npm - mppx - Versions diffs - 0.5.11 → 0.5.13 - Mend

mppx 0.5.11 → 0.5.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (123) hide show

package/CHANGELOG.md +16 -0
package/dist/cli/cli.d.ts.map +1 -1
package/dist/cli/cli.js +41 -16
package/dist/cli/cli.js.map +1 -1
package/dist/cli/config.d.ts +6 -4
package/dist/cli/config.d.ts.map +1 -1
package/dist/cli/config.js.map +1 -1
package/dist/cli/internal.d.ts +8 -0
package/dist/cli/internal.d.ts.map +1 -1
package/dist/cli/internal.js +33 -3
package/dist/cli/internal.js.map +1 -1
package/dist/cli/plugins/plugin.d.ts +2 -0
package/dist/cli/plugins/plugin.d.ts.map +1 -1
package/dist/cli/plugins/stripe.d.ts.map +1 -1
package/dist/cli/plugins/stripe.js +3 -0
package/dist/cli/plugins/stripe.js.map +1 -1
package/dist/cli/plugins/tempo.d.ts.map +1 -1
package/dist/cli/plugins/tempo.js +3 -0
package/dist/cli/plugins/tempo.js.map +1 -1
package/dist/client/Mppx.d.ts +10 -1
package/dist/client/Mppx.d.ts.map +1 -1
package/dist/client/Mppx.js +17 -5
package/dist/client/Mppx.js.map +1 -1
package/dist/client/Transport.d.ts +2 -0
package/dist/client/Transport.d.ts.map +1 -1
package/dist/client/Transport.js +11 -0
package/dist/client/Transport.js.map +1 -1
package/dist/client/internal/Fetch.d.ts +3 -0
package/dist/client/internal/Fetch.d.ts.map +1 -1
package/dist/client/internal/Fetch.js +65 -19
package/dist/client/internal/Fetch.js.map +1 -1
package/dist/internal/AcceptPayment.d.ts +72 -0
package/dist/internal/AcceptPayment.d.ts.map +1 -0
package/dist/internal/AcceptPayment.js +185 -0
package/dist/internal/AcceptPayment.js.map +1 -0
package/dist/mcp-sdk/client/McpClient.d.ts.map +1 -1
package/dist/mcp-sdk/client/McpClient.js +8 -4
package/dist/mcp-sdk/client/McpClient.js.map +1 -1
package/dist/server/Mppx.d.ts +1 -1
package/dist/server/Mppx.d.ts.map +1 -1
package/dist/server/Mppx.js +33 -24
package/dist/server/Mppx.js.map +1 -1
package/dist/server/internal/html/config.d.ts.map +1 -1
package/dist/server/internal/html/config.js +8 -1
package/dist/server/internal/html/config.js.map +1 -1
package/dist/stripe/internal/constants.d.ts +8 -0
package/dist/stripe/internal/constants.d.ts.map +1 -0
package/dist/stripe/internal/constants.js +8 -0
package/dist/stripe/internal/constants.js.map +1 -0
package/dist/stripe/server/Charge.d.ts.map +1 -1
package/dist/stripe/server/Charge.js +23 -5
package/dist/stripe/server/Charge.js.map +1 -1
package/dist/tempo/Methods.d.ts +8 -0
package/dist/tempo/Methods.d.ts.map +1 -1
package/dist/tempo/Methods.js +6 -2
package/dist/tempo/Methods.js.map +1 -1
package/dist/tempo/Proof.d.ts +12 -0
package/dist/tempo/Proof.d.ts.map +1 -0
package/dist/tempo/Proof.js +10 -0
package/dist/tempo/Proof.js.map +1 -0
package/dist/tempo/client/Charge.d.ts +11 -1
package/dist/tempo/client/Charge.d.ts.map +1 -1
package/dist/tempo/client/Charge.js +14 -2
package/dist/tempo/client/Charge.js.map +1 -1
package/dist/tempo/client/Methods.d.ts +6 -0
package/dist/tempo/client/Methods.d.ts.map +1 -1
package/dist/tempo/index.d.ts +1 -0
package/dist/tempo/index.d.ts.map +1 -1
package/dist/tempo/index.js +1 -0
package/dist/tempo/index.js.map +1 -1
package/dist/tempo/internal/fee-payer.d.ts +8 -0
package/dist/tempo/internal/fee-payer.d.ts.map +1 -1
package/dist/tempo/internal/fee-payer.js +29 -3
package/dist/tempo/internal/fee-payer.js.map +1 -1
package/dist/tempo/server/Charge.d.ts +17 -0
package/dist/tempo/server/Charge.d.ts.map +1 -1
package/dist/tempo/server/Charge.js +69 -4
package/dist/tempo/server/Charge.js.map +1 -1
package/dist/tempo/server/Methods.d.ts +6 -0
package/dist/tempo/server/Methods.d.ts.map +1 -1
package/dist/tempo/server/internal/html.gen.d.ts +1 -1
package/dist/tempo/server/internal/html.gen.d.ts.map +1 -1
package/dist/tempo/server/internal/html.gen.js +1 -1
package/dist/tempo/server/internal/html.gen.js.map +1 -1
package/package.json +2 -2
package/src/cli/cli.test.ts +278 -0
package/src/cli/cli.ts +47 -16
package/src/cli/config.ts +10 -4
package/src/cli/internal.ts +59 -3
package/src/cli/plugins/plugin.ts +3 -0
package/src/cli/plugins/stripe.ts +3 -0
package/src/cli/plugins/tempo.ts +3 -0
package/src/client/Mppx.test-d.ts +33 -0
package/src/client/Mppx.test.ts +130 -1
package/src/client/Mppx.ts +35 -5
package/src/client/Transport.test.ts +88 -55
package/src/client/Transport.ts +13 -0
package/src/client/internal/Fetch.browser.test.ts +16 -13
package/src/client/internal/Fetch.test.ts +307 -10
package/src/client/internal/Fetch.ts +85 -19
package/src/internal/AcceptPayment.test.ts +211 -0
package/src/internal/AcceptPayment.ts +304 -0
package/src/mcp-sdk/client/McpClient.ts +11 -5
package/src/server/Mppx.test.ts +141 -44
package/src/server/Mppx.ts +43 -23
package/src/server/Transport.test.ts +20 -0
package/src/server/internal/html/config.ts +9 -1
package/src/stripe/internal/constants.ts +7 -0
package/src/stripe/server/Charge.ts +22 -4
package/src/tempo/Methods.test.ts +25 -0
package/src/tempo/Methods.ts +30 -22
package/src/tempo/Proof.test-d.ts +13 -0
package/src/tempo/Proof.test.ts +31 -0
package/src/tempo/Proof.ts +13 -0
package/src/tempo/client/Charge.ts +20 -6
package/src/tempo/client/SessionManager.test.ts +4 -7
package/src/tempo/index.ts +1 -0
package/src/tempo/internal/fee-payer.test.ts +75 -1
package/src/tempo/internal/fee-payer.ts +41 -3
package/src/tempo/server/Charge.test.ts +309 -1
package/src/tempo/server/Charge.ts +99 -1
package/src/tempo/server/internal/html/main.ts +2 -2
package/src/tempo/server/internal/html.gen.ts +1 -1

package/src/client/internal/Fetch.test.ts CHANGED Viewed

@@ -350,7 +350,7 @@ function make402(overrides?: { method?: string; intent?: string }) {
 }
 describe('Fetch.from: init passthrough (non-402)', () => {
-  test('passes unmodified init to underlying fetch for non-402 responses', async () => {
+  test('preserves init object identity while adding Accept-Payment', async () => {
     const receivedInits: (RequestInit | undefined)[] = []
     const mockFetch: typeof globalThis.fetch = async (_input, init) => {
       receivedInits.push(init)
@@ -371,6 +371,9 @@ describe('Fetch.from: init passthrough (non-402)', () => {
     await fetch('https://example.com/ws-upgrade', customInit)
     expect(receivedInits[0]).toBe(customInit)
+    const headers = new Headers(receivedInits[0]?.headers)
+    expect(headers.get('X-Custom')).toBe('value')
+    expect(headers.get('Accept-Payment')).toBe('test/test')
   })
   test('preserves extra properties on init for non-402 responses', async () => {
@@ -395,7 +398,8 @@ describe('Fetch.from: init passthrough (non-402)', () => {
     const received = receivedInits[0]!
     expect(received.method).toBe('GET')
-    expect((received.headers as Record<string, string>).Authorization).toBe('Bearer token123')
+    expect(new Headers(received.headers).get('Authorization')).toBe('Bearer token123')
+    expect(new Headers(received.headers).get('Accept-Payment')).toBe('test/test')
     expect(received.signal).toBe(customInit.signal)
   })
@@ -412,7 +416,7 @@ describe('Fetch.from: init passthrough (non-402)', () => {
     })
     await fetch('https://example.com/api')
-    expect(receivedInits[0]).toBeUndefined()
+    expect(new Headers(receivedInits[0]?.headers).get('Accept-Payment')).toBe('test/test')
   })
   test('passes init with context through untouched', async () => {
@@ -431,9 +435,153 @@ describe('Fetch.from: init passthrough (non-402)', () => {
     await fetch('https://example.com/api', customInit as any)
     expect(receivedInits[0]).toBe(customInit)
+    expect((receivedInits[0] as Record<string, unknown>).context).toEqual({ account: '0xabc' })
+    expect(new Headers(receivedInits[0]?.headers).get('Accept-Payment')).toBe('test/test')
   })
-  test('preserves object identity across all non-402 status codes', async () => {
+  test('preserves Request-carried headers when injecting Accept-Payment', async () => {
+    const receivedInputs: (RequestInfo | URL)[] = []
+    const receivedInits: (RequestInit | undefined)[] = []
+    const mockFetch: typeof globalThis.fetch = async (input, init) => {
+      receivedInputs.push(input)
+      receivedInits.push(init)
+      return new Response('OK', { status: 200 })
+    }
+    const fetch = Fetch.from({
+      fetch: mockFetch,
+      methods: [noopMethod],
+    })
+    const request = new Request('https://example.com/api', {
+      headers: { Authorization: 'Bearer token123', 'X-Custom': 'value' },
+    })
+    await fetch(request)
+    expect(receivedInputs[0]).toBe(request)
+    const headers = new Headers(receivedInits[0]?.headers)
+    expect(headers.get('Authorization')).toBe('Bearer token123')
+    expect(headers.get('X-Custom')).toBe('value')
+    expect(headers.get('Accept-Payment')).toBe('test/test')
+  })
+  test('does not overwrite an explicit Accept-Payment header', async () => {
+    const receivedInits: (RequestInit | undefined)[] = []
+    const mockFetch: typeof globalThis.fetch = async (_input, init) => {
+      receivedInits.push(init)
+      return new Response('OK', { status: 200 })
+    }
+    const fetch = Fetch.from({
+      fetch: mockFetch,
+      methods: [noopMethod],
+    })
+    await fetch('https://example.com/api', {
+      headers: { 'Accept-Payment': 'custom/charge;q=0.5' },
+    })
+    expect(new Headers(receivedInits[0]?.headers).get('Accept-Payment')).toBe('custom/charge;q=0.5')
+  })
+  test('uses an explicit Accept-Payment header to reprioritize challenge selection', async () => {
+    let callCount = 0
+    const mockFetch: typeof globalThis.fetch = async (_input, init) => {
+      callCount++
+      if (callCount === 1) {
+        expect(new Headers(init?.headers).get('Accept-Payment')).toBe(
+          'stripe/charge, tempo/charge;q=0.1',
+        )
+        return new Response(null, {
+          status: 402,
+          headers: {
+            'WWW-Authenticate': [
+              'Payment id="tempo", realm="test", method="tempo", intent="charge", request="eyJhbW91bnQiOiIxIn0"',
+              'Payment id="stripe", realm="test", method="stripe", intent="charge", request="eyJhbW91bnQiOiIxIn0"',
+            ].join(', '),
+          },
+        })
+      }
+      expect(new Headers(init?.headers).get('Authorization')).toBe('stripe-credential')
+      return new Response('OK', { status: 200 })
+    }
+    const fetch = Fetch.from({
+      fetch: mockFetch,
+      methods: [
+        {
+          name: 'tempo',
+          intent: 'charge',
+          context: undefined,
+          createCredential: async () => 'tempo-credential',
+        },
+        {
+          name: 'stripe',
+          intent: 'charge',
+          context: undefined,
+          createCredential: async () => 'stripe-credential',
+        },
+      ] as const,
+    })
+    const response = await fetch('https://example.com/api', {
+      headers: { 'Accept-Payment': 'stripe/charge, tempo/charge;q=0.1' },
+    })
+    expect(response.status).toBe(200)
+  })
+  test('applies an explicit method opt-out before broader wildcard preferences', async () => {
+    let callCount = 0
+    const mockFetch: typeof globalThis.fetch = async (_input, init) => {
+      callCount++
+      if (callCount === 1) {
+        expect(new Headers(init?.headers).get('Accept-Payment')).toBe(
+          'tempo/*;q=1, tempo/charge;q=0, stripe/*;q=0.5',
+        )
+        return new Response(null, {
+          status: 402,
+          headers: {
+            'WWW-Authenticate': [
+              'Payment id="tempo", realm="test", method="tempo", intent="charge", request="eyJhbW91bnQiOiIxIn0"',
+              'Payment id="stripe", realm="test", method="stripe", intent="charge", request="eyJhbW91bnQiOiIxIn0"',
+            ].join(', '),
+          },
+        })
+      }
+      expect(new Headers(init?.headers).get('Authorization')).toBe('stripe-credential')
+      return new Response('OK', { status: 200 })
+    }
+    const fetch = Fetch.from({
+      fetch: mockFetch,
+      methods: [
+        {
+          name: 'tempo',
+          intent: 'charge',
+          context: undefined,
+          createCredential: async () => 'tempo-credential',
+        },
+        {
+          name: 'stripe',
+          intent: 'charge',
+          context: undefined,
+          createCredential: async () => 'stripe-credential',
+        },
+      ] as const,
+    })
+    const response = await fetch('https://example.com/api', {
+      headers: { 'Accept-Payment': 'tempo/*;q=1, tempo/charge;q=0, stripe/*;q=0.5' },
+    })
+    expect(response.status).toBe(200)
+  })
+  test('preserves non-header init fields across all non-402 status codes', async () => {
     for (const status of [200, 201, 204, 301, 400, 401, 403, 404, 500, 503]) {
       const receivedInits: (RequestInit | undefined)[] = []
       const mockFetch: typeof globalThis.fetch = async (_input, init) => {
@@ -448,7 +596,8 @@ describe('Fetch.from: init passthrough (non-402)', () => {
       const customInit = { method: 'GET' }
       await fetch('https://example.com/api', customInit)
-      expect(receivedInits[0]).toBe(customInit)
+      expect(receivedInits[0]?.method).toBe(customInit.method)
+      expect(new Headers(receivedInits[0]?.headers).get('Accept-Payment')).toBe('test/test')
     }
   })
 })
@@ -521,10 +670,11 @@ describe('Fetch.from: 402 retry path', () => {
     })
     const retryInit = calls[1]!.init as Record<string, unknown>
-    const headers = retryInit.headers as Record<string, string>
-    expect(headers['X-Custom']).toBe('value')
-    expect(headers['Content-Type']).toBe('application/json')
-    expect(headers.Authorization).toBe('credential')
+    const headers = new Headers(retryInit.headers as HeadersInit)
+    expect(headers.get('X-Custom')).toBe('value')
+    expect(headers.get('Content-Type')).toBe('application/json')
+    expect(headers.get('Accept-Payment')).toBe('test/test')
+    expect(headers.get('Authorization')).toBe('credential')
   })
   test('preserves method and other init properties on retry', async () => {
@@ -575,7 +725,154 @@ describe('Fetch.from: 402 retry path', () => {
     expect(calls).toHaveLength(2)
     const retryInit = calls[1]!.init as Record<string, unknown>
-    expect(retryInit.headers).toEqual({ Authorization: 'credential' })
+    const headers = new Headers(retryInit.headers as HeadersInit)
+    expect(headers.get('Accept-Payment')).toBe('test/test')
+    expect(headers.get('Authorization')).toBe('credential')
+  })
+  test('preserves Request-carried headers on retry after injecting Accept-Payment', async () => {
+    let callCount = 0
+    const calls: { init: RequestInit | undefined; input: RequestInfo | URL }[] = []
+    const mockFetch: typeof globalThis.fetch = async (input, init) => {
+      calls.push({ init, input })
+      callCount++
+      if (callCount === 1) return make402()
+      return new Response('OK', { status: 200 })
+    }
+    const fetch = Fetch.from({
+      fetch: mockFetch,
+      methods: [noopMethod],
+    })
+    const request = new Request('https://example.com/api', {
+      headers: { Authorization: 'Bearer token123', 'X-Custom': 'value' },
+    })
+    await fetch(request)
+    expect(calls[0]?.input).toBe(request)
+    expect(calls[1]?.input).toBe(request)
+    const headers = new Headers(calls[1]?.init?.headers)
+    expect(headers.get('X-Custom')).toBe('value')
+    expect(headers.get('Accept-Payment')).toBe('test/test')
+    expect(headers.get('Authorization')).toBe('credential')
+  })
+  test('selects the highest-ranked supported challenge', async () => {
+    let callCount = 0
+    const mockFetch: typeof globalThis.fetch = async (_input, init) => {
+      callCount++
+      if (callCount === 1) {
+        expect(new Headers(init?.headers).get('Accept-Payment')).toBe(
+          'tempo/charge, stripe/charge;q=0.5',
+        )
+        return new Response(null, {
+          status: 402,
+          headers: {
+            'WWW-Authenticate': [
+              'Payment id="stripe", realm="test", method="stripe", intent="charge", request="eyJhbW91bnQiOiIxIn0"',
+              'Payment id="tempo", realm="test", method="tempo", intent="charge", request="eyJhbW91bnQiOiIxIn0"',
+            ].join(', '),
+          },
+        })
+      }
+      expect(new Headers(init?.headers).get('Authorization')).toBe('tempo-credential')
+      return new Response('OK', { status: 200 })
+    }
+    const fetch = Fetch.from({
+      fetch: mockFetch,
+      methods: [
+        {
+          name: 'tempo',
+          intent: 'charge',
+          context: undefined,
+          createCredential: async () => 'tempo-credential',
+        },
+        {
+          name: 'stripe',
+          intent: 'charge',
+          context: undefined,
+          createCredential: async () => 'stripe-credential',
+        },
+      ] as const,
+      acceptPayment: {
+        definition: { 'stripe/charge': 0.5 },
+        entries: [
+          { intent: 'charge', method: 'tempo', q: 1, index: 0 },
+          { intent: 'charge', method: 'stripe', q: 0.5, index: 1 },
+        ],
+        header: 'tempo/charge, stripe/charge;q=0.5',
+        keys: {
+          stripe: { charge: 'stripe/charge' },
+          tempo: { charge: 'tempo/charge' },
+        },
+      },
+    })
+    const response = await fetch('https://example.com/api')
+    expect(response.status).toBe(200)
+  })
+  test('falls back to configured preferences when explicit Accept-Payment is invalid', async () => {
+    let callCount = 0
+    const mockFetch: typeof globalThis.fetch = async (_input, init) => {
+      callCount++
+      if (callCount === 1) {
+        expect(new Headers(init?.headers).get('Accept-Payment')).toBe('not a valid header')
+        return new Response(null, {
+          status: 402,
+          headers: {
+            'WWW-Authenticate': [
+              'Payment id="stripe", realm="test", method="stripe", intent="charge", request="eyJhbW91bnQiOiIxIn0"',
+              'Payment id="tempo", realm="test", method="tempo", intent="charge", request="eyJhbW91bnQiOiIxIn0"',
+            ].join(', '),
+          },
+        })
+      }
+      expect(new Headers(init?.headers).get('Authorization')).toBe('tempo-credential')
+      return new Response('OK', { status: 200 })
+    }
+    const fetch = Fetch.from({
+      fetch: mockFetch,
+      methods: [
+        {
+          name: 'tempo',
+          intent: 'charge',
+          context: undefined,
+          createCredential: async () => 'tempo-credential',
+        },
+        {
+          name: 'stripe',
+          intent: 'charge',
+          context: undefined,
+          createCredential: async () => 'stripe-credential',
+        },
+      ] as const,
+      acceptPayment: {
+        definition: { 'stripe/charge': 0.5 },
+        entries: [
+          { intent: 'charge', method: 'tempo', q: 1, index: 0 },
+          { intent: 'charge', method: 'stripe', q: 0.5, index: 1 },
+        ],
+        header: 'tempo/charge, stripe/charge;q=0.5',
+        keys: {
+          stripe: { charge: 'stripe/charge' },
+          tempo: { charge: 'tempo/charge' },
+        },
+      },
+    })
+    const response = await fetch('https://example.com/api', {
+      headers: { 'Accept-Payment': 'not a valid header' },
+    })
+    expect(response.status).toBe(200)
   })
   test('throws when no matching method for 402 challenge', async () => {

package/src/client/internal/Fetch.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import * as Challenge from '../../Challenge.js'
+import * as AcceptPayment from '../../internal/AcceptPayment.js'
 import type * as Method from '../../Method.js'
 import type * as z from '../../zod.js'
@@ -37,41 +38,42 @@ let originalFetch: typeof globalThis.fetch | undefined
 export function from<const methods extends readonly Method.AnyClient[]>(
   config: from.Config<methods>,
 ): from.Fetch<methods> {
-  const { fetch = globalThis.fetch, methods, onChallenge } = config
+  const { acceptPayment, fetch = globalThis.fetch, methods, onChallenge } = config
+  const resolvedAcceptPayment = acceptPayment ?? AcceptPayment.resolve(methods)
   // Always operate on the true underlying fetch to avoid wrapper-on-wrapper stacking,
   // which can duplicate retries and make restore semantics fragile.
   const baseFetch = unwrapFetch(fetch)
   const wrappedFetch = async (input: RequestInfo | URL, init?: from.RequestInit<methods>) => {
-    // Pass init through untouched to preserve object identity for non-402 responses.
-    const response = await baseFetch(input, init)
+    const callerHeaders = getCallerHeaders(input, init?.headers)
+    const hasExplicitAcceptPayment = callerHeaders.has('Accept-Payment')
+    const paymentPreferences = resolvePaymentPreferences(callerHeaders, resolvedAcceptPayment)
+    const initialRequest = prepareInitialRequest(
+      input,
+      init,
+      callerHeaders,
+      paymentPreferences.header,
+      hasExplicitAcceptPayment,
+    )
+    const response = await baseFetch(initialRequest.input, initialRequest.init)
     if (response.status !== 402) return response
     // Only extract context for payment handling after confirming 402.
     const context = (init as Record<string, unknown> | undefined)?.context
-    const { context: _, ...fetchInit } = (init ?? {}) as Record<string, unknown>
+    const { context: _, ...fetchInit } = (initialRequest.init ?? {}) as Record<string, unknown>
     // Parse all challenges from the response (supports merged WWW-Authenticate headers).
-    // Match in client preference order: iterate the client's methods array and pick the
-    // first method that has a matching challenge, so the client controls priority.
     const challenges = Challenge.fromResponseList(response)
-    let challenge: Challenge.Challenge | undefined
-    let mi: (typeof methods)[number] | undefined
-    for (const m of methods) {
-      const match = challenges.find((c) => c.method === m.name && c.intent === m.intent)
-      if (match) {
-        challenge = match
-        mi = m
-        break
-      }
-    }
-    if (!challenge || !mi)
+    const selected = AcceptPayment.selectChallenge(challenges, methods, paymentPreferences.entries)
+    if (!selected)
       throw new Error(
         `No method found for challenges: ${challenges.map((c) => `${c.method}.${c.intent}`).join(', ')}. Available: ${methods.map((m) => `${m.name}.${m.intent}`).join(', ')}`,
       )
+    const { challenge, method: mi } = selected
     const onChallengeCredential = onChallenge
       ? await onChallenge(challenge, {
           createCredential: async (overrideContext?: AnyContextFor<methods>) =>
@@ -81,9 +83,9 @@ export function from<const methods extends readonly Method.AnyClient[]>(
     const credential = onChallengeCredential ?? (await resolveCredential(challenge, mi, context))
     validateCredentialHeaderValue(credential)
-    return baseFetch(input, {
+    return baseFetch(initialRequest.input, {
       ...fetchInit,
-      headers: withAuthorizationHeader(fetchInit.headers, credential),
+      headers: withAuthorizationHeader(initialRequest.headers, credential),
     })
   }
@@ -104,6 +106,8 @@ type AnyContextFor<methods extends readonly Method.AnyClient[]> = {
 export declare namespace from {
   type Config<methods extends readonly Method.AnyClient[] = readonly Method.AnyClient[]> = {
+    /** Resolved `Accept-Payment` header and selection preferences. */
+    acceptPayment?: AcceptPayment.Resolved<methods> | undefined
     /** Custom fetch function to wrap. Defaults to `globalThis.fetch`. */
     fetch?: typeof globalThis.fetch
     /** Array of methods to use. */
@@ -218,6 +222,47 @@ function withAuthorizationHeader(headers: unknown, credential: string): Record<s
   return normalized
 }
+/** @internal */
+function prepareInitialRequest<methods extends readonly Method.AnyClient[]>(
+  input: RequestInfo | URL,
+  init: from.RequestInit<methods> | undefined,
+  callerHeaders: Headers,
+  header: string,
+  hasExplicitAcceptPayment: boolean,
+): { headers: Headers; init: from.RequestInit<methods> | undefined; input: RequestInfo | URL } {
+  const shouldInjectAcceptPayment = Boolean(header) && !hasExplicitAcceptPayment
+  if (!shouldInjectAcceptPayment) return { headers: callerHeaders, init, input }
+  const headers = new Headers(input instanceof Request ? input.headers : undefined)
+  callerHeaders.forEach((value, key) => {
+    headers.set(key, value)
+  })
+  headers.set('Accept-Payment', header)
+  if (init) {
+    // Preserve init identity for callers like websocket upgrade helpers that
+    // depend on the original RequestInit object reaching the underlying fetch.
+    ;(init as from.RequestInit<methods> & { headers?: HeadersInit }).headers = headers
+    return {
+      headers,
+      init,
+      input,
+    }
+  }
+  return {
+    headers,
+    init: shouldInjectAcceptPayment ? ({ headers } as from.RequestInit<methods>) : undefined,
+    input,
+  }
+}
+/** @internal */
+function getCallerHeaders(input: RequestInfo | URL, headers: HeadersInit | undefined): Headers {
+  if (headers) return new Headers(headers)
+  return new Headers(input instanceof Request ? input.headers : undefined)
+}
 /** @internal */
 function unwrapFetch(fetch: typeof globalThis.fetch): typeof globalThis.fetch {
   let current = fetch as WrappedFetch
@@ -251,3 +296,24 @@ async function resolveCredential(
     parsedContext !== undefined ? { challenge, context: parsedContext } : ({ challenge } as never),
   )
 }
+function resolvePaymentPreferences<methods extends readonly Method.AnyClient[]>(
+  headers: Headers,
+  acceptPayment: AcceptPayment.Resolved<methods>,
+): AcceptPayment.Resolved<methods> {
+  const header = headers.get('Accept-Payment')
+  if (!header) return acceptPayment
+  try {
+    return {
+      ...acceptPayment,
+      entries: AcceptPayment.parse(header),
+      header,
+    }
+  } catch {
+    // Fail open for explicit malformed headers: preserve the caller's header on
+    // the wire, but continue automatic challenge selection with configured
+    // defaults instead of throwing from the wrapper.
+    return acceptPayment
+  }
+}