sweep: isolate bad inputs on mempool rejection

[yyforyongyu]

Summary

• add no-broadcast subset probes for unattributed mempool/script rejections
• route completed diagnoses through BadInputs so only singleton bad inputs are failed fatally
• document sweeper failure-attribution roles and add a release note

Fixes #10840.

Tests

• git diff --check
• make lint
• GOWORK=off go test ./contractcourt ./lnrpc/walletrpc ./sweep

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a diagnostic mechanism for the sweeper to identify and isolate problematic inputs when a transaction batch is rejected by the mempool. By performing no-broadcast probes on subsets of inputs, the system can now pinpoint specific inputs causing failures rather than failing the entire batch. This improves the robustness of the sweeping process by ensuring that only truly invalid inputs are treated as fatal, while valid inputs can continue to be processed and retried.

Highlights

• Mempool Rejection Diagnosis: Implemented no-broadcast subset probes to isolate specific inputs causing mempool or script rejections, preventing the fatal failure of entire batches when only a single input is invalid.
• Sweeper Failure Attribution: Updated the UtxoSweeper to handle diagnosed bad inputs by marking them as fatal while allowing the remaining inputs in the batch to be retried.
• Documentation and Testing: Added release notes documenting the new failure-attribution logic and included comprehensive unit tests to verify the diagnosis flow and edge cases.

New Features

🧠 You can now enable Memory (public preview) to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a mechanism to isolate and diagnose bad inputs in a rejected sweep batch using no-broadcast mempool acceptance probes. When a multi-input batch is rejected with an unattributed non-fee mempool or script error, the TxPublisher performs a binary search probe of the input subsets to identify the specific inputs causing the failure. The UtxoSweeper then marks only those identified bad inputs as fatal, allowing the remaining valid inputs in the batch to be retried. A review comment suggests adding a defensive nil check for r.feeFunction in shouldDiagnoseBadInputs to prevent a potential nil pointer dereference panic.

[github-actions]

🔴 PR Severity: CRITICAL

Automated classification | 4 files (excl. tests) | 417 lines changed (excl. tests)

🔴 Critical (2 files)

• sweep/fee_bumper.go - Fee bumping logic in the sweep package (output sweeping, fund recovery)
• sweep/sweeper.go - Core sweeper implementation for on-chain output sweeping and fund recovery

🟢 Low (2 files)

• docs/release-notes/release-notes-0.21.1.md - Release notes documentation
• sweep/README.md - Package documentation

Analysis

This PR modifies sweep/fee_bumper.go and sweep/sweeper.go, both under the sweep/ package which is explicitly classified as CRITICAL because it handles output sweeping, fund recovery, and fee bumping — all security-sensitive on-chain fund management operations. Errors in this package can result in loss of funds or inability to recover outputs from force-closed channels.

The bulk of changes (265 lines) are in sweep/fee_bumper.go, which directly impacts how fee rates are calculated and applied to sweep transactions. This requires expert review to ensure correctness under all fee market conditions.

Severity bump check: 4 non-test files (threshold: >20), 417 non-test lines (threshold: >500), single critical package — no bump applied.

---

_{To override, add a severity-override-{critical,high,medium,low} label.}
<!-- pr-severity-bot -->

[yyforyongyu]

LGTM ⚡ (claude-opus-4-8[1m])

[yyforyongyu]

LGTM 🦦 openai/gpt-5.5

[yyforyongyu]

LGTM ✨ (claude-opus-4-8[1m])