feat: Add Multichain API support

[FrederikBolding]

Adds support for using the multichain API in Snaps. This is accomplished by setting up a separate provider and substream called metamask-multichain-provider. When snap.request is called with a multichain request, this provider and substream is used. The clients will need to route to the proper JSON-RPC pipeline based on the substream and verify that the Snap has the proper permission.

Additionally this PR adds a example Snap for usage of this API, that can leverage Ethereum and Solana APIs at once. It also adds limited simulation support for the multichain API. The simulation framework implements a basic version of the multichain API where sessions are tracked and requests are routed to supported EVM providers. There are no underlying providers for non-EVM request, but they can be mocked.

Note: TBD if we hold off merging this until some bugs are squashed on extension that prevent non-EVM multichain API requests

---

Note

Enables Multichain API usage in Snaps, adds endowment/SDK types, routes multichain calls over a dedicated substream, and provides simulation and example Snap support.

• Execution env: Add metamask-multichain-provider substream and SnapProvider; route wallet_* multichain requests via isMultichainRequest.
• Permissions/SDK: Introduce endowment:multichain-provider; add SDK types and method mappings for wallet_createSession, wallet_getSession, wallet_invokeMethod, wallet_revokeSession.
• Simulation: Add multichain middleware (create/get/revoke session, invoke), CAIP‑25 integration, scoped chain handling, EVM provider routing, and tests; update defaults and dependencies.
• Example & UI: New @metamask/multichain-provider-example-snap (EVM/Solana modules) with tests; add Test Snaps UI to exercise session, accounts, chain ID, signatures, and genesis hash.
• Minor coverage/threshold tweaks and lockfile updates.

^{Written by Cursor Bugbot for commit 8f299d3. This will update automatically on new commits. Configure here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​metamask/​chain-agnostic-permission@​1.4.0

View full report

[codecov]

Codecov Report

❌ Patch coverage is 98.93617% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 98.34%. Comparing base (b522af5) to head (8f299d3).

Files with missing lines	Patch %	Lines
...s/snaps-execution-environments/src/common/utils.ts	33.33%	2 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff            @@
##             main    #3759    +/-   ##
========================================
  Coverage   98.33%   98.34%            
========================================
  Files         422      430     +8     
  Lines       12082    12250   +168     
  Branches     1876     1904    +28     
========================================
+ Hits        11881    12047   +166     
- Misses        201      203     +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Mrtenz]

Maybe add a test to make sure it throws "method not supported" for Solana.

[FrederikBolding]

The trouble with testing the Solana behavior during signMessage and signTypedData is that snaps-jest doesn't populate the accounts for Solana in the multichain session. So we don't even get to the point where it would throw the proper error 🤔

[FrederikBolding]

I guess this may be breaking, but it makes a lot more sense for this to return the address of the default account in the simulation IMO

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.