refactor(card): B1 foundation – race-safe tx confirmation + Money Account delegation (#30000)

<!--
Please submit this PR as a draft initially.

Do not mark it as "Ready for review" until this PR meets the canonical
Definition of Ready For Review in `docs/readme/ready-for-review.md`.

In short: the template must be materially complete (not just section
titles
present), all status checks must be currently passing, and the only
expected
follow-up commits must be reviewer-driven.
-->

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

This is the **B1 foundation** branch of the Money Account ↔ Card linkage
stack. It establishes clean controller and utility infrastructure that
the subsequent hook/UX branches (B2, B3) will build on.

### Why

The existing `useCardDelegation` hook contained two structural problems:

1. **Race condition** – the EVM approval flow subscribed to
`TransactionController:transactionConfirmed` _after_ calling
`addTransaction`. A fast-confirming transaction would fire the event
before the subscription was registered, silently leaving the delegation
incomplete.
2. **Inline SIWE message formatting** – the hook built the
Sign-In-With-Ethereum message itself, duplicating provider-specific
logic (EVM vs Solana wording, chain-ID mapping, expiration rules) that
lives in the Baanx provider.

Additionally, `CardController` had no way to orchestrate the full Money
Account delegation flow (SIWE sign + background ERC-20 approval +
`approveFunding` callback) without pushing that logic into a UI hook.

### What

| Layer | Change |
|---|---|
| **`awaitTransactionConfirmed` util** | New utility that subscribes to
`TransactionController:transactionConfirmed` **before** submitting the
transaction, stashes events that arrive while waiting for the tx ID,
then replays them once the ID is known. Handles timeout (5 min default)
and graceful unsubscription. |
| **`moneyAccountCardToken` util** | New utility to resolve the Monad
USDC `CardFundingToken` out of the provider's delegation-settings
response; drives `linkMoneyAccountCard` without touching the UI layer. |
| **Messenger delegation** |
`TransactionController:transactionConfirmed` is now delegated to
`CardControllerMessenger` so `CardController` can subscribe natively
without reaching through the root messenger. |
| **`ICardProvider.generateCardDelegationSignatureMessage`** | New
optional method on the provider interface; implemented in
`BaanxProvider` with correct EVM (includes `Expiration Time`) and Solana
(omits it, uses Solana wording) variants. |
| **`CardController.generateCardDelegationSignatureMessage`** | Thin
public wrapper that forwards to the active provider — the single source
of SIWE message truth accessible to both the controller and UI hooks. |
| **`CardController.linkMoneyAccountCard`** | New controller method that
orchestrates the full background MA linkage: validates input → resolves
token → fetches delegation challenge → signs SIWE message via
`KeyringController` → submits ERC-20 approval with `requireApproval:
false` using `awaitTransactionConfirmed` → calls
`provider.approveFunding`. |
| **`useCardDelegation` (EVM path)** | Replaces the
`subscribeOnceIf`-after-`addTransaction` pattern with
`awaitTransactionConfirmed`, eliminating the race condition. SIWE
message generation now delegates to
`CardController.generateCardDelegationSignatureMessage`. |

All changes are covered by unit tests (190 passing).

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

<!--
Link a real GitHub or Jira issue using `Fixes:`, `Closes:`, or `Refs:`.
If no issue exists, write an explicit one-line rationale.
-->

No issue: internal refactor foundation for the Money Account ↔ Card
linkage stack (B1 of a three-branch stack).

## **Manual testing steps**

<!--
This branch contains no user-visible behaviour changes (no new UI, no
flag changes). All observable paths are covered by unit tests.
-->

N/A

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

N/A

### **After**

N/A

## **Pre-merge author checklist**

<!--
Every checklist item must be consciously assessed before marking this PR
as
"Ready for review". A checked box means you deliberately considered that
responsibility, not that you literally performed every action listed.

Unchecked boxes are ambiguous: they are not an implicit "N/A" and they
are not
a silent "skip". See `docs/readme/ready-for-review.md` for the full
checklist
semantics.
-->

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I've included tests if applicable
- [x] I've documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I've applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

#### Performance checks (if applicable)

- [ ] I've tested on Android
  - Ideally on a mid-range device; emulator is acceptable
- [ ] I've tested with a power user scenario
- Use these [power-user
SRPs](https://consensyssoftware.atlassian.net/wiki/spaces/TL1/pages/edit-v2/401401446401?draftShareId=9d77e1e1-4bdc-4be1-9ebb-ccd916988d93)
to import wallets with many accounts and tokens
- [ ] I've instrumented key operations with Sentry traces for production
performance metrics
- See [`trace()`](/app/util/trace.ts) for usage and
[`addToken`](/app/components/Views/AddAsset/components/AddCustomToken/AddCustomToken.tsx#L274)
for an example

For performance guidelines and tooling, see the [Performance
Guide](https://consensyssoftware.atlassian.net/wiki/spaces/TL1/pages/400085549067/Performance+Guide+for+Engineers).

## **Pre-merge reviewer checklist**

<!--
Reviewer checklist items follow the same semantics as the author
checklist: an
unchecked box is ambiguous, a checked box means the reviewer consciously
assessed that responsibility. See `docs/readme/ready-for-review.md`.
-->

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- Generated with the help of the pr-description AI skill -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Medium risk because it changes transaction-confirmation waiting
behavior (new subscribe/unsubscribe + failure/timeout handling) and adds
a new background allowance-approval flow in `CardController` that signs
messages and submits transactions without user confirmation.
> 
> **Overview**
> Introduces a new `awaitTransactionConfirmed` utility that subscribes
to `TransactionController:transactionConfirmed` and
`TransactionController:transactionFailed` *before* submitting a
transaction, stashes early events, enforces a timeout, and always
unsubscribes.
> 
> Moves SIWE/delegation signature message construction out of
`useCardDelegation` into the provider layer via
`ICardProvider.generateCardDelegationSignatureMessage` (implemented in
`BaanxProvider`) and exposes it through
`CardController.generateCardDelegationSignatureMessage`;
`useCardDelegation` now uses this plus `awaitTransactionConfirmed` for
EVM approvals and listens for `transactionFailed` events.
> 
> Adds `CardController.linkMoneyAccountCard` to orchestrate Money
Account �4 Card linkage (resolve Monad USDC from delegation settings,
fetch challenge, sign message, submit ERC-20 approve with
`requireApproval:false`, then call `approveFunding`), plus a
`moneyAccountCardToken` resolver util and messenger/event delegation
updates. Also hardens spending-limit token list building by making the
SDK token lookup callback non-optional, and skips notifications for
`MMM_CARD`-origin transactions.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
26851d8. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: Brunonascdev

app/components/UI/Card/hooks/useCardDelegation.test.ts

@@ -52,6 +52,7 @@ jest.mock('../../../../util/address', () => ({
 
 const mockFetchDelegationChallenge = jest.fn();
 const mockApproveFunding = jest.fn();
+const mockGenerateCardDelegationSignatureMessage = jest.fn();
 
 jest.mock('../../../../core/Engine', () => ({
   context: {
@@ -65,6 +66,8 @@ jest.mock('../../../../core/Engine', () => ({
       fetchDelegationChallenge: (...args: unknown[]) =>
         mockFetchDelegationChallenge(...args),
       approveFunding: (...args: unknown[]) => mockApproveFunding(...args),
+      generateCardDelegationSignatureMessage: (...args: unknown[]) =>
+        mockGenerateCardDelegationSignatureMessage(...args),
     },
   },
   controllerMessenger: {
@@ -169,6 +172,13 @@ describe('useCardDelegation', () => {
     });
     mockApproveFunding.mockResolvedValue(undefined);
 
+    // Default SIWE message returned by the (provider-backed) controller.
+    // Tests that need a different shape (e.g. Solana wording) override this.
+    mockGenerateCardDelegationSignatureMessage.mockReset();
+    mockGenerateCardDelegationSignatureMessage.mockReturnValue(
+      'mocked-siwe-message',
+    );
+
     // Setup metrics mock
     mockBuild = jest.fn().mockReturnValue({ event: 'mock-event' });
     mockAddProperties = jest.fn().mockReturnValue({ build: mockBuild });
@@ -209,18 +219,21 @@ describe('useCardDelegation', () => {
       ensureNetworkExists: mockEnsureNetworkExists,
     });
 
-    // Setup controllerMessenger mock to simulate transaction confirmation
-    Engine.controllerMessenger.subscribeOnceIf = jest
+    // Setup controllerMessenger mock to simulate transaction confirmation via
+    // the awaitTransactionConfirmed util (subscribe/unsubscribe pattern).
+    Engine.controllerMessenger.subscribe = jest
       .fn()
-      .mockImplementation((_eventName, callback, _filter) => {
-        // Immediately call the callback with a confirmed transaction
-        setImmediate(() => {
-          callback({
-            id: 'transaction-meta-id-123',
-            status: TransactionStatus.confirmed,
+      .mockImplementation((eventName, callback) => {
+        if (eventName === 'TransactionController:transactionConfirmed') {
+          setImmediate(() => {
+            callback({
+              id: 'transaction-meta-id-123',
+              status: TransactionStatus.confirmed,
+            });
           });
-        });
+        }
       });
+    Engine.controllerMessenger.unsubscribe = jest.fn();
 
     // Setup utility mocks
     mockToTokenMinimalUnit.mockReturnValue(100000000000000000000n);
@@ -602,17 +615,8 @@ describe('useCardDelegation', () => {
       const mockToken = createMockToken();
       const params = createMockDelegationParams();
 
-      Engine.controllerMessenger.subscribeOnceIf = jest
-        .fn()
-        .mockImplementation((_eventName, callback) => {
-          // Immediately call the callback with a confirmed transaction
-          setImmediate(() => {
-            callback({
-              id: 'transaction-meta-id-123',
-              status: TransactionStatus.confirmed,
-            });
-          });
-        });
+      // Default beforeEach already emits a confirmed event on subscribe;
+      // approveFunding will reject after confirmation completes.
 
       const { result } = renderHook(() => useCardDelegation(mockToken));
 
@@ -872,8 +876,8 @@ describe('useCardDelegation', () => {
   });
 
   describe('generateSignatureMessage', () => {
-    it('generates multi-line SIWE message for EVM networks', async () => {
-      const mockToken = createMockToken();
+    it('forwards EVM args to CardController.generateCardDelegationSignatureMessage and signs the returned message', async () => {
+      const mockToken = createMockToken({ caipChainId: 'eip155:59144' });
       const params = createMockDelegationParams();
 
       const { result } = renderHook(() => useCardDelegation(mockToken));
@@ -882,6 +886,13 @@ describe('useCardDelegation', () => {
         await result.current.submitDelegation(params);
       });
 
+      expect(mockGenerateCardDelegationSignatureMessage).toHaveBeenCalledWith({
+        network: params.network,
+        address: mockAddress,
+        nonce: mockNonce,
+        caipChainId: 'eip155:59144',
+      });
+
       const mockSignPersonalMessage = Engine.context.KeyringController
         .signPersonalMessage as jest.MockedFunction<
         typeof Engine.context.KeyringController.signPersonalMessage
@@ -892,26 +903,10 @@ describe('useCardDelegation', () => {
         signedMessageHex.slice(2),
         'hex',
       ).toString('utf8');
-
-      // Verify content
-      expect(signedMessage).toContain(`${mockAddress}`);
-      expect(signedMessage).toContain('Chain ID: 59144');
-      expect(signedMessage).toContain(`Nonce: ${mockNonce}`);
-      expect(signedMessage).toContain(
-        'metamask.app.link wants you to sign in with your Ethereum account:',
-      );
-
-      // Verify multi-line format for EVM (contains newlines)
-      expect(signedMessage).toContain('\n');
-      expect(signedMessage).toContain('\nURI:');
-      expect(signedMessage).toContain('\nVersion:');
-      expect(signedMessage).toContain('\nChain ID:');
-      expect(signedMessage).toContain('\nNonce:');
-      expect(signedMessage).toContain('\nIssued At:');
-      expect(signedMessage).toContain('\nExpiration Time:');
+      expect(signedMessage).toBe('mocked-siwe-message');
     });
 
-    it('generates SIWE message for Solana network', async () => {
+    it('forwards Solana args to CardController.generateCardDelegationSignatureMessage and signs via the Solana snap', async () => {
       const mockToken = createMockToken();
       const mockSolanaAddress = 'SolanaAddress123ABC';
       const mockAccountId = 'solana-account-uuid-123';
@@ -928,12 +923,14 @@ describe('useCardDelegation', () => {
         }),
       );
 
-      // Mock handleSnapRequest for both signCardMessage and approveCardAmount
+      mockGenerateCardDelegationSignatureMessage.mockReturnValue(
+        'mocked-solana-siwe',
+      );
+
       mockHandleSnapRequest
-        .mockResolvedValueOnce({ signature: 'mock-solana-signature' }) // signCardMessage
-        .mockResolvedValueOnce({ signature: mockTxSignature }); // approveCardAmount
+        .mockResolvedValueOnce({ signature: 'mock-solana-signature' })
+        .mockResolvedValueOnce({ signature: mockTxSignature });
 
-      // Mock controllerMessenger.subscribe for Solana stateChange
       (Engine.controllerMessenger.subscribe as jest.Mock).mockImplementation(
         (eventName: string, callback: (state: unknown) => void) => {
           if (eventName === 'MultichainTransactionsController:stateChange') {
@@ -963,34 +960,22 @@ describe('useCardDelegation', () => {
         await result.current.submitDelegation(params);
       });
 
-      // Get the message that was passed to signCardMessage
-      // handleSnapRequest is called with (controllerMessenger, requestObject)
+      expect(mockGenerateCardDelegationSignatureMessage).toHaveBeenCalledWith(
+        expect.objectContaining({
+          network: 'solana',
+          address: mockSolanaAddress,
+          nonce: mockNonce,
+        }),
+      );
+
       const signCardMessageCall = mockHandleSnapRequest.mock.calls[0];
       const requestObject = signCardMessageCall[1];
       const base64Message = requestObject.request.params.message;
-
-      // Decode from base64
       const message = Buffer.from(base64Message, 'base64').toString('utf8');
-
-      // Verify content
-      expect(message).toContain(mockSolanaAddress);
-      expect(message).toContain(
-        'metamask.app.link wants you to sign in with your Solana account:',
-      );
-      expect(message).toContain(`Nonce: ${mockNonce}`);
-      expect(message).toContain('Chain ID: 1');
-      expect(message).toContain('URI: https://metamask.app.link');
-      expect(message).toContain('Version: 1');
-      expect(message).toContain('Issued At:');
-
-      // Verify multi-line format (same structure as EVM, but without Expiration Time)
-      expect(message).toContain('\nURI:');
-      expect(message).toContain('\nVersion:');
-      expect(message).toContain('\nChain ID:');
-      expect(message).not.toContain('Expiration Time:');
+      expect(message).toBe('mocked-solana-siwe');
     });
 
-    it('extracts chain ID from token caipChainId', async () => {
+    it('forwards token caipChainId to the controller', async () => {
       const mockToken = createMockToken({ caipChainId: 'eip155:1' });
       const params = createMockDelegationParams();
 
@@ -1000,21 +985,12 @@ describe('useCardDelegation', () => {
         await result.current.submitDelegation(params);
       });
 
-      const mockSignPersonalMessage = Engine.context.KeyringController
-        .signPersonalMessage as jest.MockedFunction<
-        typeof Engine.context.KeyringController.signPersonalMessage
-      >;
-      const signCallArgs = mockSignPersonalMessage.mock.calls[0][0];
-      const signedMessageHex = signCallArgs.data;
-      const signedMessage = Buffer.from(
-        signedMessageHex.slice(2),
-        'hex',
-      ).toString('utf8');
-
-      expect(signedMessage).toContain('Chain ID: 1');
+      expect(mockGenerateCardDelegationSignatureMessage).toHaveBeenCalledWith(
+        expect.objectContaining({ caipChainId: 'eip155:1' }),
+      );
     });
 
-    it('uses default chain ID when caipChainId is not provided', async () => {
+    it('forwards undefined caipChainId when the token has none', async () => {
       const mockToken = createMockToken({ caipChainId: undefined });
       const params = createMockDelegationParams();
 
@@ -1024,18 +1000,9 @@ describe('useCardDelegation', () => {
         await result.current.submitDelegation(params);
       });
 
-      const mockSignPersonalMessage = Engine.context.KeyringController
-        .signPersonalMessage as jest.MockedFunction<
-        typeof Engine.context.KeyringController.signPersonalMessage
-      >;
-      const signCallArgs = mockSignPersonalMessage.mock.calls[0][0];
-      const signedMessageHex = signCallArgs.data;
-      const signedMessage = Buffer.from(
-        signedMessageHex.slice(2),
-        'hex',
-      ).toString('utf8');
-
-      expect(signedMessage).toContain('Chain ID: 59144');
+      expect(mockGenerateCardDelegationSignatureMessage).toHaveBeenCalledWith(
+        expect.objectContaining({ caipChainId: undefined }),
+      );
     });
   });
 
@@ -1094,9 +1061,12 @@ describe('useCardDelegation', () => {
         await result.current.submitDelegation(params);
       });
 
-      expect(Engine.controllerMessenger.subscribeOnceIf).toHaveBeenCalledWith(
+      expect(Engine.controllerMessenger.subscribe).toHaveBeenCalledWith(
         'TransactionController:transactionConfirmed',
         expect.any(Function),
+      );
+      expect(Engine.controllerMessenger.unsubscribe).toHaveBeenCalledWith(
+        'TransactionController:transactionConfirmed',
         expect.any(Function),
       );
     });
@@ -1109,16 +1079,18 @@ describe('useCardDelegation', () => {
         resolveConfirmation = resolve;
       });
 
-      Engine.controllerMessenger.subscribeOnceIf = jest
-        .fn()
-        .mockImplementation((_eventName, callback) => {
-          confirmationPromise.then(() => {
-            callback({
-              id: 'transaction-meta-id-123',
-              status: TransactionStatus.confirmed,
+      (Engine.controllerMessenger.subscribe as jest.Mock).mockImplementation(
+        (eventName, callback) => {
+          if (eventName === 'TransactionController:transactionConfirmed') {
+            confirmationPromise.then(() => {
+              callback({
+                id: 'transaction-meta-id-123',
+                status: TransactionStatus.confirmed,
+              });
             });
-          });
-        });
+          }
+        },
+      );
 
       const { result } = renderHook(() => useCardDelegation(mockToken));
 
@@ -1150,24 +1122,22 @@ describe('useCardDelegation', () => {
       expect(mockApproveFunding).toHaveBeenCalled();
     });
 
-    it('handles transaction failure in confirmation listener', async () => {
+    it('handles transaction failure via transactionFailed event', async () => {
       const mockToken = createMockToken();
       const params = createMockDelegationParams();
 
-      Engine.controllerMessenger.subscribeOnceIf = jest
-        .fn()
-        .mockImplementation((_eventName, callback) => {
-          // Immediately call the callback with a failed transaction
-          setImmediate(() => {
-            callback({
-              id: 'transaction-meta-id-123',
-              status: TransactionStatus.failed,
-              error: {
-                message: 'Transaction execution failed',
-              },
+      (Engine.controllerMessenger.subscribe as jest.Mock).mockImplementation(
+        (eventName, callback) => {
+          if (eventName === 'TransactionController:transactionFailed') {
+            setImmediate(() => {
+              callback({
+                error: 'Transaction execution failed',
+                transactionMeta: { id: 'transaction-meta-id-123' },
+              });
             });
-          });
-        });
+          }
+        },
+      );
 
       const { result } = renderHook(() => useCardDelegation(mockToken));
 
@@ -1178,29 +1148,25 @@ describe('useCardDelegation', () => {
       });
 
       expect(result.current.error).toBe('Transaction execution failed');
-      expect(Logger.error).toHaveBeenCalledWith(
-        expect.any(Error),
-        'Transaction failed',
-      );
       expect(mockApproveFunding).not.toHaveBeenCalled();
     });
 
-    it('handles transaction failure with generic message when error details not provided', async () => {
+    it('handles transaction failure with generic message when no error string provided', async () => {
       const mockToken = createMockToken();
       const params = createMockDelegationParams();
 
-      Engine.controllerMessenger.subscribeOnceIf = jest
-        .fn()
-        .mockImplementation((_eventName, callback) => {
-          // Immediately call the callback with a failed transaction without error details
-          setImmediate(() => {
-            callback({
-              id: 'transaction-meta-id-123',
-              status: TransactionStatus.failed,
-              error: undefined,
+      (Engine.controllerMessenger.subscribe as jest.Mock).mockImplementation(
+        (eventName, callback) => {
+          if (eventName === 'TransactionController:transactionFailed') {
+            setImmediate(() => {
+              callback({
+                error: '',
+                transactionMeta: { id: 'transaction-meta-id-123' },
+              });
             });
-          });
-        });
+          }
+        },
+      );
 
       const { result } = renderHook(() => useCardDelegation(mockToken));