@metamask-previews/gator-permissions-controller 0.7.0-preview-7cfbb337 → 0.7.0-preview-6c66772

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/CHANGELOG.md +2 -1
  2. package/dist/GatorPermissionsController.cjs.map +1 -1
  3. package/dist/GatorPermissionsController.d.cts +1 -1
  4. package/dist/GatorPermissionsController.d.cts.map +1 -1
  5. package/dist/GatorPermissionsController.d.mts +1 -1
  6. package/dist/GatorPermissionsController.d.mts.map +1 -1
  7. package/dist/GatorPermissionsController.mjs.map +1 -1
  8. package/dist/decodePermission/decodePermission.cjs +27 -6
  9. package/dist/decodePermission/decodePermission.cjs.map +1 -1
  10. package/dist/decodePermission/decodePermission.d.cts +1 -1
  11. package/dist/decodePermission/decodePermission.d.cts.map +1 -1
  12. package/dist/decodePermission/decodePermission.d.mts +1 -1
  13. package/dist/decodePermission/decodePermission.d.mts.map +1 -1
  14. package/dist/decodePermission/decodePermission.mjs +28 -7
  15. package/dist/decodePermission/decodePermission.mjs.map +1 -1
  16. package/dist/decodePermission/utils.cjs +36 -24
  17. package/dist/decodePermission/utils.cjs.map +1 -1
  18. package/dist/decodePermission/utils.d.cts +5 -4
  19. package/dist/decodePermission/utils.d.cts.map +1 -1
  20. package/dist/decodePermission/utils.d.mts +5 -4
  21. package/dist/decodePermission/utils.d.mts.map +1 -1
  22. package/dist/decodePermission/utils.mjs +36 -24
  23. package/dist/decodePermission/utils.mjs.map +1 -1
  24. package/package.json +2 -2
package/dist/decodePermission/decodePermission.cjs CHANGED
@@ -11,7 +11,7 @@ const utils_2 = require("./utils.cjs");
11
11
  * A permission type matches when:
12
12
  * - All of its required enforcers are present in the provided list; and
13
13
  * - No provided enforcer falls outside the union of the type's required and
14
- * allowed enforcers (currently only `TimestampEnforcer` is allowed extra).
14
+ * optional enforcers (currently only `TimestampEnforcer` is allowed extra).
15
15
  *
16
16
  * If exactly one permission type matches, its identifier is returned.
17
17
  *
@@ -23,19 +23,36 @@ const utils_2 = require("./utils.cjs");
23
23
  * @throws If no permission type matches, or if more than one permission type matches.
24
24
  */
25
25
  const identifyPermissionByEnforcers = ({ enforcers, contracts, }) => {
26
- const enforcersSet = new Set(enforcers.map(utils_1.getChecksumAddress));
26
+ // Build frequency map for enforcers (using checksummed addresses)
27
+ const counts = new Map();
28
+ for (const addr of enforcers.map(utils_1.getChecksumAddress)) {
29
+ counts.set(addr, (counts.get(addr) ?? 0) + 1);
30
+ }
31
+ const enforcersSet = new Set(counts.keys());
27
32
  const permissionRules = (0, utils_2.createPermissionRulesForChainId)(contracts);
28
33
  let matchingPermissionType = null;
29
- for (const { allowedEnforcers, requiredEnforcers, permissionType, } of permissionRules) {
30
- const hasAllRequiredEnforcers = (0, utils_2.isSubset)(requiredEnforcers, enforcersSet);
34
+ for (const { optionalEnforcers, requiredEnforcers, permissionType, } of permissionRules) {
35
+ // union of optional + required enforcers. Any other address is forbidden.
36
+ const allowedEnforcers = new Set([
37
+ ...optionalEnforcers,
38
+ ...requiredEnforcers.keys(),
39
+ ]);
31
40
  let hasForbiddenEnforcers = false;
32
41
  for (const caveat of enforcersSet) {
33
- if (!allowedEnforcers.has(caveat) && !requiredEnforcers.has(caveat)) {
42
+ if (!allowedEnforcers.has(caveat)) {
34
43
  hasForbiddenEnforcers = true;
35
44
  break;
36
45
  }
37
46
  }
38
- if (hasAllRequiredEnforcers && !hasForbiddenEnforcers) {
47
+ // exact multiplicity match for required enforcers
48
+ let meetsRequiredCounts = true;
49
+ for (const [addr, requiredCount] of requiredEnforcers.entries()) {
50
+ if ((counts.get(addr) ?? 0) !== requiredCount) {
51
+ meetsRequiredCounts = false;
52
+ break;
53
+ }
54
+ }
55
+ if (meetsRequiredCounts && !hasForbiddenEnforcers) {
39
56
  if (matchingPermissionType) {
40
57
  throw new Error('Multiple permission types match');
41
58
  }
@@ -168,6 +185,10 @@ const getPermissionDataAndExpiry = ({ contracts, caveats, permissionType, }) =>
168
185
  };
169
186
  break;
170
187
  }
188
+ case 'erc20-token-revocation': {
189
+ data = {};
190
+ break;
191
+ }
171
192
  default:
172
193
  throw new Error('Invalid permission type');
173
194
  }
package/dist/decodePermission/decodePermission.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"decodePermission.cjs","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":";;;AACA,+DAA2D;AAC3D,2CAA+E;AAO/E,uCAMiB;AAEjB;;;;;;;;;;;;;;;;;GAiBG;AACI,MAAM,6BAA6B,GAAG,CAAC,EAC5C,SAAS,EACT,SAAS,GAIV,EAAkB,EAAE;IACnB,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,0BAAkB,CAAC,CAAC,CAAC;IAEhE,MAAM,eAAe,GAAG,IAAA,uCAA+B,EAAC,SAAS,CAAC,CAAC;IAEnE,IAAI,sBAAsB,GAA0B,IAAI,CAAC;IAEzD,KAAK,MAAM,EACT,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,GACf,IAAI,eAAe,EAAE,CAAC;QACrB,MAAM,uBAAuB,GAAG,IAAA,gBAAQ,EAAC,iBAAiB,EAAE,YAAY,CAAC,CAAC;QAE1E,IAAI,qBAAqB,GAAG,KAAK,CAAC;QAElC,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;YAClC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACpE,qBAAqB,GAAG,IAAI,CAAC;gBAC7B,MAAM;YACR,CAAC;QACH,CAAC;QAED,IAAI,uBAAuB,IAAI,CAAC,qBAAqB,EAAE,CAAC;YACtD,IAAI,sBAAsB,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;YACD,sBAAsB,GAAG,cAAc,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,sBAAsB,CAAC;AAChC,CAAC,CAAC;AA1CW,QAAA,6BAA6B,iCA0CxC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,4BAA4B,GAAG,CAAC,KAAU,EAAU,EAAE;IAC1D,0FAA0F;IAC1F,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,qFAAqF,KAAK,CAAC,MAAM,EAAE,CACpG,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAElD,IAAI,IAAA,mBAAW,EAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,mBAAW,EAAC,MAAM,CAAC,CAAC;IAEnC,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,iEAAiE,CAClE,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACI,MAAM,0BAA0B,GAAG,CAAC,EACzC,SAAS,EACT,OAAO,EACP,cAAc,GAKf,EAGC,EAAE;IACF,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC/C,GAAG,MAAM;QACT,QAAQ,EAAE,IAAA,0BAAkB,EAAC,MAAM,CAAC,QAAQ,CAAC;KAC9C,CAAC,CAAC,CAAC;IAEJ,MAAM,EACJ,sBAAsB,EACtB,qBAAqB,EACrB,4BAA4B,EAC5B,2BAA2B,EAC3B,iBAAiB,GAClB,GAAG,IAAA,qCAA6B,EAAC,SAAS,CAAC,CAAC;IAE7C,MAAM,WAAW,GAAG,IAAA,0BAAkB,EAAC;QACrC,OAAO,EAAE,eAAe;QACxB,QAAQ,EAAE,iBAAiB;QAC3B,eAAe,EAAE,KAAK;KACvB,CAAC,CAAC;IAEH,IAAI,MAAM,GAAkB,IAAI,CAAC;IACjC,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,GAAG,4BAA4B,CAAC,WAAW,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,IAA6C,CAAC;IAElD,QAAQ,cAAc,EAAE,CAAC;QACvB,KAAK,oBAAoB,CAAC,CAAC,CAAC;YAC1B,MAAM,mBAAmB,GAAG,IAAA,0BAAkB,EAAC;gBAC7C,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,sBAAsB;aACjC,CAAC,CAAC;YAEH,MAAM,CACJ,YAAY,EACZ,aAAa,EACb,SAAS,EACT,eAAe,EACf,YAAY,EACb,GAAG,IAAA,gBAAQ,EAAC,mBAAmB,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAExD,IAAI,GAAG;gBACL,YAAY;gBACZ,aAAa;gBACb,SAAS;gBACT,eAAe;gBACf,SAAS,EAAE,IAAA,mBAAW,EAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QACD,KAAK,sBAAsB,CAAC,CAAC,CAAC;YAC5B,MAAM,kBAAkB,GAAG,IAAA,0BAAkB,EAAC;gBAC5C,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,qBAAqB;aAChC,CAAC,CAAC;YAEH,MAAM,CAAC,YAAY,EAAE,YAAY,EAAE,iBAAiB,EAAE,YAAY,CAAC,GACjE,IAAA,gBAAQ,EAAC,kBAAkB,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAEjD,IAAI,GAAG;gBACL,YAAY;gBACZ,YAAY;gBACZ,cAAc,EAAE,IAAA,mBAAW,EAAC,iBAAiB,CAAC;gBAC9C,SAAS,EAAE,IAAA,mBAAW,EAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QAED,KAAK,qBAAqB,CAAC,CAAC,CAAC;YAC3B,MAAM,yBAAyB,GAAG,IAAA,0BAAkB,EAAC;gBACnD,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,4BAA4B;aACvC,CAAC,CAAC;YAEH,MAAM,CAAC,aAAa,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,CAAC,GAC7D,IAAA,gBAAQ,EAAC,yBAAyB,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAExD,IAAI,GAAG;gBACL,aAAa;gBACb,SAAS;gBACT,eAAe;gBACf,SAAS,EAAE,IAAA,mBAAW,EAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QACD,KAAK,uBAAuB,CAAC,CAAC,CAAC;YAC7B,MAAM,wBAAwB,GAAG,IAAA,0BAAkB,EAAC;gBAClD,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,2BAA2B;aACtC,CAAC,CAAC;YAEH,MAAM,CAAC,YAAY,EAAE,iBAAiB,EAAE,YAAY,CAAC,GAAG,IAAA,gBAAQ,EAC9D,wBAAwB,EACxB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CACb,CAAC;YAEF,IAAI,GAAG;gBACL,YAAY;gBACZ,cAAc,EAAE,IAAA,mBAAW,EAAC,iBAAiB,CAAC;gBAC9C,SAAS,EAAE,IAAA,mBAAW,EAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QACD;YACE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAC1B,CAAC,CAAC;AAxHW,QAAA,0BAA0B,8BAwHrC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACI,MAAM,4BAA4B,GAAG,CAAC,EAC3C,OAAO,EACP,cAAc,EACd,SAAS,EACT,QAAQ,EACR,SAAS,EACT,MAAM,EACN,IAAI,EACJ,aAAa,EACb,eAAe,GAWhB,EAAE,EAAE;IACH,IAAI,SAAS,KAAK,gCAAc,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,UAAU,GAAsB;QACpC,OAAO,EAAE,IAAA,mBAAW,EAAC,OAAO,CAAC;QAC7B,OAAO,EAAE,SAAS;QAClB,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE;QACxD,UAAU,EAAE;YACV,IAAI,EAAE,cAAc;YACpB,IAAI;YACJ,aAAa;SACd;QACD,MAAM;QACN,MAAM,EAAE,eAAe;KACxB,CAAC;IAEF,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC;AAvCW,QAAA,4BAA4B,gCAuCvC","sourcesContent":["import type { Caveat, Hex } from '@metamask/delegation-core';\nimport { ROOT_AUTHORITY } from '@metamask/delegation-core';\nimport { getChecksumAddress, hexToNumber, numberToHex } from '@metamask/utils';\n\nimport type {\n DecodedPermission,\n DeployedContractsByName,\n PermissionType,\n} from './types';\nimport {\n createPermissionRulesForChainId,\n getChecksumEnforcersByChainId,\n getTermsByEnforcer,\n isSubset,\n splitHex,\n} from './utils';\n\n/**\n * Identifies the unique permission type that matches a given set of enforcer\n * contract addresses for a specific chain.\n *\n * A permission type matches when:\n * - All of its required enforcers are present in the provided list; and\n * - No provided enforcer falls outside the union of the type's required and\n * allowed enforcers (currently only `TimestampEnforcer` is allowed extra).\n *\n * If exactly one permission type matches, its identifier is returned.\n *\n * @param args - The arguments to this function.\n * @param args.enforcers - List of enforcer contract addresses (hex strings).\n *\n * @param args.contracts - The deployed contracts for the chain.\n * @returns The identifier of the matching permission type.\n * @throws If no permission type matches, or if more than one permission type matches.\n */\nexport const identifyPermissionByEnforcers = ({\n enforcers,\n contracts,\n}: {\n enforcers: Hex[];\n contracts: DeployedContractsByName;\n}): PermissionType => {\n const enforcersSet = new Set(enforcers.map(getChecksumAddress));\n\n const permissionRules = createPermissionRulesForChainId(contracts);\n\n let matchingPermissionType: PermissionType | null = null;\n\n for (const {\n allowedEnforcers,\n requiredEnforcers,\n permissionType,\n } of permissionRules) {\n const hasAllRequiredEnforcers = isSubset(requiredEnforcers, enforcersSet);\n\n let hasForbiddenEnforcers = false;\n\n for (const caveat of enforcersSet) {\n if (!allowedEnforcers.has(caveat) && !requiredEnforcers.has(caveat)) {\n hasForbiddenEnforcers = true;\n break;\n }\n }\n\n if (hasAllRequiredEnforcers && !hasForbiddenEnforcers) {\n if (matchingPermissionType) {\n throw new Error('Multiple permission types match');\n }\n matchingPermissionType = permissionType;\n }\n }\n\n if (!matchingPermissionType) {\n throw new Error('Unable to identify permission type');\n }\n\n return matchingPermissionType;\n};\n\n/**\n * Extracts the expiry timestamp from TimestampEnforcer caveat terms.\n *\n * Based on the TimestampEnforcer contract encoding:\n * - Terms are 32 bytes total (64 hex characters without '0x')\n * - First 16 bytes (32 hex chars): timestampAfterThreshold (uint128) - must be 0\n * - Last 16 bytes (32 hex chars): timestampBeforeThreshold (uint128) - this is the expiry\n *\n * @param terms - The hex-encoded terms from a TimestampEnforcer caveat\n * @returns The expiry timestamp in seconds\n * @throws If the terms are not exactly 32 bytes, if the timestampAfterThreshold is non-zero,\n * or if the timestampBeforeThreshold is zero\n */\nconst extractExpiryFromCaveatTerms = (terms: Hex): number => {\n // Validate terms length: must be exactly 32 bytes (64 hex chars + '0x' prefix = 66 chars)\n if (terms.length !== 66) {\n throw new Error(\n `Invalid TimestampEnforcer terms length: expected 66 characters (0x + 64 hex), got ${terms.length}`,\n );\n }\n\n const [after, before] = splitHex(terms, [16, 16]);\n\n if (hexToNumber(after) !== 0) {\n throw new Error('Invalid expiry: timestampAfterThreshold must be 0');\n }\n\n const expiry = hexToNumber(before);\n\n if (expiry === 0) {\n throw new Error(\n 'Invalid expiry: timestampBeforeThreshold must be greater than 0',\n );\n }\n\n return expiry;\n};\n\n/**\n * Extracts the permission-specific data payload and the expiry timestamp from\n * the provided caveats for a given permission type.\n *\n * This function locates the relevant caveat enforcer for the `permissionType`,\n * interprets its `terms` by splitting the hex string into byte-sized segments,\n * and converts each segment into the appropriate numeric or address shape.\n *\n * The expiry timestamp is derived from the `TimestampEnforcer` terms and must\n * have a zero `timestampAfterThreshold` and a positive `timestampBeforeThreshold`.\n *\n * @param args - The arguments to this function.\n * @param args.contracts - The deployed contracts for the chain.\n * @param args.caveats - Caveats decoded from the permission context.\n * @param args.permissionType - The previously identified permission type.\n *\n * @returns An object containing the `expiry` timestamp and the decoded `data` payload.\n * @throws If the caveats are malformed, missing, or the terms fail to decode.\n */\nexport const getPermissionDataAndExpiry = ({\n contracts,\n caveats,\n permissionType,\n}: {\n contracts: DeployedContractsByName;\n caveats: Caveat<Hex>[];\n permissionType: PermissionType;\n}): {\n expiry: number | null;\n data: DecodedPermission['permission']['data'];\n} => {\n const checksumCaveats = caveats.map((caveat) => ({\n ...caveat,\n enforcer: getChecksumAddress(caveat.enforcer),\n }));\n\n const {\n erc20StreamingEnforcer,\n erc20PeriodicEnforcer,\n nativeTokenStreamingEnforcer,\n nativeTokenPeriodicEnforcer,\n timestampEnforcer,\n } = getChecksumEnforcersByChainId(contracts);\n\n const expiryTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: timestampEnforcer,\n throwIfNotFound: false,\n });\n\n let expiry: number | null = null;\n if (expiryTerms) {\n expiry = extractExpiryFromCaveatTerms(expiryTerms);\n }\n\n let data: DecodedPermission['permission']['data'];\n\n switch (permissionType) {\n case 'erc20-token-stream': {\n const erc20StreamingTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: erc20StreamingEnforcer,\n });\n\n const [\n tokenAddress,\n initialAmount,\n maxAmount,\n amountPerSecond,\n startTimeRaw,\n ] = splitHex(erc20StreamingTerms, [20, 32, 32, 32, 32]);\n\n data = {\n tokenAddress,\n initialAmount,\n maxAmount,\n amountPerSecond,\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n case 'erc20-token-periodic': {\n const erc20PeriodicTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: erc20PeriodicEnforcer,\n });\n\n const [tokenAddress, periodAmount, periodDurationRaw, startTimeRaw] =\n splitHex(erc20PeriodicTerms, [20, 32, 32, 32]);\n\n data = {\n tokenAddress,\n periodAmount,\n periodDuration: hexToNumber(periodDurationRaw),\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n\n case 'native-token-stream': {\n const nativeTokenStreamingTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: nativeTokenStreamingEnforcer,\n });\n\n const [initialAmount, maxAmount, amountPerSecond, startTimeRaw] =\n splitHex(nativeTokenStreamingTerms, [32, 32, 32, 32]);\n\n data = {\n initialAmount,\n maxAmount,\n amountPerSecond,\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n case 'native-token-periodic': {\n const nativeTokenPeriodicTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: nativeTokenPeriodicEnforcer,\n });\n\n const [periodAmount, periodDurationRaw, startTimeRaw] = splitHex(\n nativeTokenPeriodicTerms,\n [32, 32, 32],\n );\n\n data = {\n periodAmount,\n periodDuration: hexToNumber(periodDurationRaw),\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n default:\n throw new Error('Invalid permission type');\n }\n\n return { expiry, data };\n};\n\n/**\n * Reconstructs a {@link DecodedPermission} object from primitive values\n * obtained while decoding a permission context.\n *\n * The resulting object contains:\n * - `chainId` encoded as hex (`0x…`)\n * - `address` set to the delegator (user account)\n * - `signer` set to an account signer with the delegate address\n * - `permission` with the identified type and decoded data\n * - `expiry` timestamp (or null)\n *\n * @param args - The arguments to this function.\n * @param args.chainId - Chain ID.\n * @param args.permissionType - Identified permission type.\n * @param args.delegator - Address of the account delegating permission.\n * @param args.delegate - Address that will act under the granted permission.\n * @param args.authority - Authority identifier; must be ROOT_AUTHORITY.\n * @param args.expiry - Expiry timestamp (unix seconds) or null if unbounded.\n * @param args.data - Permission-specific decoded data payload.\n * @param args.justification - Human-readable justification for the permission.\n * @param args.specifiedOrigin - The origin reported in the request metadata.\n *\n * @returns The reconstructed {@link DecodedPermission}.\n */\nexport const reconstructDecodedPermission = ({\n chainId,\n permissionType,\n delegator,\n delegate,\n authority,\n expiry,\n data,\n justification,\n specifiedOrigin,\n}: {\n chainId: number;\n permissionType: PermissionType;\n delegator: Hex;\n delegate: Hex;\n authority: Hex;\n expiry: number | null;\n data: DecodedPermission['permission']['data'];\n justification: string;\n specifiedOrigin: string;\n}) => {\n if (authority !== ROOT_AUTHORITY) {\n throw new Error('Invalid authority');\n }\n\n const permission: DecodedPermission = {\n chainId: numberToHex(chainId),\n address: delegator,\n signer: { type: 'account', data: { address: delegate } },\n permission: {\n type: permissionType,\n data,\n justification,\n },\n expiry,\n origin: specifiedOrigin,\n };\n\n return permission;\n};\n"]}
1
+ {"version":3,"file":"decodePermission.cjs","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":";;;AACA,+DAA2D;AAC3D,2CAA+E;AAO/E,uCAKiB;AAEjB;;;;;;;;;;;;;;;;;GAiBG;AACI,MAAM,6BAA6B,GAAG,CAAC,EAC5C,SAAS,EACT,SAAS,GAIV,EAAkB,EAAE;IACnB,kEAAkE;IAClE,MAAM,MAAM,GAAG,IAAI,GAAG,EAAe,CAAC;IACtC,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,GAAG,CAAC,0BAAkB,CAAC,EAAE,CAAC;QACrD,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAChD,CAAC;IACD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IAE5C,MAAM,eAAe,GAAG,IAAA,uCAA+B,EAAC,SAAS,CAAC,CAAC;IAEnE,IAAI,sBAAsB,GAA0B,IAAI,CAAC;IAEzD,KAAK,MAAM,EACT,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,GACf,IAAI,eAAe,EAAE,CAAC;QACrB,0EAA0E;QAC1E,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAM;YACpC,GAAG,iBAAiB;YACpB,GAAG,iBAAiB,CAAC,IAAI,EAAE;SAC5B,CAAC,CAAC;QAEH,IAAI,qBAAqB,GAAG,KAAK,CAAC;QAElC,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;YAClC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClC,qBAAqB,GAAG,IAAI,CAAC;gBAC7B,MAAM;YACR,CAAC;QACH,CAAC;QAED,kDAAkD;QAClD,IAAI,mBAAmB,GAAG,IAAI,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,EAAE,aAAa,CAAC,IAAI,iBAAiB,CAAC,OAAO,EAAE,EAAE,CAAC;YAChE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,aAAa,EAAE,CAAC;gBAC9C,mBAAmB,GAAG,KAAK,CAAC;gBAC5B,MAAM;YACR,CAAC;QACH,CAAC;QAED,IAAI,mBAAmB,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAClD,IAAI,sBAAsB,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;YACD,sBAAsB,GAAG,cAAc,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,sBAAsB,CAAC;AAChC,CAAC,CAAC;AA5DW,QAAA,6BAA6B,iCA4DxC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,4BAA4B,GAAG,CAAC,KAAU,EAAU,EAAE;IAC1D,0FAA0F;IAC1F,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,qFAAqF,KAAK,CAAC,MAAM,EAAE,CACpG,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAElD,IAAI,IAAA,mBAAW,EAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,mBAAW,EAAC,MAAM,CAAC,CAAC;IAEnC,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,iEAAiE,CAClE,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACI,MAAM,0BAA0B,GAAG,CAAC,EACzC,SAAS,EACT,OAAO,EACP,cAAc,GAKf,EAGC,EAAE;IACF,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC/C,GAAG,MAAM;QACT,QAAQ,EAAE,IAAA,0BAAkB,EAAC,MAAM,CAAC,QAAQ,CAAC;KAC9C,CAAC,CAAC,CAAC;IAEJ,MAAM,EACJ,sBAAsB,EACtB,qBAAqB,EACrB,4BAA4B,EAC5B,2BAA2B,EAC3B,iBAAiB,GAClB,GAAG,IAAA,qCAA6B,EAAC,SAAS,CAAC,CAAC;IAE7C,MAAM,WAAW,GAAG,IAAA,0BAAkB,EAAC;QACrC,OAAO,EAAE,eAAe;QACxB,QAAQ,EAAE,iBAAiB;QAC3B,eAAe,EAAE,KAAK;KACvB,CAAC,CAAC;IAEH,IAAI,MAAM,GAAkB,IAAI,CAAC;IACjC,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,GAAG,4BAA4B,CAAC,WAAW,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,IAA6C,CAAC;IAElD,QAAQ,cAAc,EAAE,CAAC;QACvB,KAAK,oBAAoB,CAAC,CAAC,CAAC;YAC1B,MAAM,mBAAmB,GAAG,IAAA,0BAAkB,EAAC;gBAC7C,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,sBAAsB;aACjC,CAAC,CAAC;YAEH,MAAM,CACJ,YAAY,EACZ,aAAa,EACb,SAAS,EACT,eAAe,EACf,YAAY,EACb,GAAG,IAAA,gBAAQ,EAAC,mBAAmB,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAExD,IAAI,GAAG;gBACL,YAAY;gBACZ,aAAa;gBACb,SAAS;gBACT,eAAe;gBACf,SAAS,EAAE,IAAA,mBAAW,EAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QACD,KAAK,sBAAsB,CAAC,CAAC,CAAC;YAC5B,MAAM,kBAAkB,GAAG,IAAA,0BAAkB,EAAC;gBAC5C,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,qBAAqB;aAChC,CAAC,CAAC;YAEH,MAAM,CAAC,YAAY,EAAE,YAAY,EAAE,iBAAiB,EAAE,YAAY,CAAC,GACjE,IAAA,gBAAQ,EAAC,kBAAkB,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAEjD,IAAI,GAAG;gBACL,YAAY;gBACZ,YAAY;gBACZ,cAAc,EAAE,IAAA,mBAAW,EAAC,iBAAiB,CAAC;gBAC9C,SAAS,EAAE,IAAA,mBAAW,EAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QAED,KAAK,qBAAqB,CAAC,CAAC,CAAC;YAC3B,MAAM,yBAAyB,GAAG,IAAA,0BAAkB,EAAC;gBACnD,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,4BAA4B;aACvC,CAAC,CAAC;YAEH,MAAM,CAAC,aAAa,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,CAAC,GAC7D,IAAA,gBAAQ,EAAC,yBAAyB,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAExD,IAAI,GAAG;gBACL,aAAa;gBACb,SAAS;gBACT,eAAe;gBACf,SAAS,EAAE,IAAA,mBAAW,EAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QACD,KAAK,uBAAuB,CAAC,CAAC,CAAC;YAC7B,MAAM,wBAAwB,GAAG,IAAA,0BAAkB,EAAC;gBAClD,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,2BAA2B;aACtC,CAAC,CAAC;YAEH,MAAM,CAAC,YAAY,EAAE,iBAAiB,EAAE,YAAY,CAAC,GAAG,IAAA,gBAAQ,EAC9D,wBAAwB,EACxB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CACb,CAAC;YAEF,IAAI,GAAG;gBACL,YAAY;gBACZ,cAAc,EAAE,IAAA,mBAAW,EAAC,iBAAiB,CAAC;gBAC9C,SAAS,EAAE,IAAA,mBAAW,EAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QACD,KAAK,wBAAwB,CAAC,CAAC,CAAC;YAC9B,IAAI,GAAG,EAAE,CAAC;YACV,MAAM;QACR,CAAC;QACD;YACE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAC1B,CAAC,CAAC;AA5HW,QAAA,0BAA0B,8BA4HrC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACI,MAAM,4BAA4B,GAAG,CAAC,EAC3C,OAAO,EACP,cAAc,EACd,SAAS,EACT,QAAQ,EACR,SAAS,EACT,MAAM,EACN,IAAI,EACJ,aAAa,EACb,eAAe,GAWhB,EAAE,EAAE;IACH,IAAI,SAAS,KAAK,gCAAc,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,UAAU,GAAsB;QACpC,OAAO,EAAE,IAAA,mBAAW,EAAC,OAAO,CAAC;QAC7B,OAAO,EAAE,SAAS;QAClB,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE;QACxD,UAAU,EAAE;YACV,IAAI,EAAE,cAAc;YACpB,IAAI;YACJ,aAAa;SACd;QACD,MAAM;QACN,MAAM,EAAE,eAAe;KACxB,CAAC;IAEF,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC;AAvCW,QAAA,4BAA4B,gCAuCvC","sourcesContent":["import type { Caveat, Hex } from '@metamask/delegation-core';\nimport { ROOT_AUTHORITY } from '@metamask/delegation-core';\nimport { getChecksumAddress, hexToNumber, numberToHex } from '@metamask/utils';\n\nimport type {\n DecodedPermission,\n DeployedContractsByName,\n PermissionType,\n} from './types';\nimport {\n createPermissionRulesForChainId,\n getChecksumEnforcersByChainId,\n getTermsByEnforcer,\n splitHex,\n} from './utils';\n\n/**\n * Identifies the unique permission type that matches a given set of enforcer\n * contract addresses for a specific chain.\n *\n * A permission type matches when:\n * - All of its required enforcers are present in the provided list; and\n * - No provided enforcer falls outside the union of the type's required and\n * optional enforcers (currently only `TimestampEnforcer` is allowed extra).\n *\n * If exactly one permission type matches, its identifier is returned.\n *\n * @param args - The arguments to this function.\n * @param args.enforcers - List of enforcer contract addresses (hex strings).\n *\n * @param args.contracts - The deployed contracts for the chain.\n * @returns The identifier of the matching permission type.\n * @throws If no permission type matches, or if more than one permission type matches.\n */\nexport const identifyPermissionByEnforcers = ({\n enforcers,\n contracts,\n}: {\n enforcers: Hex[];\n contracts: DeployedContractsByName;\n}): PermissionType => {\n // Build frequency map for enforcers (using checksummed addresses)\n const counts = new Map<Hex, number>();\n for (const addr of enforcers.map(getChecksumAddress)) {\n counts.set(addr, (counts.get(addr) ?? 0) + 1);\n }\n const enforcersSet = new Set(counts.keys());\n\n const permissionRules = createPermissionRulesForChainId(contracts);\n\n let matchingPermissionType: PermissionType | null = null;\n\n for (const {\n optionalEnforcers,\n requiredEnforcers,\n permissionType,\n } of permissionRules) {\n // union of optional + required enforcers. Any other address is forbidden.\n const allowedEnforcers = new Set<Hex>([\n ...optionalEnforcers,\n ...requiredEnforcers.keys(),\n ]);\n\n let hasForbiddenEnforcers = false;\n\n for (const caveat of enforcersSet) {\n if (!allowedEnforcers.has(caveat)) {\n hasForbiddenEnforcers = true;\n break;\n }\n }\n\n // exact multiplicity match for required enforcers\n let meetsRequiredCounts = true;\n for (const [addr, requiredCount] of requiredEnforcers.entries()) {\n if ((counts.get(addr) ?? 0) !== requiredCount) {\n meetsRequiredCounts = false;\n break;\n }\n }\n\n if (meetsRequiredCounts && !hasForbiddenEnforcers) {\n if (matchingPermissionType) {\n throw new Error('Multiple permission types match');\n }\n matchingPermissionType = permissionType;\n }\n }\n\n if (!matchingPermissionType) {\n throw new Error('Unable to identify permission type');\n }\n\n return matchingPermissionType;\n};\n\n/**\n * Extracts the expiry timestamp from TimestampEnforcer caveat terms.\n *\n * Based on the TimestampEnforcer contract encoding:\n * - Terms are 32 bytes total (64 hex characters without '0x')\n * - First 16 bytes (32 hex chars): timestampAfterThreshold (uint128) - must be 0\n * - Last 16 bytes (32 hex chars): timestampBeforeThreshold (uint128) - this is the expiry\n *\n * @param terms - The hex-encoded terms from a TimestampEnforcer caveat\n * @returns The expiry timestamp in seconds\n * @throws If the terms are not exactly 32 bytes, if the timestampAfterThreshold is non-zero,\n * or if the timestampBeforeThreshold is zero\n */\nconst extractExpiryFromCaveatTerms = (terms: Hex): number => {\n // Validate terms length: must be exactly 32 bytes (64 hex chars + '0x' prefix = 66 chars)\n if (terms.length !== 66) {\n throw new Error(\n `Invalid TimestampEnforcer terms length: expected 66 characters (0x + 64 hex), got ${terms.length}`,\n );\n }\n\n const [after, before] = splitHex(terms, [16, 16]);\n\n if (hexToNumber(after) !== 0) {\n throw new Error('Invalid expiry: timestampAfterThreshold must be 0');\n }\n\n const expiry = hexToNumber(before);\n\n if (expiry === 0) {\n throw new Error(\n 'Invalid expiry: timestampBeforeThreshold must be greater than 0',\n );\n }\n\n return expiry;\n};\n\n/**\n * Extracts the permission-specific data payload and the expiry timestamp from\n * the provided caveats for a given permission type.\n *\n * This function locates the relevant caveat enforcer for the `permissionType`,\n * interprets its `terms` by splitting the hex string into byte-sized segments,\n * and converts each segment into the appropriate numeric or address shape.\n *\n * The expiry timestamp is derived from the `TimestampEnforcer` terms and must\n * have a zero `timestampAfterThreshold` and a positive `timestampBeforeThreshold`.\n *\n * @param args - The arguments to this function.\n * @param args.contracts - The deployed contracts for the chain.\n * @param args.caveats - Caveats decoded from the permission context.\n * @param args.permissionType - The previously identified permission type.\n *\n * @returns An object containing the `expiry` timestamp and the decoded `data` payload.\n * @throws If the caveats are malformed, missing, or the terms fail to decode.\n */\nexport const getPermissionDataAndExpiry = ({\n contracts,\n caveats,\n permissionType,\n}: {\n contracts: DeployedContractsByName;\n caveats: Caveat<Hex>[];\n permissionType: PermissionType;\n}): {\n expiry: number | null;\n data: DecodedPermission['permission']['data'];\n} => {\n const checksumCaveats = caveats.map((caveat) => ({\n ...caveat,\n enforcer: getChecksumAddress(caveat.enforcer),\n }));\n\n const {\n erc20StreamingEnforcer,\n erc20PeriodicEnforcer,\n nativeTokenStreamingEnforcer,\n nativeTokenPeriodicEnforcer,\n timestampEnforcer,\n } = getChecksumEnforcersByChainId(contracts);\n\n const expiryTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: timestampEnforcer,\n throwIfNotFound: false,\n });\n\n let expiry: number | null = null;\n if (expiryTerms) {\n expiry = extractExpiryFromCaveatTerms(expiryTerms);\n }\n\n let data: DecodedPermission['permission']['data'];\n\n switch (permissionType) {\n case 'erc20-token-stream': {\n const erc20StreamingTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: erc20StreamingEnforcer,\n });\n\n const [\n tokenAddress,\n initialAmount,\n maxAmount,\n amountPerSecond,\n startTimeRaw,\n ] = splitHex(erc20StreamingTerms, [20, 32, 32, 32, 32]);\n\n data = {\n tokenAddress,\n initialAmount,\n maxAmount,\n amountPerSecond,\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n case 'erc20-token-periodic': {\n const erc20PeriodicTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: erc20PeriodicEnforcer,\n });\n\n const [tokenAddress, periodAmount, periodDurationRaw, startTimeRaw] =\n splitHex(erc20PeriodicTerms, [20, 32, 32, 32]);\n\n data = {\n tokenAddress,\n periodAmount,\n periodDuration: hexToNumber(periodDurationRaw),\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n\n case 'native-token-stream': {\n const nativeTokenStreamingTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: nativeTokenStreamingEnforcer,\n });\n\n const [initialAmount, maxAmount, amountPerSecond, startTimeRaw] =\n splitHex(nativeTokenStreamingTerms, [32, 32, 32, 32]);\n\n data = {\n initialAmount,\n maxAmount,\n amountPerSecond,\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n case 'native-token-periodic': {\n const nativeTokenPeriodicTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: nativeTokenPeriodicEnforcer,\n });\n\n const [periodAmount, periodDurationRaw, startTimeRaw] = splitHex(\n nativeTokenPeriodicTerms,\n [32, 32, 32],\n );\n\n data = {\n periodAmount,\n periodDuration: hexToNumber(periodDurationRaw),\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n case 'erc20-token-revocation': {\n data = {};\n break;\n }\n default:\n throw new Error('Invalid permission type');\n }\n\n return { expiry, data };\n};\n\n/**\n * Reconstructs a {@link DecodedPermission} object from primitive values\n * obtained while decoding a permission context.\n *\n * The resulting object contains:\n * - `chainId` encoded as hex (`0x…`)\n * - `address` set to the delegator (user account)\n * - `signer` set to an account signer with the delegate address\n * - `permission` with the identified type and decoded data\n * - `expiry` timestamp (or null)\n *\n * @param args - The arguments to this function.\n * @param args.chainId - Chain ID.\n * @param args.permissionType - Identified permission type.\n * @param args.delegator - Address of the account delegating permission.\n * @param args.delegate - Address that will act under the granted permission.\n * @param args.authority - Authority identifier; must be ROOT_AUTHORITY.\n * @param args.expiry - Expiry timestamp (unix seconds) or null if unbounded.\n * @param args.data - Permission-specific decoded data payload.\n * @param args.justification - Human-readable justification for the permission.\n * @param args.specifiedOrigin - The origin reported in the request metadata.\n *\n * @returns The reconstructed {@link DecodedPermission}.\n */\nexport const reconstructDecodedPermission = ({\n chainId,\n permissionType,\n delegator,\n delegate,\n authority,\n expiry,\n data,\n justification,\n specifiedOrigin,\n}: {\n chainId: number;\n permissionType: PermissionType;\n delegator: Hex;\n delegate: Hex;\n authority: Hex;\n expiry: number | null;\n data: DecodedPermission['permission']['data'];\n justification: string;\n specifiedOrigin: string;\n}) => {\n if (authority !== ROOT_AUTHORITY) {\n throw new Error('Invalid authority');\n }\n\n const permission: DecodedPermission = {\n chainId: numberToHex(chainId),\n address: delegator,\n signer: { type: 'account', data: { address: delegate } },\n permission: {\n type: permissionType,\n data,\n justification,\n },\n expiry,\n origin: specifiedOrigin,\n };\n\n return permission;\n};\n"]}
package/dist/decodePermission/decodePermission.d.cts CHANGED
@@ -7,7 +7,7 @@ import type { DecodedPermission, DeployedContractsByName, PermissionType } from
7
7
  * A permission type matches when:
8
8
  * - All of its required enforcers are present in the provided list; and
9
9
  * - No provided enforcer falls outside the union of the type's required and
10
- * allowed enforcers (currently only `TimestampEnforcer` is allowed extra).
10
+ * optional enforcers (currently only `TimestampEnforcer` is allowed extra).
11
11
  *
12
12
  * If exactly one permission type matches, its identifier is returned.
13
13
  *
package/dist/decodePermission/decodePermission.d.cts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"decodePermission.d.cts","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,kCAAkC;AAI7D,OAAO,KAAK,EACV,iBAAiB,EACjB,uBAAuB,EACvB,cAAc,EACf,oBAAgB;AASjB;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,6BAA6B;eAI7B,GAAG,EAAE;eACL,uBAAuB;MAChC,cAoCH,CAAC;AAwCF;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,0BAA0B;eAK1B,uBAAuB;aACzB,OAAO,GAAG,CAAC,EAAE;oBACN,cAAc;;YAEtB,MAAM,GAAG,IAAI;UACf,iBAAiB,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;CA8G9C,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,4BAA4B;aAW9B,MAAM;oBACC,cAAc;eACnB,GAAG;cACJ,GAAG;eACF,GAAG;YACN,MAAM,GAAG,IAAI;UACf,iBAAiB,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;mBAC9B,MAAM;qBACJ,MAAM;uBAoBxB,CAAC"}
1
+ {"version":3,"file":"decodePermission.d.cts","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,kCAAkC;AAI7D,OAAO,KAAK,EACV,iBAAiB,EACjB,uBAAuB,EACvB,cAAc,EACf,oBAAgB;AAQjB;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,6BAA6B;eAI7B,GAAG,EAAE;eACL,uBAAuB;MAChC,cAsDH,CAAC;AAwCF;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,0BAA0B;eAK1B,uBAAuB;aACzB,OAAO,GAAG,CAAC,EAAE;oBACN,cAAc;;YAEtB,MAAM,GAAG,IAAI;UACf,iBAAiB,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;CAkH9C,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,4BAA4B;aAW9B,MAAM;oBACC,cAAc;eACnB,GAAG;cACJ,GAAG;eACF,GAAG;YACN,MAAM,GAAG,IAAI;UACf,iBAAiB,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;mBAC9B,MAAM;qBACJ,MAAM;uBAoBxB,CAAC"}
package/dist/decodePermission/decodePermission.d.mts CHANGED
@@ -7,7 +7,7 @@ import type { DecodedPermission, DeployedContractsByName, PermissionType } from
7
7
  * A permission type matches when:
8
8
  * - All of its required enforcers are present in the provided list; and
9
9
  * - No provided enforcer falls outside the union of the type's required and
10
- * allowed enforcers (currently only `TimestampEnforcer` is allowed extra).
10
+ * optional enforcers (currently only `TimestampEnforcer` is allowed extra).
11
11
  *
12
12
  * If exactly one permission type matches, its identifier is returned.
13
13
  *
package/dist/decodePermission/decodePermission.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"decodePermission.d.mts","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,kCAAkC;AAI7D,OAAO,KAAK,EACV,iBAAiB,EACjB,uBAAuB,EACvB,cAAc,EACf,oBAAgB;AASjB;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,6BAA6B;eAI7B,GAAG,EAAE;eACL,uBAAuB;MAChC,cAoCH,CAAC;AAwCF;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,0BAA0B;eAK1B,uBAAuB;aACzB,OAAO,GAAG,CAAC,EAAE;oBACN,cAAc;;YAEtB,MAAM,GAAG,IAAI;UACf,iBAAiB,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;CA8G9C,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,4BAA4B;aAW9B,MAAM;oBACC,cAAc;eACnB,GAAG;cACJ,GAAG;eACF,GAAG;YACN,MAAM,GAAG,IAAI;UACf,iBAAiB,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;mBAC9B,MAAM;qBACJ,MAAM;uBAoBxB,CAAC"}
1
+ {"version":3,"file":"decodePermission.d.mts","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,kCAAkC;AAI7D,OAAO,KAAK,EACV,iBAAiB,EACjB,uBAAuB,EACvB,cAAc,EACf,oBAAgB;AAQjB;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,6BAA6B;eAI7B,GAAG,EAAE;eACL,uBAAuB;MAChC,cAsDH,CAAC;AAwCF;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,0BAA0B;eAK1B,uBAAuB;aACzB,OAAO,GAAG,CAAC,EAAE;oBACN,cAAc;;YAEtB,MAAM,GAAG,IAAI;UACf,iBAAiB,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;CAkH9C,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,4BAA4B;aAW9B,MAAM;oBACC,cAAc;eACnB,GAAG;cACJ,GAAG;eACF,GAAG;YACN,MAAM,GAAG,IAAI;UACf,iBAAiB,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;mBAC9B,MAAM;qBACJ,MAAM;uBAoBxB,CAAC"}
package/dist/decodePermission/decodePermission.mjs CHANGED
@@ -1,6 +1,6 @@
1
1
  import { ROOT_AUTHORITY } from "@metamask/delegation-core";
2
2
  import { getChecksumAddress, hexToNumber, numberToHex } from "@metamask/utils";
3
- import { createPermissionRulesForChainId, getChecksumEnforcersByChainId, getTermsByEnforcer, isSubset, splitHex } from "./utils.mjs";
3
+ import { createPermissionRulesForChainId, getChecksumEnforcersByChainId, getTermsByEnforcer, splitHex } from "./utils.mjs";
4
4
  /**
5
5
  * Identifies the unique permission type that matches a given set of enforcer
6
6
  * contract addresses for a specific chain.
@@ -8,7 +8,7 @@ import { createPermissionRulesForChainId, getChecksumEnforcersByChainId, getTerm
8
8
  * A permission type matches when:
9
9
  * - All of its required enforcers are present in the provided list; and
10
10
  * - No provided enforcer falls outside the union of the type's required and
11
- * allowed enforcers (currently only `TimestampEnforcer` is allowed extra).
11
+ * optional enforcers (currently only `TimestampEnforcer` is allowed extra).
12
12
  *
13
13
  * If exactly one permission type matches, its identifier is returned.
14
14
  *
@@ -20,19 +20,36 @@ import { createPermissionRulesForChainId, getChecksumEnforcersByChainId, getTerm
20
20
  * @throws If no permission type matches, or if more than one permission type matches.
21
21
  */
22
22
  export const identifyPermissionByEnforcers = ({ enforcers, contracts, }) => {
23
- const enforcersSet = new Set(enforcers.map(getChecksumAddress));
23
+ // Build frequency map for enforcers (using checksummed addresses)
24
+ const counts = new Map();
25
+ for (const addr of enforcers.map(getChecksumAddress)) {
26
+ counts.set(addr, (counts.get(addr) ?? 0) + 1);
27
+ }
28
+ const enforcersSet = new Set(counts.keys());
24
29
  const permissionRules = createPermissionRulesForChainId(contracts);
25
30
  let matchingPermissionType = null;
26
- for (const { allowedEnforcers, requiredEnforcers, permissionType, } of permissionRules) {
27
- const hasAllRequiredEnforcers = isSubset(requiredEnforcers, enforcersSet);
31
+ for (const { optionalEnforcers, requiredEnforcers, permissionType, } of permissionRules) {
32
+ // union of optional + required enforcers. Any other address is forbidden.
33
+ const allowedEnforcers = new Set([
34
+ ...optionalEnforcers,
35
+ ...requiredEnforcers.keys(),
36
+ ]);
28
37
  let hasForbiddenEnforcers = false;
29
38
  for (const caveat of enforcersSet) {
30
- if (!allowedEnforcers.has(caveat) && !requiredEnforcers.has(caveat)) {
39
+ if (!allowedEnforcers.has(caveat)) {
31
40
  hasForbiddenEnforcers = true;
32
41
  break;
33
42
  }
34
43
  }
35
- if (hasAllRequiredEnforcers && !hasForbiddenEnforcers) {
44
+ // exact multiplicity match for required enforcers
45
+ let meetsRequiredCounts = true;
46
+ for (const [addr, requiredCount] of requiredEnforcers.entries()) {
47
+ if ((counts.get(addr) ?? 0) !== requiredCount) {
48
+ meetsRequiredCounts = false;
49
+ break;
50
+ }
51
+ }
52
+ if (meetsRequiredCounts && !hasForbiddenEnforcers) {
36
53
  if (matchingPermissionType) {
37
54
  throw new Error('Multiple permission types match');
38
55
  }
@@ -164,6 +181,10 @@ export const getPermissionDataAndExpiry = ({ contracts, caveats, permissionType,
164
181
  };
165
182
  break;
166
183
  }
184
+ case 'erc20-token-revocation': {
185
+ data = {};
186
+ break;
187
+ }
167
188
  default:
168
189
  throw new Error('Invalid permission type');
169
190
  }
package/dist/decodePermission/decodePermission.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"decodePermission.mjs","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,kCAAkC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,WAAW,EAAE,wBAAwB;AAO/E,OAAO,EACL,+BAA+B,EAC/B,6BAA6B,EAC7B,kBAAkB,EAClB,QAAQ,EACR,QAAQ,EACT,oBAAgB;AAEjB;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,EAC5C,SAAS,EACT,SAAS,GAIV,EAAkB,EAAE;IACnB,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAEhE,MAAM,eAAe,GAAG,+BAA+B,CAAC,SAAS,CAAC,CAAC;IAEnE,IAAI,sBAAsB,GAA0B,IAAI,CAAC;IAEzD,KAAK,MAAM,EACT,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,GACf,IAAI,eAAe,EAAE,CAAC;QACrB,MAAM,uBAAuB,GAAG,QAAQ,CAAC,iBAAiB,EAAE,YAAY,CAAC,CAAC;QAE1E,IAAI,qBAAqB,GAAG,KAAK,CAAC;QAElC,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;YAClC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACpE,qBAAqB,GAAG,IAAI,CAAC;gBAC7B,MAAM;YACR,CAAC;QACH,CAAC;QAED,IAAI,uBAAuB,IAAI,CAAC,qBAAqB,EAAE,CAAC;YACtD,IAAI,sBAAsB,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;YACD,sBAAsB,GAAG,cAAc,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,sBAAsB,CAAC;AAChC,CAAC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,4BAA4B,GAAG,CAAC,KAAU,EAAU,EAAE;IAC1D,0FAA0F;IAC1F,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,qFAAqF,KAAK,CAAC,MAAM,EAAE,CACpG,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAElD,IAAI,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAEnC,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,iEAAiE,CAClE,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,EACzC,SAAS,EACT,OAAO,EACP,cAAc,GAKf,EAGC,EAAE;IACF,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC/C,GAAG,MAAM;QACT,QAAQ,EAAE,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC;KAC9C,CAAC,CAAC,CAAC;IAEJ,MAAM,EACJ,sBAAsB,EACtB,qBAAqB,EACrB,4BAA4B,EAC5B,2BAA2B,EAC3B,iBAAiB,GAClB,GAAG,6BAA6B,CAAC,SAAS,CAAC,CAAC;IAE7C,MAAM,WAAW,GAAG,kBAAkB,CAAC;QACrC,OAAO,EAAE,eAAe;QACxB,QAAQ,EAAE,iBAAiB;QAC3B,eAAe,EAAE,KAAK;KACvB,CAAC,CAAC;IAEH,IAAI,MAAM,GAAkB,IAAI,CAAC;IACjC,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,GAAG,4BAA4B,CAAC,WAAW,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,IAA6C,CAAC;IAElD,QAAQ,cAAc,EAAE,CAAC;QACvB,KAAK,oBAAoB,CAAC,CAAC,CAAC;YAC1B,MAAM,mBAAmB,GAAG,kBAAkB,CAAC;gBAC7C,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,sBAAsB;aACjC,CAAC,CAAC;YAEH,MAAM,CACJ,YAAY,EACZ,aAAa,EACb,SAAS,EACT,eAAe,EACf,YAAY,EACb,GAAG,QAAQ,CAAC,mBAAmB,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAExD,IAAI,GAAG;gBACL,YAAY;gBACZ,aAAa;gBACb,SAAS;gBACT,eAAe;gBACf,SAAS,EAAE,WAAW,CAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QACD,KAAK,sBAAsB,CAAC,CAAC,CAAC;YAC5B,MAAM,kBAAkB,GAAG,kBAAkB,CAAC;gBAC5C,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,qBAAqB;aAChC,CAAC,CAAC;YAEH,MAAM,CAAC,YAAY,EAAE,YAAY,EAAE,iBAAiB,EAAE,YAAY,CAAC,GACjE,QAAQ,CAAC,kBAAkB,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAEjD,IAAI,GAAG;gBACL,YAAY;gBACZ,YAAY;gBACZ,cAAc,EAAE,WAAW,CAAC,iBAAiB,CAAC;gBAC9C,SAAS,EAAE,WAAW,CAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QAED,KAAK,qBAAqB,CAAC,CAAC,CAAC;YAC3B,MAAM,yBAAyB,GAAG,kBAAkB,CAAC;gBACnD,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,4BAA4B;aACvC,CAAC,CAAC;YAEH,MAAM,CAAC,aAAa,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,CAAC,GAC7D,QAAQ,CAAC,yBAAyB,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAExD,IAAI,GAAG;gBACL,aAAa;gBACb,SAAS;gBACT,eAAe;gBACf,SAAS,EAAE,WAAW,CAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QACD,KAAK,uBAAuB,CAAC,CAAC,CAAC;YAC7B,MAAM,wBAAwB,GAAG,kBAAkB,CAAC;gBAClD,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,2BAA2B;aACtC,CAAC,CAAC;YAEH,MAAM,CAAC,YAAY,EAAE,iBAAiB,EAAE,YAAY,CAAC,GAAG,QAAQ,CAC9D,wBAAwB,EACxB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CACb,CAAC;YAEF,IAAI,GAAG;gBACL,YAAY;gBACZ,cAAc,EAAE,WAAW,CAAC,iBAAiB,CAAC;gBAC9C,SAAS,EAAE,WAAW,CAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QACD;YACE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAC1B,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,EAC3C,OAAO,EACP,cAAc,EACd,SAAS,EACT,QAAQ,EACR,SAAS,EACT,MAAM,EACN,IAAI,EACJ,aAAa,EACb,eAAe,GAWhB,EAAE,EAAE;IACH,IAAI,SAAS,KAAK,cAAc,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,UAAU,GAAsB;QACpC,OAAO,EAAE,WAAW,CAAC,OAAO,CAAC;QAC7B,OAAO,EAAE,SAAS;QAClB,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE;QACxD,UAAU,EAAE;YACV,IAAI,EAAE,cAAc;YACpB,IAAI;YACJ,aAAa;SACd;QACD,MAAM;QACN,MAAM,EAAE,eAAe;KACxB,CAAC;IAEF,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC","sourcesContent":["import type { Caveat, Hex } from '@metamask/delegation-core';\nimport { ROOT_AUTHORITY } from '@metamask/delegation-core';\nimport { getChecksumAddress, hexToNumber, numberToHex } from '@metamask/utils';\n\nimport type {\n DecodedPermission,\n DeployedContractsByName,\n PermissionType,\n} from './types';\nimport {\n createPermissionRulesForChainId,\n getChecksumEnforcersByChainId,\n getTermsByEnforcer,\n isSubset,\n splitHex,\n} from './utils';\n\n/**\n * Identifies the unique permission type that matches a given set of enforcer\n * contract addresses for a specific chain.\n *\n * A permission type matches when:\n * - All of its required enforcers are present in the provided list; and\n * - No provided enforcer falls outside the union of the type's required and\n * allowed enforcers (currently only `TimestampEnforcer` is allowed extra).\n *\n * If exactly one permission type matches, its identifier is returned.\n *\n * @param args - The arguments to this function.\n * @param args.enforcers - List of enforcer contract addresses (hex strings).\n *\n * @param args.contracts - The deployed contracts for the chain.\n * @returns The identifier of the matching permission type.\n * @throws If no permission type matches, or if more than one permission type matches.\n */\nexport const identifyPermissionByEnforcers = ({\n enforcers,\n contracts,\n}: {\n enforcers: Hex[];\n contracts: DeployedContractsByName;\n}): PermissionType => {\n const enforcersSet = new Set(enforcers.map(getChecksumAddress));\n\n const permissionRules = createPermissionRulesForChainId(contracts);\n\n let matchingPermissionType: PermissionType | null = null;\n\n for (const {\n allowedEnforcers,\n requiredEnforcers,\n permissionType,\n } of permissionRules) {\n const hasAllRequiredEnforcers = isSubset(requiredEnforcers, enforcersSet);\n\n let hasForbiddenEnforcers = false;\n\n for (const caveat of enforcersSet) {\n if (!allowedEnforcers.has(caveat) && !requiredEnforcers.has(caveat)) {\n hasForbiddenEnforcers = true;\n break;\n }\n }\n\n if (hasAllRequiredEnforcers && !hasForbiddenEnforcers) {\n if (matchingPermissionType) {\n throw new Error('Multiple permission types match');\n }\n matchingPermissionType = permissionType;\n }\n }\n\n if (!matchingPermissionType) {\n throw new Error('Unable to identify permission type');\n }\n\n return matchingPermissionType;\n};\n\n/**\n * Extracts the expiry timestamp from TimestampEnforcer caveat terms.\n *\n * Based on the TimestampEnforcer contract encoding:\n * - Terms are 32 bytes total (64 hex characters without '0x')\n * - First 16 bytes (32 hex chars): timestampAfterThreshold (uint128) - must be 0\n * - Last 16 bytes (32 hex chars): timestampBeforeThreshold (uint128) - this is the expiry\n *\n * @param terms - The hex-encoded terms from a TimestampEnforcer caveat\n * @returns The expiry timestamp in seconds\n * @throws If the terms are not exactly 32 bytes, if the timestampAfterThreshold is non-zero,\n * or if the timestampBeforeThreshold is zero\n */\nconst extractExpiryFromCaveatTerms = (terms: Hex): number => {\n // Validate terms length: must be exactly 32 bytes (64 hex chars + '0x' prefix = 66 chars)\n if (terms.length !== 66) {\n throw new Error(\n `Invalid TimestampEnforcer terms length: expected 66 characters (0x + 64 hex), got ${terms.length}`,\n );\n }\n\n const [after, before] = splitHex(terms, [16, 16]);\n\n if (hexToNumber(after) !== 0) {\n throw new Error('Invalid expiry: timestampAfterThreshold must be 0');\n }\n\n const expiry = hexToNumber(before);\n\n if (expiry === 0) {\n throw new Error(\n 'Invalid expiry: timestampBeforeThreshold must be greater than 0',\n );\n }\n\n return expiry;\n};\n\n/**\n * Extracts the permission-specific data payload and the expiry timestamp from\n * the provided caveats for a given permission type.\n *\n * This function locates the relevant caveat enforcer for the `permissionType`,\n * interprets its `terms` by splitting the hex string into byte-sized segments,\n * and converts each segment into the appropriate numeric or address shape.\n *\n * The expiry timestamp is derived from the `TimestampEnforcer` terms and must\n * have a zero `timestampAfterThreshold` and a positive `timestampBeforeThreshold`.\n *\n * @param args - The arguments to this function.\n * @param args.contracts - The deployed contracts for the chain.\n * @param args.caveats - Caveats decoded from the permission context.\n * @param args.permissionType - The previously identified permission type.\n *\n * @returns An object containing the `expiry` timestamp and the decoded `data` payload.\n * @throws If the caveats are malformed, missing, or the terms fail to decode.\n */\nexport const getPermissionDataAndExpiry = ({\n contracts,\n caveats,\n permissionType,\n}: {\n contracts: DeployedContractsByName;\n caveats: Caveat<Hex>[];\n permissionType: PermissionType;\n}): {\n expiry: number | null;\n data: DecodedPermission['permission']['data'];\n} => {\n const checksumCaveats = caveats.map((caveat) => ({\n ...caveat,\n enforcer: getChecksumAddress(caveat.enforcer),\n }));\n\n const {\n erc20StreamingEnforcer,\n erc20PeriodicEnforcer,\n nativeTokenStreamingEnforcer,\n nativeTokenPeriodicEnforcer,\n timestampEnforcer,\n } = getChecksumEnforcersByChainId(contracts);\n\n const expiryTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: timestampEnforcer,\n throwIfNotFound: false,\n });\n\n let expiry: number | null = null;\n if (expiryTerms) {\n expiry = extractExpiryFromCaveatTerms(expiryTerms);\n }\n\n let data: DecodedPermission['permission']['data'];\n\n switch (permissionType) {\n case 'erc20-token-stream': {\n const erc20StreamingTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: erc20StreamingEnforcer,\n });\n\n const [\n tokenAddress,\n initialAmount,\n maxAmount,\n amountPerSecond,\n startTimeRaw,\n ] = splitHex(erc20StreamingTerms, [20, 32, 32, 32, 32]);\n\n data = {\n tokenAddress,\n initialAmount,\n maxAmount,\n amountPerSecond,\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n case 'erc20-token-periodic': {\n const erc20PeriodicTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: erc20PeriodicEnforcer,\n });\n\n const [tokenAddress, periodAmount, periodDurationRaw, startTimeRaw] =\n splitHex(erc20PeriodicTerms, [20, 32, 32, 32]);\n\n data = {\n tokenAddress,\n periodAmount,\n periodDuration: hexToNumber(periodDurationRaw),\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n\n case 'native-token-stream': {\n const nativeTokenStreamingTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: nativeTokenStreamingEnforcer,\n });\n\n const [initialAmount, maxAmount, amountPerSecond, startTimeRaw] =\n splitHex(nativeTokenStreamingTerms, [32, 32, 32, 32]);\n\n data = {\n initialAmount,\n maxAmount,\n amountPerSecond,\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n case 'native-token-periodic': {\n const nativeTokenPeriodicTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: nativeTokenPeriodicEnforcer,\n });\n\n const [periodAmount, periodDurationRaw, startTimeRaw] = splitHex(\n nativeTokenPeriodicTerms,\n [32, 32, 32],\n );\n\n data = {\n periodAmount,\n periodDuration: hexToNumber(periodDurationRaw),\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n default:\n throw new Error('Invalid permission type');\n }\n\n return { expiry, data };\n};\n\n/**\n * Reconstructs a {@link DecodedPermission} object from primitive values\n * obtained while decoding a permission context.\n *\n * The resulting object contains:\n * - `chainId` encoded as hex (`0x…`)\n * - `address` set to the delegator (user account)\n * - `signer` set to an account signer with the delegate address\n * - `permission` with the identified type and decoded data\n * - `expiry` timestamp (or null)\n *\n * @param args - The arguments to this function.\n * @param args.chainId - Chain ID.\n * @param args.permissionType - Identified permission type.\n * @param args.delegator - Address of the account delegating permission.\n * @param args.delegate - Address that will act under the granted permission.\n * @param args.authority - Authority identifier; must be ROOT_AUTHORITY.\n * @param args.expiry - Expiry timestamp (unix seconds) or null if unbounded.\n * @param args.data - Permission-specific decoded data payload.\n * @param args.justification - Human-readable justification for the permission.\n * @param args.specifiedOrigin - The origin reported in the request metadata.\n *\n * @returns The reconstructed {@link DecodedPermission}.\n */\nexport const reconstructDecodedPermission = ({\n chainId,\n permissionType,\n delegator,\n delegate,\n authority,\n expiry,\n data,\n justification,\n specifiedOrigin,\n}: {\n chainId: number;\n permissionType: PermissionType;\n delegator: Hex;\n delegate: Hex;\n authority: Hex;\n expiry: number | null;\n data: DecodedPermission['permission']['data'];\n justification: string;\n specifiedOrigin: string;\n}) => {\n if (authority !== ROOT_AUTHORITY) {\n throw new Error('Invalid authority');\n }\n\n const permission: DecodedPermission = {\n chainId: numberToHex(chainId),\n address: delegator,\n signer: { type: 'account', data: { address: delegate } },\n permission: {\n type: permissionType,\n data,\n justification,\n },\n expiry,\n origin: specifiedOrigin,\n };\n\n return permission;\n};\n"]}
1
+ {"version":3,"file":"decodePermission.mjs","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,kCAAkC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,WAAW,EAAE,wBAAwB;AAO/E,OAAO,EACL,+BAA+B,EAC/B,6BAA6B,EAC7B,kBAAkB,EAClB,QAAQ,EACT,oBAAgB;AAEjB;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,EAC5C,SAAS,EACT,SAAS,GAIV,EAAkB,EAAE;IACnB,kEAAkE;IAClE,MAAM,MAAM,GAAG,IAAI,GAAG,EAAe,CAAC;IACtC,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACrD,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAChD,CAAC;IACD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IAE5C,MAAM,eAAe,GAAG,+BAA+B,CAAC,SAAS,CAAC,CAAC;IAEnE,IAAI,sBAAsB,GAA0B,IAAI,CAAC;IAEzD,KAAK,MAAM,EACT,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,GACf,IAAI,eAAe,EAAE,CAAC;QACrB,0EAA0E;QAC1E,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAM;YACpC,GAAG,iBAAiB;YACpB,GAAG,iBAAiB,CAAC,IAAI,EAAE;SAC5B,CAAC,CAAC;QAEH,IAAI,qBAAqB,GAAG,KAAK,CAAC;QAElC,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;YAClC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClC,qBAAqB,GAAG,IAAI,CAAC;gBAC7B,MAAM;YACR,CAAC;QACH,CAAC;QAED,kDAAkD;QAClD,IAAI,mBAAmB,GAAG,IAAI,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,EAAE,aAAa,CAAC,IAAI,iBAAiB,CAAC,OAAO,EAAE,EAAE,CAAC;YAChE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,aAAa,EAAE,CAAC;gBAC9C,mBAAmB,GAAG,KAAK,CAAC;gBAC5B,MAAM;YACR,CAAC;QACH,CAAC;QAED,IAAI,mBAAmB,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAClD,IAAI,sBAAsB,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;YACD,sBAAsB,GAAG,cAAc,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,sBAAsB,CAAC;AAChC,CAAC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,4BAA4B,GAAG,CAAC,KAAU,EAAU,EAAE;IAC1D,0FAA0F;IAC1F,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,qFAAqF,KAAK,CAAC,MAAM,EAAE,CACpG,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAElD,IAAI,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAEnC,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,iEAAiE,CAClE,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,EACzC,SAAS,EACT,OAAO,EACP,cAAc,GAKf,EAGC,EAAE;IACF,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC/C,GAAG,MAAM;QACT,QAAQ,EAAE,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC;KAC9C,CAAC,CAAC,CAAC;IAEJ,MAAM,EACJ,sBAAsB,EACtB,qBAAqB,EACrB,4BAA4B,EAC5B,2BAA2B,EAC3B,iBAAiB,GAClB,GAAG,6BAA6B,CAAC,SAAS,CAAC,CAAC;IAE7C,MAAM,WAAW,GAAG,kBAAkB,CAAC;QACrC,OAAO,EAAE,eAAe;QACxB,QAAQ,EAAE,iBAAiB;QAC3B,eAAe,EAAE,KAAK;KACvB,CAAC,CAAC;IAEH,IAAI,MAAM,GAAkB,IAAI,CAAC;IACjC,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,GAAG,4BAA4B,CAAC,WAAW,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,IAA6C,CAAC;IAElD,QAAQ,cAAc,EAAE,CAAC;QACvB,KAAK,oBAAoB,CAAC,CAAC,CAAC;YAC1B,MAAM,mBAAmB,GAAG,kBAAkB,CAAC;gBAC7C,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,sBAAsB;aACjC,CAAC,CAAC;YAEH,MAAM,CACJ,YAAY,EACZ,aAAa,EACb,SAAS,EACT,eAAe,EACf,YAAY,EACb,GAAG,QAAQ,CAAC,mBAAmB,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAExD,IAAI,GAAG;gBACL,YAAY;gBACZ,aAAa;gBACb,SAAS;gBACT,eAAe;gBACf,SAAS,EAAE,WAAW,CAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QACD,KAAK,sBAAsB,CAAC,CAAC,CAAC;YAC5B,MAAM,kBAAkB,GAAG,kBAAkB,CAAC;gBAC5C,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,qBAAqB;aAChC,CAAC,CAAC;YAEH,MAAM,CAAC,YAAY,EAAE,YAAY,EAAE,iBAAiB,EAAE,YAAY,CAAC,GACjE,QAAQ,CAAC,kBAAkB,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAEjD,IAAI,GAAG;gBACL,YAAY;gBACZ,YAAY;gBACZ,cAAc,EAAE,WAAW,CAAC,iBAAiB,CAAC;gBAC9C,SAAS,EAAE,WAAW,CAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QAED,KAAK,qBAAqB,CAAC,CAAC,CAAC;YAC3B,MAAM,yBAAyB,GAAG,kBAAkB,CAAC;gBACnD,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,4BAA4B;aACvC,CAAC,CAAC;YAEH,MAAM,CAAC,aAAa,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,CAAC,GAC7D,QAAQ,CAAC,yBAAyB,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAExD,IAAI,GAAG;gBACL,aAAa;gBACb,SAAS;gBACT,eAAe;gBACf,SAAS,EAAE,WAAW,CAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QACD,KAAK,uBAAuB,CAAC,CAAC,CAAC;YAC7B,MAAM,wBAAwB,GAAG,kBAAkB,CAAC;gBAClD,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,2BAA2B;aACtC,CAAC,CAAC;YAEH,MAAM,CAAC,YAAY,EAAE,iBAAiB,EAAE,YAAY,CAAC,GAAG,QAAQ,CAC9D,wBAAwB,EACxB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CACb,CAAC;YAEF,IAAI,GAAG;gBACL,YAAY;gBACZ,cAAc,EAAE,WAAW,CAAC,iBAAiB,CAAC;gBAC9C,SAAS,EAAE,WAAW,CAAC,YAAY,CAAC;aACrC,CAAC;YACF,MAAM;QACR,CAAC;QACD,KAAK,wBAAwB,CAAC,CAAC,CAAC;YAC9B,IAAI,GAAG,EAAE,CAAC;YACV,MAAM;QACR,CAAC;QACD;YACE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAC1B,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,EAC3C,OAAO,EACP,cAAc,EACd,SAAS,EACT,QAAQ,EACR,SAAS,EACT,MAAM,EACN,IAAI,EACJ,aAAa,EACb,eAAe,GAWhB,EAAE,EAAE;IACH,IAAI,SAAS,KAAK,cAAc,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,UAAU,GAAsB;QACpC,OAAO,EAAE,WAAW,CAAC,OAAO,CAAC;QAC7B,OAAO,EAAE,SAAS;QAClB,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE;QACxD,UAAU,EAAE;YACV,IAAI,EAAE,cAAc;YACpB,IAAI;YACJ,aAAa;SACd;QACD,MAAM;QACN,MAAM,EAAE,eAAe;KACxB,CAAC;IAEF,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC","sourcesContent":["import type { Caveat, Hex } from '@metamask/delegation-core';\nimport { ROOT_AUTHORITY } from '@metamask/delegation-core';\nimport { getChecksumAddress, hexToNumber, numberToHex } from '@metamask/utils';\n\nimport type {\n DecodedPermission,\n DeployedContractsByName,\n PermissionType,\n} from './types';\nimport {\n createPermissionRulesForChainId,\n getChecksumEnforcersByChainId,\n getTermsByEnforcer,\n splitHex,\n} from './utils';\n\n/**\n * Identifies the unique permission type that matches a given set of enforcer\n * contract addresses for a specific chain.\n *\n * A permission type matches when:\n * - All of its required enforcers are present in the provided list; and\n * - No provided enforcer falls outside the union of the type's required and\n * optional enforcers (currently only `TimestampEnforcer` is allowed extra).\n *\n * If exactly one permission type matches, its identifier is returned.\n *\n * @param args - The arguments to this function.\n * @param args.enforcers - List of enforcer contract addresses (hex strings).\n *\n * @param args.contracts - The deployed contracts for the chain.\n * @returns The identifier of the matching permission type.\n * @throws If no permission type matches, or if more than one permission type matches.\n */\nexport const identifyPermissionByEnforcers = ({\n enforcers,\n contracts,\n}: {\n enforcers: Hex[];\n contracts: DeployedContractsByName;\n}): PermissionType => {\n // Build frequency map for enforcers (using checksummed addresses)\n const counts = new Map<Hex, number>();\n for (const addr of enforcers.map(getChecksumAddress)) {\n counts.set(addr, (counts.get(addr) ?? 0) + 1);\n }\n const enforcersSet = new Set(counts.keys());\n\n const permissionRules = createPermissionRulesForChainId(contracts);\n\n let matchingPermissionType: PermissionType | null = null;\n\n for (const {\n optionalEnforcers,\n requiredEnforcers,\n permissionType,\n } of permissionRules) {\n // union of optional + required enforcers. Any other address is forbidden.\n const allowedEnforcers = new Set<Hex>([\n ...optionalEnforcers,\n ...requiredEnforcers.keys(),\n ]);\n\n let hasForbiddenEnforcers = false;\n\n for (const caveat of enforcersSet) {\n if (!allowedEnforcers.has(caveat)) {\n hasForbiddenEnforcers = true;\n break;\n }\n }\n\n // exact multiplicity match for required enforcers\n let meetsRequiredCounts = true;\n for (const [addr, requiredCount] of requiredEnforcers.entries()) {\n if ((counts.get(addr) ?? 0) !== requiredCount) {\n meetsRequiredCounts = false;\n break;\n }\n }\n\n if (meetsRequiredCounts && !hasForbiddenEnforcers) {\n if (matchingPermissionType) {\n throw new Error('Multiple permission types match');\n }\n matchingPermissionType = permissionType;\n }\n }\n\n if (!matchingPermissionType) {\n throw new Error('Unable to identify permission type');\n }\n\n return matchingPermissionType;\n};\n\n/**\n * Extracts the expiry timestamp from TimestampEnforcer caveat terms.\n *\n * Based on the TimestampEnforcer contract encoding:\n * - Terms are 32 bytes total (64 hex characters without '0x')\n * - First 16 bytes (32 hex chars): timestampAfterThreshold (uint128) - must be 0\n * - Last 16 bytes (32 hex chars): timestampBeforeThreshold (uint128) - this is the expiry\n *\n * @param terms - The hex-encoded terms from a TimestampEnforcer caveat\n * @returns The expiry timestamp in seconds\n * @throws If the terms are not exactly 32 bytes, if the timestampAfterThreshold is non-zero,\n * or if the timestampBeforeThreshold is zero\n */\nconst extractExpiryFromCaveatTerms = (terms: Hex): number => {\n // Validate terms length: must be exactly 32 bytes (64 hex chars + '0x' prefix = 66 chars)\n if (terms.length !== 66) {\n throw new Error(\n `Invalid TimestampEnforcer terms length: expected 66 characters (0x + 64 hex), got ${terms.length}`,\n );\n }\n\n const [after, before] = splitHex(terms, [16, 16]);\n\n if (hexToNumber(after) !== 0) {\n throw new Error('Invalid expiry: timestampAfterThreshold must be 0');\n }\n\n const expiry = hexToNumber(before);\n\n if (expiry === 0) {\n throw new Error(\n 'Invalid expiry: timestampBeforeThreshold must be greater than 0',\n );\n }\n\n return expiry;\n};\n\n/**\n * Extracts the permission-specific data payload and the expiry timestamp from\n * the provided caveats for a given permission type.\n *\n * This function locates the relevant caveat enforcer for the `permissionType`,\n * interprets its `terms` by splitting the hex string into byte-sized segments,\n * and converts each segment into the appropriate numeric or address shape.\n *\n * The expiry timestamp is derived from the `TimestampEnforcer` terms and must\n * have a zero `timestampAfterThreshold` and a positive `timestampBeforeThreshold`.\n *\n * @param args - The arguments to this function.\n * @param args.contracts - The deployed contracts for the chain.\n * @param args.caveats - Caveats decoded from the permission context.\n * @param args.permissionType - The previously identified permission type.\n *\n * @returns An object containing the `expiry` timestamp and the decoded `data` payload.\n * @throws If the caveats are malformed, missing, or the terms fail to decode.\n */\nexport const getPermissionDataAndExpiry = ({\n contracts,\n caveats,\n permissionType,\n}: {\n contracts: DeployedContractsByName;\n caveats: Caveat<Hex>[];\n permissionType: PermissionType;\n}): {\n expiry: number | null;\n data: DecodedPermission['permission']['data'];\n} => {\n const checksumCaveats = caveats.map((caveat) => ({\n ...caveat,\n enforcer: getChecksumAddress(caveat.enforcer),\n }));\n\n const {\n erc20StreamingEnforcer,\n erc20PeriodicEnforcer,\n nativeTokenStreamingEnforcer,\n nativeTokenPeriodicEnforcer,\n timestampEnforcer,\n } = getChecksumEnforcersByChainId(contracts);\n\n const expiryTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: timestampEnforcer,\n throwIfNotFound: false,\n });\n\n let expiry: number | null = null;\n if (expiryTerms) {\n expiry = extractExpiryFromCaveatTerms(expiryTerms);\n }\n\n let data: DecodedPermission['permission']['data'];\n\n switch (permissionType) {\n case 'erc20-token-stream': {\n const erc20StreamingTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: erc20StreamingEnforcer,\n });\n\n const [\n tokenAddress,\n initialAmount,\n maxAmount,\n amountPerSecond,\n startTimeRaw,\n ] = splitHex(erc20StreamingTerms, [20, 32, 32, 32, 32]);\n\n data = {\n tokenAddress,\n initialAmount,\n maxAmount,\n amountPerSecond,\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n case 'erc20-token-periodic': {\n const erc20PeriodicTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: erc20PeriodicEnforcer,\n });\n\n const [tokenAddress, periodAmount, periodDurationRaw, startTimeRaw] =\n splitHex(erc20PeriodicTerms, [20, 32, 32, 32]);\n\n data = {\n tokenAddress,\n periodAmount,\n periodDuration: hexToNumber(periodDurationRaw),\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n\n case 'native-token-stream': {\n const nativeTokenStreamingTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: nativeTokenStreamingEnforcer,\n });\n\n const [initialAmount, maxAmount, amountPerSecond, startTimeRaw] =\n splitHex(nativeTokenStreamingTerms, [32, 32, 32, 32]);\n\n data = {\n initialAmount,\n maxAmount,\n amountPerSecond,\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n case 'native-token-periodic': {\n const nativeTokenPeriodicTerms = getTermsByEnforcer({\n caveats: checksumCaveats,\n enforcer: nativeTokenPeriodicEnforcer,\n });\n\n const [periodAmount, periodDurationRaw, startTimeRaw] = splitHex(\n nativeTokenPeriodicTerms,\n [32, 32, 32],\n );\n\n data = {\n periodAmount,\n periodDuration: hexToNumber(periodDurationRaw),\n startTime: hexToNumber(startTimeRaw),\n };\n break;\n }\n case 'erc20-token-revocation': {\n data = {};\n break;\n }\n default:\n throw new Error('Invalid permission type');\n }\n\n return { expiry, data };\n};\n\n/**\n * Reconstructs a {@link DecodedPermission} object from primitive values\n * obtained while decoding a permission context.\n *\n * The resulting object contains:\n * - `chainId` encoded as hex (`0x…`)\n * - `address` set to the delegator (user account)\n * - `signer` set to an account signer with the delegate address\n * - `permission` with the identified type and decoded data\n * - `expiry` timestamp (or null)\n *\n * @param args - The arguments to this function.\n * @param args.chainId - Chain ID.\n * @param args.permissionType - Identified permission type.\n * @param args.delegator - Address of the account delegating permission.\n * @param args.delegate - Address that will act under the granted permission.\n * @param args.authority - Authority identifier; must be ROOT_AUTHORITY.\n * @param args.expiry - Expiry timestamp (unix seconds) or null if unbounded.\n * @param args.data - Permission-specific decoded data payload.\n * @param args.justification - Human-readable justification for the permission.\n * @param args.specifiedOrigin - The origin reported in the request metadata.\n *\n * @returns The reconstructed {@link DecodedPermission}.\n */\nexport const reconstructDecodedPermission = ({\n chainId,\n permissionType,\n delegator,\n delegate,\n authority,\n expiry,\n data,\n justification,\n specifiedOrigin,\n}: {\n chainId: number;\n permissionType: PermissionType;\n delegator: Hex;\n delegate: Hex;\n authority: Hex;\n expiry: number | null;\n data: DecodedPermission['permission']['data'];\n justification: string;\n specifiedOrigin: string;\n}) => {\n if (authority !== ROOT_AUTHORITY) {\n throw new Error('Invalid authority');\n }\n\n const permission: DecodedPermission = {\n chainId: numberToHex(chainId),\n address: delegator,\n signer: { type: 'account', data: { address: delegate } },\n permission: {\n type: permissionType,\n data,\n justification,\n },\n expiry,\n origin: specifiedOrigin,\n };\n\n return permission;\n};\n"]}
package/dist/decodePermission/utils.cjs CHANGED
@@ -14,6 +14,7 @@ const ENFORCER_CONTRACT_NAMES = {
14
14
  TimestampEnforcer: 'TimestampEnforcer',
15
15
  ValueLteEnforcer: 'ValueLteEnforcer',
16
16
  NonceEnforcer: 'NonceEnforcer',
17
+ AllowedCalldataEnforcer: 'AllowedCalldataEnforcer',
17
18
  };
18
19
  /**
19
20
  * Resolves and returns checksummed addresses of all known enforcer contracts
@@ -41,6 +42,7 @@ const getChecksumEnforcersByChainId = (contracts) => {
41
42
  const valueLteEnforcer = getChecksumContractAddress(ENFORCER_CONTRACT_NAMES.ValueLteEnforcer);
42
43
  const timestampEnforcer = getChecksumContractAddress(ENFORCER_CONTRACT_NAMES.TimestampEnforcer);
43
44
  const nonceEnforcer = getChecksumContractAddress(ENFORCER_CONTRACT_NAMES.NonceEnforcer);
45
+ const allowedCalldataEnforcer = getChecksumContractAddress(ENFORCER_CONTRACT_NAMES.AllowedCalldataEnforcer);
44
46
  return {
45
47
  erc20StreamingEnforcer,
46
48
  erc20PeriodicEnforcer,
@@ -50,6 +52,7 @@ const getChecksumEnforcersByChainId = (contracts) => {
50
52
  valueLteEnforcer,
51
53
  timestampEnforcer,
52
54
  nonceEnforcer,
55
+ allowedCalldataEnforcer,
53
56
  };
54
57
  };
55
58
  exports.getChecksumEnforcersByChainId = getChecksumEnforcersByChainId;
@@ -57,7 +60,7 @@ exports.getChecksumEnforcersByChainId = getChecksumEnforcersByChainId;
57
60
  * Builds the canonical set of permission matching rules for a chain.
58
61
  *
59
62
  * Each rule specifies the `permissionType`, the set of `requiredEnforcers`
60
- * that must be present, and the set of `allowedEnforcers` that may appear in
63
+ * that must be present, and the set of `optionalEnforcers` that may appear in
61
64
  * addition to the required set.
62
65
  *
63
66
  * @param contracts - The deployed contracts for the chain.
@@ -65,46 +68,55 @@ exports.getChecksumEnforcersByChainId = getChecksumEnforcersByChainId;
65
68
  * @throws Propagates any errors from resolving enforcer addresses.
66
69
  */
67
70
  const createPermissionRulesForChainId = (contracts) => {
68
- const { erc20StreamingEnforcer, erc20PeriodicEnforcer, nativeTokenStreamingEnforcer, nativeTokenPeriodicEnforcer, exactCalldataEnforcer, valueLteEnforcer, timestampEnforcer, nonceEnforcer, } = (0, exports.getChecksumEnforcersByChainId)(contracts);
69
- // the allowed enforcers are the same for all permission types
70
- const allowedEnforcers = new Set([timestampEnforcer]);
71
+ const { erc20StreamingEnforcer, erc20PeriodicEnforcer, nativeTokenStreamingEnforcer, nativeTokenPeriodicEnforcer, exactCalldataEnforcer, valueLteEnforcer, timestampEnforcer, nonceEnforcer, allowedCalldataEnforcer, } = (0, exports.getChecksumEnforcersByChainId)(contracts);
72
+ // the optional enforcers are the same for all permission types
73
+ const optionalEnforcers = new Set([timestampEnforcer]);
71
74
  const permissionRules = [
72
75
  {
73
- requiredEnforcers: new Set([
74
- nativeTokenStreamingEnforcer,
75
- exactCalldataEnforcer,
76
- nonceEnforcer,
76
+ requiredEnforcers: new Map([
77
+ [nativeTokenStreamingEnforcer, 1],
78
+ [exactCalldataEnforcer, 1],
79
+ [nonceEnforcer, 1],
77
80
  ]),
78
- allowedEnforcers,
81
+ optionalEnforcers,
79
82
  permissionType: 'native-token-stream',
80
83
  },
81
84
  {
82
- requiredEnforcers: new Set([
83
- nativeTokenPeriodicEnforcer,
84
- exactCalldataEnforcer,
85
- nonceEnforcer,
85
+ requiredEnforcers: new Map([
86
+ [nativeTokenPeriodicEnforcer, 1],
87
+ [exactCalldataEnforcer, 1],
88
+ [nonceEnforcer, 1],
86
89
  ]),
87
- allowedEnforcers,
90
+ optionalEnforcers,
88
91
  permissionType: 'native-token-periodic',
89
92
  },
90
93
  {
91
- requiredEnforcers: new Set([
92
- erc20StreamingEnforcer,
93
- valueLteEnforcer,
94
- nonceEnforcer,
94
+ requiredEnforcers: new Map([
95
+ [erc20StreamingEnforcer, 1],
96
+ [valueLteEnforcer, 1],
97
+ [nonceEnforcer, 1],
95
98
  ]),
96
- allowedEnforcers,
99
+ optionalEnforcers,
97
100
  permissionType: 'erc20-token-stream',
98
101
  },
99
102
  {
100
- requiredEnforcers: new Set([
101
- erc20PeriodicEnforcer,
102
- valueLteEnforcer,
103
- nonceEnforcer,
103
+ requiredEnforcers: new Map([
104
+ [erc20PeriodicEnforcer, 1],
105
+ [valueLteEnforcer, 1],
106
+ [nonceEnforcer, 1],
104
107
  ]),
105
- allowedEnforcers,
108
+ optionalEnforcers,
106
109
  permissionType: 'erc20-token-periodic',
107
110
  },
111
+ {
112
+ requiredEnforcers: new Map([
113
+ [allowedCalldataEnforcer, 2],
114
+ [valueLteEnforcer, 1],
115
+ [nonceEnforcer, 1],
116
+ ]),
117
+ optionalEnforcers,
118
+ permissionType: 'erc20-token-revocation',
119
+ },
108
120
  ];
109
121
  return permissionRules;
110
122
  };
package/dist/decodePermission/utils.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"utils.cjs","sourceRoot":"","sources":["../../src/decodePermission/utils.ts"],"names":[],"mappings":";;;AACA,2CAA+D;AAa/D;;GAEG;AACH,MAAM,uBAAuB,GAAG;IAC9B,2BAA2B,EAAE,6BAA6B;IAC1D,sBAAsB,EAAE,wBAAwB;IAChD,qBAAqB,EAAE,uBAAuB;IAC9C,iCAAiC,EAAE,mCAAmC;IACtE,4BAA4B,EAAE,8BAA8B;IAC5D,iBAAiB,EAAE,mBAAmB;IACtC,gBAAgB,EAAE,kBAAkB;IACpC,aAAa,EAAE,eAAe;CAC/B,CAAC;AAEF;;;;;;;GAOG;AACI,MAAM,6BAA6B,GAAG,CAC3C,SAAkC,EAClC,EAAE;IACF,MAAM,0BAA0B,GAAG,CAAC,YAAoB,EAAE,EAAE;QAC1D,MAAM,OAAO,GAAG,SAAS,CAAC,YAAY,CAAC,CAAC;QAExC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,uBAAuB,YAAY,EAAE,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,IAAA,0BAAkB,EAAC,OAAO,CAAC,CAAC;IACrC,CAAC,CAAC;IAEF,qCAAqC;IACrC,MAAM,sBAAsB,GAAG,0BAA0B,CACvD,uBAAuB,CAAC,sBAAsB,CAC/C,CAAC;IACF,MAAM,qBAAqB,GAAG,0BAA0B,CACtD,uBAAuB,CAAC,2BAA2B,CACpD,CAAC;IACF,MAAM,4BAA4B,GAAG,0BAA0B,CAC7D,uBAAuB,CAAC,4BAA4B,CACrD,CAAC;IACF,MAAM,2BAA2B,GAAG,0BAA0B,CAC5D,uBAAuB,CAAC,iCAAiC,CAC1D,CAAC;IAEF,oBAAoB;IACpB,MAAM,qBAAqB,GAAG,0BAA0B,CACtD,uBAAuB,CAAC,qBAAqB,CAC9C,CAAC;IACF,MAAM,gBAAgB,GAAG,0BAA0B,CACjD,uBAAuB,CAAC,gBAAgB,CACzC,CAAC;IACF,MAAM,iBAAiB,GAAG,0BAA0B,CAClD,uBAAuB,CAAC,iBAAiB,CAC1C,CAAC;IACF,MAAM,aAAa,GAAG,0BAA0B,CAC9C,uBAAuB,CAAC,aAAa,CACtC,CAAC;IAEF,OAAO;QACL,sBAAsB;QACtB,qBAAqB;QACrB,4BAA4B;QAC5B,2BAA2B;QAC3B,qBAAqB;QACrB,gBAAgB;QAChB,iBAAiB;QACjB,aAAa;KACd,CAAC;AACJ,CAAC,CAAC;AAnDW,QAAA,6BAA6B,iCAmDxC;AAEF;;;;;;;;;;GAUG;AACI,MAAM,+BAA+B,GAEpB,CAAC,SAAkC,EAAE,EAAE;IAC7D,MAAM,EACJ,sBAAsB,EACtB,qBAAqB,EACrB,4BAA4B,EAC5B,2BAA2B,EAC3B,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,GACd,GAAG,IAAA,qCAA6B,EAAC,SAAS,CAAC,CAAC;IAE7C,8DAA8D;IAC9D,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAE3D,MAAM,eAAe,GAAqB;QACxC;YACE,iBAAiB,EAAE,IAAI,GAAG,CAAM;gBAC9B,4BAA4B;gBAC5B,qBAAqB;gBACrB,aAAa;aACd,CAAC;YACF,gBAAgB;YAChB,cAAc,EAAE,qBAAqB;SACtC;QACD;YACE,iBAAiB,EAAE,IAAI,GAAG,CAAM;gBAC9B,2BAA2B;gBAC3B,qBAAqB;gBACrB,aAAa;aACd,CAAC;YACF,gBAAgB;YAChB,cAAc,EAAE,uBAAuB;SACxC;QACD;YACE,iBAAiB,EAAE,IAAI,GAAG,CAAM;gBAC9B,sBAAsB;gBACtB,gBAAgB;gBAChB,aAAa;aACd,CAAC;YACF,gBAAgB;YAChB,cAAc,EAAE,oBAAoB;SACrC;QACD;YACE,iBAAiB,EAAE,IAAI,GAAG,CAAM;gBAC9B,qBAAqB;gBACrB,gBAAgB;gBAChB,aAAa;aACd,CAAC;YACF,gBAAgB;YAChB,cAAc,EAAE,sBAAsB;SACvC;KACF,CAAC;IAEF,OAAO,eAAe,CAAC;AACzB,CAAC,CAAC;AAzDW,QAAA,+BAA+B,mCAyD1C;AAEF;;;;;;GAMG;AACI,MAAM,QAAQ,GAAG,CAAI,MAAc,EAAE,QAAgB,EAAW,EAAE;IACvE,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACrB,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAPW,QAAA,QAAQ,YAOnB;AAEF;;;;;;;;GAQG;AACH,SAAgB,kBAAkB,CAA0C,EAC1E,OAAO,EACP,QAAQ,EACR,eAAe,GAKhB;IACC,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM,CACpC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,KAAK,QAAQ,CACzC,CAAC;IAEF,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,IAAI,eAAe,IAAI,IAAI,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,IAAwD,CAAC;IAClE,CAAC;IAED,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,eAAe,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AAClC,CAAC;AAzBD,gDAyBC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,SAAgB,QAAQ,CAAC,KAAU,EAAE,OAAiB;IACpD,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,KAAK,GAAU,EAAE,CAAC;IACxB,KAAK,MAAM,UAAU,IAAI,OAAO,EAAE,CAAC;QACjC,MAAM,cAAc,GAAG,UAAU,GAAG,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,GAAG,cAAc,CAAC,CAAC;QACxD,KAAK,IAAI,cAAc,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,EAAW,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAVD,4BAUC","sourcesContent":["import type { Caveat } from '@metamask/delegation-core';\nimport { getChecksumAddress, type Hex } from '@metamask/utils';\n\nimport type { DeployedContractsByName, PermissionType } from './types';\n\n/**\n * A rule that defines the required and allowed enforcers for a permission type.\n */\nexport type PermissionRule = {\n permissionType: PermissionType;\n requiredEnforcers: Set<Hex>;\n allowedEnforcers: Set<Hex>;\n};\n\n/**\n * The names of the enforcer contracts for each permission type.\n */\nconst ENFORCER_CONTRACT_NAMES = {\n ERC20PeriodTransferEnforcer: 'ERC20PeriodTransferEnforcer',\n ERC20StreamingEnforcer: 'ERC20StreamingEnforcer',\n ExactCalldataEnforcer: 'ExactCalldataEnforcer',\n NativeTokenPeriodTransferEnforcer: 'NativeTokenPeriodTransferEnforcer',\n NativeTokenStreamingEnforcer: 'NativeTokenStreamingEnforcer',\n TimestampEnforcer: 'TimestampEnforcer',\n ValueLteEnforcer: 'ValueLteEnforcer',\n NonceEnforcer: 'NonceEnforcer',\n};\n\n/**\n * Resolves and returns checksummed addresses of all known enforcer contracts\n * for a given `chainId` under the current delegation framework version.\n *\n * @param contracts - The deployed contracts for the chain.\n * @returns An object mapping enforcer names to checksummed contract addresses.\n * @throws If the chain or an expected enforcer contract is not found.\n */\nexport const getChecksumEnforcersByChainId = (\n contracts: DeployedContractsByName,\n) => {\n const getChecksumContractAddress = (contractName: string) => {\n const address = contracts[contractName];\n\n if (!address) {\n throw new Error(`Contract not found: ${contractName}`);\n }\n\n return getChecksumAddress(address);\n };\n\n // permission type specific enforcers\n const erc20StreamingEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.ERC20StreamingEnforcer,\n );\n const erc20PeriodicEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.ERC20PeriodTransferEnforcer,\n );\n const nativeTokenStreamingEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.NativeTokenStreamingEnforcer,\n );\n const nativeTokenPeriodicEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.NativeTokenPeriodTransferEnforcer,\n );\n\n // general enforcers\n const exactCalldataEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.ExactCalldataEnforcer,\n );\n const valueLteEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.ValueLteEnforcer,\n );\n const timestampEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.TimestampEnforcer,\n );\n const nonceEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.NonceEnforcer,\n );\n\n return {\n erc20StreamingEnforcer,\n erc20PeriodicEnforcer,\n nativeTokenStreamingEnforcer,\n nativeTokenPeriodicEnforcer,\n exactCalldataEnforcer,\n valueLteEnforcer,\n timestampEnforcer,\n nonceEnforcer,\n };\n};\n\n/**\n * Builds the canonical set of permission matching rules for a chain.\n *\n * Each rule specifies the `permissionType`, the set of `requiredEnforcers`\n * that must be present, and the set of `allowedEnforcers` that may appear in\n * addition to the required set.\n *\n * @param contracts - The deployed contracts for the chain.\n * @returns A list of permission rules used to identify permission types.\n * @throws Propagates any errors from resolving enforcer addresses.\n */\nexport const createPermissionRulesForChainId: (\n contracts: DeployedContractsByName,\n) => PermissionRule[] = (contracts: DeployedContractsByName) => {\n const {\n erc20StreamingEnforcer,\n erc20PeriodicEnforcer,\n nativeTokenStreamingEnforcer,\n nativeTokenPeriodicEnforcer,\n exactCalldataEnforcer,\n valueLteEnforcer,\n timestampEnforcer,\n nonceEnforcer,\n } = getChecksumEnforcersByChainId(contracts);\n\n // the allowed enforcers are the same for all permission types\n const allowedEnforcers = new Set<Hex>([timestampEnforcer]);\n\n const permissionRules: PermissionRule[] = [\n {\n requiredEnforcers: new Set<Hex>([\n nativeTokenStreamingEnforcer,\n exactCalldataEnforcer,\n nonceEnforcer,\n ]),\n allowedEnforcers,\n permissionType: 'native-token-stream',\n },\n {\n requiredEnforcers: new Set<Hex>([\n nativeTokenPeriodicEnforcer,\n exactCalldataEnforcer,\n nonceEnforcer,\n ]),\n allowedEnforcers,\n permissionType: 'native-token-periodic',\n },\n {\n requiredEnforcers: new Set<Hex>([\n erc20StreamingEnforcer,\n valueLteEnforcer,\n nonceEnforcer,\n ]),\n allowedEnforcers,\n permissionType: 'erc20-token-stream',\n },\n {\n requiredEnforcers: new Set<Hex>([\n erc20PeriodicEnforcer,\n valueLteEnforcer,\n nonceEnforcer,\n ]),\n allowedEnforcers,\n permissionType: 'erc20-token-periodic',\n },\n ];\n\n return permissionRules;\n};\n\n/**\n * Determines whether all elements of `subset` are contained within `superset`.\n *\n * @param subset - The candidate subset to test.\n * @param superset - The set expected to contain all elements of `subset`.\n * @returns `true` if `subset` ⊆ `superset`, otherwise `false`.\n */\nexport const isSubset = <T>(subset: Set<T>, superset: Set<T>): boolean => {\n for (const x of subset) {\n if (!superset.has(x)) {\n return false;\n }\n }\n return true;\n};\n\n/**\n * Gets the terms for a given enforcer from a list of caveats.\n *\n * @param args - The arguments to this function.\n * @param args.throwIfNotFound - Whether to throw an error if no matching enforcer is found. Default is true.\n * @param args.caveats - The list of caveats to search.\n * @param args.enforcer - The enforcer to search for.\n * @returns The terms for the given enforcer.\n */\nexport function getTermsByEnforcer<TThrowIfNotFound extends boolean = true>({\n caveats,\n enforcer,\n throwIfNotFound,\n}: {\n caveats: Caveat<Hex>[];\n enforcer: Hex;\n throwIfNotFound?: TThrowIfNotFound;\n}): TThrowIfNotFound extends true ? Hex : Hex | null {\n const matchingCaveats = caveats.filter(\n (caveat) => caveat.enforcer === enforcer,\n );\n\n if (matchingCaveats.length === 0) {\n if (throwIfNotFound ?? true) {\n throw new Error('Invalid caveats');\n }\n return null as TThrowIfNotFound extends true ? Hex : Hex | null;\n }\n\n if (matchingCaveats.length > 1) {\n throw new Error('Invalid caveats');\n }\n\n return matchingCaveats[0].terms;\n}\n\n/**\n * Splits a 0x-prefixed hex string into parts according to the provided byte lengths.\n *\n * Each entry in `lengths` represents a part length in bytes; internally this is\n * multiplied by 2 to derive the number of hexadecimal characters to slice. The\n * returned substrings do not include the `0x` prefix and preserve leading zeros.\n *\n * Note: This function does not perform input validation (e.g., verifying the\n * payload length equals the sum of requested lengths). Callers are expected to\n * provide well-formed inputs.\n *\n * Example:\n * splitHex('0x12345678', [1, 3]) => ['0x12', '0x345678']\n *\n * @param value - The 0x-prefixed hex string to split.\n * @param lengths - The lengths of each part, in bytes.\n * @returns An array of hex substrings (each with `0x` prefix), one for each part.\n */\nexport function splitHex(value: Hex, lengths: number[]): Hex[] {\n let start = 2;\n const parts: Hex[] = [];\n for (const partLength of lengths) {\n const partCharLength = partLength * 2;\n const part = value.slice(start, start + partCharLength);\n start += partCharLength;\n parts.push(`0x${part}` as const);\n }\n return parts;\n}\n"]}
1
+ {"version":3,"file":"utils.cjs","sourceRoot":"","sources":["../../src/decodePermission/utils.ts"],"names":[],"mappings":";;;AACA,2CAAqD;AAcrD;;GAEG;AACH,MAAM,uBAAuB,GAAG;IAC9B,2BAA2B,EAAE,6BAA6B;IAC1D,sBAAsB,EAAE,wBAAwB;IAChD,qBAAqB,EAAE,uBAAuB;IAC9C,iCAAiC,EAAE,mCAAmC;IACtE,4BAA4B,EAAE,8BAA8B;IAC5D,iBAAiB,EAAE,mBAAmB;IACtC,gBAAgB,EAAE,kBAAkB;IACpC,aAAa,EAAE,eAAe;IAC9B,uBAAuB,EAAE,yBAAyB;CACnD,CAAC;AAEF;;;;;;;GAOG;AACI,MAAM,6BAA6B,GAAG,CAC3C,SAAkC,EAClC,EAAE;IACF,MAAM,0BAA0B,GAAG,CAAC,YAAoB,EAAE,EAAE;QAC1D,MAAM,OAAO,GAAG,SAAS,CAAC,YAAY,CAAC,CAAC;QAExC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,uBAAuB,YAAY,EAAE,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,IAAA,0BAAkB,EAAC,OAAO,CAAC,CAAC;IACrC,CAAC,CAAC;IAEF,qCAAqC;IACrC,MAAM,sBAAsB,GAAG,0BAA0B,CACvD,uBAAuB,CAAC,sBAAsB,CAC/C,CAAC;IACF,MAAM,qBAAqB,GAAG,0BAA0B,CACtD,uBAAuB,CAAC,2BAA2B,CACpD,CAAC;IACF,MAAM,4BAA4B,GAAG,0BAA0B,CAC7D,uBAAuB,CAAC,4BAA4B,CACrD,CAAC;IACF,MAAM,2BAA2B,GAAG,0BAA0B,CAC5D,uBAAuB,CAAC,iCAAiC,CAC1D,CAAC;IAEF,oBAAoB;IACpB,MAAM,qBAAqB,GAAG,0BAA0B,CACtD,uBAAuB,CAAC,qBAAqB,CAC9C,CAAC;IACF,MAAM,gBAAgB,GAAG,0BAA0B,CACjD,uBAAuB,CAAC,gBAAgB,CACzC,CAAC;IACF,MAAM,iBAAiB,GAAG,0BAA0B,CAClD,uBAAuB,CAAC,iBAAiB,CAC1C,CAAC;IACF,MAAM,aAAa,GAAG,0BAA0B,CAC9C,uBAAuB,CAAC,aAAa,CACtC,CAAC;IAEF,MAAM,uBAAuB,GAAG,0BAA0B,CACxD,uBAAuB,CAAC,uBAAuB,CAChD,CAAC;IAEF,OAAO;QACL,sBAAsB;QACtB,qBAAqB;QACrB,4BAA4B;QAC5B,2BAA2B;QAC3B,qBAAqB;QACrB,gBAAgB;QAChB,iBAAiB;QACjB,aAAa;QACb,uBAAuB;KACxB,CAAC;AACJ,CAAC,CAAC;AAxDW,QAAA,6BAA6B,iCAwDxC;AAEF;;;;;;;;;;GAUG;AACI,MAAM,+BAA+B,GAEpB,CAAC,SAAkC,EAAE,EAAE;IAC7D,MAAM,EACJ,sBAAsB,EACtB,qBAAqB,EACrB,4BAA4B,EAC5B,2BAA2B,EAC3B,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,EACb,uBAAuB,GACxB,GAAG,IAAA,qCAA6B,EAAC,SAAS,CAAC,CAAC;IAE7C,+DAA+D;IAC/D,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAE5D,MAAM,eAAe,GAAqB;QACxC;YACE,iBAAiB,EAAE,IAAI,GAAG,CAAc;gBACtC,CAAC,4BAA4B,EAAE,CAAC,CAAC;gBACjC,CAAC,qBAAqB,EAAE,CAAC,CAAC;gBAC1B,CAAC,aAAa,EAAE,CAAC,CAAC;aACnB,CAAC;YACF,iBAAiB;YACjB,cAAc,EAAE,qBAAqB;SACtC;QACD;YACE,iBAAiB,EAAE,IAAI,GAAG,CAAc;gBACtC,CAAC,2BAA2B,EAAE,CAAC,CAAC;gBAChC,CAAC,qBAAqB,EAAE,CAAC,CAAC;gBAC1B,CAAC,aAAa,EAAE,CAAC,CAAC;aACnB,CAAC;YACF,iBAAiB;YACjB,cAAc,EAAE,uBAAuB;SACxC;QACD;YACE,iBAAiB,EAAE,IAAI,GAAG,CAAc;gBACtC,CAAC,sBAAsB,EAAE,CAAC,CAAC;gBAC3B,CAAC,gBAAgB,EAAE,CAAC,CAAC;gBACrB,CAAC,aAAa,EAAE,CAAC,CAAC;aACnB,CAAC;YACF,iBAAiB;YACjB,cAAc,EAAE,oBAAoB;SACrC;QACD;YACE,iBAAiB,EAAE,IAAI,GAAG,CAAc;gBACtC,CAAC,qBAAqB,EAAE,CAAC,CAAC;gBAC1B,CAAC,gBAAgB,EAAE,CAAC,CAAC;gBACrB,CAAC,aAAa,EAAE,CAAC,CAAC;aACnB,CAAC;YACF,iBAAiB;YACjB,cAAc,EAAE,sBAAsB;SACvC;QACD;YACE,iBAAiB,EAAE,IAAI,GAAG,CAAc;gBACtC,CAAC,uBAAuB,EAAE,CAAC,CAAC;gBAC5B,CAAC,gBAAgB,EAAE,CAAC,CAAC;gBACrB,CAAC,aAAa,EAAE,CAAC,CAAC;aACnB,CAAC;YACF,iBAAiB;YACjB,cAAc,EAAE,wBAAwB;SACzC;KACF,CAAC;IAEF,OAAO,eAAe,CAAC;AACzB,CAAC,CAAC;AAnEW,QAAA,+BAA+B,mCAmE1C;AAEF;;;;;;GAMG;AACI,MAAM,QAAQ,GAAG,CAAI,MAAc,EAAE,QAAgB,EAAW,EAAE;IACvE,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACrB,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAPW,QAAA,QAAQ,YAOnB;AAEF;;;;;;;;GAQG;AACH,SAAgB,kBAAkB,CAA0C,EAC1E,OAAO,EACP,QAAQ,EACR,eAAe,GAKhB;IACC,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM,CACpC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,KAAK,QAAQ,CACzC,CAAC;IAEF,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,IAAI,eAAe,IAAI,IAAI,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,IAAwD,CAAC;IAClE,CAAC;IAED,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,eAAe,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AAClC,CAAC;AAzBD,gDAyBC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,SAAgB,QAAQ,CAAC,KAAU,EAAE,OAAiB;IACpD,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,KAAK,GAAU,EAAE,CAAC;IACxB,KAAK,MAAM,UAAU,IAAI,OAAO,EAAE,CAAC;QACjC,MAAM,cAAc,GAAG,UAAU,GAAG,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,GAAG,cAAc,CAAC,CAAC;QACxD,KAAK,IAAI,cAAc,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,EAAW,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAVD,4BAUC","sourcesContent":["import type { Caveat } from '@metamask/delegation-core';\nimport { getChecksumAddress } from '@metamask/utils';\nimport type { Hex } from '@metamask/utils';\n\nimport type { DeployedContractsByName, PermissionType } from './types';\n\n/**\n * A rule that defines the required and allowed enforcers for a permission type.\n */\nexport type PermissionRule = {\n permissionType: PermissionType;\n requiredEnforcers: Map<Hex, number>;\n optionalEnforcers: Set<Hex>;\n};\n\n/**\n * The names of the enforcer contracts for each permission type.\n */\nconst ENFORCER_CONTRACT_NAMES = {\n ERC20PeriodTransferEnforcer: 'ERC20PeriodTransferEnforcer',\n ERC20StreamingEnforcer: 'ERC20StreamingEnforcer',\n ExactCalldataEnforcer: 'ExactCalldataEnforcer',\n NativeTokenPeriodTransferEnforcer: 'NativeTokenPeriodTransferEnforcer',\n NativeTokenStreamingEnforcer: 'NativeTokenStreamingEnforcer',\n TimestampEnforcer: 'TimestampEnforcer',\n ValueLteEnforcer: 'ValueLteEnforcer',\n NonceEnforcer: 'NonceEnforcer',\n AllowedCalldataEnforcer: 'AllowedCalldataEnforcer',\n};\n\n/**\n * Resolves and returns checksummed addresses of all known enforcer contracts\n * for a given `chainId` under the current delegation framework version.\n *\n * @param contracts - The deployed contracts for the chain.\n * @returns An object mapping enforcer names to checksummed contract addresses.\n * @throws If the chain or an expected enforcer contract is not found.\n */\nexport const getChecksumEnforcersByChainId = (\n contracts: DeployedContractsByName,\n) => {\n const getChecksumContractAddress = (contractName: string) => {\n const address = contracts[contractName];\n\n if (!address) {\n throw new Error(`Contract not found: ${contractName}`);\n }\n\n return getChecksumAddress(address);\n };\n\n // permission type specific enforcers\n const erc20StreamingEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.ERC20StreamingEnforcer,\n );\n const erc20PeriodicEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.ERC20PeriodTransferEnforcer,\n );\n const nativeTokenStreamingEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.NativeTokenStreamingEnforcer,\n );\n const nativeTokenPeriodicEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.NativeTokenPeriodTransferEnforcer,\n );\n\n // general enforcers\n const exactCalldataEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.ExactCalldataEnforcer,\n );\n const valueLteEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.ValueLteEnforcer,\n );\n const timestampEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.TimestampEnforcer,\n );\n const nonceEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.NonceEnforcer,\n );\n\n const allowedCalldataEnforcer = getChecksumContractAddress(\n ENFORCER_CONTRACT_NAMES.AllowedCalldataEnforcer,\n );\n\n return {\n erc20StreamingEnforcer,\n erc20PeriodicEnforcer,\n nativeTokenStreamingEnforcer,\n nativeTokenPeriodicEnforcer,\n exactCalldataEnforcer,\n valueLteEnforcer,\n timestampEnforcer,\n nonceEnforcer,\n allowedCalldataEnforcer,\n };\n};\n\n/**\n * Builds the canonical set of permission matching rules for a chain.\n *\n * Each rule specifies the `permissionType`, the set of `requiredEnforcers`\n * that must be present, and the set of `optionalEnforcers` that may appear in\n * addition to the required set.\n *\n * @param contracts - The deployed contracts for the chain.\n * @returns A list of permission rules used to identify permission types.\n * @throws Propagates any errors from resolving enforcer addresses.\n */\nexport const createPermissionRulesForChainId: (\n contracts: DeployedContractsByName,\n) => PermissionRule[] = (contracts: DeployedContractsByName) => {\n const {\n erc20StreamingEnforcer,\n erc20PeriodicEnforcer,\n nativeTokenStreamingEnforcer,\n nativeTokenPeriodicEnforcer,\n exactCalldataEnforcer,\n valueLteEnforcer,\n timestampEnforcer,\n nonceEnforcer,\n allowedCalldataEnforcer,\n } = getChecksumEnforcersByChainId(contracts);\n\n // the optional enforcers are the same for all permission types\n const optionalEnforcers = new Set<Hex>([timestampEnforcer]);\n\n const permissionRules: PermissionRule[] = [\n {\n requiredEnforcers: new Map<Hex, number>([\n [nativeTokenStreamingEnforcer, 1],\n [exactCalldataEnforcer, 1],\n [nonceEnforcer, 1],\n ]),\n optionalEnforcers,\n permissionType: 'native-token-stream',\n },\n {\n requiredEnforcers: new Map<Hex, number>([\n [nativeTokenPeriodicEnforcer, 1],\n [exactCalldataEnforcer, 1],\n [nonceEnforcer, 1],\n ]),\n optionalEnforcers,\n permissionType: 'native-token-periodic',\n },\n {\n requiredEnforcers: new Map<Hex, number>([\n [erc20StreamingEnforcer, 1],\n [valueLteEnforcer, 1],\n [nonceEnforcer, 1],\n ]),\n optionalEnforcers,\n permissionType: 'erc20-token-stream',\n },\n {\n requiredEnforcers: new Map<Hex, number>([\n [erc20PeriodicEnforcer, 1],\n [valueLteEnforcer, 1],\n [nonceEnforcer, 1],\n ]),\n optionalEnforcers,\n permissionType: 'erc20-token-periodic',\n },\n {\n requiredEnforcers: new Map<Hex, number>([\n [allowedCalldataEnforcer, 2],\n [valueLteEnforcer, 1],\n [nonceEnforcer, 1],\n ]),\n optionalEnforcers,\n permissionType: 'erc20-token-revocation',\n },\n ];\n\n return permissionRules;\n};\n\n/**\n * Determines whether all elements of `subset` are contained within `superset`.\n *\n * @param subset - The candidate subset to test.\n * @param superset - The set expected to contain all elements of `subset`.\n * @returns `true` if `subset` ⊆ `superset`, otherwise `false`.\n */\nexport const isSubset = <T>(subset: Set<T>, superset: Set<T>): boolean => {\n for (const x of subset) {\n if (!superset.has(x)) {\n return false;\n }\n }\n return true;\n};\n\n/**\n * Gets the terms for a given enforcer from a list of caveats.\n *\n * @param args - The arguments to this function.\n * @param args.throwIfNotFound - Whether to throw an error if no matching enforcer is found. Default is true.\n * @param args.caveats - The list of caveats to search.\n * @param args.enforcer - The enforcer to search for.\n * @returns The terms for the given enforcer.\n */\nexport function getTermsByEnforcer<TThrowIfNotFound extends boolean = true>({\n caveats,\n enforcer,\n throwIfNotFound,\n}: {\n caveats: Caveat<Hex>[];\n enforcer: Hex;\n throwIfNotFound?: TThrowIfNotFound;\n}): TThrowIfNotFound extends true ? Hex : Hex | null {\n const matchingCaveats = caveats.filter(\n (caveat) => caveat.enforcer === enforcer,\n );\n\n if (matchingCaveats.length === 0) {\n if (throwIfNotFound ?? true) {\n throw new Error('Invalid caveats');\n }\n return null as TThrowIfNotFound extends true ? Hex : Hex | null;\n }\n\n if (matchingCaveats.length > 1) {\n throw new Error('Invalid caveats');\n }\n\n return matchingCaveats[0].terms;\n}\n\n/**\n * Splits a 0x-prefixed hex string into parts according to the provided byte lengths.\n *\n * Each entry in `lengths` represents a part length in bytes; internally this is\n * multiplied by 2 to derive the number of hexadecimal characters to slice. The\n * returned substrings do not include the `0x` prefix and preserve leading zeros.\n *\n * Note: This function does not perform input validation (e.g., verifying the\n * payload length equals the sum of requested lengths). Callers are expected to\n * provide well-formed inputs.\n *\n * Example:\n * splitHex('0x12345678', [1, 3]) => ['0x12', '0x345678']\n *\n * @param value - The 0x-prefixed hex string to split.\n * @param lengths - The lengths of each part, in bytes.\n * @returns An array of hex substrings (each with `0x` prefix), one for each part.\n */\nexport function splitHex(value: Hex, lengths: number[]): Hex[] {\n let start = 2;\n const parts: Hex[] = [];\n for (const partLength of lengths) {\n const partCharLength = partLength * 2;\n const part = value.slice(start, start + partCharLength);\n start += partCharLength;\n parts.push(`0x${part}` as const);\n }\n return parts;\n}\n"]}
package/dist/decodePermission/utils.d.cts CHANGED
@@ -1,13 +1,13 @@
1
1
  import type { Caveat } from "@metamask/delegation-core";
2
- import { type Hex } from "@metamask/utils";
2
+ import type { Hex } from "@metamask/utils";
3
3
  import type { DeployedContractsByName, PermissionType } from "./types.cjs";
4
4
  /**
5
5
  * A rule that defines the required and allowed enforcers for a permission type.
6
6
  */
7
7
  export type PermissionRule = {
8
8
  permissionType: PermissionType;
9
- requiredEnforcers: Set<Hex>;
10
- allowedEnforcers: Set<Hex>;
9
+ requiredEnforcers: Map<Hex, number>;
10
+ optionalEnforcers: Set<Hex>;
11
11
  };
12
12
  /**
13
13
  * Resolves and returns checksummed addresses of all known enforcer contracts
@@ -26,12 +26,13 @@ export declare const getChecksumEnforcersByChainId: (contracts: DeployedContract
26
26
  valueLteEnforcer: `0x${string}`;
27
27
  timestampEnforcer: `0x${string}`;
28
28
  nonceEnforcer: `0x${string}`;
29
+ allowedCalldataEnforcer: `0x${string}`;
29
30
  };
30
31
  /**
31
32
  * Builds the canonical set of permission matching rules for a chain.
32
33
  *
33
34
  * Each rule specifies the `permissionType`, the set of `requiredEnforcers`
34
- * that must be present, and the set of `allowedEnforcers` that may appear in
35
+ * that must be present, and the set of `optionalEnforcers` that may appear in
35
36
  * addition to the required set.
36
37
  *
37
38
  * @param contracts - The deployed contracts for the chain.
package/dist/decodePermission/utils.d.cts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"utils.d.cts","sourceRoot":"","sources":["../../src/decodePermission/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,kCAAkC;AACxD,OAAO,EAAsB,KAAK,GAAG,EAAE,wBAAwB;AAE/D,OAAO,KAAK,EAAE,uBAAuB,EAAE,cAAc,EAAE,oBAAgB;AAEvE;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,cAAc,EAAE,cAAc,CAAC;IAC/B,iBAAiB,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5B,gBAAgB,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;CAC5B,CAAC;AAgBF;;;;;;;GAOG;AACH,eAAO,MAAM,6BAA6B,cAC7B,uBAAuB;;;;;;;;;CAkDnC,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,+BAA+B,EAAE,CAC5C,SAAS,EAAE,uBAAuB,KAC/B,cAAc,EAuDlB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,QAAQ,2CAA0C,OAO9D,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,gBAAgB,SAAS,OAAO,GAAG,IAAI,EAAE,EAC1E,OAAO,EACP,QAAQ,EACR,eAAe,GAChB,EAAE;IACD,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;IACvB,QAAQ,EAAE,GAAG,CAAC;IACd,eAAe,CAAC,EAAE,gBAAgB,CAAC;CACpC,GAAG,gBAAgB,SAAS,IAAI,GAAG,GAAG,GAAG,GAAG,GAAG,IAAI,CAiBnD;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,GAAG,EAAE,CAU7D"}
1
+ {"version":3,"file":"utils.d.cts","sourceRoot":"","sources":["../../src/decodePermission/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,kCAAkC;AAExD,OAAO,KAAK,EAAE,GAAG,EAAE,wBAAwB;AAE3C,OAAO,KAAK,EAAE,uBAAuB,EAAE,cAAc,EAAE,oBAAgB;AAEvE;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,cAAc,EAAE,cAAc,CAAC;IAC/B,iBAAiB,EAAE,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACpC,iBAAiB,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;CAC7B,CAAC;AAiBF;;;;;;;GAOG;AACH,eAAO,MAAM,6BAA6B,cAC7B,uBAAuB;;;;;;;;;;CAuDnC,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,+BAA+B,EAAE,CAC5C,SAAS,EAAE,uBAAuB,KAC/B,cAAc,EAiElB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,QAAQ,2CAA0C,OAO9D,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,gBAAgB,SAAS,OAAO,GAAG,IAAI,EAAE,EAC1E,OAAO,EACP,QAAQ,EACR,eAAe,GAChB,EAAE;IACD,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;IACvB,QAAQ,EAAE,GAAG,CAAC;IACd,eAAe,CAAC,EAAE,gBAAgB,CAAC;CACpC,GAAG,gBAAgB,SAAS,IAAI,GAAG,GAAG,GAAG,GAAG,GAAG,IAAI,CAiBnD;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,GAAG,EAAE,CAU7D"}
package/dist/decodePermission/utils.d.mts CHANGED
@@ -1,13 +1,13 @@
1
1
  import type { Caveat } from "@metamask/delegation-core";
2
- import { type Hex } from "@metamask/utils";
2
+ import type { Hex } from "@metamask/utils";
3
3
  import type { DeployedContractsByName, PermissionType } from "./types.mjs";
4
4
  /**
5
5
  * A rule that defines the required and allowed enforcers for a permission type.
6
6
  */
7
7
  export type PermissionRule = {
8
8
  permissionType: PermissionType;
9
- requiredEnforcers: Set<Hex>;
10
- allowedEnforcers: Set<Hex>;
9
+ requiredEnforcers: Map<Hex, number>;
10
+ optionalEnforcers: Set<Hex>;
11
11
  };
12
12
  /**
13
13
  * Resolves and returns checksummed addresses of all known enforcer contracts
@@ -26,12 +26,13 @@ export declare const getChecksumEnforcersByChainId: (contracts: DeployedContract
26
26
  valueLteEnforcer: `0x${string}`;
27
27
  timestampEnforcer: `0x${string}`;
28
28
  nonceEnforcer: `0x${string}`;
29
+ allowedCalldataEnforcer: `0x${string}`;
29
30
  };
30
31
  /**
31
32
  * Builds the canonical set of permission matching rules for a chain.
32
33
  *
33
34
  * Each rule specifies the `permissionType`, the set of `requiredEnforcers`
34
- * that must be present, and the set of `allowedEnforcers` that may appear in
35
+ * that must be present, and the set of `optionalEnforcers` that may appear in
35
36
  * addition to the required set.
36
37
  *
37
38
  * @param contracts - The deployed contracts for the chain.
package/dist/decodePermission/utils.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"utils.d.mts","sourceRoot":"","sources":["../../src/decodePermission/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,kCAAkC;AACxD,OAAO,EAAsB,KAAK,GAAG,EAAE,wBAAwB;AAE/D,OAAO,KAAK,EAAE,uBAAuB,EAAE,cAAc,EAAE,oBAAgB;AAEvE;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,cAAc,EAAE,cAAc,CAAC;IAC/B,iBAAiB,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5B,gBAAgB,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;CAC5B,CAAC;AAgBF;;;;;;;GAOG;AACH,eAAO,MAAM,6BAA6B,cAC7B,uBAAuB;;;;;;;;;CAkDnC,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,+BAA+B,EAAE,CAC5C,SAAS,EAAE,uBAAuB,KAC/B,cAAc,EAuDlB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,QAAQ,2CAA0C,OAO9D,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,gBAAgB,SAAS,OAAO,GAAG,IAAI,EAAE,EAC1E,OAAO,EACP,QAAQ,EACR,eAAe,GAChB,EAAE;IACD,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;IACvB,QAAQ,EAAE,GAAG,CAAC;IACd,eAAe,CAAC,EAAE,gBAAgB,CAAC;CACpC,GAAG,gBAAgB,SAAS,IAAI,GAAG,GAAG,GAAG,GAAG,GAAG,IAAI,CAiBnD;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,GAAG,EAAE,CAU7D"}
1
+ {"version":3,"file":"utils.d.mts","sourceRoot":"","sources":["../../src/decodePermission/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,kCAAkC;AAExD,OAAO,KAAK,EAAE,GAAG,EAAE,wBAAwB;AAE3C,OAAO,KAAK,EAAE,uBAAuB,EAAE,cAAc,EAAE,oBAAgB;AAEvE;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,cAAc,EAAE,cAAc,CAAC;IAC/B,iBAAiB,EAAE,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACpC,iBAAiB,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;CAC7B,CAAC;AAiBF;;;;;;;GAOG;AACH,eAAO,MAAM,6BAA6B,cAC7B,uBAAuB;;;;;;;;;;CAuDnC,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,+BAA+B,EAAE,CAC5C,SAAS,EAAE,uBAAuB,KAC/B,cAAc,EAiElB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,QAAQ,2CAA0C,OAO9D,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,gBAAgB,SAAS,OAAO,GAAG,IAAI,EAAE,EAC1E,OAAO,EACP,QAAQ,EACR,eAAe,GAChB,EAAE;IACD,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;IACvB,QAAQ,EAAE,GAAG,CAAC;IACd,eAAe,CAAC,EAAE,gBAAgB,CAAC;CACpC,GAAG,gBAAgB,SAAS,IAAI,GAAG,GAAG,GAAG,GAAG,GAAG,IAAI,CAiBnD;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,GAAG,EAAE,CAU7D"}