feat: add Solana Wallet Standard to in-app browser

[baptiste-marchand]

Description

This PR adds Solana Wallet Standard to the in-app browser.

Related issues

Extension PR: MetaMask/metamask-extension#31705

Manual testing steps

1. Run a flask build
   a. yarn setup:flask && yarn start:ios:flask
   b. yarn watch, then press i and open MetaMask Flask
2. Navigate to https://metamask.github.io/test-dapp-solana/latest/
3. Connect with MetaMask

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I’ve followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[baptiste-marchand]

I have read the CLA Document and I hereby sign the CLA

[Copilot]

Pull Request Overview

This PR integrates Solana Wallet Standard support into the in-app browser by extending the inpage bridge, background engine, and UI layers to handle non-EVM (CAIP-based) networks and accounts.

• Adds a new Solana Wallet Standard injector and dependencies to the inpage bridge
• Extends engine and selectors to include non-EVM network configurations and permissions
• Updates UI components (BrowserTab and AccountConnect) and tests to display CAIP account addresses and handle EIP-1193 request metadata

Reviewed Changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
scripts/inpage-bridge/src/solanaWalletStandard.js	New injector for Solana Wallet Standard in the inpage bridge
scripts/inpage-bridge/src/index.js	Calls the new Solana injector when provider shouldInject
package.json	Adds @metamask/multichain-api-client and Solana standard deps
scripts/inpage-bridge/src/provider.js	Minor whitespace removal
e2e/specs/multichain/permissions/chains/permission-system-initial-connection.spec.js	Adds a test step for “Select All Networks”
app/selectors/networkController.ts	Extends selector to merge non-EVM network configurations
app/core/mocks/MockedEngine.ts	Mocks multichain network controller state
app/core/Permissions/specifications.js	Updates caveat type signatures for non-EVM functions
app/core/Permissions/index.ts	Hooks into MultichainNetworkController state for permissions
app/core/Engine/types.ts	Registers new MultichainRouterActions
app/core/Engine/controllers/multichain-router/constants.ts	Defines router event constants
app/core/Engine/Engine.ts	Configures and instantiates MultichainRouter
app/core/BackgroundBridge/BackgroundBridge.js & .test.js	Passes isEip1193Request metadata and fixes messenger binding
app/components/Views/BrowserTab/BrowserTab.tsx	Renders CAIP account addresses instead of EVM hex addresses
app/components/Views/AccountConnect/AccountConnect.types.ts	Adds optional isEip1193Request metadata to route params
app/components/Views/AccountConnect/AccountConnect.tsx & .test.tsx	Implements EIP-1193 fallback and memoized network avatars

Comments suppressed due to low confidence (4)

scripts/inpage-bridge/src/solanaWalletStandard.js:14

• Solana injector file mixes CommonJS require with ES module export default. Consider using a consistent module system (either convert to import/export or use module.exports) to avoid bundler/runtime issues.

export default injectSolanaWalletStandard;

e2e/specs/multichain/permissions/chains/permission-system-initial-connection.spec.js:63

• The test calls tapSelectAllNetworksButton but there’s no import or definition for this helper in ConnectedAccountsModal. Ensure the method exists and is implemented, or update the test to match available UI actions.

await ConnectedAccountsModal.tapSelectAllNetworksButton();

app/components/Views/BrowserTab/BrowserTab.tsx:1407

• The connectedAccounts prop now only receives non-EVM CAIP addresses, dropping EVM hex accounts. Consider merging both permittedEvmAccountsList and permittedCaipAccountAddressesList so users still see EVM accounts in the browser UI.

connectedAccounts={permittedCaipAccountAddressesList}

app/core/Permissions/specifications.js:55

• [nitpick] The return type for isNonEvmScopeSupported was widened to Json | unknown, reducing type safety. If possible, replace unknown with a more specific boolean or typed union to improve maintainability.

* isNonEvmScopeSupported: (scope: import('@metamask/chain-agnostic-permission').InternalScopeString) => import('@metamask/utils').Json | unknown

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​solana/​wallet-standard-chains@​1.1.1
	npm/​@​solana/​wallet-standard-features@​1.3.0
	npm/​@​wallet-standard/​wallet@​1.1.0
	npm/​@​wallet-standard/​base@​1.1.0
	npm/​@​wallet-standard/​features@​1.1.0
	npm/​@​metamask/​solana-wallet-standard@​0.4.1
	npm/​@​metamask/​multichain-api-client@​0.6.1

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Block		npm/@solana/wallet-standard-chains@1.1.1 has a New author. New Author: solana-devs Previous Author: jordansexton From: yarn.lock → npm/@solana/wallet-standard-chains@1.1.1 ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@solana/wallet-standard-chains@1.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[adonesky1]

Seeing some weirdness with the signAndSendTransaction buttons/calls?
https://github.com/user-attachments/assets/d4a9b307-a479-4579-99d9-301e88d64120

Seeing the same bug on the extension:

https://github.com/user-attachments/assets/ee495dc2-5451-4b5d-bc9b-0636fcd92e0e

EDIT: nvm these issues have to do with Solana devnet not being available in Mobile

[jiexi]

Code LGTM, but don't have time to pull down and test

[adonesky1]

LGTM! Tested and works great!

[ffmcgee725]

Code makes sense, and tested locally with some dapps, nothing out of the ordinary spotted. LGTM!

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Bitrise

✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅

Commit hash: 455e0f3
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/50b9e8f4-415f-483c-9ab2-b93244cc7fc7

Note

• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request