feat(ramp): opt-in RAMPS debug dashboard tooling

[amitabh94]

Description

Adds opt-in developer tooling so Money Movement / RAMPS engineers can stream RampsController state and calls to a local browser dashboard without loading the bridge for every dev build.

• RAMPS_DEBUG_DASHBOARD=true in .js.env + Metro restart enables the bridge; RAMPS_DEBUG_DASHBOARD_URL overrides the WebSocket URL (devices/emulators).
• Dynamic import() from ramps-controller-init.ts so the bridge (including fetch instrumentation) is omitted from the bundle unless enabled.
• app/components/UI/Ramp/debug/README.md — setup, adb reverse, env vars.
• ramps-debug-dashboard/ — self-contained Node server (npm ci + node server.mjs); session logs gitignored.
• Includes prior commit on this branch: CODEOWNERS paths for Money Movement (@MetaMask/money-movement) and ramps-debug-dashboard/ entry.

Changelog

CHANGELOG entry: null

Related issues

Fixes:

Manual testing steps

Feature: RAMPS debug dashboard

  Scenario: Dashboard receives data when opt-in env is set
    Given a debug build with RAMPS_DEBUG_DASHBOARD=true in .js.env and Metro restarted
    And ramps-debug-dashboard is running (npm ci && node server.mjs)
    When the app launches and RampsController is active
    Then the browser UI at http://localhost:8099 shows state/method traffic
    And Metro logs include a RampsDebug connected message

Screenshots/Recordings

Ramps Debug Dashboard - Watch Video

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Dev-only code now conditionally patches fetch and wraps RampsController methods when RAMPS_DEBUG_DASHBOARD=true, which could affect local debugging behavior if enabled. Production behavior should remain unchanged due to __DEV__ gating and optional require.

Overview
Adds an opt-in, __DEV__-only “RAMPS debug dashboard” that streams RampsController state changes, method calls (with timing/cache-hit heuristics), and selected ramps-related fetch traffic to ws://localhost:8099.

Introduces a self-contained host dashboard under scripts/money-movement/debug-dashboard/ (Node HTTP+WebSocket server, JSONL session logging, and yarn ramps:debug-dashboard runner) plus new docs and env var guidance in .js.env.example.

Updates ramps-controller-init to conditionally require and initialize the bridge when RAMPS_DEBUG_DASHBOARD=true, adds Jest coverage for that gating, and excludes the new debug tooling from Sonar coverage and the security code scanner.

^{Written by Cursor Bugbot for commit b8ed425. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeRamps
• Selected Performance tags: None (no tests recommended)
• Risk Level: low
• AI Confidence: 90%

click to see 🤖 AI reasoning details

E2E Test Selection:
All changes in this PR are developer tooling additions with no production impact:

1. ramps-controller-init.ts: The only app code change adds a __DEV__ && isRampsDebugDashboardEnabled() block that is dead code in production builds. The isRampsDebugDashboardEnabled() function checks process.env.RAMPS_DEBUG_DASHBOARD === 'true', which is never set in CI/E2E environments. Metro strips __DEV__ blocks in production builds entirely.

2. RampsDebugBridge.ts: New file that is only loaded via require() inside the __DEV__ gate. Never loaded in production or E2E test runs.

3. babel.config.tests.js: Adds ramps-controller-init files to test babel overrides — this is a test infrastructure change needed for Jest to handle the __DEV__ global in unit tests. Does not affect Detox E2E tests.

4. package.json: Only adds a ramps:debug-dashboard developer script. No new production dependencies.

5. scripts/money-movement/debug-dashboard/: Entirely new developer tooling (WebSocket server, HTML dashboard). Not part of the app bundle.

6. CI/config files (.github/workflows/security-code-scanner.yml, sonar-project.properties, .js.env.example): Minor configuration updates to exclude new debug tooling from security scanning and coverage.

Since the ramps-controller-init.ts is a CRITICAL file (app/core/Engine/ path) and it was modified, running SmokeRamps provides a safety net to verify the ramps controller initialization still works correctly in a real E2E scenario. However, the actual risk is very low since the changes are purely additive dev-only code that cannot execute in production/E2E builds.

Performance Test Selection:
No performance impact expected. All changes are developer tooling (debug bridge, WebSocket server, scripts) that are gated behind DEV and an opt-in environment variable. Production builds are completely unaffected. No UI components, rendering logic, state management, or critical user flows were modified.

View GitHub Actions results

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
17 value mismatches detected (expected — fixture represents an existing user).
View details

[codecov-commenter]

Codecov Report

❌ Patch coverage is 2.95858% with 164 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.54%. Comparing base (e2bb36a) to head (b8ed425).
⚠️ Report is 29 commits behind head on main.

Files with missing lines	Patch %	Lines
app/components/UI/Ramp/debug/RampsDebugBridge.ts	0.00%	164 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #28110      +/-   ##
==========================================
- Coverage   82.63%   82.54%   -0.10%     
==========================================
  Files        4854     4860       +6     
  Lines      125092   125561     +469     
  Branches    27919    28114     +195     
==========================================
+ Hits       103376   103640     +264     
- Misses      14600    14760     +160     
- Partials     7116     7161      +45     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
4 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud