feat:add erc20-token-revocation permission to controller state (#7318)

Plus minor refactor to permission map generation.

## Explanation

We recently added `erc20-token-revocation` to the permission granting
flow. This change adds the type to the permission controller state, so
that these permissions become differentiated in the All Permission
section (rather than relegated to "other").

Also includes a minor refactor of parsing a list of stored permissions
into a multi-dimensional map keyed by `permissionType | chainId`, which
previously required changes to this function for every new type added.
Now simply adding the permission type to the
`createEmptyGatorPermissionsMap` function will be required for new
permissions.

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/contributing.md#updating-changelogs)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Adds a dedicated `erc20-token-revocation` bucket to controller state
and refactors permission categorization to be extensible via a
centralized empty-map factory.
> 
> - **gator-permissions-controller**
> - **State/Defaults**: Introduce `createEmptyGatorPermissionsMap()` and
include `erc20-token-revocation` in default/cleared state; update
getters/disable flow to use new factory.
> - **Logic**: Rewrite `#categorizePermissionsDataByTypeAndChainId` to
dynamically bucket by known permission types (fallback to `other`)
instead of switch-case.
> - **Types**: Extend `GatorPermissionsMap` to include
`erc20-token-revocation` (imports `Erc20TokenRevocationPermission`).
> - **Tests**: Update expectations for default/empty maps; add test
ensuring `erc20-token-revocation` is categorized separately; preserve
sanitization checks; tweak utils serialization-failure test.
> - **Changelog**: Note differentiation of `erc20-token-revocation` from
`other`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
e4e996d. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

Author: jeffsmale90

packages/gator-permissions-controller/CHANGELOG.md

@@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - **BREAKING:** Permission decoding now rejects `TimestampEnforcer` caveats with zero `timestampBeforeThreshold` values ([#7195](https://github.com/MetaMask/core/pull/7195))
 - Permission decoding logic for `erc20-token-revocation` permission type ([#7299](https://github.com/MetaMask/core/pull/7299))
+- Differentiate `erc20-token-revocation` permissions from `other` in controller state ([#7318](https://github.com/MetaMask/core/pull/7318))
 - Validation errors for `TimestampEnforcer` include: invalid terms length, non-zero `timestampAfterThreshold`, and zero `timestampBeforeThreshold` ([#7195](https://github.com/MetaMask/core/pull/7195))
 - Bump `@metamask/transaction-controller` from `^62.3.1` to `^62.5.0` ([#7289](https://github.com/MetaMask/core/pull/7289), [#7325](https://github.com/MetaMask/core/pull/7325))
 

packages/gator-permissions-controller/src/GatorPermissionsController.test.ts

@@ -95,6 +95,7 @@ describe('GatorPermissionsController', () => {
       expect(controller.state.isGatorPermissionsEnabled).toBe(false);
       expect(controller.state.gatorPermissionsMapSerialized).toStrictEqual(
         JSON.stringify({
+          'erc20-token-revocation': {},
           'native-token-stream': {},
           'native-token-periodic': {},
           'erc20-token-stream': {},
@@ -171,6 +172,7 @@ describe('GatorPermissionsController', () => {
       expect(controller.state.isGatorPermissionsEnabled).toBe(false);
       expect(controller.state.gatorPermissionsMapSerialized).toBe(
         JSON.stringify({
+          'erc20-token-revocation': {},
           'native-token-stream': {},
           'native-token-periodic': {},
           'erc20-token-stream': {},
@@ -222,6 +224,7 @@ describe('GatorPermissionsController', () => {
       const result = await controller.fetchAndUpdateGatorPermissions();
 
       expect(result).toStrictEqual({
+        'erc20-token-revocation': expect.any(Object),
         'native-token-stream': expect.any(Object),
         'native-token-periodic': expect.any(Object),
         'erc20-token-stream': expect.any(Object),
@@ -257,6 +260,7 @@ describe('GatorPermissionsController', () => {
       sanitizedCheck('native-token-periodic');
       sanitizedCheck('erc20-token-stream');
       sanitizedCheck('erc20-token-periodic');
+      sanitizedCheck('erc20-token-revocation');
       sanitizedCheck('other');
 
       // Specifically verify that the entry with rules has rules preserved
@@ -278,6 +282,47 @@ describe('GatorPermissionsController', () => {
       ]);
     });
 
+    it('categorizes erc20-token-revocation permissions into its own bucket', async () => {
+      const chainId = '0x1' as Hex;
+      // Create a minimal revocation permission entry and cast to satisfy types
+      const revocationEntry = {
+        permissionResponse: {
+          chainId,
+          address: '0x0000000000000000000000000000000000000001',
+          signer: {
+            type: 'account',
+            data: { address: '0x0000000000000000000000000000000000000002' },
+          },
+          permission: {
+            type: 'erc20-token-revocation',
+            isAdjustmentAllowed: false,
+            // Data shape is enforced by external types; not relevant for categorization
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            data: {} as any,
+          },
+          context: '0xdeadbeef',
+          dependencyInfo: [],
+          signerMeta: {
+            delegationManager: '0x0000000000000000000000000000000000000003',
+          },
+        },
+        siteOrigin: 'https://example.org',
+      } as unknown;
+      const rootMessenger = getRootMessenger({
+        snapControllerHandleRequestActionHandler: async () =>
+          [revocationEntry] as unknown,
+      });
+      const controller = new GatorPermissionsController({
+        messenger: getGatorPermissionsControllerMessenger(rootMessenger),
+      });
+
+      await controller.enableGatorPermissions();
+      const result = await controller.fetchAndUpdateGatorPermissions();
+
+      expect(result['erc20-token-revocation']).toBeDefined();
+      expect(result['erc20-token-revocation'][chainId]).toHaveLength(1);
+    });
+
     it('throws error when gator permissions are not enabled', async () => {
       const controller = new GatorPermissionsController({
         messenger: getGatorPermissionsControllerMessenger(),
@@ -304,6 +349,7 @@ describe('GatorPermissionsController', () => {
       const result = await controller.fetchAndUpdateGatorPermissions();
 
       expect(result).toStrictEqual({
+        'erc20-token-revocation': {},
         'native-token-stream': {},
         'native-token-periodic': {},
         'erc20-token-stream': {},
@@ -326,6 +372,7 @@ describe('GatorPermissionsController', () => {
       const result = await controller.fetchAndUpdateGatorPermissions();
 
       expect(result).toStrictEqual({
+        'erc20-token-revocation': {},
         'native-token-stream': {},
         'native-token-periodic': {},
         'erc20-token-stream': {},
@@ -390,6 +437,7 @@ describe('GatorPermissionsController', () => {
       const { gatorPermissionsMap } = controller;
 
       expect(gatorPermissionsMap).toStrictEqual({
+        'erc20-token-revocation': {},
         'native-token-stream': {},
         'native-token-periodic': {},
         'erc20-token-stream': {},
@@ -501,7 +549,7 @@ describe('GatorPermissionsController', () => {
         ),
       ).toMatchInlineSnapshot(`
         Object {
-          "gatorPermissionsMapSerialized": "{\\"native-token-stream\\":{},\\"native-token-periodic\\":{},\\"erc20-token-stream\\":{},\\"erc20-token-periodic\\":{},\\"other\\":{}}",
+          "gatorPermissionsMapSerialized": "{\\"erc20-token-revocation\\":{},\\"native-token-stream\\":{},\\"native-token-periodic\\":{},\\"erc20-token-stream\\":{},\\"erc20-token-periodic\\":{},\\"other\\":{}}",
           "gatorPermissionsProviderSnapId": "npm:@metamask/gator-permissions-snap",
           "isFetchingGatorPermissions": false,
           "isGatorPermissionsEnabled": false,
@@ -523,7 +571,7 @@ describe('GatorPermissionsController', () => {
         ),
       ).toMatchInlineSnapshot(`
         Object {
-          "gatorPermissionsMapSerialized": "{\\"native-token-stream\\":{},\\"native-token-periodic\\":{},\\"erc20-token-stream\\":{},\\"erc20-token-periodic\\":{},\\"other\\":{}}",
+          "gatorPermissionsMapSerialized": "{\\"erc20-token-revocation\\":{},\\"native-token-stream\\":{},\\"native-token-periodic\\":{},\\"erc20-token-stream\\":{},\\"erc20-token-periodic\\":{},\\"other\\":{}}",
           "isGatorPermissionsEnabled": false,
         }
       `);
@@ -542,7 +590,7 @@ describe('GatorPermissionsController', () => {
         ),
       ).toMatchInlineSnapshot(`
         Object {
-          "gatorPermissionsMapSerialized": "{\\"native-token-stream\\":{},\\"native-token-periodic\\":{},\\"erc20-token-stream\\":{},\\"erc20-token-periodic\\":{},\\"other\\":{}}",
+          "gatorPermissionsMapSerialized": "{\\"erc20-token-revocation\\":{},\\"native-token-stream\\":{},\\"native-token-periodic\\":{},\\"erc20-token-stream\\":{},\\"erc20-token-periodic\\":{},\\"other\\":{}}",
           "pendingRevocations": Array [],
         }
       `);

packages/gator-permissions-controller/src/GatorPermissionsController.ts

@@ -58,12 +58,15 @@ const controllerName = 'GatorPermissionsController';
 const defaultGatorPermissionsProviderSnapId =
   'npm:@metamask/gator-permissions-snap' as SnapId;
 
-const defaultGatorPermissionsMap: GatorPermissionsMap = {
-  'native-token-stream': {},
-  'native-token-periodic': {},
-  'erc20-token-stream': {},
-  'erc20-token-periodic': {},
-  other: {},
+const createEmptyGatorPermissionsMap: () => GatorPermissionsMap = () => {
+  return {
+    'erc20-token-revocation': {},
+    'native-token-stream': {},
+    'native-token-periodic': {},
+    'erc20-token-stream': {},
+    'erc20-token-periodic': {},
+    other: {},
+  };
 };
 
 /**
@@ -157,7 +160,7 @@ export function getDefaultGatorPermissionsControllerState(): GatorPermissionsCon
   return {
     isGatorPermissionsEnabled: false,
     gatorPermissionsMapSerialized: serializeGatorPermissionsMap(
-      defaultGatorPermissionsMap,
+      createEmptyGatorPermissionsMap(),
     ),
     isFetchingGatorPermissions: false,
     gatorPermissionsProviderSnapId: defaultGatorPermissionsProviderSnapId,
@@ -509,63 +512,39 @@ export default class GatorPermissionsController extends BaseController<
       | StoredGatorPermission<Signer, PermissionTypesWithCustom>[]
       | null,
   ): GatorPermissionsMap {
+    const gatorPermissionsMap = createEmptyGatorPermissionsMap();
+
     if (!storedGatorPermissions) {
-      return defaultGatorPermissionsMap;
+      return gatorPermissionsMap;
     }
 
-    return storedGatorPermissions.reduce<GatorPermissionsMap>(
-      (gatorPermissionsMap, storedGatorPermission) => {
-        const { permissionResponse } = storedGatorPermission;
-        const permissionType = permissionResponse.permission.type;
-        const { chainId } = permissionResponse;
-
-        const sanitizedStoredGatorPermission =
-          this.#sanitizeStoredGatorPermission(storedGatorPermission);
-
-        switch (permissionType) {
-          case 'native-token-stream':
-          case 'native-token-periodic':
-          case 'erc20-token-stream':
-          case 'erc20-token-periodic':
-            if (!gatorPermissionsMap[permissionType][chainId]) {
-              gatorPermissionsMap[permissionType][chainId] = [];
-            }
-
-            (
-              gatorPermissionsMap[permissionType][
-                chainId
-              ] as StoredGatorPermissionSanitized<
-                Signer,
-                PermissionTypesWithCustom
-              >[]
-            ).push(sanitizedStoredGatorPermission);
-            break;
-          default:
-            if (!gatorPermissionsMap.other[chainId]) {
-              gatorPermissionsMap.other[chainId] = [];
-            }
-
-            (
-              gatorPermissionsMap.other[
-                chainId
-              ] as StoredGatorPermissionSanitized<
-                Signer,
-                PermissionTypesWithCustom
-              >[]
-            ).push(sanitizedStoredGatorPermission);
-            break;
-        }
-
-        return gatorPermissionsMap;
-      },
-      {
-        'native-token-stream': {},
-        'native-token-periodic': {},
-        'erc20-token-stream': {},
-        'erc20-token-periodic': {},
-        other: {},
-      },
-    );
+    for (const storedGatorPermission of storedGatorPermissions) {
+      const {
+        permissionResponse: {
+          permission: { type: permissionType },
+          chainId,
+        },
+      } = storedGatorPermission;
+
+      const isPermissionTypeKnown = Object.prototype.hasOwnProperty.call(
+        gatorPermissionsMap,
+        permissionType,
+      );
+
+      const permissionTypeKey = isPermissionTypeKnown
+        ? (permissionType as keyof GatorPermissionsMap)
+        : 'other';
+
+      type PermissionsMapElementArray =
+        GatorPermissionsMap[typeof permissionTypeKey][typeof chainId];
+
+      gatorPermissionsMap[permissionTypeKey][chainId] = [
+        ...(gatorPermissionsMap[permissionTypeKey][chainId] || []),
+        this.#sanitizeStoredGatorPermission(storedGatorPermission),
+      ] as PermissionsMapElementArray;
+    }
+
+    return gatorPermissionsMap;
   }
 
   /**
@@ -602,7 +581,7 @@ export default class GatorPermissionsController extends BaseController<
     this.update((state) => {
       state.isGatorPermissionsEnabled = false;
       state.gatorPermissionsMapSerialized = serializeGatorPermissionsMap(
-        defaultGatorPermissionsMap,
+        createEmptyGatorPermissionsMap(),
       );
     });
   }

packages/gator-permissions-controller/src/types.ts

@@ -8,6 +8,7 @@ import type {
   Erc20TokenPeriodicPermission,
   Rule,
   MetaMaskBasePermissionData,
+  Erc20TokenRevocationPermission,
 } from '@metamask/7715-permission-types';
 import type { Delegation } from '@metamask/delegation-core';
 import type { Hex } from '@metamask/utils';
@@ -174,6 +175,12 @@ export type StoredGatorPermissionSanitized<
  * Represents a map of gator permissions by chainId and permission type.
  */
 export type GatorPermissionsMap = {
+  'erc20-token-revocation': {
+    [chainId: Hex]: StoredGatorPermissionSanitized<
+      Signer,
+      Erc20TokenRevocationPermission
+    >[];
+  };
   'native-token-stream': {
     [chainId: Hex]: StoredGatorPermissionSanitized<
       Signer,

packages/gator-permissions-controller/src/utils.test.ts

@@ -5,6 +5,7 @@ import {
 } from './utils';
 
 const defaultGatorPermissionsMap: GatorPermissionsMap = {
+  'erc20-token-revocation': {},
   'native-token-stream': {},
   'native-token-periodic': {},
   'erc20-token-stream': {},
@@ -24,18 +25,20 @@ describe('utils - serializeGatorPermissionsMap() tests', () => {
   });
 
   it('throws an error when serialization fails', () => {
-    // Create a valid GatorPermissionsMap structure but with circular reference
     const gatorPermissionsMap = {
+      'erc20-token-revocation': {},
       'native-token-stream': {},
       'native-token-periodic': {},
       'erc20-token-stream': {},
       'erc20-token-periodic': {},
       other: {},
     };
 
-    // Add circular reference to cause JSON.stringify to fail
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    (gatorPermissionsMap as any).circular = gatorPermissionsMap;
+    // explicitly cause serialization to fail
+    (gatorPermissionsMap as unknown as { toJSON: () => void }).toJSON =
+      (): void => {
+        throw new Error('Failed serialization');
+      };
 
     expect(() => {
       serializeGatorPermissionsMap(gatorPermissionsMap);