mppx 0.6.21 → 0.6.23

package/dist/tempo/server/internal/html.gen.js.map

@@ -1 +1 @@
-{"version":3,"file":"html.gen.js","sourceRoot":"","sources":["../../../../src/tempo/server/internal/html.gen.ts"],"names":[],"mappings":"AAAA,2BAA2B;AAC3B,MAAM,CAAC,MAAM,IAAI,GAAG,s+teAAs+te,CAAA"}
+{"version":3,"file":"html.gen.js","sourceRoot":"","sources":["../../../../src/tempo/server/internal/html.gen.ts"],"names":[],"mappings":"AAAA,2BAA2B;AAC3B,MAAM,CAAC,MAAM,IAAI,GAAG,8yteAA8yte,CAAA"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "mppx",
   "type": "module",
-  "version": "0.6.21",
+  "version": "0.6.23",
   "main": "./dist/index.js",
   "license": "MIT",
   "files": [

package/src/tempo/client/Subscription.test.ts

@@ -104,6 +104,57 @@ describe('tempo.subscription client', () => {
     )
   })
 
+  test('passes hex-encoded `scopes` and `limits` to wallet_authorizeAccessKey', async () => {
+    const challenge = createChallenge()
+    const keyAuthorization = await signSubscriptionKeyAuthorization({
+      accessKey,
+      account: selectedAccount,
+      chainId,
+      request: challenge.request,
+    })
+    if (!keyAuthorization) throw new Error('expected key authorization')
+
+    let capturedParams: Record<string, unknown> | undefined
+    const method = subscription({
+      account: selectedAccount.address,
+      getClient: async () =>
+        ({
+          request: async ({ params }: { params: readonly Record<string, unknown>[] }) => {
+            capturedParams = params[0]
+            return { keyAuthorization: KeyAuthorization.toRpc(keyAuthorization) }
+          },
+        }) as never,
+    })
+
+    await method.createCredential({ challenge, context: {} })
+
+    expect(capturedParams).toMatchObject({
+      address: accessKey.accessKeyAddress.toLowerCase(),
+      keyType: accessKey.keyType,
+      expiry: expect.any(Number),
+      limits: [
+        {
+          token: expect.stringMatching(/^0x[0-9a-fA-F]{40}$/),
+          limit: '0xf4240',
+          period: expect.any(Number),
+        },
+      ],
+      scopes: [
+        {
+          address: expect.stringMatching(/^0x[0-9a-fA-F]{40}$/),
+          selector: expect.stringMatching(/^0x/),
+          recipients: expect.any(Array),
+        },
+        {
+          address: expect.stringMatching(/^0x[0-9a-fA-F]{40}$/),
+          selector: expect.stringMatching(/^0x/),
+          recipients: expect.any(Array),
+        },
+      ],
+    })
+    expect(capturedParams).not.toHaveProperty('allowedCalls')
+  })
+
   test('rejects key authorizations signed by a different account', async () => {
     const challenge = createChallenge()
     const keyAuthorization = await signSubscriptionKeyAuthorization({

package/src/tempo/client/Subscription.ts

@@ -1,3 +1,4 @@
+import { Hex } from 'ox'
 import { KeyAuthorization } from 'ox/tempo'
 import { isAddressEqual, type Address } from 'viem'
 import { tempo as tempo_chain } from 'viem/chains'
@@ -11,7 +12,7 @@ import * as z from '../../zod.js'
 import * as defaults from '../internal/defaults.js'
 import * as Methods from '../Methods.js'
 import {
-  getSubscriptionRpcAllowedCalls,
+  getSubscriptionScopes,
   signSubscriptionKeyAuthorization,
   toSubscriptionExpiryDate,
   toSubscriptionExpirySeconds,
@@ -117,16 +118,16 @@ async function authorizeAccessKey(
     params: [
       {
         address: accessKey.accessKeyAddress,
-        allowedCalls: getSubscriptionRpcAllowedCalls(request),
         expiry: toSubscriptionExpirySeconds(toSubscriptionExpiryDate(request.subscriptionExpires)),
         keyType: accessKey.keyType,
         limits: [
           {
             token: request.currency as Address,
-            limit: BigInt(request.amount),
+            limit: Hex.fromNumber(BigInt(request.amount)),
             period: toSubscriptionPeriodSeconds(request),
           },
         ],
+        scopes: getSubscriptionScopes(request),
       },
     ],
   } as never)) as {

package/src/tempo/server/Subscription.ts

@@ -3,6 +3,7 @@ import { KeyAuthorization } from 'ox/tempo'
 import { encodeFunctionData, isAddressEqual, type Address, type Client as ViemClient } from 'viem'
 import {
   call as viem_call,
+  prepareTransactionRequest,
   sendRawTransaction,
   sendRawTransactionSync,
   signTransaction,
@@ -19,6 +20,7 @@ import * as ClientResolver from '../../viem/Client.js'
 import * as Attribution from '../Attribution.js'
 import * as Account from '../internal/account.js'
 import * as defaults from '../internal/defaults.js'
+import * as FeePayer from '../internal/fee-payer.js'
 import * as Proof from '../internal/proof.js'
 import type * as types from '../internal/types.js'
 import * as Methods from '../Methods.js'
@@ -72,7 +74,7 @@ export function subscription<const parameters extends subscription.Parameters>(
     activationTimeoutMs: parameters.activationTimeoutMs,
     renewalTimeoutMs: parameters.renewalTimeoutMs,
   })
-  const { recipient } = Account.resolve(parameters)
+  const { feePayer, recipient } = Account.resolve(parameters)
   const getClient = ClientResolver.getResolver({
     chain: tempo_chain,
     getClient: parameters.getClient,
@@ -104,6 +106,8 @@ export function subscription<const parameters extends subscription.Parameters>(
       const periodIndex = getPeriodIndex(subscription)
       if (periodIndex > subscription.lastChargedPeriod) {
         const renew = resolveRenewalHandler({
+          feePayer,
+          feePayerPolicy: parameters.feePayerPolicy,
           getClient,
           parameters,
           store,
@@ -235,6 +239,8 @@ export function subscription<const parameters extends subscription.Parameters>(
               accessKey,
               auto: {
                 challengeId: credential.challenge.id,
+                feePayer,
+                feePayerPolicy: parameters.feePayerPolicy,
                 getClient,
                 keyAuthorization: (credential.payload as SubscriptionCredentialPayload).signature,
                 realm: credential.challenge.realm,
@@ -346,6 +352,8 @@ async function activateSubscription(parameters: {
   accessKey: SubscriptionAccessKey
   auto: {
     challengeId: string
+    feePayer?: ReturnType<typeof Account.resolve>['feePayer'] | undefined
+    feePayerPolicy?: Partial<FeePayer.Policy> | undefined
     getClient: (parameters: { chainId?: number | undefined }) => MaybePromise<ViemClient>
     keyAuthorization: `0x${string}`
     realm: string
@@ -391,6 +399,8 @@ async function activateSubscription(parameters: {
   // billing authority needed for request-path and background renewals.
   const reference = await submitSubscriptionPayment({
     accessKey,
+    feePayer: auto.feePayer,
+    feePayerPolicy: auto.feePayerPolicy,
     getClient: auto.getClient,
     keyAuthorization: auto.keyAuthorization,
     lookupKey: resolved.key,
@@ -689,6 +699,8 @@ function subscriptionBinding(request: SubscriptionRequest) {
 }
 
 function resolveRenewalHandler(parameters: {
+  feePayer?: ReturnType<typeof Account.resolve>['feePayer'] | undefined
+  feePayerPolicy?: Partial<FeePayer.Policy> | undefined
   getClient: (parameters: { chainId?: number | undefined }) => MaybePromise<ViemClient>
   parameters: {
     renew?:
@@ -710,6 +722,8 @@ function resolveRenewalHandler(parameters: {
     }) => Promise<subscription.RenewalResult>)
   | undefined {
   const {
+    feePayer,
+    feePayerPolicy,
     getClient,
     parameters: subscriptionParameters,
     store,
@@ -721,6 +735,8 @@ function resolveRenewalHandler(parameters: {
   return async ({ inFlightReference, periodIndex, subscription }) => {
     const reference = await submitSubscriptionPayment({
       accessKey: subscription.accessKey!,
+      feePayer,
+      feePayerPolicy,
       getClient,
       lookupKey: subscription.lookupKey,
       request: subscription,
@@ -744,6 +760,8 @@ function resolveRenewalHandler(parameters: {
 
 async function submitSubscriptionPayment(parameters: {
   accessKey: SubscriptionAccessKey
+  feePayer?: ReturnType<typeof Account.resolve>['feePayer'] | undefined
+  feePayerPolicy?: Partial<FeePayer.Policy> | undefined
   getClient: (parameters: { chainId?: number | undefined }) => MaybePromise<ViemClient>
   keyAuthorization?: `0x${string}` | undefined
   lookupKey: string
@@ -757,6 +775,8 @@ async function submitSubscriptionPayment(parameters: {
 }) {
   const {
     accessKey,
+    feePayer,
+    feePayerPolicy,
     getClient,
     keyAuthorization,
     lookupKey,
@@ -786,7 +806,7 @@ async function submitSubscriptionPayment(parameters: {
     challengeId: settlementReference,
     serverId: lookupKey,
   })
-  const serializedTransaction = await signTransaction(client, {
+  const baseTransaction = {
     account,
     calls: [
       {
@@ -802,7 +822,39 @@ async function submitSubscriptionPayment(parameters: {
     ...(keyAuthorization
       ? { keyAuthorization: KeyAuthorization.deserialize(keyAuthorization) }
       : {}),
-  } as never)
+  }
+  const serializedTransaction = await (async () => {
+    if (!feePayer) return await signTransaction(client, baseTransaction as never)
+    // For sponsored payments, prepare the tx via `prepareTransactionRequest`
+    // (without `feePayer: true`) so viem returns the chain's full
+    // proof-inclusive gas estimate. With `feePayer: true` viem sets a
+    // dummy sig + null feePayerSignature, dropping signature and key
+    // authorization verification costs — see chainConfig.js FIXME. We add
+    // a small buffer for fee-payer overhead, then flip `feePayer = true`
+    // and re-sign with the fee-payer-sponsored envelope.
+    const prepared = await prepareTransactionRequest(client, {
+      ...baseTransaction,
+      nonceKey: 'expiring',
+    } as never)
+    prepared.gas = (prepared.gas ?? 0n) + 5_000n
+    ;(prepared as Record<string, unknown>).feePayer = true
+    const userSerialized = await signTransaction(client, prepared as never)
+    const userTransaction = Transaction.deserialize(
+      userSerialized as Transaction.TransactionSerializedTempo,
+    )
+    const sponsored = FeePayer.prepareSponsoredTransaction({
+      account: feePayer,
+      chainId: chainId ?? client.chain!.id,
+      details: {
+        amount: String(request.amount),
+        currency: String(request.currency),
+        recipient: String(request.recipient),
+      },
+      ...(feePayerPolicy ? { policy: feePayerPolicy } : {}),
+      transaction: userTransaction as never,
+    })
+    return await signTransaction(client, sponsored as never)
+  })()
   const transaction = Transaction.deserialize(
     serializedTransaction as Transaction.TransactionSerializedTempo,
   )
@@ -810,6 +862,7 @@ async function submitSubscriptionPayment(parameters: {
     ...transaction,
     account: transaction.from,
     calls: transaction.calls,
+    feePayerSignature: undefined,
   } as never)
 
   if (!waitForConfirmation) {
@@ -950,6 +1003,12 @@ export declare namespace subscription {
        * Keeps concurrent renewal safe while allowing recovery from abandoned attempts.
        */
       renewalTimeoutMs?: number | undefined
+      /**
+       * Override the fee-payer policy for sponsored subscription payments.
+       * Useful when the access key + key authorization tx requires more gas
+       * than the default policy allows.
+       */
+      feePayerPolicy?: Partial<FeePayer.Policy> | undefined
       activate?:
         | ((parameters: {
             /** Custom activation must verify this access key matches the resolved subscription. */