@metamask/permission-controller 9.0.0 → 9.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/CHANGELOG.md +15 -1
  2. package/dist/PermissionController.js +2 -2
  3. package/dist/PermissionController.mjs +1 -1
  4. package/dist/{chunk-5L2IOZE2.js → chunk-Q4TESWPE.js} +1 -1
  5. package/dist/chunk-Q4TESWPE.js.map +1 -0
  6. package/dist/{chunk-CXKOMB77.mjs → chunk-VFQJB7BG.mjs} +1 -1
  7. package/dist/chunk-VFQJB7BG.mjs.map +1 -0
  8. package/dist/index.js +2 -2
  9. package/dist/index.mjs +1 -1
  10. package/dist/tsconfig.build.tsbuildinfo +1 -1
  11. package/dist/types/PermissionController.d.ts +1 -1
  12. package/dist/types/PermissionController.d.ts.map +1 -1
  13. package/package.json +6 -6
  14. package/dist/chunk-5L2IOZE2.js.map +0 -1
  15. package/dist/chunk-CXKOMB77.mjs.map +0 -1
package/CHANGELOG.md CHANGED
@@ -7,6 +7,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
+ ## [9.0.2]
11
+
12
+ ### Fixed
13
+
14
+ - Fix `SideEffectMessenger` type not respecting generic parameter types ([#4059](https://github.com/MetaMask/core/pull/4059))
15
+
16
+ ## [9.0.1]
17
+
18
+ ### Fixed
19
+
20
+ - Fix `types` field in `package.json` ([#4047](https://github.com/MetaMask/core/pull/4047))
21
+
10
22
  ## [9.0.0]
11
23
 
12
24
  ### Added
@@ -206,7 +218,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
206
218
 
207
219
  All changes listed after this point were applied to this package following the monorepo conversion.
208
220
 
209
- [Unreleased]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@9.0.0...HEAD
221
+ [Unreleased]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@9.0.2...HEAD
222
+ [9.0.2]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@9.0.1...@metamask/permission-controller@9.0.2
223
+ [9.0.1]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@9.0.0...@metamask/permission-controller@9.0.1
210
224
  [9.0.0]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@8.0.1...@metamask/permission-controller@9.0.0
211
225
  [8.0.1]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@8.0.0...@metamask/permission-controller@8.0.1
212
226
  [8.0.0]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@7.1.0...@metamask/permission-controller@8.0.0
package/dist/PermissionController.js CHANGED
@@ -1,7 +1,7 @@
1
1
  "use strict";Object.defineProperty(exports, "__esModule", {value: true});
2
2
 
3
3
 
4
- var _chunk5L2IOZE2js = require('./chunk-5L2IOZE2.js');
4
+ var _chunkQ4TESWPEjs = require('./chunk-Q4TESWPE.js');
5
5
  require('./chunk-EGNDXGRG.js');
6
6
  require('./chunk-6CID6TBW.js');
7
7
  require('./chunk-AQ35E2HU.js');
@@ -11,5 +11,5 @@ require('./chunk-CSAU5B4Q.js');
11
11
 
12
12
 
13
13
 
14
- exports.CaveatMutatorOperation = _chunk5L2IOZE2js.CaveatMutatorOperation; exports.PermissionController = _chunk5L2IOZE2js.PermissionController;
14
+ exports.CaveatMutatorOperation = _chunkQ4TESWPEjs.CaveatMutatorOperation; exports.PermissionController = _chunkQ4TESWPEjs.PermissionController;
15
15
  //# sourceMappingURL=PermissionController.js.map
package/dist/PermissionController.mjs CHANGED
@@ -1,7 +1,7 @@
1
1
  import {
2
2
  CaveatMutatorOperation,
3
3
  PermissionController
4
- } from "./chunk-CXKOMB77.mjs";
4
+ } from "./chunk-VFQJB7BG.mjs";
5
5
  import "./chunk-XBFHEZRU.mjs";
6
6
  import "./chunk-ODCVB4BB.mjs";
7
7
  import "./chunk-N4KQ2BHF.mjs";
package/dist/{chunk-5L2IOZE2.js → chunk-Q4TESWPE.js} RENAMED
@@ -1390,4 +1390,4 @@ var PermissionController = class extends _basecontroller.BaseController {
1390
1390
 
1391
1391
 
1392
1392
  exports.CaveatMutatorOperation = CaveatMutatorOperation; exports.PermissionController = PermissionController;
1393
- //# sourceMappingURL=chunk-5L2IOZE2.js.map
1393
+ //# sourceMappingURL=chunk-Q4TESWPE.js.map
package/dist/chunk-Q4TESWPE.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/PermissionController.ts"],"names":["CaveatMutatorOperation"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAeA,SAAS,sBAAsB;AAE/B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,oBAAoB;AAC7B,SAAS,mBAAmB;AAE5B,OAAO,gBAAgB;AACvB,SAAS,iBAA6B;AACtC,SAAS,cAAc;AAyGvB,IAAM,iBAAiB;AAkDvB,SAAS,mBAA4D;AACnE,SAAO,EAAE,UAAU,EAAE,WAAW,MAAM,SAAS,KAAK,EAAE;AAGxD;AAQA,SAAS,kBAA2D;AAClE,SAAO,EAAE,UAAU,CAAC,EAAE;AACxB;AA0LO,IAAK,yBAAL,kBAAKA,4BAAL;AACL,EAAAA,gDAAA;AACA,EAAAA,gDAAA;AACA,EAAAA,gDAAA;AACA,EAAAA,gDAAA;AAJU,SAAAA;AAAA,GAAA;AAoIL,IAAM,uBAAN,cAGG,eASR;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,IAAW,sBAA2C;AACpD,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA+BA,YACE,SAIA;AACA,UAAM;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ,CAAC;AAAA,IACX,IAAI;AAEJ,UAAM;AAAA,MACJ,MAAM;AAAA,MACN,UACE,iBAKE;AAAA,MACJ;AAAA,MACA,OAAO;AAAA,QACL,GAAG,gBAKD;AAAA,QACF,GAAG;AAAA,MACL;AAAA,IACF,CAAC;AAED,SAAK,uBAAuB,IAAI,IAAI,mBAAmB;AACvD,SAAK,wBAAwB,WAAW,EAAE,GAAG,qBAAqB,CAAC;AAEnE,SAAK;AAAA,MACH;AAAA,MACA,KAAK;AAAA,IACP;AAEA,SAAK,4BAA4B,WAAW;AAAA,MAC1C,GAAG;AAAA,IACL,CAAC;AAED,SAAK,wBAAwB;AAC7B,SAAK,6BAA6B,+BAA+B;AAAA,MAC/D,yBAAyB,KAAK,yBAAyB,KAAK,IAAI;AAAA,MAChE,qBAAqB,KAAK,oBAAoB,KAAK,IAAI;AAAA,MACvD,sBAAsB,KAAK,oBAAoB,IAAI;AAAA,QACjD,KAAK;AAAA,MACP;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,2BAGN,YAIA;AACA,WAAO,KAAK,0BAA0B,UAAU;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,uBAEN,YAAwB;AACxB,WAAO,KAAK,sBAAsB,UAAU;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYQ,iCACN,0BACA,sBACA;AACA,WAAO;AAAA,MACL;AAAA,IACF,EAAE;AAAA,MACA,CAAC;AAAA,QACC;AAAA,QACA,EAAE,gBAAgB,YAAY,iBAAiB,eAAe;AAAA,MAChE,MAAM;AACJ,YAAI,CAAC,kBAAkB,CAAC,YAAY,gBAAgB,cAAc,GAAG;AACnE,gBAAM,IAAI,MAAM,6BAA6B,cAAc,GAAG;AAAA,QAChE;AAEA,YAAI,CAAC,YAAY;AACf,gBAAM,IAAI,MAAM,oCAAoC,UAAU,GAAG;AAAA,QACnE;AAEA,YAAI,eAAe,iBAAiB;AAClC,gBAAM,IAAI;AAAA,YACR,kDAAkD,UAAU,gDAAgD,eAAe;AAAA,UAC7H;AAAA,QACF;AAEA,YAAI,gBAAgB;AAClB,yBAAe,QAAQ,CAAC,eAAe;AACrC,gBAAI,CAAC,YAAY,sBAAsB,UAAU,GAAG;AAClD,oBAAM,IAAI,4BAA4B,UAAU;AAAA,YAClD;AAEA,kBAAM,gBACJ,qBACE,UACF;AACF,kBAAM,2BACJ,sCAAsC,aAAa;AAErD,gBACG,gEACC,CAAC,4BACF,kDACC,0BACF;AACA,oBAAM,IAAI;AAAA,gBACR;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,UACF,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMQ,0BAAgC;AACtC,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,MAAM,KAAK,WAAW;AAAA,IACxB;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CAAC,QAAgB,YAAoB,gBACnC,KAAK,cAAc,QAAQ,YAAY,WAAW;AAAA,IACtD;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,MAAM,KAAK,gBAAgB;AAAA,IAC7B;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CAAC,WAAyB,KAAK,eAAe,MAAM;AAAA,IACtD;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CAAC,QAAsB,eACrB,KAAK,cAAc,QAAQ,UAAU;AAAA,IACzC;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CAAC,WAAyB,KAAK,eAAe,MAAM;AAAA,IACtD;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,KAAK,iBAAiB,KAAK,IAAI;AAAA,IACjC;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CAAC,SAAoC,gBACnC,KAAK,mBAAmB,SAAS,WAAW;AAAA,IAChD;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CAAC,WAAyB,KAAK,qBAAqB,MAAM;AAAA,IAC5D;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CACE,WAIG,KAAK,+BAA+B,MAAM;AAAA,IACjD;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,KAAK,kBAAkB,KAAK,IAAI;AAAA,IAClC;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CAAC,QAAQ,QAAQ,YAAY,gBAAgB;AAC3C,aAAK;AAAA,UACH;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAmB;AACjB,SAAK,OAAO,CAAC,gBAAgB;AAC3B,aAAO;AAAA,QACL,GAAG,gBAKD;AAAA,MACJ;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBQ,gCACN,gBACA,YACA,kBAC8D;AAC9D,UAAM,eACJ,+DACI;AAAA,MACE;AAAA,MACA,mBAAmB,EAAE,QAAQ,iBAAiB,IAAI;AAAA,IACpD,IACA,IAAI;AAAA,MACF;AAAA,MACA;AAAA,IACF;AAEN,QAAI,CAAC,KAAK,aAAa,UAAU,GAAG;AAClC,YAAM;AAAA,IACR;AAEA,UAAM,gBAAgB,KAAK,2BAA2B,UAAU;AAChE,QAAI,CAAC,qBAAqB,eAAe,cAAc,GAAG;AACxD,YAAM;AAAA,IACR;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,oBACE,QACA,QACoD;AACpD,WAAO,KAAK;AAAA;AAAA,MAEV;AAAA,MACA;AAAA,IACF,EAAE;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,kBAAkC;AAChC,WAAO,OAAO,KAAK,KAAK,MAAM,QAAQ;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,cAME,QACA,YAC+B;AAC/B,WAAO,KAAK,MAAM,SAAS,MAAM,GAAG,YAAY,UAAU;AAAA,EAG5D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,eACE,QAKY;AACZ,WAAO,KAAK,MAAM,SAAS,MAAM,GAAG;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,cACE,QACA,QAIS;AACT,WAAO,QAAQ,KAAK,cAAc,QAAQ,MAAM,CAAC;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,eAAe,QAA+B;AAC5C,WAAO,QAAQ,KAAK,MAAM,SAAS,MAAM,CAAC;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,qBAAqB,QAA4B;AAC/C,SAAK,OAAO,CAAC,eAAe;AAC1B,UAAI,CAAC,WAAW,SAAS,MAAM,GAAG;AAChC,cAAM,IAAI,yBAAyB,MAAM;AAAA,MAC3C;AACA,aAAO,WAAW,SAAS,MAAM;AAAA,IACnC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,iBACE,QACA,QAIM;AACN,SAAK,kBAAkB,EAAE,CAAC,MAAM,GAAG,CAAC,MAAM,EAAE,CAAC;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,kBACE,wBASM;AACN,SAAK,OAAO,CAAC,eAAe;AAC1B,aAAO,KAAK,sBAAsB,EAAE,QAAQ,CAAC,WAAW;AACtD,YAAI,CAAC,YAAY,WAAW,UAAU,MAAM,GAAG;AAC7C,gBAAM,IAAI,yBAAyB,MAAM;AAAA,QAC3C;AAEA,+BAAuB,MAAM,EAAE,QAAQ,CAAC,WAAW;AACjD,gBAAM,EAAE,YAAY,IAAI,WAAW,SAAS,MAAM;AAClD,cAAI,CAAC,YAAY,aAAwC,MAAM,GAAG;AAChE,kBAAM,IAAI,4BAA4B,QAAQ,MAAM;AAAA,UACtD;AAEA,eAAK,iBAAiB,WAAW,UAAU,QAAQ,MAAM;AAAA,QAC3D,CAAC;AAAA,MACH,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,+BACE,QAIM;AACN,QAAI,KAAK,gBAAgB,EAAE,WAAW,GAAG;AACvC;AAAA,IACF;AAEA,SAAK,OAAO,CAAC,eAAe;AAC1B,aAAO,QAAQ,WAAW,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,OAAO,MAAM;AACjE,cAAM,EAAE,YAAY,IAAI;AAExB,YAAI,YAAY,aAAwC,MAAM,GAAG;AAC/D,eAAK,iBAAiB,WAAW,UAAU,QAAQ,MAAM;AAAA,QAC3D;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYQ,iBACN,UACA,QACA,QAIM;AACN,UAAM,EAAE,YAAY,IAAI,SAAS,MAAM;AACvC,QAAI,OAAO,KAAK,WAAW,EAAE,SAAS,GAAG;AACvC,aAAO,YAAY,MAAM;AAAA,IAC3B,OAAO;AACL,aAAO,SAAS,MAAM;AAAA,IACxB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,UAME,QAAsB,QAAoB,YAAiC;AAC3E,WAAO,QAAQ,KAAK,UAAU,QAAQ,QAAQ,UAAU,CAAC;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,UAOE,QACA,QACA,YACsE;AACtE,UAAM,aAAa,KAAK,cAAc,QAAQ,MAAM;AACpD,QAAI,CAAC,YAAY;AACf,YAAM,IAAI,4BAA4B,QAAQ,MAAM;AAAA,IACtD;AAEA,WAAO,WAAW,YAAY,UAAU;AAAA,EAG1C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqBA,UAOE,QACA,QACA,YACA,aACM;AACN,QAAI,KAAK,UAAU,QAAQ,QAAQ,UAAU,GAAG;AAC9C,YAAM,IAAI,yBAAyB,QAAQ,QAAQ,UAAU;AAAA,IAC/D;AAEA,SAAK,UAAU,QAAQ,QAAQ,YAAY,WAAW;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBA,aAWE,QACA,QACA,YACA,aACM;AACN,QAAI,CAAC,KAAK,UAAU,QAAQ,QAAQ,UAAU,GAAG;AAC/C,YAAM,IAAI,wBAAwB,QAAQ,QAAQ,UAAU;AAAA,IAC9D;AAEA,SAAK,UAAU,QAAQ,QAAQ,YAAY,WAAW;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBQ,UAON,QACA,QACA,YACA,aACM;AACN,SAAK,OAAO,CAAC,eAAe;AAC1B,YAAM,UAAU,WAAW,SAAS,MAAM;AAK1C,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,yBAAyB,MAAM;AAAA,MAC3C;AAEA,YAAM,aAAa,QAAQ,YAAY,MAAM;AAG7C,UAAI,CAAC,YAAY;AACf,cAAM,IAAI,4BAA4B,QAAQ,MAAM;AAAA,MACtD;AAEA,YAAM,SAAS;AAAA,QACb,MAAM;AAAA,QACN,OAAO;AAAA,MACT;AACA,WAAK,eAAe,QAAQ,QAAQ,MAAM;AAE1C,UAAI,WAAW,SAAS;AACtB,cAAM,cAAc,WAAW,QAAQ;AAAA,UACrC,CAAC,mBAAmB,eAAe,SAAS,OAAO;AAAA,QACrD;AAEA,YAAI,gBAAgB,IAAI;AACtB,qBAAW,QAAQ,KAAK,MAAM;AAAA,QAChC,OAAO;AACL,qBAAW,QAAQ,OAAO,aAAa,GAAG,MAAM;AAAA,QAClD;AAAA,MACF,OAAO;AAOL,mBAAW,UAAU,CAAC,MAAM;AAAA,MAC9B;AAEA,WAAK,2BAA2B,YAAY,MAAM;AAAA,IACpD,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAyBA,0BAME,kBAA8B,SAA4C;AAC1E,QAAI,OAAO,KAAK,KAAK,MAAM,QAAQ,EAAE,WAAW,GAAG;AACjD;AAAA,IACF;AAEA,SAAK,OAAO,CAAC,eAAe;AAC1B,aAAO,OAAO,WAAW,QAAQ,EAAE,QAAQ,CAAC,YAAY;AACtD,eAAO,OAAO,QAAQ,WAAW,EAAE,QAAQ,CAAC,eAAe;AACzD,gBAAM,EAAE,QAAQ,IAAI;AACpB,gBAAM,eAAe,SAAS;AAAA,YAC5B,CAAC,EAAE,KAAK,MAAM,SAAS;AAAA,UACzB;AACA,cAAI,CAAC,cAAc;AACjB;AAAA,UACF;AAIA,gBAAM,gBAAgB,QAAQ,aAAa,KAAK;AAChD,kBAAQ,cAAc,WAAW;AAAA,YAC/B,KAAK;AACH;AAAA,YAEF,KAAK;AAMH,cAAC,aAAoD,QACnD,cAAc;AAEhB,mBAAK;AAAA,gBACH;AAAA,gBACA,QAAQ;AAAA,gBACR,WAAW;AAAA,cACb;AACA;AAAA,YAEF,KAAK;AACH,mBAAK,aAAa,YAAY,kBAAkB,QAAQ,MAAM;AAC9D;AAAA,YAEF,KAAK;AACH,mBAAK;AAAA,gBACH,WAAW;AAAA,gBACX,QAAQ;AAAA,gBACR,WAAW;AAAA,cACb;AACA;AAAA,YAEF,SAAS;AAGP,oBAAM,mBAA0B;AAChC,oBAAM,IAAI;AAAA,gBACR;AAAA;AAAA,gBAGG,iBAAyB,SAC5B;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF,CAAC;AAAA,MACH,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,aAME,QAAsB,QAAoB,YAA8B;AACxE,SAAK,OAAO,CAAC,eAAe;AAC1B,YAAM,aAAa,WAAW,SAAS,MAAM,GAAG,YAAY,MAAM;AAClE,UAAI,CAAC,YAAY;AACf,cAAM,IAAI,4BAA4B,QAAQ,MAAM;AAAA,MACtD;AAEA,UAAI,CAAC,WAAW,SAAS;AACvB,cAAM,IAAI,wBAAwB,QAAQ,QAAQ,UAAU;AAAA,MAC9D;AAEA,WAAK,aAAa,YAAY,YAAY,MAAM;AAAA,IAClD,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcQ,aAGN,YACA,YACA,QACM;AAEN,QAAI,CAAC,WAAW,SAAS;AACvB,YAAM,IAAI;AAAA,QACR;AAAA,QACA,WAAW;AAAA,QACX;AAAA,MACF;AAAA,IACF;AAEA,UAAM,cAAc,WAAW,QAAQ;AAAA,MACrC,CAAC,mBAAmB,eAAe,SAAS;AAAA,IAC9C;AAEA,QAAI,gBAAgB,IAAI;AACtB,YAAM,IAAI;AAAA,QACR;AAAA,QACA,WAAW;AAAA,QACX;AAAA,MACF;AAAA,IACF;AAEA,QAAI,WAAW,QAAQ,WAAW,GAAG;AACnC,iBAAW,UAAU;AAAA,IACvB,OAAO;AACL,iBAAW,QAAQ,OAAO,aAAa,CAAC;AAAA,IAC1C;AAEA,SAAK,2BAA2B,YAAY,MAAM;AAAA,EACpD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaQ,2BACN,YACA,QACM;AAEN,QAAI,CAAC,KAAK,aAAa,WAAW,gBAAgB,GAAG;AACnD,YAAM,IAAI;AAAA,QACR,sCAAsC,WAAW,gBAAgB;AAAA,MACnE;AAAA,IACF;AAEA,SAAK;AAAA,MACH,KAAK,2BAA2B,WAAW,gBAAgB;AAAA,MAC3D;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASQ,aACN,QAC2D;AAC3D,WAAO,YAAY,KAAK,2BAA2B,MAAM;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqBA,iBAAiB;AAAA,IACf;AAAA,IACA;AAAA,IACA,8BAA8B;AAAA,IAC9B;AAAA,EACF,GAUE;AACA,UAAM,EAAE,OAAO,IAAI;AAEnB,QAAI,CAAC,UAAU,OAAO,WAAW,UAAU;AACzC,YAAM,IAAI,8BAA8B,MAAM;AAAA,IAChD;AAEA,UAAM,cACJ,8BACI;AAAA,MACE,GAAG,KAAK,eAAe,MAAM;AAAA,IAC/B,IACA,CAAC;AAQP,eAAW,CAAC,iBAAiB,kBAAkB,KAAK,OAAO;AAAA,MACzD;AAAA,IACF,GAAG;AACD,UAAI,CAAC,KAAK,aAAa,eAAe,GAAG;AACvC,cAAM,eAAe,eAAe;AAAA,MACtC;AAEA,UACE,mBAAmB,qBAAqB,UACxC,oBAAoB,mBAAmB,kBACvC;AACA,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAIA,YAAM,aAAa;AAInB,YAAM,gBAAgB,KAAK,2BAA2B,UAAU;AAGhE,YAAM,UAAU,KAAK;AAAA,QACnB;AAAA,QACA;AAAA,QACA,mBAAmB;AAAA,MACrB;AAEA,YAAM,oBAAoB;AAAA,QACxB;AAAA,QACA,SAAS;AAAA,QACT,QAAQ;AAAA,MACV;AAEA,UAAI;AAIJ,UAAI,cAAc,SAAS;AACzB,qBAAa,cAAc,QAAQ,mBAAmB,WAAW;AAKjE,aAAK,mBAAmB,eAAe,YAAY,MAAM;AAAA,MAC3D,OAAO;AACL,qBAAa,oBAAoB,iBAAiB;AAKlD,aAAK,mBAAmB,eAAe,YAAY,QAAQ;AAAA,UACzD,2BAA2B;AAAA,UAC3B,yBAAyB;AAAA,QAC3B,CAAC;AAAA,MACH;AACA,kBAAY,UAAU,IAAI;AAAA,IAC5B;AAEA,SAAK,wBAAwB,QAAQ,WAAW;AAChD,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAuBQ,mBACN,eACA,YACA,QACA,EAAE,2BAA2B,wBAAwB,IAAI;AAAA,IACvD,2BAA2B;AAAA,IAC3B,yBAAyB;AAAA,EAC3B,GACM;AACN,UAAM,EAAE,gBAAgB,WAAW,WAAW,IAAI;AAElD,QACE,cAAc,cAAc,UAC5B,cAAc,aAAa,SAAS,GACpC;AACA,YAAM,WAAW,KAAK,gBAAgB;AAAA,QACpC;AAAA,QACA;AAAA,MACF;AAEA,UACE,CAAC,YACD,SAAS,gBAAgB,QACzB,CAAC,cAAc,aAAa,SAAS,SAAS,WAAW,GACzD;AACA,cAAM,cAAc,+DAChB,eAAe,YAAY,EAAE,OAAO,CAAC,IACrC,IAAI,qCAAqC,YAAY,MAAM;AAAA,MACjE;AAAA,IACF;AAEA,QAAI,YAAY,YAAY,SAAS,GAAG;AACtC,YAAM,EAAE,QAAQ,IAAI;AAEpB,UAAI,YAAY,QAAQ,EAAE,MAAM,QAAQ,OAAO,KAAK,QAAQ,SAAS,IAAI;AACvE,cAAM,IAAI,4BAA4B,QAAQ,YAAY,OAAO;AAAA,MACnE;AAEA,YAAM,kBAAkB,oBAAI,IAAY;AACxC,eAAS,QAAQ,CAAC,WAAW;AAC3B,YAAI,yBAAyB;AAC3B,eAAK,eAAe,QAAQ,QAAQ,UAAU;AAAA,QAChD;AAEA,YAAI,CAAC,gBAAgB,SAAS,OAAO,IAAI,GAAG;AAC1C,gBAAM,IAAI,qBAAqB,OAAO,MAAM,QAAQ,UAAU;AAAA,QAChE;AAEA,YAAI,gBAAgB,IAAI,OAAO,IAAI,GAAG;AACpC,gBAAM,IAAI,qBAAqB,OAAO,MAAM,QAAQ,UAAU;AAAA,QAChE;AACA,wBAAgB,IAAI,OAAO,IAAI;AAAA,MACjC,CAAC;AAAA,IACH;AAEA,QAAI,6BAA6B,WAAW;AAC1C,gBAAU,YAAY,QAAQ,UAAU;AAAA,IAC1C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYQ,wBACN,QACA,aAOM;AACN,SAAK,OAAO,CAAC,eAAe;AAC1B,UAAI,CAAC,WAAW,SAAS,MAAM,GAAG;AAChC,mBAAW,SAAS,MAAM,IAAI,EAAE,QAAQ,aAAa,CAAC,EAAE;AAAA,MAC1D;AAEA,iBAAW,SAAS,MAAM,EAAE,cAAc,UAAU,WAAW;AAAA,IACjE,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaQ,iBACN,QACA,QAIA,kBAC0E;AAC1E,UAAM,cAAc,kBAAkB,IAAI,CAAC,oBAAoB;AAC7D,WAAK,eAAe,iBAAiB,QAAQ,MAAM;AAGnD,YAAM,EAAE,MAAM,MAAM,IAAI;AACxB,aAAO,EAAE,MAAM,MAAM;AAAA,IACvB,CAAC;AAED,WAAO,eAAe,gBAAgB,WAAW,IAC7C,cACA;AAAA,EACN;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeQ,eACN,QACA,QACA,QACM;AACN,QAAI,CAAC,cAAc,MAAM,GAAG;AAE1B,YAAM,IAAI,mBAAmB,QAAQ,QAAQ,MAAM;AAAA,IACrD;AAEA,QAAI,OAAO,KAAK,MAAM,EAAE,WAAW,GAAG;AACpC,YAAM,IAAI,yBAAyB,QAAQ,QAAQ,MAAM;AAAA,IAC3D;AAEA,QAAI,OAAO,OAAO,SAAS,UAAU;AACnC,YAAM,IAAI,uBAAuB,QAAQ,QAAQ,MAAM;AAAA,IACzD;AAEA,UAAM,gBAAgB,KAAK,uBAAuB,OAAO,IAAI;AAC7D,QAAI,CAAC,eAAe;AAClB,YAAM,IAAI,4BAA4B,OAAO,MAAM,QAAQ,MAAM;AAAA,IACnE;AAEA,QAAI,CAAC,YAAY,QAAQ,OAAO,KAAK,OAAO,UAAU,QAAW;AAC/D,YAAM,IAAI,wBAAwB,QAAQ,QAAQ,MAAM;AAAA,IAC1D;AAEA,QAAI,CAAC,YAAY,OAAO,KAAK,GAAG;AAC9B,YAAM,IAAI,uBAAuB,QAAQ,QAAQ,MAAM;AAAA,IACzD;AAGA,kBAAc,YAAY,QAA4B,QAAQ,MAAM;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAwBA,MAAM,mBACJ,SACA,sBACA,UAGI,CAAC,GAWL;AACA,UAAM,EAAE,OAAO,IAAI;AACnB,UAAM,EAAE,KAAK,OAAO,GAAG,8BAA8B,KAAK,IAAI;AAC9D,SAAK,6BAA6B,QAAQ,oBAAoB;AAE9D,UAAM,WAAW;AAAA,MACf;AAAA,MACA;AAAA,IACF;AAEA,UAAM,qBAAqB;AAAA,MACzB;AAAA,MACA,aAAa;AAAA,IACf;AAEA,UAAM,kBAAkB,MAAM,KAAK,oBAAoB,kBAAkB;AACzE,UAAM,EAAE,aAAa,qBAAqB,GAAG,YAAY,IACvD;AAEF,UAAM,cAAc,KAAK,eAAe,mBAAmB;AAE3D,QAAI,OAAO,OAAO,YAAY,iBAAiB,EAAE,SAAS,GAAG;AAC3D,YAAM,kBAAkB,MAAM,KAAK;AAAA,QACjC;AAAA,QACA;AAAA,MACF;AACA,YAAM,aAAa,OAAO,KAAK,YAAY,iBAAiB,EAAE;AAAA,QAC5D,CAAC,KAAK,YAAY,OAAO,EAAE,CAAC,UAAU,GAAG,gBAAgB,CAAC,GAAG,GAAG,IAAI;AAAA,QACpE,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,QACL,KAAK,iBAAiB;AAAA,UACpB;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF,CAAC;AAAA,QACD,EAAE,MAAM,YAAY,GAAG,SAAS;AAAA,MAClC;AAAA,IACF;AAEA,WAAO;AAAA,MACL,KAAK,iBAAiB;AAAA,QACpB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA,MACD;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBQ,6BACN,QACA,sBACM;AACN,QAAI,CAAC,cAAc,oBAAoB,GAAG;AACxC,YAAM,cAAc;AAAA,QAClB,SAAS,qCAAqC,MAAM;AAAA,QACpD,MAAM,EAAE,QAAQ,qBAAqB;AAAA,MACvC,CAAC;AAAA,IACH;AAEA,QAAI,OAAO,KAAK,oBAAoB,EAAE,WAAW,GAAG;AAClD,YAAM,cAAc;AAAA,QAClB,SAAS,mCAAmC,MAAM;AAAA,QAClD,MAAM,EAAE,qBAAqB;AAAA,MAC/B,CAAC;AAAA,IACH;AAEA,eAAW,cAAc,OAAO,KAAK,oBAAoB,GAAG;AAC1D,YAAM,aAAa,qBAAqB,UAAU;AAElD,UAAI,CAAC,KAAK,aAAa,UAAU,GAAG;AAClC,cAAM,eAAe,YAAY,EAAE,QAAQ,qBAAqB,CAAC;AAAA,MACnE;AAEA,UACE,CAAC,cAAc,UAAU,KACxB,WAAW,qBAAqB,UAC/B,eAAe,WAAW,kBAC5B;AACA,cAAM,cAAc;AAAA,UAClB,SAAS,mCAAmC,MAAM;AAAA,UAClD,MAAM,EAAE,QAAQ,qBAAqB;AAAA,QACvC,CAAC;AAAA,MACH;AAIA,WAAK;AAAA,QACH,KAAK,2BAA2B,UAAU;AAAA;AAAA,QAE1C;AAAA,QACA;AAAA,QACA,EAAE,2BAA2B,OAAO,yBAAyB,KAAK;AAAA,MACpE;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAc,oBAAoB,oBAAwC;AACxE,UAAM,EAAE,QAAQ,GAAG,IAAI,mBAAmB;AAC1C,UAAM,kBAAkB,MAAM,KAAK,gBAAgB;AAAA,MACjD;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QACA,aAAa;AAAA,QACb;AAAA,MACF;AAAA,MACA;AAAA,IACF;AAEA,SAAK,4BAA4B,iBAAiB,EAAE,IAAI,OAAO,CAAC;AAChE,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,eAAe,aAAmC;AACxD,WAAO,OAAO,KAAK,WAAW,EAAE;AAAA,MAC9B,CAAC,gBAAgB,eAAe;AAC9B,YAAI,KAAK,aAAa,UAAU,GAAG;AACjC,gBAAM,gBAAgB,KAAK,2BAA2B,UAAU;AAEhE,cAAI,cAAc,YAAY;AAC5B,2BAAe,kBAAkB,UAAU,IACzC,cAAc,WAAW;AAE3B,gBAAI,cAAc,WAAW,WAAW;AACtC,6BAAe,gBAAgB,UAAU,IACvC,cAAc,WAAW;AAAA,YAC7B;AAAA,UACF;AAAA,QACF;AACA,eAAO;AAAA,MACT;AAAA,MACA,EAAE,mBAAmB,CAAC,GAAG,iBAAiB,CAAC,EAAE;AAAA,IAC/C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAc,mBACZ,aACA,aACA;AACA,UAAM,EAAE,mBAAmB,gBAAgB,IAAI;AAC/C,UAAM,SAAS;AAAA,MACb;AAAA,MACA,iBAAiB,KAAK;AAAA,IACxB;AAEA,UAAM,iBAAiB,MAAM,QAAQ;AAAA,MACnC,OAAO,OAAO,iBAAiB,EAAE;AAAA,QAAI,CAAC,qBACpC,iBAAiB,MAAM;AAAA,MACzB;AAAA,IACF;AAGA,UAAM,mBAAmB,eAAe;AAAA,MACtC,CAAC,YAAY,QAAQ,WAAW;AAAA,IAClC;AAEA,QAAI,iBAAiB,SAAS,GAAG;AAC/B,YAAM,sBAAsB,OAAO,OAAO,eAAe;AACzD,UAAI,oBAAoB,SAAS,GAAG;AAClC,YAAI;AACF,gBAAM,QAAQ;AAAA,YACZ,oBAAoB,IAAI,CAAC,mBAAmB,eAAe,MAAM,CAAC;AAAA,UACpE;AAAA,QACF,SAAS,OAAO;AACd,gBAAM,cAAc,oCAAoC,EAAE,MAAM,CAAC;AAAA,QACnE;AAAA,MACF;AACA,YAAM,UAAU,iBAAiB,IAAI,CAAC,YAAY,QAAQ,MAAM;AAEhE,cAAQ,QAAQ,CAAC,WAAW;AAC1B,gBAAQ,MAAM,MAAM;AAAA,MACtB,CAAC;AAED,YAAM,QAAQ,SAAS,IACnB;AAAA,QACE;AAAA,QACA,EAAE,QAAQ,QAAQ;AAAA,MACpB,IACA,QAAQ,CAAC;AAAA,IACf;AAGA,WAAQ,eAA6D;AAAA,MACnE,CAAC,EAAE,MAAM,MAAM;AAAA,IACjB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeQ,4BACN,iBACA,kBACA;AACA,UAAM,EAAE,IAAI,OAAO,IAAI;AAEvB,QACE,CAAC,cAAc,eAAe,KAC9B,CAAC,cAAc,gBAAgB,QAAQ,GACvC;AACA,YAAM;AAAA,QACJ,6CAA6C,MAAM;AAAA,QACnD,EAAE,MAAM,EAAE,gBAAgB,EAAE;AAAA,MAC9B;AAAA,IACF;AAEA,UAAM;AAAA,MACJ,UAAU,EAAE,IAAI,OAAO,QAAQ,UAAU;AAAA,MACzC;AAAA,IACF,IAAI;AAEJ,QAAI,UAAU,IAAI;AAChB,YAAM;AAAA,QACJ,6CAA6C,MAAM;AAAA,QACnD,EAAE,YAAY,IAAI,WAAW,MAAM;AAAA,MACrC;AAAA,IACF;AAEA,QAAI,cAAc,QAAQ;AACxB,YAAM;AAAA,QACJ,6CAA6C,MAAM;AAAA,QACnD,EAAE,gBAAgB,QAAQ,eAAe,UAAU;AAAA,MACrD;AAAA,IACF;AAEA,QAAI;AACF,WAAK,6BAA6B,QAAQ,WAAW;AAAA,IACvD,SAAS,OAAO;AACd,UAAI,iBAAiB,cAAc;AAGjC,cAAM;AAAA,UACJ,yCAAyC,MAAM,OAAO;AAAA,UACtD,MAAM;AAAA,QACR;AAAA,MACF;AACA,YAAM,cAAc,2BAA2B,EAAE,MAAM,CAAC;AAAA,IAC1D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,yBAAyB,SAA4C;AACzE,UAAM,EAAE,GAAG,IAAI,QAAQ;AAEvB,QAAI,CAAC,KAAK,mBAAmB,EAAE,GAAG,CAAC,GAAG;AACpC,YAAM,IAAI,gCAAgC,EAAE;AAAA,IAC9C;AAEA,QAAI,OAAO,KAAK,QAAQ,WAAW,EAAE,WAAW,GAAG;AACjD,WAAK;AAAA,QACH;AAAA,QACA,cAAc;AAAA,UACZ,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AACA;AAAA,IACF;AAEA,QAAI;AACF,WAAK,gBAAgB;AAAA,QACnB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AAGd,WAAK,0BAA0B,IAAI,KAAK;AACxC,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,yBAAyB,IAA2B;AACxD,QAAI,CAAC,KAAK,mBAAmB,EAAE,GAAG,CAAC,GAAG;AACpC,YAAM,IAAI,gCAAgC,EAAE;AAAA,IAC9C;AAEA,SAAK,0BAA0B,IAAI,oBAAoB,CAAC;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYQ,mBAAmB,SAAkC;AAC3D,WAAO,KAAK,gBAAgB;AAAA,MAC1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAMA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaQ,0BAA0B,IAAY,OAAsB;AAClE,WAAO,KAAK,gBAAgB;AAAA,MAC1B;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,cACJ,QACA,YAIA,aACe;AACf,QAAI,CAAC,KAAK,cAAc,QAAQ,UAAU,GAAG;AAC3C,YAAM,aAAa,EAAE,MAAM,EAAE,QAAQ,WAAW,EAAE,CAAC;AAAA,IACrD;AAEA,WAAO,KAAK;AAAA;AAAA,MAEV;AAAA,MACA;AAAA,IACF,EAAE,gBAAgB,EAAE,QAAQ,YAAY,CAAC;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BA,MAAM,wBACJ,QACA,YAIA,QACe;AAEf,UAAM,uBAAuB,KAAK,oBAAoB,YAAY,MAAM;AAExE,UAAM,SAAS,MAAM,KAAK;AAAA,MACxB;AAAA,MACA,EAAE,OAAO;AAAA,MACT;AAAA,MACA;AAAA,IACF;AAEA,QAAI,WAAW,QAAW;AACxB,YAAM,IAAI;AAAA,QACR,gCAAgC,UAAU,gBAAgB,MAAM;AAAA,MAClE;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBQ,yBACN,sBACA,SACA,QAIA,SAAqC,CAAC,GAC0B;AAChE,UAAM,EAAE,OAAO,IAAI;AAEnB,UAAM,aAAa,KAAK,cAAc,QAAQ,MAAM;AACpD,QAAI,CAAC,YAAY;AACf,YAAM,aAAa,EAAE,MAAM,EAAE,QAAQ,OAAO,EAAE,CAAC;AAAA,IACjD;AAEA,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,KAAK;AAAA,IACP,EAAE,EAAE,QAAQ,QAAQ,SAAS,EAAE,OAAO,EAAE,CAAC;AAAA,EAC3C;AACF","sourcesContent":["/* eslint-enable @typescript-eslint/no-unused-vars */\nimport type {\n AcceptRequest as AcceptApprovalRequest,\n AddApprovalRequest,\n HasApprovalRequest,\n RejectRequest as RejectApprovalRequest,\n} from '@metamask/approval-controller';\nimport type {\n StateMetadata,\n RestrictedControllerMessenger,\n ActionConstraint,\n EventConstraint,\n ControllerGetStateAction,\n ControllerStateChangeEvent,\n} from '@metamask/base-controller';\nimport { BaseController } from '@metamask/base-controller';\nimport type { NonEmptyArray } from '@metamask/controller-utils';\nimport {\n isNonEmptyArray,\n isPlainObject,\n isValidJson,\n} from '@metamask/controller-utils';\nimport { JsonRpcError } from '@metamask/rpc-errors';\nimport { hasProperty } from '@metamask/utils';\nimport type { Json, Mutable } from '@metamask/utils';\nimport deepFreeze from 'deep-freeze-strict';\nimport { castDraft, type Draft } from 'immer';\nimport { nanoid } from 'nanoid';\n\nimport type {\n CaveatConstraint,\n CaveatSpecificationConstraint,\n CaveatSpecificationMap,\n ExtractCaveat,\n ExtractCaveats,\n ExtractCaveatValue,\n} from './Caveat';\nimport {\n decorateWithCaveats,\n isRestrictedMethodCaveatSpecification,\n} from './Caveat';\nimport {\n CaveatAlreadyExistsError,\n CaveatDoesNotExistError,\n CaveatInvalidJsonError,\n CaveatMissingValueError,\n CaveatSpecificationMismatchError,\n DuplicateCaveatError,\n EndowmentPermissionDoesNotExistError,\n ForbiddenCaveatError,\n internalError,\n InvalidApprovedPermissionError,\n InvalidCaveatError,\n InvalidCaveatFieldsError,\n InvalidCaveatsPropertyError,\n InvalidCaveatTypeError,\n invalidParams,\n InvalidSubjectIdentifierError,\n methodNotFound,\n PermissionDoesNotExistError,\n PermissionsRequestNotFoundError,\n unauthorized,\n UnrecognizedCaveatTypeError,\n UnrecognizedSubjectError,\n userRejectedRequest,\n} from './errors';\nimport type {\n EndowmentSpecificationConstraint,\n ExtractAllowedCaveatTypes,\n ExtractPermissionSpecification,\n OriginString,\n PermissionConstraint,\n PermissionSpecificationConstraint,\n PermissionSpecificationMap,\n RequestedPermissions,\n RestrictedMethod,\n RestrictedMethodParameters,\n RestrictedMethodSpecificationConstraint,\n SideEffectHandler,\n ValidPermission,\n ValidPermissionSpecification,\n} from './Permission';\nimport {\n constructPermission,\n findCaveat,\n hasSpecificationType,\n PermissionType,\n} from './Permission';\nimport { getPermissionMiddlewareFactory } from './permission-middleware';\nimport type { GetSubjectMetadata } from './SubjectMetadataController';\nimport { MethodNames } from './utils';\n\n/**\n * Metadata associated with {@link PermissionController} subjects.\n */\nexport type PermissionSubjectMetadata = {\n origin: OriginString;\n};\n\n/**\n * Metadata associated with permission requests.\n */\nexport type PermissionsRequestMetadata = PermissionSubjectMetadata & {\n id: string;\n};\n\n/**\n * Used for prompting the user about a proposed new permission.\n * Includes information about the grantee subject, requested permissions, and\n * any additional information added by the consumer.\n *\n * All properties except `permissions` are passed to any factories found for\n * the requested permissions.\n */\nexport type PermissionsRequest = {\n metadata: PermissionsRequestMetadata;\n permissions: RequestedPermissions;\n [key: string]: Json;\n};\n\nexport type SideEffects = {\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n permittedHandlers: Record<string, SideEffectHandler<any, any>>;\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n failureHandlers: Record<string, SideEffectHandler<any, any>>;\n};\n\n/**\n * The name of the {@link PermissionController}.\n */\nconst controllerName = 'PermissionController';\n\n/**\n * Permissions associated with a {@link PermissionController} subject.\n */\nexport type SubjectPermissions<Permission extends PermissionConstraint> =\n Record<Permission['parentCapability'], Permission>;\n\n/**\n * Permissions and metadata associated with a {@link PermissionController}\n * subject.\n */\nexport type PermissionSubjectEntry<\n SubjectPermission extends PermissionConstraint,\n> = {\n origin: SubjectPermission['invoker'];\n permissions: SubjectPermissions<SubjectPermission>;\n};\n\n/**\n * All subjects of a {@link PermissionController}.\n *\n * @template SubjectPermission - The permissions of the subject.\n */\nexport type PermissionControllerSubjects<\n SubjectPermission extends PermissionConstraint,\n> = Record<\n SubjectPermission['invoker'],\n PermissionSubjectEntry<SubjectPermission>\n>;\n\n// TODO:TS4.4 Enable compiler flags to forbid unchecked member access\n/**\n * The state of a {@link PermissionController}.\n *\n * @template Permission - The controller's permission type union.\n */\nexport type PermissionControllerState<Permission> =\n Permission extends PermissionConstraint\n ? {\n subjects: PermissionControllerSubjects<Permission>;\n }\n : never;\n\n/**\n * Get the state metadata of the {@link PermissionController}.\n *\n * @template Permission - The controller's permission type union.\n * @returns The state metadata\n */\nfunction getStateMetadata<Permission extends PermissionConstraint>() {\n return { subjects: { anonymous: true, persist: true } } as StateMetadata<\n PermissionControllerState<Permission>\n >;\n}\n\n/**\n * Get the default state of the {@link PermissionController}.\n *\n * @template Permission - The controller's permission type union.\n * @returns The default state of the controller\n */\nfunction getDefaultState<Permission extends PermissionConstraint>() {\n return { subjects: {} } as PermissionControllerState<Permission>;\n}\n\n/**\n * Gets the state of the {@link PermissionController}.\n */\nexport type GetPermissionControllerState = ControllerGetStateAction<\n typeof controllerName,\n PermissionControllerState<PermissionConstraint>\n>;\n\n/**\n * Gets the names of all subjects from the {@link PermissionController}.\n */\nexport type GetSubjects = {\n type: `${typeof controllerName}:getSubjectNames`;\n handler: () => (keyof PermissionControllerSubjects<PermissionConstraint>)[];\n};\n\n/**\n * Gets the permissions for specified subject\n */\nexport type GetPermissions = {\n type: `${typeof controllerName}:getPermissions`;\n handler: GenericPermissionController['getPermissions'];\n};\n\n/**\n * Checks whether the specified subject has any permissions.\n */\nexport type HasPermissions = {\n type: `${typeof controllerName}:hasPermissions`;\n handler: GenericPermissionController['hasPermissions'];\n};\n\n/**\n * Checks whether the specified subject has a specific permission.\n */\nexport type HasPermission = {\n type: `${typeof controllerName}:hasPermission`;\n handler: GenericPermissionController['hasPermission'];\n};\n\n/**\n * Directly grants given permissions for a specificed origin without requesting user approval\n */\nexport type GrantPermissions = {\n type: `${typeof controllerName}:grantPermissions`;\n handler: GenericPermissionController['grantPermissions'];\n};\n\n/**\n * Requests given permissions for a specified origin\n */\nexport type RequestPermissions = {\n type: `${typeof controllerName}:requestPermissions`;\n handler: GenericPermissionController['requestPermissions'];\n};\n\n/**\n * Removes the specified permissions for each origin.\n */\nexport type RevokePermissions = {\n type: `${typeof controllerName}:revokePermissions`;\n handler: GenericPermissionController['revokePermissions'];\n};\n\n/**\n * Removes all permissions for a given origin\n */\nexport type RevokeAllPermissions = {\n type: `${typeof controllerName}:revokeAllPermissions`;\n handler: GenericPermissionController['revokeAllPermissions'];\n};\n\n/**\n * Revokes all permissions corresponding to the specified target for all subjects.\n * Does nothing if no subjects or no such permission exists.\n */\nexport type RevokePermissionForAllSubjects = {\n type: `${typeof controllerName}:revokePermissionForAllSubjects`;\n handler: GenericPermissionController['revokePermissionForAllSubjects'];\n};\n\n/**\n * Updates a caveat value for a specified caveat type belonging to a specific target and origin.\n */\nexport type UpdateCaveat = {\n type: `${typeof controllerName}:updateCaveat`;\n handler: GenericPermissionController['updateCaveat'];\n};\n\n/**\n * Clears all permissions from the {@link PermissionController}.\n */\nexport type ClearPermissions = {\n type: `${typeof controllerName}:clearPermissions`;\n handler: () => void;\n};\n\n/**\n * Gets the endowments for the given subject and permission.\n */\nexport type GetEndowments = {\n type: `${typeof controllerName}:getEndowments`;\n handler: GenericPermissionController['getEndowments'];\n};\n\n/**\n * The {@link ControllerMessenger} actions of the {@link PermissionController}.\n */\nexport type PermissionControllerActions =\n | ClearPermissions\n | GetEndowments\n | GetPermissionControllerState\n | GetSubjects\n | GetPermissions\n | HasPermission\n | HasPermissions\n | GrantPermissions\n | RequestPermissions\n | RevokeAllPermissions\n | RevokePermissionForAllSubjects\n | RevokePermissions\n | UpdateCaveat;\n\n/**\n * The generic state change event of the {@link PermissionController}.\n */\nexport type PermissionControllerStateChange = ControllerStateChangeEvent<\n typeof controllerName,\n PermissionControllerState<PermissionConstraint>\n>;\n\n/**\n * The {@link ControllerMessenger} events of the {@link PermissionController}.\n *\n * The permission controller only emits its generic state change events.\n * Consumers should use selector subscriptions to subscribe to relevant\n * substate.\n */\nexport type PermissionControllerEvents = PermissionControllerStateChange;\n\n/**\n * The external {@link ControllerMessenger} actions available to the\n * {@link PermissionController}.\n */\ntype AllowedActions =\n | AddApprovalRequest\n | HasApprovalRequest\n | AcceptApprovalRequest\n | RejectApprovalRequest\n | GetSubjectMetadata;\n\n/**\n * The messenger of the {@link PermissionController}.\n */\nexport type PermissionControllerMessenger = RestrictedControllerMessenger<\n typeof controllerName,\n PermissionControllerActions | AllowedActions,\n PermissionControllerEvents,\n AllowedActions['type'],\n never\n>;\n\nexport type SideEffectMessenger<\n Actions extends ActionConstraint,\n Events extends EventConstraint,\n> = RestrictedControllerMessenger<\n typeof controllerName,\n Actions | AllowedActions,\n Events,\n AllowedActions['type'] | Actions['type'],\n Events['type']\n>;\n\n/**\n * A generic {@link PermissionController}.\n */\nexport type GenericPermissionController = PermissionController<\n PermissionSpecificationConstraint,\n CaveatSpecificationConstraint\n>;\n\n/**\n * Describes the possible results of a {@link CaveatMutator} function.\n */\nexport enum CaveatMutatorOperation {\n noop,\n updateValue,\n deleteCaveat,\n revokePermission,\n}\n\n/**\n * Given a caveat value, returns a {@link CaveatMutatorOperation} and, optionally,\n * a new caveat value.\n *\n * @see {@link PermissionController.updatePermissionsByCaveat} for more details.\n * @template Caveat - The caveat type for which this mutator is intended.\n * @param caveatValue - The existing value of the caveat being mutated.\n * @returns A tuple of the mutation result and, optionally, the new caveat\n * value.\n */\nexport type CaveatMutator<TargetCaveat extends CaveatConstraint> = (\n caveatValue: TargetCaveat['value'],\n) => CaveatMutatorResult;\n\ntype CaveatMutatorResult =\n | Readonly<{\n operation: CaveatMutatorOperation.updateValue;\n value: CaveatConstraint['value'];\n }>\n | Readonly<{\n operation: Exclude<\n CaveatMutatorOperation,\n CaveatMutatorOperation.updateValue\n >;\n }>;\n\n/**\n * Extracts the permission(s) specified by the given permission and caveat\n * specifications.\n *\n * @template ControllerPermissionSpecification - The permission specification(s)\n * to extract from.\n * @template ControllerCaveatSpecification - The caveat specification(s) to\n * extract from. Necessary because {@link Permission} has a generic parameter\n * that describes the allowed caveats for the permission.\n */\nexport type ExtractPermission<\n ControllerPermissionSpecification extends PermissionSpecificationConstraint,\n ControllerCaveatSpecification extends CaveatSpecificationConstraint,\n> = ControllerPermissionSpecification extends ValidPermissionSpecification<ControllerPermissionSpecification>\n ? ValidPermission<\n ControllerPermissionSpecification['targetName'],\n ExtractCaveats<ControllerCaveatSpecification>\n >\n : never;\n\n/**\n * Extracts the restricted method permission(s) specified by the given\n * permission and caveat specifications.\n *\n * @template ControllerPermissionSpecification - The permission specification(s)\n * to extract from.\n * @template ControllerCaveatSpecification - The caveat specification(s) to\n * extract from. Necessary because {@link Permission} has a generic parameter\n * that describes the allowed caveats for the permission.\n */\nexport type ExtractRestrictedMethodPermission<\n ControllerPermissionSpecification extends PermissionSpecificationConstraint,\n ControllerCaveatSpecification extends CaveatSpecificationConstraint,\n> = ExtractPermission<\n Extract<\n ControllerPermissionSpecification,\n RestrictedMethodSpecificationConstraint\n >,\n ControllerCaveatSpecification\n>;\n\n/**\n * Extracts the endowment permission(s) specified by the given permission and\n * caveat specifications.\n *\n * @template ControllerPermissionSpecification - The permission specification(s)\n * to extract from.\n * @template ControllerCaveatSpecification - The caveat specification(s) to\n * extract from. Necessary because {@link Permission} has a generic parameter\n * that describes the allowed caveats for the permission.\n */\nexport type ExtractEndowmentPermission<\n ControllerPermissionSpecification extends PermissionSpecificationConstraint,\n ControllerCaveatSpecification extends CaveatSpecificationConstraint,\n> = ExtractPermission<\n Extract<ControllerPermissionSpecification, EndowmentSpecificationConstraint>,\n ControllerCaveatSpecification\n>;\n\n/**\n * Options for the {@link PermissionController} constructor.\n *\n * @template ControllerPermissionSpecification - A union of the types of all\n * permission specifications available to the controller. Any referenced caveats\n * must be included in the controller's caveat specifications.\n * @template ControllerCaveatSpecification - A union of the types of all\n * caveat specifications available to the controller.\n */\nexport type PermissionControllerOptions<\n ControllerPermissionSpecification extends PermissionSpecificationConstraint,\n ControllerCaveatSpecification extends CaveatSpecificationConstraint,\n> = {\n messenger: PermissionControllerMessenger;\n caveatSpecifications: CaveatSpecificationMap<ControllerCaveatSpecification>;\n permissionSpecifications: PermissionSpecificationMap<ControllerPermissionSpecification>;\n unrestrictedMethods: readonly string[];\n state?: Partial<\n PermissionControllerState<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >\n >;\n};\n\n/**\n * The permission controller. See the [Architecture](../ARCHITECTURE.md)\n * document for details.\n *\n * Assumes the existence of an {@link ApprovalController} reachable via the\n * {@link ControllerMessenger}.\n *\n * @template ControllerPermissionSpecification - A union of the types of all\n * permission specifications available to the controller. Any referenced caveats\n * must be included in the controller's caveat specifications.\n * @template ControllerCaveatSpecification - A union of the types of all\n * caveat specifications available to the controller.\n */\nexport class PermissionController<\n ControllerPermissionSpecification extends PermissionSpecificationConstraint,\n ControllerCaveatSpecification extends CaveatSpecificationConstraint,\n> extends BaseController<\n typeof controllerName,\n PermissionControllerState<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >,\n PermissionControllerMessenger\n> {\n private readonly _caveatSpecifications: Readonly<\n CaveatSpecificationMap<ControllerCaveatSpecification>\n >;\n\n private readonly _permissionSpecifications: Readonly<\n PermissionSpecificationMap<ControllerPermissionSpecification>\n >;\n\n private readonly _unrestrictedMethods: ReadonlySet<string>;\n\n /**\n * The names of all JSON-RPC methods that will be ignored by the controller.\n *\n * @returns The names of all unrestricted JSON-RPC methods\n */\n public get unrestrictedMethods(): ReadonlySet<string> {\n return this._unrestrictedMethods;\n }\n\n /**\n * Returns a `json-rpc-engine` middleware function factory, so that the rules\n * described by the state of this controller can be applied to incoming\n * JSON-RPC requests.\n *\n * The middleware **must** be added in the correct place in the middleware\n * stack in order for it to work. See the README for an example.\n */\n public createPermissionMiddleware: ReturnType<\n typeof getPermissionMiddlewareFactory\n >;\n\n /**\n * Constructs the PermissionController.\n *\n * @param options - Permission controller options.\n * @param options.caveatSpecifications - The specifications of all caveats\n * available to the controller. See {@link CaveatSpecificationMap} and the\n * documentation for more details.\n * @param options.permissionSpecifications - The specifications of all\n * permissions available to the controller. See\n * {@link PermissionSpecificationMap} and the README for more details.\n * @param options.unrestrictedMethods - The callable names of all JSON-RPC\n * methods ignored by the new controller.\n * @param options.messenger - The controller messenger. See\n * {@link BaseController} for more information.\n * @param options.state - Existing state to hydrate the controller with at\n * initialization.\n */\n constructor(\n options: PermissionControllerOptions<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >,\n ) {\n const {\n caveatSpecifications,\n permissionSpecifications,\n unrestrictedMethods,\n messenger,\n state = {},\n } = options;\n\n super({\n name: controllerName,\n metadata:\n getStateMetadata<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >(),\n messenger,\n state: {\n ...getDefaultState<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >(),\n ...state,\n },\n });\n\n this._unrestrictedMethods = new Set(unrestrictedMethods);\n this._caveatSpecifications = deepFreeze({ ...caveatSpecifications });\n\n this.validatePermissionSpecifications(\n permissionSpecifications,\n this._caveatSpecifications,\n );\n\n this._permissionSpecifications = deepFreeze({\n ...permissionSpecifications,\n });\n\n this.registerMessageHandlers();\n this.createPermissionMiddleware = getPermissionMiddlewareFactory({\n executeRestrictedMethod: this._executeRestrictedMethod.bind(this),\n getRestrictedMethod: this.getRestrictedMethod.bind(this),\n isUnrestrictedMethod: this.unrestrictedMethods.has.bind(\n this.unrestrictedMethods,\n ),\n });\n }\n\n /**\n * Gets a permission specification.\n *\n * @param targetName - The name of the permission specification to get.\n * @returns The permission specification with the specified target name.\n */\n private getPermissionSpecification<\n TargetName extends ControllerPermissionSpecification['targetName'],\n >(\n targetName: TargetName,\n ): ExtractPermissionSpecification<\n ControllerPermissionSpecification,\n TargetName\n > {\n return this._permissionSpecifications[targetName];\n }\n\n /**\n * Gets a caveat specification.\n *\n * @param caveatType - The type of the caveat specification to get.\n * @returns The caveat specification with the specified type.\n */\n private getCaveatSpecification<\n CaveatType extends ControllerCaveatSpecification['type'],\n >(caveatType: CaveatType) {\n return this._caveatSpecifications[caveatType];\n }\n\n /**\n * Constructor helper for validating permission specifications.\n *\n * Throws an error if validation fails.\n *\n * @param permissionSpecifications - The permission specifications passed to\n * this controller's constructor.\n * @param caveatSpecifications - The caveat specifications passed to this\n * controller.\n */\n private validatePermissionSpecifications(\n permissionSpecifications: PermissionSpecificationMap<ControllerPermissionSpecification>,\n caveatSpecifications: CaveatSpecificationMap<ControllerCaveatSpecification>,\n ) {\n Object.entries<ControllerPermissionSpecification>(\n permissionSpecifications,\n ).forEach(\n ([\n targetName,\n { permissionType, targetName: innerTargetName, allowedCaveats },\n ]) => {\n if (!permissionType || !hasProperty(PermissionType, permissionType)) {\n throw new Error(`Invalid permission type: \"${permissionType}\"`);\n }\n\n if (!targetName) {\n throw new Error(`Invalid permission target name: \"${targetName}\"`);\n }\n\n if (targetName !== innerTargetName) {\n throw new Error(\n `Invalid permission specification: target name \"${targetName}\" must match specification.targetName value \"${innerTargetName}\".`,\n );\n }\n\n if (allowedCaveats) {\n allowedCaveats.forEach((caveatType) => {\n if (!hasProperty(caveatSpecifications, caveatType)) {\n throw new UnrecognizedCaveatTypeError(caveatType);\n }\n\n const specification =\n caveatSpecifications[\n caveatType as ControllerCaveatSpecification['type']\n ];\n const isRestrictedMethodCaveat =\n isRestrictedMethodCaveatSpecification(specification);\n\n if (\n (permissionType === PermissionType.RestrictedMethod &&\n !isRestrictedMethodCaveat) ||\n (permissionType === PermissionType.Endowment &&\n isRestrictedMethodCaveat)\n ) {\n throw new CaveatSpecificationMismatchError(\n specification,\n permissionType,\n );\n }\n });\n }\n },\n );\n }\n\n /**\n * Constructor helper for registering the controller's messaging system\n * actions.\n */\n private registerMessageHandlers(): void {\n this.messagingSystem.registerActionHandler(\n `${controllerName}:clearPermissions` as const,\n () => this.clearState(),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:getEndowments` as const,\n (origin: string, targetName: string, requestData?: unknown) =>\n this.getEndowments(origin, targetName, requestData),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:getSubjectNames` as const,\n () => this.getSubjectNames(),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:getPermissions` as const,\n (origin: OriginString) => this.getPermissions(origin),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:hasPermission` as const,\n (origin: OriginString, targetName: string) =>\n this.hasPermission(origin, targetName),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:hasPermissions` as const,\n (origin: OriginString) => this.hasPermissions(origin),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:grantPermissions` as const,\n this.grantPermissions.bind(this),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:requestPermissions` as const,\n (subject: PermissionSubjectMetadata, permissions: RequestedPermissions) =>\n this.requestPermissions(subject, permissions),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:revokeAllPermissions` as const,\n (origin: OriginString) => this.revokeAllPermissions(origin),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:revokePermissionForAllSubjects` as const,\n (\n target: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n ) => this.revokePermissionForAllSubjects(target),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:revokePermissions` as const,\n this.revokePermissions.bind(this),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:updateCaveat` as const,\n (origin, target, caveatType, caveatValue) => {\n this.updateCaveat(\n origin,\n target,\n caveatType as ExtractAllowedCaveatTypes<ControllerPermissionSpecification>,\n caveatValue,\n );\n },\n );\n }\n\n /**\n * Clears the state of the controller.\n */\n clearState(): void {\n this.update((_draftState) => {\n return {\n ...getDefaultState<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >(),\n };\n });\n }\n\n /**\n * Gets the permission specification corresponding to the given permission\n * type and target name. Throws an error if the target name does not\n * correspond to a permission, or if the specification is not of the\n * given permission type.\n *\n * @template Type - The type of the permission specification to get.\n * @param permissionType - The type of the permission specification to get.\n * @param targetName - The name of the permission whose specification to get.\n * @param requestingOrigin - The origin of the requesting subject, if any.\n * Will be added to any thrown errors.\n * @returns The specification object corresponding to the given type and\n * target name.\n */\n private getTypedPermissionSpecification<Type extends PermissionType>(\n permissionType: Type,\n targetName: string,\n requestingOrigin?: string,\n ): ControllerPermissionSpecification & { permissionType: Type } {\n const failureError =\n permissionType === PermissionType.RestrictedMethod\n ? methodNotFound(\n targetName,\n requestingOrigin ? { origin: requestingOrigin } : undefined,\n )\n : new EndowmentPermissionDoesNotExistError(\n targetName,\n requestingOrigin,\n );\n\n if (!this.targetExists(targetName)) {\n throw failureError;\n }\n\n const specification = this.getPermissionSpecification(targetName);\n if (!hasSpecificationType(specification, permissionType)) {\n throw failureError;\n }\n\n return specification;\n }\n\n /**\n * Gets the implementation of the specified restricted method.\n *\n * A JSON-RPC error is thrown if the method does not exist.\n *\n * @see {@link PermissionController.executeRestrictedMethod} and\n * {@link PermissionController.createPermissionMiddleware} for internal usage.\n * @param method - The name of the restricted method.\n * @param origin - The origin associated with the request for the restricted\n * method, if any.\n * @returns The restricted method implementation.\n */\n getRestrictedMethod(\n method: string,\n origin?: string,\n ): RestrictedMethod<RestrictedMethodParameters, Json> {\n return this.getTypedPermissionSpecification(\n PermissionType.RestrictedMethod,\n method,\n origin,\n ).methodImplementation;\n }\n\n /**\n * Gets a list of all origins of subjects.\n *\n * @returns The origins (i.e. IDs) of all subjects.\n */\n getSubjectNames(): OriginString[] {\n return Object.keys(this.state.subjects);\n }\n\n /**\n * Gets the permission for the specified target of the subject corresponding\n * to the specified origin.\n *\n * @param origin - The origin of the subject.\n * @param targetName - The method name as invoked by a third party (i.e., not\n * a method key).\n * @returns The permission if it exists, or undefined otherwise.\n */\n getPermission<\n SubjectPermission extends ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >,\n >(\n origin: OriginString,\n targetName: SubjectPermission['parentCapability'],\n ): SubjectPermission | undefined {\n return this.state.subjects[origin]?.permissions[targetName] as\n | SubjectPermission\n | undefined;\n }\n\n /**\n * Gets all permissions for the specified subject, if any.\n *\n * @param origin - The origin of the subject.\n * @returns The permissions of the subject, if any.\n */\n getPermissions(\n origin: OriginString,\n ):\n | SubjectPermissions<\n ValidPermission<string, ExtractCaveats<ControllerCaveatSpecification>>\n >\n | undefined {\n return this.state.subjects[origin]?.permissions;\n }\n\n /**\n * Checks whether the subject with the specified origin has the specified\n * permission.\n *\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @returns Whether the subject has the permission.\n */\n hasPermission(\n origin: OriginString,\n target: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n ): boolean {\n return Boolean(this.getPermission(origin, target));\n }\n\n /**\n * Checks whether the subject with the specified origin has any permissions.\n * Use this if you want to know if a subject \"exists\".\n *\n * @param origin - The origin of the subject to check.\n * @returns Whether the subject has any permissions.\n */\n hasPermissions(origin: OriginString): boolean {\n return Boolean(this.state.subjects[origin]);\n }\n\n /**\n * Revokes all permissions from the specified origin.\n *\n * Throws an error of the origin has no permissions.\n *\n * @param origin - The origin whose permissions to revoke.\n */\n revokeAllPermissions(origin: OriginString): void {\n this.update((draftState) => {\n if (!draftState.subjects[origin]) {\n throw new UnrecognizedSubjectError(origin);\n }\n delete draftState.subjects[origin];\n });\n }\n\n /**\n * Revokes the specified permission from the subject with the specified\n * origin.\n *\n * Throws an error if the subject or the permission does not exist.\n *\n * @param origin - The origin of the subject whose permission to revoke.\n * @param target - The target name of the permission to revoke.\n */\n revokePermission(\n origin: OriginString,\n target: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n ): void {\n this.revokePermissions({ [origin]: [target] });\n }\n\n /**\n * Revokes the specified permissions from the specified subjects.\n *\n * Throws an error if any of the subjects or permissions do not exist.\n *\n * @param subjectsAndPermissions - An object mapping subject origins\n * to arrays of permission target names to revoke.\n */\n revokePermissions(\n subjectsAndPermissions: Record<\n OriginString,\n NonEmptyArray<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability']\n >\n >,\n ): void {\n this.update((draftState) => {\n Object.keys(subjectsAndPermissions).forEach((origin) => {\n if (!hasProperty(draftState.subjects, origin)) {\n throw new UnrecognizedSubjectError(origin);\n }\n\n subjectsAndPermissions[origin].forEach((target) => {\n const { permissions } = draftState.subjects[origin];\n if (!hasProperty(permissions as Record<string, unknown>, target)) {\n throw new PermissionDoesNotExistError(origin, target);\n }\n\n this.deletePermission(draftState.subjects, origin, target);\n });\n });\n });\n }\n\n /**\n * Revokes all permissions corresponding to the specified target for all subjects.\n * Does nothing if no subjects or no such permission exists.\n *\n * @param target - The name of the target to revoke all permissions for.\n */\n revokePermissionForAllSubjects(\n target: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n ): void {\n if (this.getSubjectNames().length === 0) {\n return;\n }\n\n this.update((draftState) => {\n Object.entries(draftState.subjects).forEach(([origin, subject]) => {\n const { permissions } = subject;\n\n if (hasProperty(permissions as Record<string, unknown>, target)) {\n this.deletePermission(draftState.subjects, origin, target);\n }\n });\n });\n }\n\n /**\n * Deletes the permission identified by the given origin and target. If the\n * permission is the single remaining permission of its subject, the subject\n * is also deleted.\n *\n * @param subjects - The draft permission controller subjects.\n * @param origin - The origin of the subject associated with the permission\n * to delete.\n * @param target - The target name of the permission to delete.\n */\n private deletePermission(\n subjects: Draft<PermissionControllerSubjects<PermissionConstraint>>,\n origin: OriginString,\n target: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n ): void {\n const { permissions } = subjects[origin];\n if (Object.keys(permissions).length > 1) {\n delete permissions[target];\n } else {\n delete subjects[origin];\n }\n }\n\n /**\n * Checks whether the permission of the subject corresponding to the given\n * origin has a caveat of the specified type.\n *\n * Throws an error if the subject does not have a permission with the\n * specified target name.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to check for.\n * @returns Whether the permission has the specified caveat.\n */\n hasCaveat<\n TargetName extends ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n CaveatType extends ExtractAllowedCaveatTypes<ControllerPermissionSpecification>,\n >(origin: OriginString, target: TargetName, caveatType: CaveatType): boolean {\n return Boolean(this.getCaveat(origin, target, caveatType));\n }\n\n /**\n * Gets the caveat of the specified type, if any, for the permission of\n * the subject corresponding to the given origin.\n *\n * Throws an error if the subject does not have a permission with the\n * specified target name.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to get.\n * @returns The caveat, or `undefined` if no such caveat exists.\n */\n getCaveat<\n TargetName extends ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n CaveatType extends ExtractAllowedCaveatTypes<ControllerPermissionSpecification>,\n >(\n origin: OriginString,\n target: TargetName,\n caveatType: CaveatType,\n ): ExtractCaveat<ControllerCaveatSpecification, CaveatType> | undefined {\n const permission = this.getPermission(origin, target);\n if (!permission) {\n throw new PermissionDoesNotExistError(origin, target);\n }\n\n return findCaveat(permission, caveatType) as\n | ExtractCaveat<ControllerCaveatSpecification, CaveatType>\n | undefined;\n }\n\n /**\n * Adds a caveat of the specified type, with the specified caveat value, to\n * the permission corresponding to the given subject origin and permission\n * target.\n *\n * For modifying existing caveats, use\n * {@link PermissionController.updateCaveat}.\n *\n * Throws an error if no such permission exists, or if the caveat already\n * exists.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to add.\n * @param caveatValue - The value of the caveat to add.\n */\n addCaveat<\n TargetName extends ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n CaveatType extends ExtractAllowedCaveatTypes<ControllerPermissionSpecification>,\n >(\n origin: OriginString,\n target: TargetName,\n caveatType: CaveatType,\n caveatValue: ExtractCaveatValue<ControllerCaveatSpecification, CaveatType>,\n ): void {\n if (this.hasCaveat(origin, target, caveatType)) {\n throw new CaveatAlreadyExistsError(origin, target, caveatType);\n }\n\n this.setCaveat(origin, target, caveatType, caveatValue);\n }\n\n /**\n * Updates the value of the caveat of the specified type belonging to the\n * permission corresponding to the given subject origin and permission\n * target.\n *\n * For adding new caveats, use\n * {@link PermissionController.addCaveat}.\n *\n * Throws an error if no such permission or caveat exists.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to update.\n * @param caveatValue - The new value of the caveat.\n */\n updateCaveat<\n TargetName extends ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n CaveatType extends ExtractAllowedCaveatTypes<ControllerPermissionSpecification>,\n CaveatValue extends ExtractCaveatValue<\n ControllerCaveatSpecification,\n CaveatType\n >,\n >(\n origin: OriginString,\n target: TargetName,\n caveatType: CaveatType,\n caveatValue: CaveatValue,\n ): void {\n if (!this.hasCaveat(origin, target, caveatType)) {\n throw new CaveatDoesNotExistError(origin, target, caveatType);\n }\n\n this.setCaveat(origin, target, caveatType, caveatValue);\n }\n\n /**\n * Sets the specified caveat on the specified permission. Overwrites existing\n * caveats of the same type in-place (preserving array order), and adds the\n * caveat to the end of the array otherwise.\n *\n * Throws an error if the permission does not exist or fails to validate after\n * its caveats have been modified.\n *\n * @see {@link PermissionController.addCaveat}\n * @see {@link PermissionController.updateCaveat}\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to set.\n * @param caveatValue - The value of the caveat to set.\n */\n private setCaveat<\n TargetName extends ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n CaveatType extends ExtractAllowedCaveatTypes<ControllerPermissionSpecification>,\n >(\n origin: OriginString,\n target: TargetName,\n caveatType: CaveatType,\n caveatValue: ExtractCaveatValue<ControllerCaveatSpecification, CaveatType>,\n ): void {\n this.update((draftState) => {\n const subject = draftState.subjects[origin];\n\n // Unreachable because `hasCaveat` is always called before this, and it\n // throws if permissions are missing. TypeScript needs this, however.\n /* istanbul ignore if */\n if (!subject) {\n throw new UnrecognizedSubjectError(origin);\n }\n\n const permission = subject.permissions[target];\n\n /* istanbul ignore if: practically impossible, but TypeScript wants it */\n if (!permission) {\n throw new PermissionDoesNotExistError(origin, target);\n }\n\n const caveat = {\n type: caveatType,\n value: caveatValue,\n };\n this.validateCaveat(caveat, origin, target);\n\n if (permission.caveats) {\n const caveatIndex = permission.caveats.findIndex(\n (existingCaveat) => existingCaveat.type === caveat.type,\n );\n\n if (caveatIndex === -1) {\n permission.caveats.push(caveat);\n } else {\n permission.caveats.splice(caveatIndex, 1, caveat);\n }\n } else {\n // Typecast: At this point, we don't know if the specific permission\n // is allowed to have caveats, but it should be impossible to call\n // this method for a permission that may not have any caveats.\n // If all else fails, the permission validator is also called.\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n permission.caveats = [caveat] as any;\n }\n\n this.validateModifiedPermission(permission, origin);\n });\n }\n\n /**\n * Updates all caveats with the specified type for all subjects and\n * permissions by applying the specified mutator function to them.\n *\n * ATTN: Permissions can be revoked entirely by the action of this method,\n * read on for details.\n *\n * Caveat mutators are functions that receive a caveat value and return a\n * tuple consisting of a {@link CaveatMutatorOperation} and, optionally, a new\n * value to update the existing caveat with.\n *\n * For each caveat, depending on the mutator result, this method will:\n * - Do nothing ({@link CaveatMutatorOperation.noop})\n * - Update the value of the caveat ({@link CaveatMutatorOperation.updateValue}). The caveat specification validator, if any, will be called after updating the value.\n * - Delete the caveat ({@link CaveatMutatorOperation.deleteCaveat}). The permission specification validator, if any, will be called after deleting the caveat.\n * - Revoke the parent permission ({@link CaveatMutatorOperation.revokePermission})\n *\n * This method throws if the validation of any caveat or permission fails.\n *\n * @param targetCaveatType - The type of the caveats to update.\n * @param mutator - The mutator function which will be applied to all caveat\n * values.\n */\n updatePermissionsByCaveat<\n CaveatType extends ExtractCaveats<ControllerCaveatSpecification>['type'],\n TargetCaveat extends ExtractCaveat<\n ControllerCaveatSpecification,\n CaveatType\n >,\n >(targetCaveatType: CaveatType, mutator: CaveatMutator<TargetCaveat>): void {\n if (Object.keys(this.state.subjects).length === 0) {\n return;\n }\n\n this.update((draftState) => {\n Object.values(draftState.subjects).forEach((subject) => {\n Object.values(subject.permissions).forEach((permission) => {\n const { caveats } = permission;\n const targetCaveat = caveats?.find(\n ({ type }) => type === targetCaveatType,\n );\n if (!targetCaveat) {\n return;\n }\n\n // The mutator may modify the caveat value in place, and must always\n // return a valid mutation result.\n const mutatorResult = mutator(targetCaveat.value);\n switch (mutatorResult.operation) {\n case CaveatMutatorOperation.noop:\n break;\n\n case CaveatMutatorOperation.updateValue:\n // Typecast: `Mutable` is used here to assign to a readonly\n // property. `targetConstraint` should already be mutable because\n // it's part of a draft, but for some reason it's not. We can't\n // use the more-correct `Draft` type here either because it\n // results in an error.\n (targetCaveat as Mutable<CaveatConstraint, 'value'>).value =\n mutatorResult.value;\n\n this.validateCaveat(\n targetCaveat,\n subject.origin,\n permission.parentCapability,\n );\n break;\n\n case CaveatMutatorOperation.deleteCaveat:\n this.deleteCaveat(permission, targetCaveatType, subject.origin);\n break;\n\n case CaveatMutatorOperation.revokePermission:\n this.deletePermission(\n draftState.subjects,\n subject.origin,\n permission.parentCapability,\n );\n break;\n\n default: {\n // This type check ensures that the switch statement is\n // exhaustive.\n const _exhaustiveCheck: never = mutatorResult;\n throw new Error(\n `Unrecognized mutation result: \"${\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n (_exhaustiveCheck as any).operation\n }\"`,\n );\n }\n }\n });\n });\n });\n }\n\n /**\n * Removes the caveat of the specified type from the permission corresponding\n * to the given subject origin and target name.\n *\n * Throws an error if no such permission or caveat exists.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to remove.\n */\n removeCaveat<\n TargetName extends ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n CaveatType extends ExtractAllowedCaveatTypes<ControllerPermissionSpecification>,\n >(origin: OriginString, target: TargetName, caveatType: CaveatType): void {\n this.update((draftState) => {\n const permission = draftState.subjects[origin]?.permissions[target];\n if (!permission) {\n throw new PermissionDoesNotExistError(origin, target);\n }\n\n if (!permission.caveats) {\n throw new CaveatDoesNotExistError(origin, target, caveatType);\n }\n\n this.deleteCaveat(permission, caveatType, origin);\n });\n }\n\n /**\n * Deletes the specified caveat from the specified permission. If no caveats\n * remain after deletion, the permission's caveat property is set to `null`.\n * The permission is validated after being modified.\n *\n * Throws an error if the permission does not have a caveat with the specified\n * type.\n *\n * @param permission - The permission whose caveat to delete.\n * @param caveatType - The type of the caveat to delete.\n * @param origin - The origin the permission subject.\n */\n private deleteCaveat<\n CaveatType extends ExtractCaveats<ControllerCaveatSpecification>['type'],\n >(\n permission: Draft<PermissionConstraint>,\n caveatType: CaveatType,\n origin: OriginString,\n ): void {\n /* istanbul ignore if: not possible in our usage */\n if (!permission.caveats) {\n throw new CaveatDoesNotExistError(\n origin,\n permission.parentCapability,\n caveatType,\n );\n }\n\n const caveatIndex = permission.caveats.findIndex(\n (existingCaveat) => existingCaveat.type === caveatType,\n );\n\n if (caveatIndex === -1) {\n throw new CaveatDoesNotExistError(\n origin,\n permission.parentCapability,\n caveatType,\n );\n }\n\n if (permission.caveats.length === 1) {\n permission.caveats = null;\n } else {\n permission.caveats.splice(caveatIndex, 1);\n }\n\n this.validateModifiedPermission(permission, origin);\n }\n\n /**\n * Validates the specified modified permission. Should **always** be invoked\n * on a permission after its caveats have been modified.\n *\n * Just like {@link PermissionController.validatePermission}, except that the\n * corresponding target name and specification are retrieved first, and an\n * error is thrown if the target name does not exist.\n *\n * @param permission - The modified permission to validate.\n * @param origin - The origin associated with the permission.\n */\n private validateModifiedPermission(\n permission: Draft<PermissionConstraint>,\n origin: OriginString,\n ): void {\n /* istanbul ignore if: this should be impossible */\n if (!this.targetExists(permission.parentCapability)) {\n throw new Error(\n `Fatal: Existing permission target \"${permission.parentCapability}\" has no specification.`,\n );\n }\n\n this.validatePermission(\n this.getPermissionSpecification(permission.parentCapability),\n permission as PermissionConstraint,\n origin,\n );\n }\n\n /**\n * Verifies the existence the specified permission target, i.e. whether it has\n * a specification.\n *\n * @param target - The requested permission target.\n * @returns Whether the permission target exists.\n */\n private targetExists(\n target: string,\n ): target is ControllerPermissionSpecification['targetName'] {\n return hasProperty(this._permissionSpecifications, target);\n }\n\n /**\n * Grants _approved_ permissions to the specified subject. Every permission and\n * caveat is stringently validated – including by calling every specification\n * validator – and an error is thrown if any validation fails.\n *\n * ATTN: This method does **not** prompt the user for approval.\n *\n * @see {@link PermissionController.requestPermissions} For initiating a\n * permissions request requiring user approval.\n * @param options - Options bag.\n * @param options.approvedPermissions - The requested permissions approved by\n * the user.\n * @param options.requestData - Permission request data. Passed to permission\n * factory functions.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions.\n * @param options.subject - The subject to grant permissions to.\n * @returns The granted permissions.\n */\n grantPermissions({\n approvedPermissions,\n requestData,\n preserveExistingPermissions = true,\n subject,\n }: {\n approvedPermissions: RequestedPermissions;\n subject: PermissionSubjectMetadata;\n preserveExistingPermissions?: boolean;\n requestData?: Record<string, unknown>;\n }): SubjectPermissions<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n > {\n const { origin } = subject;\n\n if (!origin || typeof origin !== 'string') {\n throw new InvalidSubjectIdentifierError(origin);\n }\n\n const permissions = (\n preserveExistingPermissions\n ? {\n ...this.getPermissions(origin),\n }\n : {}\n ) as SubjectPermissions<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >;\n\n for (const [requestedTarget, approvedPermission] of Object.entries(\n approvedPermissions,\n )) {\n if (!this.targetExists(requestedTarget)) {\n throw methodNotFound(requestedTarget);\n }\n\n if (\n approvedPermission.parentCapability !== undefined &&\n requestedTarget !== approvedPermission.parentCapability\n ) {\n throw new InvalidApprovedPermissionError(\n origin,\n requestedTarget,\n approvedPermission,\n );\n }\n\n // We have verified that the target exists, and reassign it to change its\n // type.\n const targetName = requestedTarget as ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'];\n const specification = this.getPermissionSpecification(targetName);\n\n // The requested caveats are validated here.\n const caveats = this.constructCaveats(\n origin,\n targetName,\n approvedPermission.caveats,\n );\n\n const permissionOptions = {\n caveats,\n invoker: origin,\n target: targetName,\n };\n\n let permission: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >;\n if (specification.factory) {\n permission = specification.factory(permissionOptions, requestData);\n\n // Full caveat and permission validation is performed here since the\n // factory function can arbitrarily modify the entire permission object,\n // including its caveats.\n this.validatePermission(specification, permission, origin);\n } else {\n permission = constructPermission(permissionOptions);\n\n // We do not need to validate caveats in this case, because the plain\n // permission constructor function does not modify the caveats, which\n // were already validated by `constructCaveats` above.\n this.validatePermission(specification, permission, origin, {\n invokePermissionValidator: true,\n performCaveatValidation: false,\n });\n }\n permissions[targetName] = permission;\n }\n\n this.setValidatedPermissions(origin, permissions);\n return permissions;\n }\n\n /**\n * Validates the specified permission by:\n * - Ensuring that if `subjectTypes` is specified, the subject requesting the permission is of a type in the list.\n * - Ensuring that its `caveats` property is either `null` or a non-empty array.\n * - Ensuring that it only includes caveats allowed by its specification.\n * - Ensuring that it includes no duplicate caveats (by caveat type).\n * - Validating each caveat object, if `performCaveatValidation` is `true`.\n * - Calling the validator of its specification, if one exists and `invokePermissionValidator` is `true`.\n *\n * An error is thrown if validation fails.\n *\n * @param specification - The specification of the permission.\n * @param permission - The permission to validate.\n * @param origin - The origin associated with the permission.\n * @param validationOptions - Validation options.\n * @param validationOptions.invokePermissionValidator - Whether to invoke the\n * permission's consumer-specified validator function, if any.\n * @param validationOptions.performCaveatValidation - Whether to invoke\n * {@link PermissionController.validateCaveat} on each of the permission's\n * caveats.\n */\n private validatePermission(\n specification: PermissionSpecificationConstraint,\n permission: PermissionConstraint,\n origin: OriginString,\n { invokePermissionValidator, performCaveatValidation } = {\n invokePermissionValidator: true,\n performCaveatValidation: true,\n },\n ): void {\n const { allowedCaveats, validator, targetName } = specification;\n\n if (\n specification.subjectTypes?.length &&\n specification.subjectTypes.length > 0\n ) {\n const metadata = this.messagingSystem.call(\n 'SubjectMetadataController:getSubjectMetadata',\n origin,\n );\n\n if (\n !metadata ||\n metadata.subjectType === null ||\n !specification.subjectTypes.includes(metadata.subjectType)\n ) {\n throw specification.permissionType === PermissionType.RestrictedMethod\n ? methodNotFound(targetName, { origin })\n : new EndowmentPermissionDoesNotExistError(targetName, origin);\n }\n }\n\n if (hasProperty(permission, 'caveats')) {\n const { caveats } = permission;\n\n if (caveats !== null && !(Array.isArray(caveats) && caveats.length > 0)) {\n throw new InvalidCaveatsPropertyError(origin, targetName, caveats);\n }\n\n const seenCaveatTypes = new Set<string>();\n caveats?.forEach((caveat) => {\n if (performCaveatValidation) {\n this.validateCaveat(caveat, origin, targetName);\n }\n\n if (!allowedCaveats?.includes(caveat.type)) {\n throw new ForbiddenCaveatError(caveat.type, origin, targetName);\n }\n\n if (seenCaveatTypes.has(caveat.type)) {\n throw new DuplicateCaveatError(caveat.type, origin, targetName);\n }\n seenCaveatTypes.add(caveat.type);\n });\n }\n\n if (invokePermissionValidator && validator) {\n validator(permission, origin, targetName);\n }\n }\n\n /**\n * Assigns the specified permissions to the subject with the given origin.\n * Overwrites all existing permissions, and creates a subject entry if it\n * doesn't already exist.\n *\n * ATTN: Assumes that the new permissions have been validated.\n *\n * @param origin - The origin of the grantee subject.\n * @param permissions - The new permissions for the grantee subject.\n */\n private setValidatedPermissions(\n origin: OriginString,\n permissions: Record<\n string,\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >,\n ): void {\n this.update((draftState) => {\n if (!draftState.subjects[origin]) {\n draftState.subjects[origin] = { origin, permissions: {} };\n }\n\n draftState.subjects[origin].permissions = castDraft(permissions);\n });\n }\n\n /**\n * Validates the requested caveats for the permission of the specified\n * subject origin and target name and returns the validated caveat array.\n *\n * Throws an error if validation fails.\n *\n * @param origin - The origin of the permission subject.\n * @param target - The permission target name.\n * @param requestedCaveats - The requested caveats to construct.\n * @returns The constructed caveats.\n */\n private constructCaveats(\n origin: OriginString,\n target: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n requestedCaveats?: unknown[] | null,\n ): NonEmptyArray<ExtractCaveats<ControllerCaveatSpecification>> | undefined {\n const caveatArray = requestedCaveats?.map((requestedCaveat) => {\n this.validateCaveat(requestedCaveat, origin, target);\n\n // Reassign so that we have a fresh object.\n const { type, value } = requestedCaveat as CaveatConstraint;\n return { type, value } as ExtractCaveats<ControllerCaveatSpecification>;\n });\n\n return caveatArray && isNonEmptyArray(caveatArray)\n ? caveatArray\n : undefined;\n }\n\n /**\n * This methods validates that the specified caveat is an object with the\n * expected properties and types. It also ensures that a caveat specification\n * exists for the requested caveat type, and calls the specification\n * validator, if it exists, on the caveat object.\n *\n * Throws an error if validation fails.\n *\n * @param caveat - The caveat object to validate.\n * @param origin - The origin associated with the subject of the parent\n * permission.\n * @param target - The target name associated with the parent permission.\n */\n private validateCaveat(\n caveat: unknown,\n origin: OriginString,\n target: string,\n ): void {\n if (!isPlainObject(caveat)) {\n // eslint-disable-next-line @typescript-eslint/no-throw-literal\n throw new InvalidCaveatError(caveat, origin, target);\n }\n\n if (Object.keys(caveat).length !== 2) {\n throw new InvalidCaveatFieldsError(caveat, origin, target);\n }\n\n if (typeof caveat.type !== 'string') {\n throw new InvalidCaveatTypeError(caveat, origin, target);\n }\n\n const specification = this.getCaveatSpecification(caveat.type);\n if (!specification) {\n throw new UnrecognizedCaveatTypeError(caveat.type, origin, target);\n }\n\n if (!hasProperty(caveat, 'value') || caveat.value === undefined) {\n throw new CaveatMissingValueError(caveat, origin, target);\n }\n\n if (!isValidJson(caveat.value)) {\n throw new CaveatInvalidJsonError(caveat, origin, target);\n }\n\n // Typecast: TypeScript still believes that the caveat is a PlainObject.\n specification.validator?.(caveat as CaveatConstraint, origin, target);\n }\n\n /**\n * Initiates a permission request that requires user approval. This should\n * always be used to grant additional permissions to a subject, unless user\n * approval has been obtained through some other means.\n *\n * Permissions are validated at every step of the approval process, and this\n * method will reject if validation fails.\n *\n * @see {@link ApprovalController} For the user approval logic.\n * @see {@link PermissionController.acceptPermissionsRequest} For the method\n * that _accepts_ the request and resolves the user approval promise.\n * @see {@link PermissionController.rejectPermissionsRequest} For the method\n * that _rejects_ the request and the user approval promise.\n * @param subject - The grantee subject.\n * @param requestedPermissions - The requested permissions.\n * @param options - Additional options.\n * @param options.id - The id of the permissions request. Defaults to a unique\n * id.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions. Defaults to `true`.\n * @returns The granted permissions and request metadata.\n */\n async requestPermissions(\n subject: PermissionSubjectMetadata,\n requestedPermissions: RequestedPermissions,\n options: {\n id?: string;\n preserveExistingPermissions?: boolean;\n } = {},\n ): Promise<\n [\n SubjectPermissions<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >,\n { data?: Record<string, unknown>; id: string; origin: OriginString },\n ]\n > {\n const { origin } = subject;\n const { id = nanoid(), preserveExistingPermissions = true } = options;\n this.validateRequestedPermissions(origin, requestedPermissions);\n\n const metadata = {\n id,\n origin,\n };\n\n const permissionsRequest = {\n metadata,\n permissions: requestedPermissions,\n };\n\n const approvedRequest = await this.requestUserApproval(permissionsRequest);\n const { permissions: approvedPermissions, ...requestData } =\n approvedRequest;\n\n const sideEffects = this.getSideEffects(approvedPermissions);\n\n if (Object.values(sideEffects.permittedHandlers).length > 0) {\n const sideEffectsData = await this.executeSideEffects(\n sideEffects,\n approvedRequest,\n );\n const mappedData = Object.keys(sideEffects.permittedHandlers).reduce(\n (acc, permission, i) => ({ [permission]: sideEffectsData[i], ...acc }),\n {},\n );\n\n return [\n this.grantPermissions({\n subject,\n approvedPermissions,\n preserveExistingPermissions,\n requestData,\n }),\n { data: mappedData, ...metadata },\n ];\n }\n\n return [\n this.grantPermissions({\n subject,\n approvedPermissions,\n preserveExistingPermissions,\n requestData,\n }),\n metadata,\n ];\n }\n\n /**\n * Validates requested permissions. Throws if validation fails.\n *\n * This method ensures that the requested permissions are a properly\n * formatted {@link RequestedPermissions} object, and performs the same\n * validation as {@link PermissionController.grantPermissions}, except that\n * consumer-specified permission validator functions are not called, since\n * they are only called on fully constructed, approved permissions that are\n * otherwise completely valid.\n *\n * Unrecognzied properties on requested permissions are ignored.\n *\n * @param origin - The origin of the grantee subject.\n * @param requestedPermissions - The requested permissions.\n */\n private validateRequestedPermissions(\n origin: OriginString,\n requestedPermissions: unknown,\n ): void {\n if (!isPlainObject(requestedPermissions)) {\n throw invalidParams({\n message: `Requested permissions for origin \"${origin}\" is not a plain object.`,\n data: { origin, requestedPermissions },\n });\n }\n\n if (Object.keys(requestedPermissions).length === 0) {\n throw invalidParams({\n message: `Permissions request for origin \"${origin}\" contains no permissions.`,\n data: { requestedPermissions },\n });\n }\n\n for (const targetName of Object.keys(requestedPermissions)) {\n const permission = requestedPermissions[targetName];\n\n if (!this.targetExists(targetName)) {\n throw methodNotFound(targetName, { origin, requestedPermissions });\n }\n\n if (\n !isPlainObject(permission) ||\n (permission.parentCapability !== undefined &&\n targetName !== permission.parentCapability)\n ) {\n throw invalidParams({\n message: `Permissions request for origin \"${origin}\" contains invalid requested permission(s).`,\n data: { origin, requestedPermissions },\n });\n }\n\n // Here we validate the permission without invoking its validator, if any.\n // The validator will be invoked after the permission has been approved.\n this.validatePermission(\n this.getPermissionSpecification(targetName),\n // Typecast: The permission is still a \"PlainObject\" here.\n permission as PermissionConstraint,\n origin,\n { invokePermissionValidator: false, performCaveatValidation: true },\n );\n }\n }\n\n /**\n * Adds a request to the {@link ApprovalController} using the\n * {@link AddApprovalRequest} action. Also validates the resulting approved\n * permissions request, and throws an error if validation fails.\n *\n * @param permissionsRequest - The permissions request object.\n * @returns The approved permissions request object.\n */\n private async requestUserApproval(permissionsRequest: PermissionsRequest) {\n const { origin, id } = permissionsRequest.metadata;\n const approvedRequest = await this.messagingSystem.call(\n 'ApprovalController:addRequest',\n {\n id,\n origin,\n requestData: permissionsRequest,\n type: MethodNames.requestPermissions,\n },\n true,\n );\n\n this.validateApprovedPermissions(approvedRequest, { id, origin });\n return approvedRequest as PermissionsRequest;\n }\n\n /**\n * Reunites all the side-effects (onPermitted and onFailure) of the requested permissions inside a record of arrays.\n *\n * @param permissions - The approved permissions.\n * @returns The {@link SideEffects} object containing the handlers arrays.\n */\n private getSideEffects(permissions: RequestedPermissions) {\n return Object.keys(permissions).reduce<SideEffects>(\n (sideEffectList, targetName) => {\n if (this.targetExists(targetName)) {\n const specification = this.getPermissionSpecification(targetName);\n\n if (specification.sideEffect) {\n sideEffectList.permittedHandlers[targetName] =\n specification.sideEffect.onPermitted;\n\n if (specification.sideEffect.onFailure) {\n sideEffectList.failureHandlers[targetName] =\n specification.sideEffect.onFailure;\n }\n }\n }\n return sideEffectList;\n },\n { permittedHandlers: {}, failureHandlers: {} },\n );\n }\n\n /**\n * Executes the side-effects of the approved permissions while handling the errors if any.\n * It will pass an instance of the {@link messagingSystem} and the request data associated with the permission request to the handlers through its params.\n *\n * @param sideEffects - the side-effect record created by {@link getSideEffects}\n * @param requestData - the permissions requestData.\n * @returns the value returned by all the `onPermitted` handlers in an array.\n */\n private async executeSideEffects(\n sideEffects: SideEffects,\n requestData: PermissionsRequest,\n ) {\n const { permittedHandlers, failureHandlers } = sideEffects;\n const params = {\n requestData,\n messagingSystem: this.messagingSystem,\n };\n\n const promiseResults = await Promise.allSettled(\n Object.values(permittedHandlers).map((permittedHandler) =>\n permittedHandler(params),\n ),\n );\n\n // lib.es2020.promise.d.ts does not export its types so we're using a simple type.\n const rejectedHandlers = promiseResults.filter(\n (promise) => promise.status === 'rejected',\n ) as { status: 'rejected'; reason: Error }[];\n\n if (rejectedHandlers.length > 0) {\n const failureHandlersList = Object.values(failureHandlers);\n if (failureHandlersList.length > 0) {\n try {\n await Promise.all(\n failureHandlersList.map((failureHandler) => failureHandler(params)),\n );\n } catch (error) {\n throw internalError('Unexpected error in side-effects', { error });\n }\n }\n const reasons = rejectedHandlers.map((handler) => handler.reason);\n\n reasons.forEach((reason) => {\n console.error(reason);\n });\n\n throw reasons.length > 1\n ? internalError(\n 'Multiple errors occurred during side-effects execution',\n { errors: reasons },\n )\n : reasons[0];\n }\n\n // lib.es2020.promise.d.ts does not export its types so we're using a simple type.\n return (promiseResults as { status: 'fulfilled'; value: unknown }[]).map(\n ({ value }) => value,\n );\n }\n\n /**\n * Validates an approved {@link PermissionsRequest} object. The approved\n * request must have the required `metadata` and `permissions` properties,\n * the `id` and `origin` of the `metadata` must match the original request\n * metadata, and the requested permissions must be valid per\n * {@link PermissionController.validateRequestedPermissions}. Any extra\n * metadata properties are ignored.\n *\n * An error is thrown if validation fails.\n *\n * @param approvedRequest - The approved permissions request object.\n * @param originalMetadata - The original request metadata.\n */\n private validateApprovedPermissions(\n approvedRequest: unknown,\n originalMetadata: PermissionsRequestMetadata,\n ) {\n const { id, origin } = originalMetadata;\n\n if (\n !isPlainObject(approvedRequest) ||\n !isPlainObject(approvedRequest.metadata)\n ) {\n throw internalError(\n `Approved permissions request for subject \"${origin}\" is invalid.`,\n { data: { approvedRequest } },\n );\n }\n\n const {\n metadata: { id: newId, origin: newOrigin },\n permissions,\n } = approvedRequest;\n\n if (newId !== id) {\n throw internalError(\n `Approved permissions request for subject \"${origin}\" mutated its id.`,\n { originalId: id, mutatedId: newId },\n );\n }\n\n if (newOrigin !== origin) {\n throw internalError(\n `Approved permissions request for subject \"${origin}\" mutated its origin.`,\n { originalOrigin: origin, mutatedOrigin: newOrigin },\n );\n }\n\n try {\n this.validateRequestedPermissions(origin, permissions);\n } catch (error) {\n if (error instanceof JsonRpcError) {\n // Re-throw as an internal error; we should never receive invalid approved\n // permissions.\n throw internalError(\n `Invalid approved permissions request: ${error.message}`,\n error.data,\n );\n }\n throw internalError('Unrecognized error type', { error });\n }\n }\n\n /**\n * Accepts a permissions request created by\n * {@link PermissionController.requestPermissions}.\n *\n * @param request - The permissions request.\n */\n async acceptPermissionsRequest(request: PermissionsRequest): Promise<void> {\n const { id } = request.metadata;\n\n if (!this.hasApprovalRequest({ id })) {\n throw new PermissionsRequestNotFoundError(id);\n }\n\n if (Object.keys(request.permissions).length === 0) {\n this._rejectPermissionsRequest(\n id,\n invalidParams({\n message: 'Must request at least one permission.',\n }),\n );\n return;\n }\n\n try {\n this.messagingSystem.call(\n 'ApprovalController:acceptRequest',\n id,\n request,\n );\n } catch (error) {\n // If accepting unexpectedly fails, reject the request and re-throw the\n // error\n this._rejectPermissionsRequest(id, error);\n throw error;\n }\n }\n\n /**\n * Rejects a permissions request created by\n * {@link PermissionController.requestPermissions}.\n *\n * @param id - The id of the request to be rejected.\n */\n async rejectPermissionsRequest(id: string): Promise<void> {\n if (!this.hasApprovalRequest({ id })) {\n throw new PermissionsRequestNotFoundError(id);\n }\n\n this._rejectPermissionsRequest(id, userRejectedRequest());\n }\n\n /**\n * Checks whether the {@link ApprovalController} has a particular permissions\n * request.\n *\n * @see {@link PermissionController.acceptPermissionsRequest} and\n * {@link PermissionController.rejectPermissionsRequest} for usage.\n * @param options - The {@link HasApprovalRequest} options.\n * @param options.id - The id of the approval request to check for.\n * @returns Whether the specified request exists.\n */\n private hasApprovalRequest(options: { id: string }): boolean {\n return this.messagingSystem.call(\n 'ApprovalController:hasRequest',\n // Typecast: For some reason, the type here expects all of the possible\n // HasApprovalRequest options to be specified, when they're actually all\n // optional. Passing just the id is definitely valid, so we just cast it.\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n options as any,\n );\n }\n\n /**\n * Rejects the permissions request with the specified id, with the specified\n * error as the reason. This method is effectively a wrapper around a\n * messenger call for the `ApprovalController:rejectRequest` action.\n *\n * @see {@link PermissionController.acceptPermissionsRequest} and\n * {@link PermissionController.rejectPermissionsRequest} for usage.\n * @param id - The id of the request to reject.\n * @param error - The error associated with the rejection.\n * @returns Nothing\n */\n private _rejectPermissionsRequest(id: string, error: unknown): void {\n return this.messagingSystem.call(\n 'ApprovalController:rejectRequest',\n id,\n error,\n );\n }\n\n /**\n * Gets the subject's endowments per the specified endowment permission.\n * Throws if the subject does not have the required permission or if the\n * permission is not an endowment permission.\n *\n * @param origin - The origin of the subject whose endowments to retrieve.\n * @param targetName - The name of the endowment permission. This must be a\n * valid permission target name.\n * @param requestData - Additional data associated with the request, if any.\n * Forwarded to the endowment getter function for the permission.\n * @returns The endowments, if any.\n */\n async getEndowments(\n origin: string,\n targetName: ExtractEndowmentPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n requestData?: unknown,\n ): Promise<Json> {\n if (!this.hasPermission(origin, targetName)) {\n throw unauthorized({ data: { origin, targetName } });\n }\n\n return this.getTypedPermissionSpecification(\n PermissionType.Endowment,\n targetName,\n origin,\n ).endowmentGetter({ origin, requestData });\n }\n\n /**\n * Executes a restricted method as the subject with the given origin.\n * The specified params, if any, will be passed to the method implementation.\n *\n * ATTN: Great caution should be exercised in the use of this method.\n * Methods that cause side effects or affect application state should\n * be avoided.\n *\n * This method will first attempt to retrieve the requested restricted method\n * implementation, throwing if it does not exist. The method will then be\n * invoked as though the subject with the specified origin had invoked it with\n * the specified parameters. This means that any existing caveats will be\n * applied to the restricted method, and this method will throw if the\n * restricted method or its caveat decorators throw.\n *\n * In addition, this method will throw if the subject does not have a\n * permission for the specified restricted method.\n *\n * @param origin - The origin of the subject to execute the method on behalf\n * of.\n * @param targetName - The name of the method to execute. This must be a valid\n * permission target name.\n * @param params - The parameters to pass to the method implementation.\n * @returns The result of the executed method.\n */\n async executeRestrictedMethod(\n origin: OriginString,\n targetName: ExtractRestrictedMethodPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n params?: RestrictedMethodParameters,\n ): Promise<Json> {\n // Throws if the method does not exist\n const methodImplementation = this.getRestrictedMethod(targetName, origin);\n\n const result = await this._executeRestrictedMethod(\n methodImplementation,\n { origin },\n targetName,\n params,\n );\n\n if (result === undefined) {\n throw new Error(\n `Internal request for method \"${targetName}\" as origin \"${origin}\" returned no result.`,\n );\n }\n\n return result;\n }\n\n /**\n * An internal method used in the controller's `json-rpc-engine` middleware\n * and {@link PermissionController.executeRestrictedMethod}. Calls the\n * specified restricted method implementation after decorating it with the\n * caveats of its permission. Throws if the subject does not have the\n * requisite permission.\n *\n * ATTN: Parameter validation is the responsibility of the caller, or\n * the restricted method implementation in the case of `params`.\n *\n * @see {@link PermissionController.executeRestrictedMethod} and\n * {@link PermissionController.createPermissionMiddleware} for usage.\n * @param methodImplementation - The implementation of the method to call.\n * @param subject - Metadata about the subject that made the request.\n * @param method - The method name\n * @param params - Params needed for executing the restricted method\n * @returns The result of the restricted method implementation\n */\n private _executeRestrictedMethod(\n methodImplementation: RestrictedMethod<RestrictedMethodParameters, Json>,\n subject: PermissionSubjectMetadata,\n method: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n params: RestrictedMethodParameters = [],\n ): ReturnType<RestrictedMethod<RestrictedMethodParameters, Json>> {\n const { origin } = subject;\n\n const permission = this.getPermission(origin, method);\n if (!permission) {\n throw unauthorized({ data: { origin, method } });\n }\n\n return decorateWithCaveats(\n methodImplementation,\n permission,\n this._caveatSpecifications,\n )({ method, params, context: { origin } });\n }\n}\n"]}
package/dist/{chunk-CXKOMB77.mjs → chunk-VFQJB7BG.mjs} RENAMED
@@ -1390,4 +1390,4 @@ export {
1390
1390
  CaveatMutatorOperation,
1391
1391
  PermissionController
1392
1392
  };
1393
- //# sourceMappingURL=chunk-CXKOMB77.mjs.map
1393
+ //# sourceMappingURL=chunk-VFQJB7BG.mjs.map
package/dist/chunk-VFQJB7BG.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/PermissionController.ts"],"sourcesContent":["/* eslint-enable @typescript-eslint/no-unused-vars */\nimport type {\n AcceptRequest as AcceptApprovalRequest,\n AddApprovalRequest,\n HasApprovalRequest,\n RejectRequest as RejectApprovalRequest,\n} from '@metamask/approval-controller';\nimport type {\n StateMetadata,\n RestrictedControllerMessenger,\n ActionConstraint,\n EventConstraint,\n ControllerGetStateAction,\n ControllerStateChangeEvent,\n} from '@metamask/base-controller';\nimport { BaseController } from '@metamask/base-controller';\nimport type { NonEmptyArray } from '@metamask/controller-utils';\nimport {\n isNonEmptyArray,\n isPlainObject,\n isValidJson,\n} from '@metamask/controller-utils';\nimport { JsonRpcError } from '@metamask/rpc-errors';\nimport { hasProperty } from '@metamask/utils';\nimport type { Json, Mutable } from '@metamask/utils';\nimport deepFreeze from 'deep-freeze-strict';\nimport { castDraft, type Draft } from 'immer';\nimport { nanoid } from 'nanoid';\n\nimport type {\n CaveatConstraint,\n CaveatSpecificationConstraint,\n CaveatSpecificationMap,\n ExtractCaveat,\n ExtractCaveats,\n ExtractCaveatValue,\n} from './Caveat';\nimport {\n decorateWithCaveats,\n isRestrictedMethodCaveatSpecification,\n} from './Caveat';\nimport {\n CaveatAlreadyExistsError,\n CaveatDoesNotExistError,\n CaveatInvalidJsonError,\n CaveatMissingValueError,\n CaveatSpecificationMismatchError,\n DuplicateCaveatError,\n EndowmentPermissionDoesNotExistError,\n ForbiddenCaveatError,\n internalError,\n InvalidApprovedPermissionError,\n InvalidCaveatError,\n InvalidCaveatFieldsError,\n InvalidCaveatsPropertyError,\n InvalidCaveatTypeError,\n invalidParams,\n InvalidSubjectIdentifierError,\n methodNotFound,\n PermissionDoesNotExistError,\n PermissionsRequestNotFoundError,\n unauthorized,\n UnrecognizedCaveatTypeError,\n UnrecognizedSubjectError,\n userRejectedRequest,\n} from './errors';\nimport type {\n EndowmentSpecificationConstraint,\n ExtractAllowedCaveatTypes,\n ExtractPermissionSpecification,\n OriginString,\n PermissionConstraint,\n PermissionSpecificationConstraint,\n PermissionSpecificationMap,\n RequestedPermissions,\n RestrictedMethod,\n RestrictedMethodParameters,\n RestrictedMethodSpecificationConstraint,\n SideEffectHandler,\n ValidPermission,\n ValidPermissionSpecification,\n} from './Permission';\nimport {\n constructPermission,\n findCaveat,\n hasSpecificationType,\n PermissionType,\n} from './Permission';\nimport { getPermissionMiddlewareFactory } from './permission-middleware';\nimport type { GetSubjectMetadata } from './SubjectMetadataController';\nimport { MethodNames } from './utils';\n\n/**\n * Metadata associated with {@link PermissionController} subjects.\n */\nexport type PermissionSubjectMetadata = {\n origin: OriginString;\n};\n\n/**\n * Metadata associated with permission requests.\n */\nexport type PermissionsRequestMetadata = PermissionSubjectMetadata & {\n id: string;\n};\n\n/**\n * Used for prompting the user about a proposed new permission.\n * Includes information about the grantee subject, requested permissions, and\n * any additional information added by the consumer.\n *\n * All properties except `permissions` are passed to any factories found for\n * the requested permissions.\n */\nexport type PermissionsRequest = {\n metadata: PermissionsRequestMetadata;\n permissions: RequestedPermissions;\n [key: string]: Json;\n};\n\nexport type SideEffects = {\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n permittedHandlers: Record<string, SideEffectHandler<any, any>>;\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n failureHandlers: Record<string, SideEffectHandler<any, any>>;\n};\n\n/**\n * The name of the {@link PermissionController}.\n */\nconst controllerName = 'PermissionController';\n\n/**\n * Permissions associated with a {@link PermissionController} subject.\n */\nexport type SubjectPermissions<Permission extends PermissionConstraint> =\n Record<Permission['parentCapability'], Permission>;\n\n/**\n * Permissions and metadata associated with a {@link PermissionController}\n * subject.\n */\nexport type PermissionSubjectEntry<\n SubjectPermission extends PermissionConstraint,\n> = {\n origin: SubjectPermission['invoker'];\n permissions: SubjectPermissions<SubjectPermission>;\n};\n\n/**\n * All subjects of a {@link PermissionController}.\n *\n * @template SubjectPermission - The permissions of the subject.\n */\nexport type PermissionControllerSubjects<\n SubjectPermission extends PermissionConstraint,\n> = Record<\n SubjectPermission['invoker'],\n PermissionSubjectEntry<SubjectPermission>\n>;\n\n// TODO:TS4.4 Enable compiler flags to forbid unchecked member access\n/**\n * The state of a {@link PermissionController}.\n *\n * @template Permission - The controller's permission type union.\n */\nexport type PermissionControllerState<Permission> =\n Permission extends PermissionConstraint\n ? {\n subjects: PermissionControllerSubjects<Permission>;\n }\n : never;\n\n/**\n * Get the state metadata of the {@link PermissionController}.\n *\n * @template Permission - The controller's permission type union.\n * @returns The state metadata\n */\nfunction getStateMetadata<Permission extends PermissionConstraint>() {\n return { subjects: { anonymous: true, persist: true } } as StateMetadata<\n PermissionControllerState<Permission>\n >;\n}\n\n/**\n * Get the default state of the {@link PermissionController}.\n *\n * @template Permission - The controller's permission type union.\n * @returns The default state of the controller\n */\nfunction getDefaultState<Permission extends PermissionConstraint>() {\n return { subjects: {} } as PermissionControllerState<Permission>;\n}\n\n/**\n * Gets the state of the {@link PermissionController}.\n */\nexport type GetPermissionControllerState = ControllerGetStateAction<\n typeof controllerName,\n PermissionControllerState<PermissionConstraint>\n>;\n\n/**\n * Gets the names of all subjects from the {@link PermissionController}.\n */\nexport type GetSubjects = {\n type: `${typeof controllerName}:getSubjectNames`;\n handler: () => (keyof PermissionControllerSubjects<PermissionConstraint>)[];\n};\n\n/**\n * Gets the permissions for specified subject\n */\nexport type GetPermissions = {\n type: `${typeof controllerName}:getPermissions`;\n handler: GenericPermissionController['getPermissions'];\n};\n\n/**\n * Checks whether the specified subject has any permissions.\n */\nexport type HasPermissions = {\n type: `${typeof controllerName}:hasPermissions`;\n handler: GenericPermissionController['hasPermissions'];\n};\n\n/**\n * Checks whether the specified subject has a specific permission.\n */\nexport type HasPermission = {\n type: `${typeof controllerName}:hasPermission`;\n handler: GenericPermissionController['hasPermission'];\n};\n\n/**\n * Directly grants given permissions for a specificed origin without requesting user approval\n */\nexport type GrantPermissions = {\n type: `${typeof controllerName}:grantPermissions`;\n handler: GenericPermissionController['grantPermissions'];\n};\n\n/**\n * Requests given permissions for a specified origin\n */\nexport type RequestPermissions = {\n type: `${typeof controllerName}:requestPermissions`;\n handler: GenericPermissionController['requestPermissions'];\n};\n\n/**\n * Removes the specified permissions for each origin.\n */\nexport type RevokePermissions = {\n type: `${typeof controllerName}:revokePermissions`;\n handler: GenericPermissionController['revokePermissions'];\n};\n\n/**\n * Removes all permissions for a given origin\n */\nexport type RevokeAllPermissions = {\n type: `${typeof controllerName}:revokeAllPermissions`;\n handler: GenericPermissionController['revokeAllPermissions'];\n};\n\n/**\n * Revokes all permissions corresponding to the specified target for all subjects.\n * Does nothing if no subjects or no such permission exists.\n */\nexport type RevokePermissionForAllSubjects = {\n type: `${typeof controllerName}:revokePermissionForAllSubjects`;\n handler: GenericPermissionController['revokePermissionForAllSubjects'];\n};\n\n/**\n * Updates a caveat value for a specified caveat type belonging to a specific target and origin.\n */\nexport type UpdateCaveat = {\n type: `${typeof controllerName}:updateCaveat`;\n handler: GenericPermissionController['updateCaveat'];\n};\n\n/**\n * Clears all permissions from the {@link PermissionController}.\n */\nexport type ClearPermissions = {\n type: `${typeof controllerName}:clearPermissions`;\n handler: () => void;\n};\n\n/**\n * Gets the endowments for the given subject and permission.\n */\nexport type GetEndowments = {\n type: `${typeof controllerName}:getEndowments`;\n handler: GenericPermissionController['getEndowments'];\n};\n\n/**\n * The {@link ControllerMessenger} actions of the {@link PermissionController}.\n */\nexport type PermissionControllerActions =\n | ClearPermissions\n | GetEndowments\n | GetPermissionControllerState\n | GetSubjects\n | GetPermissions\n | HasPermission\n | HasPermissions\n | GrantPermissions\n | RequestPermissions\n | RevokeAllPermissions\n | RevokePermissionForAllSubjects\n | RevokePermissions\n | UpdateCaveat;\n\n/**\n * The generic state change event of the {@link PermissionController}.\n */\nexport type PermissionControllerStateChange = ControllerStateChangeEvent<\n typeof controllerName,\n PermissionControllerState<PermissionConstraint>\n>;\n\n/**\n * The {@link ControllerMessenger} events of the {@link PermissionController}.\n *\n * The permission controller only emits its generic state change events.\n * Consumers should use selector subscriptions to subscribe to relevant\n * substate.\n */\nexport type PermissionControllerEvents = PermissionControllerStateChange;\n\n/**\n * The external {@link ControllerMessenger} actions available to the\n * {@link PermissionController}.\n */\ntype AllowedActions =\n | AddApprovalRequest\n | HasApprovalRequest\n | AcceptApprovalRequest\n | RejectApprovalRequest\n | GetSubjectMetadata;\n\n/**\n * The messenger of the {@link PermissionController}.\n */\nexport type PermissionControllerMessenger = RestrictedControllerMessenger<\n typeof controllerName,\n PermissionControllerActions | AllowedActions,\n PermissionControllerEvents,\n AllowedActions['type'],\n never\n>;\n\nexport type SideEffectMessenger<\n Actions extends ActionConstraint,\n Events extends EventConstraint,\n> = RestrictedControllerMessenger<\n typeof controllerName,\n Actions | AllowedActions,\n Events,\n AllowedActions['type'] | Actions['type'],\n Events['type']\n>;\n\n/**\n * A generic {@link PermissionController}.\n */\nexport type GenericPermissionController = PermissionController<\n PermissionSpecificationConstraint,\n CaveatSpecificationConstraint\n>;\n\n/**\n * Describes the possible results of a {@link CaveatMutator} function.\n */\nexport enum CaveatMutatorOperation {\n noop,\n updateValue,\n deleteCaveat,\n revokePermission,\n}\n\n/**\n * Given a caveat value, returns a {@link CaveatMutatorOperation} and, optionally,\n * a new caveat value.\n *\n * @see {@link PermissionController.updatePermissionsByCaveat} for more details.\n * @template Caveat - The caveat type for which this mutator is intended.\n * @param caveatValue - The existing value of the caveat being mutated.\n * @returns A tuple of the mutation result and, optionally, the new caveat\n * value.\n */\nexport type CaveatMutator<TargetCaveat extends CaveatConstraint> = (\n caveatValue: TargetCaveat['value'],\n) => CaveatMutatorResult;\n\ntype CaveatMutatorResult =\n | Readonly<{\n operation: CaveatMutatorOperation.updateValue;\n value: CaveatConstraint['value'];\n }>\n | Readonly<{\n operation: Exclude<\n CaveatMutatorOperation,\n CaveatMutatorOperation.updateValue\n >;\n }>;\n\n/**\n * Extracts the permission(s) specified by the given permission and caveat\n * specifications.\n *\n * @template ControllerPermissionSpecification - The permission specification(s)\n * to extract from.\n * @template ControllerCaveatSpecification - The caveat specification(s) to\n * extract from. Necessary because {@link Permission} has a generic parameter\n * that describes the allowed caveats for the permission.\n */\nexport type ExtractPermission<\n ControllerPermissionSpecification extends PermissionSpecificationConstraint,\n ControllerCaveatSpecification extends CaveatSpecificationConstraint,\n> = ControllerPermissionSpecification extends ValidPermissionSpecification<ControllerPermissionSpecification>\n ? ValidPermission<\n ControllerPermissionSpecification['targetName'],\n ExtractCaveats<ControllerCaveatSpecification>\n >\n : never;\n\n/**\n * Extracts the restricted method permission(s) specified by the given\n * permission and caveat specifications.\n *\n * @template ControllerPermissionSpecification - The permission specification(s)\n * to extract from.\n * @template ControllerCaveatSpecification - The caveat specification(s) to\n * extract from. Necessary because {@link Permission} has a generic parameter\n * that describes the allowed caveats for the permission.\n */\nexport type ExtractRestrictedMethodPermission<\n ControllerPermissionSpecification extends PermissionSpecificationConstraint,\n ControllerCaveatSpecification extends CaveatSpecificationConstraint,\n> = ExtractPermission<\n Extract<\n ControllerPermissionSpecification,\n RestrictedMethodSpecificationConstraint\n >,\n ControllerCaveatSpecification\n>;\n\n/**\n * Extracts the endowment permission(s) specified by the given permission and\n * caveat specifications.\n *\n * @template ControllerPermissionSpecification - The permission specification(s)\n * to extract from.\n * @template ControllerCaveatSpecification - The caveat specification(s) to\n * extract from. Necessary because {@link Permission} has a generic parameter\n * that describes the allowed caveats for the permission.\n */\nexport type ExtractEndowmentPermission<\n ControllerPermissionSpecification extends PermissionSpecificationConstraint,\n ControllerCaveatSpecification extends CaveatSpecificationConstraint,\n> = ExtractPermission<\n Extract<ControllerPermissionSpecification, EndowmentSpecificationConstraint>,\n ControllerCaveatSpecification\n>;\n\n/**\n * Options for the {@link PermissionController} constructor.\n *\n * @template ControllerPermissionSpecification - A union of the types of all\n * permission specifications available to the controller. Any referenced caveats\n * must be included in the controller's caveat specifications.\n * @template ControllerCaveatSpecification - A union of the types of all\n * caveat specifications available to the controller.\n */\nexport type PermissionControllerOptions<\n ControllerPermissionSpecification extends PermissionSpecificationConstraint,\n ControllerCaveatSpecification extends CaveatSpecificationConstraint,\n> = {\n messenger: PermissionControllerMessenger;\n caveatSpecifications: CaveatSpecificationMap<ControllerCaveatSpecification>;\n permissionSpecifications: PermissionSpecificationMap<ControllerPermissionSpecification>;\n unrestrictedMethods: readonly string[];\n state?: Partial<\n PermissionControllerState<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >\n >;\n};\n\n/**\n * The permission controller. See the [Architecture](../ARCHITECTURE.md)\n * document for details.\n *\n * Assumes the existence of an {@link ApprovalController} reachable via the\n * {@link ControllerMessenger}.\n *\n * @template ControllerPermissionSpecification - A union of the types of all\n * permission specifications available to the controller. Any referenced caveats\n * must be included in the controller's caveat specifications.\n * @template ControllerCaveatSpecification - A union of the types of all\n * caveat specifications available to the controller.\n */\nexport class PermissionController<\n ControllerPermissionSpecification extends PermissionSpecificationConstraint,\n ControllerCaveatSpecification extends CaveatSpecificationConstraint,\n> extends BaseController<\n typeof controllerName,\n PermissionControllerState<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >,\n PermissionControllerMessenger\n> {\n private readonly _caveatSpecifications: Readonly<\n CaveatSpecificationMap<ControllerCaveatSpecification>\n >;\n\n private readonly _permissionSpecifications: Readonly<\n PermissionSpecificationMap<ControllerPermissionSpecification>\n >;\n\n private readonly _unrestrictedMethods: ReadonlySet<string>;\n\n /**\n * The names of all JSON-RPC methods that will be ignored by the controller.\n *\n * @returns The names of all unrestricted JSON-RPC methods\n */\n public get unrestrictedMethods(): ReadonlySet<string> {\n return this._unrestrictedMethods;\n }\n\n /**\n * Returns a `json-rpc-engine` middleware function factory, so that the rules\n * described by the state of this controller can be applied to incoming\n * JSON-RPC requests.\n *\n * The middleware **must** be added in the correct place in the middleware\n * stack in order for it to work. See the README for an example.\n */\n public createPermissionMiddleware: ReturnType<\n typeof getPermissionMiddlewareFactory\n >;\n\n /**\n * Constructs the PermissionController.\n *\n * @param options - Permission controller options.\n * @param options.caveatSpecifications - The specifications of all caveats\n * available to the controller. See {@link CaveatSpecificationMap} and the\n * documentation for more details.\n * @param options.permissionSpecifications - The specifications of all\n * permissions available to the controller. See\n * {@link PermissionSpecificationMap} and the README for more details.\n * @param options.unrestrictedMethods - The callable names of all JSON-RPC\n * methods ignored by the new controller.\n * @param options.messenger - The controller messenger. See\n * {@link BaseController} for more information.\n * @param options.state - Existing state to hydrate the controller with at\n * initialization.\n */\n constructor(\n options: PermissionControllerOptions<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >,\n ) {\n const {\n caveatSpecifications,\n permissionSpecifications,\n unrestrictedMethods,\n messenger,\n state = {},\n } = options;\n\n super({\n name: controllerName,\n metadata:\n getStateMetadata<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >(),\n messenger,\n state: {\n ...getDefaultState<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >(),\n ...state,\n },\n });\n\n this._unrestrictedMethods = new Set(unrestrictedMethods);\n this._caveatSpecifications = deepFreeze({ ...caveatSpecifications });\n\n this.validatePermissionSpecifications(\n permissionSpecifications,\n this._caveatSpecifications,\n );\n\n this._permissionSpecifications = deepFreeze({\n ...permissionSpecifications,\n });\n\n this.registerMessageHandlers();\n this.createPermissionMiddleware = getPermissionMiddlewareFactory({\n executeRestrictedMethod: this._executeRestrictedMethod.bind(this),\n getRestrictedMethod: this.getRestrictedMethod.bind(this),\n isUnrestrictedMethod: this.unrestrictedMethods.has.bind(\n this.unrestrictedMethods,\n ),\n });\n }\n\n /**\n * Gets a permission specification.\n *\n * @param targetName - The name of the permission specification to get.\n * @returns The permission specification with the specified target name.\n */\n private getPermissionSpecification<\n TargetName extends ControllerPermissionSpecification['targetName'],\n >(\n targetName: TargetName,\n ): ExtractPermissionSpecification<\n ControllerPermissionSpecification,\n TargetName\n > {\n return this._permissionSpecifications[targetName];\n }\n\n /**\n * Gets a caveat specification.\n *\n * @param caveatType - The type of the caveat specification to get.\n * @returns The caveat specification with the specified type.\n */\n private getCaveatSpecification<\n CaveatType extends ControllerCaveatSpecification['type'],\n >(caveatType: CaveatType) {\n return this._caveatSpecifications[caveatType];\n }\n\n /**\n * Constructor helper for validating permission specifications.\n *\n * Throws an error if validation fails.\n *\n * @param permissionSpecifications - The permission specifications passed to\n * this controller's constructor.\n * @param caveatSpecifications - The caveat specifications passed to this\n * controller.\n */\n private validatePermissionSpecifications(\n permissionSpecifications: PermissionSpecificationMap<ControllerPermissionSpecification>,\n caveatSpecifications: CaveatSpecificationMap<ControllerCaveatSpecification>,\n ) {\n Object.entries<ControllerPermissionSpecification>(\n permissionSpecifications,\n ).forEach(\n ([\n targetName,\n { permissionType, targetName: innerTargetName, allowedCaveats },\n ]) => {\n if (!permissionType || !hasProperty(PermissionType, permissionType)) {\n throw new Error(`Invalid permission type: \"${permissionType}\"`);\n }\n\n if (!targetName) {\n throw new Error(`Invalid permission target name: \"${targetName}\"`);\n }\n\n if (targetName !== innerTargetName) {\n throw new Error(\n `Invalid permission specification: target name \"${targetName}\" must match specification.targetName value \"${innerTargetName}\".`,\n );\n }\n\n if (allowedCaveats) {\n allowedCaveats.forEach((caveatType) => {\n if (!hasProperty(caveatSpecifications, caveatType)) {\n throw new UnrecognizedCaveatTypeError(caveatType);\n }\n\n const specification =\n caveatSpecifications[\n caveatType as ControllerCaveatSpecification['type']\n ];\n const isRestrictedMethodCaveat =\n isRestrictedMethodCaveatSpecification(specification);\n\n if (\n (permissionType === PermissionType.RestrictedMethod &&\n !isRestrictedMethodCaveat) ||\n (permissionType === PermissionType.Endowment &&\n isRestrictedMethodCaveat)\n ) {\n throw new CaveatSpecificationMismatchError(\n specification,\n permissionType,\n );\n }\n });\n }\n },\n );\n }\n\n /**\n * Constructor helper for registering the controller's messaging system\n * actions.\n */\n private registerMessageHandlers(): void {\n this.messagingSystem.registerActionHandler(\n `${controllerName}:clearPermissions` as const,\n () => this.clearState(),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:getEndowments` as const,\n (origin: string, targetName: string, requestData?: unknown) =>\n this.getEndowments(origin, targetName, requestData),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:getSubjectNames` as const,\n () => this.getSubjectNames(),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:getPermissions` as const,\n (origin: OriginString) => this.getPermissions(origin),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:hasPermission` as const,\n (origin: OriginString, targetName: string) =>\n this.hasPermission(origin, targetName),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:hasPermissions` as const,\n (origin: OriginString) => this.hasPermissions(origin),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:grantPermissions` as const,\n this.grantPermissions.bind(this),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:requestPermissions` as const,\n (subject: PermissionSubjectMetadata, permissions: RequestedPermissions) =>\n this.requestPermissions(subject, permissions),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:revokeAllPermissions` as const,\n (origin: OriginString) => this.revokeAllPermissions(origin),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:revokePermissionForAllSubjects` as const,\n (\n target: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n ) => this.revokePermissionForAllSubjects(target),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:revokePermissions` as const,\n this.revokePermissions.bind(this),\n );\n\n this.messagingSystem.registerActionHandler(\n `${controllerName}:updateCaveat` as const,\n (origin, target, caveatType, caveatValue) => {\n this.updateCaveat(\n origin,\n target,\n caveatType as ExtractAllowedCaveatTypes<ControllerPermissionSpecification>,\n caveatValue,\n );\n },\n );\n }\n\n /**\n * Clears the state of the controller.\n */\n clearState(): void {\n this.update((_draftState) => {\n return {\n ...getDefaultState<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >(),\n };\n });\n }\n\n /**\n * Gets the permission specification corresponding to the given permission\n * type and target name. Throws an error if the target name does not\n * correspond to a permission, or if the specification is not of the\n * given permission type.\n *\n * @template Type - The type of the permission specification to get.\n * @param permissionType - The type of the permission specification to get.\n * @param targetName - The name of the permission whose specification to get.\n * @param requestingOrigin - The origin of the requesting subject, if any.\n * Will be added to any thrown errors.\n * @returns The specification object corresponding to the given type and\n * target name.\n */\n private getTypedPermissionSpecification<Type extends PermissionType>(\n permissionType: Type,\n targetName: string,\n requestingOrigin?: string,\n ): ControllerPermissionSpecification & { permissionType: Type } {\n const failureError =\n permissionType === PermissionType.RestrictedMethod\n ? methodNotFound(\n targetName,\n requestingOrigin ? { origin: requestingOrigin } : undefined,\n )\n : new EndowmentPermissionDoesNotExistError(\n targetName,\n requestingOrigin,\n );\n\n if (!this.targetExists(targetName)) {\n throw failureError;\n }\n\n const specification = this.getPermissionSpecification(targetName);\n if (!hasSpecificationType(specification, permissionType)) {\n throw failureError;\n }\n\n return specification;\n }\n\n /**\n * Gets the implementation of the specified restricted method.\n *\n * A JSON-RPC error is thrown if the method does not exist.\n *\n * @see {@link PermissionController.executeRestrictedMethod} and\n * {@link PermissionController.createPermissionMiddleware} for internal usage.\n * @param method - The name of the restricted method.\n * @param origin - The origin associated with the request for the restricted\n * method, if any.\n * @returns The restricted method implementation.\n */\n getRestrictedMethod(\n method: string,\n origin?: string,\n ): RestrictedMethod<RestrictedMethodParameters, Json> {\n return this.getTypedPermissionSpecification(\n PermissionType.RestrictedMethod,\n method,\n origin,\n ).methodImplementation;\n }\n\n /**\n * Gets a list of all origins of subjects.\n *\n * @returns The origins (i.e. IDs) of all subjects.\n */\n getSubjectNames(): OriginString[] {\n return Object.keys(this.state.subjects);\n }\n\n /**\n * Gets the permission for the specified target of the subject corresponding\n * to the specified origin.\n *\n * @param origin - The origin of the subject.\n * @param targetName - The method name as invoked by a third party (i.e., not\n * a method key).\n * @returns The permission if it exists, or undefined otherwise.\n */\n getPermission<\n SubjectPermission extends ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >,\n >(\n origin: OriginString,\n targetName: SubjectPermission['parentCapability'],\n ): SubjectPermission | undefined {\n return this.state.subjects[origin]?.permissions[targetName] as\n | SubjectPermission\n | undefined;\n }\n\n /**\n * Gets all permissions for the specified subject, if any.\n *\n * @param origin - The origin of the subject.\n * @returns The permissions of the subject, if any.\n */\n getPermissions(\n origin: OriginString,\n ):\n | SubjectPermissions<\n ValidPermission<string, ExtractCaveats<ControllerCaveatSpecification>>\n >\n | undefined {\n return this.state.subjects[origin]?.permissions;\n }\n\n /**\n * Checks whether the subject with the specified origin has the specified\n * permission.\n *\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @returns Whether the subject has the permission.\n */\n hasPermission(\n origin: OriginString,\n target: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n ): boolean {\n return Boolean(this.getPermission(origin, target));\n }\n\n /**\n * Checks whether the subject with the specified origin has any permissions.\n * Use this if you want to know if a subject \"exists\".\n *\n * @param origin - The origin of the subject to check.\n * @returns Whether the subject has any permissions.\n */\n hasPermissions(origin: OriginString): boolean {\n return Boolean(this.state.subjects[origin]);\n }\n\n /**\n * Revokes all permissions from the specified origin.\n *\n * Throws an error of the origin has no permissions.\n *\n * @param origin - The origin whose permissions to revoke.\n */\n revokeAllPermissions(origin: OriginString): void {\n this.update((draftState) => {\n if (!draftState.subjects[origin]) {\n throw new UnrecognizedSubjectError(origin);\n }\n delete draftState.subjects[origin];\n });\n }\n\n /**\n * Revokes the specified permission from the subject with the specified\n * origin.\n *\n * Throws an error if the subject or the permission does not exist.\n *\n * @param origin - The origin of the subject whose permission to revoke.\n * @param target - The target name of the permission to revoke.\n */\n revokePermission(\n origin: OriginString,\n target: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n ): void {\n this.revokePermissions({ [origin]: [target] });\n }\n\n /**\n * Revokes the specified permissions from the specified subjects.\n *\n * Throws an error if any of the subjects or permissions do not exist.\n *\n * @param subjectsAndPermissions - An object mapping subject origins\n * to arrays of permission target names to revoke.\n */\n revokePermissions(\n subjectsAndPermissions: Record<\n OriginString,\n NonEmptyArray<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability']\n >\n >,\n ): void {\n this.update((draftState) => {\n Object.keys(subjectsAndPermissions).forEach((origin) => {\n if (!hasProperty(draftState.subjects, origin)) {\n throw new UnrecognizedSubjectError(origin);\n }\n\n subjectsAndPermissions[origin].forEach((target) => {\n const { permissions } = draftState.subjects[origin];\n if (!hasProperty(permissions as Record<string, unknown>, target)) {\n throw new PermissionDoesNotExistError(origin, target);\n }\n\n this.deletePermission(draftState.subjects, origin, target);\n });\n });\n });\n }\n\n /**\n * Revokes all permissions corresponding to the specified target for all subjects.\n * Does nothing if no subjects or no such permission exists.\n *\n * @param target - The name of the target to revoke all permissions for.\n */\n revokePermissionForAllSubjects(\n target: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n ): void {\n if (this.getSubjectNames().length === 0) {\n return;\n }\n\n this.update((draftState) => {\n Object.entries(draftState.subjects).forEach(([origin, subject]) => {\n const { permissions } = subject;\n\n if (hasProperty(permissions as Record<string, unknown>, target)) {\n this.deletePermission(draftState.subjects, origin, target);\n }\n });\n });\n }\n\n /**\n * Deletes the permission identified by the given origin and target. If the\n * permission is the single remaining permission of its subject, the subject\n * is also deleted.\n *\n * @param subjects - The draft permission controller subjects.\n * @param origin - The origin of the subject associated with the permission\n * to delete.\n * @param target - The target name of the permission to delete.\n */\n private deletePermission(\n subjects: Draft<PermissionControllerSubjects<PermissionConstraint>>,\n origin: OriginString,\n target: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n ): void {\n const { permissions } = subjects[origin];\n if (Object.keys(permissions).length > 1) {\n delete permissions[target];\n } else {\n delete subjects[origin];\n }\n }\n\n /**\n * Checks whether the permission of the subject corresponding to the given\n * origin has a caveat of the specified type.\n *\n * Throws an error if the subject does not have a permission with the\n * specified target name.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to check for.\n * @returns Whether the permission has the specified caveat.\n */\n hasCaveat<\n TargetName extends ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n CaveatType extends ExtractAllowedCaveatTypes<ControllerPermissionSpecification>,\n >(origin: OriginString, target: TargetName, caveatType: CaveatType): boolean {\n return Boolean(this.getCaveat(origin, target, caveatType));\n }\n\n /**\n * Gets the caveat of the specified type, if any, for the permission of\n * the subject corresponding to the given origin.\n *\n * Throws an error if the subject does not have a permission with the\n * specified target name.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to get.\n * @returns The caveat, or `undefined` if no such caveat exists.\n */\n getCaveat<\n TargetName extends ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n CaveatType extends ExtractAllowedCaveatTypes<ControllerPermissionSpecification>,\n >(\n origin: OriginString,\n target: TargetName,\n caveatType: CaveatType,\n ): ExtractCaveat<ControllerCaveatSpecification, CaveatType> | undefined {\n const permission = this.getPermission(origin, target);\n if (!permission) {\n throw new PermissionDoesNotExistError(origin, target);\n }\n\n return findCaveat(permission, caveatType) as\n | ExtractCaveat<ControllerCaveatSpecification, CaveatType>\n | undefined;\n }\n\n /**\n * Adds a caveat of the specified type, with the specified caveat value, to\n * the permission corresponding to the given subject origin and permission\n * target.\n *\n * For modifying existing caveats, use\n * {@link PermissionController.updateCaveat}.\n *\n * Throws an error if no such permission exists, or if the caveat already\n * exists.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to add.\n * @param caveatValue - The value of the caveat to add.\n */\n addCaveat<\n TargetName extends ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n CaveatType extends ExtractAllowedCaveatTypes<ControllerPermissionSpecification>,\n >(\n origin: OriginString,\n target: TargetName,\n caveatType: CaveatType,\n caveatValue: ExtractCaveatValue<ControllerCaveatSpecification, CaveatType>,\n ): void {\n if (this.hasCaveat(origin, target, caveatType)) {\n throw new CaveatAlreadyExistsError(origin, target, caveatType);\n }\n\n this.setCaveat(origin, target, caveatType, caveatValue);\n }\n\n /**\n * Updates the value of the caveat of the specified type belonging to the\n * permission corresponding to the given subject origin and permission\n * target.\n *\n * For adding new caveats, use\n * {@link PermissionController.addCaveat}.\n *\n * Throws an error if no such permission or caveat exists.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to update.\n * @param caveatValue - The new value of the caveat.\n */\n updateCaveat<\n TargetName extends ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n CaveatType extends ExtractAllowedCaveatTypes<ControllerPermissionSpecification>,\n CaveatValue extends ExtractCaveatValue<\n ControllerCaveatSpecification,\n CaveatType\n >,\n >(\n origin: OriginString,\n target: TargetName,\n caveatType: CaveatType,\n caveatValue: CaveatValue,\n ): void {\n if (!this.hasCaveat(origin, target, caveatType)) {\n throw new CaveatDoesNotExistError(origin, target, caveatType);\n }\n\n this.setCaveat(origin, target, caveatType, caveatValue);\n }\n\n /**\n * Sets the specified caveat on the specified permission. Overwrites existing\n * caveats of the same type in-place (preserving array order), and adds the\n * caveat to the end of the array otherwise.\n *\n * Throws an error if the permission does not exist or fails to validate after\n * its caveats have been modified.\n *\n * @see {@link PermissionController.addCaveat}\n * @see {@link PermissionController.updateCaveat}\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to set.\n * @param caveatValue - The value of the caveat to set.\n */\n private setCaveat<\n TargetName extends ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n CaveatType extends ExtractAllowedCaveatTypes<ControllerPermissionSpecification>,\n >(\n origin: OriginString,\n target: TargetName,\n caveatType: CaveatType,\n caveatValue: ExtractCaveatValue<ControllerCaveatSpecification, CaveatType>,\n ): void {\n this.update((draftState) => {\n const subject = draftState.subjects[origin];\n\n // Unreachable because `hasCaveat` is always called before this, and it\n // throws if permissions are missing. TypeScript needs this, however.\n /* istanbul ignore if */\n if (!subject) {\n throw new UnrecognizedSubjectError(origin);\n }\n\n const permission = subject.permissions[target];\n\n /* istanbul ignore if: practically impossible, but TypeScript wants it */\n if (!permission) {\n throw new PermissionDoesNotExistError(origin, target);\n }\n\n const caveat = {\n type: caveatType,\n value: caveatValue,\n };\n this.validateCaveat(caveat, origin, target);\n\n if (permission.caveats) {\n const caveatIndex = permission.caveats.findIndex(\n (existingCaveat) => existingCaveat.type === caveat.type,\n );\n\n if (caveatIndex === -1) {\n permission.caveats.push(caveat);\n } else {\n permission.caveats.splice(caveatIndex, 1, caveat);\n }\n } else {\n // Typecast: At this point, we don't know if the specific permission\n // is allowed to have caveats, but it should be impossible to call\n // this method for a permission that may not have any caveats.\n // If all else fails, the permission validator is also called.\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n permission.caveats = [caveat] as any;\n }\n\n this.validateModifiedPermission(permission, origin);\n });\n }\n\n /**\n * Updates all caveats with the specified type for all subjects and\n * permissions by applying the specified mutator function to them.\n *\n * ATTN: Permissions can be revoked entirely by the action of this method,\n * read on for details.\n *\n * Caveat mutators are functions that receive a caveat value and return a\n * tuple consisting of a {@link CaveatMutatorOperation} and, optionally, a new\n * value to update the existing caveat with.\n *\n * For each caveat, depending on the mutator result, this method will:\n * - Do nothing ({@link CaveatMutatorOperation.noop})\n * - Update the value of the caveat ({@link CaveatMutatorOperation.updateValue}). The caveat specification validator, if any, will be called after updating the value.\n * - Delete the caveat ({@link CaveatMutatorOperation.deleteCaveat}). The permission specification validator, if any, will be called after deleting the caveat.\n * - Revoke the parent permission ({@link CaveatMutatorOperation.revokePermission})\n *\n * This method throws if the validation of any caveat or permission fails.\n *\n * @param targetCaveatType - The type of the caveats to update.\n * @param mutator - The mutator function which will be applied to all caveat\n * values.\n */\n updatePermissionsByCaveat<\n CaveatType extends ExtractCaveats<ControllerCaveatSpecification>['type'],\n TargetCaveat extends ExtractCaveat<\n ControllerCaveatSpecification,\n CaveatType\n >,\n >(targetCaveatType: CaveatType, mutator: CaveatMutator<TargetCaveat>): void {\n if (Object.keys(this.state.subjects).length === 0) {\n return;\n }\n\n this.update((draftState) => {\n Object.values(draftState.subjects).forEach((subject) => {\n Object.values(subject.permissions).forEach((permission) => {\n const { caveats } = permission;\n const targetCaveat = caveats?.find(\n ({ type }) => type === targetCaveatType,\n );\n if (!targetCaveat) {\n return;\n }\n\n // The mutator may modify the caveat value in place, and must always\n // return a valid mutation result.\n const mutatorResult = mutator(targetCaveat.value);\n switch (mutatorResult.operation) {\n case CaveatMutatorOperation.noop:\n break;\n\n case CaveatMutatorOperation.updateValue:\n // Typecast: `Mutable` is used here to assign to a readonly\n // property. `targetConstraint` should already be mutable because\n // it's part of a draft, but for some reason it's not. We can't\n // use the more-correct `Draft` type here either because it\n // results in an error.\n (targetCaveat as Mutable<CaveatConstraint, 'value'>).value =\n mutatorResult.value;\n\n this.validateCaveat(\n targetCaveat,\n subject.origin,\n permission.parentCapability,\n );\n break;\n\n case CaveatMutatorOperation.deleteCaveat:\n this.deleteCaveat(permission, targetCaveatType, subject.origin);\n break;\n\n case CaveatMutatorOperation.revokePermission:\n this.deletePermission(\n draftState.subjects,\n subject.origin,\n permission.parentCapability,\n );\n break;\n\n default: {\n // This type check ensures that the switch statement is\n // exhaustive.\n const _exhaustiveCheck: never = mutatorResult;\n throw new Error(\n `Unrecognized mutation result: \"${\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n (_exhaustiveCheck as any).operation\n }\"`,\n );\n }\n }\n });\n });\n });\n }\n\n /**\n * Removes the caveat of the specified type from the permission corresponding\n * to the given subject origin and target name.\n *\n * Throws an error if no such permission or caveat exists.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to remove.\n */\n removeCaveat<\n TargetName extends ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n CaveatType extends ExtractAllowedCaveatTypes<ControllerPermissionSpecification>,\n >(origin: OriginString, target: TargetName, caveatType: CaveatType): void {\n this.update((draftState) => {\n const permission = draftState.subjects[origin]?.permissions[target];\n if (!permission) {\n throw new PermissionDoesNotExistError(origin, target);\n }\n\n if (!permission.caveats) {\n throw new CaveatDoesNotExistError(origin, target, caveatType);\n }\n\n this.deleteCaveat(permission, caveatType, origin);\n });\n }\n\n /**\n * Deletes the specified caveat from the specified permission. If no caveats\n * remain after deletion, the permission's caveat property is set to `null`.\n * The permission is validated after being modified.\n *\n * Throws an error if the permission does not have a caveat with the specified\n * type.\n *\n * @param permission - The permission whose caveat to delete.\n * @param caveatType - The type of the caveat to delete.\n * @param origin - The origin the permission subject.\n */\n private deleteCaveat<\n CaveatType extends ExtractCaveats<ControllerCaveatSpecification>['type'],\n >(\n permission: Draft<PermissionConstraint>,\n caveatType: CaveatType,\n origin: OriginString,\n ): void {\n /* istanbul ignore if: not possible in our usage */\n if (!permission.caveats) {\n throw new CaveatDoesNotExistError(\n origin,\n permission.parentCapability,\n caveatType,\n );\n }\n\n const caveatIndex = permission.caveats.findIndex(\n (existingCaveat) => existingCaveat.type === caveatType,\n );\n\n if (caveatIndex === -1) {\n throw new CaveatDoesNotExistError(\n origin,\n permission.parentCapability,\n caveatType,\n );\n }\n\n if (permission.caveats.length === 1) {\n permission.caveats = null;\n } else {\n permission.caveats.splice(caveatIndex, 1);\n }\n\n this.validateModifiedPermission(permission, origin);\n }\n\n /**\n * Validates the specified modified permission. Should **always** be invoked\n * on a permission after its caveats have been modified.\n *\n * Just like {@link PermissionController.validatePermission}, except that the\n * corresponding target name and specification are retrieved first, and an\n * error is thrown if the target name does not exist.\n *\n * @param permission - The modified permission to validate.\n * @param origin - The origin associated with the permission.\n */\n private validateModifiedPermission(\n permission: Draft<PermissionConstraint>,\n origin: OriginString,\n ): void {\n /* istanbul ignore if: this should be impossible */\n if (!this.targetExists(permission.parentCapability)) {\n throw new Error(\n `Fatal: Existing permission target \"${permission.parentCapability}\" has no specification.`,\n );\n }\n\n this.validatePermission(\n this.getPermissionSpecification(permission.parentCapability),\n permission as PermissionConstraint,\n origin,\n );\n }\n\n /**\n * Verifies the existence the specified permission target, i.e. whether it has\n * a specification.\n *\n * @param target - The requested permission target.\n * @returns Whether the permission target exists.\n */\n private targetExists(\n target: string,\n ): target is ControllerPermissionSpecification['targetName'] {\n return hasProperty(this._permissionSpecifications, target);\n }\n\n /**\n * Grants _approved_ permissions to the specified subject. Every permission and\n * caveat is stringently validated – including by calling every specification\n * validator – and an error is thrown if any validation fails.\n *\n * ATTN: This method does **not** prompt the user for approval.\n *\n * @see {@link PermissionController.requestPermissions} For initiating a\n * permissions request requiring user approval.\n * @param options - Options bag.\n * @param options.approvedPermissions - The requested permissions approved by\n * the user.\n * @param options.requestData - Permission request data. Passed to permission\n * factory functions.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions.\n * @param options.subject - The subject to grant permissions to.\n * @returns The granted permissions.\n */\n grantPermissions({\n approvedPermissions,\n requestData,\n preserveExistingPermissions = true,\n subject,\n }: {\n approvedPermissions: RequestedPermissions;\n subject: PermissionSubjectMetadata;\n preserveExistingPermissions?: boolean;\n requestData?: Record<string, unknown>;\n }): SubjectPermissions<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n > {\n const { origin } = subject;\n\n if (!origin || typeof origin !== 'string') {\n throw new InvalidSubjectIdentifierError(origin);\n }\n\n const permissions = (\n preserveExistingPermissions\n ? {\n ...this.getPermissions(origin),\n }\n : {}\n ) as SubjectPermissions<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >;\n\n for (const [requestedTarget, approvedPermission] of Object.entries(\n approvedPermissions,\n )) {\n if (!this.targetExists(requestedTarget)) {\n throw methodNotFound(requestedTarget);\n }\n\n if (\n approvedPermission.parentCapability !== undefined &&\n requestedTarget !== approvedPermission.parentCapability\n ) {\n throw new InvalidApprovedPermissionError(\n origin,\n requestedTarget,\n approvedPermission,\n );\n }\n\n // We have verified that the target exists, and reassign it to change its\n // type.\n const targetName = requestedTarget as ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'];\n const specification = this.getPermissionSpecification(targetName);\n\n // The requested caveats are validated here.\n const caveats = this.constructCaveats(\n origin,\n targetName,\n approvedPermission.caveats,\n );\n\n const permissionOptions = {\n caveats,\n invoker: origin,\n target: targetName,\n };\n\n let permission: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >;\n if (specification.factory) {\n permission = specification.factory(permissionOptions, requestData);\n\n // Full caveat and permission validation is performed here since the\n // factory function can arbitrarily modify the entire permission object,\n // including its caveats.\n this.validatePermission(specification, permission, origin);\n } else {\n permission = constructPermission(permissionOptions);\n\n // We do not need to validate caveats in this case, because the plain\n // permission constructor function does not modify the caveats, which\n // were already validated by `constructCaveats` above.\n this.validatePermission(specification, permission, origin, {\n invokePermissionValidator: true,\n performCaveatValidation: false,\n });\n }\n permissions[targetName] = permission;\n }\n\n this.setValidatedPermissions(origin, permissions);\n return permissions;\n }\n\n /**\n * Validates the specified permission by:\n * - Ensuring that if `subjectTypes` is specified, the subject requesting the permission is of a type in the list.\n * - Ensuring that its `caveats` property is either `null` or a non-empty array.\n * - Ensuring that it only includes caveats allowed by its specification.\n * - Ensuring that it includes no duplicate caveats (by caveat type).\n * - Validating each caveat object, if `performCaveatValidation` is `true`.\n * - Calling the validator of its specification, if one exists and `invokePermissionValidator` is `true`.\n *\n * An error is thrown if validation fails.\n *\n * @param specification - The specification of the permission.\n * @param permission - The permission to validate.\n * @param origin - The origin associated with the permission.\n * @param validationOptions - Validation options.\n * @param validationOptions.invokePermissionValidator - Whether to invoke the\n * permission's consumer-specified validator function, if any.\n * @param validationOptions.performCaveatValidation - Whether to invoke\n * {@link PermissionController.validateCaveat} on each of the permission's\n * caveats.\n */\n private validatePermission(\n specification: PermissionSpecificationConstraint,\n permission: PermissionConstraint,\n origin: OriginString,\n { invokePermissionValidator, performCaveatValidation } = {\n invokePermissionValidator: true,\n performCaveatValidation: true,\n },\n ): void {\n const { allowedCaveats, validator, targetName } = specification;\n\n if (\n specification.subjectTypes?.length &&\n specification.subjectTypes.length > 0\n ) {\n const metadata = this.messagingSystem.call(\n 'SubjectMetadataController:getSubjectMetadata',\n origin,\n );\n\n if (\n !metadata ||\n metadata.subjectType === null ||\n !specification.subjectTypes.includes(metadata.subjectType)\n ) {\n throw specification.permissionType === PermissionType.RestrictedMethod\n ? methodNotFound(targetName, { origin })\n : new EndowmentPermissionDoesNotExistError(targetName, origin);\n }\n }\n\n if (hasProperty(permission, 'caveats')) {\n const { caveats } = permission;\n\n if (caveats !== null && !(Array.isArray(caveats) && caveats.length > 0)) {\n throw new InvalidCaveatsPropertyError(origin, targetName, caveats);\n }\n\n const seenCaveatTypes = new Set<string>();\n caveats?.forEach((caveat) => {\n if (performCaveatValidation) {\n this.validateCaveat(caveat, origin, targetName);\n }\n\n if (!allowedCaveats?.includes(caveat.type)) {\n throw new ForbiddenCaveatError(caveat.type, origin, targetName);\n }\n\n if (seenCaveatTypes.has(caveat.type)) {\n throw new DuplicateCaveatError(caveat.type, origin, targetName);\n }\n seenCaveatTypes.add(caveat.type);\n });\n }\n\n if (invokePermissionValidator && validator) {\n validator(permission, origin, targetName);\n }\n }\n\n /**\n * Assigns the specified permissions to the subject with the given origin.\n * Overwrites all existing permissions, and creates a subject entry if it\n * doesn't already exist.\n *\n * ATTN: Assumes that the new permissions have been validated.\n *\n * @param origin - The origin of the grantee subject.\n * @param permissions - The new permissions for the grantee subject.\n */\n private setValidatedPermissions(\n origin: OriginString,\n permissions: Record<\n string,\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >,\n ): void {\n this.update((draftState) => {\n if (!draftState.subjects[origin]) {\n draftState.subjects[origin] = { origin, permissions: {} };\n }\n\n draftState.subjects[origin].permissions = castDraft(permissions);\n });\n }\n\n /**\n * Validates the requested caveats for the permission of the specified\n * subject origin and target name and returns the validated caveat array.\n *\n * Throws an error if validation fails.\n *\n * @param origin - The origin of the permission subject.\n * @param target - The permission target name.\n * @param requestedCaveats - The requested caveats to construct.\n * @returns The constructed caveats.\n */\n private constructCaveats(\n origin: OriginString,\n target: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n requestedCaveats?: unknown[] | null,\n ): NonEmptyArray<ExtractCaveats<ControllerCaveatSpecification>> | undefined {\n const caveatArray = requestedCaveats?.map((requestedCaveat) => {\n this.validateCaveat(requestedCaveat, origin, target);\n\n // Reassign so that we have a fresh object.\n const { type, value } = requestedCaveat as CaveatConstraint;\n return { type, value } as ExtractCaveats<ControllerCaveatSpecification>;\n });\n\n return caveatArray && isNonEmptyArray(caveatArray)\n ? caveatArray\n : undefined;\n }\n\n /**\n * This methods validates that the specified caveat is an object with the\n * expected properties and types. It also ensures that a caveat specification\n * exists for the requested caveat type, and calls the specification\n * validator, if it exists, on the caveat object.\n *\n * Throws an error if validation fails.\n *\n * @param caveat - The caveat object to validate.\n * @param origin - The origin associated with the subject of the parent\n * permission.\n * @param target - The target name associated with the parent permission.\n */\n private validateCaveat(\n caveat: unknown,\n origin: OriginString,\n target: string,\n ): void {\n if (!isPlainObject(caveat)) {\n // eslint-disable-next-line @typescript-eslint/no-throw-literal\n throw new InvalidCaveatError(caveat, origin, target);\n }\n\n if (Object.keys(caveat).length !== 2) {\n throw new InvalidCaveatFieldsError(caveat, origin, target);\n }\n\n if (typeof caveat.type !== 'string') {\n throw new InvalidCaveatTypeError(caveat, origin, target);\n }\n\n const specification = this.getCaveatSpecification(caveat.type);\n if (!specification) {\n throw new UnrecognizedCaveatTypeError(caveat.type, origin, target);\n }\n\n if (!hasProperty(caveat, 'value') || caveat.value === undefined) {\n throw new CaveatMissingValueError(caveat, origin, target);\n }\n\n if (!isValidJson(caveat.value)) {\n throw new CaveatInvalidJsonError(caveat, origin, target);\n }\n\n // Typecast: TypeScript still believes that the caveat is a PlainObject.\n specification.validator?.(caveat as CaveatConstraint, origin, target);\n }\n\n /**\n * Initiates a permission request that requires user approval. This should\n * always be used to grant additional permissions to a subject, unless user\n * approval has been obtained through some other means.\n *\n * Permissions are validated at every step of the approval process, and this\n * method will reject if validation fails.\n *\n * @see {@link ApprovalController} For the user approval logic.\n * @see {@link PermissionController.acceptPermissionsRequest} For the method\n * that _accepts_ the request and resolves the user approval promise.\n * @see {@link PermissionController.rejectPermissionsRequest} For the method\n * that _rejects_ the request and the user approval promise.\n * @param subject - The grantee subject.\n * @param requestedPermissions - The requested permissions.\n * @param options - Additional options.\n * @param options.id - The id of the permissions request. Defaults to a unique\n * id.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions. Defaults to `true`.\n * @returns The granted permissions and request metadata.\n */\n async requestPermissions(\n subject: PermissionSubjectMetadata,\n requestedPermissions: RequestedPermissions,\n options: {\n id?: string;\n preserveExistingPermissions?: boolean;\n } = {},\n ): Promise<\n [\n SubjectPermissions<\n ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >\n >,\n { data?: Record<string, unknown>; id: string; origin: OriginString },\n ]\n > {\n const { origin } = subject;\n const { id = nanoid(), preserveExistingPermissions = true } = options;\n this.validateRequestedPermissions(origin, requestedPermissions);\n\n const metadata = {\n id,\n origin,\n };\n\n const permissionsRequest = {\n metadata,\n permissions: requestedPermissions,\n };\n\n const approvedRequest = await this.requestUserApproval(permissionsRequest);\n const { permissions: approvedPermissions, ...requestData } =\n approvedRequest;\n\n const sideEffects = this.getSideEffects(approvedPermissions);\n\n if (Object.values(sideEffects.permittedHandlers).length > 0) {\n const sideEffectsData = await this.executeSideEffects(\n sideEffects,\n approvedRequest,\n );\n const mappedData = Object.keys(sideEffects.permittedHandlers).reduce(\n (acc, permission, i) => ({ [permission]: sideEffectsData[i], ...acc }),\n {},\n );\n\n return [\n this.grantPermissions({\n subject,\n approvedPermissions,\n preserveExistingPermissions,\n requestData,\n }),\n { data: mappedData, ...metadata },\n ];\n }\n\n return [\n this.grantPermissions({\n subject,\n approvedPermissions,\n preserveExistingPermissions,\n requestData,\n }),\n metadata,\n ];\n }\n\n /**\n * Validates requested permissions. Throws if validation fails.\n *\n * This method ensures that the requested permissions are a properly\n * formatted {@link RequestedPermissions} object, and performs the same\n * validation as {@link PermissionController.grantPermissions}, except that\n * consumer-specified permission validator functions are not called, since\n * they are only called on fully constructed, approved permissions that are\n * otherwise completely valid.\n *\n * Unrecognzied properties on requested permissions are ignored.\n *\n * @param origin - The origin of the grantee subject.\n * @param requestedPermissions - The requested permissions.\n */\n private validateRequestedPermissions(\n origin: OriginString,\n requestedPermissions: unknown,\n ): void {\n if (!isPlainObject(requestedPermissions)) {\n throw invalidParams({\n message: `Requested permissions for origin \"${origin}\" is not a plain object.`,\n data: { origin, requestedPermissions },\n });\n }\n\n if (Object.keys(requestedPermissions).length === 0) {\n throw invalidParams({\n message: `Permissions request for origin \"${origin}\" contains no permissions.`,\n data: { requestedPermissions },\n });\n }\n\n for (const targetName of Object.keys(requestedPermissions)) {\n const permission = requestedPermissions[targetName];\n\n if (!this.targetExists(targetName)) {\n throw methodNotFound(targetName, { origin, requestedPermissions });\n }\n\n if (\n !isPlainObject(permission) ||\n (permission.parentCapability !== undefined &&\n targetName !== permission.parentCapability)\n ) {\n throw invalidParams({\n message: `Permissions request for origin \"${origin}\" contains invalid requested permission(s).`,\n data: { origin, requestedPermissions },\n });\n }\n\n // Here we validate the permission without invoking its validator, if any.\n // The validator will be invoked after the permission has been approved.\n this.validatePermission(\n this.getPermissionSpecification(targetName),\n // Typecast: The permission is still a \"PlainObject\" here.\n permission as PermissionConstraint,\n origin,\n { invokePermissionValidator: false, performCaveatValidation: true },\n );\n }\n }\n\n /**\n * Adds a request to the {@link ApprovalController} using the\n * {@link AddApprovalRequest} action. Also validates the resulting approved\n * permissions request, and throws an error if validation fails.\n *\n * @param permissionsRequest - The permissions request object.\n * @returns The approved permissions request object.\n */\n private async requestUserApproval(permissionsRequest: PermissionsRequest) {\n const { origin, id } = permissionsRequest.metadata;\n const approvedRequest = await this.messagingSystem.call(\n 'ApprovalController:addRequest',\n {\n id,\n origin,\n requestData: permissionsRequest,\n type: MethodNames.requestPermissions,\n },\n true,\n );\n\n this.validateApprovedPermissions(approvedRequest, { id, origin });\n return approvedRequest as PermissionsRequest;\n }\n\n /**\n * Reunites all the side-effects (onPermitted and onFailure) of the requested permissions inside a record of arrays.\n *\n * @param permissions - The approved permissions.\n * @returns The {@link SideEffects} object containing the handlers arrays.\n */\n private getSideEffects(permissions: RequestedPermissions) {\n return Object.keys(permissions).reduce<SideEffects>(\n (sideEffectList, targetName) => {\n if (this.targetExists(targetName)) {\n const specification = this.getPermissionSpecification(targetName);\n\n if (specification.sideEffect) {\n sideEffectList.permittedHandlers[targetName] =\n specification.sideEffect.onPermitted;\n\n if (specification.sideEffect.onFailure) {\n sideEffectList.failureHandlers[targetName] =\n specification.sideEffect.onFailure;\n }\n }\n }\n return sideEffectList;\n },\n { permittedHandlers: {}, failureHandlers: {} },\n );\n }\n\n /**\n * Executes the side-effects of the approved permissions while handling the errors if any.\n * It will pass an instance of the {@link messagingSystem} and the request data associated with the permission request to the handlers through its params.\n *\n * @param sideEffects - the side-effect record created by {@link getSideEffects}\n * @param requestData - the permissions requestData.\n * @returns the value returned by all the `onPermitted` handlers in an array.\n */\n private async executeSideEffects(\n sideEffects: SideEffects,\n requestData: PermissionsRequest,\n ) {\n const { permittedHandlers, failureHandlers } = sideEffects;\n const params = {\n requestData,\n messagingSystem: this.messagingSystem,\n };\n\n const promiseResults = await Promise.allSettled(\n Object.values(permittedHandlers).map((permittedHandler) =>\n permittedHandler(params),\n ),\n );\n\n // lib.es2020.promise.d.ts does not export its types so we're using a simple type.\n const rejectedHandlers = promiseResults.filter(\n (promise) => promise.status === 'rejected',\n ) as { status: 'rejected'; reason: Error }[];\n\n if (rejectedHandlers.length > 0) {\n const failureHandlersList = Object.values(failureHandlers);\n if (failureHandlersList.length > 0) {\n try {\n await Promise.all(\n failureHandlersList.map((failureHandler) => failureHandler(params)),\n );\n } catch (error) {\n throw internalError('Unexpected error in side-effects', { error });\n }\n }\n const reasons = rejectedHandlers.map((handler) => handler.reason);\n\n reasons.forEach((reason) => {\n console.error(reason);\n });\n\n throw reasons.length > 1\n ? internalError(\n 'Multiple errors occurred during side-effects execution',\n { errors: reasons },\n )\n : reasons[0];\n }\n\n // lib.es2020.promise.d.ts does not export its types so we're using a simple type.\n return (promiseResults as { status: 'fulfilled'; value: unknown }[]).map(\n ({ value }) => value,\n );\n }\n\n /**\n * Validates an approved {@link PermissionsRequest} object. The approved\n * request must have the required `metadata` and `permissions` properties,\n * the `id` and `origin` of the `metadata` must match the original request\n * metadata, and the requested permissions must be valid per\n * {@link PermissionController.validateRequestedPermissions}. Any extra\n * metadata properties are ignored.\n *\n * An error is thrown if validation fails.\n *\n * @param approvedRequest - The approved permissions request object.\n * @param originalMetadata - The original request metadata.\n */\n private validateApprovedPermissions(\n approvedRequest: unknown,\n originalMetadata: PermissionsRequestMetadata,\n ) {\n const { id, origin } = originalMetadata;\n\n if (\n !isPlainObject(approvedRequest) ||\n !isPlainObject(approvedRequest.metadata)\n ) {\n throw internalError(\n `Approved permissions request for subject \"${origin}\" is invalid.`,\n { data: { approvedRequest } },\n );\n }\n\n const {\n metadata: { id: newId, origin: newOrigin },\n permissions,\n } = approvedRequest;\n\n if (newId !== id) {\n throw internalError(\n `Approved permissions request for subject \"${origin}\" mutated its id.`,\n { originalId: id, mutatedId: newId },\n );\n }\n\n if (newOrigin !== origin) {\n throw internalError(\n `Approved permissions request for subject \"${origin}\" mutated its origin.`,\n { originalOrigin: origin, mutatedOrigin: newOrigin },\n );\n }\n\n try {\n this.validateRequestedPermissions(origin, permissions);\n } catch (error) {\n if (error instanceof JsonRpcError) {\n // Re-throw as an internal error; we should never receive invalid approved\n // permissions.\n throw internalError(\n `Invalid approved permissions request: ${error.message}`,\n error.data,\n );\n }\n throw internalError('Unrecognized error type', { error });\n }\n }\n\n /**\n * Accepts a permissions request created by\n * {@link PermissionController.requestPermissions}.\n *\n * @param request - The permissions request.\n */\n async acceptPermissionsRequest(request: PermissionsRequest): Promise<void> {\n const { id } = request.metadata;\n\n if (!this.hasApprovalRequest({ id })) {\n throw new PermissionsRequestNotFoundError(id);\n }\n\n if (Object.keys(request.permissions).length === 0) {\n this._rejectPermissionsRequest(\n id,\n invalidParams({\n message: 'Must request at least one permission.',\n }),\n );\n return;\n }\n\n try {\n this.messagingSystem.call(\n 'ApprovalController:acceptRequest',\n id,\n request,\n );\n } catch (error) {\n // If accepting unexpectedly fails, reject the request and re-throw the\n // error\n this._rejectPermissionsRequest(id, error);\n throw error;\n }\n }\n\n /**\n * Rejects a permissions request created by\n * {@link PermissionController.requestPermissions}.\n *\n * @param id - The id of the request to be rejected.\n */\n async rejectPermissionsRequest(id: string): Promise<void> {\n if (!this.hasApprovalRequest({ id })) {\n throw new PermissionsRequestNotFoundError(id);\n }\n\n this._rejectPermissionsRequest(id, userRejectedRequest());\n }\n\n /**\n * Checks whether the {@link ApprovalController} has a particular permissions\n * request.\n *\n * @see {@link PermissionController.acceptPermissionsRequest} and\n * {@link PermissionController.rejectPermissionsRequest} for usage.\n * @param options - The {@link HasApprovalRequest} options.\n * @param options.id - The id of the approval request to check for.\n * @returns Whether the specified request exists.\n */\n private hasApprovalRequest(options: { id: string }): boolean {\n return this.messagingSystem.call(\n 'ApprovalController:hasRequest',\n // Typecast: For some reason, the type here expects all of the possible\n // HasApprovalRequest options to be specified, when they're actually all\n // optional. Passing just the id is definitely valid, so we just cast it.\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n options as any,\n );\n }\n\n /**\n * Rejects the permissions request with the specified id, with the specified\n * error as the reason. This method is effectively a wrapper around a\n * messenger call for the `ApprovalController:rejectRequest` action.\n *\n * @see {@link PermissionController.acceptPermissionsRequest} and\n * {@link PermissionController.rejectPermissionsRequest} for usage.\n * @param id - The id of the request to reject.\n * @param error - The error associated with the rejection.\n * @returns Nothing\n */\n private _rejectPermissionsRequest(id: string, error: unknown): void {\n return this.messagingSystem.call(\n 'ApprovalController:rejectRequest',\n id,\n error,\n );\n }\n\n /**\n * Gets the subject's endowments per the specified endowment permission.\n * Throws if the subject does not have the required permission or if the\n * permission is not an endowment permission.\n *\n * @param origin - The origin of the subject whose endowments to retrieve.\n * @param targetName - The name of the endowment permission. This must be a\n * valid permission target name.\n * @param requestData - Additional data associated with the request, if any.\n * Forwarded to the endowment getter function for the permission.\n * @returns The endowments, if any.\n */\n async getEndowments(\n origin: string,\n targetName: ExtractEndowmentPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n requestData?: unknown,\n ): Promise<Json> {\n if (!this.hasPermission(origin, targetName)) {\n throw unauthorized({ data: { origin, targetName } });\n }\n\n return this.getTypedPermissionSpecification(\n PermissionType.Endowment,\n targetName,\n origin,\n ).endowmentGetter({ origin, requestData });\n }\n\n /**\n * Executes a restricted method as the subject with the given origin.\n * The specified params, if any, will be passed to the method implementation.\n *\n * ATTN: Great caution should be exercised in the use of this method.\n * Methods that cause side effects or affect application state should\n * be avoided.\n *\n * This method will first attempt to retrieve the requested restricted method\n * implementation, throwing if it does not exist. The method will then be\n * invoked as though the subject with the specified origin had invoked it with\n * the specified parameters. This means that any existing caveats will be\n * applied to the restricted method, and this method will throw if the\n * restricted method or its caveat decorators throw.\n *\n * In addition, this method will throw if the subject does not have a\n * permission for the specified restricted method.\n *\n * @param origin - The origin of the subject to execute the method on behalf\n * of.\n * @param targetName - The name of the method to execute. This must be a valid\n * permission target name.\n * @param params - The parameters to pass to the method implementation.\n * @returns The result of the executed method.\n */\n async executeRestrictedMethod(\n origin: OriginString,\n targetName: ExtractRestrictedMethodPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n params?: RestrictedMethodParameters,\n ): Promise<Json> {\n // Throws if the method does not exist\n const methodImplementation = this.getRestrictedMethod(targetName, origin);\n\n const result = await this._executeRestrictedMethod(\n methodImplementation,\n { origin },\n targetName,\n params,\n );\n\n if (result === undefined) {\n throw new Error(\n `Internal request for method \"${targetName}\" as origin \"${origin}\" returned no result.`,\n );\n }\n\n return result;\n }\n\n /**\n * An internal method used in the controller's `json-rpc-engine` middleware\n * and {@link PermissionController.executeRestrictedMethod}. Calls the\n * specified restricted method implementation after decorating it with the\n * caveats of its permission. Throws if the subject does not have the\n * requisite permission.\n *\n * ATTN: Parameter validation is the responsibility of the caller, or\n * the restricted method implementation in the case of `params`.\n *\n * @see {@link PermissionController.executeRestrictedMethod} and\n * {@link PermissionController.createPermissionMiddleware} for usage.\n * @param methodImplementation - The implementation of the method to call.\n * @param subject - Metadata about the subject that made the request.\n * @param method - The method name\n * @param params - Params needed for executing the restricted method\n * @returns The result of the restricted method implementation\n */\n private _executeRestrictedMethod(\n methodImplementation: RestrictedMethod<RestrictedMethodParameters, Json>,\n subject: PermissionSubjectMetadata,\n method: ExtractPermission<\n ControllerPermissionSpecification,\n ControllerCaveatSpecification\n >['parentCapability'],\n params: RestrictedMethodParameters = [],\n ): ReturnType<RestrictedMethod<RestrictedMethodParameters, Json>> {\n const { origin } = subject;\n\n const permission = this.getPermission(origin, method);\n if (!permission) {\n throw unauthorized({ data: { origin, method } });\n }\n\n return decorateWithCaveats(\n methodImplementation,\n permission,\n this._caveatSpecifications,\n )({ method, params, context: { origin } });\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAeA,SAAS,sBAAsB;AAE/B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,oBAAoB;AAC7B,SAAS,mBAAmB;AAE5B,OAAO,gBAAgB;AACvB,SAAS,iBAA6B;AACtC,SAAS,cAAc;AAyGvB,IAAM,iBAAiB;AAkDvB,SAAS,mBAA4D;AACnE,SAAO,EAAE,UAAU,EAAE,WAAW,MAAM,SAAS,KAAK,EAAE;AAGxD;AAQA,SAAS,kBAA2D;AAClE,SAAO,EAAE,UAAU,CAAC,EAAE;AACxB;AA0LO,IAAK,yBAAL,kBAAKA,4BAAL;AACL,EAAAA,gDAAA;AACA,EAAAA,gDAAA;AACA,EAAAA,gDAAA;AACA,EAAAA,gDAAA;AAJU,SAAAA;AAAA,GAAA;AAoIL,IAAM,uBAAN,cAGG,eASR;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,IAAW,sBAA2C;AACpD,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA+BA,YACE,SAIA;AACA,UAAM;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ,CAAC;AAAA,IACX,IAAI;AAEJ,UAAM;AAAA,MACJ,MAAM;AAAA,MACN,UACE,iBAKE;AAAA,MACJ;AAAA,MACA,OAAO;AAAA,QACL,GAAG,gBAKD;AAAA,QACF,GAAG;AAAA,MACL;AAAA,IACF,CAAC;AAED,SAAK,uBAAuB,IAAI,IAAI,mBAAmB;AACvD,SAAK,wBAAwB,WAAW,EAAE,GAAG,qBAAqB,CAAC;AAEnE,SAAK;AAAA,MACH;AAAA,MACA,KAAK;AAAA,IACP;AAEA,SAAK,4BAA4B,WAAW;AAAA,MAC1C,GAAG;AAAA,IACL,CAAC;AAED,SAAK,wBAAwB;AAC7B,SAAK,6BAA6B,+BAA+B;AAAA,MAC/D,yBAAyB,KAAK,yBAAyB,KAAK,IAAI;AAAA,MAChE,qBAAqB,KAAK,oBAAoB,KAAK,IAAI;AAAA,MACvD,sBAAsB,KAAK,oBAAoB,IAAI;AAAA,QACjD,KAAK;AAAA,MACP;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,2BAGN,YAIA;AACA,WAAO,KAAK,0BAA0B,UAAU;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,uBAEN,YAAwB;AACxB,WAAO,KAAK,sBAAsB,UAAU;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYQ,iCACN,0BACA,sBACA;AACA,WAAO;AAAA,MACL;AAAA,IACF,EAAE;AAAA,MACA,CAAC;AAAA,QACC;AAAA,QACA,EAAE,gBAAgB,YAAY,iBAAiB,eAAe;AAAA,MAChE,MAAM;AACJ,YAAI,CAAC,kBAAkB,CAAC,YAAY,gBAAgB,cAAc,GAAG;AACnE,gBAAM,IAAI,MAAM,6BAA6B,cAAc,GAAG;AAAA,QAChE;AAEA,YAAI,CAAC,YAAY;AACf,gBAAM,IAAI,MAAM,oCAAoC,UAAU,GAAG;AAAA,QACnE;AAEA,YAAI,eAAe,iBAAiB;AAClC,gBAAM,IAAI;AAAA,YACR,kDAAkD,UAAU,gDAAgD,eAAe;AAAA,UAC7H;AAAA,QACF;AAEA,YAAI,gBAAgB;AAClB,yBAAe,QAAQ,CAAC,eAAe;AACrC,gBAAI,CAAC,YAAY,sBAAsB,UAAU,GAAG;AAClD,oBAAM,IAAI,4BAA4B,UAAU;AAAA,YAClD;AAEA,kBAAM,gBACJ,qBACE,UACF;AACF,kBAAM,2BACJ,sCAAsC,aAAa;AAErD,gBACG,gEACC,CAAC,4BACF,kDACC,0BACF;AACA,oBAAM,IAAI;AAAA,gBACR;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,UACF,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMQ,0BAAgC;AACtC,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,MAAM,KAAK,WAAW;AAAA,IACxB;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CAAC,QAAgB,YAAoB,gBACnC,KAAK,cAAc,QAAQ,YAAY,WAAW;AAAA,IACtD;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,MAAM,KAAK,gBAAgB;AAAA,IAC7B;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CAAC,WAAyB,KAAK,eAAe,MAAM;AAAA,IACtD;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CAAC,QAAsB,eACrB,KAAK,cAAc,QAAQ,UAAU;AAAA,IACzC;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CAAC,WAAyB,KAAK,eAAe,MAAM;AAAA,IACtD;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,KAAK,iBAAiB,KAAK,IAAI;AAAA,IACjC;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CAAC,SAAoC,gBACnC,KAAK,mBAAmB,SAAS,WAAW;AAAA,IAChD;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CAAC,WAAyB,KAAK,qBAAqB,MAAM;AAAA,IAC5D;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CACE,WAIG,KAAK,+BAA+B,MAAM;AAAA,IACjD;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,KAAK,kBAAkB,KAAK,IAAI;AAAA,IAClC;AAEA,SAAK,gBAAgB;AAAA,MACnB,GAAG,cAAc;AAAA,MACjB,CAAC,QAAQ,QAAQ,YAAY,gBAAgB;AAC3C,aAAK;AAAA,UACH;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAmB;AACjB,SAAK,OAAO,CAAC,gBAAgB;AAC3B,aAAO;AAAA,QACL,GAAG,gBAKD;AAAA,MACJ;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBQ,gCACN,gBACA,YACA,kBAC8D;AAC9D,UAAM,eACJ,+DACI;AAAA,MACE;AAAA,MACA,mBAAmB,EAAE,QAAQ,iBAAiB,IAAI;AAAA,IACpD,IACA,IAAI;AAAA,MACF;AAAA,MACA;AAAA,IACF;AAEN,QAAI,CAAC,KAAK,aAAa,UAAU,GAAG;AAClC,YAAM;AAAA,IACR;AAEA,UAAM,gBAAgB,KAAK,2BAA2B,UAAU;AAChE,QAAI,CAAC,qBAAqB,eAAe,cAAc,GAAG;AACxD,YAAM;AAAA,IACR;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,oBACE,QACA,QACoD;AACpD,WAAO,KAAK;AAAA;AAAA,MAEV;AAAA,MACA;AAAA,IACF,EAAE;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,kBAAkC;AAChC,WAAO,OAAO,KAAK,KAAK,MAAM,QAAQ;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,cAME,QACA,YAC+B;AAC/B,WAAO,KAAK,MAAM,SAAS,MAAM,GAAG,YAAY,UAAU;AAAA,EAG5D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,eACE,QAKY;AACZ,WAAO,KAAK,MAAM,SAAS,MAAM,GAAG;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,cACE,QACA,QAIS;AACT,WAAO,QAAQ,KAAK,cAAc,QAAQ,MAAM,CAAC;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,eAAe,QAA+B;AAC5C,WAAO,QAAQ,KAAK,MAAM,SAAS,MAAM,CAAC;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,qBAAqB,QAA4B;AAC/C,SAAK,OAAO,CAAC,eAAe;AAC1B,UAAI,CAAC,WAAW,SAAS,MAAM,GAAG;AAChC,cAAM,IAAI,yBAAyB,MAAM;AAAA,MAC3C;AACA,aAAO,WAAW,SAAS,MAAM;AAAA,IACnC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,iBACE,QACA,QAIM;AACN,SAAK,kBAAkB,EAAE,CAAC,MAAM,GAAG,CAAC,MAAM,EAAE,CAAC;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,kBACE,wBASM;AACN,SAAK,OAAO,CAAC,eAAe;AAC1B,aAAO,KAAK,sBAAsB,EAAE,QAAQ,CAAC,WAAW;AACtD,YAAI,CAAC,YAAY,WAAW,UAAU,MAAM,GAAG;AAC7C,gBAAM,IAAI,yBAAyB,MAAM;AAAA,QAC3C;AAEA,+BAAuB,MAAM,EAAE,QAAQ,CAAC,WAAW;AACjD,gBAAM,EAAE,YAAY,IAAI,WAAW,SAAS,MAAM;AAClD,cAAI,CAAC,YAAY,aAAwC,MAAM,GAAG;AAChE,kBAAM,IAAI,4BAA4B,QAAQ,MAAM;AAAA,UACtD;AAEA,eAAK,iBAAiB,WAAW,UAAU,QAAQ,MAAM;AAAA,QAC3D,CAAC;AAAA,MACH,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,+BACE,QAIM;AACN,QAAI,KAAK,gBAAgB,EAAE,WAAW,GAAG;AACvC;AAAA,IACF;AAEA,SAAK,OAAO,CAAC,eAAe;AAC1B,aAAO,QAAQ,WAAW,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,OAAO,MAAM;AACjE,cAAM,EAAE,YAAY,IAAI;AAExB,YAAI,YAAY,aAAwC,MAAM,GAAG;AAC/D,eAAK,iBAAiB,WAAW,UAAU,QAAQ,MAAM;AAAA,QAC3D;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYQ,iBACN,UACA,QACA,QAIM;AACN,UAAM,EAAE,YAAY,IAAI,SAAS,MAAM;AACvC,QAAI,OAAO,KAAK,WAAW,EAAE,SAAS,GAAG;AACvC,aAAO,YAAY,MAAM;AAAA,IAC3B,OAAO;AACL,aAAO,SAAS,MAAM;AAAA,IACxB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,UAME,QAAsB,QAAoB,YAAiC;AAC3E,WAAO,QAAQ,KAAK,UAAU,QAAQ,QAAQ,UAAU,CAAC;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,UAOE,QACA,QACA,YACsE;AACtE,UAAM,aAAa,KAAK,cAAc,QAAQ,MAAM;AACpD,QAAI,CAAC,YAAY;AACf,YAAM,IAAI,4BAA4B,QAAQ,MAAM;AAAA,IACtD;AAEA,WAAO,WAAW,YAAY,UAAU;AAAA,EAG1C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqBA,UAOE,QACA,QACA,YACA,aACM;AACN,QAAI,KAAK,UAAU,QAAQ,QAAQ,UAAU,GAAG;AAC9C,YAAM,IAAI,yBAAyB,QAAQ,QAAQ,UAAU;AAAA,IAC/D;AAEA,SAAK,UAAU,QAAQ,QAAQ,YAAY,WAAW;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBA,aAWE,QACA,QACA,YACA,aACM;AACN,QAAI,CAAC,KAAK,UAAU,QAAQ,QAAQ,UAAU,GAAG;AAC/C,YAAM,IAAI,wBAAwB,QAAQ,QAAQ,UAAU;AAAA,IAC9D;AAEA,SAAK,UAAU,QAAQ,QAAQ,YAAY,WAAW;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBQ,UAON,QACA,QACA,YACA,aACM;AACN,SAAK,OAAO,CAAC,eAAe;AAC1B,YAAM,UAAU,WAAW,SAAS,MAAM;AAK1C,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,yBAAyB,MAAM;AAAA,MAC3C;AAEA,YAAM,aAAa,QAAQ,YAAY,MAAM;AAG7C,UAAI,CAAC,YAAY;AACf,cAAM,IAAI,4BAA4B,QAAQ,MAAM;AAAA,MACtD;AAEA,YAAM,SAAS;AAAA,QACb,MAAM;AAAA,QACN,OAAO;AAAA,MACT;AACA,WAAK,eAAe,QAAQ,QAAQ,MAAM;AAE1C,UAAI,WAAW,SAAS;AACtB,cAAM,cAAc,WAAW,QAAQ;AAAA,UACrC,CAAC,mBAAmB,eAAe,SAAS,OAAO;AAAA,QACrD;AAEA,YAAI,gBAAgB,IAAI;AACtB,qBAAW,QAAQ,KAAK,MAAM;AAAA,QAChC,OAAO;AACL,qBAAW,QAAQ,OAAO,aAAa,GAAG,MAAM;AAAA,QAClD;AAAA,MACF,OAAO;AAOL,mBAAW,UAAU,CAAC,MAAM;AAAA,MAC9B;AAEA,WAAK,2BAA2B,YAAY,MAAM;AAAA,IACpD,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAyBA,0BAME,kBAA8B,SAA4C;AAC1E,QAAI,OAAO,KAAK,KAAK,MAAM,QAAQ,EAAE,WAAW,GAAG;AACjD;AAAA,IACF;AAEA,SAAK,OAAO,CAAC,eAAe;AAC1B,aAAO,OAAO,WAAW,QAAQ,EAAE,QAAQ,CAAC,YAAY;AACtD,eAAO,OAAO,QAAQ,WAAW,EAAE,QAAQ,CAAC,eAAe;AACzD,gBAAM,EAAE,QAAQ,IAAI;AACpB,gBAAM,eAAe,SAAS;AAAA,YAC5B,CAAC,EAAE,KAAK,MAAM,SAAS;AAAA,UACzB;AACA,cAAI,CAAC,cAAc;AACjB;AAAA,UACF;AAIA,gBAAM,gBAAgB,QAAQ,aAAa,KAAK;AAChD,kBAAQ,cAAc,WAAW;AAAA,YAC/B,KAAK;AACH;AAAA,YAEF,KAAK;AAMH,cAAC,aAAoD,QACnD,cAAc;AAEhB,mBAAK;AAAA,gBACH;AAAA,gBACA,QAAQ;AAAA,gBACR,WAAW;AAAA,cACb;AACA;AAAA,YAEF,KAAK;AACH,mBAAK,aAAa,YAAY,kBAAkB,QAAQ,MAAM;AAC9D;AAAA,YAEF,KAAK;AACH,mBAAK;AAAA,gBACH,WAAW;AAAA,gBACX,QAAQ;AAAA,gBACR,WAAW;AAAA,cACb;AACA;AAAA,YAEF,SAAS;AAGP,oBAAM,mBAA0B;AAChC,oBAAM,IAAI;AAAA,gBACR;AAAA;AAAA,gBAGG,iBAAyB,SAC5B;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF,CAAC;AAAA,MACH,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,aAME,QAAsB,QAAoB,YAA8B;AACxE,SAAK,OAAO,CAAC,eAAe;AAC1B,YAAM,aAAa,WAAW,SAAS,MAAM,GAAG,YAAY,MAAM;AAClE,UAAI,CAAC,YAAY;AACf,cAAM,IAAI,4BAA4B,QAAQ,MAAM;AAAA,MACtD;AAEA,UAAI,CAAC,WAAW,SAAS;AACvB,cAAM,IAAI,wBAAwB,QAAQ,QAAQ,UAAU;AAAA,MAC9D;AAEA,WAAK,aAAa,YAAY,YAAY,MAAM;AAAA,IAClD,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcQ,aAGN,YACA,YACA,QACM;AAEN,QAAI,CAAC,WAAW,SAAS;AACvB,YAAM,IAAI;AAAA,QACR;AAAA,QACA,WAAW;AAAA,QACX;AAAA,MACF;AAAA,IACF;AAEA,UAAM,cAAc,WAAW,QAAQ;AAAA,MACrC,CAAC,mBAAmB,eAAe,SAAS;AAAA,IAC9C;AAEA,QAAI,gBAAgB,IAAI;AACtB,YAAM,IAAI;AAAA,QACR;AAAA,QACA,WAAW;AAAA,QACX;AAAA,MACF;AAAA,IACF;AAEA,QAAI,WAAW,QAAQ,WAAW,GAAG;AACnC,iBAAW,UAAU;AAAA,IACvB,OAAO;AACL,iBAAW,QAAQ,OAAO,aAAa,CAAC;AAAA,IAC1C;AAEA,SAAK,2BAA2B,YAAY,MAAM;AAAA,EACpD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaQ,2BACN,YACA,QACM;AAEN,QAAI,CAAC,KAAK,aAAa,WAAW,gBAAgB,GAAG;AACnD,YAAM,IAAI;AAAA,QACR,sCAAsC,WAAW,gBAAgB;AAAA,MACnE;AAAA,IACF;AAEA,SAAK;AAAA,MACH,KAAK,2BAA2B,WAAW,gBAAgB;AAAA,MAC3D;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASQ,aACN,QAC2D;AAC3D,WAAO,YAAY,KAAK,2BAA2B,MAAM;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqBA,iBAAiB;AAAA,IACf;AAAA,IACA;AAAA,IACA,8BAA8B;AAAA,IAC9B;AAAA,EACF,GAUE;AACA,UAAM,EAAE,OAAO,IAAI;AAEnB,QAAI,CAAC,UAAU,OAAO,WAAW,UAAU;AACzC,YAAM,IAAI,8BAA8B,MAAM;AAAA,IAChD;AAEA,UAAM,cACJ,8BACI;AAAA,MACE,GAAG,KAAK,eAAe,MAAM;AAAA,IAC/B,IACA,CAAC;AAQP,eAAW,CAAC,iBAAiB,kBAAkB,KAAK,OAAO;AAAA,MACzD;AAAA,IACF,GAAG;AACD,UAAI,CAAC,KAAK,aAAa,eAAe,GAAG;AACvC,cAAM,eAAe,eAAe;AAAA,MACtC;AAEA,UACE,mBAAmB,qBAAqB,UACxC,oBAAoB,mBAAmB,kBACvC;AACA,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAIA,YAAM,aAAa;AAInB,YAAM,gBAAgB,KAAK,2BAA2B,UAAU;AAGhE,YAAM,UAAU,KAAK;AAAA,QACnB;AAAA,QACA;AAAA,QACA,mBAAmB;AAAA,MACrB;AAEA,YAAM,oBAAoB;AAAA,QACxB;AAAA,QACA,SAAS;AAAA,QACT,QAAQ;AAAA,MACV;AAEA,UAAI;AAIJ,UAAI,cAAc,SAAS;AACzB,qBAAa,cAAc,QAAQ,mBAAmB,WAAW;AAKjE,aAAK,mBAAmB,eAAe,YAAY,MAAM;AAAA,MAC3D,OAAO;AACL,qBAAa,oBAAoB,iBAAiB;AAKlD,aAAK,mBAAmB,eAAe,YAAY,QAAQ;AAAA,UACzD,2BAA2B;AAAA,UAC3B,yBAAyB;AAAA,QAC3B,CAAC;AAAA,MACH;AACA,kBAAY,UAAU,IAAI;AAAA,IAC5B;AAEA,SAAK,wBAAwB,QAAQ,WAAW;AAChD,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAuBQ,mBACN,eACA,YACA,QACA,EAAE,2BAA2B,wBAAwB,IAAI;AAAA,IACvD,2BAA2B;AAAA,IAC3B,yBAAyB;AAAA,EAC3B,GACM;AACN,UAAM,EAAE,gBAAgB,WAAW,WAAW,IAAI;AAElD,QACE,cAAc,cAAc,UAC5B,cAAc,aAAa,SAAS,GACpC;AACA,YAAM,WAAW,KAAK,gBAAgB;AAAA,QACpC;AAAA,QACA;AAAA,MACF;AAEA,UACE,CAAC,YACD,SAAS,gBAAgB,QACzB,CAAC,cAAc,aAAa,SAAS,SAAS,WAAW,GACzD;AACA,cAAM,cAAc,+DAChB,eAAe,YAAY,EAAE,OAAO,CAAC,IACrC,IAAI,qCAAqC,YAAY,MAAM;AAAA,MACjE;AAAA,IACF;AAEA,QAAI,YAAY,YAAY,SAAS,GAAG;AACtC,YAAM,EAAE,QAAQ,IAAI;AAEpB,UAAI,YAAY,QAAQ,EAAE,MAAM,QAAQ,OAAO,KAAK,QAAQ,SAAS,IAAI;AACvE,cAAM,IAAI,4BAA4B,QAAQ,YAAY,OAAO;AAAA,MACnE;AAEA,YAAM,kBAAkB,oBAAI,IAAY;AACxC,eAAS,QAAQ,CAAC,WAAW;AAC3B,YAAI,yBAAyB;AAC3B,eAAK,eAAe,QAAQ,QAAQ,UAAU;AAAA,QAChD;AAEA,YAAI,CAAC,gBAAgB,SAAS,OAAO,IAAI,GAAG;AAC1C,gBAAM,IAAI,qBAAqB,OAAO,MAAM,QAAQ,UAAU;AAAA,QAChE;AAEA,YAAI,gBAAgB,IAAI,OAAO,IAAI,GAAG;AACpC,gBAAM,IAAI,qBAAqB,OAAO,MAAM,QAAQ,UAAU;AAAA,QAChE;AACA,wBAAgB,IAAI,OAAO,IAAI;AAAA,MACjC,CAAC;AAAA,IACH;AAEA,QAAI,6BAA6B,WAAW;AAC1C,gBAAU,YAAY,QAAQ,UAAU;AAAA,IAC1C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYQ,wBACN,QACA,aAOM;AACN,SAAK,OAAO,CAAC,eAAe;AAC1B,UAAI,CAAC,WAAW,SAAS,MAAM,GAAG;AAChC,mBAAW,SAAS,MAAM,IAAI,EAAE,QAAQ,aAAa,CAAC,EAAE;AAAA,MAC1D;AAEA,iBAAW,SAAS,MAAM,EAAE,cAAc,UAAU,WAAW;AAAA,IACjE,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaQ,iBACN,QACA,QAIA,kBAC0E;AAC1E,UAAM,cAAc,kBAAkB,IAAI,CAAC,oBAAoB;AAC7D,WAAK,eAAe,iBAAiB,QAAQ,MAAM;AAGnD,YAAM,EAAE,MAAM,MAAM,IAAI;AACxB,aAAO,EAAE,MAAM,MAAM;AAAA,IACvB,CAAC;AAED,WAAO,eAAe,gBAAgB,WAAW,IAC7C,cACA;AAAA,EACN;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeQ,eACN,QACA,QACA,QACM;AACN,QAAI,CAAC,cAAc,MAAM,GAAG;AAE1B,YAAM,IAAI,mBAAmB,QAAQ,QAAQ,MAAM;AAAA,IACrD;AAEA,QAAI,OAAO,KAAK,MAAM,EAAE,WAAW,GAAG;AACpC,YAAM,IAAI,yBAAyB,QAAQ,QAAQ,MAAM;AAAA,IAC3D;AAEA,QAAI,OAAO,OAAO,SAAS,UAAU;AACnC,YAAM,IAAI,uBAAuB,QAAQ,QAAQ,MAAM;AAAA,IACzD;AAEA,UAAM,gBAAgB,KAAK,uBAAuB,OAAO,IAAI;AAC7D,QAAI,CAAC,eAAe;AAClB,YAAM,IAAI,4BAA4B,OAAO,MAAM,QAAQ,MAAM;AAAA,IACnE;AAEA,QAAI,CAAC,YAAY,QAAQ,OAAO,KAAK,OAAO,UAAU,QAAW;AAC/D,YAAM,IAAI,wBAAwB,QAAQ,QAAQ,MAAM;AAAA,IAC1D;AAEA,QAAI,CAAC,YAAY,OAAO,KAAK,GAAG;AAC9B,YAAM,IAAI,uBAAuB,QAAQ,QAAQ,MAAM;AAAA,IACzD;AAGA,kBAAc,YAAY,QAA4B,QAAQ,MAAM;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAwBA,MAAM,mBACJ,SACA,sBACA,UAGI,CAAC,GAWL;AACA,UAAM,EAAE,OAAO,IAAI;AACnB,UAAM,EAAE,KAAK,OAAO,GAAG,8BAA8B,KAAK,IAAI;AAC9D,SAAK,6BAA6B,QAAQ,oBAAoB;AAE9D,UAAM,WAAW;AAAA,MACf;AAAA,MACA;AAAA,IACF;AAEA,UAAM,qBAAqB;AAAA,MACzB;AAAA,MACA,aAAa;AAAA,IACf;AAEA,UAAM,kBAAkB,MAAM,KAAK,oBAAoB,kBAAkB;AACzE,UAAM,EAAE,aAAa,qBAAqB,GAAG,YAAY,IACvD;AAEF,UAAM,cAAc,KAAK,eAAe,mBAAmB;AAE3D,QAAI,OAAO,OAAO,YAAY,iBAAiB,EAAE,SAAS,GAAG;AAC3D,YAAM,kBAAkB,MAAM,KAAK;AAAA,QACjC;AAAA,QACA;AAAA,MACF;AACA,YAAM,aAAa,OAAO,KAAK,YAAY,iBAAiB,EAAE;AAAA,QAC5D,CAAC,KAAK,YAAY,OAAO,EAAE,CAAC,UAAU,GAAG,gBAAgB,CAAC,GAAG,GAAG,IAAI;AAAA,QACpE,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,QACL,KAAK,iBAAiB;AAAA,UACpB;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF,CAAC;AAAA,QACD,EAAE,MAAM,YAAY,GAAG,SAAS;AAAA,MAClC;AAAA,IACF;AAEA,WAAO;AAAA,MACL,KAAK,iBAAiB;AAAA,QACpB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA,MACD;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBQ,6BACN,QACA,sBACM;AACN,QAAI,CAAC,cAAc,oBAAoB,GAAG;AACxC,YAAM,cAAc;AAAA,QAClB,SAAS,qCAAqC,MAAM;AAAA,QACpD,MAAM,EAAE,QAAQ,qBAAqB;AAAA,MACvC,CAAC;AAAA,IACH;AAEA,QAAI,OAAO,KAAK,oBAAoB,EAAE,WAAW,GAAG;AAClD,YAAM,cAAc;AAAA,QAClB,SAAS,mCAAmC,MAAM;AAAA,QAClD,MAAM,EAAE,qBAAqB;AAAA,MAC/B,CAAC;AAAA,IACH;AAEA,eAAW,cAAc,OAAO,KAAK,oBAAoB,GAAG;AAC1D,YAAM,aAAa,qBAAqB,UAAU;AAElD,UAAI,CAAC,KAAK,aAAa,UAAU,GAAG;AAClC,cAAM,eAAe,YAAY,EAAE,QAAQ,qBAAqB,CAAC;AAAA,MACnE;AAEA,UACE,CAAC,cAAc,UAAU,KACxB,WAAW,qBAAqB,UAC/B,eAAe,WAAW,kBAC5B;AACA,cAAM,cAAc;AAAA,UAClB,SAAS,mCAAmC,MAAM;AAAA,UAClD,MAAM,EAAE,QAAQ,qBAAqB;AAAA,QACvC,CAAC;AAAA,MACH;AAIA,WAAK;AAAA,QACH,KAAK,2BAA2B,UAAU;AAAA;AAAA,QAE1C;AAAA,QACA;AAAA,QACA,EAAE,2BAA2B,OAAO,yBAAyB,KAAK;AAAA,MACpE;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAc,oBAAoB,oBAAwC;AACxE,UAAM,EAAE,QAAQ,GAAG,IAAI,mBAAmB;AAC1C,UAAM,kBAAkB,MAAM,KAAK,gBAAgB;AAAA,MACjD;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QACA,aAAa;AAAA,QACb;AAAA,MACF;AAAA,MACA;AAAA,IACF;AAEA,SAAK,4BAA4B,iBAAiB,EAAE,IAAI,OAAO,CAAC;AAChE,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,eAAe,aAAmC;AACxD,WAAO,OAAO,KAAK,WAAW,EAAE;AAAA,MAC9B,CAAC,gBAAgB,eAAe;AAC9B,YAAI,KAAK,aAAa,UAAU,GAAG;AACjC,gBAAM,gBAAgB,KAAK,2BAA2B,UAAU;AAEhE,cAAI,cAAc,YAAY;AAC5B,2BAAe,kBAAkB,UAAU,IACzC,cAAc,WAAW;AAE3B,gBAAI,cAAc,WAAW,WAAW;AACtC,6BAAe,gBAAgB,UAAU,IACvC,cAAc,WAAW;AAAA,YAC7B;AAAA,UACF;AAAA,QACF;AACA,eAAO;AAAA,MACT;AAAA,MACA,EAAE,mBAAmB,CAAC,GAAG,iBAAiB,CAAC,EAAE;AAAA,IAC/C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAc,mBACZ,aACA,aACA;AACA,UAAM,EAAE,mBAAmB,gBAAgB,IAAI;AAC/C,UAAM,SAAS;AAAA,MACb;AAAA,MACA,iBAAiB,KAAK;AAAA,IACxB;AAEA,UAAM,iBAAiB,MAAM,QAAQ;AAAA,MACnC,OAAO,OAAO,iBAAiB,EAAE;AAAA,QAAI,CAAC,qBACpC,iBAAiB,MAAM;AAAA,MACzB;AAAA,IACF;AAGA,UAAM,mBAAmB,eAAe;AAAA,MACtC,CAAC,YAAY,QAAQ,WAAW;AAAA,IAClC;AAEA,QAAI,iBAAiB,SAAS,GAAG;AAC/B,YAAM,sBAAsB,OAAO,OAAO,eAAe;AACzD,UAAI,oBAAoB,SAAS,GAAG;AAClC,YAAI;AACF,gBAAM,QAAQ;AAAA,YACZ,oBAAoB,IAAI,CAAC,mBAAmB,eAAe,MAAM,CAAC;AAAA,UACpE;AAAA,QACF,SAAS,OAAO;AACd,gBAAM,cAAc,oCAAoC,EAAE,MAAM,CAAC;AAAA,QACnE;AAAA,MACF;AACA,YAAM,UAAU,iBAAiB,IAAI,CAAC,YAAY,QAAQ,MAAM;AAEhE,cAAQ,QAAQ,CAAC,WAAW;AAC1B,gBAAQ,MAAM,MAAM;AAAA,MACtB,CAAC;AAED,YAAM,QAAQ,SAAS,IACnB;AAAA,QACE;AAAA,QACA,EAAE,QAAQ,QAAQ;AAAA,MACpB,IACA,QAAQ,CAAC;AAAA,IACf;AAGA,WAAQ,eAA6D;AAAA,MACnE,CAAC,EAAE,MAAM,MAAM;AAAA,IACjB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeQ,4BACN,iBACA,kBACA;AACA,UAAM,EAAE,IAAI,OAAO,IAAI;AAEvB,QACE,CAAC,cAAc,eAAe,KAC9B,CAAC,cAAc,gBAAgB,QAAQ,GACvC;AACA,YAAM;AAAA,QACJ,6CAA6C,MAAM;AAAA,QACnD,EAAE,MAAM,EAAE,gBAAgB,EAAE;AAAA,MAC9B;AAAA,IACF;AAEA,UAAM;AAAA,MACJ,UAAU,EAAE,IAAI,OAAO,QAAQ,UAAU;AAAA,MACzC;AAAA,IACF,IAAI;AAEJ,QAAI,UAAU,IAAI;AAChB,YAAM;AAAA,QACJ,6CAA6C,MAAM;AAAA,QACnD,EAAE,YAAY,IAAI,WAAW,MAAM;AAAA,MACrC;AAAA,IACF;AAEA,QAAI,cAAc,QAAQ;AACxB,YAAM;AAAA,QACJ,6CAA6C,MAAM;AAAA,QACnD,EAAE,gBAAgB,QAAQ,eAAe,UAAU;AAAA,MACrD;AAAA,IACF;AAEA,QAAI;AACF,WAAK,6BAA6B,QAAQ,WAAW;AAAA,IACvD,SAAS,OAAO;AACd,UAAI,iBAAiB,cAAc;AAGjC,cAAM;AAAA,UACJ,yCAAyC,MAAM,OAAO;AAAA,UACtD,MAAM;AAAA,QACR;AAAA,MACF;AACA,YAAM,cAAc,2BAA2B,EAAE,MAAM,CAAC;AAAA,IAC1D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,yBAAyB,SAA4C;AACzE,UAAM,EAAE,GAAG,IAAI,QAAQ;AAEvB,QAAI,CAAC,KAAK,mBAAmB,EAAE,GAAG,CAAC,GAAG;AACpC,YAAM,IAAI,gCAAgC,EAAE;AAAA,IAC9C;AAEA,QAAI,OAAO,KAAK,QAAQ,WAAW,EAAE,WAAW,GAAG;AACjD,WAAK;AAAA,QACH;AAAA,QACA,cAAc;AAAA,UACZ,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AACA;AAAA,IACF;AAEA,QAAI;AACF,WAAK,gBAAgB;AAAA,QACnB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AAGd,WAAK,0BAA0B,IAAI,KAAK;AACxC,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,yBAAyB,IAA2B;AACxD,QAAI,CAAC,KAAK,mBAAmB,EAAE,GAAG,CAAC,GAAG;AACpC,YAAM,IAAI,gCAAgC,EAAE;AAAA,IAC9C;AAEA,SAAK,0BAA0B,IAAI,oBAAoB,CAAC;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYQ,mBAAmB,SAAkC;AAC3D,WAAO,KAAK,gBAAgB;AAAA,MAC1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAMA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaQ,0BAA0B,IAAY,OAAsB;AAClE,WAAO,KAAK,gBAAgB;AAAA,MAC1B;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,cACJ,QACA,YAIA,aACe;AACf,QAAI,CAAC,KAAK,cAAc,QAAQ,UAAU,GAAG;AAC3C,YAAM,aAAa,EAAE,MAAM,EAAE,QAAQ,WAAW,EAAE,CAAC;AAAA,IACrD;AAEA,WAAO,KAAK;AAAA;AAAA,MAEV;AAAA,MACA;AAAA,IACF,EAAE,gBAAgB,EAAE,QAAQ,YAAY,CAAC;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BA,MAAM,wBACJ,QACA,YAIA,QACe;AAEf,UAAM,uBAAuB,KAAK,oBAAoB,YAAY,MAAM;AAExE,UAAM,SAAS,MAAM,KAAK;AAAA,MACxB;AAAA,MACA,EAAE,OAAO;AAAA,MACT;AAAA,MACA;AAAA,IACF;AAEA,QAAI,WAAW,QAAW;AACxB,YAAM,IAAI;AAAA,QACR,gCAAgC,UAAU,gBAAgB,MAAM;AAAA,MAClE;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBQ,yBACN,sBACA,SACA,QAIA,SAAqC,CAAC,GAC0B;AAChE,UAAM,EAAE,OAAO,IAAI;AAEnB,UAAM,aAAa,KAAK,cAAc,QAAQ,MAAM;AACpD,QAAI,CAAC,YAAY;AACf,YAAM,aAAa,EAAE,MAAM,EAAE,QAAQ,OAAO,EAAE,CAAC;AAAA,IACjD;AAEA,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,KAAK;AAAA,IACP,EAAE,EAAE,QAAQ,QAAQ,SAAS,EAAE,OAAO,EAAE,CAAC;AAAA,EAC3C;AACF;","names":["CaveatMutatorOperation"]}
package/dist/index.js CHANGED
@@ -7,7 +7,7 @@ require('./chunk-ZVO26XPN.js');
7
7
 
8
8
 
9
9
 
10
- var _chunk5L2IOZE2js = require('./chunk-5L2IOZE2.js');
10
+ var _chunkQ4TESWPEjs = require('./chunk-Q4TESWPE.js');
11
11
 
12
12
 
13
13
 
@@ -88,5 +88,5 @@ require('./chunk-CSAU5B4Q.js');
88
88
 
89
89
 
90
90
 
91
- exports.CaveatAlreadyExistsError = _chunkU5LTEXSUjs.CaveatAlreadyExistsError; exports.CaveatDoesNotExistError = _chunkU5LTEXSUjs.CaveatDoesNotExistError; exports.CaveatInvalidJsonError = _chunkU5LTEXSUjs.CaveatInvalidJsonError; exports.CaveatMissingValueError = _chunkU5LTEXSUjs.CaveatMissingValueError; exports.CaveatMutatorOperation = _chunk5L2IOZE2js.CaveatMutatorOperation; exports.CaveatSpecificationMismatchError = _chunkU5LTEXSUjs.CaveatSpecificationMismatchError; exports.DuplicateCaveatError = _chunkU5LTEXSUjs.DuplicateCaveatError; exports.EndowmentPermissionDoesNotExistError = _chunkU5LTEXSUjs.EndowmentPermissionDoesNotExistError; exports.ForbiddenCaveatError = _chunkU5LTEXSUjs.ForbiddenCaveatError; exports.InvalidApprovedPermissionError = _chunkU5LTEXSUjs.InvalidApprovedPermissionError; exports.InvalidCaveatError = _chunkU5LTEXSUjs.InvalidCaveatError; exports.InvalidCaveatFieldsError = _chunkU5LTEXSUjs.InvalidCaveatFieldsError; exports.InvalidCaveatTypeError = _chunkU5LTEXSUjs.InvalidCaveatTypeError; exports.InvalidCaveatsPropertyError = _chunkU5LTEXSUjs.InvalidCaveatsPropertyError; exports.InvalidSubjectIdentifierError = _chunkU5LTEXSUjs.InvalidSubjectIdentifierError; exports.MethodNames = _chunkK5R57Y57js.MethodNames; exports.PermissionController = _chunk5L2IOZE2js.PermissionController; exports.PermissionDoesNotExistError = _chunkU5LTEXSUjs.PermissionDoesNotExistError; exports.PermissionType = _chunk6CID6TBWjs.PermissionType; exports.PermissionsRequestNotFoundError = _chunkU5LTEXSUjs.PermissionsRequestNotFoundError; exports.SubjectMetadataController = _chunkSFKE5HHKjs.SubjectMetadataController; exports.SubjectType = _chunkSFKE5HHKjs.SubjectType; exports.UnrecognizedCaveatTypeError = _chunkU5LTEXSUjs.UnrecognizedCaveatTypeError; exports.UnrecognizedSubjectError = _chunkU5LTEXSUjs.UnrecognizedSubjectError; exports.constructPermission = _chunk6CID6TBWjs.constructPermission; exports.decorateWithCaveats = _chunkEGNDXGRGjs.decorateWithCaveats; exports.findCaveat = _chunk6CID6TBWjs.findCaveat; exports.hasSpecificationType = _chunk6CID6TBWjs.hasSpecificationType; exports.internalError = _chunkU5LTEXSUjs.internalError; exports.invalidParams = _chunkU5LTEXSUjs.invalidParams; exports.isRestrictedMethodCaveatSpecification = _chunkEGNDXGRGjs.isRestrictedMethodCaveatSpecification; exports.methodNotFound = _chunkU5LTEXSUjs.methodNotFound; exports.permissionRpcMethods = _chunk7CTPRFQ3js.rpc_methods_exports; exports.unauthorized = _chunkU5LTEXSUjs.unauthorized; exports.userRejectedRequest = _chunkU5LTEXSUjs.userRejectedRequest;
91
+ exports.CaveatAlreadyExistsError = _chunkU5LTEXSUjs.CaveatAlreadyExistsError; exports.CaveatDoesNotExistError = _chunkU5LTEXSUjs.CaveatDoesNotExistError; exports.CaveatInvalidJsonError = _chunkU5LTEXSUjs.CaveatInvalidJsonError; exports.CaveatMissingValueError = _chunkU5LTEXSUjs.CaveatMissingValueError; exports.CaveatMutatorOperation = _chunkQ4TESWPEjs.CaveatMutatorOperation; exports.CaveatSpecificationMismatchError = _chunkU5LTEXSUjs.CaveatSpecificationMismatchError; exports.DuplicateCaveatError = _chunkU5LTEXSUjs.DuplicateCaveatError; exports.EndowmentPermissionDoesNotExistError = _chunkU5LTEXSUjs.EndowmentPermissionDoesNotExistError; exports.ForbiddenCaveatError = _chunkU5LTEXSUjs.ForbiddenCaveatError; exports.InvalidApprovedPermissionError = _chunkU5LTEXSUjs.InvalidApprovedPermissionError; exports.InvalidCaveatError = _chunkU5LTEXSUjs.InvalidCaveatError; exports.InvalidCaveatFieldsError = _chunkU5LTEXSUjs.InvalidCaveatFieldsError; exports.InvalidCaveatTypeError = _chunkU5LTEXSUjs.InvalidCaveatTypeError; exports.InvalidCaveatsPropertyError = _chunkU5LTEXSUjs.InvalidCaveatsPropertyError; exports.InvalidSubjectIdentifierError = _chunkU5LTEXSUjs.InvalidSubjectIdentifierError; exports.MethodNames = _chunkK5R57Y57js.MethodNames; exports.PermissionController = _chunkQ4TESWPEjs.PermissionController; exports.PermissionDoesNotExistError = _chunkU5LTEXSUjs.PermissionDoesNotExistError; exports.PermissionType = _chunk6CID6TBWjs.PermissionType; exports.PermissionsRequestNotFoundError = _chunkU5LTEXSUjs.PermissionsRequestNotFoundError; exports.SubjectMetadataController = _chunkSFKE5HHKjs.SubjectMetadataController; exports.SubjectType = _chunkSFKE5HHKjs.SubjectType; exports.UnrecognizedCaveatTypeError = _chunkU5LTEXSUjs.UnrecognizedCaveatTypeError; exports.UnrecognizedSubjectError = _chunkU5LTEXSUjs.UnrecognizedSubjectError; exports.constructPermission = _chunk6CID6TBWjs.constructPermission; exports.decorateWithCaveats = _chunkEGNDXGRGjs.decorateWithCaveats; exports.findCaveat = _chunk6CID6TBWjs.findCaveat; exports.hasSpecificationType = _chunk6CID6TBWjs.hasSpecificationType; exports.internalError = _chunkU5LTEXSUjs.internalError; exports.invalidParams = _chunkU5LTEXSUjs.invalidParams; exports.isRestrictedMethodCaveatSpecification = _chunkEGNDXGRGjs.isRestrictedMethodCaveatSpecification; exports.methodNotFound = _chunkU5LTEXSUjs.methodNotFound; exports.permissionRpcMethods = _chunk7CTPRFQ3js.rpc_methods_exports; exports.unauthorized = _chunkU5LTEXSUjs.unauthorized; exports.userRejectedRequest = _chunkU5LTEXSUjs.userRejectedRequest;
92
92
  //# sourceMappingURL=index.js.map
package/dist/index.mjs CHANGED
@@ -7,7 +7,7 @@ import "./chunk-BEQEQLRE.mjs";
7
7
  import {
8
8
  CaveatMutatorOperation,
9
9
  PermissionController
10
- } from "./chunk-CXKOMB77.mjs";
10
+ } from "./chunk-VFQJB7BG.mjs";
11
11
  import {
12
12
  decorateWithCaveats,
13
13
  isRestrictedMethodCaveatSpecification