dashpay · lklimek · May 27, 2026 · May 25, 2026 · May 25, 2026 · May 25, 2026
@@ -1233,11 +1233,9 @@ impl PlatformWalletPersistence for FFIPersister {
         }
 
         if !round_success {
-            return Err(
-                "one or more persistence callbacks failed; changeset was rolled back"
-                    .to_string()
-                    .into(),
-            );
+            return Err(PersistenceError::backend(
+                "one or more persistence callbacks failed; changeset was rolled back",
+            ));
         }
 
         // Merge into pending changesets.
@@ -1251,9 +1249,10 @@ impl PlatformWalletPersistence for FFIPersister {
         if let Some(cb) = self.callbacks.on_store_fn {
             let result = unsafe { cb(self.callbacks.context, wallet_id.as_ptr()) };
             if result != 0 {
-                return Err(
-                    format!("Persistence store callback returned error code {}", result).into(),
-                );
+                return Err(PersistenceError::backend(format!(
+                    "Persistence store callback returned error code {}",
+                    result
+                )));
             }
         }
 
@@ -1265,9 +1264,10 @@ impl PlatformWalletPersistence for FFIPersister {
         if let Some(cb) = self.callbacks.on_flush_fn {
             let result = unsafe { cb(self.callbacks.context, wallet_id.as_ptr()) };
             if result != 0 {
-                return Err(
-                    format!("Persistence flush callback returned error code {}", result).into(),
-                );
+                return Err(PersistenceError::backend(format!(
+                    "Persistence flush callback returned error code {}",
+                    result
+                )));
             }
         }
 
@@ -1293,7 +1293,10 @@ impl PlatformWalletPersistence for FFIPersister {
         let mut count: usize = 0;
         let rc = unsafe { load_cb(self.callbacks.context, &mut entries_ptr, &mut count) };
         if rc != 0 {
-            return Err(format!("on_load_wallet_list_fn returned error code {}", rc).into());
+            return Err(PersistenceError::backend(format!(
+                "on_load_wallet_list_fn returned error code {}",
+                rc
+            )));
         }
         let _guard = LoadGuard {
             context: self.callbacks.context,
@@ -2267,14 +2270,17 @@ fn build_wallet_start_state(
         let xpub_bytes =
             unsafe { slice_from_raw(spec.account_xpub_bytes, spec.account_xpub_bytes_len) };
         let (account_xpub, _): (ExtendedPubKey, usize) =
-            bincode::decode_from_slice(xpub_bytes, config::standard())
-                .map_err(|e| format!("failed to decode account xpub: {}", e))?;
+            bincode::decode_from_slice(xpub_bytes, config::standard()).map_err(|e| {
+                PersistenceError::backend(format!("failed to decode account xpub: {}", e))
+            })?;
         let account =
             Account::from_xpub(Some(entry.wallet_id), account_type, account_xpub, network)
-                .map_err(|e| format!("Account::from_xpub failed: {:?}", e))?;
-        accounts
-            .insert(account)
-            .map_err(|e| format!("AccountCollection::insert failed: {}", e))?;
+                .map_err(|e| {
+                    PersistenceError::backend(format!("Account::from_xpub failed: {:?}", e))
+                })?;
+        accounts.insert(account).map_err(|e| {
+            PersistenceError::backend(format!("AccountCollection::insert failed: {}", e))
+        })?;
     }
 
     // External-signable wallet — the mnemonic / seed lives in the
@@ -2915,7 +2921,7 @@ fn build_unused_asset_locks(
     for spec in specs {
         // Decode the outpoint: 32-byte raw txid + 4-byte LE vout.
         let txid = dashcore::Txid::from_slice(&spec.out_point[..32]).map_err(|e| {
-            PersistenceError::from(format!(
+            PersistenceError::backend(format!(
                 "tracked asset lock: invalid txid in outpoint: {}",
                 e
             ))
@@ -2928,8 +2934,8 @@ fn build_unused_asset_locks(
 
         // Decode the consensus-encoded transaction.
         if spec.transaction_bytes.is_null() || spec.transaction_bytes_len == 0 {
-            return Err(PersistenceError::from(
-                "tracked asset lock: empty transaction bytes".to_string(),
+            return Err(PersistenceError::backend(
+                "tracked asset lock: empty transaction bytes",
             ));
         }
         // SAFETY: Swift guarantees the buffer is valid for the
@@ -2939,7 +2945,7 @@ fn build_unused_asset_locks(
             unsafe { slice::from_raw_parts(spec.transaction_bytes, spec.transaction_bytes_len) };
         let transaction: dashcore::Transaction = dashcore::consensus::deserialize(tx_bytes)
             .map_err(|e| {
-                PersistenceError::from(format!(
+                PersistenceError::backend(format!(
                     "tracked asset lock: failed to decode transaction: {}",
                     e
                 ))
@@ -2959,7 +2965,10 @@ fn build_unused_asset_locks(
                 config::standard(),
             )
             .map_err(|e| {
-                PersistenceError::from(format!("tracked asset lock: failed to decode proof: {}", e))
+                PersistenceError::backend(format!(
+                    "tracked asset lock: failed to decode proof: {}",
+                    e
+                ))
             })?;
             Some(proof)
         };
@@ -3010,7 +3019,7 @@ fn funding_type_from_u8(
         4 => AssetLockFundingType::AssetLockAddressTopUp,
         5 => AssetLockFundingType::AssetLockShieldedAddressTopUp,
         other => {
-            return Err(PersistenceError::from(format!(
+            return Err(PersistenceError::backend(format!(
                 "tracked asset lock: unknown funding_type discriminant {}",
                 other
             )))
@@ -3027,7 +3036,7 @@ fn status_from_u8(b: u8) -> Result<platform_wallet::AssetLockStatus, Persistence
         3 => AssetLockStatus::ChainLocked,
         4 => AssetLockStatus::Consumed,
         other => {
-            return Err(PersistenceError::from(format!(
+            return Err(PersistenceError::backend(format!(
                 "tracked asset lock: unknown status discriminant {}",
                 other
             )))
@@ -3190,7 +3199,7 @@ fn account_type_from_spec(spec: &AccountSpecFFI) -> Result<AccountType, Persiste
     // been UB for out-of-range bytes from a corrupt SwiftData row /
     // forward-versioned tag / malformed host buffer).
     let type_tag = AccountTypeTagFFI::try_from_u8(spec.type_tag).ok_or_else(|| {
-        PersistenceError::Backend(format!(
+        PersistenceError::backend(format!(
             "AccountSpecFFI carries unknown type_tag byte {} (out of declared range)",
             spec.type_tag
         ))
@@ -3199,7 +3208,7 @@ fn account_type_from_spec(spec: &AccountSpecFFI) -> Result<AccountType, Persiste
         AccountTypeTagFFI::Standard => {
             let standard_tag = StandardAccountTypeTagFFI::try_from_u8(spec.standard_tag)
                 .ok_or_else(|| {
-                    PersistenceError::Backend(format!(
+                    PersistenceError::backend(format!(
                         "AccountSpecFFI(Standard) carries unknown standard_tag byte {}",
                         spec.standard_tag
                     ))
@@ -3254,7 +3263,7 @@ fn account_type_from_spec(spec: &AccountSpecFFI) -> Result<AccountType, Persiste
         // is gone.
         AccountTypeTagFFI::IdentityAuthenticationEcdsa
         | AccountTypeTagFFI::IdentityAuthenticationBls => {
-            return Err(PersistenceError::Backend(format!(
+            return Err(PersistenceError::backend(format!(
                 "AccountTypeTagFFI {:?} is no longer mappable to a key-wallet AccountType after the upstream event-bus refactor (TODO(events))",
                 type_tag
             )));
@@ -3357,10 +3366,10 @@ fn restore_unresolved_asset_lock_tx_records(
         let context = match rec.context_raw {
             2 => {
                 let block_hash = dashcore::BlockHash::from_slice(&rec.block_hash).map_err(|e| {
-                    format!(
+                    PersistenceError::backend(format!(
                         "load: malformed block_hash on unresolved asset-lock tx record: {}",
                         e
-                    )
+                    ))
                 })?;
                 TransactionContext::InBlock(BlockInfo::new(
                     rec.block_height,
@@ -3370,10 +3379,10 @@ fn restore_unresolved_asset_lock_tx_records(
             }
             3 => {
                 let block_hash = dashcore::BlockHash::from_slice(&rec.block_hash).map_err(|e| {
-                    format!(
+                    PersistenceError::backend(format!(
                         "load: malformed block_hash on unresolved asset-lock tx record: {}",
                         e
-                    )
+                    ))
                 })?;
                 TransactionContext::InChainLockedBlock(BlockInfo::new(
                     rec.block_height,

@@ -16,19 +16,24 @@ path = "src/bin/platform-wallet-storage.rs"
 required-features = ["cli"]
 
 [dependencies]
-# Cross-cutting deps (always on)
-platform-wallet = { path = "../rs-platform-wallet", features = ["serde"] }
-serde = { version = "1", features = ["derive"] }
+# Truly cross-cutting deps (always on regardless of features).
 thiserror = "1"
 tracing = "0.1"
 hex = "0.4"
 
 # SQLite-backed persister deps (gated by the `sqlite` feature).
+# `platform-wallet` types are reachable through the `sqlite` submodule
+# only; without the feature the bare crate ships no items that mention
+# them, so the wallet/serde graph stays out of the build (CODE-020).
 # `dpp` types reach the persister via `IdentityPublicKey` (identity_keys
 # writer), `AssetLockProof` (asset_locks writer) and `Identifier`
 # (dashpay writer). `dash-sdk` is here for the `AddressFunds` re-export
 # in `schema/platform_addrs.rs`. Feature set mirrors sibling
 # `rs-platform-wallet` so the resolver picks identical hashes.
+platform-wallet = { path = "../rs-platform-wallet", features = [
+    "serde",
+], optional = true }
+serde = { version = "1", features = ["derive"], optional = true }
 key-wallet = { workspace = true, optional = true }
 dashcore = { workspace = true, optional = true }
 dpp = { path = "../rs-dpp", optional = true }
@@ -50,7 +55,6 @@ refinery = { version = "0.9", default-features = false, features = [
 # (which derives bincode 2 `Encode`/`Decode`) and decode
 # `dpp::AssetLockProof` from the asset-lock blob column.
 bincode = { version = "2", optional = true }
-fs2 = { version = "0.4", optional = true }
 tempfile = { version = "3", optional = true }
 chrono = { version = "0.4", default-features = false, features = [
     "clock",
@@ -74,19 +78,34 @@ filetime = "0.2"
 tracing-test = { version = "0.2", features = ["no-env-filter"] }
 serial_test = "3"
 platform-wallet-storage = { path = ".", features = ["sqlite", "cli", "__test-helpers"] }
+# `round_trip_consumer.rs` constructs a real `PlatformWalletManager`
+# (consumer) against a real `SqlitePersister` (this crate's impl) so
+# every consumer↔persister contract drift becomes a CI failure (CODE-008
+# / T-024). The manager needs `dash-sdk::SdkBuilder::new_mock().build()`
+# (gated behind `mocks`) and `platform-wallet` requires `wallet` on the
+# SDK transitively. Tokio is needed directly so `#[tokio::test]`
+# resolves the macro by name.
+dash-sdk = { path = "../rs-sdk", default-features = false, features = [
+    "dashpay-contract",
+    "dpns-contract",
+    "wallet",
+    "mocks",
+] }
+tokio = { version = "1", features = ["macros", "rt-multi-thread"] }
 
 [features]
 default = ["sqlite", "cli"]
 # SQLite-backed persister (`platform_wallet_storage::sqlite`).
 sqlite = [
+    "dep:platform-wallet",
+    "dep:serde",
     "dep:key-wallet",
     "dep:dashcore",
     "dep:dpp",
     "dep:dash-sdk",
     "dep:rusqlite",
     "dep:refinery",
     "dep:bincode",
-    "dep:fs2",
     "dep:tempfile",
     "dep:chrono",
     "dep:sha2",