npm - mppx - Versions diffs - 0.7.0 → 0.8.0 - Mend

mppx 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (278) hide show

package/CHANGELOG.md +33 -0
package/README.md +20 -11
package/dist/Challenge.d.ts.map +1 -1
package/dist/Challenge.js +18 -6
package/dist/Challenge.js.map +1 -1
package/dist/Mcp.d.ts +3 -0
package/dist/Mcp.d.ts.map +1 -1
package/dist/Mcp.js +2 -0
package/dist/Mcp.js.map +1 -1
package/dist/PaymentRequest.d.ts +10 -10
package/dist/PaymentRequest.js +8 -8
package/dist/client/Mppx.js +2 -2
package/dist/client/Mppx.js.map +1 -1
package/dist/client/Transport.d.ts +11 -16
package/dist/client/Transport.d.ts.map +1 -1
package/dist/client/Transport.js +55 -75
package/dist/client/Transport.js.map +1 -1
package/dist/client/index.d.ts +3 -0
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +1 -0
package/dist/client/index.js.map +1 -1
package/dist/client/internal/Fetch.d.ts.map +1 -1
package/dist/client/internal/Fetch.js +46 -7
package/dist/client/internal/Fetch.js.map +1 -1
package/dist/client/internal/protocols/Mcp.d.ts +7 -0
package/dist/client/internal/protocols/Mcp.d.ts.map +1 -0
package/dist/client/internal/protocols/Mcp.js +159 -0
package/dist/client/internal/protocols/Mcp.js.map +1 -0
package/dist/client/internal/protocols/Mpp.d.ts +4 -0
package/dist/client/internal/protocols/Mpp.d.ts.map +1 -0
package/dist/client/internal/protocols/Mpp.js +18 -0
package/dist/client/internal/protocols/Mpp.js.map +1 -0
package/dist/client/internal/protocols/Protocol.d.ts +10 -0
package/dist/client/internal/protocols/Protocol.d.ts.map +1 -0
package/dist/client/internal/protocols/Protocol.js +2 -0
package/dist/client/internal/protocols/Protocol.js.map +1 -0
package/dist/client/internal/protocols/Shared.d.ts +5 -0
package/dist/client/internal/protocols/Shared.d.ts.map +1 -0
package/dist/client/internal/protocols/Shared.js +20 -0
package/dist/client/internal/protocols/Shared.js.map +1 -0
package/dist/client/internal/protocols/X402.d.ts +8 -0
package/dist/client/internal/protocols/X402.d.ts.map +1 -0
package/dist/client/internal/protocols/X402.js +39 -0
package/dist/client/internal/protocols/X402.js.map +1 -0
package/dist/evm/client/index.d.ts +1 -0
package/dist/evm/client/index.d.ts.map +1 -1
package/dist/evm/client/index.js +1 -0
package/dist/evm/client/index.js.map +1 -1
package/dist/evm/index.d.ts +2 -0
package/dist/evm/index.d.ts.map +1 -1
package/dist/evm/index.js +2 -0
package/dist/evm/index.js.map +1 -1
package/dist/evm/server/index.d.ts +1 -0
package/dist/evm/server/index.d.ts.map +1 -1
package/dist/evm/server/index.js +1 -0
package/dist/evm/server/index.js.map +1 -1
package/dist/mcp/client/McpClient.d.ts +101 -0
package/dist/mcp/client/McpClient.d.ts.map +1 -0
package/dist/mcp/client/McpClient.js +162 -0
package/dist/mcp/client/McpClient.js.map +1 -0
package/dist/mcp/client/index.d.ts.map +1 -0
package/dist/mcp/client/index.js.map +1 -0
package/dist/mcp/server/Transport.d.ts.map +1 -0
package/dist/mcp/server/Transport.js.map +1 -0
package/dist/mcp/server/index.d.ts.map +1 -0
package/dist/mcp/server/index.js.map +1 -0
package/dist/server/Mppx.d.ts +1 -1
package/dist/server/Mppx.d.ts.map +1 -1
package/dist/server/Mppx.js +9 -0
package/dist/server/Mppx.js.map +1 -1
package/dist/server/Transport.d.ts +1 -1
package/dist/server/Transport.d.ts.map +1 -1
package/dist/server/Transport.js +1 -1
package/dist/server/Transport.js.map +1 -1
package/dist/stripe/server/internal/html.gen.d.ts +1 -1
package/dist/stripe/server/internal/html.gen.d.ts.map +1 -1
package/dist/stripe/server/internal/html.gen.js +1 -1
package/dist/stripe/server/internal/html.gen.js.map +1 -1
package/dist/tempo/Proof.d.ts +85 -1
package/dist/tempo/Proof.d.ts.map +1 -1
package/dist/tempo/Proof.js +35 -0
package/dist/tempo/Proof.js.map +1 -1
package/dist/tempo/client/Charge.d.ts +13 -1
package/dist/tempo/client/Charge.d.ts.map +1 -1
package/dist/tempo/client/Charge.js +38 -25
package/dist/tempo/client/Charge.js.map +1 -1
package/dist/tempo/client/Methods.d.ts +5 -3
package/dist/tempo/client/Methods.d.ts.map +1 -1
package/dist/tempo/client/Methods.js +4 -2
package/dist/tempo/client/Methods.js.map +1 -1
package/dist/tempo/client/ResolveAccount.d.ts +40 -0
package/dist/tempo/client/ResolveAccount.d.ts.map +1 -0
package/dist/tempo/client/ResolveAccount.js +2 -0
package/dist/tempo/client/ResolveAccount.js.map +1 -0
package/dist/tempo/internal/fee-payer.d.ts +9 -1
package/dist/tempo/internal/fee-payer.d.ts.map +1 -1
package/dist/tempo/internal/fee-payer.js +35 -6
package/dist/tempo/internal/fee-payer.js.map +1 -1
package/dist/tempo/internal/proof.d.ts +71 -5
package/dist/tempo/internal/proof.d.ts.map +1 -1
package/dist/tempo/internal/proof.js +42 -6
package/dist/tempo/internal/proof.js.map +1 -1
package/dist/tempo/legacy/client/SessionManager.d.ts.map +1 -1
package/dist/tempo/legacy/client/SessionManager.js +10 -3
package/dist/tempo/legacy/client/SessionManager.js.map +1 -1
package/dist/tempo/server/Charge.d.ts.map +1 -1
package/dist/tempo/server/Charge.js +42 -18
package/dist/tempo/server/Charge.js.map +1 -1
package/dist/tempo/server/Methods.d.ts +4 -2
package/dist/tempo/server/Methods.d.ts.map +1 -1
package/dist/tempo/server/Methods.js +4 -2
package/dist/tempo/server/Methods.js.map +1 -1
package/dist/tempo/server/Subscription.d.ts +10 -0
package/dist/tempo/server/Subscription.d.ts.map +1 -1
package/dist/tempo/server/Subscription.js +135 -23
package/dist/tempo/server/Subscription.js.map +1 -1
package/dist/tempo/server/internal/html.gen.d.ts +1 -1
package/dist/tempo/server/internal/html.gen.d.ts.map +1 -1
package/dist/tempo/server/internal/html.gen.js +1 -1
package/dist/tempo/server/internal/html.gen.js.map +1 -1
package/dist/tempo/session/client/ChannelOps.d.ts +2 -3
package/dist/tempo/session/client/ChannelOps.d.ts.map +1 -1
package/dist/tempo/session/client/ChannelOps.js +7 -10
package/dist/tempo/session/client/ChannelOps.js.map +1 -1
package/dist/tempo/session/client/ChannelStore.d.ts +51 -0
package/dist/tempo/session/client/ChannelStore.d.ts.map +1 -0
package/dist/tempo/session/client/ChannelStore.js +63 -0
package/dist/tempo/session/client/ChannelStore.js.map +1 -0
package/dist/tempo/session/client/CredentialState.d.ts +7 -24
package/dist/tempo/session/client/CredentialState.d.ts.map +1 -1
package/dist/tempo/session/client/CredentialState.js +51 -49
package/dist/tempo/session/client/CredentialState.js.map +1 -1
package/dist/tempo/session/client/Session.d.ts +8 -2
package/dist/tempo/session/client/Session.d.ts.map +1 -1
package/dist/tempo/session/client/Session.js +22 -8
package/dist/tempo/session/client/Session.js.map +1 -1
package/dist/tempo/session/client/SessionManager.d.ts +4 -40
package/dist/tempo/session/client/SessionManager.d.ts.map +1 -1
package/dist/tempo/session/client/SessionManager.js +124 -174
package/dist/tempo/session/client/SessionManager.js.map +1 -1
package/dist/tempo/session/client/index.d.ts +3 -4
package/dist/tempo/session/client/index.d.ts.map +1 -1
package/dist/tempo/session/client/index.js +1 -0
package/dist/tempo/session/client/index.js.map +1 -1
package/dist/tempo/session/precompile/Voucher.d.ts +3 -3
package/dist/tempo/session/precompile/Voucher.d.ts.map +1 -1
package/dist/tempo/session/precompile/Voucher.js +24 -25
package/dist/tempo/session/precompile/Voucher.js.map +1 -1
package/dist/tempo/session/server/Settlement.d.ts.map +1 -1
package/dist/tempo/session/server/Settlement.js +4 -2
package/dist/tempo/session/server/Settlement.js.map +1 -1
package/dist/tempo/session/server/Sse.d.ts.map +1 -1
package/dist/tempo/session/server/Sse.js.map +1 -1
package/dist/tempo/session/server/Ws.d.ts.map +1 -1
package/dist/tempo/session/server/Ws.js.map +1 -1
package/dist/tempo/subscription/KeyAuthorization.d.ts +712 -1
package/dist/tempo/subscription/KeyAuthorization.d.ts.map +1 -1
package/dist/tempo/subscription/Store.d.ts +2 -0
package/dist/tempo/subscription/Store.d.ts.map +1 -1
package/dist/tempo/subscription/Store.js +16 -1
package/dist/tempo/subscription/Store.js.map +1 -1
package/dist/x402/index.d.ts +1 -0
package/dist/x402/index.d.ts.map +1 -1
package/dist/x402/index.js +1 -0
package/dist/x402/index.js.map +1 -1
package/package.json +21 -10
package/src/Challenge.test.ts +40 -0
package/src/Challenge.ts +19 -6
package/src/Mcp.ts +4 -0
package/src/PaymentRequest.ts +10 -10
package/src/cli/cli.test.ts +15 -15
package/src/client/Mppx.test-d.ts +21 -1
package/src/client/Mppx.test.ts +1 -1
package/src/client/Mppx.ts +2 -2
package/src/client/Transport.test.ts +225 -178
package/src/client/Transport.ts +77 -83
package/src/client/index.ts +14 -0
package/src/client/internal/Fetch.test.ts +207 -2
package/src/client/internal/Fetch.ts +52 -6
package/src/client/internal/protocols/Mcp.test.ts +220 -0
package/src/client/internal/protocols/Mcp.ts +162 -0
package/src/client/internal/protocols/Mpp.ts +21 -0
package/src/client/internal/protocols/Protocol.ts +10 -0
package/src/client/internal/protocols/Shared.ts +25 -0
package/src/client/internal/protocols/X402.ts +42 -0
package/src/discovery/OpenApi.test.ts +1 -1
package/src/evm/PublicInterface.test-d.ts +1 -1
package/src/evm/client/index.ts +1 -0
package/src/evm/index.ts +2 -0
package/src/evm/server/Charge.test.ts +1 -1
package/src/evm/server/index.ts +1 -0
package/src/{mcp-sdk → mcp}/client/McpClient.integration.test.ts +10 -4
package/src/{mcp-sdk → mcp}/client/McpClient.test-d.ts +45 -18
package/src/{mcp-sdk → mcp}/client/McpClient.test.ts +211 -5
package/src/mcp/client/McpClient.ts +307 -0
package/src/{mcp-sdk → mcp}/client/McpClient.unit.test.ts +9 -5
package/src/middlewares/elysia.test.ts +1 -1
package/src/middlewares/express.test.ts +1 -1
package/src/middlewares/hono.test.ts +1 -1
package/src/middlewares/internal/mppx.test.ts +1 -1
package/src/middlewares/nextjs.test.ts +1 -1
package/src/proxy/Proxy.test.ts +1 -1
package/src/proxy/services/anthropic.test.ts +1 -1
package/src/proxy/services/openai.test.ts +1 -1
package/src/proxy/services/stripe.test.ts +1 -1
package/src/server/Mppx.authorize.test.ts +1 -1
package/src/server/Mppx.test-d.ts +1 -1
package/src/server/Mppx.test.ts +20 -2
package/src/server/Mppx.ts +14 -1
package/src/server/Transport.test.ts +6 -6
package/src/server/Transport.ts +1 -1
package/src/stripe/Charge.integration.test.ts +1 -1
package/src/stripe/client/Charge.test.ts +1 -1
package/src/stripe/server/Charge.test.ts +1 -1
package/src/stripe/server/internal/html/package.json +1 -1
package/src/stripe/server/internal/html.gen.ts +1 -1
package/src/tempo/Proof.conformance.test.ts +146 -0
package/src/tempo/Proof.test-d.ts +15 -0
package/src/tempo/Proof.ts +52 -1
package/src/tempo/Subscription.integration.test.ts +1 -1
package/src/tempo/client/Charge.test.ts +173 -0
package/src/tempo/client/Charge.ts +65 -36
package/src/tempo/client/Methods.ts +4 -2
package/src/tempo/client/ResolveAccount.ts +46 -0
package/src/tempo/internal/fee-payer.test.ts +65 -10
package/src/tempo/internal/fee-payer.ts +42 -6
package/src/tempo/internal/proof.test.ts +12 -4
package/src/tempo/internal/proof.ts +55 -6
package/src/tempo/legacy/client/SessionManager.ts +11 -3
package/src/tempo/legacy/server/Session.test.ts +91 -26
package/src/tempo/server/Charge.test.ts +388 -17
package/src/tempo/server/Charge.ts +46 -24
package/src/tempo/server/Methods.ts +4 -2
package/src/tempo/server/Subscription.test.ts +465 -3
package/src/tempo/server/Subscription.ts +174 -19
package/src/tempo/server/internal/html/package.json +2 -2
package/src/tempo/server/internal/html.gen.ts +1 -1
package/src/tempo/session/client/ChannelOps.ts +5 -19
package/src/tempo/session/client/ChannelStore.ts +111 -0
package/src/tempo/session/client/CredentialState.test.ts +206 -62
package/src/tempo/session/client/CredentialState.ts +58 -73
package/src/tempo/session/client/Session.test.ts +41 -1
package/src/tempo/session/client/Session.ts +36 -10
package/src/tempo/session/client/SessionManager.test.ts +154 -65
package/src/tempo/session/client/SessionManager.ts +141 -235
package/src/tempo/session/client/index.ts +8 -5
package/src/tempo/session/precompile/Voucher.test.ts +45 -7
package/src/tempo/session/precompile/Voucher.ts +27 -25
package/src/tempo/session/server/Session.test.ts +4 -4
package/src/tempo/session/server/Settlement.test.ts +88 -1
package/src/tempo/session/server/Settlement.ts +2 -1
package/src/tempo/session/server/Sse.ts +0 -2
package/src/tempo/session/server/Ws.ts +0 -4
package/src/tempo/subscription/Store.ts +27 -9
package/src/x402/Exact.e2e.test.ts +1 -1
package/src/x402/PublicInterface.test-d.ts +1 -1
package/src/x402/index.ts +1 -0
package/dist/mcp-sdk/client/McpClient.d.ts +0 -85
package/dist/mcp-sdk/client/McpClient.d.ts.map +0 -1
package/dist/mcp-sdk/client/McpClient.js +0 -118
package/dist/mcp-sdk/client/McpClient.js.map +0 -1
package/dist/mcp-sdk/client/index.d.ts.map +0 -1
package/dist/mcp-sdk/client/index.js.map +0 -1
package/dist/mcp-sdk/server/Transport.d.ts.map +0 -1
package/dist/mcp-sdk/server/Transport.js.map +0 -1
package/dist/mcp-sdk/server/index.d.ts.map +0 -1
package/dist/mcp-sdk/server/index.js.map +0 -1
package/src/mcp-sdk/client/McpClient.ts +0 -228
/package/dist/{mcp-sdk → mcp}/client/index.d.ts +0 -0
/package/dist/{mcp-sdk → mcp}/client/index.js +0 -0
/package/dist/{mcp-sdk → mcp}/server/Transport.d.ts +0 -0
/package/dist/{mcp-sdk → mcp}/server/Transport.js +0 -0
/package/dist/{mcp-sdk → mcp}/server/index.d.ts +0 -0
/package/dist/{mcp-sdk → mcp}/server/index.js +0 -0
/package/src/{mcp-sdk → mcp}/client/index.ts +0 -0
/package/src/{mcp-sdk → mcp}/server/Transport.test.ts +0 -0
/package/src/{mcp-sdk → mcp}/server/Transport.ts +0 -0
/package/src/{mcp-sdk → mcp}/server/index.ts +0 -0

package/src/client/Transport.ts CHANGED Viewed

@@ -1,18 +1,11 @@
 import * as Challenge from '../Challenge.js'
-import * as Constants from '../Constants.js'
 import * as Credential from '../Credential.js'
 import * as Mcp from '../Mcp.js'
-import * as x402_Header from '../x402/Header.js'
-import * as x402_ChallengeBrand from '../x402/internal/ChallengeBrand.js'
-import * as x402_Types from '../x402/Types.js'
-const paymentRequiredStatus = 402
-const credentialHeaders = [
-  Constants.Headers.authorization,
-  x402_Types.paymentRequiredHeader,
-  x402_Types.paymentResponseHeader,
-  x402_Types.paymentSignatureHeader,
-]
+import { mcp as mcpProtocol } from './internal/protocols/Mcp.js'
+import { mpp as mppProtocol } from './internal/protocols/Mpp.js'
+import type { Protocol } from './internal/protocols/Protocol.js'
+import { paymentRequiredStatus } from './internal/protocols/Shared.js'
+import { x402 as x402Protocol } from './internal/protocols/X402.js'
 /**
  * Client-side transport adapter.
@@ -23,12 +16,21 @@ const credentialHeaders = [
 export type Transport<in out request = unknown, in out response = unknown> = {
   /** Transport name for identification. */
   name: string
-  /** Checks if a response indicates payment is required. */
-  isPaymentRequired: (response: response) => boolean
+  /**
+   * Checks if a response indicates payment is required. May inspect the request (to gate
+   * body reads) and be async (to read a response body).
+   */
+  isPaymentRequired: (response: response, request?: request) => boolean | Promise<boolean>
   /** Extracts all challenges from a payment-required response, when the transport supports multiple offers. */
-  getChallenges?: (response: response) => Challenge.Challenge[]
+  getChallenges?: (
+    response: response,
+    request?: request,
+  ) => Challenge.Challenge[] | Promise<Challenge.Challenge[]>
   /** Extracts the challenge from a payment-required response. */
-  getChallenge: (response: response) => Challenge.Challenge
+  getChallenge: (
+    response: response,
+    request?: request,
+  ) => Challenge.Challenge | Promise<Challenge.Challenge>
   /** Attaches a credential to a request. */
   setCredential: (
     request: request,
@@ -74,87 +76,79 @@ export function from<request, response>(
   return transport
 }
-/**
- * HTTP transport for client-side payment handling.
- *
- * - Detects payment required via 402 status
- * - Extracts Payment auth challenges from `WWW-Authenticate`
- * - Falls back to x402 exact challenges from `PAYMENT-REQUIRED`
- * - Sends credentials via `Authorization` or `PAYMENT-SIGNATURE`
- */
-export function http() {
+/** HTTP transport that composes payment protocols while keeping `fetch` as the single boundary. */
+export function http(): Transport<RequestInit, Response> {
+  const protocols: readonly Protocol[] = [mppProtocol(), x402Protocol(), mcpProtocol()]
+  const protocolForChallenge = new WeakMap<Challenge.Challenge, Protocol>()
+  const remember = (protocol: Protocol, challenges: Challenge.Challenge[]) => {
+    for (const challenge of challenges) protocolForChallenge.set(challenge, protocol)
+    return challenges
+  }
+  // Collect every protocol offer. Header-only 402 paths stay synchronous; MCP returns a promise
+  // only when it has to inspect a JSON-RPC/SSE body.
+  const collect = (
+    response: Response,
+    request?: RequestInit,
+  ): Challenge.Challenge[] | Promise<Challenge.Challenge[]> => {
+    const collectFrom = (
+      index: number,
+      collected: Challenge.Challenge[],
+    ): Challenge.Challenge[] | Promise<Challenge.Challenge[]> => {
+      for (let i = index; i < protocols.length; i++) {
+        const protocol = protocols[i]!
+        const challenges = protocol.getChallenges(response, request)
+        if (challenges instanceof Promise)
+          return challenges.then((list) =>
+            collectFrom(i + 1, [...collected, ...remember(protocol, list)]),
+          )
+        collected.push(...remember(protocol, challenges))
+      }
+      return collected
+    }
+    return collectFrom(0, [])
+  }
   return from<RequestInit, Response>({
     name: 'http',
-    isPaymentRequired(response) {
-      return response.status === paymentRequiredStatus
+    isPaymentRequired(response, request) {
+      if (response.status === paymentRequiredStatus) return true // HTTP 402 — sync fast path
+      const challenges = collect(response, request)
+      return challenges instanceof Promise
+        ? challenges.then((list) => list.length > 0)
+        : challenges.length > 0
     },
-    getChallenges(response) {
-      return paymentRequiredChallenges(response)
+    getChallenges(response, request) {
+      return collect(response, request)
     },
-    getChallenge(response) {
-      const challenge = paymentRequiredChallenges(response)[0]
-      if (!challenge) throw new Error('No challenge in response.')
-      return challenge
+    getChallenge(response, request) {
+      const pick = (challenges: Challenge.Challenge[]): Challenge.Challenge => {
+        const challenge = challenges[0]
+        if (!challenge) throw new Error('No challenge in response.')
+        return challenge
+      }
+      const challenges = collect(response, request)
+      return challenges instanceof Promise ? challenges.then(pick) : pick(challenges)
     },
     setCredential(request, credential, options) {
-      const headers = new Headers(request.headers)
-      for (const header of credentialHeaders) headers.delete(header)
-      if (isX402Challenge(options?.challenge)) {
-        headers.set(x402_Types.paymentSignatureHeader, credential)
-      } else {
-        headers.set(Constants.Headers.authorization, credential)
-      }
-      return { ...request, headers }
+      const protocol = options?.challenge ? protocolForChallenge.get(options.challenge) : undefined
+      const fallback = protocols[0]
+      if (!protocol && !fallback) throw new Error('No protocol to attach the credential.')
+      return (protocol ?? fallback)!.setCredential(request, credential)
     },
   })
 }
-function paymentRequiredChallenges(response: Response): Challenge.Challenge[] {
-  return [
-    ...(response.headers.has(Constants.Headers.wwwAuthenticate)
-      ? Challenge.fromResponseList(response)
-      : []),
-    ...x402Challenges(response),
-  ]
-}
-function x402Challenges(response: Response): Challenge.Challenge[] {
-  const header = response.headers.get(x402_Types.paymentRequiredHeader)
-  if (!header) return []
-  const paymentRequired = x402_Header.decodePaymentRequired(header)
-  if (response.url && paymentRequired.resource.url !== response.url)
-    throw new Error('x402 payment-required resource does not match response URL.')
-  return paymentRequired.accepts.map((accepted, index) =>
-    x402_ChallengeBrand.mark(
-      Challenge.from({
-        id: `${x402_Types.syntheticChallengeIdPrefix}${index}`,
-        intent: x402_Types.exactIntent,
-        method: x402_Types.paymentMethod,
-        realm: new URL(paymentRequired.resource.url).host,
-        request: {
-          ...accepted,
-          ...(paymentRequired.extensions ? { extensions: paymentRequired.extensions } : {}),
-          resource: paymentRequired.resource,
-        },
-      }),
-    ),
-  )
-}
-function isX402Challenge(challenge: Challenge.Challenge | undefined): boolean {
-  return x402_ChallengeBrand.is(challenge)
-}
 /**
- * MCP transport for client-side payment handling.
+ * MCP protocol transport for direct JSON-RPC objects.
  *
- * - Detects payment required via error code -32042
- * - Extracts challenges from `error.data.challenges[0]`
- * - Sends credentials via `_meta["org.paymentauth/credential"]`
+ * Prefer {@link http} for MCP-over-HTTP fetches; this remains for callers that already operate on
+ * parsed MCP request/response objects.
  */
 export function mcp() {
   return from<Mcp.Request, Mcp.Response>({
@@ -184,8 +178,8 @@ export function mcp() {
         ...request,
         params: {
           ...request.params,
-          _meta: {
-            ...request.params?._meta,
+          ['_meta']: {
+            ...request.params?.['_meta'],
             [Mcp.credentialMetaKey]: parsed,
           },
         },

package/src/client/index.ts CHANGED Viewed

@@ -11,5 +11,19 @@ export {
   stripe,
   tempo,
 } from './Methods.js'
+export {
+  createChannelStore,
+  createJsonChannelStore,
+  entryKey,
+  type ChannelStore,
+  type JsonChannelKv,
+} from '../tempo/session/client/ChannelStore.js'
+export type { ChargeContext } from '../tempo/client/Charge.js'
+export type {
+  ResolveAccount,
+  ResolveAccountCall,
+  ResolveAccountInfo,
+  ResolveAccountOperation,
+} from '../tempo/client/ResolveAccount.js'
 export * as Mppx from './Mppx.js'
 export * as Transport from './Transport.js'

package/src/client/internal/Fetch.test.ts CHANGED Viewed

@@ -1,6 +1,7 @@
-import { Challenge, Errors, Receipt } from 'mppx'
+import { Challenge, Credential, Errors, Mcp, Receipt } from 'mppx'
 import { tempo } from 'mppx/client'
 import { Mppx as Mppx_server, tempo as tempo_server } from 'mppx/server'
+import { Header as x402_Header, Types as x402_Types, type PaymentRequired } from 'mppx/x402'
 import { createClient, defineChain } from 'viem'
 import { describe, expect, test, vi } from 'vp/test'
 import * as Http from '~test/Http.js'
@@ -10,7 +11,7 @@ import { accounts, asset, chain, client, http } from '~test/tempo/viem.js'
 import * as Fetch from './Fetch.js'
 const realm = 'api.example.com'
-const secretKey = 'test-secret-key'
+const secretKey = 'test-secret-key-test-secret-key-32'
 const server = Mppx_server.create({
   methods: [
@@ -334,6 +335,21 @@ const noopMethod = {
   createCredential: async () => 'credential',
 } as any
+const x402PaymentRequired = {
+  accepts: [
+    {
+      amount: '10000',
+      asset: '0x036CbD53842c5426634e7929541eC2318f3dCF7e',
+      maxTimeoutSeconds: 60,
+      network: 'eip155:84532',
+      payTo: '0x209693Bc6afc0C5328bA36FaF03C514EF312287C',
+      scheme: x402_Types.schemes[0],
+    },
+  ],
+  resource: { url: 'https://example.com/api' },
+  x402Version: 2,
+} satisfies PaymentRequired
 /** Builds a valid 402 response with a WWW-Authenticate header. */
 function make402(overrides?: { expires?: string; intent?: string; method?: string }) {
   const method = overrides?.method ?? 'test'
@@ -350,6 +366,19 @@ function make402(overrides?: { expires?: string; intent?: string; method?: strin
   })
 }
+function makeCombined402() {
+  const response = make402()
+  const headers = new Headers(response.headers)
+  headers.set(
+    x402_Types.paymentRequiredHeader,
+    x402_Header.encodePaymentRequired(x402PaymentRequired),
+  )
+  return new Response(null, {
+    status: 402,
+    headers,
+  })
+}
 describe('Fetch.from: init passthrough (non-402)', () => {
   test('preserves init object identity while adding Accept-Payment', async () => {
     const receivedInits: (RequestInit | undefined)[] = []
@@ -669,6 +698,182 @@ describe('Fetch.from: 402 retry path', () => {
     expect(headers.get('Authorization')).toBe('credential')
   })
+  test('chooses native Payment-auth from combined MPP and x402 HTTP 402 offers', async () => {
+    let callCount = 0
+    const calls: { init: RequestInit | undefined }[] = []
+    const mockFetch: typeof globalThis.fetch = async (_input, init) => {
+      calls.push({ init })
+      callCount++
+      if (callCount === 1) return makeCombined402()
+      return new Response('OK', { status: 200 })
+    }
+    const fetch = Fetch.from({
+      fetch: mockFetch,
+      methods: [noopMethod],
+    })
+    const response = await fetch('https://example.com/api')
+    expect(response.status).toBe(200)
+    expect(calls).toHaveLength(2)
+    const retryHeaders = new Headers(calls[1]!.init?.headers)
+    expect(retryHeaders.get('Authorization')).toBe('credential')
+    expect(retryHeaders.get(x402_Types.paymentSignatureHeader)).toBeNull()
+  })
+  test('settles MCP-over-HTTP JSON-RPC payment challenges at the fetch boundary', async () => {
+    const mcpChallenge = Challenge.from({
+      id: 'mcp-challenge',
+      intent: 'test',
+      method: 'test',
+      realm: 'test',
+      request: { amount: '1' },
+    })
+    const method = {
+      ...noopMethod,
+      createCredential: async ({ challenge }: { challenge: Challenge.Challenge }) =>
+        Credential.serialize({ challenge, payload: { source: 'mcp' } }),
+    }
+    const initialBody = JSON.stringify({
+      jsonrpc: '2.0',
+      id: 1,
+      method: 'tools/call',
+      params: { name: 'paid-tool' },
+    })
+    let callCount = 0
+    const calls: { init: RequestInit | undefined }[] = []
+    const mockFetch: typeof globalThis.fetch = async (_input, init) => {
+      calls.push({ init })
+      callCount++
+      if (callCount === 1)
+        return Response.json({
+          jsonrpc: '2.0',
+          id: 1,
+          error: {
+            code: Mcp.paymentRequiredCode,
+            message: 'Payment Required',
+            data: { challenges: [mcpChallenge] },
+          },
+        })
+      const body = JSON.parse(init?.body as string)
+      expect(new Headers(init?.headers).get('Authorization')).toBeNull()
+      expect(body.params['_meta'][Mcp.credentialMetaKey]).toMatchObject({
+        payload: { source: 'mcp' },
+      })
+      return Response.json({ ok: true })
+    }
+    const fetch = Fetch.from({
+      fetch: mockFetch,
+      methods: [method],
+    })
+    const response = await fetch('https://example.com/mcp', {
+      method: 'POST',
+      headers: { accept: 'application/json, text/event-stream' },
+      body: initialBody,
+    })
+    expect(response.status).toBe(200)
+    expect(calls).toHaveLength(2)
+  })
+  test('settles MCP-over-HTTP when the JSON-RPC request body is carried by Request input', async () => {
+    const mcpChallenge = Challenge.from({
+      id: 'mcp-request-input-challenge',
+      intent: 'test',
+      method: 'test',
+      realm: 'test',
+      request: { amount: '1' },
+    })
+    const method = {
+      ...noopMethod,
+      createCredential: async ({ challenge }: { challenge: Challenge.Challenge }) =>
+        Credential.serialize({ challenge, payload: { source: 'request-input' } }),
+    }
+    const initialBody = JSON.stringify({
+      jsonrpc: '2.0',
+      id: 1,
+      method: 'tools/call',
+      params: { name: 'paid-tool' },
+    })
+    let callCount = 0
+    const calls: { init: RequestInit | undefined; input: RequestInfo | URL }[] = []
+    const mockFetch: typeof globalThis.fetch = async (input, init) => {
+      calls.push({ input, init })
+      callCount++
+      if (callCount === 1) {
+        expect(input).toBeInstanceOf(Request)
+        expect(await (input as Request).text()).toBe(initialBody)
+        return Response.json({
+          jsonrpc: '2.0',
+          id: 1,
+          error: {
+            code: Mcp.paymentRequiredCode,
+            message: 'Payment Required',
+            data: { challenges: [mcpChallenge] },
+          },
+        })
+      }
+      const body = JSON.parse(init?.body as string)
+      expect(body.params['_meta'][Mcp.credentialMetaKey]).toMatchObject({
+        payload: { source: 'request-input' },
+      })
+      return Response.json({ ok: true })
+    }
+    const fetch = Fetch.from({
+      fetch: mockFetch,
+      methods: [method],
+    })
+    const request = new Request('https://example.com/mcp', {
+      method: 'POST',
+      headers: { accept: 'application/json, text/event-stream' },
+      body: initialBody,
+    })
+    const response = await fetch(request)
+    expect(response.status).toBe(200)
+    expect(calls).toHaveLength(2)
+    expect(calls[1]?.input).toBe(request)
+  })
+  test('settles native HTTP 402 when a POST body is carried by Request input', async () => {
+    const initialBody = JSON.stringify({ ok: true })
+    let callCount = 0
+    const calls: { init: RequestInit | undefined; input: RequestInfo | URL }[] = []
+    const mockFetch: typeof globalThis.fetch = async (input, init) => {
+      calls.push({ input, init })
+      callCount++
+      const request = input instanceof Request && !init ? input : new Request(input, init)
+      expect(await request.text()).toBe(initialBody)
+      if (callCount === 1) return make402()
+      expect(request.headers.get('Authorization')).toBe('credential')
+      return new Response('OK', { status: 200 })
+    }
+    const fetch = Fetch.from({
+      fetch: mockFetch,
+      methods: [noopMethod],
+    })
+    const request = new Request('https://example.com/api', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: initialBody,
+    })
+    const response = await fetch(request)
+    expect(response.status).toBe(200)
+    expect(calls).toHaveLength(2)
+    expect(calls[1]?.input).toBe(request)
+  })
   test('sends credential retry to the final same-origin 402 response URL', async () => {
     let callCount = 0
     const calls: { input: RequestInfo | URL; init: RequestInit | undefined }[] = []

package/src/client/internal/Fetch.ts CHANGED Viewed

@@ -176,6 +176,7 @@ export function from<const methods extends readonly Method.AnyClient[]>(
     const callerHeaders = getCallerHeaders(input, init?.headers)
     const hasExplicitAcceptPayment = callerHeaders.has(Constants.Headers.acceptPayment)
     const paymentPreferences = resolvePaymentPreferences(callerHeaders, resolvedAcceptPayment)
+    const capturedBody = captureRequestBody(input, init, callerHeaders)
     const initialRequest = prepareInitialRequest(
       input,
       init,
@@ -184,9 +185,10 @@ export function from<const methods extends readonly Method.AnyClient[]>(
       hasExplicitAcceptPayment,
       acceptPaymentPolicy,
     )
-    const response = await baseFetch(initialRequest.input, initialRequest.init)
+    const response = await baseFetch(cloneRequestInput(initialRequest.input), initialRequest.init)
+    const transportRequest = withCapturedBody(initialRequest.init, await capturedBody)
-    if (!transport.isPaymentRequired(response)) return response
+    if (!(await transport.isPaymentRequired(response, transportRequest as never))) return response
     // Only extract context for payment handling after confirming 402.
     const context = (init as Record<string, unknown> | undefined)?.context
@@ -194,7 +196,7 @@ export function from<const methods extends readonly Method.AnyClient[]>(
       context: _,
       orderChallenges: requestOrderChallenges,
       ...fetchInit
-    } = (initialRequest.init ?? {}) as Record<string, unknown>
+    } = (transportRequest ?? {}) as Record<string, unknown>
     let challenge: Challenge.Challenge | undefined
     let challenges: readonly Challenge.Challenge[] | undefined
@@ -202,8 +204,8 @@ export function from<const methods extends readonly Method.AnyClient[]>(
     try {
       challenges = transport.getChallenges
-        ? transport.getChallenges(response)
-        : [transport.getChallenge(response)]
+        ? await transport.getChallenges(response, transportRequest as never)
+        : [await transport.getChallenge(response, transportRequest as never)]
       const candidates = AcceptPayment.selectChallengeCandidates(
         challenges,
@@ -666,7 +668,13 @@ function snapshotInit<methods extends readonly Method.AnyClient[]>(
 }
 function snapshotInput(input: RequestInfo | URL | undefined): RequestInfo | URL | undefined {
-  if (input instanceof Request) return input.clone()
+  if (input instanceof Request) {
+    try {
+      return input.clone()
+    } catch {
+      return input
+    }
+  }
   if (input instanceof URL) return new URL(input)
   return input
 }
@@ -738,6 +746,35 @@ function prepareInitialRequest<methods extends readonly Method.AnyClient[]>(
   }
 }
+function captureRequestBody<methods extends readonly Method.AnyClient[]>(
+  input: RequestInfo | URL,
+  init: from.RequestInit<methods> | undefined,
+  headers: Headers,
+): Promise<string | undefined> | undefined {
+  if (!(input instanceof Request) || init?.body !== undefined || !input.body || input.bodyUsed)
+    return undefined
+  if (!headers.has('mcp-method')) {
+    const accept = headers.get('accept')?.toLowerCase() ?? ''
+    if (!accept.includes('application/json') || !accept.includes('text/event-stream'))
+      return undefined
+  }
+  try {
+    return input
+      .clone()
+      .text()
+      .catch(() => undefined)
+  } catch {
+    return undefined
+  }
+}
+function withCapturedBody<methods extends readonly Method.AnyClient[]>(
+  init: from.RequestInit<methods> | undefined,
+  body: string | undefined,
+): from.RequestInit<methods> | undefined {
+  return body === undefined ? init : ({ ...init, body } as from.RequestInit<methods>)
+}
 /** @internal */
 function getCallerHeaders(input: RequestInfo | URL, headers: HeadersInit | undefined): Headers {
   if (headers) return new Headers(headers)
@@ -753,6 +790,15 @@ function unwrapFetch(fetch: typeof globalThis.fetch): typeof globalThis.fetch {
   return current as typeof globalThis.fetch
 }
+function cloneRequestInput(input: RequestInfo | URL): RequestInfo | URL {
+  if (!(input instanceof Request) || !input.body || input.bodyUsed) return input
+  try {
+    return input.clone()
+  } catch {
+    return input
+  }
+}
 /** @internal */
 function isWrappedFetch(fetch: typeof globalThis.fetch): fetch is WrappedFetch {
   return Boolean((fetch as WrappedFetch)[MPPX_FETCH_WRAPPER])