@metamask-previews/gator-permissions-controller 4.1.2-preview-9fb8d00e7 → 4.1.2-preview-784cc181c

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (208) hide show
  1. package/dist/GatorPermissionsController.cjs +7 -7
  2. package/dist/GatorPermissionsController.cjs.map +1 -1
  3. package/dist/GatorPermissionsController.d.cts.map +1 -1
  4. package/dist/GatorPermissionsController.d.mts.map +1 -1
  5. package/dist/GatorPermissionsController.mjs +8 -8
  6. package/dist/GatorPermissionsController.mjs.map +1 -1
  7. package/dist/constants.cjs +1 -8
  8. package/dist/constants.cjs.map +1 -1
  9. package/dist/constants.d.cts +0 -7
  10. package/dist/constants.d.cts.map +1 -1
  11. package/dist/constants.d.mts +0 -7
  12. package/dist/constants.d.mts.map +1 -1
  13. package/dist/constants.mjs +0 -7
  14. package/dist/constants.mjs.map +1 -1
  15. package/dist/decodePermission/decodePermission.cjs +61 -23
  16. package/dist/decodePermission/decodePermission.cjs.map +1 -1
  17. package/dist/decodePermission/decodePermission.d.cts +48 -20
  18. package/dist/decodePermission/decodePermission.d.cts.map +1 -1
  19. package/dist/decodePermission/decodePermission.d.mts +48 -20
  20. package/dist/decodePermission/decodePermission.d.mts.map +1 -1
  21. package/dist/decodePermission/decodePermission.mjs +57 -20
  22. package/dist/decodePermission/decodePermission.mjs.map +1 -1
  23. package/dist/decodePermission/index.cjs +6 -5
  24. package/dist/decodePermission/index.cjs.map +1 -1
  25. package/dist/decodePermission/index.d.cts +3 -3
  26. package/dist/decodePermission/index.d.cts.map +1 -1
  27. package/dist/decodePermission/index.d.mts +3 -3
  28. package/dist/decodePermission/index.d.mts.map +1 -1
  29. package/dist/decodePermission/index.mjs +2 -2
  30. package/dist/decodePermission/index.mjs.map +1 -1
  31. package/dist/decodePermission/{decoders → rules}/erc20TokenAllowance.cjs +29 -21
  32. package/dist/decodePermission/rules/erc20TokenAllowance.cjs.map +1 -0
  33. package/dist/decodePermission/rules/erc20TokenAllowance.d.cts +13 -0
  34. package/dist/decodePermission/rules/erc20TokenAllowance.d.cts.map +1 -0
  35. package/dist/decodePermission/rules/erc20TokenAllowance.d.mts +13 -0
  36. package/dist/decodePermission/rules/erc20TokenAllowance.d.mts.map +1 -0
  37. package/dist/decodePermission/{decoders → rules}/erc20TokenAllowance.mjs +27 -19
  38. package/dist/decodePermission/rules/erc20TokenAllowance.mjs.map +1 -0
  39. package/dist/decodePermission/{decoders → rules}/erc20TokenPeriodic.cjs +29 -21
  40. package/dist/decodePermission/rules/erc20TokenPeriodic.cjs.map +1 -0
  41. package/dist/decodePermission/rules/erc20TokenPeriodic.d.cts +9 -0
  42. package/dist/decodePermission/rules/erc20TokenPeriodic.d.cts.map +1 -0
  43. package/dist/decodePermission/rules/erc20TokenPeriodic.d.mts +9 -0
  44. package/dist/decodePermission/rules/erc20TokenPeriodic.d.mts.map +1 -0
  45. package/dist/decodePermission/{decoders → rules}/erc20TokenPeriodic.mjs +27 -19
  46. package/dist/decodePermission/rules/erc20TokenPeriodic.mjs.map +1 -0
  47. package/dist/decodePermission/rules/erc20TokenRevocation.cjs +63 -0
  48. package/dist/decodePermission/rules/erc20TokenRevocation.cjs.map +1 -0
  49. package/dist/decodePermission/rules/erc20TokenRevocation.d.cts +9 -0
  50. package/dist/decodePermission/rules/erc20TokenRevocation.d.cts.map +1 -0
  51. package/dist/decodePermission/rules/erc20TokenRevocation.d.mts +9 -0
  52. package/dist/decodePermission/rules/erc20TokenRevocation.d.mts.map +1 -0
  53. package/dist/decodePermission/{decoders → rules}/erc20TokenRevocation.mjs +25 -24
  54. package/dist/decodePermission/rules/erc20TokenRevocation.mjs.map +1 -0
  55. package/dist/decodePermission/{decoders → rules}/erc20TokenStream.cjs +29 -21
  56. package/dist/decodePermission/rules/erc20TokenStream.cjs.map +1 -0
  57. package/dist/decodePermission/rules/erc20TokenStream.d.cts +9 -0
  58. package/dist/decodePermission/rules/erc20TokenStream.d.cts.map +1 -0
  59. package/dist/decodePermission/rules/erc20TokenStream.d.mts +9 -0
  60. package/dist/decodePermission/rules/erc20TokenStream.d.mts.map +1 -0
  61. package/dist/decodePermission/{decoders → rules}/erc20TokenStream.mjs +27 -19
  62. package/dist/decodePermission/rules/erc20TokenStream.mjs.map +1 -0
  63. package/dist/decodePermission/rules/index.cjs +36 -0
  64. package/dist/decodePermission/rules/index.cjs.map +1 -0
  65. package/dist/decodePermission/rules/index.d.cts +14 -0
  66. package/dist/decodePermission/rules/index.d.cts.map +1 -0
  67. package/dist/decodePermission/rules/index.d.mts +14 -0
  68. package/dist/decodePermission/rules/index.d.mts.map +1 -0
  69. package/dist/decodePermission/rules/index.mjs +32 -0
  70. package/dist/decodePermission/rules/index.mjs.map +1 -0
  71. package/dist/decodePermission/rules/makePermissionRule.cjs +152 -0
  72. package/dist/decodePermission/rules/makePermissionRule.cjs.map +1 -0
  73. package/dist/decodePermission/rules/makePermissionRule.d.cts +32 -0
  74. package/dist/decodePermission/rules/makePermissionRule.d.cts.map +1 -0
  75. package/dist/decodePermission/rules/makePermissionRule.d.mts +32 -0
  76. package/dist/decodePermission/rules/makePermissionRule.d.mts.map +1 -0
  77. package/dist/decodePermission/rules/makePermissionRule.mjs +148 -0
  78. package/dist/decodePermission/rules/makePermissionRule.mjs.map +1 -0
  79. package/dist/decodePermission/{decoders → rules}/nativeTokenAllowance.cjs +29 -21
  80. package/dist/decodePermission/rules/nativeTokenAllowance.cjs.map +1 -0
  81. package/dist/decodePermission/rules/nativeTokenAllowance.d.cts +13 -0
  82. package/dist/decodePermission/rules/nativeTokenAllowance.d.cts.map +1 -0
  83. package/dist/decodePermission/rules/nativeTokenAllowance.d.mts +13 -0
  84. package/dist/decodePermission/rules/nativeTokenAllowance.d.mts.map +1 -0
  85. package/dist/decodePermission/{decoders → rules}/nativeTokenAllowance.mjs +27 -19
  86. package/dist/decodePermission/rules/nativeTokenAllowance.mjs.map +1 -0
  87. package/dist/decodePermission/{decoders → rules}/nativeTokenPeriodic.cjs +29 -21
  88. package/dist/decodePermission/rules/nativeTokenPeriodic.cjs.map +1 -0
  89. package/dist/decodePermission/rules/nativeTokenPeriodic.d.cts +9 -0
  90. package/dist/decodePermission/rules/nativeTokenPeriodic.d.cts.map +1 -0
  91. package/dist/decodePermission/rules/nativeTokenPeriodic.d.mts +9 -0
  92. package/dist/decodePermission/rules/nativeTokenPeriodic.d.mts.map +1 -0
  93. package/dist/decodePermission/{decoders → rules}/nativeTokenPeriodic.mjs +27 -19
  94. package/dist/decodePermission/rules/nativeTokenPeriodic.mjs.map +1 -0
  95. package/dist/decodePermission/{decoders → rules}/nativeTokenStream.cjs +29 -21
  96. package/dist/decodePermission/rules/nativeTokenStream.cjs.map +1 -0
  97. package/dist/decodePermission/rules/nativeTokenStream.d.cts +9 -0
  98. package/dist/decodePermission/rules/nativeTokenStream.d.cts.map +1 -0
  99. package/dist/decodePermission/rules/nativeTokenStream.d.mts +9 -0
  100. package/dist/decodePermission/rules/nativeTokenStream.d.mts.map +1 -0
  101. package/dist/decodePermission/{decoders → rules}/nativeTokenStream.mjs +27 -19
  102. package/dist/decodePermission/rules/nativeTokenStream.mjs.map +1 -0
  103. package/dist/decodePermission/types.cjs.map +1 -1
  104. package/dist/decodePermission/types.d.cts +5 -22
  105. package/dist/decodePermission/types.d.cts.map +1 -1
  106. package/dist/decodePermission/types.d.mts +5 -22
  107. package/dist/decodePermission/types.d.mts.map +1 -1
  108. package/dist/decodePermission/types.mjs.map +1 -1
  109. package/dist/index.cjs +1 -2
  110. package/dist/index.cjs.map +1 -1
  111. package/dist/index.d.cts +1 -1
  112. package/dist/index.d.cts.map +1 -1
  113. package/dist/index.d.mts +1 -1
  114. package/dist/index.d.mts.map +1 -1
  115. package/dist/index.mjs +1 -1
  116. package/dist/index.mjs.map +1 -1
  117. package/package.json +1 -1
  118. package/dist/decodePermission/decoders/erc20PayeeRule.cjs +0 -56
  119. package/dist/decodePermission/decoders/erc20PayeeRule.cjs.map +0 -1
  120. package/dist/decodePermission/decoders/erc20PayeeRule.d.cts +0 -22
  121. package/dist/decodePermission/decoders/erc20PayeeRule.d.cts.map +0 -1
  122. package/dist/decodePermission/decoders/erc20PayeeRule.d.mts +0 -22
  123. package/dist/decodePermission/decoders/erc20PayeeRule.d.mts.map +0 -1
  124. package/dist/decodePermission/decoders/erc20PayeeRule.mjs +0 -52
  125. package/dist/decodePermission/decoders/erc20PayeeRule.mjs.map +0 -1
  126. package/dist/decodePermission/decoders/erc20TokenAllowance.cjs.map +0 -1
  127. package/dist/decodePermission/decoders/erc20TokenAllowance.d.cts +0 -14
  128. package/dist/decodePermission/decoders/erc20TokenAllowance.d.cts.map +0 -1
  129. package/dist/decodePermission/decoders/erc20TokenAllowance.d.mts +0 -14
  130. package/dist/decodePermission/decoders/erc20TokenAllowance.d.mts.map +0 -1
  131. package/dist/decodePermission/decoders/erc20TokenAllowance.mjs.map +0 -1
  132. package/dist/decodePermission/decoders/erc20TokenPeriodic.cjs.map +0 -1
  133. package/dist/decodePermission/decoders/erc20TokenPeriodic.d.cts +0 -10
  134. package/dist/decodePermission/decoders/erc20TokenPeriodic.d.cts.map +0 -1
  135. package/dist/decodePermission/decoders/erc20TokenPeriodic.d.mts +0 -10
  136. package/dist/decodePermission/decoders/erc20TokenPeriodic.d.mts.map +0 -1
  137. package/dist/decodePermission/decoders/erc20TokenPeriodic.mjs.map +0 -1
  138. package/dist/decodePermission/decoders/erc20TokenRevocation.cjs +0 -62
  139. package/dist/decodePermission/decoders/erc20TokenRevocation.cjs.map +0 -1
  140. package/dist/decodePermission/decoders/erc20TokenRevocation.d.cts +0 -15
  141. package/dist/decodePermission/decoders/erc20TokenRevocation.d.cts.map +0 -1
  142. package/dist/decodePermission/decoders/erc20TokenRevocation.d.mts +0 -15
  143. package/dist/decodePermission/decoders/erc20TokenRevocation.d.mts.map +0 -1
  144. package/dist/decodePermission/decoders/erc20TokenRevocation.mjs.map +0 -1
  145. package/dist/decodePermission/decoders/erc20TokenStream.cjs.map +0 -1
  146. package/dist/decodePermission/decoders/erc20TokenStream.d.cts +0 -10
  147. package/dist/decodePermission/decoders/erc20TokenStream.d.cts.map +0 -1
  148. package/dist/decodePermission/decoders/erc20TokenStream.d.mts +0 -10
  149. package/dist/decodePermission/decoders/erc20TokenStream.d.mts.map +0 -1
  150. package/dist/decodePermission/decoders/erc20TokenStream.mjs.map +0 -1
  151. package/dist/decodePermission/decoders/expiryRule.cjs +0 -35
  152. package/dist/decodePermission/decoders/expiryRule.cjs.map +0 -1
  153. package/dist/decodePermission/decoders/expiryRule.d.cts +0 -16
  154. package/dist/decodePermission/decoders/expiryRule.d.cts.map +0 -1
  155. package/dist/decodePermission/decoders/expiryRule.d.mts +0 -16
  156. package/dist/decodePermission/decoders/expiryRule.d.mts.map +0 -1
  157. package/dist/decodePermission/decoders/expiryRule.mjs +0 -31
  158. package/dist/decodePermission/decoders/expiryRule.mjs.map +0 -1
  159. package/dist/decodePermission/decoders/index.cjs +0 -37
  160. package/dist/decodePermission/decoders/index.cjs.map +0 -1
  161. package/dist/decodePermission/decoders/index.d.cts +0 -14
  162. package/dist/decodePermission/decoders/index.d.cts.map +0 -1
  163. package/dist/decodePermission/decoders/index.d.mts +0 -14
  164. package/dist/decodePermission/decoders/index.d.mts.map +0 -1
  165. package/dist/decodePermission/decoders/index.mjs +0 -33
  166. package/dist/decodePermission/decoders/index.mjs.map +0 -1
  167. package/dist/decodePermission/decoders/makePermissionDecoder.cjs +0 -79
  168. package/dist/decodePermission/decoders/makePermissionDecoder.cjs.map +0 -1
  169. package/dist/decodePermission/decoders/makePermissionDecoder.d.cts +0 -34
  170. package/dist/decodePermission/decoders/makePermissionDecoder.d.cts.map +0 -1
  171. package/dist/decodePermission/decoders/makePermissionDecoder.d.mts +0 -34
  172. package/dist/decodePermission/decoders/makePermissionDecoder.d.mts.map +0 -1
  173. package/dist/decodePermission/decoders/makePermissionDecoder.mjs +0 -75
  174. package/dist/decodePermission/decoders/makePermissionDecoder.mjs.map +0 -1
  175. package/dist/decodePermission/decoders/nativePayeeRule.cjs +0 -44
  176. package/dist/decodePermission/decoders/nativePayeeRule.cjs.map +0 -1
  177. package/dist/decodePermission/decoders/nativePayeeRule.d.cts +0 -20
  178. package/dist/decodePermission/decoders/nativePayeeRule.d.cts.map +0 -1
  179. package/dist/decodePermission/decoders/nativePayeeRule.d.mts +0 -20
  180. package/dist/decodePermission/decoders/nativePayeeRule.d.mts.map +0 -1
  181. package/dist/decodePermission/decoders/nativePayeeRule.mjs +0 -40
  182. package/dist/decodePermission/decoders/nativePayeeRule.mjs.map +0 -1
  183. package/dist/decodePermission/decoders/nativeTokenAllowance.cjs.map +0 -1
  184. package/dist/decodePermission/decoders/nativeTokenAllowance.d.cts +0 -14
  185. package/dist/decodePermission/decoders/nativeTokenAllowance.d.cts.map +0 -1
  186. package/dist/decodePermission/decoders/nativeTokenAllowance.d.mts +0 -14
  187. package/dist/decodePermission/decoders/nativeTokenAllowance.d.mts.map +0 -1
  188. package/dist/decodePermission/decoders/nativeTokenAllowance.mjs.map +0 -1
  189. package/dist/decodePermission/decoders/nativeTokenPeriodic.cjs.map +0 -1
  190. package/dist/decodePermission/decoders/nativeTokenPeriodic.d.cts +0 -10
  191. package/dist/decodePermission/decoders/nativeTokenPeriodic.d.cts.map +0 -1
  192. package/dist/decodePermission/decoders/nativeTokenPeriodic.d.mts +0 -10
  193. package/dist/decodePermission/decoders/nativeTokenPeriodic.d.mts.map +0 -1
  194. package/dist/decodePermission/decoders/nativeTokenPeriodic.mjs.map +0 -1
  195. package/dist/decodePermission/decoders/nativeTokenStream.cjs.map +0 -1
  196. package/dist/decodePermission/decoders/nativeTokenStream.d.cts +0 -10
  197. package/dist/decodePermission/decoders/nativeTokenStream.d.cts.map +0 -1
  198. package/dist/decodePermission/decoders/nativeTokenStream.d.mts +0 -10
  199. package/dist/decodePermission/decoders/nativeTokenStream.d.mts.map +0 -1
  200. package/dist/decodePermission/decoders/nativeTokenStream.mjs.map +0 -1
  201. package/dist/decodePermission/decoders/redeemerRule.cjs +0 -36
  202. package/dist/decodePermission/decoders/redeemerRule.cjs.map +0 -1
  203. package/dist/decodePermission/decoders/redeemerRule.d.cts +0 -13
  204. package/dist/decodePermission/decoders/redeemerRule.d.cts.map +0 -1
  205. package/dist/decodePermission/decoders/redeemerRule.d.mts +0 -13
  206. package/dist/decodePermission/decoders/redeemerRule.d.mts.map +0 -1
  207. package/dist/decodePermission/decoders/redeemerRule.mjs +0 -32
  208. package/dist/decodePermission/decoders/redeemerRule.mjs.map +0 -1
@@ -16,11 +16,4 @@ export declare const EXECUTION_PERMISSION_REDEEMER_RULE_TYPE: "redeemer";
16
16
  * payee restrictions.
17
17
  */
18
18
  export declare const EXECUTION_PERMISSION_PAYEE_RULE_TYPE: "payee";
19
- /**
20
- * `Rule.type` / `wallet_getSupportedExecutionPermissions` `ruleTypes` entry for
21
- * permission expiry derived from a TimestampEnforcer caveat. The decoded
22
- * permission additionally hoists the expiry value onto its top-level `expiry`
23
- * field for convenience.
24
- */
25
- export declare const EXECUTION_PERMISSION_EXPIRY_RULE_TYPE: "expiry";
26
19
  //# sourceMappingURL=constants.d.cts.map
@@ -1 +1 @@
1
- {"version":3,"file":"constants.d.cts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,eAAO,MAAM,4BAA4B,UAAU,CAAC;AAEpD;;;;GAIG;AACH,eAAO,MAAM,uCAAuC,YAAsB,CAAC;AAE3E;;;;;GAKG;AACH,eAAO,MAAM,oCAAoC,SAAmB,CAAC;AAErE;;;;;GAKG;AACH,eAAO,MAAM,qCAAqC,UAAoB,CAAC"}
1
+ {"version":3,"file":"constants.d.cts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,eAAO,MAAM,4BAA4B,UAAU,CAAC;AAEpD;;;;GAIG;AACH,eAAO,MAAM,uCAAuC,YAAsB,CAAC;AAE3E;;;;;GAKG;AACH,eAAO,MAAM,oCAAoC,SAAmB,CAAC"}
@@ -16,11 +16,4 @@ export declare const EXECUTION_PERMISSION_REDEEMER_RULE_TYPE: "redeemer";
16
16
  * payee restrictions.
17
17
  */
18
18
  export declare const EXECUTION_PERMISSION_PAYEE_RULE_TYPE: "payee";
19
- /**
20
- * `Rule.type` / `wallet_getSupportedExecutionPermissions` `ruleTypes` entry for
21
- * permission expiry derived from a TimestampEnforcer caveat. The decoded
22
- * permission additionally hoists the expiry value onto its top-level `expiry`
23
- * field for convenience.
24
- */
25
- export declare const EXECUTION_PERMISSION_EXPIRY_RULE_TYPE: "expiry";
26
19
  //# sourceMappingURL=constants.d.mts.map
@@ -1 +1 @@
1
- {"version":3,"file":"constants.d.mts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,eAAO,MAAM,4BAA4B,UAAU,CAAC;AAEpD;;;;GAIG;AACH,eAAO,MAAM,uCAAuC,YAAsB,CAAC;AAE3E;;;;;GAKG;AACH,eAAO,MAAM,oCAAoC,SAAmB,CAAC;AAErE;;;;;GAKG;AACH,eAAO,MAAM,qCAAqC,UAAoB,CAAC"}
1
+ {"version":3,"file":"constants.d.mts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,eAAO,MAAM,4BAA4B,UAAU,CAAC;AAEpD;;;;GAIG;AACH,eAAO,MAAM,uCAAuC,YAAsB,CAAC;AAE3E;;;;;GAKG;AACH,eAAO,MAAM,oCAAoC,SAAmB,CAAC"}
@@ -16,11 +16,4 @@ export const EXECUTION_PERMISSION_REDEEMER_RULE_TYPE = 'redeemer';
16
16
  * payee restrictions.
17
17
  */
18
18
  export const EXECUTION_PERMISSION_PAYEE_RULE_TYPE = 'payee';
19
- /**
20
- * `Rule.type` / `wallet_getSupportedExecutionPermissions` `ruleTypes` entry for
21
- * permission expiry derived from a TimestampEnforcer caveat. The decoded
22
- * permission additionally hoists the expiry value onto its top-level `expiry`
23
- * field for convenience.
24
- */
25
- export const EXECUTION_PERMISSION_EXPIRY_RULE_TYPE = 'expiry';
26
19
  //# sourceMappingURL=constants.mjs.map
@@ -1 +1 @@
1
- {"version":3,"file":"constants.mjs","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,OAAO,CAAC;AAEpD;;;;GAIG;AACH,MAAM,CAAC,MAAM,uCAAuC,GAAG,UAAmB,CAAC;AAE3E;;;;;GAKG;AACH,MAAM,CAAC,MAAM,oCAAoC,GAAG,OAAgB,CAAC;AAErE;;;;;GAKG;AACH,MAAM,CAAC,MAAM,qCAAqC,GAAG,QAAiB,CAAC","sourcesContent":["/**\n * Delegation framework version used to select the correct deployed enforcer\n * contract addresses from `@metamask/delegation-deployments`.\n */\nexport const DELEGATION_FRAMEWORK_VERSION = '1.3.0';\n\n/**\n * `Rule.type` / `wallet_getSupportedExecutionPermissions` `ruleTypes` entry for\n * redeemer allowlists (RedeemerEnforcer). Hosts should advertise this for every\n * supported execution permission type.\n */\nexport const EXECUTION_PERMISSION_REDEEMER_RULE_TYPE = 'redeemer' as const;\n\n/**\n * `Rule.type` / `wallet_getSupportedExecutionPermissions` `ruleTypes` entry for\n * payee allowlists (AllowedCalldataEnforcer / AllowedTargetsEnforcer). Hosts\n * should advertise this for every supported execution permission type that supports\n * payee restrictions.\n */\nexport const EXECUTION_PERMISSION_PAYEE_RULE_TYPE = 'payee' as const;\n\n/**\n * `Rule.type` / `wallet_getSupportedExecutionPermissions` `ruleTypes` entry for\n * permission expiry derived from a TimestampEnforcer caveat. The decoded\n * permission additionally hoists the expiry value onto its top-level `expiry`\n * field for convenience.\n */\nexport const EXECUTION_PERMISSION_EXPIRY_RULE_TYPE = 'expiry' as const;\n"]}
1
+ {"version":3,"file":"constants.mjs","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,OAAO,CAAC;AAEpD;;;;GAIG;AACH,MAAM,CAAC,MAAM,uCAAuC,GAAG,UAAmB,CAAC;AAE3E;;;;;GAKG;AACH,MAAM,CAAC,MAAM,oCAAoC,GAAG,OAAgB,CAAC","sourcesContent":["/**\n * Delegation framework version used to select the correct deployed enforcer\n * contract addresses from `@metamask/delegation-deployments`.\n */\nexport const DELEGATION_FRAMEWORK_VERSION = '1.3.0';\n\n/**\n * `Rule.type` / `wallet_getSupportedExecutionPermissions` `ruleTypes` entry for\n * redeemer allowlists (RedeemerEnforcer). Hosts should advertise this for every\n * supported execution permission type.\n */\nexport const EXECUTION_PERMISSION_REDEEMER_RULE_TYPE = 'redeemer' as const;\n\n/**\n * `Rule.type` / `wallet_getSupportedExecutionPermissions` `ruleTypes` entry for\n * payee allowlists (AllowedCalldataEnforcer / AllowedTargetsEnforcer). Hosts\n * should advertise this for every supported execution permission type that supports\n * payee restrictions.\n */\nexport const EXECUTION_PERMISSION_PAYEE_RULE_TYPE = 'payee' as const;\n"]}
@@ -1,44 +1,75 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.reconstructDecodedPermission = exports.selectUniqueDecoderAndDecodedPermission = exports.findDecodersWithMatchingCaveatAddresses = void 0;
3
+ exports.reconstructDecodedPermission = exports.selectUniqueRuleAndDecodedPermission = exports.findRuleWithMatchingCaveatAddresses = exports.findRulesWithMatchingCaveatAddresses = void 0;
4
4
  const delegation_core_1 = require("@metamask/delegation-core");
5
5
  const utils_1 = require("@metamask/utils");
6
6
  /**
7
- * Returns every permission decoder whose caveat-address pattern matches the
8
- * given enforcer list for the chain. Used when more than one permission type
9
- * can share the same enforcer set; the caller must disambiguate by validating
10
- * caveat terms (see {@link selectUniqueDecoderAndDecodedPermission}).
7
+ * Returns every permission rule whose caveat-address pattern matches the given
8
+ * enforcer list for the chain. Used when more than one permission type can
9
+ * share the same enforcer set; the caller must disambiguate by validating
10
+ * caveat terms (see {@link selectUniqueRuleAndDecodedPermission}).
11
11
  *
12
12
  * @param args - The arguments to this function.
13
13
  * @param args.enforcers - List of enforcer contract addresses (hex strings).
14
- * @param args.permissionDecoders - The permission decoders for the chain.
15
- * @returns All decoders that match, possibly empty.
14
+ * @param args.permissionRules - The permission rules for the chain.
15
+ * @returns All rules that match, possibly empty.
16
16
  */
17
- const findDecodersWithMatchingCaveatAddresses = ({ enforcers, permissionDecoders, }) => {
18
- return permissionDecoders.filter((decoder) => decoder.caveatAddressesMatch(enforcers));
17
+ const findRulesWithMatchingCaveatAddresses = ({ enforcers, permissionRules, }) => {
18
+ return permissionRules.filter((rule) => rule.caveatAddressesMatch(enforcers));
19
19
  };
20
- exports.findDecodersWithMatchingCaveatAddresses = findDecodersWithMatchingCaveatAddresses;
20
+ exports.findRulesWithMatchingCaveatAddresses = findRulesWithMatchingCaveatAddresses;
21
21
  /**
22
- * Runs {@link PermissionDecoder.validateAndDecodePermission} on each candidate
23
- * decoder. Use when several decoders share the same caveat addresses.
22
+ * Returns the unique permission rule that matches a given set of enforcer
23
+ * contract addresses (caveat types) for a specific chain.
24
+ *
25
+ * A rule matches when:
26
+ * - All of its required enforcers are present in the provided list; and
27
+ * - No provided enforcer falls outside the union of the rule's required and
28
+ * optional enforcers (currently only `TimestampEnforcer` is allowed extra).
29
+ *
30
+ * If exactly one rule matches, it is returned.
31
+ *
32
+ * @param args - The arguments to this function.
33
+ * @param args.enforcers - List of enforcer contract addresses (hex strings).
34
+ * @param args.permissionRules - The permission rules for the chain.
35
+ * @returns The matching permission rule.
36
+ * @throws If no rule matches, or if more than one rule matches.
37
+ */
38
+ const findRuleWithMatchingCaveatAddresses = ({ enforcers, permissionRules, }) => {
39
+ const matchingRules = (0, exports.findRulesWithMatchingCaveatAddresses)({
40
+ enforcers,
41
+ permissionRules,
42
+ });
43
+ if (matchingRules.length === 0) {
44
+ throw new Error('Unable to identify permission type');
45
+ }
46
+ if (matchingRules.length > 1) {
47
+ throw new Error('Multiple permission types match');
48
+ }
49
+ return matchingRules[0];
50
+ };
51
+ exports.findRuleWithMatchingCaveatAddresses = findRuleWithMatchingCaveatAddresses;
52
+ /**
53
+ * Runs {@link PermissionRule.validateAndDecodePermission} on each candidate
54
+ * rule. Use when several rules share the same caveat addresses.
24
55
  *
25
56
  * @param args - The arguments to this function.
26
- * @param args.candidateDecoders - Decoders whose addresses already match the caveats.
57
+ * @param args.candidateRules - Rules whose addresses already match the caveats.
27
58
  * @param args.caveats - Caveats from the delegation.
28
- * @returns The unique decoder and decoded expiry/data when exactly one decoder validates.
29
- * @throws If `candidateDecoders` is empty, if no decoder validates, or if more than one decoder validates.
59
+ * @returns The unique rule and decoded expiry/data when exactly one rule validates.
60
+ * @throws If `candidateRules` is empty, if no rule validates, or if more than one rule validates.
30
61
  */
31
- const selectUniqueDecoderAndDecodedPermission = ({ candidateDecoders, caveats, }) => {
32
- if (candidateDecoders.length === 0) {
62
+ const selectUniqueRuleAndDecodedPermission = ({ candidateRules, caveats, }) => {
63
+ if (candidateRules.length === 0) {
33
64
  throw new Error('Unable to identify permission type');
34
65
  }
35
66
  const successfulDecodingResult = [];
36
67
  const failedAttempts = [];
37
- for (const decoder of candidateDecoders) {
38
- const decodeResult = decoder.validateAndDecodePermission(caveats);
68
+ for (const rule of candidateRules) {
69
+ const decodeResult = rule.validateAndDecodePermission(caveats);
39
70
  if (decodeResult.isValid) {
40
71
  successfulDecodingResult.push({
41
- decoder,
72
+ rule,
42
73
  rules: decodeResult.rules,
43
74
  data: decodeResult.data,
44
75
  expiry: decodeResult.expiry,
@@ -46,7 +77,7 @@ const selectUniqueDecoderAndDecodedPermission = ({ candidateDecoders, caveats, }
46
77
  }
47
78
  else {
48
79
  failedAttempts.push({
49
- permissionType: decoder.permissionType,
80
+ permissionType: rule.permissionType,
50
81
  error: decodeResult.error,
51
82
  });
52
83
  }
@@ -56,7 +87,7 @@ const selectUniqueDecoderAndDecodedPermission = ({ candidateDecoders, caveats, }
56
87
  }
57
88
  if (successfulDecodingResult.length > 1) {
58
89
  const types = successfulDecodingResult
59
- .map((result) => result.decoder.permissionType)
90
+ .map((result) => result.rule.permissionType)
60
91
  .join(', ');
61
92
  throw new Error(`Multiple permission types validate the same delegation caveats: ${types}`);
62
93
  }
@@ -68,11 +99,18 @@ const selectUniqueDecoderAndDecodedPermission = ({ candidateDecoders, caveats, }
68
99
  .join('; ');
69
100
  throw new Error(`No permission type could validate the delegation caveats. Attempts: ${details}`);
70
101
  };
71
- exports.selectUniqueDecoderAndDecodedPermission = selectUniqueDecoderAndDecodedPermission;
102
+ exports.selectUniqueRuleAndDecodedPermission = selectUniqueRuleAndDecodedPermission;
72
103
  /**
73
104
  * Reconstructs a {@link DecodedPermission} object from primitive values
74
105
  * obtained while decoding a permission context.
75
106
  *
107
+ * The resulting object contains:
108
+ * - `chainId` encoded as hex (`0x…`)
109
+ * - `address` set to the delegator (user account)
110
+ * - `signer` set to an account signer with the delegate address
111
+ * - `permission` with the identified type and decoded data
112
+ * - `expiry` timestamp (or null)
113
+ *
76
114
  * @param args - The arguments to this function.
77
115
  * @param args.chainId - Chain ID.
78
116
  * @param args.permissionType - Identified permission type.
@@ -1 +1 @@
1
- {"version":3,"file":"decodePermission.cjs","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":";;;AACA,+DAA2D;AAC3D,2CAA8C;AAS9C;;;;;;;;;;GAUG;AACI,MAAM,uCAAuC,GAAG,CAAC,EACtD,SAAS,EACT,kBAAkB,GAInB,EAAuB,EAAE;IACxB,OAAO,kBAAkB,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAC3C,OAAO,CAAC,oBAAoB,CAAC,SAAS,CAAC,CACxC,CAAC;AACJ,CAAC,CAAC;AAVW,QAAA,uCAAuC,2CAUlD;AAcF;;;;;;;;;GASG;AACI,MAAM,uCAAuC,GAAG,CAAC,EACtD,iBAAiB,EACjB,OAAO,GAIR,EAA+B,EAAE;IAChC,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,wBAAwB,GAAkC,EAAE,CAAC;IAEnE,MAAM,cAAc,GAAuD,EAAE,CAAC;IAE9E,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,MAAM,YAAY,GAAG,OAAO,CAAC,2BAA2B,CAAC,OAAO,CAAC,CAAC;QAClE,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YACzB,wBAAwB,CAAC,IAAI,CAAC;gBAC5B,OAAO;gBACP,KAAK,EAAE,YAAY,CAAC,KAAK;gBACzB,IAAI,EAAE,YAAY,CAAC,IAAI;gBACvB,MAAM,EAAE,YAAY,CAAC,MAAM;aAC5B,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,cAAc,CAAC,IAAI,CAAC;gBAClB,cAAc,EAAE,OAAO,CAAC,cAAc;gBACtC,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,wBAAwB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1C,OAAO,wBAAwB,CAAC,CAAC,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,wBAAwB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,wBAAwB;aACnC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC;aAC9C,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CACb,mEAAmE,KAAK,EAAE,CAC3E,CAAC;IACJ,CAAC;IAED,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,cAAc,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAChC,CAAC;IAED,MAAM,OAAO,GAAG,cAAc;SAC3B,GAAG,CACF,CAAC,OAAO,EAAE,EAAE,CACV,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAChE;SACA,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,MAAM,IAAI,KAAK,CACb,uEAAuE,OAAO,EAAE,CACjF,CAAC;AACJ,CAAC,CAAC;AA3DW,QAAA,uCAAuC,2CA2DlD;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACI,MAAM,4BAA4B,GAAG,CAAC,EAC3C,OAAO,EACP,cAAc,EACd,SAAS,EACT,QAAQ,EACR,SAAS,EACT,MAAM,EACN,IAAI,EACJ,aAAa,EACb,eAAe,EACf,KAAK,GAYN,EAAqB,EAAE;IACtB,IAAI,SAAS,KAAK,gCAAc,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,UAAU,GAAsB;QACpC,OAAO,EAAE,IAAA,mBAAW,EAAC,OAAO,CAAC;QAC7B,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,QAAQ;QACZ,UAAU,EAAE;YACV,IAAI,EAAE,cAAc;YACpB,IAAI;YACJ,aAAa;SACd;QACD,MAAM;QACN,MAAM,EAAE,eAAe;QACvB,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC;KAC1C,CAAC;IAEF,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC;AA1CW,QAAA,4BAA4B,gCA0CvC","sourcesContent":["import type { Caveat, Hex } from '@metamask/delegation-core';\nimport { ROOT_AUTHORITY } from '@metamask/delegation-core';\nimport { numberToHex } from '@metamask/utils';\n\nimport type {\n DecodedPermission,\n PermissionType,\n PermissionDecoder,\n ValidateAndDecodeResult,\n} from './types';\n\n/**\n * Returns every permission decoder whose caveat-address pattern matches the\n * given enforcer list for the chain. Used when more than one permission type\n * can share the same enforcer set; the caller must disambiguate by validating\n * caveat terms (see {@link selectUniqueDecoderAndDecodedPermission}).\n *\n * @param args - The arguments to this function.\n * @param args.enforcers - List of enforcer contract addresses (hex strings).\n * @param args.permissionDecoders - The permission decoders for the chain.\n * @returns All decoders that match, possibly empty.\n */\nexport const findDecodersWithMatchingCaveatAddresses = ({\n enforcers,\n permissionDecoders,\n}: {\n enforcers: Hex[];\n permissionDecoders: PermissionDecoder[];\n}): PermissionDecoder[] => {\n return permissionDecoders.filter((decoder) =>\n decoder.caveatAddressesMatch(enforcers),\n );\n};\n\ntype SuccessfulValidateAndDecodeResult = Extract<\n ValidateAndDecodeResult,\n { isValid: true }\n>;\n\ntype DecoderAndDecodedPermission = {\n decoder: PermissionDecoder;\n rules: SuccessfulValidateAndDecodeResult['rules'];\n data: SuccessfulValidateAndDecodeResult['data'];\n expiry: SuccessfulValidateAndDecodeResult['expiry'];\n};\n\n/**\n * Runs {@link PermissionDecoder.validateAndDecodePermission} on each candidate\n * decoder. Use when several decoders share the same caveat addresses.\n *\n * @param args - The arguments to this function.\n * @param args.candidateDecoders - Decoders whose addresses already match the caveats.\n * @param args.caveats - Caveats from the delegation.\n * @returns The unique decoder and decoded expiry/data when exactly one decoder validates.\n * @throws If `candidateDecoders` is empty, if no decoder validates, or if more than one decoder validates.\n */\nexport const selectUniqueDecoderAndDecodedPermission = ({\n candidateDecoders,\n caveats,\n}: {\n candidateDecoders: PermissionDecoder[];\n caveats: Caveat<Hex>[];\n}): DecoderAndDecodedPermission => {\n if (candidateDecoders.length === 0) {\n throw new Error('Unable to identify permission type');\n }\n\n const successfulDecodingResult: DecoderAndDecodedPermission[] = [];\n\n const failedAttempts: { permissionType: PermissionType; error: Error }[] = [];\n\n for (const decoder of candidateDecoders) {\n const decodeResult = decoder.validateAndDecodePermission(caveats);\n if (decodeResult.isValid) {\n successfulDecodingResult.push({\n decoder,\n rules: decodeResult.rules,\n data: decodeResult.data,\n expiry: decodeResult.expiry,\n });\n } else {\n failedAttempts.push({\n permissionType: decoder.permissionType,\n error: decodeResult.error,\n });\n }\n }\n\n if (successfulDecodingResult.length === 1) {\n return successfulDecodingResult[0];\n }\n\n if (successfulDecodingResult.length > 1) {\n const types = successfulDecodingResult\n .map((result) => result.decoder.permissionType)\n .join(', ');\n throw new Error(\n `Multiple permission types validate the same delegation caveats: ${types}`,\n );\n }\n\n if (failedAttempts.length === 1) {\n throw failedAttempts[0].error;\n }\n\n const details = failedAttempts\n .map(\n (attempt) =>\n `${String(attempt.permissionType)}: ${attempt.error.message}`,\n )\n .join('; ');\n\n throw new Error(\n `No permission type could validate the delegation caveats. Attempts: ${details}`,\n );\n};\n\n/**\n * Reconstructs a {@link DecodedPermission} object from primitive values\n * obtained while decoding a permission context.\n *\n * @param args - The arguments to this function.\n * @param args.chainId - Chain ID.\n * @param args.permissionType - Identified permission type.\n * @param args.delegator - Address of the account delegating permission.\n * @param args.delegate - Address that will act under the granted permission.\n * @param args.authority - Authority identifier; must be ROOT_AUTHORITY.\n * @param args.expiry - Expiry timestamp (unix seconds) or null if unbounded.\n * @param args.data - Permission-specific decoded data payload.\n * @param args.justification - Human-readable justification for the permission.\n * @param args.specifiedOrigin - The origin reported in the request metadata.\n * @param args.rules - Rules recovered from caveats (e.g. redeemer allowlist).\n *\n * @returns The reconstructed {@link DecodedPermission}.\n */\nexport const reconstructDecodedPermission = ({\n chainId,\n permissionType,\n delegator,\n delegate,\n authority,\n expiry,\n data,\n justification,\n specifiedOrigin,\n rules,\n}: {\n chainId: number;\n permissionType: PermissionType;\n delegator: Hex;\n delegate: Hex;\n authority: Hex;\n expiry: number | null;\n data: DecodedPermission['permission']['data'];\n justification: string;\n specifiedOrigin: string;\n rules?: DecodedPermission['rules'];\n}): DecodedPermission => {\n if (authority !== ROOT_AUTHORITY) {\n throw new Error('Invalid authority');\n }\n\n const permission: DecodedPermission = {\n chainId: numberToHex(chainId),\n from: delegator,\n to: delegate,\n permission: {\n type: permissionType,\n data,\n justification,\n },\n expiry,\n origin: specifiedOrigin,\n ...(rules === undefined ? {} : { rules }),\n };\n\n return permission;\n};\n"]}
1
+ {"version":3,"file":"decodePermission.cjs","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":";;;AACA,+DAA2D;AAC3D,2CAA8C;AAS9C;;;;;;;;;;GAUG;AACI,MAAM,oCAAoC,GAAG,CAAC,EACnD,SAAS,EACT,eAAe,GAIhB,EAAoB,EAAE;IACrB,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC,CAAC;AAChF,CAAC,CAAC;AARW,QAAA,oCAAoC,wCAQ/C;AAEF;;;;;;;;;;;;;;;;GAgBG;AACI,MAAM,mCAAmC,GAAG,CAAC,EAClD,SAAS,EACT,eAAe,GAIhB,EAAkB,EAAE;IACnB,MAAM,aAAa,GAAG,IAAA,4CAAoC,EAAC;QACzD,SAAS;QACT,eAAe;KAChB,CAAC,CAAC;IAEH,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IACD,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,aAAa,CAAC,CAAC,CAAC,CAAC;AAC1B,CAAC,CAAC;AAnBW,QAAA,mCAAmC,uCAmB9C;AAcF;;;;;;;;;GASG;AACI,MAAM,oCAAoC,GAAG,CAAC,EACnD,cAAc,EACd,OAAO,GAIR,EAA4B,EAAE;IAC7B,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,wBAAwB,GAA+B,EAAE,CAAC;IAEhE,MAAM,cAAc,GAAuD,EAAE,CAAC;IAE9E,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAClC,MAAM,YAAY,GAAG,IAAI,CAAC,2BAA2B,CAAC,OAAO,CAAC,CAAC;QAC/D,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YACzB,wBAAwB,CAAC,IAAI,CAAC;gBAC5B,IAAI;gBACJ,KAAK,EAAE,YAAY,CAAC,KAAK;gBACzB,IAAI,EAAE,YAAY,CAAC,IAAI;gBACvB,MAAM,EAAE,YAAY,CAAC,MAAM;aAC5B,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,cAAc,CAAC,IAAI,CAAC;gBAClB,cAAc,EAAE,IAAI,CAAC,cAAc;gBACnC,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,wBAAwB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1C,OAAO,wBAAwB,CAAC,CAAC,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,wBAAwB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,wBAAwB;aACnC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC;aAC3C,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CACb,mEAAmE,KAAK,EAAE,CAC3E,CAAC;IACJ,CAAC;IAED,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,cAAc,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAChC,CAAC;IAED,MAAM,OAAO,GAAG,cAAc;SAC3B,GAAG,CACF,CAAC,OAAO,EAAE,EAAE,CACV,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAChE;SACA,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,MAAM,IAAI,KAAK,CACb,uEAAuE,OAAO,EAAE,CACjF,CAAC;AACJ,CAAC,CAAC;AA3DW,QAAA,oCAAoC,wCA2D/C;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACI,MAAM,4BAA4B,GAAG,CAAC,EAC3C,OAAO,EACP,cAAc,EACd,SAAS,EACT,QAAQ,EACR,SAAS,EACT,MAAM,EACN,IAAI,EACJ,aAAa,EACb,eAAe,EACf,KAAK,GAYN,EAAqB,EAAE;IACtB,IAAI,SAAS,KAAK,gCAAc,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,UAAU,GAAsB;QACpC,OAAO,EAAE,IAAA,mBAAW,EAAC,OAAO,CAAC;QAC7B,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,QAAQ;QACZ,UAAU,EAAE;YACV,IAAI,EAAE,cAAc;YACpB,IAAI;YACJ,aAAa;SACd;QACD,MAAM;QACN,MAAM,EAAE,eAAe;QACvB,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC;KAC1C,CAAC;IAEF,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC;AA1CW,QAAA,4BAA4B,gCA0CvC","sourcesContent":["import type { Caveat, Hex } from '@metamask/delegation-core';\nimport { ROOT_AUTHORITY } from '@metamask/delegation-core';\nimport { numberToHex } from '@metamask/utils';\n\nimport type {\n DecodedPermission,\n PermissionType,\n PermissionRule,\n ValidateAndDecodeResult,\n} from './types';\n\n/**\n * Returns every permission rule whose caveat-address pattern matches the given\n * enforcer list for the chain. Used when more than one permission type can\n * share the same enforcer set; the caller must disambiguate by validating\n * caveat terms (see {@link selectUniqueRuleAndDecodedPermission}).\n *\n * @param args - The arguments to this function.\n * @param args.enforcers - List of enforcer contract addresses (hex strings).\n * @param args.permissionRules - The permission rules for the chain.\n * @returns All rules that match, possibly empty.\n */\nexport const findRulesWithMatchingCaveatAddresses = ({\n enforcers,\n permissionRules,\n}: {\n enforcers: Hex[];\n permissionRules: PermissionRule[];\n}): PermissionRule[] => {\n return permissionRules.filter((rule) => rule.caveatAddressesMatch(enforcers));\n};\n\n/**\n * Returns the unique permission rule that matches a given set of enforcer\n * contract addresses (caveat types) for a specific chain.\n *\n * A rule matches when:\n * - All of its required enforcers are present in the provided list; and\n * - No provided enforcer falls outside the union of the rule's required and\n * optional enforcers (currently only `TimestampEnforcer` is allowed extra).\n *\n * If exactly one rule matches, it is returned.\n *\n * @param args - The arguments to this function.\n * @param args.enforcers - List of enforcer contract addresses (hex strings).\n * @param args.permissionRules - The permission rules for the chain.\n * @returns The matching permission rule.\n * @throws If no rule matches, or if more than one rule matches.\n */\nexport const findRuleWithMatchingCaveatAddresses = ({\n enforcers,\n permissionRules,\n}: {\n enforcers: Hex[];\n permissionRules: PermissionRule[];\n}): PermissionRule => {\n const matchingRules = findRulesWithMatchingCaveatAddresses({\n enforcers,\n permissionRules,\n });\n\n if (matchingRules.length === 0) {\n throw new Error('Unable to identify permission type');\n }\n if (matchingRules.length > 1) {\n throw new Error('Multiple permission types match');\n }\n return matchingRules[0];\n};\n\ntype SuccessfulValidateAndDecodeResult = Extract<\n ValidateAndDecodeResult,\n { isValid: true }\n>;\n\ntype RuleAndDecodedPermission = {\n rule: PermissionRule;\n rules: SuccessfulValidateAndDecodeResult['rules'];\n data: SuccessfulValidateAndDecodeResult['data'];\n expiry: SuccessfulValidateAndDecodeResult['expiry'];\n};\n\n/**\n * Runs {@link PermissionRule.validateAndDecodePermission} on each candidate\n * rule. Use when several rules share the same caveat addresses.\n *\n * @param args - The arguments to this function.\n * @param args.candidateRules - Rules whose addresses already match the caveats.\n * @param args.caveats - Caveats from the delegation.\n * @returns The unique rule and decoded expiry/data when exactly one rule validates.\n * @throws If `candidateRules` is empty, if no rule validates, or if more than one rule validates.\n */\nexport const selectUniqueRuleAndDecodedPermission = ({\n candidateRules,\n caveats,\n}: {\n candidateRules: PermissionRule[];\n caveats: Caveat<Hex>[];\n}): RuleAndDecodedPermission => {\n if (candidateRules.length === 0) {\n throw new Error('Unable to identify permission type');\n }\n\n const successfulDecodingResult: RuleAndDecodedPermission[] = [];\n\n const failedAttempts: { permissionType: PermissionType; error: Error }[] = [];\n\n for (const rule of candidateRules) {\n const decodeResult = rule.validateAndDecodePermission(caveats);\n if (decodeResult.isValid) {\n successfulDecodingResult.push({\n rule,\n rules: decodeResult.rules,\n data: decodeResult.data,\n expiry: decodeResult.expiry,\n });\n } else {\n failedAttempts.push({\n permissionType: rule.permissionType,\n error: decodeResult.error,\n });\n }\n }\n\n if (successfulDecodingResult.length === 1) {\n return successfulDecodingResult[0];\n }\n\n if (successfulDecodingResult.length > 1) {\n const types = successfulDecodingResult\n .map((result) => result.rule.permissionType)\n .join(', ');\n throw new Error(\n `Multiple permission types validate the same delegation caveats: ${types}`,\n );\n }\n\n if (failedAttempts.length === 1) {\n throw failedAttempts[0].error;\n }\n\n const details = failedAttempts\n .map(\n (attempt) =>\n `${String(attempt.permissionType)}: ${attempt.error.message}`,\n )\n .join('; ');\n\n throw new Error(\n `No permission type could validate the delegation caveats. Attempts: ${details}`,\n );\n};\n\n/**\n * Reconstructs a {@link DecodedPermission} object from primitive values\n * obtained while decoding a permission context.\n *\n * The resulting object contains:\n * - `chainId` encoded as hex (`0x…`)\n * - `address` set to the delegator (user account)\n * - `signer` set to an account signer with the delegate address\n * - `permission` with the identified type and decoded data\n * - `expiry` timestamp (or null)\n *\n * @param args - The arguments to this function.\n * @param args.chainId - Chain ID.\n * @param args.permissionType - Identified permission type.\n * @param args.delegator - Address of the account delegating permission.\n * @param args.delegate - Address that will act under the granted permission.\n * @param args.authority - Authority identifier; must be ROOT_AUTHORITY.\n * @param args.expiry - Expiry timestamp (unix seconds) or null if unbounded.\n * @param args.data - Permission-specific decoded data payload.\n * @param args.justification - Human-readable justification for the permission.\n * @param args.specifiedOrigin - The origin reported in the request metadata.\n * @param args.rules - Rules recovered from caveats (e.g. redeemer allowlist).\n *\n * @returns The reconstructed {@link DecodedPermission}.\n */\nexport const reconstructDecodedPermission = ({\n chainId,\n permissionType,\n delegator,\n delegate,\n authority,\n expiry,\n data,\n justification,\n specifiedOrigin,\n rules,\n}: {\n chainId: number;\n permissionType: PermissionType;\n delegator: Hex;\n delegate: Hex;\n authority: Hex;\n expiry: number | null;\n data: DecodedPermission['permission']['data'];\n justification: string;\n specifiedOrigin: string;\n rules?: DecodedPermission['rules'];\n}): DecodedPermission => {\n if (authority !== ROOT_AUTHORITY) {\n throw new Error('Invalid authority');\n }\n\n const permission: DecodedPermission = {\n chainId: numberToHex(chainId),\n from: delegator,\n to: delegate,\n permission: {\n type: permissionType,\n data,\n justification,\n },\n expiry,\n origin: specifiedOrigin,\n ...(rules === undefined ? {} : { rules }),\n };\n\n return permission;\n};\n"]}
@@ -1,47 +1,75 @@
1
1
  import type { Caveat, Hex } from "@metamask/delegation-core";
2
- import type { DecodedPermission, PermissionType, PermissionDecoder, ValidateAndDecodeResult } from "./types.cjs";
2
+ import type { DecodedPermission, PermissionType, PermissionRule, ValidateAndDecodeResult } from "./types.cjs";
3
3
  /**
4
- * Returns every permission decoder whose caveat-address pattern matches the
5
- * given enforcer list for the chain. Used when more than one permission type
6
- * can share the same enforcer set; the caller must disambiguate by validating
7
- * caveat terms (see {@link selectUniqueDecoderAndDecodedPermission}).
4
+ * Returns every permission rule whose caveat-address pattern matches the given
5
+ * enforcer list for the chain. Used when more than one permission type can
6
+ * share the same enforcer set; the caller must disambiguate by validating
7
+ * caveat terms (see {@link selectUniqueRuleAndDecodedPermission}).
8
8
  *
9
9
  * @param args - The arguments to this function.
10
10
  * @param args.enforcers - List of enforcer contract addresses (hex strings).
11
- * @param args.permissionDecoders - The permission decoders for the chain.
12
- * @returns All decoders that match, possibly empty.
11
+ * @param args.permissionRules - The permission rules for the chain.
12
+ * @returns All rules that match, possibly empty.
13
13
  */
14
- export declare const findDecodersWithMatchingCaveatAddresses: ({ enforcers, permissionDecoders, }: {
14
+ export declare const findRulesWithMatchingCaveatAddresses: ({ enforcers, permissionRules, }: {
15
15
  enforcers: Hex[];
16
- permissionDecoders: PermissionDecoder[];
17
- }) => PermissionDecoder[];
16
+ permissionRules: PermissionRule[];
17
+ }) => PermissionRule[];
18
+ /**
19
+ * Returns the unique permission rule that matches a given set of enforcer
20
+ * contract addresses (caveat types) for a specific chain.
21
+ *
22
+ * A rule matches when:
23
+ * - All of its required enforcers are present in the provided list; and
24
+ * - No provided enforcer falls outside the union of the rule's required and
25
+ * optional enforcers (currently only `TimestampEnforcer` is allowed extra).
26
+ *
27
+ * If exactly one rule matches, it is returned.
28
+ *
29
+ * @param args - The arguments to this function.
30
+ * @param args.enforcers - List of enforcer contract addresses (hex strings).
31
+ * @param args.permissionRules - The permission rules for the chain.
32
+ * @returns The matching permission rule.
33
+ * @throws If no rule matches, or if more than one rule matches.
34
+ */
35
+ export declare const findRuleWithMatchingCaveatAddresses: ({ enforcers, permissionRules, }: {
36
+ enforcers: Hex[];
37
+ permissionRules: PermissionRule[];
38
+ }) => PermissionRule;
18
39
  type SuccessfulValidateAndDecodeResult = Extract<ValidateAndDecodeResult, {
19
40
  isValid: true;
20
41
  }>;
21
- type DecoderAndDecodedPermission = {
22
- decoder: PermissionDecoder;
42
+ type RuleAndDecodedPermission = {
43
+ rule: PermissionRule;
23
44
  rules: SuccessfulValidateAndDecodeResult['rules'];
24
45
  data: SuccessfulValidateAndDecodeResult['data'];
25
46
  expiry: SuccessfulValidateAndDecodeResult['expiry'];
26
47
  };
27
48
  /**
28
- * Runs {@link PermissionDecoder.validateAndDecodePermission} on each candidate
29
- * decoder. Use when several decoders share the same caveat addresses.
49
+ * Runs {@link PermissionRule.validateAndDecodePermission} on each candidate
50
+ * rule. Use when several rules share the same caveat addresses.
30
51
  *
31
52
  * @param args - The arguments to this function.
32
- * @param args.candidateDecoders - Decoders whose addresses already match the caveats.
53
+ * @param args.candidateRules - Rules whose addresses already match the caveats.
33
54
  * @param args.caveats - Caveats from the delegation.
34
- * @returns The unique decoder and decoded expiry/data when exactly one decoder validates.
35
- * @throws If `candidateDecoders` is empty, if no decoder validates, or if more than one decoder validates.
55
+ * @returns The unique rule and decoded expiry/data when exactly one rule validates.
56
+ * @throws If `candidateRules` is empty, if no rule validates, or if more than one rule validates.
36
57
  */
37
- export declare const selectUniqueDecoderAndDecodedPermission: ({ candidateDecoders, caveats, }: {
38
- candidateDecoders: PermissionDecoder[];
58
+ export declare const selectUniqueRuleAndDecodedPermission: ({ candidateRules, caveats, }: {
59
+ candidateRules: PermissionRule[];
39
60
  caveats: Caveat<Hex>[];
40
- }) => DecoderAndDecodedPermission;
61
+ }) => RuleAndDecodedPermission;
41
62
  /**
42
63
  * Reconstructs a {@link DecodedPermission} object from primitive values
43
64
  * obtained while decoding a permission context.
44
65
  *
66
+ * The resulting object contains:
67
+ * - `chainId` encoded as hex (`0x…`)
68
+ * - `address` set to the delegator (user account)
69
+ * - `signer` set to an account signer with the delegate address
70
+ * - `permission` with the identified type and decoded data
71
+ * - `expiry` timestamp (or null)
72
+ *
45
73
  * @param args - The arguments to this function.
46
74
  * @param args.chainId - Chain ID.
47
75
  * @param args.permissionType - Identified permission type.
@@ -1 +1 @@
1
- {"version":3,"file":"decodePermission.d.cts","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,kCAAkC;AAI7D,OAAO,KAAK,EACV,iBAAiB,EACjB,cAAc,EACd,iBAAiB,EACjB,uBAAuB,EACxB,oBAAgB;AAEjB;;;;;;;;;;GAUG;AACH,eAAO,MAAM,uCAAuC;eAIvC,GAAG,EAAE;wBACI,iBAAiB,EAAE;MACrC,iBAAiB,EAIpB,CAAC;AAEF,KAAK,iCAAiC,GAAG,OAAO,CAC9C,uBAAuB,EACvB;IAAE,OAAO,EAAE,IAAI,CAAA;CAAE,CAClB,CAAC;AAEF,KAAK,2BAA2B,GAAG;IACjC,OAAO,EAAE,iBAAiB,CAAC;IAC3B,KAAK,EAAE,iCAAiC,CAAC,OAAO,CAAC,CAAC;IAClD,IAAI,EAAE,iCAAiC,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,EAAE,iCAAiC,CAAC,QAAQ,CAAC,CAAC;CACrD,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,uCAAuC;uBAI/B,iBAAiB,EAAE;aAC7B,OAAO,GAAG,CAAC,EAAE;MACpB,2BAqDH,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,4BAA4B;aAY9B,MAAM;oBACC,cAAc;eACnB,GAAG;cACJ,GAAG;eACF,GAAG;YACN,MAAM,GAAG,IAAI;UACf,iBAAiB,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;mBAC9B,MAAM;qBACJ,MAAM;YACf,iBAAiB,CAAC,OAAO,CAAC;MAChC,iBAoBH,CAAC"}
1
+ {"version":3,"file":"decodePermission.d.cts","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,kCAAkC;AAI7D,OAAO,KAAK,EACV,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,uBAAuB,EACxB,oBAAgB;AAEjB;;;;;;;;;;GAUG;AACH,eAAO,MAAM,oCAAoC;eAIpC,GAAG,EAAE;qBACC,cAAc,EAAE;MAC/B,cAAc,EAEjB,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,mCAAmC;eAInC,GAAG,EAAE;qBACC,cAAc,EAAE;MAC/B,cAaH,CAAC;AAEF,KAAK,iCAAiC,GAAG,OAAO,CAC9C,uBAAuB,EACvB;IAAE,OAAO,EAAE,IAAI,CAAA;CAAE,CAClB,CAAC;AAEF,KAAK,wBAAwB,GAAG;IAC9B,IAAI,EAAE,cAAc,CAAC;IACrB,KAAK,EAAE,iCAAiC,CAAC,OAAO,CAAC,CAAC;IAClD,IAAI,EAAE,iCAAiC,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,EAAE,iCAAiC,CAAC,QAAQ,CAAC,CAAC;CACrD,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,oCAAoC;oBAI/B,cAAc,EAAE;aACvB,OAAO,GAAG,CAAC,EAAE;MACpB,wBAqDH,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,eAAO,MAAM,4BAA4B;aAY9B,MAAM;oBACC,cAAc;eACnB,GAAG;cACJ,GAAG;eACF,GAAG;YACN,MAAM,GAAG,IAAI;UACf,iBAAiB,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;mBAC9B,MAAM;qBACJ,MAAM;YACf,iBAAiB,CAAC,OAAO,CAAC;MAChC,iBAoBH,CAAC"}
@@ -1,47 +1,75 @@
1
1
  import type { Caveat, Hex } from "@metamask/delegation-core";
2
- import type { DecodedPermission, PermissionType, PermissionDecoder, ValidateAndDecodeResult } from "./types.mjs";
2
+ import type { DecodedPermission, PermissionType, PermissionRule, ValidateAndDecodeResult } from "./types.mjs";
3
3
  /**
4
- * Returns every permission decoder whose caveat-address pattern matches the
5
- * given enforcer list for the chain. Used when more than one permission type
6
- * can share the same enforcer set; the caller must disambiguate by validating
7
- * caveat terms (see {@link selectUniqueDecoderAndDecodedPermission}).
4
+ * Returns every permission rule whose caveat-address pattern matches the given
5
+ * enforcer list for the chain. Used when more than one permission type can
6
+ * share the same enforcer set; the caller must disambiguate by validating
7
+ * caveat terms (see {@link selectUniqueRuleAndDecodedPermission}).
8
8
  *
9
9
  * @param args - The arguments to this function.
10
10
  * @param args.enforcers - List of enforcer contract addresses (hex strings).
11
- * @param args.permissionDecoders - The permission decoders for the chain.
12
- * @returns All decoders that match, possibly empty.
11
+ * @param args.permissionRules - The permission rules for the chain.
12
+ * @returns All rules that match, possibly empty.
13
13
  */
14
- export declare const findDecodersWithMatchingCaveatAddresses: ({ enforcers, permissionDecoders, }: {
14
+ export declare const findRulesWithMatchingCaveatAddresses: ({ enforcers, permissionRules, }: {
15
15
  enforcers: Hex[];
16
- permissionDecoders: PermissionDecoder[];
17
- }) => PermissionDecoder[];
16
+ permissionRules: PermissionRule[];
17
+ }) => PermissionRule[];
18
+ /**
19
+ * Returns the unique permission rule that matches a given set of enforcer
20
+ * contract addresses (caveat types) for a specific chain.
21
+ *
22
+ * A rule matches when:
23
+ * - All of its required enforcers are present in the provided list; and
24
+ * - No provided enforcer falls outside the union of the rule's required and
25
+ * optional enforcers (currently only `TimestampEnforcer` is allowed extra).
26
+ *
27
+ * If exactly one rule matches, it is returned.
28
+ *
29
+ * @param args - The arguments to this function.
30
+ * @param args.enforcers - List of enforcer contract addresses (hex strings).
31
+ * @param args.permissionRules - The permission rules for the chain.
32
+ * @returns The matching permission rule.
33
+ * @throws If no rule matches, or if more than one rule matches.
34
+ */
35
+ export declare const findRuleWithMatchingCaveatAddresses: ({ enforcers, permissionRules, }: {
36
+ enforcers: Hex[];
37
+ permissionRules: PermissionRule[];
38
+ }) => PermissionRule;
18
39
  type SuccessfulValidateAndDecodeResult = Extract<ValidateAndDecodeResult, {
19
40
  isValid: true;
20
41
  }>;
21
- type DecoderAndDecodedPermission = {
22
- decoder: PermissionDecoder;
42
+ type RuleAndDecodedPermission = {
43
+ rule: PermissionRule;
23
44
  rules: SuccessfulValidateAndDecodeResult['rules'];
24
45
  data: SuccessfulValidateAndDecodeResult['data'];
25
46
  expiry: SuccessfulValidateAndDecodeResult['expiry'];
26
47
  };
27
48
  /**
28
- * Runs {@link PermissionDecoder.validateAndDecodePermission} on each candidate
29
- * decoder. Use when several decoders share the same caveat addresses.
49
+ * Runs {@link PermissionRule.validateAndDecodePermission} on each candidate
50
+ * rule. Use when several rules share the same caveat addresses.
30
51
  *
31
52
  * @param args - The arguments to this function.
32
- * @param args.candidateDecoders - Decoders whose addresses already match the caveats.
53
+ * @param args.candidateRules - Rules whose addresses already match the caveats.
33
54
  * @param args.caveats - Caveats from the delegation.
34
- * @returns The unique decoder and decoded expiry/data when exactly one decoder validates.
35
- * @throws If `candidateDecoders` is empty, if no decoder validates, or if more than one decoder validates.
55
+ * @returns The unique rule and decoded expiry/data when exactly one rule validates.
56
+ * @throws If `candidateRules` is empty, if no rule validates, or if more than one rule validates.
36
57
  */
37
- export declare const selectUniqueDecoderAndDecodedPermission: ({ candidateDecoders, caveats, }: {
38
- candidateDecoders: PermissionDecoder[];
58
+ export declare const selectUniqueRuleAndDecodedPermission: ({ candidateRules, caveats, }: {
59
+ candidateRules: PermissionRule[];
39
60
  caveats: Caveat<Hex>[];
40
- }) => DecoderAndDecodedPermission;
61
+ }) => RuleAndDecodedPermission;
41
62
  /**
42
63
  * Reconstructs a {@link DecodedPermission} object from primitive values
43
64
  * obtained while decoding a permission context.
44
65
  *
66
+ * The resulting object contains:
67
+ * - `chainId` encoded as hex (`0x…`)
68
+ * - `address` set to the delegator (user account)
69
+ * - `signer` set to an account signer with the delegate address
70
+ * - `permission` with the identified type and decoded data
71
+ * - `expiry` timestamp (or null)
72
+ *
45
73
  * @param args - The arguments to this function.
46
74
  * @param args.chainId - Chain ID.
47
75
  * @param args.permissionType - Identified permission type.
@@ -1 +1 @@
1
- {"version":3,"file":"decodePermission.d.mts","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,kCAAkC;AAI7D,OAAO,KAAK,EACV,iBAAiB,EACjB,cAAc,EACd,iBAAiB,EACjB,uBAAuB,EACxB,oBAAgB;AAEjB;;;;;;;;;;GAUG;AACH,eAAO,MAAM,uCAAuC;eAIvC,GAAG,EAAE;wBACI,iBAAiB,EAAE;MACrC,iBAAiB,EAIpB,CAAC;AAEF,KAAK,iCAAiC,GAAG,OAAO,CAC9C,uBAAuB,EACvB;IAAE,OAAO,EAAE,IAAI,CAAA;CAAE,CAClB,CAAC;AAEF,KAAK,2BAA2B,GAAG;IACjC,OAAO,EAAE,iBAAiB,CAAC;IAC3B,KAAK,EAAE,iCAAiC,CAAC,OAAO,CAAC,CAAC;IAClD,IAAI,EAAE,iCAAiC,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,EAAE,iCAAiC,CAAC,QAAQ,CAAC,CAAC;CACrD,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,uCAAuC;uBAI/B,iBAAiB,EAAE;aAC7B,OAAO,GAAG,CAAC,EAAE;MACpB,2BAqDH,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,4BAA4B;aAY9B,MAAM;oBACC,cAAc;eACnB,GAAG;cACJ,GAAG;eACF,GAAG;YACN,MAAM,GAAG,IAAI;UACf,iBAAiB,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;mBAC9B,MAAM;qBACJ,MAAM;YACf,iBAAiB,CAAC,OAAO,CAAC;MAChC,iBAoBH,CAAC"}
1
+ {"version":3,"file":"decodePermission.d.mts","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,kCAAkC;AAI7D,OAAO,KAAK,EACV,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,uBAAuB,EACxB,oBAAgB;AAEjB;;;;;;;;;;GAUG;AACH,eAAO,MAAM,oCAAoC;eAIpC,GAAG,EAAE;qBACC,cAAc,EAAE;MAC/B,cAAc,EAEjB,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,mCAAmC;eAInC,GAAG,EAAE;qBACC,cAAc,EAAE;MAC/B,cAaH,CAAC;AAEF,KAAK,iCAAiC,GAAG,OAAO,CAC9C,uBAAuB,EACvB;IAAE,OAAO,EAAE,IAAI,CAAA;CAAE,CAClB,CAAC;AAEF,KAAK,wBAAwB,GAAG;IAC9B,IAAI,EAAE,cAAc,CAAC;IACrB,KAAK,EAAE,iCAAiC,CAAC,OAAO,CAAC,CAAC;IAClD,IAAI,EAAE,iCAAiC,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,EAAE,iCAAiC,CAAC,QAAQ,CAAC,CAAC;CACrD,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,oCAAoC;oBAI/B,cAAc,EAAE;aACvB,OAAO,GAAG,CAAC,EAAE;MACpB,wBAqDH,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,eAAO,MAAM,4BAA4B;aAY9B,MAAM;oBACC,cAAc;eACnB,GAAG;cACJ,GAAG;eACF,GAAG;YACN,MAAM,GAAG,IAAI;UACf,iBAAiB,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;mBAC9B,MAAM;qBACJ,MAAM;YACf,iBAAiB,CAAC,OAAO,CAAC;MAChC,iBAoBH,CAAC"}
@@ -1,40 +1,70 @@
1
1
  import { ROOT_AUTHORITY } from "@metamask/delegation-core";
2
2
  import { numberToHex } from "@metamask/utils";
3
3
  /**
4
- * Returns every permission decoder whose caveat-address pattern matches the
5
- * given enforcer list for the chain. Used when more than one permission type
6
- * can share the same enforcer set; the caller must disambiguate by validating
7
- * caveat terms (see {@link selectUniqueDecoderAndDecodedPermission}).
4
+ * Returns every permission rule whose caveat-address pattern matches the given
5
+ * enforcer list for the chain. Used when more than one permission type can
6
+ * share the same enforcer set; the caller must disambiguate by validating
7
+ * caveat terms (see {@link selectUniqueRuleAndDecodedPermission}).
8
8
  *
9
9
  * @param args - The arguments to this function.
10
10
  * @param args.enforcers - List of enforcer contract addresses (hex strings).
11
- * @param args.permissionDecoders - The permission decoders for the chain.
12
- * @returns All decoders that match, possibly empty.
11
+ * @param args.permissionRules - The permission rules for the chain.
12
+ * @returns All rules that match, possibly empty.
13
13
  */
14
- export const findDecodersWithMatchingCaveatAddresses = ({ enforcers, permissionDecoders, }) => {
15
- return permissionDecoders.filter((decoder) => decoder.caveatAddressesMatch(enforcers));
14
+ export const findRulesWithMatchingCaveatAddresses = ({ enforcers, permissionRules, }) => {
15
+ return permissionRules.filter((rule) => rule.caveatAddressesMatch(enforcers));
16
16
  };
17
17
  /**
18
- * Runs {@link PermissionDecoder.validateAndDecodePermission} on each candidate
19
- * decoder. Use when several decoders share the same caveat addresses.
18
+ * Returns the unique permission rule that matches a given set of enforcer
19
+ * contract addresses (caveat types) for a specific chain.
20
+ *
21
+ * A rule matches when:
22
+ * - All of its required enforcers are present in the provided list; and
23
+ * - No provided enforcer falls outside the union of the rule's required and
24
+ * optional enforcers (currently only `TimestampEnforcer` is allowed extra).
25
+ *
26
+ * If exactly one rule matches, it is returned.
27
+ *
28
+ * @param args - The arguments to this function.
29
+ * @param args.enforcers - List of enforcer contract addresses (hex strings).
30
+ * @param args.permissionRules - The permission rules for the chain.
31
+ * @returns The matching permission rule.
32
+ * @throws If no rule matches, or if more than one rule matches.
33
+ */
34
+ export const findRuleWithMatchingCaveatAddresses = ({ enforcers, permissionRules, }) => {
35
+ const matchingRules = findRulesWithMatchingCaveatAddresses({
36
+ enforcers,
37
+ permissionRules,
38
+ });
39
+ if (matchingRules.length === 0) {
40
+ throw new Error('Unable to identify permission type');
41
+ }
42
+ if (matchingRules.length > 1) {
43
+ throw new Error('Multiple permission types match');
44
+ }
45
+ return matchingRules[0];
46
+ };
47
+ /**
48
+ * Runs {@link PermissionRule.validateAndDecodePermission} on each candidate
49
+ * rule. Use when several rules share the same caveat addresses.
20
50
  *
21
51
  * @param args - The arguments to this function.
22
- * @param args.candidateDecoders - Decoders whose addresses already match the caveats.
52
+ * @param args.candidateRules - Rules whose addresses already match the caveats.
23
53
  * @param args.caveats - Caveats from the delegation.
24
- * @returns The unique decoder and decoded expiry/data when exactly one decoder validates.
25
- * @throws If `candidateDecoders` is empty, if no decoder validates, or if more than one decoder validates.
54
+ * @returns The unique rule and decoded expiry/data when exactly one rule validates.
55
+ * @throws If `candidateRules` is empty, if no rule validates, or if more than one rule validates.
26
56
  */
27
- export const selectUniqueDecoderAndDecodedPermission = ({ candidateDecoders, caveats, }) => {
28
- if (candidateDecoders.length === 0) {
57
+ export const selectUniqueRuleAndDecodedPermission = ({ candidateRules, caveats, }) => {
58
+ if (candidateRules.length === 0) {
29
59
  throw new Error('Unable to identify permission type');
30
60
  }
31
61
  const successfulDecodingResult = [];
32
62
  const failedAttempts = [];
33
- for (const decoder of candidateDecoders) {
34
- const decodeResult = decoder.validateAndDecodePermission(caveats);
63
+ for (const rule of candidateRules) {
64
+ const decodeResult = rule.validateAndDecodePermission(caveats);
35
65
  if (decodeResult.isValid) {
36
66
  successfulDecodingResult.push({
37
- decoder,
67
+ rule,
38
68
  rules: decodeResult.rules,
39
69
  data: decodeResult.data,
40
70
  expiry: decodeResult.expiry,
@@ -42,7 +72,7 @@ export const selectUniqueDecoderAndDecodedPermission = ({ candidateDecoders, cav
42
72
  }
43
73
  else {
44
74
  failedAttempts.push({
45
- permissionType: decoder.permissionType,
75
+ permissionType: rule.permissionType,
46
76
  error: decodeResult.error,
47
77
  });
48
78
  }
@@ -52,7 +82,7 @@ export const selectUniqueDecoderAndDecodedPermission = ({ candidateDecoders, cav
52
82
  }
53
83
  if (successfulDecodingResult.length > 1) {
54
84
  const types = successfulDecodingResult
55
- .map((result) => result.decoder.permissionType)
85
+ .map((result) => result.rule.permissionType)
56
86
  .join(', ');
57
87
  throw new Error(`Multiple permission types validate the same delegation caveats: ${types}`);
58
88
  }
@@ -68,6 +98,13 @@ export const selectUniqueDecoderAndDecodedPermission = ({ candidateDecoders, cav
68
98
  * Reconstructs a {@link DecodedPermission} object from primitive values
69
99
  * obtained while decoding a permission context.
70
100
  *
101
+ * The resulting object contains:
102
+ * - `chainId` encoded as hex (`0x…`)
103
+ * - `address` set to the delegator (user account)
104
+ * - `signer` set to an account signer with the delegate address
105
+ * - `permission` with the identified type and decoded data
106
+ * - `expiry` timestamp (or null)
107
+ *
71
108
  * @param args - The arguments to this function.
72
109
  * @param args.chainId - Chain ID.
73
110
  * @param args.permissionType - Identified permission type.
@@ -1 +1 @@
1
- {"version":3,"file":"decodePermission.mjs","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,kCAAkC;AAC3D,OAAO,EAAE,WAAW,EAAE,wBAAwB;AAS9C;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,uCAAuC,GAAG,CAAC,EACtD,SAAS,EACT,kBAAkB,GAInB,EAAuB,EAAE;IACxB,OAAO,kBAAkB,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAC3C,OAAO,CAAC,oBAAoB,CAAC,SAAS,CAAC,CACxC,CAAC;AACJ,CAAC,CAAC;AAcF;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,uCAAuC,GAAG,CAAC,EACtD,iBAAiB,EACjB,OAAO,GAIR,EAA+B,EAAE;IAChC,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,wBAAwB,GAAkC,EAAE,CAAC;IAEnE,MAAM,cAAc,GAAuD,EAAE,CAAC;IAE9E,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,MAAM,YAAY,GAAG,OAAO,CAAC,2BAA2B,CAAC,OAAO,CAAC,CAAC;QAClE,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YACzB,wBAAwB,CAAC,IAAI,CAAC;gBAC5B,OAAO;gBACP,KAAK,EAAE,YAAY,CAAC,KAAK;gBACzB,IAAI,EAAE,YAAY,CAAC,IAAI;gBACvB,MAAM,EAAE,YAAY,CAAC,MAAM;aAC5B,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,cAAc,CAAC,IAAI,CAAC;gBAClB,cAAc,EAAE,OAAO,CAAC,cAAc;gBACtC,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,wBAAwB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1C,OAAO,wBAAwB,CAAC,CAAC,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,wBAAwB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,wBAAwB;aACnC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC;aAC9C,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CACb,mEAAmE,KAAK,EAAE,CAC3E,CAAC;IACJ,CAAC;IAED,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,cAAc,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAChC,CAAC;IAED,MAAM,OAAO,GAAG,cAAc;SAC3B,GAAG,CACF,CAAC,OAAO,EAAE,EAAE,CACV,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAChE;SACA,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,MAAM,IAAI,KAAK,CACb,uEAAuE,OAAO,EAAE,CACjF,CAAC;AACJ,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,EAC3C,OAAO,EACP,cAAc,EACd,SAAS,EACT,QAAQ,EACR,SAAS,EACT,MAAM,EACN,IAAI,EACJ,aAAa,EACb,eAAe,EACf,KAAK,GAYN,EAAqB,EAAE;IACtB,IAAI,SAAS,KAAK,cAAc,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,UAAU,GAAsB;QACpC,OAAO,EAAE,WAAW,CAAC,OAAO,CAAC;QAC7B,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,QAAQ;QACZ,UAAU,EAAE;YACV,IAAI,EAAE,cAAc;YACpB,IAAI;YACJ,aAAa;SACd;QACD,MAAM;QACN,MAAM,EAAE,eAAe;QACvB,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC;KAC1C,CAAC;IAEF,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC","sourcesContent":["import type { Caveat, Hex } from '@metamask/delegation-core';\nimport { ROOT_AUTHORITY } from '@metamask/delegation-core';\nimport { numberToHex } from '@metamask/utils';\n\nimport type {\n DecodedPermission,\n PermissionType,\n PermissionDecoder,\n ValidateAndDecodeResult,\n} from './types';\n\n/**\n * Returns every permission decoder whose caveat-address pattern matches the\n * given enforcer list for the chain. Used when more than one permission type\n * can share the same enforcer set; the caller must disambiguate by validating\n * caveat terms (see {@link selectUniqueDecoderAndDecodedPermission}).\n *\n * @param args - The arguments to this function.\n * @param args.enforcers - List of enforcer contract addresses (hex strings).\n * @param args.permissionDecoders - The permission decoders for the chain.\n * @returns All decoders that match, possibly empty.\n */\nexport const findDecodersWithMatchingCaveatAddresses = ({\n enforcers,\n permissionDecoders,\n}: {\n enforcers: Hex[];\n permissionDecoders: PermissionDecoder[];\n}): PermissionDecoder[] => {\n return permissionDecoders.filter((decoder) =>\n decoder.caveatAddressesMatch(enforcers),\n );\n};\n\ntype SuccessfulValidateAndDecodeResult = Extract<\n ValidateAndDecodeResult,\n { isValid: true }\n>;\n\ntype DecoderAndDecodedPermission = {\n decoder: PermissionDecoder;\n rules: SuccessfulValidateAndDecodeResult['rules'];\n data: SuccessfulValidateAndDecodeResult['data'];\n expiry: SuccessfulValidateAndDecodeResult['expiry'];\n};\n\n/**\n * Runs {@link PermissionDecoder.validateAndDecodePermission} on each candidate\n * decoder. Use when several decoders share the same caveat addresses.\n *\n * @param args - The arguments to this function.\n * @param args.candidateDecoders - Decoders whose addresses already match the caveats.\n * @param args.caveats - Caveats from the delegation.\n * @returns The unique decoder and decoded expiry/data when exactly one decoder validates.\n * @throws If `candidateDecoders` is empty, if no decoder validates, or if more than one decoder validates.\n */\nexport const selectUniqueDecoderAndDecodedPermission = ({\n candidateDecoders,\n caveats,\n}: {\n candidateDecoders: PermissionDecoder[];\n caveats: Caveat<Hex>[];\n}): DecoderAndDecodedPermission => {\n if (candidateDecoders.length === 0) {\n throw new Error('Unable to identify permission type');\n }\n\n const successfulDecodingResult: DecoderAndDecodedPermission[] = [];\n\n const failedAttempts: { permissionType: PermissionType; error: Error }[] = [];\n\n for (const decoder of candidateDecoders) {\n const decodeResult = decoder.validateAndDecodePermission(caveats);\n if (decodeResult.isValid) {\n successfulDecodingResult.push({\n decoder,\n rules: decodeResult.rules,\n data: decodeResult.data,\n expiry: decodeResult.expiry,\n });\n } else {\n failedAttempts.push({\n permissionType: decoder.permissionType,\n error: decodeResult.error,\n });\n }\n }\n\n if (successfulDecodingResult.length === 1) {\n return successfulDecodingResult[0];\n }\n\n if (successfulDecodingResult.length > 1) {\n const types = successfulDecodingResult\n .map((result) => result.decoder.permissionType)\n .join(', ');\n throw new Error(\n `Multiple permission types validate the same delegation caveats: ${types}`,\n );\n }\n\n if (failedAttempts.length === 1) {\n throw failedAttempts[0].error;\n }\n\n const details = failedAttempts\n .map(\n (attempt) =>\n `${String(attempt.permissionType)}: ${attempt.error.message}`,\n )\n .join('; ');\n\n throw new Error(\n `No permission type could validate the delegation caveats. Attempts: ${details}`,\n );\n};\n\n/**\n * Reconstructs a {@link DecodedPermission} object from primitive values\n * obtained while decoding a permission context.\n *\n * @param args - The arguments to this function.\n * @param args.chainId - Chain ID.\n * @param args.permissionType - Identified permission type.\n * @param args.delegator - Address of the account delegating permission.\n * @param args.delegate - Address that will act under the granted permission.\n * @param args.authority - Authority identifier; must be ROOT_AUTHORITY.\n * @param args.expiry - Expiry timestamp (unix seconds) or null if unbounded.\n * @param args.data - Permission-specific decoded data payload.\n * @param args.justification - Human-readable justification for the permission.\n * @param args.specifiedOrigin - The origin reported in the request metadata.\n * @param args.rules - Rules recovered from caveats (e.g. redeemer allowlist).\n *\n * @returns The reconstructed {@link DecodedPermission}.\n */\nexport const reconstructDecodedPermission = ({\n chainId,\n permissionType,\n delegator,\n delegate,\n authority,\n expiry,\n data,\n justification,\n specifiedOrigin,\n rules,\n}: {\n chainId: number;\n permissionType: PermissionType;\n delegator: Hex;\n delegate: Hex;\n authority: Hex;\n expiry: number | null;\n data: DecodedPermission['permission']['data'];\n justification: string;\n specifiedOrigin: string;\n rules?: DecodedPermission['rules'];\n}): DecodedPermission => {\n if (authority !== ROOT_AUTHORITY) {\n throw new Error('Invalid authority');\n }\n\n const permission: DecodedPermission = {\n chainId: numberToHex(chainId),\n from: delegator,\n to: delegate,\n permission: {\n type: permissionType,\n data,\n justification,\n },\n expiry,\n origin: specifiedOrigin,\n ...(rules === undefined ? {} : { rules }),\n };\n\n return permission;\n};\n"]}
1
+ {"version":3,"file":"decodePermission.mjs","sourceRoot":"","sources":["../../src/decodePermission/decodePermission.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,kCAAkC;AAC3D,OAAO,EAAE,WAAW,EAAE,wBAAwB;AAS9C;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,oCAAoC,GAAG,CAAC,EACnD,SAAS,EACT,eAAe,GAIhB,EAAoB,EAAE;IACrB,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC,CAAC;AAChF,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,mCAAmC,GAAG,CAAC,EAClD,SAAS,EACT,eAAe,GAIhB,EAAkB,EAAE;IACnB,MAAM,aAAa,GAAG,oCAAoC,CAAC;QACzD,SAAS;QACT,eAAe;KAChB,CAAC,CAAC;IAEH,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IACD,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,aAAa,CAAC,CAAC,CAAC,CAAC;AAC1B,CAAC,CAAC;AAcF;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,oCAAoC,GAAG,CAAC,EACnD,cAAc,EACd,OAAO,GAIR,EAA4B,EAAE;IAC7B,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,wBAAwB,GAA+B,EAAE,CAAC;IAEhE,MAAM,cAAc,GAAuD,EAAE,CAAC;IAE9E,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAClC,MAAM,YAAY,GAAG,IAAI,CAAC,2BAA2B,CAAC,OAAO,CAAC,CAAC;QAC/D,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YACzB,wBAAwB,CAAC,IAAI,CAAC;gBAC5B,IAAI;gBACJ,KAAK,EAAE,YAAY,CAAC,KAAK;gBACzB,IAAI,EAAE,YAAY,CAAC,IAAI;gBACvB,MAAM,EAAE,YAAY,CAAC,MAAM;aAC5B,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,cAAc,CAAC,IAAI,CAAC;gBAClB,cAAc,EAAE,IAAI,CAAC,cAAc;gBACnC,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,wBAAwB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1C,OAAO,wBAAwB,CAAC,CAAC,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,wBAAwB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,wBAAwB;aACnC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC;aAC3C,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CACb,mEAAmE,KAAK,EAAE,CAC3E,CAAC;IACJ,CAAC;IAED,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,cAAc,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAChC,CAAC;IAED,MAAM,OAAO,GAAG,cAAc;SAC3B,GAAG,CACF,CAAC,OAAO,EAAE,EAAE,CACV,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAChE;SACA,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,MAAM,IAAI,KAAK,CACb,uEAAuE,OAAO,EAAE,CACjF,CAAC;AACJ,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,EAC3C,OAAO,EACP,cAAc,EACd,SAAS,EACT,QAAQ,EACR,SAAS,EACT,MAAM,EACN,IAAI,EACJ,aAAa,EACb,eAAe,EACf,KAAK,GAYN,EAAqB,EAAE;IACtB,IAAI,SAAS,KAAK,cAAc,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,UAAU,GAAsB;QACpC,OAAO,EAAE,WAAW,CAAC,OAAO,CAAC;QAC7B,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,QAAQ;QACZ,UAAU,EAAE;YACV,IAAI,EAAE,cAAc;YACpB,IAAI;YACJ,aAAa;SACd;QACD,MAAM;QACN,MAAM,EAAE,eAAe;QACvB,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC;KAC1C,CAAC;IAEF,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC","sourcesContent":["import type { Caveat, Hex } from '@metamask/delegation-core';\nimport { ROOT_AUTHORITY } from '@metamask/delegation-core';\nimport { numberToHex } from '@metamask/utils';\n\nimport type {\n DecodedPermission,\n PermissionType,\n PermissionRule,\n ValidateAndDecodeResult,\n} from './types';\n\n/**\n * Returns every permission rule whose caveat-address pattern matches the given\n * enforcer list for the chain. Used when more than one permission type can\n * share the same enforcer set; the caller must disambiguate by validating\n * caveat terms (see {@link selectUniqueRuleAndDecodedPermission}).\n *\n * @param args - The arguments to this function.\n * @param args.enforcers - List of enforcer contract addresses (hex strings).\n * @param args.permissionRules - The permission rules for the chain.\n * @returns All rules that match, possibly empty.\n */\nexport const findRulesWithMatchingCaveatAddresses = ({\n enforcers,\n permissionRules,\n}: {\n enforcers: Hex[];\n permissionRules: PermissionRule[];\n}): PermissionRule[] => {\n return permissionRules.filter((rule) => rule.caveatAddressesMatch(enforcers));\n};\n\n/**\n * Returns the unique permission rule that matches a given set of enforcer\n * contract addresses (caveat types) for a specific chain.\n *\n * A rule matches when:\n * - All of its required enforcers are present in the provided list; and\n * - No provided enforcer falls outside the union of the rule's required and\n * optional enforcers (currently only `TimestampEnforcer` is allowed extra).\n *\n * If exactly one rule matches, it is returned.\n *\n * @param args - The arguments to this function.\n * @param args.enforcers - List of enforcer contract addresses (hex strings).\n * @param args.permissionRules - The permission rules for the chain.\n * @returns The matching permission rule.\n * @throws If no rule matches, or if more than one rule matches.\n */\nexport const findRuleWithMatchingCaveatAddresses = ({\n enforcers,\n permissionRules,\n}: {\n enforcers: Hex[];\n permissionRules: PermissionRule[];\n}): PermissionRule => {\n const matchingRules = findRulesWithMatchingCaveatAddresses({\n enforcers,\n permissionRules,\n });\n\n if (matchingRules.length === 0) {\n throw new Error('Unable to identify permission type');\n }\n if (matchingRules.length > 1) {\n throw new Error('Multiple permission types match');\n }\n return matchingRules[0];\n};\n\ntype SuccessfulValidateAndDecodeResult = Extract<\n ValidateAndDecodeResult,\n { isValid: true }\n>;\n\ntype RuleAndDecodedPermission = {\n rule: PermissionRule;\n rules: SuccessfulValidateAndDecodeResult['rules'];\n data: SuccessfulValidateAndDecodeResult['data'];\n expiry: SuccessfulValidateAndDecodeResult['expiry'];\n};\n\n/**\n * Runs {@link PermissionRule.validateAndDecodePermission} on each candidate\n * rule. Use when several rules share the same caveat addresses.\n *\n * @param args - The arguments to this function.\n * @param args.candidateRules - Rules whose addresses already match the caveats.\n * @param args.caveats - Caveats from the delegation.\n * @returns The unique rule and decoded expiry/data when exactly one rule validates.\n * @throws If `candidateRules` is empty, if no rule validates, or if more than one rule validates.\n */\nexport const selectUniqueRuleAndDecodedPermission = ({\n candidateRules,\n caveats,\n}: {\n candidateRules: PermissionRule[];\n caveats: Caveat<Hex>[];\n}): RuleAndDecodedPermission => {\n if (candidateRules.length === 0) {\n throw new Error('Unable to identify permission type');\n }\n\n const successfulDecodingResult: RuleAndDecodedPermission[] = [];\n\n const failedAttempts: { permissionType: PermissionType; error: Error }[] = [];\n\n for (const rule of candidateRules) {\n const decodeResult = rule.validateAndDecodePermission(caveats);\n if (decodeResult.isValid) {\n successfulDecodingResult.push({\n rule,\n rules: decodeResult.rules,\n data: decodeResult.data,\n expiry: decodeResult.expiry,\n });\n } else {\n failedAttempts.push({\n permissionType: rule.permissionType,\n error: decodeResult.error,\n });\n }\n }\n\n if (successfulDecodingResult.length === 1) {\n return successfulDecodingResult[0];\n }\n\n if (successfulDecodingResult.length > 1) {\n const types = successfulDecodingResult\n .map((result) => result.rule.permissionType)\n .join(', ');\n throw new Error(\n `Multiple permission types validate the same delegation caveats: ${types}`,\n );\n }\n\n if (failedAttempts.length === 1) {\n throw failedAttempts[0].error;\n }\n\n const details = failedAttempts\n .map(\n (attempt) =>\n `${String(attempt.permissionType)}: ${attempt.error.message}`,\n )\n .join('; ');\n\n throw new Error(\n `No permission type could validate the delegation caveats. Attempts: ${details}`,\n );\n};\n\n/**\n * Reconstructs a {@link DecodedPermission} object from primitive values\n * obtained while decoding a permission context.\n *\n * The resulting object contains:\n * - `chainId` encoded as hex (`0x…`)\n * - `address` set to the delegator (user account)\n * - `signer` set to an account signer with the delegate address\n * - `permission` with the identified type and decoded data\n * - `expiry` timestamp (or null)\n *\n * @param args - The arguments to this function.\n * @param args.chainId - Chain ID.\n * @param args.permissionType - Identified permission type.\n * @param args.delegator - Address of the account delegating permission.\n * @param args.delegate - Address that will act under the granted permission.\n * @param args.authority - Authority identifier; must be ROOT_AUTHORITY.\n * @param args.expiry - Expiry timestamp (unix seconds) or null if unbounded.\n * @param args.data - Permission-specific decoded data payload.\n * @param args.justification - Human-readable justification for the permission.\n * @param args.specifiedOrigin - The origin reported in the request metadata.\n * @param args.rules - Rules recovered from caveats (e.g. redeemer allowlist).\n *\n * @returns The reconstructed {@link DecodedPermission}.\n */\nexport const reconstructDecodedPermission = ({\n chainId,\n permissionType,\n delegator,\n delegate,\n authority,\n expiry,\n data,\n justification,\n specifiedOrigin,\n rules,\n}: {\n chainId: number;\n permissionType: PermissionType;\n delegator: Hex;\n delegate: Hex;\n authority: Hex;\n expiry: number | null;\n data: DecodedPermission['permission']['data'];\n justification: string;\n specifiedOrigin: string;\n rules?: DecodedPermission['rules'];\n}): DecodedPermission => {\n if (authority !== ROOT_AUTHORITY) {\n throw new Error('Invalid authority');\n }\n\n const permission: DecodedPermission = {\n chainId: numberToHex(chainId),\n from: delegator,\n to: delegate,\n permission: {\n type: permissionType,\n data,\n justification,\n },\n expiry,\n origin: specifiedOrigin,\n ...(rules === undefined ? {} : { rules }),\n };\n\n return permission;\n};\n"]}