npm - mppx - Versions diffs - 0.3.3 → 0.3.5 - Mend

mppx 0.3.3 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (148) hide show

package/README.md +0 -52
package/dist/Challenge.d.ts +8 -0
package/dist/Challenge.d.ts.map +1 -1
package/dist/Challenge.js +20 -4
package/dist/Challenge.js.map +1 -1
package/dist/Errors.d.ts +7 -7
package/dist/Errors.d.ts.map +1 -1
package/dist/Errors.js +7 -7
package/dist/Errors.js.map +1 -1
package/dist/cli.js +280 -119
package/dist/cli.js.map +1 -1
package/dist/internal/env.js +2 -2
package/dist/internal/env.js.map +1 -1
package/dist/server/Mppx.d.ts +2 -0
package/dist/server/Mppx.d.ts.map +1 -1
package/dist/server/Mppx.js +4 -3
package/dist/server/Mppx.js.map +1 -1
package/dist/tempo/client/ChannelOps.d.ts +5 -5
package/dist/tempo/client/ChannelOps.d.ts.map +1 -1
package/dist/tempo/client/ChannelOps.js +3 -3
package/dist/tempo/client/ChannelOps.js.map +1 -1
package/dist/tempo/client/Session.d.ts +2 -2
package/dist/tempo/client/Session.d.ts.map +1 -1
package/dist/tempo/client/Session.js +3 -3
package/dist/tempo/client/Session.js.map +1 -1
package/dist/tempo/client/SessionManager.d.ts +4 -4
package/dist/tempo/client/SessionManager.d.ts.map +1 -1
package/dist/tempo/client/SessionManager.js +4 -4
package/dist/tempo/client/SessionManager.js.map +1 -1
package/dist/tempo/index.d.ts +1 -1
package/dist/tempo/index.d.ts.map +1 -1
package/dist/tempo/index.js +1 -1
package/dist/tempo/index.js.map +1 -1
package/dist/tempo/server/Charge.js +1 -1
package/dist/tempo/server/Charge.js.map +1 -1
package/dist/tempo/server/Methods.d.ts +1 -1
package/dist/tempo/server/Methods.d.ts.map +1 -1
package/dist/tempo/server/Session.d.ts +8 -8
package/dist/tempo/server/Session.d.ts.map +1 -1
package/dist/tempo/server/Session.js +24 -24
package/dist/tempo/server/Session.js.map +1 -1
package/dist/tempo/server/index.d.ts +2 -2
package/dist/tempo/server/index.d.ts.map +1 -1
package/dist/tempo/server/index.js +2 -2
package/dist/tempo/server/index.js.map +1 -1
package/dist/tempo/server/internal/transport.d.ts +4 -4
package/dist/tempo/server/internal/transport.d.ts.map +1 -1
package/dist/tempo/server/internal/transport.js +3 -3
package/dist/tempo/server/internal/transport.js.map +1 -1
package/dist/tempo/session/Chain.d.ts.map +1 -0
package/dist/tempo/session/Chain.js.map +1 -0
package/dist/tempo/session/Channel.d.ts.map +1 -0
package/dist/tempo/session/Channel.js.map +1 -0
package/dist/tempo/session/ChannelStore.d.ts.map +1 -0
package/dist/tempo/session/ChannelStore.js.map +1 -0
package/dist/tempo/session/Receipt.d.ts +22 -0
package/dist/tempo/session/Receipt.d.ts.map +1 -0
package/dist/tempo/{stream → session}/Receipt.js +6 -6
package/dist/tempo/session/Receipt.js.map +1 -0
package/dist/tempo/{stream → session}/Sse.d.ts +7 -7
package/dist/tempo/session/Sse.d.ts.map +1 -0
package/dist/tempo/{stream → session}/Sse.js +4 -4
package/dist/tempo/session/Sse.js.map +1 -0
package/dist/tempo/{stream → session}/Types.d.ts +4 -4
package/dist/tempo/session/Types.d.ts.map +1 -0
package/dist/tempo/{stream → session}/Types.js.map +1 -1
package/dist/tempo/session/Voucher.d.ts.map +1 -0
package/dist/tempo/session/Voucher.js.map +1 -0
package/dist/tempo/{stream → session}/escrow.abi.d.ts.map +1 -1
package/dist/tempo/session/escrow.abi.js.map +1 -0
package/dist/tempo/session/index.d.ts.map +1 -0
package/dist/tempo/session/index.js.map +1 -0
package/package.json +1 -1
package/src/Challenge.test.ts +201 -11
package/src/Challenge.ts +34 -4
package/src/Errors.test.ts +10 -10
package/src/Errors.ts +7 -7
package/src/Store.test.ts +93 -0
package/src/cli.test.ts +234 -38
package/src/cli.ts +340 -135
package/src/client/Transport.test.ts +4 -4
package/src/internal/env.test.ts +42 -0
package/src/internal/env.ts +2 -2
package/src/middlewares/express.test.ts +1 -1
package/src/middlewares/hono.test.ts +1 -1
package/src/middlewares/nextjs.test.ts +1 -1
package/src/server/Mppx.test.ts +173 -0
package/src/server/Mppx.ts +6 -3
package/src/server/Transport.test.ts +6 -6
package/src/tempo/client/ChannelOps.test.ts +2 -2
package/src/tempo/client/ChannelOps.ts +8 -8
package/src/tempo/client/Session.test.ts +3 -3
package/src/tempo/client/Session.ts +9 -9
package/src/tempo/client/SessionManager.test.ts +3 -3
package/src/tempo/client/SessionManager.ts +9 -9
package/src/tempo/index.ts +1 -1
package/src/tempo/server/Charge.ts +1 -1
package/src/tempo/server/Session.test.ts +61 -9
package/src/tempo/server/Session.ts +47 -47
package/src/tempo/server/Sse.test.ts +3 -3
package/src/tempo/server/index.ts +2 -2
package/src/tempo/server/internal/transport.test.ts +285 -0
package/src/tempo/server/internal/transport.ts +6 -6
package/src/tempo/{stream → session}/Chain.test.ts +1 -1
package/src/tempo/{stream → session}/Receipt.test.ts +16 -12
package/src/tempo/{stream → session}/Receipt.ts +9 -9
package/src/tempo/{stream → session}/Sse.test.ts +5 -5
package/src/tempo/{stream → session}/Sse.ts +11 -11
package/src/tempo/{stream → session}/Types.ts +4 -4
package/dist/tempo/stream/Chain.d.ts.map +0 -1
package/dist/tempo/stream/Chain.js.map +0 -1
package/dist/tempo/stream/Channel.d.ts.map +0 -1
package/dist/tempo/stream/Channel.js.map +0 -1
package/dist/tempo/stream/ChannelStore.d.ts.map +0 -1
package/dist/tempo/stream/ChannelStore.js.map +0 -1
package/dist/tempo/stream/Receipt.d.ts +0 -22
package/dist/tempo/stream/Receipt.d.ts.map +0 -1
package/dist/tempo/stream/Receipt.js.map +0 -1
package/dist/tempo/stream/Sse.d.ts.map +0 -1
package/dist/tempo/stream/Sse.js.map +0 -1
package/dist/tempo/stream/Types.d.ts.map +0 -1
package/dist/tempo/stream/Voucher.d.ts.map +0 -1
package/dist/tempo/stream/Voucher.js.map +0 -1
package/dist/tempo/stream/escrow.abi.js.map +0 -1
package/dist/tempo/stream/index.d.ts.map +0 -1
package/dist/tempo/stream/index.js.map +0 -1
/package/dist/tempo/{stream → session}/Chain.d.ts +0 -0
/package/dist/tempo/{stream → session}/Chain.js +0 -0
/package/dist/tempo/{stream → session}/Channel.d.ts +0 -0
/package/dist/tempo/{stream → session}/Channel.js +0 -0
/package/dist/tempo/{stream → session}/ChannelStore.d.ts +0 -0
/package/dist/tempo/{stream → session}/ChannelStore.js +0 -0
/package/dist/tempo/{stream → session}/Types.js +0 -0
/package/dist/tempo/{stream → session}/Voucher.d.ts +0 -0
/package/dist/tempo/{stream → session}/Voucher.js +0 -0
/package/dist/tempo/{stream → session}/escrow.abi.d.ts +0 -0
/package/dist/tempo/{stream → session}/escrow.abi.js +0 -0
/package/dist/tempo/{stream → session}/index.d.ts +0 -0
/package/dist/tempo/{stream → session}/index.js +0 -0
/package/src/tempo/{stream → session}/Chain.ts +0 -0
/package/src/tempo/{stream → session}/Channel.test.ts +0 -0
/package/src/tempo/{stream → session}/Channel.ts +0 -0
/package/src/tempo/{stream → session}/ChannelStore.test.ts +0 -0
/package/src/tempo/{stream → session}/ChannelStore.ts +0 -0
/package/src/tempo/{stream → session}/Voucher.test.ts +0 -0
/package/src/tempo/{stream → session}/Voucher.ts +0 -0
/package/src/tempo/{stream → session}/escrow.abi.ts +0 -0
/package/src/tempo/{stream → session}/index.ts +0 -0

package/src/Challenge.ts CHANGED Viewed

@@ -27,6 +27,8 @@ export const Schema = z.object({
   intent: z.string(),
   /** Payment method (e.g., "tempo", "stripe"). */
   method: z.string(),
+  /** Optional server-defined correlation data. Flat string-to-string map; clients MUST NOT modify. */
+  opaque: z.optional(z.record(z.string(), z.string())),
   /** Server realm (e.g., hostname). */
   realm: z.string(),
   /** Method-specific request data. */
@@ -111,11 +113,20 @@ export function from<
   const methods extends readonly Method.Method[] | undefined = undefined,
 >(parameters: parameters, options?: from.Options<methods>): from.ReturnType<parameters, methods> {
   void options
-  const { description, digest, method: methodName, intent, realm, request, secretKey } = parameters
+  const {
+    description,
+    digest,
+    meta,
+    method: methodName,
+    intent,
+    realm,
+    request,
+    secretKey,
+  } = parameters
   const expires = (parameters.expires ?? request.expires) as string
   const id = secretKey
-    ? computeId({ ...parameters, expires }, { secretKey })
+    ? computeId({ ...parameters, expires, ...(meta && { opaque: meta }) }, { secretKey })
     : (parameters as { id: string }).id
   return Schema.parse({
@@ -127,6 +138,7 @@ export function from<
     ...(description && { description }),
     ...(digest && { digest }),
     ...(expires && { expires }),
+    ...(meta && { opaque: meta }),
   }) as from.ReturnType<parameters, methods>
 }
@@ -153,6 +165,8 @@ export declare namespace from {
     expires?: string | undefined
     /** Intent type (e.g., "charge", "session"). */
     intent: string
+    /** Optional server-defined correlation data (serialized as `opaque` on the challenge). Flat string-to-string map; clients MUST NOT modify. */
+    meta?: Record<string, string> | undefined
     /** Payment method (e.g., "tempo", "stripe"). */
     method: string
     /** Server realm (e.g., hostname). */
@@ -206,7 +220,7 @@ export function fromMethod<const method extends Method.Method>(
   parameters: fromMethod.Parameters<method>,
 ): fromMethod.ReturnType<method> {
   const { name: methodName, intent } = method
-  const { description, digest, expires, id, realm, secretKey } = parameters
+  const { description, digest, expires, id, meta, realm, secretKey } = parameters
   const request = PaymentRequest.fromMethod(method, parameters.request)
@@ -219,6 +233,7 @@ export function fromMethod<const method extends Method.Method>(
     description,
     digest,
     expires,
+    meta,
   } as from.Parameters) as fromMethod.ReturnType<method>
 }
@@ -239,6 +254,8 @@ export declare namespace fromMethod {
     digest?: string | undefined
     /** Optional expiration timestamp (ISO 8601). */
     expires?: string | undefined
+    /** Optional server-defined correlation data (serialized as `opaque` on the challenge). Flat string-to-string map; clients MUST NOT modify. */
+    meta?: Record<string, string> | undefined
     /** Server realm (e.g., hostname). */
     realm: string
     /** Method-specific request data. */
@@ -274,6 +291,8 @@ export function serialize(challenge: Challenge): string {
   if (challenge.description !== undefined) parts.push(`description="${challenge.description}"`)
   if (challenge.digest !== undefined) parts.push(`digest="${challenge.digest}"`)
   if (challenge.expires !== undefined) parts.push(`expires="${challenge.expires}"`)
+  if (challenge.opaque !== undefined)
+    parts.push(`opaque="${PaymentRequest.serialize(challenge.opaque)}"`)
   return `Payment ${parts.join(', ')}`
 }
@@ -314,13 +333,14 @@ export function deserialize<const methods extends readonly Method.Method[] | und
     }
   }
-  const { request, ...rest } = result
+  const { request, opaque, ...rest } = result
   if (!request) throw new Error('Missing request parameter.')
   return from(
     {
       ...rest,
       request: PaymentRequest.deserialize(request),
+      ...(opaque && { meta: PaymentRequest.deserialize(opaque) as Record<string, string> }),
     } as from.Parameters,
     options,
   )
@@ -404,8 +424,17 @@ export declare namespace verify {
   }
 }
+/** Alias for `challenge.opaque`. Extracts server-defined correlation data from a challenge. */
+export function meta(challenge: Challenge): Record<string, string> | undefined {
+  return challenge.opaque
+}
 /** @internal Computes HMAC-SHA256 challenge ID from parameters. */
 function computeId(challenge: Omit<Challenge, 'id'>, options: { secretKey: string }): string {
+  // Each field occupies a fixed positional slot joined by '|'. Optional fields
+  // use an empty string when absent so the slot count is stable — this avoids
+  // ambiguity between e.g. (expires set, no digest) vs (no expires, digest set)
+  // and means adding a new optional field changes all HMACs exactly once.
   const input = [
     challenge.realm,
     challenge.method,
@@ -413,6 +442,7 @@ function computeId(challenge: Omit<Challenge, 'id'>, options: { secretKey: strin
     PaymentRequest.serialize(challenge.request),
     challenge.expires ?? '',
     challenge.digest ?? '',
+    challenge.opaque ? PaymentRequest.serialize(challenge.opaque) : '',
   ].join('|')
   const key = Bytes.fromString(options.secretKey)

package/src/Errors.test.ts CHANGED Viewed

@@ -305,7 +305,7 @@ describe('InsufficientBalanceError', () => {
         "message": "Insufficient balance.",
         "name": "InsufficientBalanceError",
         "status": 402,
-        "type": "https://paymentauth.org/problems/stream/insufficient-balance",
+        "type": "https://paymentauth.org/problems/session/insufficient-balance",
       }
     `)
   })
@@ -318,7 +318,7 @@ describe('InsufficientBalanceError', () => {
           "message": "Insufficient balance: requested 500, available 100.",
           "name": "InsufficientBalanceError",
           "status": 402,
-          "type": "https://paymentauth.org/problems/stream/insufficient-balance",
+          "type": "https://paymentauth.org/problems/session/insufficient-balance",
         }
       `)
   })
@@ -331,7 +331,7 @@ describe('InvalidSignatureError', () => {
         "message": "Invalid signature.",
         "name": "InvalidSignatureError",
         "status": 402,
-        "type": "https://paymentauth.org/problems/stream/invalid-signature",
+        "type": "https://paymentauth.org/problems/session/invalid-signature",
       }
     `)
   })
@@ -344,7 +344,7 @@ describe('InvalidSignatureError', () => {
           "message": "Invalid signature: ECDSA recovery failed.",
           "name": "InvalidSignatureError",
           "status": 402,
-          "type": "https://paymentauth.org/problems/stream/invalid-signature",
+          "type": "https://paymentauth.org/problems/session/invalid-signature",
         }
       `)
   })
@@ -357,7 +357,7 @@ describe('SignerMismatchError', () => {
         "message": "Signer is not authorized for this channel.",
         "name": "SignerMismatchError",
         "status": 402,
-        "type": "https://paymentauth.org/problems/stream/signer-mismatch",
+        "type": "https://paymentauth.org/problems/session/signer-mismatch",
       }
     `)
   })
@@ -370,7 +370,7 @@ describe('AmountExceedsDepositError', () => {
         "message": "Voucher amount exceeds channel deposit.",
         "name": "AmountExceedsDepositError",
         "status": 402,
-        "type": "https://paymentauth.org/problems/stream/amount-exceeds-deposit",
+        "type": "https://paymentauth.org/problems/session/amount-exceeds-deposit",
       }
     `)
   })
@@ -383,7 +383,7 @@ describe('DeltaTooSmallError', () => {
         "message": "Amount increase below minimum voucher delta.",
         "name": "DeltaTooSmallError",
         "status": 402,
-        "type": "https://paymentauth.org/problems/stream/delta-too-small",
+        "type": "https://paymentauth.org/problems/session/delta-too-small",
       }
     `)
   })
@@ -396,7 +396,7 @@ describe('ChannelNotFoundError', () => {
         "message": "No channel with this ID exists.",
         "name": "ChannelNotFoundError",
         "status": 410,
-        "type": "https://paymentauth.org/problems/stream/channel-not-found",
+        "type": "https://paymentauth.org/problems/session/channel-not-found",
       }
     `)
   })
@@ -409,7 +409,7 @@ describe('ChannelClosedError', () => {
         "message": "Channel is closed.",
         "name": "ChannelClosedError",
         "status": 410,
-        "type": "https://paymentauth.org/problems/stream/channel-finalized",
+        "type": "https://paymentauth.org/problems/session/channel-finalized",
       }
     `)
   })
@@ -422,7 +422,7 @@ describe('ChannelClosedError', () => {
           "message": "Channel closed: channel is finalized on-chain.",
           "name": "ChannelClosedError",
           "status": 410,
-          "type": "https://paymentauth.org/problems/stream/channel-finalized",
+          "type": "https://paymentauth.org/problems/session/channel-finalized",
         }
       `)
   })

package/src/Errors.ts CHANGED Viewed

@@ -270,7 +270,7 @@ export class InsufficientBalanceError extends PaymentError {
   override readonly name = 'InsufficientBalanceError'
   readonly title = 'Insufficient Balance'
   override readonly status = 402
-  readonly type = 'https://paymentauth.org/problems/stream/insufficient-balance'
+  readonly type = 'https://paymentauth.org/problems/session/insufficient-balance'
   constructor(options: InsufficientBalanceError.Options = {}) {
     const { reason } = options
@@ -292,7 +292,7 @@ export class InvalidSignatureError extends PaymentError {
   override readonly name = 'InvalidSignatureError'
   readonly title = 'Invalid Signature'
   override readonly status = 402
-  readonly type = 'https://paymentauth.org/problems/stream/invalid-signature'
+  readonly type = 'https://paymentauth.org/problems/session/invalid-signature'
   constructor(options: InvalidSignatureError.Options = {}) {
     const { reason } = options
@@ -313,7 +313,7 @@ export class SignerMismatchError extends PaymentError {
   override readonly name = 'SignerMismatchError'
   readonly title = 'Signer Mismatch'
   override readonly status = 402
-  readonly type = 'https://paymentauth.org/problems/stream/signer-mismatch'
+  readonly type = 'https://paymentauth.org/problems/session/signer-mismatch'
   constructor(options: SignerMismatchError.Options = {}) {
     const { reason } = options
@@ -334,7 +334,7 @@ export class AmountExceedsDepositError extends PaymentError {
   override readonly name = 'AmountExceedsDepositError'
   readonly title = 'Amount Exceeds Deposit'
   override readonly status = 402
-  readonly type = 'https://paymentauth.org/problems/stream/amount-exceeds-deposit'
+  readonly type = 'https://paymentauth.org/problems/session/amount-exceeds-deposit'
   constructor(options: AmountExceedsDepositError.Options = {}) {
     const { reason } = options
@@ -355,7 +355,7 @@ export class DeltaTooSmallError extends PaymentError {
   override readonly name = 'DeltaTooSmallError'
   readonly title = 'Delta Too Small'
   override readonly status = 402
-  readonly type = 'https://paymentauth.org/problems/stream/delta-too-small'
+  readonly type = 'https://paymentauth.org/problems/session/delta-too-small'
   constructor(options: DeltaTooSmallError.Options = {}) {
     const { reason } = options
@@ -376,7 +376,7 @@ export class ChannelNotFoundError extends PaymentError {
   override readonly name = 'ChannelNotFoundError'
   readonly title = 'Channel Not Found'
   override readonly status = 410
-  readonly type = 'https://paymentauth.org/problems/stream/channel-not-found'
+  readonly type = 'https://paymentauth.org/problems/session/channel-not-found'
   constructor(options: ChannelNotFoundError.Options = {}) {
     const { reason } = options
@@ -397,7 +397,7 @@ export class ChannelClosedError extends PaymentError {
   override readonly name = 'ChannelClosedError'
   readonly title = 'Channel Closed'
   override readonly status = 410
-  readonly type = 'https://paymentauth.org/problems/stream/channel-finalized'
+  readonly type = 'https://paymentauth.org/problems/session/channel-finalized'
   constructor(options: ChannelClosedError.Options = {}) {
     const { reason } = options

package/src/Store.test.ts ADDED Viewed

@@ -0,0 +1,93 @@
+import { describe, expect, test } from 'vitest'
+import * as Store from './Store.js'
+const nested = {
+  name: 'alice',
+  scores: [1, 2, 3],
+  meta: { active: true, tags: ['a', 'b'] },
+}
+function fakeKv(): Store.cloudflare.Parameters {
+  const map = new Map<string, string>()
+  return {
+    async get(key) {
+      return map.get(key) ?? null
+    },
+    async put(key, value) {
+      map.set(key, value)
+    },
+    async delete(key) {
+      map.delete(key)
+    },
+  }
+}
+describe.each([
+  { label: 'memory', create: () => Store.memory() },
+  { label: 'cloudflare', create: () => Store.cloudflare(fakeKv()) },
+  {
+    label: 'upstash',
+    create: () => {
+      const kv = fakeKv()
+      return Store.upstash({
+        get: kv.get,
+        set: (key, value) => kv.put(key, value as string),
+        del: (key) => kv.delete(key),
+      })
+    },
+  },
+])('$label', ({ create }) => {
+  test('roundtrip', async () => {
+    const store = create()
+    await store.put('k', nested)
+    expect(await store.get('k')).toEqual(nested)
+  })
+  test('get missing key returns null', async () => {
+    const store = create()
+    expect(await store.get('missing')).toBeNull()
+  })
+  test('delete removes key', async () => {
+    const store = create()
+    await store.put('k', 'value')
+    await store.delete('k')
+    expect(await store.get('k')).toBeNull()
+  })
+  test('put overwrites existing value', async () => {
+    const store = create()
+    await store.put('k', 'first')
+    await store.put('k', 'second')
+    expect(await store.get('k')).toBe('second')
+  })
+})
+describe('json roundtrip behavior', () => {
+  test('memory json-roundtrips nested objects', async () => {
+    const store = Store.memory()
+    const value = { a: [1, { b: 'c' }], d: null }
+    await store.put('k', value)
+    expect(await store.get('k')).toEqual(value)
+  })
+  test('cloudflare json-roundtrips nested objects', async () => {
+    const store = Store.cloudflare(fakeKv())
+    const value = { a: [1, { b: 'c' }], d: null }
+    await store.put('k', value)
+    expect(await store.get('k')).toEqual(value)
+  })
+  test('upstash passes values through without json serialization', async () => {
+    const kv = fakeKv()
+    const store = Store.upstash({
+      get: kv.get,
+      set: (key, value) => kv.put(key, value as string),
+      del: (key) => kv.delete(key),
+    })
+    const value = { a: 1 }
+    await store.put('k', value)
+    // upstash store does not JSON-serialize; the fake map holds the original reference
+    expect(await kv.get('k')).toBe(value)
+  })
+})