@agentcash/discovery 1.1.1 → 1.1.3

package/dist/cli.cjs

@@ -13807,7 +13807,7 @@ config(en_default());
 
 // src/schemas.ts
 var OpenApiPaymentInfoSchema = external_exports.object({
-  pricingMode: external_exports.enum(["fixed", "range", "quote"]),
+  pricingMode: external_exports.string(),
   price: external_exports.string().optional(),
   minPrice: external_exports.string().optional(),
   maxPrice: external_exports.string().optional(),
@@ -13864,7 +13864,6 @@ var WellKnownDocSchema = external_exports.object({
   version: external_exports.number().optional(),
   resources: external_exports.array(external_exports.string()).default([]),
   mppResources: external_exports.array(external_exports.string()).optional(),
-  // isMmmEnabled
   description: external_exports.string().optional(),
   ownershipProofs: external_exports.array(external_exports.string()).optional(),
   instructions: external_exports.string().optional()
@@ -13929,7 +13928,11 @@ var DEFAULT_MISSING_METHOD = "POST";
 // src/core/lib/url.ts
 function ensureProtocol(target) {
   const trimmed = target.trim();
-  return /^https?:\/\//i.test(trimmed) ? trimmed : `https://${trimmed}`;
+  if (/^https?:\/\//i.test(trimmed)) return trimmed;
+  const host = trimmed.split("/")[0] ?? "";
+  const hostname3 = host.split(":")[0] ?? "";
+  const isLocal = hostname3 === "localhost" || hostname3 === "127.0.0.1" || hostname3 === "::1";
+  return `${isLocal ? "http" : "https"}://${trimmed}`;
 }
 function normalizeOrigin(target) {
   const url2 = new URL(ensureProtocol(target));
@@ -13970,9 +13973,6 @@ function fetchSafe(url2, init) {
   return import_neverthrow.ResultAsync.fromPromise(fetch(url2, init), toFetchError);
 }
 
-// src/mmm-enabled.ts
-var isMmmEnabled = () => "1.1.1".includes("-mmm");
-
 // src/core/source/openapi/index.ts
 var OpenApiParsedSchema = OpenApiDocSchema.transform((doc) => {
   const routes = [];
@@ -13981,11 +13981,8 @@ var OpenApiParsedSchema = OpenApiDocSchema.transform((doc) => {
       const operation = pathItem[httpMethod.toLowerCase()];
       if (!operation) continue;
       const authMode = inferAuthMode(operation, doc.security, doc.components?.securitySchemes) ?? void 0;
-      if (!authMode) continue;
       const p = operation["x-payment-info"];
-      const protocols = (p?.protocols ?? []).filter(
-        (proto) => proto !== "mpp" || isMmmEnabled()
-      );
+      const protocols = (p?.protocols ?? []).filter((proto) => proto.length > 0);
       const pricing = (authMode === "paid" || authMode === "apiKey+paid") && p ? {
         pricingMode: p.pricingMode,
         ...p.price ? { price: p.price } : {},
@@ -14083,7 +14080,9 @@ function getWellKnown(origin, headers, signal) {
 function formatPrice(pricing) {
   if (pricing.pricingMode === "fixed") return `$${pricing.price}`;
   if (pricing.pricingMode === "range") return `$${pricing.minPrice}-$${pricing.maxPrice}`;
-  return pricing.maxPrice ? `up to $${pricing.maxPrice}` : "quote";
+  if (pricing.pricingMode === "quote")
+    return pricing.maxPrice ? `up to $${pricing.maxPrice}` : "quote";
+  return `unknown pricing mode: ${pricing.pricingMode}`;
 }
 function checkL2ForOpenAPI(openApi) {
   const routes = openApi.routes.map((route) => ({
@@ -14091,12 +14090,13 @@ function checkL2ForOpenAPI(openApi) {
     method: route.method,
     summary: route.summary ?? `${route.method} ${route.path}`,
     ...route.authMode ? { authMode: route.authMode } : {},
-    ...route.pricing ? { price: formatPrice(route.pricing) } : {},
+    ...route.pricing ? { price: formatPrice(route.pricing), pricingMode: route.pricing.pricingMode } : {},
     ...route.protocols?.length ? { protocols: route.protocols } : {}
   }));
   return {
     ...openApi.info.title ? { title: openApi.info.title } : {},
     ...openApi.info.description ? { description: openApi.info.description } : {},
+    ...openApi.info.version ? { version: openApi.info.version } : {},
     routes,
     source: "openapi"
   };
@@ -14139,6 +14139,7 @@ var AUDIT_CODES = {
   L2_AUTH_MODE_MISSING: "L2_AUTH_MODE_MISSING",
   L2_NO_PAID_ROUTES: "L2_NO_PAID_ROUTES",
   L2_PRICE_MISSING_ON_PAID: "L2_PRICE_MISSING_ON_PAID",
+  L2_PRICING_MODE_UNKNOWN: "L2_PRICING_MODE_UNKNOWN",
   L2_PROTOCOLS_MISSING_ON_PAID: "L2_PROTOCOLS_MISSING_ON_PAID",
   // ─── L3 endpoint advisory checks ─────────────────────────────────────────────
   L3_NOT_FOUND: "L3_NOT_FOUND",
@@ -14189,6 +14190,7 @@ function getWarningsForWellKnown(wellKnown) {
 }
 
 // src/audit/warnings/l2.ts
+var KNOWN_PRICING_MODES = /* @__PURE__ */ new Set(["fixed", "range", "quote"]);
 var ROUTE_COUNT_HIGH = 40;
 function getWarningsForL2(l2) {
   const warnings = [];
@@ -14228,6 +14230,15 @@ function getWarningsForL2(l2) {
         path: route.path
       });
     }
+    if (route.pricingMode && !KNOWN_PRICING_MODES.has(route.pricingMode)) {
+      warnings.push({
+        code: AUDIT_CODES.L2_PRICING_MODE_UNKNOWN,
+        severity: "warn",
+        message: `Route ${loc} has unrecognized pricingMode "${route.pricingMode}".`,
+        hint: `Expected one of: ${[...KNOWN_PRICING_MODES].join(", ")}.`,
+        path: route.path
+      });
+    }
     if (route.authMode === "paid") {
       if (!route.price) {
         warnings.push({
@@ -14958,7 +14969,7 @@ function detectProtocols(response) {
   }
   const authHeader = response.headers.get("www-authenticate")?.toLowerCase() ?? "";
   if (authHeader.includes("x402")) protocols.add("x402");
-  if (isMmmEnabled() && authHeader.includes("mpp")) protocols.add("mpp");
+  if (authHeader.includes("mpp")) protocols.add("mpp");
   return [...protocols];
 }
 function buildProbeUrl(url2, method, inputBody) {
@@ -15038,7 +15049,7 @@ function parseAuthParams(segment) {
   return params;
 }
 function extractPaymentOptions4(wwwAuthenticate) {
-  if (!isMmmEnabled() || !wwwAuthenticate) return [];
+  if (!wwwAuthenticate) return [];
   const options = [];
   for (const segment of wwwAuthenticate.split(/,\s*(?=Payment\s)/i)) {
     const stripped = segment.replace(/^Payment\s+/i, "").trim();
@@ -15067,12 +15078,10 @@ function extractPaymentOptions4(wwwAuthenticate) {
     if (!asset || !amount) continue;
     options.push({
       protocol: "mpp",
-      // isMmmEnabled
       paymentMethod,
       intent,
       realm,
       network: `tempo:${String(chainId)}`,
-      // isMmmEnabled
       asset,
       amount,
       ...decimals != null ? { decimals } : {},
@@ -15200,7 +15209,7 @@ function parseOperationProtocols(operation) {
   const paymentInfo = operation["x-payment-info"];
   if (!isRecord(paymentInfo) || !Array.isArray(paymentInfo.protocols)) return void 0;
   const protocols = paymentInfo.protocols.filter(
-    (protocol) => typeof protocol === "string" && protocol.length > 0 && (protocol !== "mpp" || isMmmEnabled())
+    (protocol) => typeof protocol === "string" && protocol.length > 0
   );
   return protocols.length > 0 ? protocols : void 0;
 }
@@ -15231,8 +15240,7 @@ function getL3ForProbe(probe, path, method) {
   const outputSchema = probeResult.paymentRequiredBody ? parseOutputSchema(probeResult.paymentRequiredBody) : void 0;
   const paymentOptions = [
     ...probeResult.paymentRequiredBody ? extractPaymentOptions3(probeResult.paymentRequiredBody) : [],
-    ...isMmmEnabled() ? extractPaymentOptions4(probeResult.wwwAuthenticate) : []
-    // isMmmEnabled
+    ...extractPaymentOptions4(probeResult.wwwAuthenticate)
   ];
   return {
     source: "probe",
@@ -15272,7 +15280,7 @@ async function checkEndpointSchema(options) {
   const endpoint = new URL(ensureProtocol(options.url));
   const origin = normalizeOrigin(endpoint.origin);
   const path = normalizePath(endpoint.pathname || "/");
-  if (options.sampleInputBody !== void 0) {
+  if (options.probe || options.sampleInputBody !== void 0) {
     const probeResult2 = await getProbe(
       endpoint.href,
       options.headers,
@@ -15324,7 +15332,7 @@ function parseArgs(args) {
     else positional.push(arg);
   }
   const [first, second] = positional;
-  if (first && (first.startsWith("http://") || first.startsWith("https://"))) {
+  if (first && first !== "discover" && first !== "check") {
     return { command: "discover", target: first, flags };
   }
   return { command: first ?? null, target: second ?? null, flags };
@@ -15483,7 +15491,8 @@ async function getL3Warnings(url2) {
   }
   return result.advisories.flatMap((a) => getWarningsForL3(a));
 }
-async function runCheck(url2, flags) {
+async function runCheck(rawUrl, flags) {
+  const url2 = ensureProtocol(rawUrl);
   if (!flags.json) console.log(`
 Checking ${url2}...
 `);

package/dist/cli.js

@@ -13777,7 +13777,7 @@ config(en_default());
 
 // src/schemas.ts
 var OpenApiPaymentInfoSchema = external_exports.object({
-  pricingMode: external_exports.enum(["fixed", "range", "quote"]),
+  pricingMode: external_exports.string(),
   price: external_exports.string().optional(),
   minPrice: external_exports.string().optional(),
   maxPrice: external_exports.string().optional(),
@@ -13834,7 +13834,6 @@ var WellKnownDocSchema = external_exports.object({
   version: external_exports.number().optional(),
   resources: external_exports.array(external_exports.string()).default([]),
   mppResources: external_exports.array(external_exports.string()).optional(),
-  // isMmmEnabled
   description: external_exports.string().optional(),
   ownershipProofs: external_exports.array(external_exports.string()).optional(),
   instructions: external_exports.string().optional()
@@ -13899,7 +13898,11 @@ var DEFAULT_MISSING_METHOD = "POST";
 // src/core/lib/url.ts
 function ensureProtocol(target) {
   const trimmed = target.trim();
-  return /^https?:\/\//i.test(trimmed) ? trimmed : `https://${trimmed}`;
+  if (/^https?:\/\//i.test(trimmed)) return trimmed;
+  const host = trimmed.split("/")[0] ?? "";
+  const hostname3 = host.split(":")[0] ?? "";
+  const isLocal = hostname3 === "localhost" || hostname3 === "127.0.0.1" || hostname3 === "::1";
+  return `${isLocal ? "http" : "https"}://${trimmed}`;
 }
 function normalizeOrigin(target) {
   const url2 = new URL(ensureProtocol(target));
@@ -13940,9 +13943,6 @@ function fetchSafe(url2, init) {
   return ResultAsync.fromPromise(fetch(url2, init), toFetchError);
 }
 
-// src/mmm-enabled.ts
-var isMmmEnabled = () => "1.1.1".includes("-mmm");
-
 // src/core/source/openapi/index.ts
 var OpenApiParsedSchema = OpenApiDocSchema.transform((doc) => {
   const routes = [];
@@ -13951,11 +13951,8 @@ var OpenApiParsedSchema = OpenApiDocSchema.transform((doc) => {
       const operation = pathItem[httpMethod.toLowerCase()];
       if (!operation) continue;
       const authMode = inferAuthMode(operation, doc.security, doc.components?.securitySchemes) ?? void 0;
-      if (!authMode) continue;
       const p = operation["x-payment-info"];
-      const protocols = (p?.protocols ?? []).filter(
-        (proto) => proto !== "mpp" || isMmmEnabled()
-      );
+      const protocols = (p?.protocols ?? []).filter((proto) => proto.length > 0);
       const pricing = (authMode === "paid" || authMode === "apiKey+paid") && p ? {
         pricingMode: p.pricingMode,
         ...p.price ? { price: p.price } : {},
@@ -14053,7 +14050,9 @@ function getWellKnown(origin, headers, signal) {
 function formatPrice(pricing) {
   if (pricing.pricingMode === "fixed") return `$${pricing.price}`;
   if (pricing.pricingMode === "range") return `$${pricing.minPrice}-$${pricing.maxPrice}`;
-  return pricing.maxPrice ? `up to $${pricing.maxPrice}` : "quote";
+  if (pricing.pricingMode === "quote")
+    return pricing.maxPrice ? `up to $${pricing.maxPrice}` : "quote";
+  return `unknown pricing mode: ${pricing.pricingMode}`;
 }
 function checkL2ForOpenAPI(openApi) {
   const routes = openApi.routes.map((route) => ({
@@ -14061,12 +14060,13 @@ function checkL2ForOpenAPI(openApi) {
     method: route.method,
     summary: route.summary ?? `${route.method} ${route.path}`,
     ...route.authMode ? { authMode: route.authMode } : {},
-    ...route.pricing ? { price: formatPrice(route.pricing) } : {},
+    ...route.pricing ? { price: formatPrice(route.pricing), pricingMode: route.pricing.pricingMode } : {},
     ...route.protocols?.length ? { protocols: route.protocols } : {}
   }));
   return {
     ...openApi.info.title ? { title: openApi.info.title } : {},
     ...openApi.info.description ? { description: openApi.info.description } : {},
+    ...openApi.info.version ? { version: openApi.info.version } : {},
     routes,
     source: "openapi"
   };
@@ -14109,6 +14109,7 @@ var AUDIT_CODES = {
   L2_AUTH_MODE_MISSING: "L2_AUTH_MODE_MISSING",
   L2_NO_PAID_ROUTES: "L2_NO_PAID_ROUTES",
   L2_PRICE_MISSING_ON_PAID: "L2_PRICE_MISSING_ON_PAID",
+  L2_PRICING_MODE_UNKNOWN: "L2_PRICING_MODE_UNKNOWN",
   L2_PROTOCOLS_MISSING_ON_PAID: "L2_PROTOCOLS_MISSING_ON_PAID",
   // ─── L3 endpoint advisory checks ─────────────────────────────────────────────
   L3_NOT_FOUND: "L3_NOT_FOUND",
@@ -14159,6 +14160,7 @@ function getWarningsForWellKnown(wellKnown) {
 }
 
 // src/audit/warnings/l2.ts
+var KNOWN_PRICING_MODES = /* @__PURE__ */ new Set(["fixed", "range", "quote"]);
 var ROUTE_COUNT_HIGH = 40;
 function getWarningsForL2(l2) {
   const warnings = [];
@@ -14198,6 +14200,15 @@ function getWarningsForL2(l2) {
         path: route.path
       });
     }
+    if (route.pricingMode && !KNOWN_PRICING_MODES.has(route.pricingMode)) {
+      warnings.push({
+        code: AUDIT_CODES.L2_PRICING_MODE_UNKNOWN,
+        severity: "warn",
+        message: `Route ${loc} has unrecognized pricingMode "${route.pricingMode}".`,
+        hint: `Expected one of: ${[...KNOWN_PRICING_MODES].join(", ")}.`,
+        path: route.path
+      });
+    }
     if (route.authMode === "paid") {
       if (!route.price) {
         warnings.push({
@@ -14928,7 +14939,7 @@ function detectProtocols(response) {
   }
   const authHeader = response.headers.get("www-authenticate")?.toLowerCase() ?? "";
   if (authHeader.includes("x402")) protocols.add("x402");
-  if (isMmmEnabled() && authHeader.includes("mpp")) protocols.add("mpp");
+  if (authHeader.includes("mpp")) protocols.add("mpp");
   return [...protocols];
 }
 function buildProbeUrl(url2, method, inputBody) {
@@ -15008,7 +15019,7 @@ function parseAuthParams(segment) {
   return params;
 }
 function extractPaymentOptions4(wwwAuthenticate) {
-  if (!isMmmEnabled() || !wwwAuthenticate) return [];
+  if (!wwwAuthenticate) return [];
   const options = [];
   for (const segment of wwwAuthenticate.split(/,\s*(?=Payment\s)/i)) {
     const stripped = segment.replace(/^Payment\s+/i, "").trim();
@@ -15037,12 +15048,10 @@ function extractPaymentOptions4(wwwAuthenticate) {
     if (!asset || !amount) continue;
     options.push({
       protocol: "mpp",
-      // isMmmEnabled
       paymentMethod,
       intent,
       realm,
       network: `tempo:${String(chainId)}`,
-      // isMmmEnabled
       asset,
       amount,
       ...decimals != null ? { decimals } : {},
@@ -15170,7 +15179,7 @@ function parseOperationProtocols(operation) {
   const paymentInfo = operation["x-payment-info"];
   if (!isRecord(paymentInfo) || !Array.isArray(paymentInfo.protocols)) return void 0;
   const protocols = paymentInfo.protocols.filter(
-    (protocol) => typeof protocol === "string" && protocol.length > 0 && (protocol !== "mpp" || isMmmEnabled())
+    (protocol) => typeof protocol === "string" && protocol.length > 0
   );
   return protocols.length > 0 ? protocols : void 0;
 }
@@ -15201,8 +15210,7 @@ function getL3ForProbe(probe, path, method) {
   const outputSchema = probeResult.paymentRequiredBody ? parseOutputSchema(probeResult.paymentRequiredBody) : void 0;
   const paymentOptions = [
     ...probeResult.paymentRequiredBody ? extractPaymentOptions3(probeResult.paymentRequiredBody) : [],
-    ...isMmmEnabled() ? extractPaymentOptions4(probeResult.wwwAuthenticate) : []
-    // isMmmEnabled
+    ...extractPaymentOptions4(probeResult.wwwAuthenticate)
   ];
   return {
     source: "probe",
@@ -15242,7 +15250,7 @@ async function checkEndpointSchema(options) {
   const endpoint = new URL(ensureProtocol(options.url));
   const origin = normalizeOrigin(endpoint.origin);
   const path = normalizePath(endpoint.pathname || "/");
-  if (options.sampleInputBody !== void 0) {
+  if (options.probe || options.sampleInputBody !== void 0) {
     const probeResult2 = await getProbe(
       endpoint.href,
       options.headers,
@@ -15294,7 +15302,7 @@ function parseArgs(args) {
     else positional.push(arg);
   }
   const [first, second] = positional;
-  if (first && (first.startsWith("http://") || first.startsWith("https://"))) {
+  if (first && first !== "discover" && first !== "check") {
     return { command: "discover", target: first, flags };
   }
   return { command: first ?? null, target: second ?? null, flags };
@@ -15453,7 +15461,8 @@ async function getL3Warnings(url2) {
   }
   return result.advisories.flatMap((a) => getWarningsForL3(a));
 }
-async function runCheck(url2, flags) {
+async function runCheck(rawUrl, flags) {
+  const url2 = ensureProtocol(rawUrl);
   if (!flags.json) console.log(`
 Checking ${url2}...
 `);

package/dist/index.cjs

@@ -13830,7 +13830,7 @@ config(en_default());
 
 // src/schemas.ts
 var OpenApiPaymentInfoSchema = external_exports.object({
-  pricingMode: external_exports.enum(["fixed", "range", "quote"]),
+  pricingMode: external_exports.string(),
   price: external_exports.string().optional(),
   minPrice: external_exports.string().optional(),
   maxPrice: external_exports.string().optional(),
@@ -13887,7 +13887,6 @@ var WellKnownDocSchema = external_exports.object({
   version: external_exports.number().optional(),
   resources: external_exports.array(external_exports.string()).default([]),
   mppResources: external_exports.array(external_exports.string()).optional(),
-  // isMmmEnabled
   description: external_exports.string().optional(),
   ownershipProofs: external_exports.array(external_exports.string()).optional(),
   instructions: external_exports.string().optional()
@@ -13952,7 +13951,11 @@ var DEFAULT_MISSING_METHOD = "POST";
 // src/core/lib/url.ts
 function ensureProtocol(target) {
   const trimmed = target.trim();
-  return /^https?:\/\//i.test(trimmed) ? trimmed : `https://${trimmed}`;
+  if (/^https?:\/\//i.test(trimmed)) return trimmed;
+  const host = trimmed.split("/")[0] ?? "";
+  const hostname3 = host.split(":")[0] ?? "";
+  const isLocal = hostname3 === "localhost" || hostname3 === "127.0.0.1" || hostname3 === "::1";
+  return `${isLocal ? "http" : "https"}://${trimmed}`;
 }
 function normalizeOrigin(target) {
   const url2 = new URL(ensureProtocol(target));
@@ -13993,9 +13996,6 @@ function fetchSafe(url2, init) {
   return import_neverthrow.ResultAsync.fromPromise(fetch(url2, init), toFetchError);
 }
 
-// src/mmm-enabled.ts
-var isMmmEnabled = () => "1.1.1".includes("-mmm");
-
 // src/core/source/openapi/index.ts
 var OpenApiParsedSchema = OpenApiDocSchema.transform((doc) => {
   const routes = [];
@@ -14004,11 +14004,8 @@ var OpenApiParsedSchema = OpenApiDocSchema.transform((doc) => {
       const operation = pathItem[httpMethod.toLowerCase()];
       if (!operation) continue;
       const authMode = inferAuthMode(operation, doc.security, doc.components?.securitySchemes) ?? void 0;
-      if (!authMode) continue;
       const p = operation["x-payment-info"];
-      const protocols = (p?.protocols ?? []).filter(
-        (proto) => proto !== "mpp" || isMmmEnabled()
-      );
+      const protocols = (p?.protocols ?? []).filter((proto) => proto.length > 0);
       const pricing = (authMode === "paid" || authMode === "apiKey+paid") && p ? {
         pricingMode: p.pricingMode,
         ...p.price ? { price: p.price } : {},
@@ -14106,7 +14103,9 @@ function getWellKnown(origin, headers, signal) {
 function formatPrice(pricing) {
   if (pricing.pricingMode === "fixed") return `$${pricing.price}`;
   if (pricing.pricingMode === "range") return `$${pricing.minPrice}-$${pricing.maxPrice}`;
-  return pricing.maxPrice ? `up to $${pricing.maxPrice}` : "quote";
+  if (pricing.pricingMode === "quote")
+    return pricing.maxPrice ? `up to $${pricing.maxPrice}` : "quote";
+  return `unknown pricing mode: ${pricing.pricingMode}`;
 }
 function checkL2ForOpenAPI(openApi) {
   const routes = openApi.routes.map((route) => ({
@@ -14114,12 +14113,13 @@ function checkL2ForOpenAPI(openApi) {
     method: route.method,
     summary: route.summary ?? `${route.method} ${route.path}`,
     ...route.authMode ? { authMode: route.authMode } : {},
-    ...route.pricing ? { price: formatPrice(route.pricing) } : {},
+    ...route.pricing ? { price: formatPrice(route.pricing), pricingMode: route.pricing.pricingMode } : {},
     ...route.protocols?.length ? { protocols: route.protocols } : {}
   }));
   return {
     ...openApi.info.title ? { title: openApi.info.title } : {},
     ...openApi.info.description ? { description: openApi.info.description } : {},
+    ...openApi.info.version ? { version: openApi.info.version } : {},
     routes,
     source: "openapi"
   };
@@ -14190,7 +14190,13 @@ async function discoverOriginSchema(options) {
       found: true,
       origin,
       source: "openapi",
-      ...l22.title ? { info: { title: l22.title, ...l22.description ? { description: l22.description } : {} } } : {},
+      ...l22.title ? {
+        info: {
+          title: l22.title,
+          ...l22.description ? { description: l22.description } : {},
+          ...l22.version ? { version: l22.version } : {}
+        }
+      } : {},
       endpoints: l22.routes
     };
     return withGuidance(base2, l42, guidanceMode);
@@ -14644,7 +14650,7 @@ function detectProtocols(response) {
   }
   const authHeader = response.headers.get("www-authenticate")?.toLowerCase() ?? "";
   if (authHeader.includes("x402")) protocols.add("x402");
-  if (isMmmEnabled() && authHeader.includes("mpp")) protocols.add("mpp");
+  if (authHeader.includes("mpp")) protocols.add("mpp");
   return [...protocols];
 }
 function buildProbeUrl(url2, method, inputBody) {
@@ -14724,7 +14730,7 @@ function parseAuthParams(segment) {
   return params;
 }
 function extractPaymentOptions4(wwwAuthenticate) {
-  if (!isMmmEnabled() || !wwwAuthenticate) return [];
+  if (!wwwAuthenticate) return [];
   const options = [];
   for (const segment of wwwAuthenticate.split(/,\s*(?=Payment\s)/i)) {
     const stripped = segment.replace(/^Payment\s+/i, "").trim();
@@ -14753,12 +14759,10 @@ function extractPaymentOptions4(wwwAuthenticate) {
     if (!asset || !amount) continue;
     options.push({
       protocol: "mpp",
-      // isMmmEnabled
       paymentMethod,
       intent,
       realm,
       network: `tempo:${String(chainId)}`,
-      // isMmmEnabled
       asset,
       amount,
       ...decimals != null ? { decimals } : {},
@@ -14886,7 +14890,7 @@ function parseOperationProtocols(operation) {
   const paymentInfo = operation["x-payment-info"];
   if (!isRecord(paymentInfo) || !Array.isArray(paymentInfo.protocols)) return void 0;
   const protocols = paymentInfo.protocols.filter(
-    (protocol) => typeof protocol === "string" && protocol.length > 0 && (protocol !== "mpp" || isMmmEnabled())
+    (protocol) => typeof protocol === "string" && protocol.length > 0
   );
   return protocols.length > 0 ? protocols : void 0;
 }
@@ -14917,8 +14921,7 @@ function getL3ForProbe(probe, path, method) {
   const outputSchema = probeResult.paymentRequiredBody ? parseOutputSchema(probeResult.paymentRequiredBody) : void 0;
   const paymentOptions = [
     ...probeResult.paymentRequiredBody ? extractPaymentOptions3(probeResult.paymentRequiredBody) : [],
-    ...isMmmEnabled() ? extractPaymentOptions4(probeResult.wwwAuthenticate) : []
-    // isMmmEnabled
+    ...extractPaymentOptions4(probeResult.wwwAuthenticate)
   ];
   return {
     source: "probe",
@@ -14962,7 +14965,7 @@ async function checkEndpointSchema(options) {
   const endpoint = new URL(ensureProtocol(options.url));
   const origin = normalizeOrigin(endpoint.origin);
   const path = normalizePath(endpoint.pathname || "/");
-  if (options.sampleInputBody !== void 0) {
+  if (options.probe || options.sampleInputBody !== void 0) {
     const probeResult2 = await getProbe(
       endpoint.href,
       options.headers,
@@ -15101,6 +15104,7 @@ var AUDIT_CODES = {
   L2_AUTH_MODE_MISSING: "L2_AUTH_MODE_MISSING",
   L2_NO_PAID_ROUTES: "L2_NO_PAID_ROUTES",
   L2_PRICE_MISSING_ON_PAID: "L2_PRICE_MISSING_ON_PAID",
+  L2_PRICING_MODE_UNKNOWN: "L2_PRICING_MODE_UNKNOWN",
   L2_PROTOCOLS_MISSING_ON_PAID: "L2_PROTOCOLS_MISSING_ON_PAID",
   // ─── L3 endpoint advisory checks ─────────────────────────────────────────────
   L3_NOT_FOUND: "L3_NOT_FOUND",
@@ -15442,6 +15446,7 @@ function getWarningsForWellKnown(wellKnown) {
 }
 
 // src/audit/warnings/l2.ts
+var KNOWN_PRICING_MODES = /* @__PURE__ */ new Set(["fixed", "range", "quote"]);
 var ROUTE_COUNT_HIGH = 40;
 function getWarningsForL2(l2) {
   const warnings = [];
@@ -15481,6 +15486,15 @@ function getWarningsForL2(l2) {
         path: route.path
       });
     }
+    if (route.pricingMode && !KNOWN_PRICING_MODES.has(route.pricingMode)) {
+      warnings.push({
+        code: AUDIT_CODES.L2_PRICING_MODE_UNKNOWN,
+        severity: "warn",
+        message: `Route ${loc} has unrecognized pricingMode "${route.pricingMode}".`,
+        hint: `Expected one of: ${[...KNOWN_PRICING_MODES].join(", ")}.`,
+        path: route.path
+      });
+    }
     if (route.authMode === "paid") {
       if (!route.price) {
         warnings.push({

package/dist/index.d.cts

@@ -8,12 +8,14 @@ type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | 'HEAD' | 'OPTION
 
 interface MppPaymentOption {
     protocol: 'mpp';
-    /** Payment method identifier, e.g. "tempo" (Tempo protocol). */ paymentMethod: string;
+    /** Payment method identifier, e.g. "tempo" (Tempo protocol). */
+    paymentMethod: string;
     /** Payment intent type, e.g. "charge". */
     intent: string;
     /** Server protection realm. */
     realm: string;
-    /** CAIP-2 style network identifier, e.g. "tempo:4217". */ network: string;
+    /** CAIP-2 style network identifier, e.g. "tempo:4217". */
+    network: string;
     /** Currency / token contract. */
     asset: string;
     /** Raw token-unit amount string. */
@@ -59,7 +61,7 @@ interface X402V2PaymentOption {
 type X402PaymentOption = X402V1PaymentOption | X402V2PaymentOption;
 type PaymentOption = X402PaymentOption | MppPaymentOption;
 interface PricingHint {
-    pricingMode: PricingMode;
+    pricingMode: PricingMode | string;
     price?: string;
     minPrice?: string;
     maxPrice?: string;
@@ -107,6 +109,7 @@ interface ProbeResult {
 interface L2Result {
     title?: string;
     description?: string;
+    version?: string;
     routes: L2Route[];
     source: 'openapi' | 'well-known/x402' | null;
 }
@@ -116,6 +119,7 @@ interface L2Route {
     summary: string;
     authMode?: AuthMode;
     price?: string;
+    pricingMode?: string;
     protocols?: string[];
 }
 interface L3Result {
@@ -163,6 +167,7 @@ interface DiscoverOriginSchemaSuccess {
     info?: {
         title: string;
         description?: string;
+        version?: string;
     };
     /** Discovered endpoints with advisory pricing and auth metadata. */
     endpoints: L2Route[];
@@ -195,6 +200,12 @@ interface CheckEndpointOptions {
      *
      */
     sampleInputBody?: Record<string, unknown>;
+    /**
+     * When true, skips OpenAPI lookup and probes the live endpoint directly.
+     * Use this to retrieve actual PaymentOptions (realm, payTo, network, asset, amount)
+     * from the 402 response rather than static OpenAPI metadata.
+     */
+    probe?: boolean;
 }
 interface EndpointMethodAdvisory extends L3Result {
     method: HttpMethod;
@@ -344,6 +355,7 @@ declare const AUDIT_CODES: {
     readonly L2_AUTH_MODE_MISSING: "L2_AUTH_MODE_MISSING";
     readonly L2_NO_PAID_ROUTES: "L2_NO_PAID_ROUTES";
     readonly L2_PRICE_MISSING_ON_PAID: "L2_PRICE_MISSING_ON_PAID";
+    readonly L2_PRICING_MODE_UNKNOWN: "L2_PRICING_MODE_UNKNOWN";
     readonly L2_PROTOCOLS_MISSING_ON_PAID: "L2_PROTOCOLS_MISSING_ON_PAID";
     readonly L3_NOT_FOUND: "L3_NOT_FOUND";
     readonly L3_INPUT_SCHEMA_MISSING: "L3_INPUT_SCHEMA_MISSING";