@metamask/snaps-utils 2.0.0 → 3.0.0

package/CHANGELOG.md

@@ -6,6 +6,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [3.0.0]
+### Added
+- Add keyring export and endowment ([#1787](https://github.com/MetaMask/snaps/pull/1787))
+- Add optional `allowedOrigins` field to `endowment:rpc` ([#1822](https://github.com/MetaMask/snaps/pull/1822))
+  - This can be used to only accept certain origins in your Snap.
+
+### Changed
+- **BREAKING:** Bump minimum Node.js version to `^18.16.0` ([#1741](https://github.com/MetaMask/snaps/pull/1741))
+
+## [2.0.1]
+### Changed
+- Remove deprecated `endowment:long-running` ([#1751](https://github.com/MetaMask/snaps/pull/1751))
+
 ## [2.0.0]
 ### Changed
 - Initial stable release from main branch ([#1757](https://github.com/MetaMask/snaps/pull/1757))
@@ -46,7 +59,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - The version of the package no longer needs to match the version of all other
     MetaMask Snaps packages.
 
-[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-utils@2.0.0...HEAD
+[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-utils@3.0.0...HEAD
+[3.0.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-utils@2.0.1...@metamask/snaps-utils@3.0.0
+[2.0.1]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-utils@2.0.0...@metamask/snaps-utils@2.0.1
 [2.0.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-utils@0.38.4-flask.1...@metamask/snaps-utils@2.0.0
 [0.38.4-flask.1]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-utils@0.38.3-flask.1...@metamask/snaps-utils@0.38.4-flask.1
 [0.38.3-flask.1]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-utils@0.38.2-flask.1...@metamask/snaps-utils@0.38.3-flask.1

package/dist/cjs/caveats.js

@@ -26,6 +26,9 @@ var SnapCaveatType;
    * The origins that a Snap can receive JSON-RPC messages from.
    */ "RpcOrigin"] = 'rpcOrigin';
     SnapCaveatType[/**
+   * The origins that a Snap can receive keyring messages from.
+   */ "KeyringOrigin"] = 'keyringOrigin';
+    SnapCaveatType[/**
    * Caveat specifying the snap IDs that can be interacted with.
    */ "SnapIds"] = 'snapIds';
     SnapCaveatType[/**

package/dist/cjs/caveats.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/caveats.ts"],"sourcesContent":["export enum SnapCaveatType {\n  /**\n   * Permitted derivation paths, used by `snap_getBip32Entropy`.\n   */\n  PermittedDerivationPaths = 'permittedDerivationPaths',\n\n  /**\n   * Permitted coin types, used by `snap_getBip44Entropy`.\n   */\n  PermittedCoinTypes = 'permittedCoinTypes',\n\n  /**\n   * Caveat specifying a snap cronjob.\n   */\n  SnapCronjob = 'snapCronjob',\n\n  /**\n   * Caveat specifying access to the transaction origin, used by `endowment:transaction-insight`.\n   */\n  TransactionOrigin = 'transactionOrigin',\n\n  /**\n   * The origins that a Snap can receive JSON-RPC messages from.\n   */\n  RpcOrigin = 'rpcOrigin',\n\n  /**\n   * Caveat specifying the snap IDs that can be interacted with.\n   */\n  SnapIds = 'snapIds',\n\n  /**\n   * Caveat specifying the CAIP-2 chain IDs that a snap can service, currently limited to `endowment:name-lookup`.\n   */\n  ChainIds = 'chainIds',\n}\n"],"names":["SnapCaveatType","PermittedDerivationPaths","PermittedCoinTypes","SnapCronjob","TransactionOrigin","RpcOrigin","SnapIds","ChainIds"],"mappings":";;;;;;;;;;IAAO;UAAKA,cAAc;IAAdA,eACV;;GAEC,GACDC,8BAA2B;IAJjBD,eAMV;;GAEC,GACDE,wBAAqB;IATXF,eAWV;;GAEC,GACDG,iBAAc;IAdJH,eAgBV;;GAEC,GACDI,uBAAoB;IAnBVJ,eAqBV;;GAEC,GACDK,eAAY;IAxBFL,eA0BV;;GAEC,GACDM,aAAU;IA7BAN,eA+BV;;GAEC,GACDO,cAAW;GAlCDP,mBAAAA"}
+{"version":3,"sources":["../../src/caveats.ts"],"sourcesContent":["export enum SnapCaveatType {\n  /**\n   * Permitted derivation paths, used by `snap_getBip32Entropy`.\n   */\n  PermittedDerivationPaths = 'permittedDerivationPaths',\n\n  /**\n   * Permitted coin types, used by `snap_getBip44Entropy`.\n   */\n  PermittedCoinTypes = 'permittedCoinTypes',\n\n  /**\n   * Caveat specifying a snap cronjob.\n   */\n  SnapCronjob = 'snapCronjob',\n\n  /**\n   * Caveat specifying access to the transaction origin, used by `endowment:transaction-insight`.\n   */\n  TransactionOrigin = 'transactionOrigin',\n\n  /**\n   * The origins that a Snap can receive JSON-RPC messages from.\n   */\n  RpcOrigin = 'rpcOrigin',\n\n  /**\n   * The origins that a Snap can receive keyring messages from.\n   */\n  KeyringOrigin = 'keyringOrigin',\n\n  /**\n   * Caveat specifying the snap IDs that can be interacted with.\n   */\n  SnapIds = 'snapIds',\n\n  /**\n   * Caveat specifying the CAIP-2 chain IDs that a snap can service, currently limited to `endowment:name-lookup`.\n   */\n  ChainIds = 'chainIds',\n}\n"],"names":["SnapCaveatType","PermittedDerivationPaths","PermittedCoinTypes","SnapCronjob","TransactionOrigin","RpcOrigin","KeyringOrigin","SnapIds","ChainIds"],"mappings":";;;;;;;;;;IAAO;UAAKA,cAAc;IAAdA,eACV;;GAEC,GACDC,8BAA2B;IAJjBD,eAMV;;GAEC,GACDE,wBAAqB;IATXF,eAWV;;GAEC,GACDG,iBAAc;IAdJH,eAgBV;;GAEC,GACDI,uBAAoB;IAnBVJ,eAqBV;;GAEC,GACDK,eAAY;IAxBFL,eA0BV;;GAEC,GACDM,mBAAgB;IA7BNN,eA+BV;;GAEC,GACDO,aAAU;IAlCAP,eAoCV;;GAEC,GACDQ,cAAW;GAvCDR,mBAAAA"}

package/dist/cjs/handlers.js

@@ -27,6 +27,7 @@ var HandlerType;
     HandlerType["OnInstall"] = 'onInstall';
     HandlerType["OnUpdate"] = 'onUpdate';
     HandlerType["OnNameLookup"] = 'onNameLookup';
+    HandlerType["OnKeyringRequest"] = 'onKeyringRequest';
 })(HandlerType || (HandlerType = {}));
 const SNAP_EXPORTS = {
     [HandlerType.OnRpcRequest]: {
@@ -70,6 +71,13 @@ const SNAP_EXPORTS = {
         validator: (snapExport)=>{
             return typeof snapExport === 'function';
         }
+    },
+    [HandlerType.OnKeyringRequest]: {
+        type: HandlerType.OnKeyringRequest,
+        required: true,
+        validator: (snapExport)=>{
+            return typeof snapExport === 'function';
+        }
     }
 };
 var SeverityLevel;

package/dist/cjs/handlers.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/handlers.ts"],"sourcesContent":["import type { Component } from '@metamask/snaps-ui';\nimport type { Json, JsonRpcParams, JsonRpcRequest } from '@metamask/utils';\n\nimport type { EnumToUnion } from './enum';\nimport type { AccountAddress, Caip2ChainId } from './namespace';\n\nexport enum HandlerType {\n  OnRpcRequest = 'onRpcRequest',\n  OnTransaction = 'onTransaction',\n  OnCronjob = 'onCronjob',\n  OnInstall = 'onInstall',\n  OnUpdate = 'onUpdate',\n  OnNameLookup = 'onNameLookup',\n}\n\ntype SnapHandler = {\n  /**\n   * The type of handler.\n   */\n  type: HandlerType;\n\n  /**\n   * Whether the handler is required, i.e., whether the request will fail if the\n   * handler is called, but the snap does not export it.\n   *\n   * This is primarily used for the lifecycle handlers, which are optional.\n   */\n  required: boolean;\n\n  /**\n   * Validate the given snap export. This should return a type guard for the\n   * handler type.\n   *\n   * @param snapExport - The export to validate.\n   * @returns Whether the export is valid.\n   */\n  validator: (snapExport: unknown) => boolean;\n};\n\nexport const SNAP_EXPORTS = {\n  [HandlerType.OnRpcRequest]: {\n    type: HandlerType.OnRpcRequest,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnRpcRequestHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnTransaction]: {\n    type: HandlerType.OnTransaction,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnTransactionHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnCronjob]: {\n    type: HandlerType.OnCronjob,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnCronjobHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnNameLookup]: {\n    type: HandlerType.OnNameLookup,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnNameLookupHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnInstall]: {\n    type: HandlerType.OnInstall,\n    required: false,\n    validator: (snapExport: unknown): snapExport is OnInstallHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnUpdate]: {\n    type: HandlerType.OnUpdate,\n    required: false,\n    validator: (snapExport: unknown): snapExport is OnUpdateHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n} as const;\n\n/**\n * The `onRpcRequest` handler. This is called whenever a JSON-RPC request is\n * made to the snap.\n *\n * @param args - The request arguments.\n * @param args.origin - The origin of the request. This can be the ID of another\n * snap, or the URL of a dapp.\n * @param args.request - The JSON-RPC request sent to the snap.\n * @returns The JSON-RPC response. This must be a JSON-serializable value.\n */\nexport type OnRpcRequestHandler<Params extends JsonRpcParams = JsonRpcParams> =\n  (args: {\n    origin: string;\n    request: JsonRpcRequest<Params>;\n  }) => Promise<unknown>;\n\n/**\n * Enum used to specify the severity level of content being returned from a transaction insight.\n */\nexport enum SeverityLevel {\n  Critical = 'critical',\n}\n\n/**\n * The response from a snap's `onTransaction` handler.\n *\n * @property content - A custom UI component, that will be shown in MetaMask. Can be created using `@metamask/snaps-ui`.\n *\n * If the snap has no insights about the transaction, this should be `null`.\n */\nexport type OnTransactionResponse = {\n  content: Component | null;\n  severity?: EnumToUnion<SeverityLevel>;\n};\n\n/**\n * The `onTransaction` handler. This is called whenever a transaction is\n * submitted to the snap. It can return insights about the transaction, which\n * will be displayed to the user.\n *\n * @param args - The request arguments.\n * @param args.transaction - The transaction object.\n * @param args.chainId - The CAIP-2 chain ID of the network the transaction is\n * being submitted to.\n * @param args.transactionOrigin - The origin of the transaction. This is the\n * URL of the dapp that submitted the transaction.\n * @returns Insights about the transaction. See {@link OnTransactionResponse}.\n */\n// TODO: Improve type.\nexport type OnTransactionHandler = (args: {\n  transaction: { [key: string]: Json };\n  chainId: string;\n  transactionOrigin?: string;\n}) => Promise<OnTransactionResponse>;\n\n/**\n * The `onCronjob` handler. This is called on a regular interval, as defined by\n * the snap's manifest.\n *\n * @param args - The request arguments.\n * @param args.request - The JSON-RPC request sent to the snap.\n */\nexport type OnCronjobHandler<Params extends JsonRpcParams = JsonRpcParams> =\n  (args: { request: JsonRpcRequest<Params> }) => Promise<unknown>;\n\n/**\n * A handler that can be used for the lifecycle hooks.\n */\nexport type LifecycleEventHandler = (args: {\n  request: JsonRpcRequest;\n}) => Promise<unknown>;\n\n/**\n * The `onInstall` handler. This is called after the snap is installed.\n *\n * This type is an alias for {@link LifecycleEventHandler}.\n */\nexport type OnInstallHandler = LifecycleEventHandler;\n\n/**\n * The `onUpdate` handler. This is called after the snap is updated.\n *\n * This type is an alias for {@link LifecycleEventHandler}.\n */\nexport type OnUpdateHandler = LifecycleEventHandler;\n\n/**\n * Utility type for getting the handler function type from a handler type.\n */\nexport type HandlerFunction<Type extends SnapHandler> =\n  Type['validator'] extends (snapExport: unknown) => snapExport is infer Handler\n    ? Handler\n    : never;\n\n/**\n * The response from a snap's `onNameLookup` handler.\n *\n * @property resolvedAddress - The resolved address for a given domain.\n * @property resolvedDomain - The resolved domain for a given address.\n *\n *\n * If the snap has no resolved address/domain from its lookup, this should be `null`.\n */\nexport type OnNameLookupResponse =\n  | {\n      resolvedAddress: AccountAddress;\n      resolvedDomain?: never;\n    }\n  | { resolvedDomain: string; resolvedAddress?: never }\n  | null;\n\nexport type OnNameLookupArgs = {\n  chainId: Caip2ChainId;\n} & ({ domain: string; address?: never } | { address: string; domain?: never });\n\n/**\n * The `onNameLookup` handler. This is called whenever content is entered\n * into the send to field for sending assets to an EOA address.\n *\n * @param args - The request arguments.\n * @param args.domain - The human-readable address that is to be resolved.\n * @param args.chainId - The CAIP-2 chain ID of the network the transaction is\n * being submitted to.\n * @param args.address - The address that is to be resolved.\n * @returns Resolved address/domain from the lookup. See {@link OnNameLookupResponse}.\n */\nexport type OnNameLookupHandler = (\n  args: OnNameLookupArgs,\n) => Promise<OnNameLookupResponse>;\n\n/**\n * All the function-based handlers that a snap can implement.\n */\nexport type SnapFunctionExports = {\n  [Key in keyof typeof SNAP_EXPORTS]?: HandlerFunction<\n    typeof SNAP_EXPORTS[Key]\n  >;\n};\n\n/**\n * All handlers that a snap can implement.\n */\nexport type SnapExports = SnapFunctionExports;\n"],"names":["SNAP_EXPORTS","HandlerType","OnRpcRequest","OnTransaction","OnCronjob","OnInstall","OnUpdate","OnNameLookup","type","required","validator","snapExport","SeverityLevel","Critical"],"mappings":";;;;;;;;;;;;;;;;;IAuCaA,YAAY;eAAZA;;;IAjCN;UAAKC,WAAW;IAAXA,YACVC,kBAAe;IADLD,YAEVE,mBAAgB;IAFNF,YAGVG,eAAY;IAHFH,YAIVI,eAAY;IAJFJ,YAKVK,cAAW;IALDL,YAMVM,kBAAe;GANLN,gBAAAA;AAiCL,MAAMD,eAAe;IAC1B,CAACC,YAAYC,YAAY,CAAC,EAAE;QAC1BM,MAAMP,YAAYC,YAAY;QAC9BO,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACV,YAAYE,aAAa,CAAC,EAAE;QAC3BK,MAAMP,YAAYE,aAAa;QAC/BM,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACV,YAAYG,SAAS,CAAC,EAAE;QACvBI,MAAMP,YAAYG,SAAS;QAC3BK,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACV,YAAYM,YAAY,CAAC,EAAE;QAC1BC,MAAMP,YAAYM,YAAY;QAC9BE,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACV,YAAYI,SAAS,CAAC,EAAE;QACvBG,MAAMP,YAAYI,SAAS;QAC3BI,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACV,YAAYK,QAAQ,CAAC,EAAE;QACtBE,MAAMP,YAAYK,QAAQ;QAC1BG,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;AACF;IAqBO;UAAKC,aAAa;IAAbA,cACVC,cAAW;GADDD,kBAAAA"}
+{"version":3,"sources":["../../src/handlers.ts"],"sourcesContent":["import type { Component } from '@metamask/snaps-ui';\nimport type { Json, JsonRpcParams, JsonRpcRequest } from '@metamask/utils';\n\nimport type { EnumToUnion } from './enum';\nimport type { AccountAddress, Caip2ChainId } from './namespace';\n\nexport enum HandlerType {\n  OnRpcRequest = 'onRpcRequest',\n  OnTransaction = 'onTransaction',\n  OnCronjob = 'onCronjob',\n  OnInstall = 'onInstall',\n  OnUpdate = 'onUpdate',\n  OnNameLookup = 'onNameLookup',\n  OnKeyringRequest = 'onKeyringRequest',\n}\n\ntype SnapHandler = {\n  /**\n   * The type of handler.\n   */\n  type: HandlerType;\n\n  /**\n   * Whether the handler is required, i.e., whether the request will fail if the\n   * handler is called, but the snap does not export it.\n   *\n   * This is primarily used for the lifecycle handlers, which are optional.\n   */\n  required: boolean;\n\n  /**\n   * Validate the given snap export. This should return a type guard for the\n   * handler type.\n   *\n   * @param snapExport - The export to validate.\n   * @returns Whether the export is valid.\n   */\n  validator: (snapExport: unknown) => boolean;\n};\n\nexport const SNAP_EXPORTS = {\n  [HandlerType.OnRpcRequest]: {\n    type: HandlerType.OnRpcRequest,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnRpcRequestHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnTransaction]: {\n    type: HandlerType.OnTransaction,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnTransactionHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnCronjob]: {\n    type: HandlerType.OnCronjob,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnCronjobHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnNameLookup]: {\n    type: HandlerType.OnNameLookup,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnNameLookupHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnInstall]: {\n    type: HandlerType.OnInstall,\n    required: false,\n    validator: (snapExport: unknown): snapExport is OnInstallHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnUpdate]: {\n    type: HandlerType.OnUpdate,\n    required: false,\n    validator: (snapExport: unknown): snapExport is OnUpdateHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnKeyringRequest]: {\n    type: HandlerType.OnKeyringRequest,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnKeyringRequestHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n} as const;\n\n/**\n * The `onRpcRequest` handler. This is called whenever a JSON-RPC request is\n * made to the snap.\n *\n * @param args - The request arguments.\n * @param args.origin - The origin of the request. This can be the ID of another\n * snap, or the URL of a dapp.\n * @param args.request - The JSON-RPC request sent to the snap.\n * @returns The JSON-RPC response. This must be a JSON-serializable value.\n */\nexport type OnRpcRequestHandler<Params extends JsonRpcParams = JsonRpcParams> =\n  (args: {\n    origin: string;\n    request: JsonRpcRequest<Params>;\n  }) => Promise<unknown>;\n\n/**\n * Enum used to specify the severity level of content being returned from a transaction insight.\n */\nexport enum SeverityLevel {\n  Critical = 'critical',\n}\n\n/**\n * The response from a snap's `onTransaction` handler.\n *\n * @property content - A custom UI component, that will be shown in MetaMask. Can be created using `@metamask/snaps-ui`.\n *\n * If the snap has no insights about the transaction, this should be `null`.\n */\nexport type OnTransactionResponse = {\n  content: Component | null;\n  severity?: EnumToUnion<SeverityLevel>;\n};\n\n/**\n * The `onTransaction` handler. This is called whenever a transaction is\n * submitted to the snap. It can return insights about the transaction, which\n * will be displayed to the user.\n *\n * @param args - The request arguments.\n * @param args.transaction - The transaction object.\n * @param args.chainId - The CAIP-2 chain ID of the network the transaction is\n * being submitted to.\n * @param args.transactionOrigin - The origin of the transaction. This is the\n * URL of the dapp that submitted the transaction.\n * @returns Insights about the transaction. See {@link OnTransactionResponse}.\n */\n// TODO: Improve type.\nexport type OnTransactionHandler = (args: {\n  transaction: { [key: string]: Json };\n  chainId: string;\n  transactionOrigin?: string;\n}) => Promise<OnTransactionResponse>;\n\n/**\n * The `onCronjob` handler. This is called on a regular interval, as defined by\n * the snap's manifest.\n *\n * @param args - The request arguments.\n * @param args.request - The JSON-RPC request sent to the snap.\n */\nexport type OnCronjobHandler<Params extends JsonRpcParams = JsonRpcParams> =\n  (args: { request: JsonRpcRequest<Params> }) => Promise<unknown>;\n\n/**\n * A handler that can be used for the lifecycle hooks.\n */\nexport type LifecycleEventHandler = (args: {\n  request: JsonRpcRequest;\n}) => Promise<unknown>;\n\n/**\n * The `onInstall` handler. This is called after the snap is installed.\n *\n * This type is an alias for {@link LifecycleEventHandler}.\n */\nexport type OnInstallHandler = LifecycleEventHandler;\n\n/**\n * The `onUpdate` handler. This is called after the snap is updated.\n *\n * This type is an alias for {@link LifecycleEventHandler}.\n */\nexport type OnUpdateHandler = LifecycleEventHandler;\n\n/**\n * The `onKeyringRequest` handler. This is called by the MetaMask client for\n * privileged keyring actions.\n *\n * @param args - The request arguments.\n * @param args.origin - The origin of the request. This can be the ID of\n * another snap, or the URL of a dapp.\n * @param args.request - The JSON-RPC request sent to the snap.\n */\nexport type OnKeyringRequestHandler<\n  Params extends JsonRpcParams = JsonRpcParams,\n> = (args: {\n  origin: string;\n  request: JsonRpcRequest<Params>;\n}) => Promise<unknown>;\n\n/**\n * Utility type for getting the handler function type from a handler type.\n */\nexport type HandlerFunction<Type extends SnapHandler> =\n  Type['validator'] extends (snapExport: unknown) => snapExport is infer Handler\n    ? Handler\n    : never;\n\n/**\n * The response from a snap's `onNameLookup` handler.\n *\n * @property resolvedAddress - The resolved address for a given domain.\n * @property resolvedDomain - The resolved domain for a given address.\n *\n *\n * If the snap has no resolved address/domain from its lookup, this should be `null`.\n */\nexport type OnNameLookupResponse =\n  | {\n      resolvedAddress: AccountAddress;\n      resolvedDomain?: never;\n    }\n  | { resolvedDomain: string; resolvedAddress?: never }\n  | null;\n\nexport type OnNameLookupArgs = {\n  chainId: Caip2ChainId;\n} & ({ domain: string; address?: never } | { address: string; domain?: never });\n\n/**\n * The `onNameLookup` handler. This is called whenever content is entered\n * into the send to field for sending assets to an EOA address.\n *\n * @param args - The request arguments.\n * @param args.domain - The human-readable address that is to be resolved.\n * @param args.chainId - The CAIP-2 chain ID of the network the transaction is\n * being submitted to.\n * @param args.address - The address that is to be resolved.\n * @returns Resolved address/domain from the lookup. See {@link OnNameLookupResponse}.\n */\nexport type OnNameLookupHandler = (\n  args: OnNameLookupArgs,\n) => Promise<OnNameLookupResponse>;\n\n/**\n * All the function-based handlers that a snap can implement.\n */\nexport type SnapFunctionExports = {\n  [Key in keyof typeof SNAP_EXPORTS]?: HandlerFunction<\n    (typeof SNAP_EXPORTS)[Key]\n  >;\n};\n\n/**\n * All handlers that a snap can implement.\n */\nexport type SnapExports = SnapFunctionExports;\n"],"names":["SNAP_EXPORTS","HandlerType","OnRpcRequest","OnTransaction","OnCronjob","OnInstall","OnUpdate","OnNameLookup","OnKeyringRequest","type","required","validator","snapExport","SeverityLevel","Critical"],"mappings":";;;;;;;;;;;;;;;;;IAwCaA,YAAY;eAAZA;;;IAlCN;UAAKC,WAAW;IAAXA,YACVC,kBAAe;IADLD,YAEVE,mBAAgB;IAFNF,YAGVG,eAAY;IAHFH,YAIVI,eAAY;IAJFJ,YAKVK,cAAW;IALDL,YAMVM,kBAAe;IANLN,YAOVO,sBAAmB;GAPTP,gBAAAA;AAkCL,MAAMD,eAAe;IAC1B,CAACC,YAAYC,YAAY,CAAC,EAAE;QAC1BO,MAAMR,YAAYC,YAAY;QAC9BQ,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACX,YAAYE,aAAa,CAAC,EAAE;QAC3BM,MAAMR,YAAYE,aAAa;QAC/BO,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACX,YAAYG,SAAS,CAAC,EAAE;QACvBK,MAAMR,YAAYG,SAAS;QAC3BM,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACX,YAAYM,YAAY,CAAC,EAAE;QAC1BE,MAAMR,YAAYM,YAAY;QAC9BG,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACX,YAAYI,SAAS,CAAC,EAAE;QACvBI,MAAMR,YAAYI,SAAS;QAC3BK,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACX,YAAYK,QAAQ,CAAC,EAAE;QACtBG,MAAMR,YAAYK,QAAQ;QAC1BI,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACX,YAAYO,gBAAgB,CAAC,EAAE;QAC9BC,MAAMR,YAAYO,gBAAgB;QAClCE,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;AACF;IAqBO;UAAKC,aAAa;IAAbA,cACVC,cAAW;GADDD,kBAAAA"}

package/dist/cjs/json-rpc.js

@@ -15,25 +15,60 @@ _export(exports, {
     assertIsRpcOrigins: function() {
         return assertIsRpcOrigins;
     },
+    KeyringOriginsStruct: function() {
+        return KeyringOriginsStruct;
+    },
+    assertIsKeyringOrigins: function() {
+        return assertIsKeyringOrigins;
+    },
+    isOriginAllowed: function() {
+        return isOriginAllowed;
+    },
     assertIsJsonRpcSuccess: function() {
         return assertIsJsonRpcSuccess;
     }
 });
+const _permissioncontroller = require("@metamask/permission-controller");
 const _utils = require("@metamask/utils");
 const _superstruct = require("superstruct");
 const RpcOriginsStruct = (0, _superstruct.refine)((0, _superstruct.object)({
     dapps: (0, _superstruct.optional)((0, _superstruct.boolean)()),
-    snaps: (0, _superstruct.optional)((0, _superstruct.boolean)())
+    snaps: (0, _superstruct.optional)((0, _superstruct.boolean)()),
+    allowedOrigins: (0, _superstruct.optional)((0, _superstruct.array)((0, _superstruct.string)()))
 }), 'RPC origins', (value)=>{
-    if (!Object.values(value).some(Boolean)) {
-        throw new Error('Must specify at least one JSON-RPC origin');
+    const hasOrigins = Boolean(value.snaps === true || value.dapps === true || value.allowedOrigins && value.allowedOrigins.length > 0);
+    if (hasOrigins) {
+        return true;
     }
-    return true;
+    return 'Must specify at least one JSON-RPC origin.';
 });
 function assertIsRpcOrigins(value, // eslint-disable-next-line @typescript-eslint/naming-convention
 ErrorWrapper) {
     (0, _utils.assertStruct)(value, RpcOriginsStruct, 'Invalid JSON-RPC origins', ErrorWrapper);
 }
+const KeyringOriginsStruct = (0, _superstruct.object)({
+    allowedOrigins: (0, _superstruct.optional)((0, _superstruct.array)((0, _superstruct.string)()))
+});
+function assertIsKeyringOrigins(value, // eslint-disable-next-line @typescript-eslint/naming-convention
+ErrorWrapper) {
+    (0, _utils.assertStruct)(value, KeyringOriginsStruct, 'Invalid keyring origins', ErrorWrapper);
+}
+function isOriginAllowed(origins, subjectType, origin) {
+    // The MetaMask client is always allowed.
+    if (origin === 'metamask') {
+        return true;
+    }
+    // If the origin is in the `allowedOrigins` list, it is allowed.
+    if (origins.allowedOrigins?.includes(origin)) {
+        return true;
+    }
+    // If the origin is a website and `dapps` is true, it is allowed.
+    if (subjectType === _permissioncontroller.SubjectType.Website && origins.dapps) {
+        return true;
+    }
+    // If the origin is a snap and `snaps` is true, it is allowed.
+    return Boolean(subjectType === _permissioncontroller.SubjectType.Snap && origins.snaps);
+}
 function assertIsJsonRpcSuccess(value) {
     if (!(0, _utils.isJsonRpcSuccess)(value)) {
         if ((0, _utils.isJsonRpcFailure)(value)) {

package/dist/cjs/json-rpc.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/json-rpc.ts"],"sourcesContent":["import type {\n  Json,\n  JsonRpcSuccess,\n  AssertionErrorConstructor,\n} from '@metamask/utils';\nimport {\n  isJsonRpcFailure,\n  isJsonRpcSuccess,\n  assertStruct,\n} from '@metamask/utils';\nimport type { Infer } from 'superstruct';\nimport { boolean, object, optional, refine } from 'superstruct';\n\nexport const RpcOriginsStruct = refine(\n  object({\n    dapps: optional(boolean()),\n    snaps: optional(boolean()),\n  }),\n  'RPC origins',\n  (value) => {\n    if (!Object.values(value).some(Boolean)) {\n      throw new Error('Must specify at least one JSON-RPC origin');\n    }\n\n    return true;\n  },\n);\n\nexport type RpcOrigins = Infer<typeof RpcOriginsStruct>;\n\n/**\n * Asserts that the given value is a valid {@link RpcOrigins} object.\n *\n * @param value - The value to assert.\n * @param ErrorWrapper - An optional error wrapper to use. Defaults to\n * {@link AssertionError}.\n * @throws If the value is not a valid {@link RpcOrigins} object.\n */\nexport function assertIsRpcOrigins(\n  value: unknown,\n  // eslint-disable-next-line @typescript-eslint/naming-convention\n  ErrorWrapper?: AssertionErrorConstructor,\n): asserts value is RpcOrigins {\n  assertStruct(\n    value,\n    RpcOriginsStruct,\n    'Invalid JSON-RPC origins',\n    ErrorWrapper,\n  );\n}\n\n/**\n * Assert that the given value is a successful JSON-RPC response. If the value\n * is not a success response, an error is thrown. If the value is an JSON-RPC\n * error, the error message is included in the thrown error.\n *\n * @param value - The value to check.\n * @throws If the value is not a JSON-RPC success response.\n */\nexport function assertIsJsonRpcSuccess(\n  value: unknown,\n): asserts value is JsonRpcSuccess<Json> {\n  if (!isJsonRpcSuccess(value)) {\n    if (isJsonRpcFailure(value)) {\n      throw new Error(`JSON-RPC request failed: ${value.error.message}`);\n    }\n\n    throw new Error('Invalid JSON-RPC response.');\n  }\n}\n"],"names":["RpcOriginsStruct","assertIsRpcOrigins","assertIsJsonRpcSuccess","refine","object","dapps","optional","boolean","snaps","value","Object","values","some","Boolean","Error","ErrorWrapper","assertStruct","isJsonRpcSuccess","isJsonRpcFailure","error","message"],"mappings":";;;;;;;;;;;IAaaA,gBAAgB;eAAhBA;;IAyBGC,kBAAkB;eAAlBA;;IAqBAC,sBAAsB;eAAtBA;;;uBAlDT;6BAE2C;AAE3C,MAAMF,mBAAmBG,IAAAA,mBAAM,EACpCC,IAAAA,mBAAM,EAAC;IACLC,OAAOC,IAAAA,qBAAQ,EAACC,IAAAA,oBAAO;IACvBC,OAAOF,IAAAA,qBAAQ,EAACC,IAAAA,oBAAO;AACzB,IACA,eACA,CAACE;IACC,IAAI,CAACC,OAAOC,MAAM,CAACF,OAAOG,IAAI,CAACC,UAAU;QACvC,MAAM,IAAIC,MAAM;IAClB;IAEA,OAAO;AACT;AAaK,SAASb,mBACdQ,KAAc,EACd,gEAAgE;AAChEM,YAAwC;IAExCC,IAAAA,mBAAY,EACVP,OACAT,kBACA,4BACAe;AAEJ;AAUO,SAASb,uBACdO,KAAc;IAEd,IAAI,CAACQ,IAAAA,uBAAgB,EAACR,QAAQ;QAC5B,IAAIS,IAAAA,uBAAgB,EAACT,QAAQ;YAC3B,MAAM,IAAIK,MAAM,CAAC,yBAAyB,EAAEL,MAAMU,KAAK,CAACC,OAAO,CAAC,CAAC;QACnE;QAEA,MAAM,IAAIN,MAAM;IAClB;AACF"}
+{"version":3,"sources":["../../src/json-rpc.ts"],"sourcesContent":["import { SubjectType } from '@metamask/permission-controller';\nimport type {\n  AssertionErrorConstructor,\n  Json,\n  JsonRpcSuccess,\n} from '@metamask/utils';\nimport {\n  assertStruct,\n  isJsonRpcFailure,\n  isJsonRpcSuccess,\n} from '@metamask/utils';\nimport type { Infer } from 'superstruct';\nimport { array, boolean, object, optional, refine, string } from 'superstruct';\n\nexport const RpcOriginsStruct = refine(\n  object({\n    dapps: optional(boolean()),\n    snaps: optional(boolean()),\n    allowedOrigins: optional(array(string())),\n  }),\n  'RPC origins',\n  (value) => {\n    const hasOrigins = Boolean(\n      value.snaps === true ||\n        value.dapps === true ||\n        (value.allowedOrigins && value.allowedOrigins.length > 0),\n    );\n\n    if (hasOrigins) {\n      return true;\n    }\n\n    return 'Must specify at least one JSON-RPC origin.';\n  },\n);\n\nexport type RpcOrigins = Infer<typeof RpcOriginsStruct>;\n\n/**\n * Asserts that the given value is a valid {@link RpcOrigins} object.\n *\n * @param value - The value to assert.\n * @param ErrorWrapper - An optional error wrapper to use. Defaults to\n * {@link AssertionError}.\n * @throws If the value is not a valid {@link RpcOrigins} object.\n */\nexport function assertIsRpcOrigins(\n  value: unknown,\n  // eslint-disable-next-line @typescript-eslint/naming-convention\n  ErrorWrapper?: AssertionErrorConstructor,\n): asserts value is RpcOrigins {\n  assertStruct(\n    value,\n    RpcOriginsStruct,\n    'Invalid JSON-RPC origins',\n    ErrorWrapper,\n  );\n}\n\nexport const KeyringOriginsStruct = object({\n  allowedOrigins: optional(array(string())),\n});\n\nexport type KeyringOrigins = Infer<typeof KeyringOriginsStruct>;\n\n/**\n * Assert that the given value is a valid {@link KeyringOrigins} object.\n *\n * @param value - The value to assert.\n * @param ErrorWrapper - An optional error wrapper to use. Defaults to\n * {@link AssertionError}.\n * @throws If the value is not a valid {@link KeyringOrigins} object.\n */\nexport function assertIsKeyringOrigins(\n  value: unknown,\n  // eslint-disable-next-line @typescript-eslint/naming-convention\n  ErrorWrapper?: AssertionErrorConstructor,\n): asserts value is KeyringOrigins {\n  assertStruct(\n    value,\n    KeyringOriginsStruct,\n    'Invalid keyring origins',\n    ErrorWrapper,\n  );\n}\n\n/**\n * Check if the given origin is allowed by the given JSON-RPC origins object.\n *\n * @param origins - The JSON-RPC origins object.\n * @param subjectType - The type of the origin.\n * @param origin - The origin to check.\n * @returns Whether the origin is allowed.\n */\nexport function isOriginAllowed(\n  origins: RpcOrigins,\n  subjectType: SubjectType,\n  origin: string,\n) {\n  // The MetaMask client is always allowed.\n  if (origin === 'metamask') {\n    return true;\n  }\n\n  // If the origin is in the `allowedOrigins` list, it is allowed.\n  if (origins.allowedOrigins?.includes(origin)) {\n    return true;\n  }\n\n  // If the origin is a website and `dapps` is true, it is allowed.\n  if (subjectType === SubjectType.Website && origins.dapps) {\n    return true;\n  }\n\n  // If the origin is a snap and `snaps` is true, it is allowed.\n  return Boolean(subjectType === SubjectType.Snap && origins.snaps);\n}\n\n/**\n * Assert that the given value is a successful JSON-RPC response. If the value\n * is not a success response, an error is thrown. If the value is an JSON-RPC\n * error, the error message is included in the thrown error.\n *\n * @param value - The value to check.\n * @throws If the value is not a JSON-RPC success response.\n */\nexport function assertIsJsonRpcSuccess(\n  value: unknown,\n): asserts value is JsonRpcSuccess<Json> {\n  if (!isJsonRpcSuccess(value)) {\n    if (isJsonRpcFailure(value)) {\n      throw new Error(`JSON-RPC request failed: ${value.error.message}`);\n    }\n\n    throw new Error('Invalid JSON-RPC response.');\n  }\n}\n"],"names":["RpcOriginsStruct","assertIsRpcOrigins","KeyringOriginsStruct","assertIsKeyringOrigins","isOriginAllowed","assertIsJsonRpcSuccess","refine","object","dapps","optional","boolean","snaps","allowedOrigins","array","string","value","hasOrigins","Boolean","length","ErrorWrapper","assertStruct","origins","subjectType","origin","includes","SubjectType","Website","Snap","isJsonRpcSuccess","isJsonRpcFailure","Error","error","message"],"mappings":";;;;;;;;;;;IAcaA,gBAAgB;eAAhBA;;IAgCGC,kBAAkB;eAAlBA;;IAaHC,oBAAoB;eAApBA;;IAcGC,sBAAsB;eAAtBA;;IAqBAC,eAAe;eAAfA;;IAgCAC,sBAAsB;eAAtBA;;;sCA9HY;uBAUrB;6BAE0D;AAE1D,MAAML,mBAAmBM,IAAAA,mBAAM,EACpCC,IAAAA,mBAAM,EAAC;IACLC,OAAOC,IAAAA,qBAAQ,EAACC,IAAAA,oBAAO;IACvBC,OAAOF,IAAAA,qBAAQ,EAACC,IAAAA,oBAAO;IACvBE,gBAAgBH,IAAAA,qBAAQ,EAACI,IAAAA,kBAAK,EAACC,IAAAA,mBAAM;AACvC,IACA,eACA,CAACC;IACC,MAAMC,aAAaC,QACjBF,MAAMJ,KAAK,KAAK,QACdI,MAAMP,KAAK,KAAK,QACfO,MAAMH,cAAc,IAAIG,MAAMH,cAAc,CAACM,MAAM,GAAG;IAG3D,IAAIF,YAAY;QACd,OAAO;IACT;IAEA,OAAO;AACT;AAaK,SAASf,mBACdc,KAAc,EACd,gEAAgE;AAChEI,YAAwC;IAExCC,IAAAA,mBAAY,EACVL,OACAf,kBACA,4BACAmB;AAEJ;AAEO,MAAMjB,uBAAuBK,IAAAA,mBAAM,EAAC;IACzCK,gBAAgBH,IAAAA,qBAAQ,EAACI,IAAAA,kBAAK,EAACC,IAAAA,mBAAM;AACvC;AAYO,SAASX,uBACdY,KAAc,EACd,gEAAgE;AAChEI,YAAwC;IAExCC,IAAAA,mBAAY,EACVL,OACAb,sBACA,2BACAiB;AAEJ;AAUO,SAASf,gBACdiB,OAAmB,EACnBC,WAAwB,EACxBC,MAAc;IAEd,yCAAyC;IACzC,IAAIA,WAAW,YAAY;QACzB,OAAO;IACT;IAEA,gEAAgE;IAChE,IAAIF,QAAQT,cAAc,EAAEY,SAASD,SAAS;QAC5C,OAAO;IACT;IAEA,iEAAiE;IACjE,IAAID,gBAAgBG,iCAAW,CAACC,OAAO,IAAIL,QAAQb,KAAK,EAAE;QACxD,OAAO;IACT;IAEA,8DAA8D;IAC9D,OAAOS,QAAQK,gBAAgBG,iCAAW,CAACE,IAAI,IAAIN,QAAQV,KAAK;AAClE;AAUO,SAASN,uBACdU,KAAc;IAEd,IAAI,CAACa,IAAAA,uBAAgB,EAACb,QAAQ;QAC5B,IAAIc,IAAAA,uBAAgB,EAACd,QAAQ;YAC3B,MAAM,IAAIe,MAAM,CAAC,yBAAyB,EAAEf,MAAMgB,KAAK,CAACC,OAAO,CAAC,CAAC;QACnE;QAEA,MAAM,IAAIF,MAAM;IAClB;AACF"}

package/dist/cjs/manifest/validation.js

@@ -124,7 +124,6 @@ const SnapIdsStruct = (0, _superstruct.refine)((0, _superstruct.record)(_snaps.S
 });
 const ChainIdsStruct = (0, _superstruct.array)(_namespace.ChainIdStruct);
 const PermissionsStruct = (0, _superstruct.type)({
-    'endowment:long-running': (0, _superstruct.optional)((0, _superstruct.object)({})),
     'endowment:network-access': (0, _superstruct.optional)((0, _superstruct.object)({})),
     'endowment:webassembly': (0, _superstruct.optional)((0, _superstruct.object)({})),
     'endowment:transaction-insight': (0, _superstruct.optional)((0, _superstruct.object)({
@@ -135,6 +134,7 @@ const PermissionsStruct = (0, _superstruct.type)({
     })),
     'endowment:rpc': (0, _superstruct.optional)(_jsonrpc.RpcOriginsStruct),
     'endowment:name-lookup': (0, _superstruct.optional)(ChainIdsStruct),
+    'endowment:keyring': (0, _superstruct.optional)(_jsonrpc.KeyringOriginsStruct),
     snap_dialog: (0, _superstruct.optional)((0, _superstruct.object)({})),
     // TODO: Remove
     snap_confirm: (0, _superstruct.optional)((0, _superstruct.object)({})),

package/dist/cjs/manifest/validation.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/manifest/validation.ts"],"sourcesContent":["import { isValidBIP32PathSegment } from '@metamask/key-tree';\nimport {\n  assertStruct,\n  ChecksumStruct,\n  VersionStruct,\n  isValidSemVerRange,\n} from '@metamask/utils';\nimport type { Infer, Struct } from 'superstruct';\nimport {\n  array,\n  boolean,\n  create,\n  enums,\n  integer,\n  is,\n  literal,\n  object,\n  optional,\n  pattern,\n  refine,\n  record,\n  size,\n  string,\n  type,\n  union,\n} from 'superstruct';\n\nimport { isEqual } from '../array';\nimport { CronjobSpecificationArrayStruct } from '../cronjob';\nimport { SIP_6_MAGIC_VALUE, STATE_ENCRYPTION_MAGIC_VALUE } from '../entropy';\nimport { RpcOriginsStruct } from '../json-rpc';\nimport { ChainIdStruct } from '../namespace';\nimport { SnapIdStruct } from '../snaps';\nimport { NameStruct, NpmSnapFileNames } from '../types';\n\n// BIP-43 purposes that cannot be used for entropy derivation. These are in the\n// string form, ending with `'`.\nconst FORBIDDEN_PURPOSES: string[] = [\n  SIP_6_MAGIC_VALUE,\n  STATE_ENCRYPTION_MAGIC_VALUE,\n];\n\nexport const FORBIDDEN_COIN_TYPES: number[] = [60];\nconst FORBIDDEN_PATHS: string[][] = FORBIDDEN_COIN_TYPES.map((coinType) => [\n  'm',\n  \"44'\",\n  `${coinType}'`,\n]);\n\nexport const Bip32PathStruct = refine(\n  array(string()),\n  'BIP-32 path',\n  (path: string[]) => {\n    if (path.length === 0) {\n      return 'Path must be a non-empty BIP-32 derivation path array';\n    }\n\n    if (path[0] !== 'm') {\n      return 'Path must start with \"m\".';\n    }\n\n    if (path.length < 3) {\n      return 'Paths must have a length of at least three.';\n    }\n\n    if (path.slice(1).some((part) => !isValidBIP32PathSegment(part))) {\n      return 'Path must be a valid BIP-32 derivation path array.';\n    }\n\n    if (FORBIDDEN_PURPOSES.includes(path[1])) {\n      return `The purpose \"${path[1]}\" is not allowed for entropy derivation.`;\n    }\n\n    if (\n      FORBIDDEN_PATHS.some((forbiddenPath) =>\n        isEqual(path.slice(0, forbiddenPath.length), forbiddenPath),\n      )\n    ) {\n      return `The path \"${path.join(\n        '/',\n      )}\" is not allowed for entropy derivation.`;\n    }\n\n    return true;\n  },\n);\n\nexport const bip32entropy = <\n  Type extends { path: string[]; curve: string },\n  Schema,\n>(\n  struct: Struct<Type, Schema>,\n) =>\n  refine(struct, 'BIP-32 entropy', (value) => {\n    if (\n      value.curve === 'ed25519' &&\n      value.path.slice(1).some((part) => !part.endsWith(\"'\"))\n    ) {\n      return 'Ed25519 does not support unhardened paths.';\n    }\n\n    return true;\n  });\n\n// Used outside @metamask/snap-utils\nexport const Bip32EntropyStruct = bip32entropy(\n  type({\n    path: Bip32PathStruct,\n    curve: enums(['ed25519', 'secp256k1']),\n  }),\n);\n\nexport type Bip32Entropy = Infer<typeof Bip32EntropyStruct>;\n\nexport const SnapGetBip32EntropyPermissionsStruct = size(\n  array(Bip32EntropyStruct),\n  1,\n  Infinity,\n);\n\nexport const SemVerRangeStruct = refine(string(), 'SemVer range', (value) => {\n  if (isValidSemVerRange(value)) {\n    return true;\n  }\n  return 'Expected a valid SemVer range.';\n});\n\nexport const SnapIdsStruct = refine(\n  record(SnapIdStruct, object({ version: optional(SemVerRangeStruct) })),\n  'SnapIds',\n  (value) => {\n    if (Object.keys(value).length === 0) {\n      return false;\n    }\n\n    return true;\n  },\n);\n\nexport type SnapIds = Infer<typeof SnapIdsStruct>;\n\nexport const ChainIdsStruct = array(ChainIdStruct);\n\n/* eslint-disable @typescript-eslint/naming-convention */\nexport const PermissionsStruct = type({\n  'endowment:long-running': optional(object({})),\n  'endowment:network-access': optional(object({})),\n  'endowment:webassembly': optional(object({})),\n  'endowment:transaction-insight': optional(\n    object({\n      allowTransactionOrigin: optional(boolean()),\n    }),\n  ),\n  'endowment:cronjob': optional(\n    object({ jobs: CronjobSpecificationArrayStruct }),\n  ),\n  'endowment:rpc': optional(RpcOriginsStruct),\n  'endowment:name-lookup': optional(ChainIdsStruct),\n  snap_dialog: optional(object({})),\n  // TODO: Remove\n  snap_confirm: optional(object({})),\n  snap_manageState: optional(object({})),\n  snap_manageAccounts: optional(object({})),\n  snap_notify: optional(object({})),\n  snap_getBip32Entropy: optional(SnapGetBip32EntropyPermissionsStruct),\n  snap_getBip32PublicKey: optional(SnapGetBip32EntropyPermissionsStruct),\n  snap_getBip44Entropy: optional(\n    size(\n      array(object({ coinType: size(integer(), 0, 2 ** 32 - 1) })),\n      1,\n      Infinity,\n    ),\n  ),\n  snap_getEntropy: optional(object({})),\n  wallet_snap: optional(SnapIdsStruct),\n});\n/* eslint-enable @typescript-eslint/naming-convention */\n\nexport type SnapPermissions = Infer<typeof PermissionsStruct>;\n\nexport const SnapManifestStruct = object({\n  version: VersionStruct,\n  description: size(string(), 1, 280),\n  proposedName: size(\n    pattern(\n      string(),\n      /^(?:[A-Za-z0-9-_]+( [A-Za-z0-9-_]+)*)|(?:(?:@[A-Za-z0-9-*~][A-Za-z0-9-*._~]*\\/)?[A-Za-z0-9-~][A-Za-z0-9-._~]*)$/u,\n    ),\n    1,\n    214,\n  ),\n  repository: optional(\n    object({\n      type: size(string(), 1, Infinity),\n      url: size(string(), 1, Infinity),\n    }),\n  ),\n  source: object({\n    shasum: ChecksumStruct,\n    location: object({\n      npm: object({\n        filePath: size(string(), 1, Infinity),\n        iconPath: optional(size(string(), 1, Infinity)),\n        packageName: NameStruct,\n        registry: union([\n          literal('https://registry.npmjs.org'),\n          literal('https://registry.npmjs.org/'),\n        ]),\n      }),\n    }),\n  }),\n  initialPermissions: PermissionsStruct,\n  manifestVersion: literal('0.1'),\n  $schema: optional(string()), // enables JSON-Schema linting in VSC and other IDEs\n});\n\nexport type SnapManifest = Infer<typeof SnapManifestStruct>;\n\n/**\n * Check if the given value is a valid {@link SnapManifest} object.\n *\n * @param value - The value to check.\n * @returns Whether the value is a valid {@link SnapManifest} object.\n */\nexport function isSnapManifest(value: unknown): value is SnapManifest {\n  return is(value, SnapManifestStruct);\n}\n\n/**\n * Assert that the given value is a valid {@link SnapManifest} object.\n *\n * @param value - The value to check.\n * @throws If the value is not a valid {@link SnapManifest} object.\n */\nexport function assertIsSnapManifest(\n  value: unknown,\n): asserts value is SnapManifest {\n  assertStruct(\n    value,\n    SnapManifestStruct,\n    `\"${NpmSnapFileNames.Manifest}\" is invalid`,\n  );\n}\n\n/**\n * Creates a {@link SnapManifest} object from JSON.\n *\n * @param value - The value to check.\n * @throws If the value cannot be coerced to a {@link SnapManifest} object.\n * @returns The created {@link SnapManifest} object.\n */\nexport function createSnapManifest(value: unknown): SnapManifest {\n  // TODO: Add a utility to prefix these errors similar to assertStruct\n  return create(value, SnapManifestStruct);\n}\n"],"names":["FORBIDDEN_COIN_TYPES","Bip32PathStruct","bip32entropy","Bip32EntropyStruct","SnapGetBip32EntropyPermissionsStruct","SemVerRangeStruct","SnapIdsStruct","ChainIdsStruct","PermissionsStruct","SnapManifestStruct","isSnapManifest","assertIsSnapManifest","createSnapManifest","FORBIDDEN_PURPOSES","SIP_6_MAGIC_VALUE","STATE_ENCRYPTION_MAGIC_VALUE","FORBIDDEN_PATHS","map","coinType","refine","array","string","path","length","slice","some","part","isValidBIP32PathSegment","includes","forbiddenPath","isEqual","join","struct","value","curve","endsWith","type","enums","size","Infinity","isValidSemVerRange","record","SnapIdStruct","object","version","optional","Object","keys","ChainIdStruct","allowTransactionOrigin","boolean","jobs","CronjobSpecificationArrayStruct","RpcOriginsStruct","snap_dialog","snap_confirm","snap_manageState","snap_manageAccounts","snap_notify","snap_getBip32Entropy","snap_getBip32PublicKey","snap_getBip44Entropy","integer","snap_getEntropy","wallet_snap","VersionStruct","description","proposedName","pattern","repository","url","source","shasum","ChecksumStruct","location","npm","filePath","iconPath","packageName","NameStruct","registry","union","literal","initialPermissions","manifestVersion","$schema","is","assertStruct","NpmSnapFileNames","Manifest","create"],"mappings":";;;;;;;;;;;IA0CaA,oBAAoB;eAApBA;;IAOAC,eAAe;eAAfA;;IAsCAC,YAAY;eAAZA;;IAkBAC,kBAAkB;eAAlBA;;IASAC,oCAAoC;eAApCA;;IAMAC,iBAAiB;eAAjBA;;IAOAC,aAAa;eAAbA;;IAcAC,cAAc;eAAdA;;IAGAC,iBAAiB;eAAjBA;;IAoCAC,kBAAkB;eAAlBA;;IA4CGC,cAAc;eAAdA;;IAUAC,oBAAoB;eAApBA;;IAiBAC,kBAAkB;eAAlBA;;;yBA3PwB;uBAMjC;6BAmBA;uBAEiB;yBACwB;yBACgB;yBAC/B;2BACH;uBACD;uBACgB;AAE7C,+EAA+E;AAC/E,gCAAgC;AAChC,MAAMC,qBAA+B;IACnCC,0BAAiB;IACjBC,qCAA4B;CAC7B;AAEM,MAAMf,uBAAiC;IAAC;CAAG;AAClD,MAAMgB,kBAA8BhB,qBAAqBiB,GAAG,CAAC,CAACC,WAAa;QACzE;QACA;QACA,CAAC,EAAEA,SAAS,CAAC,CAAC;KACf;AAEM,MAAMjB,kBAAkBkB,IAAAA,mBAAM,EACnCC,IAAAA,kBAAK,EAACC,IAAAA,mBAAM,MACZ,eACA,CAACC;IACC,IAAIA,KAAKC,MAAM,KAAK,GAAG;QACrB,OAAO;IACT;IAEA,IAAID,IAAI,CAAC,EAAE,KAAK,KAAK;QACnB,OAAO;IACT;IAEA,IAAIA,KAAKC,MAAM,GAAG,GAAG;QACnB,OAAO;IACT;IAEA,IAAID,KAAKE,KAAK,CAAC,GAAGC,IAAI,CAAC,CAACC,OAAS,CAACC,IAAAA,gCAAuB,EAACD,QAAQ;QAChE,OAAO;IACT;IAEA,IAAIb,mBAAmBe,QAAQ,CAACN,IAAI,CAAC,EAAE,GAAG;QACxC,OAAO,CAAC,aAAa,EAAEA,IAAI,CAAC,EAAE,CAAC,wCAAwC,CAAC;IAC1E;IAEA,IACEN,gBAAgBS,IAAI,CAAC,CAACI,gBACpBC,IAAAA,cAAO,EAACR,KAAKE,KAAK,CAAC,GAAGK,cAAcN,MAAM,GAAGM,iBAE/C;QACA,OAAO,CAAC,UAAU,EAAEP,KAAKS,IAAI,CAC3B,KACA,wCAAwC,CAAC;IAC7C;IAEA,OAAO;AACT;AAGK,MAAM7B,eAAe,CAI1B8B,SAEAb,IAAAA,mBAAM,EAACa,QAAQ,kBAAkB,CAACC;QAChC,IACEA,MAAMC,KAAK,KAAK,aAChBD,MAAMX,IAAI,CAACE,KAAK,CAAC,GAAGC,IAAI,CAAC,CAACC,OAAS,CAACA,KAAKS,QAAQ,CAAC,OAClD;YACA,OAAO;QACT;QAEA,OAAO;IACT;AAGK,MAAMhC,qBAAqBD,aAChCkC,IAAAA,iBAAI,EAAC;IACHd,MAAMrB;IACNiC,OAAOG,IAAAA,kBAAK,EAAC;QAAC;QAAW;KAAY;AACvC;AAKK,MAAMjC,uCAAuCkC,IAAAA,iBAAI,EACtDlB,IAAAA,kBAAK,EAACjB,qBACN,GACAoC;AAGK,MAAMlC,oBAAoBc,IAAAA,mBAAM,EAACE,IAAAA,mBAAM,KAAI,gBAAgB,CAACY;IACjE,IAAIO,IAAAA,yBAAkB,EAACP,QAAQ;QAC7B,OAAO;IACT;IACA,OAAO;AACT;AAEO,MAAM3B,gBAAgBa,IAAAA,mBAAM,EACjCsB,IAAAA,mBAAM,EAACC,mBAAY,EAAEC,IAAAA,mBAAM,EAAC;IAAEC,SAASC,IAAAA,qBAAQ,EAACxC;AAAmB,KACnE,WACA,CAAC4B;IACC,IAAIa,OAAOC,IAAI,CAACd,OAAOV,MAAM,KAAK,GAAG;QACnC,OAAO;IACT;IAEA,OAAO;AACT;AAKK,MAAMhB,iBAAiBa,IAAAA,kBAAK,EAAC4B,wBAAa;AAG1C,MAAMxC,oBAAoB4B,IAAAA,iBAAI,EAAC;IACpC,0BAA0BS,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IAC3C,4BAA4BE,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IAC7C,yBAAyBE,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IAC1C,iCAAiCE,IAAAA,qBAAQ,EACvCF,IAAAA,mBAAM,EAAC;QACLM,wBAAwBJ,IAAAA,qBAAQ,EAACK,IAAAA,oBAAO;IAC1C;IAEF,qBAAqBL,IAAAA,qBAAQ,EAC3BF,IAAAA,mBAAM,EAAC;QAAEQ,MAAMC,wCAA+B;IAAC;IAEjD,iBAAiBP,IAAAA,qBAAQ,EAACQ,yBAAgB;IAC1C,yBAAyBR,IAAAA,qBAAQ,EAACtC;IAClC+C,aAAaT,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IAC9B,eAAe;IACfY,cAAcV,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IAC/Ba,kBAAkBX,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IACnCc,qBAAqBZ,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IACtCe,aAAab,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IAC9BgB,sBAAsBd,IAAAA,qBAAQ,EAACzC;IAC/BwD,wBAAwBf,IAAAA,qBAAQ,EAACzC;IACjCyD,sBAAsBhB,IAAAA,qBAAQ,EAC5BP,IAAAA,iBAAI,EACFlB,IAAAA,kBAAK,EAACuB,IAAAA,mBAAM,EAAC;QAAEzB,UAAUoB,IAAAA,iBAAI,EAACwB,IAAAA,oBAAO,KAAI,GAAG,KAAK,KAAK;IAAG,KACzD,GACAvB;IAGJwB,iBAAiBlB,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IAClCqB,aAAanB,IAAAA,qBAAQ,EAACvC;AACxB;AAKO,MAAMG,qBAAqBkC,IAAAA,mBAAM,EAAC;IACvCC,SAASqB,oBAAa;IACtBC,aAAa5B,IAAAA,iBAAI,EAACjB,IAAAA,mBAAM,KAAI,GAAG;IAC/B8C,cAAc7B,IAAAA,iBAAI,EAChB8B,IAAAA,oBAAO,EACL/C,IAAAA,mBAAM,KACN,qHAEF,GACA;IAEFgD,YAAYxB,IAAAA,qBAAQ,EAClBF,IAAAA,mBAAM,EAAC;QACLP,MAAME,IAAAA,iBAAI,EAACjB,IAAAA,mBAAM,KAAI,GAAGkB;QACxB+B,KAAKhC,IAAAA,iBAAI,EAACjB,IAAAA,mBAAM,KAAI,GAAGkB;IACzB;IAEFgC,QAAQ5B,IAAAA,mBAAM,EAAC;QACb6B,QAAQC,qBAAc;QACtBC,UAAU/B,IAAAA,mBAAM,EAAC;YACfgC,KAAKhC,IAAAA,mBAAM,EAAC;gBACViC,UAAUtC,IAAAA,iBAAI,EAACjB,IAAAA,mBAAM,KAAI,GAAGkB;gBAC5BsC,UAAUhC,IAAAA,qBAAQ,EAACP,IAAAA,iBAAI,EAACjB,IAAAA,mBAAM,KAAI,GAAGkB;gBACrCuC,aAAaC,iBAAU;gBACvBC,UAAUC,IAAAA,kBAAK,EAAC;oBACdC,IAAAA,oBAAO,EAAC;oBACRA,IAAAA,oBAAO,EAAC;iBACT;YACH;QACF;IACF;IACAC,oBAAoB3E;IACpB4E,iBAAiBF,IAAAA,oBAAO,EAAC;IACzBG,SAASxC,IAAAA,qBAAQ,EAACxB,IAAAA,mBAAM;AAC1B;AAUO,SAASX,eAAeuB,KAAc;IAC3C,OAAOqD,IAAAA,eAAE,EAACrD,OAAOxB;AACnB;AAQO,SAASE,qBACdsB,KAAc;IAEdsD,IAAAA,mBAAY,EACVtD,OACAxB,oBACA,CAAC,CAAC,EAAE+E,uBAAgB,CAACC,QAAQ,CAAC,YAAY,CAAC;AAE/C;AASO,SAAS7E,mBAAmBqB,KAAc;IAC/C,qEAAqE;IACrE,OAAOyD,IAAAA,mBAAM,EAACzD,OAAOxB;AACvB"}
+{"version":3,"sources":["../../../src/manifest/validation.ts"],"sourcesContent":["import { isValidBIP32PathSegment } from '@metamask/key-tree';\nimport {\n  assertStruct,\n  ChecksumStruct,\n  VersionStruct,\n  isValidSemVerRange,\n} from '@metamask/utils';\nimport type { Infer, Struct } from 'superstruct';\nimport {\n  array,\n  boolean,\n  create,\n  enums,\n  integer,\n  is,\n  literal,\n  object,\n  optional,\n  pattern,\n  refine,\n  record,\n  size,\n  string,\n  type,\n  union,\n} from 'superstruct';\n\nimport { isEqual } from '../array';\nimport { CronjobSpecificationArrayStruct } from '../cronjob';\nimport { SIP_6_MAGIC_VALUE, STATE_ENCRYPTION_MAGIC_VALUE } from '../entropy';\nimport { KeyringOriginsStruct, RpcOriginsStruct } from '../json-rpc';\nimport { ChainIdStruct } from '../namespace';\nimport { SnapIdStruct } from '../snaps';\nimport { NameStruct, NpmSnapFileNames } from '../types';\n\n// BIP-43 purposes that cannot be used for entropy derivation. These are in the\n// string form, ending with `'`.\nconst FORBIDDEN_PURPOSES: string[] = [\n  SIP_6_MAGIC_VALUE,\n  STATE_ENCRYPTION_MAGIC_VALUE,\n];\n\nexport const FORBIDDEN_COIN_TYPES: number[] = [60];\nconst FORBIDDEN_PATHS: string[][] = FORBIDDEN_COIN_TYPES.map((coinType) => [\n  'm',\n  \"44'\",\n  `${coinType}'`,\n]);\n\nexport const Bip32PathStruct = refine(\n  array(string()),\n  'BIP-32 path',\n  (path: string[]) => {\n    if (path.length === 0) {\n      return 'Path must be a non-empty BIP-32 derivation path array';\n    }\n\n    if (path[0] !== 'm') {\n      return 'Path must start with \"m\".';\n    }\n\n    if (path.length < 3) {\n      return 'Paths must have a length of at least three.';\n    }\n\n    if (path.slice(1).some((part) => !isValidBIP32PathSegment(part))) {\n      return 'Path must be a valid BIP-32 derivation path array.';\n    }\n\n    if (FORBIDDEN_PURPOSES.includes(path[1])) {\n      return `The purpose \"${path[1]}\" is not allowed for entropy derivation.`;\n    }\n\n    if (\n      FORBIDDEN_PATHS.some((forbiddenPath) =>\n        isEqual(path.slice(0, forbiddenPath.length), forbiddenPath),\n      )\n    ) {\n      return `The path \"${path.join(\n        '/',\n      )}\" is not allowed for entropy derivation.`;\n    }\n\n    return true;\n  },\n);\n\nexport const bip32entropy = <\n  Type extends { path: string[]; curve: string },\n  Schema,\n>(\n  struct: Struct<Type, Schema>,\n) =>\n  refine(struct, 'BIP-32 entropy', (value) => {\n    if (\n      value.curve === 'ed25519' &&\n      value.path.slice(1).some((part) => !part.endsWith(\"'\"))\n    ) {\n      return 'Ed25519 does not support unhardened paths.';\n    }\n\n    return true;\n  });\n\n// Used outside @metamask/snap-utils\nexport const Bip32EntropyStruct = bip32entropy(\n  type({\n    path: Bip32PathStruct,\n    curve: enums(['ed25519', 'secp256k1']),\n  }),\n);\n\nexport type Bip32Entropy = Infer<typeof Bip32EntropyStruct>;\n\nexport const SnapGetBip32EntropyPermissionsStruct = size(\n  array(Bip32EntropyStruct),\n  1,\n  Infinity,\n);\n\nexport const SemVerRangeStruct = refine(string(), 'SemVer range', (value) => {\n  if (isValidSemVerRange(value)) {\n    return true;\n  }\n  return 'Expected a valid SemVer range.';\n});\n\nexport const SnapIdsStruct = refine(\n  record(SnapIdStruct, object({ version: optional(SemVerRangeStruct) })),\n  'SnapIds',\n  (value) => {\n    if (Object.keys(value).length === 0) {\n      return false;\n    }\n\n    return true;\n  },\n);\n\nexport type SnapIds = Infer<typeof SnapIdsStruct>;\n\nexport const ChainIdsStruct = array(ChainIdStruct);\n\n/* eslint-disable @typescript-eslint/naming-convention */\nexport const PermissionsStruct = type({\n  'endowment:network-access': optional(object({})),\n  'endowment:webassembly': optional(object({})),\n  'endowment:transaction-insight': optional(\n    object({\n      allowTransactionOrigin: optional(boolean()),\n    }),\n  ),\n  'endowment:cronjob': optional(\n    object({ jobs: CronjobSpecificationArrayStruct }),\n  ),\n  'endowment:rpc': optional(RpcOriginsStruct),\n  'endowment:name-lookup': optional(ChainIdsStruct),\n  'endowment:keyring': optional(KeyringOriginsStruct),\n  snap_dialog: optional(object({})),\n  // TODO: Remove\n  snap_confirm: optional(object({})),\n  snap_manageState: optional(object({})),\n  snap_manageAccounts: optional(object({})),\n  snap_notify: optional(object({})),\n  snap_getBip32Entropy: optional(SnapGetBip32EntropyPermissionsStruct),\n  snap_getBip32PublicKey: optional(SnapGetBip32EntropyPermissionsStruct),\n  snap_getBip44Entropy: optional(\n    size(\n      array(object({ coinType: size(integer(), 0, 2 ** 32 - 1) })),\n      1,\n      Infinity,\n    ),\n  ),\n  snap_getEntropy: optional(object({})),\n  wallet_snap: optional(SnapIdsStruct),\n});\n/* eslint-enable @typescript-eslint/naming-convention */\n\nexport type SnapPermissions = Infer<typeof PermissionsStruct>;\n\nexport const SnapManifestStruct = object({\n  version: VersionStruct,\n  description: size(string(), 1, 280),\n  proposedName: size(\n    pattern(\n      string(),\n      /^(?:[A-Za-z0-9-_]+( [A-Za-z0-9-_]+)*)|(?:(?:@[A-Za-z0-9-*~][A-Za-z0-9-*._~]*\\/)?[A-Za-z0-9-~][A-Za-z0-9-._~]*)$/u,\n    ),\n    1,\n    214,\n  ),\n  repository: optional(\n    object({\n      type: size(string(), 1, Infinity),\n      url: size(string(), 1, Infinity),\n    }),\n  ),\n  source: object({\n    shasum: ChecksumStruct,\n    location: object({\n      npm: object({\n        filePath: size(string(), 1, Infinity),\n        iconPath: optional(size(string(), 1, Infinity)),\n        packageName: NameStruct,\n        registry: union([\n          literal('https://registry.npmjs.org'),\n          literal('https://registry.npmjs.org/'),\n        ]),\n      }),\n    }),\n  }),\n  initialPermissions: PermissionsStruct,\n  manifestVersion: literal('0.1'),\n  $schema: optional(string()), // enables JSON-Schema linting in VSC and other IDEs\n});\n\nexport type SnapManifest = Infer<typeof SnapManifestStruct>;\n\n/**\n * Check if the given value is a valid {@link SnapManifest} object.\n *\n * @param value - The value to check.\n * @returns Whether the value is a valid {@link SnapManifest} object.\n */\nexport function isSnapManifest(value: unknown): value is SnapManifest {\n  return is(value, SnapManifestStruct);\n}\n\n/**\n * Assert that the given value is a valid {@link SnapManifest} object.\n *\n * @param value - The value to check.\n * @throws If the value is not a valid {@link SnapManifest} object.\n */\nexport function assertIsSnapManifest(\n  value: unknown,\n): asserts value is SnapManifest {\n  assertStruct(\n    value,\n    SnapManifestStruct,\n    `\"${NpmSnapFileNames.Manifest}\" is invalid`,\n  );\n}\n\n/**\n * Creates a {@link SnapManifest} object from JSON.\n *\n * @param value - The value to check.\n * @throws If the value cannot be coerced to a {@link SnapManifest} object.\n * @returns The created {@link SnapManifest} object.\n */\nexport function createSnapManifest(value: unknown): SnapManifest {\n  // TODO: Add a utility to prefix these errors similar to assertStruct\n  return create(value, SnapManifestStruct);\n}\n"],"names":["FORBIDDEN_COIN_TYPES","Bip32PathStruct","bip32entropy","Bip32EntropyStruct","SnapGetBip32EntropyPermissionsStruct","SemVerRangeStruct","SnapIdsStruct","ChainIdsStruct","PermissionsStruct","SnapManifestStruct","isSnapManifest","assertIsSnapManifest","createSnapManifest","FORBIDDEN_PURPOSES","SIP_6_MAGIC_VALUE","STATE_ENCRYPTION_MAGIC_VALUE","FORBIDDEN_PATHS","map","coinType","refine","array","string","path","length","slice","some","part","isValidBIP32PathSegment","includes","forbiddenPath","isEqual","join","struct","value","curve","endsWith","type","enums","size","Infinity","isValidSemVerRange","record","SnapIdStruct","object","version","optional","Object","keys","ChainIdStruct","allowTransactionOrigin","boolean","jobs","CronjobSpecificationArrayStruct","RpcOriginsStruct","KeyringOriginsStruct","snap_dialog","snap_confirm","snap_manageState","snap_manageAccounts","snap_notify","snap_getBip32Entropy","snap_getBip32PublicKey","snap_getBip44Entropy","integer","snap_getEntropy","wallet_snap","VersionStruct","description","proposedName","pattern","repository","url","source","shasum","ChecksumStruct","location","npm","filePath","iconPath","packageName","NameStruct","registry","union","literal","initialPermissions","manifestVersion","$schema","is","assertStruct","NpmSnapFileNames","Manifest","create"],"mappings":";;;;;;;;;;;IA0CaA,oBAAoB;eAApBA;;IAOAC,eAAe;eAAfA;;IAsCAC,YAAY;eAAZA;;IAkBAC,kBAAkB;eAAlBA;;IASAC,oCAAoC;eAApCA;;IAMAC,iBAAiB;eAAjBA;;IAOAC,aAAa;eAAbA;;IAcAC,cAAc;eAAdA;;IAGAC,iBAAiB;eAAjBA;;IAoCAC,kBAAkB;eAAlBA;;IA4CGC,cAAc;eAAdA;;IAUAC,oBAAoB;eAApBA;;IAiBAC,kBAAkB;eAAlBA;;;yBA3PwB;uBAMjC;6BAmBA;uBAEiB;yBACwB;yBACgB;yBACT;2BACzB;uBACD;uBACgB;AAE7C,+EAA+E;AAC/E,gCAAgC;AAChC,MAAMC,qBAA+B;IACnCC,0BAAiB;IACjBC,qCAA4B;CAC7B;AAEM,MAAMf,uBAAiC;IAAC;CAAG;AAClD,MAAMgB,kBAA8BhB,qBAAqBiB,GAAG,CAAC,CAACC,WAAa;QACzE;QACA;QACA,CAAC,EAAEA,SAAS,CAAC,CAAC;KACf;AAEM,MAAMjB,kBAAkBkB,IAAAA,mBAAM,EACnCC,IAAAA,kBAAK,EAACC,IAAAA,mBAAM,MACZ,eACA,CAACC;IACC,IAAIA,KAAKC,MAAM,KAAK,GAAG;QACrB,OAAO;IACT;IAEA,IAAID,IAAI,CAAC,EAAE,KAAK,KAAK;QACnB,OAAO;IACT;IAEA,IAAIA,KAAKC,MAAM,GAAG,GAAG;QACnB,OAAO;IACT;IAEA,IAAID,KAAKE,KAAK,CAAC,GAAGC,IAAI,CAAC,CAACC,OAAS,CAACC,IAAAA,gCAAuB,EAACD,QAAQ;QAChE,OAAO;IACT;IAEA,IAAIb,mBAAmBe,QAAQ,CAACN,IAAI,CAAC,EAAE,GAAG;QACxC,OAAO,CAAC,aAAa,EAAEA,IAAI,CAAC,EAAE,CAAC,wCAAwC,CAAC;IAC1E;IAEA,IACEN,gBAAgBS,IAAI,CAAC,CAACI,gBACpBC,IAAAA,cAAO,EAACR,KAAKE,KAAK,CAAC,GAAGK,cAAcN,MAAM,GAAGM,iBAE/C;QACA,OAAO,CAAC,UAAU,EAAEP,KAAKS,IAAI,CAC3B,KACA,wCAAwC,CAAC;IAC7C;IAEA,OAAO;AACT;AAGK,MAAM7B,eAAe,CAI1B8B,SAEAb,IAAAA,mBAAM,EAACa,QAAQ,kBAAkB,CAACC;QAChC,IACEA,MAAMC,KAAK,KAAK,aAChBD,MAAMX,IAAI,CAACE,KAAK,CAAC,GAAGC,IAAI,CAAC,CAACC,OAAS,CAACA,KAAKS,QAAQ,CAAC,OAClD;YACA,OAAO;QACT;QAEA,OAAO;IACT;AAGK,MAAMhC,qBAAqBD,aAChCkC,IAAAA,iBAAI,EAAC;IACHd,MAAMrB;IACNiC,OAAOG,IAAAA,kBAAK,EAAC;QAAC;QAAW;KAAY;AACvC;AAKK,MAAMjC,uCAAuCkC,IAAAA,iBAAI,EACtDlB,IAAAA,kBAAK,EAACjB,qBACN,GACAoC;AAGK,MAAMlC,oBAAoBc,IAAAA,mBAAM,EAACE,IAAAA,mBAAM,KAAI,gBAAgB,CAACY;IACjE,IAAIO,IAAAA,yBAAkB,EAACP,QAAQ;QAC7B,OAAO;IACT;IACA,OAAO;AACT;AAEO,MAAM3B,gBAAgBa,IAAAA,mBAAM,EACjCsB,IAAAA,mBAAM,EAACC,mBAAY,EAAEC,IAAAA,mBAAM,EAAC;IAAEC,SAASC,IAAAA,qBAAQ,EAACxC;AAAmB,KACnE,WACA,CAAC4B;IACC,IAAIa,OAAOC,IAAI,CAACd,OAAOV,MAAM,KAAK,GAAG;QACnC,OAAO;IACT;IAEA,OAAO;AACT;AAKK,MAAMhB,iBAAiBa,IAAAA,kBAAK,EAAC4B,wBAAa;AAG1C,MAAMxC,oBAAoB4B,IAAAA,iBAAI,EAAC;IACpC,4BAA4BS,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IAC7C,yBAAyBE,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IAC1C,iCAAiCE,IAAAA,qBAAQ,EACvCF,IAAAA,mBAAM,EAAC;QACLM,wBAAwBJ,IAAAA,qBAAQ,EAACK,IAAAA,oBAAO;IAC1C;IAEF,qBAAqBL,IAAAA,qBAAQ,EAC3BF,IAAAA,mBAAM,EAAC;QAAEQ,MAAMC,wCAA+B;IAAC;IAEjD,iBAAiBP,IAAAA,qBAAQ,EAACQ,yBAAgB;IAC1C,yBAAyBR,IAAAA,qBAAQ,EAACtC;IAClC,qBAAqBsC,IAAAA,qBAAQ,EAACS,6BAAoB;IAClDC,aAAaV,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IAC9B,eAAe;IACfa,cAAcX,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IAC/Bc,kBAAkBZ,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IACnCe,qBAAqBb,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IACtCgB,aAAad,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IAC9BiB,sBAAsBf,IAAAA,qBAAQ,EAACzC;IAC/ByD,wBAAwBhB,IAAAA,qBAAQ,EAACzC;IACjC0D,sBAAsBjB,IAAAA,qBAAQ,EAC5BP,IAAAA,iBAAI,EACFlB,IAAAA,kBAAK,EAACuB,IAAAA,mBAAM,EAAC;QAAEzB,UAAUoB,IAAAA,iBAAI,EAACyB,IAAAA,oBAAO,KAAI,GAAG,KAAK,KAAK;IAAG,KACzD,GACAxB;IAGJyB,iBAAiBnB,IAAAA,qBAAQ,EAACF,IAAAA,mBAAM,EAAC,CAAC;IAClCsB,aAAapB,IAAAA,qBAAQ,EAACvC;AACxB;AAKO,MAAMG,qBAAqBkC,IAAAA,mBAAM,EAAC;IACvCC,SAASsB,oBAAa;IACtBC,aAAa7B,IAAAA,iBAAI,EAACjB,IAAAA,mBAAM,KAAI,GAAG;IAC/B+C,cAAc9B,IAAAA,iBAAI,EAChB+B,IAAAA,oBAAO,EACLhD,IAAAA,mBAAM,KACN,qHAEF,GACA;IAEFiD,YAAYzB,IAAAA,qBAAQ,EAClBF,IAAAA,mBAAM,EAAC;QACLP,MAAME,IAAAA,iBAAI,EAACjB,IAAAA,mBAAM,KAAI,GAAGkB;QACxBgC,KAAKjC,IAAAA,iBAAI,EAACjB,IAAAA,mBAAM,KAAI,GAAGkB;IACzB;IAEFiC,QAAQ7B,IAAAA,mBAAM,EAAC;QACb8B,QAAQC,qBAAc;QACtBC,UAAUhC,IAAAA,mBAAM,EAAC;YACfiC,KAAKjC,IAAAA,mBAAM,EAAC;gBACVkC,UAAUvC,IAAAA,iBAAI,EAACjB,IAAAA,mBAAM,KAAI,GAAGkB;gBAC5BuC,UAAUjC,IAAAA,qBAAQ,EAACP,IAAAA,iBAAI,EAACjB,IAAAA,mBAAM,KAAI,GAAGkB;gBACrCwC,aAAaC,iBAAU;gBACvBC,UAAUC,IAAAA,kBAAK,EAAC;oBACdC,IAAAA,oBAAO,EAAC;oBACRA,IAAAA,oBAAO,EAAC;iBACT;YACH;QACF;IACF;IACAC,oBAAoB5E;IACpB6E,iBAAiBF,IAAAA,oBAAO,EAAC;IACzBG,SAASzC,IAAAA,qBAAQ,EAACxB,IAAAA,mBAAM;AAC1B;AAUO,SAASX,eAAeuB,KAAc;IAC3C,OAAOsD,IAAAA,eAAE,EAACtD,OAAOxB;AACnB;AAQO,SAASE,qBACdsB,KAAc;IAEduD,IAAAA,mBAAY,EACVvD,OACAxB,oBACA,CAAC,CAAC,EAAEgF,uBAAgB,CAACC,QAAQ,CAAC,YAAY,CAAC;AAE/C;AASO,SAAS9E,mBAAmBqB,KAAc;IAC/C,qEAAqE;IACrE,OAAO0D,IAAAA,mBAAM,EAAC1D,OAAOxB;AACvB"}

package/dist/cjs/virtual-file/toVirtualFile.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/virtual-file/toVirtualFile.ts"],"sourcesContent":["import { promises as fsPromises } from 'fs';\n\nimport { VirtualFile } from './VirtualFile';\n\n/**\n * Reads a file from filesystem and creates a vfile.\n *\n * @param path - Filesystem path to load the contents from.\n * @param encoding - Optional encoding to pass down to fs.readFile.\n * @returns Promise returning VFile with loaded file contents.\n */\nexport async function readVirtualFile(\n  path: string,\n  encoding: BufferEncoding | null = null,\n) {\n  return new VirtualFile({\n    path,\n    value: await fsPromises.readFile(path, { encoding }),\n  });\n}\n\ntype WriteVFileOptions = Exclude<\n  Parameters<typeof fsPromises['writeFile']>[2],\n  undefined\n>;\n\n/**\n * Writes vfile to filesystem.\n *\n * @param vfile - The vfile to write.\n * @param options - Options to pass down to fs.writeFile.\n */\nexport async function writeVirtualFile(\n  vfile: VirtualFile,\n  options?: WriteVFileOptions,\n) {\n  return fsPromises.writeFile(vfile.path, vfile.value, options);\n}\n"],"names":["readVirtualFile","writeVirtualFile","path","encoding","VirtualFile","value","fsPromises","readFile","vfile","options","writeFile"],"mappings":";;;;;;;;;;;IAWsBA,eAAe;eAAfA;;IAqBAC,gBAAgB;eAAhBA;;;oBAhCiB;6BAEX;AASrB,eAAeD,gBACpBE,IAAY,EACZC,WAAkC,IAAI;IAEtC,OAAO,IAAIC,wBAAW,CAAC;QACrBF;QACAG,OAAO,MAAMC,YAAU,CAACC,QAAQ,CAACL,MAAM;YAAEC;QAAS;IACpD;AACF;AAaO,eAAeF,iBACpBO,KAAkB,EAClBC,OAA2B;IAE3B,OAAOH,YAAU,CAACI,SAAS,CAACF,MAAMN,IAAI,EAAEM,MAAMH,KAAK,EAAEI;AACvD"}
+{"version":3,"sources":["../../../src/virtual-file/toVirtualFile.ts"],"sourcesContent":["import { promises as fsPromises } from 'fs';\n\nimport { VirtualFile } from './VirtualFile';\n\n/**\n * Reads a file from filesystem and creates a vfile.\n *\n * @param path - Filesystem path to load the contents from.\n * @param encoding - Optional encoding to pass down to fs.readFile.\n * @returns Promise returning VFile with loaded file contents.\n */\nexport async function readVirtualFile(\n  path: string,\n  encoding: BufferEncoding | null = null,\n) {\n  return new VirtualFile({\n    path,\n    value: await fsPromises.readFile(path, { encoding }),\n  });\n}\n\ntype WriteVFileOptions = Exclude<\n  Parameters<(typeof fsPromises)['writeFile']>[2],\n  undefined\n>;\n\n/**\n * Writes vfile to filesystem.\n *\n * @param vfile - The vfile to write.\n * @param options - Options to pass down to fs.writeFile.\n */\nexport async function writeVirtualFile(\n  vfile: VirtualFile,\n  options?: WriteVFileOptions,\n) {\n  return fsPromises.writeFile(vfile.path, vfile.value, options);\n}\n"],"names":["readVirtualFile","writeVirtualFile","path","encoding","VirtualFile","value","fsPromises","readFile","vfile","options","writeFile"],"mappings":";;;;;;;;;;;IAWsBA,eAAe;eAAfA;;IAqBAC,gBAAgB;eAAhBA;;;oBAhCiB;6BAEX;AASrB,eAAeD,gBACpBE,IAAY,EACZC,WAAkC,IAAI;IAEtC,OAAO,IAAIC,wBAAW,CAAC;QACrBF;QACAG,OAAO,MAAMC,YAAU,CAACC,QAAQ,CAACL,MAAM;YAAEC;QAAS;IACpD;AACF;AAaO,eAAeF,iBACpBO,KAAkB,EAClBC,OAA2B;IAE3B,OAAOH,YAAU,CAACI,SAAS,CAACF,MAAMN,IAAI,EAAEM,MAAMH,KAAK,EAAEI;AACvD"}

package/dist/esm/caveats.js

@@ -16,6 +16,9 @@ export var SnapCaveatType;
    * The origins that a Snap can receive JSON-RPC messages from.
    */ "RpcOrigin"] = 'rpcOrigin';
     SnapCaveatType[/**
+   * The origins that a Snap can receive keyring messages from.
+   */ "KeyringOrigin"] = 'keyringOrigin';
+    SnapCaveatType[/**
    * Caveat specifying the snap IDs that can be interacted with.
    */ "SnapIds"] = 'snapIds';
     SnapCaveatType[/**

package/dist/esm/caveats.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/caveats.ts"],"sourcesContent":["export enum SnapCaveatType {\n  /**\n   * Permitted derivation paths, used by `snap_getBip32Entropy`.\n   */\n  PermittedDerivationPaths = 'permittedDerivationPaths',\n\n  /**\n   * Permitted coin types, used by `snap_getBip44Entropy`.\n   */\n  PermittedCoinTypes = 'permittedCoinTypes',\n\n  /**\n   * Caveat specifying a snap cronjob.\n   */\n  SnapCronjob = 'snapCronjob',\n\n  /**\n   * Caveat specifying access to the transaction origin, used by `endowment:transaction-insight`.\n   */\n  TransactionOrigin = 'transactionOrigin',\n\n  /**\n   * The origins that a Snap can receive JSON-RPC messages from.\n   */\n  RpcOrigin = 'rpcOrigin',\n\n  /**\n   * Caveat specifying the snap IDs that can be interacted with.\n   */\n  SnapIds = 'snapIds',\n\n  /**\n   * Caveat specifying the CAIP-2 chain IDs that a snap can service, currently limited to `endowment:name-lookup`.\n   */\n  ChainIds = 'chainIds',\n}\n"],"names":["SnapCaveatType","PermittedDerivationPaths","PermittedCoinTypes","SnapCronjob","TransactionOrigin","RpcOrigin","SnapIds","ChainIds"],"mappings":"WAAO;UAAKA,cAAc;IAAdA,eACV;;GAEC,GACDC,8BAA2B;IAJjBD,eAMV;;GAEC,GACDE,wBAAqB;IATXF,eAWV;;GAEC,GACDG,iBAAc;IAdJH,eAgBV;;GAEC,GACDI,uBAAoB;IAnBVJ,eAqBV;;GAEC,GACDK,eAAY;IAxBFL,eA0BV;;GAEC,GACDM,aAAU;IA7BAN,eA+BV;;GAEC,GACDO,cAAW;GAlCDP,mBAAAA"}
+{"version":3,"sources":["../../src/caveats.ts"],"sourcesContent":["export enum SnapCaveatType {\n  /**\n   * Permitted derivation paths, used by `snap_getBip32Entropy`.\n   */\n  PermittedDerivationPaths = 'permittedDerivationPaths',\n\n  /**\n   * Permitted coin types, used by `snap_getBip44Entropy`.\n   */\n  PermittedCoinTypes = 'permittedCoinTypes',\n\n  /**\n   * Caveat specifying a snap cronjob.\n   */\n  SnapCronjob = 'snapCronjob',\n\n  /**\n   * Caveat specifying access to the transaction origin, used by `endowment:transaction-insight`.\n   */\n  TransactionOrigin = 'transactionOrigin',\n\n  /**\n   * The origins that a Snap can receive JSON-RPC messages from.\n   */\n  RpcOrigin = 'rpcOrigin',\n\n  /**\n   * The origins that a Snap can receive keyring messages from.\n   */\n  KeyringOrigin = 'keyringOrigin',\n\n  /**\n   * Caveat specifying the snap IDs that can be interacted with.\n   */\n  SnapIds = 'snapIds',\n\n  /**\n   * Caveat specifying the CAIP-2 chain IDs that a snap can service, currently limited to `endowment:name-lookup`.\n   */\n  ChainIds = 'chainIds',\n}\n"],"names":["SnapCaveatType","PermittedDerivationPaths","PermittedCoinTypes","SnapCronjob","TransactionOrigin","RpcOrigin","KeyringOrigin","SnapIds","ChainIds"],"mappings":"WAAO;UAAKA,cAAc;IAAdA,eACV;;GAEC,GACDC,8BAA2B;IAJjBD,eAMV;;GAEC,GACDE,wBAAqB;IATXF,eAWV;;GAEC,GACDG,iBAAc;IAdJH,eAgBV;;GAEC,GACDI,uBAAoB;IAnBVJ,eAqBV;;GAEC,GACDK,eAAY;IAxBFL,eA0BV;;GAEC,GACDM,mBAAgB;IA7BNN,eA+BV;;GAEC,GACDO,aAAU;IAlCAP,eAoCV;;GAEC,GACDQ,cAAW;GAvCDR,mBAAAA"}

package/dist/esm/handlers.js

@@ -6,6 +6,7 @@ export var HandlerType;
     HandlerType["OnInstall"] = 'onInstall';
     HandlerType["OnUpdate"] = 'onUpdate';
     HandlerType["OnNameLookup"] = 'onNameLookup';
+    HandlerType["OnKeyringRequest"] = 'onKeyringRequest';
 })(HandlerType || (HandlerType = {}));
 export const SNAP_EXPORTS = {
     [HandlerType.OnRpcRequest]: {
@@ -49,6 +50,13 @@ export const SNAP_EXPORTS = {
         validator: (snapExport)=>{
             return typeof snapExport === 'function';
         }
+    },
+    [HandlerType.OnKeyringRequest]: {
+        type: HandlerType.OnKeyringRequest,
+        required: true,
+        validator: (snapExport)=>{
+            return typeof snapExport === 'function';
+        }
     }
 };
 export var SeverityLevel;

package/dist/esm/handlers.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/handlers.ts"],"sourcesContent":["import type { Component } from '@metamask/snaps-ui';\nimport type { Json, JsonRpcParams, JsonRpcRequest } from '@metamask/utils';\n\nimport type { EnumToUnion } from './enum';\nimport type { AccountAddress, Caip2ChainId } from './namespace';\n\nexport enum HandlerType {\n  OnRpcRequest = 'onRpcRequest',\n  OnTransaction = 'onTransaction',\n  OnCronjob = 'onCronjob',\n  OnInstall = 'onInstall',\n  OnUpdate = 'onUpdate',\n  OnNameLookup = 'onNameLookup',\n}\n\ntype SnapHandler = {\n  /**\n   * The type of handler.\n   */\n  type: HandlerType;\n\n  /**\n   * Whether the handler is required, i.e., whether the request will fail if the\n   * handler is called, but the snap does not export it.\n   *\n   * This is primarily used for the lifecycle handlers, which are optional.\n   */\n  required: boolean;\n\n  /**\n   * Validate the given snap export. This should return a type guard for the\n   * handler type.\n   *\n   * @param snapExport - The export to validate.\n   * @returns Whether the export is valid.\n   */\n  validator: (snapExport: unknown) => boolean;\n};\n\nexport const SNAP_EXPORTS = {\n  [HandlerType.OnRpcRequest]: {\n    type: HandlerType.OnRpcRequest,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnRpcRequestHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnTransaction]: {\n    type: HandlerType.OnTransaction,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnTransactionHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnCronjob]: {\n    type: HandlerType.OnCronjob,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnCronjobHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnNameLookup]: {\n    type: HandlerType.OnNameLookup,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnNameLookupHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnInstall]: {\n    type: HandlerType.OnInstall,\n    required: false,\n    validator: (snapExport: unknown): snapExport is OnInstallHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnUpdate]: {\n    type: HandlerType.OnUpdate,\n    required: false,\n    validator: (snapExport: unknown): snapExport is OnUpdateHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n} as const;\n\n/**\n * The `onRpcRequest` handler. This is called whenever a JSON-RPC request is\n * made to the snap.\n *\n * @param args - The request arguments.\n * @param args.origin - The origin of the request. This can be the ID of another\n * snap, or the URL of a dapp.\n * @param args.request - The JSON-RPC request sent to the snap.\n * @returns The JSON-RPC response. This must be a JSON-serializable value.\n */\nexport type OnRpcRequestHandler<Params extends JsonRpcParams = JsonRpcParams> =\n  (args: {\n    origin: string;\n    request: JsonRpcRequest<Params>;\n  }) => Promise<unknown>;\n\n/**\n * Enum used to specify the severity level of content being returned from a transaction insight.\n */\nexport enum SeverityLevel {\n  Critical = 'critical',\n}\n\n/**\n * The response from a snap's `onTransaction` handler.\n *\n * @property content - A custom UI component, that will be shown in MetaMask. Can be created using `@metamask/snaps-ui`.\n *\n * If the snap has no insights about the transaction, this should be `null`.\n */\nexport type OnTransactionResponse = {\n  content: Component | null;\n  severity?: EnumToUnion<SeverityLevel>;\n};\n\n/**\n * The `onTransaction` handler. This is called whenever a transaction is\n * submitted to the snap. It can return insights about the transaction, which\n * will be displayed to the user.\n *\n * @param args - The request arguments.\n * @param args.transaction - The transaction object.\n * @param args.chainId - The CAIP-2 chain ID of the network the transaction is\n * being submitted to.\n * @param args.transactionOrigin - The origin of the transaction. This is the\n * URL of the dapp that submitted the transaction.\n * @returns Insights about the transaction. See {@link OnTransactionResponse}.\n */\n// TODO: Improve type.\nexport type OnTransactionHandler = (args: {\n  transaction: { [key: string]: Json };\n  chainId: string;\n  transactionOrigin?: string;\n}) => Promise<OnTransactionResponse>;\n\n/**\n * The `onCronjob` handler. This is called on a regular interval, as defined by\n * the snap's manifest.\n *\n * @param args - The request arguments.\n * @param args.request - The JSON-RPC request sent to the snap.\n */\nexport type OnCronjobHandler<Params extends JsonRpcParams = JsonRpcParams> =\n  (args: { request: JsonRpcRequest<Params> }) => Promise<unknown>;\n\n/**\n * A handler that can be used for the lifecycle hooks.\n */\nexport type LifecycleEventHandler = (args: {\n  request: JsonRpcRequest;\n}) => Promise<unknown>;\n\n/**\n * The `onInstall` handler. This is called after the snap is installed.\n *\n * This type is an alias for {@link LifecycleEventHandler}.\n */\nexport type OnInstallHandler = LifecycleEventHandler;\n\n/**\n * The `onUpdate` handler. This is called after the snap is updated.\n *\n * This type is an alias for {@link LifecycleEventHandler}.\n */\nexport type OnUpdateHandler = LifecycleEventHandler;\n\n/**\n * Utility type for getting the handler function type from a handler type.\n */\nexport type HandlerFunction<Type extends SnapHandler> =\n  Type['validator'] extends (snapExport: unknown) => snapExport is infer Handler\n    ? Handler\n    : never;\n\n/**\n * The response from a snap's `onNameLookup` handler.\n *\n * @property resolvedAddress - The resolved address for a given domain.\n * @property resolvedDomain - The resolved domain for a given address.\n *\n *\n * If the snap has no resolved address/domain from its lookup, this should be `null`.\n */\nexport type OnNameLookupResponse =\n  | {\n      resolvedAddress: AccountAddress;\n      resolvedDomain?: never;\n    }\n  | { resolvedDomain: string; resolvedAddress?: never }\n  | null;\n\nexport type OnNameLookupArgs = {\n  chainId: Caip2ChainId;\n} & ({ domain: string; address?: never } | { address: string; domain?: never });\n\n/**\n * The `onNameLookup` handler. This is called whenever content is entered\n * into the send to field for sending assets to an EOA address.\n *\n * @param args - The request arguments.\n * @param args.domain - The human-readable address that is to be resolved.\n * @param args.chainId - The CAIP-2 chain ID of the network the transaction is\n * being submitted to.\n * @param args.address - The address that is to be resolved.\n * @returns Resolved address/domain from the lookup. See {@link OnNameLookupResponse}.\n */\nexport type OnNameLookupHandler = (\n  args: OnNameLookupArgs,\n) => Promise<OnNameLookupResponse>;\n\n/**\n * All the function-based handlers that a snap can implement.\n */\nexport type SnapFunctionExports = {\n  [Key in keyof typeof SNAP_EXPORTS]?: HandlerFunction<\n    typeof SNAP_EXPORTS[Key]\n  >;\n};\n\n/**\n * All handlers that a snap can implement.\n */\nexport type SnapExports = SnapFunctionExports;\n"],"names":["HandlerType","OnRpcRequest","OnTransaction","OnCronjob","OnInstall","OnUpdate","OnNameLookup","SNAP_EXPORTS","type","required","validator","snapExport","SeverityLevel","Critical"],"mappings":"WAMO;UAAKA,WAAW;IAAXA,YACVC,kBAAe;IADLD,YAEVE,mBAAgB;IAFNF,YAGVG,eAAY;IAHFH,YAIVI,eAAY;IAJFJ,YAKVK,cAAW;IALDL,YAMVM,kBAAe;GANLN,gBAAAA;AAiCZ,OAAO,MAAMO,eAAe;IAC1B,CAACP,YAAYC,YAAY,CAAC,EAAE;QAC1BO,MAAMR,YAAYC,YAAY;QAC9BQ,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACX,YAAYE,aAAa,CAAC,EAAE;QAC3BM,MAAMR,YAAYE,aAAa;QAC/BO,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACX,YAAYG,SAAS,CAAC,EAAE;QACvBK,MAAMR,YAAYG,SAAS;QAC3BM,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACX,YAAYM,YAAY,CAAC,EAAE;QAC1BE,MAAMR,YAAYM,YAAY;QAC9BG,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACX,YAAYI,SAAS,CAAC,EAAE;QACvBI,MAAMR,YAAYI,SAAS;QAC3BK,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACX,YAAYK,QAAQ,CAAC,EAAE;QACtBG,MAAMR,YAAYK,QAAQ;QAC1BI,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;AACF,EAAW;WAqBJ;UAAKC,aAAa;IAAbA,cACVC,cAAW;GADDD,kBAAAA"}
+{"version":3,"sources":["../../src/handlers.ts"],"sourcesContent":["import type { Component } from '@metamask/snaps-ui';\nimport type { Json, JsonRpcParams, JsonRpcRequest } from '@metamask/utils';\n\nimport type { EnumToUnion } from './enum';\nimport type { AccountAddress, Caip2ChainId } from './namespace';\n\nexport enum HandlerType {\n  OnRpcRequest = 'onRpcRequest',\n  OnTransaction = 'onTransaction',\n  OnCronjob = 'onCronjob',\n  OnInstall = 'onInstall',\n  OnUpdate = 'onUpdate',\n  OnNameLookup = 'onNameLookup',\n  OnKeyringRequest = 'onKeyringRequest',\n}\n\ntype SnapHandler = {\n  /**\n   * The type of handler.\n   */\n  type: HandlerType;\n\n  /**\n   * Whether the handler is required, i.e., whether the request will fail if the\n   * handler is called, but the snap does not export it.\n   *\n   * This is primarily used for the lifecycle handlers, which are optional.\n   */\n  required: boolean;\n\n  /**\n   * Validate the given snap export. This should return a type guard for the\n   * handler type.\n   *\n   * @param snapExport - The export to validate.\n   * @returns Whether the export is valid.\n   */\n  validator: (snapExport: unknown) => boolean;\n};\n\nexport const SNAP_EXPORTS = {\n  [HandlerType.OnRpcRequest]: {\n    type: HandlerType.OnRpcRequest,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnRpcRequestHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnTransaction]: {\n    type: HandlerType.OnTransaction,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnTransactionHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnCronjob]: {\n    type: HandlerType.OnCronjob,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnCronjobHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnNameLookup]: {\n    type: HandlerType.OnNameLookup,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnNameLookupHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnInstall]: {\n    type: HandlerType.OnInstall,\n    required: false,\n    validator: (snapExport: unknown): snapExport is OnInstallHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnUpdate]: {\n    type: HandlerType.OnUpdate,\n    required: false,\n    validator: (snapExport: unknown): snapExport is OnUpdateHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n  [HandlerType.OnKeyringRequest]: {\n    type: HandlerType.OnKeyringRequest,\n    required: true,\n    validator: (snapExport: unknown): snapExport is OnKeyringRequestHandler => {\n      return typeof snapExport === 'function';\n    },\n  },\n} as const;\n\n/**\n * The `onRpcRequest` handler. This is called whenever a JSON-RPC request is\n * made to the snap.\n *\n * @param args - The request arguments.\n * @param args.origin - The origin of the request. This can be the ID of another\n * snap, or the URL of a dapp.\n * @param args.request - The JSON-RPC request sent to the snap.\n * @returns The JSON-RPC response. This must be a JSON-serializable value.\n */\nexport type OnRpcRequestHandler<Params extends JsonRpcParams = JsonRpcParams> =\n  (args: {\n    origin: string;\n    request: JsonRpcRequest<Params>;\n  }) => Promise<unknown>;\n\n/**\n * Enum used to specify the severity level of content being returned from a transaction insight.\n */\nexport enum SeverityLevel {\n  Critical = 'critical',\n}\n\n/**\n * The response from a snap's `onTransaction` handler.\n *\n * @property content - A custom UI component, that will be shown in MetaMask. Can be created using `@metamask/snaps-ui`.\n *\n * If the snap has no insights about the transaction, this should be `null`.\n */\nexport type OnTransactionResponse = {\n  content: Component | null;\n  severity?: EnumToUnion<SeverityLevel>;\n};\n\n/**\n * The `onTransaction` handler. This is called whenever a transaction is\n * submitted to the snap. It can return insights about the transaction, which\n * will be displayed to the user.\n *\n * @param args - The request arguments.\n * @param args.transaction - The transaction object.\n * @param args.chainId - The CAIP-2 chain ID of the network the transaction is\n * being submitted to.\n * @param args.transactionOrigin - The origin of the transaction. This is the\n * URL of the dapp that submitted the transaction.\n * @returns Insights about the transaction. See {@link OnTransactionResponse}.\n */\n// TODO: Improve type.\nexport type OnTransactionHandler = (args: {\n  transaction: { [key: string]: Json };\n  chainId: string;\n  transactionOrigin?: string;\n}) => Promise<OnTransactionResponse>;\n\n/**\n * The `onCronjob` handler. This is called on a regular interval, as defined by\n * the snap's manifest.\n *\n * @param args - The request arguments.\n * @param args.request - The JSON-RPC request sent to the snap.\n */\nexport type OnCronjobHandler<Params extends JsonRpcParams = JsonRpcParams> =\n  (args: { request: JsonRpcRequest<Params> }) => Promise<unknown>;\n\n/**\n * A handler that can be used for the lifecycle hooks.\n */\nexport type LifecycleEventHandler = (args: {\n  request: JsonRpcRequest;\n}) => Promise<unknown>;\n\n/**\n * The `onInstall` handler. This is called after the snap is installed.\n *\n * This type is an alias for {@link LifecycleEventHandler}.\n */\nexport type OnInstallHandler = LifecycleEventHandler;\n\n/**\n * The `onUpdate` handler. This is called after the snap is updated.\n *\n * This type is an alias for {@link LifecycleEventHandler}.\n */\nexport type OnUpdateHandler = LifecycleEventHandler;\n\n/**\n * The `onKeyringRequest` handler. This is called by the MetaMask client for\n * privileged keyring actions.\n *\n * @param args - The request arguments.\n * @param args.origin - The origin of the request. This can be the ID of\n * another snap, or the URL of a dapp.\n * @param args.request - The JSON-RPC request sent to the snap.\n */\nexport type OnKeyringRequestHandler<\n  Params extends JsonRpcParams = JsonRpcParams,\n> = (args: {\n  origin: string;\n  request: JsonRpcRequest<Params>;\n}) => Promise<unknown>;\n\n/**\n * Utility type for getting the handler function type from a handler type.\n */\nexport type HandlerFunction<Type extends SnapHandler> =\n  Type['validator'] extends (snapExport: unknown) => snapExport is infer Handler\n    ? Handler\n    : never;\n\n/**\n * The response from a snap's `onNameLookup` handler.\n *\n * @property resolvedAddress - The resolved address for a given domain.\n * @property resolvedDomain - The resolved domain for a given address.\n *\n *\n * If the snap has no resolved address/domain from its lookup, this should be `null`.\n */\nexport type OnNameLookupResponse =\n  | {\n      resolvedAddress: AccountAddress;\n      resolvedDomain?: never;\n    }\n  | { resolvedDomain: string; resolvedAddress?: never }\n  | null;\n\nexport type OnNameLookupArgs = {\n  chainId: Caip2ChainId;\n} & ({ domain: string; address?: never } | { address: string; domain?: never });\n\n/**\n * The `onNameLookup` handler. This is called whenever content is entered\n * into the send to field for sending assets to an EOA address.\n *\n * @param args - The request arguments.\n * @param args.domain - The human-readable address that is to be resolved.\n * @param args.chainId - The CAIP-2 chain ID of the network the transaction is\n * being submitted to.\n * @param args.address - The address that is to be resolved.\n * @returns Resolved address/domain from the lookup. See {@link OnNameLookupResponse}.\n */\nexport type OnNameLookupHandler = (\n  args: OnNameLookupArgs,\n) => Promise<OnNameLookupResponse>;\n\n/**\n * All the function-based handlers that a snap can implement.\n */\nexport type SnapFunctionExports = {\n  [Key in keyof typeof SNAP_EXPORTS]?: HandlerFunction<\n    (typeof SNAP_EXPORTS)[Key]\n  >;\n};\n\n/**\n * All handlers that a snap can implement.\n */\nexport type SnapExports = SnapFunctionExports;\n"],"names":["HandlerType","OnRpcRequest","OnTransaction","OnCronjob","OnInstall","OnUpdate","OnNameLookup","OnKeyringRequest","SNAP_EXPORTS","type","required","validator","snapExport","SeverityLevel","Critical"],"mappings":"WAMO;UAAKA,WAAW;IAAXA,YACVC,kBAAe;IADLD,YAEVE,mBAAgB;IAFNF,YAGVG,eAAY;IAHFH,YAIVI,eAAY;IAJFJ,YAKVK,cAAW;IALDL,YAMVM,kBAAe;IANLN,YAOVO,sBAAmB;GAPTP,gBAAAA;AAkCZ,OAAO,MAAMQ,eAAe;IAC1B,CAACR,YAAYC,YAAY,CAAC,EAAE;QAC1BQ,MAAMT,YAAYC,YAAY;QAC9BS,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACZ,YAAYE,aAAa,CAAC,EAAE;QAC3BO,MAAMT,YAAYE,aAAa;QAC/BQ,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACZ,YAAYG,SAAS,CAAC,EAAE;QACvBM,MAAMT,YAAYG,SAAS;QAC3BO,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACZ,YAAYM,YAAY,CAAC,EAAE;QAC1BG,MAAMT,YAAYM,YAAY;QAC9BI,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACZ,YAAYI,SAAS,CAAC,EAAE;QACvBK,MAAMT,YAAYI,SAAS;QAC3BM,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACZ,YAAYK,QAAQ,CAAC,EAAE;QACtBI,MAAMT,YAAYK,QAAQ;QAC1BK,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;IACA,CAACZ,YAAYO,gBAAgB,CAAC,EAAE;QAC9BE,MAAMT,YAAYO,gBAAgB;QAClCG,UAAU;QACVC,WAAW,CAACC;YACV,OAAO,OAAOA,eAAe;QAC/B;IACF;AACF,EAAW;WAqBJ;UAAKC,aAAa;IAAbA,cACVC,cAAW;GADDD,kBAAAA"}

package/dist/esm/json-rpc.js

@@ -1,13 +1,16 @@
-import { isJsonRpcFailure, isJsonRpcSuccess, assertStruct } from '@metamask/utils';
-import { boolean, object, optional, refine } from 'superstruct';
+import { SubjectType } from '@metamask/permission-controller';
+import { assertStruct, isJsonRpcFailure, isJsonRpcSuccess } from '@metamask/utils';
+import { array, boolean, object, optional, refine, string } from 'superstruct';
 export const RpcOriginsStruct = refine(object({
     dapps: optional(boolean()),
-    snaps: optional(boolean())
+    snaps: optional(boolean()),
+    allowedOrigins: optional(array(string()))
 }), 'RPC origins', (value)=>{
-    if (!Object.values(value).some(Boolean)) {
-        throw new Error('Must specify at least one JSON-RPC origin');
+    const hasOrigins = Boolean(value.snaps === true || value.dapps === true || value.allowedOrigins && value.allowedOrigins.length > 0);
+    if (hasOrigins) {
+        return true;
     }
-    return true;
+    return 'Must specify at least one JSON-RPC origin.';
 });
 /**
  * Asserts that the given value is a valid {@link RpcOrigins} object.
@@ -20,6 +23,43 @@ export const RpcOriginsStruct = refine(object({
 ErrorWrapper) {
     assertStruct(value, RpcOriginsStruct, 'Invalid JSON-RPC origins', ErrorWrapper);
 }
+export const KeyringOriginsStruct = object({
+    allowedOrigins: optional(array(string()))
+});
+/**
+ * Assert that the given value is a valid {@link KeyringOrigins} object.
+ *
+ * @param value - The value to assert.
+ * @param ErrorWrapper - An optional error wrapper to use. Defaults to
+ * {@link AssertionError}.
+ * @throws If the value is not a valid {@link KeyringOrigins} object.
+ */ export function assertIsKeyringOrigins(value, // eslint-disable-next-line @typescript-eslint/naming-convention
+ErrorWrapper) {
+    assertStruct(value, KeyringOriginsStruct, 'Invalid keyring origins', ErrorWrapper);
+}
+/**
+ * Check if the given origin is allowed by the given JSON-RPC origins object.
+ *
+ * @param origins - The JSON-RPC origins object.
+ * @param subjectType - The type of the origin.
+ * @param origin - The origin to check.
+ * @returns Whether the origin is allowed.
+ */ export function isOriginAllowed(origins, subjectType, origin) {
+    // The MetaMask client is always allowed.
+    if (origin === 'metamask') {
+        return true;
+    }
+    // If the origin is in the `allowedOrigins` list, it is allowed.
+    if (origins.allowedOrigins?.includes(origin)) {
+        return true;
+    }
+    // If the origin is a website and `dapps` is true, it is allowed.
+    if (subjectType === SubjectType.Website && origins.dapps) {
+        return true;
+    }
+    // If the origin is a snap and `snaps` is true, it is allowed.
+    return Boolean(subjectType === SubjectType.Snap && origins.snaps);
+}
 /**
  * Assert that the given value is a successful JSON-RPC response. If the value
  * is not a success response, an error is thrown. If the value is an JSON-RPC

package/dist/esm/json-rpc.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/json-rpc.ts"],"sourcesContent":["import type {\n  Json,\n  JsonRpcSuccess,\n  AssertionErrorConstructor,\n} from '@metamask/utils';\nimport {\n  isJsonRpcFailure,\n  isJsonRpcSuccess,\n  assertStruct,\n} from '@metamask/utils';\nimport type { Infer } from 'superstruct';\nimport { boolean, object, optional, refine } from 'superstruct';\n\nexport const RpcOriginsStruct = refine(\n  object({\n    dapps: optional(boolean()),\n    snaps: optional(boolean()),\n  }),\n  'RPC origins',\n  (value) => {\n    if (!Object.values(value).some(Boolean)) {\n      throw new Error('Must specify at least one JSON-RPC origin');\n    }\n\n    return true;\n  },\n);\n\nexport type RpcOrigins = Infer<typeof RpcOriginsStruct>;\n\n/**\n * Asserts that the given value is a valid {@link RpcOrigins} object.\n *\n * @param value - The value to assert.\n * @param ErrorWrapper - An optional error wrapper to use. Defaults to\n * {@link AssertionError}.\n * @throws If the value is not a valid {@link RpcOrigins} object.\n */\nexport function assertIsRpcOrigins(\n  value: unknown,\n  // eslint-disable-next-line @typescript-eslint/naming-convention\n  ErrorWrapper?: AssertionErrorConstructor,\n): asserts value is RpcOrigins {\n  assertStruct(\n    value,\n    RpcOriginsStruct,\n    'Invalid JSON-RPC origins',\n    ErrorWrapper,\n  );\n}\n\n/**\n * Assert that the given value is a successful JSON-RPC response. If the value\n * is not a success response, an error is thrown. If the value is an JSON-RPC\n * error, the error message is included in the thrown error.\n *\n * @param value - The value to check.\n * @throws If the value is not a JSON-RPC success response.\n */\nexport function assertIsJsonRpcSuccess(\n  value: unknown,\n): asserts value is JsonRpcSuccess<Json> {\n  if (!isJsonRpcSuccess(value)) {\n    if (isJsonRpcFailure(value)) {\n      throw new Error(`JSON-RPC request failed: ${value.error.message}`);\n    }\n\n    throw new Error('Invalid JSON-RPC response.');\n  }\n}\n"],"names":["isJsonRpcFailure","isJsonRpcSuccess","assertStruct","boolean","object","optional","refine","RpcOriginsStruct","dapps","snaps","value","Object","values","some","Boolean","Error","assertIsRpcOrigins","ErrorWrapper","assertIsJsonRpcSuccess","error","message"],"mappings":"AAKA,SACEA,gBAAgB,EAChBC,gBAAgB,EAChBC,YAAY,QACP,kBAAkB;AAEzB,SAASC,OAAO,EAAEC,MAAM,EAAEC,QAAQ,EAAEC,MAAM,QAAQ,cAAc;AAEhE,OAAO,MAAMC,mBAAmBD,OAC9BF,OAAO;IACLI,OAAOH,SAASF;IAChBM,OAAOJ,SAASF;AAClB,IACA,eACA,CAACO;IACC,IAAI,CAACC,OAAOC,MAAM,CAACF,OAAOG,IAAI,CAACC,UAAU;QACvC,MAAM,IAAIC,MAAM;IAClB;IAEA,OAAO;AACT,GACA;AAIF;;;;;;;CAOC,GACD,OAAO,SAASC,mBACdN,KAAc,EACd,gEAAgE;AAChEO,YAAwC;IAExCf,aACEQ,OACAH,kBACA,4BACAU;AAEJ;AAEA;;;;;;;CAOC,GACD,OAAO,SAASC,uBACdR,KAAc;IAEd,IAAI,CAACT,iBAAiBS,QAAQ;QAC5B,IAAIV,iBAAiBU,QAAQ;YAC3B,MAAM,IAAIK,MAAM,CAAC,yBAAyB,EAAEL,MAAMS,KAAK,CAACC,OAAO,CAAC,CAAC;QACnE;QAEA,MAAM,IAAIL,MAAM;IAClB;AACF"}
+{"version":3,"sources":["../../src/json-rpc.ts"],"sourcesContent":["import { SubjectType } from '@metamask/permission-controller';\nimport type {\n  AssertionErrorConstructor,\n  Json,\n  JsonRpcSuccess,\n} from '@metamask/utils';\nimport {\n  assertStruct,\n  isJsonRpcFailure,\n  isJsonRpcSuccess,\n} from '@metamask/utils';\nimport type { Infer } from 'superstruct';\nimport { array, boolean, object, optional, refine, string } from 'superstruct';\n\nexport const RpcOriginsStruct = refine(\n  object({\n    dapps: optional(boolean()),\n    snaps: optional(boolean()),\n    allowedOrigins: optional(array(string())),\n  }),\n  'RPC origins',\n  (value) => {\n    const hasOrigins = Boolean(\n      value.snaps === true ||\n        value.dapps === true ||\n        (value.allowedOrigins && value.allowedOrigins.length > 0),\n    );\n\n    if (hasOrigins) {\n      return true;\n    }\n\n    return 'Must specify at least one JSON-RPC origin.';\n  },\n);\n\nexport type RpcOrigins = Infer<typeof RpcOriginsStruct>;\n\n/**\n * Asserts that the given value is a valid {@link RpcOrigins} object.\n *\n * @param value - The value to assert.\n * @param ErrorWrapper - An optional error wrapper to use. Defaults to\n * {@link AssertionError}.\n * @throws If the value is not a valid {@link RpcOrigins} object.\n */\nexport function assertIsRpcOrigins(\n  value: unknown,\n  // eslint-disable-next-line @typescript-eslint/naming-convention\n  ErrorWrapper?: AssertionErrorConstructor,\n): asserts value is RpcOrigins {\n  assertStruct(\n    value,\n    RpcOriginsStruct,\n    'Invalid JSON-RPC origins',\n    ErrorWrapper,\n  );\n}\n\nexport const KeyringOriginsStruct = object({\n  allowedOrigins: optional(array(string())),\n});\n\nexport type KeyringOrigins = Infer<typeof KeyringOriginsStruct>;\n\n/**\n * Assert that the given value is a valid {@link KeyringOrigins} object.\n *\n * @param value - The value to assert.\n * @param ErrorWrapper - An optional error wrapper to use. Defaults to\n * {@link AssertionError}.\n * @throws If the value is not a valid {@link KeyringOrigins} object.\n */\nexport function assertIsKeyringOrigins(\n  value: unknown,\n  // eslint-disable-next-line @typescript-eslint/naming-convention\n  ErrorWrapper?: AssertionErrorConstructor,\n): asserts value is KeyringOrigins {\n  assertStruct(\n    value,\n    KeyringOriginsStruct,\n    'Invalid keyring origins',\n    ErrorWrapper,\n  );\n}\n\n/**\n * Check if the given origin is allowed by the given JSON-RPC origins object.\n *\n * @param origins - The JSON-RPC origins object.\n * @param subjectType - The type of the origin.\n * @param origin - The origin to check.\n * @returns Whether the origin is allowed.\n */\nexport function isOriginAllowed(\n  origins: RpcOrigins,\n  subjectType: SubjectType,\n  origin: string,\n) {\n  // The MetaMask client is always allowed.\n  if (origin === 'metamask') {\n    return true;\n  }\n\n  // If the origin is in the `allowedOrigins` list, it is allowed.\n  if (origins.allowedOrigins?.includes(origin)) {\n    return true;\n  }\n\n  // If the origin is a website and `dapps` is true, it is allowed.\n  if (subjectType === SubjectType.Website && origins.dapps) {\n    return true;\n  }\n\n  // If the origin is a snap and `snaps` is true, it is allowed.\n  return Boolean(subjectType === SubjectType.Snap && origins.snaps);\n}\n\n/**\n * Assert that the given value is a successful JSON-RPC response. If the value\n * is not a success response, an error is thrown. If the value is an JSON-RPC\n * error, the error message is included in the thrown error.\n *\n * @param value - The value to check.\n * @throws If the value is not a JSON-RPC success response.\n */\nexport function assertIsJsonRpcSuccess(\n  value: unknown,\n): asserts value is JsonRpcSuccess<Json> {\n  if (!isJsonRpcSuccess(value)) {\n    if (isJsonRpcFailure(value)) {\n      throw new Error(`JSON-RPC request failed: ${value.error.message}`);\n    }\n\n    throw new Error('Invalid JSON-RPC response.');\n  }\n}\n"],"names":["SubjectType","assertStruct","isJsonRpcFailure","isJsonRpcSuccess","array","boolean","object","optional","refine","string","RpcOriginsStruct","dapps","snaps","allowedOrigins","value","hasOrigins","Boolean","length","assertIsRpcOrigins","ErrorWrapper","KeyringOriginsStruct","assertIsKeyringOrigins","isOriginAllowed","origins","subjectType","origin","includes","Website","Snap","assertIsJsonRpcSuccess","Error","error","message"],"mappings":"AAAA,SAASA,WAAW,QAAQ,kCAAkC;AAM9D,SACEC,YAAY,EACZC,gBAAgB,EAChBC,gBAAgB,QACX,kBAAkB;AAEzB,SAASC,KAAK,EAAEC,OAAO,EAAEC,MAAM,EAAEC,QAAQ,EAAEC,MAAM,EAAEC,MAAM,QAAQ,cAAc;AAE/E,OAAO,MAAMC,mBAAmBF,OAC9BF,OAAO;IACLK,OAAOJ,SAASF;IAChBO,OAAOL,SAASF;IAChBQ,gBAAgBN,SAASH,MAAMK;AACjC,IACA,eACA,CAACK;IACC,MAAMC,aAAaC,QACjBF,MAAMF,KAAK,KAAK,QACdE,MAAMH,KAAK,KAAK,QACfG,MAAMD,cAAc,IAAIC,MAAMD,cAAc,CAACI,MAAM,GAAG;IAG3D,IAAIF,YAAY;QACd,OAAO;IACT;IAEA,OAAO;AACT,GACA;AAIF;;;;;;;CAOC,GACD,OAAO,SAASG,mBACdJ,KAAc,EACd,gEAAgE;AAChEK,YAAwC;IAExClB,aACEa,OACAJ,kBACA,4BACAS;AAEJ;AAEA,OAAO,MAAMC,uBAAuBd,OAAO;IACzCO,gBAAgBN,SAASH,MAAMK;AACjC,GAAG;AAIH;;;;;;;CAOC,GACD,OAAO,SAASY,uBACdP,KAAc,EACd,gEAAgE;AAChEK,YAAwC;IAExClB,aACEa,OACAM,sBACA,2BACAD;AAEJ;AAEA;;;;;;;CAOC,GACD,OAAO,SAASG,gBACdC,OAAmB,EACnBC,WAAwB,EACxBC,MAAc;IAEd,yCAAyC;IACzC,IAAIA,WAAW,YAAY;QACzB,OAAO;IACT;IAEA,gEAAgE;IAChE,IAAIF,QAAQV,cAAc,EAAEa,SAASD,SAAS;QAC5C,OAAO;IACT;IAEA,iEAAiE;IACjE,IAAID,gBAAgBxB,YAAY2B,OAAO,IAAIJ,QAAQZ,KAAK,EAAE;QACxD,OAAO;IACT;IAEA,8DAA8D;IAC9D,OAAOK,QAAQQ,gBAAgBxB,YAAY4B,IAAI,IAAIL,QAAQX,KAAK;AAClE;AAEA;;;;;;;CAOC,GACD,OAAO,SAASiB,uBACdf,KAAc;IAEd,IAAI,CAACX,iBAAiBW,QAAQ;QAC5B,IAAIZ,iBAAiBY,QAAQ;YAC3B,MAAM,IAAIgB,MAAM,CAAC,yBAAyB,EAAEhB,MAAMiB,KAAK,CAACC,OAAO,CAAC,CAAC;QACnE;QAEA,MAAM,IAAIF,MAAM;IAClB;AACF"}

package/dist/esm/manifest/validation.js

@@ -4,7 +4,7 @@ import { array, boolean, create, enums, integer, is, literal, object, optional,
 import { isEqual } from '../array';
 import { CronjobSpecificationArrayStruct } from '../cronjob';
 import { SIP_6_MAGIC_VALUE, STATE_ENCRYPTION_MAGIC_VALUE } from '../entropy';
-import { RpcOriginsStruct } from '../json-rpc';
+import { KeyringOriginsStruct, RpcOriginsStruct } from '../json-rpc';
 import { ChainIdStruct } from '../namespace';
 import { SnapIdStruct } from '../snaps';
 import { NameStruct, NpmSnapFileNames } from '../types';
@@ -74,7 +74,6 @@ export const SnapIdsStruct = refine(record(SnapIdStruct, object({
 });
 export const ChainIdsStruct = array(ChainIdStruct);
 /* eslint-disable @typescript-eslint/naming-convention */ export const PermissionsStruct = type({
-    'endowment:long-running': optional(object({})),
     'endowment:network-access': optional(object({})),
     'endowment:webassembly': optional(object({})),
     'endowment:transaction-insight': optional(object({
@@ -85,6 +84,7 @@ export const ChainIdsStruct = array(ChainIdStruct);
     })),
     'endowment:rpc': optional(RpcOriginsStruct),
     'endowment:name-lookup': optional(ChainIdsStruct),
+    'endowment:keyring': optional(KeyringOriginsStruct),
     snap_dialog: optional(object({})),
     // TODO: Remove
     snap_confirm: optional(object({})),

package/dist/esm/manifest/validation.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/manifest/validation.ts"],"sourcesContent":["import { isValidBIP32PathSegment } from '@metamask/key-tree';\nimport {\n  assertStruct,\n  ChecksumStruct,\n  VersionStruct,\n  isValidSemVerRange,\n} from '@metamask/utils';\nimport type { Infer, Struct } from 'superstruct';\nimport {\n  array,\n  boolean,\n  create,\n  enums,\n  integer,\n  is,\n  literal,\n  object,\n  optional,\n  pattern,\n  refine,\n  record,\n  size,\n  string,\n  type,\n  union,\n} from 'superstruct';\n\nimport { isEqual } from '../array';\nimport { CronjobSpecificationArrayStruct } from '../cronjob';\nimport { SIP_6_MAGIC_VALUE, STATE_ENCRYPTION_MAGIC_VALUE } from '../entropy';\nimport { RpcOriginsStruct } from '../json-rpc';\nimport { ChainIdStruct } from '../namespace';\nimport { SnapIdStruct } from '../snaps';\nimport { NameStruct, NpmSnapFileNames } from '../types';\n\n// BIP-43 purposes that cannot be used for entropy derivation. These are in the\n// string form, ending with `'`.\nconst FORBIDDEN_PURPOSES: string[] = [\n  SIP_6_MAGIC_VALUE,\n  STATE_ENCRYPTION_MAGIC_VALUE,\n];\n\nexport const FORBIDDEN_COIN_TYPES: number[] = [60];\nconst FORBIDDEN_PATHS: string[][] = FORBIDDEN_COIN_TYPES.map((coinType) => [\n  'm',\n  \"44'\",\n  `${coinType}'`,\n]);\n\nexport const Bip32PathStruct = refine(\n  array(string()),\n  'BIP-32 path',\n  (path: string[]) => {\n    if (path.length === 0) {\n      return 'Path must be a non-empty BIP-32 derivation path array';\n    }\n\n    if (path[0] !== 'm') {\n      return 'Path must start with \"m\".';\n    }\n\n    if (path.length < 3) {\n      return 'Paths must have a length of at least three.';\n    }\n\n    if (path.slice(1).some((part) => !isValidBIP32PathSegment(part))) {\n      return 'Path must be a valid BIP-32 derivation path array.';\n    }\n\n    if (FORBIDDEN_PURPOSES.includes(path[1])) {\n      return `The purpose \"${path[1]}\" is not allowed for entropy derivation.`;\n    }\n\n    if (\n      FORBIDDEN_PATHS.some((forbiddenPath) =>\n        isEqual(path.slice(0, forbiddenPath.length), forbiddenPath),\n      )\n    ) {\n      return `The path \"${path.join(\n        '/',\n      )}\" is not allowed for entropy derivation.`;\n    }\n\n    return true;\n  },\n);\n\nexport const bip32entropy = <\n  Type extends { path: string[]; curve: string },\n  Schema,\n>(\n  struct: Struct<Type, Schema>,\n) =>\n  refine(struct, 'BIP-32 entropy', (value) => {\n    if (\n      value.curve === 'ed25519' &&\n      value.path.slice(1).some((part) => !part.endsWith(\"'\"))\n    ) {\n      return 'Ed25519 does not support unhardened paths.';\n    }\n\n    return true;\n  });\n\n// Used outside @metamask/snap-utils\nexport const Bip32EntropyStruct = bip32entropy(\n  type({\n    path: Bip32PathStruct,\n    curve: enums(['ed25519', 'secp256k1']),\n  }),\n);\n\nexport type Bip32Entropy = Infer<typeof Bip32EntropyStruct>;\n\nexport const SnapGetBip32EntropyPermissionsStruct = size(\n  array(Bip32EntropyStruct),\n  1,\n  Infinity,\n);\n\nexport const SemVerRangeStruct = refine(string(), 'SemVer range', (value) => {\n  if (isValidSemVerRange(value)) {\n    return true;\n  }\n  return 'Expected a valid SemVer range.';\n});\n\nexport const SnapIdsStruct = refine(\n  record(SnapIdStruct, object({ version: optional(SemVerRangeStruct) })),\n  'SnapIds',\n  (value) => {\n    if (Object.keys(value).length === 0) {\n      return false;\n    }\n\n    return true;\n  },\n);\n\nexport type SnapIds = Infer<typeof SnapIdsStruct>;\n\nexport const ChainIdsStruct = array(ChainIdStruct);\n\n/* eslint-disable @typescript-eslint/naming-convention */\nexport const PermissionsStruct = type({\n  'endowment:long-running': optional(object({})),\n  'endowment:network-access': optional(object({})),\n  'endowment:webassembly': optional(object({})),\n  'endowment:transaction-insight': optional(\n    object({\n      allowTransactionOrigin: optional(boolean()),\n    }),\n  ),\n  'endowment:cronjob': optional(\n    object({ jobs: CronjobSpecificationArrayStruct }),\n  ),\n  'endowment:rpc': optional(RpcOriginsStruct),\n  'endowment:name-lookup': optional(ChainIdsStruct),\n  snap_dialog: optional(object({})),\n  // TODO: Remove\n  snap_confirm: optional(object({})),\n  snap_manageState: optional(object({})),\n  snap_manageAccounts: optional(object({})),\n  snap_notify: optional(object({})),\n  snap_getBip32Entropy: optional(SnapGetBip32EntropyPermissionsStruct),\n  snap_getBip32PublicKey: optional(SnapGetBip32EntropyPermissionsStruct),\n  snap_getBip44Entropy: optional(\n    size(\n      array(object({ coinType: size(integer(), 0, 2 ** 32 - 1) })),\n      1,\n      Infinity,\n    ),\n  ),\n  snap_getEntropy: optional(object({})),\n  wallet_snap: optional(SnapIdsStruct),\n});\n/* eslint-enable @typescript-eslint/naming-convention */\n\nexport type SnapPermissions = Infer<typeof PermissionsStruct>;\n\nexport const SnapManifestStruct = object({\n  version: VersionStruct,\n  description: size(string(), 1, 280),\n  proposedName: size(\n    pattern(\n      string(),\n      /^(?:[A-Za-z0-9-_]+( [A-Za-z0-9-_]+)*)|(?:(?:@[A-Za-z0-9-*~][A-Za-z0-9-*._~]*\\/)?[A-Za-z0-9-~][A-Za-z0-9-._~]*)$/u,\n    ),\n    1,\n    214,\n  ),\n  repository: optional(\n    object({\n      type: size(string(), 1, Infinity),\n      url: size(string(), 1, Infinity),\n    }),\n  ),\n  source: object({\n    shasum: ChecksumStruct,\n    location: object({\n      npm: object({\n        filePath: size(string(), 1, Infinity),\n        iconPath: optional(size(string(), 1, Infinity)),\n        packageName: NameStruct,\n        registry: union([\n          literal('https://registry.npmjs.org'),\n          literal('https://registry.npmjs.org/'),\n        ]),\n      }),\n    }),\n  }),\n  initialPermissions: PermissionsStruct,\n  manifestVersion: literal('0.1'),\n  $schema: optional(string()), // enables JSON-Schema linting in VSC and other IDEs\n});\n\nexport type SnapManifest = Infer<typeof SnapManifestStruct>;\n\n/**\n * Check if the given value is a valid {@link SnapManifest} object.\n *\n * @param value - The value to check.\n * @returns Whether the value is a valid {@link SnapManifest} object.\n */\nexport function isSnapManifest(value: unknown): value is SnapManifest {\n  return is(value, SnapManifestStruct);\n}\n\n/**\n * Assert that the given value is a valid {@link SnapManifest} object.\n *\n * @param value - The value to check.\n * @throws If the value is not a valid {@link SnapManifest} object.\n */\nexport function assertIsSnapManifest(\n  value: unknown,\n): asserts value is SnapManifest {\n  assertStruct(\n    value,\n    SnapManifestStruct,\n    `\"${NpmSnapFileNames.Manifest}\" is invalid`,\n  );\n}\n\n/**\n * Creates a {@link SnapManifest} object from JSON.\n *\n * @param value - The value to check.\n * @throws If the value cannot be coerced to a {@link SnapManifest} object.\n * @returns The created {@link SnapManifest} object.\n */\nexport function createSnapManifest(value: unknown): SnapManifest {\n  // TODO: Add a utility to prefix these errors similar to assertStruct\n  return create(value, SnapManifestStruct);\n}\n"],"names":["isValidBIP32PathSegment","assertStruct","ChecksumStruct","VersionStruct","isValidSemVerRange","array","boolean","create","enums","integer","is","literal","object","optional","pattern","refine","record","size","string","type","union","isEqual","CronjobSpecificationArrayStruct","SIP_6_MAGIC_VALUE","STATE_ENCRYPTION_MAGIC_VALUE","RpcOriginsStruct","ChainIdStruct","SnapIdStruct","NameStruct","NpmSnapFileNames","FORBIDDEN_PURPOSES","FORBIDDEN_COIN_TYPES","FORBIDDEN_PATHS","map","coinType","Bip32PathStruct","path","length","slice","some","part","includes","forbiddenPath","join","bip32entropy","struct","value","curve","endsWith","Bip32EntropyStruct","SnapGetBip32EntropyPermissionsStruct","Infinity","SemVerRangeStruct","SnapIdsStruct","version","Object","keys","ChainIdsStruct","PermissionsStruct","allowTransactionOrigin","jobs","snap_dialog","snap_confirm","snap_manageState","snap_manageAccounts","snap_notify","snap_getBip32Entropy","snap_getBip32PublicKey","snap_getBip44Entropy","snap_getEntropy","wallet_snap","SnapManifestStruct","description","proposedName","repository","url","source","shasum","location","npm","filePath","iconPath","packageName","registry","initialPermissions","manifestVersion","$schema","isSnapManifest","assertIsSnapManifest","Manifest","createSnapManifest"],"mappings":"AAAA,SAASA,uBAAuB,QAAQ,qBAAqB;AAC7D,SACEC,YAAY,EACZC,cAAc,EACdC,aAAa,EACbC,kBAAkB,QACb,kBAAkB;AAEzB,SACEC,KAAK,EACLC,OAAO,EACPC,MAAM,EACNC,KAAK,EACLC,OAAO,EACPC,EAAE,EACFC,OAAO,EACPC,MAAM,EACNC,QAAQ,EACRC,OAAO,EACPC,MAAM,EACNC,MAAM,EACNC,IAAI,EACJC,MAAM,EACNC,IAAI,EACJC,KAAK,QACA,cAAc;AAErB,SAASC,OAAO,QAAQ,WAAW;AACnC,SAASC,+BAA+B,QAAQ,aAAa;AAC7D,SAASC,iBAAiB,EAAEC,4BAA4B,QAAQ,aAAa;AAC7E,SAASC,gBAAgB,QAAQ,cAAc;AAC/C,SAASC,aAAa,QAAQ,eAAe;AAC7C,SAASC,YAAY,QAAQ,WAAW;AACxC,SAASC,UAAU,EAAEC,gBAAgB,QAAQ,WAAW;AAExD,+EAA+E;AAC/E,gCAAgC;AAChC,MAAMC,qBAA+B;IACnCP;IACAC;CACD;AAED,OAAO,MAAMO,uBAAiC;IAAC;CAAG,CAAC;AACnD,MAAMC,kBAA8BD,qBAAqBE,GAAG,CAAC,CAACC,WAAa;QACzE;QACA;QACA,CAAC,EAAEA,SAAS,CAAC,CAAC;KACf;AAED,OAAO,MAAMC,kBAAkBpB,OAC7BV,MAAMa,WACN,eACA,CAACkB;IACC,IAAIA,KAAKC,MAAM,KAAK,GAAG;QACrB,OAAO;IACT;IAEA,IAAID,IAAI,CAAC,EAAE,KAAK,KAAK;QACnB,OAAO;IACT;IAEA,IAAIA,KAAKC,MAAM,GAAG,GAAG;QACnB,OAAO;IACT;IAEA,IAAID,KAAKE,KAAK,CAAC,GAAGC,IAAI,CAAC,CAACC,OAAS,CAACxC,wBAAwBwC,QAAQ;QAChE,OAAO;IACT;IAEA,IAAIV,mBAAmBW,QAAQ,CAACL,IAAI,CAAC,EAAE,GAAG;QACxC,OAAO,CAAC,aAAa,EAAEA,IAAI,CAAC,EAAE,CAAC,wCAAwC,CAAC;IAC1E;IAEA,IACEJ,gBAAgBO,IAAI,CAAC,CAACG,gBACpBrB,QAAQe,KAAKE,KAAK,CAAC,GAAGI,cAAcL,MAAM,GAAGK,iBAE/C;QACA,OAAO,CAAC,UAAU,EAAEN,KAAKO,IAAI,CAC3B,KACA,wCAAwC,CAAC;IAC7C;IAEA,OAAO;AACT,GACA;AAEF,OAAO,MAAMC,eAAe,CAI1BC,SAEA9B,OAAO8B,QAAQ,kBAAkB,CAACC;QAChC,IACEA,MAAMC,KAAK,KAAK,aAChBD,MAAMV,IAAI,CAACE,KAAK,CAAC,GAAGC,IAAI,CAAC,CAACC,OAAS,CAACA,KAAKQ,QAAQ,CAAC,OAClD;YACA,OAAO;QACT;QAEA,OAAO;IACT,GAAG;AAEL,oCAAoC;AACpC,OAAO,MAAMC,qBAAqBL,aAChCzB,KAAK;IACHiB,MAAMD;IACNY,OAAOvC,MAAM;QAAC;QAAW;KAAY;AACvC,IACA;AAIF,OAAO,MAAM0C,uCAAuCjC,KAClDZ,MAAM4C,qBACN,GACAE,UACA;AAEF,OAAO,MAAMC,oBAAoBrC,OAAOG,UAAU,gBAAgB,CAAC4B;IACjE,IAAI1C,mBAAmB0C,QAAQ;QAC7B,OAAO;IACT;IACA,OAAO;AACT,GAAG;AAEH,OAAO,MAAMO,gBAAgBtC,OAC3BC,OAAOW,cAAcf,OAAO;IAAE0C,SAASzC,SAASuC;AAAmB,KACnE,WACA,CAACN;IACC,IAAIS,OAAOC,IAAI,CAACV,OAAOT,MAAM,KAAK,GAAG;QACnC,OAAO;IACT;IAEA,OAAO;AACT,GACA;AAIF,OAAO,MAAMoB,iBAAiBpD,MAAMqB,eAAe;AAEnD,uDAAuD,GACvD,OAAO,MAAMgC,oBAAoBvC,KAAK;IACpC,0BAA0BN,SAASD,OAAO,CAAC;IAC3C,4BAA4BC,SAASD,OAAO,CAAC;IAC7C,yBAAyBC,SAASD,OAAO,CAAC;IAC1C,iCAAiCC,SAC/BD,OAAO;QACL+C,wBAAwB9C,SAASP;IACnC;IAEF,qBAAqBO,SACnBD,OAAO;QAAEgD,MAAMtC;IAAgC;IAEjD,iBAAiBT,SAASY;IAC1B,yBAAyBZ,SAAS4C;IAClCI,aAAahD,SAASD,OAAO,CAAC;IAC9B,eAAe;IACfkD,cAAcjD,SAASD,OAAO,CAAC;IAC/BmD,kBAAkBlD,SAASD,OAAO,CAAC;IACnCoD,qBAAqBnD,SAASD,OAAO,CAAC;IACtCqD,aAAapD,SAASD,OAAO,CAAC;IAC9BsD,sBAAsBrD,SAASqC;IAC/BiB,wBAAwBtD,SAASqC;IACjCkB,sBAAsBvD,SACpBI,KACEZ,MAAMO,OAAO;QAAEsB,UAAUjB,KAAKR,WAAW,GAAG,KAAK,KAAK;IAAG,KACzD,GACA0C;IAGJkB,iBAAiBxD,SAASD,OAAO,CAAC;IAClC0D,aAAazD,SAASwC;AACxB,GAAG;AAKH,OAAO,MAAMkB,qBAAqB3D,OAAO;IACvC0C,SAASnD;IACTqE,aAAavD,KAAKC,UAAU,GAAG;IAC/BuD,cAAcxD,KACZH,QACEI,UACA,qHAEF,GACA;IAEFwD,YAAY7D,SACVD,OAAO;QACLO,MAAMF,KAAKC,UAAU,GAAGiC;QACxBwB,KAAK1D,KAAKC,UAAU,GAAGiC;IACzB;IAEFyB,QAAQhE,OAAO;QACbiE,QAAQ3E;QACR4E,UAAUlE,OAAO;YACfmE,KAAKnE,OAAO;gBACVoE,UAAU/D,KAAKC,UAAU,GAAGiC;gBAC5B8B,UAAUpE,SAASI,KAAKC,UAAU,GAAGiC;gBACrC+B,aAAatD;gBACbuD,UAAU/D,MAAM;oBACdT,QAAQ;oBACRA,QAAQ;iBACT;YACH;QACF;IACF;IACAyE,oBAAoB1B;IACpB2B,iBAAiB1E,QAAQ;IACzB2E,SAASzE,SAASK;AACpB,GAAG;AAIH;;;;;CAKC,GACD,OAAO,SAASqE,eAAezC,KAAc;IAC3C,OAAOpC,GAAGoC,OAAOyB;AACnB;AAEA;;;;;CAKC,GACD,OAAO,SAASiB,qBACd1C,KAAc;IAEd7C,aACE6C,OACAyB,oBACA,CAAC,CAAC,EAAE1C,iBAAiB4D,QAAQ,CAAC,YAAY,CAAC;AAE/C;AAEA;;;;;;CAMC,GACD,OAAO,SAASC,mBAAmB5C,KAAc;IAC/C,qEAAqE;IACrE,OAAOvC,OAAOuC,OAAOyB;AACvB"}
+{"version":3,"sources":["../../../src/manifest/validation.ts"],"sourcesContent":["import { isValidBIP32PathSegment } from '@metamask/key-tree';\nimport {\n  assertStruct,\n  ChecksumStruct,\n  VersionStruct,\n  isValidSemVerRange,\n} from '@metamask/utils';\nimport type { Infer, Struct } from 'superstruct';\nimport {\n  array,\n  boolean,\n  create,\n  enums,\n  integer,\n  is,\n  literal,\n  object,\n  optional,\n  pattern,\n  refine,\n  record,\n  size,\n  string,\n  type,\n  union,\n} from 'superstruct';\n\nimport { isEqual } from '../array';\nimport { CronjobSpecificationArrayStruct } from '../cronjob';\nimport { SIP_6_MAGIC_VALUE, STATE_ENCRYPTION_MAGIC_VALUE } from '../entropy';\nimport { KeyringOriginsStruct, RpcOriginsStruct } from '../json-rpc';\nimport { ChainIdStruct } from '../namespace';\nimport { SnapIdStruct } from '../snaps';\nimport { NameStruct, NpmSnapFileNames } from '../types';\n\n// BIP-43 purposes that cannot be used for entropy derivation. These are in the\n// string form, ending with `'`.\nconst FORBIDDEN_PURPOSES: string[] = [\n  SIP_6_MAGIC_VALUE,\n  STATE_ENCRYPTION_MAGIC_VALUE,\n];\n\nexport const FORBIDDEN_COIN_TYPES: number[] = [60];\nconst FORBIDDEN_PATHS: string[][] = FORBIDDEN_COIN_TYPES.map((coinType) => [\n  'm',\n  \"44'\",\n  `${coinType}'`,\n]);\n\nexport const Bip32PathStruct = refine(\n  array(string()),\n  'BIP-32 path',\n  (path: string[]) => {\n    if (path.length === 0) {\n      return 'Path must be a non-empty BIP-32 derivation path array';\n    }\n\n    if (path[0] !== 'm') {\n      return 'Path must start with \"m\".';\n    }\n\n    if (path.length < 3) {\n      return 'Paths must have a length of at least three.';\n    }\n\n    if (path.slice(1).some((part) => !isValidBIP32PathSegment(part))) {\n      return 'Path must be a valid BIP-32 derivation path array.';\n    }\n\n    if (FORBIDDEN_PURPOSES.includes(path[1])) {\n      return `The purpose \"${path[1]}\" is not allowed for entropy derivation.`;\n    }\n\n    if (\n      FORBIDDEN_PATHS.some((forbiddenPath) =>\n        isEqual(path.slice(0, forbiddenPath.length), forbiddenPath),\n      )\n    ) {\n      return `The path \"${path.join(\n        '/',\n      )}\" is not allowed for entropy derivation.`;\n    }\n\n    return true;\n  },\n);\n\nexport const bip32entropy = <\n  Type extends { path: string[]; curve: string },\n  Schema,\n>(\n  struct: Struct<Type, Schema>,\n) =>\n  refine(struct, 'BIP-32 entropy', (value) => {\n    if (\n      value.curve === 'ed25519' &&\n      value.path.slice(1).some((part) => !part.endsWith(\"'\"))\n    ) {\n      return 'Ed25519 does not support unhardened paths.';\n    }\n\n    return true;\n  });\n\n// Used outside @metamask/snap-utils\nexport const Bip32EntropyStruct = bip32entropy(\n  type({\n    path: Bip32PathStruct,\n    curve: enums(['ed25519', 'secp256k1']),\n  }),\n);\n\nexport type Bip32Entropy = Infer<typeof Bip32EntropyStruct>;\n\nexport const SnapGetBip32EntropyPermissionsStruct = size(\n  array(Bip32EntropyStruct),\n  1,\n  Infinity,\n);\n\nexport const SemVerRangeStruct = refine(string(), 'SemVer range', (value) => {\n  if (isValidSemVerRange(value)) {\n    return true;\n  }\n  return 'Expected a valid SemVer range.';\n});\n\nexport const SnapIdsStruct = refine(\n  record(SnapIdStruct, object({ version: optional(SemVerRangeStruct) })),\n  'SnapIds',\n  (value) => {\n    if (Object.keys(value).length === 0) {\n      return false;\n    }\n\n    return true;\n  },\n);\n\nexport type SnapIds = Infer<typeof SnapIdsStruct>;\n\nexport const ChainIdsStruct = array(ChainIdStruct);\n\n/* eslint-disable @typescript-eslint/naming-convention */\nexport const PermissionsStruct = type({\n  'endowment:network-access': optional(object({})),\n  'endowment:webassembly': optional(object({})),\n  'endowment:transaction-insight': optional(\n    object({\n      allowTransactionOrigin: optional(boolean()),\n    }),\n  ),\n  'endowment:cronjob': optional(\n    object({ jobs: CronjobSpecificationArrayStruct }),\n  ),\n  'endowment:rpc': optional(RpcOriginsStruct),\n  'endowment:name-lookup': optional(ChainIdsStruct),\n  'endowment:keyring': optional(KeyringOriginsStruct),\n  snap_dialog: optional(object({})),\n  // TODO: Remove\n  snap_confirm: optional(object({})),\n  snap_manageState: optional(object({})),\n  snap_manageAccounts: optional(object({})),\n  snap_notify: optional(object({})),\n  snap_getBip32Entropy: optional(SnapGetBip32EntropyPermissionsStruct),\n  snap_getBip32PublicKey: optional(SnapGetBip32EntropyPermissionsStruct),\n  snap_getBip44Entropy: optional(\n    size(\n      array(object({ coinType: size(integer(), 0, 2 ** 32 - 1) })),\n      1,\n      Infinity,\n    ),\n  ),\n  snap_getEntropy: optional(object({})),\n  wallet_snap: optional(SnapIdsStruct),\n});\n/* eslint-enable @typescript-eslint/naming-convention */\n\nexport type SnapPermissions = Infer<typeof PermissionsStruct>;\n\nexport const SnapManifestStruct = object({\n  version: VersionStruct,\n  description: size(string(), 1, 280),\n  proposedName: size(\n    pattern(\n      string(),\n      /^(?:[A-Za-z0-9-_]+( [A-Za-z0-9-_]+)*)|(?:(?:@[A-Za-z0-9-*~][A-Za-z0-9-*._~]*\\/)?[A-Za-z0-9-~][A-Za-z0-9-._~]*)$/u,\n    ),\n    1,\n    214,\n  ),\n  repository: optional(\n    object({\n      type: size(string(), 1, Infinity),\n      url: size(string(), 1, Infinity),\n    }),\n  ),\n  source: object({\n    shasum: ChecksumStruct,\n    location: object({\n      npm: object({\n        filePath: size(string(), 1, Infinity),\n        iconPath: optional(size(string(), 1, Infinity)),\n        packageName: NameStruct,\n        registry: union([\n          literal('https://registry.npmjs.org'),\n          literal('https://registry.npmjs.org/'),\n        ]),\n      }),\n    }),\n  }),\n  initialPermissions: PermissionsStruct,\n  manifestVersion: literal('0.1'),\n  $schema: optional(string()), // enables JSON-Schema linting in VSC and other IDEs\n});\n\nexport type SnapManifest = Infer<typeof SnapManifestStruct>;\n\n/**\n * Check if the given value is a valid {@link SnapManifest} object.\n *\n * @param value - The value to check.\n * @returns Whether the value is a valid {@link SnapManifest} object.\n */\nexport function isSnapManifest(value: unknown): value is SnapManifest {\n  return is(value, SnapManifestStruct);\n}\n\n/**\n * Assert that the given value is a valid {@link SnapManifest} object.\n *\n * @param value - The value to check.\n * @throws If the value is not a valid {@link SnapManifest} object.\n */\nexport function assertIsSnapManifest(\n  value: unknown,\n): asserts value is SnapManifest {\n  assertStruct(\n    value,\n    SnapManifestStruct,\n    `\"${NpmSnapFileNames.Manifest}\" is invalid`,\n  );\n}\n\n/**\n * Creates a {@link SnapManifest} object from JSON.\n *\n * @param value - The value to check.\n * @throws If the value cannot be coerced to a {@link SnapManifest} object.\n * @returns The created {@link SnapManifest} object.\n */\nexport function createSnapManifest(value: unknown): SnapManifest {\n  // TODO: Add a utility to prefix these errors similar to assertStruct\n  return create(value, SnapManifestStruct);\n}\n"],"names":["isValidBIP32PathSegment","assertStruct","ChecksumStruct","VersionStruct","isValidSemVerRange","array","boolean","create","enums","integer","is","literal","object","optional","pattern","refine","record","size","string","type","union","isEqual","CronjobSpecificationArrayStruct","SIP_6_MAGIC_VALUE","STATE_ENCRYPTION_MAGIC_VALUE","KeyringOriginsStruct","RpcOriginsStruct","ChainIdStruct","SnapIdStruct","NameStruct","NpmSnapFileNames","FORBIDDEN_PURPOSES","FORBIDDEN_COIN_TYPES","FORBIDDEN_PATHS","map","coinType","Bip32PathStruct","path","length","slice","some","part","includes","forbiddenPath","join","bip32entropy","struct","value","curve","endsWith","Bip32EntropyStruct","SnapGetBip32EntropyPermissionsStruct","Infinity","SemVerRangeStruct","SnapIdsStruct","version","Object","keys","ChainIdsStruct","PermissionsStruct","allowTransactionOrigin","jobs","snap_dialog","snap_confirm","snap_manageState","snap_manageAccounts","snap_notify","snap_getBip32Entropy","snap_getBip32PublicKey","snap_getBip44Entropy","snap_getEntropy","wallet_snap","SnapManifestStruct","description","proposedName","repository","url","source","shasum","location","npm","filePath","iconPath","packageName","registry","initialPermissions","manifestVersion","$schema","isSnapManifest","assertIsSnapManifest","Manifest","createSnapManifest"],"mappings":"AAAA,SAASA,uBAAuB,QAAQ,qBAAqB;AAC7D,SACEC,YAAY,EACZC,cAAc,EACdC,aAAa,EACbC,kBAAkB,QACb,kBAAkB;AAEzB,SACEC,KAAK,EACLC,OAAO,EACPC,MAAM,EACNC,KAAK,EACLC,OAAO,EACPC,EAAE,EACFC,OAAO,EACPC,MAAM,EACNC,QAAQ,EACRC,OAAO,EACPC,MAAM,EACNC,MAAM,EACNC,IAAI,EACJC,MAAM,EACNC,IAAI,EACJC,KAAK,QACA,cAAc;AAErB,SAASC,OAAO,QAAQ,WAAW;AACnC,SAASC,+BAA+B,QAAQ,aAAa;AAC7D,SAASC,iBAAiB,EAAEC,4BAA4B,QAAQ,aAAa;AAC7E,SAASC,oBAAoB,EAAEC,gBAAgB,QAAQ,cAAc;AACrE,SAASC,aAAa,QAAQ,eAAe;AAC7C,SAASC,YAAY,QAAQ,WAAW;AACxC,SAASC,UAAU,EAAEC,gBAAgB,QAAQ,WAAW;AAExD,+EAA+E;AAC/E,gCAAgC;AAChC,MAAMC,qBAA+B;IACnCR;IACAC;CACD;AAED,OAAO,MAAMQ,uBAAiC;IAAC;CAAG,CAAC;AACnD,MAAMC,kBAA8BD,qBAAqBE,GAAG,CAAC,CAACC,WAAa;QACzE;QACA;QACA,CAAC,EAAEA,SAAS,CAAC,CAAC;KACf;AAED,OAAO,MAAMC,kBAAkBrB,OAC7BV,MAAMa,WACN,eACA,CAACmB;IACC,IAAIA,KAAKC,MAAM,KAAK,GAAG;QACrB,OAAO;IACT;IAEA,IAAID,IAAI,CAAC,EAAE,KAAK,KAAK;QACnB,OAAO;IACT;IAEA,IAAIA,KAAKC,MAAM,GAAG,GAAG;QACnB,OAAO;IACT;IAEA,IAAID,KAAKE,KAAK,CAAC,GAAGC,IAAI,CAAC,CAACC,OAAS,CAACzC,wBAAwByC,QAAQ;QAChE,OAAO;IACT;IAEA,IAAIV,mBAAmBW,QAAQ,CAACL,IAAI,CAAC,EAAE,GAAG;QACxC,OAAO,CAAC,aAAa,EAAEA,IAAI,CAAC,EAAE,CAAC,wCAAwC,CAAC;IAC1E;IAEA,IACEJ,gBAAgBO,IAAI,CAAC,CAACG,gBACpBtB,QAAQgB,KAAKE,KAAK,CAAC,GAAGI,cAAcL,MAAM,GAAGK,iBAE/C;QACA,OAAO,CAAC,UAAU,EAAEN,KAAKO,IAAI,CAC3B,KACA,wCAAwC,CAAC;IAC7C;IAEA,OAAO;AACT,GACA;AAEF,OAAO,MAAMC,eAAe,CAI1BC,SAEA/B,OAAO+B,QAAQ,kBAAkB,CAACC;QAChC,IACEA,MAAMC,KAAK,KAAK,aAChBD,MAAMV,IAAI,CAACE,KAAK,CAAC,GAAGC,IAAI,CAAC,CAACC,OAAS,CAACA,KAAKQ,QAAQ,CAAC,OAClD;YACA,OAAO;QACT;QAEA,OAAO;IACT,GAAG;AAEL,oCAAoC;AACpC,OAAO,MAAMC,qBAAqBL,aAChC1B,KAAK;IACHkB,MAAMD;IACNY,OAAOxC,MAAM;QAAC;QAAW;KAAY;AACvC,IACA;AAIF,OAAO,MAAM2C,uCAAuClC,KAClDZ,MAAM6C,qBACN,GACAE,UACA;AAEF,OAAO,MAAMC,oBAAoBtC,OAAOG,UAAU,gBAAgB,CAAC6B;IACjE,IAAI3C,mBAAmB2C,QAAQ;QAC7B,OAAO;IACT;IACA,OAAO;AACT,GAAG;AAEH,OAAO,MAAMO,gBAAgBvC,OAC3BC,OAAOY,cAAchB,OAAO;IAAE2C,SAAS1C,SAASwC;AAAmB,KACnE,WACA,CAACN;IACC,IAAIS,OAAOC,IAAI,CAACV,OAAOT,MAAM,KAAK,GAAG;QACnC,OAAO;IACT;IAEA,OAAO;AACT,GACA;AAIF,OAAO,MAAMoB,iBAAiBrD,MAAMsB,eAAe;AAEnD,uDAAuD,GACvD,OAAO,MAAMgC,oBAAoBxC,KAAK;IACpC,4BAA4BN,SAASD,OAAO,CAAC;IAC7C,yBAAyBC,SAASD,OAAO,CAAC;IAC1C,iCAAiCC,SAC/BD,OAAO;QACLgD,wBAAwB/C,SAASP;IACnC;IAEF,qBAAqBO,SACnBD,OAAO;QAAEiD,MAAMvC;IAAgC;IAEjD,iBAAiBT,SAASa;IAC1B,yBAAyBb,SAAS6C;IAClC,qBAAqB7C,SAASY;IAC9BqC,aAAajD,SAASD,OAAO,CAAC;IAC9B,eAAe;IACfmD,cAAclD,SAASD,OAAO,CAAC;IAC/BoD,kBAAkBnD,SAASD,OAAO,CAAC;IACnCqD,qBAAqBpD,SAASD,OAAO,CAAC;IACtCsD,aAAarD,SAASD,OAAO,CAAC;IAC9BuD,sBAAsBtD,SAASsC;IAC/BiB,wBAAwBvD,SAASsC;IACjCkB,sBAAsBxD,SACpBI,KACEZ,MAAMO,OAAO;QAAEuB,UAAUlB,KAAKR,WAAW,GAAG,KAAK,KAAK;IAAG,KACzD,GACA2C;IAGJkB,iBAAiBzD,SAASD,OAAO,CAAC;IAClC2D,aAAa1D,SAASyC;AACxB,GAAG;AAKH,OAAO,MAAMkB,qBAAqB5D,OAAO;IACvC2C,SAASpD;IACTsE,aAAaxD,KAAKC,UAAU,GAAG;IAC/BwD,cAAczD,KACZH,QACEI,UACA,qHAEF,GACA;IAEFyD,YAAY9D,SACVD,OAAO;QACLO,MAAMF,KAAKC,UAAU,GAAGkC;QACxBwB,KAAK3D,KAAKC,UAAU,GAAGkC;IACzB;IAEFyB,QAAQjE,OAAO;QACbkE,QAAQ5E;QACR6E,UAAUnE,OAAO;YACfoE,KAAKpE,OAAO;gBACVqE,UAAUhE,KAAKC,UAAU,GAAGkC;gBAC5B8B,UAAUrE,SAASI,KAAKC,UAAU,GAAGkC;gBACrC+B,aAAatD;gBACbuD,UAAUhE,MAAM;oBACdT,QAAQ;oBACRA,QAAQ;iBACT;YACH;QACF;IACF;IACA0E,oBAAoB1B;IACpB2B,iBAAiB3E,QAAQ;IACzB4E,SAAS1E,SAASK;AACpB,GAAG;AAIH;;;;;CAKC,GACD,OAAO,SAASsE,eAAezC,KAAc;IAC3C,OAAOrC,GAAGqC,OAAOyB;AACnB;AAEA;;;;;CAKC,GACD,OAAO,SAASiB,qBACd1C,KAAc;IAEd9C,aACE8C,OACAyB,oBACA,CAAC,CAAC,EAAE1C,iBAAiB4D,QAAQ,CAAC,YAAY,CAAC;AAE/C;AAEA;;;;;;CAMC,GACD,OAAO,SAASC,mBAAmB5C,KAAc;IAC/C,qEAAqE;IACrE,OAAOxC,OAAOwC,OAAOyB;AACvB"}

package/dist/esm/virtual-file/toVirtualFile.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/virtual-file/toVirtualFile.ts"],"sourcesContent":["import { promises as fsPromises } from 'fs';\n\nimport { VirtualFile } from './VirtualFile';\n\n/**\n * Reads a file from filesystem and creates a vfile.\n *\n * @param path - Filesystem path to load the contents from.\n * @param encoding - Optional encoding to pass down to fs.readFile.\n * @returns Promise returning VFile with loaded file contents.\n */\nexport async function readVirtualFile(\n  path: string,\n  encoding: BufferEncoding | null = null,\n) {\n  return new VirtualFile({\n    path,\n    value: await fsPromises.readFile(path, { encoding }),\n  });\n}\n\ntype WriteVFileOptions = Exclude<\n  Parameters<typeof fsPromises['writeFile']>[2],\n  undefined\n>;\n\n/**\n * Writes vfile to filesystem.\n *\n * @param vfile - The vfile to write.\n * @param options - Options to pass down to fs.writeFile.\n */\nexport async function writeVirtualFile(\n  vfile: VirtualFile,\n  options?: WriteVFileOptions,\n) {\n  return fsPromises.writeFile(vfile.path, vfile.value, options);\n}\n"],"names":["promises","fsPromises","VirtualFile","readVirtualFile","path","encoding","value","readFile","writeVirtualFile","vfile","options","writeFile"],"mappings":"AAAA,SAASA,YAAYC,UAAU,QAAQ,KAAK;AAE5C,SAASC,WAAW,QAAQ,gBAAgB;AAE5C;;;;;;CAMC,GACD,OAAO,eAAeC,gBACpBC,IAAY,EACZC,WAAkC,IAAI;IAEtC,OAAO,IAAIH,YAAY;QACrBE;QACAE,OAAO,MAAML,WAAWM,QAAQ,CAACH,MAAM;YAAEC;QAAS;IACpD;AACF;AAOA;;;;;CAKC,GACD,OAAO,eAAeG,iBACpBC,KAAkB,EAClBC,OAA2B;IAE3B,OAAOT,WAAWU,SAAS,CAACF,MAAML,IAAI,EAAEK,MAAMH,KAAK,EAAEI;AACvD"}
+{"version":3,"sources":["../../../src/virtual-file/toVirtualFile.ts"],"sourcesContent":["import { promises as fsPromises } from 'fs';\n\nimport { VirtualFile } from './VirtualFile';\n\n/**\n * Reads a file from filesystem and creates a vfile.\n *\n * @param path - Filesystem path to load the contents from.\n * @param encoding - Optional encoding to pass down to fs.readFile.\n * @returns Promise returning VFile with loaded file contents.\n */\nexport async function readVirtualFile(\n  path: string,\n  encoding: BufferEncoding | null = null,\n) {\n  return new VirtualFile({\n    path,\n    value: await fsPromises.readFile(path, { encoding }),\n  });\n}\n\ntype WriteVFileOptions = Exclude<\n  Parameters<(typeof fsPromises)['writeFile']>[2],\n  undefined\n>;\n\n/**\n * Writes vfile to filesystem.\n *\n * @param vfile - The vfile to write.\n * @param options - Options to pass down to fs.writeFile.\n */\nexport async function writeVirtualFile(\n  vfile: VirtualFile,\n  options?: WriteVFileOptions,\n) {\n  return fsPromises.writeFile(vfile.path, vfile.value, options);\n}\n"],"names":["promises","fsPromises","VirtualFile","readVirtualFile","path","encoding","value","readFile","writeVirtualFile","vfile","options","writeFile"],"mappings":"AAAA,SAASA,YAAYC,UAAU,QAAQ,KAAK;AAE5C,SAASC,WAAW,QAAQ,gBAAgB;AAE5C;;;;;;CAMC,GACD,OAAO,eAAeC,gBACpBC,IAAY,EACZC,WAAkC,IAAI;IAEtC,OAAO,IAAIH,YAAY;QACrBE;QACAE,OAAO,MAAML,WAAWM,QAAQ,CAACH,MAAM;YAAEC;QAAS;IACpD;AACF;AAOA;;;;;CAKC,GACD,OAAO,eAAeG,iBACpBC,KAAkB,EAClBC,OAA2B;IAE3B,OAAOT,WAAWU,SAAS,CAACF,MAAML,IAAI,EAAEK,MAAMH,KAAK,EAAEI;AACvD"}

package/dist/types/caveats.d.ts

@@ -19,6 +19,10 @@ export declare enum SnapCaveatType {
      * The origins that a Snap can receive JSON-RPC messages from.
      */
     RpcOrigin = "rpcOrigin",
+    /**
+     * The origins that a Snap can receive keyring messages from.
+     */
+    KeyringOrigin = "keyringOrigin",
     /**
      * Caveat specifying the snap IDs that can be interacted with.
      */

package/dist/types/handlers.d.ts

@@ -8,7 +8,8 @@ export declare enum HandlerType {
     OnCronjob = "onCronjob",
     OnInstall = "onInstall",
     OnUpdate = "onUpdate",
-    OnNameLookup = "onNameLookup"
+    OnNameLookup = "onNameLookup",
+    OnKeyringRequest = "onKeyringRequest"
 }
 declare type SnapHandler = {
     /**
@@ -62,6 +63,11 @@ export declare const SNAP_EXPORTS: {
         readonly required: false;
         readonly validator: (snapExport: unknown) => snapExport is LifecycleEventHandler;
     };
+    readonly onKeyringRequest: {
+        readonly type: HandlerType.OnKeyringRequest;
+        readonly required: true;
+        readonly validator: (snapExport: unknown) => snapExport is OnKeyringRequestHandler<JsonRpcParams>;
+    };
 };
 /**
  * The `onRpcRequest` handler. This is called whenever a JSON-RPC request is
@@ -142,6 +148,19 @@ export declare type OnInstallHandler = LifecycleEventHandler;
  * This type is an alias for {@link LifecycleEventHandler}.
  */
 export declare type OnUpdateHandler = LifecycleEventHandler;
+/**
+ * The `onKeyringRequest` handler. This is called by the MetaMask client for
+ * privileged keyring actions.
+ *
+ * @param args - The request arguments.
+ * @param args.origin - The origin of the request. This can be the ID of
+ * another snap, or the URL of a dapp.
+ * @param args.request - The JSON-RPC request sent to the snap.
+ */
+export declare type OnKeyringRequestHandler<Params extends JsonRpcParams = JsonRpcParams> = (args: {
+    origin: string;
+    request: JsonRpcRequest<Params>;
+}) => Promise<unknown>;
 /**
  * Utility type for getting the handler function type from a handler type.
  */
@@ -187,7 +206,7 @@ export declare type OnNameLookupHandler = (args: OnNameLookupArgs) => Promise<On
  * All the function-based handlers that a snap can implement.
  */
 export declare type SnapFunctionExports = {
-    [Key in keyof typeof SNAP_EXPORTS]?: HandlerFunction<typeof SNAP_EXPORTS[Key]>;
+    [Key in keyof typeof SNAP_EXPORTS]?: HandlerFunction<(typeof SNAP_EXPORTS)[Key]>;
 };
 /**
  * All handlers that a snap can implement.

package/dist/types/json-rpc.d.ts

@@ -1,11 +1,14 @@
-import type { Json, JsonRpcSuccess, AssertionErrorConstructor } from '@metamask/utils';
+import { SubjectType } from '@metamask/permission-controller';
+import type { AssertionErrorConstructor, Json, JsonRpcSuccess } from '@metamask/utils';
 import type { Infer } from 'superstruct';
 export declare const RpcOriginsStruct: import("superstruct").Struct<{
     dapps?: boolean | undefined;
     snaps?: boolean | undefined;
+    allowedOrigins?: string[] | undefined;
 }, {
     dapps: import("superstruct").Struct<boolean | undefined, null>;
     snaps: import("superstruct").Struct<boolean | undefined, null>;
+    allowedOrigins: import("superstruct").Struct<string[] | undefined, import("superstruct").Struct<string, null>>;
 }>;
 export declare type RpcOrigins = Infer<typeof RpcOriginsStruct>;
 /**
@@ -17,6 +20,30 @@ export declare type RpcOrigins = Infer<typeof RpcOriginsStruct>;
  * @throws If the value is not a valid {@link RpcOrigins} object.
  */
 export declare function assertIsRpcOrigins(value: unknown, ErrorWrapper?: AssertionErrorConstructor): asserts value is RpcOrigins;
+export declare const KeyringOriginsStruct: import("superstruct").Struct<{
+    allowedOrigins?: string[] | undefined;
+}, {
+    allowedOrigins: import("superstruct").Struct<string[] | undefined, import("superstruct").Struct<string, null>>;
+}>;
+export declare type KeyringOrigins = Infer<typeof KeyringOriginsStruct>;
+/**
+ * Assert that the given value is a valid {@link KeyringOrigins} object.
+ *
+ * @param value - The value to assert.
+ * @param ErrorWrapper - An optional error wrapper to use. Defaults to
+ * {@link AssertionError}.
+ * @throws If the value is not a valid {@link KeyringOrigins} object.
+ */
+export declare function assertIsKeyringOrigins(value: unknown, ErrorWrapper?: AssertionErrorConstructor): asserts value is KeyringOrigins;
+/**
+ * Check if the given origin is allowed by the given JSON-RPC origins object.
+ *
+ * @param origins - The JSON-RPC origins object.
+ * @param subjectType - The type of the origin.
+ * @param origin - The origin to check.
+ * @returns Whether the origin is allowed.
+ */
+export declare function isOriginAllowed(origins: RpcOrigins, subjectType: SubjectType, origin: string): boolean;
 /**
  * Assert that the given value is a successful JSON-RPC response. If the value
  * is not a success response, an error is thrown. If the value is an JSON-RPC

package/dist/types/manifest/validation.d.ts

@@ -36,7 +36,6 @@ export declare const SnapIdsStruct: Struct<Record<string, {
 export declare type SnapIds = Infer<typeof SnapIdsStruct>;
 export declare const ChainIdsStruct: Struct<string[], Struct<string, null>>;
 export declare const PermissionsStruct: Struct<{
-    'endowment:long-running'?: {} | undefined;
     'endowment:network-access'?: {} | undefined;
     'endowment:webassembly'?: {} | undefined;
     'endowment:transaction-insight'?: {
@@ -56,8 +55,12 @@ export declare const PermissionsStruct: Struct<{
     'endowment:rpc'?: {
         dapps?: boolean | undefined;
         snaps?: boolean | undefined;
+        allowedOrigins?: string[] | undefined;
     } | undefined;
     'endowment:name-lookup'?: string[] | undefined;
+    'endowment:keyring'?: {
+        allowedOrigins?: string[] | undefined;
+    } | undefined;
     snap_dialog?: {} | undefined;
     snap_confirm?: {} | undefined;
     snap_manageState?: {} | undefined;
@@ -79,7 +82,6 @@ export declare const PermissionsStruct: Struct<{
         version?: string | undefined;
     }> | undefined;
 }, {
-    'endowment:long-running': Struct<{} | undefined, {}>;
     'endowment:network-access': Struct<{} | undefined, {}>;
     'endowment:webassembly': Struct<{} | undefined, {}>;
     'endowment:transaction-insight': Struct<{
@@ -132,11 +134,18 @@ export declare const PermissionsStruct: Struct<{
     'endowment:rpc': Struct<{
         dapps?: boolean | undefined;
         snaps?: boolean | undefined;
+        allowedOrigins?: string[] | undefined;
     } | undefined, {
         dapps: Struct<boolean | undefined, null>;
         snaps: Struct<boolean | undefined, null>;
+        allowedOrigins: Struct<string[] | undefined, Struct<string, null>>;
     }>;
     'endowment:name-lookup': Struct<string[] | undefined, Struct<string, null>>;
+    'endowment:keyring': Struct<{
+        allowedOrigins?: string[] | undefined;
+    } | undefined, {
+        allowedOrigins: Struct<string[] | undefined, Struct<string, null>>;
+    }>;
     snap_dialog: Struct<{} | undefined, {}>;
     snap_confirm: Struct<{} | undefined, {}>;
     snap_manageState: Struct<{} | undefined, {}>;
@@ -197,7 +206,6 @@ export declare const SnapManifestStruct: Struct<{
         shasum: string;
     };
     initialPermissions: {
-        'endowment:long-running'?: {} | undefined;
         'endowment:network-access'?: {} | undefined;
         'endowment:webassembly'?: {} | undefined;
         'endowment:transaction-insight'?: {
@@ -217,8 +225,12 @@ export declare const SnapManifestStruct: Struct<{
         'endowment:rpc'?: {
             dapps?: boolean | undefined;
             snaps?: boolean | undefined;
+            allowedOrigins?: string[] | undefined;
         } | undefined;
         'endowment:name-lookup'?: string[] | undefined;
+        'endowment:keyring'?: {
+            allowedOrigins?: string[] | undefined;
+        } | undefined;
         snap_dialog?: {} | undefined;
         snap_confirm?: {} | undefined;
         snap_manageState?: {} | undefined;
@@ -291,7 +303,6 @@ export declare const SnapManifestStruct: Struct<{
         }>;
     }>;
     initialPermissions: Struct<{
-        'endowment:long-running'?: {} | undefined;
         'endowment:network-access'?: {} | undefined;
         'endowment:webassembly'?: {} | undefined;
         'endowment:transaction-insight'?: {
@@ -311,8 +322,12 @@ export declare const SnapManifestStruct: Struct<{
         'endowment:rpc'?: {
             dapps?: boolean | undefined;
             snaps?: boolean | undefined;
+            allowedOrigins?: string[] | undefined;
         } | undefined;
         'endowment:name-lookup'?: string[] | undefined;
+        'endowment:keyring'?: {
+            allowedOrigins?: string[] | undefined;
+        } | undefined;
         snap_dialog?: {} | undefined;
         snap_confirm?: {} | undefined;
         snap_manageState?: {} | undefined;
@@ -334,7 +349,6 @@ export declare const SnapManifestStruct: Struct<{
             version?: string | undefined;
         }> | undefined;
     }, {
-        'endowment:long-running': Struct<{} | undefined, {}>;
         'endowment:network-access': Struct<{} | undefined, {}>;
         'endowment:webassembly': Struct<{} | undefined, {}>;
         'endowment:transaction-insight': Struct<{
@@ -387,11 +401,18 @@ export declare const SnapManifestStruct: Struct<{
         'endowment:rpc': Struct<{
             dapps?: boolean | undefined;
             snaps?: boolean | undefined;
+            allowedOrigins?: string[] | undefined;
         } | undefined, {
             dapps: Struct<boolean | undefined, null>;
             snaps: Struct<boolean | undefined, null>;
+            allowedOrigins: Struct<string[] | undefined, Struct<string, null>>;
         }>;
         'endowment:name-lookup': Struct<string[] | undefined, Struct<string, null>>;
+        'endowment:keyring': Struct<{
+            allowedOrigins?: string[] | undefined;
+        } | undefined, {
+            allowedOrigins: Struct<string[] | undefined, Struct<string, null>>;
+        }>;
         snap_dialog: Struct<{} | undefined, {}>;
         snap_confirm: Struct<{} | undefined, {}>;
         snap_manageState: Struct<{} | undefined, {}>;

package/dist/types/virtual-file/toVirtualFile.d.ts

@@ -10,7 +10,7 @@ import { VirtualFile } from './VirtualFile';
  * @returns Promise returning VFile with loaded file contents.
  */
 export declare function readVirtualFile(path: string, encoding?: BufferEncoding | null): Promise<VirtualFile<unknown>>;
-declare type WriteVFileOptions = Exclude<Parameters<typeof fsPromises['writeFile']>[2], undefined>;
+declare type WriteVFileOptions = Exclude<Parameters<(typeof fsPromises)['writeFile']>[2], undefined>;
 /**
  * Writes vfile to filesystem.
  *

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@metamask/snaps-utils",
-  "version": "2.0.0",
+  "version": "3.0.0",
   "repository": {
     "type": "git",
     "url": "https://github.com/MetaMask/snaps.git"
@@ -46,7 +46,7 @@
   "scripts": {
     "test": "rimraf coverage && jest && yarn test:browser && yarn posttest",
     "posttest": "ts-node scripts/coverage.ts && rimraf coverage/jest coverage/wdio",
-    "test:browser": "wdio run wdio.config.ts",
+    "test:browser": "wdio run wdio.config.js",
     "test:ci": "yarn test",
     "lint:eslint": "eslint . --cache --ext js,ts,jsx,tsx",
     "lint:misc": "prettier --no-error-on-unmatched-pattern --loglevel warn \"**/*.json\" \"**/*.md\" \"**/*.html\" \"!CHANGELOG.md\" --ignore-path ../../.gitignore",
@@ -70,9 +70,9 @@
     "@babel/types": "^7.18.7",
     "@metamask/base-controller": "^3.2.0",
     "@metamask/key-tree": "^9.0.0",
-    "@metamask/permission-controller": "^4.1.0",
+    "@metamask/permission-controller": "^4.1.2",
     "@metamask/snaps-registry": "^2.0.0",
-    "@metamask/snaps-ui": "^2.0.0",
+    "@metamask/snaps-ui": "^3.0.0",
     "@metamask/utils": "^8.1.0",
     "@noble/hashes": "^1.3.1",
     "@scure/base": "^1.1.1",
@@ -84,15 +84,15 @@
     "is-svg": "^4.4.0",
     "rfdc": "^1.3.0",
     "semver": "^7.5.4",
-    "ses": "^0.18.7",
+    "ses": "^0.18.8",
     "superstruct": "^1.0.3",
     "validate-npm-package-name": "^5.0.0"
   },
   "devDependencies": {
     "@esbuild-plugins/node-globals-polyfill": "^0.2.3",
     "@esbuild-plugins/node-modules-polyfill": "^0.2.2",
-    "@lavamoat/allow-scripts": "^2.3.1",
-    "@metamask/auto-changelog": "^3.1.0",
+    "@lavamoat/allow-scripts": "^2.5.1",
+    "@metamask/auto-changelog": "^3.3.0",
     "@metamask/eslint-config": "^12.1.0",
     "@metamask/eslint-config-jest": "^12.1.0",
     "@metamask/eslint-config-nodejs": "^12.1.0",
@@ -144,7 +144,7 @@
     "webdriverio": "^8.15.9"
   },
   "engines": {
-    "node": ">=16.0.0"
+    "node": "^18.16 || >=20"
   },
   "publishConfig": {
     "access": "public",