agentcash 0.6.10 → 0.7.1

package/dist/cjs/run-server.cjs

@@ -34,10 +34,10 @@ var __toESM = (mod2, isNodeMode, target) => (target = mod2 != null ? __create(__
 ));
 var __toCommonJS = (mod2) => __copyProps(__defProp({}, "__esModule", { value: true }), mod2);
 
-// ../../../node_modules/.pnpm/tsup@8.5.1_jiti@2.6.1_postcss@8.5.6_tsx@4.21.0_typescript@5.9.3_yaml@2.8.2/node_modules/tsup/assets/cjs_shims.js
+// ../../../node_modules/.pnpm/tsup@8.5.1_@swc+core@1.15.3_jiti@2.6.1_postcss@8.5.6_tsx@4.21.0_typescript@5.9.3_yaml@2.8.2/node_modules/tsup/assets/cjs_shims.js
 var getImportMetaUrl, importMetaUrl;
 var init_cjs_shims = __esm({
-  "../../../node_modules/.pnpm/tsup@8.5.1_jiti@2.6.1_postcss@8.5.6_tsx@4.21.0_typescript@5.9.3_yaml@2.8.2/node_modules/tsup/assets/cjs_shims.js"() {
+  "../../../node_modules/.pnpm/tsup@8.5.1_@swc+core@1.15.3_jiti@2.6.1_postcss@8.5.6_tsx@4.21.0_typescript@5.9.3_yaml@2.8.2/node_modules/tsup/assets/cjs_shims.js"() {
     "use strict";
     getImportMetaUrl = () => typeof document === "undefined" ? new URL(`file:${__filename}`).href : document.currentScript && document.currentScript.tagName.toUpperCase() === "SCRIPT" ? document.currentScript.src : new URL("main.js", document.baseURI).href;
     importMetaUrl = /* @__PURE__ */ getImportMetaUrl();
@@ -65024,6 +65024,9 @@ var ResultAsync = class _ResultAsync {
     });
   }
 };
+function okAsync(value) {
+  return new ResultAsync(Promise.resolve(new Ok(value)));
+}
 function errAsync(err3) {
   return new ResultAsync(Promise.resolve(new Err(err3)));
 }
@@ -113813,7 +113816,7 @@ var import_path2 = require("path");
 var import_url = require("url");
 function getVersion2() {
   if (true) {
-    return "0.6.10";
+    return "0.7.1";
   }
   const __dirname3 = (0, import_path2.dirname)((0, import_url.fileURLToPath)(importMetaUrl));
   const pkg = JSON.parse(
@@ -113976,7 +113979,7 @@ var TEMPO_TOKEN_ADDRESS = "0x20c0000000000000000000000000000000000000";
 
 // src/shared/mpp-enabled.ts
 init_cjs_shims();
-var isMppEnabled = () => "0.6.10".includes("-mpp");
+var isMppEnabled = () => "0.7.1".includes("-mpp");
 
 // src/shared/operations/fetch-with-payment.ts
 init_cjs_shims();
@@ -115717,514 +115720,935 @@ init_cjs_shims();
 // src/shared/operations/check-endpoint.ts
 init_cjs_shims();
 
-// src/shared/openapi-cache.ts
+// ../../../node_modules/.pnpm/@agentcash+discovery@1.0.0/node_modules/@agentcash/discovery/dist/index.js
 init_cjs_shims();
-var OPENAPI_SPEC_PATHS = [
-  "/openapi.json",
-  "/.well-known/openapi.json"
-];
-async function fetchOpenApiSpec(origin) {
-  const uniqueUrls = OPENAPI_SPEC_PATHS.map((p) => `${origin}${p}`);
-  let failure = {
-    ok: false,
-    cause: "not_found"
-  };
-  for (const url3 of uniqueUrls) {
-    log.debug(`Fetching OpenAPI spec from: ${url3}`);
-    const fetchResult = await safeFetch(
-      "fetchOpenApiSpec",
-      new Request(url3, { headers: { Accept: "application/json" } }),
-      DEFAULT_FETCH_TIMEOUT
-    );
-    if (fetchResult.isErr()) {
-      const { cause, message } = fetchResult.error;
-      if (cause === "network" || cause === "timeout") {
-        failure = { ok: false, cause, message };
+
+// ../../../node_modules/.pnpm/@x402+core@2.6.0/node_modules/@x402/core/dist/esm/schemas/index.mjs
+init_cjs_shims();
+var NonEmptyString = external_exports4.string().min(1);
+var Any = external_exports4.record(external_exports4.unknown());
+var OptionalAny = external_exports4.record(external_exports4.unknown()).optional().nullable();
+var NetworkSchemaV1 = NonEmptyString;
+var NetworkSchemaV2 = external_exports4.string().min(3).refine((val) => val.includes(":"), {
+  message: "Network must be in CAIP-2 format (e.g., 'eip155:84532')"
+});
+var NetworkSchema = external_exports4.union([NetworkSchemaV1, NetworkSchemaV2]);
+var ResourceInfoSchema = external_exports4.object({
+  url: NonEmptyString,
+  description: external_exports4.string().optional(),
+  mimeType: external_exports4.string().optional()
+});
+var PaymentRequirementsV1Schema = external_exports4.object({
+  scheme: NonEmptyString,
+  network: NetworkSchemaV1,
+  maxAmountRequired: NonEmptyString,
+  resource: NonEmptyString,
+  // URL string in V1
+  description: external_exports4.string(),
+  mimeType: external_exports4.string().optional(),
+  outputSchema: Any.optional().nullable(),
+  payTo: NonEmptyString,
+  maxTimeoutSeconds: external_exports4.number().positive(),
+  asset: NonEmptyString,
+  extra: OptionalAny
+});
+var PaymentRequiredV1Schema = external_exports4.object({
+  x402Version: external_exports4.literal(1),
+  error: external_exports4.string().optional(),
+  accepts: external_exports4.array(PaymentRequirementsV1Schema).min(1)
+});
+var PaymentPayloadV1Schema = external_exports4.object({
+  x402Version: external_exports4.literal(1),
+  scheme: NonEmptyString,
+  network: NetworkSchemaV1,
+  payload: Any
+});
+var PaymentRequirementsV2Schema = external_exports4.object({
+  scheme: NonEmptyString,
+  network: NetworkSchemaV2,
+  amount: NonEmptyString,
+  asset: NonEmptyString,
+  payTo: NonEmptyString,
+  maxTimeoutSeconds: external_exports4.number().positive(),
+  extra: OptionalAny
+});
+var PaymentRequiredV2Schema = external_exports4.object({
+  x402Version: external_exports4.literal(2),
+  error: external_exports4.string().optional(),
+  resource: ResourceInfoSchema,
+  accepts: external_exports4.array(PaymentRequirementsV2Schema).min(1),
+  extensions: OptionalAny
+});
+var PaymentPayloadV2Schema = external_exports4.object({
+  x402Version: external_exports4.literal(2),
+  resource: ResourceInfoSchema.optional(),
+  accepted: PaymentRequirementsV2Schema,
+  payload: Any,
+  extensions: OptionalAny
+});
+var PaymentRequirementsSchema = external_exports4.union([
+  PaymentRequirementsV1Schema,
+  PaymentRequirementsV2Schema
+]);
+var PaymentRequiredSchema = external_exports4.discriminatedUnion("x402Version", [
+  PaymentRequiredV1Schema,
+  PaymentRequiredV2Schema
+]);
+var PaymentPayloadSchema = external_exports4.discriminatedUnion("x402Version", [
+  PaymentPayloadV1Schema,
+  PaymentPayloadV2Schema
+]);
+
+// ../../../node_modules/.pnpm/@agentcash+discovery@1.0.0/node_modules/@agentcash/discovery/dist/index.js
+var OpenApiPaymentInfoSchema = external_exports3.object({
+  pricingMode: external_exports3.enum(["fixed", "range", "quote"]),
+  price: external_exports3.string().optional(),
+  minPrice: external_exports3.string().optional(),
+  maxPrice: external_exports3.string().optional(),
+  protocols: external_exports3.array(external_exports3.string()).optional()
+});
+var OpenApiOperationSchema = external_exports3.object({
+  operationId: external_exports3.string().optional(),
+  summary: external_exports3.string().optional(),
+  description: external_exports3.string().optional(),
+  tags: external_exports3.array(external_exports3.string()).optional(),
+  security: external_exports3.array(external_exports3.record(external_exports3.string(), external_exports3.array(external_exports3.string()))).optional(),
+  parameters: external_exports3.array(
+    external_exports3.object({
+      in: external_exports3.string(),
+      name: external_exports3.string(),
+      schema: external_exports3.unknown().optional(),
+      required: external_exports3.boolean().optional()
+    })
+  ).optional(),
+  requestBody: external_exports3.object({
+    required: external_exports3.boolean().optional(),
+    content: external_exports3.record(external_exports3.string(), external_exports3.object({ schema: external_exports3.unknown().optional() }))
+  }).optional(),
+  responses: external_exports3.record(external_exports3.string(), external_exports3.unknown()).optional(),
+  "x-payment-info": OpenApiPaymentInfoSchema.optional()
+});
+var OpenApiPathItemSchema = external_exports3.object({
+  get: OpenApiOperationSchema.optional(),
+  post: OpenApiOperationSchema.optional(),
+  put: OpenApiOperationSchema.optional(),
+  delete: OpenApiOperationSchema.optional(),
+  patch: OpenApiOperationSchema.optional(),
+  head: OpenApiOperationSchema.optional(),
+  options: OpenApiOperationSchema.optional(),
+  trace: OpenApiOperationSchema.optional()
+});
+var OpenApiDocSchema = external_exports3.object({
+  // TODO(zdql): We should inherit a canonical OpenAPI schema and then extend with our types.
+  openapi: external_exports3.string(),
+  info: external_exports3.object({
+    title: external_exports3.string(),
+    version: external_exports3.string(),
+    description: external_exports3.string().optional(),
+    guidance: external_exports3.string().optional()
+  }),
+  servers: external_exports3.array(external_exports3.object({ url: external_exports3.string() })).optional(),
+  tags: external_exports3.array(external_exports3.object({ name: external_exports3.string() })).optional(),
+  components: external_exports3.object({ securitySchemes: external_exports3.record(external_exports3.string(), external_exports3.unknown()).optional() }).optional(),
+  "x-discovery": external_exports3.record(external_exports3.string(), external_exports3.unknown()).optional(),
+  paths: external_exports3.record(external_exports3.string(), OpenApiPathItemSchema)
+});
+var WellKnownDocSchema = external_exports3.object({
+  version: external_exports3.number().optional(),
+  resources: external_exports3.array(external_exports3.string()).default([]),
+  mppResources: external_exports3.array(external_exports3.string()).optional(),
+  // isMmmEnabled
+  description: external_exports3.string().optional(),
+  ownershipProofs: external_exports3.array(external_exports3.string()).optional(),
+  instructions: external_exports3.string().optional()
+});
+var WellKnownParsedSchema = external_exports3.object({
+  routes: external_exports3.array(
+    external_exports3.object({
+      path: external_exports3.string(),
+      method: external_exports3.enum(["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS", "TRACE"])
+    })
+  ),
+  instructions: external_exports3.string().optional()
+});
+function isRecord(value) {
+  return value !== null && typeof value === "object" && !Array.isArray(value);
+}
+function hasSecurity(operation, scheme) {
+  return operation.security?.some((s) => scheme in s) ?? false;
+}
+function has402Response(operation) {
+  return Boolean(operation.responses?.["402"]);
+}
+function inferAuthMode(operation) {
+  const hasXPaymentInfo = Boolean(operation["x-payment-info"]);
+  const hasPayment = hasXPaymentInfo || has402Response(operation);
+  const hasApiKey = hasSecurity(operation, "apiKey");
+  const hasSiwx = hasSecurity(operation, "siwx");
+  if (hasPayment && hasApiKey) return "apiKey+paid";
+  if (hasXPaymentInfo) return "paid";
+  if (hasPayment) return hasSiwx ? "siwx" : "paid";
+  if (hasApiKey) return "apiKey";
+  if (hasSiwx) return "siwx";
+  return void 0;
+}
+var HTTP_METHODS = /* @__PURE__ */ new Set([
+  "GET",
+  "POST",
+  "PUT",
+  "DELETE",
+  "PATCH",
+  "HEAD",
+  "OPTIONS",
+  "TRACE"
+]);
+var DEFAULT_MISSING_METHOD = "POST";
+function normalizeOrigin(target) {
+  const trimmed = target.trim();
+  const withProtocol = /^https?:\/\//i.test(trimmed) ? trimmed : `https://${trimmed}`;
+  const url3 = new URL(withProtocol);
+  url3.pathname = "";
+  url3.search = "";
+  url3.hash = "";
+  return url3.toString().replace(/\/$/, "");
+}
+function normalizePath(pathname) {
+  const parsed = pathname.trim();
+  if (parsed.length === 0 || parsed === "/") return "/";
+  const pathOnly = parsed.split("?")[0]?.split("#")[0] ?? "/";
+  const prefixed = pathOnly.startsWith("/") ? pathOnly : `/${pathOnly}`;
+  const normalized = prefixed.replace(/\/+/g, "/");
+  return normalized !== "/" ? normalized.replace(/\/$/, "") : "/";
+}
+function parseMethod(value) {
+  if (!value) return void 0;
+  const upper = value.toUpperCase();
+  return HTTP_METHODS.has(upper) ? upper : void 0;
+}
+function toAbsoluteUrl(origin, value) {
+  try {
+    if (/^https?:\/\//i.test(value)) return new URL(value);
+    return new URL(normalizePath(value), `${origin}/`);
+  } catch {
+    return null;
+  }
+}
+function toFetchError(err3) {
+  const cause = err3 instanceof DOMException && (err3.name === "TimeoutError" || err3.name === "AbortError") ? "timeout" : "network";
+  return { cause, message: String(err3) };
+}
+function fetchSafe(url3, init) {
+  return ResultAsync.fromPromise(fetch(url3, init), toFetchError);
+}
+var isMmmEnabled = () => "1.0.0".includes("-mmm");
+var OpenApiParsedSchema = OpenApiDocSchema.transform((doc) => {
+  const routes = [];
+  for (const [rawPath, pathItem] of Object.entries(doc.paths)) {
+    for (const httpMethod of [...HTTP_METHODS]) {
+      const operation = pathItem[httpMethod.toLowerCase()];
+      if (!operation) continue;
+      const authMode = inferAuthMode(operation) ?? void 0;
+      if (!authMode) continue;
+      const p = operation["x-payment-info"];
+      const protocols = (p?.protocols ?? []).filter(
+        (proto) => proto !== "mpp" || isMmmEnabled()
+      );
+      if ((authMode === "paid" || authMode === "siwx") && !has402Response(operation)) continue;
+      if (authMode === "paid" && protocols.length === 0) continue;
+      const pricing = authMode === "paid" && p ? {
+        pricingMode: p.pricingMode,
+        ...p.price ? { price: p.price } : {},
+        ...p.minPrice ? { minPrice: p.minPrice } : {},
+        ...p.maxPrice ? { maxPrice: p.maxPrice } : {}
+      } : void 0;
+      const summary = operation.summary ?? operation.description;
+      routes.push({
+        path: normalizePath(rawPath),
+        method: httpMethod.toUpperCase(),
+        ...summary ? { summary } : {},
+        authMode,
+        ...protocols.length ? { protocols } : {},
+        ...pricing ? { pricing } : {}
+      });
+    }
+  }
+  return {
+    info: {
+      title: doc.info.title,
+      ...doc.info.description ? { description: doc.info.description } : {},
+      version: doc.info.version
+    },
+    routes,
+    ...doc.info.guidance ? { guidance: doc.info.guidance } : {}
+  };
+});
+async function parseBody(response, url3) {
+  try {
+    const payload = await response.json();
+    const parsed = OpenApiParsedSchema.safeParse(payload);
+    if (!parsed.success) return null;
+    return { raw: payload, ...parsed.data, fetchedUrl: url3 };
+  } catch {
+    return null;
+  }
+}
+function getOpenAPI(origin, headers, signal, specificationOverrideUrl) {
+  const url3 = specificationOverrideUrl ?? `${origin}/openapi.json`;
+  return fetchSafe(url3, {
+    method: "GET",
+    headers: { Accept: "application/json", ...headers },
+    signal
+  }).andThen((response) => {
+    if (!response.ok) return okAsync(null);
+    return ResultAsync.fromSafePromise(parseBody(response, url3));
+  });
+}
+function toWellKnownParsed(origin, doc) {
+  const routes = doc.resources.flatMap((entry) => {
+    const trimmed = entry.trim();
+    if (!trimmed) return [];
+    const parts = trimmed.split(/\s+/);
+    const maybeMethod = parts.length >= 2 ? parseMethod(parts[0]) : void 0;
+    const target = maybeMethod ? parts.slice(1).join(" ") : trimmed;
+    const absolute = toAbsoluteUrl(origin, target);
+    if (!absolute) return [];
+    return [
+      {
+        path: normalizePath(absolute.pathname),
+        method: maybeMethod ?? DEFAULT_MISSING_METHOD
       }
-      log.debug(`Failed to fetch OpenAPI spec from: ${url3}`);
-      continue;
+    ];
+  });
+  return { routes, ...doc.instructions ? { instructions: doc.instructions } : {} };
+}
+async function parseBody2(response, origin, url3) {
+  try {
+    const payload = await response.json();
+    const doc = WellKnownDocSchema.safeParse(payload);
+    if (!doc.success) return null;
+    const parsed = WellKnownParsedSchema.safeParse(toWellKnownParsed(origin, doc.data));
+    if (!parsed.success) return null;
+    return { raw: payload, ...parsed.data, fetchedUrl: url3 };
+  } catch {
+    return null;
+  }
+}
+function getWellKnown(origin, headers, signal) {
+  const url3 = `${origin}/.well-known/x402`;
+  return fetchSafe(url3, {
+    method: "GET",
+    headers: { Accept: "application/json", ...headers },
+    signal
+  }).andThen((response) => {
+    if (!response.ok) return okAsync(null);
+    return ResultAsync.fromSafePromise(parseBody2(response, origin, url3));
+  });
+}
+function formatPrice(pricing) {
+  if (pricing.pricingMode === "fixed") return `$${pricing.price}`;
+  if (pricing.pricingMode === "range") return `$${pricing.minPrice}-$${pricing.maxPrice}`;
+  return pricing.maxPrice ? `up to $${pricing.maxPrice}` : "quote";
+}
+function checkL2ForOpenAPI(openApi) {
+  const routes = openApi.routes.map((route) => ({
+    path: route.path,
+    method: route.method,
+    summary: route.summary ?? `${route.method} ${route.path}`,
+    ...route.authMode ? { authMode: route.authMode } : {},
+    ...route.pricing ? { price: formatPrice(route.pricing) } : {},
+    ...route.protocols?.length ? { protocols: route.protocols } : {}
+  }));
+  return {
+    ...openApi.info.title ? { title: openApi.info.title } : {},
+    ...openApi.info.description ? { description: openApi.info.description } : {},
+    routes,
+    source: "openapi"
+  };
+}
+function checkL2ForWellknown(wellKnown) {
+  const routes = wellKnown.routes.map((route) => ({
+    path: route.path,
+    method: route.method,
+    summary: `${route.method} ${route.path}`,
+    authMode: "paid",
+    protocols: ["x402"]
+  }));
+  return { routes, source: "well-known/x402" };
+}
+function checkL4ForOpenAPI(openApi) {
+  if (openApi.guidance) {
+    return { guidance: openApi.guidance, source: "openapi" };
+  }
+  return null;
+}
+function checkL4ForWellknown(wellKnown) {
+  if (wellKnown.instructions) {
+    return { guidance: wellKnown.instructions, source: "well-known/x402" };
+  }
+  return null;
+}
+function estimateTokenCount(text) {
+  return Math.ceil(text.length / 4);
+}
+var GuidanceMode = /* @__PURE__ */ ((GuidanceMode2) => {
+  GuidanceMode2["Auto"] = "auto";
+  GuidanceMode2["Always"] = "always";
+  GuidanceMode2["Never"] = "never";
+  return GuidanceMode2;
+})(GuidanceMode || {});
+var GUIDANCE_AUTO_INCLUDE_MAX_TOKENS_LENGTH = 1e3;
+function withGuidance(base2, l4, guidanceMode) {
+  if (guidanceMode === "never") return { ...base2, guidanceAvailable: !!l4 };
+  if (!l4) return { ...base2, guidanceAvailable: false };
+  const tokens2 = estimateTokenCount(l4.guidance);
+  if (guidanceMode === "always" || tokens2 <= GUIDANCE_AUTO_INCLUDE_MAX_TOKENS_LENGTH) {
+    return { ...base2, guidanceAvailable: true, guidanceTokens: tokens2, guidance: l4.guidance };
+  }
+  return { ...base2, guidanceAvailable: true, guidanceTokens: tokens2 };
+}
+async function discoverOriginSchema(options) {
+  const origin = normalizeOrigin(options.target);
+  const guidanceMode = options.guidance ?? "auto";
+  const openApiResult = await getOpenAPI(
+    origin,
+    options.headers,
+    options.signal,
+    options.specificationOverrideUrl
+  );
+  const openApi = openApiResult.isOk() ? openApiResult.value : null;
+  if (openApi) {
+    const l22 = checkL2ForOpenAPI(openApi);
+    const l42 = checkL4ForOpenAPI(openApi);
+    const base22 = {
+      found: true,
+      origin,
+      source: "openapi",
+      ...l22.title ? { info: { title: l22.title, ...l22.description ? { description: l22.description } : {} } } : {},
+      endpoints: l22.routes
+    };
+    return withGuidance(base22, l42, guidanceMode);
+  }
+  const wellKnownResult = await getWellKnown(origin, options.headers, options.signal);
+  if (wellKnownResult.isErr()) {
+    return {
+      found: false,
+      origin,
+      cause: wellKnownResult.error.cause,
+      message: wellKnownResult.error.message
+    };
+  }
+  const wellKnown = wellKnownResult.value;
+  if (!wellKnown) return { found: false, origin, cause: "not_found" };
+  const l2 = checkL2ForWellknown(wellKnown);
+  const l4 = checkL4ForWellknown(wellKnown);
+  const base2 = {
+    found: true,
+    origin,
+    source: "well-known/x402",
+    endpoints: l2.routes
+  };
+  return withGuidance(base2, l4, guidanceMode);
+}
+function extractSchemas(accepts) {
+  const first = accepts[0];
+  if (!isRecord(first)) return {};
+  const outputSchema = isRecord(first.outputSchema) ? first.outputSchema : void 0;
+  return {
+    ...outputSchema && isRecord(outputSchema.input) ? { inputSchema: outputSchema.input } : {},
+    ...outputSchema && isRecord(outputSchema.output) ? { outputSchema: outputSchema.output } : {}
+  };
+}
+function asNonEmptyString(value) {
+  if (typeof value !== "string") return void 0;
+  const trimmed = value.trim();
+  return trimmed.length > 0 ? trimmed : void 0;
+}
+function asPositiveNumber(value) {
+  return typeof value === "number" && Number.isFinite(value) && value > 0 ? value : void 0;
+}
+function extractPaymentOptions(accepts) {
+  return accepts.flatMap((accept) => {
+    if (!isRecord(accept)) return [];
+    const network = asNonEmptyString(accept.network);
+    const asset = asNonEmptyString(accept.asset);
+    const maxAmountRequired = asNonEmptyString(accept.maxAmountRequired);
+    if (!network || !asset || !maxAmountRequired) return [];
+    const scheme = asNonEmptyString(accept.scheme);
+    const payTo = asNonEmptyString(accept.payTo);
+    const maxTimeoutSeconds = asPositiveNumber(accept.maxTimeoutSeconds);
+    return [
+      {
+        protocol: "x402",
+        version: 1,
+        network,
+        asset,
+        maxAmountRequired,
+        ...scheme ? { scheme } : {},
+        ...payTo ? { payTo } : {},
+        ...maxTimeoutSeconds ? { maxTimeoutSeconds } : {}
+      }
+    ];
+  });
+}
+function extractSchemas2(payload) {
+  if (!isRecord(payload)) return {};
+  const extensions = isRecord(payload.extensions) ? payload.extensions : void 0;
+  const bazaar = extensions && isRecord(extensions.bazaar) ? extensions.bazaar : void 0;
+  const schema = bazaar && isRecord(bazaar.schema) ? bazaar.schema : void 0;
+  if (!schema) return {};
+  const schemaProps = isRecord(schema.properties) ? schema.properties : void 0;
+  if (!schemaProps) return {};
+  const inputProps = isRecord(schemaProps.input) ? schemaProps.input : void 0;
+  const inputProperties = inputProps && isRecord(inputProps.properties) ? inputProps.properties : void 0;
+  const inputSchema = (inputProperties && isRecord(inputProperties.body) ? inputProperties.body : void 0) ?? (inputProperties && isRecord(inputProperties.queryParams) ? inputProperties.queryParams : void 0);
+  const outputProps = isRecord(schemaProps.output) ? schemaProps.output : void 0;
+  const outputProperties = outputProps && isRecord(outputProps.properties) ? outputProps.properties : void 0;
+  const outputSchema = outputProperties && isRecord(outputProperties.example) ? outputProperties.example : void 0;
+  return {
+    ...inputSchema ? { inputSchema } : {},
+    ...outputSchema ? { outputSchema } : {}
+  };
+}
+function extractPaymentOptions2(accepts) {
+  return accepts.flatMap((accept) => {
+    if (!isRecord(accept)) return [];
+    const network = asNonEmptyString(accept.network);
+    const asset = asNonEmptyString(accept.asset);
+    const amount2 = asNonEmptyString(accept.amount);
+    if (!network || !asset || !amount2) return [];
+    const scheme = asNonEmptyString(accept.scheme);
+    const payTo = asNonEmptyString(accept.payTo);
+    const maxTimeoutSeconds = asPositiveNumber(accept.maxTimeoutSeconds);
+    return [
+      {
+        protocol: "x402",
+        version: 2,
+        network,
+        asset,
+        amount: amount2,
+        ...scheme ? { scheme } : {},
+        ...payTo ? { payTo } : {},
+        ...maxTimeoutSeconds ? { maxTimeoutSeconds } : {}
+      }
+    ];
+  });
+}
+function parseVersion(payload) {
+  if (!isRecord(payload)) return void 0;
+  const v = payload.x402Version;
+  if (v === 1 || v === 2) return v;
+  return void 0;
+}
+function detectAuthHint(payload) {
+  if (isRecord(payload) && isRecord(payload.extensions)) {
+    if (payload.extensions["api-key"]) return "apiKey+paid";
+    if (payload.extensions["sign-in-with-x"]) return "siwx";
+  }
+  return "paid";
+}
+function extractPaymentOptions3(payload) {
+  if (!isRecord(payload)) return [];
+  const version7 = parseVersion(payload);
+  const accepts = Array.isArray(payload.accepts) ? payload.accepts : [];
+  if (version7 === 1) return extractPaymentOptions(accepts);
+  if (version7 === 2) return extractPaymentOptions2(accepts);
+  return [];
+}
+function extractSchemas3(payload) {
+  if (!isRecord(payload)) return {};
+  const version7 = parseVersion(payload);
+  if (version7 === 2) return extractSchemas2(payload);
+  if (version7 === 1) {
+    const accepts = Array.isArray(payload.accepts) ? payload.accepts : [];
+    return extractSchemas(accepts);
+  }
+  return {};
+}
+function parseInputSchema(payload) {
+  return extractSchemas3(payload).inputSchema;
+}
+function parseOutputSchema(payload) {
+  return extractSchemas3(payload).outputSchema;
+}
+async function parsePaymentRequiredBody(response) {
+  const payload = await response.clone().json();
+  if (!isRecord(payload) || payload.x402Version !== 1) return null;
+  return payload;
+}
+function parsePaymentRequiredBody2(headerValue) {
+  const payload = JSON.parse(atob(headerValue));
+  if (!isRecord(payload) || payload.x402Version !== 2) return null;
+  return payload;
+}
+function isUsableStatus(status) {
+  return status === 402 || status >= 200 && status < 300;
+}
+function detectProtocols(response) {
+  const protocols = /* @__PURE__ */ new Set();
+  const directHeader = response.headers.get("x-payment-protocol");
+  if (directHeader) {
+    for (const part of directHeader.split(",")) {
+      const protocol = part.trim().toLowerCase();
+      if (protocol) protocols.add(protocol);
     }
-    const response = fetchResult.value;
-    if (!response.ok) continue;
-    const jsonResult = await resultFromPromise(
-      "json",
-      "fetchOpenApiSpec",
-      response.json(),
-      () => ({
-        cause: "parse",
-        message: `Failed to parse JSON from: ${url3}`
-      })
-    );
-    if (jsonResult.isErr()) {
-      if (failure.cause === "not_found") {
-        failure = {
-          ok: false,
-          cause: "parse",
-          message: `Failed to parse JSON from: ${url3}`
+  }
+  const authHeader = response.headers.get("www-authenticate")?.toLowerCase() ?? "";
+  if (authHeader.includes("x402")) protocols.add("x402");
+  if (isMmmEnabled() && authHeader.includes("mpp")) protocols.add("mpp");
+  return [...protocols];
+}
+function buildProbeUrl(url3, method, inputBody) {
+  if (!inputBody || method !== "GET" && method !== "HEAD") return url3;
+  const u = new URL(url3);
+  for (const [key, value] of Object.entries(inputBody)) {
+    u.searchParams.set(key, String(value));
+  }
+  return u.toString();
+}
+function probeMethod(url3, method, path2, headers, signal, inputBody) {
+  const hasBody = inputBody !== void 0 && method !== "GET" && method !== "HEAD";
+  const probeUrl = buildProbeUrl(url3, method, inputBody);
+  return fetchSafe(probeUrl, {
+    method,
+    headers: {
+      Accept: "application/json, text/plain;q=0.9, */*;q=0.8",
+      ...hasBody ? { "Content-Type": "application/json" } : {},
+      ...headers
+    },
+    ...hasBody ? { body: JSON.stringify(inputBody) } : {},
+    signal
+  }).andThen((response) => {
+    if (!isUsableStatus(response.status)) return ResultAsync.fromSafePromise(Promise.resolve(null));
+    return ResultAsync.fromSafePromise(
+      (async () => {
+        let authHint = response.status === 402 ? "paid" : "unprotected";
+        let paymentRequiredBody;
+        if (response.status === 402) {
+          try {
+            const headerValue = response.headers.get("payment-required");
+            const parsed = headerValue !== null ? parsePaymentRequiredBody2(headerValue) : await parsePaymentRequiredBody(response);
+            if (parsed !== null) {
+              paymentRequiredBody = parsed;
+              authHint = detectAuthHint(paymentRequiredBody);
+            }
+          } catch {
+          }
+        }
+        const protocols = detectProtocols(response);
+        const wwwAuthenticate = response.headers.get("www-authenticate") ?? void 0;
+        return {
+          path: path2,
+          method,
+          authHint,
+          ...protocols.length ? { protocols } : {},
+          ...paymentRequiredBody !== void 0 ? { paymentRequiredBody } : {},
+          ...wwwAuthenticate ? { wwwAuthenticate } : {}
         };
-      }
-      log.debug(`Failed to parse OpenAPI spec from: ${url3}`);
+      })()
+    );
+  });
+}
+function getProbe(url3, headers, signal, inputBody) {
+  const path2 = normalizePath(new URL(url3).pathname || "/");
+  return ResultAsync.fromSafePromise(
+    Promise.all(
+      [...HTTP_METHODS].map(
+        (method) => probeMethod(url3, method, path2, headers, signal, inputBody).match(
+          (result) => result,
+          () => null
+        )
+      )
+    ).then((results) => results.filter((r) => r !== null))
+  );
+}
+var TEMPO_DEFAULT_CHAIN_ID = 4217;
+function parseAuthParams2(segment) {
+  const params = {};
+  const re = /(\w+)=(?:"([^"]*)"|'([^']*)')/g;
+  let match;
+  while ((match = re.exec(segment)) !== null) {
+    params[match[1]] = match[2] ?? match[3] ?? "";
+  }
+  return params;
+}
+function extractPaymentOptions4(wwwAuthenticate) {
+  if (!isMmmEnabled() || !wwwAuthenticate) return [];
+  const options = [];
+  for (const segment of wwwAuthenticate.split(/,\s*(?=Payment\s)/i)) {
+    const stripped = segment.replace(/^Payment\s+/i, "").trim();
+    const params = parseAuthParams2(stripped);
+    const paymentMethod = params["method"];
+    const intent = params["intent"];
+    const realm = params["realm"];
+    const description = params["description"];
+    const requestStr = params["request"];
+    if (!paymentMethod || !intent || !realm || !requestStr) continue;
+    let request;
+    try {
+      const parsed = JSON.parse(requestStr);
+      if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) continue;
+      request = parsed;
+    } catch {
       continue;
     }
-    const spec = jsonResult.value;
-    if (spec && typeof spec === "object" && spec.paths) {
-      log.info(`Fetched OpenAPI spec for origin: ${origin}`);
-      return { ok: true, spec };
+    const asset = typeof request["currency"] === "string" ? request["currency"] : void 0;
+    const amountRaw = request["amount"];
+    const amount2 = typeof amountRaw === "string" ? amountRaw : typeof amountRaw === "number" ? String(amountRaw) : void 0;
+    const decimals2 = typeof request["decimals"] === "number" ? request["decimals"] : void 0;
+    const payTo = typeof request["recipient"] === "string" ? request["recipient"] : void 0;
+    const methodDetails = request["methodDetails"];
+    const chainId2 = methodDetails !== null && typeof methodDetails === "object" && !Array.isArray(methodDetails) && typeof methodDetails["chainId"] === "number" ? methodDetails["chainId"] : TEMPO_DEFAULT_CHAIN_ID;
+    if (!asset || !amount2) continue;
+    options.push({
+      protocol: "mpp",
+      // isMmmEnabled
+      paymentMethod,
+      intent,
+      realm,
+      network: `tempo:${String(chainId2)}`,
+      // isMmmEnabled
+      asset,
+      amount: amount2,
+      ...decimals2 != null ? { decimals: decimals2 } : {},
+      ...payTo ? { payTo } : {},
+      ...description ? { description } : {}
+    });
+  }
+  return options;
+}
+function findMatchingOpenApiPath(paths, targetPath) {
+  const exact = paths[targetPath];
+  if (isRecord(exact)) return { matchedPath: targetPath, pathItem: exact };
+  for (const [specPath, entry] of Object.entries(paths)) {
+    if (!isRecord(entry)) continue;
+    const pattern = specPath.replace(/\{[^}]+\}/g, "[^/]+");
+    const regex = new RegExp(`^${pattern}$`);
+    if (regex.test(targetPath)) {
+      return { matchedPath: specPath, pathItem: entry };
     }
   }
-  log.debug(`No OpenAPI spec found for origin: ${origin}`);
-  return failure;
+  return null;
 }
-function resolveRef2(spec, ref, seen) {
+function resolveRef2(document2, ref, seen) {
   if (!ref.startsWith("#/")) return void 0;
   if (seen.has(ref)) return { $circular: ref };
   seen.add(ref);
   const parts = ref.slice(2).split("/");
-  let current = spec;
+  let current = document2;
   for (const part of parts) {
-    if (current == null || typeof current !== "object" || Array.isArray(current))
-      return void 0;
-    const next = current[part];
-    if (next === void 0) return void 0;
-    current = next;
-  }
-  if (current != null && typeof current === "object" && !Array.isArray(current)) {
-    return resolveRefs(spec, current, seen);
+    if (!isRecord(current)) return void 0;
+    current = current[part];
+    if (current === void 0) return void 0;
   }
+  if (isRecord(current)) return resolveRefs(document2, current, seen);
   return current;
 }
-function resolveRefs(spec, obj, seen, depth = 0) {
+function resolveRefs(document2, obj, seen, depth = 0) {
   if (depth > 4) return obj;
-  const result = {};
+  const resolved = {};
   for (const [key, value] of Object.entries(obj)) {
     if (key === "$ref" && typeof value === "string") {
-      const resolved = resolveRef2(spec, value, seen);
-      if (resolved != null && typeof resolved === "object" && !Array.isArray(resolved)) {
-        Object.assign(result, resolved);
+      const deref = resolveRef2(document2, value, seen);
+      if (isRecord(deref)) {
+        Object.assign(resolved, deref);
       } else {
-        result[key] = value;
+        resolved[key] = value;
       }
-    } else if (value != null && typeof value === "object" && !Array.isArray(value)) {
-      result[key] = resolveRefs(spec, value, seen, depth + 1);
-    } else if (Array.isArray(value)) {
-      result[key] = value.map((item) => {
-        if (item != null && typeof item === "object" && !Array.isArray(item)) {
-          return resolveRefs(spec, item, seen, depth + 1);
-        }
-        return item;
-      });
-    } else {
-      result[key] = value;
+      continue;
     }
-  }
-  return result;
-}
-function extractPath(url3, origin) {
-  if (url3.startsWith(origin)) {
-    return url3.slice(origin.length) || "/";
-  }
-  return URL.canParse(url3) ? new URL(url3).pathname : url3;
-}
-async function getEndpointSchema(endpointUrl, method) {
-  if (!URL.canParse(endpointUrl)) return null;
-  const origin = new URL(endpointUrl).origin;
-  const result = await fetchOpenApiSpec(origin);
-  if (!result.ok) return null;
-  const spec = result.spec;
-  const paths = spec.paths;
-  if (!paths) return null;
-  const path2 = extractPath(endpointUrl, origin);
-  const httpMethod = (method ?? "post").toLowerCase();
-  let pathEntry = paths[path2];
-  if (!pathEntry) {
-    for (const [specPath, specEntry] of Object.entries(paths)) {
-      if (specEntry == null || typeof specEntry !== "object") continue;
-      const pattern = specPath.replace(/\{[^}]+\}/g, "[^/]+");
-      const regex = new RegExp(`^${pattern}$`);
-      if (regex.test(path2)) {
-        pathEntry = specEntry;
-        break;
-      }
+    if (isRecord(value)) {
+      resolved[key] = resolveRefs(document2, value, seen, depth + 1);
+      continue;
     }
-  }
-  if (!pathEntry) {
-    log.debug(`No OpenAPI path entry found for: ${path2}`);
-    return null;
-  }
-  const operation = pathEntry[httpMethod];
-  if (!operation) {
-    log.debug(
-      `No OpenAPI operation found for ${httpMethod.toUpperCase()} ${path2}`
-    );
-    return null;
-  }
-  const resolved = resolveRefs(spec, operation, /* @__PURE__ */ new Set());
-  return { path: path2, method: httpMethod, ...resolved };
-}
-async function getOriginIndex(origin) {
-  const result = await fetchOpenApiSpec(origin);
-  if (!result.ok) return null;
-  const spec = result.spec;
-  const endpoints = [];
-  for (const [path2, methods] of Object.entries(
-    spec.paths
-  )) {
-    for (const [method, operation] of Object.entries(methods)) {
-      if (typeof operation === "object" && operation !== null) {
-        const op = operation;
-        const paymentInfo = op["x-payment-info"];
-        const entry = {
-          path: path2,
-          method: method.toUpperCase(),
-          summary: op.summary || op.description || ""
-        };
-        if (paymentInfo?.price != null) {
-          entry.price = `$${paymentInfo.price}`;
-        }
-        if (Array.isArray(paymentInfo?.protocols)) {
-          entry.protocols = paymentInfo.protocols;
-        }
-        endpoints.push(entry);
-      }
+    if (Array.isArray(value)) {
+      resolved[key] = value.map(
+        (item) => isRecord(item) ? resolveRefs(document2, item, seen, depth + 1) : item
+      );
+      continue;
     }
+    resolved[key] = value;
   }
-  return endpoints;
+  return resolved;
 }
-var OPENAPI_HTTP_METHODS = /* @__PURE__ */ new Set([
-  "get",
-  "post",
-  "put",
-  "delete",
-  "patch",
-  "head",
-  "options",
-  "trace"
-]);
-async function getSpecMethods(endpointUrl) {
-  if (!URL.canParse(endpointUrl)) return null;
-  const origin = new URL(endpointUrl).origin;
-  const result = await fetchOpenApiSpec(origin);
-  if (!result.ok) return null;
-  const paths = result.spec.paths;
-  const path2 = extractPath(endpointUrl, origin);
-  let pathEntry = paths[path2];
-  if (!pathEntry) {
-    for (const [specPath, specEntry] of Object.entries(paths)) {
-      if (specEntry == null || typeof specEntry !== "object") continue;
-      const pattern = specPath.replace(/\{[^}]+\}/g, "[^/]+");
-      const regex = new RegExp(`^${pattern}$`);
-      if (regex.test(path2)) {
-        pathEntry = specEntry;
-        break;
-      }
+function extractRequestBodySchema(operationSchema) {
+  const requestBody = operationSchema.requestBody;
+  if (!isRecord(requestBody)) return void 0;
+  const content = requestBody.content;
+  if (!isRecord(content)) return void 0;
+  const jsonMediaType = content["application/json"];
+  if (isRecord(jsonMediaType) && isRecord(jsonMediaType.schema)) {
+    return jsonMediaType.schema;
+  }
+  for (const mediaType of Object.values(content)) {
+    if (isRecord(mediaType) && isRecord(mediaType.schema)) {
+      return mediaType.schema;
     }
   }
-  if (!pathEntry) return null;
-  return Object.keys(pathEntry).filter((k) => OPENAPI_HTTP_METHODS.has(k)).map((k) => k.toUpperCase());
+  return void 0;
 }
-async function getIndexEntry(origin, path2, method) {
-  const entries = await getOriginIndex(origin);
-  if (!entries) return void 0;
-  const m = method.toUpperCase();
-  return entries.find((e) => e.path === path2 && e.method === m);
+function extractParameters(operationSchema) {
+  const params = operationSchema.parameters;
+  if (!Array.isArray(params)) return [];
+  return params.filter((value) => isRecord(value));
 }
-
-// src/shared/operations/check-endpoint.ts
-var TEMPO_DEFAULT_CHAIN_ID = 4217;
-var SUPPORTED_METHODS = [
-  "GET",
-  "POST",
-  "PUT",
-  "DELETE",
-  "PATCH"
-];
-function derivePaymentRequirement(protocols, paymentOptions, hasSiwxExtension) {
-  const hasPaymentOptions = paymentOptions.length > 0;
-  const isSiwxOnly = hasSiwxExtension && !hasPaymentOptions;
-  if (isSiwxOnly) {
-    return {
-      requiresPayment: false,
-      protocols: []
-    };
-  }
+function extractInputSchema(operationSchema) {
+  const requestBody = extractRequestBodySchema(operationSchema);
+  const parameters = extractParameters(operationSchema);
+  if (!requestBody && parameters.length === 0) return void 0;
+  if (requestBody && parameters.length === 0) return requestBody;
   return {
-    requiresPayment: true,
-    protocols
+    ...requestBody ? { requestBody } : {},
+    ...parameters.length > 0 ? { parameters } : {}
   };
 }
-function deriveSpecFallbackPaymentRequirement(schema, estimatedPrice) {
-  if (!schema || typeof schema !== "object") return true;
-  const op = schema;
-  const hasPaymentInfo = Boolean(op["x-payment-info"]);
-  const security = op.security;
-  const hasSiwxSecurity = Array.isArray(security) && security.some(
-    (entry) => entry != null && typeof entry === "object" && "siwx" in entry
-  );
-  if (hasSiwxSecurity && !hasPaymentInfo && !estimatedPrice) {
-    return false;
-  }
-  return true;
-}
-async function checkEndpoint({
-  surface: surface2,
-  url: url3,
-  methods,
-  body,
-  headers = {},
-  includeMethodErrors = false,
-  probeAllMethods = false
-}) {
-  let methodsToCheck;
-  if (methods) {
-    methodsToCheck = methods;
-  } else if (probeAllMethods) {
-    methodsToCheck = [...SUPPORTED_METHODS];
-  } else {
-    const specMethods = await getSpecMethods(url3);
-    if (specMethods?.length) {
-      methodsToCheck = specMethods.filter(
-        (m) => SUPPORTED_METHODS.includes(m)
-      );
-    } else {
-      methodsToCheck = [...SUPPORTED_METHODS];
+function parseOperationPrice(operation) {
+  const paymentInfo = operation["x-payment-info"];
+  if (!isRecord(paymentInfo)) return void 0;
+  function toFiniteNumber(value) {
+    if (typeof value === "number" && Number.isFinite(value)) return value;
+    if (typeof value === "string" && value.trim().length > 0) {
+      const parsed = Number(value);
+      if (Number.isFinite(parsed)) return parsed;
     }
+    return void 0;
   }
-  log.info("Checking endpoint", { url: url3, methods: methodsToCheck });
-  const results = await Promise.all(
-    methodsToCheck.map(
-      (method) => probeMethod({ surface: surface2, method, url: url3, body, headers, includeMethodErrors })
-    )
-  );
-  return {
-    url: url3,
-    results: results.filter((r) => r !== null)
-  };
+  const fixed = toFiniteNumber(paymentInfo.price);
+  if (fixed != null) return `$${String(fixed)}`;
+  const min = toFiniteNumber(paymentInfo.minPrice);
+  const max = toFiniteNumber(paymentInfo.maxPrice);
+  if (min != null && max != null) return `$${String(min)}-$${String(max)}`;
+  return void 0;
 }
-async function probeMethod({
-  surface: surface2,
-  method,
-  url: url3,
-  body,
-  headers,
-  includeMethodErrors
-}) {
-  const schemaPromise = resultFromPromise(
-    "openapi",
-    surface2,
-    getEndpointSchema(url3, method),
-    (e) => ({
-      cause: "schema_fetch",
-      message: e instanceof Error ? e.message : String(e)
-    })
+function parseOperationProtocols(operation) {
+  const paymentInfo = operation["x-payment-info"];
+  if (!isRecord(paymentInfo) || !Array.isArray(paymentInfo.protocols)) return void 0;
+  const protocols = paymentInfo.protocols.filter(
+    (protocol) => typeof protocol === "string" && protocol.length > 0 && (protocol !== "mpp" || isMmmEnabled())
   );
-  const request = buildProbeRequest(url3, method, body, headers);
-  const responseResult = await safeFetch(
-    surface2,
-    request,
-    DEFAULT_FETCH_TIMEOUT
-  );
-  const fallbackToSpec = async () => {
-    const schemaResult = await schemaPromise;
-    const schema2 = schemaResult.isOk() && schemaResult.value ? schemaResult.value : void 0;
-    if (!schema2) return null;
-    let estimatedPrice2;
-    let summary2;
-    const indexResult2 = await resultFromPromise(
-      "openapi",
-      surface2,
-      (async () => {
-        const origin = new URL(url3).origin;
-        const path2 = new URL(url3).pathname || "/";
-        return getIndexEntry(origin, path2, method);
-      })(),
-      (e) => ({
-        cause: "index_lookup",
-        message: e instanceof Error ? e.message : String(e)
-      })
-    );
-    let protocols2;
-    if (indexResult2.isOk() && indexResult2.value) {
-      if (indexResult2.value.price) estimatedPrice2 = indexResult2.value.price;
-      if (indexResult2.value.summary) summary2 = indexResult2.value.summary;
-      if (indexResult2.value.protocols?.length) {
-        protocols2 = indexResult2.value.protocols;
-      }
-    }
-    const requiresPayment = deriveSpecFallbackPaymentRequirement(
-      schema2,
-      estimatedPrice2
+  return protocols.length > 0 ? protocols : void 0;
+}
+function getL3ForOpenAPI(openApi, path2, method) {
+  const document2 = openApi.raw;
+  const paths = isRecord(document2.paths) ? document2.paths : void 0;
+  if (!paths) return null;
+  const matched = findMatchingOpenApiPath(paths, path2);
+  if (!matched) return null;
+  const operation = matched.pathItem[method.toLowerCase()];
+  if (!isRecord(operation)) return null;
+  const resolvedOperation = resolveRefs(document2, operation, /* @__PURE__ */ new Set());
+  const summary = typeof resolvedOperation.summary === "string" ? resolvedOperation.summary : typeof resolvedOperation.description === "string" ? resolvedOperation.description : void 0;
+  return {
+    source: "openapi",
+    ...summary ? { summary } : {},
+    authMode: inferAuthMode(resolvedOperation) ?? void 0,
+    estimatedPrice: parseOperationPrice(resolvedOperation),
+    protocols: parseOperationProtocols(resolvedOperation),
+    inputSchema: extractInputSchema(resolvedOperation),
+    outputSchema: resolvedOperation
+  };
+}
+function getL3ForProbe(probe, path2, method) {
+  const probeResult = probe.find((r) => r.path === path2 && r.method === method);
+  if (!probeResult) return null;
+  const inputSchema = probeResult.paymentRequiredBody ? parseInputSchema(probeResult.paymentRequiredBody) : void 0;
+  const outputSchema = probeResult.paymentRequiredBody ? parseOutputSchema(probeResult.paymentRequiredBody) : void 0;
+  const paymentOptions = [
+    ...probeResult.paymentRequiredBody ? extractPaymentOptions3(probeResult.paymentRequiredBody) : [],
+    ...isMmmEnabled() ? extractPaymentOptions4(probeResult.wwwAuthenticate) : []
+    // isMmmEnabled
+  ];
+  return {
+    source: "probe",
+    authMode: probeResult.authHint,
+    ...probeResult.protocols?.length ? { protocols: probeResult.protocols } : {},
+    ...inputSchema ? { inputSchema } : {},
+    ...outputSchema ? { outputSchema } : {},
+    ...paymentOptions.length ? { paymentOptions } : {}
+  };
+}
+function getAdvisoriesForOpenAPI(openApi, path2) {
+  return [...HTTP_METHODS].flatMap((method) => {
+    const l3 = getL3ForOpenAPI(openApi, path2, method);
+    return l3 ? [{ method, ...l3 }] : [];
+  });
+}
+function getAdvisoriesForProbe(probe, path2) {
+  return [...HTTP_METHODS].flatMap((method) => {
+    const l3 = getL3ForProbe(probe, path2, method);
+    return l3 ? [{ method, ...l3 }] : [];
+  });
+}
+async function checkEndpointSchema(options) {
+  const endpoint = new URL(options.url);
+  const origin = normalizeOrigin(endpoint.origin);
+  const path2 = normalizePath(endpoint.pathname || "/");
+  if (options.sampleInputBody !== void 0) {
+    const probeResult2 = await getProbe(
+      options.url,
+      options.headers,
+      options.signal,
+      options.sampleInputBody
     );
-    return {
-      method,
-      requiresPayment,
-      statusCode: 402,
-      schema: schema2,
-      ...requiresPayment && protocols2 ? { protocols: protocols2 } : {},
-      ...estimatedPrice2 ? { estimatedPrice: estimatedPrice2 } : {},
-      ...summary2 ? { summary: summary2 } : {}
-    };
-  };
-  if (responseResult.isErr()) {
-    log.debug(`${method} ${url3} probe failed`, responseResult.error);
-    return fallbackToSpec();
-  }
-  const response = responseResult.value;
-  if (!response.ok && response.status !== 402) {
-    if (includeMethodErrors && (response.status === 404 || response.status === 405)) {
+    if (probeResult2.isErr()) {
       return {
-        method,
-        requiresPayment: false,
-        statusCode: response.status
+        found: false,
+        origin,
+        path: path2,
+        cause: probeResult2.error.cause,
+        message: probeResult2.error.message
       };
     }
-    log.debug(
-      `${method} ${url3} returned ${response.status} \u2014 falling back to spec`
-    );
-    return fallbackToSpec();
+    const advisories2 = getAdvisoriesForProbe(probeResult2.value, path2);
+    if (advisories2.length > 0) return { found: true, origin, path: path2, advisories: advisories2 };
+    return { found: false, origin, path: path2, cause: "not_found" };
   }
-  if (response.status !== 402) {
+  const openApiResult = await getOpenAPI(origin, options.headers, options.signal);
+  const openApi = openApiResult.isOk() ? openApiResult.value : null;
+  if (openApi) {
+    const advisories2 = getAdvisoriesForOpenAPI(openApi, path2);
+    if (advisories2.length > 0) return { found: true, origin, path: path2, advisories: advisories2 };
+    return { found: false, origin, path: path2, cause: "not_found" };
+  }
+  const probeResult = await getProbe(options.url, options.headers, options.signal);
+  if (probeResult.isErr()) {
     return {
-      method,
-      requiresPayment: false,
-      statusCode: response.status
+      found: false,
+      origin,
+      path: path2,
+      cause: probeResult.error.cause,
+      message: probeResult.error.message
     };
   }
-  const protocols = detectPaymentProtocols(response);
-  const paymentOptions = [];
-  let hasSiwxExtension = false;
-  let schema;
-  const endpointSchemaResult = await schemaPromise;
-  if (endpointSchemaResult.isOk() && endpointSchemaResult.value) {
-    schema = endpointSchemaResult.value;
-  } else if (endpointSchemaResult.isErr()) {
-    log.debug(`Failed to fetch OpenAPI schema for: ${url3}`);
-  }
-  if (isMppEnabled() && protocols.includes("mpp")) {
-    for (const challenge2 of parseMppChallenges(response)) {
-      const currency2 = challenge2.request.currency;
-      const amount2 = challenge2.request.amount;
-      const decimals2 = challenge2.request.decimals ?? 6;
-      const recipient = challenge2.request.recipient;
-      const methodDetails = challenge2.request.methodDetails;
-      const chainId2 = methodDetails?.chainId ?? TEMPO_DEFAULT_CHAIN_ID;
-      const network = `tempo:${String(chainId2)}`;
-      const description = challenge2.description ?? schema?.summary;
-      if (amount2 && currency2) {
-        paymentOptions.push({
-          protocol: "mpp",
-          paymentMethod: challenge2.method,
-          intent: challenge2.intent,
-          realm: challenge2.realm,
-          price: tokenStringToNumber(amount2, decimals2),
-          network,
-          asset: currency2,
-          ...recipient ? { recipient } : {},
-          ...description ? { description } : {}
-        });
-      }
-    }
-  }
-  if (protocols.includes("x402")) {
-    const client = new x402HTTPClient(new x402Client());
-    const paymentRequiredResult = await safeGetPaymentRequired(
-      surface2,
-      client,
-      response
-    );
-    if (paymentRequiredResult.isOk()) {
-      const { resource, extensions, accepts } = paymentRequiredResult.value;
-      hasSiwxExtension = !!extensions && typeof extensions === "object" && "sign-in-with-x" in extensions;
-      if (!schema) {
-        const inputSchema = getInputSchema(extensions);
-        if (inputSchema) schema = inputSchema;
-      }
-      for (const accept of accepts) {
-        paymentOptions.push({
-          protocol: "x402",
-          price: tokenStringToNumber(accept.amount),
-          network: accept.network,
-          asset: accept.asset,
-          ...accept.payTo ? { recipient: accept.payTo } : {},
-          ...resource.description ? { description: resource.description } : {},
-          ...resource.mimeType ? { mimeType: resource.mimeType } : {}
-        });
-      }
-    }
-  }
-  let estimatedPrice;
-  let summary;
-  const indexResult = await resultFromPromise(
-    "openapi",
-    surface2,
-    (async () => {
-      const origin = new URL(url3).origin;
-      const path2 = new URL(url3).pathname || "/";
-      return getIndexEntry(origin, path2, method);
-    })(),
-    (e) => ({
-      cause: "index_lookup",
-      message: e instanceof Error ? e.message : String(e)
-    })
-  );
-  if (indexResult.isOk() && indexResult.value) {
-    if (indexResult.value.price) estimatedPrice = indexResult.value.price;
-    if (indexResult.value.summary) summary = indexResult.value.summary;
-  }
-  return {
-    method,
-    ...derivePaymentRequirement(protocols, paymentOptions, hasSiwxExtension),
-    statusCode: response.status,
-    paymentOptions,
-    ...schema ? { schema } : {},
-    ...estimatedPrice ? { estimatedPrice } : {},
-    ...summary ? { summary } : {}
-  };
-}
-function parseMppChallenges(response) {
-  const header = response.headers.get("WWW-Authenticate");
-  if (!header) return [];
-  const challenges = [];
-  for (const segment of header.split(/,\s*(?=Payment\s)/i)) {
-    const result = resultFromThrowable(
-      "mpp",
-      "check-endpoint",
-      () => Challenge_exports.deserialize(segment.trim()),
-      (e) => ({
-        cause: "challenge_parse",
-        message: e instanceof Error ? e.message : String(e)
-      })
-    );
-    if (result.isOk()) {
-      challenges.push(result.value);
-    } else {
-      log.debug("Failed to parse MPP challenge segment", result.error.message);
-    }
-  }
-  return challenges;
+  const advisories = getAdvisoriesForProbe(probeResult.value, path2);
+  if (advisories.length > 0) return { found: true, origin, path: path2, advisories };
+  return { found: false, origin, path: path2, cause: "not_found" };
 }
-function buildProbeRequest(url3, method, body, headers) {
-  const supportsBody = ["POST", "PUT", "PATCH"].includes(method);
-  const requestBody = supportsBody && body ? typeof body === "string" ? body : JSON.stringify(body) : void 0;
-  return new Request(url3, {
-    method,
-    body: requestBody,
-    headers: {
-      ...requestBody ? { "Content-Type": "application/json" } : {},
-      ...headers
-    }
+
+// src/shared/operations/check-endpoint.ts
+async function checkEndpoint(surface2, url3, methods, sampleInputBody, headers) {
+  log.info("Checking endpoint", { surface: surface2, url: url3, methods, hasSampleInputBody: !!sampleInputBody });
+  const result = await checkEndpointSchema({
+    url: url3,
+    sampleInputBody,
+    headers
   });
+  if (!result.found) {
+    log.error(`[checkEndpoint failed`, {
+      surface: surface2,
+      url: url3,
+      cause: result.cause,
+      message: result.message
+    });
+    return result;
+  }
+  const advisories = methods?.length ? result.advisories.filter(
+    (a) => methods.includes(a.method)
+  ) : result.advisories;
+  return { ...result, advisories };
 }
 
 // src/server/tools/check-endpoint.ts
 var toolName3 = "check_endpoint_schema";
-var checkEndpointInputSchema = zod_default.object({
-  url: zod_default.string().describe("The endpoint URL"),
-  method: zod_default.enum(["GET", "POST", "PUT", "DELETE", "PATCH"]).optional().describe(
-    "HTTP method to check. If omitted, all methods are probed in parallel."
-  ),
-  body: zod_default.unknown().optional().describe("Request body for POST/PUT/PATCH methods"),
-  headers: zod_default.record(zod_default.string(), zod_default.string()).optional().describe("Additional headers to include").default({})
-});
 var registerCheckEndpointTool = ({
   server,
   account,
@@ -116234,8 +116658,24 @@ var registerCheckEndpointTool = ({
     toolName3,
     {
       title: "Check Endpoint Schema",
-      description: `Probe endpoint to check if payment-protected. By default checks only the HTTP methods declared in the endpoint's OpenAPI spec (falls back to all methods if no spec is available). Returns pricing, input schema, and payment methods for each method that responds with 402 or 2xx. Use before fetch to preview costs. No payment made.`,
-      inputSchema: checkEndpointInputSchema,
+      description: `Returns advisory data for an endpoint: auth mode, pricing, protocols, and input schema.
+
+        Two-phase workflow:
+        1. Call without sample_input_body to get the input schema and advisory pricing from the OpenAPI spec (no live request to the endpoint).
+        2. Once you know what body you intend to send, call again with sample_input_body set to that body. The endpoint will be probed live with that payload and exact paymentOptions (priced for your specific body) are returned in each advisory.
+
+        Checks the OpenAPI spec first, then falls back to a live 402 probe if no spec is found.
+        Use before fetch to understand what an endpoint requires. No payment is made.`,
+      inputSchema: zod_default.object({
+        url: zod_default.string().describe("The endpoint URL"),
+        method: zod_default.enum(["GET", "POST", "PUT", "DELETE", "PATCH"]).optional().describe(
+          "HTTP method to check. If omitted, all methods declared in the spec are returned."
+        ),
+        sample_input_body: zod_default.record(zod_default.string(), zod_default.unknown()).optional().describe(
+          "A sample request body you plan to send. When provided, the endpoint is probed live with this payload and exact paymentOptions priced for that body are returned. Use this after phase 1 has given you the input schema."
+        ),
+        headers: zod_default.record(zod_default.string(), zod_default.string()).optional().describe("Additional headers to include in the probe request").default({})
+      }),
       annotations: {
         readOnlyHint: true,
         destructiveHint: false,
@@ -116244,26 +116684,41 @@ var registerCheckEndpointTool = ({
       }
     },
     safeHandler(async (input) => {
-      log.info("Querying endpoint", input);
-      const { url: url3, results } = await checkEndpoint({
-        surface: toolName3,
-        url: input.url,
-        methods: input.method ? [input.method] : void 0,
-        body: input.body,
-        headers: {
+      log.info("Querying endpoint", { url: input.url, method: input.method, hasSampleInputBody: !!input.sample_input_body });
+      const result = await checkEndpoint(
+        toolName3,
+        input.url,
+        input.method ? [input.method] : void 0,
+        input.sample_input_body,
+        {
           ...input.headers,
           "X-Wallet-Address": account.address,
           ...sessionId ? { "X-Session-ID": sessionId } : {}
-        },
-        includeMethodErrors: !!input.method
-      });
-      if (results.length === 0) {
+        }
+      );
+      if (!result.found) {
+        log.error("[checkEndpoint] failed", {
+          surface: toolName3,
+          url: input.url,
+          cause: result.cause,
+          message: result.message
+        });
         return mcpSuccessJson({
-          message: "No methods returned 402 or 2xx for this endpoint.",
-          url: url3
+          message: "No endpoint schema found for this URL.",
+          url: input.url
         });
       }
-      return mcpSuccessJson(toJsonObject({ url: url3, results }));
+      if (result.advisories.length === 0) {
+        return mcpSuccessJson({
+          message: "No endpoint schema found for this URL.",
+          url: input.url
+        });
+      }
+      const results = result.advisories.map((a) => ({
+        ...a,
+        requiresPayment: a.authMode === "paid" || a.authMode === "apiKey+paid"
+      }));
+      return mcpSuccessJson(toJsonObject({ url: input.url, results }));
     })
   );
 };
@@ -116532,69 +116987,23 @@ var ORIGINS = [
 
 // src/shared/operations/discover.ts
 init_cjs_shims();
-async function fetchLlmsTxt(surface2, origin) {
-  const llmsTxtUrl = `${origin}/llms.txt`;
-  log.debug(`Fetching llms.txt from: ${llmsTxtUrl}`);
-  const result = await safeFetch(
-    surface2,
-    new Request(llmsTxtUrl, { headers: { Accept: "text/plain" } }),
-    DEFAULT_FETCH_TIMEOUT
-  );
-  if (result.isErr()) return null;
-  if (!result.value.ok) return null;
-  const parseResult = await safeParseResponse(surface2, result.value);
-  if (parseResult.isErr() || parseResult.value.type !== "text") return null;
-  return parseResult.value.data;
-}
-async function discoverResources(surface2, url3) {
-  if (!/^[a-zA-Z][a-zA-Z\d+\-.]*:\/\//.test(url3)) {
-    url3 = `https://${url3}`;
-  }
-  const origin = URL.canParse(url3) ? new URL(url3).origin : url3;
-  log.info(`Discovering resources for origin: ${origin}`);
-  const [specResult, instructions] = await Promise.all([
-    fetchOpenApiSpec(origin),
-    fetchLlmsTxt(surface2, origin)
-  ]);
-  if (!specResult.ok) {
-    log.debug(`No OpenAPI spec found for ${origin}: ${specResult.cause}`);
-    return {
-      found: false,
-      cause: specResult.cause,
-      ..."message" in specResult ? { message: specResult.message } : {}
-    };
-  }
-  const spec = specResult.spec;
-  const endpoints = await getOriginIndex(origin);
-  if (!endpoints || endpoints.length === 0) {
-    log.debug(`OpenAPI spec found for ${origin} but no endpoints extracted`);
-    return { found: false, cause: "not_found" };
-  }
-  log.info(`Found ${endpoints.length} endpoints for: ${origin}`);
-  const rawInfo = spec.info;
-  const info = rawInfo && typeof rawInfo.title === "string" ? {
-    title: rawInfo.title,
-    ...typeof rawInfo.version === "string" ? { version: rawInfo.version } : {},
-    ...typeof rawInfo.description === "string" ? { description: rawInfo.description } : {}
-  } : void 0;
-  return {
-    found: true,
-    origin,
-    source: "openapi",
-    ...info ? { info } : {},
-    endpoints: endpoints.map(({ path: path2, method, summary, price, protocols }) => ({
-      path: path2,
-      method,
-      summary,
-      ...price ? { price } : {},
-      ...protocols ? { protocols } : {}
-    })),
-    ...instructions ? { instructions } : {}
-  };
+async function discoverResources(surface2, url3, options = {}) {
+  const guidance = options.includeGuidance === true ? GuidanceMode.Always : options.includeGuidance === false ? GuidanceMode.Never : GuidanceMode.Auto;
+  const result = await discoverOriginSchema({ target: url3, guidance });
+  if (!result.found) {
+    log.error(`[discoverResources failed`, {
+      surface: surface2,
+      url: url3,
+      cause: result.cause,
+      message: result.message
+    });
+  }
+  return result;
 }
 
 // src/server/tools/discover-resources.ts
 var toolName5 = "discover_api_endpoints";
+var OPENAPI_TRIED_PATHS = "/openapi.json, /.well-known/openapi.json";
 function registerDiscoveryTools(server) {
   server.registerTool(
     toolName5,
@@ -116602,6 +117011,8 @@ function registerDiscoveryTools(server) {
       title: "Discover API Endpoints",
       description: `Find payment-protected resources on an origin. Returns a list of resource URLs.
         Use check_endpoint_schema separately to get detailed pricing/schema info for specific resources.
+        Guidance contract: responses always include guidanceAvailable. guidance is auto-included when compact.
+        Use include_guidance=true to force-include larger guidance when needed.
         Known default origins with resource packs. Discover if more needed:
         - ${"https://stableenrich.dev" /* StableEnrich */} ->
             People + Org search
@@ -116622,6 +117033,9 @@ function registerDiscoveryTools(server) {
       inputSchema: external_exports3.object({
         url: external_exports3.string().describe(
           "The origin URL or any URL on the origin to discover resources from"
+        ),
+        include_guidance: external_exports3.boolean().optional().describe(
+          "Guidance override: true=always include llms.txt, false=never include, omitted=auto by threshold"
         )
       }),
       annotations: {
@@ -116631,7 +117045,7 @@ function registerDiscoveryTools(server) {
         openWorldHint: true
       }
     },
-    safeHandler(async ({ url: url3 }) => {
+    safeHandler(async ({ url: url3, include_guidance }) => {
       if (!URL.canParse(url3)) {
         return mcpErrorJson({
           error: "Invalid URL",
@@ -116643,7 +117057,9 @@ function registerDiscoveryTools(server) {
       const discoverResult = await resultFromPromise(
         "discover",
         toolName5,
-        discoverResources(toolName5, url3),
+        discoverResources(toolName5, url3, {
+          includeGuidance: include_guidance
+        }),
         (e) => ({
           cause: "discover",
           message: e instanceof Error ? e.message : String(e)
@@ -116658,19 +117074,20 @@ function registerDiscoveryTools(server) {
           found: true,
           origin: result.origin,
           ...result.info ? { info: result.info } : {},
+          guidanceAvailable: result.guidanceAvailable,
+          ...result.guidanceTokens != null ? { guidanceTokens: result.guidanceTokens } : {},
+          ...result.guidance ? { guidance: result.guidance } : {},
           endpoints: result.endpoints.map(
             (e) => ({ ...e })
-          ),
-          ...result.instructions ? { instructions: result.instructions } : {}
+          )
         });
       }
       const origin = URL.canParse(url3) ? new URL(url3).origin : url3;
-      const tried = OPENAPI_SPEC_PATHS.join(", ");
       if (result.cause === "not_found") {
         return mcpSuccessJson({
           found: false,
           origin,
-          error: `No OpenAPI spec found. Tried: ${tried}`
+          error: `No OpenAPI spec found. Tried: ${OPENAPI_TRIED_PATHS}`
         });
       }
       return mcpSuccessJson({
@@ -116678,7 +117095,7 @@ function registerDiscoveryTools(server) {
         origin,
         cause: result.cause,
         error: result.message ?? `Failed to fetch OpenAPI spec (${result.cause})`,
-        hint: result.cause === "timeout" ? "The server may be slow or unreachable. Try again later." : result.cause === "network" ? "Could not reach the server. Check the network connection and try again." : `The server returned an unparseable response. Tried: ${tried}`
+        hint: result.cause === "timeout" ? "The server may be slow or unreachable. Try again later." : result.cause === "network" ? "Could not reach the server. Check the network connection and try again." : `The server returned an unparseable response. Tried: ${OPENAPI_TRIED_PATHS}`
       });
     })
   );
@@ -117166,7 +117583,7 @@ var import_path3 = require("path");
 var import_url2 = require("url");
 function getVersion3() {
   if (true) {
-    return "0.6.10";
+    return "0.7.1";
   }
   const __dirname3 = (0, import_path3.dirname)((0, import_url2.fileURLToPath)(importMetaUrl));
   const pkg = JSON.parse(