## Explanation

This PR decouples the `TokenDetectionController` and `TokensController`
from the `TokenListController` by introducing a new shared
`TokenListService`. This architectural improvement provides:

- **Reduced coupling**: Controllers no longer depend on
`TokenListController` state/messaging
- **Enhanced caching**: Token lists are cached in-memory per chain for 4
hours using TanStack Query
- **Better performance**: Optimized token list fetching with proper
caching and deduplication
- **Simplified data flow**: Token enrichment moves from reactive events
to one-time initialization

### Key Changes

#### New `TokenListService`
- Introduces a TanStack Query-backed service for fetching and caching
token lists
- Provides 4-hour in-memory caching per chain ID  
- Exports `TokenListService` class and `buildTokenListMap` utility
function
- Adds `@tanstack/query-core` as a new dependency

#### Breaking Changes to Controllers
- **`TokenDetectionController`**: Now requires `tokenListService` in
constructor options
- **`TokensController`**: Now requires `tokenListService` in constructor
options
- Both controllers are decoupled from `TokenListController` messaging
system
- `TokenDetectionController` no longer automatically restarts detection
on `TokenListController:stateChange`

#### Token Detection Improvements
- Token list metadata fetched per detection pass with address
normalization
- Enhanced error handling with failure-safe early returns
- Improved mUSD deduplication and websocket/polling guards

#### Token Enrichment Changes
- `TokensController` switches from reactive events to one-time async
enrichment at initialization
- Multi-chain enrichment using `Promise.allSettled` for resilience
- Token `name` and `rwaData` enriched once during initialization vs. on
every state change

### Testing Updates
- Updated tests for new architecture
- Added comprehensive `TokenListService` unit tests
- Enhanced token detection test coverage

**Note**: This introduces breaking changes requiring constructor updates
for both controllers. Consumers will need to provide the new
`tokenListService` dependency.


<!--
Thanks for your contribution! Take a moment to answer these questions so
that reviewers have the information they need to properly understand
your changes:

* What is the current state of things and why does it need to change?
* What is the solution your changes offer and how does it work?
* Are there any changes whose purpose might not obvious to those
unfamiliar with the domain?
* If your primary goal was to update one package but you found you had
to update another one along the way, why did you do so?
* If you had to upgrade a dependency, why did you do so?
-->

## References
Mobile: MetaMask/metamask-mobile#29743

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them



<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Introduces a new shared caching layer and changes
`TokenDetectionController`/`TokensController` construction and runtime
behavior, which can impact token discovery/enrichment if consumers don’t
wire `tokenListService` correctly or if cache/normalization assumptions
differ across chains.
> 
> **Overview**
> Adds a new `TokenListService` (TanStack Query-backed) to fetch + cache
per-chain token lists in-memory for 4 hours, exporting both
`TokenListService` and `buildTokenListMap`, and adds
`@tanstack/query-core` as a direct dependency.
> 
> **BREAKING:** `TokenDetectionController` and `TokensController` now
require a `tokenListService` constructor option and no longer depend on
`TokenListController` actions/events; token detection now pulls fresh
token-list snapshots per chain from the service (with lowercase-key
normalization and graceful early-return on fetch failures) and no longer
restarts on `TokenListController:stateChange`.
> 
> Changes token metadata enrichment in `TokensController` from reactive
updates on token-list state changes to a one-time async initialization
pass (multi-chain, `Promise.allSettled`) that fills `name`/`rwaData`,
and updates tests/changelog accordingly (including new
`TokenListService` unit tests and expanded mUSD/detection guard
coverage).
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
c67b9ef. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

## Explanation

This PR releases major version bump of perps-controller to v6.0.0

## References

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Low code-change risk (version/changelog only), but medium integration
risk because `@metamask/perps-controller` is released as a new major
version with documented breaking API field renames that consumers must
adopt.
> 
> **Overview**
> Publishes a new release by bumping the monorepo version to `961.0.0`
and `@metamask/perps-controller` to `6.0.0`.
> 
> Updates `packages/perps-controller/CHANGELOG.md` with a new `6.0.0`
section (including noted **breaking** `AccountState` balance field
renames) and adjusts the compare links for the new release tag.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
8b2f8d6. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Michal Szorad <michal.szorad@consensys.net>

…ion (#8696)

## Explanation

**Current state:** `@metamask/passkey-controller` verified registration
and authentication responses with `requireUserVerification: false`, so
assertions without the WebAuthn **UV** (user verification) flag could
still pass server-side verification. Authentication also documented that
UV was intentionally optional for device compatibility.

**Why change:** Requiring user verification strengthens passkey
ceremonies by ensuring the authenticator performed user verification
(PIN, biometrics, etc.) when the response is accepted.

**Solution:** Pass `requireUserVerification: true` to both
`verifyRegistrationResponse` and `verifyAuthenticationResponse` in
`PasskeyController`. Remove the outdated comment that described UV as
optional on the authentication path. Update unit tests that assert the
options passed into the verify helpers so they expect
`requireUserVerification: true`.

**Consumer note:** Callers should request UV-capable ceremonies (e.g.
align `userVerification` in WebAuthn options with this policy) so real
clients do not fail verification after this change.

## References

* Internal: TO-541 (branch `fix/TO-541-passkey-user-verification`)
* <!-- Add `Fixes #…` / `Related to #…` if you have public issue numbers
-->

## Changelog

* [ ] Update `packages/passkey-controller/CHANGELOG.md` with an entry
for this user-facing behavior change (recommended: note that
verification now requires the UV flag).

## Checklist

- [x] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!--
Evaluate “breaking change”: stricter verification may reject previously
accepted responses on some authenticators—worth calling out in changelog
and any extension/mobile PRs that bump passkey-controller.
-->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **High Risk**
> Tightens WebAuthn verification by requiring the UV flag on both
registration and authentication assertions, which can reject previously
accepted responses on some authenticators/clients unless they request UV
explicitly.
> 
> **Overview**
> Enforces **user verification (UV)** across passkey enrollment and
unlock flows by switching `verifyRegistrationResponse` and
`verifyAuthenticationResponse` calls to `requireUserVerification: true`.
> 
> Aligns client request generation with the new policy by setting
`userVerification: 'required'` in `generateRegistrationOptions`,
`generatePostRegistrationAuthenticationOptions`, and
`generateAuthenticationOptions`, and updates tests/changelog to reflect
the stricter verification behavior.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
c258e59. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

…senger (#8716)

## Explanation
This exposes missing methods used in the clients through the messenger
after #7976

## References
Progresses https://consensyssoftware.atlassian.net/browse/WPC-989

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk, additive API surface change that only exposes existing
`AccountTreeController` lifecycle methods (`init`, `reinit`) through the
messenger without altering controller behavior or persistence logic.
> 
> **Overview**
> **Exposes `AccountTreeController` lifecycle methods via the
messenger.** The controller now registers `init` and `reinit` in
`MESSENGER_EXPOSED_METHODS`, and the auto-generated method action union
adds `AccountTreeController:init`/`AccountTreeController:reinit` (with
exported action types).
> 
> Updates the package changelog to document the newly available
messenger actions.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
618ad50. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

…messenger (#8717)

## Explanation
This exposes missing methods used in the clients through the messenger
after #7976

## References
Progresses https://consensyssoftware.atlassian.net/browse/WPC-989

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: this only exposes an existing `init` method through the
messenger and updates exported types/changelog, without changing
initialization behavior or data handling.
> 
> **Overview**
> Exposes `MultichainAccountService:init` through the service messenger
by adding it to `MESSENGER_EXPOSED_METHODS` and introducing the
corresponding `MultichainAccountServiceInitAction` type.
> 
> Updates public exports (`src/index.ts`) and the package changelog to
reflect the newly available messenger action and action type.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
daa46d9. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

…nger (#8718)

## Explanation
This exposes missing methods used in the clients through the messenger.

## References
Progresses https://consensyssoftware.atlassian.net/browse/WPC-989

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: this only exposes an existing `MoneyAccountController.init`
method via the messenger and adds the corresponding action type, without
changing account/keyring logic.
> 
> **Overview**
> Exposes the previously unexposed `MoneyAccountController:init` method
through the controller messenger by adding `init` to
`MESSENGER_EXPOSED_METHODS`.
> 
> Adds the corresponding `MoneyAccountControllerInitAction` type,
exports it from the package entrypoint, and documents the new exposed
action in the changelog.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
b1a4ad5. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

## Explanation

This release updates `@metamask/gator-permissions-controller` to `4.1.0`
and updates `@metamask/signature-controller` to consume
`@metamask/gator-permissions-controller@^4.1.0`.

The changelogs were updated to include consumer-facing changes only,
including the `signature-controller` dependency bump entry for this PR.

## References

N/A

## Checklist

- [x] I've updated the test suite for new or updated code as appropriate
- [x] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [x] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk release bookkeeping: only package version/changelog updates
and a dependency range bump in `@metamask/signature-controller`, with no
code logic changes in this PR.
> 
> **Overview**
> Bumps the monorepo version to `962.0.0` and releases
`@metamask/gator-permissions-controller` as `4.1.0` (with corresponding
changelog entry/link updates).
> 
> Updates `@metamask/signature-controller` to consume
`@metamask/gator-permissions-controller@^4.1.0`, and records this
dependency bump in the signature controller changelog; lockfile is
updated accordingly.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
8c68839. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Jeff Smale <6363749+jeffsmale90@users.noreply.github.com>

#8719)

## Explanation
This exposes missing methods used in the clients through the messenger.

## References
Progresses https://consensyssoftware.atlassian.net/browse/WPC-989

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: this only expands the messenger-exposed API surface to
include an existing `setSelectedCurrency` method, with no changes to
business logic or data handling.
> 
> **Overview**
> **Exposes `AssetsController.setSelectedCurrency` via the messenger.**
This adds the `AssetsController:setSelectedCurrency` action type,
includes `setSelectedCurrency` in the controller’s
`MESSENGER_EXPOSED_METHODS`, exports the new action type from
`index.ts`, and unregisters the handler on `destroy()`.
> 
> Updates the `@metamask/assets-controller` changelog to document the
newly exposed action.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
8ae3b43. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

## Explanation

Major update to assets-controllers

<!--
Thanks for your contribution! Take a moment to answer these questions so
that reviewers have the information they need to properly understand
your changes:

* What is the current state of things and why does it need to change?
* What is the solution your changes offer and how does it work?
* Are there any changes whose purpose might not obvious to those
unfamiliar with the domain?
* If your primary goal was to update one package but you found you had
to update another one along the way, why did you do so?
* If you had to upgrade a dependency, why did you do so?
-->

## References
https://consensyssoftware.atlassian.net/browse/ASSETS-3091
<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Primarily a dependency/version release bump, but it pulls in
`@metamask/assets-controllers@106.0.0` which includes breaking API
changes (e.g., new `TokenListService` constructor requirements) that can
affect consumers at runtime/build time.
> 
> **Overview**
> Updates the monorepo release to `963.0.0` and publishes new package
versions for `@metamask/assets-controller` (`6.4.0`),
`@metamask/assets-controllers` (`106.0.0`),
`@metamask/bridge-controller` (`71.1.1`), and
`@metamask/transaction-pay-controller` (`21.1.0`).
> 
> Downstream controllers (`bridge-controller`,
`bridge-status-controller`, `transaction-pay-controller`) are updated to
depend on the new assets packages, and changelogs/lockfile are updated
accordingly.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
ae12011. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Guillaume Roux <guillaumeroux123@gmail.com>

…iat strategy (#8720)

## Explanation

The fiat strategy was never selected during quote retrieval because of
two issues:

1. **`getStrategyOrder` never included `Fiat`** — The default strategy
order only contained `Relay` and `Across`. The fiat payment method ID
was not passed into the strategy routing function, so
`TransactionPayStrategy.Fiat` was never part of the strategy list.

2. **`getQuotes` bailed early on empty requests** — When a fiat payment
method is selected without a crypto payment token, `buildQuoteRequests`
returns an empty array (no `paymentToken`). The guard `if
(!requests?.length)` short-circuited before any strategy could run. The
fiat strategy doesn't need these requests — it derives its own relay
request from `amountFiat` internally.

### Changes

- **`getStrategyOrder`** — Added optional `fiatPaymentMethodId`
parameter. When provided, early returns `[TransactionPayStrategy.Fiat]`
so only the fiat strategy is used.
- **`#getStrategiesWithFallback`** — Now passes
`transactionData.fiatPayment.selectedPaymentMethodId` through to
`getStrategyOrder`.
- **`getQuotes`** — Changed the empty-requests guard from
`!requests?.length` to `!requests?.length && !fiatPaymentMethod` so the
strategy loop runs when a fiat payment method is active.

## References

- Related to CONF-1065

## Checklist

- [x] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [x] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Changes strategy routing and quote retrieval guard logic, which can
affect which pay strategy executes and when quotes are fetched, but
scope is limited to the transaction-pay controller and covered by new
unit tests.
> 
> **Overview**
> Fixes fiat pay quote retrieval by threading
`fiatPayment.selectedPaymentMethodId` into strategy selection and
ensuring it can drive the `Fiat` strategy.
> 
> `getStrategyOrder` now accepts an optional fiat payment method ID and
short-circuits to **Fiat-only** strategy ordering when present, and
`TransactionPayController` passes this value through during fallback
strategy resolution. Quote retrieval no longer bails early on empty
request sets when a fiat payment method is selected, allowing fiat
quotes even without a crypto `paymentToken`.
> 
> Adds targeted test coverage for the new routing behavior and updates
the package changelog under **Fixed**.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
5e81276. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->