Allow cancellation of pending splice funding negotiations

[wpaulino]

A user may wish to cancel an in-flight funding negotiation for whatever reason (e.g., mempool feerates have gone down, inability to sign, etc.), so we should make it possible for them to do so. Note that this can only be done for splice funding negotiations for which the user has made a contribution to.

[ldk-reviews-bot]

👋 Thanks for assigning @jkczyz as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

[ldk-claude-review-bot]

This .expect() can panic in release builds. While cancel_splice in channel.rs verifies made_contribution is true, the maybe_create_splice_funding_failed! macro additionally subtracts contributions that overlap with prior RBF rounds (via prior_contributed_inputs/outputs). For a non-initiator who reuses the same UTXOs across RBF attempts with no explicit output contributions, the subtraction can empty the lists, causing the macro to return None (line 6740-6742 of channel.rs: if !is_initiator && contributed_inputs.is_empty() && contributed_outputs.is_empty() { return None; }).

The debug_assert!(splice_funding_failed.is_some()) at channel.rs:12323 catches this in debug, but this expect will crash in release for that edge case. Consider handling None gracefully, e.g. by returning an APIError or skipping the events.

[ldk-claude-review-bot]

Nit: the contribution check here (has_local_contribution) differs in how it computes "has contributions" compared to the AwaitingAck/ConstructingTransaction branches. has_local_contribution() uses the signing session's local_inputs_count/local_outputs_count (which filter by is_local on the constructed transaction metadata), while the other branches use contributed_inputs()/contributed_outputs() from the context/constructor (which use our_funding_inputs/our_funding_outputs).

These should be semantically equivalent since both exclude the shared input and reflect local contributions, but the different computation paths mean a divergence in one path wouldn't be caught by the other. Consider adding a comment noting the equivalence, or unifying the approach.

[ldk-claude-review-bot]

Review Summary

The approach is sound—making cancel_splice a public API, routing through handle_error for the tx_abort + holding cell release, and adding the ManualIntervention abort reason are all clean. Two inline comments posted:

1. Potential panic via .expect() in channelmanager.rs: For a non-initiator in an RBF scenario reusing the same UTXOs, the prior-contribution subtraction in maybe_create_splice_funding_failed! can produce None, which the expect at line 4942 doesn't handle. This would crash in release builds.

2. Contribution-check divergence across FundingNegotiation variants: The AwaitingSignatures branch uses a different code path (has_local_contribution) than the other variants to determine whether a contribution was made.

🤖 Generated with Claude Code