mppx 0.4.9 → 0.4.11

package/src/stripe/server/Charge.test.ts

@@ -1,6 +1,6 @@
 import { Challenge, Credential } from 'mppx'
 import { Mppx, stripe } from 'mppx/server'
-import { afterEach, describe, expect, test, vi } from 'vitest'
+import { afterEach, describe, expect, test, vi } from 'vp/test'
 import * as Http from '~test/Http.js'
 
 import type { StripeClient } from '../internal/types.js'
@@ -16,9 +16,15 @@ function createMockStripeClient(
   overrides?: Partial<{ status: string; id: string; throws: boolean }>,
 ): { client: StripeClient; create: ReturnType<typeof vi.fn> } {
   const { status = 'succeeded', id = 'pi_mock_123', throws = false } = overrides ?? {}
+  let callCount = 0
   const create = vi.fn(async () => {
     if (throws) throw new Error('Stripe API error')
-    return { id, status }
+    callCount++
+    return {
+      id,
+      status,
+      ...(callCount > 1 ? { lastResponse: { headers: { 'idempotent-replayed': 'true' } } } : {}),
+    }
   })
   return {
     client: { paymentIntents: { create } },
@@ -196,6 +202,51 @@ describe('stripe.charge with client', () => {
     expect(body.detail).toContain('requires action')
   })
 
+  test('behavior: rejects replayed credential', async () => {
+    const { client } = createMockStripeClient()
+
+    const server = Mppx.create({
+      methods: [
+        stripe.charge({
+          client,
+          networkId: 'internal',
+          paymentMethodTypes: ['card'],
+        }),
+      ],
+      realm,
+      secretKey,
+    })
+
+    const handle = server.charge({ amount: '1', currency: 'usd', decimals: 2 })
+
+    // First request: get challenge
+    const firstResult = await handle(new Request('https://example.com'))
+    expect(firstResult.status).toBe(402)
+    if (firstResult.status !== 402) throw new Error()
+
+    const challenge = Challenge.fromResponse(firstResult.challenge)
+    const credential = Credential.from({
+      challenge,
+      payload: { spt: 'spt_test_token' },
+    })
+
+    // First payment: should succeed
+    const result1 = await handle(
+      new Request('https://example.com', {
+        headers: { Authorization: Credential.serialize(credential) },
+      }),
+    )
+    expect(result1.status).toBe(200)
+
+    // Replay same credential: should be rejected
+    const result2 = await handle(
+      new Request('https://example.com', {
+        headers: { Authorization: Credential.serialize(credential) },
+      }),
+    )
+    expect(result2.status).toBe(402)
+  })
+
   test('behavior: receipt contains mock reference', async () => {
     const { client } = createMockStripeClient({ id: 'pi_custom_ref' })
 

package/src/stripe/server/Charge.ts

@@ -89,6 +89,9 @@ export function charge<const parameters extends charge.Parameters>(parameters: p
             metadata: resolvedMetadata,
           })
 
+      if (pi.replayed)
+        throw new VerificationFailedError({ reason: 'Payment has already been processed.' })
+
       if (pi.status === 'requires_action') {
         throw new PaymentActionRequiredError({ reason: 'Stripe PaymentIntent requires action' })
       }
@@ -136,7 +139,7 @@ async function createWithClient(parameters: {
   metadata: Record<string, string>
   request: { amount: unknown; currency: unknown }
   spt: string
-}): Promise<{ id: string; status: string }> {
+}): Promise<{ id: string; status: string; replayed: boolean }> {
   const { client, challenge, metadata, request, spt } = parameters
   try {
     const result = await client.paymentIntents.create(
@@ -151,7 +154,9 @@ async function createWithClient(parameters: {
       } as any,
       { idempotencyKey: `mppx_${challenge.id}_${spt}` },
     )
-    return { id: result.id, status: result.status }
+    // https://docs.stripe.com/error-low-level#idempotency
+    const replayed = result.lastResponse?.headers?.['idempotent-replayed'] === 'true'
+    return { id: result.id, status: result.status, replayed }
   } catch {
     throw new VerificationFailedError({ reason: 'Stripe PaymentIntent failed' })
   }
@@ -164,7 +169,7 @@ async function createWithSecretKey(parameters: {
   metadata: Record<string, string>
   request: { amount: unknown; currency: unknown }
   spt: string
-}): Promise<{ id: string; status: string }> {
+}): Promise<{ id: string; status: string; replayed: boolean }> {
   const { secretKey, challenge, metadata, request, spt } = parameters
 
   const body = new URLSearchParams({
@@ -190,7 +195,10 @@ async function createWithSecretKey(parameters: {
   })
 
   if (!response.ok) throw new VerificationFailedError({ reason: 'Stripe PaymentIntent failed' })
-  return (await response.json()) as { id: string; status: string }
+  // https://docs.stripe.com/error-low-level#idempotency
+  const replayed = response.headers.get('idempotent-replayed') === 'true'
+  const result = (await response.json()) as { id: string; status: string }
+  return { ...result, replayed }
 }
 
 /** @internal */

package/src/tempo/Attribution.test.ts

@@ -1,5 +1,5 @@
 import { Bytes, Hash, Hex } from 'ox'
-import { describe, expect, test } from 'vitest'
+import { describe, expect, test } from 'vp/test'
 
 import * as Attribution from './Attribution.js'
 

package/src/tempo/Methods.test.ts

@@ -1,5 +1,5 @@
 import { Methods } from 'mppx/tempo'
-import { describe, expect, expectTypeOf, test } from 'vitest'
+import { describe, expect, expectTypeOf, test } from 'vp/test'
 
 describe('charge', () => {
   test('has correct name and intent', () => {

package/src/tempo/client/ChannelOps.test.ts

@@ -2,10 +2,13 @@ import { Hex } from 'ox'
 import { type Address, createClient } from 'viem'
 import { privateKeyToAccount } from 'viem/accounts'
 import { Addresses } from 'viem/tempo'
-import { beforeAll, describe, expect, test } from 'vitest'
+import { beforeAll, describe, expect, test } from 'vp/test'
+import { nodeEnv } from '~test/config.js'
 import { deployEscrow, openChannel } from '~test/tempo/session.js'
 import { accounts, asset, chain, client, fundAccount, http } from '~test/tempo/viem.js'
 
+const isLocalnet = nodeEnv === 'localnet'
+
 import type { Challenge } from '../../Challenge.js'
 import * as Credential from '../../Credential.js'
 import {
@@ -166,7 +169,7 @@ describe('createClosePayload', () => {
   })
 })
 
-describe('createOpenPayload', () => {
+describe.runIf(isLocalnet)('createOpenPayload', () => {
   const payer = accounts[2]
   const payee = accounts[1].address
   const currency = asset
@@ -250,7 +253,7 @@ describe('createOpenPayload', () => {
   })
 })
 
-describe('tryRecoverChannel', () => {
+describe.runIf(isLocalnet)('tryRecoverChannel', () => {
   const payer = accounts[3]
   const payee = accounts[1].address
   const currency = asset

package/src/tempo/client/Session.test.ts

@@ -1,10 +1,13 @@
 import { type Address, createClient, type Hex, http } from 'viem'
 import { privateKeyToAccount } from 'viem/accounts'
 import { Addresses } from 'viem/tempo'
-import { beforeAll, describe, expect, test } from 'vitest'
+import { beforeAll, describe, expect, test } from 'vp/test'
+import { nodeEnv } from '~test/config.js'
 import { deployEscrow, openChannel } from '~test/tempo/session.js'
 import { accounts, asset, chain, client, fundAccount } from '~test/tempo/viem.js'
 
+const isLocalnet = nodeEnv === 'localnet'
+
 import * as Challenge from '../../Challenge.js'
 import * as Credential from '../../Credential.js'
 import { chainId, escrowContract as escrowContractDefaults } from '../internal/defaults.js'
@@ -201,7 +204,7 @@ describe('session (pure)', () => {
   })
 })
 
-describe('session (on-chain)', () => {
+describe.runIf(isLocalnet)('session (on-chain)', () => {
   const payer = accounts[2]
   const payee = accounts[1].address
   let escrowContract: Address

package/src/tempo/client/SessionManager.test.ts

@@ -1,5 +1,5 @@
 import type { Hex } from 'viem'
-import { describe, expect, test, vi } from 'vitest'
+import { describe, expect, test, vi } from 'vp/test'
 
 import * as Challenge from '../../Challenge.js'
 import { formatNeedVoucherEvent, parseEvent } from '../session/Sse.js'

package/src/tempo/internal/auto-swap.test.ts

@@ -1,5 +1,5 @@
 import type { Address } from 'viem'
-import { describe, expect, test } from 'vitest'
+import { describe, expect, test } from 'vp/test'
 
 import { defaultCurrencies, InsufficientFundsError, resolve } from './auto-swap.js'
 

package/src/tempo/internal/defaults.test.ts

@@ -1,4 +1,4 @@
-import { describe, expect, test } from 'vitest'
+import { describe, expect, test } from 'vp/test'
 
 import {
   chainId,

package/src/tempo/internal/fee-payer.test.ts

@@ -1,6 +1,6 @@
 import { encodeFunctionData } from 'viem'
 import { Abis, Addresses } from 'viem/tempo'
-import { describe, expect, test } from 'vitest'
+import { describe, expect, test } from 'vp/test'
 
 import { callScopes, FeePayerValidationError, validateCalls } from './fee-payer.js'
 import * as Selectors from './selectors.js'

package/src/tempo/server/Charge.test.ts

@@ -7,7 +7,7 @@ import { Handler } from 'tempo.ts/server'
 import { createClient, custom, encodeFunctionData, parseUnits } from 'viem'
 import { getTransactionReceipt, prepareTransactionRequest, signTransaction } from 'viem/actions'
 import { Abis, Account, Actions, Addresses, Secp256k1, Tick, Transaction } from 'viem/tempo'
-import { beforeAll, describe, expect, test } from 'vitest'
+import { beforeAll, describe, expect, test } from 'vp/test'
 import * as Http from '~test/Http.js'
 import { closeChannelOnChain, deployEscrow, openChannel } from '~test/tempo/session.js'
 import { accounts, asset, chain, client, fundAccount } from '~test/tempo/viem.js'

package/src/tempo/server/Session.test.ts

@@ -4,7 +4,10 @@ import { Mppx as Mppx_server, tempo as tempo_server } from 'mppx/server'
 import { type Address, createClient, type Hex } from 'viem'
 import { waitForTransactionReceipt } from 'viem/actions'
 import { Addresses } from 'viem/tempo'
-import { beforeAll, beforeEach, describe, expect, test } from 'vitest'
+import { beforeAll, beforeEach, describe, expect, expectTypeOf, test } from 'vp/test'
+import { nodeEnv } from '~test/config.js'
+
+const isLocalnet = nodeEnv === 'localnet'
 import {
   deployEscrow,
   requestCloseChannel,
@@ -19,7 +22,6 @@ import {
   ChannelNotFoundError,
   InsufficientBalanceError,
   InvalidSignatureError,
-  VerificationFailedError,
 } from '../../Errors.js'
 import * as Store from '../../Store.js'
 import {
@@ -33,6 +35,7 @@ import { signVoucher } from '../session/Voucher.js'
 import { charge, session, settle } from './Session.js'
 
 const payer = accounts[2]
+const recipientAccount = accounts[0]
 const recipient = accounts[0].address
 const currency = asset
 
@@ -40,12 +43,13 @@ let escrowContract: Address
 let saltCounter = 0
 
 beforeAll(async () => {
+  if (!isLocalnet) return
   escrowContract = await deployEscrow()
   await fundAccount({ address: payer.address, token: Addresses.pathUsd })
   await fundAccount({ address: payer.address, token: currency })
 })
 
-describe('session', () => {
+describe.runIf(isLocalnet)('session', () => {
   let rawStore: Store.Store
   let store: ChannelStore.ChannelStore
 
@@ -58,7 +62,7 @@ describe('session', () => {
     return session({
       store: rawStore,
       getClient: () => client,
-      account: recipient,
+      account: recipientAccount,
       currency,
       escrowContract,
       chainId: chain.id,
@@ -618,7 +622,47 @@ describe('session', () => {
       ).rejects.toThrow(InvalidSignatureError)
     })
 
-    test('rejects exact replay of already-verified voucher (non-increasing)', async () => {
+    test('accepts exact replay of already-verified voucher as idempotent', async () => {
+      const { channelId, serializedTransaction } = await createSignedOpenTransaction(10000000n)
+      const server = createServer()
+      await openServerChannel(server, channelId, serializedTransaction)
+
+      const payload = {
+        action: 'voucher' as const,
+        channelId,
+        cumulativeAmount: '2000000',
+        signature: await signTestVoucher(channelId, 2000000n),
+      }
+
+      await server.verify({
+        credential: {
+          challenge: makeChallenge({ id: 'challenge-2', channelId }),
+          payload,
+        },
+        request: makeRequest(),
+      })
+
+      const channelAfterFirstAccept = await store.getChannel(channelId)
+
+      const replayReceipt = (await server.verify({
+        credential: {
+          challenge: makeChallenge({ id: 'challenge-3', channelId }),
+          payload,
+        },
+        request: makeRequest(),
+      })) as SessionReceipt
+
+      expect(replayReceipt.status).toBe('success')
+      expect(replayReceipt.acceptedCumulative).toBe('2000000')
+      expect(replayReceipt.spent).toBe(channelAfterFirstAccept!.spent.toString())
+      expect(replayReceipt.units).toBe(channelAfterFirstAccept!.units)
+
+      const channelAfterReplay = await store.getChannel(channelId)
+      expect(channelAfterReplay).toEqual(channelAfterFirstAccept)
+      expect(channelAfterReplay!.highestVoucherAmount).toBe(2000000n)
+    })
+
+    test('rejects exact replay with invalid signature', async () => {
       const { channelId, serializedTransaction } = await createSignedOpenTransaction(10000000n)
       const server = createServer()
       await openServerChannel(server, channelId, serializedTransaction)
@@ -642,11 +686,14 @@ describe('session', () => {
         server.verify({
           credential: {
             challenge: makeChallenge({ id: 'challenge-3', channelId }),
-            payload,
+            payload: {
+              ...payload,
+              signature: `0x${'ab'.repeat(65)}` as Hex,
+            },
           },
           request: makeRequest(),
         }),
-      ).rejects.toThrow(VerificationFailedError)
+      ).rejects.toThrow(InvalidSignatureError)
     })
 
     test('rejects replayed voucher at settled amount after on-chain settlement', async () => {
@@ -1096,6 +1143,35 @@ describe('session', () => {
       ).rejects.toThrow('close voucher amount must be >=')
     })
 
+    test('rejects close equal to on-chain settled amount', async () => {
+      const { channelId, serializedTransaction } = await createSignedOpenTransaction(10000000n)
+      const server = createServer()
+
+      // Open with 1M voucher (matches openServerChannel default)
+      await openServerChannel(server, channelId, serializedTransaction)
+
+      // Settle on-chain so settled becomes 1000000
+      const settleTxHash = await settle(store, client, channelId, { escrowContract })
+      await waitForTransactionReceipt(client, { hash: settleTxHash })
+
+      // Try to close with voucher == on-chain settled — should be rejected
+      // because replaying the settled amount doesn't commit new funds
+      await expect(
+        server.verify({
+          credential: {
+            challenge: makeChallenge({ id: 'challenge-2', channelId }),
+            payload: {
+              action: 'close' as const,
+              channelId,
+              cumulativeAmount: '1000000',
+              signature: await signTestVoucher(channelId, 1000000n),
+            },
+          },
+          request: makeRequest(),
+        }),
+      ).rejects.toThrow('close voucher amount must be >')
+    })
+
     test('rejects close exceeding on-chain deposit', async () => {
       const { channelId, serializedTransaction } = await createSignedOpenTransaction(10000000n)
       const server = createServer()
@@ -1191,27 +1267,29 @@ describe('session', () => {
       expect(ch!.finalized).toBe(true)
     })
 
-    test('close throws when client has no account', async () => {
-      const { channelId, serializedTransaction } = await createSignedOpenTransaction(10000000n)
-      const server = createServer({
-        getClient: () => createClient({ chain, transport: http() }),
-      })
-      await openServerChannel(server, channelId, serializedTransaction)
-
-      await expect(
-        server.verify({
-          credential: {
-            challenge: makeChallenge({ id: 'challenge-2', channelId }),
-            payload: {
-              action: 'close' as const,
-              channelId,
-              cumulativeAmount: '1000000',
-              signature: await signTestVoucher(channelId, 1000000n),
-            },
-          },
-          request: makeRequest(),
-        }),
-      ).rejects.toThrow('Cannot close channel: no account available')
+    test('session() throws at initialization when no account provided', () => {
+      expect(() =>
+        session({
+          store: rawStore,
+          getClient: () => client,
+          account: recipient as Address,
+          currency,
+          escrowContract,
+          chainId: chain.id,
+        } as session.Parameters),
+      ).toThrow('tempo.session() requires an `account`')
+    })
+
+    test('session() throws at initialization with no account at all', () => {
+      expect(() =>
+        session({
+          store: rawStore,
+          getClient: () => client,
+          currency,
+          escrowContract,
+          chainId: chain.id,
+        } as session.Parameters),
+      ).toThrow('tempo.session() requires an `account`')
     })
   })
 
@@ -2208,6 +2286,7 @@ describe('monotonicity and TOCTOU (unit tests)', () => {
 })
 
 describe('session default currency resolution', () => {
+  const mockAccount = accounts[0]
   const mockClient = createClient({ transport: http('http://localhost:1') })
   const mockMainnetClient = createClient({
     chain: {
@@ -2232,7 +2311,7 @@ describe('session default currency resolution', () => {
     const server = session({
       store: Store.memory(),
       getClient: () => mockClient,
-      account: '0x0000000000000000000000000000000000000001',
+      account: mockAccount,
       escrowContract: '0x0000000000000000000000000000000000000002',
     } as session.Parameters)
     expect(server.defaults?.currency).toBe('0x20C000000000000000000000b9537d11c60E8b50')
@@ -2242,7 +2321,7 @@ describe('session default currency resolution', () => {
     const server = session({
       store: Store.memory(),
       getClient: () => mockClient,
-      account: '0x0000000000000000000000000000000000000001',
+      account: mockAccount,
       escrowContract: '0x0000000000000000000000000000000000000002',
       testnet: true,
     } as session.Parameters)
@@ -2253,7 +2332,7 @@ describe('session default currency resolution', () => {
     const server = session({
       store: Store.memory(),
       getClient: () => mockClient,
-      account: '0x0000000000000000000000000000000000000001',
+      account: mockAccount,
       escrowContract: '0x0000000000000000000000000000000000000002',
       chainId: 69420,
     } as session.Parameters)
@@ -2264,7 +2343,7 @@ describe('session default currency resolution', () => {
     const server = session({
       store: Store.memory(),
       getClient: () => mockClient,
-      account: '0x0000000000000000000000000000000000000001',
+      account: mockAccount,
       currency: '0xcustom',
       escrowContract: '0x0000000000000000000000000000000000000002',
       chainId: 4217,
@@ -2277,7 +2356,7 @@ describe('session default currency resolution', () => {
     const server = session({
       store: Store.memory(),
       getClient: () => mockClient,
-      account: '0x0000000000000000000000000000000000000001',
+      account: mockAccount,
       escrowContract: '0x0000000000000000000000000000000000000002',
       chainId: 42431,
     } as session.Parameters)
@@ -2290,7 +2369,7 @@ describe('session default currency resolution', () => {
         tempo_server.session({
           store: Store.memory(),
           getClient: () => mockMainnetClient,
-          account: '0x0000000000000000000000000000000000000001',
+          account: mockAccount,
           escrowContract: '0x0000000000000000000000000000000000000002',
           chainId: 4217,
           testnet: false,
@@ -2317,7 +2396,7 @@ describe('session default currency resolution', () => {
         tempo_server.session({
           store: Store.memory(),
           getClient: () => mockTestnetClient,
-          account: '0x0000000000000000000000000000000000000001',
+          account: mockAccount,
           escrowContract: '0x0000000000000000000000000000000000000002',
           testnet: true,
         }),
@@ -2344,7 +2423,7 @@ describe('session default currency resolution', () => {
         tempo_server.session({
           store: Store.memory(),
           getClient: () => mockTestnetClient,
-          account: '0x0000000000000000000000000000000000000001',
+          account: mockAccount,
           escrowContract: '0x0000000000000000000000000000000000000002',
           chainId: 69420,
         }),
@@ -2370,7 +2449,7 @@ describe('session default currency resolution', () => {
         tempo_server.session({
           store: Store.memory(),
           getClient: () => mockClient,
-          account: '0x0000000000000000000000000000000000000001',
+          account: mockAccount,
           currency: '0xcustom',
           escrowContract: '0x0000000000000000000000000000000000000002',
           chainId: 4217,

package/src/tempo/server/Session.ts

@@ -101,6 +101,11 @@ export function session<const parameters extends session.Parameters>(p?: paramet
 
   const { account, recipient, feePayer, feePayerUrl } = Account.resolve(parameters)
 
+  if (!account)
+    throw new Error(
+      'tempo.session() requires an `account` (viem Account, e.g. privateKeyToAccount("0x...")). An address string is not sufficient — the server needs a signing account for on-chain channel close and settlement.',
+    )
+
   const getClient = Client.getResolver({
     chain: tempo_chain,
     feePayerUrl,
@@ -462,19 +467,12 @@ async function verifyAndAcceptVoucher(parameters: {
     throw new AmountExceedsDepositError({ reason: 'voucher amount exceeds on-chain deposit' })
   }
 
-  if (voucher.cumulativeAmount <= channel.highestVoucherAmount) {
+  if (voucher.cumulativeAmount < channel.highestVoucherAmount) {
     throw new VerificationFailedError({
       reason: 'voucher cumulativeAmount must be strictly greater than highest accepted voucher',
     })
   }
 
-  const delta = voucher.cumulativeAmount - channel.highestVoucherAmount
-  if (delta < minVoucherDelta) {
-    throw new DeltaTooSmallError({
-      reason: `voucher delta ${delta} below minimum ${minVoucherDelta}`,
-    })
-  }
-
   const isValid = await verifyVoucher(
     methodDetails.escrowContract,
     methodDetails.chainId,
@@ -486,6 +484,25 @@ async function verifyAndAcceptVoucher(parameters: {
     throw new InvalidSignatureError({ reason: 'invalid voucher signature' })
   }
 
+  // Idempotent replay: equal cumulative voucher is accepted without
+  // advancing channel state or charging additional value.
+  if (voucher.cumulativeAmount === channel.highestVoucherAmount) {
+    return createSessionReceipt({
+      challengeId: challenge.id,
+      channelId,
+      acceptedCumulative: channel.highestVoucherAmount,
+      spent: channel.spent,
+      units: channel.units,
+    })
+  }
+
+  const delta = voucher.cumulativeAmount - channel.highestVoucherAmount
+  if (delta < minVoucherDelta) {
+    throw new DeltaTooSmallError({
+      reason: `voucher delta ${delta} below minimum ${minVoucherDelta}`,
+    })
+  }
+
   const updated = await store.updateChannel(channelId, (current) => {
     if (!current) throw new ChannelNotFoundError({ reason: 'channel not found' })
     if (voucher.cumulativeAmount > current.highestVoucherAmount) {
@@ -798,10 +815,14 @@ async function handleClose(
     throw new ChannelClosedError({ reason: 'channel is finalized on-chain' })
   }
 
-  const minCloseAmount = channel.spent > onChain.settled ? channel.spent : onChain.settled
-  if (voucher.cumulativeAmount < minCloseAmount) {
+  if (voucher.cumulativeAmount < channel.spent) {
+    throw new VerificationFailedError({
+      reason: `close voucher amount must be >= ${channel.spent} (spent)`,
+    })
+  }
+  if (voucher.cumulativeAmount <= onChain.settled) {
     throw new VerificationFailedError({
-      reason: `close voucher amount must be >= ${minCloseAmount} (max of spent and on-chain settled)`,
+      reason: `close voucher amount must be > ${onChain.settled} (on-chain settled)`,
     })
   }
 

package/src/tempo/server/Sse.test.ts

@@ -1,5 +1,5 @@
 import type { Address, Hex } from 'viem'
-import { describe, expect, test } from 'vitest'
+import { describe, expect, test } from 'vp/test'
 
 import { chainId, escrowContract as escrowContractDefaults } from '../internal/defaults.js'
 import type * as ChannelStore from '../session/ChannelStore.js'

package/src/tempo/server/internal/transport.test.ts

@@ -1,6 +1,6 @@
 import { Challenge, Credential } from 'mppx'
 import type { Address, Hex } from 'viem'
-import { describe, expect, test } from 'vitest'
+import { describe, expect, test } from 'vp/test'
 
 import * as Store from '../../../Store.js'
 import { chainId, escrowContract as escrowContractDefaults } from '../../internal/defaults.js'
@@ -292,6 +292,29 @@ describe('sse transport', () => {
     expect(response.headers.get('Payment-Receipt')).toBeTruthy()
   })
 
+  test('respondReceipt with 204 management response keeps null body and receipt', async () => {
+    const store = memoryStore()
+    await seedChannel(store, 10000000n)
+    const transport = sse({ store })
+
+    transport.getCredential(makeAuthorizedRequest())
+
+    const managementResponse = new Response(null, { status: 204 })
+    const response = transport.respondReceipt({
+      receipt: makeReceipt(),
+      response: managementResponse,
+      challengeId,
+    })
+
+    expect(response.status).toBe(204)
+    expect(await response.text()).toBe('')
+    expect(response.headers.get('Payment-Receipt')).toBeTruthy()
+
+    const channel = await store.getChannel(channelId)
+    expect(channel!.spent).toBe(0n)
+    expect(channel!.units).toBe(0)
+  })
+
   test('poll: true strips waitForUpdate from store', async () => {
     const store = memoryStore()
     ;(store as any).waitForUpdate = async () => {}