npm - @agentcash/discovery - Versions diffs - 0.1.4 → 1.0.0 - Mend

@agentcash/discovery 0.1.4 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/cli.js CHANGED Viewed

@@ -1,622 +1,104 @@
-// src/flags.ts
-var DEFAULT_COMPAT_MODE = "on";
-var STRICT_ESCALATION_CODES = [
-  "LEGACY_WELL_KNOWN_USED",
-  "LEGACY_DNS_USED",
-  "LEGACY_DNS_PLAIN_URL",
-  "LEGACY_MISSING_METHOD",
-  "LEGACY_INSTRUCTIONS_USED",
-  "LEGACY_OWNERSHIP_PROOFS_USED",
-  "INTEROP_MPP_USED"
-];
+// src/core/source/openapi/index.ts
+import { okAsync, ResultAsync as ResultAsync2 } from "neverthrow";
-// src/cli/args.ts
-var DEFAULT_TIMEOUT_MS = 5e3;
-function parseCompatibilityMode(value) {
-  if (value === "on" || value === "off" || value === "strict") {
-    return value;
-  }
-  return null;
-}
-function parseTimeoutMs(value) {
-  const parsed = Number(value);
-  if (!Number.isFinite(parsed) || parsed <= 0 || !Number.isInteger(parsed)) {
-    return null;
-  }
-  return parsed;
-}
-function parseClient(value) {
-  if (value === "claude-code" || value === "skill-cli" || value === "generic-mcp" || value === "generic") {
-    return value;
-  }
-  return null;
-}
-function parseContextWindowTokens(value) {
-  const parsed = Number(value);
-  if (!Number.isFinite(parsed) || parsed <= 0 || !Number.isInteger(parsed)) {
-    return null;
-  }
-  return parsed;
-}
-function parseCliArgs(argv) {
-  let target;
-  let verbose = false;
-  let json = false;
-  let probe = false;
-  let timeoutMs = DEFAULT_TIMEOUT_MS;
-  let compatMode = DEFAULT_COMPAT_MODE;
-  let color = true;
-  let noTruncate = false;
-  let harness = false;
-  let client = "claude-code";
-  let contextWindowTokens;
-  for (let i = 0; i < argv.length; i += 1) {
-    const arg = argv[i];
-    if (arg === "--help" || arg === "-h") {
-      return { kind: "help" };
-    }
-    if (arg === "--verbose" || arg === "-v") {
-      verbose = true;
-      continue;
-    }
-    if (arg === "--json") {
-      json = true;
-      continue;
-    }
-    if (arg === "--probe") {
-      probe = true;
-      continue;
-    }
-    if (arg === "--no-color") {
-      color = false;
-      continue;
-    }
-    if (arg === "--no-truncate") {
-      noTruncate = true;
-      continue;
-    }
-    if (arg === "--harness") {
-      harness = true;
-      continue;
-    }
-    if (arg === "--compat") {
-      const value = argv[i + 1];
-      if (!value) {
-        return { kind: "error", message: "Missing value for --compat." };
-      }
-      const parsed = parseCompatibilityMode(value);
-      if (!parsed) {
-        return {
-          kind: "error",
-          message: `Invalid --compat value '${value}'. Expected: on | off | strict.`
-        };
-      }
-      compatMode = parsed;
-      i += 1;
-      continue;
-    }
-    if (arg === "--timeout-ms") {
-      const value = argv[i + 1];
-      if (!value) {
-        return { kind: "error", message: "Missing value for --timeout-ms." };
-      }
-      const parsed = parseTimeoutMs(value);
-      if (!parsed) {
-        return {
-          kind: "error",
-          message: `Invalid --timeout-ms value '${value}'. Expected a positive integer.`
-        };
-      }
-      timeoutMs = parsed;
-      i += 1;
-      continue;
-    }
-    if (arg === "--client") {
-      const value = argv[i + 1];
-      if (!value) {
-        return { kind: "error", message: "Missing value for --client." };
-      }
-      const parsed = parseClient(value);
-      if (!parsed) {
-        return {
-          kind: "error",
-          message: "Invalid --client value '" + value + "'. Expected: claude-code | skill-cli | generic-mcp | generic."
-        };
-      }
-      client = parsed;
-      i += 1;
-      continue;
-    }
-    if (arg === "--context-window-tokens") {
-      const value = argv[i + 1];
-      if (!value) {
-        return { kind: "error", message: "Missing value for --context-window-tokens." };
-      }
-      const parsed = parseContextWindowTokens(value);
-      if (!parsed) {
-        return {
-          kind: "error",
-          message: `Invalid --context-window-tokens value '${value}'. Expected a positive integer.`
-        };
-      }
-      contextWindowTokens = parsed;
-      i += 1;
-      continue;
-    }
-    if (arg.startsWith("-")) {
-      return { kind: "error", message: `Unknown flag '${arg}'.` };
-    }
-    if (target) {
-      return {
-        kind: "error",
-        message: `Unexpected extra positional argument '${arg}'. Only one domain/URL is supported.`
-      };
-    }
-    target = arg;
-  }
-  if (!target) {
-    return { kind: "error", message: "Missing required <domain> argument." };
-  }
-  return {
-    kind: "ok",
-    options: {
-      target,
-      verbose,
-      json,
-      compatMode,
-      probe,
-      timeoutMs,
-      color,
-      noTruncate,
-      harness,
-      client,
-      ...contextWindowTokens ? { contextWindowTokens } : {}
-    }
-  };
-}
-function renderHelp() {
-  return [
-    "Usage: npx @agentcash/discovery <domain-or-url> [options]",
-    "",
-    "Options:",
-    "  -v, --verbose          Show full compatibility matrix",
-    "  --json                 Emit JSON output",
-    "  --compat <mode>        Compatibility mode: on | off | strict (default: on)",
-    "  --probe                Re-run with probe candidates from discovered paths",
-    "  --harness              Render L0-L5 context harness audit view",
-    "  --client <id>          Harness client: claude-code | skill-cli | generic-mcp | generic",
-    "  --context-window-tokens <n>",
-    "                         Override client context window for harness budget checks",
-    "  --timeout-ms <ms>      Per-request timeout in milliseconds (default: 5000)",
-    "  --no-color             Disable ANSI colors",
-    "  --no-truncate          Disable output truncation in verbose tables",
-    "  -h, --help             Show help"
-  ].join("\n");
-}
-// src/cli/render.ts
-import { getBorderCharacters, table } from "table";
-function createPalette(enabled) {
-  const wrap = (code) => (value) => enabled ? `\x1B[${code}m${value}\x1B[0m` : value;
-  return {
-    dim: wrap(2),
-    bold: wrap(1),
-    red: wrap(31),
-    green: wrap(32),
-    yellow: wrap(33),
-    cyan: wrap(36)
-  };
-}
-function summarizeWarnings(warnings) {
-  const errors = warnings.filter((entry) => entry.severity === "error").length;
-  const warns = warnings.filter((entry) => entry.severity === "warn").length;
-  const infos = warnings.filter((entry) => entry.severity === "info").length;
-  const codeCounts = warnings.filter((entry) => entry.code !== "PROBE_STAGE_SKIPPED").reduce(
-    (acc, entry) => {
-      acc[entry.code] = (acc[entry.code] ?? 0) + 1;
-      return acc;
-    },
-    {}
-  );
-  const codes = Object.entries(codeCounts).sort((a, b) => b[1] - a[1]).map(([code, count]) => ({ code, count }));
-  return {
-    total: warnings.length,
-    errors,
-    warns,
-    infos,
-    codes
-  };
-}
-function asYesNo(value) {
-  return value ? "yes" : "no";
-}
-function truncate(value, max, noTruncate) {
-  if (noTruncate || value.length <= max) {
-    return value;
-  }
-  if (max <= 1) return value.slice(0, max);
-  return `${value.slice(0, Math.max(1, max - 1))}...`;
-}
-function formatPricing(resource) {
-  if (resource.authHint !== "paid") return "-";
-  if (resource.pricing) {
-    if (resource.pricing.pricingMode === "fixed") {
-      return resource.pricing.price ? `fixed ${resource.pricing.price}` : "fixed";
-    }
-    if (resource.pricing.pricingMode === "range") {
-      return `range ${resource.pricing.minPrice ?? "?"}-${resource.pricing.maxPrice ?? "?"}`;
-    }
-    return "quote";
-  }
-  return resource.priceHint ? `hint ${resource.priceHint}` : "-";
-}
-function statusBadge(ok, palette) {
-  return ok ? palette.green("[PASS]") : palette.red("[FAIL]");
-}
-function riskBadge(summary, palette) {
-  if (summary.errors > 0) return palette.red("HIGH");
-  if (summary.warns > 0) return palette.yellow("MEDIUM");
-  return palette.green("LOW");
-}
-function sectionHeader(title, palette) {
-  return `${palette.bold(title)}
-${palette.dim("-".repeat(title.length))}`;
-}
-function introBlock(run, options, palette) {
-  const summary = summarizeWarnings(run.result.warnings);
-  const topCodes = summary.codes.slice(0, 3).map(({ code, count }) => `${code} (${count})`).join(", ");
-  const lines = [
-    `${palette.bold("AGENTCASH DISCOVERY AUDIT")} ${statusBadge(run.result.resources.length > 0, palette)}`,
-    `${palette.dim("=".repeat(74))}`,
-    `Target        ${options.target}`,
-    `Origin        ${run.result.origin}`,
-    `Stage         ${run.result.selectedStage ?? "none"}   Compat: ${run.result.compatMode}`,
-    `Resources     ${run.result.resources.length}   Duration: ${run.durationMs}ms`,
-    `Risk          ${riskBadge(summary, palette)}   Upgrade suggested: ${run.result.upgradeSuggested ? "yes" : "no"}`,
-    `Warnings      error=${summary.errors} warn=${summary.warns} info=${summary.infos}`,
-    `Top signals   ${topCodes || "-"}`
-  ];
-  return lines.join("\n");
-}
-function outcomeLine(run) {
-  const selectedStage = run.result.selectedStage ?? "none";
-  if (run.result.resources.length === 0) {
-    return "No usable discovery metadata was found.";
-  }
-  if (selectedStage === "openapi" || selectedStage === "override") {
-    return `Canonical discovery succeeded via ${selectedStage}.`;
-  }
-  return `Discovery succeeded, but only via legacy stage ${selectedStage}.`;
-}
-function actionItems(run, options) {
-  const target = options.target;
-  if (run.result.resources.length === 0) {
-    return [
-      `Run deeper diagnostics: npx @agentcash/discovery ${target} -v --probe --compat on`,
-      `Check that ${target} serves /openapi.json or /.well-known/x402`,
-      "If endpoint exists, verify it returns parseable JSON and non-empty resources"
-    ];
-  }
-  if (run.result.selectedStage === "openapi" || run.result.selectedStage === "override") {
-    return [
-      `Run strict mode hardening: npx @agentcash/discovery ${target} --compat strict -v`,
-      "Reduce warning count to near-zero and keep pricing/auth hints explicit"
-    ];
-  }
-  return [
-    "Publish canonical OpenAPI discovery metadata with x-payment-info and security schemes",
-    `Validate migration path: npx @agentcash/discovery ${target} --compat strict -v --probe`,
-    "Keep legacy well-known path only during sunset window"
-  ];
-}
-function buildTable(data, maxColWidths, noTruncate) {
-  const rendered = data.map(
-    (row) => row.map((cell, idx) => {
-      const width = maxColWidths[idx] ?? 120;
-      return noTruncate ? cell : truncate(cell, width, false);
+// src/schemas.ts
+import { z } from "zod";
+var OpenApiPaymentInfoSchema = z.object({
+  pricingMode: z.enum(["fixed", "range", "quote"]),
+  price: z.string().optional(),
+  minPrice: z.string().optional(),
+  maxPrice: z.string().optional(),
+  protocols: z.array(z.string()).optional()
+});
+var OpenApiOperationSchema = z.object({
+  operationId: z.string().optional(),
+  summary: z.string().optional(),
+  description: z.string().optional(),
+  tags: z.array(z.string()).optional(),
+  security: z.array(z.record(z.string(), z.array(z.string()))).optional(),
+  parameters: z.array(
+    z.object({
+      in: z.string(),
+      name: z.string(),
+      schema: z.unknown().optional(),
+      required: z.boolean().optional()
     })
-  );
-  return table(rendered, {
-    border: getBorderCharacters("ramac"),
-    columns: maxColWidths.reduce(
-      (acc, width, idx) => {
-        acc[idx] = noTruncate ? { wrapWord: false, alignment: "left" } : { width, truncate: width, wrapWord: false, alignment: "left" };
-        return acc;
-      },
-      {}
-    ),
-    drawHorizontalLine: (index, size) => index === 0 || index === 1 || index === size,
-    columnDefault: {
-      paddingLeft: 1,
-      paddingRight: 1
-    }
-  }).trimEnd();
-}
-function stageMatrixRows(result) {
-  const header = ["stage", "valid", "resources", "duration", "selected", "warning codes"];
-  const rows = result.trace.map((entry) => {
-    const codes = [...new Set(entry.warnings.map((warning2) => warning2.code))].join(", ");
-    return [
-      entry.stage,
-      asYesNo(entry.valid),
-      String(entry.resourceCount),
-      `${entry.durationMs}ms`,
-      result.selectedStage === entry.stage ? "yes" : "-",
-      codes || "-"
-    ];
-  });
-  return [header, ...rows];
-}
-function resourceMatrixRows(result) {
-  const sorted = [...result.resources].sort((a, b) => {
-    if (a.path !== b.path) return a.path.localeCompare(b.path);
-    if (a.method !== b.method) return a.method.localeCompare(b.method);
-    return a.origin.localeCompare(b.origin);
-  });
-  const header = ["method", "path", "auth", "pricing", "source", "verified", "notes"];
-  const rows = sorted.map((resource) => [
-    resource.method,
-    resource.path,
-    resource.authHint ?? "-",
-    formatPricing(resource),
-    resource.source,
-    asYesNo(resource.verified),
-    resource.authHint === "siwx" ? "siwx" : "-"
-  ]);
-  return [header, ...rows];
-}
-function warningRows(summary, result) {
-  const hintByCode = /* @__PURE__ */ new Map();
-  for (const warning2 of result.warnings) {
-    if (!hintByCode.has(warning2.code)) {
-      hintByCode.set(warning2.code, warning2.hint ?? warning2.message);
-    }
-  }
-  const header = ["severity", "code", "count", "hint/message"];
-  const rows = summary.codes.slice(0, 8).map(({ code, count }) => {
-    const sample = hintByCode.get(code) ?? "-";
-    const severity = code.includes("NO_DISCOVERY") ? "error" : code.includes("LEGACY") ? "warn" : "info";
-    return [severity, code, String(count), sample];
-  });
-  return [header, ...rows];
-}
-function harnessBudgetTable(report) {
-  return [
-    ["metric", "value"],
-    ["client", `${report.client.id} (${report.client.surface})`],
-    ["context window tokens", String(report.budget.contextWindowTokens)],
-    ["zero-hop budget tokens", String(report.budget.zeroHopBudgetTokens)],
-    ["estimated L0+L1 tokens", String(report.budget.estimatedZeroHopTokens)],
-    ["within budget", report.budget.withinBudget ? "yes" : "no"]
-  ];
-}
-function harnessLayerSummaryRows(report) {
-  return [
-    ["layer", "what", "primary command", "status"],
-    [
-      "L0",
-      "trigger layer",
-      report.levels.l0.installCommand,
-      `${report.levels.l0.intentTriggers.length} triggers`
-    ],
-    [
-      "L1",
-      "installed domain index",
-      report.levels.l1.fanoutCommands[0] ?? "-",
-      `${report.levels.l1.domainClass}; stage=${report.levels.l1.selectedDiscoveryStage ?? "none"}`
-    ],
-    [
-      "L2",
-      "domain resources",
-      report.levels.l2.command,
-      `${report.levels.l2.resourceCount} resources`
-    ],
-    [
-      "L3",
-      "resource details",
-      report.levels.l3.command,
-      `${report.levels.l3.pricedResourceCount} priced`
-    ],
-    ["L4", "domain guidance", report.levels.l4.llmsTxtUrl ?? "-", report.levels.l4.guidanceStatus],
-    ["L5", "cross-domain composition", "-", report.levels.l5.status]
-  ];
-}
-function harnessL2PreviewRows(report, noTruncate) {
-  const header = ["method", "path", "auth", "source"];
-  const rows = report.levels.l2.resources.slice(0, 15).map((resource) => [
-    resource.method,
-    truncate(resource.path, 54, noTruncate),
-    resource.authMode ?? "-",
-    resource.source
-  ]);
-  return [header, ...rows];
-}
-function renderHarnessSummary(report, options, palette) {
-  const lines = [];
-  lines.push(
-    `${palette.bold("L0-L5 Context Harness")} ${statusBadge(report.levels.l2.resourceCount > 0, palette)}`
-  );
-  lines.push(`${palette.dim("=".repeat(74))}`);
-  lines.push(`Client        ${report.client.label}`);
-  lines.push(`Domain        ${report.levels.l1.domain}`);
-  lines.push(`L2 resources  ${report.levels.l2.resourceCount}`);
-  lines.push(
-    `Budget        ${report.budget.estimatedZeroHopTokens}/${report.budget.zeroHopBudgetTokens} tokens (L0+L1)`
-  );
-  lines.push("");
-  lines.push("Layer map:");
-  lines.push("1. L0 trigger surface -> install and route to agentcash");
-  lines.push(`2. L1 domain index -> ${report.levels.l1.fanoutCommands[0]}`);
-  lines.push(`3. L2 resources -> ${report.levels.l2.command}`);
-  lines.push(`4. L3 details -> ${report.levels.l3.command}`);
-  lines.push(
-    `5. L4 guidance -> ${report.levels.l4.guidanceStatus}${report.levels.l4.llmsTxtUrl ? ` (${report.levels.l4.llmsTxtUrl})` : ""}`
-  );
-  lines.push("6. L5 cross-domain -> out of scope in v1");
-  lines.push("");
-  lines.push(
-    `Next: npx @agentcash/discovery ${options.target} --harness -v --client ${report.client.id}`
-  );
-  return lines.join("\n");
+  ).optional(),
+  requestBody: z.object({
+    required: z.boolean().optional(),
+    content: z.record(z.string(), z.object({ schema: z.unknown().optional() }))
+  }).optional(),
+  responses: z.record(z.string(), z.unknown()).optional(),
+  "x-payment-info": OpenApiPaymentInfoSchema.optional()
+});
+var OpenApiPathItemSchema = z.object({
+  get: OpenApiOperationSchema.optional(),
+  post: OpenApiOperationSchema.optional(),
+  put: OpenApiOperationSchema.optional(),
+  delete: OpenApiOperationSchema.optional(),
+  patch: OpenApiOperationSchema.optional(),
+  head: OpenApiOperationSchema.optional(),
+  options: OpenApiOperationSchema.optional(),
+  trace: OpenApiOperationSchema.optional()
+});
+var OpenApiDocSchema = z.object({
+  // TODO(zdql): We should inherit a canonical OpenAPI schema and then extend with our types.
+  openapi: z.string(),
+  info: z.object({
+    title: z.string(),
+    version: z.string(),
+    description: z.string().optional(),
+    guidance: z.string().optional()
+  }),
+  servers: z.array(z.object({ url: z.string() })).optional(),
+  tags: z.array(z.object({ name: z.string() })).optional(),
+  components: z.object({ securitySchemes: z.record(z.string(), z.unknown()).optional() }).optional(),
+  "x-discovery": z.record(z.string(), z.unknown()).optional(),
+  paths: z.record(z.string(), OpenApiPathItemSchema)
+});
+var WellKnownDocSchema = z.object({
+  version: z.number().optional(),
+  resources: z.array(z.string()).default([]),
+  mppResources: z.array(z.string()).optional(),
+  // isMmmEnabled
+  description: z.string().optional(),
+  ownershipProofs: z.array(z.string()).optional(),
+  instructions: z.string().optional()
+});
+var WellKnownParsedSchema = z.object({
+  routes: z.array(
+    z.object({
+      path: z.string(),
+      method: z.enum(["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS", "TRACE"])
+    })
+  ),
+  instructions: z.string().optional()
+});
+// src/core/source/openapi/utils.ts
+function isRecord(value) {
+  return value !== null && typeof value === "object" && !Array.isArray(value);
 }
-function renderHarnessVerbose(report, options, palette) {
-  const lines = [];
-  lines.push(
-    `${palette.bold("L0-L5 Context Harness (Verbose)")} ${statusBadge(report.levels.l2.resourceCount > 0, palette)}`
-  );
-  lines.push(`${palette.dim("=".repeat(74))}`);
-  lines.push(`Target ${report.target}`);
-  lines.push(`Origin ${report.origin}`);
-  lines.push(`Client ${report.client.label}`);
-  lines.push("");
-  lines.push(sectionHeader("Budget check", palette));
-  lines.push(buildTable(harnessBudgetTable(report), [30, 42], options.noTruncate));
-  lines.push("");
-  lines.push(sectionHeader("Layer summary", palette));
-  lines.push(buildTable(harnessLayerSummaryRows(report), [8, 24, 44, 28], options.noTruncate));
-  lines.push("");
-  lines.push(sectionHeader("L2 resource preview", palette));
-  if (report.levels.l2.resources.length === 0) {
-    lines.push(palette.dim("(no discovered resources)"));
-  } else {
-    lines.push(
-      buildTable(
-        harnessL2PreviewRows(report, options.noTruncate),
-        [10, 54, 12, 20],
-        options.noTruncate
-      )
-    );
-    if (report.levels.l2.resources.length > 15) {
-      lines.push(
-        palette.dim(
-          `Showing 15/${report.levels.l2.resources.length} resources. Use --json to inspect full L2/L3 payload.`
-        )
-      );
-    }
-  }
-  lines.push("");
-  lines.push(sectionHeader("L4 guidance", palette));
-  lines.push(`status: ${report.levels.l4.guidanceStatus}`);
-  lines.push(`llms.txt url: ${report.levels.l4.llmsTxtUrl ?? "-"}`);
-  lines.push(`llms.txt tokens: ${report.levels.l4.llmsTxtTokenEstimate}`);
-  lines.push(`preview: ${report.levels.l4.guidancePreview ?? "-"}`);
-  lines.push("");
-  lines.push(sectionHeader("Diagnostics", palette));
-  lines.push(
-    `warnings: ${report.diagnostics.warningCount} (errors=${report.diagnostics.errorWarningCount})`
-  );
-  lines.push(`selected stage: ${report.diagnostics.selectedStage ?? "none"}`);
-  lines.push(`upgrade suggested: ${report.diagnostics.upgradeSuggested ? "yes" : "no"}`);
-  lines.push(
-    `upgrade reasons: ${report.diagnostics.upgradeReasons.length > 0 ? report.diagnostics.upgradeReasons.join(", ") : "-"}`
-  );
-  return lines.join("\n");
+function hasSecurity(operation, scheme) {
+  return operation.security?.some((s) => scheme in s) ?? false;
 }
-function renderSummary(run, options) {
-  const palette = createPalette(options.color);
-  if (options.harness && run.harness) {
-    return renderHarnessSummary(run.harness, options, palette);
-  }
-  const body = [];
-  body.push(introBlock(run, options, palette));
-  body.push("");
-  body.push(`Outcome: ${outcomeLine(run)}`);
-  const items = actionItems(run, options);
-  body.push("Next:");
-  for (let i = 0; i < items.length; i += 1) {
-    body.push(`${i + 1}. ${items[i]}`);
-  }
-  if (options.probe) {
-    body.push(`Probe candidates considered: ${run.probeCandidateCount}`);
-  }
-  return body.join("\n");
+function has402Response(operation) {
+  return Boolean(operation.responses?.["402"]);
 }
-function renderVerbose(run, options) {
-  const palette = createPalette(options.color);
-  if (options.harness && run.harness) {
-    return renderHarnessVerbose(run.harness, options, palette);
-  }
-  const summary = summarizeWarnings(run.result.warnings);
-  const noTruncate = options.noTruncate;
-  const body = [];
-  body.push(introBlock(run, options, palette));
-  body.push("");
-  body.push(sectionHeader("What this means", palette));
-  body.push(outcomeLine(run));
-  body.push("");
-  body.push(sectionHeader("Recommended actions", palette));
-  const items = actionItems(run, options);
-  for (let i = 0; i < items.length; i += 1) {
-    body.push(`${i + 1}. ${items[i]}`);
-  }
-  body.push("");
-  body.push(sectionHeader("Compatibility matrix", palette));
-  body.push(buildTable(stageMatrixRows(run.result), [18, 8, 10, 10, 10, 56], noTruncate));
-  body.push("");
-  body.push(sectionHeader("Resource matrix", palette));
-  if (run.result.resources.length === 0) {
-    body.push(palette.dim("(no discovered resources)"));
-  } else {
-    const allRows = resourceMatrixRows(run.result);
-    const previewRows = allRows.slice(0, 16);
-    body.push(buildTable(previewRows, [8, 44, 10, 24, 18, 10, 10], noTruncate));
-    if (allRows.length > previewRows.length) {
-      body.push(
-        palette.dim(
-          `Showing ${previewRows.length - 1}/${allRows.length - 1} resources. Use --no-truncate or --json for complete output.`
-        )
-      );
-    }
-  }
-  body.push("");
-  body.push(sectionHeader("Warning breakdown", palette));
-  if (summary.codes.length === 0) {
-    body.push(palette.dim("(no warnings)"));
-  } else {
-    body.push(buildTable(warningRows(summary, run.result), [10, 34, 8, 62], noTruncate));
-  }
-  if (run.result.upgradeReasons.length > 0) {
-    body.push("");
-    body.push(sectionHeader("Upgrade guidance", palette));
-    for (const reason of run.result.upgradeReasons) {
-      body.push(`- ${reason}`);
-    }
-  }
-  return body.join("\n");
-}
-function renderJson(run, options) {
-  return JSON.stringify(
-    {
-      ok: run.result.resources.length > 0,
-      target: options.target,
-      origin: run.result.origin,
-      compatMode: run.result.compatMode,
-      selectedStage: run.result.selectedStage ?? null,
-      resources: run.result.resources,
-      trace: run.result.trace,
-      warnings: run.result.warnings,
-      upgradeSuggested: run.result.upgradeSuggested,
-      upgradeReasons: run.result.upgradeReasons,
-      meta: {
-        durationMs: run.durationMs,
-        probeEnabled: options.probe,
-        probeCandidateCount: run.probeCandidateCount,
-        timeoutMs: options.timeoutMs
-      },
-      ...run.harness ? { harness: run.harness } : {}
-    },
-    null,
-    2
-  );
+function inferAuthMode(operation) {
+  const hasXPaymentInfo = Boolean(operation["x-payment-info"]);
+  const hasPayment = hasXPaymentInfo || has402Response(operation);
+  const hasApiKey = hasSecurity(operation, "apiKey");
+  const hasSiwx = hasSecurity(operation, "siwx");
+  if (hasPayment && hasApiKey) return "apiKey+paid";
+  if (hasXPaymentInfo) return "paid";
+  if (hasPayment) return hasSiwx ? "siwx" : "paid";
+  if (hasApiKey) return "apiKey";
+  if (hasSiwx) return "siwx";
+  return void 0;
 }
-// src/mmm-enabled.ts
-var isMmmEnabled = () => "0.1.4".includes("-mmm");
-// src/core/constants.ts
-var OPENAPI_PATH_CANDIDATES = ["/openapi.json", "/.well-known/openapi.json"];
-var WELL_KNOWN_MPP_PATH = "/.well-known/mpp";
-var LLMS_TOKEN_WARNING_THRESHOLD = 2500;
+// src/core/lib/constants.ts
 var HTTP_METHODS = /* @__PURE__ */ new Set([
   "GET",
   "POST",
@@ -627,10 +109,9 @@ var HTTP_METHODS = /* @__PURE__ */ new Set([
   "OPTIONS",
   "TRACE"
 ]);
-var DEFAULT_PROBE_METHODS = ["GET", "POST"];
 var DEFAULT_MISSING_METHOD = "POST";
-// src/core/url.ts
+// src/core/lib/url.ts
 function normalizeOrigin(target) {
   const trimmed = target.trim();
   const withProtocol = /^https?:\/\//i.test(trimmed) ? trimmed : `https://${trimmed}`;
@@ -648,9 +129,6 @@ function normalizePath(pathname) {
   const normalized = prefixed.replace(/\/+/g, "/");
   return normalized !== "/" ? normalized.replace(/\/$/, "") : "/";
 }
-function toResourceKey(origin, method, path) {
-  return `${origin} ${method} ${normalizePath(path)}`;
-}
 function parseMethod(value) {
   if (!value) return void 0;
   const upper = value.toUpperCase();
@@ -665,901 +143,504 @@ function toAbsoluteUrl(origin, value) {
   }
 }
-// src/core/warnings.ts
-function warning(code, severity, message, options) {
-  return {
-    code,
-    severity,
-    message,
-    ...options?.hint ? { hint: options.hint } : {},
-    ...options?.stage ? { stage: options.stage } : {},
-    ...options?.resourceKey ? { resourceKey: options.resourceKey } : {}
-  };
-}
-function applyStrictEscalation(warnings, strict) {
-  if (!strict) return warnings;
-  return warnings.map((entry) => {
-    if (!STRICT_ESCALATION_CODES.includes(entry.code)) {
-      return entry;
-    }
-    if (entry.severity === "error") return entry;
-    return {
-      ...entry,
-      severity: "error",
-      message: `${entry.message} (strict mode escalated)`
-    };
-  });
+// src/core/source/fetch.ts
+import { ResultAsync } from "neverthrow";
+function toFetchError(err) {
+  const cause = err instanceof DOMException && (err.name === "TimeoutError" || err.name === "AbortError") ? "timeout" : "network";
+  return { cause, message: String(err) };
 }
-function dedupeWarnings(warnings) {
-  const seen = /* @__PURE__ */ new Set();
-  const output = [];
-  for (const item of warnings) {
-    const key = `${item.code}|${item.severity}|${item.stage ?? ""}|${item.resourceKey ?? ""}|${item.message}`;
-    if (seen.has(key)) continue;
-    seen.add(key);
-    output.push(item);
-  }
-  return output;
+function fetchSafe(url, init) {
+  return ResultAsync.fromPromise(fetch(url, init), toFetchError);
 }
-// src/core/normalize.ts
-function createResource(input, confidence, trustTier) {
-  const normalizedOrigin = normalizeOrigin(input.origin);
-  const normalizedPath = normalizePath(input.path);
-  return {
-    resourceKey: toResourceKey(normalizedOrigin, input.method, normalizedPath),
-    origin: normalizedOrigin,
-    method: input.method,
-    path: normalizedPath,
-    source: input.source,
-    verified: false,
-    ...input.protocolHints?.length ? { protocolHints: [...new Set(input.protocolHints)] } : {},
-    ...input.priceHint ? { priceHint: input.priceHint } : {},
-    ...input.pricing ? { pricing: input.pricing } : {},
-    ...input.authHint ? { authHint: input.authHint } : {},
-    ...input.summary ? { summary: input.summary } : {},
-    confidence,
-    trustTier,
-    ...input.links ? { links: input.links } : {}
-  };
-}
+// src/mmm-enabled.ts
+var isMmmEnabled = () => "1.0.0".includes("-mmm");
-// src/compat/legacy-x402scan/wellKnown.ts
-function isRecord(value) {
-  return value !== null && typeof value === "object" && !Array.isArray(value);
-}
-function parseLegacyResourceEntry(entry) {
-  const trimmed = entry.trim();
-  if (!trimmed) return null;
-  const parts = trimmed.split(/\s+/);
-  if (parts.length >= 2) {
-    const maybeMethod = parseMethod(parts[0]);
-    if (maybeMethod) {
-      const target = parts.slice(1).join(" ");
-      return { method: maybeMethod, target };
-    }
-  }
-  if (trimmed.startsWith("/") || /^https?:\/\//i.test(trimmed)) {
-    return { target: trimmed };
-  }
-  return null;
-}
-function parseWellKnownPayload(payload, origin, sourceUrl) {
-  const warnings = [
-    warning(
-      "LEGACY_WELL_KNOWN_USED",
-      "warn",
-      "Using legacy /.well-known/x402 compatibility path. Migrate to OpenAPI-first.",
-      {
-        stage: "well-known/x402"
-      }
-    )
-  ];
-  if (!isRecord(payload)) {
-    warnings.push(
-      warning("PARSE_FAILED", "error", "Legacy well-known payload is not an object", {
-        stage: "well-known/x402"
-      })
-    );
-    return { resources: [], warnings, raw: payload };
-  }
-  const resourcesRaw = Array.isArray(payload.resources) ? payload.resources.filter((entry) => typeof entry === "string") : [];
-  if (resourcesRaw.length === 0) {
-    warnings.push(
-      warning("STAGE_EMPTY", "warn", "Legacy well-known has no valid resources array", {
-        stage: "well-known/x402"
-      })
-    );
-  }
-  const instructions = typeof payload.instructions === "string" ? payload.instructions : void 0;
-  const ownershipProofs = Array.isArray(payload.ownershipProofs) ? payload.ownershipProofs.filter((entry) => typeof entry === "string") : [];
-  if (instructions) {
-    warnings.push(
-      warning(
-        "LEGACY_INSTRUCTIONS_USED",
-        "warn",
-        "Using /.well-known/x402.instructions as compatibility guidance fallback. Prefer llms.txt.",
-        {
-          stage: "well-known/x402",
-          hint: "Move guidance to llms.txt and reference via x-discovery.llmsTxtUrl in OpenAPI."
-        }
-      )
-    );
-  }
-  if (ownershipProofs.length > 0) {
-    warnings.push(
-      warning(
-        "LEGACY_OWNERSHIP_PROOFS_USED",
-        "warn",
-        "Using /.well-known/x402.ownershipProofs compatibility field. Prefer OpenAPI provenance extension.",
-        {
-          stage: "well-known/x402",
-          hint: "Move ownership proofs to x-discovery.ownershipProofs in OpenAPI."
-        }
-      )
-    );
-  }
-  const resources = [];
-  for (const rawEntry of resourcesRaw) {
-    const parsed = parseLegacyResourceEntry(rawEntry);
-    if (!parsed) {
-      warnings.push(
-        warning("PARSE_FAILED", "warn", `Invalid legacy resource entry: ${rawEntry}`, {
-          stage: "well-known/x402"
-        })
-      );
-      continue;
-    }
-    const absolute = toAbsoluteUrl(origin, parsed.target);
-    if (!absolute) {
-      warnings.push(
-        warning("PARSE_FAILED", "warn", `Invalid legacy resource URL: ${rawEntry}`, {
-          stage: "well-known/x402"
-        })
-      );
-      continue;
-    }
-    const method = parsed.method ?? DEFAULT_MISSING_METHOD;
-    if (!parsed.method) {
-      warnings.push(
-        warning(
-          "LEGACY_MISSING_METHOD",
-          "warn",
-          `Legacy resource '${rawEntry}' missing method. Defaulting to ${DEFAULT_MISSING_METHOD}.`,
-          {
-            stage: "well-known/x402"
-          }
-        )
+// src/core/source/openapi/index.ts
+var OpenApiParsedSchema = OpenApiDocSchema.transform((doc) => {
+  const routes = [];
+  for (const [rawPath, pathItem] of Object.entries(doc.paths)) {
+    for (const httpMethod of [...HTTP_METHODS]) {
+      const operation = pathItem[httpMethod.toLowerCase()];
+      if (!operation) continue;
+      const authMode = inferAuthMode(operation) ?? void 0;
+      if (!authMode) continue;
+      const p = operation["x-payment-info"];
+      const protocols = (p?.protocols ?? []).filter(
+        (proto) => proto !== "mpp" || isMmmEnabled()
       );
+      if ((authMode === "paid" || authMode === "siwx") && !has402Response(operation)) continue;
+      if (authMode === "paid" && protocols.length === 0) continue;
+      const pricing = authMode === "paid" && p ? {
+        pricingMode: p.pricingMode,
+        ...p.price ? { price: p.price } : {},
+        ...p.minPrice ? { minPrice: p.minPrice } : {},
+        ...p.maxPrice ? { maxPrice: p.maxPrice } : {}
+      } : void 0;
+      const summary = operation.summary ?? operation.description;
+      routes.push({
+        path: normalizePath(rawPath),
+        method: httpMethod.toUpperCase(),
+        ...summary ? { summary } : {},
+        authMode,
+        ...protocols.length ? { protocols } : {},
+        ...pricing ? { pricing } : {}
+      });
     }
-    const path = normalizePath(absolute.pathname);
-    resources.push(
-      createResource(
-        {
-          origin: absolute.origin,
-          method,
-          path,
-          source: "well-known/x402",
-          summary: `${method} ${path}`,
-          authHint: "paid",
-          protocolHints: ["x402"],
-          links: {
-            wellKnownUrl: sourceUrl,
-            discoveryUrl: sourceUrl
-          }
-        },
-        0.65,
-        ownershipProofs.length > 0 ? "ownership_verified" : "origin_hosted"
-      )
-    );
   }
   return {
-    resources,
-    warnings,
-    raw: payload
+    info: {
+      title: doc.info.title,
+      ...doc.info.description ? { description: doc.info.description } : {},
+      version: doc.info.version
+    },
+    routes,
+    ...doc.info.guidance ? { guidance: doc.info.guidance } : {}
   };
-}
-async function runWellKnownX402Stage(options) {
-  const stageUrl = options.url ?? `${options.origin}/.well-known/x402`;
+});
+async function parseBody(response, url) {
   try {
-    const response = await options.fetcher(stageUrl, {
-      method: "GET",
-      headers: { Accept: "application/json", ...options.headers },
-      signal: options.signal
-    });
-    if (!response.ok) {
-      if (response.status === 404) {
-        return {
-          stage: "well-known/x402",
-          valid: false,
-          resources: [],
-          warnings: [],
-          links: { wellKnownUrl: stageUrl }
-        };
-      }
-      return {
-        stage: "well-known/x402",
-        valid: false,
-        resources: [],
-        warnings: [
-          warning("FETCH_FAILED", "warn", `Legacy well-known fetch failed (${response.status})`, {
-            stage: "well-known/x402"
-          })
-        ],
-        links: { wellKnownUrl: stageUrl }
-      };
-    }
     const payload = await response.json();
-    const parsed = parseWellKnownPayload(payload, options.origin, stageUrl);
-    return {
-      stage: "well-known/x402",
-      valid: parsed.resources.length > 0,
-      resources: parsed.resources,
-      warnings: parsed.warnings,
-      links: { wellKnownUrl: stageUrl },
-      ...options.includeRaw ? { raw: parsed.raw } : {}
-    };
-  } catch (error) {
-    return {
-      stage: "well-known/x402",
-      valid: false,
-      resources: [],
-      warnings: [
-        warning(
-          "FETCH_FAILED",
-          "warn",
-          `Legacy well-known fetch exception: ${error instanceof Error ? error.message : String(error)}`,
-          {
-            stage: "well-known/x402"
-          }
-        )
-      ],
-      links: { wellKnownUrl: stageUrl }
-    };
+    const parsed = OpenApiParsedSchema.safeParse(payload);
+    if (!parsed.success) return null;
+    return { raw: payload, ...parsed.data, fetchedUrl: url };
+  } catch {
+    return null;
   }
 }
-// src/compat/legacy-x402scan/dns.ts
-function parseDnsRecord(record) {
-  const trimmed = record.trim();
-  if (!trimmed) return null;
-  if (/^https?:\/\//i.test(trimmed)) {
-    return { url: trimmed, legacyPlainUrl: true };
-  }
-  const parts = trimmed.split(";").map((entry) => entry.trim()).filter(Boolean);
-  const keyValues = /* @__PURE__ */ new Map();
-  for (const part of parts) {
-    const separator = part.indexOf("=");
-    if (separator <= 0) continue;
-    const key = part.slice(0, separator).trim().toLowerCase();
-    const value = part.slice(separator + 1).trim();
-    if (key && value) keyValues.set(key, value);
-  }
-  if (keyValues.get("v") !== "x4021") return null;
-  const url = keyValues.get("url");
-  if (!url || !/^https?:\/\//i.test(url)) return null;
-  return { url, legacyPlainUrl: false };
+function getOpenAPI(origin, headers, signal, specificationOverrideUrl) {
+  const url = specificationOverrideUrl ?? `${origin}/openapi.json`;
+  return fetchSafe(url, {
+    method: "GET",
+    headers: { Accept: "application/json", ...headers },
+    signal
+  }).andThen((response) => {
+    if (!response.ok) return okAsync(null);
+    return ResultAsync2.fromSafePromise(parseBody(response, url));
+  });
 }
-async function runDnsStage(options) {
-  if (!options.txtResolver) {
-    return {
-      stage: "dns/_x402",
-      valid: false,
-      resources: [],
-      warnings: []
-    };
-  }
-  const origin = normalizeOrigin(options.origin);
-  const hostname = new URL(origin).hostname;
-  const fqdn = `_x402.${hostname}`;
-  let records;
-  try {
-    records = await options.txtResolver(fqdn);
-  } catch (error) {
-    return {
-      stage: "dns/_x402",
-      valid: false,
-      resources: [],
-      warnings: [
-        warning(
-          "FETCH_FAILED",
-          "warn",
-          `DNS TXT lookup failed for ${fqdn}: ${error instanceof Error ? error.message : String(error)}`,
-          { stage: "dns/_x402" }
-        )
-      ]
-    };
-  }
-  if (records.length === 0) {
-    return {
-      stage: "dns/_x402",
-      valid: false,
-      resources: [],
-      warnings: []
-    };
-  }
-  const warnings = [
-    warning(
-      "LEGACY_DNS_USED",
-      "warn",
-      "Using DNS _x402 compatibility path. Migrate to OpenAPI-first discovery.",
+// src/core/source/wellknown/index.ts
+import { okAsync as okAsync2, ResultAsync as ResultAsync3 } from "neverthrow";
+function toWellKnownParsed(origin, doc) {
+  const routes = doc.resources.flatMap((entry) => {
+    const trimmed = entry.trim();
+    if (!trimmed) return [];
+    const parts = trimmed.split(/\s+/);
+    const maybeMethod = parts.length >= 2 ? parseMethod(parts[0]) : void 0;
+    const target = maybeMethod ? parts.slice(1).join(" ") : trimmed;
+    const absolute = toAbsoluteUrl(origin, target);
+    if (!absolute) return [];
+    return [
       {
-        stage: "dns/_x402"
+        path: normalizePath(absolute.pathname),
+        method: maybeMethod ?? DEFAULT_MISSING_METHOD
       }
-    )
-  ];
-  const urls = [];
-  for (const record of records) {
-    const parsed = parseDnsRecord(record);
-    if (!parsed) {
-      warnings.push(
-        warning("PARSE_FAILED", "warn", `Invalid DNS _x402 TXT record: ${record}`, {
-          stage: "dns/_x402"
-        })
-      );
-      continue;
-    }
-    urls.push(parsed.url);
-    if (parsed.legacyPlainUrl) {
-      warnings.push(
-        warning("LEGACY_DNS_PLAIN_URL", "warn", `Legacy plain URL TXT format used: ${record}`, {
-          stage: "dns/_x402",
-          hint: "Use v=x4021;url=<https-url> format."
-        })
-      );
-    }
-  }
-  if (urls.length === 0) {
-    return {
-      stage: "dns/_x402",
-      valid: false,
-      resources: [],
-      warnings,
-      ...options.includeRaw ? { raw: { dnsRecords: records } } : {}
-    };
-  }
-  const mergedWarnings = [...warnings];
-  const mergedResources = [];
-  const rawDocuments = [];
-  for (const url of urls) {
-    const stageResult = await runWellKnownX402Stage({
-      origin,
-      url,
-      fetcher: options.fetcher,
-      headers: options.headers,
-      signal: options.signal,
-      includeRaw: options.includeRaw
-    });
-    mergedResources.push(...stageResult.resources);
-    mergedWarnings.push(...stageResult.warnings);
-    if (options.includeRaw && stageResult.raw !== void 0) {
-      rawDocuments.push({ url, document: stageResult.raw });
-    }
-  }
-  const deduped = /* @__PURE__ */ new Map();
-  for (const resource of mergedResources) {
-    if (!deduped.has(resource.resourceKey)) {
-      deduped.set(resource.resourceKey, {
-        ...resource,
-        source: "dns/_x402",
-        links: {
-          ...resource.links,
-          discoveryUrl: resource.links?.discoveryUrl
-        }
-      });
-    }
-  }
-  return {
-    stage: "dns/_x402",
-    valid: deduped.size > 0,
-    resources: [...deduped.values()],
-    warnings: mergedWarnings,
-    ...options.includeRaw ? { raw: { dnsRecords: records, documents: rawDocuments } } : {}
-  };
-}
-// src/compat/interop-mpp/wellKnownMpp.ts
-function isRecord2(value) {
-  return value !== null && typeof value === "object" && !Array.isArray(value);
+    ];
+  });
+  return { routes, ...doc.instructions ? { instructions: doc.instructions } : {} };
 }
-async function runInteropMppStage(options) {
-  const url = `${options.origin}${WELL_KNOWN_MPP_PATH}`;
+async function parseBody2(response, origin, url) {
   try {
-    const response = await options.fetcher(url, {
-      method: "GET",
-      headers: { Accept: "application/json", ...options.headers },
-      signal: options.signal
-    });
-    if (!response.ok) {
-      return {
-        stage: "interop/mpp",
-        valid: false,
-        resources: [],
-        warnings: []
-      };
-    }
     const payload = await response.json();
-    if (!isRecord2(payload)) {
-      return {
-        stage: "interop/mpp",
-        valid: false,
-        resources: [],
-        warnings: [
-          warning("PARSE_FAILED", "warn", "Interop /.well-known/mpp payload is not an object", {
-            stage: "interop/mpp"
-          })
-        ],
-        ...options.includeRaw ? { raw: payload } : {}
-      };
-    }
-    const warnings = [
-      warning(
-        "INTEROP_MPP_USED",
-        "info",
-        "Using /.well-known/mpp interop adapter. This is additive and non-canonical.",
-        {
-          stage: "interop/mpp",
-          hint: "Use for registry indexing only, not canonical runtime routing."
-        }
-      )
-    ];
-    const resources = [];
-    const fromStringResources = Array.isArray(payload.resources) ? payload.resources.filter((entry) => typeof entry === "string") : [];
-    for (const entry of fromStringResources) {
-      const parts = entry.trim().split(/\s+/);
-      let method = parseMethod(parts[0]);
-      let path = parts.join(" ");
-      if (method) {
-        path = parts.slice(1).join(" ");
-      } else {
-        method = "POST";
-      }
-      const normalizedPath = normalizePath(path);
-      resources.push(
-        createResource(
-          {
-            origin: options.origin,
-            method,
-            path: normalizedPath,
-            source: "interop/mpp",
-            summary: `${method} ${normalizedPath}`,
-            authHint: "paid",
-            protocolHints: ["mpp"],
-            links: { discoveryUrl: url }
-          },
-          0.45,
-          "unverified"
-        )
-      );
-    }
-    const fromServiceObjects = Array.isArray(payload.services) ? payload.services.filter((entry) => isRecord2(entry)) : [];
-    for (const service of fromServiceObjects) {
-      const path = typeof service.path === "string" ? service.path : void 0;
-      const method = parseMethod(typeof service.method === "string" ? service.method : void 0) ?? "POST";
-      if (!path) continue;
-      const normalizedPath = normalizePath(path);
-      resources.push(
-        createResource(
-          {
-            origin: options.origin,
-            method,
-            path: normalizedPath,
-            source: "interop/mpp",
-            summary: typeof service.summary === "string" ? service.summary : `${method} ${normalizedPath}`,
-            authHint: "paid",
-            protocolHints: ["mpp"],
-            links: { discoveryUrl: url }
-          },
-          0.45,
-          "unverified"
-        )
-      );
-    }
-    const deduped = /* @__PURE__ */ new Map();
-    for (const resource of resources) {
-      if (!deduped.has(resource.resourceKey)) deduped.set(resource.resourceKey, resource);
-    }
-    return {
-      stage: "interop/mpp",
-      valid: deduped.size > 0,
-      resources: [...deduped.values()],
-      warnings,
-      ...options.includeRaw ? { raw: payload } : {}
-    };
-  } catch (error) {
-    return {
-      stage: "interop/mpp",
-      valid: false,
-      resources: [],
-      warnings: [
-        warning(
-          "FETCH_FAILED",
-          "warn",
-          `Interop /.well-known/mpp fetch failed: ${error instanceof Error ? error.message : String(error)}`,
-          {
-            stage: "interop/mpp"
-          }
-        )
-      ]
-    };
+    const doc = WellKnownDocSchema.safeParse(payload);
+    if (!doc.success) return null;
+    const parsed = WellKnownParsedSchema.safeParse(toWellKnownParsed(origin, doc.data));
+    if (!parsed.success) return null;
+    return { raw: payload, ...parsed.data, fetchedUrl: url };
+  } catch {
+    return null;
   }
 }
-// src/core/token.ts
-function estimateTokenCount(text) {
-  return Math.ceil(text.length / 4);
+function getWellKnown(origin, headers, signal) {
+  const url = `${origin}/.well-known/x402`;
+  return fetchSafe(url, {
+    method: "GET",
+    headers: { Accept: "application/json", ...headers },
+    signal
+  }).andThen((response) => {
+    if (!response.ok) return okAsync2(null);
+    return ResultAsync3.fromSafePromise(parseBody2(response, origin, url));
+  });
 }
-// src/core/openapi-utils.ts
-function isRecord3(value) {
-  return value !== null && typeof value === "object" && !Array.isArray(value);
+// src/core/layers/l2.ts
+function formatPrice(pricing) {
+  if (pricing.pricingMode === "fixed") return `$${pricing.price}`;
+  if (pricing.pricingMode === "range") return `$${pricing.minPrice}-$${pricing.maxPrice}`;
+  return pricing.maxPrice ? `up to $${pricing.maxPrice}` : "quote";
+}
+function checkL2ForOpenAPI(openApi) {
+  const routes = openApi.routes.map((route) => ({
+    path: route.path,
+    method: route.method,
+    summary: route.summary ?? `${route.method} ${route.path}`,
+    ...route.authMode ? { authMode: route.authMode } : {},
+    ...route.pricing ? { price: formatPrice(route.pricing) } : {},
+    ...route.protocols?.length ? { protocols: route.protocols } : {}
+  }));
+  return {
+    ...openApi.info.title ? { title: openApi.info.title } : {},
+    ...openApi.info.description ? { description: openApi.info.description } : {},
+    routes,
+    source: "openapi"
+  };
 }
-function hasSecurity(operation, scheme) {
-  const security = operation.security;
-  return Array.isArray(security) && security.some((s) => isRecord3(s) && scheme in s);
+function checkL2ForWellknown(wellKnown) {
+  const routes = wellKnown.routes.map((route) => ({
+    path: route.path,
+    method: route.method,
+    summary: `${route.method} ${route.path}`,
+    authMode: "paid",
+    protocols: ["x402"]
+  }));
+  return { routes, source: "well-known/x402" };
 }
-function has402Response(operation) {
-  const responses = operation.responses;
-  if (!isRecord3(responses)) return false;
-  return Boolean(responses["402"]);
+// src/core/layers/l4.ts
+function checkL4ForOpenAPI(openApi) {
+  if (openApi.guidance) {
+    return { guidance: openApi.guidance, source: "openapi" };
+  }
+  return null;
 }
-function inferAuthMode(operation) {
-  if (isRecord3(operation["x-payment-info"])) return "paid";
-  if (has402Response(operation)) {
-    if (hasSecurity(operation, "siwx")) return "siwx";
-    return "paid";
+function checkL4ForWellknown(wellKnown) {
+  if (wellKnown.instructions) {
+    return { guidance: wellKnown.instructions, source: "well-known/x402" };
   }
-  if (hasSecurity(operation, "apiKey")) return "apiKey";
-  if (hasSecurity(operation, "siwx")) return "siwx";
-  return void 0;
+  return null;
 }
-// src/core/openapi.ts
-function asString(value) {
-  return typeof value === "string" && value.length > 0 ? value : void 0;
-}
-function parsePriceValue(value) {
-  if (typeof value === "string" && value.length > 0) return value;
-  if (typeof value === "number" && Number.isFinite(value)) return String(value);
-  return void 0;
+// src/audit/codes.ts
+var AUDIT_CODES = {
+  // ─── Source presence ─────────────────────────────────────────────────────────
+  OPENAPI_NOT_FOUND: "OPENAPI_NOT_FOUND",
+  WELLKNOWN_NOT_FOUND: "WELLKNOWN_NOT_FOUND",
+  // ─── OpenAPI quality ─────────────────────────────────────────────────────────
+  OPENAPI_NO_ROUTES: "OPENAPI_NO_ROUTES",
+  // ─── L2 route-list checks ────────────────────────────────────────────────────
+  L2_NO_ROUTES: "L2_NO_ROUTES",
+  L2_ROUTE_COUNT_HIGH: "L2_ROUTE_COUNT_HIGH",
+  L2_AUTH_MODE_MISSING: "L2_AUTH_MODE_MISSING",
+  L2_PRICE_MISSING_ON_PAID: "L2_PRICE_MISSING_ON_PAID",
+  L2_PROTOCOLS_MISSING_ON_PAID: "L2_PROTOCOLS_MISSING_ON_PAID",
+  // ─── L3 endpoint advisory checks ─────────────────────────────────────────────
+  L3_NOT_FOUND: "L3_NOT_FOUND",
+  L3_INPUT_SCHEMA_MISSING: "L3_INPUT_SCHEMA_MISSING",
+  L3_AUTH_MODE_MISSING: "L3_AUTH_MODE_MISSING",
+  L3_PROTOCOLS_MISSING_ON_PAID: "L3_PROTOCOLS_MISSING_ON_PAID",
+  // ─── L4 guidance checks ──────────────────────────────────────────────────────
+  L4_GUIDANCE_MISSING: "L4_GUIDANCE_MISSING",
+  L4_GUIDANCE_TOO_LONG: "L4_GUIDANCE_TOO_LONG"
+};
+// src/audit/warnings.ts
+var GUIDANCE_TOO_LONG_CHARS = 4e3;
+var ROUTE_COUNT_HIGH = 40;
+function getWarningsForOpenAPI(openApi) {
+  if (openApi === null) {
+    return [
+      {
+        code: AUDIT_CODES.OPENAPI_NOT_FOUND,
+        severity: "info",
+        message: "No OpenAPI specification found at this origin.",
+        hint: "Expose an OpenAPI spec (e.g. /openapi.json) for richer discovery."
+      }
+    ];
+  }
+  const warnings = [];
+  if (openApi.routes.length === 0) {
+    warnings.push({
+      code: AUDIT_CODES.OPENAPI_NO_ROUTES,
+      severity: "warn",
+      message: "OpenAPI spec found but contains no route definitions.",
+      hint: "Add paths to your OpenAPI spec so agents can discover endpoints.",
+      path: "paths"
+    });
+  }
+  return warnings;
 }
-function parseProtocols(paymentInfo) {
-  const protocols = paymentInfo.protocols;
-  if (!Array.isArray(protocols)) return [];
-  return protocols.filter(
-    (entry) => typeof entry === "string" && entry.length > 0
-  );
+function getWarningsForWellKnown(wellKnown) {
+  if (wellKnown === null) {
+    return [
+      {
+        code: AUDIT_CODES.WELLKNOWN_NOT_FOUND,
+        severity: "info",
+        message: "No /.well-known/x402 resource found at this origin.",
+        hint: "Expose /.well-known/x402 as a fallback for agents that cannot read OpenAPI."
+      }
+    ];
+  }
+  return [];
 }
-async function runOpenApiStage(options) {
+function getWarningsForL2(l2) {
   const warnings = [];
-  const resources = [];
-  let fetchedUrl;
-  let document;
-  for (const path of OPENAPI_PATH_CANDIDATES) {
-    const url = `${options.origin}${path}`;
-    try {
-      const response = await options.fetcher(url, {
-        method: "GET",
-        headers: { Accept: "application/json", ...options.headers },
-        signal: options.signal
+  if (l2.routes.length === 0) {
+    warnings.push({
+      code: AUDIT_CODES.L2_NO_ROUTES,
+      severity: "warn",
+      message: "No routes found from any discovery source."
+    });
+    return warnings;
+  }
+  if (l2.routes.length > ROUTE_COUNT_HIGH) {
+    warnings.push({
+      code: AUDIT_CODES.L2_ROUTE_COUNT_HIGH,
+      severity: "warn",
+      message: `High route count (${l2.routes.length}) may exceed agent token budgets for zero-hop injection.`,
+      hint: "Consider grouping routes or reducing the advertised surface."
+    });
+  }
+  for (const route of l2.routes) {
+    const loc = `${route.method} ${route.path}`;
+    if (!route.authMode) {
+      warnings.push({
+        code: AUDIT_CODES.L2_AUTH_MODE_MISSING,
+        severity: "warn",
+        message: `Route ${loc} is missing an auth mode declaration.`,
+        hint: "Set x-payment-info.authMode (or securitySchemes) so agents know if payment is required.",
+        path: route.path
       });
-      if (!response.ok) {
-        if (response.status !== 404) {
-          warnings.push(
-            warning("FETCH_FAILED", "warn", `OpenAPI fetch failed (${response.status}) at ${url}`, {
-              stage: "openapi"
-            })
-          );
-        }
-        continue;
+    }
+    if (route.authMode === "paid") {
+      if (!route.price) {
+        warnings.push({
+          code: AUDIT_CODES.L2_PRICE_MISSING_ON_PAID,
+          severity: "warn",
+          message: `Paid route ${loc} has no price hint.`,
+          hint: "Add x-payment-info.price (or minPrice/maxPrice) so agents can budget before calling.",
+          path: route.path
+        });
       }
-      const payload = await response.json();
-      if (!isRecord3(payload)) {
-        warnings.push(
-          warning("PARSE_FAILED", "error", `OpenAPI payload at ${url} is not a JSON object`, {
-            stage: "openapi"
-          })
-        );
-        continue;
+      if (!route.protocols?.length) {
+        warnings.push({
+          code: AUDIT_CODES.L2_PROTOCOLS_MISSING_ON_PAID,
+          severity: "info",
+          message: `Paid route ${loc} does not declare supported payment protocols.`,
+          hint: "Add x-payment-info.protocols (e.g. ['x402']) to signal which payment flows are accepted.",
+          path: route.path
+        });
       }
-      document = payload;
-      fetchedUrl = url;
-      break;
-    } catch (error) {
-      warnings.push(
-        warning(
-          "FETCH_FAILED",
-          "warn",
-          `OpenAPI fetch exception at ${url}: ${error instanceof Error ? error.message : String(error)}`,
-          { stage: "openapi" }
-        )
-      );
     }
   }
-  if (!document || !fetchedUrl) {
-    return {
-      stage: "openapi",
-      valid: false,
-      resources: [],
-      warnings
-    };
+  return warnings;
+}
+function getWarningsForL3(l3) {
+  if (l3 === null) {
+    return [
+      {
+        code: AUDIT_CODES.L3_NOT_FOUND,
+        severity: "info",
+        message: "No spec data found for this endpoint.",
+        hint: "Ensure the path is defined in your OpenAPI spec or reachable via probe."
+      }
+    ];
   }
-  const hasTopLevel = typeof document.openapi === "string" && isRecord3(document.info) && typeof document.info.title === "string" && typeof document.info.version === "string" && isRecord3(document.paths);
-  if (!hasTopLevel) {
-    warnings.push(
-      warning("OPENAPI_TOP_LEVEL_INVALID", "error", "OpenAPI required fields are missing", {
-        stage: "openapi"
-      })
-    );
-    return {
-      stage: "openapi",
-      valid: false,
-      resources: [],
-      warnings,
-      links: { openapiUrl: fetchedUrl },
-      ...options.includeRaw ? { raw: document } : {}
-    };
+  const warnings = [];
+  if (!l3.authMode) {
+    warnings.push({
+      code: AUDIT_CODES.L3_AUTH_MODE_MISSING,
+      severity: "warn",
+      message: "Endpoint has no auth mode in the spec.",
+      hint: "Declare auth mode via security schemes or x-payment-info so agents can plan payment."
+    });
   }
-  const paths = document.paths;
-  const discovery = isRecord3(document["x-discovery"]) ? document["x-discovery"] : void 0;
-  const ownershipProofs = Array.isArray(discovery?.ownershipProofs) ? discovery.ownershipProofs.filter((entry) => typeof entry === "string") : [];
-  const llmsTxtUrl = asString(discovery?.llmsTxtUrl);
-  if (ownershipProofs.length > 0) {
-    warnings.push(
-      warning("OPENAPI_OWNERSHIP_PROOFS_PRESENT", "info", "OpenAPI ownership proofs detected", {
-        stage: "openapi"
-      })
-    );
+  if (l3.authMode === "paid" && !l3.inputSchema) {
+    warnings.push({
+      code: AUDIT_CODES.L3_INPUT_SCHEMA_MISSING,
+      severity: "warn",
+      message: "Paid endpoint is missing an input schema.",
+      hint: "Add a requestBody or parameters schema so agents can construct valid payloads."
+    });
   }
-  for (const [rawPath, rawPathItem] of Object.entries(paths)) {
-    if (!isRecord3(rawPathItem)) {
-      warnings.push(
-        warning("OPENAPI_OPERATION_INVALID", "warn", `Path item ${rawPath} is not an object`, {
-          stage: "openapi"
-        })
-      );
-      continue;
-    }
-    for (const [rawMethod, rawOperation] of Object.entries(rawPathItem)) {
-      const method = parseMethod(rawMethod);
-      if (!method) continue;
-      if (!isRecord3(rawOperation)) {
-        warnings.push(
-          warning(
-            "OPENAPI_OPERATION_INVALID",
-            "warn",
-            `${rawMethod.toUpperCase()} ${rawPath} is not an object`,
-            {
-              stage: "openapi"
-            }
-          )
-        );
-        continue;
-      }
-      const operation = rawOperation;
-      const summary = asString(operation.summary) ?? asString(operation.description);
-      if (!summary) {
-        warnings.push(
-          warning(
-            "OPENAPI_SUMMARY_MISSING",
-            "warn",
-            `${method} ${rawPath} missing summary/description, using fallback summary`,
-            { stage: "openapi" }
-          )
-        );
-      }
-      const authMode = inferAuthMode(operation);
-      if (!authMode) {
-        warnings.push(
-          warning(
-            "OPENAPI_AUTH_MODE_MISSING",
-            "error",
-            `${method} ${rawPath} missing auth mode (no x-payment-info, 402 response, or security scheme)`,
-            {
-              stage: "openapi"
-            }
-          )
-        );
-        continue;
-      }
-      if ((authMode === "paid" || authMode === "siwx") && !has402Response(operation)) {
-        warnings.push(
-          warning(
-            "OPENAPI_402_MISSING",
-            "error",
-            `${method} ${rawPath} requires 402 response for authMode=${authMode}`,
-            { stage: "openapi" }
-          )
-        );
-        continue;
-      }
-      const paymentInfo = isRecord3(operation["x-payment-info"]) ? operation["x-payment-info"] : void 0;
-      const protocols = paymentInfo ? parseProtocols(paymentInfo) : [];
-      if (authMode === "paid" && protocols.length === 0) {
-        warnings.push(
-          warning(
-            "OPENAPI_PAID_PROTOCOLS_MISSING",
-            "error",
-            `${method} ${rawPath} must define x-payment-info.protocols when authMode=paid`,
-            { stage: "openapi" }
-          )
-        );
-        continue;
-      }
-      let pricing;
-      let priceHint;
-      if (paymentInfo && authMode === "paid") {
-        const pricingModeRaw = asString(paymentInfo.pricingMode);
-        const price = parsePriceValue(paymentInfo.price);
-        const minPrice = parsePriceValue(paymentInfo.minPrice);
-        const maxPrice = parsePriceValue(paymentInfo.maxPrice);
-        const inferredPricingMode = pricingModeRaw ?? (price ? "fixed" : minPrice && maxPrice ? "range" : "quote");
-        if (inferredPricingMode !== "fixed" && inferredPricingMode !== "range" && inferredPricingMode !== "quote") {
-          warnings.push(
-            warning(
-              "OPENAPI_PRICING_INVALID",
-              "error",
-              `${method} ${rawPath} has invalid pricingMode`,
-              {
-                stage: "openapi"
-              }
-            )
-          );
-          continue;
-        }
-        if (inferredPricingMode === "fixed" && !price) {
-          warnings.push(
-            warning(
-              "OPENAPI_PRICING_INVALID",
-              "error",
-              `${method} ${rawPath} fixed pricing requires price`,
-              {
-                stage: "openapi"
-              }
-            )
-          );
-          continue;
-        }
-        if (inferredPricingMode === "range") {
-          if (!minPrice || !maxPrice) {
-            warnings.push(
-              warning(
-                "OPENAPI_PRICING_INVALID",
-                "error",
-                `${method} ${rawPath} range pricing requires minPrice and maxPrice`,
-                { stage: "openapi" }
-              )
-            );
-            continue;
-          }
-          const min = Number(minPrice);
-          const max = Number(maxPrice);
-          if (!Number.isFinite(min) || !Number.isFinite(max) || min > max) {
-            warnings.push(
-              warning(
-                "OPENAPI_PRICING_INVALID",
-                "error",
-                `${method} ${rawPath} range pricing requires numeric minPrice <= maxPrice`,
-                { stage: "openapi" }
-              )
-            );
-            continue;
-          }
-        }
-        pricing = {
-          pricingMode: inferredPricingMode,
-          ...price ? { price } : {},
-          ...minPrice ? { minPrice } : {},
-          ...maxPrice ? { maxPrice } : {}
-        };
-        priceHint = inferredPricingMode === "fixed" ? price : inferredPricingMode === "range" ? `${minPrice}-${maxPrice}` : maxPrice;
+  if (l3.authMode === "paid" && !l3.protocols?.length) {
+    warnings.push({
+      code: AUDIT_CODES.L3_PROTOCOLS_MISSING_ON_PAID,
+      severity: "info",
+      message: "Paid endpoint does not declare supported payment protocols.",
+      hint: "Add x-payment-info.protocols (e.g. ['x402']) to the operation."
+    });
+  }
+  return warnings;
+}
+function getWarningsForL4(l4) {
+  if (l4 === null) {
+    return [
+      {
+        code: AUDIT_CODES.L4_GUIDANCE_MISSING,
+        severity: "info",
+        message: "No guidance text found (llms.txt or OpenAPI info.guidance).",
+        hint: "Add an info.guidance field to your OpenAPI spec or expose /llms.txt for agent-readable instructions."
       }
-      const resource = createResource(
-        {
-          origin: options.origin,
-          method,
-          path: normalizePath(rawPath),
-          source: "openapi",
-          summary: summary ?? `${method} ${normalizePath(rawPath)}`,
-          authHint: authMode,
-          protocolHints: protocols,
-          ...priceHint ? { priceHint } : {},
-          ...pricing ? { pricing } : {},
-          links: {
-            openapiUrl: fetchedUrl,
-            ...llmsTxtUrl ? { llmsTxtUrl } : {}
-          }
-        },
-        0.95,
-        ownershipProofs.length > 0 ? "ownership_verified" : "origin_hosted"
-      );
-      resources.push(resource);
-    }
+    ];
   }
-  if (llmsTxtUrl) {
-    try {
-      const llmsResponse = await options.fetcher(llmsTxtUrl, {
-        method: "GET",
-        headers: { Accept: "text/plain", ...options.headers },
-        signal: options.signal
-      });
-      if (llmsResponse.ok) {
-        const llmsText = await llmsResponse.text();
-        const tokenCount = estimateTokenCount(llmsText);
-        if (tokenCount > LLMS_TOKEN_WARNING_THRESHOLD) {
-          warnings.push(
-            warning(
-              "LLMSTXT_TOO_LARGE",
-              "warn",
-              `llms.txt estimated ${tokenCount} tokens (threshold ${LLMS_TOKEN_WARNING_THRESHOLD})`,
-              {
-                stage: "openapi",
-                hint: "Keep llms.txt concise and domain-level only."
-              }
-            )
-          );
-        }
-        if (options.includeRaw) {
-          return {
-            stage: "openapi",
-            valid: resources.length > 0,
-            resources,
-            warnings,
-            links: { openapiUrl: fetchedUrl, llmsTxtUrl },
-            raw: {
-              openapi: document,
-              llmsTxt: llmsText
-            }
-          };
-        }
-      } else {
-        warnings.push(
-          warning(
-            "LLMSTXT_FETCH_FAILED",
-            "warn",
-            `llms.txt fetch failed (${llmsResponse.status})`,
-            {
-              stage: "openapi"
-            }
-          )
-        );
+  if (l4.guidance.length > GUIDANCE_TOO_LONG_CHARS) {
+    return [
+      {
+        code: AUDIT_CODES.L4_GUIDANCE_TOO_LONG,
+        severity: "warn",
+        message: `Guidance text is ${l4.guidance.length} characters, which may exceed zero-hop token budgets.`,
+        hint: "Trim guidance to under ~4000 characters for reliable zero-hop context injection."
       }
-    } catch (error) {
-      warnings.push(
-        warning(
-          "LLMSTXT_FETCH_FAILED",
-          "warn",
-          `llms.txt fetch failed: ${error instanceof Error ? error.message : String(error)}`,
-          { stage: "openapi" }
-        )
-      );
-    }
+    ];
   }
+  return [];
+}
+// src/core/source/probe/index.ts
+import { ResultAsync as ResultAsync4 } from "neverthrow";
+// src/core/protocols/x402/v1/schema.ts
+function extractSchemas(accepts) {
+  const first = accepts[0];
+  if (!isRecord(first)) return {};
+  const outputSchema = isRecord(first.outputSchema) ? first.outputSchema : void 0;
   return {
-    stage: "openapi",
-    valid: resources.length > 0,
-    resources,
-    warnings,
-    links: {
-      openapiUrl: fetchedUrl,
-      ...llmsTxtUrl ? { llmsTxtUrl } : {}
-    },
-    ...options.includeRaw ? { raw: { openapi: document } } : {}
+    ...outputSchema && isRecord(outputSchema.input) ? { inputSchema: outputSchema.input } : {},
+    ...outputSchema && isRecord(outputSchema.output) ? { outputSchema: outputSchema.output } : {}
   };
 }
-// src/core/probe.ts
-function detectAuthHintFrom402Payload(payload) {
-  if (payload && typeof payload === "object") {
-    const asRecord = payload;
-    const extensions = asRecord.extensions;
-    if (extensions && typeof extensions === "object") {
-      const extRecord = extensions;
-      if (extRecord["sign-in-with-x"]) return "siwx";
-    }
+// src/core/protocols/x402/shared.ts
+function asNonEmptyString(value) {
+  if (typeof value !== "string") return void 0;
+  const trimmed = value.trim();
+  return trimmed.length > 0 ? trimmed : void 0;
+}
+function asPositiveNumber(value) {
+  return typeof value === "number" && Number.isFinite(value) && value > 0 ? value : void 0;
+}
+// src/core/protocols/x402/v1/payment-options.ts
+function extractPaymentOptions(accepts) {
+  return accepts.flatMap((accept) => {
+    if (!isRecord(accept)) return [];
+    const network = asNonEmptyString(accept.network);
+    const asset = asNonEmptyString(accept.asset);
+    const maxAmountRequired = asNonEmptyString(accept.maxAmountRequired);
+    if (!network || !asset || !maxAmountRequired) return [];
+    const scheme = asNonEmptyString(accept.scheme);
+    const payTo = asNonEmptyString(accept.payTo);
+    const maxTimeoutSeconds = asPositiveNumber(accept.maxTimeoutSeconds);
+    return [
+      {
+        protocol: "x402",
+        version: 1,
+        network,
+        asset,
+        maxAmountRequired,
+        ...scheme ? { scheme } : {},
+        ...payTo ? { payTo } : {},
+        ...maxTimeoutSeconds ? { maxTimeoutSeconds } : {}
+      }
+    ];
+  });
+}
+// src/core/protocols/x402/v2/schema.ts
+function extractSchemas2(payload) {
+  if (!isRecord(payload)) return {};
+  const extensions = isRecord(payload.extensions) ? payload.extensions : void 0;
+  const bazaar = extensions && isRecord(extensions.bazaar) ? extensions.bazaar : void 0;
+  const schema = bazaar && isRecord(bazaar.schema) ? bazaar.schema : void 0;
+  if (!schema) return {};
+  const schemaProps = isRecord(schema.properties) ? schema.properties : void 0;
+  if (!schemaProps) return {};
+  const inputProps = isRecord(schemaProps.input) ? schemaProps.input : void 0;
+  const inputProperties = inputProps && isRecord(inputProps.properties) ? inputProps.properties : void 0;
+  const inputSchema = (inputProperties && isRecord(inputProperties.body) ? inputProperties.body : void 0) ?? (inputProperties && isRecord(inputProperties.queryParams) ? inputProperties.queryParams : void 0);
+  const outputProps = isRecord(schemaProps.output) ? schemaProps.output : void 0;
+  const outputProperties = outputProps && isRecord(outputProps.properties) ? outputProps.properties : void 0;
+  const outputSchema = outputProperties && isRecord(outputProperties.example) ? outputProperties.example : void 0;
+  return {
+    ...inputSchema ? { inputSchema } : {},
+    ...outputSchema ? { outputSchema } : {}
+  };
+}
+// src/core/protocols/x402/v2/payment-options.ts
+function extractPaymentOptions2(accepts) {
+  return accepts.flatMap((accept) => {
+    if (!isRecord(accept)) return [];
+    const network = asNonEmptyString(accept.network);
+    const asset = asNonEmptyString(accept.asset);
+    const amount = asNonEmptyString(accept.amount);
+    if (!network || !asset || !amount) return [];
+    const scheme = asNonEmptyString(accept.scheme);
+    const payTo = asNonEmptyString(accept.payTo);
+    const maxTimeoutSeconds = asPositiveNumber(accept.maxTimeoutSeconds);
+    return [
+      {
+        protocol: "x402",
+        version: 2,
+        network,
+        asset,
+        amount,
+        ...scheme ? { scheme } : {},
+        ...payTo ? { payTo } : {},
+        ...maxTimeoutSeconds ? { maxTimeoutSeconds } : {}
+      }
+    ];
+  });
+}
+// src/core/protocols/x402/index.ts
+function parseVersion(payload) {
+  if (!isRecord(payload)) return void 0;
+  const v = payload.x402Version;
+  if (v === 1 || v === 2) return v;
+  return void 0;
+}
+function detectAuthHint(payload) {
+  if (isRecord(payload) && isRecord(payload.extensions)) {
+    if (payload.extensions["api-key"]) return "apiKey+paid";
+    if (payload.extensions["sign-in-with-x"]) return "siwx";
   }
   return "paid";
 }
+function extractPaymentOptions3(payload) {
+  if (!isRecord(payload)) return [];
+  const version = parseVersion(payload);
+  const accepts = Array.isArray(payload.accepts) ? payload.accepts : [];
+  if (version === 1) return extractPaymentOptions(accepts);
+  if (version === 2) return extractPaymentOptions2(accepts);
+  return [];
+}
+function extractSchemas3(payload) {
+  if (!isRecord(payload)) return {};
+  const version = parseVersion(payload);
+  if (version === 2) return extractSchemas2(payload);
+  if (version === 1) {
+    const accepts = Array.isArray(payload.accepts) ? payload.accepts : [];
+    return extractSchemas(accepts);
+  }
+  return {};
+}
+function parseInputSchema(payload) {
+  return extractSchemas3(payload).inputSchema;
+}
+function parseOutputSchema(payload) {
+  return extractSchemas3(payload).outputSchema;
+}
+// src/core/protocols/x402/v1/parse-payment-required.ts
+async function parsePaymentRequiredBody(response) {
+  const payload = await response.clone().json();
+  if (!isRecord(payload) || payload.x402Version !== 1) return null;
+  return payload;
+}
+// src/core/protocols/x402/v2/parse-payment-required.ts
+function parsePaymentRequiredBody2(headerValue) {
+  const payload = JSON.parse(atob(headerValue));
+  if (!isRecord(payload) || payload.x402Version !== 2) return null;
+  return payload;
+}
+// src/core/source/probe/index.ts
+function isUsableStatus(status) {
+  return status === 402 || status >= 200 && status < 300;
+}
 function detectProtocols(response) {
   const protocols = /* @__PURE__ */ new Set();
   const directHeader = response.headers.get("x-payment-protocol");
@@ -1574,767 +655,548 @@ function detectProtocols(response) {
   if (isMmmEnabled() && authHeader.includes("mpp")) protocols.add("mpp");
   return [...protocols];
 }
-async function runProbeStage(options) {
-  const candidates = options.probeCandidates ?? [];
-  if (candidates.length === 0) {
-    return {
-      stage: "probe",
-      valid: false,
-      resources: [],
-      warnings: [
-        warning(
-          "PROBE_STAGE_SKIPPED",
-          "info",
-          "Probe stage skipped because no probe candidates were provided.",
-          { stage: "probe" }
-        )
-      ]
-    };
+function buildProbeUrl(url, method, inputBody) {
+  if (!inputBody || method !== "GET" && method !== "HEAD") return url;
+  const u = new URL(url);
+  for (const [key, value] of Object.entries(inputBody)) {
+    u.searchParams.set(key, String(value));
   }
-  const resources = [];
-  const warnings = [];
-  for (const candidate of candidates) {
-    const path = normalizePath(candidate.path);
-    const methods = candidate.methods?.length ? candidate.methods : DEFAULT_PROBE_METHODS;
-    for (const method of methods) {
-      const url = `${options.origin}${path}`;
-      try {
-        const response = await options.fetcher(url, {
-          method,
-          headers: {
-            Accept: "application/json, text/plain;q=0.9, */*;q=0.8",
-            ...options.headers
-          },
-          signal: options.signal
-        });
-        if (response.status !== 402 && (response.status < 200 || response.status >= 300)) {
-          continue;
-        }
+  return u.toString();
+}
+function probeMethod(url, method, path, headers, signal, inputBody) {
+  const hasBody = inputBody !== void 0 && method !== "GET" && method !== "HEAD";
+  const probeUrl = buildProbeUrl(url, method, inputBody);
+  return fetchSafe(probeUrl, {
+    method,
+    headers: {
+      Accept: "application/json, text/plain;q=0.9, */*;q=0.8",
+      ...hasBody ? { "Content-Type": "application/json" } : {},
+      ...headers
+    },
+    ...hasBody ? { body: JSON.stringify(inputBody) } : {},
+    signal
+  }).andThen((response) => {
+    if (!isUsableStatus(response.status)) return ResultAsync4.fromSafePromise(Promise.resolve(null));
+    return ResultAsync4.fromSafePromise(
+      (async () => {
         let authHint = response.status === 402 ? "paid" : "unprotected";
+        let paymentRequiredBody;
         if (response.status === 402) {
           try {
-            const payload = await response.clone().json();
-            authHint = detectAuthHintFrom402Payload(payload);
+            const headerValue = response.headers.get("payment-required");
+            const parsed = headerValue !== null ? parsePaymentRequiredBody2(headerValue) : await parsePaymentRequiredBody(response);
+            if (parsed !== null) {
+              paymentRequiredBody = parsed;
+              authHint = detectAuthHint(paymentRequiredBody);
+            }
           } catch {
           }
         }
-        const protocolHints = detectProtocols(response);
-        resources.push(
-          createResource(
-            {
-              origin: options.origin,
-              method,
-              path,
-              source: "probe",
-              summary: `${method} ${path}`,
-              authHint,
-              ...protocolHints.length ? { protocolHints } : {}
-            },
-            0.6,
-            "runtime_verified"
-          )
-        );
-      } catch (error) {
-        warnings.push(
-          warning(
-            "FETCH_FAILED",
-            "info",
-            `Probe ${method} ${path} failed: ${error instanceof Error ? error.message : String(error)}`,
-            { stage: "probe" }
-          )
-        );
-      }
-    }
-  }
-  return {
-    stage: "probe",
-    valid: resources.length > 0,
-    resources,
-    warnings
-  };
+        const protocols = detectProtocols(response);
+        const wwwAuthenticate = response.headers.get("www-authenticate") ?? void 0;
+        return {
+          path,
+          method,
+          authHint,
+          ...protocols.length ? { protocols } : {},
+          ...paymentRequiredBody !== void 0 ? { paymentRequiredBody } : {},
+          ...wwwAuthenticate ? { wwwAuthenticate } : {}
+        };
+      })()
+    );
+  });
 }
-// src/core/upgrade.ts
-var UPGRADE_WARNING_CODES = [
-  "LEGACY_WELL_KNOWN_USED",
-  "LEGACY_DNS_USED",
-  "LEGACY_DNS_PLAIN_URL",
-  "LEGACY_INSTRUCTIONS_USED",
-  "LEGACY_OWNERSHIP_PROOFS_USED",
-  "OPENAPI_AUTH_MODE_MISSING",
-  "OPENAPI_TOP_LEVEL_INVALID"
-];
-var UPGRADE_WARNING_CODE_SET = new Set(UPGRADE_WARNING_CODES);
-function computeUpgradeSignal(warnings) {
-  const reasons = warnings.map((entry) => entry.code).filter((code, index, list) => list.indexOf(code) === index).filter((code) => UPGRADE_WARNING_CODE_SET.has(code));
-  return {
-    upgradeSuggested: reasons.length > 0,
-    upgradeReasons: reasons
-  };
+function getProbe(url, headers, signal, inputBody) {
+  const path = normalizePath(new URL(url).pathname || "/");
+  return ResultAsync4.fromSafePromise(
+    Promise.all(
+      [...HTTP_METHODS].map(
+        (method) => probeMethod(url, method, path, headers, signal, inputBody).match(
+          (result) => result,
+          () => null
+        )
+      )
+    ).then((results) => results.filter((r) => r !== null))
+  );
 }
-// src/core/discovery.ts
-function mergeResources(target, incoming, resourceWarnings) {
-  const warnings = [];
-  for (const resource of incoming) {
-    const existing = target.get(resource.resourceKey);
-    if (!existing) {
-      target.set(resource.resourceKey, resource);
-      continue;
-    }
-    const conflict = existing.authHint !== resource.authHint || existing.priceHint !== resource.priceHint || JSON.stringify(existing.protocolHints ?? []) !== JSON.stringify(resource.protocolHints ?? []);
-    if (conflict) {
-      const conflictWarning = warning(
-        "CROSS_SOURCE_CONFLICT",
-        "warn",
-        `Resource conflict for ${resource.resourceKey}; keeping higher-precedence source ${existing.source} over ${resource.source}.`,
-        {
-          resourceKey: resource.resourceKey
-        }
-      );
-      warnings.push(conflictWarning);
-      resourceWarnings[resource.resourceKey] = [
-        ...resourceWarnings[resource.resourceKey] ?? [],
-        conflictWarning
-      ];
-      continue;
-    }
-    target.set(resource.resourceKey, {
-      ...existing,
-      summary: existing.summary ?? resource.summary,
-      links: { ...resource.links, ...existing.links },
-      confidence: Math.max(existing.confidence ?? 0, resource.confidence ?? 0)
-    });
-  }
-  return warnings;
-}
-function toTrace(stageResult, startedAt) {
-  return {
-    stage: stageResult.stage,
-    attempted: true,
-    valid: stageResult.valid,
-    resourceCount: stageResult.resources.length,
-    durationMs: Date.now() - startedAt,
-    warnings: stageResult.warnings,
-    ...stageResult.links ? { links: stageResult.links } : {}
-  };
-}
-async function runOverrideStage(options) {
-  const warnings = [];
-  for (const overrideUrl of options.overrideUrls) {
-    const normalized = overrideUrl.trim();
-    if (!normalized) continue;
+// src/core/protocols/mpp/index.ts
+var TEMPO_DEFAULT_CHAIN_ID = 4217;
+function parseAuthParams(segment) {
+  const params = {};
+  const re = /(\w+)=(?:"([^"]*)"|'([^']*)')/g;
+  let match;
+  while ((match = re.exec(segment)) !== null) {
+    params[match[1]] = match[2] ?? match[3] ?? "";
+  }
+  return params;
+}
+function extractPaymentOptions4(wwwAuthenticate) {
+  if (!isMmmEnabled() || !wwwAuthenticate) return [];
+  const options = [];
+  for (const segment of wwwAuthenticate.split(/,\s*(?=Payment\s)/i)) {
+    const stripped = segment.replace(/^Payment\s+/i, "").trim();
+    const params = parseAuthParams(stripped);
+    const paymentMethod = params["method"];
+    const intent = params["intent"];
+    const realm = params["realm"];
+    const description = params["description"];
+    const requestStr = params["request"];
+    if (!paymentMethod || !intent || !realm || !requestStr) continue;
+    let request;
     try {
-      const response = await options.fetcher(normalized, {
-        method: "GET",
-        headers: { Accept: "application/json, text/plain;q=0.9", ...options.headers },
-        signal: options.signal
-      });
-      if (!response.ok) {
-        warnings.push(
-          warning(
-            "FETCH_FAILED",
-            "warn",
-            `Override fetch failed (${response.status}) at ${normalized}`,
-            {
-              stage: "override"
-            }
-          )
-        );
-        continue;
-      }
-      const bodyText = await response.text();
-      let parsedJson;
-      try {
-        parsedJson = JSON.parse(bodyText);
-      } catch {
-        parsedJson = void 0;
-      }
-      if (parsedJson && typeof parsedJson === "object" && !Array.isArray(parsedJson) && "openapi" in parsedJson && "paths" in parsedJson) {
-        const openapiResult = await runOpenApiStage({
-          origin: options.origin,
-          fetcher: async (input, init) => {
-            const inputString = String(input);
-            if (inputString === `${options.origin}/openapi.json` || inputString === `${options.origin}/.well-known/openapi.json`) {
-              return new Response(bodyText, {
-                status: 200,
-                headers: { "content-type": "application/json" }
-              });
-            }
-            return options.fetcher(input, init);
-          },
-          headers: options.headers,
-          signal: options.signal,
-          includeRaw: options.includeRaw
-        });
-        return {
-          ...openapiResult,
-          stage: "override",
-          warnings: [
-            warning("OVERRIDE_USED", "info", `Using explicit override source ${normalized}`, {
-              stage: "override"
-            }),
-            ...openapiResult.warnings
-          ]
-        };
-      }
-      if (parsedJson && typeof parsedJson === "object" && !Array.isArray(parsedJson)) {
-        const parsedWellKnown = parseWellKnownPayload(parsedJson, options.origin, normalized);
-        if (parsedWellKnown.resources.length > 0) {
-          return {
-            stage: "override",
-            valid: true,
-            resources: parsedWellKnown.resources,
-            warnings: [
-              warning("OVERRIDE_USED", "info", `Using explicit override source ${normalized}`, {
-                stage: "override"
-              }),
-              ...parsedWellKnown.warnings
-            ],
-            links: { discoveryUrl: normalized },
-            ...options.includeRaw ? { raw: parsedWellKnown.raw } : {}
-          };
-        }
-      }
-    } catch (error) {
-      warnings.push(
-        warning(
-          "FETCH_FAILED",
-          "warn",
-          `Override fetch exception at ${normalized}: ${error instanceof Error ? error.message : String(error)}`,
-          { stage: "override" }
-        )
-      );
+      const parsed = JSON.parse(requestStr);
+      if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) continue;
+      request = parsed;
+    } catch {
       continue;
     }
-    const fallbackWellKnownResult = await runWellKnownX402Stage({
-      origin: options.origin,
-      url: normalized,
-      fetcher: options.fetcher,
-      headers: options.headers,
-      signal: options.signal,
-      includeRaw: options.includeRaw
+    const asset = typeof request["currency"] === "string" ? request["currency"] : void 0;
+    const amountRaw = request["amount"];
+    const amount = typeof amountRaw === "string" ? amountRaw : typeof amountRaw === "number" ? String(amountRaw) : void 0;
+    const decimals = typeof request["decimals"] === "number" ? request["decimals"] : void 0;
+    const payTo = typeof request["recipient"] === "string" ? request["recipient"] : void 0;
+    const methodDetails = request["methodDetails"];
+    const chainId = methodDetails !== null && typeof methodDetails === "object" && !Array.isArray(methodDetails) && typeof methodDetails["chainId"] === "number" ? methodDetails["chainId"] : TEMPO_DEFAULT_CHAIN_ID;
+    if (!asset || !amount) continue;
+    options.push({
+      protocol: "mpp",
+      // isMmmEnabled
+      paymentMethod,
+      intent,
+      realm,
+      network: `tempo:${String(chainId)}`,
+      // isMmmEnabled
+      asset,
+      amount,
+      ...decimals != null ? { decimals } : {},
+      ...payTo ? { payTo } : {},
+      ...description ? { description } : {}
     });
-    if (fallbackWellKnownResult.valid) {
-      return {
-        ...fallbackWellKnownResult,
-        stage: "override",
-        warnings: [
-          warning("OVERRIDE_USED", "info", `Using explicit override source ${normalized}`, {
-            stage: "override"
-          }),
-          ...fallbackWellKnownResult.warnings
-        ]
-      };
-    }
-    warnings.push(...fallbackWellKnownResult.warnings);
   }
-  return {
-    stage: "override",
-    valid: false,
-    resources: [],
-    warnings
-  };
+  return options;
 }
-async function runDiscovery({
-  detailed,
-  options
-}) {
-  const fetcher = options.fetcher ?? fetch;
-  const compatMode = options.compatMode ?? DEFAULT_COMPAT_MODE;
-  const strictCompat = compatMode === "strict";
-  const rawView = detailed ? options.rawView ?? "none" : "none";
-  const includeRaw = rawView === "full";
-  const includeInteropMpp = detailed && Boolean(options.includeInteropMpp);
-  const origin = normalizeOrigin(options.target);
-  const warnings = [];
-  const trace = [];
-  const resourceWarnings = {};
-  const rawSources = {};
-  const merged = /* @__PURE__ */ new Map();
-  if (compatMode !== "off") {
-    warnings.push(
-      warning(
-        "COMPAT_MODE_ENABLED",
-        compatMode === "strict" ? "warn" : "info",
-        `Compatibility mode is '${compatMode}'. Legacy adapters are active.`
-      )
-    );
-  }
-  const stages = [];
-  if (options.overrideUrls && options.overrideUrls.length > 0) {
-    stages.push(
-      () => runOverrideStage({
-        origin,
-        overrideUrls: options.overrideUrls ?? [],
-        fetcher,
-        headers: options.headers,
-        signal: options.signal,
-        includeRaw
-      })
-    );
-  }
-  stages.push(
-    () => runOpenApiStage({
-      origin,
-      fetcher,
-      headers: options.headers,
-      signal: options.signal,
-      includeRaw
-    })
-  );
-  if (compatMode !== "off") {
-    stages.push(
-      () => runWellKnownX402Stage({
-        origin,
-        fetcher,
-        headers: options.headers,
-        signal: options.signal,
-        includeRaw
-      })
-    );
-    stages.push(
-      () => runDnsStage({
-        origin,
-        fetcher,
-        txtResolver: options.txtResolver,
-        headers: options.headers,
-        signal: options.signal,
-        includeRaw
-      })
-    );
-    if (includeInteropMpp && isMmmEnabled()) {
-      stages.push(
-        () => runInteropMppStage({
-          origin,
-          fetcher,
-          headers: options.headers,
-          signal: options.signal,
-          includeRaw
-        })
-      );
+// src/core/layers/l3.ts
+function findMatchingOpenApiPath(paths, targetPath) {
+  const exact = paths[targetPath];
+  if (isRecord(exact)) return { matchedPath: targetPath, pathItem: exact };
+  for (const [specPath, entry] of Object.entries(paths)) {
+    if (!isRecord(entry)) continue;
+    const pattern = specPath.replace(/\{[^}]+\}/g, "[^/]+");
+    const regex = new RegExp(`^${pattern}$`);
+    if (regex.test(targetPath)) {
+      return { matchedPath: specPath, pathItem: entry };
     }
   }
-  stages.push(
-    () => runProbeStage({
-      origin,
-      fetcher,
-      headers: options.headers,
-      signal: options.signal,
-      probeCandidates: options.probeCandidates
-    })
-  );
-  let selectedStage;
-  for (const runStage of stages) {
-    const startedAt = Date.now();
-    const stageResult = await runStage();
-    stageResult.warnings = applyStrictEscalation(stageResult.warnings, strictCompat);
-    trace.push(toTrace(stageResult, startedAt));
-    warnings.push(...stageResult.warnings);
-    if (stageResult.resources.length > 0) {
-      for (const stageWarning of stageResult.warnings) {
-        if (stageWarning.resourceKey) {
-          resourceWarnings[stageWarning.resourceKey] = [
-            ...resourceWarnings[stageWarning.resourceKey] ?? [],
-            stageWarning
-          ];
-        }
+  return null;
+}
+function resolveRef(document, ref, seen) {
+  if (!ref.startsWith("#/")) return void 0;
+  if (seen.has(ref)) return { $circular: ref };
+  seen.add(ref);
+  const parts = ref.slice(2).split("/");
+  let current = document;
+  for (const part of parts) {
+    if (!isRecord(current)) return void 0;
+    current = current[part];
+    if (current === void 0) return void 0;
+  }
+  if (isRecord(current)) return resolveRefs(document, current, seen);
+  return current;
+}
+function resolveRefs(document, obj, seen, depth = 0) {
+  if (depth > 4) return obj;
+  const resolved = {};
+  for (const [key, value] of Object.entries(obj)) {
+    if (key === "$ref" && typeof value === "string") {
+      const deref = resolveRef(document, value, seen);
+      if (isRecord(deref)) {
+        Object.assign(resolved, deref);
+      } else {
+        resolved[key] = value;
       }
+      continue;
     }
-    if (includeRaw && stageResult.raw !== void 0) {
-      if (stageResult.stage === "openapi" || stageResult.stage === "override") {
-        const rawObject = stageResult.raw;
-        if (rawObject.openapi !== void 0) rawSources.openapi = rawObject.openapi;
-        if (typeof rawObject.llmsTxt === "string") rawSources.llmsTxt = rawObject.llmsTxt;
-      }
-      if (stageResult.stage === "well-known/x402" || stageResult.stage === "override") {
-        rawSources.wellKnownX402 = [...rawSources.wellKnownX402 ?? [], stageResult.raw];
-      }
-      if (stageResult.stage === "dns/_x402") {
-        const rawObject = stageResult.raw;
-        if (Array.isArray(rawObject.dnsRecords)) {
-          rawSources.dnsRecords = rawObject.dnsRecords;
-        }
-      }
-      if (stageResult.stage === "interop/mpp") {
-        rawSources.interopMpp = stageResult.raw;
-      }
+    if (isRecord(value)) {
+      resolved[key] = resolveRefs(document, value, seen, depth + 1);
+      continue;
     }
-    if (!stageResult.valid) {
+    if (Array.isArray(value)) {
+      resolved[key] = value.map(
+        (item) => isRecord(item) ? resolveRefs(document, item, seen, depth + 1) : item
+      );
       continue;
     }
-    const mergeWarnings = mergeResources(merged, stageResult.resources, resourceWarnings);
-    warnings.push(...mergeWarnings);
-    if (!detailed) {
-      selectedStage = selectedStage ?? stageResult.stage;
-      break;
+    resolved[key] = value;
+  }
+  return resolved;
+}
+function extractRequestBodySchema(operationSchema) {
+  const requestBody = operationSchema.requestBody;
+  if (!isRecord(requestBody)) return void 0;
+  const content = requestBody.content;
+  if (!isRecord(content)) return void 0;
+  const jsonMediaType = content["application/json"];
+  if (isRecord(jsonMediaType) && isRecord(jsonMediaType.schema)) {
+    return jsonMediaType.schema;
+  }
+  for (const mediaType of Object.values(content)) {
+    if (isRecord(mediaType) && isRecord(mediaType.schema)) {
+      return mediaType.schema;
     }
   }
-  if (merged.size === 0) {
-    warnings.push(
-      warning(
-        "NO_DISCOVERY_SOURCES",
-        "error",
-        "No discovery stage returned first-valid-non-empty results."
-      )
-    );
-  }
-  const dedupedWarnings = dedupeWarnings(warnings);
-  const upgradeSignal = computeUpgradeSignal(dedupedWarnings);
-  const resources = [...merged.values()];
-  if (!detailed) {
-    return {
-      origin,
-      resources,
-      warnings: dedupedWarnings,
-      compatMode,
-      ...upgradeSignal,
-      ...selectedStage ? { selectedStage } : {}
-    };
-  }
+  return void 0;
+}
+function extractParameters(operationSchema) {
+  const params = operationSchema.parameters;
+  if (!Array.isArray(params)) return [];
+  return params.filter((value) => isRecord(value));
+}
+function extractInputSchema(operationSchema) {
+  const requestBody = extractRequestBodySchema(operationSchema);
+  const parameters = extractParameters(operationSchema);
+  if (!requestBody && parameters.length === 0) return void 0;
+  if (requestBody && parameters.length === 0) return requestBody;
   return {
-    origin,
-    resources,
-    warnings: dedupedWarnings,
-    compatMode,
-    ...upgradeSignal,
-    selectedStage: trace.find((entry) => entry.valid)?.stage,
-    trace,
-    resourceWarnings,
-    ...includeRaw ? { rawSources } : {}
+    ...requestBody ? { requestBody } : {},
+    ...parameters.length > 0 ? { parameters } : {}
   };
 }
-// src/validation/payment-required.ts
-import { parsePaymentRequired } from "@x402/core/schemas";
-// src/harness.ts
-var INTENT_TRIGGERS = ["x402", "mpp", "pay for", "micropayment", "agentic commerce"];
-var CLIENT_PROFILES = {
-  "claude-code": {
-    id: "claude-code",
-    label: "Claude Code MCP Harness",
-    surface: "mcp",
-    defaultContextWindowTokens: 2e5,
-    zeroHopBudgetPercent: 0.1,
-    notes: "Targets environments where MCP context can use roughly 10% of total context."
-  },
-  "skill-cli": {
-    id: "skill-cli",
-    label: "Skill + CLI Harness",
-    surface: "skill-cli",
-    defaultContextWindowTokens: 2e5,
-    zeroHopBudgetPercent: 0.02,
-    notes: "Targets constrained skill contexts with title/description-heavy routing."
-  },
-  "generic-mcp": {
-    id: "generic-mcp",
-    label: "Generic MCP Harness",
-    surface: "mcp",
-    defaultContextWindowTokens: 128e3,
-    zeroHopBudgetPercent: 0.05,
-    notes: "Conservative MCP profile when specific client budgets are unknown."
-  },
-  generic: {
-    id: "generic",
-    label: "Generic Agent Harness",
-    surface: "generic",
-    defaultContextWindowTokens: 128e3,
-    zeroHopBudgetPercent: 0.03,
-    notes: "Fallback profile for unknown clients."
+function parseOperationPrice(operation) {
+  const paymentInfo = operation["x-payment-info"];
+  if (!isRecord(paymentInfo)) return void 0;
+  function toFiniteNumber(value) {
+    if (typeof value === "number" && Number.isFinite(value)) return value;
+    if (typeof value === "string" && value.trim().length > 0) {
+      const parsed = Number(value);
+      if (Number.isFinite(parsed)) return parsed;
+    }
+    return void 0;
   }
-};
-function isFirstPartyDomain(hostname) {
-  const normalized = hostname.toLowerCase();
-  return normalized.endsWith(".dev") && normalized.startsWith("stable");
+  const fixed = toFiniteNumber(paymentInfo.price);
+  if (fixed != null) return `$${String(fixed)}`;
+  const min = toFiniteNumber(paymentInfo.minPrice);
+  const max = toFiniteNumber(paymentInfo.maxPrice);
+  if (min != null && max != null) return `$${String(min)}-$${String(max)}`;
+  return void 0;
 }
-function safeHostname(origin) {
-  try {
-    return new URL(origin).hostname;
-  } catch {
-    return origin.replace(/^https?:\/\//, "").split("/")[0] ?? origin;
-  }
+function parseOperationProtocols(operation) {
+  const paymentInfo = operation["x-payment-info"];
+  if (!isRecord(paymentInfo) || !Array.isArray(paymentInfo.protocols)) return void 0;
+  const protocols = paymentInfo.protocols.filter(
+    (protocol) => typeof protocol === "string" && protocol.length > 0 && (protocol !== "mpp" || isMmmEnabled())
+  );
+  return protocols.length > 0 ? protocols : void 0;
+}
+function getL3ForOpenAPI(openApi, path, method) {
+  const document = openApi.raw;
+  const paths = isRecord(document.paths) ? document.paths : void 0;
+  if (!paths) return null;
+  const matched = findMatchingOpenApiPath(paths, path);
+  if (!matched) return null;
+  const operation = matched.pathItem[method.toLowerCase()];
+  if (!isRecord(operation)) return null;
+  const resolvedOperation = resolveRefs(document, operation, /* @__PURE__ */ new Set());
+  const summary = typeof resolvedOperation.summary === "string" ? resolvedOperation.summary : typeof resolvedOperation.description === "string" ? resolvedOperation.description : void 0;
+  return {
+    source: "openapi",
+    ...summary ? { summary } : {},
+    authMode: inferAuthMode(resolvedOperation) ?? void 0,
+    estimatedPrice: parseOperationPrice(resolvedOperation),
+    protocols: parseOperationProtocols(resolvedOperation),
+    inputSchema: extractInputSchema(resolvedOperation),
+    outputSchema: resolvedOperation
+  };
 }
-function previewText(text) {
-  if (!text) return null;
-  const compact = text.replace(/\s+/g, " ").trim();
-  if (!compact) return null;
-  return compact.length > 220 ? `${compact.slice(0, 217)}...` : compact;
-}
-function toAuthModeCount(resources) {
-  const counts = {
-    paid: 0,
-    siwx: 0,
-    apiKey: 0,
-    unprotected: 0,
-    unknown: 0
+function getL3ForProbe(probe, path, method) {
+  const probeResult = probe.find((r) => r.path === path && r.method === method);
+  if (!probeResult) return null;
+  const inputSchema = probeResult.paymentRequiredBody ? parseInputSchema(probeResult.paymentRequiredBody) : void 0;
+  const outputSchema = probeResult.paymentRequiredBody ? parseOutputSchema(probeResult.paymentRequiredBody) : void 0;
+  const paymentOptions = [
+    ...probeResult.paymentRequiredBody ? extractPaymentOptions3(probeResult.paymentRequiredBody) : [],
+    ...isMmmEnabled() ? extractPaymentOptions4(probeResult.wwwAuthenticate) : []
+    // isMmmEnabled
+  ];
+  return {
+    source: "probe",
+    authMode: probeResult.authHint,
+    ...probeResult.protocols?.length ? { protocols: probeResult.protocols } : {},
+    ...inputSchema ? { inputSchema } : {},
+    ...outputSchema ? { outputSchema } : {},
+    ...paymentOptions.length ? { paymentOptions } : {}
   };
-  for (const resource of resources) {
-    const mode = resource.authHint;
-    if (mode === "paid" || mode === "siwx" || mode === "apiKey" || mode === "unprotected") {
-      counts[mode] += 1;
-    } else {
-      counts.unknown += 1;
-    }
-  }
-  return counts;
 }
-function toSourceCount(resources) {
-  return resources.reduce(
-    (acc, resource) => {
-      acc[resource.source] = (acc[resource.source] ?? 0) + 1;
-      return acc;
-    },
-    {}
-  );
+// src/runtime/check-endpoint.ts
+function getAdvisoriesForOpenAPI(openApi, path) {
+  return [...HTTP_METHODS].flatMap((method) => {
+    const l3 = getL3ForOpenAPI(openApi, path, method);
+    return l3 ? [{ method, ...l3 }] : [];
+  });
 }
-function toL2Entries(resources) {
-  return [...resources].sort((a, b) => {
-    if (a.path !== b.path) return a.path.localeCompare(b.path);
-    if (a.method !== b.method) return a.method.localeCompare(b.method);
-    return a.resourceKey.localeCompare(b.resourceKey);
-  }).map((resource) => ({
-    resourceKey: resource.resourceKey,
-    method: resource.method,
-    path: resource.path,
-    source: resource.source,
-    authMode: resource.authHint ?? null
-  }));
+function getAdvisoriesForProbe(probe, path) {
+  return [...HTTP_METHODS].flatMap((method) => {
+    const l3 = getL3ForProbe(probe, path, method);
+    return l3 ? [{ method, ...l3 }] : [];
+  });
 }
-function getLlmsTxtInfo(result) {
-  const llmsTxtUrl = result.trace.find((entry) => entry.links?.llmsTxtUrl)?.links?.llmsTxtUrl ?? result.resources.find((resource) => resource.links?.llmsTxtUrl)?.links?.llmsTxtUrl ?? null;
-  const llmsTxt = result.rawSources?.llmsTxt;
-  if (llmsTxt) {
+async function checkEndpointSchema(options) {
+  const endpoint = new URL(options.url);
+  const origin = normalizeOrigin(endpoint.origin);
+  const path = normalizePath(endpoint.pathname || "/");
+  if (options.sampleInputBody !== void 0) {
+    const probeResult2 = await getProbe(
+      options.url,
+      options.headers,
+      options.signal,
+      options.sampleInputBody
+    );
+    if (probeResult2.isErr()) {
+      return {
+        found: false,
+        origin,
+        path,
+        cause: probeResult2.error.cause,
+        message: probeResult2.error.message
+      };
+    }
+    const advisories2 = getAdvisoriesForProbe(probeResult2.value, path);
+    if (advisories2.length > 0) return { found: true, origin, path, advisories: advisories2 };
+    return { found: false, origin, path, cause: "not_found" };
+  }
+  const openApiResult = await getOpenAPI(origin, options.headers, options.signal);
+  const openApi = openApiResult.isOk() ? openApiResult.value : null;
+  if (openApi) {
+    const advisories2 = getAdvisoriesForOpenAPI(openApi, path);
+    if (advisories2.length > 0) return { found: true, origin, path, advisories: advisories2 };
+    return { found: false, origin, path, cause: "not_found" };
+  }
+  const probeResult = await getProbe(options.url, options.headers, options.signal);
+  if (probeResult.isErr()) {
     return {
-      llmsTxtUrl,
-      llmsTxtTokenEstimate: estimateTokenCount(llmsTxt),
-      guidancePreview: previewText(llmsTxt),
-      guidanceStatus: "present"
+      found: false,
+      origin,
+      path,
+      cause: probeResult.error.cause,
+      message: probeResult.error.message
     };
   }
-  if (llmsTxtUrl) {
-    const failed = result.warnings.some((warning2) => warning2.code === "LLMSTXT_FETCH_FAILED");
-    return {
-      llmsTxtUrl,
-      llmsTxtTokenEstimate: 0,
-      guidancePreview: null,
-      guidanceStatus: failed ? "advertised_but_unfetched" : "missing"
-    };
+  const advisories = getAdvisoriesForProbe(probeResult.value, path);
+  if (advisories.length > 0) return { found: true, origin, path, advisories };
+  return { found: false, origin, path, cause: "not_found" };
+}
+// src/cli.ts
+function parseArgs(args) {
+  const flags = { json: false, verbose: false };
+  const positional = [];
+  for (const arg of args) {
+    if (arg === "--json") flags.json = true;
+    else if (arg === "-v" || arg === "--verbose") flags.verbose = true;
+    else positional.push(arg);
   }
-  return {
-    llmsTxtUrl: null,
-    llmsTxtTokenEstimate: 0,
-    guidancePreview: null,
-    guidanceStatus: "not_advertised"
-  };
+  const [first, second] = positional;
+  if (first && (first.startsWith("http://") || first.startsWith("https://"))) {
+    return { command: "discover", target: first, flags };
+  }
+  return { command: first ?? null, target: second ?? null, flags };
 }
-function getHarnessClientProfile(client = "claude-code") {
-  return CLIENT_PROFILES[client] ?? CLIENT_PROFILES.generic;
-}
-function buildContextHarnessReport(options) {
-  const client = getHarnessClientProfile(options.client);
-  const contextWindowTokens = options.contextWindowTokens ?? client.defaultContextWindowTokens;
-  const zeroHopBudgetTokens = Math.floor(contextWindowTokens * client.zeroHopBudgetPercent);
-  const hostname = safeHostname(options.result.origin);
-  const domainClass = isFirstPartyDomain(hostname) ? "first-party" : "ugc";
-  const l0Summary = "Route payment-capable intents to agentcash and use install/discover commands for progressive disclosure.";
-  const l1Summary = "Expose installed domain routing hints and trigger fan-out into L2/L3 commands when user intent matches domain capabilities.";
-  const l0EstimatedTokens = estimateTokenCount(
-    `${INTENT_TRIGGERS.join(", ")} npx agentcash install npx agentcash install-ext`
-  );
-  const l1EstimatedTokens = estimateTokenCount(
-    `${hostname} ${l1Summary} npx agentcash discover ${hostname} npx agentcash discover ${hostname} --verbose`
-  );
-  const llmsInfo = getLlmsTxtInfo(options.result);
+function routeToResource(route) {
   return {
-    target: options.target,
-    origin: options.result.origin,
-    client,
-    budget: {
-      contextWindowTokens,
-      zeroHopBudgetTokens,
-      estimatedZeroHopTokens: l0EstimatedTokens + l1EstimatedTokens,
-      withinBudget: l0EstimatedTokens + l1EstimatedTokens <= zeroHopBudgetTokens
-    },
-    levels: {
-      l0: {
-        layer: "L0",
-        intentTriggers: INTENT_TRIGGERS,
-        installCommand: "npx agentcash install",
-        deliverySurfaces: ["MCP", "Skill+CLI"],
-        summary: l0Summary,
-        estimatedTokens: l0EstimatedTokens
-      },
-      l1: {
-        layer: "L1",
-        domain: hostname,
-        domainClass,
-        selectedDiscoveryStage: options.result.selectedStage ?? null,
-        summary: l1Summary,
-        fanoutCommands: [
-          `npx agentcash discover ${hostname}`,
-          `npx agentcash discover ${hostname} --verbose`
-        ],
-        estimatedTokens: l1EstimatedTokens
-      },
-      l2: {
-        layer: "L2",
-        command: `npx agentcash discover ${hostname}`,
-        tokenLight: true,
-        resourceCount: options.result.resources.length,
-        resources: toL2Entries(options.result.resources)
-      },
-      l3: {
-        layer: "L3",
-        command: `npx agentcash discover ${hostname} --verbose`,
-        detailLevel: "endpoint-schema-and-metadata",
-        countsByAuthMode: toAuthModeCount(options.result.resources),
-        countsBySource: toSourceCount(options.result.resources),
-        pricedResourceCount: options.result.resources.filter(
-          (resource) => resource.authHint === "paid"
-        ).length
-      },
-      l4: {
-        layer: "L4",
-        guidanceSource: llmsInfo.llmsTxtUrl ? "llms.txt" : "none",
-        llmsTxtUrl: llmsInfo.llmsTxtUrl,
-        llmsTxtTokenEstimate: llmsInfo.llmsTxtTokenEstimate,
-        guidancePreview: llmsInfo.guidancePreview,
-        guidanceStatus: llmsInfo.guidanceStatus
-      },
-      l5: {
-        layer: "L5",
-        status: "out_of_scope",
-        note: "Cross-domain composition is intentionally out of scope for discovery v1."
-      }
-    },
-    diagnostics: {
-      warningCount: options.result.warnings.length,
-      errorWarningCount: options.result.warnings.filter((warning2) => warning2.severity === "error").length,
-      selectedStage: options.result.selectedStage ?? null,
-      upgradeSuggested: options.result.upgradeSuggested,
-      upgradeReasons: options.result.upgradeReasons
-    }
+    resourceKey: `${route.method} ${route.path}`,
+    method: route.method,
+    path: route.path,
+    summary: route.summary,
+    ...route.authMode ? { authHint: route.authMode } : {},
+    ...route.price ? { priceHint: route.price } : {},
+    ...route.protocols?.length ? { protocols: route.protocols } : {}
   };
 }
-// src/index.ts
-async function discoverDetailed(options) {
-  return await runDiscovery({ detailed: true, options });
-}
-// src/cli/run.ts
-var CLI_USER_AGENT = "@agentcash/discovery-cli/0.1";
-function buildProbeCandidates(resources) {
-  const methodsByPath = /* @__PURE__ */ new Map();
-  for (const resource of resources) {
-    const existing = methodsByPath.get(resource.path) ?? /* @__PURE__ */ new Set();
-    existing.add(resource.method);
-    methodsByPath.set(resource.path, existing);
-  }
-  return [...methodsByPath.entries()].sort((a, b) => a[0].localeCompare(b[0])).map(([path, methods]) => ({ path, methods: [...methods].sort() }));
-}
-function createTimeoutFetcher(timeoutMs, fetchImpl) {
-  return async (input, init = {}) => {
-    const controller = new AbortController();
-    const onAbort = () => controller.abort();
-    const timer = setTimeout(() => controller.abort(), timeoutMs);
-    if (init.signal) {
-      if (init.signal.aborted) {
-        clearTimeout(timer);
-        throw new Error("Request aborted");
+async function main(args) {
+  const { command, target, flags } = parseArgs(args);
+  if (command === "discover" && target) return runDiscover(target, flags);
+  if (command === "check" && target) return runCheck(target, flags);
+  console.log("Usage:");
+  console.log("  discovery <origin>            Discover all endpoints at an origin");
+  console.log("  discovery discover <origin>   Discover all endpoints at an origin");
+  console.log("  discovery check <url>         Inspect a specific endpoint URL");
+  console.log("");
+  console.log("Flags:");
+  console.log("  --json   Machine-readable JSON output");
+  console.log("  -v       Verbose output (includes guidance text and warning hints)");
+  return 1;
+}
+async function runDiscover(target, flags) {
+  const origin = normalizeOrigin(target);
+  if (!flags.json) console.log(`
+Discovering ${origin}...
+`);
+  const [openApiResult, wellKnownResult] = await Promise.all([
+    getOpenAPI(origin),
+    getWellKnown(origin)
+  ]);
+  const openApi = openApiResult.isOk() ? openApiResult.value : null;
+  const wellKnown = wellKnownResult.isOk() ? wellKnownResult.value : null;
+  const warnings = [
+    ...getWarningsForOpenAPI(openApi),
+    ...getWarningsForWellKnown(wellKnown)
+  ];
+  if (openApi) {
+    const l2 = checkL2ForOpenAPI(openApi);
+    const l4 = checkL4ForOpenAPI(openApi);
+    warnings.push(...getWarningsForL2(l2), ...getWarningsForL4(l4));
+    if (flags.json) {
+      const meta = {
+        origin,
+        specUrl: openApi.fetchedUrl,
+        ...l2.title ? { title: l2.title } : {},
+        ...l2.description ? { description: l2.description } : {}
+      };
+      if (l4) {
+        meta.guidanceTokens = Math.ceil(l4.guidance.length / 4);
+        if (flags.verbose) meta.guidance = l4.guidance;
       }
-      init.signal.addEventListener("abort", onAbort, { once: true });
+      console.log(
+        JSON.stringify(
+          {
+            ok: true,
+            selectedStage: "openapi",
+            resources: l2.routes.map(routeToResource),
+            warnings,
+            trace: [],
+            meta
+          },
+          null,
+          2
+        )
+      );
+      return 0;
     }
-    try {
-      return await fetchImpl(input, {
-        ...init,
-        signal: controller.signal
-      });
-    } finally {
-      clearTimeout(timer);
-      init.signal?.removeEventListener("abort", onAbort);
+    console.log(`Source:   openapi`);
+    console.log(`Spec:     ${openApi.fetchedUrl}`);
+    if (l2.title) console.log(`API:      ${l2.title}`);
+    console.log(`Routes:   ${l2.routes.length}
+`);
+    for (const route of l2.routes) {
+      const auth = route.authMode ? `  ${route.authMode}` : "";
+      const price = route.price ? `  ${route.price}` : "";
+      const protocols = route.protocols?.length ? `  [${route.protocols.join(", ")}]` : "";
+      console.log(`  ${route.method.padEnd(7)} ${route.path}${auth}${price}${protocols}`);
     }
-  };
-}
-async function runAudit(options, deps = {}) {
-  const discoverDetailedFn = deps.discoverDetailedFn ?? discoverDetailed;
-  const fetchImpl = deps.fetchImpl ?? fetch;
-  const fetcher = createTimeoutFetcher(options.timeoutMs, fetchImpl);
-  const baseOptions = {
-    target: options.target,
-    compatMode: options.compatMode,
-    fetcher,
-    headers: {
-      "user-agent": CLI_USER_AGENT
-    },
-    rawView: options.harness ? "full" : "none"
-  };
-  const startedAt = Date.now();
-  let result = await discoverDetailedFn(baseOptions);
-  let probeCandidateCount = 0;
-  if (options.probe) {
-    const probeCandidates = buildProbeCandidates(result.resources);
-    probeCandidateCount = probeCandidates.length;
-    if (probeCandidates.length > 0) {
-      result = await discoverDetailedFn({
-        ...baseOptions,
-        probeCandidates
-      });
+    if (l4) {
+      const tokens = Math.ceil(l4.guidance.length / 4);
+      console.log(`
+Guidance: ${tokens} tokens`);
+      if (flags.verbose) console.log(`
+${l4.guidance}`);
     }
-  }
-  return {
-    result,
-    durationMs: Date.now() - startedAt,
-    probeCandidateCount,
-    ...options.harness ? {
-      harness: buildContextHarnessReport({
-        target: options.target,
-        result,
-        client: options.client,
-        contextWindowTokens: options.contextWindowTokens
-      })
-    } : {}
-  };
-}
-// src/cli.ts
-function defaultStdout(message) {
-  process.stdout.write(`${message}
+  } else if (wellKnown) {
+    const l2 = checkL2ForWellknown(wellKnown);
+    const l4 = checkL4ForWellknown(wellKnown);
+    warnings.push(...getWarningsForL2(l2), ...getWarningsForL4(l4));
+    if (flags.json) {
+      const meta = { origin, specUrl: wellKnown.fetchedUrl };
+      if (l4 && flags.verbose) meta.guidance = l4.guidance;
+      console.log(
+        JSON.stringify(
+          {
+            ok: true,
+            selectedStage: "well-known/x402",
+            resources: l2.routes.map(routeToResource),
+            warnings,
+            trace: [],
+            meta
+          },
+          null,
+          2
+        )
+      );
+      return 0;
+    }
+    console.log(`Source:   well-known/x402`);
+    console.log(`Spec:     ${wellKnown.fetchedUrl}`);
+    console.log(`Routes:   ${l2.routes.length}
 `);
+    for (const route of l2.routes) {
+      console.log(`  ${route.method.padEnd(7)} ${route.path}  paid  [x402]`);
+    }
+  } else {
+    if (flags.json) {
+      console.log(
+        JSON.stringify(
+          { ok: false, selectedStage: null, resources: [], warnings, trace: [], meta: { origin } },
+          null,
+          2
+        )
+      );
+      return 0;
+    }
+    console.log("Not found \u2014 no OpenAPI spec or /.well-known/x402 at this origin.");
+  }
+  printWarnings(warnings, flags.verbose);
+  return 0;
 }
-function defaultStderr(message) {
-  process.stderr.write(`${message}
+async function runCheck(url, flags) {
+  if (!flags.json) console.log(`
+Checking ${url}...
 `);
-}
-async function main(argv = process.argv.slice(2), deps = {}) {
-  const stdout = deps.stdout ?? defaultStdout;
-  const stderr = deps.stderr ?? defaultStderr;
-  const parsed = parseCliArgs(argv);
-  if (parsed.kind === "help") {
-    stdout(renderHelp());
-    return 0;
-  }
-  if (parsed.kind === "error") {
-    stderr(parsed.message);
-    stderr("");
-    stderr(renderHelp());
-    return 2;
+  const result = await checkEndpointSchema({ url });
+  if (!result.found) {
+    const warnings2 = getWarningsForL3(null);
+    if (flags.json) {
+      console.log(JSON.stringify({ url, found: false, warnings: warnings2 }, null, 2));
+      return 1;
+    }
+    console.log("Not found \u2014 no spec data for this endpoint.");
+    printWarnings(warnings2, flags.verbose);
+    return 1;
   }
-  try {
-    const run = await runAudit(parsed.options, deps);
-    if (parsed.options.json) {
-      stdout(renderJson(run, parsed.options));
-    } else if (parsed.options.verbose) {
-      stdout(renderVerbose(run, parsed.options));
-    } else {
-      stdout(renderSummary(run, parsed.options));
+  const warnings = [];
+  if (flags.json) {
+    for (const advisory of result.advisories) {
+      warnings.push(...getWarningsForL3(advisory));
     }
-    return run.result.resources.length > 0 ? 0 : 1;
-  } catch (error) {
-    const message = error instanceof Error ? error.message : String(error);
-    stderr(`Discovery audit failed: ${message}`);
-    return 2;
+    console.log(
+      JSON.stringify(
+        {
+          url,
+          found: true,
+          origin: result.origin,
+          path: result.path,
+          advisories: result.advisories,
+          warnings
+        },
+        null,
+        2
+      )
+    );
+    return 0;
+  }
+  console.log(`Origin:   ${result.origin}`);
+  console.log(`Path:     ${result.path}
+`);
+  for (const advisory of result.advisories) {
+    const auth = advisory.authMode ? `  ${advisory.authMode}` : "";
+    const price = advisory.estimatedPrice ? `  ${advisory.estimatedPrice}` : "";
+    const protocols = advisory.protocols?.length ? `  [${advisory.protocols.join(", ")}]` : "";
+    console.log(`  ${advisory.method.padEnd(7)}${auth}${price}${protocols}`);
+    warnings.push(...getWarningsForL3(advisory));
+  }
+  printWarnings(warnings, flags.verbose);
+  return 0;
+}
+function printWarnings(warnings, verbose) {
+  if (warnings.length === 0) return;
+  console.log(`
+Warnings (${warnings.length}):`);
+  for (const w of warnings) {
+    const loc = w.path ? ` (${w.path})` : "";
+    const hint = verbose && w.hint ? `
+           Hint: ${w.hint}` : "";
+    console.log(`  [${w.severity.padEnd(4)}] ${w.code}${loc}
+           ${w.message}${hint}`);
   }
 }
 export {