docs: TrUAPI host permission requirements matrix#209
Open
filvecchiato wants to merge 1 commit into
Open
Conversation
pgherveou
reviewed
Jun 11, 2026
pgherveou
left a comment
pgherveou
left a comment
Collaborator
There was a problem hiding this comment.
not sure the audit files belong here.
they should probably be issues in the related repo instead.
We should think of a way to automate this.
e2e tests should validate that permission gated methods show the permission modal on top of checking the results
|
|
||
| | Method | Prompt trigger | Error on denial | | ||
| |--------|---------------|-----------------| | ||
| | `host_get_user_id` | Always — user approves revealing their primary DotNS name to the product | `PermissionDenied` | |
Collaborator
Author
There was a problem hiding this comment.
I recall a conversation where this was marked as a fairly important permission and should be always asked, not once and perpetuated in time.
Comment on lines
+6
to
+15
|
|
||
| | Method | Spec requires | Dotli does | Severity | | ||
| |--------|--------------|------------|----------| | ||
| | `host_sign_raw` | ChainSubmit permission + signing modal | Shows signing modal but **skips ChainSubmit permission check** (inconsistent with `host_sign_payload` which checks it) | High | | ||
| | `host_sign_raw_with_legacy_account` | ChainSubmit permission + signing modal | Shows signing modal but **skips ChainSubmit permission check** (inconsistent with `host_sign_payload_with_legacy_account`) | High | | ||
| | `host_get_legacy_accounts` | Return empty array | Returns session's `remoteAccount.accountId` + `liteUsername` when authenticated — **leaks identity** | High | | ||
| | `remote_chain_transaction_stop` | `RemotePermission::ChainSubmit` check | Relayed by broker **without ChainSubmit permission check** | Medium | | ||
| | `host_navigate_to` | `DevicePermission::OpenUrl` prompt | Auto-granted, no prompt | Medium | | ||
| | `host_push_notification` | `DevicePermission::Notifications` check | **No permission check** in handler | Medium | | ||
| | `host_push_notification_cancel` | `DevicePermission::Notifications` check (same grant) | **No permission check** in handler | Low | |
Collaborator
There was a problem hiding this comment.
We should move that to issue tickets.
Ideally this can be fully tested with playwright cc @valentinfernandez1 who worked on this
Collaborator
Author
|
Host-specific permission compliance issues filed:
|
filvecchiato
force-pushed
the
docs/permission-requirements
branch
3 times, most recently
from
35f5836 to
8b33234
Compare
Add docs/host-permission-requirements.md covering every TrUAPI method with its authentication, prompt, and permission requirements across four tiers. Add per-host compliance audits (dotli, polkadot-desktop, android, iOS) and a cross-host recap matrix comparing permission enforcement.
filvecchiato
force-pushed
the
docs/permission-requirements
branch
from
8b33234 to
d520726
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
docs/host-permission-requirements.md— a comprehensive reference listing every TrUAPI method with its authentication and permission requirementsAddresses paritytech/sdk-team#27.
Test plan