@metamask/snaps-rpc-methods 5.0.0 → 7.0.0

package/dist/chunk-H45CGE4Z.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/permitted/getAllSnaps.ts"],"names":[],"mappings":";AAEA,SAAS,iBAAiB;AAU1B,IAAM,YAAiD;AAAA,EACrD,aAAa;AACf;AAMO,IAAM,qBAIT;AAAA,EACF,aAAa,CAAC,oBAAoB;AAAA,EAClC,gBAAgB;AAAA,EAChB;AACF;AAsBA,eAAe,0BACb,SACA,UACA,OACA,KACA,EAAE,YAAY,GACC;AAEf,QAAM,EAAE,OAAO,IAAI;AAEnB,MAAI,WAAW,6BAA6B;AAC1C,WAAO,IAAI,UAAU,eAAe,CAAC;AAAA,EACvC;AAEA,WAAS,SAAS,MAAM,YAAY;AACpC,SAAO,IAAI;AACb","sourcesContent":["import type { JsonRpcEngineEndCallback } from '@metamask/json-rpc-engine';\nimport type { PermittedHandlerExport } from '@metamask/permission-controller';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport type { GetSnapsResult } from '@metamask/snaps-sdk';\nimport type {\n  JsonRpcParams,\n  JsonRpcRequest,\n  PendingJsonRpcResponse,\n} from '@metamask/utils';\n\nimport type { MethodHooksObject } from '../utils';\n\nconst hookNames: MethodHooksObject<GetAllSnapsHooks> = {\n  getAllSnaps: true,\n};\n\n/**\n * `wallet_getAllSnaps` gets all installed Snaps. Currently, this can only be\n * called from `https://snaps.metamask.io`.\n */\nexport const getAllSnapsHandler: PermittedHandlerExport<\n  GetAllSnapsHooks,\n  JsonRpcParams,\n  GetSnapsResult\n> = {\n  methodNames: ['wallet_getAllSnaps'],\n  implementation: getAllSnapsImplementation,\n  hookNames,\n};\n\nexport type GetAllSnapsHooks = {\n  /**\n   * @returns All installed Snaps.\n   */\n  getAllSnaps: () => Promise<GetSnapsResult>;\n};\n\n/**\n * The `wallet_getAllSnaps` method implementation.\n * Fetches all installed snaps and adds them to the JSON-RPC response.\n *\n * @param request - The JSON-RPC request object.\n * @param response - The JSON-RPC response object.\n * @param _next - The `json-rpc-engine` \"next\" callback. Not used by this\n * function.\n * @param end - The `json-rpc-engine` \"end\" callback.\n * @param hooks - The RPC method hooks.\n * @param hooks.getAllSnaps - A function that returns all installed snaps.\n * @returns Nothing.\n */\nasync function getAllSnapsImplementation(\n  request: JsonRpcRequest,\n  response: PendingJsonRpcResponse<GetSnapsResult>,\n  _next: unknown,\n  end: JsonRpcEngineEndCallback,\n  { getAllSnaps }: GetAllSnapsHooks,\n): Promise<void> {\n  // The origin is added by the MetaMask middleware stack.\n  const { origin } = request as JsonRpcRequest & { origin: string };\n\n  if (origin !== 'https://snaps.metamask.io') {\n    return end(rpcErrors.methodNotFound());\n  }\n\n  response.result = await getAllSnaps();\n  return end();\n}\n"]}

package/dist/chunk-HIYXSQ6K.mjs

@@ -0,0 +1,188 @@
+import {
+  deriveEntropy
+} from "./chunk-DR63Z4PV.mjs";
+
+// src/restricted/manageState.ts
+import { PermissionType, SubjectType } from "@metamask/permission-controller";
+import { rpcErrors } from "@metamask/rpc-errors";
+import { ManageStateOperation } from "@metamask/snaps-sdk";
+import { STATE_ENCRYPTION_MAGIC_VALUE, parseJson } from "@metamask/snaps-utils";
+import { isObject, getJsonSize, assert, isValidJson } from "@metamask/utils";
+var STATE_ENCRYPTION_SALT = "snap_manageState encryption";
+var methodName = "snap_manageState";
+var specificationBuilder = ({
+  allowedCaveats = null,
+  methodHooks: methodHooks2
+}) => {
+  return {
+    permissionType: PermissionType.RestrictedMethod,
+    targetName: methodName,
+    allowedCaveats,
+    methodImplementation: getManageStateImplementation(methodHooks2),
+    subjectTypes: [SubjectType.Snap]
+  };
+};
+var methodHooks = {
+  getMnemonic: true,
+  getUnlockPromise: true,
+  clearSnapState: true,
+  getSnapState: true,
+  updateSnapState: true,
+  encrypt: true,
+  decrypt: true
+};
+var manageStateBuilder = Object.freeze({
+  targetName: methodName,
+  specificationBuilder,
+  methodHooks
+});
+var STORAGE_SIZE_LIMIT = 104857600;
+async function getEncryptionKey({
+  mnemonicPhrase,
+  snapId
+}) {
+  return await deriveEntropy({
+    mnemonicPhrase,
+    input: snapId,
+    salt: STATE_ENCRYPTION_SALT,
+    magic: STATE_ENCRYPTION_MAGIC_VALUE
+  });
+}
+async function encryptState({
+  state,
+  encryptFunction,
+  ...keyArgs
+}) {
+  const encryptionKey = await getEncryptionKey(keyArgs);
+  return await encryptFunction(encryptionKey, state);
+}
+async function decryptState({
+  state,
+  decryptFunction,
+  ...keyArgs
+}) {
+  try {
+    const encryptionKey = await getEncryptionKey(keyArgs);
+    const decryptedState = await decryptFunction(encryptionKey, state);
+    assert(isValidJson(decryptedState));
+    return decryptedState;
+  } catch {
+    throw rpcErrors.internal({
+      message: "Failed to decrypt snap state, the state must be corrupted."
+    });
+  }
+}
+function getManageStateImplementation({
+  getMnemonic,
+  getUnlockPromise,
+  clearSnapState,
+  getSnapState,
+  updateSnapState,
+  encrypt,
+  decrypt
+}) {
+  return async function manageState(options) {
+    const {
+      params = {},
+      method,
+      context: { origin }
+    } = options;
+    const validatedParams = getValidatedParams(params, method);
+    const shouldEncrypt = validatedParams.encrypted ?? true;
+    if (shouldEncrypt && validatedParams.operation !== ManageStateOperation.ClearState) {
+      await getUnlockPromise(true);
+    }
+    switch (validatedParams.operation) {
+      case ManageStateOperation.ClearState:
+        clearSnapState(origin, shouldEncrypt);
+        return null;
+      case ManageStateOperation.GetState: {
+        const state = getSnapState(origin, shouldEncrypt);
+        if (state === null) {
+          return state;
+        }
+        return shouldEncrypt ? await decryptState({
+          state,
+          decryptFunction: decrypt,
+          mnemonicPhrase: await getMnemonic(),
+          snapId: origin
+        }) : parseJson(state);
+      }
+      case ManageStateOperation.UpdateState: {
+        const finalizedState = shouldEncrypt ? await encryptState({
+          state: validatedParams.newState,
+          encryptFunction: encrypt,
+          mnemonicPhrase: await getMnemonic(),
+          snapId: origin
+        }) : JSON.stringify(validatedParams.newState);
+        updateSnapState(origin, finalizedState, shouldEncrypt);
+        return null;
+      }
+      default:
+        throw rpcErrors.invalidParams(
+          `Invalid ${method} operation: "${validatedParams.operation}"`
+        );
+    }
+  };
+}
+function getValidatedParams(params, method, storageSizeLimit = STORAGE_SIZE_LIMIT) {
+  if (!isObject(params)) {
+    throw rpcErrors.invalidParams({
+      message: "Expected params to be a single object."
+    });
+  }
+  const { operation, newState, encrypted } = params;
+  if (!operation || typeof operation !== "string" || !Object.values(ManageStateOperation).includes(
+    operation
+  )) {
+    throw rpcErrors.invalidParams({
+      message: 'Must specify a valid manage state "operation".'
+    });
+  }
+  if (encrypted !== void 0 && typeof encrypted !== "boolean") {
+    throw rpcErrors.invalidParams({
+      message: '"encrypted" parameter must be a boolean if specified.'
+    });
+  }
+  if (operation === ManageStateOperation.UpdateState) {
+    if (!isObject(newState)) {
+      throw rpcErrors.invalidParams({
+        message: `Invalid ${method} "updateState" parameter: The new state must be a plain object.`,
+        data: {
+          receivedNewState: typeof newState === "undefined" ? "undefined" : newState
+        }
+      });
+    }
+    let size;
+    try {
+      size = getJsonSize(newState);
+    } catch {
+      throw rpcErrors.invalidParams({
+        message: `Invalid ${method} "updateState" parameter: The new state must be JSON serializable.`,
+        data: {
+          receivedNewState: typeof newState === "undefined" ? "undefined" : newState
+        }
+      });
+    }
+    if (size > storageSizeLimit) {
+      throw rpcErrors.invalidParams({
+        message: `Invalid ${method} "updateState" parameter: The new state must not exceed ${storageSizeLimit} bytes in size.`,
+        data: {
+          receivedNewState: typeof newState === "undefined" ? "undefined" : newState
+        }
+      });
+    }
+  }
+  return params;
+}
+
+export {
+  STATE_ENCRYPTION_SALT,
+  specificationBuilder,
+  manageStateBuilder,
+  STORAGE_SIZE_LIMIT,
+  getEncryptionKey,
+  getManageStateImplementation,
+  getValidatedParams
+};
+//# sourceMappingURL=chunk-HIYXSQ6K.mjs.map

package/dist/chunk-HIYXSQ6K.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/restricted/manageState.ts"],"sourcesContent":["import type {\n  PermissionSpecificationBuilder,\n  RestrictedMethodOptions,\n  ValidPermissionSpecification,\n} from '@metamask/permission-controller';\nimport { PermissionType, SubjectType } from '@metamask/permission-controller';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport type { ManageStateParams, ManageStateResult } from '@metamask/snaps-sdk';\nimport { ManageStateOperation } from '@metamask/snaps-sdk';\nimport { STATE_ENCRYPTION_MAGIC_VALUE, parseJson } from '@metamask/snaps-utils';\nimport type { Json, NonEmptyArray, Hex } from '@metamask/utils';\nimport { isObject, getJsonSize, assert, isValidJson } from '@metamask/utils';\n\nimport type { MethodHooksObject } from '../utils';\nimport { deriveEntropy } from '../utils';\n\n// The salt used for SIP-6-based entropy derivation.\nexport const STATE_ENCRYPTION_SALT = 'snap_manageState encryption';\n\nconst methodName = 'snap_manageState';\n\nexport type ManageStateMethodHooks = {\n  /**\n   * @returns The mnemonic of the user's primary keyring.\n   */\n  getMnemonic: () => Promise<Uint8Array>;\n\n  /**\n   * Waits for the extension to be unlocked.\n   *\n   * @returns A promise that resolves once the extension is unlocked.\n   */\n  getUnlockPromise: (shouldShowUnlockRequest: boolean) => Promise<void>;\n\n  /**\n   * A function that clears the state of the requesting Snap.\n   */\n  clearSnapState: (snapId: string, encrypted: boolean) => void;\n\n  /**\n   * A function that gets the encrypted state of the requesting Snap.\n   *\n   * @returns The current state of the Snap.\n   */\n  getSnapState: (snapId: string, encrypted: boolean) => string;\n\n  /**\n   * A function that updates the state of the requesting Snap.\n   *\n   * @param newState - The new state of the Snap.\n   */\n  updateSnapState: (\n    snapId: string,\n    newState: string,\n    encrypted: boolean,\n  ) => void;\n\n  /**\n   * Encrypts data with a key. This is assumed to perform symmetric encryption.\n   *\n   * @param key - The key to use for encryption, in hexadecimal format.\n   * @param data - The JSON data to encrypt.\n   * @returns The ciphertext as a string. The format for this string is\n   * dependent on the implementation, but MUST be a string.\n   */\n  encrypt: (key: string, data: Json) => Promise<string>;\n\n  /**\n   * Decrypts data with a key. This is assumed to perform symmetric decryption.\n   *\n   * @param key - The key to use for decryption, in hexadecimal format.\n   * @param cipherText - The ciphertext to decrypt. The format for this string\n   * is dependent on the implementation, but MUST be a string.\n   * @returns The decrypted data as a JSON object.\n   */\n  decrypt: (key: Hex, cipherText: string) => Promise<unknown>;\n};\n\ntype ManageStateSpecificationBuilderOptions = {\n  allowedCaveats?: Readonly<NonEmptyArray<string>> | null;\n  methodHooks: ManageStateMethodHooks;\n};\n\ntype ManageStateSpecification = ValidPermissionSpecification<{\n  permissionType: PermissionType.RestrictedMethod;\n  targetName: typeof methodName;\n  methodImplementation: ReturnType<typeof getManageStateImplementation>;\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n}>;\n\n/**\n * The specification builder for the `snap_manageState` permission.\n * `snap_manageState` lets the Snap store and manage some of its state on\n * your device.\n *\n * @param options - The specification builder options.\n * @param options.allowedCaveats - The optional allowed caveats for the permission.\n * @param options.methodHooks - The RPC method hooks needed by the method implementation.\n * @returns The specification for the `snap_manageState` permission.\n */\nexport const specificationBuilder: PermissionSpecificationBuilder<\n  PermissionType.RestrictedMethod,\n  ManageStateSpecificationBuilderOptions,\n  ManageStateSpecification\n> = ({\n  allowedCaveats = null,\n  methodHooks,\n}: ManageStateSpecificationBuilderOptions) => {\n  return {\n    permissionType: PermissionType.RestrictedMethod,\n    targetName: methodName,\n    allowedCaveats,\n    methodImplementation: getManageStateImplementation(methodHooks),\n    subjectTypes: [SubjectType.Snap],\n  };\n};\n\nconst methodHooks: MethodHooksObject<ManageStateMethodHooks> = {\n  getMnemonic: true,\n  getUnlockPromise: true,\n  clearSnapState: true,\n  getSnapState: true,\n  updateSnapState: true,\n  encrypt: true,\n  decrypt: true,\n};\n\nexport const manageStateBuilder = Object.freeze({\n  targetName: methodName,\n  specificationBuilder,\n  methodHooks,\n} as const);\n\nexport const STORAGE_SIZE_LIMIT = 104857600; // In bytes (100MB)\n\ntype GetEncryptionKeyArgs = {\n  snapId: string;\n  mnemonicPhrase: Uint8Array;\n};\n\n/**\n * Get a deterministic encryption key to use for encrypting and decrypting the\n * state.\n *\n * This key should only be used for state encryption using `snap_manageState`.\n * To get other encryption keys, a different salt can be used.\n *\n * @param args - The encryption key args.\n * @param args.snapId - The ID of the snap to get the encryption key for.\n * @param args.mnemonicPhrase - The mnemonic phrase to derive the encryption key\n * from.\n * @returns The state encryption key.\n */\nexport async function getEncryptionKey({\n  mnemonicPhrase,\n  snapId,\n}: GetEncryptionKeyArgs) {\n  return await deriveEntropy({\n    mnemonicPhrase,\n    input: snapId,\n    salt: STATE_ENCRYPTION_SALT,\n    magic: STATE_ENCRYPTION_MAGIC_VALUE,\n  });\n}\n\ntype EncryptStateArgs = GetEncryptionKeyArgs & {\n  state: Json;\n  encryptFunction: ManageStateMethodHooks['encrypt'];\n};\n\n/**\n * Encrypt the state using a deterministic encryption algorithm, based on the\n * snap ID and mnemonic phrase.\n *\n * @param args - The encryption args.\n * @param args.state - The state to encrypt.\n * @param args.encryptFunction - The function to use for encrypting the state.\n * @param args.snapId - The ID of the snap to get the encryption key for.\n * @param args.mnemonicPhrase - The mnemonic phrase to derive the encryption key\n * from.\n * @returns The encrypted state.\n */\nasync function encryptState({\n  state,\n  encryptFunction,\n  ...keyArgs\n}: EncryptStateArgs) {\n  const encryptionKey = await getEncryptionKey(keyArgs);\n  return await encryptFunction(encryptionKey, state);\n}\n\ntype DecryptStateArgs = GetEncryptionKeyArgs & {\n  state: string;\n  decryptFunction: ManageStateMethodHooks['decrypt'];\n};\n\n/**\n * Decrypt the state using a deterministic decryption algorithm, based on the\n * snap ID and mnemonic phrase.\n *\n * @param args - The encryption args.\n * @param args.state - The state to decrypt.\n * @param args.decryptFunction - The function to use for decrypting the state.\n * @param args.snapId - The ID of the snap to get the encryption key for.\n * @param args.mnemonicPhrase - The mnemonic phrase to derive the encryption key\n * from.\n * @returns The encrypted state.\n */\nasync function decryptState({\n  state,\n  decryptFunction,\n  ...keyArgs\n}: DecryptStateArgs) {\n  try {\n    const encryptionKey = await getEncryptionKey(keyArgs);\n    const decryptedState = await decryptFunction(encryptionKey, state);\n\n    assert(isValidJson(decryptedState));\n\n    return decryptedState as Record<string, Json>;\n  } catch {\n    throw rpcErrors.internal({\n      message: 'Failed to decrypt snap state, the state must be corrupted.',\n    });\n  }\n}\n\n/**\n * Builds the method implementation for `snap_manageState`.\n *\n * @param hooks - The RPC method hooks.\n * @param hooks.clearSnapState - A function that clears the state stored for a\n * snap.\n * @param hooks.getSnapState - A function that fetches the persisted decrypted\n * state for a snap.\n * @param hooks.updateSnapState - A function that updates the state stored for a\n * snap.\n * @param hooks.getMnemonic - A function to retrieve the Secret Recovery Phrase\n * of the user.\n * @param hooks.getUnlockPromise - A function that resolves once the MetaMask\n * extension is unlocked and prompts the user to unlock their MetaMask if it is\n * locked.\n * @param hooks.encrypt - A function that encrypts the given state.\n * @param hooks.decrypt - A function that decrypts the given state.\n * @returns The method implementation which either returns `null` for a\n * successful state update/deletion or returns the decrypted state.\n * @throws If the params are invalid.\n */\nexport function getManageStateImplementation({\n  getMnemonic,\n  getUnlockPromise,\n  clearSnapState,\n  getSnapState,\n  updateSnapState,\n  encrypt,\n  decrypt,\n}: ManageStateMethodHooks) {\n  return async function manageState(\n    options: RestrictedMethodOptions<ManageStateParams>,\n  ): Promise<ManageStateResult> {\n    const {\n      params = {},\n      method,\n      context: { origin },\n    } = options;\n    const validatedParams = getValidatedParams(params, method);\n\n    // If the encrypted param is undefined or null we default to true.\n    const shouldEncrypt = validatedParams.encrypted ?? true;\n\n    // We only need to prompt the user when the mnemonic is needed\n    // which it isn't for the clear operation or unencrypted storage.\n    if (\n      shouldEncrypt &&\n      validatedParams.operation !== ManageStateOperation.ClearState\n    ) {\n      await getUnlockPromise(true);\n    }\n\n    switch (validatedParams.operation) {\n      case ManageStateOperation.ClearState:\n        clearSnapState(origin, shouldEncrypt);\n        return null;\n\n      case ManageStateOperation.GetState: {\n        const state = getSnapState(origin, shouldEncrypt);\n        if (state === null) {\n          return state;\n        }\n        return shouldEncrypt\n          ? await decryptState({\n              state,\n              decryptFunction: decrypt,\n              mnemonicPhrase: await getMnemonic(),\n              snapId: origin,\n            })\n          : parseJson<Record<string, Json>>(state);\n      }\n\n      case ManageStateOperation.UpdateState: {\n        const finalizedState = shouldEncrypt\n          ? await encryptState({\n              state: validatedParams.newState,\n              encryptFunction: encrypt,\n              mnemonicPhrase: await getMnemonic(),\n              snapId: origin,\n            })\n          : JSON.stringify(validatedParams.newState);\n\n        updateSnapState(origin, finalizedState, shouldEncrypt);\n        return null;\n      }\n\n      default:\n        throw rpcErrors.invalidParams(\n          `Invalid ${method} operation: \"${\n            validatedParams.operation as string\n          }\"`,\n        );\n    }\n  };\n}\n\n/**\n * Validates the manageState method `params` and returns them cast to the correct\n * type. Throws if validation fails.\n *\n * @param params - The unvalidated params object from the method request.\n * @param method - RPC method name used for debugging errors.\n * @param storageSizeLimit - Maximum allowed size (in bytes) of a new state object.\n * @returns The validated method parameter object.\n */\nexport function getValidatedParams(\n  params: unknown,\n  method: string,\n  storageSizeLimit = STORAGE_SIZE_LIMIT,\n): ManageStateParams {\n  if (!isObject(params)) {\n    throw rpcErrors.invalidParams({\n      message: 'Expected params to be a single object.',\n    });\n  }\n\n  const { operation, newState, encrypted } = params;\n\n  if (\n    !operation ||\n    typeof operation !== 'string' ||\n    !Object.values(ManageStateOperation).includes(\n      operation as ManageStateOperation,\n    )\n  ) {\n    throw rpcErrors.invalidParams({\n      message: 'Must specify a valid manage state \"operation\".',\n    });\n  }\n\n  if (encrypted !== undefined && typeof encrypted !== 'boolean') {\n    throw rpcErrors.invalidParams({\n      message: '\"encrypted\" parameter must be a boolean if specified.',\n    });\n  }\n\n  if (operation === ManageStateOperation.UpdateState) {\n    if (!isObject(newState)) {\n      throw rpcErrors.invalidParams({\n        message: `Invalid ${method} \"updateState\" parameter: The new state must be a plain object.`,\n        data: {\n          receivedNewState:\n            typeof newState === 'undefined' ? 'undefined' : newState,\n        },\n      });\n    }\n\n    let size;\n    try {\n      // `getJsonSize` will throw if the state is not JSON serializable.\n      size = getJsonSize(newState);\n    } catch {\n      throw rpcErrors.invalidParams({\n        message: `Invalid ${method} \"updateState\" parameter: The new state must be JSON serializable.`,\n        data: {\n          receivedNewState:\n            typeof newState === 'undefined' ? 'undefined' : newState,\n        },\n      });\n    }\n\n    if (size > storageSizeLimit) {\n      throw rpcErrors.invalidParams({\n        message: `Invalid ${method} \"updateState\" parameter: The new state must not exceed ${storageSizeLimit} bytes in size.`,\n        data: {\n          receivedNewState:\n            typeof newState === 'undefined' ? 'undefined' : newState,\n        },\n      });\n    }\n  }\n\n  return params as ManageStateParams;\n}\n"],"mappings":";;;;;AAKA,SAAS,gBAAgB,mBAAmB;AAC5C,SAAS,iBAAiB;AAE1B,SAAS,4BAA4B;AACrC,SAAS,8BAA8B,iBAAiB;AAExD,SAAS,UAAU,aAAa,QAAQ,mBAAmB;AAMpD,IAAM,wBAAwB;AAErC,IAAM,aAAa;AAiFZ,IAAM,uBAIT,CAAC;AAAA,EACH,iBAAiB;AAAA,EACjB,aAAAA;AACF,MAA8C;AAC5C,SAAO;AAAA,IACL,gBAAgB,eAAe;AAAA,IAC/B,YAAY;AAAA,IACZ;AAAA,IACA,sBAAsB,6BAA6BA,YAAW;AAAA,IAC9D,cAAc,CAAC,YAAY,IAAI;AAAA,EACjC;AACF;AAEA,IAAM,cAAyD;AAAA,EAC7D,aAAa;AAAA,EACb,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,cAAc;AAAA,EACd,iBAAiB;AAAA,EACjB,SAAS;AAAA,EACT,SAAS;AACX;AAEO,IAAM,qBAAqB,OAAO,OAAO;AAAA,EAC9C,YAAY;AAAA,EACZ;AAAA,EACA;AACF,CAAU;AAEH,IAAM,qBAAqB;AAoBlC,eAAsB,iBAAiB;AAAA,EACrC;AAAA,EACA;AACF,GAAyB;AACvB,SAAO,MAAM,cAAc;AAAA,IACzB;AAAA,IACA,OAAO;AAAA,IACP,MAAM;AAAA,IACN,OAAO;AAAA,EACT,CAAC;AACH;AAmBA,eAAe,aAAa;AAAA,EAC1B;AAAA,EACA;AAAA,EACA,GAAG;AACL,GAAqB;AACnB,QAAM,gBAAgB,MAAM,iBAAiB,OAAO;AACpD,SAAO,MAAM,gBAAgB,eAAe,KAAK;AACnD;AAmBA,eAAe,aAAa;AAAA,EAC1B;AAAA,EACA;AAAA,EACA,GAAG;AACL,GAAqB;AACnB,MAAI;AACF,UAAM,gBAAgB,MAAM,iBAAiB,OAAO;AACpD,UAAM,iBAAiB,MAAM,gBAAgB,eAAe,KAAK;AAEjE,WAAO,YAAY,cAAc,CAAC;AAElC,WAAO;AAAA,EACT,QAAQ;AACN,UAAM,UAAU,SAAS;AAAA,MACvB,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AACF;AAuBO,SAAS,6BAA6B;AAAA,EAC3C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAA2B;AACzB,SAAO,eAAe,YACpB,SAC4B;AAC5B,UAAM;AAAA,MACJ,SAAS,CAAC;AAAA,MACV;AAAA,MACA,SAAS,EAAE,OAAO;AAAA,IACpB,IAAI;AACJ,UAAM,kBAAkB,mBAAmB,QAAQ,MAAM;AAGzD,UAAM,gBAAgB,gBAAgB,aAAa;AAInD,QACE,iBACA,gBAAgB,cAAc,qBAAqB,YACnD;AACA,YAAM,iBAAiB,IAAI;AAAA,IAC7B;AAEA,YAAQ,gBAAgB,WAAW;AAAA,MACjC,KAAK,qBAAqB;AACxB,uBAAe,QAAQ,aAAa;AACpC,eAAO;AAAA,MAET,KAAK,qBAAqB,UAAU;AAClC,cAAM,QAAQ,aAAa,QAAQ,aAAa;AAChD,YAAI,UAAU,MAAM;AAClB,iBAAO;AAAA,QACT;AACA,eAAO,gBACH,MAAM,aAAa;AAAA,UACjB;AAAA,UACA,iBAAiB;AAAA,UACjB,gBAAgB,MAAM,YAAY;AAAA,UAClC,QAAQ;AAAA,QACV,CAAC,IACD,UAAgC,KAAK;AAAA,MAC3C;AAAA,MAEA,KAAK,qBAAqB,aAAa;AACrC,cAAM,iBAAiB,gBACnB,MAAM,aAAa;AAAA,UACjB,OAAO,gBAAgB;AAAA,UACvB,iBAAiB;AAAA,UACjB,gBAAgB,MAAM,YAAY;AAAA,UAClC,QAAQ;AAAA,QACV,CAAC,IACD,KAAK,UAAU,gBAAgB,QAAQ;AAE3C,wBAAgB,QAAQ,gBAAgB,aAAa;AACrD,eAAO;AAAA,MACT;AAAA,MAEA;AACE,cAAM,UAAU;AAAA,UACd,WAAW,MAAM,gBACf,gBAAgB,SAClB;AAAA,QACF;AAAA,IACJ;AAAA,EACF;AACF;AAWO,SAAS,mBACd,QACA,QACA,mBAAmB,oBACA;AACnB,MAAI,CAAC,SAAS,MAAM,GAAG;AACrB,UAAM,UAAU,cAAc;AAAA,MAC5B,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,QAAM,EAAE,WAAW,UAAU,UAAU,IAAI;AAE3C,MACE,CAAC,aACD,OAAO,cAAc,YACrB,CAAC,OAAO,OAAO,oBAAoB,EAAE;AAAA,IACnC;AAAA,EACF,GACA;AACA,UAAM,UAAU,cAAc;AAAA,MAC5B,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,MAAI,cAAc,UAAa,OAAO,cAAc,WAAW;AAC7D,UAAM,UAAU,cAAc;AAAA,MAC5B,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,MAAI,cAAc,qBAAqB,aAAa;AAClD,QAAI,CAAC,SAAS,QAAQ,GAAG;AACvB,YAAM,UAAU,cAAc;AAAA,QAC5B,SAAS,WAAW,MAAM;AAAA,QAC1B,MAAM;AAAA,UACJ,kBACE,OAAO,aAAa,cAAc,cAAc;AAAA,QACpD;AAAA,MACF,CAAC;AAAA,IACH;AAEA,QAAI;AACJ,QAAI;AAEF,aAAO,YAAY,QAAQ;AAAA,IAC7B,QAAQ;AACN,YAAM,UAAU,cAAc;AAAA,QAC5B,SAAS,WAAW,MAAM;AAAA,QAC1B,MAAM;AAAA,UACJ,kBACE,OAAO,aAAa,cAAc,cAAc;AAAA,QACpD;AAAA,MACF,CAAC;AAAA,IACH;AAEA,QAAI,OAAO,kBAAkB;AAC3B,YAAM,UAAU,cAAc;AAAA,QAC5B,SAAS,WAAW,MAAM,2DAA2D,gBAAgB;AAAA,QACrG,MAAM;AAAA,UACJ,kBACE,OAAO,aAAa,cAAc,cAAc;AAAA,QACpD;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;","names":["methodHooks"]}

package/dist/chunk-HLF4WCE4.mjs

@@ -0,0 +1,20 @@
+// src/endowments/enum.ts
+var SnapEndowments = /* @__PURE__ */ ((SnapEndowments2) => {
+  SnapEndowments2["NetworkAccess"] = "endowment:network-access";
+  SnapEndowments2["SignatureInsight"] = "endowment:signature-insight";
+  SnapEndowments2["TransactionInsight"] = "endowment:transaction-insight";
+  SnapEndowments2["Cronjob"] = "endowment:cronjob";
+  SnapEndowments2["EthereumProvider"] = "endowment:ethereum-provider";
+  SnapEndowments2["Rpc"] = "endowment:rpc";
+  SnapEndowments2["WebAssemblyAccess"] = "endowment:webassembly";
+  SnapEndowments2["NameLookup"] = "endowment:name-lookup";
+  SnapEndowments2["LifecycleHooks"] = "endowment:lifecycle-hooks";
+  SnapEndowments2["Keyring"] = "endowment:keyring";
+  SnapEndowments2["HomePage"] = "endowment:page-home";
+  return SnapEndowments2;
+})(SnapEndowments || {});
+
+export {
+  SnapEndowments
+};
+//# sourceMappingURL=chunk-HLF4WCE4.mjs.map

package/dist/chunk-HLF4WCE4.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/endowments/enum.ts"],"sourcesContent":["export enum SnapEndowments {\n  NetworkAccess = 'endowment:network-access',\n  SignatureInsight = 'endowment:signature-insight',\n  TransactionInsight = 'endowment:transaction-insight',\n  Cronjob = 'endowment:cronjob',\n  EthereumProvider = 'endowment:ethereum-provider',\n  Rpc = 'endowment:rpc',\n  WebAssemblyAccess = 'endowment:webassembly',\n  NameLookup = 'endowment:name-lookup',\n  LifecycleHooks = 'endowment:lifecycle-hooks',\n  Keyring = 'endowment:keyring',\n  HomePage = 'endowment:page-home',\n}\n"],"mappings":";AAAO,IAAK,iBAAL,kBAAKA,oBAAL;AACL,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,sBAAmB;AACnB,EAAAA,gBAAA,wBAAqB;AACrB,EAAAA,gBAAA,aAAU;AACV,EAAAA,gBAAA,sBAAmB;AACnB,EAAAA,gBAAA,SAAM;AACN,EAAAA,gBAAA,uBAAoB;AACpB,EAAAA,gBAAA,gBAAa;AACb,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,aAAU;AACV,EAAAA,gBAAA,cAAW;AAXD,SAAAA;AAAA,GAAA;","names":["SnapEndowments"]}

package/dist/chunk-HODDBRLQ.js

@@ -0,0 +1,75 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }
+
+var _chunkRC7LBS3Hjs = require('./chunk-RC7LBS3H.js');
+
+// src/endowments/signature-insight.ts
+var _permissioncontroller = require('@metamask/permission-controller');
+var _rpcerrors = require('@metamask/rpc-errors');
+var _snapsutils = require('@metamask/snaps-utils');
+var _utils = require('@metamask/utils');
+var permissionName = "endowment:signature-insight" /* SignatureInsight */;
+var specificationBuilder = (_builderOptions) => {
+  return {
+    permissionType: _permissioncontroller.PermissionType.Endowment,
+    targetName: permissionName,
+    allowedCaveats: [_snapsutils.SnapCaveatType.SignatureOrigin],
+    endowmentGetter: (_getterOptions) => void 0,
+    validator: _chunkRC7LBS3Hjs.createGenericPermissionValidator.call(void 0, [
+      { type: _snapsutils.SnapCaveatType.SignatureOrigin, optional: true },
+      { type: _snapsutils.SnapCaveatType.MaxRequestTime, optional: true }
+    ]),
+    subjectTypes: [_permissioncontroller.SubjectType.Snap]
+  };
+};
+var signatureInsightEndowmentBuilder = Object.freeze({
+  targetName: permissionName,
+  specificationBuilder
+});
+function validateCaveat(caveat) {
+  if (!_utils.hasProperty.call(void 0, caveat, "value") || !_utils.isPlainObject.call(void 0, caveat)) {
+    throw _rpcerrors.rpcErrors.invalidParams({
+      message: "Expected a plain object."
+    });
+  }
+  const { value } = caveat;
+  _utils.assert.call(void 0, 
+    typeof value === "boolean",
+    'Expected caveat value to have type "boolean"'
+  );
+}
+function getSignatureInsightCaveatMapper(value) {
+  if (!value || !_utils.isObject.call(void 0, value) || _utils.isObject.call(void 0, value) && Object.keys(value).length === 0) {
+    return { caveats: null };
+  }
+  return {
+    caveats: [
+      {
+        type: _snapsutils.SnapCaveatType.SignatureOrigin,
+        value: _utils.hasProperty.call(void 0, value, "allowSignatureOrigin") && value.allowSignatureOrigin
+      }
+    ]
+  };
+}
+function getSignatureOriginCaveat(permission) {
+  if (!_optionalChain([permission, 'optionalAccess', _ => _.caveats])) {
+    return null;
+  }
+  _utils.assert.call(void 0, permission.caveats.length === 1);
+  _utils.assert.call(void 0, permission.caveats[0].type === _snapsutils.SnapCaveatType.SignatureOrigin);
+  const caveat = permission.caveats[0];
+  return _nullishCoalesce(caveat.value, () => ( null));
+}
+var signatureInsightCaveatSpecifications = {
+  [_snapsutils.SnapCaveatType.SignatureOrigin]: Object.freeze({
+    type: _snapsutils.SnapCaveatType.SignatureOrigin,
+    validator: (caveat) => validateCaveat(caveat)
+  })
+};
+
+
+
+
+
+
+exports.signatureInsightEndowmentBuilder = signatureInsightEndowmentBuilder; exports.getSignatureInsightCaveatMapper = getSignatureInsightCaveatMapper; exports.getSignatureOriginCaveat = getSignatureOriginCaveat; exports.signatureInsightCaveatSpecifications = signatureInsightCaveatSpecifications;
+//# sourceMappingURL=chunk-HODDBRLQ.js.map

package/dist/chunk-HODDBRLQ.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/endowments/signature-insight.ts"],"names":[],"mappings":";;;;;AASA,SAAS,gBAAgB,mBAAmB;AAC5C,SAAS,iBAAiB;AAC1B,SAAS,sBAAsB;AAE/B,SAAS,QAAQ,aAAa,UAAU,qBAAqB;AAK7D,IAAM;AAiBN,IAAM,uBAIF,CAAC,oBAA8B;AACjC,SAAO;AAAA,IACL,gBAAgB,eAAe;AAAA,IAC/B,YAAY;AAAA,IACZ,gBAAgB,CAAC,eAAe,eAAe;AAAA,IAC/C,iBAAiB,CAAC,mBAA2C;AAAA,IAC7D,WAAW,iCAAiC;AAAA,MAC1C,EAAE,MAAM,eAAe,iBAAiB,UAAU,KAAK;AAAA,MACvD,EAAE,MAAM,eAAe,gBAAgB,UAAU,KAAK;AAAA,IACxD,CAAC;AAAA,IACD,cAAc,CAAC,YAAY,IAAI;AAAA,EACjC;AACF;AAEO,IAAM,mCAAmC,OAAO,OAAO;AAAA,EAC5D,YAAY;AAAA,EACZ;AACF,CAAU;AAQV,SAAS,eAAe,QAAmC;AACzD,MAAI,CAAC,YAAY,QAAQ,OAAO,KAAK,CAAC,cAAc,MAAM,GAAG;AAC3D,UAAM,UAAU,cAAc;AAAA,MAC5B,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,QAAM,EAAE,MAAM,IAAI;AAElB;AAAA,IACE,OAAO,UAAU;AAAA,IACjB;AAAA,EACF;AACF;AAUO,SAAS,gCACd,OACuC;AACvC,MACE,CAAC,SACD,CAAC,SAAS,KAAK,KACd,SAAS,KAAK,KAAK,OAAO,KAAK,KAAK,EAAE,WAAW,GAClD;AACA,WAAO,EAAE,SAAS,KAAK;AAAA,EACzB;AACA,SAAO;AAAA,IACL,SAAS;AAAA,MACP;AAAA,QACE,MAAM,eAAe;AAAA,QACrB,OACE,YAAY,OAAO,sBAAsB,KACxC,MAAM;AAAA,MACX;AAAA,IACF;AAAA,EACF;AACF;AAaO,SAAS,yBACd,YACgB;AAChB,MAAI,CAAC,YAAY,SAAS;AACxB,WAAO;AAAA,EACT;AAEA,SAAO,WAAW,QAAQ,WAAW,CAAC;AACtC,SAAO,WAAW,QAAQ,CAAC,EAAE,SAAS,eAAe,eAAe;AAEpE,QAAM,SAAS,WAAW,QAAQ,CAAC;AAEnC,SAAO,OAAO,SAAS;AACzB;AAEO,IAAM,uCAGT;AAAA,EACF,CAAC,eAAe,eAAe,GAAG,OAAO,OAAO;AAAA,IAC9C,MAAM,eAAe;AAAA,IACrB,WAAW,CAAC,WAAgC,eAAe,MAAM;AAAA,EACnE,CAAC;AACH","sourcesContent":["import type {\n  PermissionSpecificationBuilder,\n  EndowmentGetterParams,\n  ValidPermissionSpecification,\n  PermissionValidatorConstraint,\n  PermissionConstraint,\n  CaveatSpecificationConstraint,\n  Caveat,\n} from '@metamask/permission-controller';\nimport { PermissionType, SubjectType } from '@metamask/permission-controller';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport { SnapCaveatType } from '@metamask/snaps-utils';\nimport type { Json, NonEmptyArray } from '@metamask/utils';\nimport { assert, hasProperty, isObject, isPlainObject } from '@metamask/utils';\n\nimport { createGenericPermissionValidator } from './caveats';\nimport { SnapEndowments } from './enum';\n\nconst permissionName = SnapEndowments.SignatureInsight;\n\ntype SignatureInsightEndowmentSpecification = ValidPermissionSpecification<{\n  permissionType: PermissionType.Endowment;\n  targetName: typeof permissionName;\n  endowmentGetter: (_options?: EndowmentGetterParams) => undefined;\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n  validator: PermissionValidatorConstraint;\n}>;\n\n/**\n * `endowment:signature-insight` returns nothing; it is intended to be used as a flag\n * by the extension to detect whether the snap has the capability to show information on the signature confirmation screen.\n *\n * @param _builderOptions - Optional specification builder options.\n * @returns The specification for the signature-insight endowment.\n */\nconst specificationBuilder: PermissionSpecificationBuilder<\n  PermissionType.Endowment,\n  any,\n  SignatureInsightEndowmentSpecification\n> = (_builderOptions?: unknown) => {\n  return {\n    permissionType: PermissionType.Endowment,\n    targetName: permissionName,\n    allowedCaveats: [SnapCaveatType.SignatureOrigin],\n    endowmentGetter: (_getterOptions?: EndowmentGetterParams) => undefined,\n    validator: createGenericPermissionValidator([\n      { type: SnapCaveatType.SignatureOrigin, optional: true },\n      { type: SnapCaveatType.MaxRequestTime, optional: true },\n    ]),\n    subjectTypes: [SubjectType.Snap],\n  };\n};\n\nexport const signatureInsightEndowmentBuilder = Object.freeze({\n  targetName: permissionName,\n  specificationBuilder,\n} as const);\n\n/**\n * Validates the type of the caveat value.\n *\n * @param caveat - The caveat to validate.\n * @throws If the caveat value is invalid.\n */\nfunction validateCaveat(caveat: Caveat<string, any>): void {\n  if (!hasProperty(caveat, 'value') || !isPlainObject(caveat)) {\n    throw rpcErrors.invalidParams({\n      message: 'Expected a plain object.',\n    });\n  }\n\n  const { value } = caveat;\n\n  assert(\n    typeof value === 'boolean',\n    'Expected caveat value to have type \"boolean\"',\n  );\n}\n\n/**\n * Map a raw value from the `initialPermissions` to a caveat specification.\n * Note that this function does not do any validation, that's handled by the\n * PermissionController when the permission is requested.\n *\n * @param value - The raw value from the `initialPermissions`.\n * @returns The caveat specification.\n */\nexport function getSignatureInsightCaveatMapper(\n  value: Json,\n): Pick<PermissionConstraint, 'caveats'> {\n  if (\n    !value ||\n    !isObject(value) ||\n    (isObject(value) && Object.keys(value).length === 0)\n  ) {\n    return { caveats: null };\n  }\n  return {\n    caveats: [\n      {\n        type: SnapCaveatType.SignatureOrigin,\n        value:\n          hasProperty(value, 'allowSignatureOrigin') &&\n          (value.allowSignatureOrigin as boolean),\n      },\n    ],\n  };\n}\n\n/**\n * Getter function to get the signature origin caveat from a permission.\n *\n * This does basic validation of the caveat, but does not validate the type or\n * value of the namespaces object itself, as this is handled by the\n * `PermissionsController` when the permission is requested.\n *\n * @param permission - The permission to get the signature origin caveat from.\n * @returns The signature origin, or `null` if the permission does not have a\n * signature origin caveat.\n */\nexport function getSignatureOriginCaveat(\n  permission?: PermissionConstraint,\n): boolean | null {\n  if (!permission?.caveats) {\n    return null;\n  }\n\n  assert(permission.caveats.length === 1);\n  assert(permission.caveats[0].type === SnapCaveatType.SignatureOrigin);\n\n  const caveat = permission.caveats[0] as Caveat<string, boolean>;\n\n  return caveat.value ?? null;\n}\n\nexport const signatureInsightCaveatSpecifications: Record<\n  SnapCaveatType.SignatureOrigin,\n  CaveatSpecificationConstraint\n> = {\n  [SnapCaveatType.SignatureOrigin]: Object.freeze({\n    type: SnapCaveatType.SignatureOrigin,\n    validator: (caveat: Caveat<string, any>) => validateCaveat(caveat),\n  }),\n};\n"]}

package/dist/chunk-HOXOD5RL.mjs

@@ -0,0 +1,68 @@
+// src/restricted/caveats/permittedCoinTypes.ts
+import { providerErrors, rpcErrors } from "@metamask/rpc-errors";
+import { FORBIDDEN_COIN_TYPES, SnapCaveatType } from "@metamask/snaps-utils";
+import { hasProperty, isPlainObject } from "@metamask/utils";
+function permittedCoinTypesCaveatMapper(value) {
+  return {
+    caveats: [
+      {
+        type: SnapCaveatType.PermittedCoinTypes,
+        value
+      }
+    ]
+  };
+}
+function validateBIP44Params(value) {
+  if (!isPlainObject(value) || !hasProperty(value, "coinType")) {
+    throw rpcErrors.invalidParams({
+      message: "Expected a plain object containing a coin type."
+    });
+  }
+  if (typeof value.coinType !== "number" || !Number.isInteger(value.coinType) || value.coinType < 0 || value.coinType > 2147483647) {
+    throw rpcErrors.invalidParams({
+      message: 'Invalid "coinType" parameter. Coin type must be a non-negative integer.'
+    });
+  }
+  if (FORBIDDEN_COIN_TYPES.includes(value.coinType)) {
+    throw rpcErrors.invalidParams({
+      message: `Coin type ${value.coinType} is forbidden.`
+    });
+  }
+}
+function validateBIP44Caveat(caveat) {
+  if (!hasProperty(caveat, "value") || !Array.isArray(caveat.value) || caveat.value.length === 0) {
+    throw rpcErrors.invalidParams({
+      message: "Expected non-empty array of coin types."
+    });
+  }
+  caveat.value.forEach(validateBIP44Params);
+}
+var PermittedCoinTypesCaveatSpecification = {
+  [SnapCaveatType.PermittedCoinTypes]: Object.freeze({
+    type: SnapCaveatType.PermittedCoinTypes,
+    decorator: (method, caveat) => {
+      return async (args) => {
+        const { params } = args;
+        validateBIP44Params(params);
+        const coinType = caveat.value.find(
+          (caveatValue) => caveatValue.coinType === params.coinType
+        );
+        if (!coinType) {
+          throw providerErrors.unauthorized({
+            message: "The requested coin type is not permitted. Allowed coin types must be specified in the snap manifest."
+          });
+        }
+        return await method(args);
+      };
+    },
+    validator: (caveat) => validateBIP44Caveat(caveat)
+  })
+};
+
+export {
+  permittedCoinTypesCaveatMapper,
+  validateBIP44Params,
+  validateBIP44Caveat,
+  PermittedCoinTypesCaveatSpecification
+};
+//# sourceMappingURL=chunk-HOXOD5RL.mjs.map

package/dist/chunk-HOXOD5RL.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/restricted/caveats/permittedCoinTypes.ts"],"sourcesContent":["import type {\n  PermissionConstraint,\n  RestrictedMethodCaveatSpecificationConstraint,\n  Caveat,\n} from '@metamask/permission-controller';\nimport { providerErrors, rpcErrors } from '@metamask/rpc-errors';\nimport type { GetBip44EntropyParams } from '@metamask/snaps-sdk';\nimport { FORBIDDEN_COIN_TYPES, SnapCaveatType } from '@metamask/snaps-utils';\nimport type { Json } from '@metamask/utils';\nimport { hasProperty, isPlainObject } from '@metamask/utils';\n\n/**\n * Map a raw value from the `initialPermissions` to a caveat specification.\n * Note that this function does not do any validation, that's handled by the\n * PermissionsController when the permission is requested.\n *\n * @param value - The raw value from the `initialPermissions`.\n * @returns The caveat specification.\n */\nexport function permittedCoinTypesCaveatMapper(\n  value: Json,\n): Pick<PermissionConstraint, 'caveats'> {\n  return {\n    caveats: [\n      {\n        type: SnapCaveatType.PermittedCoinTypes,\n        value,\n      },\n    ],\n  };\n}\n\n/**\n * Validate the params for `snap_getBip44Entropy`.\n *\n * @param value - The params to validate.\n * @throws If the params are invalid.\n */\nexport function validateBIP44Params(\n  value: unknown,\n): asserts value is GetBip44EntropyParams {\n  if (!isPlainObject(value) || !hasProperty(value, 'coinType')) {\n    throw rpcErrors.invalidParams({\n      message: 'Expected a plain object containing a coin type.',\n    });\n  }\n\n  if (\n    typeof value.coinType !== 'number' ||\n    !Number.isInteger(value.coinType) ||\n    value.coinType < 0 ||\n    value.coinType > 0x7fffffff\n  ) {\n    throw rpcErrors.invalidParams({\n      message:\n        'Invalid \"coinType\" parameter. Coin type must be a non-negative integer.',\n    });\n  }\n\n  if (FORBIDDEN_COIN_TYPES.includes(value.coinType)) {\n    throw rpcErrors.invalidParams({\n      message: `Coin type ${value.coinType} is forbidden.`,\n    });\n  }\n}\n\n/**\n * Validate the coin types values associated with a caveat. This checks if the\n * values are non-negative integers (>= 0).\n *\n * @param caveat - The caveat to validate.\n * @throws If the caveat is invalid.\n */\nexport function validateBIP44Caveat(caveat: Caveat<string, any>) {\n  if (\n    !hasProperty(caveat, 'value') ||\n    !Array.isArray(caveat.value) ||\n    caveat.value.length === 0\n  ) {\n    throw rpcErrors.invalidParams({\n      message: 'Expected non-empty array of coin types.',\n    });\n  }\n\n  caveat.value.forEach(validateBIP44Params);\n}\n\nexport const PermittedCoinTypesCaveatSpecification: Record<\n  SnapCaveatType.PermittedCoinTypes,\n  RestrictedMethodCaveatSpecificationConstraint\n> = {\n  [SnapCaveatType.PermittedCoinTypes]: Object.freeze({\n    type: SnapCaveatType.PermittedCoinTypes,\n    decorator: (\n      method,\n      caveat: Caveat<\n        SnapCaveatType.PermittedCoinTypes,\n        GetBip44EntropyParams[]\n      >,\n    ) => {\n      return async (args) => {\n        const { params } = args;\n        validateBIP44Params(params);\n\n        const coinType = caveat.value.find(\n          (caveatValue) => caveatValue.coinType === params.coinType,\n        );\n\n        if (!coinType) {\n          throw providerErrors.unauthorized({\n            message:\n              'The requested coin type is not permitted. Allowed coin types must be specified in the snap manifest.',\n          });\n        }\n\n        return await method(args);\n      };\n    },\n    validator: (caveat) => validateBIP44Caveat(caveat),\n  }),\n};\n"],"mappings":";AAKA,SAAS,gBAAgB,iBAAiB;AAE1C,SAAS,sBAAsB,sBAAsB;AAErD,SAAS,aAAa,qBAAqB;AAUpC,SAAS,+BACd,OACuC;AACvC,SAAO;AAAA,IACL,SAAS;AAAA,MACP;AAAA,QACE,MAAM,eAAe;AAAA,QACrB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAQO,SAAS,oBACd,OACwC;AACxC,MAAI,CAAC,cAAc,KAAK,KAAK,CAAC,YAAY,OAAO,UAAU,GAAG;AAC5D,UAAM,UAAU,cAAc;AAAA,MAC5B,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,MACE,OAAO,MAAM,aAAa,YAC1B,CAAC,OAAO,UAAU,MAAM,QAAQ,KAChC,MAAM,WAAW,KACjB,MAAM,WAAW,YACjB;AACA,UAAM,UAAU,cAAc;AAAA,MAC5B,SACE;AAAA,IACJ,CAAC;AAAA,EACH;AAEA,MAAI,qBAAqB,SAAS,MAAM,QAAQ,GAAG;AACjD,UAAM,UAAU,cAAc;AAAA,MAC5B,SAAS,aAAa,MAAM,QAAQ;AAAA,IACtC,CAAC;AAAA,EACH;AACF;AASO,SAAS,oBAAoB,QAA6B;AAC/D,MACE,CAAC,YAAY,QAAQ,OAAO,KAC5B,CAAC,MAAM,QAAQ,OAAO,KAAK,KAC3B,OAAO,MAAM,WAAW,GACxB;AACA,UAAM,UAAU,cAAc;AAAA,MAC5B,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,SAAO,MAAM,QAAQ,mBAAmB;AAC1C;AAEO,IAAM,wCAGT;AAAA,EACF,CAAC,eAAe,kBAAkB,GAAG,OAAO,OAAO;AAAA,IACjD,MAAM,eAAe;AAAA,IACrB,WAAW,CACT,QACA,WAIG;AACH,aAAO,OAAO,SAAS;AACrB,cAAM,EAAE,OAAO,IAAI;AACnB,4BAAoB,MAAM;AAE1B,cAAM,WAAW,OAAO,MAAM;AAAA,UAC5B,CAAC,gBAAgB,YAAY,aAAa,OAAO;AAAA,QACnD;AAEA,YAAI,CAAC,UAAU;AACb,gBAAM,eAAe,aAAa;AAAA,YAChC,SACE;AAAA,UACJ,CAAC;AAAA,QACH;AAEA,eAAO,MAAM,OAAO,IAAI;AAAA,MAC1B;AAAA,IACF;AAAA,IACA,WAAW,CAAC,WAAW,oBAAoB,MAAM;AAAA,EACnD,CAAC;AACH;","names":[]}

package/dist/chunk-I5H5ZZRC.js

@@ -0,0 +1,80 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});// src/restricted/notify.ts
+var _permissioncontroller = require('@metamask/permission-controller');
+var _rpcerrors = require('@metamask/rpc-errors');
+var _snapssdk = require('@metamask/snaps-sdk');
+var _snapsutils = require('@metamask/snaps-utils');
+var _utils = require('@metamask/utils');
+var methodName = "snap_notify";
+var specificationBuilder = ({ allowedCaveats = null, methodHooks: methodHooks2 }) => {
+  return {
+    permissionType: _permissioncontroller.PermissionType.RestrictedMethod,
+    targetName: methodName,
+    allowedCaveats,
+    methodImplementation: getImplementation(methodHooks2),
+    subjectTypes: [_permissioncontroller.SubjectType.Snap]
+  };
+};
+var methodHooks = {
+  showNativeNotification: true,
+  showInAppNotification: true,
+  isOnPhishingList: true,
+  maybeUpdatePhishingList: true
+};
+var notifyBuilder = Object.freeze({
+  targetName: methodName,
+  specificationBuilder,
+  methodHooks
+});
+function getImplementation({
+  showNativeNotification,
+  showInAppNotification,
+  isOnPhishingList,
+  maybeUpdatePhishingList
+}) {
+  return async function implementation(args) {
+    const {
+      params,
+      context: { origin }
+    } = args;
+    const validatedParams = getValidatedParams(params);
+    await maybeUpdatePhishingList();
+    _snapsutils.validateTextLinks.call(void 0, validatedParams.message, isOnPhishingList);
+    switch (validatedParams.type) {
+      case _snapssdk.NotificationType.Native:
+        return await showNativeNotification(origin, validatedParams);
+      case _snapssdk.NotificationType.InApp:
+        return await showInAppNotification(origin, validatedParams);
+      default:
+        throw _rpcerrors.rpcErrors.invalidParams({
+          message: 'Must specify a valid notification "type".'
+        });
+    }
+  };
+}
+function getValidatedParams(params) {
+  if (!_utils.isObject.call(void 0, params)) {
+    throw _rpcerrors.rpcErrors.invalidParams({
+      message: "Expected params to be a single object."
+    });
+  }
+  const { type, message } = params;
+  if (!type || typeof type !== "string" || !Object.values(_snapssdk.NotificationType).includes(type)) {
+    throw _rpcerrors.rpcErrors.invalidParams({
+      message: 'Must specify a valid notification "type".'
+    });
+  }
+  if (!message || typeof message !== "string" || message.length >= 50) {
+    throw _rpcerrors.rpcErrors.invalidParams({
+      message: 'Must specify a non-empty string "message" less than 50 characters long.'
+    });
+  }
+  return params;
+}
+
+
+
+
+
+
+exports.specificationBuilder = specificationBuilder; exports.notifyBuilder = notifyBuilder; exports.getImplementation = getImplementation; exports.getValidatedParams = getValidatedParams;
+//# sourceMappingURL=chunk-I5H5ZZRC.js.map

package/dist/chunk-I5H5ZZRC.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/restricted/notify.ts"],"names":["methodHooks"],"mappings":";AAKA,SAAS,gBAAgB,mBAAmB;AAC5C,SAAS,iBAAiB;AAC1B,SAAS,wBAAwB;AAMjC,SAAS,yBAAyB;AAElC,SAAS,gBAAgB;AAIzB,IAAM,aAAa;AA2DZ,IAAM,uBAIT,CAAC,EAAE,iBAAiB,MAAM,aAAAA,aAAY,MAAmC;AAC3E,SAAO;AAAA,IACL,gBAAgB,eAAe;AAAA,IAC/B,YAAY;AAAA,IACZ;AAAA,IACA,sBAAsB,kBAAkBA,YAAW;AAAA,IACnD,cAAc,CAAC,YAAY,IAAI;AAAA,EACjC;AACF;AAEA,IAAM,cAAoD;AAAA,EACxD,wBAAwB;AAAA,EACxB,uBAAuB;AAAA,EACvB,kBAAkB;AAAA,EAClB,yBAAyB;AAC3B;AAEO,IAAM,gBAAgB,OAAO,OAAO;AAAA,EACzC,YAAY;AAAA,EACZ;AAAA,EACA;AACF,CAAU;AAaH,SAAS,kBAAkB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAAsB;AACpB,SAAO,eAAe,eACpB,MACuB;AACvB,UAAM;AAAA,MACJ;AAAA,MACA,SAAS,EAAE,OAAO;AAAA,IACpB,IAAI;AAEJ,UAAM,kBAAkB,mBAAmB,MAAM;AAEjD,UAAM,wBAAwB;AAE9B,sBAAkB,gBAAgB,SAAS,gBAAgB;AAE3D,YAAQ,gBAAgB,MAAM;AAAA,MAC5B,KAAK,iBAAiB;AACpB,eAAO,MAAM,uBAAuB,QAAQ,eAAe;AAAA,MAC7D,KAAK,iBAAiB;AACpB,eAAO,MAAM,sBAAsB,QAAQ,eAAe;AAAA,MAC5D;AACE,cAAM,UAAU,cAAc;AAAA,UAC5B,SAAS;AAAA,QACX,CAAC;AAAA,IACL;AAAA,EACF;AACF;AASO,SAAS,mBAAmB,QAA+B;AAChE,MAAI,CAAC,SAAS,MAAM,GAAG;AACrB,UAAM,UAAU,cAAc;AAAA,MAC5B,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,QAAM,EAAE,MAAM,QAAQ,IAAI;AAE1B,MACE,CAAC,QACD,OAAO,SAAS,YAChB,CAAC,OAAO,OAAO,gBAAgB,EAAE,SAAS,IAAwB,GAClE;AACA,UAAM,UAAU,cAAc;AAAA,MAC5B,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAGA,MAAI,CAAC,WAAW,OAAO,YAAY,YAAY,QAAQ,UAAU,IAAI;AACnE,UAAM,UAAU,cAAc;AAAA,MAC5B,SACE;AAAA,IACJ,CAAC;AAAA,EACH;AAEA,SAAO;AACT","sourcesContent":["import type {\n  PermissionSpecificationBuilder,\n  RestrictedMethodOptions,\n  ValidPermissionSpecification,\n} from '@metamask/permission-controller';\nimport { PermissionType, SubjectType } from '@metamask/permission-controller';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport { NotificationType } from '@metamask/snaps-sdk';\nimport type {\n  NotifyParams,\n  NotifyResult,\n  EnumToUnion,\n} from '@metamask/snaps-sdk';\nimport { validateTextLinks } from '@metamask/snaps-utils';\nimport type { NonEmptyArray } from '@metamask/utils';\nimport { isObject } from '@metamask/utils';\n\nimport { type MethodHooksObject } from '../utils';\n\nconst methodName = 'snap_notify';\n\nexport type NotificationArgs = {\n  /**\n   * Enum type to determine notification type.\n   */\n  type: EnumToUnion<NotificationType>;\n\n  /**\n   * A message to show on the notification.\n   */\n  message: string;\n};\n\nexport type NotifyMethodHooks = {\n  /**\n   * @param snapId - The ID of the Snap that created the notification.\n   * @param args - The notification arguments.\n   */\n  showNativeNotification: (\n    snapId: string,\n    args: NotificationArgs,\n  ) => Promise<null>;\n\n  /**\n   * @param snapId - The ID of the Snap that created the notification.\n   * @param args - The notification arguments.\n   */\n  showInAppNotification: (\n    snapId: string,\n    args: NotificationArgs,\n  ) => Promise<null>;\n\n  isOnPhishingList: (url: string) => boolean;\n\n  maybeUpdatePhishingList: () => Promise<void>;\n};\n\ntype SpecificationBuilderOptions = {\n  allowedCaveats?: Readonly<NonEmptyArray<string>> | null;\n  methodHooks: NotifyMethodHooks;\n};\n\ntype Specification = ValidPermissionSpecification<{\n  permissionType: PermissionType.RestrictedMethod;\n  targetName: typeof methodName;\n  methodImplementation: ReturnType<typeof getImplementation>;\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n}>;\n\n/**\n * The specification builder for the `snap_notify` permission.\n * `snap_notify` allows snaps to send multiple types of notifications to its users.\n *\n * @param options - The specification builder options.\n * @param options.allowedCaveats - The optional allowed caveats for the permission.\n * @param options.methodHooks - The RPC method hooks needed by the method implementation.\n * @returns The specification for the `snap_notify` permission.\n */\nexport const specificationBuilder: PermissionSpecificationBuilder<\n  PermissionType.RestrictedMethod,\n  SpecificationBuilderOptions,\n  Specification\n> = ({ allowedCaveats = null, methodHooks }: SpecificationBuilderOptions) => {\n  return {\n    permissionType: PermissionType.RestrictedMethod,\n    targetName: methodName,\n    allowedCaveats,\n    methodImplementation: getImplementation(methodHooks),\n    subjectTypes: [SubjectType.Snap],\n  };\n};\n\nconst methodHooks: MethodHooksObject<NotifyMethodHooks> = {\n  showNativeNotification: true,\n  showInAppNotification: true,\n  isOnPhishingList: true,\n  maybeUpdatePhishingList: true,\n};\n\nexport const notifyBuilder = Object.freeze({\n  targetName: methodName,\n  specificationBuilder,\n  methodHooks,\n} as const);\n\n/**\n * Builds the method implementation for `snap_notify`.\n *\n * @param hooks - The RPC method hooks.\n * @param hooks.showNativeNotification - A function that shows a native browser notification.\n * @param hooks.showInAppNotification - A function that shows a notification in the MetaMask UI.\n * @param hooks.isOnPhishingList - A function that checks for links against the phishing list.\n * @param hooks.maybeUpdatePhishingList - A function that updates the phishing list if needed.\n * @returns The method implementation which returns `null` on success.\n * @throws If the params are invalid.\n */\nexport function getImplementation({\n  showNativeNotification,\n  showInAppNotification,\n  isOnPhishingList,\n  maybeUpdatePhishingList,\n}: NotifyMethodHooks) {\n  return async function implementation(\n    args: RestrictedMethodOptions<NotifyParams>,\n  ): Promise<NotifyResult> {\n    const {\n      params,\n      context: { origin },\n    } = args;\n\n    const validatedParams = getValidatedParams(params);\n\n    await maybeUpdatePhishingList();\n\n    validateTextLinks(validatedParams.message, isOnPhishingList);\n\n    switch (validatedParams.type) {\n      case NotificationType.Native:\n        return await showNativeNotification(origin, validatedParams);\n      case NotificationType.InApp:\n        return await showInAppNotification(origin, validatedParams);\n      default:\n        throw rpcErrors.invalidParams({\n          message: 'Must specify a valid notification \"type\".',\n        });\n    }\n  };\n}\n\n/**\n * Validates the notify method `params` and returns them cast to the correct\n * type. Throws if validation fails.\n *\n * @param params - The unvalidated params object from the method request.\n * @returns The validated method parameter object.\n */\nexport function getValidatedParams(params: unknown): NotifyParams {\n  if (!isObject(params)) {\n    throw rpcErrors.invalidParams({\n      message: 'Expected params to be a single object.',\n    });\n  }\n\n  const { type, message } = params;\n\n  if (\n    !type ||\n    typeof type !== 'string' ||\n    !Object.values(NotificationType).includes(type as NotificationType)\n  ) {\n    throw rpcErrors.invalidParams({\n      message: 'Must specify a valid notification \"type\".',\n    });\n  }\n\n  // Set to the max message length on a Mac notification for now.\n  if (!message || typeof message !== 'string' || message.length >= 50) {\n    throw rpcErrors.invalidParams({\n      message:\n        'Must specify a non-empty string \"message\" less than 50 characters long.',\n    });\n  }\n\n  return params as NotificationArgs;\n}\n"]}

package/dist/chunk-IDRDPYAN.js

@@ -0,0 +1,70 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }
+
+var _chunkRC7LBS3Hjs = require('./chunk-RC7LBS3H.js');
+
+// src/endowments/keyring.ts
+var _permissioncontroller = require('@metamask/permission-controller');
+var _rpcerrors = require('@metamask/rpc-errors');
+var _snapsutils = require('@metamask/snaps-utils');
+var _utils = require('@metamask/utils');
+var permissionName = "endowment:keyring" /* Keyring */;
+var specificationBuilder = (_builderOptions) => {
+  return {
+    permissionType: _permissioncontroller.PermissionType.Endowment,
+    targetName: permissionName,
+    allowedCaveats: [
+      _snapsutils.SnapCaveatType.KeyringOrigin,
+      _snapsutils.SnapCaveatType.MaxRequestTime
+    ],
+    endowmentGetter: (_getterOptions) => void 0,
+    validator: _chunkRC7LBS3Hjs.createGenericPermissionValidator.call(void 0, [
+      { type: _snapsutils.SnapCaveatType.KeyringOrigin },
+      { type: _snapsutils.SnapCaveatType.MaxRequestTime, optional: true }
+    ]),
+    subjectTypes: [_permissioncontroller.SubjectType.Snap]
+  };
+};
+var keyringEndowmentBuilder = Object.freeze({
+  targetName: permissionName,
+  specificationBuilder
+});
+function validateCaveatOrigins(caveat) {
+  if (!_utils.hasProperty.call(void 0, caveat, "value") || !_utils.isPlainObject.call(void 0, caveat.value)) {
+    throw _rpcerrors.rpcErrors.invalidParams({
+      message: "Invalid keyring origins: Expected a plain object."
+    });
+  }
+  const { value } = caveat;
+  _snapsutils.assertIsKeyringOrigins.call(void 0, value, _rpcerrors.rpcErrors.invalidParams);
+}
+function getKeyringCaveatMapper(value) {
+  return {
+    caveats: [
+      {
+        type: _snapsutils.SnapCaveatType.KeyringOrigin,
+        value
+      }
+    ]
+  };
+}
+function getKeyringCaveatOrigins(permission) {
+  _utils.assert.call(void 0, _optionalChain([permission, 'optionalAccess', _ => _.caveats]));
+  _utils.assert.call(void 0, permission.caveats.length === 1);
+  _utils.assert.call(void 0, permission.caveats[0].type === _snapsutils.SnapCaveatType.KeyringOrigin);
+  const caveat = permission.caveats[0];
+  return caveat.value;
+}
+var keyringCaveatSpecifications = {
+  [_snapsutils.SnapCaveatType.KeyringOrigin]: Object.freeze({
+    type: _snapsutils.SnapCaveatType.KeyringOrigin,
+    validator: (caveat) => validateCaveatOrigins(caveat)
+  })
+};
+
+
+
+
+
+
+exports.keyringEndowmentBuilder = keyringEndowmentBuilder; exports.getKeyringCaveatMapper = getKeyringCaveatMapper; exports.getKeyringCaveatOrigins = getKeyringCaveatOrigins; exports.keyringCaveatSpecifications = keyringCaveatSpecifications;
+//# sourceMappingURL=chunk-IDRDPYAN.js.map

package/dist/chunk-IDRDPYAN.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/endowments/keyring.ts"],"names":[],"mappings":";;;;;AASA,SAAS,gBAAgB,mBAAmB;AAC5C,SAAS,iBAAiB;AAE1B,SAAS,wBAAwB,sBAAsB;AAEvD,SAAS,QAAQ,aAAa,qBAAqB;AAKnD,IAAM;AAkBN,IAAM,uBAIF,CAAC,oBAA8B;AACjC,SAAO;AAAA,IACL,gBAAgB,eAAe;AAAA,IAC/B,YAAY;AAAA,IACZ,gBAAgB;AAAA,MACd,eAAe;AAAA,MACf,eAAe;AAAA,IACjB;AAAA,IACA,iBAAiB,CAAC,mBAA2C;AAAA,IAC7D,WAAW,iCAAiC;AAAA,MAC1C,EAAE,MAAM,eAAe,cAAc;AAAA,MACrC,EAAE,MAAM,eAAe,gBAAgB,UAAU,KAAK;AAAA,IACxD,CAAC;AAAA,IACD,cAAc,CAAC,YAAY,IAAI;AAAA,EACjC;AACF;AAEO,IAAM,0BAA0B,OAAO,OAAO;AAAA,EACnD,YAAY;AAAA,EACZ;AACF,CAAU;AASV,SAAS,sBAAsB,QAA6B;AAC1D,MAAI,CAAC,YAAY,QAAQ,OAAO,KAAK,CAAC,cAAc,OAAO,KAAK,GAAG;AACjE,UAAM,UAAU,cAAc;AAAA,MAC5B,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,QAAM,EAAE,MAAM,IAAI;AAClB,yBAAuB,OAAO,UAAU,aAAa;AACvD;AAUO,SAAS,uBACd,OACuC;AACvC,SAAO;AAAA,IACL,SAAS;AAAA,MACP;AAAA,QACE,MAAM,eAAe;AAAA,QACrB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAWO,SAAS,wBACd,YACuB;AACvB,SAAO,YAAY,OAAO;AAC1B,SAAO,WAAW,QAAQ,WAAW,CAAC;AACtC,SAAO,WAAW,QAAQ,CAAC,EAAE,SAAS,eAAe,aAAa;AAElE,QAAM,SAAS,WAAW,QAAQ,CAAC;AACnC,SAAO,OAAO;AAChB;AAEO,IAAM,8BAGT;AAAA,EACF,CAAC,eAAe,aAAa,GAAG,OAAO,OAAO;AAAA,IAC5C,MAAM,eAAe;AAAA,IACrB,WAAW,CAAC,WAAgC,sBAAsB,MAAM;AAAA,EAC1E,CAAC;AACH","sourcesContent":["import type {\n  Caveat,\n  CaveatSpecificationConstraint,\n  EndowmentGetterParams,\n  PermissionConstraint,\n  PermissionSpecificationBuilder,\n  PermissionValidatorConstraint,\n  ValidPermissionSpecification,\n} from '@metamask/permission-controller';\nimport { PermissionType, SubjectType } from '@metamask/permission-controller';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport type { KeyringOrigins } from '@metamask/snaps-utils';\nimport { assertIsKeyringOrigins, SnapCaveatType } from '@metamask/snaps-utils';\nimport type { Json, NonEmptyArray } from '@metamask/utils';\nimport { assert, hasProperty, isPlainObject } from '@metamask/utils';\n\nimport { createGenericPermissionValidator } from './caveats';\nimport { SnapEndowments } from './enum';\n\nconst permissionName = SnapEndowments.Keyring;\n\ntype KeyringEndowmentSpecification = ValidPermissionSpecification<{\n  permissionType: PermissionType.Endowment;\n  targetName: typeof permissionName;\n  endowmentGetter: (_options?: EndowmentGetterParams) => undefined;\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n  validator: PermissionValidatorConstraint;\n  subjectTypes: readonly SubjectType[];\n}>;\n\n/**\n * `endowment:keyring` returns nothing; it is intended to be used as a flag\n * by the client to detect whether the snap has keyring capabilities.\n *\n * @param _builderOptions - Optional specification builder options.\n * @returns The specification for the keyring endowment.\n */\nconst specificationBuilder: PermissionSpecificationBuilder<\n  PermissionType.Endowment,\n  any,\n  KeyringEndowmentSpecification\n> = (_builderOptions?: unknown) => {\n  return {\n    permissionType: PermissionType.Endowment,\n    targetName: permissionName,\n    allowedCaveats: [\n      SnapCaveatType.KeyringOrigin,\n      SnapCaveatType.MaxRequestTime,\n    ],\n    endowmentGetter: (_getterOptions?: EndowmentGetterParams) => undefined,\n    validator: createGenericPermissionValidator([\n      { type: SnapCaveatType.KeyringOrigin },\n      { type: SnapCaveatType.MaxRequestTime, optional: true },\n    ]),\n    subjectTypes: [SubjectType.Snap],\n  };\n};\n\nexport const keyringEndowmentBuilder = Object.freeze({\n  targetName: permissionName,\n  specificationBuilder,\n} as const);\n\n/**\n * Validate the value of a caveat. This does not validate the type of the\n * caveat itself, only the value of the caveat.\n *\n * @param caveat - The caveat to validate.\n * @throws If the caveat value is invalid.\n */\nfunction validateCaveatOrigins(caveat: Caveat<string, any>) {\n  if (!hasProperty(caveat, 'value') || !isPlainObject(caveat.value)) {\n    throw rpcErrors.invalidParams({\n      message: 'Invalid keyring origins: Expected a plain object.',\n    });\n  }\n\n  const { value } = caveat;\n  assertIsKeyringOrigins(value, rpcErrors.invalidParams);\n}\n\n/**\n * Map a raw value from the `initialPermissions` to a caveat specification.\n * Note that this function does not do any validation, that's handled by the\n * PermissionsController when the permission is requested.\n *\n * @param value - The raw value from the `initialPermissions`.\n * @returns The caveat specification.\n */\nexport function getKeyringCaveatMapper(\n  value: Json,\n): Pick<PermissionConstraint, 'caveats'> {\n  return {\n    caveats: [\n      {\n        type: SnapCaveatType.KeyringOrigin,\n        value,\n      },\n    ],\n  };\n}\n\n/**\n * Getter function to get the {@link KeyringOrigins} caveat value from a\n * permission.\n *\n * @param permission - The permission to get the caveat value from.\n * @returns The caveat value.\n * @throws If the permission does not have a valid {@link KeyringOrigins}\n * caveat.\n */\nexport function getKeyringCaveatOrigins(\n  permission?: PermissionConstraint,\n): KeyringOrigins | null {\n  assert(permission?.caveats);\n  assert(permission.caveats.length === 1);\n  assert(permission.caveats[0].type === SnapCaveatType.KeyringOrigin);\n\n  const caveat = permission.caveats[0] as Caveat<string, KeyringOrigins>;\n  return caveat.value;\n}\n\nexport const keyringCaveatSpecifications: Record<\n  SnapCaveatType.KeyringOrigin,\n  CaveatSpecificationConstraint\n> = {\n  [SnapCaveatType.KeyringOrigin]: Object.freeze({\n    type: SnapCaveatType.KeyringOrigin,\n    validator: (caveat: Caveat<string, any>) => validateCaveatOrigins(caveat),\n  }),\n};\n"]}