mppx 0.5.14 → 0.5.16

package/src/tempo/server/internal/transport.test.ts

@@ -5,6 +5,7 @@ import { describe, expect, test } from 'vp/test'
 import * as Store from '../../../Store.js'
 import { chainId, escrowContract as escrowContractDefaults } from '../../internal/defaults.js'
 import * as ChannelStore from '../../session/ChannelStore.js'
+import { deserializeSessionReceipt } from '../../session/Receipt.js'
 import { sse } from './transport.js'
 
 const channelId = '0x0000000000000000000000000000000000000000000000000000000000000001' as Hex
@@ -38,7 +39,14 @@ function seedChannel(
   }))
 }
 
-function makeChallenge() {
+function makeChallenge(
+  request: Partial<{
+    amount: string
+    currency: string
+    recipient: string
+    unitType: string
+  }> = {},
+) {
   return Challenge.from({
     id: challengeId,
     realm: 'test.example.com',
@@ -48,12 +56,20 @@ function makeChallenge() {
       amount: '1000000',
       currency: '0x20c0000000000000000000000000000000000001',
       recipient: '0x0000000000000000000000000000000000000002',
+      ...request,
     },
   })
 }
 
-function makeCredential() {
-  const challenge = makeChallenge()
+function makeCredential(
+  request: Partial<{
+    amount: string
+    currency: string
+    recipient: string
+    unitType: string
+  }> = {},
+) {
+  const challenge = makeChallenge(request)
   return Credential.from({
     challenge,
     payload: {
@@ -65,20 +81,66 @@ function makeCredential() {
   })
 }
 
-function makeAuthorizedRequest(): Request {
-  const credential = makeCredential()
+function makeAuthorizedRequest(
+  request: Partial<{
+    amount: string
+    currency: string
+    recipient: string
+    unitType: string
+  }> = {},
+): Request {
+  const credential = makeCredential(request)
   const header = Credential.serialize(credential)
   return new Request('https://test.example.com/session', {
     headers: { Authorization: header },
   })
 }
 
-function makeReceipt() {
+function makeManagementRequest(action: 'close' | 'topUp' = 'close'): Request {
+  const credential = Credential.from({
+    challenge: makeChallenge(),
+    payload:
+      action === 'close'
+        ? {
+            action: 'close' as const,
+            channelId,
+            cumulativeAmount: '10000000',
+            signature: '0xdeadbeef',
+          }
+        : {
+            action: 'topUp' as const,
+            channelId,
+            type: 'transaction' as const,
+            transaction: '0xdeadbeef',
+            additionalDeposit: '1000000',
+          },
+  })
+  const header = Credential.serialize(credential)
+  return new Request('https://test.example.com/session', {
+    method: 'POST',
+    headers: { Authorization: header },
+  })
+}
+
+type ReceiptOverrides = Partial<{
+  acceptedCumulative: string
+  spent: string
+  units: number
+}>
+
+function makeReceipt(overrides: ReceiptOverrides = {}) {
   return {
     method: 'tempo',
+    intent: 'session' as const,
     status: 'success' as const,
     timestamp: new Date().toISOString(),
     reference: channelId,
+    challengeId,
+    channelId,
+    acceptedCumulative: '10000000',
+    spent: '0',
+    units: 0,
+    ...overrides,
   }
 }
 
@@ -95,6 +157,17 @@ async function readResponseText(response: Response): Promise<string> {
   return result
 }
 
+function readTerminalReceipt(output: string) {
+  const receiptRaw = output.split('event: payment-receipt\ndata: ')[1]?.split('\n\n')[0]
+  if (!receiptRaw) throw new Error('expected terminal receipt')
+  return JSON.parse(receiptRaw) as {
+    challengeId: string
+    channelId: string
+    spent: string
+    units?: number
+  }
+}
+
 describe('sse transport', () => {
   test('getCredential returns null when no Authorization header', () => {
     const store = memoryStore()
@@ -169,8 +242,7 @@ describe('sse transport', () => {
     expect(response.headers.get('Content-Type')).toContain('text/event-stream')
 
     const body = await readResponseText(response)
-    const receiptRaw = body.split('event: payment-receipt\ndata: ')[1]?.split('\n\n')[0]
-    const terminalReceipt = JSON.parse(receiptRaw!)
+    const terminalReceipt = readTerminalReceipt(body)
 
     expect(response.headers.get('Payment-Receipt')).toBeNull()
     expect(body).toContain('event: message\ndata: hello\n\n')
@@ -182,6 +254,92 @@ describe('sse transport', () => {
     expect(terminalReceipt.spent).toBe('2000000')
   })
 
+  test('respondReceipt with AsyncIterable and unitType=request charges once', async () => {
+    const store = memoryStore()
+    await seedChannel(store, 10000000n)
+    const transport = sse({ store })
+    const request = makeAuthorizedRequest({ unitType: 'request' })
+
+    async function* gen() {
+      yield 'hello'
+      yield 'world'
+      yield 'again'
+    }
+
+    const response = transport.respondReceipt({
+      credential: makeCredential({ unitType: 'request' }),
+      input: request,
+      receipt: makeReceipt(),
+      response: gen(),
+      challengeId,
+    })
+
+    const body = await readResponseText(response)
+    const terminalReceipt = readTerminalReceipt(body)
+    const channel = await store.getChannel(channelId)
+
+    expect(channel!.spent).toBe(1000000n)
+    expect(channel!.units).toBe(1)
+    expect(terminalReceipt.spent).toBe('1000000')
+    expect(terminalReceipt.units).toBe(1)
+  })
+
+  test('respondReceipt with AsyncIterable and non-request unitType still charges per chunk', async () => {
+    const store = memoryStore()
+    await seedChannel(store, 10000000n)
+    const transport = sse({ store })
+    const request = makeAuthorizedRequest({ unitType: 'token' })
+
+    async function* gen() {
+      yield 'hello'
+      yield 'world'
+      yield 'again'
+    }
+
+    const response = transport.respondReceipt({
+      credential: makeCredential({ unitType: 'token' }),
+      input: request,
+      receipt: makeReceipt(),
+      response: gen(),
+      challengeId,
+    })
+
+    const body = await readResponseText(response)
+    const terminalReceipt = readTerminalReceipt(body)
+    const channel = await store.getChannel(channelId)
+
+    expect(channel!.spent).toBe(3000000n)
+    expect(channel!.units).toBe(3)
+    expect(terminalReceipt.spent).toBe('3000000')
+    expect(terminalReceipt.units).toBe(3)
+  })
+
+  test('respondReceipt with unitType=request does not charge an empty AsyncIterable', async () => {
+    const store = memoryStore()
+    await seedChannel(store, 10000000n)
+    const transport = sse({ store })
+    const request = makeAuthorizedRequest({ unitType: 'request' })
+
+    async function* gen() {}
+
+    const response = transport.respondReceipt({
+      credential: makeCredential({ unitType: 'request' }),
+      input: request,
+      receipt: makeReceipt(),
+      response: gen(),
+      challengeId,
+    })
+
+    const body = await readResponseText(response)
+    const terminalReceipt = readTerminalReceipt(body)
+    const channel = await store.getChannel(channelId)
+
+    expect(channel!.spent).toBe(0n)
+    expect(channel!.units).toBe(0)
+    expect(terminalReceipt.spent).toBe('0')
+    expect(terminalReceipt.units).toBe(0)
+  })
+
   test('respondReceipt with AsyncGeneratorFunction passes stream controller', async () => {
     const store = memoryStore()
     await seedChannel(store, 10000000n)
@@ -201,6 +359,35 @@ describe('sse transport', () => {
     expect(response.headers.get('Content-Type')).toContain('text/event-stream')
   })
 
+  test('respondReceipt with AsyncGeneratorFunction and unitType=request preserves manual charge calls', async () => {
+    const store = memoryStore()
+    await seedChannel(store, 10000000n)
+    const transport = sse({ store })
+    const request = makeAuthorizedRequest({ unitType: 'request' })
+
+    const response = transport.respondReceipt({
+      credential: makeCredential({ unitType: 'request' }),
+      input: request,
+      receipt: makeReceipt(),
+      response: async function* (stream) {
+        await stream.charge()
+        yield 'hello'
+        await stream.charge()
+        yield 'world'
+      },
+      challengeId,
+    })
+
+    const body = await readResponseText(response)
+    const terminalReceipt = readTerminalReceipt(body)
+    const channel = await store.getChannel(channelId)
+
+    expect(channel!.spent).toBe(2000000n)
+    expect(channel!.units).toBe(2)
+    expect(terminalReceipt.spent).toBe('2000000')
+    expect(terminalReceipt.units).toBe(2)
+  })
+
   test('respondReceipt with upstream SSE Response auto-detects and iterates', async () => {
     const store = memoryStore()
     await seedChannel(store, 10000000n)
@@ -235,6 +422,81 @@ describe('sse transport', () => {
     expect(body).toContain('event: payment-receipt\n')
   })
 
+  test('respondReceipt with upstream SSE Response and unitType=request charges once', async () => {
+    const store = memoryStore()
+    await seedChannel(store, 10000000n)
+    const transport = sse({ store })
+    const request = makeAuthorizedRequest({ unitType: 'request' })
+
+    const encoder = new TextEncoder()
+    const upstream = new Response(
+      new ReadableStream({
+        start(controller) {
+          controller.enqueue(encoder.encode('event: message\ndata: chunk1\n\n'))
+          controller.enqueue(encoder.encode('event: message\ndata: chunk2\n\n'))
+          controller.enqueue(encoder.encode('event: message\ndata: chunk3\n\n'))
+          controller.close()
+        },
+      }),
+      { headers: { 'Content-Type': 'text/event-stream; charset=utf-8' } },
+    )
+
+    const response = transport.respondReceipt({
+      credential: makeCredential({ unitType: 'request' }),
+      input: request,
+      receipt: makeReceipt(),
+      response: upstream,
+      challengeId,
+    })
+
+    const body = await readResponseText(response)
+    const terminalReceipt = readTerminalReceipt(body)
+    const channel = await store.getChannel(channelId)
+
+    expect(channel!.spent).toBe(1000000n)
+    expect(channel!.units).toBe(1)
+    expect(body).toContain('event: message\ndata: chunk1\n\n')
+    expect(body).toContain('event: message\ndata: chunk2\n\n')
+    expect(body).toContain('event: message\ndata: chunk3\n\n')
+    expect(terminalReceipt.spent).toBe('1000000')
+    expect(terminalReceipt.units).toBe(1)
+  })
+
+  test('respondReceipt with empty upstream SSE Response and unitType=request does not charge', async () => {
+    const store = memoryStore()
+    await seedChannel(store, 10000000n)
+    const transport = sse({ store })
+    const request = makeAuthorizedRequest({ unitType: 'request' })
+
+    const encoder = new TextEncoder()
+    const upstream = new Response(
+      new ReadableStream({
+        start(controller) {
+          controller.enqueue(encoder.encode('event: message\ndata: [DONE]\n\n'))
+          controller.close()
+        },
+      }),
+      { headers: { 'Content-Type': 'text/event-stream; charset=utf-8' } },
+    )
+
+    const response = transport.respondReceipt({
+      credential: makeCredential({ unitType: 'request' }),
+      input: request,
+      receipt: makeReceipt(),
+      response: upstream,
+      challengeId,
+    })
+
+    const body = await readResponseText(response)
+    const terminalReceipt = readTerminalReceipt(body)
+    const channel = await store.getChannel(channelId)
+
+    expect(channel!.spent).toBe(0n)
+    expect(channel!.units).toBe(0)
+    expect(terminalReceipt.spent).toBe('0')
+    expect(terminalReceipt.units).toBe(0)
+  })
+
   test('respondReceipt with plain Response delegates to base http transport', () => {
     const store = memoryStore()
     const transport = sse({ store })
@@ -318,27 +580,58 @@ describe('sse transport', () => {
     })
 
     const body = await response.text()
+    const receipt = deserializeSessionReceipt(response.headers.get('Payment-Receipt')!)
 
     const channel = await store.getChannel(channelId)
     expect(channel!.spent).toBe(1000000n)
     expect(channel!.units).toBe(1)
+    expect(receipt.spent).toBe('1000000')
+    expect(receipt.units).toBe(1)
 
     expect(JSON.parse(body)).toEqual({ content: 'hello' })
     expect(response.headers.get('Content-Type')).toBe('application/json')
     expect(response.headers.get('Payment-Receipt')).toBeTruthy()
   })
 
-  test('respondReceipt with 204 management response keeps null body and receipt', async () => {
+  test('respondReceipt with 204 content response still deducts from channel', async () => {
     const store = memoryStore()
     await seedChannel(store, 10000000n)
     const transport = sse({ store })
     const request = makeAuthorizedRequest()
 
-    const managementResponse = new Response(null, { status: 204 })
+    const contentResponse = new Response(null, { status: 204 })
     const response = transport.respondReceipt({
       credential: makeCredential(),
       input: request,
       receipt: makeReceipt(),
+      response: contentResponse,
+      challengeId,
+    })
+
+    expect(response.status).toBe(204)
+    expect(await response.text()).toBe('')
+    const receipt = deserializeSessionReceipt(response.headers.get('Payment-Receipt')!)
+
+    await Promise.resolve()
+
+    const channel = await store.getChannel(channelId)
+    expect(channel!.spent).toBe(1000000n)
+    expect(channel!.units).toBe(1)
+    expect(receipt.spent).toBe('1000000')
+    expect(receipt.units).toBe(1)
+  })
+
+  test('respondReceipt with management response keeps null body and does not deduct', async () => {
+    const store = memoryStore()
+    await seedChannel(store, 10000000n)
+    const transport = sse({ store })
+    const request = makeManagementRequest()
+
+    const managementResponse = new Response(null, { status: 204 })
+    const response = transport.respondReceipt({
+      credential: Credential.fromRequest(makeManagementRequest())!,
+      input: request,
+      receipt: makeReceipt(),
       response: managementResponse,
       challengeId,
     })
@@ -352,6 +645,24 @@ describe('sse transport', () => {
     expect(channel!.units).toBe(0)
   })
 
+  test('respondReceipt rejects replayed plain responses with no remaining balance', async () => {
+    const store = memoryStore()
+    await seedChannel(store, 10000000n)
+    const transport = sse({ store })
+    const request = makeAuthorizedRequest()
+
+    const response = transport.respondReceipt({
+      credential: makeCredential(),
+      input: request,
+      receipt: makeReceipt({ acceptedCumulative: '1000000', spent: '1000000', units: 1 }),
+      response: new Response('ok'),
+      challengeId,
+    })
+
+    expect(response.status).toBe(402)
+    expect(response.headers.get('Payment-Receipt')).toBeNull()
+  })
+
   test('poll: true strips waitForUpdate from store', async () => {
     const store = memoryStore()
     ;(store as any).waitForUpdate = async () => {}

package/src/tempo/server/internal/transport.ts

@@ -5,10 +5,12 @@
  *
  * @internal
  */
+import * as Challenge from '../../../Challenge.js'
+import * as Errors from '../../../Errors.js'
 import * as Transport from '../../../server/Transport.js'
 import * as ChannelStore from '../../session/ChannelStore.js'
 import * as Sse_core from '../../session/Sse.js'
-import type { SessionCredentialPayload } from '../../session/Types.js'
+import type { SessionCredentialPayload, SessionReceipt } from '../../session/Types.js'
 
 /** SSE transport with Tempo session controller. */
 export type Sse = Transport.Sse<Sse_core.SessionController>
@@ -41,6 +43,7 @@ export function sse(options: sse.Options & { store: ChannelStore.ChannelStore })
     captureRequest(request) {
       return (
         base.captureRequest?.(request) ?? {
+          hasBody: request.body !== null,
           headers: new Headers(request.headers),
           method: request.method,
           url: new URL(request.url),
@@ -63,6 +66,10 @@ export function sse(options: sse.Options & { store: ChannelStore.ChannelStore })
       if (!payload.channelId) throw new Error('No SSE context available')
       const channelId = payload.channelId
       const tickCost = BigInt(verifiedCredential.challenge.request.amount as string)
+      const unitType =
+        typeof verifiedCredential.challenge.request.unitType === 'string'
+          ? verifiedCredential.challenge.request.unitType
+          : undefined
 
       // Auto-detect upstream SSE responses and parse them into an
       // AsyncIterable so they flow through the metered pipeline.
@@ -77,9 +84,7 @@ export function sse(options: sse.Options & { store: ChannelStore.ChannelStore })
         // Pass async generator functions directly so Sse.serve gives them
         // a SessionController for manual charge(). Pass raw AsyncIterables
         // as-is so Sse.serve auto-charges per yielded value.
-        const generate: Sse_core.serve.Options['generate'] = isAsyncGeneratorFunction(resolved)
-          ? (resolved as Sse_core.serve.Options['generate'])
-          : (resolved as AsyncIterable<string>)
+        const generate = resolveMeteredGenerate(resolved, unitType)
         const stream = Sse_core.serve({
           store,
           channelId,
@@ -101,23 +106,71 @@ export function sse(options: sse.Options & { store: ChannelStore.ChannelStore })
         challengeId: verifiedChallengeId,
       })
 
+      if (!shouldChargePlainResponse(input, payload)) {
+        return baseResponse
+      }
+
+      const currentReceipt = receipt as SessionReceipt
+      const available = BigInt(currentReceipt.acceptedCumulative) - BigInt(currentReceipt.spent)
+      if (available < tickCost) {
+        const error = new Errors.InsufficientBalanceError({
+          reason: `requested ${tickCost}, available ${available}`,
+        })
+        return new Response(
+          JSON.stringify(error.toProblemDetails(verifiedCredential.challenge.id)),
+          {
+            status: error.status,
+            headers: {
+              'WWW-Authenticate': Challenge.serialize(verifiedCredential.challenge),
+              'Cache-Control': 'no-store',
+              'Content-Type': 'application/problem+json',
+            },
+          },
+        )
+      }
+
+      const chargedReceipt: SessionReceipt = {
+        ...currentReceipt,
+        spent: (BigInt(currentReceipt.spent) + tickCost).toString(),
+        units: (currentReceipt.units ?? 0) + 1,
+      }
+      const chargedResponse = base.respondReceipt({
+        credential: verifiedCredential,
+        envelope,
+        input,
+        receipt: chargedReceipt,
+        response: response as Response,
+        challengeId: verifiedChallengeId,
+      })
+
       // Non-SSE response (e.g. upstream returned JSON instead of event-stream).
       // Need to deduct tickCost so request isn't free.
-      // Null-body statuses (e.g. 204 from management actions) cannot carry a
-      // response body per Fetch/HTTP semantics.
-      if (isNullBodyStatus(baseResponse.status)) {
-        return baseResponse
+      // For null-body statuses, the request shape determines whether the
+      // response is management (no charge) or plain content (charge one tick).
+      if (isNullBodyStatus(chargedResponse.status)) {
+        void ChannelStore.deductFromChannel(store, channelId, tickCost)
+        return chargedResponse
       }
 
       const stream = new ReadableStream<Uint8Array>({
         async start(controller) {
           // deduction completes before consumer reads
-          await ChannelStore.deductFromChannel(store, channelId, tickCost)
-          if (!baseResponse.body) {
+          const result = await ChannelStore.deductFromChannel(store, channelId, tickCost)
+          if (!result.ok) {
+            controller.error(
+              new Errors.InsufficientBalanceError({
+                reason: `requested ${tickCost}, available ${
+                  result.channel.highestVoucherAmount - result.channel.spent
+                }`,
+              }),
+            )
+            return
+          }
+          if (!chargedResponse.body) {
             controller.close()
             return
           }
-          const reader = baseResponse.body.getReader()
+          const reader = chargedResponse.body.getReader()
           try {
             while (true) {
               const { done, value } = await reader.read()
@@ -131,9 +184,9 @@ export function sse(options: sse.Options & { store: ChannelStore.ChannelStore })
         },
       })
       return new Response(stream, {
-        status: baseResponse.status,
-        statusText: baseResponse.statusText,
-        headers: baseResponse.headers,
+        status: chargedResponse.status,
+        statusText: chargedResponse.statusText,
+        headers: chargedResponse.headers,
       })
     },
   })
@@ -198,6 +251,40 @@ function isAsyncIterable(value: unknown): value is AsyncIterable<string> {
   return value !== null && typeof value === 'object' && Symbol.asyncIterator in (value as object)
 }
 
+function resolveMeteredGenerate(
+  value: AsyncIterable<string> | ((...args: unknown[]) => AsyncIterable<string>),
+  unitType: string | undefined,
+): Sse_core.serve.Options['generate'] {
+  if (isAsyncGeneratorFunction(value)) return value as Sse_core.serve.Options['generate']
+  if (unitType !== 'request') return value as AsyncIterable<string>
+
+  const iterable = value as AsyncIterable<string>
+  return async function* chargeOnce(stream) {
+    let charged = false
+    for await (const chunk of iterable) {
+      if (!charged) {
+        await stream.charge()
+        charged = true
+      }
+      yield chunk
+    }
+  }
+}
+
 function isNullBodyStatus(status: number): boolean {
   return [101, 204, 205, 304].includes(status)
 }
+
+function shouldChargePlainResponse(
+  input: Request,
+  payload: Partial<SessionCredentialPayload>,
+): boolean {
+  if (payload.action === 'close' || payload.action === 'topUp') return false
+  if (input.method !== 'POST') return true
+
+  const contentLength = input.headers.get('content-length')
+  if (contentLength !== null && contentLength !== '0') return true
+  if (input.headers.has('transfer-encoding')) return true
+
+  return false
+}

package/src/viem/Client.test.ts

@@ -2,7 +2,7 @@ import { createClient, custom, defineChain, type Hex } from 'viem'
 import { privateKeyToAccount } from 'viem/accounts'
 import { signTransaction } from 'viem/actions'
 import { tempoLocalnet } from 'viem/chains'
-import { Transaction } from 'viem/tempo'
+import { Account as TempoAccount, Transaction } from 'viem/tempo'
 import { describe, expect, test } from 'vp/test'
 
 import * as Client from './Client.js'
@@ -168,6 +168,57 @@ describe('feePayer transaction serialization', () => {
     } as never)
     expect(serverSigned).toMatch(/^0x7[68]/)
   })
+
+  test('behavior: deserialized + re-signed tx preserves keyAuthorization', async () => {
+    const rootAccount = TempoAccount.fromSecp256k1(
+      '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80',
+    )
+    const accessKey = TempoAccount.fromSecp256k1(
+      '0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d',
+      { access: rootAccount },
+    )
+    const feePayerAccount = privateKeyToAccount(
+      '0x5de4111afa1a4b94908f83103f52c5de640f0e4f465f975fa6d6640d3c5e3b48',
+    )
+    const accessKeyClient = createClient({
+      account: accessKey,
+      chain: tempoLocalnet,
+      transport: mockTransport,
+    })
+
+    const keyAuthorization = await rootAccount.signKeyAuthorization(
+      {
+        accessKeyAddress: accessKey.accessKeyAddress,
+        keyType: accessKey.keyType,
+      },
+      {
+        chainId: BigInt(tempoLocalnet.id),
+      },
+    )
+
+    const clientSigned = await signTransaction(accessKeyClient, {
+      account: accessKey,
+      ...feePayer_prepared,
+      keyAuthorization,
+    } as never)
+    const deserialized = Transaction.deserialize(
+      clientSigned as Transaction.TransactionSerializedTempo,
+    )
+
+    expect(deserialized.keyAuthorization).toEqual(keyAuthorization)
+
+    const serverSigned = await signTransaction(tempoClient, {
+      ...deserialized,
+      account: feePayerAccount,
+      feePayer: feePayerAccount,
+      feeToken: '0x20c0000000000000000000000000000000000001' as const,
+    } as never)
+    const serverDeserialized = Transaction.deserialize(
+      serverSigned as Transaction.TransactionSerializedTempo,
+    )
+
+    expect(serverDeserialized.keyAuthorization).toEqual(keyAuthorization)
+  })
 })
 
 describe('getResolver serializer injection', () => {