npm - mppx - Versions diffs - 0.7.0 → 0.8.1 - Mend

mppx 0.7.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (290) hide show

package/CHANGELOG.md +41 -0
package/README.md +20 -11
package/dist/Challenge.d.ts.map +1 -1
package/dist/Challenge.js +18 -6
package/dist/Challenge.js.map +1 -1
package/dist/Mcp.d.ts +3 -0
package/dist/Mcp.d.ts.map +1 -1
package/dist/Mcp.js +2 -0
package/dist/Mcp.js.map +1 -1
package/dist/PaymentRequest.d.ts +10 -10
package/dist/PaymentRequest.js +8 -8
package/dist/cli/internal.d.ts +1 -0
package/dist/cli/internal.d.ts.map +1 -1
package/dist/cli/internal.js +1 -15
package/dist/cli/internal.js.map +1 -1
package/dist/client/Mppx.js +2 -2
package/dist/client/Mppx.js.map +1 -1
package/dist/client/Transport.d.ts +11 -16
package/dist/client/Transport.d.ts.map +1 -1
package/dist/client/Transport.js +55 -75
package/dist/client/Transport.js.map +1 -1
package/dist/client/index.d.ts +3 -0
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +1 -0
package/dist/client/index.js.map +1 -1
package/dist/client/internal/Fetch.d.ts.map +1 -1
package/dist/client/internal/Fetch.js +46 -7
package/dist/client/internal/Fetch.js.map +1 -1
package/dist/client/internal/protocols/Mcp.d.ts +7 -0
package/dist/client/internal/protocols/Mcp.d.ts.map +1 -0
package/dist/client/internal/protocols/Mcp.js +159 -0
package/dist/client/internal/protocols/Mcp.js.map +1 -0
package/dist/client/internal/protocols/Mpp.d.ts +4 -0
package/dist/client/internal/protocols/Mpp.d.ts.map +1 -0
package/dist/client/internal/protocols/Mpp.js +18 -0
package/dist/client/internal/protocols/Mpp.js.map +1 -0
package/dist/client/internal/protocols/Protocol.d.ts +10 -0
package/dist/client/internal/protocols/Protocol.d.ts.map +1 -0
package/dist/client/internal/protocols/Protocol.js +2 -0
package/dist/client/internal/protocols/Protocol.js.map +1 -0
package/dist/client/internal/protocols/Shared.d.ts +5 -0
package/dist/client/internal/protocols/Shared.d.ts.map +1 -0
package/dist/client/internal/protocols/Shared.js +20 -0
package/dist/client/internal/protocols/Shared.js.map +1 -0
package/dist/client/internal/protocols/X402.d.ts +8 -0
package/dist/client/internal/protocols/X402.d.ts.map +1 -0
package/dist/client/internal/protocols/X402.js +39 -0
package/dist/client/internal/protocols/X402.js.map +1 -0
package/dist/evm/client/index.d.ts +1 -0
package/dist/evm/client/index.d.ts.map +1 -1
package/dist/evm/client/index.js +1 -0
package/dist/evm/client/index.js.map +1 -1
package/dist/evm/index.d.ts +2 -0
package/dist/evm/index.d.ts.map +1 -1
package/dist/evm/index.js +2 -0
package/dist/evm/index.js.map +1 -1
package/dist/evm/server/index.d.ts +1 -0
package/dist/evm/server/index.d.ts.map +1 -1
package/dist/evm/server/index.js +1 -0
package/dist/evm/server/index.js.map +1 -1
package/dist/mcp/client/McpClient.d.ts +101 -0
package/dist/mcp/client/McpClient.d.ts.map +1 -0
package/dist/mcp/client/McpClient.js +162 -0
package/dist/mcp/client/McpClient.js.map +1 -0
package/dist/mcp/client/index.d.ts.map +1 -0
package/dist/mcp/client/index.js.map +1 -0
package/dist/mcp/server/Transport.d.ts.map +1 -0
package/dist/mcp/server/Transport.js.map +1 -0
package/dist/mcp/server/index.d.ts.map +1 -0
package/dist/mcp/server/index.js.map +1 -0
package/dist/server/Mppx.d.ts +1 -1
package/dist/server/Mppx.d.ts.map +1 -1
package/dist/server/Mppx.js +9 -0
package/dist/server/Mppx.js.map +1 -1
package/dist/server/Transport.d.ts +1 -1
package/dist/server/Transport.d.ts.map +1 -1
package/dist/server/Transport.js +1 -1
package/dist/server/Transport.js.map +1 -1
package/dist/stripe/server/internal/html.gen.d.ts +1 -1
package/dist/stripe/server/internal/html.gen.d.ts.map +1 -1
package/dist/stripe/server/internal/html.gen.js +1 -1
package/dist/stripe/server/internal/html.gen.js.map +1 -1
package/dist/tempo/Proof.d.ts +85 -1
package/dist/tempo/Proof.d.ts.map +1 -1
package/dist/tempo/Proof.js +35 -0
package/dist/tempo/Proof.js.map +1 -1
package/dist/tempo/client/Charge.d.ts +13 -1
package/dist/tempo/client/Charge.d.ts.map +1 -1
package/dist/tempo/client/Charge.js +38 -25
package/dist/tempo/client/Charge.js.map +1 -1
package/dist/tempo/client/Methods.d.ts +5 -3
package/dist/tempo/client/Methods.d.ts.map +1 -1
package/dist/tempo/client/Methods.js +4 -2
package/dist/tempo/client/Methods.js.map +1 -1
package/dist/tempo/client/ResolveAccount.d.ts +40 -0
package/dist/tempo/client/ResolveAccount.d.ts.map +1 -0
package/dist/tempo/client/ResolveAccount.js +2 -0
package/dist/tempo/client/ResolveAccount.js.map +1 -0
package/dist/tempo/internal/fee-payer.d.ts +26 -1
package/dist/tempo/internal/fee-payer.d.ts.map +1 -1
package/dist/tempo/internal/fee-payer.js +83 -30
package/dist/tempo/internal/fee-payer.js.map +1 -1
package/dist/tempo/internal/proof.d.ts +71 -5
package/dist/tempo/internal/proof.d.ts.map +1 -1
package/dist/tempo/internal/proof.js +42 -6
package/dist/tempo/internal/proof.js.map +1 -1
package/dist/tempo/legacy/client/SessionManager.d.ts.map +1 -1
package/dist/tempo/legacy/client/SessionManager.js +10 -3
package/dist/tempo/legacy/client/SessionManager.js.map +1 -1
package/dist/tempo/server/Charge.d.ts.map +1 -1
package/dist/tempo/server/Charge.js +46 -18
package/dist/tempo/server/Charge.js.map +1 -1
package/dist/tempo/server/Methods.d.ts +4 -2
package/dist/tempo/server/Methods.d.ts.map +1 -1
package/dist/tempo/server/Methods.js +4 -2
package/dist/tempo/server/Methods.js.map +1 -1
package/dist/tempo/server/Subscription.d.ts +10 -0
package/dist/tempo/server/Subscription.d.ts.map +1 -1
package/dist/tempo/server/Subscription.js +135 -23
package/dist/tempo/server/Subscription.js.map +1 -1
package/dist/tempo/server/internal/html.gen.d.ts +1 -1
package/dist/tempo/server/internal/html.gen.d.ts.map +1 -1
package/dist/tempo/server/internal/html.gen.js +1 -1
package/dist/tempo/server/internal/html.gen.js.map +1 -1
package/dist/tempo/session/client/ChannelOps.d.ts +2 -3
package/dist/tempo/session/client/ChannelOps.d.ts.map +1 -1
package/dist/tempo/session/client/ChannelOps.js +7 -10
package/dist/tempo/session/client/ChannelOps.js.map +1 -1
package/dist/tempo/session/client/ChannelStore.d.ts +51 -0
package/dist/tempo/session/client/ChannelStore.d.ts.map +1 -0
package/dist/tempo/session/client/ChannelStore.js +63 -0
package/dist/tempo/session/client/ChannelStore.js.map +1 -0
package/dist/tempo/session/client/CredentialState.d.ts +7 -24
package/dist/tempo/session/client/CredentialState.d.ts.map +1 -1
package/dist/tempo/session/client/CredentialState.js +51 -49
package/dist/tempo/session/client/CredentialState.js.map +1 -1
package/dist/tempo/session/client/Session.d.ts +8 -2
package/dist/tempo/session/client/Session.d.ts.map +1 -1
package/dist/tempo/session/client/Session.js +22 -8
package/dist/tempo/session/client/Session.js.map +1 -1
package/dist/tempo/session/client/SessionManager.d.ts +4 -40
package/dist/tempo/session/client/SessionManager.d.ts.map +1 -1
package/dist/tempo/session/client/SessionManager.js +124 -174
package/dist/tempo/session/client/SessionManager.js.map +1 -1
package/dist/tempo/session/client/index.d.ts +3 -4
package/dist/tempo/session/client/index.d.ts.map +1 -1
package/dist/tempo/session/client/index.js +1 -0
package/dist/tempo/session/client/index.js.map +1 -1
package/dist/tempo/session/precompile/Voucher.d.ts +3 -3
package/dist/tempo/session/precompile/Voucher.d.ts.map +1 -1
package/dist/tempo/session/precompile/Voucher.js +24 -25
package/dist/tempo/session/precompile/Voucher.js.map +1 -1
package/dist/tempo/session/server/CredentialVerification.d.ts +6 -0
package/dist/tempo/session/server/CredentialVerification.d.ts.map +1 -1
package/dist/tempo/session/server/CredentialVerification.js +13 -0
package/dist/tempo/session/server/CredentialVerification.js.map +1 -1
package/dist/tempo/session/server/Settlement.d.ts.map +1 -1
package/dist/tempo/session/server/Settlement.js +4 -2
package/dist/tempo/session/server/Settlement.js.map +1 -1
package/dist/tempo/session/server/Sse.d.ts.map +1 -1
package/dist/tempo/session/server/Sse.js.map +1 -1
package/dist/tempo/session/server/Ws.d.ts.map +1 -1
package/dist/tempo/session/server/Ws.js.map +1 -1
package/dist/tempo/subscription/KeyAuthorization.d.ts +712 -1
package/dist/tempo/subscription/KeyAuthorization.d.ts.map +1 -1
package/dist/tempo/subscription/Store.d.ts +2 -0
package/dist/tempo/subscription/Store.d.ts.map +1 -1
package/dist/tempo/subscription/Store.js +16 -1
package/dist/tempo/subscription/Store.js.map +1 -1
package/dist/x402/index.d.ts +1 -0
package/dist/x402/index.d.ts.map +1 -1
package/dist/x402/index.js +1 -0
package/dist/x402/index.js.map +1 -1
package/package.json +21 -10
package/src/Challenge.test.ts +40 -0
package/src/Challenge.ts +19 -6
package/src/Mcp.ts +4 -0
package/src/PaymentRequest.ts +10 -10
package/src/cli/cli.test.ts +15 -15
package/src/cli/config.test.ts +13 -7
package/src/cli/internal.ts +1 -16
package/src/client/Mppx.test-d.ts +21 -1
package/src/client/Mppx.test.ts +1 -1
package/src/client/Mppx.ts +2 -2
package/src/client/Transport.test.ts +225 -178
package/src/client/Transport.ts +77 -83
package/src/client/index.ts +14 -0
package/src/client/internal/Fetch.test.ts +207 -2
package/src/client/internal/Fetch.ts +52 -6
package/src/client/internal/protocols/Mcp.test.ts +220 -0
package/src/client/internal/protocols/Mcp.ts +162 -0
package/src/client/internal/protocols/Mpp.ts +21 -0
package/src/client/internal/protocols/Protocol.ts +10 -0
package/src/client/internal/protocols/Shared.ts +25 -0
package/src/client/internal/protocols/X402.ts +42 -0
package/src/discovery/OpenApi.test.ts +1 -1
package/src/evm/PublicInterface.test-d.ts +1 -1
package/src/evm/client/index.ts +1 -0
package/src/evm/index.ts +2 -0
package/src/evm/server/Charge.test.ts +1 -1
package/src/evm/server/index.ts +1 -0
package/src/{mcp-sdk → mcp}/client/McpClient.integration.test.ts +10 -4
package/src/{mcp-sdk → mcp}/client/McpClient.test-d.ts +45 -18
package/src/{mcp-sdk → mcp}/client/McpClient.test.ts +211 -5
package/src/mcp/client/McpClient.ts +307 -0
package/src/{mcp-sdk → mcp}/client/McpClient.unit.test.ts +9 -5
package/src/middlewares/elysia.test.ts +1 -1
package/src/middlewares/express.test.ts +1 -1
package/src/middlewares/hono.test.ts +1 -1
package/src/middlewares/internal/mppx.test.ts +1 -1
package/src/middlewares/nextjs.test.ts +1 -1
package/src/proxy/Proxy.test.ts +1 -1
package/src/proxy/services/anthropic.test.ts +1 -1
package/src/proxy/services/openai.test.ts +1 -1
package/src/proxy/services/stripe.test.ts +1 -1
package/src/server/Mppx.authorize.test.ts +1 -1
package/src/server/Mppx.test-d.ts +1 -1
package/src/server/Mppx.test.ts +20 -2
package/src/server/Mppx.ts +14 -1
package/src/server/Transport.test.ts +6 -6
package/src/server/Transport.ts +1 -1
package/src/stripe/Charge.integration.test.ts +1 -1
package/src/stripe/client/Charge.test.ts +1 -1
package/src/stripe/server/Charge.test.ts +1 -1
package/src/stripe/server/internal/html/package.json +1 -1
package/src/stripe/server/internal/html.gen.ts +1 -1
package/src/tempo/Proof.conformance.test.ts +146 -0
package/src/tempo/Proof.test-d.ts +15 -0
package/src/tempo/Proof.ts +52 -1
package/src/tempo/Subscription.integration.test.ts +1 -1
package/src/tempo/client/Charge.test.ts +173 -0
package/src/tempo/client/Charge.ts +65 -36
package/src/tempo/client/Methods.ts +4 -2
package/src/tempo/client/ResolveAccount.ts +46 -0
package/src/tempo/internal/fee-payer.test.ts +89 -10
package/src/tempo/internal/fee-payer.ts +128 -41
package/src/tempo/internal/proof.test.ts +12 -4
package/src/tempo/internal/proof.ts +55 -6
package/src/tempo/legacy/client/SessionManager.ts +11 -3
package/src/tempo/legacy/server/Session.test.ts +91 -26
package/src/tempo/server/Charge.test.ts +388 -17
package/src/tempo/server/Charge.ts +50 -24
package/src/tempo/server/Methods.ts +4 -2
package/src/tempo/server/Subscription.test.ts +465 -3
package/src/tempo/server/Subscription.ts +174 -19
package/src/tempo/server/internal/html/package.json +2 -2
package/src/tempo/server/internal/html.gen.ts +1 -1
package/src/tempo/session/client/ChannelOps.ts +5 -19
package/src/tempo/session/client/ChannelStore.ts +111 -0
package/src/tempo/session/client/CredentialState.test.ts +206 -62
package/src/tempo/session/client/CredentialState.ts +58 -73
package/src/tempo/session/client/Session.test.ts +41 -1
package/src/tempo/session/client/Session.ts +36 -10
package/src/tempo/session/client/SessionManager.test.ts +154 -65
package/src/tempo/session/client/SessionManager.ts +141 -235
package/src/tempo/session/client/index.ts +8 -5
package/src/tempo/session/precompile/Voucher.test.ts +45 -7
package/src/tempo/session/precompile/Voucher.ts +27 -25
package/src/tempo/session/server/CredentialVerification.test.ts +36 -0
package/src/tempo/session/server/CredentialVerification.ts +18 -0
package/src/tempo/session/server/Session.test.ts +4 -4
package/src/tempo/session/server/Settlement.test.ts +88 -1
package/src/tempo/session/server/Settlement.ts +2 -1
package/src/tempo/session/server/Sse.ts +0 -2
package/src/tempo/session/server/Ws.ts +0 -4
package/src/tempo/subscription/Store.ts +27 -9
package/src/x402/Exact.e2e.test.ts +1 -1
package/src/x402/PublicInterface.test-d.ts +1 -1
package/src/x402/index.ts +1 -0
package/dist/mcp-sdk/client/McpClient.d.ts +0 -85
package/dist/mcp-sdk/client/McpClient.d.ts.map +0 -1
package/dist/mcp-sdk/client/McpClient.js +0 -118
package/dist/mcp-sdk/client/McpClient.js.map +0 -1
package/dist/mcp-sdk/client/index.d.ts.map +0 -1
package/dist/mcp-sdk/client/index.js.map +0 -1
package/dist/mcp-sdk/server/Transport.d.ts.map +0 -1
package/dist/mcp-sdk/server/Transport.js.map +0 -1
package/dist/mcp-sdk/server/index.d.ts.map +0 -1
package/dist/mcp-sdk/server/index.js.map +0 -1
package/src/mcp-sdk/client/McpClient.ts +0 -228
/package/dist/{mcp-sdk → mcp}/client/index.d.ts +0 -0
/package/dist/{mcp-sdk → mcp}/client/index.js +0 -0
/package/dist/{mcp-sdk → mcp}/server/Transport.d.ts +0 -0
/package/dist/{mcp-sdk → mcp}/server/Transport.js +0 -0
/package/dist/{mcp-sdk → mcp}/server/index.d.ts +0 -0
/package/dist/{mcp-sdk → mcp}/server/index.js +0 -0
/package/src/{mcp-sdk → mcp}/client/index.ts +0 -0
/package/src/{mcp-sdk → mcp}/server/Transport.test.ts +0 -0
/package/src/{mcp-sdk → mcp}/server/Transport.ts +0 -0
/package/src/{mcp-sdk → mcp}/server/index.ts +0 -0

package/src/client/internal/protocols/Mcp.test.ts ADDED Viewed

@@ -0,0 +1,220 @@
+import { Challenge, Mcp } from 'mppx'
+import { Methods } from 'mppx/tempo'
+import { describe, expect, test } from 'vp/test'
+import { mcp } from './Mcp.js'
+const challenge = Challenge.fromMethod(Methods.charge, {
+  realm: 'api.example.com',
+  secretKey: 'test-secret-key',
+  expires: '2025-01-01T00:00:00.000Z',
+  request: {
+    amount: '0.001',
+    currency: '0x20c0000000000000000000000000000000000001',
+    decimals: 6,
+    recipient: '0x742d35Cc6634C0532925a3b844Bc9e7595f8fE00',
+  },
+})
+const paymentRequired = {
+  jsonrpc: '2.0',
+  id: 1,
+  error: {
+    code: Mcp.paymentRequiredCode,
+    message: 'Payment Required',
+    data: { challenges: [challenge] },
+  },
+}
+const request = (overrides: Partial<RequestInit> = {}) =>
+  ({
+    headers: { accept: 'application/json, text/event-stream' },
+    body: JSON.stringify({ jsonrpc: '2.0', id: 1, method: 'tools/call', params: {} }),
+    ...overrides,
+  }) satisfies RequestInit
+const jsonResponse = (body: unknown, contentType = 'application/json') =>
+  new Response(typeof body === 'string' ? body : JSON.stringify(body), {
+    headers: { 'content-type': contentType },
+  })
+const sseResponse = (body: string) =>
+  new Response(body, { headers: { 'content-type': 'text/event-stream' } })
+const sseEvent = (data: unknown, event = 'message') =>
+  `${event ? `event: ${event}\n` : ''}data: ${
+    typeof data === 'string' ? data : JSON.stringify(data)
+  }\n\n`
+async function getChallengeIds(response: Response, requestInit = request()) {
+  return (await mcp().getChallenges(response, requestInit)).map((entry) => entry.id)
+}
+describe('mcp HTTP protocol', () => {
+  test('extracts payment challenges from JSON-RPC error JSON', async () => {
+    expect(await getChallengeIds(jsonResponse(paymentRequired))).toEqual([challenge.id])
+  })
+  test('extracts all valid payment challenges', async () => {
+    const alternate = { ...challenge, id: 'alternate' }
+    const response = jsonResponse({
+      ...paymentRequired,
+      error: {
+        ...paymentRequired.error,
+        data: { challenges: [challenge, alternate] },
+      },
+    })
+    expect(await getChallengeIds(response)).toEqual([challenge.id, alternate.id])
+  })
+  test('parses JSON content types case-insensitively', async () => {
+    const response = jsonResponse(paymentRequired, 'Application/JSON; charset=utf-8')
+    expect(await getChallengeIds(response)).toEqual([challenge.id])
+  })
+  test.each([
+    { body: '[', name: 'invalid JSON' },
+    { body: [paymentRequired], name: 'JSON-RPC batch' },
+    {
+      body: { jsonrpc: '2.0', method: 'notifications/progress', params: {} },
+      name: 'notification',
+    },
+    { body: { jsonrpc: '2.0', id: 1, method: 'tools/call', params: {} }, name: 'request' },
+    { body: { ...paymentRequired, jsonrpc: '2.1' }, name: 'wrong JSON-RPC version' },
+    { body: { ...paymentRequired, id: null }, name: 'null id' },
+    { body: { ...paymentRequired, id: 2 }, name: 'different id' },
+    { body: { ...paymentRequired, result: {} }, name: 'result and error together' },
+    { body: { jsonrpc: '2.0', id: 1, result: {} }, name: 'successful result' },
+    {
+      body: {
+        jsonrpc: '2.0',
+        id: 1,
+        error: { code: -32600, message: 'Invalid Request' },
+      },
+      name: 'non-payment error',
+    },
+    {
+      body: {
+        jsonrpc: '2.0',
+        id: 1,
+        error: { code: `${Mcp.paymentRequiredCode}`, message: 'Payment Required' },
+      },
+      name: 'string error code',
+    },
+    {
+      body: {
+        jsonrpc: '2.0',
+        id: 1,
+        error: { code: Mcp.paymentRequiredCode, message: 402 },
+      },
+      name: 'non-string error message',
+    },
+  ])('ignores $name message shapes', async ({ body }) => {
+    expect(await getChallengeIds(jsonResponse(body))).toEqual([])
+  })
+  test.each([
+    { challenges: undefined, name: 'missing challenges' },
+    { challenges: [], name: 'empty challenges' },
+    { challenges: challenge, name: 'non-array challenges' },
+    { challenges: [{ ...challenge, realm: undefined }], name: 'invalid challenge' },
+    {
+      challenges: [challenge, { ...challenge, realm: undefined }],
+      name: 'partially invalid challenges',
+    },
+  ])('ignores $name', async ({ challenges }) => {
+    const response = jsonResponse({
+      ...paymentRequired,
+      error: {
+        ...paymentRequired.error,
+        data: challenges === undefined ? undefined : { challenges },
+      },
+    })
+    expect(await getChallengeIds(response)).toEqual([])
+  })
+  test('matches string request and response ids without coercion', async () => {
+    const stringRequest = request({
+      body: JSON.stringify({ jsonrpc: '2.0', id: '1', method: 'tools/call', params: {} }),
+    })
+    const response = jsonResponse({ ...paymentRequired, id: '1' })
+    expect(await getChallengeIds(response, stringRequest)).toEqual([challenge.id])
+    expect(await getChallengeIds(jsonResponse(paymentRequired), stringRequest)).toEqual([])
+  })
+  test.each([
+    {
+      body: '{',
+      headers: { accept: 'application/json, text/event-stream' },
+      name: 'malformed request JSON',
+    },
+    {
+      body: JSON.stringify({ jsonrpc: '2.0', method: 'notifications/initialized' }),
+      headers: { accept: 'application/json, text/event-stream' },
+      name: 'request without id',
+    },
+    {
+      body: JSON.stringify({ jsonrpc: '2.0', id: 1, params: {} }),
+      headers: { accept: 'application/json, text/event-stream' },
+      name: 'request without method',
+    },
+    {
+      body: JSON.stringify({ jsonrpc: '2.0', id: 1, method: 'tools/call', params: {} }),
+      headers: { accept: 'application/json' },
+      name: 'request without Streamable HTTP accept',
+    },
+  ])('does not inspect responses for $name', async ({ body, headers }) => {
+    expect(
+      await getChallengeIds(jsonResponse(paymentRequired), request({ body, headers })),
+    ).toEqual([])
+  })
+  test('accepts the mcp-method header as MCP request provenance', async () => {
+    const requestInit = request({
+      headers: { 'mcp-method': 'tools/call' },
+    })
+    expect(await getChallengeIds(jsonResponse(paymentRequired), requestInit)).toEqual([
+      challenge.id,
+    ])
+  })
+  test('does not inspect native HTTP 402 responses', async () => {
+    expect(await getChallengeIds(jsonResponse(paymentRequired), request({}))).toEqual([
+      challenge.id,
+    ])
+    expect(
+      await getChallengeIds(
+        new Response(JSON.stringify(paymentRequired), {
+          status: 402,
+          headers: { 'content-type': 'application/json' },
+        }),
+      ),
+    ).toEqual([])
+  })
+  test.each([
+    { body: sseEvent(paymentRequired), name: 'message event' },
+    { body: sseEvent(paymentRequired, ''), name: 'event without explicit type' },
+    { body: `: keepalive\n\n${sseEvent(paymentRequired)}`, name: 'message after SSE comment' },
+  ])('extracts payment challenges from SSE $name', async ({ body }) => {
+    expect(await getChallengeIds(sseResponse(body))).toEqual([challenge.id])
+  })
+  test.each([
+    { body: sseEvent('{'), name: 'invalid JSON' },
+    { body: sseEvent({ jsonrpc: '2.0', method: 'notifications/progress' }), name: 'notification' },
+    { body: sseEvent(paymentRequired, 'progress'), name: 'non-message event' },
+    {
+      body:
+        sseEvent({ jsonrpc: '2.0', method: 'notifications/progress' }) + sseEvent(paymentRequired),
+      name: 'payment challenge after first data event',
+    },
+  ])('ignores SSE $name', async ({ body }) => {
+    expect(await getChallengeIds(sseResponse(body))).toEqual([])
+  })
+})

package/src/client/internal/protocols/Mcp.ts ADDED Viewed

@@ -0,0 +1,162 @@
+import { createParser } from 'eventsource-parser'
+import * as Challenge from '../../../Challenge.js'
+import * as Credential from '../../../Credential.js'
+import * as Mcp from '../../../Mcp.js'
+import type { Protocol } from './Protocol.js'
+import { paymentRequiredStatus } from './Shared.js'
+/** Returns the JSON-RPC request id — only requests can receive a `-32042` response. */
+function jsonRpcRequestId(body: unknown): number | string | undefined {
+  if (typeof body !== 'string') return undefined
+  try {
+    const message = JSON.parse(body)
+    const id = message?.id
+    if (message?.jsonrpc !== '2.0' || typeof message?.method !== 'string') return undefined
+    return typeof id === 'string' || typeof id === 'number' ? id : undefined
+  } catch {
+    return undefined
+  }
+}
+const responseCache = new WeakMap<Response, Promise<Mcp.Response | undefined>>()
+function mcpHttpRequestId(request?: RequestInit): number | string | undefined {
+  const id = jsonRpcRequestId(request?.body)
+  if (id === undefined) return undefined
+  const headers = new Headers(request?.headers)
+  if (headers.has('mcp-method')) return id
+  const accept = headers.get('accept')?.toLowerCase() ?? ''
+  return accept.includes('application/json') && accept.includes('text/event-stream')
+    ? id
+    : undefined
+}
+function parseMessage(value: unknown): Mcp.Response | undefined {
+  if (!value || typeof value !== 'object') return undefined
+  const message = value as {
+    error?: { code?: unknown; message?: unknown }
+    id?: unknown
+    jsonrpc?: unknown
+    result?: unknown
+  }
+  const id = message.id
+  if (message.jsonrpc !== '2.0') return undefined
+  if (id !== undefined && typeof id !== 'string' && typeof id !== 'number') return undefined
+  const hasError = 'error' in message
+  const hasResult = 'result' in message
+  if (hasError === hasResult) return undefined
+  if (hasError)
+    return Number.isInteger(message.error?.code) && typeof message.error?.message === 'string'
+      ? (value as Mcp.Response)
+      : undefined
+  return id !== undefined && typeof message.result === 'object'
+    ? (value as Mcp.Response)
+    : undefined
+}
+function paymentRequiredChallenges(
+  message: Mcp.Response | undefined,
+  id: number | string,
+): Challenge.Challenge[] {
+  if (
+    !message ||
+    message.id !== id ||
+    !('error' in message) ||
+    message.error?.code !== Mcp.paymentRequiredCode
+  )
+    return []
+  const challenges = message.error?.data?.challenges
+  if (!Array.isArray(challenges) || challenges.length === 0) return []
+  const parsed: Challenge.Challenge[] = []
+  for (const challenge of challenges) {
+    const result = Challenge.Schema.safeParse(challenge)
+    if (!result.success) return []
+    parsed.push(result.data as Challenge.Challenge)
+  }
+  return parsed
+}
+async function parseSseJsonRpcResponse(response: Response): Promise<Mcp.Response | undefined> {
+  const reader = response.clone().body?.getReader()
+  if (!reader) return undefined
+  const decoder = new TextDecoder()
+  let dataEventSeen = false
+  let message: Mcp.Response | undefined
+  const parser = createParser({
+    onEvent(event) {
+      if (dataEventSeen || !event.data) return
+      dataEventSeen = true
+      if (event.event && event.event !== 'message') return
+      try {
+        message = parseMessage(JSON.parse(event.data))
+      } catch {}
+    },
+  })
+  try {
+    for (;;) {
+      if (dataEventSeen) return message
+      const { done, value } = await reader.read()
+      if (done) {
+        parser.feed(decoder.decode())
+        parser.reset({ consume: true })
+        return message
+      }
+      parser.feed(decoder.decode(value, { stream: true }))
+    }
+  } finally {
+    void reader.cancel().catch(() => {})
+  }
+}
+/** Reads a cloned HTTP body into the first JSON-RPC response message, if any. */
+function parseJsonRpcResponse(response: Response): Promise<Mcp.Response | undefined> {
+  const cached = responseCache.get(response)
+  if (cached) return cached
+  const promise = (async (): Promise<Mcp.Response | undefined> => {
+    const contentType = response.headers.get('content-type')?.toLowerCase() ?? ''
+    if (contentType.includes('application/json'))
+      return response
+        .clone()
+        .json()
+        .then(parseMessage)
+        .catch(() => undefined)
+    if (contentType.includes('text/event-stream')) return parseSseJsonRpcResponse(response)
+    return undefined
+  })()
+  responseCache.set(response, promise)
+  return promise
+}
+/**
+ * MCP-over-HTTP — remote MCP rides Streamable HTTP, so its challenge is a JSON-RPC `-32042` error
+ * in a normal 200 body (often `text/event-stream`), and the credential rides back in `_meta`.
+ */
+export function mcp(): Protocol {
+  return {
+    getChallenges(response, request) {
+      // The 402 schemes own status 402; MCP challenges arrive in a normal 200 body.
+      const id = mcpHttpRequestId(request)
+      if (response.status === paymentRequiredStatus || id === undefined) return []
+      return parseJsonRpcResponse(response).then((message) =>
+        paymentRequiredChallenges(message, id),
+      )
+    },
+    setCredential(request, credential) {
+      const message = JSON.parse(request.body as string) as Mcp.Request
+      const parsed = Credential.deserialize(credential)
+      return {
+        ...request,
+        body: JSON.stringify({
+          ...message,
+          params: {
+            ...message.params,
+            ['_meta']: { ...message.params?.['_meta'], [Mcp.credentialMetaKey]: parsed },
+          },
+        }),
+      }
+    },
+  }
+}

package/src/client/internal/protocols/Mpp.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import * as Challenge from '../../../Challenge.js'
+import * as Constants from '../../../Constants.js'
+import type { Protocol } from './Protocol.js'
+import { paymentRequiredStatus, setCredentialHeader } from './Shared.js'
+/** MPP — the native HTTP scheme: a 402 carrying a `WWW-Authenticate` challenge, paid back in `Authorization`. */
+export function mpp(): Protocol {
+  return {
+    getChallenges(response) {
+      if (
+        response.status !== paymentRequiredStatus ||
+        !response.headers.has(Constants.Headers.wwwAuthenticate)
+      )
+        return []
+      return Challenge.fromResponseList(response)
+    },
+    setCredential(request, credential) {
+      return setCredentialHeader(request, Constants.Headers.authorization, credential)
+    },
+  }
+}

package/src/client/internal/protocols/Protocol.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type * as Challenge from '../../../Challenge.js'
+import type { MaybePromise } from '../../../internal/types.js'
+/** One payment protocol over the `http` transport. */
+export type Protocol = {
+  /** This protocol's challenges from a response; `[]` when the response isn't its concern. */
+  getChallenges: (response: Response, request?: RequestInit) => MaybePromise<Challenge.Challenge[]>
+  /** Attaches this protocol's credential to a retry request. */
+  setCredential: (request: RequestInit, credential: string) => RequestInit
+}

package/src/client/internal/protocols/Shared.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import * as Constants from '../../../Constants.js'
+import * as x402_Types from '../../../x402/Types.js'
+/** HTTP status that signals a native payment challenge. */
+export const paymentRequiredStatus = 402
+/** Credential headers purged before a fresh credential is attached. */
+const credentialHeaders = [
+  Constants.Headers.authorization,
+  x402_Types.paymentRequiredHeader,
+  x402_Types.paymentResponseHeader,
+  x402_Types.paymentSignatureHeader,
+]
+/** Attaches `credential` under `header`, clearing any stale credential headers first. */
+export function setCredentialHeader(
+  request: RequestInit,
+  header: string,
+  credential: string,
+): RequestInit {
+  const headers = new Headers(request.headers)
+  for (const stale of credentialHeaders) headers.delete(stale)
+  headers.set(header, credential)
+  return { ...request, headers }
+}

package/src/client/internal/protocols/X402.ts ADDED Viewed

@@ -0,0 +1,42 @@
+import * as Challenge from '../../../Challenge.js'
+import * as x402_Header from '../../../x402/Header.js'
+import * as x402_ChallengeBrand from '../../../x402/internal/ChallengeBrand.js'
+import * as x402_Types from '../../../x402/Types.js'
+import type { Protocol } from './Protocol.js'
+import { paymentRequiredStatus, setCredentialHeader } from './Shared.js'
+/**
+ * x402 — a 402 carrying a `PAYMENT-REQUIRED` header, paid back in `PAYMENT-SIGNATURE`. Synthesized
+ * challenges are branded for `evm/client/Charge.ts`, keeping them distinct from native `evm`
+ * charges with the same method/intent.
+ */
+export function x402(): Protocol {
+  return {
+    getChallenges(response) {
+      if (response.status !== paymentRequiredStatus) return []
+      const header = response.headers.get(x402_Types.paymentRequiredHeader)
+      if (!header) return []
+      const paymentRequired = x402_Header.decodePaymentRequired(header)
+      if (response.url && paymentRequired.resource.url !== response.url)
+        throw new Error('x402 payment-required resource does not match response URL.')
+      return paymentRequired.accepts.map((accepted, index) =>
+        x402_ChallengeBrand.mark(
+          Challenge.from({
+            id: `${x402_Types.syntheticChallengeIdPrefix}${index}`,
+            intent: x402_Types.exactIntent,
+            method: x402_Types.paymentMethod,
+            realm: new URL(paymentRequired.resource.url).host,
+            request: {
+              ...accepted,
+              ...(paymentRequired.extensions ? { extensions: paymentRequired.extensions } : {}),
+              resource: paymentRequired.resource,
+            },
+          }),
+        ),
+      )
+    },
+    setCredential(request, credential) {
+      return setCredentialHeader(request, x402_Types.paymentSignatureHeader, credential)
+    },
+  }
+}

package/src/discovery/OpenApi.test.ts CHANGED Viewed

@@ -73,7 +73,7 @@ function createMppx<const methods extends Mppx.Methods>(methods: methods) {
   return Mppx.create({
     methods,
     realm: 'test-realm',
-    secretKey: 'test-secret',
+    secretKey: 'test-secret-key-test-secret-key-32',
   })
 }

package/src/evm/PublicInterface.test-d.ts CHANGED Viewed

@@ -14,7 +14,7 @@ import { Mppx as ServerMppx } from '../server/index.js'
 const account = {} as Account
 const recipient = '0x209693Bc6afc0C5328bA36FaF03C514EF312287C'
-const secretKey = 'test-secret'
+const secretKey = 'test-secret-key-test-secret-key-32'
 const settle = async () => ({
   reference: `0x${'1'.repeat(64)}` as `0x${string}`,
 })

package/src/evm/client/index.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 export * as assets from '../Assets.js'
+/** @deprecated Use `chains` instead. */
 export * as Chains from '../Chains.js'
 export * as chains from '../Chains.js'
 export { charge } from './Charge.js'

package/src/evm/index.ts CHANGED Viewed

@@ -1,4 +1,6 @@
+/** @deprecated Use `assets` instead. */
 export * as Assets from './Assets.js'
+/** @deprecated Use `chains` instead. */
 export * as Chains from './Chains.js'
 export * as Methods from './Methods.js'
 export * as Types from './Types.js'

package/src/evm/server/Charge.test.ts CHANGED Viewed

@@ -45,7 +45,7 @@ describe('evm charge server', () => {
           },
         }),
       ],
-      secretKey: 'test-secret',
+      secretKey: 'test-secret-key-test-secret-key-32',
     })
     const client = ClientMppx.create({
       methods: [

package/src/evm/server/index.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 export * as assets from '../Assets.js'
+/** @deprecated Use `chains` instead. */
 export * as Chains from '../Chains.js'
 export * as chains from '../Chains.js'
 export { charge } from './Charge.js'

package/src/{mcp-sdk → mcp}/client/McpClient.integration.test.ts RENAMED Viewed

@@ -25,7 +25,7 @@ import * as McpServer_transport from '../server/Transport.js'
 import * as McpClient from './McpClient.js'
 const realm = 'api.example.com'
-const secretKey = 'test-secret-key'
+const secretKey = 'test-secret-key-test-secret-key-32'
 const chargeAmountRaw = 1_000_000n
 const doubleSessionAmountRaw = chargeAmountRaw * 2n
 const topUpAmountRaw = chargeAmountRaw * 3n
@@ -410,6 +410,7 @@ describe.runIf(isLocalnet)('McpClient.wrap integration', () => {
 type WrappedClient = {
   callTool: (
     params: { name: string; arguments?: Record<string, unknown>; _meta?: Record<string, unknown> },
+    resultSchema?: undefined,
     options?: { context?: unknown; timeout?: number },
   ) => Promise<McpClient.CallToolResult>
 }
@@ -545,9 +546,14 @@ async function createHarness(options?: {
   const clientTransport = new StreamableHTTPClientTransport(new URL(`${httpServer.url}/mcp`))
   await sdkClient.connect(clientTransport as never)
-  const mcp = McpClient.wrap(sdkClient, {
-    methods: [chargeMethod, sessionMethod],
-  })
+  // Wrap a facade over the same session so `sdkClient` keeps raw (challenge-
+  // throwing) behavior for the credential-level scenarios below.
+  const mcp = McpClient.wrap(
+    { callTool: sdkClient.callTool.bind(sdkClient) as Client['callTool'] },
+    {
+      methods: [chargeMethod, sessionMethod],
+    },
+  )
   return {
     async close() {