feat: Add Multichain API to Flask

[ffmcgee725]

Description

This branch adds support for the Multichain API to the Flask build of the Extension.

The existing API (via injected provider) should be completely unchanged.

(Very Briefly) What is the MetaMask Multichain API

• Concurrent connection to any number of chains (no network switching)
• Unified entry point for all chain ecosystems (EVM, BTC, Solana, Cosmos, Polkadot etc)
• Accessible via window.postMessage(). Not accessible via an injected global like window.ethereum

Key Documents/Standards

mip = MetaMask Improvement Proposal

• MIP-5 (Overview of the Multichain API)
  • CAIP-25 (new connection request API)
  • CAIP-27 (new request API, envelope with target scope/chainId included)
• MIP-6 (Overview of how the Multichain API’s EVM support diverges from the 1193 injected provider)

Manual testing steps

(RECOMMENDED) Use the Multichain Test Dapp
NOTE: window.postMessage should be used as extensionId for mobile.

• Video Demo for Interacting w/ Multichain Test Dapp

OR

yarn setup:flask

Then

yarn start:android:flask

or

yarn start:ios:flask

Setup event listener via dev tools

window.addEventListener('message', (event) => {
  const {
    target,
    data
  } = event.data;
  if (
    target !== "metamask-inpage" ||
    data?.name !== 'metamask-multichain-provider'
  ) {
    return;
  }
  console.log(data.data)
})

Send a multichain API request via dev tools

const caipPostMessage = (data) => {
  window.postMessage({
    target: 'metamask-contentscript',
    data: {
      name: 'metamask-multichain-provider',
      data
    }
  }, location.origin)
}

// create session
caipPostMessage({
    jsonrpc: '2.0',
    method: 'wallet_createSession',
    params: {
      optionalScopes: {}
    }
})

// get session
caipPostMessage({
    jsonrpc: '2.0',
    method: 'wallet_getSession',
    params: {}
})

// revoke session
caipPostMessage({
    jsonrpc: '2.0',
    method: 'wallet_revokeSession',
    params: {}
})

// invoke method
caipPostMessage({
    jsonrpc: '2.0',
    method: 'wallet_invokeMethod',
    params: {
            scope: 'eip155:1',
            request: {
                "method": "eth_blockNumber",
                "params": [],
            }
        }
})

More detailed example of manual requests

taken from extension equivalent Add Multichain API to Flask work

Pre-merge author checklist

• I’ve followed MetaMask Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​metamask/​multichain-api-middleware@​0.2.0
	npm/​@​metamask/​chain-agnostic-permission@​0.3.0 ⏵ 0.4.0	+1		+1	+2
	npm/​@​open-rpc/​specification-extension-spec@​1.0.2
	npm/​@​open-rpc/​meta-schema@​1.14.9
	npm/​@​open-rpc/​schema-utils-js@​2.1.2
	npm/​@​json-schema-tools/​reference-resolver@​1.2.5 ⏵ 1.2.6
	npm/​@​json-schema-tools/​traverse@​1.10.3 ⏵ 1.10.4
	npm/​@​json-schema-tools/​dereferencer@​1.6.3
	npm/​@​json-schema-tools/​meta-schema@​1.7.5

View full report

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[adonesky1]

Suggested change

	// wallet_notify for solana accountChanged when permission changes
	controllerMessenger.subscribe(
	`${this.permissionController.name}:stateChange`,
	async (currentValue, previousValue) => {
	const origins = uniq([
	...previousValue.keys(),
	...currentValue.keys(),
	]);
	origins.forEach((origin) => {
	const previousCaveatValue = previousValue.get(origin);
	const currentCaveatValue = currentValue.get(origin);
	const previousSolanaAccountChangedNotificationsEnabled = Boolean(
	previousCaveatValue?.sessionProperties?.[
	KnownSessionProperties.SolanaAccountChangedNotifications
	],
	);
	const currentSolanaAccountChangedNotificationsEnabled = Boolean(
	currentCaveatValue?.sessionProperties?.[
	KnownSessionProperties.SolanaAccountChangedNotifications
	],
	);
	if (
	!previousSolanaAccountChangedNotificationsEnabled &&
	!currentSolanaAccountChangedNotificationsEnabled
	) {
	return;
	}
	const previousSolanaCaipAccountIds = previousCaveatValue
	? getPermittedAccountsForScopes(previousCaveatValue, [
	MultichainNetworks.SOLANA,
	MultichainNetworks.SOLANA_DEVNET,
	MultichainNetworks.SOLANA_TESTNET,
	])
	: [];
	const previousNonUniqueSolanaHexAccountAddresses =
	previousSolanaCaipAccountIds.map((caipAccountId) => {
	const { address } = parseCaipAccountId(caipAccountId);
	return address;
	});
	const previousSolanaHexAccountAddresses = uniq(
	previousNonUniqueSolanaHexAccountAddresses,
	);
	const [previousSelectedSolanaAccountAddress] =
	this.sortMultichainAccountsByLastSelected(
	previousSolanaHexAccountAddresses,
	);
	const currentSolanaCaipAccountIds = currentCaveatValue
	? getPermittedAccountsForScopes(currentCaveatValue, [
	MultichainNetworks.SOLANA,
	MultichainNetworks.SOLANA_DEVNET,
	MultichainNetworks.SOLANA_TESTNET,
	])
	: [];
	const currentNonUniqueSolanaHexAccountAddresses =
	currentSolanaCaipAccountIds.map((caipAccountId) => {
	const { address } = parseCaipAccountId(caipAccountId);
	return address;
	});
	const currentSolanaHexAccountAddresses = uniq(
	currentNonUniqueSolanaHexAccountAddresses,
	);
	const [currentSelectedSolanaAccountAddress] =
	this.sortMultichainAccountsByLastSelected(
	currentSolanaHexAccountAddresses,
	);
	if (
	previousSelectedSolanaAccountAddress !==
	currentSelectedSolanaAccountAddress
	) {
	// TODO: [ffmcgee] implement notifySolanaAccountChange ?
	// this._notifySolanaAccountChange(
	// origin,
	// currentSelectedSolanaAccountAddress
	// ? [currentSelectedSolanaAccountAddress]
	// : [],
	// );
	}
	});
	},
	getAuthorizedScopesByOrigin,
	);

This should be added in a separate PR later on, per our sequencing/breakdown: https://docs.google.com/document/d/1uUK2L6KBSHnz5yzyW54MVYhsSXcaZajNKVIUczljL8g/edit?tab=t.0

[ffmcgee725]

ba1896c

[adonesky1]

Have we verified whether some of these subscriptions are being handled elsewhere?

[ffmcgee725]

The smartTransactionPoller logic seems to be handled in the Engine https://github.com/MetaMask/metamask-mobile/blob/main/app/core/Engine/Engine.ts#L1507C10-L1507C22, but the starting condition doesn't seem to be the same.

and _checkTokenListPolling doesn't seem to be handled elsewhere.

so all in all, if we are talking about controllerMessenger subscription to PreferencesController:stateChange, none existed prior to this implementation.

[adonesky1]

we'll need to verify whether this is in place somewhere for the WIP per-dapp selected network feature still being finished on Mobile by Eric Lamontagne (don't remember his gh handle)

[adonesky1]

I imagine this must exist somewhere else already...

[ffmcgee725]

searching up NetworkController:networkDidChange, it doesn't seem to be the case.

I only see stuff such as this, and not an actual subscription by the controllerMessenger to this action.

[github-actions]

Bitrise

✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅

Commit hash: 5dd1dd3
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/ecc496d0-949e-493e-93b2-9aeda0fc6256

Note

• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

[sonarqubecloud]

Quality Gate failed

Failed conditions
50.5% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud