[pull] main from MetaMask:main#645
Merged
pull[bot] merged 8 commits intoReality2byte:mainfrom Apr 1, 2026
Merged
Conversation
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> CI `yarn npm audit` is failing due to advisory [1115765](GHSA-wh4c-j3r5-mjhp) — an XML injection via unsafe CDATA serialization in `xmldom`. There is no fix available in our dependency tree yet. This PR temporarily suppresses the advisory in `.yarnrc.yml` `npmAuditIgnoreAdvisories` to unblock CI, following the same pattern used for the existing `bn.js` suppressions. ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: ## **Manual testing steps** N/A ## **Screenshots/Recordings** ### **Before** N/A ### **After** N/A ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- Generated with the help of the pr-description AI skill --> Made with [Cursor](https://cursor.com) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Low code-change risk, but it *suppresses a known security advisory* (`xmldom` XML injection) so vulnerabilities may go unnoticed until the dependency is upgraded. > > **Overview** > Updates `.yarnrc.yml` to add advisory `1115765` to `npmAuditIgnoreAdvisories`, suppressing the `xmldom` CDATA serialization XML-injection audit finding to unblock `yarn npm audit`/CI. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit f4adc9c. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** This PR bumps `@metamask/multichain-account-service`, `@metamask/accounts-controller`, `@metamask/account-tree-controller`, and `@metamask/assets-controllers` to their latest versions. It also bumps snaps dependencies (30b93b5) - Adapted `MultichainAccountService` init to the new `providerConfigs` API (removes manual provider instantiation and `RemoteFeatureFlagController` dependency) - Updated messengers with newly required actions - Fixed `AccountTreeControllerState` shape (`selectedAccountGroup` moved to top-level) across test/mock files - Added new required type properties and stricter `AccountGroupId` formats in tests ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/MUL-1639 ## **Manual testing steps** No specific manual testing steps. Verify that adding / renaming accounts, wether it be manually or automatically (via Backup & Sync). ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [x] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [x] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Touches core Engine initialization and messenger/action names for Snaps and multichain routing, so mismatches can break RPC/middleware flows at runtime; changes are mostly mechanical API alignment but broad in surface area. > > **Overview** > Updates multichain-accounts wiring to newer controller APIs: `AccountTreeControllerState.selectedAccountGroup` is treated as a top-level field (not inside `accountTree`) and many mocks/tests/stories are adjusted accordingly (plus required metadata like `lastSelected`/wallet `status`). > > Refactors core Engine + RPC plumbing to replace `MultichainRouter` with `MultichainRoutingService` (new init + messengers and updated action names) and to rename/replace `SnapsRegistry` with `SnapRegistryController`, including updating messenger typings and SnapController action strings (e.g., `SnapController:get` -> `SnapController:getSnap`). > > Simplifies controller initialization to match updated dependencies: `MultichainAccountService` now uses `providerConfigs` (dropping manual provider wrappers and Remote Feature Flag toggling), `GatorPermissionsController` now receives a `config` object (validated via `assertIsValidSnapId`) instead of embedding flags in state, and `BridgeStatusController` init stops passing per-tx helper fns (with messenger permissions updated accordingly). > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 3c0064c. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Maarten Zuidhoorn <maarten@zuidhoorn.com> Co-authored-by: Jeff Smale <6363749+jeffsmale90@users.noreply.github.com>
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->
## **Description**
<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->
Set headerTitle to empty string instead of null to prevent the route
name from displaying in the navigation bar on the import wallet screen.
Also update navigation parent accessor calls.
## **Changelog**
<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`
If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`
(This helps the Release Engineer do their job more quickly and
accurately)
-->
CHANGELOG entry: null
## **Related issues**
Fixes:
## **Manual testing steps**
```gherkin
Feature: my feature name
Scenario: user [verb for user action]
Given [describe expected initial app state]
When user [verb for user action]
Then [describe expected outcome]
```
## **Screenshots/Recordings**
<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->
### **Before**
<!-- [screenshots/recordings] -->
<img width="1320" height="2868" alt="Simulator Screenshot - iPhone 17
Pro Max - 2026-03-31 at 15 56 37"
src="https://github.com/user-attachments/assets/a8825128-1707-41c4-b4dc-9bc674620185"
/>
### **After**
<!-- [screenshots/recordings] -->
<img width="1320" height="2868" alt="Simulator Screenshot - iPhone 17
Pro Max - 2026-03-31 at 15 56 08"
src="https://github.com/user-attachments/assets/d1bdd70b-cca3-42d5-beb4-237732e441a8"
/>
## **Pre-merge author checklist**
- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I've included tests if applicable
- [x] I've documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I've applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.
## **Pre-merge reviewer checklist**
- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Low risk UI/navigation configuration change that only affects how the
onboarding header title is rendered when the logo is hidden.
>
> **Overview**
> Prevents onboarding-related screens from accidentally displaying the
route name in the navigation bar by changing
`getOnboardingNavbarOptions` to use an empty string (`''`) instead of
`null` when `showLogo` is false.
>
> Updates associated unit tests and the `ImportFromSecretRecoveryPhrase`
snapshot to reflect the now-empty header title, and aligns
`ManualBackupStep1` header assertions with the new behavior.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
accacec. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
….72.0 (#28086) ## **Description** When switching between perps assets (e.g. from BTC to ETH), the "Pay with" token selection could get out of sync — the pending config from the previous asset would either not be restored or would conflict with the newly selected asset's payment token. ## **Changelog** CHANGELOG entry: Fixed payment token not restoring correctly when switching between perps assets ## **Related issues** Fixes jira issue: https://consensyssoftware.atlassian.net/browse/TAT-2785 ## **Manual testing steps** ```gherkin Feature: Perps pay-with token persistence across asset switches Scenario: User switches perps asset and pending pay token is restored Given the user has a pending pay-with token config saved for ETH perps And the user is currently viewing BTC perps order view When the user switches to ETH perps Then the pay-with token row displays the previously saved payment token for ETH Scenario: User switches asset and controller state is reset Given the user is viewing BTC perps with a selected payment token When the user switches to ETH perps Then the controller's selectedPaymentToken is reset to null And the new asset's pending config (if any) is applied Scenario: User opens perps with no prior selectedPaymentToken in controller Given the user has a pending pay-with config but no selectedPaymentToken in the controller When the user opens the perps order view Then the pending config is applied and the correct pay token is displayed ``` ## **Screenshots/Recordings** N/A — no UI changes, logic-only fix in payment token sync. ### **Before** N/A ### **After** N/A ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Touches perps payment-token synchronization logic and controller state resets, which can affect what token a user trades with across asset switches. Changes are localized and covered by new unit tests, but regressions could impact user transaction configuration. > > **Overview** > Fixes perps “Pay with” token desynchronization when switching `initialAsset` by **clearing `PerpsController.setSelectedPaymentToken` on asset change** and ensuring pending token config is re-applied for the new asset. > > Adjusts pending-config sync so it can apply even when `selectedPaymentToken` is `null`, and only re-syncs when either the `payToken` *or* controller-selected token differs from the pending token (avoiding unnecessary overwrites). Adds targeted tests covering asset-change cleanup and the new sync edge cases. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit ed6e439. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
…action Finalized tracking (#28164) ## **Description** MM Pay analytics properties (`mm_pay_*`) on the `Transaction Finalized` event were intermittently missing for `predict_deposit`, `perps_deposit` and for `predict_withdraw` transactions. The properties were set by a React hook (`useTransactionPayMetrics`) that dispatches to Redux via `useEffect`. When the confirmation screen unmounted before the effect fired, the data was lost. This PR moves core `mm_pay_*` derivation into the `getMetaMaskPayProperties` metrics builder, reading directly from `transactionMeta.metamaskPay` and `TransactionPayController.transactionData` — controller state that persists regardless of UI lifecycle. The hook now only dispatches UI-specific properties (e.g., `mm_pay_token_presented`, `mm_pay_quote_loaded`). ## **Changelog** CHANGELOG entry: fix: derive mm_pay_* metrics from controller state for reliable Transaction Finalized tracking ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/CONF-1102 ## **Manual testing steps** ```gherkin Feature: MM Pay predict withdraw analytics Scenario: Transaction Finalized event includes all mm_pay_* properties Given user has a Polymarket position to withdraw And user has tokens on a different chain (e.g., BNB on BSC) When user initiates a predict withdraw with MM Pay And user approves the transaction quickly Then the "Transaction Finalized" event for transaction_type "predict_withdraw" includes all mm_pay_* properties (mm_pay, mm_pay_use_case, mm_pay_token_selected, mm_pay_chain_selected, mm_pay_sending_value_usd, mm_pay_receiving_value_usd, mm_pay_metamask_fee_usd, mm_pay_strategy) ``` ## **Screenshots/Recordings** ### **Before** `mm_pay_*` properties intermittently missing on predict_withdraw Transaction Finalized events. ### **After** All core `mm_pay_*` properties reliably present, derived from controller state. ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Touches analytics metric composition for MetaMask Pay transactions and changes the source of truth for fee/value/strategy fields; mistakes could silently regress tracking correctness across pay flows. > > **Overview** > Ensures `Transaction Finalized` analytics consistently include core `mm_pay_*` properties by **deriving them in `getMetaMaskPayProperties` from `transactionMeta.metamaskPay` and `TransactionPayController.transactionData`**, rather than relying on confirmation-screen lifecycle. > > `useTransactionPayMetrics` is reduced to dispatching **UI-only** fields (e.g., `mm_pay_token_presented`, quote loaded/requested, token list size, highest-balance chain) and now explicitly avoids emitting builder-owned properties like token/chain selected, use case, fees, strategy, dust, and step counts. > > Tests are updated accordingly: hook tests assert only UI-scoped metrics are dispatched, and `metamask-pay` builder tests now validate fee/value/strategy/use-case/step/dust derivation from controller state (including preference for `paymentToken.symbol` over token lookup). > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 1bbf16b. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Signed-off-by: dan437 <80175477+dan437@users.noreply.github.com>
…on unlock cp-7.72.0 (#28230) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> After a seedless / social-account wallet unlock on the OAuth rehydration screen, local marketing consent and analytics could drift from the account’s server-side marketing opt-in. That meant user profile properties and preference events were not reliably aligned with `getMarketingOptInStatus` until some other flow ran. This change calls `OAuthService.getMarketingOptInStatus()` immediately after a successful unlock on `OAuthRehydration`, then: - Dispatches `setDataCollectionForMarketing` so Redux matches the server flag. - Updates MetaMetrics identity with `HAS_MARKETING_CONSENT`. - Fires `ANALYTICS_PREFERENCE_SELECTED` with `updated_after_onboarding: true`, `location: 'oauth_rehydration'`, and `account_type` from the seedless auth connection. Failures are logged and do not block unlock. Unit tests assert the marketing sync runs on the happy path and is skipped when navigation does not complete that path. ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: #28249 ## **Manual testing steps** ```gherkin Feature: OAuth rehydration marketing opt-in sync Scenario: Successful unlock syncs marketing preference and analytics Given the user completes social / seedless onboarding and reaches OAuth rehydration And the app can reach OAuth marketing opt-in APIs When the user enters a valid password and unlock succeeds Then local marketing data collection state should match the server opt-in response And analytics should record preference / identity updates for marketing consent (verify in debug / staging tooling if available) Scenario: Unlock path that does not complete rehydration navigation Given a flow where OAuth rehydration does not navigate to home after unlock (e.g. error or alternate path covered by tests) When unlock handling does not take the success path that replaces with onboarding home Then marketing opt-in sync should not run (no redundant or incorrect preference sync) ``` ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [ ] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Touches the post-unlock path of `OAuthRehydration` by adding a background network call plus Redux/analytics side effects; failures are best-effort but bugs here could desync consent state or misfire analytics. > > **Overview** > After a successful OAuth rehydration unlock, the app now fetches server-side marketing consent via `OAuthService.getMarketingOptInStatus()` and **syncs it locally**. > > The unlock flow dispatches `setDataCollectionForMarketing`, updates MetaMetrics identity (`HAS_MARKETING_CONSENT`), and emits `ANALYTICS_PREFERENCE_SELECTED` with `updated_after_onboarding`, `location: 'oauth_rehydration'`, and an `account_type` derived from the seedless `authConnection`; errors are logged and do not block unlock. > > Tests were updated to mock `analytics`/`getMarketingOptInStatus`, assert the sync runs on the successful rehydration path, verify Redux + analytics payloads, and confirm the sync is skipped for the *outdated password* (non-oauth2) unlock path. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 0738153. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
#28137) …nd CSS <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> This PR migrates the SRPInputGrid view away from legacy StyleSheet.create()-based styling toward the MetaMask design system and Tailwind CSS. Also migrated to Typescript as a functional component. Jira Link: https://consensyssoftware.atlassian.net/browse/TO-646 ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: migrate SRPInputGrid to design system components and Tailwind CSS ## **Related issues** Fixes: ## **Manual testing steps** ```gherkin Feature: Import SRP Scenario: when the user use the existing wallet SRP Then validate the UI ``` ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> https://github.com/user-attachments/assets/d9d9db2f-915d-4daa-91be-970430fc05f5 https://github.com/user-attachments/assets/3cf1db2c-846c-477f-81fd-ac62b3f4c73f https://github.com/user-attachments/assets/1f2caf23-b0ec-4134-9749-9a7aa2b2ca6b <img width="1059" height="994" alt="Screenshot 2026-03-31 at 1 18 04 PM" src="https://github.com/user-attachments/assets/962f6fde-0641-4aad-a2e8-34fafd5e0451" /> <img width="972" height="1011" alt="Screenshot 2026-03-31 at 1 18 12 PM" src="https://github.com/user-attachments/assets/df498865-686b-44e3-a2ae-bc5986c5a0aa" /> <img width="1020" height="993" alt="Screenshot 2026-03-31 at 1 18 47 PM" src="https://github.com/user-attachments/assets/79c605f5-441d-45d9-8723-33a4324376cb" /> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [x] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [x] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > UI-heavy refactor of the Secret Recovery Phrase input flow; while logic is mostly preserved, changes to component structure, styling, and input props/focus handling could introduce regressions in SRP entry/paste behavior. > > **Overview** > Refactors `SrpInputGrid` to use MetaMask design-system primitives (`Box`, `Button`, design-system `Text`) and Tailwind-based styling, removing the legacy `StyleSheet.create` file and updating layout/style behavior accordingly. > > Consolidates shared `TextInput` props into `SHARED_INPUT_PROPS`, moves word validation helper out of the component, and replaces the inline paste/clear `Text` action with a tertiary `Button`; Jest snapshots are updated to reflect the new rendered structure and styling. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit e7c1129. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
…om PROD (#27405) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## Description Automates detection of drift between the local feature flag registry and production, with CI workflow and Slack notification so the team is alerted when the registry diverges from what is live. **Why:** The local feature flag registry can drift from production without notice, causing E2E or config problems. **What was added:** - **Production sync script** (`tests/feature-flags/sync-production-flags.ts`): Fetches from production client-config API, compares to registry, and reports drift (new flags, removed flags, value mismatches, inProd mismatches). Excludes `mobileMinimumVersions`. - **CLI:** `yarn feature-flags:sync`, `yarn feature-flags:sync:check`, `yarn feature-flags:sync:update` - **Daily CI workflow:** Runs sync check, uploads drift report artifact, notifies Slack on drift - **Unit tests:** For drift detection logic ## Changelog CHANGELOG entry: null ## Related issues Fixes: https://consensyssoftware.atlassian.net/browse/MMQA-1525 ## Manual testing steps ```gherkin Feature: Feature flag registry drift detection Scenario: Developer checks for registry drift Given the local feature flag registry may differ from production When the developer runs `yarn feature-flags:sync` Then they see a report of new, removed, or mismatched flags (or no drift) Scenario: Developer updates registry from production Given drift is detected between registry and production When the developer runs `yarn feature-flags:sync:update` Then the registry file is updated and Prettier-formatted Scenario: CI detects drift Given the workflow runs and production differs from the registry When the workflow completes Then a drift report artifact is uploaded and Slack is notified ``` ## Screenshots/Recordings <img width="720" height="188" alt="image" src="https://github.com/user-attachments/assets/e6d466c5-119e-4f49-a45c-d6affec641ac" /> <img width="594" height="154" alt="image" src="https://github.com/user-attachments/assets/7e9127f1-0e42-4611-a992-31efb0d5de1a" /> ## Pre-merge author checklist - [ ] I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards - [ ] I've completed the PR template to the best of my ability - [ ] I've included tests if applicable - [ ] I've documented my code using JSDoc format if applicable - [ ] I've applied the right labels on the PR ## Pre-merge reviewer checklist - [ ] I've manually tested the PR - [ ] I confirm this PR addresses all acceptance criteria and includes necessary testing evidence <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Adds a scheduled GitHub Actions workflow that fetches production flags, writes artifacts, and can open PRs/notify Slack, which could generate noise or unintended updates if the sync logic or API behavior is wrong. > > **Overview** > Adds an automated production drift detector for the feature-flag registry. A new `tests/feature-flags/sync-production-flags.ts` CLI fetches flags from the production client-config API, compares them to `tests/feature-flags/feature-flag-registry.ts`, emits a JSON report, and supports `--check` (exit 1 on drift) and `--update` (rewrite registry values, add/remove entries, and flip stale `inProd` flags). > > Introduces unit coverage for drift detection and registry rewriting, and wires it into CI via a scheduled/manual GitHub Actions workflow that runs the check weekly, uploads drift artifacts, opens an automated PR with the updated registry, and posts a Slack notification when drift is found. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 0bc4a67. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )