Required' },
+ *   },
+ * });
+ * ```
+ */
+interface XPaymentInfoFixedPrice {
+    mode: 'fixed';
+    currency: string;
+    amount: string;
+}
+interface XPaymentInfoDynamicPrice {
+    mode: 'dynamic';
+    currency: string;
+    min: string;
+    max: string;
+}
+type XPaymentInfoPrice = XPaymentInfoFixedPrice | XPaymentInfoDynamicPrice;
+interface XPaymentInfoX402Protocol {
+    x402: Record<string, unknown>;
+}
+interface XPaymentInfoMppProtocol {
+    mpp: {
+        method: string;
+        intent: string;
+        currency: string;
+    };
+}
+type XPaymentInfoProtocol = XPaymentInfoX402Protocol | XPaymentInfoMppProtocol;
+interface XPaymentInfoInput {
+    price: XPaymentInfoPrice;
+    protocols: XPaymentInfoProtocol[];
+}
+declare function xPaymentInfoExtension(input: XPaymentInfoInput): {
+    'x-payment-info': {
+        price: XPaymentInfoPrice;
+        protocols: XPaymentInfoProtocol[];
+    };
+};
+/**
+ * `info.x-guidance` extension, per the x402scan discovery spec. Spread into your
+ * OpenAPI document's `info` block to give agents a high-level prose description
+ * of how to use the API. Discovery crawlers surface this on the listing page.
+ *
+ * @example
+ * ```ts
+ * const spec = {
+ *   openapi: '3.1.0',
+ *   info: {
+ *     title: 'My Merchant API',
+ *     version: '1.0',
+ *     ...xGuidanceExtension('Wine merchant. POST /purchase with a verified operator token...'),
+ *   },
+ * };
+ * ```
+ */
+declare function xGuidanceExtension(text: string): {
+    'x-guidance': string;
+};
 interface BuildAgentScoreOpenApiSnippetsInput {
     /** Include security schemes in the snippet. Default true. */
     security?: boolean;
@@ -411,7 +535,7 @@ interface SkillMdLink {
 interface BuildSkillMdInput {
     /** Skill manifest identifier — kebab-case per agentskills.io spec: 1-64 chars, lowercase
      *  alphanumeric + hyphens, no leading/trailing/consecutive hyphens. Validated at build
-     *  time; invalid names throw. e.g. 'martin-estate-wine-commerce'. */
+     *  time; invalid names throw. e.g. 'example-merchant-commerce'. */
     name: string;
     /** Skill description — agentskills.io spec: 1-1024 chars, non-empty. Should describe both
      *  what the skill does AND when to use it; imperative phrasing recommended ("Use when…").
@@ -435,7 +559,7 @@ interface BuildSkillMdInput {
     /** Additional caller-defined metadata entries — flat key/value strings nested under
      *  `metadata:`. Spec requires string values. */
     metadata?: Record<string, string | number>;
-    /** Human display name (e.g. "Martin Estate Winery"). */
+    /** Human display name (e.g. "Example Merchant"). */
     merchantName: string;
     /** Optional one-line tagline appearing under the title. */
     tagline?: string;
@@ -498,4 +622,4 @@ interface BuildSkillMdInput {
  */
 declare function buildSkillMd(input: BuildSkillMdInput): string;
 
-export { type BazaarDiscoveryConfig, type BuildAgentScoreOpenApiSnippetsInput, type BuildLlmsTxtInput, type BuildSkillMdInput, CompatibleClients, type DiscoveryProbeOptions, type DiscoveryProbeResponse, type LlmsTxtIdentitySectionInput, type LlmsTxtPaymentSectionInput, type NoindexNonDiscoveryOptions, type PaymentMethodConfig, RailKey, type RequestLike, type SkillMdEndpoint, type SkillMdIdentityRequirements, type SkillMdLink, type SkillMdShippingPolicy, type WellKnownMppInput, agentscoreDenialSchemas, agentscoreOpenApiSnippets, agentscorePaymentRequiredSchema, agentscoreSecuritySchemes, applyNoindexHeader, buildDiscoveryProbeResponse, buildLlmsTxt, buildSkillMd, buildWellKnownMpp, createBazaarDiscovery, defaultDiscoveryPaths, isDiscoveryPath, isDiscoveryProbeRequest, llmsTxtIdentitySection, llmsTxtPaymentSection, noindexNonDiscoveryPaths, noindexNonDiscoveryPathsExpress, noindexNonDiscoveryPathsFastify, sampleX402AcceptForNetwork, wrapNoindexResponse };
+export { type BazaarDiscoveryConfig, type BuildAgentScoreOpenApiSnippetsInput, type BuildLlmsTxtInput, type BuildSkillMdInput, type BuildWellKnownX402Input, CompatibleClients, type DiscoveryProbeOptions, type DiscoveryProbeResponse, type LlmsTxtIdentitySectionInput, type LlmsTxtPaymentSectionInput, type NoindexNonDiscoveryOptions, type PaymentMethodConfig, RailKey, type RequestLike, type SkillMdEndpoint, type SkillMdIdentityRequirements, type SkillMdLink, type SkillMdShippingPolicy, type WellKnownMppInput, type WellKnownX402Document, type WellKnownX402Resource, type XPaymentInfoDynamicPrice, type XPaymentInfoFixedPrice, type XPaymentInfoInput, type XPaymentInfoMppProtocol, type XPaymentInfoPrice, type XPaymentInfoProtocol, type XPaymentInfoX402Protocol, agentscoreDenialSchemas, agentscoreOpenApiSnippets, agentscorePaymentRequiredSchema, agentscoreSecuritySchemes, applyNoindexHeader, buildDiscoveryProbeResponse, buildLlmsTxt, buildSkillMd, buildWellKnownMpp, buildWellKnownX402, createBazaarDiscovery, defaultDiscoveryPaths, isDiscoveryPath, isDiscoveryProbeRequest, llmsTxtIdentitySection, llmsTxtPaymentSection, noindexNonDiscoveryPaths, noindexNonDiscoveryPathsExpress, noindexNonDiscoveryPathsFastify, sampleX402AcceptForNetwork, siwxSecurityScheme, wrapNoindexResponse, xGuidanceExtension, xPaymentInfoExtension };

package/dist/discovery/index.js

@@ -29,6 +29,7 @@ __export(discovery_exports, {
   buildLlmsTxt: () => buildLlmsTxt,
   buildSkillMd: () => buildSkillMd,
   buildWellKnownMpp: () => buildWellKnownMpp,
+  buildWellKnownX402: () => buildWellKnownX402,
   compatibleClientsByRails: () => compatibleClientsByRails,
   createBazaarDiscovery: () => createBazaarDiscovery,
   defaultDiscoveryPaths: () => defaultDiscoveryPaths,
@@ -40,7 +41,10 @@ __export(discovery_exports, {
   noindexNonDiscoveryPathsExpress: () => noindexNonDiscoveryPathsExpress,
   noindexNonDiscoveryPathsFastify: () => noindexNonDiscoveryPathsFastify,
   sampleX402AcceptForNetwork: () => sampleX402AcceptForNetwork,
-  wrapNoindexResponse: () => wrapNoindexResponse
+  siwxSecurityScheme: () => siwxSecurityScheme,
+  wrapNoindexResponse: () => wrapNoindexResponse,
+  xGuidanceExtension: () => xGuidanceExtension,
+  xPaymentInfoExtension: () => xPaymentInfoExtension
 });
 module.exports = __toCommonJS(discovery_exports);
 
@@ -129,15 +133,15 @@ var rails = {
     decimals: USDC.base.sepolia.decimals,
     asset: USDC.base.sepolia.address
   },
-  "x402-solana-mainnet": {
-    method: "x402",
+  "mpp-solana-mainnet": {
+    method: "solana",
     network: networks.solana.mainnet.caip2,
     currency: USDC.solana.mainnet.mint,
     decimals: USDC.solana.mainnet.decimals,
     asset: USDC.solana.mainnet.mint
   },
-  "x402-solana-devnet": {
-    method: "x402",
+  "mpp-solana-devnet": {
+    method: "solana",
     network: networks.solana.devnet.caip2,
     currency: USDC.solana.devnet.mint,
     decimals: USDC.solana.devnet.decimals,
@@ -326,6 +330,14 @@ function buildWellKnownMpp(input) {
   };
 }
 
+// src/discovery/well_known_x402.ts
+function buildWellKnownX402(input) {
+  return {
+    version: 1,
+    resources: input.resources.map((r) => `${r.method.toUpperCase()} ${r.path}`)
+  };
+}
+
 // src/discovery/llms_txt.ts
 function llmsTxtIdentitySection(input = {}) {
   if (!input.agentscore) {
@@ -340,19 +352,13 @@ Compliance: ${[
     compliance.allowed_jurisdictions?.length ? `${compliance.allowed_jurisdictions.join("/")} only` : null,
     compliance.require_sanctions_clear ? "sanctions clear" : null
   ].filter(Boolean).join(", ")}.` : "";
-  return `## Choose your identity header
+  return `## Identity
 
-AgentScore provides cross-merchant identity \u2014 one KYC works for every AgentScore-gated endpoint, no re-verification per site. Pick the right header based on how you plan to pay:
+AgentScore identity is reusable across every AgentScore-gated merchant \u2014 one KYC, no re-verification per site. Pick a header:
 
-- **Wallet-auth** (preferred for agents with a stable crypto wallet): send \`X-Wallet-Address: 0x...\`. Only works on rails that carry a wallet signature \u2014 Tempo MPP and x402 EIP-3009. The wallet you claim MUST sign the payment; we verify that the payment signer resolves to the same operator as the claimed wallet. No TTL, no rotation.
-- **Operator-token** (works for every rail): send \`X-Operator-Token: opc_...\`. Required when paying with Stripe SPT or card (those rails have no wallet signer). Reusable across every AgentScore merchant until the token expires.
-- **Neither**: you'll get 403 with \`verify_url\` + \`poll_secret\` \u2014 complete the session flow once, then reuse the credential (or any wallet that pays under it) forever.
-
-If you reach another AgentScore-gated endpoint in the future, the same credential and/or any linked wallet already works \u2014 skip the session flow.
-
-## Memory contract
-
-First-encounter 403 responses (and the POST /v1/sessions success body) include an \`agent_memory\` block describing how AgentScore identity works across merchants. LLM-hosted agents should persist its contents (the pattern, never secrets) so subsequent AgentScore-gated endpoints become returning-customer encounters.${complianceNote}`;
+- **\`X-Wallet-Address: 0x...\` or base58** \u2014 works on signing rails (Tempo, x402, Solana MPP). The wallet you claim must sign the payment.
+- **\`X-Operator-Token: opc_...\`** \u2014 works on every rail, including Stripe SPT. Reusable across AgentScore merchants until expiry.
+- **Neither** \u2014 you get a 403 with \`verify_url\`. Complete the session flow once and reuse the resulting \`opc_...\` everywhere.${complianceNote}`;
 }
 function llmsTxtPaymentSection(input) {
   return input.verbose ? llmsTxtPaymentSectionVerbose(input) : llmsTxtPaymentSectionCompact(input);
@@ -372,8 +378,8 @@ function llmsTxtPaymentSectionCompact(input) {
   if (hasRailFamily(rails2, "x402-base-")) {
     lines.push("- **x402 USDC on Base** (EIP-3009) \u2014 `agentscore-pay pay POST " + input.appUrl + ` --chain base -H "X-Operator-Token: opc_..." -d '{...}'\``);
   }
-  if (hasRailFamily(rails2, "x402-solana-")) {
-    lines.push("- **x402 USDC on Solana** (SPL Token) \u2014 `agentscore-pay pay POST " + input.appUrl + ` --chain solana -H "X-Operator-Token: opc_..." -d '{...}'\``);
+  if (hasRailFamily(rails2, "mpp-solana-")) {
+    lines.push("- **USDC on Solana** \u2014 `agentscore-pay pay POST " + input.appUrl + ` --chain solana -H "X-Operator-Token: opc_..." -d '{...}'\``);
   }
   if (rails2.includes("stripe-spt")) {
     lines.push("- **Stripe Shared Payment Token** \u2014 agent mints SPT (own Stripe account scoped to networkId, OR `link-cli spend-request create --credential-type shared_payment_token --network-id <profileId> ...`)");
@@ -389,72 +395,62 @@ function llmsTxtPaymentSectionVerbose(input) {
   const tempoChain = input.tempoChainId ?? 4217;
   const hasTempo = hasRailFamily(rails2, "tempo-");
   const hasBase = hasRailFamily(rails2, "x402-base-");
-  const hasSolana = hasRailFamily(rails2, "x402-solana-");
+  const hasSolana = hasRailFamily(rails2, "mpp-solana-");
   const hasStripe = rails2.includes("stripe-spt");
   const baseNetworkName = isTestnetRail(rails2, "x402-base-") ? "Base Sepolia" : "Base";
-  const solanaNetworkName = isTestnetRail(rails2, "x402-solana-") ? "Solana devnet" : "Solana";
+  const solanaNetworkName = isTestnetRail(rails2, "mpp-solana-") ? "Solana devnet" : "Solana";
   const lines = ["## Payment", ""];
-  lines.push("This is an agent-first API. All payments are initiated and completed by agents. The 402 challenge advertises:");
+  lines.push("Accepted rails:");
   lines.push("");
-  if (hasTempo) lines.push("- **Tempo USDC via MPP** (on-chain stablecoin)");
-  if (hasBase || hasSolana) {
-    const chains = [hasBase && `${baseNetworkName} (EIP-3009)`, hasSolana && `${solanaNetworkName} (SPL Token)`].filter(Boolean).join(" and ");
-    lines.push(`- **x402 USDC** on ${chains}, via the Coinbase facilitator`);
-  }
-  if (hasStripe) lines.push("- **Stripe Shared Payment Token** (agent mints SPT on their Stripe account scoped to our networkId in the challenge, submits it in the credential)");
+  if (hasTempo) lines.push("- **USDC on Tempo**");
+  if (hasBase) lines.push(`- **USDC on ${baseNetworkName}**`);
+  if (hasSolana) lines.push(`- **USDC on ${solanaNetworkName}**`);
+  if (hasStripe) lines.push("- **Stripe Shared Payment Token**");
   lines.push("");
   if (hasTempo) {
-    lines.push("### How to pay with Tempo");
+    lines.push("### Pay with Tempo");
     lines.push("");
-    lines.push("1. Install the Tempo CLI: curl -fsSL https://tempo.xyz/install | bash");
-    lines.push("2. Log in to your Tempo Wallet: tempo wallet login (passkey auth in browser)");
-    lines.push(`3. Confirm your balance: tempo wallet whoami (need USDC.e on ${tempoNetwork}, chain ${tempoChain})`);
-    lines.push("4. If balance is zero, fund it: tempo wallet fund");
-    lines.push("");
-    lines.push("Then use `tempo request` to make the paid purchase:");
+    lines.push("```bash");
+    lines.push("curl -fsSL https://tempo.xyz/install | bash");
+    lines.push("tempo wallet login");
+    lines.push(`tempo wallet whoami     # need USDC.e on ${tempoNetwork} (chain ${tempoChain})`);
+    lines.push("tempo wallet fund       # if zero");
     lines.push("");
     lines.push("tempo request -X POST \\");
-    lines.push('  -H "X-Operator-Token: opc_your_credential" \\');
-    lines.push('  -H "Content-Type: application/json" \\');
+    lines.push('  -H "X-Operator-Token: opc_..." \\');
     lines.push("  --json '{...}' \\");
     lines.push("  --max-spend N \\");
     lines.push(`  ${input.appUrl}`);
-    lines.push("");
-    lines.push(`\`tempo request\` handles the full MPP handshake: sends the POST, receives the 402 challenge, signs the payment on ${tempoNetwork}, submits the credential, and returns the completed order.`);
+    lines.push("```");
     lines.push("");
   }
   if (hasBase || hasSolana) {
     const chainsLabel = [hasBase && baseNetworkName, hasSolana && solanaNetworkName].filter(Boolean).join(" or ");
     const flags = [hasBase && "`--chain base`", hasSolana && "`--chain solana`"].filter(Boolean).join(" or ");
-    lines.push(`### How to pay with x402 (${chainsLabel})`);
-    lines.push("");
-    lines.push("1. Install the agentscore-pay CLI: npm install -g @agent-score/pay  (or: brew install agentscore/tap/agentscore-pay)");
-    lines.push(`2. Create a wallet on your chain of choice: agentscore-pay wallet create ${flags}`);
-    lines.push(`3. Fund the printed address with USDC on ${chainsLabel}`);
-    lines.push(`4. Confirm balance: agentscore-pay balance ${flags}`);
+    lines.push(`### Pay with ${chainsLabel}`);
     lines.push("");
-    lines.push("Then submit the paid purchase:");
+    lines.push("```bash");
+    lines.push("npm install -g @agent-score/pay");
+    lines.push(`agentscore-pay wallet create ${flags}`);
+    lines.push(`agentscore-pay balance ${flags}   # fund the printed address with USDC`);
     lines.push("");
     lines.push(`agentscore-pay pay POST ${input.appUrl} \\`);
     lines.push(`  ${hasBase ? "--chain base" : "--chain solana"} \\`);
-    lines.push('  -H "X-Operator-Token: opc_your_credential" \\');
-    lines.push('  -H "Content-Type: application/json" \\');
+    lines.push('  -H "X-Operator-Token: opc_..." \\');
     lines.push("  -d '{...}' \\");
     lines.push("  --max-spend N");
-    lines.push("");
-    const handshakeChains = [hasBase && "EIP-3009 (Base)", hasSolana && "SPL Token (Solana)"].filter(Boolean).join(" or ");
-    lines.push(`The CLI handles the full x402 handshake: hits the URL, parses the 402 challenge, signs the ${handshakeChains} transaction, submits via X-Payment header, and returns the completed order.`);
+    lines.push("```");
     lines.push("");
   }
   if (hasStripe) {
-    lines.push("### How to pay with Stripe SPT");
+    lines.push("### Pay with Stripe SPT");
     lines.push("");
-    lines.push("Mint a SharedPaymentToken scoped to the profile_id advertised in `accepted_methods.stripe.profile_id`, then submit via `Authorization: Payment` MPP header with `method=stripe/charge`. Either bring your own Stripe account or use `link-cli spend-request create --credential-type shared_payment_token --network-id <profileId> ...` for users with Stripe Link wallets.");
+    lines.push("Mint a SharedPaymentToken scoped to the `profile_id` from the 402 body, then submit via `Authorization: Payment` with `method=stripe/charge`. Either your own Stripe account or `link-cli spend-request create --credential-type shared_payment_token --network-id <profileId> ...` for Stripe Link wallets.");
     lines.push("");
   }
-  lines.push("IMPORTANT: Do NOT use `tempo wallet transfer` or send USDC manually to the x402 deposit addresses \u2014 those bypass the payment handshake and your order will stay in pending_identity.");
+  lines.push("IMPORTANT: Use the CLIs above. Raw on-chain transfers (e.g. `tempo wallet transfer`, sending USDC manually to deposit addresses) bypass the protocol handshake and the order will not complete.");
   if (hasBase || hasSolana) {
-    lines.push("IMPORTANT: x402 payments must be the exact amount specified in the 402 challenge. Overpayments and underpayments cannot be matched and funds may be unrecoverable.");
+    lines.push("IMPORTANT: Pay the exact amount in the 402 challenge. Overpayments and underpayments cannot be matched.");
   }
   lines.push("");
   return lines.join("\n");
@@ -495,7 +491,16 @@ function agentscoreSecuritySchemes() {
       in: "header",
       name: "X-Wallet-Address",
       description: "Wallet-path identity (0x... or base58). Only works on rails that carry a wallet signature (Tempo MPP, x402 EIP-3009, x402 SPL Token). The wallet you claim MUST sign the payment."
-    }
+    },
+    siwx: siwxSecurityScheme()
+  };
+}
+function siwxSecurityScheme() {
+  return {
+    type: "http",
+    scheme: "bearer",
+    bearerFormat: "SIWX",
+    description: "Sign-In With X wallet authentication. Agent signs a challenge with their wallet (any supported chain) and presents the proof in the Authorization header. Used for identity-gated free endpoints; payment-required endpoints declare x-payment-info instead."
   };
 }
 function agentscoreDenialSchemas() {
@@ -568,6 +573,12 @@ function agentscorePaymentRequiredSchema() {
     }
   };
 }
+function xPaymentInfoExtension(input) {
+  return { "x-payment-info": { price: input.price, protocols: input.protocols } };
+}
+function xGuidanceExtension(text) {
+  return { "x-guidance": text };
+}
 function agentscoreOpenApiSnippets(opts = {}) {
   const out = {};
   if (opts.security !== false) {
@@ -589,6 +600,7 @@ var defaultDiscoveryPaths = /* @__PURE__ */ new Set([
   "/skill.md",
   "/SKILL.md",
   "/.well-known/mpp.json",
+  "/.well-known/x402",
   "/.well-known/agent-card.json",
   "/.well-known/ucp",
   "/favicon.png",
@@ -659,7 +671,7 @@ var applyNoindexHeader = wrapNoindexResponse;
 var RAIL_CLIENTS = {
   tempo_mpp: ["agentscore-pay", "tempo request", "x402-proxy"],
   x402_base: ["agentscore-pay", "x402-proxy", "purl (omit --network flag)"],
-  x402_solana: ["agentscore-pay"],
+  solana_mpp: ["agentscore-pay"],
   stripe: ["link-cli"]
 };
 function compatibleClientsByRails(rails2) {
@@ -672,13 +684,13 @@ function compatibleClientsByRails(rails2) {
 var RAIL_LABELS = {
   tempo_mpp: "MPP on Tempo",
   x402_base: "x402 on Base",
-  x402_solana: "x402 on Solana",
+  solana_mpp: "MPP on Solana",
   stripe: "Stripe Shared Payment Token"
 };
 var RAIL_NOTES = {
   tempo_mpp: "USDC. Use `agentscore-pay --chain tempo` (or `tempo request`); MPP credential goes in `Authorization: Payment`.",
   x402_base: "USDC (EIP-3009). Use `agentscore-pay`; X-Payment header carries the signed credential.",
-  x402_solana: "USDC (SPL). Use `agentscore-pay`; X-Payment header carries the signed credential.",
+  solana_mpp: "USDC (SPL). Use `agentscore-pay --chain solana`; MPP credential goes in `Authorization: Payment`.",
   stripe: "Card via Link wallet. Use `@stripe/link-cli` \u2014 `agentscore-pay` emits the handoff hint when this rail is picked."
 };
 var NAME_RE = /^[a-z0-9]+(-[a-z0-9]+)*$/;
@@ -863,6 +875,7 @@ function buildSkillMd(input) {
   buildLlmsTxt,
   buildSkillMd,
   buildWellKnownMpp,
+  buildWellKnownX402,
   compatibleClientsByRails,
   createBazaarDiscovery,
   defaultDiscoveryPaths,
@@ -874,6 +887,9 @@ function buildSkillMd(input) {
   noindexNonDiscoveryPathsExpress,
   noindexNonDiscoveryPathsFastify,
   sampleX402AcceptForNetwork,
-  wrapNoindexResponse
+  siwxSecurityScheme,
+  wrapNoindexResponse,
+  xGuidanceExtension,
+  xPaymentInfoExtension
 });
 //# sourceMappingURL=index.js.map