feat: multi-tx simulation and batch-specific approval UI

[janek26]

Multi-tx simulation and batch-specific approval UI

The approval screen now simulates all calls in a batch together, merges the results, and displays per-call details. Single-transaction approvals are unaffected.

What changed

• useSimulateTransactions – Replaces useSimulateTransaction. Accepts an array of transactions, simulates them via the backend's batch API, and merges results with mergeSimulations (worst scanning result wins, in/out/approvals concatenated, metas collected per-call).
• CallDetails component – Extracted from TransactionDetails. Renders contract info, function name, source code status, and creation date for a single call. TransactionDetails now iterates metas[] and renders one CallDetails per call with a "Call N" label for batches.
• BatchTransactionData – Data tab for batches: shows each call's target address and calldata separately with a combined copy button.
• Details tab expansion – Chain badge and dapp badge are now shown in the details tab for all requests (not just overview), giving reviewers full context without switching tabs.
• Simulation-driven scam detection – effectiveDappStatus is derived from the simulation scanning result. If simulation flags the request as malicious, the approval screen shows the scam warning regardless of the dapp's metadata status.
• Layout fixes in Simulation.tsx – wrap={false} and flexShrink/minWidth fixes prevent asset amounts from wrapping awkwardly on narrow viewports.
• Scrollable Alert description – Long error messages (common with batch failures) no longer overflow the alert dialog.

Design choices & review focus

• meta → metas[] – The simulation response has a single meta per transaction. For batches we collect them into an array so the UI can render per-call details. The TransactionSimulation type is updated throughout.
• Worst-case scanning – mergeSimulations picks the most severe scanning result across all calls. If any call is flagged malicious, the whole batch is treated as malicious. This is conservative by design.
• SimulationQueryResult type – A new exported type that bundles data, status, error, and isRefetching. This replaces passing four separate props through the component tree.

---

PR-Codex overview

This PR focuses on enhancing the Alert component's styling and improving the simulation transaction handling across multiple components, including better organization of transaction data and improved error handling.

Detailed summary

• Updated Alert component to restrict max height and manage overflow.
• Enhanced Simulation handling to merge multiple results and added error management.
• Refactored SendTransaction to use multiple transactions and improved simulation state handling.
• Modified SendTransactionInfo to include simulation results.
• Improved rendering of batch transaction details.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

[janek26]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• feat: multi-tx simulation and batch-specific approval UI #2238 👈 (View in Graphite)
• refactor: accept transactionRequests[] in TransactionFee and useGas #2237
• feat: wire wallet_sendCalls approval flow end-to-end #2236
• feat: add sendCalls execution logic and request normalization helpers #2235 : 1 other dependent PR (#2254 )
• feat: add batch store with validation and EIP-5792 types #2234
• feat: implement wallet_getCapabilities #2215 : 1 other dependent PR (#2216 )
• feat: add EIP-5792 inpage method stubs and provider upgrade #2214
• refactor: move pending tx cleanup from useEffect to store subscription #2250
• refactor: rewrite popup PendingTransactionWatcher to reactive useEffect pattern #2243
• feat: add chain-specific tiered polling schedule with timeout handling #2242
• feat: move pending transaction receipt checking to background service worker #2241
• master

---

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[DanielSinclair]

Mentioned a few issues that I think we'll need to fix or further investigate before merging. I assume you'd be able to do that today. We'd want QA to run through those edge case scenarios as well.

[DanielSinclair]

Drifting away from the design system primitives here. When mocking this or fixing a layout issue, would point Codex at the design-system/ library and ask it to critique and itterate based on the design system constraints

[DanielSinclair]

Spooked by fallback here too

[DanielSinclair]

Same issue from the prior PR

[DanielSinclair]

Do we filter out these potential null values elsewhere?

[DanielSinclair]

Do we have a loading state here, or do we always flash scam state?

[DanielSinclair]

We're losing the separate Warning state handling

[DanielSinclair]

This also maps WARNING scans to DAppStatus.Scam, even though the metadata API distinguishes warning- level results from malicious ones. For transactions that are risky but not malicious, the approval UI still switches to the red scam affordance and “send anyway” behavior, which overstates the scan result and changes the normal approval flow.

[DanielSinclair]

I think these states are going out of sync.

The parent component (index.tsx) computes effectiveDappStatus which incorporates simulation scanning results, and passes it to SendTransactionActions. But SendTransactionInfo never receives
effectiveDappStatus — it computes isScamDapp independently from raw dappMetadata?.status only.

This means if simulation flags a transaction as malicious but the backend dapp metadata says the dapp
is OK:

• The approve button correctly shows "Send Transaction Anyway" (via effectiveDappStatus)
• But the header still says "Transaction request" instead of "Dangerous request" (via isScamDapp)
• The DappHostName component also uses the raw status, not the effective one

The scam UI is split across two components with two different data sources.

[DanielSinclair]

Are we handling edge cases where session chainId differs from the batch request? Assume that might get caught at the provider, but code flow review caught this (havent investigated myself):

When a dapp session is connected on one chain and submits a batch for another, the sheet can approve a batch that has no gas on the target network or block one that actually does, because fee estimation and balance validation are now reading different chains.