feat: adds utility functions to create caveats array for each permission type#265
feat: adds utility functions to create caveats array for each permission type#265jeffsmale90 wants to merge 4 commits into
Conversation
jeffsmale90
force-pushed
the
feat/permission-caveat-builders
branch
from
16da695 to
05387b5
Compare
| // delegation-core accepts bigint for encoding although the type is `number`. | ||
| periodDuration: BigInt(UINT256_MAX) as unknown as number, |
There was a problem hiding this comment.
this is a temporary measure, until we migrate to the fixed allowance enforcer.
| terms: createNativeTokenPeriodTransferTerms({ | ||
| periodAmount: BigInt(allowanceAmount), | ||
| // delegation-core accepts bigint for encoding although the type is `number`. | ||
| periodDuration: BigInt(UINT256_MAX) as unknown as number, |
There was a problem hiding this comment.
this is a temporary measure, until we migrate to the fixed allowance enforcer.
jeffsmale90
changed the title
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 488e6ce. Configure here.
mj-kiwi
left a comment
mj-kiwi
left a comment
There was a problem hiding this comment.
Some functions are labeled async yet contain no await calls. Should we turn them sync instead?
| * @param options0.contracts - Enforcer addresses used to construct caveats. | ||
| * @returns The ERC-20 allowance and zero-value caveats. | ||
| */ | ||
| export async function createErc20TokenAllowanceCaveats({ |
There was a problem hiding this comment.
I can’t see any await inside this function, should we delete the async here?
2 participants
📝 Description
This PR adds utility functions to create caveats array for each permission type to @metamask/7715-permission-types. These were migrated from @metamask/gator-permissions-snap.
🔄 What Changed?
Adds new utility functions that accept a populated permission object, and specific caveat addresses, and returns the
Caveat<Hex>[]representing that permission.createErc20TokenStreamCaveats()createErc20TokenPeriodicCaveats()createErc20TokenAllowanceCaveats()createNativeTokenStreamCaveats()createNativeTokenPeriodicCaveats()createNativeTokenAllowanceCaveats()createTokenApprovalRevocationCaveats()🚀 Why?
Presently when adding new permission types to MetaMask Advanced Permissions, changes must be made across a number of different repositories. By centralising the permission definitions into a single repository, it allows us to add a permission definition in one place (@metamask/7715-permission-types), and simply update dependencies across @metamask/gator-permissions-controller, @metamask/gator-permissions-snap, @metamask/smart-accounts-kit, and MetaMask clients.
This change is migrating one of the components needed to achieve that vision.
🧪 How to Test?
The changes in this PR are integrated into @metamask/gator-permissions-snap in this draft PR MetaMask/snap-7715-permissions#363. Adding a reference to @metamask/7715-permission-types with the changes from this PR, then validate with the following steps:
List any breaking changes:
📋 Checklist
Check off completed items:
🔗 Related Issues
Link to related issues:
Closes #
Related to #
📚 Additional Notes
Any additional information, concerns, or context:
Note
High Risk
Builders define delegation caveat bytes that constrain token and approval-revocation execution; encoding mistakes could misrepresent granted permissions on-chain despite matching existing snap behavior and decoder tests.
Overview
Adds encode-side helpers in
@metamask/7715-permission-types(migrated from@metamask/gator-permissions-snap) so callers can turn a fully specified ERC-7715 permission into the on-chainCaveat[]for that type.Seven new
create*Caveats()functions live next to the existing decoders: ERC-20 stream/periodic/allowance, native stream/periodic/allowance, and token-approval-revocation. Each takesDeepRequired<…Permission>plus chain enforcer addresses (*Enforcerstypes) and returns caveats built via@metamask/delegation-core(e.g. periodic/streaming terms,valueLteat zero for ERC-20,exactCalldata0xfor native ETH).DeepRequiredis added for builder inputs; builders and enforcer types are re-exported from the package entry.Vitest suites assert encoded terms match what the decoders already expect. Changelog documents the new APIs.
Reviewed by Cursor Bugbot for commit 488e6ce. Bugbot is set up for automated code reviews on this repo. Configure here.