@metamask/permission-controller 11.1.0 → 12.0.0

package/CHANGELOG.md

@@ -7,6 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [12.0.0]
+
+### Changed
+
+- **BREAKING:** Use new `Messenger` from `@metamask/messenger` ([#6537](https://github.com/MetaMask/core/pull/6537))
+  - Previously, `PermissionController` and `SubjectMetadataController` accepted a `RestrictedMessenger` instance from `@metamask/base-controller`.
+- **BREAKING:** Metadata property `anonymous` renamed to `includeInDebugSnapshot` ([#6537](https://github.com/MetaMask/core/pull/6537))
+- **BREAKING:** Bump `@metamask/approval-controller` from `^7.0.0` to `^8.0.0` ([#6962](https://github.com/MetaMask/core/pull/6962))
+- Bump `@metamask/base-controller` from `^8.4.2` to `^9.0.0` ([#6962](https://github.com/MetaMask/core/pull/6962))
+
+## [11.1.1]
+
+### Changed
+
+- Bump `@metamask/base-controller` from `^8.4.1` to `^8.4.2` ([#6917](https://github.com/MetaMask/core/pull/6917))
+
 ## [11.1.0]
 
 ### Added
@@ -343,7 +359,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
     All changes listed after this point were applied to this package following the monorepo conversion.
 
-[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@11.1.0...HEAD
+[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@12.0.0...HEAD
+[12.0.0]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@11.1.1...@metamask/permission-controller@12.0.0
+[11.1.1]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@11.1.0...@metamask/permission-controller@11.1.1
 [11.1.0]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@11.0.6...@metamask/permission-controller@11.1.0
 [11.0.6]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@11.0.5...@metamask/permission-controller@11.0.6
 [11.0.5]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@11.0.4...@metamask/permission-controller@11.0.5

package/dist/Permission.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"Permission.cjs","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":";;;AAMA,mCAAgC;AAkJhC;;;;;;;;GAQG;AACH,SAAgB,mBAAmB,CAEjC,OAA4C;IAC5C,MAAM,EAAE,OAAO,GAAG,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAEpD,OAAO;QACL,EAAE,EAAE,IAAA,eAAM,GAAE;QACZ,gBAAgB,EAAE,MAAM;QACxB,OAAO;QACP,OAAO;QACP,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE;KACP,CAAC;AACxB,CAAC;AAZD,kDAYC;AAED;;;;;;GAMG;AACH,SAAgB,UAAU,CACxB,UAAgC,EAChC,UAAkB;IAElB,OAAO,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;AAC1E,CAAC;AALD,gCAKC;AAgKD;;GAEG;AACH,IAAY,cAYX;AAZD,WAAY,cAAc;IACxB;;;OAGG;IACH,uDAAqC,CAAA;IAErC;;;OAGG;IACH,yCAAuB,CAAA;AACzB,CAAC,EAZW,cAAc,8BAAd,cAAc,QAYzB;AA0MD;;;;;;;;GAQG;AACH,SAAgB,oBAAoB,CAIlC,aAA4B,EAC5B,YAAkB;IAIlB,OAAO,aAAa,CAAC,cAAc,KAAK,YAAY,CAAC;AACvD,CAAC;AAVD,oDAUC","sourcesContent":["import type {\n  ActionConstraint,\n  EventConstraint,\n} from '@metamask/base-controller';\nimport type { NonEmptyArray } from '@metamask/controller-utils';\nimport type { Json } from '@metamask/utils';\nimport { nanoid } from 'nanoid';\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nimport type { CaveatConstraint, Caveat } from './Caveat';\nimport type {\n  // eslint-disable-next-line @typescript-eslint/no-unused-vars\n  PermissionController,\n  PermissionsRequest,\n  SideEffectMessenger,\n} from './PermissionController';\nimport type { SubjectType } from './SubjectMetadataController';\n\n/**\n * The origin of a subject.\n * Effectively the GUID of an entity that can have permissions.\n */\nexport type OriginString = string;\n\n/**\n * The name of a permission target.\n */\ntype TargetName = string;\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n */\nexport type PermissionConstraint = {\n  /**\n   * The context(s) in which this capability is meaningful.\n   *\n   * It is required by the standard, but we make it optional since there is only\n   * one context in our usage (i.e. the user's MetaMask instance).\n   */\n  readonly '@context'?: NonEmptyArray<string>;\n\n  /**\n   * The caveats of the permission.\n   *\n   * @see {@link Caveat} For more information.\n   */\n  readonly caveats: null | NonEmptyArray<CaveatConstraint>;\n\n  /**\n   * The creation date of the permission, in UNIX epoch time.\n   */\n  readonly date: number;\n\n  /**\n   * The GUID of the permission object.\n   */\n  readonly id: string;\n\n  /**\n   * The origin string of the subject that has the permission.\n   */\n  readonly invoker: OriginString;\n\n  /**\n   * A pointer to the resource that possession of the capability grants\n   * access to, for example a JSON-RPC method or endowment.\n   */\n  readonly parentCapability: string;\n};\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n *\n * @template Name - The name of the permission that the target corresponds to.\n * @template AllowedCaveat - A union of the allowed {@link Caveat} types\n * for the permission.\n */\nexport type ValidPermission<\n  Name extends TargetName,\n  AllowedCaveat extends CaveatConstraint,\n> = PermissionConstraint & {\n  /**\n   * The caveats of the permission.\n   *\n   * @see {@link Caveat} For more information.\n   */\n  readonly caveats: AllowedCaveat extends never\n    ? null\n    : NonEmptyArray<AllowedCaveat> | null;\n\n  /**\n   * A pointer to the resource that possession of the capability grants\n   * access to, for example a JSON-RPC method or endowment.\n   */\n  readonly parentCapability: Name;\n};\n\n/**\n * Internal utility for extracting the members types of an array. The type\n * evalutes to `never` if the specified type is the empty tuple or neither\n * an array nor a tuple.\n *\n * @template ArrayType - The array type whose members to extract.\n */\ntype ExtractArrayMembers<ArrayType> = ArrayType extends []\n  ? never\n  : ArrayType extends unknown[] | readonly unknown[]\n  ? ArrayType[number]\n  : never;\n\n/**\n * A utility type for extracting the allowed caveat types for a particular\n * permission from a permission specification type.\n *\n * @template PermissionSpecification - The permission specification type to\n * extract valid caveat types from.\n */\nexport type ExtractAllowedCaveatTypes<\n  PermissionSpecification extends PermissionSpecificationConstraint,\n> = ExtractArrayMembers<PermissionSpecification['allowedCaveats']>;\n\n/**\n * The options object of {@link constructPermission}.\n *\n * @template TargetPermission - The {@link Permission} that will be constructed.\n */\nexport type PermissionOptions<TargetPermission extends PermissionConstraint> = {\n  target: TargetPermission['parentCapability'];\n  /**\n   * The origin string of the subject that has the permission.\n   */\n  invoker: OriginString;\n\n  /**\n   * The caveats of the permission.\n   * See {@link Caveat}.\n   */\n  caveats?: NonEmptyArray<CaveatConstraint>;\n};\n\n/**\n * The default permission factory function. Naively constructs a permission from\n * the inputs. Sets a default, random `id` if none is provided.\n *\n * @see {@link Permission} For more details.\n * @template TargetPermission- - The {@link Permission} that will be constructed.\n * @param options - The options for the permission.\n * @returns The new permission object.\n */\nexport function constructPermission<\n  TargetPermission extends PermissionConstraint,\n>(options: PermissionOptions<TargetPermission>): TargetPermission {\n  const { caveats = null, invoker, target } = options;\n\n  return {\n    id: nanoid(),\n    parentCapability: target,\n    invoker,\n    caveats,\n    date: new Date().getTime(),\n  } as TargetPermission;\n}\n\n/**\n * Gets the caveat of the specified type belonging to the specified permission.\n *\n * @param permission - The permission whose caveat to retrieve.\n * @param caveatType - The type of the caveat to retrieve.\n * @returns The caveat, or undefined if no such caveat exists.\n */\nexport function findCaveat(\n  permission: PermissionConstraint,\n  caveatType: string,\n): CaveatConstraint | undefined {\n  return permission.caveats?.find((caveat) => caveat.type === caveatType);\n}\n\n/**\n * A requested permission object. Just an object with any of the properties\n * of a {@link PermissionConstraint} object.\n */\ntype RequestedPermission = Partial<PermissionConstraint>;\n\n/**\n * A record of target names and their {@link RequestedPermission} objects.\n */\nexport type RequestedPermissions = Record<TargetName, RequestedPermission>;\n\n/**\n * The restricted method context object. Essentially a way to pass internal\n * arguments to restricted methods and caveat functions, most importantly the\n * requesting origin.\n */\ntype RestrictedMethodContext = Readonly<{\n  origin: OriginString;\n  [key: string]: unknown;\n}>;\n\nexport type RestrictedMethodParameters = Json[] | Record<string, Json>;\n\n/**\n * The arguments passed to a restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n */\nexport type RestrictedMethodOptions<\n  Params extends RestrictedMethodParameters | null,\n> = {\n  method: TargetName;\n  params?: Params;\n  context: RestrictedMethodContext;\n};\n\n/**\n * A synchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type SyncRestrictedMethod<\n  Params extends RestrictedMethodParameters,\n  Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Result;\n\n/**\n * An asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type AsyncRestrictedMethod<\n  Params extends RestrictedMethodParameters,\n  Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Promise<Result>;\n\n/**\n * A synchronous or asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type RestrictedMethod<\n  Params extends RestrictedMethodParameters,\n  Result extends Json,\n> =\n  | SyncRestrictedMethod<Params, Result>\n  | AsyncRestrictedMethod<Params, Result>;\n\nexport type ValidRestrictedMethod<\n  MethodImplementation extends RestrictedMethod<\n    RestrictedMethodParameters,\n    Json\n  >,\n> = MethodImplementation extends (args: infer Options) => Json | Promise<Json>\n  ? Options extends RestrictedMethodOptions<RestrictedMethodParameters>\n    ? MethodImplementation\n    : never\n  : never;\n\n/**\n * {@link EndowmentGetter} parameter object.\n */\nexport type EndowmentGetterParams = {\n  /**\n   * The origin of the requesting subject.\n   */\n  origin: string;\n\n  /**\n   * Any additional data associated with the request.\n   */\n  requestData?: unknown;\n\n  [key: string]: unknown;\n};\n\n/**\n * A synchronous or asynchronous function that gets the endowments for a\n * particular endowment permission. The getter receives the origin of the\n * requesting subject and, optionally, additional request metadata.\n */\nexport type EndowmentGetter<Endowments extends Json> = (\n  options: EndowmentGetterParams,\n) => Endowments | Promise<Endowments>;\n\nexport type PermissionFactory<\n  TargetPermission extends PermissionConstraint,\n  RequestData extends Record<string, unknown>,\n> = (\n  options: PermissionOptions<TargetPermission>,\n  requestData?: RequestData,\n) => TargetPermission;\n\nexport type PermissionValidatorConstraint = (\n  permission: PermissionConstraint,\n  origin?: OriginString,\n  target?: string,\n) => void;\n\n/**\n * The parameters passed to the side-effect function.\n */\nexport type SideEffectParams<\n  Actions extends ActionConstraint,\n  Events extends EventConstraint,\n> = {\n  requestData: PermissionsRequest;\n  messagingSystem: SideEffectMessenger<Actions, Events>;\n};\n\n/**\n * A function that will execute actions as a permission side-effect.\n */\nexport type SideEffectHandler<\n  Actions extends ActionConstraint,\n  Events extends EventConstraint,\n> = (params: SideEffectParams<Actions, Events>) => Promise<unknown>;\n\n/**\n * The permissions side effects.\n */\nexport type PermissionSideEffect<\n  Actions extends ActionConstraint,\n  Events extends EventConstraint,\n> = {\n  /**\n   * A method triggered when the permission is accepted by the user\n   */\n  onPermitted: SideEffectHandler<Actions, Events>;\n  /**\n   * A method triggered if a `onPermitted` method rejected.\n   */\n  onFailure?: SideEffectHandler<Actions, Events>;\n};\n\n/**\n * The different possible types of permissions.\n */\nexport enum PermissionType {\n  /**\n   * A restricted JSON-RPC method. A subject must have the requisite permission\n   * to call a restricted JSON-RPC method.\n   */\n  RestrictedMethod = 'RestrictedMethod',\n\n  /**\n   * An \"endowment\" granted to subjects that possess the requisite permission,\n   * such as a global environment variable exposing a restricted API, etc.\n   */\n  Endowment = 'Endowment',\n}\n\n/**\n * The base constraint for permission specification objects. Every\n * {@link Permission} supported by a {@link PermissionController} must have an\n * associated specification, which is the source of truth for all permission-\n * related types. A permission specification includes the list of permitted\n * caveats, and any factory and validation functions specified by the consumer.\n * A concrete permission specification may specify further fields as necessary.\n *\n * See the README for more details.\n */\ntype PermissionSpecificationBase<Type extends PermissionType> = {\n  /**\n   * The type of the specified permission.\n   */\n  permissionType: Type;\n\n  /**\n   * The name of the target resource of the permission.\n   */\n  targetName: string;\n\n  /**\n   * An array of the caveat types that may be added to instances of this\n   * permission.\n   */\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n\n  /**\n   * The factory function used to get permission objects. Permissions returned\n   * by this function are presumed to valid, and they will not be passed to the\n   * validator function associated with this specification (if any). In other\n   * words, the factory function should validate the permissions it creates.\n   *\n   * If no factory is specified, the {@link Permission} constructor will be\n   * used, and the validator function (if specified) will be called on newly\n   * constructed permissions.\n   */\n  // TODO: Replace `any` with type\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  factory?: PermissionFactory<any, Record<string, unknown>>;\n\n  /**\n   * The validator function used to validate permissions of the associated type\n   * whenever they are granted or their caveat arrays are mutated.\n   *\n   * Permission validators are **not** invoked when a caveat is mutated, provided\n   * the caveat array has not changed. For this reason, permission validators\n   * **must not** be used to validate caveats. To validate caveats, use the\n   * corresponding caveat specification property.\n   *\n   * The validator should throw an appropriate JSON-RPC error if validation fails.\n   */\n  validator?: PermissionValidatorConstraint;\n\n  /**\n   * The side-effect triggered by the {@link PermissionController} once the user approved it.\n   * The side-effect can only be an action allowed to be called inside the {@link PermissionController}.\n   *\n   * If the side-effect action fails, the permission that triggered it is revoked.\n   */\n  sideEffect?: PermissionSideEffect<ActionConstraint, EventConstraint>;\n\n  /**\n   * The Permission may be available to only a subset of the subject types. If so, specify the subject types as an array.\n   * If a subject with a type not in this array tries to request the permission, the call will fail.\n   *\n   * Leaving this as undefined uses default behaviour where the permission is available to request for all subject types.\n   */\n  subjectTypes?: readonly SubjectType[];\n};\n\n/**\n * The constraint for restricted method permission specification objects.\n * Permissions that correspond to JSON-RPC methods are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type RestrictedMethodSpecificationConstraint =\n  PermissionSpecificationBase<PermissionType.RestrictedMethod> & {\n    /**\n     * The implementation of the restricted method that the permission\n     * corresponds to.\n     */\n    // TODO: Replace `any` with type\n    // eslint-disable-next-line @typescript-eslint/no-explicit-any\n    methodImplementation: RestrictedMethod<any, Json>;\n  };\n\n/**\n * The constraint for endowment permission specification objects. Permissions\n * that endow callers with some restricted resource are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type EndowmentSpecificationConstraint =\n  PermissionSpecificationBase<PermissionType.Endowment> & {\n    /**\n     * The {@link EndowmentGetter} function for the permission. This function\n     * will be called by the {@link PermissionController} whenever the\n     * permission is invoked, after which the host can apply the endowments to\n     * the requesting subject in the intended manner.\n     */\n    endowmentGetter: EndowmentGetter<Json>;\n  };\n\n/**\n * The constraint for permission specification objects. Every {@link Permission}\n * supported by a {@link PermissionController} must have an associated\n * specification, which is the source of truth for all permission-related types.\n * All specifications must adhere to the {@link PermissionSpecificationBase}\n * interface, but specifications may have different fields depending on the\n * {@link PermissionType}.\n *\n * See the README for more details.\n */\nexport type PermissionSpecificationConstraint =\n  | EndowmentSpecificationConstraint\n  | RestrictedMethodSpecificationConstraint;\n\n/**\n * Options for {@link PermissionSpecificationBuilder} functions.\n */\ntype PermissionSpecificationBuilderOptions<\n  FactoryHooks extends Record<string, unknown>,\n  MethodHooks extends Record<string, unknown>,\n  ValidatorHooks extends Record<string, unknown>,\n> = {\n  targetName?: string;\n  allowedCaveats?: Readonly<NonEmptyArray<string>> | null;\n  factoryHooks?: FactoryHooks;\n  methodHooks?: MethodHooks;\n  validatorHooks?: ValidatorHooks;\n};\n\n/**\n * A function that builds a permission specification. Modules that specify\n * permissions for external consumption should make this their primary /\n * default export so that host applications can use them to generate concrete\n * specifications tailored to their requirements.\n */\nexport type PermissionSpecificationBuilder<\n  Type extends PermissionType,\n  Options extends PermissionSpecificationBuilderOptions<\n    Record<string, unknown>,\n    Record<string, unknown>,\n    Record<string, unknown>\n  >,\n  Specification extends PermissionSpecificationConstraint & {\n    permissionType: Type;\n  },\n> = (options: Options) => Specification;\n\n/**\n * A restricted method permission export object, containing the\n * {@link PermissionSpecificationBuilder} function and \"hook name\" objects.\n */\nexport type PermissionSpecificationBuilderExportConstraint = {\n  targetName: string;\n  specificationBuilder: PermissionSpecificationBuilder<\n    PermissionType,\n    PermissionSpecificationBuilderOptions<\n      Record<string, unknown>,\n      Record<string, unknown>,\n      Record<string, unknown>\n    >,\n    PermissionSpecificationConstraint\n  >;\n  factoryHookNames?: Record<string, true>;\n  methodHookNames?: Record<string, true>;\n  validatorHookNames?: Record<string, true>;\n};\n\ntype ValidRestrictedMethodSpecification<\n  Specification extends RestrictedMethodSpecificationConstraint,\n> = Specification['methodImplementation'] extends ValidRestrictedMethod<\n  Specification['methodImplementation']\n>\n  ? Specification\n  : never;\n\n/**\n * Constraint for {@link PermissionSpecificationConstraint} objects that\n * evaluates to `never` if the specification contains any invalid fields.\n *\n * @template Specification - The permission specification to validate.\n */\nexport type ValidPermissionSpecification<\n  Specification extends PermissionSpecificationConstraint,\n> = Specification['targetName'] extends TargetName\n  ? Specification['permissionType'] extends PermissionType.Endowment\n    ? Specification\n    : Specification['permissionType'] extends PermissionType.RestrictedMethod\n    ? ValidRestrictedMethodSpecification<\n        Extract<Specification, RestrictedMethodSpecificationConstraint>\n      >\n    : never\n  : never;\n\n/**\n * Checks that the specification has the expected permission type.\n *\n * @param specification - The specification to check.\n * @param expectedType - The expected permission type.\n * @template Specification - The specification to check.\n * @template Type - The expected permission type.\n * @returns Whether or not the specification is of the expected type.\n */\nexport function hasSpecificationType<\n  Specification extends PermissionSpecificationConstraint,\n  Type extends PermissionType,\n>(\n  specification: Specification,\n  expectedType: Type,\n): specification is Specification & {\n  permissionType: Type;\n} {\n  return specification.permissionType === expectedType;\n}\n\n/**\n * The specifications for all permissions supported by a particular\n * {@link PermissionController}.\n *\n * @template Specifications - The union of all {@link PermissionSpecificationConstraint} types.\n */\nexport type PermissionSpecificationMap<\n  Specification extends PermissionSpecificationConstraint,\n> = {\n  [Name in Specification['targetName']]: Specification extends {\n    targetName: Name;\n  }\n    ? Specification\n    : never;\n};\n\n/**\n * Extracts a specific {@link PermissionSpecificationConstraint} from a union of\n * permission specifications.\n *\n * @template Specification - The specification union type to extract from.\n * @template Name - The `targetName` of the specification to extract.\n */\nexport type ExtractPermissionSpecification<\n  Specification extends PermissionSpecificationConstraint,\n  Name extends Specification['targetName'],\n> = Specification extends {\n  targetName: Name;\n}\n  ? Specification\n  : never;\n"]}
+{"version":3,"file":"Permission.cjs","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":";;;AAGA,mCAAgC;AAkJhC;;;;;;;;GAQG;AACH,SAAgB,mBAAmB,CAEjC,OAA4C;IAC5C,MAAM,EAAE,OAAO,GAAG,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAEpD,OAAO;QACL,EAAE,EAAE,IAAA,eAAM,GAAE;QACZ,gBAAgB,EAAE,MAAM;QACxB,OAAO;QACP,OAAO;QACP,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE;KACP,CAAC;AACxB,CAAC;AAZD,kDAYC;AAED;;;;;;GAMG;AACH,SAAgB,UAAU,CACxB,UAAgC,EAChC,UAAkB;IAElB,OAAO,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;AAC1E,CAAC;AALD,gCAKC;AAgKD;;GAEG;AACH,IAAY,cAYX;AAZD,WAAY,cAAc;IACxB;;;OAGG;IACH,uDAAqC,CAAA;IAErC;;;OAGG;IACH,yCAAuB,CAAA;AACzB,CAAC,EAZW,cAAc,8BAAd,cAAc,QAYzB;AA2MD;;;;;;;;GAQG;AACH,SAAgB,oBAAoB,CAIlC,aAA4B,EAC5B,YAAkB;IAIlB,OAAO,aAAa,CAAC,cAAc,KAAK,YAAY,CAAC;AACvD,CAAC;AAVD,oDAUC","sourcesContent":["import type { NonEmptyArray } from '@metamask/controller-utils';\nimport type { ActionConstraint, EventConstraint } from '@metamask/messenger';\nimport type { Json } from '@metamask/utils';\nimport { nanoid } from 'nanoid';\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nimport type { CaveatConstraint, Caveat } from './Caveat';\nimport type {\n  // eslint-disable-next-line @typescript-eslint/no-unused-vars\n  PermissionController,\n  PermissionsRequest,\n  SideEffectMessenger,\n} from './PermissionController';\nimport type { SubjectType } from './SubjectMetadataController';\n\n/**\n * The origin of a subject.\n * Effectively the GUID of an entity that can have permissions.\n */\nexport type OriginString = string;\n\n/**\n * The name of a permission target.\n */\ntype TargetName = string;\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n */\nexport type PermissionConstraint = {\n  /**\n   * The context(s) in which this capability is meaningful.\n   *\n   * It is required by the standard, but we make it optional since there is only\n   * one context in our usage (i.e. the user's MetaMask instance).\n   */\n  readonly '@context'?: NonEmptyArray<string>;\n\n  /**\n   * The caveats of the permission.\n   *\n   * @see {@link Caveat} For more information.\n   */\n  readonly caveats: null | NonEmptyArray<CaveatConstraint>;\n\n  /**\n   * The creation date of the permission, in UNIX epoch time.\n   */\n  readonly date: number;\n\n  /**\n   * The GUID of the permission object.\n   */\n  readonly id: string;\n\n  /**\n   * The origin string of the subject that has the permission.\n   */\n  readonly invoker: OriginString;\n\n  /**\n   * A pointer to the resource that possession of the capability grants\n   * access to, for example a JSON-RPC method or endowment.\n   */\n  readonly parentCapability: string;\n};\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n *\n * @template Name - The name of the permission that the target corresponds to.\n * @template AllowedCaveat - A union of the allowed {@link Caveat} types\n * for the permission.\n */\nexport type ValidPermission<\n  Name extends TargetName,\n  AllowedCaveat extends CaveatConstraint,\n> = PermissionConstraint & {\n  /**\n   * The caveats of the permission.\n   *\n   * @see {@link Caveat} For more information.\n   */\n  readonly caveats: AllowedCaveat extends never\n    ? null\n    : NonEmptyArray<AllowedCaveat> | null;\n\n  /**\n   * A pointer to the resource that possession of the capability grants\n   * access to, for example a JSON-RPC method or endowment.\n   */\n  readonly parentCapability: Name;\n};\n\n/**\n * Internal utility for extracting the members types of an array. The type\n * evalutes to `never` if the specified type is the empty tuple or neither\n * an array nor a tuple.\n *\n * @template ArrayType - The array type whose members to extract.\n */\ntype ExtractArrayMembers<ArrayType> = ArrayType extends []\n  ? never\n  : ArrayType extends unknown[] | readonly unknown[]\n    ? ArrayType[number]\n    : never;\n\n/**\n * A utility type for extracting the allowed caveat types for a particular\n * permission from a permission specification type.\n *\n * @template PermissionSpecification - The permission specification type to\n * extract valid caveat types from.\n */\nexport type ExtractAllowedCaveatTypes<\n  PermissionSpecification extends PermissionSpecificationConstraint,\n> = ExtractArrayMembers<PermissionSpecification['allowedCaveats']>;\n\n/**\n * The options object of {@link constructPermission}.\n *\n * @template TargetPermission - The {@link Permission} that will be constructed.\n */\nexport type PermissionOptions<TargetPermission extends PermissionConstraint> = {\n  target: TargetPermission['parentCapability'];\n  /**\n   * The origin string of the subject that has the permission.\n   */\n  invoker: OriginString;\n\n  /**\n   * The caveats of the permission.\n   * See {@link Caveat}.\n   */\n  caveats?: NonEmptyArray<CaveatConstraint>;\n};\n\n/**\n * The default permission factory function. Naively constructs a permission from\n * the inputs. Sets a default, random `id` if none is provided.\n *\n * @see {@link Permission} For more details.\n * @template TargetPermission- - The {@link Permission} that will be constructed.\n * @param options - The options for the permission.\n * @returns The new permission object.\n */\nexport function constructPermission<\n  TargetPermission extends PermissionConstraint,\n>(options: PermissionOptions<TargetPermission>): TargetPermission {\n  const { caveats = null, invoker, target } = options;\n\n  return {\n    id: nanoid(),\n    parentCapability: target,\n    invoker,\n    caveats,\n    date: new Date().getTime(),\n  } as TargetPermission;\n}\n\n/**\n * Gets the caveat of the specified type belonging to the specified permission.\n *\n * @param permission - The permission whose caveat to retrieve.\n * @param caveatType - The type of the caveat to retrieve.\n * @returns The caveat, or undefined if no such caveat exists.\n */\nexport function findCaveat(\n  permission: PermissionConstraint,\n  caveatType: string,\n): CaveatConstraint | undefined {\n  return permission.caveats?.find((caveat) => caveat.type === caveatType);\n}\n\n/**\n * A requested permission object. Just an object with any of the properties\n * of a {@link PermissionConstraint} object.\n */\ntype RequestedPermission = Partial<PermissionConstraint>;\n\n/**\n * A record of target names and their {@link RequestedPermission} objects.\n */\nexport type RequestedPermissions = Record<TargetName, RequestedPermission>;\n\n/**\n * The restricted method context object. Essentially a way to pass internal\n * arguments to restricted methods and caveat functions, most importantly the\n * requesting origin.\n */\ntype RestrictedMethodContext = Readonly<{\n  origin: OriginString;\n  [key: string]: unknown;\n}>;\n\nexport type RestrictedMethodParameters = Json[] | Record<string, Json>;\n\n/**\n * The arguments passed to a restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n */\nexport type RestrictedMethodOptions<\n  Params extends RestrictedMethodParameters | null,\n> = {\n  method: TargetName;\n  params?: Params;\n  context: RestrictedMethodContext;\n};\n\n/**\n * A synchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type SyncRestrictedMethod<\n  Params extends RestrictedMethodParameters,\n  Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Result;\n\n/**\n * An asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type AsyncRestrictedMethod<\n  Params extends RestrictedMethodParameters,\n  Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Promise<Result>;\n\n/**\n * A synchronous or asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type RestrictedMethod<\n  Params extends RestrictedMethodParameters,\n  Result extends Json,\n> =\n  | SyncRestrictedMethod<Params, Result>\n  | AsyncRestrictedMethod<Params, Result>;\n\nexport type ValidRestrictedMethod<\n  MethodImplementation extends RestrictedMethod<\n    RestrictedMethodParameters,\n    Json\n  >,\n> = MethodImplementation extends (args: infer Options) => Json | Promise<Json>\n  ? Options extends RestrictedMethodOptions<RestrictedMethodParameters>\n    ? MethodImplementation\n    : never\n  : never;\n\n/**\n * {@link EndowmentGetter} parameter object.\n */\nexport type EndowmentGetterParams = {\n  /**\n   * The origin of the requesting subject.\n   */\n  origin: string;\n\n  /**\n   * Any additional data associated with the request.\n   */\n  requestData?: unknown;\n\n  [key: string]: unknown;\n};\n\n/**\n * A synchronous or asynchronous function that gets the endowments for a\n * particular endowment permission. The getter receives the origin of the\n * requesting subject and, optionally, additional request metadata.\n */\nexport type EndowmentGetter<Endowments extends Json> = (\n  options: EndowmentGetterParams,\n) => Endowments | Promise<Endowments>;\n\nexport type PermissionFactory<\n  TargetPermission extends PermissionConstraint,\n  RequestData extends Record<string, unknown>,\n> = (\n  options: PermissionOptions<TargetPermission>,\n  requestData?: RequestData,\n) => TargetPermission;\n\nexport type PermissionValidatorConstraint = (\n  permission: PermissionConstraint,\n  origin?: OriginString,\n  target?: string,\n) => void;\n\n/**\n * The parameters passed to the side-effect function.\n */\nexport type SideEffectParams<\n  Actions extends ActionConstraint,\n  Events extends EventConstraint,\n> = {\n  requestData: PermissionsRequest;\n  messenger: SideEffectMessenger<Actions, Events>;\n};\n\n/**\n * A function that will execute actions as a permission side-effect.\n */\nexport type SideEffectHandler<\n  Actions extends ActionConstraint,\n  Events extends EventConstraint,\n> = (params: SideEffectParams<Actions, Events>) => Promise<unknown>;\n\n/**\n * The permissions side effects.\n */\nexport type PermissionSideEffect<\n  Actions extends ActionConstraint,\n  Events extends EventConstraint,\n> = {\n  /**\n   * A method triggered when the permission is accepted by the user\n   */\n  onPermitted: SideEffectHandler<Actions, Events>;\n  /**\n   * A method triggered if a `onPermitted` method rejected.\n   */\n  onFailure?: SideEffectHandler<Actions, Events>;\n};\n\n/**\n * The different possible types of permissions.\n */\nexport enum PermissionType {\n  /**\n   * A restricted JSON-RPC method. A subject must have the requisite permission\n   * to call a restricted JSON-RPC method.\n   */\n  RestrictedMethod = 'RestrictedMethod',\n\n  /**\n   * An \"endowment\" granted to subjects that possess the requisite permission,\n   * such as a global environment variable exposing a restricted API, etc.\n   */\n  Endowment = 'Endowment',\n}\n\n/**\n * The base constraint for permission specification objects. Every\n * {@link Permission} supported by a {@link PermissionController} must have an\n * associated specification, which is the source of truth for all permission-\n * related types. A permission specification includes the list of permitted\n * caveats, and any factory and validation functions specified by the consumer.\n * A concrete permission specification may specify further fields as necessary.\n *\n * See the README for more details.\n */\ntype PermissionSpecificationBase<Type extends PermissionType> = {\n  /**\n   * The type of the specified permission.\n   */\n  permissionType: Type;\n\n  /**\n   * The name of the target resource of the permission.\n   */\n  targetName: string;\n\n  /**\n   * An array of the caveat types that may be added to instances of this\n   * permission.\n   */\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n\n  /**\n   * The factory function used to get permission objects. Permissions returned\n   * by this function are presumed to valid, and they will not be passed to the\n   * validator function associated with this specification (if any). In other\n   * words, the factory function should validate the permissions it creates.\n   *\n   * If no factory is specified, the {@link Permission} constructor will be\n   * used, and the validator function (if specified) will be called on newly\n   * constructed permissions.\n   */\n  // TODO: Replace `any` with type\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  factory?: PermissionFactory<any, Record<string, unknown>>;\n\n  /**\n   * The validator function used to validate permissions of the associated type\n   * whenever they are granted or their caveat arrays are mutated.\n   *\n   * Permission validators are **not** invoked when a caveat is mutated, provided\n   * the caveat array has not changed. For this reason, permission validators\n   * **must not** be used to validate caveats. To validate caveats, use the\n   * corresponding caveat specification property.\n   *\n   * The validator should throw an appropriate JSON-RPC error if validation fails.\n   */\n  validator?: PermissionValidatorConstraint;\n\n  /**\n   * The side-effect triggered by the {@link PermissionController} once the user approved it.\n   * The side-effect can only be an action allowed to be called inside the {@link PermissionController}.\n   *\n   * If the side-effect action fails, the permission that triggered it is revoked.\n   */\n  sideEffect?: PermissionSideEffect<ActionConstraint, EventConstraint>;\n\n  /**\n   * The Permission may be available to only a subset of the subject types. If so, specify the subject types as an array.\n   * If a subject with a type not in this array tries to request the permission, the call will fail.\n   *\n   * Leaving this as undefined uses default behaviour where the permission is available to request for all subject types.\n   */\n  subjectTypes?: readonly SubjectType[];\n};\n\n/**\n * The constraint for restricted method permission specification objects.\n * Permissions that correspond to JSON-RPC methods are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type RestrictedMethodSpecificationConstraint =\n  PermissionSpecificationBase<PermissionType.RestrictedMethod> & {\n    /**\n     * The implementation of the restricted method that the permission\n     * corresponds to.\n     */\n    // TODO: Replace `any` with type\n    // eslint-disable-next-line @typescript-eslint/no-explicit-any\n    methodImplementation: RestrictedMethod<any, Json>;\n  };\n\n/**\n * The constraint for endowment permission specification objects. Permissions\n * that endow callers with some restricted resource are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type EndowmentSpecificationConstraint =\n  PermissionSpecificationBase<PermissionType.Endowment> & {\n    /**\n     * The {@link EndowmentGetter} function for the permission. This function\n     * will be called by the {@link PermissionController} whenever the\n     * permission is invoked, after which the host can apply the endowments to\n     * the requesting subject in the intended manner.\n     */\n    endowmentGetter: EndowmentGetter<Json>;\n  };\n\n/**\n * The constraint for permission specification objects. Every {@link Permission}\n * supported by a {@link PermissionController} must have an associated\n * specification, which is the source of truth for all permission-related types.\n * All specifications must adhere to the {@link PermissionSpecificationBase}\n * interface, but specifications may have different fields depending on the\n * {@link PermissionType}.\n *\n * See the README for more details.\n */\nexport type PermissionSpecificationConstraint =\n  | EndowmentSpecificationConstraint\n  | RestrictedMethodSpecificationConstraint;\n\n/**\n * Options for {@link PermissionSpecificationBuilder} functions.\n */\ntype PermissionSpecificationBuilderOptions<\n  FactoryHooks extends Record<string, unknown>,\n  MethodHooks extends Record<string, unknown>,\n  ValidatorHooks extends Record<string, unknown>,\n> = {\n  targetName?: string;\n  allowedCaveats?: Readonly<NonEmptyArray<string>> | null;\n  factoryHooks?: FactoryHooks;\n  methodHooks?: MethodHooks;\n  validatorHooks?: ValidatorHooks;\n};\n\n/**\n * A function that builds a permission specification. Modules that specify\n * permissions for external consumption should make this their primary /\n * default export so that host applications can use them to generate concrete\n * specifications tailored to their requirements.\n */\nexport type PermissionSpecificationBuilder<\n  Type extends PermissionType,\n  Options extends PermissionSpecificationBuilderOptions<\n    Record<string, unknown>,\n    Record<string, unknown>,\n    Record<string, unknown>\n  >,\n  Specification extends PermissionSpecificationConstraint & {\n    permissionType: Type;\n  },\n> = (options: Options) => Specification;\n\n/**\n * A restricted method permission export object, containing the\n * {@link PermissionSpecificationBuilder} function and \"hook name\" objects.\n */\nexport type PermissionSpecificationBuilderExportConstraint = {\n  targetName: string;\n  specificationBuilder: PermissionSpecificationBuilder<\n    PermissionType,\n    PermissionSpecificationBuilderOptions<\n      Record<string, unknown>,\n      Record<string, unknown>,\n      Record<string, unknown>\n    >,\n    PermissionSpecificationConstraint\n  >;\n  factoryHookNames?: Record<string, true>;\n  methodHookNames?: Record<string, true>;\n  validatorHookNames?: Record<string, true>;\n};\n\ntype ValidRestrictedMethodSpecification<\n  Specification extends RestrictedMethodSpecificationConstraint,\n> =\n  Specification['methodImplementation'] extends ValidRestrictedMethod<\n    Specification['methodImplementation']\n  >\n    ? Specification\n    : never;\n\n/**\n * Constraint for {@link PermissionSpecificationConstraint} objects that\n * evaluates to `never` if the specification contains any invalid fields.\n *\n * @template Specification - The permission specification to validate.\n */\nexport type ValidPermissionSpecification<\n  Specification extends PermissionSpecificationConstraint,\n> = Specification['targetName'] extends TargetName\n  ? Specification['permissionType'] extends PermissionType.Endowment\n    ? Specification\n    : Specification['permissionType'] extends PermissionType.RestrictedMethod\n      ? ValidRestrictedMethodSpecification<\n          Extract<Specification, RestrictedMethodSpecificationConstraint>\n        >\n      : never\n  : never;\n\n/**\n * Checks that the specification has the expected permission type.\n *\n * @param specification - The specification to check.\n * @param expectedType - The expected permission type.\n * @template Specification - The specification to check.\n * @template Type - The expected permission type.\n * @returns Whether or not the specification is of the expected type.\n */\nexport function hasSpecificationType<\n  Specification extends PermissionSpecificationConstraint,\n  Type extends PermissionType,\n>(\n  specification: Specification,\n  expectedType: Type,\n): specification is Specification & {\n  permissionType: Type;\n} {\n  return specification.permissionType === expectedType;\n}\n\n/**\n * The specifications for all permissions supported by a particular\n * {@link PermissionController}.\n *\n * @template Specifications - The union of all {@link PermissionSpecificationConstraint} types.\n */\nexport type PermissionSpecificationMap<\n  Specification extends PermissionSpecificationConstraint,\n> = {\n  [Name in Specification['targetName']]: Specification extends {\n    targetName: Name;\n  }\n    ? Specification\n    : never;\n};\n\n/**\n * Extracts a specific {@link PermissionSpecificationConstraint} from a union of\n * permission specifications.\n *\n * @template Specification - The specification union type to extract from.\n * @template Name - The `targetName` of the specification to extract.\n */\nexport type ExtractPermissionSpecification<\n  Specification extends PermissionSpecificationConstraint,\n  Name extends Specification['targetName'],\n> = Specification extends {\n  targetName: Name;\n}\n  ? Specification\n  : never;\n"]}

package/dist/Permission.d.cts

@@ -1,5 +1,5 @@
-import type { ActionConstraint, EventConstraint } from "@metamask/base-controller";
 import type { NonEmptyArray } from "@metamask/controller-utils";
+import type { ActionConstraint, EventConstraint } from "@metamask/messenger";
 import type { Json } from "@metamask/utils";
 import type { CaveatConstraint } from "./Caveat.cjs";
 import type { PermissionsRequest, SideEffectMessenger } from "./PermissionController.cjs";
@@ -209,7 +209,7 @@ export type PermissionValidatorConstraint = (permission: PermissionConstraint, o
  */
 export type SideEffectParams<Actions extends ActionConstraint, Events extends EventConstraint> = {
     requestData: PermissionsRequest;
-    messagingSystem: SideEffectMessenger<Actions, Events>;
+    messenger: SideEffectMessenger<Actions, Events>;
 };
 /**
  * A function that will execute actions as a permission side-effect.

package/dist/Permission.d.cts.map

@@ -1 +1 @@
-{"version":3,"file":"Permission.d.cts","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EAChB,kCAAkC;AACnC,OAAO,KAAK,EAAE,aAAa,EAAE,mCAAmC;AAChE,OAAO,KAAK,EAAE,IAAI,EAAE,wBAAwB;AAI5C,OAAO,KAAK,EAAE,gBAAgB,EAAU,qBAAiB;AACzD,OAAO,KAAK,EAGV,kBAAkB,EAClB,mBAAmB,EACpB,mCAA+B;AAChC,OAAO,KAAK,EAAE,WAAW,EAAE,wCAAoC;AAE/D;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAElC;;GAEG;AACH,KAAK,UAAU,GAAG,MAAM,CAAC;AAEzB;;;;;;;;GAQG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAE5C;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,IAAI,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAEzD;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;IAE/B;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;CACnC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,eAAe,CACzB,IAAI,SAAS,UAAU,EACvB,aAAa,SAAS,gBAAgB,IACpC,oBAAoB,GAAG;IACzB;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,aAAa,SAAS,KAAK,GACzC,IAAI,GACJ,aAAa,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC;IAExC;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC;CACjC,CAAC;AAEF;;;;;;GAMG;AACH,KAAK,mBAAmB,CAAC,SAAS,IAAI,SAAS,SAAS,EAAE,GACtD,KAAK,GACL,SAAS,SAAS,OAAO,EAAE,GAAG,SAAS,OAAO,EAAE,GAChD,SAAS,CAAC,MAAM,CAAC,GACjB,KAAK,CAAC;AAEV;;;;;;GAMG;AACH,MAAM,MAAM,yBAAyB,CACnC,uBAAuB,SAAS,iCAAiC,IAC/D,mBAAmB,CAAC,uBAAuB,CAAC,gBAAgB,CAAC,CAAC,CAAC;AAEnE;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,CAAC,gBAAgB,SAAS,oBAAoB,IAAI;IAC7E,MAAM,EAAE,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;IAC7C;;OAEG;IACH,OAAO,EAAE,YAAY,CAAC;IAEtB;;;OAGG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC,gBAAgB,CAAC,CAAC;CAC3C,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CACjC,gBAAgB,SAAS,oBAAoB,EAC7C,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,GAAG,gBAAgB,CAUhE;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CACxB,UAAU,EAAE,oBAAoB,EAChC,UAAU,EAAE,MAAM,GACjB,gBAAgB,GAAG,SAAS,CAE9B;AAED;;;GAGG;AACH,KAAK,mBAAmB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;AAE3E;;;;GAIG;AACH,KAAK,uBAAuB,GAAG,QAAQ,CAAC;IACtC,MAAM,EAAE,YAAY,CAAC;IACrB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC,CAAC;AAEH,MAAM,MAAM,0BAA0B,GAAG,IAAI,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAEvE;;;;GAIG;AACH,MAAM,MAAM,uBAAuB,CACjC,MAAM,SAAS,0BAA0B,GAAG,IAAI,IAC9C;IACF,MAAM,EAAE,UAAU,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,uBAAuB,CAAC;CAClC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,CAC9B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC;AAEtD;;;;;GAKG;AACH,MAAM,MAAM,qBAAqB,CAC/B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE/D;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,CAC1B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IAEjB,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,GACpC,qBAAqB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE1C,MAAM,MAAM,qBAAqB,CAC/B,oBAAoB,SAAS,gBAAgB,CAC3C,0BAA0B,EAC1B,IAAI,CACL,IACC,oBAAoB,SAAS,CAAC,IAAI,EAAE,MAAM,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,GAC1E,OAAO,SAAS,uBAAuB,CAAC,0BAA0B,CAAC,GACjE,oBAAoB,GACpB,KAAK,GACP,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,CAAC,UAAU,SAAS,IAAI,IAAI,CACrD,OAAO,EAAE,qBAAqB,KAC3B,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAEtC,MAAM,MAAM,iBAAiB,CAC3B,gBAAgB,SAAS,oBAAoB,EAC7C,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IACzC,CACF,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,EAC5C,WAAW,CAAC,EAAE,WAAW,KACtB,gBAAgB,CAAC;AAEtB,MAAM,MAAM,6BAA6B,GAAG,CAC1C,UAAU,EAAE,oBAAoB,EAChC,MAAM,CAAC,EAAE,YAAY,EACrB,MAAM,CAAC,EAAE,MAAM,KACZ,IAAI,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,gBAAgB,CAC1B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF,WAAW,EAAE,kBAAkB,CAAC;IAChC,eAAe,EAAE,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CACvD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAC3B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B,CAAC,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpE;;GAEG;AACH,MAAM,MAAM,oBAAoB,CAC9B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF;;OAEG;IACH,WAAW,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD;;OAEG;IACH,SAAS,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CAChD,CAAC;AAEF;;GAEG;AACH,oBAAY,cAAc;IACxB;;;OAGG;IACH,gBAAgB,qBAAqB;IAErC;;;OAGG;IACH,SAAS,cAAc;CACxB;AAED;;;;;;;;;GASG;AACH,KAAK,2BAA2B,CAAC,IAAI,SAAS,cAAc,IAAI;IAC9D;;OAEG;IACH,cAAc,EAAE,IAAI,CAAC;IAErB;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,cAAc,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IAEvD;;;;;;;;;OASG;IAGH,OAAO,CAAC,EAAE,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAE1D;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,6BAA6B,CAAC;IAE1C;;;;;OAKG;IACH,UAAU,CAAC,EAAE,oBAAoB,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAC;IAErE;;;;;OAKG;IACH,YAAY,CAAC,EAAE,SAAS,WAAW,EAAE,CAAC;CACvC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,uCAAuC,GACjD,2BAA2B,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;IAC7D;;;OAGG;IAGH,oBAAoB,EAAE,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;CACnD,CAAC;AAEJ;;;;;;GAMG;AACH,MAAM,MAAM,gCAAgC,GAC1C,2BAA2B,CAAC,cAAc,CAAC,SAAS,CAAC,GAAG;IACtD;;;;;OAKG;IACH,eAAe,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC;CACxC,CAAC;AAEJ;;;;;;;;;GASG;AACH,MAAM,MAAM,iCAAiC,GACzC,gCAAgC,GAChC,uCAAuC,CAAC;AAE5C;;GAEG;AACH,KAAK,qCAAqC,CACxC,YAAY,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5C,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC3C,cAAc,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAC5C;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IACxD,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,8BAA8B,CACxC,IAAI,SAAS,cAAc,EAC3B,OAAO,SAAS,qCAAqC,CACnD,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACxB,EACD,aAAa,SAAS,iCAAiC,GAAG;IACxD,cAAc,EAAE,IAAI,CAAC;CACtB,IACC,CAAC,OAAO,EAAE,OAAO,KAAK,aAAa,CAAC;AAExC;;;GAGG;AACH,MAAM,MAAM,8CAA8C,GAAG;IAC3D,UAAU,EAAE,MAAM,CAAC;IACnB,oBAAoB,EAAE,8BAA8B,CAClD,cAAc,EACd,qCAAqC,CACnC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACxB,EACD,iCAAiC,CAClC,CAAC;IACF,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACxC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACvC,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;CAC3C,CAAC;AAEF,KAAK,kCAAkC,CACrC,aAAa,SAAS,uCAAuC,IAC3D,aAAa,CAAC,sBAAsB,CAAC,SAAS,qBAAqB,CACrE,aAAa,CAAC,sBAAsB,CAAC,CACtC,GACG,aAAa,GACb,KAAK,CAAC;AAEV;;;;;GAKG;AACH,MAAM,MAAM,4BAA4B,CACtC,aAAa,SAAS,iCAAiC,IACrD,aAAa,CAAC,YAAY,CAAC,SAAS,UAAU,GAC9C,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,SAAS,GAC9D,aAAa,GACb,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,gBAAgB,GACvE,kCAAkC,CAChC,OAAO,CAAC,aAAa,EAAE,uCAAuC,CAAC,CAChE,GACD,KAAK,GACP,KAAK,CAAC;AAEV;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,cAAc,EAE3B,aAAa,EAAE,aAAa,EAC5B,YAAY,EAAE,IAAI,GACjB,aAAa,IAAI,aAAa,GAAG;IAClC,cAAc,EAAE,IAAI,CAAC;CACtB,CAEA;AAED;;;;;GAKG;AACH,MAAM,MAAM,0BAA0B,CACpC,aAAa,SAAS,iCAAiC,IACrD;KACD,IAAI,IAAI,aAAa,CAAC,YAAY,CAAC,GAAG,aAAa,SAAS;QAC3D,UAAU,EAAE,IAAI,CAAC;KAClB,GACG,aAAa,GACb,KAAK;CACV,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,8BAA8B,CACxC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,aAAa,CAAC,YAAY,CAAC,IACtC,aAAa,SAAS;IACxB,UAAU,EAAE,IAAI,CAAC;CAClB,GACG,aAAa,GACb,KAAK,CAAC"}
+{"version":3,"file":"Permission.d.cts","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,mCAAmC;AAChE,OAAO,KAAK,EAAE,gBAAgB,EAAE,eAAe,EAAE,4BAA4B;AAC7E,OAAO,KAAK,EAAE,IAAI,EAAE,wBAAwB;AAI5C,OAAO,KAAK,EAAE,gBAAgB,EAAU,qBAAiB;AACzD,OAAO,KAAK,EAGV,kBAAkB,EAClB,mBAAmB,EACpB,mCAA+B;AAChC,OAAO,KAAK,EAAE,WAAW,EAAE,wCAAoC;AAE/D;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAElC;;GAEG;AACH,KAAK,UAAU,GAAG,MAAM,CAAC;AAEzB;;;;;;;;GAQG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAE5C;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,IAAI,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAEzD;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;IAE/B;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;CACnC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,eAAe,CACzB,IAAI,SAAS,UAAU,EACvB,aAAa,SAAS,gBAAgB,IACpC,oBAAoB,GAAG;IACzB;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,aAAa,SAAS,KAAK,GACzC,IAAI,GACJ,aAAa,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC;IAExC;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC;CACjC,CAAC;AAEF;;;;;;GAMG;AACH,KAAK,mBAAmB,CAAC,SAAS,IAAI,SAAS,SAAS,EAAE,GACtD,KAAK,GACL,SAAS,SAAS,OAAO,EAAE,GAAG,SAAS,OAAO,EAAE,GAC9C,SAAS,CAAC,MAAM,CAAC,GACjB,KAAK,CAAC;AAEZ;;;;;;GAMG;AACH,MAAM,MAAM,yBAAyB,CACnC,uBAAuB,SAAS,iCAAiC,IAC/D,mBAAmB,CAAC,uBAAuB,CAAC,gBAAgB,CAAC,CAAC,CAAC;AAEnE;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,CAAC,gBAAgB,SAAS,oBAAoB,IAAI;IAC7E,MAAM,EAAE,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;IAC7C;;OAEG;IACH,OAAO,EAAE,YAAY,CAAC;IAEtB;;;OAGG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC,gBAAgB,CAAC,CAAC;CAC3C,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CACjC,gBAAgB,SAAS,oBAAoB,EAC7C,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,GAAG,gBAAgB,CAUhE;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CACxB,UAAU,EAAE,oBAAoB,EAChC,UAAU,EAAE,MAAM,GACjB,gBAAgB,GAAG,SAAS,CAE9B;AAED;;;GAGG;AACH,KAAK,mBAAmB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;AAE3E;;;;GAIG;AACH,KAAK,uBAAuB,GAAG,QAAQ,CAAC;IACtC,MAAM,EAAE,YAAY,CAAC;IACrB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC,CAAC;AAEH,MAAM,MAAM,0BAA0B,GAAG,IAAI,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAEvE;;;;GAIG;AACH,MAAM,MAAM,uBAAuB,CACjC,MAAM,SAAS,0BAA0B,GAAG,IAAI,IAC9C;IACF,MAAM,EAAE,UAAU,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,uBAAuB,CAAC;CAClC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,CAC9B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC;AAEtD;;;;;GAKG;AACH,MAAM,MAAM,qBAAqB,CAC/B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE/D;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,CAC1B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IAEjB,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,GACpC,qBAAqB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE1C,MAAM,MAAM,qBAAqB,CAC/B,oBAAoB,SAAS,gBAAgB,CAC3C,0BAA0B,EAC1B,IAAI,CACL,IACC,oBAAoB,SAAS,CAAC,IAAI,EAAE,MAAM,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,GAC1E,OAAO,SAAS,uBAAuB,CAAC,0BAA0B,CAAC,GACjE,oBAAoB,GACpB,KAAK,GACP,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,CAAC,UAAU,SAAS,IAAI,IAAI,CACrD,OAAO,EAAE,qBAAqB,KAC3B,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAEtC,MAAM,MAAM,iBAAiB,CAC3B,gBAAgB,SAAS,oBAAoB,EAC7C,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IACzC,CACF,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,EAC5C,WAAW,CAAC,EAAE,WAAW,KACtB,gBAAgB,CAAC;AAEtB,MAAM,MAAM,6BAA6B,GAAG,CAC1C,UAAU,EAAE,oBAAoB,EAChC,MAAM,CAAC,EAAE,YAAY,EACrB,MAAM,CAAC,EAAE,MAAM,KACZ,IAAI,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,gBAAgB,CAC1B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF,WAAW,EAAE,kBAAkB,CAAC;IAChC,SAAS,EAAE,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CACjD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAC3B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B,CAAC,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpE;;GAEG;AACH,MAAM,MAAM,oBAAoB,CAC9B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF;;OAEG;IACH,WAAW,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD;;OAEG;IACH,SAAS,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CAChD,CAAC;AAEF;;GAEG;AACH,oBAAY,cAAc;IACxB;;;OAGG;IACH,gBAAgB,qBAAqB;IAErC;;;OAGG;IACH,SAAS,cAAc;CACxB;AAED;;;;;;;;;GASG;AACH,KAAK,2BAA2B,CAAC,IAAI,SAAS,cAAc,IAAI;IAC9D;;OAEG;IACH,cAAc,EAAE,IAAI,CAAC;IAErB;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,cAAc,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IAEvD;;;;;;;;;OASG;IAGH,OAAO,CAAC,EAAE,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAE1D;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,6BAA6B,CAAC;IAE1C;;;;;OAKG;IACH,UAAU,CAAC,EAAE,oBAAoB,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAC;IAErE;;;;;OAKG;IACH,YAAY,CAAC,EAAE,SAAS,WAAW,EAAE,CAAC;CACvC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,uCAAuC,GACjD,2BAA2B,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;IAC7D;;;OAGG;IAGH,oBAAoB,EAAE,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;CACnD,CAAC;AAEJ;;;;;;GAMG;AACH,MAAM,MAAM,gCAAgC,GAC1C,2BAA2B,CAAC,cAAc,CAAC,SAAS,CAAC,GAAG;IACtD;;;;;OAKG;IACH,eAAe,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC;CACxC,CAAC;AAEJ;;;;;;;;;GASG;AACH,MAAM,MAAM,iCAAiC,GACzC,gCAAgC,GAChC,uCAAuC,CAAC;AAE5C;;GAEG;AACH,KAAK,qCAAqC,CACxC,YAAY,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5C,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC3C,cAAc,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAC5C;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IACxD,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,8BAA8B,CACxC,IAAI,SAAS,cAAc,EAC3B,OAAO,SAAS,qCAAqC,CACnD,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACxB,EACD,aAAa,SAAS,iCAAiC,GAAG;IACxD,cAAc,EAAE,IAAI,CAAC;CACtB,IACC,CAAC,OAAO,EAAE,OAAO,KAAK,aAAa,CAAC;AAExC;;;GAGG;AACH,MAAM,MAAM,8CAA8C,GAAG;IAC3D,UAAU,EAAE,MAAM,CAAC;IACnB,oBAAoB,EAAE,8BAA8B,CAClD,cAAc,EACd,qCAAqC,CACnC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACxB,EACD,iCAAiC,CAClC,CAAC;IACF,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACxC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACvC,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;CAC3C,CAAC;AAEF,KAAK,kCAAkC,CACrC,aAAa,SAAS,uCAAuC,IAE7D,aAAa,CAAC,sBAAsB,CAAC,SAAS,qBAAqB,CACjE,aAAa,CAAC,sBAAsB,CAAC,CACtC,GACG,aAAa,GACb,KAAK,CAAC;AAEZ;;;;;GAKG;AACH,MAAM,MAAM,4BAA4B,CACtC,aAAa,SAAS,iCAAiC,IACrD,aAAa,CAAC,YAAY,CAAC,SAAS,UAAU,GAC9C,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,SAAS,GAC9D,aAAa,GACb,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,gBAAgB,GACrE,kCAAkC,CAChC,OAAO,CAAC,aAAa,EAAE,uCAAuC,CAAC,CAChE,GACD,KAAK,GACT,KAAK,CAAC;AAEV;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,cAAc,EAE3B,aAAa,EAAE,aAAa,EAC5B,YAAY,EAAE,IAAI,GACjB,aAAa,IAAI,aAAa,GAAG;IAClC,cAAc,EAAE,IAAI,CAAC;CACtB,CAEA;AAED;;;;;GAKG;AACH,MAAM,MAAM,0BAA0B,CACpC,aAAa,SAAS,iCAAiC,IACrD;KACD,IAAI,IAAI,aAAa,CAAC,YAAY,CAAC,GAAG,aAAa,SAAS;QAC3D,UAAU,EAAE,IAAI,CAAC;KAClB,GACG,aAAa,GACb,KAAK;CACV,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,8BAA8B,CACxC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,aAAa,CAAC,YAAY,CAAC,IACtC,aAAa,SAAS;IACxB,UAAU,EAAE,IAAI,CAAC;CAClB,GACG,aAAa,GACb,KAAK,CAAC"}

package/dist/Permission.d.mts

@@ -1,5 +1,5 @@
-import type { ActionConstraint, EventConstraint } from "@metamask/base-controller";
 import type { NonEmptyArray } from "@metamask/controller-utils";
+import type { ActionConstraint, EventConstraint } from "@metamask/messenger";
 import type { Json } from "@metamask/utils";
 import type { CaveatConstraint } from "./Caveat.mjs";
 import type { PermissionsRequest, SideEffectMessenger } from "./PermissionController.mjs";
@@ -209,7 +209,7 @@ export type PermissionValidatorConstraint = (permission: PermissionConstraint, o
  */
 export type SideEffectParams<Actions extends ActionConstraint, Events extends EventConstraint> = {
     requestData: PermissionsRequest;
-    messagingSystem: SideEffectMessenger<Actions, Events>;
+    messenger: SideEffectMessenger<Actions, Events>;
 };
 /**
  * A function that will execute actions as a permission side-effect.

package/dist/Permission.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"Permission.d.mts","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EAChB,kCAAkC;AACnC,OAAO,KAAK,EAAE,aAAa,EAAE,mCAAmC;AAChE,OAAO,KAAK,EAAE,IAAI,EAAE,wBAAwB;AAI5C,OAAO,KAAK,EAAE,gBAAgB,EAAU,qBAAiB;AACzD,OAAO,KAAK,EAGV,kBAAkB,EAClB,mBAAmB,EACpB,mCAA+B;AAChC,OAAO,KAAK,EAAE,WAAW,EAAE,wCAAoC;AAE/D;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAElC;;GAEG;AACH,KAAK,UAAU,GAAG,MAAM,CAAC;AAEzB;;;;;;;;GAQG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAE5C;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,IAAI,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAEzD;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;IAE/B;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;CACnC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,eAAe,CACzB,IAAI,SAAS,UAAU,EACvB,aAAa,SAAS,gBAAgB,IACpC,oBAAoB,GAAG;IACzB;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,aAAa,SAAS,KAAK,GACzC,IAAI,GACJ,aAAa,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC;IAExC;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC;CACjC,CAAC;AAEF;;;;;;GAMG;AACH,KAAK,mBAAmB,CAAC,SAAS,IAAI,SAAS,SAAS,EAAE,GACtD,KAAK,GACL,SAAS,SAAS,OAAO,EAAE,GAAG,SAAS,OAAO,EAAE,GAChD,SAAS,CAAC,MAAM,CAAC,GACjB,KAAK,CAAC;AAEV;;;;;;GAMG;AACH,MAAM,MAAM,yBAAyB,CACnC,uBAAuB,SAAS,iCAAiC,IAC/D,mBAAmB,CAAC,uBAAuB,CAAC,gBAAgB,CAAC,CAAC,CAAC;AAEnE;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,CAAC,gBAAgB,SAAS,oBAAoB,IAAI;IAC7E,MAAM,EAAE,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;IAC7C;;OAEG;IACH,OAAO,EAAE,YAAY,CAAC;IAEtB;;;OAGG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC,gBAAgB,CAAC,CAAC;CAC3C,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CACjC,gBAAgB,SAAS,oBAAoB,EAC7C,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,GAAG,gBAAgB,CAUhE;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CACxB,UAAU,EAAE,oBAAoB,EAChC,UAAU,EAAE,MAAM,GACjB,gBAAgB,GAAG,SAAS,CAE9B;AAED;;;GAGG;AACH,KAAK,mBAAmB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;AAE3E;;;;GAIG;AACH,KAAK,uBAAuB,GAAG,QAAQ,CAAC;IACtC,MAAM,EAAE,YAAY,CAAC;IACrB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC,CAAC;AAEH,MAAM,MAAM,0BAA0B,GAAG,IAAI,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAEvE;;;;GAIG;AACH,MAAM,MAAM,uBAAuB,CACjC,MAAM,SAAS,0BAA0B,GAAG,IAAI,IAC9C;IACF,MAAM,EAAE,UAAU,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,uBAAuB,CAAC;CAClC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,CAC9B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC;AAEtD;;;;;GAKG;AACH,MAAM,MAAM,qBAAqB,CAC/B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE/D;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,CAC1B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IAEjB,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,GACpC,qBAAqB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE1C,MAAM,MAAM,qBAAqB,CAC/B,oBAAoB,SAAS,gBAAgB,CAC3C,0BAA0B,EAC1B,IAAI,CACL,IACC,oBAAoB,SAAS,CAAC,IAAI,EAAE,MAAM,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,GAC1E,OAAO,SAAS,uBAAuB,CAAC,0BAA0B,CAAC,GACjE,oBAAoB,GACpB,KAAK,GACP,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,CAAC,UAAU,SAAS,IAAI,IAAI,CACrD,OAAO,EAAE,qBAAqB,KAC3B,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAEtC,MAAM,MAAM,iBAAiB,CAC3B,gBAAgB,SAAS,oBAAoB,EAC7C,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IACzC,CACF,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,EAC5C,WAAW,CAAC,EAAE,WAAW,KACtB,gBAAgB,CAAC;AAEtB,MAAM,MAAM,6BAA6B,GAAG,CAC1C,UAAU,EAAE,oBAAoB,EAChC,MAAM,CAAC,EAAE,YAAY,EACrB,MAAM,CAAC,EAAE,MAAM,KACZ,IAAI,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,gBAAgB,CAC1B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF,WAAW,EAAE,kBAAkB,CAAC;IAChC,eAAe,EAAE,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CACvD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAC3B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B,CAAC,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpE;;GAEG;AACH,MAAM,MAAM,oBAAoB,CAC9B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF;;OAEG;IACH,WAAW,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD;;OAEG;IACH,SAAS,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CAChD,CAAC;AAEF;;GAEG;AACH,oBAAY,cAAc;IACxB;;;OAGG;IACH,gBAAgB,qBAAqB;IAErC;;;OAGG;IACH,SAAS,cAAc;CACxB;AAED;;;;;;;;;GASG;AACH,KAAK,2BAA2B,CAAC,IAAI,SAAS,cAAc,IAAI;IAC9D;;OAEG;IACH,cAAc,EAAE,IAAI,CAAC;IAErB;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,cAAc,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IAEvD;;;;;;;;;OASG;IAGH,OAAO,CAAC,EAAE,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAE1D;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,6BAA6B,CAAC;IAE1C;;;;;OAKG;IACH,UAAU,CAAC,EAAE,oBAAoB,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAC;IAErE;;;;;OAKG;IACH,YAAY,CAAC,EAAE,SAAS,WAAW,EAAE,CAAC;CACvC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,uCAAuC,GACjD,2BAA2B,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;IAC7D;;;OAGG;IAGH,oBAAoB,EAAE,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;CACnD,CAAC;AAEJ;;;;;;GAMG;AACH,MAAM,MAAM,gCAAgC,GAC1C,2BAA2B,CAAC,cAAc,CAAC,SAAS,CAAC,GAAG;IACtD;;;;;OAKG;IACH,eAAe,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC;CACxC,CAAC;AAEJ;;;;;;;;;GASG;AACH,MAAM,MAAM,iCAAiC,GACzC,gCAAgC,GAChC,uCAAuC,CAAC;AAE5C;;GAEG;AACH,KAAK,qCAAqC,CACxC,YAAY,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5C,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC3C,cAAc,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAC5C;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IACxD,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,8BAA8B,CACxC,IAAI,SAAS,cAAc,EAC3B,OAAO,SAAS,qCAAqC,CACnD,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACxB,EACD,aAAa,SAAS,iCAAiC,GAAG;IACxD,cAAc,EAAE,IAAI,CAAC;CACtB,IACC,CAAC,OAAO,EAAE,OAAO,KAAK,aAAa,CAAC;AAExC;;;GAGG;AACH,MAAM,MAAM,8CAA8C,GAAG;IAC3D,UAAU,EAAE,MAAM,CAAC;IACnB,oBAAoB,EAAE,8BAA8B,CAClD,cAAc,EACd,qCAAqC,CACnC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACxB,EACD,iCAAiC,CAClC,CAAC;IACF,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACxC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACvC,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;CAC3C,CAAC;AAEF,KAAK,kCAAkC,CACrC,aAAa,SAAS,uCAAuC,IAC3D,aAAa,CAAC,sBAAsB,CAAC,SAAS,qBAAqB,CACrE,aAAa,CAAC,sBAAsB,CAAC,CACtC,GACG,aAAa,GACb,KAAK,CAAC;AAEV;;;;;GAKG;AACH,MAAM,MAAM,4BAA4B,CACtC,aAAa,SAAS,iCAAiC,IACrD,aAAa,CAAC,YAAY,CAAC,SAAS,UAAU,GAC9C,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,SAAS,GAC9D,aAAa,GACb,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,gBAAgB,GACvE,kCAAkC,CAChC,OAAO,CAAC,aAAa,EAAE,uCAAuC,CAAC,CAChE,GACD,KAAK,GACP,KAAK,CAAC;AAEV;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,cAAc,EAE3B,aAAa,EAAE,aAAa,EAC5B,YAAY,EAAE,IAAI,GACjB,aAAa,IAAI,aAAa,GAAG;IAClC,cAAc,EAAE,IAAI,CAAC;CACtB,CAEA;AAED;;;;;GAKG;AACH,MAAM,MAAM,0BAA0B,CACpC,aAAa,SAAS,iCAAiC,IACrD;KACD,IAAI,IAAI,aAAa,CAAC,YAAY,CAAC,GAAG,aAAa,SAAS;QAC3D,UAAU,EAAE,IAAI,CAAC;KAClB,GACG,aAAa,GACb,KAAK;CACV,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,8BAA8B,CACxC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,aAAa,CAAC,YAAY,CAAC,IACtC,aAAa,SAAS;IACxB,UAAU,EAAE,IAAI,CAAC;CAClB,GACG,aAAa,GACb,KAAK,CAAC"}
+{"version":3,"file":"Permission.d.mts","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,mCAAmC;AAChE,OAAO,KAAK,EAAE,gBAAgB,EAAE,eAAe,EAAE,4BAA4B;AAC7E,OAAO,KAAK,EAAE,IAAI,EAAE,wBAAwB;AAI5C,OAAO,KAAK,EAAE,gBAAgB,EAAU,qBAAiB;AACzD,OAAO,KAAK,EAGV,kBAAkB,EAClB,mBAAmB,EACpB,mCAA+B;AAChC,OAAO,KAAK,EAAE,WAAW,EAAE,wCAAoC;AAE/D;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAElC;;GAEG;AACH,KAAK,UAAU,GAAG,MAAM,CAAC;AAEzB;;;;;;;;GAQG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAE5C;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,IAAI,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAEzD;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;IAE/B;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;CACnC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,eAAe,CACzB,IAAI,SAAS,UAAU,EACvB,aAAa,SAAS,gBAAgB,IACpC,oBAAoB,GAAG;IACzB;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,aAAa,SAAS,KAAK,GACzC,IAAI,GACJ,aAAa,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC;IAExC;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC;CACjC,CAAC;AAEF;;;;;;GAMG;AACH,KAAK,mBAAmB,CAAC,SAAS,IAAI,SAAS,SAAS,EAAE,GACtD,KAAK,GACL,SAAS,SAAS,OAAO,EAAE,GAAG,SAAS,OAAO,EAAE,GAC9C,SAAS,CAAC,MAAM,CAAC,GACjB,KAAK,CAAC;AAEZ;;;;;;GAMG;AACH,MAAM,MAAM,yBAAyB,CACnC,uBAAuB,SAAS,iCAAiC,IAC/D,mBAAmB,CAAC,uBAAuB,CAAC,gBAAgB,CAAC,CAAC,CAAC;AAEnE;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,CAAC,gBAAgB,SAAS,oBAAoB,IAAI;IAC7E,MAAM,EAAE,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;IAC7C;;OAEG;IACH,OAAO,EAAE,YAAY,CAAC;IAEtB;;;OAGG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC,gBAAgB,CAAC,CAAC;CAC3C,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CACjC,gBAAgB,SAAS,oBAAoB,EAC7C,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,GAAG,gBAAgB,CAUhE;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CACxB,UAAU,EAAE,oBAAoB,EAChC,UAAU,EAAE,MAAM,GACjB,gBAAgB,GAAG,SAAS,CAE9B;AAED;;;GAGG;AACH,KAAK,mBAAmB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;AAE3E;;;;GAIG;AACH,KAAK,uBAAuB,GAAG,QAAQ,CAAC;IACtC,MAAM,EAAE,YAAY,CAAC;IACrB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC,CAAC;AAEH,MAAM,MAAM,0BAA0B,GAAG,IAAI,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAEvE;;;;GAIG;AACH,MAAM,MAAM,uBAAuB,CACjC,MAAM,SAAS,0BAA0B,GAAG,IAAI,IAC9C;IACF,MAAM,EAAE,UAAU,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,uBAAuB,CAAC;CAClC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,CAC9B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC;AAEtD;;;;;GAKG;AACH,MAAM,MAAM,qBAAqB,CAC/B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE/D;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,CAC1B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IAEjB,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,GACpC,qBAAqB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE1C,MAAM,MAAM,qBAAqB,CAC/B,oBAAoB,SAAS,gBAAgB,CAC3C,0BAA0B,EAC1B,IAAI,CACL,IACC,oBAAoB,SAAS,CAAC,IAAI,EAAE,MAAM,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,GAC1E,OAAO,SAAS,uBAAuB,CAAC,0BAA0B,CAAC,GACjE,oBAAoB,GACpB,KAAK,GACP,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,CAAC,UAAU,SAAS,IAAI,IAAI,CACrD,OAAO,EAAE,qBAAqB,KAC3B,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAEtC,MAAM,MAAM,iBAAiB,CAC3B,gBAAgB,SAAS,oBAAoB,EAC7C,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IACzC,CACF,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,EAC5C,WAAW,CAAC,EAAE,WAAW,KACtB,gBAAgB,CAAC;AAEtB,MAAM,MAAM,6BAA6B,GAAG,CAC1C,UAAU,EAAE,oBAAoB,EAChC,MAAM,CAAC,EAAE,YAAY,EACrB,MAAM,CAAC,EAAE,MAAM,KACZ,IAAI,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,gBAAgB,CAC1B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF,WAAW,EAAE,kBAAkB,CAAC;IAChC,SAAS,EAAE,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CACjD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAC3B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B,CAAC,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpE;;GAEG;AACH,MAAM,MAAM,oBAAoB,CAC9B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF;;OAEG;IACH,WAAW,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD;;OAEG;IACH,SAAS,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CAChD,CAAC;AAEF;;GAEG;AACH,oBAAY,cAAc;IACxB;;;OAGG;IACH,gBAAgB,qBAAqB;IAErC;;;OAGG;IACH,SAAS,cAAc;CACxB;AAED;;;;;;;;;GASG;AACH,KAAK,2BAA2B,CAAC,IAAI,SAAS,cAAc,IAAI;IAC9D;;OAEG;IACH,cAAc,EAAE,IAAI,CAAC;IAErB;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,cAAc,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IAEvD;;;;;;;;;OASG;IAGH,OAAO,CAAC,EAAE,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAE1D;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,6BAA6B,CAAC;IAE1C;;;;;OAKG;IACH,UAAU,CAAC,EAAE,oBAAoB,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAC;IAErE;;;;;OAKG;IACH,YAAY,CAAC,EAAE,SAAS,WAAW,EAAE,CAAC;CACvC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,uCAAuC,GACjD,2BAA2B,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;IAC7D;;;OAGG;IAGH,oBAAoB,EAAE,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;CACnD,CAAC;AAEJ;;;;;;GAMG;AACH,MAAM,MAAM,gCAAgC,GAC1C,2BAA2B,CAAC,cAAc,CAAC,SAAS,CAAC,GAAG;IACtD;;;;;OAKG;IACH,eAAe,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC;CACxC,CAAC;AAEJ;;;;;;;;;GASG;AACH,MAAM,MAAM,iCAAiC,GACzC,gCAAgC,GAChC,uCAAuC,CAAC;AAE5C;;GAEG;AACH,KAAK,qCAAqC,CACxC,YAAY,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5C,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC3C,cAAc,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAC5C;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IACxD,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,8BAA8B,CACxC,IAAI,SAAS,cAAc,EAC3B,OAAO,SAAS,qCAAqC,CACnD,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACxB,EACD,aAAa,SAAS,iCAAiC,GAAG;IACxD,cAAc,EAAE,IAAI,CAAC;CACtB,IACC,CAAC,OAAO,EAAE,OAAO,KAAK,aAAa,CAAC;AAExC;;;GAGG;AACH,MAAM,MAAM,8CAA8C,GAAG;IAC3D,UAAU,EAAE,MAAM,CAAC;IACnB,oBAAoB,EAAE,8BAA8B,CAClD,cAAc,EACd,qCAAqC,CACnC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACxB,EACD,iCAAiC,CAClC,CAAC;IACF,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACxC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACvC,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;CAC3C,CAAC;AAEF,KAAK,kCAAkC,CACrC,aAAa,SAAS,uCAAuC,IAE7D,aAAa,CAAC,sBAAsB,CAAC,SAAS,qBAAqB,CACjE,aAAa,CAAC,sBAAsB,CAAC,CACtC,GACG,aAAa,GACb,KAAK,CAAC;AAEZ;;;;;GAKG;AACH,MAAM,MAAM,4BAA4B,CACtC,aAAa,SAAS,iCAAiC,IACrD,aAAa,CAAC,YAAY,CAAC,SAAS,UAAU,GAC9C,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,SAAS,GAC9D,aAAa,GACb,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,gBAAgB,GACrE,kCAAkC,CAChC,OAAO,CAAC,aAAa,EAAE,uCAAuC,CAAC,CAChE,GACD,KAAK,GACT,KAAK,CAAC;AAEV;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,cAAc,EAE3B,aAAa,EAAE,aAAa,EAC5B,YAAY,EAAE,IAAI,GACjB,aAAa,IAAI,aAAa,GAAG;IAClC,cAAc,EAAE,IAAI,CAAC;CACtB,CAEA;AAED;;;;;GAKG;AACH,MAAM,MAAM,0BAA0B,CACpC,aAAa,SAAS,iCAAiC,IACrD;KACD,IAAI,IAAI,aAAa,CAAC,YAAY,CAAC,GAAG,aAAa,SAAS;QAC3D,UAAU,EAAE,IAAI,CAAC;KAClB,GACG,aAAa,GACb,KAAK;CACV,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,8BAA8B,CACxC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,aAAa,CAAC,YAAY,CAAC,IACtC,aAAa,SAAS;IACxB,UAAU,EAAE,IAAI,CAAC;CAClB,GACG,aAAa,GACb,KAAK,CAAC"}

package/dist/Permission.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"Permission.mjs","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,MAAM,EAAE,eAAe;AAkJhC;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAEjC,OAA4C;IAC5C,MAAM,EAAE,OAAO,GAAG,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAEpD,OAAO;QACL,EAAE,EAAE,MAAM,EAAE;QACZ,gBAAgB,EAAE,MAAM;QACxB,OAAO;QACP,OAAO;QACP,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE;KACP,CAAC;AACxB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU,CACxB,UAAgC,EAChC,UAAkB;IAElB,OAAO,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;AAC1E,CAAC;AAgKD;;GAEG;AACH,MAAM,CAAN,IAAY,cAYX;AAZD,WAAY,cAAc;IACxB;;;OAGG;IACH,uDAAqC,CAAA;IAErC;;;OAGG;IACH,yCAAuB,CAAA;AACzB,CAAC,EAZW,cAAc,KAAd,cAAc,QAYzB;AA0MD;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB,CAIlC,aAA4B,EAC5B,YAAkB;IAIlB,OAAO,aAAa,CAAC,cAAc,KAAK,YAAY,CAAC;AACvD,CAAC","sourcesContent":["import type {\n  ActionConstraint,\n  EventConstraint,\n} from '@metamask/base-controller';\nimport type { NonEmptyArray } from '@metamask/controller-utils';\nimport type { Json } from '@metamask/utils';\nimport { nanoid } from 'nanoid';\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nimport type { CaveatConstraint, Caveat } from './Caveat';\nimport type {\n  // eslint-disable-next-line @typescript-eslint/no-unused-vars\n  PermissionController,\n  PermissionsRequest,\n  SideEffectMessenger,\n} from './PermissionController';\nimport type { SubjectType } from './SubjectMetadataController';\n\n/**\n * The origin of a subject.\n * Effectively the GUID of an entity that can have permissions.\n */\nexport type OriginString = string;\n\n/**\n * The name of a permission target.\n */\ntype TargetName = string;\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n */\nexport type PermissionConstraint = {\n  /**\n   * The context(s) in which this capability is meaningful.\n   *\n   * It is required by the standard, but we make it optional since there is only\n   * one context in our usage (i.e. the user's MetaMask instance).\n   */\n  readonly '@context'?: NonEmptyArray<string>;\n\n  /**\n   * The caveats of the permission.\n   *\n   * @see {@link Caveat} For more information.\n   */\n  readonly caveats: null | NonEmptyArray<CaveatConstraint>;\n\n  /**\n   * The creation date of the permission, in UNIX epoch time.\n   */\n  readonly date: number;\n\n  /**\n   * The GUID of the permission object.\n   */\n  readonly id: string;\n\n  /**\n   * The origin string of the subject that has the permission.\n   */\n  readonly invoker: OriginString;\n\n  /**\n   * A pointer to the resource that possession of the capability grants\n   * access to, for example a JSON-RPC method or endowment.\n   */\n  readonly parentCapability: string;\n};\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n *\n * @template Name - The name of the permission that the target corresponds to.\n * @template AllowedCaveat - A union of the allowed {@link Caveat} types\n * for the permission.\n */\nexport type ValidPermission<\n  Name extends TargetName,\n  AllowedCaveat extends CaveatConstraint,\n> = PermissionConstraint & {\n  /**\n   * The caveats of the permission.\n   *\n   * @see {@link Caveat} For more information.\n   */\n  readonly caveats: AllowedCaveat extends never\n    ? null\n    : NonEmptyArray<AllowedCaveat> | null;\n\n  /**\n   * A pointer to the resource that possession of the capability grants\n   * access to, for example a JSON-RPC method or endowment.\n   */\n  readonly parentCapability: Name;\n};\n\n/**\n * Internal utility for extracting the members types of an array. The type\n * evalutes to `never` if the specified type is the empty tuple or neither\n * an array nor a tuple.\n *\n * @template ArrayType - The array type whose members to extract.\n */\ntype ExtractArrayMembers<ArrayType> = ArrayType extends []\n  ? never\n  : ArrayType extends unknown[] | readonly unknown[]\n  ? ArrayType[number]\n  : never;\n\n/**\n * A utility type for extracting the allowed caveat types for a particular\n * permission from a permission specification type.\n *\n * @template PermissionSpecification - The permission specification type to\n * extract valid caveat types from.\n */\nexport type ExtractAllowedCaveatTypes<\n  PermissionSpecification extends PermissionSpecificationConstraint,\n> = ExtractArrayMembers<PermissionSpecification['allowedCaveats']>;\n\n/**\n * The options object of {@link constructPermission}.\n *\n * @template TargetPermission - The {@link Permission} that will be constructed.\n */\nexport type PermissionOptions<TargetPermission extends PermissionConstraint> = {\n  target: TargetPermission['parentCapability'];\n  /**\n   * The origin string of the subject that has the permission.\n   */\n  invoker: OriginString;\n\n  /**\n   * The caveats of the permission.\n   * See {@link Caveat}.\n   */\n  caveats?: NonEmptyArray<CaveatConstraint>;\n};\n\n/**\n * The default permission factory function. Naively constructs a permission from\n * the inputs. Sets a default, random `id` if none is provided.\n *\n * @see {@link Permission} For more details.\n * @template TargetPermission- - The {@link Permission} that will be constructed.\n * @param options - The options for the permission.\n * @returns The new permission object.\n */\nexport function constructPermission<\n  TargetPermission extends PermissionConstraint,\n>(options: PermissionOptions<TargetPermission>): TargetPermission {\n  const { caveats = null, invoker, target } = options;\n\n  return {\n    id: nanoid(),\n    parentCapability: target,\n    invoker,\n    caveats,\n    date: new Date().getTime(),\n  } as TargetPermission;\n}\n\n/**\n * Gets the caveat of the specified type belonging to the specified permission.\n *\n * @param permission - The permission whose caveat to retrieve.\n * @param caveatType - The type of the caveat to retrieve.\n * @returns The caveat, or undefined if no such caveat exists.\n */\nexport function findCaveat(\n  permission: PermissionConstraint,\n  caveatType: string,\n): CaveatConstraint | undefined {\n  return permission.caveats?.find((caveat) => caveat.type === caveatType);\n}\n\n/**\n * A requested permission object. Just an object with any of the properties\n * of a {@link PermissionConstraint} object.\n */\ntype RequestedPermission = Partial<PermissionConstraint>;\n\n/**\n * A record of target names and their {@link RequestedPermission} objects.\n */\nexport type RequestedPermissions = Record<TargetName, RequestedPermission>;\n\n/**\n * The restricted method context object. Essentially a way to pass internal\n * arguments to restricted methods and caveat functions, most importantly the\n * requesting origin.\n */\ntype RestrictedMethodContext = Readonly<{\n  origin: OriginString;\n  [key: string]: unknown;\n}>;\n\nexport type RestrictedMethodParameters = Json[] | Record<string, Json>;\n\n/**\n * The arguments passed to a restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n */\nexport type RestrictedMethodOptions<\n  Params extends RestrictedMethodParameters | null,\n> = {\n  method: TargetName;\n  params?: Params;\n  context: RestrictedMethodContext;\n};\n\n/**\n * A synchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type SyncRestrictedMethod<\n  Params extends RestrictedMethodParameters,\n  Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Result;\n\n/**\n * An asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type AsyncRestrictedMethod<\n  Params extends RestrictedMethodParameters,\n  Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Promise<Result>;\n\n/**\n * A synchronous or asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type RestrictedMethod<\n  Params extends RestrictedMethodParameters,\n  Result extends Json,\n> =\n  | SyncRestrictedMethod<Params, Result>\n  | AsyncRestrictedMethod<Params, Result>;\n\nexport type ValidRestrictedMethod<\n  MethodImplementation extends RestrictedMethod<\n    RestrictedMethodParameters,\n    Json\n  >,\n> = MethodImplementation extends (args: infer Options) => Json | Promise<Json>\n  ? Options extends RestrictedMethodOptions<RestrictedMethodParameters>\n    ? MethodImplementation\n    : never\n  : never;\n\n/**\n * {@link EndowmentGetter} parameter object.\n */\nexport type EndowmentGetterParams = {\n  /**\n   * The origin of the requesting subject.\n   */\n  origin: string;\n\n  /**\n   * Any additional data associated with the request.\n   */\n  requestData?: unknown;\n\n  [key: string]: unknown;\n};\n\n/**\n * A synchronous or asynchronous function that gets the endowments for a\n * particular endowment permission. The getter receives the origin of the\n * requesting subject and, optionally, additional request metadata.\n */\nexport type EndowmentGetter<Endowments extends Json> = (\n  options: EndowmentGetterParams,\n) => Endowments | Promise<Endowments>;\n\nexport type PermissionFactory<\n  TargetPermission extends PermissionConstraint,\n  RequestData extends Record<string, unknown>,\n> = (\n  options: PermissionOptions<TargetPermission>,\n  requestData?: RequestData,\n) => TargetPermission;\n\nexport type PermissionValidatorConstraint = (\n  permission: PermissionConstraint,\n  origin?: OriginString,\n  target?: string,\n) => void;\n\n/**\n * The parameters passed to the side-effect function.\n */\nexport type SideEffectParams<\n  Actions extends ActionConstraint,\n  Events extends EventConstraint,\n> = {\n  requestData: PermissionsRequest;\n  messagingSystem: SideEffectMessenger<Actions, Events>;\n};\n\n/**\n * A function that will execute actions as a permission side-effect.\n */\nexport type SideEffectHandler<\n  Actions extends ActionConstraint,\n  Events extends EventConstraint,\n> = (params: SideEffectParams<Actions, Events>) => Promise<unknown>;\n\n/**\n * The permissions side effects.\n */\nexport type PermissionSideEffect<\n  Actions extends ActionConstraint,\n  Events extends EventConstraint,\n> = {\n  /**\n   * A method triggered when the permission is accepted by the user\n   */\n  onPermitted: SideEffectHandler<Actions, Events>;\n  /**\n   * A method triggered if a `onPermitted` method rejected.\n   */\n  onFailure?: SideEffectHandler<Actions, Events>;\n};\n\n/**\n * The different possible types of permissions.\n */\nexport enum PermissionType {\n  /**\n   * A restricted JSON-RPC method. A subject must have the requisite permission\n   * to call a restricted JSON-RPC method.\n   */\n  RestrictedMethod = 'RestrictedMethod',\n\n  /**\n   * An \"endowment\" granted to subjects that possess the requisite permission,\n   * such as a global environment variable exposing a restricted API, etc.\n   */\n  Endowment = 'Endowment',\n}\n\n/**\n * The base constraint for permission specification objects. Every\n * {@link Permission} supported by a {@link PermissionController} must have an\n * associated specification, which is the source of truth for all permission-\n * related types. A permission specification includes the list of permitted\n * caveats, and any factory and validation functions specified by the consumer.\n * A concrete permission specification may specify further fields as necessary.\n *\n * See the README for more details.\n */\ntype PermissionSpecificationBase<Type extends PermissionType> = {\n  /**\n   * The type of the specified permission.\n   */\n  permissionType: Type;\n\n  /**\n   * The name of the target resource of the permission.\n   */\n  targetName: string;\n\n  /**\n   * An array of the caveat types that may be added to instances of this\n   * permission.\n   */\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n\n  /**\n   * The factory function used to get permission objects. Permissions returned\n   * by this function are presumed to valid, and they will not be passed to the\n   * validator function associated with this specification (if any). In other\n   * words, the factory function should validate the permissions it creates.\n   *\n   * If no factory is specified, the {@link Permission} constructor will be\n   * used, and the validator function (if specified) will be called on newly\n   * constructed permissions.\n   */\n  // TODO: Replace `any` with type\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  factory?: PermissionFactory<any, Record<string, unknown>>;\n\n  /**\n   * The validator function used to validate permissions of the associated type\n   * whenever they are granted or their caveat arrays are mutated.\n   *\n   * Permission validators are **not** invoked when a caveat is mutated, provided\n   * the caveat array has not changed. For this reason, permission validators\n   * **must not** be used to validate caveats. To validate caveats, use the\n   * corresponding caveat specification property.\n   *\n   * The validator should throw an appropriate JSON-RPC error if validation fails.\n   */\n  validator?: PermissionValidatorConstraint;\n\n  /**\n   * The side-effect triggered by the {@link PermissionController} once the user approved it.\n   * The side-effect can only be an action allowed to be called inside the {@link PermissionController}.\n   *\n   * If the side-effect action fails, the permission that triggered it is revoked.\n   */\n  sideEffect?: PermissionSideEffect<ActionConstraint, EventConstraint>;\n\n  /**\n   * The Permission may be available to only a subset of the subject types. If so, specify the subject types as an array.\n   * If a subject with a type not in this array tries to request the permission, the call will fail.\n   *\n   * Leaving this as undefined uses default behaviour where the permission is available to request for all subject types.\n   */\n  subjectTypes?: readonly SubjectType[];\n};\n\n/**\n * The constraint for restricted method permission specification objects.\n * Permissions that correspond to JSON-RPC methods are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type RestrictedMethodSpecificationConstraint =\n  PermissionSpecificationBase<PermissionType.RestrictedMethod> & {\n    /**\n     * The implementation of the restricted method that the permission\n     * corresponds to.\n     */\n    // TODO: Replace `any` with type\n    // eslint-disable-next-line @typescript-eslint/no-explicit-any\n    methodImplementation: RestrictedMethod<any, Json>;\n  };\n\n/**\n * The constraint for endowment permission specification objects. Permissions\n * that endow callers with some restricted resource are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type EndowmentSpecificationConstraint =\n  PermissionSpecificationBase<PermissionType.Endowment> & {\n    /**\n     * The {@link EndowmentGetter} function for the permission. This function\n     * will be called by the {@link PermissionController} whenever the\n     * permission is invoked, after which the host can apply the endowments to\n     * the requesting subject in the intended manner.\n     */\n    endowmentGetter: EndowmentGetter<Json>;\n  };\n\n/**\n * The constraint for permission specification objects. Every {@link Permission}\n * supported by a {@link PermissionController} must have an associated\n * specification, which is the source of truth for all permission-related types.\n * All specifications must adhere to the {@link PermissionSpecificationBase}\n * interface, but specifications may have different fields depending on the\n * {@link PermissionType}.\n *\n * See the README for more details.\n */\nexport type PermissionSpecificationConstraint =\n  | EndowmentSpecificationConstraint\n  | RestrictedMethodSpecificationConstraint;\n\n/**\n * Options for {@link PermissionSpecificationBuilder} functions.\n */\ntype PermissionSpecificationBuilderOptions<\n  FactoryHooks extends Record<string, unknown>,\n  MethodHooks extends Record<string, unknown>,\n  ValidatorHooks extends Record<string, unknown>,\n> = {\n  targetName?: string;\n  allowedCaveats?: Readonly<NonEmptyArray<string>> | null;\n  factoryHooks?: FactoryHooks;\n  methodHooks?: MethodHooks;\n  validatorHooks?: ValidatorHooks;\n};\n\n/**\n * A function that builds a permission specification. Modules that specify\n * permissions for external consumption should make this their primary /\n * default export so that host applications can use them to generate concrete\n * specifications tailored to their requirements.\n */\nexport type PermissionSpecificationBuilder<\n  Type extends PermissionType,\n  Options extends PermissionSpecificationBuilderOptions<\n    Record<string, unknown>,\n    Record<string, unknown>,\n    Record<string, unknown>\n  >,\n  Specification extends PermissionSpecificationConstraint & {\n    permissionType: Type;\n  },\n> = (options: Options) => Specification;\n\n/**\n * A restricted method permission export object, containing the\n * {@link PermissionSpecificationBuilder} function and \"hook name\" objects.\n */\nexport type PermissionSpecificationBuilderExportConstraint = {\n  targetName: string;\n  specificationBuilder: PermissionSpecificationBuilder<\n    PermissionType,\n    PermissionSpecificationBuilderOptions<\n      Record<string, unknown>,\n      Record<string, unknown>,\n      Record<string, unknown>\n    >,\n    PermissionSpecificationConstraint\n  >;\n  factoryHookNames?: Record<string, true>;\n  methodHookNames?: Record<string, true>;\n  validatorHookNames?: Record<string, true>;\n};\n\ntype ValidRestrictedMethodSpecification<\n  Specification extends RestrictedMethodSpecificationConstraint,\n> = Specification['methodImplementation'] extends ValidRestrictedMethod<\n  Specification['methodImplementation']\n>\n  ? Specification\n  : never;\n\n/**\n * Constraint for {@link PermissionSpecificationConstraint} objects that\n * evaluates to `never` if the specification contains any invalid fields.\n *\n * @template Specification - The permission specification to validate.\n */\nexport type ValidPermissionSpecification<\n  Specification extends PermissionSpecificationConstraint,\n> = Specification['targetName'] extends TargetName\n  ? Specification['permissionType'] extends PermissionType.Endowment\n    ? Specification\n    : Specification['permissionType'] extends PermissionType.RestrictedMethod\n    ? ValidRestrictedMethodSpecification<\n        Extract<Specification, RestrictedMethodSpecificationConstraint>\n      >\n    : never\n  : never;\n\n/**\n * Checks that the specification has the expected permission type.\n *\n * @param specification - The specification to check.\n * @param expectedType - The expected permission type.\n * @template Specification - The specification to check.\n * @template Type - The expected permission type.\n * @returns Whether or not the specification is of the expected type.\n */\nexport function hasSpecificationType<\n  Specification extends PermissionSpecificationConstraint,\n  Type extends PermissionType,\n>(\n  specification: Specification,\n  expectedType: Type,\n): specification is Specification & {\n  permissionType: Type;\n} {\n  return specification.permissionType === expectedType;\n}\n\n/**\n * The specifications for all permissions supported by a particular\n * {@link PermissionController}.\n *\n * @template Specifications - The union of all {@link PermissionSpecificationConstraint} types.\n */\nexport type PermissionSpecificationMap<\n  Specification extends PermissionSpecificationConstraint,\n> = {\n  [Name in Specification['targetName']]: Specification extends {\n    targetName: Name;\n  }\n    ? Specification\n    : never;\n};\n\n/**\n * Extracts a specific {@link PermissionSpecificationConstraint} from a union of\n * permission specifications.\n *\n * @template Specification - The specification union type to extract from.\n * @template Name - The `targetName` of the specification to extract.\n */\nexport type ExtractPermissionSpecification<\n  Specification extends PermissionSpecificationConstraint,\n  Name extends Specification['targetName'],\n> = Specification extends {\n  targetName: Name;\n}\n  ? Specification\n  : never;\n"]}
+{"version":3,"file":"Permission.mjs","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,MAAM,EAAE,eAAe;AAkJhC;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAEjC,OAA4C;IAC5C,MAAM,EAAE,OAAO,GAAG,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAEpD,OAAO;QACL,EAAE,EAAE,MAAM,EAAE;QACZ,gBAAgB,EAAE,MAAM;QACxB,OAAO;QACP,OAAO;QACP,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE;KACP,CAAC;AACxB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU,CACxB,UAAgC,EAChC,UAAkB;IAElB,OAAO,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;AAC1E,CAAC;AAgKD;;GAEG;AACH,MAAM,CAAN,IAAY,cAYX;AAZD,WAAY,cAAc;IACxB;;;OAGG;IACH,uDAAqC,CAAA;IAErC;;;OAGG;IACH,yCAAuB,CAAA;AACzB,CAAC,EAZW,cAAc,KAAd,cAAc,QAYzB;AA2MD;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB,CAIlC,aAA4B,EAC5B,YAAkB;IAIlB,OAAO,aAAa,CAAC,cAAc,KAAK,YAAY,CAAC;AACvD,CAAC","sourcesContent":["import type { NonEmptyArray } from '@metamask/controller-utils';\nimport type { ActionConstraint, EventConstraint } from '@metamask/messenger';\nimport type { Json } from '@metamask/utils';\nimport { nanoid } from 'nanoid';\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nimport type { CaveatConstraint, Caveat } from './Caveat';\nimport type {\n  // eslint-disable-next-line @typescript-eslint/no-unused-vars\n  PermissionController,\n  PermissionsRequest,\n  SideEffectMessenger,\n} from './PermissionController';\nimport type { SubjectType } from './SubjectMetadataController';\n\n/**\n * The origin of a subject.\n * Effectively the GUID of an entity that can have permissions.\n */\nexport type OriginString = string;\n\n/**\n * The name of a permission target.\n */\ntype TargetName = string;\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n */\nexport type PermissionConstraint = {\n  /**\n   * The context(s) in which this capability is meaningful.\n   *\n   * It is required by the standard, but we make it optional since there is only\n   * one context in our usage (i.e. the user's MetaMask instance).\n   */\n  readonly '@context'?: NonEmptyArray<string>;\n\n  /**\n   * The caveats of the permission.\n   *\n   * @see {@link Caveat} For more information.\n   */\n  readonly caveats: null | NonEmptyArray<CaveatConstraint>;\n\n  /**\n   * The creation date of the permission, in UNIX epoch time.\n   */\n  readonly date: number;\n\n  /**\n   * The GUID of the permission object.\n   */\n  readonly id: string;\n\n  /**\n   * The origin string of the subject that has the permission.\n   */\n  readonly invoker: OriginString;\n\n  /**\n   * A pointer to the resource that possession of the capability grants\n   * access to, for example a JSON-RPC method or endowment.\n   */\n  readonly parentCapability: string;\n};\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n *\n * @template Name - The name of the permission that the target corresponds to.\n * @template AllowedCaveat - A union of the allowed {@link Caveat} types\n * for the permission.\n */\nexport type ValidPermission<\n  Name extends TargetName,\n  AllowedCaveat extends CaveatConstraint,\n> = PermissionConstraint & {\n  /**\n   * The caveats of the permission.\n   *\n   * @see {@link Caveat} For more information.\n   */\n  readonly caveats: AllowedCaveat extends never\n    ? null\n    : NonEmptyArray<AllowedCaveat> | null;\n\n  /**\n   * A pointer to the resource that possession of the capability grants\n   * access to, for example a JSON-RPC method or endowment.\n   */\n  readonly parentCapability: Name;\n};\n\n/**\n * Internal utility for extracting the members types of an array. The type\n * evalutes to `never` if the specified type is the empty tuple or neither\n * an array nor a tuple.\n *\n * @template ArrayType - The array type whose members to extract.\n */\ntype ExtractArrayMembers<ArrayType> = ArrayType extends []\n  ? never\n  : ArrayType extends unknown[] | readonly unknown[]\n    ? ArrayType[number]\n    : never;\n\n/**\n * A utility type for extracting the allowed caveat types for a particular\n * permission from a permission specification type.\n *\n * @template PermissionSpecification - The permission specification type to\n * extract valid caveat types from.\n */\nexport type ExtractAllowedCaveatTypes<\n  PermissionSpecification extends PermissionSpecificationConstraint,\n> = ExtractArrayMembers<PermissionSpecification['allowedCaveats']>;\n\n/**\n * The options object of {@link constructPermission}.\n *\n * @template TargetPermission - The {@link Permission} that will be constructed.\n */\nexport type PermissionOptions<TargetPermission extends PermissionConstraint> = {\n  target: TargetPermission['parentCapability'];\n  /**\n   * The origin string of the subject that has the permission.\n   */\n  invoker: OriginString;\n\n  /**\n   * The caveats of the permission.\n   * See {@link Caveat}.\n   */\n  caveats?: NonEmptyArray<CaveatConstraint>;\n};\n\n/**\n * The default permission factory function. Naively constructs a permission from\n * the inputs. Sets a default, random `id` if none is provided.\n *\n * @see {@link Permission} For more details.\n * @template TargetPermission- - The {@link Permission} that will be constructed.\n * @param options - The options for the permission.\n * @returns The new permission object.\n */\nexport function constructPermission<\n  TargetPermission extends PermissionConstraint,\n>(options: PermissionOptions<TargetPermission>): TargetPermission {\n  const { caveats = null, invoker, target } = options;\n\n  return {\n    id: nanoid(),\n    parentCapability: target,\n    invoker,\n    caveats,\n    date: new Date().getTime(),\n  } as TargetPermission;\n}\n\n/**\n * Gets the caveat of the specified type belonging to the specified permission.\n *\n * @param permission - The permission whose caveat to retrieve.\n * @param caveatType - The type of the caveat to retrieve.\n * @returns The caveat, or undefined if no such caveat exists.\n */\nexport function findCaveat(\n  permission: PermissionConstraint,\n  caveatType: string,\n): CaveatConstraint | undefined {\n  return permission.caveats?.find((caveat) => caveat.type === caveatType);\n}\n\n/**\n * A requested permission object. Just an object with any of the properties\n * of a {@link PermissionConstraint} object.\n */\ntype RequestedPermission = Partial<PermissionConstraint>;\n\n/**\n * A record of target names and their {@link RequestedPermission} objects.\n */\nexport type RequestedPermissions = Record<TargetName, RequestedPermission>;\n\n/**\n * The restricted method context object. Essentially a way to pass internal\n * arguments to restricted methods and caveat functions, most importantly the\n * requesting origin.\n */\ntype RestrictedMethodContext = Readonly<{\n  origin: OriginString;\n  [key: string]: unknown;\n}>;\n\nexport type RestrictedMethodParameters = Json[] | Record<string, Json>;\n\n/**\n * The arguments passed to a restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n */\nexport type RestrictedMethodOptions<\n  Params extends RestrictedMethodParameters | null,\n> = {\n  method: TargetName;\n  params?: Params;\n  context: RestrictedMethodContext;\n};\n\n/**\n * A synchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type SyncRestrictedMethod<\n  Params extends RestrictedMethodParameters,\n  Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Result;\n\n/**\n * An asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type AsyncRestrictedMethod<\n  Params extends RestrictedMethodParameters,\n  Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Promise<Result>;\n\n/**\n * A synchronous or asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type RestrictedMethod<\n  Params extends RestrictedMethodParameters,\n  Result extends Json,\n> =\n  | SyncRestrictedMethod<Params, Result>\n  | AsyncRestrictedMethod<Params, Result>;\n\nexport type ValidRestrictedMethod<\n  MethodImplementation extends RestrictedMethod<\n    RestrictedMethodParameters,\n    Json\n  >,\n> = MethodImplementation extends (args: infer Options) => Json | Promise<Json>\n  ? Options extends RestrictedMethodOptions<RestrictedMethodParameters>\n    ? MethodImplementation\n    : never\n  : never;\n\n/**\n * {@link EndowmentGetter} parameter object.\n */\nexport type EndowmentGetterParams = {\n  /**\n   * The origin of the requesting subject.\n   */\n  origin: string;\n\n  /**\n   * Any additional data associated with the request.\n   */\n  requestData?: unknown;\n\n  [key: string]: unknown;\n};\n\n/**\n * A synchronous or asynchronous function that gets the endowments for a\n * particular endowment permission. The getter receives the origin of the\n * requesting subject and, optionally, additional request metadata.\n */\nexport type EndowmentGetter<Endowments extends Json> = (\n  options: EndowmentGetterParams,\n) => Endowments | Promise<Endowments>;\n\nexport type PermissionFactory<\n  TargetPermission extends PermissionConstraint,\n  RequestData extends Record<string, unknown>,\n> = (\n  options: PermissionOptions<TargetPermission>,\n  requestData?: RequestData,\n) => TargetPermission;\n\nexport type PermissionValidatorConstraint = (\n  permission: PermissionConstraint,\n  origin?: OriginString,\n  target?: string,\n) => void;\n\n/**\n * The parameters passed to the side-effect function.\n */\nexport type SideEffectParams<\n  Actions extends ActionConstraint,\n  Events extends EventConstraint,\n> = {\n  requestData: PermissionsRequest;\n  messenger: SideEffectMessenger<Actions, Events>;\n};\n\n/**\n * A function that will execute actions as a permission side-effect.\n */\nexport type SideEffectHandler<\n  Actions extends ActionConstraint,\n  Events extends EventConstraint,\n> = (params: SideEffectParams<Actions, Events>) => Promise<unknown>;\n\n/**\n * The permissions side effects.\n */\nexport type PermissionSideEffect<\n  Actions extends ActionConstraint,\n  Events extends EventConstraint,\n> = {\n  /**\n   * A method triggered when the permission is accepted by the user\n   */\n  onPermitted: SideEffectHandler<Actions, Events>;\n  /**\n   * A method triggered if a `onPermitted` method rejected.\n   */\n  onFailure?: SideEffectHandler<Actions, Events>;\n};\n\n/**\n * The different possible types of permissions.\n */\nexport enum PermissionType {\n  /**\n   * A restricted JSON-RPC method. A subject must have the requisite permission\n   * to call a restricted JSON-RPC method.\n   */\n  RestrictedMethod = 'RestrictedMethod',\n\n  /**\n   * An \"endowment\" granted to subjects that possess the requisite permission,\n   * such as a global environment variable exposing a restricted API, etc.\n   */\n  Endowment = 'Endowment',\n}\n\n/**\n * The base constraint for permission specification objects. Every\n * {@link Permission} supported by a {@link PermissionController} must have an\n * associated specification, which is the source of truth for all permission-\n * related types. A permission specification includes the list of permitted\n * caveats, and any factory and validation functions specified by the consumer.\n * A concrete permission specification may specify further fields as necessary.\n *\n * See the README for more details.\n */\ntype PermissionSpecificationBase<Type extends PermissionType> = {\n  /**\n   * The type of the specified permission.\n   */\n  permissionType: Type;\n\n  /**\n   * The name of the target resource of the permission.\n   */\n  targetName: string;\n\n  /**\n   * An array of the caveat types that may be added to instances of this\n   * permission.\n   */\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n\n  /**\n   * The factory function used to get permission objects. Permissions returned\n   * by this function are presumed to valid, and they will not be passed to the\n   * validator function associated with this specification (if any). In other\n   * words, the factory function should validate the permissions it creates.\n   *\n   * If no factory is specified, the {@link Permission} constructor will be\n   * used, and the validator function (if specified) will be called on newly\n   * constructed permissions.\n   */\n  // TODO: Replace `any` with type\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  factory?: PermissionFactory<any, Record<string, unknown>>;\n\n  /**\n   * The validator function used to validate permissions of the associated type\n   * whenever they are granted or their caveat arrays are mutated.\n   *\n   * Permission validators are **not** invoked when a caveat is mutated, provided\n   * the caveat array has not changed. For this reason, permission validators\n   * **must not** be used to validate caveats. To validate caveats, use the\n   * corresponding caveat specification property.\n   *\n   * The validator should throw an appropriate JSON-RPC error if validation fails.\n   */\n  validator?: PermissionValidatorConstraint;\n\n  /**\n   * The side-effect triggered by the {@link PermissionController} once the user approved it.\n   * The side-effect can only be an action allowed to be called inside the {@link PermissionController}.\n   *\n   * If the side-effect action fails, the permission that triggered it is revoked.\n   */\n  sideEffect?: PermissionSideEffect<ActionConstraint, EventConstraint>;\n\n  /**\n   * The Permission may be available to only a subset of the subject types. If so, specify the subject types as an array.\n   * If a subject with a type not in this array tries to request the permission, the call will fail.\n   *\n   * Leaving this as undefined uses default behaviour where the permission is available to request for all subject types.\n   */\n  subjectTypes?: readonly SubjectType[];\n};\n\n/**\n * The constraint for restricted method permission specification objects.\n * Permissions that correspond to JSON-RPC methods are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type RestrictedMethodSpecificationConstraint =\n  PermissionSpecificationBase<PermissionType.RestrictedMethod> & {\n    /**\n     * The implementation of the restricted method that the permission\n     * corresponds to.\n     */\n    // TODO: Replace `any` with type\n    // eslint-disable-next-line @typescript-eslint/no-explicit-any\n    methodImplementation: RestrictedMethod<any, Json>;\n  };\n\n/**\n * The constraint for endowment permission specification objects. Permissions\n * that endow callers with some restricted resource are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type EndowmentSpecificationConstraint =\n  PermissionSpecificationBase<PermissionType.Endowment> & {\n    /**\n     * The {@link EndowmentGetter} function for the permission. This function\n     * will be called by the {@link PermissionController} whenever the\n     * permission is invoked, after which the host can apply the endowments to\n     * the requesting subject in the intended manner.\n     */\n    endowmentGetter: EndowmentGetter<Json>;\n  };\n\n/**\n * The constraint for permission specification objects. Every {@link Permission}\n * supported by a {@link PermissionController} must have an associated\n * specification, which is the source of truth for all permission-related types.\n * All specifications must adhere to the {@link PermissionSpecificationBase}\n * interface, but specifications may have different fields depending on the\n * {@link PermissionType}.\n *\n * See the README for more details.\n */\nexport type PermissionSpecificationConstraint =\n  | EndowmentSpecificationConstraint\n  | RestrictedMethodSpecificationConstraint;\n\n/**\n * Options for {@link PermissionSpecificationBuilder} functions.\n */\ntype PermissionSpecificationBuilderOptions<\n  FactoryHooks extends Record<string, unknown>,\n  MethodHooks extends Record<string, unknown>,\n  ValidatorHooks extends Record<string, unknown>,\n> = {\n  targetName?: string;\n  allowedCaveats?: Readonly<NonEmptyArray<string>> | null;\n  factoryHooks?: FactoryHooks;\n  methodHooks?: MethodHooks;\n  validatorHooks?: ValidatorHooks;\n};\n\n/**\n * A function that builds a permission specification. Modules that specify\n * permissions for external consumption should make this their primary /\n * default export so that host applications can use them to generate concrete\n * specifications tailored to their requirements.\n */\nexport type PermissionSpecificationBuilder<\n  Type extends PermissionType,\n  Options extends PermissionSpecificationBuilderOptions<\n    Record<string, unknown>,\n    Record<string, unknown>,\n    Record<string, unknown>\n  >,\n  Specification extends PermissionSpecificationConstraint & {\n    permissionType: Type;\n  },\n> = (options: Options) => Specification;\n\n/**\n * A restricted method permission export object, containing the\n * {@link PermissionSpecificationBuilder} function and \"hook name\" objects.\n */\nexport type PermissionSpecificationBuilderExportConstraint = {\n  targetName: string;\n  specificationBuilder: PermissionSpecificationBuilder<\n    PermissionType,\n    PermissionSpecificationBuilderOptions<\n      Record<string, unknown>,\n      Record<string, unknown>,\n      Record<string, unknown>\n    >,\n    PermissionSpecificationConstraint\n  >;\n  factoryHookNames?: Record<string, true>;\n  methodHookNames?: Record<string, true>;\n  validatorHookNames?: Record<string, true>;\n};\n\ntype ValidRestrictedMethodSpecification<\n  Specification extends RestrictedMethodSpecificationConstraint,\n> =\n  Specification['methodImplementation'] extends ValidRestrictedMethod<\n    Specification['methodImplementation']\n  >\n    ? Specification\n    : never;\n\n/**\n * Constraint for {@link PermissionSpecificationConstraint} objects that\n * evaluates to `never` if the specification contains any invalid fields.\n *\n * @template Specification - The permission specification to validate.\n */\nexport type ValidPermissionSpecification<\n  Specification extends PermissionSpecificationConstraint,\n> = Specification['targetName'] extends TargetName\n  ? Specification['permissionType'] extends PermissionType.Endowment\n    ? Specification\n    : Specification['permissionType'] extends PermissionType.RestrictedMethod\n      ? ValidRestrictedMethodSpecification<\n          Extract<Specification, RestrictedMethodSpecificationConstraint>\n        >\n      : never\n  : never;\n\n/**\n * Checks that the specification has the expected permission type.\n *\n * @param specification - The specification to check.\n * @param expectedType - The expected permission type.\n * @template Specification - The specification to check.\n * @template Type - The expected permission type.\n * @returns Whether or not the specification is of the expected type.\n */\nexport function hasSpecificationType<\n  Specification extends PermissionSpecificationConstraint,\n  Type extends PermissionType,\n>(\n  specification: Specification,\n  expectedType: Type,\n): specification is Specification & {\n  permissionType: Type;\n} {\n  return specification.permissionType === expectedType;\n}\n\n/**\n * The specifications for all permissions supported by a particular\n * {@link PermissionController}.\n *\n * @template Specifications - The union of all {@link PermissionSpecificationConstraint} types.\n */\nexport type PermissionSpecificationMap<\n  Specification extends PermissionSpecificationConstraint,\n> = {\n  [Name in Specification['targetName']]: Specification extends {\n    targetName: Name;\n  }\n    ? Specification\n    : never;\n};\n\n/**\n * Extracts a specific {@link PermissionSpecificationConstraint} from a union of\n * permission specifications.\n *\n * @template Specification - The specification union type to extract from.\n * @template Name - The `targetName` of the specification to extract.\n */\nexport type ExtractPermissionSpecification<\n  Specification extends PermissionSpecificationConstraint,\n  Name extends Specification['targetName'],\n> = Specification extends {\n  targetName: Name;\n}\n  ? Specification\n  : never;\n"]}

package/dist/PermissionController.cjs

@@ -36,7 +36,7 @@ function getStateMetadata() {
     return {
         subjects: {
             includeInStateLogs: true,
-            anonymous: true,
+            includeInDebugSnapshot: true,
             persist: true,
             usedInUi: true,
         },
@@ -182,24 +182,23 @@ class PermissionController extends base_controller_1.BaseController {
         });
     }
     /**
-     * Constructor helper for registering the controller's messaging system
-     * actions.
+     * Constructor helper for registering the controller's messenger actions.
      */
     registerMessageHandlers() {
-        this.messagingSystem.registerActionHandler(`${controllerName}:clearPermissions`, () => this.clearState());
-        this.messagingSystem.registerActionHandler(`${controllerName}:getEndowments`, (origin, targetName, requestData) => this.getEndowments(origin, targetName, requestData));
-        this.messagingSystem.registerActionHandler(`${controllerName}:getSubjectNames`, () => this.getSubjectNames());
-        this.messagingSystem.registerActionHandler(`${controllerName}:getPermissions`, (origin) => this.getPermissions(origin));
-        this.messagingSystem.registerActionHandler(`${controllerName}:hasPermission`, (origin, targetName) => this.hasPermission(origin, targetName));
-        this.messagingSystem.registerActionHandler(`${controllerName}:hasPermissions`, (origin) => this.hasPermissions(origin));
-        this.messagingSystem.registerActionHandler(`${controllerName}:grantPermissions`, this.grantPermissions.bind(this));
-        this.messagingSystem.registerActionHandler(`${controllerName}:grantPermissionsIncremental`, this.grantPermissionsIncremental.bind(this));
-        this.messagingSystem.registerActionHandler(`${controllerName}:requestPermissions`, (subject, permissions) => this.requestPermissions(subject, permissions));
-        this.messagingSystem.registerActionHandler(`${controllerName}:requestPermissionsIncremental`, (subject, permissions) => this.requestPermissionsIncremental(subject, permissions));
-        this.messagingSystem.registerActionHandler(`${controllerName}:revokeAllPermissions`, (origin) => this.revokeAllPermissions(origin));
-        this.messagingSystem.registerActionHandler(`${controllerName}:revokePermissionForAllSubjects`, (target) => this.revokePermissionForAllSubjects(target));
-        this.messagingSystem.registerActionHandler(`${controllerName}:revokePermissions`, this.revokePermissions.bind(this));
-        this.messagingSystem.registerActionHandler(`${controllerName}:updateCaveat`, (origin, target, caveatType, caveatValue) => {
+        this.messenger.registerActionHandler(`${controllerName}:clearPermissions`, () => this.clearState());
+        this.messenger.registerActionHandler(`${controllerName}:getEndowments`, (origin, targetName, requestData) => this.getEndowments(origin, targetName, requestData));
+        this.messenger.registerActionHandler(`${controllerName}:getSubjectNames`, () => this.getSubjectNames());
+        this.messenger.registerActionHandler(`${controllerName}:getPermissions`, (origin) => this.getPermissions(origin));
+        this.messenger.registerActionHandler(`${controllerName}:hasPermission`, (origin, targetName) => this.hasPermission(origin, targetName));
+        this.messenger.registerActionHandler(`${controllerName}:hasPermissions`, (origin) => this.hasPermissions(origin));
+        this.messenger.registerActionHandler(`${controllerName}:grantPermissions`, this.grantPermissions.bind(this));
+        this.messenger.registerActionHandler(`${controllerName}:grantPermissionsIncremental`, this.grantPermissionsIncremental.bind(this));
+        this.messenger.registerActionHandler(`${controllerName}:requestPermissions`, (subject, permissions) => this.requestPermissions(subject, permissions));
+        this.messenger.registerActionHandler(`${controllerName}:requestPermissionsIncremental`, (subject, permissions) => this.requestPermissionsIncremental(subject, permissions));
+        this.messenger.registerActionHandler(`${controllerName}:revokeAllPermissions`, (origin) => this.revokeAllPermissions(origin));
+        this.messenger.registerActionHandler(`${controllerName}:revokePermissionForAllSubjects`, (target) => this.revokePermissionForAllSubjects(target));
+        this.messenger.registerActionHandler(`${controllerName}:revokePermissions`, this.revokePermissions.bind(this));
+        this.messenger.registerActionHandler(`${controllerName}:updateCaveat`, (origin, target, caveatType, caveatValue) => {
             this.updateCaveat(origin, target, caveatType, caveatValue);
         });
     }
@@ -786,7 +785,7 @@ class PermissionController extends base_controller_1.BaseController {
         const { allowedCaveats, validator, targetName } = specification;
         if (specification.subjectTypes?.length &&
             specification.subjectTypes.length > 0) {
-            const metadata = this.messagingSystem.call('SubjectMetadataController:getSubjectMetadata', origin);
+            const metadata = this.messenger.call('SubjectMetadataController:getSubjectMetadata', origin);
             if (!metadata ||
                 metadata.subjectType === null ||
                 !specification.subjectTypes.includes(metadata.subjectType)) {
@@ -1074,7 +1073,7 @@ class PermissionController extends base_controller_1.BaseController {
      */
     async requestUserApproval(permissionsRequest) {
         const { origin, id } = permissionsRequest.metadata;
-        const approvedRequest = await this.messagingSystem.call('ApprovalController:addRequest', {
+        const approvedRequest = await this.messenger.call('ApprovalController:addRequest', {
             id,
             origin,
             requestData: permissionsRequest,
@@ -1107,7 +1106,7 @@ class PermissionController extends base_controller_1.BaseController {
     }
     /**
      * Executes the side-effects of the approved permissions while handling the errors if any.
-     * It will pass an instance of the {@link messagingSystem} and the request data associated with the permission request to the handlers through its params.
+     * It will pass an instance of the {@link messenger} and the request data associated with the permission request to the handlers through its params.
      *
      * @param sideEffects - the side-effect record created by {@link getSideEffects}
      * @param requestData - the permissions requestData.
@@ -1117,7 +1116,7 @@ class PermissionController extends base_controller_1.BaseController {
         const { permittedHandlers, failureHandlers } = sideEffects;
         const params = {
             requestData,
-            messagingSystem: this.messagingSystem,
+            messenger: this.messenger,
         };
         const promiseResults = await Promise.allSettled(Object.values(permittedHandlers).map((permittedHandler) => permittedHandler(params)));
         // lib.es2020.promise.d.ts does not export its types so we're using a simple type.
@@ -1200,7 +1199,7 @@ class PermissionController extends base_controller_1.BaseController {
             return;
         }
         try {
-            await this.messagingSystem.call('ApprovalController:acceptRequest', id, request);
+            await this.messenger.call('ApprovalController:acceptRequest', id, request);
         }
         catch (error) {
             // If accepting unexpectedly fails, reject the request and re-throw the
@@ -1232,7 +1231,7 @@ class PermissionController extends base_controller_1.BaseController {
      * @returns Whether the specified request exists.
      */
     hasApprovalRequest(options) {
-        return this.messagingSystem.call('ApprovalController:hasRequest', options);
+        return this.messenger.call('ApprovalController:hasRequest', options);
     }
     /**
      * Rejects the permissions request with the specified id, with the specified
@@ -1246,7 +1245,7 @@ class PermissionController extends base_controller_1.BaseController {
      * @returns Nothing
      */
     _rejectPermissionsRequest(id, error) {
-        return this.messagingSystem.call('ApprovalController:rejectRequest', id, error);
+        return this.messenger.call('ApprovalController:rejectRequest', id, error);
     }
     /**
      * Gets the subject's endowments per the specified endowment permission.