mppx 0.3.13 → 0.3.15

package/src/client/Mppx.test-d.ts

@@ -28,6 +28,15 @@ describe('Mppx', () => {
     expectTypeOf(mppx.createCredential).toBeFunction()
     expectTypeOf(mppx.createCredential).returns.toMatchTypeOf<Promise<string>>()
   })
+
+  test('has rawFetch with standard fetch signature', () => {
+    const method = charge({
+      account: {} as Account,
+    })
+    const mppx = Mppx.create({ methods: [method] })
+
+    expectTypeOf(mppx.rawFetch).toEqualTypeOf<typeof globalThis.fetch>()
+  })
 })
 
 describe('create.Config', () => {

package/src/client/Mppx.test.ts

@@ -28,6 +28,7 @@ describe('Mppx.create', () => {
     expect(mppx.transport.name).toBe('http')
     expect(typeof mppx.createCredential).toBe('function')
     expect(typeof mppx.fetch).toBe('function')
+    expect(typeof mppx.rawFetch).toBe('function')
   })
 
   test('behavior: with mcp transport', () => {
@@ -82,12 +83,12 @@ describe('createCredential', () => {
     const challenge = Challenge.fromMethod(Methods.charge, {
       realm,
       secretKey,
+      expires: new Date(Date.now() + 60_000).toISOString(),
       request: {
         amount: '1000',
         currency: '0x1234567890123456789012345678901234567890',
         decimals: 6,
         recipient: '0x1234567890123456789012345678901234567890',
-        expires: new Date(Date.now() + 60_000).toISOString(),
       },
     })
 
@@ -164,11 +165,11 @@ describe('createCredential', () => {
       realm,
       method: 'stripe',
       intent: 'charge',
+      expires: new Date(Date.now() + 60_000).toISOString(),
       request: {
         amount: '2000',
         currency: '0xabcd',
         recipient: '0xefgh',
-        expires: new Date(Date.now() + 60_000).toISOString(),
       },
     })
 
@@ -195,12 +196,12 @@ describe('createCredential', () => {
     const challenge = Challenge.fromMethod(Methods.charge, {
       realm,
       secretKey,
+      expires: new Date(Date.now() + 60_000).toISOString(),
       request: {
         amount: '1000',
         currency: '0x1234567890123456789012345678901234567890',
         decimals: 6,
         recipient: '0x1234567890123456789012345678901234567890',
-        expires: new Date(Date.now() + 60_000).toISOString(),
       },
     })
 
@@ -227,12 +228,12 @@ describe('createCredential', () => {
     const challenge = Challenge.fromMethod(Methods.charge, {
       realm,
       secretKey,
+      expires: new Date(Date.now() + 60_000).toISOString(),
       request: {
         amount: '1000',
         currency: '0x1234567890123456789012345678901234567890',
         decimals: 6,
         recipient: '0x1234567890123456789012345678901234567890',
-        expires: new Date(Date.now() + 60_000).toISOString(),
       },
     })
 
@@ -258,12 +259,12 @@ describe('createCredential', () => {
     const challenge = Challenge.fromMethod(Methods.charge, {
       realm,
       secretKey,
+      expires: new Date(Date.now() + 60_000).toISOString(),
       request: {
         amount: '1000',
         currency: '0x1234567890123456789012345678901234567890',
         decimals: 6,
         recipient: '0x1234567890123456789012345678901234567890',
-        expires: new Date(Date.now() + 60_000).toISOString(),
       },
     })
 
@@ -471,3 +472,80 @@ describe('restore', () => {
     expect(globalThis.fetch).toBe(originalFetch)
   })
 })
+
+describe('rawFetch', () => {
+  test('default: returns the original fetch when polyfill is enabled', () => {
+    const originalFetch = globalThis.fetch
+
+    const mppx = Mppx.create({
+      methods: [
+        tempo({
+          account: accounts[1],
+          getClient: () => client,
+        }),
+      ],
+    })
+
+    expect(globalThis.fetch).not.toBe(originalFetch)
+    expect(mppx.rawFetch).toBe(originalFetch)
+  })
+
+  test('behavior: returns the original fetch when polyfill is disabled', () => {
+    const originalFetch = globalThis.fetch
+
+    const mppx = Mppx.create({
+      polyfill: false,
+      methods: [
+        tempo({
+          account: accounts[1],
+          getClient: () => client,
+        }),
+      ],
+    })
+
+    expect(mppx.rawFetch).toBe(originalFetch)
+  })
+
+  test('behavior: returns custom fetch when provided', () => {
+    const customFetch = async () => new Response('custom')
+
+    const mppx = Mppx.create({
+      polyfill: false,
+      fetch: customFetch as typeof globalThis.fetch,
+      methods: [
+        tempo({
+          account: accounts[1],
+          getClient: () => client,
+        }),
+      ],
+    })
+
+    expect(mppx.rawFetch).toBe(customFetch)
+  })
+
+  test('behavior: rawFetch does not intercept 402 responses', async () => {
+    const mppx = Mppx.create({
+      methods: [
+        tempo({
+          account: accounts[1],
+          getClient: () => client,
+        }),
+      ],
+    })
+
+    const httpServer = await Http.createServer(async (req, res) => {
+      const result = await Mppx_server.toNodeListener(
+        server.charge({
+          amount: '1',
+        }),
+      )(req, res)
+      if (result.status === 402) return
+      res.end('OK')
+    })
+
+    const response = await mppx.rawFetch(httpServer.url)
+    expect(response.status).toBe(402)
+
+    httpServer.close()
+  })
+})

package/src/client/Mppx.ts

@@ -15,6 +15,8 @@ export type Mppx<
 > = {
   /** Payment-aware fetch function that automatically handles 402 responses. */
   fetch: Fetch.from.Fetch<FlattenMethods<methods>>
+  /** The original, unwrapped fetch function (pre-polyfill). Useful when you need to make requests that should not be intercepted (e.g. 402 probes for websocket auth). */
+  rawFetch: typeof globalThis.fetch
   /** Methods to configure. */
   methods: FlattenMethods<methods>
   /** The transport used. */
@@ -56,6 +58,8 @@ export function create<
 >(config: create.Config<methods, transport>): Mppx<methods, transport> {
   const { onChallenge, polyfill = true, transport = Transport.http() as transport } = config
 
+  const rawFetch = config.fetch ?? globalThis.fetch
+
   const methods = config.methods.flat() as unknown as FlattenMethods<methods>
 
   const resolvedOnChallenge = onChallenge as Fetch.from.Config<
@@ -71,6 +75,7 @@ export function create<
   if (polyfill) Fetch.polyfill(config_fetch)
   return {
     fetch,
+    rawFetch,
     methods,
     transport,
     async createCredential(response: Transport.ResponseOf<transport>, context?: unknown) {

package/src/client/Transport.test.ts

@@ -9,12 +9,12 @@ const secretKey = 'test-secret-key'
 const challenge = Challenge.fromMethod(Methods.charge, {
   realm,
   secretKey,
+  expires: '2025-01-01T00:00:00.000Z',
   request: {
     amount: '0.001',
     currency: '0x20c0000000000000000000000000000000000001',
     decimals: 6,
     recipient: '0x742d35Cc6634C0532925a3b844Bc9e7595f8fE00',
-    expires: '2025-01-01T00:00:00.000Z',
   },
 })
 
@@ -60,14 +60,13 @@ describe('http', () => {
       expect(transport.getChallenge(response)).toMatchInlineSnapshot(`
         {
           "expires": "2025-01-01T00:00:00.000Z",
-          "id": "z8dUi61lViOj6cwh_ISb_5X8nBJF2OjTydcEap8wX0o",
+          "id": "0hnrySRDqWfttlDIJpuxV4mJsRJIS7d7RjnufuonJOE",
           "intent": "charge",
           "method": "tempo",
           "realm": "api.example.com",
           "request": {
             "amount": "1000",
             "currency": "0x20c0000000000000000000000000000000000001",
-            "expires": "2025-01-01T00:00:00.000Z",
             "recipient": "0x742d35Cc6634C0532925a3b844Bc9e7595f8fE00",
           },
         }
@@ -91,7 +90,7 @@ describe('http', () => {
       const headers = result.headers as Headers
 
       expect(headers.get('Authorization')).toMatchInlineSnapshot(
-        `"Payment eyJjaGFsbGVuZ2UiOnsiZXhwaXJlcyI6IjIwMjUtMDEtMDFUMDA6MDA6MDAuMDAwWiIsImlkIjoiejhkVWk2MWxWaU9qNmN3aF9JU2JfNVg4bkJKRjJPalR5ZGNFYXA4d1gwbyIsImludGVudCI6ImNoYXJnZSIsIm1ldGhvZCI6InRlbXBvIiwicmVhbG0iOiJhcGkuZXhhbXBsZS5jb20iLCJyZXF1ZXN0IjoiZXlKaGJXOTFiblFpT2lJeE1EQXdJaXdpWTNWeWNtVnVZM2tpT2lJd2VESXdZekF3TURBd01EQXdNREF3TURBd01EQXdNREF3TURBd01EQXdNREF3TURBd01EQXdNREVpTENKbGVIQnBjbVZ6SWpvaU1qQXlOUzB3TVMwd01WUXdNRG93TURvd01DNHdNREJhSWl3aWNtVmphWEJwWlc1MElqb2lNSGczTkRKa016VkRZelkyTXpSRE1EVXpNamt5TldFellqZzBORUpqT1dVM05UazFaamhtUlRBd0luMCJ9LCJwYXlsb2FkIjp7InNpZ25hdHVyZSI6IjB4YWJjMTIzIiwidHlwZSI6InRyYW5zYWN0aW9uIn19"`,
+        `"Payment eyJjaGFsbGVuZ2UiOnsiZXhwaXJlcyI6IjIwMjUtMDEtMDFUMDA6MDA6MDAuMDAwWiIsImlkIjoiMGhucnlTUkRxV2Z0dGxESUpwdXhWNG1Kc1JKSVM3ZDdSam51ZnVvbkpPRSIsImludGVudCI6ImNoYXJnZSIsIm1ldGhvZCI6InRlbXBvIiwicmVhbG0iOiJhcGkuZXhhbXBsZS5jb20iLCJyZXF1ZXN0IjoiZXlKaGJXOTFiblFpT2lJeE1EQXdJaXdpWTNWeWNtVnVZM2tpT2lJd2VESXdZekF3TURBd01EQXdNREF3TURBd01EQXdNREF3TURBd01EQXdNREF3TURBd01EQXdNREVpTENKeVpXTnBjR2xsYm5RaU9pSXdlRGMwTW1Rek5VTmpOall6TkVNd05UTXlPVEkxWVROaU9EUTBRbU01WlRjMU9UVm1PR1pGTURBaWZRIn0sInBheWxvYWQiOnsic2lnbmF0dXJlIjoiMHhhYmMxMjMiLCJ0eXBlIjoidHJhbnNhY3Rpb24ifX0"`,
       )
     })
 
@@ -182,14 +181,13 @@ describe('mcp', () => {
       expect(transport.getChallenge(response)).toMatchInlineSnapshot(`
         {
           "expires": "2025-01-01T00:00:00.000Z",
-          "id": "z8dUi61lViOj6cwh_ISb_5X8nBJF2OjTydcEap8wX0o",
+          "id": "0hnrySRDqWfttlDIJpuxV4mJsRJIS7d7RjnufuonJOE",
           "intent": "charge",
           "method": "tempo",
           "realm": "api.example.com",
           "request": {
             "amount": "1000",
             "currency": "0x20c0000000000000000000000000000000000001",
-            "expires": "2025-01-01T00:00:00.000Z",
             "recipient": "0x742d35Cc6634C0532925a3b844Bc9e7595f8fE00",
           },
         }
@@ -239,14 +237,13 @@ describe('mcp', () => {
               "org.paymentauth/credential": {
                 "challenge": {
                   "expires": "2025-01-01T00:00:00.000Z",
-                  "id": "z8dUi61lViOj6cwh_ISb_5X8nBJF2OjTydcEap8wX0o",
+                  "id": "0hnrySRDqWfttlDIJpuxV4mJsRJIS7d7RjnufuonJOE",
                   "intent": "charge",
                   "method": "tempo",
                   "realm": "api.example.com",
                   "request": {
                     "amount": "1000",
                     "currency": "0x20c0000000000000000000000000000000000001",
-                    "expires": "2025-01-01T00:00:00.000Z",
                     "recipient": "0x742d35Cc6634C0532925a3b844Bc9e7595f8fE00",
                   },
                 },

package/src/client/internal/Fetch.browser.test.ts

@@ -0,0 +1,135 @@
+import { describe, expect, test, vi } from 'vitest'
+import * as Fetch from './Fetch.js'
+
+const noopMethod = {
+  name: 'test',
+  intent: 'test',
+  context: undefined,
+  createCredential: async () => 'credential',
+} as any
+
+function make402() {
+  const request = btoa(JSON.stringify({ amount: '1' }))
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=+$/, '')
+  return new Response(null, {
+    status: 402,
+    headers: {
+      'WWW-Authenticate': `Payment id="abc", realm="test", method="test", intent="test", request="${request}"`,
+    },
+  })
+}
+
+/** Returns a fetch wrapper and the init captured from the 402 retry call. */
+function setup() {
+  const calls: (RequestInit | undefined)[] = []
+  let callCount = 0
+  const mockFetch: typeof globalThis.fetch = async (_input, init) => {
+    calls.push(init)
+    callCount++
+    if (callCount === 1) return make402()
+    return new Response('OK', { status: 200 })
+  }
+  const fetch = Fetch.from({ fetch: mockFetch, methods: [noopMethod] })
+  return {
+    fetch,
+    /** Headers sent on the retry (second) request. */
+    retryHeaders: async (input: RequestInfo | URL, init?: RequestInit) => {
+      await fetch(input, init)
+      return (calls[1] as Record<string, unknown>)?.headers as Record<string, string>
+    },
+  }
+}
+
+describe('Fetch.from: browser header normalization', () => {
+  test('preserves Headers instance', async () => {
+    const { retryHeaders } = setup()
+    const h = await retryHeaders('https://example.com', {
+      headers: new Headers({ 'X-Custom': 'value', 'Content-Type': 'application/json' }),
+    })
+    expect(h['x-custom']).toBe('value')
+    expect(h['content-type']).toBe('application/json')
+    expect(h.Authorization).toBe('credential')
+  })
+
+  test('preserves header tuples', async () => {
+    const { retryHeaders } = setup()
+    const h = await retryHeaders('https://example.com', {
+      headers: [
+        ['X-Custom', 'value'],
+        ['Accept', 'application/json'],
+      ],
+    })
+    expect(h['X-Custom']).toBe('value')
+    expect(h.Accept).toBe('application/json')
+    expect(h.Authorization).toBe('credential')
+  })
+
+  test('replaces authorization case-insensitively', async () => {
+    const { retryHeaders } = setup()
+    const h = await retryHeaders('https://example.com', {
+      headers: { authorization: 'Bearer stale', 'X-Custom': 'value' },
+    })
+    expect(h.authorization).toBeUndefined()
+    expect(h.Authorization).toBe('credential')
+    expect(h['X-Custom']).toBe('value')
+  })
+
+  test('preserves plain object headers', async () => {
+    const { retryHeaders } = setup()
+    const h = await retryHeaders('https://example.com', { headers: { 'X-Custom': 'val' } })
+    expect(h['X-Custom']).toBe('val')
+    expect(h.Authorization).toBe('credential')
+  })
+
+  test('adds Authorization when no headers provided', async () => {
+    const { retryHeaders } = setup()
+    const h = await retryHeaders('https://example.com')
+    expect(h.Authorization).toBe('credential')
+  })
+})
+
+describe('Fetch.polyfill / restore: browser', () => {
+  test('restore is a no-op when polyfill was never called', () => {
+    const before = globalThis.fetch
+    Fetch.restore()
+    expect(globalThis.fetch).toBe(before)
+  })
+
+  test('restore reverts to original fetch', () => {
+    const original = globalThis.fetch
+    Fetch.polyfill({ methods: [noopMethod] })
+    expect(globalThis.fetch).not.toBe(original)
+    Fetch.restore()
+    expect(globalThis.fetch).toBe(original)
+  })
+
+  test('stacked polyfill calls preserve the true original', () => {
+    const original = globalThis.fetch
+    Fetch.polyfill({ methods: [noopMethod] })
+    Fetch.polyfill({ methods: [noopMethod] })
+    Fetch.restore()
+    expect(globalThis.fetch).toBe(original)
+  })
+
+  test('double restore does not clobber fetch', () => {
+    const original = globalThis.fetch
+    Fetch.polyfill({ methods: [noopMethod] })
+    Fetch.restore()
+    Fetch.restore()
+    expect(globalThis.fetch).toBe(original)
+  })
+
+  test('restore is a no-op when fetch was replaced externally', () => {
+    const original = globalThis.fetch
+    const external = vi.fn(
+      async () => new Response('external'),
+    ) as unknown as typeof globalThis.fetch
+    Fetch.polyfill({ methods: [noopMethod] })
+    globalThis.fetch = external
+    Fetch.restore()
+    expect(globalThis.fetch).toBe(external)
+    globalThis.fetch = original
+  })
+})

package/src/client/internal/Fetch.test.ts

@@ -552,94 +552,6 @@ describe('Fetch.from: 402 retry path', () => {
   })
 })
 
-describe('Fetch.from: 402 retry headers normalization', () => {
-  test('preserves headers when passed as a Headers instance', async () => {
-    let callCount = 0
-    const calls: { init: RequestInit | undefined }[] = []
-    const mockFetch: typeof globalThis.fetch = async (_input, init) => {
-      calls.push({ init })
-      callCount++
-      if (callCount === 1) return make402()
-      return new Response('OK', { status: 200 })
-    }
-
-    const fetch = Fetch.from({
-      fetch: mockFetch,
-      methods: [noopMethod],
-    })
-
-    const headers = new Headers({ 'X-Custom': 'value', 'Content-Type': 'application/json' })
-    await fetch('https://example.com/api', { headers })
-
-    const retryHeaders = (calls[1]!.init as Record<string, unknown>).headers as Record<
-      string,
-      string
-    >
-    expect(retryHeaders['x-custom']).toBe('value')
-    expect(retryHeaders['content-type']).toBe('application/json')
-    expect(retryHeaders.Authorization).toBe('credential')
-  })
-
-  test('preserves headers when passed as array of tuples', async () => {
-    let callCount = 0
-    const calls: { init: RequestInit | undefined }[] = []
-    const mockFetch: typeof globalThis.fetch = async (_input, init) => {
-      calls.push({ init })
-      callCount++
-      if (callCount === 1) return make402()
-      return new Response('OK', { status: 200 })
-    }
-
-    const fetch = Fetch.from({
-      fetch: mockFetch,
-      methods: [noopMethod],
-    })
-
-    await fetch('https://example.com/api', {
-      headers: [
-        ['X-Custom', 'value'],
-        ['Accept', 'application/json'],
-      ],
-    })
-
-    const retryHeaders = (calls[1]!.init as Record<string, unknown>).headers as Record<
-      string,
-      string
-    >
-    expect(retryHeaders['X-Custom']).toBe('value')
-    expect(retryHeaders.Accept).toBe('application/json')
-    expect(retryHeaders.Authorization).toBe('credential')
-  })
-
-  test('replaces existing authorization header case-insensitively', async () => {
-    let callCount = 0
-    const calls: { init: RequestInit | undefined }[] = []
-    const mockFetch: typeof globalThis.fetch = async (_input, init) => {
-      calls.push({ init })
-      callCount++
-      if (callCount === 1) return make402()
-      return new Response('OK', { status: 200 })
-    }
-
-    const fetch = Fetch.from({
-      fetch: mockFetch,
-      methods: [noopMethod],
-    })
-
-    await fetch('https://example.com/api', {
-      headers: { authorization: 'Bearer stale-token', 'X-Custom': 'value' },
-    })
-
-    const retryHeaders = (calls[1]!.init as Record<string, unknown>).headers as Record<
-      string,
-      string
-    >
-    expect(retryHeaders.authorization).toBeUndefined()
-    expect(retryHeaders.Authorization).toBe('credential')
-    expect(retryHeaders['X-Custom']).toBe('value')
-  })
-})
-
 describe('Fetch.from: input passthrough', () => {
   test('passes URL input through on both initial and retry calls', async () => {
     let callCount = 0

package/src/mcp-sdk/client/McpClient.test.ts

@@ -157,11 +157,11 @@ describe('McpClient.wrap', () => {
     const challenge = Challenge.fromMethod(tempo_server.charge({ getClient: () => testClient }), {
       realm,
       secretKey,
+      expires: new Date(Date.now() + 60_000).toISOString(),
       request: {
         amount: '1',
         currency: asset,
         decimals: 6,
-        expires: new Date(Date.now() + 60_000).toISOString(),
         recipient: accounts[0].address,
       },
     })

package/src/server/Mppx.ts

@@ -2,6 +2,7 @@ import type { IncomingMessage, ServerResponse } from 'node:http'
 import * as Challenge from '../Challenge.js'
 import type * as Credential from '../Credential.js'
 import * as Errors from '../Errors.js'
+import * as Expires from '../Expires.js'
 import * as Env from '../internal/env.js'
 import type * as Method from '../Method.js'
 import type * as Receipt from '../Receipt.js'
@@ -173,7 +174,8 @@ function createMethodFn(parameters: createMethodFn.Parameters): createMethodFn.R
     return Object.assign(
       async (input: Transport.InputOf): Promise<MethodFn.Response> => {
         const { description, meta, ...rest } = options
-        const expires = 'expires' in options ? (options.expires as string | undefined) : undefined
+        const expires =
+          'expires' in options ? (options.expires as string | undefined) : Expires.minutes(5)
 
         // Merge defaults with per-request options
         const merged = { ...defaults, ...rest }

package/src/server/Transport.test.ts

@@ -10,12 +10,12 @@ const secretKey = 'test-secret-key'
 const challenge = Challenge.fromMethod(Methods.charge, {
   realm,
   secretKey,
+  expires: '2025-01-01T00:00:00.000Z',
   request: {
     amount: '1000',
     currency: '0x20c0000000000000000000000000000000000001',
     decimals: 6,
     recipient: '0x742d35Cc6634C0532925a3b844Bc9e7595f8fE00',
-    expires: '2025-01-01T00:00:00.000Z',
   },
 })
 
@@ -43,14 +43,13 @@ describe('http', () => {
         {
           "challenge": {
             "expires": "2025-01-01T00:00:00.000Z",
-            "id": "4XKyFaMO73Ypu-wOofzu3F8pRIt8vb7zxmWB2GgHAsE",
+            "id": "QNLtjAvrKKR0VlEGSIowhULqcGlCDU4fjrP-O7js8XE",
             "intent": "charge",
             "method": "tempo",
             "realm": "api.example.com",
             "request": {
               "amount": "1000000000",
               "currency": "0x20c0000000000000000000000000000000000001",
-              "expires": "2025-01-01T00:00:00.000Z",
               "recipient": "0x742d35Cc6634C0532925a3b844Bc9e7595f8fE00",
             },
           },
@@ -93,7 +92,7 @@ describe('http', () => {
         {
           "headers": {
             "cache-control": "no-store",
-            "www-authenticate": "Payment id="4XKyFaMO73Ypu-wOofzu3F8pRIt8vb7zxmWB2GgHAsE", realm="api.example.com", method="tempo", intent="charge", request="eyJhbW91bnQiOiIxMDAwMDAwMDAwIiwiY3VycmVuY3kiOiIweDIwYzAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEiLCJleHBpcmVzIjoiMjAyNS0wMS0wMVQwMDowMDowMC4wMDBaIiwicmVjaXBpZW50IjoiMHg3NDJkMzVDYzY2MzRDMDUzMjkyNWEzYjg0NEJjOWU3NTk1ZjhmRTAwIn0", expires="2025-01-01T00:00:00.000Z"",
+            "www-authenticate": "Payment id="QNLtjAvrKKR0VlEGSIowhULqcGlCDU4fjrP-O7js8XE", realm="api.example.com", method="tempo", intent="charge", request="eyJhbW91bnQiOiIxMDAwMDAwMDAwIiwiY3VycmVuY3kiOiIweDIwYzAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEiLCJyZWNpcGllbnQiOiIweDc0MmQzNUNjNjYzNEMwNTMyOTI1YTNiODQ0QmM5ZTc1OTVmOGZFMDAifQ", expires="2025-01-01T00:00:00.000Z"",
           },
           "status": 402,
         }
@@ -183,14 +182,13 @@ describe('mcp', () => {
         {
           "challenge": {
             "expires": "2025-01-01T00:00:00.000Z",
-            "id": "4XKyFaMO73Ypu-wOofzu3F8pRIt8vb7zxmWB2GgHAsE",
+            "id": "QNLtjAvrKKR0VlEGSIowhULqcGlCDU4fjrP-O7js8XE",
             "intent": "charge",
             "method": "tempo",
             "realm": "api.example.com",
             "request": {
               "amount": "1000000000",
               "currency": "0x20c0000000000000000000000000000000000001",
-              "expires": "2025-01-01T00:00:00.000Z",
               "recipient": "0x742d35Cc6634C0532925a3b844Bc9e7595f8fE00",
             },
           },
@@ -221,14 +219,13 @@ describe('mcp', () => {
               "challenges": [
                 {
                   "expires": "2025-01-01T00:00:00.000Z",
-                  "id": "4XKyFaMO73Ypu-wOofzu3F8pRIt8vb7zxmWB2GgHAsE",
+                  "id": "QNLtjAvrKKR0VlEGSIowhULqcGlCDU4fjrP-O7js8XE",
                   "intent": "charge",
                   "method": "tempo",
                   "realm": "api.example.com",
                   "request": {
                     "amount": "1000000000",
                     "currency": "0x20c0000000000000000000000000000000000001",
-                    "expires": "2025-01-01T00:00:00.000Z",
                     "recipient": "0x742d35Cc6634C0532925a3b844Bc9e7595f8fE00",
                   },
                 },
@@ -262,7 +259,7 @@ describe('mcp', () => {
           "result": {
             "_meta": {
               "org.paymentauth/receipt": {
-                "challengeId": "4XKyFaMO73Ypu-wOofzu3F8pRIt8vb7zxmWB2GgHAsE",
+                "challengeId": "QNLtjAvrKKR0VlEGSIowhULqcGlCDU4fjrP-O7js8XE",
                 "method": "tempo",
                 "reference": "0xtxhash",
                 "status": "success",

package/src/stripe/Methods.ts

@@ -1,5 +1,4 @@
 import { parseUnits } from 'viem'
-import * as Expires from '../Expires.js'
 import * as Method from '../Method.js'
 import * as z from '../zod.js'
 
@@ -24,7 +23,6 @@ export const charge = Method.from({
         currency: z.string(),
         decimals: z.number(),
         description: z.optional(z.string()),
-        expires: z._default(z.datetime(), () => Expires.minutes(5)),
         externalId: z.optional(z.string()),
         metadata: z.optional(z.record(z.string(), z.string())),
         networkId: z.string(),

package/src/stripe/client/Charge.ts

@@ -66,8 +66,8 @@ export function charge(parameters: charge.Parameters) {
         )
       }
 
-      const expiresAt = challenge.request.expires
-        ? Math.floor(new Date(challenge.request.expires as string).getTime() / 1000)
+      const expiresAt = challenge.expires
+        ? Math.floor(new Date(challenge.expires).getTime() / 1000)
         : Math.floor(Date.now() / 1000) + 3600
 
       const spt = await createToken({

package/src/stripe/server/Charge.ts

@@ -66,8 +66,8 @@ export function charge<const parameters extends charge.Parameters>(parameters: p
       const { challenge } = credential
       const { request } = challenge
 
-      if (request.expires && new Date(request.expires) < new Date())
-        throw new PaymentExpiredError({ expires: request.expires })
+      if (challenge.expires && new Date(challenge.expires) < new Date())
+        throw new PaymentExpiredError({ expires: challenge.expires })
 
       const parsed = Methods.charge.schema.credential.payload.safeParse(credential.payload)
       if (!parsed.success) throw new Error('Invalid credential payload: missing or malformed spt')

package/src/tempo/Methods.test.ts

@@ -82,3 +82,25 @@ describe('charge', () => {
     expect(result.success).toBe(false)
   })
 })
+
+describe('session', () => {
+  test('has correct name and intent', () => {
+    expect(Methods.session.intent).toBe('session')
+    expect(Methods.session.name).toBe('tempo')
+  })
+
+  test('schema: encodes minVoucherDelta in base units', () => {
+    const request = Methods.session.schema.request.parse({
+      amount: '1',
+      currency: '0x20c0000000000000000000000000000000000001',
+      decimals: 6,
+      escrowContract: '0x1234567890abcdef1234567890abcdef12345678',
+      minVoucherDelta: '0.1',
+      recipient: '0x1234567890abcdef1234567890abcdef12345678',
+      unitType: 'token',
+    })
+
+    expect(request.amount).toBe('1000000')
+    expect(request.methodDetails?.minVoucherDelta).toBe('100000')
+  })
+})