@bsv/message-box-client 2.0.5 → 2.0.7

package/dist/cjs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/message-box-client",
-  "version": "2.0.5",
+  "version": "2.0.7",
   "publishConfig": {
     "access": "public"
   },
@@ -72,6 +72,6 @@
   },
   "dependencies": {
     "@bsv/authsocket-client": "^2.0.2",
-    "@bsv/sdk": "^2.0.4"
+    "@bsv/sdk": "^2.0.11"
   }
 }

package/dist/cjs/src/PeerPayClient.js

@@ -44,22 +44,47 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.PeerPayClient = exports.STANDARD_PAYMENT_MESSAGEBOX = void 0;
+exports.PeerPayClient = exports.PAYMENT_REQUEST_RESPONSES_MESSAGEBOX = exports.PAYMENT_REQUESTS_MESSAGEBOX = exports.STANDARD_PAYMENT_MESSAGEBOX = void 0;
 const MessageBoxClient_js_1 = require("./MessageBoxClient.js");
+const types_js_1 = require("./types.js");
 const sdk_1 = require("@bsv/sdk");
 const Logger = __importStar(require("./Utils/logger.js"));
+function toNumberArray(tx) {
+    return Array.isArray(tx) ? tx : Array.from(tx);
+}
+function hexToBytes(hex) {
+    const matches = hex.match(/.{1,2}/g);
+    return matches != null ? matches.map(byte => parseInt(byte, 16)) : [];
+}
 function safeParse(input) {
     try {
         return typeof input === 'string' ? JSON.parse(input) : input;
     }
     catch (e) {
         Logger.error('[PP CLIENT] Failed to parse input in safeParse:', input);
-        // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
-        const fallback = {};
-        return fallback;
+        return undefined;
     }
 }
+/**
+ * Validates that a parsed object has the required fields for a PaymentRequestMessage.
+ * Returns true for both new requests (has amount, description, expiresAt) and cancellations (has cancelled: true).
+ */
+function isValidPaymentRequestMessage(obj) {
+    if (typeof obj !== 'object' || obj === null)
+        return false;
+    if (typeof obj.requestId !== 'string')
+        return false;
+    if (typeof obj.senderIdentityKey !== 'string')
+        return false;
+    if (typeof obj.requestProof !== 'string')
+        return false;
+    if (obj.cancelled === true)
+        return true;
+    return typeof obj.amount === 'number' && typeof obj.description === 'string' && typeof obj.expiresAt === 'number';
+}
 exports.STANDARD_PAYMENT_MESSAGEBOX = 'payment_inbox';
+exports.PAYMENT_REQUESTS_MESSAGEBOX = 'payment_requests';
+exports.PAYMENT_REQUEST_RESPONSES_MESSAGEBOX = 'payment_request_responses';
 const STANDARD_PAYMENT_OUTPUT_INDEX = 0;
 /**
  * PeerPayClient enables peer-to-peer Bitcoin payments using MessageBox.
@@ -73,6 +98,15 @@ class PeerPayClient extends MessageBoxClient_js_1.MessageBoxClient {
         this.messageBox = (_a = config.messageBox) !== null && _a !== void 0 ? _a : exports.STANDARD_PAYMENT_MESSAGEBOX;
         this.peerPayWalletClient = walletClient;
         this.originator = originator;
+        this.settlementModule = new sdk_1.Brc29RemittanceModule({
+            protocolID: [2, '3241645161d8'],
+            labels: ['peerpay'],
+            description: 'PeerPay payment',
+            outputDescription: 'Payment for PeerPay transaction',
+            internalizeProtocol: 'wallet payment',
+            refundFeeSatoshis: 1000,
+            minRefundSatoshis: 1000
+        });
     }
     get authFetchInstance() {
         if (this._authFetchInstance === null || this._authFetchInstance === undefined) {
@@ -80,6 +114,59 @@ class PeerPayClient extends MessageBoxClient_js_1.MessageBoxClient {
         }
         return this._authFetchInstance;
     }
+    /**
+     * Allows payment requests from a specific identity key by setting
+     * the recipientFee to 0 for the payment_requests message box.
+     *
+     * @param {Object} params - Parameters.
+     * @param {string} params.identityKey - The identity key to allow payment requests from.
+     * @returns {Promise<void>} Resolves when the permission is set.
+     */
+    async allowPaymentRequestsFrom({ identityKey }) {
+        await this.setMessageBoxPermission({
+            messageBox: exports.PAYMENT_REQUESTS_MESSAGEBOX,
+            sender: identityKey,
+            recipientFee: 0
+        });
+    }
+    /**
+     * Blocks payment requests from a specific identity key by setting
+     * the recipientFee to -1 for the payment_requests message box.
+     *
+     * @param {Object} params - Parameters.
+     * @param {string} params.identityKey - The identity key to block payment requests from.
+     * @returns {Promise<void>} Resolves when the permission is set.
+     */
+    async blockPaymentRequestsFrom({ identityKey }) {
+        await this.setMessageBoxPermission({
+            messageBox: exports.PAYMENT_REQUESTS_MESSAGEBOX,
+            sender: identityKey,
+            recipientFee: -1
+        });
+    }
+    /**
+     * Lists all permissions for the payment_requests message box, mapped to
+     * a simplified { identityKey, allowed } structure.
+     *
+     * A permission is considered "allowed" if recipientFee >= 0 (0 = always allow,
+     * positive = payment required). A recipientFee of -1 means blocked.
+     *
+     * @returns {Promise<Array<{ identityKey: string, allowed: boolean }>>} Resolved with the list of permissions.
+     */
+    async listPaymentRequestPermissions() {
+        const permissions = await this.listMessageBoxPermissions({ messageBox: exports.PAYMENT_REQUESTS_MESSAGEBOX });
+        // Filter to only per-sender entries (sender is not null/empty).
+        // Use the status field returned by the server to determine allowed state.
+        return permissions
+            .filter(p => p.sender != null && p.sender !== '')
+            .map(p => {
+            var _a;
+            return ({
+                identityKey: (_a = p.sender) !== null && _a !== void 0 ? _a : '',
+                allowed: p.status !== 'blocked'
+            });
+        });
+    }
     /**
      * Generates a valid payment token for a recipient.
      *
@@ -97,53 +184,34 @@ class PeerPayClient extends MessageBoxClient_js_1.MessageBoxClient {
             throw new Error('Invalid payment details: recipient and valid amount are required');
         }
         ;
-        // Generate derivation paths using correct nonce function
-        const derivationPrefix = await (0, sdk_1.createNonce)(this.peerPayWalletClient, 'self', this.originator);
-        const derivationSuffix = await (0, sdk_1.createNonce)(this.peerPayWalletClient, 'self', this.originator);
-        Logger.log(`[PP CLIENT] Derivation Prefix: ${derivationPrefix}`);
-        Logger.log(`[PP CLIENT] Derivation Suffix: ${derivationSuffix}`);
-        // Get recipient's derived public key
-        const { publicKey: derivedKeyResult } = await this.peerPayWalletClient.getPublicKey({
-            protocolID: [2, '3241645161d8'],
-            keyID: `${derivationPrefix} ${derivationSuffix}`,
-            counterparty: payment.recipient
-        }, this.originator);
-        Logger.log(`[PP CLIENT] Derived Public Key: ${derivedKeyResult}`);
-        if (derivedKeyResult == null || derivedKeyResult.trim() === '') {
-            throw new Error('Failed to derive recipient’s public key');
-        }
-        // Create locking script using recipient's public key
-        const lockingScript = new sdk_1.P2PKH().lock(sdk_1.PublicKey.fromString(derivedKeyResult).toAddress()).toHex();
-        Logger.log(`[PP CLIENT] Locking Script: ${lockingScript}`);
-        // Create the payment action
-        const paymentAction = await this.peerPayWalletClient.createAction({
-            description: 'PeerPay payment',
-            labels: ['peerpay'],
-            outputs: [{
-                    satoshis: payment.amount,
-                    lockingScript,
-                    customInstructions: JSON.stringify({
-                        derivationPrefix,
-                        derivationSuffix,
-                        payee: payment.recipient
-                    }),
-                    outputDescription: 'Payment for PeerPay transaction'
-                }],
-            options: {
-                randomizeOutputs: false
+        const result = await this.settlementModule.buildSettlement({
+            threadId: 'peerpay',
+            option: {
+                amountSatoshis: payment.amount,
+                payee: payment.recipient,
+                labels: ['peerpay'],
+                description: 'PeerPay payment'
             }
-        }, this.originator);
-        if (paymentAction.tx === undefined) {
-            throw new Error('Transaction creation failed!');
+        }, {
+            wallet: this.peerPayWalletClient,
+            originator: this.originator,
+            now: () => Date.now(),
+            logger: Logger
+        });
+        if (result.action === 'terminate') {
+            if (result.termination.code === 'brc29.public_key_missing') {
+                throw new Error('Failed to derive recipient’s public key');
+            }
+            throw new Error(result.termination.message);
         }
-        Logger.log('[PP CLIENT] Payment Action:', paymentAction);
+        Logger.log('[PP CLIENT] Payment Action Settlement Artifact:', result.artifact);
         return {
             customInstructions: {
-                derivationPrefix,
-                derivationSuffix
+                derivationPrefix: result.artifact.customInstructions.derivationPrefix,
+                derivationSuffix: result.artifact.customInstructions.derivationSuffix
             },
-            transaction: paymentAction.tx,
-            amount: payment.amount
+            transaction: result.artifact.transaction,
+            amount: result.artifact.amountSatoshis
         };
     }
     /**
@@ -224,10 +292,13 @@ class PeerPayClient extends MessageBoxClient_js_1.MessageBoxClient {
             // Convert PeerMessage → IncomingPayment before calling onPayment
             onMessage: (message) => {
                 Logger.log('[MB CLIENT] Received Live Payment:', message);
+                const token = safeParse(message.body);
+                if (token == null)
+                    return;
                 const incomingPayment = {
                     messageId: message.messageId,
                     sender: message.sender,
-                    token: safeParse(message.body)
+                    token
                 };
                 Logger.log('[PP CLIENT] Converted PeerMessage to IncomingPayment:', incomingPayment);
                 onPayment(incomingPayment);
@@ -246,23 +317,31 @@ class PeerPayClient extends MessageBoxClient_js_1.MessageBoxClient {
      * @throws {Error} If payment processing fails.
      */
     async acceptPayment(payment) {
-        var _a;
+        var _a, _b;
         try {
             Logger.log(`[PP CLIENT] Processing payment: ${JSON.stringify(payment, null, 2)}`);
-            const paymentResult = await this.peerPayWalletClient.internalizeAction({
-                tx: payment.token.transaction,
-                outputs: [{
-                        paymentRemittance: {
-                            derivationPrefix: payment.token.customInstructions.derivationPrefix,
-                            derivationSuffix: payment.token.customInstructions.derivationSuffix,
-                            senderIdentityKey: payment.sender
-                        },
-                        outputIndex: (_a = payment.token.outputIndex) !== null && _a !== void 0 ? _a : STANDARD_PAYMENT_OUTPUT_INDEX,
-                        protocol: 'wallet payment'
-                    }],
-                labels: ['peerpay'],
-                description: 'PeerPay Payment'
-            }, this.originator);
+            const acceptResult = await this.settlementModule.acceptSettlement({
+                threadId: 'peerpay',
+                sender: payment.sender,
+                settlement: {
+                    customInstructions: {
+                        derivationPrefix: payment.token.customInstructions.derivationPrefix,
+                        derivationSuffix: payment.token.customInstructions.derivationSuffix
+                    },
+                    transaction: toNumberArray(payment.token.transaction),
+                    amountSatoshis: payment.token.amount,
+                    outputIndex: (_a = payment.token.outputIndex) !== null && _a !== void 0 ? _a : STANDARD_PAYMENT_OUTPUT_INDEX
+                }
+            }, {
+                wallet: this.peerPayWalletClient,
+                originator: this.originator,
+                now: () => Date.now(),
+                logger: Logger
+            });
+            if (acceptResult.action === 'terminate') {
+                throw new Error(acceptResult.termination.message);
+            }
+            const paymentResult = (_b = acceptResult.receiptData) === null || _b === void 0 ? void 0 : _b.internalizeResult;
             Logger.log(`[PP CLIENT] Payment internalized successfully: ${JSON.stringify(paymentResult, null, 2)}`);
             Logger.log(`[PP CLIENT] Acknowledging payment with messageId: ${payment.messageId}`);
             await this.acknowledgeMessage({ messageIds: [payment.messageId] });
@@ -341,13 +420,335 @@ class PeerPayClient extends MessageBoxClient_js_1.MessageBoxClient {
         const messages = await this.listMessages({ messageBox: this.messageBox, host: overrideHost });
         return messages.map((msg) => {
             const parsedToken = safeParse(msg.body);
+            if (parsedToken == null)
+                return null;
             return {
                 messageId: msg.messageId,
                 sender: msg.sender,
                 token: parsedToken
             };
+        }).filter((p) => p != null);
+    }
+    /**
+     * Lists all responses to payment requests from the payment_request_responses message box.
+     *
+     * Retrieves messages and parses each as a PaymentRequestResponse.
+     *
+     * @param {string} [hostOverride] - Optional host override for the message box server.
+     * @returns {Promise<PaymentRequestResponse[]>} Resolves with an array of payment request responses.
+     */
+    async listPaymentRequestResponses(hostOverride) {
+        const messages = await this.listMessages({ messageBox: exports.PAYMENT_REQUEST_RESPONSES_MESSAGEBOX, host: hostOverride });
+        return messages.map((msg) => safeParse(msg.body))
+            .filter((r) => r != null);
+    }
+    /**
+     * Listens for incoming payment requests in real time via WebSocket.
+     *
+     * Wraps listenForLiveMessages on the payment_requests box and converts each
+     * incoming PeerMessage into an IncomingPaymentRequest before calling onRequest.
+     *
+     * @param {Object} params - Listener configuration.
+     * @param {Function} params.onRequest - Callback invoked when a new payment request arrives.
+     * @param {string} [params.overrideHost] - Optional host override for the WebSocket connection.
+     * @returns {Promise<void>} Resolves when the listener is established.
+     */
+    async listenForLivePaymentRequests({ onRequest, overrideHost }) {
+        await this.listenForLiveMessages({
+            messageBox: exports.PAYMENT_REQUESTS_MESSAGEBOX,
+            overrideHost,
+            onMessage: (message) => {
+                const body = safeParse(message.body);
+                if (body == null || body.cancelled === true)
+                    return; // Skip cancellations and parse failures
+                const request = {
+                    messageId: message.messageId,
+                    sender: message.sender,
+                    requestId: body.requestId,
+                    amount: body.amount,
+                    description: body.description,
+                    expiresAt: body.expiresAt
+                };
+                onRequest(request);
+            }
         });
     }
+    /**
+     * Listens for payment request responses in real time via WebSocket.
+     *
+     * Wraps listenForLiveMessages on the payment_request_responses box and converts each
+     * incoming PeerMessage into a PaymentRequestResponse before calling onResponse.
+     *
+     * @param {Object} params - Listener configuration.
+     * @param {Function} params.onResponse - Callback invoked when a new response arrives.
+     * @param {string} [params.overrideHost] - Optional host override for the WebSocket connection.
+     * @returns {Promise<void>} Resolves when the listener is established.
+     */
+    async listenForLivePaymentRequestResponses({ onResponse, overrideHost }) {
+        await this.listenForLiveMessages({
+            messageBox: exports.PAYMENT_REQUEST_RESPONSES_MESSAGEBOX,
+            overrideHost,
+            onMessage: (message) => {
+                const response = safeParse(message.body);
+                if (response == null)
+                    return;
+                onResponse(response);
+            }
+        });
+    }
+    /**
+     * Fulfills an incoming payment request by sending the requested payment and
+     * notifying the requester with a 'paid' response in the payment_request_responses box.
+     * Also acknowledges the original request message.
+     *
+     * @param {Object} params - Fulfillment parameters.
+     * @param {IncomingPaymentRequest} params.request - The incoming payment request to fulfill.
+     * @param {string} [params.note] - Optional note to include in the response.
+     * @param {string} [hostOverride] - Optional host override for the message box server.
+     * @returns {Promise<void>} Resolves when payment is sent and acknowledgment is complete.
+     */
+    async fulfillPaymentRequest(params, hostOverride) {
+        const { request, note } = params;
+        await this.sendPayment({ recipient: request.sender, amount: request.amount }, hostOverride);
+        const response = {
+            requestId: request.requestId,
+            status: 'paid',
+            amountPaid: request.amount,
+            ...(note != null && { note })
+        };
+        await this.sendMessage({
+            recipient: request.sender,
+            messageBox: exports.PAYMENT_REQUEST_RESPONSES_MESSAGEBOX,
+            body: JSON.stringify(response)
+        }, hostOverride);
+        await this.acknowledgeMessage({ messageIds: [request.messageId], host: hostOverride });
+    }
+    /**
+     * Declines an incoming payment request by notifying the requester with a 'declined'
+     * response in the payment_request_responses box and acknowledging the original request.
+     *
+     * @param {Object} params - Decline parameters.
+     * @param {IncomingPaymentRequest} params.request - The incoming payment request to decline.
+     * @param {string} [params.note] - Optional note explaining why the request was declined.
+     * @param {string} [hostOverride] - Optional host override for the message box server.
+     * @returns {Promise<void>} Resolves when the response is sent and request is acknowledged.
+     */
+    async declinePaymentRequest(params, hostOverride) {
+        const { request, note } = params;
+        const response = {
+            requestId: request.requestId,
+            status: 'declined',
+            ...(note != null && { note })
+        };
+        await this.sendMessage({
+            recipient: request.sender,
+            messageBox: exports.PAYMENT_REQUEST_RESPONSES_MESSAGEBOX,
+            body: JSON.stringify(response)
+        }, hostOverride);
+        await this.acknowledgeMessage({ messageIds: [request.messageId], host: hostOverride });
+    }
+    /**
+     * Sends a payment request to a recipient via the payment_requests message box.
+     *
+     * Generates a unique requestId using createNonce, looks up the caller's identity key,
+     * and sends a PaymentRequestMessage to the recipient.
+     *
+     * @param {Object} params - Payment request parameters.
+     * @param {string} params.recipient - The identity key of the intended payer.
+     * @param {number} params.amount - The amount in satoshis being requested (must be > 0).
+     * @param {string} params.description - Human-readable reason for the payment request.
+     * @param {number} params.expiresAt - Unix timestamp (ms) when the request expires.
+     * @param {string} [hostOverride] - Optional host override for the message box server.
+     * @returns {Promise<{ requestId: string }>} The generated requestId for this request.
+     * @throws {Error} If amount is <= 0.
+     */
+    async requestPayment(params, hostOverride) {
+        if (params.amount <= 0) {
+            throw new Error('Invalid payment request: amount must be greater than 0');
+        }
+        const requestId = await (0, sdk_1.createNonce)(this.peerPayWalletClient, 'self', this.originator);
+        const senderIdentityKey = await this.getIdentityKey();
+        const proofData = Array.from(new TextEncoder().encode(requestId + params.recipient));
+        const { hmac } = await this.peerPayWalletClient.createHmac({
+            data: proofData,
+            protocolID: [2, 'payment request auth'],
+            keyID: requestId,
+            counterparty: params.recipient
+        }, this.originator);
+        const requestProof = Array.from(hmac).map(b => b.toString(16).padStart(2, '0')).join('');
+        const body = {
+            requestId,
+            amount: params.amount,
+            description: params.description,
+            expiresAt: params.expiresAt,
+            senderIdentityKey,
+            requestProof
+        };
+        try {
+            await this.sendMessage({
+                recipient: params.recipient,
+                messageBox: exports.PAYMENT_REQUESTS_MESSAGEBOX,
+                body: JSON.stringify(body)
+            }, hostOverride);
+        }
+        catch (err) {
+            // Translate HTTP 403 (permission denied) into a user-friendly message.
+            if (typeof (err === null || err === void 0 ? void 0 : err.message) === 'string' && err.message.includes('403')) {
+                throw new Error('Payment request blocked — you are not on the recipient\'s whitelist.');
+            }
+            throw err;
+        }
+        return { requestId, requestProof };
+    }
+    /**
+     * Lists all incoming payment requests from the payment_requests message box.
+     *
+     * Automatically filters out:
+     * - Expired requests (expiresAt < now), which are acknowledged and discarded.
+     * - Cancelled requests (a cancellation message with the same requestId exists),
+     *   both the original and cancellation messages are acknowledged and discarded.
+     * - Out-of-range requests (when limits are provided), which are acknowledged and discarded.
+     *
+     * @param {string} [hostOverride] - Optional host override for the message box server.
+     * @param {PaymentRequestLimits} [limits] - Optional min/max satoshi limits for filtering.
+     * @returns {Promise<IncomingPaymentRequest[]>} Resolves with active, valid payment requests.
+     */
+    async listIncomingPaymentRequests(hostOverride, limits) {
+        var _a, _b;
+        const messages = await this.listMessages({ messageBox: exports.PAYMENT_REQUESTS_MESSAGEBOX, host: hostOverride });
+        const myIdentityKey = await this.getIdentityKey();
+        const now = Date.now();
+        // Parse and validate all messages, collecting malformed ones for ack
+        const malformedMessageIds = [];
+        const parsed = [];
+        for (const msg of messages) {
+            const body = safeParse(msg.body);
+            if (body != null && isValidPaymentRequestMessage(body)) {
+                parsed.push({ messageId: msg.messageId, sender: msg.sender, body });
+            }
+            else {
+                malformedMessageIds.push(msg.messageId);
+            }
+        }
+        // Collect cancelled requestIds — verify HMAC proof before accepting
+        const cancelledRequests = new Map(); // requestId → sender
+        const cancelMessageIds = [];
+        for (const item of parsed) {
+            if (item.body.cancelled === true) {
+                // Verify cancellation HMAC proof
+                try {
+                    const proofData = Array.from(new TextEncoder().encode(item.body.requestId + myIdentityKey));
+                    await this.peerPayWalletClient.verifyHmac({
+                        data: proofData,
+                        hmac: hexToBytes(item.body.requestProof),
+                        protocolID: [2, 'payment request auth'],
+                        keyID: item.body.requestId,
+                        counterparty: item.sender
+                    }, this.originator);
+                    cancelledRequests.set(item.body.requestId, item.sender);
+                    cancelMessageIds.push(item.messageId);
+                }
+                catch {
+                    Logger.warn(`[PP CLIENT] Invalid cancellation proof for requestId=${item.body.requestId}, discarding`);
+                    malformedMessageIds.push(item.messageId);
+                }
+                continue;
+            }
+        }
+        const expiredMessageIds = [];
+        const outOfRangeMessageIds = [];
+        const cancelledOriginalMessageIds = [];
+        const active = [];
+        for (const item of parsed) {
+            // Skip cancellation messages themselves (already collected above)
+            if (item.body.cancelled === true)
+                continue;
+            const { requestId, amount, description, expiresAt } = item.body;
+            // Filter expired
+            if (expiresAt < now) {
+                expiredMessageIds.push(item.messageId);
+                continue;
+            }
+            // Filter cancelled originals — only if cancellation came from the same sender
+            if (cancelledRequests.has(requestId) && cancelledRequests.get(requestId) === item.sender) {
+                cancelledOriginalMessageIds.push(item.messageId);
+                continue;
+            }
+            // Filter out-of-range — apply defaults for any missing limit fields
+            const effectiveMin = (_a = limits === null || limits === void 0 ? void 0 : limits.minAmount) !== null && _a !== void 0 ? _a : types_js_1.DEFAULT_PAYMENT_REQUEST_MIN_AMOUNT;
+            const effectiveMax = (_b = limits === null || limits === void 0 ? void 0 : limits.maxAmount) !== null && _b !== void 0 ? _b : types_js_1.DEFAULT_PAYMENT_REQUEST_MAX_AMOUNT;
+            if (amount < effectiveMin || amount > effectiveMax) {
+                outOfRangeMessageIds.push(item.messageId);
+                continue;
+            }
+            // Verify HMAC proof — ensures message came from claimed sender
+            try {
+                const proofData = Array.from(new TextEncoder().encode(requestId + myIdentityKey));
+                await this.peerPayWalletClient.verifyHmac({
+                    data: proofData,
+                    hmac: hexToBytes(item.body.requestProof),
+                    protocolID: [2, 'payment request auth'],
+                    keyID: requestId,
+                    counterparty: item.sender
+                }, this.originator);
+            }
+            catch {
+                Logger.warn(`[PP CLIENT] Invalid requestProof for requestId=${requestId}, discarding`);
+                malformedMessageIds.push(item.messageId);
+                continue;
+            }
+            active.push({
+                messageId: item.messageId,
+                sender: item.sender,
+                requestId,
+                amount,
+                description,
+                expiresAt
+            });
+        }
+        // Acknowledge expired
+        if (expiredMessageIds.length > 0) {
+            await this.acknowledgeMessage({ messageIds: expiredMessageIds, host: hostOverride });
+        }
+        // Acknowledge cancelled originals + cancel messages together
+        const cancelAckIds = [...cancelledOriginalMessageIds, ...cancelMessageIds];
+        if (cancelAckIds.length > 0) {
+            await this.acknowledgeMessage({ messageIds: cancelAckIds, host: hostOverride });
+        }
+        // Acknowledge out-of-range
+        if (outOfRangeMessageIds.length > 0) {
+            await this.acknowledgeMessage({ messageIds: outOfRangeMessageIds, host: hostOverride });
+        }
+        // Acknowledge malformed messages so they don't reappear
+        if (malformedMessageIds.length > 0) {
+            await this.acknowledgeMessage({ messageIds: malformedMessageIds, host: hostOverride });
+        }
+        return active;
+    }
+    /**
+     * Cancels a previously sent payment request by sending a cancellation message
+     * with the same requestId and `cancelled: true`.
+     *
+     * @param {Object} params - Cancellation parameters.
+     * @param {string} params.recipient - The identity key of the recipient of the original request.
+     * @param {string} params.requestId - The requestId of the payment request to cancel.
+     * @param {string} [hostOverride] - Optional host override for the message box server.
+     * @returns {Promise<void>} Resolves when the cancellation message has been sent.
+     */
+    async cancelPaymentRequest(params, hostOverride) {
+        const senderIdentityKey = await this.getIdentityKey();
+        const body = {
+            requestId: params.requestId,
+            senderIdentityKey,
+            requestProof: params.requestProof,
+            cancelled: true
+        };
+        await this.sendMessage({
+            recipient: params.recipient,
+            messageBox: exports.PAYMENT_REQUESTS_MESSAGEBOX,
+            body: JSON.stringify(body)
+        }, hostOverride);
+    }
 }
 exports.PeerPayClient = PeerPayClient;
 //# sourceMappingURL=PeerPayClient.js.map