Skip to content

poc/moonpay iron#33305

Open
jiexi wants to merge 13 commits into
poc/ukycfrom
poc/moonpay-iron
Open

poc/moonpay iron#33305
jiexi wants to merge 13 commits into
poc/ukycfrom
poc/moonpay-iron

Conversation

@jiexi

@jiexi jiexi commented Jul 14, 2026

Copy link
Copy Markdown
Member
  • feat: include kyc required endpoint into main architecture
  • feat: include kyc required endpoint into main architecture
  • feat: wip
  • fix bad merge
  • add geolocation fetching
  • add disclaimer fetching and submission
  • show disclaimers in text, thread to session creation
  • revert local network hardcode
  • fix session creation POST
  • add launch sumsub button. move debug component to bottom of page

Description

Changelog

CHANGELOG entry:

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

Performance checks (if applicable)

  • I've tested on Android
    • Ideally on a mid-range device; emulator is acceptable
  • I've tested with a power user scenario
    • Use these power-user SRPs to import wallets with many accounts and tokens
  • I've instrumented key operations with Sentry traces for production performance metrics

For performance guidelines and tooling, see the Performance Guide.

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

Note

Medium Risk
Touches KYC/session auth and changes how MoonPay tokens flow into UKYC/SumSub, but scope is demo screens rather than production ramps UI; a debug console.log remains on the Check frame URL.

Overview
Refactors the KYC Demo MoonPay path to go through the local Universal KYC (UKYC) service instead of calling MoonPay’s platform identity APIs from the app.

API and auth: UKYC calls now use the wallet AuthenticationController bearer token (replacing a hardcoded dev token). New helpers load disclaimers and geolocation → ISO alpha-3 (countryCodes.ts), and checkKycRequired replaces client-side identity create/PATCH/upload/verification/polling. Session creation sends disclaimerIds from the fetched disclaimers.

Demo flow: After Check/Auth frames, the UI only picks a country profile and runs the kyc-required check; the done screen shows the JSON result and a Launch SumSub verification button (no auto-launch on approval). Challenge/verify/poll phases and rich identity fields are removed.

SumSub handoff: KYCDemo owns a single useSumSubDemo instance; MoonpayDemo receives launchSumSubSDK, and SumSubDemo displays status / sdkResult from props. SumSub UKYC session POSTs use bearer auth and pass the MoonPay token in vendorMetadata.

Minor iOS Xcode project path updates for AppDelegate / BrazeHelper references.

Reviewed by Cursor Bugbot for commit 1f590ac. Bugbot is set up for automated code reviews on this repo. Configure here.

@github-actions

Copy link
Copy Markdown
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@metamask-ci metamask-ci Bot added the team-wallet-integrations Wallet Integrations team label Jul 14, 2026

@cursor cursor Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 3 potential issues.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 1f590ac. Configure here.

{ error: String(err) },
'error',
);
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Terms blocked after disclaimer failure

Medium Severity

When geolocation or disclaimer fetching fails, disclaimersLoaded never becomes true, so Accept terms and start stays disabled with no retry. The button label still reads Loading disclaimers… even when an error is shown, so the flow looks stuck rather than failed.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 1f590ac. Configure here.

if (cancelled) return;
setDisclaimers(result);
setDisclaimersError(null);
setDisclaimersLoaded(true);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Geolocation vs profile country mismatch

Medium Severity

Disclaimers and disclaimerIds for session creation come from geolocation-derived country, but checkKycRequired uses the manually selected profile’s residentialAddress.country. A user can accept one jurisdiction’s disclaimers while querying KYC for another.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 1f590ac. Configure here.

url.searchParams.set('publicKey', keypair.publicKeyHex);
url.searchParams.set('channelId', CHANNEL_CHECK);
url.searchParams.set('skipKyc', 'true');
console.log('==========> url', url.toString());

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Debug log leaks session URL

Medium Severity

A console.log in the checkFrameUrl memo prints the full MoonPay check-connection URL, including the sessionToken query parameter, on every rebuild when a session exists.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 1f590ac. Configure here.

@github-actions

Copy link
Copy Markdown
Contributor

🔍 Smart E2E Test Selection

  • Selected E2E tags: None (no tests recommended)
  • Selected Performance tags: None (no tests recommended)
  • Risk Level: low
  • AI Confidence: 92%
click to see 🤖 AI reasoning details

E2E Test Selection:
All 8 changed files fall into two categories:

  1. Developer Demo Components (7 files): KYCDemo, MoonpayDemo, and SumSubDemo are internal developer demo/testing screens. The changes refactor the KYC flow within these demo screens — simplifying from a multi-step identity creation/verification/polling flow to a simpler KYC-check flow, adding geolocation resolution, disclaimers fetching, and SumSub SDK integration. These are not production user-facing features and are not covered by any E2E smoke tests. A grep search confirms these components are only referenced in MainNavigator.js (as a route) and Wallet/index.tsx (as a developer button), with no smoke test files importing or testing them.

  2. iOS Xcode Project File (1 file): ios/MetaMask.xcodeproj/project.pbxproj changes are minor path corrections (renaming display names from AppDelegate.swift to MetaMask/AppDelegate.swift, same for BrazeHelper.mm), adding empty inputPaths/outputPaths arrays to build phases, and adding a SplashScreen.storyboard reference to Recovered References. These are structural/cosmetic Xcode project file changes that don't affect app runtime behavior.

No production user flows, shared components, navigation, controllers, or E2E-testable features are affected. No smoke test tags are warranted.

Performance Test Selection:
No performance-sensitive code paths are affected. The changes are confined to developer demo screens (KYCDemo, MoonpayDemo, SumSubDemo) and an Xcode project file. None of the changed files touch app launch, onboarding, login, asset loading, swap flows, or any other performance-measured scenarios.

View GitHub Actions results

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size-XL team-wallet-integrations Wallet Integrations team

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants