@agentcash/discovery 1.2.0 → 1.4.0

package/dist/cli.cjs

@@ -13872,7 +13872,8 @@ var WellKnownParsedSchema = external_exports.object({
   routes: external_exports.array(
     external_exports.object({
       path: external_exports.string(),
-      method: external_exports.enum(["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS", "TRACE"])
+      method: external_exports.enum(["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS", "TRACE"]),
+      price: external_exports.string().optional()
     })
   ),
   instructions: external_exports.string().optional()
@@ -13965,9 +13966,9 @@ function toAbsoluteUrl(origin, value) {
 
 // src/core/source/fetch.ts
 var import_neverthrow = require("neverthrow");
-function toFetchError(err) {
-  const cause = err instanceof DOMException && (err.name === "TimeoutError" || err.name === "AbortError") ? "timeout" : "network";
-  return { cause, message: String(err) };
+function toFetchError(err2) {
+  const cause = err2 instanceof DOMException && (err2.name === "TimeoutError" || err2.name === "AbortError") ? "timeout" : "network";
+  return { cause, message: String(err2) };
 }
 function fetchSafe(url2, init) {
   return import_neverthrow.ResultAsync.fromPromise(fetch(url2, init), toFetchError);
@@ -14014,7 +14015,13 @@ async function parseBody(response, url2) {
   try {
     const payload = await response.json();
     const parsed = OpenApiParsedSchema.safeParse(payload);
-    if (!parsed.success) return null;
+    if (!parsed.success) {
+      return {
+        parseFailure: true,
+        fetchedUrl: url2,
+        issues: parsed.error.issues.map((i) => ({ path: i.path, message: i.message }))
+      };
+    }
     return { raw: payload, ...parsed.data, fetchedUrl: url2 };
   } catch {
     return null;
@@ -14033,6 +14040,9 @@ function getOpenAPI(origin, headers, signal, specificationOverrideUrl) {
 }
 
 // src/core/source/wellknown/index.ts
+var import_neverthrow5 = require("neverthrow");
+
+// src/core/source/wellknown/x402.ts
 var import_neverthrow3 = require("neverthrow");
 function toWellKnownParsed(origin, doc) {
   const routes = doc.resources.flatMap((entry) => {
@@ -14059,12 +14069,17 @@ async function parseBody2(response, origin, url2) {
     if (!doc.success) return null;
     const parsed = WellKnownParsedSchema.safeParse(toWellKnownParsed(origin, doc.data));
     if (!parsed.success) return null;
-    return { raw: payload, ...parsed.data, fetchedUrl: url2 };
+    return {
+      raw: payload,
+      ...parsed.data,
+      protocol: "x402",
+      fetchedUrl: url2
+    };
   } catch {
     return null;
   }
 }
-function getWellKnown(origin, headers, signal) {
+function getX402WellKnown(origin, headers, signal) {
   const url2 = `${origin}/.well-known/x402`;
   return fetchSafe(url2, {
     method: "GET",
@@ -14076,6 +14091,127 @@ function getWellKnown(origin, headers, signal) {
   });
 }
 
+// src/core/source/wellknown/mpp.ts
+var import_neverthrow4 = require("neverthrow");
+var MppEndpointSchema = external_exports.object({
+  method: external_exports.string(),
+  path: external_exports.string(),
+  description: external_exports.string().optional(),
+  payment: external_exports.object({
+    intent: external_exports.string().optional(),
+    method: external_exports.string().optional(),
+    amount: external_exports.string().optional(),
+    currency: external_exports.string().optional()
+  }).optional()
+});
+var MppWellKnownDocSchema = external_exports.object({
+  version: external_exports.number().optional(),
+  name: external_exports.string().optional(),
+  description: external_exports.string().optional(),
+  categories: external_exports.array(external_exports.string()).optional(),
+  methods: external_exports.record(external_exports.string(), external_exports.unknown()).optional(),
+  endpoints: external_exports.array(MppEndpointSchema).default([]),
+  docs: external_exports.object({
+    homepage: external_exports.string().optional(),
+    apiReference: external_exports.string().optional()
+  }).optional()
+});
+var MPP_DECIMALS = 6;
+function formatMppAmount(raw) {
+  if (!raw) return void 0;
+  const n = Number(raw);
+  if (!Number.isFinite(n)) return void 0;
+  return `$${(n / 10 ** MPP_DECIMALS).toFixed(MPP_DECIMALS)}`;
+}
+function toWellKnownParsed2(doc) {
+  const routes = doc.endpoints.flatMap((entry) => {
+    const method = parseMethod(entry.method);
+    if (!method) return [];
+    const path = normalizePath(entry.path);
+    if (!path) return [];
+    const price = formatMppAmount(entry.payment?.amount);
+    return [{ path, method, ...price ? { price } : {} }];
+  });
+  return {
+    routes,
+    ...doc.description ? { instructions: doc.description } : {}
+  };
+}
+async function parseBody3(response, url2) {
+  try {
+    const payload = await response.json();
+    const doc = MppWellKnownDocSchema.safeParse(payload);
+    if (!doc.success) return null;
+    const parsed = WellKnownParsedSchema.safeParse(toWellKnownParsed2(doc.data));
+    if (!parsed.success) return null;
+    return {
+      raw: payload,
+      ...parsed.data,
+      ...doc.data.name ? { title: doc.data.name } : {},
+      ...doc.data.description ? { description: doc.data.description } : {},
+      protocol: "mpp",
+      fetchedUrl: url2
+    };
+  } catch {
+    return null;
+  }
+}
+function getMppWellKnown(origin, headers, signal) {
+  const url2 = `${origin}/.well-known/mpp`;
+  return fetchSafe(url2, {
+    method: "GET",
+    headers: { Accept: "application/json", ...headers },
+    signal
+  }).andThen((response) => {
+    if (!response.ok) return (0, import_neverthrow4.okAsync)(null);
+    return import_neverthrow4.ResultAsync.fromSafePromise(parseBody3(response, url2));
+  });
+}
+
+// src/core/source/wellknown/index.ts
+function mergeError(a, b) {
+  return {
+    cause: a.cause === "network" || b.cause === "network" ? "network" : "timeout",
+    message: `x402: ${a.message} | mpp: ${b.message}`
+  };
+}
+function merge2(x402, mpp) {
+  const seen = /* @__PURE__ */ new Set();
+  const routes = [...x402.routes, ...mpp.routes].filter((r) => {
+    const key = `${r.method} ${r.path}`;
+    if (seen.has(key)) return false;
+    seen.add(key);
+    return true;
+  });
+  return {
+    raw: { ...mpp.raw, ...x402.raw },
+    routes,
+    protocol: "x402+mpp",
+    // Prefer x402 instructions; fall back to mpp
+    ...x402.instructions || mpp.instructions ? { instructions: x402.instructions ?? mpp.instructions } : {},
+    fetchedUrl: x402.fetchedUrl
+  };
+}
+function getWellKnown(origin, headers, signal) {
+  return new import_neverthrow5.ResultAsync(
+    Promise.all([
+      getX402WellKnown(origin, headers, signal),
+      getMppWellKnown(origin, headers, signal)
+    ]).then(([x402Result, mppResult]) => {
+      const x402 = x402Result.isOk() ? x402Result.value : null;
+      const mpp = mppResult.isOk() ? mppResult.value : null;
+      if (x402 && mpp) return (0, import_neverthrow5.ok)(merge2(x402, mpp));
+      if (x402) return (0, import_neverthrow5.ok)(x402);
+      if (mpp) return (0, import_neverthrow5.ok)(mpp);
+      if (x402Result.isErr() && mppResult.isErr())
+        return (0, import_neverthrow5.err)(mergeError(x402Result.error, mppResult.error));
+      if (x402Result.isErr()) return (0, import_neverthrow5.err)(x402Result.error);
+      if (mppResult.isErr()) return (0, import_neverthrow5.err)(mppResult.error);
+      return (0, import_neverthrow5.ok)(null);
+    })
+  );
+}
+
 // src/core/layers/l2.ts
 function formatPrice(pricing) {
   if (pricing.pricingMode === "fixed") return `$${pricing.price}`;
@@ -14101,15 +14237,27 @@ function checkL2ForOpenAPI(openApi) {
     source: "openapi"
   };
 }
+var WELL_KNOWN_PROTOCOLS = {
+  x402: ["x402"],
+  mpp: ["mpp"],
+  "x402+mpp": ["x402", "mpp"]
+};
 function checkL2ForWellknown(wellKnown) {
+  const protocols = WELL_KNOWN_PROTOCOLS[wellKnown.protocol];
   const routes = wellKnown.routes.map((route) => ({
     path: route.path,
     method: route.method,
     summary: `${route.method} ${route.path}`,
     authMode: "paid",
-    protocols: ["x402"]
+    protocols,
+    ...route.price ? { price: route.price } : {}
   }));
-  return { routes, source: "well-known/x402" };
+  return {
+    ...wellKnown.title ? { title: wellKnown.title } : {},
+    ...wellKnown.description ? { description: wellKnown.description } : {},
+    routes,
+    source: `well-known/${wellKnown.protocol}`
+  };
 }
 
 // src/core/layers/l4.ts
@@ -14121,7 +14269,7 @@ function checkL4ForOpenAPI(openApi) {
 }
 function checkL4ForWellknown(wellKnown) {
   if (wellKnown.instructions) {
-    return { guidance: wellKnown.instructions, source: "well-known/x402" };
+    return { guidance: wellKnown.instructions, source: `well-known/${wellKnown.protocol}` };
   }
   return null;
 }
@@ -14132,6 +14280,7 @@ var AUDIT_CODES = {
   OPENAPI_NOT_FOUND: "OPENAPI_NOT_FOUND",
   WELLKNOWN_NOT_FOUND: "WELLKNOWN_NOT_FOUND",
   // ─── OpenAPI quality ─────────────────────────────────────────────────────────
+  OPENAPI_PARSE_ERROR: "OPENAPI_PARSE_ERROR",
   OPENAPI_NO_ROUTES: "OPENAPI_NO_ROUTES",
   // ─── L2 route-list checks ────────────────────────────────────────────────────
   L2_NO_ROUTES: "L2_NO_ROUTES",
@@ -14166,6 +14315,9 @@ var AUDIT_CODES = {
 };
 
 // src/audit/warnings/sources.ts
+function isOpenApiParseFailure(value) {
+  return value !== null && "parseFailure" in value;
+}
 function getWarningsForOpenAPI(openApi) {
   if (openApi === null) {
     return [
@@ -14177,6 +14329,18 @@ function getWarningsForOpenAPI(openApi) {
       }
     ];
   }
+  if (isOpenApiParseFailure(openApi)) {
+    const details = openApi.issues.map((i) => `  ${i.path.map(String).join(".")}: ${i.message}`).join("\n");
+    return [
+      {
+        code: AUDIT_CODES.OPENAPI_PARSE_ERROR,
+        severity: "warn",
+        message: `OpenAPI spec found at ${openApi.fetchedUrl} but failed schema validation:
+${details}`,
+        hint: "Fix the schema issues above so discovery can read the spec."
+      }
+    ];
+  }
   const warnings = [];
   if (openApi.routes.length === 0) {
     warnings.push({
@@ -15073,7 +15237,7 @@ function getWarningsForL4(l4) {
 }
 
 // src/core/source/probe/index.ts
-var import_neverthrow4 = require("neverthrow");
+var import_neverthrow6 = require("neverthrow");
 
 // src/core/protocols/x402/index.ts
 function parseVersion(payload) {
@@ -15169,8 +15333,8 @@ function probeMethod(url2, method, path, headers, signal, inputBody) {
     ...hasBody ? { body: JSON.stringify(inputBody) } : {},
     signal
   }).andThen((response) => {
-    if (!isUsableStatus(response.status)) return import_neverthrow4.ResultAsync.fromSafePromise(Promise.resolve(null));
-    return import_neverthrow4.ResultAsync.fromSafePromise(
+    if (!isUsableStatus(response.status)) return import_neverthrow6.ResultAsync.fromSafePromise(Promise.resolve(null));
+    return import_neverthrow6.ResultAsync.fromSafePromise(
       (async () => {
         let authHint = response.status === 402 ? "paid" : "unprotected";
         let paymentRequiredBody;
@@ -15201,7 +15365,7 @@ function probeMethod(url2, method, path, headers, signal, inputBody) {
 }
 function getProbe(url2, headers, signal, inputBody) {
   const path = normalizePath(new URL(url2).pathname || "/");
-  return import_neverthrow4.ResultAsync.fromSafePromise(
+  return import_neverthrow6.ResultAsync.fromSafePromise(
     Promise.all(
       [...HTTP_METHODS].map(
         (method) => probeMethod(url2, method, path, headers, signal, inputBody).match(
@@ -15214,6 +15378,20 @@ function getProbe(url2, headers, signal, inputBody) {
 }
 
 // src/core/protocols/mpp/index.ts
+var import_neverthrow7 = require("neverthrow");
+function parseBase64Json(encoded) {
+  return import_neverthrow7.Result.fromThrowable(
+    () => {
+      const decoded = typeof Buffer !== "undefined" ? Buffer.from(encoded, "base64").toString("utf8") : atob(encoded);
+      const parsed = JSON.parse(decoded);
+      if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+        throw new Error("not an object");
+      }
+      return parsed;
+    },
+    (e) => e
+  )();
+}
 var TEMPO_DEFAULT_CHAIN_ID = 4217;
 function parseAuthParams2(segment) {
   const params = {};
@@ -15236,14 +15414,9 @@ function extractPaymentOptions4(wwwAuthenticate) {
     const description = params["description"];
     const requestStr = params["request"];
     if (!paymentMethod || !intent || !realm || !requestStr) continue;
-    let request;
-    try {
-      const parsed = JSON.parse(requestStr);
-      if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) continue;
-      request = parsed;
-    } catch {
-      continue;
-    }
+    const requestResult = parseBase64Json(requestStr);
+    if (requestResult.isErr()) continue;
+    const request = requestResult.value;
     const asset = typeof request["currency"] === "string" ? request["currency"] : void 0;
     const amountRaw = request["amount"];
     const amount = typeof amountRaw === "string" ? amountRaw : typeof amountRaw === "number" ? String(amountRaw) : void 0;
@@ -15440,6 +15613,11 @@ async function attachProbePayload(url2, advisories) {
   }
 }
 
+// src/core/types/sources.ts
+function isOpenApiSource(raw) {
+  return raw !== null && !("parseFailure" in raw);
+}
+
 // src/runtime/check-endpoint.ts
 function getAdvisoriesForOpenAPI(openApi, path) {
   return [...HTTP_METHODS].flatMap((method) => {
@@ -15478,7 +15656,8 @@ async function checkEndpointSchema(options) {
     return { found: false, origin, path, cause: "not_found" };
   }
   const openApiResult = await getOpenAPI(origin, options.headers, options.signal);
-  const openApi = openApiResult.isOk() ? openApiResult.value : null;
+  const openApiRaw = openApiResult.isOk() ? openApiResult.value : null;
+  const openApi = isOpenApiSource(openApiRaw) ? openApiRaw : null;
   if (openApi) {
     const advisories2 = getAdvisoriesForOpenAPI(openApi, path);
     if (advisories2.length > 0) return { found: true, origin, path, advisories: advisories2 };
@@ -15548,10 +15727,11 @@ Discovering ${origin}...
     getOpenAPI(origin),
     getWellKnown(origin)
   ]);
-  const openApi = openApiResult.isOk() ? openApiResult.value : null;
+  const openApiRaw = openApiResult.isOk() ? openApiResult.value : null;
   const wellKnown = wellKnownResult.isOk() ? wellKnownResult.value : null;
+  const openApi = isOpenApiSource(openApiRaw) ? openApiRaw : null;
   const warnings = [
-    ...getWarningsForOpenAPI(openApi),
+    ...getWarningsForOpenAPI(openApiRaw),
     ...getWarningsForWellKnown(wellKnown)
   ];
   if (openApi) {
@@ -15617,12 +15797,14 @@ ${l4.guidance}`);
     warnings.push(...l3WarningArrays.flat());
     if (flags.json) {
       const meta3 = { origin, specUrl: wellKnown.fetchedUrl };
+      if (l2.title) meta3.title = l2.title;
+      if (l2.description) meta3.description = l2.description;
       if (l4 && flags.verbose) meta3.guidance = l4.guidance;
       console.log(
         JSON.stringify(
           {
             ok: true,
-            selectedStage: "well-known/x402",
+            selectedStage: l2.source,
             resources: l2.routes.map(routeToResource),
             warnings,
             trace: [],
@@ -15634,12 +15816,15 @@ ${l4.guidance}`);
       );
       return 0;
     }
-    console.log(`Source:   well-known/x402`);
+    console.log(`Source:   ${l2.source}`);
     console.log(`Spec:     ${wellKnown.fetchedUrl}`);
+    if (l2.title) console.log(`API:      ${l2.title}`);
     console.log(`Routes:   ${l2.routes.length}
 `);
     for (const route of l2.routes) {
-      console.log(`  ${route.method.padEnd(7)} ${route.path}  paid  [x402]`);
+      const price = route.price ? `  ${route.price}` : "";
+      const protocols = route.protocols?.length ? `  [${route.protocols.join(", ")}]` : "";
+      console.log(`  ${route.method.padEnd(7)} ${route.path}  paid${price}${protocols}`);
     }
   } else {
     if (flags.json) {