npm - mppx - Versions diffs - 0.4.11 → 0.5.0 - Mend

mppx 0.4.11 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (89) hide show

package/CHANGELOG.md +21 -0
package/dist/Expires.d.ts +7 -0
package/dist/Expires.d.ts.map +1 -1
package/dist/Expires.js +21 -0
package/dist/Expires.js.map +1 -1
package/dist/internal/env.d.ts +1 -1
package/dist/internal/env.d.ts.map +1 -1
package/dist/internal/env.js +2 -6
package/dist/internal/env.js.map +1 -1
package/dist/internal/types.d.ts +23 -0
package/dist/internal/types.d.ts.map +1 -1
package/dist/server/Mppx.d.ts +1 -1
package/dist/server/Mppx.d.ts.map +1 -1
package/dist/server/Mppx.js +55 -7
package/dist/server/Mppx.js.map +1 -1
package/dist/stripe/server/Charge.d.ts.map +1 -1
package/dist/stripe/server/Charge.js +3 -3
package/dist/stripe/server/Charge.js.map +1 -1
package/dist/tempo/Methods.d.ts +18 -0
package/dist/tempo/Methods.d.ts.map +1 -1
package/dist/tempo/Methods.js +28 -3
package/dist/tempo/Methods.js.map +1 -1
package/dist/tempo/client/Charge.d.ts +24 -0
package/dist/tempo/client/Charge.d.ts.map +1 -1
package/dist/tempo/client/Charge.js +51 -9
package/dist/tempo/client/Charge.js.map +1 -1
package/dist/tempo/client/Methods.d.ts +18 -0
package/dist/tempo/client/Methods.d.ts.map +1 -1
package/dist/tempo/internal/account.d.ts +5 -11
package/dist/tempo/internal/account.d.ts.map +1 -1
package/dist/tempo/internal/charge.d.ts +20 -0
package/dist/tempo/internal/charge.d.ts.map +1 -0
package/dist/tempo/internal/charge.js +23 -0
package/dist/tempo/internal/charge.js.map +1 -0
package/dist/tempo/internal/fee-payer.d.ts.map +1 -1
package/dist/tempo/internal/fee-payer.js +15 -3
package/dist/tempo/internal/fee-payer.js.map +1 -1
package/dist/tempo/internal/proof.d.ts +23 -0
package/dist/tempo/internal/proof.d.ts.map +1 -0
package/dist/tempo/internal/proof.js +17 -0
package/dist/tempo/internal/proof.js.map +1 -0
package/dist/tempo/server/Charge.d.ts +20 -2
package/dist/tempo/server/Charge.d.ts.map +1 -1
package/dist/tempo/server/Charge.js +180 -103
package/dist/tempo/server/Charge.js.map +1 -1
package/dist/tempo/server/Methods.d.ts +20 -2
package/dist/tempo/server/Methods.d.ts.map +1 -1
package/dist/tempo/server/Methods.js +4 -1
package/dist/tempo/server/Methods.js.map +1 -1
package/dist/tempo/server/Session.d.ts +9 -4
package/dist/tempo/server/Session.d.ts.map +1 -1
package/dist/tempo/server/Session.js +18 -3
package/dist/tempo/server/Session.js.map +1 -1
package/dist/tempo/session/Chain.d.ts +18 -2
package/dist/tempo/session/Chain.d.ts.map +1 -1
package/dist/tempo/session/Chain.js +18 -14
package/dist/tempo/session/Chain.js.map +1 -1
package/package.json +1 -1
package/src/Expires.ts +25 -0
package/src/cli/cli.test.ts +230 -1
package/src/internal/env.test.ts +12 -12
package/src/internal/env.ts +2 -6
package/src/internal/types.ts +25 -0
package/src/middlewares/elysia.test.ts +127 -4
package/src/middlewares/express.test.ts +120 -54
package/src/middlewares/hono.test.ts +73 -34
package/src/middlewares/nextjs.test.ts +159 -36
package/src/server/Mppx.test.ts +373 -0
package/src/server/Mppx.ts +64 -10
package/src/stripe/server/Charge.ts +3 -7
package/src/tempo/Methods.test.ts +105 -0
package/src/tempo/Methods.ts +54 -17
package/src/tempo/client/Charge.ts +67 -11
package/src/tempo/internal/account.ts +7 -14
package/src/tempo/internal/charge.test.ts +66 -0
package/src/tempo/internal/charge.ts +43 -0
package/src/tempo/internal/fee-payer.test.ts +33 -14
package/src/tempo/internal/fee-payer.ts +21 -6
package/src/tempo/internal/proof.test.ts +36 -0
package/src/tempo/internal/proof.ts +19 -0
package/src/tempo/server/Charge.test.ts +593 -1
package/src/tempo/server/Charge.ts +233 -126
package/src/tempo/server/Methods.ts +4 -1
package/src/tempo/server/Session.test.ts +1152 -54
package/src/tempo/server/Session.ts +26 -17
package/src/tempo/server/internal/transport.test.ts +32 -0
package/src/tempo/session/Chain.test.ts +60 -5
package/src/tempo/session/Chain.ts +30 -14
package/src/tempo/session/Sse.test.ts +31 -0

package/src/middlewares/nextjs.test.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import * as http from 'node:http'
-import { Receipt } from 'mppx'
+import { Challenge, Credential, Receipt } from 'mppx'
 import { Mppx as Mppx_client, session as sessionIntent, tempo as tempo_client } from 'mppx/client'
 import { Mppx, discovery } from 'mppx/nextjs'
 import { tempo as tempo_server } from 'mppx/server'
@@ -8,7 +8,7 @@ import type { Address } from 'viem'
 import { Addresses } from 'viem/tempo'
 import { beforeAll, describe, expect, test } from 'vp/test'
 import { deployEscrow } from '~test/tempo/session.js'
-import { accounts, asset, client, fundAccount } from '~test/tempo/viem.js'
+import { accounts, asset, chain, client, fundAccount } from '~test/tempo/viem.js'
 function createServer(handler: (request: Request) => Promise<Response> | Response) {
   return new Promise<{ url: string; close: () => void }>((resolve) => {
@@ -36,13 +36,14 @@ function createServer(handler: (request: Request) => Promise<Response> | Respons
 const secretKey = 'test-secret-key'
-describe('charge', () => {
+function createChargeHarness(feePayer: boolean) {
   const mppx = Mppx.create({
     methods: [
       tempo_server.charge({
         getClient: () => client,
         currency: asset,
         account: accounts[0],
+        ...(feePayer ? { feePayer: true } : {}),
       }),
     ],
     secretKey,
@@ -58,7 +59,13 @@ describe('charge', () => {
     ],
   })
+  return { fetch, mppx }
+}
+describe('charge', () => {
   test('returns 402 when no credential', async () => {
+    const { mppx } = createChargeHarness(false)
     const handler = mppx.charge({ amount: '1' })(() =>
       Response.json({ fortune: 'You will be rich' }),
     )
@@ -72,6 +79,8 @@ describe('charge', () => {
   })
   test('returns 200 with receipt on valid payment', async () => {
+    const { fetch, mppx } = createChargeHarness(false)
     const handler = mppx.charge({ amount: '1' })(() =>
       Response.json({ fortune: 'You will be rich' }),
     )
@@ -90,7 +99,108 @@ describe('charge', () => {
     server.close()
   })
+  test('fee payer: returns 200 with receipt on valid payment', async () => {
+    const { fetch, mppx } = createChargeHarness(true)
+    const handler = mppx.charge({ amount: '1' })(() =>
+      Response.json({ fortune: 'You will be rich' }),
+    )
+    const server = await createServer(handler)
+    const response = await fetch(server.url)
+    expect(response.status).toBe(200)
+    expect(Receipt.fromResponse(response).status).toBe('success')
+    server.close()
+  })
+  test('zero-amount charge creates a proof credential and receipt', async () => {
+    const { fetch, mppx } = createChargeHarness(false)
+    const handler = mppx.charge({ amount: '0' })((request) =>
+      Response.json({ payer: request.headers.get('Authorization') }),
+    )
+    const server = await createServer(handler)
+    const challengeResponse = await globalThis.fetch(server.url)
+    expect(challengeResponse.status).toBe(402)
+    const response = await fetch(server.url)
+    expect(response.status).toBe(200)
+    const body = (await response.json()) as { payer: string }
+    const credential = Credential.deserialize<{ signature: string; type: 'proof' }>(body.payer)
+    expect(credential.challenge.request.amount).toBe('0')
+    expect(credential.payload.type).toBe('proof')
+    expect(credential.source).toBe(`did:pkh:eip155:${chain.id}:${accounts[1].address}`)
+    const receipt = Receipt.fromResponse(response)
+    expect(receipt.reference).toBe(credential.challenge.id)
+    server.close()
+  })
+  test('zero-amount charge with testnet currency omission creates a proof credential', async () => {
+    const isTestnet = true
+    const mainnetCurrency = '0x20C000000000000000000000b9537d11c60E8b50' as const
+    const mppx = Mppx.create({
+      methods: [
+        tempo_server.charge({
+          account: accounts[0],
+          getClient: () => client,
+          ...(isTestnet ? {} : { currency: mainnetCurrency }),
+          recipient: accounts[0].address,
+          testnet: isTestnet,
+        }),
+      ],
+      secretKey,
+    })
+    const { fetch } = Mppx_client.create({
+      polyfill: false,
+      methods: [
+        tempo_client.charge({
+          account: accounts[1],
+          getClient: () => client,
+        }),
+      ],
+    })
+    const handler = mppx.charge({ amount: '0', chainId: chain.id })((request) =>
+      Response.json({ payer: request.headers.get('Authorization') }),
+    )
+    const server = await createServer(handler)
+    const challengeResponse = await globalThis.fetch(server.url)
+    expect(challengeResponse.status).toBe(402)
+    const challenge = Challenge.fromResponse(challengeResponse, {
+      methods: [tempo_client.charge()],
+    })
+    expect(challenge.request.currency).toBe('0x20c0000000000000000000000000000000000000')
+    const response = await fetch(server.url)
+    expect(response.status).toBe(200)
+    const body = (await response.json()) as { payer: string }
+    const credential = Credential.deserialize<{ signature: string; type: 'proof' }>(body.payer)
+    expect(credential.challenge.request.amount).toBe('0')
+    expect(credential.challenge.request.currency).toBe('0x20c0000000000000000000000000000000000000')
+    expect(credential.payload.type).toBe('proof')
+    expect(credential.source).toBe(`did:pkh:eip155:${chain.id}:${accounts[1].address}`)
+    const receipt = Receipt.fromResponse(response)
+    expect(receipt.reference).toBe(credential.challenge.id)
+    server.close()
+  })
   test('serves /openapi.json from a handler-derived route config', async () => {
+    const { mppx } = createChargeHarness(false)
     const pay = mppx.charge({ amount: '1' })
     const server = await createServer(
       discovery(mppx, {
@@ -119,13 +229,7 @@ describe('charge', () => {
 describe('session', () => {
   let escrowContract: Address
-  beforeAll(async () => {
-    escrowContract = await deployEscrow()
-    await fundAccount({ address: accounts[2].address, token: Addresses.pathUsd })
-    await fundAccount({ address: accounts[2].address, token: asset })
-  })
-  test('returns 402 when no credential', async () => {
+  function createSessionHarness(feePayer: boolean) {
     const mppx = Mppx.create({
       methods: [
         tempo_server.session({
@@ -133,12 +237,38 @@ describe('session', () => {
           account: accounts[0],
           currency: asset,
           escrowContract,
-        }),
+          ...(feePayer ? { feePayer: accounts[1] } : {}),
+        } as any),
       ],
       secretKey,
     })
-    const handler = mppx.session({ amount: '1', unitType: 'token' })(() =>
+    const { fetch } = Mppx_client.create({
+      polyfill: false,
+      methods: [
+        sessionIntent({
+          account: accounts[2],
+          deposit: '10',
+          getClient: () => client,
+        }),
+      ],
+    })
+    return { fetch, mppx }
+  }
+  beforeAll(async () => {
+    escrowContract = await deployEscrow()
+    await fundAccount({ address: accounts[1].address, token: Addresses.pathUsd })
+    await fundAccount({ address: accounts[1].address, token: asset })
+    await fundAccount({ address: accounts[2].address, token: Addresses.pathUsd })
+    await fundAccount({ address: accounts[2].address, token: asset })
+  })
+  test('returns 402 when no credential', async () => {
+    const { mppx } = createSessionHarness(false)
+    const handler = mppx.session({ amount: '1', currency: asset, unitType: 'token' })(() =>
       Response.json({ data: 'streamed' }),
     )
@@ -151,31 +281,9 @@ describe('session', () => {
   })
   test('returns 200 with receipt on valid payment', async () => {
-    const mppx = Mppx.create({
-      methods: [
-        tempo_server.session({
-          getClient: () => client,
-          account: accounts[0],
-          currency: asset,
-          escrowContract,
-          feePayer: true,
-        }),
-      ],
-      secretKey,
-    })
-    const { fetch } = Mppx_client.create({
-      polyfill: false,
-      methods: [
-        sessionIntent({
-          account: accounts[2],
-          deposit: '10',
-          getClient: () => client,
-        }),
-      ],
-    })
+    const { fetch, mppx } = createSessionHarness(false)
-    const handler = mppx.session({ amount: '1', unitType: 'token' })(() =>
+    const handler = mppx.session({ amount: '1', currency: asset, unitType: 'token' })(() =>
       Response.json({ data: 'streamed' }),
     )
@@ -192,4 +300,19 @@ describe('session', () => {
     server.close()
   })
+  test('fee payer: returns 200 with receipt on valid payment', async () => {
+    const { fetch, mppx } = createSessionHarness(true)
+    const handler = mppx.session({ amount: '1', currency: asset, unitType: 'token' })(() =>
+      Response.json({ data: 'streamed' }),
+    )
+    const server = await createServer(handler)
+    const response = await fetch(server.url)
+    expect(response.status).toBe(200)
+    expect(Receipt.fromResponse(response).status).toBe('success')
+    server.close()
+  })
 })

package/src/server/Mppx.test.ts CHANGED Viewed

@@ -422,6 +422,92 @@ describe('request handler', () => {
     `)
     expect((body as { detail: string }).detail).toContain('Payment expired at')
   })
+  test('returns 402 when credential challenge has no expires (fail-closed)', async () => {
+    const handle = Mppx.create({ methods: [method], realm, secretKey }).charge({
+      amount: '1000',
+      currency: asset,
+      expires: new Date(Date.now() + 60_000).toISOString(),
+      recipient: accounts[0].address,
+    })
+    // Get a valid challenge from the server to capture the exact request shape
+    const firstResult = await handle(new Request('https://example.com/resource'))
+    expect(firstResult.status).toBe(402)
+    if (firstResult.status !== 402) throw new Error()
+    const serverChallenge = Challenge.fromResponse(firstResult.challenge)
+    // Re-create the same challenge WITHOUT expires, with a valid HMAC
+    const { expires: _, ...rest } = serverChallenge
+    const challengeNoExpires = Challenge.from({
+      secretKey,
+      realm: rest.realm,
+      method: rest.method,
+      intent: rest.intent,
+      request: rest.request,
+      ...(rest.opaque && { meta: rest.opaque }),
+    })
+    const credential = Credential.from({
+      challenge: challengeNoExpires,
+      payload: { signature: '0x123', type: 'transaction' },
+    })
+    const result = await handle(
+      new Request('https://example.com/resource', {
+        headers: { Authorization: Credential.serialize(credential) },
+      }),
+    )
+    expect(result.status).toBe(402)
+    if (result.status !== 402) throw new Error()
+    const body = (await result.challenge.json()) as { title: string; detail: string }
+    expect(body.title).toBe('Invalid Challenge')
+    expect(body.detail).toContain('missing required expires')
+  })
+  test('returns 402 when credential challenge has malformed expires', async () => {
+    const handle = Mppx.create({ methods: [method], realm, secretKey }).charge({
+      amount: '1000',
+      currency: asset,
+      expires: new Date(Date.now() + 60_000).toISOString(),
+      recipient: accounts[0].address,
+    })
+    // Get a valid challenge from the server to capture the exact request shape
+    const firstResult = await handle(new Request('https://example.com/resource'))
+    expect(firstResult.status).toBe(402)
+    if (firstResult.status !== 402) throw new Error()
+    const serverChallenge = Challenge.fromResponse(firstResult.challenge)
+    // Re-create the challenge with a valid HMAC but inject a malformed expires
+    // by patching the challenge object after construction (bypasses zod at build time).
+    const challengeMalformed = {
+      ...serverChallenge,
+      expires: 'not-a-timestamp',
+    }
+    const credential = Credential.from({
+      challenge: challengeMalformed as any,
+      payload: { signature: '0x123', type: 'transaction' },
+    })
+    // Credential.serialize does not re-validate, so the malformed expires
+    // reaches the server. Deserialization rejects it via zod schema.
+    const result = await handle(
+      new Request('https://example.com/resource', {
+        headers: { Authorization: Credential.serialize(credential) },
+      }),
+    )
+    expect(result.status).toBe(402)
+    if (result.status !== 402) throw new Error()
+    const body = (await result.challenge.json()) as { title: string; detail: string }
+    expect(body.title).toBe('Malformed Credential')
+  })
   test('returns 402 when payload schema validation fails', async () => {
     const handle = Mppx.create({ methods: [method], realm, secretKey }).charge({
       amount: '1000',
@@ -1567,6 +1653,77 @@ describe('cross-route credential replay via scope binding flaw', () => {
     // The result should be 200 (matched to cheap), not routed to expensive.
     expect(result.status).toBe(200)
   })
+  test('rejects no-splits credential replayed at splits route', async () => {
+    // Method whose schema transform moves splits into methodDetails.
+    const splitsMethod = Method.from({
+      name: 'mock',
+      intent: 'charge',
+      schema: {
+        credential: { payload: z.object({ token: z.string() }) },
+        request: z.pipe(
+          z.object({
+            amount: z.string(),
+            currency: z.string(),
+            decimals: z.number(),
+            recipient: z.string(),
+            splits: z.optional(z.array(z.object({ amount: z.string(), recipient: z.string() }))),
+          }),
+          z.transform(({ amount, currency, decimals, recipient, splits }) => ({
+            methodDetails: {
+              amount: String(Number(amount) * 10 ** decimals),
+              currency,
+              recipient,
+              ...(splits && { splits }),
+            },
+          })),
+        ),
+      },
+    })
+    const splitsServerMethod = Method.toServer(splitsMethod, {
+      async verify() {
+        return mockReceipt()
+      },
+    })
+    const handler = Mppx.create({ methods: [splitsServerMethod], realm, secretKey })
+    // Get a challenge from a route with no splits
+    const noSplitsHandle = handler.charge({
+      amount: '1',
+      currency: '0x0000000000000000000000000000000000000001',
+      decimals: 6,
+      expires: new Date(Date.now() + 60_000).toISOString(),
+      recipient: '0x0000000000000000000000000000000000000002',
+    })
+    const noSplitsResult = await noSplitsHandle(new Request('https://example.com/no-splits'))
+    expect(noSplitsResult.status).toBe(402)
+    if (noSplitsResult.status !== 402) throw new Error()
+    const noSplitsChallenge = Challenge.fromResponse(noSplitsResult.challenge)
+    const credential = Credential.from({
+      challenge: noSplitsChallenge,
+      payload: { token: 'valid' },
+    })
+    // Present at a route that requires splits
+    const splitsHandle = handler.charge({
+      amount: '1',
+      currency: '0x0000000000000000000000000000000000000001',
+      decimals: 6,
+      expires: new Date(Date.now() + 60_000).toISOString(),
+      recipient: '0x0000000000000000000000000000000000000002',
+      splits: [{ amount: '0.2', recipient: '0x0000000000000000000000000000000000000003' }],
+    })
+    const result = await splitsHandle(
+      new Request('https://example.com/with-splits', {
+        headers: { Authorization: Credential.serialize(credential) },
+      }),
+    )
+    expect(result.status).toBe(402)
+  })
 })
 describe('withReceipt', () => {
@@ -1741,3 +1898,219 @@ describe('withReceipt', () => {
     server.close()
   })
 })
+describe('realm auto-detection', () => {
+  beforeEach(() => {
+    // Clear all env vars that Env.get('realm') probes so realm falls through to request detection
+    for (const name of [
+      'MPP_REALM',
+      'FLY_APP_NAME',
+      'HEROKU_APP_NAME',
+      'RAILWAY_PUBLIC_DOMAIN',
+      'RENDER_EXTERNAL_HOSTNAME',
+      'VERCEL_URL',
+      'WEBSITE_HOSTNAME',
+    ])
+      vi.stubEnv(name, '')
+  })
+  afterEach(() => {
+    vi.unstubAllEnvs()
+  })
+  const mockMethod = Method.toServer(
+    Method.from({
+      name: 'mock',
+      intent: 'charge',
+      schema: {
+        credential: { payload: z.object({ token: z.string() }) },
+        request: z.object({ amount: z.string(), currency: z.string(), recipient: z.string() }),
+      },
+    }),
+    {
+      async verify() {
+        return {
+          method: 'mock',
+          reference: 'ref',
+          status: 'success' as const,
+          timestamp: new Date().toISOString(),
+        }
+      },
+    },
+  )
+  test.each([
+    { url: 'https://mpp.dev/resource', expected: 'mpp.dev' },
+    { url: 'https://api.example.com/v1/resource', expected: 'api.example.com' },
+    { url: 'https://localhost:8787/resource', expected: 'localhost' },
+    { url: 'https://MPP.DEV/resource', expected: 'mpp.dev' },
+    { url: 'http://staging.mpp.dev:3000/api', expected: 'staging.mpp.dev' },
+  ])('derives realm "$expected" from $url', async ({ url, expected }) => {
+    const handler = Mppx.create({ methods: [mockMethod], secretKey })
+    const result = await handler.charge({
+      amount: '100',
+      currency: '0x0000000000000000000000000000000000000001',
+      recipient: '0x0000000000000000000000000000000000000002',
+    })(new Request(url))
+    expect(result.status).toBe(402)
+    if (result.status !== 402) throw new Error()
+    const challenge = Challenge.fromResponse(result.challenge)
+    expect(challenge.realm).toBe(expected)
+  })
+  test('credential verifies across different casing of same host', async () => {
+    const handler = Mppx.create({ methods: [mockMethod], secretKey })
+    const chargeOpts = {
+      amount: '100',
+      currency: '0x0000000000000000000000000000000000000001',
+      recipient: '0x0000000000000000000000000000000000000002',
+    }
+    // Get challenge with uppercase host
+    const result = await handler.charge(chargeOpts)(new Request('https://MPP.DEV/resource'))
+    expect(result.status).toBe(402)
+    if (result.status !== 402) throw new Error()
+    const challenge = Challenge.fromResponse(result.challenge)
+    const credential = Credential.from({ challenge, payload: { token: 'valid' } })
+    // Verify with lowercase host — should match since both normalize
+    const verifyResult = await handler.charge(chargeOpts)(
+      new Request('https://mpp.dev/resource', {
+        headers: { Authorization: Credential.serialize(credential) },
+      }),
+    )
+    expect(verifyResult.status).toBe(200)
+  })
+  test('explicit realm takes precedence over request url', async () => {
+    const handler = Mppx.create({ methods: [mockMethod], realm: 'explicit.example.com', secretKey })
+    const request = new Request('https://other.example.com/resource')
+    const result = await handler.charge({
+      amount: '100',
+      currency: '0x0000000000000000000000000000000000000001',
+      recipient: '0x0000000000000000000000000000000000000002',
+    })(request)
+    expect(result.status).toBe(402)
+    if (result.status !== 402) throw new Error()
+    const challenge = Challenge.fromResponse(result.challenge)
+    expect(challenge.realm).toBe('explicit.example.com')
+  })
+  test('challenge and verification use same auto-detected realm', async () => {
+    const handler = Mppx.create({ methods: [mockMethod], secretKey })
+    const url = 'https://mpp.dev/resource'
+    // Get challenge
+    const result = await handler.charge({
+      amount: '100',
+      currency: '0x0000000000000000000000000000000000000001',
+      recipient: '0x0000000000000000000000000000000000000002',
+    })(new Request(url))
+    expect(result.status).toBe(402)
+    if (result.status !== 402) throw new Error()
+    const challenge = Challenge.fromResponse(result.challenge)
+    const credential = Credential.from({ challenge, payload: { token: 'valid' } })
+    // Replay with credential from same host — should verify
+    const verifyResult = await handler.charge({
+      amount: '100',
+      currency: '0x0000000000000000000000000000000000000001',
+      recipient: '0x0000000000000000000000000000000000000002',
+    })(new Request(url, { headers: { Authorization: Credential.serialize(credential) } }))
+    expect(verifyResult.status).toBe(200)
+  })
+  test('credential from one host rejected at different host', async () => {
+    const handler = Mppx.create({ methods: [mockMethod], secretKey })
+    // Get challenge from host A
+    const result = await handler.charge({
+      amount: '100',
+      currency: '0x0000000000000000000000000000000000000001',
+      recipient: '0x0000000000000000000000000000000000000002',
+    })(new Request('https://host-a.example.com/resource'))
+    expect(result.status).toBe(402)
+    if (result.status !== 402) throw new Error()
+    const challenge = Challenge.fromResponse(result.challenge)
+    const credential = Credential.from({ challenge, payload: { token: 'valid' } })
+    // Present at host B — realm mismatch should reject
+    const verifyResult = await handler.charge({
+      amount: '100',
+      currency: '0x0000000000000000000000000000000000000001',
+      recipient: '0x0000000000000000000000000000000000000002',
+    })(
+      new Request('https://host-b.example.com/resource', {
+        headers: { Authorization: Credential.serialize(credential) },
+      }),
+    )
+    expect(verifyResult.status).toBe(402)
+  })
+  test('realm undefined on handler when not explicitly set', () => {
+    const handler = Mppx.create({ methods: [mockMethod], secretKey })
+    expect(handler.realm).toBeUndefined()
+  })
+  test('falls back to default realm when input has no url', async () => {
+    const handler = Mppx.create({ methods: [mockMethod], secretKey })
+    const handle = handler.charge({
+      amount: '100',
+      currency: '0x0000000000000000000000000000000000000001',
+      recipient: '0x0000000000000000000000000000000000000002',
+    })
+    // Simulate a non-HTTP input with no .url — should warn and use fallback
+    const result = await handle({} as any)
+    expect(result.status).toBe(402)
+    if (result.status !== 402) throw new Error()
+    const challenge = Challenge.fromResponse(result.challenge)
+    expect(challenge.realm).toBe('MPP Payment')
+  })
+  test('cross-host rejection reports realm mismatch', async () => {
+    const handler = Mppx.create({ methods: [mockMethod], secretKey })
+    const result = await handler.charge({
+      amount: '100',
+      currency: '0x0000000000000000000000000000000000000001',
+      recipient: '0x0000000000000000000000000000000000000002',
+    })(new Request('https://host-a.example.com/resource'))
+    expect(result.status).toBe(402)
+    if (result.status !== 402) throw new Error()
+    const challenge = Challenge.fromResponse(result.challenge)
+    const credential = Credential.from({ challenge, payload: { token: 'valid' } })
+    const verifyResult = await handler.charge({
+      amount: '100',
+      currency: '0x0000000000000000000000000000000000000001',
+      recipient: '0x0000000000000000000000000000000000000002',
+    })(
+      new Request('https://host-b.example.com/resource', {
+        headers: { Authorization: Credential.serialize(credential) },
+      }),
+    )
+    expect(verifyResult.status).toBe(402)
+    if (verifyResult.status !== 402) throw new Error()
+    const body = (await verifyResult.challenge.json()) as { detail: string }
+    expect(body.detail).toContain('realm')
+  })
+})