fix: should not be able to switch to any non permitted network WIP

[vinnyhoward]

Description

Fixes a bug where the network picker opened from the dapp permissions summary allows the user to switch to a network that is not permitted for that dapp.

What's broken: When a user opens the permissions summary for a connected dapp (browser → account icon → Permissions), there is a tappable network badge on the dapp favicon. Tapping it opens NetworkSelector. The selector is supposed to filter the network list to only show the dapp's permitted networks, but in practice the user can still select a non-permitted network and switch to it.

Partial fix in place in this PR: NetworkSelector already has filtering logic for the MULTI_CHAIN_PERMISSIONS_SUMMARY source; it reads permittedCaipChainIds from PermissionController and hides networks that aren't permitted. However, this only reflects the last confirmed/committed permission state.

Remaining problem (stale state): MultichainAccountPermissions holds local in-progress state selectedChainIds that is updated when the user submits changes from the "Edit Networks" screen, but PermissionController is only updated when the user taps "Confirm"/"Update". So after a user unchecks a network in "Edit Networks" and returns to the summary screen; but before they confirm the network picker still shows the old stale list of permitted networks from PermissionController, including the one they just deselected. The user can then switch to it.

Open UX question (needs team input before proceeding): There are two viable approaches:

Pass in-progress state: Thread selectedChainIds (local state from MultichainAccountPermissions) through the navigation params to NetworkSelector, so the picker filters by the current in-progress selection rather than the committed PermissionController state.
Disable the badge tap: Hide or disable the network badge tap when there are pending unsaved changes (i.e., when local selectedChainIds differs from committed permissions).

Changelog

CHANGELOG entry: WIP

Related issues

Fixes: https://consensyssoftware.atlassian.net/browse/TMCU-311

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

WIP

Before

WIP

After

WIP

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeNetworkAbstractions, SmokeNetworkExpansion, SmokeMultiChainAPI
• Selected Performance tags: None (no tests recommended)
• Risk Level: medium
• AI Confidence: 80%

click to see 🤖 AI reasoning details

E2E Test Selection:
The changes affect:

• MultichainPermissionsSummary (dApp chain permission summary UI)
• NetworkSelector (network selection bottom sheet)
• networkSelector constants (network configuration/behavior)

These directly impact the network management and chain permission system.

SmokeNetworkAbstractions is required because it covers:

• Network selector UI and enabled/disabled networks
• Chain permission system for dApps
• Network selection bottom sheet

Because the changes involve multichain permissions and likely affect how dApps are granted/revoked access across chains, we must also include:

• SmokeMultiChainAPI (CAIP-25 session creation, wallet_createSession, wallet_getSession, wallet_sessionChanged, revokeSession)
• SmokeNetworkExpansion (multi-chain provider architecture and Solana/EVM simultaneous connections)

Per tag requirements: when changes affect dApp chain permissions or multi-chain selection, also select SmokeNetworkExpansion and SmokeMultiChainAPI. These integrations validate session scope consistency and provider behavior across chains.

No evidence of impact to confirmations, trade, wallet platform, accounts, identity, or snaps flows.

Overall risk is medium: changes touch core user-facing network selection and permission flows but do not modify Engine controllers or low-level transaction logic.

Performance Test Selection:
The changes are limited to network selection UI components and related constants. There is no indication of heavy rendering changes, list virtualization changes, asset loading logic, controller/state performance changes, or app launch/login impact. Therefore, no dedicated performance test suite is required.

View GitHub Actions results

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
15 value mismatches detected (expected — fixture represents an existing user).
View details

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud