feat: per-wallet filter scan and runtime wallet catch-up (#122)

* feat: per-wallet filter scan and block processing

Filter matching and block processing now operate per wallet, so a wallet added at runtime catches up without disturbing the wallets that are already in sync.

`WalletInterface` is restructured around per-wallet operations:

- `process_block_for_wallets(block, height, wallets)` replaces the global `process_block` and only updates the listed wallets.
- `wallets_behind(height)` returns the wallet ids that still need filter coverage at `height`.
- `monitored_addresses_for(wallet_id)` and `wallet_synced_height(wallet_id)` give per-wallet projections for filter matching.
- `update_wallet_synced_height` and `update_wallet_last_processed_height` advance one wallet at a time and are monotonic.
- `BlockProcessingResult.new_addresses` and `CheckTransactionsResult.new_addresses` carry gap-limit discoveries with wallet attribution.

`FiltersManager.scan_batch` matches each behind wallet's addresses against the batch's filters at heights it hasn't yet covered. The per-block result flows through `BlocksNeeded` to `BlocksManager`, which processes each block only against the wallets whose filters matched it. `FiltersBatch` records the scanned wallet set so commit advances only their `synced_height`.

When a late-added wallet's filter matches a block already in flight, its id is merged into the existing entry. If the block has already been processed, it is re-queued so `BlocksManager` reloads it from local storage and processes it for the late wallet only.

`process_block_for_wallets` refreshes the cached balance even on rescan paths below the wallet's current `last_processed_height`, because UTXOs may change.

* feat: rescan filters when a wallet falls behind committed height

When `wallet.synced_height()` drops below `FiltersManager`'s `progress.committed_height()`, a wallet was added or moved behind the current scan position and needs catch-up coverage. Add a check at the top of `FiltersManager::tick()` that detects this regression, clears in-flight pipeline state, lowers `committed_height` to the new aggregate min, and re-enters `start_download()`. The check runs in `Syncing`, `Synced`, and `WaitForEvents` states so idle additions are caught on the next 100ms tick.

Add `test_wallet_added_at_runtime_catches_up` in `dash-spv/tests/dashd_sync/tests_basic.rs`. After initial sync with `W1`, mine a block funding `W2`'s address and add `W2` at runtime with `birth_height` before that block. Assert the rescan picks up `W2`'s funding transaction and `W1`'s state is unchanged. Then add `W3` with `birth_height` beyond the tip and assert no spurious rescan or regression in either existing wallet.

* refactor: add `wallets_not_yet_at` wrapper on `WalletInterface`

Encapsulate the off-by-one between `wallets_behind` (strict less-than)
and the inclusive height semantics needed by `scan_batch`, so call
sites no longer need to compensate with `saturating_add(1)`.

* test: add `MultiMockWallet` for per-wallet attribution tests

Single-wallet `MockWallet` cannot exercise paths that hinge on multiple
wallets having distinct `synced_height` values or independent address
sets. `MultiMockWallet` holds per-wallet state keyed by `WalletId`.

* fix: correct per-wallet filter scan and catch-up edge cases

Resolves several correctness issues in the per-wallet filter scan and
catch-up paths:

- \`track_block_match\` now distinguishes three states (\`NewlyTracked\`,
  \`InFlight\`, \`AlreadyProcessed\`) instead of a boolean. A block that
  was already processed in a prior round is no longer silently re-queued
  for re-processing, and a block still in flight still re-emits
  \`BlocksNeeded\` so the \`BlocksPipeline\` merges late-arriving wallet
  ids into its pending wallet set.
- \`scan_batch\` only adds wallets that contributed addresses to the
  scan into \`scanned_wallets\`. Empty-address wallets no longer have
  their \`synced_height\` advanced for free.
- \`rescan_batch\` no longer drops new wallet ids when the matching
  block is in flight; it forwards the wallet ids through a fresh
  \`BlocksNeeded\`, which the pipeline merges into its pending set.
- \`tick\` resets \`committed_height\` to the lowest \`synced_height\` of
  the stale wallets only, instead of the global wallet \`synced_height\`,
  so already-synced wallets are not re-scanned from scratch.
- \`scan_batch\` runs the filters once over the union of behind-wallet
  addresses, then attributes each match per-wallet by re-testing the
  matched filter against that wallet's scripts. Cost drops from
  O(N_wallets * batch_size) to O(batch_size + N_wallets * matches),
  and the per-batch borrow of \`active_batches\` is consolidated.
- Field \`filters_matched\` renamed to \`matched_block_hashes\` to
  reflect its actual role as a record (not a deduplication gate).
- \`rescan_batch\` now takes \`addresses_by_wallet\` by reference,
  saving a clone per later-batch rescan in \`try_commit_batches\`.
- Uses \`wallets_not_yet_at(batch_end)\` to express the inclusive
  height intent, hiding the \`+ 1\` off-by-one at the call site.

* test: add wallet-set propagation and queue-merge tests for `BlocksPipeline`

Cover the previously-implicit contract that `queue` and
`add_from_storage` merge wallet sets per block hash, and that
`take_next_ordered_block` returns the merged wallet set.

* fix: address per-wallet filter scan review feedback

Tighten `scan_batch` so wallets at `synced == batch_end` are skipped
(use `wallets_behind(batch_end)` instead of `wallets_not_yet_at`),
ensure behind wallets with zero monitored addresses still advance their
`synced_height` at commit, and surface filter errors and
`AlreadyProcessed` skips through `tracing::warn!` instead of silent
fallthrough.

Add a `min_height` parameter to `check_compact_filters_for_addresses`
so the union pass can skip irrelevant heights without cloning the
filter map. Reuse the existing `batch_filters` borrow for attribution.

Add tests covering:
- `scan_batch` advancing zero-address wallets
- `BlockTrackResult::InFlight` re-emission for late-arriving wallets
- `BlockTrackResult::AlreadyProcessed` skip path
- Union+attribute false-positive elimination
- Rescan from non-zero `synced_height` (not just genesis)
- `BlocksManager::process_buffered_blocks` routing the wallet set

* fix: skip re-enqueue when `BlocksPipeline` already tracks the hash

`BlocksPipeline::queue` unconditionally called `coordinator.enqueue` for every entry, including hashes that were already pending or in flight from a prior call. When a late-arriving wallet match for an already-queued block was emitted as `BlocksNeeded`, the duplicate `enqueue` corrupted the coordinator's pending count and could trigger a duplicate request to the peer. Only enqueue when the hash is not yet tracked, while still merging the late wallet ids into the per-block wallet set.

* fix: record `scanned_wallets` before `scan_batch` early returns

`scan_batch` recorded the per-batch `scanned_wallets` set only after the empty-filters early return, so a batch that hit that path was committed with an empty set and the per-wallet `synced_height` never advanced for that range. The next tick relisted the same wallets via `wallets_behind` and re-scanned the same range. Move the `set_scanned_wallets` call ahead of the empty-filter and empty-address fast paths so every behind wallet's `synced_height` advances when the batch commits.

Also pass each wallet's own `synced_height` as `min_synced` to `check_compact_filters_for_addresses` in `rescan_batch`. Otherwise a new address could spuriously match heights the wallet has already processed and `track_block_match` would route the result into `AlreadyProcessed` and silently drop it.

* test: cover wallet-set exclusion routing and FFI count semantics

Add a `BlocksManager` test that asserts a wallet absent from the pipeline's interested set never receives `process_block_for_wallets`, complementing the existing positive routing test. Add `dash-spv-ffi` callback tests covering the two behavioural changes of this PR: `BlocksNeeded` dispatch reports unique `FilterMatchKey` count (not inflated by the per-block wallet attribution), and `BlockProcessed` dispatch reports the total address count summed across the per-wallet `new_addresses` map.

Author: xdustinface

dash-spv-ffi/src/callbacks.rs

@@ -347,7 +347,7 @@ impl FFISyncEventCallbacks {
             } => {
                 if let Some(cb) = self.on_blocks_needed {
                     let ffi_blocks: Vec<FFIBlockNeeded> = blocks
-                        .iter()
+                        .keys()
                         .map(|key| FFIBlockNeeded {
                             height: key.height(),
                             hash: *key.hash().as_byte_array(),
@@ -366,10 +366,11 @@ impl FFISyncEventCallbacks {
                     let hash_bytes = block_hash.as_byte_array();
                     let txid_bytes: Vec<[u8; 32]> =
                         confirmed_txids.iter().map(|txid| *txid.as_byte_array()).collect();
+                    let total_new_addresses: usize = new_addresses.values().map(|v| v.len()).sum();
                     cb(
                         *height,
                         hash_bytes as *const [u8; 32],
-                        new_addresses.len() as u32,
+                        total_new_addresses as u32,
                         txid_bytes.as_ptr(),
                         txid_bytes.len() as u32,
                         self.user_data,
@@ -755,3 +756,84 @@ impl FFIWalletEventCallbacks {
         }
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use dashcore::hashes::Hash;
+    use dashcore::{Address, BlockHash, Network, Txid};
+    use key_wallet_manager::{FilterMatchKey, WalletId};
+    use std::collections::{BTreeMap, BTreeSet};
+    use std::sync::atomic::{AtomicU32, Ordering};
+
+    /// `BlocksNeeded` dispatch must pass exactly one entry per
+    /// `FilterMatchKey` to the FFI callback (i.e. iterate keys, not
+    /// inflated by the per-block wallet attribution).
+    #[test]
+    fn test_blocks_needed_dispatch_passes_unique_keys_count() {
+        static COUNT: AtomicU32 = AtomicU32::new(u32::MAX);
+        extern "C" fn cb(_blocks: *const FFIBlockNeeded, count: u32, _user: *mut c_void) {
+            COUNT.store(count, Ordering::SeqCst);
+        }
+
+        let callbacks = FFISyncEventCallbacks {
+            on_blocks_needed: Some(cb),
+            ..FFISyncEventCallbacks::default()
+        };
+
+        let mut blocks: BTreeMap<FilterMatchKey, BTreeSet<WalletId>> = BTreeMap::new();
+        // Two distinct blocks, each attributed to two wallets. The dispatch
+        // must report 2 (unique keys), not 4.
+        blocks.insert(
+            FilterMatchKey::new(10, BlockHash::from_byte_array([1u8; 32])),
+            BTreeSet::from([[1u8; 32], [2u8; 32]]),
+        );
+        blocks.insert(
+            FilterMatchKey::new(20, BlockHash::from_byte_array([2u8; 32])),
+            BTreeSet::from([[1u8; 32], [2u8; 32]]),
+        );
+
+        callbacks.dispatch(&SyncEvent::BlocksNeeded {
+            blocks,
+        });
+        assert_eq!(COUNT.load(Ordering::SeqCst), 2);
+    }
+
+    /// `BlockProcessed` dispatch must report the total address count
+    /// summed across all per-wallet entries in the `new_addresses` map.
+    #[test]
+    fn test_block_processed_dispatch_sums_per_wallet_addresses() {
+        static NEW_ADDR_COUNT: AtomicU32 = AtomicU32::new(u32::MAX);
+        extern "C" fn cb(
+            _height: u32,
+            _hash: *const [u8; 32],
+            new_address_count: u32,
+            _txids: *const [u8; 32],
+            _txid_count: u32,
+            _user: *mut c_void,
+        ) {
+            NEW_ADDR_COUNT.store(new_address_count, Ordering::SeqCst);
+        }
+
+        let callbacks = FFISyncEventCallbacks {
+            on_block_processed: Some(cb),
+            ..FFISyncEventCallbacks::default()
+        };
+
+        let addr_a = Address::dummy(Network::Regtest, 1);
+        let addr_b = Address::dummy(Network::Regtest, 2);
+        let addr_c = Address::dummy(Network::Regtest, 3);
+        let mut new_addresses: BTreeMap<WalletId, Vec<Address>> = BTreeMap::new();
+        // Wallet 1 contributes 2 new addresses, wallet 2 contributes 1. Total = 3.
+        new_addresses.insert([1u8; 32], vec![addr_a, addr_b]);
+        new_addresses.insert([2u8; 32], vec![addr_c]);
+
+        callbacks.dispatch(&SyncEvent::BlockProcessed {
+            block_hash: BlockHash::from_byte_array([7u8; 32]),
+            height: 100,
+            new_addresses,
+            confirmed_txids: vec![Txid::from_byte_array([9u8; 32])],
+        });
+        assert_eq!(NEW_ADDR_COUNT.load(Ordering::SeqCst), 3);
+    }
+}

dash-spv/src/sync/blocks/manager.rs

@@ -79,15 +79,17 @@ impl<H: BlockHeaderStorage, B: BlockStorage, W: WalletInterface> BlocksManager<H
         let mut events = Vec::new();
 
         // Process blocks in height order using pipeline's ordering logic
-        while let Some((block, height)) = self.pipeline.take_next_ordered_block() {
+        while let Some((block, height, interested)) = self.pipeline.take_next_ordered_block() {
             let hash = block.block_hash();
 
-            // Process block through wallet
+            // Process the block only for the wallets whose filter matched it.
+            // Already-synced wallets that did not match are not touched.
             let mut wallet = self.wallet.write().await;
-            let result = wallet.process_block(&block, height).await;
+            let result = wallet.process_block_for_wallets(&block, height, &interested).await;
             drop(wallet);
 
             let total_relevant = result.relevant_tx_count();
+            let new_addresses_total: usize = result.new_addresses.values().map(|v| v.len()).sum();
             if total_relevant > 0 {
                 tracing::info!(
                     "Found {} relevant transactions ({} new, {} existing) {} at height {}, new addresses: {}",
@@ -96,19 +98,20 @@ impl<H: BlockHeaderStorage, B: BlockStorage, W: WalletInterface> BlocksManager<H
                     result.existing_txids.len(),
                     hash,
                     height,
-                    result.new_addresses.len()
+                    new_addresses_total
                 );
             }
 
             // Collect confirmed txids before moving new_addresses out of result
             let confirmed_txids: Vec<_> = result.relevant_txids().cloned().collect();
 
             // Collect new addresses for gap limit rescanning
-            let new_addresses: Vec<_> = result.new_addresses.into_iter().collect();
-            if !new_addresses.is_empty() {
+            let new_addresses = result.new_addresses;
+            if new_addresses_total > 0 {
                 tracing::debug!(
-                    "Block {} generated {} new addresses for gap limit maintenance",
+                    "Block {} generated {} new addresses for gap limit maintenance across {} wallets",
                     height,
+                    new_addresses_total,
                     new_addresses.len()
                 );
             }
@@ -168,9 +171,9 @@ mod tests {
     };
     use crate::sync::{ManagerIdentifier, SyncEvent, SyncManagerProgress};
     use crate::test_utils::MockNetworkManager;
-    use key_wallet_manager::test_utils::MockWallet;
+    use key_wallet_manager::test_utils::{MockWallet, MOCK_WALLET_ID};
     use key_wallet_manager::FilterMatchKey;
-    use std::collections::BTreeSet;
+    use std::collections::{BTreeMap, BTreeSet};
 
     type TestBlocksManager =
         BlocksManager<PersistentBlockHeaderStorage, PersistentBlockStorage, MockWallet>;
@@ -215,8 +218,8 @@ mod tests {
         let requests = network.request_sender();
 
         let block_hash = dashcore::BlockHash::dummy(0);
-        let mut blocks = BTreeSet::new();
-        blocks.insert(FilterMatchKey::new(100, block_hash));
+        let mut blocks = BTreeMap::new();
+        blocks.insert(FilterMatchKey::new(100, block_hash), BTreeSet::from([MOCK_WALLET_ID]));
         let event = SyncEvent::BlocksNeeded {
             blocks,
         };
@@ -227,4 +230,100 @@ mod tests {
         assert_eq!(manager.state(), SyncState::Syncing);
         assert!(events.is_empty());
     }
+
+    /// `process_buffered_blocks` must call `process_block_for_wallets` with
+    /// the exact wallet set carried in the pipeline so already-synced
+    /// wallets are not touched by routing logic.
+    #[tokio::test]
+    async fn test_process_buffered_blocks_routes_wallet_set() {
+        use dashcore::block::Header;
+        use dashcore::{Block, TxMerkleNode};
+        use dashcore_hashes::Hash;
+
+        let mut manager = create_test_manager().await;
+        manager.progress.set_state(SyncState::Syncing);
+
+        let header = Header {
+            version: dashcore::blockdata::block::Version::from_consensus(1),
+            prev_blockhash: dashcore::BlockHash::all_zeros(),
+            merkle_root: TxMerkleNode::all_zeros(),
+            time: 0,
+            bits: dashcore::CompactTarget::from_consensus(0),
+            nonce: 0,
+        };
+        let block = Block {
+            header,
+            txdata: vec![],
+        };
+        manager.pipeline.add_from_storage(block.clone(), 100, BTreeSet::from([MOCK_WALLET_ID]));
+
+        let events = manager.process_buffered_blocks().await.unwrap();
+        assert!(matches!(events.first(), Some(SyncEvent::BlockProcessed { .. })));
+
+        // MOCK_WALLET_ID was in the routed set, so MockWallet recorded the
+        // block. (MockWallet::process_block_for_wallets returns early when
+        // its id is absent.)
+        let processed = manager.wallet.read().await.processed_blocks();
+        let processed = processed.lock().await;
+        assert_eq!(processed.len(), 1);
+        assert_eq!(processed[0].1, 100);
+    }
+
+    /// A wallet that is NOT in the pipeline's interested set must not be
+    /// routed the block. Two wallets are registered, but only `wallet_in`
+    /// appears in the routed set; the other wallet's processed log must
+    /// stay empty for that block.
+    #[tokio::test]
+    async fn test_process_buffered_blocks_excludes_uninterested_wallet() {
+        use dashcore::block::Header;
+        use dashcore::{Block, TxMerkleNode};
+        use dashcore_hashes::Hash;
+        use key_wallet_manager::test_utils::{MockWalletState, MultiMockWallet};
+        use key_wallet_manager::WalletId;
+
+        let storage = DiskStorageManager::with_temp_dir().await.unwrap();
+        let multi = MultiMockWallet::new();
+        let wallet_in: WalletId = [0xAA; 32];
+        let wallet_out: WalletId = [0xBB; 32];
+        let multi = Arc::new(RwLock::new(multi));
+        {
+            let mut w = multi.write().await;
+            w.insert_wallet(wallet_in, MockWalletState::default());
+            w.insert_wallet(wallet_out, MockWalletState::default());
+        }
+        let mut manager: BlocksManager<
+            PersistentBlockHeaderStorage,
+            PersistentBlockStorage,
+            MultiMockWallet,
+        > = BlocksManager::new(multi.clone(), storage.block_headers(), storage.blocks()).await;
+        manager.progress.set_state(SyncState::Syncing);
+
+        let header = Header {
+            version: dashcore::blockdata::block::Version::from_consensus(1),
+            prev_blockhash: dashcore::BlockHash::all_zeros(),
+            merkle_root: TxMerkleNode::all_zeros(),
+            time: 0,
+            bits: dashcore::CompactTarget::from_consensus(0),
+            nonce: 0,
+        };
+        let block = Block {
+            header,
+            txdata: vec![],
+        };
+        // Only wallet_in is in the routed set.
+        manager.pipeline.add_from_storage(block.clone(), 100, BTreeSet::from([wallet_in]));
+
+        let _ = manager.process_buffered_blocks().await.unwrap();
+
+        let processed = multi.read().await.processed();
+        let processed = processed.lock().await;
+        // Exactly one entry, for wallet_in only.
+        assert_eq!(processed.len(), 1);
+        assert_eq!(processed[0].0, wallet_in);
+        assert_eq!(processed[0].2, 100);
+        assert!(
+            !processed.iter().any(|(id, _, _)| *id == wallet_out),
+            "wallet_out was not in the routed set, must not be processed"
+        );
+    }
 }