Conversation
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> [](https://codespaces.new/MetaMask/metamask-extension/pull/39889?quickstart=1) ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> [](https://codespaces.new/MetaMask/metamask-extension/pull/39895?quickstart=1) ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Touches perps order submission and TP/SL update paths and introduces optimistic stream override logic; mistakes could cause incorrect UI state or wrong parameters being sent to the controller. > > **Overview** > Improves perps TP/SL UX by replacing the auto-close unit toggle/read-only gain-loss display with **bidirectional price/percent inputs** plus preset % buttons, using `entryPrice` (when modifying a position) for accurate calculations and adding new i18n strings for labels/actions. > > Extends the perps market detail position card with an **expandable Auto Close editor** that saves TP/SL via `updatePositionTPSL`, immediately reflects changes by pushing data into the stream with **optimistic TP/SL overrides**, and refetches on tab visibility as a safety net. > > Hardens order/position flows by cleaning comma-formatted numeric strings before API calls, preventing form resets caused by streaming object churn, and adding a pending-order state that disables the order form until the new position appears in the live stream (with timeout fallback). > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit c70e20b. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> [](https://codespaces.new/MetaMask/metamask-extension/pull/39951?quickstart=1) ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Introduces new margin-adjustment UI that calls `perps-controller` to update position margin and pushes fresh positions into the stream; incorrect calculation/validation could lead to confusing or risky UX (though core trading logic remains in the controller). > > **Overview** > Adds a new **Perps “Edit Margin” expandable** on the market detail page, letting users switch between *Add*/*Remove* margin, enter an amount (with presets), see updated liquidation price/distance, and submit changes via `controller.updateMargin` (refreshing positions in the stream and showing errors/risk warnings). > > Introduces `usePerpsMarginCalculations` + `marginUtils` to compute max addable/removable amounts, projected liquidation metrics, and removal risk levels (mirroring controller config thresholds), and wires new i18n strings for the margin UI. > > Also tightens related perps UI behavior/tests: margin vs auto-close expanders are mutually exclusive, modify-mode leverage slider now enforces a minimum leverage equal to the existing position, home positions list shows leverage, and several tests/baselines/mocks are updated (including removing noisy console logs). > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 54b61b2. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Nick Gambino <gambinish@users.noreply.github.com>
…k/metamask-extension into perps/poc-controller-integration
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> [](https://codespaces.new/MetaMask/metamask-extension/pull/39962?quickstart=1) ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> [](https://codespaces.new/MetaMask/metamask-extension/pull/39971?quickstart=1) ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Touches the perps market detail page with new live price subscription logic and a 1s interval timer, which could affect rendering/performance or cleanup behavior if mismanaged; otherwise changes are primarily UI/formatting. > > **Overview** > Improves the perps market detail UI by adding **info tooltips** for Funding Rate and Open Interest, plus a new **Oracle Price** row populated from a live `subscribeToPrices` stream update. > > Adds a per-second UTC **funding countdown** shown alongside the funding rate, and polishes formatting/styling: available balance now displays the numeric value, ROE uses percent formatting, size/margin values are reformatted, and CTA button variants/styles are adjusted (swap primary/secondary and remove custom long/short coloring). > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 36d3d81. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> [](https://codespaces.new/MetaMask/metamask-extension/pull/39972?quickstart=1) ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> [](https://codespaces.new/MetaMask/metamask-extension/pull/39999?quickstart=1) ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
|
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Caution MetaMask internal reviewing guidelines:
|
✨ Files requiring CODEOWNER review ✨👨🔧 @MetaMask/extension-platform (1 files, +34 -0)
🕵️ @MetaMask/extension-privacy-reviewers (1 files, +1 -0)
👨🔧 @MetaMask/perps (4 files, +901 -0)
📜 @MetaMask/policy-reviewers (8 files, +1700 -0)
Tip Follow the policy review process outlined in the LavaMoat Policy Review Process doc before expecting an approval from Policy Reviewers. 🧪 @MetaMask/qa (1 files, +34 -0)
|
Builds ready [8d3560a]
⚡ Performance Benchmarks
🌐 Dapp Page Load BenchmarksCurrent Commit: 📄 Localhost MetaMask Test DappSamples: 100 Summary
📈 Detailed Results
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
Builds ready [5530f02]
⚡ Performance Benchmarks
🌐 Dapp Page Load BenchmarksCurrent Commit: 📄 Localhost MetaMask Test DappSamples: 100 Summary
📈 Detailed Results
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
Builds ready [143ed9f]
⚡ Performance Benchmarks
Dapp page load benchmarks: data not available. Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
|
I don't think we can merge this as-is. The amount of code we're adding here is enormous, in large part due to the bizarre architectural choices made. And the bundle size has increased a huge amount (the common bundle is 23% larger, which will slow down page load). Please revise this to be structured more similarly to our other features, with a clearer separation between the UI and the background (so that the UI bundle doesn't end up with this massive size increase) |
) ## Description This PR implements **Path 2** from the streaming architecture discussion: move WebSocket ownership from the UI to the background process, eliminating the dual-controller problem flagged in [#40078](#40078). ### The Problem (from #40078 review) The current architecture creates two `PerpsController` instances — one in the background and one in the UI — resulting in: - Two independent WebSocket connections to HyperLiquid - Split controller authority / two state machines - Risk of race conditions and data inconsistency ### Path 2: Custom JSON-RPC Notification Channel Background subscribes to HyperLiquid WebSocket via `PerpsController`, then emits `perpsStreamUpdate` notifications over the existing `outStream` connection. The UI handles them alongside `sendUpdate` in `ui/index.js`. ``` Background PerpsController (WebSocket owner) → subscribeToPositions/Orders/Account/Prices/OrderBook/Candles → emitPerpsUpdate(channel, data) → outStream.write({ method: 'perpsStreamUpdate' }) ↓ (only when perpsSubscriberCount > 0) UI ui/index.js onNotification → getPerpsStreamManager().handleBackgroundUpdate({ channel, data }) ↓ PerpsDataChannel.pushData() → React subscribers (direct, no Redux, no debounce) ``` ### What Changed | Area | Change | |---|---| | `metamask-controller.js` | Subscribe background controller to all 6 channels on connection setup; emit `perpsStreamUpdate` notifications; track per-connection subscriber count via `perpsSubscriberChange` | | `ui/index.js` | Route `perpsStreamUpdate` → `PerpsStreamManager.handleBackgroundUpdate()` | | `getPerpsController.ts` | **Remove UI `PerpsController` instantiation entirely** — no `new PerpsController()`, no messenger, no streaming controller | | `createPerpsControllerFacade.ts` | Remove all streaming methods; all operations delegate to background | | `PerpsStreamManager.ts` | Add `prices`/`orderBook` channels; `handleBackgroundUpdate()` for all 6 channels; initial REST `connectFn` for positions/orders/account; eager cache clear on account switch | | `CandleStreamChannel.ts` | Add `pushFromBackground()` | | `usePerpsLivePrices` / `usePerpsLiveOrderBook` | Migrate from direct controller subscribe → `usePerpsChannel` pattern | | `usePerpsStreamManager` | Clear caches synchronously on account switch to prevent stale-data flash | ### Key Properties - **No Redux overhead** for high-frequency data (prices, orderBook, candles) - **No debounce** — data reaches React components directly via `PerpsDataChannel.pushData()` - **Component-scoped**: only UI connections with `perpsSubscriberCount > 0` receive stream data - **Single WebSocket**: one connection per HyperLiquid endpoint, owned by background - **Cache preserved** across navigation; cleared on account switch ### Tests 193 tests passing across 12 suites. All perps provider and hook tests updated to match new architecture. ## Changelog CHANGELOG entry: null ## Related - Base PR: #40078 (PerpsController integration) - Architecture discussion: Path 2 from streaming ownership thread --------- Co-authored-by: Nicholas Gambino <nicholas.gambino@consensys.net>
Builds ready [30bd5e1]
⚡ Performance Benchmarks
🌐 Dapp Page Load BenchmarksCurrent Commit: 📄 Localhost MetaMask Test DappSamples: 100 Summary
📈 Detailed Results
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
Builds ready [7088a27]
⚡ Performance Benchmarks
🌐 Dapp Page Load BenchmarksCurrent Commit: 📄 Localhost MetaMask Test DappSamples: 100 Summary
📈 Detailed Results
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
Builds ready [810ffe2]
⚡ Performance Benchmarks
🌐 Dapp Page Load BenchmarksCurrent Commit: 📄 Localhost MetaMask Test DappSamples: 100 Summary
📈 Detailed Results
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
…ect submitRequestToBackground calls and wire fills through PerpsStreamBridge
Builds ready [ea536b7]
⚡ Performance Benchmarks
🌐 Dapp Page Load BenchmarksCurrent Commit: 📄 Localhost MetaMask Test DappSamples: 100 Summary
📈 Detailed Results
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
|
Builds ready [2793e4c]
⚡ Performance Benchmarks
🌐 Dapp Page Load BenchmarksCurrent Commit: 📄 Localhost MetaMask Test DappSamples: 100 Summary
📈 Detailed Results
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
| msgParams, | ||
| SignTypedDataVersion.V4, | ||
| ); | ||
| }, |
There was a problem hiding this comment.
Unguarded signing bypasses user approval flow
High Severity
perpsSignTypedData directly calls KeyringController:signTypedMessage without any user approval, input validation, or confirmation dialog. This bypasses the standard SignatureController approval flow that all other typed-data signing operations use. The method accepts arbitrary msgParams with no validation that the data is actually a Perps trade operation, creating an unguarded EIP-712 signing surface accessible to any code running in the UI context.
](https://codespaces.new/MetaMask/metamask-extension/pull/39889?quickstart=1){kind=link}
](https://codespaces.new/MetaMask/metamask-extension/pull/39895?quickstart=1){kind=link}
](https://codespaces.new/MetaMask/metamask-extension/pull/39951?quickstart=1){kind=link}
](https://codespaces.new/MetaMask/metamask-extension/pull/39962?quickstart=1){kind=link}
](https://codespaces.new/MetaMask/metamask-extension/pull/39971?quickstart=1){kind=link}
](https://codespaces.new/MetaMask/metamask-extension/pull/39972?quickstart=1){kind=link}
](https://codespaces.new/MetaMask/metamask-extension/pull/39999?quickstart=1){kind=link}
| } | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
Bridge destroy doesn't reset state causing potential double-unsub
Low Severity
destroy() calls all unsub functions but never clears #staticUnsubs, #dynamicUnsubs, or resets #activated. After destruction, isActive can still return true, and if activateStreaming() is called, #replaceSubscription will invoke already-called unsub functions from #dynamicUnsubs without try-catch protection, risking an unhandled exception.
Additional Locations (1)
4 participants
Description
Summary
This PR integrates the @metamask/perps-controller package into MetaMask Extension, establishing the foundational controller layer for perpetual futures trading functionality. This branch began from a larger feature branch that included both controller integration and UI components - we've decoupled the UI in a separate downstream PR to unblock merging while using a preview package dependency.
The UI PR should go in before this one: #40076
Background
Originally developed as a comprehensive feature branch as a PoC, it included both backend controller integration and frontend UI. This quickly became bloated and difficult to manage, and was blocked to merge due to a preview-package dependency. This PR has been scoped down to focus on controller integration only.
The main blocker for merging was the dependency on a preview package (@metamask/perps-controller@0.0.0-preview-e4aa1532) which cannot be merged into main.
Core Controller Setup:
Dependencies:
Architecture Notes
The PerpsController runs in the background to integrate with the messenger API for cross controller communication. Websocket streams are handled in the UI.
Migration Path
To use production package when ready:
Update package.json:
"dependencies": {
"@metamask/perps-controller": "^1.0.0" // Replace preview version
}
Remove previewBuilds section in package.json
Run yarn install and regenerate LavaMoat policies
When integrating the real @metamask/perps-controller we'll also need to remove aliases to the mock services:
Related Branches
Changelog
CHANGELOG entry: Integrate Perps Controller
Related issues
Fixes:
Manual testing steps
Screenshots/Recordings
Before
After
Pre-merge author checklist
Pre-merge reviewer checklist
Note
High Risk
Adds a new background controller that can initiate trading actions and typed-data signing, plus a new streaming channel into UI connections; mistakes here could affect signing safety, background stability, or data pushed to the UI. It also changes build/test/LavaMoat configuration to allow new ESM dependency trees, which can introduce bundling or policy regressions.
Overview
Integrates
@metamask/perps-controllerinto modular controller init (newPerpsControllerInit, messenger wiring, controller/state typing updates) and adds extension-specific platform dependencies viacreatePerpsInfrastructure, including a geoblock fallback parsed fromMM_PERPS_BLOCKED_REGIONS.Extends
metamask-controllerto expose Perps background RPC methods, addperpsSignTypedData(EIP-712 v4), and introduce a per-UI-connectionPerpsStreamBridgethat emitsperpsStreamUpdatemessages and manages static/dynamic subscription lifecycles.Removes local mocks/aliases for the perps controller and updates Jest/webpack tooling to transpile/handle new ESM dependencies; adds/updates LavaMoat policies and test nocks for geolocation endpoints.
Written by Cursor Bugbot for commit 2793e4c. This will update automatically on new commits. Configure here.