fix(perps): suppress "User or API Wallet does not exist" Sentry noise from unfunded wallets (#29972)

## **Description**

Hyperliquid creates user accounts server-side on first USDC deposit.
Until then, every user-scoped exchange write (`agentSetAbstraction`,
`userSetAbstraction`, `setReferrer`) rejects with `User or API Wallet
0x... does not exist.` and the catch in
`HyperLiquidProvider.#ensureUnifiedAccountEnabled` was forwarding these
benign rejections to Sentry on every Perps section open.

Last 14d on `7.75.1+4800`:
-
[METAMASK-MOBILE-4XB5](https://metamask.sentry.io/issues/METAMASK-MOBILE-4XB5)
(iOS) — 316k events / 63k users
-
[METAMASK-MOBILE-4Q4M](https://metamask.sentry.io/issues/METAMASK-MOBILE-4Q4M)
(Android) — 1.7M events / 176k users

Source pinned by event Additional Context: `HyperLiquidProvider.method:
ensureUnifiedAccountEnabled`.

**Fix: proactive gate.** Probe `infoClient.userNonFundingLedgerUpdates`
once (cheap, ~100 ms, non-throwing) before any user-scoped exchange
write. The ledger is empty if and only if the wallet has never
interacted with Hyperliquid — a necessary and sufficient precondition
for the exchange writes to succeed. When empty, skip the migration /
referral writes, fire `Perp Account Setup` with `status:
not_applicable`, `error_message: no_hl_account`. Positive observations
cached in `PerpsSigningCache.walletRegistered`; negative results
re-probe on next entry so the gate self-heals once the user deposits.

`isHyperLiquidUserNotFoundError` remains as a safety net in three
catches (`ensureUnifiedAccountEnabled`, `ensureReferralSet`,
`setReferralCode`) for the small race window where the probe succeeded
but the write still rejected. Unrelated SDK errors keep reaching
`logger.error`.

### Reproduced standalone

Confirmed with a node script (not committed) that drives the SDK
directly with a freshly-generated EOA. Key signals:
- `exchangeClient.agentSetAbstraction({abstraction:'u'})` rejects with
the exact Sentry string.
- `infoClient.userAbstraction` is **not** the throw site — it returns
`'default'` for fresh wallets.
- `infoClient.userNonFundingLedgerUpdates` returns `[]` for fresh
wallets — a clean array-length discriminator (no string parsing).

### Why this supersedes #29828

#29828 catches and classifies after the SDK rejects. This PR prevents
the SDK call when we already know it will fail.

| | #29828 | This PR |
|---|---|---|
| Exchange round-trip for unfunded wallets | Full call | Skipped |
| HL-side error logs | Generated | None |
| Coverage | `ensureUnifiedAccountEnabled` only |
`ensureUnifiedAccountEnabled` + `ensureReferralSet` |
| New throw sites | Need a new catch | Existing probe gates them |

Cherry-picked from #29828: `isHyperLiquidUserNotFoundError` helper,
`reason: 'no_hl_account'` discriminator, `STATUS.NOT_APPLICABLE`
constant.

## **Changelog**

CHANGELOG entry: null

## **Related issues**

Supersedes: #29828
Sentry: METAMASK-MOBILE-4XB5, METAMASK-MOBILE-4Q4M, METAMASK-MOBILE-4KC4

## **Manual testing steps**

```gherkin
Feature: Unfunded wallets do not pollute Sentry with HL exchange-write rejections

  Scenario: Fresh wallet opens Perps without depositing
    Given the wallet has never deposited to Hyperliquid
    When the user opens the Perps section
    Then no Sentry event is captured with title "ApiRequestError: User or API Wallet ** does not exist."
    And one Segment "Perp Account Setup" event with status=not_applicable, error_message=no_hl_account is fired

  Scenario: Wallet funds during the session
    Given the gate previously deferred for this wallet
    When the user deposits USDC and re-enters Perps
    Then the unified account migration runs as before

  Scenario: Unrelated SDK error still surfaces
    Given the wallet is funded
    When agentSetAbstraction throws e.g. "Insufficient margin"
    Then logger.error fires as before
    And the Segment event has status=failed (not not_applicable)
```

Automated:
```
yarn jest \
  app/controllers/perps/providers/HyperLiquidProvider.test.ts \
  app/controllers/perps/services/TradingReadinessCache.test.ts \
  app/controllers/perps/utils/errorUtils.test.ts \
  --no-coverage
# 3 suites, 395 passed, 0 failed
```

`yarn lint` clean. `tsc --noEmit` clean.

## **Screenshots/Recordings**

N/A — internal observability change. Verify via Sentry dashboard delta
24–48h after release.

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I've included tests if applicable
- [x] I've documented my code using JSDoc where applicable
- [x] I've applied the right labels on the PR

#### Performance checks (if applicable)

- [x] I've tested on Android — N/A (no runtime UX change; one cheap
extra read on Perps init for unfunded wallets)
- [x] I've tested with a power user scenario — N/A
- [x] I've instrumented key operations with Sentry traces for production
performance metrics — N/A; removes noise rather than adds traces

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR
- [ ] I confirm that this PR addresses all acceptance criteria

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches Hyperliquid account setup and referral flows and adds new
caching/gating logic; mistakes could defer migration/referral for some
funded users, though the probe is designed to fail open and has test
coverage.
> 
> **Overview**
> Reduces Perps Sentry noise by **proactively skipping Hyperliquid
exchange writes** when the wallet has no Hyperliquid account yet (no
funding/ledger history), and instead tracking `Perp Account Setup` with
`status: not_applicable` and `error_message: no_hl_account`.
> 
> Adds `#isWalletOnHyperliquid` (ledger probe + positive-only cache in
`PerpsSigningCache.walletRegistered`) and uses it to gate
`#ensureUnifiedAccountEnabled` and referral setup; also introduces
`isHyperLiquidUserNotFoundError` as a safety-net classifier so these
benign rejections are debug-logged rather than sent to Sentry.
> 
> Extends analytics constants with `STATUS.NOT_APPLICABLE`, enriches
`TradingReadinessCache` entries with an optional `reason`, and adds
focused unit tests covering the new gate, cache behavior, and error
classification.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
9e54db7. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

Author: abretonc7s

app/controllers/perps/constants/eventNames.ts

@@ -360,6 +360,10 @@ export const PERPS_EVENT_VALUE = {
     SUCCESS: 'success',
     ALREADY_ENABLED: 'already_enabled',
     MIGRATION_REQUIRED: 'migration_required',
+    // Emitted when a migration attempt is skipped because it is not applicable
+    // (e.g. the user has no Hyperliquid account yet — nothing to migrate).
+    // Distinguishes expected no-ops from real failures in dashboards.
+    NOT_APPLICABLE: 'not_applicable',
   },
   SCREEN_TYPE: {
     MARKETS: 'markets',

app/controllers/perps/providers/HyperLiquidProvider.test.ts

@@ -10838,4 +10838,210 @@ describe('HyperLiquidProvider', () => {
       await expect(provider.getExchangeClient()).rejects.toBe(bomb);
     });
   });
+
+  // ──────────────────────────────────────────────────────────────────────
+  // Proactive "user does not exist" gate
+  //
+  // Hyperliquid creates user accounts server-side on first USDC deposit.
+  // Before that, exchange writes (`agentSetAbstraction`, `userSetAbstraction`,
+  // `setReferrer`, ...) reject with
+  //     ApiRequestError: User or API Wallet 0x... does not exist.
+  // and the catch in `#ensureUnifiedAccountEnabled` forwards them to Sentry.
+  //
+  // The provider probes `infoClient.clearinghouseState` first and defers
+  // migration when every existence signal is zero/empty. The classifier in
+  // the catch acts as a safety net for races (probe succeeded but write
+  // still rejected).
+  //
+  // Sentry source: METAMASK-MOBILE-4XB5 (iOS) / 4Q4M (Android).
+  // Standalone repro: scripts/repro-hl-user-not-found.mjs.
+  // ──────────────────────────────────────────────────────────────────────
+  describe('wallet-not-on-hyperliquid gate (ensureUnifiedAccountEnabled)', () => {
+    const USER_ADDRESS = '0x1234567890123456789012345678901234567890';
+
+    const withdrawParams = {
+      amount: '1000',
+      destination: USER_ADDRESS as Hex,
+      assetId:
+        'eip155:42161/erc20:0xa0b86a33e6776e681a06e0e1622c5e5e3e6a8b13/usdc' as CaipAssetId,
+    };
+
+    const stubGetAccountState = (availableBalance: string) =>
+      Object.defineProperty(provider, 'getAccountState', {
+        value: jest.fn().mockResolvedValue({ availableBalance }),
+        writable: true,
+      });
+
+    it('defers migration without firing exchange writes when the wallet has no HL ledger history', async () => {
+      const exchangeClient = createMockExchangeClient();
+      mockClientService.getExchangeClient = jest
+        .fn()
+        .mockReturnValue(exchangeClient);
+      mockClientService.getInfoClient = jest.fn().mockReturnValue(
+        createMockInfoClient({
+          // Empty ledger = wallet has never deposited / withdrawn / interacted.
+          userNonFundingLedgerUpdates: jest.fn().mockResolvedValue([]),
+          userAbstraction: jest.fn().mockResolvedValue('default'),
+        }),
+      );
+      stubGetAccountState('5000');
+
+      await provider.withdraw(withdrawParams).catch(() => undefined);
+
+      // Critical: neither migration write is called for unfunded wallets.
+      expect(exchangeClient.agentSetAbstraction).not.toHaveBeenCalled();
+      expect(exchangeClient.userSetAbstraction).not.toHaveBeenCalled();
+      // And no `logger.error` → no Sentry event.
+      expect(mockPlatformDependencies.logger.error).not.toHaveBeenCalled();
+
+      const trackCalls = (
+        mockPlatformDependencies.metrics.trackPerpsEvent as jest.Mock
+      ).mock.calls.filter((call) => call[0] === 'Perp Account Setup');
+      const notApplicable = trackCalls.find(
+        (call) => call[1]?.status === 'not_applicable',
+      );
+      expect(notApplicable?.[1]).toEqual(
+        expect.objectContaining({
+          status: 'not_applicable',
+          error_message: 'no_hl_account',
+        }),
+      );
+    });
+
+    it('classifier safety net: suppresses Sentry when agentSetAbstraction races and rejects with user-not-found', async () => {
+      // Funded probe — gate passes — but the exchange write still rejects
+      // (deposit not yet visible, address reuse across networks, ...).
+      const userNotFound = new Error(
+        `User or API Wallet ${USER_ADDRESS} does not exist.`,
+      );
+      const exchangeClient = createMockExchangeClient();
+      exchangeClient.agentSetAbstraction = jest
+        .fn()
+        .mockRejectedValue(userNotFound);
+      mockClientService.getExchangeClient = jest
+        .fn()
+        .mockReturnValue(exchangeClient);
+      mockClientService.getInfoClient = jest.fn().mockReturnValue(
+        createMockInfoClient({
+          // Funded clearinghouseState → gate passes
+          userAbstraction: jest.fn().mockResolvedValue('default'),
+        }),
+      );
+      stubGetAccountState('5000');
+
+      await provider.withdraw(withdrawParams).catch(() => undefined);
+
+      expect(exchangeClient.agentSetAbstraction).toHaveBeenCalled();
+      expect(mockPlatformDependencies.logger.error).not.toHaveBeenCalled();
+
+      const trackCalls = (
+        mockPlatformDependencies.metrics.trackPerpsEvent as jest.Mock
+      ).mock.calls.filter((call) => call[0] === 'Perp Account Setup');
+      expect(
+        trackCalls.find((call) => call[1]?.status === 'not_applicable'),
+      ).toBeDefined();
+      expect(
+        trackCalls.find((call) => call[1]?.status === 'failed'),
+      ).toBeUndefined();
+    });
+
+    it('regression: unrelated exchange write failures still reach logger.error', async () => {
+      const exchangeClient = createMockExchangeClient();
+      exchangeClient.agentSetAbstraction = jest
+        .fn()
+        .mockRejectedValue(new Error('Insufficient margin'));
+      mockClientService.getExchangeClient = jest
+        .fn()
+        .mockReturnValue(exchangeClient);
+      mockClientService.getInfoClient = jest.fn().mockReturnValue(
+        createMockInfoClient({
+          userAbstraction: jest.fn().mockResolvedValue('default'),
+        }),
+      );
+      stubGetAccountState('5000');
+
+      await provider.withdraw(withdrawParams).catch(() => undefined);
+
+      expect(mockPlatformDependencies.logger.error).toHaveBeenCalled();
+
+      const trackCalls = (
+        mockPlatformDependencies.metrics.trackPerpsEvent as jest.Mock
+      ).mock.calls.filter((call) => call[0] === 'Perp Account Setup');
+      expect(
+        trackCalls.find((call) => call[1]?.status === 'failed'),
+      ).toBeDefined();
+    });
+
+    it('funded wallets are unaffected: existing migration path runs as before', async () => {
+      const exchangeClient = createMockExchangeClient();
+      mockClientService.getExchangeClient = jest
+        .fn()
+        .mockReturnValue(exchangeClient);
+      mockClientService.getInfoClient = jest.fn().mockReturnValue(
+        createMockInfoClient({
+          // Default funded clearinghouseState from factory
+          userAbstraction: jest.fn().mockResolvedValue('default'),
+        }),
+      );
+      stubGetAccountState('5000');
+
+      await provider.withdraw(withdrawParams).catch(() => undefined);
+
+      expect(exchangeClient.agentSetAbstraction).toHaveBeenCalledWith({
+        // SDK wire format: 'u' = unifiedAccount (see HL_ABSTRACTION_WIRE).
+        abstraction: 'u',
+      });
+      expect(mockPlatformDependencies.logger.error).not.toHaveBeenCalled();
+    });
+
+    it('walletRegistered cache hit skips the probe entirely', async () => {
+      // Arrange: pre-warm the walletRegistered cache so #isWalletOnHyperliquid
+      // returns true without calling userNonFundingLedgerUpdates.
+      const mockedCache = TradingReadinessCache as jest.Mocked<
+        typeof TradingReadinessCache
+      >;
+      mockedCache.getWalletRegistered.mockReturnValue({
+        known: true,
+        registered: true,
+      });
+
+      const exchangeClient = createMockExchangeClient();
+      mockClientService.getExchangeClient = jest
+        .fn()
+        .mockReturnValue(exchangeClient);
+      const infoClient = createMockInfoClient({
+        userAbstraction: jest.fn().mockResolvedValue('unifiedAccount'),
+      });
+      mockClientService.getInfoClient = jest.fn().mockReturnValue(infoClient);
+      stubGetAccountState('5000');
+
+      await provider.withdraw(withdrawParams).catch(() => undefined);
+
+      // The ledger probe should never fire because the cache was hit.
+      expect(infoClient.userNonFundingLedgerUpdates).not.toHaveBeenCalled();
+    });
+
+    it('probe failure fails open — allows migration to proceed', async () => {
+      // Arrange: probe throws (transient network), should fail open (return true)
+      // and allow the migration to proceed.
+      const exchangeClient = createMockExchangeClient();
+      mockClientService.getExchangeClient = jest
+        .fn()
+        .mockReturnValue(exchangeClient);
+      mockClientService.getInfoClient = jest.fn().mockReturnValue(
+        createMockInfoClient({
+          userAbstraction: jest.fn().mockResolvedValue('default'),
+          userNonFundingLedgerUpdates: jest
+            .fn()
+            .mockRejectedValue(new Error('Network timeout')),
+        }),
+      );
+      stubGetAccountState('5000');
+
+      await provider.withdraw(withdrawParams).catch(() => undefined);
+
+      // Probe failed open → migration ran → agentSetAbstraction was called.
+      expect(exchangeClient.agentSetAbstraction).toHaveBeenCalled();
+    });
+  });
 });