feat: Add self reported dapp url in CONNECT_REQUEST_COMPLETED event

[jiexi]

Description

Uses the self reported dapp url when available for the CONNECT_REQUEST_COMPLETED event when the connection is a SDKv1, SDKv2, or WC connection. It uses the trusted origin otherwise.

Changelog

CHANGELOG entry: null

Related issues

Fixes: https://consensyssoftware.atlassian.net/browse/WAPI-1338

Manual testing steps

1. Establish a WC or SDKv1 or SDKv2 connection
2. Check analytics events for a property value referrer that should be the dapp's url, not a UUID

It may be easier to use an expo build and the js debugger to view analytic network events.

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Low Risk
Low risk analytics-only change that alters the referrer value emitted for CONNECT_REQUEST_COMPLETED, potentially affecting downstream dashboards but not user-facing behavior.

Overview
Updates analytics for connection approvals so MetaMetricsEvents.CONNECT_REQUEST_COMPLETED now reports a computed referrer (SDK/WC self-reported dapp URL when available, otherwise the trusted hostname/origin) instead of always using request.metadata.origin.

Applies the same referrer logic in both AccountConnect and MultichainAccountConnect, and wires it into the handleConnect tracking dependencies.

^{Written by Cursor Bugbot for commit ad3bb42. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

[cursor]

V2 SDK connections not handled in referrer computation

Medium Severity

The referrer computation only checks isOriginMMSDKRemoteConn (v1 SDK connections) but this component also supports v2 SDK connections via isOriginMMSDKV2RemoteConn. For v2 SDK connections, isOriginMMSDKRemoteConn is false, so referrer falls through to channelIdOrHostname instead of using the self-reported dapp URL from dappUrl (which already includes sdkV2Connection?.originatorInfo?.url at lines 478–481). This defeats the PR's purpose of reporting the self-reported dapp URL for SDK connections.

 

[adonesky1]

looks like dappUrl will default to '' not null? not sure about wc2Metadata?.url

[jiexi]

yeah good point. The comment is wrong. I really just want the value to be falsey here (i.e. not the channelId) when the connection is SDK or WC and the self reported dapp url is not available.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeNetworkExpansion, SmokeMultiChainAPI, SmokeNetworkAbstractions, SmokeConfirmations
• Selected Performance tags: None (no tests recommended)
• Risk Level: low
• AI Confidence: 85%

click to see 🤖 AI reasoning details

E2E Test Selection:
The changes in this PR are analytics-only fixes to the referrer field in two dApp account connection components:

1. AccountConnect.tsx: Changed referrer from request.metadata.origin to a computed value that correctly uses dappUrl for SDK connections, wc2Metadata?.url for WalletConnect, and channelIdOrHostname for regular connections.

2. MultichainAccountConnect.tsx: Same analytics referrer fix applied to the multichain account connect flow.

These changes do NOT affect:

• Connection logic or permission flows
• UI rendering
• State management
• Any non-analytics behavior

However, since these components are in the critical dApp connection path (both EVM and multichain), it's prudent to run tests that exercise these flows to ensure no regressions were introduced:

• SmokeNetworkExpansion: Directly tests dApp connect/disconnect flows (Solana Wallet Standard connect.spec.ts, multiple-provider-connections.spec.ts) which use AccountConnect/MultichainAccountConnect
• SmokeMultiChainAPI: Tests CAIP-25 session creation (wallet_createSession) which involves the account connection flow
• SmokeNetworkAbstractions: Required by SmokeMultiChainAPI's description (permission UI integration)
• SmokeConfirmations: Required by SmokeNetworkExpansion's description (Solana transaction/signing flows hit confirmations)

Performance tests are not warranted as these are pure analytics property changes with no UI rendering, data loading, or performance-sensitive code paths affected.

Performance Test Selection:
The changes are limited to analytics event property fixes (referrer field) in the dApp connection components. No UI rendering, state management, data loading, or performance-sensitive code paths are affected. Performance tests are not warranted.

View GitHub Actions results

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
17 value mismatches detected (expected — fixture represents an existing user).
View details

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud