Skip to content

chore: upgrade design system packages @metamask/design-tokens@8.2.1 (#40466)#1

Open
successbase wants to merge 4029 commits into
mg/feat/recover-keyfrom
main
Open

chore: upgrade design system packages @metamask/design-tokens@8.2.1 (#40466)#1
successbase wants to merge 4029 commits into
mg/feat/recover-keyfrom
main

Conversation

@successbase

@successbase successbase commented Apr 27, 2026

Copy link
Copy Markdown
Owner

Description

Open in GitHub Codespaces

Changelog

CHANGELOG entry:

Related issues

Fixes:

Manual testing steps

  1. Go to this page...

Screenshots/Recordings

Before

After

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

Gudahtt and others added 30 commits February 13, 2026 15:18
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Reverts MetaMask#39565 

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/39945?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: revert: remove network dropdown from Activity tab

## **Related issues**

Fixes:

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

[skip-e2e]

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches core Activity filtering/rendering across multiple list
implementations and changes which transactions appear based on
enabled-network state, which could hide/show activity unexpectedly if
selectors or chain-ID handling are wrong.
> 
> **Overview**
> Restores the **network dropdown** control in the Activity/transaction
lists by rendering `AssetListControlBar` again (with a new
`hideNetworkFilter` prop to suppress it in embedded contexts like the
asset page).
> 
> Updates both `TransactionList` and `UnifiedTransactionList` to
**filter pending/completed activity by enabled networks**, including
special handling for MetaMask Pay transaction types via a new
`filterTransactionByChain` helper (with unit tests). E2E and snapshot
tests were adjusted to reflect the restored dropdown and updated
activity assertions.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
7ddab7e. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
… cp-13.18.0 (MetaMask#39955)

- chore: Add NPM proxy to privacy snapshot cp-13.18.0 (MetaMask#39936)
…39979)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Adds custom toast notifications for the mUSD Merkl rewards claiming
flow. When a user initiates a Merkl claim transaction, the toast tracks
the transaction lifecycle: in-progress (with spinner) → success/failed
(auto-hides after 5s).

Also fixes a pre-existing bug in `home.component.js` where the "network
added" notification would reappear after navigating away and back —
`onAutoHide` was calling the raw `setEditedNetwork()` action creator
(no-op) instead of the dispatched `clearEditedNetwork()` prop.

**Changes:**
- `useMerklClaimStatus` hook — monitors Redux transactions for Merkl
Distributor address, detects pending → confirmed/failed/dropped
transitions, and exposes `toastState` + `dismissToast`
- `MerklClaimToast` component in `ToastMaster` — renders loading spinner
(in-progress), checkmark (success), or error icon (failed) using
`@metamask/design-system-react` icons
- 3 new i18n strings for toast messages
- Bug fix: `home.component.js` `onAutoHide` now calls
`clearEditedNetwork()` (dispatched) instead of `setEditedNetwork()`
(undispatched import)

**Note:** This has been tested together with the full `claim-musd`
branch changes from [PR
MetaMask#39901](MetaMask#39901)
(Merkl rewards functionality — still WIP), but this PR is independent
and can be merged first.


## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: Added toast notifications for mUSD reward claim
transaction status (in-progress, success, failed); fixed a bug where the
"network added" home notification would reappear after navigation

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/MUSD-303

## **Manual testing steps**

1. Apply the full Merkl claiming changes from the `claim-musd` branch
(PR MetaMask#39901) on top of this branch
2. Hold mUSD with unclaimed Merkl rewards, claim via the Claim flow
3. Verify the "Your mUSD bonus is processing" toast appears with a
spinning loader
4. After transaction confirms, verify "Your mUSD bonus is here!" toast
appears with a checkmark and auto-hides after 5 seconds
5. Reject a claim transaction — verify "Bonus claim failed" toast
appears with an error icon
6. For the bug fix: add a custom network, wait for the "successfully
added" notification to auto-hide, navigate away and back — verify it
does NOT reappear

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**


https://github.com/user-attachments/assets/27e072c2-e64b-4d63-b95b-c38bba79ed68


<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Adds new UI toast behavior driven by transaction state transitions;
low blast radius but mistakes could cause noisy/incorrect user
notifications or missed claim feedback.
> 
> **Overview**
> Adds mUSD Merkl rewards claim status toasts that watch Merkl
distributor transactions and show *in-progress* (spinner) then
*success*/*failed* completion messages (auto-hiding after 5s).
> 
> Introduces a new `useMerklClaimStatus` hook (with tests) to detect
pending→confirmed/failed/dropped transitions and prevent duplicate
completion toasts, wires it into `ToastMaster`, and adds new i18n
strings.
> 
> Fixes `home.component.js` notification auto-hide to call the
dispatched `clearEditedNetwork()` instead of an undispatched
`setEditedNetwork()` action creator.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
10cb57e. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…fully in send flow for custom network cp-13.17.0 (MetaMask#39833)

- fix: handle evm unsupported chains gracefully in send flow for custom network cp-13.17.0 (MetaMask#39806)

CHANGELOG entry: Fixed error when sending native tokens on EVM networks when chainId is provided as decimal string.
… large state failing to transfer on new chromium-based browsers (MetaMask#40101)

CHANGELOG entry: fixes issue for users with a lot of state on recent chromium-based browsers
…etaMask#39921)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

- **Reason for the change**: When signing a swap of ERC20 USDC (and
similar token operations) on Base, Polygon, etc with a Ledger device,
the device showed "_Review transaction to manage NFT allowance_" even
though the transaction was a token (ERC20) approve, not an NFT one.
- **Root cause**: Ledger’s clear-sign resolution in
`@ledgerhq/hw-app-eth` is based only on the transaction’s 4-byte
selector. In `@ledgerhq/evm-tools`, ERC20 and ERC721 use the same
selector for `approve()`: `0x095ea7b3`. With `nft: true` in the
resolution config, the library enables both ERC20 and NFT resolution for
any call with that selector. The device then receives NFT plugin data
and shows the NFT allowance message even when the contract is an ERC20.
- **Proposed fix**: We set the nft resolution flag by transaction
selector instead of always passing `nft: true`. We parse the raw tx to
get the 4-byte selector and only pass `nft: true` when the selector is
NFT-only (used by ERC721/ERC1155 but not by ERC20): e.g.
`setApprovalForAll` (`0xa22cb465`), `safeTransferFrom` (`0x42842e0e`,
`0xb88d4fde`, `0xf242432a`), `safeBatchTransferFrom` (`0x2eb2c2d6`). For
the shared approve selector (`0x095ea7b3`) and all other selectors we
pass `nft: false`, so ERC20 approves only get ERC20 resolution and the
device shows the correct token/allowance wording. Real NFT transfers and
approvals still get `nft: true` and keep NFT clear signing.
- The other excluded selector is `transferFrom` (`0x23b872dd`) since it
could also be used by ERC20 and ERC721

### Technical Details

- ERC20: https://eips.ethereum.org/EIPS/eip-20

```solidity
// Source: https://github.com/openzeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/IERC20.sol

interface IERC20 {
  // Partial snippet from the interface

  function transfer(address to, uint256 value) external returns (bool);

  function approve(address spender, uint256 value) external returns (bool);

  function transferFrom(address from, address to, uint256 value) external returns (bool);
}
```

- ERC721: https://eips.ethereum.org/EIPS/eip-721

```solidity
// Source: https://github.com/openzeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/IERC721.sol 

interface IERC721 is IERC165 {
  // Partial snippet from the interface

  function safeTransferFrom(address from, address to, uint256 tokenId, bytes calldata data) external;

  function safeTransferFrom(address from, address to, uint256 tokenId) external;

  function transferFrom(address from, address to, uint256 tokenId) external;

  function approve(address to, uint256 tokenId) external;

  function setApprovalForAll(address operator, bool approved) external;
}
```

- ERC1155: https://eips.ethereum.org/EIPS/eip-1155

```solidity
// https://github.com/openzeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC1155/IERC1155.sol

interface IERC1155 is IERC165 {
  // Partial snippet from the interface

  function setApprovalForAll(address operator, bool approved) external;

  function safeTransferFrom(address from, address to, uint256 id, uint256 value, bytes calldata data) external;

  function safeBatchTransferFrom(
    address from,
    address to,
    uint256[] calldata ids,
    uint256[] calldata values,
    bytes calldata data
  ) external;
}
```



Selector | ERC-20 | ERC-721 | ERC-1155
-- | -- | -- | --
0x23b872dd | ✅ | ✅ | ❌
0x095ea7b3 | ✅ | ✅ | ❌
0xa22cb465 | ❌ | ✅ | ✅
0xa9059cbb | ✅ | ❌ | ❌
0x42842e0e | ❌ | ✅ | ❌
0xb88d4fde | ❌ | ✅ | ❌
0xf242432a | ❌ | ❌ | ✅
0x2eb2c2d6 | ❌ | ❌ | ✅

</div></div> 

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/39921?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Fixes: None

## **Manual testing steps**

1. Import a Ledger account into MetaMask
2. Try to swap a ERC20 token like USDC in Base
3. Verify that the message displayed in the ledger (Ledger Nano 5, Flex,
or Stax) is about ERC20 tokens and not NFTs

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches hardware-wallet transaction signing parameters; incorrect
selector parsing or allowlist coverage could regress Ledger clear-sign
behavior for some contract calls.
> 
> **Overview**
> Fixes Ledger clear-signing resolution by **deriving the `nft` flag
from the transaction’s 4-byte selector** instead of hardcoding it, so
ERC20 `approve` calls no longer trigger NFT allowance messaging while
NFT-only methods still enable NFT clear signing.
> 
> This adds selector parsing via `@ethersproject/transactions.parse`
(with safe fallback on parse errors), introduces an `NFT_ONLY_SELECTORS`
allowlist, updates unit tests to assert `nft: false/true` behavior for
key selectors and parse failures, and updates LavaMoat policies + deps
to allow direct `@ethersproject/transactions` usage.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
121ed30. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Hassan Malik <41640681+hmalik88@users.noreply.github.com>
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

This PR introduces the Perps tutorial modal - a 6-step onboarding flow
that educates users about perpetual futures trading. The implementation
matches the design and text from MetaMask Mobile.

Features:
6-step tutorial flow with progress indicator
Rive animations for steps 2-6 with theme support (light/dark)
Static character image for the first step
Responsive layout that works across popup, side panel, and fullscreen
modes
Redux state management for tutorial progress via ducks/perps
Left-aligned text matching mobile design
Skip and Continue navigation with proper state handling

New files:
ui/components/app/perps/perps-tutorial-modal/ - Modal and step
components
ui/ducks/perps/tutorial.ts - Redux slice for tutorial state
ui/ducks/perps/selectors.ts - Redux selectors
app/images/riv_animations/perps-onboarding-carousel-*.riv - Rive
animation files
app/images/perps-character.png - Static character image

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/39693?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: Added Perps tutorial modal with animated walkthrough
explaining perpetual futures trading

## **Related issues**

Fixes:

## **Manual testing steps**

Test Steps:
Open the Perps Tutorial Modal
Navigate to the Perps tab
Trigger the tutorial modal (e.g., via "Learn Perps" button)
Test First Step (What Are Perps)
Verify title and description are left-aligned
Verify character image displays correctly
Verify "Continue" and "Skip" buttons are visible
Test Animation Steps (Steps 2-6)
Click Continue to navigate through each step
Verify Rive animations play correctly
Verify animations are not cut off on any edge
Test All Three Viewport Modes:
a) Side Panel Mode (~320px width)
Verify animations display correctly without horizontal cutoff
b) Popup Mode (~360px width)
Verify animations scale appropriately
c) Fullscreen Mode
Verify animations are constrained and not oversized
Test Dark/Light Theme
Switch between dark and light themes
Verify correct animation file loads for each theme
Test Navigation
Verify "Skip" closes the modal
Verify "Continue" progresses to next step
Verify final step completes the tutorial

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->


https://github.com/user-attachments/assets/e66a33f0-d603-4136-a2a4-0eff0c573b58

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Adds new Redux state and a modal flow that depends on Rive WASM/asset
loading and environment-specific sizing; regressions would mainly affect
Perps UI onboarding and performance/memory if animation cleanup/loading
fails.
> 
> **Overview**
> Adds a new 6-step Perps tutorial modal (progress indicator +
static/animated visuals) and wires it into `PerpsHomePage` via the
“Learn basics” entry to open the flow.
> 
> Introduces a new `perpsTutorial` Redux slice (open/active
step/completed) with selectors and actions, updates root reducer/state
snapshots, and adds new i18n strings plus component tests (including
Rive animation loading/sizing across popup/sidepanel/fullscreen and
light/dark themes).
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
ff23a27. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
… large state failing to transfer on new chromium-based browsers (MetaMask#40101)

CHANGELOG entry: fixes issue for users with a lot of state on recent chromium-based browsers
release: sync stable to main for backport 13.16.4
metamaskbot and others added 30 commits February 26, 2026 10:57
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

Note: The validators have been taken from
MetaMask#38428 after
verifying that NetworkController hadn't evolved.

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

- For new HyperEVM MM users: Making sure that when HyperEVM is added for
the first time, it will use Infura RPC with a Quicknode failover
- For existing HyperEVM MM users: If they already have HyperEVM added as
a network, the migration script will scans through the various RPCs and
add Infura RPC as default one Infura is not already in the list. It will
also add the Quicknode RPC as failover.

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/39635?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: sets Infura RPC for HyperEVM with Quicknode failover

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/NEB-201

## **Manual testing steps**

Scenario 1: Already added HyperEVM network (migration test).
0. First use `main` branch (not this branch)
1. Find HyperEVM on chainlist: https://chainlist.org/?search=hyperevm
2. Add HyperEVM network 
3. Go to "edit the network" on MetaMask and observe default RPC
`rpc.hyperliquid.xyz/evm`.
4. Fetch **this** branch.
5. Compile and reload extension.
6. Go to "edit the network".
7. Observe Infura RPC with failover set as default. Old RPC remains as
secondary.

Scenario 2: HyperEVM network wasn't added before
0. First use **this** branch.
1. Find HyperEVM on chainlist: https://chainlist.org/?search=hyperevm
2. Add HyperEVM network
3. Go to "edit the network" on MetaMask and observe Infura RPC with
failover set as default and only RPC.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.



<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches network/RPC configuration and introduces a new migration that
mutates persisted `NetworkController` state, so mistakes could break
HyperEVM connectivity for existing users; changes are scoped and covered
by migration unit tests.
> 
> **Overview**
> HyperEVM is updated to use an Infura RPC URL by default and supports a
QuickNode failover URL sourced from a new `QUICKNODE_HYPEREVM_URL`
environment variable (wired through build config and CI/release
workflows).
> 
> A new state migration `197` updates existing user-added HyperEVM
network configs by adding the Infura endpoint (if missing), setting it
as default, and/or adding the QuickNode failover to any Infura endpoint;
e2e fixtures, console baselines, and new unit tests were updated
accordingly.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
878e94b. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
release: sync stable to main for version 13.20.0
…2.0.0 (MetaMask#40317)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

This PR upgrades:
- @metamask/gator-permissions-controller from ^1.1.2 to ^2.0.0
- @metamask/signature-controller from ^39.0.2 to ^39.0.3

The breaking changes in @metamask/gator-permissions-controller relate to
the controller state, specifically how granted permissions have been
stored. This PR minimises the amount of change required, by mapping the
shape of the new state objects to the same shape in the gator selectors.
These selectors will be refactored in a future PR.

There should be no changes to user experience or functionality.

Migration is being implemented here (really it's just deleting old state
keys) MetaMask#40381

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40317?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Fixes:

## **Manual testing steps**

Ensure that permission storage works as expected:

- Newly granted permissions should appear in Dapp Connections
- Permissions granted previously should appear in a newly installed
instance of extension (probably with some delay)
- The first time Dapp Connections page is loaded on a fresh install, a
spinner should be shown

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.



<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Upgrades a permissions/storage controller with breaking state shape
changes and updates the init path and UI hooks to match, which could
affect permissions visibility/loading if any edge cases were missed.
Changes are mostly type/shape and test/fixture updates, but touch core
background controller wiring.
> 
> **Overview**
> **Upgrades gator permissions controller to
`@metamask/gator-permissions-controller@^2.0.0` (plus a small
`@metamask/signature-controller` bump)** and updates the extension to
match the controller’s breaking state/config API.
> 
> `GatorPermissionsControllerInit` now builds a `config` object
(including `supportedPermissionTypes` from
`GATOR_ENABLED_PERMISSION_TYPES` and optional
`gatorPermissionsProviderSnapId`) and passes persisted state directly,
instead of merging a generated default state. Environment parsing is
tightened to return typed `SupportedPermissionType[]`.
> 
> UI components/hooks/tests are updated to the new controller types
(`PermissionInfoWithMetadata`) and new state shape
(`grantedPermissions`, `lastSyncedTimestamp`, etc.);
`useGatorPermissions` is simplified to a cache-present check based on
`grantedPermissions` and now only exposes `loading`. Test
fixtures/baselines and Lavamoat policies are adjusted accordingly.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
a85f4c6. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
…taMask#40435)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Changes are needed for default address UX after Product Review so this
PR puts the whole feature behind a feature flag for the time being.

## **Changelog**

CHANGELOG entry: Put Default Address feature behind feature flag

## **Related issues**

Fixes:

## **Manual testing steps**

1. Test that the default address elements shown on Home page, Settings
and Account List
[here](https://www.figma.com/design/IVt20ztP5OpMtBpIzGX0Q4/Adding-default-address-toggle-for-home-address-and-account-list?node-id=49-12685&m=dev)
are not visible
2. There should be no difference to what's in prod today basically

## **Screenshots/Recordings**

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> UI-only change that conditionally hides default-address elements
behind `remoteFeatureFlags.extensionUxDefaultAddress`; main risk is
unintended visibility/behavior changes when the flag toggles.
> 
> **Overview**
> Puts the *Default Address* UX behind the
`remoteFeatureFlags.extensionUxDefaultAddress` gate, so the settings
toggle/section, header rendering, and account-list default-address
display/popovers only appear when the flag is enabled.
> 
> Adds the `getIsDefaultAddressEnabled` selector, hides the
`showDefaultAddress` route from settings search, tweaks the
address-popover “View All” button styling based on whether the
default-address section is shown, and expands unit/e2e coverage for both
flag-on and flag-off states.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
73f7734. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…0437)

## **Description**

Remove legacy enforced simulations app state management and the settings
UI, in preparation for a new stateless approach.

- Delete `SimulationSettingsModal` component, stories, and tests
- Remove gear icon from simulation details header
- Remove enforced simulations state from `AppStateController`
(properties, defaults, metadata, methods)
- Remove related action bindings, selectors, types, sentry state
entries, and i18n keys
- Simplify hook and container to no longer read from app state

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40437?quickstart=1)

## **Changelog**

CHANGELOG entry: null

## **Related issues**

## **Manual testing steps**

## **Screenshots/Recordings**

### **Before**

### **After**

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I've included tests if applicable
- [x] I've documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I've applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Removes user/transaction-level toggles and slippage overrides, making
enforced simulations always use a fixed default when enabled via env
flag; this can change transaction calldata generation behavior and UX
but is contained to the confirmations/simulations flow.
> 
> **Overview**
> **Removes legacy “enforced simulations” configurability and UI.**
Deletes `SimulationSettingsModal` (component, stories, tests) and
removes the gear/settings entry point from `simulation-details`.
> 
> **Drops enforced-simulations state from `AppStateController` and
related plumbing.** Removes persisted state fields, controller setters,
background bindings, redux actions/selectors/types, Sentry debug-state
entries, fixtures/snapshots, and i18n strings.
> 
> **Simplifies enforcement logic to be stateless.**
`EnforceSimulationHook` no longer consults app state for enablement
(only `ENABLE_ENFORCED_SIMULATIONS`), and `enforced-simulations` no
longer reads slippage from app state, using a fixed `DEFAULT_SLIPPAGE =
10` and updating tests accordingly.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
4a7bd6e. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
## Version Bump After Release

This PR bumps the main branch version from 13.21.0 to 13.22.0 after
cutting the release branch.

### Why this is needed:
- **Nightly builds**: Each nightly build needs to be one minor version
ahead of the current release candidate
- **Version conflicts**: Prevents conflicts between nightlies and
release candidates
- **Platform alignment**: Maintains version alignment between MetaMask
mobile and extension
- **Update systems**: Ensures nightlies are accepted by app stores and
browser update systems

### What changed:
- Version bumped from `13.21.0` to `13.22.0`
- Platform: `extension`
- Files updated by `set-semvar-version.sh` script

### Next steps:
This PR should be **manually reviewed and merged by the release
manager** to maintain proper version flow.

### Related:
- Release version: 13.21.0
- Release branch: release/13.21.0
- Platform: extension
- Test mode: false

---
*This PR was automatically created by the
`create-platform-release-pr.sh` script.*

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk change that only updates the extension package version
string; no runtime logic is modified.
> 
> **Overview**
> Bumps the extension `package.json` version from `13.21.0` to `13.22.0`
to advance main after the release cut.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
cff027d. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

Co-authored-by: metamaskbot <metamaskbot@users.noreply.github.com>
…aMask#40233)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

initialize and use in assets controlle

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40233?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: initialize and use in assets controlle

## **Related issues**

Fixes:

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Moderate risk because it introduces a new controller into the
initialization pipeline, changes init ordering (before
`AssetsController`), and adds new messenger event dependencies that
could affect background/UI state synchronization.
> 
> **Overview**
> **Adds modular initialization for `@metamask/client-controller`.**
Introduces `ClientControllerInit` (with tests) and a dedicated
`getClientControllerMessenger`, and registers both in the controller
messenger/init registry and controller/state type unions.
> 
> **Wires UI-open state into the controller graph.**
`metamask-controller` now forwards `isClientOpen` changes via
`ClientController:setUiOpen`, and `AssetsController` messenger
permissions are expanded to subscribe to `ClientController:stateChange`
(with an explicit init-order dependency so `ClientController` starts
before `AssetsController`).
> 
> Updates dependencies and security policies (Lavamoat) to include
`@metamask/client-controller`, and refreshes E2E state snapshot
expectations to include `ClientController`/`isUiOpen`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
59756bb. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: salimtb <salim.toubal@consensys.net>
Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
Co-authored-by: Salim TOUBAL <salim.toubal@outlook.com>
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

Yarn audit issue with `minimatch` dependency. The fixes are only 2 days
old, so the minimum 3 day package setting has been temporarily disabled
in order to get the lockfile to update.

- ^3.0.0 to 3.1.4
- ^10.0.0 to 10.2.3

<img width="985" height="1169" alt="image"
src="https://github.com/user-attachments/assets/c0a6e854-16e1-414e-8752-43af6d42d943"
/>


[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40471?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Fixes:

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk lockfile/resolution-only change to update transitive
`minimatch` versions; primary risk is unexpected glob-matching behavior
changes in tooling that depends on `minimatch`.
> 
> **Overview**
> Resolves a `minimatch` security audit by pinning vulnerable transitive
`minimatch` ranges to patched releases via `package.json` `resolutions`.
> 
> Updates the lockfile accordingly, moving `minimatch` v3 consumers to
`3.1.4` and v10 consumers to `10.2.3`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
89ba787. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Replace Sentry logging with `console.warn` for "controller not found"
cases in migration 164.

Missing controllers are expected edge cases (e.g., fresh installs, old
states) and should not generate Sentry errors, aligning with the pattern
established in other migrations (e.g., 166, 180) where `console.warn` is
used for such scenarios.

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40405?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: fix: clean up spammy Migration 164 Sentry logging

## **Related issues**

Fixes: MetaMask#34588
https://consensyssoftware.atlassian.net/browse/ASSETS-2024

## **Manual testing steps**


## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

---
<p><a
href="https://cursor.com/agents/bc-8f0e0312-3f32-4a78-b7fa-41dd08173d45"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://cursor.com/assets/images/open-in-web-dark.png"><source
media="(prefers-color-scheme: light)"
srcset="https://cursor.com/assets/images/open-in-web-light.png"><img
alt="Open in Web" width="114" height="28"
src="https://cursor.com/assets/images/open-in-web-dark.png"></picture></a>&nbsp;<a
href="https://cursor.com/background-agent?bcId=bc-8f0e0312-3f32-4a78-b7fa-41dd08173d45"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://cursor.com/assets/images/open-in-cursor-dark.png"><source
media="(prefers-color-scheme: light)"
srcset="https://cursor.com/assets/images/open-in-cursor-light.png"><img
alt="Open in Cursor" width="131" height="28"
src="https://cursor.com/assets/images/open-in-cursor-dark.png"></picture></a>&nbsp;</p>


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: changes only error-reporting behavior in migration `164` for
expected “controller missing” states, with updated unit tests to assert
the new warnings.
> 
> **Overview**
> Migration `164` no longer reports to Sentry when
`PermissionController` or `NetworkController` is absent; it now emits a
`console.warn` and returns the state unchanged.
> 
> The `164` migration tests were updated to set up/tear down
`global.sentry` and to assert the expected `console.warn` messages for
these missing-controller cases (including the version-bump test).
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
dbc7605. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…Mask#40431)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

This PR does the following:
- introduces `waitForCategoryContent` method for mitigating flakiness on
network category switch
- removes incorrect flow `switchToEditRPCViaGlobalMenuNetworks`, as the
method already existed in the page object class
- updated `switchToNetworkFromNetworkSelect` to properly use correct
selectors (one selector from the assets page, was duplicated in the
network manager page, then that was used in the flow)

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40431?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry:

## **Related issues**

Fixes:

## **Manual testing steps**

1. Ci should continue to pass

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: changes are confined to E2E test flows/page objects and
should only affect test stability, not production behavior. Main risk is
updated selectors/waits could mask real UI regressions or introduce new
test flake if UI labels change.
> 
> **Overview**
> Refactors E2E network tests to open the networks dialog via
`HeaderNavbar.openGlobalNetworksMenu()` and removes the
redundant/incorrect `switchToEditRPCViaGlobalMenuNetworks` helper.
> 
> Updates the `switchToNetworkFromNetworkSelect` flow to open the
networks filter from `AssetListPage` (instead of the network manager
toggle), and adds `NetworkManager.waitForCategoryContent()` to wait for
tab-specific content after switching categories, reducing flakiness when
selecting networks.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
bc394d4. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
MetaMask#40433)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

This PR is one of many in to facilitate the migration to the new assets
controller state.

Everything is behind a feature flag, currently disabled, and should not
create any changes in the application.

This PR replaces all references to TokenBalancesController state with a
new selector that, depending on whether the feature flag is on or off,
returns the old state directly or a transformed representation of the
new state.

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40433?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/ASSETS-2680

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [X] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [X] I've completed the PR template to the best of my ability
- [X] I’ve included tests if applicable
- [X] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [X] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.



<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Mostly refactors reads of `metamask.tokenBalances` to a
feature-flagged selector that returns the legacy shape unchanged when
the new assets state is disabled. Main risk is limited to balance
display logic if the feature flag is enabled, since balances are
derived/converted from the new `assetsBalance` structure.
> 
> **Overview**
> Introduces `getTokenBalancesControllerTokenBalances`, a
feature-flagged assets-migration selector that either returns legacy
`tokenBalances` as-is or derives the legacy `TokenBalancesController`
shape from the new `assetsInfo`/`assetsBalance` state (including native
token address handling).
> 
> Updates consumers to use this selector instead of directly reading
`metamask.tokenBalances` (e.g., bridge asset selectors,
`getTokenBalances` export, asset selector state adapters, and storybook
confirmation mocks), and adds unit tests covering both flag-off and
flag-on behavior. Also tightens some selector/test typings and minor
test fixtures, plus a TODO noting `WalletFundsObtainedMonitor` doesn’t
yet consider the new assets state.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
e7c3fc3. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Improve the regex for typed data parsing.

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry:

## **Related issues**

Fixes: MetaMask/MetaMask-planning#7056

## **Manual testing steps**
NA

## **Screenshots/Recordings**
NA

## **Pre-merge author checklist**

- [X] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [X] I've completed the PR template to the best of my ability
- [X] I’ve included tests if applicable
- [X] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [X] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches typed-data parsing used for transaction/signature messaging; a
regex behavior change could alter what value is surfaced or stringified
for some payload shapes, though scope is narrow and covered by new
tests.
> 
> **Overview**
> Hardens `parseTypedDataMessage` large-number handling by tightening
the `message.value` extraction regex to **only match the top-level
`message.value` field**, avoiding accidental matches of nested/array
`value` fields (spoofing-style payloads).
> 
> Adds a focused test suite covering nested objects, deep nesting,
arrays, ordering, escaped quotes, and string vs numeric `message.value`
to ensure correct extraction and no precision loss for large values.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
6795a05. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
## **Description**

This PR removes the Activity Log section from the transaction details
modal

The Activity Log link in this modal has been broken for over a year and
is unmaintained.

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40380?quickstart=1)

## **Changelog**

CHANGELOG entry: chore: remove activity log from activity details

## **Related issues**

Fixes: MetaMask#40289

## **Manual testing steps**

1. Open the Activity list
2. Click on an item to open details
3. Verify there is no Activity Log link in the modal

## **Screenshots/Recordings**

### **Before**


### **After**


## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.



<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Primarily deletes an unused/broken UI feature and its translations;
risk is limited to potential missing string/route-state assumptions in
remaining transaction/bridge detail views.
> 
> **Overview**
> Removes the **Transaction Activity Log** feature from the transaction
details UI, including the disclosure section in
`TransactionListItemDetails` and the bridge transaction details page.
> 
> Deletes the entire `ui/components/app/transaction-activity-log`
component stack (UI, container, utilities, stories, tests, snapshots)
and strips related localization strings (e.g., `activityLog`,
`speedUpTransaction`, and per-event `transaction*` messages) across many
locales. Cleans up references in styling/imports, TS migration tracking,
Jest baselines, bridge navigation state, and updates transaction
breakdown logic to use `TransactionStatus.confirmed` instead of the
removed constant.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
8fe5ac0. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Adds a CI job that automatically detects feature flag references in PR
diffs and verifies they exist in the feature flag registry introduced in
MetaMask#39910.

- If a PR introduces a new feature flag that isn't registered, the job
fails and posts a comment on the PR explaining which flags are missing
and how to add them.
- If a PR removes the last reference to a registered flag, the job warns
in the PR comment, suggesting the flag be removed from the registry or
marked as deprecated.

This ensures every feature flag has a production default value in the
registry from the start, keeping E2E test mocks accurate, and helps
identify stale flags that can be cleaned up.

1. Scans changed files for feature flag access patterns in `app/,`
`ui/,` `shared/`, and `test/`
2. Compares detected flags against the feature flag registry
3. Fails the job and comments on the PR if unregistered flags are found,
with a table of missing flags and instructions for adding them
4. Warns in the PR comment if a flag's last codebase reference is being
removed, suggesting a registry cleanup


The script covers all feature flag access patterns currently used in the
codebase:

- Direct access: `remoteFeatureFlags.flagName`,
`remoteFeatureFlags?.flagName`
- Controller state:
`remoteFeatureFlagController.state.remoteFeatureFlags.flagName`
- Redux state: `state.metamask.remoteFeatureFlags.flagName`
- Selector chaining: `getRemoteFeatureFlags(state).flagName`
- Bracket access (string): `remoteFeatureFlags['flagName']`
- Bracket access (constants):
`remoteFeatureFlags[ASSETS_UNIFY_STATE_FLAG]`,
`remoteFeatureFlags[FeatureFlagNames.X]`
- Destructuring: `{ flagA } = getRemoteFeatureFlags(state)`
- Typed selector: `useSelector(getRemoteFeatureFlags) as { flagA }`
- Nested destructuring: `remoteFeatureFlags: { flagA }`

Files added:

`.github/scripts/check-feature-flag-registry.ts ` Detection script (runs
via yarn tsx)
`.github/scripts/known-feature-flag-constants.ts` Maps bracket-access
constants to their resolved flag names
`.github/workflows/check-feature-flag-registry.yml `GitHub Actions
workflow (triggers on PRs to main)

**NOTE**: Initial PR
MetaMask#40234 closed due to
incorrect reviewers added when testing

**Example PR comments**

**When a PR introduces an unregistered flag**:
> ## Feature Flag Registry Check
>
> This PR introduces feature flag references that are not yet registered
in the
> feature flag registry.
>
> ### Unregistered flags
>
> | Flag | Referenced in |
> | ---- | ------------ |
> | myNewFeatureFlag | ui/selectors/selectors.js |
>
> <details>
> <summary>How to fix</summary>
>
> Add an entry for each flag in
test/e2e/feature-flags/feature-flag-registry.ts:
>
>
> myNewFlag: {
>   name: 'myNewFlag',
>   type: FeatureFlagType.Remote,
>   inProd: false,
>   productionDefault: false,
>   status: FeatureFlagStatus.Active,
> },
>
>
> </details>

**When a PR removes the last reference to a registered flag**:
> ## Feature Flag Registry Check
>
> ### Possibly unused flags
>
> This PR removes the last codebase references to the following
registered flags.
> Consider removing them from the registry or marking them as
deprecated.
>
> - oldDeprecatedFlag

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40373?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Fixes:
[MMQA-1389](https://consensyssoftware.atlassian.net/browse/MMQA-1389?atlOrigin=eyJpIjoiNjUyZjFiNDE5ODM2NDUzYmE0ZDJmMTE4YTIxNjExN2QiLCJwIjoiaiJ9)

Depends on: MetaMask#39910

## **Manual testing steps**

1. Run locally: `yarn tsx .github/scripts/check-feature-flag-registry.ts
main`
2. Verify it reports 0 unregistered flags on a clean branch
3. Add a line like `remoteFeatureFlags.myTestFlag` to any source file
and commit it (the script uses git diff so uncommitted changes are not
detected)
4. Re-run the script and verify it detects `myTestFlag` as unregistered
and exits with code 1
5. Clean up: `git reset HEAD~1 && git checkout -- <modified-file>`

Example of how it looks in a PR when the job fails and comment is added:
Unik0rnMaggie#2

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [x] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [x] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


[MMQA-1389]:
https://consensyssoftware.atlassian.net/browse/MMQA-1389?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ




<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Adds a new required PR workflow and a non-trivial diff-parsing/regex
scanner that can create false positives/negatives and block merges if it
mis-detects flags or can’t resolve constants.
> 
> **Overview**
> Adds a new GitHub Actions workflow (`check-feature-flag-registry.yml`)
that runs on PRs to `main` and enforces that newly referenced remote
feature flags are present in the E2E feature flag registry.
> 
> Introduces a TypeScript scanner (`check-feature-flag-registry.ts`)
that diffs PR changes under `app/`, `ui/`, `shared/`, and `test/`,
extracts feature-flag references (dot access, bracket access,
selector/destructuring patterns), fails the job for unregistered flags,
and posts/updates (or deletes) a marker PR comment with remediation
steps; it also warns when removed references appear to orphan a
registered flag.
> 
> Adds `known-feature-flag-constants.ts` to resolve bracket-access
constants (via `FeatureFlagNames` imports and lightweight source parsing
for selected exported constants), and forces an explicit mapping update
when a static constant can’t be resolved.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
845f67e. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…40215)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**
Migrate withTransactionControllerApprovedTransaction and
withTransactionControllerCompletedAndIncomingTransaction

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40215?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Fixes:
https://consensyssoftware.atlassian.net/browse/MMQA-1479

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk because changes are confined to E2E test fixtures and test
setup; main risk is brittle/invalid transaction fixture data causing
flaky activity-list tests.
> 
> **Overview**
> Adds `LOCALHOST_NETWORK_CLIENT_ID` and expands E2E `FixtureBuilderV2`
with a generic `withTransactionController` merge helper plus canned
transaction fixtures for *approved*, *confirmed*, and *incoming*
transactions (including correct `chainId`/`networkClientId`).
> 
> Migrates the `clear-activity` and `stuck-approved-transaction` E2E
specs from the legacy `FixtureBuilder` to `FixtureBuilderV2` so they
boot with the new transaction fixtures and assert activity list
behavior.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
9800938. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
## **Description**

The redux state we are picking might not exist if accessed before state
gets rehydrated.

Added a default state to enabled networks, and also a null guard for
where we initially select from this state

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40402?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: fix: add enable networks null guards

## **Related issues**

Fixes: MetaMask#35232
https://consensyssoftware.atlassian.net/browse/ASSETS-2021

## **Manual testing steps**

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

---
<p><a
href="https://cursor.com/agents/bc-b208b3d7-fc4f-4cb8-a9bb-c53f4a663c60"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://cursor.com/assets/images/open-in-web-dark.png"><source
media="(prefers-color-scheme: light)"
srcset="https://cursor.com/assets/images/open-in-web-light.png"><img
alt="Open in Web" width="114" height="28"
src="https://cursor.com/assets/images/open-in-web-dark.png"></picture></a>&nbsp;<a
href="https://cursor.com/background-agent?bcId=bc-b208b3d7-fc4f-4cb8-a9bb-c53f4a663c60"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://cursor.com/assets/images/open-in-cursor-dark.png"><source
media="(prefers-color-scheme: light)"
srcset="https://cursor.com/assets/images/open-in-cursor-light.png"><img
alt="Open in Cursor" width="131" height="28"
src="https://cursor.com/assets/images/open-in-cursor-dark.png"></picture></a>&nbsp;</p>



<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: small selector hardening to avoid crashes when
`enabledNetworkMap` or its `eip155` entry is undefined; behavior only
changes in uninitialized/rehydration edge cases.
> 
> **Overview**
> Prevents selector crashes when Redux state hasn’t rehydrated by
defaulting `getEnabledNetworks` to an empty map and guarding
`selectAllEnabledNetworkClientIds` against a missing `eip155` namespace
entry.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
499a629. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
## **Description**
Add a non-blocking Bugbot rule and update documentation to encourage the
use of `FixtureBuilderV2` in E2E tests.

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40414?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry:

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/MMQA-1462

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [x] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk documentation-only change that affects developer tooling
guidance, not runtime code. Main risk is false-positive/negative lint
guidance if the supported-method list or regex triggers are incomplete.
> 
> **Overview**
> Adds a new non-blocking BUGBOT deprecated-pattern rule to flag newly
introduced legacy `FixtureBuilder` usage in E2E specs when the chained
methods are compatible with `FixtureBuilderV2`, including regex
triggers, a supported-method allowlist, and a standard reviewer message.
> 
> Updates E2E guidelines and CODEBOT checklists/examples to explicitly
prefer `FixtureBuilderV2` (and reserve legacy `FixtureBuilder` for
unsupported methods), including swapping example `withFixtures` setup to
`new FixtureBuilderV2().build()` and updating the quick-reference
violation text.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
e76c166. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: jvbriones <jvbriones@users.noreply.github.com>
## **Description**
This PR adds source map validation suitable for webpack builds.

Original idea is taken from the [previous
implementation](https://github.com/MetaMask/metamask-extension/blob/main/development/sourcemap-validator.js#L1)
used for browserify builds.

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40025?quickstart=1)

## **Changelog**
<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**
Fixes: https://github.com/MetaMask/MetaMask-planning/issues/6363

## **Manual testing steps**
1. Build MetaMask with `yarn webpack` or `yarn webpack
--targetEnvironment production`.
2. Execute following command in terminal: `yarn
validate-source-maps:webpack`.
3. Observe result. All source maps should be valid and there should be
no errors in console.
4. Go to some of the source files and make some changes (add few new
lines).
5. Run command for validation again: `yarn
validate-source-maps:webpack`.
6. Observe result. There should be errors printed out in the terminal
telling more about wrong source map.

## **Screenshots/Recordings**

### **Before**
Source map validation for webpack was not available before. Nothing to
show here.

### **After**

#### Valid source maps example
<img width="794" height="871" alt="Screenshot 2026-02-18 at 15 07 54"
src="https://github.com/user-attachments/assets/934086af-b278-497d-b09a-2daa12ac3210"
/>
<img width="794" height="400" alt="Screenshot 2026-02-18 at 15 08 29"
src="https://github.com/user-attachments/assets/bd02a294-8427-4c41-bbd6-aa16c62c6a40"
/>

#### Invalid source maps example
<img width="1337" height="917" alt="Screenshot 2026-02-18 at 15 46 17"
src="https://github.com/user-attachments/assets/4488cf5a-c96f-48d5-9ce5-b4fbf00069a1"
/>

## **Pre-merge author checklist**
- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**
- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Adds a new CI step that can fail builds based on webpack sourcemap
correctness; risk is mainly around potential false positives/negatives
affecting build reliability rather than runtime behavior.
> 
> **Overview**
> Adds a dedicated webpack sourcemap validator (`yarn
validate-source-maps:webpack`) that scans `dist/chrome` for `.js`+`.map`
pairs and verifies mappings for `new Error` callsites (with
comment-block skipping and clearer code-frame error output).
> 
> Wires this into CI by extending `run-build.yml` with an optional
`validate-source-maps-webpack` input/step, and includes a comprehensive
`node:test` suite plus fixtures for validator edge cases; updates
deps/lockfile for `@types/babel__code-frame`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
7c31f1c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…ance` and `Check balance Just created Solana account shows 0 USD when native token is not enabled` (MetaMask#40488)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

We try to switch to Solana, but nothing happens as the solana account is
not yet loaded (see network icons on top left, how Solana is not there
yet). Then, trying to switch takes no effect.

<img width="1050" height="812" alt="image"
src="https://github.com/user-attachments/assets/c23bfc37-4d5b-4baf-abef-1969ee4f224c"
/>


[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40488?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry:

## **Related issues**

Fixes:

## **Manual testing steps**

1. Check ci

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: test-only changes that add an explicit readiness wait and
adjust login balance assertions to reduce Solana e2e flakiness.
> 
> **Overview**
> Reduces Solana e2e test flakiness by waiting for non-EVM accounts to
finish loading before attempting a network switch.
> 
> Adds `HomePage.waitForNonEvmAccountsLoaded()` (waits for
Solana/Bitcoin account icons), and updates Solana balance tests to call
it after login; tests that previously used
`loginWithoutBalanceValidation` now use `loginWithBalanceValidation`
with an explicit `$0.00` expectation when native token display is
disabled.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
4b3a3e5. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
MetaMask#40442)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->
When a deeplink (signed or unsigned) comes from metamask.io, the
interstitial won't open and instead the user will open the metamask
extension target directly.

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40442?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry:

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/GE-126

## **Manual testing steps**

1. Visit a MetaMask app, such as app
2. Open the console
3. Enter
`open('https://link.metamask.io/swap?amount=10000000&from=eip155%3A59144%2Ferc20%3A0x176211869cA2b568f2A7D4EE941E073a821EE1ff&to=eip155%3A59144%2Ferc20%3A0xA219439258ca9da29E9Cc4cE5596924745e12B93')`to
open a deeplink from that page
4. No interstitial should be shown
5. Repeat steps 2 to 4 from a non-MetaMask website, the interstitial
should show up

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Changes deep link navigation security/UX by allowing unsigned links to
bypass the interstitial when initiated from trusted MetaMask domains;
mistakes in origin detection could unintentionally reduce protection for
other sources.
> 
> **Overview**
> Deep link routing now detects the initiating page origin (`initiator`
on Chrome, `originUrl` on Firefox) and **skips the interstitial** when
the request comes from trusted MetaMask domains derived from `BaseUrl`
(e.g. `metamask.io`, `app.metamask.io`), regardless of signature status.
> 
> Adds `DeepLinkRouter.resolveRequestOrigin` and updates
`canSkipInterstitial` logic accordingly, with new unit tests covering
trusted vs untrusted origins and cross-browser origin resolution.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
ef166e4. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

`/trending` deeplink is implemented on mobile but leads to a 404 on
extension.
This PR adda it on extension and redirects to the home page.

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40450?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry:

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/GE-132

## **Manual testing steps**

1. Go to 
2. Open the console with F12
3. Type `open("https://link.metamask.io/trending")` in the console
4. It should open the home page

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: adds a single new deep-link route that maps `/trending` to
the existing default/home destination, with no data handling or auth
changes.
> 
> **Overview**
> Adds a new deep-link route, `/trending`, and registers it in the
deep-link route map.
> 
> The new route mirrors the home deep link title and resolves by
redirecting to `DEFAULT_ROUTE` with no query params, preventing
`/trending` from 404ing in the extension.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
bc59566. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…meoutError: Waiting for element to be located By(xpath, //h3[contains(text(), "Add to MetaMask")` error (MetaMask#40489)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40489?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry:

## **Related issues**

Fixes:

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk because changes are limited to E2E test page objects/flows
and only add additional wait conditions to reduce flakiness.
> 
> **Overview**
> Reduces flakiness in the test snap install E2E flow by explicitly
waiting for the Test Snaps page to finish loading before clicking the
install button.
> 
> Updates `SnapInstall.clickConnectButton()` to first wait for the
`Connection request` header, ensuring the dialog is on the expected step
before clicking `Connect` (avoiding timeouts waiting for the subsequent
`Add to MetaMask` screen).
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
a9c1cac. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…es controllers state (MetaMask#40441)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

This PR is one of many in to facilitate the migration to the new assets
controller state.

Everything is behind a feature flag, currently disabled, and should not
create any changes in the application.

This PR replaces all references to MultiChainBalancesController and
MultiChainTokensController states with a new selector that, depending on
whether the feature flag is on or off, returns the old state directly or
a transformed representation of the new state.

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40441?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/ASSETS-2680

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches widely used asset/balance selectors and rewires UI callers;
while behavior is unchanged when the feature flag is off, enabling it
switches to derived multichain state and could affect non-EVM asset
visibility/metadata if mappings are incomplete.
> 
> **Overview**
> Adds feature-flagged migration selectors that expose
`MultichainAssetsController` (`accountsAssets`, `assetsMetadata`,
`allIgnoredAssets`) and `MultichainBalancesController` (`balances`)
either by returning legacy state directly or by deriving a compatible
view from the new unified `AssetsController` state (filtered to non-EVM
/ non-`eip155` assets).
> 
> Updates UI consumers (notably `ui/selectors/assets.ts`,
`ui/selectors/multichain.ts`, and token import
`token-list.container.js`) to use these selectors instead of reading
multichain state fields directly, and adds unit tests covering both
flag-off passthrough and flag-on derivation.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
806d188. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…mes (MetaMask#40447)

## **Description**

This PR simplifies Storybook stories for deprecated components by
removing all story variants except the Default story and adding clear
deprecation labels. This slightly improves CI build times by reducing
the number of stories that need to be built and tested for components
that are no longer actively maintained.

**What is the reason for the change?**
- Deprecated components in `ui/components/ui/` and `ui/components/app/`
had multiple story variants that increased Storybook build times
- These components are marked as deprecated but weren't following the
same pattern as deprecated components in `component-library/`
- Users weren't getting clear visual indicators that these components
are deprecated

**What is the improvement/solution?**
- Added "(deprecated)" suffix to all deprecated component story titles
for clear visibility
- Removed all story variants except the Default story (removed 39 total
stories across 11 components)
- Added deprecation notices in Storybook documentation
- Added 'autodocs' tag for automatic documentation generation
- Made the pattern consistent with deprecated `component-library/`
components

## **Changelog**

CHANGELOG entry: null

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/DSYS-370

## **Manual testing steps**

1. Run `yarn storybook` to start Storybook locally
2. Search for "(deprecated)" in the component list
3. Verify all 11 deprecated components show:
   - "(deprecated)" suffix in their title
   - Only a "Default" story
   - Deprecation notice in the docs panel
4. Run `yarn test-storybook:ci` to verify all tests pass

**Components Updated:**
- ui/components/ui/actionable-message
- ui/components/ui/callout
- ui/components/ui/chip
- ui/components/ui/form-field
- ui/components/ui/icon-border
- ui/components/ui/menu
- ui/components/ui/site-origin
- ui/components/ui/textarea
- ui/components/ui/typography
- ui/components/ui/url-icon
- ui/components/app/wallet-overview/coin-buttons

## **Screenshots/Recordings**

### **After**
- Deprecated components have only Default story
- Clear "(deprecated)" suffix in all titles
- Faster Storybook CI build times
- Consistent with component-library deprecated components

<img width="1280" height="1024" alt="ActionableMessage"
src="https://github.com/user-attachments/assets/0b5d3beb-c2e3-4e19-8d78-fc40cb7d98b5"
/>
<img width="1280" height="1024" alt="Callout"
src="https://github.com/user-attachments/assets/fc68fe49-7960-4ea2-a8ae-fd017288a50d"
/>
<img width="1280" height="1024" alt="Chip"
src="https://github.com/user-attachments/assets/287db233-9bcc-4b89-a565-594a7e1e84fe"
/>
<img width="1280" height="1024" alt="FormField"
src="https://github.com/user-attachments/assets/225e4d7c-c1ac-4855-b35b-97c9bcd8f7f5"
/>
<img width="1280" height="1024" alt="IconBorder"
src="https://github.com/user-attachments/assets/0293de5e-a59a-48f6-872f-7c2961456426"
/>
<img width="1280" height="1024" alt="Menu"
src="https://github.com/user-attachments/assets/f69a6cc9-cf4b-46eb-9c18-e50fdb381f15"
/>
<img width="1280" height="1024" alt="SiteOrigin"
src="https://github.com/user-attachments/assets/d5be4a5d-dbba-474e-b6c5-11369ed8536a"
/>
<img width="1280" height="1024" alt="Textarea"
src="https://github.com/user-attachments/assets/232f970a-e078-4a83-8469-52417f549f66"
/>
<img width="1280" height="1024" alt="Typography"
src="https://github.com/user-attachments/assets/7806939a-3251-460e-991b-7691ef9cb691"
/>
<img width="1280" height="1024" alt="UrlIcon"
src="https://github.com/user-attachments/assets/63fed5ea-a04f-4d66-ae3b-a2123a06a743"
/>


## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I've included tests if applicable (Storybook tests validated via
`yarn test-storybook:ci`)
- [x] I've documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I've applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Storybook-only changes that rename deprecated stories, add docs
deprecation notices, and remove extra story variants; no runtime
component logic is affected aside from a comment tweak in
`site-origin.js`.
> 
> **Overview**
> Simplifies Storybook stories for several deprecated UI components by
renaming story titles to include **`(deprecated)`**, adding
`parameters.docs.description` deprecation notices, and pruning all
non-default story variants to reduce build/test overhead.
> 
> Also updates the `@deprecated` JSDoc text in `site-origin.js` to point
to the newer component-library `Tag`/`TagUrl` replacements.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
24def72. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…g minimatch-related deps (MetaMask#40315)

## **Description**

This PR fixes dependency audit vulnerabilities and keeps the fixes
durable in dependency resolution.

What changed:
- Added/updated Yarn `resolutions` to enforce patched versions for
vulnerable paths:
  - `minimatch@npm:^10.1.1` -> `10.2.1`
  - `bn.js` -> `5.2.3`
  - `ajv` v6 path -> `6.14.0`
  - `ajv` v8 paths -> `8.18.0`
- Updated root `eslint-plugin-n` to `^17.24.0`.
- Added ESLint compatibility overrides (`.eslintrc.base.js`,
`.eslintrc.node.js`) to preserve existing lint behavior after the
`eslint-plugin-n` upgrade.
- Removed stale Yarn `npmAuditIgnoreAdvisories` entries for advisories
now resolved in this branch:
  - `1113214` (ajv)
  - `1113296` (minimatch).

Why:
- CI/dependency audit reported vulnerable transitive dependency paths
that need explicit, durable pinning.
- Upgrading `eslint-plugin-n` was required to eliminate one flagged
vulnerable path, and the ESLint overrides were needed to keep lint
checks passing with existing browser/runtime code patterns.

## **Changelog**

CHANGELOG entry: null

<!--
## **Related issues**

Fixes:
-->

<!--
## **Screenshots/Recordings**

### **Before**

[screenshots/recordings]

### **After**

[screenshots/recordings]
-->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

[skip-e2e]

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches dependency resolution and LavaMoat policies plus tweaks ESLint
rules; main risk is CI/build/lint breakage due to changed transitive
deps and updated allowlists, but no runtime product logic changes.
> 
> **Overview**
> Updates dependency pinning to address audit findings: bumps
`minimatch` (via `resolutions`) and `bn.js`, and upgrades
`eslint-plugin-n` to `^17.24.0` with updated `yarn.lock` entries.
> 
> Adjusts ESLint configuration for the `eslint-plugin-n` v17 rule
changes (rename `n/shebang` -> `n/hashbang`, disables `n/hashbang`, and
adds `n/no-unsupported-features/node-builtins` ignores for browser
globals), and updates related test helper lint disables.
> 
> Refreshes LavaMoat policies/overrides to match the new dependency
graph (new/renamed policy nodes and additional allowed
builtins/packages, including `webpack`/`tsx`/`copy-webpack-plugin`
related entries), and removes an obsolete `npmAuditIgnoreAdvisories`
entry while temporarily preapproving `minimatch` for the minimal-age
gate.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
02e3238. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
…etaMask#40486)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

1. Add await before `userEvent.click()` in `interactWithCustomInput`
helper
2. Remove the redundant `userEvent.click()` call before `submitUpdate()`

For 1:
Without await, the click operation may not complete before the test
proceeds to waitForElementById, causing a race condition where the
custom input element hasn't appeared yet.

For 2:
The test clicks the submit button twice in succession:
 * First via `userEvent.click(getByTestId(TX_MODAL.submitButton))`
* Then via `submitUpdate(getByTestId)` which also clicks the submit
button
* The first click dispatches the action and closes the modal
(`onClose()`), so the second click fails because the button no longer
exists in the DOM.

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: fix: await click & remove duplicate call in transaction
modal test

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: test-only changes that reduce flakiness by awaiting async
user interactions and preventing a double-click on the submit button.
> 
> **Overview**
> Stabilizes `BridgeTransactionSettingsModal` tests by **awaiting** the
`userEvent.click()` on the Custom slippage option to avoid timing races
before the input renders.
> 
> Removes a redundant explicit submit click in the valid-input
parameterized tests, relying solely on `submitUpdate()` to perform the
submission and modal close.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
523037f. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…etaMask#40466)

## **Description**

This PR upgrades MetaMask design system packages to include the latest
color updates, specifically targeting the neutral grey palette
improvements introduced in [v22.0.0 - Neutral grey palette
updates](https://github.com/MetaMask/metamask-design-system/releases/tag/v22.0.0)

**What is the reason for the change?**
The design system released important color refinements for the neutral
grey palette (grey050-grey1000) to ensure consistent elevations and
improved hue consistency across muted shades. These updates align border
and overlay colors with theme-appropriate values.

**What is the improvement/solution?**
Upgraded the following packages:
- `@metamask/design-tokens`: ^8.1.1 → ^8.2.1
- `@metamask/design-system-react`: ^0.8.0 → ^0.9.0

Key improvements include:
- Updated neutral grey palette for consistent elevations
- Refined neutral color values with improved hue consistency
- Aligned border and overlay colors with theme-appropriate values

## **Changelog**

CHANGELOG entry: null

## **Related issues**

Fixes: N/A

## **Manual testing steps**

1. Review the updated color values in the codebase
2. Check for any visual regressions in components using neutral colors
3. Verify border and overlay colors appear correctly in different themes

## **Screenshots/Recordings**

### **Before**

Design tokens at v8.1.1 with older neutral grey palette.


https://github.com/user-attachments/assets/3c1efe03-d856-46d7-aec9-da3c01de91a0

### **After**

Design tokens at v8.2.1 with refined neutral grey palette and typography
updates.


https://github.com/user-attachments/assets/d8ed208b-dd99-45be-b595-929e07e819ca

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I've included tests if applicable
- [x] I've documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I've applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [x] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [x] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.