@agentcash/discovery 1.6.3 → 1.6.4

package/dist/cli.cjs

@@ -15626,7 +15626,7 @@ function getWarningsForFavicon(origin) {
 }
 
 // src/core/source/probe/index.ts
-var import_neverthrow7 = require("neverthrow");
+var import_neverthrow8 = require("neverthrow");
 
 // src/core/protocols/x402/index.ts
 function parseVersion(payload) {
@@ -15676,11 +15676,36 @@ async function parsePaymentRequiredBody(response) {
   return payload;
 }
 
+// src/core/lib/base64.ts
+var import_neverthrow7 = require("neverthrow");
+function safeBase64DecodeUtf8(encoded) {
+  return import_neverthrow7.Result.fromThrowable(
+    () => {
+      if (typeof Buffer !== "undefined") {
+        return Buffer.from(encoded, "base64").toString("utf8");
+      }
+      const binaryString = atob(encoded);
+      const bytes = new Uint8Array(binaryString.length);
+      for (let i = 0; i < binaryString.length; i++) {
+        bytes[i] = binaryString.charCodeAt(i);
+      }
+      return new TextDecoder("utf-8").decode(bytes);
+    },
+    (e) => e instanceof Error ? e : new Error(String(e))
+  )();
+}
+
 // src/core/protocols/x402/v2/parse-payment-required.ts
 function parsePaymentRequiredBody2(headerValue) {
-  const payload = JSON.parse(atob(headerValue));
-  if (!isRecord(payload) || payload.x402Version !== 2) return null;
-  return payload;
+  const decoded = safeBase64DecodeUtf8(headerValue);
+  if (decoded.isErr()) return null;
+  try {
+    const payload = JSON.parse(decoded.value);
+    if (!isRecord(payload) || payload.x402Version !== 2) return null;
+    return payload;
+  } catch {
+    return null;
+  }
 }
 
 // src/core/source/probe/index.ts
@@ -15722,8 +15747,8 @@ function probeMethod(url2, method, path, headers, signal, inputBody) {
     ...hasBody ? { body: JSON.stringify(inputBody) } : {},
     signal
   }).andThen((response) => {
-    if (!isUsableStatus(response.status)) return import_neverthrow7.ResultAsync.fromSafePromise(Promise.resolve(null));
-    return import_neverthrow7.ResultAsync.fromSafePromise(
+    if (!isUsableStatus(response.status)) return import_neverthrow8.ResultAsync.fromSafePromise(Promise.resolve(null));
+    return import_neverthrow8.ResultAsync.fromSafePromise(
       (async () => {
         let authHint = response.status === 402 ? "paid" : "unprotected";
         let paymentRequiredBody;
@@ -15754,7 +15779,7 @@ function probeMethod(url2, method, path, headers, signal, inputBody) {
 }
 function getProbe(url2, headers, signal, inputBody) {
   const path = normalizePath(new URL(url2).pathname || "/");
-  return import_neverthrow7.ResultAsync.fromSafePromise(
+  return import_neverthrow8.ResultAsync.fromSafePromise(
     Promise.all(
       [...HTTP_METHODS].map(
         (method) => probeMethod(url2, method, path, headers, signal, inputBody).match(
@@ -15767,12 +15792,13 @@ function getProbe(url2, headers, signal, inputBody) {
 }
 
 // src/core/protocols/mpp/index.ts
-var import_neverthrow8 = require("neverthrow");
+var import_neverthrow9 = require("neverthrow");
 function parseBase64Json(encoded) {
-  return import_neverthrow8.Result.fromThrowable(
+  return import_neverthrow9.Result.fromThrowable(
     () => {
-      const decoded = typeof Buffer !== "undefined" ? Buffer.from(encoded, "base64").toString("utf8") : atob(encoded);
-      const parsed = JSON.parse(decoded);
+      const decoded = safeBase64DecodeUtf8(encoded);
+      if (decoded.isErr()) throw decoded.error;
+      const parsed = JSON.parse(decoded.value);
       if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
         throw new Error("not an object");
       }

package/dist/cli.js

@@ -15646,11 +15646,36 @@ async function parsePaymentRequiredBody(response) {
   return payload;
 }
 
+// src/core/lib/base64.ts
+import { Result as Result2 } from "neverthrow";
+function safeBase64DecodeUtf8(encoded) {
+  return Result2.fromThrowable(
+    () => {
+      if (typeof Buffer !== "undefined") {
+        return Buffer.from(encoded, "base64").toString("utf8");
+      }
+      const binaryString = atob(encoded);
+      const bytes = new Uint8Array(binaryString.length);
+      for (let i = 0; i < binaryString.length; i++) {
+        bytes[i] = binaryString.charCodeAt(i);
+      }
+      return new TextDecoder("utf-8").decode(bytes);
+    },
+    (e) => e instanceof Error ? e : new Error(String(e))
+  )();
+}
+
 // src/core/protocols/x402/v2/parse-payment-required.ts
 function parsePaymentRequiredBody2(headerValue) {
-  const payload = JSON.parse(atob(headerValue));
-  if (!isRecord(payload) || payload.x402Version !== 2) return null;
-  return payload;
+  const decoded = safeBase64DecodeUtf8(headerValue);
+  if (decoded.isErr()) return null;
+  try {
+    const payload = JSON.parse(decoded.value);
+    if (!isRecord(payload) || payload.x402Version !== 2) return null;
+    return payload;
+  } catch {
+    return null;
+  }
 }
 
 // src/core/source/probe/index.ts
@@ -15737,12 +15762,13 @@ function getProbe(url2, headers, signal, inputBody) {
 }
 
 // src/core/protocols/mpp/index.ts
-import { Result as Result2 } from "neverthrow";
+import { Result as Result3 } from "neverthrow";
 function parseBase64Json(encoded) {
-  return Result2.fromThrowable(
+  return Result3.fromThrowable(
     () => {
-      const decoded = typeof Buffer !== "undefined" ? Buffer.from(encoded, "base64").toString("utf8") : atob(encoded);
-      const parsed = JSON.parse(decoded);
+      const decoded = safeBase64DecodeUtf8(encoded);
+      if (decoded.isErr()) throw decoded.error;
+      const parsed = JSON.parse(decoded.value);
       if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
         throw new Error("not an object");
       }

package/dist/index.cjs

@@ -14627,7 +14627,7 @@ async function discoverOriginSchema(options) {
 }
 
 // src/core/source/probe/index.ts
-var import_neverthrow6 = require("neverthrow");
+var import_neverthrow7 = require("neverthrow");
 
 // src/core/protocols/x402/v1/schema.ts
 function extractSchemas(accepts) {
@@ -15031,11 +15031,36 @@ async function parsePaymentRequiredBody(response) {
   return payload;
 }
 
+// src/core/lib/base64.ts
+var import_neverthrow6 = require("neverthrow");
+function safeBase64DecodeUtf8(encoded) {
+  return import_neverthrow6.Result.fromThrowable(
+    () => {
+      if (typeof Buffer !== "undefined") {
+        return Buffer.from(encoded, "base64").toString("utf8");
+      }
+      const binaryString = atob(encoded);
+      const bytes = new Uint8Array(binaryString.length);
+      for (let i = 0; i < binaryString.length; i++) {
+        bytes[i] = binaryString.charCodeAt(i);
+      }
+      return new TextDecoder("utf-8").decode(bytes);
+    },
+    (e) => e instanceof Error ? e : new Error(String(e))
+  )();
+}
+
 // src/core/protocols/x402/v2/parse-payment-required.ts
 function parsePaymentRequiredBody2(headerValue) {
-  const payload = JSON.parse(atob(headerValue));
-  if (!isRecord(payload) || payload.x402Version !== 2) return null;
-  return payload;
+  const decoded = safeBase64DecodeUtf8(headerValue);
+  if (decoded.isErr()) return null;
+  try {
+    const payload = JSON.parse(decoded.value);
+    if (!isRecord(payload) || payload.x402Version !== 2) return null;
+    return payload;
+  } catch {
+    return null;
+  }
 }
 
 // src/core/source/probe/index.ts
@@ -15077,8 +15102,8 @@ function probeMethod(url2, method, path, headers, signal, inputBody) {
     ...hasBody ? { body: JSON.stringify(inputBody) } : {},
     signal
   }).andThen((response) => {
-    if (!isUsableStatus(response.status)) return import_neverthrow6.ResultAsync.fromSafePromise(Promise.resolve(null));
-    return import_neverthrow6.ResultAsync.fromSafePromise(
+    if (!isUsableStatus(response.status)) return import_neverthrow7.ResultAsync.fromSafePromise(Promise.resolve(null));
+    return import_neverthrow7.ResultAsync.fromSafePromise(
       (async () => {
         let authHint = response.status === 402 ? "paid" : "unprotected";
         let paymentRequiredBody;
@@ -15109,7 +15134,7 @@ function probeMethod(url2, method, path, headers, signal, inputBody) {
 }
 function getProbe(url2, headers, signal, inputBody) {
   const path = normalizePath(new URL(url2).pathname || "/");
-  return import_neverthrow6.ResultAsync.fromSafePromise(
+  return import_neverthrow7.ResultAsync.fromSafePromise(
     Promise.all(
       [...HTTP_METHODS].map(
         (method) => probeMethod(url2, method, path, headers, signal, inputBody).match(
@@ -15122,12 +15147,13 @@ function getProbe(url2, headers, signal, inputBody) {
 }
 
 // src/core/protocols/mpp/index.ts
-var import_neverthrow7 = require("neverthrow");
+var import_neverthrow8 = require("neverthrow");
 function parseBase64Json(encoded) {
-  return import_neverthrow7.Result.fromThrowable(
+  return import_neverthrow8.Result.fromThrowable(
     () => {
-      const decoded = typeof Buffer !== "undefined" ? Buffer.from(encoded, "base64").toString("utf8") : atob(encoded);
-      const parsed = JSON.parse(decoded);
+      const decoded = safeBase64DecodeUtf8(encoded);
+      if (decoded.isErr()) throw decoded.error;
+      const parsed = JSON.parse(decoded.value);
       if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
         throw new Error("not an object");
       }
@@ -16266,7 +16292,7 @@ function getWarningsForL4(l4) {
 }
 
 // src/audit/warnings/favicon.ts
-var import_neverthrow8 = require("neverthrow");
+var import_neverthrow9 = require("neverthrow");
 var COMMON_PATHS = ["/favicon.ico", "/favicon.png", "/favicon.svg"];
 var TIMEOUT = AbortSignal.timeout(5e3);
 function isImage(res) {
@@ -16274,12 +16300,12 @@ function isImage(res) {
 }
 function checkUrl(url2) {
   return fetchSafe(url2, { method: "HEAD", signal: TIMEOUT }).andThen((res) => {
-    if (res.ok) return (0, import_neverthrow8.okAsync)(isImage(res));
+    if (res.ok) return (0, import_neverthrow9.okAsync)(isImage(res));
     if (res.status === 405 || res.status === 403) {
       return fetchSafe(url2, { signal: TIMEOUT }).map((getRes) => getRes.ok && isImage(getRes));
     }
-    return (0, import_neverthrow8.okAsync)(false);
-  }).orElse(() => (0, import_neverthrow8.okAsync)(false));
+    return (0, import_neverthrow9.okAsync)(false);
+  }).orElse(() => (0, import_neverthrow9.okAsync)(false));
 }
 function resolveHref(href, origin) {
   if (href.startsWith("//")) return `https:${href}`;
@@ -16308,15 +16334,15 @@ function extractIconHrefs(html, origin) {
 function getHtmlIconHrefs(origin) {
   return fetchSafe(origin, { signal: TIMEOUT }).andThen((res) => {
     if (!res.ok || !(res.headers.get("content-type") ?? "").includes("text/html"))
-      return (0, import_neverthrow8.okAsync)("");
-    return import_neverthrow8.ResultAsync.fromSafePromise(res.text());
-  }).map((html) => html ? extractIconHrefs(html, origin) : []).orElse(() => (0, import_neverthrow8.okAsync)([]));
+      return (0, import_neverthrow9.okAsync)("");
+    return import_neverthrow9.ResultAsync.fromSafePromise(res.text());
+  }).map((html) => html ? extractIconHrefs(html, origin) : []).orElse(() => (0, import_neverthrow9.okAsync)([]));
 }
 function checkFavicon(origin) {
   const normalizedOrigin = origin.replace(/\/$/, "");
   return getHtmlIconHrefs(normalizedOrigin).andThen((hrefs) => {
     const candidates = [...hrefs, ...COMMON_PATHS.map((p) => `${normalizedOrigin}${p}`)];
-    return import_neverthrow8.ResultAsync.fromSafePromise(
+    return import_neverthrow9.ResultAsync.fromSafePromise(
       Promise.all(candidates.map((url2) => checkUrl(url2).then((r) => r.isOk() && r.value))).then(
         (results) => results.some(Boolean)
       )

package/dist/index.js

@@ -14969,11 +14969,36 @@ async function parsePaymentRequiredBody(response) {
   return payload;
 }
 
+// src/core/lib/base64.ts
+import { Result as Result2 } from "neverthrow";
+function safeBase64DecodeUtf8(encoded) {
+  return Result2.fromThrowable(
+    () => {
+      if (typeof Buffer !== "undefined") {
+        return Buffer.from(encoded, "base64").toString("utf8");
+      }
+      const binaryString = atob(encoded);
+      const bytes = new Uint8Array(binaryString.length);
+      for (let i = 0; i < binaryString.length; i++) {
+        bytes[i] = binaryString.charCodeAt(i);
+      }
+      return new TextDecoder("utf-8").decode(bytes);
+    },
+    (e) => e instanceof Error ? e : new Error(String(e))
+  )();
+}
+
 // src/core/protocols/x402/v2/parse-payment-required.ts
 function parsePaymentRequiredBody2(headerValue) {
-  const payload = JSON.parse(atob(headerValue));
-  if (!isRecord(payload) || payload.x402Version !== 2) return null;
-  return payload;
+  const decoded = safeBase64DecodeUtf8(headerValue);
+  if (decoded.isErr()) return null;
+  try {
+    const payload = JSON.parse(decoded.value);
+    if (!isRecord(payload) || payload.x402Version !== 2) return null;
+    return payload;
+  } catch {
+    return null;
+  }
 }
 
 // src/core/source/probe/index.ts
@@ -15060,12 +15085,13 @@ function getProbe(url2, headers, signal, inputBody) {
 }
 
 // src/core/protocols/mpp/index.ts
-import { Result as Result2 } from "neverthrow";
+import { Result as Result3 } from "neverthrow";
 function parseBase64Json(encoded) {
-  return Result2.fromThrowable(
+  return Result3.fromThrowable(
     () => {
-      const decoded = typeof Buffer !== "undefined" ? Buffer.from(encoded, "base64").toString("utf8") : atob(encoded);
-      const parsed = JSON.parse(decoded);
+      const decoded = safeBase64DecodeUtf8(encoded);
+      if (decoded.isErr()) throw decoded.error;
+      const parsed = JSON.parse(decoded.value);
       if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
         throw new Error("not an object");
       }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentcash/discovery",
-  "version": "1.6.3",
+  "version": "1.6.4",
   "description": "Canonical OpenAPI-first discovery runtime for the agentcash ecosystem",
   "type": "module",
   "main": "./dist/index.cjs",