npm - @agentcash/discovery - Versions diffs - 1.2.0 → 1.4.0 - Mend

@agentcash/discovery 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/cli.js CHANGED Viewed

@@ -13842,7 +13842,8 @@ var WellKnownParsedSchema = external_exports.object({
   routes: external_exports.array(
     external_exports.object({
       path: external_exports.string(),
-      method: external_exports.enum(["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS", "TRACE"])
+      method: external_exports.enum(["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS", "TRACE"]),
+      price: external_exports.string().optional()
     })
   ),
   instructions: external_exports.string().optional()
@@ -13935,9 +13936,9 @@ function toAbsoluteUrl(origin, value) {
 // src/core/source/fetch.ts
 import { ResultAsync } from "neverthrow";
-function toFetchError(err) {
-  const cause = err instanceof DOMException && (err.name === "TimeoutError" || err.name === "AbortError") ? "timeout" : "network";
-  return { cause, message: String(err) };
+function toFetchError(err2) {
+  const cause = err2 instanceof DOMException && (err2.name === "TimeoutError" || err2.name === "AbortError") ? "timeout" : "network";
+  return { cause, message: String(err2) };
 }
 function fetchSafe(url2, init) {
   return ResultAsync.fromPromise(fetch(url2, init), toFetchError);
@@ -13984,7 +13985,13 @@ async function parseBody(response, url2) {
   try {
     const payload = await response.json();
     const parsed = OpenApiParsedSchema.safeParse(payload);
-    if (!parsed.success) return null;
+    if (!parsed.success) {
+      return {
+        parseFailure: true,
+        fetchedUrl: url2,
+        issues: parsed.error.issues.map((i) => ({ path: i.path, message: i.message }))
+      };
+    }
     return { raw: payload, ...parsed.data, fetchedUrl: url2 };
   } catch {
     return null;
@@ -14003,6 +14010,9 @@ function getOpenAPI(origin, headers, signal, specificationOverrideUrl) {
 }
 // src/core/source/wellknown/index.ts
+import { ok, err, ResultAsync as ResultAsync5 } from "neverthrow";
+// src/core/source/wellknown/x402.ts
 import { okAsync as okAsync2, ResultAsync as ResultAsync3 } from "neverthrow";
 function toWellKnownParsed(origin, doc) {
   const routes = doc.resources.flatMap((entry) => {
@@ -14029,12 +14039,17 @@ async function parseBody2(response, origin, url2) {
     if (!doc.success) return null;
     const parsed = WellKnownParsedSchema.safeParse(toWellKnownParsed(origin, doc.data));
     if (!parsed.success) return null;
-    return { raw: payload, ...parsed.data, fetchedUrl: url2 };
+    return {
+      raw: payload,
+      ...parsed.data,
+      protocol: "x402",
+      fetchedUrl: url2
+    };
   } catch {
     return null;
   }
 }
-function getWellKnown(origin, headers, signal) {
+function getX402WellKnown(origin, headers, signal) {
   const url2 = `${origin}/.well-known/x402`;
   return fetchSafe(url2, {
     method: "GET",
@@ -14046,6 +14061,127 @@ function getWellKnown(origin, headers, signal) {
   });
 }
+// src/core/source/wellknown/mpp.ts
+import { okAsync as okAsync3, ResultAsync as ResultAsync4 } from "neverthrow";
+var MppEndpointSchema = external_exports.object({
+  method: external_exports.string(),
+  path: external_exports.string(),
+  description: external_exports.string().optional(),
+  payment: external_exports.object({
+    intent: external_exports.string().optional(),
+    method: external_exports.string().optional(),
+    amount: external_exports.string().optional(),
+    currency: external_exports.string().optional()
+  }).optional()
+});
+var MppWellKnownDocSchema = external_exports.object({
+  version: external_exports.number().optional(),
+  name: external_exports.string().optional(),
+  description: external_exports.string().optional(),
+  categories: external_exports.array(external_exports.string()).optional(),
+  methods: external_exports.record(external_exports.string(), external_exports.unknown()).optional(),
+  endpoints: external_exports.array(MppEndpointSchema).default([]),
+  docs: external_exports.object({
+    homepage: external_exports.string().optional(),
+    apiReference: external_exports.string().optional()
+  }).optional()
+});
+var MPP_DECIMALS = 6;
+function formatMppAmount(raw) {
+  if (!raw) return void 0;
+  const n = Number(raw);
+  if (!Number.isFinite(n)) return void 0;
+  return `$${(n / 10 ** MPP_DECIMALS).toFixed(MPP_DECIMALS)}`;
+}
+function toWellKnownParsed2(doc) {
+  const routes = doc.endpoints.flatMap((entry) => {
+    const method = parseMethod(entry.method);
+    if (!method) return [];
+    const path = normalizePath(entry.path);
+    if (!path) return [];
+    const price = formatMppAmount(entry.payment?.amount);
+    return [{ path, method, ...price ? { price } : {} }];
+  });
+  return {
+    routes,
+    ...doc.description ? { instructions: doc.description } : {}
+  };
+}
+async function parseBody3(response, url2) {
+  try {
+    const payload = await response.json();
+    const doc = MppWellKnownDocSchema.safeParse(payload);
+    if (!doc.success) return null;
+    const parsed = WellKnownParsedSchema.safeParse(toWellKnownParsed2(doc.data));
+    if (!parsed.success) return null;
+    return {
+      raw: payload,
+      ...parsed.data,
+      ...doc.data.name ? { title: doc.data.name } : {},
+      ...doc.data.description ? { description: doc.data.description } : {},
+      protocol: "mpp",
+      fetchedUrl: url2
+    };
+  } catch {
+    return null;
+  }
+}
+function getMppWellKnown(origin, headers, signal) {
+  const url2 = `${origin}/.well-known/mpp`;
+  return fetchSafe(url2, {
+    method: "GET",
+    headers: { Accept: "application/json", ...headers },
+    signal
+  }).andThen((response) => {
+    if (!response.ok) return okAsync3(null);
+    return ResultAsync4.fromSafePromise(parseBody3(response, url2));
+  });
+}
+// src/core/source/wellknown/index.ts
+function mergeError(a, b) {
+  return {
+    cause: a.cause === "network" || b.cause === "network" ? "network" : "timeout",
+    message: `x402: ${a.message} | mpp: ${b.message}`
+  };
+}
+function merge2(x402, mpp) {
+  const seen = /* @__PURE__ */ new Set();
+  const routes = [...x402.routes, ...mpp.routes].filter((r) => {
+    const key = `${r.method} ${r.path}`;
+    if (seen.has(key)) return false;
+    seen.add(key);
+    return true;
+  });
+  return {
+    raw: { ...mpp.raw, ...x402.raw },
+    routes,
+    protocol: "x402+mpp",
+    // Prefer x402 instructions; fall back to mpp
+    ...x402.instructions || mpp.instructions ? { instructions: x402.instructions ?? mpp.instructions } : {},
+    fetchedUrl: x402.fetchedUrl
+  };
+}
+function getWellKnown(origin, headers, signal) {
+  return new ResultAsync5(
+    Promise.all([
+      getX402WellKnown(origin, headers, signal),
+      getMppWellKnown(origin, headers, signal)
+    ]).then(([x402Result, mppResult]) => {
+      const x402 = x402Result.isOk() ? x402Result.value : null;
+      const mpp = mppResult.isOk() ? mppResult.value : null;
+      if (x402 && mpp) return ok(merge2(x402, mpp));
+      if (x402) return ok(x402);
+      if (mpp) return ok(mpp);
+      if (x402Result.isErr() && mppResult.isErr())
+        return err(mergeError(x402Result.error, mppResult.error));
+      if (x402Result.isErr()) return err(x402Result.error);
+      if (mppResult.isErr()) return err(mppResult.error);
+      return ok(null);
+    })
+  );
+}
 // src/core/layers/l2.ts
 function formatPrice(pricing) {
   if (pricing.pricingMode === "fixed") return `$${pricing.price}`;
@@ -14071,15 +14207,27 @@ function checkL2ForOpenAPI(openApi) {
     source: "openapi"
   };
 }
+var WELL_KNOWN_PROTOCOLS = {
+  x402: ["x402"],
+  mpp: ["mpp"],
+  "x402+mpp": ["x402", "mpp"]
+};
 function checkL2ForWellknown(wellKnown) {
+  const protocols = WELL_KNOWN_PROTOCOLS[wellKnown.protocol];
   const routes = wellKnown.routes.map((route) => ({
     path: route.path,
     method: route.method,
     summary: `${route.method} ${route.path}`,
     authMode: "paid",
-    protocols: ["x402"]
+    protocols,
+    ...route.price ? { price: route.price } : {}
   }));
-  return { routes, source: "well-known/x402" };
+  return {
+    ...wellKnown.title ? { title: wellKnown.title } : {},
+    ...wellKnown.description ? { description: wellKnown.description } : {},
+    routes,
+    source: `well-known/${wellKnown.protocol}`
+  };
 }
 // src/core/layers/l4.ts
@@ -14091,7 +14239,7 @@ function checkL4ForOpenAPI(openApi) {
 }
 function checkL4ForWellknown(wellKnown) {
   if (wellKnown.instructions) {
-    return { guidance: wellKnown.instructions, source: "well-known/x402" };
+    return { guidance: wellKnown.instructions, source: `well-known/${wellKnown.protocol}` };
   }
   return null;
 }
@@ -14102,6 +14250,7 @@ var AUDIT_CODES = {
   OPENAPI_NOT_FOUND: "OPENAPI_NOT_FOUND",
   WELLKNOWN_NOT_FOUND: "WELLKNOWN_NOT_FOUND",
   // ─── OpenAPI quality ─────────────────────────────────────────────────────────
+  OPENAPI_PARSE_ERROR: "OPENAPI_PARSE_ERROR",
   OPENAPI_NO_ROUTES: "OPENAPI_NO_ROUTES",
   // ─── L2 route-list checks ────────────────────────────────────────────────────
   L2_NO_ROUTES: "L2_NO_ROUTES",
@@ -14136,6 +14285,9 @@ var AUDIT_CODES = {
 };
 // src/audit/warnings/sources.ts
+function isOpenApiParseFailure(value) {
+  return value !== null && "parseFailure" in value;
+}
 function getWarningsForOpenAPI(openApi) {
   if (openApi === null) {
     return [
@@ -14147,6 +14299,18 @@ function getWarningsForOpenAPI(openApi) {
       }
     ];
   }
+  if (isOpenApiParseFailure(openApi)) {
+    const details = openApi.issues.map((i) => `  ${i.path.map(String).join(".")}: ${i.message}`).join("\n");
+    return [
+      {
+        code: AUDIT_CODES.OPENAPI_PARSE_ERROR,
+        severity: "warn",
+        message: `OpenAPI spec found at ${openApi.fetchedUrl} but failed schema validation:
+${details}`,
+        hint: "Fix the schema issues above so discovery can read the spec."
+      }
+    ];
+  }
   const warnings = [];
   if (openApi.routes.length === 0) {
     warnings.push({
@@ -15043,7 +15207,7 @@ function getWarningsForL4(l4) {
 }
 // src/core/source/probe/index.ts
-import { ResultAsync as ResultAsync4 } from "neverthrow";
+import { ResultAsync as ResultAsync6 } from "neverthrow";
 // src/core/protocols/x402/index.ts
 function parseVersion(payload) {
@@ -15139,8 +15303,8 @@ function probeMethod(url2, method, path, headers, signal, inputBody) {
     ...hasBody ? { body: JSON.stringify(inputBody) } : {},
     signal
   }).andThen((response) => {
-    if (!isUsableStatus(response.status)) return ResultAsync4.fromSafePromise(Promise.resolve(null));
-    return ResultAsync4.fromSafePromise(
+    if (!isUsableStatus(response.status)) return ResultAsync6.fromSafePromise(Promise.resolve(null));
+    return ResultAsync6.fromSafePromise(
       (async () => {
         let authHint = response.status === 402 ? "paid" : "unprotected";
         let paymentRequiredBody;
@@ -15171,7 +15335,7 @@ function probeMethod(url2, method, path, headers, signal, inputBody) {
 }
 function getProbe(url2, headers, signal, inputBody) {
   const path = normalizePath(new URL(url2).pathname || "/");
-  return ResultAsync4.fromSafePromise(
+  return ResultAsync6.fromSafePromise(
     Promise.all(
       [...HTTP_METHODS].map(
         (method) => probeMethod(url2, method, path, headers, signal, inputBody).match(
@@ -15184,6 +15348,20 @@ function getProbe(url2, headers, signal, inputBody) {
 }
 // src/core/protocols/mpp/index.ts
+import { Result } from "neverthrow";
+function parseBase64Json(encoded) {
+  return Result.fromThrowable(
+    () => {
+      const decoded = typeof Buffer !== "undefined" ? Buffer.from(encoded, "base64").toString("utf8") : atob(encoded);
+      const parsed = JSON.parse(decoded);
+      if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+        throw new Error("not an object");
+      }
+      return parsed;
+    },
+    (e) => e
+  )();
+}
 var TEMPO_DEFAULT_CHAIN_ID = 4217;
 function parseAuthParams2(segment) {
   const params = {};
@@ -15206,14 +15384,9 @@ function extractPaymentOptions4(wwwAuthenticate) {
     const description = params["description"];
     const requestStr = params["request"];
     if (!paymentMethod || !intent || !realm || !requestStr) continue;
-    let request;
-    try {
-      const parsed = JSON.parse(requestStr);
-      if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) continue;
-      request = parsed;
-    } catch {
-      continue;
-    }
+    const requestResult = parseBase64Json(requestStr);
+    if (requestResult.isErr()) continue;
+    const request = requestResult.value;
     const asset = typeof request["currency"] === "string" ? request["currency"] : void 0;
     const amountRaw = request["amount"];
     const amount = typeof amountRaw === "string" ? amountRaw : typeof amountRaw === "number" ? String(amountRaw) : void 0;
@@ -15410,6 +15583,11 @@ async function attachProbePayload(url2, advisories) {
   }
 }
+// src/core/types/sources.ts
+function isOpenApiSource(raw) {
+  return raw !== null && !("parseFailure" in raw);
+}
 // src/runtime/check-endpoint.ts
 function getAdvisoriesForOpenAPI(openApi, path) {
   return [...HTTP_METHODS].flatMap((method) => {
@@ -15448,7 +15626,8 @@ async function checkEndpointSchema(options) {
     return { found: false, origin, path, cause: "not_found" };
   }
   const openApiResult = await getOpenAPI(origin, options.headers, options.signal);
-  const openApi = openApiResult.isOk() ? openApiResult.value : null;
+  const openApiRaw = openApiResult.isOk() ? openApiResult.value : null;
+  const openApi = isOpenApiSource(openApiRaw) ? openApiRaw : null;
   if (openApi) {
     const advisories2 = getAdvisoriesForOpenAPI(openApi, path);
     if (advisories2.length > 0) return { found: true, origin, path, advisories: advisories2 };
@@ -15518,10 +15697,11 @@ Discovering ${origin}...
     getOpenAPI(origin),
     getWellKnown(origin)
   ]);
-  const openApi = openApiResult.isOk() ? openApiResult.value : null;
+  const openApiRaw = openApiResult.isOk() ? openApiResult.value : null;
   const wellKnown = wellKnownResult.isOk() ? wellKnownResult.value : null;
+  const openApi = isOpenApiSource(openApiRaw) ? openApiRaw : null;
   const warnings = [
-    ...getWarningsForOpenAPI(openApi),
+    ...getWarningsForOpenAPI(openApiRaw),
     ...getWarningsForWellKnown(wellKnown)
   ];
   if (openApi) {
@@ -15587,12 +15767,14 @@ ${l4.guidance}`);
     warnings.push(...l3WarningArrays.flat());
     if (flags.json) {
       const meta3 = { origin, specUrl: wellKnown.fetchedUrl };
+      if (l2.title) meta3.title = l2.title;
+      if (l2.description) meta3.description = l2.description;
       if (l4 && flags.verbose) meta3.guidance = l4.guidance;
       console.log(
         JSON.stringify(
           {
             ok: true,
-            selectedStage: "well-known/x402",
+            selectedStage: l2.source,
             resources: l2.routes.map(routeToResource),
             warnings,
             trace: [],
@@ -15604,12 +15786,15 @@ ${l4.guidance}`);
       );
       return 0;
     }
-    console.log(`Source:   well-known/x402`);
+    console.log(`Source:   ${l2.source}`);
     console.log(`Spec:     ${wellKnown.fetchedUrl}`);
+    if (l2.title) console.log(`API:      ${l2.title}`);
     console.log(`Routes:   ${l2.routes.length}
 `);
     for (const route of l2.routes) {
-      console.log(`  ${route.method.padEnd(7)} ${route.path}  paid  [x402]`);
+      const price = route.price ? `  ${route.price}` : "";
+      const protocols = route.protocols?.length ? `  [${route.protocols.join(", ")}]` : "";
+      console.log(`  ${route.method.padEnd(7)} ${route.path}  paid${price}${protocols}`);
     }
   } else {
     if (flags.json) {