@arkade-os/boltz-swap 0.3.33 → 0.3.34

package/dist/{arkade-swaps-9M7FRuq1.d.cts → arkade-swaps-BXAD1s8j.d.ts}

@@ -1,5 +1,5 @@
 import { IWallet, ArkProvider, IndexerProvider, ArkInfo, Identity, ArkTxInput, VHTLC } from '@arkade-os/sdk';
-import { q as BoltzSwapProvider, w as SwapManager, m as SwapRepository, p as ArkadeSwapsCreateConfig, A as ArkadeSwapsConfig, n as SwapManagerClient, C as CreateLightningInvoiceRequest, e as CreateLightningInvoiceResponse, b as BoltzReverseSwap, S as SendLightningPaymentRequest, f as SendLightningPaymentResponse, c as BoltzSubmarineSwap, g as SubmarineRefundOutcome, h as SubmarineRecoveryInfo, i as SubmarineRecoveryResult, k as ArkToBtcResponse, a as BoltzChainSwap, l as BtcToArkResponse, d as Chain, F as FeesResponse, j as ChainFeesResponse, L as LimitsResponse, G as GetSwapStatusResponse, B as BoltzSwap } from './types-CrKkVzBB.cjs';
+import { r as BoltzSwapProvider, x as SwapManager, n as SwapRepository, q as ArkadeSwapsCreateConfig, A as ArkadeSwapsConfig, o as SwapManagerClient, C as CreateLightningInvoiceRequest, e as CreateLightningInvoiceResponse, b as BoltzReverseSwap, S as SendLightningPaymentRequest, f as SendLightningPaymentResponse, c as BoltzSubmarineSwap, g as SubmarineRefundOutcome, h as SubmarineRecoveryInfo, i as SubmarineRecoveryResult, k as ArkToBtcResponse, a as BoltzChainSwap, m as ChainArkRefundOutcome, l as BtcToArkResponse, d as Chain, F as FeesResponse, j as ChainFeesResponse, L as LimitsResponse, G as GetSwapStatusResponse, B as BoltzSwap } from './types--axEWA8c.js';
 import { TransactionOutput } from '@scure/btc-signer/psbt.js';
 
 /**
@@ -267,10 +267,19 @@ declare class ArkadeSwaps {
      */
     claimBtc(pendingSwap: BoltzChainSwap): Promise<void>;
     /**
-     * When an ARK to BTC swap fails, refund sats on ARK chain by claiming the VHTLC.
+     * When an ARK to BTC swap fails, refund every unspent VTXO at the chain
+     * swap's ARK lockup address.
+     *
+     * Path selection per VTXO:
+     * - CLTV has elapsed → `refundWithoutReceiver` via `joinBatch` (no Boltz).
+     * - Pre-CLTV recoverable → skipped (Boltz can't co-sign swept-batch refund).
+     * - Pre-CLTV non-recoverable → cooperative 3-of-3 refund via Boltz.
+     *
      * @param pendingSwap - The pending chain swap to refund.
+     * @returns Counts of VTXOs swept vs. deferred. A `swept: 0` outcome means
+     *          the call was a no-op — callers should retry after CLTV.
      */
-    refundArk(pendingSwap: BoltzChainSwap): Promise<void>;
+    refundArk(pendingSwap: BoltzChainSwap): Promise<ChainArkRefundOutcome>;
     /**
      * Creates a chain swap from BTC to ARK.
      * @param args.feeSatsPerByte - Fee rate for BTC transactions (default: 1).
@@ -515,7 +524,7 @@ interface IArkadeSwaps extends AsyncDisposable {
         txid: string;
     }>;
     claimBtc(pendingSwap: BoltzChainSwap): Promise<void>;
-    refundArk(pendingSwap: BoltzChainSwap): Promise<void>;
+    refundArk(pendingSwap: BoltzChainSwap): Promise<ChainArkRefundOutcome>;
     btcToArk(args: {
         feeSatsPerByte?: number;
         senderLockAmount?: number;

package/dist/{arkade-swaps-DNsyWeFr.d.ts → arkade-swaps-CfMets16.d.cts}

@@ -1,5 +1,5 @@
 import { IWallet, ArkProvider, IndexerProvider, ArkInfo, Identity, ArkTxInput, VHTLC } from '@arkade-os/sdk';
-import { q as BoltzSwapProvider, w as SwapManager, m as SwapRepository, p as ArkadeSwapsCreateConfig, A as ArkadeSwapsConfig, n as SwapManagerClient, C as CreateLightningInvoiceRequest, e as CreateLightningInvoiceResponse, b as BoltzReverseSwap, S as SendLightningPaymentRequest, f as SendLightningPaymentResponse, c as BoltzSubmarineSwap, g as SubmarineRefundOutcome, h as SubmarineRecoveryInfo, i as SubmarineRecoveryResult, k as ArkToBtcResponse, a as BoltzChainSwap, l as BtcToArkResponse, d as Chain, F as FeesResponse, j as ChainFeesResponse, L as LimitsResponse, G as GetSwapStatusResponse, B as BoltzSwap } from './types-CrKkVzBB.js';
+import { r as BoltzSwapProvider, x as SwapManager, n as SwapRepository, q as ArkadeSwapsCreateConfig, A as ArkadeSwapsConfig, o as SwapManagerClient, C as CreateLightningInvoiceRequest, e as CreateLightningInvoiceResponse, b as BoltzReverseSwap, S as SendLightningPaymentRequest, f as SendLightningPaymentResponse, c as BoltzSubmarineSwap, g as SubmarineRefundOutcome, h as SubmarineRecoveryInfo, i as SubmarineRecoveryResult, k as ArkToBtcResponse, a as BoltzChainSwap, m as ChainArkRefundOutcome, l as BtcToArkResponse, d as Chain, F as FeesResponse, j as ChainFeesResponse, L as LimitsResponse, G as GetSwapStatusResponse, B as BoltzSwap } from './types--axEWA8c.cjs';
 import { TransactionOutput } from '@scure/btc-signer/psbt.js';
 
 /**
@@ -267,10 +267,19 @@ declare class ArkadeSwaps {
      */
     claimBtc(pendingSwap: BoltzChainSwap): Promise<void>;
     /**
-     * When an ARK to BTC swap fails, refund sats on ARK chain by claiming the VHTLC.
+     * When an ARK to BTC swap fails, refund every unspent VTXO at the chain
+     * swap's ARK lockup address.
+     *
+     * Path selection per VTXO:
+     * - CLTV has elapsed → `refundWithoutReceiver` via `joinBatch` (no Boltz).
+     * - Pre-CLTV recoverable → skipped (Boltz can't co-sign swept-batch refund).
+     * - Pre-CLTV non-recoverable → cooperative 3-of-3 refund via Boltz.
+     *
      * @param pendingSwap - The pending chain swap to refund.
+     * @returns Counts of VTXOs swept vs. deferred. A `swept: 0` outcome means
+     *          the call was a no-op — callers should retry after CLTV.
      */
-    refundArk(pendingSwap: BoltzChainSwap): Promise<void>;
+    refundArk(pendingSwap: BoltzChainSwap): Promise<ChainArkRefundOutcome>;
     /**
      * Creates a chain swap from BTC to ARK.
      * @param args.feeSatsPerByte - Fee rate for BTC transactions (default: 1).
@@ -515,7 +524,7 @@ interface IArkadeSwaps extends AsyncDisposable {
         txid: string;
     }>;
     claimBtc(pendingSwap: BoltzChainSwap): Promise<void>;
-    refundArk(pendingSwap: BoltzChainSwap): Promise<void>;
+    refundArk(pendingSwap: BoltzChainSwap): Promise<ChainArkRefundOutcome>;
     btcToArk(args: {
         feeSatsPerByte?: number;
         senderLockAmount?: number;

package/dist/{chunk-HNQDJOLM.js → chunk-5K2FS2FE.js}

@@ -7,7 +7,7 @@ import {
   isSubmarineFinalStatus,
   isSubmarineSwapRefundable,
   logger
-} from "./chunk-SJ5SYSMK.js";
+} from "./chunk-TDBUZE4N.js";
 
 // src/expo/swapsPollProcessor.ts
 var SWAP_POLL_TASK_TYPE = "swap-poll";

package/dist/{chunk-SJ5SYSMK.js → chunk-TDBUZE4N.js}

@@ -128,6 +128,8 @@ var QuoteRejectedError = class _QuoteRejectedError extends SwapError {
         return `Boltz quote ${options.quotedAmount} is below acceptable floor ${options.floor}`;
       case "non_positive":
         return `Boltz quote ${options.quotedAmount} is not positive`;
+      case "non_safe_integer":
+        return `Boltz quote ${options.quotedAmount} is not a safe positive satoshi integer`;
       case "no_baseline":
         return "Cannot accept quote: no minAcceptableAmount and no stored pending swap";
     }
@@ -181,6 +183,7 @@ var QuoteRejectedError = class _QuoteRejectedError extends SwapError {
           message
         });
       case "non_positive":
+      case "non_safe_integer":
         if (quotedAmount === null) return null;
         return new _QuoteRejectedError({
           reason,
@@ -196,6 +199,7 @@ var QUOTE_REJECTION_TRANSPORT_PREFIX = "QUOTE_REJECTED::";
 var QUOTE_REJECTION_REASONS = /* @__PURE__ */ new Set([
   "below_floor",
   "non_positive",
+  "non_safe_integer",
   "no_baseline"
 ]);
 var BoltzRefundError = class extends Error {
@@ -1041,6 +1045,13 @@ var SwapManager = class _SwapManager {
    * enough that a real "swap unknown to this provider" surfaces quickly.
    */
   static NOT_FOUND_THRESHOLD = 10;
+  /**
+   * Delay between re-attempts of a chain refund that left VTXOs deferred
+   * (e.g. pre-CLTV recoverable VTXO, or Boltz 3-of-3 rejected before CLTV
+   * has elapsed). Boltz won't send another status update once the swap
+   * is `swap.expired`, so the manager owns the local retry cadence.
+   */
+  static REFUND_RETRY_DELAY_MS = 6e4;
   swapProvider;
   config;
   // Event listeners storage (supports multiple listeners per event)
@@ -1059,6 +1070,11 @@ var SwapManager = class _SwapManager {
   reconnectTimer = null;
   initialPollTimer = null;
   pollRetryTimers = /* @__PURE__ */ new Map();
+  // Per-swap retry timers for chain refunds that left work undone
+  // (refundArk returned `skipped > 0`). The swap is held in
+  // `monitoredSwaps` past its terminal Boltz status until the local
+  // refund completes or the manager stops.
+  refundRetryTimers = /* @__PURE__ */ new Map();
   // Per-swap counter of consecutive `SwapNotFoundError` responses from
   // `getSwapStatus`. Reset on any successful poll. Once a swap reaches
   // `NOT_FOUND_THRESHOLD` consecutive 404s the safety net trips and the
@@ -1255,6 +1271,10 @@ var SwapManager = class _SwapManager {
       clearTimeout(timer);
     }
     this.pollRetryTimers.clear();
+    for (const timer of this.refundRetryTimers.values()) {
+      clearTimeout(timer);
+    }
+    this.refundRetryTimers.clear();
     this.notFoundCounts.clear();
   }
   /**
@@ -1311,6 +1331,11 @@ var SwapManager = class _SwapManager {
       clearTimeout(retryTimer);
       this.pollRetryTimers.delete(swapId);
     }
+    const refundRetryTimer = this.refundRetryTimers.get(swapId);
+    if (refundRetryTimer) {
+      clearTimeout(refundRetryTimer);
+      this.refundRetryTimers.delete(swapId);
+    }
     this.notFoundCounts.delete(swapId);
     logger.log(`Removed swap ${swapId} from monitoring`);
   }
@@ -1582,15 +1607,57 @@ var SwapManager = class _SwapManager {
       await this.executeAutonomousAction(swap);
     }
     if (this.isFinalStatus(swap)) {
-      this.monitoredSwaps.delete(swap.id);
-      this.swapSubscriptions.delete(swap.id);
-      const retryTimer = this.pollRetryTimers.get(swap.id);
-      if (retryTimer) {
-        clearTimeout(retryTimer);
-        this.pollRetryTimers.delete(swap.id);
+      if (this.refundRetryTimers.has(swap.id)) {
+        return;
       }
-      this.swapCompletedListeners.forEach((listener) => listener(swap));
+      this.finalizeMonitoredSwap(swap);
+    }
+  }
+  /**
+   * Drop a swap from monitoring and emit the terminal completion event.
+   * Shared between the on-status-update finalization path and the
+   * refund-retry finalization path (used when a previously-deferred
+   * chain refund has finished its remaining work).
+   */
+  finalizeMonitoredSwap(swap) {
+    if (!this.monitoredSwaps.has(swap.id)) return;
+    this.monitoredSwaps.delete(swap.id);
+    this.swapSubscriptions.delete(swap.id);
+    const retryTimer = this.pollRetryTimers.get(swap.id);
+    if (retryTimer) {
+      clearTimeout(retryTimer);
+      this.pollRetryTimers.delete(swap.id);
+    }
+    const refundRetry = this.refundRetryTimers.get(swap.id);
+    if (refundRetry) {
+      clearTimeout(refundRetry);
+      this.refundRetryTimers.delete(swap.id);
     }
+    this.swapCompletedListeners.forEach((listener) => listener(swap));
+  }
+  /**
+   * Schedule another `executeAutonomousAction` run for a chain swap whose
+   * refund left VTXOs deferred. After the retry completes, if no further
+   * deferral was reported, finalize monitoring cleanup.
+   */
+  scheduleRefundRetry(swap, delayMs) {
+    const existing = this.refundRetryTimers.get(swap.id);
+    if (existing) clearTimeout(existing);
+    this.refundRetryTimers.set(
+      swap.id,
+      setTimeout(async () => {
+        this.refundRetryTimers.delete(swap.id);
+        if (!this.isRunning) return;
+        if (!this.monitoredSwaps.has(swap.id)) return;
+        try {
+          await this.executeAutonomousAction(swap);
+        } finally {
+          if (!this.refundRetryTimers.has(swap.id) && this.isFinalStatus(swap)) {
+            this.finalizeMonitoredSwap(swap);
+          }
+        }
+      }, delayMs)
+    );
   }
   /**
    * Execute autonomous action based on swap status
@@ -1645,10 +1712,27 @@ var SwapManager = class _SwapManager {
         } else if (isChainRefundableStatus(swap.status)) {
           if (swap.request.from === "ARK") {
             logger.log(`Auto-refunding ARK chain swap ${swap.id}`);
-            await this.executeRefundArkAction(swap);
-            this.actionExecutedListeners.forEach(
-              (listener) => listener(swap, "refundArk")
-            );
+            try {
+              const outcome = await this.executeRefundArkAction(swap);
+              if (outcome && outcome.skipped > 0) {
+                logger.log(
+                  `Chain swap ${swap.id}: ${outcome.skipped} VTXO(s) deferred \u2014 scheduling refund retry`
+                );
+                this.scheduleRefundRetry(swap, _SwapManager.REFUND_RETRY_DELAY_MS);
+              }
+              this.actionExecutedListeners.forEach(
+                (listener) => listener(swap, "refundArk")
+              );
+            } catch (error) {
+              logger.error(
+                `Auto-refunding ARK chain swap ${swap.id} failed; scheduling retry`,
+                error
+              );
+              this.swapFailedListeners.forEach(
+                (listener) => listener(swap, error)
+              );
+              this.scheduleRefundRetry(swap, _SwapManager.REFUND_RETRY_DELAY_MS);
+            }
           }
           if (swap.request.from === "BTC") {
             logger.warn(
@@ -1729,7 +1813,7 @@ var SwapManager = class _SwapManager {
       logger.error("refundArk callback not set");
       return;
     }
-    await this.refundArkCallback(swap);
+    return this.refundArkCallback(swap);
   }
   /**
    * Execute sign server claim action for chain swap.
@@ -1829,9 +1913,7 @@ var SwapManager = class _SwapManager {
    */
   async pollAllSwaps() {
     if (this.monitoredSwaps.size === 0) return;
-    const pollPromises = Array.from(this.monitoredSwaps.values()).map(
-      (swap) => this.pollSingleSwap(swap)
-    );
+    const pollPromises = Array.from(this.monitoredSwaps.values()).filter((swap) => !this.refundRetryTimers.has(swap.id)).map((swap) => this.pollSingleSwap(swap));
     await Promise.allSettled(pollPromises);
   }
   async pollSingleSwap(swap) {
@@ -1884,6 +1966,7 @@ var SwapManager = class _SwapManager {
    * Boltz endpoint).
    */
   async handleSwapNotFound(swap) {
+    if (this.refundRetryTimers.has(swap.id)) return;
     const count = (this.notFoundCounts.get(swap.id) ?? 0) + 1;
     this.notFoundCounts.set(swap.id, count);
     logger.warn(
@@ -1904,6 +1987,7 @@ var SwapManager = class _SwapManager {
    * 404s without recovering anything.
    */
   async markSwapAsUnknownToProvider(swap) {
+    if (this.refundRetryTimers.has(swap.id)) return;
     if (!this.monitoredSwaps.has(swap.id)) {
       this.notFoundCounts.delete(swap.id);
       return;
@@ -1916,6 +2000,11 @@ var SwapManager = class _SwapManager {
       clearTimeout(retryTimer);
       this.pollRetryTimers.delete(swap.id);
     }
+    const refundRetryTimer = this.refundRetryTimers.get(swap.id);
+    if (refundRetryTimer) {
+      clearTimeout(refundRetryTimer);
+      this.refundRetryTimers.delete(swap.id);
+    }
     this.notFoundCounts.delete(swap.id);
     this.swapUpdateListeners.forEach((listener) => listener(swap, oldStatus));
     const subscribers = this.swapSubscriptions.get(swap.id);
@@ -3065,7 +3154,7 @@ var ArkadeSwaps = class _ArkadeSwaps {
           await this.claimBtc(swap);
         },
         refundArk: async (swap) => {
-          await this.refundArk(swap);
+          return this.refundArk(swap);
         },
         signServerClaim: async (swap) => {
           await this.signCooperativeClaimForServer(swap);
@@ -3278,51 +3367,67 @@ var ArkadeSwaps = class _ArkadeSwaps {
       throw new Error(
         `Swap ${pendingSwap.id}: VHTLC address mismatch. Expected ${lockupAddress}, got ${vhtlcAddress}`
       );
-    let vtxo;
+    let unspentVtxos = [];
+    let rawVtxos = [];
     for (let attempt = 1; attempt <= CLAIM_VTXO_RETRY_ATTEMPTS; attempt++) {
-      const { vtxos } = await this.indexerProvider.getVtxos({
+      const result = await this.indexerProvider.getVtxos({
         scripts: [hex8.encode(vhtlcScript.pkScript)]
       });
-      if (vtxos.length > 0) {
-        vtxo = vtxos[0];
+      rawVtxos = result.vtxos;
+      unspentVtxos = result.vtxos.filter((vtxo) => !vtxo.isSpent);
+      if (unspentVtxos.length > 0) {
         break;
       }
       if (attempt < CLAIM_VTXO_RETRY_ATTEMPTS) {
         await new Promise((resolve) => setTimeout(resolve, CLAIM_VTXO_RETRY_DELAY_MS));
       }
     }
-    if (!vtxo) {
-      throw new Error(`Swap ${pendingSwap.id}: no spendable virtual coins found`);
-    }
-    if (vtxo.isSpent) {
+    if (unspentVtxos.length === 0) {
+      if (rawVtxos.length === 0) {
+        throw new Error(`Swap ${pendingSwap.id}: no spendable virtual coins found`);
+      }
       throw new Error(`Swap ${pendingSwap.id}: VHTLC is already spent`);
     }
-    const input = {
-      ...vtxo,
-      tapLeafScript: vhtlcScript.claim(),
-      tapTree: vhtlcScript.encode()
-    };
-    const output = {
-      amount: BigInt(vtxo.value),
-      script: ArkAddress2.decode(address).pkScript
-    };
     const vhtlcIdentity = claimVHTLCIdentity(this.wallet.identity, preimage);
-    let finalStatus;
-    if (isRecoverable(vtxo)) {
-      await this.joinBatch(vhtlcIdentity, input, output, arkInfo);
-      finalStatus = "transaction.claimed";
-    } else {
-      await claimVHTLCwithOffchainTx(
-        vhtlcIdentity,
-        vhtlcScript,
-        serverXOnly,
-        input,
-        output,
-        arkInfo,
-        this.arkProvider
+    const outputScript = ArkAddress2.decode(address).pkScript;
+    const claimErrors = [];
+    let usedOffchainClaim = false;
+    for (const vtxo of unspentVtxos) {
+      const input = {
+        ...vtxo,
+        tapLeafScript: vhtlcScript.claim(),
+        tapTree: vhtlcScript.encode()
+      };
+      const output = {
+        amount: BigInt(vtxo.value),
+        script: outputScript
+      };
+      try {
+        if (isRecoverable(vtxo)) {
+          await this.joinBatch(vhtlcIdentity, input, output, arkInfo);
+        } else {
+          await claimVHTLCwithOffchainTx(
+            vhtlcIdentity,
+            vhtlcScript,
+            serverXOnly,
+            input,
+            output,
+            arkInfo,
+            this.arkProvider
+          );
+          usedOffchainClaim = true;
+        }
+      } catch (error) {
+        claimErrors.push({ vtxo, error });
+      }
+    }
+    if (claimErrors.length > 0) {
+      const details = claimErrors.map(({ vtxo, error }) => `${vtxo.txid}:${vtxo.vout} (${error.message})`).join("; ");
+      throw new Error(
+        `Swap ${pendingSwap.id}: failed to claim ${claimErrors.length}/${unspentVtxos.length} VTXOs: ${details}`
       );
-      finalStatus = (await this.getSwapStatus(pendingSwap.id)).status;
     }
+    const finalStatus = usedOffchainClaim ? (await this.getSwapStatus(pendingSwap.id)).status : "transaction.claimed";
     await updateReverseSwapStatus(
       pendingSwap,
       finalStatus,
@@ -3697,6 +3802,7 @@ var ArkadeSwaps = class _ArkadeSwaps {
         if (boltzCallCount > 0) {
           await new Promise((r) => setTimeout(r, 2e3));
         }
+        boltzCallCount++;
         await refundVHTLCwithOffchainTx(
           pendingSwap.id,
           this.wallet.identity,
@@ -3709,7 +3815,6 @@ var ArkadeSwaps = class _ArkadeSwaps {
           arkInfo,
           this.swapProvider.refundSubmarineSwap.bind(this.swapProvider)
         );
-        boltzCallCount++;
         sweptCount++;
       } catch (error) {
         if (!(error instanceof BoltzRefundError)) {
@@ -4207,8 +4312,17 @@ var ArkadeSwaps = class _ArkadeSwaps {
     await this.swapProvider.postBtcTransaction(claimTx.hex);
   }
   /**
-   * When an ARK to BTC swap fails, refund sats on ARK chain by claiming the VHTLC.
+   * When an ARK to BTC swap fails, refund every unspent VTXO at the chain
+   * swap's ARK lockup address.
+   *
+   * Path selection per VTXO:
+   * - CLTV has elapsed → `refundWithoutReceiver` via `joinBatch` (no Boltz).
+   * - Pre-CLTV recoverable → skipped (Boltz can't co-sign swept-batch refund).
+   * - Pre-CLTV non-recoverable → cooperative 3-of-3 refund via Boltz.
+   *
    * @param pendingSwap - The pending chain swap to refund.
+   * @returns Counts of VTXOs swept vs. deferred. A `swept: 0` outcome means
+   *          the call was a no-op — callers should retry after CLTV.
    */
   async refundArk(pendingSwap) {
     if (!pendingSwap.response.lockupDetails.serverPublicKey)
@@ -4232,21 +4346,6 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "boltz",
       pendingSwap.id
     );
-    const vhtlcPkScript = ArkAddress2.decode(
-      pendingSwap.response.lockupDetails.lockupAddress
-    ).pkScript;
-    const { vtxos } = await this.indexerProvider.getVtxos({
-      scripts: [hex8.encode(vhtlcPkScript)]
-    });
-    if (vtxos.length === 0) {
-      throw new Error(
-        `Swap ${pendingSwap.id}: VHTLC not found for address ${pendingSwap.response.lockupDetails.lockupAddress}`
-      );
-    }
-    const vtxo = vtxos[0];
-    if (vtxo.isSpent) {
-      throw new Error(`Swap ${pendingSwap.id}: VHTLC is already spent`);
-    }
     const { vhtlcAddress, vhtlcScript } = this.createVHTLCScript({
       network: arkInfo.network,
       preimageHash: hex8.decode(pendingSwap.request.preimageHash),
@@ -4262,37 +4361,105 @@ var ArkadeSwaps = class _ArkadeSwaps {
         message: "Unable to claim: invalid VHTLC address"
       });
     }
-    const isRecoverableVtxo = isRecoverable(vtxo);
-    const input = {
-      ...vtxo,
-      tapLeafScript: isRecoverableVtxo ? vhtlcScript.refundWithoutReceiver() : vhtlcScript.refund(),
-      tapTree: vhtlcScript.encode()
-    };
-    const output = {
-      amount: BigInt(vtxo.value),
-      script: ArkAddress2.decode(address).pkScript
-    };
-    if (isRecoverableVtxo) {
-      await this.joinBatch(this.wallet.identity, input, output, arkInfo);
-    } else {
-      await refundVHTLCwithOffchainTx(
-        pendingSwap.id,
-        this.wallet.identity,
-        this.arkProvider,
-        boltzXOnlyPublicKey,
-        ourXOnlyPublicKey,
-        serverXOnlyPublicKey,
-        input,
-        output,
-        arkInfo,
-        this.swapProvider.refundChainSwap.bind(this.swapProvider)
+    const { vtxos } = await this.indexerProvider.getVtxos({
+      scripts: [hex8.encode(vhtlcScript.pkScript)]
+    });
+    if (vtxos.length === 0) {
+      throw new Error(
+        `Swap ${pendingSwap.id}: VHTLC not found for address ${pendingSwap.response.lockupDetails.lockupAddress}`
       );
     }
+    const unspentVtxos = vtxos.filter((vtxo) => !vtxo.isSpent);
+    if (unspentVtxos.length === 0) {
+      throw new Error(`Swap ${pendingSwap.id}: VHTLC is already spent`);
+    }
+    const outputScript = ArkAddress2.decode(address).pkScript;
+    const refundWithoutReceiverLeaf = vhtlcScript.refundWithoutReceiver();
+    const refundLocktime = pendingSwap.response.lockupDetails.timeouts.refund;
+    let boltzCallCount = 0;
+    let sweptCount = 0;
+    let skippedCount = 0;
+    for (const vtxo of unspentVtxos) {
+      const isRecoverableVtxo = isRecoverable(vtxo);
+      const output = {
+        amount: BigInt(vtxo.value),
+        script: outputScript
+      };
+      if (isSubmarineRefundLocktimeReached(refundLocktime)) {
+        const input2 = {
+          ...vtxo,
+          tapLeafScript: refundWithoutReceiverLeaf,
+          tapTree: vhtlcScript.encode()
+        };
+        await this.joinBatch(
+          this.wallet.identity,
+          input2,
+          output,
+          arkInfo,
+          isRecoverableVtxo
+        );
+        sweptCount++;
+        continue;
+      }
+      if (isRecoverableVtxo) {
+        logger.error(
+          `Swap ${pendingSwap.id}: recoverable VTXO ${vtxo.txid}:${vtxo.vout} cannot be refunded yet \u2014 refundWithoutReceiver locktime has not passed (refundLocktime=${refundLocktime}, currentTimestamp=${Math.floor(Date.now() / 1e3)}). Refund will be retried after locktime.`
+        );
+        skippedCount++;
+        continue;
+      }
+      const input = {
+        ...vtxo,
+        tapLeafScript: vhtlcScript.refund(),
+        tapTree: vhtlcScript.encode()
+      };
+      try {
+        if (boltzCallCount > 0) {
+          await new Promise((r) => setTimeout(r, 2e3));
+        }
+        boltzCallCount++;
+        await refundVHTLCwithOffchainTx(
+          pendingSwap.id,
+          this.wallet.identity,
+          this.arkProvider,
+          boltzXOnlyPublicKey,
+          ourXOnlyPublicKey,
+          serverXOnlyPublicKey,
+          input,
+          output,
+          arkInfo,
+          this.swapProvider.refundChainSwap.bind(this.swapProvider)
+        );
+        sweptCount++;
+      } catch (error) {
+        if (!(error instanceof BoltzRefundError)) {
+          throw error;
+        }
+        if (!isSubmarineRefundLocktimeReached(refundLocktime)) {
+          logger.error(
+            `Swap ${pendingSwap.id}: Boltz rejected VTXO outpoint and refundWithoutReceiver locktime has not passed yet (currentTimestamp=${Math.floor(Date.now() / 1e3)}, locktime=${refundLocktime}). Refund will be retried after locktime.`
+          );
+          skippedCount++;
+          continue;
+        }
+        logger.warn(
+          `Swap ${pendingSwap.id}: Boltz rejected VTXO outpoint, falling back to refundWithoutReceiver via joinBatch`
+        );
+        const fallbackInput = {
+          ...vtxo,
+          tapLeafScript: refundWithoutReceiverLeaf,
+          tapTree: vhtlcScript.encode()
+        };
+        await this.joinBatch(this.wallet.identity, fallbackInput, output, arkInfo, false);
+        sweptCount++;
+      }
+    }
     const finalStatus = await this.getSwapStatus(pendingSwap.id);
     await this.savePendingChainSwap({
       ...pendingSwap,
       status: finalStatus.status
     });
+    return { swept: sweptCount, skipped: skippedCount };
   }
   // =========================================================================
   // Chain swaps: BTC -> ARK
@@ -4713,7 +4880,13 @@ var ArkadeSwaps = class _ArkadeSwaps {
     this.validateQuoteOptions(options);
     const floor = await this.resolveQuoteFloor(swapId, options);
     const slippageBps = options?.maxSlippageBps ?? 0;
-    return Math.floor(floor - floor * slippageBps / 1e4);
+    const effectiveFloor = Math.floor(floor - floor * slippageBps / 1e4);
+    if (effectiveFloor < 1) {
+      throw new TypeError(
+        `Invalid quote configuration: maxSlippageBps=${slippageBps} reduces floor ${floor} below 1 sat`
+      );
+    }
+    return effectiveFloor;
   }
   async resolveQuoteFloor(swapId, options) {
     if (options?.minAcceptableAmount !== void 0) {
@@ -4749,7 +4922,13 @@ var ArkadeSwaps = class _ArkadeSwaps {
     }
   }
   validateQuote(amount, effectiveFloor) {
-    if (!(amount > 0)) {
+    if (!Number.isSafeInteger(amount)) {
+      throw new QuoteRejectedError({
+        reason: "non_safe_integer",
+        quotedAmount: amount
+      });
+    }
+    if (amount <= 0) {
       throw new QuoteRejectedError({
         reason: "non_positive",
         quotedAmount: amount