feat: add account ordering to Multichain API

[jiexi]

Description

Adds ordering to the accounts property in the wallet_getSession response, wallet_createSession response, and wallet_sessionChanged event. Accounts are now ordered by most recently used (lastSelected)

This is needed as pre-req work to getting rid of ecosystem specific (solana, tron, other multichain) metamask_accountsChanged events.

Changelog

CHANGELOG entry: null

Not end user facing.

Related issues

Core: MetaMask/core#8255

Manual testing steps

1. Visit https://metamask.github.io/test-dapp-multichain/latest/
2. Connect 3 accounts (easiest to only connect one network at time for validation)
3. Change the active account via the wallet UI
4. Note each time you change that the account list reorders in the dapp
5. Check the wallet_sessionChanged events too for ordering
6. Refresh
7. The account order should still be the same as before refreshing
8. Revoke the session
9. Connect the same 3 accounts again to the same network
10. The account order should still be the same as before revoking

Screenshots/Recordings

Before

After

Screen.Recording.2026-03-26.at.10.33.36.AM.mov

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Touches Multichain API session notifications and adds a delayed wallet_sessionChanged broadcast, which could affect dapp session state timing/order. Dependency bumps to @metamask/multichain-api-middleware and @metamask/chain-agnostic-permission may introduce behavior changes in session scope shaping.

Overview
Adds deterministic ordering to Multichain API session accounts by sorting CAIP account IDs using each address’s lastSelected rank, and wires this sorter into getSessionScopes for wallet_getSession, wallet_createSession, and wallet_sessionChanged.

Also triggers a wallet_sessionChanged notification to all authorized origins on selectedAccountGroupChange (currently via a temporary 1s setTimeout workaround), with new/updated unit tests covering both the sorting behavior and the broadcast.

^{Written by Cursor Bugbot for commit 28e58b8. This will update automatically on new commits. Configure here.}

[adonesky1]

MetaMask/core#8261 is merged but we will need to wait until its released (supposed happening this Friday 3/27/26)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​metamask/​multichain-api-middleware@​1.2.7 ⏵ 2.0.0			+1
	@​metamask/​chain-agnostic-permission@​1.4.0 ⏵ 1.5.0			+1	+1

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

[adonesky1]

LGTM. I agree however that we should switch the wallet-standard package separately to isolate the commit from other unrelated changes in that package

[adonesky1]

right?

Suggested change

	return [...accountIds].sort(
	return accountIds.sort(

[jiexi]

.sort() isn't pure and modifies the array in place.

If we make this change, then i'd prefer to not return anything at all to make it clear that the original array is getting mutated, but that would also require changes to the middleware and permission packages again

[adonesky1]

@metamaskbot update-policies

[jiexi]

@metamaskbot update-policies

[metamaskbot]

Policies updated.
👀 Please review the diff for suspicious new powers.

Tip

Follow the policy review process outlined in the LavaMoat Policy Review Process doc before expecting an approval from Policy Reviewers.
🧠 Learn how to read policy diffs: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff

✅ lavamoat/browserify/beta/policy.json changes match main/policy.json policy changes
✅ lavamoat/browserify/experimental/policy.json changes match main/policy.json policy changes
✅ lavamoat/browserify/flask/policy.json changes match main/policy.json policy changes
✅ lavamoat/webpack/mv2/beta/policy.json changes match mv2/main/policy.json policy changes
✅ lavamoat/webpack/mv2/experimental/policy.json changes match mv2/main/policy.json policy changes
✅ lavamoat/webpack/mv2/flask/policy.json changes match mv2/main/policy.json policy changes
✅ lavamoat/webpack/mv3/beta/policy.json changes match mv3/main/policy.json policy changes
✅ lavamoat/webpack/mv3/experimental/policy.json changes match mv3/main/policy.json policy changes
✅ lavamoat/webpack/mv3/flask/policy.json changes match mv3/main/policy.json policy changes

[metamaskbot]

Policy update failed. You can review the logs or retry the policy update here

[metamaskbotv2]

Builds ready [faf3c5e]

• builds: chrome, firefox
• builds (beta): chrome, firefox
• builds (flask): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• webpack builds: chrome, firefox
• webpack builds (beta): chrome, firefox
• webpack builds (flask): chrome, firefox
• webpack builds (test): chrome, firefox
• webpack builds (test-flask): chrome, firefox
• bundle size: Bundle Size Stats
• interaction-benchmark: Interaction Stats
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21
  • ui: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21
  • content-script: 0
  • offscreen: 0

⚡ Performance Benchmarks (Total: 🟢 18 pass · 🟡 0 warn · 🔴 0 fail)

Baseline (latest main): 23eef3f | Date: 8/29/58219 | Pipeline: 23863722062 | Baseline logs

Interaction Benchmarks

Benchmark	chrome-browserify
loadNewAccount	🟢 [Show logs]
confirmTx	🟢 [Show logs]
bridgeUserActions	🟢 [Show logs]

📈 Results compared to the previous 5 runs on main

• ↓ loadNewAccount/load_new_account: -39%
• ↓ loadNewAccount/total: -39%
• ↑ bridgeUserActions/bridge_load_asset_picker: +27%
• ↑ bridgeUserActions/total: +12%

Startup Benchmarks

Benchmark	chrome-browserify	chrome-webpack	firefox-browserify	firefox-webpack
startupStandardHome	🟢 [Show logs]	🟢 [Show logs]	🟢 [Show logs]	🟢 [Show logs]
startupPowerUserHome	🟢 [Show logs]	🟢 [Show logs]	🟢 [Show logs]	🟢 [Show logs]

📈 Results compared to the previous 5 runs on main

• ↓ startupStandardHome/initialActions: -38%
• ↓ startupPowerUserHome/backgroundConnect: -53%
• ↓ startupPowerUserHome/initialActions: -17%
• ↑ startupPowerUserHome/numNetworkReqs: +74%
• ↓ startupPowerUserHome/uiStartup: -10%
• ↓ startupPowerUserHome/firstPaint: -21%
• ↑ startupPowerUserHome/numNetworkReqs: +23%
• ↑ startupStandardHome/domInteractive: +14%
• ↑ startupStandardHome/initialActions: +25%
• ↓ startupStandardHome/setupStore: -11%
• ↑ startupPowerUserHome/domInteractive: +17%
• ↓ startupPowerUserHome/setupStore: -21%
• ↑ startupStandardHome/backgroundConnect: +14%
• ↓ startupStandardHome/initialActions: -29%
• ↑ startupStandardHome/setupStore: +103%

User Journey Benchmarks

Benchmark	chrome-browserify
onboardingImportWallet	🟢 [Show logs]
onboardingNewWallet	🟢 [Show logs]
assetDetails	🟢 [Show logs]
solanaAssetDetails	🟢 [Show logs]
importSrpHome	🟢 [Show logs]
sendTransactions	🟢 [Show logs]
swap	🟢 [Show logs]

📈 Results compared to the previous 5 runs on main

• ↓ onboardingImportWallet/metricsToWalletReadyScreen: -19%
• ↓ onboardingImportWallet/doneButtonToHomeScreen: -76%
• ↑ onboardingImportWallet/openAccountMenuToAccountListLoaded: +57%
• ↓ onboardingImportWallet/total: -38%
• ↓ onboardingNewWallet/agreeButtonToOnboardingSuccess: -20%
• ↓ onboardingNewWallet/doneButtonToAssetList: -30%
• ↓ onboardingNewWallet/total: -24%
• ↑ assetDetails/assetClickToPriceChart: +10%
• ↑ assetDetails/total: +10%
• ↓ solanaAssetDetails/assetClickToPriceChart: -60%
• ↓ solanaAssetDetails/total: -60%
• ↑ importSrpHome/loginToHomeScreen: +19%
• ↓ importSrpHome/homeAfterImportWithNewWallet: -49%
• ↓ importSrpHome/total: -43%
• ↓ swap/openSwapPageFromHome: -84%
• ↑ swap/fetchAndDisplaySwapQuotes: +28%

🌐 Dapp Page Load Benchmarks

Current Commit: faf3c5e | Date: 4/1/2026

📄 Localhost MetaMask Test Dapp

Samples: 100

Summary

• pageLoadTime-> current mean value: 1.03s (±52ms) 🟡 | historical mean value: 1.03s ⬇️ (historical data)
• domContentLoaded-> current mean value: 725ms (±50ms) 🟢 | historical mean value: 727ms ⬇️ (historical data)
• firstContentfulPaint-> current mean value: 84ms (±9ms) 🟢 | historical mean value: 86ms ⬇️ (historical data)

📈 Detailed Results

Metric	Mean	Std Dev	Min	Max	P95	P99
pageLoadTime	1.03s	52ms	1000ms	1.31s	1.12s	1.31s
domContentLoaded	725ms	50ms	695ms	994ms	784ms	994ms
firstPaint	84ms	9ms	64ms	148ms	96ms	148ms
firstContentfulPaint	84ms	9ms	64ms	148ms	96ms	148ms
largestContentfulPaint	0ms	0ms	0ms	0ms	0ms	0ms

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 960 Bytes (0.02%)
• ui: 174 Bytes (0%)
• common: 145 Bytes (0%)

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
94.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[metamaskbotv2]

Builds ready [28e58b8]

• builds: chrome, firefox
• builds (beta): chrome, firefox
• builds (flask): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• webpack builds: chrome, firefox
• webpack builds (beta): chrome, firefox
• webpack builds (flask): chrome, firefox
• webpack builds (test): chrome, firefox
• webpack builds (test-flask): chrome, firefox
• bundle size: Bundle Size Stats
• interaction-benchmark: Interaction Stats
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21
  • ui: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21
  • content-script: 0
  • offscreen: 0

⚡ Performance Benchmarks (Total: 🟢 18 pass · 🟡 0 warn · 🔴 0 fail)

Baseline (latest main): 084a8a9 | Date: 9/20/58219 | Pipeline: 23865721292 | Baseline logs

Interaction Benchmarks

Benchmark	chrome-browserify
loadNewAccount	🟢 [Show logs]
confirmTx	🟢 [Show logs]
bridgeUserActions	🟢 [Show logs]

📈 Results compared to the previous 5 runs on main

• ↓ loadNewAccount/load_new_account: -56%
• ↓ loadNewAccount/total: -56%
• ↑ bridgeUserActions/bridge_load_asset_picker: +15%
• ↓ bridgeUserActions/bridge_search_token: -15%
• ↑ bridgeUserActions/total: +14%

Startup Benchmarks

Benchmark	chrome-browserify	chrome-webpack	firefox-browserify	firefox-webpack
startupStandardHome	🟢 [Show logs]	🟢 [Show logs]	🟢 [Show logs]	🟢 [Show logs]
startupPowerUserHome	🟢 [Show logs]	🟢 [Show logs]	🟢 [Show logs]	🟢 [Show logs]

📈 Results compared to the previous 5 runs on main

• ↓ startupStandardHome/initialActions: -29%
• ↓ startupPowerUserHome/backgroundConnect: -29%
• ↓ startupPowerUserHome/initialActions: -17%
• ↑ startupPowerUserHome/numNetworkReqs: +44%
• ↓ startupStandardHome/firstPaint: -18%
• ↓ startupPowerUserHome/numNetworkReqs: -17%
• ↑ startupStandardHome/initialActions: +25%
• ↑ startupPowerUserHome/setupStore: +36%
• ↓ startupStandardHome/initialActions: -38%
• ↓ startupStandardHome/setupStore: -20%
• ↓ startupPowerUserHome/domInteractive: -11%
• ↑ startupPowerUserHome/backgroundConnect: +14%
• ↓ startupPowerUserHome/setupStore: -20%

User Journey Benchmarks

Benchmark	chrome-browserify
onboardingImportWallet	🟢 [Show logs]
onboardingNewWallet	🟢 [Show logs]
assetDetails	🟢 [Show logs]
solanaAssetDetails	🟢 [Show logs]
importSrpHome	🟢 [Show logs]
sendTransactions	🟢 [Show logs]
swap	🟢 [Show logs]

📈 Results compared to the previous 5 runs on main

• ↓ onboardingImportWallet/metricsToWalletReadyScreen: -12%
• ↓ onboardingImportWallet/doneButtonToHomeScreen: -76%
• ↑ onboardingImportWallet/openAccountMenuToAccountListLoaded: +43%
• ↓ onboardingImportWallet/total: -40%
• ↑ onboardingNewWallet/agreeButtonToOnboardingSuccess: +12%
• ↓ onboardingNewWallet/doneButtonToAssetList: -23%
• ↓ onboardingNewWallet/total: -18%
• ↓ assetDetails/assetClickToPriceChart: -15%
• ↓ assetDetails/total: -15%
• ↓ solanaAssetDetails/assetClickToPriceChart: -63%
• ↓ solanaAssetDetails/total: -63%
• ↑ importSrpHome/loginToHomeScreen: +14%
• ↓ importSrpHome/openAccountMenuAfterLogin: -22%
• ↓ importSrpHome/homeAfterImportWithNewWallet: -44%
• ↓ importSrpHome/total: -38%
• ↓ swap/openSwapPageFromHome: -85%
• ↑ swap/fetchAndDisplaySwapQuotes: +28%

🌐 Dapp Page Load Benchmarks

Current Commit: 28e58b8 | Date: 4/1/2026

📄 Localhost MetaMask Test Dapp

Samples: 100

Summary

• pageLoadTime-> current mean value: 1.01s (±71ms) 🟡 | historical mean value: 1.03s ⬇️ (historical data)
• domContentLoaded-> current mean value: 713ms (±69ms) 🟢 | historical mean value: 726ms ⬇️ (historical data)
• firstContentfulPaint-> current mean value: 83ms (±11ms) 🟢 | historical mean value: 86ms ⬇️ (historical data)

📈 Detailed Results

Metric	Mean	Std Dev	Min	Max	P95	P99
pageLoadTime	1.01s	71ms	964ms	1.29s	1.24s	1.29s
domContentLoaded	713ms	69ms	674ms	983ms	918ms	983ms
firstPaint	83ms	11ms	68ms	172ms	100ms	172ms
firstContentfulPaint	83ms	11ms	68ms	172ms	100ms	172ms
largestContentfulPaint	0ms	0ms	0ms	0ms	0ms	0ms

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 960 Bytes (0.02%)
• ui: 5 Bytes (0%)
• common: 145 Bytes (0%)

[wenfix]

LGTM