fix: remove SECURITY_ALERTS_API_ENABLED flag

.e2e.env.example

@@ -3,5 +3,3 @@ export MM_TEST_ACCOUNT_SRP='word1 word... word12'
 export MM_TEST_ACCOUNT_ADDRESS='0x...'
 export MM_TEST_ACCOUNT_PRIVATE_KEY=''
 export IS_TEST="true"
-# Temporary mechanism to enable security alerts API prior to release.
-export MM_SECURITY_ALERTS_API_ENABLED="true"

.js.env.example

@@ -79,9 +79,6 @@ export SECURITY_ALERTS_API_URL="https://security-alerts.api.cx.metamask.io"
 # Enable Portfolio View
 export PORTFOLIO_VIEW="true"
 
-
-# Temporary mechanism to enable security alerts API prior to release.
-export MM_SECURITY_ALERTS_API_ENABLED="true"
 # Firebase
 export GOOGLE_SERVICES_B64_ANDROID=""
 export GOOGLE_SERVICES_B64_IOS=""

app/lib/ppom/ppom-util.test.ts

@@ -118,10 +118,6 @@ describe('PPOM Utils', () => {
     securityAlertAPI.validateWithSecurityAlertsAPI,
   );
 
-  const isSecurityAlertsEnabledMock = jest.mocked(
-    securityAlertAPI.isSecurityAlertsAPIEnabled,
-  );
-
   const mockIsBlockaidFeatureEnabled = jest.mocked(isBlockaidFeatureEnabled);
 
   const normalizeTransactionParamsMock = jest.mocked(
@@ -170,6 +166,12 @@ describe('PPOM Utils', () => {
 
     normalizeTransactionParamsMock.mockImplementation((params) => params);
     mockIsBlockaidFeatureEnabled.mockResolvedValue(true);
+
+    validateWithSecurityAlertsAPIMock.mockResolvedValue({
+      result_type: ResultType.Malicious,
+      reason: Reason.other,
+      source: SecurityAlertSource.API,
+    });
   });
 
   afterEach(() => {
@@ -186,9 +188,7 @@ describe('PPOM Utils', () => {
       MockEngine.context.PreferencesController.state.securityAlertsEnabled =
         false;
       await PPOMUtil.validateRequest(mockRequest, CHAIN_ID_MOCK);
-      expect(MockEngine.context.PPOMController?.usePPOM).toHaveBeenCalledTimes(
-        0,
-      );
+      expect(validateWithSecurityAlertsAPIMock).toHaveBeenCalledTimes(0);
       expect(spyTransactionAction).toHaveBeenCalledTimes(0);
     });
 
@@ -205,9 +205,7 @@ describe('PPOM Utils', () => {
           },
         ]);
       await PPOMUtil.validateRequest(mockRequest, CHAIN_ID_MOCK);
-      expect(MockEngine.context.PPOMController?.usePPOM).toHaveBeenCalledTimes(
-        0,
-      );
+      expect(validateWithSecurityAlertsAPIMock).toHaveBeenCalledTimes(0);
       expect(spyTransactionAction).toHaveBeenCalledTimes(0);
       MockEngine.context.AccountsController.listAccounts = jest
         .fn()
@@ -224,9 +222,7 @@ describe('PPOM Utils', () => {
         .spyOn(NetworkControllerSelectors, 'selectChainId')
         .mockReturnValue('0xfa');
       await PPOMUtil.validateRequest(mockRequest, CHAIN_ID_MOCK);
-      expect(MockEngine.context.PPOMController?.usePPOM).toHaveBeenCalledTimes(
-        0,
-      );
+      expect(validateWithSecurityAlertsAPIMock).toHaveBeenCalledTimes(0);
       expect(spyTransactionAction).toHaveBeenCalledTimes(0);
     });
 
@@ -244,9 +240,7 @@ describe('PPOM Utils', () => {
         },
         CHAIN_ID_MOCK,
       );
-      expect(MockEngine.context.PPOMController?.usePPOM).toHaveBeenCalledTimes(
-        0,
-      );
+      expect(validateWithSecurityAlertsAPIMock).toHaveBeenCalledTimes(0);
       expect(spyTransactionAction).toHaveBeenCalledTimes(0);
     });
 
@@ -256,19 +250,10 @@ describe('PPOM Utils', () => {
         'setTransactionSecurityAlertResponse',
       );
       await PPOMUtil.validateRequest(mockRequest);
-      expect(MockEngine.context.PPOMController?.usePPOM).toHaveBeenCalledTimes(
-        0,
-      );
+      expect(validateWithSecurityAlertsAPIMock).toHaveBeenCalledTimes(0);
       expect(spyTransactionAction).toHaveBeenCalledTimes(1);
     });
 
-    it('should invoke PPOMController usePPOM if securityAlertsEnabled is true', async () => {
-      await PPOMUtil.validateRequest(mockRequest, CHAIN_ID_MOCK);
-      expect(MockEngine.context.PPOMController?.usePPOM).toHaveBeenCalledTimes(
-        1,
-      );
-    });
-
     it('should update transaction with validation result', async () => {
       const spy = jest.spyOn(
         TransactionActions,
@@ -290,17 +275,6 @@ describe('PPOM Utils', () => {
         data: '0xabcd',
       };
 
-      const validateMock = jest.fn();
-
-      const ppomMock = {
-        validateJsonRpc: validateMock,
-      };
-
-      MockEngine.context.PPOMController?.usePPOM.mockImplementation(
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        (callback: any) => callback(ppomMock),
-      );
-
       normalizeTransactionParamsMock.mockReturnValue(
         normalizedTransactionParamsMock,
       );
@@ -312,11 +286,14 @@ describe('PPOM Utils', () => {
         mockRequest.params[0],
       );
 
-      expect(validateMock).toHaveBeenCalledTimes(1);
-      expect(validateMock).toHaveBeenCalledWith({
-        ...mockRequest,
-        params: [normalizedTransactionParamsMock],
-      });
+      expect(validateWithSecurityAlertsAPIMock).toHaveBeenCalledTimes(1);
+      expect(validateWithSecurityAlertsAPIMock).toHaveBeenCalledWith(
+        CHAIN_ID_MOCK,
+        {
+          ...mockRequest,
+          params: [normalizedTransactionParamsMock],
+        },
+      );
     });
 
     it('logs error if normalization fails', async () => {
@@ -336,17 +313,6 @@ describe('PPOM Utils', () => {
     });
 
     it('normalizes transaction request origin before validation', async () => {
-      const validateMock = jest.fn();
-
-      const ppomMock = {
-        validateJsonRpc: validateMock,
-      };
-
-      MockEngine.context.PPOMController?.usePPOM.mockImplementation(
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        (callback: any) => callback(ppomMock),
-      );
-
       await PPOMUtil.validateRequest(
         {
           ...mockRequest,
@@ -360,19 +326,18 @@ describe('PPOM Utils', () => {
         mockRequest.params[0],
       );
 
-      expect(validateMock).toHaveBeenCalledTimes(1);
-      expect(validateMock).toHaveBeenCalledWith({
-        ...mockRequest,
-      });
+      expect(validateWithSecurityAlertsAPIMock).toHaveBeenCalledTimes(1);
+      expect(validateWithSecurityAlertsAPIMock).toHaveBeenCalledWith(
+        CHAIN_ID_MOCK,
+        {
+          ...mockRequest,
+        },
+      );
     });
 
     it('uses security alerts API if enabled', async () => {
-      isSecurityAlertsEnabledMock.mockReturnValue(true);
-
       await PPOMUtil.validateRequest(mockRequest, CHAIN_ID_MOCK);
 
-      expect(MockEngine.context.PPOMController?.usePPOM).not.toHaveBeenCalled();
-
       expect(validateWithSecurityAlertsAPIMock).toHaveBeenCalledTimes(1);
       expect(validateWithSecurityAlertsAPIMock).toHaveBeenCalledWith(
         CHAIN_ID_MOCK,
@@ -381,8 +346,6 @@ describe('PPOM Utils', () => {
     });
 
     it('uses controller if security alerts API throws', async () => {
-      isSecurityAlertsEnabledMock.mockReturnValue(true);
-
       validateWithSecurityAlertsAPIMock.mockRejectedValue(
         new Error('Test Error'),
       );
@@ -410,6 +373,9 @@ describe('PPOM Utils', () => {
     });
 
     it('sets security alerts response to failed when security alerts API and controller PPOM throws', async () => {
+      validateWithSecurityAlertsAPIMock.mockRejectedValue(
+        new Error('Test Error'),
+      );
       const spy = jest.spyOn(
         TransactionActions,
         'setTransactionSecurityAlertResponse',
@@ -427,6 +393,9 @@ describe('PPOM Utils', () => {
       );
 
       await PPOMUtil.validateRequest(mockRequest, CHAIN_ID_MOCK);
+
+      expect(validateWithSecurityAlertsAPIMock).toHaveBeenCalledTimes(1);
+      expect(MockEngine.context.PPOMController?.usePPOM).toHaveBeenCalledTimes(1);
       expect(spy).toHaveBeenCalledTimes(2);
       expect(spy).toHaveBeenCalledWith(CHAIN_ID_MOCK, {
         chainId: CHAIN_ID_MOCK,
@@ -441,8 +410,6 @@ describe('PPOM Utils', () => {
     it.each([METHOD_SIGN_TYPED_DATA_V3, METHOD_SIGN_TYPED_DATA_V4])(
       'sanitizes request params if method is %s',
       async (method: string) => {
-        isSecurityAlertsEnabledMock.mockReturnValue(true);
-
         const firstTwoParams = [
           SIGN_TYPED_DATA_PARAMS_MOCK_1,
           SIGN_TYPED_DATA_PARAMS_MOCK_2,

app/lib/ppom/ppom-util.ts

@@ -18,7 +18,6 @@ import {
 import { WALLET_CONNECT_ORIGIN } from '../../util/walletconnect';
 import AppConstants from '../../core/AppConstants';
 import {
-  isSecurityAlertsAPIEnabled,
   validateWithSecurityAlertsAPI,
 } from './security-alerts-api';
 import { PPOMController } from '@metamask/ppom-validator';
@@ -111,9 +110,7 @@ async function validateRequest(req: PPOMRequest, transactionId?: string) {
 
     const normalizedRequest = normalizeRequest(req);
 
-    securityAlertResponse = isSecurityAlertsAPIEnabled()
-      ? await validateWithAPI(ppomController, chainId, normalizedRequest)
-      : await validateWithController(ppomController, normalizedRequest);
+    securityAlertResponse = await validateWithAPI(ppomController, chainId, normalizedRequest);
 
     securityAlertResponse = {
       ...securityAlertResponse,

app/lib/ppom/security-alerts-api.ts

@@ -8,10 +8,6 @@ export interface SecurityAlertsAPIRequest {
   params: unknown[];
 }
 
-export function isSecurityAlertsAPIEnabled() {
-  return process.env.MM_SECURITY_ALERTS_API_ENABLED === 'true';
-}
-
 export async function validateWithSecurityAlertsAPI(
   chainId: string,
   body: SecurityAlertsAPIRequest,

bitrise.yml

@@ -2268,7 +2268,7 @@ app:
       MM_PERMISSIONS_SETTINGS_V1_ENABLED: false
     - opts:
         is_expand: false
-      MM_SECURITY_ALERTS_API_ENABLED: true
+      MM_STABLECOIN_LENDING_UI_ENABLED: false
     - opts:
         is_expand: false
       PROJECT_LOCATION: android

jest.config.js

@@ -5,7 +5,6 @@ process.env.SEGMENT_REGULATIONS_ENDPOINT = 'TestRegulationsEndpoint';
 
 process.env.MM_FOX_CODE = 'EXAMPLE_FOX_CODE';
 
-process.env.MM_SECURITY_ALERTS_API_ENABLED = 'true';
 process.env.PORTFOLIO_VIEW = 'true';
 process.env.SECURITY_ALERTS_API_URL = 'https://example.com';