@metamask/multichain-api-middleware 0.2.0 → 0.3.0

package/CHANGELOG.md

@@ -7,6 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.3.0]
+
+### Added
+
+- Add more chain-agnostic-permission utility functions from sip-26 usage ([#5609](https://github.com/MetaMask/core/pull/5609))
+
+### Changed
+
+- Bump `@metamask/chain-agnostic-permission` to `^0.7.0` ([#5715](https://github.com/MetaMask/core/pull/5715),[#5760](https://github.com/MetaMask/core/pull/5760), [#5818](https://github.com/MetaMask/core/pull/5818))
+- Bump `@metamask/api-specs` to `^0.14.0` ([#5817](https://github.com/MetaMask/core/pull/5817))
+- Bump `@metamask/controller-utils` to `^11.9.0` ([#5765](https://github.com/MetaMask/core/pull/5765), [#5812](https://github.com/MetaMask/core/pull/5812))
+- Bump `@metamask/network-controller` to `^23.5.0` ([#5765](https://github.com/MetaMask/core/pull/5765), [#5812](https://github.com/MetaMask/core/pull/5812))
+
 ## [0.2.0]
 
 ### Added
@@ -36,7 +49,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Initial release
 
-[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/multichain-api-middleware@0.2.0...HEAD
+[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/multichain-api-middleware@0.3.0...HEAD
+[0.3.0]: https://github.com/MetaMask/core/compare/@metamask/multichain-api-middleware@0.2.0...@metamask/multichain-api-middleware@0.3.0
 [0.2.0]: https://github.com/MetaMask/core/compare/@metamask/multichain-api-middleware@0.1.1...@metamask/multichain-api-middleware@0.2.0
 [0.1.1]: https://github.com/MetaMask/core/compare/@metamask/multichain-api-middleware@0.1.0...@metamask/multichain-api-middleware@0.1.1
 [0.1.0]: https://github.com/MetaMask/core/releases/tag/@metamask/multichain-api-middleware@0.1.0

package/dist/handlers/wallet-createSession.cjs

@@ -103,7 +103,7 @@ async function walletCreateSessionHandler(req, res, _next, end, hooks) {
             isMultichainOrigin: true,
             sessionProperties: filteredSessionProperties,
         };
-        const requestedCaip25CaveatValueWithSupportedAccounts = (0, chain_agnostic_permission_1.setPermittedAccounts)(requestedCaip25CaveatValue, supportedRequestedAccountAddresses);
+        const requestedCaip25CaveatValueWithSupportedAccounts = (0, chain_agnostic_permission_1.setNonSCACaipAccountIdsInCaip25CaveatValue)(requestedCaip25CaveatValue, supportedRequestedAccountAddresses);
         const [grantedPermissions] = await hooks.requestPermissionsForOrigin({
             [chain_agnostic_permission_1.Caip25EndowmentPermissionName]: {
                 caveats: [

package/dist/handlers/wallet-createSession.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"wallet-createSession.cjs","sourceRoot":"","sources":["../../src/handlers/wallet-createSession.ts"],"names":[],"mappings":";;;AAAA,mFAe6C;AAC7C,iEAAoE;AAMpE,2EAGyC;AACzC,qDAA+D;AAC/D,2CAUyB;AAIzB;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,KAAK,UAAU,0BAA0B,CACvC,GAA6D,EAC7D,GAGE,EACF,KAAgC,EAChC,GAA6B,EAC7B,KAaC;IAED,IAAI,CAAC,IAAA,qBAAa,EAAC,GAAG,CAAC,MAAM,CAAC,EAAE;QAC9B,OAAO,GAAG,CAAC,IAAA,qCAAa,EAAC,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;KACvD;IACD,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,iBAAiB,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAEzE,IAAI,iBAAiB,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;QACpE,OAAO,GAAG,CAAC,IAAI,yBAAY,CAAC,IAAI,EAAE,qCAAqC,CAAC,CAAC,CAAC;KAC3E;IAED,MAAM,yBAAyB,GAAG,MAAM,CAAC,WAAW,CAClD,MAAM,CAAC,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CACvD,IAAA,uDAA2B,EAAC,GAAG,CAAC,CACjC,CACF,CAAC;IAEF,IAAI;QACF,MAAM,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,GAC1D,IAAA,sDAA0B,EAAC,cAAc,IAAI,EAAE,EAAE,cAAc,IAAI,EAAE,CAAC,CAAC;QAEzE,MAAM,kDAAkD,GACtD,IAAA,oDAAwB,EAAC,wBAAwB,EAAE;YACjD,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QACL,MAAM,kDAAkD,GACtD,IAAA,oDAAwB,EAAC,wBAAwB,EAAE;YACjD,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QAEL,MAAM,6BAA6B,GAAG,CAAC,OAAY,EAAE,EAAE;YACrD,IAAI;gBACF,KAAK,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;gBAC5C,OAAO,IAAI,CAAC;aACb;YAAC,MAAM;gBACN,OAAO,KAAK,CAAC;aACd;QACH,CAAC,CAAC;QAEF,MAAM,EAAE,eAAe,EAAE,uBAAuB,EAAE,GAAG,IAAA,wCAAY,EAC/D,kDAAkD,EAClD;YACE,qBAAqB,EAAE,6BAA6B;YACpD,uBAAuB,EAAE,GAAG,EAAE,CAAC,KAAK;YACpC,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;YAC1D,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;SACrD,CACF,CAAC;QAEF,MAAM,EAAE,eAAe,EAAE,uBAAuB,EAAE,GAAG,IAAA,wCAAY,EAC/D,kDAAkD,EAClD;YACE,qBAAqB,EAAE,6BAA6B;YACpD,uBAAuB,EAAE,GAAG,EAAE,CAAC,KAAK;YACpC,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;YAC1D,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;SACrD,CACF,CAAC;QAEF,MAAM,4BAA4B,GAAG,IAAA,8DAAkC,EAAC;YACtE,uBAAuB;YACvB,uBAAuB;SACxB,CAAC,CAAC;QAEH,MAAM,iCAAiC,GAAG,IAAA,yDAA6B,EAAC;YACtE,uBAAuB;YACvB,uBAAuB;SACxB,CAAC,CAAC;QAEH,IAAI,iCAAiC,CAAC,MAAM,KAAK,CAAC,EAAE;YAClD,OAAO,GAAG,CAAC,IAAI,yBAAY,CAAC,IAAI,EAAE,oCAAoC,CAAC,CAAC,CAAC;SAC1E;QAED,MAAM,oBAAoB,GAAG,KAAK;aAC/B,YAAY,EAAE;aACd,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAErC,MAAM,kCAAkC,GACtC,4BAA4B,CAAC,MAAM,CACjC,CAAC,uBAAsC,EAAE,EAAE;YACzC,MAAM,EACJ,OAAO,EACP,KAAK,EAAE,EAAE,SAAS,EAAE,EACpB,OAAO,EAAE,WAAW,GACrB,GAAG,IAAA,0BAAkB,EAAC,uBAAuB,CAAC,CAAC;YAChD,IAAI,SAAS,KAAK,0BAAkB,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE;gBACtD,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,kBAAkB,EAAE,EAAE;oBACtD,OAAO,IAAA,yCAAsB,EAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;gBAC7D,CAAC,CAAC,CAAC;aACJ;YAED,oEAAoE;YACpE,OAAO,KAAK;iBACT,yBAAyB,CAAC,WAAW,CAAC;iBACtC,IAAI,CAAC,CAAC,mBAAmB,EAAE,EAAE;gBAC5B,OAAO,uBAAuB,KAAK,mBAAmB,CAAC;YACzD,CAAC,CAAC,CAAC;QACP,CAAC,CACF,CAAC;QAEJ,MAAM,0BAA0B,GAAG;YACjC,cAAc,EAAE,IAAA,mDAAuB,EAAC,uBAAuB,CAAC;YAChE,cAAc,EAAE,IAAA,mDAAuB,EAAC,uBAAuB,CAAC;YAChE,kBAAkB,EAAE,IAAI;YACxB,iBAAiB,EAAE,yBAAyB;SAC7C,CAAC;QAEF,MAAM,+CAA+C,GACnD,IAAA,gDAAoB,EAClB,0BAA0B,EAC1B,kCAAkC,CACnC,CAAC;QAEJ,MAAM,CAAC,kBAAkB,CAAC,GAAG,MAAM,KAAK,CAAC,2BAA2B,CAAC;YACnE,CAAC,yDAA6B,CAAC,EAAE;gBAC/B,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,4CAAgB;wBACtB,KAAK,EAAE,+CAA+C;qBACvD;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,wBAAwB,GAC5B,kBAAkB,CAAC,yDAA6B,CAAC,CAAC;QACpD,MAAM,yBAAyB,GAAG,wBAAwB,EAAE,OAAO,EAAE,IAAI,CACvE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,4CAAgB,CAC7C,EAAE,KAA0B,CAAC;QAC9B,IAAI,CAAC,yBAAyB,EAAE;YAC9B,MAAM,sBAAS,CAAC,QAAQ,EAAE,CAAC;SAC5B;QAED,MAAM,aAAa,GAAG,IAAA,4CAAgB,EAAC,yBAAyB,EAAE;YAChE,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QAEH,MAAM,EAAE,iBAAiB,EAAE,yBAAyB,GAAG,EAAE,EAAE,GACzD,yBAAyB,CAAC;QAE5B,KAAK,CAAC,wBAAwB,EAAE,CAAC,yBAAyB,CAAC,CAAC;QAE5D,GAAG,CAAC,MAAM,GAAG;YACX,aAAa;YACb,iBAAiB,EAAE,yBAAyB;SAC7C,CAAC;QACF,OAAO,GAAG,EAAE,CAAC;KACd;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;KACjB;AACH,CAAC;AAEY,QAAA,mBAAmB,GAAG;IACjC,WAAW,EAAE,CAAC,sBAAsB,CAAC;IACrC,cAAc,EAAE,0BAA0B;IAC1C,SAAS,EAAE;QACT,4BAA4B,EAAE,IAAI;QAClC,YAAY,EAAE,IAAI;QAClB,2BAA2B,EAAE,IAAI;QACjC,yBAAyB,EAAE,IAAI;QAC/B,sBAAsB,EAAE,IAAI;QAC5B,yBAAyB,EAAE,IAAI;QAC/B,wBAAwB,EAAE,IAAI;KAC/B;CACF,CAAC","sourcesContent":["import {\n  Caip25CaveatType,\n  Caip25EndowmentPermissionName,\n  bucketScopes,\n  validateAndNormalizeScopes,\n  type Caip25Authorization,\n  getInternalScopesObject,\n  getSessionScopes,\n  type NormalizedScopesObject,\n  getSupportedScopeObjects,\n  type Caip25CaveatValue,\n  isKnownSessionPropertyValue,\n  getCaipAccountIdsFromScopesObjects,\n  getAllScopesFromScopesObjects,\n  setPermittedAccounts,\n} from '@metamask/chain-agnostic-permission';\nimport { isEqualCaseInsensitive } from '@metamask/controller-utils';\nimport type {\n  JsonRpcEngineEndCallback,\n  JsonRpcEngineNextCallback,\n} from '@metamask/json-rpc-engine';\nimport type { NetworkController } from '@metamask/network-controller';\nimport {\n  invalidParams,\n  type RequestedPermissions,\n} from '@metamask/permission-controller';\nimport { JsonRpcError, rpcErrors } from '@metamask/rpc-errors';\nimport {\n  type CaipAccountId,\n  type CaipChainId,\n  type Hex,\n  isPlainObject,\n  type Json,\n  type JsonRpcRequest,\n  type JsonRpcSuccess,\n  KnownCaipNamespace,\n  parseCaipAccountId,\n} from '@metamask/utils';\n\nimport type { GrantedPermissions } from './types';\n\n/**\n * Handler for the `wallet_createSession` RPC method which is responsible\n * for prompting for approval and granting a CAIP-25 permission.\n *\n * This implementation primarily deviates from the CAIP-25 handler\n * specification by treating all scopes as optional regardless of\n * if they were specified in `requiredScopes` or `optionalScopes`.\n * Additionally, provided scopes, methods, notifications, and\n * account values that are invalid/malformed are ignored rather than\n * causing an error to be returned.\n *\n * @param req - The request object.\n * @param res - The response object.\n * @param _next - The next middleware function.\n * @param end - The end function.\n * @param hooks - The hooks object.\n * @param hooks.listAccounts - The hook that returns an array of the wallet's evm accounts.\n * @param hooks.findNetworkClientIdByChainId - The hook that returns the networkClientId for a chainId.\n * @param hooks.requestPermissionsForOrigin - The hook that approves and grants requested permissions.\n * @param hooks.getNonEvmSupportedMethods - The hook that returns the supported methods for a non EVM scope.\n * @param hooks.isNonEvmScopeSupported - The hook that returns true if a non EVM scope is supported.\n * @param hooks.getNonEvmAccountAddresses - The hook that returns a list of CaipAccountIds that are supported for a CaipChainId.\n * @param hooks.trackSessionCreatedEvent - An optional hook for platform specific logic to run. Can be undefined.\n * @returns A promise with wallet_createSession handler\n */\nasync function walletCreateSessionHandler(\n  req: JsonRpcRequest<Caip25Authorization> & { origin: string },\n  res: JsonRpcSuccess<{\n    sessionScopes: NormalizedScopesObject;\n    sessionProperties?: Record<string, Json>;\n  }>,\n  _next: JsonRpcEngineNextCallback,\n  end: JsonRpcEngineEndCallback,\n  hooks: {\n    listAccounts: () => { address: string }[];\n    findNetworkClientIdByChainId: NetworkController['findNetworkClientIdByChainId'];\n    requestPermissionsForOrigin: (\n      requestedPermissions: RequestedPermissions,\n      metadata?: Record<string, Json>,\n    ) => Promise<[GrantedPermissions]>;\n    getNonEvmSupportedMethods: (scope: CaipChainId) => string[];\n    isNonEvmScopeSupported: (scope: CaipChainId) => boolean;\n    getNonEvmAccountAddresses: (scope: CaipChainId) => CaipAccountId[];\n    trackSessionCreatedEvent?: (\n      approvedCaip25CaveatValue: Caip25CaveatValue,\n    ) => void;\n  },\n) {\n  if (!isPlainObject(req.params)) {\n    return end(invalidParams({ data: { request: req } }));\n  }\n  const { requiredScopes, optionalScopes, sessionProperties } = req.params;\n\n  if (sessionProperties && Object.keys(sessionProperties).length === 0) {\n    return end(new JsonRpcError(5302, 'Invalid sessionProperties requested'));\n  }\n\n  const filteredSessionProperties = Object.fromEntries(\n    Object.entries(sessionProperties ?? {}).filter(([key]) =>\n      isKnownSessionPropertyValue(key),\n    ),\n  );\n\n  try {\n    const { normalizedRequiredScopes, normalizedOptionalScopes } =\n      validateAndNormalizeScopes(requiredScopes || {}, optionalScopes || {});\n\n    const requiredScopesWithSupportedMethodsAndNotifications =\n      getSupportedScopeObjects(normalizedRequiredScopes, {\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n      });\n    const optionalScopesWithSupportedMethodsAndNotifications =\n      getSupportedScopeObjects(normalizedOptionalScopes, {\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n      });\n\n    const networkClientExistsForChainId = (chainId: Hex) => {\n      try {\n        hooks.findNetworkClientIdByChainId(chainId);\n        return true;\n      } catch {\n        return false;\n      }\n    };\n\n    const { supportedScopes: supportedRequiredScopes } = bucketScopes(\n      requiredScopesWithSupportedMethodsAndNotifications,\n      {\n        isEvmChainIdSupported: networkClientExistsForChainId,\n        isEvmChainIdSupportable: () => false, // intended for future usage with eip3085 scopedProperties\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n        isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,\n      },\n    );\n\n    const { supportedScopes: supportedOptionalScopes } = bucketScopes(\n      optionalScopesWithSupportedMethodsAndNotifications,\n      {\n        isEvmChainIdSupported: networkClientExistsForChainId,\n        isEvmChainIdSupportable: () => false, // intended for future usage with eip3085 scopedProperties\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n        isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,\n      },\n    );\n\n    const allRequestedAccountAddresses = getCaipAccountIdsFromScopesObjects([\n      supportedRequiredScopes,\n      supportedOptionalScopes,\n    ]);\n\n    const allSupportedRequestedCaipChainIds = getAllScopesFromScopesObjects([\n      supportedRequiredScopes,\n      supportedOptionalScopes,\n    ]);\n\n    if (allSupportedRequestedCaipChainIds.length === 0) {\n      return end(new JsonRpcError(5100, 'Requested scopes are not supported'));\n    }\n\n    const existingEvmAddresses = hooks\n      .listAccounts()\n      .map((account) => account.address);\n\n    const supportedRequestedAccountAddresses =\n      allRequestedAccountAddresses.filter(\n        (requestedAccountAddress: CaipAccountId) => {\n          const {\n            address,\n            chain: { namespace },\n            chainId: caipChainId,\n          } = parseCaipAccountId(requestedAccountAddress);\n          if (namespace === KnownCaipNamespace.Eip155.toString()) {\n            return existingEvmAddresses.some((existingEvmAddress) => {\n              return isEqualCaseInsensitive(address, existingEvmAddress);\n            });\n          }\n\n          // If the namespace is not eip155 (EVM) we do a case sensitive check\n          return hooks\n            .getNonEvmAccountAddresses(caipChainId)\n            .some((existingCaipAddress) => {\n              return requestedAccountAddress === existingCaipAddress;\n            });\n        },\n      );\n\n    const requestedCaip25CaveatValue = {\n      requiredScopes: getInternalScopesObject(supportedRequiredScopes),\n      optionalScopes: getInternalScopesObject(supportedOptionalScopes),\n      isMultichainOrigin: true,\n      sessionProperties: filteredSessionProperties,\n    };\n\n    const requestedCaip25CaveatValueWithSupportedAccounts =\n      setPermittedAccounts(\n        requestedCaip25CaveatValue,\n        supportedRequestedAccountAddresses,\n      );\n\n    const [grantedPermissions] = await hooks.requestPermissionsForOrigin({\n      [Caip25EndowmentPermissionName]: {\n        caveats: [\n          {\n            type: Caip25CaveatType,\n            value: requestedCaip25CaveatValueWithSupportedAccounts,\n          },\n        ],\n      },\n    });\n\n    const approvedCaip25Permission =\n      grantedPermissions[Caip25EndowmentPermissionName];\n    const approvedCaip25CaveatValue = approvedCaip25Permission?.caveats?.find(\n      (caveat) => caveat.type === Caip25CaveatType,\n    )?.value as Caip25CaveatValue;\n    if (!approvedCaip25CaveatValue) {\n      throw rpcErrors.internal();\n    }\n\n    const sessionScopes = getSessionScopes(approvedCaip25CaveatValue, {\n      getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n    });\n\n    const { sessionProperties: approvedSessionProperties = {} } =\n      approvedCaip25CaveatValue;\n\n    hooks.trackSessionCreatedEvent?.(approvedCaip25CaveatValue);\n\n    res.result = {\n      sessionScopes,\n      sessionProperties: approvedSessionProperties,\n    };\n    return end();\n  } catch (err) {\n    return end(err);\n  }\n}\n\nexport const walletCreateSession = {\n  methodNames: ['wallet_createSession'],\n  implementation: walletCreateSessionHandler,\n  hookNames: {\n    findNetworkClientIdByChainId: true,\n    listAccounts: true,\n    requestPermissionsForOrigin: true,\n    getNonEvmSupportedMethods: true,\n    isNonEvmScopeSupported: true,\n    getNonEvmAccountAddresses: true,\n    trackSessionCreatedEvent: true,\n  },\n};\n"]}
+{"version":3,"file":"wallet-createSession.cjs","sourceRoot":"","sources":["../../src/handlers/wallet-createSession.ts"],"names":[],"mappings":";;;AAAA,mFAe6C;AAC7C,iEAAoE;AAMpE,2EAGyC;AACzC,qDAA+D;AAC/D,2CAUyB;AAIzB;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,KAAK,UAAU,0BAA0B,CACvC,GAA6D,EAC7D,GAGE,EACF,KAAgC,EAChC,GAA6B,EAC7B,KAaC;IAED,IAAI,CAAC,IAAA,qBAAa,EAAC,GAAG,CAAC,MAAM,CAAC,EAAE;QAC9B,OAAO,GAAG,CAAC,IAAA,qCAAa,EAAC,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;KACvD;IACD,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,iBAAiB,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAEzE,IAAI,iBAAiB,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;QACpE,OAAO,GAAG,CAAC,IAAI,yBAAY,CAAC,IAAI,EAAE,qCAAqC,CAAC,CAAC,CAAC;KAC3E;IAED,MAAM,yBAAyB,GAAG,MAAM,CAAC,WAAW,CAClD,MAAM,CAAC,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CACvD,IAAA,uDAA2B,EAAC,GAAG,CAAC,CACjC,CACF,CAAC;IAEF,IAAI;QACF,MAAM,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,GAC1D,IAAA,sDAA0B,EAAC,cAAc,IAAI,EAAE,EAAE,cAAc,IAAI,EAAE,CAAC,CAAC;QAEzE,MAAM,kDAAkD,GACtD,IAAA,oDAAwB,EAAC,wBAAwB,EAAE;YACjD,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QACL,MAAM,kDAAkD,GACtD,IAAA,oDAAwB,EAAC,wBAAwB,EAAE;YACjD,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QAEL,MAAM,6BAA6B,GAAG,CAAC,OAAY,EAAE,EAAE;YACrD,IAAI;gBACF,KAAK,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;gBAC5C,OAAO,IAAI,CAAC;aACb;YAAC,MAAM;gBACN,OAAO,KAAK,CAAC;aACd;QACH,CAAC,CAAC;QAEF,MAAM,EAAE,eAAe,EAAE,uBAAuB,EAAE,GAAG,IAAA,wCAAY,EAC/D,kDAAkD,EAClD;YACE,qBAAqB,EAAE,6BAA6B;YACpD,uBAAuB,EAAE,GAAG,EAAE,CAAC,KAAK;YACpC,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;YAC1D,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;SACrD,CACF,CAAC;QAEF,MAAM,EAAE,eAAe,EAAE,uBAAuB,EAAE,GAAG,IAAA,wCAAY,EAC/D,kDAAkD,EAClD;YACE,qBAAqB,EAAE,6BAA6B;YACpD,uBAAuB,EAAE,GAAG,EAAE,CAAC,KAAK;YACpC,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;YAC1D,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;SACrD,CACF,CAAC;QAEF,MAAM,4BAA4B,GAAG,IAAA,8DAAkC,EAAC;YACtE,uBAAuB;YACvB,uBAAuB;SACxB,CAAC,CAAC;QAEH,MAAM,iCAAiC,GAAG,IAAA,yDAA6B,EAAC;YACtE,uBAAuB;YACvB,uBAAuB;SACxB,CAAC,CAAC;QAEH,IAAI,iCAAiC,CAAC,MAAM,KAAK,CAAC,EAAE;YAClD,OAAO,GAAG,CAAC,IAAI,yBAAY,CAAC,IAAI,EAAE,oCAAoC,CAAC,CAAC,CAAC;SAC1E;QAED,MAAM,oBAAoB,GAAG,KAAK;aAC/B,YAAY,EAAE;aACd,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAErC,MAAM,kCAAkC,GACtC,4BAA4B,CAAC,MAAM,CACjC,CAAC,uBAAsC,EAAE,EAAE;YACzC,MAAM,EACJ,OAAO,EACP,KAAK,EAAE,EAAE,SAAS,EAAE,EACpB,OAAO,EAAE,WAAW,GACrB,GAAG,IAAA,0BAAkB,EAAC,uBAAuB,CAAC,CAAC;YAChD,IAAI,SAAS,KAAK,0BAAkB,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE;gBACtD,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,kBAAkB,EAAE,EAAE;oBACtD,OAAO,IAAA,yCAAsB,EAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;gBAC7D,CAAC,CAAC,CAAC;aACJ;YAED,oEAAoE;YACpE,OAAO,KAAK;iBACT,yBAAyB,CAAC,WAAW,CAAC;iBACtC,IAAI,CAAC,CAAC,mBAAmB,EAAE,EAAE;gBAC5B,OAAO,uBAAuB,KAAK,mBAAmB,CAAC;YACzD,CAAC,CAAC,CAAC;QACP,CAAC,CACF,CAAC;QAEJ,MAAM,0BAA0B,GAAG;YACjC,cAAc,EAAE,IAAA,mDAAuB,EAAC,uBAAuB,CAAC;YAChE,cAAc,EAAE,IAAA,mDAAuB,EAAC,uBAAuB,CAAC;YAChE,kBAAkB,EAAE,IAAI;YACxB,iBAAiB,EAAE,yBAAyB;SAC7C,CAAC;QAEF,MAAM,+CAA+C,GACnD,IAAA,sEAA0C,EACxC,0BAA0B,EAC1B,kCAAkC,CACnC,CAAC;QAEJ,MAAM,CAAC,kBAAkB,CAAC,GAAG,MAAM,KAAK,CAAC,2BAA2B,CAAC;YACnE,CAAC,yDAA6B,CAAC,EAAE;gBAC/B,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,4CAAgB;wBACtB,KAAK,EAAE,+CAA+C;qBACvD;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,wBAAwB,GAC5B,kBAAkB,CAAC,yDAA6B,CAAC,CAAC;QACpD,MAAM,yBAAyB,GAAG,wBAAwB,EAAE,OAAO,EAAE,IAAI,CACvE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,4CAAgB,CAC7C,EAAE,KAA0B,CAAC;QAC9B,IAAI,CAAC,yBAAyB,EAAE;YAC9B,MAAM,sBAAS,CAAC,QAAQ,EAAE,CAAC;SAC5B;QAED,MAAM,aAAa,GAAG,IAAA,4CAAgB,EAAC,yBAAyB,EAAE;YAChE,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QAEH,MAAM,EAAE,iBAAiB,EAAE,yBAAyB,GAAG,EAAE,EAAE,GACzD,yBAAyB,CAAC;QAE5B,KAAK,CAAC,wBAAwB,EAAE,CAAC,yBAAyB,CAAC,CAAC;QAE5D,GAAG,CAAC,MAAM,GAAG;YACX,aAAa;YACb,iBAAiB,EAAE,yBAAyB;SAC7C,CAAC;QACF,OAAO,GAAG,EAAE,CAAC;KACd;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;KACjB;AACH,CAAC;AAEY,QAAA,mBAAmB,GAAG;IACjC,WAAW,EAAE,CAAC,sBAAsB,CAAC;IACrC,cAAc,EAAE,0BAA0B;IAC1C,SAAS,EAAE;QACT,4BAA4B,EAAE,IAAI;QAClC,YAAY,EAAE,IAAI;QAClB,2BAA2B,EAAE,IAAI;QACjC,yBAAyB,EAAE,IAAI;QAC/B,sBAAsB,EAAE,IAAI;QAC5B,yBAAyB,EAAE,IAAI;QAC/B,wBAAwB,EAAE,IAAI;KAC/B;CACF,CAAC","sourcesContent":["import {\n  Caip25CaveatType,\n  Caip25EndowmentPermissionName,\n  bucketScopes,\n  validateAndNormalizeScopes,\n  type Caip25Authorization,\n  getInternalScopesObject,\n  getSessionScopes,\n  type NormalizedScopesObject,\n  getSupportedScopeObjects,\n  type Caip25CaveatValue,\n  isKnownSessionPropertyValue,\n  getCaipAccountIdsFromScopesObjects,\n  getAllScopesFromScopesObjects,\n  setNonSCACaipAccountIdsInCaip25CaveatValue,\n} from '@metamask/chain-agnostic-permission';\nimport { isEqualCaseInsensitive } from '@metamask/controller-utils';\nimport type {\n  JsonRpcEngineEndCallback,\n  JsonRpcEngineNextCallback,\n} from '@metamask/json-rpc-engine';\nimport type { NetworkController } from '@metamask/network-controller';\nimport {\n  invalidParams,\n  type RequestedPermissions,\n} from '@metamask/permission-controller';\nimport { JsonRpcError, rpcErrors } from '@metamask/rpc-errors';\nimport {\n  type CaipAccountId,\n  type CaipChainId,\n  type Hex,\n  isPlainObject,\n  type Json,\n  type JsonRpcRequest,\n  type JsonRpcSuccess,\n  KnownCaipNamespace,\n  parseCaipAccountId,\n} from '@metamask/utils';\n\nimport type { GrantedPermissions } from './types';\n\n/**\n * Handler for the `wallet_createSession` RPC method which is responsible\n * for prompting for approval and granting a CAIP-25 permission.\n *\n * This implementation primarily deviates from the CAIP-25 handler\n * specification by treating all scopes as optional regardless of\n * if they were specified in `requiredScopes` or `optionalScopes`.\n * Additionally, provided scopes, methods, notifications, and\n * account values that are invalid/malformed are ignored rather than\n * causing an error to be returned.\n *\n * @param req - The request object.\n * @param res - The response object.\n * @param _next - The next middleware function.\n * @param end - The end function.\n * @param hooks - The hooks object.\n * @param hooks.listAccounts - The hook that returns an array of the wallet's evm accounts.\n * @param hooks.findNetworkClientIdByChainId - The hook that returns the networkClientId for a chainId.\n * @param hooks.requestPermissionsForOrigin - The hook that approves and grants requested permissions.\n * @param hooks.getNonEvmSupportedMethods - The hook that returns the supported methods for a non EVM scope.\n * @param hooks.isNonEvmScopeSupported - The hook that returns true if a non EVM scope is supported.\n * @param hooks.getNonEvmAccountAddresses - The hook that returns a list of CaipAccountIds that are supported for a CaipChainId.\n * @param hooks.trackSessionCreatedEvent - An optional hook for platform specific logic to run. Can be undefined.\n * @returns A promise with wallet_createSession handler\n */\nasync function walletCreateSessionHandler(\n  req: JsonRpcRequest<Caip25Authorization> & { origin: string },\n  res: JsonRpcSuccess<{\n    sessionScopes: NormalizedScopesObject;\n    sessionProperties?: Record<string, Json>;\n  }>,\n  _next: JsonRpcEngineNextCallback,\n  end: JsonRpcEngineEndCallback,\n  hooks: {\n    listAccounts: () => { address: string }[];\n    findNetworkClientIdByChainId: NetworkController['findNetworkClientIdByChainId'];\n    requestPermissionsForOrigin: (\n      requestedPermissions: RequestedPermissions,\n      metadata?: Record<string, Json>,\n    ) => Promise<[GrantedPermissions]>;\n    getNonEvmSupportedMethods: (scope: CaipChainId) => string[];\n    isNonEvmScopeSupported: (scope: CaipChainId) => boolean;\n    getNonEvmAccountAddresses: (scope: CaipChainId) => CaipAccountId[];\n    trackSessionCreatedEvent?: (\n      approvedCaip25CaveatValue: Caip25CaveatValue,\n    ) => void;\n  },\n) {\n  if (!isPlainObject(req.params)) {\n    return end(invalidParams({ data: { request: req } }));\n  }\n  const { requiredScopes, optionalScopes, sessionProperties } = req.params;\n\n  if (sessionProperties && Object.keys(sessionProperties).length === 0) {\n    return end(new JsonRpcError(5302, 'Invalid sessionProperties requested'));\n  }\n\n  const filteredSessionProperties = Object.fromEntries(\n    Object.entries(sessionProperties ?? {}).filter(([key]) =>\n      isKnownSessionPropertyValue(key),\n    ),\n  );\n\n  try {\n    const { normalizedRequiredScopes, normalizedOptionalScopes } =\n      validateAndNormalizeScopes(requiredScopes || {}, optionalScopes || {});\n\n    const requiredScopesWithSupportedMethodsAndNotifications =\n      getSupportedScopeObjects(normalizedRequiredScopes, {\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n      });\n    const optionalScopesWithSupportedMethodsAndNotifications =\n      getSupportedScopeObjects(normalizedOptionalScopes, {\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n      });\n\n    const networkClientExistsForChainId = (chainId: Hex) => {\n      try {\n        hooks.findNetworkClientIdByChainId(chainId);\n        return true;\n      } catch {\n        return false;\n      }\n    };\n\n    const { supportedScopes: supportedRequiredScopes } = bucketScopes(\n      requiredScopesWithSupportedMethodsAndNotifications,\n      {\n        isEvmChainIdSupported: networkClientExistsForChainId,\n        isEvmChainIdSupportable: () => false, // intended for future usage with eip3085 scopedProperties\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n        isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,\n      },\n    );\n\n    const { supportedScopes: supportedOptionalScopes } = bucketScopes(\n      optionalScopesWithSupportedMethodsAndNotifications,\n      {\n        isEvmChainIdSupported: networkClientExistsForChainId,\n        isEvmChainIdSupportable: () => false, // intended for future usage with eip3085 scopedProperties\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n        isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,\n      },\n    );\n\n    const allRequestedAccountAddresses = getCaipAccountIdsFromScopesObjects([\n      supportedRequiredScopes,\n      supportedOptionalScopes,\n    ]);\n\n    const allSupportedRequestedCaipChainIds = getAllScopesFromScopesObjects([\n      supportedRequiredScopes,\n      supportedOptionalScopes,\n    ]);\n\n    if (allSupportedRequestedCaipChainIds.length === 0) {\n      return end(new JsonRpcError(5100, 'Requested scopes are not supported'));\n    }\n\n    const existingEvmAddresses = hooks\n      .listAccounts()\n      .map((account) => account.address);\n\n    const supportedRequestedAccountAddresses =\n      allRequestedAccountAddresses.filter(\n        (requestedAccountAddress: CaipAccountId) => {\n          const {\n            address,\n            chain: { namespace },\n            chainId: caipChainId,\n          } = parseCaipAccountId(requestedAccountAddress);\n          if (namespace === KnownCaipNamespace.Eip155.toString()) {\n            return existingEvmAddresses.some((existingEvmAddress) => {\n              return isEqualCaseInsensitive(address, existingEvmAddress);\n            });\n          }\n\n          // If the namespace is not eip155 (EVM) we do a case sensitive check\n          return hooks\n            .getNonEvmAccountAddresses(caipChainId)\n            .some((existingCaipAddress) => {\n              return requestedAccountAddress === existingCaipAddress;\n            });\n        },\n      );\n\n    const requestedCaip25CaveatValue = {\n      requiredScopes: getInternalScopesObject(supportedRequiredScopes),\n      optionalScopes: getInternalScopesObject(supportedOptionalScopes),\n      isMultichainOrigin: true,\n      sessionProperties: filteredSessionProperties,\n    };\n\n    const requestedCaip25CaveatValueWithSupportedAccounts =\n      setNonSCACaipAccountIdsInCaip25CaveatValue(\n        requestedCaip25CaveatValue,\n        supportedRequestedAccountAddresses,\n      );\n\n    const [grantedPermissions] = await hooks.requestPermissionsForOrigin({\n      [Caip25EndowmentPermissionName]: {\n        caveats: [\n          {\n            type: Caip25CaveatType,\n            value: requestedCaip25CaveatValueWithSupportedAccounts,\n          },\n        ],\n      },\n    });\n\n    const approvedCaip25Permission =\n      grantedPermissions[Caip25EndowmentPermissionName];\n    const approvedCaip25CaveatValue = approvedCaip25Permission?.caveats?.find(\n      (caveat) => caveat.type === Caip25CaveatType,\n    )?.value as Caip25CaveatValue;\n    if (!approvedCaip25CaveatValue) {\n      throw rpcErrors.internal();\n    }\n\n    const sessionScopes = getSessionScopes(approvedCaip25CaveatValue, {\n      getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n    });\n\n    const { sessionProperties: approvedSessionProperties = {} } =\n      approvedCaip25CaveatValue;\n\n    hooks.trackSessionCreatedEvent?.(approvedCaip25CaveatValue);\n\n    res.result = {\n      sessionScopes,\n      sessionProperties: approvedSessionProperties,\n    };\n    return end();\n  } catch (err) {\n    return end(err);\n  }\n}\n\nexport const walletCreateSession = {\n  methodNames: ['wallet_createSession'],\n  implementation: walletCreateSessionHandler,\n  hookNames: {\n    findNetworkClientIdByChainId: true,\n    listAccounts: true,\n    requestPermissionsForOrigin: true,\n    getNonEvmSupportedMethods: true,\n    isNonEvmScopeSupported: true,\n    getNonEvmAccountAddresses: true,\n    trackSessionCreatedEvent: true,\n  },\n};\n"]}

package/dist/handlers/wallet-createSession.mjs

@@ -1,4 +1,4 @@
-import { Caip25CaveatType, Caip25EndowmentPermissionName, bucketScopes, validateAndNormalizeScopes, getInternalScopesObject, getSessionScopes, getSupportedScopeObjects, isKnownSessionPropertyValue, getCaipAccountIdsFromScopesObjects, getAllScopesFromScopesObjects, setPermittedAccounts } from "@metamask/chain-agnostic-permission";
+import { Caip25CaveatType, Caip25EndowmentPermissionName, bucketScopes, validateAndNormalizeScopes, getInternalScopesObject, getSessionScopes, getSupportedScopeObjects, isKnownSessionPropertyValue, getCaipAccountIdsFromScopesObjects, getAllScopesFromScopesObjects, setNonSCACaipAccountIdsInCaip25CaveatValue } from "@metamask/chain-agnostic-permission";
 import { isEqualCaseInsensitive } from "@metamask/controller-utils";
 import { invalidParams } from "@metamask/permission-controller";
 import { JsonRpcError, rpcErrors } from "@metamask/rpc-errors";
@@ -100,7 +100,7 @@ async function walletCreateSessionHandler(req, res, _next, end, hooks) {
             isMultichainOrigin: true,
             sessionProperties: filteredSessionProperties,
         };
-        const requestedCaip25CaveatValueWithSupportedAccounts = setPermittedAccounts(requestedCaip25CaveatValue, supportedRequestedAccountAddresses);
+        const requestedCaip25CaveatValueWithSupportedAccounts = setNonSCACaipAccountIdsInCaip25CaveatValue(requestedCaip25CaveatValue, supportedRequestedAccountAddresses);
         const [grantedPermissions] = await hooks.requestPermissionsForOrigin({
             [Caip25EndowmentPermissionName]: {
                 caveats: [

package/dist/handlers/wallet-createSession.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"wallet-createSession.mjs","sourceRoot":"","sources":["../../src/handlers/wallet-createSession.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,6BAA6B,EAC7B,YAAY,EACZ,0BAA0B,EAE1B,uBAAuB,EACvB,gBAAgB,EAEhB,wBAAwB,EAExB,2BAA2B,EAC3B,kCAAkC,EAClC,6BAA6B,EAC7B,oBAAoB,EACrB,4CAA4C;AAC7C,OAAO,EAAE,sBAAsB,EAAE,mCAAmC;AAMpE,OAAO,EACL,aAAa,EAEd,wCAAwC;AACzC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,6BAA6B;AAC/D,OAAO,EAIL,aAAa,EAIb,kBAAkB,EAClB,kBAAkB,EACnB,wBAAwB;AAIzB;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,KAAK,UAAU,0BAA0B,CACvC,GAA6D,EAC7D,GAGE,EACF,KAAgC,EAChC,GAA6B,EAC7B,KAaC;IAED,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;QAC9B,OAAO,GAAG,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;KACvD;IACD,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,iBAAiB,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAEzE,IAAI,iBAAiB,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;QACpE,OAAO,GAAG,CAAC,IAAI,YAAY,CAAC,IAAI,EAAE,qCAAqC,CAAC,CAAC,CAAC;KAC3E;IAED,MAAM,yBAAyB,GAAG,MAAM,CAAC,WAAW,CAClD,MAAM,CAAC,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CACvD,2BAA2B,CAAC,GAAG,CAAC,CACjC,CACF,CAAC;IAEF,IAAI;QACF,MAAM,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,GAC1D,0BAA0B,CAAC,cAAc,IAAI,EAAE,EAAE,cAAc,IAAI,EAAE,CAAC,CAAC;QAEzE,MAAM,kDAAkD,GACtD,wBAAwB,CAAC,wBAAwB,EAAE;YACjD,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QACL,MAAM,kDAAkD,GACtD,wBAAwB,CAAC,wBAAwB,EAAE;YACjD,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QAEL,MAAM,6BAA6B,GAAG,CAAC,OAAY,EAAE,EAAE;YACrD,IAAI;gBACF,KAAK,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;gBAC5C,OAAO,IAAI,CAAC;aACb;YAAC,MAAM;gBACN,OAAO,KAAK,CAAC;aACd;QACH,CAAC,CAAC;QAEF,MAAM,EAAE,eAAe,EAAE,uBAAuB,EAAE,GAAG,YAAY,CAC/D,kDAAkD,EAClD;YACE,qBAAqB,EAAE,6BAA6B;YACpD,uBAAuB,EAAE,GAAG,EAAE,CAAC,KAAK;YACpC,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;YAC1D,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;SACrD,CACF,CAAC;QAEF,MAAM,EAAE,eAAe,EAAE,uBAAuB,EAAE,GAAG,YAAY,CAC/D,kDAAkD,EAClD;YACE,qBAAqB,EAAE,6BAA6B;YACpD,uBAAuB,EAAE,GAAG,EAAE,CAAC,KAAK;YACpC,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;YAC1D,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;SACrD,CACF,CAAC;QAEF,MAAM,4BAA4B,GAAG,kCAAkC,CAAC;YACtE,uBAAuB;YACvB,uBAAuB;SACxB,CAAC,CAAC;QAEH,MAAM,iCAAiC,GAAG,6BAA6B,CAAC;YACtE,uBAAuB;YACvB,uBAAuB;SACxB,CAAC,CAAC;QAEH,IAAI,iCAAiC,CAAC,MAAM,KAAK,CAAC,EAAE;YAClD,OAAO,GAAG,CAAC,IAAI,YAAY,CAAC,IAAI,EAAE,oCAAoC,CAAC,CAAC,CAAC;SAC1E;QAED,MAAM,oBAAoB,GAAG,KAAK;aAC/B,YAAY,EAAE;aACd,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAErC,MAAM,kCAAkC,GACtC,4BAA4B,CAAC,MAAM,CACjC,CAAC,uBAAsC,EAAE,EAAE;YACzC,MAAM,EACJ,OAAO,EACP,KAAK,EAAE,EAAE,SAAS,EAAE,EACpB,OAAO,EAAE,WAAW,GACrB,GAAG,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;YAChD,IAAI,SAAS,KAAK,kBAAkB,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE;gBACtD,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,kBAAkB,EAAE,EAAE;oBACtD,OAAO,sBAAsB,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;gBAC7D,CAAC,CAAC,CAAC;aACJ;YAED,oEAAoE;YACpE,OAAO,KAAK;iBACT,yBAAyB,CAAC,WAAW,CAAC;iBACtC,IAAI,CAAC,CAAC,mBAAmB,EAAE,EAAE;gBAC5B,OAAO,uBAAuB,KAAK,mBAAmB,CAAC;YACzD,CAAC,CAAC,CAAC;QACP,CAAC,CACF,CAAC;QAEJ,MAAM,0BAA0B,GAAG;YACjC,cAAc,EAAE,uBAAuB,CAAC,uBAAuB,CAAC;YAChE,cAAc,EAAE,uBAAuB,CAAC,uBAAuB,CAAC;YAChE,kBAAkB,EAAE,IAAI;YACxB,iBAAiB,EAAE,yBAAyB;SAC7C,CAAC;QAEF,MAAM,+CAA+C,GACnD,oBAAoB,CAClB,0BAA0B,EAC1B,kCAAkC,CACnC,CAAC;QAEJ,MAAM,CAAC,kBAAkB,CAAC,GAAG,MAAM,KAAK,CAAC,2BAA2B,CAAC;YACnE,CAAC,6BAA6B,CAAC,EAAE;gBAC/B,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,gBAAgB;wBACtB,KAAK,EAAE,+CAA+C;qBACvD;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,wBAAwB,GAC5B,kBAAkB,CAAC,6BAA6B,CAAC,CAAC;QACpD,MAAM,yBAAyB,GAAG,wBAAwB,EAAE,OAAO,EAAE,IAAI,CACvE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,gBAAgB,CAC7C,EAAE,KAA0B,CAAC;QAC9B,IAAI,CAAC,yBAAyB,EAAE;YAC9B,MAAM,SAAS,CAAC,QAAQ,EAAE,CAAC;SAC5B;QAED,MAAM,aAAa,GAAG,gBAAgB,CAAC,yBAAyB,EAAE;YAChE,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QAEH,MAAM,EAAE,iBAAiB,EAAE,yBAAyB,GAAG,EAAE,EAAE,GACzD,yBAAyB,CAAC;QAE5B,KAAK,CAAC,wBAAwB,EAAE,CAAC,yBAAyB,CAAC,CAAC;QAE5D,GAAG,CAAC,MAAM,GAAG;YACX,aAAa;YACb,iBAAiB,EAAE,yBAAyB;SAC7C,CAAC;QACF,OAAO,GAAG,EAAE,CAAC;KACd;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;KACjB;AACH,CAAC;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,WAAW,EAAE,CAAC,sBAAsB,CAAC;IACrC,cAAc,EAAE,0BAA0B;IAC1C,SAAS,EAAE;QACT,4BAA4B,EAAE,IAAI;QAClC,YAAY,EAAE,IAAI;QAClB,2BAA2B,EAAE,IAAI;QACjC,yBAAyB,EAAE,IAAI;QAC/B,sBAAsB,EAAE,IAAI;QAC5B,yBAAyB,EAAE,IAAI;QAC/B,wBAAwB,EAAE,IAAI;KAC/B;CACF,CAAC","sourcesContent":["import {\n  Caip25CaveatType,\n  Caip25EndowmentPermissionName,\n  bucketScopes,\n  validateAndNormalizeScopes,\n  type Caip25Authorization,\n  getInternalScopesObject,\n  getSessionScopes,\n  type NormalizedScopesObject,\n  getSupportedScopeObjects,\n  type Caip25CaveatValue,\n  isKnownSessionPropertyValue,\n  getCaipAccountIdsFromScopesObjects,\n  getAllScopesFromScopesObjects,\n  setPermittedAccounts,\n} from '@metamask/chain-agnostic-permission';\nimport { isEqualCaseInsensitive } from '@metamask/controller-utils';\nimport type {\n  JsonRpcEngineEndCallback,\n  JsonRpcEngineNextCallback,\n} from '@metamask/json-rpc-engine';\nimport type { NetworkController } from '@metamask/network-controller';\nimport {\n  invalidParams,\n  type RequestedPermissions,\n} from '@metamask/permission-controller';\nimport { JsonRpcError, rpcErrors } from '@metamask/rpc-errors';\nimport {\n  type CaipAccountId,\n  type CaipChainId,\n  type Hex,\n  isPlainObject,\n  type Json,\n  type JsonRpcRequest,\n  type JsonRpcSuccess,\n  KnownCaipNamespace,\n  parseCaipAccountId,\n} from '@metamask/utils';\n\nimport type { GrantedPermissions } from './types';\n\n/**\n * Handler for the `wallet_createSession` RPC method which is responsible\n * for prompting for approval and granting a CAIP-25 permission.\n *\n * This implementation primarily deviates from the CAIP-25 handler\n * specification by treating all scopes as optional regardless of\n * if they were specified in `requiredScopes` or `optionalScopes`.\n * Additionally, provided scopes, methods, notifications, and\n * account values that are invalid/malformed are ignored rather than\n * causing an error to be returned.\n *\n * @param req - The request object.\n * @param res - The response object.\n * @param _next - The next middleware function.\n * @param end - The end function.\n * @param hooks - The hooks object.\n * @param hooks.listAccounts - The hook that returns an array of the wallet's evm accounts.\n * @param hooks.findNetworkClientIdByChainId - The hook that returns the networkClientId for a chainId.\n * @param hooks.requestPermissionsForOrigin - The hook that approves and grants requested permissions.\n * @param hooks.getNonEvmSupportedMethods - The hook that returns the supported methods for a non EVM scope.\n * @param hooks.isNonEvmScopeSupported - The hook that returns true if a non EVM scope is supported.\n * @param hooks.getNonEvmAccountAddresses - The hook that returns a list of CaipAccountIds that are supported for a CaipChainId.\n * @param hooks.trackSessionCreatedEvent - An optional hook for platform specific logic to run. Can be undefined.\n * @returns A promise with wallet_createSession handler\n */\nasync function walletCreateSessionHandler(\n  req: JsonRpcRequest<Caip25Authorization> & { origin: string },\n  res: JsonRpcSuccess<{\n    sessionScopes: NormalizedScopesObject;\n    sessionProperties?: Record<string, Json>;\n  }>,\n  _next: JsonRpcEngineNextCallback,\n  end: JsonRpcEngineEndCallback,\n  hooks: {\n    listAccounts: () => { address: string }[];\n    findNetworkClientIdByChainId: NetworkController['findNetworkClientIdByChainId'];\n    requestPermissionsForOrigin: (\n      requestedPermissions: RequestedPermissions,\n      metadata?: Record<string, Json>,\n    ) => Promise<[GrantedPermissions]>;\n    getNonEvmSupportedMethods: (scope: CaipChainId) => string[];\n    isNonEvmScopeSupported: (scope: CaipChainId) => boolean;\n    getNonEvmAccountAddresses: (scope: CaipChainId) => CaipAccountId[];\n    trackSessionCreatedEvent?: (\n      approvedCaip25CaveatValue: Caip25CaveatValue,\n    ) => void;\n  },\n) {\n  if (!isPlainObject(req.params)) {\n    return end(invalidParams({ data: { request: req } }));\n  }\n  const { requiredScopes, optionalScopes, sessionProperties } = req.params;\n\n  if (sessionProperties && Object.keys(sessionProperties).length === 0) {\n    return end(new JsonRpcError(5302, 'Invalid sessionProperties requested'));\n  }\n\n  const filteredSessionProperties = Object.fromEntries(\n    Object.entries(sessionProperties ?? {}).filter(([key]) =>\n      isKnownSessionPropertyValue(key),\n    ),\n  );\n\n  try {\n    const { normalizedRequiredScopes, normalizedOptionalScopes } =\n      validateAndNormalizeScopes(requiredScopes || {}, optionalScopes || {});\n\n    const requiredScopesWithSupportedMethodsAndNotifications =\n      getSupportedScopeObjects(normalizedRequiredScopes, {\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n      });\n    const optionalScopesWithSupportedMethodsAndNotifications =\n      getSupportedScopeObjects(normalizedOptionalScopes, {\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n      });\n\n    const networkClientExistsForChainId = (chainId: Hex) => {\n      try {\n        hooks.findNetworkClientIdByChainId(chainId);\n        return true;\n      } catch {\n        return false;\n      }\n    };\n\n    const { supportedScopes: supportedRequiredScopes } = bucketScopes(\n      requiredScopesWithSupportedMethodsAndNotifications,\n      {\n        isEvmChainIdSupported: networkClientExistsForChainId,\n        isEvmChainIdSupportable: () => false, // intended for future usage with eip3085 scopedProperties\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n        isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,\n      },\n    );\n\n    const { supportedScopes: supportedOptionalScopes } = bucketScopes(\n      optionalScopesWithSupportedMethodsAndNotifications,\n      {\n        isEvmChainIdSupported: networkClientExistsForChainId,\n        isEvmChainIdSupportable: () => false, // intended for future usage with eip3085 scopedProperties\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n        isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,\n      },\n    );\n\n    const allRequestedAccountAddresses = getCaipAccountIdsFromScopesObjects([\n      supportedRequiredScopes,\n      supportedOptionalScopes,\n    ]);\n\n    const allSupportedRequestedCaipChainIds = getAllScopesFromScopesObjects([\n      supportedRequiredScopes,\n      supportedOptionalScopes,\n    ]);\n\n    if (allSupportedRequestedCaipChainIds.length === 0) {\n      return end(new JsonRpcError(5100, 'Requested scopes are not supported'));\n    }\n\n    const existingEvmAddresses = hooks\n      .listAccounts()\n      .map((account) => account.address);\n\n    const supportedRequestedAccountAddresses =\n      allRequestedAccountAddresses.filter(\n        (requestedAccountAddress: CaipAccountId) => {\n          const {\n            address,\n            chain: { namespace },\n            chainId: caipChainId,\n          } = parseCaipAccountId(requestedAccountAddress);\n          if (namespace === KnownCaipNamespace.Eip155.toString()) {\n            return existingEvmAddresses.some((existingEvmAddress) => {\n              return isEqualCaseInsensitive(address, existingEvmAddress);\n            });\n          }\n\n          // If the namespace is not eip155 (EVM) we do a case sensitive check\n          return hooks\n            .getNonEvmAccountAddresses(caipChainId)\n            .some((existingCaipAddress) => {\n              return requestedAccountAddress === existingCaipAddress;\n            });\n        },\n      );\n\n    const requestedCaip25CaveatValue = {\n      requiredScopes: getInternalScopesObject(supportedRequiredScopes),\n      optionalScopes: getInternalScopesObject(supportedOptionalScopes),\n      isMultichainOrigin: true,\n      sessionProperties: filteredSessionProperties,\n    };\n\n    const requestedCaip25CaveatValueWithSupportedAccounts =\n      setPermittedAccounts(\n        requestedCaip25CaveatValue,\n        supportedRequestedAccountAddresses,\n      );\n\n    const [grantedPermissions] = await hooks.requestPermissionsForOrigin({\n      [Caip25EndowmentPermissionName]: {\n        caveats: [\n          {\n            type: Caip25CaveatType,\n            value: requestedCaip25CaveatValueWithSupportedAccounts,\n          },\n        ],\n      },\n    });\n\n    const approvedCaip25Permission =\n      grantedPermissions[Caip25EndowmentPermissionName];\n    const approvedCaip25CaveatValue = approvedCaip25Permission?.caveats?.find(\n      (caveat) => caveat.type === Caip25CaveatType,\n    )?.value as Caip25CaveatValue;\n    if (!approvedCaip25CaveatValue) {\n      throw rpcErrors.internal();\n    }\n\n    const sessionScopes = getSessionScopes(approvedCaip25CaveatValue, {\n      getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n    });\n\n    const { sessionProperties: approvedSessionProperties = {} } =\n      approvedCaip25CaveatValue;\n\n    hooks.trackSessionCreatedEvent?.(approvedCaip25CaveatValue);\n\n    res.result = {\n      sessionScopes,\n      sessionProperties: approvedSessionProperties,\n    };\n    return end();\n  } catch (err) {\n    return end(err);\n  }\n}\n\nexport const walletCreateSession = {\n  methodNames: ['wallet_createSession'],\n  implementation: walletCreateSessionHandler,\n  hookNames: {\n    findNetworkClientIdByChainId: true,\n    listAccounts: true,\n    requestPermissionsForOrigin: true,\n    getNonEvmSupportedMethods: true,\n    isNonEvmScopeSupported: true,\n    getNonEvmAccountAddresses: true,\n    trackSessionCreatedEvent: true,\n  },\n};\n"]}
+{"version":3,"file":"wallet-createSession.mjs","sourceRoot":"","sources":["../../src/handlers/wallet-createSession.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,6BAA6B,EAC7B,YAAY,EACZ,0BAA0B,EAE1B,uBAAuB,EACvB,gBAAgB,EAEhB,wBAAwB,EAExB,2BAA2B,EAC3B,kCAAkC,EAClC,6BAA6B,EAC7B,0CAA0C,EAC3C,4CAA4C;AAC7C,OAAO,EAAE,sBAAsB,EAAE,mCAAmC;AAMpE,OAAO,EACL,aAAa,EAEd,wCAAwC;AACzC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,6BAA6B;AAC/D,OAAO,EAIL,aAAa,EAIb,kBAAkB,EAClB,kBAAkB,EACnB,wBAAwB;AAIzB;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,KAAK,UAAU,0BAA0B,CACvC,GAA6D,EAC7D,GAGE,EACF,KAAgC,EAChC,GAA6B,EAC7B,KAaC;IAED,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;QAC9B,OAAO,GAAG,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;KACvD;IACD,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,iBAAiB,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAEzE,IAAI,iBAAiB,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;QACpE,OAAO,GAAG,CAAC,IAAI,YAAY,CAAC,IAAI,EAAE,qCAAqC,CAAC,CAAC,CAAC;KAC3E;IAED,MAAM,yBAAyB,GAAG,MAAM,CAAC,WAAW,CAClD,MAAM,CAAC,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CACvD,2BAA2B,CAAC,GAAG,CAAC,CACjC,CACF,CAAC;IAEF,IAAI;QACF,MAAM,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,GAC1D,0BAA0B,CAAC,cAAc,IAAI,EAAE,EAAE,cAAc,IAAI,EAAE,CAAC,CAAC;QAEzE,MAAM,kDAAkD,GACtD,wBAAwB,CAAC,wBAAwB,EAAE;YACjD,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QACL,MAAM,kDAAkD,GACtD,wBAAwB,CAAC,wBAAwB,EAAE;YACjD,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QAEL,MAAM,6BAA6B,GAAG,CAAC,OAAY,EAAE,EAAE;YACrD,IAAI;gBACF,KAAK,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;gBAC5C,OAAO,IAAI,CAAC;aACb;YAAC,MAAM;gBACN,OAAO,KAAK,CAAC;aACd;QACH,CAAC,CAAC;QAEF,MAAM,EAAE,eAAe,EAAE,uBAAuB,EAAE,GAAG,YAAY,CAC/D,kDAAkD,EAClD;YACE,qBAAqB,EAAE,6BAA6B;YACpD,uBAAuB,EAAE,GAAG,EAAE,CAAC,KAAK;YACpC,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;YAC1D,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;SACrD,CACF,CAAC;QAEF,MAAM,EAAE,eAAe,EAAE,uBAAuB,EAAE,GAAG,YAAY,CAC/D,kDAAkD,EAClD;YACE,qBAAqB,EAAE,6BAA6B;YACpD,uBAAuB,EAAE,GAAG,EAAE,CAAC,KAAK;YACpC,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;YAC1D,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;SACrD,CACF,CAAC;QAEF,MAAM,4BAA4B,GAAG,kCAAkC,CAAC;YACtE,uBAAuB;YACvB,uBAAuB;SACxB,CAAC,CAAC;QAEH,MAAM,iCAAiC,GAAG,6BAA6B,CAAC;YACtE,uBAAuB;YACvB,uBAAuB;SACxB,CAAC,CAAC;QAEH,IAAI,iCAAiC,CAAC,MAAM,KAAK,CAAC,EAAE;YAClD,OAAO,GAAG,CAAC,IAAI,YAAY,CAAC,IAAI,EAAE,oCAAoC,CAAC,CAAC,CAAC;SAC1E;QAED,MAAM,oBAAoB,GAAG,KAAK;aAC/B,YAAY,EAAE;aACd,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAErC,MAAM,kCAAkC,GACtC,4BAA4B,CAAC,MAAM,CACjC,CAAC,uBAAsC,EAAE,EAAE;YACzC,MAAM,EACJ,OAAO,EACP,KAAK,EAAE,EAAE,SAAS,EAAE,EACpB,OAAO,EAAE,WAAW,GACrB,GAAG,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;YAChD,IAAI,SAAS,KAAK,kBAAkB,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE;gBACtD,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,kBAAkB,EAAE,EAAE;oBACtD,OAAO,sBAAsB,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;gBAC7D,CAAC,CAAC,CAAC;aACJ;YAED,oEAAoE;YACpE,OAAO,KAAK;iBACT,yBAAyB,CAAC,WAAW,CAAC;iBACtC,IAAI,CAAC,CAAC,mBAAmB,EAAE,EAAE;gBAC5B,OAAO,uBAAuB,KAAK,mBAAmB,CAAC;YACzD,CAAC,CAAC,CAAC;QACP,CAAC,CACF,CAAC;QAEJ,MAAM,0BAA0B,GAAG;YACjC,cAAc,EAAE,uBAAuB,CAAC,uBAAuB,CAAC;YAChE,cAAc,EAAE,uBAAuB,CAAC,uBAAuB,CAAC;YAChE,kBAAkB,EAAE,IAAI;YACxB,iBAAiB,EAAE,yBAAyB;SAC7C,CAAC;QAEF,MAAM,+CAA+C,GACnD,0CAA0C,CACxC,0BAA0B,EAC1B,kCAAkC,CACnC,CAAC;QAEJ,MAAM,CAAC,kBAAkB,CAAC,GAAG,MAAM,KAAK,CAAC,2BAA2B,CAAC;YACnE,CAAC,6BAA6B,CAAC,EAAE;gBAC/B,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,gBAAgB;wBACtB,KAAK,EAAE,+CAA+C;qBACvD;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,wBAAwB,GAC5B,kBAAkB,CAAC,6BAA6B,CAAC,CAAC;QACpD,MAAM,yBAAyB,GAAG,wBAAwB,EAAE,OAAO,EAAE,IAAI,CACvE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,gBAAgB,CAC7C,EAAE,KAA0B,CAAC;QAC9B,IAAI,CAAC,yBAAyB,EAAE;YAC9B,MAAM,SAAS,CAAC,QAAQ,EAAE,CAAC;SAC5B;QAED,MAAM,aAAa,GAAG,gBAAgB,CAAC,yBAAyB,EAAE;YAChE,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;SAC3D,CAAC,CAAC;QAEH,MAAM,EAAE,iBAAiB,EAAE,yBAAyB,GAAG,EAAE,EAAE,GACzD,yBAAyB,CAAC;QAE5B,KAAK,CAAC,wBAAwB,EAAE,CAAC,yBAAyB,CAAC,CAAC;QAE5D,GAAG,CAAC,MAAM,GAAG;YACX,aAAa;YACb,iBAAiB,EAAE,yBAAyB;SAC7C,CAAC;QACF,OAAO,GAAG,EAAE,CAAC;KACd;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;KACjB;AACH,CAAC;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,WAAW,EAAE,CAAC,sBAAsB,CAAC;IACrC,cAAc,EAAE,0BAA0B;IAC1C,SAAS,EAAE;QACT,4BAA4B,EAAE,IAAI;QAClC,YAAY,EAAE,IAAI;QAClB,2BAA2B,EAAE,IAAI;QACjC,yBAAyB,EAAE,IAAI;QAC/B,sBAAsB,EAAE,IAAI;QAC5B,yBAAyB,EAAE,IAAI;QAC/B,wBAAwB,EAAE,IAAI;KAC/B;CACF,CAAC","sourcesContent":["import {\n  Caip25CaveatType,\n  Caip25EndowmentPermissionName,\n  bucketScopes,\n  validateAndNormalizeScopes,\n  type Caip25Authorization,\n  getInternalScopesObject,\n  getSessionScopes,\n  type NormalizedScopesObject,\n  getSupportedScopeObjects,\n  type Caip25CaveatValue,\n  isKnownSessionPropertyValue,\n  getCaipAccountIdsFromScopesObjects,\n  getAllScopesFromScopesObjects,\n  setNonSCACaipAccountIdsInCaip25CaveatValue,\n} from '@metamask/chain-agnostic-permission';\nimport { isEqualCaseInsensitive } from '@metamask/controller-utils';\nimport type {\n  JsonRpcEngineEndCallback,\n  JsonRpcEngineNextCallback,\n} from '@metamask/json-rpc-engine';\nimport type { NetworkController } from '@metamask/network-controller';\nimport {\n  invalidParams,\n  type RequestedPermissions,\n} from '@metamask/permission-controller';\nimport { JsonRpcError, rpcErrors } from '@metamask/rpc-errors';\nimport {\n  type CaipAccountId,\n  type CaipChainId,\n  type Hex,\n  isPlainObject,\n  type Json,\n  type JsonRpcRequest,\n  type JsonRpcSuccess,\n  KnownCaipNamespace,\n  parseCaipAccountId,\n} from '@metamask/utils';\n\nimport type { GrantedPermissions } from './types';\n\n/**\n * Handler for the `wallet_createSession` RPC method which is responsible\n * for prompting for approval and granting a CAIP-25 permission.\n *\n * This implementation primarily deviates from the CAIP-25 handler\n * specification by treating all scopes as optional regardless of\n * if they were specified in `requiredScopes` or `optionalScopes`.\n * Additionally, provided scopes, methods, notifications, and\n * account values that are invalid/malformed are ignored rather than\n * causing an error to be returned.\n *\n * @param req - The request object.\n * @param res - The response object.\n * @param _next - The next middleware function.\n * @param end - The end function.\n * @param hooks - The hooks object.\n * @param hooks.listAccounts - The hook that returns an array of the wallet's evm accounts.\n * @param hooks.findNetworkClientIdByChainId - The hook that returns the networkClientId for a chainId.\n * @param hooks.requestPermissionsForOrigin - The hook that approves and grants requested permissions.\n * @param hooks.getNonEvmSupportedMethods - The hook that returns the supported methods for a non EVM scope.\n * @param hooks.isNonEvmScopeSupported - The hook that returns true if a non EVM scope is supported.\n * @param hooks.getNonEvmAccountAddresses - The hook that returns a list of CaipAccountIds that are supported for a CaipChainId.\n * @param hooks.trackSessionCreatedEvent - An optional hook for platform specific logic to run. Can be undefined.\n * @returns A promise with wallet_createSession handler\n */\nasync function walletCreateSessionHandler(\n  req: JsonRpcRequest<Caip25Authorization> & { origin: string },\n  res: JsonRpcSuccess<{\n    sessionScopes: NormalizedScopesObject;\n    sessionProperties?: Record<string, Json>;\n  }>,\n  _next: JsonRpcEngineNextCallback,\n  end: JsonRpcEngineEndCallback,\n  hooks: {\n    listAccounts: () => { address: string }[];\n    findNetworkClientIdByChainId: NetworkController['findNetworkClientIdByChainId'];\n    requestPermissionsForOrigin: (\n      requestedPermissions: RequestedPermissions,\n      metadata?: Record<string, Json>,\n    ) => Promise<[GrantedPermissions]>;\n    getNonEvmSupportedMethods: (scope: CaipChainId) => string[];\n    isNonEvmScopeSupported: (scope: CaipChainId) => boolean;\n    getNonEvmAccountAddresses: (scope: CaipChainId) => CaipAccountId[];\n    trackSessionCreatedEvent?: (\n      approvedCaip25CaveatValue: Caip25CaveatValue,\n    ) => void;\n  },\n) {\n  if (!isPlainObject(req.params)) {\n    return end(invalidParams({ data: { request: req } }));\n  }\n  const { requiredScopes, optionalScopes, sessionProperties } = req.params;\n\n  if (sessionProperties && Object.keys(sessionProperties).length === 0) {\n    return end(new JsonRpcError(5302, 'Invalid sessionProperties requested'));\n  }\n\n  const filteredSessionProperties = Object.fromEntries(\n    Object.entries(sessionProperties ?? {}).filter(([key]) =>\n      isKnownSessionPropertyValue(key),\n    ),\n  );\n\n  try {\n    const { normalizedRequiredScopes, normalizedOptionalScopes } =\n      validateAndNormalizeScopes(requiredScopes || {}, optionalScopes || {});\n\n    const requiredScopesWithSupportedMethodsAndNotifications =\n      getSupportedScopeObjects(normalizedRequiredScopes, {\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n      });\n    const optionalScopesWithSupportedMethodsAndNotifications =\n      getSupportedScopeObjects(normalizedOptionalScopes, {\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n      });\n\n    const networkClientExistsForChainId = (chainId: Hex) => {\n      try {\n        hooks.findNetworkClientIdByChainId(chainId);\n        return true;\n      } catch {\n        return false;\n      }\n    };\n\n    const { supportedScopes: supportedRequiredScopes } = bucketScopes(\n      requiredScopesWithSupportedMethodsAndNotifications,\n      {\n        isEvmChainIdSupported: networkClientExistsForChainId,\n        isEvmChainIdSupportable: () => false, // intended for future usage with eip3085 scopedProperties\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n        isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,\n      },\n    );\n\n    const { supportedScopes: supportedOptionalScopes } = bucketScopes(\n      optionalScopesWithSupportedMethodsAndNotifications,\n      {\n        isEvmChainIdSupported: networkClientExistsForChainId,\n        isEvmChainIdSupportable: () => false, // intended for future usage with eip3085 scopedProperties\n        getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n        isNonEvmScopeSupported: hooks.isNonEvmScopeSupported,\n      },\n    );\n\n    const allRequestedAccountAddresses = getCaipAccountIdsFromScopesObjects([\n      supportedRequiredScopes,\n      supportedOptionalScopes,\n    ]);\n\n    const allSupportedRequestedCaipChainIds = getAllScopesFromScopesObjects([\n      supportedRequiredScopes,\n      supportedOptionalScopes,\n    ]);\n\n    if (allSupportedRequestedCaipChainIds.length === 0) {\n      return end(new JsonRpcError(5100, 'Requested scopes are not supported'));\n    }\n\n    const existingEvmAddresses = hooks\n      .listAccounts()\n      .map((account) => account.address);\n\n    const supportedRequestedAccountAddresses =\n      allRequestedAccountAddresses.filter(\n        (requestedAccountAddress: CaipAccountId) => {\n          const {\n            address,\n            chain: { namespace },\n            chainId: caipChainId,\n          } = parseCaipAccountId(requestedAccountAddress);\n          if (namespace === KnownCaipNamespace.Eip155.toString()) {\n            return existingEvmAddresses.some((existingEvmAddress) => {\n              return isEqualCaseInsensitive(address, existingEvmAddress);\n            });\n          }\n\n          // If the namespace is not eip155 (EVM) we do a case sensitive check\n          return hooks\n            .getNonEvmAccountAddresses(caipChainId)\n            .some((existingCaipAddress) => {\n              return requestedAccountAddress === existingCaipAddress;\n            });\n        },\n      );\n\n    const requestedCaip25CaveatValue = {\n      requiredScopes: getInternalScopesObject(supportedRequiredScopes),\n      optionalScopes: getInternalScopesObject(supportedOptionalScopes),\n      isMultichainOrigin: true,\n      sessionProperties: filteredSessionProperties,\n    };\n\n    const requestedCaip25CaveatValueWithSupportedAccounts =\n      setNonSCACaipAccountIdsInCaip25CaveatValue(\n        requestedCaip25CaveatValue,\n        supportedRequestedAccountAddresses,\n      );\n\n    const [grantedPermissions] = await hooks.requestPermissionsForOrigin({\n      [Caip25EndowmentPermissionName]: {\n        caveats: [\n          {\n            type: Caip25CaveatType,\n            value: requestedCaip25CaveatValueWithSupportedAccounts,\n          },\n        ],\n      },\n    });\n\n    const approvedCaip25Permission =\n      grantedPermissions[Caip25EndowmentPermissionName];\n    const approvedCaip25CaveatValue = approvedCaip25Permission?.caveats?.find(\n      (caveat) => caveat.type === Caip25CaveatType,\n    )?.value as Caip25CaveatValue;\n    if (!approvedCaip25CaveatValue) {\n      throw rpcErrors.internal();\n    }\n\n    const sessionScopes = getSessionScopes(approvedCaip25CaveatValue, {\n      getNonEvmSupportedMethods: hooks.getNonEvmSupportedMethods,\n    });\n\n    const { sessionProperties: approvedSessionProperties = {} } =\n      approvedCaip25CaveatValue;\n\n    hooks.trackSessionCreatedEvent?.(approvedCaip25CaveatValue);\n\n    res.result = {\n      sessionScopes,\n      sessionProperties: approvedSessionProperties,\n    };\n    return end();\n  } catch (err) {\n    return end(err);\n  }\n}\n\nexport const walletCreateSession = {\n  methodNames: ['wallet_createSession'],\n  implementation: walletCreateSessionHandler,\n  hookNames: {\n    findNetworkClientIdByChainId: true,\n    listAccounts: true,\n    requestPermissionsForOrigin: true,\n    getNonEvmSupportedMethods: true,\n    isNonEvmScopeSupported: true,\n    getNonEvmAccountAddresses: true,\n    trackSessionCreatedEvent: true,\n  },\n};\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@metamask/multichain-api-middleware",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "JSON-RPC methods and middleware to support the MetaMask Multichain API",
   "keywords": [
     "MetaMask",
@@ -47,11 +47,11 @@
     "test:watch": "NODE_OPTIONS=--experimental-vm-modules jest --watch"
   },
   "dependencies": {
-    "@metamask/api-specs": "^0.10.12",
-    "@metamask/chain-agnostic-permission": "^0.4.0",
-    "@metamask/controller-utils": "^11.7.0",
+    "@metamask/api-specs": "^0.14.0",
+    "@metamask/chain-agnostic-permission": "^0.7.0",
+    "@metamask/controller-utils": "^11.9.0",
     "@metamask/json-rpc-engine": "^10.0.3",
-    "@metamask/network-controller": "^23.2.0",
+    "@metamask/network-controller": "^23.5.0",
     "@metamask/permission-controller": "^11.0.6",
     "@metamask/rpc-errors": "^7.0.2",
     "@metamask/utils": "^11.2.0",
@@ -62,7 +62,7 @@
   "devDependencies": {
     "@metamask/auto-changelog": "^3.4.4",
     "@metamask/eth-json-rpc-filters": "^9.0.0",
-    "@metamask/multichain-transactions-controller": "^0.9.0",
+    "@metamask/multichain-transactions-controller": "^0.11.0",
     "@metamask/safe-event-emitter": "^3.0.0",
     "@types/jest": "^27.4.1",
     "deepmerge": "^4.2.2",