Feature: UTXO management recommendations from xpub/descriptor scan

[Kilombino]

Summary

When scanning an xpub or descriptor, am-i-exposed already provides per-transaction and per-address privacy analysis. It would be incredibly valuable to extend this into actionable UTXO management advice based on the full wallet state.

Problem

Right now, a user can scan their xpub and see which transactions or addresses have privacy issues. But they still need to manually figure out:

• Which UTXOs are "toxic" (linked to known entities, low entropy, reused addresses)
• Which UTXOs are safe to spend together without degrading privacy
• What consolidation or mixing strategy would improve their overall score
• Whether specific UTXOs should be isolated, coinjoined, or spent separately

This requires significant expertise that most users lack.

Proposed Feature

After scanning an xpub/descriptor, provide a UTXO management dashboard that includes:

1. UTXO Classification

• Tag each UTXO with a privacy risk level (e.g., 🟢 clean / 🟡 caution / 🔴 toxic)
• Flag UTXOs linked to known entities, address reuse, or round amounts
• Identify cluster groups (UTXOs that are already linked via common input ownership)

2. Spend Recommendations

• "Safe to combine" — groups of UTXOs that are already linked and can be spent together without additional privacy loss
• "Never combine" — UTXOs from different identity clusters that should remain separate
• "Consider mixing" — UTXOs that would benefit from a CoinJoin before spending

3. Consolidation Strategy

• Suggest optimal fee windows for consolidation (based on current mempool)
• Recommend batch sizes that minimize on-chain fingerprinting
• Warn about dust UTXOs that cost more in fees than they are worth

4. Overall Wallet Hygiene Score

• Aggregate UTXO-level analysis into a wallet-wide "hygiene" metric
• Track improvement over time if the user rescans periodically

Why This Fits am-i-exposed

The tool already does the hard work: heuristic analysis, entity matching, Boltzmann entropy, and chain tracing — all client-side. UTXO management recommendations are a natural next step that turns diagnosis into actionable guidance.

Most users know they should care about UTXO management but don't know where to start. This feature would bridge that gap.

Implementation Notes

• All computation should remain client-side (consistent with the project's privacy model)
• Could be presented as a separate tab/view after xpub scan completes
• The existing heuristic engine already provides most of the data needed for UTXO classification
• Consider optional export of UTXO labels (BIP-329 format) for wallet import

[Kilombino]

Enhancement: BIP-329 Label Import for Better Accuracy

Building on the original proposal — the UTXO classification would be significantly more accurate if users could import their existing wallet labels via BIP-329.

Why this matters

Heuristic analysis can infer a lot, but it has blind spots. The user knows things the scanner cannot determine on-chain:

• Which UTXOs came from KYC exchanges (and which specific exchange)
• Which are change from peer-to-peer trades
• Which addresses belong to friends/family vs merchants
• Which transactions were self-transfers vs actual payments

Proposed flow

1. User imports a BIP-329 .jsonl file (drag & drop or file picker — all client-side)
2. Labels are merged with the heuristic analysis to refine UTXO risk classification
3. A KYC-tagged UTXO automatically gets flagged 🔴 regardless of on-chain heuristics
4. "Never combine" recommendations become much more precise (e.g., never mix KYC exchange A UTXOs with P2P UTXOs)
5. The wallet hygiene score adjusts based on label context

Bidirectional

As mentioned in the original issue, export is also valuable — after analysis, generate a BIP-329 file with am-i-exposed's findings (entity matches, risk tags, cluster IDs) that users can import back into their wallet software (Sparrow, Electrum, etc.).

This creates a feedback loop: wallet labels improve the scan, and scan results improve wallet labels.