npm - mppx - Versions diffs - 0.4.7 → 0.4.9 - Mend

mppx 0.4.7 → 0.4.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (209) hide show

package/CHANGELOG.md +15 -3
package/README.md +13 -13
package/dist/BodyDigest.d.ts.map +1 -1
package/dist/BodyDigest.js.map +1 -1
package/dist/Challenge.d.ts.map +1 -1
package/dist/Challenge.js.map +1 -1
package/dist/Credential.d.ts.map +1 -1
package/dist/Credential.js.map +1 -1
package/dist/Errors.js +64 -67
package/dist/Errors.js.map +1 -1
package/dist/PaymentRequest.d.ts.map +1 -1
package/dist/PaymentRequest.js.map +1 -1
package/dist/Receipt.d.ts.map +1 -1
package/dist/Receipt.js.map +1 -1
package/dist/Store.d.ts +14 -4
package/dist/Store.d.ts.map +1 -1
package/dist/Store.js +17 -0
package/dist/Store.js.map +1 -1
package/dist/cli/account.d.ts.map +1 -1
package/dist/cli/account.js +40 -5
package/dist/cli/account.js.map +1 -1
package/dist/cli/cli.d.ts.map +1 -1
package/dist/cli/cli.js +24 -8
package/dist/cli/cli.js.map +1 -1
package/dist/cli/internal.d.ts.map +1 -1
package/dist/cli/internal.js.map +1 -1
package/dist/cli/plugins/stripe.d.ts.map +1 -1
package/dist/cli/plugins/stripe.js.map +1 -1
package/dist/cli/plugins/tempo.d.ts.map +1 -1
package/dist/cli/plugins/tempo.js +11 -23
package/dist/cli/plugins/tempo.js.map +1 -1
package/dist/cli/utils.d.ts.map +1 -1
package/dist/cli/utils.js.map +1 -1
package/dist/client/internal/Fetch.d.ts +2 -0
package/dist/client/internal/Fetch.d.ts.map +1 -1
package/dist/client/internal/Fetch.js +1 -1
package/dist/client/internal/Fetch.js.map +1 -1
package/dist/internal/types.d.ts.map +1 -1
package/dist/mcp-sdk/client/McpClient.d.ts.map +1 -1
package/dist/mcp-sdk/client/McpClient.js +1 -1
package/dist/mcp-sdk/client/McpClient.js.map +1 -1
package/dist/mcp-sdk/server/Transport.d.ts.map +1 -1
package/dist/mcp-sdk/server/Transport.js.map +1 -1
package/dist/middlewares/elysia.d.ts.map +1 -1
package/dist/middlewares/elysia.js +5 -1
package/dist/middlewares/elysia.js.map +1 -1
package/dist/middlewares/express.d.ts.map +1 -1
package/dist/middlewares/express.js +5 -2
package/dist/middlewares/express.js.map +1 -1
package/dist/middlewares/hono.d.ts.map +1 -1
package/dist/middlewares/hono.js.map +1 -1
package/dist/proxy/Proxy.d.ts.map +1 -1
package/dist/proxy/Proxy.js +3 -1
package/dist/proxy/Proxy.js.map +1 -1
package/dist/proxy/Service.js +1 -1
package/dist/proxy/Service.js.map +1 -1
package/dist/proxy/internal/Route.d.ts +2 -2
package/dist/proxy/internal/Route.d.ts.map +1 -1
package/dist/proxy/internal/Route.js +4 -2
package/dist/proxy/internal/Route.js.map +1 -1
package/dist/server/Mppx.d.ts.map +1 -1
package/dist/server/Mppx.js +47 -11
package/dist/server/Mppx.js.map +1 -1
package/dist/server/Request.d.ts.map +1 -1
package/dist/server/Request.js.map +1 -1
package/dist/stripe/Methods.d.ts.map +1 -1
package/dist/stripe/Methods.js.map +1 -1
package/dist/tempo/Methods.d.ts.map +1 -1
package/dist/tempo/Methods.js.map +1 -1
package/dist/tempo/client/ChannelOps.d.ts.map +1 -1
package/dist/tempo/client/ChannelOps.js.map +1 -1
package/dist/tempo/client/Charge.d.ts.map +1 -1
package/dist/tempo/client/Charge.js.map +1 -1
package/dist/tempo/client/Session.d.ts.map +1 -1
package/dist/tempo/client/Session.js.map +1 -1
package/dist/tempo/client/SessionManager.d.ts.map +1 -1
package/dist/tempo/client/SessionManager.js +1 -1
package/dist/tempo/client/SessionManager.js.map +1 -1
package/dist/tempo/internal/address.d.ts +3 -0
package/dist/tempo/internal/address.d.ts.map +1 -0
package/dist/tempo/internal/address.js +4 -0
package/dist/tempo/internal/address.js.map +1 -0
package/dist/tempo/internal/auto-swap.d.ts.map +1 -1
package/dist/tempo/internal/auto-swap.js +4 -4
package/dist/tempo/internal/auto-swap.js.map +1 -1
package/dist/tempo/internal/fee-payer.d.ts +4 -1
package/dist/tempo/internal/fee-payer.d.ts.map +1 -1
package/dist/tempo/internal/fee-payer.js +12 -4
package/dist/tempo/internal/fee-payer.js.map +1 -1
package/dist/tempo/server/Charge.d.ts +11 -0
package/dist/tempo/server/Charge.d.ts.map +1 -1
package/dist/tempo/server/Charge.js +110 -51
package/dist/tempo/server/Charge.js.map +1 -1
package/dist/tempo/server/Session.d.ts +1 -1
package/dist/tempo/server/Session.d.ts.map +1 -1
package/dist/tempo/server/Session.js +31 -23
package/dist/tempo/server/Session.js.map +1 -1
package/dist/tempo/server/internal/transport.d.ts +1 -1
package/dist/tempo/server/internal/transport.d.ts.map +1 -1
package/dist/tempo/server/internal/transport.js +41 -1
package/dist/tempo/server/internal/transport.js.map +1 -1
package/dist/tempo/session/Chain.d.ts.map +1 -1
package/dist/tempo/session/Chain.js +51 -10
package/dist/tempo/session/Chain.js.map +1 -1
package/dist/tempo/session/ChannelStore.d.ts +2 -0
package/dist/tempo/session/ChannelStore.d.ts.map +1 -1
package/dist/tempo/session/ChannelStore.js +4 -2
package/dist/tempo/session/ChannelStore.js.map +1 -1
package/dist/tempo/session/Receipt.d.ts.map +1 -1
package/dist/tempo/session/Receipt.js.map +1 -1
package/dist/tempo/session/Sse.d.ts.map +1 -1
package/dist/tempo/session/Sse.js.map +1 -1
package/dist/tempo/session/Voucher.d.ts.map +1 -1
package/dist/tempo/session/Voucher.js +3 -2
package/dist/tempo/session/Voucher.js.map +1 -1
package/dist/viem/Client.d.ts.map +1 -1
package/dist/viem/Client.js.map +1 -1
package/package.json +2 -2
package/src/BodyDigest.ts +1 -0
package/src/Challenge.test-d.ts +1 -0
package/src/Challenge.ts +1 -0
package/src/Credential.ts +1 -0
package/src/Errors.test.ts +27 -39
package/src/Expires.test.ts +1 -0
package/src/PaymentRequest.ts +1 -0
package/src/Receipt.ts +1 -0
package/src/Store.test-d.ts +59 -0
package/src/Store.test.ts +56 -6
package/src/Store.ts +31 -4
package/src/cli/account.ts +65 -30
package/src/cli/cli.test.ts +127 -1
package/src/cli/cli.ts +23 -8
package/src/cli/config.test.ts +1 -0
package/src/cli/internal.ts +1 -0
package/src/cli/plugins/stripe.ts +1 -0
package/src/cli/plugins/tempo.ts +21 -24
package/src/cli/utils.ts +1 -0
package/src/client/Mppx.test-d.ts +1 -0
package/src/client/internal/Fetch.browser.test.ts +1 -0
package/src/client/internal/Fetch.test-d.ts +1 -0
package/src/client/internal/Fetch.test.ts +1 -0
package/src/client/internal/Fetch.ts +1 -1
package/src/internal/constantTimeEqual.test.ts +1 -0
package/src/internal/types.ts +1 -3
package/src/mcp-sdk/client/McpClient.test-d.ts +1 -0
package/src/mcp-sdk/client/McpClient.test.ts +1 -0
package/src/mcp-sdk/client/McpClient.ts +2 -0
package/src/mcp-sdk/server/Transport.test.ts +1 -0
package/src/mcp-sdk/server/Transport.ts +1 -0
package/src/middlewares/elysia.test.ts +90 -0
package/src/middlewares/elysia.ts +5 -1
package/src/middlewares/express.test.ts +62 -2
package/src/middlewares/express.ts +6 -2
package/src/middlewares/hono.ts +1 -0
package/src/middlewares/internal/mppx.test.ts +1 -0
package/src/middlewares/nextjs.test.ts +1 -0
package/src/proxy/Proxy.test.ts +57 -0
package/src/proxy/Proxy.ts +8 -1
package/src/proxy/Service.test.ts +1 -0
package/src/proxy/Service.ts +8 -2
package/src/proxy/internal/Headers.test.ts +1 -0
package/src/proxy/internal/Route.test.ts +57 -0
package/src/proxy/internal/Route.ts +3 -1
package/src/proxy/services/openai.test.ts +1 -0
package/src/server/Mppx.test.ts +438 -0
package/src/server/Mppx.ts +51 -13
package/src/server/Request.test.ts +1 -0
package/src/server/Request.ts +1 -0
package/src/server/Response.test.ts +1 -0
package/src/server/Transport.test.ts +1 -0
package/src/stripe/Methods.ts +1 -0
package/src/stripe/client/Charge.test.ts +1 -0
package/src/stripe/server/Charge.test.ts +1 -0
package/src/tempo/Attribution.test.ts +1 -0
package/src/tempo/Methods.ts +1 -0
package/src/tempo/client/ChannelOps.test.ts +1 -0
package/src/tempo/client/ChannelOps.ts +1 -0
package/src/tempo/client/Charge.ts +1 -0
package/src/tempo/client/Session.test.ts +1 -0
package/src/tempo/client/Session.ts +1 -0
package/src/tempo/client/SessionManager.test.ts +28 -0
package/src/tempo/client/SessionManager.ts +2 -1
package/src/tempo/internal/address.ts +6 -0
package/src/tempo/internal/auto-swap.test.ts +1 -0
package/src/tempo/internal/auto-swap.ts +4 -3
package/src/tempo/internal/defaults.test.ts +1 -0
package/src/tempo/internal/fee-payer.test.ts +1 -0
package/src/tempo/internal/fee-payer.ts +19 -4
package/src/tempo/server/Charge.test.ts +1081 -31
package/src/tempo/server/Charge.ts +159 -63
package/src/tempo/server/Session.test.ts +896 -107
package/src/tempo/server/Session.ts +41 -23
package/src/tempo/server/Sse.test.ts +2 -0
package/src/tempo/server/internal/transport.test.ts +30 -0
package/src/tempo/server/internal/transport.ts +41 -2
package/src/tempo/session/Chain.test.ts +145 -0
package/src/tempo/session/Chain.ts +59 -10
package/src/tempo/session/Channel.test.ts +1 -0
package/src/tempo/session/ChannelStore.test.ts +11 -0
package/src/tempo/session/ChannelStore.ts +7 -3
package/src/tempo/session/Receipt.test.ts +1 -0
package/src/tempo/session/Receipt.ts +1 -0
package/src/tempo/session/Sse.test.ts +2 -0
package/src/tempo/session/Sse.ts +1 -0
package/src/tempo/session/Voucher.test.ts +1 -0
package/src/tempo/session/Voucher.ts +4 -2
package/src/viem/Account.test.ts +1 -0
package/src/viem/Client.test.ts +1 -0
package/src/viem/Client.ts +1 -0

package/src/cli/cli.ts CHANGED Viewed

@@ -1,12 +1,15 @@
 import * as fs from 'node:fs'
 import { createRequire } from 'node:module'
 import * as path from 'node:path'
 import { Cli, Errors, z } from 'incur'
 import { Base64 } from 'ox'
 import { type Address, createClient, http } from 'viem'
 import { generatePrivateKey, privateKeyToAccount } from 'viem/accounts'
 import { tempo as tempoMainnet } from 'viem/chains'
 import * as Challenge from '../Challenge.js'
+import { normalizeHeaders } from '../client/internal/Fetch.js'
 import * as Mppx from '../client/Mppx.js'
 import { createDefaultStore, createKeychain, resolveAccountName } from './account.js'
 import { loadConfig, resolvePlugin } from './internal.js'
@@ -130,15 +133,27 @@ const cli = Cli.create('mppx', {
       return hasProtocol ? c.args.url : `${isLocal ? 'http' : 'https'}://${c.args.url}`
     })()
     const { hostname } = new URL(url)
-    if (
+    const insecure =
       c.options.insecure ||
       hostname === 'localhost' ||
       hostname.endsWith('.localhost') ||
       hostname.endsWith('.local')
-    ) {
-      process.removeAllListeners('warning')
-      process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
-    }
+    // Scoped fetch that temporarily disables TLS verification only for
+    // the target connection when `insecure` is true, then restores
+    // the original value so other HTTPS connections are unaffected.
+    const targetFetch: typeof globalThis.fetch = insecure
+      ? async (input, init) => {
+          const orig = process.env.NODE_TLS_REJECT_UNAUTHORIZED
+          process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
+          try {
+            return await globalThis.fetch(input, init)
+          } finally {
+            if (orig === undefined) delete process.env.NODE_TLS_REJECT_UNAUTHORIZED
+            else process.env.NODE_TLS_REJECT_UNAUTHORIZED = orig
+          }
+        }
+      : globalThis.fetch
     // Node.js doesn't resolve *.localhost subdomains to loopback (unlike
     // browsers per RFC 6761). Rewrite the URL to 127.0.0.1 and set the
@@ -170,7 +185,7 @@ const cli = Cli.create('mppx', {
       }
       if (c.options.verbose >= 2) printRequestHeaders(url, init, info)
-      const challengeResponse = await globalThis.fetch(fetchUrl, init)
+      const challengeResponse = await targetFetch(fetchUrl, init)
       if (challengeResponse.status !== 402) {
         if (c.options.fail && challengeResponse.status >= 400)
           return c.error({
@@ -300,14 +315,14 @@ const cli = Cli.create('mppx', {
       // Send credential and get response
       const credentialHeaders = {
-        ...(init.headers as Record<string, string>),
+        ...normalizeHeaders(init.headers),
         Authorization: credential,
       }
       plugin?.prepareCredentialRequest?.({ challenge, credential, headers: credentialHeaders })
       const credentialFetchInit = { ...init, headers: credentialHeaders }
       if (c.options.verbose >= 2) printRequestHeaders(url, credentialFetchInit, info)
-      const credentialResponse = await globalThis.fetch(fetchUrl, credentialFetchInit)
+      const credentialResponse = await targetFetch(fetchUrl, credentialFetchInit)
       if (c.options.fail && credentialResponse.status >= 400)
         return c.error({

package/src/cli/config.test.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import * as fs from 'node:fs'
 import * as os from 'node:os'
 import * as path from 'node:path'
 import { defineConfig } from './config.js'
 import { loadConfig } from './internal.js'

package/src/cli/internal.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import * as fs from 'node:fs'
 import * as path from 'node:path'
 import type * as Challenge from '../Challenge.js'
 import type * as Method from '../Method.js'
 import type { Config } from './config.js'

package/src/cli/plugins/stripe.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { Errors, z } from 'incur'
 import { stripe as stripeMethods } from '../../stripe/client/index.js'
 import { pc } from '../utils.js'
 import { createPlugin } from './plugin.js'

package/src/cli/plugins/tempo.ts CHANGED Viewed

@@ -3,11 +3,14 @@ import * as fs from 'node:fs'
 import { createRequire } from 'node:module'
 import * as os from 'node:os'
 import * as path from 'node:path'
 import { Errors, z } from 'incur'
 import { Base64 } from 'ox'
 import type { Address } from 'viem'
 import { createClient, http } from 'viem'
 import { privateKeyToAccount } from 'viem/accounts'
+import { normalizeHeaders } from '../../client/internal/Fetch.js'
 import * as Credential from '../../Credential.js'
 import { tempo as tempoMethods } from '../../tempo/client/index.js'
 import type { SessionCredentialPayload } from '../../tempo/session/Types.js'
@@ -34,6 +37,7 @@ export function tempo() {
           cumulativeAmount: bigint
           escrowContract: Address
           chainId: number
+          action?: 'voucher' | 'close'
         }): Promise<string>
         source: string
       }
@@ -183,11 +187,17 @@ export function tempo() {
       // Store session support for use in lifecycle hooks
       _session = {
-        async signVoucher({ channelId, cumulativeAmount, escrowContract, chainId }) {
+        async signVoucher({
+          channelId,
+          cumulativeAmount,
+          escrowContract,
+          chainId,
+          action = 'voucher',
+        }) {
           return Credential.serialize({
             challenge,
             payload: {
-              action: 'voucher',
+              action,
               channelId,
               cumulativeAmount: cumulativeAmount.toString(),
               signature: await signVoucher(
@@ -254,32 +264,17 @@ export function tempo() {
         }
       }
-      // Handle non-SSE session response (server returned non-streaming)
-      let credentialResponse = response
+      // Handle non-SSE session response (server returned non-streaming).
+      // The open credential already paid for this unit — no follow-up
+      // voucher is needed. Just record the cumulativeAmount so the
+      // channel close uses the correct value.
+      const credentialResponse = response
       if (
         credentialResponse.ok &&
         !credentialResponse.headers.get('Content-Type')?.includes('text/event-stream')
       ) {
         if (parsed.payload.action === 'open' && 'cumulativeAmount' in parsed.payload) {
-          const tickAmount = BigInt(challengeRequest.amount as string)
-          cumulativeAmount = BigInt(parsed.payload.cumulativeAmount) + tickAmount
-          if (escrowContract) {
-            const voucherCred = await _session.signVoucher({
-              channelId,
-              cumulativeAmount,
-              escrowContract,
-              chainId,
-            })
-            credentialResponse = await globalThis.fetch(fetchUrl, {
-              ...fetchInit,
-              headers: {
-                ...(fetchInit.headers as Record<string, string>),
-                Accept: 'text/event-stream',
-                Authorization: voucherCred,
-              },
-            })
-          }
+          cumulativeAmount = BigInt(parsed.payload.cumulativeAmount)
         }
       }
@@ -598,6 +593,7 @@ async function closeChannel(opts: {
       cumulativeAmount: bigint
       escrowContract: Address
       chainId: number
+      action?: 'voucher' | 'close'
     }): Promise<string>
   }
   info: (msg: string) => void
@@ -612,11 +608,12 @@ async function closeChannel(opts: {
     cumulativeAmount: opts.cumulativeAmount,
     escrowContract: opts.escrowContract,
     chainId: opts.chainId,
+    action: 'close',
   })
   const closeRes = await globalThis.fetch(opts.fetchUrl, {
     ...opts.fetchInit,
     headers: {
-      ...(opts.fetchInit.headers as Record<string, string>),
+      ...normalizeHeaders(opts.fetchInit.headers),
       Authorization: closeCred,
     },
   })

package/src/cli/utils.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import * as readline from 'node:readline'
 import type { Chain } from 'viem'
 import { type Address, createClient, http } from 'viem'
 import { tempo as tempoMainnet, tempoModerato } from 'viem/chains'

package/src/client/Mppx.test-d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import type { Account } from 'viem'
 import { describe, expectTypeOf, test } from 'vitest'
 import * as Method from '../Method.js'
 import { charge } from '../tempo/client/Charge.js'
 import { tempo } from '../tempo/client/Methods.js'

package/src/client/internal/Fetch.browser.test.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { describe, expect, test, vi } from 'vitest'
 import * as Fetch from './Fetch.js'
 const noopMethod = {

package/src/client/internal/Fetch.test-d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import type { Account } from 'viem'
 import { describe, expectTypeOf, test } from 'vitest'
 import { charge } from '../../tempo/client/Charge.js'
 import * as Fetch from './Fetch.js'

package/src/client/internal/Fetch.test.ts CHANGED Viewed

@@ -6,6 +6,7 @@ import { describe, expect, test, vi } from 'vitest'
 import * as Http from '~test/Http.js'
 import { rpcUrl } from '~test/tempo/prool.js'
 import { accounts, asset, chain, client, http } from '~test/tempo/viem.js'
 import * as Fetch from './Fetch.js'
 const realm = 'api.example.com'

package/src/client/internal/Fetch.ts CHANGED Viewed

@@ -193,7 +193,7 @@ export function restore(): void {
 }
 /** @internal Normalizes headers to a plain object for spreading. */
-function normalizeHeaders(headers: unknown): Record<string, string> {
+export function normalizeHeaders(headers: unknown): Record<string, string> {
   if (!headers) return {}
   if (headers instanceof Headers) {
     const result: Record<string, string> = {}

package/src/internal/constantTimeEqual.test.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { describe, expect, test } from 'vitest'
 import { constantTimeEqual } from './constantTimeEqual.js'
 describe('constantTimeEqual', () => {

package/src/internal/types.ts CHANGED Viewed

@@ -256,9 +256,7 @@ export type LastInUnion<U> =
 /** @internal */
 export type UnionToIntersection<union> = (
-  union extends unknown
-    ? (arg: union) => 0
-    : never
+  union extends unknown ? (arg: union) => 0 : never
 ) extends (arg: infer i) => 0
   ? i
   : never

package/src/mcp-sdk/client/McpClient.test-d.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import type { Client } from '@modelcontextprotocol/sdk/client/index.js'
 import { tempo } from 'mppx/client'
 import type { Account } from 'viem'
 import { describe, expectTypeOf, test } from 'vitest'
 import * as McpClient from './McpClient.js'
 describe('McpClient.wrap', () => {

package/src/mcp-sdk/client/McpClient.test.ts CHANGED Viewed

@@ -8,6 +8,7 @@ import { Mppx as Mppx_server, tempo as tempo_server } from 'mppx/server'
 import { createClient } from 'viem'
 import { afterEach, beforeEach, describe, expect, test } from 'vitest'
 import { accounts, asset, chain, http, client as testClient } from '~test/tempo/viem.js'
 import * as McpServer_transport from '../server/Transport.js'
 import * as McpClient from './McpClient.js'

package/src/mcp-sdk/client/McpClient.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import type { Client } from '@modelcontextprotocol/sdk/client/index.js'
 import type { McpError } from '@modelcontextprotocol/sdk/types.js'
 import type * as Challenge from '../../Challenge.js'
 import * as Credential from '../../Credential.js'
 import * as core_Mcp from '../../Mcp.js'
@@ -84,6 +85,7 @@ export function wrap<
           const installed = methods.map((m) => `${m.name}.${m.intent}`).join(', ')
           throw new Error(
             `No compatible payment method. Server offers: ${available}. Client has: ${installed}`,
+            { cause: error },
           )
         }

package/src/mcp-sdk/server/Transport.test.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { describe, expect, test } from 'vitest'
 import type { Challenge } from '../../Challenge.js'
 import type { Credential } from '../../Credential.js'
 import { VerificationFailedError } from '../../Errors.js'

package/src/mcp-sdk/server/Transport.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import type { CallToolResult, McpError } from '@modelcontextprotocol/sdk/types.js'
 import type * as Credential from '../../Credential.js'
 import * as core_Mcp from '../../Mcp.js'
 import * as Transport from '../../server/Transport.js'

package/src/middlewares/elysia.test.ts ADDED Viewed

@@ -0,0 +1,90 @@
+import * as http from 'node:http'
+import { Elysia } from 'elysia'
+import { Receipt } from 'mppx'
+import { Mppx as Mppx_client, tempo as tempo_client } from 'mppx/client'
+import { Mppx } from 'mppx/elysia'
+import { tempo as tempo_server } from 'mppx/server'
+import { describe, expect, test } from 'vitest'
+import { accounts, asset, client } from '~test/tempo/viem.js'
+function createServer(app: Elysia<any, any, any, any, any, any, any>) {
+  return new Promise<{ url: string; close: () => void }>((resolve) => {
+    const server = http.createServer(async (req, res) => {
+      const url = `http://localhost${req.url}`
+      const headers = new Headers()
+      for (let i = 0; i < req.rawHeaders.length; i += 2)
+        headers.append(req.rawHeaders[i]!, req.rawHeaders[i + 1]!)
+      const request = new Request(url, { method: req.method!, headers })
+      const response = await app.fetch(request)
+      res.writeHead(response.status, Object.fromEntries(response.headers))
+      const body = await response.text()
+      if (body) res.write(body)
+      res.end()
+    })
+    server.listen(0, () => {
+      const { port } = server.address() as { port: number }
+      resolve({
+        url: `http://localhost:${port}`,
+        close: () => server.close(),
+      })
+    })
+  })
+}
+const secretKey = 'test-secret-key'
+describe('charge', () => {
+  const mppx = Mppx.create({
+    methods: [
+      tempo_server.charge({
+        getClient: () => client,
+        currency: asset,
+        recipient: accounts[0].address,
+      }),
+    ],
+    secretKey,
+  })
+  const { fetch } = Mppx_client.create({
+    polyfill: false,
+    methods: [
+      tempo_client.charge({
+        account: accounts[1],
+        getClient: () => client,
+      }),
+    ],
+  })
+  test('returns 402 when no credential', async () => {
+    const app = new Elysia().guard({ beforeHandle: mppx.charge({ amount: '1' }) }, (app) =>
+      app.get('/', () => ({ fortune: 'You will be rich' })),
+    )
+    const server = await createServer(app)
+    const response = await globalThis.fetch(server.url)
+    expect(response.status).toBe(402)
+    expect(response.headers.get('WWW-Authenticate')).toContain('Payment')
+    server.close()
+  })
+  test('returns 200 with receipt on valid payment', async () => {
+    const app = new Elysia().guard({ beforeHandle: mppx.charge({ amount: '1' }) }, (app) =>
+      app.get('/', () => ({ fortune: 'You will be rich' })),
+    )
+    const server = await createServer(app)
+    const response = await fetch(server.url)
+    expect(response.status).toBe(200)
+    const body = await response.json()
+    expect(body).toEqual({ fortune: 'You will be rich' })
+    const receipt = Receipt.fromResponse(response)
+    expect(receipt.status).toBe('success')
+    expect(receipt.method).toBe('tempo')
+    server.close()
+  })
+})

package/src/middlewares/elysia.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import type { Context } from 'elysia'
 import * as Mppx_core from '../server/Mppx.js'
 import * as Mppx_internal from './internal/mppx.js'
@@ -59,8 +60,11 @@ export function payment<const intent extends Mppx_internal.AnyMethodFn>(
   intent: intent,
   options: intent extends (options: infer options) => any ? options : never,
 ): ElysiaHook {
-  return async ({ request }) => {
+  return async ({ request, set }) => {
     const result = await intent(options)(request)
     if (result.status === 402) return result.challenge
+    const receipt = result.withReceipt(new Response())
+    const header = receipt.headers.get('Payment-Receipt')
+    if (header) set.headers['Payment-Receipt'] = header
   }
 }

package/src/middlewares/express.test.ts CHANGED Viewed

@@ -1,8 +1,8 @@
 import express from 'express'
 import { Receipt } from 'mppx'
 import { Mppx as Mppx_client, session as sessionIntent, tempo as tempo_client } from 'mppx/client'
-import { Mppx } from 'mppx/express'
-import { tempo as tempo_server } from 'mppx/server'
+import { Mppx, payment } from 'mppx/express'
+import { Mppx as Mppx_server, tempo as tempo_server } from 'mppx/server'
 import type { Address } from 'viem'
 import { Addresses } from 'viem/tempo'
 import { beforeAll, describe, expect, test } from 'vitest'
@@ -158,3 +158,63 @@ describe('session', () => {
     server.close()
   })
 })
+describe('payment', () => {
+  const mppx = Mppx_server.create({
+    methods: [
+      tempo_server({
+        getClient: () => client,
+        currency: asset,
+        recipient: accounts[0].address,
+      }),
+    ],
+    secretKey,
+  })
+  const { fetch } = Mppx_client.create({
+    polyfill: false,
+    methods: [
+      tempo_client({
+        account: accounts[1],
+        getClient: () => client,
+      }),
+    ],
+  })
+  test('returns 402 when no credential', async () => {
+    const app = express()
+    app.get('/', payment(mppx.charge, { amount: '1' }), (_req, res) => {
+      res.json({ fortune: 'You will be rich' })
+    })
+    const server = await createServer(app)
+    const response = await globalThis.fetch(server.url)
+    expect(response.status).toBe(402)
+    expect(response.headers.get('WWW-Authenticate')).toContain('Payment')
+    server.close()
+  })
+  test('returns 200 with receipt on valid payment', async () => {
+    const app = express()
+    app.get('/', payment(mppx.charge, { amount: '1' }), (_req, res) => {
+      res.json({ fortune: 'You will be rich' })
+    })
+    const server = await createServer(app)
+    const response = await fetch(server.url)
+    expect(response.status).toBe(200)
+    const body = await response.json()
+    expect(body).toEqual({ fortune: 'You will be rich' })
+    const receiptHeader = response.headers.get('Payment-Receipt')
+    expect(receiptHeader).toBeTruthy()
+    const receipt = Receipt.fromResponse(response)
+    expect(receipt.status).toBe('success')
+    expect(receipt.method).toBe('tempo')
+    server.close()
+  })
+})

package/src/middlewares/express.ts CHANGED Viewed

@@ -4,8 +4,8 @@ import type {
   NextFunction,
   RequestHandler,
 } from 'express'
 import * as Mppx_core from '../server/Mppx.js'
-import * as Request from '../server/Request.js'
 import * as Mppx_internal from './internal/mppx.js'
 export * from '../server/Methods.js'
@@ -60,7 +60,11 @@ export function payment<const intent extends Mppx_internal.AnyMethodFn>(
   options: intent extends (options: infer options) => any ? options : never,
 ): RequestHandler {
   return async (req: ExpressRequest, res: ExpressResponse, next: NextFunction) => {
-    const result = await intent(options)(Request.fromNodeListener(req, res))
+    const request = new Request(`${req.protocol}://${req.hostname}${req.originalUrl}`, {
+      method: req.method,
+      headers: req.headers as Record<string, string>,
+    })
+    const result = await intent(options)(request)
     if (result.status === 402) {
       const challenge = result.challenge as Response

package/src/middlewares/hono.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import type { MiddlewareHandler } from 'hono'
 import * as Mppx_core from '../server/Mppx.js'
 import * as Mppx_internal from './internal/mppx.js'

package/src/middlewares/internal/mppx.test.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { Challenge, Credential, Method, z } from 'mppx'
 import { Mppx } from 'mppx/server'
 import { describe, expect, test } from 'vitest'
 import { wrap } from './mppx.js'
 const realm = 'api.example.com'

package/src/middlewares/nextjs.test.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import * as http from 'node:http'
 import { Receipt } from 'mppx'
 import { Mppx as Mppx_client, session as sessionIntent, tempo as tempo_client } from 'mppx/client'
 import { Mppx } from 'mppx/nextjs'

package/src/proxy/Proxy.test.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { Mppx as Mppx_server, tempo as tempo_server } from 'mppx/server'
 import { afterEach, describe, expect, test } from 'vitest'
 import * as Http from '~test/Http.js'
 import { accounts, asset, client } from '~test/tempo/viem.js'
 import * as ApiProxy from './Proxy.js'
 import * as Service from './Service.js'
 import { anthropic } from './services/anthropic.js'
@@ -630,6 +631,62 @@ describe('create', () => {
     })
   })
+  test('behavior: management POST falls back to paid route with different method', async () => {
+    upstream = await createUpstream(() => Response.json({ ok: true }))
+    const proxy = ApiProxy.create({
+      services: [
+        Service.from('api', {
+          baseUrl: upstream.url,
+          routes: {
+            // Registered as GET but management POSTs (e.g. session close)
+            // should still reach this paid endpoint via fallback.
+            'GET /v1/stream': mppx_server.charge({ amount: '1', decimals: 6 }),
+          },
+        }),
+      ],
+    })
+    proxyServer = await Http.createServer(proxy.listener)
+    const res = await fetch(`${proxyServer.url}/api/v1/stream`, {
+      method: 'POST',
+      headers: { Authorization: 'x' },
+    })
+    // Should hit the paid endpoint and get a 402 challenge, not 404
+    expect(res.status).toBe(402)
+  })
+  test('behavior: POST to unregistered method does not fall back to free GET route', async () => {
+    upstream = await createUpstream(() => Response.json({ ok: true }))
+    const proxy = ApiProxy.create({
+      services: [
+        Service.from('api', {
+          baseUrl: upstream.url,
+          routes: {
+            // GET is free, but there is no POST handler
+            'GET /v1beta/cachedContents': true,
+            'POST /v1beta/models/:model': mppx_server.charge({
+              amount: '1',
+              decimals: 6,
+            }),
+          },
+        }),
+      ],
+    })
+    proxyServer = await Http.createServer(proxy.listener)
+    // A POST with a bogus authorization header should NOT fall back
+    // to the free GET route — it must return 404.
+    const res = await fetch(`${proxyServer.url}/api/v1beta/cachedContents`, {
+      method: 'POST',
+      headers: {
+        Authorization: 'x',
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({ model: 'models/gemini-2.0-flash-001', contents: [] }),
+    })
+    expect(res.status).toBe(404)
+  })
   test('behavior: forwards query params to upstream', async () => {
     upstream = await createUpstream((req) => Response.json({ search: new URL(req.url).search }))
     const proxy = ApiProxy.create({

package/src/proxy/Proxy.ts CHANGED Viewed

@@ -1,5 +1,7 @@
 import type * as http from 'node:http'
 import { createFetchProxy } from '@remix-run/fetch-proxy'
 import * as Request from '../server/Request.js'
 import * as Headers from './internal/Headers.js'
 import * as Route from './internal/Route.js'
@@ -137,7 +139,12 @@ export function create(config: create.Config): Proxy {
       // is registered for a different HTTP method (e.g. GET). Fall back to
       // path-only matching so the payment handler can process the action.
       (request.method === 'POST' && request.headers.has('authorization')
-        ? Route.matchPath(service.routes, upstreamPath)
+        ? Route.matchPath(
+            service.routes,
+            upstreamPath,
+            // skip free routes (e.g. `'GET /foo/bar': true`)
+            (endpoint) => endpoint !== true,
+          )
         : null)
     if (!matched) return new Response('Not Found', { status: 404 })

package/src/proxy/Service.test.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { describe, expect, test } from 'vitest'
 import * as Service from './Service.js'
 describe('from', () => {