feat: create merger and factory for the Caip25Permission

[ffmcgee725]

Explanation

Addressing https://github.com/MetaMask/MetaMask-planning/issues/4017

References

Changelog

@metamask/package-a

• : Your change here
• : Your change here

@metamask/package-b

• : Your change here
• : Your change here

Checklist

• I've updated the test suite for new or updated code as appropriate
• I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
• I've highlighted breaking changes using the "BREAKING" category above as appropriate
• I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes

[jiexi]

the merger should actually be defined on the caveat of the permission, not the actual permission itself

[ffmcgee725]

resolved in 058a08c

[jiexi]

I like your approach here! The mergedValue and diff MUST be a valid CAIP-25 caveat value, i.e. it must be of the shape

{
  requiredScopes: {...},
  optionalScopes: {...},
  isMultichainOrigin,
...
}

so keep requiredScopes and optionalScopes separate

[jiexi]

This brings up an interesting point though, how do we want to handle diffs outside of requiredScopes and optionalScopes?

[ffmcgee725]

If I understood what you mean, they are actually all kept separate.

Which is why if you notice mergeScopesForCaip25CaveatValue implementation, it will either take optionalScopes or requiredScopes to which it is merging (while keeping the other one untouched), so we call the function twice, one for optionalScopes and one for requiredScopes, merging each to their respective counterparts, but being separate from each other. Does this make sense ?

Regarding second question, yeah not sure how we want to handle diff outside optionalScopes or requiredScopes, so left it for now (by default it retains the value from leftValue aka original state

[ffmcgee725]

after this refactor here 145cc29
I chose to go with keeping isMultichainOrigin from rightValue, since it's incoming request which should take precedence I believe ? Session properties are omitted though, but not sure which should be maintained or how that should behave.

[jiexi]

hmm... We have a mergeScopes helper for NormalizedScopesObject already, but I guess that's technically not usable as is here

[ffmcgee725]

@metamaskbot publish-preview

[github-actions]

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/accounts-controller": "22.0.0-preview-99939da3",
  "@metamask-previews/address-book-controller": "6.0.2-preview-99939da3",
  "@metamask-previews/announcement-controller": "7.0.2-preview-99939da3",
  "@metamask-previews/approval-controller": "7.1.2-preview-99939da3",
  "@metamask-previews/assets-controllers": "47.0.0-preview-99939da3",
  "@metamask-previews/base-controller": "7.1.1-preview-99939da3",
  "@metamask-previews/build-utils": "3.0.2-preview-99939da3",
  "@metamask-previews/composable-controller": "10.0.0-preview-99939da3",
  "@metamask-previews/controller-utils": "11.4.5-preview-99939da3",
  "@metamask-previews/earn-controller": "0.0.0-preview-99939da3",
  "@metamask-previews/ens-controller": "15.0.1-preview-99939da3",
  "@metamask-previews/eth-json-rpc-provider": "4.1.7-preview-99939da3",
  "@metamask-previews/gas-fee-controller": "22.0.2-preview-99939da3",
  "@metamask-previews/json-rpc-engine": "10.0.2-preview-99939da3",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.6-preview-99939da3",
  "@metamask-previews/keyring-controller": "19.0.5-preview-99939da3",
  "@metamask-previews/logging-controller": "6.0.3-preview-99939da3",
  "@metamask-previews/message-manager": "12.0.0-preview-99939da3",
  "@metamask-previews/multichain": "2.1.0-preview-99939da3",
  "@metamask-previews/multichain-transactions-controller": "0.1.0-preview-99939da3",
  "@metamask-previews/name-controller": "8.0.2-preview-99939da3",
  "@metamask-previews/network-controller": "22.1.1-preview-99939da3",
  "@metamask-previews/notification-services-controller": "0.18.0-preview-99939da3",
  "@metamask-previews/permission-controller": "11.0.5-preview-99939da3",
  "@metamask-previews/permission-log-controller": "3.0.2-preview-99939da3",
  "@metamask-previews/phishing-controller": "12.3.1-preview-99939da3",
  "@metamask-previews/polling-controller": "12.0.2-preview-99939da3",
  "@metamask-previews/preferences-controller": "15.0.1-preview-99939da3",
  "@metamask-previews/profile-sync-controller": "5.0.0-preview-99939da3",
  "@metamask-previews/queued-request-controller": "9.0.0-preview-99939da3",
  "@metamask-previews/rate-limit-controller": "6.0.2-preview-99939da3",
  "@metamask-previews/remote-feature-flag-controller": "1.3.0-preview-99939da3",
  "@metamask-previews/selected-network-controller": "21.0.0-preview-99939da3",
  "@metamask-previews/signature-controller": "23.2.0-preview-99939da3",
  "@metamask-previews/token-search-discovery-controller": "1.0.0-preview-99939da3",
  "@metamask-previews/transaction-controller": "44.1.0-preview-99939da3",
  "@metamask-previews/user-operation-controller": "23.0.0-preview-99939da3"
}

[jiexi]

What are your thoughts on making the existing mergeScopes more generic so that it can handle both NormalizedScopesObjects and InternalScopesObjects OR renaming mergeScopes to mergeNormalizedScopes and adding a new mergeInternalScopes?

[ffmcgee725]

I think renaming to mergeInternalScopes should be good for now (right ? We are actually merging InternalScopesObjects, not NormalizedScopesObjects).

Making a more generic approach in my mind should be good on a future refactor when we need to actually merge NormalizedScopesObjects, so basically abstracting the behaviour when it's actually necessary to be used. What do you think ?

[ffmcgee725]

resolved in 145cc29

[ffmcgee725]

This was done automatically via refactor shortcut, but raises a good question

Do we want to export this as mergeScopes so consumer doesn't have to change his implementation ?
Or regular name export mergeNormalizedScopes and refactor whoever is using this ?

Raising this question mainly as I'm unaware if for now we are the only consumers of this API or if external sources are using it