feat: Add Multichain API to @metamask/multichain
#4813
Conversation
## Explanation This PR fixes a lot of the linting and typescript errors. still some left but this covers a lot of it. <!-- Thanks for your contribution! Take a moment to answer these questions so that reviewers have the information they need to properly understand your changes: * What is the current state of things and why does it need to change? * What is the solution your changes offer and how does it work? * Are there any changes whose purpose might not obvious to those unfamiliar with the domain? * If your primary goal was to update one package but you found you had to update another one along the way, why did you do so? * If you had to upgrade a dependency, why did you do so? --> ## References <!-- Are there any issues that this pull request is tied to? Are there other links that reviewers should consult to understand these changes better? Are there client or consumer pull requests to adopt any breaking changes? For example: * Fixes #12345 * Related to #67890 --> ## Changelog <!-- If you're making any consumer-facing changes, list those changes here as if you were updating a changelog, using the template below as a guide. (CATEGORY is one of BREAKING, ADDED, CHANGED, DEPRECATED, REMOVED, or FIXED. For security-related issues, follow the Security Advisory process.) Please take care to name the exact pieces of the API you've added or changed (e.g. types, interfaces, functions, or methods). If there are any breaking changes, make sure to offer a solution for consumers to follow once they upgrade to the changes. Finally, if you're only making changes to development scripts or tests, you may replace the template below with "None". --> ### `@metamask/package-a` - **<CATEGORY>**: Your change here - **<CATEGORY>**: Your change here ### `@metamask/package-b` - **<CATEGORY>**: Your change here - **<CATEGORY>**: Your change here ## Checklist - [ ] I've updated the test suite for new or updated code as appropriate - [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [ ] I've highlighted breaking changes using the "BREAKING" category above as appropriate - [ ] I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes --------- Co-authored-by: Jiexi Luan <[email protected]>
## Explanation <!-- Thanks for your contribution! Take a moment to answer these questions so that reviewers have the information they need to properly understand your changes: * What is the current state of things and why does it need to change? * What is the solution your changes offer and how does it work? * Are there any changes whose purpose might not obvious to those unfamiliar with the domain? * If your primary goal was to update one package but you found you had to update another one along the way, why did you do so? * If you had to upgrade a dependency, why did you do so? --> Added ESM exports for multichain package ## References <!-- Are there any issues that this pull request is tied to? Are there other links that reviewers should consult to understand these changes better? Are there client or consumer pull requests to adopt any breaking changes? For example: * Fixes #12345 * Related to #67890 --> ## Changelog <!-- If you're making any consumer-facing changes, list those changes here as if you were updating a changelog, using the template below as a guide. (CATEGORY is one of BREAKING, ADDED, CHANGED, DEPRECATED, REMOVED, or FIXED. For security-related issues, follow the Security Advisory process.) Please take care to name the exact pieces of the API you've added or changed (e.g. types, interfaces, functions, or methods). If there are any breaking changes, make sure to offer a solution for consumers to follow once they upgrade to the changes. Finally, if you're only making changes to development scripts or tests, you may replace the template below with "None". --> ### `@metamask/package-a` - **<CATEGORY>**: Your change here - **<CATEGORY>**: Your change here ### `@metamask/package-b` - **<CATEGORY>**: Your change here - **<CATEGORY>**: Your change here ## Checklist - [ ] I've updated the test suite for new or updated code as appropriate - [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [ ] I've highlighted breaking changes using the "BREAKING" category above as appropriate - [ ] I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes
|
@metamaskbot publish-preview |
|
Preview builds have been published. See these instructions for more information about preview builds. Expand for full list of packages and versions. |
|
@metamaskbot publish-preview |
|
Preview builds have been published. See these instructions for more information about preview builds. Expand for full list of packages and versions. |
yarn.lock
Outdated
| @@ -3825,8 +3872,8 @@ __metadata: | |||
| linkType: hard | |||
|
|
|||
| "@metamask/snaps-controllers@npm:^9.10.0": | |||
| version: 9.13.0 | |||
| resolution: "@metamask/snaps-controllers@npm:9.13.0" | |||
| version: 9.12.0 | |||
There was a problem hiding this comment.
Seems like a rebase gone wrong potentially?
There was a problem hiding this comment.
i've tried yarn and yarn dedupe and removing my node_modules. My yarn lock doesn't change
There was a problem hiding this comment.
deleting my yarn.lock and running yarn and deduping again gives me this 20588ef
There was a problem hiding this comment.
this package resolves to 9.17.0 on this line now
| 'failed to resolve namespace for wallet_invokeMethod', | ||
| request, | ||
| ); | ||
| return end(rpcErrors.internal()); |
There was a problem hiding this comment.
Seems like this should be some kind of "unsupported" error instead?
There was a problem hiding this comment.
We have unsupported method, unauthorized, resourceUnavailable, resourceNotFound.
I think it's an internal error because we do a check above to see that the requested scope and method are even permitted in the first place. If they aren't supported, then the dapp shouldn't have that scope in the sessionScope value we return to them
| 'failed to resolve network client for wallet_invokeMethod', | ||
| request, | ||
| ); | ||
| return end(rpcErrors.internal()); |
There was a problem hiding this comment.
Seems like this should be some kind of "unsupported" error instead?
There was a problem hiding this comment.
I believe this is an internal error because if it were unsupported it would have been caught in validation middleware (that verifies that its an authorized scope, meaning it should definitely be resolvable) that would run before it reached this handler, but correct me if I'm wrong on this @jiexi
There was a problem hiding this comment.
almost. If there isn't a networkClient that can serve the chainId, then the chainId/scope should not be in the sessionScopes for the dapp, i.e. this should fail on the scopeObject?.methods?.includes(wrappedRequest.method) check above all this
packages/multichain/src/adapters/caip-permission-adapter-middleware.ts
Outdated
Show resolved
Hide resolved
Co-authored-by: Frederik Bolding <[email protected]>
|
@SocketSecurity ignore npm/[email protected] new author seems to be bot that is on numerous other popular npm packages |
|
@SocketSecurity ignore npm/@npmcli/[email protected] new author seems to be bot that is on numerous other popular npm packages |
|
@SocketSecurity ignore npm/[email protected] new author seems to be bot that is on numerous other popular npm packages |
|
@SocketSecurity ignore npm/[email protected] author contributes to other repos with several thousand stars |
|
@SocketSecurity ignore npm/[email protected] new author seems to be involved in node and typescript development. His two changes to this package are a removal of a file and bumping the node engine version |
|
@SocketSecurity ignore npm/[email protected] New authors changes seem just to be fixes. Author is also part of the Netflix open source org |
|
@SocketSecurity ignore npm/[email protected] makes sense for this package to have network access |
Explanation
This PR updates
@metamask/multichainto add method handlers and middleware specific to the new Multichain API and which can be shared across the extension & mobile clients. The package includes implementations for managing multichain sessions, handling multichain RPC methods, and integrating multichain functionalities into the MetaMask extension. Key features of this package include:wallet_createSession,wallet_invokeMethod,wallet_revokeSession, andwallet_getSession.NormalizedScopesObjectandInternalScopesObjectThese tools and utilities will be used in both clients (mobile + extension)'s multichain API implementations.
File Overview
packages/multichain/src/adapters/caip-permission-adapter-middleware.ts: Middleware for the EIP-1193 API that enforces a CAIP-25 permission for each request if that CAIP-25 permission was granted viawallet_createSessionpackages/multichain/src/handlers/wallet-getSession.ts: Handlers for CAIP Multichain lifecycle methods except forwallet_createSessionwhich seemed a little too platform specific to belong in a shared package currentlypackages/multichain/src/middlewares/: Middleware for the Multichain API that helps facilitate concurrent eth subscriptions and for using@metamask/api-specsfor method param validation for new CAIP Multichain methodspackages/multichain/src/scope/authorization.ts: Adds helpers that sort scopes based on if they are currently supported by the wallet (i.e. a network already exists the eip155 scope), if they could be supported by the wallet (i.e. the network does not already exist for the eip155 scope, but the dapp has provided EIP-3085 details for adding the network in thescopedPropertiesproperty of thewallet_createSessionrequest), or if they cannot be served.packages/multichain/src/scope/filter.ts: provides helpers used for the bucketing above inauthorization.tstypes/@metamask/eth-json-rpc-filters.d.ts: Typedef for missing types in@metamask/eth-json-rpc-filters/subscriptionManagerReferences
Upstream: #4784
Downstream: None. This is the end.
Key Multichain API Standards implemented here:
wallet_creatSessionwallet_invokeMethodwallet_revokeSessionwallet_sessionChangedwallet_getSessionOpen PR that uses this new package for exposing the multichain API in the extension: MetaMask/metamask-extension#27782
Changelog
@metamask/multichaingetInternalScopesObjectandgetSessionScopeshelpers for transforming betweenNormalizedScopesObjectandInternalScopesObject.caipPermissionAdapterMiddlewarefor enforcing CAIP-25 permission on the EIP-1193 API.walletGetSession,walletInvokeMethod, andwalletRevokeSessionhandlers.multichainMethodCallValidatorMiddlewarefor validating Multichain API method params as defined in@metamask/api-specs.MultichainMiddlewareManagerto multiplex a request to other middleware based on requested scope.MultichainSubscriptionManagerto handle concurrent subscriptions across multiple scopes.bucketScopeswhich groups the scopes in aNormalizedScopesObjectbased on if the scopes are already supported, could be supported, or are not supportable.getSupportedScopeObjectshelper for getting only the supported methods and notifications from eachNormalizedScopeObjectin aNormalizedScopesObject.Checklist