Add pay_for_bolt12_invoice for externally-sourced BOLT 12 invoices

[Alkamal01]

Add pay_for_bolt12_invoice for externally-sourced BOLT 12 invoices

Closes #4380.

send_payment_for_bolt12_invoice currently requires a prior LDK-managed offer flow. It verifies the invoice against a pending payment_id and fails with UnexpectedInvoice if none exists.

This prevents:

• paying BOLT 12 invoices obtained out-of-band
• splitting a single invoice payment across multiple senders

This PR introduces ChannelManager::pay_for_bolt12_invoice, which allows paying such invoices without a prior offer flow. It skips LDK-side verification, so the caller must provide a payment_id and handle any invoice validation.

An optional amount_msats allows partial payments. This enables multi-sender flows, where each node contributes a portion of the total. The routed amount reflects the contribution, while the onion total remains the full invoice amount so the recipient can validate it correctly.

[ldk-reviews-bot]

I've assigned @valentinewallace as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

[ldk-claude-review-bot]

Bug: amount_msats = Some(0) passes this check (0 <= invoice_amount), which inserts an InvoiceReceived entry and then proceeds to route finding for 0 msat. Routing will fail, triggering abandon_payment and a PaymentFailed event, but a zero-value payment is never meaningful and should be rejected upfront.

Consider:

Suggested change

	if send_amount > invoice_amount {
	return Err(Bolt12PaymentError::InvalidAmount);
	}
	if send_amount == 0 || send_amount > invoice_amount {
	return Err(Bolt12PaymentError::InvalidAmount);
	}

[ldk-claude-review-bot]

Missing test coverage: Neither this test nor pay_for_bolt12_invoice_error_cases actually exercises the partial payment path (amount_msats = Some(partial_amount)) end-to-end. This is the primary feature of this PR — enabling multi-sender split payments where each node pays a portion of the invoice.

A test should verify that paying with e.g. Some(invoice.amount_msats()) (or a true partial amount in a multi-node setup) correctly sets total_mpp_amount_msat in the onion to the full invoice amount while routing only the partial amount. Without this, the total_mpp_amount_msat_override plumbing through send_payment_for_bolt12_invoice_internal is untested.

[ldk-claude-review-bot]

Nit: this arm is currently unreachable since internally-sourced invoices go through send_payment_for_bolt12_invoice, which never returns InvalidAmount. Adding a debug_assert!(false) would make this more robust against future changes that might inadvertently make this path reachable without proper cleanup (the payment would be stuck in InvoiceReceived state since no PaymentFailed event is generated here).

Suggested change

	Err(Bolt12PaymentError::InvalidAmount) => {
	log_error!($logger, "Got InvalidAmount paying internally-sourced invoice; this shouldn't happen");
	return None
	},
	Err(Bolt12PaymentError::InvalidAmount) => {
	log_error!($logger, "Got InvalidAmount paying internally-sourced invoice; this shouldn't happen");
	debug_assert!(false);
	return None
	},

[ldk-claude-review-bot]

The commit (095030bf1) is identical to my prior review pass, and the diff is unchanged. I re-examined the full diff, the partial-payment plumbing, the route-parameter construction, error handling/cleanup paths, and the MPP routing logic. I did not find any new issues beyond those already flagged in my previous review.

Review Summary

No new issues found. The commit is unchanged since my prior review pass, so all previously raised findings still stand (and remain unaddressed):

• lightning/src/ln/channelmanager.rs:5862 — Misleading deprecation note: pay_for_bolt12_invoice is not a drop-in replacement for send_payment_for_bolt12_invoice (requires a fresh payment_id; reusing the Event::InvoiceReceived id yields DuplicateInvoice).
• lightning/src/ln/outbound_payment.rs:1162 / :665, channelmanager.rs:5900, :17146 — Prior nits on the zero-amount rejection, InvalidAmount doc wording, and the debug_assert! placement.
• Cross-cutting: events/mod.rs:1021 and util/config.rs:1084 docs still steer users to the now-deprecated method (lines not in diff).

Newly verified during this pass (no issue raised):

• The partial-payment path (amount_msats = Some(partial)) is now covered by the pay_for_bolt12_invoice_partial_amount test, addressing my prior "missing test coverage" comment.
• Partial MPP sends rely on the recipient supporting basic_mpp; the router's allow_mpp check only governs sender-side path splitting, not the cross-sender total. This is the caller's coordination responsibility per the documented multi-sender use case, so I did not flag it as a bug.

[codecov]

Codecov Report

❌ Patch coverage is 95.91837% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 87.16%. Comparing base (6573d42) to head (dbc0169).
⚠️ Report is 32 commits behind head on main.

Files with missing lines	Patch %	Lines
lightning/src/ln/outbound_payment.rs	94.33%	1 Missing and 2 partials ⚠️
lightning/src/ln/channelmanager.rs	97.77%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4585      +/-   ##
==========================================
+ Coverage   86.99%   87.16%   +0.17%     
==========================================
  Files         163      161       -2     
  Lines      109008   109343     +335     
  Branches   109008   109343     +335     
==========================================
+ Hits        94828    95314     +486     
+ Misses      11696    11551     -145     
+ Partials     2484     2478       -6     

Flag	Coverage Δ
fuzzing	?
fuzzing-fake-hashes	31.17% <10.20%> (?)
fuzzing-real-hashes	22.90% <10.20%> (?)
tests	86.23% <95.91%> (+0.14%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[ldk-claude-review-bot]

Nit: The doc says "This occurs when amount_msats exceeds the invoice amount" but the actual validation (send_amount == 0 || send_amount > invoice_amount) also rejects zero amounts. The same incomplete description appears in the pay_for_bolt12_invoice method doc at channelmanager.rs:5899.

Suggested change

	/// Incorrect amount was provided to [`ChannelManager::pay_for_bolt12_invoice`].
	///
	/// This occurs when `amount_msats` exceeds the invoice amount.
	///
	/// [`ChannelManager::pay_for_bolt12_invoice`]: crate::ln::channelmanager::ChannelManager::pay_for_bolt12_invoice
	InvalidAmount,
	/// Incorrect amount was provided to [`ChannelManager::pay_for_bolt12_invoice`].
	///
	/// This occurs when `amount_msats` is zero or exceeds the invoice amount.
	///
	/// [`ChannelManager::pay_for_bolt12_invoice`]: crate::ln::channelmanager::ChannelManager::pay_for_bolt12_invoice
	InvalidAmount,

[ldk-claude-review-bot]

Same doc inaccuracy as on the InvalidAmount variant: should also mention that zero amount_msats is rejected.

Suggested change

	/// Returns [`Bolt12PaymentError::DuplicateInvoice`] if a payment with the given `payment_id`
	/// is already pending, or [`Bolt12PaymentError::InvalidAmount`] if `amount_msats` exceeds the
	/// invoice amount.
	/// Returns [`Bolt12PaymentError::DuplicateInvoice`] if a payment with the given `payment_id`
	/// is already pending, or [`Bolt12PaymentError::InvalidAmount`] if `amount_msats` is zero or
	/// exceeds the invoice amount.

[ldk-reviews-bot]

🔔 1st Reminder

Hey @valentinewallace! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[TheBlueMatt]

Thanks!

[TheBlueMatt]

Let's at least deprecate send_payment_for_bolt12_invoice in the same PR.

[TheBlueMatt]

This should be in the optional params.

[ldk-claude-review-bot]

The deprecation note "Use ChannelManager::pay_for_bolt12_invoice instead." is misleading — the two methods are not drop-in replacements:

1. send_payment_for_bolt12_invoice derives the payment_id from the invoice's payer_metadata (via verify_bolt12_invoice) and pays against the existing pending payment created by the offer flow. pay_for_bolt12_invoice instead requires the caller to supply a fresh, unused payment_id and inserts a new InvoiceReceived entry.

2. For the primary documented use case (manually_handle_bolt12_invoices → Event::InvoiceReceived), the payment is already in InvoiceReceived state because mark_invoice_received was called at message-handling time (channelmanager.rs:17268). Calling pay_for_bolt12_invoice with that same payment_id will hit the Occupied branch and return Bolt12PaymentError::DuplicateInvoice.

So a user who follows this deprecation guidance for the standard InvoiceReceived flow (passing the event's payment_id) will get a DuplicateInvoice error. The test pay_for_bolt12_invoice_with_fresh_payment_id even has to abandon_payment(orig_payment_id) and use a different id, confirming the old id can't be reused.

Consider either keeping send_payment_for_bolt12_invoice non-deprecated (the two serve different flows), or clarifying in the note that the replacement requires a brand-new payment_id and that the invoice must be independently verified by the caller.

[Alkamal01]

Kept the deprecation per @TheBlueMatt ask, but you're right the note read as drop-in. Updated it to call out that pay_for_bolt12_invoice needs a fresh payment_id and caller-side invoice verification.

[ldk-reviews-bot]

🔔 2nd Reminder

Hey @valentinewallace! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.