Merge branch 'main' into MMQA-1367-serve-test-snaps-locally

Author: chrisleewilcox

.ai-pr-analyzer/config.yaml

@@ -0,0 +1,145 @@
+repo: MetaMask/metamask-mobile
+
+critical:
+  files:
+    - package.json
+    - yarn.lock
+    - babel.config.js
+    - tsconfig.json
+    - metro.config.js
+    - metro.transform.js
+    - react-native.config.js
+    - index.js
+    - app.config.js
+    - shim.js
+    - jest.config.js
+    - tailwind.config.js
+    - ios/Podfile
+    - ios/Podfile.lock
+    - ios/Gemfile
+    - android/build.gradle
+    - android/settings.gradle
+    - android/gradle.properties
+    - android/app/build.gradle
+    - bitrise.yml
+    - builds.yml
+    - .github/workflows/ci.yml
+    - .github/workflows/build.yml
+
+  keywords:
+    - Controller
+    - Keyring
+    - SecureKeychain
+    - Permission
+    - Middleware
+    - Migration
+    - Engine
+    - DeeplinkManager
+    - SDKConnect
+    - WalletConnect
+    - BackgroundBridge
+    - Transaction
+    - Vault
+    - Encryptor
+    - Authentication
+    - NativeModule
+    - NavigationService
+    - SnapKeyring
+    - RPCMethods
+    - LockManager
+
+  paths:
+    # Security and authentication
+    - app/core/SecureKeychain.ts
+    - app/core/Vault.ts
+    - app/core/Encryptor/
+    - app/core/Authentication/
+    - app/core/Permissions/
+    - app/core/BackupVault/
+
+    # Core engine and controllers
+    - app/core/Engine/
+    - app/core/EngineService/
+    - app/controllers/
+
+    # Keyring and accounts
+    - app/core/SnapKeyring/
+    - app/core/QrKeyring/
+    - app/core/HardwareWallet/
+    - app/core/HardwareWallets/
+    - app/core/Ledger/
+
+    # Transactions and signing
+    - app/core/Transaction/
+    - app/core/RPCMethods/
+    - app/core/SanitizationMiddleware.ts
+
+    # Deep linking and external connections
+    - app/core/DeeplinkManager/
+    - app/core/SDKConnect/
+    - app/core/SDKConnectV2/
+    - app/core/WalletConnect/
+    - app/core/BackgroundBridge/
+
+    # Snaps
+    - app/core/Snaps/
+    - app/lib/snaps/
+
+    # Native modules and platform bridges
+    - app/core/NativeModules.ts
+    - app/core/MobilePortStream.js
+    - ios/MetaMask/
+    - android/app/
+
+    # Navigation
+    - app/core/NavigationService/
+    - app/components/Nav/
+
+    # State management
+    - app/store/
+    - app/reducers/
+    - app/selectors/
+    - app/actions/
+    - app/core/redux/
+
+    # Build and CI
+    - scripts/
+    - patches/
+    - .github/workflows/
+    - android/keystores/
+
+    # PPOM and security scanning
+    - ppom/
+    - app/lib/ppom/
+    - app/lib/address-scanning/
+
+    # Multichain
+    - app/core/Multichain/
+    - app/multichain-accounts/
+    - app/multichain-bitcoin/
+    - app/multichain-tron/
+
+searchDirs:
+  - app/
+  - ios/
+  - android/
+  - scripts/
+  - patches/
+  - e2e/
+  - locales/
+  - .github/
+
+models:
+  default: azure/grok-4-fast-reasoning
+  escalation: anthropic/claude-sonnet-4-6
+  escalationThreshold: 2
+
+  escalationPatterns:                                                                                                                                                                         
+    - 'confirm|transaction|swap|bridge|send'                                                                                                                                                
+    - 'predict|perp|trade|stake|exchange'
+    - 'keyring|vault|seed|mnemonic|private.?key'                                                                                                                                              
+    - 'auth|permission|access.?control|role'
+
+
+modes:
+  - pr-risk-analysis

.ai-pr-analyzer/modes/pr-risk-analysis/hard-rules.json

@@ -0,0 +1,15 @@
+[
+  {
+    "name": "controller-version-bump",
+    "description": "MetaMask controller package version changed",
+    "trigger": {
+      "file": "package.json",
+      "diffPattern": "@metamask/.*-controller"
+    },
+    "result": {
+      "merge_safe": false,
+      "risk_level": "high",
+      "summary": "- One or more @metamask/*-controller package versions were changed — controller upgrades can alter core behavior."
+    }
+  }
+]

.github/actionlint.yaml

@@ -15,9 +15,6 @@ self-hosted-runner:
     - "ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-lg"
     - "ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-xl"
     - "low-priority"
-    - "bitrise_pool_name:DemoFA"
-    - "bitrise_pool_name:DemoFAXL"
-    - "bitrise_pool_name:DemoFAL"
 
 # Configuration variables in array of strings defined in your repository or
 # organization. `null` means disabling configuration variables check.

.github/actions/smart-e2e-selection/action.yml

@@ -45,9 +45,6 @@ outputs:
   ai_confidence:
     description: 'AI confidence score (0-100)'
     value: ${{ steps.final-outputs.outputs.ai_confidence }}
-  ai_risk_level:
-    description: 'Risk level of the PR (low, medium, high) — indicates testing need and bug introduction likelihood'
-    value: ${{ steps.final-outputs.outputs.ai_risk_level }}
   ai_performance_test_tags:
     description: 'Performance test tags to run (JSON array format, empty [] means no performance tests)'
     value: ${{ steps.final-outputs.outputs.ai_performance_test_tags }}
@@ -218,16 +215,6 @@ runs:
         else
           echo "force_run=false" >> "$GITHUB_OUTPUT"
         fi
-        # Risk level: force_run → always high; otherwise use AI output
-        AI_RISK='${{ steps.ai-analysis.outputs.ai_risk_level }}'
-        if [[ "$FORCE_RUN" == "true" ]]; then
-          echo "ai_risk_level=high" >> "$GITHUB_OUTPUT"
-        elif [[ -n "$AI_RISK" ]]; then
-          echo "ai_risk_level=$AI_RISK" >> "$GITHUB_OUTPUT"
-        else
-          echo "ai_risk_level=" >> "$GITHUB_OUTPUT"
-        fi
-
     - name: Display AI Analysis Outputs
       if: always()
       shell: bash
@@ -236,7 +223,6 @@ runs:
         echo "================================"
         echo "ai_e2e_test_tags: ${{ steps.final-outputs.outputs.ai_e2e_test_tags }}"
         echo "ai_confidence: ${{ steps.final-outputs.outputs.ai_confidence }}"
-        echo "ai_risk_level: ${{ steps.final-outputs.outputs.ai_risk_level }}"
         echo "ai_performance_test_tags: ${{ steps.final-outputs.outputs.ai_performance_test_tags }}"
         echo "force_run: ${{ steps.final-outputs.outputs.force_run }}"
         echo "================================"
@@ -271,16 +257,6 @@ runs:
           echo "📝 No Smart E2E selection comments found"
         fi
 
-    - name: Apply risk label to PR
-      if: inputs.pr-number != '' && inputs.github-token != '' && inputs.is-draft != 'true' && (inputs.base-ref == 'main' || startsWith(inputs.base-ref, 'release/'))
-      shell: bash
-      env:
-        GH_TOKEN: ${{ inputs.github-token }}
-        GITHUB_REPOSITORY: ${{ inputs.repository }}
-        PR_NUMBER: ${{ inputs.pr-number }}
-        RISK_LEVEL: ${{ steps.final-outputs.outputs.ai_risk_level }}
-      run: node .github/scripts/e2e-risk-label.mjs
-
     - name: Create PR comment
       if: inputs.post-comment == 'true' && inputs.pr-number != '' && inputs.github-token != ''
       shell: bash

.github/scripts/e2e-risk-label.mjs

@@ -63,10 +63,9 @@ function generatePRComment(summaryContent) {
 }
 
 function setGitHubOutputs(analysis) {
-  const { tags, confidence, riskLevel, performanceTests } = analysis;
+  const { tags, confidence, performanceTests } = analysis;
   setGithubOutputs('ai_e2e_test_tags', tags);
   setGithubOutputs('ai_confidence', confidence);
-  setGithubOutputs('ai_risk_level', riskLevel);
   // Performance test tags (empty array means no performance tests needed)
   setGithubOutputs('ai_performance_test_tags', JSON.stringify(performanceTests.selectedTags));
 }

.github/scripts/e2e-smart-selection.mjs

@@ -0,0 +1,51 @@
+name: AI PR risk analysis
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+
+concurrency:
+  group: ai-pr-risk-analysis-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  analyze:
+    name: Analyze
+    if: >-
+      github.event_name == 'pull_request'
+      && !(github.event.pull_request.head.repo.fork || github.event.repository.fork)
+      && github.event.pull_request.draft == false
+      && (github.event.pull_request.base.ref == 'main' || startsWith(github.event.pull_request.base.ref, 'release/'))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      # https://github.com/MetaMask/ai-analyzer/releases
+      - name: Checkout AI Analyzer
+        uses: actions/checkout@v4
+        with:
+          repository: MetaMask/ai-analyzer
+          ref: v1
+          path: .ai-analyzer-action
+          token: ${{ secrets.AI_ANALYZER_TOKEN || secrets.GITHUB_TOKEN }}
+
+      - name: Run AI PR Analysis
+        uses: ./.ai-analyzer-action
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          mode: pr-risk-analysis
+          add-comment: true
+          add-label: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          litellm-api-key: ${{ secrets.LITELLM_API_KEY }}