feat: [MUSD-439] upgrade money account on navigation to money homepage

[Jwhiles]

Description

Changelog

CHANGELOG entry: Add chomp-api-service and money-account-upgrade-controller - initialise money account upgrade process when user visits the money account route.

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
  • Use these power-user SRPs to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production performance metrics
  • See trace() for usage and addToken for an example

For performance guidelines and tooling, see the Performance Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Adds new Engine services/controllers that bootstrap on keyring unlock and triggers an account upgrade flow on Money navigation, increasing risk of unexpected network calls or upgrade attempts. Changes touch Engine initialization/state wiring and navigation entrypoints but are guarded with logging, readiness checks, and deduping.

Overview
Automatically kicks off the Money account upgrade flow when the user navigates to the Money home by introducing MoneyAccountStackGate, which dispatches the new upgradeMoneyAccount thunk on mount.

Adds ChompApiService (configured via the new remote flag earnChompApiConfig with a dev-URL fallback) and a MoneyAccountUpgradeController that bootstraps after keyring unlock by fetching CHOMP service details and initializing upgrade parameters.

Wires both new clients into Engine (init, messengers, types, state fixtures, and background state events), updates E2E API mocks to cover the CHOMP service-details endpoint, and adds unit tests for the new init and upgrade behaviors.

^{Reviewed by Cursor Bugbot for commit 64bdcb7. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​metamask/​chomp-api-service@​3.0.0
	npm/​@​metamask/​money-account-upgrade-controller@​1.3.1

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring alerts on:

• npm/@metamask/chomp-api-service@3.0.0

View full report

[codecov-commenter]

Codecov Report

❌ Patch coverage is 9.61538% with 141 lines in your changes missing coverage. Please review.
✅ Project coverage is 56.91%. Comparing base (8542e14) to head (3d038c8).
⚠️ Report is 9 commits behind head on main.

Files with missing lines	Patch %	Lines
...s/Views/Settings/DeveloperOptions/ChompApiTest.tsx	3.29%	88 Missing ⚠️
...ntrollers/money-account-upgrade-controller-init.ts	16.66%	20 Missing ⚠️
app/actions/money/index.ts	15.78%	16 Missing ⚠️
...e/Engine/messengers/chomp-api-service-messenger.ts	0.00%	6 Missing ⚠️
...gers/money-account-upgrade-controller-messenger.ts	0.00%	6 Missing ⚠️
.../core/Engine/controllers/chomp-api-service-init.ts	28.57%	5 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##             main   #29141       +/-   ##
===========================================
- Coverage   82.23%   56.91%   -25.32%     
===========================================
  Files        5107     5117       +10     
  Lines      134974   135407      +433     
  Branches    30358    30447       +89     
===========================================
- Hits       110997    77071    -33926     
- Misses      16410    52082    +35672     
+ Partials     7567     6254     -1313     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Matt561]

@Jwhiles Just thinking out loud here. What about wrapping the Money navigation stack in a function that upgrades the Money Account? This way when the user is redirected to any of the Money routes we upgrade the account if needed. For example, when the user is in the onboarding carousel we could upgrade the account behind the scenes so that this is done by the time they visit the Money Home screen?

I haven't done this before but wondering if something like this would work?

If this is overkill please push back! Just an idea 😄

function MoneyScreenStack() {
  return (
    <Stack.Navigator>
      <Stack.Screen ... />
      <Stack.Screen ... />
    </Stack.Navigator>
  );
}

// Middleware that wraps Money routes 
function MoneyAccountStackGate() {
  // Upgrade if necessary
  useEffect(
    useCallback(() => {
      dispatch(upgradeMoneyAccount());
    }, [dispatch]),
  );

  return <MoneyScreenStack />;  
}

// In MainNavigator.js register the MoneyAccountStackGate
      {isMoneyHomeScreenEnabled && (
        <>
          <Stack.Screen
            name={Routes.MONEY.ROOT}
            component={MoneyAccountStackGate}
            options={{ headerShown: false, ...slideFromRightAnimation }}
          />
        </>
      )}

We could also just wrap our navigation stack with a <MoneyAccountUpgradeProvider />

[Jwhiles]

Yeah this is a nice approach! Thanks for the suggestion :)

[Matt561]

Should we set the Earn team as the codeowners for these new files?

[Matt561]

Does this access the RemoteFeatureFlagController state before it has a chance to fetch latest flags? I'm wondering if it's possible that we init with a potentially stale config if we ever update earnChompApiConfig in LaunchDarkly.

[Jwhiles]

hmm yeah possibly. I could take a similar approach to the money controller, and actually 'initialise' it when the user unlocks?

[Jwhiles]

@Matt561 I thought about this some more, and I think fixing it requires us updating the chomp service. I'm up for doing that, but if it's okay with you - I'll do it in a follow up PR - as I'd like to get this one merged.

[shane-t]

Works for me (apart from the 401s)

[cortisiko]

there are failing e2e, feel free to ping once those are passing!

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit f6afb9b. Configure here.}

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeAccounts, SmokeConfirmations, SmokeIdentity, SmokeNetworkAbstractions, SmokeNetworkExpansion, SmokeSwap, SmokeStake, SmokeWalletPlatform, SmokeMoney, SmokePerps, SmokeMultiChainAPI, SmokePredictions, SmokeSeedlessOnboarding, SmokeBrowser, SmokeSnaps
• Selected Performance tags: @PerformanceAccountList, @PerformanceOnboarding, @PerformanceLogin, @PerformanceSwaps, @PerformanceLaunch, @PerformanceAssetLoading, @PerformancePredict, @PerformancePreps
• Risk Level: high
• AI Confidence: 100%

click to see 🤖 AI reasoning details

E2E Test Selection:
Hard rule (controller-version-update): @MetaMask controller package version updated in package.json: @metamask/money-account-upgrade-controller. Running all tests.

Performance Test Selection:
Hard rule (controller-version-update): @MetaMask controller package version updated in package.json: @metamask/money-account-upgrade-controller. Running all tests.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[tommasini]

Can we solve and investigate if it's okay to go with the library mentioned by socket security?
#29141 (comment)

[Jwhiles]

Can we solve and investigate if it's okay to go with the library mentioned by socket security? #29141 (comment)

Hey Tomas, thanks for calling it out - I created this package, and it uses fetch because it exists to talk to our new chomp API. I'm going to mark it as an acceptable risk :)

[Jwhiles]

@SocketSecurity ignore npm/@metamask/chomp-api-service@3.0.0