Skip to content

feat: update to keyring v2#645

Open
hmalik88 wants to merge 20 commits into
mainfrom
hm/add-v2-methods
Open

feat: update to keyring v2#645
hmalik88 wants to merge 20 commits into
mainfrom
hm/add-v2-methods

Conversation

@hmalik88

@hmalik88 hmalik88 commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Summary

Migrates the Bitcoin snap to the v2 Keyring API and declares the corresponding capabilities in the manifest. Also removes all v1-only keyring methods and replaces the manual routing table with the v2 dispatcher.

  • Rewrites KeyringHandler to implement KeyringSnapRpc (from @metamask/keyring-api/v2): adds getAccounts, getAccount, createAccounts, exportAccount, getAccountBalances, getAccountAssets, getAccountTransactions, deleteAccount, submitRequest, setSelectedAccounts, and resolveAccountAddress
  • Removes v1-only flows (createAccount, discoverAccounts, filterAccountChains, updateAccount) and stops emitting AccountCreated / AccountDeleted events
  • Folds bip44:discover into createAccounts: calls AccountUseCases.discover(), deletes the account from state if no transactions are found, and returns [] to signal end-of-discovery
  • Adds exportAccount with WIF private-key export (Base58Check, version byte 0x80/0xEF); uses is() not assert() to prevent the private key from appearing in a StructError message on encoding failure
  • Reads SUPPORTED_SCOPES directly from snap.manifest.json capabilities block (same pattern as Solana snap) instead of hardcoding the network
  • Switches handleKeyringRequest to the v2 dispatcher (@metamask/keyring-snap-sdk/v2)
  • Adds endowment:keyring.capabilities to snap.manifest.json: scopes, privateKey.exportFormats, and bip44 derive/discover flags
  • Sets module: "ESNext" and moduleResolution: "bundler" in packages/snap/tsconfig.json so /v2 subpath exports resolve correctly
  • Bumps @metamask/keyring-api → ^23.5.0, keyring-snap-sdk → ^9.2.0, snaps-sdk → ^11.2.0, snaps-cli → ^8.4.1, snaps-jest → ^10.2.0
  • Updates KeyringHandler.test.ts: removes v1-only describe blocks, adds exportAccount and bip44:discover coverage, mocks wif module, adds beforeEach(() => jest.resetAllMocks()) to fix mock-call accumulation between tests

References

N/A

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • I've communicated my changes to consumers by updating changelogs for packages I've changed
  • I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

Note

High Risk
Touches keyring account lifecycle, discovery, and private-key export—security-sensitive paths—with breaking RPC and manifest contract changes for MetaMask clients.

Overview
Migrates the Bitcoin snap from the v1 keyring RPC surface to Keyring API v2, driven by handleKeyringRequest from @metamask/keyring-snap-sdk/v2 instead of a custom route switch on legacy method names.

KeyringHandler now implements KeyringSnapRpc: v2 names such as keyring_getAccounts, keyring_createAccounts, and related getters replace listAccounts, createAccount, and discoverAccounts. Account creation uses bip44:derive-path, index/range, and bip44:discover (inactive discovered accounts are deleted; an empty result ends discovery). exportAccount returns WIF (base58) with guarded error handling so private material does not leak in validation messages. Supported networks for batch/discover flows come from endowment:keyring.capabilities in snap.manifest.json. Mapped accounts are marked exportable: true.

The manifest gains keyring capabilities (scopes, private-key export format, bip44 derive/discover). Dependencies bump keyring-api, keyring-snap-sdk, and snaps tooling; integration/unit tests and expected RPC error codes are updated for v2.

Reviewed by Cursor Bugbot for commit 3934e33. Bugbot is set up for automated code reviews on this repo. Configure here.

@socket-security

socket-security Bot commented Jul 10, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Added@​metamask/​keyring-api@​23.5.01001001009850
Updated@​metamask/​keyring-snap-sdk@​8.0.0 ⏵ 9.2.099 +110075 +197 +2100
Updated@​metamask/​snaps-cli@​8.3.0 ⏵ 8.4.176100100 +187 +1100
Updated@​metamask/​snaps-jest@​9.8.0 ⏵ 10.2.076 +110010097 +2100
Updated@​metamask/​slip44@​4.3.0 ⏵ 4.5.0100 +110099 +192 +8100
Updatedprettier@​3.5.3 ⏵ 3.9.499 +110097 +199100

View full report

@socket-security

socket-security Bot commented Jul 10, 2026

Copy link
Copy Markdown

Warning

MetaMask internal reviewing guidelines:

  • Do not ignore-all
  • Each alert has instructions on how to review if you don't know what it means. If lost, ask your Security Liaison or the supply-chain group
  • Copy-paste ignore lines for specific packages or a group of one kind with a note on what research you did to deem it safe.
    @SocketSecurity ignore npm/PACKAGE@VERSION
Action Severity Alert  (click "▶" to expand/collapse)
Warn Low
Potential code anomaly (AI signal): npm @metamask/snaps-simulation is 62.0% likely to have a medium risk anomaly

Notes: The fragment is primarily an orchestration layer for installing/executing MetaMask Snaps and registering internal RPC/action handlers. The main high-impact risk signals are (1) direct execution of snap source code obtained from fetchSnap(), and (2) sensitive key material derivation (mnemonic/seed) from options.secretRecoveryPhrase in a clearly labeled 'withKeyringV2Unsafe' handler that passes mnemonic+seed into an externally provided operation callback. Additionally, SnapController:getSnapFile forwards caller-controlled path/encoding to getSnapFile(auxiliaryFiles, ...)—which could enable unintended file access depending on that helper’s validation. No clear malicious exfiltration or obfuscation is visible in this snippet alone.

Confidence: 0.62

Severity: 0.58

From: ?npm/@metamask/snaps-jest@10.2.0npm/@metamask/snaps-simulation@4.3.0

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@metamask/snaps-simulation@4.3.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Ignoring alerts on:

  • @ethersproject/web@5.8.0
  • @metamask/snaps-controllers@21.0.0
  • ses@2.2.0

View full report

@hmalik88

Copy link
Copy Markdown
Contributor Author

@SocketSecurity ignore npm/@metamask/snaps-controllers@21.0.0

@hmalik88

Copy link
Copy Markdown
Contributor Author

@SocketSecurity ignore npm/ses@2.2.0

@hmalik88

Copy link
Copy Markdown
Contributor Author

@SocketSecurity ignore npm/@ethersproject/web@5.8.0

@hmalik88
hmalik88 marked this pull request as ready for review July 13, 2026 08:36
@hmalik88
hmalik88 requested a review from a team as a code owner July 13, 2026 08:36

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 2 potential issues.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 54d5d1f. Configure here.

Comment thread packages/snap/src/handlers/KeyringHandler.ts Outdated
Comment thread packages/snap/src/handlers/KeyringHandler.ts Outdated
Comment thread packages/snap/integration-test/keyring-request.test.ts
Comment thread packages/snap/integration-test/keyring.test.ts Outdated
Comment thread packages/snap/integration-test/keyring.test.ts Outdated
writeFileSync(
join(__dirname, '../locales/en.json'),
JSON.stringify(englishLocale, null, 2),
`${JSON.stringify(englishLocale, null, 2)}\n`,

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why this change?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI seemed to been have failing on it

Comment thread packages/snap/tsconfig.json
Comment thread packages/snap/src/handlers/KeyringHandler.ts Outdated
Comment thread packages/snap/src/handlers/KeyringHandler.ts Outdated
Comment thread packages/snap/src/handlers/KeyringHandler.ts Outdated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants