feat: Add AI PR analysis configuration and workflow

.ai-pr-analyzer/config.yaml

@@ -0,0 +1,31 @@
+repo: metamask/metamask-mobile
+
+critical:
+  files:
+    - package.json
+    - metro.config.js
+    - babel.config.js
+    - .detoxrc.js
+  keywords:
+    - Controller
+    - Engine
+  paths:
+    - app/core/
+    - tests/
+    - .github/workflows/
+    - .github/actions/
+
+searchDirs:
+  - app/
+  - e2e/
+  - .github/
+  - scripts/
+  - tests/
+
+models:
+  default: anthropic/claude-haiku-4-5
+  escalation: anthropic/claude-sonnet-4-6
+  escalationThreshold: 3
+
+modes:
+  - pr-risk-analysis

.ai-pr-analyzer/modes/pr-risk-analysis/hard-rules.json

@@ -0,0 +1,22 @@
+[
+  {
+    "name": "mass-critical-changes",
+    "description": "More than 20 critical files changed — automatic high risk",
+    "trigger": {
+      "type": "criticalFileCount",
+      "threshold": 20
+    },
+    "action": "run-all",
+    "result": {
+      "risk_score": 85,
+      "risk_level": "high",
+      "summary": "Large-scale change affecting more than 20 critical files. Manual review strongly recommended.",
+      "testing_recommendations": [
+        "Full regression test suite recommended",
+        "Manual review of all critical file changes",
+        "Verify no breaking changes to controller initialization order",
+        "Check Engine startup sequence"
+      ]
+    }
+  }
+]

.ai-pr-analyzer/modes/pr-risk-analysis/prompt-context.md

@@ -0,0 +1,48 @@
+You are analyzing MetaMask Mobile, a React Native mobile wallet for Ethereum networks (iOS and Android).
+
+Your focus is **production regression risk** — the likelihood that these changes break existing user-facing functionality, introduce new bugs, or cause unexpected side effects in the shipped app.
+
+Production regression risk is what matters most. Test-only changes (fixtures, mocks, helpers, E2E specs) are worth noting but should not dominate the overall score unless they also impact production code paths.
+
+ARCHITECTURE OVERVIEW:
+
+- Engine (app/core/Engine/) is the central orchestrator managing 70+ controllers via ComposableController
+- Controllers follow MetaMask's BaseController pattern with messenger-based communication
+- Redux for global state, Redux Saga for side effects, redux-persist for persistence
+- React Navigation v5 for navigation
+- Detox for E2E testing, Jest for unit tests
+
+CRITICAL DEPENDENCY CHAINS (changes here cascade widely):
+
+- NetworkController and KeyringController are Phase 2 (foundational) — changes cascade to 40+ controllers
+- TransactionController depends on Network, GasFee, Keyring, and Approval controllers
+- Token controllers (Tokens, TokenBalances, TokenRates, NftController) depend on Network and AssetsContract
+- AccountsController depends on KeyringController
+
+REGRESSION-PRONE PATTERNS:
+
+- Engine.ts initialization order changes → can break app startup
+- Controller messenger configuration changes (allowedActions/allowedEvents) → breaks inter-controller communication
+- BACKGROUND_STATE_CHANGE_EVENT_NAMES modifications → UI state sync failures
+- Direct imports between controllers (vs messenger calls) → circular dependency risk
+- State schema changes without migration → data loss on app update
+- Package version bumps in @metamask/\* controller packages → API surface changes
+
+SIGNALS THAT INCREASE RISK:
+
+- Modifying a function/class used by many consumers (high fan-out)
+- Changing exported API signatures or return types
+- Altering behaviour of shared utilities or hooks
+- Removing or renaming exports without updating all consumers
+- Changing default values or configuration
+- Modifying state shapes that are persisted or serialized
+
+SIGNALS THAT DECREASE RISK:
+
+- Purely additive changes (new files, new exports, new optional params)
+- Documentation, comments, formatting only
+- Test-only changes with no production code modified
+- Isolated component changes with no shared dependencies
+- Adding testIDs for E2E testing
+
+Use the `load_skill` tool with `metamask-core-architecture` for deeper architectural analysis when changes involve Engine, controllers, or messenger patterns.