feat(vault): split pegin fix

[gbarkhatov]

Summary

This PR fixes split peg-in progress and resume behavior in the vault app. The main problem was that the initial deposit modal could show a split vault as completed even when that vault had not actually submitted WOTS keys or signed payouts, and after fixing WOTS we uncovered another false failure where the modal tried payout signing before the vault provider was ready.

What changed

• Track explicit per-vault progress in the initial split deposit modal instead of guessing progress from vault order. This prevents an earlier skipped vault from being shown as completed just because a later vault advanced.
• Show soft warning callouts for recoverable per-vault failures, so users can see when WOTS or payout work was skipped instead of silently seeing confusing progress.
• Add a shared batch readiness poller and use it for WOTS readiness and payout readiness. This waits once for all sibling vaults instead of spending a full timeout per vault.
• Add a WOTS readiness gate before WOTS submission, so the first vault no longer burns its SDK retry budget while the vault provider is still ingesting the shared Pre-PegIn.
• Add a payout readiness gate before payout signing, so a normal long confirmation/provider-prep wait is not shown as “Payout signing failed.”
• Let the existing in-modal continuation view finish long-running payout signing and activation when the user keeps the modal open. The dashboard remains the fallback only if the user closes the modal.
• Make split progress headers use the laggard vault, not the furthest vault, so the top progress bar and completed-step pill do not overstate progress.
• Harden split resume progress so warning, missing, loading, or already-activated sibling vaults render their own truthful step instead of mirroring another vault.
• Add IngestionRejected as a terminal vault-provider status in the SDK and dashboard polling path, so permanent ingestion failures stop polling immediately and show a terminal error.
• Update the “Prepare claim and payout transactions” copy and detail panel so the modal shows a BTC block countdown while confirmations are still needed, then switches to vault-provider preparation status after the required depth is reached.

Why this was needed

Split peg-ins have shared work at the start, then each vault can diverge after the shared Pre-PegIn is broadcast. The old UI treated “vault index before the active vault” as “done,” which is not true when a vault failed WOTS, timed out, or was still waiting for the vault provider. That is why a vault could show WOTS, payout signing, and recovery signing as completed even though those actions did not happen.

The original WOTS issue was also caused by timing. The initial modal started WOTS submission immediately after broadcast, but the vault provider only accepts WOTS once it has ingested the Pre-PegIn. In a split flow, vault 1 could spend its whole wait budget before the provider was ready, while vault 2 worked later because enough time had passed.

After fixing WOTS readiness, the flow reached payout signing more reliably. That exposed a second timing issue: payout signing was attempted before the provider had prepared payout transactions, and the SDK’s 20 minute wait could time out. That timeout is not a real signing failure, so this PR treats it as “not ready yet” and hands off to the continuation view instead.

Approaches considered

• Keep positional progress inference and add more flags. This was similar to the display approach in fix(vault): fix living payout signig #1819, but it still leaves progress as a guess. We chose explicit per-vault steps because the hook already knows each vault’s real outcome.
• Increase SDK polling timeouts. This would hide the symptom but could block the modal for a long time, especially because split vaults would wait serially. We chose batch readiness gates plus continuation handoff so long waits stay recoverable and closeable.
• Always force the user to resume from the dashboard after WOTS. We did not choose this because a user who keeps the modal open should still be able to finish the whole flow in the modal.
• Copy all of fix(vault): fix living payout signig #1819. We only took the complementary IngestionRejected terminal status handling because our per-vault progress and readiness gates solve the reported split-modal issue more completely.

Why this approach

The chosen approach keeps the modal honest and avoids serial timeouts. WOTS readiness and payout readiness are checked once for the whole split batch, because sibling vaults share the same Pre-PegIn timing. If a vault is ready, the modal proceeds. If it is not ready, the modal shows the correct waiting step and the in-modal continuation view keeps polling until the next user action is available.

This also keeps dashboard resume and initial-modal behavior aligned. The same continuation path handles “I kept the modal open” and “I closed and resumed later,” so users are not forced into a different recovery flow unless they explicitly close the modal.

Testing

• Added unit coverage for WOTS readiness, payout readiness, terminal ingestion rejection, split per-vault progress, warning sibling freezing, payout timeout handoff, and the updated BTC/provider wait detail.
• Verified focused vault tests for the changed flow and progress components.
• Verified services/vault TypeScript with pnpm --dir services/vault exec tsc --noEmit -p tsconfig.lib.json.
• Verified touched-file ESLint; the only warnings observed were pre-existing no-explicit-any warnings in useDepositFlow.test.tsx.
• Verified git diff --check.

Manual verification recommended

Run a live split peg-in and keep the initial modal open through a slow confirmation path. Expected behavior: both vaults should sit honestly at “Prepare claim and payout transactions,” BTC confirmation detail should show the block countdown until depth is reached, then provider preparation status, and the modal should transition into the in-modal continuation flow without showing “Payout signing failed.” When the vault provider reaches payout readiness, the same modal should let the user sign payouts and proceed to activation.

[github-actions]

🔐 Commit Signature Verification

✅ All 7 commit(s) passed verification

Commit	Author	Signature	Key Type	Key Check
ca09ba785525	Govard Barkhatov	✅	sk-ssh-ed25519	✅
69acbcb2501c	Govard Barkhatov	✅	sk-ssh-ed25519	✅
48f9f724ca0a	Govard Barkhatov	✅	sk-ssh-ed25519	✅
9902fce7200c	Govard Barkhatov	✅	sk-ssh-ed25519	✅
2b148ff70582	Govard Barkhatov	✅	sk-ssh-ed25519	✅
5758d7ccacc6	Govard Barkhatov	✅	sk-ssh-ed25519	✅
467a3c113dfd	Govard Barkhatov	✅	sk-ssh-ed25519	✅

Summary

• Commits verified: 7
• Signature check: ✅ All passed
• Key type enforcement: ✅ All sk-ssh-ed25519

---

Required key type: sk-ssh-ed25519 (FIDO2 hardware key)

Last verified: 2026-06-03 07:02 UTC

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

[greptile-apps]

Greptile Summary

This PR updates the vault peg-in flow for split deposits and new provider failure states. The main changes are:

• Adds IngestionRejected as a terminal VP status.
• Shares batch readiness polling between WOTS and payout readiness checks.
• Gates inline payout signing on VP payout readiness.
• Adds per-vault split progress state and continuation-flow updates.
• Updates BTC confirmation and payout-prep copy.

Confidence Score: 4/5

This is close, but the split warning display should be fixed before merging.

• A split deposit with one failed sibling can render other siblings at the wrong progress step.

• The issue is contained to the continuation progress UI.

• The readiness and terminal-status paths otherwise line up with the traced callers.

• services/vault/src/components/simple/PostDepositContinuationView.tsx should pass true per-vault steps in the warning branch.

Important Files Changed

Filename	Overview
services/vault/src/components/simple/PostDepositContinuationView.tsx	Adds no-actionable split handling, but the warning branch drops per-vault progress state.
services/vault/src/hooks/deposit/useDepositFlow.ts	Adds WOTS and payout readiness gates with best-effort split-lane continuation.
services/vault/src/hooks/deposit/depositFlowSteps/batchReadiness.ts	Introduces shared batch polling for readiness checks.

_{Reviews (1): Last reviewed commit: "chore(pr): false payout" | Re-trigger Greptile}

[jrwbabylonlab]

Approved with some comments & questions