👋 Thanks for assigning @wpaulino as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

The diff is unchanged from my prior review pass, and I've now confirmed the error strings (channel.rs:12643,12655) are indeed APIMisuseError, so the variant match in the probe is correct. The splice_channel path is confirmed read-only (channelmanager.rs:4934 takes a read lock and calls the &self method), so no determinism concerns.

My previously-flagged issue (tx_abort branch missing the "currently being negotiated" check) remains unaddressed in this commit. I won't repeat it inline.

One additional observation not covered before, worth noting:

No new issues found beyond the prior review.

Summary of standing findings (already posted, still unaddressed):

• fuzz/src/chanmon_consistency.rs:2921 — tx_abort probe only asserts "waiting to be negotiated", omitting "currently being negotiated"; a stale active funding_negotiation after tx_abort would slip through.

Cross-cutting notes (not blocking):

• Both probes can only detect initiator-side leftover negotiation. splice_channel (channel.rs:12649-12660) returns "currently being negotiated" only when funding_negotiation.is_initiator() is true. A stale non-initiator (acceptor-side) funding_negotiation left behind after tx_abort / SpliceNegotiationFailed would not produce either asserted string, so neither probe would catch it. The invariant is therefore weaker than the PR description ("active negotiation state does not remain") implies.
• The assertions rely on err.contains(...) substring matching against error text in channel.rs. If those strings are reworded, the asserts silently degrade to no-ops rather than failing — fragile coupling between the fuzz harness and human-readable error messages.

Claude's cross-cutting notes might be worth addressing in a follow up #4699 (comment)