@metamask/multichain-api-middleware 0.1.1 → 0.2.0

package/CHANGELOG.md

@@ -7,6 +7,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.2.0]
+
+### Added
+
+- Add `wallet_createSession` handler ([#5647](https://github.com/MetaMask/core/pull/5647))
+- Add `Caip25Errors` from `@metamask/chain-agnostic-permission` package ([#5566](https://github.com/MetaMask/core/pull/5566))
+
+### Changed
+
+- Bump `@metamask/chain-agnostic-permission` to `^0.4.0` ([#5674](https://github.com/MetaMask/core/pull/5674))
+- Bump `@metamask/network-controller` to `^23.2.0` ([#5583](https://github.com/MetaMask/core/pull/5583))
+
 ## [0.1.1]
 
 ### Added
@@ -24,6 +36,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Initial release
 
-[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/multichain-api-middleware@0.1.1...HEAD
+[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/multichain-api-middleware@0.2.0...HEAD
+[0.2.0]: https://github.com/MetaMask/core/compare/@metamask/multichain-api-middleware@0.1.1...@metamask/multichain-api-middleware@0.2.0
 [0.1.1]: https://github.com/MetaMask/core/compare/@metamask/multichain-api-middleware@0.1.0...@metamask/multichain-api-middleware@0.1.1
 [0.1.0]: https://github.com/MetaMask/core/releases/tag/@metamask/multichain-api-middleware@0.1.0

package/dist/handlers/types.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"types.cjs","sourceRoot":"","sources":["../../src/handlers/types.ts"],"names":[],"mappings":";;;AAAA;;GAEG;AACH,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,sEAAwC,CAAA;IACxC,4DAA8B,CAAA;AAChC,CAAC,EAHW,0BAA0B,0CAA1B,0BAA0B,QAGrC","sourcesContent":["/**\n * Multichain API notifications currently supported by/known to the wallet.\n */\nexport enum MultichainApiNotifications {\n  sessionChanged = 'wallet_sessionChanged',\n  walletNotify = 'wallet_notify',\n}\n"]}
+{"version":3,"file":"types.cjs","sourceRoot":"","sources":["../../src/handlers/types.ts"],"names":[],"mappings":";;;AAMA;;GAEG;AACH,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,sEAAwC,CAAA;IACxC,4DAA8B,CAAA;AAChC,CAAC,EAHW,0BAA0B,0CAA1B,0BAA0B,QAGrC","sourcesContent":["import type {\n  CaveatSpecificationConstraint,\n  PermissionController,\n  PermissionSpecificationConstraint,\n} from '@metamask/permission-controller';\n\n/**\n * Multichain API notifications currently supported by/known to the wallet.\n */\nexport enum MultichainApiNotifications {\n  sessionChanged = 'wallet_sessionChanged',\n  walletNotify = 'wallet_notify',\n}\ntype AbstractPermissionController = PermissionController<\n  PermissionSpecificationConstraint,\n  CaveatSpecificationConstraint\n>;\n\nexport type GrantedPermissions = Awaited<\n  ReturnType<AbstractPermissionController['requestPermissions']>\n>[0];\n"]}

package/dist/handlers/types.d.cts

@@ -1,3 +1,4 @@
+import type { CaveatSpecificationConstraint, PermissionController, PermissionSpecificationConstraint } from "@metamask/permission-controller";
 /**
  * Multichain API notifications currently supported by/known to the wallet.
  */
@@ -5,4 +6,7 @@ export declare enum MultichainApiNotifications {
     sessionChanged = "wallet_sessionChanged",
     walletNotify = "wallet_notify"
 }
+type AbstractPermissionController = PermissionController<PermissionSpecificationConstraint, CaveatSpecificationConstraint>;
+export type GrantedPermissions = Awaited<ReturnType<AbstractPermissionController['requestPermissions']>>[0];
+export {};
 //# sourceMappingURL=types.d.cts.map

package/dist/handlers/types.d.cts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.cts","sourceRoot":"","sources":["../../src/handlers/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,oBAAY,0BAA0B;IACpC,cAAc,0BAA0B;IACxC,YAAY,kBAAkB;CAC/B"}
+{"version":3,"file":"types.d.cts","sourceRoot":"","sources":["../../src/handlers/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,6BAA6B,EAC7B,oBAAoB,EACpB,iCAAiC,EAClC,wCAAwC;AAEzC;;GAEG;AACH,oBAAY,0BAA0B;IACpC,cAAc,0BAA0B;IACxC,YAAY,kBAAkB;CAC/B;AACD,KAAK,4BAA4B,GAAG,oBAAoB,CACtD,iCAAiC,EACjC,6BAA6B,CAC9B,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG,OAAO,CACtC,UAAU,CAAC,4BAA4B,CAAC,oBAAoB,CAAC,CAAC,CAC/D,CAAC,CAAC,CAAC,CAAC"}

package/dist/handlers/types.d.mts

@@ -1,3 +1,4 @@
+import type { CaveatSpecificationConstraint, PermissionController, PermissionSpecificationConstraint } from "@metamask/permission-controller";
 /**
  * Multichain API notifications currently supported by/known to the wallet.
  */
@@ -5,4 +6,7 @@ export declare enum MultichainApiNotifications {
     sessionChanged = "wallet_sessionChanged",
     walletNotify = "wallet_notify"
 }
+type AbstractPermissionController = PermissionController<PermissionSpecificationConstraint, CaveatSpecificationConstraint>;
+export type GrantedPermissions = Awaited<ReturnType<AbstractPermissionController['requestPermissions']>>[0];
+export {};
 //# sourceMappingURL=types.d.mts.map

package/dist/handlers/types.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.mts","sourceRoot":"","sources":["../../src/handlers/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,oBAAY,0BAA0B;IACpC,cAAc,0BAA0B;IACxC,YAAY,kBAAkB;CAC/B"}
+{"version":3,"file":"types.d.mts","sourceRoot":"","sources":["../../src/handlers/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,6BAA6B,EAC7B,oBAAoB,EACpB,iCAAiC,EAClC,wCAAwC;AAEzC;;GAEG;AACH,oBAAY,0BAA0B;IACpC,cAAc,0BAA0B;IACxC,YAAY,kBAAkB;CAC/B;AACD,KAAK,4BAA4B,GAAG,oBAAoB,CACtD,iCAAiC,EACjC,6BAA6B,CAC9B,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG,OAAO,CACtC,UAAU,CAAC,4BAA4B,CAAC,oBAAoB,CAAC,CAAC,CAC/D,CAAC,CAAC,CAAC,CAAC"}

package/dist/handlers/types.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"types.mjs","sourceRoot":"","sources":["../../src/handlers/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,CAAN,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,sEAAwC,CAAA;IACxC,4DAA8B,CAAA;AAChC,CAAC,EAHW,0BAA0B,KAA1B,0BAA0B,QAGrC","sourcesContent":["/**\n * Multichain API notifications currently supported by/known to the wallet.\n */\nexport enum MultichainApiNotifications {\n  sessionChanged = 'wallet_sessionChanged',\n  walletNotify = 'wallet_notify',\n}\n"]}
+{"version":3,"file":"types.mjs","sourceRoot":"","sources":["../../src/handlers/types.ts"],"names":[],"mappings":"AAMA;;GAEG;AACH,MAAM,CAAN,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,sEAAwC,CAAA;IACxC,4DAA8B,CAAA;AAChC,CAAC,EAHW,0BAA0B,KAA1B,0BAA0B,QAGrC","sourcesContent":["import type {\n  CaveatSpecificationConstraint,\n  PermissionController,\n  PermissionSpecificationConstraint,\n} from '@metamask/permission-controller';\n\n/**\n * Multichain API notifications currently supported by/known to the wallet.\n */\nexport enum MultichainApiNotifications {\n  sessionChanged = 'wallet_sessionChanged',\n  walletNotify = 'wallet_notify',\n}\ntype AbstractPermissionController = PermissionController<\n  PermissionSpecificationConstraint,\n  CaveatSpecificationConstraint\n>;\n\nexport type GrantedPermissions = Awaited<\n  ReturnType<AbstractPermissionController['requestPermissions']>\n>[0];\n"]}

package/dist/handlers/wallet-createSession.cjs

@@ -0,0 +1,150 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.walletCreateSession = void 0;
+const chain_agnostic_permission_1 = require("@metamask/chain-agnostic-permission");
+const controller_utils_1 = require("@metamask/controller-utils");
+const permission_controller_1 = require("@metamask/permission-controller");
+const rpc_errors_1 = require("@metamask/rpc-errors");
+const utils_1 = require("@metamask/utils");
+/**
+ * Handler for the `wallet_createSession` RPC method which is responsible
+ * for prompting for approval and granting a CAIP-25 permission.
+ *
+ * This implementation primarily deviates from the CAIP-25 handler
+ * specification by treating all scopes as optional regardless of
+ * if they were specified in `requiredScopes` or `optionalScopes`.
+ * Additionally, provided scopes, methods, notifications, and
+ * account values that are invalid/malformed are ignored rather than
+ * causing an error to be returned.
+ *
+ * @param req - The request object.
+ * @param res - The response object.
+ * @param _next - The next middleware function.
+ * @param end - The end function.
+ * @param hooks - The hooks object.
+ * @param hooks.listAccounts - The hook that returns an array of the wallet's evm accounts.
+ * @param hooks.findNetworkClientIdByChainId - The hook that returns the networkClientId for a chainId.
+ * @param hooks.requestPermissionsForOrigin - The hook that approves and grants requested permissions.
+ * @param hooks.getNonEvmSupportedMethods - The hook that returns the supported methods for a non EVM scope.
+ * @param hooks.isNonEvmScopeSupported - The hook that returns true if a non EVM scope is supported.
+ * @param hooks.getNonEvmAccountAddresses - The hook that returns a list of CaipAccountIds that are supported for a CaipChainId.
+ * @param hooks.trackSessionCreatedEvent - An optional hook for platform specific logic to run. Can be undefined.
+ * @returns A promise with wallet_createSession handler
+ */
+async function walletCreateSessionHandler(req, res, _next, end, hooks) {
+    if (!(0, utils_1.isPlainObject)(req.params)) {
+        return end((0, permission_controller_1.invalidParams)({ data: { request: req } }));
+    }
+    const { requiredScopes, optionalScopes, sessionProperties } = req.params;
+    if (sessionProperties && Object.keys(sessionProperties).length === 0) {
+        return end(new rpc_errors_1.JsonRpcError(5302, 'Invalid sessionProperties requested'));
+    }
+    const filteredSessionProperties = Object.fromEntries(Object.entries(sessionProperties ?? {}).filter(([key]) => (0, chain_agnostic_permission_1.isKnownSessionPropertyValue)(key)));
+    try {
+        const { normalizedRequiredScopes, normalizedOptionalScopes } = (0, chain_agnostic_permission_1.validateAndNormalizeScopes)(requiredScopes || {}, optionalScopes || {});
+        const requiredScopesWithSupportedMethodsAndNotifications = (0, chain_agnostic_permission_1.getSupportedScopeObjects)(normalizedRequiredScopes, {
+            getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,
+        });
+        const optionalScopesWithSupportedMethodsAndNotifications = (0, chain_agnostic_permission_1.getSupportedScopeObjects)(normalizedOptionalScopes, {
+            getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,
+        });
+        const networkClientExistsForChainId = (chainId) => {
+            try {
+                hooks.findNetworkClientIdByChainId(chainId);
+                return true;
+            }
+            catch {
+                return false;
+            }
+        };
+        const { supportedScopes: supportedRequiredScopes } = (0, chain_agnostic_permission_1.bucketScopes)(requiredScopesWithSupportedMethodsAndNotifications, {
+            isEvmChainIdSupported: networkClientExistsForChainId,
+            isEvmChainIdSupportable: () => false,
+            getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,
+            isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,
+        });
+        const { supportedScopes: supportedOptionalScopes } = (0, chain_agnostic_permission_1.bucketScopes)(optionalScopesWithSupportedMethodsAndNotifications, {
+            isEvmChainIdSupported: networkClientExistsForChainId,
+            isEvmChainIdSupportable: () => false,
+            getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,
+            isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,
+        });
+        const allRequestedAccountAddresses = (0, chain_agnostic_permission_1.getCaipAccountIdsFromScopesObjects)([
+            supportedRequiredScopes,
+            supportedOptionalScopes,
+        ]);
+        const allSupportedRequestedCaipChainIds = (0, chain_agnostic_permission_1.getAllScopesFromScopesObjects)([
+            supportedRequiredScopes,
+            supportedOptionalScopes,
+        ]);
+        if (allSupportedRequestedCaipChainIds.length === 0) {
+            return end(new rpc_errors_1.JsonRpcError(5100, 'Requested scopes are not supported'));
+        }
+        const existingEvmAddresses = hooks
+            .listAccounts()
+            .map((account) => account.address);
+        const supportedRequestedAccountAddresses = allRequestedAccountAddresses.filter((requestedAccountAddress) => {
+            const { address, chain: { namespace }, chainId: caipChainId, } = (0, utils_1.parseCaipAccountId)(requestedAccountAddress);
+            if (namespace === utils_1.KnownCaipNamespace.Eip155.toString()) {
+                return existingEvmAddresses.some((existingEvmAddress) => {
+                    return (0, controller_utils_1.isEqualCaseInsensitive)(address, existingEvmAddress);
+                });
+            }
+            // If the namespace is not eip155 (EVM) we do a case sensitive check
+            return hooks
+                .getNonEvmAccountAddresses(caipChainId)
+                .some((existingCaipAddress) => {
+                return requestedAccountAddress === existingCaipAddress;
+            });
+        });
+        const requestedCaip25CaveatValue = {
+            requiredScopes: (0, chain_agnostic_permission_1.getInternalScopesObject)(supportedRequiredScopes),
+            optionalScopes: (0, chain_agnostic_permission_1.getInternalScopesObject)(supportedOptionalScopes),
+            isMultichainOrigin: true,
+            sessionProperties: filteredSessionProperties,
+        };
+        const requestedCaip25CaveatValueWithSupportedAccounts = (0, chain_agnostic_permission_1.setPermittedAccounts)(requestedCaip25CaveatValue, supportedRequestedAccountAddresses);
+        const [grantedPermissions] = await hooks.requestPermissionsForOrigin({
+            [chain_agnostic_permission_1.Caip25EndowmentPermissionName]: {
+                caveats: [
+                    {
+                        type: chain_agnostic_permission_1.Caip25CaveatType,
+                        value: requestedCaip25CaveatValueWithSupportedAccounts,
+                    },
+                ],
+            },
+        });
+        const approvedCaip25Permission = grantedPermissions[chain_agnostic_permission_1.Caip25EndowmentPermissionName];
+        const approvedCaip25CaveatValue = approvedCaip25Permission?.caveats?.find((caveat) => caveat.type === chain_agnostic_permission_1.Caip25CaveatType)?.value;
+        if (!approvedCaip25CaveatValue) {
+            throw rpc_errors_1.rpcErrors.internal();
+        }
+        const sessionScopes = (0, chain_agnostic_permission_1.getSessionScopes)(approvedCaip25CaveatValue, {
+            getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,
+        });
+        const { sessionProperties: approvedSessionProperties = {} } = approvedCaip25CaveatValue;
+        hooks.trackSessionCreatedEvent?.(approvedCaip25CaveatValue);
+        res.result = {
+            sessionScopes,
+            sessionProperties: approvedSessionProperties,
+        };
+        return end();
+    }
+    catch (err) {
+        return end(err);
+    }
+}
+exports.walletCreateSession = {
+    methodNames: ['wallet_createSession'],
+    implementation: walletCreateSessionHandler,
+    hookNames: {
+        findNetworkClientIdByChainId: true,
+        listAccounts: true,
+        requestPermissionsForOrigin: true,
+        getNonEvmSupportedMethods: true,
+        isNonEvmScopeSupported: true,
+        getNonEvmAccountAddresses: true,
+        trackSessionCreatedEvent: true,
+    },
+};
+//# sourceMappingURL=wallet-createSession.cjs.map

package/dist/handlers/wallet-createSession.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"wallet-createSession.cjs","sourceRoot":"","sources":["../../src/handlers/wallet-createSession.ts"],"names":[],"mappings":";;;AAAA,mFAe6C;AAC7C,iEAAoE;AAMpE,2EAGyC;AACzC,qDAA+D;AAC/D,2CAUyB;AAIzB;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,KAAK,UAAU,0BAA0B,CACvC,GAA6D,EAC7D,GAGE,EACF,KAAgC,EAChC,GAA6B,EAC7B,KAaC;IAED,IAAI,CAAC,IAAA,qBAAa,EAAC,GAAG,CAAC,MAAM,CAAC,EAAE;QAC9B,OAAO,GAAG,CAAC,IAAA,qCAAa,EAAC,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;KACvD;IACD,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,iBAAiB,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAEzE,IAAI,iBAAiB,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;QACpE,OAAO,GAAG,CAAC,IAAI,yBAAY,CAAC,IAAI,EAAE,qCAAqC,CAAC,CAAC,CAAC;KAC3E;IAED,MAAM,yBAAyB,GAAG,MAAM,CAAC,WAAW,CAClD,MAAM,CAAC,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CACvD,IAAA,uDAA2B,EAAC,GAAG,CAAC,CACjC,CACF,CAAC;IAEF,IAAI;QACF,MAAM,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,GAC1D,IAAA,sDAA0B,EAAC,cAAc,IAAI,EAAE,EAAE,cAAc,IAAI,EAAE,CAAC,CAAC;QAEzE,MAAM,kDAAkD,GACtD,IAAA,oDAAwB,EAAC,wBAAwB,EAAE;YACjD,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QACL,MAAM,kDAAkD,GACtD,IAAA,oDAAwB,EAAC,wBAAwB,EAAE;YACjD,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QAEL,MAAM,6BAA6B,GAAG,CAAC,OAAY,EAAE,EAAE;YACrD,IAAI;gBACF,KAAK,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;gBAC5C,OAAO,IAAI,CAAC;aACb;YAAC,MAAM;gBACN,OAAO,KAAK,CAAC;aACd;QACH,CAAC,CAAC;QAEF,MAAM,EAAE,eAAe,EAAE,uBAAuB,EAAE,GAAG,IAAA,wCAAY,EAC/D,kDAAkD,EAClD;YACE,qBAAqB,EAAE,6BAA6B;YACpD,uBAAuB,EAAE,GAAG,EAAE,CAAC,KAAK;YACpC,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;YAC1D,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;SACrD,CACF,CAAC;QAEF,MAAM,EAAE,eAAe,EAAE,uBAAuB,EAAE,GAAG,IAAA,wCAAY,EAC/D,kDAAkD,EAClD;YACE,qBAAqB,EAAE,6BAA6B;YACpD,uBAAuB,EAAE,GAAG,EAAE,CAAC,KAAK;YACpC,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;YAC1D,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;SACrD,CACF,CAAC;QAEF,MAAM,4BAA4B,GAAG,IAAA,8DAAkC,EAAC;YACtE,uBAAuB;YACvB,uBAAuB;SACxB,CAAC,CAAC;QAEH,MAAM,iCAAiC,GAAG,IAAA,yDAA6B,EAAC;YACtE,uBAAuB;YACvB,uBAAuB;SACxB,CAAC,CAAC;QAEH,IAAI,iCAAiC,CAAC,MAAM,KAAK,CAAC,EAAE;YAClD,OAAO,GAAG,CAAC,IAAI,yBAAY,CAAC,IAAI,EAAE,oCAAoC,CAAC,CAAC,CAAC;SAC1E;QAED,MAAM,oBAAoB,GAAG,KAAK;aAC/B,YAAY,EAAE;aACd,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAErC,MAAM,kCAAkC,GACtC,4BAA4B,CAAC,MAAM,CACjC,CAAC,uBAAsC,EAAE,EAAE;YACzC,MAAM,EACJ,OAAO,EACP,KAAK,EAAE,EAAE,SAAS,EAAE,EACpB,OAAO,EAAE,WAAW,GACrB,GAAG,IAAA,0BAAkB,EAAC,uBAAuB,CAAC,CAAC;YAChD,IAAI,SAAS,KAAK,0BAAkB,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE;gBACtD,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,kBAAkB,EAAE,EAAE;oBACtD,OAAO,IAAA,yCAAsB,EAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;gBAC7D,CAAC,CAAC,CAAC;aACJ;YAED,oEAAoE;YACpE,OAAO,KAAK;iBACT,yBAAyB,CAAC,WAAW,CAAC;iBACtC,IAAI,CAAC,CAAC,mBAAmB,EAAE,EAAE;gBAC5B,OAAO,uBAAuB,KAAK,mBAAmB,CAAC;YACzD,CAAC,CAAC,CAAC;QACP,CAAC,CACF,CAAC;QAEJ,MAAM,0BAA0B,GAAG;YACjC,cAAc,EAAE,IAAA,mDAAuB,EAAC,uBAAuB,CAAC;YAChE,cAAc,EAAE,IAAA,mDAAuB,EAAC,uBAAuB,CAAC;YAChE,kBAAkB,EAAE,IAAI;YACxB,iBAAiB,EAAE,yBAAyB;SAC7C,CAAC;QAEF,MAAM,+CAA+C,GACnD,IAAA,gDAAoB,EAClB,0BAA0B,EAC1B,kCAAkC,CACnC,CAAC;QAEJ,MAAM,CAAC,kBAAkB,CAAC,GAAG,MAAM,KAAK,CAAC,2BAA2B,CAAC;YACnE,CAAC,yDAA6B,CAAC,EAAE;gBAC/B,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,4CAAgB;wBACtB,KAAK,EAAE,+CAA+C;qBACvD;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,wBAAwB,GAC5B,kBAAkB,CAAC,yDAA6B,CAAC,CAAC;QACpD,MAAM,yBAAyB,GAAG,wBAAwB,EAAE,OAAO,EAAE,IAAI,CACvE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,4CAAgB,CAC7C,EAAE,KAA0B,CAAC;QAC9B,IAAI,CAAC,yBAAyB,EAAE;YAC9B,MAAM,sBAAS,CAAC,QAAQ,EAAE,CAAC;SAC5B;QAED,MAAM,aAAa,GAAG,IAAA,4CAAgB,EAAC,yBAAyB,EAAE;YAChE,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QAEH,MAAM,EAAE,iBAAiB,EAAE,yBAAyB,GAAG,EAAE,EAAE,GACzD,yBAAyB,CAAC;QAE5B,KAAK,CAAC,wBAAwB,EAAE,CAAC,yBAAyB,CAAC,CAAC;QAE5D,GAAG,CAAC,MAAM,GAAG;YACX,aAAa;YACb,iBAAiB,EAAE,yBAAyB;SAC7C,CAAC;QACF,OAAO,GAAG,EAAE,CAAC;KACd;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;KACjB;AACH,CAAC;AAEY,QAAA,mBAAmB,GAAG;IACjC,WAAW,EAAE,CAAC,sBAAsB,CAAC;IACrC,cAAc,EAAE,0BAA0B;IAC1C,SAAS,EAAE;QACT,4BAA4B,EAAE,IAAI;QAClC,YAAY,EAAE,IAAI;QAClB,2BAA2B,EAAE,IAAI;QACjC,yBAAyB,EAAE,IAAI;QAC/B,sBAAsB,EAAE,IAAI;QAC5B,yBAAyB,EAAE,IAAI;QAC/B,wBAAwB,EAAE,IAAI;KAC/B;CACF,CAAC","sourcesContent":["import {\n  Caip25CaveatType,\n  Caip25EndowmentPermissionName,\n  bucketScopes,\n  validateAndNormalizeScopes,\n  type Caip25Authorization,\n  getInternalScopesObject,\n  getSessionScopes,\n  type NormalizedScopesObject,\n  getSupportedScopeObjects,\n  type Caip25CaveatValue,\n  isKnownSessionPropertyValue,\n  getCaipAccountIdsFromScopesObjects,\n  getAllScopesFromScopesObjects,\n  setPermittedAccounts,\n} from '@metamask/chain-agnostic-permission';\nimport { isEqualCaseInsensitive } from '@metamask/controller-utils';\nimport type {\n  JsonRpcEngineEndCallback,\n  JsonRpcEngineNextCallback,\n} from '@metamask/json-rpc-engine';\nimport type { NetworkController } from '@metamask/network-controller';\nimport {\n  invalidParams,\n  type RequestedPermissions,\n} from '@metamask/permission-controller';\nimport { JsonRpcError, rpcErrors } from '@metamask/rpc-errors';\nimport {\n  type CaipAccountId,\n  type CaipChainId,\n  type Hex,\n  isPlainObject,\n  type Json,\n  type JsonRpcRequest,\n  type JsonRpcSuccess,\n  KnownCaipNamespace,\n  parseCaipAccountId,\n} from '@metamask/utils';\n\nimport type { GrantedPermissions } from './types';\n\n/**\n * Handler for the `wallet_createSession` RPC method which is responsible\n * for prompting for approval and granting a CAIP-25 permission.\n *\n * This implementation primarily deviates from the CAIP-25 handler\n * specification by treating all scopes as optional regardless of\n * if they were specified in `requiredScopes` or `optionalScopes`.\n * Additionally, provided scopes, methods, notifications, and\n * account values that are invalid/malformed are ignored rather than\n * causing an error to be returned.\n *\n * @param req - The request object.\n * @param res - The response object.\n * @param _next - The next middleware function.\n * @param end - The end function.\n * @param hooks - The hooks object.\n * @param hooks.listAccounts - The hook that returns an array of the wallet's evm accounts.\n * @param hooks.findNetworkClientIdByChainId - The hook that returns the networkClientId for a chainId.\n * @param hooks.requestPermissionsForOrigin - The hook that approves and grants requested permissions.\n * @param hooks.getNonEvmSupportedMethods - The hook that returns the supported methods for a non EVM scope.\n * @param hooks.isNonEvmScopeSupported - The hook that returns true if a non EVM scope is supported.\n * @param hooks.getNonEvmAccountAddresses - The hook that returns a list of CaipAccountIds that are supported for a CaipChainId.\n * @param hooks.trackSessionCreatedEvent - An optional hook for platform specific logic to run. Can be undefined.\n * @returns A promise with wallet_createSession handler\n */\nasync function walletCreateSessionHandler(\n  req: JsonRpcRequest<Caip25Authorization> & { origin: string },\n  res: JsonRpcSuccess<{\n    sessionScopes: NormalizedScopesObject;\n    sessionProperties?: Record<string, Json>;\n  }>,\n  _next: JsonRpcEngineNextCallback,\n  end: JsonRpcEngineEndCallback,\n  hooks: {\n    listAccounts: () => { address: string }[];\n    findNetworkClientIdByChainId: NetworkController['findNetworkClientIdByChainId'];\n    requestPermissionsForOrigin: (\n      requestedPermissions: RequestedPermissions,\n      metadata?: Record<string, Json>,\n    ) => Promise<[GrantedPermissions]>;\n    getNonEvmSupportedMethods: (scope: CaipChainId) => string[];\n    isNonEvmScopeSupported: (scope: CaipChainId) => boolean;\n    getNonEvmAccountAddresses: (scope: CaipChainId) => CaipAccountId[];\n    trackSessionCreatedEvent?: (\n      approvedCaip25CaveatValue: Caip25CaveatValue,\n    ) => void;\n  },\n) {\n  if (!isPlainObject(req.params)) {\n    return end(invalidParams({ data: { request: req } }));\n  }\n  const { requiredScopes, optionalScopes, sessionProperties } = req.params;\n\n  if (sessionProperties && Object.keys(sessionProperties).length === 0) {\n    return end(new JsonRpcError(5302, 'Invalid sessionProperties requested'));\n  }\n\n  const filteredSessionProperties = Object.fromEntries(\n    Object.entries(sessionProperties ?? {}).filter(([key]) =>\n      isKnownSessionPropertyValue(key),\n    ),\n  );\n\n  try {\n    const { normalizedRequiredScopes, normalizedOptionalScopes } =\n      validateAndNormalizeScopes(requiredScopes || {}, optionalScopes || {});\n\n    const requiredScopesWithSupportedMethodsAndNotifications =\n      getSupportedScopeObjects(normalizedRequiredScopes, {\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n      });\n    const optionalScopesWithSupportedMethodsAndNotifications =\n      getSupportedScopeObjects(normalizedOptionalScopes, {\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n      });\n\n    const networkClientExistsForChainId = (chainId: Hex) => {\n      try {\n        hooks.findNetworkClientIdByChainId(chainId);\n        return true;\n      } catch {\n        return false;\n      }\n    };\n\n    const { supportedScopes: supportedRequiredScopes } = bucketScopes(\n      requiredScopesWithSupportedMethodsAndNotifications,\n      {\n        isEvmChainIdSupported: networkClientExistsForChainId,\n        isEvmChainIdSupportable: () => false, // intended for future usage with eip3085 scopedProperties\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n        isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,\n      },\n    );\n\n    const { supportedScopes: supportedOptionalScopes } = bucketScopes(\n      optionalScopesWithSupportedMethodsAndNotifications,\n      {\n        isEvmChainIdSupported: networkClientExistsForChainId,\n        isEvmChainIdSupportable: () => false, // intended for future usage with eip3085 scopedProperties\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n        isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,\n      },\n    );\n\n    const allRequestedAccountAddresses = getCaipAccountIdsFromScopesObjects([\n      supportedRequiredScopes,\n      supportedOptionalScopes,\n    ]);\n\n    const allSupportedRequestedCaipChainIds = getAllScopesFromScopesObjects([\n      supportedRequiredScopes,\n      supportedOptionalScopes,\n    ]);\n\n    if (allSupportedRequestedCaipChainIds.length === 0) {\n      return end(new JsonRpcError(5100, 'Requested scopes are not supported'));\n    }\n\n    const existingEvmAddresses = hooks\n      .listAccounts()\n      .map((account) => account.address);\n\n    const supportedRequestedAccountAddresses =\n      allRequestedAccountAddresses.filter(\n        (requestedAccountAddress: CaipAccountId) => {\n          const {\n            address,\n            chain: { namespace },\n            chainId: caipChainId,\n          } = parseCaipAccountId(requestedAccountAddress);\n          if (namespace === KnownCaipNamespace.Eip155.toString()) {\n            return existingEvmAddresses.some((existingEvmAddress) => {\n              return isEqualCaseInsensitive(address, existingEvmAddress);\n            });\n          }\n\n          // If the namespace is not eip155 (EVM) we do a case sensitive check\n          return hooks\n            .getNonEvmAccountAddresses(caipChainId)\n            .some((existingCaipAddress) => {\n              return requestedAccountAddress === existingCaipAddress;\n            });\n        },\n      );\n\n    const requestedCaip25CaveatValue = {\n      requiredScopes: getInternalScopesObject(supportedRequiredScopes),\n      optionalScopes: getInternalScopesObject(supportedOptionalScopes),\n      isMultichainOrigin: true,\n      sessionProperties: filteredSessionProperties,\n    };\n\n    const requestedCaip25CaveatValueWithSupportedAccounts =\n      setPermittedAccounts(\n        requestedCaip25CaveatValue,\n        supportedRequestedAccountAddresses,\n      );\n\n    const [grantedPermissions] = await hooks.requestPermissionsForOrigin({\n      [Caip25EndowmentPermissionName]: {\n        caveats: [\n          {\n            type: Caip25CaveatType,\n            value: requestedCaip25CaveatValueWithSupportedAccounts,\n          },\n        ],\n      },\n    });\n\n    const approvedCaip25Permission =\n      grantedPermissions[Caip25EndowmentPermissionName];\n    const approvedCaip25CaveatValue = approvedCaip25Permission?.caveats?.find(\n      (caveat) => caveat.type === Caip25CaveatType,\n    )?.value as Caip25CaveatValue;\n    if (!approvedCaip25CaveatValue) {\n      throw rpcErrors.internal();\n    }\n\n    const sessionScopes = getSessionScopes(approvedCaip25CaveatValue, {\n      getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n    });\n\n    const { sessionProperties: approvedSessionProperties = {} } =\n      approvedCaip25CaveatValue;\n\n    hooks.trackSessionCreatedEvent?.(approvedCaip25CaveatValue);\n\n    res.result = {\n      sessionScopes,\n      sessionProperties: approvedSessionProperties,\n    };\n    return end();\n  } catch (err) {\n    return end(err);\n  }\n}\n\nexport const walletCreateSession = {\n  methodNames: ['wallet_createSession'],\n  implementation: walletCreateSessionHandler,\n  hookNames: {\n    findNetworkClientIdByChainId: true,\n    listAccounts: true,\n    requestPermissionsForOrigin: true,\n    getNonEvmSupportedMethods: true,\n    isNonEvmScopeSupported: true,\n    getNonEvmAccountAddresses: true,\n    trackSessionCreatedEvent: true,\n  },\n};\n"]}

package/dist/handlers/wallet-createSession.d.cts

@@ -0,0 +1,62 @@
+import { type Caip25Authorization, type NormalizedScopesObject, type Caip25CaveatValue } from "@metamask/chain-agnostic-permission";
+import type { JsonRpcEngineEndCallback, JsonRpcEngineNextCallback } from "@metamask/json-rpc-engine";
+import type { NetworkController } from "@metamask/network-controller";
+import { type RequestedPermissions } from "@metamask/permission-controller";
+import { type CaipAccountId, type CaipChainId, type Json, type JsonRpcRequest, type JsonRpcSuccess } from "@metamask/utils";
+import type { GrantedPermissions } from "./types.cjs";
+/**
+ * Handler for the `wallet_createSession` RPC method which is responsible
+ * for prompting for approval and granting a CAIP-25 permission.
+ *
+ * This implementation primarily deviates from the CAIP-25 handler
+ * specification by treating all scopes as optional regardless of
+ * if they were specified in `requiredScopes` or `optionalScopes`.
+ * Additionally, provided scopes, methods, notifications, and
+ * account values that are invalid/malformed are ignored rather than
+ * causing an error to be returned.
+ *
+ * @param req - The request object.
+ * @param res - The response object.
+ * @param _next - The next middleware function.
+ * @param end - The end function.
+ * @param hooks - The hooks object.
+ * @param hooks.listAccounts - The hook that returns an array of the wallet's evm accounts.
+ * @param hooks.findNetworkClientIdByChainId - The hook that returns the networkClientId for a chainId.
+ * @param hooks.requestPermissionsForOrigin - The hook that approves and grants requested permissions.
+ * @param hooks.getNonEvmSupportedMethods - The hook that returns the supported methods for a non EVM scope.
+ * @param hooks.isNonEvmScopeSupported - The hook that returns true if a non EVM scope is supported.
+ * @param hooks.getNonEvmAccountAddresses - The hook that returns a list of CaipAccountIds that are supported for a CaipChainId.
+ * @param hooks.trackSessionCreatedEvent - An optional hook for platform specific logic to run. Can be undefined.
+ * @returns A promise with wallet_createSession handler
+ */
+declare function walletCreateSessionHandler(req: JsonRpcRequest<Caip25Authorization> & {
+    origin: string;
+}, res: JsonRpcSuccess<{
+    sessionScopes: NormalizedScopesObject;
+    sessionProperties?: Record<string, Json>;
+}>, _next: JsonRpcEngineNextCallback, end: JsonRpcEngineEndCallback, hooks: {
+    listAccounts: () => {
+        address: string;
+    }[];
+    findNetworkClientIdByChainId: NetworkController['findNetworkClientIdByChainId'];
+    requestPermissionsForOrigin: (requestedPermissions: RequestedPermissions, metadata?: Record<string, Json>) => Promise<[GrantedPermissions]>;
+    getNonEvmSupportedMethods: (scope: CaipChainId) => string[];
+    isNonEvmScopeSupported: (scope: CaipChainId) => boolean;
+    getNonEvmAccountAddresses: (scope: CaipChainId) => CaipAccountId[];
+    trackSessionCreatedEvent?: (approvedCaip25CaveatValue: Caip25CaveatValue) => void;
+}): Promise<void>;
+export declare const walletCreateSession: {
+    methodNames: string[];
+    implementation: typeof walletCreateSessionHandler;
+    hookNames: {
+        findNetworkClientIdByChainId: boolean;
+        listAccounts: boolean;
+        requestPermissionsForOrigin: boolean;
+        getNonEvmSupportedMethods: boolean;
+        isNonEvmScopeSupported: boolean;
+        getNonEvmAccountAddresses: boolean;
+        trackSessionCreatedEvent: boolean;
+    };
+};
+export {};
+//# sourceMappingURL=wallet-createSession.d.cts.map

package/dist/handlers/wallet-createSession.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wallet-createSession.d.cts","sourceRoot":"","sources":["../../src/handlers/wallet-createSession.ts"],"names":[],"mappings":"AAAA,OAAO,EAKL,KAAK,mBAAmB,EAGxB,KAAK,sBAAsB,EAE3B,KAAK,iBAAiB,EAKvB,4CAA4C;AAE7C,OAAO,KAAK,EACV,wBAAwB,EACxB,yBAAyB,EAC1B,kCAAkC;AACnC,OAAO,KAAK,EAAE,iBAAiB,EAAE,qCAAqC;AACtE,OAAO,EAEL,KAAK,oBAAoB,EAC1B,wCAAwC;AAEzC,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,WAAW,EAGhB,KAAK,IAAI,EACT,KAAK,cAAc,EACnB,KAAK,cAAc,EAGpB,wBAAwB;AAEzB,OAAO,KAAK,EAAE,kBAAkB,EAAE,oBAAgB;AAElD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,iBAAe,0BAA0B,CACvC,GAAG,EAAE,cAAc,CAAC,mBAAmB,CAAC,GAAG;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,EAC7D,GAAG,EAAE,cAAc,CAAC;IAClB,aAAa,EAAE,sBAAsB,CAAC;IACtC,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;CAC1C,CAAC,EACF,KAAK,EAAE,yBAAyB,EAChC,GAAG,EAAE,wBAAwB,EAC7B,KAAK,EAAE;IACL,YAAY,EAAE,MAAM;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAC1C,4BAA4B,EAAE,iBAAiB,CAAC,8BAA8B,CAAC,CAAC;IAChF,2BAA2B,EAAE,CAC3B,oBAAoB,EAAE,oBAAoB,EAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,KAC5B,OAAO,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACnC,yBAAyB,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,MAAM,EAAE,CAAC;IAC5D,sBAAsB,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,OAAO,CAAC;IACxD,yBAAyB,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,aAAa,EAAE,CAAC;IACnE,wBAAwB,CAAC,EAAE,CACzB,yBAAyB,EAAE,iBAAiB,KACzC,IAAI,CAAC;CACX,iBAsJF;AAED,eAAO,MAAM,mBAAmB;;;;;;;;;;;;CAY/B,CAAC"}

package/dist/handlers/wallet-createSession.d.mts

@@ -0,0 +1,62 @@
+import { type Caip25Authorization, type NormalizedScopesObject, type Caip25CaveatValue } from "@metamask/chain-agnostic-permission";
+import type { JsonRpcEngineEndCallback, JsonRpcEngineNextCallback } from "@metamask/json-rpc-engine";
+import type { NetworkController } from "@metamask/network-controller";
+import { type RequestedPermissions } from "@metamask/permission-controller";
+import { type CaipAccountId, type CaipChainId, type Json, type JsonRpcRequest, type JsonRpcSuccess } from "@metamask/utils";
+import type { GrantedPermissions } from "./types.mjs";
+/**
+ * Handler for the `wallet_createSession` RPC method which is responsible
+ * for prompting for approval and granting a CAIP-25 permission.
+ *
+ * This implementation primarily deviates from the CAIP-25 handler
+ * specification by treating all scopes as optional regardless of
+ * if they were specified in `requiredScopes` or `optionalScopes`.
+ * Additionally, provided scopes, methods, notifications, and
+ * account values that are invalid/malformed are ignored rather than
+ * causing an error to be returned.
+ *
+ * @param req - The request object.
+ * @param res - The response object.
+ * @param _next - The next middleware function.
+ * @param end - The end function.
+ * @param hooks - The hooks object.
+ * @param hooks.listAccounts - The hook that returns an array of the wallet's evm accounts.
+ * @param hooks.findNetworkClientIdByChainId - The hook that returns the networkClientId for a chainId.
+ * @param hooks.requestPermissionsForOrigin - The hook that approves and grants requested permissions.
+ * @param hooks.getNonEvmSupportedMethods - The hook that returns the supported methods for a non EVM scope.
+ * @param hooks.isNonEvmScopeSupported - The hook that returns true if a non EVM scope is supported.
+ * @param hooks.getNonEvmAccountAddresses - The hook that returns a list of CaipAccountIds that are supported for a CaipChainId.
+ * @param hooks.trackSessionCreatedEvent - An optional hook for platform specific logic to run. Can be undefined.
+ * @returns A promise with wallet_createSession handler
+ */
+declare function walletCreateSessionHandler(req: JsonRpcRequest<Caip25Authorization> & {
+    origin: string;
+}, res: JsonRpcSuccess<{
+    sessionScopes: NormalizedScopesObject;
+    sessionProperties?: Record<string, Json>;
+}>, _next: JsonRpcEngineNextCallback, end: JsonRpcEngineEndCallback, hooks: {
+    listAccounts: () => {
+        address: string;
+    }[];
+    findNetworkClientIdByChainId: NetworkController['findNetworkClientIdByChainId'];
+    requestPermissionsForOrigin: (requestedPermissions: RequestedPermissions, metadata?: Record<string, Json>) => Promise<[GrantedPermissions]>;
+    getNonEvmSupportedMethods: (scope: CaipChainId) => string[];
+    isNonEvmScopeSupported: (scope: CaipChainId) => boolean;
+    getNonEvmAccountAddresses: (scope: CaipChainId) => CaipAccountId[];
+    trackSessionCreatedEvent?: (approvedCaip25CaveatValue: Caip25CaveatValue) => void;
+}): Promise<void>;
+export declare const walletCreateSession: {
+    methodNames: string[];
+    implementation: typeof walletCreateSessionHandler;
+    hookNames: {
+        findNetworkClientIdByChainId: boolean;
+        listAccounts: boolean;
+        requestPermissionsForOrigin: boolean;
+        getNonEvmSupportedMethods: boolean;
+        isNonEvmScopeSupported: boolean;
+        getNonEvmAccountAddresses: boolean;
+        trackSessionCreatedEvent: boolean;
+    };
+};
+export {};
+//# sourceMappingURL=wallet-createSession.d.mts.map

package/dist/handlers/wallet-createSession.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wallet-createSession.d.mts","sourceRoot":"","sources":["../../src/handlers/wallet-createSession.ts"],"names":[],"mappings":"AAAA,OAAO,EAKL,KAAK,mBAAmB,EAGxB,KAAK,sBAAsB,EAE3B,KAAK,iBAAiB,EAKvB,4CAA4C;AAE7C,OAAO,KAAK,EACV,wBAAwB,EACxB,yBAAyB,EAC1B,kCAAkC;AACnC,OAAO,KAAK,EAAE,iBAAiB,EAAE,qCAAqC;AACtE,OAAO,EAEL,KAAK,oBAAoB,EAC1B,wCAAwC;AAEzC,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,WAAW,EAGhB,KAAK,IAAI,EACT,KAAK,cAAc,EACnB,KAAK,cAAc,EAGpB,wBAAwB;AAEzB,OAAO,KAAK,EAAE,kBAAkB,EAAE,oBAAgB;AAElD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,iBAAe,0BAA0B,CACvC,GAAG,EAAE,cAAc,CAAC,mBAAmB,CAAC,GAAG;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,EAC7D,GAAG,EAAE,cAAc,CAAC;IAClB,aAAa,EAAE,sBAAsB,CAAC;IACtC,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;CAC1C,CAAC,EACF,KAAK,EAAE,yBAAyB,EAChC,GAAG,EAAE,wBAAwB,EAC7B,KAAK,EAAE;IACL,YAAY,EAAE,MAAM;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAC1C,4BAA4B,EAAE,iBAAiB,CAAC,8BAA8B,CAAC,CAAC;IAChF,2BAA2B,EAAE,CAC3B,oBAAoB,EAAE,oBAAoB,EAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,KAC5B,OAAO,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACnC,yBAAyB,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,MAAM,EAAE,CAAC;IAC5D,sBAAsB,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,OAAO,CAAC;IACxD,yBAAyB,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,aAAa,EAAE,CAAC;IACnE,wBAAwB,CAAC,EAAE,CACzB,yBAAyB,EAAE,iBAAiB,KACzC,IAAI,CAAC;CACX,iBAsJF;AAED,eAAO,MAAM,mBAAmB;;;;;;;;;;;;CAY/B,CAAC"}

package/dist/handlers/wallet-createSession.mjs

@@ -0,0 +1,147 @@
+import { Caip25CaveatType, Caip25EndowmentPermissionName, bucketScopes, validateAndNormalizeScopes, getInternalScopesObject, getSessionScopes, getSupportedScopeObjects, isKnownSessionPropertyValue, getCaipAccountIdsFromScopesObjects, getAllScopesFromScopesObjects, setPermittedAccounts } from "@metamask/chain-agnostic-permission";
+import { isEqualCaseInsensitive } from "@metamask/controller-utils";
+import { invalidParams } from "@metamask/permission-controller";
+import { JsonRpcError, rpcErrors } from "@metamask/rpc-errors";
+import { isPlainObject, KnownCaipNamespace, parseCaipAccountId } from "@metamask/utils";
+/**
+ * Handler for the `wallet_createSession` RPC method which is responsible
+ * for prompting for approval and granting a CAIP-25 permission.
+ *
+ * This implementation primarily deviates from the CAIP-25 handler
+ * specification by treating all scopes as optional regardless of
+ * if they were specified in `requiredScopes` or `optionalScopes`.
+ * Additionally, provided scopes, methods, notifications, and
+ * account values that are invalid/malformed are ignored rather than
+ * causing an error to be returned.
+ *
+ * @param req - The request object.
+ * @param res - The response object.
+ * @param _next - The next middleware function.
+ * @param end - The end function.
+ * @param hooks - The hooks object.
+ * @param hooks.listAccounts - The hook that returns an array of the wallet's evm accounts.
+ * @param hooks.findNetworkClientIdByChainId - The hook that returns the networkClientId for a chainId.
+ * @param hooks.requestPermissionsForOrigin - The hook that approves and grants requested permissions.
+ * @param hooks.getNonEvmSupportedMethods - The hook that returns the supported methods for a non EVM scope.
+ * @param hooks.isNonEvmScopeSupported - The hook that returns true if a non EVM scope is supported.
+ * @param hooks.getNonEvmAccountAddresses - The hook that returns a list of CaipAccountIds that are supported for a CaipChainId.
+ * @param hooks.trackSessionCreatedEvent - An optional hook for platform specific logic to run. Can be undefined.
+ * @returns A promise with wallet_createSession handler
+ */
+async function walletCreateSessionHandler(req, res, _next, end, hooks) {
+    if (!isPlainObject(req.params)) {
+        return end(invalidParams({ data: { request: req } }));
+    }
+    const { requiredScopes, optionalScopes, sessionProperties } = req.params;
+    if (sessionProperties && Object.keys(sessionProperties).length === 0) {
+        return end(new JsonRpcError(5302, 'Invalid sessionProperties requested'));
+    }
+    const filteredSessionProperties = Object.fromEntries(Object.entries(sessionProperties ?? {}).filter(([key]) => isKnownSessionPropertyValue(key)));
+    try {
+        const { normalizedRequiredScopes, normalizedOptionalScopes } = validateAndNormalizeScopes(requiredScopes || {}, optionalScopes || {});
+        const requiredScopesWithSupportedMethodsAndNotifications = getSupportedScopeObjects(normalizedRequiredScopes, {
+            getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,
+        });
+        const optionalScopesWithSupportedMethodsAndNotifications = getSupportedScopeObjects(normalizedOptionalScopes, {
+            getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,
+        });
+        const networkClientExistsForChainId = (chainId) => {
+            try {
+                hooks.findNetworkClientIdByChainId(chainId);
+                return true;
+            }
+            catch {
+                return false;
+            }
+        };
+        const { supportedScopes: supportedRequiredScopes } = bucketScopes(requiredScopesWithSupportedMethodsAndNotifications, {
+            isEvmChainIdSupported: networkClientExistsForChainId,
+            isEvmChainIdSupportable: () => false,
+            getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,
+            isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,
+        });
+        const { supportedScopes: supportedOptionalScopes } = bucketScopes(optionalScopesWithSupportedMethodsAndNotifications, {
+            isEvmChainIdSupported: networkClientExistsForChainId,
+            isEvmChainIdSupportable: () => false,
+            getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,
+            isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,
+        });
+        const allRequestedAccountAddresses = getCaipAccountIdsFromScopesObjects([
+            supportedRequiredScopes,
+            supportedOptionalScopes,
+        ]);
+        const allSupportedRequestedCaipChainIds = getAllScopesFromScopesObjects([
+            supportedRequiredScopes,
+            supportedOptionalScopes,
+        ]);
+        if (allSupportedRequestedCaipChainIds.length === 0) {
+            return end(new JsonRpcError(5100, 'Requested scopes are not supported'));
+        }
+        const existingEvmAddresses = hooks
+            .listAccounts()
+            .map((account) => account.address);
+        const supportedRequestedAccountAddresses = allRequestedAccountAddresses.filter((requestedAccountAddress) => {
+            const { address, chain: { namespace }, chainId: caipChainId, } = parseCaipAccountId(requestedAccountAddress);
+            if (namespace === KnownCaipNamespace.Eip155.toString()) {
+                return existingEvmAddresses.some((existingEvmAddress) => {
+                    return isEqualCaseInsensitive(address, existingEvmAddress);
+                });
+            }
+            // If the namespace is not eip155 (EVM) we do a case sensitive check
+            return hooks
+                .getNonEvmAccountAddresses(caipChainId)
+                .some((existingCaipAddress) => {
+                return requestedAccountAddress === existingCaipAddress;
+            });
+        });
+        const requestedCaip25CaveatValue = {
+            requiredScopes: getInternalScopesObject(supportedRequiredScopes),
+            optionalScopes: getInternalScopesObject(supportedOptionalScopes),
+            isMultichainOrigin: true,
+            sessionProperties: filteredSessionProperties,
+        };
+        const requestedCaip25CaveatValueWithSupportedAccounts = setPermittedAccounts(requestedCaip25CaveatValue, supportedRequestedAccountAddresses);
+        const [grantedPermissions] = await hooks.requestPermissionsForOrigin({
+            [Caip25EndowmentPermissionName]: {
+                caveats: [
+                    {
+                        type: Caip25CaveatType,
+                        value: requestedCaip25CaveatValueWithSupportedAccounts,
+                    },
+                ],
+            },
+        });
+        const approvedCaip25Permission = grantedPermissions[Caip25EndowmentPermissionName];
+        const approvedCaip25CaveatValue = approvedCaip25Permission?.caveats?.find((caveat) => caveat.type === Caip25CaveatType)?.value;
+        if (!approvedCaip25CaveatValue) {
+            throw rpcErrors.internal();
+        }
+        const sessionScopes = getSessionScopes(approvedCaip25CaveatValue, {
+            getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,
+        });
+        const { sessionProperties: approvedSessionProperties = {} } = approvedCaip25CaveatValue;
+        hooks.trackSessionCreatedEvent?.(approvedCaip25CaveatValue);
+        res.result = {
+            sessionScopes,
+            sessionProperties: approvedSessionProperties,
+        };
+        return end();
+    }
+    catch (err) {
+        return end(err);
+    }
+}
+export const walletCreateSession = {
+    methodNames: ['wallet_createSession'],
+    implementation: walletCreateSessionHandler,
+    hookNames: {
+        findNetworkClientIdByChainId: true,
+        listAccounts: true,
+        requestPermissionsForOrigin: true,
+        getNonEvmSupportedMethods: true,
+        isNonEvmScopeSupported: true,
+        getNonEvmAccountAddresses: true,
+        trackSessionCreatedEvent: true,
+    },
+};
+//# sourceMappingURL=wallet-createSession.mjs.map

package/dist/handlers/wallet-createSession.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"wallet-createSession.mjs","sourceRoot":"","sources":["../../src/handlers/wallet-createSession.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,6BAA6B,EAC7B,YAAY,EACZ,0BAA0B,EAE1B,uBAAuB,EACvB,gBAAgB,EAEhB,wBAAwB,EAExB,2BAA2B,EAC3B,kCAAkC,EAClC,6BAA6B,EAC7B,oBAAoB,EACrB,4CAA4C;AAC7C,OAAO,EAAE,sBAAsB,EAAE,mCAAmC;AAMpE,OAAO,EACL,aAAa,EAEd,wCAAwC;AACzC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,6BAA6B;AAC/D,OAAO,EAIL,aAAa,EAIb,kBAAkB,EAClB,kBAAkB,EACnB,wBAAwB;AAIzB;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,KAAK,UAAU,0BAA0B,CACvC,GAA6D,EAC7D,GAGE,EACF,KAAgC,EAChC,GAA6B,EAC7B,KAaC;IAED,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;QAC9B,OAAO,GAAG,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;KACvD;IACD,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,iBAAiB,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAEzE,IAAI,iBAAiB,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;QACpE,OAAO,GAAG,CAAC,IAAI,YAAY,CAAC,IAAI,EAAE,qCAAqC,CAAC,CAAC,CAAC;KAC3E;IAED,MAAM,yBAAyB,GAAG,MAAM,CAAC,WAAW,CAClD,MAAM,CAAC,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CACvD,2BAA2B,CAAC,GAAG,CAAC,CACjC,CACF,CAAC;IAEF,IAAI;QACF,MAAM,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,GAC1D,0BAA0B,CAAC,cAAc,IAAI,EAAE,EAAE,cAAc,IAAI,EAAE,CAAC,CAAC;QAEzE,MAAM,kDAAkD,GACtD,wBAAwB,CAAC,wBAAwB,EAAE;YACjD,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QACL,MAAM,kDAAkD,GACtD,wBAAwB,CAAC,wBAAwB,EAAE;YACjD,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QAEL,MAAM,6BAA6B,GAAG,CAAC,OAAY,EAAE,EAAE;YACrD,IAAI;gBACF,KAAK,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;gBAC5C,OAAO,IAAI,CAAC;aACb;YAAC,MAAM;gBACN,OAAO,KAAK,CAAC;aACd;QACH,CAAC,CAAC;QAEF,MAAM,EAAE,eAAe,EAAE,uBAAuB,EAAE,GAAG,YAAY,CAC/D,kDAAkD,EAClD;YACE,qBAAqB,EAAE,6BAA6B;YACpD,uBAAuB,EAAE,GAAG,EAAE,CAAC,KAAK;YACpC,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;YAC1D,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;SACrD,CACF,CAAC;QAEF,MAAM,EAAE,eAAe,EAAE,uBAAuB,EAAE,GAAG,YAAY,CAC/D,kDAAkD,EAClD;YACE,qBAAqB,EAAE,6BAA6B;YACpD,uBAAuB,EAAE,GAAG,EAAE,CAAC,KAAK;YACpC,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;YAC1D,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;SACrD,CACF,CAAC;QAEF,MAAM,4BAA4B,GAAG,kCAAkC,CAAC;YACtE,uBAAuB;YACvB,uBAAuB;SACxB,CAAC,CAAC;QAEH,MAAM,iCAAiC,GAAG,6BAA6B,CAAC;YACtE,uBAAuB;YACvB,uBAAuB;SACxB,CAAC,CAAC;QAEH,IAAI,iCAAiC,CAAC,MAAM,KAAK,CAAC,EAAE;YAClD,OAAO,GAAG,CAAC,IAAI,YAAY,CAAC,IAAI,EAAE,oCAAoC,CAAC,CAAC,CAAC;SAC1E;QAED,MAAM,oBAAoB,GAAG,KAAK;aAC/B,YAAY,EAAE;aACd,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAErC,MAAM,kCAAkC,GACtC,4BAA4B,CAAC,MAAM,CACjC,CAAC,uBAAsC,EAAE,EAAE;YACzC,MAAM,EACJ,OAAO,EACP,KAAK,EAAE,EAAE,SAAS,EAAE,EACpB,OAAO,EAAE,WAAW,GACrB,GAAG,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;YAChD,IAAI,SAAS,KAAK,kBAAkB,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE;gBACtD,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,kBAAkB,EAAE,EAAE;oBACtD,OAAO,sBAAsB,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;gBAC7D,CAAC,CAAC,CAAC;aACJ;YAED,oEAAoE;YACpE,OAAO,KAAK;iBACT,yBAAyB,CAAC,WAAW,CAAC;iBACtC,IAAI,CAAC,CAAC,mBAAmB,EAAE,EAAE;gBAC5B,OAAO,uBAAuB,KAAK,mBAAmB,CAAC;YACzD,CAAC,CAAC,CAAC;QACP,CAAC,CACF,CAAC;QAEJ,MAAM,0BAA0B,GAAG;YACjC,cAAc,EAAE,uBAAuB,CAAC,uBAAuB,CAAC;YAChE,cAAc,EAAE,uBAAuB,CAAC,uBAAuB,CAAC;YAChE,kBAAkB,EAAE,IAAI;YACxB,iBAAiB,EAAE,yBAAyB;SAC7C,CAAC;QAEF,MAAM,+CAA+C,GACnD,oBAAoB,CAClB,0BAA0B,EAC1B,kCAAkC,CACnC,CAAC;QAEJ,MAAM,CAAC,kBAAkB,CAAC,GAAG,MAAM,KAAK,CAAC,2BAA2B,CAAC;YACnE,CAAC,6BAA6B,CAAC,EAAE;gBAC/B,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,gBAAgB;wBACtB,KAAK,EAAE,+CAA+C;qBACvD;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,wBAAwB,GAC5B,kBAAkB,CAAC,6BAA6B,CAAC,CAAC;QACpD,MAAM,yBAAyB,GAAG,wBAAwB,EAAE,OAAO,EAAE,IAAI,CACvE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,gBAAgB,CAC7C,EAAE,KAA0B,CAAC;QAC9B,IAAI,CAAC,yBAAyB,EAAE;YAC9B,MAAM,SAAS,CAAC,QAAQ,EAAE,CAAC;SAC5B;QAED,MAAM,aAAa,GAAG,gBAAgB,CAAC,yBAAyB,EAAE;YAChE,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QAEH,MAAM,EAAE,iBAAiB,EAAE,yBAAyB,GAAG,EAAE,EAAE,GACzD,yBAAyB,CAAC;QAE5B,KAAK,CAAC,wBAAwB,EAAE,CAAC,yBAAyB,CAAC,CAAC;QAE5D,GAAG,CAAC,MAAM,GAAG;YACX,aAAa;YACb,iBAAiB,EAAE,yBAAyB;SAC7C,CAAC;QACF,OAAO,GAAG,EAAE,CAAC;KACd;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;KACjB;AACH,CAAC;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,WAAW,EAAE,CAAC,sBAAsB,CAAC;IACrC,cAAc,EAAE,0BAA0B;IAC1C,SAAS,EAAE;QACT,4BAA4B,EAAE,IAAI;QAClC,YAAY,EAAE,IAAI;QAClB,2BAA2B,EAAE,IAAI;QACjC,yBAAyB,EAAE,IAAI;QAC/B,sBAAsB,EAAE,IAAI;QAC5B,yBAAyB,EAAE,IAAI;QAC/B,wBAAwB,EAAE,IAAI;KAC/B;CACF,CAAC","sourcesContent":["import {\n  Caip25CaveatType,\n  Caip25EndowmentPermissionName,\n  bucketScopes,\n  validateAndNormalizeScopes,\n  type Caip25Authorization,\n  getInternalScopesObject,\n  getSessionScopes,\n  type NormalizedScopesObject,\n  getSupportedScopeObjects,\n  type Caip25CaveatValue,\n  isKnownSessionPropertyValue,\n  getCaipAccountIdsFromScopesObjects,\n  getAllScopesFromScopesObjects,\n  setPermittedAccounts,\n} from '@metamask/chain-agnostic-permission';\nimport { isEqualCaseInsensitive } from '@metamask/controller-utils';\nimport type {\n  JsonRpcEngineEndCallback,\n  JsonRpcEngineNextCallback,\n} from '@metamask/json-rpc-engine';\nimport type { NetworkController } from '@metamask/network-controller';\nimport {\n  invalidParams,\n  type RequestedPermissions,\n} from '@metamask/permission-controller';\nimport { JsonRpcError, rpcErrors } from '@metamask/rpc-errors';\nimport {\n  type CaipAccountId,\n  type CaipChainId,\n  type Hex,\n  isPlainObject,\n  type Json,\n  type JsonRpcRequest,\n  type JsonRpcSuccess,\n  KnownCaipNamespace,\n  parseCaipAccountId,\n} from '@metamask/utils';\n\nimport type { GrantedPermissions } from './types';\n\n/**\n * Handler for the `wallet_createSession` RPC method which is responsible\n * for prompting for approval and granting a CAIP-25 permission.\n *\n * This implementation primarily deviates from the CAIP-25 handler\n * specification by treating all scopes as optional regardless of\n * if they were specified in `requiredScopes` or `optionalScopes`.\n * Additionally, provided scopes, methods, notifications, and\n * account values that are invalid/malformed are ignored rather than\n * causing an error to be returned.\n *\n * @param req - The request object.\n * @param res - The response object.\n * @param _next - The next middleware function.\n * @param end - The end function.\n * @param hooks - The hooks object.\n * @param hooks.listAccounts - The hook that returns an array of the wallet's evm accounts.\n * @param hooks.findNetworkClientIdByChainId - The hook that returns the networkClientId for a chainId.\n * @param hooks.requestPermissionsForOrigin - The hook that approves and grants requested permissions.\n * @param hooks.getNonEvmSupportedMethods - The hook that returns the supported methods for a non EVM scope.\n * @param hooks.isNonEvmScopeSupported - The hook that returns true if a non EVM scope is supported.\n * @param hooks.getNonEvmAccountAddresses - The hook that returns a list of CaipAccountIds that are supported for a CaipChainId.\n * @param hooks.trackSessionCreatedEvent - An optional hook for platform specific logic to run. Can be undefined.\n * @returns A promise with wallet_createSession handler\n */\nasync function walletCreateSessionHandler(\n  req: JsonRpcRequest<Caip25Authorization> & { origin: string },\n  res: JsonRpcSuccess<{\n    sessionScopes: NormalizedScopesObject;\n    sessionProperties?: Record<string, Json>;\n  }>,\n  _next: JsonRpcEngineNextCallback,\n  end: JsonRpcEngineEndCallback,\n  hooks: {\n    listAccounts: () => { address: string }[];\n    findNetworkClientIdByChainId: NetworkController['findNetworkClientIdByChainId'];\n    requestPermissionsForOrigin: (\n      requestedPermissions: RequestedPermissions,\n      metadata?: Record<string, Json>,\n    ) => Promise<[GrantedPermissions]>;\n    getNonEvmSupportedMethods: (scope: CaipChainId) => string[];\n    isNonEvmScopeSupported: (scope: CaipChainId) => boolean;\n    getNonEvmAccountAddresses: (scope: CaipChainId) => CaipAccountId[];\n    trackSessionCreatedEvent?: (\n      approvedCaip25CaveatValue: Caip25CaveatValue,\n    ) => void;\n  },\n) {\n  if (!isPlainObject(req.params)) {\n    return end(invalidParams({ data: { request: req } }));\n  }\n  const { requiredScopes, optionalScopes, sessionProperties } = req.params;\n\n  if (sessionProperties && Object.keys(sessionProperties).length === 0) {\n    return end(new JsonRpcError(5302, 'Invalid sessionProperties requested'));\n  }\n\n  const filteredSessionProperties = Object.fromEntries(\n    Object.entries(sessionProperties ?? {}).filter(([key]) =>\n      isKnownSessionPropertyValue(key),\n    ),\n  );\n\n  try {\n    const { normalizedRequiredScopes, normalizedOptionalScopes } =\n      validateAndNormalizeScopes(requiredScopes || {}, optionalScopes || {});\n\n    const requiredScopesWithSupportedMethodsAndNotifications =\n      getSupportedScopeObjects(normalizedRequiredScopes, {\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n      });\n    const optionalScopesWithSupportedMethodsAndNotifications =\n      getSupportedScopeObjects(normalizedOptionalScopes, {\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n      });\n\n    const networkClientExistsForChainId = (chainId: Hex) => {\n      try {\n        hooks.findNetworkClientIdByChainId(chainId);\n        return true;\n      } catch {\n        return false;\n      }\n    };\n\n    const { supportedScopes: supportedRequiredScopes } = bucketScopes(\n      requiredScopesWithSupportedMethodsAndNotifications,\n      {\n        isEvmChainIdSupported: networkClientExistsForChainId,\n        isEvmChainIdSupportable: () => false, // intended for future usage with eip3085 scopedProperties\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n        isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,\n      },\n    );\n\n    const { supportedScopes: supportedOptionalScopes } = bucketScopes(\n      optionalScopesWithSupportedMethodsAndNotifications,\n      {\n        isEvmChainIdSupported: networkClientExistsForChainId,\n        isEvmChainIdSupportable: () => false, // intended for future usage with eip3085 scopedProperties\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n        isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,\n      },\n    );\n\n    const allRequestedAccountAddresses = getCaipAccountIdsFromScopesObjects([\n      supportedRequiredScopes,\n      supportedOptionalScopes,\n    ]);\n\n    const allSupportedRequestedCaipChainIds = getAllScopesFromScopesObjects([\n      supportedRequiredScopes,\n      supportedOptionalScopes,\n    ]);\n\n    if (allSupportedRequestedCaipChainIds.length === 0) {\n      return end(new JsonRpcError(5100, 'Requested scopes are not supported'));\n    }\n\n    const existingEvmAddresses = hooks\n      .listAccounts()\n      .map((account) => account.address);\n\n    const supportedRequestedAccountAddresses =\n      allRequestedAccountAddresses.filter(\n        (requestedAccountAddress: CaipAccountId) => {\n          const {\n            address,\n            chain: { namespace },\n            chainId: caipChainId,\n          } = parseCaipAccountId(requestedAccountAddress);\n          if (namespace === KnownCaipNamespace.Eip155.toString()) {\n            return existingEvmAddresses.some((existingEvmAddress) => {\n              return isEqualCaseInsensitive(address, existingEvmAddress);\n            });\n          }\n\n          // If the namespace is not eip155 (EVM) we do a case sensitive check\n          return hooks\n            .getNonEvmAccountAddresses(caipChainId)\n            .some((existingCaipAddress) => {\n              return requestedAccountAddress === existingCaipAddress;\n            });\n        },\n      );\n\n    const requestedCaip25CaveatValue = {\n      requiredScopes: getInternalScopesObject(supportedRequiredScopes),\n      optionalScopes: getInternalScopesObject(supportedOptionalScopes),\n      isMultichainOrigin: true,\n      sessionProperties: filteredSessionProperties,\n    };\n\n    const requestedCaip25CaveatValueWithSupportedAccounts =\n      setPermittedAccounts(\n        requestedCaip25CaveatValue,\n        supportedRequestedAccountAddresses,\n      );\n\n    const [grantedPermissions] = await hooks.requestPermissionsForOrigin({\n      [Caip25EndowmentPermissionName]: {\n        caveats: [\n          {\n            type: Caip25CaveatType,\n            value: requestedCaip25CaveatValueWithSupportedAccounts,\n          },\n        ],\n      },\n    });\n\n    const approvedCaip25Permission =\n      grantedPermissions[Caip25EndowmentPermissionName];\n    const approvedCaip25CaveatValue = approvedCaip25Permission?.caveats?.find(\n      (caveat) => caveat.type === Caip25CaveatType,\n    )?.value as Caip25CaveatValue;\n    if (!approvedCaip25CaveatValue) {\n      throw rpcErrors.internal();\n    }\n\n    const sessionScopes = getSessionScopes(approvedCaip25CaveatValue, {\n      getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n    });\n\n    const { sessionProperties: approvedSessionProperties = {} } =\n      approvedCaip25CaveatValue;\n\n    hooks.trackSessionCreatedEvent?.(approvedCaip25CaveatValue);\n\n    res.result = {\n      sessionScopes,\n      sessionProperties: approvedSessionProperties,\n    };\n    return end();\n  } catch (err) {\n    return end(err);\n  }\n}\n\nexport const walletCreateSession = {\n  methodNames: ['wallet_createSession'],\n  implementation: walletCreateSessionHandler,\n  hookNames: {\n    findNetworkClientIdByChainId: true,\n    listAccounts: true,\n    requestPermissionsForOrigin: true,\n    getNonEvmSupportedMethods: true,\n    isNonEvmScopeSupported: true,\n    getNonEvmAccountAddresses: true,\n    trackSessionCreatedEvent: true,\n  },\n};\n"]}

package/dist/index.cjs

@@ -1,6 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MultichainApiNotifications = exports.MultichainSubscriptionManager = exports.MultichainMiddlewareManager = exports.multichainMethodCallValidatorMiddleware = exports.walletRevokeSession = exports.walletInvokeMethod = exports.walletGetSession = void 0;
+exports.MultichainApiNotifications = exports.MultichainSubscriptionManager = exports.MultichainMiddlewareManager = exports.multichainMethodCallValidatorMiddleware = exports.walletRevokeSession = exports.walletInvokeMethod = exports.walletGetSession = exports.walletCreateSession = void 0;
+var wallet_createSession_1 = require("./handlers/wallet-createSession.cjs");
+Object.defineProperty(exports, "walletCreateSession", { enumerable: true, get: function () { return wallet_createSession_1.walletCreateSession; } });
 var wallet_getSession_1 = require("./handlers/wallet-getSession.cjs");
 Object.defineProperty(exports, "walletGetSession", { enumerable: true, get: function () { return wallet_getSession_1.walletGetSession; } });
 var wallet_invokeMethod_1 = require("./handlers/wallet-invokeMethod.cjs");

package/dist/index.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"index.cjs","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,sEAAgE;AAAvD,qHAAA,gBAAgB,OAAA;AACzB,0EAAoE;AAA3D,yHAAA,kBAAkB,OAAA;AAC3B,4EAAsE;AAA7D,2HAAA,mBAAmB,OAAA;AAE5B,qHAAgH;AAAvG,kKAAA,uCAAuC,OAAA;AAChD,6FAAwF;AAA/E,0IAAA,2BAA2B,OAAA;AACpC,iGAA4F;AAAnF,8IAAA,6BAA6B,OAAA;AACtC,8CAA8D;AAArD,mHAAA,0BAA0B,OAAA","sourcesContent":["export { walletGetSession } from './handlers/wallet-getSession';\nexport { walletInvokeMethod } from './handlers/wallet-invokeMethod';\nexport { walletRevokeSession } from './handlers/wallet-revokeSession';\n\nexport { multichainMethodCallValidatorMiddleware } from './middlewares/multichainMethodCallValidatorMiddleware';\nexport { MultichainMiddlewareManager } from './middlewares/MultichainMiddlewareManager';\nexport { MultichainSubscriptionManager } from './middlewares/MultichainSubscriptionManager';\nexport { MultichainApiNotifications } from './handlers/types';\n"]}
+{"version":3,"file":"index.cjs","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,4EAAsE;AAA7D,2HAAA,mBAAmB,OAAA;AAC5B,sEAAgE;AAAvD,qHAAA,gBAAgB,OAAA;AACzB,0EAAoE;AAA3D,yHAAA,kBAAkB,OAAA;AAC3B,4EAAsE;AAA7D,2HAAA,mBAAmB,OAAA;AAE5B,qHAAgH;AAAvG,kKAAA,uCAAuC,OAAA;AAChD,6FAAwF;AAA/E,0IAAA,2BAA2B,OAAA;AACpC,iGAA4F;AAAnF,8IAAA,6BAA6B,OAAA;AACtC,8CAA8D;AAArD,mHAAA,0BAA0B,OAAA","sourcesContent":["export { walletCreateSession } from './handlers/wallet-createSession';\nexport { walletGetSession } from './handlers/wallet-getSession';\nexport { walletInvokeMethod } from './handlers/wallet-invokeMethod';\nexport { walletRevokeSession } from './handlers/wallet-revokeSession';\n\nexport { multichainMethodCallValidatorMiddleware } from './middlewares/multichainMethodCallValidatorMiddleware';\nexport { MultichainMiddlewareManager } from './middlewares/MultichainMiddlewareManager';\nexport { MultichainSubscriptionManager } from './middlewares/MultichainSubscriptionManager';\nexport { MultichainApiNotifications } from './handlers/types';\n"]}

package/dist/index.d.cts

@@ -1,3 +1,4 @@
+export { walletCreateSession } from "./handlers/wallet-createSession.cjs";
 export { walletGetSession } from "./handlers/wallet-getSession.cjs";
 export { walletInvokeMethod } from "./handlers/wallet-invokeMethod.cjs";
 export { walletRevokeSession } from "./handlers/wallet-revokeSession.cjs";

package/dist/index.d.cts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.cts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,yCAAqC;AAChE,OAAO,EAAE,kBAAkB,EAAE,2CAAuC;AACpE,OAAO,EAAE,mBAAmB,EAAE,4CAAwC;AAEtE,OAAO,EAAE,uCAAuC,EAAE,kEAA8D;AAChH,OAAO,EAAE,2BAA2B,EAAE,sDAAkD;AACxF,OAAO,EAAE,6BAA6B,EAAE,wDAAoD;AAC5F,OAAO,EAAE,0BAA0B,EAAE,6BAAyB"}
+{"version":3,"file":"index.d.cts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,4CAAwC;AACtE,OAAO,EAAE,gBAAgB,EAAE,yCAAqC;AAChE,OAAO,EAAE,kBAAkB,EAAE,2CAAuC;AACpE,OAAO,EAAE,mBAAmB,EAAE,4CAAwC;AAEtE,OAAO,EAAE,uCAAuC,EAAE,kEAA8D;AAChH,OAAO,EAAE,2BAA2B,EAAE,sDAAkD;AACxF,OAAO,EAAE,6BAA6B,EAAE,wDAAoD;AAC5F,OAAO,EAAE,0BAA0B,EAAE,6BAAyB"}

package/dist/index.d.mts

@@ -1,3 +1,4 @@
+export { walletCreateSession } from "./handlers/wallet-createSession.mjs";
 export { walletGetSession } from "./handlers/wallet-getSession.mjs";
 export { walletInvokeMethod } from "./handlers/wallet-invokeMethod.mjs";
 export { walletRevokeSession } from "./handlers/wallet-revokeSession.mjs";

package/dist/index.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.mts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,yCAAqC;AAChE,OAAO,EAAE,kBAAkB,EAAE,2CAAuC;AACpE,OAAO,EAAE,mBAAmB,EAAE,4CAAwC;AAEtE,OAAO,EAAE,uCAAuC,EAAE,kEAA8D;AAChH,OAAO,EAAE,2BAA2B,EAAE,sDAAkD;AACxF,OAAO,EAAE,6BAA6B,EAAE,wDAAoD;AAC5F,OAAO,EAAE,0BAA0B,EAAE,6BAAyB"}
+{"version":3,"file":"index.d.mts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,4CAAwC;AACtE,OAAO,EAAE,gBAAgB,EAAE,yCAAqC;AAChE,OAAO,EAAE,kBAAkB,EAAE,2CAAuC;AACpE,OAAO,EAAE,mBAAmB,EAAE,4CAAwC;AAEtE,OAAO,EAAE,uCAAuC,EAAE,kEAA8D;AAChH,OAAO,EAAE,2BAA2B,EAAE,sDAAkD;AACxF,OAAO,EAAE,6BAA6B,EAAE,wDAAoD;AAC5F,OAAO,EAAE,0BAA0B,EAAE,6BAAyB"}

package/dist/index.mjs

@@ -1,3 +1,4 @@
+export { walletCreateSession } from "./handlers/wallet-createSession.mjs";
 export { walletGetSession } from "./handlers/wallet-getSession.mjs";
 export { walletInvokeMethod } from "./handlers/wallet-invokeMethod.mjs";
 export { walletRevokeSession } from "./handlers/wallet-revokeSession.mjs";

package/dist/index.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"index.mjs","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,yCAAqC;AAChE,OAAO,EAAE,kBAAkB,EAAE,2CAAuC;AACpE,OAAO,EAAE,mBAAmB,EAAE,4CAAwC;AAEtE,OAAO,EAAE,uCAAuC,EAAE,kEAA8D;AAChH,OAAO,EAAE,2BAA2B,EAAE,sDAAkD;AACxF,OAAO,EAAE,6BAA6B,EAAE,wDAAoD;AAC5F,OAAO,EAAE,0BAA0B,EAAE,6BAAyB","sourcesContent":["export { walletGetSession } from './handlers/wallet-getSession';\nexport { walletInvokeMethod } from './handlers/wallet-invokeMethod';\nexport { walletRevokeSession } from './handlers/wallet-revokeSession';\n\nexport { multichainMethodCallValidatorMiddleware } from './middlewares/multichainMethodCallValidatorMiddleware';\nexport { MultichainMiddlewareManager } from './middlewares/MultichainMiddlewareManager';\nexport { MultichainSubscriptionManager } from './middlewares/MultichainSubscriptionManager';\nexport { MultichainApiNotifications } from './handlers/types';\n"]}
+{"version":3,"file":"index.mjs","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,4CAAwC;AACtE,OAAO,EAAE,gBAAgB,EAAE,yCAAqC;AAChE,OAAO,EAAE,kBAAkB,EAAE,2CAAuC;AACpE,OAAO,EAAE,mBAAmB,EAAE,4CAAwC;AAEtE,OAAO,EAAE,uCAAuC,EAAE,kEAA8D;AAChH,OAAO,EAAE,2BAA2B,EAAE,sDAAkD;AACxF,OAAO,EAAE,6BAA6B,EAAE,wDAAoD;AAC5F,OAAO,EAAE,0BAA0B,EAAE,6BAAyB","sourcesContent":["export { walletCreateSession } from './handlers/wallet-createSession';\nexport { walletGetSession } from './handlers/wallet-getSession';\nexport { walletInvokeMethod } from './handlers/wallet-invokeMethod';\nexport { walletRevokeSession } from './handlers/wallet-revokeSession';\n\nexport { multichainMethodCallValidatorMiddleware } from './middlewares/multichainMethodCallValidatorMiddleware';\nexport { MultichainMiddlewareManager } from './middlewares/MultichainMiddlewareManager';\nexport { MultichainSubscriptionManager } from './middlewares/MultichainSubscriptionManager';\nexport { MultichainApiNotifications } from './handlers/types';\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@metamask/multichain-api-middleware",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "JSON-RPC methods and middleware to support the MetaMask Multichain API",
   "keywords": [
     "MetaMask",
@@ -48,9 +48,10 @@
   },
   "dependencies": {
     "@metamask/api-specs": "^0.10.12",
-    "@metamask/chain-agnostic-permission": "^0.2.0",
+    "@metamask/chain-agnostic-permission": "^0.4.0",
+    "@metamask/controller-utils": "^11.7.0",
     "@metamask/json-rpc-engine": "^10.0.3",
-    "@metamask/network-controller": "^23.1.0",
+    "@metamask/network-controller": "^23.2.0",
     "@metamask/permission-controller": "^11.0.6",
     "@metamask/rpc-errors": "^7.0.2",
     "@metamask/utils": "^11.2.0",
@@ -61,6 +62,7 @@
   "devDependencies": {
     "@metamask/auto-changelog": "^3.4.4",
     "@metamask/eth-json-rpc-filters": "^9.0.0",
+    "@metamask/multichain-transactions-controller": "^0.9.0",
     "@metamask/safe-event-emitter": "^3.0.0",
     "@types/jest": "^27.4.1",
     "deepmerge": "^4.2.2",