mppx 0.6.27 → 0.6.29

package/src/middlewares/hono.test.ts

@@ -1,9 +1,20 @@
 import { serve } from '@hono/node-server'
 import { Hono } from 'hono'
 import { Challenge, Credential, Method, Receipt, z } from 'mppx'
-import { Mppx as Mppx_client, session as sessionIntent, tempo as tempo_client } from 'mppx/client'
+import {
+  evm as evm_client,
+  Mppx as Mppx_client,
+  session as sessionIntent,
+  tempo as tempo_client,
+} from 'mppx/client'
 import { Mppx, discovery, payment } from 'mppx/hono'
-import { tempo as tempo_server } from 'mppx/server'
+import { evm as evm_server, Mppx as ServerMppx, tempo as tempo_server } from 'mppx/server'
+import {
+  paymentRequiredHeader,
+  paymentResponseHeader,
+  paymentSignatureHeader,
+  type PaymentPayload,
+} from 'mppx/x402'
 import type { Address } from 'viem'
 import { Addresses } from 'viem/tempo'
 import { beforeAll, describe, expect, test } from 'vp/test'
@@ -53,6 +64,30 @@ describe('payment', () => {
 
     server.close()
   })
+
+  test('copies transport-specific success headers', async () => {
+    const intent = () => async () => ({
+      status: 200 as const,
+      withReceipt: (response?: Response) =>
+        new Response(response?.body ?? null, {
+          headers: {
+            ...(response ? Object.fromEntries(response.headers) : {}),
+            'PAYMENT-RESPONSE': 'x402-response',
+          },
+          status: response?.status ?? 200,
+        }),
+    })
+
+    const app = new Hono()
+    app.get('/', payment(intent as any, {} as any), (c) => c.json({ data: 'content' }))
+
+    const server = await createServer(app)
+    const response = await globalThis.fetch(server.url)
+    expect(response.status).toBe(200)
+    expect(response.headers.get('PAYMENT-RESPONSE')).toBe('x402-response')
+
+    server.close()
+  })
 })
 
 const scopeMethod = Method.toServer(
@@ -187,8 +222,109 @@ describe('charge', () => {
 
     server.close()
   })
+
+  test('serves tempo and x402 from one Hono endpoint', async () => {
+    const transaction = `0x${'2'.repeat(64)}` as const
+    const payments = ServerMppx.create({
+      methods: [
+        tempo_server.charge({
+          account: accounts[0],
+          currency: asset,
+          getClient: () => client,
+          recipient: accounts[0].address,
+        }),
+        evm_server.charge({
+          currency: evm_server.assets.baseSepolia.USDC,
+          recipient: accounts[0].address,
+          x402: {
+            facilitator: {
+              async verify(paymentPayload: PaymentPayload) {
+                return {
+                  isValid: true,
+                  payer: payerOf(paymentPayload),
+                }
+              },
+              async settle(paymentPayload: PaymentPayload) {
+                return {
+                  network: paymentPayload.accepted.network,
+                  payer: payerOf(paymentPayload),
+                  success: true,
+                  transaction,
+                }
+              },
+            },
+          },
+        }),
+      ],
+      secretKey,
+    })
+
+    const route = payments.compose(
+      [payments.tempo.charge, { amount: '0', chainId: client.chain!.id }],
+      [payments.evm.charge, { amount: '0.01' }],
+    )
+
+    const app = new Hono()
+    app.get('/paid', async (c) => {
+      const result = await route(c.req.raw)
+      if (result.status === 402) return result.challenge
+      return result.withReceipt(c.json({ data: 'paid' }))
+    })
+
+    const server = await createServer(app)
+    const challenge = await globalThis.fetch(`${server.url}/paid`)
+    expect(challenge.status).toBe(402)
+    expect(challenge.headers.get('WWW-Authenticate')).toContain('Payment')
+    expect(challenge.headers.get(paymentRequiredHeader)).toBeTruthy()
+
+    const tempoPayment = Mppx_client.create({
+      methods: [
+        tempo_client.charge({
+          account: accounts[0],
+          getClient: () => client,
+        }),
+      ],
+      polyfill: false,
+    })
+    const tempoResponse = await tempoPayment.fetch(`${server.url}/paid`)
+    expect(tempoResponse.status).toBe(200)
+    expect(await tempoResponse.json()).toEqual({ data: 'paid' })
+    expect(tempoResponse.headers.get('Payment-Receipt')).toBeTruthy()
+
+    const x402Payment = Mppx_client.create({
+      methods: [
+        evm_client.charge({
+          account: accounts[0],
+        }),
+      ],
+      polyfill: false,
+    })
+    const paymentSignature = await x402Payment.createCredential(pureX402Challenge(challenge))
+    const x402Response = await x402Payment.rawFetch(`${server.url}/paid`, {
+      headers: { [paymentSignatureHeader]: paymentSignature },
+    })
+    expect(x402Response.status).toBe(200)
+    expect(await x402Response.json()).toEqual({ data: 'paid' })
+    expect(x402Response.headers.get(paymentResponseHeader)).toBeTruthy()
+
+    server.close()
+  })
 })
 
+function payerOf(paymentPayload: PaymentPayload): string {
+  if ('authorization' in paymentPayload.payload) return paymentPayload.payload.authorization.from
+  return paymentPayload.payload.permit2Authorization.from
+}
+
+function pureX402Challenge(response: Response): Response {
+  const paymentRequired = response.headers.get(paymentRequiredHeader)
+  if (!paymentRequired) throw new Error('Missing PAYMENT-REQUIRED header.')
+  return new Response(null, {
+    headers: { [paymentRequiredHeader]: paymentRequired },
+    status: 402,
+  })
+}
+
 describe('scope binding', () => {
   const scopeOpts = {
     amount: '1',

package/src/middlewares/nextjs.test.ts

@@ -59,6 +59,28 @@ describe('payment', () => {
 
     server.close()
   })
+
+  test('copies transport-specific success headers', async () => {
+    const intent = () => async () => ({
+      status: 200 as const,
+      withReceipt: (response?: Response) =>
+        new Response(response?.body ?? null, {
+          headers: {
+            ...(response ? Object.fromEntries(response.headers) : {}),
+            'PAYMENT-RESPONSE': 'x402-response',
+          },
+          status: response?.status ?? 200,
+        }),
+    })
+    const handler = payment(intent as any, {} as any, () => Response.json({ data: 'content' }))
+
+    const server = await createServer(handler)
+    const response = await globalThis.fetch(server.url)
+    expect(response.status).toBe(200)
+    expect(response.headers.get('PAYMENT-RESPONSE')).toBe('x402-response')
+
+    server.close()
+  })
 })
 
 function createChargeHarness(feePayer: boolean) {

package/src/proxy/internal/Headers.test.ts

@@ -13,6 +13,26 @@ describe('scrub', () => {
     expect(result.get('content-type')).toBe('application/json')
   })
 
+  test('behavior: strips payment protocol headers', () => {
+    const headers = new globalThis.Headers({
+      'Accept-Payment': 'evm/charge',
+      'Content-Type': 'application/json',
+      'PAYMENT-RECEIPT': 'receipt',
+      'PAYMENT-REQUIRED': 'required',
+      'PAYMENT-RESPONSE': 'response',
+      'PAYMENT-SIGNATURE': 'signature',
+      'WWW-Authenticate': 'Payment id="abc"',
+    })
+    const result = Headers.scrub(headers)
+    expect(result.has('accept-payment')).toBe(false)
+    expect(result.has('payment-receipt')).toBe(false)
+    expect(result.has('payment-required')).toBe(false)
+    expect(result.has('payment-response')).toBe(false)
+    expect(result.has('payment-signature')).toBe(false)
+    expect(result.has('www-authenticate')).toBe(false)
+    expect(result.get('content-type')).toBe('application/json')
+  })
+
   test('behavior: strips cookie header', () => {
     const headers = new globalThis.Headers({
       Cookie: 'session=abc123',
@@ -98,4 +118,22 @@ describe('scrubResponse', () => {
     expect(result.statusText).toBe('Created')
     expect(await result.text()).toBe('hello')
   })
+
+  // Regression: an upstream service must never be able to issue a cookie
+  // under the proxy's origin. Otherwise a compromised or attacker-influenced
+  // upstream can session-fixate (`Set-Cookie: session=evil; Domain=…`) every
+  // sibling subdomain of the proxy. See the docblock on `scrubResponse`.
+  test('behavior: strips set-cookie so upstream cannot set cookies on proxy origin', () => {
+    const response = new Response('body', {
+      headers: [
+        ['Set-Cookie', '__Secure-session=evil; Domain=.example.com; Secure; HttpOnly'],
+        ['Set-Cookie', 'tracking=1; Path=/'],
+        ['Content-Type', 'application/json'],
+      ],
+    })
+    const result = Headers.scrubResponse(response)
+    expect(result.headers.has('set-cookie')).toBe(false)
+    expect(result.headers.getSetCookie?.() ?? []).toEqual([])
+    expect(result.headers.get('content-type')).toBe('application/json')
+  })
 })

package/src/proxy/internal/Headers.ts

@@ -9,6 +9,17 @@ const hopByHopHeaders = new Set([
   'trailer',
 ])
 
+// Payment credentials are consumed by the proxy and must never reach upstream services.
+const paymentHeaders = new Set([
+  'accept-payment',
+  'authorization',
+  'payment-receipt',
+  'payment-required',
+  'payment-response',
+  'payment-signature',
+  'www-authenticate',
+])
+
 /** Strips hop-by-hop, auth, encoding, cookie, and forwarding headers from a request before proxying upstream. */
 export function scrub(headers: Headers): Headers {
   const scrubbed = new Headers()
@@ -16,7 +27,7 @@ export function scrub(headers: Headers): Headers {
   for (const [name, value] of headers) {
     const lower = name.toLowerCase()
 
-    if (lower === 'authorization') continue
+    if (paymentHeaders.has(lower)) continue
     if (lower === 'accept-encoding') continue
     if (lower === 'content-length') continue
     if (lower === 'cookie') continue
@@ -29,11 +40,24 @@ export function scrub(headers: Headers): Headers {
   return scrubbed
 }
 
-/** Strips `content-encoding` and `content-length` from an upstream response so the proxy can re-stream it. */
+/**
+ * Strips re-streaming headers (`content-encoding`, `content-length`) and
+ * security-sensitive headers (`set-cookie`) from an upstream response.
+ *
+ * `set-cookie` is dropped because a paid API proxy must never let an upstream
+ * service set cookies in the user's browser under the proxy's origin. If a
+ * compromised, misbehaving, or attacker-influenced upstream returned
+ * `Set-Cookie: session=evil; Domain=.example.com`, the browser would honor it
+ * for every sibling subdomain of the proxy — turning any future path-confusion
+ * or open-redirect bug in the surrounding deployment into a session-fixation
+ * primitive. Proxied services authenticate via bearer tokens / signed
+ * payloads, never cookies, so dropping `set-cookie` is purely defensive.
+ */
 export function scrubResponse(response: Response): Response {
   const headers = new Headers(response.headers)
   headers.delete('content-encoding')
   headers.delete('content-length')
+  headers.delete('set-cookie')
   return new Response(response.body, {
     status: response.status,
     statusText: response.statusText,

package/src/proxy/services/openai.test.ts

@@ -35,8 +35,64 @@ const mppx_client = Mppx_client.create({
 })
 
 let proxyServer: Awaited<ReturnType<typeof Http.createServer>> | undefined
+let upstreamServer: Awaited<ReturnType<typeof Http.createServer>> | undefined
 
-afterEach(() => proxyServer?.close())
+afterEach(() => {
+  proxyServer?.close()
+  upstreamServer?.close()
+})
+
+describe('openai', () => {
+  test('security: strips caller-supplied OpenAI tenant headers before proxying', async () => {
+    upstreamServer = await Http.createServer((req, res) => {
+      res.writeHead(200, { 'Content-Type': 'application/json' })
+      res.end(
+        JSON.stringify({
+          headers: {
+            authorization: req.headers.authorization,
+            organization: req.headers['openai-organization'],
+            project: req.headers['openai-project'],
+          },
+        }),
+      )
+    })
+
+    const proxy = ApiProxy.create({
+      services: [
+        openai({
+          apiKey: 'sk-test',
+          baseUrl: upstreamServer.url,
+          routes: {
+            'POST /v1/chat/completions': true,
+          },
+        }),
+      ],
+    })
+    proxyServer = await Http.createServer(proxy.listener)
+
+    const res = await fetch(`${proxyServer.url}/openai/v1/chat/completions`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'OpenAI-Organization': 'org_attacker',
+        'OpenAI-Project': 'proj_attacker',
+      },
+      body: '{}',
+    })
+    expect(res.status).toBe(200)
+
+    const body = (await res.json()) as {
+      headers: {
+        authorization: string
+        organization?: string | string[] | undefined
+        project?: string | string[] | undefined
+      }
+    }
+    expect(body.headers.authorization).toBe('Bearer sk-test')
+    expect(body.headers.organization).toBeUndefined()
+    expect(body.headers.project).toBeUndefined()
+  })
+})
 
 describe.skipIf(!apiKey)('openai', () => {
   test('behavior: proxies GET /v1/models with charge', async () => {

package/src/proxy/services/openai.ts

@@ -29,6 +29,8 @@ export function openai(config: openai.Config) {
     },
     rewriteRequest(request, ctx) {
       const apiKey = ctx.apiKey ?? config.apiKey
+      request.headers.delete('OpenAI-Organization')
+      request.headers.delete('OpenAI-Project')
       request.headers.set('Authorization', `Bearer ${apiKey}`)
       return request
     },

package/src/server/Methods.ts

@@ -1,2 +1,3 @@
+export { evm } from '../evm/server/index.js'
 export { stripe } from '../stripe/server/index.js'
 export { tempo } from '../tempo/server/index.js'

package/src/server/Mppx.test.ts

@@ -6,7 +6,9 @@ import {
   session as tempo_session_client,
   tempo as tempo_client,
 } from 'mppx/client'
-import { Mppx, stripe, Store, Transport, tempo } from 'mppx/server'
+import { Types as evm_Types } from 'mppx/evm'
+import { evm, Mppx, stripe, Store, Transport, tempo } from 'mppx/server'
+import { Header as x402_Header, Types as x402_Types, type PaymentPayload } from 'mppx/x402'
 import { getTransactionReceipt } from 'viem/actions'
 import { describe, expect, test } from 'vp/test'
 import * as Http from '~test/Http.js'
@@ -14,6 +16,7 @@ import { deployEscrow } from '~test/tempo/session.js'
 import { accounts, asset, client } from '~test/tempo/viem.js'
 
 import type { SessionReceipt } from '../tempo/session/Types.js'
+import * as x402_RouteBinding from '../x402/internal/RouteBinding.js'
 
 const realm = 'api.example.com'
 const secretKey = 'test-secret-key'
@@ -1855,6 +1858,29 @@ describe('compose', () => {
     },
   })
 
+  const x402Method = evm.charge({
+    currency: evm.assets.baseSepolia.USDC,
+    recipient: accounts[0].address,
+    x402: {
+      facilitator: {
+        async verify(paymentPayload: PaymentPayload) {
+          return {
+            isValid: true,
+            payer: payerOf(paymentPayload),
+          }
+        },
+        async settle(paymentPayload: PaymentPayload) {
+          return {
+            network: paymentPayload.accepted.network,
+            payer: payerOf(paymentPayload),
+            success: true,
+            transaction: `0x${'3'.repeat(64)}`,
+          }
+        },
+      },
+    },
+  })
+
   const challengeOpts = {
     amount: '1000',
     currency: '0x0000000000000000000000000000000000000001',
@@ -1879,6 +1905,142 @@ describe('compose', () => {
     expect(wwwAuth).toContain('method="beta"')
   })
 
+  test('returns composed x402 challenge headers when no credential', async () => {
+    const mppx = Mppx.create({ methods: [x402Method], realm, secretKey })
+
+    const result = await mppx.compose(['evm/charge', { amount: '0.01' }])(
+      new Request('https://example.com/resource'),
+    )
+
+    expect(result.status).toBe(402)
+    if (result.status !== 402) throw new Error()
+
+    expect(result.challenge.headers.get('WWW-Authenticate')).toContain('method="evm"')
+    const header = result.challenge.headers.get(x402_Types.paymentRequiredHeader)
+    expect(header).toBeTruthy()
+    expect(result.challenge.headers.get('Content-Type')).toContain('application/problem+json')
+    expect(await result.challenge.json()).toMatchObject({ status: 402 })
+
+    const paymentRequired = x402_Header.decodePaymentRequired(header!)
+    expect(paymentRequired.accepts).toHaveLength(1)
+    expect(paymentRequired.accepts[0]).toMatchObject({
+      amount: '10000',
+      scheme: x402_Types.schemes[0],
+    })
+    expect(paymentRequired.resource.url).toBe('https://example.com/resource')
+  })
+
+  test('merges Payment auth and x402 challenge headers in compose()', async () => {
+    const mppx = Mppx.create({ methods: [alphaMethod, x402Method], realm, secretKey })
+
+    const result = await mppx.compose(
+      [alphaMethod, challengeOpts],
+      ['evm/charge', { amount: '0.01' }],
+    )(new Request('https://example.com/resource'))
+
+    expect(result.status).toBe(402)
+    if (result.status !== 402) throw new Error()
+
+    const wwwAuth = result.challenge.headers.get('WWW-Authenticate')
+    expect(wwwAuth).toContain('method="alpha"')
+
+    const header = result.challenge.headers.get(x402_Types.paymentRequiredHeader)
+    expect(header).toBeTruthy()
+    const paymentRequired = x402_Header.decodePaymentRequired(header!)
+    expect(paymentRequired.accepts.map((accepted) => accepted.amount)).toEqual(['10000'])
+  })
+
+  test('keeps pure x402 challenge headers when Payment auth challenges are present', async () => {
+    const mppx = Mppx.create({ methods: [alphaMethod], realm, secretKey })
+    const pureX402 = async () =>
+      ({
+        status: 402,
+        challenge: new Response('{}', {
+          status: 402,
+          headers: {
+            [x402_Types.paymentRequiredHeader]: x402_Header.encodePaymentRequired({
+              accepts: [
+                {
+                  amount: '10000',
+                  asset: evm.assets.baseSepolia.USDC.address,
+                  extra: {
+                    assetTransferMethod: evm_Types.eip3009,
+                    name: 'USDC',
+                    version: '2',
+                  },
+                  maxTimeoutSeconds: 300,
+                  network: 'eip155:84532',
+                  payTo: accounts[0].address,
+                  scheme: 'exact',
+                },
+              ],
+              resource: { url: 'https://example.com/resource' },
+              x402Version: 2,
+            }),
+          },
+        }),
+      }) as const
+
+    const alpha = (mppx as unknown as Record<string, (options: unknown) => any>)['alpha/charge']!(
+      challengeOpts,
+    )
+
+    const result = await Mppx.compose(alpha, pureX402)(new Request('https://example.com/resource'))
+
+    expect(result.status).toBe(402)
+    if (result.status !== 402) throw new Error()
+
+    expect(result.challenge.headers.get('WWW-Authenticate')).toContain('method="alpha"')
+    expect(result.challenge.headers.get(x402_Types.paymentRequiredHeader)).toBeTruthy()
+  })
+
+  test('merges multiple x402 exact offers in compose()', async () => {
+    const mppx = Mppx.create({ methods: [x402Method], realm, secretKey })
+
+    const result = await mppx.compose(
+      ['evm/charge', { amount: '0.01' }],
+      ['evm/charge', { amount: '0.02' }],
+    )(new Request('https://example.com/resource'))
+
+    expect(result.status).toBe(402)
+    if (result.status !== 402) throw new Error()
+
+    const header = result.challenge.headers.get(x402_Types.paymentRequiredHeader)
+    expect(header).toBeTruthy()
+    const paymentRequired = x402_Header.decodePaymentRequired(header!)
+    expect(paymentRequired.accepts.map((accepted) => accepted.amount)).toEqual(['10000', '20000'])
+  })
+
+  test('dispatches x402 credentials through compose()', async () => {
+    const mppx = Mppx.create({ methods: [alphaMethod, x402Method], realm, secretKey })
+    const handle = mppx.compose([alphaMethod, challengeOpts], ['evm/charge', { amount: '0.01' }])
+
+    const firstResult = await handle(new Request('https://example.com/resource'))
+    expect(firstResult.status).toBe(402)
+    if (firstResult.status !== 402) throw new Error()
+
+    const paymentRequired = x402_Header.decodePaymentRequired(
+      firstResult.challenge.headers.get(x402_Types.paymentRequiredHeader)!,
+    )
+    const credential = await x402PaymentSignature(
+      paymentRequired.accepts[0]!,
+      paymentRequired.resource,
+      paymentRequired.extensions,
+    )
+
+    const result = await handle(
+      new Request('https://example.com/resource', {
+        headers: { [x402_Types.paymentSignatureHeader]: credential },
+      }),
+    )
+
+    expect(result.status).toBe(200)
+    if (result.status !== 200) throw new Error()
+    const response = result.withReceipt(new Response('paid'))
+    expect(response.headers.get(x402_Types.paymentResponseHeader)).toBeTruthy()
+    expect(await response.text()).toBe('paid')
+  })
+
   test('filters compose challenges using Accept-Payment', async () => {
     const mppx = Mppx.create({ methods: [alphaMethod, betaMethod], realm, secretKey })
 
@@ -1899,6 +2061,27 @@ describe('compose', () => {
     expect(challenges[0]?.method).toBe('beta')
   })
 
+  test('filters compose x402 challenge headers using Accept-Payment', async () => {
+    const mppx = Mppx.create({ methods: [alphaMethod, x402Method], realm, secretKey })
+
+    const result = await mppx.compose(
+      [alphaMethod, challengeOpts],
+      ['evm/charge', { amount: '0.01' }],
+    )(
+      new Request('https://example.com/resource', {
+        headers: { 'Accept-Payment': 'alpha/charge' },
+      }),
+    )
+
+    expect(result.status).toBe(402)
+    if (result.status !== 402) throw new Error()
+
+    const challenges = Challenge.fromResponseList(result.challenge)
+    expect(challenges).toHaveLength(1)
+    expect(challenges[0]?.method).toBe('alpha')
+    expect(result.challenge.headers.get(x402_Types.paymentRequiredHeader)).toBeNull()
+  })
+
   test('orders compose challenges by Accept-Payment q-value', async () => {
     const mppx = Mppx.create({ methods: [alphaMethod, betaMethod], realm, secretKey })
 
@@ -2522,6 +2705,66 @@ describe('compose', () => {
   })
 })
 
+async function x402PaymentSignature(
+  accepted: x402_Types.PaymentRequirements,
+  resource: x402_Types.ResourceInfo,
+  extensions: x402_Types.Extensions | undefined,
+): Promise<string> {
+  const authorization = {
+    from: accounts[0].address,
+    nonce: x402_RouteBinding.nonce({
+      accepted,
+      extensions: extensions!,
+      resource,
+    }),
+    to: accepted.payTo as `0x${string}`,
+    validAfter: '0',
+    validBefore: '9999999999',
+    value: accepted.amount,
+  }
+  const signature = await accounts[0].signTypedData({
+    domain: {
+      chainId: Number(accepted.network.slice(x402_Types.evmNetworkPrefix.length)),
+      name: accepted.extra?.name as string,
+      verifyingContract: accepted.asset as `0x${string}`,
+      version: accepted.extra?.version as string,
+    },
+    message: {
+      ...authorization,
+      validAfter: BigInt(authorization.validAfter),
+      validBefore: BigInt(authorization.validBefore),
+      value: BigInt(authorization.value),
+    },
+    primaryType: 'TransferWithAuthorization',
+    types: {
+      TransferWithAuthorization: [
+        { name: 'from', type: 'address' },
+        { name: 'to', type: 'address' },
+        { name: 'value', type: 'uint256' },
+        { name: 'validAfter', type: 'uint256' },
+        { name: 'validBefore', type: 'uint256' },
+        { name: 'nonce', type: 'bytes32' },
+      ],
+    },
+  })
+
+  return x402_Header.encodePaymentSignature({
+    accepted,
+    ...(extensions ? { extensions } : {}),
+    payload: {
+      authorization,
+      signature,
+    },
+    resource,
+    x402Version: 2,
+  })
+}
+
+function payerOf(paymentPayload: PaymentPayload): string {
+  if ('authorization' in paymentPayload.payload) return paymentPayload.payload.authorization.from
+  return paymentPayload.payload.permit2Authorization.from
+}
+
 describe('compose: pre-dispatch narrowing edge cases', () => {
   const mockCharge = Method.from({
     name: 'alpha',