mppx 0.3.12 → 0.3.13

package/dist/client/internal/Fetch.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Fetch.d.ts","sourceRoot":"","sources":["../../../src/client/internal/Fetch.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,SAAS,MAAM,oBAAoB,CAAA;AAC/C,OAAO,KAAK,KAAK,MAAM,MAAM,iBAAiB,CAAA;AAC9C,OAAO,KAAK,KAAK,CAAC,MAAM,cAAc,CAAA;AAItC;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,IAAI,CAAC,KAAK,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,SAAS,EAAE,EACpE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAC3B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAqCrB;AAED,6EAA6E;AAC7E,KAAK,aAAa,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,SAAS,EAAE,IAAI;KAC/D,CAAC,IAAI,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,SAAS,MAAM,GAAG,GACtE,GAAG,SAAS,CAAC,CAAC,WAAW,GACvB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,GACZ,SAAS,GACX,SAAS;CACd,CAAC,MAAM,CAAC,CAAA;AAET,MAAM,CAAC,OAAO,WAAW,IAAI,CAAC;IAC5B,KAAK,MAAM,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,SAAS,EAAE,GAAG,SAAS,MAAM,CAAC,SAAS,EAAE,IAAI;QACvF,qEAAqE;QACrE,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAA;QAC/B,+BAA+B;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,2EAA2E;QAC3E,WAAW,CAAC,EACR,CAAC,CACC,SAAS,EAAE,SAAS,CAAC,SAAS,EAC9B,OAAO,EAAE;YACP,gBAAgB,EAAE,CAAC,OAAO,CAAC,EAAE,aAAa,CAAC,OAAO,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;SACxE,KACE,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC,GACjC,SAAS,CAAA;KACd,CAAA;IAED,KAAK,KAAK,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,SAAS,EAAE,GAAG,SAAS,MAAM,CAAC,SAAS,EAAE,IAAI,CACtF,KAAK,EAAE,WAAW,GAAG,GAAG,EACxB,IAAI,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,KACxB,OAAO,CAAC,QAAQ,CAAC,CAAA;IAEtB,KAAK,WAAW,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,SAAS,EAAE,GAAG,SAAS,MAAM,CAAC,SAAS,EAAE,IACxF,UAAU,CAAC,WAAW,GAAG;QACvB,+DAA+D;QAC/D,OAAO,CAAC,EAAE,aAAa,CAAC,OAAO,CAAC,CAAA;KACjC,CAAA;CACJ;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,QAAQ,CAAC,KAAK,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,SAAS,EAAE,EACxE,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,GAC/B,IAAI,CAGN;AAED,MAAM,CAAC,OAAO,WAAW,QAAQ,CAAC;IAChC,KAAK,MAAM,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,SAAS,EAAE,GAAG,SAAS,MAAM,CAAC,SAAS,EAAE,IACnF,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;CACvB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,OAAO,IAAI,IAAI,CAK9B"}
+{"version":3,"file":"Fetch.d.ts","sourceRoot":"","sources":["../../../src/client/internal/Fetch.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,SAAS,MAAM,oBAAoB,CAAA;AAC/C,OAAO,KAAK,KAAK,MAAM,MAAM,iBAAiB,CAAA;AAC9C,OAAO,KAAK,KAAK,CAAC,MAAM,cAAc,CAAA;AAatC;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,IAAI,CAAC,KAAK,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,SAAS,EAAE,EACpE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAC3B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CA2CrB;AAED,6EAA6E;AAC7E,KAAK,aAAa,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,SAAS,EAAE,IAAI;KAC/D,CAAC,IAAI,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,SAAS,MAAM,GAAG,GACtE,GAAG,SAAS,CAAC,CAAC,WAAW,GACvB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,GACZ,SAAS,GACX,SAAS;CACd,CAAC,MAAM,CAAC,CAAA;AAET,MAAM,CAAC,OAAO,WAAW,IAAI,CAAC;IAC5B,KAAK,MAAM,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,SAAS,EAAE,GAAG,SAAS,MAAM,CAAC,SAAS,EAAE,IAAI;QACvF,qEAAqE;QACrE,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAA;QAC/B,+BAA+B;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,2EAA2E;QAC3E,WAAW,CAAC,EACR,CAAC,CACC,SAAS,EAAE,SAAS,CAAC,SAAS,EAC9B,OAAO,EAAE;YACP,gBAAgB,EAAE,CAAC,OAAO,CAAC,EAAE,aAAa,CAAC,OAAO,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;SACxE,KACE,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC,GACjC,SAAS,CAAA;KACd,CAAA;IAED,KAAK,KAAK,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,SAAS,EAAE,GAAG,SAAS,MAAM,CAAC,SAAS,EAAE,IAAI,CACtF,KAAK,EAAE,WAAW,GAAG,GAAG,EACxB,IAAI,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,KACxB,OAAO,CAAC,QAAQ,CAAC,CAAA;IAEtB,KAAK,WAAW,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,SAAS,EAAE,GAAG,SAAS,MAAM,CAAC,SAAS,EAAE,IACxF,UAAU,CAAC,WAAW,GAAG;QACvB,+DAA+D;QAC/D,OAAO,CAAC,EAAE,aAAa,CAAC,OAAO,CAAC,CAAA;KACjC,CAAA;CACJ;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,QAAQ,CAAC,KAAK,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,SAAS,EAAE,EACxE,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,GAC/B,IAAI,CASN;AAED,MAAM,CAAC,OAAO,WAAW,QAAQ,CAAC;IAChC,KAAK,MAAM,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,SAAS,EAAE,GAAG,SAAS,MAAM,CAAC,SAAS,EAAE,IACnF,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;CACvB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,OAAO,IAAI,IAAI,CAO9B"}

package/dist/client/internal/Fetch.js

@@ -1,4 +1,8 @@
 import * as Challenge from '../../Challenge.js';
+// We tag wrappers with a global symbol so we can recognize wrappers created by mppx,
+// even across multiple module instances/bundles. This lets restore() avoid clobbering
+// an unrelated fetch installed by user code or another library.
+const MPPX_FETCH_WRAPPER = Symbol.for('mppx.fetch.wrapper');
 let originalFetch;
 /**
  * Creates a fetch wrapper that automatically handles 402 Payment Required responses.
@@ -23,9 +27,12 @@ let originalFetch;
  */
 export function from(config) {
     const { fetch = globalThis.fetch, methods, onChallenge } = config;
-    return async (input, init) => {
+    // Always operate on the true underlying fetch to avoid wrapper-on-wrapper stacking,
+    // which can duplicate retries and make restore semantics fragile.
+    const baseFetch = unwrapFetch(fetch);
+    const wrappedFetch = async (input, init) => {
         // Pass init through untouched to preserve object identity for non-402 responses.
-        const response = await fetch(input, init);
+        const response = await baseFetch(input, init);
         if (response.status !== 402)
             return response;
         // Only extract context for payment handling after confirming 402.
@@ -41,14 +48,14 @@ export function from(config) {
             })
             : undefined;
         const credential = onChallengeCredential ?? (await resolveCredential(challenge, mi, context));
-        return fetch(input, {
+        validateCredentialHeaderValue(credential);
+        return baseFetch(input, {
             ...fetchInit,
-            headers: {
-                ...normalizeHeaders(fetchInit.headers),
-                Authorization: credential,
-            },
+            headers: withAuthorizationHeader(fetchInit.headers, credential),
         });
     };
+    wrappedFetch[MPPX_FETCH_WRAPPER] = baseFetch;
+    return wrappedFetch;
 }
 /**
  * Replaces the global `fetch` with a payment-aware wrapper.
@@ -71,9 +78,14 @@ export function from(config) {
  * ```
  */
 export function polyfill(config) {
+    // Defensive guard for runtimes/tests where fetch might be non-configurable.
+    const descriptor = Object.getOwnPropertyDescriptor(globalThis, 'fetch');
+    if (!descriptor || (!descriptor.writable && !descriptor.set)) {
+        throw new Error('globalThis.fetch is not writable');
+    }
     if (!originalFetch)
         originalFetch = globalThis.fetch;
-    globalThis.fetch = from(config);
+    globalThis.fetch = from({ ...config, fetch: globalThis.fetch });
 }
 /**
  * Restores the original `fetch` after calling `polyfill`.
@@ -90,7 +102,9 @@ export function polyfill(config) {
  * ```
  */
 export function restore() {
-    if (originalFetch) {
+    // Only restore if the current fetch is still an mppx wrapper.
+    // If app code replaced fetch after polyfill(), we must not overwrite it.
+    if (originalFetch && isWrappedFetch(globalThis.fetch)) {
         globalThis.fetch = originalFetch;
         originalFetch = undefined;
     }
@@ -111,6 +125,38 @@ function normalizeHeaders(headers) {
     return headers;
 }
 /** @internal */
+function withAuthorizationHeader(headers, credential) {
+    const normalized = normalizeHeaders(headers);
+    // Remove any existing Authorization header regardless of casing to avoid
+    // duplicate/conflicting credentials on retry.
+    for (const key of Object.keys(normalized)) {
+        if (key.toLowerCase() === 'authorization')
+            delete normalized[key];
+    }
+    normalized.Authorization = credential;
+    return normalized;
+}
+/** @internal */
+function unwrapFetch(fetch) {
+    let current = fetch;
+    while (current[MPPX_FETCH_WRAPPER]) {
+        current = current[MPPX_FETCH_WRAPPER];
+    }
+    return current;
+}
+/** @internal */
+function isWrappedFetch(fetch) {
+    return Boolean(fetch[MPPX_FETCH_WRAPPER]);
+}
+/** @internal */
+function validateCredentialHeaderValue(credential) {
+    if (!credential.trim())
+        throw new Error('Credential header value must be non-empty');
+    if (credential.includes('\r') || credential.includes('\n')) {
+        throw new Error('Credential header value contains illegal newline characters');
+    }
+}
+/** @internal */
 async function resolveCredential(challenge, mi, context) {
     const parsedContext = mi.context && context !== undefined ? mi.context.parse(context) : undefined;
     return mi.createCredential(parsedContext !== undefined ? { challenge, context: parsedContext } : { challenge });

package/dist/client/internal/Fetch.js.map

@@ -1 +1 @@
-{"version":3,"file":"Fetch.js","sourceRoot":"","sources":["../../../src/client/internal/Fetch.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,SAAS,MAAM,oBAAoB,CAAA;AAI/C,IAAI,aAAkD,CAAA;AAEtD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,IAAI,CAClB,MAA4B;IAE5B,MAAM,EAAE,KAAK,GAAG,UAAU,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,MAAM,CAAA;IAEjE,OAAO,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAC3B,iFAAiF;QACjF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;QAEzC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,QAAQ,CAAA;QAE5C,kEAAkE;QAClE,MAAM,OAAO,GAAI,IAA4C,EAAE,OAAO,CAAA;QACtE,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,SAAS,EAAE,GAAG,CAAC,IAAI,IAAI,EAAE,CAA4B,CAAA;QAE5E,MAAM,SAAS,GAAG,SAAS,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;QAElD,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM,CAAC,CAAA;QAC5F,IAAI,CAAC,EAAE;YACL,MAAM,IAAI,KAAK,CACb,wBAAwB,SAAS,CAAC,MAAM,IAAI,SAAS,CAAC,MAAM,iBAAiB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtI,CAAA;QAEH,MAAM,qBAAqB,GAAG,WAAW;YACvC,CAAC,CAAC,MAAM,WAAW,CAAC,SAAS,EAAE;gBAC3B,gBAAgB,EAAE,KAAK,EAAE,eAAwC,EAAE,EAAE,CACnE,iBAAiB,CAAC,SAAS,EAAE,EAAE,EAAE,eAAe,IAAI,OAAO,CAAC;aAC/D,CAAC;YACJ,CAAC,CAAC,SAAS,CAAA;QACb,MAAM,UAAU,GAAG,qBAAqB,IAAI,CAAC,MAAM,iBAAiB,CAAC,SAAS,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC,CAAA;QAE7F,OAAO,KAAK,CAAC,KAAK,EAAE;YAClB,GAAG,SAAS;YACZ,OAAO,EAAE;gBACP,GAAG,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC;gBACtC,aAAa,EAAE,UAAU;aAC1B;SACF,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC;AAwCD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,QAAQ,CACtB,MAAgC;IAEhC,IAAI,CAAC,aAAa;QAAE,aAAa,GAAG,UAAU,CAAC,KAAK,CAAA;IACpD,UAAU,CAAC,KAAK,GAAG,IAAI,CAAC,MAAM,CAA4B,CAAA;AAC5D,CAAC;AAOD;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,OAAO;IACrB,IAAI,aAAa,EAAE,CAAC;QAClB,UAAU,CAAC,KAAK,GAAG,aAAa,CAAA;QAChC,aAAa,GAAG,SAAS,CAAA;IAC3B,CAAC;AACH,CAAC;AAED,oEAAoE;AACpE,SAAS,gBAAgB,CAAC,OAAgB;IACxC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAA;IACvB,IAAI,OAAO,YAAY,OAAO,EAAE,CAAC;QAC/B,MAAM,MAAM,GAA2B,EAAE,CAAA;QACzC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;YAC7B,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;QACrB,CAAC,CAAC,CAAA;QACF,OAAO,MAAM,CAAA;IACf,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,OAAO,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;IAC9D,OAAO,OAAiC,CAAA;AAC1C,CAAC;AAED,gBAAgB;AAChB,KAAK,UAAU,iBAAiB,CAC9B,SAA8B,EAC9B,EAAoB,EACpB,OAAgB;IAEhB,MAAM,aAAa,GAAG,EAAE,CAAC,OAAO,IAAI,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACjG,OAAO,EAAE,CAAC,gBAAgB,CACxB,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC,CAAE,EAAE,SAAS,EAAY,CAC/F,CAAA;AACH,CAAC"}
+{"version":3,"file":"Fetch.js","sourceRoot":"","sources":["../../../src/client/internal/Fetch.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,SAAS,MAAM,oBAAoB,CAAA;AAI/C,qFAAqF;AACrF,sFAAsF;AACtF,gEAAgE;AAChE,MAAM,kBAAkB,GAAG,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAA;AAM3D,IAAI,aAAkD,CAAA;AAEtD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,IAAI,CAClB,MAA4B;IAE5B,MAAM,EAAE,KAAK,GAAG,UAAU,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,MAAM,CAAA;IACjE,oFAAoF;IACpF,kEAAkE;IAClE,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,CAAA;IAEpC,MAAM,YAAY,GAAG,KAAK,EAAE,KAAwB,EAAE,IAAgC,EAAE,EAAE;QACxF,iFAAiF;QACjF,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;QAE7C,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,QAAQ,CAAA;QAE5C,kEAAkE;QAClE,MAAM,OAAO,GAAI,IAA4C,EAAE,OAAO,CAAA;QACtE,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,SAAS,EAAE,GAAG,CAAC,IAAI,IAAI,EAAE,CAA4B,CAAA;QAE5E,MAAM,SAAS,GAAG,SAAS,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;QAElD,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM,CAAC,CAAA;QAC5F,IAAI,CAAC,EAAE;YACL,MAAM,IAAI,KAAK,CACb,wBAAwB,SAAS,CAAC,MAAM,IAAI,SAAS,CAAC,MAAM,iBAAiB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtI,CAAA;QAEH,MAAM,qBAAqB,GAAG,WAAW;YACvC,CAAC,CAAC,MAAM,WAAW,CAAC,SAAS,EAAE;gBAC3B,gBAAgB,EAAE,KAAK,EAAE,eAAwC,EAAE,EAAE,CACnE,iBAAiB,CAAC,SAAS,EAAE,EAAE,EAAE,eAAe,IAAI,OAAO,CAAC;aAC/D,CAAC;YACJ,CAAC,CAAC,SAAS,CAAA;QACb,MAAM,UAAU,GAAG,qBAAqB,IAAI,CAAC,MAAM,iBAAiB,CAAC,SAAS,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC,CAAA;QAC7F,6BAA6B,CAAC,UAAU,CAAC,CAAA;QAEzC,OAAO,SAAS,CAAC,KAAK,EAAE;YACtB,GAAG,SAAS;YACZ,OAAO,EAAE,uBAAuB,CAAC,SAAS,CAAC,OAAO,EAAE,UAAU,CAAC;SAChE,CAAC,CAAA;IACJ,CAAC,CAIA;IAAC,YAA6B,CAAC,kBAAkB,CAAC,GAAG,SAAS,CAAA;IAC/D,OAAO,YAAmC,CAAA;AAC5C,CAAC;AAwCD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,QAAQ,CACtB,MAAgC;IAEhC,4EAA4E;IAC5E,MAAM,UAAU,GAAG,MAAM,CAAC,wBAAwB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;IACvE,IAAI,CAAC,UAAU,IAAI,CAAC,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;IACrD,CAAC;IAED,IAAI,CAAC,aAAa;QAAE,aAAa,GAAG,UAAU,CAAC,KAAK,CAAA;IACpD,UAAU,CAAC,KAAK,GAAG,IAAI,CAAC,EAAE,GAAG,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,EAAE,CAA4B,CAAA;AAC5F,CAAC;AAOD;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,OAAO;IACrB,8DAA8D;IAC9D,yEAAyE;IACzE,IAAI,aAAa,IAAI,cAAc,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACtD,UAAU,CAAC,KAAK,GAAG,aAAa,CAAA;QAChC,aAAa,GAAG,SAAS,CAAA;IAC3B,CAAC;AACH,CAAC;AAED,oEAAoE;AACpE,SAAS,gBAAgB,CAAC,OAAgB;IACxC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAA;IACvB,IAAI,OAAO,YAAY,OAAO,EAAE,CAAC;QAC/B,MAAM,MAAM,GAA2B,EAAE,CAAA;QACzC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;YAC7B,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;QACrB,CAAC,CAAC,CAAA;QACF,OAAO,MAAM,CAAA;IACf,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,OAAO,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;IAC9D,OAAO,OAAiC,CAAA;AAC1C,CAAC;AAED,gBAAgB;AAChB,SAAS,uBAAuB,CAAC,OAAgB,EAAE,UAAkB;IACnE,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAA;IAC5C,yEAAyE;IACzE,8CAA8C;IAC9C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1C,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,eAAe;YAAE,OAAO,UAAU,CAAC,GAAG,CAAC,CAAA;IACnE,CAAC;IACD,UAAU,CAAC,aAAa,GAAG,UAAU,CAAA;IACrC,OAAO,UAAU,CAAA;AACnB,CAAC;AAED,gBAAgB;AAChB,SAAS,WAAW,CAAC,KAA8B;IACjD,IAAI,OAAO,GAAG,KAAqB,CAAA;IACnC,OAAO,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACnC,OAAO,GAAG,OAAO,CAAC,kBAAkB,CAAiB,CAAA;IACvD,CAAC;IACD,OAAO,OAAkC,CAAA;AAC3C,CAAC;AAED,gBAAgB;AAChB,SAAS,cAAc,CAAC,KAA8B;IACpD,OAAO,OAAO,CAAE,KAAsB,CAAC,kBAAkB,CAAC,CAAC,CAAA;AAC7D,CAAC;AAED,gBAAgB;AAChB,SAAS,6BAA6B,CAAC,UAAkB;IACvD,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAA;IACpF,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAA;IAChF,CAAC;AACH,CAAC;AAED,gBAAgB;AAChB,KAAK,UAAU,iBAAiB,CAC9B,SAA8B,EAC9B,EAAoB,EACpB,OAAgB;IAEhB,MAAM,aAAa,GAAG,EAAE,CAAC,OAAO,IAAI,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACjG,OAAO,EAAE,CAAC,gBAAgB,CACxB,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC,CAAE,EAAE,SAAS,EAAY,CAC/F,CAAA;AACH,CAAC"}

package/dist/internal/constantTimeEqual.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constantTimeEqual.d.ts","sourceRoot":"","sources":["../../src/internal/constantTimeEqual.ts"],"names":[],"mappings":"AAEA,iEAAiE;AACjE,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAI/D"}
+{"version":3,"file":"constantTimeEqual.d.ts","sourceRoot":"","sources":["../../src/internal/constantTimeEqual.ts"],"names":[],"mappings":"AAEA,iEAAiE;AACjE,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAM/D"}

package/dist/internal/constantTimeEqual.js

@@ -1,8 +1,11 @@
-import { createHash, timingSafeEqual } from 'node:crypto';
+import { Hash, Hex } from 'ox';
 /** Constant-time string comparison to prevent timing attacks. */
 export function constantTimeEqual(a, b) {
-    const hashA = createHash('sha256').update(a).digest();
-    const hashB = createHash('sha256').update(b).digest();
-    return timingSafeEqual(hashA, hashB);
+    const hashA = Hash.sha256(Hex.fromString(a));
+    const hashB = Hash.sha256(Hex.fromString(b));
+    let result = 0;
+    for (let i = 0; i < hashA.length; i++)
+        result |= hashA.charCodeAt(i) ^ hashB.charCodeAt(i);
+    return result === 0;
 }
 //# sourceMappingURL=constantTimeEqual.js.map

package/dist/internal/constantTimeEqual.js.map

@@ -1 +1 @@
-{"version":3,"file":"constantTimeEqual.js","sourceRoot":"","sources":["../../src/internal/constantTimeEqual.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAEzD,iEAAiE;AACjE,MAAM,UAAU,iBAAiB,CAAC,CAAS,EAAE,CAAS;IACpD,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAA;IACrD,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAA;IACrD,OAAO,eAAe,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;AACtC,CAAC"}
+{"version":3,"file":"constantTimeEqual.js","sourceRoot":"","sources":["../../src/internal/constantTimeEqual.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,IAAI,CAAA;AAE9B,iEAAiE;AACjE,MAAM,UAAU,iBAAiB,CAAC,CAAS,EAAE,CAAS;IACpD,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAA;IAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAA;IAC5C,IAAI,MAAM,GAAG,CAAC,CAAA;IACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;IAC1F,OAAO,MAAM,KAAK,CAAC,CAAA;AACrB,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "mppx",
   "type": "module",
-  "version": "0.3.12",
+  "version": "0.3.13",
   "main": "./dist/index.js",
   "license": "MIT",
   "files": [

package/src/client/internal/Fetch.test.ts

@@ -610,6 +610,34 @@ describe('Fetch.from: 402 retry headers normalization', () => {
     expect(retryHeaders.Accept).toBe('application/json')
     expect(retryHeaders.Authorization).toBe('credential')
   })
+
+  test('replaces existing authorization header case-insensitively', async () => {
+    let callCount = 0
+    const calls: { init: RequestInit | undefined }[] = []
+    const mockFetch: typeof globalThis.fetch = async (_input, init) => {
+      calls.push({ init })
+      callCount++
+      if (callCount === 1) return make402()
+      return new Response('OK', { status: 200 })
+    }
+
+    const fetch = Fetch.from({
+      fetch: mockFetch,
+      methods: [noopMethod],
+    })
+
+    await fetch('https://example.com/api', {
+      headers: { authorization: 'Bearer stale-token', 'X-Custom': 'value' },
+    })
+
+    const retryHeaders = (calls[1]!.init as Record<string, unknown>).headers as Record<
+      string,
+      string
+    >
+    expect(retryHeaders.authorization).toBeUndefined()
+    expect(retryHeaders.Authorization).toBe('credential')
+    expect(retryHeaders['X-Custom']).toBe('value')
+  })
 })
 
 describe('Fetch.from: input passthrough', () => {
@@ -722,4 +750,20 @@ describe('Fetch.polyfill / restore', () => {
     Fetch.restore()
     expect(globalThis.fetch).toBe(originalFetch)
   })
+
+  test('restore is a no-op when fetch was replaced externally after polyfill', () => {
+    const originalFetch = globalThis.fetch
+    const externalFetch = vi.fn(
+      async (_input: RequestInfo | URL, _init?: RequestInit) =>
+        new Response('external', { status: 200 }),
+    ) as unknown as typeof globalThis.fetch
+
+    Fetch.polyfill({ methods: [noopMethod] })
+    globalThis.fetch = externalFetch
+
+    Fetch.restore()
+    expect(globalThis.fetch).toBe(externalFetch)
+
+    globalThis.fetch = originalFetch
+  })
 })

package/src/client/internal/Fetch.ts

@@ -2,6 +2,15 @@ import * as Challenge from '../../Challenge.js'
 import type * as Method from '../../Method.js'
 import type * as z from '../../zod.js'
 
+// We tag wrappers with a global symbol so we can recognize wrappers created by mppx,
+// even across multiple module instances/bundles. This lets restore() avoid clobbering
+// an unrelated fetch installed by user code or another library.
+const MPPX_FETCH_WRAPPER = Symbol.for('mppx.fetch.wrapper')
+
+type WrappedFetch = typeof globalThis.fetch & {
+  [MPPX_FETCH_WRAPPER]?: typeof globalThis.fetch
+}
+
 let originalFetch: typeof globalThis.fetch | undefined
 
 /**
@@ -29,10 +38,13 @@ export function from<const methods extends readonly Method.AnyClient[]>(
   config: from.Config<methods>,
 ): from.Fetch<methods> {
   const { fetch = globalThis.fetch, methods, onChallenge } = config
+  // Always operate on the true underlying fetch to avoid wrapper-on-wrapper stacking,
+  // which can duplicate retries and make restore semantics fragile.
+  const baseFetch = unwrapFetch(fetch)
 
-  return async (input, init) => {
+  const wrappedFetch = async (input: RequestInfo | URL, init?: from.RequestInit<methods>) => {
     // Pass init through untouched to preserve object identity for non-402 responses.
-    const response = await fetch(input, init)
+    const response = await baseFetch(input, init)
 
     if (response.status !== 402) return response
 
@@ -55,15 +67,18 @@ export function from<const methods extends readonly Method.AnyClient[]>(
         })
       : undefined
     const credential = onChallengeCredential ?? (await resolveCredential(challenge, mi, context))
+    validateCredentialHeaderValue(credential)
 
-    return fetch(input, {
+    return baseFetch(input, {
       ...fetchInit,
-      headers: {
-        ...normalizeHeaders(fetchInit.headers),
-        Authorization: credential,
-      },
+      headers: withAuthorizationHeader(fetchInit.headers, credential),
     })
   }
+
+  // Record the wrapped target so future polyfill() / restore() calls can detect origin
+  // and safely unwrap only mppx-installed wrappers.
+  ;(wrappedFetch as WrappedFetch)[MPPX_FETCH_WRAPPER] = baseFetch
+  return wrappedFetch as from.Fetch<methods>
 }
 
 /** Union of all context types from all methods that have context schemas. */
@@ -127,8 +142,14 @@ export declare namespace from {
 export function polyfill<const methods extends readonly Method.AnyClient[]>(
   config: polyfill.Config<methods>,
 ): void {
+  // Defensive guard for runtimes/tests where fetch might be non-configurable.
+  const descriptor = Object.getOwnPropertyDescriptor(globalThis, 'fetch')
+  if (!descriptor || (!descriptor.writable && !descriptor.set)) {
+    throw new Error('globalThis.fetch is not writable')
+  }
+
   if (!originalFetch) originalFetch = globalThis.fetch
-  globalThis.fetch = from(config) as typeof globalThis.fetch
+  globalThis.fetch = from({ ...config, fetch: globalThis.fetch }) as typeof globalThis.fetch
 }
 
 export declare namespace polyfill {
@@ -151,7 +172,9 @@ export declare namespace polyfill {
  * ```
  */
 export function restore(): void {
-  if (originalFetch) {
+  // Only restore if the current fetch is still an mppx wrapper.
+  // If app code replaced fetch after polyfill(), we must not overwrite it.
+  if (originalFetch && isWrappedFetch(globalThis.fetch)) {
     globalThis.fetch = originalFetch
     originalFetch = undefined
   }
@@ -171,6 +194,40 @@ function normalizeHeaders(headers: unknown): Record<string, string> {
   return headers as Record<string, string>
 }
 
+/** @internal */
+function withAuthorizationHeader(headers: unknown, credential: string): Record<string, string> {
+  const normalized = normalizeHeaders(headers)
+  // Remove any existing Authorization header regardless of casing to avoid
+  // duplicate/conflicting credentials on retry.
+  for (const key of Object.keys(normalized)) {
+    if (key.toLowerCase() === 'authorization') delete normalized[key]
+  }
+  normalized.Authorization = credential
+  return normalized
+}
+
+/** @internal */
+function unwrapFetch(fetch: typeof globalThis.fetch): typeof globalThis.fetch {
+  let current = fetch as WrappedFetch
+  while (current[MPPX_FETCH_WRAPPER]) {
+    current = current[MPPX_FETCH_WRAPPER] as WrappedFetch
+  }
+  return current as typeof globalThis.fetch
+}
+
+/** @internal */
+function isWrappedFetch(fetch: typeof globalThis.fetch): fetch is WrappedFetch {
+  return Boolean((fetch as WrappedFetch)[MPPX_FETCH_WRAPPER])
+}
+
+/** @internal */
+function validateCredentialHeaderValue(credential: string): void {
+  if (!credential.trim()) throw new Error('Credential header value must be non-empty')
+  if (credential.includes('\r') || credential.includes('\n')) {
+    throw new Error('Credential header value contains illegal newline characters')
+  }
+}
+
 /** @internal */
 async function resolveCredential(
   challenge: Challenge.Challenge,

package/src/internal/constantTimeEqual.ts

@@ -1,8 +1,10 @@
-import { createHash, timingSafeEqual } from 'node:crypto'
+import { Hash, Hex } from 'ox'
 
 /** Constant-time string comparison to prevent timing attacks. */
 export function constantTimeEqual(a: string, b: string): boolean {
-  const hashA = createHash('sha256').update(a).digest()
-  const hashB = createHash('sha256').update(b).digest()
-  return timingSafeEqual(hashA, hashB)
+  const hashA = Hash.sha256(Hex.fromString(a))
+  const hashB = Hash.sha256(Hex.fromString(b))
+  let result = 0
+  for (let i = 0; i < hashA.length; i++) result |= hashA.charCodeAt(i) ^ hashB.charCodeAt(i)
+  return result === 0
 }