feat: Store metadata when revoking a permission #228
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… feat/store-metadata-when-revoking-permission
4 tasks
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
jeffsmale90
reviewed
Dec 19, 2025
Contributor
jeffsmale90
left a comment
jeffsmale90
left a comment
There was a problem hiding this comment.
A couple of general comments, and, I think a more architectural concern:
I think we should remove isRevoked from the stored permission, and use the existence of revocationMetadata to determine whether the permission is revoked to help improve data integrity.
packages/gator-permissions-snap/src/clients/blockchainMetadataClient.ts
Outdated
Show resolved
Hide resolved
packages/gator-permissions-snap/src/clients/blockchainMetadataClient.ts
Outdated
Show resolved
Hide resolved
packages/gator-permissions-snap/src/clients/blockchainMetadataClient.ts
Outdated
Show resolved
Hide resolved
packages/gator-permissions-snap/src/clients/blockchainMetadataClient.ts
Outdated
Show resolved
Hide resolved
packages/gator-permissions-snap/src/clients/blockchainMetadataClient.ts
Outdated
Show resolved
Hide resolved
packages/gator-permissions-snap/src/clients/blockchainMetadataClient.ts
Outdated
Show resolved
Hide resolved
mj-kiwi
reviewed
Jan 5, 2026
mj-kiwi
reviewed
Jan 5, 2026
… make txHash property optional on RevocationMetadata type
…ationMetadata to handle legacy data that was created before revocationMetadata was introduced
…egation disable and transaction receipt functions checks to BlockchainMetadataClient class
Closed
7 tasks
jeffsmale90
reviewed
Jan 9, 2026
packages/gator-permissions-snap/src/clients/blockchainMetadataClient.ts
Outdated
Show resolved
Hide resolved
…etadata optional. Infer TransactionReceipt type from zTransactionReceipt
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
- remove isRevoked from stored permission schema, rely on the existence of revocation metadata - parse legacy stored permission, inferring metadata - add recordedAt timestamp to revocation metadata
jeffsmale90
force-pushed
the
feat/store-metadata-when-revoking-permission
branch
from
acdfdfd to
9e481b1
Compare
jeffsmale90
force-pushed
the
feat/store-metadata-when-revoking-permission
branch
from
9e481b1 to
c42eb7b
Compare
- Use current timestamp for revocationMetadata recordedAt fields for permissions marked with legacy isRevoked - removed an errant isRevoked: false that was included on a new permission object
jeffsmale90
force-pushed
the
feat/store-metadata-when-revoking-permission
branch
from
91442fd to
4d2e396
Compare
packages/gator-permissions-snap/src/clients/blockchainClient.ts
Outdated
Show resolved
Hide resolved
github-merge-queue bot
pushed a commit
to MetaMask/core
that referenced
this pull request
Jan 21, 2026
…provider snap (#7503) ## Explanation This PR extends the `GatorPermissionsController` to pass the hash of the transaction that revoked a permission (if available). ## References Requires(gator snap): [feat: Store metadata when revoking a permission](MetaMask/snap-7715-permissions#228) Required by(MM client): [chore: Bump @metamask/gator-permissions-controller to 0.9.0](MetaMask/metamask-extension#39076) ## Checklist - [x] I've updated the test suite for new or updated code as appropriate - [x] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [x] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/contributing.md#updating-changelogs) - [x] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Introduces tx-aware revocations and related type/state updates. > > - **BREAKING:** `submitRevocation` now sends `txHash` via `RevocationParams`; stored permissions may include `revocationMetadata` (exported types updated) in `types.ts` and `index.ts` > - GatorPermissionsController: listens for `TransactionStatus`, skips submit on non-confirmed/failed, passes confirmed `hash` to `permissionsProvider_submitRevocation`, always refreshes permissions after terminal states > - Tests expanded to cover confirmed/failed paths and metadata propagation; minor typing/utility refinements in `decodePermission/utils` (explicit return types, generics) > - Changelog updated; bumps `@metamask/transaction-controller` > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 7183271. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Jeff Smale <[email protected]>
MoMannn
previously approved these changes
Jan 21, 2026
MoMannn
previously approved these changes
Jan 21, 2026
MoMannn
previously approved these changes
Jan 21, 2026
jeffsmale90
force-pushed
the
feat/store-metadata-when-revoking-permission
branch
from
b48ffe5 to
ca86387
Compare
V00D00-child
commented
Jan 21, 2026
Member
Author
V00D00-child
left a comment
V00D00-child
left a comment
There was a problem hiding this comment.
LGTM. I can't approve since I opened the PR
McOso
approved these changes
Jan 21, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Previously, during permission revocation submission, we store a
booleanrevoked flag to track the permission revocation status in profile sync.This PR replaces this flag with
revocationMetadata, including the txHash of the transaction that set the delegation as revoked (if available), and the timestamp (in seconds) at which the permission was marked as revoked in the database (which may be different from the time that it was revoked onchain).References
Required by(Core): Attach metadata when submitting a revocation to the permission provider snap
Pre-merge author checklist
Pre-merge reviewer checklist
Note
Introduces structured revocation tracking and on-chain verification, and decouples blockchain queries into a dedicated client.
isRevokedwithrevocationMetadata(txHash?,recordedAt) in profile sync; adds legacy parsing for oldisRevoked; updates filters to infer revoked via presence ofrevocationMetadata; renamesupdatePermissionRevocationStatustomarkPermissionRevoked.BlockchainClient: Centralizes on-chain checks, includingdisabledDelegations(bytes32)andeth_getTransactionReceiptwith retry logic; moves delegation check out ofBlockchainTokenMetadataClient.submitRevocationnow accepts optionaltxHash, verifies delegation is disabled and (if provided) receiptstatusis success before persistingrevocationMetadata.TransactionReceiptzod schema and validators; extends revocation params to include optionaltxHash.BlockchainClientintoindex.tsandrpcHandler; adds/updates comprehensive unit tests for new flows and error handling.Written by Cursor Bugbot for commit ca86387. This will update automatically on new commits. Configure here.