@metamask/snaps-rpc-methods 6.0.0 → 7.0.1

package/dist/chunk-UBPHGXCO.mjs

@@ -0,0 +1,74 @@
+// src/endowments/cronjob.ts
+import { PermissionType, SubjectType } from "@metamask/permission-controller";
+import { rpcErrors } from "@metamask/rpc-errors";
+import {
+  SnapCaveatType,
+  isCronjobSpecificationArray
+} from "@metamask/snaps-utils";
+import { assert, hasProperty, isPlainObject } from "@metamask/utils";
+var permissionName = "endowment:cronjob" /* Cronjob */;
+var specificationBuilder = (_builderOptions) => {
+  return {
+    permissionType: PermissionType.Endowment,
+    targetName: permissionName,
+    allowedCaveats: [SnapCaveatType.SnapCronjob],
+    endowmentGetter: (_getterOptions) => void 0,
+    subjectTypes: [SubjectType.Snap]
+  };
+};
+var cronjobEndowmentBuilder = Object.freeze({
+  targetName: permissionName,
+  specificationBuilder
+});
+function getCronjobCaveatMapper(value) {
+  return {
+    caveats: [
+      {
+        type: SnapCaveatType.SnapCronjob,
+        value
+      }
+    ]
+  };
+}
+function getCronjobCaveatJobs(permission) {
+  if (!permission?.caveats) {
+    return null;
+  }
+  assert(permission.caveats.length === 1);
+  assert(permission.caveats[0].type === SnapCaveatType.SnapCronjob);
+  const caveat = permission.caveats[0];
+  return caveat.value?.jobs ?? null;
+}
+function validateCronjobCaveat(caveat) {
+  if (!hasProperty(caveat, "value") || !isPlainObject(caveat.value)) {
+    throw rpcErrors.invalidParams({
+      message: "Expected a plain object."
+    });
+  }
+  const { value } = caveat;
+  if (!hasProperty(value, "jobs") || !isPlainObject(value)) {
+    throw rpcErrors.invalidParams({
+      message: "Expected a plain object."
+    });
+  }
+  if (!isCronjobSpecificationArray(value.jobs)) {
+    throw rpcErrors.invalidParams({
+      message: "Expected a valid cronjob specification array."
+    });
+  }
+}
+var cronjobCaveatSpecifications = {
+  [SnapCaveatType.SnapCronjob]: Object.freeze({
+    type: SnapCaveatType.SnapCronjob,
+    validator: (caveat) => validateCronjobCaveat(caveat)
+  })
+};
+
+export {
+  cronjobEndowmentBuilder,
+  getCronjobCaveatMapper,
+  getCronjobCaveatJobs,
+  validateCronjobCaveat,
+  cronjobCaveatSpecifications
+};
+//# sourceMappingURL=chunk-UBPHGXCO.mjs.map

package/dist/chunk-UBPHGXCO.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/endowments/cronjob.ts"],"sourcesContent":["import type {\n  PermissionSpecificationBuilder,\n  EndowmentGetterParams,\n  ValidPermissionSpecification,\n  PermissionConstraint,\n  Caveat,\n  CaveatSpecificationConstraint,\n} from '@metamask/permission-controller';\nimport { PermissionType, SubjectType } from '@metamask/permission-controller';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport type { CronjobSpecification } from '@metamask/snaps-utils';\nimport {\n  SnapCaveatType,\n  isCronjobSpecificationArray,\n} from '@metamask/snaps-utils';\nimport type { Json, NonEmptyArray } from '@metamask/utils';\nimport { assert, hasProperty, isPlainObject } from '@metamask/utils';\n\nimport { SnapEndowments } from './enum';\n\nconst permissionName = SnapEndowments.Cronjob;\n\ntype CronjobEndowmentSpecification = ValidPermissionSpecification<{\n  permissionType: PermissionType.Endowment;\n  targetName: typeof permissionName;\n  endowmentGetter: (_options?: any) => undefined;\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n}>;\n\n/**\n * `endowment:cronjob` returns nothing; it is intended to be used as a flag to determine whether the snap wants to run cronjobs.\n *\n * @param _builderOptions - Optional specification builder options.\n * @returns The specification for the cronjob endowment.\n */\nconst specificationBuilder: PermissionSpecificationBuilder<\n  PermissionType.Endowment,\n  any,\n  CronjobEndowmentSpecification\n> = (_builderOptions?: any) => {\n  return {\n    permissionType: PermissionType.Endowment,\n    targetName: permissionName,\n    allowedCaveats: [SnapCaveatType.SnapCronjob],\n    endowmentGetter: (_getterOptions?: EndowmentGetterParams) => undefined,\n    subjectTypes: [SubjectType.Snap],\n  };\n};\n\nexport const cronjobEndowmentBuilder = Object.freeze({\n  targetName: permissionName,\n  specificationBuilder,\n} as const);\n\n/**\n * Map a raw value from the `initialPermissions` to a caveat specification.\n * Note that this function does not do any validation, that's handled by the\n * PermissionsController when the permission is requested.\n *\n * @param value - The raw value from the `initialPermissions`.\n * @returns The caveat specification.\n */\nexport function getCronjobCaveatMapper(\n  value: Json,\n): Pick<PermissionConstraint, 'caveats'> {\n  return {\n    caveats: [\n      {\n        type: SnapCaveatType.SnapCronjob,\n        value,\n      },\n    ],\n  };\n}\n\n/**\n * Getter function to get the cronjobs from a permission.\n *\n * This does basic validation of the caveat, but does not validate the type or\n * value of the namespaces object itself, as this is handled by the\n * `PermissionsController` when the permission is requested.\n *\n * @param permission - The permission to get the keyring namespaces from.\n * @returns The cronjobs, or `null` if the permission does not have a\n * cronjob caveat.\n */\nexport function getCronjobCaveatJobs(\n  permission?: PermissionConstraint,\n): CronjobSpecification[] | null {\n  if (!permission?.caveats) {\n    return null;\n  }\n\n  assert(permission.caveats.length === 1);\n  assert(permission.caveats[0].type === SnapCaveatType.SnapCronjob);\n\n  const caveat = permission.caveats[0] as Caveat<string, { jobs: Json[] }>;\n\n  return (caveat.value?.jobs as CronjobSpecification[]) ?? null;\n}\n\n/**\n * Validate the cronjob specification values associated with a caveat.\n * This validates that the value is a non-empty array with valid\n * cronjob expression and request object.\n *\n * @param caveat - The caveat to validate.\n * @throws If the value is invalid.\n */\nexport function validateCronjobCaveat(caveat: Caveat<string, any>) {\n  if (!hasProperty(caveat, 'value') || !isPlainObject(caveat.value)) {\n    throw rpcErrors.invalidParams({\n      message: 'Expected a plain object.',\n    });\n  }\n\n  const { value } = caveat;\n\n  if (!hasProperty(value, 'jobs') || !isPlainObject(value)) {\n    throw rpcErrors.invalidParams({\n      message: 'Expected a plain object.',\n    });\n  }\n\n  if (!isCronjobSpecificationArray(value.jobs)) {\n    throw rpcErrors.invalidParams({\n      message: 'Expected a valid cronjob specification array.',\n    });\n  }\n}\n\n/**\n * Caveat specification for the Cronjob.\n */\nexport const cronjobCaveatSpecifications: Record<\n  SnapCaveatType.SnapCronjob,\n  CaveatSpecificationConstraint\n> = {\n  [SnapCaveatType.SnapCronjob]: Object.freeze({\n    type: SnapCaveatType.SnapCronjob,\n    validator: (caveat) => validateCronjobCaveat(caveat),\n  }),\n};\n"],"mappings":";AAQA,SAAS,gBAAgB,mBAAmB;AAC5C,SAAS,iBAAiB;AAE1B;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAEP,SAAS,QAAQ,aAAa,qBAAqB;AAInD,IAAM;AAeN,IAAM,uBAIF,CAAC,oBAA0B;AAC7B,SAAO;AAAA,IACL,gBAAgB,eAAe;AAAA,IAC/B,YAAY;AAAA,IACZ,gBAAgB,CAAC,eAAe,WAAW;AAAA,IAC3C,iBAAiB,CAAC,mBAA2C;AAAA,IAC7D,cAAc,CAAC,YAAY,IAAI;AAAA,EACjC;AACF;AAEO,IAAM,0BAA0B,OAAO,OAAO;AAAA,EACnD,YAAY;AAAA,EACZ;AACF,CAAU;AAUH,SAAS,uBACd,OACuC;AACvC,SAAO;AAAA,IACL,SAAS;AAAA,MACP;AAAA,QACE,MAAM,eAAe;AAAA,QACrB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAaO,SAAS,qBACd,YAC+B;AAC/B,MAAI,CAAC,YAAY,SAAS;AACxB,WAAO;AAAA,EACT;AAEA,SAAO,WAAW,QAAQ,WAAW,CAAC;AACtC,SAAO,WAAW,QAAQ,CAAC,EAAE,SAAS,eAAe,WAAW;AAEhE,QAAM,SAAS,WAAW,QAAQ,CAAC;AAEnC,SAAQ,OAAO,OAAO,QAAmC;AAC3D;AAUO,SAAS,sBAAsB,QAA6B;AACjE,MAAI,CAAC,YAAY,QAAQ,OAAO,KAAK,CAAC,cAAc,OAAO,KAAK,GAAG;AACjE,UAAM,UAAU,cAAc;AAAA,MAC5B,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,QAAM,EAAE,MAAM,IAAI;AAElB,MAAI,CAAC,YAAY,OAAO,MAAM,KAAK,CAAC,cAAc,KAAK,GAAG;AACxD,UAAM,UAAU,cAAc;AAAA,MAC5B,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,MAAI,CAAC,4BAA4B,MAAM,IAAI,GAAG;AAC5C,UAAM,UAAU,cAAc;AAAA,MAC5B,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AACF;AAKO,IAAM,8BAGT;AAAA,EACF,CAAC,eAAe,WAAW,GAAG,OAAO,OAAO;AAAA,IAC1C,MAAM,eAAe;AAAA,IACrB,WAAW,CAAC,WAAW,sBAAsB,MAAM;AAAA,EACrD,CAAC;AACH;","names":[]}

package/dist/chunk-VCGZNL35.mjs

@@ -0,0 +1,69 @@
+import {
+  createGenericPermissionValidator
+} from "./chunk-TT4DP2YW.mjs";
+
+// src/endowments/rpc.ts
+import { PermissionType, SubjectType } from "@metamask/permission-controller";
+import { rpcErrors } from "@metamask/rpc-errors";
+import { assertIsRpcOrigins, SnapCaveatType } from "@metamask/snaps-utils";
+import { hasProperty, isPlainObject, assert } from "@metamask/utils";
+var targetName = "endowment:rpc" /* Rpc */;
+var specificationBuilder = (_builderOptions) => {
+  return {
+    permissionType: PermissionType.Endowment,
+    targetName,
+    allowedCaveats: [SnapCaveatType.RpcOrigin, SnapCaveatType.MaxRequestTime],
+    endowmentGetter: (_getterOptions) => void 0,
+    validator: createGenericPermissionValidator([
+      { type: SnapCaveatType.RpcOrigin },
+      { type: SnapCaveatType.MaxRequestTime, optional: true }
+    ]),
+    subjectTypes: [SubjectType.Snap]
+  };
+};
+var rpcEndowmentBuilder = Object.freeze({
+  targetName,
+  specificationBuilder
+});
+function validateCaveatOrigins(caveat) {
+  if (!hasProperty(caveat, "value") || !isPlainObject(caveat.value)) {
+    throw rpcErrors.invalidParams({
+      message: "Invalid JSON-RPC origins: Expected a plain object."
+    });
+  }
+  const { value } = caveat;
+  assertIsRpcOrigins(value, rpcErrors.invalidParams);
+}
+function getRpcCaveatMapper(value) {
+  return {
+    caveats: [
+      {
+        type: SnapCaveatType.RpcOrigin,
+        value
+      }
+    ]
+  };
+}
+function getRpcCaveatOrigins(permission) {
+  const caveats = permission?.caveats?.filter(
+    (caveat2) => caveat2.type === SnapCaveatType.RpcOrigin
+  );
+  assert(caveats);
+  assert(caveats.length === 1);
+  const caveat = caveats[0];
+  return caveat.value;
+}
+var rpcCaveatSpecifications = {
+  [SnapCaveatType.RpcOrigin]: Object.freeze({
+    type: SnapCaveatType.RpcOrigin,
+    validator: (caveat) => validateCaveatOrigins(caveat)
+  })
+};
+
+export {
+  rpcEndowmentBuilder,
+  getRpcCaveatMapper,
+  getRpcCaveatOrigins,
+  rpcCaveatSpecifications
+};
+//# sourceMappingURL=chunk-VCGZNL35.mjs.map

package/dist/chunk-VCGZNL35.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/endowments/rpc.ts"],"sourcesContent":["import type {\n  Caveat,\n  CaveatSpecificationConstraint,\n  EndowmentGetterParams,\n  PermissionConstraint,\n  PermissionSpecificationBuilder,\n  PermissionValidatorConstraint,\n  ValidPermissionSpecification,\n} from '@metamask/permission-controller';\nimport { PermissionType, SubjectType } from '@metamask/permission-controller';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport type { RpcOrigins } from '@metamask/snaps-utils';\nimport { assertIsRpcOrigins, SnapCaveatType } from '@metamask/snaps-utils';\nimport type { Json, NonEmptyArray } from '@metamask/utils';\nimport { hasProperty, isPlainObject, assert } from '@metamask/utils';\n\nimport { createGenericPermissionValidator } from './caveats';\nimport { SnapEndowments } from './enum';\n\nconst targetName = SnapEndowments.Rpc;\n\ntype RpcSpecification = ValidPermissionSpecification<{\n  permissionType: PermissionType.Endowment;\n  targetName: typeof targetName;\n  endowmentGetter: (_options?: any) => undefined;\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n  validator: PermissionValidatorConstraint;\n  subjectTypes: readonly SubjectType[];\n}>;\n\ntype RpcSpecificationBuilderOptions = {\n  // Empty for now.\n};\n\n/**\n * The specification builder for the JSON-RPC endowment permission.\n *\n * @param _builderOptions - Optional specification builder options.\n * @returns The specification for the JSON-RPC endowment permission.\n */\nconst specificationBuilder: PermissionSpecificationBuilder<\n  PermissionType.Endowment,\n  RpcSpecificationBuilderOptions,\n  RpcSpecification\n> = (_builderOptions?: any): RpcSpecification => {\n  return {\n    permissionType: PermissionType.Endowment,\n    targetName,\n    allowedCaveats: [SnapCaveatType.RpcOrigin, SnapCaveatType.MaxRequestTime],\n    endowmentGetter: (_getterOptions?: EndowmentGetterParams) => undefined,\n    validator: createGenericPermissionValidator([\n      { type: SnapCaveatType.RpcOrigin },\n      { type: SnapCaveatType.MaxRequestTime, optional: true },\n    ]),\n    subjectTypes: [SubjectType.Snap],\n  };\n};\n\nexport const rpcEndowmentBuilder = Object.freeze({\n  targetName,\n  specificationBuilder,\n} as const);\n\n/**\n * Validate the value of a caveat. This does not validate the type of the\n * caveat itself, only the value of the caveat.\n *\n * @param caveat - The caveat to validate.\n * @throws If the caveat value is invalid.\n */\nfunction validateCaveatOrigins(caveat: Caveat<string, any>) {\n  if (!hasProperty(caveat, 'value') || !isPlainObject(caveat.value)) {\n    throw rpcErrors.invalidParams({\n      message: 'Invalid JSON-RPC origins: Expected a plain object.',\n    });\n  }\n\n  const { value } = caveat;\n  assertIsRpcOrigins(value, rpcErrors.invalidParams);\n}\n\n/**\n * Map a raw value from the `initialPermissions` to a caveat specification.\n * Note that this function does not do any validation, that's handled by the\n * PermissionsController when the permission is requested.\n *\n * @param value - The raw value from the `initialPermissions`.\n * @returns The caveat specification.\n */\nexport function getRpcCaveatMapper(\n  value: Json,\n): Pick<PermissionConstraint, 'caveats'> {\n  return {\n    caveats: [\n      {\n        type: SnapCaveatType.RpcOrigin,\n        value,\n      },\n    ],\n  };\n}\n\n/**\n * Getter function to get the {@link RpcOrigins} caveat value from a permission.\n *\n * @param permission - The permission to get the caveat value from.\n * @returns The caveat value.\n * @throws If the permission does not have a valid {@link RpcOrigins} caveat.\n */\nexport function getRpcCaveatOrigins(\n  permission?: PermissionConstraint,\n): RpcOrigins | null {\n  const caveats = permission?.caveats?.filter(\n    (caveat) => caveat.type === SnapCaveatType.RpcOrigin,\n  );\n  assert(caveats);\n  assert(caveats.length === 1);\n\n  const caveat = caveats[0] as Caveat<string, RpcOrigins>;\n  return caveat.value;\n}\n\nexport const rpcCaveatSpecifications: Record<\n  SnapCaveatType.RpcOrigin,\n  CaveatSpecificationConstraint\n> = {\n  [SnapCaveatType.RpcOrigin]: Object.freeze({\n    type: SnapCaveatType.RpcOrigin,\n    validator: (caveat: Caveat<string, any>) => validateCaveatOrigins(caveat),\n  }),\n};\n"],"mappings":";;;;;AASA,SAAS,gBAAgB,mBAAmB;AAC5C,SAAS,iBAAiB;AAE1B,SAAS,oBAAoB,sBAAsB;AAEnD,SAAS,aAAa,eAAe,cAAc;AAKnD,IAAM;AAqBN,IAAM,uBAIF,CAAC,oBAA4C;AAC/C,SAAO;AAAA,IACL,gBAAgB,eAAe;AAAA,IAC/B;AAAA,IACA,gBAAgB,CAAC,eAAe,WAAW,eAAe,cAAc;AAAA,IACxE,iBAAiB,CAAC,mBAA2C;AAAA,IAC7D,WAAW,iCAAiC;AAAA,MAC1C,EAAE,MAAM,eAAe,UAAU;AAAA,MACjC,EAAE,MAAM,eAAe,gBAAgB,UAAU,KAAK;AAAA,IACxD,CAAC;AAAA,IACD,cAAc,CAAC,YAAY,IAAI;AAAA,EACjC;AACF;AAEO,IAAM,sBAAsB,OAAO,OAAO;AAAA,EAC/C;AAAA,EACA;AACF,CAAU;AASV,SAAS,sBAAsB,QAA6B;AAC1D,MAAI,CAAC,YAAY,QAAQ,OAAO,KAAK,CAAC,cAAc,OAAO,KAAK,GAAG;AACjE,UAAM,UAAU,cAAc;AAAA,MAC5B,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,QAAM,EAAE,MAAM,IAAI;AAClB,qBAAmB,OAAO,UAAU,aAAa;AACnD;AAUO,SAAS,mBACd,OACuC;AACvC,SAAO;AAAA,IACL,SAAS;AAAA,MACP;AAAA,QACE,MAAM,eAAe;AAAA,QACrB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AASO,SAAS,oBACd,YACmB;AACnB,QAAM,UAAU,YAAY,SAAS;AAAA,IACnC,CAACA,YAAWA,QAAO,SAAS,eAAe;AAAA,EAC7C;AACA,SAAO,OAAO;AACd,SAAO,QAAQ,WAAW,CAAC;AAE3B,QAAM,SAAS,QAAQ,CAAC;AACxB,SAAO,OAAO;AAChB;AAEO,IAAM,0BAGT;AAAA,EACF,CAAC,eAAe,SAAS,GAAG,OAAO,OAAO;AAAA,IACxC,MAAM,eAAe;AAAA,IACrB,WAAW,CAAC,WAAgC,sBAAsB,MAAM;AAAA,EAC1E,CAAC;AACH;","names":["caveat"]}

package/dist/chunk-VHY3NATP.js

@@ -0,0 +1,67 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});// src/restricted/caveats/permittedDerivationPaths.ts
+var _rpcerrors = require('@metamask/rpc-errors');
+
+
+
+
+var _snapsutils = require('@metamask/snaps-utils');
+var _utils = require('@metamask/utils');
+var _superstruct = require('superstruct');
+function permittedDerivationPathsCaveatMapper(value) {
+  return {
+    caveats: [
+      {
+        type: _snapsutils.SnapCaveatType.PermittedDerivationPaths,
+        value
+      }
+    ]
+  };
+}
+function validateBIP32Path(value) {
+  _utils.assertStruct.call(void 0, 
+    value,
+    _snapsutils.Bip32EntropyStruct,
+    "Invalid BIP-32 entropy path definition",
+    _rpcerrors.rpcErrors.invalidParams
+  );
+}
+function validateBIP32CaveatPaths(caveat) {
+  _utils.assertStruct.call(void 0, 
+    caveat,
+    _superstruct.type.call(void 0, { value: _superstruct.size.call(void 0, _superstruct.array.call(void 0, _snapsutils.Bip32EntropyStruct), 1, Infinity) }),
+    "Invalid BIP-32 entropy caveat",
+    _rpcerrors.rpcErrors.internal
+  );
+}
+var PermittedDerivationPathsCaveatSpecification = {
+  [_snapsutils.SnapCaveatType.PermittedDerivationPaths]: Object.freeze({
+    type: _snapsutils.SnapCaveatType.PermittedDerivationPaths,
+    decorator: (method, caveat) => {
+      return async (args) => {
+        const { params } = args;
+        validateBIP32Path(params);
+        const path = caveat.value.find(
+          (caveatPath) => _snapsutils.isEqual.call(void 0, 
+            params.path.slice(0, caveatPath.path.length),
+            caveatPath.path
+          ) && caveatPath.curve === params.curve
+        );
+        if (!path) {
+          throw _rpcerrors.providerErrors.unauthorized({
+            message: "The requested path is not permitted. Allowed paths must be specified in the snap manifest."
+          });
+        }
+        return await method(args);
+      };
+    },
+    validator: (caveat) => validateBIP32CaveatPaths(caveat)
+  })
+};
+
+
+
+
+
+
+exports.permittedDerivationPathsCaveatMapper = permittedDerivationPathsCaveatMapper; exports.validateBIP32Path = validateBIP32Path; exports.validateBIP32CaveatPaths = validateBIP32CaveatPaths; exports.PermittedDerivationPathsCaveatSpecification = PermittedDerivationPathsCaveatSpecification;
+//# sourceMappingURL=chunk-VHY3NATP.js.map

package/dist/chunk-VHY3NATP.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/restricted/caveats/permittedDerivationPaths.ts"],"names":[],"mappings":";AAKA,SAAS,gBAAgB,iBAAiB;AAE1C;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,SAAS,oBAAoB;AAC7B,SAAS,OAAO,MAAM,YAAY;AAU3B,SAAS,qCACd,OACuC;AACvC,SAAO;AAAA,IACL,SAAS;AAAA,MACP;AAAA,QACE,MAAM,eAAe;AAAA,QACrB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAWO,SAAS,kBACd,OAC+B;AAC/B;AAAA,IACE;AAAA,IACA;AAAA,IACA;AAAA,IACA,UAAU;AAAA,EACZ;AACF;AASO,SAAS,yBACd,QACkD;AAClD;AAAA,IACE;AAAA,IACA,KAAK,EAAE,OAAO,KAAK,MAAM,kBAAkB,GAAG,GAAG,QAAQ,EAAE,CAAC;AAAA,IAC5D;AAAA,IACA,UAAU;AAAA,EACZ;AACF;AAEO,IAAM,8CAGT;AAAA,EACF,CAAC,eAAe,wBAAwB,GAAG,OAAO,OAAO;AAAA,IACvD,MAAM,eAAe;AAAA,IACrB,WAAW,CACT,QACA,WACG;AACH,aAAO,OAAO,SAAS;AACrB,cAAM,EAAE,OAAO,IAAI;AACnB,0BAAkB,MAAM;AAExB,cAAM,OAAO,OAAO,MAAM;AAAA,UACxB,CAAC,eACC;AAAA,YACE,OAAO,KAAK,MAAM,GAAG,WAAW,KAAK,MAAM;AAAA,YAC3C,WAAW;AAAA,UACb,KAAK,WAAW,UAAU,OAAO;AAAA,QACrC;AAEA,YAAI,CAAC,MAAM;AACT,gBAAM,eAAe,aAAa;AAAA,YAChC,SACE;AAAA,UACJ,CAAC;AAAA,QACH;AAEA,eAAO,MAAM,OAAO,IAAI;AAAA,MAC1B;AAAA,IACF;AAAA,IACA,WAAW,CAAC,WAAW,yBAAyB,MAAM;AAAA,EACxD,CAAC;AACH","sourcesContent":["import type {\n  Caveat,\n  PermissionConstraint,\n  RestrictedMethodCaveatSpecificationConstraint,\n} from '@metamask/permission-controller';\nimport { providerErrors, rpcErrors } from '@metamask/rpc-errors';\nimport type { Bip32Entropy } from '@metamask/snaps-utils';\nimport {\n  SnapCaveatType,\n  Bip32EntropyStruct,\n  isEqual,\n} from '@metamask/snaps-utils';\nimport type { Json } from '@metamask/utils';\nimport { assertStruct } from '@metamask/utils';\nimport { array, size, type } from 'superstruct';\n\n/**\n * Map a raw value from the `initialPermissions` to a caveat specification.\n * Note that this function does not do any validation, that's handled by the\n * PermissionsController when the permission is requested.\n *\n * @param value - The raw value from the `initialPermissions`.\n * @returns The caveat specification.\n */\nexport function permittedDerivationPathsCaveatMapper(\n  value: Json,\n): Pick<PermissionConstraint, 'caveats'> {\n  return {\n    caveats: [\n      {\n        type: SnapCaveatType.PermittedDerivationPaths,\n        value,\n      },\n    ],\n  };\n}\n\n/**\n * Validate a caveat path object. The object must consist of a `path` array and\n * a `curve` string. Paths must start with `m`, and must contain at\n * least two indices. If `ed25519` is used, this checks if all the path indices\n * are hardened.\n *\n * @param value - The value to validate.\n * @throws If the value is invalid.\n */\nexport function validateBIP32Path(\n  value: unknown,\n): asserts value is Bip32Entropy {\n  assertStruct(\n    value,\n    Bip32EntropyStruct,\n    'Invalid BIP-32 entropy path definition',\n    rpcErrors.invalidParams,\n  );\n}\n\n/**\n * Validate the path values associated with a caveat. This validates that the\n * value is a non-empty array with valid derivation paths and curves.\n *\n * @param caveat - The caveat to validate.\n * @throws If the value is invalid.\n */\nexport function validateBIP32CaveatPaths(\n  caveat: Caveat<string, any>,\n): asserts caveat is Caveat<string, Bip32Entropy[]> {\n  assertStruct(\n    caveat,\n    type({ value: size(array(Bip32EntropyStruct), 1, Infinity) }),\n    'Invalid BIP-32 entropy caveat',\n    rpcErrors.internal,\n  );\n}\n\nexport const PermittedDerivationPathsCaveatSpecification: Record<\n  SnapCaveatType.PermittedDerivationPaths,\n  RestrictedMethodCaveatSpecificationConstraint\n> = {\n  [SnapCaveatType.PermittedDerivationPaths]: Object.freeze({\n    type: SnapCaveatType.PermittedDerivationPaths,\n    decorator: (\n      method,\n      caveat: Caveat<SnapCaveatType.PermittedDerivationPaths, Bip32Entropy[]>,\n    ) => {\n      return async (args) => {\n        const { params } = args;\n        validateBIP32Path(params);\n\n        const path = caveat.value.find(\n          (caveatPath) =>\n            isEqual(\n              params.path.slice(0, caveatPath.path.length),\n              caveatPath.path,\n            ) && caveatPath.curve === params.curve,\n        );\n\n        if (!path) {\n          throw providerErrors.unauthorized({\n            message:\n              'The requested path is not permitted. Allowed paths must be specified in the snap manifest.',\n          });\n        }\n\n        return await method(args);\n      };\n    },\n    validator: (caveat) => validateBIP32CaveatPaths(caveat),\n  }),\n};\n"]}

package/dist/chunk-VUA6ICJO.js

@@ -0,0 +1,52 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});// src/restricted/getBip44Entropy.ts
+var _keytree = require('@metamask/key-tree');
+var _permissioncontroller = require('@metamask/permission-controller');
+var _rpcerrors = require('@metamask/rpc-errors');
+var _snapsutils = require('@metamask/snaps-utils');
+var targetName = "snap_getBip44Entropy";
+var specificationBuilder = ({ methodHooks: methodHooks2 }) => {
+  return {
+    permissionType: _permissioncontroller.PermissionType.RestrictedMethod,
+    targetName,
+    allowedCaveats: [_snapsutils.SnapCaveatType.PermittedCoinTypes],
+    methodImplementation: getBip44EntropyImplementation(methodHooks2),
+    validator: ({ caveats }) => {
+      if (caveats?.length !== 1 || caveats[0].type !== _snapsutils.SnapCaveatType.PermittedCoinTypes) {
+        throw _rpcerrors.rpcErrors.invalidParams({
+          message: `Expected a single "${_snapsutils.SnapCaveatType.PermittedCoinTypes}" caveat.`
+        });
+      }
+    },
+    subjectTypes: [_permissioncontroller.SubjectType.Snap]
+  };
+};
+var methodHooks = {
+  getMnemonic: true,
+  getUnlockPromise: true
+};
+var getBip44EntropyBuilder = Object.freeze({
+  targetName,
+  specificationBuilder,
+  methodHooks
+});
+function getBip44EntropyImplementation({
+  getMnemonic,
+  getUnlockPromise
+}) {
+  return async function getBip44Entropy(args) {
+    await getUnlockPromise(true);
+    const params = args.params;
+    const node = await _keytree.BIP44CoinTypeNode.fromDerivationPath([
+      await getMnemonic(),
+      `bip32:44'`,
+      `bip32:${params.coinType}'`
+    ]);
+    return node.toJSON();
+  };
+}
+
+
+
+
+exports.getBip44EntropyBuilder = getBip44EntropyBuilder; exports.getBip44EntropyImplementation = getBip44EntropyImplementation;
+//# sourceMappingURL=chunk-VUA6ICJO.js.map

package/dist/chunk-VUA6ICJO.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/restricted/getBip44Entropy.ts"],"names":["methodHooks"],"mappings":";AAAA,SAAS,yBAAyB;AAOlC,SAAS,gBAAgB,mBAAmB;AAC5C,SAAS,iBAAiB;AAK1B,SAAS,sBAAsB;AAK/B,IAAM,aAAa;AAsCnB,IAAM,uBAIF,CAAC,EAAE,aAAAA,aAAY,MAAkD;AACnE,SAAO;AAAA,IACL,gBAAgB,eAAe;AAAA,IAC/B;AAAA,IACA,gBAAgB,CAAC,eAAe,kBAAkB;AAAA,IAClD,sBAAsB,8BAA8BA,YAAW;AAAA,IAC/D,WAAW,CAAC,EAAE,QAAQ,MAAM;AAC1B,UACE,SAAS,WAAW,KACpB,QAAQ,CAAC,EAAE,SAAS,eAAe,oBACnC;AACA,cAAM,UAAU,cAAc;AAAA,UAC5B,SAAS,sBAAsB,eAAe,kBAAkB;AAAA,QAClE,CAAC;AAAA,MACH;AAAA,IACF;AAAA,IACA,cAAc,CAAC,YAAY,IAAI;AAAA,EACjC;AACF;AAEA,IAAM,cAA6D;AAAA,EACjE,aAAa;AAAA,EACb,kBAAkB;AACpB;AAEO,IAAM,yBAAyB,OAAO,OAAO;AAAA,EAClD;AAAA,EACA;AAAA,EACA;AACF,CAAU;AAcH,SAAS,8BAA8B;AAAA,EAC5C;AAAA,EACA;AACF,GAA+B;AAC7B,SAAO,eAAe,gBACpB,MACgC;AAChC,UAAM,iBAAiB,IAAI;AAG3B,UAAM,SAAS,KAAK;AAEpB,UAAM,OAAO,MAAM,kBAAkB,mBAAmB;AAAA,MACtD,MAAM,YAAY;AAAA,MAClB;AAAA,MACA,SAAS,OAAO,QAAQ;AAAA,IAC1B,CAAC;AAED,WAAO,KAAK,OAAO;AAAA,EACrB;AACF","sourcesContent":["import { BIP44CoinTypeNode } from '@metamask/key-tree';\nimport type {\n  PermissionSpecificationBuilder,\n  PermissionValidatorConstraint,\n  RestrictedMethodOptions,\n  ValidPermissionSpecification,\n} from '@metamask/permission-controller';\nimport { PermissionType, SubjectType } from '@metamask/permission-controller';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport type {\n  GetBip44EntropyParams,\n  GetBip44EntropyResult,\n} from '@metamask/snaps-sdk';\nimport { SnapCaveatType } from '@metamask/snaps-utils';\nimport type { NonEmptyArray } from '@metamask/utils';\n\nimport type { MethodHooksObject } from '../utils';\n\nconst targetName = 'snap_getBip44Entropy';\n\nexport type GetBip44EntropyMethodHooks = {\n  /**\n   * @returns The mnemonic of the user's primary keyring.\n   */\n  getMnemonic: () => Promise<Uint8Array>;\n\n  /**\n   * Waits for the extension to be unlocked.\n   *\n   * @returns A promise that resolves once the extension is unlocked.\n   */\n  getUnlockPromise: (shouldShowUnlockRequest: boolean) => Promise<void>;\n};\n\ntype GetBip44EntropySpecificationBuilderOptions = {\n  methodHooks: GetBip44EntropyMethodHooks;\n};\n\ntype GetBip44EntropySpecification = ValidPermissionSpecification<{\n  permissionType: PermissionType.RestrictedMethod;\n  targetName: typeof targetName;\n  methodImplementation: ReturnType<typeof getBip44EntropyImplementation>;\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n  validator: PermissionValidatorConstraint;\n}>;\n\n/**\n * The specification builder for the `snap_getBip44Entropy` permission.\n * `snap_getBip44Entropy_*` lets the Snap control private keys for a particular\n * BIP-32 coin type.\n *\n * @param options - The specification builder options.\n * @param options.methodHooks - The RPC method hooks needed by the method\n * implementation.\n * @returns The specification for the `snap_getBip44Entropy` permission.\n */\nconst specificationBuilder: PermissionSpecificationBuilder<\n  PermissionType.RestrictedMethod,\n  GetBip44EntropySpecificationBuilderOptions,\n  GetBip44EntropySpecification\n> = ({ methodHooks }: GetBip44EntropySpecificationBuilderOptions) => {\n  return {\n    permissionType: PermissionType.RestrictedMethod,\n    targetName,\n    allowedCaveats: [SnapCaveatType.PermittedCoinTypes],\n    methodImplementation: getBip44EntropyImplementation(methodHooks),\n    validator: ({ caveats }) => {\n      if (\n        caveats?.length !== 1 ||\n        caveats[0].type !== SnapCaveatType.PermittedCoinTypes\n      ) {\n        throw rpcErrors.invalidParams({\n          message: `Expected a single \"${SnapCaveatType.PermittedCoinTypes}\" caveat.`,\n        });\n      }\n    },\n    subjectTypes: [SubjectType.Snap],\n  };\n};\n\nconst methodHooks: MethodHooksObject<GetBip44EntropyMethodHooks> = {\n  getMnemonic: true,\n  getUnlockPromise: true,\n};\n\nexport const getBip44EntropyBuilder = Object.freeze({\n  targetName,\n  specificationBuilder,\n  methodHooks,\n} as const);\n\n/**\n * Builds the method implementation for `snap_getBip44Entropy`.\n *\n * @param hooks - The RPC method hooks.\n * @param hooks.getMnemonic - A function to retrieve the Secret Recovery Phrase\n * of the user.\n * @param hooks.getUnlockPromise - A function that resolves once the MetaMask\n * extension is unlocked and prompts the user to unlock their MetaMask if it is\n * locked.\n * @returns The method implementation which returns a `BIP44CoinTypeNode`.\n * @throws If the params are invalid.\n */\nexport function getBip44EntropyImplementation({\n  getMnemonic,\n  getUnlockPromise,\n}: GetBip44EntropyMethodHooks) {\n  return async function getBip44Entropy(\n    args: RestrictedMethodOptions<GetBip44EntropyParams>,\n  ): Promise<GetBip44EntropyResult> {\n    await getUnlockPromise(true);\n\n    // `args.params` is validated by the decorator, so it's safe to assert here.\n    const params = args.params as GetBip44EntropyParams;\n\n    const node = await BIP44CoinTypeNode.fromDerivationPath([\n      await getMnemonic(),\n      `bip32:44'`,\n      `bip32:${params.coinType}'`,\n    ]);\n\n    return node.toJSON();\n  };\n}\n"]}

package/dist/chunk-VVBTXSID.mjs

@@ -0,0 +1,82 @@
+// src/restricted/invokeSnap.ts
+import { PermissionType } from "@metamask/permission-controller";
+import { rpcErrors } from "@metamask/rpc-errors";
+import { HandlerType, SnapCaveatType } from "@metamask/snaps-utils";
+var WALLET_SNAP_PERMISSION_KEY = "wallet_snap";
+var handleSnapInstall = async ({ requestData, messagingSystem }) => {
+  const snaps = requestData.permissions[WALLET_SNAP_PERMISSION_KEY].caveats?.[0].value;
+  const permittedSnaps = messagingSystem.call(
+    `SnapController:getPermitted`,
+    requestData.metadata.origin
+  );
+  const dedupedSnaps = Object.keys(snaps).reduce(
+    (filteredSnaps, snap) => {
+      if (!permittedSnaps[snap]) {
+        filteredSnaps[snap] = snaps[snap];
+      }
+      return filteredSnaps;
+    },
+    {}
+  );
+  return messagingSystem.call(
+    `SnapController:install`,
+    requestData.metadata.origin,
+    dedupedSnaps
+  );
+};
+var specificationBuilder = ({ methodHooks: methodHooks2 }) => {
+  return {
+    permissionType: PermissionType.RestrictedMethod,
+    targetName: WALLET_SNAP_PERMISSION_KEY,
+    allowedCaveats: [SnapCaveatType.SnapIds],
+    methodImplementation: getInvokeSnapImplementation(methodHooks2),
+    validator: ({ caveats }) => {
+      if (caveats?.length !== 1 || caveats[0].type !== SnapCaveatType.SnapIds) {
+        throw rpcErrors.invalidParams({
+          message: `Expected a single "${SnapCaveatType.SnapIds}" caveat.`
+        });
+      }
+    },
+    sideEffect: {
+      onPermitted: handleSnapInstall
+    }
+  };
+};
+var methodHooks = {
+  getSnap: true,
+  handleSnapRpcRequest: true
+};
+var invokeSnapBuilder = Object.freeze({
+  targetName: WALLET_SNAP_PERMISSION_KEY,
+  specificationBuilder,
+  methodHooks
+});
+function getInvokeSnapImplementation({
+  getSnap,
+  handleSnapRpcRequest
+}) {
+  return async function invokeSnap(options) {
+    const { params = {}, context } = options;
+    const { snapId, request } = params;
+    if (!getSnap(snapId)) {
+      throw rpcErrors.invalidRequest({
+        message: `The snap "${snapId}" is not installed. Please install it first, before invoking the snap.`
+      });
+    }
+    const { origin } = context;
+    return await handleSnapRpcRequest({
+      snapId,
+      origin,
+      request,
+      handler: HandlerType.OnRpcRequest
+    });
+  };
+}
+
+export {
+  WALLET_SNAP_PERMISSION_KEY,
+  handleSnapInstall,
+  invokeSnapBuilder,
+  getInvokeSnapImplementation
+};
+//# sourceMappingURL=chunk-VVBTXSID.mjs.map

package/dist/chunk-VVBTXSID.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/restricted/invokeSnap.ts"],"sourcesContent":["import type {\n  PermissionSpecificationBuilder,\n  RestrictedMethodOptions,\n  ValidPermissionSpecification,\n  PermissionValidatorConstraint,\n  PermissionSideEffect,\n} from '@metamask/permission-controller';\nimport { PermissionType } from '@metamask/permission-controller';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport type {\n  InvokeSnapResult,\n  RequestSnapsParams,\n  RequestSnapsResult,\n} from '@metamask/snaps-sdk';\nimport type { Snap, SnapRpcHookArgs } from '@metamask/snaps-utils';\nimport { HandlerType, SnapCaveatType } from '@metamask/snaps-utils';\nimport type { Json, NonEmptyArray } from '@metamask/utils';\n\nimport type { MethodHooksObject } from '../utils';\n\nexport const WALLET_SNAP_PERMISSION_KEY = 'wallet_snap';\n\n// Redeclare installSnaps action type to avoid circular dependencies\nexport type InstallSnaps = {\n  type: `SnapController:install`;\n  handler: (\n    origin: string,\n    requestedSnaps: RequestSnapsParams,\n  ) => Promise<RequestSnapsResult>;\n};\n\nexport type GetPermittedSnaps = {\n  type: `SnapController:getPermitted`;\n  handler: (origin: string) => RequestSnapsResult;\n};\n\ntype AllowedActions = InstallSnaps | GetPermittedSnaps;\n\nexport type InvokeSnapMethodHooks = {\n  getSnap: (snapId: string) => Snap | undefined;\n  handleSnapRpcRequest: ({\n    snapId,\n    origin,\n    handler,\n    request,\n  }: SnapRpcHookArgs & { snapId: string }) => Promise<unknown>;\n};\n\ntype InvokeSnapSpecificationBuilderOptions = {\n  allowedCaveats?: Readonly<NonEmptyArray<string>> | null;\n  methodHooks: InvokeSnapMethodHooks;\n};\n\ntype InvokeSnapSpecification = ValidPermissionSpecification<{\n  permissionType: PermissionType.RestrictedMethod;\n  targetName: typeof WALLET_SNAP_PERMISSION_KEY;\n  methodImplementation: ReturnType<typeof getInvokeSnapImplementation>;\n  allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n  validator: PermissionValidatorConstraint;\n  sideEffect: {\n    onPermitted: PermissionSideEffect<AllowedActions, never>['onPermitted'];\n  };\n}>;\n\nexport type InvokeSnapParams = {\n  snapId: string;\n  request: Record<string, Json>;\n};\n\n/**\n * The side-effect method to handle the snap install.\n *\n * @param params - The side-effect params.\n * @param params.requestData - The request data associated to the requested permission.\n * @param params.messagingSystem - The messenger to call an action.\n */\nexport const handleSnapInstall: PermissionSideEffect<\n  AllowedActions,\n  never\n>['onPermitted'] = async ({ requestData, messagingSystem }) => {\n  const snaps = requestData.permissions[WALLET_SNAP_PERMISSION_KEY].caveats?.[0]\n    .value as RequestSnapsParams;\n\n  const permittedSnaps = messagingSystem.call(\n    `SnapController:getPermitted`,\n    requestData.metadata.origin,\n  );\n\n  const dedupedSnaps = Object.keys(snaps).reduce<RequestSnapsParams>(\n    (filteredSnaps, snap) => {\n      if (!permittedSnaps[snap]) {\n        filteredSnaps[snap] = snaps[snap];\n      }\n      return filteredSnaps;\n    },\n    {},\n  );\n\n  return messagingSystem.call(\n    `SnapController:install`,\n    requestData.metadata.origin,\n    dedupedSnaps,\n  );\n};\n/**\n * The specification builder for the `wallet_snap_*` permission.\n *\n * `wallet_snap_*` attempts to invoke an RPC method of the specified Snap.\n *\n * Requesting its corresponding permission will attempt to connect to the Snap,\n * and install it if it's not available yet.\n *\n * @param options - The specification builder options.\n * @param options.methodHooks - The RPC method hooks needed by the method implementation.\n * @returns The specification for the `wallet_snap_*` permission.\n */\nconst specificationBuilder: PermissionSpecificationBuilder<\n  PermissionType.RestrictedMethod,\n  InvokeSnapSpecificationBuilderOptions,\n  InvokeSnapSpecification\n> = ({ methodHooks }: InvokeSnapSpecificationBuilderOptions) => {\n  return {\n    permissionType: PermissionType.RestrictedMethod,\n    targetName: WALLET_SNAP_PERMISSION_KEY,\n    allowedCaveats: [SnapCaveatType.SnapIds],\n    methodImplementation: getInvokeSnapImplementation(methodHooks),\n    validator: ({ caveats }) => {\n      if (caveats?.length !== 1 || caveats[0].type !== SnapCaveatType.SnapIds) {\n        throw rpcErrors.invalidParams({\n          message: `Expected a single \"${SnapCaveatType.SnapIds}\" caveat.`,\n        });\n      }\n    },\n    sideEffect: {\n      onPermitted: handleSnapInstall,\n    },\n  };\n};\n\nconst methodHooks: MethodHooksObject<InvokeSnapMethodHooks> = {\n  getSnap: true,\n  handleSnapRpcRequest: true,\n};\n\nexport const invokeSnapBuilder = Object.freeze({\n  targetName: WALLET_SNAP_PERMISSION_KEY,\n  specificationBuilder,\n  methodHooks,\n} as const);\n\n/**\n * Builds the method implementation for `wallet_snap_*`.\n *\n * @param hooks - The RPC method hooks.\n * @param hooks.getSnap - A function that retrieves all information stored about a snap.\n * @param hooks.handleSnapRpcRequest - A function that sends an RPC request to a snap's RPC handler or throws if that fails.\n * @returns The method implementation which returns the result of `handleSnapRpcRequest`.\n * @throws If the params are invalid.\n */\nexport function getInvokeSnapImplementation({\n  getSnap,\n  handleSnapRpcRequest,\n}: InvokeSnapMethodHooks) {\n  return async function invokeSnap(\n    options: RestrictedMethodOptions<InvokeSnapParams>,\n  ): Promise<InvokeSnapResult> {\n    const { params = {}, context } = options;\n\n    const { snapId, request } = params as InvokeSnapParams;\n\n    if (!getSnap(snapId)) {\n      throw rpcErrors.invalidRequest({\n        message: `The snap \"${snapId}\" is not installed. Please install it first, before invoking the snap.`,\n      });\n    }\n\n    const { origin } = context;\n\n    return (await handleSnapRpcRequest({\n      snapId,\n      origin,\n      request,\n      handler: HandlerType.OnRpcRequest,\n    })) as Json;\n  };\n}\n"],"mappings":";AAOA,SAAS,sBAAsB;AAC/B,SAAS,iBAAiB;AAO1B,SAAS,aAAa,sBAAsB;AAKrC,IAAM,6BAA6B;AAwDnC,IAAM,oBAGM,OAAO,EAAE,aAAa,gBAAgB,MAAM;AAC7D,QAAM,QAAQ,YAAY,YAAY,0BAA0B,EAAE,UAAU,CAAC,EAC1E;AAEH,QAAM,iBAAiB,gBAAgB;AAAA,IACrC;AAAA,IACA,YAAY,SAAS;AAAA,EACvB;AAEA,QAAM,eAAe,OAAO,KAAK,KAAK,EAAE;AAAA,IACtC,CAAC,eAAe,SAAS;AACvB,UAAI,CAAC,eAAe,IAAI,GAAG;AACzB,sBAAc,IAAI,IAAI,MAAM,IAAI;AAAA,MAClC;AACA,aAAO;AAAA,IACT;AAAA,IACA,CAAC;AAAA,EACH;AAEA,SAAO,gBAAgB;AAAA,IACrB;AAAA,IACA,YAAY,SAAS;AAAA,IACrB;AAAA,EACF;AACF;AAaA,IAAM,uBAIF,CAAC,EAAE,aAAAA,aAAY,MAA6C;AAC9D,SAAO;AAAA,IACL,gBAAgB,eAAe;AAAA,IAC/B,YAAY;AAAA,IACZ,gBAAgB,CAAC,eAAe,OAAO;AAAA,IACvC,sBAAsB,4BAA4BA,YAAW;AAAA,IAC7D,WAAW,CAAC,EAAE,QAAQ,MAAM;AAC1B,UAAI,SAAS,WAAW,KAAK,QAAQ,CAAC,EAAE,SAAS,eAAe,SAAS;AACvE,cAAM,UAAU,cAAc;AAAA,UAC5B,SAAS,sBAAsB,eAAe,OAAO;AAAA,QACvD,CAAC;AAAA,MACH;AAAA,IACF;AAAA,IACA,YAAY;AAAA,MACV,aAAa;AAAA,IACf;AAAA,EACF;AACF;AAEA,IAAM,cAAwD;AAAA,EAC5D,SAAS;AAAA,EACT,sBAAsB;AACxB;AAEO,IAAM,oBAAoB,OAAO,OAAO;AAAA,EAC7C,YAAY;AAAA,EACZ;AAAA,EACA;AACF,CAAU;AAWH,SAAS,4BAA4B;AAAA,EAC1C;AAAA,EACA;AACF,GAA0B;AACxB,SAAO,eAAe,WACpB,SAC2B;AAC3B,UAAM,EAAE,SAAS,CAAC,GAAG,QAAQ,IAAI;AAEjC,UAAM,EAAE,QAAQ,QAAQ,IAAI;AAE5B,QAAI,CAAC,QAAQ,MAAM,GAAG;AACpB,YAAM,UAAU,eAAe;AAAA,QAC7B,SAAS,aAAa,MAAM;AAAA,MAC9B,CAAC;AAAA,IACH;AAEA,UAAM,EAAE,OAAO,IAAI;AAEnB,WAAQ,MAAM,qBAAqB;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA,MACA,SAAS,YAAY;AAAA,IACvB,CAAC;AAAA,EACH;AACF;","names":["methodHooks"]}

package/dist/chunk-WFAY5FPP.mjs

@@ -0,0 +1,67 @@
+// src/restricted/caveats/permittedDerivationPaths.ts
+import { providerErrors, rpcErrors } from "@metamask/rpc-errors";
+import {
+  SnapCaveatType,
+  Bip32EntropyStruct,
+  isEqual
+} from "@metamask/snaps-utils";
+import { assertStruct } from "@metamask/utils";
+import { array, size, type } from "superstruct";
+function permittedDerivationPathsCaveatMapper(value) {
+  return {
+    caveats: [
+      {
+        type: SnapCaveatType.PermittedDerivationPaths,
+        value
+      }
+    ]
+  };
+}
+function validateBIP32Path(value) {
+  assertStruct(
+    value,
+    Bip32EntropyStruct,
+    "Invalid BIP-32 entropy path definition",
+    rpcErrors.invalidParams
+  );
+}
+function validateBIP32CaveatPaths(caveat) {
+  assertStruct(
+    caveat,
+    type({ value: size(array(Bip32EntropyStruct), 1, Infinity) }),
+    "Invalid BIP-32 entropy caveat",
+    rpcErrors.internal
+  );
+}
+var PermittedDerivationPathsCaveatSpecification = {
+  [SnapCaveatType.PermittedDerivationPaths]: Object.freeze({
+    type: SnapCaveatType.PermittedDerivationPaths,
+    decorator: (method, caveat) => {
+      return async (args) => {
+        const { params } = args;
+        validateBIP32Path(params);
+        const path = caveat.value.find(
+          (caveatPath) => isEqual(
+            params.path.slice(0, caveatPath.path.length),
+            caveatPath.path
+          ) && caveatPath.curve === params.curve
+        );
+        if (!path) {
+          throw providerErrors.unauthorized({
+            message: "The requested path is not permitted. Allowed paths must be specified in the snap manifest."
+          });
+        }
+        return await method(args);
+      };
+    },
+    validator: (caveat) => validateBIP32CaveatPaths(caveat)
+  })
+};
+
+export {
+  permittedDerivationPathsCaveatMapper,
+  validateBIP32Path,
+  validateBIP32CaveatPaths,
+  PermittedDerivationPathsCaveatSpecification
+};
+//# sourceMappingURL=chunk-WFAY5FPP.mjs.map

package/dist/chunk-WFAY5FPP.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/restricted/caveats/permittedDerivationPaths.ts"],"sourcesContent":["import type {\n  Caveat,\n  PermissionConstraint,\n  RestrictedMethodCaveatSpecificationConstraint,\n} from '@metamask/permission-controller';\nimport { providerErrors, rpcErrors } from '@metamask/rpc-errors';\nimport type { Bip32Entropy } from '@metamask/snaps-utils';\nimport {\n  SnapCaveatType,\n  Bip32EntropyStruct,\n  isEqual,\n} from '@metamask/snaps-utils';\nimport type { Json } from '@metamask/utils';\nimport { assertStruct } from '@metamask/utils';\nimport { array, size, type } from 'superstruct';\n\n/**\n * Map a raw value from the `initialPermissions` to a caveat specification.\n * Note that this function does not do any validation, that's handled by the\n * PermissionsController when the permission is requested.\n *\n * @param value - The raw value from the `initialPermissions`.\n * @returns The caveat specification.\n */\nexport function permittedDerivationPathsCaveatMapper(\n  value: Json,\n): Pick<PermissionConstraint, 'caveats'> {\n  return {\n    caveats: [\n      {\n        type: SnapCaveatType.PermittedDerivationPaths,\n        value,\n      },\n    ],\n  };\n}\n\n/**\n * Validate a caveat path object. The object must consist of a `path` array and\n * a `curve` string. Paths must start with `m`, and must contain at\n * least two indices. If `ed25519` is used, this checks if all the path indices\n * are hardened.\n *\n * @param value - The value to validate.\n * @throws If the value is invalid.\n */\nexport function validateBIP32Path(\n  value: unknown,\n): asserts value is Bip32Entropy {\n  assertStruct(\n    value,\n    Bip32EntropyStruct,\n    'Invalid BIP-32 entropy path definition',\n    rpcErrors.invalidParams,\n  );\n}\n\n/**\n * Validate the path values associated with a caveat. This validates that the\n * value is a non-empty array with valid derivation paths and curves.\n *\n * @param caveat - The caveat to validate.\n * @throws If the value is invalid.\n */\nexport function validateBIP32CaveatPaths(\n  caveat: Caveat<string, any>,\n): asserts caveat is Caveat<string, Bip32Entropy[]> {\n  assertStruct(\n    caveat,\n    type({ value: size(array(Bip32EntropyStruct), 1, Infinity) }),\n    'Invalid BIP-32 entropy caveat',\n    rpcErrors.internal,\n  );\n}\n\nexport const PermittedDerivationPathsCaveatSpecification: Record<\n  SnapCaveatType.PermittedDerivationPaths,\n  RestrictedMethodCaveatSpecificationConstraint\n> = {\n  [SnapCaveatType.PermittedDerivationPaths]: Object.freeze({\n    type: SnapCaveatType.PermittedDerivationPaths,\n    decorator: (\n      method,\n      caveat: Caveat<SnapCaveatType.PermittedDerivationPaths, Bip32Entropy[]>,\n    ) => {\n      return async (args) => {\n        const { params } = args;\n        validateBIP32Path(params);\n\n        const path = caveat.value.find(\n          (caveatPath) =>\n            isEqual(\n              params.path.slice(0, caveatPath.path.length),\n              caveatPath.path,\n            ) && caveatPath.curve === params.curve,\n        );\n\n        if (!path) {\n          throw providerErrors.unauthorized({\n            message:\n              'The requested path is not permitted. Allowed paths must be specified in the snap manifest.',\n          });\n        }\n\n        return await method(args);\n      };\n    },\n    validator: (caveat) => validateBIP32CaveatPaths(caveat),\n  }),\n};\n"],"mappings":";AAKA,SAAS,gBAAgB,iBAAiB;AAE1C;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,SAAS,oBAAoB;AAC7B,SAAS,OAAO,MAAM,YAAY;AAU3B,SAAS,qCACd,OACuC;AACvC,SAAO;AAAA,IACL,SAAS;AAAA,MACP;AAAA,QACE,MAAM,eAAe;AAAA,QACrB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAWO,SAAS,kBACd,OAC+B;AAC/B;AAAA,IACE;AAAA,IACA;AAAA,IACA;AAAA,IACA,UAAU;AAAA,EACZ;AACF;AASO,SAAS,yBACd,QACkD;AAClD;AAAA,IACE;AAAA,IACA,KAAK,EAAE,OAAO,KAAK,MAAM,kBAAkB,GAAG,GAAG,QAAQ,EAAE,CAAC;AAAA,IAC5D;AAAA,IACA,UAAU;AAAA,EACZ;AACF;AAEO,IAAM,8CAGT;AAAA,EACF,CAAC,eAAe,wBAAwB,GAAG,OAAO,OAAO;AAAA,IACvD,MAAM,eAAe;AAAA,IACrB,WAAW,CACT,QACA,WACG;AACH,aAAO,OAAO,SAAS;AACrB,cAAM,EAAE,OAAO,IAAI;AACnB,0BAAkB,MAAM;AAExB,cAAM,OAAO,OAAO,MAAM;AAAA,UACxB,CAAC,eACC;AAAA,YACE,OAAO,KAAK,MAAM,GAAG,WAAW,KAAK,MAAM;AAAA,YAC3C,WAAW;AAAA,UACb,KAAK,WAAW,UAAU,OAAO;AAAA,QACrC;AAEA,YAAI,CAAC,MAAM;AACT,gBAAM,eAAe,aAAa;AAAA,YAChC,SACE;AAAA,UACJ,CAAC;AAAA,QACH;AAEA,eAAO,MAAM,OAAO,IAAI;AAAA,MAC1B;AAAA,IACF;AAAA,IACA,WAAW,CAAC,WAAW,yBAAyB,MAAM;AAAA,EACxD,CAAC;AACH;","names":[]}

package/dist/chunk-WLDEPJGG.mjs

@@ -0,0 +1,43 @@
+// src/permitted/createInterface.ts
+import { rpcErrors } from "@metamask/rpc-errors";
+import { ComponentStruct } from "@metamask/snaps-sdk";
+import { StructError, create, object } from "superstruct";
+var hookNames = {
+  createInterface: true
+};
+var createInterfaceHandler = {
+  methodNames: ["snap_createInterface"],
+  implementation: getCreateInterfaceImplementation,
+  hookNames
+};
+var CreateInterfaceParametersStruct = object({
+  ui: ComponentStruct
+});
+async function getCreateInterfaceImplementation(req, res, _next, end, { createInterface }) {
+  const { params } = req;
+  try {
+    const validatedParams = getValidatedParams(params);
+    const { ui } = validatedParams;
+    res.result = await createInterface(ui);
+  } catch (error) {
+    return end(error);
+  }
+  return end();
+}
+function getValidatedParams(params) {
+  try {
+    return create(params, CreateInterfaceParametersStruct);
+  } catch (error) {
+    if (error instanceof StructError) {
+      throw rpcErrors.invalidParams({
+        message: `Invalid params: ${error.message}.`
+      });
+    }
+    throw rpcErrors.internal();
+  }
+}
+
+export {
+  createInterfaceHandler
+};
+//# sourceMappingURL=chunk-WLDEPJGG.mjs.map

package/dist/chunk-WLDEPJGG.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/permitted/createInterface.ts"],"sourcesContent":["import type { JsonRpcEngineEndCallback } from '@metamask/json-rpc-engine';\nimport type { PermittedHandlerExport } from '@metamask/permission-controller';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport type {\n  Component,\n  CreateInterfaceParams,\n  CreateInterfaceResult,\n  JsonRpcRequest,\n} from '@metamask/snaps-sdk';\nimport { ComponentStruct } from '@metamask/snaps-sdk';\nimport { type InferMatching } from '@metamask/snaps-utils';\nimport type { PendingJsonRpcResponse } from '@metamask/utils';\nimport { StructError, create, object } from 'superstruct';\n\nimport type { MethodHooksObject } from '../utils';\n\nconst hookNames: MethodHooksObject<CreateInterfaceMethodHooks> = {\n  createInterface: true,\n};\n\nexport type CreateInterfaceMethodHooks = {\n  /**\n   * @param ui - The UI components.\n   * @returns The unique identifier of the interface.\n   */\n  createInterface: (ui: Component) => Promise<string>;\n};\n\nexport const createInterfaceHandler: PermittedHandlerExport<\n  CreateInterfaceMethodHooks,\n  CreateInterfaceParameters,\n  CreateInterfaceResult\n> = {\n  methodNames: ['snap_createInterface'],\n  implementation: getCreateInterfaceImplementation,\n  hookNames,\n};\n\nconst CreateInterfaceParametersStruct = object({\n  ui: ComponentStruct,\n});\n\nexport type CreateInterfaceParameters = InferMatching<\n  typeof CreateInterfaceParametersStruct,\n  CreateInterfaceParams\n>;\n\n/**\n * The `snap_createInterface` method implementation.\n *\n * @param req - The JSON-RPC request object.\n * @param res - The JSON-RPC response object.\n * @param _next - The `json-rpc-engine` \"next\" callback. Not used by this\n * function.\n * @param end - The `json-rpc-engine` \"end\" callback.\n * @param hooks - The RPC method hooks.\n * @param hooks.createInterface - The function to create the interface.\n * @returns Nothing.\n */\nasync function getCreateInterfaceImplementation(\n  req: JsonRpcRequest<CreateInterfaceParameters>,\n  res: PendingJsonRpcResponse<CreateInterfaceResult>,\n  _next: unknown,\n  end: JsonRpcEngineEndCallback,\n  { createInterface }: CreateInterfaceMethodHooks,\n): Promise<void> {\n  const { params } = req;\n\n  try {\n    const validatedParams = getValidatedParams(params);\n\n    const { ui } = validatedParams;\n\n    res.result = await createInterface(ui);\n  } catch (error) {\n    return end(error);\n  }\n\n  return end();\n}\n\n/**\n * Validate the createInterface method `params` and returns them cast to the correct\n * type. Throws if validation fails.\n *\n * @param params - The unvalidated params object from the method request.\n * @returns The validated createInterface method parameter object.\n */\nfunction getValidatedParams(params: unknown): CreateInterfaceParameters {\n  try {\n    return create(params, CreateInterfaceParametersStruct);\n  } catch (error) {\n    if (error instanceof StructError) {\n      throw rpcErrors.invalidParams({\n        message: `Invalid params: ${error.message}.`,\n      });\n    }\n    /* istanbul ignore next */\n    throw rpcErrors.internal();\n  }\n}\n"],"mappings":";AAEA,SAAS,iBAAiB;AAO1B,SAAS,uBAAuB;AAGhC,SAAS,aAAa,QAAQ,cAAc;AAI5C,IAAM,YAA2D;AAAA,EAC/D,iBAAiB;AACnB;AAUO,IAAM,yBAIT;AAAA,EACF,aAAa,CAAC,sBAAsB;AAAA,EACpC,gBAAgB;AAAA,EAChB;AACF;AAEA,IAAM,kCAAkC,OAAO;AAAA,EAC7C,IAAI;AACN,CAAC;AAmBD,eAAe,iCACb,KACA,KACA,OACA,KACA,EAAE,gBAAgB,GACH;AACf,QAAM,EAAE,OAAO,IAAI;AAEnB,MAAI;AACF,UAAM,kBAAkB,mBAAmB,MAAM;AAEjD,UAAM,EAAE,GAAG,IAAI;AAEf,QAAI,SAAS,MAAM,gBAAgB,EAAE;AAAA,EACvC,SAAS,OAAO;AACd,WAAO,IAAI,KAAK;AAAA,EAClB;AAEA,SAAO,IAAI;AACb;AASA,SAAS,mBAAmB,QAA4C;AACtE,MAAI;AACF,WAAO,OAAO,QAAQ,+BAA+B;AAAA,EACvD,SAAS,OAAO;AACd,QAAI,iBAAiB,aAAa;AAChC,YAAM,UAAU,cAAc;AAAA,QAC5B,SAAS,mBAAmB,MAAM,OAAO;AAAA,MAC3C,CAAC;AAAA,IACH;AAEA,UAAM,UAAU,SAAS;AAAA,EAC3B;AACF;","names":[]}

package/dist/chunk-Y4LNTDZ2.mjs

@@ -0,0 +1,43 @@
+import {
+  PermittedCoinTypesCaveatSpecification,
+  permittedCoinTypesCaveatMapper
+} from "./chunk-EKXDFYIX.mjs";
+import {
+  PermittedDerivationPathsCaveatSpecification,
+  permittedDerivationPathsCaveatMapper
+} from "./chunk-WFAY5FPP.mjs";
+import {
+  SnapIdsCaveatSpecification,
+  snapIdsCaveatMapper
+} from "./chunk-CVK2TYJX.mjs";
+import {
+  getBip44EntropyBuilder
+} from "./chunk-LR7UR4YU.mjs";
+import {
+  getBip32EntropyBuilder
+} from "./chunk-TNRH2LRU.mjs";
+import {
+  getBip32PublicKeyBuilder
+} from "./chunk-6WUIFFMQ.mjs";
+import {
+  invokeSnapBuilder
+} from "./chunk-VVBTXSID.mjs";
+
+// src/restricted/caveats/index.ts
+var caveatSpecifications = {
+  ...PermittedDerivationPathsCaveatSpecification,
+  ...PermittedCoinTypesCaveatSpecification,
+  ...SnapIdsCaveatSpecification
+};
+var caveatMappers = {
+  [getBip32EntropyBuilder.targetName]: permittedDerivationPathsCaveatMapper,
+  [getBip32PublicKeyBuilder.targetName]: permittedDerivationPathsCaveatMapper,
+  [getBip44EntropyBuilder.targetName]: permittedCoinTypesCaveatMapper,
+  [invokeSnapBuilder.targetName]: snapIdsCaveatMapper
+};
+
+export {
+  caveatSpecifications,
+  caveatMappers
+};
+//# sourceMappingURL=chunk-Y4LNTDZ2.mjs.map

package/dist/chunk-Y4LNTDZ2.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/restricted/caveats/index.ts"],"sourcesContent":["import type { PermissionConstraint } from '@metamask/permission-controller';\nimport type { Json } from '@metamask/utils';\n\nimport { getBip32EntropyBuilder } from '../getBip32Entropy';\nimport { getBip32PublicKeyBuilder } from '../getBip32PublicKey';\nimport { getBip44EntropyBuilder } from '../getBip44Entropy';\nimport { invokeSnapBuilder } from '../invokeSnap';\nimport {\n  permittedCoinTypesCaveatMapper,\n  PermittedCoinTypesCaveatSpecification,\n} from './permittedCoinTypes';\nimport {\n  permittedDerivationPathsCaveatMapper,\n  PermittedDerivationPathsCaveatSpecification,\n} from './permittedDerivationPaths';\nimport { snapIdsCaveatMapper, SnapIdsCaveatSpecification } from './snapIds';\n\nexport const caveatSpecifications = {\n  ...PermittedDerivationPathsCaveatSpecification,\n  ...PermittedCoinTypesCaveatSpecification,\n  ...SnapIdsCaveatSpecification,\n} as const;\n\nexport const caveatMappers: Record<\n  string,\n  (value: Json) => Pick<PermissionConstraint, 'caveats'>\n> = {\n  [getBip32EntropyBuilder.targetName]: permittedDerivationPathsCaveatMapper,\n  [getBip32PublicKeyBuilder.targetName]: permittedDerivationPathsCaveatMapper,\n  [getBip44EntropyBuilder.targetName]: permittedCoinTypesCaveatMapper,\n  [invokeSnapBuilder.targetName]: snapIdsCaveatMapper,\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAiBO,IAAM,uBAAuB;AAAA,EAClC,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AACL;AAEO,IAAM,gBAGT;AAAA,EACF,CAAC,uBAAuB,UAAU,GAAG;AAAA,EACrC,CAAC,yBAAyB,UAAU,GAAG;AAAA,EACvC,CAAC,uBAAuB,UAAU,GAAG;AAAA,EACrC,CAAC,kBAAkB,UAAU,GAAG;AAClC;","names":[]}