refactor(compliance): remove initial block wallets call#8365
Merged
Conversation
gambinish
approved these changes
Apr 1, 2026
Contributor
Author
|
For reviewers: Doesn't break any existing API as controller is not in production |
mcmire
approved these changes
Apr 2, 2026
Contributor
mcmire
left a comment
mcmire
left a comment
There was a problem hiding this comment.
Left a comment on the changelog, it's non-blocking though. Everything seems documented so that's what matters :) LGTM.
| - The `updateBlockedWallets()` service method and its `GET /v1/blocked-wallets` endpoint integration have been removed. | ||
| - `ComplianceControllerInitAction`, `ComplianceControllerUpdateBlockedWalletsAction`, and `ComplianceServiceUpdateBlockedWalletsAction` types have been removed from the public API. | ||
| - The `BlockedWalletsInfo` type has been removed from the public API. | ||
| - `checkWalletCompliance` and `checkWalletsCompliance` now fall back to the per-address `walletComplianceStatusMap` cache when the API is unavailable, re-throwing only if no cached result exists for a requested address. |
Contributor
There was a problem hiding this comment.
Nit: Is this change or the next change breaking? It seems like only the removals would be breaking.
For clarity it might be helpful to split out the removals into their own entries. There is a separate "Removed" category you can use to highlight removals.
github-merge-queue bot
pushed a commit
that referenced
this pull request
Apr 2, 2026
## Explanation This release bumps `@metamask/compliance-controller` from `1.0.2` to `2.0.0`. The major version bump is required due to breaking changes in the compliance controller — see the [changelog](https://github.com/MetaMask/core/blob/release/900.0.0/packages/compliance-controller/CHANGELOG.md) for full details. ### Packages released | Package | From | To | Type | |---|---|---|---| | `@metamask/compliance-controller` | `1.0.2` | `2.0.0` | major | ### Summary of changes **Added** - `generate-action-types` CLI tool available as a subpath export via the `@metamask/messenger` bump ([#8264](#8264)) **Breaking changes** - Removed proactive bulk-fetch pattern from `ComplianceController` and `ComplianceService` ([#8365](#8365)) - `state.blockedWallets` and `state.blockedWalletsLastFetched` removed — consumers with persisted state must drop these fields on migration - `init()`, `updateBlockedWallets()` controller methods removed - `blockedWalletsRefreshInterval` constructor option removed - `ComplianceControllerInitAction`, `ComplianceControllerUpdateBlockedWalletsAction`, `ComplianceServiceUpdateBlockedWalletsAction`, `BlockedWalletsInfo` removed from public API - `checkWalletCompliance` / `checkWalletsCompliance` now fall back to the per-address cache on API failure - `selectIsWalletBlocked` now reads solely from `walletComplianceStatusMap` ## References - [#8365](#8365) — refactor(compliance): remove initial block wallets call ## Checklist - [x] I've updated the test suite for new or updated code as appropriate - [x] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [x] I've communicated my changes to consumers by updating changelogs for packages I've changed - [x] I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Release-only changes, but it publishes a new major `@metamask/compliance-controller` version with breaking API/state removals that downstream consumers must migrate to. > > **Overview** > Bumps the monorepo version to `900.0.0` and releases `@metamask/compliance-controller` `2.0.0`. > > Updates the compliance-controller changelog to document the **breaking** removal of the blocked-wallets bulk-fetch flow and related public API/state fields, and adjusts the `[Unreleased]`/`[2.0.0]` compare links accordingly. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 7060084. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: cryptodev-2s <109512101+cryptodev-2s@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Explanation
This refactor removes the proactive bulk-fetch pattern from
ComplianceControllerandComplianceService.Before: On initialisation,
init()eagerly fetched the full blocked wallets list fromGET /v1/blocked-walletsand persisted all addresses instate.blockedWallets. This meant potentially thousands of OFAC/sanctioned addresses were stored in client state, refreshed on a configurable interval, and used as the primary lookup source forselectIsWalletBlocked.After: The controller only performs on-demand per-address API checks (
checkWalletCompliance/checkWalletsCompliance). Results are cached inwalletComplianceStatusMapkeyed by address. If a subsequent API call for the same address fails, the cached result is returned as a fallback. If no cached result exists, the error is re-thrown.Changes
ComplianceControllerstate.blockedWalletsandstate.blockedWalletsLastFetchedfieldsinit(),updateBlockedWallets(),#isBlockedWalletsStale()and#blockedWalletsRefreshIntervalcheckWalletComplianceandcheckWalletsCompliancenow wrap the API call in try/catch — on failure they fall back to the per-address cache, re-throwing only when no cached entry existsComplianceServiceupdateBlockedWallets()method and theGET /v1/blocked-walletsendpoint integrationselectorsselectIsWalletBlockednow reads solely fromwalletComplianceStatusMap; theselectBlockedWalletsintermediate selector is removedtypesBlockedWalletsInfotypeMessenger action types / index
ComplianceControllerInitAction,ComplianceControllerUpdateBlockedWalletsAction, andComplianceServiceUpdateBlockedWalletsActionReferences
N/A
Checklist
Note
High Risk
Breaking public API/state changes remove blocklist fetching and alter
selectIsWalletBlockedto depend solely on per-address cached checks, which can change behavior when the API is down. Consumers must update persisted-state migrations and remove calls to deleted controller/service methods.Overview
Removes the proactive full blocklist fetch/caching flow, shifting compliance to on-demand per-address checks (
checkWalletCompliance/checkWalletsCompliance) with a per-address cache used only as a fallback when the API is unavailable.This is a breaking change:
ComplianceControllerStatedropsblockedWallets/blockedWalletsLastFetched, the controller’sinit()/updateBlockedWallets()methods andblockedWalletsRefreshIntervaloption are removed, andComplianceService:updateBlockedWallets(andGET /v1/blocked-wallets) plus related exported action/types (BlockedWalletsInfo, init/update action types) are deleted.selectIsWalletBlockednow reads solely fromwalletComplianceStatusMap, and tests/changelog are updated accordingly.Written by Cursor Bugbot for commit 148c209. This will update automatically on new commits. Configure here.