feat: Make a/b tests independent

[MarioAslau]

Explanation

Right now, only the ID is used as a seed to determine what bucket the user falls into in an A/B test.

Due to this, if there’s more than 1 A/B test configured, they will never be independent of each other

Solution:
Define the distribution using profile/metametrics ID + A/B test ID as a seed instead of just profile/metametrics ID

• added createDeterministicSeed: Convert concatenated strings into valid hex format

References

Checklist

• I've updated the test suite for new or updated code as appropriate
• I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
• I've communicated my changes to consumers by updating changelogs for packages I've changed
• I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

---

Note

Uses a per-flag deterministic seed (metaMetricsId + flag name) for threshold selection to decouple A/B assignments across flags.

• Controller
  • Use per-flag deterministic seed for threshold-based flags: createDeterministicSeed(metaMetricsId, remoteFeatureFlagName) → generateDeterministicRandomNumber(seed).
• Utils
  • Add createDeterministicSeed (SHA-256 via @noble/hashes), lowercases inputs, returns 0x-prefixed 32-byte hex; throws on empty ID.
• Tests
  • Add tests ensuring independent group assignment across flags and deterministic selection across calls.
  • Update expectations for threshold outcomes; add tests for multi-version + A/B selection.
  • Add comprehensive tests for createDeterministicSeed (format, casing, errors).
• Dependencies
  • Add @noble/hashes.

^{Written by Cursor Bugbot for commit 526f5fe. This will update automatically on new commits. Configure here.}

[FrederikBolding]

If async is OK here we should consider using crypto.subtle.digest

[FrederikBolding]

Just upstreamed this which may be useful here

[MarioAslau]

@FrederikBolding can you expand on that ?

I've used sha256 from noble/hashes to keep consistency with what I've noticed in other packages.

[MarioAslau]

It doesn't seem to be published/exported yet in the current version of metamask/utils

[FrederikBolding]

It was published earlier today!

[FrederikBolding]

SHA-256 using native code will perform better across mobile and extension! We automatically fall back to noble if unavailable

[asalsys]

LGTM!

[Gudahtt]

Why was no-changelog applied?

[MarioAslau]

Why was no-changelog applied?

Sorry @Gudahtt, reflex from the mobile repo

[Gudahtt]

This is a slow cryptographic operation and it runs once per flag, but we don't need to run this for all flags. It's unnecessary unless the flag has a threshold.

Perhaps we can calculate this later, after we've determined that there is a threshold on this specific flag? That way it can be skipped for non-threshold flags, which is the majority of them.

[Gudahtt]

It's also not ideal to run this every time flags get updated 🤔.

[Gudahtt]

The 0x-prefixed input for generateDeterministicRandomNumber is meant to support legacy metrics IDs. We had hoped to remove that functionality when dropping support for those legacy IDs. Migrating to a format we planned to deprecate is not ideal.

[Gudahtt]

The function generateDeterministicRandomNumber attempts to deterministically generate a number between 0 and 1 cheaply. That's why we didn't use a hash function.

With a hash function, it's relatively easy to ensure that the output is uniform in distribution across different inputs (we can use a hash function known to have this property, we don't need to be careful to maintain this guarantee ourselves). It's quite a bit simpler than the approach taken now in generateDeterministicRandomNumber.

If we're using a hash function anyway, there is no need to keep generateDeterministicRandomNumber around, it serves no purpose. We can derive a number between 0 and 1 directly from the hash function. I don't think it makes much sense to keep it around but pass an artificially-generated legacy metrics ID to it.

I'd recommend reconsidering this approach. Either we should attempt to find a cheaper way to derive the threshold without using a hash function, or align on that as a solution and drop the unnecessary extra code.

[Gudahtt]

After thinking about this further, a hash function is the only viable approach I can think of.

We could hash id + flagName, and cache it so that it only needs to be generated once. That shouldn't have any significant performance issues, especially if we follow @FrederikBolding 's suggestion and use crypto.subtle.digest to take advantage of platform-specific optimizations.