npm - mppx - Versions diffs - 0.5.0 → 0.5.3 - Mend

mppx 0.5.0 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (104) hide show

package/CHANGELOG.md +19 -0
package/dist/Credential.d.ts +12 -0
package/dist/Credential.d.ts.map +1 -1
package/dist/Credential.js +22 -4
package/dist/Credential.js.map +1 -1
package/dist/Method.d.ts +4 -0
package/dist/Method.d.ts.map +1 -1
package/dist/Method.js +2 -1
package/dist/Method.js.map +1 -1
package/dist/cli/account.d.ts.map +1 -1
package/dist/cli/account.js +12 -2
package/dist/cli/account.js.map +1 -1
package/dist/proxy/Proxy.d.ts.map +1 -1
package/dist/proxy/Proxy.js +52 -8
package/dist/proxy/Proxy.js.map +1 -1
package/dist/proxy/internal/Route.d.ts.map +1 -1
package/dist/proxy/internal/Route.js +7 -3
package/dist/proxy/internal/Route.js.map +1 -1
package/dist/server/Mppx.d.ts.map +1 -1
package/dist/server/Mppx.js +90 -71
package/dist/server/Mppx.js.map +1 -1
package/dist/server/Transport.d.ts +5 -1
package/dist/server/Transport.d.ts.map +1 -1
package/dist/server/Transport.js +52 -7
package/dist/server/Transport.js.map +1 -1
package/dist/server/internal/html/config.d.ts +7 -0
package/dist/server/internal/html/config.d.ts.map +1 -0
package/dist/server/internal/html/config.js +3 -0
package/dist/server/internal/html/config.js.map +1 -0
package/dist/server/internal/html/serviceWorker.gen.d.ts +2 -0
package/dist/server/internal/html/serviceWorker.gen.d.ts.map +1 -0
package/dist/server/internal/html/serviceWorker.gen.js +3 -0
package/dist/server/internal/html/serviceWorker.gen.js.map +1 -0
package/dist/stripe/server/Charge.d.ts +5 -0
package/dist/stripe/server/Charge.d.ts.map +1 -1
package/dist/stripe/server/Charge.js +14 -6
package/dist/stripe/server/Charge.js.map +1 -1
package/dist/stripe/server/internal/html.gen.d.ts +2 -0
package/dist/stripe/server/internal/html.gen.d.ts.map +1 -0
package/dist/stripe/server/internal/html.gen.js +3 -0
package/dist/stripe/server/internal/html.gen.js.map +1 -0
package/dist/tempo/internal/proof.d.ts +6 -0
package/dist/tempo/internal/proof.d.ts.map +1 -1
package/dist/tempo/internal/proof.js +15 -0
package/dist/tempo/internal/proof.js.map +1 -1
package/dist/tempo/server/Charge.d.ts +10 -3
package/dist/tempo/server/Charge.d.ts.map +1 -1
package/dist/tempo/server/Charge.js +38 -10
package/dist/tempo/server/Charge.js.map +1 -1
package/dist/tempo/server/Session.d.ts.map +1 -1
package/dist/tempo/server/Session.js +3 -2
package/dist/tempo/server/Session.js.map +1 -1
package/dist/tempo/server/internal/html.gen.d.ts +2 -0
package/dist/tempo/server/internal/html.gen.d.ts.map +1 -0
package/dist/tempo/server/internal/html.gen.js +3 -0
package/dist/tempo/server/internal/html.gen.js.map +1 -0
package/dist/tempo/server/internal/transport.d.ts +1 -1
package/dist/tempo/server/internal/transport.d.ts.map +1 -1
package/dist/tempo/server/internal/transport.js +45 -58
package/dist/tempo/server/internal/transport.js.map +1 -1
package/package.json +2 -2
package/src/Credential.ts +28 -4
package/src/Method.ts +6 -1
package/src/cli/account.ts +13 -2
package/src/env.d.ts +1 -0
package/src/mcp-sdk/server/Transport.test.ts +6 -0
package/src/middlewares/elysia.test.ts +3 -5
package/src/middlewares/express.test.ts +3 -5
package/src/middlewares/hono.test.ts +8 -5
package/src/middlewares/nextjs.test.ts +3 -5
package/src/proxy/Proxy.test.ts +188 -1
package/src/proxy/Proxy.ts +58 -9
package/src/proxy/internal/Route.test.ts +9 -0
package/src/proxy/internal/Route.ts +5 -2
package/src/server/Mppx.test.ts +171 -18
package/src/server/Mppx.ts +120 -79
package/src/server/Transport.test.ts +16 -2
package/src/server/Transport.ts +61 -7
package/src/server/internal/html/config.ts +8 -0
package/src/server/internal/html/serviceWorker.client.ts +28 -0
package/src/server/internal/html/serviceWorker.gen.ts +2 -0
package/src/server/internal/html/serviceWorker.ts +27 -0
package/src/server/internal/html/tsconfig.worker.client.json +8 -0
package/src/server/internal/html/tsconfig.worker.json +8 -0
package/src/stripe/server/Charge.ts +19 -5
package/src/stripe/server/internal/html/main.ts +106 -0
package/src/stripe/server/internal/html/node_modules/.bin/mppx.src +21 -0
package/src/stripe/server/internal/html/package.json +9 -0
package/src/stripe/server/internal/html/stripe-js-pure.d.ts +7 -0
package/src/stripe/server/internal/html/tsconfig.json +8 -0
package/src/stripe/server/internal/html.gen.ts +2 -0
package/src/tempo/internal/proof.test.ts +47 -0
package/src/tempo/internal/proof.ts +16 -0
package/src/tempo/server/Charge.test.ts +298 -0
package/src/tempo/server/Charge.ts +61 -12
package/src/tempo/server/Session.ts +3 -2
package/src/tempo/server/internal/html/main.ts +71 -0
package/src/tempo/server/internal/html/node_modules/.bin/mppx.src +21 -0
package/src/tempo/server/internal/html/package.json +10 -0
package/src/tempo/server/internal/html/tsconfig.json +8 -0
package/src/tempo/server/internal/html.gen.ts +2 -0
package/src/tempo/server/internal/transport.test.ts +37 -31
package/src/tempo/server/internal/transport.ts +44 -58
package/src/tsconfig.json +1 -1

package/src/tempo/server/Charge.ts CHANGED Viewed

@@ -10,6 +10,7 @@ import {
 import { tempo as tempo_chain } from 'viem/chains'
 import { Abis, Transaction } from 'viem/tempo'
+import { PaymentError, VerificationFailedError } from '../../Errors.js'
 import * as Expires from '../../Expires.js'
 import type { LooseOmit, NoExtraKeys } from '../../internal/types.js'
 import * as Method from '../../Method.js'
@@ -24,6 +25,7 @@ import * as Proof from '../internal/proof.js'
 import * as Selectors from '../internal/selectors.js'
 import type * as types from '../internal/types.js'
 import * as Methods from '../Methods.js'
+import { html as htmlContent } from './internal/html.gen.js'
 /**
  * Creates a Tempo charge method intent for usage on the server.
@@ -47,10 +49,12 @@ export function charge<const parameters extends charge.Parameters>(
     decimals = defaults.decimals,
     description,
     externalId,
+    html,
     memo,
     waitForConfirmation = true,
   } = parameters
   const store = (parameters.store ?? Store.memory()) as Store.Store<charge.StoreItemMap>
+  const proofStore = parameters.store as Store.Store<charge.StoreItemMap> | undefined
   const { recipient, feePayer, feePayerUrl } = Account.resolve(parameters)
@@ -73,6 +77,8 @@ export function charge<const parameters extends charge.Parameters>(
       recipient,
     } as unknown as Defaults,
+    html: html ? { config: {}, content: htmlContent } : undefined,
     // TODO: dedupe `{charge,session}.request`
     async request({ credential, request }) {
       const chainId = await (async () => {
@@ -109,16 +115,17 @@ export function charge<const parameters extends charge.Parameters>(
     async verify({ credential, request }) {
       const { challenge } = credential
-      const { chainId, feePayer } = request
+      const resolvedRequest = Methods.charge.schema.request.parse(request)
+      const chainId = resolvedRequest.methodDetails?.chainId ?? request.chainId
+      const feePayer = request.feePayer
       const client = await getClient({ chainId })
-      const { request: challengeRequest } = challenge
-      const { amount, methodDetails } = challengeRequest
+      const { amount, methodDetails } = resolvedRequest
       const expires = challenge.expires
-      const currency = challengeRequest.currency as `0x${string}`
-      const recipient = challengeRequest.recipient as `0x${string}`
+      const currency = resolvedRequest.currency as `0x${string}`
+      const recipient = resolvedRequest.recipient as `0x${string}`
       Expires.assert(expires, challenge.id)
@@ -159,11 +166,15 @@ export function charge<const parameters extends charge.Parameters>(
           if (!expectedSource)
             throw new MismatchError('Proof credential must include a source.', {})
-          const sourceAddress = expectedSource.split(':').pop() as `0x${string}`
           const resolvedChainId = challenge.request.methodDetails?.chainId ?? chainId!
+          const source = Proof.parseProofSource(expectedSource)
+          if (!source || source.chainId !== resolvedChainId) {
+            throw new MismatchError('Proof credential source is invalid.', {})
+          }
           const valid = await verifyTypedData(client, {
-            address: sourceAddress,
+            address: source.address,
             domain: Proof.domain(resolvedChainId),
             types: Proof.types,
             primaryType: 'Proof',
@@ -172,6 +183,11 @@ export function charge<const parameters extends charge.Parameters>(
           })
           if (!valid) throw new MismatchError('Proof signature does not match source.', {})
+          if (proofStore) {
+            await assertProofUnused(proofStore, challenge.id)
+            await markProofUsed(proofStore, challenge.id)
+          }
           return {
             method: 'tempo',
             status: 'success',
@@ -282,13 +298,20 @@ export declare namespace charge {
   type Defaults = LooseOmit<Method.RequestDefaults<typeof Methods.charge>, 'feePayer' | 'recipient'>
   type Parameters = {
+    /** Render payment page when Accept header is text/html (e.g. in browsers) */
+    html?: boolean | undefined
     /** Testnet mode. */
     testnet?: boolean | undefined
     /**
-     * Store for transaction hash replay protection.
+     * Store for charge replay protection.
      *
-     * Use a shared store in multi-instance deployments so consumed hashes are
-     * visible across all server instances.
+     * Non-zero charge flows default to an in-memory store if omitted. For
+     * zero-dollar proof auth, replay prevention is enabled only when a store
+     * is explicitly provided; otherwise proofs remain reusable until the
+     * challenge expires.
+     *
+     * Use a shared store in multi-instance deployments so consumed hashes and
+     * proofs are visible across all server instances.
      */
     store?: Store.Store | undefined
     /**
@@ -504,13 +527,19 @@ function getHashStoreKey(hash: `0x${string}`): `mppx:charge:${string}` {
   return `mppx:charge:${hash.toLowerCase()}`
 }
+/** @internal */
+function getProofStoreKey(challengeId: string): `mppx:charge:${string}` {
+  return `mppx:charge:proof:${challengeId}`
+}
 /** @internal */
 async function assertHashUnused(
   store: Store.Store<charge.StoreItemMap>,
   hash: `0x${string}`,
 ): Promise<void> {
   const seen = await store.get(getHashStoreKey(hash))
-  if (seen !== null) throw new Error('Transaction hash has already been used.')
+  if (seen !== null)
+    throw new VerificationFailedError({ reason: 'Transaction hash has already been used' })
 }
 /** @internal */
@@ -521,6 +550,24 @@ async function markHashUsed(
   await store.put(getHashStoreKey(hash), Date.now())
 }
+/** @internal */
+async function assertProofUnused(
+  store: Store.Store<charge.StoreItemMap>,
+  challengeId: string,
+): Promise<void> {
+  const seen = await store.get(getProofStoreKey(challengeId))
+  if (seen !== null)
+    throw new VerificationFailedError({ reason: 'Proof credential has already been used' })
+}
+/** @internal */
+async function markProofUsed(
+  store: Store.Store<charge.StoreItemMap>,
+  challengeId: string,
+): Promise<void> {
+  await store.put(getProofStoreKey(challengeId), Date.now())
+}
 /** @internal */
 function toReceipt(receipt: TransactionReceipt) {
   const { status, transactionHash } = receipt
@@ -536,8 +583,10 @@ function toReceipt(receipt: TransactionReceipt) {
 }
 /** @internal */
-class MismatchError extends Error {
+class MismatchError extends PaymentError {
   override readonly name = 'MismatchError'
+  readonly title = 'Verification Failed'
+  readonly type = 'https://paymentauth.org/problems/verification-failed'
   constructor(reason: string, details: Record<string, string>) {
     super([reason, ...Object.entries(details).map(([k, v]) => `  - ${k}: ${v}`)].join('\n'))

package/src/tempo/server/Session.ts CHANGED Viewed

@@ -179,10 +179,11 @@ export function session<const parameters extends session.Parameters>(
       }
     },
-    async verify({ credential }) {
+    async verify({ credential, request }) {
       const { challenge, payload } = credential as Credential.Credential<SessionCredentialPayload>
-      const methodDetails = challenge.request.methodDetails as SessionMethodDetails
+      const resolvedRequest = Methods.session.schema.request.parse(request)
+      const methodDetails = resolvedRequest.methodDetails as SessionMethodDetails
       const client = await getClient({ chainId: methodDetails.chainId })
       const resolvedFeePayer = methodDetails.feePayer === true ? feePayer : undefined

package/src/tempo/server/internal/html/main.ts ADDED Viewed

@@ -0,0 +1,71 @@
+import { local, Provider } from 'accounts'
+import { Json } from 'ox'
+import { createClient, custom, http } from 'viem'
+import { tempoModerato, tempoLocalnet } from 'viem/chains'
+import type * as Challenge from '../../../../Challenge.js'
+import { tempo } from '../../../../client/index.js'
+import * as Html from '../../../../server/internal/html/config.js'
+import { submitCredential } from '../../../../server/internal/html/serviceWorker.client.js'
+import type * as Methods from '../../../Methods.js'
+const data = Json.parse(document.getElementById(Html.dataId)!.textContent) as {
+  challenge: Challenge.FromMethods<[typeof Methods.charge]>
+}
+const root = document.getElementById('root')!
+const h2 = document.createElement('h2')
+h2.textContent = 'tempo'
+root.appendChild(h2)
+const provider = Provider.create({
+  // Dead code eliminated from production bundle (including top-level imports)
+  ...(import.meta.env.MODE === 'test'
+    ? {
+        adapter: local({
+          async loadAccounts() {
+            const { generatePrivateKey } = await import('viem/accounts')
+            const { Account, Actions } = await import('viem/tempo')
+            const privateKey = generatePrivateKey()
+            const account = Account.fromSecp256k1(privateKey)
+            const client = createClient({
+              chain: [tempoModerato, tempoLocalnet].find(
+                (x) => x.id === data.challenge.request.methodDetails?.chainId,
+              ),
+              transport: http(),
+            })
+            await Actions.faucet.fundSync(client, { account })
+            return {
+              accounts: [account],
+            }
+          },
+        }),
+      }
+    : {}),
+  testnet:
+    data.challenge.request.methodDetails?.chainId === tempoModerato.id ||
+    data.challenge.request.methodDetails?.chainId === tempoLocalnet.id,
+})
+const button = document.createElement('button')
+button.textContent = 'Continue with Tempo'
+button.onclick = async () => {
+  try {
+    button.disabled = true
+    const chain = [...(provider?.chains ?? []), tempoModerato, tempoLocalnet].find(
+      (x) => x.id === data.challenge.request.methodDetails?.chainId,
+    )
+    const client = createClient({ chain, transport: custom(provider) })
+    const result = await provider.request({ method: 'wallet_connect' })
+    const account = result.accounts[0]?.address
+    const method = tempo({ account, getClient: () => client })[0]
+    const credential = await method.createCredential({ challenge: data.challenge, context: {} })
+    await submitCredential(credential)
+  } finally {
+    button.disabled = false
+  }
+}
+root.appendChild(button)

package/src/tempo/server/internal/html/node_modules/.bin/mppx.src ADDED Viewed

@@ -0,0 +1,21 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*)
+        if command -v cygpath > /dev/null 2>&1; then
+            basedir=`cygpath -w "$basedir"`
+        fi
+    ;;
+esac
+if [ -z "$NODE_PATH" ]; then
+  export NODE_PATH="/home/runner/work/mppx/mppx/src/node_modules:/home/runner/work/mppx/mppx/node_modules:/home/runner/work/mppx/node_modules:/home/runner/work/node_modules:/home/runner/node_modules:/home/node_modules:/node_modules:/home/runner/work/mppx/mppx/node_modules/.pnpm/node_modules"
+else
+  export NODE_PATH="/home/runner/work/mppx/mppx/src/node_modules:/home/runner/work/mppx/mppx/node_modules:/home/runner/work/mppx/node_modules:/home/runner/work/node_modules:/home/runner/node_modules:/home/node_modules:/node_modules:/home/runner/work/mppx/mppx/node_modules/.pnpm/node_modules:$NODE_PATH"
+fi
+if [ -x "$basedir/node" ]; then
+  exec "$basedir/node"  "$basedir/../mppx/src/bin.ts" "$@"
+else
+  exec node  "$basedir/../mppx/src/bin.ts" "$@"
+fi

package/src/tempo/server/internal/html/package.json ADDED Viewed

@@ -0,0 +1,10 @@
+{
+  "name": "@mppx/tempo-html",
+  "private": true,
+  "type": "module",
+  "dependencies": {
+    "accounts": "https://pkg.pr.new/tempoxyz/accounts@c339a21",
+    "mppx": "workspace:*",
+    "viem": "2.47.5"
+  }
+}

package/src/tempo/server/internal/html/tsconfig.json ADDED Viewed

@@ -0,0 +1,8 @@
+{
+  "extends": "../../../../../tsconfig.base.json",
+  "compilerOptions": {
+    "lib": ["es2022", "dom"],
+    "types": []
+  },
+  "include": ["./**/*.ts", "../../../../env.d.ts"]
+}