npm - mppx - Versions diffs - 0.7.0 → 0.8.1 - Mend

mppx 0.7.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (290) hide show

package/CHANGELOG.md +41 -0
package/README.md +20 -11
package/dist/Challenge.d.ts.map +1 -1
package/dist/Challenge.js +18 -6
package/dist/Challenge.js.map +1 -1
package/dist/Mcp.d.ts +3 -0
package/dist/Mcp.d.ts.map +1 -1
package/dist/Mcp.js +2 -0
package/dist/Mcp.js.map +1 -1
package/dist/PaymentRequest.d.ts +10 -10
package/dist/PaymentRequest.js +8 -8
package/dist/cli/internal.d.ts +1 -0
package/dist/cli/internal.d.ts.map +1 -1
package/dist/cli/internal.js +1 -15
package/dist/cli/internal.js.map +1 -1
package/dist/client/Mppx.js +2 -2
package/dist/client/Mppx.js.map +1 -1
package/dist/client/Transport.d.ts +11 -16
package/dist/client/Transport.d.ts.map +1 -1
package/dist/client/Transport.js +55 -75
package/dist/client/Transport.js.map +1 -1
package/dist/client/index.d.ts +3 -0
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +1 -0
package/dist/client/index.js.map +1 -1
package/dist/client/internal/Fetch.d.ts.map +1 -1
package/dist/client/internal/Fetch.js +46 -7
package/dist/client/internal/Fetch.js.map +1 -1
package/dist/client/internal/protocols/Mcp.d.ts +7 -0
package/dist/client/internal/protocols/Mcp.d.ts.map +1 -0
package/dist/client/internal/protocols/Mcp.js +159 -0
package/dist/client/internal/protocols/Mcp.js.map +1 -0
package/dist/client/internal/protocols/Mpp.d.ts +4 -0
package/dist/client/internal/protocols/Mpp.d.ts.map +1 -0
package/dist/client/internal/protocols/Mpp.js +18 -0
package/dist/client/internal/protocols/Mpp.js.map +1 -0
package/dist/client/internal/protocols/Protocol.d.ts +10 -0
package/dist/client/internal/protocols/Protocol.d.ts.map +1 -0
package/dist/client/internal/protocols/Protocol.js +2 -0
package/dist/client/internal/protocols/Protocol.js.map +1 -0
package/dist/client/internal/protocols/Shared.d.ts +5 -0
package/dist/client/internal/protocols/Shared.d.ts.map +1 -0
package/dist/client/internal/protocols/Shared.js +20 -0
package/dist/client/internal/protocols/Shared.js.map +1 -0
package/dist/client/internal/protocols/X402.d.ts +8 -0
package/dist/client/internal/protocols/X402.d.ts.map +1 -0
package/dist/client/internal/protocols/X402.js +39 -0
package/dist/client/internal/protocols/X402.js.map +1 -0
package/dist/evm/client/index.d.ts +1 -0
package/dist/evm/client/index.d.ts.map +1 -1
package/dist/evm/client/index.js +1 -0
package/dist/evm/client/index.js.map +1 -1
package/dist/evm/index.d.ts +2 -0
package/dist/evm/index.d.ts.map +1 -1
package/dist/evm/index.js +2 -0
package/dist/evm/index.js.map +1 -1
package/dist/evm/server/index.d.ts +1 -0
package/dist/evm/server/index.d.ts.map +1 -1
package/dist/evm/server/index.js +1 -0
package/dist/evm/server/index.js.map +1 -1
package/dist/mcp/client/McpClient.d.ts +101 -0
package/dist/mcp/client/McpClient.d.ts.map +1 -0
package/dist/mcp/client/McpClient.js +162 -0
package/dist/mcp/client/McpClient.js.map +1 -0
package/dist/mcp/client/index.d.ts.map +1 -0
package/dist/mcp/client/index.js.map +1 -0
package/dist/mcp/server/Transport.d.ts.map +1 -0
package/dist/mcp/server/Transport.js.map +1 -0
package/dist/mcp/server/index.d.ts.map +1 -0
package/dist/mcp/server/index.js.map +1 -0
package/dist/server/Mppx.d.ts +1 -1
package/dist/server/Mppx.d.ts.map +1 -1
package/dist/server/Mppx.js +9 -0
package/dist/server/Mppx.js.map +1 -1
package/dist/server/Transport.d.ts +1 -1
package/dist/server/Transport.d.ts.map +1 -1
package/dist/server/Transport.js +1 -1
package/dist/server/Transport.js.map +1 -1
package/dist/stripe/server/internal/html.gen.d.ts +1 -1
package/dist/stripe/server/internal/html.gen.d.ts.map +1 -1
package/dist/stripe/server/internal/html.gen.js +1 -1
package/dist/stripe/server/internal/html.gen.js.map +1 -1
package/dist/tempo/Proof.d.ts +85 -1
package/dist/tempo/Proof.d.ts.map +1 -1
package/dist/tempo/Proof.js +35 -0
package/dist/tempo/Proof.js.map +1 -1
package/dist/tempo/client/Charge.d.ts +13 -1
package/dist/tempo/client/Charge.d.ts.map +1 -1
package/dist/tempo/client/Charge.js +38 -25
package/dist/tempo/client/Charge.js.map +1 -1
package/dist/tempo/client/Methods.d.ts +5 -3
package/dist/tempo/client/Methods.d.ts.map +1 -1
package/dist/tempo/client/Methods.js +4 -2
package/dist/tempo/client/Methods.js.map +1 -1
package/dist/tempo/client/ResolveAccount.d.ts +40 -0
package/dist/tempo/client/ResolveAccount.d.ts.map +1 -0
package/dist/tempo/client/ResolveAccount.js +2 -0
package/dist/tempo/client/ResolveAccount.js.map +1 -0
package/dist/tempo/internal/fee-payer.d.ts +26 -1
package/dist/tempo/internal/fee-payer.d.ts.map +1 -1
package/dist/tempo/internal/fee-payer.js +83 -30
package/dist/tempo/internal/fee-payer.js.map +1 -1
package/dist/tempo/internal/proof.d.ts +71 -5
package/dist/tempo/internal/proof.d.ts.map +1 -1
package/dist/tempo/internal/proof.js +42 -6
package/dist/tempo/internal/proof.js.map +1 -1
package/dist/tempo/legacy/client/SessionManager.d.ts.map +1 -1
package/dist/tempo/legacy/client/SessionManager.js +10 -3
package/dist/tempo/legacy/client/SessionManager.js.map +1 -1
package/dist/tempo/server/Charge.d.ts.map +1 -1
package/dist/tempo/server/Charge.js +46 -18
package/dist/tempo/server/Charge.js.map +1 -1
package/dist/tempo/server/Methods.d.ts +4 -2
package/dist/tempo/server/Methods.d.ts.map +1 -1
package/dist/tempo/server/Methods.js +4 -2
package/dist/tempo/server/Methods.js.map +1 -1
package/dist/tempo/server/Subscription.d.ts +10 -0
package/dist/tempo/server/Subscription.d.ts.map +1 -1
package/dist/tempo/server/Subscription.js +135 -23
package/dist/tempo/server/Subscription.js.map +1 -1
package/dist/tempo/server/internal/html.gen.d.ts +1 -1
package/dist/tempo/server/internal/html.gen.d.ts.map +1 -1
package/dist/tempo/server/internal/html.gen.js +1 -1
package/dist/tempo/server/internal/html.gen.js.map +1 -1
package/dist/tempo/session/client/ChannelOps.d.ts +2 -3
package/dist/tempo/session/client/ChannelOps.d.ts.map +1 -1
package/dist/tempo/session/client/ChannelOps.js +7 -10
package/dist/tempo/session/client/ChannelOps.js.map +1 -1
package/dist/tempo/session/client/ChannelStore.d.ts +51 -0
package/dist/tempo/session/client/ChannelStore.d.ts.map +1 -0
package/dist/tempo/session/client/ChannelStore.js +63 -0
package/dist/tempo/session/client/ChannelStore.js.map +1 -0
package/dist/tempo/session/client/CredentialState.d.ts +7 -24
package/dist/tempo/session/client/CredentialState.d.ts.map +1 -1
package/dist/tempo/session/client/CredentialState.js +51 -49
package/dist/tempo/session/client/CredentialState.js.map +1 -1
package/dist/tempo/session/client/Session.d.ts +8 -2
package/dist/tempo/session/client/Session.d.ts.map +1 -1
package/dist/tempo/session/client/Session.js +22 -8
package/dist/tempo/session/client/Session.js.map +1 -1
package/dist/tempo/session/client/SessionManager.d.ts +4 -40
package/dist/tempo/session/client/SessionManager.d.ts.map +1 -1
package/dist/tempo/session/client/SessionManager.js +124 -174
package/dist/tempo/session/client/SessionManager.js.map +1 -1
package/dist/tempo/session/client/index.d.ts +3 -4
package/dist/tempo/session/client/index.d.ts.map +1 -1
package/dist/tempo/session/client/index.js +1 -0
package/dist/tempo/session/client/index.js.map +1 -1
package/dist/tempo/session/precompile/Voucher.d.ts +3 -3
package/dist/tempo/session/precompile/Voucher.d.ts.map +1 -1
package/dist/tempo/session/precompile/Voucher.js +24 -25
package/dist/tempo/session/precompile/Voucher.js.map +1 -1
package/dist/tempo/session/server/CredentialVerification.d.ts +6 -0
package/dist/tempo/session/server/CredentialVerification.d.ts.map +1 -1
package/dist/tempo/session/server/CredentialVerification.js +13 -0
package/dist/tempo/session/server/CredentialVerification.js.map +1 -1
package/dist/tempo/session/server/Settlement.d.ts.map +1 -1
package/dist/tempo/session/server/Settlement.js +4 -2
package/dist/tempo/session/server/Settlement.js.map +1 -1
package/dist/tempo/session/server/Sse.d.ts.map +1 -1
package/dist/tempo/session/server/Sse.js.map +1 -1
package/dist/tempo/session/server/Ws.d.ts.map +1 -1
package/dist/tempo/session/server/Ws.js.map +1 -1
package/dist/tempo/subscription/KeyAuthorization.d.ts +712 -1
package/dist/tempo/subscription/KeyAuthorization.d.ts.map +1 -1
package/dist/tempo/subscription/Store.d.ts +2 -0
package/dist/tempo/subscription/Store.d.ts.map +1 -1
package/dist/tempo/subscription/Store.js +16 -1
package/dist/tempo/subscription/Store.js.map +1 -1
package/dist/x402/index.d.ts +1 -0
package/dist/x402/index.d.ts.map +1 -1
package/dist/x402/index.js +1 -0
package/dist/x402/index.js.map +1 -1
package/package.json +21 -10
package/src/Challenge.test.ts +40 -0
package/src/Challenge.ts +19 -6
package/src/Mcp.ts +4 -0
package/src/PaymentRequest.ts +10 -10
package/src/cli/cli.test.ts +15 -15
package/src/cli/config.test.ts +13 -7
package/src/cli/internal.ts +1 -16
package/src/client/Mppx.test-d.ts +21 -1
package/src/client/Mppx.test.ts +1 -1
package/src/client/Mppx.ts +2 -2
package/src/client/Transport.test.ts +225 -178
package/src/client/Transport.ts +77 -83
package/src/client/index.ts +14 -0
package/src/client/internal/Fetch.test.ts +207 -2
package/src/client/internal/Fetch.ts +52 -6
package/src/client/internal/protocols/Mcp.test.ts +220 -0
package/src/client/internal/protocols/Mcp.ts +162 -0
package/src/client/internal/protocols/Mpp.ts +21 -0
package/src/client/internal/protocols/Protocol.ts +10 -0
package/src/client/internal/protocols/Shared.ts +25 -0
package/src/client/internal/protocols/X402.ts +42 -0
package/src/discovery/OpenApi.test.ts +1 -1
package/src/evm/PublicInterface.test-d.ts +1 -1
package/src/evm/client/index.ts +1 -0
package/src/evm/index.ts +2 -0
package/src/evm/server/Charge.test.ts +1 -1
package/src/evm/server/index.ts +1 -0
package/src/{mcp-sdk → mcp}/client/McpClient.integration.test.ts +10 -4
package/src/{mcp-sdk → mcp}/client/McpClient.test-d.ts +45 -18
package/src/{mcp-sdk → mcp}/client/McpClient.test.ts +211 -5
package/src/mcp/client/McpClient.ts +307 -0
package/src/{mcp-sdk → mcp}/client/McpClient.unit.test.ts +9 -5
package/src/middlewares/elysia.test.ts +1 -1
package/src/middlewares/express.test.ts +1 -1
package/src/middlewares/hono.test.ts +1 -1
package/src/middlewares/internal/mppx.test.ts +1 -1
package/src/middlewares/nextjs.test.ts +1 -1
package/src/proxy/Proxy.test.ts +1 -1
package/src/proxy/services/anthropic.test.ts +1 -1
package/src/proxy/services/openai.test.ts +1 -1
package/src/proxy/services/stripe.test.ts +1 -1
package/src/server/Mppx.authorize.test.ts +1 -1
package/src/server/Mppx.test-d.ts +1 -1
package/src/server/Mppx.test.ts +20 -2
package/src/server/Mppx.ts +14 -1
package/src/server/Transport.test.ts +6 -6
package/src/server/Transport.ts +1 -1
package/src/stripe/Charge.integration.test.ts +1 -1
package/src/stripe/client/Charge.test.ts +1 -1
package/src/stripe/server/Charge.test.ts +1 -1
package/src/stripe/server/internal/html/package.json +1 -1
package/src/stripe/server/internal/html.gen.ts +1 -1
package/src/tempo/Proof.conformance.test.ts +146 -0
package/src/tempo/Proof.test-d.ts +15 -0
package/src/tempo/Proof.ts +52 -1
package/src/tempo/Subscription.integration.test.ts +1 -1
package/src/tempo/client/Charge.test.ts +173 -0
package/src/tempo/client/Charge.ts +65 -36
package/src/tempo/client/Methods.ts +4 -2
package/src/tempo/client/ResolveAccount.ts +46 -0
package/src/tempo/internal/fee-payer.test.ts +89 -10
package/src/tempo/internal/fee-payer.ts +128 -41
package/src/tempo/internal/proof.test.ts +12 -4
package/src/tempo/internal/proof.ts +55 -6
package/src/tempo/legacy/client/SessionManager.ts +11 -3
package/src/tempo/legacy/server/Session.test.ts +91 -26
package/src/tempo/server/Charge.test.ts +388 -17
package/src/tempo/server/Charge.ts +50 -24
package/src/tempo/server/Methods.ts +4 -2
package/src/tempo/server/Subscription.test.ts +465 -3
package/src/tempo/server/Subscription.ts +174 -19
package/src/tempo/server/internal/html/package.json +2 -2
package/src/tempo/server/internal/html.gen.ts +1 -1
package/src/tempo/session/client/ChannelOps.ts +5 -19
package/src/tempo/session/client/ChannelStore.ts +111 -0
package/src/tempo/session/client/CredentialState.test.ts +206 -62
package/src/tempo/session/client/CredentialState.ts +58 -73
package/src/tempo/session/client/Session.test.ts +41 -1
package/src/tempo/session/client/Session.ts +36 -10
package/src/tempo/session/client/SessionManager.test.ts +154 -65
package/src/tempo/session/client/SessionManager.ts +141 -235
package/src/tempo/session/client/index.ts +8 -5
package/src/tempo/session/precompile/Voucher.test.ts +45 -7
package/src/tempo/session/precompile/Voucher.ts +27 -25
package/src/tempo/session/server/CredentialVerification.test.ts +36 -0
package/src/tempo/session/server/CredentialVerification.ts +18 -0
package/src/tempo/session/server/Session.test.ts +4 -4
package/src/tempo/session/server/Settlement.test.ts +88 -1
package/src/tempo/session/server/Settlement.ts +2 -1
package/src/tempo/session/server/Sse.ts +0 -2
package/src/tempo/session/server/Ws.ts +0 -4
package/src/tempo/subscription/Store.ts +27 -9
package/src/x402/Exact.e2e.test.ts +1 -1
package/src/x402/PublicInterface.test-d.ts +1 -1
package/src/x402/index.ts +1 -0
package/dist/mcp-sdk/client/McpClient.d.ts +0 -85
package/dist/mcp-sdk/client/McpClient.d.ts.map +0 -1
package/dist/mcp-sdk/client/McpClient.js +0 -118
package/dist/mcp-sdk/client/McpClient.js.map +0 -1
package/dist/mcp-sdk/client/index.d.ts.map +0 -1
package/dist/mcp-sdk/client/index.js.map +0 -1
package/dist/mcp-sdk/server/Transport.d.ts.map +0 -1
package/dist/mcp-sdk/server/Transport.js.map +0 -1
package/dist/mcp-sdk/server/index.d.ts.map +0 -1
package/dist/mcp-sdk/server/index.js.map +0 -1
package/src/mcp-sdk/client/McpClient.ts +0 -228
/package/dist/{mcp-sdk → mcp}/client/index.d.ts +0 -0
/package/dist/{mcp-sdk → mcp}/client/index.js +0 -0
/package/dist/{mcp-sdk → mcp}/server/Transport.d.ts +0 -0
/package/dist/{mcp-sdk → mcp}/server/Transport.js +0 -0
/package/dist/{mcp-sdk → mcp}/server/index.d.ts +0 -0
/package/dist/{mcp-sdk → mcp}/server/index.js +0 -0
/package/src/{mcp-sdk → mcp}/client/index.ts +0 -0
/package/src/{mcp-sdk → mcp}/server/Transport.test.ts +0 -0
/package/src/{mcp-sdk → mcp}/server/Transport.ts +0 -0
/package/src/{mcp-sdk → mcp}/server/index.ts +0 -0

package/src/tempo/session/client/CredentialState.ts CHANGED Viewed

@@ -25,6 +25,7 @@ import {
   resolveEscrow,
   type ChannelEntry,
 } from './ChannelOps.js'
+import { channelKey, entryKey, type ChannelSink } from './ChannelStore.js'
 import { assertWithinMaxDeposit, resolveOpeningDeposit } from './Runtime.js'
 /** Credential payload variants that carry cumulative voucher authorization. */
@@ -33,39 +34,6 @@ export type CumulativeCredentialPayload = Extract<
   { cumulativeAmount: string }
 >
-/** In-memory client channel cache used by automatic precompile session credential planning. */
-export type ChannelCache = {
-  /** Maps reusable channel keys to cached channel metadata. */
-  channels: Map<string, ChannelEntry>
-  /** Maps channel IDs back to reusable channel keys for manual credential cache updates. */
-  channelIdToKey: Map<string, string>
-  /** Emits cache updates to the public `onChannelUpdate` callback. */
-  notifyUpdate(entry: ChannelEntry): void
-}
-/** Creates an empty client channel cache with an optional update callback. */
-export function createChannelCache(
-  onUpdate?: ((entry: ChannelEntry) => void) | undefined,
-): ChannelCache {
-  return {
-    channels: new Map(),
-    channelIdToKey: new Map(),
-    notifyUpdate: (entry) => onUpdate?.(entry),
-  } satisfies ChannelCache
-}
-/** Returns the cache key for a reusable payer session channel. */
-export function channelKey(payee: Address, token: Address, escrow: Address): string {
-  return `${payee.toLowerCase()}:${token.toLowerCase()}:${escrow.toLowerCase()}`
-}
-/** Stores a channel entry and notifies observers. */
-export function storeChannelEntry(cache: ChannelCache, key: string, entry: ChannelEntry): void {
-  cache.channels.set(key, entry)
-  cache.channelIdToKey.set(entry.channelId, key)
-  cache.notifyUpdate(entry)
-}
 /** Returns whether a credential payload carries cumulative voucher authorization. */
 export function hasCredentialCumulativeAmount(
   payload: SessionCredentialPayload,
@@ -81,21 +49,32 @@ export function readCredentialCumulativeAmount(
   return BigInt(payload.cumulativeAmount)
 }
-/** Applies a credential payload's cumulative amount to an existing cached channel. */
-export function updateCachedCumulative(
-  cache: ChannelCache,
-  channelId: Hex,
+/**
+ * Persists a channel entry through the sink and notifies observers. Closed
+ * channels are removed from the store but still reported to observers so callers
+ * can react to the close.
+ */
+async function storeChannelEntry(sink: ChannelSink, entry: ChannelEntry): Promise<void> {
+  if (entry.opened) await sink.store.set(entry)
+  else await sink.store.delete(entryKey(entry))
+  sink.notifyUpdate(entry)
+}
+/** Applies a credential payload's cumulative amount to the stored channel at `key`. */
+async function applyCumulative(
+  sink: ChannelSink,
+  key: string,
   payload: SessionCredentialPayload,
-): void {
-  const key = cache.channelIdToKey.get(channelId)
+): Promise<void> {
   const cumulativeAmount = readCredentialCumulativeAmount(payload)
-  if (!key || cumulativeAmount === undefined) return
-  const entry = cache.channels.get(key)
+  if (cumulativeAmount === undefined) return
+  const entry = await sink.store.get(key)
   if (!entry) return
+  if (entry.channelId.toLowerCase() !== payload.channelId.toLowerCase()) return
   entry.cumulativeAmount =
     entry.cumulativeAmount > cumulativeAmount ? entry.cumulativeAmount : cumulativeAmount
   if (payload.action === 'close') entry.opened = false
-  cache.notifyUpdate(entry)
+  await storeChannelEntry(sink, entry)
 }
 const hexSchema = z.custom<Hex>(
@@ -252,7 +231,7 @@ export type ReusableChannelExpectation = {
   payee: Address
   /** Payer address controlled by the local account. */
   payer: Address
-  /** Voucher signer resolved from local account configuration. */
+  /** Voucher authority resolved from the local account. */
   authorizedSigner: Address
   /** Token expected by the current challenge. */
   token: Address
@@ -300,8 +279,8 @@ export type ChallengeContext = {
 /** Inputs used to choose the next client-side session credential operation. */
 export type PlanCredentialParameters = {
   account: ViemAccount
-  authorizedSigner?: Address | undefined
-  cache: ChannelCache
+  /** Channel previously stored for this challenge scope, fetched by the caller. */
+  entry: ChannelEntry | undefined
   context?: SessionContext | undefined
   decimals: number
   maxDeposit?: bigint | undefined
@@ -336,7 +315,6 @@ export type CredentialPlan =
   | {
       type: 'open'
       account: ViemAccount
-      authorizedSigner?: Address | undefined
       context?: SessionContext | undefined
       maxDeposit?: bigint | undefined
       resolved: ChallengeContext
@@ -345,7 +323,6 @@ export type CredentialPlan =
   | {
       type: 'recover'
       account: ViemAccount
-      authorizedSigner?: Address | undefined
       context: DescriptorSessionContext
       decimals: number
       maxDeposit?: bigint | undefined
@@ -363,7 +340,6 @@ export type CredentialPlan =
   | {
       type: 'manual'
       account: ViemAccount
-      authorizedSigner?: Address | undefined
       context: ManualSessionDescriptorContext
       decimals: number
       resolved: ChallengeContext
@@ -436,7 +412,7 @@ export async function resolveChallengeContext(
     client,
     escrow,
     feePayer: methodDetails.feePayer,
-    key: channelKey(payee, token, escrow),
+    key: channelKey({ payee, token, escrow, chainId }),
     operator: methodDetails.operator,
     payee,
     snapshot: methodDetails.sessionSnapshot,
@@ -533,9 +509,21 @@ export function resolveRecoveredCumulative(
   return settled + requestAmount
 }
+/** Returns whether `account` can satisfy the descriptor's voucher authority. */
+export function canSignDescriptor(
+  account: ViemAccount,
+  descriptor: Channel.ChannelDescriptor,
+): boolean {
+  // Only the payer can deposit into and voucher against its own channel.
+  if (!isSameAddress(account.address, descriptor.payer)) return false
+  const authority = descriptor.authorizedSigner
+  if (BigInt(authority) === 0n || isSameAddress(authority, descriptor.payer)) return true
+  return isSameAddress(resolveAuthorizedSigner(account), authority)
+}
 /** Chooses the next credential plan from local channel cache and optional caller context. */
 export function planCredential(parameters: PlanCredentialParameters): CredentialPlan {
-  const { account, authorizedSigner, cache, context, decimals, maxDeposit, resolved } = parameters
+  const { account, entry, context, decimals, maxDeposit, resolved } = parameters
   if (hasSessionAction(context)) {
     if (!hasManualSessionDescriptor(context))
@@ -543,54 +531,52 @@ export function planCredential(parameters: PlanCredentialParameters): Credential
     return {
       type: 'manual',
       account,
-      authorizedSigner,
       context,
       decimals,
       resolved,
     }
   }
-  const entry = cache.channels.get(resolved.key)
   if (!entry && context?.channelId && !context.descriptor)
     throw new Error('descriptor required to reuse TIP-1034 channel')
   const recoverContext = resolveRecoverContext({ context, snapshot: resolved.snapshot })
-  if (!entry && recoverContext) {
+  if (!entry && recoverContext && canSignDescriptor(account, recoverContext.descriptor)) {
     return {
       type: 'recover',
       account,
-      authorizedSigner,
       context: recoverContext,
       decimals,
       maxDeposit,
       resolved,
     }
   }
-  if (entry?.opened) return { type: 'voucher', account, entry, maxDeposit, resolved }
-  return { type: 'open', account, authorizedSigner, context, maxDeposit, resolved }
+  if (entry?.opened && canSignDescriptor(account, entry.descriptor))
+    return { type: 'voucher', account, entry, maxDeposit, resolved }
+  return { type: 'open', account, context, maxDeposit, resolved }
 }
 /** Executes a credential plan and returns the concrete session credential payload. */
 export async function executeCredentialPlan(
   plan: CredentialPlan,
-  cache: ChannelCache,
+  sink: ChannelSink,
 ): Promise<SessionCredentialPayload> {
   switch (plan.type) {
     case 'open':
-      return open(plan, cache)
+      return open(plan, sink)
     case 'recover':
-      return recover(plan, cache)
+      return recover(plan, sink)
     case 'voucher':
-      return voucher(plan, cache)
+      return voucher(plan, sink)
     case 'manual':
-      return manual(plan, cache)
+      return manual(plan, sink)
   }
 }
 async function open(
   plan: Extract<CredentialPlan, { type: 'open' }>,
-  cache: ChannelCache,
+  sink: ChannelSink,
 ): Promise<SessionCredentialPayload> {
-  const { account, authorizedSigner, resolved } = plan
+  const { account, resolved } = plan
   const deposit = resolveOpeningDeposit({
     contextDepositRaw: plan.context?.depositRaw,
     maxDeposit: plan.maxDeposit,
@@ -598,7 +584,6 @@ async function open(
     suggestedDepositRaw: resolved.suggestedDepositRaw,
   })
   const payload = await createOpenPayload(resolved.client, account, {
-    authorizedSigner,
     chainId: resolved.chainId,
     deposit,
     escrow: resolved.escrow,
@@ -608,7 +593,7 @@ async function open(
     payee: resolved.payee,
     token: resolved.token,
   })
-  storeChannelEntry(cache, resolved.key, {
+  await storeChannelEntry(sink, {
     channelId: payload.channelId,
     cumulativeAmount: resolved.amount,
     deposit,
@@ -622,7 +607,7 @@ async function open(
 async function recover(
   plan: Extract<CredentialPlan, { type: 'recover' }>,
-  cache: ChannelCache,
+  sink: ChannelSink,
 ): Promise<SessionCredentialPayload> {
   const { account, context, decimals, maxDeposit, resolved } = plan
   const { descriptor } = context
@@ -635,7 +620,7 @@ async function recover(
       escrow: resolved.escrow,
       payee: resolved.payee,
       payer: account.address,
-      authorizedSigner: resolveAuthorizedSigner(account, plan.authorizedSigner),
+      authorizedSigner: resolveAuthorizedSigner(account),
       token: resolved.token,
     },
   })
@@ -657,7 +642,7 @@ async function recover(
     resolved.chainId,
     resolved.escrow,
   )
-  storeChannelEntry(cache, resolved.key, {
+  await storeChannelEntry(sink, {
     channelId: reusable.channelId,
     cumulativeAmount,
     deposit: reusable.state.deposit,
@@ -671,7 +656,7 @@ async function recover(
 async function voucher(
   plan: Extract<CredentialPlan, { type: 'voucher' }>,
-  cache: ChannelCache,
+  sink: ChannelSink,
 ): Promise<SessionCredentialPayload> {
   const { account, entry, resolved } = plan
   const cumulativeAmount = entry.cumulativeAmount + resolved.amount
@@ -685,13 +670,13 @@ async function voucher(
     resolved.escrow,
   )
   entry.cumulativeAmount = cumulativeAmount
-  cache.notifyUpdate(entry)
+  await storeChannelEntry(sink, entry)
   return payload
 }
 async function manual(
   plan: Extract<CredentialPlan, { type: 'manual' }>,
-  cache: ChannelCache,
+  sink: ChannelSink,
 ): Promise<SessionCredentialPayload> {
   const { account, context, decimals, resolved } = plan
   const { descriptor } = context
@@ -706,7 +691,7 @@ async function manual(
     expectedChannelId: channelId,
     payee: resolved.payee,
     payer: account.address,
-    authorizedSigner: resolveAuthorizedSigner(account, plan.authorizedSigner),
+    authorizedSigner: resolveAuthorizedSigner(account),
     token: resolved.token,
   })
@@ -718,7 +703,7 @@ async function manual(
     descriptor,
     resolved,
   })
-  updateCachedCumulative(cache, channelId, payload)
+  await applyCumulative(sink, resolved.key, payload)
   return payload
 }

package/src/tempo/session/client/Session.test.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { type Address, createClient, custom, decodeFunctionData, encodeFunctionResult } from 'viem'
 import { privateKeyToAccount } from 'viem/accounts'
-import { Transaction } from 'viem/tempo'
+import { Account as TempoAccount, Secp256k1, Transaction } from 'viem/tempo'
 import { describe, expect, test } from 'vp/test'
 import type { Challenge } from '../../../Challenge.js'
@@ -286,6 +286,46 @@ describe('precompile client session', () => {
     expect(updates).toEqual([100n, 200n])
   })
+  test('passes existing channel authority to resolveAccount before reusing session channel', async () => {
+    const accessKey = TempoAccount.fromSecp256k1(Secp256k1.randomPrivateKey(), {
+      access: account,
+    })
+    const calls: session.ResolveAccountInfo[] = []
+    const method = session({
+      account,
+      decimals: 0,
+      maxDeposit: '1000',
+      getClient: () => client,
+      resolveAccount(info) {
+        calls.push(info)
+        return accessKey
+      },
+    })
+    const first = deserializeCredential(
+      await method.createCredential({ challenge: makeChallenge(), context: {} }),
+    )
+    const second = deserializeCredential(
+      await method.createCredential({ challenge: makeChallenge(), context: {} }),
+    )
+    expect(calls).toHaveLength(2)
+    expect(calls[0]!.account.address).toBe(account.address)
+    expect(calls[0]!.operation).toEqual({ kind: 'authorizePaymentChannel' })
+    expect(calls[1]!.operation).toEqual({
+      kind: 'authorizePaymentChannel',
+      authority: accessKey.accessKeyAddress,
+    })
+    expect(first.source).toBe(`did:pkh:eip155:${chainId}:${account.address}`)
+    expect(second.source).toBe(`did:pkh:eip155:${chainId}:${account.address}`)
+    expect(first.payload.action).toBe('open')
+    if (first.payload.action !== 'open' || second.payload.action !== 'voucher')
+      throw new Error('expected open then voucher payloads')
+    expect(first.payload.descriptor.payer).toBe(account.address)
+    expect(first.payload.descriptor.authorizedSigner).toBe(accessKey.accessKeyAddress)
+    expect(second.payload.channelId).toBe(first.payload.channelId)
+    expect(second.payload.cumulativeAmount).toBe('200')
+  })
   test('enforces maxDeposit when reusing a cached auto-mode channel', async () => {
     const updates: bigint[] = []
     const method = session({

package/src/tempo/session/client/Session.ts CHANGED Viewed

@@ -5,15 +5,20 @@ import * as Constants from '../../../Constants.js'
 import * as Method from '../../../Method.js'
 import * as Account from '../../../viem/Account.js'
 import * as Client from '../../../viem/Client.js'
+import type {
+  ResolveAccount as ResolveAccount_,
+  ResolveAccountInfo as ResolveAccountInfo_,
+} from '../../client/ResolveAccount.js'
 import * as defaults from '../../internal/defaults.js'
 import * as Methods from '../../Methods.js'
 import { serializeCredential, type ChannelEntry } from './ChannelOps.js'
-import { sessionContextSchema } from './CredentialState.js'
+import { createChannelStore, type ChannelStore } from './ChannelStore.js'
 import {
-  createChannelCache,
   executeCredentialPlan,
   planCredential,
   resolveChallengeContext,
+  resolveRecoverContext,
+  sessionContextSchema,
 } from './CredentialState.js'
 export { sessionContextSchema, type SessionContext } from './CredentialState.js'
@@ -28,12 +33,13 @@ export { sessionContextSchema, type SessionContext } from './CredentialState.js'
 export function session(parameters: session.Parameters = {}) {
   const {
     account,
-    authorizedSigner,
+    channelStore,
     decimals = defaults.decimals,
     escrow: escrowOverride,
     getClient: getClientParameter,
     maxDeposit: maxDepositParameter,
     onChannelUpdate,
+    resolveAccount,
   } = parameters
   const getClient = Client.getResolver({
     chain: tempo_chain,
@@ -43,7 +49,8 @@ export function session(parameters: session.Parameters = {}) {
   const getAccount = Account.getResolver({ account })
   const maxDeposit =
     maxDepositParameter !== undefined ? parseUnits(maxDepositParameter, decimals) : undefined
-  const cache = createChannelCache(onChannelUpdate)
+  const store = channelStore ?? createChannelStore()
+  const sink = { store, notifyUpdate: (entry: ChannelEntry) => onChannelUpdate?.(entry) }
   return Method.toClient(Methods.session, {
     canHandleChallenge({ challenge }) {
@@ -61,18 +68,32 @@ export function session(parameters: session.Parameters = {}) {
         escrowOverride,
         getClient,
       })
-      const account = getAccount(resolved.client, context)
+      const defaultAccount = getAccount(resolved.client, context)
+      const entry = await store.get(resolved.key)
+      // Resolve recovery hints early so account selection can satisfy an existing channel authority.
+      const recoverContext = resolveRecoverContext({ context, snapshot: resolved.snapshot })
+      const descriptor = context?.action
+        ? context.descriptor
+        : (entry?.descriptor ?? recoverContext?.descriptor)
+      const account =
+        (await resolveAccount?.({
+          account: defaultAccount,
+          chainId: resolved.chainId,
+          operation: {
+            kind: 'authorizePaymentChannel',
+            ...(descriptor ? { authority: descriptor.authorizedSigner } : {}),
+          },
+        })) ?? defaultAccount
       const payload = await executeCredentialPlan(
         planCredential({
           account,
-          authorizedSigner,
-          cache,
+          entry,
           context,
           decimals,
           maxDeposit,
           resolved,
         }),
-        cache,
+        sink,
       )
       return serializeCredential(challenge, payload, resolved.chainId, account)
     },
@@ -81,10 +102,13 @@ export function session(parameters: session.Parameters = {}) {
 /** Type helpers for the low-level TIP-1034 session client method. */
 export declare namespace session {
+  type ResolveAccount = ResolveAccount_
+  type ResolveAccountInfo = ResolveAccountInfo_
   type Parameters = Account.getResolver.Parameters &
     Client.getResolver.Parameters & {
-      /** Address authorized to sign vouchers on behalf of the payer. Defaults to the account access key address when available, otherwise the account address. */
-      authorizedSigner?: Address | undefined
+      /** Pluggable persistence for reusable channels. Defaults to an in-memory store. */
+      channelStore?: ChannelStore | undefined
       /** Token decimals for parsing human-readable amounts (default: 6). */
       decimals?: number | undefined
       /** TIP20EscrowChannel address override. */
@@ -93,5 +117,7 @@ export declare namespace session {
       maxDeposit?: string | undefined
       /** Called whenever channel state changes. */
       onChannelUpdate?: ((entry: ChannelEntry) => void) | undefined
+      /** Selects the account that signs this session credential after the challenge is known. */
+      resolveAccount?: ResolveAccount | undefined
     }
 }