fix(evm-wallet): track cumulative spend (totalLimit) in transferNative twin

The transferFungible twin correctly tracked budget via spent/max with
pre-reserve + rollback, but transferNative only checked maxAmount (per-call)
and silently ignored totalLimit (cumulative cap). Add the same pattern:
- cumulativeMax = totalLimit ?? 2^256-1
- Reserve before await, roll back on redeemFn failure

Retain the per-call maxAmount body check for test environments where
interface guards are mocked out.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: grypez

packages/evm-wallet-experiment/src/lib/delegation-twin.ts

@@ -38,6 +38,8 @@ export function makeDelegationTwin(
     // method body comparison work correctly regardless of the source.
     const maxAmount =
       grant.maxAmount === undefined ? undefined : BigInt(grant.maxAmount);
+    const totalLimit =
+      grant.totalLimit === undefined ? undefined : BigInt(grant.totalLimit);
 
     const toGuard = to === undefined ? M.string() : M.eq(to);
     const amountGuard = maxAmount === undefined ? M.bigint() : M.lte(maxAmount);
@@ -50,21 +52,38 @@ export function makeDelegationTwin(
       { defaultGuards: 'passable' },
     );
 
+    let spent = 0n;
+    const cumulativeMax = totalLimit ?? 2n ** 256n - 1n;
+
     const exo = makeDiscoverableExo(
       `DelegationTwin:transferNative:${idPrefix}`,
       {
         async transferNative(recipient: Address, amount: bigint): Promise<Hex> {
           if (maxAmount !== undefined && amount > maxAmount) {
             throw new Error(`Amount ${amount} exceeds limit ${maxAmount}`);
           }
+          if (amount > cumulativeMax - spent) {
+            throw new Error(
+              `Insufficient budget: requested ${amount}, remaining ${cumulativeMax - spent}`,
+            );
+          }
+
+          // Reserve before the await so concurrent calls see the updated budget.
+          spent += amount;
 
           const execution: Execution = {
             target: recipient,
             value: `0x${amount.toString(16)}`,
             callData: '0x' as Hex,
           };
 
-          return redeemFn(execution);
+          try {
+            return await redeemFn(execution);
+          } catch (error) {
+            // Roll back on redeemFn failure.
+            spent -= amount;
+            throw error;
+          }
         },
       },
       { transferNative: METHOD_CATALOG.transferNative },