Introduce FundingContributionBuilder API

[wpaulino]

This PR refactors splice contribution construction around a new FundingBuilder API and tightens the semantics of how splice value is funded. It replaces the older FundingTemplate contribution helpers with a builder flow that can reuse, amend, or replace prior contributions for fresh splices and RBF attempts.

[ldk-reviews-bot]

👋 Thanks for assigning @TheBlueMatt as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.07%. Comparing base (5704e8e) to head (fa10899).
⚠️ Report is 52 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4516      +/-   ##
==========================================
+ Coverage   86.99%   87.07%   +0.07%     
==========================================
  Files         163      161       -2     
  Lines      108635   109248     +613     
  Branches   108635   109248     +613     
==========================================
+ Hits        94511    95130     +619     
+ Misses      11647    11636      -11     
- Partials     2477     2482       +5     

Flag	Coverage Δ
fuzzing	39.60% <40.00%> (-0.70%)	⬇️
tests	86.17% <80.00%> (+0.08%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[TheBlueMatt]

basically lgtm

[wpaulino]

Leaving the explicit input support for a follow-up as this PR is large enough already.

[ldk-claude-review-bot]

Nit: unnecessary return in final expression position. Same on line 740 for the sync variant.

Suggested change

	return Ok(FundingContribution::new(
	Ok(FundingContribution::new(

[ldk-claude-review-bot]

Review Summary — PR #4516: Introduce FundingContributionBuilder API (Final Pass)

No new inline comments this pass. The prior review passes were comprehensive and covered all significant issues found in this diff.

Previously flagged issues (all still present)

Critical:

1. funding.rs:570-578 — Breaking TLV tag renumbering for persisted FundingContribution. Upgrading nodes with pending splices will fail to deserialize channel data.
2. funding.rs:348 — splice_in/splice_in_sync additive semantics doubles value_added during RBF when a prior contribution is present.

Correctness:
3. funding.rs:647 — Wrong fee estimate used in sufficiency check after dropping change output in amend_without_coin_selection. Uses WITH-change fee instead of no-change fee, making the check too conservative.
4. funding.rs:700-714 — No sufficiency check in the no-change fallthrough of amend_without_coin_selection. Can silently return a contribution with less value_added() than requested.
5. funding.rs:636-644 — amend_without_coin_selection always fails for amended splice-out priors (no inputs → fee check fails).
6. funding.rs:1103-1104 — build_from_prior_contribution failure blocks fresh splice-out fallthrough in try_build_without_coin_selection.
7. funding.rs:1076-1080 — FundingInputs::None silently discards prior wallet inputs when value_added == 0.
8. funding.rs:431 — rbf_prior_contribution now requires a prior contribution, removing old fee-bump-only capability.
9. funding.rs:1172 — validate_contribution_parameters blocks reuse of fee-bump-only prior contributions.
10. channel.rs:12332-12341 — splice_channel now fails with APIError where it previously silently degraded to re-coin-selection.

Diagnostic / DX:
11. funding.rs:1067-1073 — All feerate adjustment failures mapped to MissingCoinSelectionSource, losing diagnostic information.
12. funding.rs:1292-1300 — saturating_add/saturating_sub for bitcoin amounts can silently truncate/zero.

Code quality:
13. funding.rs:1365,1465 — add_value/remove_value duplicated across async/sync builder impls.
14. funding.rs:1420,1519 — Unnecessary return keyword in final expression.

Cross-cutting concerns

• The MissingCoinSelectionSource error remains overloaded: it covers "need wallet inputs", "feerate can't be accommodated", and "prior amendment failed." The wallet-backed builder silently discards prior inputs on any of these by falling through to fresh coin selection.
• The design shift where wallet-backed contributions fund withdrawal outputs from wallet inputs (rather than channel balance) is intentional per the docs, but represents a significant semantic change from the old splice_in_and_out behavior.

[TheBlueMatt]

I didn't look too deeply at the tests but basically LGTM.

[wpaulino]

Had to rebase due to a small import conflict.

[TheBlueMatt]

needs rebase again tho

[jkczyz]

Code looks good, but I think merging some impl blocks will help the diff.

[TheBlueMatt]

linter, fuzz-sanity, and check_commits are failing.

[ldk-claude-review-bot]

Correctness concern: validate_contribution_parameters blocks reuse of fee-bump-only prior contributions

When a prior contribution has value_added() == 0 and empty outputs (a fee-bump-only contribution that only selected wallet inputs to pay fees), initializing a builder from it yields self.value_added = 0 and self.outputs = []. The validate_contribution_parameters check here then rejects the request with InvalidSpliceValue before build_from_prior_contribution gets a chance to reuse the prior.

This can happen when coin selection returned inputs where inputs - fee - change = 0 exactly. The old rbf code handled this case (via force_coin_selection = true); the new builder path rejects it at validation.

This may be intentional given the removal of the fee-bump-only flow, but it creates an asymmetry: a contribution that was successfully built and stored as a prior can fail to be reused with an identical request, which would be surprising to callers using rbf_prior_contribution or with_prior_contribution.

[wpaulino]

Fee-bump-only contributions would have the prior contribution's value_added and outputs so this is nonsense.

[ldk-claude-review-bot]

Nit: FundingInputs is a single-variant enum, adding indirection without benefit

FundingInputs has only one variant (CoinSelected), yet with_inputs_and_outputs and amend_without_coin_selection match on it. The target_value_added extracted from the match is Option<Amount> but is always Some(...) in practice. This makes the control flow harder to follow without adding extensibility — if new variants are expected soon, a comment noting that would help; otherwise this could be simplified to a plain struct or direct parameter.

[wpaulino]

We plan to add another variant in a follow-up for manual input support.

[TheBlueMatt]

Does this need to consider dust?

[wpaulino]

new_change is returned from compute_feerate_adjustment so it should have already been considered there.

[TheBlueMatt]

I don't think that's quite sufficient? This is also called from net_value_for_acceptor_at_feerate in channel.rs's resolve_queued_contribution. The resulting our_funding_contribution is sent to our peer. Maybe its fine to be a bit off there but it does leave a good chunk of code all the way into channel.rs kinda confusing.

[TheBlueMatt]

Its weird to split on whether the net contribution was negative or not - if I have a splice where I added 1 BTC+1 sat to the channel but sent 1BTC out without change output, I'm probably more than happy to RBF by using the value of some of my inputs to change the channel's balance.

[wpaulino]

Good point, but then we're not really abiding by the value_added they provided when we initially coin-selected the inputs. With manual input selection, this will work out of the box since there's no explicit value_added there, we're just always adding whatever is left after fees. Should we treat the coin-selected no-change case the same way?

[TheBlueMatt]

With manual input selection, this will work out of the box since there's no explicit value_added there, we're just always adding whatever is left after fees.

Hmm? There's no explicit value_added anywhere now? So I suppose you could argue this code is correct for the coin selection case but wrong for the all-input case? Do we need to track the input selection style here?

[wpaulino]

It's still explicit when splicing in funds via FundingBuilder::add_value. The manual input selection does have a special case in this path to allow spending up to half of the UTXO value (as long as the feerate is still within the max of course).

[jkczyz]

PR description could probably be completed now.

[jkczyz]

Mostly LGTM.

[jkczyz]

Hope this isn't too pedantic, bit using "fund" here may be confusing for the withdrawal case. I think of "fund" more as funding a channel rather than how the contribution fees are paid for. It seems a little overloaded here when talking about withdrawal outputs.

Perhaps we can re-word similar to the second bullet where paying for fees and withdrawal outputs is mentioned?

[jkczyz]

Similarly here with "funded".

[jkczyz]

Likewise.

[jkczyz]

I see that the total input value is checked in validate_inputs, but I don't see where we validate the outputs.