@agentcash/discovery 1.6.3 → 1.6.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/cli.cjs +91 -63
  2. package/dist/cli.js +87 -59
  3. package/dist/index.cjs +45 -19
  4. package/dist/index.js +33 -7
  5. package/package.json +1 -1
package/dist/cli.cjs CHANGED
@@ -15626,7 +15626,7 @@ function getWarningsForFavicon(origin) {
15626
15626
  }
15627
15627
 
15628
15628
  // src/core/source/probe/index.ts
15629
- var import_neverthrow7 = require("neverthrow");
15629
+ var import_neverthrow8 = require("neverthrow");
15630
15630
 
15631
15631
  // src/core/protocols/x402/index.ts
15632
15632
  function parseVersion(payload) {
@@ -15676,11 +15676,36 @@ async function parsePaymentRequiredBody(response) {
15676
15676
  return payload;
15677
15677
  }
15678
15678
 
15679
+ // src/core/lib/base64.ts
15680
+ var import_neverthrow7 = require("neverthrow");
15681
+ function safeBase64DecodeUtf8(encoded) {
15682
+ return import_neverthrow7.Result.fromThrowable(
15683
+ () => {
15684
+ if (typeof Buffer !== "undefined") {
15685
+ return Buffer.from(encoded, "base64").toString("utf8");
15686
+ }
15687
+ const binaryString = atob(encoded);
15688
+ const bytes = new Uint8Array(binaryString.length);
15689
+ for (let i = 0; i < binaryString.length; i++) {
15690
+ bytes[i] = binaryString.charCodeAt(i);
15691
+ }
15692
+ return new TextDecoder("utf-8").decode(bytes);
15693
+ },
15694
+ (e) => e instanceof Error ? e : new Error(String(e))
15695
+ )();
15696
+ }
15697
+
15679
15698
  // src/core/protocols/x402/v2/parse-payment-required.ts
15680
15699
  function parsePaymentRequiredBody2(headerValue) {
15681
- const payload = JSON.parse(atob(headerValue));
15682
- if (!isRecord(payload) || payload.x402Version !== 2) return null;
15683
- return payload;
15700
+ const decoded = safeBase64DecodeUtf8(headerValue);
15701
+ if (decoded.isErr()) return null;
15702
+ try {
15703
+ const payload = JSON.parse(decoded.value);
15704
+ if (!isRecord(payload) || payload.x402Version !== 2) return null;
15705
+ return payload;
15706
+ } catch {
15707
+ return null;
15708
+ }
15684
15709
  }
15685
15710
 
15686
15711
  // src/core/source/probe/index.ts
@@ -15722,8 +15747,8 @@ function probeMethod(url2, method, path, headers, signal, inputBody) {
15722
15747
  ...hasBody ? { body: JSON.stringify(inputBody) } : {},
15723
15748
  signal
15724
15749
  }).andThen((response) => {
15725
- if (!isUsableStatus(response.status)) return import_neverthrow7.ResultAsync.fromSafePromise(Promise.resolve(null));
15726
- return import_neverthrow7.ResultAsync.fromSafePromise(
15750
+ if (!isUsableStatus(response.status)) return import_neverthrow8.ResultAsync.fromSafePromise(Promise.resolve(null));
15751
+ return import_neverthrow8.ResultAsync.fromSafePromise(
15727
15752
  (async () => {
15728
15753
  let authHint = response.status === 402 ? "paid" : "unprotected";
15729
15754
  let paymentRequiredBody;
@@ -15754,7 +15779,7 @@ function probeMethod(url2, method, path, headers, signal, inputBody) {
15754
15779
  }
15755
15780
  function getProbe(url2, headers, signal, inputBody) {
15756
15781
  const path = normalizePath(new URL(url2).pathname || "/");
15757
- return import_neverthrow7.ResultAsync.fromSafePromise(
15782
+ return import_neverthrow8.ResultAsync.fromSafePromise(
15758
15783
  Promise.all(
15759
15784
  [...HTTP_METHODS].map(
15760
15785
  (method) => probeMethod(url2, method, path, headers, signal, inputBody).match(
@@ -15767,12 +15792,13 @@ function getProbe(url2, headers, signal, inputBody) {
15767
15792
  }
15768
15793
 
15769
15794
  // src/core/protocols/mpp/index.ts
15770
- var import_neverthrow8 = require("neverthrow");
15795
+ var import_neverthrow9 = require("neverthrow");
15771
15796
  function parseBase64Json(encoded) {
15772
- return import_neverthrow8.Result.fromThrowable(
15797
+ return import_neverthrow9.Result.fromThrowable(
15773
15798
  () => {
15774
- const decoded = typeof Buffer !== "undefined" ? Buffer.from(encoded, "base64").toString("utf8") : atob(encoded);
15775
- const parsed = JSON.parse(decoded);
15799
+ const decoded = safeBase64DecodeUtf8(encoded);
15800
+ if (decoded.isErr()) throw decoded.error;
15801
+ const parsed = JSON.parse(decoded.value);
15776
15802
  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
15777
15803
  throw new Error("not an object");
15778
15804
  }
@@ -16111,17 +16137,14 @@ async function runDiscover(target, flags) {
16111
16137
  if (!flags.json) console.log(`
16112
16138
  Discovering ${origin}...
16113
16139
  `);
16114
- const [openApiResult, wellKnownResult, faviconWarnings] = await Promise.all([
16140
+ const [openApiResult, faviconWarnings] = await Promise.all([
16115
16141
  getOpenAPI(origin),
16116
- getWellKnown(origin),
16117
16142
  getWarningsForFavicon(origin)
16118
16143
  ]);
16119
16144
  const openApiRaw = openApiResult.isOk() ? openApiResult.value : null;
16120
- const wellKnown = wellKnownResult.isOk() ? wellKnownResult.value : null;
16121
16145
  const openApi = isOpenApiSource(openApiRaw) ? openApiRaw : null;
16122
16146
  const warnings = [
16123
16147
  ...getWarningsForOpenAPI(openApiRaw),
16124
- ...getWarningsForWellKnown(wellKnown),
16125
16148
  ...faviconWarnings.isOk() ? faviconWarnings.value : []
16126
16149
  ];
16127
16150
  if (openApi) {
@@ -16177,57 +16200,62 @@ Guidance: ${tokens} tokens`);
16177
16200
  if (flags.verbose) console.log(`
16178
16201
  ${l4.guidance}`);
16179
16202
  }
16180
- } else if (wellKnown) {
16181
- const l2 = checkL2ForWellknown(wellKnown);
16182
- const l4 = checkL4ForWellknown(wellKnown);
16183
- warnings.push(...getWarningsForL2(l2), ...getWarningsForL4(l4));
16184
- const l3WarningArrays = await Promise.all(
16185
- l2.routes.map((r) => getL3Warnings(`${origin}${r.path}`))
16186
- );
16187
- warnings.push(...l3WarningArrays.flat());
16188
- if (flags.json) {
16189
- const meta3 = { origin, specUrl: wellKnown.fetchedUrl };
16190
- if (l2.title) meta3.title = l2.title;
16191
- if (l2.description) meta3.description = l2.description;
16192
- if (l4 && flags.verbose) meta3.guidance = l4.guidance;
16193
- console.log(
16194
- JSON.stringify(
16195
- {
16196
- ok: true,
16197
- selectedStage: l2.source,
16198
- resources: l2.routes.map(routeToResource),
16199
- warnings,
16200
- trace: [],
16201
- meta: meta3
16202
- },
16203
- null,
16204
- 2
16205
- )
16206
- );
16207
- return 0;
16208
- }
16209
- console.log(`Source: ${l2.source}`);
16210
- console.log(`Spec: ${wellKnown.fetchedUrl}`);
16211
- if (l2.title) console.log(`API: ${l2.title}`);
16212
- console.log(`Routes: ${l2.routes.length}
16213
- `);
16214
- for (const route of l2.routes) {
16215
- const price = route.price ? ` ${route.price}` : "";
16216
- const protocols = route.protocols?.length ? ` [${route.protocols.join(", ")}]` : "";
16217
- console.log(` ${route.method.padEnd(7)} ${route.path} paid${price}${protocols}`);
16218
- }
16219
16203
  } else {
16220
- if (flags.json) {
16221
- console.log(
16222
- JSON.stringify(
16223
- { ok: false, selectedStage: null, resources: [], warnings, trace: [], meta: { origin } },
16224
- null,
16225
- 2
16226
- )
16204
+ const wellKnownResult = await getWellKnown(origin);
16205
+ const wellKnown = wellKnownResult.isOk() ? wellKnownResult.value : null;
16206
+ warnings.push(...getWarningsForWellKnown(wellKnown));
16207
+ if (wellKnown) {
16208
+ const l2 = checkL2ForWellknown(wellKnown);
16209
+ const l4 = checkL4ForWellknown(wellKnown);
16210
+ warnings.push(...getWarningsForL2(l2), ...getWarningsForL4(l4));
16211
+ const l3WarningArrays = await Promise.all(
16212
+ l2.routes.map((r) => getL3Warnings(`${origin}${r.path}`))
16227
16213
  );
16228
- return 0;
16214
+ warnings.push(...l3WarningArrays.flat());
16215
+ if (flags.json) {
16216
+ const meta3 = { origin, specUrl: wellKnown.fetchedUrl };
16217
+ if (l2.title) meta3.title = l2.title;
16218
+ if (l2.description) meta3.description = l2.description;
16219
+ if (l4 && flags.verbose) meta3.guidance = l4.guidance;
16220
+ console.log(
16221
+ JSON.stringify(
16222
+ {
16223
+ ok: true,
16224
+ selectedStage: l2.source,
16225
+ resources: l2.routes.map(routeToResource),
16226
+ warnings,
16227
+ trace: [],
16228
+ meta: meta3
16229
+ },
16230
+ null,
16231
+ 2
16232
+ )
16233
+ );
16234
+ return 0;
16235
+ }
16236
+ console.log(`Source: ${l2.source}`);
16237
+ console.log(`Spec: ${wellKnown.fetchedUrl}`);
16238
+ if (l2.title) console.log(`API: ${l2.title}`);
16239
+ console.log(`Routes: ${l2.routes.length}
16240
+ `);
16241
+ for (const route of l2.routes) {
16242
+ const price = route.price ? ` ${route.price}` : "";
16243
+ const protocols = route.protocols?.length ? ` [${route.protocols.join(", ")}]` : "";
16244
+ console.log(` ${route.method.padEnd(7)} ${route.path} paid${price}${protocols}`);
16245
+ }
16246
+ } else {
16247
+ if (flags.json) {
16248
+ console.log(
16249
+ JSON.stringify(
16250
+ { ok: false, selectedStage: null, resources: [], warnings, trace: [], meta: { origin } },
16251
+ null,
16252
+ 2
16253
+ )
16254
+ );
16255
+ return 0;
16256
+ }
16257
+ console.log("Not found \u2014 no OpenAPI spec or /.well-known/x402 at this origin.");
16229
16258
  }
16230
- console.log("Not found \u2014 no OpenAPI spec or /.well-known/x402 at this origin.");
16231
16259
  }
16232
16260
  printWarnings(warnings, flags.verbose);
16233
16261
  return 0;
package/dist/cli.js CHANGED
@@ -15646,11 +15646,36 @@ async function parsePaymentRequiredBody(response) {
15646
15646
  return payload;
15647
15647
  }
15648
15648
 
15649
+ // src/core/lib/base64.ts
15650
+ import { Result as Result2 } from "neverthrow";
15651
+ function safeBase64DecodeUtf8(encoded) {
15652
+ return Result2.fromThrowable(
15653
+ () => {
15654
+ if (typeof Buffer !== "undefined") {
15655
+ return Buffer.from(encoded, "base64").toString("utf8");
15656
+ }
15657
+ const binaryString = atob(encoded);
15658
+ const bytes = new Uint8Array(binaryString.length);
15659
+ for (let i = 0; i < binaryString.length; i++) {
15660
+ bytes[i] = binaryString.charCodeAt(i);
15661
+ }
15662
+ return new TextDecoder("utf-8").decode(bytes);
15663
+ },
15664
+ (e) => e instanceof Error ? e : new Error(String(e))
15665
+ )();
15666
+ }
15667
+
15649
15668
  // src/core/protocols/x402/v2/parse-payment-required.ts
15650
15669
  function parsePaymentRequiredBody2(headerValue) {
15651
- const payload = JSON.parse(atob(headerValue));
15652
- if (!isRecord(payload) || payload.x402Version !== 2) return null;
15653
- return payload;
15670
+ const decoded = safeBase64DecodeUtf8(headerValue);
15671
+ if (decoded.isErr()) return null;
15672
+ try {
15673
+ const payload = JSON.parse(decoded.value);
15674
+ if (!isRecord(payload) || payload.x402Version !== 2) return null;
15675
+ return payload;
15676
+ } catch {
15677
+ return null;
15678
+ }
15654
15679
  }
15655
15680
 
15656
15681
  // src/core/source/probe/index.ts
@@ -15737,12 +15762,13 @@ function getProbe(url2, headers, signal, inputBody) {
15737
15762
  }
15738
15763
 
15739
15764
  // src/core/protocols/mpp/index.ts
15740
- import { Result as Result2 } from "neverthrow";
15765
+ import { Result as Result3 } from "neverthrow";
15741
15766
  function parseBase64Json(encoded) {
15742
- return Result2.fromThrowable(
15767
+ return Result3.fromThrowable(
15743
15768
  () => {
15744
- const decoded = typeof Buffer !== "undefined" ? Buffer.from(encoded, "base64").toString("utf8") : atob(encoded);
15745
- const parsed = JSON.parse(decoded);
15769
+ const decoded = safeBase64DecodeUtf8(encoded);
15770
+ if (decoded.isErr()) throw decoded.error;
15771
+ const parsed = JSON.parse(decoded.value);
15746
15772
  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
15747
15773
  throw new Error("not an object");
15748
15774
  }
@@ -16081,17 +16107,14 @@ async function runDiscover(target, flags) {
16081
16107
  if (!flags.json) console.log(`
16082
16108
  Discovering ${origin}...
16083
16109
  `);
16084
- const [openApiResult, wellKnownResult, faviconWarnings] = await Promise.all([
16110
+ const [openApiResult, faviconWarnings] = await Promise.all([
16085
16111
  getOpenAPI(origin),
16086
- getWellKnown(origin),
16087
16112
  getWarningsForFavicon(origin)
16088
16113
  ]);
16089
16114
  const openApiRaw = openApiResult.isOk() ? openApiResult.value : null;
16090
- const wellKnown = wellKnownResult.isOk() ? wellKnownResult.value : null;
16091
16115
  const openApi = isOpenApiSource(openApiRaw) ? openApiRaw : null;
16092
16116
  const warnings = [
16093
16117
  ...getWarningsForOpenAPI(openApiRaw),
16094
- ...getWarningsForWellKnown(wellKnown),
16095
16118
  ...faviconWarnings.isOk() ? faviconWarnings.value : []
16096
16119
  ];
16097
16120
  if (openApi) {
@@ -16147,57 +16170,62 @@ Guidance: ${tokens} tokens`);
16147
16170
  if (flags.verbose) console.log(`
16148
16171
  ${l4.guidance}`);
16149
16172
  }
16150
- } else if (wellKnown) {
16151
- const l2 = checkL2ForWellknown(wellKnown);
16152
- const l4 = checkL4ForWellknown(wellKnown);
16153
- warnings.push(...getWarningsForL2(l2), ...getWarningsForL4(l4));
16154
- const l3WarningArrays = await Promise.all(
16155
- l2.routes.map((r) => getL3Warnings(`${origin}${r.path}`))
16156
- );
16157
- warnings.push(...l3WarningArrays.flat());
16158
- if (flags.json) {
16159
- const meta3 = { origin, specUrl: wellKnown.fetchedUrl };
16160
- if (l2.title) meta3.title = l2.title;
16161
- if (l2.description) meta3.description = l2.description;
16162
- if (l4 && flags.verbose) meta3.guidance = l4.guidance;
16163
- console.log(
16164
- JSON.stringify(
16165
- {
16166
- ok: true,
16167
- selectedStage: l2.source,
16168
- resources: l2.routes.map(routeToResource),
16169
- warnings,
16170
- trace: [],
16171
- meta: meta3
16172
- },
16173
- null,
16174
- 2
16175
- )
16176
- );
16177
- return 0;
16178
- }
16179
- console.log(`Source: ${l2.source}`);
16180
- console.log(`Spec: ${wellKnown.fetchedUrl}`);
16181
- if (l2.title) console.log(`API: ${l2.title}`);
16182
- console.log(`Routes: ${l2.routes.length}
16183
- `);
16184
- for (const route of l2.routes) {
16185
- const price = route.price ? ` ${route.price}` : "";
16186
- const protocols = route.protocols?.length ? ` [${route.protocols.join(", ")}]` : "";
16187
- console.log(` ${route.method.padEnd(7)} ${route.path} paid${price}${protocols}`);
16188
- }
16189
16173
  } else {
16190
- if (flags.json) {
16191
- console.log(
16192
- JSON.stringify(
16193
- { ok: false, selectedStage: null, resources: [], warnings, trace: [], meta: { origin } },
16194
- null,
16195
- 2
16196
- )
16174
+ const wellKnownResult = await getWellKnown(origin);
16175
+ const wellKnown = wellKnownResult.isOk() ? wellKnownResult.value : null;
16176
+ warnings.push(...getWarningsForWellKnown(wellKnown));
16177
+ if (wellKnown) {
16178
+ const l2 = checkL2ForWellknown(wellKnown);
16179
+ const l4 = checkL4ForWellknown(wellKnown);
16180
+ warnings.push(...getWarningsForL2(l2), ...getWarningsForL4(l4));
16181
+ const l3WarningArrays = await Promise.all(
16182
+ l2.routes.map((r) => getL3Warnings(`${origin}${r.path}`))
16197
16183
  );
16198
- return 0;
16184
+ warnings.push(...l3WarningArrays.flat());
16185
+ if (flags.json) {
16186
+ const meta3 = { origin, specUrl: wellKnown.fetchedUrl };
16187
+ if (l2.title) meta3.title = l2.title;
16188
+ if (l2.description) meta3.description = l2.description;
16189
+ if (l4 && flags.verbose) meta3.guidance = l4.guidance;
16190
+ console.log(
16191
+ JSON.stringify(
16192
+ {
16193
+ ok: true,
16194
+ selectedStage: l2.source,
16195
+ resources: l2.routes.map(routeToResource),
16196
+ warnings,
16197
+ trace: [],
16198
+ meta: meta3
16199
+ },
16200
+ null,
16201
+ 2
16202
+ )
16203
+ );
16204
+ return 0;
16205
+ }
16206
+ console.log(`Source: ${l2.source}`);
16207
+ console.log(`Spec: ${wellKnown.fetchedUrl}`);
16208
+ if (l2.title) console.log(`API: ${l2.title}`);
16209
+ console.log(`Routes: ${l2.routes.length}
16210
+ `);
16211
+ for (const route of l2.routes) {
16212
+ const price = route.price ? ` ${route.price}` : "";
16213
+ const protocols = route.protocols?.length ? ` [${route.protocols.join(", ")}]` : "";
16214
+ console.log(` ${route.method.padEnd(7)} ${route.path} paid${price}${protocols}`);
16215
+ }
16216
+ } else {
16217
+ if (flags.json) {
16218
+ console.log(
16219
+ JSON.stringify(
16220
+ { ok: false, selectedStage: null, resources: [], warnings, trace: [], meta: { origin } },
16221
+ null,
16222
+ 2
16223
+ )
16224
+ );
16225
+ return 0;
16226
+ }
16227
+ console.log("Not found \u2014 no OpenAPI spec or /.well-known/x402 at this origin.");
16199
16228
  }
16200
- console.log("Not found \u2014 no OpenAPI spec or /.well-known/x402 at this origin.");
16201
16229
  }
16202
16230
  printWarnings(warnings, flags.verbose);
16203
16231
  return 0;
package/dist/index.cjs CHANGED
@@ -14627,7 +14627,7 @@ async function discoverOriginSchema(options) {
14627
14627
  }
14628
14628
 
14629
14629
  // src/core/source/probe/index.ts
14630
- var import_neverthrow6 = require("neverthrow");
14630
+ var import_neverthrow7 = require("neverthrow");
14631
14631
 
14632
14632
  // src/core/protocols/x402/v1/schema.ts
14633
14633
  function extractSchemas(accepts) {
@@ -15031,11 +15031,36 @@ async function parsePaymentRequiredBody(response) {
15031
15031
  return payload;
15032
15032
  }
15033
15033
 
15034
+ // src/core/lib/base64.ts
15035
+ var import_neverthrow6 = require("neverthrow");
15036
+ function safeBase64DecodeUtf8(encoded) {
15037
+ return import_neverthrow6.Result.fromThrowable(
15038
+ () => {
15039
+ if (typeof Buffer !== "undefined") {
15040
+ return Buffer.from(encoded, "base64").toString("utf8");
15041
+ }
15042
+ const binaryString = atob(encoded);
15043
+ const bytes = new Uint8Array(binaryString.length);
15044
+ for (let i = 0; i < binaryString.length; i++) {
15045
+ bytes[i] = binaryString.charCodeAt(i);
15046
+ }
15047
+ return new TextDecoder("utf-8").decode(bytes);
15048
+ },
15049
+ (e) => e instanceof Error ? e : new Error(String(e))
15050
+ )();
15051
+ }
15052
+
15034
15053
  // src/core/protocols/x402/v2/parse-payment-required.ts
15035
15054
  function parsePaymentRequiredBody2(headerValue) {
15036
- const payload = JSON.parse(atob(headerValue));
15037
- if (!isRecord(payload) || payload.x402Version !== 2) return null;
15038
- return payload;
15055
+ const decoded = safeBase64DecodeUtf8(headerValue);
15056
+ if (decoded.isErr()) return null;
15057
+ try {
15058
+ const payload = JSON.parse(decoded.value);
15059
+ if (!isRecord(payload) || payload.x402Version !== 2) return null;
15060
+ return payload;
15061
+ } catch {
15062
+ return null;
15063
+ }
15039
15064
  }
15040
15065
 
15041
15066
  // src/core/source/probe/index.ts
@@ -15077,8 +15102,8 @@ function probeMethod(url2, method, path, headers, signal, inputBody) {
15077
15102
  ...hasBody ? { body: JSON.stringify(inputBody) } : {},
15078
15103
  signal
15079
15104
  }).andThen((response) => {
15080
- if (!isUsableStatus(response.status)) return import_neverthrow6.ResultAsync.fromSafePromise(Promise.resolve(null));
15081
- return import_neverthrow6.ResultAsync.fromSafePromise(
15105
+ if (!isUsableStatus(response.status)) return import_neverthrow7.ResultAsync.fromSafePromise(Promise.resolve(null));
15106
+ return import_neverthrow7.ResultAsync.fromSafePromise(
15082
15107
  (async () => {
15083
15108
  let authHint = response.status === 402 ? "paid" : "unprotected";
15084
15109
  let paymentRequiredBody;
@@ -15109,7 +15134,7 @@ function probeMethod(url2, method, path, headers, signal, inputBody) {
15109
15134
  }
15110
15135
  function getProbe(url2, headers, signal, inputBody) {
15111
15136
  const path = normalizePath(new URL(url2).pathname || "/");
15112
- return import_neverthrow6.ResultAsync.fromSafePromise(
15137
+ return import_neverthrow7.ResultAsync.fromSafePromise(
15113
15138
  Promise.all(
15114
15139
  [...HTTP_METHODS].map(
15115
15140
  (method) => probeMethod(url2, method, path, headers, signal, inputBody).match(
@@ -15122,12 +15147,13 @@ function getProbe(url2, headers, signal, inputBody) {
15122
15147
  }
15123
15148
 
15124
15149
  // src/core/protocols/mpp/index.ts
15125
- var import_neverthrow7 = require("neverthrow");
15150
+ var import_neverthrow8 = require("neverthrow");
15126
15151
  function parseBase64Json(encoded) {
15127
- return import_neverthrow7.Result.fromThrowable(
15152
+ return import_neverthrow8.Result.fromThrowable(
15128
15153
  () => {
15129
- const decoded = typeof Buffer !== "undefined" ? Buffer.from(encoded, "base64").toString("utf8") : atob(encoded);
15130
- const parsed = JSON.parse(decoded);
15154
+ const decoded = safeBase64DecodeUtf8(encoded);
15155
+ if (decoded.isErr()) throw decoded.error;
15156
+ const parsed = JSON.parse(decoded.value);
15131
15157
  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
15132
15158
  throw new Error("not an object");
15133
15159
  }
@@ -16266,7 +16292,7 @@ function getWarningsForL4(l4) {
16266
16292
  }
16267
16293
 
16268
16294
  // src/audit/warnings/favicon.ts
16269
- var import_neverthrow8 = require("neverthrow");
16295
+ var import_neverthrow9 = require("neverthrow");
16270
16296
  var COMMON_PATHS = ["/favicon.ico", "/favicon.png", "/favicon.svg"];
16271
16297
  var TIMEOUT = AbortSignal.timeout(5e3);
16272
16298
  function isImage(res) {
@@ -16274,12 +16300,12 @@ function isImage(res) {
16274
16300
  }
16275
16301
  function checkUrl(url2) {
16276
16302
  return fetchSafe(url2, { method: "HEAD", signal: TIMEOUT }).andThen((res) => {
16277
- if (res.ok) return (0, import_neverthrow8.okAsync)(isImage(res));
16303
+ if (res.ok) return (0, import_neverthrow9.okAsync)(isImage(res));
16278
16304
  if (res.status === 405 || res.status === 403) {
16279
16305
  return fetchSafe(url2, { signal: TIMEOUT }).map((getRes) => getRes.ok && isImage(getRes));
16280
16306
  }
16281
- return (0, import_neverthrow8.okAsync)(false);
16282
- }).orElse(() => (0, import_neverthrow8.okAsync)(false));
16307
+ return (0, import_neverthrow9.okAsync)(false);
16308
+ }).orElse(() => (0, import_neverthrow9.okAsync)(false));
16283
16309
  }
16284
16310
  function resolveHref(href, origin) {
16285
16311
  if (href.startsWith("//")) return `https:${href}`;
@@ -16308,15 +16334,15 @@ function extractIconHrefs(html, origin) {
16308
16334
  function getHtmlIconHrefs(origin) {
16309
16335
  return fetchSafe(origin, { signal: TIMEOUT }).andThen((res) => {
16310
16336
  if (!res.ok || !(res.headers.get("content-type") ?? "").includes("text/html"))
16311
- return (0, import_neverthrow8.okAsync)("");
16312
- return import_neverthrow8.ResultAsync.fromSafePromise(res.text());
16313
- }).map((html) => html ? extractIconHrefs(html, origin) : []).orElse(() => (0, import_neverthrow8.okAsync)([]));
16337
+ return (0, import_neverthrow9.okAsync)("");
16338
+ return import_neverthrow9.ResultAsync.fromSafePromise(res.text());
16339
+ }).map((html) => html ? extractIconHrefs(html, origin) : []).orElse(() => (0, import_neverthrow9.okAsync)([]));
16314
16340
  }
16315
16341
  function checkFavicon(origin) {
16316
16342
  const normalizedOrigin = origin.replace(/\/$/, "");
16317
16343
  return getHtmlIconHrefs(normalizedOrigin).andThen((hrefs) => {
16318
16344
  const candidates = [...hrefs, ...COMMON_PATHS.map((p) => `${normalizedOrigin}${p}`)];
16319
- return import_neverthrow8.ResultAsync.fromSafePromise(
16345
+ return import_neverthrow9.ResultAsync.fromSafePromise(
16320
16346
  Promise.all(candidates.map((url2) => checkUrl(url2).then((r) => r.isOk() && r.value))).then(
16321
16347
  (results) => results.some(Boolean)
16322
16348
  )
package/dist/index.js CHANGED
@@ -14969,11 +14969,36 @@ async function parsePaymentRequiredBody(response) {
14969
14969
  return payload;
14970
14970
  }
14971
14971
 
14972
+ // src/core/lib/base64.ts
14973
+ import { Result as Result2 } from "neverthrow";
14974
+ function safeBase64DecodeUtf8(encoded) {
14975
+ return Result2.fromThrowable(
14976
+ () => {
14977
+ if (typeof Buffer !== "undefined") {
14978
+ return Buffer.from(encoded, "base64").toString("utf8");
14979
+ }
14980
+ const binaryString = atob(encoded);
14981
+ const bytes = new Uint8Array(binaryString.length);
14982
+ for (let i = 0; i < binaryString.length; i++) {
14983
+ bytes[i] = binaryString.charCodeAt(i);
14984
+ }
14985
+ return new TextDecoder("utf-8").decode(bytes);
14986
+ },
14987
+ (e) => e instanceof Error ? e : new Error(String(e))
14988
+ )();
14989
+ }
14990
+
14972
14991
  // src/core/protocols/x402/v2/parse-payment-required.ts
14973
14992
  function parsePaymentRequiredBody2(headerValue) {
14974
- const payload = JSON.parse(atob(headerValue));
14975
- if (!isRecord(payload) || payload.x402Version !== 2) return null;
14976
- return payload;
14993
+ const decoded = safeBase64DecodeUtf8(headerValue);
14994
+ if (decoded.isErr()) return null;
14995
+ try {
14996
+ const payload = JSON.parse(decoded.value);
14997
+ if (!isRecord(payload) || payload.x402Version !== 2) return null;
14998
+ return payload;
14999
+ } catch {
15000
+ return null;
15001
+ }
14977
15002
  }
14978
15003
 
14979
15004
  // src/core/source/probe/index.ts
@@ -15060,12 +15085,13 @@ function getProbe(url2, headers, signal, inputBody) {
15060
15085
  }
15061
15086
 
15062
15087
  // src/core/protocols/mpp/index.ts
15063
- import { Result as Result2 } from "neverthrow";
15088
+ import { Result as Result3 } from "neverthrow";
15064
15089
  function parseBase64Json(encoded) {
15065
- return Result2.fromThrowable(
15090
+ return Result3.fromThrowable(
15066
15091
  () => {
15067
- const decoded = typeof Buffer !== "undefined" ? Buffer.from(encoded, "base64").toString("utf8") : atob(encoded);
15068
- const parsed = JSON.parse(decoded);
15092
+ const decoded = safeBase64DecodeUtf8(encoded);
15093
+ if (decoded.isErr()) throw decoded.error;
15094
+ const parsed = JSON.parse(decoded.value);
15069
15095
  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
15070
15096
  throw new Error("not an object");
15071
15097
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@agentcash/discovery",
3
- "version": "1.6.3",
3
+ "version": "1.6.5",
4
4
  "description": "Canonical OpenAPI-first discovery runtime for the agentcash ecosystem",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",