Skip to content

Comments

fix: Require any interface permission to use RPC methods#3864

Merged
FrederikBolding merged 3 commits intomainfrom
fb/gate-interface-methods
Feb 20, 2026
Merged

fix: Require any interface permission to use RPC methods#3864
FrederikBolding merged 3 commits intomainfrom
fb/gate-interface-methods

Conversation

@FrederikBolding
Copy link
Member

@FrederikBolding FrederikBolding commented Feb 19, 2026
edited by cursor bot
Loading

Require Snaps to have at least one of the permissions required to display UI before allowing use of RPC methods.

https://consensyssoftware.atlassian.net/browse/WPC-500

Note

Medium Risk
Changes authorization behavior for multiple RPC entrypoints; risk is mainly compatibility/behavioral (previously-allowed calls now fail) and depends on correct hasPermission wiring and the UI_PERMISSIONS list.

Overview
Interface-management RPC methods now require the caller Snap to have at least one UI-capability permission before executing: snap_createInterface, snap_updateInterface, snap_getInterfaceState, snap_getInterfaceContext, and snap_resolveInterface short-circuit with providerErrors.unauthorized when UI_PERMISSIONS checks fail.

This introduces a shared UI_PERMISSIONS constant in utils.ts, wires a new hasPermission hook into each handler, and updates/expands Jest coverage to assert the unauthorized error behavior (plus minor coverage threshold adjustments).

Written by Cursor Bugbot for commit ebc981a. This will update automatically on new commits. Configure here.

@FrederikBolding FrederikBolding requested a review from a team as a code owner February 19, 2026 15:54
FrederikBolding
FrederikBolding commented Feb 19, 2026
View reviewed changes
@codecov
Copy link

codecov bot commented Feb 19, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.58%. Comparing base (225bb57) to head (ebc981a).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3864   +/-   ##
=======================================
  Coverage   98.58%   98.58%           
=======================================
  Files         428      428           
  Lines       12372    12389   +17     
  Branches     1922     1927    +5     
=======================================
+ Hits        12197    12214   +17     
  Misses        175      175

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@FrederikBolding FrederikBolding added this pull request to the merge queue Feb 19, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 19, 2026
@FrederikBolding FrederikBolding added this pull request to the merge queue Feb 20, 2026
Merged via the queue into main with commit 4bff8c7 Feb 20, 2026
247 of 249 checks passed
@FrederikBolding FrederikBolding deleted the fb/gate-interface-methods branch February 20, 2026 08:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mrtenz Mrtenz Mrtenz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@FrederikBolding @Mrtenz