release: 13.35.1#43535
Draft
metamaskbot wants to merge 112 commits into
Draft
Conversation
## **Description** This PR adds fix for page routing after user completes onboarding of hardware wallet. ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: Fix routing after hardware wallet onboarding ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/MUL-1840 ## **Manual testing steps** 1. onboard 2. click accounts list 3. click add wallet 4. click on connect hardware wallet 5. pair any hardware wallet 6. make sure that after clicking unlock, user is routed to the home page ## **Screenshots/Recordings** ### **Before** Under some circumstances user would be routed to the hardware wallet onboarding page after successful hardware wallet onboarding, instead of being routed to the home page. I couldn't reproduce the issue in the same way as the reporter. Changes made will ensure that user is always routed to the home page (default route). For more information see [ticket](https://consensyssoftware.atlassian.net/browse/MUL-1840). ### **After** ***Onboarding flow*** https://github.com/user-attachments/assets/f4eef531-f062-4159-b49f-dc8c06171db8 ***Cancel flow*** https://github.com/user-attachments/assets/d9ecf537-1120-4c82-a244-36975cf3a444 ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > UI-only routing and local state on the hardware connect page; no auth, key material, or backend changes. > > **Overview** > Fixes **post-onboarding navigation** on the connect-hardware flow so users land on the **home page** (`DEFAULT_ROUTE`, `/`) after a successful unlock, instead of using `getMostRecentOverviewPage`, which could send them back to the hardware onboarding route. > > **Cancel** on the account list no longer navigates away: it **clears local state** (selection, accounts, device, in-flight fetch id) so the UI returns to **device selection** on the same route. > > Tests drop the history mock and assert navigation to `/` plus cancel returning to the hardware wallets picker. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit c2fdecc. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
…om Assets Page (#42962) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** - Moves Tokens-tab helpers from `HomePage` to `AssetListPage` so page objects match the UI boundary (overview + tab bar vs. content below the horizontal tabs). - Adds `checkExpectedTokenBalanceIsDisplayed` and `refreshErc20TokenList` on `AssetListPage`, reusing existing token-list selectors (`tokenAmountValue`, `tokenOptionsButton`). - Removes duplicated ERC-20 refresh selectors and `refreshErc20TokenList` from `HomePage`. - Updates nine E2E specs to call `AssetListPage` for token-list balance checks and list refresh instead of `HomePage`. ## **Changelog** CHANGELOG entry: null ## **Related issues** Fixes: [MMQA-1843](https://consensyssoftware.atlassian.net/browse/MMQA-1843) ## **Manual testing steps** 1. Build the test extension: `yarn build:test` 2. Run a representative updated spec: `yarn test:e2e:single test/e2e/tests/account/snap-account-transfers.spec.ts --browser=chrome` 3. Run privacy specs that use `refreshErc20TokenList`: `yarn test:e2e:single test/e2e/tests/privacy/basic-functionality.spec.ts --browser=chrome` 4. Confirm token balance assertions still pass on the Tokens tab (hardware wallet ERC-20 specs are another good spot check). ## **Screenshots/Recordings** <!-- ## **Screenshots/Recordings** ### **Before** ### **After** --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I've included tests if applicable - [ ] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. [MMQA-1843]: https://consensyssoftware.atlassian.net/browse/MMQA-1843?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Test-only page-object refactor with no production code changes; behavior should be equivalent aside from clearer ownership of selectors. > > **Overview** > This PR **relocates Tokens-tab E2E helpers** from `HomePage` to `AssetListPage` so page objects match the UI split (overview/tabs vs. token list content). > > **`AssetListPage`** gains `checkExpectedTokenBalanceIsDisplayed` (expands low-value assets, then asserts `multichain-token-list-item-value`) and `refreshErc20TokenList` (asset list control bar → `refreshList`), using existing `tokenOptionsButton` / `refreshList` selectors. > > **`HomePage`** drops the ERC-20 refresh selectors and `refreshErc20TokenList`; specs that refreshed or asserted list-row balances now instantiate **`AssetListPage`** instead (snap transfers, Ledger/Trezor ERC-20, account-syncing, privacy onboarding, Solana/Tron send). > > Overview-level checks (e.g. `checkExpectedBalanceIsDisplayed`) stay on `HomePage` where the diff still uses it. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 4f0bc05. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> This PR enables `Telegram` login for the UAT builds. ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: ## **Manual testing steps** 1. Download the builds from this PR. Install to Chrome/Firefox 2. Select Telegram login option during the onboarding. 3. User should be able to create/rehydrate the wallet and successfully log in. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes authentication surface area for UAT while explicitly gating prod/RC off; misconfiguration could expose Telegram login where it should stay disabled. > > **Overview** > Turns on **Telegram login** for non-production builds by defaulting `TELEGRAM_LOGIN_ENABLED` to `'true'` in `builds.yml`, while the build script **forces it off** for production and release-candidate builds so store/release artifacts cannot ship with Telegram login even if the YAML says otherwise. > > `set-environment-variables.js` adds a shared `isProductionOrReleaseCandidateBuild` helper (also used for OAuth client ID resolution) and wires `TELEGRAM_LOGIN_ENABLED` through that gate. Tests cover prod/RC override vs preserving the flag on testing builds. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 9cd8e4b. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
…-13.34.0 (#43056) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> This PR fixes the build issue where `TELEGRAM_CLIENT_ID` is loaded in the build script even when the `TELEGRAM_LOGIN` is disabled. ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Build-time env gating only; no runtime auth or user-data path changes beyond omitting Telegram client ID when the feature is off. > > **Overview** > Fixes a build-time mismatch where **`TELEGRAM_CLIENT_ID`** could still be resolved when Telegram social login was off. > > **`set-environment-variables.js`** now derives **`TELEGRAM_LOGIN_ENABLED`** once (forced **`false`** on production / release-candidate builds, otherwise from config) and only calls **`getOAuthClientId`** for Telegram when seedless onboarding is on **and** that flag is **`true`**. The same value is written into the build env instead of duplicating the prod/rc override inline. > > **`builds.yml`** changes the default **`TELEGRAM_LOGIN_ENABLED`** from **`true`** to **`false`**, so Telegram OAuth IDs are not pulled unless explicitly enabled. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit bc82eef. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
#42852) ## **Description** This is the first batch of migrated methods from `MetamaskController` to `LegacyBackgroundApiService` that were used in `getApi()`. This preserves `getApi()` while we migrate everything. ## **Changelog** CHANGELOG entry: null ## **Related issues** Progresses: https://consensyssoftware.atlassian.net/browse/WPC-957 ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Touches vault seed phrase export, account import/removal, reset-account transaction wipes, and seedless private-key backup paths; behavior is intended to be preserved but regressions would affect core wallet flows. > > **Overview** > This PR moves the first batch of background APIs out of **`MetaMaskController`** into **`LegacyBackgroundApiService`**, while **`getApi()`** still exposes the same surface by binding those entries to **`controllerMessenger.call('LegacyBackgroundApiService:…')`** instead of controller methods. > > **`LegacyBackgroundApiService`** now implements account/keyring-adjacent behavior (e.g. **`getSeedPhrase`**, **`resetAccount`**, **`removeAccount`**, **`importAccountWithStrategy`**, password-forgotten flags, **`getCode`**, assets-unify gating, tab ID helpers) and delegates to other controllers via an expanded messenger allowlist. Init passes **`infuraProjectId`**, tab maps, **`sendUpdate`**, and **`seedlessOperationMutex`** into the service. > > **`getSnapKeyring`** is extracted to **`app/scripts/lib/snap-keyring/utils/getSnapKeyring`** (messenger-based) and replaces the removed **`MetaMaskController.getSnapKeyring`**. BIP-39 wordlist index conversion moves to **`convertEnglishWordlistIndicesToCodepoints`** in **`util`**. > > Tests shift from **`MetaMaskController`** direct calls to the service/util modules; UI store action tests stub **`background.getApi()`**. **`@metamask/seedless-onboarding-controller`** bumps to **^9.1.0**. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit b818b06. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Frederik Bolding <frederik.bolding@gmail.com>
## **Description** `getValidUrl`, `isWebUrl`, `addUrlProtocolPrefix`, `isValidEmail`, and `isWebOrigin` are pure utilities defined in `app/scripts/lib/util.ts` but consumed by both UI and background. UI imports them with `// eslint-disable-next-line import-x/no-restricted-paths`. This PR moves them into `shared/lib/url-utils.ts`. `app/scripts/lib/util.ts` re-exports them so background callers stay unaffected. UI imports now point at shared and the eslint suppressions (plus stale TODO comments) are removed. No behavior change — pure refactor. ## **Changelog** CHANGELOG entry: null ## **Related issues** Fixes: N/A ## **Manual testing steps** None — pure refactor. CI lint + type-check covers correctness. 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Pure refactor with re-exports preserving background imports; no logic changes to validation or security-sensitive flows. > > **Overview** > Moves **pure URL/email helpers** (`getValidUrl`, `isWebUrl`, `addUrlProtocolPrefix`, `isValidEmail`, `isWebOrigin`) out of `app/scripts/lib/util.ts` into new **`shared/lib/url-utils.ts`**, so UI and background can share them without crossing the restricted `app/scripts` import boundary. > > `util.ts` **re-exports** those symbols for existing background callers. UI files that previously imported from `app/scripts/lib/util` (with `import-x/no-restricted-paths` suppressions) now import from **`shared/lib/url-utils`** instead—NFT views, network RPC/explorer modals, onboarding IPFS, privacy settings, native token symbol hook, and Shield claims email validation. > > **No runtime behavior change**; logic is relocated unchanged and the `url` dependency usage stays in the shared module. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 8ce3b97. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
## **Description** Passkey unlock and enrollment are unreliable on mobile browsers (e.g. Kiwi, Yandex) where WebAuthn support is inconsistent or the UX is poor. This PR disables the passkey feature on mobile devices and improves observability for passkey failures on desktop. **What changed:** 1. **Mobile gating** — `getIsPasskeyFeatureAvailable` now returns `false` when `getDeviceType()` is `DEVICE_TYPE.MOBILE`. That hides passkey UI everywhere the selector is used: unlock, onboarding setup, settings enrollment/turn-off, and change-password passkey verification. 2. **Sentry error capture** — Passkey failures that were previously logged with `log.error` are now reported to Sentry via `captureException` + `createSentryError`, with contextual metadata (error code, duration, verification method, step). User-cancelled ceremonies (`isPasskeyCeremonySilentError`) are still excluded. 3. **Tests** — Added a mobile case to `passkey.test.ts` and mocked Sentry in affected component tests. ## **Changelog** CHANGELOG entry: Disabled passkey unlock and setup on mobile browsers where the experience is unreliable. ## **Related issues** Fixes: ## **Manual testing steps** ### Desktop (passkey should still work) 1. Build with passkey enabled (`PASSKEY=1` or equivalent in `.metamaskrc`). 2. **Unlock:** Open the extension on desktop Chrome. Confirm the passkey unlock option appears when a passkey is registered. 3. **Onboarding:** Start a new wallet flow. Confirm the passkey setup step is offered when eligible. 4. **Settings:** Go to Settings → Security & Password. Confirm passkey enrollment and turn-off flows are available. 5. **Change password:** With passkey registered, change password and confirm passkey verification works. ### Mobile browser (passkey should be hidden) 6. Open MetaMask in a mobile browser (or emulate mobile UA, e.g. Kiwi/Yandex or Chrome DevTools device mode with a mobile user agent). 7. **Unlock:** Confirm the passkey unlock section is **not** shown; password unlock still works. 8. **Onboarding:** Confirm passkey setup is **not** offered during wallet creation. 9. **Settings:** Confirm passkey settings item / enrollment options are **not** visible. ### Error reporting (optional / dev verification) 10. On desktop, trigger a passkey failure (e.g. cancel after starting ceremony is silent; use an invalid state to force a real error). 11. Confirm non-cancel errors appear in Sentry with the expected context (error code, duration, flow name). ## **Screenshots/Recordings** ### **Before** <!-- Mobile unlock page showing passkey option (unreliable UX) --> ### **After** <!-- Mobile unlock page with passkey hidden; desktop unchanged --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I've included tests if applicable - [ ] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes security UX gating (mobile passkey off) and error reporting on auth-related flows; behavior is mostly additive except hiding passkey on mobile, which is intentional. > > **Overview** > **Passkey is turned off on mobile extension browsers** by extending `getIsPasskeyFeatureAvailable` with `getDeviceType() !== DEVICE_TYPE.MOBILE`, so unlock, onboarding setup, settings enrollment/turn-off, and change-password passkey UI stay hidden where WebAuthn is unreliable (e.g. Kiwi, Yandex). > > **Failure observability on desktop** replaces `log.error` on real passkey errors with **Sentry** (`captureException` + `createSentryError`) across unlock, onboarding enrollment, settings register/turn-off, and change-password flows. User-cancelled ceremonies (`isPasskeyCeremonySilentError`) are still not reported; several handlers now reuse computed `durationMs` / `errorCode` for metrics and Sentry extras. > > **Tests** add a mobile case in `passkey.test.ts` (mocking `getDeviceType`) and mock `captureException` in affected component tests. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit c61fb88. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
## **Description** Adds E2E coverage for the new Perps Withdraw flow through Confirmations. This covers the new confirmation-based withdraw path with: - A happy-path test that opens Withdraw from Perps Home, enters an amount, receives a mocked Relay quote, submits the withdrawal, and verifies the success toast - An insufficient-balance test for the new confirmation UI - A Perps Withdraw confirmation page object - Deterministic Arbitrum USDC, Relay quote/authorize/status, and price mocks for the confirmation flow - `FixtureBuilderV2` support for `TokenRatesController` state ## **Changelog** CHANGELOG entry: null <!-- ## **Related issues** Fixes: --> ## **Manual testing steps** 1. Run `PERPS_ENABLED=true yarn build:test` 2. Run `E2E_ARGS='--grep=submits.a.valid.withdrawal.from.the.confirmation.flow' yarn test:e2e:single test/e2e/tests/perps/perps-withdraw.spec.ts --browser=chrome --debug=false` 3. Run `E2E_ARGS='--grep=blocks.withdrawal.amounts' yarn test:e2e:single test/e2e/tests/perps/perps-withdraw.spec.ts --browser=chrome --debug=false` <!-- ## **Screenshots/Recordings** ### **Before** ### **After** --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [x] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Changes are limited to E2E fixtures, mocks, page objects, and test infrastructure; no production withdraw or confirmation logic is modified in this diff. > > **Overview** > Adds **end-to-end coverage** for Perps withdraw through the **Confirmations** path (enabled via `confirmations_pay_post_quote` / `perpsWithdraw`), alongside existing legacy withdraw tests. > > Introduces a **withdraw confirmation page object**, expands **Perps fixture config** with production-like remote flags (full state in `RemoteFeatureFlagController`, small manifest overrides), **Arbitrum USDC** token/rate seeding, and **Mockttp** handlers for Relay quote/authorize/status and price APIs. **`FixtureBuilderV2`** gains `withRemoteFeatureFlagController` and `withTokenRatesController`. > > Registers **`confirmations_pay_post_quote`** in the E2E feature-flag registry and updates **`privacy-snapshot.json`** with `api.relay.link` and `tx-sentinel-arbitrum-mainnet.api.cx.metamask.io` for the mocked endpoints. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 9f73a8b. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Signed-off-by: dan437 <80175477+dan437@users.noreply.github.com>
## Version Bump After Release This PR bumps the main branch version from 13.34.0 to 13.35.0 after cutting the release branch. ### Why this is needed: - **Nightly builds**: Each nightly build needs to be one minor version ahead of the current release candidate - **Version conflicts**: Prevents conflicts between nightlies and release candidates - **Platform alignment**: Maintains version alignment between MetaMask mobile and extension - **Update systems**: Ensures nightlies are accepted by app stores and browser update systems ### What changed: - Version bumped from `13.34.0` to `13.35.0` - Platform: `extension` - Files updated by `set-semvar-version.sh` script ### Next steps: This PR should be **manually reviewed and merged by the release manager** to maintain proper version flow. ### Related: - Release version: 13.34.0 - Release branch: release/13.34.0 - Platform: extension - Test mode: false --- *This PR was automatically created by the `create-platform-release-pr.sh` script.* Co-authored-by: metamaskbot <metamaskbot@users.noreply.github.com>
This PR is to set up the remote FF for network manager update in homepage ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** NA ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Flag-only change with production default false and no behavioral UI changes in this PR. > > **Overview** > Introduces the remote feature flag **`extensionUxNetworkManagement`** so homepage network-manager UX can be rolled out gradually. The flag is registered for E2E/production-accurate mocking (default **off**), exposed via **`getIsNetworkManagementEnabled`** using the same boolean/version-gated resolution as other extension UX flags, and covered by unit tests. **No UI wiring** appears in this diff—only flag plumbing for follow-up work. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit ac11486. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
…counts` (#43058) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** There's a race condition in the wallet, whenever we update dapp permissions with a newly created account, where an error is thrown if the non-evm accounts are no yet ready I've opened a bug ticket for the wallet side here: #43059 As per the spec, we can stabilize the test by ensuring the nonEVM accounts are loaded before updating the dapp permissions. <img width="587" height="66" alt="image" src="https://github.com/user-attachments/assets/09078ad7-54d4-4214-923e-9512c4742e7e" /> ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: ## **Related issues** Fixes: ## **Manual testing steps** 1. Check ci ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: fix aggregated balance ## **Related issues** Fixes: #43019 ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> https://github.com/user-attachments/assets/d9a822de-9b10-4774-91de-708126092779 ### **After** <!-- [screenshots/recordings] --> https://github.com/user-attachments/assets/b097f8a9-db47-48ec-9937-4a9f8b0c577f ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes balance display rules for testnets, multi-network, and native vs fiat; user-visible wallet UI with moderate regression risk if edge cases are missed. > > **Overview** > Fixes incorrect **aggregated balance** display in `AccountGroupBalance` by changing when the UI shows fiat vs native token amounts. > > **Testnet detection** no longer uses `getMultichainIsTestnet`; it treats a selection as testnet only when **exactly one** enabled network is in `TEST_CHAINS`. **Fiat on testnets** respects `getShowFiatInTestnets` so users can still see dollar totals when that preference is on. > > **Native currency labels** for formatting come from `networkConfigurationsByChainId` on EVM (and multichain network ticker otherwise), removing `useMultichainSelector` / `getMultichainNativeCurrency` for this path. With **multiple networks enabled**, the component **always shows aggregated fiat**, even if `showNativeTokenAsMainBalance` is set. > > Tests were refactored and expanded for single testnet, fiat-on-testnet, mainnet-only, and multi-network cases. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 5da6db8. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
## **Description** Non-watch webpack builds hand control back to the parent process before `compiler.close()` finishes so the filesystem cache can be persisted in the background. This adds a temporary SIGINT/SIGTERM guard during that cache shutdown window so an extra shutdown signal does not terminate webpack mid-write. ## **Changelog** CHANGELOG entry: null <!-- ## **Related issues** Fixes: --> ## **Manual testing steps** Its a race condition that is very difficult to cause intentionally. No repro steps available. <!-- ## **Screenshots/Recordings** ### **Before** ### **After** --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Dev-only webpack build orchestration; no runtime extension, auth, or user data paths. > > **Overview** > Non-watch webpack builds still call **`onComplete()`** before **`compiler.close()`** so the parent can exit while the child finishes persisting a **filesystem** cache. That window could let forwarded **SIGINT** / **SIGTERM** kill the child mid-write. > > The build now installs **`ignoreCacheShutdownSignal`** (noop handlers for those signals) only when **`options.cache.type === 'filesystem'`**, removes them in the **`compiler.close`** callback, and cleans up on sync errors in the same **`try`/`catch`**. Unit tests cover install, silent handling, and teardown. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit ccb89ad. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
## **Description** Fixes webpack filesystem cache warnings when optional rc files are absent. `cache.buildDependencies.config` listed `.metamaskrc` and `.metamaskprodrc` unconditionally, so webpack tried to resolve missing files while storing the pack cache. This updates the webpack config to derive repo-root paths once and only include optional rc files in cache dependencies when they exist. Required cache inputs such as `builds.yml` and `.browserslistrc` remain unconditional. Validation: - `yarn lint:changed:fix` - `yarn test:unit:webpack` - `yarn webpack:tsc` ## **Changelog** CHANGELOG entry: null <!-- ## **Related issues** Fixes: --> <!-- ## **Manual testing steps** 1. --> <!-- ## **Screenshots/Recordings** ### **Before** ### **After** --> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Build-tooling cache dependency logic only; no runtime extension, auth, or data-path changes. > > **Overview** > Fixes webpack filesystem cache warnings when optional repo-root rc files are missing by only listing **`.metamaskrc`** and **`.metamaskprodrc`** in `cache.buildDependencies.config` when `existsSync` finds them. Required inputs (**`builds.yml`**, **`.browserslistrc`**, config file) stay unconditional; repo paths are centralized via a **`root`** helper. > > Unit tests mock optional rc presence and assert cache dependency lists include existing optional files and omit missing ones. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 735dcdc. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
#43057) ## **Description** `TransactionPayController` uses asset state changes to re-parse required tokens for in-flight transactions when token metadata hasn't resolved yet. The subscription logic in `subscribeAssetChanges` branched on the `assetsUnifyState` remote feature flag: when the flag was enabled it subscribed only to `AssetsController:stateChange`, otherwise it subscribed to `TokensController`, `TokenRatesController`, and `CurrencyRateController`. The root cause of the infinite loading in Pay confirmations was that the `RemoteFeatureFlagController` state isn't populated at the point `TransactionPayController` initialises during onboarding — the remote flags haven't been fetched yet — so `assetsUnifyState` defaults to `false`. This caused the controller to subscribe only to the legacy controllers, which meant required-token resolution never fired when the extension was running with the unified assets state, leaving the confirmation spinner indefinitely. This PR applies a yarn patch to `@metamask/transaction-pay-controller@22.5.0` that removes the conditional branch and always subscribes to all four controllers unconditionally. Both the CJS and ESM dist files are patched. ## **Changelog** CHANGELOG entry: null ## **Related issues** Fixes: #42989 ## **Manual testing steps** 1. Load the extension via a fresh onboarding. 2. Initiate a Pay transaction that requires a token not yet in local state. 3. Confirm the required token resolves and the confirmation no longer hangs on an infinite spinner. <!-- ## **Screenshots/Recordings** ### **Before** ### **After** --> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes Pay transaction asset subscription behavior at controller init; limited scope but affects confirmation UX and token resolution timing. > > **Overview** > Fixes **MetaMask Pay** confirmations that could spin forever when required token metadata was not ready yet. > > The extension adds a **Yarn patch** on `@metamask/transaction-pay-controller@22.6.0` so `subscribeAssetChanges` no longer branches on the `assetsUnifyState` remote feature flag. That flag often reads as disabled during early startup (e.g. onboarding before remote flags load), which left the controller listening only to legacy token/rate controllers while the app used unified assets—so required-token resolution never ran. > > The patch always registers listeners on **`AssetsController`**, **`TokensController`**, **`TokenRatesController`**, and **`CurrencyRateController`** (CJS and ESM dist). **`package.json`** resolutions and **`yarn.lock`** point installs at the patched package. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 2609a33. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** Honor the "hide tokens with zero balance" setting even for mUSD ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: fix: honor hide zero balance setting for musd ## **Related issues** Fixes: ## **Manual testing steps** 1. Settings > Hide tokens without balance 2. Should hide mUSD tokens ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Small display-rule change in the token list with targeted tests; no auth, payments, or persistence changes. > > **Overview** > **Hide zero balance** now applies to **mUSD** the same as other tokens: the token list filter no longer skips `isMusdToken` when `shouldHideZeroBalanceTokens` is on and `balance === '0'`. > > Tests were updated to assert zero-balance mUSD is hidden on mainnet and Linea when the setting is enabled, and that zero-balance mUSD still appears (outside the low-value bucket) when the setting is off. **Low-value** grouping still treats mUSD specially via `isLowValueAsset`; only the zero-balance visibility rule changed. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 37b9903. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
## **Description** `normalizeSafeAddress` / `isEthAddress` / `normalizeAddress` live in `app/scripts/lib/multichain/address.ts` even though they're pure utilities consumed by both UI and background. ~17 UI files import them with `// eslint-disable-next-line import-x/no-restricted-paths`. This PR moves the file (and its test) to `shared/lib/multichain/` — git detects the rename at 94-100% similarity. Every importer (UI, app fixture, e2e test) is updated. The eslint suppressions and stale `// TODO: Remove restricted import` comments are removed at each UI site. No behavior change — pure refactor. ## **Changelog** CHANGELOG entry: null ## **Related issues** Fixes: N/A ## **Manual testing steps** None — pure refactor. CI lint + type-check covers correctness. 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Path-only refactor with no logic changes; risk is limited to missed import updates, which lint/type-check and tests should catch. > > **Overview** > Relocates the pure multichain address helpers (`normalizeSafeAddress`, `normalizeAddress`, `isEthAddress`) from `app/scripts/lib/multichain/address` to **`shared/lib/multichain/address`**, with the module’s `hexstring-utils` import adjusted for the new location. > > **Every consumer** (UI components, bridge/permissions/confirm flows, wallet fixture generator, and seedless onboarding e2e) now imports from `shared` instead of the background `app/scripts` tree. That removes roughly **17** `import-x/no-restricted-paths` suppressions and stale “TODO: Remove restricted import” comments. > > **No runtime behavior change**—only module placement and import paths. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit af040f4. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** Integrate `@metamask/wallet` into the extension, replacing the initialization for `KeyringController` as the first step towards a migration. This lets us remove most of the initialization logic for `KeyringController` as that has been consolidated in `core`. Additionally some changes were required to `SnapKeyring`, `MetaMaskController` and the current initialization framework. The goal following this PR is a gradual migration of as much initialization code as possible to `core`. There should be no functional changes. ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** https://consensyssoftware.atlassian.net/browse/WPC-999 <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Touches wallet/keyring bootstrap and Snap account persist/remove paths; scope is large but described as behavior-preserving, with test bridges relocated to `wallet-init/keyrings.ts`. > > **Overview** > This PR wires **`@metamask/wallet`** into the extension so **`KeyringController`** is created through the wallet library instead of the messenger-client-init path. **`initializeWallet`** in `wallet-init/initialization.ts` builds a `Wallet` with persisted state, encryptor, and **`getKeyringBuilders`** (hardware/QR/offscreen bridges, snap keyring, and test-only fake bridges via `IN_TEST`). > > **`MetamaskController`** now owns `this.wallet`, resolves **`keyringController`** via `wallet.getInstance('KeyringController')`, and passes **`wallet`** into **`initMessengerClients`**, which can fall back to **`wallet.getInstance(name)`** when a controller was not registered through init functions. **`KeyringControllerInit`**, **`SnapKeyringBuilderInit`**, and their messenger factories are removed from the init registry. > > **`snapKeyringBuilder`** only takes a messenger: persist, account updates, metrics, and account removal go through delegated messenger actions (`KeyringController:persistAllKeyrings`, `LegacyBackgroundApiService:removeAccount`, etc.) instead of injected helpers. > > **`background.js`** drops the **`overrides`** object (test keyring bridges, custom port streams, `registerConnectListeners`) from **`setupController`**; connections always use **`ExtensionPortStream`** directly. > > LavaMoat policies and **`package.json`** add **`@metamask/wallet`**. Intended behavior is unchanged; this is structural prep for moving more init into core. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit b190447. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
release: sync stable to main for version 13.33.0
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Use `Box` from DSR (no codeowners, part 2). ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/DSYS-433 ## **Manual testing steps** 1. Check affected files 2. Open corresponding pages/component in extension to be sure that this PR doesn't introduce regressions ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <img width="471" height="732" alt="image" src="https://github.com/user-attachments/assets/1c22e130-596b-44d7-93f9-81d3e374869f" /> ### **After** <img width="471" height="732" alt="image" src="https://github.com/user-attachments/assets/15eba276-d1e3-4757-8187-99aa8f5af6f2" /> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Primarily a UI refactor switching layout primitives to `@metamask/design-system-react` `Box` and utility classes; main risk is minor visual/layout regressions on the touched pages. > > **Overview** > Migrates multiple UI surfaces to use `Box` from `@metamask/design-system-react`, replacing legacy `Box` usage and many `Display`/`Flex*` constants with `Box*` enums plus `flex`/Tailwind-style utility classes. > > This refactor touches permission status rendering, `TabBar` (wrapping actual `<button>` via `asChild`), Terms of Use popup layout (including ordered lists via `asChild`), the deprecated `FormField` label wrapper, the suggested-NFT confirmation page, and the permissions redirect screen. Jest snapshots for suggested NFT and smart transaction status pages are updated to match the new class output. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 46bfafd. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Use `Box` from DSR (swaps scope). ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/DSYS-433 ## **Manual testing steps** 1. Check modified files 2. Make sure there is no visual regression ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <img width="490" height="1067" alt="image" src="https://github.com/user-attachments/assets/ed0d2adf-c337-4940-b57f-0ee234600b51" /> ### **After** <img width="490" height="1061" alt="image" src="https://github.com/user-attachments/assets/55730384-95d2-4b82-99a2-457129c1fcb1" /> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Mostly a UI refactor swapping `Box` implementations and layout props for DSR enums/CSS classes; risk is limited to potential visual/layout regressions across Bridge transaction details and related modals/pages. > > **Overview** > Refactors Bridge (and `swaps/import-token`) UI components to use `Box` from `@metamask/design-system-react` instead of the component-library `Box`, replacing legacy layout constants (`Display`, `FlexDirection`, etc.) with DSR props (e.g., `BoxFlexDirection`, `BoxJustifyContent`) and utility `className`s. > > Updates several Bridge screens (prepare flow, awaiting signatures, tooltips, transaction details, and Storybook stories) plus associated Jest snapshots to match the new rendered markup/classes and minor wrapper structure changes (e.g., `HollowCircle` now uses `asChild`). > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 9849f03. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
## **Description** This PR patches `webpack-bundle-analyzer@5.3.0` for the static report generated by our webpack bundle analyzer workflow. Root cause: - `webpack-bundle-analyzer@5.3.0` generated viewer code wires chunk checkbox changes to `setSelectedSize` instead of `setSelectedChunks`, so changing chunk selection corrupts the active size state and the report UI falls back to `Stat`. - The static template includes an HTML comment marker before the embedded `viewer.js`. LavaMoat's SES source transform rewrites HTML comment tokens inside JavaScript source, which makes the marker render visibly as `< ! -- viewer.js -- >` in the analyzer report. This patch fixes the static embedded viewer output by replacing the bad minified handler during template rendering, and removes the static `viewer.js` HTML comment marker. This is standalone and is not part of the bundle-size stats PR stack. ## **Changelog** CHANGELOG entry: null ## **Related issues** Fixes: ## **Manual testing steps** 1. Open the bundle analyzer link on #42799 (comment) 2. Confirm the top of the report does not show `< ! -- viewer.js -- >`. 3. Click `Gzipped`, `Parsed`, and `Stat`, and confirm the selected size mode changes correctly. 4. Toggle chunk checkboxes in the sidebar, and confirm the treemap responds to the selected chunks. <!-- ## **Screenshots/Recordings** ### **Before** [screenshots/recordings] ### **After** [screenshots/recordings] --> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. Validation: - `yarn install` - `yarn lint:changed:fix` - `yarn lint:lockfile` - `git diff --check` - `yarn test:unit:webpack` - `yarn node` smoke check for `renderViewer({ mode: 'static' })` confirming the fixed chunk handler is present and the HTML comment marker is absent. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** Fixes brittle unit tests ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: ## **Manual testing steps** yarn test:unit ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Changes are confined to test files and mocks; no runtime behavior is modified. > > **Overview** > This PR only adjusts **unit tests** to reduce flakiness and mock gaps; there is no production code change. > > **Ledger offscreen tests** add a partial mock of `@metamask/eth-sig-util` so `TypedDataUtils.eip712DomainHash` and `hashStruct` return fixed buffers, stabilizing EIP-712 hashed-signing fallback paths. > > **Deep link `parse` tests** export `VALID`, `INVALID`, and `MISSING` from the mocked `./verify` module so assertions can compare signature status without relying on the real module under the mock factory. > > **Change password tests** re-export `ToastContent` from the toast mock, introduce `fillNewPasswordForm` with `waitFor` for the enabled save button, and reuse that helper across step-2 scenarios instead of duplicating synchronous enable checks. > > **Network list menu tests** batch related `waitFor` expectations (with longer timeouts where needed) for network switch, search filtering, and permitted-chain flows so async UI updates are not asserted too early. > > **Trust signals tests** mock `useI18nContext` so malicious-address labels resolve predictably when mapping security alert results to display state. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit d173f26. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** Extracts duplicated connect-approval helpers from E2E spec files into a shared flow. 1. **Reason:** `connect-evm.spec.ts` and `dapp-connection-control-bar-network-picker.spec.ts` each defined local helpers to approve the MetaMask connect dialog. Review feedback on #42653 requested this logic live in a reusable flow instead of inline in specs. 2. **Solution:** Adds `approveConnect` to `test/e2e/page-objects/flows/connect.flow.ts` and updates both specs to import it. The flow supports optional multi-account and extra-network setup; calling `approveConnect(driver)` with no options preserves the simpler behavior previously used by the network-picker spec. ## **Changelog** CHANGELOG entry: null ## **Related issues** Fixes: [MMQA-1811](https://consensyssoftware.atlassian.net/browse/MMQA-1811) ## **Manual testing steps** 1. Build a test build: yarn build:test 2. Run the connect-evm spec: yarn test:e2e:single test/e2e/tests/mm-connect/connect-evm.spec.ts --browser=chrome 3. Run the network picker spec: yarn test:e2e:single test/e2e/tests/mm-connect/dapp-connection-control-bar-network-picker.spec.ts --browser=chrome 4. Confirm all tests pass with no behavior changes. ## **Screenshots/Recordings** <!-- ### **Before** ### **After** --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I've included tests if applicable - [ ] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. [MMQA-1811]: https://consensyssoftware.atlassian.net/browse/MMQA-1811?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > E2E test refactor only; no application runtime code paths are modified. > > **Overview** > Moves duplicated MetaMask **connect dialog approval** logic out of mm-connect E2E specs into a shared **`approveConnect`** flow at `test/e2e/page-objects/flows/connect.flow.ts`. > > **`connect-evm.spec.ts`** drops its inline helper and imports the flow (unchanged call sites for multi-account and extra-network options). **`dapp-connection-control-bar-network-picker.spec.ts`** removes **`approveConnectFromDialog`** and uses **`approveConnect(driver)`** with defaults for the same single-account, no-extra-networks path. > > No product or extension behavior changes—test structure and reuse only. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit da35b42. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
…3071) ## **Description** Removes the `MetaMaskMockServerCapability` from the LLM workflow system (`test/e2e/playwright/llm-workflow/`). Network mocking is now handled by Playwright route interception via the `mm mock-network` CLI command, which is session-scoped and supports both page and service-worker contexts. **What changed:** - Deleted `mock-server.ts` and `mock-server.test.ts` (277 lines removed) - Removed `mockServer` options from `CreateMetaMaskContextOptions` and the factory - Removed mock port allocation from the daemon (3 → 2 ports: anvil + fixture) - Removed mock server start/stop/rollback from `MetaMaskSessionManager` - Removed `proxyServer` wiring to the browser launcher - Removed `MockServerCapability` import from `@metamask/client-mcp-core` - Updated all affected tests to remove mock server references - Documented known limitation: pre-launch mocking is not yet supported ## **Changelog** CHANGELOG entry: null ## **Related issues** <!-- Fixes: --> ## **Manual testing steps** 1. Run `yarn test:unit test/e2e/playwright/llm-workflow/` — all tests pass 2. Run `mm launch` — session starts without mock server port allocation 3. Run `mm mock-network add '{"id":"test","method":"GET","url":"https://example.com/**","response":{"json":{"ok":true}}}'` — Playwright route mock is active 4. Run `mm cleanup` — clean shutdown without mock server teardown errors <!-- ## **Screenshots/Recordings** ### **Before** ### **After** --> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes how E2E/LLM sessions wire networking at launch (no proxy/mock port), which could affect agents relying on startup-time interception, but scope is limited to test workflow tooling. > > **Overview** > Removes the **mockttp-based** `MetaMaskMockServerCapability` from the LLM workflow and aligns with **`@metamask/client-mcp-core` 0.5.0**, where network mocking is handled by **`mm mock-network`** (Playwright route interception) instead of a local HTTPS proxy. > > E2E context creation and **`MetaMaskSessionManager`** no longer register, start, or tear down a mock server, and **`mm launch`** no longer passes **`proxyServer`** into Chromium. The daemon now reserves only **Anvil + fixture** ports (mock port allocation is gone). Related factory options, exports, and unit tests are updated; the workflow README notes that **pre-launch** requests cannot be mocked until a session is active. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit eea8ab4. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** This PR adds a new reconnection screen that the user may click into if they are encountering issues with the hardware wallet connection. <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: add new hardware wallet reconnection page. ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/MUL-1667 ## **Manual testing steps** 1. Using a ledger/trezor device 2. Initiate a dapp transaction without the device being connected 3. Go to new recovery page 4. Reconnect the device ## **Screenshots/Recordings** <img width="367" height="376" alt="Screenshot 2026-05-14 at 17 55 13" src="https://github.com/user-attachments/assets/a0f9ca59-2cdc-41e9-b411-143923216d4f" /> <img width="361" height="341" alt="Screenshot 2026-05-14 at 17 55 40" src="https://github.com/user-attachments/assets/5df582c0-e2cc-419b-b4ce-68d4371a6477" /> <img width="873" height="611" alt="Screenshot 2026-05-14 at 17 55 29" src="https://github.com/user-attachments/assets/052561d6-70ca-403b-8aff-8e2a91855b4a" /> <img width="886" height="893" alt="Screenshot 2026-05-14 at 17 55 08" src="https://github.com/user-attachments/assets/ffdd1f65-03b8-4d42-89f6-30dc174a6b57" /> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. - [ ] <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Touches WebHID/USB permission and connect/readiness paths for hardware wallets; changes are recovery UX rather than signing or key material, but wrong connection behavior could block transactions. > > **Overview** > Adds a dedicated **hardware wallet reconnection** flow at `/hardware-wallet-repair`, reachable from the hardware wallet error modal via **“Reconnect from the beginning”** for disconnect/transport errors (`DeviceDisconnected`, `ConnectionClosed`, `ConnectionTransportMissing`). > > The new page walks users through USB/unlock steps (Ledger adds an Ethereum app step), requests browser device permission, then verifies readiness and shows success or error states. **`walletType`** on the query string overrides the selected account so repair can target the device that failed. When the route type differs from the selected account, readiness uses a short-lived adapter via `ensureRepairDeviceReady` instead of the shared context connect path. > > **`HardwareWalletErrorProvider`** passes `onRepairDevice` into the error modal to open the repair tab with `openExtensionInBrowser`. **Auto-connect** is skipped on the repair route to avoid fighting the manual reconnect flow. Copy, tests, and a **`HardwareWalletRecoveryRepairCtaClicked`** metric accompany the UI updates to the error modal (repair link + design-system styling). > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit baeca64. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Cursor <cursoragent@cursor.com>
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** - Updates to supported price-api chains - Improvement for `MulticallClient` in assets-controller <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/ASSETS-3304 ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [X] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [X] I've completed the PR template to the best of my ability - [X] I’ve included tests if applicable - [X] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [X] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Use `Box` from DSR (assets team). ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/DSYS-433 ## **Manual testing steps** 1. Open extension app 2. Check that modified files don't cause UI regressions ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <img width="371" height="1118" alt="image" src="https://github.com/user-attachments/assets/08010efc-af26-4659-8ae7-ca29334105bb" /> ### **After** <img width="379" height="1128" alt="image" src="https://github.com/user-attachments/assets/37ee0257-29f1-4d22-9f23-d17a2bb73635" /> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Presentation-only refactor across balances, token/NFT/DeFi lists, and filters; no auth, transactions, or data logic changes—risk is mainly visual regression if DSR Box styling diverges from the old component-library Box. > > **Overview** > This PR **migrates layout `Box` usage** in the assets-team surfaces from the extension **component-library** to **`Box` (and related enums) from `@metamask/design-system-react`**, including **`Skeleton`** where touched. > > **Layout API changes:** Old design-system props (`Display`, `FlexDirection`, `AlignItems`, `JustifyContent`, `BlockSize`, `BorderRadius`, etc.) are replaced with DSR types such as `BoxFlexDirection`, `BoxAlignItems`, `BoxJustifyContent`, and `BoxBackgroundColor`, often paired with **Tailwind-style `className` utilities** (`flex`, `w-full`, `py-2`, `rounded-lg`) instead of `mm-box--*` modifier classes. > > **Notable structural tweak:** `generic-asset-cell-layout` switches the clickable row from **`Box as="a"`** to **`Box asChild`** wrapping a native **`<a>`** with equivalent flex/padding classes. **`nfts-tab`** uses DSR **`paddingHorizontal`** instead of separate inline padding props. > > **Tests:** Jest snapshots are updated so expected DOM classes match the DSR/Tailwind output (e.g. token list rows, NFT default images, asset and DeFi detail pages). > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit ee062f5. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Use `Box` from DSR (no codeowners, part 3). ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/DSYS-433 ## **Manual testing steps** 1. Check modified files 2. Open app and make sure there is no regressions ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <img width="492" height="1064" alt="image" src="https://github.com/user-attachments/assets/70ede695-7685-49ef-92ca-2583e7882b47" /> ### **After** <img width="492" height="1043" alt="image" src="https://github.com/user-attachments/assets/9a09a3ac-dce3-4c1c-9cbb-bb3f32dd9505" /> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Presentational layout migration with snapshot updates; no auth, transaction, or permission logic changes beyond import/API swaps for Box. > > **Overview** > This PR continues migrating layout containers from **component-library** `Box` to **`@metamask/design-system-react` `Box`**, replacing legacy `Display` / `FlexDirection` / `JustifyContent` / `AlignItems` / `BlockSize` props with **Tailwind-style `className`s** (e.g. `flex`, `flex-col`, `w-full`) and DSR enums (`BoxJustifyContent`, `BoxAlignItems`, `BoxBackgroundColor`, etc.). > > Touched areas include **permissions connect** (cells, headers, footers, permission list with `asChild` + `<span>`), **multichain** transaction/bridge UI, **wallet overview** (aggregated %, coin buttons), **asset/DeFi pages** and charts, **onboarding/security** modals (SRP, recovery, update), and assorted UI utilities. **Jest snapshots** were updated where rendered `mm-box--display-*` classes became utility classes. > > Behavior should be equivalent; risk is mainly **visual/regression** on flex/spacing, not business logic. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit e518cfc. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This reverts commit 6a2342c.
…ase-13.35.0 Sync 13.34.1 stable into release 13.35.0
…rily) cp-13.35.0 (#43386) - test: pin geckodriver to 0.36.0 (temporarily) cp-13.35.0 (#43385) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** Some Firefox tests got broken. It seems geckodriver version updated to 0.37.0 and broke the MetaMask <-> Dapp connections in our e2e tests. We now pin the version to the previous working one. This is a temporary patch, that will be removed altogether once the Playwright migration is finalized (currently in progress), as we won't be using geckodriver anymore and we'll be using pinned Firefox and pw versions to be 100% deterministic and upgrade manually via code changes. <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: ## **Related issues** Fixes: ## **Manual testing steps** 1. Run a failing spec and see it passes now ` ENABLE_MV3=false yarn test:e2e:single test/e2e/tests/mm-connect/dapp-connection-control-bar-network-picker.spec.ts --leave-running=true --browser=firefox` ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Test infrastructure only; no production extension behavior changes, with graceful fallback if pinned driver resolution fails. > > **Overview** > Firefox Selenium e2e runs now **pin geckodriver to 0.36.0** because **0.37.0** breaks MetaMask–dapp wallet detection in tests. A new **`resolveGeckodriverPath()`** picks the driver via **`GECKODRIVER_PATH`**, then **`selenium-manager`** (bundled with `selenium-webdriver`) for the pinned version on local and CI, with a warn-and-fallback to default Selenium Manager resolution on failure. > > **`FirefoxDriver.build`** wires that path into **`firefox.ServiceBuilder`** for non-snap Firefox; **`FIREFOX_SNAP`** still uses the snap geckodriver binary. Intended as a temporary workaround until Playwright migration. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 27e51ed. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> [da71330](da71330) Co-authored-by: seaona <54408225+seaona@users.noreply.github.com>
This PR updates the change log for 13.35.0. --------- Co-authored-by: Tatiana Bobritsky <tatiana.bobritsky@consensys.net> Co-authored-by: metamaskbot <metamaskbot@users.noreply.github.com> Co-authored-by: tommasini <tommasini15@gmail.com> Co-authored-by: tommasini <46944231+tommasini@users.noreply.github.com>
…-13.35.0 (#43368) - fix(onboarding): telegram logo update cp-13.35.0 (#43360) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Telegram logo updated for Onboarding Login and Manage Recovery UI JIRA Link: https://consensyssoftware.atlassian.net/browse/TO-823 ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: Telegram logo updated for Onboarding Login and Manage Recovery UI ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> <img width="1728" height="988" alt="Screenshot 2026-06-09 at 2 56 27 PM" src="https://github.com/user-attachments/assets/52d653fa-8284-4349-a806-cc0017937c57" /> <img width="1726" height="1042" alt="Screenshot 2026-06-09 at 2 56 34 PM" src="https://github.com/user-attachments/assets/a8aaa51a-9927-4abe-94aa-2da09425f563" /> <img width="609" height="1009" alt="Screenshot 2026-06-09 at 2 57 47 PM" src="https://github.com/user-attachments/assets/b7d7948a-4075-4ca0-8c1a-491d512ee3a3" /> <img width="582" height="1001" alt="Screenshot 2026-06-09 at 2 57 55 PM" src="https://github.com/user-attachments/assets/835fc7b1-4035-4da4-9484-836e47df538e" /> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [x] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [x] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Visual-only icon and styling updates on onboarding and security UI with no auth or data-flow changes. > > **Overview** > **Telegram branding** is aligned across onboarding and recovery management by using the design-system `Icon` with `IconName.Telegram` and a shared `--color-telegram-blue` token instead of the `telegram.svg` image. > > On **Manage Recovery** (`reveal-srp-list`), social provider icons are centralized in `renderSocialLoginIcon` so **Telegram** gets the same icon treatment and **Apple** uses `AppleLogo`; Google still uses the SVG asset. That screen also pulls `Box`/`Text`/`Icon` from `@metamask/design-system-react`, switches text variants to the new enum casing, and moves some spacing to utility classes. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 0a1c79f. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> [cf79d47](cf79d47) Co-authored-by: Ganesh Suresh Patra <ganesh.patra@consensys.net>
…ist cp-13.35.0 (#43401) - feat: updated API for token management list cp-13.35.0 (#43375) This PR is to update the API on token management page to fetch the list of tokens. API endpoint `v3/chains/chainId/assets ` Search API will stay same, it's just to update assets list ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: updated token list API ## **Related issues** Fixes: ## **Manual testing steps** 1. Run extension 2. Go to Token Management Page 3. Everything should stay same, both imported and non imported tokens should be listed 4. Switch to Arc network, check the five tokens are listed on token management page NOTE: Token not rendered on home page is being handled by assets ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes the external browse data source and pagination contract (multi-fetch + JSON cursors), which can affect which tokens appear and how infinite scroll behaves across EVM and non-EVM networks. > > **Overview** > Switches **token browse** on Token Management from the legacy token-search “blank query” flow to the **tokens v3** `chains/{chainId}/assets` API, while **typed search** still uses the existing search endpoint. > > `browseTokens` now issues **one request per enabled CAIP chain**, merges results, and tracks pagination with a **JSON cursor keyed by chain** (only chains with a next page are included). **EVM** chains get `occurrenceFloor=3`; **non-EVM** chains do not. **Partial failure** is tolerated: if some chains return 400, successful chains still return data; if every chain fails, the first error is thrown. **No networks** yields an empty response without calling fetch. > > The Token Management page wires browse to **`selectEnabledNetworksAsCaipChainIds`** instead of locally converting hex chain IDs, and **browse failures** are surfaced in the UI when the list is empty (not only when the user has typed a search query). > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit c180a93. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> [4edf779](4edf779) Co-authored-by: Nidhi Kumari <nidhi.kumari@consensys.net> Co-authored-by: sleepytanya <104780023+sleepytanya@users.noreply.github.com>
…s in close all positions modal cp-13.35.0 (#43400) - fix(perps): limit PNL to 2 decimal places in close all positions modal cp-13.35.0 (#43387) ## **Description** The PNL value in the "Close All Positions" modal was formatted using `formatPerpsFiatUniversal`, which delegates to `PRICE_RANGES_UNIVERSAL`. That config allows up to 4–6 decimal places depending on value magnitude (e.g., values between $10–$100 show up to 4 decimals, values $0.01–$10 show up to 6 decimals). This change switches the PNL display to use `formatPerpsFiat` with explicit `minimumDecimals: 2` and `maximumDecimals: 2`, capping PNL to 2 decimal places. This is consistent with how `formatPnl` formats PNL values elsewhere in the codebase. ## **Changelog** CHANGELOG entry: Fixed PNL display in the Close All Positions modal to show a maximum of 2 decimal places ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/TAT-2852 ## **Manual testing steps** Feature: Close All Positions modal PNL formatting Scenario: PNL displays with 2 decimal places Given the user has open perps positions with unrealized PNL When the user opens the "Close All Positions" modal Then the PNL value (e.g., "+$12.34" or "-$5.67") is shown with exactly 2 decimal places And PNL values are not shown with more than 2 decimal places (e.g., not "+$12.3456") ## **Screenshots/Recordings** ### **Before** https://consensyssoftware.atlassian.net/browse/TAT-2852?focusedCommentId=428853 ### **After** <img width="356" height="370" alt="Screenshot 2026-06-10 at 11 41 10" src="https://github.com/user-attachments/assets/2aab7176-0ce2-400f-a679-5106f69e3ee4" /> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Display-only formatting change in one modal; no auth, fees calculation, or submission logic touched. > > **Overview** > The **Close All Positions** modal no longer formats total unrealized PNL with `formatPerpsFiatUniversal` (variable 4–6 decimals via `PRICE_RANGES_UNIVERSAL`). It now uses shared `formatPerpsFiat` with **`minimumDecimals: 2`** and **`maximumDecimals: 2`**, so values like `+$12.34` / `-$5.67` always show two fractional digits—aligned with `formatPnl` on the single-position close flow. > > Tests drop the `formatPerpsDisplayPrice` mock and extend the `formatPerpsFiat` jest mock to honor optional decimal options. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 96fdd5a. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> [7efad5f](7efad5f) Co-authored-by: Michal Szorad <michal.szorad@consensys.net> Co-authored-by: sleepytanya <104780023+sleepytanya@users.noreply.github.com>
…3326) - fix: token list font size cp-13.35.0 (#43290) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** Reverts the 2nd-line token font size that was adjusted in this [PR](#43184) This element was already on small size and didn't need adjustment ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: ## **Manual testing steps** 1. Tokens list ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Cosmetic typography only on token list balance text; no logic, auth, or data changes. > > **Overview** > Reverts the **second-line token balance** typography on multichain token list rows (the `multichain-token-list-item-value` quantity, e.g. `5 TEST`) to the smaller style that existed before a recent sizing change. > > In `TokenCellPrimaryDisplay`, styling moves from responsive Tailwind classes (`text-s-body-md` / `@compact:text-s-body-sm`) to the design-system **`TextVariant.bodySmMedium`** on `SensitiveText`. Jest snapshots for token cell, asset page, and DeFi details page are updated to match the restored `mm-text--body-sm-medium` output. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 06c28dc. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> [3e6bbf1](3e6bbf1) Co-authored-by: Francis Nepomuceno <n3ps@users.noreply.github.com>
… numeric in token details page cp-13.35.0 (#43420) - fix: ensure stringied numeric values are numeric in token details page cp-13.35.0 (#43398) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Some non-numeric values in the token details page are being stringified, which is causing an issue when converting to BigInteger. <img width="1962" height="914" alt="image" src="https://github.com/user-attachments/assets/7a48a7f8-ddfe-431c-8222-0a0425df535b" /> ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: Fixed issue with token market non-numeric values being stringified. ## **Related issues** Fixes: #43389 ## **Manual testing steps** 1. Import Solana token JBxEqfH8vzyUCXmWvTesN41ccbxoaESXxuJG9LFWpump 2. Access the asset details page ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [X] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [X] I've completed the PR template to the best of my ability - [X] I’ve included tests if applicable - [X] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [X] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Small selector change with tests; only affects display/mapping of optional market stats for non-EVM assets when unify state is enabled. > > **Overview** > Fixes multichain token **market data** on the asset details page when price API fields are missing or invalid. > > In `getMultichainAssetsRatesControllerConversionRates`, **allTimeHigh**, **allTimeLow**, **circulatingSupply**, **marketCap**, and **totalVolume** are now stringified only when `Number.isFinite` is true; otherwise the field is **`undefined`** instead of values like `"null"`, `"NaN"`, or `"Infinity"` that broke downstream **BigInteger** parsing. > > A unit test covers `null`, `undefined`, `NaN`, and `Infinity` inputs for those fields. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 6a07315. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> [d372838](d372838) Co-authored-by: Bernardo Garces Chapero <bernardo.chapero@consensys.net> Co-authored-by: sleepytanya <104780023+sleepytanya@users.noreply.github.com>
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Cherry pick of #43239 ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: NFT buy data from API and local state now maps to a specific activity type fixes the title rendering removes the fixed "1" Note: Activity redesign is still behind a feature flag ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Changes are limited to activity classification, display metadata, and i18n; no auth, signing, or transaction execution paths are modified. > > **Overview** > Introduces a dedicated **`nftBuy`** activity type so NFT purchases no longer show up as generic **`buy`** / receive flows, with copy that can use the NFT name instead of a hardcoded quantity. > > **API EVM adapter:** When the user receives an ERC-721/1155 transfer and also sends native value in the same tx, mapping now returns **`nftBuy`** (with **`from`** / **`to`**) instead of **`buy`**. NFT transfer detection uses shared **`isNftStandard`**. > > **Token parsing:** For NFT transfers, **`getTokenAmountFromTransfer`** prefers **`name`** (or symbol) for display and **drops `amount`** so ERC-1155 quantity `1` is not shown as a token amount; outgoing NFT send expectations in tests are updated accordingly. > > **Local transactions:** Pending/confirmed contract interactions with an **incoming NFT balance change** in simulation and **non-zero native `value`** map to **`nftBuy`**. > > Adds **en/en_GB** strings for pending/success/failed NFT buy titles and tests/fixtures for API and local NFT purchase cases. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 643e048. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Francis Nepomuceno <n3ps@users.noreply.github.com>
…b Action cp-13.35.0 (#43349) - chore: New Crowdin Translations by GitHub Action cp-13.35.0 (#43003) Co-authored-by: metamaskbot <metamaskbot@users.noreply.github.com> [6692629](6692629) Co-authored-by: MetaMask Bot <37885440+metamaskbot@users.noreply.github.com> Co-authored-by: metamaskbot <metamaskbot@users.noreply.github.com> Co-authored-by: sleepytanya <104780023+sleepytanya@users.noreply.github.com> Co-authored-by: tommasini <46944231+tommasini@users.noreply.github.com>
…s issues (#43448) - fix: fix native tokens disappearing & gas issues cp-13.35.0 (#43379) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** core PR: MetaMask/core#9063 <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: fix native tokens disapearing ## **Related issues** Fixes: #43395 ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> https://github.com/user-attachments/assets/79b5e756-7ee7-4920-867e-2b13ca151d38 ### **After** <!-- [screenshots/recordings] --> https://github.com/user-attachments/assets/8926a4bb-5486-44d7-9dc9-459fa8e8ff94 ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes balance and asset metadata classification in a patched dependency used across the wallet UI and gas flows; incorrect typing could still affect displayed balances or fee estimation. > > **Overview** > Backports **MetaMask/core#9063** into the extension by **patching `@metamask/assets-controller@8.3.2`** so native balances and gas keep working on the release branch without waiting on a published package. > > The patch replaces boolean **`isNativeAsset`** checks with a shared **`getAssetType`** helper (`native` | `erc20` | `spl`) on `AssetsController` and threads it through **BackendWebsocket**, **Rpc**, and **Token** data sources. Balance/metadata paths that used to infer type from CAIP namespaces or default non-native assets to `erc20` now classify natives consistently (including an extra native check in Rpc metadata collection), which addresses **native tokens disappearing** and related **gas** issues. > > **`package.json` / `yarn.lock`** also bump **`@metamask/assets-controller`** to the patched build and refresh several other MetaMask packages (design system, perps, seedless onboarding, analytics). LavaMoat policies only adjust the **`keyring-controller`** resolution path under transaction-pay. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 737cda1. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com> [6e62414](6e62414) --------- Co-authored-by: Salim TOUBAL <salim.toubal@outlook.com> Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
…add reconciliation/self-healing metadata cp-13.35.0 (#43500) - fix(assets-controller): update patch to add reconciliation/self-healing metadata cp-13.35.0 (#43477) ## **Description** Patch for this core fix: MetaMask/core#9099 ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: fix(assets-controller): update patch to add reconciliation/self-healing metadata ## **Related issues** Fixes: #43352 ## **Manual testing steps** 1. Start application on 13.34.0. Add IMX chain and token. 2. Inspect state - `AssetsController.assetsInfo["eip155:13371/erc20:0x0000000000000000000000000000000000000000"]` - See that the token is marked as "erc20" 3. Start application with these changes 4. Inspect state - `AssetsController.assetsInfo["eip155:13371/erc20:0x0000000000000000000000000000000000000000"]` - See that the token is marked as "native" ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** ```json { "aggregators": [], "decimals": 18, "erc20Permit": false, "image": "https://static.cx.metamask.io/api/v2/tokenIcons/assets/eip155/13371/erc20/0x0000000000000000000000000000000000000000.png", "name": "Immutable X", "occurrences": 100, "symbol": "IMX", "type": "erc20" } ``` ### **After** ``` { "aggregators": [], "decimals": 18, "erc20Permit": false, "image": "https://static.cx.metamask.io/api/v2/tokenIcons/assets/eip155/13371/erc20/0x0000000000000000000000000000000000000000.png", "name": "Immutable X", "occurrences": 100, "symbol": "IMX", "type": "native" } ``` https://www.loom.com/share/45f25216181146a69fc4730786c8fec9 ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes how persisted asset metadata types are updated across websocket/RPC flows; incorrect classification could affect portfolio display until the next reconcile, but the logic is narrowly corrective. > > **Overview** > Updates the **Yarn patch** for `@metamask/assets-controller@8.3.2` to backport MetaMask/core#9099: asset metadata **types** are reconciled when balance/info updates land, so mislabeled entries (e.g. IMX native at the zero address stored as `erc20`) are corrected to `native`, `spl`, or `erc20`. > > The patch adds a **`getAssetType`** helper on `AssetsController` and passes it into **BackendWebsocket**, **RPC**, and **price** data sources (replacing the websocket’s `isNativeAsset` hook). During `_updateState`, it walks asset IDs from incoming `assetsInfo` / `assetsBalance` and **self-heals** `metadata[assetId].type` when it disagrees with `getAssetType`, marking those IDs as changed metadata. > > `yarn.lock` is refreshed for the new patch hash/checksum only. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 13e0626. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> [f94cbf4](f94cbf4) Co-authored-by: Prithpal Sooriya <prithpal.sooriya@gmail.com>
…4.4 (#43510) - chore(43459): audit @grpc/grpc-js to 1.14.4 (#43479) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** Bumps the `@grpc/grpc-js` resolution to `^1.9.16` to address two high-severity advisories ([GHSA-5375-pq7m-f5r2](GHSA-5375-pq7m-f5r2), [GHSA-99f4-grh7-6pcq](GHSA-99f4-grh7-6pcq)) where a malformed request or compressed message could crash a gRPC server or client. <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: #43459 ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Dependency-only security patch with no app code changes; minor risk from a major-ish grpc-js version jump in transitive usage. > > **Overview** > Adds a Yarn **`resolutions`** entry for **`@grpc/grpc-js`** at **`^1.9.16`**, which pulls the lockfile from **1.9.15** to **1.14.4** to address high-severity advisories where malformed gRPC requests or compressed messages could crash a client or server. > > The lockfile also picks up related transitive updates: **`@grpc/proto-loader`** **0.7.x → 0.8.1**, new **`@js-sdsl/ordered-map`**, and **`@grpc/grpc-js`** no longer pins **`@types/node`** as a direct dependency. No application source changes. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit b19ba99. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> [24c31c1](24c31c1) --------- Co-authored-by: Danica Shen <zhaodanica@gmail.com> Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
…breaking the app cp-13.35.0 cp-13.36.0 (#43514) - fix: prevent tokens without symbol from breaking the app cp-13.35.0 cp-13.36.0 (#43506) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Fixes crash accessing Swap page when an asset with no symbol is present. ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: Fixed a bug causing Swap page to crash ## **Related issues** Fixes: #43508 ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> https://github.com/user-attachments/assets/3c11daf9-7882-43d1-9906-b61c5441555e ### **After** <!-- [screenshots/recordings] --> https://github.com/user-attachments/assets/e725a3b8-1fdc-4342-8da0-6e7519d8f098 ## **Pre-merge author checklist** - [X] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [X] I've completed the PR template to the best of my ability - [X] I’ve included tests if applicable - [X] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [X] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Small defensive change in a migration selector with a focused unit test; no auth or payment paths touched. > > **Overview** > Fixes a crash when **assets unify state** is enabled and `getRatesControllerRates` walks `assetsInfo` entries that omit `symbol` (e.g. some Solana SPL metadata). > > The selector now uses optional chaining on `metadata.symbol` before lowercasing, so missing symbols no longer throw during rate derivation. Other assets with valid metadata still map into the legacy `rates` shape as before. > > Adds a unit test that mixes a symbol-less SPL `assetsInfo` entry with a priced BTC native asset and asserts the selector does not throw and only returns the BTC rate. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit c12e2f9. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> [b4b830b](b4b830b) Co-authored-by: Bernardo Garces Chapero <bernardo.chapero@consensys.net> Co-authored-by: tommasini <46944231+tommasini@users.noreply.github.com>
…n release branches cp-13.35.0 (#43522) - ci: Enable `skip-benchmark-gate` label on release branches cp-13.35.0 (#43519) ## **Description** The `skip-benchmark-gate` label — the documented escape hatch for the `run-benchmarks / quality-gate` job (Phase 2–3 rollout) — is currently only honored on `pull_request`-event runs. But RC validation produces **push**-event runs on `release/*` branches, where the step is unconditionally skipped and the label is never read. This PR makes the skip-check event-aware: - `pull_request` runs: unchanged — read labels of the PR itself. - `release/*` push runs: resolve the open PR(s) containing the pushed commit via `commits/{sha}/pulls` and read their labels (RC branches always have an open release PR). - `main` pushes and anything else: label resolution is explicitly skipped, so gate coverage on `main` is unchanged. ## **Changelog** CHANGELOG entry: null ## **Related issues** Related: #43518, #43256 ## **Manual testing steps** 1. Both new code paths were dry-run against the live v13.35.0 RC data: - `gh api repos/MetaMask/metamask-extension/commits/e3121b4cb0f5e0ff040b0e53183bf34e0e5d38e6/pulls --jq '.[] | select(.state == "open") | .number'` → returns `43256` - `gh api repos//issues/43256/labels --jq '.[].name'` → includes `skip-benchmark-gate` 2. After this lands on a `release/*` branch, the next push run's `quality-gate` job should log `skip-benchmark-gate label found on PR #<n> — skipping quality gate` and pass. 3. `pull_request` runs on this PR exercise the unchanged PR-event path. ## **Screenshots/Recordings** ### **Before** Gate job on RC push run, attempt 5 — `Check for skip label: skipped`, gate fails despite label: https://github.com/MetaMask/metamask-extension/actions/runs/27433212146/job/81103386745 ### **After** N/A (CI behavior — see manual testing steps) ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. [c649761](c649761) Co-authored-by: Jongsun Suh <jongsun.suh@icloud.com>
Contributor
|
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
mm-token-exchange-service
Bot
added
the
team-bots
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Caution MetaMask internal reviewing guidelines:
|
Contributor
Builds ready [c2406b7]
⚡ Performance Benchmarks (Total: 🟢 14 pass · 🟡 8 warn · 🔴 3 fail)
Bundle size diffs [🚀 Bundle size reduced!]
AI Test Plan
Release Scenarios (11)High Risk Scenarios (6)1. Token Management - Assets Controller upgradeRisk Level: HIGH Why This Matters: Large patch to the Assets Controller can impact watchAsset flows, token metadata, and per-network isolation, risking incorrect balances, broken logos, or cross-network leakage. Test Steps:
2. State Migration - Assets dataRisk Level: HIGH Why This Matters: Changes in assets-migration selectors risk data loss, duplication, or broken references after upgrade; this directly affects balances and portfolio integrity. Test Steps:
3. Transaction Sending and Gas Controls (Transaction Pay Controller)Risk Level: HIGH Why This Matters: Transaction pay logic changes can break gas estimation, advanced editing, or broadcasting across L1/L2 networks—core to successful sends. Test Steps:
4. Swaps flow with approvals and compliance/alertsRisk Level: HIGH Why This Matters: Controller and alert changes can surface during multi-step swaps/approvals; regressions here can block swaps or mislead users with incorrect warnings. Test Steps:
5. Controller Initialization and Unlock (Compliance Controller integration)Risk Level: HIGH Why This Matters: Introducing a new Compliance Controller and messenger in the init path risks startup, unlock, and controller orchestration failures affecting core usability. Test Steps:
6. Auto-detect tokens and bad metadata handlingRisk Level: HIGH Why This Matters: Assets Controller upgrades impact detection and metadata normalization; failures can misprice assets or show wrong balances. Test Steps:
Medium Risk Scenarios (5)1. Activity feed avatars and transaction item renderingRisk Level: MEDIUM Why This Matters: UI refactors to activity avatars can degrade clarity of transaction history or cause rendering/performance issues. Test Steps:
2. Snaps installation and permission dialogsRisk Level: MEDIUM Why This Matters: Updates to Snaps permission specs can misrepresent capabilities or block installs, impacting security and user trust. Test Steps:
3. Alerts and modals (alert system context changes)Risk Level: MEDIUM Why This Matters: Alert handling changes can result in stuck modals, lost actions, or incorrect analytics, disrupting critical decision points. Test Steps:
4. NFT gallery and metadata (Assets Controller path)Risk Level: MEDIUM Why This Matters: Assets controller and metadata pipelines affect NFT display; regressions can hide assets or show wrong data. Test Steps:
5. Localization regression (German)Risk Level: MEDIUM Why This Matters: Large locale updates can introduce missing keys or layout issues that break core flows for non-English users. Test Steps:
Teams Sign-off StatusSigned off: None yet Awaiting sign-off (5): Generated by AI Test Plan Analyzer (gpt-5) at 2026-06-15T07:25:26.619Z AI generated test plan (JSON): test-plan-13.35.1.json |
- feat: arc network integration cp-13.35.1 (#43509) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** arc network integration <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: arc network integration ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes balance aggregation and asset visibility on Arc; incorrect filtering could hide the wrong token or skew displayed balances, but scope is chain-specific and covered by tests. > > **Overview** > On **Arc**, native gas is USDC, so the USDC ERC20 at `ARC_USDC_TOKEN_ADDRESS` (`0x3600…`) is treated as a **display duplicate** of native USDC. This PR hides that ERC20 everywhere users pick or see tokens, while keeping **native USDC** as the source of truth. > > A shared constant and comments document the contract. **Asset selectors** drop the ERC20 from per-chain asset maps (including hidden assets), and **token balance aggregation** strips the same address on Arc so totals are not doubled. **Token management** and the **send asset picker** apply the same filter (with hex/CAIP chain id and address normalization). **API token search/browse** on Arc also omits the duplicate. > > When **assets-unify-state** is on, **`useArcDefaultTokens`** runs under `AssetsControllerPolling` and batch-imports Arc USDC as a custom asset for each EVM account that does not already have it, only if Arc is configured—without re-dispatching on re-render. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 9ae50ea. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> [6f94ece](6f94ece) Co-authored-by: Salim TOUBAL <salim.toubal@outlook.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🚀 v13.35.1 Testing & Release Quality Process
Hi Team,
As part of our new MetaMask Release Quality Process, here’s a quick overview of the key processes, testing strategies, and milestones to ensure a smooth and high-quality deployment.
📋 Key Processes
Testing Strategy
Conduct regression and exploratory testing for your functional areas, including automated and manual tests for critical workflows.
Focus on exploratory testing across the wallet, prioritize high-impact areas, and triage any Sentry errors found during testing.
Validate new functionalities and provide feedback to support release monitoring.
GitHub Signoff
Issue Resolution
Cherry-Picking Criteria
🗓️ Timeline and Milestones
✅ Signoff Checklist
Each team is responsible for signing off via GitHub. Use the checkbox below to track signoff completion:
Team sign-off checklist
This process is a major step forward in ensuring release stability and quality. Let’s stay aligned and make this release a success! 🚀
Feel free to reach out if you have questions or need clarification.
Many thanks in advance
Reference