@metamask/snaps-rpc-methods 15.1.0 → 16.0.0

package/CHANGELOG.md

@@ -7,6 +7,34 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [16.0.0]
+
+### Changed
+
+- **BREAKING:** Use messenger for permitted method implementations ([#3987](https://github.com/MetaMask/snaps/pull/3987))
+  - `createSnapsMethodMiddleware` now requires a `messenger` parameter.
+  - `createSnapsMethodMiddleware` will throw if the expected hooks are not passed.
+  - Most previously used method hooks are no longer required.
+- **BREAKING:** Use messenger for restricted method implementations ([#3968](https://github.com/MetaMask/snaps/pull/3968))
+  - `buildSnapRestrictedMethodSpecifications` now requires a `messenger` parameter.
+  - Most previously used method hooks are no longer required.
+- **BREAKING:** Assert expected hooks for restricted method specifications ([#3993](https://github.com/MetaMask/snaps/pull/3993))
+  - `buildSnapRestrictedMethodSpecifications` will now throw if the expected hooks are not passed.
+- Bump `@metamask/permission-controller` `12.3.0` to `^13.1.0` ([#3984](https://github.com/MetaMask/snaps/pull/3984), [#3989](https://github.com/MetaMask/snaps/pull/3989))
+- Bump `@metamask/json-rpc-engine` from `^10.2.4` to `^10.5.0` ([#3982](https://github.com/MetaMask/snaps/pull/3982),[#3992](https://github.com/MetaMask/snaps/pull/3992), [#3998](https://github.com/MetaMask/snaps/pull/3998))
+- Bump `@metamask/messenger` from `^1.1.1` to `^1.2.0` ([#3981](https://github.com/MetaMask/snaps/pull/3981))
+
+### Removed
+
+- **BREAKING:** `selectHooks` and `permittedMethods` are no longer exported ([#3987](https://github.com/MetaMask/snaps/pull/3987))
+  - A `selectHooks` implementation is exported from `@metamask/json-rpc-engine` if needed.
+
+## [15.1.1]
+
+### Fixed
+
+- Make `KeyringOrigin` caveat explicitly optional ([#3955](https://github.com/MetaMask/snaps/pull/3955))
+
 ## [15.1.0]
 
 ### Added
@@ -364,15 +392,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- Bump `@metamask/json-rpc-engine` from `^9.0.0` to `^9.0.2` ([#2593](https://github.com/metamask/snaps/pull/2593))
-- Bump `@metamask/permission-controller` from `^10.0.1` to `^11.0.0` ([#2593](https://github.com/metamask/snaps/pull/2593))
+- Bump `@metamask/json-rpc-engine` from `^9.0.0` to `^9.0.2` ([#2593](https://github.com/MetaMask/snaps/pull/2593))
+- Bump `@metamask/permission-controller` from `^10.0.1` to `^11.0.0` ([#2593](https://github.com/MetaMask/snaps/pull/2593))
 - Bump `@metamask/snaps-utils` from `^7.8.0` to `^7.8.1` ([#2595](https://github.com/MetaMask/snaps/pull/2595))
 
 ## [10.0.0]
 
 ### Added
 
-- **BREAKING:** `snap_dialog` now takes the `requestUserApproval` hook ([#2509](https://github.com/metamask/snaps/pull/2509))
+- **BREAKING:** `snap_dialog` now takes the `requestUserApproval` hook ([#2509](https://github.com/MetaMask/snaps/pull/2509))
   - It should bind to the `addAndShowRequest` method of the `ApprovalController`.
   - Add type `DialogApprovalTypes` and object `DIALOG_APPROVAL_TYPES`.
 
@@ -609,7 +637,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - The version of the package no longer needs to match the version of all other
     MetaMask Snaps packages.
 
-[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-rpc-methods@15.1.0...HEAD
+[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-rpc-methods@16.0.0...HEAD
+[16.0.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-rpc-methods@15.1.1...@metamask/snaps-rpc-methods@16.0.0
+[15.1.1]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-rpc-methods@15.1.0...@metamask/snaps-rpc-methods@15.1.1
 [15.1.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-rpc-methods@15.0.2...@metamask/snaps-rpc-methods@15.1.0
 [15.0.2]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-rpc-methods@15.0.1...@metamask/snaps-rpc-methods@15.0.2
 [15.0.1]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-rpc-methods@15.0.0...@metamask/snaps-rpc-methods@15.0.1

package/dist/endowments/keyring.cjs

@@ -26,7 +26,7 @@ const specificationBuilder = (_builderOptions) => {
         ],
         endowmentGetter: (_getterOptions) => null,
         validator: (0, caveats_1.createGenericPermissionValidator)([
-            { type: snaps_utils_1.SnapCaveatType.KeyringOrigin },
+            { type: snaps_utils_1.SnapCaveatType.KeyringOrigin, optional: true },
             { type: snaps_utils_1.SnapCaveatType.KeyringCapabilities, optional: true },
             { type: snaps_utils_1.SnapCaveatType.MaxRequestTime, optional: true },
         ]),
@@ -102,13 +102,10 @@ exports.getKeyringCaveatMapper = getKeyringCaveatMapper;
  *
  * @param permission - The permission to get the caveat value from.
  * @returns The caveat value.
- * @throws If the permission does not have a valid {@link KeyringOrigins}
- * caveat.
  */
 function getKeyringCaveatOrigins(permission) {
     const caveat = permission?.caveats?.find((permCaveat) => permCaveat.type === snaps_utils_1.SnapCaveatType.KeyringOrigin);
-    (0, utils_1.assert)(caveat);
-    return caveat.value;
+    return caveat?.value ?? { allowedOrigins: [] };
 }
 exports.getKeyringCaveatOrigins = getKeyringCaveatOrigins;
 /**

package/dist/endowments/keyring.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"keyring.cjs","sourceRoot":"","sources":["../../src/endowments/keyring.ts"],"names":[],"mappings":";;;AAUA,2EAA8E;AAC9E,qDAAiD;AAKjD,uDAI+B;AAE/B,2CAA+E;AAE/E,iDAA6D;AAC7D,qCAAwC;AAExC,MAAM,cAAc,GAAG,qBAAc,CAAC,OAAO,CAAC;AAW9C;;;;;;GAMG;AACH,MAAM,oBAAoB,GAItB,CAAC,eAAyB,EAAE,EAAE;IAChC,OAAO;QACL,cAAc,EAAE,sCAAc,CAAC,SAAS;QACxC,UAAU,EAAE,cAAc;QAC1B,cAAc,EAAE;YACd,4BAAc,CAAC,aAAa;YAC5B,4BAAc,CAAC,mBAAmB;YAClC,4BAAc,CAAC,cAAc;SAC9B;QACD,eAAe,EAAE,CAAC,cAAsC,EAAE,EAAE,CAAC,IAAI;QACjE,SAAS,EAAE,IAAA,0CAAgC,EAAC;YAC1C,EAAE,IAAI,EAAE,4BAAc,CAAC,aAAa,EAAE;YACtC,EAAE,IAAI,EAAE,4BAAc,CAAC,mBAAmB,EAAE,QAAQ,EAAE,IAAI,EAAE;YAC5D,EAAE,IAAI,EAAE,4BAAc,CAAC,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE;SACxD,CAAC;QACF,YAAY,EAAE,CAAC,mCAAW,CAAC,IAAI,CAAC;KACjC,CAAC;AACJ,CAAC,CAAC;AAEW,QAAA,uBAAuB,GAAG,MAAM,CAAC,MAAM,CAAC;IACnD,UAAU,EAAE,cAAc;IAC1B,oBAAoB;CACZ,CAAC,CAAC;AAEZ;;;;;;GAMG;AACH,SAAS,qBAAqB,CAAC,MAA2B;IACxD,IAAI,CAAC,IAAA,mBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,IAAA,qBAAa,EAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,MAAM,sBAAS,CAAC,aAAa,CAAC;YAC5B,OAAO,EAAE,mDAAmD;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;IACzB,IAAA,oCAAsB,EAAC,KAAK,EAAE,sBAAS,CAAC,aAAa,CAAC,CAAC;AACzD,CAAC;AAED;;;;;;GAMG;AACH,SAAS,0BAA0B,CAAC,MAA2B;IAC7D,IAAI,CAAC,IAAA,mBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,IAAA,qBAAa,EAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,MAAM,sBAAS,CAAC,aAAa,CAAC;YAC5B,OAAO,EAAE,wDAAwD;SAClE,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;IACzB,IAAA,yCAA2B,EAAC,KAAK,EAAE,sBAAS,CAAC,aAAa,CAAC,CAAC;AAC9D,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,sBAAsB,CACpC,KAAW;IAEX,IAAI,CAAC,KAAK,IAAI,CAAC,IAAA,gBAAQ,EAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,OAAO,GAAuB;QAClC;YACE,IAAI,EAAE,4BAAc,CAAC,aAAa;YAClC,KAAK,EAAE,EAAE,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE;SAChD;KACF,CAAC;IAEF,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,4BAAc,CAAC,mBAAmB;YACxC,KAAK,EAAE,EAAE,YAAY,EAAE,KAAK,CAAC,YAAY,EAAE;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAA0C,EAAE,CAAC;AACjE,CAAC;AAtBD,wDAsBC;AAED;;;;;;;;GAQG;AACH,SAAgB,uBAAuB,CACrC,UAAiC;IAEjC,MAAM,MAAM,GAAG,UAAU,EAAE,OAAO,EAAE,IAAI,CACtC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,KAAK,4BAAc,CAAC,aAAa,CACnB,CAAC;IAEhD,IAAA,cAAM,EAAC,MAAM,CAAC,CAAC;IACf,OAAO,MAAM,CAAC,KAAK,CAAC;AACtB,CAAC;AATD,0DASC;AAED;;;;;;;GAOG;AACH,SAAgB,4BAA4B,CAC1C,UAAiC;IAEjC,MAAM,MAAM,GAAG,UAAU,EAAE,OAAO,EAAE,IAAI,CACtC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,KAAK,4BAAc,CAAC,mBAAmB,CACpB,CAAC;IAErD,OAAO,MAAM,EAAE,KAAK,IAAI,IAAI,CAAC;AAC/B,CAAC;AARD,oEAQC;AAEY,QAAA,2BAA2B,GAGpC;IACF,CAAC,4BAAc,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;QAC5C,IAAI,EAAE,4BAAc,CAAC,aAAa;QAClC,SAAS,EAAE,CAAC,MAA2B,EAAE,EAAE,CAAC,qBAAqB,CAAC,MAAM,CAAC;KAC1E,CAAC;IACF,CAAC,4BAAc,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;QAClD,IAAI,EAAE,4BAAc,CAAC,mBAAmB;QACxC,SAAS,EAAE,CAAC,MAA2B,EAAE,EAAE,CACzC,0BAA0B,CAAC,MAAM,CAAC;KACrC,CAAC;CACH,CAAC","sourcesContent":["import type {\n  Caveat,\n  CaveatConstraint,\n  CaveatSpecificationConstraint,\n  EndowmentGetterParams,\n  PermissionConstraint,\n  PermissionSpecificationBuilder,\n  PermissionValidatorConstraint,\n  ValidPermissionSpecification,\n} from '@metamask/permission-controller';\nimport { PermissionType, SubjectType } from '@metamask/permission-controller';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport type {\n  KeyringCapabilities,\n  KeyringOrigins,\n} from '@metamask/snaps-utils';\nimport {\n  assertIsKeyringCapabilities,\n  assertIsKeyringOrigins,\n  SnapCaveatType,\n} from '@metamask/snaps-utils';\nimport type { Json, NonEmptyArray } from '@metamask/utils';\nimport { assert, hasProperty, isObject, isPlainObject } from '@metamask/utils';\n\nimport { createGenericPermissionValidator } from './caveats';\nimport { SnapEndowments } from './enum';\n\nconst permissionName = SnapEndowments.Keyring;\n\ntype KeyringEndowmentSpecification = ValidPermissionSpecification<{\n  permissionType: PermissionType.Endowment;\n  targetName: typeof permissionName;\n  endowmentGetter: (_options?: EndowmentGetterParams) => null;\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n  validator: PermissionValidatorConstraint;\n  subjectTypes: readonly SubjectType[];\n}>;\n\n/**\n * `endowment:keyring` returns nothing; it is intended to be used as a flag\n * by the client to detect whether the snap has keyring capabilities.\n *\n * @param _builderOptions - Optional specification builder options.\n * @returns The specification for the keyring endowment.\n */\nconst specificationBuilder: PermissionSpecificationBuilder<\n  PermissionType.Endowment,\n  any,\n  KeyringEndowmentSpecification\n> = (_builderOptions?: unknown) => {\n  return {\n    permissionType: PermissionType.Endowment,\n    targetName: permissionName,\n    allowedCaveats: [\n      SnapCaveatType.KeyringOrigin,\n      SnapCaveatType.KeyringCapabilities,\n      SnapCaveatType.MaxRequestTime,\n    ],\n    endowmentGetter: (_getterOptions?: EndowmentGetterParams) => null,\n    validator: createGenericPermissionValidator([\n      { type: SnapCaveatType.KeyringOrigin },\n      { type: SnapCaveatType.KeyringCapabilities, optional: true },\n      { type: SnapCaveatType.MaxRequestTime, optional: true },\n    ]),\n    subjectTypes: [SubjectType.Snap],\n  };\n};\n\nexport const keyringEndowmentBuilder = Object.freeze({\n  targetName: permissionName,\n  specificationBuilder,\n} as const);\n\n/**\n * Validate the value of a keyring origins caveat. This does not validate the\n * type of the caveat itself, only the value of the caveat.\n *\n * @param caveat - The caveat to validate.\n * @throws If the caveat value is invalid.\n */\nfunction validateCaveatOrigins(caveat: Caveat<string, any>) {\n  if (!hasProperty(caveat, 'value') || !isPlainObject(caveat.value)) {\n    throw rpcErrors.invalidParams({\n      message: 'Invalid keyring origins: Expected a plain object.',\n    });\n  }\n\n  const { value } = caveat;\n  assertIsKeyringOrigins(value, rpcErrors.invalidParams);\n}\n\n/**\n * Validate the value of a keyring capabilities caveat. This does not validate\n * the type of the caveat itself, only the value of the caveat.\n *\n * @param caveat - The caveat to validate.\n * @throws If the caveat value is invalid.\n */\nfunction validateCaveatCapabilities(caveat: Caveat<string, any>) {\n  if (!hasProperty(caveat, 'value') || !isPlainObject(caveat.value)) {\n    throw rpcErrors.invalidParams({\n      message: 'Invalid keyring capabilities: Expected a plain object.',\n    });\n  }\n\n  const { value } = caveat;\n  assertIsKeyringCapabilities(value, rpcErrors.invalidParams);\n}\n\n/**\n * Map a raw value from the `initialPermissions` to a caveat specification.\n * Note that this function does not do any validation, that's handled by the\n * PermissionsController when the permission is requested.\n *\n * @param value - The raw value from the `initialPermissions`.\n * @returns The caveat specification.\n */\nexport function getKeyringCaveatMapper(\n  value: Json,\n): Pick<PermissionConstraint, 'caveats'> {\n  if (!value || !isObject(value) || Object.keys(value).length === 0) {\n    return { caveats: null };\n  }\n\n  const caveats: CaveatConstraint[] = [\n    {\n      type: SnapCaveatType.KeyringOrigin,\n      value: { allowedOrigins: value.allowedOrigins },\n    },\n  ];\n\n  if (value.capabilities) {\n    caveats.push({\n      type: SnapCaveatType.KeyringCapabilities,\n      value: { capabilities: value.capabilities },\n    });\n  }\n\n  return { caveats: caveats as NonEmptyArray<CaveatConstraint> };\n}\n\n/**\n * Getter function to get the {@link KeyringOrigins} caveat value from a\n * permission.\n *\n * @param permission - The permission to get the caveat value from.\n * @returns The caveat value.\n * @throws If the permission does not have a valid {@link KeyringOrigins}\n * caveat.\n */\nexport function getKeyringCaveatOrigins(\n  permission?: PermissionConstraint,\n): KeyringOrigins {\n  const caveat = permission?.caveats?.find(\n    (permCaveat) => permCaveat.type === SnapCaveatType.KeyringOrigin,\n  ) as Caveat<string, KeyringOrigins> | undefined;\n\n  assert(caveat);\n  return caveat.value;\n}\n\n/**\n * Getter function to get the {@link KeyringCapabilities} caveat value from a\n * permission.\n *\n * @param permission - The permission to get the caveat value from.\n * @returns The caveat value, or `null` if the permission does not have a\n * {@link KeyringCapabilities} caveat.\n */\nexport function getKeyringCaveatCapabilities(\n  permission?: PermissionConstraint,\n): KeyringCapabilities | null {\n  const caveat = permission?.caveats?.find(\n    (permCaveat) => permCaveat.type === SnapCaveatType.KeyringCapabilities,\n  ) as Caveat<string, KeyringCapabilities> | undefined;\n\n  return caveat?.value ?? null;\n}\n\nexport const keyringCaveatSpecifications: Record<\n  SnapCaveatType.KeyringOrigin | SnapCaveatType.KeyringCapabilities,\n  CaveatSpecificationConstraint\n> = {\n  [SnapCaveatType.KeyringOrigin]: Object.freeze({\n    type: SnapCaveatType.KeyringOrigin,\n    validator: (caveat: Caveat<string, any>) => validateCaveatOrigins(caveat),\n  }),\n  [SnapCaveatType.KeyringCapabilities]: Object.freeze({\n    type: SnapCaveatType.KeyringCapabilities,\n    validator: (caveat: Caveat<string, any>) =>\n      validateCaveatCapabilities(caveat),\n  }),\n};\n"]}
+{"version":3,"file":"keyring.cjs","sourceRoot":"","sources":["../../src/endowments/keyring.ts"],"names":[],"mappings":";;;AAUA,2EAA8E;AAC9E,qDAAiD;AAKjD,uDAI+B;AAE/B,2CAAuE;AAEvE,iDAA6D;AAC7D,qCAAwC;AAExC,MAAM,cAAc,GAAG,qBAAc,CAAC,OAAO,CAAC;AAW9C;;;;;;GAMG;AACH,MAAM,oBAAoB,GAItB,CAAC,eAAyB,EAAE,EAAE;IAChC,OAAO;QACL,cAAc,EAAE,sCAAc,CAAC,SAAS;QACxC,UAAU,EAAE,cAAc;QAC1B,cAAc,EAAE;YACd,4BAAc,CAAC,aAAa;YAC5B,4BAAc,CAAC,mBAAmB;YAClC,4BAAc,CAAC,cAAc;SAC9B;QACD,eAAe,EAAE,CAAC,cAAsC,EAAE,EAAE,CAAC,IAAI;QACjE,SAAS,EAAE,IAAA,0CAAgC,EAAC;YAC1C,EAAE,IAAI,EAAE,4BAAc,CAAC,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE;YACtD,EAAE,IAAI,EAAE,4BAAc,CAAC,mBAAmB,EAAE,QAAQ,EAAE,IAAI,EAAE;YAC5D,EAAE,IAAI,EAAE,4BAAc,CAAC,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE;SACxD,CAAC;QACF,YAAY,EAAE,CAAC,mCAAW,CAAC,IAAI,CAAC;KACjC,CAAC;AACJ,CAAC,CAAC;AAEW,QAAA,uBAAuB,GAAG,MAAM,CAAC,MAAM,CAAC;IACnD,UAAU,EAAE,cAAc;IAC1B,oBAAoB;CACZ,CAAC,CAAC;AAEZ;;;;;;GAMG;AACH,SAAS,qBAAqB,CAAC,MAA2B;IACxD,IAAI,CAAC,IAAA,mBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,IAAA,qBAAa,EAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,MAAM,sBAAS,CAAC,aAAa,CAAC;YAC5B,OAAO,EAAE,mDAAmD;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;IACzB,IAAA,oCAAsB,EAAC,KAAK,EAAE,sBAAS,CAAC,aAAa,CAAC,CAAC;AACzD,CAAC;AAED;;;;;;GAMG;AACH,SAAS,0BAA0B,CAAC,MAA2B;IAC7D,IAAI,CAAC,IAAA,mBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,IAAA,qBAAa,EAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,MAAM,sBAAS,CAAC,aAAa,CAAC;YAC5B,OAAO,EAAE,wDAAwD;SAClE,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;IACzB,IAAA,yCAA2B,EAAC,KAAK,EAAE,sBAAS,CAAC,aAAa,CAAC,CAAC;AAC9D,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,sBAAsB,CACpC,KAAW;IAEX,IAAI,CAAC,KAAK,IAAI,CAAC,IAAA,gBAAQ,EAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,OAAO,GAAuB;QAClC;YACE,IAAI,EAAE,4BAAc,CAAC,aAAa;YAClC,KAAK,EAAE,EAAE,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE;SAChD;KACF,CAAC;IAEF,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,4BAAc,CAAC,mBAAmB;YACxC,KAAK,EAAE,EAAE,YAAY,EAAE,KAAK,CAAC,YAAY,EAAE;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAA0C,EAAE,CAAC;AACjE,CAAC;AAtBD,wDAsBC;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,UAAiC;IAEjC,MAAM,MAAM,GAAG,UAAU,EAAE,OAAO,EAAE,IAAI,CACtC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,KAAK,4BAAc,CAAC,aAAa,CACnB,CAAC;IAEhD,OAAO,MAAM,EAAE,KAAK,IAAI,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC;AACjD,CAAC;AARD,0DAQC;AAED;;;;;;;GAOG;AACH,SAAgB,4BAA4B,CAC1C,UAAiC;IAEjC,MAAM,MAAM,GAAG,UAAU,EAAE,OAAO,EAAE,IAAI,CACtC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,KAAK,4BAAc,CAAC,mBAAmB,CACpB,CAAC;IAErD,OAAO,MAAM,EAAE,KAAK,IAAI,IAAI,CAAC;AAC/B,CAAC;AARD,oEAQC;AAEY,QAAA,2BAA2B,GAGpC;IACF,CAAC,4BAAc,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;QAC5C,IAAI,EAAE,4BAAc,CAAC,aAAa;QAClC,SAAS,EAAE,CAAC,MAA2B,EAAE,EAAE,CAAC,qBAAqB,CAAC,MAAM,CAAC;KAC1E,CAAC;IACF,CAAC,4BAAc,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;QAClD,IAAI,EAAE,4BAAc,CAAC,mBAAmB;QACxC,SAAS,EAAE,CAAC,MAA2B,EAAE,EAAE,CACzC,0BAA0B,CAAC,MAAM,CAAC;KACrC,CAAC;CACH,CAAC","sourcesContent":["import type {\n  Caveat,\n  CaveatConstraint,\n  CaveatSpecificationConstraint,\n  EndowmentGetterParams,\n  PermissionConstraint,\n  PermissionSpecificationBuilder,\n  PermissionValidatorConstraint,\n  ValidPermissionSpecification,\n} from '@metamask/permission-controller';\nimport { PermissionType, SubjectType } from '@metamask/permission-controller';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport type {\n  KeyringCapabilities,\n  KeyringOrigins,\n} from '@metamask/snaps-utils';\nimport {\n  assertIsKeyringCapabilities,\n  assertIsKeyringOrigins,\n  SnapCaveatType,\n} from '@metamask/snaps-utils';\nimport type { Json, NonEmptyArray } from '@metamask/utils';\nimport { hasProperty, isObject, isPlainObject } from '@metamask/utils';\n\nimport { createGenericPermissionValidator } from './caveats';\nimport { SnapEndowments } from './enum';\n\nconst permissionName = SnapEndowments.Keyring;\n\ntype KeyringEndowmentSpecification = ValidPermissionSpecification<{\n  permissionType: PermissionType.Endowment;\n  targetName: typeof permissionName;\n  endowmentGetter: (_options?: EndowmentGetterParams) => null;\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n  validator: PermissionValidatorConstraint;\n  subjectTypes: readonly SubjectType[];\n}>;\n\n/**\n * `endowment:keyring` returns nothing; it is intended to be used as a flag\n * by the client to detect whether the snap has keyring capabilities.\n *\n * @param _builderOptions - Optional specification builder options.\n * @returns The specification for the keyring endowment.\n */\nconst specificationBuilder: PermissionSpecificationBuilder<\n  PermissionType.Endowment,\n  any,\n  KeyringEndowmentSpecification\n> = (_builderOptions?: unknown) => {\n  return {\n    permissionType: PermissionType.Endowment,\n    targetName: permissionName,\n    allowedCaveats: [\n      SnapCaveatType.KeyringOrigin,\n      SnapCaveatType.KeyringCapabilities,\n      SnapCaveatType.MaxRequestTime,\n    ],\n    endowmentGetter: (_getterOptions?: EndowmentGetterParams) => null,\n    validator: createGenericPermissionValidator([\n      { type: SnapCaveatType.KeyringOrigin, optional: true },\n      { type: SnapCaveatType.KeyringCapabilities, optional: true },\n      { type: SnapCaveatType.MaxRequestTime, optional: true },\n    ]),\n    subjectTypes: [SubjectType.Snap],\n  };\n};\n\nexport const keyringEndowmentBuilder = Object.freeze({\n  targetName: permissionName,\n  specificationBuilder,\n} as const);\n\n/**\n * Validate the value of a keyring origins caveat. This does not validate the\n * type of the caveat itself, only the value of the caveat.\n *\n * @param caveat - The caveat to validate.\n * @throws If the caveat value is invalid.\n */\nfunction validateCaveatOrigins(caveat: Caveat<string, any>) {\n  if (!hasProperty(caveat, 'value') || !isPlainObject(caveat.value)) {\n    throw rpcErrors.invalidParams({\n      message: 'Invalid keyring origins: Expected a plain object.',\n    });\n  }\n\n  const { value } = caveat;\n  assertIsKeyringOrigins(value, rpcErrors.invalidParams);\n}\n\n/**\n * Validate the value of a keyring capabilities caveat. This does not validate\n * the type of the caveat itself, only the value of the caveat.\n *\n * @param caveat - The caveat to validate.\n * @throws If the caveat value is invalid.\n */\nfunction validateCaveatCapabilities(caveat: Caveat<string, any>) {\n  if (!hasProperty(caveat, 'value') || !isPlainObject(caveat.value)) {\n    throw rpcErrors.invalidParams({\n      message: 'Invalid keyring capabilities: Expected a plain object.',\n    });\n  }\n\n  const { value } = caveat;\n  assertIsKeyringCapabilities(value, rpcErrors.invalidParams);\n}\n\n/**\n * Map a raw value from the `initialPermissions` to a caveat specification.\n * Note that this function does not do any validation, that's handled by the\n * PermissionsController when the permission is requested.\n *\n * @param value - The raw value from the `initialPermissions`.\n * @returns The caveat specification.\n */\nexport function getKeyringCaveatMapper(\n  value: Json,\n): Pick<PermissionConstraint, 'caveats'> {\n  if (!value || !isObject(value) || Object.keys(value).length === 0) {\n    return { caveats: null };\n  }\n\n  const caveats: CaveatConstraint[] = [\n    {\n      type: SnapCaveatType.KeyringOrigin,\n      value: { allowedOrigins: value.allowedOrigins },\n    },\n  ];\n\n  if (value.capabilities) {\n    caveats.push({\n      type: SnapCaveatType.KeyringCapabilities,\n      value: { capabilities: value.capabilities },\n    });\n  }\n\n  return { caveats: caveats as NonEmptyArray<CaveatConstraint> };\n}\n\n/**\n * Getter function to get the {@link KeyringOrigins} caveat value from a\n * permission.\n *\n * @param permission - The permission to get the caveat value from.\n * @returns The caveat value.\n */\nexport function getKeyringCaveatOrigins(\n  permission?: PermissionConstraint,\n): KeyringOrigins {\n  const caveat = permission?.caveats?.find(\n    (permCaveat) => permCaveat.type === SnapCaveatType.KeyringOrigin,\n  ) as Caveat<string, KeyringOrigins> | undefined;\n\n  return caveat?.value ?? { allowedOrigins: [] };\n}\n\n/**\n * Getter function to get the {@link KeyringCapabilities} caveat value from a\n * permission.\n *\n * @param permission - The permission to get the caveat value from.\n * @returns The caveat value, or `null` if the permission does not have a\n * {@link KeyringCapabilities} caveat.\n */\nexport function getKeyringCaveatCapabilities(\n  permission?: PermissionConstraint,\n): KeyringCapabilities | null {\n  const caveat = permission?.caveats?.find(\n    (permCaveat) => permCaveat.type === SnapCaveatType.KeyringCapabilities,\n  ) as Caveat<string, KeyringCapabilities> | undefined;\n\n  return caveat?.value ?? null;\n}\n\nexport const keyringCaveatSpecifications: Record<\n  SnapCaveatType.KeyringOrigin | SnapCaveatType.KeyringCapabilities,\n  CaveatSpecificationConstraint\n> = {\n  [SnapCaveatType.KeyringOrigin]: Object.freeze({\n    type: SnapCaveatType.KeyringOrigin,\n    validator: (caveat: Caveat<string, any>) => validateCaveatOrigins(caveat),\n  }),\n  [SnapCaveatType.KeyringCapabilities]: Object.freeze({\n    type: SnapCaveatType.KeyringCapabilities,\n    validator: (caveat: Caveat<string, any>) =>\n      validateCaveatCapabilities(caveat),\n  }),\n};\n"]}

package/dist/endowments/keyring.d.cts

@@ -31,8 +31,6 @@ export declare function getKeyringCaveatMapper(value: Json): Pick<PermissionCons
  *
  * @param permission - The permission to get the caveat value from.
  * @returns The caveat value.
- * @throws If the permission does not have a valid {@link KeyringOrigins}
- * caveat.
  */
 export declare function getKeyringCaveatOrigins(permission?: PermissionConstraint): KeyringOrigins;
 /**

package/dist/endowments/keyring.d.cts.map

@@ -1 +1 @@
-{"version":3,"file":"keyring.d.cts","sourceRoot":"","sources":["../../src/endowments/keyring.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAGV,6BAA6B,EAC7B,qBAAqB,EACrB,oBAAoB,EACpB,8BAA8B,EAC9B,6BAA6B,EAE9B,wCAAwC;AACzC,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,wCAAwC;AAE9E,OAAO,KAAK,EACV,mBAAmB,EACnB,cAAc,EACf,8BAA8B;AAC/B,OAAO,EAGL,cAAc,EACf,8BAA8B;AAC/B,OAAO,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,wBAAwB;AAI3D,OAAO,EAAE,cAAc,EAAE,mBAAe;AAExC,QAAA,MAAM,cAAc,yBAAyB,CAAC;AAyC9C,eAAO,MAAM,uBAAuB;;;wBAtClB,eAAe,SAAS;oBAC5B,qBAAqB;qCACJ,qBAAqB,KAAK,IAAI;wBAC3C,SAAS,cAAc,MAAM,CAAC,CAAC,GAAG,IAAI;mBAC3C,6BAA6B;sBAC1B,SAAS,WAAW,EAAE;;EAoC3B,CAAC;AAsCZ;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,IAAI,GACV,IAAI,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAoBvC;AAED;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CACrC,UAAU,CAAC,EAAE,oBAAoB,GAChC,cAAc,CAOhB;AAED;;;;;;;GAOG;AACH,wBAAgB,4BAA4B,CAC1C,UAAU,CAAC,EAAE,oBAAoB,GAChC,mBAAmB,GAAG,IAAI,CAM5B;AAED,eAAO,MAAM,2BAA2B,EAAE,MAAM,CAC9C,cAAc,CAAC,aAAa,GAAG,cAAc,CAAC,mBAAmB,EACjE,6BAA6B,CAW9B,CAAC"}
+{"version":3,"file":"keyring.d.cts","sourceRoot":"","sources":["../../src/endowments/keyring.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAGV,6BAA6B,EAC7B,qBAAqB,EACrB,oBAAoB,EACpB,8BAA8B,EAC9B,6BAA6B,EAE9B,wCAAwC;AACzC,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,wCAAwC;AAE9E,OAAO,KAAK,EACV,mBAAmB,EACnB,cAAc,EACf,8BAA8B;AAC/B,OAAO,EAGL,cAAc,EACf,8BAA8B;AAC/B,OAAO,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,wBAAwB;AAI3D,OAAO,EAAE,cAAc,EAAE,mBAAe;AAExC,QAAA,MAAM,cAAc,yBAAyB,CAAC;AAyC9C,eAAO,MAAM,uBAAuB;;;wBAtClB,eAAe,SAAS;oBAC5B,qBAAqB;qCACJ,qBAAqB,KAAK,IAAI;wBAC3C,SAAS,cAAc,MAAM,CAAC,CAAC,GAAG,IAAI;mBAC3C,6BAA6B;sBAC1B,SAAS,WAAW,EAAE;;EAoC3B,CAAC;AAsCZ;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,IAAI,GACV,IAAI,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAoBvC;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,UAAU,CAAC,EAAE,oBAAoB,GAChC,cAAc,CAMhB;AAED;;;;;;;GAOG;AACH,wBAAgB,4BAA4B,CAC1C,UAAU,CAAC,EAAE,oBAAoB,GAChC,mBAAmB,GAAG,IAAI,CAM5B;AAED,eAAO,MAAM,2BAA2B,EAAE,MAAM,CAC9C,cAAc,CAAC,aAAa,GAAG,cAAc,CAAC,mBAAmB,EACjE,6BAA6B,CAW9B,CAAC"}

package/dist/endowments/keyring.d.mts

@@ -31,8 +31,6 @@ export declare function getKeyringCaveatMapper(value: Json): Pick<PermissionCons
  *
  * @param permission - The permission to get the caveat value from.
  * @returns The caveat value.
- * @throws If the permission does not have a valid {@link KeyringOrigins}
- * caveat.
  */
 export declare function getKeyringCaveatOrigins(permission?: PermissionConstraint): KeyringOrigins;
 /**

package/dist/endowments/keyring.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"keyring.d.mts","sourceRoot":"","sources":["../../src/endowments/keyring.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAGV,6BAA6B,EAC7B,qBAAqB,EACrB,oBAAoB,EACpB,8BAA8B,EAC9B,6BAA6B,EAE9B,wCAAwC;AACzC,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,wCAAwC;AAE9E,OAAO,KAAK,EACV,mBAAmB,EACnB,cAAc,EACf,8BAA8B;AAC/B,OAAO,EAGL,cAAc,EACf,8BAA8B;AAC/B,OAAO,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,wBAAwB;AAI3D,OAAO,EAAE,cAAc,EAAE,mBAAe;AAExC,QAAA,MAAM,cAAc,yBAAyB,CAAC;AAyC9C,eAAO,MAAM,uBAAuB;;;wBAtClB,eAAe,SAAS;oBAC5B,qBAAqB;qCACJ,qBAAqB,KAAK,IAAI;wBAC3C,SAAS,cAAc,MAAM,CAAC,CAAC,GAAG,IAAI;mBAC3C,6BAA6B;sBAC1B,SAAS,WAAW,EAAE;;EAoC3B,CAAC;AAsCZ;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,IAAI,GACV,IAAI,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAoBvC;AAED;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CACrC,UAAU,CAAC,EAAE,oBAAoB,GAChC,cAAc,CAOhB;AAED;;;;;;;GAOG;AACH,wBAAgB,4BAA4B,CAC1C,UAAU,CAAC,EAAE,oBAAoB,GAChC,mBAAmB,GAAG,IAAI,CAM5B;AAED,eAAO,MAAM,2BAA2B,EAAE,MAAM,CAC9C,cAAc,CAAC,aAAa,GAAG,cAAc,CAAC,mBAAmB,EACjE,6BAA6B,CAW9B,CAAC"}
+{"version":3,"file":"keyring.d.mts","sourceRoot":"","sources":["../../src/endowments/keyring.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAGV,6BAA6B,EAC7B,qBAAqB,EACrB,oBAAoB,EACpB,8BAA8B,EAC9B,6BAA6B,EAE9B,wCAAwC;AACzC,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,wCAAwC;AAE9E,OAAO,KAAK,EACV,mBAAmB,EACnB,cAAc,EACf,8BAA8B;AAC/B,OAAO,EAGL,cAAc,EACf,8BAA8B;AAC/B,OAAO,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,wBAAwB;AAI3D,OAAO,EAAE,cAAc,EAAE,mBAAe;AAExC,QAAA,MAAM,cAAc,yBAAyB,CAAC;AAyC9C,eAAO,MAAM,uBAAuB;;;wBAtClB,eAAe,SAAS;oBAC5B,qBAAqB;qCACJ,qBAAqB,KAAK,IAAI;wBAC3C,SAAS,cAAc,MAAM,CAAC,CAAC,GAAG,IAAI;mBAC3C,6BAA6B;sBAC1B,SAAS,WAAW,EAAE;;EAoC3B,CAAC;AAsCZ;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,IAAI,GACV,IAAI,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAoBvC;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,UAAU,CAAC,EAAE,oBAAoB,GAChC,cAAc,CAMhB;AAED;;;;;;;GAOG;AACH,wBAAgB,4BAA4B,CAC1C,UAAU,CAAC,EAAE,oBAAoB,GAChC,mBAAmB,GAAG,IAAI,CAM5B;AAED,eAAO,MAAM,2BAA2B,EAAE,MAAM,CAC9C,cAAc,CAAC,aAAa,GAAG,cAAc,CAAC,mBAAmB,EACjE,6BAA6B,CAW9B,CAAC"}

package/dist/endowments/keyring.mjs

@@ -1,7 +1,7 @@
 import { PermissionType, SubjectType } from "@metamask/permission-controller";
 import { rpcErrors } from "@metamask/rpc-errors";
 import { assertIsKeyringCapabilities, assertIsKeyringOrigins, SnapCaveatType } from "@metamask/snaps-utils";
-import { assert, hasProperty, isObject, isPlainObject } from "@metamask/utils";
+import { hasProperty, isObject, isPlainObject } from "@metamask/utils";
 import { createGenericPermissionValidator } from "./caveats/index.mjs";
 import { SnapEndowments } from "./enum.mjs";
 const permissionName = SnapEndowments.Keyring;
@@ -23,7 +23,7 @@ const specificationBuilder = (_builderOptions) => {
         ],
         endowmentGetter: (_getterOptions) => null,
         validator: createGenericPermissionValidator([
-            { type: SnapCaveatType.KeyringOrigin },
+            { type: SnapCaveatType.KeyringOrigin, optional: true },
             { type: SnapCaveatType.KeyringCapabilities, optional: true },
             { type: SnapCaveatType.MaxRequestTime, optional: true },
         ]),
@@ -98,13 +98,10 @@ export function getKeyringCaveatMapper(value) {
  *
  * @param permission - The permission to get the caveat value from.
  * @returns The caveat value.
- * @throws If the permission does not have a valid {@link KeyringOrigins}
- * caveat.
  */
 export function getKeyringCaveatOrigins(permission) {
     const caveat = permission?.caveats?.find((permCaveat) => permCaveat.type === SnapCaveatType.KeyringOrigin);
-    assert(caveat);
-    return caveat.value;
+    return caveat?.value ?? { allowedOrigins: [] };
 }
 /**
  * Getter function to get the {@link KeyringCapabilities} caveat value from a

package/dist/endowments/keyring.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"keyring.mjs","sourceRoot":"","sources":["../../src/endowments/keyring.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,wCAAwC;AAC9E,OAAO,EAAE,SAAS,EAAE,6BAA6B;AAKjD,OAAO,EACL,2BAA2B,EAC3B,sBAAsB,EACtB,cAAc,EACf,8BAA8B;AAE/B,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,aAAa,EAAE,wBAAwB;AAE/E,OAAO,EAAE,gCAAgC,EAAE,4BAAkB;AAC7D,OAAO,EAAE,cAAc,EAAE,mBAAe;AAExC,MAAM,cAAc,GAAG,cAAc,CAAC,OAAO,CAAC;AAW9C;;;;;;GAMG;AACH,MAAM,oBAAoB,GAItB,CAAC,eAAyB,EAAE,EAAE;IAChC,OAAO;QACL,cAAc,EAAE,cAAc,CAAC,SAAS;QACxC,UAAU,EAAE,cAAc;QAC1B,cAAc,EAAE;YACd,cAAc,CAAC,aAAa;YAC5B,cAAc,CAAC,mBAAmB;YAClC,cAAc,CAAC,cAAc;SAC9B;QACD,eAAe,EAAE,CAAC,cAAsC,EAAE,EAAE,CAAC,IAAI;QACjE,SAAS,EAAE,gCAAgC,CAAC;YAC1C,EAAE,IAAI,EAAE,cAAc,CAAC,aAAa,EAAE;YACtC,EAAE,IAAI,EAAE,cAAc,CAAC,mBAAmB,EAAE,QAAQ,EAAE,IAAI,EAAE;YAC5D,EAAE,IAAI,EAAE,cAAc,CAAC,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE;SACxD,CAAC;QACF,YAAY,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC;KACjC,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,uBAAuB,GAAG,MAAM,CAAC,MAAM,CAAC;IACnD,UAAU,EAAE,cAAc;IAC1B,oBAAoB;CACZ,CAAC,CAAC;AAEZ;;;;;;GAMG;AACH,SAAS,qBAAqB,CAAC,MAA2B;IACxD,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,MAAM,SAAS,CAAC,aAAa,CAAC;YAC5B,OAAO,EAAE,mDAAmD;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;IACzB,sBAAsB,CAAC,KAAK,EAAE,SAAS,CAAC,aAAa,CAAC,CAAC;AACzD,CAAC;AAED;;;;;;GAMG;AACH,SAAS,0BAA0B,CAAC,MAA2B;IAC7D,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,MAAM,SAAS,CAAC,aAAa,CAAC;YAC5B,OAAO,EAAE,wDAAwD;SAClE,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;IACzB,2BAA2B,CAAC,KAAK,EAAE,SAAS,CAAC,aAAa,CAAC,CAAC;AAC9D,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CACpC,KAAW;IAEX,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,OAAO,GAAuB;QAClC;YACE,IAAI,EAAE,cAAc,CAAC,aAAa;YAClC,KAAK,EAAE,EAAE,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE;SAChD;KACF,CAAC;IAEF,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,cAAc,CAAC,mBAAmB;YACxC,KAAK,EAAE,EAAE,YAAY,EAAE,KAAK,CAAC,YAAY,EAAE;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAA0C,EAAE,CAAC;AACjE,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,uBAAuB,CACrC,UAAiC;IAEjC,MAAM,MAAM,GAAG,UAAU,EAAE,OAAO,EAAE,IAAI,CACtC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,aAAa,CACnB,CAAC;IAEhD,MAAM,CAAC,MAAM,CAAC,CAAC;IACf,OAAO,MAAM,CAAC,KAAK,CAAC;AACtB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,4BAA4B,CAC1C,UAAiC;IAEjC,MAAM,MAAM,GAAG,UAAU,EAAE,OAAO,EAAE,IAAI,CACtC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,mBAAmB,CACpB,CAAC;IAErD,OAAO,MAAM,EAAE,KAAK,IAAI,IAAI,CAAC;AAC/B,CAAC;AAED,MAAM,CAAC,MAAM,2BAA2B,GAGpC;IACF,CAAC,cAAc,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;QAC5C,IAAI,EAAE,cAAc,CAAC,aAAa;QAClC,SAAS,EAAE,CAAC,MAA2B,EAAE,EAAE,CAAC,qBAAqB,CAAC,MAAM,CAAC;KAC1E,CAAC;IACF,CAAC,cAAc,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;QAClD,IAAI,EAAE,cAAc,CAAC,mBAAmB;QACxC,SAAS,EAAE,CAAC,MAA2B,EAAE,EAAE,CACzC,0BAA0B,CAAC,MAAM,CAAC;KACrC,CAAC;CACH,CAAC","sourcesContent":["import type {\n  Caveat,\n  CaveatConstraint,\n  CaveatSpecificationConstraint,\n  EndowmentGetterParams,\n  PermissionConstraint,\n  PermissionSpecificationBuilder,\n  PermissionValidatorConstraint,\n  ValidPermissionSpecification,\n} from '@metamask/permission-controller';\nimport { PermissionType, SubjectType } from '@metamask/permission-controller';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport type {\n  KeyringCapabilities,\n  KeyringOrigins,\n} from '@metamask/snaps-utils';\nimport {\n  assertIsKeyringCapabilities,\n  assertIsKeyringOrigins,\n  SnapCaveatType,\n} from '@metamask/snaps-utils';\nimport type { Json, NonEmptyArray } from '@metamask/utils';\nimport { assert, hasProperty, isObject, isPlainObject } from '@metamask/utils';\n\nimport { createGenericPermissionValidator } from './caveats';\nimport { SnapEndowments } from './enum';\n\nconst permissionName = SnapEndowments.Keyring;\n\ntype KeyringEndowmentSpecification = ValidPermissionSpecification<{\n  permissionType: PermissionType.Endowment;\n  targetName: typeof permissionName;\n  endowmentGetter: (_options?: EndowmentGetterParams) => null;\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n  validator: PermissionValidatorConstraint;\n  subjectTypes: readonly SubjectType[];\n}>;\n\n/**\n * `endowment:keyring` returns nothing; it is intended to be used as a flag\n * by the client to detect whether the snap has keyring capabilities.\n *\n * @param _builderOptions - Optional specification builder options.\n * @returns The specification for the keyring endowment.\n */\nconst specificationBuilder: PermissionSpecificationBuilder<\n  PermissionType.Endowment,\n  any,\n  KeyringEndowmentSpecification\n> = (_builderOptions?: unknown) => {\n  return {\n    permissionType: PermissionType.Endowment,\n    targetName: permissionName,\n    allowedCaveats: [\n      SnapCaveatType.KeyringOrigin,\n      SnapCaveatType.KeyringCapabilities,\n      SnapCaveatType.MaxRequestTime,\n    ],\n    endowmentGetter: (_getterOptions?: EndowmentGetterParams) => null,\n    validator: createGenericPermissionValidator([\n      { type: SnapCaveatType.KeyringOrigin },\n      { type: SnapCaveatType.KeyringCapabilities, optional: true },\n      { type: SnapCaveatType.MaxRequestTime, optional: true },\n    ]),\n    subjectTypes: [SubjectType.Snap],\n  };\n};\n\nexport const keyringEndowmentBuilder = Object.freeze({\n  targetName: permissionName,\n  specificationBuilder,\n} as const);\n\n/**\n * Validate the value of a keyring origins caveat. This does not validate the\n * type of the caveat itself, only the value of the caveat.\n *\n * @param caveat - The caveat to validate.\n * @throws If the caveat value is invalid.\n */\nfunction validateCaveatOrigins(caveat: Caveat<string, any>) {\n  if (!hasProperty(caveat, 'value') || !isPlainObject(caveat.value)) {\n    throw rpcErrors.invalidParams({\n      message: 'Invalid keyring origins: Expected a plain object.',\n    });\n  }\n\n  const { value } = caveat;\n  assertIsKeyringOrigins(value, rpcErrors.invalidParams);\n}\n\n/**\n * Validate the value of a keyring capabilities caveat. This does not validate\n * the type of the caveat itself, only the value of the caveat.\n *\n * @param caveat - The caveat to validate.\n * @throws If the caveat value is invalid.\n */\nfunction validateCaveatCapabilities(caveat: Caveat<string, any>) {\n  if (!hasProperty(caveat, 'value') || !isPlainObject(caveat.value)) {\n    throw rpcErrors.invalidParams({\n      message: 'Invalid keyring capabilities: Expected a plain object.',\n    });\n  }\n\n  const { value } = caveat;\n  assertIsKeyringCapabilities(value, rpcErrors.invalidParams);\n}\n\n/**\n * Map a raw value from the `initialPermissions` to a caveat specification.\n * Note that this function does not do any validation, that's handled by the\n * PermissionsController when the permission is requested.\n *\n * @param value - The raw value from the `initialPermissions`.\n * @returns The caveat specification.\n */\nexport function getKeyringCaveatMapper(\n  value: Json,\n): Pick<PermissionConstraint, 'caveats'> {\n  if (!value || !isObject(value) || Object.keys(value).length === 0) {\n    return { caveats: null };\n  }\n\n  const caveats: CaveatConstraint[] = [\n    {\n      type: SnapCaveatType.KeyringOrigin,\n      value: { allowedOrigins: value.allowedOrigins },\n    },\n  ];\n\n  if (value.capabilities) {\n    caveats.push({\n      type: SnapCaveatType.KeyringCapabilities,\n      value: { capabilities: value.capabilities },\n    });\n  }\n\n  return { caveats: caveats as NonEmptyArray<CaveatConstraint> };\n}\n\n/**\n * Getter function to get the {@link KeyringOrigins} caveat value from a\n * permission.\n *\n * @param permission - The permission to get the caveat value from.\n * @returns The caveat value.\n * @throws If the permission does not have a valid {@link KeyringOrigins}\n * caveat.\n */\nexport function getKeyringCaveatOrigins(\n  permission?: PermissionConstraint,\n): KeyringOrigins {\n  const caveat = permission?.caveats?.find(\n    (permCaveat) => permCaveat.type === SnapCaveatType.KeyringOrigin,\n  ) as Caveat<string, KeyringOrigins> | undefined;\n\n  assert(caveat);\n  return caveat.value;\n}\n\n/**\n * Getter function to get the {@link KeyringCapabilities} caveat value from a\n * permission.\n *\n * @param permission - The permission to get the caveat value from.\n * @returns The caveat value, or `null` if the permission does not have a\n * {@link KeyringCapabilities} caveat.\n */\nexport function getKeyringCaveatCapabilities(\n  permission?: PermissionConstraint,\n): KeyringCapabilities | null {\n  const caveat = permission?.caveats?.find(\n    (permCaveat) => permCaveat.type === SnapCaveatType.KeyringCapabilities,\n  ) as Caveat<string, KeyringCapabilities> | undefined;\n\n  return caveat?.value ?? null;\n}\n\nexport const keyringCaveatSpecifications: Record<\n  SnapCaveatType.KeyringOrigin | SnapCaveatType.KeyringCapabilities,\n  CaveatSpecificationConstraint\n> = {\n  [SnapCaveatType.KeyringOrigin]: Object.freeze({\n    type: SnapCaveatType.KeyringOrigin,\n    validator: (caveat: Caveat<string, any>) => validateCaveatOrigins(caveat),\n  }),\n  [SnapCaveatType.KeyringCapabilities]: Object.freeze({\n    type: SnapCaveatType.KeyringCapabilities,\n    validator: (caveat: Caveat<string, any>) =>\n      validateCaveatCapabilities(caveat),\n  }),\n};\n"]}
+{"version":3,"file":"keyring.mjs","sourceRoot":"","sources":["../../src/endowments/keyring.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,wCAAwC;AAC9E,OAAO,EAAE,SAAS,EAAE,6BAA6B;AAKjD,OAAO,EACL,2BAA2B,EAC3B,sBAAsB,EACtB,cAAc,EACf,8BAA8B;AAE/B,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,aAAa,EAAE,wBAAwB;AAEvE,OAAO,EAAE,gCAAgC,EAAE,4BAAkB;AAC7D,OAAO,EAAE,cAAc,EAAE,mBAAe;AAExC,MAAM,cAAc,GAAG,cAAc,CAAC,OAAO,CAAC;AAW9C;;;;;;GAMG;AACH,MAAM,oBAAoB,GAItB,CAAC,eAAyB,EAAE,EAAE;IAChC,OAAO;QACL,cAAc,EAAE,cAAc,CAAC,SAAS;QACxC,UAAU,EAAE,cAAc;QAC1B,cAAc,EAAE;YACd,cAAc,CAAC,aAAa;YAC5B,cAAc,CAAC,mBAAmB;YAClC,cAAc,CAAC,cAAc;SAC9B;QACD,eAAe,EAAE,CAAC,cAAsC,EAAE,EAAE,CAAC,IAAI;QACjE,SAAS,EAAE,gCAAgC,CAAC;YAC1C,EAAE,IAAI,EAAE,cAAc,CAAC,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE;YACtD,EAAE,IAAI,EAAE,cAAc,CAAC,mBAAmB,EAAE,QAAQ,EAAE,IAAI,EAAE;YAC5D,EAAE,IAAI,EAAE,cAAc,CAAC,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE;SACxD,CAAC;QACF,YAAY,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC;KACjC,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,uBAAuB,GAAG,MAAM,CAAC,MAAM,CAAC;IACnD,UAAU,EAAE,cAAc;IAC1B,oBAAoB;CACZ,CAAC,CAAC;AAEZ;;;;;;GAMG;AACH,SAAS,qBAAqB,CAAC,MAA2B;IACxD,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,MAAM,SAAS,CAAC,aAAa,CAAC;YAC5B,OAAO,EAAE,mDAAmD;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;IACzB,sBAAsB,CAAC,KAAK,EAAE,SAAS,CAAC,aAAa,CAAC,CAAC;AACzD,CAAC;AAED;;;;;;GAMG;AACH,SAAS,0BAA0B,CAAC,MAA2B;IAC7D,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,MAAM,SAAS,CAAC,aAAa,CAAC;YAC5B,OAAO,EAAE,wDAAwD;SAClE,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;IACzB,2BAA2B,CAAC,KAAK,EAAE,SAAS,CAAC,aAAa,CAAC,CAAC;AAC9D,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CACpC,KAAW;IAEX,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,OAAO,GAAuB;QAClC;YACE,IAAI,EAAE,cAAc,CAAC,aAAa;YAClC,KAAK,EAAE,EAAE,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE;SAChD;KACF,CAAC;IAEF,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,cAAc,CAAC,mBAAmB;YACxC,KAAK,EAAE,EAAE,YAAY,EAAE,KAAK,CAAC,YAAY,EAAE;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAA0C,EAAE,CAAC;AACjE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CACrC,UAAiC;IAEjC,MAAM,MAAM,GAAG,UAAU,EAAE,OAAO,EAAE,IAAI,CACtC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,aAAa,CACnB,CAAC;IAEhD,OAAO,MAAM,EAAE,KAAK,IAAI,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC;AACjD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,4BAA4B,CAC1C,UAAiC;IAEjC,MAAM,MAAM,GAAG,UAAU,EAAE,OAAO,EAAE,IAAI,CACtC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,mBAAmB,CACpB,CAAC;IAErD,OAAO,MAAM,EAAE,KAAK,IAAI,IAAI,CAAC;AAC/B,CAAC;AAED,MAAM,CAAC,MAAM,2BAA2B,GAGpC;IACF,CAAC,cAAc,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;QAC5C,IAAI,EAAE,cAAc,CAAC,aAAa;QAClC,SAAS,EAAE,CAAC,MAA2B,EAAE,EAAE,CAAC,qBAAqB,CAAC,MAAM,CAAC;KAC1E,CAAC;IACF,CAAC,cAAc,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;QAClD,IAAI,EAAE,cAAc,CAAC,mBAAmB;QACxC,SAAS,EAAE,CAAC,MAA2B,EAAE,EAAE,CACzC,0BAA0B,CAAC,MAAM,CAAC;KACrC,CAAC;CACH,CAAC","sourcesContent":["import type {\n  Caveat,\n  CaveatConstraint,\n  CaveatSpecificationConstraint,\n  EndowmentGetterParams,\n  PermissionConstraint,\n  PermissionSpecificationBuilder,\n  PermissionValidatorConstraint,\n  ValidPermissionSpecification,\n} from '@metamask/permission-controller';\nimport { PermissionType, SubjectType } from '@metamask/permission-controller';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport type {\n  KeyringCapabilities,\n  KeyringOrigins,\n} from '@metamask/snaps-utils';\nimport {\n  assertIsKeyringCapabilities,\n  assertIsKeyringOrigins,\n  SnapCaveatType,\n} from '@metamask/snaps-utils';\nimport type { Json, NonEmptyArray } from '@metamask/utils';\nimport { hasProperty, isObject, isPlainObject } from '@metamask/utils';\n\nimport { createGenericPermissionValidator } from './caveats';\nimport { SnapEndowments } from './enum';\n\nconst permissionName = SnapEndowments.Keyring;\n\ntype KeyringEndowmentSpecification = ValidPermissionSpecification<{\n  permissionType: PermissionType.Endowment;\n  targetName: typeof permissionName;\n  endowmentGetter: (_options?: EndowmentGetterParams) => null;\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n  validator: PermissionValidatorConstraint;\n  subjectTypes: readonly SubjectType[];\n}>;\n\n/**\n * `endowment:keyring` returns nothing; it is intended to be used as a flag\n * by the client to detect whether the snap has keyring capabilities.\n *\n * @param _builderOptions - Optional specification builder options.\n * @returns The specification for the keyring endowment.\n */\nconst specificationBuilder: PermissionSpecificationBuilder<\n  PermissionType.Endowment,\n  any,\n  KeyringEndowmentSpecification\n> = (_builderOptions?: unknown) => {\n  return {\n    permissionType: PermissionType.Endowment,\n    targetName: permissionName,\n    allowedCaveats: [\n      SnapCaveatType.KeyringOrigin,\n      SnapCaveatType.KeyringCapabilities,\n      SnapCaveatType.MaxRequestTime,\n    ],\n    endowmentGetter: (_getterOptions?: EndowmentGetterParams) => null,\n    validator: createGenericPermissionValidator([\n      { type: SnapCaveatType.KeyringOrigin, optional: true },\n      { type: SnapCaveatType.KeyringCapabilities, optional: true },\n      { type: SnapCaveatType.MaxRequestTime, optional: true },\n    ]),\n    subjectTypes: [SubjectType.Snap],\n  };\n};\n\nexport const keyringEndowmentBuilder = Object.freeze({\n  targetName: permissionName,\n  specificationBuilder,\n} as const);\n\n/**\n * Validate the value of a keyring origins caveat. This does not validate the\n * type of the caveat itself, only the value of the caveat.\n *\n * @param caveat - The caveat to validate.\n * @throws If the caveat value is invalid.\n */\nfunction validateCaveatOrigins(caveat: Caveat<string, any>) {\n  if (!hasProperty(caveat, 'value') || !isPlainObject(caveat.value)) {\n    throw rpcErrors.invalidParams({\n      message: 'Invalid keyring origins: Expected a plain object.',\n    });\n  }\n\n  const { value } = caveat;\n  assertIsKeyringOrigins(value, rpcErrors.invalidParams);\n}\n\n/**\n * Validate the value of a keyring capabilities caveat. This does not validate\n * the type of the caveat itself, only the value of the caveat.\n *\n * @param caveat - The caveat to validate.\n * @throws If the caveat value is invalid.\n */\nfunction validateCaveatCapabilities(caveat: Caveat<string, any>) {\n  if (!hasProperty(caveat, 'value') || !isPlainObject(caveat.value)) {\n    throw rpcErrors.invalidParams({\n      message: 'Invalid keyring capabilities: Expected a plain object.',\n    });\n  }\n\n  const { value } = caveat;\n  assertIsKeyringCapabilities(value, rpcErrors.invalidParams);\n}\n\n/**\n * Map a raw value from the `initialPermissions` to a caveat specification.\n * Note that this function does not do any validation, that's handled by the\n * PermissionsController when the permission is requested.\n *\n * @param value - The raw value from the `initialPermissions`.\n * @returns The caveat specification.\n */\nexport function getKeyringCaveatMapper(\n  value: Json,\n): Pick<PermissionConstraint, 'caveats'> {\n  if (!value || !isObject(value) || Object.keys(value).length === 0) {\n    return { caveats: null };\n  }\n\n  const caveats: CaveatConstraint[] = [\n    {\n      type: SnapCaveatType.KeyringOrigin,\n      value: { allowedOrigins: value.allowedOrigins },\n    },\n  ];\n\n  if (value.capabilities) {\n    caveats.push({\n      type: SnapCaveatType.KeyringCapabilities,\n      value: { capabilities: value.capabilities },\n    });\n  }\n\n  return { caveats: caveats as NonEmptyArray<CaveatConstraint> };\n}\n\n/**\n * Getter function to get the {@link KeyringOrigins} caveat value from a\n * permission.\n *\n * @param permission - The permission to get the caveat value from.\n * @returns The caveat value.\n */\nexport function getKeyringCaveatOrigins(\n  permission?: PermissionConstraint,\n): KeyringOrigins {\n  const caveat = permission?.caveats?.find(\n    (permCaveat) => permCaveat.type === SnapCaveatType.KeyringOrigin,\n  ) as Caveat<string, KeyringOrigins> | undefined;\n\n  return caveat?.value ?? { allowedOrigins: [] };\n}\n\n/**\n * Getter function to get the {@link KeyringCapabilities} caveat value from a\n * permission.\n *\n * @param permission - The permission to get the caveat value from.\n * @returns The caveat value, or `null` if the permission does not have a\n * {@link KeyringCapabilities} caveat.\n */\nexport function getKeyringCaveatCapabilities(\n  permission?: PermissionConstraint,\n): KeyringCapabilities | null {\n  const caveat = permission?.caveats?.find(\n    (permCaveat) => permCaveat.type === SnapCaveatType.KeyringCapabilities,\n  ) as Caveat<string, KeyringCapabilities> | undefined;\n\n  return caveat?.value ?? null;\n}\n\nexport const keyringCaveatSpecifications: Record<\n  SnapCaveatType.KeyringOrigin | SnapCaveatType.KeyringCapabilities,\n  CaveatSpecificationConstraint\n> = {\n  [SnapCaveatType.KeyringOrigin]: Object.freeze({\n    type: SnapCaveatType.KeyringOrigin,\n    validator: (caveat: Caveat<string, any>) => validateCaveatOrigins(caveat),\n  }),\n  [SnapCaveatType.KeyringCapabilities]: Object.freeze({\n    type: SnapCaveatType.KeyringCapabilities,\n    validator: (caveat: Caveat<string, any>) =>\n      validateCaveatCapabilities(caveat),\n  }),\n};\n"]}

package/dist/index.cjs

@@ -14,14 +14,11 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.selectHooks = exports.SnapCaveatType = exports.createSnapsMethodMiddleware = exports.permittedMethods = void 0;
+exports.SnapCaveatType = exports.createSnapsMethodMiddleware = void 0;
 var permitted_1 = require("./permitted/index.cjs");
-Object.defineProperty(exports, "permittedMethods", { enumerable: true, get: function () { return permitted_1.handlers; } });
 Object.defineProperty(exports, "createSnapsMethodMiddleware", { enumerable: true, get: function () { return permitted_1.createSnapsMethodMiddleware; } });
 var snaps_utils_1 = require("@metamask/snaps-utils");
 Object.defineProperty(exports, "SnapCaveatType", { enumerable: true, get: function () { return snaps_utils_1.SnapCaveatType; } });
-var utils_1 = require("./utils.cjs");
-Object.defineProperty(exports, "selectHooks", { enumerable: true, get: function () { return utils_1.selectHooks; } });
 __exportStar(require("./endowments/index.cjs"), exports);
 __exportStar(require("./middleware/index.cjs"), exports);
 __exportStar(require("./permissions.cjs"), exports);

package/dist/index.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"index.cjs","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,mDAGqB;AAFnB,6GAAA,QAAQ,OAAoB;AAC5B,wHAAA,2BAA2B,OAAA;AAG7B,qDAAuD;AAA9C,6GAAA,cAAc,OAAA;AACvB,qCAAsC;AAA7B,oGAAA,WAAW,OAAA;AACpB,yDAA6B;AAC7B,yDAA6B;AAC7B,oDAA8B;AAC9B,yDAA6B","sourcesContent":["export {\n  handlers as permittedMethods,\n  createSnapsMethodMiddleware,\n} from './permitted';\nexport type { PermittedRpcMethodHooks } from './permitted';\nexport { SnapCaveatType } from '@metamask/snaps-utils';\nexport { selectHooks } from './utils';\nexport * from './endowments';\nexport * from './middleware';\nexport * from './permissions';\nexport * from './restricted';\n"]}
+{"version":3,"file":"index.cjs","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,mDAA0D;AAAjD,wHAAA,2BAA2B,OAAA;AAEpC,qDAAuD;AAA9C,6GAAA,cAAc,OAAA;AACvB,yDAA6B;AAC7B,yDAA6B;AAC7B,oDAA8B;AAC9B,yDAA6B","sourcesContent":["export { createSnapsMethodMiddleware } from './permitted';\nexport type { PermittedRpcMethodHooks } from './permitted';\nexport { SnapCaveatType } from '@metamask/snaps-utils';\nexport * from './endowments';\nexport * from './middleware';\nexport * from './permissions';\nexport * from './restricted';\n"]}

package/dist/index.d.cts

@@ -1,7 +1,6 @@
-export { handlers as permittedMethods, createSnapsMethodMiddleware, } from "./permitted/index.cjs";
+export { createSnapsMethodMiddleware } from "./permitted/index.cjs";
 export type { PermittedRpcMethodHooks } from "./permitted/index.cjs";
 export { SnapCaveatType } from "@metamask/snaps-utils";
-export { selectHooks } from "./utils.cjs";
 export * from "./endowments/index.cjs";
 export * from "./middleware/index.cjs";
 export * from "./permissions.cjs";

package/dist/index.d.cts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.cts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,QAAQ,IAAI,gBAAgB,EAC5B,2BAA2B,GAC5B,8BAAoB;AACrB,YAAY,EAAE,uBAAuB,EAAE,8BAAoB;AAC3D,OAAO,EAAE,cAAc,EAAE,8BAA8B;AACvD,OAAO,EAAE,WAAW,EAAE,oBAAgB;AACtC,uCAA6B;AAC7B,uCAA6B;AAC7B,kCAA8B;AAC9B,uCAA6B"}
+{"version":3,"file":"index.d.cts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,8BAAoB;AAC1D,YAAY,EAAE,uBAAuB,EAAE,8BAAoB;AAC3D,OAAO,EAAE,cAAc,EAAE,8BAA8B;AACvD,uCAA6B;AAC7B,uCAA6B;AAC7B,kCAA8B;AAC9B,uCAA6B"}

package/dist/index.d.mts

@@ -1,7 +1,6 @@
-export { handlers as permittedMethods, createSnapsMethodMiddleware, } from "./permitted/index.mjs";
+export { createSnapsMethodMiddleware } from "./permitted/index.mjs";
 export type { PermittedRpcMethodHooks } from "./permitted/index.mjs";
 export { SnapCaveatType } from "@metamask/snaps-utils";
-export { selectHooks } from "./utils.mjs";
 export * from "./endowments/index.mjs";
 export * from "./middleware/index.mjs";
 export * from "./permissions.mjs";

package/dist/index.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.mts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,QAAQ,IAAI,gBAAgB,EAC5B,2BAA2B,GAC5B,8BAAoB;AACrB,YAAY,EAAE,uBAAuB,EAAE,8BAAoB;AAC3D,OAAO,EAAE,cAAc,EAAE,8BAA8B;AACvD,OAAO,EAAE,WAAW,EAAE,oBAAgB;AACtC,uCAA6B;AAC7B,uCAA6B;AAC7B,kCAA8B;AAC9B,uCAA6B"}
+{"version":3,"file":"index.d.mts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,8BAAoB;AAC1D,YAAY,EAAE,uBAAuB,EAAE,8BAAoB;AAC3D,OAAO,EAAE,cAAc,EAAE,8BAA8B;AACvD,uCAA6B;AAC7B,uCAA6B;AAC7B,kCAA8B;AAC9B,uCAA6B"}

package/dist/index.mjs

@@ -1,6 +1,5 @@
-export { handlers as permittedMethods, createSnapsMethodMiddleware } from "./permitted/index.mjs";
+export { createSnapsMethodMiddleware } from "./permitted/index.mjs";
 export { SnapCaveatType } from "@metamask/snaps-utils";
-export { selectHooks } from "./utils.mjs";
 export * from "./endowments/index.mjs";
 export * from "./middleware/index.mjs";
 export * from "./permissions.mjs";

package/dist/index.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"index.mjs","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,QAAQ,IAAI,gBAAgB,EAC5B,2BAA2B,EAC5B,8BAAoB;AAErB,OAAO,EAAE,cAAc,EAAE,8BAA8B;AACvD,OAAO,EAAE,WAAW,EAAE,oBAAgB;AACtC,uCAA6B;AAC7B,uCAA6B;AAC7B,kCAA8B;AAC9B,uCAA6B","sourcesContent":["export {\n  handlers as permittedMethods,\n  createSnapsMethodMiddleware,\n} from './permitted';\nexport type { PermittedRpcMethodHooks } from './permitted';\nexport { SnapCaveatType } from '@metamask/snaps-utils';\nexport { selectHooks } from './utils';\nexport * from './endowments';\nexport * from './middleware';\nexport * from './permissions';\nexport * from './restricted';\n"]}
+{"version":3,"file":"index.mjs","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,8BAAoB;AAE1D,OAAO,EAAE,cAAc,EAAE,8BAA8B;AACvD,uCAA6B;AAC7B,uCAA6B;AAC7B,kCAA8B;AAC9B,uCAA6B","sourcesContent":["export { createSnapsMethodMiddleware } from './permitted';\nexport type { PermittedRpcMethodHooks } from './permitted';\nexport { SnapCaveatType } from '@metamask/snaps-utils';\nexport * from './endowments';\nexport * from './middleware';\nexport * from './permissions';\nexport * from './restricted';\n"]}

package/dist/permissions.cjs

@@ -1,10 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.buildSnapRestrictedMethodSpecifications = exports.buildSnapEndowmentSpecifications = exports.processSnapPermissions = void 0;
+const v2_1 = require("@metamask/json-rpc-engine/v2");
+const permission_controller_1 = require("@metamask/permission-controller");
 const utils_1 = require("@metamask/utils");
 const endowments_1 = require("./endowments/index.cjs");
 const restricted_1 = require("./restricted/index.cjs");
-const utils_2 = require("./utils.cjs");
 /**
  * Map initial permissions as defined in a Snap manifest to something that can
  * be processed by the PermissionsController. Each caveat mapping function
@@ -42,14 +43,23 @@ const buildSnapEndowmentSpecifications = (excludedEndowments) => Object.values(e
     return allSpecifications;
 }, {});
 exports.buildSnapEndowmentSpecifications = buildSnapEndowmentSpecifications;
-const buildSnapRestrictedMethodSpecifications = (excludedPermissions, hooks) => Object.values(restricted_1.restrictedMethodPermissionBuilders).reduce((specifications, { targetName, specificationBuilder, methodHooks }) => {
-    if (!excludedPermissions.includes(targetName)) {
+const buildSnapRestrictedMethodSpecifications = (excludedPermissions, hooks, messenger) => {
+    const permissionBuilders = Object.values(restricted_1.restrictedMethodPermissionBuilders).filter((builder) => !excludedPermissions.includes(builder.targetName));
+    const expectedHookNames = new Set(permissionBuilders.flatMap((builder) => builder.methodHooks
+        ? Object.getOwnPropertyNames(builder.methodHooks)
+        : []));
+    (0, v2_1.assertExpectedHooks)(hooks, expectedHookNames);
+    return permissionBuilders.reduce((specifications, { targetName, specificationBuilder, methodHooks, actionNames }) => {
         specifications[targetName] = specificationBuilder({
-            // @ts-expect-error The selectHooks type is wonky
-            methodHooks: (0, utils_2.selectHooks)(hooks, methodHooks),
+            methodHooks: (0, v2_1.selectHooks)(hooks, methodHooks),
+            messenger: (0, permission_controller_1.createRestrictedMethodMessenger)({
+                namespace: targetName,
+                rootMessenger: messenger,
+                actionNames: actionNames,
+            }),
         });
-    }
-    return specifications;
-}, {});
+        return specifications;
+    }, {});
+};
 exports.buildSnapRestrictedMethodSpecifications = buildSnapRestrictedMethodSpecifications;
 //# sourceMappingURL=permissions.cjs.map

package/dist/permissions.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"permissions.cjs","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":";;;AAKA,2CAA8C;AAE9C,uDAGsB;AACtB,uDAGsB;AACtB,uCAAsC;AAEtC;;;;;;;;;;GAUG;AACH,SAAgB,sBAAsB,CACpC,kBAAmC;IAEnC,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,iBAAiB,EAAE,KAAK,CAAC,EAAE,EAAE;QACpE,IAAI,IAAA,mBAAW,EAAC,0BAAa,EAAE,iBAAiB,CAAC,EAAE,CAAC;YAClD,OAAO,CAAC,iBAAiB,EAAE,0BAAa,CAAC,iBAAiB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QACtE,CAAC;aAAM,IAAI,IAAA,mBAAW,EAAC,mCAAsB,EAAE,iBAAiB,CAAC,EAAE,CAAC;YAClE,OAAO;gBACL,iBAAiB;gBACjB,mCAAsB,CAAC,iBAAiB,CAAC,CAAC,KAAK,CAAC;aACjD,CAAC;QACJ,CAAC;QAED,yEAAyE;QACzE,OAAO;YACL,iBAAiB;YACjB,KAA8C;SAC/C,CAAC;IACJ,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AArBD,wDAqBC;AAEM,MAAM,gCAAgC,GAAG,CAC9C,kBAA4B,EAC5B,EAAE,CACF,MAAM,CAAC,MAAM,CAAC,wCAA2B,CAAC,CAAC,MAAM,CAE/C,CAAC,iBAAiB,EAAE,EAAE,UAAU,EAAE,oBAAoB,EAAE,EAAE,EAAE;IAC5D,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7C,iBAAiB,CAAC,UAAU,CAAC,GAAG,oBAAoB,CAAC,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC,EAAE,EAAE,CAAC,CAAC;AAVI,QAAA,gCAAgC,oCAUpC;AAEF,MAAM,uCAAuC,GAAG,CACrD,mBAA6B,EAC7B,KAA8B,EAC9B,EAAE,CACF,MAAM,CAAC,MAAM,CAAC,+CAAkC,CAAC,CAAC,MAAM,CAEtD,CAAC,cAAc,EAAE,EAAE,UAAU,EAAE,oBAAoB,EAAE,WAAW,EAAE,EAAE,EAAE;IACtE,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9C,cAAc,CAAC,UAAU,CAAC,GAAG,oBAAoB,CAAC;YAChD,iDAAiD;YACjD,WAAW,EAAE,IAAA,mBAAW,EACtB,KAAK,EACL,WAAW,CACoC;SAClD,CAAC,CAAC;IACL,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC,EAAE,EAAE,CAAC,CAAC;AAjBI,QAAA,uCAAuC,2CAiB3C","sourcesContent":["import type {\n  PermissionConstraint,\n  PermissionSpecificationConstraint,\n} from '@metamask/permission-controller';\nimport type { SnapPermissions } from '@metamask/snaps-utils';\nimport { hasProperty } from '@metamask/utils';\n\nimport {\n  endowmentCaveatMappers,\n  endowmentPermissionBuilders,\n} from './endowments';\nimport {\n  caveatMappers,\n  restrictedMethodPermissionBuilders,\n} from './restricted';\nimport { selectHooks } from './utils';\n\n/**\n * Map initial permissions as defined in a Snap manifest to something that can\n * be processed by the PermissionsController. Each caveat mapping function\n * should return a valid permission caveat value.\n *\n * This function does not validate the caveat values, since that is done by\n * the PermissionsController itself, upon requesting the permissions.\n *\n * @param initialPermissions - The initial permissions to process.\n * @returns The processed permissions.\n */\nexport function processSnapPermissions(\n  initialPermissions: SnapPermissions,\n): Record<string, Pick<PermissionConstraint, 'caveats'>> {\n  return Object.fromEntries(\n    Object.entries(initialPermissions).map(([initialPermission, value]) => {\n      if (hasProperty(caveatMappers, initialPermission)) {\n        return [initialPermission, caveatMappers[initialPermission](value)];\n      } else if (hasProperty(endowmentCaveatMappers, initialPermission)) {\n        return [\n          initialPermission,\n          endowmentCaveatMappers[initialPermission](value),\n        ];\n      }\n\n      // If we have no mapping, this may be a non-snap permission, return as-is\n      return [\n        initialPermission,\n        value as Pick<PermissionConstraint, 'caveats'>,\n      ];\n    }),\n  );\n}\n\nexport const buildSnapEndowmentSpecifications = (\n  excludedEndowments: string[],\n) =>\n  Object.values(endowmentPermissionBuilders).reduce<\n    Record<string, PermissionSpecificationConstraint>\n  >((allSpecifications, { targetName, specificationBuilder }) => {\n    if (!excludedEndowments.includes(targetName)) {\n      allSpecifications[targetName] = specificationBuilder({});\n    }\n    return allSpecifications;\n  }, {});\n\nexport const buildSnapRestrictedMethodSpecifications = (\n  excludedPermissions: string[],\n  hooks: Record<string, unknown>,\n) =>\n  Object.values(restrictedMethodPermissionBuilders).reduce<\n    Record<string, PermissionSpecificationConstraint>\n  >((specifications, { targetName, specificationBuilder, methodHooks }) => {\n    if (!excludedPermissions.includes(targetName)) {\n      specifications[targetName] = specificationBuilder({\n        // @ts-expect-error The selectHooks type is wonky\n        methodHooks: selectHooks<typeof hooks, keyof typeof methodHooks>(\n          hooks,\n          methodHooks,\n        ) as Pick<typeof hooks, keyof typeof methodHooks>,\n      });\n    }\n    return specifications;\n  }, {});\n"]}
+{"version":3,"file":"permissions.cjs","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":";;;AAAA,qDAAgF;AAChF,2EAIyC;AAEzC,2CAA8C;AAE9C,uDAGsB;AAKtB,uDAGsB;AAEtB;;;;;;;;;;GAUG;AACH,SAAgB,sBAAsB,CACpC,kBAAmC;IAEnC,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,iBAAiB,EAAE,KAAK,CAAC,EAAE,EAAE;QACpE,IAAI,IAAA,mBAAW,EAAC,0BAAa,EAAE,iBAAiB,CAAC,EAAE,CAAC;YAClD,OAAO,CAAC,iBAAiB,EAAE,0BAAa,CAAC,iBAAiB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QACtE,CAAC;aAAM,IAAI,IAAA,mBAAW,EAAC,mCAAsB,EAAE,iBAAiB,CAAC,EAAE,CAAC;YAClE,OAAO;gBACL,iBAAiB;gBACjB,mCAAsB,CAAC,iBAAiB,CAAC,CAAC,KAAK,CAAC;aACjD,CAAC;QACJ,CAAC;QAED,yEAAyE;QACzE,OAAO;YACL,iBAAiB;YACjB,KAA8C;SAC/C,CAAC;IACJ,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AArBD,wDAqBC;AAEM,MAAM,gCAAgC,GAAG,CAC9C,kBAA4B,EAC5B,EAAE,CACF,MAAM,CAAC,MAAM,CAAC,wCAA2B,CAAC,CAAC,MAAM,CAE/C,CAAC,iBAAiB,EAAE,EAAE,UAAU,EAAE,oBAAoB,EAAE,EAAE,EAAE;IAC5D,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7C,iBAAiB,CAAC,UAAU,CAAC,GAAG,oBAAoB,CAAC,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC,EAAE,EAAE,CAAC,CAAC;AAVI,QAAA,gCAAgC,oCAUpC;AAEF,MAAM,uCAAuC,GAAG,CACrD,mBAA6B,EAC7B,KAA8B,EAC9B,SAAoC,EACpC,EAAE;IACF,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,CACtC,+CAAkC,CACnC,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;IAEzE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAC/B,kBAAkB,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CACrC,OAAO,CAAC,WAAW;QACjB,CAAC,CAAC,MAAM,CAAC,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC;QACjD,CAAC,CAAC,EAAE,CACP,CACF,CAAC;IAEF,IAAA,wBAAmB,EAAC,KAAK,EAAE,iBAAiB,CAAC,CAAC;IAE9C,OAAO,kBAAkB,CAAC,MAAM,CAG9B,CACE,cAAc,EACd,EAAE,UAAU,EAAE,oBAAoB,EAAE,WAAW,EAAE,WAAW,EAAE,EAC9D,EAAE;QACF,cAAc,CAAC,UAAU,CAAC,GAAG,oBAAoB,CAAC;YAChD,WAAW,EAAE,IAAA,gBAAW,EAAC,KAAK,EAAE,WAAW,CAAC;YAC5C,SAAS,EAAE,IAAA,uDAA+B,EAAC;gBACzC,SAAS,EAAE,UAAU;gBACrB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,WAEZ;aACF,CAAC;SACH,CAAC,CAAC;QACH,OAAO,cAAc,CAAC;IACxB,CAAC,EACD,EAAE,CACH,CAAC;AACJ,CAAC,CAAC;AAxCW,QAAA,uCAAuC,2CAwClD","sourcesContent":["import { selectHooks, assertExpectedHooks } from '@metamask/json-rpc-engine/v2';\nimport {\n  createRestrictedMethodMessenger,\n  type PermissionConstraint,\n  type PermissionSpecificationConstraint,\n} from '@metamask/permission-controller';\nimport type { SnapPermissions } from '@metamask/snaps-utils';\nimport { hasProperty } from '@metamask/utils';\n\nimport {\n  endowmentCaveatMappers,\n  endowmentPermissionBuilders,\n} from './endowments';\nimport type {\n  RestrictedMethodActions,\n  RestrictedMethodMessenger,\n} from './restricted';\nimport {\n  caveatMappers,\n  restrictedMethodPermissionBuilders,\n} from './restricted';\n\n/**\n * Map initial permissions as defined in a Snap manifest to something that can\n * be processed by the PermissionsController. Each caveat mapping function\n * should return a valid permission caveat value.\n *\n * This function does not validate the caveat values, since that is done by\n * the PermissionsController itself, upon requesting the permissions.\n *\n * @param initialPermissions - The initial permissions to process.\n * @returns The processed permissions.\n */\nexport function processSnapPermissions(\n  initialPermissions: SnapPermissions,\n): Record<string, Pick<PermissionConstraint, 'caveats'>> {\n  return Object.fromEntries(\n    Object.entries(initialPermissions).map(([initialPermission, value]) => {\n      if (hasProperty(caveatMappers, initialPermission)) {\n        return [initialPermission, caveatMappers[initialPermission](value)];\n      } else if (hasProperty(endowmentCaveatMappers, initialPermission)) {\n        return [\n          initialPermission,\n          endowmentCaveatMappers[initialPermission](value),\n        ];\n      }\n\n      // If we have no mapping, this may be a non-snap permission, return as-is\n      return [\n        initialPermission,\n        value as Pick<PermissionConstraint, 'caveats'>,\n      ];\n    }),\n  );\n}\n\nexport const buildSnapEndowmentSpecifications = (\n  excludedEndowments: string[],\n) =>\n  Object.values(endowmentPermissionBuilders).reduce<\n    Record<string, PermissionSpecificationConstraint>\n  >((allSpecifications, { targetName, specificationBuilder }) => {\n    if (!excludedEndowments.includes(targetName)) {\n      allSpecifications[targetName] = specificationBuilder({});\n    }\n    return allSpecifications;\n  }, {});\n\nexport const buildSnapRestrictedMethodSpecifications = (\n  excludedPermissions: string[],\n  hooks: Record<string, unknown>,\n  messenger: RestrictedMethodMessenger,\n) => {\n  const permissionBuilders = Object.values(\n    restrictedMethodPermissionBuilders,\n  ).filter((builder) => !excludedPermissions.includes(builder.targetName));\n\n  const expectedHookNames = new Set(\n    permissionBuilders.flatMap((builder) =>\n      builder.methodHooks\n        ? Object.getOwnPropertyNames(builder.methodHooks)\n        : [],\n    ),\n  );\n\n  assertExpectedHooks(hooks, expectedHookNames);\n\n  return permissionBuilders.reduce<\n    Record<string, PermissionSpecificationConstraint>\n  >(\n    (\n      specifications,\n      { targetName, specificationBuilder, methodHooks, actionNames },\n    ) => {\n      specifications[targetName] = specificationBuilder({\n        methodHooks: selectHooks(hooks, methodHooks),\n        messenger: createRestrictedMethodMessenger({\n          namespace: targetName,\n          rootMessenger: messenger,\n          actionNames: actionNames as readonly [\n            RestrictedMethodActions['type'],\n          ],\n        }),\n      });\n      return specifications;\n    },\n    {},\n  );\n};\n"]}

package/dist/permissions.d.cts

@@ -1,5 +1,6 @@
-import type { PermissionConstraint, PermissionSpecificationConstraint } from "@metamask/permission-controller";
+import { type PermissionConstraint, type PermissionSpecificationConstraint } from "@metamask/permission-controller";
 import type { SnapPermissions } from "@metamask/snaps-utils";
+import type { RestrictedMethodMessenger } from "./restricted/index.cjs";
 /**
  * Map initial permissions as defined in a Snap manifest to something that can
  * be processed by the PermissionsController. Each caveat mapping function
@@ -13,5 +14,5 @@ import type { SnapPermissions } from "@metamask/snaps-utils";
  */
 export declare function processSnapPermissions(initialPermissions: SnapPermissions): Record<string, Pick<PermissionConstraint, 'caveats'>>;
 export declare const buildSnapEndowmentSpecifications: (excludedEndowments: string[]) => Record<string, PermissionSpecificationConstraint>;
-export declare const buildSnapRestrictedMethodSpecifications: (excludedPermissions: string[], hooks: Record<string, unknown>) => Record<string, PermissionSpecificationConstraint>;
+export declare const buildSnapRestrictedMethodSpecifications: (excludedPermissions: string[], hooks: Record<string, unknown>, messenger: RestrictedMethodMessenger) => Record<string, PermissionSpecificationConstraint>;
 //# sourceMappingURL=permissions.d.cts.map

package/dist/permissions.d.cts.map

@@ -1 +1 @@
-{"version":3,"file":"permissions.d.cts","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,oBAAoB,EACpB,iCAAiC,EAClC,wCAAwC;AACzC,OAAO,KAAK,EAAE,eAAe,EAAE,8BAA8B;AAa7D;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CACpC,kBAAkB,EAAE,eAAe,GAClC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC,CAmBvD;AAED,eAAO,MAAM,gCAAgC,uBACvB,MAAM,EAAE,sDAStB,CAAC;AAET,eAAO,MAAM,uCAAuC,wBAC7B,MAAM,EAAE,SACtB,OAAO,MAAM,EAAE,OAAO,CAAC,sDAexB,CAAC"}
+{"version":3,"file":"permissions.d.cts","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,KAAK,oBAAoB,EACzB,KAAK,iCAAiC,EACvC,wCAAwC;AACzC,OAAO,KAAK,EAAE,eAAe,EAAE,8BAA8B;AAO7D,OAAO,KAAK,EAEV,yBAAyB,EAC1B,+BAAqB;AAMtB;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CACpC,kBAAkB,EAAE,eAAe,GAClC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC,CAmBvD;AAED,eAAO,MAAM,gCAAgC,uBACvB,MAAM,EAAE,sDAStB,CAAC;AAET,eAAO,MAAM,uCAAuC,wBAC7B,MAAM,EAAE,SACtB,OAAO,MAAM,EAAE,OAAO,CAAC,4FAsC/B,CAAC"}

package/dist/permissions.d.mts

@@ -1,5 +1,6 @@
-import type { PermissionConstraint, PermissionSpecificationConstraint } from "@metamask/permission-controller";
+import { type PermissionConstraint, type PermissionSpecificationConstraint } from "@metamask/permission-controller";
 import type { SnapPermissions } from "@metamask/snaps-utils";
+import type { RestrictedMethodMessenger } from "./restricted/index.mjs";
 /**
  * Map initial permissions as defined in a Snap manifest to something that can
  * be processed by the PermissionsController. Each caveat mapping function
@@ -13,5 +14,5 @@ import type { SnapPermissions } from "@metamask/snaps-utils";
  */
 export declare function processSnapPermissions(initialPermissions: SnapPermissions): Record<string, Pick<PermissionConstraint, 'caveats'>>;
 export declare const buildSnapEndowmentSpecifications: (excludedEndowments: string[]) => Record<string, PermissionSpecificationConstraint>;
-export declare const buildSnapRestrictedMethodSpecifications: (excludedPermissions: string[], hooks: Record<string, unknown>) => Record<string, PermissionSpecificationConstraint>;
+export declare const buildSnapRestrictedMethodSpecifications: (excludedPermissions: string[], hooks: Record<string, unknown>, messenger: RestrictedMethodMessenger) => Record<string, PermissionSpecificationConstraint>;
 //# sourceMappingURL=permissions.d.mts.map

package/dist/permissions.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"permissions.d.mts","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,oBAAoB,EACpB,iCAAiC,EAClC,wCAAwC;AACzC,OAAO,KAAK,EAAE,eAAe,EAAE,8BAA8B;AAa7D;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CACpC,kBAAkB,EAAE,eAAe,GAClC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC,CAmBvD;AAED,eAAO,MAAM,gCAAgC,uBACvB,MAAM,EAAE,sDAStB,CAAC;AAET,eAAO,MAAM,uCAAuC,wBAC7B,MAAM,EAAE,SACtB,OAAO,MAAM,EAAE,OAAO,CAAC,sDAexB,CAAC"}
+{"version":3,"file":"permissions.d.mts","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,KAAK,oBAAoB,EACzB,KAAK,iCAAiC,EACvC,wCAAwC;AACzC,OAAO,KAAK,EAAE,eAAe,EAAE,8BAA8B;AAO7D,OAAO,KAAK,EAEV,yBAAyB,EAC1B,+BAAqB;AAMtB;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CACpC,kBAAkB,EAAE,eAAe,GAClC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC,CAmBvD;AAED,eAAO,MAAM,gCAAgC,uBACvB,MAAM,EAAE,sDAStB,CAAC;AAET,eAAO,MAAM,uCAAuC,wBAC7B,MAAM,EAAE,SACtB,OAAO,MAAM,EAAE,OAAO,CAAC,4FAsC/B,CAAC"}

package/dist/permissions.mjs

@@ -1,7 +1,8 @@
+import { selectHooks, assertExpectedHooks } from "@metamask/json-rpc-engine/v2";
+import { createRestrictedMethodMessenger } from "@metamask/permission-controller";
 import { hasProperty } from "@metamask/utils";
 import { endowmentCaveatMappers, endowmentPermissionBuilders } from "./endowments/index.mjs";
 import { caveatMappers, restrictedMethodPermissionBuilders } from "./restricted/index.mjs";
-import { selectHooks } from "./utils.mjs";
 /**
  * Map initial permissions as defined in a Snap manifest to something that can
  * be processed by the PermissionsController. Each caveat mapping function
@@ -37,13 +38,22 @@ export const buildSnapEndowmentSpecifications = (excludedEndowments) => Object.v
     }
     return allSpecifications;
 }, {});
-export const buildSnapRestrictedMethodSpecifications = (excludedPermissions, hooks) => Object.values(restrictedMethodPermissionBuilders).reduce((specifications, { targetName, specificationBuilder, methodHooks }) => {
-    if (!excludedPermissions.includes(targetName)) {
+export const buildSnapRestrictedMethodSpecifications = (excludedPermissions, hooks, messenger) => {
+    const permissionBuilders = Object.values(restrictedMethodPermissionBuilders).filter((builder) => !excludedPermissions.includes(builder.targetName));
+    const expectedHookNames = new Set(permissionBuilders.flatMap((builder) => builder.methodHooks
+        ? Object.getOwnPropertyNames(builder.methodHooks)
+        : []));
+    assertExpectedHooks(hooks, expectedHookNames);
+    return permissionBuilders.reduce((specifications, { targetName, specificationBuilder, methodHooks, actionNames }) => {
         specifications[targetName] = specificationBuilder({
-            // @ts-expect-error The selectHooks type is wonky
             methodHooks: selectHooks(hooks, methodHooks),
+            messenger: createRestrictedMethodMessenger({
+                namespace: targetName,
+                rootMessenger: messenger,
+                actionNames: actionNames,
+            }),
         });
-    }
-    return specifications;
-}, {});
+        return specifications;
+    }, {});
+};
 //# sourceMappingURL=permissions.mjs.map

package/dist/permissions.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"permissions.mjs","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,WAAW,EAAE,wBAAwB;AAE9C,OAAO,EACL,sBAAsB,EACtB,2BAA2B,EAC5B,+BAAqB;AACtB,OAAO,EACL,aAAa,EACb,kCAAkC,EACnC,+BAAqB;AACtB,OAAO,EAAE,WAAW,EAAE,oBAAgB;AAEtC;;;;;;;;;;GAUG;AACH,MAAM,UAAU,sBAAsB,CACpC,kBAAmC;IAEnC,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,iBAAiB,EAAE,KAAK,CAAC,EAAE,EAAE;QACpE,IAAI,WAAW,CAAC,aAAa,EAAE,iBAAiB,CAAC,EAAE,CAAC;YAClD,OAAO,CAAC,iBAAiB,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QACtE,CAAC;aAAM,IAAI,WAAW,CAAC,sBAAsB,EAAE,iBAAiB,CAAC,EAAE,CAAC;YAClE,OAAO;gBACL,iBAAiB;gBACjB,sBAAsB,CAAC,iBAAiB,CAAC,CAAC,KAAK,CAAC;aACjD,CAAC;QACJ,CAAC;QAED,yEAAyE;QACzE,OAAO;YACL,iBAAiB;YACjB,KAA8C;SAC/C,CAAC;IACJ,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAC9C,kBAA4B,EAC5B,EAAE,CACF,MAAM,CAAC,MAAM,CAAC,2BAA2B,CAAC,CAAC,MAAM,CAE/C,CAAC,iBAAiB,EAAE,EAAE,UAAU,EAAE,oBAAoB,EAAE,EAAE,EAAE;IAC5D,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7C,iBAAiB,CAAC,UAAU,CAAC,GAAG,oBAAoB,CAAC,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC,EAAE,EAAE,CAAC,CAAC;AAET,MAAM,CAAC,MAAM,uCAAuC,GAAG,CACrD,mBAA6B,EAC7B,KAA8B,EAC9B,EAAE,CACF,MAAM,CAAC,MAAM,CAAC,kCAAkC,CAAC,CAAC,MAAM,CAEtD,CAAC,cAAc,EAAE,EAAE,UAAU,EAAE,oBAAoB,EAAE,WAAW,EAAE,EAAE,EAAE;IACtE,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9C,cAAc,CAAC,UAAU,CAAC,GAAG,oBAAoB,CAAC;YAChD,iDAAiD;YACjD,WAAW,EAAE,WAAW,CACtB,KAAK,EACL,WAAW,CACoC;SAClD,CAAC,CAAC;IACL,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC,EAAE,EAAE,CAAC,CAAC","sourcesContent":["import type {\n  PermissionConstraint,\n  PermissionSpecificationConstraint,\n} from '@metamask/permission-controller';\nimport type { SnapPermissions } from '@metamask/snaps-utils';\nimport { hasProperty } from '@metamask/utils';\n\nimport {\n  endowmentCaveatMappers,\n  endowmentPermissionBuilders,\n} from './endowments';\nimport {\n  caveatMappers,\n  restrictedMethodPermissionBuilders,\n} from './restricted';\nimport { selectHooks } from './utils';\n\n/**\n * Map initial permissions as defined in a Snap manifest to something that can\n * be processed by the PermissionsController. Each caveat mapping function\n * should return a valid permission caveat value.\n *\n * This function does not validate the caveat values, since that is done by\n * the PermissionsController itself, upon requesting the permissions.\n *\n * @param initialPermissions - The initial permissions to process.\n * @returns The processed permissions.\n */\nexport function processSnapPermissions(\n  initialPermissions: SnapPermissions,\n): Record<string, Pick<PermissionConstraint, 'caveats'>> {\n  return Object.fromEntries(\n    Object.entries(initialPermissions).map(([initialPermission, value]) => {\n      if (hasProperty(caveatMappers, initialPermission)) {\n        return [initialPermission, caveatMappers[initialPermission](value)];\n      } else if (hasProperty(endowmentCaveatMappers, initialPermission)) {\n        return [\n          initialPermission,\n          endowmentCaveatMappers[initialPermission](value),\n        ];\n      }\n\n      // If we have no mapping, this may be a non-snap permission, return as-is\n      return [\n        initialPermission,\n        value as Pick<PermissionConstraint, 'caveats'>,\n      ];\n    }),\n  );\n}\n\nexport const buildSnapEndowmentSpecifications = (\n  excludedEndowments: string[],\n) =>\n  Object.values(endowmentPermissionBuilders).reduce<\n    Record<string, PermissionSpecificationConstraint>\n  >((allSpecifications, { targetName, specificationBuilder }) => {\n    if (!excludedEndowments.includes(targetName)) {\n      allSpecifications[targetName] = specificationBuilder({});\n    }\n    return allSpecifications;\n  }, {});\n\nexport const buildSnapRestrictedMethodSpecifications = (\n  excludedPermissions: string[],\n  hooks: Record<string, unknown>,\n) =>\n  Object.values(restrictedMethodPermissionBuilders).reduce<\n    Record<string, PermissionSpecificationConstraint>\n  >((specifications, { targetName, specificationBuilder, methodHooks }) => {\n    if (!excludedPermissions.includes(targetName)) {\n      specifications[targetName] = specificationBuilder({\n        // @ts-expect-error The selectHooks type is wonky\n        methodHooks: selectHooks<typeof hooks, keyof typeof methodHooks>(\n          hooks,\n          methodHooks,\n        ) as Pick<typeof hooks, keyof typeof methodHooks>,\n      });\n    }\n    return specifications;\n  }, {});\n"]}
+{"version":3,"file":"permissions.mjs","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,qCAAqC;AAChF,OAAO,EACL,+BAA+B,EAGhC,wCAAwC;AAEzC,OAAO,EAAE,WAAW,EAAE,wBAAwB;AAE9C,OAAO,EACL,sBAAsB,EACtB,2BAA2B,EAC5B,+BAAqB;AAKtB,OAAO,EACL,aAAa,EACb,kCAAkC,EACnC,+BAAqB;AAEtB;;;;;;;;;;GAUG;AACH,MAAM,UAAU,sBAAsB,CACpC,kBAAmC;IAEnC,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,iBAAiB,EAAE,KAAK,CAAC,EAAE,EAAE;QACpE,IAAI,WAAW,CAAC,aAAa,EAAE,iBAAiB,CAAC,EAAE,CAAC;YAClD,OAAO,CAAC,iBAAiB,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QACtE,CAAC;aAAM,IAAI,WAAW,CAAC,sBAAsB,EAAE,iBAAiB,CAAC,EAAE,CAAC;YAClE,OAAO;gBACL,iBAAiB;gBACjB,sBAAsB,CAAC,iBAAiB,CAAC,CAAC,KAAK,CAAC;aACjD,CAAC;QACJ,CAAC;QAED,yEAAyE;QACzE,OAAO;YACL,iBAAiB;YACjB,KAA8C;SAC/C,CAAC;IACJ,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAC9C,kBAA4B,EAC5B,EAAE,CACF,MAAM,CAAC,MAAM,CAAC,2BAA2B,CAAC,CAAC,MAAM,CAE/C,CAAC,iBAAiB,EAAE,EAAE,UAAU,EAAE,oBAAoB,EAAE,EAAE,EAAE;IAC5D,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7C,iBAAiB,CAAC,UAAU,CAAC,GAAG,oBAAoB,CAAC,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC,EAAE,EAAE,CAAC,CAAC;AAET,MAAM,CAAC,MAAM,uCAAuC,GAAG,CACrD,mBAA6B,EAC7B,KAA8B,EAC9B,SAAoC,EACpC,EAAE;IACF,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,CACtC,kCAAkC,CACnC,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;IAEzE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAC/B,kBAAkB,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CACrC,OAAO,CAAC,WAAW;QACjB,CAAC,CAAC,MAAM,CAAC,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC;QACjD,CAAC,CAAC,EAAE,CACP,CACF,CAAC;IAEF,mBAAmB,CAAC,KAAK,EAAE,iBAAiB,CAAC,CAAC;IAE9C,OAAO,kBAAkB,CAAC,MAAM,CAG9B,CACE,cAAc,EACd,EAAE,UAAU,EAAE,oBAAoB,EAAE,WAAW,EAAE,WAAW,EAAE,EAC9D,EAAE;QACF,cAAc,CAAC,UAAU,CAAC,GAAG,oBAAoB,CAAC;YAChD,WAAW,EAAE,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC;YAC5C,SAAS,EAAE,+BAA+B,CAAC;gBACzC,SAAS,EAAE,UAAU;gBACrB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,WAEZ;aACF,CAAC;SACH,CAAC,CAAC;QACH,OAAO,cAAc,CAAC;IACxB,CAAC,EACD,EAAE,CACH,CAAC;AACJ,CAAC,CAAC","sourcesContent":["import { selectHooks, assertExpectedHooks } from '@metamask/json-rpc-engine/v2';\nimport {\n  createRestrictedMethodMessenger,\n  type PermissionConstraint,\n  type PermissionSpecificationConstraint,\n} from '@metamask/permission-controller';\nimport type { SnapPermissions } from '@metamask/snaps-utils';\nimport { hasProperty } from '@metamask/utils';\n\nimport {\n  endowmentCaveatMappers,\n  endowmentPermissionBuilders,\n} from './endowments';\nimport type {\n  RestrictedMethodActions,\n  RestrictedMethodMessenger,\n} from './restricted';\nimport {\n  caveatMappers,\n  restrictedMethodPermissionBuilders,\n} from './restricted';\n\n/**\n * Map initial permissions as defined in a Snap manifest to something that can\n * be processed by the PermissionsController. Each caveat mapping function\n * should return a valid permission caveat value.\n *\n * This function does not validate the caveat values, since that is done by\n * the PermissionsController itself, upon requesting the permissions.\n *\n * @param initialPermissions - The initial permissions to process.\n * @returns The processed permissions.\n */\nexport function processSnapPermissions(\n  initialPermissions: SnapPermissions,\n): Record<string, Pick<PermissionConstraint, 'caveats'>> {\n  return Object.fromEntries(\n    Object.entries(initialPermissions).map(([initialPermission, value]) => {\n      if (hasProperty(caveatMappers, initialPermission)) {\n        return [initialPermission, caveatMappers[initialPermission](value)];\n      } else if (hasProperty(endowmentCaveatMappers, initialPermission)) {\n        return [\n          initialPermission,\n          endowmentCaveatMappers[initialPermission](value),\n        ];\n      }\n\n      // If we have no mapping, this may be a non-snap permission, return as-is\n      return [\n        initialPermission,\n        value as Pick<PermissionConstraint, 'caveats'>,\n      ];\n    }),\n  );\n}\n\nexport const buildSnapEndowmentSpecifications = (\n  excludedEndowments: string[],\n) =>\n  Object.values(endowmentPermissionBuilders).reduce<\n    Record<string, PermissionSpecificationConstraint>\n  >((allSpecifications, { targetName, specificationBuilder }) => {\n    if (!excludedEndowments.includes(targetName)) {\n      allSpecifications[targetName] = specificationBuilder({});\n    }\n    return allSpecifications;\n  }, {});\n\nexport const buildSnapRestrictedMethodSpecifications = (\n  excludedPermissions: string[],\n  hooks: Record<string, unknown>,\n  messenger: RestrictedMethodMessenger,\n) => {\n  const permissionBuilders = Object.values(\n    restrictedMethodPermissionBuilders,\n  ).filter((builder) => !excludedPermissions.includes(builder.targetName));\n\n  const expectedHookNames = new Set(\n    permissionBuilders.flatMap((builder) =>\n      builder.methodHooks\n        ? Object.getOwnPropertyNames(builder.methodHooks)\n        : [],\n    ),\n  );\n\n  assertExpectedHooks(hooks, expectedHookNames);\n\n  return permissionBuilders.reduce<\n    Record<string, PermissionSpecificationConstraint>\n  >(\n    (\n      specifications,\n      { targetName, specificationBuilder, methodHooks, actionNames },\n    ) => {\n      specifications[targetName] = specificationBuilder({\n        methodHooks: selectHooks(hooks, methodHooks),\n        messenger: createRestrictedMethodMessenger({\n          namespace: targetName,\n          rootMessenger: messenger,\n          actionNames: actionNames as readonly [\n            RestrictedMethodActions['type'],\n          ],\n        }),\n      });\n      return specifications;\n    },\n    {},\n  );\n};\n"]}

package/dist/permitted/cancelBackgroundEvent.cjs

@@ -4,11 +4,6 @@ exports.cancelBackgroundEventHandler = void 0;
 const rpc_errors_1 = require("@metamask/rpc-errors");
 const superstruct_1 = require("@metamask/superstruct");
 const endowments_1 = require("../endowments/index.cjs");
-const methodName = 'snap_cancelBackgroundEvent';
-const hookNames = {
-    cancelBackgroundEvent: true,
-    hasPermission: true,
-};
 /**
  * Cancel a background event created by
  * [`snap_scheduleBackgroundEvent`](https://docs.metamask.io/snaps/reference/snaps-api/snap_schedulebackgroundevent).
@@ -30,9 +25,11 @@ const hookNames = {
  * ```
  */
 exports.cancelBackgroundEventHandler = {
-    methodNames: [methodName],
     implementation: getCancelBackgroundEventImplementation,
-    hookNames,
+    actionNames: [
+        'PermissionController:hasPermission',
+        'CronjobController:cancel',
+    ],
 };
 const CancelBackgroundEventsParametersStruct = (0, superstruct_1.object)({
     id: (0, superstruct_1.string)(),
@@ -45,20 +42,19 @@ const CancelBackgroundEventsParametersStruct = (0, superstruct_1.object)({
  * @param _next - The `json-rpc-engine` "next" callback. Not used by this
  * function.
  * @param end - The `json-rpc-engine` "end" callback.
- * @param hooks - The RPC method hooks.
- * @param hooks.cancelBackgroundEvent - The function to cancel a background event.
- * @param hooks.hasPermission - The function to check if a snap has the `endowment:cronjob` permission.
+ * @param _hooks - The RPC method hooks. Not used by this function.
+ * @param messenger - The messenger used to call controller actions.
  * @returns Nothing.
  */
-async function getCancelBackgroundEventImplementation(req, res, _next, end, { cancelBackgroundEvent, hasPermission }) {
-    const { params } = req;
-    if (!hasPermission(endowments_1.SnapEndowments.Cronjob)) {
+async function getCancelBackgroundEventImplementation(req, res, _next, end, _hooks, messenger) {
+    const { params, origin } = req;
+    if (!messenger.call('PermissionController:hasPermission', origin, endowments_1.SnapEndowments.Cronjob)) {
         return end(rpc_errors_1.providerErrors.unauthorized());
     }
     try {
         const validatedParams = getValidatedParams(params);
         const { id } = validatedParams;
-        cancelBackgroundEvent(id);
+        messenger.call('CronjobController:cancel', origin, id);
         res.result = null;
     }
     catch (error) {