@metamask/snaps-controllers 0.24.0

package/dist/multichain/MultiChainController.d.ts

@@ -0,0 +1,135 @@
+import { AddApprovalRequest, BaseControllerV2 as BaseController, GetPermissions, GrantPermissions, HasPermission, RestrictedControllerMessenger } from '@metamask/controllers';
+import { ChainId, ConnectArguments, NamespaceId, RequestArguments, RequestNamespace, Session, SnapId } from '@metamask/snaps-utils';
+import { GetAllSnaps, HandleSnapRequest, IncrementActiveReferences, DecrementActiveReferences } from '../snaps';
+declare const controllerName = "MultiChainController";
+declare type AllowedActions = GetAllSnaps | IncrementActiveReferences | DecrementActiveReferences | HandleSnapRequest | GetPermissions | HasPermission | AddApprovalRequest | GrantPermissions;
+declare type MultiChainControllerMessenger = RestrictedControllerMessenger<typeof controllerName, AllowedActions, never, AllowedActions['type'], never>;
+declare type SessionData = {
+    origin: string;
+    requestedNamespaces: Record<NamespaceId, RequestNamespace>;
+    providedNamespaces: Record<NamespaceId, RequestNamespace>;
+    handlingSnaps: Record<NamespaceId, SnapId>;
+};
+declare type MultiChainControllerState = {
+    sessions: {
+        [origin: string]: SessionData;
+    };
+};
+declare type Notify = (origin: string, data: {
+    method: string;
+    params?: Record<string, unknown>;
+}) => Promise<void>;
+declare type MultiChainControllerArgs = {
+    notify: Notify;
+    messenger: MultiChainControllerMessenger;
+};
+export declare class MultiChainController extends BaseController<typeof controllerName, MultiChainControllerState, MultiChainControllerMessenger> {
+    #private;
+    /**
+     * Construct a new {@link MultiChainController} instance.
+     *
+     * @param args - The arguments to construct the controller with.
+     * @param args.messenger - The controller messenger to use.
+     * @param args.notify - A function that should handle JSON-RPC notifications.
+     */
+    constructor({ messenger, notify }: MultiChainControllerArgs);
+    /**
+     * Get an open session for the given origin.
+     *
+     * @param origin - The origin to get the session for.
+     * @returns The session, if it exists, or `undefined` otherwise.
+     */
+    getSession(origin: string): SessionData | undefined;
+    /**
+     * Close a session for the given origin.
+     *
+     * @param origin - The origin to close the session for.
+     * @throws If the session does not exist.
+     */
+    closeSession(origin: string): Promise<void>;
+    /**
+     * Handles a new connection from the given origin. This will create a new
+     * session, and close any existing session for the origin.
+     *
+     * @param origin - The origin to create the session for.
+     * @param connection - The connection arguments.
+     * @param connection.requiredNamespaces - The namespaces that the origin
+     * requires.
+     * @returns The session that was created.
+     */
+    onConnect(origin: string, connection: ConnectArguments): Promise<Session>;
+    /**
+     * Handle an incoming multichain request from the given origin. This will
+     * forward the request to the appropriate Snap, and return the response.
+     *
+     * @param origin - The origin to handle the request for.
+     * @param data - The request data.
+     * @param data.chainId - The chain ID for the request.
+     * @param data.request - The request arguments, i.e., the method and params.
+     * @returns The response from the Snap.
+     * @throws If the session does not exist, or the session does not provide the
+     * requested namespace.
+     */
+    onRequest(origin: string, data: {
+        chainId: ChainId;
+        request: RequestArguments;
+    }): Promise<unknown>;
+    /**
+     * Send a request to the given Snap. This calls the given method with the
+     * given arguments on the keyring class in the given Snap.
+     *
+     * @param options - The request options.
+     * @param options.snapId - The ID of the Snap to send the request to.
+     * @param options.origin - The origin of the request.
+     * @param options.method - The request method.
+     * @param options.args - The request params.
+     * @returns The response from the Snap.
+     */
+    private snapRequest;
+    /**
+     * Get the accounts exposed by the Snap's keyring.
+     *
+     * This also verifies that the accounts returned by the snap are valid CAIP-10
+     * account IDs.
+     *
+     * @param origin - The origin of the request.
+     * @param snapId - The ID of the Snap to get the accounts from.
+     * @returns The accounts, or `null` if the Snap does not have any accounts, or
+     * the accounts are invalid (i.e., not valid CAIP-10 account IDs).
+     */
+    private getSnapAccounts;
+    /**
+     * Get the namespaces for the given Snap, as described in the Snap's manifest.
+     *
+     * @param snap - The Snap to get the namespaces for.
+     * @returns The namespaces, or `null` if the Snap does not have any
+     * namespaces.
+     */
+    private snapToNamespaces;
+    /**
+     * Maps from an object of namespace IDs and Snap IDs, and an object of
+     * namespace IDs and requested namespaces, to an object of namespace IDs and
+     * resolved accounts, with the Snap ID providing the accounts.
+     *
+     * @param origin - The origin of the request.
+     * @param namespacesAndSnaps - An object of namespace IDs and Snap IDs
+     * providing the namespace.
+     * @param requestedNamespaces - An object of namespace IDs and requested
+     * namespaces.
+     * @returns An object of namespace IDs and resolved accounts, with the Snap ID
+     * providing the accounts.
+     */
+    private namespacesToAccounts;
+    /**
+     * If multiple Snap IDs are provided for a namespace, this method will
+     * determine which Snap ID to use for the namespace, by showing the user a
+     * prompt.
+     *
+     * @param origin - The origin of the request.
+     * @param possibleAccounts - An object containing the accounts provided by
+     * each Snap ID for each namespace.
+     * @returns An object containing the Snap ID to use for each namespace.
+     */
+    private resolveConflicts;
+}
+export {};

package/dist/multichain/MultiChainController.js

@@ -0,0 +1,348 @@
+"use strict";
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _MultiChainController_notify;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MultiChainController = void 0;
+const controllers_1 = require("@metamask/controllers");
+const snaps_utils_1 = require("@metamask/snaps-utils");
+const utils_1 = require("@metamask/utils");
+const nanoid_1 = require("nanoid");
+const snaps_1 = require("../snaps");
+const keyring_1 = require("../snaps/endowments/keyring");
+const matching_1 = require("./matching");
+const controllerName = 'MultiChainController';
+const defaultState = {
+    sessions: {},
+};
+// TODO(ritave): Support for legacy ethereum operations, not just snaps
+class MultiChainController extends controllers_1.BaseControllerV2 {
+    /**
+     * Construct a new {@link MultiChainController} instance.
+     *
+     * @param args - The arguments to construct the controller with.
+     * @param args.messenger - The controller messenger to use.
+     * @param args.notify - A function that should handle JSON-RPC notifications.
+     */
+    constructor({ messenger, notify }) {
+        super({
+            messenger,
+            metadata: {
+                sessions: { persist: false, anonymous: false },
+            },
+            name: controllerName,
+            state: defaultState,
+        });
+        _MultiChainController_notify.set(this, void 0);
+        __classPrivateFieldSet(this, _MultiChainController_notify, notify, "f");
+    }
+    /**
+     * Get an open session for the given origin.
+     *
+     * @param origin - The origin to get the session for.
+     * @returns The session, if it exists, or `undefined` otherwise.
+     */
+    getSession(origin) {
+        return this.state.sessions[origin];
+    }
+    /**
+     * Close a session for the given origin.
+     *
+     * @param origin - The origin to close the session for.
+     * @throws If the session does not exist.
+     */
+    async closeSession(origin) {
+        const session = this.getSession(origin);
+        (0, utils_1.assert)(session, 'No session to close.');
+        await __classPrivateFieldGet(this, _MultiChainController_notify, "f").call(this, origin, {
+            method: 'multichainHack_metamask_disconnect',
+        });
+        this.update((state) => {
+            delete state.sessions[origin];
+        });
+        await Promise.all(Object.values(session.handlingSnaps).map((snapId) => this.messagingSystem.call('SnapController:decrementActiveReferences', snapId)));
+    }
+    /**
+     * Handles a new connection from the given origin. This will create a new
+     * session, and close any existing session for the origin.
+     *
+     * @param origin - The origin to create the session for.
+     * @param connection - The connection arguments.
+     * @param connection.requiredNamespaces - The namespaces that the origin
+     * requires.
+     * @returns The session that was created.
+     */
+    async onConnect(origin, connection) {
+        const existingSession = this.getSession(origin);
+        if (existingSession) {
+            await this.closeSession(origin);
+        }
+        const snaps = await this.messagingSystem.call('SnapController:getAll');
+        const filteredSnaps = (0, snaps_1.getRunnableSnaps)(snaps);
+        // Get available namespaces supported by currently installed Snaps.
+        const availableNamespaces = (0, snaps_utils_1.fromEntries)(await Promise.all(filteredSnaps.map(async (snap) => [
+            snap.id,
+            await this.snapToNamespaces(snap),
+        ])));
+        // The magical matching algorithm specified in SIP-2.
+        const namespaceToSnaps = (0, matching_1.findMatchingKeyringSnaps)(connection.requiredNamespaces, availableNamespaces);
+        const permissions = await this.messagingSystem.call('PermissionController:getPermissions', origin);
+        // Find namespaces that can be satisfied with existing approved Snaps.
+        const approvedNamespacesAndSnaps = Object.entries(namespaceToSnaps).reduce((acc, [namespace, snapIds]) => {
+            const approvedSnaps = snapIds.filter((snapId) => {
+                return (permissions && (0, utils_1.hasProperty)(permissions, (0, snaps_utils_1.getSnapPermissionName)(snapId)));
+            });
+            if (approvedSnaps.length > 0) {
+                acc[namespace] = approvedSnaps;
+            }
+            return acc;
+        }, {});
+        // If we either don't have a snap to handle a namespace or we have multiple we have conflicts
+        const hasConflicts = Object.keys(namespaceToSnaps).some((namespace) => {
+            var _a;
+            return !(0, utils_1.hasProperty)(approvedNamespacesAndSnaps, namespace) ||
+                ((_a = approvedNamespacesAndSnaps[namespace]) === null || _a === void 0 ? void 0 : _a.length) > 1;
+        });
+        // Use already approved snaps if they satisfy the requested namespaces.
+        const filteredNamespacesAndSnaps = hasConflicts
+            ? namespaceToSnaps
+            : approvedNamespacesAndSnaps;
+        // Fetch possible accounts from snaps.
+        const possibleAccounts = await this.namespacesToAccounts(origin, filteredNamespacesAndSnaps, connection.requiredNamespaces);
+        // For now we fail here if no namespaces could be matched to a snap.
+        // We don't fail if at least one namespace is matched to a snap.
+        // TODO: Decide whether this is what we want
+        (0, utils_1.assert)(Object.values(possibleAccounts).some((possibleAccount) => possibleAccount.length > 0), 'No installed snaps found for any requested namespace.');
+        // If currently installed Snaps / configuration doesn't solve request, we
+        // need to show a prompt. This is handled by `resolveConflicts`.
+        const resolvedAccounts = hasConflicts
+            ? await this.resolveConflicts(origin, possibleAccounts)
+            : (0, snaps_utils_1.fromEntries)(Object.entries(possibleAccounts).map(([namespace, snapAndAccounts]) => {
+                var _a;
+                return [
+                    namespace,
+                    (_a = snapAndAccounts[0]) !== null && _a !== void 0 ? _a : null,
+                ];
+            }));
+        // Aggregate information about session namespaces.
+        const providedNamespaces = Object.entries(connection.requiredNamespaces).reduce((acc, [namespaceId, namespace]) => {
+            var _a;
+            const accounts = (_a = resolvedAccounts[namespaceId]) === null || _a === void 0 ? void 0 : _a.accounts;
+            if (accounts) {
+                acc[namespaceId] = {
+                    accounts,
+                    chains: namespace.chains,
+                    events: namespace.events,
+                    methods: namespace.methods,
+                };
+            }
+            return acc;
+        }, {});
+        // Collect information about handler Snaps for each namespace.
+        const handlingSnaps = Object.entries(resolvedAccounts).reduce((acc, [namespaceId, accountsAndSnap]) => {
+            if (accountsAndSnap) {
+                acc[namespaceId] = accountsAndSnap.snapId;
+            }
+            return acc;
+        }, {});
+        const session = {
+            origin,
+            requestedNamespaces: connection.requiredNamespaces,
+            providedNamespaces,
+            handlingSnaps,
+        };
+        // Makes sure used Snaps aren't killed while they are serving the session.
+        await Promise.all(Object.values(session.handlingSnaps).map((snapId) => this.messagingSystem.call('SnapController:incrementActiveReferences', snapId)));
+        this.update((state) => {
+            state.sessions[origin] = session;
+        });
+        return { namespaces: providedNamespaces };
+    }
+    /**
+     * Handle an incoming multichain request from the given origin. This will
+     * forward the request to the appropriate Snap, and return the response.
+     *
+     * @param origin - The origin to handle the request for.
+     * @param data - The request data.
+     * @param data.chainId - The chain ID for the request.
+     * @param data.request - The request arguments, i.e., the method and params.
+     * @returns The response from the Snap.
+     * @throws If the session does not exist, or the session does not provide the
+     * requested namespace.
+     */
+    async onRequest(origin, data) {
+        var _a, _b;
+        const session = this.getSession(origin);
+        (0, utils_1.assert)(session, `Session for "${origin}" doesn't exist.`);
+        const { namespace } = (0, snaps_utils_1.parseChainId)(data.chainId);
+        const sessionNamespace = session.providedNamespaces[namespace];
+        (0, utils_1.assert)((_a = session.providedNamespaces[namespace]) === null || _a === void 0 ? void 0 : _a.chains.includes(data.chainId), `Session for "${origin}" is not connected to "${data.chainId}" chain.`);
+        const { method } = data.request;
+        (0, utils_1.assert)((_b = sessionNamespace === null || sessionNamespace === void 0 ? void 0 : sessionNamespace.methods) === null || _b === void 0 ? void 0 : _b.includes(method), `Session for "${origin}" does not support ${method}`);
+        const snapId = session.handlingSnaps[namespace];
+        (0, utils_1.assert)(snapId !== undefined);
+        const permissionName = (0, snaps_utils_1.getSnapPermissionName)(snapId);
+        // Check if origin has permission to communicate with this Snap.
+        const hasPermission = await this.messagingSystem.call('PermissionController:hasPermission', origin, permissionName);
+        // TODO: Get permission for origin connecting to snap, or get user approval.
+        // In the future this is where we should prompt for this permission.
+        // In this iteration, we will grant this permission in `onConnect`.
+        (0, utils_1.assert)(hasPermission, `${origin} does not have permission to communicate with ${snapId}.`);
+        return this.snapRequest({
+            snapId,
+            origin,
+            method: 'handleRequest',
+            args: data,
+        });
+    }
+    /**
+     * Send a request to the given Snap. This calls the given method with the
+     * given arguments on the keyring class in the given Snap.
+     *
+     * @param options - The request options.
+     * @param options.snapId - The ID of the Snap to send the request to.
+     * @param options.origin - The origin of the request.
+     * @param options.method - The request method.
+     * @param options.args - The request params.
+     * @returns The response from the Snap.
+     */
+    async snapRequest({ snapId, origin, method, args, }) {
+        return this.messagingSystem.call('SnapController:handleRequest', {
+            snapId,
+            origin,
+            handler: snaps_utils_1.HandlerType.SnapKeyring,
+            request: { method, params: args ? [args] : [] },
+        });
+    }
+    /**
+     * Get the accounts exposed by the Snap's keyring.
+     *
+     * This also verifies that the accounts returned by the snap are valid CAIP-10
+     * account IDs.
+     *
+     * @param origin - The origin of the request.
+     * @param snapId - The ID of the Snap to get the accounts from.
+     * @returns The accounts, or `null` if the Snap does not have any accounts, or
+     * the accounts are invalid (i.e., not valid CAIP-10 account IDs).
+     */
+    async getSnapAccounts(origin, snapId) {
+        try {
+            const result = await this.snapRequest({
+                snapId,
+                origin,
+                method: 'getAccounts',
+            });
+            if ((0, snaps_utils_1.isAccountIdArray)(result)) {
+                return result;
+            }
+        }
+        catch (error) {
+            // Ignore errors for now
+            console.error(error);
+        }
+        return null;
+    }
+    /**
+     * Get the namespaces for the given Snap, as described in the Snap's manifest.
+     *
+     * @param snap - The Snap to get the namespaces for.
+     * @returns The namespaces, or `null` if the Snap does not have any
+     * namespaces.
+     */
+    async snapToNamespaces(snap) {
+        const permissions = await this.messagingSystem.call('PermissionController:getPermissions', snap.id);
+        const keyringPermission = permissions === null || permissions === void 0 ? void 0 : permissions[snaps_1.SnapEndowments.Keyring];
+        return (0, keyring_1.getKeyringCaveatNamespaces)(keyringPermission);
+    }
+    /**
+     * Maps from an object of namespace IDs and Snap IDs, and an object of
+     * namespace IDs and requested namespaces, to an object of namespace IDs and
+     * resolved accounts, with the Snap ID providing the accounts.
+     *
+     * @param origin - The origin of the request.
+     * @param namespacesAndSnaps - An object of namespace IDs and Snap IDs
+     * providing the namespace.
+     * @param requestedNamespaces - An object of namespace IDs and requested
+     * namespaces.
+     * @returns An object of namespace IDs and resolved accounts, with the Snap ID
+     * providing the accounts.
+     */
+    async namespacesToAccounts(origin, namespacesAndSnaps, requestedNamespaces) {
+        const dedupedSnaps = [
+            ...new Set((0, snaps_utils_1.flatten)(Object.values(namespacesAndSnaps))),
+        ];
+        const allAccounts = await dedupedSnaps.reduce(async (previousPromise, snapId) => {
+            const result = await this.getSnapAccounts(origin, snapId);
+            const acc = await previousPromise;
+            if (result) {
+                acc[snapId] = result;
+            }
+            return acc;
+        }, Promise.resolve({}));
+        return Object.keys(namespacesAndSnaps).reduce((acc, namespaceId) => {
+            const { chains } = requestedNamespaces[namespaceId];
+            const accountInAnyRequestedChain = (account) => {
+                const { chainId: parsedChainId } = (0, snaps_utils_1.parseAccountId)(account);
+                return chains.some((chainId) => chainId === parsedChainId);
+            };
+            const result = Object.entries(allAccounts)
+                .map(([snapId, accounts]) => ({
+                snapId,
+                accounts: accounts.filter(accountInAnyRequestedChain),
+            }))
+                .filter(({ accounts }) => accounts.length > 0);
+            acc[namespaceId] = result;
+            return acc;
+        }, {});
+    }
+    /**
+     * If multiple Snap IDs are provided for a namespace, this method will
+     * determine which Snap ID to use for the namespace, by showing the user a
+     * prompt.
+     *
+     * @param origin - The origin of the request.
+     * @param possibleAccounts - An object containing the accounts provided by
+     * each Snap ID for each namespace.
+     * @returns An object containing the Snap ID to use for each namespace.
+     */
+    async resolveConflicts(origin, possibleAccounts) {
+        // Get user approval for connection.
+        const id = (0, nanoid_1.nanoid)();
+        const resolvedAccounts = (await this.messagingSystem.call('ApprovalController:addRequest', {
+            origin,
+            id,
+            type: 'multichain_connect',
+            requestData: {
+                possibleAccounts,
+            },
+        }, true));
+        // TODO: In the future, use another permission here to not give full
+        // permission after handshake.
+        // Instead we should give origin only a read-only access to list of accounts
+        // without allowing provider.request() talking to a snap before additional
+        // user approval. The additional approval would be requested in `onRequest`.
+        const approvedPermissions = Object.values(resolvedAccounts).reduce((acc, cur) => {
+            if (cur !== null) {
+                acc[(0, snaps_utils_1.getSnapPermissionName)(cur.snapId)] = {};
+            }
+            return acc;
+        }, {});
+        await this.messagingSystem.call('PermissionController:grantPermissions', {
+            approvedPermissions,
+            subject: { origin },
+        });
+        return resolvedAccounts;
+    }
+}
+exports.MultiChainController = MultiChainController;
+_MultiChainController_notify = new WeakMap();
+//# sourceMappingURL=MultiChainController.js.map

package/dist/multichain/MultiChainController.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"MultiChainController.js","sourceRoot":"","sources":["../../src/multichain/MultiChainController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,uDAQ+B;AAC/B,uDAmB+B;AAE/B,2CAAsD;AACtD,mCAAgC;AAChC,oCAOkB;AAClB,yDAAyE;AACzE,yCAAsD;AAEtD,MAAM,cAAc,GAAG,sBAAsB,CAAC;AAE9C,MAAM,YAAY,GAA8B;IAC9C,QAAQ,EAAE,EAAE;CACb,CAAC;AAyCF,uEAAuE;AACvE,MAAa,oBAAqB,SAAQ,8BAIzC;IAGC;;;;;;OAMG;IACH,YAAY,EAAE,SAAS,EAAE,MAAM,EAA4B;QACzD,KAAK,CAAC;YACJ,SAAS;YACT,QAAQ,EAAE;gBACR,QAAQ,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE;aAC/C;YACD,IAAI,EAAE,cAAc;YACpB,KAAK,EAAE,YAAY;SACpB,CAAC,CAAC;QAjBL,+CAAyB;QAmBvB,uBAAA,IAAI,gCAAW,MAAM,MAAA,CAAC;IACxB,CAAC;IAED;;;;;OAKG;IACH,UAAU,CAAC,MAAc;QACvB,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY,CAAC,MAAc;QAC/B,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACxC,IAAA,cAAM,EAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;QAExC,MAAM,uBAAA,IAAI,oCAAQ,MAAZ,IAAI,EAAS,MAAM,EAAE;YACzB,MAAM,EAAE,oCAAoC;SAC7C,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;YACpB,OAAO,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,GAAG,CACf,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAClD,IAAI,CAAC,eAAe,CAAC,IAAI,CACvB,0CAA0C,EAC1C,MAAM,CACP,CACF,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,SAAS,CACb,MAAc,EACd,UAA4B;QAE5B,MAAM,eAAe,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,eAAe,EAAE;YACnB,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;SACjC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACvE,MAAM,aAAa,GAAG,IAAA,wBAAgB,EAAC,KAAK,CAAC,CAAC;QAE9C,mEAAmE;QACnE,MAAM,mBAAmB,GAAG,IAAA,yBAAW,EACrC,MAAM,OAAO,CAAC,GAAG,CACf,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC;YAChC,IAAI,CAAC,EAAE;YACP,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;SAClC,CAAC,CACH,CACF,CAAC;QAEF,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,IAAA,mCAAwB,EAC/C,UAAU,CAAC,kBAAkB,EAC7B,mBAAmB,CACpB,CAAC;QAEF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CACjD,qCAAqC,EACrC,MAAM,CACP,CAAC;QAEF,sEAAsE;QACtE,MAAM,0BAA0B,GAAG,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAExE,CAAC,GAAG,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE;YAC9B,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE;gBAC9C,OAAO,CACL,WAAW,IAAI,IAAA,mBAAW,EAAC,WAAW,EAAE,IAAA,mCAAqB,EAAC,MAAM,CAAC,CAAC,CACvE,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE;gBAC5B,GAAG,CAAC,SAAS,CAAC,GAAG,aAAa,CAAC;aAChC;YACD,OAAO,GAAG,CAAC;QACb,CAAC,EAAE,EAAE,CAAC,CAAC;QAEP,6FAA6F;QAC7F,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CACrD,CAAC,SAAS,EAAE,EAAE;;YACZ,OAAA,CAAC,IAAA,mBAAW,EAAC,0BAA0B,EAAE,SAAS,CAAC;gBACnD,CAAA,MAAA,0BAA0B,CAAC,SAAS,CAAC,0CAAE,MAAM,IAAG,CAAC,CAAA;SAAA,CACpD,CAAC;QAEF,uEAAuE;QACvE,MAAM,0BAA0B,GAAG,YAAY;YAC7C,CAAC,CAAC,gBAAgB;YAClB,CAAC,CAAC,0BAA0B,CAAC;QAE/B,sCAAsC;QACtC,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,oBAAoB,CACtD,MAAM,EACN,0BAA0B,EAC1B,UAAU,CAAC,kBAAkB,CAC9B,CAAC;QAEF,oEAAoE;QACpE,gEAAgE;QAChE,4CAA4C;QAC5C,IAAA,cAAM,EACJ,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAClC,CAAC,eAAe,EAAE,EAAE,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAChD,EACD,uDAAuD,CACxD,CAAC;QAEF,yEAAyE;QACzE,gEAAgE;QAChE,MAAM,gBAAgB,GAAG,YAAY;YACnC,CAAC,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,CAAC;YACvD,CAAC,CAAC,IAAA,yBAAW,EACT,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAClC,CAAC,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,EAAE;;gBAAC,OAAA;oBAChC,SAAS;oBACT,MAAA,eAAe,CAAC,CAAC,CAAC,mCAAI,IAAI;iBAC3B,CAAA;aAAA,CACF,CACF,CAAC;QAEN,kDAAkD;QAClD,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CACvC,UAAU,CAAC,kBAAkB,CAC9B,CAAC,MAAM,CACN,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,SAAS,CAAC,EAAE,EAAE;;YAChC,MAAM,QAAQ,GAAG,MAAA,gBAAgB,CAAC,WAAW,CAAC,0CAAE,QAAQ,CAAC;YACzD,IAAI,QAAQ,EAAE;gBACZ,GAAG,CAAC,WAAW,CAAC,GAAG;oBACjB,QAAQ;oBACR,MAAM,EAAE,SAAS,CAAC,MAAM;oBACxB,MAAM,EAAE,SAAS,CAAC,MAAM;oBACxB,OAAO,EAAE,SAAS,CAAC,OAAO;iBAC3B,CAAC;aACH;YACD,OAAO,GAAG,CAAC;QACb,CAAC,EACD,EAAE,CACH,CAAC;QAEF,8DAA8D;QAC9D,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAE3D,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,eAAe,CAAC,EAAE,EAAE;YACxC,IAAI,eAAe,EAAE;gBACnB,GAAG,CAAC,WAAW,CAAC,GAAG,eAAe,CAAC,MAAM,CAAC;aAC3C;YACD,OAAO,GAAG,CAAC;QACb,CAAC,EAAE,EAAE,CAAC,CAAC;QAEP,MAAM,OAAO,GAAgB;YAC3B,MAAM;YACN,mBAAmB,EAAE,UAAU,CAAC,kBAAkB;YAClD,kBAAkB;YAClB,aAAa;SACd,CAAC;QAEF,0EAA0E;QAC1E,MAAM,OAAO,CAAC,GAAG,CACf,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAClD,IAAI,CAAC,eAAe,CAAC,IAAI,CACvB,0CAA0C,EAC1C,MAAM,CACP,CACF,CACF,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;YACpB,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,CAAC;IAC5C,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,SAAS,CACb,MAAc,EACd,IAAqD;;QAErD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACxC,IAAA,cAAM,EAAC,OAAO,EAAE,gBAAgB,MAAM,kBAAkB,CAAC,CAAC;QAE1D,MAAM,EAAE,SAAS,EAAE,GAAG,IAAA,0BAAY,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjD,MAAM,gBAAgB,GAAG,OAAO,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAC/D,IAAA,cAAM,EACJ,MAAA,OAAO,CAAC,kBAAkB,CAAC,SAAS,CAAC,0CAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EACpE,gBAAgB,MAAM,0BAA0B,IAAI,CAAC,OAAO,UAAU,CACvE,CAAC;QAEF,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;QAChC,IAAA,cAAM,EACJ,MAAA,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,OAAO,0CAAE,QAAQ,CAAC,MAAM,CAAC,EAC3C,gBAAgB,MAAM,sBAAsB,MAAM,EAAE,CACrD,CAAC;QAEF,MAAM,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAChD,IAAA,cAAM,EAAC,MAAM,KAAK,SAAS,CAAC,CAAC;QAE7B,MAAM,cAAc,GAAG,IAAA,mCAAqB,EAAC,MAAM,CAAC,CAAC;QAErD,gEAAgE;QAChE,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CACnD,oCAAoC,EACpC,MAAM,EACN,cAAc,CACf,CAAC;QAEF,4EAA4E;QAC5E,oEAAoE;QACpE,mEAAmE;QACnE,IAAA,cAAM,EACJ,aAAa,EACb,GAAG,MAAM,iDAAiD,MAAM,GAAG,CACpE,CAAC;QAEF,OAAO,IAAI,CAAC,WAAW,CAAC;YACtB,MAAM;YACN,MAAM;YACN,MAAM,EAAE,eAAe;YACvB,IAAI,EAAE,IAAI;SACX,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;OAUG;IACK,KAAK,CAAC,WAAW,CAAC,EACxB,MAAM,EACN,MAAM,EACN,MAAM,EACN,IAAI,GAML;QACC,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,8BAA8B,EAAE;YAC/D,MAAM;YACN,MAAM;YACN,OAAO,EAAE,yBAAW,CAAC,WAAW;YAChC,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE;SAChD,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;OAUG;IACK,KAAK,CAAC,eAAe,CAC3B,MAAc,EACd,MAAc;QAEd,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC;gBACpC,MAAM;gBACN,MAAM;gBACN,MAAM,EAAE,aAAa;aACtB,CAAC,CAAC;YAEH,IAAI,IAAA,8BAAgB,EAAC,MAAM,CAAC,EAAE;gBAC5B,OAAO,MAAM,CAAC;aACf;SACF;QAAC,OAAO,KAAK,EAAE;YACd,wBAAwB;YACxB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;SACtB;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;OAMG;IACK,KAAK,CAAC,gBAAgB,CAC5B,IAAmB;QAEnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CACjD,qCAAqC,EACrC,IAAI,CAAC,EAAE,CACR,CAAC;QAEF,MAAM,iBAAiB,GAAG,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAG,sBAAc,CAAC,OAAO,CAAC,CAAC;QAChE,OAAO,IAAA,oCAA0B,EAAC,iBAAiB,CAAC,CAAC;IACvD,CAAC;IAED;;;;;;;;;;;;OAYG;IACK,KAAK,CAAC,oBAAoB,CAChC,MAAc,EACd,kBAAiD,EACjD,mBAA0D;QAE1D,MAAM,YAAY,GAAG;YACnB,GAAG,IAAI,GAAG,CAAC,IAAA,qBAAO,EAAC,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAC;SAC3C,CAAC;QAEd,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,CAE3C,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,EAAE;YAClC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAC1D,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC;YAClC,IAAI,MAAM,EAAE;gBACV,GAAG,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;aACtB;YACD,OAAO,GAAG,CAAC;QACb,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;QAExB,OAAO,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,CAE3C,CAAC,GAAG,EAAE,WAAW,EAAE,EAAE;YACrB,MAAM,EAAE,MAAM,EAAE,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;YAEpD,MAAM,0BAA0B,GAAG,CAAC,OAAkB,EAAE,EAAE;gBACxD,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,IAAA,4BAAc,EAAC,OAAO,CAAC,CAAC;gBAC3D,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,KAAK,aAAa,CAAC,CAAC;YAC7D,CAAC,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC;iBACvC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC5B,MAAM;gBACN,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,0BAA0B,CAAC;aACtD,CAAC,CAAC;iBACF,MAAM,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAEjD,GAAG,CAAC,WAAW,CAAC,GAAG,MAAM,CAAC;YAE1B,OAAO,GAAG,CAAC;QACb,CAAC,EAAE,EAAE,CAAC,CAAC;IACT,CAAC;IAED;;;;;;;;;OASG;IACK,KAAK,CAAC,gBAAgB,CAC5B,MAAc,EACd,gBAGC;QAID,oCAAoC;QACpC,MAAM,EAAE,GAAG,IAAA,eAAM,GAAE,CAAC;QACpB,MAAM,gBAAgB,GAAG,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CACvD,+BAA+B,EAC/B;YACE,MAAM;YACN,EAAE;YACF,IAAI,EAAE,oBAAoB;YAC1B,WAAW,EAAE;gBACX,gBAAgB;aACjB;SACF,EACD,IAAI,CACL,CAA0E,CAAC;QAE5E,oEAAoE;QACpE,8BAA8B;QAC9B,4EAA4E;QAC5E,0EAA0E;QAC1E,4EAA4E;QAC5E,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAEhE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YACb,IAAI,GAAG,KAAK,IAAI,EAAE;gBAChB,GAAG,CAAC,IAAA,mCAAqB,EAAC,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC;aAC7C;YACD,OAAO,GAAG,CAAC;QACb,CAAC,EAAE,EAAE,CAAC,CAAC;QAEP,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,uCAAuC,EAAE;YACvE,mBAAmB;YACnB,OAAO,EAAE,EAAE,MAAM,EAAE;SACpB,CAAC,CAAC;QAEH,OAAO,gBAAgB,CAAC;IAC1B,CAAC;CACF;AAxdD,oDAwdC","sourcesContent":["import {\n  AddApprovalRequest,\n  BaseControllerV2 as BaseController,\n  GetPermissions,\n  GrantPermissions,\n  HasPermission,\n  PermissionConstraint,\n  RestrictedControllerMessenger,\n} from '@metamask/controllers';\nimport {\n  parseAccountId,\n  AccountId,\n  parseChainId,\n  ChainId,\n  ConnectArguments,\n  HandlerType,\n  NamespaceId,\n  RequestArguments,\n  RequestNamespace,\n  Session,\n  TruncatedSnap,\n  SnapId,\n  fromEntries,\n  SessionNamespace,\n  flatten,\n  getSnapPermissionName,\n  isAccountIdArray,\n  Namespaces,\n} from '@metamask/snaps-utils';\nimport { SnapKeyring } from '@metamask/snaps-types';\nimport { hasProperty, assert } from '@metamask/utils';\nimport { nanoid } from 'nanoid';\nimport {\n  GetAllSnaps,\n  HandleSnapRequest,\n  IncrementActiveReferences,\n  DecrementActiveReferences,\n  SnapEndowments,\n  getRunnableSnaps,\n} from '../snaps';\nimport { getKeyringCaveatNamespaces } from '../snaps/endowments/keyring';\nimport { findMatchingKeyringSnaps } from './matching';\n\nconst controllerName = 'MultiChainController';\n\nconst defaultState: MultiChainControllerState = {\n  sessions: {},\n};\n\ntype AllowedActions =\n  | GetAllSnaps\n  | IncrementActiveReferences\n  | DecrementActiveReferences\n  | HandleSnapRequest\n  | GetPermissions\n  | HasPermission\n  | AddApprovalRequest\n  | GrantPermissions;\n\ntype MultiChainControllerMessenger = RestrictedControllerMessenger<\n  typeof controllerName,\n  AllowedActions,\n  never,\n  AllowedActions['type'],\n  never\n>;\n\ntype SessionData = {\n  origin: string;\n  requestedNamespaces: Record<NamespaceId, RequestNamespace>;\n  providedNamespaces: Record<NamespaceId, RequestNamespace>;\n  handlingSnaps: Record<NamespaceId, SnapId>;\n};\n\ntype MultiChainControllerState = {\n  sessions: { [origin: string]: SessionData };\n};\n\ntype Notify = (\n  origin: string,\n  data: { method: string; params?: Record<string, unknown> },\n) => Promise<void>;\n\ntype MultiChainControllerArgs = {\n  notify: Notify;\n  messenger: MultiChainControllerMessenger;\n};\n\n// TODO(ritave): Support for legacy ethereum operations, not just snaps\nexport class MultiChainController extends BaseController<\n  typeof controllerName,\n  MultiChainControllerState,\n  MultiChainControllerMessenger\n> {\n  readonly #notify: Notify;\n\n  /**\n   * Construct a new {@link MultiChainController} instance.\n   *\n   * @param args - The arguments to construct the controller with.\n   * @param args.messenger - The controller messenger to use.\n   * @param args.notify - A function that should handle JSON-RPC notifications.\n   */\n  constructor({ messenger, notify }: MultiChainControllerArgs) {\n    super({\n      messenger,\n      metadata: {\n        sessions: { persist: false, anonymous: false },\n      },\n      name: controllerName,\n      state: defaultState,\n    });\n\n    this.#notify = notify;\n  }\n\n  /**\n   * Get an open session for the given origin.\n   *\n   * @param origin - The origin to get the session for.\n   * @returns The session, if it exists, or `undefined` otherwise.\n   */\n  getSession(origin: string): SessionData | undefined {\n    return this.state.sessions[origin];\n  }\n\n  /**\n   * Close a session for the given origin.\n   *\n   * @param origin - The origin to close the session for.\n   * @throws If the session does not exist.\n   */\n  async closeSession(origin: string): Promise<void> {\n    const session = this.getSession(origin);\n    assert(session, 'No session to close.');\n\n    await this.#notify(origin, {\n      method: 'multichainHack_metamask_disconnect',\n    });\n\n    this.update((state) => {\n      delete state.sessions[origin];\n    });\n\n    await Promise.all(\n      Object.values(session.handlingSnaps).map((snapId) =>\n        this.messagingSystem.call(\n          'SnapController:decrementActiveReferences',\n          snapId,\n        ),\n      ),\n    );\n  }\n\n  /**\n   * Handles a new connection from the given origin. This will create a new\n   * session, and close any existing session for the origin.\n   *\n   * @param origin - The origin to create the session for.\n   * @param connection - The connection arguments.\n   * @param connection.requiredNamespaces - The namespaces that the origin\n   * requires.\n   * @returns The session that was created.\n   */\n  async onConnect(\n    origin: string,\n    connection: ConnectArguments,\n  ): Promise<Session> {\n    const existingSession = this.getSession(origin);\n    if (existingSession) {\n      await this.closeSession(origin);\n    }\n\n    const snaps = await this.messagingSystem.call('SnapController:getAll');\n    const filteredSnaps = getRunnableSnaps(snaps);\n\n    // Get available namespaces supported by currently installed Snaps.\n    const availableNamespaces = fromEntries(\n      await Promise.all(\n        filteredSnaps.map(async (snap) => [\n          snap.id,\n          await this.snapToNamespaces(snap),\n        ]),\n      ),\n    );\n\n    // The magical matching algorithm specified in SIP-2.\n    const namespaceToSnaps = findMatchingKeyringSnaps(\n      connection.requiredNamespaces,\n      availableNamespaces,\n    );\n\n    const permissions = await this.messagingSystem.call(\n      'PermissionController:getPermissions',\n      origin,\n    );\n\n    // Find namespaces that can be satisfied with existing approved Snaps.\n    const approvedNamespacesAndSnaps = Object.entries(namespaceToSnaps).reduce<\n      Record<NamespaceId, SnapId[]>\n    >((acc, [namespace, snapIds]) => {\n      const approvedSnaps = snapIds.filter((snapId) => {\n        return (\n          permissions && hasProperty(permissions, getSnapPermissionName(snapId))\n        );\n      });\n\n      if (approvedSnaps.length > 0) {\n        acc[namespace] = approvedSnaps;\n      }\n      return acc;\n    }, {});\n\n    // If we either don't have a snap to handle a namespace or we have multiple we have conflicts\n    const hasConflicts = Object.keys(namespaceToSnaps).some(\n      (namespace) =>\n        !hasProperty(approvedNamespacesAndSnaps, namespace) ||\n        approvedNamespacesAndSnaps[namespace]?.length > 1,\n    );\n\n    // Use already approved snaps if they satisfy the requested namespaces.\n    const filteredNamespacesAndSnaps = hasConflicts\n      ? namespaceToSnaps\n      : approvedNamespacesAndSnaps;\n\n    // Fetch possible accounts from snaps.\n    const possibleAccounts = await this.namespacesToAccounts(\n      origin,\n      filteredNamespacesAndSnaps,\n      connection.requiredNamespaces,\n    );\n\n    // For now we fail here if no namespaces could be matched to a snap.\n    // We don't fail if at least one namespace is matched to a snap.\n    // TODO: Decide whether this is what we want\n    assert(\n      Object.values(possibleAccounts).some(\n        (possibleAccount) => possibleAccount.length > 0,\n      ),\n      'No installed snaps found for any requested namespace.',\n    );\n\n    // If currently installed Snaps / configuration doesn't solve request, we\n    // need to show a prompt. This is handled by `resolveConflicts`.\n    const resolvedAccounts = hasConflicts\n      ? await this.resolveConflicts(origin, possibleAccounts)\n      : fromEntries(\n          Object.entries(possibleAccounts).map(\n            ([namespace, snapAndAccounts]) => [\n              namespace,\n              snapAndAccounts[0] ?? null,\n            ],\n          ),\n        );\n\n    // Aggregate information about session namespaces.\n    const providedNamespaces = Object.entries(\n      connection.requiredNamespaces,\n    ).reduce<Record<NamespaceId, SessionNamespace>>(\n      (acc, [namespaceId, namespace]) => {\n        const accounts = resolvedAccounts[namespaceId]?.accounts;\n        if (accounts) {\n          acc[namespaceId] = {\n            accounts,\n            chains: namespace.chains,\n            events: namespace.events,\n            methods: namespace.methods,\n          };\n        }\n        return acc;\n      },\n      {},\n    );\n\n    // Collect information about handler Snaps for each namespace.\n    const handlingSnaps = Object.entries(resolvedAccounts).reduce<\n      Record<NamespaceId, SnapId>\n    >((acc, [namespaceId, accountsAndSnap]) => {\n      if (accountsAndSnap) {\n        acc[namespaceId] = accountsAndSnap.snapId;\n      }\n      return acc;\n    }, {});\n\n    const session: SessionData = {\n      origin,\n      requestedNamespaces: connection.requiredNamespaces,\n      providedNamespaces,\n      handlingSnaps,\n    };\n\n    // Makes sure used Snaps aren't killed while they are serving the session.\n    await Promise.all(\n      Object.values(session.handlingSnaps).map((snapId) =>\n        this.messagingSystem.call(\n          'SnapController:incrementActiveReferences',\n          snapId,\n        ),\n      ),\n    );\n\n    this.update((state) => {\n      state.sessions[origin] = session;\n    });\n\n    return { namespaces: providedNamespaces };\n  }\n\n  /**\n   * Handle an incoming multichain request from the given origin. This will\n   * forward the request to the appropriate Snap, and return the response.\n   *\n   * @param origin - The origin to handle the request for.\n   * @param data - The request data.\n   * @param data.chainId - The chain ID for the request.\n   * @param data.request - The request arguments, i.e., the method and params.\n   * @returns The response from the Snap.\n   * @throws If the session does not exist, or the session does not provide the\n   * requested namespace.\n   */\n  async onRequest(\n    origin: string,\n    data: { chainId: ChainId; request: RequestArguments },\n  ): Promise<unknown> {\n    const session = this.getSession(origin);\n    assert(session, `Session for \"${origin}\" doesn't exist.`);\n\n    const { namespace } = parseChainId(data.chainId);\n    const sessionNamespace = session.providedNamespaces[namespace];\n    assert(\n      session.providedNamespaces[namespace]?.chains.includes(data.chainId),\n      `Session for \"${origin}\" is not connected to \"${data.chainId}\" chain.`,\n    );\n\n    const { method } = data.request;\n    assert(\n      sessionNamespace?.methods?.includes(method),\n      `Session for \"${origin}\" does not support ${method}`,\n    );\n\n    const snapId = session.handlingSnaps[namespace];\n    assert(snapId !== undefined);\n\n    const permissionName = getSnapPermissionName(snapId);\n\n    // Check if origin has permission to communicate with this Snap.\n    const hasPermission = await this.messagingSystem.call(\n      'PermissionController:hasPermission',\n      origin,\n      permissionName,\n    );\n\n    // TODO: Get permission for origin connecting to snap, or get user approval.\n    // In the future this is where we should prompt for this permission.\n    // In this iteration, we will grant this permission in `onConnect`.\n    assert(\n      hasPermission,\n      `${origin} does not have permission to communicate with ${snapId}.`,\n    );\n\n    return this.snapRequest({\n      snapId,\n      origin,\n      method: 'handleRequest',\n      args: data,\n    });\n  }\n\n  /**\n   * Send a request to the given Snap. This calls the given method with the\n   * given arguments on the keyring class in the given Snap.\n   *\n   * @param options - The request options.\n   * @param options.snapId - The ID of the Snap to send the request to.\n   * @param options.origin - The origin of the request.\n   * @param options.method - The request method.\n   * @param options.args - The request params.\n   * @returns The response from the Snap.\n   */\n  private async snapRequest({\n    snapId,\n    origin,\n    method,\n    args,\n  }: {\n    snapId: SnapId;\n    origin: string;\n    method: keyof SnapKeyring;\n    args?: unknown;\n  }) {\n    return this.messagingSystem.call('SnapController:handleRequest', {\n      snapId,\n      origin,\n      handler: HandlerType.SnapKeyring,\n      request: { method, params: args ? [args] : [] },\n    });\n  }\n\n  /**\n   * Get the accounts exposed by the Snap's keyring.\n   *\n   * This also verifies that the accounts returned by the snap are valid CAIP-10\n   * account IDs.\n   *\n   * @param origin - The origin of the request.\n   * @param snapId - The ID of the Snap to get the accounts from.\n   * @returns The accounts, or `null` if the Snap does not have any accounts, or\n   * the accounts are invalid (i.e., not valid CAIP-10 account IDs).\n   */\n  private async getSnapAccounts(\n    origin: string,\n    snapId: SnapId,\n  ): Promise<AccountId[] | null> {\n    try {\n      const result = await this.snapRequest({\n        snapId,\n        origin,\n        method: 'getAccounts',\n      });\n\n      if (isAccountIdArray(result)) {\n        return result;\n      }\n    } catch (error) {\n      // Ignore errors for now\n      console.error(error);\n    }\n\n    return null;\n  }\n\n  /**\n   * Get the namespaces for the given Snap, as described in the Snap's manifest.\n   *\n   * @param snap - The Snap to get the namespaces for.\n   * @returns The namespaces, or `null` if the Snap does not have any\n   * namespaces.\n   */\n  private async snapToNamespaces(\n    snap: TruncatedSnap,\n  ): Promise<Namespaces | null> {\n    const permissions = await this.messagingSystem.call(\n      'PermissionController:getPermissions',\n      snap.id,\n    );\n\n    const keyringPermission = permissions?.[SnapEndowments.Keyring];\n    return getKeyringCaveatNamespaces(keyringPermission);\n  }\n\n  /**\n   * Maps from an object of namespace IDs and Snap IDs, and an object of\n   * namespace IDs and requested namespaces, to an object of namespace IDs and\n   * resolved accounts, with the Snap ID providing the accounts.\n   *\n   * @param origin - The origin of the request.\n   * @param namespacesAndSnaps - An object of namespace IDs and Snap IDs\n   * providing the namespace.\n   * @param requestedNamespaces - An object of namespace IDs and requested\n   * namespaces.\n   * @returns An object of namespace IDs and resolved accounts, with the Snap ID\n   * providing the accounts.\n   */\n  private async namespacesToAccounts(\n    origin: string,\n    namespacesAndSnaps: Record<NamespaceId, SnapId[]>,\n    requestedNamespaces: Record<NamespaceId, RequestNamespace>,\n  ): Promise<Record<NamespaceId, { snapId: SnapId; accounts: AccountId[] }[]>> {\n    const dedupedSnaps = [\n      ...new Set(flatten(Object.values(namespacesAndSnaps))),\n    ] as SnapId[];\n\n    const allAccounts = await dedupedSnaps.reduce<\n      Promise<Record<string, AccountId[]>>\n    >(async (previousPromise, snapId) => {\n      const result = await this.getSnapAccounts(origin, snapId);\n      const acc = await previousPromise;\n      if (result) {\n        acc[snapId] = result;\n      }\n      return acc;\n    }, Promise.resolve({}));\n\n    return Object.keys(namespacesAndSnaps).reduce<\n      Record<NamespaceId, { snapId: SnapId; accounts: AccountId[] }[]>\n    >((acc, namespaceId) => {\n      const { chains } = requestedNamespaces[namespaceId];\n\n      const accountInAnyRequestedChain = (account: AccountId) => {\n        const { chainId: parsedChainId } = parseAccountId(account);\n        return chains.some((chainId) => chainId === parsedChainId);\n      };\n\n      const result = Object.entries(allAccounts)\n        .map(([snapId, accounts]) => ({\n          snapId,\n          accounts: accounts.filter(accountInAnyRequestedChain),\n        }))\n        .filter(({ accounts }) => accounts.length > 0);\n\n      acc[namespaceId] = result;\n\n      return acc;\n    }, {});\n  }\n\n  /**\n   * If multiple Snap IDs are provided for a namespace, this method will\n   * determine which Snap ID to use for the namespace, by showing the user a\n   * prompt.\n   *\n   * @param origin - The origin of the request.\n   * @param possibleAccounts - An object containing the accounts provided by\n   * each Snap ID for each namespace.\n   * @returns An object containing the Snap ID to use for each namespace.\n   */\n  private async resolveConflicts(\n    origin: string,\n    possibleAccounts: Record<\n      NamespaceId,\n      { snapId: SnapId; accounts: AccountId[] }[]\n    >,\n  ): Promise<\n    Record<NamespaceId, { snapId: SnapId; accounts: AccountId[] } | null>\n  > {\n    // Get user approval for connection.\n    const id = nanoid();\n    const resolvedAccounts = (await this.messagingSystem.call(\n      'ApprovalController:addRequest',\n      {\n        origin,\n        id,\n        type: 'multichain_connect',\n        requestData: {\n          possibleAccounts,\n        },\n      },\n      true,\n    )) as Record<NamespaceId, { snapId: SnapId; accounts: AccountId[] } | null>;\n\n    // TODO: In the future, use another permission here to not give full\n    // permission after handshake.\n    // Instead we should give origin only a read-only access to list of accounts\n    // without allowing provider.request() talking to a snap before additional\n    // user approval. The additional approval would be requested in `onRequest`.\n    const approvedPermissions = Object.values(resolvedAccounts).reduce<\n      Record<string, Partial<PermissionConstraint>>\n    >((acc, cur) => {\n      if (cur !== null) {\n        acc[getSnapPermissionName(cur.snapId)] = {};\n      }\n      return acc;\n    }, {});\n\n    await this.messagingSystem.call('PermissionController:grantPermissions', {\n      approvedPermissions,\n      subject: { origin },\n    });\n\n    return resolvedAccounts;\n  }\n}\n"]}

package/dist/multichain/index.d.ts

@@ -0,0 +1,3 @@
+export * from './matching';
+export * from './middleware';
+export * from './MultiChainController';

package/dist/multichain/index.js

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./matching"), exports);
+__exportStar(require("./middleware"), exports);
+__exportStar(require("./MultiChainController"), exports);
+//# sourceMappingURL=index.js.map

package/dist/multichain/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/multichain/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,6CAA2B;AAC3B,+CAA6B;AAC7B,yDAAuC","sourcesContent":["export * from './matching';\nexport * from './middleware';\nexport * from './MultiChainController';\n"]}

package/dist/multichain/matching.d.ts

@@ -0,0 +1,9 @@
+import { ConnectArguments, NamespaceId, SnapId, Namespace } from '@metamask/snaps-utils';
+/**
+ * Finds a keyring snap for each namespace implements at a minimum the requested functionality.
+ *
+ * @param requestedNamespaces - The requested namespaces.
+ * @param snaps - All snaps and their exposed keyring namespaces.
+ * @returns A mapping between namespaces and snap ids.
+ */
+export declare function findMatchingKeyringSnaps(requestedNamespaces: ConnectArguments['requiredNamespaces'], snaps: Record<SnapId, Record<NamespaceId, Namespace> | null>): Record<NamespaceId, SnapId[]>;

package/dist/multichain/matching.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.findMatchingKeyringSnaps = void 0;
+/**
+ * Finds a keyring snap for each namespace implements at a minimum the requested functionality.
+ *
+ * @param requestedNamespaces - The requested namespaces.
+ * @param snaps - All snaps and their exposed keyring namespaces.
+ * @returns A mapping between namespaces and snap ids.
+ */
+function findMatchingKeyringSnaps(requestedNamespaces, snaps) {
+    const snapEntries = Object.entries(snaps);
+    return Object.entries(requestedNamespaces).reduce((acc, [requestedNamespaceId, currentRequestedNamespace]) => {
+        const matchedSnaps = snapEntries
+            .filter(([, namespaces]) => {
+            const potentialMatch = namespaces === null || namespaces === void 0 ? void 0 : namespaces[requestedNamespaceId];
+            return (potentialMatch !== undefined &&
+                matchNamespace(currentRequestedNamespace, potentialMatch));
+        })
+            .map(([snapId]) => snapId);
+        acc[requestedNamespaceId] = matchedSnaps;
+        return acc;
+    }, {});
+}
+exports.findMatchingKeyringSnaps = findMatchingKeyringSnaps;
+/**
+ * Determines whether a keyring namespace is a match given a potential match and the requested namespace.
+ *
+ * This function assumes that the namespace ID has already been matched.
+ *
+ * @param requestedNamespace - The requested namespace information.
+ * @param potentialMatchNamespace - The potential match.
+ * @returns True if the potentially matching namespace is a match.
+ */
+function matchNamespace(requestedNamespace, potentialMatchNamespace) {
+    var _a, _b, _c, _d;
+    if (!requestedNamespace.chains.every((requestedChain) => potentialMatchNamespace.chains.some((potentialMatchChain) => potentialMatchChain.id === requestedChain))) {
+        return false;
+    }
+    if (!isSubset((_a = requestedNamespace.events) !== null && _a !== void 0 ? _a : [], (_b = potentialMatchNamespace.events) !== null && _b !== void 0 ? _b : [])) {
+        return false;
+    }
+    if (!isSubset((_c = requestedNamespace.methods) !== null && _c !== void 0 ? _c : [], (_d = potentialMatchNamespace.methods) !== null && _d !== void 0 ? _d : [])) {
+        return false;
+    }
+    return true;
+}
+/**
+ * Determines whether an array is a subset of another array.
+ *
+ * @param potentialSubset - The potential subset.
+ * @param array - The other array.
+ * @returns True if the first argument is a subset of second argument.
+ */
+function isSubset(potentialSubset, array) {
+    return potentialSubset.every((item) => array.includes(item));
+}
+//# sourceMappingURL=matching.js.map

package/dist/multichain/matching.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"matching.js","sourceRoot":"","sources":["../../src/multichain/matching.ts"],"names":[],"mappings":";;;AAOA;;;;;;GAMG;AACH,SAAgB,wBAAwB,CACtC,mBAA2D,EAC3D,KAA4D;IAE5D,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC1C,OAAO,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,MAAM,CAE/C,CAAC,GAAG,EAAE,CAAC,oBAAoB,EAAE,yBAAyB,CAAC,EAAE,EAAE;QAC3D,MAAM,YAAY,GAAG,WAAW;aAC7B,MAAM,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,EAAE,EAAE;YACzB,MAAM,cAAc,GAAG,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAG,oBAAoB,CAAC,CAAC;YAC1D,OAAO,CACL,cAAc,KAAK,SAAS;gBAC5B,cAAc,CAAC,yBAAyB,EAAE,cAAc,CAAC,CAC1D,CAAC;QACJ,CAAC,CAAC;aACD,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;QAC7B,GAAG,CAAC,oBAAoB,CAAC,GAAG,YAAY,CAAC;QACzC,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAAE,CAAC,CAAC;AACT,CAAC;AApBD,4DAoBC;AAED;;;;;;;;GAQG;AACH,SAAS,cAAc,CACrB,kBAAuE,EACvE,uBAAkC;;IAElC,IACE,CAAC,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,EAAE,EAAE,CAClD,uBAAuB,CAAC,MAAM,CAAC,IAAI,CACjC,CAAC,mBAAmB,EAAE,EAAE,CAAC,mBAAmB,CAAC,EAAE,KAAK,cAAc,CACnE,CACF,EACD;QACA,OAAO,KAAK,CAAC;KACd;IAED,IACE,CAAC,QAAQ,CACP,MAAA,kBAAkB,CAAC,MAAM,mCAAI,EAAE,EAC/B,MAAA,uBAAuB,CAAC,MAAM,mCAAI,EAAE,CACrC,EACD;QACA,OAAO,KAAK,CAAC;KACd;IAED,IACE,CAAC,QAAQ,CACP,MAAA,kBAAkB,CAAC,OAAO,mCAAI,EAAE,EAChC,MAAA,uBAAuB,CAAC,OAAO,mCAAI,EAAE,CACtC,EACD;QACA,OAAO,KAAK,CAAC;KACd;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,SAAS,QAAQ,CAAI,eAAoB,EAAE,KAAU;IACnD,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;AAC/D,CAAC","sourcesContent":["import {\n  ConnectArguments,\n  NamespaceId,\n  SnapId,\n  Namespace,\n} from '@metamask/snaps-utils';\n\n/**\n * Finds a keyring snap for each namespace implements at a minimum the requested functionality.\n *\n * @param requestedNamespaces - The requested namespaces.\n * @param snaps - All snaps and their exposed keyring namespaces.\n * @returns A mapping between namespaces and snap ids.\n */\nexport function findMatchingKeyringSnaps(\n  requestedNamespaces: ConnectArguments['requiredNamespaces'],\n  snaps: Record<SnapId, Record<NamespaceId, Namespace> | null>,\n): Record<NamespaceId, SnapId[]> {\n  const snapEntries = Object.entries(snaps);\n  return Object.entries(requestedNamespaces).reduce<\n    Record<NamespaceId, SnapId[]>\n  >((acc, [requestedNamespaceId, currentRequestedNamespace]) => {\n    const matchedSnaps = snapEntries\n      .filter(([, namespaces]) => {\n        const potentialMatch = namespaces?.[requestedNamespaceId];\n        return (\n          potentialMatch !== undefined &&\n          matchNamespace(currentRequestedNamespace, potentialMatch)\n        );\n      })\n      .map(([snapId]) => snapId);\n    acc[requestedNamespaceId] = matchedSnaps;\n    return acc;\n  }, {});\n}\n\n/**\n * Determines whether a keyring namespace is a match given a potential match and the requested namespace.\n *\n * This function assumes that the namespace ID has already been matched.\n *\n * @param requestedNamespace - The requested namespace information.\n * @param potentialMatchNamespace - The potential match.\n * @returns True if the potentially matching namespace is a match.\n */\nfunction matchNamespace(\n  requestedNamespace: ConnectArguments['requiredNamespaces'][NamespaceId],\n  potentialMatchNamespace: Namespace,\n) {\n  if (\n    !requestedNamespace.chains.every((requestedChain) =>\n      potentialMatchNamespace.chains.some(\n        (potentialMatchChain) => potentialMatchChain.id === requestedChain,\n      ),\n    )\n  ) {\n    return false;\n  }\n\n  if (\n    !isSubset(\n      requestedNamespace.events ?? [],\n      potentialMatchNamespace.events ?? [],\n    )\n  ) {\n    return false;\n  }\n\n  if (\n    !isSubset(\n      requestedNamespace.methods ?? [],\n      potentialMatchNamespace.methods ?? [],\n    )\n  ) {\n    return false;\n  }\n\n  return true;\n}\n\n/**\n * Determines whether an array is a subset of another array.\n *\n * @param potentialSubset - The potential subset.\n * @param array - The other array.\n * @returns True if the first argument is a subset of second argument.\n */\nfunction isSubset<T>(potentialSubset: T[], array: T[]) {\n  return potentialSubset.every((item) => array.includes(item));\n}\n"]}