		@@ -10,2 +10,19 @@ # Changelog

		## [12.2.0]

		### Added

		- Add `PermissionController:getCaveat` action ([#7303](https://github.com/MetaMask/core/pull/7303))

		### Changed

		- Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511))
		- Move peer dependencies for controller and service packages to direct dependencies ([#7209](https://github.com/MetaMask/core/pull/7209))
		- The dependencies moved are:
		- `@metamask/approval-controller` (^8.0.0)
		- In clients, it is now possible for multiple versions of these packages to exist in the dependency tree.
		- For example, this scenario would be valid: a client relies on `@metamask/controller-a` 1.0.0 and `@metamask/controller-b` 1.0.0, and `@metamask/controller-b` depends on `@metamask/controller-a` 1.1.0.
		- Note, however, that the versions specified in the client's `package.json` always "win", and you are expected to keep them up to date so as not to break controller and service intercommunication.
		- Bump `@metamask/controller-utils` from `^11.16.0` to `^11.17.0` ([#7534](https://github.com/MetaMask/core/pull/7534))

		## [12.1.1]
		@@ -376,3 +393,4 @@

		[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@12.1.1...HEAD
		[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@12.2.0...HEAD
		[12.2.0]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@12.1.1...@metamask/permission-controller@12.2.0
		[12.1.1]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@12.1.0...@metamask/permission-controller@12.1.1
		@@ -379,0 +397,0 @@ [12.1.0]: https://github.com/MetaMask/core/compare/@metamask/permission-controller@12.0.0...@metamask/permission-controller@12.1.0

+8

-7

dist/errors.cjs

		@@ -5,2 +5,3 @@ "use strict";
		const rpc_errors_1 = require("@metamask/rpc-errors");
		const rpc_errors_2 = require("@metamask/rpc-errors");
		/**
		@@ -13,3 +14,3 @@ * Utility function for building an "unauthorized" error.
		function unauthorized(opts) {
		return rpc_errors_1.providerErrors.unauthorized({
		return rpc_errors_2.providerErrors.unauthorized({
		message: 'Unauthorized to perform action. Try requesting the required permission(s) first. For more information, see: https://docs.metamask.io/guide/rpc-api.html#permissions',
		@@ -33,3 +34,3 @@ data: opts.data,
		}
		return rpc_errors_1.rpcErrors.methodNotFound(opts);
		return rpc_errors_2.rpcErrors.methodNotFound(opts);
		}
		@@ -44,3 +45,3 @@ exports.methodNotFound = methodNotFound;
		function invalidParams(opts) {
		return rpc_errors_1.rpcErrors.invalidParams({
		return rpc_errors_2.rpcErrors.invalidParams({
		data: opts.data,
		@@ -58,3 +59,3 @@ message: opts.message,
		function userRejectedRequest(data) {
		return rpc_errors_1.providerErrors.userRejectedRequest({ data });
		return rpc_errors_2.providerErrors.userRejectedRequest({ data });
		}
		@@ -70,3 +71,3 @@ exports.userRejectedRequest = userRejectedRequest;
		function internalError(message, data) {
		return rpc_errors_1.rpcErrors.internal({ message, data });
		return rpc_errors_2.rpcErrors.internal({ message, data });
		}
		@@ -162,5 +163,5 @@ exports.internalError = internalError;
		exports.CaveatAlreadyExistsError = CaveatAlreadyExistsError;
		class InvalidCaveatError extends rpc_errors_1.JsonRpcError {
		class InvalidCaveatError extends rpc_errors_2.JsonRpcError {
		constructor(receivedCaveat, origin, target) {
		super(rpc_errors_1.errorCodes.rpc.invalidParams, `Invalid caveat. Caveats must be plain objects.`, { receivedCaveat });
		super(rpc_errors_2.errorCodes.rpc.invalidParams, `Invalid caveat. Caveats must be plain objects.`, { receivedCaveat });
		this.data = { origin, target };
		@@ -167,0 +168,0 @@ }

+4

-9

dist/errors.d.cts

		@@ -1,2 +0,2 @@
		import type { DataWithOptionalCause } from "@metamask/rpc-errors";
		import { DataWithOptionalCause, EthereumProviderError, OptionalDataWithOptionalCause } from "@metamask/rpc-errors";
		import { JsonRpcError } from "@metamask/rpc-errors";
		@@ -16,3 +16,3 @@ import type { CaveatConstraint } from "./Caveat.cjs";
		*/
		export declare function unauthorized(opts: UnauthorizedArg): import("@metamask/rpc-errors").EthereumProviderError<Record<string, unknown>>;
		export declare function unauthorized(opts: UnauthorizedArg): EthereumProviderError<UnauthorizedArg>;
		/**
		@@ -25,3 +25,3 @@ * Utility function for building a "method not found" error.
		*/
		export declare function methodNotFound(method: string, data?: DataWithOptionalCause): JsonRpcError<import("@metamask/rpc-errors").OptionalDataWithOptionalCause>;
		export declare function methodNotFound(method: string, data?: DataWithOptionalCause): JsonRpcError<OptionalDataWithOptionalCause>;
		type InvalidParamsArg = {
		@@ -37,8 +37,3 @@ message?: string;
		*/
		export declare function invalidParams(opts: InvalidParamsArg): JsonRpcError<string \| number \| boolean \| import("@metamask/utils").Json[] \| {
		[prop: string]: import("@metamask/utils").Json;
		} \| {
		[key: string]: unknown;
		cause?: unknown;
		} \| null>;
		export declare function invalidParams(opts: InvalidParamsArg): JsonRpcError<DataWithOptionalCause>;
		/**
		@@ -45,0 +40,0 @@ * Utility function for building an "user rejected request" error.

+4

-9

dist/errors.d.mts

		@@ -1,2 +0,2 @@
		import type { DataWithOptionalCause } from "@metamask/rpc-errors";
		import { DataWithOptionalCause, EthereumProviderError, OptionalDataWithOptionalCause } from "@metamask/rpc-errors";
		import { JsonRpcError } from "@metamask/rpc-errors";
		@@ -16,3 +16,3 @@ import type { CaveatConstraint } from "./Caveat.mjs";
		*/
		export declare function unauthorized(opts: UnauthorizedArg): import("@metamask/rpc-errors").EthereumProviderError<Record<string, unknown>>;
		export declare function unauthorized(opts: UnauthorizedArg): EthereumProviderError<UnauthorizedArg>;
		/**
		@@ -25,3 +25,3 @@ * Utility function for building a "method not found" error.
		*/
		export declare function methodNotFound(method: string, data?: DataWithOptionalCause): JsonRpcError<import("@metamask/rpc-errors").OptionalDataWithOptionalCause>;
		export declare function methodNotFound(method: string, data?: DataWithOptionalCause): JsonRpcError<OptionalDataWithOptionalCause>;
		type InvalidParamsArg = {
		@@ -37,8 +37,3 @@ message?: string;
		*/
		export declare function invalidParams(opts: InvalidParamsArg): JsonRpcError<string \| number \| boolean \| import("@metamask/utils").Json[] \| {
		[prop: string]: import("@metamask/utils").Json;
		} \| {
		[key: string]: unknown;
		cause?: unknown;
		} \| null>;
		export declare function invalidParams(opts: InvalidParamsArg): JsonRpcError<DataWithOptionalCause>;
		/**
		@@ -45,0 +40,0 @@ * Utility function for building an "user rejected request" error.

+1

-0

dist/errors.mjs

		@@ -0,1 +1,2 @@
		import { EthereumProviderError } from "@metamask/rpc-errors";
		import { errorCodes, providerErrors, rpcErrors, JsonRpcError } from "@metamask/rpc-errors";
		@@ -2,0 +3,0 @@ /**

+1

-1

dist/permission-middleware.cjs

		@@ -22,3 +22,3 @@ "use strict";
		* @param options - Options bag.
		* @param options.executeRestrictedMethod - {@link PermissionController._executeRestrictedMethod}.
		* @param options.executeRestrictedMethod - `PermissionController.executeRestrictedMethod`.
		* @param options.getRestrictedMethod - {@link PermissionController.getRestrictedMethod}.
		@@ -25,0 +25,0 @@ * @param options.isUnrestrictedMethod - A function that checks whether a

+4

-3

dist/permission-middleware.d.cts

		import type { JsonRpcMiddleware } from "@metamask/json-rpc-engine";
		import type { Json } from "@metamask/utils";
		import type { GenericPermissionController, PermissionSubjectMetadata, RestrictedMethodParameters } from "./index.cjs";
		import type { GenericPermissionController, PermissionSubjectMetadata, RestrictedMethod, RestrictedMethodParameters } from "./index.cjs";
		type ExecuteRestrictedMethod = (methodImplementation: RestrictedMethod<RestrictedMethodParameters, Json>, subject: PermissionSubjectMetadata, method: string, params?: RestrictedMethodParameters) => ReturnType<RestrictedMethod<RestrictedMethodParameters, Json>>;
		type PermissionMiddlewareFactoryOptions = {
		executeRestrictedMethod: GenericPermissionController['_executeRestrictedMethod'];
		executeRestrictedMethod: ExecuteRestrictedMethod;
		getRestrictedMethod: GenericPermissionController['getRestrictedMethod'];
		@@ -25,3 +26,3 @@ isUnrestrictedMethod: (method: string) => boolean;
		* @param options - Options bag.
		* @param options.executeRestrictedMethod - {@link PermissionController._executeRestrictedMethod}.
		* @param options.executeRestrictedMethod - `PermissionController.executeRestrictedMethod`.
		* @param options.getRestrictedMethod - {@link PermissionController.getRestrictedMethod}.
		@@ -28,0 +29,0 @@ * @param options.isUnrestrictedMethod - A function that checks whether a

+4

-3

dist/permission-middleware.d.mts

		import type { JsonRpcMiddleware } from "@metamask/json-rpc-engine";
		import type { Json } from "@metamask/utils";
		import type { GenericPermissionController, PermissionSubjectMetadata, RestrictedMethodParameters } from "./index.mjs";
		import type { GenericPermissionController, PermissionSubjectMetadata, RestrictedMethod, RestrictedMethodParameters } from "./index.mjs";
		type ExecuteRestrictedMethod = (methodImplementation: RestrictedMethod<RestrictedMethodParameters, Json>, subject: PermissionSubjectMetadata, method: string, params?: RestrictedMethodParameters) => ReturnType<RestrictedMethod<RestrictedMethodParameters, Json>>;
		type PermissionMiddlewareFactoryOptions = {
		executeRestrictedMethod: GenericPermissionController['_executeRestrictedMethod'];
		executeRestrictedMethod: ExecuteRestrictedMethod;
		getRestrictedMethod: GenericPermissionController['getRestrictedMethod'];
		@@ -25,3 +26,3 @@ isUnrestrictedMethod: (method: string) => boolean;
		* @param options - Options bag.
		* @param options.executeRestrictedMethod - {@link PermissionController._executeRestrictedMethod}.
		* @param options.executeRestrictedMethod - `PermissionController.executeRestrictedMethod`.
		* @param options.getRestrictedMethod - {@link PermissionController.getRestrictedMethod}.
		@@ -28,0 +29,0 @@ * @param options.isUnrestrictedMethod - A function that checks whether a

+1

-1

dist/permission-middleware.mjs

		@@ -19,3 +19,3 @@ import { createAsyncMiddleware } from "@metamask/json-rpc-engine";
		* @param options - Options bag.
		* @param options.executeRestrictedMethod - {@link PermissionController._executeRestrictedMethod}.
		* @param options.executeRestrictedMethod - `PermissionController.executeRestrictedMethod`.
		* @param options.getRestrictedMethod - {@link PermissionController.getRestrictedMethod}.
		@@ -22,0 +22,0 @@ * @param options.isUnrestrictedMethod - A function that checks whether a

+8

-268

dist/PermissionController.d.cts

		@@ -179,2 +179,9 @@ import type { AcceptRequest as AcceptApprovalRequest, AddApprovalRequest, HasApprovalRequest, RejectRequest as RejectApprovalRequest } from "@metamask/approval-controller";
		/**
		* Get a caveat value for a specified caveat type belonging to a specific target and origin.
		*/
		export type GetCaveat = {
		type: `${typeof controllerName}:getCaveat`;
		handler: GenericPermissionController['getCaveat'];
		};
		/**
		* Clears all permissions from the {@link PermissionController}.
		@@ -196,3 +203,3 @@ */
		*/
		export type PermissionControllerActions = ClearPermissions \| GetEndowments \| GetPermissionControllerState \| GetSubjects \| GetPermissions \| HasPermission \| HasPermissions \| GrantPermissions \| GrantPermissionsIncremental \| RequestPermissions \| RequestPermissionsIncremental \| RevokeAllPermissions \| RevokePermissionForAllSubjects \| RevokePermissions \| UpdateCaveat;
		export type PermissionControllerActions = ClearPermissions \| GetEndowments \| GetPermissionControllerState \| GetSubjects \| GetPermissions \| HasPermission \| HasPermissions \| GrantPermissions \| GrantPermissionsIncremental \| RequestPermissions \| RequestPermissionsIncremental \| RevokeAllPermissions \| RevokePermissionForAllSubjects \| RevokePermissions \| UpdateCaveat \| GetCaveat;
		/**
		@@ -314,5 +321,2 @@ * The generic state change event of the {@link PermissionController}.
		#private;
		private readonly _caveatSpecifications;
		private readonly _permissionSpecifications;
		private readonly _unrestrictedMethods;
		/**
		@@ -352,31 +356,2 @@ * The names of all JSON-RPC methods that will be ignored by the controller.
		/**
		* Gets a permission specification.
		*
		* @param targetName - The name of the permission specification to get.
		* @returns The permission specification with the specified target name.
		*/
		private getPermissionSpecification;
		/**
		* Gets a caveat specification.
		*
		* @param caveatType - The type of the caveat specification to get.
		* @returns The caveat specification with the specified type.
		*/
		private getCaveatSpecification;
		/**
		* Constructor helper for validating permission specifications.
		*
		* Throws an error if validation fails.
		*
		* @param permissionSpecifications - The permission specifications passed to
		* this controller's constructor.
		* @param caveatSpecifications - The caveat specifications passed to this
		* controller.
		*/
		private validatePermissionSpecifications;
		/**
		* Constructor helper for registering the controller's messenger actions.
		*/
		private registerMessageHandlers;
		/**
		* Clears the state of the controller.
		@@ -386,17 +361,2 @@ */
		/**
		* Gets the permission specification corresponding to the given permission
		* type and target name. Throws an error if the target name does not
		* correspond to a permission, or if the specification is not of the
		* given permission type.
		*
		* @template Type - The type of the permission specification to get.
		* @param permissionType - The type of the permission specification to get.
		* @param targetName - The name of the permission whose specification to get.
		* @param requestingOrigin - The origin of the requesting subject, if any.
		* Will be added to any thrown errors.
		* @returns The specification object corresponding to the given type and
		* target name.
		*/
		private getTypedPermissionSpecification;
		/**
		* Gets the implementation of the specified restricted method.
		@@ -489,13 +449,2 @@ *
		/**
		* Deletes the permission identified by the given origin and target. If the
		* permission is the single remaining permission of its subject, the subject
		* is also deleted.
		*
		* @param subjects - The draft permission controller subjects.
		* @param origin - The origin of the subject associated with the permission
		* to delete.
		* @param target - The target name of the permission to delete.
		*/
		private deletePermission;
		/**
		* Checks whether the permission of the subject corresponding to the given
		@@ -572,21 +521,2 @@ * origin has a caveat of the specified type.
		/**
		* Sets the specified caveat on the specified permission. Overwrites existing
		* caveats of the same type in-place (preserving array order), and adds the
		* caveat to the end of the array otherwise.
		*
		* Throws an error if the permission does not exist or fails to validate after
		* its caveats have been modified.
		*
		* @see {@link PermissionController.addCaveat}
		* @see {@link PermissionController.updateCaveat}
		* @template TargetName - The permission target name. Should be inferred.
		* @template CaveatType - The valid caveat types for the permission. Should
		* be inferred.
		* @param origin - The origin of the subject.
		* @param target - The target name of the permission.
		* @param caveatType - The type of the caveat to set.
		* @param caveatValue - The value of the caveat to set.
		*/
		private setCaveat;
		/**
		* Updates all caveats with the specified type for all subjects and
		@@ -630,36 +560,2 @@ * permissions by applying the specified mutator function to them.
		/**
		* Deletes the specified caveat from the specified permission. If no caveats
		* remain after deletion, the permission's caveat property is set to `null`.
		* The permission is validated after being modified.
		*
		* Throws an error if the permission does not have a caveat with the specified
		* type.
		*
		* @param permission - The permission whose caveat to delete.
		* @param caveatType - The type of the caveat to delete.
		* @param origin - The origin the permission subject.
		*/
		private deleteCaveat;
		/**
		* Validates the specified modified permission. Should always be invoked
		* on a permission when its caveat array has been mutated.
		*
		* Just like {@link PermissionController.validatePermission}, except that the
		* corresponding target name and specification are retrieved first, and an
		* error is thrown if the target name does not exist.
		*
		* @param permission - The modified permission to validate.
		* @param origin - The origin associated with the permission.
		* @param validationFlags - Validation flags. See {@link PermissionController.validatePermission}.
		*/
		private validateModifiedPermission;
		/**
		* Verifies the existence the specified permission target, i.e. whether it has
		* a specification.
		*
		* @param target - The requested permission target.
		* @returns Whether the permission target exists.
		*/
		private targetExists;
		/**
		* Grants _approved_ permissions to the specified subject. Every permission and
		@@ -714,61 +610,2 @@ * caveat is stringently validated—including by calling their specification
		/**
		* Validates the specified permission by:
		* - Ensuring that if `subjectTypes` is specified, the subject requesting the permission is of a type in the list.
		* - Ensuring that its `caveats` property is either `null` or a non-empty array.
		* - Ensuring that it only includes caveats allowed by its specification.
		* - Ensuring that it includes no duplicate caveats (by caveat type).
		* - Validating each caveat object, if `performCaveatValidation` is `true`.
		* - Calling the validator of its specification, if one exists and `invokePermissionValidator` is `true`.
		*
		* An error is thrown if validation fails.
		*
		* @param specification - The specification of the permission.
		* @param permission - The permission to validate.
		* @param origin - The origin associated with the permission.
		* @param validationOptions - Validation options.
		* @param validationOptions.invokePermissionValidator - Whether to invoke the
		* permission's consumer-specified validator function, if any.
		* @param validationOptions.performCaveatValidation - Whether to invoke
		* {@link PermissionController.validateCaveat} on each of the permission's
		* caveats.
		*/
		private validatePermission;
		/**
		* Assigns the specified permissions to the subject with the given origin.
		* Overwrites all existing permissions, and creates a subject entry if it
		* doesn't already exist.
		*
		* ATTN: Assumes that the new permissions have been validated.
		*
		* @param origin - The origin of the grantee subject.
		* @param permissions - The new permissions for the grantee subject.
		*/
		private setValidatedPermissions;
		/**
		* Validates the requested caveats for the permission of the specified
		* subject origin and target name and returns the validated caveat array.
		*
		* Throws an error if validation fails.
		*
		* @param origin - The origin of the permission subject.
		* @param target - The permission target name.
		* @param requestedCaveats - The requested caveats to construct.
		* @returns The constructed caveats.
		*/
		private constructCaveats;
		/**
		* This methods validates that the specified caveat is an object with the
		* expected properties and types. It also ensures that a caveat specification
		* exists for the requested caveat type, and calls the specification
		* validator, if it exists, on the caveat object.
		*
		* Throws an error if validation fails.
		*
		* @param caveat - The caveat object to validate.
		* @param origin - The origin associated with the subject of the parent
		* permission.
		* @param target - The target name associated with the parent permission.
		*/
		private validateCaveat;
		/**
		* Initiates a permission request that requires user approval.
		@@ -845,57 +682,2 @@ *
		/**
		* Validates requested permissions. Throws if validation fails.
		*
		* This method ensures that the requested permissions are a properly
		* formatted {@link RequestedPermissions} object, and performs the same
		* validation as {@link PermissionController.grantPermissions}, except that
		* consumer-specified permission validator functions are not called, since
		* they are only called on fully constructed, approved permissions that are
		* otherwise completely valid.
		*
		* Unrecognzied properties on requested permissions are ignored.
		*
		* @param origin - The origin of the grantee subject.
		* @param requestedPermissions - The requested permissions.
		*/
		private validateRequestedPermissions;
		/**
		* Adds a request to the {@link ApprovalController} using the
		* {@link AddApprovalRequest} action. Also validates the resulting approved
		* permissions request, and throws an error if validation fails.
		*
		* @param permissionsRequest - The permissions request object.
		* @returns The approved permissions request object.
		*/
		private requestUserApproval;
		/**
		* Reunites all the side-effects (onPermitted and onFailure) of the requested permissions inside a record of arrays.
		*
		* @param permissions - The approved permissions.
		* @returns The {@link SideEffects} object containing the handlers arrays.
		*/
		private getSideEffects;
		/**
		* Executes the side-effects of the approved permissions while handling the errors if any.
		* It will pass an instance of the {@link messenger} and the request data associated with the permission request to the handlers through its params.
		*
		* @param sideEffects - the side-effect record created by {@link getSideEffects}
		* @param requestData - the permissions requestData.
		* @returns the value returned by all the `onPermitted` handlers in an array.
		*/
		private executeSideEffects;
		/**
		* Validates an approved {@link PermissionsRequest} object. The approved
		* request must have the required `metadata` and `permissions` properties,
		* the `id` and `origin` of the `metadata` must match the original request
		* metadata, and the requested permissions must be valid per
		* {@link PermissionController.validateRequestedPermissions}. Any extra
		* metadata properties are ignored.
		*
		* An error is thrown if validation fails.
		*
		* @param approvedRequest - The approved permissions request object.
		* @param originalMetadata - The original request metadata.
		*/
		private validateApprovedPermissions;
		/**
		* Accepts a permissions request created by
		@@ -915,25 +697,2 @@ * {@link PermissionController.requestPermissions}.
		/**
		* Checks whether the {@link ApprovalController} has a particular permissions
		* request.
		*
		* @see {@link PermissionController.acceptPermissionsRequest} and
		* {@link PermissionController.rejectPermissionsRequest} for usage.
		* @param options - The {@link HasApprovalRequest} options.
		* @param options.id - The id of the approval request to check for.
		* @returns Whether the specified request exists.
		*/
		private hasApprovalRequest;
		/**
		* Rejects the permissions request with the specified id, with the specified
		* error as the reason. This method is effectively a wrapper around a
		* messenger call for the `ApprovalController:rejectRequest` action.
		*
		* @see {@link PermissionController.acceptPermissionsRequest} and
		* {@link PermissionController.rejectPermissionsRequest} for usage.
		* @param id - The id of the request to reject.
		* @param error - The error associated with the rejection.
		* @returns Nothing
		*/
		private _rejectPermissionsRequest;
		/**
		* Gets the subject's endowments per the specified endowment permission.
		@@ -977,23 +736,4 @@ * Throws if the subject does not have the required permission or if the
		executeRestrictedMethod(origin: OriginString, targetName: ExtractRestrictedMethodPermission<ControllerPermissionSpecification, ControllerCaveatSpecification>['parentCapability'], params?: RestrictedMethodParameters): Promise<Json>;
		/**
		* An internal method used in the controller's `json-rpc-engine` middleware
		* and {@link PermissionController.executeRestrictedMethod}. Calls the
		* specified restricted method implementation after decorating it with the
		* caveats of its permission. Throws if the subject does not have the
		* requisite permission.
		*
		* ATTN: Parameter validation is the responsibility of the caller, or
		* the restricted method implementation in the case of `params`.
		*
		* @see {@link PermissionController.executeRestrictedMethod} and
		* {@link PermissionController.createPermissionMiddleware} for usage.
		* @param methodImplementation - The implementation of the method to call.
		* @param subject - Metadata about the subject that made the request.
		* @param method - The method name
		* @param params - Params needed for executing the restricted method
		* @returns The result of the restricted method implementation
		*/
		private _executeRestrictedMethod;
		}
		export {};
		//# sourceMappingURL=PermissionController.d.cts.map

+8

-268

dist/PermissionController.d.mts

		@@ -179,2 +179,9 @@ import type { AcceptRequest as AcceptApprovalRequest, AddApprovalRequest, HasApprovalRequest, RejectRequest as RejectApprovalRequest } from "@metamask/approval-controller";
		/**
		* Get a caveat value for a specified caveat type belonging to a specific target and origin.
		*/
		export type GetCaveat = {
		type: `${typeof controllerName}:getCaveat`;
		handler: GenericPermissionController['getCaveat'];
		};
		/**
		* Clears all permissions from the {@link PermissionController}.
		@@ -196,3 +203,3 @@ */
		*/
		export type PermissionControllerActions = ClearPermissions \| GetEndowments \| GetPermissionControllerState \| GetSubjects \| GetPermissions \| HasPermission \| HasPermissions \| GrantPermissions \| GrantPermissionsIncremental \| RequestPermissions \| RequestPermissionsIncremental \| RevokeAllPermissions \| RevokePermissionForAllSubjects \| RevokePermissions \| UpdateCaveat;
		export type PermissionControllerActions = ClearPermissions \| GetEndowments \| GetPermissionControllerState \| GetSubjects \| GetPermissions \| HasPermission \| HasPermissions \| GrantPermissions \| GrantPermissionsIncremental \| RequestPermissions \| RequestPermissionsIncremental \| RevokeAllPermissions \| RevokePermissionForAllSubjects \| RevokePermissions \| UpdateCaveat \| GetCaveat;
		/**
		@@ -314,5 +321,2 @@ * The generic state change event of the {@link PermissionController}.
		#private;
		private readonly _caveatSpecifications;
		private readonly _permissionSpecifications;
		private readonly _unrestrictedMethods;
		/**
		@@ -352,31 +356,2 @@ * The names of all JSON-RPC methods that will be ignored by the controller.
		/**
		* Gets a permission specification.
		*
		* @param targetName - The name of the permission specification to get.
		* @returns The permission specification with the specified target name.
		*/
		private getPermissionSpecification;
		/**
		* Gets a caveat specification.
		*
		* @param caveatType - The type of the caveat specification to get.
		* @returns The caveat specification with the specified type.
		*/
		private getCaveatSpecification;
		/**
		* Constructor helper for validating permission specifications.
		*
		* Throws an error if validation fails.
		*
		* @param permissionSpecifications - The permission specifications passed to
		* this controller's constructor.
		* @param caveatSpecifications - The caveat specifications passed to this
		* controller.
		*/
		private validatePermissionSpecifications;
		/**
		* Constructor helper for registering the controller's messenger actions.
		*/
		private registerMessageHandlers;
		/**
		* Clears the state of the controller.
		@@ -386,17 +361,2 @@ */
		/**
		* Gets the permission specification corresponding to the given permission
		* type and target name. Throws an error if the target name does not
		* correspond to a permission, or if the specification is not of the
		* given permission type.
		*
		* @template Type - The type of the permission specification to get.
		* @param permissionType - The type of the permission specification to get.
		* @param targetName - The name of the permission whose specification to get.
		* @param requestingOrigin - The origin of the requesting subject, if any.
		* Will be added to any thrown errors.
		* @returns The specification object corresponding to the given type and
		* target name.
		*/
		private getTypedPermissionSpecification;
		/**
		* Gets the implementation of the specified restricted method.
		@@ -489,13 +449,2 @@ *
		/**
		* Deletes the permission identified by the given origin and target. If the
		* permission is the single remaining permission of its subject, the subject
		* is also deleted.
		*
		* @param subjects - The draft permission controller subjects.
		* @param origin - The origin of the subject associated with the permission
		* to delete.
		* @param target - The target name of the permission to delete.
		*/
		private deletePermission;
		/**
		* Checks whether the permission of the subject corresponding to the given
		@@ -572,21 +521,2 @@ * origin has a caveat of the specified type.
		/**
		* Sets the specified caveat on the specified permission. Overwrites existing
		* caveats of the same type in-place (preserving array order), and adds the
		* caveat to the end of the array otherwise.
		*
		* Throws an error if the permission does not exist or fails to validate after
		* its caveats have been modified.
		*
		* @see {@link PermissionController.addCaveat}
		* @see {@link PermissionController.updateCaveat}
		* @template TargetName - The permission target name. Should be inferred.
		* @template CaveatType - The valid caveat types for the permission. Should
		* be inferred.
		* @param origin - The origin of the subject.
		* @param target - The target name of the permission.
		* @param caveatType - The type of the caveat to set.
		* @param caveatValue - The value of the caveat to set.
		*/
		private setCaveat;
		/**
		* Updates all caveats with the specified type for all subjects and
		@@ -630,36 +560,2 @@ * permissions by applying the specified mutator function to them.
		/**
		* Deletes the specified caveat from the specified permission. If no caveats
		* remain after deletion, the permission's caveat property is set to `null`.
		* The permission is validated after being modified.
		*
		* Throws an error if the permission does not have a caveat with the specified
		* type.
		*
		* @param permission - The permission whose caveat to delete.
		* @param caveatType - The type of the caveat to delete.
		* @param origin - The origin the permission subject.
		*/
		private deleteCaveat;
		/**
		* Validates the specified modified permission. Should always be invoked
		* on a permission when its caveat array has been mutated.
		*
		* Just like {@link PermissionController.validatePermission}, except that the
		* corresponding target name and specification are retrieved first, and an
		* error is thrown if the target name does not exist.
		*
		* @param permission - The modified permission to validate.
		* @param origin - The origin associated with the permission.
		* @param validationFlags - Validation flags. See {@link PermissionController.validatePermission}.
		*/
		private validateModifiedPermission;
		/**
		* Verifies the existence the specified permission target, i.e. whether it has
		* a specification.
		*
		* @param target - The requested permission target.
		* @returns Whether the permission target exists.
		*/
		private targetExists;
		/**
		* Grants _approved_ permissions to the specified subject. Every permission and
		@@ -714,61 +610,2 @@ * caveat is stringently validated—including by calling their specification
		/**
		* Validates the specified permission by:
		* - Ensuring that if `subjectTypes` is specified, the subject requesting the permission is of a type in the list.
		* - Ensuring that its `caveats` property is either `null` or a non-empty array.
		* - Ensuring that it only includes caveats allowed by its specification.
		* - Ensuring that it includes no duplicate caveats (by caveat type).
		* - Validating each caveat object, if `performCaveatValidation` is `true`.
		* - Calling the validator of its specification, if one exists and `invokePermissionValidator` is `true`.
		*
		* An error is thrown if validation fails.
		*
		* @param specification - The specification of the permission.
		* @param permission - The permission to validate.
		* @param origin - The origin associated with the permission.
		* @param validationOptions - Validation options.
		* @param validationOptions.invokePermissionValidator - Whether to invoke the
		* permission's consumer-specified validator function, if any.
		* @param validationOptions.performCaveatValidation - Whether to invoke
		* {@link PermissionController.validateCaveat} on each of the permission's
		* caveats.
		*/
		private validatePermission;
		/**
		* Assigns the specified permissions to the subject with the given origin.
		* Overwrites all existing permissions, and creates a subject entry if it
		* doesn't already exist.
		*
		* ATTN: Assumes that the new permissions have been validated.
		*
		* @param origin - The origin of the grantee subject.
		* @param permissions - The new permissions for the grantee subject.
		*/
		private setValidatedPermissions;
		/**
		* Validates the requested caveats for the permission of the specified
		* subject origin and target name and returns the validated caveat array.
		*
		* Throws an error if validation fails.
		*
		* @param origin - The origin of the permission subject.
		* @param target - The permission target name.
		* @param requestedCaveats - The requested caveats to construct.
		* @returns The constructed caveats.
		*/
		private constructCaveats;
		/**
		* This methods validates that the specified caveat is an object with the
		* expected properties and types. It also ensures that a caveat specification
		* exists for the requested caveat type, and calls the specification
		* validator, if it exists, on the caveat object.
		*
		* Throws an error if validation fails.
		*
		* @param caveat - The caveat object to validate.
		* @param origin - The origin associated with the subject of the parent
		* permission.
		* @param target - The target name associated with the parent permission.
		*/
		private validateCaveat;
		/**
		* Initiates a permission request that requires user approval.
		@@ -845,57 +682,2 @@ *
		/**
		* Validates requested permissions. Throws if validation fails.
		*
		* This method ensures that the requested permissions are a properly
		* formatted {@link RequestedPermissions} object, and performs the same
		* validation as {@link PermissionController.grantPermissions}, except that
		* consumer-specified permission validator functions are not called, since
		* they are only called on fully constructed, approved permissions that are
		* otherwise completely valid.
		*
		* Unrecognzied properties on requested permissions are ignored.
		*
		* @param origin - The origin of the grantee subject.
		* @param requestedPermissions - The requested permissions.
		*/
		private validateRequestedPermissions;
		/**
		* Adds a request to the {@link ApprovalController} using the
		* {@link AddApprovalRequest} action. Also validates the resulting approved
		* permissions request, and throws an error if validation fails.
		*
		* @param permissionsRequest - The permissions request object.
		* @returns The approved permissions request object.
		*/
		private requestUserApproval;
		/**
		* Reunites all the side-effects (onPermitted and onFailure) of the requested permissions inside a record of arrays.
		*
		* @param permissions - The approved permissions.
		* @returns The {@link SideEffects} object containing the handlers arrays.
		*/
		private getSideEffects;
		/**
		* Executes the side-effects of the approved permissions while handling the errors if any.
		* It will pass an instance of the {@link messenger} and the request data associated with the permission request to the handlers through its params.
		*
		* @param sideEffects - the side-effect record created by {@link getSideEffects}
		* @param requestData - the permissions requestData.
		* @returns the value returned by all the `onPermitted` handlers in an array.
		*/
		private executeSideEffects;
		/**
		* Validates an approved {@link PermissionsRequest} object. The approved
		* request must have the required `metadata` and `permissions` properties,
		* the `id` and `origin` of the `metadata` must match the original request
		* metadata, and the requested permissions must be valid per
		* {@link PermissionController.validateRequestedPermissions}. Any extra
		* metadata properties are ignored.
		*
		* An error is thrown if validation fails.
		*
		* @param approvedRequest - The approved permissions request object.
		* @param originalMetadata - The original request metadata.
		*/
		private validateApprovedPermissions;
		/**
		* Accepts a permissions request created by
		@@ -915,25 +697,2 @@ * {@link PermissionController.requestPermissions}.
		/**
		* Checks whether the {@link ApprovalController} has a particular permissions
		* request.
		*
		* @see {@link PermissionController.acceptPermissionsRequest} and
		* {@link PermissionController.rejectPermissionsRequest} for usage.
		* @param options - The {@link HasApprovalRequest} options.
		* @param options.id - The id of the approval request to check for.
		* @returns Whether the specified request exists.
		*/
		private hasApprovalRequest;
		/**
		* Rejects the permissions request with the specified id, with the specified
		* error as the reason. This method is effectively a wrapper around a
		* messenger call for the `ApprovalController:rejectRequest` action.
		*
		* @see {@link PermissionController.acceptPermissionsRequest} and
		* {@link PermissionController.rejectPermissionsRequest} for usage.
		* @param id - The id of the request to reject.
		* @param error - The error associated with the rejection.
		* @returns Nothing
		*/
		private _rejectPermissionsRequest;
		/**
		* Gets the subject's endowments per the specified endowment permission.
		@@ -977,23 +736,4 @@ * Throws if the subject does not have the required permission or if the
		executeRestrictedMethod(origin: OriginString, targetName: ExtractRestrictedMethodPermission<ControllerPermissionSpecification, ControllerCaveatSpecification>['parentCapability'], params?: RestrictedMethodParameters): Promise<Json>;
		/**
		* An internal method used in the controller's `json-rpc-engine` middleware
		* and {@link PermissionController.executeRestrictedMethod}. Calls the
		* specified restricted method implementation after decorating it with the
		* caveats of its permission. Throws if the subject does not have the
		* requisite permission.
		*
		* ATTN: Parameter validation is the responsibility of the caller, or
		* the restricted method implementation in the case of `params`.
		*
		* @see {@link PermissionController.executeRestrictedMethod} and
		* {@link PermissionController.createPermissionMiddleware} for usage.
		* @param methodImplementation - The implementation of the method to call.
		* @param subject - Metadata about the subject that made the request.
		* @param method - The method name
		* @param params - Params needed for executing the restricted method
		* @returns The result of the restricted method implementation
		*/
		private _executeRestrictedMethod;
		}
		export {};
		//# sourceMappingURL=PermissionController.d.mts.map

+1

-1

dist/rpc-methods/revokePermissions.d.cts

		@@ -1,2 +0,2 @@
		import { type Json, type NonEmptyArray } from "@metamask/utils";
		import type { Json, NonEmptyArray } from "@metamask/utils";
		import type { PermissionConstraint } from "../Permission.cjs";
		@@ -3,0 +3,0 @@ import type { PermittedHandlerExport } from "../utils.cjs";

+1

-1

dist/rpc-methods/revokePermissions.d.mts

		@@ -1,2 +0,2 @@
		import { type Json, type NonEmptyArray } from "@metamask/utils";
		import type { Json, NonEmptyArray } from "@metamask/utils";
		import type { PermissionConstraint } from "../Permission.mjs";
		@@ -3,0 +3,0 @@ import type { PermittedHandlerExport } from "../utils.mjs";

+42

-40

dist/SubjectMetadataController.cjs

		"use strict";
		var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) \|\| function (receiver, state, kind, f) {
		if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
		if (typeof state === "function" ? receiver !== state \|\| !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
		return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
		};
		var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) \|\| function (receiver, state, value, kind, f) {
		if (kind === "m") throw new TypeError("Private method is not writable");
		if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
		if (typeof state === "function" ? receiver !== state \|\| !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
		return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
		};
		var _a, _SubjectMetadataController_subjectCacheLimit, _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup, _SubjectMetadataController_subjectHasPermissions, _SubjectMetadataController_getTrimmedState;
		Object.defineProperty(exports, "__esModule", { value: true });
		@@ -46,8 +58,11 @@ exports.SubjectMetadataController = exports.SubjectType = void 0;
		state: {
		...SubjectMetadataController.getTrimmedState(state, hasPermissions),
		...__classPrivateFieldGet(_a, _a, "m", _SubjectMetadataController_getTrimmedState).call(_a, state, hasPermissions),
		},
		});
		this.subjectHasPermissions = hasPermissions;
		this.subjectCacheLimit = subjectCacheLimit;
		this.subjectsWithoutPermissionsEncounteredSinceStartup = new Set();
		_SubjectMetadataController_subjectCacheLimit.set(this, void 0);
		_SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup.set(this, void 0);
		_SubjectMetadataController_subjectHasPermissions.set(this, void 0);
		__classPrivateFieldSet(this, _SubjectMetadataController_subjectHasPermissions, hasPermissions, "f");
		__classPrivateFieldSet(this, _SubjectMetadataController_subjectCacheLimit, subjectCacheLimit, "f");
		__classPrivateFieldSet(this, _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup, new Set(), "f");
		this.messenger.registerActionHandler(`${this.name}:getSubjectMetadata`, this.getSubjectMetadata.bind(this));
		@@ -61,3 +76,3 @@ this.messenger.registerActionHandler(`${this.name}:addSubjectMetadata`, this.addSubjectMetadata.bind(this));
		clearState() {
		this.subjectsWithoutPermissionsEncounteredSinceStartup.clear();
		__classPrivateFieldGet(this, _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup, "f").clear();
		this.update((_draftState) => {
		@@ -83,6 +98,6 @@ return { ...defaultState };
		...metadata,
		extensionId: metadata.extensionId \|\| null,
		iconUrl: metadata.iconUrl \|\| null,
		name: metadata.name \|\| null,
		subjectType: metadata.subjectType \|\| null,
		extensionId: metadata.extensionId ?? null,
		iconUrl: metadata.iconUrl ?? null,
		name: metadata.name ?? null,
		subjectType: metadata.subjectType ?? null,
		};
		@@ -92,13 +107,13 @@ let originToForget = null;
		// ensure that the user's experience isn't degraded by missing icons etc.
		if (this.subjectsWithoutPermissionsEncounteredSinceStartup.size >=
		this.subjectCacheLimit) {
		const cachedOrigin = this.subjectsWithoutPermissionsEncounteredSinceStartup
		if (__classPrivateFieldGet(this, _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup, "f").size >=
		__classPrivateFieldGet(this, _SubjectMetadataController_subjectCacheLimit, "f")) {
		const cachedOrigin = __classPrivateFieldGet(this, _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup, "f")
		.values()
		.next().value;
		this.subjectsWithoutPermissionsEncounteredSinceStartup.delete(cachedOrigin);
		if (!this.subjectHasPermissions(cachedOrigin)) {
		__classPrivateFieldGet(this, _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup, "f").delete(cachedOrigin);
		if (!__classPrivateFieldGet(this, _SubjectMetadataController_subjectHasPermissions, "f").call(this, cachedOrigin)) {
		originToForget = cachedOrigin;
		}
		}
		this.subjectsWithoutPermissionsEncounteredSinceStartup.add(origin);
		__classPrivateFieldGet(this, _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup, "f").add(origin);
		this.update((draftState) => {
		@@ -126,31 +141,18 @@ // @ts-expect-error TS2589: Type instantiation is excessively deep and possibly infinite
		this.update(() => {
		return SubjectMetadataController.getTrimmedState(this.state, this.subjectHasPermissions);
		return __classPrivateFieldGet(_a, _a, "m", _SubjectMetadataController_getTrimmedState).call(_a, this.state, __classPrivateFieldGet(this, _SubjectMetadataController_subjectHasPermissions, "f"));
		});
		}
		/**
		* Returns a new state object that only includes subjects with permissions.
		* This method is static because we want to call it in the constructor, before
		* the controller's state is initialized.
		*
		* @param state - The state object to trim.
		* @param hasPermissions - A function that returns a boolean indicating
		* whether a particular subject (identified by its origin) has any
		* permissions.
		* @returns The new state object. If the specified `state` object has no
		* subject metadata, the returned object will be equivalent to the default
		* state of this controller.
		*/
		static getTrimmedState(state, hasPermissions) {
		const { subjectMetadata = {} } = state;
		return {
		subjectMetadata: Object.keys(subjectMetadata).reduce((newSubjectMetadata, origin) => {
		if (hasPermissions(origin)) {
		newSubjectMetadata[origin] = subjectMetadata[origin];
		}
		return newSubjectMetadata;
		}, {}),
		};
		}
		}
		exports.SubjectMetadataController = SubjectMetadataController;
		_a = SubjectMetadataController, _SubjectMetadataController_subjectCacheLimit = new WeakMap(), _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup = new WeakMap(), _SubjectMetadataController_subjectHasPermissions = new WeakMap(), _SubjectMetadataController_getTrimmedState = function _SubjectMetadataController_getTrimmedState(state, hasPermissions) {
		const { subjectMetadata = {} } = state;
		return {
		subjectMetadata: Object.keys(subjectMetadata).reduce((newSubjectMetadata, origin) => {
		if (hasPermissions(origin)) {
		newSubjectMetadata[origin] = subjectMetadata[origin];
		}
		return newSubjectMetadata;
		}, {}),
		};
		};
		//# sourceMappingURL=SubjectMetadataController.cjs.map

+1

-17

dist/SubjectMetadataController.d.cts

		@@ -59,5 +59,3 @@ import type { ControllerGetStateAction, ControllerStateChangeEvent } from "@metamask/base-controller";
		export declare class SubjectMetadataController extends BaseController<typeof controllerName, SubjectMetadataControllerState, SubjectMetadataControllerMessenger> {
		private readonly subjectCacheLimit;
		private readonly subjectsWithoutPermissionsEncounteredSinceStartup;
		private readonly subjectHasPermissions;
		#private;
		constructor({ messenger, subjectCacheLimit, state, }: SubjectMetadataControllerOptions);
		@@ -93,18 +91,4 @@ /**
		trimMetadataState(): void;
		/**
		* Returns a new state object that only includes subjects with permissions.
		* This method is static because we want to call it in the constructor, before
		* the controller's state is initialized.
		*
		* @param state - The state object to trim.
		* @param hasPermissions - A function that returns a boolean indicating
		* whether a particular subject (identified by its origin) has any
		* permissions.
		* @returns The new state object. If the specified `state` object has no
		* subject metadata, the returned object will be equivalent to the default
		* state of this controller.
		*/
		private static getTrimmedState;
		}
		export {};
		//# sourceMappingURL=SubjectMetadataController.d.cts.map

+1

-17

dist/SubjectMetadataController.d.mts

		@@ -59,5 +59,3 @@ import type { ControllerGetStateAction, ControllerStateChangeEvent } from "@metamask/base-controller";
		export declare class SubjectMetadataController extends BaseController<typeof controllerName, SubjectMetadataControllerState, SubjectMetadataControllerMessenger> {
		private readonly subjectCacheLimit;
		private readonly subjectsWithoutPermissionsEncounteredSinceStartup;
		private readonly subjectHasPermissions;
		#private;
		constructor({ messenger, subjectCacheLimit, state, }: SubjectMetadataControllerOptions);
		@@ -93,18 +91,4 @@ /**
		trimMetadataState(): void;
		/**
		* Returns a new state object that only includes subjects with permissions.
		* This method is static because we want to call it in the constructor, before
		* the controller's state is initialized.
		*
		* @param state - The state object to trim.
		* @param hasPermissions - A function that returns a boolean indicating
		* whether a particular subject (identified by its origin) has any
		* permissions.
		* @returns The new state object. If the specified `state` object has no
		* subject metadata, the returned object will be equivalent to the default
		* state of this controller.
		*/
		private static getTrimmedState;
		}
		export {};
		//# sourceMappingURL=SubjectMetadataController.d.mts.map

+42

-40

dist/SubjectMetadataController.mjs

		@@ -0,1 +1,13 @@
		var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) \|\| function (receiver, state, kind, f) {
		if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
		if (typeof state === "function" ? receiver !== state \|\| !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
		return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
		};
		var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) \|\| function (receiver, state, value, kind, f) {
		if (kind === "m") throw new TypeError("Private method is not writable");
		if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
		if (typeof state === "function" ? receiver !== state \|\| !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
		return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
		};
		var _a, _SubjectMetadataController_subjectCacheLimit, _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup, _SubjectMetadataController_subjectHasPermissions, _SubjectMetadataController_getTrimmedState;
		import { BaseController } from "@metamask/base-controller";
		@@ -43,8 +55,11 @@ const controllerName = 'SubjectMetadataController';
		state: {
		...SubjectMetadataController.getTrimmedState(state, hasPermissions),
		...__classPrivateFieldGet(_a, _a, "m", _SubjectMetadataController_getTrimmedState).call(_a, state, hasPermissions),
		},
		});
		this.subjectHasPermissions = hasPermissions;
		this.subjectCacheLimit = subjectCacheLimit;
		this.subjectsWithoutPermissionsEncounteredSinceStartup = new Set();
		_SubjectMetadataController_subjectCacheLimit.set(this, void 0);
		_SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup.set(this, void 0);
		_SubjectMetadataController_subjectHasPermissions.set(this, void 0);
		__classPrivateFieldSet(this, _SubjectMetadataController_subjectHasPermissions, hasPermissions, "f");
		__classPrivateFieldSet(this, _SubjectMetadataController_subjectCacheLimit, subjectCacheLimit, "f");
		__classPrivateFieldSet(this, _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup, new Set(), "f");
		this.messenger.registerActionHandler(`${this.name}:getSubjectMetadata`, this.getSubjectMetadata.bind(this));
		@@ -58,3 +73,3 @@ this.messenger.registerActionHandler(`${this.name}:addSubjectMetadata`, this.addSubjectMetadata.bind(this));
		clearState() {
		this.subjectsWithoutPermissionsEncounteredSinceStartup.clear();
		__classPrivateFieldGet(this, _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup, "f").clear();
		this.update((_draftState) => {
		@@ -80,6 +95,6 @@ return { ...defaultState };
		...metadata,
		extensionId: metadata.extensionId \|\| null,
		iconUrl: metadata.iconUrl \|\| null,
		name: metadata.name \|\| null,
		subjectType: metadata.subjectType \|\| null,
		extensionId: metadata.extensionId ?? null,
		iconUrl: metadata.iconUrl ?? null,
		name: metadata.name ?? null,
		subjectType: metadata.subjectType ?? null,
		};
		@@ -89,13 +104,13 @@ let originToForget = null;
		// ensure that the user's experience isn't degraded by missing icons etc.
		if (this.subjectsWithoutPermissionsEncounteredSinceStartup.size >=
		this.subjectCacheLimit) {
		const cachedOrigin = this.subjectsWithoutPermissionsEncounteredSinceStartup
		if (__classPrivateFieldGet(this, _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup, "f").size >=
		__classPrivateFieldGet(this, _SubjectMetadataController_subjectCacheLimit, "f")) {
		const cachedOrigin = __classPrivateFieldGet(this, _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup, "f")
		.values()
		.next().value;
		this.subjectsWithoutPermissionsEncounteredSinceStartup.delete(cachedOrigin);
		if (!this.subjectHasPermissions(cachedOrigin)) {
		__classPrivateFieldGet(this, _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup, "f").delete(cachedOrigin);
		if (!__classPrivateFieldGet(this, _SubjectMetadataController_subjectHasPermissions, "f").call(this, cachedOrigin)) {
		originToForget = cachedOrigin;
		}
		}
		this.subjectsWithoutPermissionsEncounteredSinceStartup.add(origin);
		__classPrivateFieldGet(this, _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup, "f").add(origin);
		this.update((draftState) => {
		@@ -123,30 +138,17 @@ // @ts-expect-error TS2589: Type instantiation is excessively deep and possibly infinite
		this.update(() => {
		return SubjectMetadataController.getTrimmedState(this.state, this.subjectHasPermissions);
		return __classPrivateFieldGet(_a, _a, "m", _SubjectMetadataController_getTrimmedState).call(_a, this.state, __classPrivateFieldGet(this, _SubjectMetadataController_subjectHasPermissions, "f"));
		});
		}
		/**
		* Returns a new state object that only includes subjects with permissions.
		* This method is static because we want to call it in the constructor, before
		* the controller's state is initialized.
		*
		* @param state - The state object to trim.
		* @param hasPermissions - A function that returns a boolean indicating
		* whether a particular subject (identified by its origin) has any
		* permissions.
		* @returns The new state object. If the specified `state` object has no
		* subject metadata, the returned object will be equivalent to the default
		* state of this controller.
		*/
		static getTrimmedState(state, hasPermissions) {
		const { subjectMetadata = {} } = state;
		return {
		subjectMetadata: Object.keys(subjectMetadata).reduce((newSubjectMetadata, origin) => {
		if (hasPermissions(origin)) {
		newSubjectMetadata[origin] = subjectMetadata[origin];
		}
		return newSubjectMetadata;
		}, {}),
		};
		}
		}
		_a = SubjectMetadataController, _SubjectMetadataController_subjectCacheLimit = new WeakMap(), _SubjectMetadataController_subjectsWithoutPermissionsEncounteredSinceStartup = new WeakMap(), _SubjectMetadataController_subjectHasPermissions = new WeakMap(), _SubjectMetadataController_getTrimmedState = function _SubjectMetadataController_getTrimmedState(state, hasPermissions) {
		const { subjectMetadata = {} } = state;
		return {
		subjectMetadata: Object.keys(subjectMetadata).reduce((newSubjectMetadata, origin) => {
		if (hasPermissions(origin)) {
		newSubjectMetadata[origin] = subjectMetadata[origin];
		}
		return newSubjectMetadata;
		}, {}),
		};
		};
		//# sourceMappingURL=SubjectMetadataController.mjs.map

+4

-7

package.json

		{
		"name": "@metamask/permission-controller",
		"version": "12.1.1",
		"version": "12.2.0",
		"description": "Mediates access to JSON-RPC methods, used to interact with pieces of the MetaMask stack, via middleware for json-rpc-engine",
		@@ -51,8 +51,9 @@ "keywords": [
		"dependencies": {
		"@metamask/approval-controller": "^8.0.0",
		"@metamask/base-controller": "^9.0.0",
		"@metamask/controller-utils": "^11.16.0",
		"@metamask/controller-utils": "^11.17.0",
		"@metamask/json-rpc-engine": "^10.2.0",
		"@metamask/messenger": "^0.3.0",
		"@metamask/rpc-errors": "^7.0.2",
		"@metamask/utils": "^11.8.1",
		"@metamask/utils": "^11.9.0",
		"@types/deep-freeze-strict": "^1.1.0",
		@@ -64,3 +65,2 @@ "deep-freeze-strict": "^1.1.1",
		"devDependencies": {
		"@metamask/approval-controller": "^8.0.0",
		"@metamask/auto-changelog": "^3.4.4",
		@@ -76,5 +76,2 @@ "@ts-bridge/cli": "^0.6.4",
		},
		"peerDependencies": {
		"@metamask/approval-controller": "^8.0.0"
		},
		"engines": {
		@@ -81,0 +78,0 @@ "node": "^18.18 \|\| >=20"

dist/Caveat.cjs.map