docs: update documentation

README.md

@@ -1,78 +1,57 @@
-# @metamask/template-snap-monorepo
+# @xmtp/snap
 
-This repository demonstrates how to develop a snap with TypeScript. For detailed instructions, see [the MetaMask documentation](https://docs.metamask.io/guide/snaps.html#serving-a-snap-to-your-local-environment).
+This repository contains the XMTP Snap, released via NPM here, as well as a small webapp to demo the functionality. It was generated using the [template-snap repository](https://github.com/MetaMask/template-snap-monorepo/generate)
 
-MetaMask Snaps is a system that allows anyone to safely expand the capabilities of MetaMask. A _snap_ is a program that we run in an isolated environment that can customize the wallet experience.
+## Architecture
 
-## Snaps is pre-release software
+The XMTP Snap is an implementation of the Keystore API, a defined interface for XMTP clients to interact with a Keystore holding XMTP key material.
 
-To interact with (your) Snaps, you will need to install [MetaMask Flask](https://metamask.io/flask/), a canary distribution for developers that provides access to upcoming features.
+### RPC Code Generation
 
-## Getting Started
-
-Clone the template-snap repository [using this template](https://github.com/MetaMask/template-snap-monorepo/generate) and setup the development environment:
-
-```shell
-yarn install && yarn start
-```
-
-## Cloning
+The Keystore API is defined in Protobuf, but Snaps are required to communicate via JSON-RPC. To allow clients to communicate with the Snap Keystore, all request protos are serialized and base64 encoded. In the snap, requests are base64 decoded and deserialized and then responses are once again serialized and base64 encoded.
 
-This repository contains GitHub Actions that you may find useful, see `.github/workflows` and [Releasing & Publishing](https://github.com/MetaMask/template-snap-monorepo/edit/main/README.md#releasing--publishing) below for more information.
+This is done automatically, using [RPC definitions defined in `xmtp-js`](https://github.com/xmtp/xmtp-js/blob/snap/src/keystore/rpcDefinitions.ts) that define expected request and response types for each method.
 
-If you clone or create this repository outside the MetaMask GitHub organization, you probably want to run `./scripts/cleanup.sh` to remove some files that will not work properly outside the MetaMask GitHub organization.
+### Authentication
 
-Note that the `action-publish-release.yml` workflow contains a step that publishes the frontend of this snap (contained in the `public/` directory) to GitHub pages. If you do not want to publish the frontend to GitHub pages, simply remove the step named "Publish to GitHub Pages" in that workflow.
+Two methods in the Snap allow unauthenticated access. `initKeystore` and `getKeystoreStatus`.
 
-If you don't wish to use any of the existing GitHub actions in this repository, simply delete the `.github/workflows` directory.
+`initKeystore` takes an XMTP `PrivateKeyBundle` as an argument and saves it in the Snaps storage. Upon successful validation and storage of the XMTP keys, the origin that called `initKeystore` is authorized to make calls to restricted Keystore methods for 30 days.
 
-## Contributing
+`getKeystoreStatus` allows the caller to check if keys are present in the Snap storage for a given wallet address/environment combination. Clients are expected to call this method at the beginning of a session to see if they need to call generate/load the keys themselves and call `initKeystore` or simply proceed using the already stored keys.
 
-### Testing and Linting
-
-Run `yarn test` to run the tests once.
+All other RPC methods require authorization. A successful call to `initKeystore` automatically authorizes the current origin to use the provided keys for 30 days. For calls from other origins, or calls > 30 days after the last authorization, the user will need to approve a confirmation modal in Metamask to authorize that domain for the next 30 days. Clients should throw an error if authorization is rejected and apps are expected to handle that error.
 
-Run `yarn lint` to run the linter, or run `yarn lint:fix` to run the linter and fix any automatically fixable issues.
-
-### Releasing & Publishing
+### Storage
 
-The project follows the same release process as the other libraries in the MetaMask organization. The GitHub Actions [`action-create-release-pr`](https://github.com/MetaMask/action-create-release-pr) and [`action-publish-release`](https://github.com/MetaMask/action-publish-release) are used to automate the release process; see those repositories for more information about how they work.
+The built-in Snap storage is used for three tasks:
 
-1. Choose a release version.
+1. Storing authorization status for each origin/wallet address/env combination that has used the Snap
+2. Storing the `PrivateKeyBundle` for a given wallet address and env.
+3. Storing the conversation keys for a given wallet address and env.
 
-- The release version should be chosen according to SemVer. Analyze the changes to see whether they include any breaking changes, new features, or deprecations, then choose the appropriate SemVer version. See [the SemVer specification](https://semver.org/) for more information.
+Both `2` and `3` are highly sensitive material. At no time should these materials be accessible outside the Snap (via RPCs, console.log, or any other mechanism). It should not be possible to manipulate the values in `1` outside of the mechanisms described in [Authentication](#authentication).
 
-2. If this release is backporting changes onto a previous release, then ensure there is a major version branch for that version (e.g. `1.x` for a `v1` backport release).
-
-- The major version branch should be set to the most recent release with that major version. For example, when backporting a `v1.0.2` release, you'd want to ensure there was a `1.x` branch that was set to the `v1.0.1` tag.
-
-3. Trigger the [`workflow_dispatch`](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#workflow_dispatch) event [manually](https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow) for the `Create Release Pull Request` action to create the release PR.
-
-- For a backport release, the base branch should be the major version branch that you ensured existed in step 2. For a normal release, the base branch should be the main branch for that repository (which should be the default value).
-- This should trigger the [`action-create-release-pr`](https://github.com/MetaMask/action-create-release-pr) workflow to create the release PR.
-
-4. Update the changelog to move each change entry into the appropriate change category ([See here](https://keepachangelog.com/en/1.0.0/#types) for the full list of change categories, and the correct ordering), and edit them to be more easily understood by users of the package.
+## Getting Started
 
-- Generally any changes that don't affect consumers of the package (e.g. lockfile changes or development environment changes) are omitted. Exceptions may be made for changes that might be of interest despite not having an effect upon the published package (e.g. major test improvements, security improvements, improved documentation, etc.).
-- Try to explain each change in terms that users of the package would understand (e.g. avoid referencing internal variables/concepts).
-- Consolidate related changes into one change entry if it makes it easier to explain.
-- Run `yarn auto-changelog validate --rc` to check that the changelog is correctly formatted.
+You can start both the snap and the example site by running:
 
-5. Review and QA the release.
+```shell
+npm install
+npm start
+```
 
-- If changes are made to the base branch, the release branch will need to be updated with these changes and review/QA will need to restart again. As such, it's probably best to avoid merging other PRs into the base branch while review is underway.
+### Testing and Linting
 
-6. Squash & Merge the release.
+Run `yarn test` to run the tests once.
 
-- This should trigger the [`action-publish-release`](https://github.com/MetaMask/action-publish-release) workflow to tag the final release commit and publish the release on GitHub.
+Run `yarn lint` to run the linter, or run `yarn lint:fix` to run the linter and fix any automatically fixable issues.
 
-7. Publish the release on npm.
+### Releasing & Publishing
 
-- Be very careful to use a clean local environment to publish the release, and follow exactly the same steps used during CI.
-- Use `npm publish --dry-run` to examine the release contents to ensure the correct files are included. Compare to previous releases if necessary (e.g. using `https://unpkg.com/browse/[package name]@[package version]/`).
-- Once you are confident the release contents are correct, publish the release using `npm publish`.
+This project uses [semantic-release](https://semantic-release.gitbook.io/semantic-release/v/beta/) to publish new versions of the Snap. For changes that modify the Snap itself (not the website), follow the [Angular Commit Conventions](https://github.com/angular/angular/blob/main/CONTRIBUTING.md#-commit-message-format) in your commits.
 
 ## Notes
 
-- Babel is used for transpiling TypeScript to JavaScript, so when building with the CLI,
-  `transpilationMode` must be set to `localOnly` (default) or `localAndDeps`.
+- Babel is used for transpiling TypeScript to JavaScript. hen building with the CLI,
+  `transpilationMode` must be set to `localAndDeps` to include `xmtp-js` in the transpilation, which is required for the Snap to build properly.

packages/snap/README.md

@@ -1,8 +1,3 @@
-# TypeScript Example Snap
+# @xmtp/snap
 
-This Snap demonstrates how to develop a Snap with TypeScript.
-
-## Notes
-
-- Babel is used for transpiling TypeScript to JavaScript, so when building with the CLI,
-  `transpilationMode` must be set to `localOnly` (default) or `localAndDeps`.
+This package is an implementation of the XMTP Keystore specification, meant to be used as a Metamask Snap RPC handler

packages/snap/snap.manifest.json

@@ -7,7 +7,7 @@
     "url": "https://github.com/xmtp/snap.git"
   },
   "source": {
-    "shasum": "f2ZHeR8TmLSrAj/+iCj222wNOZEMzTB5BEzQUC3bTbE=",
+    "shasum": "b5JxstM+SUDmu8WPTXRfDaXA5QZx9BNW2fQX/GC17/g=",
     "location": {
       "npm": {
         "filePath": "dist/bundle.js",

packages/snap/src/config.ts

@@ -1 +1,5 @@
 export const AUTHORIZATION_EXPIRY_MS = 1000 * 60 * 60 * 24 * 30; // 30 days
+
+export const GET_KEYSTORE_STATUS_METHOD = 'getKeystoreStatus';
+
+export const INIT_KEYSTORE_METHOD = 'initKeystore';

packages/snap/src/handlers.ts

@@ -144,7 +144,6 @@ export async function getKeystoreStatus(
       } catch (e) {
         // Only swallow KeyNotFoundError and turn into a negative response
         if (!(e instanceof KeyNotFoundError)) {
-          console.error(e);
           throw e;
         }
         return {

packages/snap/src/index.ts

@@ -6,6 +6,7 @@ import { heading, panel, text } from '@metamask/snaps-ui';
 import { getHandler, isSnapRequest, prettyWalletAddress } from './utils';
 import { initKeystore, getKeystoreStatus } from './handlers';
 import authorizer from './authorizer';
+import { GET_KEYSTORE_STATUS_METHOD, INIT_KEYSTORE_METHOD } from './config';
 
 export type SnapMeta = {
   walletAddress: string;
@@ -26,12 +27,12 @@ export const onRpcRequest: OnRpcRequestHandler = async ({
   const { meta } = params;
 
   // Unauthenticated methods:
-  if (method === 'getKeystoreStatus') {
+  if (method === GET_KEYSTORE_STATUS_METHOD) {
     return getKeystoreStatus(params);
   }
 
   // Authenticated methods below
-  if (method === 'initKeystore') {
+  if (method === INIT_KEYSTORE_METHOD) {
     // initKeystore will check to ensure that the bundle matches the wallet address provided above
     const res = await initKeystore(params);
     // If the user has uploaded a valid bundle, authorize for the origin.