mppx 0.3.9 → 0.3.12

package/src/tempo/server/Charge.test.ts

@@ -2,10 +2,12 @@ import { Challenge, Credential, Receipt } from 'mppx'
 import { Mppx as Mppx_client, tempo as tempo_client } from 'mppx/client'
 import { Mppx as Mppx_server, tempo as tempo_server } from 'mppx/server'
 import type { Hex } from 'ox'
-import { Actions } from 'viem/tempo'
-import { describe, expect, test } from 'vitest'
+import { encodeFunctionData, parseUnits } from 'viem'
+import { prepareTransactionRequest, signTransaction } from 'viem/actions'
+import { Abis, Actions, Addresses, Tick } from 'viem/tempo'
+import { beforeAll, describe, expect, test } from 'vitest'
 import * as Http from '~test/Http.js'
-import { accounts, asset, chain, client } from '~test/tempo/viem.js'
+import { accounts, asset, chain, client, fundAccount } from '~test/tempo/viem.js'
 import * as Attribution from '../Attribution.js'
 
 const realm = 'api.example.com'
@@ -522,6 +524,133 @@ describe('tempo', () => {
 
       httpServer.close()
     })
+
+    test('error: rejects fee-payer transaction with unauthorized calls', async () => {
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            feePayer: accounts[0],
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0].address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await fetch(httpServer.url)
+      expect(response.status).toBe(402)
+
+      const challenge = Challenge.fromResponse(response, {
+        methods: [tempo_client.charge()],
+      })
+      const request = challenge.request
+
+      const memo = Attribution.encode({ serverId: challenge.realm })
+
+      // Build a transaction with the valid transfer + a rogue extra call
+      const transferCall = Actions.token.transfer.call({
+        amount: BigInt(request.amount),
+        memo,
+        to: request.recipient as Hex.Hex,
+        token: request.currency as Hex.Hex,
+      })
+
+      const rogueCall = {
+        to: request.currency as `0x${string}`,
+        data: encodeFunctionData({
+          abi: Abis.tip20,
+          functionName: 'transfer',
+          args: [accounts[2]!.address, 1n],
+        }),
+      }
+
+      const prepared = await prepareTransactionRequest(client, {
+        account: accounts[1]!,
+        calls: [transferCall, rogueCall],
+        nonceKey: 'expiring',
+      } as never)
+      prepared.gas = prepared.gas! + 5_000n
+      const signature = await signTransaction(client, prepared as never)
+
+      const credential = Credential.from({
+        challenge,
+        payload: { signature, type: 'transaction' as const },
+      })
+
+      {
+        const response = await fetch(httpServer.url, {
+          headers: { Authorization: Credential.serialize(credential) },
+        })
+        // Server rejects the transaction — returns 402 (error caught by handler)
+        expect(response.status).toBe(402)
+      }
+
+      httpServer.close()
+    })
+  })
+
+  describe('intent: charge; type: transaction; waitForConfirmation: false', () => {
+    test('returns receipt without waiting for confirmation', async () => {
+      const serverNoWait = Mppx_server.create({
+        methods: [
+          tempo_server.charge({
+            getClient() {
+              return client
+            },
+            currency: asset,
+            account: accounts[0],
+            waitForConfirmation: false,
+          }),
+        ],
+        realm,
+        secretKey,
+      })
+
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: accounts[1],
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          serverNoWait.charge({
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0].address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await fetch(httpServer.url)
+      expect(response.status).toBe(402)
+
+      const credential = await mppx.createCredential(response)
+
+      {
+        const response = await fetch(httpServer.url, {
+          headers: { Authorization: credential },
+        })
+        expect(response.status).toBe(200)
+
+        const receipt = Receipt.fromResponse(response)
+        expect(receipt.status).toBe('success')
+        expect(receipt.method).toBe('tempo')
+        expect(receipt.reference).toBeDefined()
+      }
+
+      httpServer.close()
+    })
   })
 
   describe('intent: unknown', () => {
@@ -994,4 +1123,308 @@ describe('tempo', () => {
       httpServer.close()
     })
   })
+
+  describe('auto-swap', () => {
+    // Use accounts[3] as payer with pathUsd only (no asset).
+    // Use accounts[4] as payer with zero balance.
+    const swapPayer = accounts[3]!
+    const brokePayer = accounts[4]!
+
+    beforeAll(async () => {
+      // Fund swap payer with pathUsd only
+      await fundAccount({ address: swapPayer.address, token: Addresses.pathUsd as Hex.Hex })
+
+      // Seed DEX liquidity: create pair, then place a sell order for `asset`.
+      await Actions.dex.createPair(client, {
+        account: accounts[0]!,
+        base: asset,
+      })
+      await fundAccount({ address: accounts[0]!.address, token: asset })
+      await Actions.token.approveSync(client, {
+        account: accounts[0]!,
+        token: asset,
+        spender: Addresses.stablecoinDex,
+        amount: parseUnits('1000', 6),
+      })
+      await Actions.dex.placeSync(client, {
+        account: accounts[0]!,
+        token: asset,
+        amount: parseUnits('1000', 6),
+        type: 'sell',
+        tick: Tick.fromPrice('1.001'),
+      })
+    })
+
+    test('swaps via DEX when user lacks target currency', async () => {
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: swapPayer,
+            autoSwap: true,
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await mppx.fetch(httpServer.url)
+      expect(response.status).toBe(200)
+
+      const receipt = Receipt.fromResponse(response)
+      expect(receipt.status).toBe('success')
+      expect(receipt.method).toBe('tempo')
+
+      httpServer.close()
+    })
+
+    test('direct transfer when user has target currency', async () => {
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: accounts[1]!,
+            autoSwap: true,
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await mppx.fetch(httpServer.url)
+      expect(response.status).toBe(200)
+
+      const receipt = Receipt.fromResponse(response)
+      expect(receipt.status).toBe('success')
+
+      httpServer.close()
+    })
+
+    test('custom slippage and tokenIn', async () => {
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: swapPayer,
+            autoSwap: {
+              slippage: 2,
+              tokenIn: [Addresses.pathUsd],
+            },
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await mppx.fetch(httpServer.url)
+      expect(response.status).toBe(200)
+
+      httpServer.close()
+    })
+
+    test('autoSwap enabled via fetch context', async () => {
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: swapPayer,
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await mppx.fetch(httpServer.url, {
+        context: { autoSwap: true },
+      })
+      expect(response.status).toBe(200)
+
+      const receipt = Receipt.fromResponse(response)
+      expect(receipt.status).toBe('success')
+
+      httpServer.close()
+    })
+
+    test('autoSwap with custom options via fetch context', async () => {
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: swapPayer,
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await mppx.fetch(httpServer.url, {
+        context: {
+          autoSwap: { slippage: 2, tokenIn: [Addresses.pathUsd] },
+        },
+      })
+      expect(response.status).toBe(200)
+
+      httpServer.close()
+    })
+
+    test('error: throws when no fallback currency has sufficient balance', async () => {
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: brokePayer,
+            autoSwap: true,
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      await expect(mppx.fetch(httpServer.url)).rejects.toThrow('Insufficient funds')
+
+      httpServer.close()
+    })
+
+    test('error: throws when amount exceeds swap liquidity', async () => {
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: swapPayer,
+            autoSwap: true,
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '999999999',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      await expect(mppx.fetch(httpServer.url)).rejects.toThrow('Insufficient funds')
+
+      httpServer.close()
+    })
+
+    test('error: throws when tokenIn list has no viable candidates', async () => {
+      const bogusToken = '0x0000000000000000000000000000000000099999' as const
+
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: brokePayer,
+            autoSwap: { tokenIn: [bogusToken] },
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0]!.address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      await expect(mppx.fetch(httpServer.url)).rejects.toThrow('Insufficient funds')
+
+      httpServer.close()
+    })
+  })
 })

package/src/tempo/server/Charge.ts

@@ -1,11 +1,10 @@
+import { decodeFunctionData, isAddressEqual, parseEventLogs, type TransactionReceipt } from 'viem'
 import {
-  decodeFunctionData,
-  isAddressEqual,
-  parseEventLogs,
-  type TransactionReceipt,
-  toFunctionSelector,
-} from 'viem'
-import { getTransactionReceipt, sendRawTransactionSync, signTransaction } from 'viem/actions'
+  getTransactionReceipt,
+  sendRawTransaction,
+  sendRawTransactionSync,
+  signTransaction,
+} from 'viem/actions'
 import { tempo as tempo_chain } from 'viem/chains'
 import { Abis, Transaction } from 'viem/tempo'
 import { PaymentExpiredError } from '../../Errors.js'
@@ -14,17 +13,12 @@ import * as Method from '../../Method.js'
 import * as Client from '../../viem/Client.js'
 import * as Account from '../internal/account.js'
 import * as defaults from '../internal/defaults.js'
+import * as FeePayer from '../internal/fee-payer.js'
+import * as Selectors from '../internal/selectors.js'
+import { simulateTransaction } from '../internal/simulate.js'
 import type * as types from '../internal/types.js'
 import * as Methods from '../Methods.js'
 
-const transferSelector = /*#__PURE__*/ toFunctionSelector(
-  'function transfer(address to, uint256 amount)',
-)
-
-const transferWithMemoSelector = /*#__PURE__*/ toFunctionSelector(
-  'function transferWithMemo(address to, uint256 amount, bytes32 memo)',
-)
-
 /**
  * Creates a Tempo charge method intent for usage on the server.
  *
@@ -45,6 +39,7 @@ export function charge<const parameters extends charge.Parameters>(
     description,
     externalId,
     memo,
+    waitForConfirmation = true,
   } = parameters
 
   const { recipient, feePayer } = Account.resolve(parameters)
@@ -195,7 +190,7 @@ export function charge<const parameters extends charge.Parameters>(
             const selector = call.data.slice(0, 10)
 
             if (memo) {
-              if (selector !== transferWithMemoSelector) return false
+              if (selector !== Selectors.transferWithMemo) return false
               try {
                 const { args } = decodeFunctionData({ abi: Abis.tip20, data: call.data })
                 const [to, amount_, memo_] = args as [`0x${string}`, bigint, `0x${string}`]
@@ -209,7 +204,7 @@ export function charge<const parameters extends charge.Parameters>(
               }
             }
 
-            if (selector === transferSelector) {
+            if (selector === Selectors.transfer) {
               try {
                 const { args } = decodeFunctionData({ abi: Abis.tip20, data: call.data })
                 const [to, amount_] = args as [`0x${string}`, bigint]
@@ -219,7 +214,7 @@ export function charge<const parameters extends charge.Parameters>(
               }
             }
 
-            if (selector === transferWithMemoSelector) {
+            if (selector === Selectors.transferWithMemo) {
               try {
                 const { args } = decodeFunctionData({ abi: Abis.tip20, data: call.data })
                 const [to, amount_] = args as [`0x${string}`, bigint, `0x${string}`]
@@ -239,6 +234,9 @@ export function charge<const parameters extends charge.Parameters>(
               recipient,
             })
 
+          if (feePayer && methodDetails?.feePayer !== false)
+            FeePayer.validateCalls(calls, { amount, currency, recipient })
+
           const serializedTransaction_final = await (async () => {
             if (feePayer && methodDetails?.feePayer !== false) {
               return signTransaction(client, {
@@ -250,11 +248,30 @@ export function charge<const parameters extends charge.Parameters>(
             return serializedTransaction
           })()
 
-          const receipt = await sendRawTransactionSync(client, {
-            serializedTransaction: serializedTransaction_final,
-          })
-
-          return toReceipt(receipt)
+          if (waitForConfirmation) {
+            const receipt = await sendRawTransactionSync(client, {
+              serializedTransaction: serializedTransaction_final,
+            })
+            return toReceipt(receipt)
+          } else {
+            // Optimistic path: simulate to catch obvious reverts, then broadcast
+            // without waiting for on-chain confirmation. The returned receipt
+            // assumes success — callers opt into this risk via waitForConfirmation: false.
+            await simulateTransaction(client, {
+              ...transaction,
+              from: transaction.from as `0x${string}`,
+              calls,
+            })
+            const hash = await sendRawTransaction(client, {
+              serializedTransaction: serializedTransaction_final,
+            })
+            return {
+              method: 'tempo',
+              status: 'success',
+              timestamp: new Date().toISOString(),
+              reference: hash,
+            } as const
+          }
         }
 
         default:
@@ -270,6 +287,18 @@ export declare namespace charge {
   type Parameters = {
     /** Testnet mode. */
     testnet?: boolean | undefined
+    /**
+     * Whether to wait for the charge transaction to confirm on-chain before
+     * responding. @default true
+     *
+     * When `false`, the transaction is simulated via `eth_estimateGas` and
+     * broadcast without waiting for inclusion. The receipt will optimistically
+     * report `status: 'success'` based on simulation alone — if the
+     * transaction reverts on-chain after broadcast (e.g. due to a state
+     * change between simulation and inclusion), the receipt will not reflect
+     * the failure.
+     */
+    waitForConfirmation?: boolean | undefined
   } & Client.getResolver.Parameters &
     Account.resolve.Parameters &
     Defaults

package/src/tempo/server/Session.test.ts

@@ -1101,6 +1101,55 @@ describe('session', () => {
       expect(result).toBeUndefined()
     })
 
+    test('returns undefined for open POST with content-length > 0 (content request)', () => {
+      const server = createServer()
+      const result = server.respond!({
+        credential: {
+          challenge: makeChallenge({
+            channelId: '0x0000000000000000000000000000000000000000000000000000000000000001' as Hex,
+          }),
+          payload: { action: 'open' },
+        },
+        input: new Request('http://localhost', {
+          method: 'POST',
+          headers: { 'content-length': '42' },
+        }),
+      } as any)
+      expect(result).toBeUndefined()
+    })
+
+    test('returns undefined for open POST with transfer-encoding header (content request)', () => {
+      const server = createServer()
+      const result = server.respond!({
+        credential: {
+          challenge: makeChallenge({
+            channelId: '0x0000000000000000000000000000000000000000000000000000000000000001' as Hex,
+          }),
+          payload: { action: 'open' },
+        },
+        input: new Request('http://localhost', {
+          method: 'POST',
+          headers: { 'transfer-encoding': 'chunked' },
+        }),
+      } as any)
+      expect(result).toBeUndefined()
+    })
+
+    test('returns 204 for GET with topUp action', () => {
+      const server = createServer()
+      const result = server.respond!({
+        credential: {
+          challenge: makeChallenge({
+            channelId: '0x0000000000000000000000000000000000000000000000000000000000000001' as Hex,
+          }),
+          payload: { action: 'topUp' },
+        },
+        input: new Request('http://localhost', { method: 'GET' }),
+      } as any)
+      expect(result).toBeInstanceOf(Response)
+      expect((result as Response).status).toBe(204)
+    })
+
     test('returns undefined for voucher POST with content-length > 0 (content request)', () => {
       const server = createServer()
       const result = server.respond!({