feat(ramps): add custom action order handling for external checkout flows

[georgeweiler]

Description

1. Integrates new ramps-controller API for custom-action flows (e.g., PayPal) removes Redux-based custom ID tracking.

2. Simplifies ramps-controller state hydration system into a single init call on app start up.

What changed:

• BuildQuote — Uses getBuyWidgetData instead of getWidgetUrl. For isCustomAction quotes, calls addPrecreatedOrder before opening external browser (InAppBrowser or Linking.openURL) and passes orderId to Checkout for WebView flows.
• Checkout — Uses addPrecreatedOrder instead of Redux addFiatCustomIdData. Supports both orderId and customOrderId for backwards compatibility.
• Hooks — useRampsOrders exposes addPrecreatedOrder and AddPrecreatedOrderParams; useRampsQuotes uses getBuyWidgetData returning Promise<BuyWidget | null>; useRampsController exposes both.
• Provider/payment filtering — PaymentSelectionModal and ProviderSelection filter out isCustomAction quotes where appropriate.

What stays untouched: Non-custom-action flows (standard WebView checkout) unchanged. Existing ramps navigation and token selection preserved.

Dependencies: Requires MetaMask/core#8100 for the new controller API.

Changelog

CHANGELOG entry: Adds support for ramps providers such as PayPal, Robinhood & Coinbase that use a different checkout browser

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Changes the BuildQuote continue flow to support external-browser widget checkouts with precreated order tracking and post-auth callback handling, which can affect buy navigation and order state. Mostly scoped to ramps UI/controller integration with expanded test coverage, but touches user-facing purchase flow and deep-link/callback paths.

Overview
Updates the ramps BuildQuote flow to use the new controller API getBuyWidgetData (replacing getWidgetUrl) and to support widget providers that require external checkout. When external browser checkout is used, it now pre-creates an order via addPrecreatedOrder, opens the widget via InAppBrowser.openAuth (or Linking.openURL fallback), parses the callback to fetch/add the resulting order, and resets navigation either back to BuildQuote or into RAMPS_ORDER_DETAILS.

Refactors amount entry handling into a shared updateAmount path and consolidates user-facing errors under rampsError using reportRampsError. Bootstrap is adjusted to run useRampsProviders on mount (replacing useHydrateRampsController), and tests are heavily rewritten/updated to cover the new routing, error, and callback/order-handling behavior.

^{Written by Cursor Bugbot for commit 10e9092. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​metamask/​ramps-controller@​10.2.0 ⏵ 12.0.0			+1	+1

View full report

[georgeweiler]

[georgeweiler]

[georgeweiler]

@cursoragent please fix the ramp bootstrap test

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

[cursor]

Exported isBailedOrderStatus only used internally in BuildQuote

Low Severity

isBailedOrderStatus and BAILED_ORDER_STATUSES are defined at module scope and exported, but grep shows they are only referenced within BuildQuote.tsx itself. The function and the Set constant are better placed in a utility file (e.g., alongside extractOrderCode or rampsNavigation) or kept unexported, since mixing domain utility logic with a React component's module top-level scope reduces cohesion and readability.

Additional Locations (1)

• app/components/UI/Ramp/Views/BuildQuote/BuildQuote.tsx#L81-L86

 

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeAccounts, SmokeConfirmations, SmokeIdentity, SmokeNetworkAbstractions, SmokeNetworkExpansion, SmokeTrade, SmokeWalletPlatform, SmokeCard, SmokePerps, SmokeRamps, SmokeMultiChainAPI, SmokePredictions, FlaskBuildTests
• Selected Performance tags: @PerformanceAccountList, @PerformanceOnboarding, @PerformanceLogin, @PerformanceSwaps, @PerformanceLaunch, @PerformanceAssetLoading, @PerformancePredict, @PerformancePreps
• Risk Level: high
• AI Confidence: 100%

click to see 🤖 AI reasoning details

E2E Test Selection:
Hard rule (controller-version-update): @MetaMask controller package version updated in package.json: @metamask/ramps-controller. Running all tests.

Performance Test Selection:
Hard rule (controller-version-update): @MetaMask controller package version updated in package.json: @metamask/ramps-controller. Running all tests.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
81.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
16 value mismatches detected (expected — fixture represents an existing user).
View details