@metamask-previews/permission-log-controller 0.0.0-preview.08978bf

package/CHANGELOG.md

@@ -0,0 +1,10 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+[Unreleased]: https://github.com/MetaMask/core/

package/LICENSE

@@ -0,0 +1,18 @@
+Copyright ConsenSys Software Inc. 2022. All rights reserved.
+
+You acknowledge and agree that ConsenSys Software Inc. (“ConsenSys”) (or ConsenSys’s licensors) own all legal right, title and interest in and to the work, software, application, source code, documentation and any other documents in this repository (collectively, the “Program”), including any intellectual property rights which subsist in the Program (whether those rights happen to be registered or not, and wherever in the world those rights may exist), whether in source code or any other form.
+
+Subject to the limited license below, you may not (and you may not permit anyone else to) distribute, publish, copy, modify, merge, combine with another program, create derivative works of, reverse engineer, decompile or otherwise attempt to extract the source code of, the Program or any part thereof, except that you may contribute to this repository.
+
+You are granted a non-exclusive, non-transferable, non-sublicensable license to distribute, publish, copy, modify, merge, combine with another program or create derivative works of the Program (such resulting program, collectively, the “Resulting Program”) solely for Non-Commercial Use as long as you:
+ 1. give prominent notice (“Notice”) with each copy of the Resulting Program that the Program is used in the Resulting Program and that the Program is the copyright of ConsenSys; and
+ 2. subject the Resulting Program and any distribution, publication, copy, modification, merger therewith, combination with another program or derivative works thereof to the same Notice requirement and Non-Commercial Use restriction set forth herein.
+
+“Non-Commercial Use” means each use as described in clauses (1)-(3) below, as reasonably determined by ConsenSys in its sole discretion:
+ 1. personal use for research, personal study, private entertainment, hobby projects or amateur pursuits, in each case without any anticipated commercial application;
+ 2. use by any charitable organization, educational institution, public research organization, public safety or health organization, environmental protection organization or government institution; or
+ 3. the number of monthly active users of the Resulting Program across all versions thereof and platforms globally do not exceed 10,000 at any time.
+
+You will not use any trade mark, service mark, trade name, logo of ConsenSys or any other company or organization in a way that is likely or intended to cause confusion about the owner or authorized user of such marks, names or logos.
+
+If you have any questions, comments or interest in pursuing any other use cases, please reach out to us at communications@metamask.io.

package/README.md

@@ -0,0 +1,15 @@
+# `@metamask/permission-log-controller`
+
+Controller with middleware for logging requests and responses to restricted and permissions-related methods.
+
+## Installation
+
+`yarn add @metamask/permission-log-controller`
+
+or
+
+`npm install @metamask/permission-log-controller`
+
+## Contributing
+
+This package is part of a monorepo. Instructions for contributing can be found in the [monorepo README](https://github.com/MetaMask/core#readme).

package/dist/PermissionLogController.d.ts

@@ -0,0 +1,81 @@
+import { BaseController, type RestrictedControllerMessenger } from '@metamask/base-controller';
+import type { JsonRpcMiddleware } from '@metamask/json-rpc-engine';
+import { type Json, type JsonRpcRequest, type JsonRpcParams } from '@metamask/utils';
+import { LOG_METHOD_TYPES } from './enums';
+export declare type JsonRpcRequestWithOrigin<Params extends JsonRpcParams = JsonRpcParams> = JsonRpcRequest<Params> & {
+    origin?: string;
+};
+export declare type Caveat = {
+    type: string;
+    value: string[];
+};
+export declare type Permission = {
+    parentCapability: string;
+    caveats?: Caveat[];
+};
+export declare type PermissionActivityLog = {
+    id: string | number | null;
+    method: string;
+    methodType: LOG_METHOD_TYPES;
+    origin?: string;
+    requestTime: number;
+    responseTime: number | null;
+    success: boolean | null;
+};
+export declare type PermissionLog = {
+    accounts?: Record<string, number>;
+    lastApproved?: number;
+};
+export declare type PermissionEntry = Record<string, PermissionLog>;
+export declare type PermissionHistory = Record<string, PermissionEntry>;
+/**
+ *
+ * Permission log controller state
+ * @property permissionHistory - permission history
+ * @property permissionActivityLog - permission activity logs
+ */
+export declare type PermissionLogControllerState = {
+    permissionHistory: PermissionHistory;
+    permissionActivityLog: PermissionActivityLog[];
+};
+export declare type PermissionLogControllerOptions = {
+    restrictedMethods: Set<string>;
+    state?: Partial<PermissionLogControllerState>;
+    messenger: PermissionLogControllerMessenger;
+};
+export declare type PermissionLogControllerMessenger = RestrictedControllerMessenger<typeof name, never, never, never, never>;
+/**
+ * The name of the {@link PermissionController}.
+ */
+declare const name = "PermissionLogController";
+/**
+ * Controller with middleware for logging requests and responses to restricted
+ * and permissions-related methods.
+ */
+export declare class PermissionLogController extends BaseController<typeof name, PermissionLogControllerState, PermissionLogControllerMessenger> {
+    #private;
+    constructor({ messenger, restrictedMethods, state, }: PermissionLogControllerOptions);
+    /**
+     * Updates the exposed account history for the given origin.
+     * Sets the 'last seen' time to Date.now() for the given accounts.
+     * Does **not** update the 'lastApproved' time for the permission itself.
+     * Returns if the accounts array is empty.
+     *
+     * @param origin - The origin that the accounts are exposed to.
+     * @param accounts - The accounts.
+     */
+    updateAccountsHistory(origin: string, accounts: string[]): void;
+    /**
+     * Create a permissions log middleware. Records permissions activity and history:
+     *
+     * Activity: requests and responses for restricted and most wallet_ methods.
+     *
+     * History: for each origin, the last time a permission was granted, including
+     * which accounts were exposed, if any.
+     *
+     * @returns The permissions log middleware.
+     */
+    createMiddleware(): JsonRpcMiddleware<JsonRpcParams, Json>;
+}
+export {};
+//# sourceMappingURL=PermissionLogController.d.ts.map

package/dist/PermissionLogController.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PermissionLogController.d.ts","sourceRoot":"","sources":["../src/PermissionLogController.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,KAAK,6BAA6B,EACnC,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EACL,KAAK,IAAI,EACT,KAAK,cAAc,EACnB,KAAK,aAAa,EAGnB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAGL,gBAAgB,EAGjB,MAAM,SAAS,CAAC;AAEjB,oBAAY,wBAAwB,CAClC,MAAM,SAAS,aAAa,GAAG,aAAa,IAC1C,cAAc,CAAC,MAAM,CAAC,GAAG;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,oBAAY,MAAM,GAAG;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB,CAAC;AAEF,oBAAY,UAAU,GAAG;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB,CAAC;AAEF,oBAAY,qBAAqB,GAAG;IAClC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,gBAAgB,CAAC;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC;CACzB,CAAC;AAEF,oBAAY,aAAa,GAAG;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AACF,oBAAY,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;AAE5D,oBAAY,iBAAiB,GAAG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;AAEhE;;;;;GAKG;AACH,oBAAY,4BAA4B,GAAG;IACzC,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,qBAAqB,EAAE,qBAAqB,EAAE,CAAC;CAChD,CAAC;AAEF,oBAAY,8BAA8B,GAAG;IAC3C,iBAAiB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/B,KAAK,CAAC,EAAE,OAAO,CAAC,4BAA4B,CAAC,CAAC;IAC9C,SAAS,EAAE,gCAAgC,CAAC;CAC7C,CAAC;AAEF,oBAAY,gCAAgC,GAAG,6BAA6B,CAC1E,OAAO,IAAI,EACX,KAAK,EACL,KAAK,EACL,KAAK,EACL,KAAK,CACN,CAAC;AAOF;;GAEG;AACH,QAAA,MAAM,IAAI,4BAA4B,CAAC;AAEvC;;;GAGG;AACH,qBAAa,uBAAwB,SAAQ,cAAc,CACzD,OAAO,IAAI,EACX,4BAA4B,EAC5B,gCAAgC,CACjC;;gBAGa,EACV,SAAS,EACT,iBAAiB,EACjB,KAAK,GACN,EAAE,8BAA8B;IAmBjC;;;;;;;;OAQG;IACH,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE;IAYxD;;;;;;;;;OASG;IACH,gBAAgB,IAAI,iBAAiB,CAAC,aAAa,EAAE,IAAI,CAAC;CAoS3D"}

package/dist/PermissionLogController.js

@@ -0,0 +1,239 @@
+"use strict";
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _PermissionLogController_instances, _PermissionLogController_restrictedMethods, _PermissionLogController_getAccountToTimeMap, _PermissionLogController_logRequest, _PermissionLogController_logResponse, _PermissionLogController_logPermissionsHistory, _PermissionLogController_commitNewHistory, _PermissionLogController_getRequestedMethods, _PermissionLogController_getAccountsFromPermission;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionLogController = void 0;
+const base_controller_1 = require("@metamask/base-controller");
+const utils_1 = require("@metamask/utils");
+const enums_1 = require("./enums");
+const defaultState = {
+    permissionHistory: {},
+    permissionActivityLog: [],
+};
+/**
+ * The name of the {@link PermissionController}.
+ */
+const name = 'PermissionLogController';
+/**
+ * Controller with middleware for logging requests and responses to restricted
+ * and permissions-related methods.
+ */
+class PermissionLogController extends base_controller_1.BaseController {
+    constructor({ messenger, restrictedMethods, state, }) {
+        super({
+            messenger,
+            name,
+            metadata: {
+                permissionHistory: {
+                    persist: true,
+                    anonymous: false,
+                },
+                permissionActivityLog: {
+                    persist: true,
+                    anonymous: false,
+                },
+            },
+            state: Object.assign(Object.assign({}, defaultState), state),
+        });
+        _PermissionLogController_instances.add(this);
+        _PermissionLogController_restrictedMethods.set(this, void 0);
+        __classPrivateFieldSet(this, _PermissionLogController_restrictedMethods, restrictedMethods, "f");
+    }
+    /**
+     * Updates the exposed account history for the given origin.
+     * Sets the 'last seen' time to Date.now() for the given accounts.
+     * Does **not** update the 'lastApproved' time for the permission itself.
+     * Returns if the accounts array is empty.
+     *
+     * @param origin - The origin that the accounts are exposed to.
+     * @param accounts - The accounts.
+     */
+    updateAccountsHistory(origin, accounts) {
+        if (accounts.length === 0) {
+            return;
+        }
+        const newEntries = {
+            eth_accounts: {
+                accounts: __classPrivateFieldGet(this, _PermissionLogController_instances, "m", _PermissionLogController_getAccountToTimeMap).call(this, accounts, Date.now()),
+            },
+        };
+        __classPrivateFieldGet(this, _PermissionLogController_instances, "m", _PermissionLogController_commitNewHistory).call(this, origin, newEntries);
+    }
+    /**
+     * Create a permissions log middleware. Records permissions activity and history:
+     *
+     * Activity: requests and responses for restricted and most wallet_ methods.
+     *
+     * History: for each origin, the last time a permission was granted, including
+     * which accounts were exposed, if any.
+     *
+     * @returns The permissions log middleware.
+     */
+    createMiddleware() {
+        return (req, res, next) => {
+            const { origin, method } = req;
+            const isInternal = method.startsWith(enums_1.WALLET_PREFIX);
+            const isEthRequestAccounts = method === 'eth_requestAccounts';
+            // Determine if the method should be logged
+            if ((!enums_1.LOG_IGNORE_METHODS.includes(method) &&
+                (isInternal || __classPrivateFieldGet(this, _PermissionLogController_restrictedMethods, "f").has(method))) ||
+                isEthRequestAccounts) {
+                const activityEntry = __classPrivateFieldGet(this, _PermissionLogController_instances, "m", _PermissionLogController_logRequest).call(this, req, isInternal);
+                const requestedMethods = __classPrivateFieldGet(this, _PermissionLogController_instances, "m", _PermissionLogController_getRequestedMethods).call(this, req);
+                // Call next with a return handler for capturing the response
+                next((cb) => {
+                    const time = Date.now();
+                    __classPrivateFieldGet(this, _PermissionLogController_instances, "m", _PermissionLogController_logResponse).call(this, activityEntry, res, time);
+                    if (requestedMethods && !res.error && res.result && origin) {
+                        __classPrivateFieldGet(this, _PermissionLogController_instances, "m", _PermissionLogController_logPermissionsHistory).call(this, requestedMethods, origin, res.result, time, isEthRequestAccounts);
+                    }
+                    cb();
+                });
+                return;
+            }
+            next();
+        };
+    }
+}
+exports.PermissionLogController = PermissionLogController;
+_PermissionLogController_restrictedMethods = new WeakMap(), _PermissionLogController_instances = new WeakSet(), _PermissionLogController_getAccountToTimeMap = function _PermissionLogController_getAccountToTimeMap(accounts, time) {
+    return accounts.reduce((acc, account) => (Object.assign(Object.assign({}, acc), { [account]: time })), {});
+}, _PermissionLogController_logRequest = function _PermissionLogController_logRequest(request, isInternal) {
+    const activityEntry = {
+        id: request.id,
+        method: request.method,
+        methodType: isInternal
+            ? enums_1.LOG_METHOD_TYPES.internal
+            : enums_1.LOG_METHOD_TYPES.restricted,
+        origin: request.origin,
+        requestTime: Date.now(),
+        responseTime: null,
+        success: null,
+    };
+    this.update((state) => {
+        const newLogs = [...state.permissionActivityLog, activityEntry];
+        state.permissionActivityLog =
+            // remove oldest log if exceeding size limit
+            newLogs.length > enums_1.LOG_LIMIT ? newLogs.slice(1) : newLogs;
+    });
+    return activityEntry;
+}, _PermissionLogController_logResponse = function _PermissionLogController_logResponse(entry, response, time) {
+    if (!entry || !response) {
+        return;
+    }
+    // The JSON-RPC 2.0 specification defines "success" by the presence of
+    // either the "result" or "error" property. The specification forbids
+    // both properties from being present simultaneously, and our JSON-RPC
+    // stack is spec-compliant at the time of writing.
+    this.update((state) => {
+        state.permissionActivityLog = state.permissionActivityLog.map((log) => {
+            // Update the log entry that matches the given entry id
+            if (log.id === entry.id) {
+                return Object.assign(Object.assign({}, log), { success: (0, utils_1.hasProperty)(response, 'result'), responseTime: time });
+            }
+            return log;
+        });
+    });
+}, _PermissionLogController_logPermissionsHistory = function _PermissionLogController_logPermissionsHistory(requestedMethods, origin, result, time, isEthRequestAccounts) {
+    let newEntries;
+    if (isEthRequestAccounts) {
+        // Type assertion: We are assuming that the response data contains
+        // a set of accounts if the RPC method is "eth_requestAccounts".
+        const accounts = result;
+        newEntries = {
+            eth_accounts: {
+                accounts: __classPrivateFieldGet(this, _PermissionLogController_instances, "m", _PermissionLogController_getAccountToTimeMap).call(this, accounts, time),
+                lastApproved: time,
+            },
+        };
+    }
+    else {
+        // Records new "lastApproved" times for the granted permissions, if any.
+        // Special handling for eth_accounts, in order to record the time the
+        // accounts were last seen or approved by the origin.
+        // Type assertion: We are assuming that the response data contains
+        // a set of permissions if the RPC method is "eth_requestPermissions".
+        const permissions = result;
+        newEntries = permissions.reduce((acc, permission) => {
+            const method = permission.parentCapability;
+            if (!requestedMethods.includes(method)) {
+                return acc;
+            }
+            if (method === 'eth_accounts') {
+                const accounts = __classPrivateFieldGet(this, _PermissionLogController_instances, "m", _PermissionLogController_getAccountsFromPermission).call(this, permission);
+                return Object.assign(Object.assign({}, acc), { [method]: {
+                        lastApproved: time,
+                        accounts: __classPrivateFieldGet(this, _PermissionLogController_instances, "m", _PermissionLogController_getAccountToTimeMap).call(this, accounts, time),
+                    } });
+            }
+            return Object.assign(Object.assign({}, acc), { [method]: {
+                    lastApproved: time,
+                } });
+        }, {});
+    }
+    if (Object.keys(newEntries).length > 0) {
+        __classPrivateFieldGet(this, _PermissionLogController_instances, "m", _PermissionLogController_commitNewHistory).call(this, origin, newEntries);
+    }
+}, _PermissionLogController_commitNewHistory = function _PermissionLogController_commitNewHistory(origin, newEntries) {
+    var _a, _b;
+    const { permissionHistory } = this.state;
+    // a simple merge updates most permissions
+    const oldOriginHistory = (_a = permissionHistory[origin]) !== null && _a !== void 0 ? _a : {};
+    const newOriginHistory = Object.assign(Object.assign({}, oldOriginHistory), newEntries);
+    // eth_accounts requires special handling, because of information
+    // we store about the accounts
+    const existingEthAccountsEntry = oldOriginHistory.eth_accounts;
+    const newEthAccountsEntry = newEntries.eth_accounts;
+    if (existingEthAccountsEntry && newEthAccountsEntry) {
+        // we may intend to update just the accounts, not the permission
+        // itself
+        const lastApproved = (_b = newEthAccountsEntry.lastApproved) !== null && _b !== void 0 ? _b : existingEthAccountsEntry.lastApproved;
+        // merge old and new eth_accounts history entries
+        newOriginHistory.eth_accounts = {
+            lastApproved,
+            accounts: Object.assign(Object.assign({}, existingEthAccountsEntry.accounts), newEthAccountsEntry.accounts),
+        };
+    }
+    this.update((state) => {
+        state.permissionHistory = Object.assign(Object.assign({}, permissionHistory), { [origin]: newOriginHistory });
+    });
+}, _PermissionLogController_getRequestedMethods = function _PermissionLogController_getRequestedMethods(request) {
+    const { method, params } = request;
+    if (method === 'eth_requestAccounts') {
+        return ['eth_accounts'];
+    }
+    else if (method === `${enums_1.WALLET_PREFIX}requestPermissions` &&
+        params &&
+        Array.isArray(params) &&
+        params[0] &&
+        typeof params[0] === 'object' &&
+        !Array.isArray(params[0])) {
+        return Object.keys(params[0]);
+    }
+    return null;
+}, _PermissionLogController_getAccountsFromPermission = function _PermissionLogController_getAccountsFromPermission(permission) {
+    if (permission.parentCapability !== 'eth_accounts' || !permission.caveats) {
+        return [];
+    }
+    const accounts = new Set();
+    for (const caveat of permission.caveats) {
+        if (caveat.type === enums_1.CAVEAT_TYPES.restrictReturnedAccounts &&
+            Array.isArray(caveat.value)) {
+            for (const value of caveat.value) {
+                accounts.add(value);
+            }
+        }
+    }
+    return [...accounts];
+};
+//# sourceMappingURL=PermissionLogController.js.map

package/dist/PermissionLogController.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PermissionLogController.js","sourceRoot":"","sources":["../src/PermissionLogController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,+DAGmC;AAEnC,2CAMyB;AAEzB,mCAMiB;AA6DjB,MAAM,YAAY,GAAiC;IACjD,iBAAiB,EAAE,EAAE;IACrB,qBAAqB,EAAE,EAAE;CAC1B,CAAC;AAEF;;GAEG;AACH,MAAM,IAAI,GAAG,yBAAyB,CAAC;AAEvC;;;GAGG;AACH,MAAa,uBAAwB,SAAQ,gCAI5C;IAGC,YAAY,EACV,SAAS,EACT,iBAAiB,EACjB,KAAK,GAC0B;QAC/B,KAAK,CAAC;YACJ,SAAS;YACT,IAAI;YACJ,QAAQ,EAAE;gBACR,iBAAiB,EAAE;oBACjB,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,KAAK;iBACjB;gBACD,qBAAqB,EAAE;oBACrB,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,KAAK;iBACjB;aACF;YACD,KAAK,kCAAO,YAAY,GAAK,KAAK,CAAE;SACrC,CAAC,CAAC;;QArBL,6DAAgC;QAsB9B,uBAAA,IAAI,8CAAsB,iBAAiB,MAAA,CAAC;IAC9C,CAAC;IAED;;;;;;;;OAQG;IACH,qBAAqB,CAAC,MAAc,EAAE,QAAkB;QACtD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;YACzB,OAAO;SACR;QACD,MAAM,UAAU,GAAG;YACjB,YAAY,EAAE;gBACZ,QAAQ,EAAE,uBAAA,IAAI,wFAAqB,MAAzB,IAAI,EAAsB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;aAC1D;SACF,CAAC;QACF,uBAAA,IAAI,qFAAkB,MAAtB,IAAI,EAAmB,MAAM,EAAE,UAAU,CAAC,CAAC;IAC7C,CAAC;IAED;;;;;;;;;OASG;IACH,gBAAgB;QACd,OAAO,CAAC,GAA6B,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YAClD,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;YAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,qBAAa,CAAC,CAAC;YACpD,MAAM,oBAAoB,GAAG,MAAM,KAAK,qBAAqB,CAAC;YAE9D,2CAA2C;YAC3C,IACE,CAAC,CAAC,0BAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACnC,CAAC,UAAU,IAAI,uBAAA,IAAI,kDAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;gBACtD,oBAAoB,EACpB;gBACA,MAAM,aAAa,GAAG,uBAAA,IAAI,+EAAY,MAAhB,IAAI,EAAa,GAAG,EAAE,UAAU,CAAC,CAAC;gBAExD,MAAM,gBAAgB,GAAG,uBAAA,IAAI,wFAAqB,MAAzB,IAAI,EAAsB,GAAG,CAAC,CAAC;gBAExD,6DAA6D;gBAC7D,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE;oBACV,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;oBACxB,uBAAA,IAAI,gFAAa,MAAjB,IAAI,EAAc,aAAa,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;oBAE5C,IAAI,gBAAgB,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,MAAM,IAAI,MAAM,EAAE;wBAC1D,uBAAA,IAAI,0FAAuB,MAA3B,IAAI,EACF,gBAAgB,EAChB,MAAM,EACN,GAAG,CAAC,MAAM,EACV,IAAI,EACJ,oBAAoB,CACrB,CAAC;qBACH;oBACD,EAAE,EAAE,CAAC;gBACP,CAAC,CAAC,CAAC;gBACH,OAAO;aACR;YAED,IAAI,EAAE,CAAC;QACT,CAAC,CAAC;IACJ,CAAC;CA+PF;AAjWD,0DAiWC;qNArPG,QAAkB,EAClB,IAAY;IAEZ,OAAO,QAAQ,CAAC,MAAM,CACpB,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,CAAC,iCACb,GAAG,KACN,CAAC,OAAO,CAAC,EAAE,IAAI,IACf,EACF,EAAE,CACH,CAAC;AACJ,CAAC,qFAUC,OAAiC,EACjC,UAAmB;IAEnB,MAAM,aAAa,GAA0B;QAC3C,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,UAAU,EAAE,UAAU;YACpB,CAAC,CAAC,wBAAgB,CAAC,QAAQ;YAC3B,CAAC,CAAC,wBAAgB,CAAC,UAAU;QAC/B,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE;QACvB,YAAY,EAAE,IAAI;QAClB,OAAO,EAAE,IAAI;KACd,CAAC;IACF,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;QACpB,MAAM,OAAO,GAAG,CAAC,GAAG,KAAK,CAAC,qBAAqB,EAAE,aAAa,CAAC,CAAC;QAChE,KAAK,CAAC,qBAAqB;YACzB,4CAA4C;YAC5C,OAAO,CAAC,MAAM,GAAG,iBAAS,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAC5D,CAAC,CAAC,CAAC;IACH,OAAO,aAAa,CAAC;AACvB,CAAC,uFAWC,KAA4B,EAC5B,QAAsC,EACtC,IAAY;IAEZ,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE;QACvB,OAAO;KACR;IAED,sEAAsE;IACtE,qEAAqE;IACrE,sEAAsE;IACtE,kDAAkD;IAClD,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;QACpB,KAAK,CAAC,qBAAqB,GAAG,KAAK,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YACpE,uDAAuD;YACvD,IAAI,GAAG,CAAC,EAAE,KAAK,KAAK,CAAC,EAAE,EAAE;gBACvB,uCACK,GAAG,KACN,OAAO,EAAE,IAAA,mBAAW,EAAC,QAAQ,EAAE,QAAQ,CAAC,EACxC,YAAY,EAAE,IAAI,IAClB;aACH;YACD,OAAO,GAAG,CAAC;QACb,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,2GAYC,gBAA0B,EAC1B,MAAc,EACd,MAAY,EACZ,IAAY,EACZ,oBAA6B;IAE7B,IAAI,UAA2B,CAAC;IAEhC,IAAI,oBAAoB,EAAE;QACxB,kEAAkE;QAClE,gEAAgE;QAChE,MAAM,QAAQ,GAAG,MAAkB,CAAC;QACpC,UAAU,GAAG;YACX,YAAY,EAAE;gBACZ,QAAQ,EAAE,uBAAA,IAAI,wFAAqB,MAAzB,IAAI,EAAsB,QAAQ,EAAE,IAAI,CAAC;gBACnD,YAAY,EAAE,IAAI;aACnB;SACF,CAAC;KACH;SAAM;QACL,wEAAwE;QACxE,qEAAqE;QACrE,qDAAqD;QACrD,kEAAkE;QAClE,sEAAsE;QACtE,MAAM,WAAW,GAAG,MAAsB,CAAC;QAC3C,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,GAAoB,EAAE,UAAU,EAAE,EAAE;YACnE,MAAM,MAAM,GAAG,UAAU,CAAC,gBAAgB,CAAC;YAE3C,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;gBACtC,OAAO,GAAG,CAAC;aACZ;YAED,IAAI,MAAM,KAAK,cAAc,EAAE;gBAC7B,MAAM,QAAQ,GAAG,uBAAA,IAAI,8FAA2B,MAA/B,IAAI,EAA4B,UAAU,CAAC,CAAC;gBAC7D,uCACK,GAAG,KACN,CAAC,MAAM,CAAC,EAAE;wBACR,YAAY,EAAE,IAAI;wBAClB,QAAQ,EAAE,uBAAA,IAAI,wFAAqB,MAAzB,IAAI,EAAsB,QAAQ,EAAE,IAAI,CAAC;qBACpD,IACD;aACH;YAED,uCACK,GAAG,KACN,CAAC,MAAM,CAAC,EAAE;oBACR,YAAY,EAAE,IAAI;iBACnB,IACD;QACJ,CAAC,EAAE,EAAE,CAAC,CAAC;KACR;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;QACtC,uBAAA,IAAI,qFAAkB,MAAtB,IAAI,EAAmB,MAAM,EAAE,UAAU,CAAC,CAAC;KAC5C;AACH,CAAC,iGAUiB,MAAc,EAAE,UAA2B;;IAC3D,MAAM,EAAE,iBAAiB,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;IAEzC,0CAA0C;IAC1C,MAAM,gBAAgB,GAAG,MAAA,iBAAiB,CAAC,MAAM,CAAC,mCAAI,EAAE,CAAC;IACzD,MAAM,gBAAgB,mCACjB,gBAAgB,GAChB,UAAU,CACd,CAAC;IAEF,iEAAiE;IACjE,8BAA8B;IAC9B,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,YAAY,CAAC;IAC/D,MAAM,mBAAmB,GAAG,UAAU,CAAC,YAAY,CAAC;IAEpD,IAAI,wBAAwB,IAAI,mBAAmB,EAAE;QACnD,gEAAgE;QAChE,SAAS;QACT,MAAM,YAAY,GAChB,MAAA,mBAAmB,CAAC,YAAY,mCAChC,wBAAwB,CAAC,YAAY,CAAC;QAExC,iDAAiD;QACjD,gBAAgB,CAAC,YAAY,GAAG;YAC9B,YAAY;YACZ,QAAQ,kCACH,wBAAwB,CAAC,QAAQ,GACjC,mBAAmB,CAAC,QAAQ,CAChC;SACF,CAAC;KACH;IAED,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;QACpB,KAAK,CAAC,iBAAiB,mCAClB,iBAAiB,KACpB,CAAC,MAAM,CAAC,EAAE,gBAAgB,GAC3B,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,uGAQoB,OAAiC;IACpD,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IACnC,IAAI,MAAM,KAAK,qBAAqB,EAAE;QACpC,OAAO,CAAC,cAAc,CAAC,CAAC;KACzB;SAAM,IACL,MAAM,KAAK,GAAG,qBAAa,oBAAoB;QAC/C,MAAM;QACN,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QACrB,MAAM,CAAC,CAAC,CAAC;QACT,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,QAAQ;QAC7B,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EACzB;QACA,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;KAC/B;IACD,OAAO,IAAI,CAAC;AACd,CAAC,mHAW0B,UAAsB;IAC/C,IAAI,UAAU,CAAC,gBAAgB,KAAK,cAAc,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE;QACzE,OAAO,EAAE,CAAC;KACX;IAED,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,OAAO,EAAE;QACvC,IACE,MAAM,CAAC,IAAI,KAAK,oBAAY,CAAC,wBAAwB;YACrD,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAC3B;YACA,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,KAAK,EAAE;gBAChC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;aACrB;SACF;KACF;IAED,OAAO,CAAC,GAAG,QAAQ,CAAC,CAAC;AACvB,CAAC","sourcesContent":["import {\n  BaseController,\n  type RestrictedControllerMessenger,\n} from '@metamask/base-controller';\nimport type { JsonRpcMiddleware } from '@metamask/json-rpc-engine';\nimport {\n  type Json,\n  type JsonRpcRequest,\n  type JsonRpcParams,\n  type PendingJsonRpcResponse,\n  hasProperty,\n} from '@metamask/utils';\n\nimport {\n  LOG_IGNORE_METHODS,\n  LOG_LIMIT,\n  LOG_METHOD_TYPES,\n  WALLET_PREFIX,\n  CAVEAT_TYPES,\n} from './enums';\n\nexport type JsonRpcRequestWithOrigin<\n  Params extends JsonRpcParams = JsonRpcParams,\n> = JsonRpcRequest<Params> & {\n  origin?: string;\n};\n\nexport type Caveat = {\n  type: string;\n  value: string[];\n};\n\nexport type Permission = {\n  parentCapability: string;\n  caveats?: Caveat[];\n};\n\nexport type PermissionActivityLog = {\n  id: string | number | null;\n  method: string;\n  methodType: LOG_METHOD_TYPES;\n  origin?: string;\n  requestTime: number;\n  responseTime: number | null;\n  success: boolean | null;\n};\n\nexport type PermissionLog = {\n  accounts?: Record<string, number>;\n  lastApproved?: number;\n};\nexport type PermissionEntry = Record<string, PermissionLog>;\n\nexport type PermissionHistory = Record<string, PermissionEntry>;\n\n/**\n *\n * Permission log controller state\n * @property permissionHistory - permission history\n * @property permissionActivityLog - permission activity logs\n */\nexport type PermissionLogControllerState = {\n  permissionHistory: PermissionHistory;\n  permissionActivityLog: PermissionActivityLog[];\n};\n\nexport type PermissionLogControllerOptions = {\n  restrictedMethods: Set<string>;\n  state?: Partial<PermissionLogControllerState>;\n  messenger: PermissionLogControllerMessenger;\n};\n\nexport type PermissionLogControllerMessenger = RestrictedControllerMessenger<\n  typeof name,\n  never,\n  never,\n  never,\n  never\n>;\n\nconst defaultState: PermissionLogControllerState = {\n  permissionHistory: {},\n  permissionActivityLog: [],\n};\n\n/**\n * The name of the {@link PermissionController}.\n */\nconst name = 'PermissionLogController';\n\n/**\n * Controller with middleware for logging requests and responses to restricted\n * and permissions-related methods.\n */\nexport class PermissionLogController extends BaseController<\n  typeof name,\n  PermissionLogControllerState,\n  PermissionLogControllerMessenger\n> {\n  #restrictedMethods: Set<string>;\n\n  constructor({\n    messenger,\n    restrictedMethods,\n    state,\n  }: PermissionLogControllerOptions) {\n    super({\n      messenger,\n      name,\n      metadata: {\n        permissionHistory: {\n          persist: true,\n          anonymous: false,\n        },\n        permissionActivityLog: {\n          persist: true,\n          anonymous: false,\n        },\n      },\n      state: { ...defaultState, ...state },\n    });\n    this.#restrictedMethods = restrictedMethods;\n  }\n\n  /**\n   * Updates the exposed account history for the given origin.\n   * Sets the 'last seen' time to Date.now() for the given accounts.\n   * Does **not** update the 'lastApproved' time for the permission itself.\n   * Returns if the accounts array is empty.\n   *\n   * @param origin - The origin that the accounts are exposed to.\n   * @param accounts - The accounts.\n   */\n  updateAccountsHistory(origin: string, accounts: string[]) {\n    if (accounts.length === 0) {\n      return;\n    }\n    const newEntries = {\n      eth_accounts: {\n        accounts: this.#getAccountToTimeMap(accounts, Date.now()),\n      },\n    };\n    this.#commitNewHistory(origin, newEntries);\n  }\n\n  /**\n   * Create a permissions log middleware. Records permissions activity and history:\n   *\n   * Activity: requests and responses for restricted and most wallet_ methods.\n   *\n   * History: for each origin, the last time a permission was granted, including\n   * which accounts were exposed, if any.\n   *\n   * @returns The permissions log middleware.\n   */\n  createMiddleware(): JsonRpcMiddleware<JsonRpcParams, Json> {\n    return (req: JsonRpcRequestWithOrigin, res, next) => {\n      const { origin, method } = req;\n      const isInternal = method.startsWith(WALLET_PREFIX);\n      const isEthRequestAccounts = method === 'eth_requestAccounts';\n\n      // Determine if the method should be logged\n      if (\n        (!LOG_IGNORE_METHODS.includes(method) &&\n          (isInternal || this.#restrictedMethods.has(method))) ||\n        isEthRequestAccounts\n      ) {\n        const activityEntry = this.#logRequest(req, isInternal);\n\n        const requestedMethods = this.#getRequestedMethods(req);\n\n        // Call next with a return handler for capturing the response\n        next((cb) => {\n          const time = Date.now();\n          this.#logResponse(activityEntry, res, time);\n\n          if (requestedMethods && !res.error && res.result && origin) {\n            this.#logPermissionsHistory(\n              requestedMethods,\n              origin,\n              res.result,\n              time,\n              isEthRequestAccounts,\n            );\n          }\n          cb();\n        });\n        return;\n      }\n\n      next();\n    };\n  }\n\n  /**\n   * Get a map from account addresses to the given time.\n   *\n   * @param accounts - An array of addresses.\n   * @param time - A time, e.g. Date.now().\n   * @returns A string:number map of addresses to time.\n   */\n  #getAccountToTimeMap(\n    accounts: string[],\n    time: number,\n  ): Record<string, number> {\n    return accounts.reduce(\n      (acc, account) => ({\n        ...acc,\n        [account]: time,\n      }),\n      {},\n    );\n  }\n\n  /**\n   * Creates and commits an activity log entry, without response data.\n   *\n   * @param request - The request object.\n   * @param isInternal - Whether the request is internal.\n   * @returns new added activity entry\n   */\n  #logRequest(\n    request: JsonRpcRequestWithOrigin,\n    isInternal: boolean,\n  ): PermissionActivityLog {\n    const activityEntry: PermissionActivityLog = {\n      id: request.id,\n      method: request.method,\n      methodType: isInternal\n        ? LOG_METHOD_TYPES.internal\n        : LOG_METHOD_TYPES.restricted,\n      origin: request.origin,\n      requestTime: Date.now(),\n      responseTime: null,\n      success: null,\n    };\n    this.update((state) => {\n      const newLogs = [...state.permissionActivityLog, activityEntry];\n      state.permissionActivityLog =\n        // remove oldest log if exceeding size limit\n        newLogs.length > LOG_LIMIT ? newLogs.slice(1) : newLogs;\n    });\n    return activityEntry;\n  }\n\n  /**\n   * Adds response data to an existing activity log entry.\n   * Entry assumed already committed (i.e., in the log).\n   *\n   * @param entry - The entry to add a response to.\n   * @param response - The response object.\n   * @param time - Output from Date.now()\n   */\n  #logResponse(\n    entry: PermissionActivityLog,\n    response: PendingJsonRpcResponse<Json>,\n    time: number,\n  ) {\n    if (!entry || !response) {\n      return;\n    }\n\n    // The JSON-RPC 2.0 specification defines \"success\" by the presence of\n    // either the \"result\" or \"error\" property. The specification forbids\n    // both properties from being present simultaneously, and our JSON-RPC\n    // stack is spec-compliant at the time of writing.\n    this.update((state) => {\n      state.permissionActivityLog = state.permissionActivityLog.map((log) => {\n        // Update the log entry that matches the given entry id\n        if (log.id === entry.id) {\n          return {\n            ...log,\n            success: hasProperty(response, 'result'),\n            responseTime: time,\n          };\n        }\n        return log;\n      });\n    });\n  }\n\n  /**\n   * Create new permissions history log entries, if any, and commit them.\n   *\n   * @param requestedMethods - The method names corresponding to the requested permissions.\n   * @param origin - The origin of the permissions request.\n   * @param result - The permissions request response.result.\n   * @param time - The time of the request, i.e. Date.now().\n   * @param isEthRequestAccounts - Whether the permissions request was 'eth_requestAccounts'.\n   */\n  #logPermissionsHistory(\n    requestedMethods: string[],\n    origin: string,\n    result: Json,\n    time: number,\n    isEthRequestAccounts: boolean,\n  ) {\n    let newEntries: PermissionEntry;\n\n    if (isEthRequestAccounts) {\n      // Type assertion: We are assuming that the response data contains\n      // a set of accounts if the RPC method is \"eth_requestAccounts\".\n      const accounts = result as string[];\n      newEntries = {\n        eth_accounts: {\n          accounts: this.#getAccountToTimeMap(accounts, time),\n          lastApproved: time,\n        },\n      };\n    } else {\n      // Records new \"lastApproved\" times for the granted permissions, if any.\n      // Special handling for eth_accounts, in order to record the time the\n      // accounts were last seen or approved by the origin.\n      // Type assertion: We are assuming that the response data contains\n      // a set of permissions if the RPC method is \"eth_requestPermissions\".\n      const permissions = result as Permission[];\n      newEntries = permissions.reduce((acc: PermissionEntry, permission) => {\n        const method = permission.parentCapability;\n\n        if (!requestedMethods.includes(method)) {\n          return acc;\n        }\n\n        if (method === 'eth_accounts') {\n          const accounts = this.#getAccountsFromPermission(permission);\n          return {\n            ...acc,\n            [method]: {\n              lastApproved: time,\n              accounts: this.#getAccountToTimeMap(accounts, time),\n            },\n          };\n        }\n\n        return {\n          ...acc,\n          [method]: {\n            lastApproved: time,\n          },\n        };\n      }, {});\n    }\n\n    if (Object.keys(newEntries).length > 0) {\n      this.#commitNewHistory(origin, newEntries);\n    }\n  }\n\n  /**\n   * Commit new entries to the permissions history log.\n   * Merges the history for the given origin, overwriting existing entries\n   * with the same key (permission name).\n   *\n   * @param origin - The requesting origin.\n   * @param newEntries - The new entries to commit.\n   */\n  #commitNewHistory(origin: string, newEntries: PermissionEntry) {\n    const { permissionHistory } = this.state;\n\n    // a simple merge updates most permissions\n    const oldOriginHistory = permissionHistory[origin] ?? {};\n    const newOriginHistory = {\n      ...oldOriginHistory,\n      ...newEntries,\n    };\n\n    // eth_accounts requires special handling, because of information\n    // we store about the accounts\n    const existingEthAccountsEntry = oldOriginHistory.eth_accounts;\n    const newEthAccountsEntry = newEntries.eth_accounts;\n\n    if (existingEthAccountsEntry && newEthAccountsEntry) {\n      // we may intend to update just the accounts, not the permission\n      // itself\n      const lastApproved =\n        newEthAccountsEntry.lastApproved ??\n        existingEthAccountsEntry.lastApproved;\n\n      // merge old and new eth_accounts history entries\n      newOriginHistory.eth_accounts = {\n        lastApproved,\n        accounts: {\n          ...existingEthAccountsEntry.accounts,\n          ...newEthAccountsEntry.accounts,\n        },\n      };\n    }\n\n    this.update((state) => {\n      state.permissionHistory = {\n        ...permissionHistory,\n        [origin]: newOriginHistory,\n      };\n    });\n  }\n\n  /**\n   * Get all requested methods from a permissions request.\n   *\n   * @param request - The request object.\n   * @returns The names of the requested permissions.\n   */\n  #getRequestedMethods(request: JsonRpcRequestWithOrigin): string[] | null {\n    const { method, params } = request;\n    if (method === 'eth_requestAccounts') {\n      return ['eth_accounts'];\n    } else if (\n      method === `${WALLET_PREFIX}requestPermissions` &&\n      params &&\n      Array.isArray(params) &&\n      params[0] &&\n      typeof params[0] === 'object' &&\n      !Array.isArray(params[0])\n    ) {\n      return Object.keys(params[0]);\n    }\n    return null;\n  }\n\n  /**\n   * Get the permitted accounts from an eth_accounts permissions object.\n   * Returns an empty array if the permission is not eth_accounts.\n   *\n   * @param permission - The permissions object.\n   * @param permission.parentCapability - The permissions parentCapability.\n   * @param permission.caveats - The permissions caveats.\n   * @returns The permitted accounts.\n   */\n  #getAccountsFromPermission(permission: Permission): string[] {\n    if (permission.parentCapability !== 'eth_accounts' || !permission.caveats) {\n      return [];\n    }\n\n    const accounts = new Set<string>();\n    for (const caveat of permission.caveats) {\n      if (\n        caveat.type === CAVEAT_TYPES.restrictReturnedAccounts &&\n        Array.isArray(caveat.value)\n      ) {\n        for (const value of caveat.value) {\n          accounts.add(value);\n        }\n      }\n    }\n\n    return [...accounts];\n  }\n}\n"]}

package/dist/enums.d.ts

@@ -0,0 +1,14 @@
+export declare const WALLET_PREFIX = "wallet_";
+export declare const CAVEAT_TYPES: Readonly<{
+    restrictReturnedAccounts: "restrictReturnedAccounts";
+}>;
+export declare const LOG_IGNORE_METHODS: string[];
+export declare enum LOG_METHOD_TYPES {
+    restricted = "restricted",
+    internal = "internal"
+}
+/**
+ * The permission activity log size limit.
+ */
+export declare const LOG_LIMIT = 100;
+//# sourceMappingURL=enums.d.ts.map

package/dist/enums.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enums.d.ts","sourceRoot":"","sources":["../src/enums.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,aAAa,YAAY,CAAC;AAEvC,eAAO,MAAM,YAAY;;EAEvB,CAAC;AAEH,eAAO,MAAM,kBAAkB,UAG9B,CAAC;AAEF,oBAAY,gBAAgB;IAC1B,UAAU,eAAe;IACzB,QAAQ,aAAa;CACtB;AAED;;GAEG;AACH,eAAO,MAAM,SAAS,MAAM,CAAC"}

package/dist/enums.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LOG_LIMIT = exports.LOG_METHOD_TYPES = exports.LOG_IGNORE_METHODS = exports.CAVEAT_TYPES = exports.WALLET_PREFIX = void 0;
+exports.WALLET_PREFIX = 'wallet_';
+exports.CAVEAT_TYPES = Object.freeze({
+    restrictReturnedAccounts: 'restrictReturnedAccounts',
+});
+exports.LOG_IGNORE_METHODS = [
+    'wallet_registerOnboarding',
+    'wallet_watchAsset',
+];
+var LOG_METHOD_TYPES;
+(function (LOG_METHOD_TYPES) {
+    LOG_METHOD_TYPES["restricted"] = "restricted";
+    LOG_METHOD_TYPES["internal"] = "internal";
+})(LOG_METHOD_TYPES = exports.LOG_METHOD_TYPES || (exports.LOG_METHOD_TYPES = {}));
+/**
+ * The permission activity log size limit.
+ */
+exports.LOG_LIMIT = 100;
+//# sourceMappingURL=enums.js.map

package/dist/enums.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"enums.js","sourceRoot":"","sources":["../src/enums.ts"],"names":[],"mappings":";;;AAAa,QAAA,aAAa,GAAG,SAAS,CAAC;AAE1B,QAAA,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC;IACxC,wBAAwB,EAAE,0BAAmC;CAC9D,CAAC,CAAC;AAEU,QAAA,kBAAkB,GAAG;IAChC,2BAA2B;IAC3B,mBAAmB;CACpB,CAAC;AAEF,IAAY,gBAGX;AAHD,WAAY,gBAAgB;IAC1B,6CAAyB,CAAA;IACzB,yCAAqB,CAAA;AACvB,CAAC,EAHW,gBAAgB,GAAhB,wBAAgB,KAAhB,wBAAgB,QAG3B;AAED;;GAEG;AACU,QAAA,SAAS,GAAG,GAAG,CAAC","sourcesContent":["export const WALLET_PREFIX = 'wallet_';\n\nexport const CAVEAT_TYPES = Object.freeze({\n  restrictReturnedAccounts: 'restrictReturnedAccounts' as const,\n});\n\nexport const LOG_IGNORE_METHODS = [\n  'wallet_registerOnboarding',\n  'wallet_watchAsset',\n];\n\nexport enum LOG_METHOD_TYPES {\n  restricted = 'restricted',\n  internal = 'internal',\n}\n\n/**\n * The permission activity log size limit.\n */\nexport const LOG_LIMIT = 100;\n"]}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export * from './PermissionLogController';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,2BAA2B,CAAC"}

package/dist/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./PermissionLogController"), exports);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,4DAA0C","sourcesContent":["export * from './PermissionLogController';\n"]}

package/package.json

@@ -0,0 +1,58 @@
+{
+  "name": "@metamask-previews/permission-log-controller",
+  "version": "0.0.0-preview.08978bf",
+  "description": "Controller with middleware for logging requests and responses to restricted and permissions-related methods",
+  "keywords": [
+    "MetaMask",
+    "Ethereum"
+  ],
+  "homepage": "https://github.com/MetaMask/core/tree/main/packages/permission-log-controller#readme",
+  "bugs": {
+    "url": "https://github.com/MetaMask/core/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/MetaMask/core.git"
+  },
+  "license": "SEE LICENSE IN LICENSE",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist/"
+  ],
+  "scripts": {
+    "build:docs": "typedoc",
+    "changelog:update": "../../scripts/update-changelog.sh @metamask/permission-log-controller",
+    "changelog:validate": "../../scripts/validate-changelog.sh @metamask/permission-log-controller",
+    "publish:preview": "yarn npm publish --tag preview",
+    "test": "jest --reporters=jest-silent-reporter",
+    "test:clean": "jest --clearCache",
+    "test:verbose": "jest --verbose",
+    "test:watch": "jest --watch"
+  },
+  "dependencies": {
+    "@metamask/base-controller": "^4.1.1",
+    "@metamask/json-rpc-engine": "^7.3.2",
+    "@metamask/utils": "^8.3.0"
+  },
+  "devDependencies": {
+    "@metamask/auto-changelog": "^3.4.4",
+    "@types/deep-freeze-strict": "^1.1.0",
+    "@types/jest": "^27.4.1",
+    "deep-freeze-strict": "^1.1.1",
+    "deepmerge": "^4.2.2",
+    "jest": "^27.5.1",
+    "nanoid": "^3.1.31",
+    "ts-jest": "^27.1.4",
+    "typedoc": "^0.24.8",
+    "typedoc-plugin-missing-exports": "^2.0.0",
+    "typescript": "~4.8.4"
+  },
+  "engines": {
+    "node": ">=16.0.0"
+  },
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  }
+}