fix(add-bond-invoice): only treat wait timeout as a successful submission

Previously any error from wait_for_dm was reported as "invoice submitted",
so a subscribe/sign/transport failure where the reply never went out was
misreported as success. Introduce a distinguishable WaitForDmTimeout error
and only show the success message on that timeout (the genuine no-reply
happy path), propagating every other error.

Also drop the unnecessary Option wrapper around the payload, which is
always Some by the time it is used (invalid invoices return early).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: grunch

src/cli/add_bond_invoice.rs

@@ -1,7 +1,7 @@
 use crate::parser::common::{
     create_emoji_field_row, create_field_value_header, create_standard_table,
 };
-use crate::util::{print_dm_events, send_dm, wait_for_dm};
+use crate::util::{print_dm_events, send_dm, wait_for_dm, WaitForDmTimeout};
 use crate::{cli::Context, db::Order, lightning::is_valid_invoice};
 use anyhow::Result;
 use lnurl::lightning_address::LightningAddress;
@@ -53,10 +53,10 @@ pub async fn execute_add_bond_invoice(order_id: &Uuid, invoice: &str, ctx: &Cont
     // Parse invoice (Lightning address or BOLT11) and build payload
     let ln_addr = LightningAddress::from_str(invoice);
     let payload = if ln_addr.is_ok() {
-        Some(Payload::PaymentRequest(None, invoice.to_string(), None))
+        Payload::PaymentRequest(None, invoice.to_string(), None)
     } else {
         match is_valid_invoice(invoice) {
-            Ok(i) => Some(Payload::PaymentRequest(None, i.to_string(), None)),
+            Ok(i) => Payload::PaymentRequest(None, i.to_string(), None),
             Err(e) => {
                 return Err(anyhow::anyhow!("Invalid invoice: {}", e));
             }
@@ -71,7 +71,7 @@ pub async fn execute_add_bond_invoice(order_id: &Uuid, invoice: &str, ctx: &Cont
         Some(request_id),
         None,
         Action::AddBondInvoice,
-        payload,
+        Some(payload),
     );
 
     // Serialize the message
@@ -91,18 +91,21 @@ pub async fn execute_add_bond_invoice(order_id: &Uuid, invoice: &str, ctx: &Cont
     );
 
     // Wait for a possible reply. On success Mostro pays the invoice from its
-    // wallet without acknowledging over Nostr, so a timeout here is the happy
+    // wallet without acknowledging over Nostr, so a *timeout* here is the happy
     // path; Mostro only answers with `cant-do` on failure (late reply, wrong
-    // sender, bad invoice, etc.).
+    // sender, bad invoice, etc.). Any other error (subscribe/sign/transport)
+    // means the reply may never have been sent — surface it instead of
+    // misreporting it as success.
     match wait_for_dm(ctx, Some(&order_trade_keys), sent_message).await {
         Ok(recv_event) => {
             print_dm_events(recv_event, request_id, ctx, Some(&order_trade_keys)).await?;
         }
-        Err(_) => {
+        Err(e) if e.downcast_ref::<WaitForDmTimeout>().is_some() => {
             println!("✅ Bond payout invoice submitted to Mostro.");
             println!("💡 Mostro will pay it from its wallet; no further confirmation is sent.");
             println!("💡 Run `get-dm` to check for a `cant-do` response in case of an error.");
         }
+        Err(e) => return Err(e),
     }
 
     Ok(())

src/util/messaging.rs

@@ -256,6 +256,25 @@ pub async fn send_plain_text_dm(
     .await
 }
 
+/// Distinguishable error returned by [`wait_for_dm`] when no reply arrives
+/// within [`FETCH_EVENTS_TIMEOUT`].
+///
+/// Most callers `?`-propagate it like any other error, but flows where "no
+/// reply" is the happy path (e.g. `add-bond-invoice`, where Mostro pays the
+/// invoice without acking over Nostr) can detect it via
+/// `downcast_ref::<WaitForDmTimeout>()` and avoid misreporting genuine
+/// subscribe/send/transport failures as success.
+#[derive(Debug)]
+pub struct WaitForDmTimeout;
+
+impl std::fmt::Display for WaitForDmTimeout {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "Timeout waiting for DM or gift wrap event")
+    }
+}
+
+impl std::error::Error for WaitForDmTimeout {}
+
 pub async fn wait_for_dm<F>(
     ctx: &crate::cli::Context,
     order_trade_keys: Option<&Keys>,
@@ -278,23 +297,25 @@ where
     sent_message.await?;
 
     // Wait for the DM or gift wrap event
-    let event = tokio::time::timeout(super::events::FETCH_EVENTS_TIMEOUT, async move {
+    let waited = tokio::time::timeout(super::events::FETCH_EVENTS_TIMEOUT, async move {
         loop {
             match notifications.recv().await {
-                Ok(notification) => match notification {
-                    RelayPoolNotification::Event { event, .. } => {
-                        return Ok(*event);
-                    }
-                    _ => continue,
-                },
+                Ok(RelayPoolNotification::Event { event, .. }) => return Ok(*event),
+                Ok(_) => continue,
                 Err(e) => {
                     return Err(anyhow::anyhow!("Error receiving notification: {:?}", e));
                 }
             }
         }
     })
-    .await?
-    .map_err(|_| anyhow::anyhow!("Timeout waiting for DM or gift wrap event"))?;
+    .await;
+
+    // Keep a genuine timeout (the only "no reply" outcome) distinguishable from
+    // a notification-channel error so callers can treat them differently.
+    let event = match waited {
+        Ok(inner) => inner?,
+        Err(_elapsed) => return Err(WaitForDmTimeout.into()),
+    };
 
     let mut events = Events::default();
     events.insert(event);

src/util/mod.rs

@@ -12,6 +12,7 @@ pub use events::{
 pub use messaging::{
     derive_shared_key_hex, derive_shared_keys, keys_from_shared_hex, print_dm_events,
     send_admin_chat_message_via_shared_key, send_dm, send_plain_text_dm, wait_for_dm,
+    WaitForDmTimeout,
 };
 pub use misc::{get_mcli_path, uppercase_first};
 pub use net::connect_nostr;