Skip to content

mppx validate: multi-challenge support, per-method validation, streaming output#629

Merged
brendanjryan merged 1 commit into
wevm:mainfrom
bensandler-stripe:bensandler-validate-improvements
Jul 13, 2026
Merged

mppx validate: multi-challenge support, per-method validation, streaming output#629
brendanjryan merged 1 commit into
wevm:mainfrom
bensandler-stripe:bensandler-validate-improvements

Conversation

@bensandler-stripe

@bensandler-stripe bensandler-stripe commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

A number of improvements to mppx validate. Builds on #631.

Bug fixes:

  • Instead of picking first method for automatic crypto transfer, iterates over all methods and makes transfers for any supported method (tempo, soon to be base)
  • Fixed URL resolution when base URL has a subpath (e.g. mppx validate https://api.example.com/mpp now correctly resolves to /mpp/openapi.json instead of /openapi.json)
  • Guarded all BigInt conversions with isValidIntegerAmount regex check first (prevents crash on non-integer amounts like "5.000000")
  • Multi-challenge parsing: uses fromResponseList to parse all payment methods from WWW-Authenticate (previously only picked the first one)
  • Amount is always required (fail not warn when missing)
  • Console.log leak fixed in JSON mode

UX and validation improvements:

  • Per-method field validation: validates Stripe (amount, currency, networkId, paymentMethodTypes), EVM (recipient, currency, amount, chainId), and Tempo (recipient/splits, currency, amount) challenge fields
  • Common field checks reduced across all challenges (id, realm, expiration, realm-match) into single pass/fail per field
  • Token symbol and chain name in payment prompts ("USDC.e on Tempo Mainnet")
  • Tempo recipient validation: must have either recipient or splits
  • Unsupported payment methods silently skipped (no noise in summary count)

Diffs before/after

@bensandler-stripe bensandler-stripe force-pushed the bensandler-validate-improvements branch from 09fafb7 to 5a9072e Compare July 9, 2026 21:54
@pkg-pr-new

pkg-pr-new Bot commented Jul 9, 2026

Copy link
Copy Markdown

Open in StackBlitz

npm i https://pkg.pr.new/mppx@629

commit: 09b0065

@bensandler-stripe bensandler-stripe force-pushed the bensandler-validate-improvements branch 2 times, most recently from 7bec8d5 to 9241fef Compare July 9, 2026 22:04
@bensandler-stripe bensandler-stripe marked this pull request as draft July 9, 2026 22:09
@bensandler-stripe bensandler-stripe force-pushed the bensandler-validate-improvements branch from 9241fef to 91e84bf Compare July 9, 2026 22:10
@bensandler-stripe bensandler-stripe marked this pull request as ready for review July 10, 2026 14:32
@bensandler-stripe

Copy link
Copy Markdown
Contributor Author

r? @brendanjryan

@bensandler-stripe bensandler-stripe marked this pull request as draft July 10, 2026 15:17
@bensandler-stripe bensandler-stripe force-pushed the bensandler-validate-improvements branch 8 times, most recently from ea9256f to ecc5e92 Compare July 10, 2026 16:19
@brendanjryan brendanjryan marked this pull request as ready for review July 10, 2026 16:32

@brendanjryan brendanjryan left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bensandler-stripe -- some CI issues but content-wise this look good!

@bensandler-stripe bensandler-stripe force-pushed the bensandler-validate-improvements branch 10 times, most recently from 0eca153 to e474a0c Compare July 10, 2026 17:45
@bensandler-stripe bensandler-stripe marked this pull request as draft July 10, 2026 17:47
@bensandler-stripe

Copy link
Copy Markdown
Contributor Author

ah @brendanjryan sorry if I wasted your time, I was adding a few other fixes to this branch. Will get your review in a few.

@bensandler-stripe bensandler-stripe force-pushed the bensandler-validate-improvements branch 5 times, most recently from b77cf89 to fb93ddf Compare July 10, 2026 18:28
@bensandler-stripe bensandler-stripe changed the title Improve mppx validate error reporting and fix URL resolution mppx validate: multi-challenge support, per-method validation, streaming output Jul 10, 2026
@bensandler-stripe bensandler-stripe force-pushed the bensandler-validate-improvements branch 7 times, most recently from 65bd823 to 6f5a7dc Compare July 10, 2026 21:13
@bensandler-stripe

Copy link
Copy Markdown
Contributor Author

@brendanjryan let's merge #631 first (this PR is now rebased off that branch) and then I'll have you review this one

@bensandler-stripe bensandler-stripe force-pushed the bensandler-validate-improvements branch from 6f5a7dc to a23b9ca Compare July 11, 2026 16:11
@@ -0,0 +1,5 @@
---

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

diff is a bit easier to review with hiding whitespace:

Image

@bensandler-stripe bensandler-stripe marked this pull request as ready for review July 11, 2026 16:16
…ment loop

  - Multi-challenge parsing (fromResponseList) with per-method [tag] prefixes
  - Per-method field validation for Stripe, EVM, and Tempo
  - Payment loop tries each supported method with per-method prompts
  - Common field checks reduced across all challenges
  - URL resolution fix for subpath-mounted servers
  - BigInt guards with isValidIntegerAmount
  - Malformed challenge detection and reporting

  GIT_VALID_PII_OVERRIDE

Committed-By-Agent: claude
@bensandler-stripe bensandler-stripe force-pushed the bensandler-validate-improvements branch from a23b9ca to 09b0065 Compare July 11, 2026 16:53
@brendanjryan

brendanjryan commented Jul 11, 2026

Copy link
Copy Markdown
Collaborator

code-wise this LGTM

Guarded all BigInt conversions with isValidIntegerAmount regex check first (prevents crash on non-integer amounts like "5.000000")

Why do we need checks like this? Shouldn't all of this be implicitly guarded by the mppx typing and data types?

There is some concern with servers passing invalid json on the wire, but IMO we should just fail are struct marshal time vs. trying to do field-level checks. This is much simpler to maintain

@bensandler-stripe

Copy link
Copy Markdown
Contributor Author

Why do we need checks like this? Shouldn't all of this be implicitly guarded by the mppx typing and data types?

@brendanjryan you mean, servers' usage of mppx (or another SDK) should prevent this from even happening?

My thinking is, if we rejected at struct-marshal time, we'd just get "parse failed" with no actionable feedback. There was a real user's server I validated (this diff shows before/after) where we previously failed on an opaque Error: Cannot convert 5.000000 to a BigInt and now return something much more descriptive.

Is your contention that we can't reasonably do this for every field, so perhaps it's not really worth doing for any? I think amounts specifically are reasonably tricky to get right, so I personally feel good about these validations. But I agree I wouldn't want to do the same for every other field.

@brendanjryan

Copy link
Copy Markdown
Collaborator

Yes -- main concern being that this is a little noisy and redundant, but I do see the benefit.

I'm +1 to this given that all of this is isolated in a designated "validate" package

@brendanjryan brendanjryan left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bensandler-stripe -- some CI issues but content-wise this look good!

Comment thread src/cli/validate.test.ts
;(bad.request as Record<string, unknown>).amount = '1.50'
const server = await multiChallengeServer([bad])
const { output } = await serve(['validate', server.url])
expect(output).toContain('Amount is valid integer string (Got: 1.50)')

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is this "is a valid integer string?" shouldn't this be invalid?

@brendanjryan brendanjryan merged commit d3d9d81 into wevm:main Jul 13, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants