metamask-mobile icon indicating copy to clipboard operation
metamask-mobile copied to clipboard
verified publisher icon MetaMask

chore: remove epd feature flag

Open AugmentedMode opened this issue 1 month ago • 4 comments

Description

Changelog

CHANGELOG entry: remove epd feature flag

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

Pre-merge reviewer checklist

  • [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[!NOTE] Removes the productSafetyDappScanning flag and legacy paths, and refactors all phishing checks to always use async PhishingController.scanUrl with updated UI flows and tests.

  • Security / Phishing detection:
    • Replace legacy getPhishingTestResult and flag-gated logic with getPhishingTestResultAsync using PhishingController.scanUrl across BrowserTab, AccountConnect, and MultichainAccountConnect.
    • Remove productSafetyDappScanning feature flag, selectors, descriptions, types, and related tests/mocks.
    • Update flows to always prefix URLs and show phishing modal on async block results; BrowserTab allows initial load and handles phishing asynchronously with refined modal conditions.
    • Simplify engine init by removing conditional maybeUpdateState in phishing-controller-init.
  • Tests:
    • Update mocks to getPhishingTestResultAsync and adjust expectations (e.g., initial load allowed, async block handling).
    • Delete obsolete flag-related tests and references; refresh feature flag mocks.

Written by Cursor Bugbot for commit 1fda08c4348e76eeb11f3179473af67c8abfaf51. This will update automatically on new commits. Configure here.

AugmentedMode avatar Dec 05 '25 15:12 AugmentedMode

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

github-actions[bot] avatar Dec 05 '25 15:12 github-actions[bot]

Codecov Report

:x: Patch coverage is 83.33333% with 1 line in your changes missing coverage. Please review. :white_check_mark: Project coverage is 78.82%. Comparing base (e85bc15) to head (1e81968). :warning: Report is 35 commits behind head on main.

Files with missing lines Patch % Lines
...components/Views/AccountConnect/AccountConnect.tsx 0.00% 0 Missing and 1 partial :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #23725      +/-   ##
==========================================
+ Coverage   78.80%   78.82%   +0.01%     
==========================================
  Files        4033     4042       +9     
  Lines      105201   105410     +209     
  Branches    21157    21209      +52     
==========================================
+ Hits        82903    83085     +182     
- Misses      16516    16533      +17     
- Partials     5782     5792      +10

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov-commenter avatar Dec 05 '25 16:12 codecov-commenter

🔍 Smart E2E Test Selection

  • Selected E2E tags: SmokeCore, SmokeWalletPlatform, SmokeMultiChainPermissions
  • Risk Level: medium
  • AI Confidence: 80%
click to see 🤖 AI reasoning details

This PR removes the productSafetyDappScanning feature flag and makes dapp scanning always enabled. The changes affect:

  1. Phishing Controller Initialization (app/core/Engine/controllers/phishing-controller-init.ts): Removed conditional check and maybeUpdateState() call - this is a critical Engine component change.

  2. Phishing Detection Utility (app/util/phishingDetection.ts): Removed isProductSafetyDappScanningEnabled and getPhishingTestResult functions, simplified getPhishingTestResultAsync to always use the scanUrl API.

  3. BrowserTab (app/components/Views/BrowserTab/BrowserTab.tsx): Removed conditional checks for the feature flag and synchronous phishing check fallback - affects browser/dApp browsing functionality.

  4. AccountConnect (app/components/Views/AccountConnect/AccountConnect.tsx): Removed conditional check - affects dApp connection flows.

  5. MultichainAccountConnect (app/components/Views/MultichainAccounts/MultichainAccountConnect/MultichainAccountConnect.tsx): Removed conditional check - affects multi-chain account connection flows.

  6. Feature Flag Selector: Deleted entire productSafetyDappScanning directory.

The changes are primarily code simplification by removing a feature flag that was controlling phishing detection behavior. The functionality is being standardized to always use the async dapp scanning API. This affects:

  • Core browser functionality (SmokeCore)
  • Account connection flows (SmokeWalletPlatform)
  • Multi-chain account connections (SmokeMultiChainPermissions)

Risk is medium because while the changes touch critical security and connection flows, they are simplifying existing behavior rather than introducing new functionality. The phishing detection is being standardized, not removed.

View GitHub Actions results

github-actions[bot] avatar Dec 15 '25 15:12 github-actions[bot]

Quality Gate Passed Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
75.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonarqubecloud[bot] avatar Dec 15 '25 15:12 sonarqubecloud[bot]