npm - mppx - Versions diffs - 0.7.0 → 0.8.1 - Mend

mppx 0.7.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (290) hide show

package/CHANGELOG.md +41 -0
package/README.md +20 -11
package/dist/Challenge.d.ts.map +1 -1
package/dist/Challenge.js +18 -6
package/dist/Challenge.js.map +1 -1
package/dist/Mcp.d.ts +3 -0
package/dist/Mcp.d.ts.map +1 -1
package/dist/Mcp.js +2 -0
package/dist/Mcp.js.map +1 -1
package/dist/PaymentRequest.d.ts +10 -10
package/dist/PaymentRequest.js +8 -8
package/dist/cli/internal.d.ts +1 -0
package/dist/cli/internal.d.ts.map +1 -1
package/dist/cli/internal.js +1 -15
package/dist/cli/internal.js.map +1 -1
package/dist/client/Mppx.js +2 -2
package/dist/client/Mppx.js.map +1 -1
package/dist/client/Transport.d.ts +11 -16
package/dist/client/Transport.d.ts.map +1 -1
package/dist/client/Transport.js +55 -75
package/dist/client/Transport.js.map +1 -1
package/dist/client/index.d.ts +3 -0
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +1 -0
package/dist/client/index.js.map +1 -1
package/dist/client/internal/Fetch.d.ts.map +1 -1
package/dist/client/internal/Fetch.js +46 -7
package/dist/client/internal/Fetch.js.map +1 -1
package/dist/client/internal/protocols/Mcp.d.ts +7 -0
package/dist/client/internal/protocols/Mcp.d.ts.map +1 -0
package/dist/client/internal/protocols/Mcp.js +159 -0
package/dist/client/internal/protocols/Mcp.js.map +1 -0
package/dist/client/internal/protocols/Mpp.d.ts +4 -0
package/dist/client/internal/protocols/Mpp.d.ts.map +1 -0
package/dist/client/internal/protocols/Mpp.js +18 -0
package/dist/client/internal/protocols/Mpp.js.map +1 -0
package/dist/client/internal/protocols/Protocol.d.ts +10 -0
package/dist/client/internal/protocols/Protocol.d.ts.map +1 -0
package/dist/client/internal/protocols/Protocol.js +2 -0
package/dist/client/internal/protocols/Protocol.js.map +1 -0
package/dist/client/internal/protocols/Shared.d.ts +5 -0
package/dist/client/internal/protocols/Shared.d.ts.map +1 -0
package/dist/client/internal/protocols/Shared.js +20 -0
package/dist/client/internal/protocols/Shared.js.map +1 -0
package/dist/client/internal/protocols/X402.d.ts +8 -0
package/dist/client/internal/protocols/X402.d.ts.map +1 -0
package/dist/client/internal/protocols/X402.js +39 -0
package/dist/client/internal/protocols/X402.js.map +1 -0
package/dist/evm/client/index.d.ts +1 -0
package/dist/evm/client/index.d.ts.map +1 -1
package/dist/evm/client/index.js +1 -0
package/dist/evm/client/index.js.map +1 -1
package/dist/evm/index.d.ts +2 -0
package/dist/evm/index.d.ts.map +1 -1
package/dist/evm/index.js +2 -0
package/dist/evm/index.js.map +1 -1
package/dist/evm/server/index.d.ts +1 -0
package/dist/evm/server/index.d.ts.map +1 -1
package/dist/evm/server/index.js +1 -0
package/dist/evm/server/index.js.map +1 -1
package/dist/mcp/client/McpClient.d.ts +101 -0
package/dist/mcp/client/McpClient.d.ts.map +1 -0
package/dist/mcp/client/McpClient.js +162 -0
package/dist/mcp/client/McpClient.js.map +1 -0
package/dist/mcp/client/index.d.ts.map +1 -0
package/dist/mcp/client/index.js.map +1 -0
package/dist/mcp/server/Transport.d.ts.map +1 -0
package/dist/mcp/server/Transport.js.map +1 -0
package/dist/mcp/server/index.d.ts.map +1 -0
package/dist/mcp/server/index.js.map +1 -0
package/dist/server/Mppx.d.ts +1 -1
package/dist/server/Mppx.d.ts.map +1 -1
package/dist/server/Mppx.js +9 -0
package/dist/server/Mppx.js.map +1 -1
package/dist/server/Transport.d.ts +1 -1
package/dist/server/Transport.d.ts.map +1 -1
package/dist/server/Transport.js +1 -1
package/dist/server/Transport.js.map +1 -1
package/dist/stripe/server/internal/html.gen.d.ts +1 -1
package/dist/stripe/server/internal/html.gen.d.ts.map +1 -1
package/dist/stripe/server/internal/html.gen.js +1 -1
package/dist/stripe/server/internal/html.gen.js.map +1 -1
package/dist/tempo/Proof.d.ts +85 -1
package/dist/tempo/Proof.d.ts.map +1 -1
package/dist/tempo/Proof.js +35 -0
package/dist/tempo/Proof.js.map +1 -1
package/dist/tempo/client/Charge.d.ts +13 -1
package/dist/tempo/client/Charge.d.ts.map +1 -1
package/dist/tempo/client/Charge.js +38 -25
package/dist/tempo/client/Charge.js.map +1 -1
package/dist/tempo/client/Methods.d.ts +5 -3
package/dist/tempo/client/Methods.d.ts.map +1 -1
package/dist/tempo/client/Methods.js +4 -2
package/dist/tempo/client/Methods.js.map +1 -1
package/dist/tempo/client/ResolveAccount.d.ts +40 -0
package/dist/tempo/client/ResolveAccount.d.ts.map +1 -0
package/dist/tempo/client/ResolveAccount.js +2 -0
package/dist/tempo/client/ResolveAccount.js.map +1 -0
package/dist/tempo/internal/fee-payer.d.ts +26 -1
package/dist/tempo/internal/fee-payer.d.ts.map +1 -1
package/dist/tempo/internal/fee-payer.js +83 -30
package/dist/tempo/internal/fee-payer.js.map +1 -1
package/dist/tempo/internal/proof.d.ts +71 -5
package/dist/tempo/internal/proof.d.ts.map +1 -1
package/dist/tempo/internal/proof.js +42 -6
package/dist/tempo/internal/proof.js.map +1 -1
package/dist/tempo/legacy/client/SessionManager.d.ts.map +1 -1
package/dist/tempo/legacy/client/SessionManager.js +10 -3
package/dist/tempo/legacy/client/SessionManager.js.map +1 -1
package/dist/tempo/server/Charge.d.ts.map +1 -1
package/dist/tempo/server/Charge.js +46 -18
package/dist/tempo/server/Charge.js.map +1 -1
package/dist/tempo/server/Methods.d.ts +4 -2
package/dist/tempo/server/Methods.d.ts.map +1 -1
package/dist/tempo/server/Methods.js +4 -2
package/dist/tempo/server/Methods.js.map +1 -1
package/dist/tempo/server/Subscription.d.ts +10 -0
package/dist/tempo/server/Subscription.d.ts.map +1 -1
package/dist/tempo/server/Subscription.js +135 -23
package/dist/tempo/server/Subscription.js.map +1 -1
package/dist/tempo/server/internal/html.gen.d.ts +1 -1
package/dist/tempo/server/internal/html.gen.d.ts.map +1 -1
package/dist/tempo/server/internal/html.gen.js +1 -1
package/dist/tempo/server/internal/html.gen.js.map +1 -1
package/dist/tempo/session/client/ChannelOps.d.ts +2 -3
package/dist/tempo/session/client/ChannelOps.d.ts.map +1 -1
package/dist/tempo/session/client/ChannelOps.js +7 -10
package/dist/tempo/session/client/ChannelOps.js.map +1 -1
package/dist/tempo/session/client/ChannelStore.d.ts +51 -0
package/dist/tempo/session/client/ChannelStore.d.ts.map +1 -0
package/dist/tempo/session/client/ChannelStore.js +63 -0
package/dist/tempo/session/client/ChannelStore.js.map +1 -0
package/dist/tempo/session/client/CredentialState.d.ts +7 -24
package/dist/tempo/session/client/CredentialState.d.ts.map +1 -1
package/dist/tempo/session/client/CredentialState.js +51 -49
package/dist/tempo/session/client/CredentialState.js.map +1 -1
package/dist/tempo/session/client/Session.d.ts +8 -2
package/dist/tempo/session/client/Session.d.ts.map +1 -1
package/dist/tempo/session/client/Session.js +22 -8
package/dist/tempo/session/client/Session.js.map +1 -1
package/dist/tempo/session/client/SessionManager.d.ts +4 -40
package/dist/tempo/session/client/SessionManager.d.ts.map +1 -1
package/dist/tempo/session/client/SessionManager.js +124 -174
package/dist/tempo/session/client/SessionManager.js.map +1 -1
package/dist/tempo/session/client/index.d.ts +3 -4
package/dist/tempo/session/client/index.d.ts.map +1 -1
package/dist/tempo/session/client/index.js +1 -0
package/dist/tempo/session/client/index.js.map +1 -1
package/dist/tempo/session/precompile/Voucher.d.ts +3 -3
package/dist/tempo/session/precompile/Voucher.d.ts.map +1 -1
package/dist/tempo/session/precompile/Voucher.js +24 -25
package/dist/tempo/session/precompile/Voucher.js.map +1 -1
package/dist/tempo/session/server/CredentialVerification.d.ts +6 -0
package/dist/tempo/session/server/CredentialVerification.d.ts.map +1 -1
package/dist/tempo/session/server/CredentialVerification.js +13 -0
package/dist/tempo/session/server/CredentialVerification.js.map +1 -1
package/dist/tempo/session/server/Settlement.d.ts.map +1 -1
package/dist/tempo/session/server/Settlement.js +4 -2
package/dist/tempo/session/server/Settlement.js.map +1 -1
package/dist/tempo/session/server/Sse.d.ts.map +1 -1
package/dist/tempo/session/server/Sse.js.map +1 -1
package/dist/tempo/session/server/Ws.d.ts.map +1 -1
package/dist/tempo/session/server/Ws.js.map +1 -1
package/dist/tempo/subscription/KeyAuthorization.d.ts +712 -1
package/dist/tempo/subscription/KeyAuthorization.d.ts.map +1 -1
package/dist/tempo/subscription/Store.d.ts +2 -0
package/dist/tempo/subscription/Store.d.ts.map +1 -1
package/dist/tempo/subscription/Store.js +16 -1
package/dist/tempo/subscription/Store.js.map +1 -1
package/dist/x402/index.d.ts +1 -0
package/dist/x402/index.d.ts.map +1 -1
package/dist/x402/index.js +1 -0
package/dist/x402/index.js.map +1 -1
package/package.json +21 -10
package/src/Challenge.test.ts +40 -0
package/src/Challenge.ts +19 -6
package/src/Mcp.ts +4 -0
package/src/PaymentRequest.ts +10 -10
package/src/cli/cli.test.ts +15 -15
package/src/cli/config.test.ts +13 -7
package/src/cli/internal.ts +1 -16
package/src/client/Mppx.test-d.ts +21 -1
package/src/client/Mppx.test.ts +1 -1
package/src/client/Mppx.ts +2 -2
package/src/client/Transport.test.ts +225 -178
package/src/client/Transport.ts +77 -83
package/src/client/index.ts +14 -0
package/src/client/internal/Fetch.test.ts +207 -2
package/src/client/internal/Fetch.ts +52 -6
package/src/client/internal/protocols/Mcp.test.ts +220 -0
package/src/client/internal/protocols/Mcp.ts +162 -0
package/src/client/internal/protocols/Mpp.ts +21 -0
package/src/client/internal/protocols/Protocol.ts +10 -0
package/src/client/internal/protocols/Shared.ts +25 -0
package/src/client/internal/protocols/X402.ts +42 -0
package/src/discovery/OpenApi.test.ts +1 -1
package/src/evm/PublicInterface.test-d.ts +1 -1
package/src/evm/client/index.ts +1 -0
package/src/evm/index.ts +2 -0
package/src/evm/server/Charge.test.ts +1 -1
package/src/evm/server/index.ts +1 -0
package/src/{mcp-sdk → mcp}/client/McpClient.integration.test.ts +10 -4
package/src/{mcp-sdk → mcp}/client/McpClient.test-d.ts +45 -18
package/src/{mcp-sdk → mcp}/client/McpClient.test.ts +211 -5
package/src/mcp/client/McpClient.ts +307 -0
package/src/{mcp-sdk → mcp}/client/McpClient.unit.test.ts +9 -5
package/src/middlewares/elysia.test.ts +1 -1
package/src/middlewares/express.test.ts +1 -1
package/src/middlewares/hono.test.ts +1 -1
package/src/middlewares/internal/mppx.test.ts +1 -1
package/src/middlewares/nextjs.test.ts +1 -1
package/src/proxy/Proxy.test.ts +1 -1
package/src/proxy/services/anthropic.test.ts +1 -1
package/src/proxy/services/openai.test.ts +1 -1
package/src/proxy/services/stripe.test.ts +1 -1
package/src/server/Mppx.authorize.test.ts +1 -1
package/src/server/Mppx.test-d.ts +1 -1
package/src/server/Mppx.test.ts +20 -2
package/src/server/Mppx.ts +14 -1
package/src/server/Transport.test.ts +6 -6
package/src/server/Transport.ts +1 -1
package/src/stripe/Charge.integration.test.ts +1 -1
package/src/stripe/client/Charge.test.ts +1 -1
package/src/stripe/server/Charge.test.ts +1 -1
package/src/stripe/server/internal/html/package.json +1 -1
package/src/stripe/server/internal/html.gen.ts +1 -1
package/src/tempo/Proof.conformance.test.ts +146 -0
package/src/tempo/Proof.test-d.ts +15 -0
package/src/tempo/Proof.ts +52 -1
package/src/tempo/Subscription.integration.test.ts +1 -1
package/src/tempo/client/Charge.test.ts +173 -0
package/src/tempo/client/Charge.ts +65 -36
package/src/tempo/client/Methods.ts +4 -2
package/src/tempo/client/ResolveAccount.ts +46 -0
package/src/tempo/internal/fee-payer.test.ts +89 -10
package/src/tempo/internal/fee-payer.ts +128 -41
package/src/tempo/internal/proof.test.ts +12 -4
package/src/tempo/internal/proof.ts +55 -6
package/src/tempo/legacy/client/SessionManager.ts +11 -3
package/src/tempo/legacy/server/Session.test.ts +91 -26
package/src/tempo/server/Charge.test.ts +388 -17
package/src/tempo/server/Charge.ts +50 -24
package/src/tempo/server/Methods.ts +4 -2
package/src/tempo/server/Subscription.test.ts +465 -3
package/src/tempo/server/Subscription.ts +174 -19
package/src/tempo/server/internal/html/package.json +2 -2
package/src/tempo/server/internal/html.gen.ts +1 -1
package/src/tempo/session/client/ChannelOps.ts +5 -19
package/src/tempo/session/client/ChannelStore.ts +111 -0
package/src/tempo/session/client/CredentialState.test.ts +206 -62
package/src/tempo/session/client/CredentialState.ts +58 -73
package/src/tempo/session/client/Session.test.ts +41 -1
package/src/tempo/session/client/Session.ts +36 -10
package/src/tempo/session/client/SessionManager.test.ts +154 -65
package/src/tempo/session/client/SessionManager.ts +141 -235
package/src/tempo/session/client/index.ts +8 -5
package/src/tempo/session/precompile/Voucher.test.ts +45 -7
package/src/tempo/session/precompile/Voucher.ts +27 -25
package/src/tempo/session/server/CredentialVerification.test.ts +36 -0
package/src/tempo/session/server/CredentialVerification.ts +18 -0
package/src/tempo/session/server/Session.test.ts +4 -4
package/src/tempo/session/server/Settlement.test.ts +88 -1
package/src/tempo/session/server/Settlement.ts +2 -1
package/src/tempo/session/server/Sse.ts +0 -2
package/src/tempo/session/server/Ws.ts +0 -4
package/src/tempo/subscription/Store.ts +27 -9
package/src/x402/Exact.e2e.test.ts +1 -1
package/src/x402/PublicInterface.test-d.ts +1 -1
package/src/x402/index.ts +1 -0
package/dist/mcp-sdk/client/McpClient.d.ts +0 -85
package/dist/mcp-sdk/client/McpClient.d.ts.map +0 -1
package/dist/mcp-sdk/client/McpClient.js +0 -118
package/dist/mcp-sdk/client/McpClient.js.map +0 -1
package/dist/mcp-sdk/client/index.d.ts.map +0 -1
package/dist/mcp-sdk/client/index.js.map +0 -1
package/dist/mcp-sdk/server/Transport.d.ts.map +0 -1
package/dist/mcp-sdk/server/Transport.js.map +0 -1
package/dist/mcp-sdk/server/index.d.ts.map +0 -1
package/dist/mcp-sdk/server/index.js.map +0 -1
package/src/mcp-sdk/client/McpClient.ts +0 -228
/package/dist/{mcp-sdk → mcp}/client/index.d.ts +0 -0
/package/dist/{mcp-sdk → mcp}/client/index.js +0 -0
/package/dist/{mcp-sdk → mcp}/server/Transport.d.ts +0 -0
/package/dist/{mcp-sdk → mcp}/server/Transport.js +0 -0
/package/dist/{mcp-sdk → mcp}/server/index.d.ts +0 -0
/package/dist/{mcp-sdk → mcp}/server/index.js +0 -0
/package/src/{mcp-sdk → mcp}/client/index.ts +0 -0
/package/src/{mcp-sdk → mcp}/server/Transport.test.ts +0 -0
/package/src/{mcp-sdk → mcp}/server/Transport.ts +0 -0
/package/src/{mcp-sdk → mcp}/server/index.ts +0 -0

package/src/tempo/server/Charge.test.ts CHANGED Viewed

@@ -29,7 +29,7 @@ import * as defaults from '../internal/defaults.js'
 import * as Proof from '../internal/proof.js'
 const realm = 'api.example.com'
-const secretKey = 'test-secret-key'
+const secretKey = 'test-secret-key-test-secret-key-32'
 function isPairAlreadyExistsError(error: unknown) {
   if (typeof error !== 'object' || error === null) return false
@@ -1604,6 +1604,228 @@ describe('tempo', () => {
       httpServer.close()
     })
+    test('behavior: fee payer pre-broadcast simulation targets the co-signed transaction', async () => {
+      // The pre-broadcast simulation must reflect the FINAL co-signed envelope
+      // (concrete sponsor fee payer), not the pre-cosign 0x78 (`feePayer: true`).
+      const callRequests: any[] = []
+      const interceptingClient = createClient({
+        account: accounts[0],
+        chain: client.chain,
+        transport: custom({
+          async request(args: any) {
+            if (args.method === 'eth_call') callRequests.push(args.params?.[0])
+            return client.transport.request(args)
+          },
+        }),
+      })
+      const serverWithTrace = Mppx_server.create({
+        methods: [
+          tempo_server.charge({
+            getClient() {
+              return interceptingClient
+            },
+            currency: asset,
+            account: accounts[0],
+          }),
+        ],
+        realm,
+        secretKey,
+      })
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: accounts[1],
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          serverWithTrace.charge({
+            feePayer: accounts[0],
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0].address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+      const challengeResponse = await fetch(httpServer.url)
+      const credential = await mppx.createCredential(challengeResponse)
+      callRequests.length = 0
+      const authResponse = await fetch(httpServer.url, {
+        headers: { Authorization: credential },
+      })
+      expect(authResponse.status).toBe(200)
+      expect(callRequests.length).toBeGreaterThan(0)
+      const simRequest = callRequests[0]
+      // The co-signed envelope names a concrete sponsor as fee payer. The
+      // pre-cosign 0x78 instead carries `feePayer: true`; asserting the address
+      // proves we simulate the transaction the sponsor actually broadcasts.
+      expect(simRequest.feePayer).not.toBe(true)
+      expect(typeof simRequest.feePayer).toBe('string')
+      expect((simRequest.feePayer as string).toLowerCase()).toBe(accounts[0].address.toLowerCase())
+      // Execution runs as the sender, not the sponsor.
+      expect((simRequest.from as string).toLowerCase()).toBe(accounts[1].address.toLowerCase())
+      expect(simRequest.calls?.length).toBeGreaterThan(0)
+      httpServer.close()
+    })
+    test('behavior: fee payer fails closed when pre-broadcast simulation reverts', async () => {
+      // A reverting pre-broadcast simulation must abort before broadcast so the
+      // sponsor never pays gas for a transaction that would revert.
+      const rpcMethods: string[] = []
+      const interceptingClient = createClient({
+        account: accounts[0],
+        chain: client.chain,
+        transport: custom({
+          async request(args: any) {
+            rpcMethods.push(args.method)
+            if (args.method === 'eth_call')
+              throw new Error('execution reverted: simulation fixture')
+            return client.transport.request(args)
+          },
+        }),
+      })
+      const serverWithRevert = Mppx_server.create({
+        methods: [
+          tempo_server.charge({
+            getClient() {
+              return interceptingClient
+            },
+            currency: asset,
+            account: accounts[0],
+          }),
+        ],
+        realm,
+        secretKey,
+      })
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: accounts[1],
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          serverWithRevert.charge({
+            feePayer: accounts[0],
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0].address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+      const challengeResponse = await fetch(httpServer.url)
+      const credential = await mppx.createCredential(challengeResponse)
+      rpcMethods.length = 0
+      const authResponse = await fetch(httpServer.url, {
+        headers: { Authorization: credential },
+      })
+      // Fails closed: not successful, and the transaction is never broadcast.
+      expect(authResponse.status).not.toBe(200)
+      expect(rpcMethods).toContain('eth_call')
+      expect(rpcMethods).not.toContain('eth_sendRawTransactionSync')
+      expect(rpcMethods).not.toContain('eth_sendRawTransaction')
+      httpServer.close()
+    })
+    test('behavior: fee payer fails closed when simulation reverts (optimistic mode)', async () => {
+      const rpcMethods: string[] = []
+      const interceptingClient = createClient({
+        account: accounts[0],
+        chain: client.chain,
+        transport: custom({
+          async request(args: any) {
+            rpcMethods.push(args.method)
+            if (args.method === 'eth_call')
+              throw new Error('execution reverted: simulation fixture')
+            return client.transport.request(args)
+          },
+        }),
+      })
+      const serverNoWait = Mppx_server.create({
+        methods: [
+          tempo_server.charge({
+            getClient() {
+              return interceptingClient
+            },
+            currency: asset,
+            account: accounts[0],
+            waitForConfirmation: false,
+          }),
+        ],
+        realm,
+        secretKey,
+      })
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: accounts[1],
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          serverNoWait.charge({
+            feePayer: accounts[0],
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0].address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+      const challengeResponse = await fetch(httpServer.url)
+      const credential = await mppx.createCredential(challengeResponse)
+      rpcMethods.length = 0
+      const authResponse = await fetch(httpServer.url, {
+        headers: { Authorization: credential },
+      })
+      expect(authResponse.status).not.toBe(200)
+      expect(rpcMethods).toContain('eth_call')
+      expect(rpcMethods).not.toContain('eth_sendRawTransaction')
+      expect(rpcMethods).not.toContain('eth_sendRawTransactionSync')
+      httpServer.close()
+    })
     test('behavior: fee payer rejects concurrent in-flight transactions from one sender', async () => {
       let releaseSimulation!: () => void
       let resolveSimulationStarted!: () => void
@@ -2484,7 +2706,11 @@ describe('tempo', () => {
         domain: Proof.domain(chain.id),
         types: Proof.types,
         primaryType: 'Proof',
-        message: Proof.message(challenge.id, challenge.realm),
+        message: Proof.message({
+          account: accounts[1].address,
+          challengeId: challenge.id,
+          realm: challenge.realm,
+        }),
       })
       const credential = Credential.from({
@@ -2522,7 +2748,11 @@ describe('tempo', () => {
         domain: Proof.domain(chain.id),
         types: Proof.types,
         primaryType: 'Proof',
-        message: Proof.message(challenge.id, challenge.realm),
+        message: Proof.message({
+          account: accounts[1].address,
+          challengeId: challenge.id,
+          realm: challenge.realm,
+        }),
       })
       const credential = Credential.from({
@@ -2637,7 +2867,11 @@ describe('tempo', () => {
             domain: Proof.domain(chain.id),
             types: Proof.types,
             primaryType: 'Proof',
-            message: Proof.message(challenge.id, challenge.realm),
+            message: Proof.message({
+              account: accounts[1].address,
+              challengeId: challenge.id,
+              realm: challenge.realm,
+            }),
           })
           const credential = Credential.from({
@@ -2761,6 +2995,91 @@ describe('tempo', () => {
       },
     )
+    test('behavior: rejects access-key proof replayed across a co-authorized account', async () => {
+      // The same access key is authorized by two roots (`payer` and `other`),
+      // so a proof bound to `payer` must not be claimable as `other` even
+      // though `other` independently authorized the key.
+      const payer = accounts[1]
+      const other = accounts[2]
+      const accessKey = Account.fromSecp256k1(Secp256k1.randomPrivateKey(), {
+        access: payer,
+      })
+      await fundAccount({ address: other.address, token: asset })
+      await Actions.accessKey.authorizeSync(client, {
+        account: payer,
+        accessKey,
+        feeToken: asset,
+      })
+      await Actions.accessKey.authorizeSync(client, {
+        account: other,
+        accessKey,
+        feeToken: asset,
+      })
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          server.charge({ amount: '0', decimals: 6 }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+      try {
+        const response1 = await fetch(httpServer.url)
+        expect(response1.status).toBe(402)
+        const challenge = Challenge.fromResponse(response1, {
+          methods: [tempo_client.charge()],
+        })
+        // Access key signs a proof bound to `payer` (the `account` field).
+        const signature = await signTypedData(client, {
+          account: accessKey,
+          domain: Proof.domain(chain.id),
+          types: Proof.types,
+          primaryType: 'Proof',
+          message: Proof.message({
+            account: payer.address,
+            challengeId: challenge.id,
+            realm: challenge.realm,
+          }),
+        })
+        // The bound payer accepts the proof.
+        const accepted = await fetch(httpServer.url, {
+          headers: {
+            Authorization: Credential.serialize(
+              Credential.from({
+                challenge,
+                payload: { signature, type: 'proof' as const },
+                source: `did:pkh:eip155:${chain.id}:${payer.address}`,
+              }),
+            ),
+          },
+        })
+        expect(accepted.status).toBe(200)
+        // Replaying the same proof as `other` is rejected by the wallet binding.
+        const replay = await fetch(httpServer.url, {
+          headers: {
+            Authorization: Credential.serialize(
+              Credential.from({
+                challenge,
+                payload: { signature, type: 'proof' as const },
+                source: `did:pkh:eip155:${chain.id}:${other.address}`,
+              }),
+            ),
+          },
+        })
+        expect(replay.status).toBe(402)
+        const body = (await replay.json()) as { detail: string }
+        expect(body.detail).toContain('Proof signature does not match source.')
+      } finally {
+        httpServer.close()
+      }
+    })
     test('behavior: rejects replayed proof credential when store is configured', async () => {
       const replayStore = Store.memory()
       const server_ = Mppx_server.create({
@@ -2798,7 +3117,11 @@ describe('tempo', () => {
         domain: Proof.domain(chain.id),
         types: Proof.types,
         primaryType: 'Proof',
-        message: Proof.message(challenge.id, challenge.realm),
+        message: Proof.message({
+          account: accounts[1].address,
+          challengeId: challenge.id,
+          realm: challenge.realm,
+        }),
       })
       const credential = Credential.from({
@@ -2859,7 +3182,11 @@ describe('tempo', () => {
         domain: Proof.domain(chain.id),
         types: Proof.types,
         primaryType: 'Proof',
-        message: Proof.message(challenge.id, challenge.realm),
+        message: Proof.message({
+          account: accounts[1].address,
+          challengeId: challenge.id,
+          realm: challenge.realm,
+        }),
       })
       const credential = Credential.serialize(
@@ -2933,7 +3260,11 @@ describe('tempo', () => {
         domain: Proof.domain(chain.id),
         types: Proof.types,
         primaryType: 'Proof',
-        message: Proof.message(challenge.id, challenge.realm),
+        message: Proof.message({
+          account: accounts[1].address,
+          challengeId: challenge.id,
+          realm: challenge.realm,
+        }),
       })
       const credential = Credential.from({
@@ -2996,7 +3327,11 @@ describe('tempo', () => {
         domain: Proof.domain(chain.id),
         types: Proof.types,
         primaryType: 'Proof',
-        message: Proof.message(challenge1.id, challenge1.realm),
+        message: Proof.message({
+          account: accounts[1].address,
+          challengeId: challenge1.id,
+          realm: challenge1.realm,
+        }),
       })
       const credential1 = Credential.from({
@@ -3027,7 +3362,11 @@ describe('tempo', () => {
         domain: Proof.domain(chain.id),
         types: Proof.types,
         primaryType: 'Proof',
-        message: Proof.message(challenge2.id, challenge2.realm),
+        message: Proof.message({
+          account: accounts[1].address,
+          challengeId: challenge2.id,
+          realm: challenge2.realm,
+        }),
       })
       const credential2 = Credential.from({
@@ -3064,7 +3403,11 @@ describe('tempo', () => {
         domain: Proof.domain(chain.id),
         types: Proof.types,
         primaryType: 'Proof',
-        message: Proof.message(challenge.id, challenge.realm),
+        message: Proof.message({
+          account: accounts[1].address,
+          challengeId: challenge.id,
+          realm: challenge.realm,
+        }),
       })
       const credential = Credential.from({
@@ -3100,7 +3443,11 @@ describe('tempo', () => {
         domain: Proof.domain(chain.id),
         types: Proof.types,
         primaryType: 'Proof',
-        message: Proof.message(challenge.id, challenge.realm),
+        message: Proof.message({
+          account: accounts[1].address,
+          challengeId: challenge.id,
+          realm: challenge.realm,
+        }),
       })
       const credential = Credential.from({
@@ -3199,7 +3546,11 @@ describe('tempo', () => {
         domain: Proof.domain(chain.id),
         types: Proof.types,
         primaryType: 'Proof',
-        message: Proof.message(challenge.id, challenge.realm),
+        message: Proof.message({
+          account: accounts[1].address,
+          challengeId: challenge.id,
+          realm: challenge.realm,
+        }),
       })
       const credential = Credential.from({
@@ -3237,7 +3588,11 @@ describe('tempo', () => {
         domain: Proof.domain(chain.id),
         types: Proof.types,
         primaryType: 'Proof',
-        message: Proof.message(challenge.id, challenge.realm),
+        message: Proof.message({
+          account: accounts[1].address,
+          challengeId: challenge.id,
+          realm: challenge.realm,
+        }),
       })
       const credential = Credential.from({
@@ -3276,7 +3631,11 @@ describe('tempo', () => {
         domain: Proof.domain(99999),
         types: Proof.types,
         primaryType: 'Proof',
-        message: Proof.message(challenge.id, challenge.realm),
+        message: Proof.message({
+          account: accounts[1].address,
+          challengeId: challenge.id,
+          realm: challenge.realm,
+        }),
       })
       const credential = Credential.from({
@@ -3312,7 +3671,11 @@ describe('tempo', () => {
         domain: Proof.domain(chain.id),
         types: Proof.types,
         primaryType: 'Proof',
-        message: Proof.message(challenge.id, 'evil.example.com'),
+        message: Proof.message({
+          account: accounts[1].address,
+          challengeId: challenge.id,
+          realm: 'evil.example.com',
+        }),
       })
       const credential = Credential.from({
@@ -3348,7 +3711,11 @@ describe('tempo', () => {
         domain: Proof.domain(chain.id),
         types: Proof.types,
         primaryType: 'Proof',
-        message: Proof.message(challenge.id, challenge.realm),
+        message: Proof.message({
+          account: accounts[1].address,
+          challengeId: challenge.id,
+          realm: challenge.realm,
+        }),
       })
       const credential = Credential.from({
@@ -3384,7 +3751,11 @@ describe('tempo', () => {
         domain: Proof.domain(chain.id),
         types: Proof.types,
         primaryType: 'Proof',
-        message: Proof.message(challenge.id, challenge.realm),
+        message: Proof.message({
+          account: accounts[1].address,
+          challengeId: challenge.id,
+          realm: challenge.realm,
+        }),
       })
       const credential = Credential.from({

package/src/tempo/server/Charge.ts CHANGED Viewed

@@ -2,7 +2,6 @@ import * as SignatureEnvelope from 'ox/tempo/SignatureEnvelope'
 import {
   decodeFunctionData,
   formatUnits,
-  hashTypedData,
   keccak256,
   parseEventLogs,
   type TransactionReceipt,
@@ -292,11 +291,15 @@ export function charge<const parameters extends charge.Parameters>(
           }
           const valid = await verifyTypedData(client, {
+            // Bind verification to the claimed payer (`source.address`): the
+            // signer may be the payer itself or an access key authorized for it.
             address: source.address,
-            domain: Proof.domain(resolvedChainId),
-            types: Proof.types,
-            primaryType: 'Proof',
-            message: Proof.message(challenge.id, challenge.realm),
+            ...Proof.typedData({
+              account: source.address,
+              chainId: resolvedChainId,
+              challengeId: challenge.id,
+              realm: challenge.realm,
+            }),
             signature: payload.signature as `0x${string}`,
           })
           if (!valid) {
@@ -403,6 +406,13 @@ export function charge<const parameters extends charge.Parameters>(
             const allowedFeeTokens = FeePayer.defaultAllowedFeeTokens(chainId)
             if (isFeePayerTx) FeePayer.assertAllowedFeeToken(transaction, allowedFeeTokens)
+            // Request for the pre-broadcast simulation; for sponsored payments
+            // this is overwritten below with the co-signed shape.
+            let simulationRequest: Record<string, unknown> = FeePayer.simulationTransaction(
+              transaction,
+              { feePayer: isFeePayerTx },
+            )
             const serializedTransaction_final = await (async () => {
               if (feePayerAccount && methodDetails?.feePayer !== false) {
                 const sponsored = FeePayer.prepareSponsoredTransaction({
@@ -417,22 +427,47 @@ export function charge<const parameters extends charge.Parameters>(
                     feeToken: transaction.feeToken ?? defaults.tokens.pathUsd,
                   },
                 })
+                // `account` is the sender (eth_call `from`); `feePayer` is the
+                // sponsor that pays gas.
+                simulationRequest = {
+                  ...sponsored,
+                  account: transaction.from,
+                  feePayer: feePayerAccount.address,
+                  feePayerSignature: undefined,
+                  signature: undefined,
+                }
                 return signTransaction(client, sponsored as never)
               }
-              if (feePayerUrl && isFeePayerTx)
-                return FeePayer.fillHostedFeePayerTransaction({
+              if (feePayerUrl && isFeePayerTx) {
+                const hosted = await FeePayer.fillHostedFeePayerTransaction({
                   allowedFeeTokens,
+                  challengeExpires: expires,
+                  chainId: chainId ?? client.chain!.id,
+                  details: { amount, currency, recipient },
+                  policy: feePayerPolicy,
                   transaction,
                   url: feePayerUrl,
                 })
+                // Simulate the co-signed envelope (concrete fee payer + chosen
+                // fee token), mirroring the local-sponsor path.
+                simulationRequest = {
+                  ...transaction,
+                  account: transaction.from,
+                  feePayer: hosted.feePayer,
+                  feePayerSignature: undefined,
+                  feeToken: hosted.feeToken,
+                  signature: undefined,
+                }
+                return hosted.serializedTransaction
+              }
               return serializedTransaction
             })()
+            // Pre-broadcast simulation: fail closed before broadcast so the
+            // sponsor never pays gas for a transaction that would revert.
+            await viem_call(client, simulationRequest as never)
             if (waitForConfirmation) {
-              await viem_call(
-                client,
-                FeePayer.simulationTransaction(transaction, { feePayer: isFeePayerTx }),
-              )
               const receipt = await sendRawTransactionSync(client, {
                 serializedTransaction: serializedTransaction_final,
               })
@@ -462,13 +497,9 @@ export function charge<const parameters extends charge.Parameters>(
               return toReceipt(receipt)
             }
-            // Optimistic path: simulate to catch obvious reverts, then broadcast
-            // without waiting for on-chain confirmation. The returned receipt
-            // assumes success — callers opt into this risk via waitForConfirmation: false.
-            await viem_call(
-              client,
-              FeePayer.simulationTransaction(transaction, { feePayer: isFeePayerTx }),
-            )
+            // Optimistic path: broadcast without waiting for confirmation
+            // (simulation above already ran). The returned receipt assumes
+            // success — callers opt in via waitForConfirmation: false.
             const reference = await sendRawTransaction(client, {
               serializedTransaction: serializedTransaction_final,
             })
@@ -1007,12 +1038,7 @@ function recoverAuthorizedProofSigner(parameters: {
   try {
     const envelope = SignatureEnvelope.from(signature)
-    const proofHash = hashTypedData({
-      domain: Proof.domain(chainId),
-      types: Proof.types,
-      primaryType: 'Proof',
-      message: Proof.message(challengeId, realm),
-    })
+    const proofHash = Proof.hash({ account: sourceAddress, chainId, challengeId, realm })
     if (envelope.type === 'keychain') {
       if (!TempoAddress.isEqual(envelope.userAddress, sourceAddress)) return null

package/src/tempo/server/Methods.ts CHANGED Viewed

@@ -49,14 +49,14 @@ function createSessionMethod<const parameters extends tempo.Parameters>(
 }
 /**
- * Creates both Tempo `charge` and `session` methods from shared parameters.
+ * Creates the common Tempo `charge` and `session` methods from shared parameters.
  *
  * @example
  * ```ts
  * import { Mppx, tempo } from 'mppx/server'
  *
  * const mppx = Mppx.create({
- *   methods: [tempo({ currency: '0x...', recipient: '0x...' })],
+ *   methods: [tempo.common({ currency: '0x...', recipient: '0x...' })],
  * })
  * ```
  */
@@ -69,6 +69,8 @@ export namespace tempo {
   /** Creates a Tempo `charge` method for one-time TIP-20 token transfers. */
   export const charge = charge_
+  /** Creates the common Tempo `charge` and `session` methods from shared parameters. */
+  export const common = tempo
   /** Creates a TIP-1034 Tempo `session` method for session-based TIP-20 token payments. */
   export const session = sessionServer
   /** @deprecated Use `tempo.session()` for the TIP-1034 session server method. */