mppx 0.7.0 → 0.8.1

package/src/tempo/Proof.test-d.ts

@@ -1,7 +1,22 @@
+import type { Address, Hex } from 'viem'
 import { expectTypeOf, test } from 'vp/test'
 
 import { Proof } from './index.js'
 
+test('Proof exports the wallet-bound typed-data contract helpers', () => {
+  expectTypeOf(Proof.message).toEqualTypeOf<
+    (parameters: { account: Address; challengeId: string; realm: string }) => {
+      readonly account: Address
+      readonly challengeId: string
+      readonly realm: string
+    }
+  >()
+
+  expectTypeOf(Proof.hash).toEqualTypeOf<
+    (parameters: { account: Address; chainId: number; challengeId: string; realm: string }) => Hex
+  >()
+})
+
 test('Proof exports public proof source helpers', () => {
   expectTypeOf(Proof.proofSource).toEqualTypeOf<
     (parameters: { address: string; chainId: number }) => string

package/src/tempo/Proof.ts

@@ -1,7 +1,58 @@
-import type { Address } from 'viem'
+import type { Address, Hex } from 'viem'
 
 import * as Proof_internal from './internal/proof.js'
 
+/** EIP-712 primary type for Tempo proof credentials. */
+export const primaryType = Proof_internal.primaryType
+
+/**
+ * EIP-712 typed-data field definitions for Tempo zero-amount proof credentials.
+ *
+ * The `account` field cryptographically binds the signature to the payer
+ * wallet, so a proof signed for one account cannot be replayed against another.
+ */
+export const types = Proof_internal.types
+
+/** Constructs the EIP-712 domain for a Tempo proof credential. */
+export function domain(chainId: number) {
+  return Proof_internal.domain(chainId)
+}
+
+/**
+ * Constructs the EIP-712 message for a Tempo proof credential.
+ *
+ * @param parameters - Proof message parameters.
+ * @param parameters.account - Payer wallet address the proof is bound to.
+ * @param parameters.challengeId - Challenge `id` being proven.
+ * @param parameters.realm - Challenge `realm` being proven.
+ */
+export function message(parameters: { account: Address; challengeId: string; realm: string }) {
+  return Proof_internal.message(parameters)
+}
+
+/**
+ * Constructs the complete EIP-712 typed-data payload for a Tempo proof
+ * credential — the canonical, wallet-bound proof contract.
+ */
+export function typedData(parameters: {
+  account: Address
+  chainId: number
+  challengeId: string
+  realm: string
+}) {
+  return Proof_internal.typedData(parameters)
+}
+
+/** Computes the EIP-712 digest (signing payload) for a Tempo proof credential. */
+export function hash(parameters: {
+  account: Address
+  chainId: number
+  challengeId: string
+  realm: string
+}): Hex {
+  return Proof_internal.hash(parameters)
+}
+
 /** Constructs the canonical `did:pkh:eip155` source DID for Tempo proof credentials. */
 export function proofSource(parameters: { address: string; chainId: number }): string {
   return Proof_internal.proofSource(parameters)

package/src/tempo/Subscription.integration.test.ts

@@ -10,7 +10,7 @@ import * as SubscriptionStore from './subscription/Store.js'
 import type { SubscriptionAccessKey, SubscriptionRecord } from './subscription/Types.js'
 
 const realm = 'news.example.com'
-const secretKey = 'subscription-lifecycle-secret'
+const secretKey = 'subscription-lifecycle-secret-key-32'
 const currency = '0x20c0000000000000000000000000000000000001'
 const recipient = '0x1234567890abcdef1234567890abcdef12345678'
 const periodCount = '30'

package/src/tempo/client/Charge.test.ts

@@ -2,6 +2,7 @@ import { Challenge, Credential } from 'mppx'
 import { createClient, http } from 'viem'
 import { privateKeyToAccount } from 'viem/accounts'
 import { tempoLocalnet } from 'viem/chains'
+import { Account, Secp256k1 } from 'viem/tempo'
 import { describe, expect, test, vi } from 'vp/test'
 
 import * as Methods from '../Methods.js'
@@ -83,6 +84,178 @@ describe('tempo.charge client', () => {
     expect(credential.source).toBe(`did:pkh:eip155:${chainId}:${account.address}`)
   })
 
+  test('resolveAccount selects the transaction account from executable calls', async () => {
+    vi.resetModules()
+    const selectedAccount = privateKeyToAccount(
+      '0x0000000000000000000000000000000000000000000000000000000000000002',
+    )
+    const chainId = 42431
+    const calls: charge.ResolveAccountInfo[] = []
+    const prepareTransactionRequest = vi.fn(async () => ({}))
+    const signTransaction = vi.fn(async () => '0xdeadbeef')
+    vi.doMock('viem/actions', () => ({
+      prepareTransactionRequest,
+      sendCallsSync: vi.fn(),
+      signTransaction,
+      signTypedData: vi.fn(),
+    }))
+
+    try {
+      const { charge: chargeWithMockedActions } = await import('./Charge.js')
+      const client = createClient({
+        account,
+        chain: tempoLocalnet,
+        transport: http('http://127.0.0.1'),
+      })
+      const method = chargeWithMockedActions({
+        account,
+        getClient: () => client,
+        resolveAccount(info) {
+          calls.push(info)
+          return selectedAccount
+        },
+      })
+
+      const credential = Credential.deserialize(
+        await method.createCredential({
+          challenge: createChallenge({ amount: '1', chainId, supportedModes: ['pull'] }),
+          context: {},
+        }),
+      )
+
+      expect(calls).toHaveLength(1)
+      expect(calls[0]!.account.address).toBe(account.address)
+      expect(calls[0]!.chainId).toBe(chainId)
+      expect(calls[0]!.operation.kind).toBe('executeCalls')
+      if (calls[0]!.operation.kind !== 'executeCalls') throw new Error('expected executeCalls')
+      expect(calls[0]!.operation.calls).toHaveLength(1)
+      expect(calls[0]!.operation.calls?.[0]?.to.toLowerCase()).toBe(currency.toLowerCase())
+      expect(prepareTransactionRequest).toHaveBeenCalledOnce()
+      expect(signTransaction).toHaveBeenCalledOnce()
+      expect(credential.payload).toEqual({ signature: '0xdeadbeef', type: 'transaction' })
+      expect(credential.source).toBe(`did:pkh:eip155:${chainId}:${selectedAccount.address}`)
+    } finally {
+      vi.doUnmock('viem/actions')
+      vi.resetModules()
+    }
+  })
+
+  test('resolveAccount omits executable calls when auto-swap routing is account-dependent', async () => {
+    vi.resetModules()
+    const selectedAccount = privateKeyToAccount(
+      '0x0000000000000000000000000000000000000000000000000000000000000002',
+    )
+    const chainId = 42431
+    const calls: charge.ResolveAccountInfo[] = []
+    const prepareTransactionRequest = vi.fn(async () => ({}))
+    const signTransaction = vi.fn(async () => '0xdeadbeef')
+    const findCalls = vi.fn(async (_client: unknown, _parameters: { account: string }) => undefined)
+    vi.doMock('viem/actions', () => ({
+      prepareTransactionRequest,
+      sendCallsSync: vi.fn(),
+      signTransaction,
+      signTypedData: vi.fn(),
+    }))
+    vi.doMock('../internal/auto-swap.js', () => ({
+      defaultCurrencies: [currency],
+      findCalls,
+      resolve: vi.fn(() => ({ tokenIn: [currency], slippage: 1 })),
+    }))
+
+    try {
+      const { charge: chargeWithMockedActions } = await import('./Charge.js')
+      const client = createClient({
+        account,
+        chain: tempoLocalnet,
+        transport: http('http://127.0.0.1'),
+      })
+      const method = chargeWithMockedActions({
+        account,
+        autoSwap: true,
+        getClient: () => client,
+        resolveAccount(info) {
+          calls.push(info)
+          return selectedAccount
+        },
+      })
+
+      const credential = Credential.deserialize(
+        await method.createCredential({
+          challenge: createChallenge({ amount: '1', chainId, supportedModes: ['pull'] }),
+          context: {},
+        }),
+      )
+
+      expect(calls).toHaveLength(1)
+      expect(calls[0]!.operation.kind).toBe('executeCalls')
+      if (calls[0]!.operation.kind !== 'executeCalls') throw new Error('expected executeCalls')
+      expect(calls[0]!.operation.calls).toBeUndefined()
+      expect(findCalls).toHaveBeenCalledOnce()
+      expect(findCalls.mock.calls[0]?.[1].account).toBe(selectedAccount.address)
+      expect(credential.payload).toEqual({ signature: '0xdeadbeef', type: 'transaction' })
+    } finally {
+      vi.doUnmock('viem/actions')
+      vi.doUnmock('../internal/auto-swap.js')
+      vi.resetModules()
+    }
+  })
+
+  test('zero-amount proof binds to the root payer for an access-key account', async () => {
+    vi.resetModules()
+    // Capture the typed data so we can assert what the proof commits to.
+    let signedTypedData: { message: { account: string } } | undefined
+    const signTypedData = vi.fn(async (_client: unknown, parameters: typeof signedTypedData) => {
+      signedTypedData = parameters
+      return '0xdeadbeef'
+    })
+    vi.doMock('viem/actions', () => ({
+      prepareTransactionRequest: vi.fn(),
+      sendCallsSync: vi.fn(),
+      signTransaction: vi.fn(),
+      signTypedData,
+    }))
+
+    try {
+      const { charge: chargeWithMockedActions } = await import('./Charge.js')
+      const chainId = 42431
+      // An access-key account signs with its own key but reports the root
+      // account as `address`; the proof must bind to that root payer.
+      const accessKey = Account.fromSecp256k1(Secp256k1.randomPrivateKey(), {
+        access: account,
+      })
+      expect(accessKey.address).toBe(account.address)
+      expect(accessKey.accessKeyAddress).not.toBe(account.address)
+
+      const client = createClient({
+        account: accessKey,
+        chain: tempoLocalnet,
+        transport: http('http://127.0.0.1'),
+      })
+      const resolveAccount = vi.fn()
+      const method = chargeWithMockedActions({
+        account: accessKey,
+        getClient: () => client,
+        resolveAccount,
+      })
+
+      const credential = Credential.deserialize(
+        await method.createCredential({
+          challenge: createChallenge({ chainId }),
+          context: {},
+        }),
+      )
+
+      expect(signTypedData).toHaveBeenCalledOnce()
+      expect(resolveAccount).not.toHaveBeenCalled()
+      expect(signedTypedData?.message.account).toBe(account.address)
+      expect(credential.payload).toEqual({ signature: '0xdeadbeef', type: 'proof' })
+      expect(credential.source).toBe(`did:pkh:eip155:${chainId}:${account.address}`)
+    } finally {
+      vi.doUnmock('viem/actions')
+      vi.resetModules()
+    }
+  })
+
   test('uses challenge chainId for non-zero transaction source', async () => {
     vi.resetModules()
     const prepareTransactionRequest = vi.fn(async () => ({}))

package/src/tempo/client/Charge.ts

@@ -20,6 +20,20 @@ import * as Charge_internal from '../internal/charge.js'
 import * as defaults from '../internal/defaults.js'
 import * as Proof from '../internal/proof.js'
 import * as Methods from '../Methods.js'
+import type * as AccountResolution from './ResolveAccount.js'
+
+/** Runtime context accepted by the Tempo charge client method. */
+export type ChargeContext = {
+  account?: Account.getResolver.Parameters['account'] | undefined
+  autoSwap?: AutoSwap.resolve.Value | undefined
+  mode?: Methods.ChargeMode | undefined
+}
+
+const chargeContextSchema = z.object({
+  account: z.optional(z.custom<ChargeContext['account']>()),
+  autoSwap: z.optional(z.custom<ChargeContext['autoSwap']>()),
+  mode: z.optional(z.enum(Methods.chargeModes)),
+})
 
 /**
  * Creates a Tempo charge method intent for usage on the client.
@@ -44,11 +58,7 @@ export function charge(parameters: charge.Parameters = {}) {
   const getAccount = Account.getResolver({ account: parameters.account })
 
   return Method.toClient(Methods.charge, {
-    context: z.object({
-      account: z.optional(z.custom<Account.getResolver.Parameters['account']>()),
-      autoSwap: z.optional(z.custom<charge.AutoSwap>()),
-      mode: z.optional(z.enum(Methods.chargeModes)),
-    }),
+    context: chargeContextSchema,
 
     async createCredential({ challenge, context }) {
       // Chain pinning: reject a challenge whose chain ID conflicts with the
@@ -68,24 +78,30 @@ export function charge(parameters: charge.Parameters = {}) {
       if (chainId === undefined)
         throw new Error('No `chainId` provided. Pass a chain ID in the challenge or client.')
 
-      const account = getAccount(client, context)
-
       const { request } = challenge
       const { amount, methodDetails } = request
+      const supportedModes = (methodDetails?.supportedModes as
+        | readonly Methods.ChargeMode[]
+        | undefined) ?? ['pull', 'push']
+      const defaultAccount = getAccount(client, context)
 
       // Zero-amount: sign EIP-712 typed data instead of creating a transaction.
       if (BigInt(amount) === 0n) {
         const signature = await signTypedData(client, {
-          account,
-          domain: Proof.domain(chainId),
-          types: Proof.types,
-          primaryType: 'Proof',
-          message: Proof.message(challenge.id, challenge.realm),
+          account: defaultAccount,
+          // `account` here is the signing account; the proof's bound payer is
+          // `account.address` (echoed in the credential `source` below).
+          ...Proof.typedData({
+            account: defaultAccount.address,
+            chainId,
+            challengeId: challenge.id,
+            realm: challenge.realm,
+          }),
         })
         return Credential.serialize({
           challenge,
           payload: { signature, type: 'proof' },
-          source: Proof.proofSource({ address: account.address, chainId }),
+          source: Proof.proofSource({ address: defaultAccount.address, chainId }),
         })
       }
 
@@ -100,22 +116,6 @@ export function charge(parameters: charge.Parameters = {}) {
           }
         }
       }
-      const supportedModes = (methodDetails?.supportedModes as
-        | readonly Methods.ChargeMode[]
-        | undefined) ?? ['pull', 'push']
-      const mode = (() => {
-        const explicitMode = context?.mode ?? parameters.mode
-        if (explicitMode) {
-          if (!supportedModes.includes(explicitMode))
-            throw new Error(`Challenge does not support ${explicitMode} mode.`)
-          return explicitMode
-        }
-
-        const preferredMode = account.type === 'json-rpc' ? 'push' : 'pull'
-        if (supportedModes.includes(preferredMode)) return preferredMode
-        return supportedModes[0]!
-      })()
-
       const memo = methodDetails?.memo
         ? (methodDetails.memo as Hex.Hex)
         : Attribution.encode({ challengeId: challenge.id, clientId, serverId: challenge.realm })
@@ -127,13 +127,14 @@ export function charge(parameters: charge.Parameters = {}) {
         },
         recipient: request.recipient as Address,
       })
-      const transferCalls = transfers.map((transfer) =>
-        Actions.token.transfer.call({
-          amount: BigInt(transfer.amount),
-          ...(transfer.memo && { memo: transfer.memo as Hex.Hex }),
-          to: transfer.recipient as Address,
-          token: currency,
-        }),
+      const transferCalls = transfers.map(
+        (transfer): AccountResolution.ResolveAccountCall =>
+          Actions.token.transfer.call({
+            amount: BigInt(transfer.amount),
+            ...(transfer.memo && { memo: transfer.memo as Hex.Hex }),
+            to: transfer.recipient as Address,
+            token: currency,
+          }) as AccountResolution.ResolveAccountCall,
       )
 
       const autoSwap = AutoSwap.resolve(
@@ -141,6 +142,29 @@ export function charge(parameters: charge.Parameters = {}) {
         AutoSwap.defaultCurrencies,
       )
 
+      const account =
+        (await parameters.resolveAccount?.({
+          account: defaultAccount,
+          chainId,
+          operation: {
+            kind: 'executeCalls',
+            ...(autoSwap ? {} : { calls: transferCalls }),
+          },
+        })) ?? defaultAccount
+
+      const mode = (() => {
+        const explicitMode = context?.mode ?? parameters.mode
+        if (explicitMode) {
+          if (!supportedModes.includes(explicitMode))
+            throw new Error(`Challenge does not support ${explicitMode} mode.`)
+          return explicitMode
+        }
+
+        const preferredMode = account.type === 'json-rpc' ? 'push' : 'pull'
+        if (supportedModes.includes(preferredMode)) return preferredMode
+        return supportedModes[0]!
+      })()
+
       const swapCalls = autoSwap
         ? await AutoSwap.findCalls(client, {
             account: account.address,
@@ -198,6 +222,9 @@ export function charge(parameters: charge.Parameters = {}) {
 
 export declare namespace charge {
   type AutoSwap = AutoSwap.resolve.Value
+  type Context = ChargeContext
+  type ResolveAccount = AccountResolution.ResolveAccount
+  type ResolveAccountInfo = AccountResolution.ResolveAccountInfo
 
   type Parameters = {
     /**
@@ -232,6 +259,8 @@ export declare namespace charge {
      * @default `'push'` for JSON-RPC accounts, `'pull'` for local accounts.
      */
     mode?: Methods.ChargeMode | undefined
+    /** Selects the account that signs this charge after the challenge and chain are known. */
+    resolveAccount?: ResolveAccount | undefined
   } & Account.getResolver.Parameters &
     Client.getResolver.Parameters
 }

package/src/tempo/client/Methods.ts

@@ -14,14 +14,14 @@ const sessionLegacyClient = Object.assign(sessionLegacy_, { method: sessionLegac
 export { sessionClient as session }
 
 /**
- * Creates both Tempo `charge` and `session` client methods from shared parameters.
+ * Creates the common Tempo `charge` and `session` client methods from shared parameters.
  *
  * @example
  * ```ts
  * import { Mppx, tempo } from 'mppx/client'
  *
  * const mppx = Mppx.create({
- *   methods: [tempo({ account })],
+ *   methods: [tempo.common({ account })],
  * })
  * ```
  */
@@ -34,6 +34,8 @@ export namespace tempo {
 
   /** Creates a Tempo `charge` client method for one-time TIP-20 token transfers. */
   export const charge = charge_
+  /** Creates the common Tempo `charge` and `session` client methods from shared parameters. */
+  export const common = tempo
   /** Creates a TIP-1034 client method for Mppx registration. Use `tempo.session.manager()` for direct lifecycle control. */
   export const session = sessionClient
   /** @deprecated Use `tempo.session()` for the TIP-1034 session client method. */

package/src/tempo/client/ResolveAccount.ts

@@ -0,0 +1,46 @@
+import type * as Hex from 'ox/Hex'
+import type { Account, Address } from 'viem'
+
+import type { MaybePromise } from '../../internal/types.js'
+
+/** Resolves the account that should satisfy an mppx account operation. */
+export type ResolveAccount = (info: ResolveAccountInfo) => MaybePromise<Account | undefined>
+
+/** Account-resolution details for a client credential operation. */
+export type ResolveAccountInfo = {
+  /** Account mppx will use when the hook returns `undefined`. */
+  account: Account
+  /** EIP-155 chain ID used for the operation. */
+  chainId: number
+  /** Capability the selected account must satisfy. */
+  operation: ResolveAccountOperation
+}
+
+/** Capability an mppx-selected account must satisfy. */
+export type ResolveAccountOperation =
+  | {
+      kind: 'executeCalls'
+      /**
+       * Exact EVM calls the selected account will execute.
+       *
+       * Omitted when the calls depend on which account is selected, such as
+       * account-balance-dependent auto-swap routing.
+       */
+      calls?: readonly ResolveAccountCall[] | undefined
+    }
+  | {
+      kind: 'authorizePaymentChannel'
+      /**
+       * Signer required by an existing reusable channel. Omitted when opening
+       * a new channel or when no existing channel has fixed a signer yet.
+       */
+      authority?: Address | undefined
+    }
+
+/** EVM call data used by account resolvers for scoped account selection. */
+export type ResolveAccountCall = {
+  /** Contract address being called. */
+  to: Address
+  /** Calldata being sent. */
+  data: Hex.Hex
+}

package/src/tempo/internal/fee-payer.test.ts

@@ -1,3 +1,5 @@
+import { Address, Secp256k1 } from 'ox'
+import { TxEnvelopeTempo } from 'ox/tempo'
 import { encodeFunctionData, maxUint256, toHex } from 'viem'
 import { Abis, Addresses, Transaction } from 'viem/tempo'
 import { afterEach, describe, expect, test, vi } from 'vp/test'
@@ -497,32 +499,89 @@ describe('fillHostedFeePayerTransaction', () => {
     signature: { r: 1n, s: 1n, yParity: 0 } as any,
     validBefore: Math.floor(Date.now() / 1_000) + 300,
   } as const
+  const hostedContext = {
+    chainId: defaults.chainId.mainnet,
+    details,
+  } as const
 
   test('uses hosted fillTransaction and preserves sender-committed fields', async () => {
+    // Sign over the payload built from the actual RPC request body so this
+    // verifies recovery parity with the real request shape.
+    const sponsorPrivateKey =
+      '0x0000000000000000000000000000000000000000000000000000000000000042' as const
+    const sponsorAddress = Address.fromPublicKey(
+      Secp256k1.getPublicKey({ privateKey: sponsorPrivateKey }),
+    )
+    let realFeePayerSignature: ReturnType<typeof Secp256k1.sign> | undefined
+
     const calls: { init?: RequestInit | undefined; input: RequestInfo | URL }[] = []
     const fetchMock = vi.fn(async (input: RequestInfo | URL, init?: RequestInit) => {
       calls.push({ init, input })
+      const rpc = JSON.parse(init!.body as string).params[0]
+      const quantity = (value: unknown) =>
+        value === undefined ? undefined : BigInt(value as string)
+      realFeePayerSignature = Secp256k1.sign({
+        payload: TxEnvelopeTempo.getFeePayerSignPayload(
+          TxEnvelopeTempo.from({
+            accessList: rpc.accessList,
+            calls: rpc.calls.map(({ value, ...call }: any) => ({
+              ...call,
+              ...(value && value !== '0x' ? { value: BigInt(value) } : {}),
+            })),
+            chainId: hostedTransaction.chainId,
+            feeToken: defaults.tokens.pathUsd,
+            from: rpc.from,
+            ...(quantity(rpc.gas) !== undefined ? { gas: quantity(rpc.gas) } : {}),
+            ...(rpc.keyAuthorization !== undefined
+              ? { keyAuthorization: rpc.keyAuthorization }
+              : {}),
+            ...(quantity(rpc.maxFeePerGas) !== undefined
+              ? { maxFeePerGas: quantity(rpc.maxFeePerGas) }
+              : {}),
+            ...(quantity(rpc.maxPriorityFeePerGas) !== undefined
+              ? { maxPriorityFeePerGas: quantity(rpc.maxPriorityFeePerGas) }
+              : {}),
+            ...(quantity(rpc.nonce) !== undefined ? { nonce: quantity(rpc.nonce) } : {}),
+            ...(quantity(rpc.nonceKey) !== undefined ? { nonceKey: quantity(rpc.nonceKey) } : {}),
+            type: 'tempo',
+            ...(rpc.validAfter !== undefined ? { validAfter: Number(BigInt(rpc.validAfter)) } : {}),
+            ...(rpc.validBefore !== undefined
+              ? { validBefore: Number(BigInt(rpc.validBefore)) }
+              : {}),
+          } as any) as any,
+          { sender: rpc.from },
+        ),
+        privateKey: sponsorPrivateKey,
+      })
       return new Response(
-        JSON.stringify({
-          result: {
-            tx: {
-              feePayerSignature,
-              feeToken: defaults.tokens.pathUsd,
-              gas: '0x1',
-              maxFeePerGas: '0x2',
+        JSON.stringify(
+          {
+            result: {
+              tx: {
+                feePayerSignature: realFeePayerSignature,
+                feeToken: defaults.tokens.pathUsd,
+                gas: '0x1',
+                maxFeePerGas: '0x2',
+              },
             },
           },
-        }),
+          (_key, value) => (typeof value === 'bigint' ? toHex(value) : value),
+        ),
       )
     })
     vi.stubGlobal('fetch', fetchMock)
 
-    const serialized = await fillHostedFeePayerTransaction({
+    const result = await fillHostedFeePayerTransaction({
       allowedFeeTokens: defaultAllowedFeeTokens(defaults.chainId.mainnet),
+      ...hostedContext,
       transaction: hostedTransaction as any,
       url: 'https://sponsor.example/tp_key',
     })
 
+    expect(result.feeToken).toBe(defaults.tokens.pathUsd)
+    expect(result.feePayer.toLowerCase()).toBe(sponsorAddress.toLowerCase())
+    const serialized = result.serializedTransaction
+
     expect(fetchMock).toHaveBeenCalledOnce()
     expect(calls[0]!.input).toBe('https://sponsor.example/tp_key')
     const body = JSON.parse(calls[0]!.init!.body as string)
@@ -554,7 +613,8 @@ describe('fillHostedFeePayerTransaction', () => {
     expect(transaction.maxFeePerGas).toBe(hostedTransaction.maxFeePerGas)
     expect(transaction.calls).toEqual(hostedTransaction.calls)
     expect(transaction.feeToken).toBe(defaults.tokens.pathUsd)
-    expect(transaction.feePayerSignature).toEqual(feePayerSignature)
+    expect(BigInt(transaction.feePayerSignature!.r)).toBe(realFeePayerSignature!.r)
+    expect(BigInt(transaction.feePayerSignature!.s)).toBe(realFeePayerSignature!.s)
   })
 
   test('error: requires hosted fee payer to return a feeToken', async () => {
@@ -566,6 +626,7 @@ describe('fillHostedFeePayerTransaction', () => {
     await expect(
       fillHostedFeePayerTransaction({
         allowedFeeTokens: defaultAllowedFeeTokens(defaults.chainId.mainnet),
+        ...hostedContext,
         transaction: hostedTransaction as any,
         url: 'https://sponsor.example/tp_key',
       }),
@@ -588,6 +649,7 @@ describe('fillHostedFeePayerTransaction', () => {
     await expect(
       fillHostedFeePayerTransaction({
         allowedFeeTokens: defaultAllowedFeeTokens(defaults.chainId.mainnet),
+        ...hostedContext,
         transaction: hostedTransaction as any,
         url: 'https://sponsor.example/tp_key',
       }),
@@ -608,11 +670,28 @@ describe('fillHostedFeePayerTransaction', () => {
     await expect(
       fillHostedFeePayerTransaction({
         allowedFeeTokens: defaultAllowedFeeTokens(defaults.chainId.mainnet),
+        ...hostedContext,
         transaction: hostedTransaction as any,
         url: 'https://sponsor.example/tp_key',
       }),
     ).rejects.toThrow('Invalid or revoked API key')
   })
+
+  test('error: enforces sponsor policy before requesting hosted fill', async () => {
+    const fetchMock = vi.fn()
+    vi.stubGlobal('fetch', fetchMock)
+
+    await expect(
+      fillHostedFeePayerTransaction({
+        allowedFeeTokens: defaultAllowedFeeTokens(defaults.chainId.mainnet),
+        ...hostedContext,
+        policy: { maxGas: hostedTransaction.gas - 1n },
+        transaction: hostedTransaction as any,
+        url: 'https://sponsor.example/tp_key',
+      }),
+    ).rejects.toThrow('gas exceeds sponsor policy')
+    expect(fetchMock).not.toHaveBeenCalled()
+  })
 })
 
 describe('simulationTransaction', () => {