npm - mppx - Versions diffs - 0.6.28 → 0.6.30 - Mend

mppx 0.6.28 → 0.6.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/CHANGELOG.md +23 -0
package/dist/Challenge.d.ts.map +1 -1
package/dist/Challenge.js +16 -10
package/dist/Challenge.js.map +1 -1
package/dist/Method.d.ts +1 -1
package/dist/Method.d.ts.map +1 -1
package/dist/client/Methods.d.ts +1 -0
package/dist/client/Methods.d.ts.map +1 -1
package/dist/client/Methods.js +1 -0
package/dist/client/Methods.js.map +1 -1
package/dist/client/Mppx.d.ts +3 -3
package/dist/client/Mppx.d.ts.map +1 -1
package/dist/client/Mppx.js +1 -0
package/dist/client/Mppx.js.map +1 -1
package/dist/client/Transport.d.ts +10 -3
package/dist/client/Transport.d.ts.map +1 -1
package/dist/client/Transport.js +60 -7
package/dist/client/Transport.js.map +1 -1
package/dist/client/index.d.ts +1 -1
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +1 -1
package/dist/client/index.js.map +1 -1
package/dist/client/internal/Fetch.d.ts +3 -0
package/dist/client/internal/Fetch.d.ts.map +1 -1
package/dist/client/internal/Fetch.js +12 -20
package/dist/client/internal/Fetch.js.map +1 -1
package/dist/evm/Assets.d.ts +2 -0
package/dist/evm/Assets.d.ts.map +1 -0
package/dist/evm/Assets.js +2 -0
package/dist/evm/Assets.js.map +1 -0
package/dist/evm/Chains.d.ts +5 -0
package/dist/evm/Chains.d.ts.map +1 -0
package/dist/evm/Chains.js +5 -0
package/dist/evm/Chains.js.map +1 -0
package/dist/evm/Methods.d.ts +68 -0
package/dist/evm/Methods.d.ts.map +1 -0
package/dist/evm/Methods.js +28 -0
package/dist/evm/Methods.js.map +1 -0
package/dist/evm/Types.d.ts +143 -0
package/dist/evm/Types.d.ts.map +1 -0
package/dist/evm/Types.js +102 -0
package/dist/evm/Types.js.map +1 -0
package/dist/evm/client/Charge.d.ts +102 -0
package/dist/evm/client/Charge.d.ts.map +1 -0
package/dist/evm/client/Charge.js +141 -0
package/dist/evm/client/Charge.js.map +1 -0
package/dist/evm/client/Methods.d.ts +81 -0
package/dist/evm/client/Methods.d.ts.map +1 -0
package/dist/evm/client/Methods.js +16 -0
package/dist/evm/client/Methods.js.map +1 -0
package/dist/evm/client/index.d.ts +6 -0
package/dist/evm/client/index.d.ts.map +1 -0
package/dist/evm/client/index.js +6 -0
package/dist/evm/client/index.js.map +1 -0
package/dist/evm/index.d.ts +10 -0
package/dist/evm/index.d.ts.map +1 -0
package/dist/evm/index.js +9 -0
package/dist/evm/index.js.map +1 -0
package/dist/evm/server/Charge.d.ts +62 -0
package/dist/evm/server/Charge.d.ts.map +1 -0
package/dist/evm/server/Charge.js +172 -0
package/dist/evm/server/Charge.js.map +1 -0
package/dist/evm/server/Methods.d.ts +80 -0
package/dist/evm/server/Methods.d.ts.map +1 -0
package/dist/evm/server/Methods.js +16 -0
package/dist/evm/server/Methods.js.map +1 -0
package/dist/evm/server/index.d.ts +6 -0
package/dist/evm/server/index.d.ts.map +1 -0
package/dist/evm/server/index.js +6 -0
package/dist/evm/server/index.js.map +1 -0
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +2 -0
package/dist/index.js.map +1 -1
package/dist/internal/HeaderCodec.d.ts +18 -0
package/dist/internal/HeaderCodec.d.ts.map +1 -0
package/dist/internal/HeaderCodec.js +31 -0
package/dist/internal/HeaderCodec.js.map +1 -0
package/dist/middlewares/elysia.d.ts.map +1 -1
package/dist/middlewares/elysia.js +2 -3
package/dist/middlewares/elysia.js.map +1 -1
package/dist/middlewares/express.js +2 -1
package/dist/middlewares/express.js.map +1 -1
package/dist/proxy/internal/Headers.d.ts.map +1 -1
package/dist/proxy/internal/Headers.js +11 -1
package/dist/proxy/internal/Headers.js.map +1 -1
package/dist/proxy/services/openai.d.ts.map +1 -1
package/dist/proxy/services/openai.js +2 -0
package/dist/proxy/services/openai.js.map +1 -1
package/dist/server/Methods.d.ts +1 -0
package/dist/server/Methods.d.ts.map +1 -1
package/dist/server/Methods.js +1 -0
package/dist/server/Methods.js.map +1 -1
package/dist/server/Mppx.d.ts.map +1 -1
package/dist/server/Mppx.js +90 -12
package/dist/server/Mppx.js.map +1 -1
package/dist/server/Transport.d.ts +10 -0
package/dist/server/Transport.d.ts.map +1 -1
package/dist/server/Transport.js +9 -0
package/dist/server/Transport.js.map +1 -1
package/dist/server/index.d.ts +1 -1
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +1 -1
package/dist/server/index.js.map +1 -1
package/dist/stripe/server/internal/html.gen.d.ts +1 -1
package/dist/stripe/server/internal/html.gen.d.ts.map +1 -1
package/dist/stripe/server/internal/html.gen.js +1 -1
package/dist/stripe/server/internal/html.gen.js.map +1 -1
package/dist/tempo/client/ChannelOps.d.ts +3 -3
package/dist/tempo/client/ChannelOps.d.ts.map +1 -1
package/dist/tempo/client/ChannelOps.js +13 -6
package/dist/tempo/client/ChannelOps.js.map +1 -1
package/dist/tempo/client/Charge.d.ts.map +1 -1
package/dist/tempo/client/Charge.js +8 -5
package/dist/tempo/client/Charge.js.map +1 -1
package/dist/tempo/client/Methods.d.ts +0 -1
package/dist/tempo/client/Methods.d.ts.map +1 -1
package/dist/tempo/client/Session.d.ts +2 -4
package/dist/tempo/client/Session.d.ts.map +1 -1
package/dist/tempo/client/Session.js +10 -12
package/dist/tempo/client/Session.js.map +1 -1
package/dist/tempo/client/SessionManager.d.ts +3 -3
package/dist/tempo/client/SessionManager.d.ts.map +1 -1
package/dist/tempo/client/SessionManager.js +1 -1
package/dist/tempo/client/SessionManager.js.map +1 -1
package/dist/tempo/internal/account.d.ts +5 -0
package/dist/tempo/internal/account.d.ts.map +1 -1
package/dist/tempo/internal/account.js +8 -0
package/dist/tempo/internal/account.js.map +1 -1
package/dist/tempo/internal/fee-payer.d.ts.map +1 -1
package/dist/tempo/internal/fee-payer.js +5 -2
package/dist/tempo/internal/fee-payer.js.map +1 -1
package/dist/tempo/server/Charge.d.ts.map +1 -1
package/dist/tempo/server/Charge.js +23 -1
package/dist/tempo/server/Charge.js.map +1 -1
package/dist/tempo/server/Session.d.ts.map +1 -1
package/dist/tempo/server/Session.js +13 -12
package/dist/tempo/server/Session.js.map +1 -1
package/dist/tempo/server/internal/html.gen.d.ts +1 -1
package/dist/tempo/server/internal/html.gen.d.ts.map +1 -1
package/dist/tempo/server/internal/html.gen.js +1 -1
package/dist/tempo/server/internal/html.gen.js.map +1 -1
package/dist/tempo/session/Chain.d.ts +2 -0
package/dist/tempo/session/Chain.d.ts.map +1 -1
package/dist/tempo/session/Chain.js +8 -8
package/dist/tempo/session/Chain.js.map +1 -1
package/dist/tempo/session/Voucher.d.ts +4 -3
package/dist/tempo/session/Voucher.d.ts.map +1 -1
package/dist/tempo/session/Voucher.js +71 -44
package/dist/tempo/session/Voucher.js.map +1 -1
package/dist/tempo/session/Ws.d.ts.map +1 -1
package/dist/tempo/session/Ws.js +15 -0
package/dist/tempo/session/Ws.js.map +1 -1
package/dist/tempo/subscription/KeyAuthorization.d.ts +2 -2
package/dist/x402/Assets.d.ts +29 -0
package/dist/x402/Assets.d.ts.map +1 -0
package/dist/x402/Assets.js +46 -0
package/dist/x402/Assets.js.map +1 -0
package/dist/x402/Header.d.ts +14 -0
package/dist/x402/Header.d.ts.map +1 -0
package/dist/x402/Header.js +18 -0
package/dist/x402/Header.js.map +1 -0
package/dist/x402/Types.d.ts +289 -0
package/dist/x402/Types.d.ts.map +1 -0
package/dist/x402/Types.js +139 -0
package/dist/x402/Types.js.map +1 -0
package/dist/x402/client/Exact.d.ts +38 -0
package/dist/x402/client/Exact.d.ts.map +1 -0
package/dist/x402/client/Exact.js +141 -0
package/dist/x402/client/Exact.js.map +1 -0
package/dist/x402/index.d.ts +6 -0
package/dist/x402/index.d.ts.map +1 -0
package/dist/x402/index.js +6 -0
package/dist/x402/index.js.map +1 -0
package/dist/x402/internal/ChallengeBrand.d.ts +5 -0
package/dist/x402/internal/ChallengeBrand.d.ts.map +1 -0
package/dist/x402/internal/ChallengeBrand.js +13 -0
package/dist/x402/internal/ChallengeBrand.js.map +1 -0
package/dist/x402/internal/RouteBinding.d.ts +8 -0
package/dist/x402/internal/RouteBinding.d.ts.map +1 -0
package/dist/x402/internal/RouteBinding.js +12 -0
package/dist/x402/internal/RouteBinding.js.map +1 -0
package/dist/x402/server/EvmCharge.d.ts +50 -0
package/dist/x402/server/EvmCharge.d.ts.map +1 -0
package/dist/x402/server/EvmCharge.js +301 -0
package/dist/x402/server/EvmCharge.js.map +1 -0
package/dist/x402/server/Facilitator.d.ts +12 -0
package/dist/x402/server/Facilitator.d.ts.map +1 -0
package/dist/x402/server/Facilitator.js +42 -0
package/dist/x402/server/Facilitator.js.map +1 -0
package/package.json +41 -21
package/src/Challenge.test.ts +54 -0
package/src/Challenge.ts +17 -10
package/src/Method.ts +1 -1
package/src/client/Methods.ts +1 -0
package/src/client/Mppx.ts +4 -3
package/src/client/Transport.test.ts +165 -30
package/src/client/Transport.ts +76 -8
package/src/client/index.ts +1 -1
package/src/client/internal/Fetch.test.ts +31 -2
package/src/client/internal/Fetch.ts +26 -19
package/src/evm/Assets.ts +1 -0
package/src/evm/Chains.ts +5 -0
package/src/evm/Methods.ts +44 -0
package/src/evm/PublicInterface.test-d.ts +114 -0
package/src/evm/Types.ts +140 -0
package/src/evm/client/Charge.test.ts +99 -0
package/src/evm/client/Charge.ts +198 -0
package/src/evm/client/Methods.ts +19 -0
package/src/evm/client/index.ts +5 -0
package/src/evm/index.ts +14 -0
package/src/evm/server/Charge.test.ts +199 -0
package/src/evm/server/Charge.ts +283 -0
package/src/evm/server/Methods.ts +22 -0
package/src/evm/server/index.ts +5 -0
package/src/index.ts +2 -0
package/src/internal/HeaderCodec.ts +36 -0
package/src/middlewares/elysia.test.ts +25 -0
package/src/middlewares/elysia.ts +1 -2
package/src/middlewares/express.test.ts +28 -0
package/src/middlewares/express.ts +1 -1
package/src/middlewares/hono.test.ts +138 -2
package/src/middlewares/nextjs.test.ts +22 -0
package/src/proxy/internal/Headers.test.ts +20 -0
package/src/proxy/internal/Headers.ts +12 -1
package/src/proxy/services/openai.test.ts +57 -1
package/src/proxy/services/openai.ts +2 -0
package/src/server/Methods.ts +1 -0
package/src/server/Mppx.test.ts +244 -1
package/src/server/Mppx.ts +124 -11
package/src/server/NodeListener.test.ts +28 -1
package/src/server/Transport.test.ts +19 -0
package/src/server/Transport.ts +20 -0
package/src/server/index.ts +1 -1
package/src/stripe/server/internal/html.gen.ts +1 -1
package/src/tempo/AccessKeyAuthorization.test.ts +231 -0
package/src/tempo/client/ChannelOps.test.ts +61 -7
package/src/tempo/client/ChannelOps.ts +18 -7
package/src/tempo/client/Charge.test.ts +126 -0
package/src/tempo/client/Charge.ts +10 -6
package/src/tempo/client/Session.test.ts +130 -1
package/src/tempo/client/Session.ts +12 -19
package/src/tempo/client/SessionManager.test.ts +69 -2
package/src/tempo/client/SessionManager.ts +4 -4
package/src/tempo/internal/account.ts +13 -0
package/src/tempo/internal/fee-payer.test.ts +32 -2
package/src/tempo/internal/fee-payer.ts +6 -2
package/src/tempo/server/Charge.test.ts +69 -0
package/src/tempo/server/Charge.ts +32 -0
package/src/tempo/server/Session.test.ts +30 -0
package/src/tempo/server/Session.ts +15 -16
package/src/tempo/server/internal/html.gen.ts +1 -1
package/src/tempo/session/Chain.test.ts +4 -4
package/src/tempo/session/Chain.ts +10 -6
package/src/tempo/session/Voucher.test.ts +230 -1
package/src/tempo/session/Voucher.ts +96 -48
package/src/tempo/session/Ws.test.ts +71 -0
package/src/tempo/session/Ws.ts +13 -0
package/src/x402/Assets.ts +65 -0
package/src/x402/Exact.e2e.test.ts +448 -0
package/src/x402/Header.test.ts +73 -0
package/src/x402/Header.ts +34 -0
package/src/x402/PublicInterface.test-d.ts +39 -0
package/src/x402/Types.ts +248 -0
package/src/x402/client/Exact.test.ts +180 -0
package/src/x402/client/Exact.ts +198 -0
package/src/x402/index.ts +5 -0
package/src/x402/internal/ChallengeBrand.ts +14 -0
package/src/x402/internal/RouteBinding.ts +18 -0
package/src/x402/server/EvmCharge.ts +394 -0
package/src/x402/server/Facilitator.test.ts +111 -0
package/src/x402/server/Facilitator.ts +56 -0

package/src/tempo/session/Chain.test.ts CHANGED Viewed

@@ -310,7 +310,7 @@ describe.runIf(isLocalnet)('on-chain', () => {
       expect(result.onChain.finalized).toBe(false)
     })
-    test('fee-payer: rejects unauthorized calls', async () => {
+    test('fee-payer relay: rejects unauthorized open calls', async () => {
       const salt = nextSalt()
       const deposit = 5_000_000n
@@ -349,7 +349,7 @@ describe.runIf(isLocalnet)('on-chain', () => {
           channelId,
           recipient,
           currency,
-          feePayer: accounts[0],
+          isSponsored: true,
         }),
       ).rejects.toThrow('fee-sponsored open transaction contains an unauthorized call')
     })
@@ -798,7 +798,7 @@ describe.runIf(isLocalnet)('on-chain', () => {
       expect(result.newDeposit).toBe(deposit + topUpAmount)
     })
-    test('fee-payer: rejects unauthorized calls', async () => {
+    test('fee-payer relay: rejects unauthorized topUp calls', async () => {
       const salt = nextSalt()
       const deposit = 5_000_000n
       const topUpAmount = 3_000_000n
@@ -847,7 +847,7 @@ describe.runIf(isLocalnet)('on-chain', () => {
           currency: asset,
           declaredDeposit: topUpAmount,
           previousDeposit: deposit,
-          feePayer: accounts[0],
+          isSponsored: true,
         }),
       ).rejects.toThrow('fee-sponsored topUp transaction contains an unauthorized call')
     })

package/src/tempo/session/Chain.ts CHANGED Viewed

@@ -466,6 +466,7 @@ export async function broadcastOpenTransaction(parameters: {
   challengeExpires?: string | undefined
   feePayerPolicy?: Partial<FeePayer.Policy> | undefined
   feePayer?: Account | undefined
+  isSponsored?: boolean | undefined
   beforeBroadcast?: ((onChain: OnChainChannel) => Promise<void> | void) | undefined
   /** When false, simulates instead of waiting for confirmation and returns derived on-chain state. @default true */
   waitForConfirmation?: boolean | undefined
@@ -480,11 +481,12 @@ export async function broadcastOpenTransaction(parameters: {
     challengeExpires,
     feePayerPolicy,
     feePayer,
+    isSponsored = Boolean(feePayer),
     beforeBroadcast,
     waitForConfirmation = true,
   } = parameters
-  if (feePayer && !FeePayer.isTempoTransaction(serializedTransaction))
+  if (isSponsored && !FeePayer.isTempoTransaction(serializedTransaction))
     throw new BadRequestError({
       reason: 'Only Tempo (0x76/0x78) transactions are supported',
     })
@@ -493,11 +495,11 @@ export async function broadcastOpenTransaction(parameters: {
     serializedTransaction as Transaction.TransactionSerializedTempo,
   )
-  if (feePayer) assertSenderSigned(transaction)
+  if (isSponsored) assertSenderSigned(transaction)
   const calls = transaction.calls ?? []
-  const sponsoredOpenCall = feePayer
+  const sponsoredOpenCall = isSponsored
     ? validateSponsoredOpenCalls({
         calls,
         currency,
@@ -669,6 +671,7 @@ export async function broadcastTopUpTransaction(parameters: {
   challengeExpires?: string | undefined
   feePayerPolicy?: Partial<FeePayer.Policy> | undefined
   feePayer?: Account | undefined
+  isSponsored?: boolean | undefined
 }): Promise<{ txHash: Hex; newDeposit: bigint }> {
   const {
     client,
@@ -681,9 +684,10 @@ export async function broadcastTopUpTransaction(parameters: {
     challengeExpires,
     feePayerPolicy,
     feePayer,
+    isSponsored = Boolean(feePayer),
   } = parameters
-  if (feePayer && !FeePayer.isTempoTransaction(serializedTransaction))
+  if (isSponsored && !FeePayer.isTempoTransaction(serializedTransaction))
     throw new BadRequestError({
       reason: 'Only Tempo (0x76/0x78) transactions are supported',
     })
@@ -692,11 +696,11 @@ export async function broadcastTopUpTransaction(parameters: {
     serializedTransaction as Transaction.TransactionSerializedTempo,
   )
-  if (feePayer) assertSenderSigned(transaction)
+  if (isSponsored) assertSenderSigned(transaction)
   const calls = transaction.calls ?? []
-  const sponsoredTopUpCall = feePayer
+  const sponsoredTopUpCall = isSponsored
     ? validateSponsoredTopUpCalls({
         calls,
         currency,

package/src/tempo/session/Voucher.test.ts CHANGED Viewed

@@ -1,5 +1,8 @@
-import { createClient, http } from 'viem'
+import { P256, Secp256k1, Signature } from 'ox'
+import { SignatureEnvelope } from 'ox/tempo'
+import { createClient, http, type Account, type Hex } from 'viem'
 import { privateKeyToAccount } from 'viem/accounts'
+import { Account as TempoAccount, WebCryptoP256 } from 'viem/tempo'
 import { describe, expect, test } from 'vp/test'
 import { parseVoucherFromPayload, signVoucher, verifyVoucher } from './Voucher.js'
@@ -39,6 +42,232 @@ describe('Voucher', () => {
     expect(isValid).toBe(true)
   })
+  test('signVoucher rejects direct WebCrypto P256 voucher signatures', async () => {
+    const keyPair = await WebCryptoP256.createKeyPair()
+    const p256Account = TempoAccount.fromWebCryptoP256(keyPair)
+    const p256Client = createClient({
+      account: p256Account,
+      transport: http('http://127.0.0.1'),
+    })
+    await expect(
+      signVoucher(
+        p256Client,
+        p256Account,
+        { channelId, cumulativeAmount },
+        escrowContract,
+        chainId,
+      ),
+    ).rejects.toThrow('Session vouchers only support secp256k1 signatures')
+  })
+  test('signVoucher rejects direct WebAuthn voucher signatures', async () => {
+    const webAuthnAccount = TempoAccount.fromHeadlessWebAuthn(P256.randomPrivateKey(), {
+      origin: 'https://example.com',
+      rpId: 'example.com',
+    })
+    const webAuthnClient = createClient({
+      account: webAuthnAccount,
+      transport: http('http://127.0.0.1'),
+    })
+    await expect(
+      signVoucher(
+        webAuthnClient,
+        webAuthnAccount,
+        { channelId, cumulativeAmount },
+        escrowContract,
+        chainId,
+      ),
+    ).rejects.toThrow('Session vouchers only support secp256k1 signatures')
+  })
+  test('signVoucher signs v1 secp256k1 access keys with raw signatures', async () => {
+    const accessKey = TempoAccount.fromSecp256k1(
+      '0x59c6995e998f97a5a0044966f09453863d462d2b3f1446a99f0a3d7b5d0f5a0d',
+      { access: account, internal_version: 'v1' },
+    )
+    const accessKeyClient = createClient({
+      account: accessKey,
+      transport: http('http://127.0.0.1'),
+    })
+    const signature = await signVoucher(
+      accessKeyClient,
+      accessKey,
+      { channelId, cumulativeAmount },
+      escrowContract,
+      chainId,
+    )
+    const envelope = SignatureEnvelope.from(signature as SignatureEnvelope.Serialized)
+    expect(envelope.type).toBe('secp256k1')
+    expect(signature.length).toBe(132)
+    const isValid = await verifyVoucher(
+      escrowContract,
+      chainId,
+      { channelId, cumulativeAmount, signature },
+      accessKey.accessKeyAddress,
+    )
+    expect(isValid).toBe(true)
+  })
+  test('signVoucher unwraps legacy secp256k1 keychain signatures', async () => {
+    const privateKey = '0x59c6995e998f97a5a0044966f09453863d462d2b3f1446a99f0a3d7b5d0f5a0d'
+    const rawAccessKey = TempoAccount.fromSecp256k1(privateKey)
+    const keychainSigner = {
+      accessKeyAddress: rawAccessKey.address,
+      address: account.address,
+      async sign({ hash }: { hash: Hex }) {
+        const inner = SignatureEnvelope.from(
+          Signature.toHex(Secp256k1.sign({ payload: hash, privateKey })),
+        )
+        return SignatureEnvelope.serialize({
+          type: 'keychain',
+          version: 'v1',
+          userAddress: account.address,
+          inner,
+        })
+      },
+    } as unknown as Account
+    const signature = await signVoucher(
+      client,
+      keychainSigner,
+      { channelId, cumulativeAmount },
+      escrowContract,
+      chainId,
+    )
+    const envelope = SignatureEnvelope.from(signature as SignatureEnvelope.Serialized)
+    expect(envelope.type).toBe('secp256k1')
+    expect(signature.length).toBe(132)
+    const isValid = await verifyVoucher(
+      escrowContract,
+      chainId,
+      { channelId, cumulativeAmount, signature },
+      rawAccessKey.address,
+    )
+    expect(isValid).toBe(true)
+  })
+  test('signVoucher signs v2 secp256k1 access keys with raw signatures', async () => {
+    const accessKey = TempoAccount.fromSecp256k1(
+      '0x59c6995e998f97a5a0044966f09453863d462d2b3f1446a99f0a3d7b5d0f5a0d',
+      { access: account },
+    )
+    const accessKeyClient = createClient({
+      account: accessKey,
+      transport: http('http://127.0.0.1'),
+    })
+    const signature = await signVoucher(
+      accessKeyClient,
+      accessKey,
+      { channelId, cumulativeAmount },
+      escrowContract,
+      chainId,
+    )
+    const envelope = SignatureEnvelope.from(signature as SignatureEnvelope.Serialized)
+    expect(envelope.type).toBe('secp256k1')
+    expect(signature.length).toBe(132)
+    const isValid = await verifyVoucher(
+      escrowContract,
+      chainId,
+      { channelId, cumulativeAmount, signature },
+      accessKey.accessKeyAddress,
+    )
+    expect(isValid).toBe(true)
+  })
+  test('verifyVoucher rejects keychain envelopes', async () => {
+    const privateKey = '0x59c6995e998f97a5a0044966f09453863d462d2b3f1446a99f0a3d7b5d0f5a0d'
+    const inner = SignatureEnvelope.from(
+      Signature.toHex(Secp256k1.sign({ payload: channelId, privateKey })),
+    )
+    const keychainSignature = SignatureEnvelope.serialize({
+      type: 'keychain',
+      version: 'v2',
+      userAddress: account.address,
+      inner,
+    })
+    const isValid = await verifyVoucher(
+      escrowContract,
+      chainId,
+      { channelId, cumulativeAmount, signature: keychainSignature },
+      account.address,
+    )
+    expect(isValid).toBe(false)
+  })
+  test('signVoucher signs non-secp256k1 access keys without keychain envelopes', async () => {
+    const accessKey = TempoAccount.fromP256(P256.randomPrivateKey(), {
+      access: account,
+      internal_version: 'v1',
+    })
+    const accessKeyClient = createClient({
+      account: accessKey,
+      transport: http('http://127.0.0.1'),
+    })
+    await expect(
+      signVoucher(
+        accessKeyClient,
+        accessKey,
+        { channelId, cumulativeAmount },
+        escrowContract,
+        chainId,
+      ),
+    ).rejects.toThrow('Session vouchers only support secp256k1 signatures')
+  })
+  test('verifyVoucher rejects magic-suffixed secp256k1 signatures', async () => {
+    const signature = await signVoucher(
+      client,
+      account,
+      { channelId, cumulativeAmount },
+      escrowContract,
+      chainId,
+    )
+    const signatureWithMagic = SignatureEnvelope.serialize(SignatureEnvelope.from(signature), {
+      magic: true,
+    })
+    const isValid = await verifyVoucher(
+      escrowContract,
+      chainId,
+      { channelId, cumulativeAmount, signature: signatureWithMagic },
+      account.address,
+    )
+    expect(isValid).toBe(false)
+  })
+  test('verifyVoucher rejects EIP-155-style secp256k1 v values', async () => {
+    const signature = await signVoucher(
+      client,
+      account,
+      { channelId, cumulativeAmount },
+      escrowContract,
+      chainId,
+    )
+    const signatureWithEip155V = `${signature.slice(0, -2)}${
+      signature.endsWith('1b') ? '23' : '24'
+    }` as `0x${string}`
+    const isValid = await verifyVoucher(
+      escrowContract,
+      chainId,
+      { channelId, cumulativeAmount, signature: signatureWithEip155V },
+      account.address,
+    )
+    expect(isValid).toBe(false)
+  })
   test('verifyVoucher rejects wrong signer', async () => {
     const signature = await signVoucher(
       client,

package/src/tempo/session/Voucher.ts CHANGED Viewed

@@ -1,10 +1,10 @@
-import { type Address, Signature } from 'ox'
+import { Signature, type Address } from 'ox'
 import { SignatureEnvelope } from 'ox/tempo'
 import type { Account, Client, Hex } from 'viem'
-import { recoverTypedDataAddress } from 'viem'
+import { hashTypedData } from 'viem'
 import { signTypedData } from 'viem/actions'
-import * as TempoAddress from '../internal/address.js'
+import { getAccountSignerAddress, isAccessKeyAccount } from '../internal/account.js'
 import type { SignedVoucher, Voucher } from './Types.js'
 /** Must match the on-chain TempoStreamChannel DOMAIN_SEPARATOR name. */
@@ -35,48 +35,110 @@ const voucherTypes = {
   ],
 } as const
-/**
- * Sign a voucher with an account.
- */
-export async function signVoucher(
+const acceptTip1020VoucherSignatures = false
+function getVoucherMessage(message: Voucher) {
+  return {
+    channelId: message.channelId,
+    cumulativeAmount: message.cumulativeAmount,
+  }
+}
+function getVoucherDigest(escrowContract: Address.Address, chainId: number, message: Voucher) {
+  return hashTypedData({
+    domain: getVoucherDomain(escrowContract, chainId),
+    types: voucherTypes,
+    primaryType: 'Voucher',
+    message: getVoucherMessage(message),
+  })
+}
+async function signVoucherTypedData(
   client: Client,
   account: Account,
   message: Voucher,
   escrowContract: Address.Address,
   chainId: number,
-  authorizedSigner?: Address.Address | undefined,
 ): Promise<Hex> {
-  const signature = await signTypedData(client, {
+  return signTypedData(client, {
     account,
     domain: getVoucherDomain(escrowContract, chainId),
     types: voucherTypes,
     primaryType: 'Voucher',
-    message: {
-      channelId: message.channelId,
-      cumulativeAmount: message.cumulativeAmount,
-    },
+    message: getVoucherMessage(message),
   })
+}
+function normalizeVoucherSignature(signature: Hex): Hex {
+  const envelope = SignatureEnvelope.from(signature as SignatureEnvelope.Serialized)
-  // When a separate authorizedSigner is used (e.g. access key), unwrap the
-  // keychain envelope — the escrow contract verifies raw ECDSA signatures
-  // against authorizedSigner, not keychain-wrapped ones.
-  // TODO: when TIP-1020 is implemented, we can remove this.
-  if (authorizedSigner) {
-    try {
-      const envelope = SignatureEnvelope.from(signature as SignatureEnvelope.Serialized)
-      if (envelope.type === 'keychain' && envelope.inner.type === 'secp256k1')
-        return Signature.toHex(envelope.inner.signature)
-    } catch {}
+  if (envelope.type === 'keychain') {
+    if (envelope.inner.type !== 'secp256k1')
+      throw new Error(
+        'Session vouchers only unwrap secp256k1 keychain signatures; pass a direct voucherSigner for other key types.',
+      )
+    return Signature.toHex(envelope.inner.signature)
   }
-  return signature
+  // Tempo local accounts may append signature-envelope magic bytes for RPC
+  // routing. Voucher signatures are direct envelopes without magic bytes.
+  return SignatureEnvelope.serialize(envelope)
+}
+function acceptsVoucherEnvelope(envelope: SignatureEnvelope.SignatureEnvelope): boolean {
+  if (envelope.type === 'keychain') return false
+  if (envelope.type === 'secp256k1') return true
+  return acceptTip1020VoucherSignatures
+}
+function assertSupportedVoucherEnvelope(envelope: SignatureEnvelope.SignatureEnvelope) {
+  if (acceptsVoucherEnvelope(envelope)) return
+  throw new Error(
+    'Session vouchers only support secp256k1 signatures until TIP-1020 voucher verification is enabled.',
+  )
+}
+/**
+ * Sign a voucher with an account.
+ */
+export async function signVoucher(
+  client: Client,
+  account: Account,
+  message: Voucher,
+  escrowContract: Address.Address,
+  chainId: number,
+  voucherSigner?: Account | undefined,
+): Promise<Hex> {
+  const signer = voucherSigner ?? account
+  const expectedSigner = getAccountSignerAddress(signer)
+  const digest = getVoucherDigest(escrowContract, chainId, message)
+  const signature = isAccessKeyAccount(signer)
+    ? await signer.sign({ hash: digest, raw: true })
+    : await signVoucherTypedData(client, signer, message, escrowContract, chainId)
+  const normalized = normalizeVoucherSignature(signature)
+  const envelope = SignatureEnvelope.from(normalized as SignatureEnvelope.Serialized)
+  assertSupportedVoucherEnvelope(envelope)
+  if (
+    !SignatureEnvelope.verify(envelope, {
+      address: expectedSigner,
+      payload: digest,
+    })
+  )
+    throw new Error('voucher signature does not match voucher signer')
+  return normalized
 }
 /**
  * Verify a voucher signature matches the expected signer.
  *
- * Only accepts raw secp256k1 signatures — the escrow contract verifies
- * via ecrecover. Keychain, p256, and webAuthn signatures are rejected.
+ * Accepts canonical raw secp256k1 voucher signatures.
+ *
+ * TIP-1020 voucher signatures will be enabled when onchain escrow verification ships.
  */
 export async function verifyVoucher(
   escrowContract: Address.Address,
@@ -85,31 +147,17 @@ export async function verifyVoucher(
   expectedSigner: Address.Address,
 ): Promise<boolean> {
   try {
-    const domain = getVoucherDomain(escrowContract, chainId)
-    const message = {
-      channelId: voucher.channelId,
-      cumulativeAmount: voucher.cumulativeAmount,
-    }
     const envelope = SignatureEnvelope.from(voucher.signature)
-    // Reject keychain signatures — the escrow contract verifies raw ECDSA
-    // signatures against authorizedSigner, not keychain-wrapped ones.
-    if (envelope.type === 'keychain') return false
-    // Reject non-secp256k1 signatures (p256, webAuthn) — the escrow contract
-    // only supports ecrecover-based verification.
-    // TODO: remove this once TIP-1020 is implemented
-    if (envelope.type !== 'secp256k1') return false
-    const signer = await recoverTypedDataAddress({
-      domain,
-      types: voucherTypes,
-      primaryType: 'Voucher',
-      message,
-      signature: voucher.signature,
+    if (!acceptsVoucherEnvelope(envelope)) return false
+    const canonical = SignatureEnvelope.serialize(envelope)
+    if (canonical.toLowerCase() !== voucher.signature.toLowerCase()) return false
+    return SignatureEnvelope.verify(envelope, {
+      address: expectedSigner,
+      payload: getVoucherDigest(escrowContract, chainId, voucher),
     })
-    return TempoAddress.isEqual(signer, expectedSigner)
   } catch {
     return false
   }

package/src/tempo/session/Ws.test.ts CHANGED Viewed

@@ -407,4 +407,75 @@ describe('isows', () => {
     expect(channel?.spent).toBe(0n)
     expect(channel?.units).toBe(0)
   })
+  test('does not meter or emit application messages after close is requested on-chain', async () => {
+    const socket = new MockSocket()
+    const store = memoryChannelStore()
+    await store.updateChannel(channelId, () => ({
+      channelId,
+      payer: '0x0000000000000000000000000000000000000001' as Address,
+      payee: '0x0000000000000000000000000000000000000002' as Address,
+      token: '0x0000000000000000000000000000000000000003' as Address,
+      authorizedSigner: '0x0000000000000000000000000000000000000004' as Address,
+      chainId: 42431,
+      escrowContract: '0x0000000000000000000000000000000000000005' as Address,
+      deposit: 1n,
+      settledOnChain: 0n,
+      highestVoucherAmount: 1n,
+      highestVoucher: null,
+      spent: 0n,
+      units: 0,
+      closeRequestedAt: 1n,
+      finalized: false,
+      createdAt: new Date().toISOString(),
+    }))
+    await Ws.serve({
+      socket,
+      store,
+      url: 'ws://example.test/stream',
+      route: async () => ({
+        status: 200,
+        withReceipt(response = new Response(null, { status: 204 })) {
+          response.headers.set(
+            'Payment-Receipt',
+            serializeSessionReceipt(
+              createSessionReceipt({
+                challengeId: challenge.id,
+                channelId,
+                acceptedCumulative: 1n,
+                spent: 0n,
+                units: 0,
+              }),
+            ),
+          )
+          return response
+        },
+      }),
+      generate: (async function* () {
+        yield 'should-not-reach'
+      })(),
+    })
+    socket.receive(
+      Ws.formatAuthorizationMessage(
+        makeCredential({
+          action: 'open',
+          channelId,
+          cumulativeAmount: '1',
+          signature: `0x${'77'.repeat(65)}`,
+          transaction: '0x01',
+          type: 'transaction',
+        }),
+      ),
+    )
+    await sleep(100)
+    expect(socket.closed).toBe(true)
+    expect(socket.sent.some((message) => message.includes('should-not-reach'))).toBe(false)
+    const channel = await store.getChannel(channelId)
+    expect(channel?.spent).toBe(0n)
+    expect(channel?.units).toBe(0)
+  })
 })

package/src/tempo/session/Ws.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import * as Credential from '../../Credential.js'
+import { ChannelClosedError } from '../../Errors.js'
 import * as ChannelStore from './ChannelStore.js'
 import { deserializeSessionReceipt } from './Receipt.js'
 import { createSessionReceipt } from './Receipt.js'
@@ -405,6 +406,7 @@ async function reserveChargeOrWait(options: {
   let channel = await store.getChannel(channelId)
   if (!channel) throw new Error('channel not found')
+  throwIfChannelClosed(channel)
   const hasHeadroom = (state: ChannelStore.State) =>
     state.highestVoucherAmount - state.spent - reservedAmount >= amount
@@ -424,6 +426,7 @@ async function reserveChargeOrWait(options: {
     await waitForUpdate(store, channelId, pollIntervalMs, signal)
     channel = await store.getChannel(channelId)
     if (!channel) throw new Error('channel not found')
+    throwIfChannelClosed(channel)
   }
 }
@@ -440,6 +443,7 @@ async function commitReservedCharges(options: {
   const channel = await store.updateChannel(channelId, (current) => {
     if (!current) return null
     if (current.finalized) return current
+    if (current.closeRequestedAt !== 0n) return current
     if (current.highestVoucherAmount - current.spent < amount) return current
     committed = true
     return {
@@ -450,9 +454,18 @@ async function commitReservedCharges(options: {
   })
   if (!channel) throw new Error('channel not found')
+  if (channel.finalized) throw new ChannelClosedError({ reason: 'channel is finalized' })
+  if (channel.closeRequestedAt !== 0n)
+    throw new ChannelClosedError({ reason: 'channel has a pending close request' })
   if (!committed) throw new Error('reserved voucher coverage is no longer available')
 }
+function throwIfChannelClosed(channel: ChannelStore.State): void {
+  if (channel.finalized) throw new ChannelClosedError({ reason: 'channel is finalized' })
+  if (channel.closeRequestedAt !== 0n)
+    throw new ChannelClosedError({ reason: 'channel has a pending close request' })
+}
 async function waitForUpdate(
   store: ChannelStore.ChannelStore,
   channelId: SessionCredentialPayload['channelId'],