feat(card): add MMM_CARD origin for Card delegation transactions

[rarquevaux]

Description

Card delegation transactions currently use the generic TransactionTypes.MMM ('MetaMask Mobile') origin, making them indistinguishable from other internal transactions in analytics and debugging.

This PR introduces a dedicated MMM_CARD origin ('MetaMask Mobile Card') and threads it through all internal-origin checks so Card delegation transactions are identifiable while preserving identical runtime behavior:

• Added MMM_CARD: 'MetaMask Mobile Card' to TransactionTypes
• Added MMM_CARD to both INTERNAL_ORIGINS arrays (constants/transaction.ts and Permissions/index.ts)
• Extended the onUnapprovedTransaction guard to also early-return for MMM_CARD
• Updated useCardDelegation to emit MMM_CARD instead of MMM

Changelog

CHANGELOG entry: null

Related issues

Fixes:

Manual testing steps

Screenshots/Recordings

Before

N/A

After

N/A

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Low Risk
Low risk: this is a new origin constant threaded through internal-origin allowlists and a guard in onUnapprovedTransaction, with tests updated; transaction execution logic is unchanged aside from labeling.

Overview
Introduces a dedicated internal transaction origin TransactionTypes.MMM_CARD ("MetaMask Mobile Card") so Card delegation approval transactions are distinguishable from generic MMM transactions.

Threads MMM_CARD through internal-origin handling by (1) emitting it from useCardDelegation when submitting the approval transaction, (2) treating it as an internal origin in constants/transaction.ts and Permissions/index.ts, and (3) extending the onUnapprovedTransaction early-return guard to skip auto-sign processing for this origin, with matching test updates.

^{Written by Cursor Bugbot for commit 558aba5. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[rarquevaux]

Analytics note: dapp_host_name in transaction metrics (app/core/Engine/controllers/transaction-controller/metrics_properties/base.ts line 40) will now emit 'MetaMask Mobile Card' instead of 'MetaMask Mobile' for Card delegation transactions. If any dashboards or analytics filters rely on this value, they will need updating.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeConfirmations, SmokeNetworkAbstractions, SmokeNetworkExpansion, SmokeMultiChainAPI, SmokeTrade, SmokePerps, SmokePredictions, SmokeCard, SmokeWalletPlatform
• Selected Performance tags: None (no tests recommended)
• Risk Level: high
• AI Confidence: 70%

click to see 🤖 AI reasoning details

E2E Test Selection:
Core transaction and permission logic was modified (app/core/TransactionTypes.js and app/core/Permissions/index.ts), which directly impacts transaction classification, confirmation flows, dApp permission handling, and potentially multi-chain session behavior. Changes in onUnapprovedTransaction.ts indicate navigation and handling of pending/unapproved transactions, tightly coupled with the confirmation system.

Because transaction types underpin native transfers, token approvals, swaps, staking, perps deposits, predictions positions, and card funding (swap-based), SmokeConfirmations must run along with all features that rely on on-chain transactions (SmokeTrade, SmokePerps, SmokePredictions, SmokeCard).

Changes to Permissions/index.ts may affect chain permissions, dApp session handling, and multi-chain scope management; therefore SmokeNetworkAbstractions, SmokeNetworkExpansion, and SmokeMultiChainAPI are required to validate permission flows and provider behavior.

Per tag dependency rules:

• SmokeTrade requires SmokeConfirmations ✅
• SmokePerps requires SmokeWalletPlatform and SmokeConfirmations ✅
• SmokePredictions requires SmokeWalletPlatform and SmokeConfirmations ✅
• SmokeCard requires SmokeTrade and SmokeConfirmations ✅
• SmokeMultiChainAPI requires SmokeNetworkAbstractions and SmokeNetworkExpansion ✅

SmokeWalletPlatform is included because transaction history, provider events, and Trending-integrated sections (Perps/Predictions) may be indirectly affected by transaction type or permission logic.

Given the centrality of transaction and permission layers, this is high risk for user-critical flows.

Performance Test Selection:
The changes are focused on transaction typing, permission logic, and navigation handling rather than rendering, list performance, startup time, or heavy data-loading paths. No UI rendering components, large lists, Engine initialization, or asset loading logic were modified, so no dedicated performance tests are required.

View GitHub Actions results

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
16 value mismatches detected (expected — fixture represents an existing user).
View details

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud