mppx 0.3.11 → 0.3.13

package/src/tempo/internal/fee-payer.test.ts

@@ -0,0 +1,223 @@
+import { encodeFunctionData } from 'viem'
+import { Abis, Addresses } from 'viem/tempo'
+import { describe, expect, test } from 'vitest'
+import { callScopes, FeePayerValidationError, validateCalls } from './fee-payer.js'
+import * as Selectors from './selectors.js'
+
+const details = { amount: '1', currency: '0x01', recipient: '0x02' }
+const bogus = '0x0000000000000000000000000000000000000001' as const
+
+describe('callScopes', () => {
+  test('has 4 allowed patterns', () => {
+    expect(callScopes).toHaveLength(4)
+  })
+
+  test('patterns use correct selectors', () => {
+    expect(callScopes).toEqual([
+      [Selectors.transfer],
+      [Selectors.transferWithMemo],
+      [Selectors.approve, Selectors.swapExactAmountOut, Selectors.transfer],
+      [Selectors.approve, Selectors.swapExactAmountOut, Selectors.transferWithMemo],
+    ])
+  })
+})
+
+describe('validateCalls', () => {
+  test('accepts single transfer', () => {
+    expect(() =>
+      validateCalls(
+        [
+          {
+            data: encodeFunctionData({
+              abi: Abis.tip20,
+              functionName: 'transfer',
+              args: [bogus, 100n],
+            }),
+          },
+        ],
+        details,
+      ),
+    ).not.toThrow()
+  })
+
+  test('accepts approve + buy + transfer', () => {
+    const swapSelector = Selectors.swapExactAmountOut
+    expect(() =>
+      validateCalls(
+        [
+          {
+            data: encodeFunctionData({
+              abi: Abis.tip20,
+              functionName: 'approve',
+              args: [Addresses.stablecoinDex, 100n],
+            }),
+          },
+          {
+            to: Addresses.stablecoinDex,
+            data: `${swapSelector}${'00'.repeat(128)}` as `0x${string}`,
+          },
+          {
+            data: encodeFunctionData({
+              abi: Abis.tip20,
+              functionName: 'transfer',
+              args: [bogus, 100n],
+            }),
+          },
+        ],
+        details,
+      ),
+    ).not.toThrow()
+  })
+
+  test('error: rejects empty calls', () => {
+    expect(() => validateCalls([], details)).toThrow(FeePayerValidationError)
+  })
+
+  test('error: rejects unknown selector', () => {
+    expect(() => validateCalls([{ data: '0xdeadbeef' as `0x${string}` }], details)).toThrow(
+      'disallowed call pattern',
+    )
+  })
+
+  test('error: rejects extra calls beyond allowed patterns', () => {
+    const swapSelector = Selectors.swapExactAmountOut
+    expect(() =>
+      validateCalls(
+        [
+          {
+            data: encodeFunctionData({
+              abi: Abis.tip20,
+              functionName: 'approve',
+              args: [Addresses.stablecoinDex, 100n],
+            }),
+          },
+          {
+            to: Addresses.stablecoinDex,
+            data: `${swapSelector}${'00'.repeat(128)}` as `0x${string}`,
+          },
+          {
+            data: encodeFunctionData({
+              abi: Abis.tip20,
+              functionName: 'transfer',
+              args: [bogus, 100n],
+            }),
+          },
+          {
+            data: encodeFunctionData({
+              abi: Abis.tip20,
+              functionName: 'transfer',
+              args: [bogus, 100n],
+            }),
+          },
+        ],
+        details,
+      ),
+    ).toThrow('disallowed call pattern')
+  })
+
+  test('error: rejects wrong order (transfer before approve + buy)', () => {
+    const swapSelector = Selectors.swapExactAmountOut
+    expect(() =>
+      validateCalls(
+        [
+          {
+            data: encodeFunctionData({
+              abi: Abis.tip20,
+              functionName: 'transfer',
+              args: [bogus, 100n],
+            }),
+          },
+          {
+            data: encodeFunctionData({
+              abi: Abis.tip20,
+              functionName: 'approve',
+              args: [Addresses.stablecoinDex, 100n],
+            }),
+          },
+          {
+            to: Addresses.stablecoinDex,
+            data: `${swapSelector}${'00'.repeat(128)}` as `0x${string}`,
+          },
+        ],
+        details,
+      ),
+    ).toThrow('disallowed call pattern')
+  })
+
+  test('error: rejects approve with non-DEX spender', () => {
+    const swapSelector = Selectors.swapExactAmountOut
+    expect(() =>
+      validateCalls(
+        [
+          {
+            data: encodeFunctionData({
+              abi: Abis.tip20,
+              functionName: 'approve',
+              args: [bogus, 100n],
+            }),
+          },
+          {
+            to: Addresses.stablecoinDex,
+            data: `${swapSelector}${'00'.repeat(128)}` as `0x${string}`,
+          },
+          {
+            data: encodeFunctionData({
+              abi: Abis.tip20,
+              functionName: 'transfer',
+              args: [bogus, 100n],
+            }),
+          },
+        ],
+        details,
+      ),
+    ).toThrow('approve spender is not the DEX')
+  })
+
+  test('error: rejects buy targeting non-DEX address', () => {
+    const swapSelector = Selectors.swapExactAmountOut
+    expect(() =>
+      validateCalls(
+        [
+          {
+            data: encodeFunctionData({
+              abi: Abis.tip20,
+              functionName: 'approve',
+              args: [Addresses.stablecoinDex, 100n],
+            }),
+          },
+          { to: bogus, data: `${swapSelector}${'00'.repeat(128)}` as `0x${string}` },
+          {
+            data: encodeFunctionData({
+              abi: Abis.tip20,
+              functionName: 'transfer',
+              args: [bogus, 100n],
+            }),
+          },
+        ],
+        details,
+      ),
+    ).toThrow('buy target is not the DEX')
+  })
+
+  test('error: rejects approve + buy without transfer', () => {
+    const swapSelector = Selectors.swapExactAmountOut
+    expect(() =>
+      validateCalls(
+        [
+          {
+            data: encodeFunctionData({
+              abi: Abis.tip20,
+              functionName: 'approve',
+              args: [Addresses.stablecoinDex, 100n],
+            }),
+          },
+          {
+            to: Addresses.stablecoinDex,
+            data: `${swapSelector}${'00'.repeat(128)}` as `0x${string}`,
+          },
+        ],
+        details,
+      ),
+    ).toThrow('disallowed call pattern')
+  })
+})

package/src/tempo/internal/fee-payer.ts

@@ -0,0 +1,53 @@
+import { decodeFunctionData, isAddressEqual } from 'viem'
+import { Abis, Addresses } from 'viem/tempo'
+import * as Selectors from './selectors.js'
+
+/**
+ * Allowed call patterns for fee-payer sponsored transactions.
+ * Each inner array is an ordered list of function selectors.
+ */
+export const callScopes = [
+  [Selectors.transfer],
+  [Selectors.transferWithMemo],
+  [Selectors.approve, Selectors.swapExactAmountOut, Selectors.transfer],
+  [Selectors.approve, Selectors.swapExactAmountOut, Selectors.transferWithMemo],
+]
+
+/** Validates that a set of transaction calls matches an allowed fee-payer pattern. */
+export function validateCalls(
+  calls: readonly { data?: `0x${string}` | undefined; to?: `0x${string}` | undefined }[],
+  details: Record<string, string>,
+) {
+  const callSelectors = calls.map((c) => c.data?.slice(0, 10))
+  const allowed = callScopes.some(
+    (pattern) =>
+      pattern.length === callSelectors.length &&
+      pattern.every((sel, i) => sel === callSelectors[i]),
+  )
+  if (!allowed)
+    throw new FeePayerValidationError('disallowed call pattern in fee-payer transaction', details)
+
+  // Validate approve spender and buy target are the DEX.
+  const approveCall = calls.find((c) => c.data?.slice(0, 10) === Selectors.approve)
+  if (approveCall) {
+    const { args } = decodeFunctionData({ abi: Abis.tip20, data: approveCall.data! })
+    if (!isAddressEqual((args as [`0x${string}`])[0]!, Addresses.stablecoinDex))
+      throw new FeePayerValidationError('approve spender is not the DEX', details)
+  }
+  const buyCall = calls.find((c) => c.data?.slice(0, 10) === Selectors.swapExactAmountOut)
+  if (buyCall && (!buyCall.to || !isAddressEqual(buyCall.to, Addresses.stablecoinDex)))
+    throw new FeePayerValidationError('buy target is not the DEX', details)
+}
+
+export class FeePayerValidationError extends Error {
+  override readonly name = 'FeePayerValidationError'
+
+  constructor(reason: string, details: Record<string, string>) {
+    super(
+      [
+        `Invalid transaction: ${reason}`,
+        ...Object.entries(details).map(([k, v]) => `  - ${k}: ${v}`),
+      ].join('\n'),
+    )
+  }
+}

package/src/tempo/internal/selectors.ts

@@ -0,0 +1,10 @@
+import { AbiItem } from 'ox'
+import { Abis } from 'viem/tempo'
+
+export const approve = /*#__PURE__*/ AbiItem.getSelector(Abis.tip20, 'approve')
+export const transfer = /*#__PURE__*/ AbiItem.getSelector(Abis.tip20, 'transfer')
+export const transferWithMemo = /*#__PURE__*/ AbiItem.getSelector(Abis.tip20, 'transferWithMemo')
+export const swapExactAmountOut = /*#__PURE__*/ AbiItem.getSelector(
+  Abis.stablecoinDex,
+  'swapExactAmountOut',
+)

package/src/tempo/server/Charge.test.ts

@@ -2,10 +2,12 @@ import { Challenge, Credential, Receipt } from 'mppx'
 import { Mppx as Mppx_client, tempo as tempo_client } from 'mppx/client'
 import { Mppx as Mppx_server, tempo as tempo_server } from 'mppx/server'
 import type { Hex } from 'ox'
-import { Actions } from 'viem/tempo'
-import { describe, expect, test } from 'vitest'
+import { encodeFunctionData, parseUnits } from 'viem'
+import { prepareTransactionRequest, signTransaction } from 'viem/actions'
+import { Abis, Actions, Addresses, Tick } from 'viem/tempo'
+import { beforeAll, describe, expect, test } from 'vitest'
 import * as Http from '~test/Http.js'
-import { accounts, asset, chain, client } from '~test/tempo/viem.js'
+import { accounts, asset, chain, client, fundAccount } from '~test/tempo/viem.js'
 import * as Attribution from '../Attribution.js'
 
 const realm = 'api.example.com'
@@ -522,6 +524,71 @@ describe('tempo', () => {
 
       httpServer.close()
     })
+
+    test('error: rejects fee-payer transaction with unauthorized calls', async () => {
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            feePayer: accounts[0],
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0].address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await fetch(httpServer.url)
+      expect(response.status).toBe(402)
+
+      const challenge = Challenge.fromResponse(response, {
+        methods: [tempo_client.charge()],
+      })
+      const request = challenge.request
+
+      const memo = Attribution.encode({ serverId: challenge.realm })
+
+      // Build a transaction with the valid transfer + a rogue extra call
+      const transferCall = Actions.token.transfer.call({
+        amount: BigInt(request.amount),
+        memo,
+        to: request.recipient as Hex.Hex,
+        token: request.currency as Hex.Hex,
+      })
+
+      const rogueCall = {
+        to: request.currency as `0x${string}`,
+        data: encodeFunctionData({
+          abi: Abis.tip20,
+          functionName: 'transfer',
+          args: [accounts[2]!.address, 1n],
+        }),
+      }
+
+      const prepared = await prepareTransactionRequest(client, {
+        account: accounts[1]!,
+        calls: [transferCall, rogueCall],
+        nonceKey: 'expiring',
+      } as never)
+      prepared.gas = prepared.gas! + 5_000n
+      const signature = await signTransaction(client, prepared as never)
+
+      const credential = Credential.from({
+        challenge,
+        payload: { signature, type: 'transaction' as const },
+      })
+
+      {
+        const response = await fetch(httpServer.url, {
+          headers: { Authorization: Credential.serialize(credential) },
+        })
+        // Server rejects the transaction — returns 402 (error caught by handler)
+        expect(response.status).toBe(402)
+      }
+
+      httpServer.close()
+    })
   })
 
   describe('intent: charge; type: transaction; waitForConfirmation: false', () => {
@@ -1056,4 +1123,308 @@ describe('tempo', () => {
       httpServer.close()
     })
   })
+
+  describe('auto-swap', () => {
+    // Use accounts[3] as payer with pathUsd only (no asset).
+    // Use accounts[4] as payer with zero balance.
+    const swapPayer = accounts[3]!
+    const brokePayer = accounts[4]!
+
+    beforeAll(async () => {
+      // Fund swap payer with pathUsd only
+      await fundAccount({ address: swapPayer.address, token: Addresses.pathUsd as Hex.Hex })
+
+      // Seed DEX liquidity: create pair, then place a sell order for `asset`.
+      await Actions.dex.createPair(client, {
+        account: accounts[0]!,
+        base: asset,
+      })
+      await fundAccount({ address: accounts[0]!.address, token: asset })
+      await Actions.token.approveSync(client, {
+        account: accounts[0]!,
+        token: asset,
+        spender: Addresses.stablecoinDex,
+        amount: parseUnits('1000', 6),
+      })
+      await Actions.dex.placeSync(client, {
+        account: accounts[0]!,
+        token: asset,
+        amount: parseUnits('1000', 6),
+        type: 'sell',
+        tick: Tick.fromPrice('1.001'),
+      })
+    })
+
+    test('swaps via DEX when user lacks target currency', async () => {
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: swapPayer,
+            autoSwap: true,
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await mppx.fetch(httpServer.url)
+      expect(response.status).toBe(200)
+
+      const receipt = Receipt.fromResponse(response)
+      expect(receipt.status).toBe('success')
+      expect(receipt.method).toBe('tempo')
+
+      httpServer.close()
+    })
+
+    test('direct transfer when user has target currency', async () => {
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: accounts[1]!,
+            autoSwap: true,
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await mppx.fetch(httpServer.url)
+      expect(response.status).toBe(200)
+
+      const receipt = Receipt.fromResponse(response)
+      expect(receipt.status).toBe('success')
+
+      httpServer.close()
+    })
+
+    test('custom slippage and tokenIn', async () => {
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: swapPayer,
+            autoSwap: {
+              slippage: 2,
+              tokenIn: [Addresses.pathUsd],
+            },
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await mppx.fetch(httpServer.url)
+      expect(response.status).toBe(200)
+
+      httpServer.close()
+    })
+
+    test('autoSwap enabled via fetch context', async () => {
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: swapPayer,
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await mppx.fetch(httpServer.url, {
+        context: { autoSwap: true },
+      })
+      expect(response.status).toBe(200)
+
+      const receipt = Receipt.fromResponse(response)
+      expect(receipt.status).toBe('success')
+
+      httpServer.close()
+    })
+
+    test('autoSwap with custom options via fetch context', async () => {
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: swapPayer,
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await mppx.fetch(httpServer.url, {
+        context: {
+          autoSwap: { slippage: 2, tokenIn: [Addresses.pathUsd] },
+        },
+      })
+      expect(response.status).toBe(200)
+
+      httpServer.close()
+    })
+
+    test('error: throws when no fallback currency has sufficient balance', async () => {
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: brokePayer,
+            autoSwap: true,
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      await expect(mppx.fetch(httpServer.url)).rejects.toThrow('Insufficient funds')
+
+      httpServer.close()
+    })
+
+    test('error: throws when amount exceeds swap liquidity', async () => {
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: swapPayer,
+            autoSwap: true,
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '999999999',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      await expect(mppx.fetch(httpServer.url)).rejects.toThrow('Insufficient funds')
+
+      httpServer.close()
+    })
+
+    test('error: throws when tokenIn list has no viable candidates', async () => {
+      const bogusToken = '0x0000000000000000000000000000000000099999' as const
+
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: brokePayer,
+            autoSwap: { tokenIn: [bogusToken] },
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      await expect(mppx.fetch(httpServer.url)).rejects.toThrow('Insufficient funds')
+
+      httpServer.close()
+    })
+  })
 })