@cogcoin/client 0.5.12 → 0.5.13

package/dist/wallet/mining/runner.js

@@ -8,7 +8,7 @@ import { attachOrStartManagedBitcoindService } from "../../bitcoind/service.js";
 import { createRpcClient } from "../../bitcoind/node.js";
 import { COG_OPCODES, COG_PREFIX } from "../cogop/constants.js";
 import { extractOpReturnPayloadFromScriptHex } from "../tx/register.js";
-import { DEFAULT_WALLET_MUTATION_FEE_RATE_SAT_VB, buildWalletMutationTransaction, isAlreadyAcceptedError, isBroadcastUnknownError, saveWalletStatePreservingUnlock, } from "../tx/common.js";
+import { DEFAULT_WALLET_MUTATION_FEE_RATE_SAT_VB, assertFixedInputPrefixMatches, assertFundingInputsAfterFixedPrefix, buildWalletMutationTransaction, outpointKey as walletMutationOutpointKey, isAlreadyAcceptedError, isBroadcastUnknownError, reconcilePersistentPolicyLocks, saveWalletStatePreservingUnlock, } from "../tx/common.js";
 import { acquireFileLock } from "../fs/lock.js";
 import { loadOrAutoUnlockWalletState } from "../lifecycle.js";
 import { isMineableWalletDomain, openWalletReadContext, } from "../read/index.js";
@@ -584,10 +584,9 @@ function createMiningPlan(options) {
     ]).toString("hex");
     return {
         sender: options.candidate.sender,
-        inputs: [
+        fixedInputs: [
             options.candidate.anchorOutpoint,
             options.conflictOutpoint,
-            ...fundingUtxos.map((entry) => ({ txid: entry.txid, vout: entry.vout })),
         ],
         outputs: [
             { data: Buffer.from(opReturnData).toString("hex") },
@@ -599,6 +598,7 @@ function createMiningPlan(options) {
         expectedAnchorScriptHex: options.candidate.sender.scriptPubKeyHex,
         expectedAnchorValueSats: BigInt(options.state.anchorValueSats),
         allowedFundingScriptPubKeyHex: options.state.funding.scriptPubKeyHex,
+        eligibleFundingOutpointKeys: new Set(fundingUtxos.map((entry) => walletMutationOutpointKey({ txid: entry.txid, vout: entry.vout }))),
         expectedConflictOutpoint: options.conflictOutpoint,
         feeRateSatVb: options.feeRateSatVb,
     };
@@ -609,17 +609,22 @@ function validateMiningDraft(decoded, funded, plan) {
     if (inputs.length < 2) {
         throw new Error("wallet_mining_missing_inputs");
     }
+    assertFixedInputPrefixMatches(inputs, plan.fixedInputs, "wallet_mining_missing_inputs");
     if (inputs[0]?.prevout?.scriptPubKey?.hex !== plan.sender.scriptPubKeyHex) {
         throw new Error("wallet_mining_sender_input_mismatch");
     }
-    if (inputs[1]?.prevout?.scriptPubKey?.hex !== plan.allowedFundingScriptPubKeyHex) {
+    if (inputs[1]?.prevout?.scriptPubKey?.hex !== plan.allowedFundingScriptPubKeyHex
+        || inputs[1]?.txid !== plan.expectedConflictOutpoint.txid
+        || inputs[1].vout !== plan.expectedConflictOutpoint.vout) {
         throw new Error("wallet_mining_conflict_input_mismatch");
     }
-    for (let index = 2; index < inputs.length; index += 1) {
-        if (inputs[index]?.prevout?.scriptPubKey?.hex !== plan.allowedFundingScriptPubKeyHex) {
-            throw new Error("wallet_mining_unexpected_funding_input");
-        }
-    }
+    assertFundingInputsAfterFixedPrefix({
+        inputs,
+        fixedInputs: plan.fixedInputs,
+        allowedFundingScriptPubKeyHex: plan.allowedFundingScriptPubKeyHex,
+        eligibleFundingOutpointKeys: plan.eligibleFundingOutpointKeys,
+        errorCode: "wallet_mining_unexpected_funding_input",
+    });
     if (outputs[0]?.scriptPubKey?.hex !== plan.expectedOpReturnScriptHex) {
         throw new Error("wallet_mining_opreturn_mismatch");
     }
@@ -637,17 +642,12 @@ async function buildMiningTransaction(options) {
     return buildWalletMutationTransaction({
         rpc: options.rpc,
         walletName: options.walletName,
+        state: options.state,
         plan: options.plan,
         validateFundedDraft: validateMiningDraft,
         finalizeErrorCode: "wallet_mining_finalize_failed",
         mempoolRejectPrefix: "wallet_mining_mempool_rejected",
         feeRate: options.plan.feeRateSatVb,
-        builderOptions: {
-            addInputs: true,
-            includeUnsafe: true,
-            minConf: 0,
-            lockUnspents: true,
-        },
     });
 }
 function resolveEligibleAnchoredRoots(context) {
@@ -1244,30 +1244,6 @@ function miningCandidateIsCurrent(options) {
         && options.nodeBestHeight !== null
         && options.state.currentBlockTargetHeight === (options.nodeBestHeight + 1);
 }
-async function rebuildPersistentAnchorLocks(options) {
-    const walletName = options.state.managedCoreWallet.walletName;
-    const [locked, spendable] = await Promise.all([
-        options.rpc.listLockUnspent(walletName).catch(() => []),
-        options.rpc.listUnspent(walletName, 0).catch(() => []),
-    ]);
-    const spendableKeys = new Set(spendable.map((entry) => `${entry.txid}:${entry.vout}`));
-    const expected = options.state.domains
-        .map((domain) => domain.currentCanonicalAnchorOutpoint)
-        .filter((outpoint) => outpoint !== null)
-        .map((outpoint) => ({ txid: outpoint.txid, vout: outpoint.vout }))
-        .filter((outpoint) => spendableKeys.has(`${outpoint.txid}:${outpoint.vout}`));
-    const expectedKeys = new Set(expected.map((outpoint) => `${outpoint.txid}:${outpoint.vout}`));
-    const lockedKeys = new Set(locked.map((outpoint) => `${outpoint.txid}:${outpoint.vout}`));
-    const staleLocked = locked.filter((outpoint) => !expectedKeys.has(`${outpoint.txid}:${outpoint.vout}`)
-        || !spendableKeys.has(`${outpoint.txid}:${outpoint.vout}`));
-    const missingLocked = expected.filter((outpoint) => !lockedKeys.has(`${outpoint.txid}:${outpoint.vout}`));
-    if (staleLocked.length > 0) {
-        await options.rpc.lockUnspent(walletName, true, staleLocked).catch(() => undefined);
-    }
-    if (missingLocked.length > 0) {
-        await options.rpc.lockUnspent(walletName, false, missingLocked).catch(() => undefined);
-    }
-}
 async function reconcileLiveMiningState(options) {
     let state = {
         ...options.state,
@@ -1275,7 +1251,12 @@ async function reconcileLiveMiningState(options) {
     };
     const currentTxid = state.miningState.currentTxid;
     if (currentTxid === null || !miningFamilyMayStillExist(state.miningState)) {
-        await rebuildPersistentAnchorLocks({ state, rpc: options.rpc });
+        await reconcilePersistentPolicyLocks({
+            rpc: options.rpc,
+            walletName: state.managedCoreWallet.walletName,
+            state,
+            fixedInputs: [],
+        });
         return state;
     }
     const walletName = state.managedCoreWallet.walletName;
@@ -1295,7 +1276,12 @@ async function reconcileLiveMiningState(options) {
                 currentPublishDecision: "tx-confirmed-while-down",
             },
         };
-        await rebuildPersistentAnchorLocks({ state, rpc: options.rpc });
+        await reconcilePersistentPolicyLocks({
+            rpc: options.rpc,
+            walletName: state.managedCoreWallet.walletName,
+            state,
+            fixedInputs: [],
+        });
         return state;
     }
     if (inMempool) {
@@ -1319,7 +1305,12 @@ async function reconcileLiveMiningState(options) {
                     : null,
             currentPublishDecision: stale ? "paused-stale-mempool" : "restored-live-family",
         });
-        await rebuildPersistentAnchorLocks({ state, rpc: options.rpc });
+        await reconcilePersistentPolicyLocks({
+            rpc: options.rpc,
+            walletName: state.managedCoreWallet.walletName,
+            state,
+            fixedInputs: [],
+        });
         return state;
     }
     if ((walletTx?.walletconflicts?.length ?? 0) > 0) {
@@ -1333,7 +1324,12 @@ async function reconcileLiveMiningState(options) {
                 ? "repair-required-broadcast-conflict"
                 : "repair-required-wallet-conflict",
         });
-        await rebuildPersistentAnchorLocks({ state, rpc: options.rpc });
+        await reconcilePersistentPolicyLocks({
+            rpc: options.rpc,
+            walletName: state.managedCoreWallet.walletName,
+            state,
+            fixedInputs: [],
+        });
         return state;
     }
     state = defaultMiningStatePatch(state, {
@@ -1342,7 +1338,12 @@ async function reconcileLiveMiningState(options) {
             ? "broadcast-unknown-not-seen"
             : "live-family-not-seen",
     });
-    await rebuildPersistentAnchorLocks({ state, rpc: options.rpc });
+    await reconcilePersistentPolicyLocks({
+        rpc: options.rpc,
+        walletName: state.managedCoreWallet.walletName,
+        state,
+        fixedInputs: [],
+    });
     return state;
 }
 async function publishCandidate(options) {
@@ -1405,6 +1406,7 @@ async function publishCandidate(options) {
     const built = await buildMiningTransaction({
         rpc,
         walletName: state.managedCoreWallet.walletName,
+        state,
         plan,
     });
     const intentFingerprintHex = computeIntentFingerprint(state, options.candidate);

package/dist/wallet/read/context.js

@@ -7,6 +7,7 @@ import { attachOrStartManagedBitcoindService, probeManagedBitcoindService, } fro
 import { resolveCogcoinProcessingStartHeight } from "../../bitcoind/processing-start-height.js";
 import {} from "../../bitcoind/types.js";
 import { loadOrAutoUnlockWalletState, verifyManagedCoreWalletReplica, } from "../lifecycle.js";
+import { normalizeWalletStateRecord, persistWalletCoinControlStateIfNeeded } from "../coin-control.js";
 import { persistNormalizedWalletDescriptorStateIfNeeded } from "../descriptor-normalization.js";
 import { inspectMiningControlPlane } from "../mining/index.js";
 import { normalizeMiningStateRecord } from "../mining/state.js";
@@ -76,9 +77,17 @@ async function normalizeLoadedWalletStateForRead(options) {
             replacePrimary: options.loaded.source === "backup",
             rpc: createRpcClient(node.rpc),
         });
-        return {
-            source: normalized.changed ? "primary" : options.loaded.source,
+        const coinControl = await persistWalletCoinControlStateIfNeeded({
             state: normalized.state,
+            access,
+            paths: options.paths,
+            nowUnixMs: options.now,
+            replacePrimary: (normalized.changed ? "primary" : options.loaded.source) === "backup",
+            rpc: createRpcClient(node.rpc),
+        });
+        return {
+            source: coinControl.changed ? "primary" : normalized.changed ? "primary" : options.loaded.source,
+            state: coinControl.state,
         };
     }
     finally {
@@ -186,10 +195,10 @@ async function inspectWalletLocalState(options = {}) {
             return {
                 availability: "ready",
                 walletRootId: unlocked.state.walletRootId,
-                state: {
+                state: normalizeWalletStateRecord({
                     ...unlocked.state,
                     miningState: normalizeMiningStateRecord(unlocked.state.miningState),
-                },
+                }),
                 source: unlocked.source,
                 unlockUntilUnixMs: unlocked.session.unlockUntilUnixMs,
                 hasPrimaryStateFile,
@@ -226,10 +235,10 @@ async function inspectWalletLocalState(options = {}) {
         return {
             availability: "ready",
             walletRootId: loaded.state.walletRootId,
-            state: {
+            state: normalizeWalletStateRecord({
                 ...loaded.state,
                 miningState: normalizeMiningStateRecord(loaded.state.miningState),
-            },
+            }),
             source: loaded.source,
             unlockUntilUnixMs: null,
             hasPrimaryStateFile,

package/dist/wallet/reset.js

@@ -187,6 +187,8 @@ function createEntropyRetainedWalletState(previousState, nowUnixMs) {
         walletRootId,
         network: previousState.network,
         anchorValueSats: previousState.anchorValueSats,
+        proactiveReserveSats: previousState.proactiveReserveSats,
+        proactiveReserveOutpoints: previousState.proactiveReserveOutpoints,
         nextDedicatedIndex: previousState.nextDedicatedIndex,
         fundingIndex: previousState.fundingIndex,
         mnemonic: {

package/dist/wallet/state/storage.js

@@ -1,5 +1,6 @@
 import { readFile } from "node:fs/promises";
 import { writeJsonFileAtomic } from "../fs/atomic.js";
+import { normalizeWalletStateRecord } from "../coin-control.js";
 import { decryptJsonWithPassphrase, decryptJsonWithSecretProvider, encryptJsonWithPassphrase, encryptJsonWithSecretProvider, } from "./crypto.js";
 async function readEnvelope(path) {
     const raw = await readFile(path, "utf8");
@@ -73,18 +74,18 @@ export async function loadWalletState(paths, access) {
     try {
         return {
             source: "primary",
-            state: typeof access === "string" || access instanceof Uint8Array
+            state: normalizeWalletStateRecord(typeof access === "string" || access instanceof Uint8Array
                 ? await decryptJsonWithPassphrase(await readEnvelope(paths.primaryPath), access)
-                : await decryptJsonWithSecretProvider(await readEnvelope(paths.primaryPath), access.provider),
+                : await decryptJsonWithSecretProvider(await readEnvelope(paths.primaryPath), access.provider)),
         };
     }
     catch (primaryError) {
         try {
             return {
                 source: "backup",
-                state: typeof access === "string" || access instanceof Uint8Array
+                state: normalizeWalletStateRecord(typeof access === "string" || access instanceof Uint8Array
                     ? await decryptJsonWithPassphrase(await readEnvelope(paths.backupPath), access)
-                    : await decryptJsonWithSecretProvider(await readEnvelope(paths.backupPath), access.provider),
+                    : await decryptJsonWithSecretProvider(await readEnvelope(paths.backupPath), access.provider)),
             };
         }
         catch {

package/dist/wallet/tx/anchor.js

@@ -5,11 +5,12 @@ import { attachOrStartManagedBitcoindService } from "../../bitcoind/service.js";
 import { createRpcClient } from "../../bitcoind/node.js";
 import { acquireFileLock } from "../fs/lock.js";
 import { deriveWalletIdentityMaterial, } from "../material.js";
+import { computeDesignatedProactiveReserveOutpoints } from "../coin-control.js";
 import { resolveWalletRuntimePathsForTesting } from "../runtime.js";
 import { createDefaultWalletSecretProvider, } from "../state/provider.js";
 import { serializeDomainAnchor, serializeDomainTransfer, validateDomainName, } from "../cogop/index.js";
 import { openWalletReadContext } from "../read/index.js";
-import { assertWalletMutationContextReady, buildWalletMutationTransaction, isAlreadyAcceptedError, isBroadcastUnknownError, pauseMiningForWalletMutation, saveWalletStatePreservingUnlock, unlockTemporaryBuilderLocks, } from "./common.js";
+import { assertFixedInputPrefixMatches, assertFundingInputsAfterFixedPrefix, assertWalletMutationContextReady, buildWalletMutationTransactionWithReserveFallback, getDecodedInputScriptPubKeyHex, isAlreadyAcceptedError, isBroadcastUnknownError, outpointKey, pauseMiningForWalletMutation, saveWalletStatePreservingUnlock, unlockTemporaryBuilderLocks, inputMatchesOutpoint, } from "./common.js";
 import { confirmYesNo } from "./confirm.js";
 const ACTIVE_FAMILY_STATUSES = new Set([
     "draft",
@@ -463,9 +464,7 @@ function buildTx1Plan(options) {
         return {
             sender: options.operation.sourceSender,
             changeAddress: options.state.funding.address,
-            inputs: fundingUtxos.map((entry, index) => index === 0
-                ? { txid: senderInput.txid, vout: senderInput.vout }
-                : { txid: entry.txid, vout: entry.vout }),
+            fixedInputs: [{ txid: senderInput.txid, vout: senderInput.vout }],
             outputs,
             changePosition: 2,
             expectedOpReturnScriptHex: encodeOpReturnScript(serializeDomainTransfer(options.operation.chainDomain.domainId, Buffer.from(options.operation.targetIdentity.scriptPubKeyHex, "hex")).opReturnData),
@@ -474,6 +473,9 @@ function buildTx1Plan(options) {
             expectedReplacementAnchorScriptHex: null,
             expectedReplacementAnchorValueSats: null,
             allowedFundingScriptPubKeyHex: options.state.funding.scriptPubKeyHex,
+            eligibleFundingOutpointKeys: new Set(fundingUtxos
+                .filter((entry) => !(entry.txid === senderInput.txid && entry.vout === senderInput.vout))
+                .map((entry) => outpointKey({ txid: entry.txid, vout: entry.vout }))),
             requiredSenderOutpoint: null,
             requiredProvisionalOutpoint: null,
             errorPrefix: "wallet_anchor_tx1",
@@ -492,10 +494,7 @@ function buildTx1Plan(options) {
     return {
         sender: options.operation.sourceSender,
         changeAddress: options.state.funding.address,
-        inputs: [
-            { txid: sourceAnchor.txid, vout: sourceAnchor.vout },
-            ...fundingUtxos.map((entry) => ({ txid: entry.txid, vout: entry.vout })),
-        ],
+        fixedInputs: [{ txid: sourceAnchor.txid, vout: sourceAnchor.vout }],
         outputs,
         changePosition: 3,
         expectedOpReturnScriptHex: encodeOpReturnScript(serializeDomainTransfer(options.operation.chainDomain.domainId, Buffer.from(options.operation.targetIdentity.scriptPubKeyHex, "hex")).opReturnData),
@@ -504,6 +503,7 @@ function buildTx1Plan(options) {
         expectedReplacementAnchorScriptHex: options.operation.sourceSender.scriptPubKeyHex,
         expectedReplacementAnchorValueSats: BigInt(options.state.anchorValueSats),
         allowedFundingScriptPubKeyHex: options.state.funding.scriptPubKeyHex,
+        eligibleFundingOutpointKeys: new Set(fundingUtxos.map((entry) => outpointKey({ txid: entry.txid, vout: entry.vout }))),
         requiredSenderOutpoint: options.operation.sourceAnchorOutpoint,
         requiredProvisionalOutpoint: null,
         errorPrefix: "wallet_anchor_tx1",
@@ -535,10 +535,7 @@ function buildTx2Plan(options) {
             address: options.operation.targetIdentity.address,
         },
         changeAddress: options.state.funding.address,
-        inputs: [
-            { txid: provisional.txid, vout: provisional.vout },
-            ...fundingUtxos.map((entry) => ({ txid: entry.txid, vout: entry.vout })),
-        ],
+        fixedInputs: [{ txid: provisional.txid, vout: provisional.vout }],
         outputs: [
             { data: Buffer.from(opReturnData).toString("hex") },
             { [options.operation.targetIdentity.address]: satsToBtcNumber(BigInt(options.state.anchorValueSats)) },
@@ -550,6 +547,7 @@ function buildTx2Plan(options) {
         expectedReplacementAnchorScriptHex: null,
         expectedReplacementAnchorValueSats: null,
         allowedFundingScriptPubKeyHex: options.state.funding.scriptPubKeyHex,
+        eligibleFundingOutpointKeys: new Set(fundingUtxos.map((entry) => outpointKey({ txid: entry.txid, vout: entry.vout }))),
         requiredSenderOutpoint: null,
         requiredProvisionalOutpoint: {
             txid: provisional.txid,
@@ -558,30 +556,13 @@ function buildTx2Plan(options) {
         errorPrefix: "wallet_anchor_tx2",
     };
 }
-function getDecodedInputScriptPubKeyHex(input) {
-    return input.prevout?.scriptPubKey?.hex ?? null;
-}
-function getDecodedInputVout(input) {
-    const vout = input.vout;
-    return typeof vout === "number" ? vout : null;
-}
-function inputMatchesOutpoint(input, outpoint) {
-    return input.txid === outpoint.txid && getDecodedInputVout(input) === outpoint.vout;
-}
-function assertNoUnexpectedAnchorInputs(inputs, allowedScripts, unexpectedInputErrorCode) {
-    for (const input of inputs) {
-        const scriptPubKeyHex = getDecodedInputScriptPubKeyHex(input);
-        if (scriptPubKeyHex === null || !allowedScripts.has(scriptPubKeyHex)) {
-            throw new Error(unexpectedInputErrorCode);
-        }
-    }
-}
 function validateTx1Draft(decoded, funded, plan) {
     const inputs = decoded.tx.vin;
     const outputs = decoded.tx.vout;
     if (inputs.length === 0) {
         throw new Error(`${plan.errorPrefix}_sender_input_mismatch`);
     }
+    assertFixedInputPrefixMatches(inputs, plan.fixedInputs, `${plan.errorPrefix}_sender_input_mismatch`);
     const firstInputScriptPubKeyHex = getDecodedInputScriptPubKeyHex(inputs[0]);
     if (firstInputScriptPubKeyHex !== plan.sender.scriptPubKeyHex) {
         throw new Error(`${plan.errorPrefix}_sender_input_mismatch`);
@@ -590,14 +571,14 @@ function validateTx1Draft(decoded, funded, plan) {
         if (!inputMatchesOutpoint(inputs[0], plan.requiredSenderOutpoint)) {
             throw new Error(`${plan.errorPrefix}_sender_input_mismatch`);
         }
-        if (inputs.length < 2 || getDecodedInputScriptPubKeyHex(inputs[1]) !== plan.allowedFundingScriptPubKeyHex) {
-            throw new Error(`${plan.errorPrefix}_unexpected_funding_input`);
-        }
-        assertNoUnexpectedAnchorInputs(inputs.slice(2), new Set([plan.allowedFundingScriptPubKeyHex]), `${plan.errorPrefix}_unexpected_funding_input`);
-    }
-    else {
-        assertNoUnexpectedAnchorInputs(inputs, new Set([plan.allowedFundingScriptPubKeyHex]), `${plan.errorPrefix}_unexpected_funding_input`);
     }
+    assertFundingInputsAfterFixedPrefix({
+        inputs,
+        fixedInputs: plan.fixedInputs,
+        allowedFundingScriptPubKeyHex: plan.allowedFundingScriptPubKeyHex,
+        eligibleFundingOutpointKeys: plan.eligibleFundingOutpointKeys,
+        errorCode: `${plan.errorPrefix}_unexpected_funding_input`,
+    });
     if (outputs[0]?.scriptPubKey?.hex !== plan.expectedOpReturnScriptHex) {
         throw new Error(`${plan.errorPrefix}_opreturn_mismatch`);
     }
@@ -635,15 +616,19 @@ function validateTx2Draft(decoded, funded, plan) {
     if (inputs.length === 0 || plan.requiredProvisionalOutpoint === null) {
         throw new Error(`${plan.errorPrefix}_provisional_input_mismatch`);
     }
+    assertFixedInputPrefixMatches(inputs, plan.fixedInputs, `${plan.errorPrefix}_provisional_input_mismatch`);
     const firstInputScriptPubKeyHex = getDecodedInputScriptPubKeyHex(inputs[0]);
     if (firstInputScriptPubKeyHex !== plan.sender.scriptPubKeyHex
         || !inputMatchesOutpoint(inputs[0], plan.requiredProvisionalOutpoint)) {
         throw new Error(`${plan.errorPrefix}_provisional_input_mismatch`);
     }
-    if (inputs.length < 2 || getDecodedInputScriptPubKeyHex(inputs[1]) !== plan.allowedFundingScriptPubKeyHex) {
-        throw new Error(`${plan.errorPrefix}_unexpected_funding_input`);
-    }
-    assertNoUnexpectedAnchorInputs(inputs.slice(2), new Set([plan.allowedFundingScriptPubKeyHex]), `${plan.errorPrefix}_unexpected_funding_input`);
+    assertFundingInputsAfterFixedPrefix({
+        inputs,
+        fixedInputs: plan.fixedInputs,
+        allowedFundingScriptPubKeyHex: plan.allowedFundingScriptPubKeyHex,
+        eligibleFundingOutpointKeys: plan.eligibleFundingOutpointKeys,
+        errorCode: `${plan.errorPrefix}_unexpected_funding_input`,
+    });
     if (outputs[0]?.scriptPubKey?.hex !== plan.expectedOpReturnScriptHex) {
         throw new Error(`${plan.errorPrefix}_opreturn_mismatch`);
     }
@@ -668,31 +653,29 @@ function validateTx2Draft(decoded, funded, plan) {
     }
 }
 async function buildTx1(options) {
-    return buildWalletMutationTransaction({
+    const reserveCandidates = computeDesignatedProactiveReserveOutpoints(options.state, await options.rpc.listUnspent(options.walletName, 1));
+    return buildWalletMutationTransactionWithReserveFallback({
         rpc: options.rpc,
         walletName: options.walletName,
+        state: options.state,
         plan: options.plan,
         validateFundedDraft: validateTx1Draft,
         finalizeErrorCode: "wallet_anchor_tx1_finalize_failed",
         mempoolRejectPrefix: "wallet_anchor_tx1_mempool_rejected",
-        builderOptions: {
-            addInputs: false,
-        },
+        reserveCandidates,
     });
 }
 async function buildTx2(options) {
-    return buildWalletMutationTransaction({
+    const reserveCandidates = computeDesignatedProactiveReserveOutpoints(options.state, await options.rpc.listUnspent(options.walletName, 1));
+    return buildWalletMutationTransactionWithReserveFallback({
         rpc: options.rpc,
         walletName: options.walletName,
+        state: options.state,
         plan: options.plan,
         validateFundedDraft: validateTx2Draft,
         finalizeErrorCode: "wallet_anchor_tx2_finalize_failed",
         mempoolRejectPrefix: "wallet_anchor_tx2_mempool_rejected",
-        builderOptions: {
-            addInputs: false,
-            includeUnsafe: true,
-            minConf: 0,
-        },
+        reserveCandidates,
     });
 }
 async function relockAnchorOutpoint(rpc, walletName, outpoint) {
@@ -998,6 +981,7 @@ async function submitTx2(options) {
     const builtTx2 = await buildTx2({
         rpc: options.rpc,
         walletName: options.walletName,
+        state: nextState,
         plan: tx2Plan,
     });
     const broadcastingTx2 = createBroadcastingTxRecord(builtTx2);
@@ -1232,6 +1216,7 @@ export async function anchorDomain(options) {
                 const builtTx1 = await buildTx1({
                     rpc,
                     walletName,
+                    state: nextState,
                     plan: tx1Plan,
                 });
                 const broadcastingTx1 = createBroadcastingTxRecord(builtTx1);

package/dist/wallet/tx/cog.js

@@ -7,7 +7,7 @@ import { resolveWalletRuntimePathsForTesting } from "../runtime.js";
 import { createDefaultWalletSecretProvider, } from "../state/provider.js";
 import { serializeCogClaim, serializeCogLock, serializeCogTransfer, } from "../cogop/index.js";
 import { openWalletReadContext } from "../read/index.js";
-import { assertWalletMutationContextReady, buildWalletMutationTransaction, formatCogAmount, isAlreadyAcceptedError, isBroadcastUnknownError, pauseMiningForWalletMutation, saveWalletStatePreservingUnlock, unlockTemporaryBuilderLocks, updateMutationRecord, } from "./common.js";
+import { assertFixedInputPrefixMatches, assertFundingInputsAfterFixedPrefix, assertWalletMutationContextReady, buildWalletMutationTransaction, formatCogAmount, isAlreadyAcceptedError, isBroadcastUnknownError, outpointKey, pauseMiningForWalletMutation, saveWalletStatePreservingUnlock, unlockTemporaryBuilderLocks, updateMutationRecord, } from "./common.js";
 import { confirmTypedAcknowledgement, confirmYesNo } from "./confirm.js";
 import { getCanonicalIdentitySelector, resolveIdentityBySelector, } from "./identity-selector.js";
 import { findPendingMutationByIntent, upsertPendingMutation } from "./journal.js";
@@ -258,11 +258,8 @@ function buildPlanForCogOperation(options) {
         return {
             sender: options.sender,
             changeAddress: options.state.funding.address,
-            inputs: [
+            fixedInputs: [
                 { txid: senderUtxo.txid, vout: senderUtxo.vout },
-                ...fundingUtxos
-                    .filter((entry) => !(entry.txid === senderUtxo.txid && entry.vout === senderUtxo.vout))
-                    .map((entry) => ({ txid: entry.txid, vout: entry.vout })),
             ],
             outputs,
             changePosition: 1,
@@ -270,6 +267,9 @@ function buildPlanForCogOperation(options) {
             expectedAnchorScriptHex: null,
             expectedAnchorValueSats: null,
             allowedFundingScriptPubKeyHex: options.state.funding.scriptPubKeyHex,
+            eligibleFundingOutpointKeys: new Set(fundingUtxos
+                .filter((entry) => !(entry.txid === senderUtxo.txid && entry.vout === senderUtxo.vout))
+                .map((entry) => outpointKey({ txid: entry.txid, vout: entry.vout }))),
             errorPrefix: options.errorPrefix,
         };
     }
@@ -288,9 +288,8 @@ function buildPlanForCogOperation(options) {
     return {
         sender: options.sender,
         changeAddress: options.state.funding.address,
-        inputs: [
+        fixedInputs: [
             { txid: anchorUtxo.txid, vout: anchorUtxo.vout },
-            ...fundingUtxos.map((entry) => ({ txid: entry.txid, vout: entry.vout })),
         ],
         outputs,
         changePosition: 2,
@@ -298,6 +297,7 @@ function buildPlanForCogOperation(options) {
         expectedAnchorScriptHex: options.sender.scriptPubKeyHex,
         expectedAnchorValueSats: options.anchorValueSats,
         allowedFundingScriptPubKeyHex: options.state.funding.scriptPubKeyHex,
+        eligibleFundingOutpointKeys: new Set(fundingUtxos.map((entry) => outpointKey({ txid: entry.txid, vout: entry.vout }))),
         errorPrefix: options.errorPrefix,
     };
 }
@@ -307,14 +307,17 @@ function validateFundedDraft(decoded, funded, plan) {
     if (inputs.length === 0) {
         throw new Error(`${plan.errorPrefix}_missing_sender_input`);
     }
+    assertFixedInputPrefixMatches(inputs, plan.fixedInputs, `${plan.errorPrefix}_sender_input_mismatch`);
     if (inputs[0]?.prevout?.scriptPubKey?.hex !== plan.sender.scriptPubKeyHex) {
         throw new Error(`${plan.errorPrefix}_sender_input_mismatch`);
     }
-    for (let index = 1; index < inputs.length; index += 1) {
-        if (inputs[index]?.prevout?.scriptPubKey?.hex !== plan.allowedFundingScriptPubKeyHex) {
-            throw new Error(`${plan.errorPrefix}_unexpected_funding_input`);
-        }
-    }
+    assertFundingInputsAfterFixedPrefix({
+        inputs,
+        fixedInputs: plan.fixedInputs,
+        allowedFundingScriptPubKeyHex: plan.allowedFundingScriptPubKeyHex,
+        eligibleFundingOutpointKeys: plan.eligibleFundingOutpointKeys,
+        errorCode: `${plan.errorPrefix}_unexpected_funding_input`,
+    });
     if (outputs[0]?.scriptPubKey?.hex !== plan.expectedOpReturnScriptHex) {
         throw new Error(`${plan.errorPrefix}_opreturn_mismatch`);
     }
@@ -344,6 +347,7 @@ async function buildTransaction(options) {
     return buildWalletMutationTransaction({
         rpc: options.rpc,
         walletName: options.walletName,
+        state: options.state,
         plan: options.plan,
         validateFundedDraft,
         finalizeErrorCode: `${options.plan.errorPrefix}_finalize_failed`,
@@ -699,6 +703,7 @@ export async function sendCog(options) {
             const built = await buildTransaction({
                 rpc,
                 walletName,
+                state: nextState,
                 plan: buildPlanForCogOperation({
                     state: nextState,
                     allUtxos: await rpc.listUnspent(walletName, 1),
@@ -860,6 +865,7 @@ export async function lockCogToDomain(options) {
             const built = await buildTransaction({
                 rpc,
                 walletName,
+                state: nextState,
                 plan: buildPlanForCogOperation({
                     state: nextState,
                     allUtxos: await rpc.listUnspent(walletName, 1),
@@ -1004,6 +1010,7 @@ async function runClaimLikeMutation(options, reclaim) {
             const built = await buildTransaction({
                 rpc,
                 walletName,
+                state: nextState,
                 plan: buildPlanForCogOperation({
                     state: nextState,
                     allUtxos: await rpc.listUnspent(walletName, 1),