mppx 0.4.6 → 0.4.8

package/src/cli/cli.ts

@@ -130,15 +130,27 @@ const cli = Cli.create('mppx', {
       return hasProtocol ? c.args.url : `${isLocal ? 'http' : 'https'}://${c.args.url}`
     })()
     const { hostname } = new URL(url)
-    if (
+    const insecure =
       c.options.insecure ||
       hostname === 'localhost' ||
       hostname.endsWith('.localhost') ||
       hostname.endsWith('.local')
-    ) {
-      process.removeAllListeners('warning')
-      process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
-    }
+
+    // Scoped fetch that temporarily disables TLS verification only for
+    // the target connection when `insecure` is true, then restores
+    // the original value so other HTTPS connections are unaffected.
+    const targetFetch: typeof globalThis.fetch = insecure
+      ? async (input, init) => {
+          const orig = process.env.NODE_TLS_REJECT_UNAUTHORIZED
+          process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
+          try {
+            return await globalThis.fetch(input, init)
+          } finally {
+            if (orig === undefined) delete process.env.NODE_TLS_REJECT_UNAUTHORIZED
+            else process.env.NODE_TLS_REJECT_UNAUTHORIZED = orig
+          }
+        }
+      : globalThis.fetch
 
     // Node.js doesn't resolve *.localhost subdomains to loopback (unlike
     // browsers per RFC 6761). Rewrite the URL to 127.0.0.1 and set the
@@ -170,7 +182,7 @@ const cli = Cli.create('mppx', {
       }
 
       if (c.options.verbose >= 2) printRequestHeaders(url, init, info)
-      const challengeResponse = await globalThis.fetch(fetchUrl, init)
+      const challengeResponse = await targetFetch(fetchUrl, init)
       if (challengeResponse.status !== 402) {
         if (c.options.fail && challengeResponse.status >= 400)
           return c.error({
@@ -307,7 +319,7 @@ const cli = Cli.create('mppx', {
 
       const credentialFetchInit = { ...init, headers: credentialHeaders }
       if (c.options.verbose >= 2) printRequestHeaders(url, credentialFetchInit, info)
-      const credentialResponse = await globalThis.fetch(fetchUrl, credentialFetchInit)
+      const credentialResponse = await targetFetch(fetchUrl, credentialFetchInit)
 
       if (c.options.fail && credentialResponse.status >= 400)
         return c.error({

package/src/cli/plugins/tempo.ts

@@ -34,6 +34,7 @@ export function tempo() {
           cumulativeAmount: bigint
           escrowContract: Address
           chainId: number
+          action?: 'voucher' | 'close'
         }): Promise<string>
         source: string
       }
@@ -183,11 +184,17 @@ export function tempo() {
 
       // Store session support for use in lifecycle hooks
       _session = {
-        async signVoucher({ channelId, cumulativeAmount, escrowContract, chainId }) {
+        async signVoucher({
+          channelId,
+          cumulativeAmount,
+          escrowContract,
+          chainId,
+          action = 'voucher',
+        }) {
           return Credential.serialize({
             challenge,
             payload: {
-              action: 'voucher',
+              action,
               channelId,
               cumulativeAmount: cumulativeAmount.toString(),
               signature: await signVoucher(
@@ -254,32 +261,17 @@ export function tempo() {
         }
       }
 
-      // Handle non-SSE session response (server returned non-streaming)
-      let credentialResponse = response
+      // Handle non-SSE session response (server returned non-streaming).
+      // The open credential already paid for this unit — no follow-up
+      // voucher is needed. Just record the cumulativeAmount so the
+      // channel close uses the correct value.
+      const credentialResponse = response
       if (
         credentialResponse.ok &&
         !credentialResponse.headers.get('Content-Type')?.includes('text/event-stream')
       ) {
         if (parsed.payload.action === 'open' && 'cumulativeAmount' in parsed.payload) {
-          const tickAmount = BigInt(challengeRequest.amount as string)
-          cumulativeAmount = BigInt(parsed.payload.cumulativeAmount) + tickAmount
-
-          if (escrowContract) {
-            const voucherCred = await _session.signVoucher({
-              channelId,
-              cumulativeAmount,
-              escrowContract,
-              chainId,
-            })
-            credentialResponse = await globalThis.fetch(fetchUrl, {
-              ...fetchInit,
-              headers: {
-                ...(fetchInit.headers as Record<string, string>),
-                Accept: 'text/event-stream',
-                Authorization: voucherCred,
-              },
-            })
-          }
+          cumulativeAmount = BigInt(parsed.payload.cumulativeAmount)
         }
       }
 
@@ -598,6 +590,7 @@ async function closeChannel(opts: {
       cumulativeAmount: bigint
       escrowContract: Address
       chainId: number
+      action?: 'voucher' | 'close'
     }): Promise<string>
   }
   info: (msg: string) => void
@@ -612,6 +605,7 @@ async function closeChannel(opts: {
     cumulativeAmount: opts.cumulativeAmount,
     escrowContract: opts.escrowContract,
     chainId: opts.chainId,
+    action: 'close',
   })
   const closeRes = await globalThis.fetch(opts.fetchUrl, {
     ...opts.fetchInit,

package/src/middlewares/elysia.test.ts

@@ -0,0 +1,89 @@
+import * as http from 'node:http'
+import { Elysia } from 'elysia'
+import { Receipt } from 'mppx'
+import { Mppx as Mppx_client, tempo as tempo_client } from 'mppx/client'
+import { Mppx } from 'mppx/elysia'
+import { tempo as tempo_server } from 'mppx/server'
+import { describe, expect, test } from 'vitest'
+import { accounts, asset, client } from '~test/tempo/viem.js'
+
+function createServer(app: Elysia<any, any, any, any, any, any, any>) {
+  return new Promise<{ url: string; close: () => void }>((resolve) => {
+    const server = http.createServer(async (req, res) => {
+      const url = `http://localhost${req.url}`
+      const headers = new Headers()
+      for (let i = 0; i < req.rawHeaders.length; i += 2)
+        headers.append(req.rawHeaders[i]!, req.rawHeaders[i + 1]!)
+      const request = new Request(url, { method: req.method!, headers })
+      const response = await app.fetch(request)
+      res.writeHead(response.status, Object.fromEntries(response.headers))
+      const body = await response.text()
+      if (body) res.write(body)
+      res.end()
+    })
+    server.listen(0, () => {
+      const { port } = server.address() as { port: number }
+      resolve({
+        url: `http://localhost:${port}`,
+        close: () => server.close(),
+      })
+    })
+  })
+}
+
+const secretKey = 'test-secret-key'
+
+describe('charge', () => {
+  const mppx = Mppx.create({
+    methods: [
+      tempo_server.charge({
+        getClient: () => client,
+        currency: asset,
+        recipient: accounts[0].address,
+      }),
+    ],
+    secretKey,
+  })
+
+  const { fetch } = Mppx_client.create({
+    polyfill: false,
+    methods: [
+      tempo_client.charge({
+        account: accounts[1],
+        getClient: () => client,
+      }),
+    ],
+  })
+
+  test('returns 402 when no credential', async () => {
+    const app = new Elysia().guard({ beforeHandle: mppx.charge({ amount: '1' }) }, (app) =>
+      app.get('/', () => ({ fortune: 'You will be rich' })),
+    )
+
+    const server = await createServer(app)
+    const response = await globalThis.fetch(server.url)
+    expect(response.status).toBe(402)
+    expect(response.headers.get('WWW-Authenticate')).toContain('Payment')
+
+    server.close()
+  })
+
+  test('returns 200 with receipt on valid payment', async () => {
+    const app = new Elysia().guard({ beforeHandle: mppx.charge({ amount: '1' }) }, (app) =>
+      app.get('/', () => ({ fortune: 'You will be rich' })),
+    )
+
+    const server = await createServer(app)
+    const response = await fetch(server.url)
+    expect(response.status).toBe(200)
+
+    const body = await response.json()
+    expect(body).toEqual({ fortune: 'You will be rich' })
+
+    const receipt = Receipt.fromResponse(response)
+    expect(receipt.status).toBe('success')
+    expect(receipt.method).toBe('tempo')
+
+    server.close()
+  })
+})

package/src/middlewares/elysia.ts

@@ -59,8 +59,11 @@ export function payment<const intent extends Mppx_internal.AnyMethodFn>(
   intent: intent,
   options: intent extends (options: infer options) => any ? options : never,
 ): ElysiaHook {
-  return async ({ request }) => {
+  return async ({ request, set }) => {
     const result = await intent(options)(request)
     if (result.status === 402) return result.challenge
+    const receipt = result.withReceipt(new Response())
+    const header = receipt.headers.get('Payment-Receipt')
+    if (header) set.headers['Payment-Receipt'] = header
   }
 }

package/src/proxy/Proxy.test.ts

@@ -630,6 +630,62 @@ describe('create', () => {
     })
   })
 
+  test('behavior: management POST falls back to paid route with different method', async () => {
+    upstream = await createUpstream(() => Response.json({ ok: true }))
+    const proxy = ApiProxy.create({
+      services: [
+        Service.from('api', {
+          baseUrl: upstream.url,
+          routes: {
+            // Registered as GET but management POSTs (e.g. session close)
+            // should still reach this paid endpoint via fallback.
+            'GET /v1/stream': mppx_server.charge({ amount: '1', decimals: 6 }),
+          },
+        }),
+      ],
+    })
+    proxyServer = await Http.createServer(proxy.listener)
+
+    const res = await fetch(`${proxyServer.url}/api/v1/stream`, {
+      method: 'POST',
+      headers: { Authorization: 'x' },
+    })
+    // Should hit the paid endpoint and get a 402 challenge, not 404
+    expect(res.status).toBe(402)
+  })
+
+  test('behavior: POST to unregistered method does not fall back to free GET route', async () => {
+    upstream = await createUpstream(() => Response.json({ ok: true }))
+    const proxy = ApiProxy.create({
+      services: [
+        Service.from('api', {
+          baseUrl: upstream.url,
+          routes: {
+            // GET is free, but there is no POST handler
+            'GET /v1beta/cachedContents': true,
+            'POST /v1beta/models/:model': mppx_server.charge({
+              amount: '1',
+              decimals: 6,
+            }),
+          },
+        }),
+      ],
+    })
+    proxyServer = await Http.createServer(proxy.listener)
+
+    // A POST with a bogus authorization header should NOT fall back
+    // to the free GET route — it must return 404.
+    const res = await fetch(`${proxyServer.url}/api/v1beta/cachedContents`, {
+      method: 'POST',
+      headers: {
+        Authorization: 'x',
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({ model: 'models/gemini-2.0-flash-001', contents: [] }),
+    })
+    expect(res.status).toBe(404)
+  })
+
   test('behavior: forwards query params to upstream', async () => {
     upstream = await createUpstream((req) => Response.json({ search: new URL(req.url).search }))
     const proxy = ApiProxy.create({

package/src/proxy/Proxy.ts

@@ -137,7 +137,12 @@ export function create(config: create.Config): Proxy {
       // is registered for a different HTTP method (e.g. GET). Fall back to
       // path-only matching so the payment handler can process the action.
       (request.method === 'POST' && request.headers.has('authorization')
-        ? Route.matchPath(service.routes, upstreamPath)
+        ? Route.matchPath(
+            service.routes,
+            upstreamPath,
+            // skip free routes (e.g. `'GET /foo/bar': true`)
+            (endpoint) => endpoint !== true,
+          )
         : null)
     if (!matched) return new Response('Not Found', { status: 404 })
 

package/src/proxy/internal/Route.test.ts

@@ -141,3 +141,60 @@ describe('match', () => {
     expect(Route.match(routes, 'GET', '/v1/chat/completions')).toBeNull()
   })
 })
+
+describe('matchPath', () => {
+  const paidOnly = (v: unknown) => v !== true
+
+  test('behavior: matches route by path without filter', () => {
+    const routes = { 'GET /v1/models': true }
+    expect(Route.matchPath(routes, '/v1/models')).toMatchObject({
+      key: 'GET /v1/models',
+    })
+  })
+
+  test('behavior: matches paid endpoint by path', () => {
+    const routes = { 'GET /v1/generate': { pay: () => {} } }
+    expect(Route.matchPath(routes, '/v1/generate', paidOnly)).toMatchObject({
+      key: 'GET /v1/generate',
+    })
+  })
+
+  test('behavior: skips free passthrough routes with filter', () => {
+    const routes = {
+      'GET /v1/models': true,
+      'POST /v1/generate': { pay: () => {} },
+    }
+    expect(Route.matchPath(routes, '/v1/models', paidOnly)).toBeNull()
+  })
+
+  test('behavior: matches paid route even with different method', () => {
+    const routes = {
+      'GET /v1/stream': { pay: () => {} },
+    }
+    expect(Route.matchPath(routes, '/v1/stream', paidOnly)).toMatchObject({
+      key: 'GET /v1/stream',
+    })
+  })
+
+  test('behavior: skips free and matches next paid route', () => {
+    const routes = {
+      'GET /v1/*': true,
+      'POST /v1/*': { pay: () => {} },
+    }
+    const result = Route.matchPath(routes, '/v1/cachedContents', paidOnly)
+    expect(result).toMatchObject({ key: 'POST /v1/*' })
+  })
+
+  test('error: returns null when all routes are free', () => {
+    const routes = {
+      'GET /v1/models': true,
+      'GET /v1/status': true,
+    }
+    expect(Route.matchPath(routes, '/v1/models', paidOnly)).toBeNull()
+  })
+
+  test('error: returns null when no path match', () => {
+    const routes = { 'POST /v1/generate': { pay: () => {} } }
+    expect(Route.matchPath(routes, '/v2/unknown', paidOnly)).toBeNull()
+  })
+})

package/src/proxy/internal/Route.ts

@@ -36,12 +36,14 @@ export function match(
   return null
 }
 
-/** Finds the first route matching just the path, ignoring the HTTP method. Used for management POST fallback. */
+/** Finds the first route matching the path, ignoring the HTTP method. Optional `filter` predicate can exclude routes. */
 export function matchPath(
   routes: Record<string, unknown>,
   path: string,
+  filter?: (value: unknown) => boolean,
 ): { key: string; value: unknown } | null {
   for (const [key, value] of Object.entries(routes)) {
+    if (filter && !filter(value)) continue
     const { pattern } = parseRouteKey(key)
     const urlPattern = new URLPattern({ pathname: pattern })
     if (urlPattern.test({ pathname: path })) return { key, value }

package/src/server/Mppx.test.ts

@@ -1130,6 +1130,252 @@ describe('nested accessors', () => {
   })
 })
 
+describe('cross-route credential replay via scope binding flaw', () => {
+  // Method whose schema transform moves `amount`, `currency`, and `recipient`
+  // into `methodDetails`, removing them from the top-level request. This mirrors
+  // real-world methods (e.g. Tempo) that restructure fields via z.transform.
+  const transformingMethod = Method.from({
+    name: 'mock',
+    intent: 'charge',
+    schema: {
+      credential: {
+        payload: z.object({ token: z.string() }),
+      },
+      request: z.pipe(
+        z.object({
+          amount: z.string(),
+          currency: z.string(),
+          decimals: z.number(),
+          recipient: z.string(),
+        }),
+        z.transform(({ amount, currency, decimals, recipient }) => ({
+          methodDetails: { amount: String(Number(amount) * 10 ** decimals), currency, recipient },
+        })),
+      ),
+    },
+  })
+
+  function mockReceipt() {
+    return {
+      method: 'mock',
+      reference: 'tx-ref',
+      status: 'success' as const,
+      timestamp: new Date().toISOString(),
+    }
+  }
+
+  const serverMethod = Method.toServer(transformingMethod, {
+    async verify() {
+      return mockReceipt()
+    },
+  })
+
+  test('rejects cheap credential replayed at expensive route when schema transform moves scope fields', async () => {
+    const handler = Mppx.create({ methods: [serverMethod], realm, secretKey })
+
+    // Get a challenge from the "cheap" route ($0.01)
+    const cheapHandle = handler.charge({
+      amount: '0.01',
+      currency: '0x0000000000000000000000000000000000000001',
+      decimals: 6,
+      expires: new Date(Date.now() + 60_000).toISOString(),
+      recipient: '0x0000000000000000000000000000000000000002',
+    })
+    const cheapResult = await cheapHandle(new Request('https://example.com/cheap'))
+    expect(cheapResult.status).toBe(402)
+    if (cheapResult.status !== 402) throw new Error()
+
+    const cheapChallenge = Challenge.fromResponse(cheapResult.challenge)
+
+    // Build a credential from the cheap challenge
+    const credential = Credential.from({
+      challenge: cheapChallenge,
+      payload: { token: 'valid' },
+    })
+
+    // Present the cheap credential at the "expensive" route ($100)
+    const expensiveHandle = handler.charge({
+      amount: '100',
+      currency: '0x0000000000000000000000000000000000000001',
+      decimals: 6,
+      expires: new Date(Date.now() + 60_000).toISOString(),
+      recipient: '0x0000000000000000000000000000000000000002',
+    })
+    const result = await expensiveHandle(
+      new Request('https://example.com/expensive', {
+        headers: { Authorization: Credential.serialize(credential) },
+      }),
+    )
+
+    // Should be 402 (credential was for $0.01, not $100)
+    expect(result.status).toBe(402)
+  })
+
+  test('rejects credential with mismatched method field', async () => {
+    const otherMethod = Method.from({
+      name: 'other',
+      intent: 'charge',
+      schema: {
+        credential: { payload: z.object({ token: z.string() }) },
+        request: z.object({
+          amount: z.string(),
+          currency: z.string(),
+          decimals: z.number(),
+          recipient: z.string(),
+        }),
+      },
+    })
+
+    const otherServerMethod = Method.toServer(otherMethod, {
+      async verify() {
+        return mockReceipt()
+      },
+    })
+
+    const handler = Mppx.create({ methods: [serverMethod, otherServerMethod], realm, secretKey })
+
+    // Get challenge from mock/charge
+    const mockHandle = handler['mock/charge']({
+      amount: '1',
+      currency: '0x0000000000000000000000000000000000000001',
+      decimals: 6,
+      expires: new Date(Date.now() + 60_000).toISOString(),
+      recipient: '0x0000000000000000000000000000000000000002',
+    })
+    const mockResult = await mockHandle(new Request('https://example.com/mock'))
+    expect(mockResult.status).toBe(402)
+    if (mockResult.status !== 402) throw new Error()
+
+    const mockChallenge = Challenge.fromResponse(mockResult.challenge)
+    const credential = Credential.from({
+      challenge: mockChallenge,
+      payload: { token: 'valid' },
+    })
+
+    // Present mock/charge credential at other/charge route
+    const otherHandle = handler['other/charge']({
+      amount: '1',
+      currency: '0x0000000000000000000000000000000000000001',
+      decimals: 6,
+      expires: new Date(Date.now() + 60_000).toISOString(),
+      recipient: '0x0000000000000000000000000000000000000002',
+    })
+    const result = await otherHandle(
+      new Request('https://example.com/other', {
+        headers: { Authorization: Credential.serialize(credential) },
+      }),
+    )
+
+    // Should reject (credential was for method "mock", not "other")
+    expect(result.status).toBe(402)
+  })
+
+  test('rejects credential with mismatched intent field', async () => {
+    const sessionMethod = Method.from({
+      name: 'mock',
+      intent: 'session',
+      schema: {
+        credential: { payload: z.object({ token: z.string() }) },
+        request: z.object({
+          amount: z.string(),
+          currency: z.string(),
+          decimals: z.number(),
+          recipient: z.string(),
+        }),
+      },
+    })
+
+    const sessionServerMethod = Method.toServer(sessionMethod, {
+      async verify() {
+        return mockReceipt()
+      },
+    })
+
+    const handler = Mppx.create({ methods: [serverMethod, sessionServerMethod], realm, secretKey })
+
+    // Get challenge from mock/charge
+    const chargeHandle = handler['mock/charge']({
+      amount: '1',
+      currency: '0x0000000000000000000000000000000000000001',
+      decimals: 6,
+      expires: new Date(Date.now() + 60_000).toISOString(),
+      recipient: '0x0000000000000000000000000000000000000002',
+    })
+    const chargeResult = await chargeHandle(new Request('https://example.com/charge'))
+    expect(chargeResult.status).toBe(402)
+    if (chargeResult.status !== 402) throw new Error()
+
+    const chargeChallenge = Challenge.fromResponse(chargeResult.challenge)
+    const credential = Credential.from({
+      challenge: chargeChallenge,
+      payload: { token: 'valid' },
+    })
+
+    // Present charge credential at session route
+    const sessionHandle = handler['mock/session']({
+      amount: '1',
+      currency: '0x0000000000000000000000000000000000000001',
+      decimals: 6,
+      expires: new Date(Date.now() + 60_000).toISOString(),
+      recipient: '0x0000000000000000000000000000000000000002',
+    })
+    const result = await sessionHandle(
+      new Request('https://example.com/session', {
+        headers: { Authorization: Credential.serialize(credential) },
+      }),
+    )
+
+    // Should reject (credential was for intent "charge", not "session")
+    expect(result.status).toBe(402)
+  })
+
+  test('compose: rejects cheap credential replayed at expensive route when schema transform moves scope fields', async () => {
+    const handler = Mppx.create({ methods: [serverMethod], realm, secretKey })
+
+    const cheapHandle = handler.charge({
+      amount: '0.01',
+      currency: '0x0000000000000000000000000000000000000001',
+      decimals: 6,
+      expires: new Date(Date.now() + 60_000).toISOString(),
+      recipient: '0x0000000000000000000000000000000000000002',
+    })
+    const expensiveHandle = handler.charge({
+      amount: '100',
+      currency: '0x0000000000000000000000000000000000000001',
+      decimals: 6,
+      expires: new Date(Date.now() + 60_000).toISOString(),
+      recipient: '0x0000000000000000000000000000000000000002',
+    })
+
+    const composed = Mppx.compose(cheapHandle, expensiveHandle)
+
+    // Get challenge (pick the cheap one)
+    const firstResult = await composed(new Request('https://example.com/resource'))
+    expect(firstResult.status).toBe(402)
+    if (firstResult.status !== 402) throw new Error()
+
+    const challenges = Challenge.fromResponseList(firstResult.challenge)
+    const cheapChallenge = challenges[0]!
+
+    const credential = Credential.from({
+      challenge: cheapChallenge,
+      payload: { token: 'valid' },
+    })
+
+    // The composed handler should NOT route the cheap credential to the expensive handler
+    const result = await composed(
+      new Request('https://example.com/resource', {
+        headers: { Authorization: Credential.serialize(credential) },
+      }),
+    )
+
+    // If scope binding works, the credential should route to the cheap handler only.
+    // It should NOT match the expensive handler's canonical request.
+    // The result should be 200 (matched to cheap), not routed to expensive.
+    expect(result.status).toBe(200)
+  })
+})
+
 describe('withReceipt', () => {
   const mockCharge = Method.from({
     name: 'mock',