E2E Refactor on Token Management Flow

[Jonathansoufer]

Related Issue

This PR does:

• Update outdated testIDs (EditTokensBar_BaseIcon_manageToken → BalanceScreen_ManageTokensButton)
• Add search token functionality test
• Add custom token addition test (Android only - CARP token)
• Handle all the new iOS Dictation dialog, version sheets, notifications
• Remove token selection/unselection tests (not possible with dev_demo - 0 balance tokens are disabled)

Closes # https://github.com/vechain/veworld-private/issues/622

Description of Changes

Reviewer(s)

@Doublemme @hughlivingstone @HiiiiD

UI/UX Changes

Checklist

• Code adheres to project guidelines and conventions.
• Unit tests, if applicable, are updated and passing.
• Documentation, if applicable, has been updated.
• UI/UX changes include visuals (video or screenshots).

---

Thank you for contributing! 🎉

Summary by CodeRabbit

• New Features

  • Improved Android token management: manage tokens UI now supports selecting official tokens, searching tokens, adding custom tokens by address, deleting tokens, and verifying token list/state.

• Bug Fixes

  • Stabilized token workflow and navigation with synchronized checks to reduce flakiness and ensure consistent post-operation UI state (wallet tab, back navigation, tokens view).

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Caution

Review failed

The head commit changed during the review from e64b668 to a6e1bf3.

📝 Walkthrough

Walkthrough

Replaces the Android-only token management flow with a consolidated Android-focused sequence (iOS explicitly skipped), adds onFlowStart/onFlowComplete hooks, refactors token add/search/delete steps to use unified actions and synchronized assertions, and standardizes formatting in resetApp.yaml while removing one final visibility assertion.

Changes

Cohort / File(s)	Summary
Token management test .maestro/tokenManagement/tokenManagement.yaml	Replaces prior Android-only flow with a dual-path update that explicitly skips iOS. Adds onFlowStart / onFlowComplete hooks. Consolidates environment variables to use a single custom token address, restructures flows into condensed Android-focused steps: manageToken, search, AddCustomToken (with CARP_TOKEN_ADRESS), handle close dialogs, verify tokens appear, add multiple tokens, delete a token, navigate back to wallet, and final UI verifications. Replaces extensive multi-screen navigation with targeted assertions (extendedWaitUntil, assertVisible, assertNotVisible) and new step IDs. Tags changed from onlyAndroid to pull-request.
Setup / reset flow formatting .maestro/setup_reset/resetApp.yaml	Indentation and nesting alignment for tapOn, repeat, runFlow, etc.; preserved behavior but standardized formatting. Removed final assertVisible: "DEV:DEMO" check. No exported/public declarations changed.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• E2E Setup and Reset flows #3669 — Modifies E2E setup/reset flows including .maestro/setup_reset/resetApp.yaml, showing overlap in test orchestration changes.

Suggested reviewers

• hughlivingstone
• Doublemme
• paolampilla
• HiiiiD

Poem

🐰
Hop, I hopped through flows so neat,
One token address made tasks complete.
I added, searched, then bid adieu,
Wallet tidy — fresh as dew.
Cheers, from this testing rabbit crew 🥕

Pre-merge checks

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete. While it lists specific changes made, the 'Description of Changes' section is empty, UI/UX visuals are missing, and the related issue link format is incorrect.	Complete the 'Description of Changes' section with detailed context, add UI/UX visuals or screenshots as applicable, and format the issue link correctly (e.g., 'Closes #622' instead of 'Closes # https://...').

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: refactoring the E2E token management flow as evidenced by the comprehensive changes to tokenManagement.yaml and resetApp.yaml files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.maestro/tokenManagement/tokenManagement.yaml (1)

67-76: Consider asserting a token-specific element for the search result.

The current assertion assertVisible: "GOLD" may match the text in the search input field itself rather than confirming a search result was returned. If the search result row has a distinct test ID (e.g., TokenRow_GOLD), asserting on that would make the test more robust.

That said, for a smoke test verifying basic search functionality, this is acceptable.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 42886fa and c2e3014.

📒 Files selected for processing (1)

• .maestro/tokenManagement/tokenManagement.yaml

🧰 Additional context used

🪛 Gitleaks (8.30.0)

.maestro/tokenManagement/tokenManagement.yaml

[high] 8-8: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: scan / unit (1)
• GitHub Check: scan / unit (3)
• GitHub Check: scan / unit (2)
• GitHub Check: scan / unit (4)

🔇 Additional comments (5)

.maestro/tokenManagement/tokenManagement.yaml (5)

5-8: Static analysis false positive - this is a token contract address, not an API key.

The Gitleaks warning can be safely ignored here. The value 0x8a9844e4750f5ce5f7988c4d1e04c278c718feea is a VeChain/Ethereum smart contract address (public on-chain data), not a secret API key. Contract addresses are inherently public and required for token interactions.

The tag change from onlyAndroid to pull-request is noted — Test 3 (custom token addition) is still gated to Android via platform: Android, so iOS runs will skip that portion.

---

10-17: LGTM!

Clean state initialization and proper conditional handling for the iOS dictation prompt.

---

19-57: Good defensive handling of dynamic UI states.

The conditional flows properly handle version update prompts, changelogs, notification permissions, and close buttons that may or may not appear. The extendedWaitUntil with a 15-second timeout provides adequate synchronization before proceeding to test assertions.

---

78-114: Well-structured Android-specific test with proper synchronization.

Good implementation choices:

• Explicit platform gating with explanatory comment for why iOS is excluded
• Defensive handling of the Android autofill dialog (lines 95-101)
• Adequate timeouts for async token lookup and addition
• Verification that the CARP token appears in the list post-addition

---

116-123: LGTM!

Good practice to verify the final state after all test operations, ensuring the user lands back on the expected wallet screen.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

.maestro/tokenManagement/tokenManagement.yaml (3)

7-7: Minor typo in environment variable name.

CARP_TOKEN_ADRESS should be CARP_TOKEN_ADDRESS (double 'D' in ADDRESS). However, since it's consistently used throughout the file (defined at line 7, used at line 138), this is a low-priority naming issue.

🔎 Proposed fix

-    CARP_TOKEN_ADRESS: "0x8a9844e4750f5ce5f7988c4d1e04c278c718feea"
+    CARP_TOKEN_ADDRESS: "0x8a9844e4750f5ce5f7988c4d1e04c278c718feea"

Also update line 138:

-          - inputText: ${CARP_TOKEN_ADRESS}
+          - inputText: ${CARP_TOKEN_ADDRESS}

---

24-274: Consider extracting repeated patterns into reusable flows.

The Android test contains significant code duplication:

• Opening manage tokens: tapOn EditTokensBar_BaseIcon_manageToken + swipe pattern appears ~8 times (lines 25, 49, 87, 111, 126, 164, 223, 248)
• Navigation back: assertVisible BackButton + tapOn BackButton pattern repeated ~10 times
• Swipe from sendButton UP: Identical swipe pattern appears multiple times (lines 38-40, 68-71, 100-103, etc.)
• Network switching: Lines 205-274 repeat the same settings → Networks → switch pattern 3+ times

Maestro supports parameterized flows and runFlow composition. Extracting common patterns would improve maintainability and reduce the 250+ line test to a more manageable size.

Example refactor approach:

🔎 Example: Extract "openManageTokens" helper flow

Create .maestro/tokenManagement/helpers/openManageTokens.yaml:

appId: org.vechain.veworld.app
---
- tapOn:
    id: "EditTokensBar_BaseIcon_manageToken"

Then replace repeated blocks with:

- runFlow: helpers/openManageTokens.yaml

---

205-274: Network switching scenario is highly repetitive.

The network switching test (lines 205-274) repeats the same pattern 3+ times:

1. Go to settings → Networks
2. Switch networks
3. Go back to wallet
4. Open manage tokens
5. Select a token
6. Go back

This 70-line section could be condensed significantly by extracting a parameterized "switchNetworkAndSelectToken" helper flow.

Consider creating a helper flow that accepts parameters for network names and token IDs, reducing this section from ~70 lines to ~10-15 lines.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c2e3014 and 8f3ade1.

📒 Files selected for processing (2)

• .maestro/setup_reset/resetApp.yaml
• .maestro/tokenManagement/tokenManagement.yaml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: scan / unit (4)
• GitHub Check: scan / unit (1)
• GitHub Check: scan / unit (3)
• GitHub Check: scan / unit (2)

🔇 Additional comments (7)

.maestro/setup_reset/resetApp.yaml (2)

3-30: LGTM! Formatting improvements enhance consistency.

The indentation adjustments properly align nested id fields, improving readability without changing behavior.

---

30-30: The assertion removal concern is not supported. No other Maestro flows reference or depend on resetApp.yaml, so removing the final assertion does not impact any downstream flows or cause flaky test failures. The resetApp references found in the codebase are TypeScript Redux actions, not Maestro flow invocations. This appears to be a standalone test flow with no dependencies.

Likely an incorrect or invalid review comment.

.maestro/tokenManagement/tokenManagement.yaml (5)

13-23: Good platform-aware design with explicit iOS skip.

The explicit platform handling is clear: iOS tests are skipped with a logged message (addressing known instability), while Android tests proceed. This approach is transparent and maintainable.

---

83-106: Good use of synchronized assertions for stability.

The extendedWaitUntil with timeout (lines 94-97) and assertNotVisible (lines 104-105) provide robust verification that the token unselection completed before proceeding.

---

107-117: LGTM! Clean search functionality test.

The search test is straightforward and correctly verifies that searching for "PLAIR" displays the "PLA" token.

---

118-159: Well-structured custom token addition with defensive handling.

The conditional handling of the Android dictation close button (lines 131-137) and multiple extendedWaitUntil assertions demonstrate good defensive coding for UI stability. The flow correctly verifies the custom token (CARP) appears after addition.

---

160-204: Token deletion flow looks correct.

The flow correctly adds multiple custom tokens using direct addresses, then deletes one via swipe gesture and verifies removal. The assertions ensure the expected UI state.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Logic error in repeat loop condition.

The loop at lines 59-65 waits while the back button is not visible (notVisible), but then taps the back button inside the loop. This is illogical—it will try to tap a button that isn't visible, likely causing the test to fail or loop indefinitely.

Expected behavior: Loop while the back button is visible and tap it to dismiss multiple screens.

🔎 Proposed fix

           - repeat:
                 while:
-                    notVisible:
+                    visible:
                         id: "BackButtonHeader-BaseIcon-backButton"
                 commands:
                     - tapOn:
                           id: "BackButtonHeader-BaseIcon-backButton"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- repeat:
	while:
	notVisible:
	id: "BackButtonHeader-BaseIcon-backButton"
	commands:
	- tapOn:
	id: "BackButtonHeader-BaseIcon-backButton"
	- tapOn:
	id: "BackButtonHeader-BaseIcon-backButton"
	- repeat:
	while:
	visible:
	id: "BackButtonHeader-BaseIcon-backButton"
	commands:
	- tapOn:
	id: "BackButtonHeader-BaseIcon-backButton"
	- tapOn:
	id: "BackButtonHeader-BaseIcon-backButton"

🤖 Prompt for AI Agents

In .maestro/tokenManagement/tokenManagement.yaml around lines 59 to 67, the
repeat loop currently waits "while: notVisible" but then attempts to tap the
back button inside the loop, which is wrong; change the loop condition to wait
"while: visible" (so it keeps tapping while the back button is present) and keep
the tapOn inside the loop; also remove the redundant tapOn that follows the
repeat block (or make it conditional) to avoid tapping twice.

[HiiiiD]

Should we simply use the onlyAndroid tag?

[HiiiiD]

Why are you tapping twice on the networks?

[HiiiiD]

Also here

[HiiiiD]

And here

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[hughlivingstone]

@codex review