@cogcoin/client 0.5.11 → 0.5.13

package/dist/wallet/read/context.js

@@ -7,6 +7,7 @@ import { attachOrStartManagedBitcoindService, probeManagedBitcoindService, } fro
 import { resolveCogcoinProcessingStartHeight } from "../../bitcoind/processing-start-height.js";
 import {} from "../../bitcoind/types.js";
 import { loadOrAutoUnlockWalletState, verifyManagedCoreWalletReplica, } from "../lifecycle.js";
+import { normalizeWalletStateRecord, persistWalletCoinControlStateIfNeeded } from "../coin-control.js";
 import { persistNormalizedWalletDescriptorStateIfNeeded } from "../descriptor-normalization.js";
 import { inspectMiningControlPlane } from "../mining/index.js";
 import { normalizeMiningStateRecord } from "../mining/state.js";
@@ -76,9 +77,17 @@ async function normalizeLoadedWalletStateForRead(options) {
             replacePrimary: options.loaded.source === "backup",
             rpc: createRpcClient(node.rpc),
         });
-        return {
-            source: normalized.changed ? "primary" : options.loaded.source,
+        const coinControl = await persistWalletCoinControlStateIfNeeded({
             state: normalized.state,
+            access,
+            paths: options.paths,
+            nowUnixMs: options.now,
+            replacePrimary: (normalized.changed ? "primary" : options.loaded.source) === "backup",
+            rpc: createRpcClient(node.rpc),
+        });
+        return {
+            source: coinControl.changed ? "primary" : normalized.changed ? "primary" : options.loaded.source,
+            state: coinControl.state,
         };
     }
     finally {
@@ -186,10 +195,10 @@ async function inspectWalletLocalState(options = {}) {
             return {
                 availability: "ready",
                 walletRootId: unlocked.state.walletRootId,
-                state: {
+                state: normalizeWalletStateRecord({
                     ...unlocked.state,
                     miningState: normalizeMiningStateRecord(unlocked.state.miningState),
-                },
+                }),
                 source: unlocked.source,
                 unlockUntilUnixMs: unlocked.session.unlockUntilUnixMs,
                 hasPrimaryStateFile,
@@ -226,10 +235,10 @@ async function inspectWalletLocalState(options = {}) {
         return {
             availability: "ready",
             walletRootId: loaded.state.walletRootId,
-            state: {
+            state: normalizeWalletStateRecord({
                 ...loaded.state,
                 miningState: normalizeMiningStateRecord(loaded.state.miningState),
-            },
+            }),
             source: loaded.source,
             unlockUntilUnixMs: null,
             hasPrimaryStateFile,

package/dist/wallet/reset.js

@@ -187,6 +187,8 @@ function createEntropyRetainedWalletState(previousState, nowUnixMs) {
         walletRootId,
         network: previousState.network,
         anchorValueSats: previousState.anchorValueSats,
+        proactiveReserveSats: previousState.proactiveReserveSats,
+        proactiveReserveOutpoints: previousState.proactiveReserveOutpoints,
         nextDedicatedIndex: previousState.nextDedicatedIndex,
         fundingIndex: previousState.fundingIndex,
         mnemonic: {

package/dist/wallet/state/storage.js

@@ -1,5 +1,6 @@
 import { readFile } from "node:fs/promises";
 import { writeJsonFileAtomic } from "../fs/atomic.js";
+import { normalizeWalletStateRecord } from "../coin-control.js";
 import { decryptJsonWithPassphrase, decryptJsonWithSecretProvider, encryptJsonWithPassphrase, encryptJsonWithSecretProvider, } from "./crypto.js";
 async function readEnvelope(path) {
     const raw = await readFile(path, "utf8");
@@ -73,18 +74,18 @@ export async function loadWalletState(paths, access) {
     try {
         return {
             source: "primary",
-            state: typeof access === "string" || access instanceof Uint8Array
+            state: normalizeWalletStateRecord(typeof access === "string" || access instanceof Uint8Array
                 ? await decryptJsonWithPassphrase(await readEnvelope(paths.primaryPath), access)
-                : await decryptJsonWithSecretProvider(await readEnvelope(paths.primaryPath), access.provider),
+                : await decryptJsonWithSecretProvider(await readEnvelope(paths.primaryPath), access.provider)),
         };
     }
     catch (primaryError) {
         try {
             return {
                 source: "backup",
-                state: typeof access === "string" || access instanceof Uint8Array
+                state: normalizeWalletStateRecord(typeof access === "string" || access instanceof Uint8Array
                     ? await decryptJsonWithPassphrase(await readEnvelope(paths.backupPath), access)
-                    : await decryptJsonWithSecretProvider(await readEnvelope(paths.backupPath), access.provider),
+                    : await decryptJsonWithSecretProvider(await readEnvelope(paths.backupPath), access.provider)),
             };
         }
         catch {

package/dist/wallet/tx/anchor.js

@@ -5,11 +5,12 @@ import { attachOrStartManagedBitcoindService } from "../../bitcoind/service.js";
 import { createRpcClient } from "../../bitcoind/node.js";
 import { acquireFileLock } from "../fs/lock.js";
 import { deriveWalletIdentityMaterial, } from "../material.js";
+import { computeDesignatedProactiveReserveOutpoints } from "../coin-control.js";
 import { resolveWalletRuntimePathsForTesting } from "../runtime.js";
 import { createDefaultWalletSecretProvider, } from "../state/provider.js";
 import { serializeDomainAnchor, serializeDomainTransfer, validateDomainName, } from "../cogop/index.js";
 import { openWalletReadContext } from "../read/index.js";
-import { assertWalletMutationContextReady, buildWalletMutationTransaction, isAlreadyAcceptedError, isBroadcastUnknownError, pauseMiningForWalletMutation, saveWalletStatePreservingUnlock, unlockTemporaryBuilderLocks, } from "./common.js";
+import { assertFixedInputPrefixMatches, assertFundingInputsAfterFixedPrefix, assertWalletMutationContextReady, buildWalletMutationTransactionWithReserveFallback, getDecodedInputScriptPubKeyHex, isAlreadyAcceptedError, isBroadcastUnknownError, outpointKey, pauseMiningForWalletMutation, saveWalletStatePreservingUnlock, unlockTemporaryBuilderLocks, inputMatchesOutpoint, } from "./common.js";
 import { confirmYesNo } from "./confirm.js";
 const ACTIVE_FAMILY_STATUSES = new Set([
     "draft",
@@ -463,9 +464,7 @@ function buildTx1Plan(options) {
         return {
             sender: options.operation.sourceSender,
             changeAddress: options.state.funding.address,
-            inputs: fundingUtxos.map((entry, index) => index === 0
-                ? { txid: senderInput.txid, vout: senderInput.vout }
-                : { txid: entry.txid, vout: entry.vout }),
+            fixedInputs: [{ txid: senderInput.txid, vout: senderInput.vout }],
             outputs,
             changePosition: 2,
             expectedOpReturnScriptHex: encodeOpReturnScript(serializeDomainTransfer(options.operation.chainDomain.domainId, Buffer.from(options.operation.targetIdentity.scriptPubKeyHex, "hex")).opReturnData),
@@ -474,6 +473,9 @@ function buildTx1Plan(options) {
             expectedReplacementAnchorScriptHex: null,
             expectedReplacementAnchorValueSats: null,
             allowedFundingScriptPubKeyHex: options.state.funding.scriptPubKeyHex,
+            eligibleFundingOutpointKeys: new Set(fundingUtxos
+                .filter((entry) => !(entry.txid === senderInput.txid && entry.vout === senderInput.vout))
+                .map((entry) => outpointKey({ txid: entry.txid, vout: entry.vout }))),
             requiredSenderOutpoint: null,
             requiredProvisionalOutpoint: null,
             errorPrefix: "wallet_anchor_tx1",
@@ -492,10 +494,7 @@ function buildTx1Plan(options) {
     return {
         sender: options.operation.sourceSender,
         changeAddress: options.state.funding.address,
-        inputs: [
-            { txid: sourceAnchor.txid, vout: sourceAnchor.vout },
-            ...fundingUtxos.map((entry) => ({ txid: entry.txid, vout: entry.vout })),
-        ],
+        fixedInputs: [{ txid: sourceAnchor.txid, vout: sourceAnchor.vout }],
         outputs,
         changePosition: 3,
         expectedOpReturnScriptHex: encodeOpReturnScript(serializeDomainTransfer(options.operation.chainDomain.domainId, Buffer.from(options.operation.targetIdentity.scriptPubKeyHex, "hex")).opReturnData),
@@ -504,6 +503,7 @@ function buildTx1Plan(options) {
         expectedReplacementAnchorScriptHex: options.operation.sourceSender.scriptPubKeyHex,
         expectedReplacementAnchorValueSats: BigInt(options.state.anchorValueSats),
         allowedFundingScriptPubKeyHex: options.state.funding.scriptPubKeyHex,
+        eligibleFundingOutpointKeys: new Set(fundingUtxos.map((entry) => outpointKey({ txid: entry.txid, vout: entry.vout }))),
         requiredSenderOutpoint: options.operation.sourceAnchorOutpoint,
         requiredProvisionalOutpoint: null,
         errorPrefix: "wallet_anchor_tx1",
@@ -535,10 +535,7 @@ function buildTx2Plan(options) {
             address: options.operation.targetIdentity.address,
         },
         changeAddress: options.state.funding.address,
-        inputs: [
-            { txid: provisional.txid, vout: provisional.vout },
-            ...fundingUtxos.map((entry) => ({ txid: entry.txid, vout: entry.vout })),
-        ],
+        fixedInputs: [{ txid: provisional.txid, vout: provisional.vout }],
         outputs: [
             { data: Buffer.from(opReturnData).toString("hex") },
             { [options.operation.targetIdentity.address]: satsToBtcNumber(BigInt(options.state.anchorValueSats)) },
@@ -550,6 +547,7 @@ function buildTx2Plan(options) {
         expectedReplacementAnchorScriptHex: null,
         expectedReplacementAnchorValueSats: null,
         allowedFundingScriptPubKeyHex: options.state.funding.scriptPubKeyHex,
+        eligibleFundingOutpointKeys: new Set(fundingUtxos.map((entry) => outpointKey({ txid: entry.txid, vout: entry.vout }))),
         requiredSenderOutpoint: null,
         requiredProvisionalOutpoint: {
             txid: provisional.txid,
@@ -558,30 +556,13 @@ function buildTx2Plan(options) {
         errorPrefix: "wallet_anchor_tx2",
     };
 }
-function getDecodedInputScriptPubKeyHex(input) {
-    return input.prevout?.scriptPubKey?.hex ?? null;
-}
-function getDecodedInputVout(input) {
-    const vout = input.vout;
-    return typeof vout === "number" ? vout : null;
-}
-function inputMatchesOutpoint(input, outpoint) {
-    return input.txid === outpoint.txid && getDecodedInputVout(input) === outpoint.vout;
-}
-function assertNoUnexpectedAnchorInputs(inputs, allowedScripts, unexpectedInputErrorCode) {
-    for (const input of inputs) {
-        const scriptPubKeyHex = getDecodedInputScriptPubKeyHex(input);
-        if (scriptPubKeyHex === null || !allowedScripts.has(scriptPubKeyHex)) {
-            throw new Error(unexpectedInputErrorCode);
-        }
-    }
-}
 function validateTx1Draft(decoded, funded, plan) {
     const inputs = decoded.tx.vin;
     const outputs = decoded.tx.vout;
     if (inputs.length === 0) {
         throw new Error(`${plan.errorPrefix}_sender_input_mismatch`);
     }
+    assertFixedInputPrefixMatches(inputs, plan.fixedInputs, `${plan.errorPrefix}_sender_input_mismatch`);
     const firstInputScriptPubKeyHex = getDecodedInputScriptPubKeyHex(inputs[0]);
     if (firstInputScriptPubKeyHex !== plan.sender.scriptPubKeyHex) {
         throw new Error(`${plan.errorPrefix}_sender_input_mismatch`);
@@ -590,14 +571,14 @@ function validateTx1Draft(decoded, funded, plan) {
         if (!inputMatchesOutpoint(inputs[0], plan.requiredSenderOutpoint)) {
             throw new Error(`${plan.errorPrefix}_sender_input_mismatch`);
         }
-        if (inputs.length < 2 || getDecodedInputScriptPubKeyHex(inputs[1]) !== plan.allowedFundingScriptPubKeyHex) {
-            throw new Error(`${plan.errorPrefix}_unexpected_funding_input`);
-        }
-        assertNoUnexpectedAnchorInputs(inputs.slice(2), new Set([plan.allowedFundingScriptPubKeyHex]), `${plan.errorPrefix}_unexpected_funding_input`);
-    }
-    else {
-        assertNoUnexpectedAnchorInputs(inputs, new Set([plan.allowedFundingScriptPubKeyHex]), `${plan.errorPrefix}_unexpected_funding_input`);
     }
+    assertFundingInputsAfterFixedPrefix({
+        inputs,
+        fixedInputs: plan.fixedInputs,
+        allowedFundingScriptPubKeyHex: plan.allowedFundingScriptPubKeyHex,
+        eligibleFundingOutpointKeys: plan.eligibleFundingOutpointKeys,
+        errorCode: `${plan.errorPrefix}_unexpected_funding_input`,
+    });
     if (outputs[0]?.scriptPubKey?.hex !== plan.expectedOpReturnScriptHex) {
         throw new Error(`${plan.errorPrefix}_opreturn_mismatch`);
     }
@@ -635,15 +616,19 @@ function validateTx2Draft(decoded, funded, plan) {
     if (inputs.length === 0 || plan.requiredProvisionalOutpoint === null) {
         throw new Error(`${plan.errorPrefix}_provisional_input_mismatch`);
     }
+    assertFixedInputPrefixMatches(inputs, plan.fixedInputs, `${plan.errorPrefix}_provisional_input_mismatch`);
     const firstInputScriptPubKeyHex = getDecodedInputScriptPubKeyHex(inputs[0]);
     if (firstInputScriptPubKeyHex !== plan.sender.scriptPubKeyHex
         || !inputMatchesOutpoint(inputs[0], plan.requiredProvisionalOutpoint)) {
         throw new Error(`${plan.errorPrefix}_provisional_input_mismatch`);
     }
-    if (inputs.length < 2 || getDecodedInputScriptPubKeyHex(inputs[1]) !== plan.allowedFundingScriptPubKeyHex) {
-        throw new Error(`${plan.errorPrefix}_unexpected_funding_input`);
-    }
-    assertNoUnexpectedAnchorInputs(inputs.slice(2), new Set([plan.allowedFundingScriptPubKeyHex]), `${plan.errorPrefix}_unexpected_funding_input`);
+    assertFundingInputsAfterFixedPrefix({
+        inputs,
+        fixedInputs: plan.fixedInputs,
+        allowedFundingScriptPubKeyHex: plan.allowedFundingScriptPubKeyHex,
+        eligibleFundingOutpointKeys: plan.eligibleFundingOutpointKeys,
+        errorCode: `${plan.errorPrefix}_unexpected_funding_input`,
+    });
     if (outputs[0]?.scriptPubKey?.hex !== plan.expectedOpReturnScriptHex) {
         throw new Error(`${plan.errorPrefix}_opreturn_mismatch`);
     }
@@ -668,31 +653,29 @@ function validateTx2Draft(decoded, funded, plan) {
     }
 }
 async function buildTx1(options) {
-    return buildWalletMutationTransaction({
+    const reserveCandidates = computeDesignatedProactiveReserveOutpoints(options.state, await options.rpc.listUnspent(options.walletName, 1));
+    return buildWalletMutationTransactionWithReserveFallback({
         rpc: options.rpc,
         walletName: options.walletName,
+        state: options.state,
         plan: options.plan,
         validateFundedDraft: validateTx1Draft,
         finalizeErrorCode: "wallet_anchor_tx1_finalize_failed",
         mempoolRejectPrefix: "wallet_anchor_tx1_mempool_rejected",
-        builderOptions: {
-            addInputs: false,
-        },
+        reserveCandidates,
     });
 }
 async function buildTx2(options) {
-    return buildWalletMutationTransaction({
+    const reserveCandidates = computeDesignatedProactiveReserveOutpoints(options.state, await options.rpc.listUnspent(options.walletName, 1));
+    return buildWalletMutationTransactionWithReserveFallback({
         rpc: options.rpc,
         walletName: options.walletName,
+        state: options.state,
         plan: options.plan,
         validateFundedDraft: validateTx2Draft,
         finalizeErrorCode: "wallet_anchor_tx2_finalize_failed",
         mempoolRejectPrefix: "wallet_anchor_tx2_mempool_rejected",
-        builderOptions: {
-            addInputs: false,
-            includeUnsafe: true,
-            minConf: 0,
-        },
+        reserveCandidates,
     });
 }
 async function relockAnchorOutpoint(rpc, walletName, outpoint) {
@@ -998,6 +981,7 @@ async function submitTx2(options) {
     const builtTx2 = await buildTx2({
         rpc: options.rpc,
         walletName: options.walletName,
+        state: nextState,
         plan: tx2Plan,
     });
     const broadcastingTx2 = createBroadcastingTxRecord(builtTx2);
@@ -1232,6 +1216,7 @@ export async function anchorDomain(options) {
                 const builtTx1 = await buildTx1({
                     rpc,
                     walletName,
+                    state: nextState,
                     plan: tx1Plan,
                 });
                 const broadcastingTx1 = createBroadcastingTxRecord(builtTx1);

package/dist/wallet/tx/cog.js

@@ -7,7 +7,7 @@ import { resolveWalletRuntimePathsForTesting } from "../runtime.js";
 import { createDefaultWalletSecretProvider, } from "../state/provider.js";
 import { serializeCogClaim, serializeCogLock, serializeCogTransfer, } from "../cogop/index.js";
 import { openWalletReadContext } from "../read/index.js";
-import { assertWalletMutationContextReady, buildWalletMutationTransaction, formatCogAmount, isAlreadyAcceptedError, isBroadcastUnknownError, pauseMiningForWalletMutation, saveWalletStatePreservingUnlock, unlockTemporaryBuilderLocks, updateMutationRecord, } from "./common.js";
+import { assertFixedInputPrefixMatches, assertFundingInputsAfterFixedPrefix, assertWalletMutationContextReady, buildWalletMutationTransaction, formatCogAmount, isAlreadyAcceptedError, isBroadcastUnknownError, outpointKey, pauseMiningForWalletMutation, saveWalletStatePreservingUnlock, unlockTemporaryBuilderLocks, updateMutationRecord, } from "./common.js";
 import { confirmTypedAcknowledgement, confirmYesNo } from "./confirm.js";
 import { getCanonicalIdentitySelector, resolveIdentityBySelector, } from "./identity-selector.js";
 import { findPendingMutationByIntent, upsertPendingMutation } from "./journal.js";
@@ -258,11 +258,8 @@ function buildPlanForCogOperation(options) {
         return {
             sender: options.sender,
             changeAddress: options.state.funding.address,
-            inputs: [
+            fixedInputs: [
                 { txid: senderUtxo.txid, vout: senderUtxo.vout },
-                ...fundingUtxos
-                    .filter((entry) => !(entry.txid === senderUtxo.txid && entry.vout === senderUtxo.vout))
-                    .map((entry) => ({ txid: entry.txid, vout: entry.vout })),
             ],
             outputs,
             changePosition: 1,
@@ -270,6 +267,9 @@ function buildPlanForCogOperation(options) {
             expectedAnchorScriptHex: null,
             expectedAnchorValueSats: null,
             allowedFundingScriptPubKeyHex: options.state.funding.scriptPubKeyHex,
+            eligibleFundingOutpointKeys: new Set(fundingUtxos
+                .filter((entry) => !(entry.txid === senderUtxo.txid && entry.vout === senderUtxo.vout))
+                .map((entry) => outpointKey({ txid: entry.txid, vout: entry.vout }))),
             errorPrefix: options.errorPrefix,
         };
     }
@@ -288,9 +288,8 @@ function buildPlanForCogOperation(options) {
     return {
         sender: options.sender,
         changeAddress: options.state.funding.address,
-        inputs: [
+        fixedInputs: [
             { txid: anchorUtxo.txid, vout: anchorUtxo.vout },
-            ...fundingUtxos.map((entry) => ({ txid: entry.txid, vout: entry.vout })),
         ],
         outputs,
         changePosition: 2,
@@ -298,6 +297,7 @@ function buildPlanForCogOperation(options) {
         expectedAnchorScriptHex: options.sender.scriptPubKeyHex,
         expectedAnchorValueSats: options.anchorValueSats,
         allowedFundingScriptPubKeyHex: options.state.funding.scriptPubKeyHex,
+        eligibleFundingOutpointKeys: new Set(fundingUtxos.map((entry) => outpointKey({ txid: entry.txid, vout: entry.vout }))),
         errorPrefix: options.errorPrefix,
     };
 }
@@ -307,14 +307,17 @@ function validateFundedDraft(decoded, funded, plan) {
     if (inputs.length === 0) {
         throw new Error(`${plan.errorPrefix}_missing_sender_input`);
     }
+    assertFixedInputPrefixMatches(inputs, plan.fixedInputs, `${plan.errorPrefix}_sender_input_mismatch`);
     if (inputs[0]?.prevout?.scriptPubKey?.hex !== plan.sender.scriptPubKeyHex) {
         throw new Error(`${plan.errorPrefix}_sender_input_mismatch`);
     }
-    for (let index = 1; index < inputs.length; index += 1) {
-        if (inputs[index]?.prevout?.scriptPubKey?.hex !== plan.allowedFundingScriptPubKeyHex) {
-            throw new Error(`${plan.errorPrefix}_unexpected_funding_input`);
-        }
-    }
+    assertFundingInputsAfterFixedPrefix({
+        inputs,
+        fixedInputs: plan.fixedInputs,
+        allowedFundingScriptPubKeyHex: plan.allowedFundingScriptPubKeyHex,
+        eligibleFundingOutpointKeys: plan.eligibleFundingOutpointKeys,
+        errorCode: `${plan.errorPrefix}_unexpected_funding_input`,
+    });
     if (outputs[0]?.scriptPubKey?.hex !== plan.expectedOpReturnScriptHex) {
         throw new Error(`${plan.errorPrefix}_opreturn_mismatch`);
     }
@@ -344,6 +347,7 @@ async function buildTransaction(options) {
     return buildWalletMutationTransaction({
         rpc: options.rpc,
         walletName: options.walletName,
+        state: options.state,
         plan: options.plan,
         validateFundedDraft,
         finalizeErrorCode: `${options.plan.errorPrefix}_finalize_failed`,
@@ -699,6 +703,7 @@ export async function sendCog(options) {
             const built = await buildTransaction({
                 rpc,
                 walletName,
+                state: nextState,
                 plan: buildPlanForCogOperation({
                     state: nextState,
                     allUtxos: await rpc.listUnspent(walletName, 1),
@@ -860,6 +865,7 @@ export async function lockCogToDomain(options) {
             const built = await buildTransaction({
                 rpc,
                 walletName,
+                state: nextState,
                 plan: buildPlanForCogOperation({
                     state: nextState,
                     allUtxos: await rpc.listUnspent(walletName, 1),
@@ -1004,6 +1010,7 @@ async function runClaimLikeMutation(options, reclaim) {
             const built = await buildTransaction({
                 rpc,
                 walletName,
+                state: nextState,
                 plan: buildPlanForCogOperation({
                     state: nextState,
                     allUtxos: await rpc.listUnspent(walletName, 1),

package/dist/wallet/tx/common.d.ts

@@ -1,4 +1,4 @@
-import type { RpcDecodedPsbt, RpcFinalizePsbtResult, RpcListUnspentEntry, RpcLockedUnspent, RpcTestMempoolAcceptResult, RpcTransaction, RpcWalletCreateFundedPsbtResult, RpcWalletProcessPsbtResult } from "../../bitcoind/types.js";
+import type { RpcDecodedPsbt, RpcFinalizePsbtResult, RpcListUnspentEntry, RpcLockedUnspent, RpcTestMempoolAcceptResult, RpcTransaction, RpcVin, RpcWalletCreateFundedPsbtResult, RpcWalletProcessPsbtResult } from "../../bitcoind/types.js";
 import { type WalletSecretProvider } from "../state/provider.js";
 import type { OutpointRecord, PendingMutationRecord, PendingMutationStatus, WalletStateV1 } from "../types.js";
 import type { WalletReadContext } from "../read/index.js";
@@ -33,6 +33,8 @@ export interface BuiltWalletMutationTransaction {
     wtxid: string | null;
     temporaryBuilderLockedOutpoints: OutpointRecord[];
 }
+export interface FixedWalletInput extends OutpointRecord {
+}
 export declare function saveWalletStatePreservingUnlock(options: {
     state: WalletStateV1;
     provider: WalletSecretProvider;
@@ -49,8 +51,28 @@ export declare function updateMutationRecord(mutation: PendingMutationRecord, st
 }): PendingMutationRecord;
 export declare function unlockTemporaryBuilderLocks(rpc: Pick<WalletMutationRpcClient, "lockUnspent">, walletName: string, outpoints: OutpointRecord[]): Promise<void>;
 export declare function diffTemporaryLockedOutpoints(before: RpcLockedUnspent[], after: RpcLockedUnspent[]): OutpointRecord[];
+export declare function getDecodedInputScriptPubKeyHex(input: RpcVin): string | null;
+export declare function getDecodedInputVout(input: RpcVin): number | null;
+export declare function inputMatchesOutpoint(input: RpcVin, outpoint: OutpointRecord): boolean;
+export declare function assertFixedInputPrefixMatches(inputs: RpcVin[], fixedInputs: FixedWalletInput[], errorCode: string): void;
+export declare function assertFundingInputsAfterFixedPrefix(options: {
+    inputs: RpcVin[];
+    fixedInputs: FixedWalletInput[];
+    allowedFundingScriptPubKeyHex: string;
+    eligibleFundingOutpointKeys: Set<string>;
+    errorCode: string;
+}): void;
+export declare function reconcilePersistentPolicyLocks(options: {
+    rpc: Pick<WalletMutationRpcClient, "listLockUnspent" | "lockUnspent" | "listUnspent">;
+    walletName: string;
+    state: WalletStateV1;
+    fixedInputs: FixedWalletInput[];
+    temporarilyUnlockedOutpoints?: readonly OutpointRecord[];
+    cleanupInactiveTemporaryBuilderLocks?: boolean;
+}): Promise<void>;
 export declare function isBroadcastUnknownError(error: unknown): boolean;
 export declare function isAlreadyAcceptedError(error: unknown): boolean;
+export declare function isInsufficientFundsError(error: unknown): boolean;
 export declare function assertWalletMutationContextReady(context: WalletReadContext, errorPrefix: string): asserts context is WalletReadContext & {
     localState: {
         availability: "ready";
@@ -67,11 +89,9 @@ export declare function pauseMiningForWalletMutation(options: {
 export declare function buildWalletMutationTransaction<TPlan>(options: {
     rpc: WalletMutationRpcClient;
     walletName: string;
+    state: WalletStateV1;
     plan: TPlan & {
-        inputs: Array<{
-            txid: string;
-            vout: number;
-        }>;
+        fixedInputs: FixedWalletInput[];
         outputs: unknown[];
         changeAddress: string;
         changePosition: number;
@@ -80,10 +100,21 @@ export declare function buildWalletMutationTransaction<TPlan>(options: {
     finalizeErrorCode: string;
     mempoolRejectPrefix: string;
     feeRate?: number;
-    builderOptions?: {
-        addInputs?: boolean;
-        includeUnsafe?: boolean;
-        minConf?: number;
-        lockUnspents?: boolean;
+    temporarilyUnlockedPolicyOutpoints?: readonly OutpointRecord[];
+}): Promise<BuiltWalletMutationTransaction>;
+export declare function buildWalletMutationTransactionWithReserveFallback<TPlan>(options: {
+    rpc: WalletMutationRpcClient;
+    walletName: string;
+    state: WalletStateV1;
+    plan: TPlan & {
+        fixedInputs: FixedWalletInput[];
+        outputs: unknown[];
+        changeAddress: string;
+        changePosition: number;
     };
+    validateFundedDraft(decoded: RpcDecodedPsbt, funded: RpcWalletCreateFundedPsbtResult, plan: TPlan): void;
+    finalizeErrorCode: string;
+    mempoolRejectPrefix: string;
+    feeRate?: number;
+    reserveCandidates: readonly OutpointRecord[];
 }): Promise<BuiltWalletMutationTransaction>;

package/dist/wallet/tx/common.js

@@ -2,6 +2,7 @@ import { randomBytes } from "node:crypto";
 import { saveUnlockSession } from "../state/session.js";
 import { saveWalletState } from "../state/storage.js";
 import { createWalletSecretReference, } from "../state/provider.js";
+import { reconcilePersistentPolicyLocks as reconcileWalletCoinControlLocks } from "../coin-control.js";
 import { requestMiningGenerationPreemption } from "../mining/coordination.js";
 export const DEFAULT_WALLET_MUTATION_FEE_RATE_SAT_VB = 10;
 function createUnlockSessionState(state, unlockUntilUnixMs, nowUnixMs) {
@@ -64,6 +65,53 @@ export function diffTemporaryLockedOutpoints(before, after) {
         vout: entry.vout,
     }));
 }
+export function getDecodedInputScriptPubKeyHex(input) {
+    return input.prevout?.scriptPubKey?.hex ?? null;
+}
+export function getDecodedInputVout(input) {
+    const vout = input.vout;
+    return typeof vout === "number" ? vout : null;
+}
+export function inputMatchesOutpoint(input, outpoint) {
+    return input.txid === outpoint.txid && getDecodedInputVout(input) === outpoint.vout;
+}
+export function assertFixedInputPrefixMatches(inputs, fixedInputs, errorCode) {
+    if (inputs.length < fixedInputs.length) {
+        throw new Error(errorCode);
+    }
+    for (const [index, fixedInput] of fixedInputs.entries()) {
+        if (!inputMatchesOutpoint(inputs[index], fixedInput)) {
+            throw new Error(errorCode);
+        }
+    }
+}
+export function assertFundingInputsAfterFixedPrefix(options) {
+    for (let index = options.fixedInputs.length; index < options.inputs.length; index += 1) {
+        const input = options.inputs[index];
+        const scriptPubKeyHex = getDecodedInputScriptPubKeyHex(input);
+        const vout = getDecodedInputVout(input);
+        if (scriptPubKeyHex !== options.allowedFundingScriptPubKeyHex || vout === null || typeof input.txid !== "string") {
+            throw new Error(options.errorCode);
+        }
+        const key = outpointKey({
+            txid: input.txid,
+            vout,
+        });
+        if (!options.eligibleFundingOutpointKeys.has(key)) {
+            throw new Error(options.errorCode);
+        }
+    }
+}
+export async function reconcilePersistentPolicyLocks(options) {
+    await reconcileWalletCoinControlLocks({
+        rpc: options.rpc,
+        walletName: options.walletName,
+        state: options.state,
+        fixedInputs: options.fixedInputs,
+        temporarilyUnlockedOutpoints: options.temporarilyUnlockedOutpoints,
+        cleanupInactiveTemporaryBuilderLocks: options.cleanupInactiveTemporaryBuilderLocks,
+    });
+}
 export function isBroadcastUnknownError(error) {
     const message = error instanceof Error ? error.message.toLowerCase() : String(error).toLowerCase();
     return message.includes("timeout")
@@ -80,6 +128,10 @@ export function isAlreadyAcceptedError(error) {
         || message.includes("already in blockchain")
         || message.includes("txn-already-known");
 }
+export function isInsufficientFundsError(error) {
+    const message = error instanceof Error ? error.message.toLowerCase() : String(error).toLowerCase();
+    return message.includes("insufficient funds");
+}
 export function assertWalletMutationContextReady(context, errorPrefix) {
     if (context.localState.availability === "uninitialized") {
         throw new Error("wallet_uninitialized");
@@ -110,16 +162,23 @@ export async function pauseMiningForWalletMutation(options) {
     });
 }
 export async function buildWalletMutationTransaction(options) {
+    await reconcilePersistentPolicyLocks({
+        rpc: options.rpc,
+        walletName: options.walletName,
+        state: options.state,
+        fixedInputs: options.plan.fixedInputs,
+        temporarilyUnlockedOutpoints: options.temporarilyUnlockedPolicyOutpoints,
+    });
     const lockedBefore = await options.rpc.listLockUnspent(options.walletName);
     let temporaryBuilderLockedOutpoints = [];
     try {
-        const funded = await options.rpc.walletCreateFundedPsbt(options.walletName, options.plan.inputs, options.plan.outputs, 0, {
-            add_inputs: options.builderOptions?.addInputs ?? true,
-            include_unsafe: options.builderOptions?.includeUnsafe ?? false,
-            minconf: options.builderOptions?.minConf ?? 1,
+        const funded = await options.rpc.walletCreateFundedPsbt(options.walletName, options.plan.fixedInputs, options.plan.outputs, 0, {
+            add_inputs: true,
+            include_unsafe: false,
+            minconf: 1,
             changeAddress: options.plan.changeAddress,
             changePosition: options.plan.changePosition,
-            lockUnspents: options.builderOptions?.lockUnspents ?? true,
+            lockUnspents: true,
             fee_rate: options.feeRate ?? DEFAULT_WALLET_MUTATION_FEE_RATE_SAT_VB,
             replaceable: true,
             subtractFeeFromOutputs: [],
@@ -139,6 +198,14 @@ export async function buildWalletMutationTransaction(options) {
         if (accepted == null || !accepted.allowed) {
             throw new Error(`${options.mempoolRejectPrefix}_${accepted?.["reject-reason"] ?? "unknown"}`);
         }
+        if ((options.temporarilyUnlockedPolicyOutpoints?.length ?? 0) > 0) {
+            await reconcilePersistentPolicyLocks({
+                rpc: options.rpc,
+                walletName: options.walletName,
+                state: options.state,
+                fixedInputs: options.plan.fixedInputs,
+            });
+        }
         return {
             funded,
             decoded,
@@ -151,6 +218,46 @@ export async function buildWalletMutationTransaction(options) {
     }
     catch (error) {
         await unlockTemporaryBuilderLocks(options.rpc, options.walletName, temporaryBuilderLockedOutpoints);
+        if ((options.temporarilyUnlockedPolicyOutpoints?.length ?? 0) > 0) {
+            await reconcilePersistentPolicyLocks({
+                rpc: options.rpc,
+                walletName: options.walletName,
+                state: options.state,
+                fixedInputs: options.plan.fixedInputs,
+            });
+        }
         throw error;
     }
 }
+export async function buildWalletMutationTransactionWithReserveFallback(options) {
+    let unlockedReserveOutpoints = [];
+    let lastError = null;
+    for (let attempt = 0; attempt <= options.reserveCandidates.length; attempt += 1) {
+        if (attempt > 0) {
+            unlockedReserveOutpoints = [
+                ...unlockedReserveOutpoints,
+                options.reserveCandidates[attempt - 1],
+            ];
+        }
+        try {
+            return await buildWalletMutationTransaction({
+                rpc: options.rpc,
+                walletName: options.walletName,
+                state: options.state,
+                plan: options.plan,
+                validateFundedDraft: options.validateFundedDraft,
+                finalizeErrorCode: options.finalizeErrorCode,
+                mempoolRejectPrefix: options.mempoolRejectPrefix,
+                feeRate: options.feeRate,
+                temporarilyUnlockedPolicyOutpoints: unlockedReserveOutpoints,
+            });
+        }
+        catch (error) {
+            lastError = error;
+            if (!isInsufficientFundsError(error) || attempt === options.reserveCandidates.length) {
+                throw error;
+            }
+        }
+    }
+    throw lastError;
+}