feat(deeplinks): add Swap, Rewards, Predict, Earn-musd, Shield, Trending to WHITELISTED_ACTIONS

[baptiste-marchand]

Description

Adds six missing actions to WHITELISTED_ACTIONS in handleUniversalLink.ts so that deeplinks to these features bypass the interstitial modal, consistent with how similar actions (e.g. PERPS, BUY, CARD_ONBOARDING) are already handled.

Actions added (in SUPPORTED_ACTIONS order):

• SWAP — inserted after DAPP, before WC
• REWARDS — inserted after PERPS_ASSET, before BUY
• PREDICT — inserted after REWARDS, before BUY
• TRENDING — inserted after SELL_CRYPTO
• SHIELD — inserted after TRENDING
• EARN_MUSD — inserted after SHIELD

Changelog

CHANGELOG entry:

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
  • Use these power-user SRPs to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production performance metrics
  • See trace() for usage and addToken for an example

For performance guidelines and tooling, see the Performance Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Changes deep link safety/interstitial behavior by allowing additional actions (including swap) to bypass the “Proceed with caution” modal, which could affect user protection flows if mis-scoped. Logic is simple but touches a security-adjacent gate used for all universal links.

Overview
Updates handleUniversalLink to expand WHITELISTED_ACTIONS so deeplinks for Swap, Rewards, Predict, Trending, Shield, and Earn MUSD skip the interstitial modal (while still tracking analytics as a non-interstitial flow).

Adjusts tests accordingly: unit tests now use send as the representative non-whitelisted action for modal/signature scenarios, and the swap deeplink smoke test no longer expects/dismisses the “Proceed with caution” modal.

^{Reviewed by Cursor Bugbot for commit 8112ffc. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit e31feba. Configure here.}

[github-actions]

AI PR Analysis

🚫 Merge safe: false | 🟠 Risk: high

Merge decision: AI analysis did not complete — manual review required before merging.

AI analysis did not complete. Manual review recommended.

View run

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeTrade, SmokeConfirmations, SmokeRamps, SmokePredictions, SmokeWalletPlatform, SmokePerps
• Selected Performance tags: None (no tests recommended)
• Risk Level: medium
• AI Confidence: 88%

click to see 🤖 AI reasoning details

E2E Test Selection:

The changes center on the deep link interstitial modal whitelist in handleUniversalLink.ts:

1. SWAP added to WHITELISTED_ACTIONS: Swap deep links now bypass the "Proceed with caution" interstitial modal. The E2E test swap-deeplink-smoke.spec.ts is updated to remove modal interaction steps, confirming this behavioral change. This directly affects SmokeTrade (swap deep link flows) and requires SmokeConfirmations per tag dependency rules.

2. REWARDS, PREDICT, TRENDING, SHIELD, EARN_MUSD added to WHITELISTED_ACTIONS: These new entries mean deep links to these features also bypass the interstitial modal. This affects:

   • SmokePredictions (PREDICT deep links) → also requires SmokeWalletPlatform + SmokeConfirmations per tag rules
   • SmokeWalletPlatform (TRENDING deep links)
   • SmokePerps (REWARDS/EARN_MUSD are earn-related, PERPS already whitelisted)
   • SmokeRamps (BUY/SELL already whitelisted, but the overall deep link routing logic is touched)

3. Unit test changes: Tests for modal display behavior switched from SWAP to SEND as the test action, confirming SWAP is now whitelisted and no longer triggers the modal.

The risk is medium because:

• The whitelist change is a behavioral change to deep link routing (security-adjacent: bypassing a warning modal)
• Multiple feature areas are affected by the new whitelisted actions
• The E2E test already reflects the new behavior, so the test suite needs to validate the updated flow works end-to-end
• No core Engine/controller changes, no navigation infrastructure changes

Performance Test Selection:
The changes are limited to deep link routing logic (whitelist array additions) and E2E test updates. There are no UI rendering changes, no state management changes, no component changes, and no data loading changes that would impact app performance metrics. The whitelist check is a simple array lookup with negligible performance impact.

View GitHub Actions results

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
12 value mismatches detected (expected — fixture represents an existing user).
View details

[Cal-L]

Platform LGTM