npm - mppx - Versions diffs - 0.7.0 → 0.8.1 - Mend

mppx 0.7.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (290) hide show

package/CHANGELOG.md +41 -0
package/README.md +20 -11
package/dist/Challenge.d.ts.map +1 -1
package/dist/Challenge.js +18 -6
package/dist/Challenge.js.map +1 -1
package/dist/Mcp.d.ts +3 -0
package/dist/Mcp.d.ts.map +1 -1
package/dist/Mcp.js +2 -0
package/dist/Mcp.js.map +1 -1
package/dist/PaymentRequest.d.ts +10 -10
package/dist/PaymentRequest.js +8 -8
package/dist/cli/internal.d.ts +1 -0
package/dist/cli/internal.d.ts.map +1 -1
package/dist/cli/internal.js +1 -15
package/dist/cli/internal.js.map +1 -1
package/dist/client/Mppx.js +2 -2
package/dist/client/Mppx.js.map +1 -1
package/dist/client/Transport.d.ts +11 -16
package/dist/client/Transport.d.ts.map +1 -1
package/dist/client/Transport.js +55 -75
package/dist/client/Transport.js.map +1 -1
package/dist/client/index.d.ts +3 -0
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +1 -0
package/dist/client/index.js.map +1 -1
package/dist/client/internal/Fetch.d.ts.map +1 -1
package/dist/client/internal/Fetch.js +46 -7
package/dist/client/internal/Fetch.js.map +1 -1
package/dist/client/internal/protocols/Mcp.d.ts +7 -0
package/dist/client/internal/protocols/Mcp.d.ts.map +1 -0
package/dist/client/internal/protocols/Mcp.js +159 -0
package/dist/client/internal/protocols/Mcp.js.map +1 -0
package/dist/client/internal/protocols/Mpp.d.ts +4 -0
package/dist/client/internal/protocols/Mpp.d.ts.map +1 -0
package/dist/client/internal/protocols/Mpp.js +18 -0
package/dist/client/internal/protocols/Mpp.js.map +1 -0
package/dist/client/internal/protocols/Protocol.d.ts +10 -0
package/dist/client/internal/protocols/Protocol.d.ts.map +1 -0
package/dist/client/internal/protocols/Protocol.js +2 -0
package/dist/client/internal/protocols/Protocol.js.map +1 -0
package/dist/client/internal/protocols/Shared.d.ts +5 -0
package/dist/client/internal/protocols/Shared.d.ts.map +1 -0
package/dist/client/internal/protocols/Shared.js +20 -0
package/dist/client/internal/protocols/Shared.js.map +1 -0
package/dist/client/internal/protocols/X402.d.ts +8 -0
package/dist/client/internal/protocols/X402.d.ts.map +1 -0
package/dist/client/internal/protocols/X402.js +39 -0
package/dist/client/internal/protocols/X402.js.map +1 -0
package/dist/evm/client/index.d.ts +1 -0
package/dist/evm/client/index.d.ts.map +1 -1
package/dist/evm/client/index.js +1 -0
package/dist/evm/client/index.js.map +1 -1
package/dist/evm/index.d.ts +2 -0
package/dist/evm/index.d.ts.map +1 -1
package/dist/evm/index.js +2 -0
package/dist/evm/index.js.map +1 -1
package/dist/evm/server/index.d.ts +1 -0
package/dist/evm/server/index.d.ts.map +1 -1
package/dist/evm/server/index.js +1 -0
package/dist/evm/server/index.js.map +1 -1
package/dist/mcp/client/McpClient.d.ts +101 -0
package/dist/mcp/client/McpClient.d.ts.map +1 -0
package/dist/mcp/client/McpClient.js +162 -0
package/dist/mcp/client/McpClient.js.map +1 -0
package/dist/mcp/client/index.d.ts.map +1 -0
package/dist/mcp/client/index.js.map +1 -0
package/dist/mcp/server/Transport.d.ts.map +1 -0
package/dist/mcp/server/Transport.js.map +1 -0
package/dist/mcp/server/index.d.ts.map +1 -0
package/dist/mcp/server/index.js.map +1 -0
package/dist/server/Mppx.d.ts +1 -1
package/dist/server/Mppx.d.ts.map +1 -1
package/dist/server/Mppx.js +9 -0
package/dist/server/Mppx.js.map +1 -1
package/dist/server/Transport.d.ts +1 -1
package/dist/server/Transport.d.ts.map +1 -1
package/dist/server/Transport.js +1 -1
package/dist/server/Transport.js.map +1 -1
package/dist/stripe/server/internal/html.gen.d.ts +1 -1
package/dist/stripe/server/internal/html.gen.d.ts.map +1 -1
package/dist/stripe/server/internal/html.gen.js +1 -1
package/dist/stripe/server/internal/html.gen.js.map +1 -1
package/dist/tempo/Proof.d.ts +85 -1
package/dist/tempo/Proof.d.ts.map +1 -1
package/dist/tempo/Proof.js +35 -0
package/dist/tempo/Proof.js.map +1 -1
package/dist/tempo/client/Charge.d.ts +13 -1
package/dist/tempo/client/Charge.d.ts.map +1 -1
package/dist/tempo/client/Charge.js +38 -25
package/dist/tempo/client/Charge.js.map +1 -1
package/dist/tempo/client/Methods.d.ts +5 -3
package/dist/tempo/client/Methods.d.ts.map +1 -1
package/dist/tempo/client/Methods.js +4 -2
package/dist/tempo/client/Methods.js.map +1 -1
package/dist/tempo/client/ResolveAccount.d.ts +40 -0
package/dist/tempo/client/ResolveAccount.d.ts.map +1 -0
package/dist/tempo/client/ResolveAccount.js +2 -0
package/dist/tempo/client/ResolveAccount.js.map +1 -0
package/dist/tempo/internal/fee-payer.d.ts +26 -1
package/dist/tempo/internal/fee-payer.d.ts.map +1 -1
package/dist/tempo/internal/fee-payer.js +83 -30
package/dist/tempo/internal/fee-payer.js.map +1 -1
package/dist/tempo/internal/proof.d.ts +71 -5
package/dist/tempo/internal/proof.d.ts.map +1 -1
package/dist/tempo/internal/proof.js +42 -6
package/dist/tempo/internal/proof.js.map +1 -1
package/dist/tempo/legacy/client/SessionManager.d.ts.map +1 -1
package/dist/tempo/legacy/client/SessionManager.js +10 -3
package/dist/tempo/legacy/client/SessionManager.js.map +1 -1
package/dist/tempo/server/Charge.d.ts.map +1 -1
package/dist/tempo/server/Charge.js +46 -18
package/dist/tempo/server/Charge.js.map +1 -1
package/dist/tempo/server/Methods.d.ts +4 -2
package/dist/tempo/server/Methods.d.ts.map +1 -1
package/dist/tempo/server/Methods.js +4 -2
package/dist/tempo/server/Methods.js.map +1 -1
package/dist/tempo/server/Subscription.d.ts +10 -0
package/dist/tempo/server/Subscription.d.ts.map +1 -1
package/dist/tempo/server/Subscription.js +135 -23
package/dist/tempo/server/Subscription.js.map +1 -1
package/dist/tempo/server/internal/html.gen.d.ts +1 -1
package/dist/tempo/server/internal/html.gen.d.ts.map +1 -1
package/dist/tempo/server/internal/html.gen.js +1 -1
package/dist/tempo/server/internal/html.gen.js.map +1 -1
package/dist/tempo/session/client/ChannelOps.d.ts +2 -3
package/dist/tempo/session/client/ChannelOps.d.ts.map +1 -1
package/dist/tempo/session/client/ChannelOps.js +7 -10
package/dist/tempo/session/client/ChannelOps.js.map +1 -1
package/dist/tempo/session/client/ChannelStore.d.ts +51 -0
package/dist/tempo/session/client/ChannelStore.d.ts.map +1 -0
package/dist/tempo/session/client/ChannelStore.js +63 -0
package/dist/tempo/session/client/ChannelStore.js.map +1 -0
package/dist/tempo/session/client/CredentialState.d.ts +7 -24
package/dist/tempo/session/client/CredentialState.d.ts.map +1 -1
package/dist/tempo/session/client/CredentialState.js +51 -49
package/dist/tempo/session/client/CredentialState.js.map +1 -1
package/dist/tempo/session/client/Session.d.ts +8 -2
package/dist/tempo/session/client/Session.d.ts.map +1 -1
package/dist/tempo/session/client/Session.js +22 -8
package/dist/tempo/session/client/Session.js.map +1 -1
package/dist/tempo/session/client/SessionManager.d.ts +4 -40
package/dist/tempo/session/client/SessionManager.d.ts.map +1 -1
package/dist/tempo/session/client/SessionManager.js +124 -174
package/dist/tempo/session/client/SessionManager.js.map +1 -1
package/dist/tempo/session/client/index.d.ts +3 -4
package/dist/tempo/session/client/index.d.ts.map +1 -1
package/dist/tempo/session/client/index.js +1 -0
package/dist/tempo/session/client/index.js.map +1 -1
package/dist/tempo/session/precompile/Voucher.d.ts +3 -3
package/dist/tempo/session/precompile/Voucher.d.ts.map +1 -1
package/dist/tempo/session/precompile/Voucher.js +24 -25
package/dist/tempo/session/precompile/Voucher.js.map +1 -1
package/dist/tempo/session/server/CredentialVerification.d.ts +6 -0
package/dist/tempo/session/server/CredentialVerification.d.ts.map +1 -1
package/dist/tempo/session/server/CredentialVerification.js +13 -0
package/dist/tempo/session/server/CredentialVerification.js.map +1 -1
package/dist/tempo/session/server/Settlement.d.ts.map +1 -1
package/dist/tempo/session/server/Settlement.js +4 -2
package/dist/tempo/session/server/Settlement.js.map +1 -1
package/dist/tempo/session/server/Sse.d.ts.map +1 -1
package/dist/tempo/session/server/Sse.js.map +1 -1
package/dist/tempo/session/server/Ws.d.ts.map +1 -1
package/dist/tempo/session/server/Ws.js.map +1 -1
package/dist/tempo/subscription/KeyAuthorization.d.ts +712 -1
package/dist/tempo/subscription/KeyAuthorization.d.ts.map +1 -1
package/dist/tempo/subscription/Store.d.ts +2 -0
package/dist/tempo/subscription/Store.d.ts.map +1 -1
package/dist/tempo/subscription/Store.js +16 -1
package/dist/tempo/subscription/Store.js.map +1 -1
package/dist/x402/index.d.ts +1 -0
package/dist/x402/index.d.ts.map +1 -1
package/dist/x402/index.js +1 -0
package/dist/x402/index.js.map +1 -1
package/package.json +21 -10
package/src/Challenge.test.ts +40 -0
package/src/Challenge.ts +19 -6
package/src/Mcp.ts +4 -0
package/src/PaymentRequest.ts +10 -10
package/src/cli/cli.test.ts +15 -15
package/src/cli/config.test.ts +13 -7
package/src/cli/internal.ts +1 -16
package/src/client/Mppx.test-d.ts +21 -1
package/src/client/Mppx.test.ts +1 -1
package/src/client/Mppx.ts +2 -2
package/src/client/Transport.test.ts +225 -178
package/src/client/Transport.ts +77 -83
package/src/client/index.ts +14 -0
package/src/client/internal/Fetch.test.ts +207 -2
package/src/client/internal/Fetch.ts +52 -6
package/src/client/internal/protocols/Mcp.test.ts +220 -0
package/src/client/internal/protocols/Mcp.ts +162 -0
package/src/client/internal/protocols/Mpp.ts +21 -0
package/src/client/internal/protocols/Protocol.ts +10 -0
package/src/client/internal/protocols/Shared.ts +25 -0
package/src/client/internal/protocols/X402.ts +42 -0
package/src/discovery/OpenApi.test.ts +1 -1
package/src/evm/PublicInterface.test-d.ts +1 -1
package/src/evm/client/index.ts +1 -0
package/src/evm/index.ts +2 -0
package/src/evm/server/Charge.test.ts +1 -1
package/src/evm/server/index.ts +1 -0
package/src/{mcp-sdk → mcp}/client/McpClient.integration.test.ts +10 -4
package/src/{mcp-sdk → mcp}/client/McpClient.test-d.ts +45 -18
package/src/{mcp-sdk → mcp}/client/McpClient.test.ts +211 -5
package/src/mcp/client/McpClient.ts +307 -0
package/src/{mcp-sdk → mcp}/client/McpClient.unit.test.ts +9 -5
package/src/middlewares/elysia.test.ts +1 -1
package/src/middlewares/express.test.ts +1 -1
package/src/middlewares/hono.test.ts +1 -1
package/src/middlewares/internal/mppx.test.ts +1 -1
package/src/middlewares/nextjs.test.ts +1 -1
package/src/proxy/Proxy.test.ts +1 -1
package/src/proxy/services/anthropic.test.ts +1 -1
package/src/proxy/services/openai.test.ts +1 -1
package/src/proxy/services/stripe.test.ts +1 -1
package/src/server/Mppx.authorize.test.ts +1 -1
package/src/server/Mppx.test-d.ts +1 -1
package/src/server/Mppx.test.ts +20 -2
package/src/server/Mppx.ts +14 -1
package/src/server/Transport.test.ts +6 -6
package/src/server/Transport.ts +1 -1
package/src/stripe/Charge.integration.test.ts +1 -1
package/src/stripe/client/Charge.test.ts +1 -1
package/src/stripe/server/Charge.test.ts +1 -1
package/src/stripe/server/internal/html/package.json +1 -1
package/src/stripe/server/internal/html.gen.ts +1 -1
package/src/tempo/Proof.conformance.test.ts +146 -0
package/src/tempo/Proof.test-d.ts +15 -0
package/src/tempo/Proof.ts +52 -1
package/src/tempo/Subscription.integration.test.ts +1 -1
package/src/tempo/client/Charge.test.ts +173 -0
package/src/tempo/client/Charge.ts +65 -36
package/src/tempo/client/Methods.ts +4 -2
package/src/tempo/client/ResolveAccount.ts +46 -0
package/src/tempo/internal/fee-payer.test.ts +89 -10
package/src/tempo/internal/fee-payer.ts +128 -41
package/src/tempo/internal/proof.test.ts +12 -4
package/src/tempo/internal/proof.ts +55 -6
package/src/tempo/legacy/client/SessionManager.ts +11 -3
package/src/tempo/legacy/server/Session.test.ts +91 -26
package/src/tempo/server/Charge.test.ts +388 -17
package/src/tempo/server/Charge.ts +50 -24
package/src/tempo/server/Methods.ts +4 -2
package/src/tempo/server/Subscription.test.ts +465 -3
package/src/tempo/server/Subscription.ts +174 -19
package/src/tempo/server/internal/html/package.json +2 -2
package/src/tempo/server/internal/html.gen.ts +1 -1
package/src/tempo/session/client/ChannelOps.ts +5 -19
package/src/tempo/session/client/ChannelStore.ts +111 -0
package/src/tempo/session/client/CredentialState.test.ts +206 -62
package/src/tempo/session/client/CredentialState.ts +58 -73
package/src/tempo/session/client/Session.test.ts +41 -1
package/src/tempo/session/client/Session.ts +36 -10
package/src/tempo/session/client/SessionManager.test.ts +154 -65
package/src/tempo/session/client/SessionManager.ts +141 -235
package/src/tempo/session/client/index.ts +8 -5
package/src/tempo/session/precompile/Voucher.test.ts +45 -7
package/src/tempo/session/precompile/Voucher.ts +27 -25
package/src/tempo/session/server/CredentialVerification.test.ts +36 -0
package/src/tempo/session/server/CredentialVerification.ts +18 -0
package/src/tempo/session/server/Session.test.ts +4 -4
package/src/tempo/session/server/Settlement.test.ts +88 -1
package/src/tempo/session/server/Settlement.ts +2 -1
package/src/tempo/session/server/Sse.ts +0 -2
package/src/tempo/session/server/Ws.ts +0 -4
package/src/tempo/subscription/Store.ts +27 -9
package/src/x402/Exact.e2e.test.ts +1 -1
package/src/x402/PublicInterface.test-d.ts +1 -1
package/src/x402/index.ts +1 -0
package/dist/mcp-sdk/client/McpClient.d.ts +0 -85
package/dist/mcp-sdk/client/McpClient.d.ts.map +0 -1
package/dist/mcp-sdk/client/McpClient.js +0 -118
package/dist/mcp-sdk/client/McpClient.js.map +0 -1
package/dist/mcp-sdk/client/index.d.ts.map +0 -1
package/dist/mcp-sdk/client/index.js.map +0 -1
package/dist/mcp-sdk/server/Transport.d.ts.map +0 -1
package/dist/mcp-sdk/server/Transport.js.map +0 -1
package/dist/mcp-sdk/server/index.d.ts.map +0 -1
package/dist/mcp-sdk/server/index.js.map +0 -1
package/src/mcp-sdk/client/McpClient.ts +0 -228
/package/dist/{mcp-sdk → mcp}/client/index.d.ts +0 -0
/package/dist/{mcp-sdk → mcp}/client/index.js +0 -0
/package/dist/{mcp-sdk → mcp}/server/Transport.d.ts +0 -0
/package/dist/{mcp-sdk → mcp}/server/Transport.js +0 -0
/package/dist/{mcp-sdk → mcp}/server/index.d.ts +0 -0
/package/dist/{mcp-sdk → mcp}/server/index.js +0 -0
/package/src/{mcp-sdk → mcp}/client/index.ts +0 -0
/package/src/{mcp-sdk → mcp}/server/Transport.test.ts +0 -0
/package/src/{mcp-sdk → mcp}/server/Transport.ts +0 -0
/package/src/{mcp-sdk → mcp}/server/index.ts +0 -0

package/src/tempo/server/Subscription.ts CHANGED Viewed

@@ -1,6 +1,13 @@
 import { Base64 } from 'ox'
 import { KeyAuthorization } from 'ox/tempo'
-import { encodeFunctionData, isAddressEqual, type Address, type Client as ViemClient } from 'viem'
+import {
+  encodeFunctionData,
+  isAddressEqual,
+  parseEventLogs,
+  type Address,
+  type Client as ViemClient,
+  type TransactionReceipt,
+} from 'viem'
 import {
   call as viem_call,
   prepareTransactionRequest,
@@ -113,6 +120,8 @@ export function subscription<const parameters extends subscription.Parameters>(
     },
     async authorize({ input, request }) {
+      if (parameters.requireCredential) return undefined
       const resolved = await parameters.resolve({ input, request })
       if (!resolved) return undefined
@@ -182,8 +191,8 @@ export function subscription<const parameters extends subscription.Parameters>(
       const input = requestFromCaptured(capturedRequest)
       const resolved = await parameters.resolve({ input, request: parsedRequest })
       const existing = resolved ? await store.getByKey(resolved.key) : null
-      const accessKey =
-        resolved && !credential
+      const accessKey = !credential
+        ? resolved
           ? await resolveChallengeAccessKey({
               existing,
               input,
@@ -192,7 +201,10 @@ export function subscription<const parameters extends subscription.Parameters>(
               resolved,
               store,
             })
-          : (credentialRequest?.methodDetails?.accessKey ?? parsedRequest.methodDetails?.accessKey)
+          : parameters.requireCredential && !parameters.activate
+            ? await createUnboundChallengeAccessKey({ store })
+            : undefined
+        : (credentialRequest?.methodDetails?.accessKey ?? parsedRequest.methodDetails?.accessKey)
       if (!accessKey) {
         throw new VerificationFailedError({ reason: 'subscription accessKey is missing' })
       }
@@ -218,16 +230,17 @@ export function subscription<const parameters extends subscription.Parameters>(
         challengeExpires: credential.challenge.expires,
         request: parsedRequest,
       })
-      const resolved = await parameters.resolve({ input, request: parsedRequest })
-      if (!resolved) {
-        throw new VerificationFailedError({ reason: 'subscription could not be resolved' })
-      }
       const challengeRequest = credential.challenge.request as SubscriptionRequest
-      const accessKey =
-        challengeRequest.methodDetails?.accessKey ??
-        parsedRequest.methodDetails?.accessKey ??
-        (await resolveAccessKey({ input, parameters, request: parsedRequest, resolved }))
+      let resolved: subscription.ResolvedSubscription | null = null
+      let accessKey =
+        challengeRequest.methodDetails?.accessKey ?? parsedRequest.methodDetails?.accessKey
+      if (!accessKey) {
+        resolved = await parameters.resolve({ input, request: parsedRequest })
+        if (!resolved) {
+          throw new VerificationFailedError({ reason: 'subscription could not be resolved' })
+        }
+        accessKey = await resolveAccessKey({ input, parameters, request: parsedRequest, resolved })
+      }
       if (!accessKey) {
         throw new VerificationFailedError({ reason: 'subscription accessKey is missing' })
       }
@@ -247,10 +260,20 @@ export function subscription<const parameters extends subscription.Parameters>(
           reason: 'credential source does not match signature',
         })
       }
+      resolved =
+        (await parameters.resolve({ input, request: parsedRequest, source: verified.source })) ??
+        resolved
+      if (!resolved) {
+        throw new VerificationFailedError({ reason: 'subscription could not be resolved' })
+      }
       const activation = await store.activate({
         challengeId: credential.challenge.id,
-        isReusable: (subscription) => isReusableSubscription(subscription, parsedRequest),
+        isReusable: (subscription) =>
+          parameters.requireCredential
+            ? isActiveSubscriptionForRequest(subscription, parsedRequest)
+            : isReusableSubscription(subscription, parsedRequest),
         lookupKey: resolved.key,
         async create() {
           const activation = withSubscriptionAccessKey(
@@ -299,7 +322,50 @@ export function subscription<const parameters extends subscription.Parameters>(
         throw new VerificationFailedError({ reason: 'subscription activation claim mismatch' })
       }
       if (activation.status === 'existing') {
-        return SubscriptionReceipt.fromRecord(activation.subscription)
+        const subscription = activation.subscription
+        assertSubscriptionPayer(subscription, verified.source, {
+          required: parameters.requireCredential,
+        })
+        const periodIndex = getPeriodIndex(subscription)
+        if (periodIndex > subscription.lastChargedPeriod) {
+          const renew = resolveRenewalHandler({
+            feePayer,
+            feePayerPolicy,
+            getClient,
+            parameters,
+            store,
+            subscription,
+            waitForConfirmation,
+          })
+          if (!renew) {
+            throw new VerificationFailedError({ reason: 'subscription renewal is required' })
+          }
+          const renewal = await settleRenewal({
+            expectedLookupKey: resolved.key,
+            periodIndex,
+            renew,
+            request: parsedRequest,
+            store,
+            subscription,
+          })
+          if (!renewal) {
+            throw new VerificationFailedError({ reason: 'subscription renewal failed' })
+          }
+          if (renewal.status === 'charged' || renewal.status === 'inFlight') {
+            return renewal.receipt
+          }
+          await parameters.hooks?.renewed?.({
+            periodIndex,
+            receipt: renewal.result.receipt,
+            subscription: renewal.result.subscription,
+          })
+          return renewal.result.receipt
+        }
+        return SubscriptionReceipt.fromRecord(subscription)
       }
       await parameters.hooks?.activated?.({
@@ -380,6 +446,18 @@ async function resolveChallengeAccessKey(parameters: {
   )
 }
+async function createUnboundChallengeAccessKey(parameters: {
+  store: SubscriptionStore.SubscriptionStore
+}) {
+  const accessKey = await parameters.store.getOrCreateAccessKey(
+    `challenge:${createSubscriptionId()}`,
+  )
+  return {
+    accessKeyAddress: accessKey.accessKeyAddress,
+    keyType: accessKey.keyType,
+  } satisfies SubscriptionAccessKey
+}
 async function activateSubscription(parameters: {
   accessKey: SubscriptionAccessKey
   auto: {
@@ -567,14 +645,20 @@ function isActive(subscription: SubscriptionRecord): boolean {
   return new Date(subscription.subscriptionExpires).getTime() > Date.now()
 }
+function isActiveSubscriptionForRequest(
+  subscription: SubscriptionRecord,
+  request: SubscriptionRequest,
+): boolean {
+  return isActive(subscription) && subscriptionMatchesRequest(subscription, request)
+}
 function isReusableSubscription(
   subscription: SubscriptionRecord,
   request: SubscriptionRequest,
 ): boolean {
   return (
-    isActive(subscription) &&
-    getPeriodIndex(subscription) <= subscription.lastChargedPeriod &&
-    subscriptionMatchesRequest(subscription, request)
+    isActiveSubscriptionForRequest(subscription, request) &&
+    getPeriodIndex(subscription) <= subscription.lastChargedPeriod
   )
 }
@@ -589,6 +673,25 @@ function subscriptionMatchesRequest(
   )
 }
+function assertSubscriptionPayer(
+  subscription: SubscriptionRecord,
+  source: { address: Address; chainId: number },
+  options?: { required?: boolean | undefined },
+) {
+  if (!subscription.payer) {
+    if (options?.required) {
+      throw new VerificationFailedError({ reason: 'subscription payer is missing' })
+    }
+    return
+  }
+  if (
+    subscription.payer.chainId !== source.chainId ||
+    !isAddressEqual(subscription.payer.address, source.address)
+  ) {
+    throw new VerificationFailedError({ reason: 'subscription payer mismatch' })
+  }
+}
 function comparableSubscriptionBinding(value: SubscriptionRecord | SubscriptionRequest) {
   const chainId =
     'chainId' in value ? value.chainId : (value as SubscriptionRequest).methodDetails?.chainId
@@ -804,7 +907,9 @@ async function submitSubscriptionPayment(parameters: {
     store,
     waitForConfirmation,
   } = parameters
-  const stored = await store.getAccessKey(lookupKey)
+  const stored =
+    (await store.getAccessKey(lookupKey)) ??
+    (await store.getAccessKeyByAddress(accessKey.accessKeyAddress))
   if (!stored) {
     throw new VerificationFailedError({ reason: 'subscription access key is missing' })
   }
@@ -884,6 +989,8 @@ async function submitSubscriptionPayment(parameters: {
   } as never)
   if (!waitForConfirmation) {
+    // Optimistic mode has no receipt to inspect, so it cannot detect a T6
+    // (TIP-1028) held transfer. Use `waitForConfirmation: true` for T6-safe proof.
     return sendRawTransaction(client, {
       serializedTransaction: serializedTransaction as Transaction.TransactionSerializedTempo,
     })
@@ -897,9 +1004,50 @@ async function submitSubscriptionPayment(parameters: {
       reason: `subscription transaction reverted: ${receipt.transactionHash}`,
     })
   }
+  assertSubscriptionTransfer(receipt, {
+    amount: BigInt(request.amount),
+    currency: request.currency as Address,
+    memo,
+    recipient: request.recipient as Address,
+  })
   return receipt.transactionHash
 }
+/**
+ * Asserts a confirmed subscription payment credited the recipient.
+ *
+ * Transaction success alone is not proof: under Tempo T6 (TIP-1028) a recipient
+ * receive policy can hold the funds in `ReceivePolicyGuard` while the tx still
+ * succeeds. Settlement always emits one `transferWithMemo(recipient, amount,
+ * memo)`, so this requires a matching `TransferWithMemo` log on the expected
+ * token. A held transfer fails because its `to` is the guard, and the memo
+ * binding excludes unrelated transfer effects in the same receipt.
+ */
+function assertSubscriptionTransfer(
+  receipt: TransactionReceipt,
+  parameters: { amount: bigint; currency: Address; memo: `0x${string}`; recipient: Address },
+): void {
+  const { amount, currency, memo, recipient } = parameters
+  const credited = parseEventLogs({
+    abi: Abis.tip20,
+    eventName: 'TransferWithMemo',
+    logs: receipt.logs,
+  }).some(
+    (log) =>
+      isAddressEqual(log.address, currency) &&
+      isAddressEqual(log.args.to, recipient) &&
+      log.args.amount === amount &&
+      log.args.memo.toLowerCase() === memo.toLowerCase(),
+  )
+  if (!credited) {
+    throw new VerificationFailedError({
+      reason:
+        `subscription transfer was not credited to the recipient ` +
+        `(funds may have been held by a receive policy): ${receipt.transactionHash}`,
+    })
+  }
+}
 function createSubscriptionId() {
   const bytes = new Uint8Array(18)
   globalThis.crypto.getRandomValues(bytes)
@@ -1054,6 +1202,11 @@ export declare namespace subscription {
        * Keeps concurrent renewal safe while allowing recovery from abandoned attempts.
        */
       renewalTimeoutMs?: number | undefined
+      /**
+       * Requires a fresh subscription Credential even when a subscription is active.
+       * This binds access reuse to the stored payer instead of trusting request metadata alone.
+       */
+      requireCredential?: boolean | undefined
       /**
        * Override the fee-payer policy for sponsored subscription payments.
        * Useful when the access key + key authorization tx requires more gas
@@ -1101,6 +1254,8 @@ export declare namespace subscription {
       resolve: (parameters: {
         input: Request
         request: SubscriptionRequest
+        /** Verified payer identity recovered from a signed subscription credential. */
+        source?: { address: Address; chainId: number } | undefined
       }) => MaybePromise<ResolvedSubscription | null>
       renew?: (parameters: {
         /** Stable idempotency/reconciliation reference persisted before the renewal hook runs. */

package/src/tempo/server/internal/html/package.json CHANGED Viewed

@@ -3,8 +3,8 @@
   "private": true,
   "type": "module",
   "dependencies": {
-    "accounts": "0.14.6",
+    "accounts": "0.14.9",
     "mppx": "workspace:*",
-    "viem": "2.50.4"
+    "viem": "2.52.2"
   }
 }