npm - mppx - Versions diffs - 0.6.28 → 0.6.30 - Mend

mppx 0.6.28 → 0.6.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/CHANGELOG.md +23 -0
package/dist/Challenge.d.ts.map +1 -1
package/dist/Challenge.js +16 -10
package/dist/Challenge.js.map +1 -1
package/dist/Method.d.ts +1 -1
package/dist/Method.d.ts.map +1 -1
package/dist/client/Methods.d.ts +1 -0
package/dist/client/Methods.d.ts.map +1 -1
package/dist/client/Methods.js +1 -0
package/dist/client/Methods.js.map +1 -1
package/dist/client/Mppx.d.ts +3 -3
package/dist/client/Mppx.d.ts.map +1 -1
package/dist/client/Mppx.js +1 -0
package/dist/client/Mppx.js.map +1 -1
package/dist/client/Transport.d.ts +10 -3
package/dist/client/Transport.d.ts.map +1 -1
package/dist/client/Transport.js +60 -7
package/dist/client/Transport.js.map +1 -1
package/dist/client/index.d.ts +1 -1
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +1 -1
package/dist/client/index.js.map +1 -1
package/dist/client/internal/Fetch.d.ts +3 -0
package/dist/client/internal/Fetch.d.ts.map +1 -1
package/dist/client/internal/Fetch.js +12 -20
package/dist/client/internal/Fetch.js.map +1 -1
package/dist/evm/Assets.d.ts +2 -0
package/dist/evm/Assets.d.ts.map +1 -0
package/dist/evm/Assets.js +2 -0
package/dist/evm/Assets.js.map +1 -0
package/dist/evm/Chains.d.ts +5 -0
package/dist/evm/Chains.d.ts.map +1 -0
package/dist/evm/Chains.js +5 -0
package/dist/evm/Chains.js.map +1 -0
package/dist/evm/Methods.d.ts +68 -0
package/dist/evm/Methods.d.ts.map +1 -0
package/dist/evm/Methods.js +28 -0
package/dist/evm/Methods.js.map +1 -0
package/dist/evm/Types.d.ts +143 -0
package/dist/evm/Types.d.ts.map +1 -0
package/dist/evm/Types.js +102 -0
package/dist/evm/Types.js.map +1 -0
package/dist/evm/client/Charge.d.ts +102 -0
package/dist/evm/client/Charge.d.ts.map +1 -0
package/dist/evm/client/Charge.js +141 -0
package/dist/evm/client/Charge.js.map +1 -0
package/dist/evm/client/Methods.d.ts +81 -0
package/dist/evm/client/Methods.d.ts.map +1 -0
package/dist/evm/client/Methods.js +16 -0
package/dist/evm/client/Methods.js.map +1 -0
package/dist/evm/client/index.d.ts +6 -0
package/dist/evm/client/index.d.ts.map +1 -0
package/dist/evm/client/index.js +6 -0
package/dist/evm/client/index.js.map +1 -0
package/dist/evm/index.d.ts +10 -0
package/dist/evm/index.d.ts.map +1 -0
package/dist/evm/index.js +9 -0
package/dist/evm/index.js.map +1 -0
package/dist/evm/server/Charge.d.ts +62 -0
package/dist/evm/server/Charge.d.ts.map +1 -0
package/dist/evm/server/Charge.js +172 -0
package/dist/evm/server/Charge.js.map +1 -0
package/dist/evm/server/Methods.d.ts +80 -0
package/dist/evm/server/Methods.d.ts.map +1 -0
package/dist/evm/server/Methods.js +16 -0
package/dist/evm/server/Methods.js.map +1 -0
package/dist/evm/server/index.d.ts +6 -0
package/dist/evm/server/index.d.ts.map +1 -0
package/dist/evm/server/index.js +6 -0
package/dist/evm/server/index.js.map +1 -0
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +2 -0
package/dist/index.js.map +1 -1
package/dist/internal/HeaderCodec.d.ts +18 -0
package/dist/internal/HeaderCodec.d.ts.map +1 -0
package/dist/internal/HeaderCodec.js +31 -0
package/dist/internal/HeaderCodec.js.map +1 -0
package/dist/middlewares/elysia.d.ts.map +1 -1
package/dist/middlewares/elysia.js +2 -3
package/dist/middlewares/elysia.js.map +1 -1
package/dist/middlewares/express.js +2 -1
package/dist/middlewares/express.js.map +1 -1
package/dist/proxy/internal/Headers.d.ts.map +1 -1
package/dist/proxy/internal/Headers.js +11 -1
package/dist/proxy/internal/Headers.js.map +1 -1
package/dist/proxy/services/openai.d.ts.map +1 -1
package/dist/proxy/services/openai.js +2 -0
package/dist/proxy/services/openai.js.map +1 -1
package/dist/server/Methods.d.ts +1 -0
package/dist/server/Methods.d.ts.map +1 -1
package/dist/server/Methods.js +1 -0
package/dist/server/Methods.js.map +1 -1
package/dist/server/Mppx.d.ts.map +1 -1
package/dist/server/Mppx.js +90 -12
package/dist/server/Mppx.js.map +1 -1
package/dist/server/Transport.d.ts +10 -0
package/dist/server/Transport.d.ts.map +1 -1
package/dist/server/Transport.js +9 -0
package/dist/server/Transport.js.map +1 -1
package/dist/server/index.d.ts +1 -1
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +1 -1
package/dist/server/index.js.map +1 -1
package/dist/stripe/server/internal/html.gen.d.ts +1 -1
package/dist/stripe/server/internal/html.gen.d.ts.map +1 -1
package/dist/stripe/server/internal/html.gen.js +1 -1
package/dist/stripe/server/internal/html.gen.js.map +1 -1
package/dist/tempo/client/ChannelOps.d.ts +3 -3
package/dist/tempo/client/ChannelOps.d.ts.map +1 -1
package/dist/tempo/client/ChannelOps.js +13 -6
package/dist/tempo/client/ChannelOps.js.map +1 -1
package/dist/tempo/client/Charge.d.ts.map +1 -1
package/dist/tempo/client/Charge.js +8 -5
package/dist/tempo/client/Charge.js.map +1 -1
package/dist/tempo/client/Methods.d.ts +0 -1
package/dist/tempo/client/Methods.d.ts.map +1 -1
package/dist/tempo/client/Session.d.ts +2 -4
package/dist/tempo/client/Session.d.ts.map +1 -1
package/dist/tempo/client/Session.js +10 -12
package/dist/tempo/client/Session.js.map +1 -1
package/dist/tempo/client/SessionManager.d.ts +3 -3
package/dist/tempo/client/SessionManager.d.ts.map +1 -1
package/dist/tempo/client/SessionManager.js +1 -1
package/dist/tempo/client/SessionManager.js.map +1 -1
package/dist/tempo/internal/account.d.ts +5 -0
package/dist/tempo/internal/account.d.ts.map +1 -1
package/dist/tempo/internal/account.js +8 -0
package/dist/tempo/internal/account.js.map +1 -1
package/dist/tempo/internal/fee-payer.d.ts.map +1 -1
package/dist/tempo/internal/fee-payer.js +5 -2
package/dist/tempo/internal/fee-payer.js.map +1 -1
package/dist/tempo/server/Charge.d.ts.map +1 -1
package/dist/tempo/server/Charge.js +23 -1
package/dist/tempo/server/Charge.js.map +1 -1
package/dist/tempo/server/Session.d.ts.map +1 -1
package/dist/tempo/server/Session.js +13 -12
package/dist/tempo/server/Session.js.map +1 -1
package/dist/tempo/server/internal/html.gen.d.ts +1 -1
package/dist/tempo/server/internal/html.gen.d.ts.map +1 -1
package/dist/tempo/server/internal/html.gen.js +1 -1
package/dist/tempo/server/internal/html.gen.js.map +1 -1
package/dist/tempo/session/Chain.d.ts +2 -0
package/dist/tempo/session/Chain.d.ts.map +1 -1
package/dist/tempo/session/Chain.js +8 -8
package/dist/tempo/session/Chain.js.map +1 -1
package/dist/tempo/session/Voucher.d.ts +4 -3
package/dist/tempo/session/Voucher.d.ts.map +1 -1
package/dist/tempo/session/Voucher.js +71 -44
package/dist/tempo/session/Voucher.js.map +1 -1
package/dist/tempo/session/Ws.d.ts.map +1 -1
package/dist/tempo/session/Ws.js +15 -0
package/dist/tempo/session/Ws.js.map +1 -1
package/dist/tempo/subscription/KeyAuthorization.d.ts +2 -2
package/dist/x402/Assets.d.ts +29 -0
package/dist/x402/Assets.d.ts.map +1 -0
package/dist/x402/Assets.js +46 -0
package/dist/x402/Assets.js.map +1 -0
package/dist/x402/Header.d.ts +14 -0
package/dist/x402/Header.d.ts.map +1 -0
package/dist/x402/Header.js +18 -0
package/dist/x402/Header.js.map +1 -0
package/dist/x402/Types.d.ts +289 -0
package/dist/x402/Types.d.ts.map +1 -0
package/dist/x402/Types.js +139 -0
package/dist/x402/Types.js.map +1 -0
package/dist/x402/client/Exact.d.ts +38 -0
package/dist/x402/client/Exact.d.ts.map +1 -0
package/dist/x402/client/Exact.js +141 -0
package/dist/x402/client/Exact.js.map +1 -0
package/dist/x402/index.d.ts +6 -0
package/dist/x402/index.d.ts.map +1 -0
package/dist/x402/index.js +6 -0
package/dist/x402/index.js.map +1 -0
package/dist/x402/internal/ChallengeBrand.d.ts +5 -0
package/dist/x402/internal/ChallengeBrand.d.ts.map +1 -0
package/dist/x402/internal/ChallengeBrand.js +13 -0
package/dist/x402/internal/ChallengeBrand.js.map +1 -0
package/dist/x402/internal/RouteBinding.d.ts +8 -0
package/dist/x402/internal/RouteBinding.d.ts.map +1 -0
package/dist/x402/internal/RouteBinding.js +12 -0
package/dist/x402/internal/RouteBinding.js.map +1 -0
package/dist/x402/server/EvmCharge.d.ts +50 -0
package/dist/x402/server/EvmCharge.d.ts.map +1 -0
package/dist/x402/server/EvmCharge.js +301 -0
package/dist/x402/server/EvmCharge.js.map +1 -0
package/dist/x402/server/Facilitator.d.ts +12 -0
package/dist/x402/server/Facilitator.d.ts.map +1 -0
package/dist/x402/server/Facilitator.js +42 -0
package/dist/x402/server/Facilitator.js.map +1 -0
package/package.json +41 -21
package/src/Challenge.test.ts +54 -0
package/src/Challenge.ts +17 -10
package/src/Method.ts +1 -1
package/src/client/Methods.ts +1 -0
package/src/client/Mppx.ts +4 -3
package/src/client/Transport.test.ts +165 -30
package/src/client/Transport.ts +76 -8
package/src/client/index.ts +1 -1
package/src/client/internal/Fetch.test.ts +31 -2
package/src/client/internal/Fetch.ts +26 -19
package/src/evm/Assets.ts +1 -0
package/src/evm/Chains.ts +5 -0
package/src/evm/Methods.ts +44 -0
package/src/evm/PublicInterface.test-d.ts +114 -0
package/src/evm/Types.ts +140 -0
package/src/evm/client/Charge.test.ts +99 -0
package/src/evm/client/Charge.ts +198 -0
package/src/evm/client/Methods.ts +19 -0
package/src/evm/client/index.ts +5 -0
package/src/evm/index.ts +14 -0
package/src/evm/server/Charge.test.ts +199 -0
package/src/evm/server/Charge.ts +283 -0
package/src/evm/server/Methods.ts +22 -0
package/src/evm/server/index.ts +5 -0
package/src/index.ts +2 -0
package/src/internal/HeaderCodec.ts +36 -0
package/src/middlewares/elysia.test.ts +25 -0
package/src/middlewares/elysia.ts +1 -2
package/src/middlewares/express.test.ts +28 -0
package/src/middlewares/express.ts +1 -1
package/src/middlewares/hono.test.ts +138 -2
package/src/middlewares/nextjs.test.ts +22 -0
package/src/proxy/internal/Headers.test.ts +20 -0
package/src/proxy/internal/Headers.ts +12 -1
package/src/proxy/services/openai.test.ts +57 -1
package/src/proxy/services/openai.ts +2 -0
package/src/server/Methods.ts +1 -0
package/src/server/Mppx.test.ts +244 -1
package/src/server/Mppx.ts +124 -11
package/src/server/NodeListener.test.ts +28 -1
package/src/server/Transport.test.ts +19 -0
package/src/server/Transport.ts +20 -0
package/src/server/index.ts +1 -1
package/src/stripe/server/internal/html.gen.ts +1 -1
package/src/tempo/AccessKeyAuthorization.test.ts +231 -0
package/src/tempo/client/ChannelOps.test.ts +61 -7
package/src/tempo/client/ChannelOps.ts +18 -7
package/src/tempo/client/Charge.test.ts +126 -0
package/src/tempo/client/Charge.ts +10 -6
package/src/tempo/client/Session.test.ts +130 -1
package/src/tempo/client/Session.ts +12 -19
package/src/tempo/client/SessionManager.test.ts +69 -2
package/src/tempo/client/SessionManager.ts +4 -4
package/src/tempo/internal/account.ts +13 -0
package/src/tempo/internal/fee-payer.test.ts +32 -2
package/src/tempo/internal/fee-payer.ts +6 -2
package/src/tempo/server/Charge.test.ts +69 -0
package/src/tempo/server/Charge.ts +32 -0
package/src/tempo/server/Session.test.ts +30 -0
package/src/tempo/server/Session.ts +15 -16
package/src/tempo/server/internal/html.gen.ts +1 -1
package/src/tempo/session/Chain.test.ts +4 -4
package/src/tempo/session/Chain.ts +10 -6
package/src/tempo/session/Voucher.test.ts +230 -1
package/src/tempo/session/Voucher.ts +96 -48
package/src/tempo/session/Ws.test.ts +71 -0
package/src/tempo/session/Ws.ts +13 -0
package/src/x402/Assets.ts +65 -0
package/src/x402/Exact.e2e.test.ts +448 -0
package/src/x402/Header.test.ts +73 -0
package/src/x402/Header.ts +34 -0
package/src/x402/PublicInterface.test-d.ts +39 -0
package/src/x402/Types.ts +248 -0
package/src/x402/client/Exact.test.ts +180 -0
package/src/x402/client/Exact.ts +198 -0
package/src/x402/index.ts +5 -0
package/src/x402/internal/ChallengeBrand.ts +14 -0
package/src/x402/internal/RouteBinding.ts +18 -0
package/src/x402/server/EvmCharge.ts +394 -0
package/src/x402/server/Facilitator.test.ts +111 -0
package/src/x402/server/Facilitator.ts +56 -0

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "mppx",
   "type": "module",
-  "version": "0.6.28",
+  "version": "0.6.30",
   "main": "./dist/index.js",
   "license": "MIT",
   "files": [
@@ -11,93 +11,113 @@
   ],
   "exports": {
     ".": {
-      "types": "./dist/index.d.ts",
       "src": "./src/index.ts",
+      "types": "./dist/index.d.ts",
       "default": "./dist/index.js"
     },
     "./cli": {
-      "types": "./dist/cli/config.d.ts",
       "src": "./src/cli/config.ts",
+      "types": "./dist/cli/config.d.ts",
       "default": "./dist/cli/config.js"
     },
     "./cli/plugins": {
-      "types": "./dist/cli/plugins/index.d.ts",
       "src": "./src/cli/plugins/index.ts",
+      "types": "./dist/cli/plugins/index.d.ts",
       "default": "./dist/cli/plugins/index.js"
     },
     "./client": {
-      "types": "./dist/client/index.d.ts",
       "src": "./src/client/index.ts",
+      "types": "./dist/client/index.d.ts",
       "default": "./dist/client/index.js"
     },
     "./discovery": {
-      "types": "./dist/discovery/index.d.ts",
       "src": "./src/discovery/index.ts",
+      "types": "./dist/discovery/index.d.ts",
       "default": "./dist/discovery/index.js"
     },
+    "./evm": {
+      "src": "./src/evm/index.ts",
+      "types": "./dist/evm/index.d.ts",
+      "default": "./dist/evm/index.js"
+    },
+    "./evm/client": {
+      "src": "./src/evm/client/index.ts",
+      "types": "./dist/evm/client/index.d.ts",
+      "default": "./dist/evm/client/index.js"
+    },
+    "./evm/server": {
+      "src": "./src/evm/server/index.ts",
+      "types": "./dist/evm/server/index.d.ts",
+      "default": "./dist/evm/server/index.js"
+    },
     "./mcp-sdk/client": {
-      "types": "./dist/mcp-sdk/client/index.d.ts",
       "src": "./src/mcp-sdk/client/index.ts",
+      "types": "./dist/mcp-sdk/client/index.d.ts",
       "default": "./dist/mcp-sdk/client/index.js"
     },
     "./mcp-sdk/server": {
-      "types": "./dist/mcp-sdk/server/index.d.ts",
       "src": "./src/mcp-sdk/server/index.ts",
+      "types": "./dist/mcp-sdk/server/index.d.ts",
       "default": "./dist/mcp-sdk/server/index.js"
     },
     "./proxy": {
-      "types": "./dist/proxy/index.d.ts",
       "src": "./src/proxy/index.ts",
+      "types": "./dist/proxy/index.d.ts",
       "default": "./dist/proxy/index.js"
     },
     "./server": {
-      "types": "./dist/server/index.d.ts",
       "src": "./src/server/index.ts",
+      "types": "./dist/server/index.d.ts",
       "default": "./dist/server/index.js"
     },
     "./stripe": {
-      "types": "./dist/stripe/index.d.ts",
       "src": "./src/stripe/index.ts",
+      "types": "./dist/stripe/index.d.ts",
       "default": "./dist/stripe/index.js"
     },
     "./stripe/client": {
-      "types": "./dist/stripe/client/index.d.ts",
       "src": "./src/stripe/client/index.ts",
+      "types": "./dist/stripe/client/index.d.ts",
       "default": "./dist/stripe/client/index.js"
     },
     "./stripe/server": {
-      "types": "./dist/stripe/server/index.d.ts",
       "src": "./src/stripe/server/index.ts",
+      "types": "./dist/stripe/server/index.d.ts",
       "default": "./dist/stripe/server/index.js"
     },
+    "./x402": {
+      "src": "./src/x402/index.ts",
+      "types": "./dist/x402/index.d.ts",
+      "default": "./dist/x402/index.js"
+    },
     "./tempo": {
-      "types": "./dist/tempo/index.d.ts",
       "src": "./src/tempo/index.ts",
+      "types": "./dist/tempo/index.d.ts",
       "default": "./dist/tempo/index.js"
     },
     "./html": {
-      "types": "./dist/Html.d.ts",
       "src": "./src/Html.ts",
+      "types": "./dist/Html.d.ts",
       "default": "./dist/Html.js"
     },
     "./hono": {
-      "types": "./dist/middlewares/hono.d.ts",
       "src": "./src/middlewares/hono.ts",
+      "types": "./dist/middlewares/hono.d.ts",
       "default": "./dist/middlewares/hono.js"
     },
     "./express": {
-      "types": "./dist/middlewares/express.d.ts",
       "src": "./src/middlewares/express.ts",
+      "types": "./dist/middlewares/express.d.ts",
       "default": "./dist/middlewares/express.js"
     },
     "./nextjs": {
-      "types": "./dist/middlewares/nextjs.d.ts",
       "src": "./src/middlewares/nextjs.ts",
+      "types": "./dist/middlewares/nextjs.d.ts",
       "default": "./dist/middlewares/nextjs.js"
     },
     "./elysia": {
-      "types": "./dist/middlewares/elysia.d.ts",
       "src": "./src/middlewares/elysia.ts",
+      "types": "./dist/middlewares/elysia.d.ts",
       "default": "./dist/middlewares/elysia.js"
     }
   },
@@ -106,7 +126,7 @@
     "elysia": ">=1",
     "express": ">=5",
     "hono": ">=4.12.18",
-    "viem": ">=2.50.4"
+    "viem": ">=2.51.0"
   },
   "peerDependenciesMeta": {
     "@modelcontextprotocol/sdk": {
@@ -124,7 +144,7 @@
   },
   "dependencies": {
     "incur": "^0.4.5",
-    "ox": "0.14.22",
+    "ox": "0.14.24",
     "zod": "^4.4.3"
   },
   "repository": {

package/src/Challenge.test.ts CHANGED Viewed

@@ -453,6 +453,60 @@ describe('serialize', () => {
     expect(header).toContain('digest="sha-256=abc"')
     expect(header).toContain('expires="2025-01-06T12:00:00Z"')
   })
+  test.each([
+    {
+      description: 'Plain payment description',
+      escaped: 'Plain payment description',
+      label: 'plain values',
+    },
+    {
+      description: 'Pay "premium"',
+      escaped: 'Pay \\"premium\\"',
+      label: 'double quotes',
+    },
+    {
+      description: 'Path C:\\tempo\\api',
+      escaped: 'Path C:\\\\tempo\\\\api',
+      label: 'backslashes',
+    },
+    {
+      description: 'Pay "premium" path C:\\tempo\\api',
+      escaped: 'Pay \\"premium\\" path C:\\\\tempo\\\\api',
+      label: 'mixed quotes and backslashes',
+    },
+    {
+      description: 'Ends with slash \\',
+      escaped: 'Ends with slash \\\\',
+      label: 'trailing backslash',
+    },
+  ])('behavior: escapes quoted-string values: $label', ({ description, escaped }) => {
+    const challenge = Challenge.from({
+      id: 'abc123',
+      realm: 'api.example.com',
+      method: 'tempo',
+      intent: 'charge',
+      request: { amount: '1000000' },
+      description,
+    })
+    const header = Challenge.serialize(challenge)
+    expect(header).toContain(`description="${escaped}"`)
+    expect(Challenge.deserialize(header).description).toBe(description)
+  })
+  test('error: rejects CRLF in quoted-string values', () => {
+    const challenge = Challenge.from({
+      id: 'abc123',
+      realm: 'api.example.com',
+      method: 'tempo',
+      intent: 'charge',
+      request: { amount: '1000000' },
+      description: 'Line one\r\nLine two',
+    })
+    expect(() => Challenge.serialize(challenge)).toThrow('Invalid quoted-string value.')
+  })
 })
 describe('deserialize', () => {

package/src/Challenge.ts CHANGED Viewed

@@ -294,23 +294,30 @@ export declare namespace fromMethod {
  */
 export function serialize(challenge: Challenge): string {
   const parts = [
-    `id="${challenge.id}"`,
-    `realm="${challenge.realm}"`,
-    `method="${challenge.method}"`,
-    `intent="${challenge.intent}"`,
-    `request="${PaymentRequest.serialize(challenge.request)}"`,
+    authParam('id', challenge.id),
+    authParam('realm', challenge.realm),
+    authParam('method', challenge.method),
+    authParam('intent', challenge.intent),
+    authParam('request', PaymentRequest.serialize(challenge.request)),
   ]
-  if (challenge.description !== undefined) parts.push(`description="${challenge.description}"`)
-  if (challenge.digest !== undefined) parts.push(`digest="${challenge.digest}"`)
-  if (challenge.expires !== undefined) parts.push(`expires="${challenge.expires}"`)
-  if (challenge.opaque !== undefined) parts.push(`opaque="${challenge.opaque}"`)
+  if (challenge.description !== undefined)
+    parts.push(authParam('description', challenge.description))
+  if (challenge.digest !== undefined) parts.push(authParam('digest', challenge.digest))
+  if (challenge.expires !== undefined) parts.push(authParam('expires', challenge.expires))
+  if (challenge.opaque !== undefined) parts.push(authParam('opaque', challenge.opaque))
   else if (challenge.meta !== undefined)
-    parts.push(`opaque="${PaymentRequest.serialize(challenge.meta)}"`)
+    parts.push(authParam('opaque', PaymentRequest.serialize(challenge.meta)))
   return `Payment ${parts.join(', ')}`
 }
+/** @internal */
+function authParam(name: string, value: string): string {
+  if (/[\r\n]/.test(value)) throw new Error('Invalid quoted-string value.')
+  return `${name}="${value.replace(/\\/g, '\\\\').replace(/"/g, '\\"')}"`
+}
 /**
  * Deserializes a WWW-Authenticate header value to a challenge.
  *

package/src/Method.ts CHANGED Viewed

@@ -334,7 +334,7 @@ export declare namespace toServer {
     request?: RequestFn<method> | undefined
     respond?: RespondFn<method> | undefined
     stableBinding?: StableBindingFn<method> | undefined
-    transport?: transportOverride | undefined
+    transport?: transportOverride | Transport.AnyTransport | undefined
     verify: VerifyFn<method>
   }
 }

package/src/client/Methods.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+export { evm } from '../evm/client/index.js'
 export { stripe } from '../stripe/client/index.js'
 export { subscription } from '../tempo/client/Subscription.js'
 export { tempo } from '../tempo/client/index.js'

package/src/client/Mppx.ts CHANGED Viewed

@@ -7,7 +7,7 @@ import * as Fetch from './internal/Fetch.js'
 import * as Transport from './Transport.js'
 export type Methods = readonly (Method.AnyClient | readonly Method.AnyClient[])[]
-type EventResponseOf<transport extends Transport.Transport> =
+type EventResponseOf<transport extends Transport.AnyTransport> =
   | Response
   | Transport.ResponseOf<transport>
@@ -16,7 +16,7 @@ type EventResponseOf<transport extends Transport.Transport> =
  */
 export type Mppx<
   methods extends Methods = Methods,
-  transport extends Transport.Transport = Transport.Transport,
+  transport extends Transport.AnyTransport = Transport.Transport,
 > = {
   /** Payment-aware fetch function that automatically handles 402 responses. */
   fetch: Fetch.from.Fetch<FlattenMethods<methods>>
@@ -125,6 +125,7 @@ export function create<
     ...(resolvedOnChallenge && { onChallenge: resolvedOnChallenge }),
     ...(orderChallenges && { orderChallenges }),
     methods,
+    transport,
   } satisfies Fetch.from.Config<FlattenMethods<methods>>
   const fetch = Fetch.from<FlattenMethods<methods>>(config_fetch)
@@ -282,7 +283,7 @@ export function restore(): void {
 export declare namespace create {
   type Config<
     methods extends Methods = Methods,
-    transport extends Transport.Transport = Transport.Transport,
+    transport extends Transport.AnyTransport = Transport.Transport,
   > = {
     /** Controls when `Accept-Payment` is injected. */
     acceptPaymentPolicy?: Fetch.from.Config['acceptPaymentPolicy'] | undefined

package/src/client/Transport.test.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { Challenge, Credential, Mcp } from 'mppx'
 import { Transport } from 'mppx/client'
 import { Methods } from 'mppx/tempo'
+import { Header as x402_Header, Types as x402_Types, type PaymentRequired } from 'mppx/x402'
 import { describe, expect, test } from 'vp/test'
 const realm = 'api.example.com'
@@ -23,27 +24,34 @@ const credential = Credential.from({
   payload: { signature: '0xabc123', type: 'transaction' },
 })
+const x402PaymentRequired = {
+  accepts: [
+    {
+      amount: '10000',
+      asset: '0x036CbD53842c5426634e7929541eC2318f3dCF7e',
+      maxTimeoutSeconds: 60,
+      network: 'eip155:84532',
+      payTo: '0x209693Bc6afc0C5328bA36FaF03C514EF312287C',
+      scheme: x402_Types.schemes[0],
+    },
+  ],
+  resource: {
+    url: 'https://api.example.com/x402',
+  },
+  x402Version: 2,
+} satisfies PaymentRequired
 describe('http', () => {
   describe('isPaymentRequired', () => {
-    test('returns true for 402 response', () => {
-      const transport = Transport.http()
-      const response = new Response(null, { status: 402 })
-      expect(transport.isPaymentRequired(response)).toBe(true)
-    })
+    test.each([
+      { expected: true, status: 402 },
+      { expected: false, status: 200 },
+      { expected: false, status: 401 },
+    ])('returns $expected for $status response', ({ expected, status }) => {
+      const response = new Response(null, { status })
-    test('returns false for 200 response', () => {
       const transport = Transport.http()
-      const response = new Response(null, { status: 200 })
-      expect(transport.isPaymentRequired(response)).toBe(false)
-    })
-    test('returns false for other error responses', () => {
-      const transport = Transport.http()
-      const response = new Response(null, { status: 401 })
-      expect(transport.isPaymentRequired(response)).toBe(false)
+      expect(transport.isPaymentRequired(response)).toBe(expected)
     })
   })
@@ -80,32 +88,159 @@ describe('http', () => {
   })
   describe('getChallenges', () => {
-    test('returns all HTTP challenges', () => {
+    test.each([
+      {
+        expectedIds: [challenge.id, 'alternate'],
+        expectedMethods: ['tempo', 'stripe'],
+        headers: () => ({
+          'WWW-Authenticate': `${Challenge.serialize(challenge)}, ${Challenge.serialize({
+            ...challenge,
+            id: 'alternate',
+            method: 'stripe' as const,
+          })}`,
+        }),
+        name: 'Payment auth challenges',
+      },
+      {
+        expectedIds: [`${x402_Types.syntheticChallengeIdPrefix}0`],
+        expectedMethods: [x402_Types.paymentMethod],
+        headers: () => ({
+          'PAYMENT-REQUIRED': x402_Header.encodePaymentRequired(x402PaymentRequired),
+        }),
+        name: 'x402 challenges',
+      },
+      {
+        expectedIds: [
+          `${x402_Types.syntheticChallengeIdPrefix}0`,
+          `${x402_Types.syntheticChallengeIdPrefix}1`,
+        ],
+        expectedMethods: [x402_Types.paymentMethod, x402_Types.paymentMethod],
+        headers: () => ({
+          'PAYMENT-REQUIRED': x402_Header.encodePaymentRequired({
+            ...x402PaymentRequired,
+            accepts: [
+              x402PaymentRequired.accepts[0]!,
+              {
+                ...x402PaymentRequired.accepts[0]!,
+                amount: '20000',
+              },
+            ],
+          }),
+        }),
+        name: 'multiple x402 accepts',
+      },
+      {
+        expectedIds: [challenge.id, `${x402_Types.syntheticChallengeIdPrefix}0`],
+        expectedMethods: ['tempo', x402_Types.paymentMethod],
+        headers: () => ({
+          'PAYMENT-REQUIRED': x402_Header.encodePaymentRequired(x402PaymentRequired),
+          'WWW-Authenticate': Challenge.serialize(challenge),
+        }),
+        name: 'Payment auth and x402 challenges when both are present',
+      },
+    ])('returns $name', ({ expectedIds, expectedMethods, headers }) => {
       const transport = Transport.http()
-      const alternate = { ...challenge, id: 'alternate', method: 'stripe' as const }
       const response = new Response(null, {
         status: 402,
-        headers: {
-          'WWW-Authenticate': `${Challenge.serialize(challenge)}, ${Challenge.serialize(alternate)}`,
-        },
+        headers: headers(),
       })
+      const challenges = transport.getChallenges?.(response) ?? []
-      expect(transport.getChallenges?.(response).map((entry) => entry.id)).toEqual([
-        challenge.id,
-        'alternate',
-      ])
+      expect(challenges.map((entry) => entry.id)).toEqual(expectedIds)
+      expect(challenges.map((entry) => entry.method)).toEqual(expectedMethods)
     })
   })
   describe('setCredential', () => {
-    test('default', () => {
+    test.each([
+      {
+        challenge,
+        credential: Credential.serialize(credential),
+        expectedHeader: 'Authorization',
+        expectedValue: Credential.serialize(credential),
+        name: 'Payment auth credential for Payment auth challenge',
+      },
+      {
+        challenge: Transport.http().getChallenges!(
+          new Response(null, {
+            status: 402,
+            headers: {
+              'PAYMENT-REQUIRED': x402_Header.encodePaymentRequired(x402PaymentRequired),
+            },
+          }),
+        )[0],
+        credential: 'x402-signature',
+        expectedHeader: 'PAYMENT-SIGNATURE',
+        expectedValue: 'x402-signature',
+        name: 'raw x402 credential for x402 challenge',
+      },
+      {
+        challenge,
+        credential: 'custom-credential',
+        expectedHeader: 'Authorization',
+        expectedValue: 'custom-credential',
+        name: 'non-Payment credential for non-x402 challenge',
+      },
+      {
+        challenge: undefined,
+        credential: 'custom-credential',
+        expectedHeader: 'Authorization',
+        expectedValue: 'custom-credential',
+        name: 'credential without selected challenge',
+      },
+    ])('writes $name', ({ challenge, credential, expectedHeader, expectedValue }) => {
       const transport = Transport.http()
-      const serialized = Credential.serialize(credential)
-      const result = transport.setCredential({}, serialized)
+      const result = transport.setCredential({}, credential, { challenge })
+      const headers = result.headers as Headers
+      expect(headers.get(expectedHeader)).toBe(expectedValue)
+    })
+    test('does not treat unbranded Payment-auth challenges as x402', () => {
+      const transport = Transport.http()
+      const untrustedChallenge = Challenge.from({
+        id: `${x402_Types.syntheticChallengeIdPrefix}0`,
+        intent: x402_Types.exactIntent,
+        method: x402_Types.paymentMethod,
+        realm: 'api.example.com',
+        request: x402PaymentRequired.accepts[0]!,
+      })
+      const result = transport.setCredential({}, 'credential', {
+        challenge: untrustedChallenge,
+      })
+      const headers = result.headers as Headers
+      expect(headers.get('Authorization')).toBe('credential')
+      expect(headers.get(x402_Types.paymentSignatureHeader)).toBeNull()
+    })
+    test('removes stale credential headers before setting the retry credential', () => {
+      const transport = Transport.http()
+      const x402Challenge = Transport.http().getChallenges!(
+        new Response(null, {
+          status: 402,
+          headers: {
+            'PAYMENT-REQUIRED': x402_Header.encodePaymentRequired(x402PaymentRequired),
+          },
+        }),
+      )[0]
+      const result = transport.setCredential(
+        {
+          headers: {
+            Authorization: 'Payment stale',
+            [x402_Types.paymentSignatureHeader]: 'stale-x402',
+          },
+        },
+        'fresh-x402',
+        { challenge: x402Challenge },
+      )
       const headers = result.headers as Headers
-      expect(headers.get('Authorization')).toBe(serialized)
+      expect(headers.get('Authorization')).toBeNull()
+      expect(headers.get(x402_Types.paymentSignatureHeader)).toBe('fresh-x402')
     })
     test('preserves existing headers', () => {

package/src/client/Transport.ts CHANGED Viewed

@@ -1,6 +1,19 @@
 import * as Challenge from '../Challenge.js'
 import * as Credential from '../Credential.js'
 import * as Mcp from '../Mcp.js'
+import * as x402_Header from '../x402/Header.js'
+import * as x402_ChallengeBrand from '../x402/internal/ChallengeBrand.js'
+import * as x402_Types from '../x402/Types.js'
+const paymentRequiredStatus = 402
+const paymentAuthChallengeHeader = 'WWW-Authenticate'
+const paymentAuthCredentialHeader = 'Authorization'
+const credentialHeaders = [
+  paymentAuthCredentialHeader,
+  x402_Types.paymentRequiredHeader,
+  x402_Types.paymentResponseHeader,
+  x402_Types.paymentSignatureHeader,
+]
 /**
  * Client-side transport adapter.
@@ -18,10 +31,21 @@ export type Transport<in out request = unknown, in out response = unknown> = {
   /** Extracts the challenge from a payment-required response. */
   getChallenge: (response: response) => Challenge.Challenge
   /** Attaches a credential to a request. */
-  setCredential: (request: request, credential: string) => request
+  setCredential: (
+    request: request,
+    credential: string,
+    options?: setCredential.Options | undefined,
+  ) => request
 }
 export type AnyTransport = Transport<any, any>
+export declare namespace setCredential {
+  type Options = {
+    /** Challenge selected for credential creation. */
+    challenge?: Challenge.Challenge | undefined
+  }
+}
 /** Extracts the response type from a transport. */
 export type ResponseOf<transport extends Transport> =
   transport extends Transport<any, infer response> ? response : never
@@ -55,33 +79,77 @@ export function from<request, response>(
  * HTTP transport for client-side payment handling.
  *
  * - Detects payment required via 402 status
- * - Extracts challenges from `WWW-Authenticate` header
- * - Sends credentials via `Authorization` header
+ * - Extracts Payment auth challenges from `WWW-Authenticate`
+ * - Falls back to x402 exact challenges from `PAYMENT-REQUIRED`
+ * - Sends credentials via `Authorization` or `PAYMENT-SIGNATURE`
  */
 export function http() {
   return from<RequestInit, Response>({
     name: 'http',
     isPaymentRequired(response) {
-      return response.status === 402
+      return response.status === paymentRequiredStatus
     },
     getChallenges(response) {
-      return Challenge.fromResponseList(response)
+      return paymentRequiredChallenges(response)
     },
     getChallenge(response) {
-      return Challenge.fromResponse(response)
+      const challenge = paymentRequiredChallenges(response)[0]
+      if (!challenge) throw new Error('No challenge in response.')
+      return challenge
     },
-    setCredential(request, credential) {
+    setCredential(request, credential, options) {
       const headers = new Headers(request.headers)
-      headers.set('Authorization', credential)
+      for (const header of credentialHeaders) headers.delete(header)
+      if (isX402Challenge(options?.challenge)) {
+        headers.set(x402_Types.paymentSignatureHeader, credential)
+      } else {
+        headers.set(paymentAuthCredentialHeader, credential)
+      }
       return { ...request, headers }
     },
   })
 }
+function paymentRequiredChallenges(response: Response): Challenge.Challenge[] {
+  return [
+    ...(response.headers.has(paymentAuthChallengeHeader)
+      ? Challenge.fromResponseList(response)
+      : []),
+    ...x402Challenges(response),
+  ]
+}
+function x402Challenges(response: Response): Challenge.Challenge[] {
+  const header = response.headers.get(x402_Types.paymentRequiredHeader)
+  if (!header) return []
+  const paymentRequired = x402_Header.decodePaymentRequired(header)
+  if (response.url && paymentRequired.resource.url !== response.url)
+    throw new Error('x402 payment-required resource does not match response URL.')
+  return paymentRequired.accepts.map((accepted, index) =>
+    x402_ChallengeBrand.mark(
+      Challenge.from({
+        id: `${x402_Types.syntheticChallengeIdPrefix}${index}`,
+        intent: x402_Types.exactIntent,
+        method: x402_Types.paymentMethod,
+        realm: new URL(paymentRequired.resource.url).host,
+        request: {
+          ...accepted,
+          ...(paymentRequired.extensions ? { extensions: paymentRequired.extensions } : {}),
+          resource: paymentRequired.resource,
+        },
+      }),
+    ),
+  )
+}
+function isX402Challenge(challenge: Challenge.Challenge | undefined): boolean {
+  return x402_ChallengeBrand.is(challenge)
+}
 /**
  * MCP transport for client-side payment handling.
  *

package/src/client/index.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 export * as Expires from '../Expires.js'
 export * as Fetch from './internal/Fetch.js'
-export { session, stripe, tempo } from './Methods.js'
+export { evm, session, stripe, tempo } from './Methods.js'
 export * as Mppx from './Mppx.js'
 export * as Transport from './Transport.js'