fix: redact SDK related URLs

[wenfix]

Description

• Redact sensitive data from SDKConnectV2 / MWP debug and error logs
• Add redactUrl utility to strip query/fragment params from deeplink URLs before logging
• Reduce message payload logging to method + id metadata only

Changelog

CHANGELOG entry:

Related issues

Fixes: WAPI-1117

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Low Risk
Low risk: changes are limited to logging/error messages in SDKConnectV2, with minimal behavioral impact aside from altered log output and one test expectation.

Overview
Prevents sensitive SDKConnectV2/MWP connection parameters from being written to logs by introducing redactUrl() and using it when throwing/logging deeplink handling errors.

Reduces verbosity of connection message logging by logging only JSON-RPC method and id (instead of full payloads), and adjusts connect-deeplink success logging to avoid dumping full ConnectionInfo. Updates the handleMwpDeeplink non-string URL test to expect the new redacted/invalid URL message.

^{Written by Cursor Bugbot for commit dd3a3d0. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: None (no tests recommended)
• Selected Performance tags: None (no tests recommended)
• Risk Level: low
• AI Confidence: 85%

click to see 🤖 AI reasoning details

E2E Test Selection:
The changes are purely security/privacy improvements to logging in the SDKConnectV2 module:

1. logger.ts: Added redactUrl() function to redact sensitive URL parameters (channel ID, public key) from logs
2. connection-registry.ts: Uses redactUrl() in error messages and debug logs, logs only connInfo?.id instead of full object
3. connection.ts: Logs only method and id fields from message payloads instead of full payloads
4. connection-registry.test.ts: Updated test expectation to match new redacted URL format

These changes:

• Do NOT affect any functional behavior of SDK connections
• Do NOT change any public APIs
• Are purely defensive logging improvements to prevent sensitive data leakage
• Have corresponding unit test updates

The SDKConnectV2 module handles SDK deeplink connections (MWP protocol), but the E2E smoke tests focus on browser-based dApp connections rather than SDK deeplink flows. There are no Detox E2E tests that specifically test SDK deeplink functionality.

Since no functional behavior is changed and the unit tests are updated, no E2E tests are required to validate these logging-only changes.

Performance Test Selection:
These changes are purely logging modifications that redact sensitive data from log output. They do not affect any runtime performance characteristics - no changes to connection establishment, message processing, UI rendering, or data loading. The changes only modify what gets logged, not how the SDK connections work.

View GitHub Actions results

[wenfix]

we could obfuscate parameter values here (in case they exist) instead of omitting them, which might facilitate debugging. thoughts?

[ffmcgee725]

I'm more akin to omitting. Less code to manage, and one less layer of possible exposure if someone forgets to properly obfuscate a newly passed param for some reason.