mppx 0.6.13 → 0.6.14

package/src/tempo/server/Session.test.ts

@@ -11,6 +11,7 @@ import { Base64, Secp256k1 } from 'ox'
 import {
   type Address,
   createClient,
+  custom,
   type Hex,
   parseSignature,
   serializeCompactSignature,
@@ -258,6 +259,54 @@ describe.runIf(isLocalnet)('session', () => {
       ).rejects.toThrow('invalid voucher signature')
     })
 
+    test('rejects sponsored open with invalid voucher before broadcasting', async () => {
+      const rpcMethods: string[] = []
+      const interceptingClient = createClient({
+        account: recipientAccount,
+        chain,
+        transport: custom({
+          async request(args: any) {
+            rpcMethods.push(args.method)
+            return client.transport.request(args)
+          },
+        }),
+      })
+
+      const salt = nextSalt()
+      const { channelId, serializedTransaction } = await signOpenChannel({
+        escrow: escrowContract,
+        payer,
+        payee: recipient,
+        token: currency,
+        deposit: 10000000n,
+        salt,
+        feePayer: true,
+      })
+      const server = createServer({
+        feePayer: recipientAccount,
+        getClient: () => interceptingClient,
+      })
+
+      await expect(
+        server.verify({
+          credential: {
+            challenge: makeChallenge({ channelId }),
+            payload: {
+              action: 'open' as const,
+              type: 'transaction' as const,
+              channelId,
+              transaction: serializedTransaction,
+              cumulativeAmount: '1000000',
+              signature: `0x${'ab'.repeat(65)}` as Hex,
+            },
+          },
+          request: makeRequest({ feePayer: true }),
+        }),
+      ).rejects.toThrow('invalid voucher signature')
+
+      expect(rpcMethods).not.toContain('eth_sendRawTransactionSync')
+    })
+
     test('reopen existing channel with higher voucher updates state', async () => {
       const { channelId, serializedTransaction } = await createSignedOpenTransaction(10000000n)
       const server = createServer()
@@ -2083,6 +2132,10 @@ describe.runIf(isLocalnet)('session', () => {
       ).rejects.toThrow(
         `Cannot close channel ${channelId}: tx sender ${rawAccessKey.address} is not the channel payee ${recipientAccount.address}. If using an access key, pass a Tempo access-key account whose address is the payee wallet, not the raw delegated key address.`,
       )
+
+      const persisted = await store.getChannel(channelId)
+      expect(persisted?.closeRequestedAt).toBe(0n)
+      expect(persisted?.finalized).toBe(false)
     })
 
     test('sessionManager.close surfaces problem details from HTTP close failures', async () => {
@@ -2646,6 +2699,77 @@ describe.runIf(isLocalnet)('session', () => {
       expect(channel?.highestVoucherAmount).toBe(5000000n)
       expect(channel?.spent).toBe(0n)
     })
+
+    test('close marks the channel pending before on-chain close so concurrent charges fail', async () => {
+      const baseStore = Store.memory()
+      let pendingChargeError: unknown
+      let probedPendingClose = false
+
+      const probingStore = Store.from<Store.AtomicStore>({
+        get: (key) => baseStore.get(key),
+        put: (key, value) => baseStore.put(key, value),
+        delete: (key) => baseStore.delete(key),
+        async update(key, fn) {
+          const result = await baseStore.update(key, fn)
+          const current = await baseStore.get(key)
+          if (
+            current &&
+            typeof current === 'object' &&
+            'closeRequestedAt' in current &&
+            (current as ChannelStore.State).closeRequestedAt !== 0n &&
+            !(current as ChannelStore.State).finalized &&
+            !probedPendingClose
+          ) {
+            probedPendingClose = true
+            try {
+              await charge(ChannelStore.fromStore(probingStore), channelId, 1000000n)
+            } catch (error) {
+              pendingChargeError = error
+            }
+          }
+          return result
+        },
+      })
+
+      const probedStore = ChannelStore.fromStore(baseStore)
+      const server = createServerWithStore(probingStore)
+      const { channelId, serializedTransaction } = await createSignedOpenTransaction(10000000n)
+
+      await server.verify({
+        credential: {
+          challenge: makeChallenge({ id: 'open-before-pending-close', channelId }),
+          payload: {
+            action: 'open' as const,
+            type: 'transaction' as const,
+            channelId,
+            transaction: serializedTransaction,
+            cumulativeAmount: '3000000',
+            signature: await signTestVoucher(channelId, 3000000n),
+          },
+        },
+        request: makeRequest(),
+      })
+
+      await charge(probedStore, channelId, 1000000n)
+
+      const receipt = await server.verify({
+        credential: {
+          challenge: makeChallenge({ id: 'pending-close', channelId }),
+          payload: {
+            action: 'close' as const,
+            channelId,
+            cumulativeAmount: '3000000',
+            signature: await signTestVoucher(channelId, 3000000n),
+          },
+        },
+        request: makeRequest(),
+      })
+
+      expect(receipt.status).toBe('success')
+      expect(probedPendingClose).toBe(true)
+      expect(pendingChargeError).toBeInstanceOf(ChannelClosedError)
+      expect((pendingChargeError as Error).message).toContain('pending close request')
+    })
   })
 
   describe('fault tolerance', () => {
@@ -3220,6 +3344,47 @@ describe.runIf(isLocalnet)('session', () => {
       expect(persisted?.finalized).toBe(true)
     })
 
+    test('sessionManager rejects receipts that exceed the locally signed voucher', async () => {
+      const handler = createHandler()
+      const route = handler.session({
+        amount: '1',
+        decimals: 6,
+        unitType: 'token',
+      })
+
+      const fetch = async (input: RequestInfo | URL, init?: RequestInit) => {
+        const request = new Request(input, init)
+        const result = await route(request)
+        if (result.status === 402) return result.challenge
+
+        const response = result.withReceipt(new Response('ok'))
+        const receipt = deserializeSessionReceipt(response.headers.get('Payment-Receipt')!)
+        return new Response(response.body, {
+          status: response.status,
+          statusText: response.statusText,
+          headers: {
+            'Payment-Receipt': serializeSessionReceipt({
+              ...receipt,
+              acceptedCumulative: '3000000',
+              spent: '3000000',
+            }),
+          },
+        })
+      }
+
+      const manager = sessionManager({
+        account: payer,
+        client,
+        escrowContract,
+        fetch,
+        maxDeposit: '3',
+      })
+
+      await expect(manager.fetch('https://api.example.com/resource')).rejects.toThrow(
+        'receipt accepted cumulative exceeds local voucher state',
+      )
+    })
+
     test('does not return Payment-Receipt on verification errors', async () => {
       const { channelId, serializedTransaction } = await createSignedOpenTransaction(10000000n)
       const handler = createHandler()
@@ -3469,6 +3634,79 @@ describe.runIf(isLocalnet)('session', () => {
       expect(replay.headers.get('Payment-Receipt')).toBeNull()
     })
 
+    test('default HTTP bodyless POST query flow charges instead of treating voucher as management', async () => {
+      const { channelId, serializedTransaction } = await createSignedOpenTransaction(10000000n)
+      const signature = await signTestVoucher(channelId, 1000000n)
+      const handler = createHandler()
+      const route = handler.session({
+        amount: '1',
+        decimals: 6,
+        unitType: 'token',
+      })
+
+      const first = await route(
+        new Request('https://api.example.com/search?q=paid', {
+          method: 'POST',
+        }),
+      )
+      expect(first.status).toBe(402)
+      if (first.status !== 402) throw new Error('expected challenge')
+
+      const open = await route(
+        new Request('https://api.example.com/search?q=paid', {
+          method: 'POST',
+          headers: {
+            Authorization: Credential.serialize({
+              challenge: Challenge.fromResponse(first.challenge),
+              payload: {
+                action: 'open',
+                type: 'transaction',
+                channelId,
+                transaction: serializedTransaction,
+                cumulativeAmount: '1000000',
+                signature,
+              },
+            }),
+          },
+        }),
+      )
+      expect(open.status).toBe(200)
+      if (open.status !== 200) throw new Error('expected paid response')
+      const paid = open.withReceipt(new Response('query-result'))
+      expect(await paid.text()).toBe('query-result')
+      const receipt = deserializeSessionReceipt(paid.headers.get('Payment-Receipt') as string)
+      expect(receipt.spent).toBe('1000000')
+      expect(receipt.units).toBe(1)
+
+      const replayChallenge = await route(
+        new Request('https://api.example.com/search?q=paid', {
+          method: 'POST',
+        }),
+      )
+      expect(replayChallenge.status).toBe(402)
+      if (replayChallenge.status !== 402) throw new Error('expected challenge')
+
+      const replay = await route(
+        new Request('https://api.example.com/search?q=paid', {
+          method: 'POST',
+          headers: {
+            Authorization: Credential.serialize({
+              challenge: Challenge.fromResponse(replayChallenge.challenge),
+              payload: {
+                action: 'voucher',
+                channelId,
+                cumulativeAmount: '1000000',
+                signature,
+              },
+            }),
+          },
+        }),
+      )
+      expect(replay.status).toBe(402)
+      if (replay.status !== 402) throw new Error('expected challenge')
+      expect(replay.challenge.headers.get('Payment-Receipt')).toBeNull()
+    })
+
     test('converts amount/suggestedDeposit/minVoucherDelta with decimals=18', async () => {
       const handler = createHandler()
       const route = handler.session({
@@ -4245,6 +4483,89 @@ describe.runIf(isLocalnet)('session', () => {
       expect(persisted?.finalized).toBe(true)
     })
 
+    test('plain-response SSE fallback precharges before running concurrent paid handlers', async () => {
+      const backingStore = Store.memory()
+      const route = Mppx_server.create({
+        methods: [
+          tempo_server.session({
+            store: backingStore,
+            getClient: () => client,
+            account: recipientAccount,
+            currency,
+            escrowContract,
+            chainId: chain.id,
+            sse: true,
+          }),
+        ],
+        realm: 'api.example.com',
+        secretKey: 'secret',
+      }).session({ amount: '1', decimals: 6, unitType: 'token' })
+
+      const { channelId, serializedTransaction } = await createSignedOpenTransaction(10000000n)
+
+      const openChallenge = await route(new Request('https://api.example.com/fallback'))
+      expect(openChallenge.status).toBe(402)
+      if (openChallenge.status !== 402) throw new Error('expected challenge')
+
+      const openResult = await route(
+        new Request('https://api.example.com/fallback', {
+          method: 'POST',
+          headers: {
+            Authorization: Credential.serialize({
+              challenge: Challenge.fromResponse(openChallenge.challenge),
+              payload: {
+                action: 'open',
+                type: 'transaction',
+                channelId,
+                transaction: serializedTransaction,
+                cumulativeAmount: '1000000',
+                signature: await signTestVoucher(channelId, 1000000n),
+              },
+            }),
+          },
+        }),
+      )
+      expect(openResult.status).toBe(200)
+      if (openResult.status !== 200) throw new Error('expected open response')
+      expect(openResult.withReceipt().status).toBe(204)
+
+      const replayChallenge = await route(new Request('https://api.example.com/fallback'))
+      expect(replayChallenge.status).toBe(402)
+      if (replayChallenge.status !== 402) throw new Error('expected challenge')
+
+      const authorization = Credential.serialize({
+        challenge: Challenge.fromResponse(replayChallenge.challenge),
+        payload: {
+          action: 'voucher',
+          channelId,
+          cumulativeAmount: '1000000',
+          signature: await signTestVoucher(channelId, 1000000n),
+        },
+      })
+
+      let handlerRuns = 0
+      const serve = async () => {
+        const result = await route(
+          new Request('https://api.example.com/fallback', {
+            headers: { Authorization: authorization },
+          }),
+        )
+        if (result.status === 402) return result.challenge
+        handlerRuns++
+        return result.withReceipt(new Response('paid-fallback'))
+      }
+
+      const [first, second] = await Promise.all([serve(), serve()])
+      const statuses = [first.status, second.status].sort()
+
+      expect(statuses).toEqual([200, 402])
+      expect(handlerRuns).toBe(1)
+
+      const persisted = await ChannelStore.fromStore(backingStore).getChannel(channelId)
+      expect(persisted?.spent).toBe(1000000n)
+      expect(persisted?.units).toBe(1)
+    })
+
     test('handles repeated exhaustion/resume cycles within one stream', async () => {
       const backingStore = Store.memory()
       const routeHandler = Mppx_server.create({
@@ -5437,6 +5758,12 @@ describe('session request and verify guardrails', () => {
       request: makeRequest({ feePayer: false }),
     } as never)
     expect(normalized.feePayer).toBeUndefined()
+
+    const verificationRequest = await server.request!({
+      credential: { challenge: {}, payload: {} } as never,
+      request: makeRequest({ feePayer: false }),
+    } as never)
+    expect(verificationRequest.feePayer).toBe(false)
   })
 
   test('request leaves escrowContract undefined when chain has no configured default', async () => {

package/src/tempo/server/Session.ts

@@ -168,9 +168,10 @@ export function session<const parameters extends session.Parameters>(
 
       // Extract feePayer.
       const resolvedFeePayer = (() => {
+        if (request.feePayer === false) return credential ? false : undefined
         const account = typeof request.feePayer === 'object' ? request.feePayer : feePayer
-        const requested = request.feePayer !== false && (account ?? feePayer ?? feePayerUrl)
-        if (credential) return account
+        const requested = account ?? feePayer ?? feePayerUrl
+        if (credential) return account ?? (feePayerUrl ? true : undefined)
         if (requested) return true
         return undefined
       })()
@@ -196,7 +197,17 @@ export function session<const parameters extends session.Parameters>(
       const methodDetails = resolvedRequest.methodDetails as SessionMethodDetails
       const client = await getClient({ chainId: methodDetails.chainId })
 
-      const resolvedFeePayer = methodDetails.feePayer === true ? feePayer : undefined
+      const requestAllowsFeePayer =
+        request.feePayer !== false &&
+        (request.feePayer === undefined ||
+          request.feePayer === true ||
+          typeof request.feePayer === 'object')
+      const resolvedFeePayer =
+        methodDetails.feePayer === true && requestAllowsFeePayer
+          ? typeof request.feePayer === 'object'
+            ? request.feePayer
+            : feePayer
+          : undefined
       const minVoucherDelta = parseUnits(parameters.minVoucherDelta ?? '0', decimals)
       const effectiveMinVoucherDelta = methodDetails.minVoucherDelta
         ? BigInt(methodDetails.minVoucherDelta)
@@ -268,7 +279,6 @@ export function session<const parameters extends session.Parameters>(
       // This keeps equal-voucher replays bounded by the voucher's remaining
       // balance instead of serving repeated responses for free.
       if (
-        !parameters.sse &&
         envelope &&
         isSessionContentRequest(envelope.capturedRequest) &&
         (payload.action === 'open' || payload.action === 'voucher')
@@ -283,6 +293,7 @@ export function session<const parameters extends session.Parameters>(
           spent: charged.spent.toString(),
           units: charged.units,
         }
+        if (parameters.sse) sessionReceipt = Transport.markPrepaidSessionTick(sessionReceipt)
       }
 
       return sessionReceipt
@@ -625,6 +636,38 @@ async function handleOpen(
   const currency = challenge.request.currency as Address
   const amount = challenge.request.amount ? BigInt(challenge.request.amount as string) : undefined
 
+  const validateOpenVoucher = async (onChain: OnChainChannel) => {
+    validateOnChainChannel(onChain, recipient, currency, amount)
+
+    const authorizedSigner =
+      onChain.authorizedSigner === '0x0000000000000000000000000000000000000000'
+        ? onChain.payer
+        : onChain.authorizedSigner
+
+    if (voucher.cumulativeAmount > onChain.deposit) {
+      throw new AmountExceedsDepositError({ reason: 'voucher amount exceeds on-chain deposit' })
+    }
+
+    if (voucher.cumulativeAmount <= onChain.settled) {
+      throw new VerificationFailedError({
+        reason: 'voucher cumulativeAmount is below on-chain settled amount',
+      })
+    }
+
+    const isValid = await verifyVoucher(
+      methodDetails.escrowContract,
+      methodDetails.chainId,
+      voucher,
+      authorizedSigner,
+    )
+
+    if (!isValid) {
+      throw new InvalidSignatureError({ reason: 'invalid voucher signature' })
+    }
+
+    return authorizedSigner
+  }
+
   const { onChain, txHash } = await broadcastOpenTransaction({
     client,
     serializedTransaction: payload.transaction,
@@ -635,36 +678,13 @@ async function handleOpen(
     challengeExpires: challenge.expires,
     feePayerPolicy,
     feePayer,
+    beforeBroadcast: async (pendingOnChain) => {
+      await validateOpenVoucher(pendingOnChain)
+    },
     waitForConfirmation,
   })
 
-  validateOnChainChannel(onChain, recipient, currency, amount)
-
-  const authorizedSigner =
-    onChain.authorizedSigner === '0x0000000000000000000000000000000000000000'
-      ? onChain.payer
-      : onChain.authorizedSigner
-
-  if (voucher.cumulativeAmount > onChain.deposit) {
-    throw new AmountExceedsDepositError({ reason: 'voucher amount exceeds on-chain deposit' })
-  }
-
-  if (voucher.cumulativeAmount <= onChain.settled) {
-    throw new VerificationFailedError({
-      reason: 'voucher cumulativeAmount is below on-chain settled amount',
-    })
-  }
-
-  const isValid = await verifyVoucher(
-    methodDetails.escrowContract,
-    methodDetails.chainId,
-    voucher,
-    authorizedSigner,
-  )
-
-  if (!isValid) {
-    throw new InvalidSignatureError({ reason: 'invalid voucher signature' })
-  }
+  const authorizedSigner = await validateOpenVoucher(onChain)
 
   const updated = await store.updateChannel(channelId, (existing) => {
     if (existing) {
@@ -917,16 +937,45 @@ async function handleClose(
     throw new InvalidSignatureError({ reason: 'invalid voucher signature' })
   }
 
-  assertSettlementSender({
-    operation: 'close',
-    channelId: payload.channelId,
-    payee: onChain.payee,
-    sender: account?.address ?? client.account?.address,
+  const pendingCloseStartedAt = BigInt(Math.floor(Date.now() / 1000) || 1)
+  const previousCloseRequestedAt = channel.closeRequestedAt
+  let pendingCloseMarked = false
+  await store.updateChannel(channelId, (current) => {
+    if (!current) return null
+    if (current.finalized) throw new ChannelClosedError({ reason: 'channel is already finalized' })
+    if (current.closeRequestedAt !== 0n)
+      throw new ChannelClosedError({ reason: 'channel has a pending close request' })
+    if (voucher.cumulativeAmount < current.spent) {
+      throw new VerificationFailedError({
+        reason: `close voucher amount must be >= ${current.spent} (spent)`,
+      })
+    }
+    pendingCloseMarked = true
+    return { ...current, closeRequestedAt: pendingCloseStartedAt }
   })
 
-  const txHash = await closeOnChain(client, methodDetails.escrowContract, voucher, {
-    ...(feePayer && account ? { feePayer, account } : { account }),
-  })
+  let txHash: Hex | undefined
+  try {
+    assertSettlementSender({
+      operation: 'close',
+      channelId: payload.channelId,
+      payee: onChain.payee,
+      sender: account?.address ?? client.account?.address,
+    })
+
+    txHash = await closeOnChain(client, methodDetails.escrowContract, voucher, {
+      ...(feePayer && account ? { feePayer, account } : { account }),
+    })
+  } catch (error) {
+    if (pendingCloseMarked) {
+      await store.updateChannel(channelId, (current) =>
+        current && current.closeRequestedAt === pendingCloseStartedAt
+          ? { ...current, closeRequestedAt: previousCloseRequestedAt }
+          : current,
+      )
+    }
+    throw error
+  }
 
   const updated = await store.updateChannel(channelId, (current) => {
     if (!current) return null