[pull] main from MetaMask:main#530
Merged
pull[bot] merged 2 commits intoReality2byte:mainfrom Apr 22, 2026
Merged
Conversation
…messenger actions (#8532) Advances #4238 Reverts #8502 - Rewrites `permission-middleware.ts` as a standalone `createPermissionMiddleware({ messenger, subject })` factory that dispatches through the `PermissionController:executeRestrictedMethod` and `PermissionController:hasUnrestrictedMethod` messenger actions instead of bound controller hooks. Removes the `createPermissionMiddleware` property from `PermissionController`. - Adds `createPermissionMiddlewareV2`, a `JsonRpcEngineV2` variant of the same factory. Consumers using the legacy `JsonRpcEngine` can continue to use the now-deprecated `createPermissionMiddleware`; new integrations should prefer V2. - Exposes `hasUnrestrictedMethod` as a public method / messenger action, and makes `getRestrictedMethod` `#`-private (it has no remaining external consumers now that the middleware goes through the messenger). - When a restricted method returns `undefined`, the middleware now propagates the plain `Error` thrown by `executeRestrictedMethod`; the JSON-RPC engine serializes it as a standard internal error response instead of a custom `internalError` with a `request` data payload. - If properly typed, it's impossible for restricted methods to return `undefined`. We nevertheless retain this check to minimize changes. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **High Risk** > High risk because it introduces a breaking API change by removing `PermissionController.createPermissionMiddleware`/`getRestrictedMethod` and rerouting enforcement through new messenger actions and a new `JsonRpcEngineV2` middleware, which could affect all RPC permissioning integrations. > > **Overview** > **Decouples permission enforcement middleware from `PermissionController`.** The `json-rpc-engine` permission middleware is removed from the controller and replaced with standalone exports `createPermissionMiddleware` (legacy, *deprecated*) and `createPermissionMiddlewareV2` (for `JsonRpcEngineV2`) that dispatch permission checks/execution via messenger actions. > > **Expands and reshapes the controller’s public surface via messenger.** Adds `PermissionController:hasUnrestrictedMethod` and `PermissionController:executeRestrictedMethod` action types/handlers, makes `getRestrictedMethod` private, and updates error behavior when restricted methods return no result (now a plain `Error`, which engines serialize as internal errors). Documentation and tests are updated to use the new middleware factories and the `JsonRpcEngineV2` path. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 257feaa. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
…d src hash (#8479) ## Explanation <!-- Thanks for your contribution! Take a moment to answer these questions so that reviewers have the information they need to properly understand your changes: * What is the current state of things and why does it need to change? * What is the solution your changes offer and how does it work? * Are there any changes whose purpose might not obvious to those unfamiliar with the domain? * If your primary goal was to update one package but you found you had to update another one along the way, why did you do so? * If you had to upgrade a dependency, why did you do so? --> ### Problem Bridge txHistory persists invalid or premature src tx hashes (specially STX), and pending items could be polled indefinitely, spamming providers and leaving bad state after restarts. ### Solution - Subscribe to TransactionController:transactionStatusUpdated instead of transactionFailed / transactionConfirmed, and update history item matching the tx id, action id, hash, batch, or approval - Skips persisting STX src hashes on submit. Set the hash when the tx is confirmed, or backfill from TransactionController as needed - If a transaction is deemed "too old", fetch the status once, then check if the tx has been mined on chain. If The src hash is nonexistent, stop polling and delete the history item to prevent re-polling on the next restart ## References <!-- Are there any issues that this pull request is tied to? Are there other links that reviewers should consult to understand these changes better? Are there client or consumer pull requests to adopt any breaking changes? For example: * Fixes #12345 * Related to #67890 --> Fixes https://consensyssoftware.atlassian.net/browse/SWAPS-4380 ## Checklist - [ ] I've updated the test suite for new or updated code as appropriate - [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [ ] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - [ ] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes bridge status polling/state management and switches to `TransactionController:transactionStatusUpdated`, which can affect analytics, history reconciliation, and when polling starts/stops. Also deletes old pending history entries based on a remote-configured age threshold, so misconfiguration or matching bugs could drop legitimate items. > > **Overview** > Prevents indefinite bridge status polling by introducing an age threshold (`maxPendingHistoryItemAgeMs`, default 2 days) sourced from remote feature flags and, for stale pending items, fetching status once then checking `eth_getTransactionReceipt`; if the src hash appears invalid, polling is stopped, a new `invalid_transaction_hash` polling reason is tracked, and the history entry is removed to avoid re-polling on restart. > > Refactors BridgeStatusController transaction subscriptions to use `TransactionController:transactionStatusUpdated` (replacing `transactionFailed`/`transactionConfirmed`), adds more robust history matching (by `id`, `actionId`, `batchId`, `txHash`, and `approvalTxId`), and avoids persisting smart-transaction src hashes until a finalized status is observed; metrics generation is updated accordingly (centralized polling-status properties and improved `error_message` formatting). > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit dbfbe65. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )