feat(transaction-controller): pass isInternal: true at internal call sites

[matthewwalsh0]

Description

Adopts the new isInternal flag introduced in @metamask/transaction-controller@65.0.0. The controller previously inferred internal vs external trust from the request origin (origin === ORIGIN_METAMASK ⇒ internal). That coupling has been replaced with an explicit, optional isInternal: boolean flag on addTransaction / addTransactionBatch, defaulting to false. To keep current behaviour, every internal call site in extension must opt in.

This PR adopts isInternal: true at the internal entry points and leaves dapp-driven paths defaulting to false:

Call site	Classification	Action
getApi().addTransaction / addTransactionAndWaitForPublish (UI-facing wrappers)	Internal	isInternal: true
upgradeAccount (EIP-7702 internal upgrade)	Internal	isInternal: true
BridgeStatusController.addTransactionBatchFn callback	Internal	isInternal: true
EIP-5792 wallet_sendCalls middleware (processSendCalls callbacks)	External	Default (false)
addDappTransaction (eth_sendTransaction middleware)	External	Default (false)

Internal feature hooks in the UI (useMusdConversion, useSubscription, useRevokeGatorPermissions, useMerklClaimTransaction, mUSD transaction-utils) all funnel through the UI Redux addTransaction action which calls the background's UI-facing wrapper, so they are covered automatically.

The Tempo helper functions (getTempoEvmTransactionArgs, getTempoTransactionBatchArgs) spread the caller's transactionOptions, so isInternal propagates through the Tempo path with no further changes.

Incidental changes

• Bumps @metamask/messenger to ^1.2.0 to match the version required by transaction-controller 65.0.0. After dedupe, all packages resolve to 1.2.0.
• Fixes a latent action-list mismatch in StaticAssetsController's messenger getter that was surfaced by the stricter type-checking in messenger 1.2. The getter declared AccountsController:getSelectedAccount in AllowedActions but the controller's StaticAssetsControllerMessenger type expected StaticAssetsController:getState (the controller's own GetState action). The getter now imports StaticAssetsControllerActions from the controller so the two stay in sync.

Preview build

This PR depends on the unreleased core PR via previewBuilds:

"@metamask/transaction-controller": { "type": "breaking", "previewVersion": "65.0.0-preview-156c8ccf7" },
"@metamask/transaction-pay-controller": { "type": "non-breaking", "previewVersion": "20.0.1-preview-156c8ccf7" },
"@metamask/bridge-status-controller": { "type": "non-breaking", "previewVersion": "71.1.0-preview-156c8ccf7" },
"@metamask/eip-5792-middleware": { "type": "non-breaking", "previewVersion": "3.0.3-preview-156c8ccf7" }

These will be replaced with released versions before this PR merges.

Manual testing steps

1. Send a native ETH transaction from the UI — should still work and reach submitted.
2. Send a token approval / swap from a dapp via eth_sendTransaction — confirmation flow should still display the dapp's origin and dapp-suggested gas fees.
3. Use a dapp that issues wallet_sendCalls — batch should still be accepted, and origin / size limits / EIP-7702 rejection rules still apply.
4. Initiate an EIP-7702 account upgrade — internal upgrade transaction should be created with requireApproval: true and complete normally.
5. Bridge a token via the in-app Bridge — BridgeStatusController's status callback should not be rejected by validations now that it sets isInternal: true.

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labelling guidelines). Not required for external contributors.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​metamask/​eip-5792-middleware@​3.0.3-preview-156c8ccf7
	@​metamask/​bridge-status-controller@​70.0.5 ⏵ 71.1.0-preview-156c8ccf7	+4		+23	+2
	@​metamask/​transaction-pay-controller@​19.2.2 ⏵ 20.0.1-preview-156c8ccf7	+3		+21	+2

View full report

[metamaskbotv2]

✨ Files requiring CODEOWNER review ✨

📜 @MetaMask/policy-reviewers (5 files, +1301 -37)

• 📁 lavamoat/
  • 📁 browserify/
    • 📁 beta/
      • 📄 policy.json +325 -9
    • 📁 experimental/
      • 📄 policy.json +325 -9
    • 📁 flask/
      • 📄 policy.json +325 -9
    • 📁 main/
      • 📄 policy.json +325 -9
  • 📁 build-system/
    • 📄 policy.json +1 -1

Tip

Follow the policy review process outlined in the LavaMoat Policy Review Process doc before expecting an approval from Policy Reviewers.