## Summary

This is PR 2 of 4 in the core stack for Predict withdraws over Across.

- Adds Across quote construction for post-quote Predict withdraws.
- Uses exact-input quotes without destination actions for the post-quote
withdraw flow.
- Preserves provider fees, target totals, and original transaction gas
when normalizing quotes.
- Re-quotes post-quote withdraws after reserving source token for
source-chain gas paid with the source token.

## Stack

1. #8759: plumbing to identify Predict Across withdraws
2. This PR: quote support
3. #8761: submit support
4. #8762: gas payment edge cases

## Validation

- `yarn workspace @metamask/transaction-pay-controller run jest
--no-coverage src/strategy/across/across-quotes.test.ts
src/strategy/across/AcrossStrategy.test.ts`
- Full stack validation was run on the final stacked branch:
  - `yarn changelog:validate`
  - `yarn workspace @metamask/transaction-pay-controller run test`
  - `yarn workspace @metamask/transaction-controller run test`

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Medium risk because it changes Across quote construction and gas/fee
calculations for post-quote Predict withdraw flows, including
special-casing EIP-7702 authorization-list handling and multi-phase
re-quoting logic that could affect pricing and execution safety.
> 
> **Overview**
> Adds Across **quote support for post-quote Predict withdraws**,
switching these requests to `exactInput` quoting with **no destination
actions** and passing `refundAddress` through to the Across
`/swap/approval` request.
> 
> Updates gas/fee normalization to **include the original withdrawal
transaction’s gas** in `sourceNetwork`/`gasLimits` for post-quote
quotes, and extends the existing two-phase “reserve source token for
gas-fee-token” re-quote flow to *also* apply to post-quote Predict
withdraws (now failing hard on unsafe/invalid phase-2 outcomes instead
of falling back).
> 
> Relaxes Across strategy quote support checks to allow first-time
EIP-7702 `requiresAuthorizationList` **only** for post-quote Predict
withdraw quotes that have no embedded Across actions, and updates
types/tests accordingly (including persisting `actions` in the quote’s
`original.request`).
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
a65c549. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

…ts (#8786)

This change ensures the mUSD address is consistently checksummed,
preventing potential discrepancies in asset ID generation and data
source emissions. The update is crucial for maintaining data integrity
across different chains.

## Explanation

<!--
Thanks for your contribution! Take a moment to answer these questions so
that reviewers have the information they need to properly understand
your changes:

* What is the current state of things and why does it need to change?
* What is the solution your changes offer and how does it work?
* Are there any changes whose purpose might not obvious to those
unfamiliar with the domain?
* If your primary goal was to update one package but you found you had
to update another one along the way, why did you do so?
* If you had to upgrade a dependency, why did you do so?
-->

## References

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Changes the canonical casing of default CAIP-19 keys and makes
`getDefaultAssetMetadata` case-sensitive, so any caller not normalizing
asset IDs could stop receiving seeded metadata.
> 
> **Overview**
> Fixes mUSD default asset IDs to use an EIP-55 checksummed contract
address so the `assetsInfo` entries pre-seeded by
`buildDefaultAssetsInfo()` match the checksummed IDs emitted by data
sources, preventing duplicate metadata entries for the same token.
> 
> Updates defaults lookup behavior by keying `DEFAULT_ASSET_METADATA` by
checksummed CAIP-19 IDs (removing `.toLowerCase()` normalization) and
adds a regression test asserting seeded ERC-20 asset IDs contain
checksum casing; changelog is updated accordingly.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
d8eca2c. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

…ld not be reset when accountOverride is changed (#8787)

## Explanation

For postquote payments payment token for MM Pay transaction should not
be reset when accountOverride is changed. This is ensure on UI token
selection is not reset when account selection is changes.

## References

Related to https://consensyssoftware.atlassian.net/browse/CONF-1381

## Checklist

- [X] I've updated the test suite for new or updated code as appropriate
- [X] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [X] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [X] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: small conditional change to when `paymentToken` is cleared,
limited to post-quote flows and covered by a new unit test.
> 
> **Overview**
> Prevents `TransactionPayController.setTransactionConfig` from clearing
`transactionData.paymentToken` when `accountOverride` changes in
**post-quote** flows (`isPostQuote: true`), avoiding UI token selection
resets.
> 
> Adds a regression test covering the new behavior, and documents the
fix in `CHANGELOG.md`.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
6811719. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

## Explanation

<!--
Thanks for your contribution! Take a moment to answer these questions so
that reviewers have the information they need to properly understand
your changes:

* What is the current state of things and why does it need to change?
* What is the solution your changes offer and how does it work?
* Are there any changes whose purpose might not obvious to those
unfamiliar with the domain?
* If your primary goal was to update one package but you found you had
to update another one along the way, why did you do so?
* If you had to upgrade a dependency, why did you do so?
-->

Normalizes native asset addresses.

## References

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

## Checklist

- [X] I've updated the test suite for new or updated code as appropriate
- [X] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [X] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [X] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Changes the canonical native asset IDs produced by
`buildNativeAssetsFromConstant`, which can affect cache/state keys and
lookups if any consumers relied on the previous un-normalized IDs. Logic
is small and test-covered, with normalization limited to EVM `erc20`
CAIP-19 IDs.
> 
> **Overview**
> Native-asset seeding now normalizes each CAIP-19 native asset ID
returned by `buildNativeAssetsFromConstant` using `normalizeAssetId`,
aligning the seed map with IDs produced by other data sources (e.g.,
EIP-55 checksummed ERC-20 addresses).
> 
> Tests were updated to assert the normalized IDs, and the package
changelog documents the fix.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
00b8711. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

## Explanation

Support pagination on the search API

## References
Jira: https://consensyssoftware.atlassian.net/browse/ASSETS-3206
Mobile: MetaMask/metamask-mobile#30097

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Moderate risk because it changes the `searchTokens` request/response
contract (new `after` query param and optional `totalCount`/`pageInfo`
fields), which may require consumer updates and could affect pagination
behavior across clients.
> 
> **Overview**
> `searchTokens` now supports cursor-based pagination by accepting an
optional `after` cursor and forwarding it to the `/tokens/search`
request.
> 
> When present in the API response, the function now forwards
`totalCount` and `pageInfo` (`{ hasNextPage, endCursor }`) to callers,
and exports a new `PageInfo` type; tests and the changelog were updated
to cover/describe these new pagination fields.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
9025b38. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

## Explanation

<!--
Thanks for your contribution! Take a moment to answer these questions so
that reviewers have the information they need to properly understand
your changes:

* What is the current state of things and why does it need to change?
* What is the solution your changes offer and how does it work?
* Are there any changes whose purpose might not obvious to those
unfamiliar with the domain?
* If your primary goal was to update one package but you found you had
to update another one along the way, why did you do so?
* If you had to upgrade a dependency, why did you do so?
-->

Release:
- Patch release of `@metamask/assets-controller`
- Minor release of `@metamask/assets-controllers`
- Minor release of `@metamask/profile-sync-controller`
- Minor release of `@metamask/account-tree-controller`
- Major release of `@metamask/multichain-account-service`
- Initial release of `@metamask/snap-account-service`

## References

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Mostly version/changelog updates, but it rolls in a **major** bump of
`@metamask/multichain-account-service` (breaking API/messenger
requirements) plus new `@metamask/snap-account-service`, which can break
downstream builds if consumers don’t update their allowed actions/events
and configs.
> 
> **Overview**
> Publishes a new monorepo release (`979.0.0`) and cuts new package
versions across the workspace.
> 
> This release bumps `@metamask/account-tree-controller` to `7.4.0` and
propagates dependency updates through related packages (e.g.
`assets-controller`/`assets-controllers`, bridge controllers, and
others), including upgrading `@metamask/profile-sync-controller` to
`28.1.0` and `@metamask/multichain-account-service` to `10.0.0`.
> 
> Changelogs and `yarn.lock` are updated accordingly, including
recording the initial `@metamask/snap-account-service` (`0.1.0`) and the
`multichain-account-service` breaking changes around Snap readiness
handling/messenger requirements.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
4cb40f1. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Charly Chevalier <charly.chevalier@consensys.net>

## Explanation

Initialize the `wallet` package, which will eventually contain shared
initialization code for the MetaMask clients.

## References

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: this PR primarily scaffolds a new package and wires it into
repo tooling (TypeScript refs, docs, ownership) with only placeholder
code and a basic unit test.
> 
> **Overview**
> Adds a new `@metamask/wallet` workspace package scaffold
(build/test/docs configs, licensing/changelog/readme) with a placeholder
`greeter` export and a simple Jest test.
> 
> Wires the new package into monorepo infrastructure by updating root
`tsconfig.json`/`tsconfig.build.json` references, `README.md` package
list/dependency graph, `CODEOWNERS`/`teams.json` ownership mapping, and
`yarn.lock` workspace entry.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
17e8453. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

## Explanation

Release `980.0.0` with minor version bumps for:

- **`@metamask/transaction-controller`** `65.3.0` → `65.4.0`
- **`@metamask/transaction-pay-controller`** `22.3.1` → `22.4.0`

### `@metamask/transaction-controller@65.4.0`

#### Added
- Add optional `fiat` object (with `orderId` and `provider` properties)
to `MetamaskPayMetadata` type for persisting fiat on-ramp order data on
transactions
- Add `predictAcrossWithdraw` to the `TransactionType` enum

#### Changed
- `estimateGasBatch` now falls back to the sum of per-tx `gas` values in
the EIP-7702 path when node simulation fails, instead of returning the
block-gas-limit fallback
- Bump `@metamask/network-controller` from `^31.0.0` to `^32.0.0`
- Bump `@metamask/accounts-controller` from `^38.1.0` to `^38.1.1`
- Bump `@metamask/controller-utils` from `^12.0.0` to `^12.1.0`

### `@metamask/transaction-pay-controller@22.4.0`

#### Added
- Add Across quote support for post-quote Predict withdraw flows

#### Changed
- Derive fiat order source amount from on-chain transaction data
(`order.txHash`) with fallback to `order.cryptoAmount`
- Persist fiat order ID and provider code on `transaction.metamaskPay`
before polling, so activity views can query order status after
controller state cleanup
- Bump `@metamask/assets-controller` from `^7.1.1` to `^7.1.2`
- Bump `@metamask/assets-controllers` from `^108.0.0` to `^108.1.0`

#### Fixed
- For postquote payments payment token for MM Pay transaction should not
be reset when accountOverride is changed

### Dependency updates

14 packages had their `@metamask/transaction-controller` dependency
range updated from `^65.3.0` to `^65.4.0` with corresponding changelog
entries under `[Unreleased]`:
- `@metamask/assets-controller`
- `@metamask/assets-controllers`
- `@metamask/bridge-controller`
- `@metamask/bridge-status-controller`
- `@metamask/earn-controller`
- `@metamask/eip-5792-middleware`
- `@metamask/gator-permissions-controller`
- `@metamask/network-enablement-controller`
- `@metamask/perps-controller`
- `@metamask/phishing-controller`
- `@metamask/profile-metrics-controller`
- `@metamask/shield-controller`
- `@metamask/subscription-controller`
- `@metamask/user-operation-controller`

## References

- [#8694](#8694) — Add fiat on-ramp
order data persistence on transactions
- [#8759](#8759) — Add
`predictAcrossWithdraw` transaction type
- [#8735](#8735) — EIP-7702 gas
estimation fallback improvements
- [#8760](#8760) — Across quote
support for post-quote Predict withdraw
- [#8787](#8787) — Fix payment
token reset on accountOverride change

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [x] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Mainly a release/version bump, but it pulls in updated
`@metamask/transaction-controller` behavior (gas estimation fallback,
new metadata/type fields) across many dependent controllers, which could
affect transaction handling paths.
> 
> **Overview**
> Bumps the monorepo release to `980.0.0`, publishes
`@metamask/transaction-controller@65.4.0`, and publishes
`@metamask/transaction-pay-controller@22.4.0` (with corresponding
changelog link updates).
> 
> Propagates the `@metamask/transaction-controller` dependency range
from `^65.3.0` to `^65.4.0` across multiple packages (e.g.
assets/bridge/network-enablement/perps/phishing/shield/subscription/user-operation
controllers) and records the bumps in each package’s `[Unreleased]`
changelog entries, with `yarn.lock` updates to match.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
699b516. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

…#8695)

## Explanation

### Architecture Overview

```
┌─────────────────┐        messenger         ┌──────────────────────────┐
│   OHLCVService   │ ─── calls actions ────► │  BackendWebSocketService  │
│  (domain logic)  │                          │  (raw WS connection)      │
│                  │ ◄── listens to events ── │                           │
└────────┬────────┘                           └──────────┬───────────────┘
         │                                               │
    publishes events                              actual WebSocket
    to UI consumers                          (connect, auth, reconnect,
                                              heartbeat, JSON framing)
         │
         ▼
┌──────────────────┐
│   Mobile UI       │
│  (React hooks)    │
│  useOHLCVRealtime │
└──────────────────┘
```

### What

- Add `OHLCVService` for real-time OHLCV (candlestick) data streaming
via the backend WebSocket gateway
- Move all WebSocket-related files (`BackendWebSocketService`,
`AccountActivityService`) into a new `src/ws/` directory per code review
feedback

### Why

- Enable real-time chart updates on the Token Details screen without
polling
- Reduce API load by replacing periodic HTTP calls with persistent
WebSocket subscriptions
- Organize WebSocket code into a dedicated `ws/` folder for better
discoverability

### New files

- `src/ws/ohlcv/OHLCVService.ts` — main service with
subscribe/unsubscribe semantics, reference counting, grace-period
unsubscribe, idempotency checks, chain-status forwarding, and automatic
resubscription on reconnect
- `src/ws/ohlcv/OHLCVService.test.ts` — 22 unit tests covering all paths
(100% branch coverage)
- `src/ws/ohlcv/OHLCVService-method-action-types.ts` — auto-generated
messenger action types
- `src/ws/ohlcv/types.ts` — `OHLCVBar` and `OHLCVSubscriptionOptions`
types
- `src/ws/ohlcv/index.ts` — barrel exports

### Modified files

- `src/index.ts` — added exports for `OHLCVService`, its types, and
allowed actions/events; updated import paths to `./ws/`
- `eslint-suppressions.json` — updated paths for moved files, added
suppressions for new test file
- `CHANGELOG.md` — documented new service and exports

### Moved files (no logic changes)

- `src/BackendWebSocketService.ts` → `src/ws/BackendWebSocketService.ts`
- `src/BackendWebSocketService.test.ts` →
`src/ws/BackendWebSocketService.test.ts`
- `src/BackendWebSocketService-method-action-types.ts` →
`src/ws/BackendWebSocketService-method-action-types.ts`
- `src/AccountActivityService.ts` → `src/ws/AccountActivityService.ts`
- `src/AccountActivityService.test.ts` →
`src/ws/AccountActivityService.test.ts`
- `src/AccountActivityService-method-action-types.ts` →
`src/ws/AccountActivityService-method-action-types.ts`
- Only import path updates (`./logger` → `../logger`, `./types` →
`../types`, test helper paths)

### Key design decisions

- **UI-driven lifecycle** — unlike `AccountActivityService`
(auto-subscribes on account change), `OHLCVService` exposes
`subscribe()`/`unsubscribe()` called by the UI when the chart
mounts/unmounts
- **Reference counting** — multiple UI consumers subscribing to the same
assetId/interval/currency share one WebSocket subscription
- **Grace period (3s)** — when all consumers unsubscribe, actual WS
unsubscribe is delayed 3 seconds to absorb rapid navigation (Token A →
Token B → Token A)
- **Idempotency** — uses `channelHasSubscription` before subscribing;
duplicate calls are no-ops (React Strict Mode safe)
- **Chain status** — listens to `system-notifications.v1.market-data.v1`
(auto-subscribed by server) and publishes
`OHLCVService:chainStatusChanged`
- **Disconnect handling** — on WebSocket disconnect, publishes
`chainStatusChanged { status: 'down' }` for all tracked chains,
triggering UI polling fallback
- **Reconnect** — resubscribes all active channels when WebSocket
reconnects (no `sessionId` needed for OHLCV; UI polling fallback covers
the gap)
- **`init()` method** — system notification callback registered in
`init()` (not constructor) to comply with messenger-in-constructor lint
rule

### Events published

- `OHLCVService:barUpdated` — `{ channel, bar: OHLCVBar }` — new candle
data from WebSocket
- `OHLCVService:chainStatusChanged` — `{ chainIds, status, timestamp? }`
— chain up/down (server notification or WS disconnect)
- `OHLCVService:subscriptionError` — `{ channel, error, operation }` —
subscribe or unsubscribe failure

## References

* Related to
https://www.notion.so/metamask-consensys/OHLCV-WebSocket-Integration-UI-Implementation-Guide-346f86d67d6880b6a70fc3be0f0c34b9
* Related to MetaMask/metamask-mobile#29739
* Fixes https://consensyssoftware.atlassian.net/browse/ASSETS-3195

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Adds a new WebSocket-driven market-data service with reference
counting, timers, and reconnect resubscription logic, which can affect
subscription lifecycles and event delivery. Also moves existing
WebSocket services into `src/ws/`, so consumers relying on internal
paths (vs package exports) could break if any remain.
> 
> **Overview**
> Adds a new `OHLCVService` to stream real-time OHLCV bars over
WebSocket, exposing `subscribe`/`unsubscribe` via messenger actions,
publishing `barUpdated`/`chainStatusChanged`/`subscriptionError` events,
and handling reconnect resubscription with ref-counting plus a
grace-period unsubscribe (mutex-protected).
> 
> Refactors `core-backend` by moving `BackendWebSocketService` and
`AccountActivityService` (and their tests/action-type files) into
`src/ws/`, updating imports/exports (`src/index.ts`), and updating lint
suppressions; also adds `async-mutex` plus comprehensive unit tests for
the new service and documents the addition in the changelog.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
730af62. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->