mppx@0.6.3

Patch Changes

• 530a6ff: Validate session settle/close senders against the channel payee so raw delegated access-key accounts fail fast with a clear error, and use the raw Tempo transaction path for access-key-compatible settlement and close flows.

mppx@0.6.2

Patch Changes

• 57354de: Added scope-bound challenge metadata for route replay protection, scope-aware verifyCredential() checks, and adapter auto-scoping for Hono and proxy routes.

mppx@0.6.1

Patch Changes

• Fixed cross-route credential replay checks by binding unitType and allowing verifyCredential() to validate credentials against expected route context.

mppx@0.6.0

Minor Changes

• e606fa9: Breaking: Removed default Accept-Payment headers on every outgoing request for polyfilled fetch in browsers. Now defaults to same-origin requests in browser environments. Non-browser environments are unaffected. Use acceptPaymentPolicy to control supported payment origins.

Patch Changes

• e606fa9: Added acceptPaymentPolicy option to control when the Accept-Payment header is injected on outgoing requests, mitigating CORS preflight failures on non-payment-aware servers.

  • In browsers, Fetch.polyfill and Mppx.create (with polyfill: true) default to 'same-origin', preventing cross-origin CORS issues.
  • Non-browser environments and Mppx.create with polyfill: false default to 'always'.
  • Supported values: 'always', 'same-origin', 'never', { origins: string[] } (with *. wildcard support).
  • Exported Fetch namespace from mppx/client.

• 1a831eb: Fixed Tempo session content gating and SSE plain-response billing to share request-body detection so HTTP/2 POST requests without Content-Length were classified consistently.

mppx@0.5.17

Patch Changes

• 3259157: Added mppx account export command for exporting the private key of local keychain-backed accounts.

mppx@0.5.16

Patch Changes

• 5b6a938: Thread context through pinned requests so MCP tool calls and HEAD requests cannot bypass the shared management-vs-content gate.
• 22be301: Preserve keyAuthorization in fee-sponsored Tempo charge transactions and reject unsupported transaction fields instead of silently dropping them.
• 3e7320d: Charge tempo/session SSE streams with unitType: "request" once per streamed response instead of once per emitted SSE data event.

mppx@0.5.14

Patch Changes

• 1ba7af2: Hardened sponsored Tempo session open and topUp flows by enforcing fee-payer policy limits, blocking call smuggling, and adding feePayerPolicy support.
• 1ba7af2: Fixed fee-sponsored Tempo charge flows by simulating sponsored transactions before broadcast and binding swap approvals to the DEX input token.
• 1ba7af2: Normalized Tempo session channel IDs across storage and verification paths, preventing case-variant aliases from creating duplicate channel state.

mppx@0.5.13

Patch Changes

• 7e16df7: Make Tempo charge fee-sponsorship policy resolve per chain and allow overriding it with feePayerPolicy.
• 13d2851: Fixed Tempo HTML pay button text overrides and make the HTML page title follow a custom paymentRequired label when title is omitted.
• e81f45c: Add Tempo charge supportedModes request support so clients and servers can explicitly negotiate push vs pull settlement.

mppx@0.5.12

Patch Changes

• f6ce313: Add typed paymentPreferences support that emits Accept-Payment on client requests and filters composed server challenges accordingly.
• 7059598: Accept zero-dollar proof credentials signed by authorized Tempo access keys and export Tempo proof DID helpers from mppx/tempo.
• b6a18c4: Raised too low fee-payer maxTotalFee policy

mppx@0.5.11

Patch Changes

• 2aff2c0: Handled malformed Host headers in the Node request listener instead of letting them crash the process.