npm - @metamask/snaps-controllers - Versions diffs - 4.0.0 → 5.0.0 - Mend

@metamask/snaps-controllers 4.0.0 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (163) hide show

package/CHANGELOG.md +33 -1
package/dist/cjs/cronjob/CronjobController.js +3 -3
package/dist/cjs/cronjob/CronjobController.js.map +1 -1
package/dist/cjs/index.js +1 -0
package/dist/cjs/index.js.map +1 -1
package/dist/cjs/interface/SnapInterfaceController.js +166 -0
package/dist/cjs/interface/SnapInterfaceController.js.map +1 -0
package/dist/cjs/interface/index.js +20 -0
package/dist/cjs/interface/index.js.map +1 -0
package/dist/cjs/interface/utils.js +59 -0
package/dist/cjs/interface/utils.js.map +1 -0
package/dist/cjs/services/ProxyPostMessageStream.js +3 -10
package/dist/cjs/services/ProxyPostMessageStream.js.map +1 -1
package/dist/cjs/services/browser.js +1 -0
package/dist/cjs/services/browser.js.map +1 -1
package/dist/cjs/services/index.js +1 -0
package/dist/cjs/services/index.js.map +1 -1
package/dist/cjs/services/node/NodeProcessExecutionService.js +13 -1
package/dist/cjs/services/node/NodeProcessExecutionService.js.map +1 -1
package/dist/cjs/services/node/NodeThreadExecutionService.js +14 -1
package/dist/cjs/services/node/NodeThreadExecutionService.js.map +1 -1
package/dist/cjs/services/offscreen/OffscreenExecutionService.js +36 -99
package/dist/cjs/services/offscreen/OffscreenExecutionService.js.map +1 -1
package/dist/cjs/services/proxy/ProxyExecutionService.js +110 -0
package/dist/cjs/services/proxy/ProxyExecutionService.js.map +1 -0
package/dist/cjs/services/webview/WebViewExecutionService.js +99 -0
package/dist/cjs/services/webview/WebViewExecutionService.js.map +1 -0
package/dist/cjs/services/webview/WebViewMessageStream.js +127 -0
package/dist/cjs/services/webview/WebViewMessageStream.js.map +1 -0
package/dist/cjs/services/webview/index.js +20 -0
package/dist/cjs/services/webview/index.js.map +1 -0
package/dist/cjs/snaps/SnapController.js +303 -138
package/dist/cjs/snaps/SnapController.js.map +1 -1
package/dist/cjs/snaps/constants.js +25 -0
package/dist/cjs/snaps/constants.js.map +1 -0
package/dist/cjs/snaps/index.js +0 -2
package/dist/cjs/snaps/index.js.map +1 -1
package/dist/cjs/snaps/location/npm.js +13 -2
package/dist/cjs/snaps/location/npm.js.map +1 -1
package/dist/cjs/utils.js +32 -0
package/dist/cjs/utils.js.map +1 -1
package/dist/esm/cronjob/CronjobController.js +2 -2
package/dist/esm/cronjob/CronjobController.js.map +1 -1
package/dist/esm/index.js +1 -0
package/dist/esm/index.js.map +1 -1
package/dist/esm/interface/SnapInterfaceController.js +158 -0
package/dist/esm/interface/SnapInterfaceController.js.map +1 -0
package/dist/esm/interface/index.js +3 -0
package/dist/esm/interface/index.js.map +1 -0
package/dist/esm/interface/utils.js +62 -0
package/dist/esm/interface/utils.js.map +1 -0
package/dist/esm/services/ProxyPostMessageStream.js +3 -10
package/dist/esm/services/ProxyPostMessageStream.js.map +1 -1
package/dist/esm/services/browser.js +1 -0
package/dist/esm/services/browser.js.map +1 -1
package/dist/esm/services/index.js +1 -0
package/dist/esm/services/index.js.map +1 -1
package/dist/esm/services/node/NodeProcessExecutionService.js +13 -1
package/dist/esm/services/node/NodeProcessExecutionService.js.map +1 -1
package/dist/esm/services/node/NodeThreadExecutionService.js +14 -1
package/dist/esm/services/node/NodeThreadExecutionService.js.map +1 -1
package/dist/esm/services/offscreen/OffscreenExecutionService.js +36 -99
package/dist/esm/services/offscreen/OffscreenExecutionService.js.map +1 -1
package/dist/esm/services/proxy/ProxyExecutionService.js +100 -0
package/dist/esm/services/proxy/ProxyExecutionService.js.map +1 -0
package/dist/esm/services/webview/WebViewExecutionService.js +89 -0
package/dist/esm/services/webview/WebViewExecutionService.js.map +1 -0
package/dist/esm/services/webview/WebViewMessageStream.js +119 -0
package/dist/esm/services/webview/WebViewMessageStream.js.map +1 -0
package/dist/esm/services/webview/index.js +3 -0
package/dist/esm/services/webview/index.js.map +1 -0
package/dist/esm/snaps/SnapController.js +299 -134
package/dist/esm/snaps/SnapController.js.map +1 -1
package/dist/esm/snaps/constants.js +16 -0
package/dist/esm/snaps/constants.js.map +1 -0
package/dist/esm/snaps/index.js +0 -2
package/dist/esm/snaps/index.js.map +1 -1
package/dist/esm/snaps/location/npm.js +13 -2
package/dist/esm/snaps/location/npm.js.map +1 -1
package/dist/esm/utils.js +37 -0
package/dist/esm/utils.js.map +1 -1
package/dist/types/index.d.ts +1 -0
package/dist/types/interface/SnapInterfaceController.d.ts +85 -0
package/dist/types/interface/index.d.ts +1 -0
package/dist/types/interface/utils.d.ts +36 -0
package/dist/types/services/ProxyPostMessageStream.d.ts +1 -2
package/dist/types/services/browser.d.ts +1 -0
package/dist/types/services/index.d.ts +1 -0
package/dist/types/services/offscreen/OffscreenExecutionService.d.ts +5 -22
package/dist/types/services/proxy/ProxyExecutionService.d.ts +39 -0
package/dist/types/services/webview/WebViewExecutionService.d.ts +20 -0
package/dist/types/services/webview/WebViewMessageStream.d.ts +32 -0
package/dist/types/services/webview/index.d.ts +1 -0
package/dist/types/snaps/SnapController.d.ts +37 -6
package/dist/types/snaps/constants.d.ts +1 -0
package/dist/types/snaps/index.d.ts +0 -2
package/dist/types/utils.d.ts +119 -0
package/package.json +14 -14
package/dist/cjs/snaps/endowments/cronjob.js +0 -100
package/dist/cjs/snaps/endowments/cronjob.js.map +0 -1
package/dist/cjs/snaps/endowments/enum.js +0 -25
package/dist/cjs/snaps/endowments/enum.js.map +0 -1
package/dist/cjs/snaps/endowments/ethereum-provider.js +0 -43
package/dist/cjs/snaps/endowments/ethereum-provider.js.map +0 -1
package/dist/cjs/snaps/endowments/home-page.js +0 -37
package/dist/cjs/snaps/endowments/home-page.js.map +0 -1
package/dist/cjs/snaps/endowments/index.js +0 -99
package/dist/cjs/snaps/endowments/index.js.map +0 -1
package/dist/cjs/snaps/endowments/keyring.js +0 -100
package/dist/cjs/snaps/endowments/keyring.js.map +0 -1
package/dist/cjs/snaps/endowments/lifecycle-hooks.js +0 -37
package/dist/cjs/snaps/endowments/lifecycle-hooks.js.map +0 -1
package/dist/cjs/snaps/endowments/name-lookup.js +0 -106
package/dist/cjs/snaps/endowments/name-lookup.js.map +0 -1
package/dist/cjs/snaps/endowments/network-access.js +0 -44
package/dist/cjs/snaps/endowments/network-access.js.map +0 -1
package/dist/cjs/snaps/endowments/rpc.js +0 -99
package/dist/cjs/snaps/endowments/rpc.js.map +0 -1
package/dist/cjs/snaps/endowments/transaction-insight.js +0 -106
package/dist/cjs/snaps/endowments/transaction-insight.js.map +0 -1
package/dist/cjs/snaps/endowments/web-assembly.js +0 -42
package/dist/cjs/snaps/endowments/web-assembly.js.map +0 -1
package/dist/cjs/snaps/permissions.js +0 -61
package/dist/cjs/snaps/permissions.js.map +0 -1
package/dist/esm/snaps/endowments/cronjob.js +0 -99
package/dist/esm/snaps/endowments/cronjob.js.map +0 -1
package/dist/esm/snaps/endowments/enum.js +0 -15
package/dist/esm/snaps/endowments/enum.js.map +0 -1
package/dist/esm/snaps/endowments/ethereum-provider.js +0 -33
package/dist/esm/snaps/endowments/ethereum-provider.js.map +0 -1
package/dist/esm/snaps/endowments/home-page.js +0 -27
package/dist/esm/snaps/endowments/home-page.js.map +0 -1
package/dist/esm/snaps/endowments/index.js +0 -54
package/dist/esm/snaps/endowments/index.js.map +0 -1
package/dist/esm/snaps/endowments/keyring.js +0 -91
package/dist/esm/snaps/endowments/keyring.js.map +0 -1
package/dist/esm/snaps/endowments/lifecycle-hooks.js +0 -27
package/dist/esm/snaps/endowments/lifecycle-hooks.js.map +0 -1
package/dist/esm/snaps/endowments/name-lookup.js +0 -98
package/dist/esm/snaps/endowments/name-lookup.js.map +0 -1
package/dist/esm/snaps/endowments/network-access.js +0 -34
package/dist/esm/snaps/endowments/network-access.js.map +0 -1
package/dist/esm/snaps/endowments/rpc.js +0 -88
package/dist/esm/snaps/endowments/rpc.js.map +0 -1
package/dist/esm/snaps/endowments/transaction-insight.js +0 -99
package/dist/esm/snaps/endowments/transaction-insight.js.map +0 -1
package/dist/esm/snaps/endowments/web-assembly.js +0 -32
package/dist/esm/snaps/endowments/web-assembly.js.map +0 -1
package/dist/esm/snaps/permissions.js +0 -50
package/dist/esm/snaps/permissions.js.map +0 -1
package/dist/types/snaps/endowments/cronjob.d.ts +0 -51
package/dist/types/snaps/endowments/enum.d.ts +0 -12
package/dist/types/snaps/endowments/ethereum-provider.d.ts +0 -14
package/dist/types/snaps/endowments/home-page.d.ts +0 -15
package/dist/types/snaps/endowments/index.d.ts +0 -115
package/dist/types/snaps/endowments/keyring.d.ts +0 -39
package/dist/types/snaps/endowments/lifecycle-hooks.d.ts +0 -15
package/dist/types/snaps/endowments/name-lookup.d.ts +0 -38
package/dist/types/snaps/endowments/network-access.d.ts +0 -14
package/dist/types/snaps/endowments/rpc.d.ts +0 -38
package/dist/types/snaps/endowments/transaction-insight.d.ts +0 -39
package/dist/types/snaps/endowments/web-assembly.d.ts +0 -14
package/dist/types/snaps/permissions.d.ts +0 -16

package/dist/esm/snaps/SnapController.js CHANGED Viewed

@@ -64,20 +64,17 @@ function _define_property(obj, key, value) {
 import { BaseController } from '@metamask/base-controller';
 import { SubjectType } from '@metamask/permission-controller';
 import { rpcErrors } from '@metamask/rpc-errors';
-import { WALLET_SNAP_PERMISSION_KEY } from '@metamask/snaps-rpc-methods';
+import { WALLET_SNAP_PERMISSION_KEY, getMaxRequestTimeCaveat, handlerEndowments, SnapEndowments, getKeyringCaveatOrigins, getRpcCaveatOrigins, processSnapPermissions } from '@metamask/snaps-rpc-methods';
 import { AuxiliaryFileEncoding, getErrorMessage } from '@metamask/snaps-sdk';
-import { validateComponentLinks, assertIsSnapManifest, assertIsValidSnapId, DEFAULT_ENDOWMENTS, DEFAULT_REQUESTED_SNAP_VERSION, encodeAuxiliaryFile, HandlerType, isOriginAllowed, logError, normalizeRelative, OnTransactionResponseStruct, resolveVersionRange, SnapCaveatType, SnapStatus, SnapStatusEvents, validateFetchedSnap, unwrapError, OnHomePageResponseStruct, getValidatedLocalizationFiles, encodeBase64 } from '@metamask/snaps-utils';
+import { assertIsSnapManifest, assertIsValidSnapId, DEFAULT_ENDOWMENTS, DEFAULT_REQUESTED_SNAP_VERSION, encodeAuxiliaryFile, HandlerType, isOriginAllowed, logError, normalizeRelative, OnTransactionResponseStruct, OnSignatureResponseStruct, resolveVersionRange, SnapCaveatType, SnapStatus, SnapStatusEvents, unwrapError, OnHomePageResponseStruct, getValidatedLocalizationFiles, VirtualFile, NpmSnapFileNames, OnNameLookupResponseStruct, getLocalizedSnapManifest } from '@metamask/snaps-utils';
 import { assert, assertIsJsonRpcRequest, assertStruct, Duration, gtRange, gtVersion, hasProperty, inMilliseconds, isNonEmptyArray, isValidSemVerRange, satisfiesVersionRange, timeSince } from '@metamask/utils';
 import { createMachine, interpret } from '@xstate/fsm';
 import { nanoid } from 'nanoid';
 import { forceStrict, validateMachine } from '../fsm';
 import { log } from '../logging';
-import { getSnapFiles, hasTimedOut, setDiff, withTimeout } from '../utils';
-import { handlerEndowments, SnapEndowments } from './endowments';
-import { getKeyringCaveatOrigins } from './endowments/keyring';
-import { getRpcCaveatOrigins } from './endowments/rpc';
+import { fetchSnap, hasTimedOut, setDiff, withTimeout } from '../utils';
+import { ALLOWED_PERMISSIONS } from './constants';
 import { detectSnapLocation } from './location';
-import { processSnapPermissions } from './permissions';
 import { SnapsRegistryStatus } from './registry';
 import { RequestQueue } from './RequestQueue';
 import { Timer } from './Timer';
@@ -125,7 +122,7 @@ var _closeAllConnections = /*#__PURE__*/ new WeakMap(), _dynamicPermissions = /*
 _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
    * Constructor helper for registering the controller's messaging system
    * actions.
-   */ _registerMessageHandlers = /*#__PURE__*/ new WeakSet(), _pollForLastRequestStatus = /*#__PURE__*/ new WeakSet(), _blockSnap = /*#__PURE__*/ new WeakSet(), /**
+   */ _registerMessageHandlers = /*#__PURE__*/ new WeakSet(), _handlePreinstalledSnaps = /*#__PURE__*/ new WeakSet(), _pollForLastRequestStatus = /*#__PURE__*/ new WeakSet(), _blockSnap = /*#__PURE__*/ new WeakSet(), /**
    * Unblocks a snap so that it can be enabled and started again. Emits
    * {@link SnapUnblocked}. Does nothing if the snap is not installed or already
    * unblocked.
@@ -142,7 +139,7 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
    *
    * @param snapId - The id of the snap to transition.
    * @param event - The event enum to use to transition.
-   */ _transition = /*#__PURE__*/ new WeakSet(), _terminateSnap = /*#__PURE__*/ new WeakSet(), /**
+   */ _transition = /*#__PURE__*/ new WeakSet(), _terminateSnap = /*#__PURE__*/ new WeakSet(), _handleInitialConnections = /*#__PURE__*/ new WeakSet(), _addSnapToSubject = /*#__PURE__*/ new WeakSet(), /**
    * Removes a snap's permission (caveat) from all subjects.
    *
    * @param snapId - The id of the Snap.
@@ -163,12 +160,20 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
    *
    * @param args - The add snap args.
    * @returns The resulting snap object.
-   */ _set = /*#__PURE__*/ new WeakSet(), _fetchSnap = /*#__PURE__*/ new WeakSet(), _validateSnapPermissions = /*#__PURE__*/ new WeakSet(), /**
+   */ _set = /*#__PURE__*/ new WeakSet(), _validateSnapPermissions = /*#__PURE__*/ new WeakSet(), /**
+   * Determine the execution timeout for a given handler permission.
+   *
+   * If no permission is specified or the permission itself has no execution timeout defined
+   * the constructor argument `maxRequestTime` will be used.
+   *
+   * @param permission - An optional permission constraint for the handler being called.
+   * @returns The execution timeout for the given handler.
+   */ _getExecutionTimeout = /*#__PURE__*/ new WeakSet(), /**
    * Gets the RPC message handler for the given snap.
    *
    * @param snapId - The id of the Snap whose message handler to get.
    * @returns The RPC handler for the given snap.
-   */ _getRpcRequestHandler = /*#__PURE__*/ new WeakSet(), _triggerPhishingListUpdate = /*#__PURE__*/ new WeakSet(), _checkPhishingList = /*#__PURE__*/ new WeakSet(), _assertSnapRpcRequestResult = /*#__PURE__*/ new WeakSet(), _executeWithTimeout = /*#__PURE__*/ new WeakSet(), _recordSnapRpcRequestStart = /*#__PURE__*/ new WeakSet(), _recordSnapRpcRequestFinish = /*#__PURE__*/ new WeakSet(), /**
+   */ _getRpcRequestHandler = /*#__PURE__*/ new WeakSet(), _createInterface = /*#__PURE__*/ new WeakSet(), _assertInterfaceExists = /*#__PURE__*/ new WeakSet(), _transformSnapRpcRequestResult = /*#__PURE__*/ new WeakSet(), _assertSnapRpcRequestResult = /*#__PURE__*/ new WeakSet(), _executeWithTimeout = /*#__PURE__*/ new WeakSet(), _recordSnapRpcRequestStart = /*#__PURE__*/ new WeakSet(), _recordSnapRpcRequestFinish = /*#__PURE__*/ new WeakSet(), /**
    * Retrieves the rollback snapshot of a snap.
    *
    * @param snapId - The snap id.
@@ -181,6 +186,16 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
    * @throws {@link Error}. If the snap exists before creation or if creation fails.
    * @returns A `RollbackSnapshot`.
    */ _createRollbackSnapshot = /*#__PURE__*/ new WeakSet(), _rollbackSnap = /*#__PURE__*/ new WeakSet(), _rollbackSnaps = /*#__PURE__*/ new WeakSet(), _getRuntime = /*#__PURE__*/ new WeakSet(), _getRuntimeExpect = /*#__PURE__*/ new WeakSet(), _setupRuntime = /*#__PURE__*/ new WeakSet(), _calculatePermissionsChange = /*#__PURE__*/ new WeakSet(), /**
+   * Updates the permissions for a snap following an install, update or rollback.
+   *
+   * Grants newly requested permissions and revokes unused/revoked permissions.
+   *
+   * @param args - An options bag.
+   * @param args.snapId - The snap ID.
+   * @param args.newPermissions - New permissions to be granted.
+   * @param args.unusedPermissions - Unused permissions to be revoked.
+   * @param args.requestData - Optional request data from an approval.
+   */ _updatePermissions = /*#__PURE__*/ new WeakSet(), /**
    * Checks if a snap will pass version validation checks
    * with the new version range that is requested. The first
    * check that is done is to check if the existing snap version
@@ -471,6 +486,10 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
         if (!Array.isArray(snapIds)) {
             throw new Error('Expected array of snap ids.');
         }
+        snapIds.forEach((snapId)=>{
+            const snap = this.getExpect(snapId);
+            assert(snap.removable !== false, `${snapId} is not removable.`);
+        });
         await Promise.all(snapIds.map(async (snapId)=>{
             const snap = this.getExpect(snapId);
             const truncated = this.getTruncatedExpect(snapId);
@@ -664,6 +683,7 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
             snapId,
             type: SNAP_APPROVAL_INSTALL
         });
+        this.messagingSystem.publish('SnapController:snapInstallStarted', snapId, origin, false);
         // Existing snaps must be stopped before overwriting
         if (existingSnap && this.isRunning(snapId)) {
             await this.stopSnap(snapId, SnapStatusEvents.Stop);
@@ -697,11 +717,13 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
             return truncated;
         } catch (error) {
             logError(`Error when adding ${snapId}.`, error);
+            const errorString = error instanceof Error ? error.message : error.toString();
             _class_private_method_get(this, _updateApproval, updateApproval).call(this, pendingApproval.id, {
                 loading: false,
                 type: SNAP_APPROVAL_INSTALL,
-                error: error instanceof Error ? error.message : error.toString()
+                error: errorString
             });
+            this.messagingSystem.publish('SnapController:snapInstallFailed', snapId, origin, false, errorString);
             throw error;
         }
     }
@@ -733,9 +755,11 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
             type: SNAP_APPROVAL_UPDATE
         });
         try {
+            this.messagingSystem.publish('SnapController:snapInstallStarted', snapId, origin, true);
             const snap = this.getExpect(snapId);
-            const newSnap = await _class_private_method_get(this, _fetchSnap, fetchSnap).call(this, snapId, location);
-            const { sourceCode: sourceCodeFile, manifest: manifestFile } = newSnap.files;
+            const oldManifest = snap.manifest;
+            const newSnap = await fetchSnap(snapId, location);
+            const { sourceCode: sourceCodeFile, manifest: manifestFile } = newSnap;
             const manifest = manifestFile.result;
             const newVersion = manifest.version;
             if (!gtVersion(newVersion, snap.version)) {
@@ -746,7 +770,8 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
             }
             await _class_private_method_get(this, _assertIsInstallAllowed, assertIsInstallAllowed).call(this, snapId, {
                 version: newVersion,
-                checksum: manifest.source.shasum
+                checksum: manifest.source.shasum,
+                permissions: manifest.initialPermissions
             });
             const processedPermissions = processSnapPermissions(manifest.initialPermissions);
             _class_private_method_get(this, _validateSnapPermissions, validateSnapPermissions).call(this, processedPermissions);
@@ -772,28 +797,22 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
             _class_private_method_get(this, _set, set).call(this, {
                 origin,
                 id: snapId,
-                files: newSnap.files,
+                files: newSnap,
                 isUpdate: true
             });
-            const unusedPermissionsKeys = Object.keys(unusedPermissions);
-            if (isNonEmptyArray(unusedPermissionsKeys)) {
-                this.messagingSystem.call('PermissionController:revokePermissions', {
-                    [snapId]: unusedPermissionsKeys
-                });
-            }
-            if (isNonEmptyArray(Object.keys(approvedNewPermissions))) {
-                this.messagingSystem.call('PermissionController:grantPermissions', {
-                    approvedPermissions: approvedNewPermissions,
-                    subject: {
-                        origin: snapId
-                    },
-                    requestData
-                });
+            _class_private_method_get(this, _updatePermissions, updatePermissions).call(this, {
+                snapId,
+                unusedPermissions,
+                newPermissions: approvedNewPermissions,
+                requestData
+            });
+            if (manifest.initialConnections) {
+                _class_private_method_get(this, _handleInitialConnections, handleInitialConnections).call(this, snapId, oldManifest.initialConnections ?? null, manifest.initialConnections);
             }
             const rollbackSnapshot = _class_private_method_get(this, _getRollbackSnapshot, getRollbackSnapshot).call(this, snapId);
             if (rollbackSnapshot !== undefined) {
                 rollbackSnapshot.permissions.revoked = unusedPermissions;
-                rollbackSnapshot.permissions.granted = Object.keys(approvedNewPermissions);
+                rollbackSnapshot.permissions.granted = approvedNewPermissions;
                 rollbackSnapshot.permissions.requestData = requestData;
             }
             const sourceCode = sourceCodeFile.toString();
@@ -817,11 +836,13 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
             return truncatedSnap;
         } catch (error) {
             logError(`Error when updating ${snapId},`, error);
+            const errorString = error instanceof Error ? error.message : error.toString();
             _class_private_method_get(this, _updateApproval, updateApproval).call(this, pendingApproval.id, {
                 loading: false,
-                error: error instanceof Error ? error.message : error.toString(),
+                error: errorString,
                 type: SNAP_APPROVAL_UPDATE
             });
+            this.messagingSystem.publish('SnapController:snapInstallFailed', snapId, origin, true, errorString);
             throw error;
         }
     }
@@ -856,14 +877,13 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
                 permissions: processedPermissions
             });
             const { permissions: approvedPermissions, ...requestData } = await pendingApproval.promise;
-            if (isNonEmptyArray(Object.keys(approvedPermissions))) {
-                this.messagingSystem.call('PermissionController:grantPermissions', {
-                    approvedPermissions,
-                    subject: {
-                        origin: snapId
-                    },
-                    requestData
-                });
+            _class_private_method_get(this, _updatePermissions, updatePermissions).call(this, {
+                snapId,
+                newPermissions: approvedPermissions,
+                requestData
+            });
+            if (snap.manifest.initialConnections) {
+                _class_private_method_get(this, _handleInitialConnections, handleInitialConnections).call(this, snapId, null, snap.manifest.initialConnections);
             }
         } finally{
             const runtime = _class_private_method_get(this, _getRuntimeExpect, getRuntimeExpect).call(this, snapId);
@@ -898,34 +918,37 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
         };
         assertIsJsonRpcRequest(request);
         const permissionName = handlerEndowments[handlerType];
-        const hasPermission = this.messagingSystem.call('PermissionController:hasPermission', snapId, permissionName);
-        if (!hasPermission) {
+        assert(typeof permissionName === 'string' || permissionName === null, "'permissionName' must be either a string or null.");
+        const permissions = this.messagingSystem.call('PermissionController:getPermissions', snapId);
+        // If permissionName is null, the handler does not require a permission.
+        if (permissionName !== null && (!permissions || !hasProperty(permissions, permissionName))) {
             throw new Error(`Snap "${snapId}" is not permitted to use "${permissionName}".`);
         }
+        const handlerPermissions = permissionName ? permissions[permissionName] : undefined;
         if (permissionName === SnapEndowments.Rpc || permissionName === SnapEndowments.Keyring) {
-            const subject = this.messagingSystem.call('SubjectMetadataController:getSubjectMetadata', origin);
-            const permissions = this.messagingSystem.call('PermissionController:getPermissions', snapId);
-            const handlerPermissions = permissions?.[permissionName];
             assert(handlerPermissions);
+            const subject = this.messagingSystem.call('SubjectMetadataController:getSubjectMetadata', origin);
             const origins = permissionName === SnapEndowments.Rpc ? getRpcCaveatOrigins(handlerPermissions) : getKeyringCaveatOrigins(handlerPermissions);
             assert(origins);
             if (!isOriginAllowed(origins, subject?.subjectType ?? SubjectType.Website, origin)) {
                 throw new Error(`Snap "${snapId}" is not permitted to handle requests from "${origin}".`);
             }
         }
-        const handler = await _class_private_method_get(this, _getRpcRequestHandler, getRpcRequestHandler).call(this, snapId);
+        const handler = _class_private_method_get(this, _getRpcRequestHandler, getRpcRequestHandler).call(this, snapId);
         if (!handler) {
             throw new Error(`Snap RPC message handler not found for snap "${snapId}".`);
         }
+        const timeout = _class_private_method_get(this, _getExecutionTimeout, getExecutionTimeout).call(this, handlerPermissions);
         return handler({
             origin,
             handler: handlerType,
-            request
+            request,
+            timeout
         });
     }
     constructor({ closeAllConnections, messenger, state, dynamicPermissions = [
         'eth_accounts'
-    ], environmentEndowmentPermissions = [], excludedPermissions = {}, idleTimeCheckInterval = inMilliseconds(5, Duration.Second), maxIdleTime = inMilliseconds(30, Duration.Second), maxRequestTime = inMilliseconds(60, Duration.Second), fetchFunction = globalThis.fetch.bind(globalThis), featureFlags = {}, detectSnapLocation: detectSnapLocationFunction = detectSnapLocation }){
+    ], environmentEndowmentPermissions = [], excludedPermissions = {}, idleTimeCheckInterval = inMilliseconds(5, Duration.Second), maxIdleTime = inMilliseconds(30, Duration.Second), maxRequestTime = inMilliseconds(60, Duration.Second), fetchFunction = globalThis.fetch.bind(globalThis), featureFlags = {}, detectSnapLocation: detectSnapLocationFunction = detectSnapLocation, preinstalledSnaps }){
         super({
             messenger,
             metadata: {
@@ -963,6 +986,7 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
         });
         _class_private_method_init(this, _initializeStateMachine);
         _class_private_method_init(this, _registerMessageHandlers);
+        _class_private_method_init(this, _handlePreinstalledSnaps);
         _class_private_method_init(this, _pollForLastRequestStatus);
         /**
    * Blocks an installed snap and prevents it from being started again. Emits
@@ -980,6 +1004,8 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
    *
    * @param snapId - The snap to terminate.
    */ _class_private_method_init(this, _terminateSnap);
+        _class_private_method_init(this, _handleInitialConnections);
+        _class_private_method_init(this, _addSnapToSubject);
         _class_private_method_init(this, _removeSnapFromSubjects);
         _class_private_method_init(this, _revokeAllSnapPermissions);
         _class_private_method_init(this, _createApproval);
@@ -1007,20 +1033,29 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
    * @returns An array of the names of the endowments.
    */ _class_private_method_init(this, _getEndowments);
         _class_private_method_init(this, _set);
-        /**
-   * Fetches the manifest and source code of a snap.
-   *
-   * @param snapId - The id of the Snap.
-   * @param location - Source from which snap will be fetched.
-   * @returns A tuple of the Snap manifest object and the Snap source code.
-   */ _class_private_method_init(this, _fetchSnap);
         _class_private_method_init(this, _validateSnapPermissions);
+        _class_private_method_init(this, _getExecutionTimeout);
         _class_private_method_init(this, _getRpcRequestHandler);
-        _class_private_method_init(this, _triggerPhishingListUpdate);
-        _class_private_method_init(this, _checkPhishingList);
         /**
-   * Asserts that the returned result of a Snap RPC call is the expected shape.
+   * Create a dynamic interface in the SnapInterfaceController.
+   *
+   * @param snapId - The snap ID.
+   * @param content - The initial interface content.
+   * @returns An identifier that can be used to identify the interface.
+   */ _class_private_method_init(this, _createInterface);
+        _class_private_method_init(this, _assertInterfaceExists);
+        /**
+   * Transform a RPC request result if necessary.
+   *
+   * @param snapId - The snap ID of the snap that produced the result.
+   * @param handlerType - The handler type that produced the result.
+   * @param result - The result.
+   * @returns The transformed result if applicable, otherwise the original result.
+   */ _class_private_method_init(this, _transformSnapRpcRequestResult);
+        /**
+   * Assert that the returned result of a Snap RPC call is the expected shape.
    *
+   * @param snapId - The snap ID.
    * @param handlerType - The handler type of the RPC Request.
    * @param result - The result of the RPC request.
    */ _class_private_method_init(this, _assertSnapRpcRequestResult);
@@ -1058,6 +1093,7 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
         _class_private_method_init(this, _getRuntimeExpect);
         _class_private_method_init(this, _setupRuntime);
         _class_private_method_init(this, _calculatePermissionsChange);
+        _class_private_method_init(this, _updatePermissions);
         _class_private_method_init(this, _isValidUpdate);
         /**
    * Call a lifecycle hook on a snap, if the snap has the
@@ -1154,7 +1190,10 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
         });
         _class_private_method_get(this, _initializeStateMachine, initializeStateMachine).call(this);
         _class_private_method_get(this, _registerMessageHandlers, registerMessageHandlers).call(this);
-        Object.values(state?.snaps ?? {}).forEach((snap)=>_class_private_method_get(this, _setupRuntime, setupRuntime).call(this, snap.id));
+        if (preinstalledSnaps) {
+            _class_private_method_get(this, _handlePreinstalledSnaps, handlePreinstalledSnaps).call(this, preinstalledSnaps);
+        }
+        Object.values(this.state?.snaps ?? {}).forEach((snap)=>_class_private_method_get(this, _setupRuntime, setupRuntime).call(this, snap.id));
     }
 }
 function initializeStateMachine() {
@@ -1231,6 +1270,63 @@ function registerMessageHandlers() {
     this.messagingSystem.registerActionHandler(`${controllerName}:revokeDynamicPermissions`, (...args)=>this.revokeDynamicSnapPermissions(...args));
     this.messagingSystem.registerActionHandler(`${controllerName}:getFile`, async (...args)=>this.getSnapFile(...args));
 }
+function handlePreinstalledSnaps(preinstalledSnaps) {
+    for (const { snapId, manifest, files, removable } of preinstalledSnaps){
+        const existingSnap = this.get(snapId);
+        const isAlreadyInstalled = existingSnap !== undefined;
+        const isUpdate = isAlreadyInstalled && gtVersion(manifest.version, existingSnap.version);
+        // Disallow downgrades and overwriting non preinstalled snaps
+        if (isAlreadyInstalled && (!isUpdate || existingSnap.preinstalled !== true)) {
+            continue;
+        }
+        const manifestFile = new VirtualFile({
+            path: NpmSnapFileNames.Manifest,
+            value: JSON.stringify(manifest),
+            result: manifest
+        });
+        const virtualFiles = files.map(({ path, value })=>new VirtualFile({
+                value,
+                path
+            }));
+        const { filePath, iconPath } = manifest.source.location.npm;
+        const sourceCode = virtualFiles.find((file)=>file.path === filePath);
+        const svgIcon = iconPath ? virtualFiles.find((file)=>file.path === iconPath) : undefined;
+        assert(sourceCode, 'Source code not provided for preinstalled snap.');
+        assert(!iconPath || iconPath && svgIcon, 'Icon not provided for preinstalled snap.');
+        assert(manifest.source.files === undefined, 'Auxiliary files are not currently supported for preinstalled snaps.');
+        const localizationFiles = manifest.source.locales?.map((path)=>virtualFiles.find((file)=>file.path === path)) ?? [];
+        const validatedLocalizationFiles = getValidatedLocalizationFiles(localizationFiles.filter(Boolean));
+        assert(localizationFiles.length === validatedLocalizationFiles.length, 'Missing localization files for preinstalled snap.');
+        const filesObject = {
+            manifest: manifestFile,
+            sourceCode,
+            svgIcon,
+            auxiliaryFiles: [],
+            localizationFiles: validatedLocalizationFiles
+        };
+        // Add snap to the SnapController state
+        _class_private_method_get(this, _set, set).call(this, {
+            id: snapId,
+            origin: 'metamask',
+            files: filesObject,
+            removable,
+            preinstalled: true
+        });
+        // Setup permissions
+        const processedPermissions = processSnapPermissions(manifest.initialPermissions);
+        _class_private_method_get(this, _validateSnapPermissions, validateSnapPermissions).call(this, processedPermissions);
+        const { newPermissions, unusedPermissions } = _class_private_method_get(this, _calculatePermissionsChange, calculatePermissionsChange).call(this, snapId, processedPermissions);
+        _class_private_method_get(this, _updatePermissions, updatePermissions).call(this, {
+            snapId,
+            newPermissions,
+            unusedPermissions
+        });
+        // Set status
+        this.update((state)=>{
+            state.snaps[snapId].status = SnapStatus.Stopped;
+        });
+    }
+}
 function pollForLastRequestStatus() {
     _class_private_field_set(this, _timeoutForLastRequestStatus, setTimeout(()=>{
         _class_private_method_get(this, _stopSnapsLastRequestPastMax, stopSnapsLastRequestPastMax).call(this).catch((error)=>{
@@ -1272,7 +1368,9 @@ async function assertIsInstallAllowed(snapId, snapInfo) {
     const result = results[snapId];
     if (result.status === SnapsRegistryStatus.Blocked) {
         throw new Error(`Cannot install version "${snapInfo.version}" of snap "${snapId}": The version is blocked. ${result.reason?.explanation ?? ''}`);
-    } else if (_class_private_field_get(this, _featureFlags).requireAllowlist && result.status !== SnapsRegistryStatus.Verified) {
+    }
+    const isAllowlistingRequired = Object.keys(snapInfo.permissions).some((permission)=>!ALLOWED_PERMISSIONS.includes(permission));
+    if (_class_private_field_get(this, _featureFlags).requireAllowlist && isAllowlistingRequired && result.status !== SnapsRegistryStatus.Verified) {
         throw new Error(`Cannot install version "${snapInfo.version}" of snap "${snapId}": The snap is not on the allowlist.`);
     }
 }
@@ -1293,6 +1391,52 @@ async function terminateSnap(snapId) {
     await this.messagingSystem.call('ExecutionService:terminateSnap', snapId);
     this.messagingSystem.publish('SnapController:snapTerminated', this.getTruncatedExpect(snapId));
 }
+function handleInitialConnections(snapId, previousInitialConnections, initialConnections) {
+    if (previousInitialConnections) {
+        const revokedInitialConnections = setDiff(previousInitialConnections, initialConnections);
+        for (const origin of Object.keys(revokedInitialConnections)){
+            this.removeSnapFromSubject(origin, snapId);
+        }
+    }
+    for (const origin of Object.keys(initialConnections)){
+        _class_private_method_get(this, _addSnapToSubject, addSnapToSubject).call(this, origin, snapId);
+    }
+}
+function addSnapToSubject(origin, snapId) {
+    const subjectPermissions = this.messagingSystem.call('PermissionController:getPermissions', origin);
+    const existingCaveat = subjectPermissions?.[WALLET_SNAP_PERMISSION_KEY]?.caveats?.find((caveat)=>caveat.type === SnapCaveatType.SnapIds);
+    const subjectHasSnap = Boolean((existingCaveat?.value)?.[snapId]);
+    // If the subject is already connected to the snap, this is a no-op.
+    if (subjectHasSnap) {
+        return;
+    }
+    // If an existing caveat exists, we add the snap to that.
+    if (existingCaveat) {
+        this.messagingSystem.call('PermissionController:updateCaveat', origin, WALLET_SNAP_PERMISSION_KEY, SnapCaveatType.SnapIds, {
+            ...existingCaveat,
+            [snapId]: {}
+        });
+        return;
+    }
+    const approvedPermissions = {
+        [WALLET_SNAP_PERMISSION_KEY]: {
+            caveats: [
+                {
+                    type: SnapCaveatType.SnapIds,
+                    value: {
+                        [snapId]: {}
+                    }
+                }
+            ]
+        }
+    };
+    this.messagingSystem.call('PermissionController:grantPermissions', {
+        approvedPermissions,
+        subject: {
+            origin
+        }
+    });
+}
 function removeSnapFromSubjects(snapId) {
     const subjects = this.messagingSystem.call('PermissionController:getSubjectNames');
     for (const subject of subjects){
@@ -1350,18 +1494,19 @@ async function add(args) {
         // If fetching and setting the snap succeeds, this property will be set
         // to null in the authorize() method.
         runtime.installPromise = (async ()=>{
-            const fetchedSnap = await _class_private_method_get(this, _fetchSnap, fetchSnap).call(this, snapId, location);
-            const manifest = fetchedSnap.files.manifest.result;
+            const fetchedSnap = await fetchSnap(snapId, location);
+            const manifest = fetchedSnap.manifest.result;
             if (!satisfiesVersionRange(manifest.version, versionRange)) {
                 throw new Error(`Version mismatch. Manifest for "${snapId}" specifies version "${manifest.version}" which doesn't satisfy requested version range "${versionRange}".`);
             }
             await _class_private_method_get(this, _assertIsInstallAllowed, assertIsInstallAllowed).call(this, snapId, {
                 version: manifest.version,
-                checksum: manifest.source.shasum
+                checksum: manifest.source.shasum,
+                permissions: manifest.initialPermissions
             });
             return _class_private_method_get(this, _set, set).call(this, {
                 ...args,
-                ...fetchedSnap,
+                files: fetchedSnap,
                 id: snapId
             });
         })();
@@ -1424,10 +1569,10 @@ async function getEndowments(snapId) {
     return dedupedEndowments;
 }
 function set(args) {
-    const { id: snapId, origin, files, isUpdate = false } = args;
+    const { id: snapId, origin, files, isUpdate = false, removable, preinstalled } = args;
     const { manifest, sourceCode: sourceCodeFile, svgIcon, auxiliaryFiles: rawAuxiliaryFiles, localizationFiles } = files;
     assertIsSnapManifest(manifest.result);
-    const { version, proposedName } = manifest.result;
+    const { version } = manifest.result;
     const sourceCode = sourceCodeFile.toString();
     assert(typeof sourceCode === 'string' && sourceCode.length > 0, `Invalid source code for snap "${snapId}".`);
     const auxiliaryFiles = rawAuxiliaryFiles.map((file)=>{
@@ -1448,6 +1593,7 @@ function set(args) {
             origin
         }
     ];
+    const localizedFiles = localizationFiles.map((file)=>file.result);
     const snap = {
         // Restore relevant snap state if it exists
         ...existingSnap,
@@ -1455,6 +1601,8 @@ function set(args) {
         // previous state.
         blocked: false,
         enabled: true,
+        removable,
+        preinstalled,
         id: snapId,
         initialPermissions: manifest.result.initialPermissions,
         manifest: manifest.result,
@@ -1463,7 +1611,7 @@ function set(args) {
         version,
         versionHistory,
         auxiliaryFiles,
-        localizationFiles: localizationFiles.map((file)=>file.result)
+        localizationFiles: localizedFiles
     };
     // If the snap was blocked, it isn't any longer
     delete snap.blockInformation;
@@ -1479,6 +1627,9 @@ function set(args) {
             rollbackSnapshot.statePatches = inversePatches;
         }
     }
+    // In case the Snap uses a localized manifest, we need to get the
+    // proposed name from the localized manifest.
+    const { proposedName } = getLocalizedSnapManifest(manifest.result, 'en', localizedFiles);
     this.messagingSystem.call('SubjectMetadataController:addSubjectMetadata', {
         subjectType: SubjectType.Snap,
         name: proposedName,
@@ -1491,40 +1642,10 @@ function set(args) {
         sourceCode
     };
 }
-async function fetchSnap(snapId, location) {
-    try {
-        const manifest = await location.manifest();
-        const sourceCode = await location.fetch(manifest.result.source.location.npm.filePath);
-        const { iconPath } = manifest.result.source.location.npm;
-        const svgIcon = iconPath ? await location.fetch(iconPath) : undefined;
-        const auxiliaryFiles = await getSnapFiles(location, manifest.result.source.files);
-        await Promise.all(auxiliaryFiles.map(async (file)=>{
-            // This should still be safe
-            // eslint-disable-next-line require-atomic-updates
-            file.data.base64 = await encodeBase64(file);
-        }));
-        const localizationFiles = await getSnapFiles(location, manifest.result.source.locales);
-        const validatedLocalizationFiles = getValidatedLocalizationFiles(localizationFiles);
-        const files = {
-            manifest,
-            sourceCode,
-            svgIcon,
-            auxiliaryFiles,
-            localizationFiles: validatedLocalizationFiles
-        };
-        await validateFetchedSnap(files);
-        return {
-            files,
-            location
-        };
-    } catch (error) {
-        throw new Error(`Failed to fetch snap "${snapId}": ${getErrorMessage(error)}.`);
-    }
-}
 function validateSnapPermissions(processedPermissions) {
     const permissionKeys = Object.keys(processedPermissions);
     const handlerPermissions = Array.from(new Set(Object.values(handlerEndowments)));
-    assert(permissionKeys.some((key)=>handlerPermissions.includes(key)), `A snap must request at least one of the following permissions: ${handlerPermissions.join(', ')}.`);
+    assert(permissionKeys.some((key)=>handlerPermissions.includes(key)), `A snap must request at least one of the following permissions: ${handlerPermissions.filter((handler)=>handler !== null).join(', ')}.`);
     const excludedPermissionErrors = permissionKeys.reduce((errors, permission)=>{
         if (hasProperty(_class_private_field_get(this, _excludedPermissions), permission)) {
             errors.push(_class_private_field_get(this, _excludedPermissions)[permission]);
@@ -1533,6 +1654,9 @@ function validateSnapPermissions(processedPermissions) {
     }, []);
     assert(excludedPermissionErrors.length === 0, `One or more permissions are not allowed:\n${excludedPermissionErrors.join('\n')}`);
 }
+function getExecutionTimeout(permission) {
+    return getMaxRequestTimeCaveat(permission) ?? this.maxRequestTime;
+}
 function getRpcRequestHandler(snapId) {
     const runtime = _class_private_method_get(this, _getRuntimeExpect, getRuntimeExpect).call(this, snapId);
     const existingHandler = runtime.rpcHandler;
@@ -1543,7 +1667,7 @@ function getRpcRequestHandler(snapId) {
     // We need to set up this promise map to map snapIds to their respective startPromises,
     // because otherwise we would lose context on the correct startPromise.
     const startPromises = new Map();
-    const rpcHandler = async ({ origin, handler: handlerType, request })=>{
+    const rpcHandler = async ({ origin, handler: handlerType, request, timeout })=>{
         if (this.state.snaps[snapId].enabled === false) {
             throw new Error(`Snap "${snapId}" is disabled.`);
         }
@@ -1569,7 +1693,7 @@ function getRpcRequestHandler(snapId) {
                 }
             }
         }
-        const timer = new Timer(this.maxRequestTime);
+        const timer = new Timer(timeout);
         _class_private_method_get(this, _recordSnapRpcRequestStart, recordSnapRpcRequestStart).call(this, snapId, request.id, timer);
         const handleRpcRequestPromise = this.messagingSystem.call('ExecutionService:handleRpcRequest', snapId, {
             origin,
@@ -1579,8 +1703,8 @@ function getRpcRequestHandler(snapId) {
         // This will either get the result or reject due to the timeout.
         try {
             const result = await _class_private_method_get(this, _executeWithTimeout, executeWithTimeout).call(this, handleRpcRequestPromise, timer);
-            await _class_private_method_get(this, _assertSnapRpcRequestResult, assertSnapRpcRequestResult).call(this, handlerType, result);
-            return result;
+            await _class_private_method_get(this, _assertSnapRpcRequestResult, assertSnapRpcRequestResult).call(this, snapId, handlerType, result);
+            return _class_private_method_get(this, _transformSnapRpcRequestResult, transformSnapRpcRequestResult).call(this, snapId, handlerType, result);
         } catch (error) {
             const [jsonRpcError, handled] = unwrapError(error);
             if (!handled) {
@@ -1594,29 +1718,64 @@ function getRpcRequestHandler(snapId) {
     runtime.rpcHandler = rpcHandler;
     return rpcHandler;
 }
-async function triggerPhishingListUpdate() {
-    return this.messagingSystem.call('PhishingController:maybeUpdateState');
+async function createInterface(snapId, content) {
+    return this.messagingSystem.call('SnapInterfaceController:createInterface', snapId, content);
+}
+function assertInterfaceExists(snapId, id) {
+    // This will throw if the interface isn't accessible, but we assert nevertheless.
+    assert(this.messagingSystem.call('SnapInterfaceController:getInterface', snapId, id));
 }
-function checkPhishingList(origin) {
-    return this.messagingSystem.call('PhishingController:testOrigin', origin).result;
+async function transformSnapRpcRequestResult(snapId, handlerType, result) {
+    switch(handlerType){
+        case HandlerType.OnTransaction:
+        case HandlerType.OnSignature:
+        case HandlerType.OnHomePage:
+            {
+                // Since this type has been asserted earlier we can cast
+                const castResult = result;
+                // If a handler returns static content, we turn it into a dynamic UI
+                if (castResult && hasProperty(castResult, 'content')) {
+                    const { content, ...rest } = castResult;
+                    const id = await _class_private_method_get(this, _createInterface, createInterface).call(this, snapId, content);
+                    return {
+                        ...rest,
+                        id
+                    };
+                }
+                return result;
+            }
+        default:
+            return result;
+    }
 }
-async function assertSnapRpcRequestResult(handlerType, result) {
+async function assertSnapRpcRequestResult(snapId, handlerType, result) {
     switch(handlerType){
         case HandlerType.OnTransaction:
             {
                 assertStruct(result, OnTransactionResponseStruct);
-                // Null is an allowed return value here
-                if (result === null) {
-                    return;
+                if (result && hasProperty(result, 'id')) {
+                    _class_private_method_get(this, _assertInterfaceExists, assertInterfaceExists).call(this, snapId, result.id);
+                }
+                break;
+            }
+        case HandlerType.OnSignature:
+            {
+                assertStruct(result, OnSignatureResponseStruct);
+                if (result && hasProperty(result, 'id')) {
+                    _class_private_method_get(this, _assertInterfaceExists, assertInterfaceExists).call(this, snapId, result.id);
                 }
-                await _class_private_method_get(this, _triggerPhishingListUpdate, triggerPhishingListUpdate).call(this);
-                validateComponentLinks(result.content, _class_private_method_get(this, _checkPhishingList, checkPhishingList).bind(this));
                 break;
             }
         case HandlerType.OnHomePage:
-            assertStruct(result, OnHomePageResponseStruct);
-            await _class_private_method_get(this, _triggerPhishingListUpdate, triggerPhishingListUpdate).call(this);
-            validateComponentLinks(result.content, _class_private_method_get(this, _checkPhishingList, checkPhishingList).bind(this));
+            {
+                assertStruct(result, OnHomePageResponseStruct);
+                if (result && hasProperty(result, 'id')) {
+                    _class_private_method_get(this, _assertInterfaceExists, assertInterfaceExists).call(this, snapId, result.id);
+                }
+                break;
+            }
+        case HandlerType.OnNameLookup:
+            assertStruct(result, OnNameLookupResponseStruct);
             break;
         default:
             break;
@@ -1651,11 +1810,7 @@ function createRollbackSnapshot(snapId) {
     assert(_class_private_field_get(this, _rollbackSnapshots).get(snapId) === undefined, new Error(`Snap "${snapId}" rollback snapshot already exists.`));
     _class_private_field_get(this, _rollbackSnapshots).set(snapId, {
         statePatches: [],
-        permissions: {
-            revoked: null,
-            granted: [],
-            requestData: null
-        },
+        permissions: {},
         newVersion: ''
     });
     const newRollbackSnapshot = _class_private_field_get(this, _rollbackSnapshots).get(snapId);
@@ -1683,20 +1838,12 @@ async function rollbackSnap(snapId) {
             state.snaps[snapId].status = SnapStatus.Stopped;
         });
     }
-    if (permissions.revoked && Object.keys(permissions.revoked).length) {
-        this.messagingSystem.call('PermissionController:grantPermissions', {
-            approvedPermissions: permissions.revoked,
-            subject: {
-                origin: snapId
-            },
-            requestData: permissions.requestData
-        });
-    }
-    if (permissions.granted?.length) {
-        this.messagingSystem.call('PermissionController:revokePermissions', {
-            [snapId]: permissions.granted
-        });
-    }
+    _class_private_method_get(this, _updatePermissions, updatePermissions).call(this, {
+        snapId,
+        unusedPermissions: permissions.granted,
+        newPermissions: permissions.revoked,
+        requestData: permissions.requestData
+    });
     const truncatedSnap = this.getTruncatedExpect(snapId);
     this.messagingSystem.publish('SnapController:snapRolledback', truncatedSnap, rollbackSnapshot.newVersion);
     _class_private_field_get(this, _rollbackSnapshots).delete(snapId);
@@ -1752,6 +1899,23 @@ function calculatePermissionsChange(snapId, desiredPermissionsSet) {
         approvedPermissions
     };
 }
+function updatePermissions({ snapId, unusedPermissions = {}, newPermissions = {}, requestData }) {
+    const unusedPermissionsKeys = Object.keys(unusedPermissions);
+    if (isNonEmptyArray(unusedPermissionsKeys)) {
+        this.messagingSystem.call('PermissionController:revokePermissions', {
+            [snapId]: unusedPermissionsKeys
+        });
+    }
+    if (isNonEmptyArray(Object.keys(newPermissions))) {
+        this.messagingSystem.call('PermissionController:grantPermissions', {
+            approvedPermissions: newPermissions,
+            subject: {
+                origin: snapId
+            },
+            requestData
+        });
+    }
+}
 function isValidUpdate(snapId, newVersionRange) {
     const existingSnap = this.getExpect(snapId);
     if (satisfiesVersionRange(existingSnap.version, newVersionRange)) {
@@ -1764,6 +1928,7 @@ function isValidUpdate(snapId, newVersionRange) {
 }
 async function callLifecycleHook(snapId, handler) {
     const permissionName = handlerEndowments[handler];
+    assert(permissionName, 'Lifecycle hook must have an endowment.');
     const hasPermission = this.messagingSystem.call('PermissionController:hasPermission', snapId, permissionName);
     if (!hasPermission) {
         return;