FFI primitive validation hardening + binding/test alignment #1262
Description
We recently switched several FFI inputs to raw primitives (u64/Vec/etc.) in PR #1191. As expected, without validation, that exposes gaps where invalid values are accepted silently (e.g., fee rate overflow dropping to None, amounts > MAX_MONEY, oversized scripts/witnesses, impossible weights, huge expirations), which is both a correctness risk and a potential DoS/vector for oversized inputs.
I've also seem binding/test drift: JS bindings are still on Uniffi contract 29, and some Python integration expectations no longer match the new result shapes.
Currently working on:
- Add shared validators for primitive inputs (amount, fee rate, script/witness size, weight, expiration).
- Ensure all primitive FFI constructors/fields use the validators and return structured errors instead of silently accepting.
- Update bindings/tests for the new error surface and result shapes.
- Regenerate JS bindings with Uniffi 0.30 so contract version matches Rust.
Final Acceptance criteria
- Invalid primitive inputs return a PrimitiveError (or typed FFI error) across languages.
- apply_fee_range and other fee-rate entrypoints surface invalid values as errors.
- JS bindings regenerate with contract version 30 and tests pass.
- Python integration tests pass with updated expectations.
- Dart test update deferred (separate issue or follow-up).
A few Notes/questions
- Do we want policy-style caps for script/witness sizes or just hard consensus-ish caps?
- Should empty script_pubkey be a hard error or allowed for some use cases?