QYX20

[LimitedVERSE]

Description

This PR introduces QYX20 / QuantumYield branding and configuration into the MetaMask extension codebase.
The goal is to adapt the upstream MetaMask extension into a whitelabel variant, enabling specialized support for the QYX20 token standard and QuantumYield exchange integration.

• Reason for change: Extend MetaMask core to include custom branding and advanced functionality for QuantumYield users.
• Improvement/solution: Provide a dedicated build path with preconfigured assets, token/chain metadata, and UX adjustments aligned with QYX20.

---

Changelog

CHANGELOG entry:
Added QYX20 (QuantumYield) branding and configuration support as a whitelabel MetaMask variant.

---

Related issues

Fixes: [link issue or tracking ticket here if applicable]

---

Manual testing steps

1. Pull this branch and build the extension with yarn start or pnpm build.
2. Load the unpacked extension into Chrome/Edge/Brave.
3. Confirm QuantumYield branding (icons, splash, UI assets).
4. Validate QYX20 token/chain metadata loads correctly.
5. Ensure base MetaMask functionality (accounts, RPC, transactions) is not broken.
6. Test QYX20-specific flows (deposit/withdraw/UTXO integration if available).

---

Screenshots/Recordings

Before

Default MetaMask branding and configuration.

After

QuantumYield (QYX20) branding, UI updates, and chain configuration visible in extension.

(add screenshots when available)

---

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and Coding Standards.
• I've completed the PR template to the best of my ability.
• I’ve included tests if applicable.
• I’ve documented my code using JSDoc where relevant.
• I’ve applied the correct labels (see labeling guidelines).

---

Pre-merge reviewer checklist

• I’ve manually tested this branch (pull, build, run extension).
• I confirm the PR addresses all acceptance criteria in its related ticket.
• I’ve added/checked screenshots or recordings showing changes in action.

---

Note

Rebrands MetaMask UI strings to QuantumYield and updates multiple GitHub Actions (self-hosted runners, new Pages deploys, improved scripting), plus minor code robustness and styling tweaks.

• Branding/UI:
  • Replace MetaMask with QuantumYield across app/_locales/en/messages.json, app/loading.html, and app/popup-init.html (titles, messages, support text).
  • Tweak popup dark background color and loading copy.
• Code robustness:
  • Wrap completeQrCodeScan in try/catch to log background call errors.
  • Minor comment note in multichain-avatar-group.tsx.
• CI/CD (GitHub Actions):
  • Switch many jobs to runs-on: self-hosted; adjust envs and tokens; capture NEXT_SEMVER_VERSION via step output.
  • Add GitHub Pages deploy workflows for Jekyll and Next.js (branch QYX20).
  • Modify Crowdin workflow branch target and various E2E/reporting jobs; introduce custom flaky test report generation.
  • Nightly build tweaks (risk/allow-scripts), broader workflow refinements (benchmarks, bundle size, policies, releases).

^{Written by Cursor Bugbot for commit 48c0bc6. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action:

Thank you for your submission, we really appreciate it. We ask that you all read and sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just by adding a comment to this pull request with this exact sentence:

I have read the CLA Document and I hereby sign the CLA

By commenting with the above message you are agreeing to the terms of the CLA. Your account will be recorded as agreeing to our CLA so you don't need to sign it again for future contributions to this repository.

1 out of 2 committers have signed the CLA.
✅ @LimitedVERSE
❌ @Copilot

[Copilot]

Pull Request Overview

Copilot reviewed 47 out of 49 changed files in this pull request and generated 5 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Pull Request Overview

Copilot reviewed 48 out of 50 changed files in this pull request and generated 2 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Pull Request Overview

Copilot reviewed 48 out of 50 changed files in this pull request and generated no new comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[cursor]

Bug: Flaky Test Report Workflow Fails

The flaky test report workflow changed to an inline implementation that calls .github/scripts/create-flaky-test-report.ts, but this script is missing from the repository. Additionally, the Slack webhook secret name changed from SLACK_WEBHOOK_FLAKY_TESTS to SLACK_WEBHOOK_URL. This will cause the workflow to fail and prevent flaky test reports.

 

[cursor]

Bug: Self-Hosted Runners Risk Repository Security

Switching GitHub Actions workflows to self-hosted runners introduces a critical security vulnerability. In public repositories, this allows malicious pull requests from forks to execute arbitrary code on the runner infrastructure, potentially compromising repository secrets and sensitive permissions like security-events: write.

Additional Locations (1)

• .github/workflows/security-code-scanner.yml#L18-L19

 

[Copilot]

Pull Request Overview

Copilot reviewed 50 out of 51 changed files in this pull request and generated 3 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Using an empty string as fallback for a missing secret token could lead to silent failures in authentication. Consider using a conditional check or failing explicitly when the token is missing.

Suggested change

	RELEASE_LABEL_TOKEN: ${{ secrets.RELEASE_LABEL_TOKEN || '' }}
	NEXT_SEMVER_VERSION: ${{ steps.get-next-semver-version.outputs.NEXT_SEMVER_VERSION }}
	run: yarn run add-release-label-to-pr-and-linked-issues
	RELEASE_LABEL_TOKEN: ${{ secrets.RELEASE_LABEL_TOKEN }}
	NEXT_SEMVER_VERSION: ${{ steps.get-next-semver-version.outputs.NEXT_SEMVER_VERSION }}
	run: |
	if [ -z "$RELEASE_LABEL_TOKEN" ]; then
	echo "ERROR: RELEASE_LABEL_TOKEN secret is not set. Failing workflow."
	exit 1
	fi
	yarn run add-release-label-to-pr-and-linked-issues

[Copilot]

The workflow references a script file .github/scripts/create-flaky-test-report.ts that doesn't exist in the current diff. Ensure this script file is created or already exists in the repository.

[Copilot]

The Crowdin workflow now only triggers on the QYX20 branch instead of main. This could break localization updates for the main branch. Consider whether this change is intentional or if both branches should be included.

Suggested change

	branches:
	branches:
	- main