backport: bitcoin#24254, #24397, #24521, #24523, #25235, #25696, #25723, #26196, #27449, #28002, #28967, #28981, #29489 (external signer, boost) #6913

knst · 2025-10-22T18:09:03Z

What was done?

Extra backports to improve support of External signer.
This PR have mostly backports related to build system and Boost.

How Has This Been Tested?

N/A

Breaking Changes

There's no breaking changes because external signer has not been released yet. Though key changes are:

signing won't happen if more than 1 signer is available on the same time
external signer for Windows is still disabled
external signer for OpenBSD 7.3 expected to be working (but not tested)

Checklist:

I have performed a self-review of my own code
I have commented my code, particularly in hard-to-understand areas
I have added or updated relevant unit/integration/functional/e2e tests
I have made corresponding changes to the documentation
I have assigned this pull request to a milestone (for repository code-owners and collaborators only)

github-actions · 2025-10-22T18:10:04Z

✅ No Merge Conflicts Detected

This PR currently has no conflicts with other open PRs.

coderabbitai · 2025-10-22T18:30:17Z

Walkthrough

The patch enables external-signer support by default and moves runtime probing/handling of Boost.Process into configure.ac (with Windows forced to "no"). It relocates RunCommandParseJSON from util/system to src/common/run_command.{h,cpp} and introduces a new util/subprocess.hpp implementation. Wallet creation now errors when more than one external signer is found; tests and mocks are updated to exercise the multi-signer case and remove Windows-specific branches. Minor build/test and header-list updates accompany these changes.

Sequence Diagram(s)

sequenceDiagram
    %% Wallet creation and multi-signer handling
    actor User
    participant UI as Qt Wallet UI
    participant WC as WalletController
    participant SignerSys as External Signer System
    participant Dialog as CreateWalletDialog

    User->>UI: Request Create Wallet
    UI->>WC: createWallet()
    activate WC
    WC->>SignerSys: Run enumerate (RunCommandParseJSON -> subprocess)
    activate SignerSys
    SignerSys-->>WC: signers[]
    deactivate SignerSys

    alt signers.size() > 1
        WC->>WC: throw / show critical "More than one external signer found"
        WC->>Dialog: pass empty signers
    else signers.size() == 1
        WC->>Dialog: pass single signer
    else signers.size() == 0
        WC->>Dialog: pass empty signers
    end
    deactivate WC
    Dialog->>User: Show create wallet dialog

sequenceDiagram
    %% Configure-time probe for Boost.Process and macro definition
    participant Configure as configure.ac
    participant Compiler as compiler/linker probe
    participant Config as generated config.h / AM_CONDITIONAL

    Configure->>Compiler: test linking with Boost.Process (AC_LINK_IFELSE)
    activate Compiler
    alt link succeeds
        Compiler-->>Configure: OK
        Configure->>Config: set ENABLE_EXTERNAL_SIGNER defined
    else link fails
        Compiler-->>Configure: FAIL
        alt user requested --enable-external-signer=yes
            Compiler-->>Configure: configure error (Boost.Process required)
        else default/optional
            Configure->>Config: set use_external_signer="no"
        end
    end
    deactivate Compiler

sequenceDiagram
    %% RunCommandParseJSON runtime flow (new location: common/run_command.cpp)
    participant Caller as external_signer.cpp / tests
    participant RunCmd as RunCommandParseJSON
    participant Proc as util::Popen (subprocess.hpp)
    participant JSON as UniValue parser

    Caller->>RunCmd: RunCommandParseJSON(cmd, stdin)
    activate RunCmd
    RunCmd->>Proc: spawn process, provide stdin
    activate Proc
    Proc-->>RunCmd: stdout, stderr, exit code
    deactivate Proc
    alt exit code == 0
        RunCmd->>JSON: parse stdout first-line as JSON
        JSON-->>RunCmd: UniValue
        RunCmd-->>Caller: return UniValue
    else exit code != 0
        RunCmd-->>Caller: throw runtime_error with cmd, retcode, stderr
    end
    deactivate RunCmd

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Areas needing careful review:
- src/util/subprocess.hpp: large, cross-platform process API additions — review for correctness, portability, memory and FD handling, and public API surface.
- src/common/run_command.{h,cpp}: new RunCommandParseJSON behavior, error messages, and interaction with subprocess.
- configure.ac: runtime probing logic, Windows handling, AC_DEFINE/AM_CONDITIONAL placement and help text.
- src/wallet/external_signer_scriptpubkeyman.cpp and src/qt/walletcontroller.cpp: multi-signer error path and how callers handle thrown runtime_error / cleared signer lists.
- Tests and mocks (test/functional/* and src/test/system_tests.cpp): ensure expectations, cross-platform commands, and mock scripts align with the new process API and single-signer enforcement.
- Build/public headers (src/Makefile.am): exposure of new headers and library sources.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 10.67% which is insufficient. The required threshold is 80.00%.	You can run `@coderabbitai generate docstrings` to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description is related to the changeset, explaining the purpose (backports for external signer support), scope (build system and Boost), and noting behavioral changes without breaking compatibility.
Title check	✅ Passed	The title comprehensively references the backported Bitcoin pull requests and identifies the primary changes (external signer and boost-related improvements), directly matching the changeset's scope.

✨ Finishing touches

📝 Generate docstrings

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 21

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

test/functional/wallet_abandonconflict.py (1)
139-139: Use wallet RPC handle for consistency.

This line uses self.nodes[0].listtransactions() instead of alice.listtransactions(), which is inconsistent with the refactoring pattern applied throughout the rest of the file. While functionally equivalent (both access the default wallet), using the alice handle maintains consistency with the PR's objective to switch all wallet operations to wallet RPC handles.

Apply this diff:
-        txAB1_listtransactions = [d for d in self.nodes[0].listtransactions() if d['txid'] == txAB1]
+        txAB1_listtransactions = [d for d in alice.listtransactions() if d['txid'] == txAB1]
src/wallet/scriptpubkeyman.cpp (1)
1624-1649: Avoid pushing invalid entries when pool read fails.

Only append to result when ReadPool succeeds; otherwise you may return default-initialized CKeyPool.
-    while (it != std::end(*setKeyPool)) {
+    while (it != std::end(*setKeyPool)) {
         const int64_t& index = *(it);
         if (index > keypool_id) break; // set*KeyPool is ordered

         CKeyPool keypool;
-        if (batch.ReadPool(index, keypool)) { //TODO: This should be unnecessary
-            m_pool_key_to_index.erase(keypool.vchPubKey.GetID());
-        }
+        if (batch.ReadPool(index, keypool)) { // TODO: Should be unnecessary
+            m_pool_key_to_index.erase(keypool.vchPubKey.GetID());
+        }
         batch.ErasePool(index);
         WalletLogPrintf("keypool index %d removed\n", index);
         it = setKeyPool->erase(it);
-        result.push_back(std::move(keypool));
+        if (keypool.vchPubKey.IsValid()) {
+            result.push_back(std::move(keypool));
+        }
     }
src/qt/sendcoinsdialog.cpp (1)
796-809: External signer balance is always shown as 0.

You change the label but never assign a balance for this branch. Show watch-only (typical for external signer wallets) or regular balance.
-        if (model->wallet().hasExternalSigner()) {
-            ui->labelBalanceName->setText(tr("External balance:"));
+        if (model->wallet().hasExternalSigner()) {
+            balance = balances.watch_only_balance;
+            ui->labelBalanceName->setText(tr("External balance:"));

🧹 Nitpick comments (35)

test/functional/wallet_listtransactions.py (5)
21-24: num_nodes=3: OK, but keep restart args consistent.

Bumping to 3 is justified for cross‑node wallet checks. When you restart later, pass self.extra_args to preserve initial node config.

Apply this small change at the later restart:
-        self.start_nodes()
+        self.start_nodes(extra_args=self.extra_args)
113-118: Avoid hard‑coding wallet.dat paths; use RPC‑based cloning.

Directly copying wallet.dat is brittle (backend differences, walletdir layout like “wallets/”, multiwallet). Prefer RPCs:

dumpwallet on node 0 and importwallet on node 2 (no stop/start needed), or

backupwallet while running, then copy the backup file.

This removes assumptions about self.chain/default_wallet_name and survives backend changes.

Example replacement:
-        self.nodes[0].keypoolrefill(1000)
-        self.stop_nodes()
-        wallet0 = os.path.join(self.nodes[0].datadir, self.chain, self.default_wallet_name, "wallet.dat")
-        wallet2 = os.path.join(self.nodes[2].datadir, self.chain, self.default_wallet_name, "wallet.dat")
-        shutil.copyfile(wallet0, wallet2)
-        self.start_nodes()
+        self.nodes[0].keypoolrefill(1000)
+        dump_file = os.path.join(self.nodes[0].datadir, "w0_dump.txt")
+        self.nodes[0].dumpwallet(dump_file)
+        # Ensure wallet 2 is fresh and imports all keys/labels from node 0
+        self.nodes[2].importwallet(dump_file)
If you must keep file‑copy semantics, derive the wallet path via RPC or node attributes (e.g., walletdir) rather than constructing it manually.

118-123: Reconnect is fine; add sync for determinism.

After restarting/reconnecting, call sync_* to avoid races before subsequent sends/mines and comparisons.
         self.connect_nodes(0, 1)
         self.connect_nodes(1, 2)
         self.connect_nodes(2, 0)
+        self.sync_all()
128-140: Add chain syncs after mining to avoid flakiness across nodes.

generate() mines on a single node; peers may lag briefly. Sync before comparing listtransactions to ensure both nodes see the same chain.
         self.nodes[1].sendtoaddress(addr3, "0.001")
         self.generate(self.nodes[1], 1)
+        self.sync_blocks()
@@
         self.nodes[1].sendtoaddress(addr2, "0.001")
         self.generate(self.nodes[1], 1)
+        self.sync_blocks()
@@
         self.nodes[0].sendtoaddress(addr1, "0.001")
         self.generate(self.nodes[0], 1)
+        self.sync_blocks()
145-152: Strengthen normalization sort key to avoid duplicate‑txid ordering differences.

listtransactions can emit multiple entries with the same txid (e.g., send‑to‑self). Sorting only by txid may keep per‑txid order different across nodes, causing spurious mismatches. Include category and vout in the sort key.
-        def normalize_list(txs):
+        def normalize_list(txs):
             for tx in txs:
                 tx.pop('label', None)
                 tx.pop('time', None)
                 tx.pop('timereceived', None)
-            txs.sort(key=lambda x: x['txid'])
+            txs.sort(key=lambda x: (x['txid'], x.get('category', ''), x.get('vout', -1)))
src/wallet/init.cpp (1)
70-72: Hide -signer when feature is not compiled for consistent CLI UX.

Mirror existing patterns (e.g., -unsafesqlitesync) to avoid unknown-option noise.
 #ifdef ENABLE_EXTERNAL_SIGNER
-    argsman.AddArg("-signer=<cmd>", "External signing tool, see doc/external-signer.md", ArgsManager::ALLOW_ANY, OptionsCategory::WALLET);
+    argsman.AddArg("-signer=<cmd>", "External signing tool, see doc/external-signer.md", ArgsManager::ALLOW_ANY, OptionsCategory::WALLET);
+#else
+    argsman.AddHiddenArgs({"-signer"});
 #endif
src/qt/forms/createwalletdialog.ui (2)
112-121: Text/style polish and availability gating.

Use title case to match help/category naming: “External Signer”.

Ensure the checkbox is hidden/disabled when external signer is not compiled or no signers are detected.
-         <string>External signer</string>
+         <string>External Signer</string>
If not already handled in CreateWalletDialog code, I can add the visibility/enablement toggle based on signer enumeration.

155-155: Tab order looks fine; consider adding descriptor checkbox too (if missing).

If descriptor_checkbox isn’t already in tabstops elsewhere, add it for keyboard navigation consistency.
src/qt/walletmodel.h (1)
144-144: Consider passing string parameter by const reference.

The method signature takes std::string sAddress by value. For efficiency, consider using const std::string& sAddress to avoid unnecessary string copies, especially since the implementation only needs to read the value.

Apply this diff if you'd like to optimize the parameter passing:
-    bool displayAddress(std::string sAddress);
+    bool displayAddress(const std::string& sAddress);
Also update the implementation in src/qt/walletmodel.cpp accordingly.
src/qt/walletmodel.cpp (2)
582-592: Consider using this as the parent widget for the error dialog.

Passing nullptr as the parent to QMessageBox::critical can lead to suboptimal behavior: the dialog may not be modal to the wallet window, may appear on the wrong screen in multi-monitor setups, and lacks proper window ownership. Consider passing this or another appropriate parent widget instead.

Apply this diff:
-        QMessageBox::critical(nullptr, tr("Can't display address"), e.what());
+        QMessageBox::critical(/* appropriate parent widget */, tr("Can't display address"), e.what());
Note: You may need to refactor this method to accept a parent widget parameter, or use a pattern that ensures proper parent widget handling.

582-582: Parameter efficiency: pass by const reference.

The parameter sAddress is passed by value, which creates an unnecessary copy. Consider passing by const std::string& instead.

Apply this diff:
-bool WalletModel::displayAddress(std::string sAddress)
+bool WalletModel::displayAddress(const std::string& sAddress)
src/qt/walletcontroller.cpp (1)
296-306: Consider using a translatable string for the multi-signer error message.

The error message on line 303 uses QString::fromStdString with a hardcoded English string, while other error messages in the same flow (like line 300) use Qt's tr() for translation.

Apply this diff to make the error message translatable and consistent with the rest of the codebase:
     if (signers.size() > 1) {
-        QMessageBox::critical(nullptr, tr("Too many external signers found"), QString::fromStdString("More than one external signer found. Please connect only one at a time."));
+        QMessageBox::critical(nullptr, tr("Too many external signers found"), tr("More than one external signer found. Please connect only one at a time."));
         signers.clear();
     }
src/wallet/rpc/backup.cpp (1)

2041-2047: CoinJoin detection via string search is brittle

Parsing the descriptor string to find "/'/'/4'/0'" is fragile. Prefer a structured check (e.g., store derivation purpose/path metadata in WalletDescriptor or a helper that decodes derivation steps) to avoid false positives if formatting changes or keys are reordered.
src/interfaces/node.h (1)
160-169: Make ExternalSigner interface const-correct and defaulted

getName is an accessor; mark it const. Also default the virtual destructor for clarity.

Apply:
-class ExternalSigner
+class ExternalSigner
 {
 public:
-    virtual ~ExternalSigner() {};
+    virtual ~ExternalSigner() = default;
 
     //! Get signer display name
-    virtual std::string getName() = 0;
+    virtual std::string getName() const = 0;
 };
doc/external-signer.md (1)
1-171: Tighten Markdown (fences, prompts, style) and mention build flag

Add language identifiers (sh, json).

Drop leading “$ ” prompts or include sample outputs per MD014.

Minor grammar: “In order to be” → “To be”, hyphenate “BIP44/49/84-compatible”.

Document that builds must enable external signer support (configure with --enable-external-signer) if that’s the gating.

Apply sample edits:
-```sh
-$ dashd -signer=../HWI/hwi.py
-```
+```sh
+dashd -signer=../HWI/hwi.py
+```

-```
-$ dash-cli enumeratesigners
+```json
+{
+  "signers": [
+    { "fingerprint": "c8df832a" }
+  ]
+}
+```

-```sh
-$ dash-cli createwallet "hww" true true "" true true true
-```
+```sh
+dash-cli createwallet "hww" true true "" true true true
+```

-``` 
-$ <cmd> enumerate
+```sh
+<cmd> enumerate
 [
   { "fingerprint": "00000000" }
 ]
+Note: build with --enable-external-signer to enable this feature.
Also fix “immedidately” → “immediately” if you keep that note in code comments elsewhere (see createwalletdialog.cpp).

</blockquote></details>
<details>
<summary>src/qt/createwalletdialog.cpp (2)</summary><blockquote>

`49-65`: **External signer toggle: align blank-wallet semantics and fix typo**

- You set blank_wallet_checkbox to checked when toggled on (Line 64), implying watch-only wallets should be “blank”. In setSigners() you later force it unchecked (see below), which is inconsistent. Decide the intended default and make both paths consistent.
- Typo in comment: “immedidately” → “immediately”.



Would you like me to update both spots to a single policy (e.g., blank=false because descriptors are imported immediately)?

---

`115-134`: **setSigners(): minor polish and consistency**

- Consistency: As noted above, this forces blank_wallet_checkbox unchecked even though the “toggled” path sets it checked. Pick one behavior.
- UX: When no signers are found (else branch), consider re-enabling the other checkboxes back to their defaults to avoid a partially locked UI if setSigners() is called after prior toggling.
- API: You call signers[0]->getName(); with the proposed const qualifier, this still works.


```diff
-        ui->blank_wallet_checkbox->setEnabled(false);
-        ui->blank_wallet_checkbox->setChecked(false);
+        ui->blank_wallet_checkbox->setEnabled(false);
+        ui->blank_wallet_checkbox->setChecked(true); // or false, but keep consistent with the toggle handler
@@
     } else {
         ui->external_signer_checkbox->setEnabled(false);
+        // Optionally restore defaults:
+        ui->encrypt_wallet_checkbox->setEnabled(true);
+        ui->blank_wallet_checkbox->setEnabled(true);
+        ui->disable_privkeys_checkbox->setEnabled(true);
+        ui->descriptor_checkbox->setEnabled(true);
     }
If you prefer blank=false, update the toggle handler accordingly.
src/node/interfaces.cpp (3)
530-551: Make listExternalSigners resilient (catch enumerate errors, guard empty cmd).

Avoid throwing across the Node interface. Catch exceptions from ExternalSigner::Enumerate and return an empty list; also use command.empty() for clarity.

Apply:
     std::vector<std::unique_ptr<interfaces::ExternalSigner>> listExternalSigners() override
     {
 #ifdef ENABLE_EXTERNAL_SIGNER
-        std::vector<ExternalSigner> signers = {};
-        const std::string command = gArgs.GetArg("-signer", "");
-        if (command == "") return {};
-        ExternalSigner::Enumerate(command, signers, Params().NetworkIDString());
+        std::vector<ExternalSigner> signers;
+        const std::string command = gArgs.GetArg("-signer", "");
+        if (command.empty()) return {};
+        try {
+            ExternalSigner::Enumerate(command, signers, Params().NetworkIDString());
+        } catch (const std::exception& e) {
+            // Log and degrade gracefully
+            LogPrintf("listExternalSigners: enumerate failed: %s\n", e.what());
+            return {};
+        }
         std::vector<std::unique_ptr<interfaces::ExternalSigner>> result;
-        for (auto& signer : signers) {
+        result.reserve(signers.size());
+        for (auto& signer : signers) {
             result.emplace_back(std::make_unique<ExternalSignerImpl>(std::move(signer)));
         }
         return result;
 #else
17-17: Optional: include only when enabled.

Wrap the header include with ENABLE_EXTERNAL_SIGNER to avoid unnecessary coupling when the feature is off.
-#include <external_signer.h>
+#ifdef ENABLE_EXTERNAL_SIGNER
+#include <external_signer.h>
+#endif
402-411: Minor: keep adaptor minimal.

Consider storing just the name instead of copying the whole ::ExternalSigner, unless future methods are planned.
-class ExternalSignerImpl : public interfaces::ExternalSigner
-{
-public:
-    ExternalSignerImpl(::ExternalSigner signer) : m_signer(std::move(signer)) {}
-    std::string getName() override { return m_signer.m_name; }
-private:
-    ::ExternalSigner m_signer;
-};
+class ExternalSignerImpl : public interfaces::ExternalSigner {
+public:
+    explicit ExternalSignerImpl(std::string name) : m_name(std::move(name)) {}
+    std::string getName() override { return m_name; }
+private:
+    std::string m_name;
+};
And in the loop:
- result.emplace_back(std::make_unique<ExternalSignerImpl>(std::move(signer)));
+ result.emplace_back(std::make_unique<ExternalSignerImpl>(std::move(signer.m_name)));
src/external_signer.h (1)
27-35: API polish for performance and const-correctness.

Remove top-level const on by-value return.

Pass chain by const reference in ctor.

Make GetDescriptors const.
-    const std::string NetworkArg() const;
+    std::string NetworkArg() const;
@@
-    ExternalSigner(const std::string& command, const std::string chain, const std::string& fingerprint, const std::string name);
+    ExternalSigner(const std::string& command, const std::string& chain, const std::string& fingerprint, const std::string& name);
@@
-    UniValue GetDescriptors(const int account);
+    UniValue GetDescriptors(int account) const;
Also update implementations:
-const std::string ExternalSigner::NetworkArg() const
+std::string ExternalSigner::NetworkArg() const
 {
     return " --chain " + m_chain;
 }
@@
-ExternalSigner::ExternalSigner(const std::string& command, const std::string chain, const std::string& fingerprint, const std::string name)
+ExternalSigner::ExternalSigner(const std::string& command, const std::string& chain, const std::string& fingerprint, const std::string& name)
   : m_command(command), m_chain(chain), m_fingerprint(fingerprint), m_name(name) {}
@@
-UniValue ExternalSigner::GetDescriptors(const int account)
+UniValue ExternalSigner::GetDescriptors(int account) const
Also applies to: 54-59
src/wallet/external_signer_scriptpubkeyman.cpp (1)
64-86: Use wallet logging instead of stderr on signing failure.

Direct writes to stderr bypass logging. Prefer LogPrintf/WalletLogPrintf.
-    if(!GetExternalSigner().SignTransaction(psbt, strFailReason)) {
-        tfm::format(std::cerr, "Failed to sign: %s\n", strFailReason);
+    if (!GetExternalSigner().SignTransaction(psbt, strFailReason)) {
+        LogPrintf("%s: external signer failed: %s\n", __func__, strFailReason);
         return TransactionError::EXTERNAL_SIGNER_FAILED;
     }
Add:
+#include <logging.h>
near the includes.
test/functional/rpc_signer.py (2)
51-54: Fix Flake8 E128 under-indented continuations.

Reformat the four multi-line assert_raises_rpc_error calls.
-        assert_raises_rpc_error(-1, 'Error: restart dashd with -signer=<cmd>',
-            self.nodes[0].enumeratesigners
-        )
+        assert_raises_rpc_error(
+            -1,
+            'Error: restart dashd with -signer=<cmd>',
+            self.nodes[0].enumeratesigners,
+        )

-        assert_raises_rpc_error(-1, 'execve failed: No such file or directory',
-            self.nodes[3].enumeratesigners
-        )
+        assert_raises_rpc_error(
+            -1,
+            'execve failed: No such file or directory',
+            self.nodes[3].enumeratesigners,
+        )

-        assert_raises_rpc_error(-1, 'RunCommandParseJSON error',
-            self.nodes[1].enumeratesigners
-        )
+        assert_raises_rpc_error(
+            -1,
+            'RunCommandParseJSON error',
+            self.nodes[1].enumeratesigners,
+        )

-        assert_raises_rpc_error(-1, 'fingerprint not found',
-            self.nodes[1].enumeratesigners
-        )
+        assert_raises_rpc_error(
+            -1,
+            'fingerprint not found',
+            self.nodes[1].enumeratesigners,
+        )
Also applies to: 56-58, 62-64, 68-70

55-58: Harden missing-signer assertion across OSes.

The exact message “execve failed: No such file or directory” is Linux-specific and will differ on Windows/macOS. Match a less brittle substring or accept multiple options (e.g., “No such file or directory” or “The system cannot find the file specified.”).
src/qt/sendcoinsdialog.cpp (1)

503-518: Optional: sanitize suggested filename for PSBT saves.

Labels/addresses may contain characters invalid for filenames. Consider replacing forbidden characters (/:*?"<>| etc.) or falling back to a safe default.
src/wallet/wallet.h (1)
30-31: Guard external_signer include for non-signer builds.

Protect include behind ENABLE_EXTERNAL_SIGNER to avoid unnecessary coupling.
-#include <external_signer.h>
+#ifdef ENABLE_EXTERNAL_SIGNER
+#include <external_signer.h>
+#endif
test/functional/wallet_signer.py (5)
113-116: Fix flake8 E128/E124: align continuation and closing paren.
-        assert_raises_rpc_error(-1, 'RunCommandParseJSON error',
-            hww.walletdisplayaddress, address1
-        )
+        assert_raises_rpc_error(
+            -1,
+            'RunCommandParseJSON error',
+            hww.walletdisplayaddress,
+            address1,
+        )
128-141: Fix flake8 E122: indent the second descriptor dict.
-        result = mock_wallet.importdescriptors([{
+        result = mock_wallet.importdescriptors([
+            {
             "desc": "pkh([00000001/84'/1'/0']tprv8ZgxMBicQKsPd7Uf69XL1XwhmjHopUGep8GuEiJDZmbQz6o58LninorQAfcKZWARbtRtfnLcJ5MQ2AtHcQJCCRUcMRvmDUjyEmNUWwx8UbK/0/*)#6k3x80k9",
             "timestamp": 0,
             "range": [0,1],
             "internal": False,
             "active": True
-        },
-        {
+            },
+            {
             "desc": "pkh([00000001/84'/1'/0']tprv8ZgxMBicQKsPd7Uf69XL1XwhmjHopUGep8GuEiJDZmbQz6o58LninorQAfcKZWARbtRtfnLcJ5MQ2AtHcQJCCRUcMRvmDUjyEmNUWwx8UbK/1/*)#tz5866xa",
             "timestamp": 0,
             "range": [0, 0],
             "internal": True,
             "active": True
-        }])
+            },
+        ])
179-180: Prefer assert_equal for clearer failures.
-        assert(hww.testmempoolaccept([mock_tx])[0]["allowed"])
+        assert_equal(hww.testmempoolaccept([mock_tx])[0]["allowed"], True)
21-26: Make signer path robust on Windows and paths with spaces.
Use sys.executable and quoting to avoid shell issues.
+import sys
+import shlex
...
-        if platform.system() == "Windows":
-            return "py " + path
-        else:
-            return path
+        if platform.system() == "Windows":
+            return f'"{sys.executable}" {shlex.quote(path)}'
+        return path
Please confirm CI on Windows still finds Python via sys.executable.

Also applies to: 29-34, 36-40

100-106: Reduce brittleness of exact address assertion.
Hardcoding the full address risks future derivation/encoding changes. Consider asserting validity and keypath properties instead.
-        assert_equal(address3, "yg8pCsowDbY7PbJMthTi4xkkmhNfcNNdHV")
+        assert_equal(address_info['hdkeypath'].startswith("m/44'/1'/0'/0/"), True)
+        assert_equal(address_info['iswitness'], False)
If the exact address is intentionally fixed by the mock, feel free to keep it.
src/wallet/scriptpubkeyman.h (1)
604-608: SetupDescriptor public hook — consider nodiscard.
Return value indicates success; marking [[nodiscard]] would prevent accidental ignore.
-    bool SetupDescriptor(std::unique_ptr<Descriptor>desc);
+    [[nodiscard]] bool SetupDescriptor(std::unique_ptr<Descriptor> desc);
src/wallet/wallet.cpp (3)
3731-3741: Avoid reusing SignatureData across SPKMs.
Stateful CanProvide() may mutate sigdata; reinitialize per iteration.
 std::set<ScriptPubKeyMan*> CWallet::GetScriptPubKeyMans(const CScript& script) const
 {
     std::set<ScriptPubKeyMan*> spk_mans;
-    SignatureData sigdata;
     for (const auto& spk_man_pair : m_spk_managers) {
-        if (spk_man_pair.second->CanProvide(script, sigdata)) {
+        SignatureData sigdata;
+        if (spk_man_pair.second->CanProvide(script, sigdata)) {
             spk_mans.insert(spk_man_pair.second.get());
         }
     }
     return spk_mans;
 }
3869-3897: External signer descriptor ingestion — minor hardening.
Consider logging/skipping descriptors with missing/unsupported output types; current continue silently drops them.
-                if (!desc->GetOutputType()) {
-                    continue;
-                }
+                if (!desc->GetOutputType()) {
+                    WalletLogPrintf("%s: skipping descriptor without output type: %s\n", __func__, desc_str);
+                    continue;
+                }
3965-3987: Remove unused variable and assert in IsInternalScriptPubKeyMan.
The output type is fetched but not used; trim dead code.
-    const auto& type = desc_spk_man->GetWalletDescriptor().descriptor->GetOutputType();
-    assert(type.has_value());
-
     return GetScriptPubKeyMan(/*internal=*/true) == desc_spk_man;

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e5ce1f0 and 08ca6d1b6a71cadc8173d5aa78c12d83bdc06c5f.

📒 Files selected for processing (80)

ci/dash/build_src.sh (1 hunks)
ci/test/00_setup_env_arm.sh (1 hunks)
ci/test/00_setup_env_mac.sh (1 hunks)
ci/test/00_setup_env_mac_native_x86_64.sh (1 hunks)
ci/test/00_setup_env_native_asan.sh (1 hunks)
ci/test/00_setup_env_native_fuzz.sh (1 hunks)
ci/test/00_setup_env_native_multiprocess.sh (1 hunks)
ci/test/00_setup_env_native_nowallet.sh (1 hunks)
ci/test/00_setup_env_native_qt5.sh (1 hunks)
ci/test/00_setup_env_native_tsan.sh (1 hunks)
ci/test/00_setup_env_s390x.sh (1 hunks)
ci/test/00_setup_env_win64.sh (1 hunks)
configure.ac (8 hunks)
doc/Doxyfile.in (1 hunks)
doc/build-openbsd.md (1 hunks)
doc/build-osx.md (1 hunks)
doc/dependencies.md (1 hunks)
doc/external-signer.md (1 hunks)
src/Makefile.am (5 hunks)
src/Makefile.test.include (1 hunks)
src/dummywallet.cpp (1 hunks)
src/external_signer.cpp (1 hunks)
src/external_signer.h (1 hunks)
src/interfaces/node.h (2 hunks)
src/interfaces/wallet.h (2 hunks)
src/node/interfaces.cpp (3 hunks)
src/qt/createwalletdialog.cpp (4 hunks)
src/qt/createwalletdialog.h (2 hunks)
src/qt/forms/createwalletdialog.ui (2 hunks)
src/qt/forms/optionsdialog.ui (1 hunks)
src/qt/forms/receiverequestdialog.ui (1 hunks)
src/qt/optionsdialog.cpp (3 hunks)
src/qt/optionsmodel.cpp (3 hunks)
src/qt/optionsmodel.h (1 hunks)
src/qt/receiverequestdialog.cpp (1 hunks)
src/qt/sendcoinsdialog.cpp (8 hunks)
src/qt/sendcoinsdialog.h (2 hunks)
src/qt/walletcontroller.cpp (4 hunks)
src/qt/walletmodel.cpp (2 hunks)
src/qt/walletmodel.h (1 hunks)
src/qt/walletmodeltransaction.cpp (1 hunks)
src/qt/walletmodeltransaction.h (1 hunks)
src/rpc/client.cpp (1 hunks)
src/rpc/external_signer.cpp (1 hunks)
src/rpc/register.h (2 hunks)
src/test/system_tests.cpp (3 hunks)
src/util/error.cpp (1 hunks)
src/util/error.h (1 hunks)
src/util/system.cpp (3 hunks)
src/util/system.h (0 hunks)
src/wallet/external_signer_scriptpubkeyman.cpp (1 hunks)
src/wallet/external_signer_scriptpubkeyman.h (1 hunks)
src/wallet/init.cpp (1 hunks)
src/wallet/interfaces.cpp (2 hunks)
src/wallet/rpc/addresses.cpp (2 hunks)
src/wallet/rpc/backup.cpp (2 hunks)
src/wallet/rpc/spend.cpp (8 hunks)
src/wallet/rpc/wallet.cpp (6 hunks)
src/wallet/scriptpubkeyman.cpp (5 hunks)
src/wallet/scriptpubkeyman.h (6 hunks)
src/wallet/spend.cpp (2 hunks)
src/wallet/wallet.cpp (13 hunks)
src/wallet/wallet.h (8 hunks)
src/wallet/walletdb.cpp (1 hunks)
src/wallet/walletdb.h (1 hunks)
src/wallet/walletutil.h (1 hunks)
test/config.ini.in (1 hunks)
test/functional/mocks/invalid_signer.py (1 hunks)
test/functional/mocks/multi_signers.py (1 hunks)
test/functional/mocks/signer.py (1 hunks)
test/functional/rpc_fundrawtransaction.py (1 hunks)
test/functional/rpc_help.py (1 hunks)
test/functional/rpc_signer.py (1 hunks)
test/functional/test_framework/test_framework.py (1 hunks)
test/functional/test_framework/test_node.py (1 hunks)
test/functional/test_runner.py (1 hunks)
test/functional/wallet_abandonconflict.py (5 hunks)
test/functional/wallet_listtransactions.py (2 hunks)
test/functional/wallet_signer.py (1 hunks)
test/lint/spelling.ignore-words.txt (1 hunks)

💤 Files with no reviewable changes (1)

src/util/system.h

🧰 Additional context used

📓 Path-based instructions (5)

ci/**