@agentcash/discovery 0.1.3 → 1.0.0

package/dist/index.cjs

@@ -20,46 +20,132 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
-  DEFAULT_COMPAT_MODE: () => DEFAULT_COMPAT_MODE,
-  LEGACY_SUNSET_DATE: () => LEGACY_SUNSET_DATE,
-  STRICT_ESCALATION_CODES: () => STRICT_ESCALATION_CODES,
-  UPGRADE_WARNING_CODES: () => UPGRADE_WARNING_CODES,
+  AUDIT_CODES: () => AUDIT_CODES,
+  GuidanceMode: () => GuidanceMode,
   VALIDATION_CODES: () => VALIDATION_CODES,
-  auditContextHarness: () => auditContextHarness,
-  buildContextHarnessReport: () => buildContextHarnessReport,
-  computeUpgradeSignal: () => computeUpgradeSignal,
-  defaultHarnessProbeCandidates: () => defaultHarnessProbeCandidates,
-  discover: () => discover,
-  discoverDetailed: () => discoverDetailed,
-  discoverForMcp: () => discoverForMcp,
+  checkEndpointSchema: () => checkEndpointSchema,
+  checkL2ForOpenAPI: () => checkL2ForOpenAPI,
+  checkL2ForWellknown: () => checkL2ForWellknown,
+  checkL4ForOpenAPI: () => checkL4ForOpenAPI,
+  checkL4ForWellknown: () => checkL4ForWellknown,
+  discoverOriginSchema: () => discoverOriginSchema,
   evaluateMetadataCompleteness: () => evaluateMetadataCompleteness,
-  getHarnessClientProfile: () => getHarnessClientProfile,
-  inspectEndpointForMcp: () => inspectEndpointForMcp,
-  listHarnessClientProfiles: () => listHarnessClientProfiles,
+  getL3: () => getL3,
+  getL3ForOpenAPI: () => getL3ForOpenAPI,
+  getL3ForProbe: () => getL3ForProbe,
+  getOpenAPI: () => getOpenAPI,
+  getProbe: () => getProbe,
+  getWarningsForL2: () => getWarningsForL2,
+  getWarningsForL3: () => getWarningsForL3,
+  getWarningsForL4: () => getWarningsForL4,
+  getWarningsForOpenAPI: () => getWarningsForOpenAPI,
+  getWarningsForWellKnown: () => getWarningsForWellKnown,
+  getWellKnown: () => getWellKnown,
   validatePaymentRequiredDetailed: () => validatePaymentRequiredDetailed
 });
 module.exports = __toCommonJS(index_exports);
 
-// src/flags.ts
-var LEGACY_SUNSET_DATE = "2026-03-24";
-var DEFAULT_COMPAT_MODE = "on";
-var STRICT_ESCALATION_CODES = [
-  "LEGACY_WELL_KNOWN_USED",
-  "LEGACY_DNS_USED",
-  "LEGACY_DNS_PLAIN_URL",
-  "LEGACY_MISSING_METHOD",
-  "LEGACY_INSTRUCTIONS_USED",
-  "LEGACY_OWNERSHIP_PROOFS_USED",
-  "INTEROP_MPP_USED"
-];
+// src/core/source/openapi/index.ts
+var import_neverthrow2 = require("neverthrow");
 
-// src/mmm-enabled.ts
-var isMmmEnabled = () => "0.1.3".includes("-mmm");
+// src/schemas.ts
+var import_zod = require("zod");
+var OpenApiPaymentInfoSchema = import_zod.z.object({
+  pricingMode: import_zod.z.enum(["fixed", "range", "quote"]),
+  price: import_zod.z.string().optional(),
+  minPrice: import_zod.z.string().optional(),
+  maxPrice: import_zod.z.string().optional(),
+  protocols: import_zod.z.array(import_zod.z.string()).optional()
+});
+var OpenApiOperationSchema = import_zod.z.object({
+  operationId: import_zod.z.string().optional(),
+  summary: import_zod.z.string().optional(),
+  description: import_zod.z.string().optional(),
+  tags: import_zod.z.array(import_zod.z.string()).optional(),
+  security: import_zod.z.array(import_zod.z.record(import_zod.z.string(), import_zod.z.array(import_zod.z.string()))).optional(),
+  parameters: import_zod.z.array(
+    import_zod.z.object({
+      in: import_zod.z.string(),
+      name: import_zod.z.string(),
+      schema: import_zod.z.unknown().optional(),
+      required: import_zod.z.boolean().optional()
+    })
+  ).optional(),
+  requestBody: import_zod.z.object({
+    required: import_zod.z.boolean().optional(),
+    content: import_zod.z.record(import_zod.z.string(), import_zod.z.object({ schema: import_zod.z.unknown().optional() }))
+  }).optional(),
+  responses: import_zod.z.record(import_zod.z.string(), import_zod.z.unknown()).optional(),
+  "x-payment-info": OpenApiPaymentInfoSchema.optional()
+});
+var OpenApiPathItemSchema = import_zod.z.object({
+  get: OpenApiOperationSchema.optional(),
+  post: OpenApiOperationSchema.optional(),
+  put: OpenApiOperationSchema.optional(),
+  delete: OpenApiOperationSchema.optional(),
+  patch: OpenApiOperationSchema.optional(),
+  head: OpenApiOperationSchema.optional(),
+  options: OpenApiOperationSchema.optional(),
+  trace: OpenApiOperationSchema.optional()
+});
+var OpenApiDocSchema = import_zod.z.object({
+  // TODO(zdql): We should inherit a canonical OpenAPI schema and then extend with our types.
+  openapi: import_zod.z.string(),
+  info: import_zod.z.object({
+    title: import_zod.z.string(),
+    version: import_zod.z.string(),
+    description: import_zod.z.string().optional(),
+    guidance: import_zod.z.string().optional()
+  }),
+  servers: import_zod.z.array(import_zod.z.object({ url: import_zod.z.string() })).optional(),
+  tags: import_zod.z.array(import_zod.z.object({ name: import_zod.z.string() })).optional(),
+  components: import_zod.z.object({ securitySchemes: import_zod.z.record(import_zod.z.string(), import_zod.z.unknown()).optional() }).optional(),
+  "x-discovery": import_zod.z.record(import_zod.z.string(), import_zod.z.unknown()).optional(),
+  paths: import_zod.z.record(import_zod.z.string(), OpenApiPathItemSchema)
+});
+var WellKnownDocSchema = import_zod.z.object({
+  version: import_zod.z.number().optional(),
+  resources: import_zod.z.array(import_zod.z.string()).default([]),
+  mppResources: import_zod.z.array(import_zod.z.string()).optional(),
+  // isMmmEnabled
+  description: import_zod.z.string().optional(),
+  ownershipProofs: import_zod.z.array(import_zod.z.string()).optional(),
+  instructions: import_zod.z.string().optional()
+});
+var WellKnownParsedSchema = import_zod.z.object({
+  routes: import_zod.z.array(
+    import_zod.z.object({
+      path: import_zod.z.string(),
+      method: import_zod.z.enum(["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS", "TRACE"])
+    })
+  ),
+  instructions: import_zod.z.string().optional()
+});
+
+// src/core/source/openapi/utils.ts
+function isRecord(value) {
+  return value !== null && typeof value === "object" && !Array.isArray(value);
+}
+function hasSecurity(operation, scheme) {
+  return operation.security?.some((s) => scheme in s) ?? false;
+}
+function has402Response(operation) {
+  return Boolean(operation.responses?.["402"]);
+}
+function inferAuthMode(operation) {
+  const hasXPaymentInfo = Boolean(operation["x-payment-info"]);
+  const hasPayment = hasXPaymentInfo || has402Response(operation);
+  const hasApiKey = hasSecurity(operation, "apiKey");
+  const hasSiwx = hasSecurity(operation, "siwx");
+  if (hasPayment && hasApiKey) return "apiKey+paid";
+  if (hasXPaymentInfo) return "paid";
+  if (hasPayment) return hasSiwx ? "siwx" : "paid";
+  if (hasApiKey) return "apiKey";
+  if (hasSiwx) return "siwx";
+  return void 0;
+}
 
-// src/core/constants.ts
-var OPENAPI_PATH_CANDIDATES = ["/openapi.json", "/.well-known/openapi.json"];
-var WELL_KNOWN_MPP_PATH = "/.well-known/mpp";
-var LLMS_TOKEN_WARNING_THRESHOLD = 2500;
+// src/core/lib/constants.ts
 var HTTP_METHODS = /* @__PURE__ */ new Set([
   "GET",
   "POST",
@@ -70,10 +156,9 @@ var HTTP_METHODS = /* @__PURE__ */ new Set([
   "OPTIONS",
   "TRACE"
 ]);
-var DEFAULT_PROBE_METHODS = ["GET", "POST"];
 var DEFAULT_MISSING_METHOD = "POST";
 
-// src/core/url.ts
+// src/core/lib/url.ts
 function normalizeOrigin(target) {
   const trimmed = target.trim();
   const withProtocol = /^https?:\/\//i.test(trimmed) ? trimmed : `https://${trimmed}`;
@@ -91,9 +176,6 @@ function normalizePath(pathname) {
   const normalized = prefixed.replace(/\/+/g, "/");
   return normalized !== "/" ? normalized.replace(/\/$/, "") : "/";
 }
-function toResourceKey(origin, method, path) {
-  return `${origin} ${method} ${normalizePath(path)}`;
-}
 function parseMethod(value) {
   if (!value) return void 0;
   const upper = value.toUpperCase();
@@ -108,1341 +190,1008 @@ function toAbsoluteUrl(origin, value) {
   }
 }
 
-// src/core/warnings.ts
-function warning(code, severity, message, options) {
-  return {
-    code,
-    severity,
-    message,
-    ...options?.hint ? { hint: options.hint } : {},
-    ...options?.stage ? { stage: options.stage } : {},
-    ...options?.resourceKey ? { resourceKey: options.resourceKey } : {}
-  };
-}
-function applyStrictEscalation(warnings, strict) {
-  if (!strict) return warnings;
-  return warnings.map((entry) => {
-    if (!STRICT_ESCALATION_CODES.includes(entry.code)) {
-      return entry;
-    }
-    if (entry.severity === "error") return entry;
-    return {
-      ...entry,
-      severity: "error",
-      message: `${entry.message} (strict mode escalated)`
-    };
-  });
+// src/core/source/fetch.ts
+var import_neverthrow = require("neverthrow");
+function toFetchError(err) {
+  const cause = err instanceof DOMException && (err.name === "TimeoutError" || err.name === "AbortError") ? "timeout" : "network";
+  return { cause, message: String(err) };
 }
-function dedupeWarnings(warnings) {
-  const seen = /* @__PURE__ */ new Set();
-  const output = [];
-  for (const item of warnings) {
-    const key = `${item.code}|${item.severity}|${item.stage ?? ""}|${item.resourceKey ?? ""}|${item.message}`;
-    if (seen.has(key)) continue;
-    seen.add(key);
-    output.push(item);
-  }
-  return output;
+function fetchSafe(url, init) {
+  return import_neverthrow.ResultAsync.fromPromise(fetch(url, init), toFetchError);
 }
 
-// src/core/normalize.ts
-function createResource(input, confidence, trustTier) {
-  const normalizedOrigin = normalizeOrigin(input.origin);
-  const normalizedPath = normalizePath(input.path);
-  return {
-    resourceKey: toResourceKey(normalizedOrigin, input.method, normalizedPath),
-    origin: normalizedOrigin,
-    method: input.method,
-    path: normalizedPath,
-    source: input.source,
-    verified: false,
-    ...input.protocolHints?.length ? { protocolHints: [...new Set(input.protocolHints)] } : {},
-    ...input.priceHint ? { priceHint: input.priceHint } : {},
-    ...input.pricing ? { pricing: input.pricing } : {},
-    ...input.authHint ? { authHint: input.authHint } : {},
-    ...input.summary ? { summary: input.summary } : {},
-    confidence,
-    trustTier,
-    ...input.links ? { links: input.links } : {}
-  };
-}
+// src/mmm-enabled.ts
+var isMmmEnabled = () => "1.0.0".includes("-mmm");
 
-// src/compat/legacy-x402scan/wellKnown.ts
-function isRecord(value) {
-  return value !== null && typeof value === "object" && !Array.isArray(value);
-}
-function parseLegacyResourceEntry(entry) {
-  const trimmed = entry.trim();
-  if (!trimmed) return null;
-  const parts = trimmed.split(/\s+/);
-  if (parts.length >= 2) {
-    const maybeMethod = parseMethod(parts[0]);
-    if (maybeMethod) {
-      const target = parts.slice(1).join(" ");
-      return { method: maybeMethod, target };
-    }
-  }
-  if (trimmed.startsWith("/") || /^https?:\/\//i.test(trimmed)) {
-    return { target: trimmed };
-  }
-  return null;
-}
-function parseWellKnownPayload(payload, origin, sourceUrl) {
-  const warnings = [
-    warning(
-      "LEGACY_WELL_KNOWN_USED",
-      "warn",
-      "Using legacy /.well-known/x402 compatibility path. Migrate to OpenAPI-first.",
-      {
-        stage: "well-known/x402"
-      }
-    )
-  ];
-  if (!isRecord(payload)) {
-    warnings.push(
-      warning("PARSE_FAILED", "error", "Legacy well-known payload is not an object", {
-        stage: "well-known/x402"
-      })
-    );
-    return { resources: [], warnings, raw: payload };
-  }
-  const resourcesRaw = Array.isArray(payload.resources) ? payload.resources.filter((entry) => typeof entry === "string") : [];
-  if (resourcesRaw.length === 0) {
-    warnings.push(
-      warning("STAGE_EMPTY", "warn", "Legacy well-known has no valid resources array", {
-        stage: "well-known/x402"
-      })
-    );
-  }
-  const instructions = typeof payload.instructions === "string" ? payload.instructions : void 0;
-  const ownershipProofs = Array.isArray(payload.ownershipProofs) ? payload.ownershipProofs.filter((entry) => typeof entry === "string") : [];
-  if (instructions) {
-    warnings.push(
-      warning(
-        "LEGACY_INSTRUCTIONS_USED",
-        "warn",
-        "Using /.well-known/x402.instructions as compatibility guidance fallback. Prefer llms.txt.",
-        {
-          stage: "well-known/x402",
-          hint: "Move guidance to llms.txt and reference via x-agentcash-guidance.llmsTxtUrl."
-        }
-      )
-    );
-  }
-  if (ownershipProofs.length > 0) {
-    warnings.push(
-      warning(
-        "LEGACY_OWNERSHIP_PROOFS_USED",
-        "warn",
-        "Using /.well-known/x402.ownershipProofs compatibility field. Prefer OpenAPI provenance extension.",
-        {
-          stage: "well-known/x402",
-          hint: "Move ownership proofs to x-agentcash-provenance.ownershipProofs in OpenAPI."
-        }
-      )
-    );
-  }
-  const resources = [];
-  for (const rawEntry of resourcesRaw) {
-    const parsed = parseLegacyResourceEntry(rawEntry);
-    if (!parsed) {
-      warnings.push(
-        warning("PARSE_FAILED", "warn", `Invalid legacy resource entry: ${rawEntry}`, {
-          stage: "well-known/x402"
-        })
-      );
-      continue;
-    }
-    const absolute = toAbsoluteUrl(origin, parsed.target);
-    if (!absolute) {
-      warnings.push(
-        warning("PARSE_FAILED", "warn", `Invalid legacy resource URL: ${rawEntry}`, {
-          stage: "well-known/x402"
-        })
-      );
-      continue;
-    }
-    const method = parsed.method ?? DEFAULT_MISSING_METHOD;
-    if (!parsed.method) {
-      warnings.push(
-        warning(
-          "LEGACY_MISSING_METHOD",
-          "warn",
-          `Legacy resource '${rawEntry}' missing method. Defaulting to ${DEFAULT_MISSING_METHOD}.`,
-          {
-            stage: "well-known/x402"
-          }
-        )
+// src/core/source/openapi/index.ts
+var OpenApiParsedSchema = OpenApiDocSchema.transform((doc) => {
+  const routes = [];
+  for (const [rawPath, pathItem] of Object.entries(doc.paths)) {
+    for (const httpMethod of [...HTTP_METHODS]) {
+      const operation = pathItem[httpMethod.toLowerCase()];
+      if (!operation) continue;
+      const authMode = inferAuthMode(operation) ?? void 0;
+      if (!authMode) continue;
+      const p = operation["x-payment-info"];
+      const protocols = (p?.protocols ?? []).filter(
+        (proto) => proto !== "mpp" || isMmmEnabled()
       );
+      if ((authMode === "paid" || authMode === "siwx") && !has402Response(operation)) continue;
+      if (authMode === "paid" && protocols.length === 0) continue;
+      const pricing = authMode === "paid" && p ? {
+        pricingMode: p.pricingMode,
+        ...p.price ? { price: p.price } : {},
+        ...p.minPrice ? { minPrice: p.minPrice } : {},
+        ...p.maxPrice ? { maxPrice: p.maxPrice } : {}
+      } : void 0;
+      const summary = operation.summary ?? operation.description;
+      routes.push({
+        path: normalizePath(rawPath),
+        method: httpMethod.toUpperCase(),
+        ...summary ? { summary } : {},
+        authMode,
+        ...protocols.length ? { protocols } : {},
+        ...pricing ? { pricing } : {}
+      });
     }
-    const path = normalizePath(absolute.pathname);
-    resources.push(
-      createResource(
-        {
-          origin: absolute.origin,
-          method,
-          path,
-          source: "well-known/x402",
-          summary: `${method} ${path}`,
-          authHint: "paid",
-          protocolHints: ["x402"],
-          links: {
-            wellKnownUrl: sourceUrl,
-            discoveryUrl: sourceUrl
-          }
-        },
-        0.65,
-        ownershipProofs.length > 0 ? "ownership_verified" : "origin_hosted"
-      )
-    );
   }
   return {
-    resources,
-    warnings,
-    raw: payload
+    info: {
+      title: doc.info.title,
+      ...doc.info.description ? { description: doc.info.description } : {},
+      version: doc.info.version
+    },
+    routes,
+    ...doc.info.guidance ? { guidance: doc.info.guidance } : {}
   };
-}
-async function runWellKnownX402Stage(options) {
-  const stageUrl = options.url ?? `${options.origin}/.well-known/x402`;
+});
+async function parseBody(response, url) {
   try {
-    const response = await options.fetcher(stageUrl, {
-      method: "GET",
-      headers: { Accept: "application/json", ...options.headers },
-      signal: options.signal
-    });
-    if (!response.ok) {
-      if (response.status === 404) {
-        return {
-          stage: "well-known/x402",
-          valid: false,
-          resources: [],
-          warnings: [],
-          links: { wellKnownUrl: stageUrl }
-        };
-      }
-      return {
-        stage: "well-known/x402",
-        valid: false,
-        resources: [],
-        warnings: [
-          warning("FETCH_FAILED", "warn", `Legacy well-known fetch failed (${response.status})`, {
-            stage: "well-known/x402"
-          })
-        ],
-        links: { wellKnownUrl: stageUrl }
-      };
-    }
     const payload = await response.json();
-    const parsed = parseWellKnownPayload(payload, options.origin, stageUrl);
-    return {
-      stage: "well-known/x402",
-      valid: parsed.resources.length > 0,
-      resources: parsed.resources,
-      warnings: parsed.warnings,
-      links: { wellKnownUrl: stageUrl },
-      ...options.includeRaw ? { raw: parsed.raw } : {}
-    };
-  } catch (error) {
-    return {
-      stage: "well-known/x402",
-      valid: false,
-      resources: [],
-      warnings: [
-        warning(
-          "FETCH_FAILED",
-          "warn",
-          `Legacy well-known fetch exception: ${error instanceof Error ? error.message : String(error)}`,
-          {
-            stage: "well-known/x402"
-          }
-        )
-      ],
-      links: { wellKnownUrl: stageUrl }
-    };
+    const parsed = OpenApiParsedSchema.safeParse(payload);
+    if (!parsed.success) return null;
+    return { raw: payload, ...parsed.data, fetchedUrl: url };
+  } catch {
+    return null;
   }
 }
-
-// src/compat/legacy-x402scan/dns.ts
-function parseDnsRecord(record) {
-  const trimmed = record.trim();
-  if (!trimmed) return null;
-  if (/^https?:\/\//i.test(trimmed)) {
-    return { url: trimmed, legacyPlainUrl: true };
-  }
-  const parts = trimmed.split(";").map((entry) => entry.trim()).filter(Boolean);
-  const keyValues = /* @__PURE__ */ new Map();
-  for (const part of parts) {
-    const separator = part.indexOf("=");
-    if (separator <= 0) continue;
-    const key = part.slice(0, separator).trim().toLowerCase();
-    const value = part.slice(separator + 1).trim();
-    if (key && value) keyValues.set(key, value);
-  }
-  if (keyValues.get("v") !== "x4021") return null;
-  const url = keyValues.get("url");
-  if (!url || !/^https?:\/\//i.test(url)) return null;
-  return { url, legacyPlainUrl: false };
+function getOpenAPI(origin, headers, signal, specificationOverrideUrl) {
+  const url = specificationOverrideUrl ?? `${origin}/openapi.json`;
+  return fetchSafe(url, {
+    method: "GET",
+    headers: { Accept: "application/json", ...headers },
+    signal
+  }).andThen((response) => {
+    if (!response.ok) return (0, import_neverthrow2.okAsync)(null);
+    return import_neverthrow2.ResultAsync.fromSafePromise(parseBody(response, url));
+  });
 }
-async function runDnsStage(options) {
-  if (!options.txtResolver) {
-    return {
-      stage: "dns/_x402",
-      valid: false,
-      resources: [],
-      warnings: []
-    };
-  }
-  const origin = normalizeOrigin(options.origin);
-  const hostname = new URL(origin).hostname;
-  const fqdn = `_x402.${hostname}`;
-  let records;
-  try {
-    records = await options.txtResolver(fqdn);
-  } catch (error) {
-    return {
-      stage: "dns/_x402",
-      valid: false,
-      resources: [],
-      warnings: [
-        warning(
-          "FETCH_FAILED",
-          "warn",
-          `DNS TXT lookup failed for ${fqdn}: ${error instanceof Error ? error.message : String(error)}`,
-          { stage: "dns/_x402" }
-        )
-      ]
-    };
-  }
-  if (records.length === 0) {
-    return {
-      stage: "dns/_x402",
-      valid: false,
-      resources: [],
-      warnings: []
-    };
-  }
-  const warnings = [
-    warning(
-      "LEGACY_DNS_USED",
-      "warn",
-      "Using DNS _x402 compatibility path. Migrate to OpenAPI-first discovery.",
+
+// src/core/source/wellknown/index.ts
+var import_neverthrow3 = require("neverthrow");
+function toWellKnownParsed(origin, doc) {
+  const routes = doc.resources.flatMap((entry) => {
+    const trimmed = entry.trim();
+    if (!trimmed) return [];
+    const parts = trimmed.split(/\s+/);
+    const maybeMethod = parts.length >= 2 ? parseMethod(parts[0]) : void 0;
+    const target = maybeMethod ? parts.slice(1).join(" ") : trimmed;
+    const absolute = toAbsoluteUrl(origin, target);
+    if (!absolute) return [];
+    return [
       {
-        stage: "dns/_x402"
+        path: normalizePath(absolute.pathname),
+        method: maybeMethod ?? DEFAULT_MISSING_METHOD
       }
-    )
-  ];
-  const urls = [];
-  for (const record of records) {
-    const parsed = parseDnsRecord(record);
-    if (!parsed) {
-      warnings.push(
-        warning("PARSE_FAILED", "warn", `Invalid DNS _x402 TXT record: ${record}`, {
-          stage: "dns/_x402"
-        })
-      );
-      continue;
-    }
-    urls.push(parsed.url);
-    if (parsed.legacyPlainUrl) {
-      warnings.push(
-        warning("LEGACY_DNS_PLAIN_URL", "warn", `Legacy plain URL TXT format used: ${record}`, {
-          stage: "dns/_x402",
-          hint: "Use v=x4021;url=<https-url> format."
-        })
-      );
-    }
-  }
-  if (urls.length === 0) {
-    return {
-      stage: "dns/_x402",
-      valid: false,
-      resources: [],
-      warnings,
-      ...options.includeRaw ? { raw: { dnsRecords: records } } : {}
-    };
-  }
-  const mergedWarnings = [...warnings];
-  const mergedResources = [];
-  const rawDocuments = [];
-  for (const url of urls) {
-    const stageResult = await runWellKnownX402Stage({
-      origin,
-      url,
-      fetcher: options.fetcher,
-      headers: options.headers,
-      signal: options.signal,
-      includeRaw: options.includeRaw
-    });
-    mergedResources.push(...stageResult.resources);
-    mergedWarnings.push(...stageResult.warnings);
-    if (options.includeRaw && stageResult.raw !== void 0) {
-      rawDocuments.push({ url, document: stageResult.raw });
-    }
-  }
-  const deduped = /* @__PURE__ */ new Map();
-  for (const resource of mergedResources) {
-    if (!deduped.has(resource.resourceKey)) {
-      deduped.set(resource.resourceKey, {
-        ...resource,
-        source: "dns/_x402",
-        links: {
-          ...resource.links,
-          discoveryUrl: resource.links?.discoveryUrl
-        }
-      });
-    }
+    ];
+  });
+  return { routes, ...doc.instructions ? { instructions: doc.instructions } : {} };
+}
+async function parseBody2(response, origin, url) {
+  try {
+    const payload = await response.json();
+    const doc = WellKnownDocSchema.safeParse(payload);
+    if (!doc.success) return null;
+    const parsed = WellKnownParsedSchema.safeParse(toWellKnownParsed(origin, doc.data));
+    if (!parsed.success) return null;
+    return { raw: payload, ...parsed.data, fetchedUrl: url };
+  } catch {
+    return null;
   }
+}
+function getWellKnown(origin, headers, signal) {
+  const url = `${origin}/.well-known/x402`;
+  return fetchSafe(url, {
+    method: "GET",
+    headers: { Accept: "application/json", ...headers },
+    signal
+  }).andThen((response) => {
+    if (!response.ok) return (0, import_neverthrow3.okAsync)(null);
+    return import_neverthrow3.ResultAsync.fromSafePromise(parseBody2(response, origin, url));
+  });
+}
+
+// src/core/layers/l2.ts
+function formatPrice(pricing) {
+  if (pricing.pricingMode === "fixed") return `$${pricing.price}`;
+  if (pricing.pricingMode === "range") return `$${pricing.minPrice}-$${pricing.maxPrice}`;
+  return pricing.maxPrice ? `up to $${pricing.maxPrice}` : "quote";
+}
+function checkL2ForOpenAPI(openApi) {
+  const routes = openApi.routes.map((route) => ({
+    path: route.path,
+    method: route.method,
+    summary: route.summary ?? `${route.method} ${route.path}`,
+    ...route.authMode ? { authMode: route.authMode } : {},
+    ...route.pricing ? { price: formatPrice(route.pricing) } : {},
+    ...route.protocols?.length ? { protocols: route.protocols } : {}
+  }));
   return {
-    stage: "dns/_x402",
-    valid: deduped.size > 0,
-    resources: [...deduped.values()],
-    warnings: mergedWarnings,
-    ...options.includeRaw ? { raw: { dnsRecords: records, documents: rawDocuments } } : {}
+    ...openApi.info.title ? { title: openApi.info.title } : {},
+    ...openApi.info.description ? { description: openApi.info.description } : {},
+    routes,
+    source: "openapi"
   };
 }
+function checkL2ForWellknown(wellKnown) {
+  const routes = wellKnown.routes.map((route) => ({
+    path: route.path,
+    method: route.method,
+    summary: `${route.method} ${route.path}`,
+    authMode: "paid",
+    protocols: ["x402"]
+  }));
+  return { routes, source: "well-known/x402" };
+}
 
-// src/compat/interop-mpp/wellKnownMpp.ts
-function isRecord2(value) {
-  return value !== null && typeof value === "object" && !Array.isArray(value);
+// src/core/layers/l4.ts
+function checkL4ForOpenAPI(openApi) {
+  if (openApi.guidance) {
+    return { guidance: openApi.guidance, source: "openapi" };
+  }
+  return null;
 }
-async function runInteropMppStage(options) {
-  const url = `${options.origin}${WELL_KNOWN_MPP_PATH}`;
-  try {
-    const response = await options.fetcher(url, {
-      method: "GET",
-      headers: { Accept: "application/json", ...options.headers },
-      signal: options.signal
-    });
-    if (!response.ok) {
-      return {
-        stage: "interop/mpp",
-        valid: false,
-        resources: [],
-        warnings: []
-      };
-    }
-    const payload = await response.json();
-    if (!isRecord2(payload)) {
-      return {
-        stage: "interop/mpp",
-        valid: false,
-        resources: [],
-        warnings: [
-          warning("PARSE_FAILED", "warn", "Interop /.well-known/mpp payload is not an object", {
-            stage: "interop/mpp"
-          })
-        ],
-        ...options.includeRaw ? { raw: payload } : {}
-      };
-    }
-    const warnings = [
-      warning(
-        "INTEROP_MPP_USED",
-        "info",
-        "Using /.well-known/mpp interop adapter. This is additive and non-canonical.",
-        {
-          stage: "interop/mpp",
-          hint: "Use for registry indexing only, not canonical runtime routing."
-        }
-      )
-    ];
-    const resources = [];
-    const fromStringResources = Array.isArray(payload.resources) ? payload.resources.filter((entry) => typeof entry === "string") : [];
-    for (const entry of fromStringResources) {
-      const parts = entry.trim().split(/\s+/);
-      let method = parseMethod(parts[0]);
-      let path = parts.join(" ");
-      if (method) {
-        path = parts.slice(1).join(" ");
-      } else {
-        method = "POST";
-      }
-      const normalizedPath = normalizePath(path);
-      resources.push(
-        createResource(
-          {
-            origin: options.origin,
-            method,
-            path: normalizedPath,
-            source: "interop/mpp",
-            summary: `${method} ${normalizedPath}`,
-            authHint: "paid",
-            protocolHints: ["mpp"],
-            links: { discoveryUrl: url }
-          },
-          0.45,
-          "unverified"
-        )
-      );
-    }
-    const fromServiceObjects = Array.isArray(payload.services) ? payload.services.filter((entry) => isRecord2(entry)) : [];
-    for (const service of fromServiceObjects) {
-      const path = typeof service.path === "string" ? service.path : void 0;
-      const method = parseMethod(typeof service.method === "string" ? service.method : void 0) ?? "POST";
-      if (!path) continue;
-      const normalizedPath = normalizePath(path);
-      resources.push(
-        createResource(
-          {
-            origin: options.origin,
-            method,
-            path: normalizedPath,
-            source: "interop/mpp",
-            summary: typeof service.summary === "string" ? service.summary : `${method} ${normalizedPath}`,
-            authHint: "paid",
-            protocolHints: ["mpp"],
-            links: { discoveryUrl: url }
-          },
-          0.45,
-          "unverified"
-        )
-      );
-    }
-    const deduped = /* @__PURE__ */ new Map();
-    for (const resource of resources) {
-      if (!deduped.has(resource.resourceKey)) deduped.set(resource.resourceKey, resource);
-    }
-    return {
-      stage: "interop/mpp",
-      valid: deduped.size > 0,
-      resources: [...deduped.values()],
-      warnings,
-      ...options.includeRaw ? { raw: payload } : {}
-    };
-  } catch (error) {
-    return {
-      stage: "interop/mpp",
-      valid: false,
-      resources: [],
-      warnings: [
-        warning(
-          "FETCH_FAILED",
-          "warn",
-          `Interop /.well-known/mpp fetch failed: ${error instanceof Error ? error.message : String(error)}`,
-          {
-            stage: "interop/mpp"
-          }
-        )
-      ]
-    };
+function checkL4ForWellknown(wellKnown) {
+  if (wellKnown.instructions) {
+    return { guidance: wellKnown.instructions, source: "well-known/x402" };
   }
+  return null;
 }
 
-// src/core/token.ts
+// src/core/lib/tokens.ts
 function estimateTokenCount(text) {
   return Math.ceil(text.length / 4);
 }
 
-// src/core/openapi.ts
-function isRecord3(value) {
-  return value !== null && typeof value === "object" && !Array.isArray(value);
-}
-function asString(value) {
-  return typeof value === "string" && value.length > 0 ? value : void 0;
-}
-function parsePriceValue(value) {
-  if (typeof value === "string" && value.length > 0) return value;
-  if (typeof value === "number" && Number.isFinite(value)) return String(value);
-  return void 0;
-}
-function require402Response(operation) {
-  const responses = operation.responses;
-  if (!isRecord3(responses)) return false;
-  return Boolean(responses["402"]);
-}
-function parseProtocols(paymentInfo) {
-  const protocols = paymentInfo.protocols;
-  if (!Array.isArray(protocols)) return [];
-  return protocols.filter(
-    (entry) => typeof entry === "string" && entry.length > 0
+// src/core/types/discover.ts
+var GuidanceMode = /* @__PURE__ */ ((GuidanceMode2) => {
+  GuidanceMode2["Auto"] = "auto";
+  GuidanceMode2["Always"] = "always";
+  GuidanceMode2["Never"] = "never";
+  return GuidanceMode2;
+})(GuidanceMode || {});
+
+// src/runtime/discover.ts
+var GUIDANCE_AUTO_INCLUDE_MAX_TOKENS_LENGTH = 1e3;
+function withGuidance(base, l4, guidanceMode) {
+  if (guidanceMode === "never" /* Never */) return { ...base, guidanceAvailable: !!l4 };
+  if (!l4) return { ...base, guidanceAvailable: false };
+  const tokens = estimateTokenCount(l4.guidance);
+  if (guidanceMode === "always" /* Always */ || tokens <= GUIDANCE_AUTO_INCLUDE_MAX_TOKENS_LENGTH) {
+    return { ...base, guidanceAvailable: true, guidanceTokens: tokens, guidance: l4.guidance };
+  }
+  return { ...base, guidanceAvailable: true, guidanceTokens: tokens };
+}
+async function discoverOriginSchema(options) {
+  const origin = normalizeOrigin(options.target);
+  const guidanceMode = options.guidance ?? "auto" /* Auto */;
+  const openApiResult = await getOpenAPI(
+    origin,
+    options.headers,
+    options.signal,
+    options.specificationOverrideUrl
   );
-}
-function parseAuthMode(operation) {
-  const auth = operation["x-agentcash-auth"];
-  if (!isRecord3(auth)) return void 0;
-  const mode = auth.mode;
-  if (mode === "paid" || mode === "siwx" || mode === "apiKey" || mode === "unprotected") {
-    return mode;
-  }
-  return void 0;
-}
-async function runOpenApiStage(options) {
-  const warnings = [];
-  const resources = [];
-  let fetchedUrl;
-  let document;
-  for (const path of OPENAPI_PATH_CANDIDATES) {
-    const url = `${options.origin}${path}`;
-    try {
-      const response = await options.fetcher(url, {
-        method: "GET",
-        headers: { Accept: "application/json", ...options.headers },
-        signal: options.signal
-      });
-      if (!response.ok) {
-        if (response.status !== 404) {
-          warnings.push(
-            warning("FETCH_FAILED", "warn", `OpenAPI fetch failed (${response.status}) at ${url}`, {
-              stage: "openapi"
-            })
-          );
-        }
-        continue;
-      }
-      const payload = await response.json();
-      if (!isRecord3(payload)) {
-        warnings.push(
-          warning("PARSE_FAILED", "error", `OpenAPI payload at ${url} is not a JSON object`, {
-            stage: "openapi"
-          })
-        );
-        continue;
-      }
-      document = payload;
-      fetchedUrl = url;
-      break;
-    } catch (error) {
-      warnings.push(
-        warning(
-          "FETCH_FAILED",
-          "warn",
-          `OpenAPI fetch exception at ${url}: ${error instanceof Error ? error.message : String(error)}`,
-          { stage: "openapi" }
-        )
-      );
-    }
-  }
-  if (!document || !fetchedUrl) {
-    return {
-      stage: "openapi",
-      valid: false,
-      resources: [],
-      warnings
+  const openApi = openApiResult.isOk() ? openApiResult.value : null;
+  if (openApi) {
+    const l22 = checkL2ForOpenAPI(openApi);
+    const l42 = checkL4ForOpenAPI(openApi);
+    const base2 = {
+      found: true,
+      origin,
+      source: "openapi",
+      ...l22.title ? { info: { title: l22.title, ...l22.description ? { description: l22.description } : {} } } : {},
+      endpoints: l22.routes
     };
+    return withGuidance(base2, l42, guidanceMode);
   }
-  const hasTopLevel = typeof document.openapi === "string" && isRecord3(document.info) && typeof document.info.title === "string" && typeof document.info.version === "string" && isRecord3(document.paths);
-  if (!hasTopLevel) {
-    warnings.push(
-      warning("OPENAPI_TOP_LEVEL_INVALID", "error", "OpenAPI required fields are missing", {
-        stage: "openapi"
-      })
-    );
+  const wellKnownResult = await getWellKnown(origin, options.headers, options.signal);
+  if (wellKnownResult.isErr()) {
     return {
-      stage: "openapi",
-      valid: false,
-      resources: [],
-      warnings,
-      links: { openapiUrl: fetchedUrl },
-      ...options.includeRaw ? { raw: document } : {}
+      found: false,
+      origin,
+      cause: wellKnownResult.error.cause,
+      message: wellKnownResult.error.message
     };
   }
-  const paths = document.paths;
-  const provenance = isRecord3(document["x-agentcash-provenance"]) ? document["x-agentcash-provenance"] : void 0;
-  const ownershipProofs = Array.isArray(provenance?.ownershipProofs) ? provenance.ownershipProofs.filter((entry) => typeof entry === "string") : [];
-  const guidance = isRecord3(document["x-agentcash-guidance"]) ? document["x-agentcash-guidance"] : void 0;
-  const llmsTxtUrl = asString(guidance?.llmsTxtUrl);
-  if (ownershipProofs.length > 0) {
-    warnings.push(
-      warning("OPENAPI_OWNERSHIP_PROOFS_PRESENT", "info", "OpenAPI ownership proofs detected", {
-        stage: "openapi"
-      })
-    );
-  }
-  for (const [rawPath, rawPathItem] of Object.entries(paths)) {
-    if (!isRecord3(rawPathItem)) {
-      warnings.push(
-        warning("OPENAPI_OPERATION_INVALID", "warn", `Path item ${rawPath} is not an object`, {
-          stage: "openapi"
-        })
-      );
-      continue;
-    }
-    for (const [rawMethod, rawOperation] of Object.entries(rawPathItem)) {
-      const method = parseMethod(rawMethod);
-      if (!method) continue;
-      if (!isRecord3(rawOperation)) {
-        warnings.push(
-          warning(
-            "OPENAPI_OPERATION_INVALID",
-            "warn",
-            `${rawMethod.toUpperCase()} ${rawPath} is not an object`,
-            {
-              stage: "openapi"
-            }
-          )
-        );
-        continue;
-      }
-      const operation = rawOperation;
-      const summary = asString(operation.summary) ?? asString(operation.description);
-      if (!summary) {
-        warnings.push(
-          warning(
-            "OPENAPI_SUMMARY_MISSING",
-            "warn",
-            `${method} ${rawPath} missing summary/description, using fallback summary`,
-            { stage: "openapi" }
-          )
-        );
-      }
-      const authMode = parseAuthMode(operation);
-      if (!authMode) {
-        warnings.push(
-          warning(
-            "OPENAPI_AUTH_MODE_MISSING",
-            "error",
-            `${method} ${rawPath} missing x-agentcash-auth.mode`,
-            {
-              stage: "openapi"
-            }
-          )
-        );
-        continue;
-      }
-      if ((authMode === "paid" || authMode === "siwx") && !require402Response(operation)) {
-        warnings.push(
-          warning(
-            "OPENAPI_402_MISSING",
-            "error",
-            `${method} ${rawPath} requires 402 response for authMode=${authMode}`,
-            { stage: "openapi" }
-          )
-        );
-        continue;
-      }
-      const paymentInfo = isRecord3(operation["x-payment-info"]) ? operation["x-payment-info"] : void 0;
-      const protocols = paymentInfo ? parseProtocols(paymentInfo) : [];
-      if (authMode === "paid" && protocols.length === 0) {
-        warnings.push(
-          warning(
-            "OPENAPI_PAID_PROTOCOLS_MISSING",
-            "error",
-            `${method} ${rawPath} must define x-payment-info.protocols when authMode=paid`,
-            { stage: "openapi" }
-          )
-        );
-        continue;
-      }
-      let pricing;
-      let priceHint;
-      if (paymentInfo && authMode === "paid") {
-        const pricingModeRaw = asString(paymentInfo.pricingMode);
-        const price = parsePriceValue(paymentInfo.price);
-        const minPrice = parsePriceValue(paymentInfo.minPrice);
-        const maxPrice = parsePriceValue(paymentInfo.maxPrice);
-        const inferredPricingMode = pricingModeRaw ?? (price ? "fixed" : minPrice && maxPrice ? "range" : "quote");
-        if (inferredPricingMode !== "fixed" && inferredPricingMode !== "range" && inferredPricingMode !== "quote") {
-          warnings.push(
-            warning(
-              "OPENAPI_PRICING_INVALID",
-              "error",
-              `${method} ${rawPath} has invalid pricingMode`,
-              {
-                stage: "openapi"
-              }
-            )
-          );
-          continue;
-        }
-        if (inferredPricingMode === "fixed" && !price) {
-          warnings.push(
-            warning(
-              "OPENAPI_PRICING_INVALID",
-              "error",
-              `${method} ${rawPath} fixed pricing requires price`,
-              {
-                stage: "openapi"
-              }
-            )
-          );
-          continue;
-        }
-        if (inferredPricingMode === "range") {
-          if (!minPrice || !maxPrice) {
-            warnings.push(
-              warning(
-                "OPENAPI_PRICING_INVALID",
-                "error",
-                `${method} ${rawPath} range pricing requires minPrice and maxPrice`,
-                { stage: "openapi" }
-              )
-            );
-            continue;
-          }
-          const min = Number(minPrice);
-          const max = Number(maxPrice);
-          if (!Number.isFinite(min) || !Number.isFinite(max) || min > max) {
-            warnings.push(
-              warning(
-                "OPENAPI_PRICING_INVALID",
-                "error",
-                `${method} ${rawPath} range pricing requires numeric minPrice <= maxPrice`,
-                { stage: "openapi" }
-              )
-            );
-            continue;
-          }
-        }
-        pricing = {
-          pricingMode: inferredPricingMode,
-          ...price ? { price } : {},
-          ...minPrice ? { minPrice } : {},
-          ...maxPrice ? { maxPrice } : {}
-        };
-        priceHint = inferredPricingMode === "fixed" ? price : inferredPricingMode === "range" ? `${minPrice}-${maxPrice}` : maxPrice;
-      }
-      const resource = createResource(
-        {
-          origin: options.origin,
-          method,
-          path: normalizePath(rawPath),
-          source: "openapi",
-          summary: summary ?? `${method} ${normalizePath(rawPath)}`,
-          authHint: authMode,
-          protocolHints: protocols,
-          ...priceHint ? { priceHint } : {},
-          ...pricing ? { pricing } : {},
-          links: {
-            openapiUrl: fetchedUrl,
-            ...llmsTxtUrl ? { llmsTxtUrl } : {}
-          }
-        },
-        0.95,
-        ownershipProofs.length > 0 ? "ownership_verified" : "origin_hosted"
-      );
-      resources.push(resource);
-    }
-  }
-  if (llmsTxtUrl) {
-    try {
-      const llmsResponse = await options.fetcher(llmsTxtUrl, {
-        method: "GET",
-        headers: { Accept: "text/plain", ...options.headers },
-        signal: options.signal
-      });
-      if (llmsResponse.ok) {
-        const llmsText = await llmsResponse.text();
-        const tokenCount = estimateTokenCount(llmsText);
-        if (tokenCount > LLMS_TOKEN_WARNING_THRESHOLD) {
-          warnings.push(
-            warning(
-              "LLMSTXT_TOO_LARGE",
-              "warn",
-              `llms.txt estimated ${tokenCount} tokens (threshold ${LLMS_TOKEN_WARNING_THRESHOLD})`,
-              {
-                stage: "openapi",
-                hint: "Keep llms.txt concise and domain-level only."
-              }
-            )
-          );
-        }
-        if (options.includeRaw) {
-          return {
-            stage: "openapi",
-            valid: resources.length > 0,
-            resources,
-            warnings,
-            links: { openapiUrl: fetchedUrl, llmsTxtUrl },
-            raw: {
-              openapi: document,
-              llmsTxt: llmsText
-            }
-          };
-        }
-      } else {
-        warnings.push(
-          warning(
-            "LLMSTXT_FETCH_FAILED",
-            "warn",
-            `llms.txt fetch failed (${llmsResponse.status})`,
-            {
-              stage: "openapi"
-            }
-          )
-        );
-      }
-    } catch (error) {
-      warnings.push(
-        warning(
-          "LLMSTXT_FETCH_FAILED",
-          "warn",
-          `llms.txt fetch failed: ${error instanceof Error ? error.message : String(error)}`,
-          { stage: "openapi" }
-        )
-      );
-    }
-  }
+  const wellKnown = wellKnownResult.value;
+  if (!wellKnown) return { found: false, origin, cause: "not_found" };
+  const l2 = checkL2ForWellknown(wellKnown);
+  const l4 = checkL4ForWellknown(wellKnown);
+  const base = {
+    found: true,
+    origin,
+    source: "well-known/x402",
+    endpoints: l2.routes
+  };
+  return withGuidance(base, l4, guidanceMode);
+}
+
+// src/core/source/probe/index.ts
+var import_neverthrow4 = require("neverthrow");
+
+// src/core/protocols/x402/v1/schema.ts
+function extractSchemas(accepts) {
+  const first = accepts[0];
+  if (!isRecord(first)) return {};
+  const outputSchema = isRecord(first.outputSchema) ? first.outputSchema : void 0;
   return {
-    stage: "openapi",
-    valid: resources.length > 0,
-    resources,
-    warnings,
-    links: {
-      openapiUrl: fetchedUrl,
-      ...llmsTxtUrl ? { llmsTxtUrl } : {}
-    },
-    ...options.includeRaw ? { raw: { openapi: document } } : {}
+    ...outputSchema && isRecord(outputSchema.input) ? { inputSchema: outputSchema.input } : {},
+    ...outputSchema && isRecord(outputSchema.output) ? { outputSchema: outputSchema.output } : {}
   };
 }
 
-// src/core/probe.ts
-function detectAuthHintFrom402Payload(payload) {
-  if (payload && typeof payload === "object") {
-    const asRecord = payload;
-    const extensions = asRecord.extensions;
-    if (extensions && typeof extensions === "object") {
-      const extRecord = extensions;
-      if (extRecord["sign-in-with-x"]) return "siwx";
-    }
-  }
-  return "paid";
+// src/core/protocols/x402/shared.ts
+function asNonEmptyString(value) {
+  if (typeof value !== "string") return void 0;
+  const trimmed = value.trim();
+  return trimmed.length > 0 ? trimmed : void 0;
 }
-function detectProtocols(response) {
-  const protocols = /* @__PURE__ */ new Set();
-  const directHeader = response.headers.get("x-payment-protocol");
-  if (directHeader) {
-    for (const part of directHeader.split(",")) {
-      const protocol = part.trim().toLowerCase();
-      if (protocol) protocols.add(protocol);
-    }
-  }
-  const authHeader = response.headers.get("www-authenticate")?.toLowerCase() ?? "";
-  if (authHeader.includes("x402")) protocols.add("x402");
-  if (isMmmEnabled() && authHeader.includes("mpp")) protocols.add("mpp");
+function asPositiveNumber(value) {
+  return typeof value === "number" && Number.isFinite(value) && value > 0 ? value : void 0;
+}
+function pushIssue(issues, issue) {
+  issues.push({ stage: "payment_required", ...issue });
+}
+
+// src/core/protocols/x402/v1/network.ts
+function validateNetwork(networkRaw, index, issues) {
+  if (networkRaw === "solana-mainnet-beta") {
+    pushIssue(issues, {
+      code: "NETWORK_SOLANA_ALIAS_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} uses invalid Solana network alias`,
+      hint: "Use 'solana' (v1) or canonical Solana CAIP reference (v2).",
+      path: `accepts[${index}].network`,
+      expected: "solana",
+      actual: networkRaw
+    });
+    return void 0;
+  }
+  if (networkRaw.startsWith("solana-") && networkRaw !== "solana-devnet") {
+    pushIssue(issues, {
+      code: "NETWORK_SOLANA_ALIAS_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} uses unsupported Solana network alias`,
+      hint: "Use 'solana' or 'solana-devnet' for v1 payloads.",
+      path: `accepts[${index}].network`,
+      actual: networkRaw
+    });
+    return void 0;
+  }
+  return networkRaw;
+}
+
+// src/core/protocols/x402/v1/accepts.ts
+function validateAccept(acceptRaw, index, issues) {
+  if (!isRecord(acceptRaw)) {
+    pushIssue(issues, {
+      code: "X402_ACCEPT_ENTRY_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} must be an object`,
+      path: `accepts[${index}]`
+    });
+    return null;
+  }
+  const scheme = asNonEmptyString(acceptRaw.scheme);
+  const networkRaw = asNonEmptyString(acceptRaw.network);
+  const payTo = asNonEmptyString(acceptRaw.payTo);
+  const asset = asNonEmptyString(acceptRaw.asset);
+  const amount = asNonEmptyString(acceptRaw.maxAmountRequired);
+  const maxTimeoutSeconds = asPositiveNumber(acceptRaw.maxTimeoutSeconds);
+  if (!scheme)
+    pushIssue(issues, {
+      code: "X402_ACCEPT_ENTRY_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} is missing scheme`,
+      path: `accepts[${index}].scheme`
+    });
+  if (!networkRaw)
+    pushIssue(issues, {
+      code: "X402_ACCEPT_ENTRY_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} is missing network`,
+      path: `accepts[${index}].network`
+    });
+  if (!amount)
+    pushIssue(issues, {
+      code: "X402_ACCEPT_ENTRY_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} is missing maxAmountRequired`,
+      path: `accepts[${index}].maxAmountRequired`
+    });
+  if (!payTo)
+    pushIssue(issues, {
+      code: "X402_ACCEPT_ENTRY_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} is missing payTo`,
+      path: `accepts[${index}].payTo`
+    });
+  if (!asset)
+    pushIssue(issues, {
+      code: "X402_ACCEPT_ENTRY_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} is missing asset`,
+      path: `accepts[${index}].asset`
+    });
+  if (!maxTimeoutSeconds)
+    pushIssue(issues, {
+      code: "X402_ACCEPT_ENTRY_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} is missing or has invalid maxTimeoutSeconds`,
+      path: `accepts[${index}].maxTimeoutSeconds`
+    });
+  const normalizedNetwork = networkRaw ? validateNetwork(networkRaw, index, issues) : void 0;
+  return {
+    index,
+    network: normalizedNetwork ?? networkRaw ?? "unknown",
+    networkRaw: networkRaw ?? "unknown",
+    scheme,
+    asset,
+    payTo,
+    amount,
+    maxTimeoutSeconds
+  };
+}
+function validateAccepts(accepts, issues) {
+  return accepts.flatMap((accept, index) => {
+    const result = validateAccept(accept, index, issues);
+    return result ? [result] : [];
+  });
+}
+
+// src/core/protocols/x402/v1/payment-options.ts
+function extractPaymentOptions(accepts) {
+  return accepts.flatMap((accept) => {
+    if (!isRecord(accept)) return [];
+    const network = asNonEmptyString(accept.network);
+    const asset = asNonEmptyString(accept.asset);
+    const maxAmountRequired = asNonEmptyString(accept.maxAmountRequired);
+    if (!network || !asset || !maxAmountRequired) return [];
+    const scheme = asNonEmptyString(accept.scheme);
+    const payTo = asNonEmptyString(accept.payTo);
+    const maxTimeoutSeconds = asPositiveNumber(accept.maxTimeoutSeconds);
+    return [
+      {
+        protocol: "x402",
+        version: 1,
+        network,
+        asset,
+        maxAmountRequired,
+        ...scheme ? { scheme } : {},
+        ...payTo ? { payTo } : {},
+        ...maxTimeoutSeconds ? { maxTimeoutSeconds } : {}
+      }
+    ];
+  });
+}
+
+// src/core/protocols/x402/v2/schema.ts
+function extractSchemas2(payload) {
+  if (!isRecord(payload)) return {};
+  const extensions = isRecord(payload.extensions) ? payload.extensions : void 0;
+  const bazaar = extensions && isRecord(extensions.bazaar) ? extensions.bazaar : void 0;
+  const schema = bazaar && isRecord(bazaar.schema) ? bazaar.schema : void 0;
+  if (!schema) return {};
+  const schemaProps = isRecord(schema.properties) ? schema.properties : void 0;
+  if (!schemaProps) return {};
+  const inputProps = isRecord(schemaProps.input) ? schemaProps.input : void 0;
+  const inputProperties = inputProps && isRecord(inputProps.properties) ? inputProps.properties : void 0;
+  const inputSchema = (inputProperties && isRecord(inputProperties.body) ? inputProperties.body : void 0) ?? (inputProperties && isRecord(inputProperties.queryParams) ? inputProperties.queryParams : void 0);
+  const outputProps = isRecord(schemaProps.output) ? schemaProps.output : void 0;
+  const outputProperties = outputProps && isRecord(outputProps.properties) ? outputProps.properties : void 0;
+  const outputSchema = outputProperties && isRecord(outputProperties.example) ? outputProperties.example : void 0;
+  return {
+    ...inputSchema ? { inputSchema } : {},
+    ...outputSchema ? { outputSchema } : {}
+  };
+}
+
+// src/core/protocols/x402/v2/solana.ts
+var CANONICAL_BY_REF = {
+  "5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp": "solana",
+  EtWTRABZaYq6iMfeYKouRu166VU2xqa1: "solana-devnet",
+  "4uhcVJyU9pJkvQyS88uRDiswHXSCkY3z": "solana-testnet"
+};
+var ALIAS_BY_REF = {
+  mainnet: "solana",
+  devnet: "solana-devnet",
+  testnet: "solana-testnet"
+};
+function validateSolanaReference(reference, networkRaw, index, issues) {
+  const canonical = CANONICAL_BY_REF[reference];
+  if (canonical) return canonical;
+  const alias = ALIAS_BY_REF[reference];
+  if (alias) {
+    pushIssue(issues, {
+      code: "NETWORK_SOLANA_ALIAS_COMPAT",
+      severity: "warn",
+      message: `Accept at index ${index} uses compatibility Solana reference '${reference}'`,
+      hint: "Use canonical Solana CAIP references for deterministic behavior.",
+      path: `accepts[${index}].network`,
+      actual: networkRaw
+    });
+    return alias;
+  }
+  pushIssue(issues, {
+    code: "NETWORK_REFERENCE_UNKNOWN",
+    severity: "error",
+    message: `Accept at index ${index} uses unknown Solana reference '${reference}'`,
+    hint: "Use canonical references for mainnet/devnet/testnet.",
+    path: `accepts[${index}].network`,
+    actual: networkRaw
+  });
+  return void 0;
+}
+
+// src/core/protocols/x402/v2/network.ts
+function validateNetwork2(networkRaw, index, issues) {
+  if (!/^[^:\s]+:[^:\s]+$/.test(networkRaw)) {
+    pushIssue(issues, {
+      code: "NETWORK_CAIP2_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} has invalid CAIP-2 network format`,
+      hint: "Expected '<namespace>:<reference>', e.g. 'eip155:8453' or 'solana:5eykt4...'.",
+      path: `accepts[${index}].network`,
+      expected: "<namespace>:<reference>",
+      actual: networkRaw
+    });
+    return void 0;
+  }
+  const [namespace, reference] = networkRaw.split(":");
+  if (namespace === "eip155") {
+    if (!/^\d+$/.test(reference)) {
+      pushIssue(issues, {
+        code: "NETWORK_EIP155_REFERENCE_INVALID",
+        severity: "error",
+        message: `Accept at index ${index} has invalid eip155 reference`,
+        hint: "Use a numeric chain id, e.g. 'eip155:8453'.",
+        path: `accepts[${index}].network`,
+        expected: "eip155:<numeric-chain-id>",
+        actual: networkRaw
+      });
+      return void 0;
+    }
+    return networkRaw;
+  }
+  if (namespace === "solana") {
+    return validateSolanaReference(reference, networkRaw, index, issues);
+  }
+  return networkRaw;
+}
+
+// src/core/protocols/x402/v2/accepts.ts
+function validateAccept2(acceptRaw, index, issues) {
+  if (!isRecord(acceptRaw)) {
+    pushIssue(issues, {
+      code: "X402_ACCEPT_ENTRY_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} must be an object`,
+      path: `accepts[${index}]`
+    });
+    return null;
+  }
+  const scheme = asNonEmptyString(acceptRaw.scheme);
+  const networkRaw = asNonEmptyString(acceptRaw.network);
+  const payTo = asNonEmptyString(acceptRaw.payTo);
+  const asset = asNonEmptyString(acceptRaw.asset);
+  const amount = asNonEmptyString(acceptRaw.amount);
+  const maxTimeoutSeconds = asPositiveNumber(acceptRaw.maxTimeoutSeconds);
+  if (!scheme)
+    pushIssue(issues, {
+      code: "X402_ACCEPT_ENTRY_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} is missing scheme`,
+      path: `accepts[${index}].scheme`
+    });
+  if (!networkRaw)
+    pushIssue(issues, {
+      code: "X402_ACCEPT_ENTRY_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} is missing network`,
+      path: `accepts[${index}].network`
+    });
+  if (!amount)
+    pushIssue(issues, {
+      code: "X402_ACCEPT_ENTRY_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} is missing amount`,
+      path: `accepts[${index}].amount`
+    });
+  if (!payTo)
+    pushIssue(issues, {
+      code: "X402_ACCEPT_ENTRY_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} is missing payTo`,
+      path: `accepts[${index}].payTo`
+    });
+  if (!asset)
+    pushIssue(issues, {
+      code: "X402_ACCEPT_ENTRY_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} is missing asset`,
+      path: `accepts[${index}].asset`
+    });
+  if (!maxTimeoutSeconds)
+    pushIssue(issues, {
+      code: "X402_ACCEPT_ENTRY_INVALID",
+      severity: "error",
+      message: `Accept at index ${index} is missing or has invalid maxTimeoutSeconds`,
+      path: `accepts[${index}].maxTimeoutSeconds`
+    });
+  const normalizedNetwork = networkRaw ? validateNetwork2(networkRaw, index, issues) : void 0;
+  return {
+    index,
+    network: normalizedNetwork ?? networkRaw ?? "unknown",
+    networkRaw: networkRaw ?? "unknown",
+    scheme,
+    asset,
+    payTo,
+    amount,
+    maxTimeoutSeconds
+  };
+}
+function validateAccepts2(accepts, issues) {
+  return accepts.flatMap((accept, index) => {
+    const result = validateAccept2(accept, index, issues);
+    return result ? [result] : [];
+  });
+}
+
+// src/core/protocols/x402/v2/payment-options.ts
+function extractPaymentOptions2(accepts) {
+  return accepts.flatMap((accept) => {
+    if (!isRecord(accept)) return [];
+    const network = asNonEmptyString(accept.network);
+    const asset = asNonEmptyString(accept.asset);
+    const amount = asNonEmptyString(accept.amount);
+    if (!network || !asset || !amount) return [];
+    const scheme = asNonEmptyString(accept.scheme);
+    const payTo = asNonEmptyString(accept.payTo);
+    const maxTimeoutSeconds = asPositiveNumber(accept.maxTimeoutSeconds);
+    return [
+      {
+        protocol: "x402",
+        version: 2,
+        network,
+        asset,
+        amount,
+        ...scheme ? { scheme } : {},
+        ...payTo ? { payTo } : {},
+        ...maxTimeoutSeconds ? { maxTimeoutSeconds } : {}
+      }
+    ];
+  });
+}
+
+// src/core/protocols/x402/index.ts
+function parseVersion(payload) {
+  if (!isRecord(payload)) return void 0;
+  const v = payload.x402Version;
+  if (v === 1 || v === 2) return v;
+  return void 0;
+}
+function detectAuthHint(payload) {
+  if (isRecord(payload) && isRecord(payload.extensions)) {
+    if (payload.extensions["api-key"]) return "apiKey+paid";
+    if (payload.extensions["sign-in-with-x"]) return "siwx";
+  }
+  return "paid";
+}
+function extractPaymentOptions3(payload) {
+  if (!isRecord(payload)) return [];
+  const version = parseVersion(payload);
+  const accepts = Array.isArray(payload.accepts) ? payload.accepts : [];
+  if (version === 1) return extractPaymentOptions(accepts);
+  if (version === 2) return extractPaymentOptions2(accepts);
+  return [];
+}
+function extractSchemas3(payload) {
+  if (!isRecord(payload)) return {};
+  const version = parseVersion(payload);
+  if (version === 2) return extractSchemas2(payload);
+  if (version === 1) {
+    const accepts = Array.isArray(payload.accepts) ? payload.accepts : [];
+    return extractSchemas(accepts);
+  }
+  return {};
+}
+function parseInputSchema(payload) {
+  return extractSchemas3(payload).inputSchema;
+}
+function parseOutputSchema(payload) {
+  return extractSchemas3(payload).outputSchema;
+}
+
+// src/core/protocols/x402/v1/parse-payment-required.ts
+async function parsePaymentRequiredBody(response) {
+  const payload = await response.clone().json();
+  if (!isRecord(payload) || payload.x402Version !== 1) return null;
+  return payload;
+}
+
+// src/core/protocols/x402/v2/parse-payment-required.ts
+function parsePaymentRequiredBody2(headerValue) {
+  const payload = JSON.parse(atob(headerValue));
+  if (!isRecord(payload) || payload.x402Version !== 2) return null;
+  return payload;
+}
+
+// src/core/source/probe/index.ts
+function isUsableStatus(status) {
+  return status === 402 || status >= 200 && status < 300;
+}
+function detectProtocols(response) {
+  const protocols = /* @__PURE__ */ new Set();
+  const directHeader = response.headers.get("x-payment-protocol");
+  if (directHeader) {
+    for (const part of directHeader.split(",")) {
+      const protocol = part.trim().toLowerCase();
+      if (protocol) protocols.add(protocol);
+    }
+  }
+  const authHeader = response.headers.get("www-authenticate")?.toLowerCase() ?? "";
+  if (authHeader.includes("x402")) protocols.add("x402");
+  if (isMmmEnabled() && authHeader.includes("mpp")) protocols.add("mpp");
   return [...protocols];
 }
-async function runProbeStage(options) {
-  const candidates = options.probeCandidates ?? [];
-  if (candidates.length === 0) {
-    return {
-      stage: "probe",
-      valid: false,
-      resources: [],
-      warnings: [
-        warning(
-          "PROBE_STAGE_SKIPPED",
-          "info",
-          "Probe stage skipped because no probe candidates were provided.",
-          { stage: "probe" }
-        )
-      ]
-    };
+function buildProbeUrl(url, method, inputBody) {
+  if (!inputBody || method !== "GET" && method !== "HEAD") return url;
+  const u = new URL(url);
+  for (const [key, value] of Object.entries(inputBody)) {
+    u.searchParams.set(key, String(value));
   }
-  const resources = [];
-  const warnings = [];
-  for (const candidate of candidates) {
-    const path = normalizePath(candidate.path);
-    const methods = candidate.methods?.length ? candidate.methods : DEFAULT_PROBE_METHODS;
-    for (const method of methods) {
-      const url = `${options.origin}${path}`;
-      try {
-        const response = await options.fetcher(url, {
-          method,
-          headers: {
-            Accept: "application/json, text/plain;q=0.9, */*;q=0.8",
-            ...options.headers
-          },
-          signal: options.signal
-        });
-        if (response.status !== 402 && (response.status < 200 || response.status >= 300)) {
-          continue;
-        }
+  return u.toString();
+}
+function probeMethod(url, method, path, headers, signal, inputBody) {
+  const hasBody = inputBody !== void 0 && method !== "GET" && method !== "HEAD";
+  const probeUrl = buildProbeUrl(url, method, inputBody);
+  return fetchSafe(probeUrl, {
+    method,
+    headers: {
+      Accept: "application/json, text/plain;q=0.9, */*;q=0.8",
+      ...hasBody ? { "Content-Type": "application/json" } : {},
+      ...headers
+    },
+    ...hasBody ? { body: JSON.stringify(inputBody) } : {},
+    signal
+  }).andThen((response) => {
+    if (!isUsableStatus(response.status)) return import_neverthrow4.ResultAsync.fromSafePromise(Promise.resolve(null));
+    return import_neverthrow4.ResultAsync.fromSafePromise(
+      (async () => {
         let authHint = response.status === 402 ? "paid" : "unprotected";
+        let paymentRequiredBody;
         if (response.status === 402) {
           try {
-            const payload = await response.clone().json();
-            authHint = detectAuthHintFrom402Payload(payload);
+            const headerValue = response.headers.get("payment-required");
+            const parsed = headerValue !== null ? parsePaymentRequiredBody2(headerValue) : await parsePaymentRequiredBody(response);
+            if (parsed !== null) {
+              paymentRequiredBody = parsed;
+              authHint = detectAuthHint(paymentRequiredBody);
+            }
           } catch {
           }
         }
-        const protocolHints = detectProtocols(response);
-        resources.push(
-          createResource(
-            {
-              origin: options.origin,
-              method,
-              path,
-              source: "probe",
-              summary: `${method} ${path}`,
-              authHint,
-              ...protocolHints.length ? { protocolHints } : {}
-            },
-            0.6,
-            "runtime_verified"
-          )
-        );
-      } catch (error) {
-        warnings.push(
-          warning(
-            "FETCH_FAILED",
-            "info",
-            `Probe ${method} ${path} failed: ${error instanceof Error ? error.message : String(error)}`,
-            { stage: "probe" }
-          )
-        );
-      }
+        const protocols = detectProtocols(response);
+        const wwwAuthenticate = response.headers.get("www-authenticate") ?? void 0;
+        return {
+          path,
+          method,
+          authHint,
+          ...protocols.length ? { protocols } : {},
+          ...paymentRequiredBody !== void 0 ? { paymentRequiredBody } : {},
+          ...wwwAuthenticate ? { wwwAuthenticate } : {}
+        };
+      })()
+    );
+  });
+}
+function getProbe(url, headers, signal, inputBody) {
+  const path = normalizePath(new URL(url).pathname || "/");
+  return import_neverthrow4.ResultAsync.fromSafePromise(
+    Promise.all(
+      [...HTTP_METHODS].map(
+        (method) => probeMethod(url, method, path, headers, signal, inputBody).match(
+          (result) => result,
+          () => null
+        )
+      )
+    ).then((results) => results.filter((r) => r !== null))
+  );
+}
+
+// src/core/protocols/mpp/index.ts
+var TEMPO_DEFAULT_CHAIN_ID = 4217;
+function parseAuthParams(segment) {
+  const params = {};
+  const re = /(\w+)=(?:"([^"]*)"|'([^']*)')/g;
+  let match;
+  while ((match = re.exec(segment)) !== null) {
+    params[match[1]] = match[2] ?? match[3] ?? "";
+  }
+  return params;
+}
+function extractPaymentOptions4(wwwAuthenticate) {
+  if (!isMmmEnabled() || !wwwAuthenticate) return [];
+  const options = [];
+  for (const segment of wwwAuthenticate.split(/,\s*(?=Payment\s)/i)) {
+    const stripped = segment.replace(/^Payment\s+/i, "").trim();
+    const params = parseAuthParams(stripped);
+    const paymentMethod = params["method"];
+    const intent = params["intent"];
+    const realm = params["realm"];
+    const description = params["description"];
+    const requestStr = params["request"];
+    if (!paymentMethod || !intent || !realm || !requestStr) continue;
+    let request;
+    try {
+      const parsed = JSON.parse(requestStr);
+      if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) continue;
+      request = parsed;
+    } catch {
+      continue;
     }
+    const asset = typeof request["currency"] === "string" ? request["currency"] : void 0;
+    const amountRaw = request["amount"];
+    const amount = typeof amountRaw === "string" ? amountRaw : typeof amountRaw === "number" ? String(amountRaw) : void 0;
+    const decimals = typeof request["decimals"] === "number" ? request["decimals"] : void 0;
+    const payTo = typeof request["recipient"] === "string" ? request["recipient"] : void 0;
+    const methodDetails = request["methodDetails"];
+    const chainId = methodDetails !== null && typeof methodDetails === "object" && !Array.isArray(methodDetails) && typeof methodDetails["chainId"] === "number" ? methodDetails["chainId"] : TEMPO_DEFAULT_CHAIN_ID;
+    if (!asset || !amount) continue;
+    options.push({
+      protocol: "mpp",
+      // isMmmEnabled
+      paymentMethod,
+      intent,
+      realm,
+      network: `tempo:${String(chainId)}`,
+      // isMmmEnabled
+      asset,
+      amount,
+      ...decimals != null ? { decimals } : {},
+      ...payTo ? { payTo } : {},
+      ...description ? { description } : {}
+    });
   }
-  return {
-    stage: "probe",
-    valid: resources.length > 0,
-    resources,
-    warnings
-  };
+  return options;
 }
 
-// src/core/upgrade.ts
-var UPGRADE_WARNING_CODES = [
-  "LEGACY_WELL_KNOWN_USED",
-  "LEGACY_DNS_USED",
-  "LEGACY_DNS_PLAIN_URL",
-  "LEGACY_INSTRUCTIONS_USED",
-  "LEGACY_OWNERSHIP_PROOFS_USED",
-  "OPENAPI_AUTH_MODE_MISSING",
-  "OPENAPI_TOP_LEVEL_INVALID"
-];
-var UPGRADE_WARNING_CODE_SET = new Set(UPGRADE_WARNING_CODES);
-function computeUpgradeSignal(warnings) {
-  const reasons = warnings.map((entry) => entry.code).filter((code, index, list) => list.indexOf(code) === index).filter((code) => UPGRADE_WARNING_CODE_SET.has(code));
+// src/core/layers/l3.ts
+function findMatchingOpenApiPath(paths, targetPath) {
+  const exact = paths[targetPath];
+  if (isRecord(exact)) return { matchedPath: targetPath, pathItem: exact };
+  for (const [specPath, entry] of Object.entries(paths)) {
+    if (!isRecord(entry)) continue;
+    const pattern = specPath.replace(/\{[^}]+\}/g, "[^/]+");
+    const regex = new RegExp(`^${pattern}$`);
+    if (regex.test(targetPath)) {
+      return { matchedPath: specPath, pathItem: entry };
+    }
+  }
+  return null;
+}
+function resolveRef(document, ref, seen) {
+  if (!ref.startsWith("#/")) return void 0;
+  if (seen.has(ref)) return { $circular: ref };
+  seen.add(ref);
+  const parts = ref.slice(2).split("/");
+  let current = document;
+  for (const part of parts) {
+    if (!isRecord(current)) return void 0;
+    current = current[part];
+    if (current === void 0) return void 0;
+  }
+  if (isRecord(current)) return resolveRefs(document, current, seen);
+  return current;
+}
+function resolveRefs(document, obj, seen, depth = 0) {
+  if (depth > 4) return obj;
+  const resolved = {};
+  for (const [key, value] of Object.entries(obj)) {
+    if (key === "$ref" && typeof value === "string") {
+      const deref = resolveRef(document, value, seen);
+      if (isRecord(deref)) {
+        Object.assign(resolved, deref);
+      } else {
+        resolved[key] = value;
+      }
+      continue;
+    }
+    if (isRecord(value)) {
+      resolved[key] = resolveRefs(document, value, seen, depth + 1);
+      continue;
+    }
+    if (Array.isArray(value)) {
+      resolved[key] = value.map(
+        (item) => isRecord(item) ? resolveRefs(document, item, seen, depth + 1) : item
+      );
+      continue;
+    }
+    resolved[key] = value;
+  }
+  return resolved;
+}
+function extractRequestBodySchema(operationSchema) {
+  const requestBody = operationSchema.requestBody;
+  if (!isRecord(requestBody)) return void 0;
+  const content = requestBody.content;
+  if (!isRecord(content)) return void 0;
+  const jsonMediaType = content["application/json"];
+  if (isRecord(jsonMediaType) && isRecord(jsonMediaType.schema)) {
+    return jsonMediaType.schema;
+  }
+  for (const mediaType of Object.values(content)) {
+    if (isRecord(mediaType) && isRecord(mediaType.schema)) {
+      return mediaType.schema;
+    }
+  }
+  return void 0;
+}
+function extractParameters(operationSchema) {
+  const params = operationSchema.parameters;
+  if (!Array.isArray(params)) return [];
+  return params.filter((value) => isRecord(value));
+}
+function extractInputSchema(operationSchema) {
+  const requestBody = extractRequestBodySchema(operationSchema);
+  const parameters = extractParameters(operationSchema);
+  if (!requestBody && parameters.length === 0) return void 0;
+  if (requestBody && parameters.length === 0) return requestBody;
   return {
-    upgradeSuggested: reasons.length > 0,
-    upgradeReasons: reasons
+    ...requestBody ? { requestBody } : {},
+    ...parameters.length > 0 ? { parameters } : {}
   };
 }
-
-// src/core/discovery.ts
-function mergeResources(target, incoming, resourceWarnings) {
-  const warnings = [];
-  for (const resource of incoming) {
-    const existing = target.get(resource.resourceKey);
-    if (!existing) {
-      target.set(resource.resourceKey, resource);
-      continue;
-    }
-    const conflict = existing.authHint !== resource.authHint || existing.priceHint !== resource.priceHint || JSON.stringify(existing.protocolHints ?? []) !== JSON.stringify(resource.protocolHints ?? []);
-    if (conflict) {
-      const conflictWarning = warning(
-        "CROSS_SOURCE_CONFLICT",
-        "warn",
-        `Resource conflict for ${resource.resourceKey}; keeping higher-precedence source ${existing.source} over ${resource.source}.`,
-        {
-          resourceKey: resource.resourceKey
-        }
-      );
-      warnings.push(conflictWarning);
-      resourceWarnings[resource.resourceKey] = [
-        ...resourceWarnings[resource.resourceKey] ?? [],
-        conflictWarning
-      ];
-      continue;
+function parseOperationPrice(operation) {
+  const paymentInfo = operation["x-payment-info"];
+  if (!isRecord(paymentInfo)) return void 0;
+  function toFiniteNumber(value) {
+    if (typeof value === "number" && Number.isFinite(value)) return value;
+    if (typeof value === "string" && value.trim().length > 0) {
+      const parsed = Number(value);
+      if (Number.isFinite(parsed)) return parsed;
     }
-    target.set(resource.resourceKey, {
-      ...existing,
-      summary: existing.summary ?? resource.summary,
-      links: { ...resource.links, ...existing.links },
-      confidence: Math.max(existing.confidence ?? 0, resource.confidence ?? 0)
-    });
+    return void 0;
   }
-  return warnings;
+  const fixed = toFiniteNumber(paymentInfo.price);
+  if (fixed != null) return `$${String(fixed)}`;
+  const min = toFiniteNumber(paymentInfo.minPrice);
+  const max = toFiniteNumber(paymentInfo.maxPrice);
+  if (min != null && max != null) return `$${String(min)}-$${String(max)}`;
+  return void 0;
 }
-function toTrace(stageResult, startedAt) {
+function parseOperationProtocols(operation) {
+  const paymentInfo = operation["x-payment-info"];
+  if (!isRecord(paymentInfo) || !Array.isArray(paymentInfo.protocols)) return void 0;
+  const protocols = paymentInfo.protocols.filter(
+    (protocol) => typeof protocol === "string" && protocol.length > 0 && (protocol !== "mpp" || isMmmEnabled())
+  );
+  return protocols.length > 0 ? protocols : void 0;
+}
+function getL3ForOpenAPI(openApi, path, method) {
+  const document = openApi.raw;
+  const paths = isRecord(document.paths) ? document.paths : void 0;
+  if (!paths) return null;
+  const matched = findMatchingOpenApiPath(paths, path);
+  if (!matched) return null;
+  const operation = matched.pathItem[method.toLowerCase()];
+  if (!isRecord(operation)) return null;
+  const resolvedOperation = resolveRefs(document, operation, /* @__PURE__ */ new Set());
+  const summary = typeof resolvedOperation.summary === "string" ? resolvedOperation.summary : typeof resolvedOperation.description === "string" ? resolvedOperation.description : void 0;
   return {
-    stage: stageResult.stage,
-    attempted: true,
-    valid: stageResult.valid,
-    resourceCount: stageResult.resources.length,
-    durationMs: Date.now() - startedAt,
-    warnings: stageResult.warnings,
-    ...stageResult.links ? { links: stageResult.links } : {}
+    source: "openapi",
+    ...summary ? { summary } : {},
+    authMode: inferAuthMode(resolvedOperation) ?? void 0,
+    estimatedPrice: parseOperationPrice(resolvedOperation),
+    protocols: parseOperationProtocols(resolvedOperation),
+    inputSchema: extractInputSchema(resolvedOperation),
+    outputSchema: resolvedOperation
   };
 }
-async function runOverrideStage(options) {
-  const warnings = [];
-  for (const overrideUrl of options.overrideUrls) {
-    const normalized = overrideUrl.trim();
-    if (!normalized) continue;
-    try {
-      const response = await options.fetcher(normalized, {
-        method: "GET",
-        headers: { Accept: "application/json, text/plain;q=0.9", ...options.headers },
-        signal: options.signal
-      });
-      if (!response.ok) {
-        warnings.push(
-          warning(
-            "FETCH_FAILED",
-            "warn",
-            `Override fetch failed (${response.status}) at ${normalized}`,
-            {
-              stage: "override"
-            }
-          )
-        );
-        continue;
-      }
-      const bodyText = await response.text();
-      let parsedJson;
-      try {
-        parsedJson = JSON.parse(bodyText);
-      } catch {
-        parsedJson = void 0;
-      }
-      if (parsedJson && typeof parsedJson === "object" && !Array.isArray(parsedJson) && "openapi" in parsedJson && "paths" in parsedJson) {
-        const openapiResult = await runOpenApiStage({
-          origin: options.origin,
-          fetcher: async (input, init) => {
-            const inputString = String(input);
-            if (inputString === `${options.origin}/openapi.json` || inputString === `${options.origin}/.well-known/openapi.json`) {
-              return new Response(bodyText, {
-                status: 200,
-                headers: { "content-type": "application/json" }
-              });
-            }
-            return options.fetcher(input, init);
-          },
-          headers: options.headers,
-          signal: options.signal,
-          includeRaw: options.includeRaw
-        });
-        return {
-          ...openapiResult,
-          stage: "override",
-          warnings: [
-            warning("OVERRIDE_USED", "info", `Using explicit override source ${normalized}`, {
-              stage: "override"
-            }),
-            ...openapiResult.warnings
-          ]
-        };
-      }
-      if (parsedJson && typeof parsedJson === "object" && !Array.isArray(parsedJson)) {
-        const parsedWellKnown = parseWellKnownPayload(parsedJson, options.origin, normalized);
-        if (parsedWellKnown.resources.length > 0) {
-          return {
-            stage: "override",
-            valid: true,
-            resources: parsedWellKnown.resources,
-            warnings: [
-              warning("OVERRIDE_USED", "info", `Using explicit override source ${normalized}`, {
-                stage: "override"
-              }),
-              ...parsedWellKnown.warnings
-            ],
-            links: { discoveryUrl: normalized },
-            ...options.includeRaw ? { raw: parsedWellKnown.raw } : {}
-          };
-        }
-      }
-    } catch (error) {
-      warnings.push(
-        warning(
-          "FETCH_FAILED",
-          "warn",
-          `Override fetch exception at ${normalized}: ${error instanceof Error ? error.message : String(error)}`,
-          { stage: "override" }
-        )
-      );
-      continue;
-    }
-    const fallbackWellKnownResult = await runWellKnownX402Stage({
-      origin: options.origin,
-      url: normalized,
-      fetcher: options.fetcher,
-      headers: options.headers,
-      signal: options.signal,
-      includeRaw: options.includeRaw
-    });
-    if (fallbackWellKnownResult.valid) {
-      return {
-        ...fallbackWellKnownResult,
-        stage: "override",
-        warnings: [
-          warning("OVERRIDE_USED", "info", `Using explicit override source ${normalized}`, {
-            stage: "override"
-          }),
-          ...fallbackWellKnownResult.warnings
-        ]
-      };
-    }
-    warnings.push(...fallbackWellKnownResult.warnings);
-  }
+function getL3ForProbe(probe, path, method) {
+  const probeResult = probe.find((r) => r.path === path && r.method === method);
+  if (!probeResult) return null;
+  const inputSchema = probeResult.paymentRequiredBody ? parseInputSchema(probeResult.paymentRequiredBody) : void 0;
+  const outputSchema = probeResult.paymentRequiredBody ? parseOutputSchema(probeResult.paymentRequiredBody) : void 0;
+  const paymentOptions = [
+    ...probeResult.paymentRequiredBody ? extractPaymentOptions3(probeResult.paymentRequiredBody) : [],
+    ...isMmmEnabled() ? extractPaymentOptions4(probeResult.wwwAuthenticate) : []
+    // isMmmEnabled
+  ];
   return {
-    stage: "override",
-    valid: false,
-    resources: [],
-    warnings
+    source: "probe",
+    authMode: probeResult.authHint,
+    ...probeResult.protocols?.length ? { protocols: probeResult.protocols } : {},
+    ...inputSchema ? { inputSchema } : {},
+    ...outputSchema ? { outputSchema } : {},
+    ...paymentOptions.length ? { paymentOptions } : {}
   };
 }
-async function runDiscovery({
-  detailed,
-  options
-}) {
-  const fetcher = options.fetcher ?? fetch;
-  const compatMode = options.compatMode ?? DEFAULT_COMPAT_MODE;
-  const strictCompat = compatMode === "strict";
-  const rawView = detailed ? options.rawView ?? "none" : "none";
-  const includeRaw = rawView === "full";
-  const includeInteropMpp = detailed && Boolean(options.includeInteropMpp);
-  const origin = normalizeOrigin(options.target);
-  const warnings = [];
-  const trace = [];
-  const resourceWarnings = {};
-  const rawSources = {};
-  const merged = /* @__PURE__ */ new Map();
-  if (compatMode !== "off") {
-    warnings.push(
-      warning(
-        "COMPAT_MODE_ENABLED",
-        compatMode === "strict" ? "warn" : "info",
-        `Compatibility mode is '${compatMode}'. Legacy adapters are active.`
-      )
-    );
-  }
-  const stages = [];
-  if (options.overrideUrls && options.overrideUrls.length > 0) {
-    stages.push(
-      () => runOverrideStage({
-        origin,
-        overrideUrls: options.overrideUrls ?? [],
-        fetcher,
-        headers: options.headers,
-        signal: options.signal,
-        includeRaw
-      })
-    );
-  }
-  stages.push(
-    () => runOpenApiStage({
-      origin,
-      fetcher,
-      headers: options.headers,
-      signal: options.signal,
-      includeRaw
-    })
-  );
-  if (compatMode !== "off") {
-    stages.push(
-      () => runWellKnownX402Stage({
-        origin,
-        fetcher,
-        headers: options.headers,
-        signal: options.signal,
-        includeRaw
-      })
+function getL3(openApi, probe, path, method) {
+  if (openApi) return getL3ForOpenAPI(openApi, path, method);
+  return getL3ForProbe(probe, path, method);
+}
+
+// src/runtime/check-endpoint.ts
+function getAdvisoriesForOpenAPI(openApi, path) {
+  return [...HTTP_METHODS].flatMap((method) => {
+    const l3 = getL3ForOpenAPI(openApi, path, method);
+    return l3 ? [{ method, ...l3 }] : [];
+  });
+}
+function getAdvisoriesForProbe(probe, path) {
+  return [...HTTP_METHODS].flatMap((method) => {
+    const l3 = getL3ForProbe(probe, path, method);
+    return l3 ? [{ method, ...l3 }] : [];
+  });
+}
+async function checkEndpointSchema(options) {
+  const endpoint = new URL(options.url);
+  const origin = normalizeOrigin(endpoint.origin);
+  const path = normalizePath(endpoint.pathname || "/");
+  if (options.sampleInputBody !== void 0) {
+    const probeResult2 = await getProbe(
+      options.url,
+      options.headers,
+      options.signal,
+      options.sampleInputBody
     );
-    stages.push(
-      () => runDnsStage({
+    if (probeResult2.isErr()) {
+      return {
+        found: false,
         origin,
-        fetcher,
-        txtResolver: options.txtResolver,
-        headers: options.headers,
-        signal: options.signal,
-        includeRaw
-      })
-    );
-    if (includeInteropMpp && isMmmEnabled()) {
-      stages.push(
-        () => runInteropMppStage({
-          origin,
-          fetcher,
-          headers: options.headers,
-          signal: options.signal,
-          includeRaw
-        })
-      );
-    }
-  }
-  stages.push(
-    () => runProbeStage({
-      origin,
-      fetcher,
-      headers: options.headers,
-      signal: options.signal,
-      probeCandidates: options.probeCandidates
-    })
-  );
-  let selectedStage;
-  for (const runStage of stages) {
-    const startedAt = Date.now();
-    const stageResult = await runStage();
-    stageResult.warnings = applyStrictEscalation(stageResult.warnings, strictCompat);
-    trace.push(toTrace(stageResult, startedAt));
-    warnings.push(...stageResult.warnings);
-    if (stageResult.resources.length > 0) {
-      for (const stageWarning of stageResult.warnings) {
-        if (stageWarning.resourceKey) {
-          resourceWarnings[stageWarning.resourceKey] = [
-            ...resourceWarnings[stageWarning.resourceKey] ?? [],
-            stageWarning
-          ];
-        }
-      }
-    }
-    if (!stageResult.valid) {
-      continue;
-    }
-    const mergeWarnings = mergeResources(merged, stageResult.resources, resourceWarnings);
-    warnings.push(...mergeWarnings);
-    if (includeRaw && stageResult.raw !== void 0) {
-      if (stageResult.stage === "openapi" || stageResult.stage === "override") {
-        const rawObject = stageResult.raw;
-        if (rawObject.openapi !== void 0) rawSources.openapi = rawObject.openapi;
-        if (typeof rawObject.llmsTxt === "string") rawSources.llmsTxt = rawObject.llmsTxt;
-      }
-      if (stageResult.stage === "well-known/x402" || stageResult.stage === "override") {
-        rawSources.wellKnownX402 = [...rawSources.wellKnownX402 ?? [], stageResult.raw];
-      }
-      if (stageResult.stage === "dns/_x402") {
-        const rawObject = stageResult.raw;
-        if (Array.isArray(rawObject.dnsRecords)) {
-          rawSources.dnsRecords = rawObject.dnsRecords;
-        }
-      }
-      if (stageResult.stage === "interop/mpp") {
-        rawSources.interopMpp = stageResult.raw;
-      }
-    }
-    if (!detailed) {
-      selectedStage = selectedStage ?? stageResult.stage;
-      break;
+        path,
+        cause: probeResult2.error.cause,
+        message: probeResult2.error.message
+      };
     }
-  }
-  if (merged.size === 0) {
-    warnings.push(
-      warning(
-        "NO_DISCOVERY_SOURCES",
-        "error",
-        "No discovery stage returned first-valid-non-empty results."
-      )
-    );
-  }
-  const dedupedWarnings = dedupeWarnings(warnings);
-  const upgradeSignal = computeUpgradeSignal(dedupedWarnings);
-  const resources = [...merged.values()];
-  if (!detailed) {
+    const advisories2 = getAdvisoriesForProbe(probeResult2.value, path);
+    if (advisories2.length > 0) return { found: true, origin, path, advisories: advisories2 };
+    return { found: false, origin, path, cause: "not_found" };
+  }
+  const openApiResult = await getOpenAPI(origin, options.headers, options.signal);
+  const openApi = openApiResult.isOk() ? openApiResult.value : null;
+  if (openApi) {
+    const advisories2 = getAdvisoriesForOpenAPI(openApi, path);
+    if (advisories2.length > 0) return { found: true, origin, path, advisories: advisories2 };
+    return { found: false, origin, path, cause: "not_found" };
+  }
+  const probeResult = await getProbe(options.url, options.headers, options.signal);
+  if (probeResult.isErr()) {
     return {
+      found: false,
       origin,
-      resources,
-      warnings: dedupedWarnings,
-      compatMode,
-      ...upgradeSignal,
-      ...selectedStage ? { selectedStage } : {}
+      path,
+      cause: probeResult.error.cause,
+      message: probeResult.error.message
     };
   }
-  return {
-    origin,
-    resources,
-    warnings: dedupedWarnings,
-    compatMode,
-    ...upgradeSignal,
-    selectedStage: trace.find((entry) => entry.valid)?.stage,
-    trace,
-    resourceWarnings,
-    ...includeRaw ? { rawSources } : {}
-  };
+  const advisories = getAdvisoriesForProbe(probeResult.value, path);
+  if (advisories.length > 0) return { found: true, origin, path, advisories };
+  return { found: false, origin, path, cause: "not_found" };
 }
 
-// src/validation/codes.ts
+// src/x402scan-validation/codes.ts
 var VALIDATION_CODES = {
   COINBASE_SCHEMA_INVALID: "COINBASE_SCHEMA_INVALID",
   X402_NOT_OBJECT: "X402_NOT_OBJECT",
@@ -1465,7 +1214,7 @@ var VALIDATION_CODES = {
   METADATA_OG_IMAGE_MISSING: "METADATA_OG_IMAGE_MISSING"
 };
 
-// src/validation/metadata.ts
+// src/x402scan-validation/metadata.ts
 function hasText(value) {
   return typeof value === "string" && value.trim().length > 0;
 }
@@ -1525,42 +1274,21 @@ function evaluateMetadataCompleteness(metadata) {
   return issues;
 }
 
-// src/validation/payment-required.ts
-var import_schemas = require("@x402/core/schemas");
-var SOLANA_CANONICAL_BY_REF = {
-  "5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp": "solana",
-  EtWTRABZaYq6iMfeYKouRu166VU2xqa1: "solana-devnet",
-  "4uhcVJyU9pJkvQyS88uRDiswHXSCkY3z": "solana-testnet"
-};
-var SOLANA_ALIAS_BY_REF = {
-  mainnet: "solana",
-  devnet: "solana-devnet",
-  testnet: "solana-testnet"
-};
-function isRecord4(value) {
+// src/x402scan-validation/payment-required.ts
+var import_schemas3 = require("@x402/core/schemas");
+
+// src/flags.ts
+var DEFAULT_COMPAT_MODE = "on";
+
+// src/x402scan-validation/payment-required.ts
+function isRecord2(value) {
   return typeof value === "object" && value !== null && !Array.isArray(value);
 }
-function asNonEmptyString(value) {
-  if (typeof value !== "string") return void 0;
-  const trimmed = value.trim();
-  return trimmed.length > 0 ? trimmed : void 0;
-}
-function asPositiveNumber(value) {
-  return typeof value === "number" && Number.isFinite(value) && value > 0 ? value : void 0;
-}
-function pushIssue(issues, issue) {
-  issues.push({
-    stage: issue.stage ?? "payment_required",
-    ...issue
-  });
+function pushIssue2(issues, issue) {
+  issues.push({ stage: "payment_required", ...issue });
 }
 function summarizeIssues(issues) {
-  const summary = {
-    errorCount: 0,
-    warnCount: 0,
-    infoCount: 0,
-    byCode: {}
-  };
+  const summary = { errorCount: 0, warnCount: 0, infoCount: 0, byCode: {} };
   for (const issue of issues) {
     if (issue.severity === "error") summary.errorCount += 1;
     else if (issue.severity === "warn") summary.warnCount += 1;
@@ -1582,203 +1310,24 @@ function zodPathToString(path) {
   return out;
 }
 function parseWithCoinbaseStructuralGate(payload, issues) {
-  const baseParsed = (0, import_schemas.parsePaymentRequired)(payload);
-  if (baseParsed.success) {
-    return baseParsed.data;
-  }
+  const baseParsed = (0, import_schemas3.parsePaymentRequired)(payload);
+  if (baseParsed.success) return baseParsed.data;
   for (const issue of baseParsed.error.issues) {
-    pushIssue(issues, {
+    pushIssue2(issues, {
       code: VALIDATION_CODES.COINBASE_SCHEMA_INVALID,
       severity: "error",
       message: `Coinbase schema validation failed: ${issue.message}`,
       path: zodPathToString(issue.path),
       actual: issue.code
-    });
-  }
-  return void 0;
-}
-function validateV2Network(networkRaw, index, issues) {
-  if (!/^[^:\s]+:[^:\s]+$/.test(networkRaw)) {
-    pushIssue(issues, {
-      code: VALIDATION_CODES.NETWORK_CAIP2_INVALID,
-      severity: "error",
-      message: `Accept at index ${index} has invalid CAIP-2 network format`,
-      hint: "Expected '<namespace>:<reference>', e.g. 'eip155:8453' or 'solana:5eykt4...'.",
-      path: `accepts[${index}].network`,
-      expected: "<namespace>:<reference>",
-      actual: networkRaw
-    });
-    return void 0;
-  }
-  const [namespace, reference] = networkRaw.split(":");
-  if (namespace === "eip155") {
-    if (!/^\d+$/.test(reference)) {
-      pushIssue(issues, {
-        code: VALIDATION_CODES.NETWORK_EIP155_REFERENCE_INVALID,
-        severity: "error",
-        message: `Accept at index ${index} has invalid eip155 reference`,
-        hint: "Use a numeric chain id, e.g. 'eip155:8453'.",
-        path: `accepts[${index}].network`,
-        expected: "eip155:<numeric-chain-id>",
-        actual: networkRaw
-      });
-      return void 0;
-    }
-    return networkRaw;
-  }
-  if (namespace === "solana") {
-    const canonical = SOLANA_CANONICAL_BY_REF[reference];
-    if (canonical) return canonical;
-    const alias = SOLANA_ALIAS_BY_REF[reference];
-    if (alias) {
-      pushIssue(issues, {
-        code: VALIDATION_CODES.NETWORK_SOLANA_ALIAS_COMPAT,
-        severity: "warn",
-        message: `Accept at index ${index} uses compatibility Solana reference '${reference}'`,
-        hint: "Use canonical Solana CAIP references for deterministic behavior.",
-        path: `accepts[${index}].network`,
-        actual: networkRaw
-      });
-      return alias;
-    }
-    pushIssue(issues, {
-      code: VALIDATION_CODES.NETWORK_REFERENCE_UNKNOWN,
-      severity: "error",
-      message: `Accept at index ${index} uses unknown Solana reference '${reference}'`,
-      hint: "Use canonical references for mainnet/devnet/testnet.",
-      path: `accepts[${index}].network`,
-      actual: networkRaw
-    });
-    return void 0;
-  }
-  return networkRaw;
-}
-function validateV1Network(networkRaw, index, issues) {
-  if (networkRaw === "solana-mainnet-beta") {
-    pushIssue(issues, {
-      code: VALIDATION_CODES.NETWORK_SOLANA_ALIAS_INVALID,
-      severity: "error",
-      message: `Accept at index ${index} uses invalid Solana network alias`,
-      hint: "Use 'solana' (v1) or canonical Solana CAIP reference (v2).",
-      path: `accepts[${index}].network`,
-      expected: "solana",
-      actual: networkRaw
-    });
-    return void 0;
-  }
-  if (networkRaw.startsWith("solana-") && networkRaw !== "solana-devnet") {
-    pushIssue(issues, {
-      code: VALIDATION_CODES.NETWORK_SOLANA_ALIAS_INVALID,
-      severity: "error",
-      message: `Accept at index ${index} uses unsupported Solana network alias`,
-      hint: "Use 'solana' or 'solana-devnet' for v1 payloads.",
-      path: `accepts[${index}].network`,
-      actual: networkRaw
-    });
-    return void 0;
-  }
-  if (networkRaw.includes(":")) {
-    return validateV2Network(networkRaw, index, issues);
-  }
-  return networkRaw;
-}
-function validateAccept(acceptRaw, index, version, issues) {
-  if (!isRecord4(acceptRaw)) {
-    pushIssue(issues, {
-      code: VALIDATION_CODES.X402_ACCEPT_ENTRY_INVALID,
-      severity: "error",
-      message: `Accept at index ${index} must be an object`,
-      path: `accepts[${index}]`
-    });
-    return null;
-  }
-  const scheme = asNonEmptyString(acceptRaw.scheme);
-  const networkRaw = asNonEmptyString(acceptRaw.network);
-  const payTo = asNonEmptyString(acceptRaw.payTo);
-  const asset = asNonEmptyString(acceptRaw.asset);
-  const maxTimeoutSeconds = asPositiveNumber(acceptRaw.maxTimeoutSeconds);
-  const amount = version === 2 ? asNonEmptyString(acceptRaw.amount) : asNonEmptyString(acceptRaw.maxAmountRequired);
-  if (!scheme) {
-    pushIssue(issues, {
-      code: VALIDATION_CODES.X402_ACCEPT_ENTRY_INVALID,
-      severity: "error",
-      message: `Accept at index ${index} is missing scheme`,
-      path: `accepts[${index}].scheme`
-    });
-  }
-  if (!networkRaw) {
-    pushIssue(issues, {
-      code: VALIDATION_CODES.X402_ACCEPT_ENTRY_INVALID,
-      severity: "error",
-      message: `Accept at index ${index} is missing network`,
-      path: `accepts[${index}].network`
-    });
-  }
-  if (!amount) {
-    pushIssue(issues, {
-      code: VALIDATION_CODES.X402_ACCEPT_ENTRY_INVALID,
-      severity: "error",
-      message: `Accept at index ${index} is missing ${version === 2 ? "amount" : "maxAmountRequired"}`,
-      path: `accepts[${index}].${version === 2 ? "amount" : "maxAmountRequired"}`
-    });
-  }
-  if (!payTo) {
-    pushIssue(issues, {
-      code: VALIDATION_CODES.X402_ACCEPT_ENTRY_INVALID,
-      severity: "error",
-      message: `Accept at index ${index} is missing payTo`,
-      path: `accepts[${index}].payTo`
-    });
-  }
-  if (!asset) {
-    pushIssue(issues, {
-      code: VALIDATION_CODES.X402_ACCEPT_ENTRY_INVALID,
-      severity: "error",
-      message: `Accept at index ${index} is missing asset`,
-      path: `accepts[${index}].asset`
-    });
-  }
-  if (!maxTimeoutSeconds) {
-    pushIssue(issues, {
-      code: VALIDATION_CODES.X402_ACCEPT_ENTRY_INVALID,
-      severity: "error",
-      message: `Accept at index ${index} is missing or has invalid maxTimeoutSeconds`,
-      path: `accepts[${index}].maxTimeoutSeconds`
-    });
-  }
-  let normalizedNetwork;
-  if (networkRaw) {
-    normalizedNetwork = version === 2 ? validateV2Network(networkRaw, index, issues) : validateV1Network(networkRaw, index, issues);
-  }
-  return {
-    index,
-    network: normalizedNetwork ?? networkRaw ?? "unknown",
-    networkRaw: networkRaw ?? "unknown",
-    scheme,
-    asset,
-    payTo,
-    amount,
-    maxTimeoutSeconds
-  };
+    });
+  }
+  return void 0;
 }
 function getSchemaPresence(payload, accepts, version) {
-  if (version === 1) {
-    const first = accepts[0];
-    if (!isRecord4(first)) {
-      return { hasInputSchema: false, hasOutputSchema: false };
-    }
-    const outputSchema = isRecord4(first.outputSchema) ? first.outputSchema : void 0;
-    return {
-      hasInputSchema: outputSchema?.input !== void 0 && outputSchema.input !== null,
-      hasOutputSchema: outputSchema?.output !== void 0 && outputSchema.output !== null
-    };
-  }
-  const extensions = isRecord4(payload.extensions) ? payload.extensions : void 0;
-  const bazaar = extensions && isRecord4(extensions.bazaar) ? extensions.bazaar : void 0;
-  const info = bazaar && isRecord4(bazaar.info) ? bazaar.info : void 0;
+  const schemas = version === 1 ? extractSchemas(accepts) : extractSchemas2(payload);
   return {
-    hasInputSchema: info?.input !== void 0 && info.input !== null,
-    hasOutputSchema: info?.output !== void 0 && info.output !== null
+    hasInputSchema: schemas.inputSchema !== void 0,
+    hasOutputSchema: schemas.outputSchema !== void 0
   };
 }
 function validatePaymentRequiredDetailed(payload, options = {}) {
@@ -1786,21 +1335,15 @@ function validatePaymentRequiredDetailed(payload, options = {}) {
   const compatMode = options.compatMode ?? DEFAULT_COMPAT_MODE;
   const requireInputSchema = options.requireInputSchema ?? true;
   const requireOutputSchema = options.requireOutputSchema ?? true;
-  if (!isRecord4(payload)) {
-    pushIssue(issues, {
+  if (!isRecord2(payload)) {
+    pushIssue2(issues, {
       code: VALIDATION_CODES.X402_NOT_OBJECT,
       severity: "error",
       message: "Payment required payload must be a JSON object",
       path: "$"
     });
-    if (options.metadata) {
-      issues.push(...evaluateMetadataCompleteness(options.metadata));
-    }
-    return {
-      valid: false,
-      issues,
-      summary: summarizeIssues(issues)
-    };
+    if (options.metadata) issues.push(...evaluateMetadataCompleteness(options.metadata));
+    return { valid: false, issues, summary: summarizeIssues(issues) };
   }
   const coinbaseParsed = parseWithCoinbaseStructuralGate(payload, issues);
   const versionRaw = payload.x402Version;
@@ -1808,14 +1351,14 @@ function validatePaymentRequiredDetailed(payload, options = {}) {
   if (versionRaw === 1 || versionRaw === 2) {
     version = versionRaw;
   } else if (versionRaw === void 0) {
-    pushIssue(issues, {
+    pushIssue2(issues, {
       code: VALIDATION_CODES.X402_VERSION_MISSING,
       severity: "error",
       message: "x402Version is required",
       path: "x402Version"
     });
   } else {
-    pushIssue(issues, {
+    pushIssue2(issues, {
       code: VALIDATION_CODES.X402_VERSION_UNSUPPORTED,
       severity: "error",
       message: `Unsupported x402Version '${String(versionRaw)}'`,
@@ -1827,14 +1370,14 @@ function validatePaymentRequiredDetailed(payload, options = {}) {
   const acceptsRaw = payload.accepts;
   let accepts = [];
   if (acceptsRaw === void 0) {
-    pushIssue(issues, {
+    pushIssue2(issues, {
       code: VALIDATION_CODES.X402_ACCEPTS_MISSING,
       severity: "error",
       message: "accepts is required",
       path: "accepts"
     });
   } else if (!Array.isArray(acceptsRaw)) {
-    pushIssue(issues, {
+    pushIssue2(issues, {
       code: VALIDATION_CODES.X402_ACCEPTS_INVALID,
       severity: "error",
       message: "accepts must be an array",
@@ -1843,7 +1386,7 @@ function validatePaymentRequiredDetailed(payload, options = {}) {
   } else {
     accepts = acceptsRaw;
     if (accepts.length === 0) {
-      pushIssue(issues, {
+      pushIssue2(issues, {
         code: VALIDATION_CODES.X402_ACCEPTS_EMPTY,
         severity: "error",
         message: "accepts must contain at least one payment requirement",
@@ -1851,52 +1394,45 @@ function validatePaymentRequiredDetailed(payload, options = {}) {
       });
     }
   }
-  const normalizedAccepts = [];
   if (version && Array.isArray(accepts)) {
-    accepts.forEach((accept, index) => {
-      const normalized = validateAccept(accept, index, version, issues);
-      if (normalized) normalizedAccepts.push(normalized);
-    });
+    const normalizedAccepts = version === 1 ? validateAccepts(accepts, issues) : validateAccepts2(accepts, issues);
     const schemaPresence = getSchemaPresence(payload, accepts, version);
     if (requireInputSchema && !schemaPresence.hasInputSchema) {
-      pushIssue(issues, {
+      pushIssue2(issues, {
         code: VALIDATION_CODES.SCHEMA_INPUT_MISSING,
         severity: "error",
         message: "Input schema is missing",
         hint: "Include input schema details so clients can invoke the endpoint correctly.",
-        path: version === 1 ? "accepts[0].outputSchema.input" : "extensions.bazaar.info.input"
+        path: version === 1 ? "accepts[0].outputSchema.input" : "extensions.bazaar.schema.properties.input"
       });
     }
     if (requireOutputSchema && !schemaPresence.hasOutputSchema) {
-      pushIssue(issues, {
+      pushIssue2(issues, {
         code: VALIDATION_CODES.SCHEMA_OUTPUT_MISSING,
         severity: outputSchemaMissingSeverity(compatMode),
         message: "Output schema is missing",
         hint: "Include output schema details so clients can validate responses.",
-        path: version === 1 ? "accepts[0].outputSchema.output" : "extensions.bazaar.info.output"
+        path: version === 1 ? "accepts[0].outputSchema.output" : "extensions.bazaar.schema.properties.output"
       });
     }
-    if (options.metadata) {
-      issues.push(...evaluateMetadataCompleteness(options.metadata));
-    }
+    if (options.metadata) issues.push(...evaluateMetadataCompleteness(options.metadata));
     const summary2 = summarizeIssues(issues);
+    const normalized = {
+      version,
+      accepts: normalizedAccepts,
+      hasInputSchema: schemaPresence.hasInputSchema,
+      hasOutputSchema: schemaPresence.hasOutputSchema
+    };
     return {
       valid: summary2.errorCount === 0,
       version,
       parsed: coinbaseParsed ?? payload,
-      normalized: {
-        version,
-        accepts: normalizedAccepts,
-        hasInputSchema: schemaPresence.hasInputSchema,
-        hasOutputSchema: schemaPresence.hasOutputSchema
-      },
+      normalized,
       issues,
       summary: summary2
     };
   }
-  if (options.metadata) {
-    issues.push(...evaluateMetadataCompleteness(options.metadata));
-  }
+  if (options.metadata) issues.push(...evaluateMetadataCompleteness(options.metadata));
   const summary = summarizeIssues(issues);
   return {
     valid: summary.errorCount === 0,
@@ -1907,660 +1443,203 @@ function validatePaymentRequiredDetailed(payload, options = {}) {
   };
 }
 
-// src/adapters/mcp.ts
-var DEFAULT_GUIDANCE_AUTO_INCLUDE_MAX_TOKENS = 1e3;
-var OPENAPI_METHODS = [
-  "GET",
-  "POST",
-  "PUT",
-  "DELETE",
-  "PATCH",
-  "HEAD",
-  "OPTIONS",
-  "TRACE"
-];
-function isRecord5(value) {
-  return value != null && typeof value === "object" && !Array.isArray(value);
-}
-function toFiniteNumber(value) {
-  if (typeof value === "number" && Number.isFinite(value)) return value;
-  if (typeof value === "string" && value.trim().length > 0) {
-    const parsed = Number(value);
-    if (Number.isFinite(parsed)) return parsed;
-  }
-  return void 0;
-}
-function formatPriceHintFromResource(resource) {
-  const pricing = resource.pricing;
-  if (pricing) {
-    if (pricing.pricingMode === "fixed" && pricing.price) {
-      return pricing.price.startsWith("$") ? pricing.price : `$${pricing.price}`;
-    }
-    if (pricing.pricingMode === "range" && pricing.minPrice && pricing.maxPrice) {
-      const min = pricing.minPrice.startsWith("$") ? pricing.minPrice : `$${pricing.minPrice}`;
-      const max = pricing.maxPrice.startsWith("$") ? pricing.maxPrice : `$${pricing.maxPrice}`;
-      return `${min}-${max}`;
-    }
+// src/audit/codes.ts
+var AUDIT_CODES = {
+  // ─── Source presence ─────────────────────────────────────────────────────────
+  OPENAPI_NOT_FOUND: "OPENAPI_NOT_FOUND",
+  WELLKNOWN_NOT_FOUND: "WELLKNOWN_NOT_FOUND",
+  // ─── OpenAPI quality ─────────────────────────────────────────────────────────
+  OPENAPI_NO_ROUTES: "OPENAPI_NO_ROUTES",
+  // ─── L2 route-list checks ────────────────────────────────────────────────────
+  L2_NO_ROUTES: "L2_NO_ROUTES",
+  L2_ROUTE_COUNT_HIGH: "L2_ROUTE_COUNT_HIGH",
+  L2_AUTH_MODE_MISSING: "L2_AUTH_MODE_MISSING",
+  L2_PRICE_MISSING_ON_PAID: "L2_PRICE_MISSING_ON_PAID",
+  L2_PROTOCOLS_MISSING_ON_PAID: "L2_PROTOCOLS_MISSING_ON_PAID",
+  // ─── L3 endpoint advisory checks ─────────────────────────────────────────────
+  L3_NOT_FOUND: "L3_NOT_FOUND",
+  L3_INPUT_SCHEMA_MISSING: "L3_INPUT_SCHEMA_MISSING",
+  L3_AUTH_MODE_MISSING: "L3_AUTH_MODE_MISSING",
+  L3_PROTOCOLS_MISSING_ON_PAID: "L3_PROTOCOLS_MISSING_ON_PAID",
+  // ─── L4 guidance checks ──────────────────────────────────────────────────────
+  L4_GUIDANCE_MISSING: "L4_GUIDANCE_MISSING",
+  L4_GUIDANCE_TOO_LONG: "L4_GUIDANCE_TOO_LONG"
+};
+
+// src/audit/warnings.ts
+var GUIDANCE_TOO_LONG_CHARS = 4e3;
+var ROUTE_COUNT_HIGH = 40;
+function getWarningsForOpenAPI(openApi) {
+  if (openApi === null) {
+    return [
+      {
+        code: AUDIT_CODES.OPENAPI_NOT_FOUND,
+        severity: "info",
+        message: "No OpenAPI specification found at this origin.",
+        hint: "Expose an OpenAPI spec (e.g. /openapi.json) for richer discovery."
+      }
+    ];
   }
-  if (!resource.priceHint) return void 0;
-  const hint = resource.priceHint.trim();
-  if (hint.length === 0) return void 0;
-  if (hint.startsWith("$")) return hint;
-  if (hint.includes("-")) {
-    const [min, max] = hint.split("-", 2).map((part) => part.trim());
-    if (min && max) return `$${min}-$${max}`;
+  const warnings = [];
+  if (openApi.routes.length === 0) {
+    warnings.push({
+      code: AUDIT_CODES.OPENAPI_NO_ROUTES,
+      severity: "warn",
+      message: "OpenAPI spec found but contains no route definitions.",
+      hint: "Add paths to your OpenAPI spec so agents can discover endpoints.",
+      path: "paths"
+    });
   }
-  return `$${hint}`;
+  return warnings;
 }
-function deriveMcpAuthMode(resource) {
-  if (!resource) return void 0;
-  const hint = resource.authHint;
-  if (hint === "paid" || hint === "siwx" || hint === "apiKey" || hint === "unprotected") {
-    return hint;
+function getWarningsForWellKnown(wellKnown) {
+  if (wellKnown === null) {
+    return [
+      {
+        code: AUDIT_CODES.WELLKNOWN_NOT_FOUND,
+        severity: "info",
+        message: "No /.well-known/x402 resource found at this origin.",
+        hint: "Expose /.well-known/x402 as a fallback for agents that cannot read OpenAPI."
+      }
+    ];
   }
-  return void 0;
+  return [];
 }
-function inferFailureCause(warnings) {
-  const openapiWarnings = warnings.filter((w) => w.stage === "openapi");
-  const parseWarning = openapiWarnings.find(
-    (w) => w.code === "PARSE_FAILED" || w.code === "OPENAPI_TOP_LEVEL_INVALID" || w.code === "OPENAPI_OPERATION_INVALID" || w.code === "OPENAPI_PRICING_INVALID"
-  );
-  if (parseWarning) {
-    return { cause: "parse", message: parseWarning.message };
+function getWarningsForL2(l2) {
+  const warnings = [];
+  if (l2.routes.length === 0) {
+    warnings.push({
+      code: AUDIT_CODES.L2_NO_ROUTES,
+      severity: "warn",
+      message: "No routes found from any discovery source."
+    });
+    return warnings;
   }
-  const fetchWarning = openapiWarnings.find((w) => w.code === "FETCH_FAILED");
-  if (fetchWarning) {
-    const msg = fetchWarning.message.toLowerCase();
-    if (msg.includes("timeout") || msg.includes("timed out") || msg.includes("abort")) {
-      return { cause: "timeout", message: fetchWarning.message };
-    }
-    return { cause: "network", message: fetchWarning.message };
+  if (l2.routes.length > ROUTE_COUNT_HIGH) {
+    warnings.push({
+      code: AUDIT_CODES.L2_ROUTE_COUNT_HIGH,
+      severity: "warn",
+      message: `High route count (${l2.routes.length}) may exceed agent token budgets for zero-hop injection.`,
+      hint: "Consider grouping routes or reducing the advertised surface."
+    });
   }
-  return { cause: "not_found" };
-}
-function getOpenApiInfo(document) {
-  if (!isRecord5(document) || !isRecord5(document.info)) return void 0;
-  if (typeof document.info.title !== "string") return void 0;
-  return {
-    title: document.info.title,
-    ...typeof document.info.version === "string" ? { version: document.info.version } : {},
-    ...typeof document.info.description === "string" ? { description: document.info.description } : {}
-  };
-}
-function getGuidanceUrl(result) {
-  const fromTrace = result.trace.find((entry) => entry.links?.llmsTxtUrl)?.links?.llmsTxtUrl;
-  if (fromTrace) return fromTrace;
-  const fromResource = result.resources.find((resource) => resource.links?.llmsTxtUrl)?.links?.llmsTxtUrl;
-  if (fromResource) return fromResource;
-  return void 0;
-}
-async function resolveGuidance(options) {
-  let guidanceText = typeof options.result.rawSources?.llmsTxt === "string" ? options.result.rawSources.llmsTxt : void 0;
-  if (!guidanceText) {
-    const guidanceUrl = getGuidanceUrl(options.result) ?? `${options.result.origin}/llms.txt`;
-    const fetcher = options.fetcher ?? fetch;
-    try {
-      const response = await fetcher(guidanceUrl, {
-        method: "GET",
-        headers: { Accept: "text/plain", ...options.headers },
-        signal: options.signal
+  for (const route of l2.routes) {
+    const loc = `${route.method} ${route.path}`;
+    if (!route.authMode) {
+      warnings.push({
+        code: AUDIT_CODES.L2_AUTH_MODE_MISSING,
+        severity: "warn",
+        message: `Route ${loc} is missing an auth mode declaration.`,
+        hint: "Set x-payment-info.authMode (or securitySchemes) so agents know if payment is required.",
+        path: route.path
       });
-      if (response.ok) guidanceText = await response.text();
-    } catch {
-    }
-  }
-  if (!guidanceText) {
-    return { guidanceAvailable: false };
-  }
-  const guidanceTokens = estimateTokenCount(guidanceText);
-  const threshold = options.guidanceAutoIncludeMaxTokens ?? DEFAULT_GUIDANCE_AUTO_INCLUDE_MAX_TOKENS;
-  const shouldInclude = options.includeGuidance === true || options.includeGuidance == null && guidanceTokens <= threshold;
-  return {
-    guidanceAvailable: true,
-    guidanceTokens,
-    ...shouldInclude ? { guidance: guidanceText } : {}
-  };
-}
-function extractPathsDocument(document) {
-  if (!isRecord5(document)) return void 0;
-  if (!isRecord5(document.paths)) return void 0;
-  return document.paths;
-}
-function findMatchingOpenApiPath(paths, targetPath) {
-  const exact = paths[targetPath];
-  if (isRecord5(exact)) return { matchedPath: targetPath, pathItem: exact };
-  for (const [specPath, entry] of Object.entries(paths)) {
-    if (!isRecord5(entry)) continue;
-    const pattern = specPath.replace(/\{[^}]+\}/g, "[^/]+");
-    const regex = new RegExp(`^${pattern}$`);
-    if (regex.test(targetPath)) {
-      return { matchedPath: specPath, pathItem: entry };
     }
-  }
-  return null;
-}
-function resolveRef(document, ref, seen) {
-  if (!ref.startsWith("#/")) return void 0;
-  if (seen.has(ref)) return { $circular: ref };
-  seen.add(ref);
-  const parts = ref.slice(2).split("/");
-  let current = document;
-  for (const part of parts) {
-    if (!isRecord5(current)) return void 0;
-    current = current[part];
-    if (current === void 0) return void 0;
-  }
-  if (isRecord5(current)) return resolveRefs(document, current, seen);
-  return current;
-}
-function resolveRefs(document, obj, seen, depth = 0) {
-  if (depth > 4) return obj;
-  const resolved = {};
-  for (const [key, value] of Object.entries(obj)) {
-    if (key === "$ref" && typeof value === "string") {
-      const deref = resolveRef(document, value, seen);
-      if (isRecord5(deref)) {
-        Object.assign(resolved, deref);
-      } else {
-        resolved[key] = value;
+    if (route.authMode === "paid") {
+      if (!route.price) {
+        warnings.push({
+          code: AUDIT_CODES.L2_PRICE_MISSING_ON_PAID,
+          severity: "warn",
+          message: `Paid route ${loc} has no price hint.`,
+          hint: "Add x-payment-info.price (or minPrice/maxPrice) so agents can budget before calling.",
+          path: route.path
+        });
+      }
+      if (!route.protocols?.length) {
+        warnings.push({
+          code: AUDIT_CODES.L2_PROTOCOLS_MISSING_ON_PAID,
+          severity: "info",
+          message: `Paid route ${loc} does not declare supported payment protocols.`,
+          hint: "Add x-payment-info.protocols (e.g. ['x402']) to signal which payment flows are accepted.",
+          path: route.path
+        });
       }
-      continue;
-    }
-    if (isRecord5(value)) {
-      resolved[key] = resolveRefs(document, value, seen, depth + 1);
-      continue;
-    }
-    if (Array.isArray(value)) {
-      resolved[key] = value.map(
-        (item) => isRecord5(item) ? resolveRefs(document, item, seen, depth + 1) : item
-      );
-      continue;
-    }
-    resolved[key] = value;
-  }
-  return resolved;
-}
-function extractRequestBodySchema(operationSchema) {
-  const requestBody = operationSchema.requestBody;
-  if (!isRecord5(requestBody)) return void 0;
-  const content = requestBody.content;
-  if (!isRecord5(content)) return void 0;
-  const jsonMediaType = content["application/json"];
-  if (isRecord5(jsonMediaType) && isRecord5(jsonMediaType.schema)) {
-    return jsonMediaType.schema;
-  }
-  for (const mediaType of Object.values(content)) {
-    if (isRecord5(mediaType) && isRecord5(mediaType.schema)) {
-      return mediaType.schema;
-    }
-  }
-  return void 0;
-}
-function extractParameters(operationSchema) {
-  const params = operationSchema.parameters;
-  if (!Array.isArray(params)) return [];
-  return params.filter((value) => isRecord5(value));
-}
-function extractInputSchema(operationSchema) {
-  const requestBody = extractRequestBodySchema(operationSchema);
-  const parameters = extractParameters(operationSchema);
-  if (!requestBody && parameters.length === 0) return void 0;
-  if (requestBody && parameters.length === 0) return requestBody;
-  return {
-    ...requestBody ? { requestBody } : {},
-    ...parameters.length > 0 ? { parameters } : {}
-  };
-}
-function parseOperationPrice(operation) {
-  const paymentInfo = operation["x-payment-info"];
-  if (!isRecord5(paymentInfo)) return void 0;
-  const fixed = toFiniteNumber(paymentInfo.price);
-  if (fixed != null) return `$${String(fixed)}`;
-  const min = toFiniteNumber(paymentInfo.minPrice);
-  const max = toFiniteNumber(paymentInfo.maxPrice);
-  if (min != null && max != null) return `$${String(min)}-$${String(max)}`;
-  return void 0;
-}
-function parseOperationProtocols(operation) {
-  const paymentInfo = operation["x-payment-info"];
-  if (!isRecord5(paymentInfo) || !Array.isArray(paymentInfo.protocols)) return void 0;
-  const protocols = paymentInfo.protocols.filter(
-    (protocol) => typeof protocol === "string" && protocol.length > 0
-  );
-  return protocols.length > 0 ? protocols : void 0;
-}
-function parseOperationAuthMode(operation) {
-  const authExtension = operation["x-agentcash-auth"];
-  if (isRecord5(authExtension)) {
-    const mode = authExtension.mode;
-    if (mode === "paid" || mode === "siwx" || mode === "apiKey" || mode === "unprotected") {
-      return mode;
-    }
-  }
-  if (isRecord5(operation["x-payment-info"])) return "paid";
-  return void 0;
-}
-function createResourceMap(result) {
-  const map = /* @__PURE__ */ new Map();
-  for (const resource of result.resources) {
-    map.set(resource.resourceKey, resource);
-  }
-  return map;
-}
-function toMcpEndpointSummary(resource) {
-  const method = parseMethod(resource.method);
-  if (!method) return void 0;
-  const price = formatPriceHintFromResource(resource);
-  const authMode = deriveMcpAuthMode(resource);
-  return {
-    path: resource.path,
-    method,
-    summary: resource.summary ?? `${method} ${resource.path}`,
-    ...price ? { price } : {},
-    ...resource.protocolHints?.length ? { protocols: [...resource.protocolHints] } : {},
-    ...authMode ? { authMode } : {}
-  };
-}
-async function discoverForMcp(options) {
-  const result = await runDiscovery({
-    detailed: true,
-    options: {
-      target: options.target,
-      compatMode: options.compatMode ?? "off",
-      rawView: "full",
-      fetcher: options.fetcher,
-      headers: options.headers,
-      signal: options.signal
     }
-  });
-  if (result.resources.length === 0) {
-    const failure = inferFailureCause(result.warnings);
-    return {
-      found: false,
-      origin: result.origin,
-      cause: failure.cause,
-      ...failure.message ? { message: failure.message } : {},
-      warnings: result.warnings
-    };
   }
-  const source = result.selectedStage ?? "openapi";
-  const endpoints = result.resources.map(toMcpEndpointSummary).filter((endpoint) => endpoint != null).sort((a, b) => {
-    if (a.path !== b.path) return a.path.localeCompare(b.path);
-    return a.method.localeCompare(b.method);
-  });
-  const guidance = await resolveGuidance({
-    result,
-    includeGuidance: options.includeGuidance,
-    guidanceAutoIncludeMaxTokens: options.guidanceAutoIncludeMaxTokens,
-    fetcher: options.fetcher,
-    headers: options.headers,
-    signal: options.signal
-  });
-  return {
-    found: true,
-    origin: result.origin,
-    source,
-    ...getOpenApiInfo(result.rawSources?.openapi) ? { info: getOpenApiInfo(result.rawSources?.openapi) } : {},
-    ...guidance,
-    endpoints,
-    warnings: result.warnings
-  };
+  return warnings;
 }
-async function inspectEndpointForMcp(options) {
-  const endpoint = new URL(options.endpointUrl);
-  const origin = normalizeOrigin(endpoint.origin);
-  const path = normalizePath(endpoint.pathname || "/");
-  const result = await runDiscovery({
-    detailed: true,
-    options: {
-      target: options.target,
-      compatMode: options.compatMode ?? "off",
-      rawView: "full",
-      fetcher: options.fetcher,
-      headers: options.headers,
-      signal: options.signal
-    }
-  });
-  const document = result.rawSources?.openapi;
-  const paths = extractPathsDocument(document);
-  const resourceMap = createResourceMap(result);
-  const advisories = {};
-  const specMethods = [];
-  if (paths) {
-    const matched = findMatchingOpenApiPath(paths, path);
-    if (matched) {
-      for (const candidate of OPENAPI_METHODS) {
-        const operation = matched.pathItem[candidate.toLowerCase()];
-        if (!isRecord5(operation) || !isRecord5(document)) continue;
-        specMethods.push(candidate);
-        const resolvedOperation = resolveRefs(document, operation, /* @__PURE__ */ new Set());
-        const resource = resourceMap.get(toResourceKey(origin, candidate, matched.matchedPath));
-        const formattedPrice = resource ? formatPriceHintFromResource(resource) : void 0;
-        const operationSummary = typeof resolvedOperation.summary === "string" ? resolvedOperation.summary : typeof resolvedOperation.description === "string" ? resolvedOperation.description : void 0;
-        const operationPrice = parseOperationPrice(resolvedOperation);
-        const operationProtocols = parseOperationProtocols(resolvedOperation);
-        const operationAuthMode = parseOperationAuthMode(resolvedOperation);
-        const inputSchema = extractInputSchema(resolvedOperation);
-        advisories[candidate] = {
-          method: candidate,
-          ...resource?.summary || operationSummary ? {
-            summary: resource?.summary ?? operationSummary
-          } : {},
-          ...formattedPrice || operationPrice ? {
-            estimatedPrice: formattedPrice ?? operationPrice
-          } : {},
-          ...resource?.protocolHints?.length || operationProtocols ? {
-            protocols: resource?.protocolHints ?? operationProtocols
-          } : {},
-          ...deriveMcpAuthMode(resource) || operationAuthMode ? {
-            authMode: deriveMcpAuthMode(resource) ?? operationAuthMode
-          } : {},
-          ...inputSchema ? { inputSchema } : {},
-          operationSchema: resolvedOperation
-        };
+function getWarningsForL3(l3) {
+  if (l3 === null) {
+    return [
+      {
+        code: AUDIT_CODES.L3_NOT_FOUND,
+        severity: "info",
+        message: "No spec data found for this endpoint.",
+        hint: "Ensure the path is defined in your OpenAPI spec or reachable via probe."
       }
-    }
-  }
-  if (specMethods.length === 0) {
-    for (const method of OPENAPI_METHODS) {
-      const resource = resourceMap.get(toResourceKey(origin, method, path));
-      if (!resource) continue;
-      specMethods.push(method);
-      const formattedPrice = formatPriceHintFromResource(resource);
-      advisories[method] = {
-        method,
-        ...resource.summary ? { summary: resource.summary } : {},
-        ...formattedPrice ? { estimatedPrice: formattedPrice } : {},
-        ...resource.protocolHints?.length ? { protocols: [...resource.protocolHints] } : {},
-        ...deriveMcpAuthMode(resource) ? { authMode: deriveMcpAuthMode(resource) } : {}
-      };
-    }
-  }
-  if (specMethods.length === 0) {
-    const failure = inferFailureCause(result.warnings);
-    return {
-      found: false,
-      origin,
-      path,
-      cause: failure.cause,
-      ...failure.message ? { message: failure.message } : {},
-      warnings: result.warnings
-    };
+    ];
   }
-  return {
-    found: true,
-    origin,
-    path,
-    specMethods,
-    advisories,
-    warnings: result.warnings
-  };
-}
-
-// src/harness.ts
-var INTENT_TRIGGERS = ["x402", "mpp", "pay for", "micropayment", "agentic commerce"];
-var CLIENT_PROFILES = {
-  "claude-code": {
-    id: "claude-code",
-    label: "Claude Code MCP Harness",
-    surface: "mcp",
-    defaultContextWindowTokens: 2e5,
-    zeroHopBudgetPercent: 0.1,
-    notes: "Targets environments where MCP context can use roughly 10% of total context."
-  },
-  "skill-cli": {
-    id: "skill-cli",
-    label: "Skill + CLI Harness",
-    surface: "skill-cli",
-    defaultContextWindowTokens: 2e5,
-    zeroHopBudgetPercent: 0.02,
-    notes: "Targets constrained skill contexts with title/description-heavy routing."
-  },
-  "generic-mcp": {
-    id: "generic-mcp",
-    label: "Generic MCP Harness",
-    surface: "mcp",
-    defaultContextWindowTokens: 128e3,
-    zeroHopBudgetPercent: 0.05,
-    notes: "Conservative MCP profile when specific client budgets are unknown."
-  },
-  generic: {
-    id: "generic",
-    label: "Generic Agent Harness",
-    surface: "generic",
-    defaultContextWindowTokens: 128e3,
-    zeroHopBudgetPercent: 0.03,
-    notes: "Fallback profile for unknown clients."
+  const warnings = [];
+  if (!l3.authMode) {
+    warnings.push({
+      code: AUDIT_CODES.L3_AUTH_MODE_MISSING,
+      severity: "warn",
+      message: "Endpoint has no auth mode in the spec.",
+      hint: "Declare auth mode via security schemes or x-payment-info so agents can plan payment."
+    });
   }
-};
-function isFirstPartyDomain(hostname) {
-  const normalized = hostname.toLowerCase();
-  return normalized.endsWith(".dev") && normalized.startsWith("stable");
-}
-function safeHostname(origin) {
-  try {
-    return new URL(origin).hostname;
-  } catch {
-    return origin.replace(/^https?:\/\//, "").split("/")[0] ?? origin;
+  if (l3.authMode === "paid" && !l3.inputSchema) {
+    warnings.push({
+      code: AUDIT_CODES.L3_INPUT_SCHEMA_MISSING,
+      severity: "warn",
+      message: "Paid endpoint is missing an input schema.",
+      hint: "Add a requestBody or parameters schema so agents can construct valid payloads."
+    });
   }
-}
-function previewText(text) {
-  if (!text) return null;
-  const compact = text.replace(/\s+/g, " ").trim();
-  if (!compact) return null;
-  return compact.length > 220 ? `${compact.slice(0, 217)}...` : compact;
-}
-function toAuthModeCount(resources) {
-  const counts = {
-    paid: 0,
-    siwx: 0,
-    apiKey: 0,
-    unprotected: 0,
-    unknown: 0
-  };
-  for (const resource of resources) {
-    const mode = resource.authHint;
-    if (mode === "paid" || mode === "siwx" || mode === "apiKey" || mode === "unprotected") {
-      counts[mode] += 1;
-    } else {
-      counts.unknown += 1;
-    }
+  if (l3.authMode === "paid" && !l3.protocols?.length) {
+    warnings.push({
+      code: AUDIT_CODES.L3_PROTOCOLS_MISSING_ON_PAID,
+      severity: "info",
+      message: "Paid endpoint does not declare supported payment protocols.",
+      hint: "Add x-payment-info.protocols (e.g. ['x402']) to the operation."
+    });
   }
-  return counts;
-}
-function toSourceCount(resources) {
-  return resources.reduce(
-    (acc, resource) => {
-      acc[resource.source] = (acc[resource.source] ?? 0) + 1;
-      return acc;
-    },
-    {}
-  );
-}
-function toL2Entries(resources) {
-  return [...resources].sort((a, b) => {
-    if (a.path !== b.path) return a.path.localeCompare(b.path);
-    if (a.method !== b.method) return a.method.localeCompare(b.method);
-    return a.resourceKey.localeCompare(b.resourceKey);
-  }).map((resource) => ({
-    resourceKey: resource.resourceKey,
-    method: resource.method,
-    path: resource.path,
-    source: resource.source,
-    authMode: resource.authHint ?? null
-  }));
+  return warnings;
 }
-function getLlmsTxtInfo(result) {
-  const llmsTxtUrl = result.trace.find((entry) => entry.links?.llmsTxtUrl)?.links?.llmsTxtUrl ?? result.resources.find((resource) => resource.links?.llmsTxtUrl)?.links?.llmsTxtUrl ?? null;
-  const llmsTxt = result.rawSources?.llmsTxt;
-  if (llmsTxt) {
-    return {
-      llmsTxtUrl,
-      llmsTxtTokenEstimate: estimateTokenCount(llmsTxt),
-      guidancePreview: previewText(llmsTxt),
-      guidanceStatus: "present"
-    };
-  }
-  if (llmsTxtUrl) {
-    const failed = result.warnings.some((warning2) => warning2.code === "LLMSTXT_FETCH_FAILED");
-    return {
-      llmsTxtUrl,
-      llmsTxtTokenEstimate: 0,
-      guidancePreview: null,
-      guidanceStatus: failed ? "advertised_but_unfetched" : "missing"
-    };
+function getWarningsForL4(l4) {
+  if (l4 === null) {
+    return [
+      {
+        code: AUDIT_CODES.L4_GUIDANCE_MISSING,
+        severity: "info",
+        message: "No guidance text found (llms.txt or OpenAPI info.guidance).",
+        hint: "Add an info.guidance field to your OpenAPI spec or expose /llms.txt for agent-readable instructions."
+      }
+    ];
   }
-  return {
-    llmsTxtUrl: null,
-    llmsTxtTokenEstimate: 0,
-    guidancePreview: null,
-    guidanceStatus: "not_advertised"
-  };
-}
-function getHarnessClientProfile(client = "claude-code") {
-  return CLIENT_PROFILES[client] ?? CLIENT_PROFILES.generic;
-}
-function listHarnessClientProfiles() {
-  return Object.values(CLIENT_PROFILES);
-}
-function buildContextHarnessReport(options) {
-  const client = getHarnessClientProfile(options.client);
-  const contextWindowTokens = options.contextWindowTokens ?? client.defaultContextWindowTokens;
-  const zeroHopBudgetTokens = Math.floor(contextWindowTokens * client.zeroHopBudgetPercent);
-  const hostname = safeHostname(options.result.origin);
-  const domainClass = isFirstPartyDomain(hostname) ? "first-party" : "ugc";
-  const l0Summary = "Route payment-capable intents to agentcash and use install/discover commands for progressive disclosure.";
-  const l1Summary = "Expose installed domain routing hints and trigger fan-out into L2/L3 commands when user intent matches domain capabilities.";
-  const l0EstimatedTokens = estimateTokenCount(
-    `${INTENT_TRIGGERS.join(", ")} npx agentcash install npx agentcash install-ext`
-  );
-  const l1EstimatedTokens = estimateTokenCount(
-    `${hostname} ${l1Summary} npx agentcash discover ${hostname} npx agentcash discover ${hostname} --verbose`
-  );
-  const llmsInfo = getLlmsTxtInfo(options.result);
-  return {
-    target: options.target,
-    origin: options.result.origin,
-    client,
-    budget: {
-      contextWindowTokens,
-      zeroHopBudgetTokens,
-      estimatedZeroHopTokens: l0EstimatedTokens + l1EstimatedTokens,
-      withinBudget: l0EstimatedTokens + l1EstimatedTokens <= zeroHopBudgetTokens
-    },
-    levels: {
-      l0: {
-        layer: "L0",
-        intentTriggers: INTENT_TRIGGERS,
-        installCommand: "npx agentcash install",
-        deliverySurfaces: ["MCP", "Skill+CLI"],
-        summary: l0Summary,
-        estimatedTokens: l0EstimatedTokens
-      },
-      l1: {
-        layer: "L1",
-        domain: hostname,
-        domainClass,
-        selectedDiscoveryStage: options.result.selectedStage ?? null,
-        summary: l1Summary,
-        fanoutCommands: [
-          `npx agentcash discover ${hostname}`,
-          `npx agentcash discover ${hostname} --verbose`
-        ],
-        estimatedTokens: l1EstimatedTokens
-      },
-      l2: {
-        layer: "L2",
-        command: `npx agentcash discover ${hostname}`,
-        tokenLight: true,
-        resourceCount: options.result.resources.length,
-        resources: toL2Entries(options.result.resources)
-      },
-      l3: {
-        layer: "L3",
-        command: `npx agentcash discover ${hostname} --verbose`,
-        detailLevel: "endpoint-schema-and-metadata",
-        countsByAuthMode: toAuthModeCount(options.result.resources),
-        countsBySource: toSourceCount(options.result.resources),
-        pricedResourceCount: options.result.resources.filter(
-          (resource) => resource.authHint === "paid"
-        ).length
-      },
-      l4: {
-        layer: "L4",
-        guidanceSource: llmsInfo.llmsTxtUrl ? "llms.txt" : "none",
-        llmsTxtUrl: llmsInfo.llmsTxtUrl,
-        llmsTxtTokenEstimate: llmsInfo.llmsTxtTokenEstimate,
-        guidancePreview: llmsInfo.guidancePreview,
-        guidanceStatus: llmsInfo.guidanceStatus
-      },
-      l5: {
-        layer: "L5",
-        status: "out_of_scope",
-        note: "Cross-domain composition is intentionally out of scope for discovery v1."
+  if (l4.guidance.length > GUIDANCE_TOO_LONG_CHARS) {
+    return [
+      {
+        code: AUDIT_CODES.L4_GUIDANCE_TOO_LONG,
+        severity: "warn",
+        message: `Guidance text is ${l4.guidance.length} characters, which may exceed zero-hop token budgets.`,
+        hint: "Trim guidance to under ~4000 characters for reliable zero-hop context injection."
       }
-    },
-    diagnostics: {
-      warningCount: options.result.warnings.length,
-      errorWarningCount: options.result.warnings.filter((warning2) => warning2.severity === "error").length,
-      selectedStage: options.result.selectedStage ?? null,
-      upgradeSuggested: options.result.upgradeSuggested,
-      upgradeReasons: options.result.upgradeReasons
-    }
-  };
-}
-async function auditContextHarness(options) {
-  const result = await runDiscovery({
-    detailed: true,
-    options: {
-      ...options,
-      rawView: "full"
-    }
-  });
-  return buildContextHarnessReport({
-    target: options.target,
-    result,
-    client: options.client,
-    contextWindowTokens: options.contextWindowTokens
-  });
-}
-function defaultHarnessProbeCandidates(report) {
-  const methodsByPath = /* @__PURE__ */ new Map();
-  for (const resource of report.levels.l2.resources) {
-    const methods = methodsByPath.get(resource.path) ?? /* @__PURE__ */ new Set();
-    methods.add(resource.method);
-    methodsByPath.set(resource.path, methods);
+    ];
   }
-  return [...methodsByPath.entries()].map(([path, methods]) => ({
-    path,
-    methods: [...methods]
-  }));
-}
-
-// src/index.ts
-async function discover(options) {
-  return await runDiscovery({ detailed: false, options });
-}
-async function discoverDetailed(options) {
-  return await runDiscovery({ detailed: true, options });
+  return [];
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  DEFAULT_COMPAT_MODE,
-  LEGACY_SUNSET_DATE,
-  STRICT_ESCALATION_CODES,
-  UPGRADE_WARNING_CODES,
+  AUDIT_CODES,
+  GuidanceMode,
   VALIDATION_CODES,
-  auditContextHarness,
-  buildContextHarnessReport,
-  computeUpgradeSignal,
-  defaultHarnessProbeCandidates,
-  discover,
-  discoverDetailed,
-  discoverForMcp,
+  checkEndpointSchema,
+  checkL2ForOpenAPI,
+  checkL2ForWellknown,
+  checkL4ForOpenAPI,
+  checkL4ForWellknown,
+  discoverOriginSchema,
   evaluateMetadataCompleteness,
-  getHarnessClientProfile,
-  inspectEndpointForMcp,
-  listHarnessClientProfiles,
+  getL3,
+  getL3ForOpenAPI,
+  getL3ForProbe,
+  getOpenAPI,
+  getProbe,
+  getWarningsForL2,
+  getWarningsForL3,
+  getWarningsForL4,
+  getWarningsForOpenAPI,
+  getWarningsForWellKnown,
+  getWellKnown,
   validatePaymentRequiredDetailed
 });