Bitcoin Core supports migrating legacy wallets (for example, Berkeley DB wallets) to newer formats while other wallets may coexist in the same data directory.
What invariants does Bitcoin Core rely on to ensure that wallet migration is non-destructive outside the migrated wallet?
Specifically….
A) What guarantees exist that filesystem operations during migration (rename, cleanup, recursive delete) are confined to the target wallet directory?
B) Where in the codebase are these invariants enforced or validated, if at all?
C) Are these guarantees structural (for example, scoped filesystem APIs or path checks), or primarily implicit assumptions about directory layout?
D) How are failure paths handled to ensure sibling wallets cannot be affected?
The question concerns design intent and enforcement, not attribution. Thx
