@agentcash/discovery 1.6.2 → 1.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/cli.cjs +57 -31
  2. package/dist/cli.js +57 -31
  3. package/dist/index.cjs +57 -31
  4. package/dist/index.d.cts +7 -6
  5. package/dist/index.d.ts +7 -6
  6. package/dist/index.js +57 -31
  7. package/dist/schemas.cjs +9 -5
  8. package/dist/schemas.d.cts +55 -446
  9. package/dist/schemas.d.ts +55 -446
  10. package/dist/schemas.js +9 -5
  11. package/package.json +1 -1
package/dist/cli.cjs CHANGED
@@ -13815,8 +13815,8 @@ var FixedPriceSchema = external_exports.object({
13815
13815
  var DynamicPriceSchema = external_exports.object({
13816
13816
  currency: Iso4217Schema,
13817
13817
  mode: external_exports.literal("dynamic"),
13818
- min: external_exports.string(),
13819
- max: external_exports.string()
13818
+ min: external_exports.string().optional(),
13819
+ max: external_exports.string().optional()
13820
13820
  });
13821
13821
  var PriceSchema = external_exports.union([FixedPriceSchema, DynamicPriceSchema]);
13822
13822
  var X402ProtocolSchema = external_exports.object({
@@ -13915,7 +13915,12 @@ function normalizeLegacy(raw) {
13915
13915
  function formatPrice(price) {
13916
13916
  const sym = price.currency ?? "USD";
13917
13917
  if (price.mode === "fixed") return `${price.amount} ${sym}`;
13918
- return `${price.min}-${price.max} ${sym}`;
13918
+ if (price.min !== void 0 && price.max !== void 0) {
13919
+ return `${price.min}-${price.max} ${sym}`;
13920
+ }
13921
+ if (price.min !== void 0) return `>=${price.min} ${sym}`;
13922
+ if (price.max !== void 0) return `<=${price.max} ${sym}`;
13923
+ return `dynamic ${sym}`;
13919
13924
  }
13920
13925
  function extractProtocolNames(protocols) {
13921
13926
  return protocols.map((p) => {
@@ -13967,10 +13972,13 @@ var OpenApiOperationSchema = external_exports.object({
13967
13972
  description: external_exports.string().optional(),
13968
13973
  tags: external_exports.array(external_exports.string()).optional(),
13969
13974
  security: external_exports.array(external_exports.record(external_exports.string(), external_exports.array(external_exports.string()))).optional(),
13975
+ // `in` / `name` are spec-required, but a single malformed parameter must not
13976
+ // abort the whole spec — keep them optional so discovery is resilient to
13977
+ // non-conformant OpenAPI documents in the wild.
13970
13978
  parameters: external_exports.array(
13971
13979
  external_exports.object({
13972
- in: external_exports.string(),
13973
- name: external_exports.string(),
13980
+ in: external_exports.string().optional(),
13981
+ name: external_exports.string().optional(),
13974
13982
  schema: external_exports.unknown().optional(),
13975
13983
  required: external_exports.boolean().optional()
13976
13984
  })
@@ -13980,7 +13988,8 @@ var OpenApiOperationSchema = external_exports.object({
13980
13988
  content: external_exports.record(external_exports.string(), external_exports.object({ schema: external_exports.unknown().optional() }))
13981
13989
  }).optional(),
13982
13990
  responses: external_exports.record(external_exports.string(), external_exports.unknown()).optional(),
13983
- "x-payment-info": OpenApiPaymentInfoSchema.optional()
13991
+ // Permissive: vendor extension shape is validated at runtime, never at parse time.
13992
+ "x-payment-info": external_exports.unknown().optional()
13984
13993
  });
13985
13994
  var OpenApiPathItemSchema = external_exports.object({
13986
13995
  get: OpenApiOperationSchema.optional(),
@@ -14124,20 +14133,27 @@ function fetchSafe(url2, init) {
14124
14133
  }
14125
14134
 
14126
14135
  // src/core/source/openapi/index.ts
14127
- function resolvePricingHint(p) {
14128
- const raw = p;
14129
- const info = resolvePaymentInfo(raw);
14136
+ function toRecord(raw) {
14137
+ if (typeof raw !== "object" || raw === null || Array.isArray(raw)) return void 0;
14138
+ return raw;
14139
+ }
14140
+ function resolvePricingHint(raw) {
14141
+ const record2 = toRecord(raw);
14142
+ if (!record2) return void 0;
14143
+ const info = resolvePaymentInfo(record2);
14130
14144
  if (!info) return void 0;
14131
14145
  return {
14132
14146
  pricingMode: info.price.mode,
14133
14147
  ...info.price.mode === "fixed" ? { price: info.price.amount } : {},
14134
- ...info.price.mode === "dynamic" ? { minPrice: info.price.min, maxPrice: info.price.max } : {},
14148
+ ...info.price.mode === "dynamic" && info.price.min !== void 0 ? { minPrice: info.price.min } : {},
14149
+ ...info.price.mode === "dynamic" && info.price.max !== void 0 ? { maxPrice: info.price.max } : {},
14135
14150
  ...info.price.currency ? { currency: info.price.currency } : {}
14136
14151
  };
14137
14152
  }
14138
- function resolveProtocols(p) {
14139
- const raw = p;
14140
- const info = resolvePaymentInfo(raw);
14153
+ function resolveProtocols(raw) {
14154
+ const record2 = toRecord(raw);
14155
+ if (!record2) return [];
14156
+ const info = resolvePaymentInfo(record2);
14141
14157
  if (!info) return [];
14142
14158
  return extractProtocolNames(info.protocols);
14143
14159
  }
@@ -14150,8 +14166,8 @@ var OpenApiParsedSchema = OpenApiDocSchema.transform((doc) => {
14150
14166
  if (!operation) continue;
14151
14167
  const authMode = inferAuthMode(operation, doc.security, doc.components?.securitySchemes) ?? void 0;
14152
14168
  const p = operation["x-payment-info"];
14153
- const protocols = resolveProtocols(p ?? {});
14154
- const pricing = (authMode === "paid" || authMode === "apiKey+paid") && p ? resolvePricingHint(p) : void 0;
14169
+ const protocols = resolveProtocols(p);
14170
+ const pricing = (authMode === "paid" || authMode === "apiKey+paid") && p !== void 0 ? resolvePricingHint(p) : void 0;
14155
14171
  const summary = operation.summary ?? operation.description;
14156
14172
  routes.push({
14157
14173
  path: normalizePath(serverBasePath + rawPath),
@@ -14392,28 +14408,29 @@ function getWellKnown(origin, headers, signal) {
14392
14408
  // src/core/layers/l2.ts
14393
14409
  function formatPrice2(pricing) {
14394
14410
  const sym = pricing.currency ?? "USD";
14395
- if (pricing.pricingMode === "fixed") return `${pricing.price} ${sym}`;
14411
+ if (pricing.pricingMode === "fixed" && pricing.price) return `${pricing.price} ${sym}`;
14396
14412
  if (pricing.pricingMode === "dynamic") {
14397
14413
  if (pricing.minPrice && pricing.maxPrice)
14398
14414
  return `${pricing.minPrice}-${pricing.maxPrice} ${sym}`;
14399
14415
  if (pricing.maxPrice) return `up to ${pricing.maxPrice} ${sym}`;
14400
- return "dynamic";
14416
+ if (pricing.minPrice) return `from ${pricing.minPrice} ${sym}`;
14401
14417
  }
14402
- return `unknown pricing mode: ${pricing.pricingMode}`;
14418
+ return void 0;
14403
14419
  }
14404
14420
  function checkL2ForOpenAPI(openApi) {
14405
- const routes = openApi.routes.map((route) => ({
14406
- path: route.path,
14407
- method: route.method,
14408
- summary: route.summary ?? `${route.method} ${route.path}`,
14409
- ...route.authMode ? { authMode: route.authMode } : {},
14410
- ...route.pricing ? {
14411
- price: formatPrice2(route.pricing),
14412
- pricingMode: route.pricing.pricingMode,
14413
- ...route.pricing.currency ? { currency: route.pricing.currency } : {}
14414
- } : {},
14415
- ...route.protocols?.length ? { protocols: route.protocols } : {}
14416
- }));
14421
+ const routes = openApi.routes.map((route) => {
14422
+ const priceHint = route.pricing ? formatPrice2(route.pricing) : void 0;
14423
+ return {
14424
+ path: route.path,
14425
+ method: route.method,
14426
+ summary: route.summary ?? `${route.method} ${route.path}`,
14427
+ ...route.authMode ? { authMode: route.authMode } : {},
14428
+ ...priceHint ? { price: priceHint } : {},
14429
+ ...route.pricing?.pricingMode ? { pricingMode: route.pricing.pricingMode } : {},
14430
+ ...route.pricing?.currency ? { currency: route.pricing.currency } : {},
14431
+ ...route.protocols?.length ? { protocols: route.protocols } : {}
14432
+ };
14433
+ });
14417
14434
  return {
14418
14435
  ...openApi.info.title ? { title: openApi.info.title } : {},
14419
14436
  ...openApi.info.description ? { description: openApi.info.description } : {},
@@ -14474,6 +14491,7 @@ var AUDIT_CODES = {
14474
14491
  L2_NO_PAID_ROUTES: "L2_NO_PAID_ROUTES",
14475
14492
  L2_PRICE_MISSING_ON_PAID: "L2_PRICE_MISSING_ON_PAID",
14476
14493
  L2_PRICING_MODE_UNKNOWN: "L2_PRICING_MODE_UNKNOWN",
14494
+ L2_DYNAMIC_PRICE_INCOMPLETE: "L2_DYNAMIC_PRICE_INCOMPLETE",
14477
14495
  L2_CURRENCY_INVALID: "L2_CURRENCY_INVALID",
14478
14496
  L2_PAYMENT_INFO_LEGACY: "L2_PAYMENT_INFO_LEGACY",
14479
14497
  L2_PROTOCOLS_MISSING_ON_PAID: "L2_PROTOCOLS_MISSING_ON_PAID",
@@ -14709,7 +14727,15 @@ function getWarningsForL2(l2) {
14709
14727
  });
14710
14728
  }
14711
14729
  if (route.authMode === "paid") {
14712
- if (!route.price) {
14730
+ if (route.pricingMode === "dynamic" && !route.price) {
14731
+ warnings.push({
14732
+ code: AUDIT_CODES.L2_DYNAMIC_PRICE_INCOMPLETE,
14733
+ severity: "warn",
14734
+ message: `Paid route ${loc} declares dynamic pricing but no min/max bounds.`,
14735
+ hint: "Add x-payment-info.price.min and .price.max so agents can budget before calling. Without bounds, agents have no safe upper limit to pre-authorize.",
14736
+ path: route.path
14737
+ });
14738
+ } else if (!route.price) {
14713
14739
  warnings.push({
14714
14740
  code: AUDIT_CODES.L2_PRICE_MISSING_ON_PAID,
14715
14741
  severity: "warn",
package/dist/cli.js CHANGED
@@ -13785,8 +13785,8 @@ var FixedPriceSchema = external_exports.object({
13785
13785
  var DynamicPriceSchema = external_exports.object({
13786
13786
  currency: Iso4217Schema,
13787
13787
  mode: external_exports.literal("dynamic"),
13788
- min: external_exports.string(),
13789
- max: external_exports.string()
13788
+ min: external_exports.string().optional(),
13789
+ max: external_exports.string().optional()
13790
13790
  });
13791
13791
  var PriceSchema = external_exports.union([FixedPriceSchema, DynamicPriceSchema]);
13792
13792
  var X402ProtocolSchema = external_exports.object({
@@ -13885,7 +13885,12 @@ function normalizeLegacy(raw) {
13885
13885
  function formatPrice(price) {
13886
13886
  const sym = price.currency ?? "USD";
13887
13887
  if (price.mode === "fixed") return `${price.amount} ${sym}`;
13888
- return `${price.min}-${price.max} ${sym}`;
13888
+ if (price.min !== void 0 && price.max !== void 0) {
13889
+ return `${price.min}-${price.max} ${sym}`;
13890
+ }
13891
+ if (price.min !== void 0) return `>=${price.min} ${sym}`;
13892
+ if (price.max !== void 0) return `<=${price.max} ${sym}`;
13893
+ return `dynamic ${sym}`;
13889
13894
  }
13890
13895
  function extractProtocolNames(protocols) {
13891
13896
  return protocols.map((p) => {
@@ -13937,10 +13942,13 @@ var OpenApiOperationSchema = external_exports.object({
13937
13942
  description: external_exports.string().optional(),
13938
13943
  tags: external_exports.array(external_exports.string()).optional(),
13939
13944
  security: external_exports.array(external_exports.record(external_exports.string(), external_exports.array(external_exports.string()))).optional(),
13945
+ // `in` / `name` are spec-required, but a single malformed parameter must not
13946
+ // abort the whole spec — keep them optional so discovery is resilient to
13947
+ // non-conformant OpenAPI documents in the wild.
13940
13948
  parameters: external_exports.array(
13941
13949
  external_exports.object({
13942
- in: external_exports.string(),
13943
- name: external_exports.string(),
13950
+ in: external_exports.string().optional(),
13951
+ name: external_exports.string().optional(),
13944
13952
  schema: external_exports.unknown().optional(),
13945
13953
  required: external_exports.boolean().optional()
13946
13954
  })
@@ -13950,7 +13958,8 @@ var OpenApiOperationSchema = external_exports.object({
13950
13958
  content: external_exports.record(external_exports.string(), external_exports.object({ schema: external_exports.unknown().optional() }))
13951
13959
  }).optional(),
13952
13960
  responses: external_exports.record(external_exports.string(), external_exports.unknown()).optional(),
13953
- "x-payment-info": OpenApiPaymentInfoSchema.optional()
13961
+ // Permissive: vendor extension shape is validated at runtime, never at parse time.
13962
+ "x-payment-info": external_exports.unknown().optional()
13954
13963
  });
13955
13964
  var OpenApiPathItemSchema = external_exports.object({
13956
13965
  get: OpenApiOperationSchema.optional(),
@@ -14094,20 +14103,27 @@ function fetchSafe(url2, init) {
14094
14103
  }
14095
14104
 
14096
14105
  // src/core/source/openapi/index.ts
14097
- function resolvePricingHint(p) {
14098
- const raw = p;
14099
- const info = resolvePaymentInfo(raw);
14106
+ function toRecord(raw) {
14107
+ if (typeof raw !== "object" || raw === null || Array.isArray(raw)) return void 0;
14108
+ return raw;
14109
+ }
14110
+ function resolvePricingHint(raw) {
14111
+ const record2 = toRecord(raw);
14112
+ if (!record2) return void 0;
14113
+ const info = resolvePaymentInfo(record2);
14100
14114
  if (!info) return void 0;
14101
14115
  return {
14102
14116
  pricingMode: info.price.mode,
14103
14117
  ...info.price.mode === "fixed" ? { price: info.price.amount } : {},
14104
- ...info.price.mode === "dynamic" ? { minPrice: info.price.min, maxPrice: info.price.max } : {},
14118
+ ...info.price.mode === "dynamic" && info.price.min !== void 0 ? { minPrice: info.price.min } : {},
14119
+ ...info.price.mode === "dynamic" && info.price.max !== void 0 ? { maxPrice: info.price.max } : {},
14105
14120
  ...info.price.currency ? { currency: info.price.currency } : {}
14106
14121
  };
14107
14122
  }
14108
- function resolveProtocols(p) {
14109
- const raw = p;
14110
- const info = resolvePaymentInfo(raw);
14123
+ function resolveProtocols(raw) {
14124
+ const record2 = toRecord(raw);
14125
+ if (!record2) return [];
14126
+ const info = resolvePaymentInfo(record2);
14111
14127
  if (!info) return [];
14112
14128
  return extractProtocolNames(info.protocols);
14113
14129
  }
@@ -14120,8 +14136,8 @@ var OpenApiParsedSchema = OpenApiDocSchema.transform((doc) => {
14120
14136
  if (!operation) continue;
14121
14137
  const authMode = inferAuthMode(operation, doc.security, doc.components?.securitySchemes) ?? void 0;
14122
14138
  const p = operation["x-payment-info"];
14123
- const protocols = resolveProtocols(p ?? {});
14124
- const pricing = (authMode === "paid" || authMode === "apiKey+paid") && p ? resolvePricingHint(p) : void 0;
14139
+ const protocols = resolveProtocols(p);
14140
+ const pricing = (authMode === "paid" || authMode === "apiKey+paid") && p !== void 0 ? resolvePricingHint(p) : void 0;
14125
14141
  const summary = operation.summary ?? operation.description;
14126
14142
  routes.push({
14127
14143
  path: normalizePath(serverBasePath + rawPath),
@@ -14362,28 +14378,29 @@ function getWellKnown(origin, headers, signal) {
14362
14378
  // src/core/layers/l2.ts
14363
14379
  function formatPrice2(pricing) {
14364
14380
  const sym = pricing.currency ?? "USD";
14365
- if (pricing.pricingMode === "fixed") return `${pricing.price} ${sym}`;
14381
+ if (pricing.pricingMode === "fixed" && pricing.price) return `${pricing.price} ${sym}`;
14366
14382
  if (pricing.pricingMode === "dynamic") {
14367
14383
  if (pricing.minPrice && pricing.maxPrice)
14368
14384
  return `${pricing.minPrice}-${pricing.maxPrice} ${sym}`;
14369
14385
  if (pricing.maxPrice) return `up to ${pricing.maxPrice} ${sym}`;
14370
- return "dynamic";
14386
+ if (pricing.minPrice) return `from ${pricing.minPrice} ${sym}`;
14371
14387
  }
14372
- return `unknown pricing mode: ${pricing.pricingMode}`;
14388
+ return void 0;
14373
14389
  }
14374
14390
  function checkL2ForOpenAPI(openApi) {
14375
- const routes = openApi.routes.map((route) => ({
14376
- path: route.path,
14377
- method: route.method,
14378
- summary: route.summary ?? `${route.method} ${route.path}`,
14379
- ...route.authMode ? { authMode: route.authMode } : {},
14380
- ...route.pricing ? {
14381
- price: formatPrice2(route.pricing),
14382
- pricingMode: route.pricing.pricingMode,
14383
- ...route.pricing.currency ? { currency: route.pricing.currency } : {}
14384
- } : {},
14385
- ...route.protocols?.length ? { protocols: route.protocols } : {}
14386
- }));
14391
+ const routes = openApi.routes.map((route) => {
14392
+ const priceHint = route.pricing ? formatPrice2(route.pricing) : void 0;
14393
+ return {
14394
+ path: route.path,
14395
+ method: route.method,
14396
+ summary: route.summary ?? `${route.method} ${route.path}`,
14397
+ ...route.authMode ? { authMode: route.authMode } : {},
14398
+ ...priceHint ? { price: priceHint } : {},
14399
+ ...route.pricing?.pricingMode ? { pricingMode: route.pricing.pricingMode } : {},
14400
+ ...route.pricing?.currency ? { currency: route.pricing.currency } : {},
14401
+ ...route.protocols?.length ? { protocols: route.protocols } : {}
14402
+ };
14403
+ });
14387
14404
  return {
14388
14405
  ...openApi.info.title ? { title: openApi.info.title } : {},
14389
14406
  ...openApi.info.description ? { description: openApi.info.description } : {},
@@ -14444,6 +14461,7 @@ var AUDIT_CODES = {
14444
14461
  L2_NO_PAID_ROUTES: "L2_NO_PAID_ROUTES",
14445
14462
  L2_PRICE_MISSING_ON_PAID: "L2_PRICE_MISSING_ON_PAID",
14446
14463
  L2_PRICING_MODE_UNKNOWN: "L2_PRICING_MODE_UNKNOWN",
14464
+ L2_DYNAMIC_PRICE_INCOMPLETE: "L2_DYNAMIC_PRICE_INCOMPLETE",
14447
14465
  L2_CURRENCY_INVALID: "L2_CURRENCY_INVALID",
14448
14466
  L2_PAYMENT_INFO_LEGACY: "L2_PAYMENT_INFO_LEGACY",
14449
14467
  L2_PROTOCOLS_MISSING_ON_PAID: "L2_PROTOCOLS_MISSING_ON_PAID",
@@ -14679,7 +14697,15 @@ function getWarningsForL2(l2) {
14679
14697
  });
14680
14698
  }
14681
14699
  if (route.authMode === "paid") {
14682
- if (!route.price) {
14700
+ if (route.pricingMode === "dynamic" && !route.price) {
14701
+ warnings.push({
14702
+ code: AUDIT_CODES.L2_DYNAMIC_PRICE_INCOMPLETE,
14703
+ severity: "warn",
14704
+ message: `Paid route ${loc} declares dynamic pricing but no min/max bounds.`,
14705
+ hint: "Add x-payment-info.price.min and .price.max so agents can budget before calling. Without bounds, agents have no safe upper limit to pre-authorize.",
14706
+ path: route.path
14707
+ });
14708
+ } else if (!route.price) {
14683
14709
  warnings.push({
14684
14710
  code: AUDIT_CODES.L2_PRICE_MISSING_ON_PAID,
14685
14711
  severity: "warn",
package/dist/index.cjs CHANGED
@@ -13847,8 +13847,8 @@ var FixedPriceSchema = external_exports.object({
13847
13847
  var DynamicPriceSchema = external_exports.object({
13848
13848
  currency: Iso4217Schema,
13849
13849
  mode: external_exports.literal("dynamic"),
13850
- min: external_exports.string(),
13851
- max: external_exports.string()
13850
+ min: external_exports.string().optional(),
13851
+ max: external_exports.string().optional()
13852
13852
  });
13853
13853
  var PriceSchema = external_exports.union([FixedPriceSchema, DynamicPriceSchema]);
13854
13854
  var X402ProtocolSchema = external_exports.object({
@@ -13947,7 +13947,12 @@ function normalizeLegacy(raw) {
13947
13947
  function formatPrice(price) {
13948
13948
  const sym = price.currency ?? "USD";
13949
13949
  if (price.mode === "fixed") return `${price.amount} ${sym}`;
13950
- return `${price.min}-${price.max} ${sym}`;
13950
+ if (price.min !== void 0 && price.max !== void 0) {
13951
+ return `${price.min}-${price.max} ${sym}`;
13952
+ }
13953
+ if (price.min !== void 0) return `>=${price.min} ${sym}`;
13954
+ if (price.max !== void 0) return `<=${price.max} ${sym}`;
13955
+ return `dynamic ${sym}`;
13951
13956
  }
13952
13957
  function extractProtocolNames(protocols) {
13953
13958
  return protocols.map((p) => {
@@ -13999,10 +14004,13 @@ var OpenApiOperationSchema = external_exports.object({
13999
14004
  description: external_exports.string().optional(),
14000
14005
  tags: external_exports.array(external_exports.string()).optional(),
14001
14006
  security: external_exports.array(external_exports.record(external_exports.string(), external_exports.array(external_exports.string()))).optional(),
14007
+ // `in` / `name` are spec-required, but a single malformed parameter must not
14008
+ // abort the whole spec — keep them optional so discovery is resilient to
14009
+ // non-conformant OpenAPI documents in the wild.
14002
14010
  parameters: external_exports.array(
14003
14011
  external_exports.object({
14004
- in: external_exports.string(),
14005
- name: external_exports.string(),
14012
+ in: external_exports.string().optional(),
14013
+ name: external_exports.string().optional(),
14006
14014
  schema: external_exports.unknown().optional(),
14007
14015
  required: external_exports.boolean().optional()
14008
14016
  })
@@ -14012,7 +14020,8 @@ var OpenApiOperationSchema = external_exports.object({
14012
14020
  content: external_exports.record(external_exports.string(), external_exports.object({ schema: external_exports.unknown().optional() }))
14013
14021
  }).optional(),
14014
14022
  responses: external_exports.record(external_exports.string(), external_exports.unknown()).optional(),
14015
- "x-payment-info": OpenApiPaymentInfoSchema.optional()
14023
+ // Permissive: vendor extension shape is validated at runtime, never at parse time.
14024
+ "x-payment-info": external_exports.unknown().optional()
14016
14025
  });
14017
14026
  var OpenApiPathItemSchema = external_exports.object({
14018
14027
  get: OpenApiOperationSchema.optional(),
@@ -14156,20 +14165,27 @@ function fetchSafe(url2, init) {
14156
14165
  }
14157
14166
 
14158
14167
  // src/core/source/openapi/index.ts
14159
- function resolvePricingHint(p) {
14160
- const raw = p;
14161
- const info = resolvePaymentInfo(raw);
14168
+ function toRecord(raw) {
14169
+ if (typeof raw !== "object" || raw === null || Array.isArray(raw)) return void 0;
14170
+ return raw;
14171
+ }
14172
+ function resolvePricingHint(raw) {
14173
+ const record2 = toRecord(raw);
14174
+ if (!record2) return void 0;
14175
+ const info = resolvePaymentInfo(record2);
14162
14176
  if (!info) return void 0;
14163
14177
  return {
14164
14178
  pricingMode: info.price.mode,
14165
14179
  ...info.price.mode === "fixed" ? { price: info.price.amount } : {},
14166
- ...info.price.mode === "dynamic" ? { minPrice: info.price.min, maxPrice: info.price.max } : {},
14180
+ ...info.price.mode === "dynamic" && info.price.min !== void 0 ? { minPrice: info.price.min } : {},
14181
+ ...info.price.mode === "dynamic" && info.price.max !== void 0 ? { maxPrice: info.price.max } : {},
14167
14182
  ...info.price.currency ? { currency: info.price.currency } : {}
14168
14183
  };
14169
14184
  }
14170
- function resolveProtocols(p) {
14171
- const raw = p;
14172
- const info = resolvePaymentInfo(raw);
14185
+ function resolveProtocols(raw) {
14186
+ const record2 = toRecord(raw);
14187
+ if (!record2) return [];
14188
+ const info = resolvePaymentInfo(record2);
14173
14189
  if (!info) return [];
14174
14190
  return extractProtocolNames(info.protocols);
14175
14191
  }
@@ -14182,8 +14198,8 @@ var OpenApiParsedSchema = OpenApiDocSchema.transform((doc) => {
14182
14198
  if (!operation) continue;
14183
14199
  const authMode = inferAuthMode(operation, doc.security, doc.components?.securitySchemes) ?? void 0;
14184
14200
  const p = operation["x-payment-info"];
14185
- const protocols = resolveProtocols(p ?? {});
14186
- const pricing = (authMode === "paid" || authMode === "apiKey+paid") && p ? resolvePricingHint(p) : void 0;
14201
+ const protocols = resolveProtocols(p);
14202
+ const pricing = (authMode === "paid" || authMode === "apiKey+paid") && p !== void 0 ? resolvePricingHint(p) : void 0;
14187
14203
  const summary = operation.summary ?? operation.description;
14188
14204
  routes.push({
14189
14205
  path: normalizePath(serverBasePath + rawPath),
@@ -14424,28 +14440,29 @@ function getWellKnown(origin, headers, signal) {
14424
14440
  // src/core/layers/l2.ts
14425
14441
  function formatPrice2(pricing) {
14426
14442
  const sym = pricing.currency ?? "USD";
14427
- if (pricing.pricingMode === "fixed") return `${pricing.price} ${sym}`;
14443
+ if (pricing.pricingMode === "fixed" && pricing.price) return `${pricing.price} ${sym}`;
14428
14444
  if (pricing.pricingMode === "dynamic") {
14429
14445
  if (pricing.minPrice && pricing.maxPrice)
14430
14446
  return `${pricing.minPrice}-${pricing.maxPrice} ${sym}`;
14431
14447
  if (pricing.maxPrice) return `up to ${pricing.maxPrice} ${sym}`;
14432
- return "dynamic";
14448
+ if (pricing.minPrice) return `from ${pricing.minPrice} ${sym}`;
14433
14449
  }
14434
- return `unknown pricing mode: ${pricing.pricingMode}`;
14450
+ return void 0;
14435
14451
  }
14436
14452
  function checkL2ForOpenAPI(openApi) {
14437
- const routes = openApi.routes.map((route) => ({
14438
- path: route.path,
14439
- method: route.method,
14440
- summary: route.summary ?? `${route.method} ${route.path}`,
14441
- ...route.authMode ? { authMode: route.authMode } : {},
14442
- ...route.pricing ? {
14443
- price: formatPrice2(route.pricing),
14444
- pricingMode: route.pricing.pricingMode,
14445
- ...route.pricing.currency ? { currency: route.pricing.currency } : {}
14446
- } : {},
14447
- ...route.protocols?.length ? { protocols: route.protocols } : {}
14448
- }));
14453
+ const routes = openApi.routes.map((route) => {
14454
+ const priceHint = route.pricing ? formatPrice2(route.pricing) : void 0;
14455
+ return {
14456
+ path: route.path,
14457
+ method: route.method,
14458
+ summary: route.summary ?? `${route.method} ${route.path}`,
14459
+ ...route.authMode ? { authMode: route.authMode } : {},
14460
+ ...priceHint ? { price: priceHint } : {},
14461
+ ...route.pricing?.pricingMode ? { pricingMode: route.pricing.pricingMode } : {},
14462
+ ...route.pricing?.currency ? { currency: route.pricing.currency } : {},
14463
+ ...route.protocols?.length ? { protocols: route.protocols } : {}
14464
+ };
14465
+ });
14449
14466
  return {
14450
14467
  ...openApi.info.title ? { title: openApi.info.title } : {},
14451
14468
  ...openApi.info.description ? { description: openApi.info.description } : {},
@@ -15502,6 +15519,7 @@ var AUDIT_CODES = {
15502
15519
  L2_NO_PAID_ROUTES: "L2_NO_PAID_ROUTES",
15503
15520
  L2_PRICE_MISSING_ON_PAID: "L2_PRICE_MISSING_ON_PAID",
15504
15521
  L2_PRICING_MODE_UNKNOWN: "L2_PRICING_MODE_UNKNOWN",
15522
+ L2_DYNAMIC_PRICE_INCOMPLETE: "L2_DYNAMIC_PRICE_INCOMPLETE",
15505
15523
  L2_CURRENCY_INVALID: "L2_CURRENCY_INVALID",
15506
15524
  L2_PAYMENT_INFO_LEGACY: "L2_PAYMENT_INFO_LEGACY",
15507
15525
  L2_PROTOCOLS_MISSING_ON_PAID: "L2_PROTOCOLS_MISSING_ON_PAID",
@@ -16190,7 +16208,15 @@ function getWarningsForL2(l2) {
16190
16208
  });
16191
16209
  }
16192
16210
  if (route.authMode === "paid") {
16193
- if (!route.price) {
16211
+ if (route.pricingMode === "dynamic" && !route.price) {
16212
+ warnings.push({
16213
+ code: AUDIT_CODES.L2_DYNAMIC_PRICE_INCOMPLETE,
16214
+ severity: "warn",
16215
+ message: `Paid route ${loc} declares dynamic pricing but no min/max bounds.`,
16216
+ hint: "Add x-payment-info.price.min and .price.max so agents can budget before calling. Without bounds, agents have no safe upper limit to pre-authorize.",
16217
+ path: route.path
16218
+ });
16219
+ } else if (!route.price) {
16194
16220
  warnings.push({
16195
16221
  code: AUDIT_CODES.L2_PRICE_MISSING_ON_PAID,
16196
16222
  severity: "warn",
package/dist/index.d.cts CHANGED
@@ -392,8 +392,8 @@ declare const FixedPriceSchema: z.ZodObject<{
392
392
  declare const DynamicPriceSchema: z.ZodObject<{
393
393
  currency: z.ZodOptional<z.ZodString>;
394
394
  mode: z.ZodLiteral<"dynamic">;
395
- min: z.ZodString;
396
- max: z.ZodString;
395
+ min: z.ZodOptional<z.ZodString>;
396
+ max: z.ZodOptional<z.ZodString>;
397
397
  }, z.core.$strip>;
398
398
  declare const PriceSchema: z.ZodUnion<readonly [z.ZodObject<{
399
399
  currency: z.ZodOptional<z.ZodString>;
@@ -402,8 +402,8 @@ declare const PriceSchema: z.ZodUnion<readonly [z.ZodObject<{
402
402
  }, z.core.$strip>, z.ZodObject<{
403
403
  currency: z.ZodOptional<z.ZodString>;
404
404
  mode: z.ZodLiteral<"dynamic">;
405
- min: z.ZodString;
406
- max: z.ZodString;
405
+ min: z.ZodOptional<z.ZodString>;
406
+ max: z.ZodOptional<z.ZodString>;
407
407
  }, z.core.$strip>]>;
408
408
  declare const X402ProtocolSchema: z.ZodObject<{
409
409
  x402: z.ZodRecord<z.ZodString, z.ZodUnknown>;
@@ -424,8 +424,8 @@ declare const PaymentInfoSchema: z.ZodObject<{
424
424
  }, z.core.$strip>, z.ZodObject<{
425
425
  currency: z.ZodOptional<z.ZodString>;
426
426
  mode: z.ZodLiteral<"dynamic">;
427
- min: z.ZodString;
428
- max: z.ZodString;
427
+ min: z.ZodOptional<z.ZodString>;
428
+ max: z.ZodOptional<z.ZodString>;
429
429
  }, z.core.$strip>]>;
430
430
  protocols: z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
431
431
  }, z.core.$strip>;
@@ -448,6 +448,7 @@ declare const AUDIT_CODES: {
448
448
  readonly L2_NO_PAID_ROUTES: "L2_NO_PAID_ROUTES";
449
449
  readonly L2_PRICE_MISSING_ON_PAID: "L2_PRICE_MISSING_ON_PAID";
450
450
  readonly L2_PRICING_MODE_UNKNOWN: "L2_PRICING_MODE_UNKNOWN";
451
+ readonly L2_DYNAMIC_PRICE_INCOMPLETE: "L2_DYNAMIC_PRICE_INCOMPLETE";
451
452
  readonly L2_CURRENCY_INVALID: "L2_CURRENCY_INVALID";
452
453
  readonly L2_PAYMENT_INFO_LEGACY: "L2_PAYMENT_INFO_LEGACY";
453
454
  readonly L2_PROTOCOLS_MISSING_ON_PAID: "L2_PROTOCOLS_MISSING_ON_PAID";
package/dist/index.d.ts CHANGED
@@ -392,8 +392,8 @@ declare const FixedPriceSchema: z.ZodObject<{
392
392
  declare const DynamicPriceSchema: z.ZodObject<{
393
393
  currency: z.ZodOptional<z.ZodString>;
394
394
  mode: z.ZodLiteral<"dynamic">;
395
- min: z.ZodString;
396
- max: z.ZodString;
395
+ min: z.ZodOptional<z.ZodString>;
396
+ max: z.ZodOptional<z.ZodString>;
397
397
  }, z.core.$strip>;
398
398
  declare const PriceSchema: z.ZodUnion<readonly [z.ZodObject<{
399
399
  currency: z.ZodOptional<z.ZodString>;
@@ -402,8 +402,8 @@ declare const PriceSchema: z.ZodUnion<readonly [z.ZodObject<{
402
402
  }, z.core.$strip>, z.ZodObject<{
403
403
  currency: z.ZodOptional<z.ZodString>;
404
404
  mode: z.ZodLiteral<"dynamic">;
405
- min: z.ZodString;
406
- max: z.ZodString;
405
+ min: z.ZodOptional<z.ZodString>;
406
+ max: z.ZodOptional<z.ZodString>;
407
407
  }, z.core.$strip>]>;
408
408
  declare const X402ProtocolSchema: z.ZodObject<{
409
409
  x402: z.ZodRecord<z.ZodString, z.ZodUnknown>;
@@ -424,8 +424,8 @@ declare const PaymentInfoSchema: z.ZodObject<{
424
424
  }, z.core.$strip>, z.ZodObject<{
425
425
  currency: z.ZodOptional<z.ZodString>;
426
426
  mode: z.ZodLiteral<"dynamic">;
427
- min: z.ZodString;
428
- max: z.ZodString;
427
+ min: z.ZodOptional<z.ZodString>;
428
+ max: z.ZodOptional<z.ZodString>;
429
429
  }, z.core.$strip>]>;
430
430
  protocols: z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
431
431
  }, z.core.$strip>;
@@ -448,6 +448,7 @@ declare const AUDIT_CODES: {
448
448
  readonly L2_NO_PAID_ROUTES: "L2_NO_PAID_ROUTES";
449
449
  readonly L2_PRICE_MISSING_ON_PAID: "L2_PRICE_MISSING_ON_PAID";
450
450
  readonly L2_PRICING_MODE_UNKNOWN: "L2_PRICING_MODE_UNKNOWN";
451
+ readonly L2_DYNAMIC_PRICE_INCOMPLETE: "L2_DYNAMIC_PRICE_INCOMPLETE";
451
452
  readonly L2_CURRENCY_INVALID: "L2_CURRENCY_INVALID";
452
453
  readonly L2_PAYMENT_INFO_LEGACY: "L2_PAYMENT_INFO_LEGACY";
453
454
  readonly L2_PROTOCOLS_MISSING_ON_PAID: "L2_PROTOCOLS_MISSING_ON_PAID";