## Explanation

<!--
Thanks for your contribution! Take a moment to answer these questions so
that reviewers have the information they need to properly understand
your changes:

* What is the current state of things and why does it need to change?
* What is the solution your changes offer and how does it work?
* Are there any changes whose purpose might not obvious to those
unfamiliar with the domain?
* If your primary goal was to update one package but you found you had
to update another one along the way, why did you do so?
* If you had to upgrade a dependency, why did you do so?
-->
This PR updates notification preferences to use AUS as the source of
truth after first initialization, in order to enrich notification
settings with the following categories:
- Updates and Rewards (or marketing)
- Wallet Activity
- Perps
- Social AI

For new users, the NotificationServicesController now writes a complete
preferences blob, seeding wallet activity from the current Trigger API
state and defaulting all current accounts to enabled for true first-time
setup. Marketing initialization is split by channel: push follows
marketing consent, while in-app follows the product announcement current
option.

## References

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->
Fixes [GE-13](https://consensyssoftware.atlassian.net/browse/GE-13)

## Checklist

- [x] I've updated the test suite for new or updated code as appropriate
- [x] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [x] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [x] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Changes the notification settings source of truth and
initialization/write paths (Trigger API -> AUS), which can affect user
notification enablement and push registration behavior across accounts
and channels.
> 
> **Overview**
> **Moves notification preference storage to Authenticated User Storage
(AUS).** `NotificationServicesController` now reads/writes notification
preferences via AUS messenger actions and uses those preferences
(instead of Trigger API config) when enabling push notifications,
checking account presence, and selecting addresses for fetching on-chain
notifications.
> 
> **Adds first-time preference initialization and new options.** When
AUS has no preferences (`null`), `createOnChainTriggers` writes a
complete preferences blob (wallet activity seeded from current Trigger
API state with first-time “enable all” fallback, plus default
Perps/SocialAI) and seeds marketing push/in-app from new
`hasMarketingConsent` and `productAnnouncementEnabled` options; the old
`resetNotifications` option is removed.
> 
> **Updates shared types and tests.**
`@metamask/authenticated-user-storage` notification preference
types/validators replace `enabled` with per-channel
`inAppNotificationsEnabled`/`pushNotificationsEnabled`, and
notification-services-controller tests/mocks are rewritten to mock AUS
calls and drop `updateOnChainNotifications` coverage.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
c1c039d. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

[GE-13]:
https://consensyssoftware.atlassian.net/browse/GE-13?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

## Explanation

Why: Dapp scanning now supports path-level dapp scanning. Without this
client-side change, the API never receives paths and the path-scanning
capability goes unused.
<!--
Thanks for your contribution! Take a moment to answer these questions so
that reviewers have the information they need to properly understand
your changes:

* What is the current state of things and why does it need to change?
* What is the solution your changes offer and how does it work?
* Are there any changes whose purpose might not obvious to those
unfamiliar with the domain?
* If your primary goal was to update one package but you found you had
to update another one along the way, why did you do so?
* If you had to upgrade a dependency, why did you do so?
-->

## References

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

Fixes:
https://consensyssoftware.atlassian.net/jira/software/c/projects/PSAFE/boards/1950?selectedIssue=PSAFE-419
Extension PR: MetaMask/metamask-extension#42311

## Screenshots
I've ran MetaMask Extension locally with these changes. Paths are now
included in the API request.
<img width="483" height="119" alt="image"
src="https://github.com/user-attachments/assets/ce278da6-fa90-4e7c-9ac2-90e4ecfd671f"
/>


## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them



<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Modifies `scanUrl` request/caching semantics to sometimes key on
`hostname+pathname`, which can change phishing detection outcomes and
cache behavior for gateway domains and could affect API load if
misclassified.
> 
> **Overview**
> **Adds path-aware phishing URL scanning for shared gateway hosts.**
`PhishingController.scanUrl` now sends `hostname+pathname` (instead of
hostname-only) for a curated set of gateway root domains and subdomains,
and caches results by this scan parameter.
> 
> Introduces new utilities/constants
(`PHISHING_DETECTION_PATH_BASED_ROOT_DOMAINS`,
`isPhishingDetectionPathBasedHostname`,
`getPhishingDetectionScanUrlParam`), exports them from `index.ts`, and
updates tests/changelog to cover the new request format and per-path
caching behavior.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
74ef4dc. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

## Explanation

<!--
Thanks for your contribution! Take a moment to answer these questions so
that reviewers have the information they need to properly understand
your changes:

* What is the current state of things and why does it need to change?
* What is the solution your changes offer and how does it work?
* Are there any changes whose purpose might not obvious to those
unfamiliar with the domain?
* If your primary goal was to update one package but you found you had
to update another one along the way, why did you do so?
* If you had to upgrade a dependency, why did you do so?
-->

## References

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: this is a release/version bookkeeping PR that mainly updates
package versions, changelogs, and dependency ranges without changing
runtime logic.
> 
> **Overview**
> Bumps the root monorepo version to `981.0.0` and publishes new package
versions for `@metamask/base-data-service` (`0.1.3`),
`@metamask/react-data-query` (`0.2.1`), and
`@metamask/eip-5792-middleware` (`3.0.4`).
> 
> Updates consumers (`authenticated-user-storage`, `chomp-api-service`,
`money-account-balance-service`, `react-data-query`,
`sample-controllers`, `social-controllers`) to depend on
`@metamask/base-data-service@^0.1.3`, and refreshes associated changelog
entries and `yarn.lock` resolutions.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
78dd458. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

## Explanation

<!--
Thanks for your contribution! Take a moment to answer these questions so
that reviewers have the information they need to properly understand
your changes:

* What is the current state of things and why does it need to change?
* What is the solution your changes offer and how does it work?
* Are there any changes whose purpose might not obvious to those
unfamiliar with the domain?
* If your primary goal was to update one package but you found you had
to update another one along the way, why did you do so?
* If you had to upgrade a dependency, why did you do so?
-->

## References

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Primarily release metadata and dependency version bumps; the main risk
is downstream breakage for consumers that haven’t yet adapted to the
`@metamask/authenticated-user-storage@2.0.0` breaking type changes.
> 
> **Overview**
> Bumps the monorepo release version to `982.0.0` and publishes new
versions for `@metamask/authenticated-user-storage` (`2.0.0`),
`@metamask/notification-services-controller` (`24.0.0`), and
`@metamask/money-account-upgrade-controller` (`2.0.2`).
> 
> Updates `money-account-upgrade-controller` and
`notification-services-controller` to depend on
`@metamask/authenticated-user-storage@^2.0.0`, with corresponding
changelog entries and `yarn.lock` updates.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
a465788. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>