readme update

feruzm · feruzm · commit 62f95e449523 · 2025-09-08T19:57:55.000+03:00
diff --git a/packages/snap/README.md b/packages/snap/README.md
@@ -12,6 +12,31 @@ yarn add @ecency/snap
 Add the snap to MetaMask using a local manifest or bundle produced by
 `yarn workspace @ecency/snap build`.
 
+## Development
+
+From the repository root you can build and test the snap:
+
+```bash
+# compile TypeScript and generate the snap bundle/manifest
+yarn workspace @ecency/snap build
+
+# run unit tests
+yarn workspace @ecency/snap test
+```
+
+The build outputs `snap.manifest.json` alongside `dist/bundle.js`.
+
+### Loading in MetaMask Flask
+
+1. Install the [MetaMask Flask](https://metamask.io/flask/) extension.
+2. Run `yarn workspace @ecency/snap build` to generate the manifest and bundle.
+3. In MetaMask, open **Settings → Snaps** and choose **Add Snap**.
+4. Select `packages/snap/snap.manifest.json` from this repository.
+5. Approve the installation prompts.
+
+The snap now appears in the MetaMask Snaps list and can be invoked by dApps
+using `local:@ecency/snap`.
+
 ## Usage
 
 The snap exposes several RPC methods:
@@ -28,20 +53,39 @@ Example from a dApp:
 
 ```ts
 const result = await window.ethereum.request({
-  method: 'wallet_invokeSnap',
+  method: "wallet_invokeSnap",
   params: {
-    snapId: 'local:@ecency/snap',
+    snapId: "local:@ecency/snap",
     request: {
-      method: 'getAddress',
-      params: { chain: 'HIVE' }
-    }
-  }
+      method: "getAddress",
+      params: { chain: "HIVE" },
+    },
+  },
 });
 ```
 
-## Security considerations
+## Required Permissions
+
+This snap declares the following permissions:
+
+- `snap_getBip44Entropy` – derive Hive keys from the MetaMask seed phrase.
+- `endowment:rpc` – communicate with dApps via the snap RPC interface.
+- `snap_dialog` – prompt the user when signing transactions or encrypting and
+  decrypting data.
+- `endowment:webassembly` – enable WebAssembly support for cryptographic
+  libraries used by the snap.
+
+All permissions follow the principle of least privilege. No private keys are
+stored in memory or exposed to the client.
+
+## Security Notes
 
-The mnemonic phrase is stored inside the snap's managed state. Snaps run in an
-isolated environment, but any state stored by the snap is persisted on the
-user's machine. Avoid exposing the mnemonic and consider encrypting state in
-production deployments.
+- Keys are derived only when required and cleared from memory immediately after
+  use.
+- No network requests are made.
+- All transaction data is validated before processing.
+- No sensitive data is stored in browser storage.
+- The mnemonic phrase resides in the snap's managed state. Although snaps run in
+  an isolated environment, that state persists on the user's machine. Avoid
+  exposing the mnemonic and consider encrypting state for production
+  deployments.
diff --git a/packages/snap/build-manifest.cjs b/packages/snap/build-manifest.cjs
@@ -0,0 +1,35 @@
+const fs = require("fs");
+const path = require("path");
+const crypto = require("crypto");
+
+const pkg = JSON.parse(
+  fs.readFileSync(path.join(__dirname, "package.json"), "utf8"),
+);
+const bundlePath = path.join(__dirname, "dist", "bundle.js");
+const source = fs.readFileSync(bundlePath);
+const shasum = crypto.createHash("sha256").update(source).digest("hex");
+
+const manifest = {
+  version: pkg.version,
+  proposedName: "Ecency Snap",
+  description: "MetaMask Snap providing multi-chain wallet capabilities.",
+  repository: pkg.repository,
+  source: {
+    shasum,
+    location: {
+      local: "dist/bundle.js",
+    },
+  },
+  initialPermissions: {
+    snap_getBip44Entropy: [{ coinType: 756 }],
+    "endowment:rpc": { dapps: true },
+    snap_dialog: {},
+    "endowment:webassembly": {},
+  },
+  manifestVersion: "0.1",
+};
+
+fs.writeFileSync(
+  path.join(__dirname, "snap.manifest.json"),
+  JSON.stringify(manifest, null, 2),
+);
diff --git a/packages/snap/package.json b/packages/snap/package.json
@@ -12,7 +12,7 @@
   ],
   "scripts": {
     "dev": "vite",
-    "build": "tsc && vite build",
+    "build": "tsc && vite build && node build-manifest.cjs",
     "test": "NODE_OPTIONS=--import=./test/mock-wallets.js node --test"
   },
   "dependencies": {
diff --git a/packages/snap/snap.manifest.json b/packages/snap/snap.manifest.json
@@ -0,0 +1,24 @@
+{
+  "version": "0.1.0",
+  "proposedName": "Ecency Snap",
+  "description": "MetaMask Snap providing multi-chain wallet capabilities.",
+  "source": {
+    "shasum": "7a7e92d25e072e85429c7288e9292058191192cac551341ae3fab60579154618",
+    "location": {
+      "local": "dist/bundle.js"
+    }
+  },
+  "initialPermissions": {
+    "snap_getBip44Entropy": [
+      {
+        "coinType": 756
+      }
+    ],
+    "endowment:rpc": {
+      "dapps": true
+    },
+    "snap_dialog": {},
+    "endowment:webassembly": {}
+  },
+  "manifestVersion": "0.1"
+}
diff --git a/packages/snap/test/integration.test.js b/packages/snap/test/integration.test.js
@@ -1,27 +1,44 @@
-import test from 'node:test';
-import assert from 'node:assert/strict';
-import { onRpcRequest } from '../dist/ecency-snap.es.js';
+import test from "node:test";
+import assert from "node:assert/strict";
+import { onRpcRequest } from "../dist/bundle.js";
 
 const state = {};
 
 globalThis.snap = {
   request: async ({ method, params }) => {
-    if (method !== 'snap_manageState') throw new Error('unsupported');
-    if (params.operation === 'get') return state;
-    if (params.operation === 'update') { Object.assign(state, params.newState); return null; }
-    throw new Error('bad operation');
+    if (method !== "snap_manageState") throw new Error("unsupported");
+    if (params.operation === "get") return state;
+    if (params.operation === "update") {
+      Object.assign(state, params.newState);
+      return null;
+    }
+    throw new Error("bad operation");
   },
 };
 
-const mnemonic = 'test test test test test test test test test test test junk';
+const mnemonic = "test test test test test test test test test test test junk";
 
-test('dapp flow', async () => {
-  await onRpcRequest({ origin: 'dapp', request: { method: 'initialize', params: { mnemonic } } });
-  const addr = await onRpcRequest({ origin: 'dapp', request: { method: 'getAddress', params: { chain: 'HIVE' } } });
+test("dapp flow", async () => {
+  await onRpcRequest({
+    origin: "dapp",
+    request: { method: "initialize", params: { mnemonic } },
+  });
+  const addr = await onRpcRequest({
+    origin: "dapp",
+    request: { method: "getAddress", params: { chain: "HIVE" } },
+  });
   assert.ok(addr.address);
 
-  const tx = { ref_block_num: 0, ref_block_prefix: 0, expiration: '2020-01-01T00:00:00', operations: [], extensions: [] };
-  const signed = await onRpcRequest({ origin: 'dapp', request: { method: 'signHiveTx', params: { tx } } });
+  const tx = {
+    ref_block_num: 0,
+    ref_block_prefix: 0,
+    expiration: "2020-01-01T00:00:00",
+    operations: [],
+    extensions: [],
+  };
+  const signed = await onRpcRequest({
+    origin: "dapp",
+    request: { method: "signHiveTx", params: { tx } },
+  });
   assert.ok(signed.signatures.length > 0);
 });
-
diff --git a/packages/snap/test/rpc.test.js b/packages/snap/test/rpc.test.js
@@ -1,43 +1,68 @@
-import test from 'node:test';
-import assert from 'node:assert/strict';
-import { onRpcRequest } from '../dist/ecency-snap.es.js';
+import test from "node:test";
+import assert from "node:assert/strict";
+import { onRpcRequest } from "../dist/bundle.js";
+import { getLastSignExternalTxParams } from "./mock-wallets.js";
 import { getLastSignExternalTxParams } from './mock-wallets.js';
 
 const state = {};
 
 // simple snap state stub
 globalThis.snap = {
   request: async ({ method, params }) => {
-    if (method !== 'snap_manageState') throw new Error('unsupported');
-    if (params.operation === 'get') return state;
-    if (params.operation === 'update') {
+    if (method !== "snap_manageState") throw new Error("unsupported");
+    if (params.operation === "get") return state;
+    if (params.operation === "update") {
       Object.assign(state, params.newState);
       return null;
     }
-    throw new Error('bad operation');
+    throw new Error("bad operation");
   },
 };
 
-const mnemonic = 'test test test test test test test test test test test junk';
+const mnemonic = "test test test test test test test test test test test junk";
 
-test('initialize and unlock', async () => {
-  const init = await onRpcRequest({ origin: 'test', request: { method: 'initialize', params: { mnemonic } } });
+test("initialize and unlock", async () => {
+  const init = await onRpcRequest({
+    origin: "test",
+    request: { method: "initialize", params: { mnemonic } },
+  });
   assert.equal(init, true);
 
-  const unlock = await onRpcRequest({ origin: 'test', request: { method: 'unlock', params: { mnemonic } } });
+  const unlock = await onRpcRequest({
+    origin: "test",
+    request: { method: "unlock", params: { mnemonic } },
+  });
   assert.equal(unlock, true);
 });
 
-test('get hive address', async () => {
-  await onRpcRequest({ origin: 'test', request: { method: 'initialize', params: { mnemonic } } });
-  const res = await onRpcRequest({ origin: 'test', request: { method: 'getAddress', params: { chain: 'HIVE' } } });
+test("get hive address", async () => {
+  await onRpcRequest({
+    origin: "test",
+    request: { method: "initialize", params: { mnemonic } },
+  });
+  const res = await onRpcRequest({
+    origin: "test",
+    request: { method: "getAddress", params: { chain: "HIVE" } },
+  });
   assert.ok(res.address);
 });
 
-test('sign hive tx', async () => {
-  await onRpcRequest({ origin: 'test', request: { method: 'initialize', params: { mnemonic } } });
-  const tx = { ref_block_num: 0, ref_block_prefix: 0, expiration: '2020-01-01T00:00:00', operations: [], extensions: [] };
-  const signed = await onRpcRequest({ origin: 'test', request: { method: 'signHiveTx', params: { tx } } });
+test("sign hive tx", async () => {
+  await onRpcRequest({
+    origin: "test",
+    request: { method: "initialize", params: { mnemonic } },
+  });
+  const tx = {
+    ref_block_num: 0,
+    ref_block_prefix: 0,
+    expiration: "2020-01-01T00:00:00",
+    operations: [],
+    extensions: [],
+  };
+  const signed = await onRpcRequest({
+    origin: "test",
+    request: { method: "signHiveTx", params: { tx } },
+  });
   assert.ok(Array.isArray(signed.signatures));
 });
 
@@ -51,9 +76,33 @@ test('sign external tx', async () => {
   assert.equal(getLastSignExternalTxParams().privateKey, 'priv');
 });
 
-test('balance query placeholder', async () => {
-  await onRpcRequest({ origin: 'test', request: { method: 'initialize', params: { mnemonic } } });
-  const bal = await onRpcRequest({ origin: 'test', request: { method: 'getBalance', params: { currency: 'BTC', address: 'xyz' } } });
+test("balance query placeholder", async () => {
+  await onRpcRequest({
+    origin: "test",
+    request: { method: "initialize", params: { mnemonic } },
+  });
+  const bal = await onRpcRequest({
+    origin: "test",
+    request: {
+      method: "getBalance",
+      params: { currency: "BTC", address: "xyz" },
+    },
+  });
   assert.equal(bal, 0);
 });
+test("sign external tx", async () => {
+  await onRpcRequest({
+    origin: "test",
+    request: { method: "initialize", params: { mnemonic } },
+  });
+  const res = await onRpcRequest({
+    origin: "test",
+    request: {
+      method: "signExternalTx",
+      params: { currency: "BTC", params: { foo: "bar" } },
+    },
+  });
+  assert.equal(res, "signed");
+  assert.equal(getLastSignExternalTxParams().privateKey, "priv");
+});
 
diff --git a/packages/snap/vite.config.ts b/packages/snap/vite.config.ts
@@ -9,7 +9,7 @@ export default defineConfig({
       entry: path.resolve(__dirname, "src/index.ts"),
       name: "Ecency Snap",
       formats: ["es"],
-      fileName: (format) => `ecency-snap.${format}.js`,
+      fileName: () => "bundle.js",
     },
     rollupOptions: {
       external: [
@@ -24,7 +24,7 @@ export default defineConfig({
         "@okxweb3/coin-ton",
         "@okxweb3/coin-tron",
         "@okxweb3/crypto-lib",
-        "bip39"
+        "bip39",
       ],
     },
   },
diff --git a/yarn.lock b/yarn.lock
@@ -4542,6 +4542,11 @@ typescript@5.8.2:
   resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.8.2.tgz#8170b3702f74b79db2e5a96207c15e65807999e4"
   integrity sha512-aJn6wq13/afZp/jT9QZmwEjDqqvSGp1VT5GVg+f/t6/oVyrgXM6BY1h9BRh/O5p3PlUPAe+WuiEZOmb/49RqoQ==
 
+typescript@^5.8.2:
+  version "5.9.2"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.9.2.tgz#d93450cddec5154a2d5cabe3b8102b83316fb2a6"
+  integrity sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A==
+
 ufo@^1.5.4:
   version "1.6.1"
   resolved "https://registry.yarnpkg.com/ufo/-/ufo-1.6.1.tgz#ac2db1d54614d1b22c1d603e3aef44a85d8f146b"
