mppx 0.5.1 → 0.5.3

package/dist/tempo/server/internal/html.gen.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"html.gen.js","sourceRoot":"","sources":["../../../../src/tempo/server/internal/html.gen.ts"],"names":[],"mappings":"AAAA,2BAA2B;AAC3B,MAAM,CAAC,MAAM,IAAI,GAAG,8wwaAA8wwa,CAAA"}

package/dist/tempo/server/internal/transport.d.ts

@@ -1,6 +1,6 @@
 /**
  * Tempo-specific SSE transport that wraps the base HTTP transport
- * with metering logic (context capture from credentials, per-token
+ * with metering logic (context capture from verified credentials, per-token
  * charging via Sse.serve).
  *
  * @internal

package/dist/tempo/server/internal/transport.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"transport.d.ts","sourceRoot":"","sources":["../../../../src/tempo/server/internal/transport.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,SAAS,MAAM,8BAA8B,CAAA;AACzD,OAAO,KAAK,YAAY,MAAM,+BAA+B,CAAA;AAC7D,OAAO,KAAK,QAAQ,MAAM,sBAAsB,CAAA;AAEhD,mDAAmD;AACnD,MAAM,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAA;AAE3D;;;;;;;;GAQG;AACH,wBAAgB,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,GAAG;IAAE,KAAK,EAAE,YAAY,CAAC,YAAY,CAAA;CAAE,GAAG,GAAG,CAqHpF;AAED,MAAM,CAAC,OAAO,WAAW,GAAG,CAAC;IAC3B,KAAK,OAAO,GAAG;QACb;;;;;;;;;WASG;QACH,IAAI,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;QAC1B,sDAAsD;QACtD,eAAe,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KACrC,CAAA;CACF;AAED,+EAA+E;AAC/E,wBAAgB,YAAY,CAAC,OAAO,EAAE;IACpC,QAAQ,EAAE,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAA;IAC7E,WAAW,EAAE,MAAM,CAAA;CACpB,GAAG,QAAQ,CAwBX"}
+{"version":3,"file":"transport.d.ts","sourceRoot":"","sources":["../../../../src/tempo/server/internal/transport.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,SAAS,MAAM,8BAA8B,CAAA;AACzD,OAAO,KAAK,YAAY,MAAM,+BAA+B,CAAA;AAC7D,OAAO,KAAK,QAAQ,MAAM,sBAAsB,CAAA;AAGhD,mDAAmD;AACnD,MAAM,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAA;AAE3D;;;;;;;;GAQG;AACH,wBAAgB,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,GAAG;IAAE,KAAK,EAAE,YAAY,CAAC,YAAY,CAAA;CAAE,GAAG,GAAG,CAsGpF;AAED,MAAM,CAAC,OAAO,WAAW,GAAG,CAAC;IAC3B,KAAK,OAAO,GAAG;QACb;;;;;;;;;WASG;QACH,IAAI,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;QAC1B,sDAAsD;QACtD,eAAe,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KACrC,CAAA;CACF;AAED,+EAA+E;AAC/E,wBAAgB,YAAY,CAAC,OAAO,EAAE;IACpC,QAAQ,EAAE,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC,CAAA;IAC7E,WAAW,EAAE,MAAM,CAAA;CACpB,GAAG,QAAQ,CAwBX"}

package/dist/tempo/server/internal/transport.js

@@ -1,6 +1,6 @@
 /**
  * Tempo-specific SSE transport that wraps the base HTTP transport
- * with metering logic (context capture from credentials, per-token
+ * with metering logic (context capture from verified credentials, per-token
  * charging via Sse.serve).
  *
  * @internal
@@ -28,27 +28,21 @@ export function sse(options) {
         const { waitForUpdate: _, ...store } = options.store;
         return store;
     })();
-    const contextMap = new Map();
     const base = Transport.http();
     return Transport.from({
         name: 'sse',
         getCredential(request) {
-            const credential = base.getCredential(request);
-            if (credential) {
-                try {
-                    const ctx = Sse_core.fromRequest(request);
-                    contextMap.set(ctx.challengeId, { ...ctx, signal: request.signal });
-                }
-                catch {
-                    // ignore — non-SSE credentials won't have session context
-                }
-            }
-            return credential;
+            return base.getCredential(request);
         },
         respondChallenge(options) {
             return base.respondChallenge(options);
         },
-        respondReceipt({ receipt, response, challengeId }) {
+        respondReceipt({ credential, receipt, response, challengeId, input }) {
+            const payload = credential.payload;
+            if (!payload.channelId)
+                throw new Error('No SSE context available');
+            const channelId = payload.channelId;
+            const tickCost = BigInt(credential.challenge.request.amount);
             // Auto-detect upstream SSE responses and parse them into an
             // AsyncIterable so they flow through the metered pipeline.
             // This lets proxy consumers simply pass `result.withReceipt(upstreamRes)`
@@ -57,10 +51,6 @@ export function sse(options) {
                 ? Sse_core.iterateData(response, { skip: (d) => d === '[DONE]' })
                 : response;
             if (isAsyncGeneratorFunction(resolved) || isAsyncIterable(resolved)) {
-                const ctx = contextMap.get(challengeId);
-                if (!ctx)
-                    throw new Error('No SSE context available — credential was not parsed');
-                contextMap.delete(challengeId);
                 // Pass async generator functions directly so Sse.serve gives them
                 // a SessionController for manual charge(). Pass raw AsyncIterables
                 // as-is so Sse.serve auto-charges per yielded value.
@@ -69,60 +59,57 @@ export function sse(options) {
                     : resolved;
                 const stream = Sse_core.serve({
                     store,
-                    channelId: ctx.channelId,
+                    channelId,
                     challengeId,
-                    tickCost: ctx.tickCost,
+                    tickCost,
                     pollIntervalMs: pollingInterval,
                     generate,
-                    signal: ctx.signal,
+                    signal: input.signal,
                 });
                 return Sse_core.toResponse(stream);
             }
             const baseResponse = base.respondReceipt({
+                credential,
+                input,
                 receipt,
                 response: response,
                 challengeId,
             });
             // Non-SSE response (e.g. upstream returned JSON instead of event-stream).
             // Need to deduct tickCost so request isn't free.
-            const ctx = contextMap.get(challengeId);
-            if (ctx) {
-                contextMap.delete(challengeId);
-                // Null-body statuses (e.g. 204 from management actions) cannot carry a
-                // response body per Fetch/HTTP semantics.
-                if (isNullBodyStatus(baseResponse.status)) {
-                    return baseResponse;
-                }
-                const stream = new ReadableStream({
-                    async start(controller) {
-                        // deduction completes before consumer reads
-                        await ChannelStore.deductFromChannel(store, ctx.channelId, ctx.tickCost);
-                        if (!baseResponse.body) {
-                            controller.close();
-                            return;
-                        }
-                        const reader = baseResponse.body.getReader();
-                        try {
-                            while (true) {
-                                const { done, value } = await reader.read();
-                                if (done)
-                                    break;
-                                controller.enqueue(value);
-                            }
-                        }
-                        finally {
-                            reader.releaseLock();
-                            controller.close();
-                        }
-                    },
-                });
-                return new Response(stream, {
-                    status: baseResponse.status,
-                    statusText: baseResponse.statusText,
-                    headers: baseResponse.headers,
-                });
+            // Null-body statuses (e.g. 204 from management actions) cannot carry a
+            // response body per Fetch/HTTP semantics.
+            if (isNullBodyStatus(baseResponse.status)) {
+                return baseResponse;
             }
-            return baseResponse;
+            const stream = new ReadableStream({
+                async start(controller) {
+                    // deduction completes before consumer reads
+                    await ChannelStore.deductFromChannel(store, channelId, tickCost);
+                    if (!baseResponse.body) {
+                        controller.close();
+                        return;
+                    }
+                    const reader = baseResponse.body.getReader();
+                    try {
+                        while (true) {
+                            const { done, value } = await reader.read();
+                            if (done)
+                                break;
+                            controller.enqueue(value);
+                        }
+                    }
+                    finally {
+                        reader.releaseLock();
+                        controller.close();
+                    }
+                },
+            });
+            return new Response(stream, {
+                status: baseResponse.status,
+                statusText: baseResponse.statusText,
+                headers: baseResponse.headers,
+            });
         },
     });
 }

package/dist/tempo/server/internal/transport.js.map

@@ -1 +1 @@
-{"version":3,"file":"transport.js","sourceRoot":"","sources":["../../../../src/tempo/server/internal/transport.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,SAAS,MAAM,8BAA8B,CAAA;AACzD,OAAO,KAAK,YAAY,MAAM,+BAA+B,CAAA;AAC7D,OAAO,KAAK,QAAQ,MAAM,sBAAsB,CAAA;AAKhD;;;;;;;;GAQG;AACH,MAAM,UAAU,GAAG,CAAC,OAA2D;IAC7E,MAAM,EAAE,eAAe,EAAE,IAAI,EAAE,GAAG,OAAO,CAAA;IAEzC,oEAAoE;IACpE,6EAA6E;IAC7E,qEAAqE;IACrE,MAAM,KAAK,GAAG,CAAC,GAAG,EAAE;QAClB,IAAI,CAAC,IAAI;YAAE,OAAO,OAAO,CAAC,KAAK,CAAA;QAC/B,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QACpD,OAAO,KAAK,CAAA;IACd,CAAC,CAAC,EAAE,CAAA;IAEJ,MAAM,UAAU,GAAG,IAAI,GAAG,EAAmE,CAAA;IAE7F,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,EAAE,CAAA;IAC7B,OAAO,SAAS,CAAC,IAAI,CAAgE;QACnF,IAAI,EAAE,KAAK;QAEX,aAAa,CAAC,OAAO;YACnB,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;YAC9C,IAAI,UAAU,EAAE,CAAC;gBACf,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;oBACzC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,GAAG,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAA;gBACrE,CAAC;gBAAC,MAAM,CAAC;oBACP,0DAA0D;gBAC5D,CAAC;YACH,CAAC;YACD,OAAO,UAAU,CAAA;QACnB,CAAC;QAED,gBAAgB,CAAC,OAAO;YACtB,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAa,CAAA;QACnD,CAAC;QAED,cAAc,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE;YAC/C,4DAA4D;YAC5D,2DAA2D;YAC3D,0EAA0E;YAC1E,4CAA4C;YAC5C,MAAM,QAAQ,GACZ,QAAQ,YAAY,QAAQ,IAAI,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,IAAI;gBAC/E,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjE,CAAC,CAAC,QAAQ,CAAA;YAEd,IAAI,wBAAwB,CAAC,QAAQ,CAAC,IAAI,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpE,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;gBACvC,IAAI,CAAC,GAAG;oBAAE,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;gBACjF,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;gBAE9B,kEAAkE;gBAClE,mEAAmE;gBACnE,qDAAqD;gBACrD,MAAM,QAAQ,GAAuC,wBAAwB,CAAC,QAAQ,CAAC;oBACrF,CAAC,CAAE,QAA+C;oBAClD,CAAC,CAAE,QAAkC,CAAA;gBACvC,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC;oBAC5B,KAAK;oBACL,SAAS,EAAE,GAAG,CAAC,SAAS;oBACxB,WAAW;oBACX,QAAQ,EAAE,GAAG,CAAC,QAAQ;oBACtB,cAAc,EAAE,eAAe;oBAC/B,QAAQ;oBACR,MAAM,EAAE,GAAG,CAAC,MAAM;iBACnB,CAAC,CAAA;gBACF,OAAO,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;YACpC,CAAC;YAED,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC;gBACvC,OAAO;gBACP,QAAQ,EAAE,QAAoB;gBAC9B,WAAW;aACZ,CAAC,CAAA;YAEF,0EAA0E;YAC1E,iDAAiD;YACjD,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;YACvC,IAAI,GAAG,EAAE,CAAC;gBACR,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;gBAE9B,uEAAuE;gBACvE,0CAA0C;gBAC1C,IAAI,gBAAgB,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC1C,OAAO,YAAY,CAAA;gBACrB,CAAC;gBAED,MAAM,MAAM,GAAG,IAAI,cAAc,CAAa;oBAC5C,KAAK,CAAC,KAAK,CAAC,UAAU;wBACpB,4CAA4C;wBAC5C,MAAM,YAAY,CAAC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAA;wBACxE,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;4BACvB,UAAU,CAAC,KAAK,EAAE,CAAA;4BAClB,OAAM;wBACR,CAAC;wBACD,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,CAAA;wBAC5C,IAAI,CAAC;4BACH,OAAO,IAAI,EAAE,CAAC;gCACZ,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAA;gCAC3C,IAAI,IAAI;oCAAE,MAAK;gCACf,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;4BAC3B,CAAC;wBACH,CAAC;gCAAS,CAAC;4BACT,MAAM,CAAC,WAAW,EAAE,CAAA;4BACpB,UAAU,CAAC,KAAK,EAAE,CAAA;wBACpB,CAAC;oBACH,CAAC;iBACF,CAAC,CAAA;gBACF,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE;oBAC1B,MAAM,EAAE,YAAY,CAAC,MAAM;oBAC3B,UAAU,EAAE,YAAY,CAAC,UAAU;oBACnC,OAAO,EAAE,YAAY,CAAC,OAAO;iBAC9B,CAAC,CAAA;YACJ,CAAC;YAED,OAAO,YAAY,CAAA;QACrB,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAoBD,+EAA+E;AAC/E,MAAM,UAAU,YAAY,CAAC,OAG5B;IACC,MAAM,QAAQ,GACZ,OAAO,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAA;IAChG,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,MAAM,GAAG,IAAI,cAAc,CAAa;QAC5C,KAAK,CAAC,KAAK,CAAC,UAAU;YACpB,IAAI,CAAC;gBACH,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;oBACnC,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,yBAAyB,KAAK,MAAM,CAAC,CAAC,CAAA;gBAC1E,CAAC;YACH,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;YACrB,CAAC;oBAAS,CAAC;gBACT,UAAU,CAAC,KAAK,EAAE,CAAA;YACpB,CAAC;QACH,CAAC;KACF,CAAC,CAAA;IACF,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE;QAC1B,OAAO,EAAE;YACP,cAAc,EAAE,kCAAkC;YAClD,eAAe,EAAE,wBAAwB;YACzC,UAAU,EAAE,YAAY;SACzB;KACF,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,wBAAwB,CAC/B,KAAc;IAEd,IAAI,OAAO,KAAK,KAAK,UAAU;QAAE,OAAO,KAAK,CAAA;IAC7C,OAAO,KAAK,CAAC,WAAW,EAAE,IAAI,KAAK,wBAAwB,CAAA;AAC7D,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,OAAO,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,aAAa,IAAK,KAAgB,CAAA;AACjG,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAc;IACtC,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;AAC9C,CAAC"}
+{"version":3,"file":"transport.js","sourceRoot":"","sources":["../../../../src/tempo/server/internal/transport.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,SAAS,MAAM,8BAA8B,CAAA;AACzD,OAAO,KAAK,YAAY,MAAM,+BAA+B,CAAA;AAC7D,OAAO,KAAK,QAAQ,MAAM,sBAAsB,CAAA;AAMhD;;;;;;;;GAQG;AACH,MAAM,UAAU,GAAG,CAAC,OAA2D;IAC7E,MAAM,EAAE,eAAe,EAAE,IAAI,EAAE,GAAG,OAAO,CAAA;IAEzC,oEAAoE;IACpE,6EAA6E;IAC7E,qEAAqE;IACrE,MAAM,KAAK,GAAG,CAAC,GAAG,EAAE;QAClB,IAAI,CAAC,IAAI;YAAE,OAAO,OAAO,CAAC,KAAK,CAAA;QAC/B,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QACpD,OAAO,KAAK,CAAA;IACd,CAAC,CAAC,EAAE,CAAA;IAEJ,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,EAAE,CAAA;IAC7B,OAAO,SAAS,CAAC,IAAI,CAAgE;QACnF,IAAI,EAAE,KAAK;QAEX,aAAa,CAAC,OAAO;YACnB,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;QACpC,CAAC;QAED,gBAAgB,CAAC,OAAO;YACtB,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAa,CAAA;QACnD,CAAC;QAED,cAAc,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE;YAClE,MAAM,OAAO,GAAG,UAAU,CAAC,OAA4C,CAAA;YACvE,IAAI,CAAC,OAAO,CAAC,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;YACnE,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;YACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,OAAO,CAAC,MAAgB,CAAC,CAAA;YAEtE,4DAA4D;YAC5D,2DAA2D;YAC3D,0EAA0E;YAC1E,4CAA4C;YAC5C,MAAM,QAAQ,GACZ,QAAQ,YAAY,QAAQ,IAAI,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,IAAI;gBAC/E,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjE,CAAC,CAAC,QAAQ,CAAA;YAEd,IAAI,wBAAwB,CAAC,QAAQ,CAAC,IAAI,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpE,kEAAkE;gBAClE,mEAAmE;gBACnE,qDAAqD;gBACrD,MAAM,QAAQ,GAAuC,wBAAwB,CAAC,QAAQ,CAAC;oBACrF,CAAC,CAAE,QAA+C;oBAClD,CAAC,CAAE,QAAkC,CAAA;gBACvC,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC;oBAC5B,KAAK;oBACL,SAAS;oBACT,WAAW;oBACX,QAAQ;oBACR,cAAc,EAAE,eAAe;oBAC/B,QAAQ;oBACR,MAAM,EAAE,KAAK,CAAC,MAAM;iBACrB,CAAC,CAAA;gBACF,OAAO,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;YACpC,CAAC;YAED,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC;gBACvC,UAAU;gBACV,KAAK;gBACL,OAAO;gBACP,QAAQ,EAAE,QAAoB;gBAC9B,WAAW;aACZ,CAAC,CAAA;YAEF,0EAA0E;YAC1E,iDAAiD;YACjD,uEAAuE;YACvE,0CAA0C;YAC1C,IAAI,gBAAgB,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC1C,OAAO,YAAY,CAAA;YACrB,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,cAAc,CAAa;gBAC5C,KAAK,CAAC,KAAK,CAAC,UAAU;oBACpB,4CAA4C;oBAC5C,MAAM,YAAY,CAAC,iBAAiB,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAA;oBAChE,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;wBACvB,UAAU,CAAC,KAAK,EAAE,CAAA;wBAClB,OAAM;oBACR,CAAC;oBACD,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,CAAA;oBAC5C,IAAI,CAAC;wBACH,OAAO,IAAI,EAAE,CAAC;4BACZ,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAA;4BAC3C,IAAI,IAAI;gCAAE,MAAK;4BACf,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;wBAC3B,CAAC;oBACH,CAAC;4BAAS,CAAC;wBACT,MAAM,CAAC,WAAW,EAAE,CAAA;wBACpB,UAAU,CAAC,KAAK,EAAE,CAAA;oBACpB,CAAC;gBACH,CAAC;aACF,CAAC,CAAA;YACF,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE;gBAC1B,MAAM,EAAE,YAAY,CAAC,MAAM;gBAC3B,UAAU,EAAE,YAAY,CAAC,UAAU;gBACnC,OAAO,EAAE,YAAY,CAAC,OAAO;aAC9B,CAAC,CAAA;QACJ,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAoBD,+EAA+E;AAC/E,MAAM,UAAU,YAAY,CAAC,OAG5B;IACC,MAAM,QAAQ,GACZ,OAAO,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAA;IAChG,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,MAAM,GAAG,IAAI,cAAc,CAAa;QAC5C,KAAK,CAAC,KAAK,CAAC,UAAU;YACpB,IAAI,CAAC;gBACH,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;oBACnC,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,yBAAyB,KAAK,MAAM,CAAC,CAAC,CAAA;gBAC1E,CAAC;YACH,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;YACrB,CAAC;oBAAS,CAAC;gBACT,UAAU,CAAC,KAAK,EAAE,CAAA;YACpB,CAAC;QACH,CAAC;KACF,CAAC,CAAA;IACF,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE;QAC1B,OAAO,EAAE;YACP,cAAc,EAAE,kCAAkC;YAClD,eAAe,EAAE,wBAAwB;YACzC,UAAU,EAAE,YAAY;SACzB;KACF,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,wBAAwB,CAC/B,KAAc;IAEd,IAAI,OAAO,KAAK,KAAK,UAAU;QAAE,OAAO,KAAK,CAAA;IAC7C,OAAO,KAAK,CAAC,WAAW,EAAE,IAAI,KAAK,wBAAwB,CAAA;AAC7D,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,OAAO,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,aAAa,IAAK,KAAgB,CAAA;AACjG,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAc;IACtC,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;AAC9C,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "mppx",
   "type": "module",
-  "version": "0.5.1",
+  "version": "0.5.3",
   "main": "./dist/index.js",
   "license": "MIT",
   "files": [
@@ -121,7 +121,7 @@
     "@remix-run/fetch-proxy": "^0.7.1",
     "@remix-run/node-fetch-server": "^0.13.0",
     "incur": "^0.3.1",
-    "ox": "^0.14.1",
+    "ox": "0.14.7",
     "zod": "^4.3.6"
   },
   "repository": {

package/src/Credential.ts

@@ -18,6 +18,30 @@ export type Credential<
   source?: string
 }
 
+export class MissingAuthorizationHeaderError extends Error {
+  override readonly name = 'MissingAuthorizationHeaderError'
+
+  constructor() {
+    super('Missing Authorization header.')
+  }
+}
+
+export class MissingPaymentSchemeError extends Error {
+  override readonly name = 'MissingPaymentSchemeError'
+
+  constructor() {
+    super('Missing Payment scheme.')
+  }
+}
+
+export class InvalidCredentialEncodingError extends Error {
+  override readonly name = 'InvalidCredentialEncodingError'
+
+  constructor() {
+    super('Invalid base64url or JSON.')
+  }
+}
+
 /**
  * Deserializes an Authorization header value to a credential.
  *
@@ -33,7 +57,7 @@ export type Credential<
  */
 export function deserialize<payload = unknown>(value: string): Credential<payload> {
   const prefixMatch = value.match(/^Payment\s+(.+)$/i)
-  if (!prefixMatch?.[1]) throw new Error('Missing Payment scheme.')
+  if (!prefixMatch?.[1]) throw new MissingPaymentSchemeError()
   try {
     const json = Base64.toString(prefixMatch[1])
     const parsed = JSON.parse(json) as {
@@ -51,7 +75,7 @@ export function deserialize<payload = unknown>(value: string): Credential<payloa
       ...(parsed.source && { source: parsed.source }),
     } as Credential<payload>
   } catch {
-    throw new Error('Invalid base64url or JSON.')
+    throw new InvalidCredentialEncodingError()
   }
 }
 
@@ -108,9 +132,9 @@ export declare namespace from {
  */
 export function fromRequest<payload = unknown>(request: Request): Credential<payload> {
   const header = request.headers.get('Authorization')
-  if (!header) throw new Error('Missing Authorization header.')
+  if (!header) throw new MissingAuthorizationHeaderError()
   const payment = extractPaymentScheme(header)
-  if (!payment) throw new Error('Missing Payment scheme.')
+  if (!payment) throw new MissingPaymentSchemeError()
   return deserialize<payload>(payment)
 }
 

package/src/Method.ts

@@ -2,6 +2,7 @@ import type * as Challenge from './Challenge.js'
 import type * as Credential from './Credential.js'
 import type { ExactPartial, LooseOmit, MaybePromise } from './internal/types.js'
 import type * as Receipt from './Receipt.js'
+import type * as Html from './server/internal/html/config.js'
 import type * as Transport from './server/Transport.js'
 import type * as z from './zod.js'
 
@@ -10,6 +11,7 @@ import type * as z from './zod.js'
  */
 export type Method = {
   name: string
+  html?: Html.Options | undefined
   intent: string
   schema: {
     credential: {
@@ -74,6 +76,7 @@ export type Server<
   transportOverride = undefined,
 > = method & {
   defaults?: defaults | undefined
+  html?: Html.Options | undefined
   request?: RequestFn<method> | undefined
   respond?: RespondFn<method> | undefined
   transport?: transportOverride | undefined
@@ -202,10 +205,11 @@ export function toServer<
   method: method,
   options: toServer.Options<method, defaults, transportOverride>,
 ): Server<method, defaults, transportOverride> {
-  const { defaults, request, respond, transport, verify } = options
+  const { defaults, html, request, respond, transport, verify } = options
   return {
     ...method,
     defaults,
+    html,
     request,
     respond,
     transport,
@@ -220,6 +224,7 @@ export declare namespace toServer {
     transportOverride extends Transport.AnyTransport | undefined = undefined,
   > = {
     defaults?: defaults | undefined
+    html?: Html.Options | undefined
     request?: RequestFn<method> | undefined
     respond?: RespondFn<method> | undefined
     transport?: transportOverride | undefined

package/src/env.d.ts

@@ -1,6 +1,7 @@
 /// <reference types="vite/client" />
 
 interface ImportMetaEnv {
+  readonly MODE: 'test' | 'production'
   readonly VITE_NODE_ENV: 'localnet' | 'testnet' | 'mainnet'
   readonly VITE_HTTP_LOG: 'true' | 'false'
   readonly VITE_RPC_CREDENTIALS: string

package/src/mcp-sdk/server/Transport.test.ts

@@ -113,6 +113,8 @@ describe('mcpSdk', () => {
 
       const result = transport.respondReceipt({
         challengeId: 'test-challenge-id',
+        credential,
+        input: {} as Extra,
         receipt,
         response,
       })
@@ -139,6 +141,8 @@ describe('mcpSdk', () => {
 
       const result = transport.respondReceipt({
         challengeId: 'cid',
+        credential,
+        input: {} as Extra,
         receipt,
         response,
       })
@@ -162,6 +166,8 @@ describe('mcpSdk', () => {
 
       const result = transport.respondReceipt({
         challengeId: 'cid',
+        credential,
+        input: {} as Extra,
         receipt,
         response,
       })

package/src/proxy/Proxy.test.ts

@@ -1,4 +1,4 @@
-import { Receipt } from 'mppx'
+import { Challenge, Credential, Method, Receipt, z } from 'mppx'
 import { Mppx as Mppx_client, tempo as tempo_client } from 'mppx/client'
 import { Mppx as Mppx_server, tempo as tempo_server } from 'mppx/server'
 import { afterEach, describe, expect, test } from 'vp/test'
@@ -439,6 +439,193 @@ describe('create', () => {
     expect(res.status).toBe(402)
   })
 
+  test('behavior: management POST uses credential method binding to disambiguate same-path paid routes', async () => {
+    const alpha = Method.from({
+      name: 'alpha',
+      intent: 'charge',
+      schema: {
+        credential: { payload: z.object({ token: z.string() }) },
+        request: z.object({ amount: z.string() }),
+      },
+    })
+    const beta = Method.from({
+      name: 'beta',
+      intent: 'charge',
+      schema: {
+        credential: { payload: z.object({ token: z.string() }) },
+        request: z.object({ amount: z.string() }),
+      },
+    })
+
+    const handler = Mppx_server.create({
+      methods: [
+        Method.toServer(alpha, {
+          async verify() {
+            return Receipt.from({
+              method: 'alpha',
+              status: 'success',
+              timestamp: new Date().toISOString(),
+              reference: 'alpha-reference',
+            })
+          },
+          respond() {
+            return new Response(null, { status: 204 })
+          },
+        }),
+        Method.toServer(beta, {
+          async verify() {
+            return Receipt.from({
+              method: 'beta',
+              status: 'success',
+              timestamp: new Date().toISOString(),
+              reference: 'beta-reference',
+            })
+          },
+          respond() {
+            return new Response(null, { status: 205 })
+          },
+        }),
+      ],
+      secretKey,
+    })
+
+    const proxy = ApiProxy.create({
+      services: [
+        Service.from('api', {
+          baseUrl: 'https://example.com',
+          routes: {
+            'GET /v1/stream': handler['alpha/charge']({ amount: '1' }),
+            'PATCH /v1/stream': handler['beta/charge']({ amount: '1' }),
+          },
+        }),
+      ],
+    })
+    proxyServer = await Http.createServer(proxy.listener)
+
+    const challengeResponse = await fetch(`${proxyServer.url}/api/v1/stream`)
+    expect(challengeResponse.status).toBe(402)
+
+    const challenge = Challenge.fromResponse(challengeResponse)
+    const authorization = Credential.serialize(
+      Credential.from({
+        challenge,
+        payload: { token: 'ok' },
+      }),
+    )
+
+    const res = await fetch(`${proxyServer.url}/api/v1/stream`, {
+      method: 'POST',
+      headers: { Authorization: authorization },
+    })
+
+    expect(res.status).toBe(204)
+  })
+
+  test('behavior: exact-match management POST does not forward upstream', async () => {
+    let upstreamRequests = 0
+    upstream = await createUpstream(() => {
+      upstreamRequests += 1
+      return Response.json({ ok: true })
+    })
+
+    const method = Method.from({
+      name: 'mock',
+      intent: 'charge',
+      schema: {
+        credential: { payload: z.object({ token: z.string() }) },
+        request: z.object({ amount: z.string() }),
+      },
+    })
+    const handler = Mppx_server.create({
+      methods: [
+        Method.toServer(method, {
+          async verify() {
+            return Receipt.from({
+              method: 'mock',
+              status: 'success',
+              timestamp: new Date().toISOString(),
+              reference: 'mock-reference',
+            })
+          },
+          respond() {
+            return new Response(null, { status: 204 })
+          },
+        }),
+      ],
+      secretKey,
+    })
+
+    const proxy = ApiProxy.create({
+      services: [
+        Service.from('api', {
+          baseUrl: upstream.url,
+          routes: {
+            'POST /v1/stream': handler['mock/charge']({ amount: '1' }),
+          },
+        }),
+      ],
+    })
+    proxyServer = await Http.createServer(proxy.listener)
+
+    const challengeResponse = await fetch(`${proxyServer.url}/api/v1/stream`, { method: 'POST' })
+    expect(challengeResponse.status).toBe(402)
+
+    const challenge = Challenge.fromResponse(challengeResponse)
+    const authorization = Credential.serialize(
+      Credential.from({
+        challenge,
+        payload: { token: 'ok' },
+      }),
+    )
+    const res = await fetch(`${proxyServer.url}/api/v1/stream`, {
+      method: 'POST',
+      headers: { Authorization: authorization },
+    })
+
+    expect(res.status).toBe(204)
+    expect(upstreamRequests).toBe(0)
+  })
+
+  test('behavior: paid GET fallback does not forward POST upstream', async () => {
+    let upstreamRequests = 0
+    upstream = await createUpstream(async (req) => {
+      upstreamRequests += 1
+      return Response.json({
+        body: await req.json(),
+        method: req.method,
+      })
+    })
+
+    const proxy = ApiProxy.create({
+      services: [
+        Service.from('api', {
+          baseUrl: upstream.url,
+          bearer: 'sk-upstream-key',
+          routes: { 'GET /v1/messages': mppx_server.charge({ amount: '1', decimals: 6 }) },
+        }),
+      ],
+    })
+    proxyServer = await Http.createServer(proxy.listener)
+
+    const challengeResponse = await fetch(`${proxyServer.url}/api/v1/messages`)
+    expect(challengeResponse.status).toBe(402)
+
+    const authorization = await mppx_client.createCredential(challengeResponse)
+    expect(Credential.extractPaymentScheme(authorization)).toBeTruthy()
+
+    const res = await fetch(`${proxyServer.url}/api/v1/messages`, {
+      method: 'POST',
+      headers: {
+        Authorization: authorization,
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({ prompt: 'hello' }),
+    })
+
+    expect(res.status).toBe(405)
+    expect(upstreamRequests).toBe(0)
+  })
+
   test('behavior: POST to unregistered method does not fall back to free GET route', async () => {
     upstream = await createUpstream(() => Response.json({ ok: true }))
     const proxy = ApiProxy.create({

package/src/proxy/Proxy.ts

@@ -2,6 +2,7 @@ import type * as http from 'node:http'
 
 import { createFetchProxy } from '@remix-run/fetch-proxy'
 
+import * as Credential from '../Credential.js'
 import { generateProxy } from '../discovery/OpenApi.js'
 import * as Request from '../server/Request.js'
 import * as Headers from './internal/Headers.js'
@@ -106,19 +107,26 @@ export function create(config: create.Config): Proxy {
 
     const { service, proxy } = entry
 
-    const matched =
-      Route.match(service.routes, request.method, upstreamPath) ??
-      // Management POSTs (e.g. session close) may target a path whose route
-      // is registered for a different HTTP method (e.g. GET). Fall back to
-      // path-only matching so the payment handler can process the action.
-      (request.method === 'POST' && request.headers.has('authorization')
-        ? Route.matchPath(
+    const exactMatch = Route.match(service.routes, request.method, upstreamPath)
+    const fallbackBinding =
+      !exactMatch && request.method === 'POST' && request.headers.has('authorization')
+        ? getPaymentBinding(request)
+        : null
+    const fallbackMatch =
+      !exactMatch && request.method === 'POST' && request.headers.has('authorization')
+        ? // Management POSTs (e.g. session close) may target a path whose route
+          // is registered for a different HTTP method (e.g. GET). Fall back to
+          // path-only matching so the payment handler can process the action.
+          // When the credential parses cleanly, also bind on payment method+intent
+          // so same-path paid routes can coexist without sharing credentials.
+          Route.matchPath(
             service.routes,
             upstreamPath,
             // skip free routes (e.g. `'GET /foo/bar': true`)
-            (endpoint) => endpoint !== true,
+            (endpoint) => endpoint !== true && matchesPaymentBinding(endpoint, fallbackBinding),
           )
-        : null)
+        : null
+    const matched = exactMatch ?? fallbackMatch
     if (!matched) return new Response('Not Found', { status: 404 })
 
     const endpoint = matched.value as Service.Endpoint
@@ -130,6 +138,22 @@ export function create(config: create.Config): Proxy {
     const result = await handler(request)
     if (result.status === 402) return result.challenge
 
+    const managementResponse = (() => {
+      try {
+        return (result.withReceipt as () => Response)()
+      } catch (error) {
+        if (
+          error instanceof Error &&
+          error.message === 'withReceipt() requires a response argument'
+        )
+          return null
+        throw error
+      }
+    })()
+
+    if (managementResponse) return managementResponse
+    if (fallbackMatch) return new Response('Method Not Allowed', { status: 405 })
+
     const options = Service.getOptions(endpoint)
     const upstreamRes = await proxyUpstream({
       request,
@@ -246,3 +270,28 @@ function withBasePath(basePath: string | undefined, path: string) {
   const trimmed = normalized.endsWith('/') ? normalized.slice(0, -1) : normalized
   return `${trimmed}${path}`
 }
+
+type PaymentBinding = {
+  intent: string
+  method: string
+}
+
+function getPaymentBinding(request: Request): PaymentBinding | null {
+  try {
+    const credential = Credential.fromRequest(request)
+    return {
+      intent: credential.challenge.intent,
+      method: credential.challenge.method,
+    }
+  } catch {
+    return null
+  }
+}
+
+function matchesPaymentBinding(endpoint: unknown, binding: PaymentBinding | null): boolean {
+  if (endpoint === true) return false
+  if (!binding) return true
+  const payment = Service.paymentOf(endpoint as Exclude<Service.Endpoint, true>)
+  if (!payment) return true
+  return payment.method === binding.method && payment.intent === binding.intent
+}

package/src/proxy/internal/Route.test.ts

@@ -193,6 +193,15 @@ describe('matchPath', () => {
     expect(result).toMatchObject({ key: 'POST /v1/*' })
   })
 
+  // TODO (brendanryan): Relax this if `matchPath()` gains method-aware disambiguation.
+  test('error: returns null when multiple paid routes share the same path', () => {
+    const routes = {
+      'GET /v1/stream': { pay: () => {} },
+      'POST /v1/stream': { pay: () => {} },
+    }
+    expect(Route.matchPath(routes, '/v1/stream', paidOnly)).toBeNull()
+  })
+
   test('error: returns null when all routes are free', () => {
     const routes = {
       'GET /v1/models': true,