backport: bitcoin#22764, #24505, #26074, #26039, #28230, #29277, #28597 (wallet deprecation + RPC type checking)

[thepastaclaw]

Backported PRs

New prerequisite PRs (for bitcoin#28230)

• refactor: Set RPCArg options with designated initializers bitcoin/bitcoin#26074 — refactor: Set RPCArg options with designated initializers
• refactor: Run type check against RPCArgs (1/2) bitcoin/bitcoin#26039 — refactor: Run type check against RPCArgs (1/2)

Original scope

• build: Include qt sources for parsing with extract_strings.py bitcoin/bitcoin#22764 — build: Include qt sources for parsing with extract_strings.py
• wallet: Add a deprecation warning for newly created legacy wallets bitcoin/bitcoin#24505 — wallet: Add a deprecation warning for newly created legacy wallets
• rpc: Add MaybeArg() and Arg() default helper bitcoin/bitcoin#28230 — rpc: Add MaybeArg() and Arg() default helper
• RPC: access RPC arguments by name bitcoin/bitcoin#29277 — RPC: access RPC arguments by name
• wallet: No BDB creation, unless -deprecatedrpc=create_bdb bitcoin/bitcoin#28597 — wallet: No BDB creation, unless -deprecatedrpc=create_bdb

Adaptations

• refactor: Set RPCArg options with designated initializers bitcoin/bitcoin#26074: Dash-specific RPCs (governance, masternode, coinjoin, etc.) converted from positional constructor args to RPCArgOptions{} struct
• refactor: Run type check against RPCArgs (1/2) bitcoin/bitcoin#26039: Removed RPCTypeCheck() calls from Dash-specific RPCs (type checking now automatic via RPCArg::MatchesType())
• RPC: access RPC arguments by name bitcoin/bitcoin#29277: Updated scantxoutset test assertion for changed error message format
• wallet: No BDB creation, unless -deprecatedrpc=create_bdb bitcoin/bitcoin#28597: Added bool TMPL_INST (from unbackported BIP324 integration bitcoin/bitcoin#28331) + wallet_createwallet test passphrase fix

Notes

Supersedes d0wn3d's #7238. Originally opened with 5 commits + hack fixes; rebuilt with proper prerequisite chain after review.

[github-actions]

⚠️ Potential Merge Conflicts Detected

This PR has potential conflicts with the following open PRs:

• backport: bitcoin#18933, #23123, #23147, #23549, #26074, #26207, #26307, #26341, #26352, #26656, #26886, #26996, #27035 #7192 - backport: bitcoin#18933, #23123, #23147, #23549, #26074, #26207, #26307, #26341, #26352, #26656, #26886, #26996, #27035
• backport: #22764 #28597 #7238 - backport: #22764 #28597

Please coordinate with the authors of these PRs to avoid merge conflicts.

[thepastaclaw]

Code Review — Updated

This PR is missing a critical prerequisite: bitcoin#28230. Resolved — the PR was restructured after the initial review and now includes bitcoin#28230 as a proper squash merge (commit 3435e53). The ArgValue<R>() template specializations, m_req assignment in HandleRequest, and all supporting infrastructure are present in the final tree.

The suggestion about test coverage for the create_bdb rejection path remains valid — see inline comment.

Originally reviewed commit: f632694 — PR has since been updated to 4ec22b0

🟡 1 suggestion(s)

[thepastaclaw]

🟡 Suggestion: Global deprecatedrpc=create_bdb bypasses the new BDB rejection gate in all tests

Adding deprecatedrpc=create_bdb to every test node's default config is necessary to keep existing tests that create legacy wallets working. However, this means the new default rejection path (wallet.cpp:690-693) is never exercised in the test suite. The wallet_createwallet.py test only covers the opt-in success case (creating a legacy wallet with the deprecation flag enabled) but never verifies that BDB creation is properly rejected when the flag is absent.

Consider adding a test case in wallet_createwallet.py that starts a node without -deprecatedrpc=create_bdb and asserts that createwallet(descriptors=False) returns the expected RPC error.

_{source: ['codex']}

🤖 Fix this with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `test/functional/test_framework/util.py`:
- [SUGGESTION] line 424: Global deprecatedrpc=create_bdb bypasses the new BDB rejection gate in all tests
  Adding `deprecatedrpc=create_bdb` to every test node's default config is necessary to keep existing tests that create legacy wallets working. However, this means the new default rejection path (wallet.cpp:690-693) is never exercised in the test suite. The `wallet_createwallet.py` test only covers the opt-in success case (creating a legacy wallet with the deprecation flag enabled) but never verifies that BDB creation is properly rejected when the flag is absent.

Consider adding a test case in `wallet_createwallet.py` that starts a node without `-deprecatedrpc=create_bdb` and asserts that `createwallet(descriptors=False)` returns the expected RPC error.

[thepastaclaw]

Code Review

Two build-breaking issues from the cherry-pick of bitcoin#28230. CI confirms all build jobs are failing. The first issue (RPCArg::MatchesType) is a compile error visible in CI logs. The second issue (missing ArgValue instantiation) is a linker error that would surface once the compile error is fixed. The prior blocking finding (missing prerequisites bitcoin#24505, bitcoin#28230, bitcoin#29277) IS resolved — all three are now included.

Reviewed commit: 4ec22b0

🔴 2 blocking

🤖 Prompt for all review comments with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `src/rpc/util.cpp`:
- [BLOCKING] lines 533-543: Compilation error: RPCArg::MatchesType() does not exist
  The cherry-pick of bitcoin#28230 included an `arg_mismatch` type-checking block (lines 533–543) that calls `arg.MatchesType(request.params[i])` on an `RPCArg` object. However, `MatchesType` is only defined on `RPCResult` (util.h:346, util.cpp:879), not on `RPCArg`. CI confirms all build jobs fail with: `rpc/util.cpp:536:28: error: 'const struct RPCArg' has no member named 'MatchesType'`. This block was added upstream in a separate PR and should not have been included in this backport.
- [BLOCKING] lines 593-595: Linker error: missing ArgValue<bool> template instantiation
  The `TMPL_INST` macro instantiates `ArgValue` for `int`, `uint64_t`, `const std::string&`, `std::optional<double>`, `std::optional<bool>`, and `const std::string*` — but NOT for `bool`. Since `std::is_integral_v<bool>` is `true`, `Arg<bool>(i)` (util.h:416) dispatches to `ArgValue<bool>(i)`, which has no explicit instantiation. This is called from `src/wallet/rpc/wallet.cpp:684` (`self.Arg<bool>("descriptors")`) and `src/test/rpc_tests.cpp:741,764`. This will produce an unresolved symbol linker error. Currently masked by Finding 1's compile error.

[thepastaclaw]

🔴 Blocking: Compilation error: RPCArg::MatchesType() does not exist

The cherry-pick of bitcoin#28230 included an arg_mismatch type-checking block (lines 533–543) that calls arg.MatchesType(request.params[i]) on an RPCArg object. However, MatchesType is only defined on RPCResult (util.h:346, util.cpp:879), not on RPCArg. CI confirms all build jobs fail with: rpc/util.cpp:536:28: error: 'const struct RPCArg' has no member named 'MatchesType'. This block was added upstream in a separate PR and should not have been included in this backport.

_{source: ['claude']}

🤖 Fix this with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `src/rpc/util.cpp`:
- [BLOCKING] lines 533-543: Compilation error: RPCArg::MatchesType() does not exist
  The cherry-pick of bitcoin#28230 included an `arg_mismatch` type-checking block (lines 533–543) that calls `arg.MatchesType(request.params[i])` on an `RPCArg` object. However, `MatchesType` is only defined on `RPCResult` (util.h:346, util.cpp:879), not on `RPCArg`. CI confirms all build jobs fail with: `rpc/util.cpp:536:28: error: 'const struct RPCArg' has no member named 'MatchesType'`. This block was added upstream in a separate PR and should not have been included in this backport.

[thepastaclaw]

🔴 Blocking: Linker error: missing ArgValue template instantiation

The TMPL_INST macro instantiates ArgValue for int, uint64_t, const std::string&, std::optional<double>, std::optional<bool>, and const std::string* — but NOT for bool. Since std::is_integral_v<bool> is true, Arg<bool>(i) (util.h:416) dispatches to ArgValue<bool>(i), which has no explicit instantiation. This is called from src/wallet/rpc/wallet.cpp:684 (self.Arg<bool>("descriptors")) and src/test/rpc_tests.cpp:741,764. This will produce an unresolved symbol linker error. Currently masked by Finding 1's compile error.

💡 Suggested change

Suggested change

	TMPL_INST(CheckRequiredOrDefault, int, CHECK_NONFATAL(maybe_arg)->getInt<int>(););
	TMPL_INST(CheckRequiredOrDefault, uint64_t, CHECK_NONFATAL(maybe_arg)->getInt<uint64_t>(););
	TMPL_INST(CheckRequiredOrDefault, const std::string&, CHECK_NONFATAL(maybe_arg)->get_str(););
	TMPL_INST(CheckRequiredOrDefault, bool, CHECK_NONFATAL(maybe_arg)->get_bool(););

_{source: ['codex']}

🤖 Fix this with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `src/rpc/util.cpp`:
- [BLOCKING] lines 593-595: Linker error: missing ArgValue<bool> template instantiation
  The `TMPL_INST` macro instantiates `ArgValue` for `int`, `uint64_t`, `const std::string&`, `std::optional<double>`, `std::optional<bool>`, and `const std::string*` — but NOT for `bool`. Since `std::is_integral_v<bool>` is `true`, `Arg<bool>(i)` (util.h:416) dispatches to `ArgValue<bool>(i)`, which has no explicit instantiation. This is called from `src/wallet/rpc/wallet.cpp:684` (`self.Arg<bool>("descriptors")`) and `src/test/rpc_tests.cpp:741,764`. This will produce an unresolved symbol linker error. Currently masked by Finding 1's compile error.

[thepastaclaw]

Code Review

Push resolves 1 of 2 prior blocking findings: the RPCArg::MatchesType compile error is fixed by removing the cherry-pick artifact from bitcoin#26039. However, the missing TMPL_INST(CheckRequiredOrDefault, bool, ...) linker error persists — Arg<bool>("descriptors") in wallet.cpp dispatches to ArgValue<bool> which has no explicit template instantiation. Upstream Bitcoin Core added this line but it wasn't included in this backport.

Reviewed commit: 6713543

🔴 1 blocking

🤖 Prompt for all review comments with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `src/rpc/util.cpp`:
- [BLOCKING] line 584: Missing TMPL_INST for `bool` — linker error from `Arg<bool>()` usage
  The prior review flagged this: `Arg<bool>("descriptors")` (wallet.cpp:684) dispatches through `std::is_integral_v<bool>` to `ArgValue<bool>(i)`, but there is no explicit template instantiation for `bool`. Only `std::optional<bool>` is instantiated (line 578). Upstream Bitcoin Core added `TMPL_INST(CheckRequiredOrDefault, bool, CHECK_NONFATAL(maybe_arg)->get_bool(););` alongside bitcoin#28597 — it needs to be included here too. Without it, the linker will produce an unresolved symbol error for `RPCHelpMan::ArgValue<bool>`.

[thepastaclaw]

🔴 Blocking: Missing TMPL_INST for bool — linker error from Arg<bool>() usage

The prior review flagged this: Arg<bool>("descriptors") (wallet.cpp:684) dispatches through std::is_integral_v<bool> to ArgValue<bool>(i), but there is no explicit template instantiation for bool. Only std::optional<bool> is instantiated (line 578). Upstream Bitcoin Core added TMPL_INST(CheckRequiredOrDefault, bool, CHECK_NONFATAL(maybe_arg)->get_bool();); alongside bitcoin#28597 — it needs to be included here too. Without it, the linker will produce an unresolved symbol error for RPCHelpMan::ArgValue<bool>.

💡 Suggested change

Suggested change

	TMPL_INST(CheckRequiredOrDefault, const std::string&, CHECK_NONFATAL(maybe_arg)->get_str(););
	TMPL_INST(CheckRequiredOrDefault, const std::string&, CHECK_NONFATAL(maybe_arg)->get_str(););
	TMPL_INST(CheckRequiredOrDefault, bool, CHECK_NONFATAL(maybe_arg)->get_bool(););

_{source: unknown}

🤖 Fix this with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `src/rpc/util.cpp`:
- [BLOCKING] line 584: Missing TMPL_INST for `bool` — linker error from `Arg<bool>()` usage
  The prior review flagged this: `Arg<bool>("descriptors")` (wallet.cpp:684) dispatches through `std::is_integral_v<bool>` to `ArgValue<bool>(i)`, but there is no explicit template instantiation for `bool`. Only `std::optional<bool>` is instantiated (line 578). Upstream Bitcoin Core added `TMPL_INST(CheckRequiredOrDefault, bool, CHECK_NONFATAL(maybe_arg)->get_bool(););` alongside bitcoin#28597 — it needs to be included here too. Without it, the linker will produce an unresolved symbol error for `RPCHelpMan::ArgValue<bool>`.

[thepastaclaw]

The missing TMPL_INST(CheckRequiredOrDefault, bool, ...) needs to be added to src/rpc/util.cpp. Without it, Arg<bool>("descriptors") in wallet.cpp:684 will cause a linker error.

Fix: add this line before the existing CheckRequiredOrDefault, int line (around line 582):

TMPL_INST(CheckRequiredOrDefault, bool, CHECK_NONFATAL(maybe_arg)->get_bool(););

This matches upstream Bitcoin Core, which added this instantiation in commit c73cd42 (bitcoin#28331). The fix is on branch fix/7242-missing-bool-tmpl-inst — can be cherry-picked or squashed into the backport.

[thepastaclaw]

Code Review

Single-line addition of the missing TMPL_INST(CheckRequiredOrDefault, bool, ...) template instantiation in src/rpc/util.cpp. The new line follows the established pattern exactly (CHECK_NONFATAL + get_bool()) and is placed before int, matching upstream ordering. Both review agents correctly identified this as a clean, necessary fix for the linker error caused by the bitcoin#28597 backport.

Reviewed commit: 1e7166e

[thepastaclaw]

Code Review

All four incremental commits are sound. The prior TMPL_INST blocker is resolved. The LLMQ signing test rewrite correctly de-flakes the test but drops coverage of the submit=false → P2P recovery pipeline. One misleading comment in the test. No blocking issues.

Reviewed commit: 4def8f3

🟡 1 suggestion(s) | 💬 1 nitpick(s)

🤖 Prompt for all review comments with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `test/functional/feature_llmq_signing.py`:
- [SUGGESTION] lines 88-94: P2P round-trip coverage for submit=false sig shares removed without replacement
  The original test validated the full pipeline: get a sig share via `submit=false`, construct a `CSigShare` P2P message from the returned fields, send it to the recovery member via `msg_qsigshare`, and verify signature recovery. This tested that the RPC's serialized output was compatible with the P2P transport format.

The new code only checks that the expected field names exist (lines 89-90), then submits a fresh share via the normal `submit=true` path (line 94), which takes the `AsyncSignIfMember` code path and never exercises the `submit=false` return value beyond shape validation.

The de-flaking tradeoff is reasonable, but the field validation could be strengthened to partially compensate — e.g., asserting value types and format (int for llmqType/quorumMember, 64-char hex for hashes, 192-char hex for BLS signature).

[thepastaclaw]

🟡 Suggestion: P2P round-trip coverage for submit=false sig shares removed without replacement

The original test validated the full pipeline: get a sig share via submit=false, construct a CSigShare P2P message from the returned fields, send it to the recovery member via msg_qsigshare, and verify signature recovery. This tested that the RPC's serialized output was compatible with the P2P transport format.

The new code only checks that the expected field names exist (lines 89-90), then submits a fresh share via the normal submit=true path (line 94), which takes the AsyncSignIfMember code path and never exercises the submit=false return value beyond shape validation.

The de-flaking tradeoff is reasonable, but the field validation could be strengthened to partially compensate — e.g., asserting value types and format (int for llmqType/quorumMember, 64-char hex for hashes, 192-char hex for BLS signature).

💡 Suggested change

Suggested change

	# 3. Verify the returned sigShare has the expected fields
	for field in ["llmqType", "quorumHash", "quorumMember", "id", "msgHash", "signHash", "signature"]:
	assert field in sig_share_rpc_1, f"Missing field {field} in sigShare"
	# 4. Now submit the third share normally so that recovery can proceed
	# reliably via the concentrated send path (the submit=false RPC was
	# already validated above)
	self.mninfo[2].get_node(self).quorum("sign", q_type, id, msgHash)
	# 3. Verify the returned sigShare has the expected fields and plausible values
	for field in ["llmqType", "quorumHash", "quorumMember", "id", "msgHash", "signHash", "signature"]:
	assert field in sig_share_rpc_1, f"Missing field {field} in sigShare"
	assert isinstance(sig_share_rpc_1["llmqType"], int)
	assert len(sig_share_rpc_1["quorumHash"]) == 64
	assert isinstance(sig_share_rpc_1["quorumMember"], int)
	assert len(sig_share_rpc_1["signature"]) == 192 # 96-byte BLS sig as hex

_{source: ['claude', 'codex']}

🤖 Fix this with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `test/functional/feature_llmq_signing.py`:
- [SUGGESTION] lines 88-94: P2P round-trip coverage for submit=false sig shares removed without replacement
  The original test validated the full pipeline: get a sig share via `submit=false`, construct a `CSigShare` P2P message from the returned fields, send it to the recovery member via `msg_qsigshare`, and verify signature recovery. This tested that the RPC's serialized output was compatible with the P2P transport format.

The new code only checks that the expected field names exist (lines 89-90), then submits a fresh share via the normal `submit=true` path (line 94), which takes the `AsyncSignIfMember` code path and never exercises the `submit=false` return value beyond shape validation.

The de-flaking tradeoff is reasonable, but the field validation could be strengthened to partially compensate — e.g., asserting value types and format (int for llmqType/quorumMember, 64-char hex for hashes, 192-char hex for BLS signature).

[thepastaclaw]

💬 Nitpick: Comment incorrectly references '5-second cleanup cadence' — the relevant constant is the recovery rotation timeout

The comment says 'Advance mocktime past the daemon's 5-second signing session cleanup cadence'. The relevant constants in signing_shares.h are:

• SIG_SHARE_REQUEST_TIMEOUT = 5 (sig share re-request interval, not cleanup)
• SESSION_NEW_SHARES_TIMEOUT = 60 (actual session cleanup)
• EXP_SEND_FOR_RECOVERY_TIMEOUT = 2000ms / MAX_SEND_FOR_RECOVERY_TIMEOUT = 10000ms (recovery rotation)

The purpose of the 10-second bump is to exceed MAX_SEND_FOR_RECOVERY_TIMEOUT so recovery responsibility rotates to the next member. The '5-second cleanup cadence' description conflates the wrong constant with the wrong mechanism.

💡 Suggested change

Suggested change

	# Advance mocktime past the daemon's 5-second signing session
	# cleanup cadence so recovery responsibility rotates to the next
	# member. Use 10s to guarantee at least one full cycle completes.
	self.bump_mocktime(10)
	# Advance mocktime past the daemon's MAX_SEND_FOR_RECOVERY_TIMEOUT
	# (10 s) so that recovery responsibility rotates to the next member.
	self.bump_mocktime(10)

_{source: ['claude']}

[thepastaclaw]

Code Review

Trivial incremental: 5 lines adding wait-for-propagation before stability assertion in LLMQ signing test — ensures recovered sig propagation completes under sanitizer load before checking assert_sigs_nochange. No production code changes.

Reviewed commit: 2b59080

[thepastaclaw]

Code Review

Single-commit incremental: restores shareman->RegisterRecoveryInterface() in ActiveContext::Start() (accidentally removed by the f8cd67e85d refactor that moved NotifyRecoveredSig to NetSigning). Without this registration, CSigSharesManager::HandleNewRecoveredSig() never fires, leaving sig-share sessions uncleaned after threshold recovery. The register/unregister pair follows proper LIFO ordering consistent with cl_signer and is_signer. Test helpers (wait_for_instantlock_with_bumping, wait_for_sigs_bumping) are well-designed with a 30s mocktime cap staying safely under SESSION_NEW_SHARES_TIMEOUT = 60s.

Reviewed commit: a80c46c

[thepastaclaw]

Force-pushed to remove 5 commits that were unrelated to this backport (LLMQ test stability fixes and a shareman->RegisterRecoveryInterface() bug fix). These were incorrectly committed to this branch by automated CI-fix workers that didn't check whether failures were caused by this PR's changes vs pre-existing flakiness.

Removed commits:

• 4def8f3 test: fix flaky LLMQ signing test
• 4b8b81f test: fix LLMQ signing test timing for spork21 concentrated sends
• 2b59080 test: wait for recovered sig propagation before stability check
• b03ccf3 test: cap mocktime advance in LLMQ signing test to prevent session cleanup
• a80c46c fix: restore shareman recovery listener, fix zmq test IS lock timing

Where they went:

• LLMQ test fixes → covered by existing test: fix flaky LLMQ signing recovery timeout #7233
• shareman bug → filed as fix: missing shareman->RegisterRecoveryInterface() in ActiveContext::Start #7243

Remaining: 9 commits (5 upstream cherry-picks + 4 Dash adaptation fixes), all wallet/RPC scope.

[thepastaclaw]

Force-pushed: squashed the 4 adaptation commits (remove MatchesType, add bool TMPL_INST, fix test assertions, restore bool TMPL_INST) into a single clean commit: 5207f5a3c0 "fix: adapt wallet deprecation backports for Dash".

Branch is now 5 upstream cherry-picks + 1 adaptation commit (6 total, down from 9).

[thepastaclaw]

Force-pushed again: folded all adaptations into their respective merge commits.

• rpc: Add MaybeArg() and Arg() default helper bitcoin/bitcoin#28230 — MatchesType removal (depends on unbackported refactor: Run type check against RPCArgs (1/2) bitcoin/bitcoin#26039) now inside the merge commit
• RPC: access RPC arguments by name bitcoin/bitcoin#29277 — scantxoutset test assertion fix inside the merge commit
• wallet: No BDB creation, unless -deprecatedrpc=create_bdb bitcoin/bitcoin#28597 — bool TMPL_INST + wallet_createwallet test fix inside the merge commit

Branch is now 5 clean cherry-picks with no separate fix commits. Same tree as before (git diff is empty).

[thepastaclaw]

Force-pushed: complete rebuild with proper prerequisite chain.

New commit order (8 commits):

1. b06f0bf146 — Merge build: Include qt sources for parsing with extract_strings.py bitcoin/bitcoin#22764: build: Include qt sources for parsing
2. 6b589b8197 — Merge wallet: Add a deprecation warning for newly created legacy wallets bitcoin/bitcoin#24505: wallet: Add deprecation warning for legacy wallets
3. 835ae78f77 — refactor: Set RPCArg options with designated initializers bitcoin/bitcoin#26074: rpc: Set RPCArg options with designated initializers (new prereq)
4. 14d2e0d5d9 — refactor: Run type check against RPCArgs (1/2) bitcoin/bitcoin#26039 (1/2): test: Fix wrong types passed to RPCs (new prereq)
5. 2e407fab2e — refactor: Run type check against RPCArgs (1/2) bitcoin/bitcoin#26039 (2/2): rpc: Run type check against RPCArgs (new prereq)
6. 9c9da2eb44 — Merge rpc: Add MaybeArg() and Arg() default helper bitcoin/bitcoin#28230: rpc: Add MaybeArg() and Arg() default helper
7. 3cafabb828 — Merge RPC: access RPC arguments by name bitcoin/bitcoin#29277: RPC: access RPC arguments by name
8. 8facd0e4f4 — Merge wallet: No BDB creation, unless -deprecatedrpc=create_bdb bitcoin/bitcoin#28597: wallet: No BDB creation, unless -deprecatedrpc=create_bdb

What changed: Instead of deleting the RPCArg::MatchesType() type-checking block from bitcoin#28230 (which was a hack around a missing prereq), we now properly backport the two prerequisite PRs:

• refactor: Set RPCArg options with designated initializers bitcoin/bitcoin#26074 introduces RPCArgOptions struct (consolidates constructor params)
• refactor: Run type check against RPCArgs (1/2) bitcoin/bitcoin#26039 adds RPCArg::MatchesType() for automatic RPC argument type checking

Adaptations folded into merge commits (obvious/clear):

• RPC: access RPC arguments by name bitcoin/bitcoin#29277: scantxoutset test assertion update
• wallet: No BDB creation, unless -deprecatedrpc=create_bdb bitcoin/bitcoin#28597: bool TMPL_INST + wallet_createwallet test fix

Build verified: make -j12 succeeds.

[thepastaclaw]

Code Review

The blocking findings about missing skip_type_check on Dash-specific RPCs are confirmed and represent real regressions for JSON-RPC clients sending numeric block heights. The ParseBlockIndex catch-all error masking is also confirmed. Most other findings are either upstream code (not reviewable in a backport) or false positives.

Reviewed commit: 8facd0e

🔴 3 blocking | 🟡 1 suggestion(s) | 💬 1 nitpick(s)

4 additional findings

🔴 blocking: protx diff baseBlock/block args reject numeric heights over JSON-RPC

src/rpc/evo.cpp (lines 1625-1626)

Both baseBlock and block are declared as RPCArg::Type::STR without skip_type_check. The new automatic type checking in HandleRequest() (line 516-526) maps Type::STR to UniValue::VSTR and rejects VNUM values before ParseBlock() is ever called. ParseBlock() (line 1591) explicitly handles v.isNum(), confirming numeric values are intended to work. JSON-RPC clients sending {"params": ["diff", 1000, 2000]} will get a type error. CLI clients are unaffected because baseBlock/block have no entry in client.cpp's conversion table, so the CLI sends them as strings. Compare with getblockstats (blockchain.cpp:2022-2026) and gettxoutsetinfo (blockchain.cpp:1145-1149) which correctly use skip_type_check = true for their mixed hash-or-height args.

💡 Suggested change

{"baseBlock", RPCArg::Type::STR, RPCArg::Optional::NO, "The starting block hash or height.", RPCArgOptions{.skip_type_check = true}},
            {"block", RPCArg::Type::STR, RPCArg::Optional::NO, "The ending block hash or height.", RPCArgOptions{.skip_type_check = true}},

🔴 blocking: protx listdiff has same missing skip_type_check as protx diff

src/rpc/evo.cpp (lines 1666-1667)

Same issue as protx diff. baseBlock and block declared as RPCArg::Type::STR without skip_type_check. JSON-RPC clients sending numeric heights will be rejected by automatic type validation before ParseBlockIndex() → ParseBlock() can process them.

💡 Suggested change

{"baseBlock", RPCArg::Type::STR, RPCArg::Optional::NO, "The starting block hash or height.", RPCArgOptions{.skip_type_check = true}},
                       {"block", RPCArg::Type::STR, RPCArg::Optional::NO, "The ending block hash or height.", RPCArgOptions{.skip_type_check = true}},

🔴 blocking: evodb verify/repair reject numeric heights despite help examples showing them

src/rpc/evo.cpp (lines 1842-1843)

Both startBlock and stopBlock are declared as RPCArg::Type::STR without skip_type_check. The RPC help examples (line 1863) explicitly demonstrate numeric usage: HelpExampleRpc("evodb", "\"verify\", 1000, 2000"). JSON-RPC clients following the documented examples will hit a type error. Same root cause as protx diff/listdiff — automatic type checking rejects VNUM when VSTR is expected, before ParseBlock() can handle the numeric value. This applies to both evodb verify and evodb repair (line 1880-1881).

💡 Suggested change

{"startBlock", RPCArg::Type::STR, RPCArg::Optional::OMITTED, "The starting block hash or height (defaults to DIP0003 activation height).", RPCArgOptions{.skip_type_check = true}},
            {"stopBlock", RPCArg::Type::STR, RPCArg::Optional::OMITTED, "The ending block hash or height (defaults to current chain tip).", RPCArgOptions{.skip_type_check = true}},

🟡 suggestion: ParseBlockIndex catch-all swallows specific 'Block not found' error

src/rpc/evo.cpp (lines 1607-1617)

The catch(...) on line 1614 catches all exceptions, including the specific "Block %s with hash %s not found" error thrown on line 1611 when LookupBlockIndex returns null. A user who supplies a syntactically valid block hash that isn't in the index gets the generic "must be a block hash or chain height" message instead of the specific "Block not found" message. Fix: move the LookupBlockIndex call and null check outside the try/catch, or narrow the catch to only wrap ParseBlock().

🤖 Prompt for all review comments with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `src/rpc/evo.cpp`:
- [BLOCKING] lines 1625-1626: protx diff baseBlock/block args reject numeric heights over JSON-RPC
  Both `baseBlock` and `block` are declared as `RPCArg::Type::STR` without `skip_type_check`. The new automatic type checking in `HandleRequest()` (line 516-526) maps `Type::STR` to `UniValue::VSTR` and rejects `VNUM` values before `ParseBlock()` is ever called. `ParseBlock()` (line 1591) explicitly handles `v.isNum()`, confirming numeric values are intended to work. JSON-RPC clients sending `{"params": ["diff", 1000, 2000]}` will get a type error. CLI clients are unaffected because `baseBlock`/`block` have no entry in `client.cpp`'s conversion table, so the CLI sends them as strings. Compare with `getblockstats` (blockchain.cpp:2022-2026) and `gettxoutsetinfo` (blockchain.cpp:1145-1149) which correctly use `skip_type_check = true` for their mixed hash-or-height args.
- [BLOCKING] lines 1666-1667: protx listdiff has same missing skip_type_check as protx diff
  Same issue as protx diff. `baseBlock` and `block` declared as `RPCArg::Type::STR` without `skip_type_check`. JSON-RPC clients sending numeric heights will be rejected by automatic type validation before `ParseBlockIndex()` → `ParseBlock()` can process them.
- [BLOCKING] lines 1842-1843: evodb verify/repair reject numeric heights despite help examples showing them
  Both `startBlock` and `stopBlock` are declared as `RPCArg::Type::STR` without `skip_type_check`. The RPC help examples (line 1863) explicitly demonstrate numeric usage: `HelpExampleRpc("evodb", "\"verify\", 1000, 2000")`. JSON-RPC clients following the documented examples will hit a type error. Same root cause as protx diff/listdiff — automatic type checking rejects `VNUM` when `VSTR` is expected, before `ParseBlock()` can handle the numeric value. This applies to both `evodb verify` and `evodb repair` (line 1880-1881).
- [SUGGESTION] lines 1607-1617: ParseBlockIndex catch-all swallows specific 'Block not found' error
  The `catch(...)` on line 1614 catches all exceptions, including the specific `"Block %s with hash %s not found"` error thrown on line 1611 when `LookupBlockIndex` returns null. A user who supplies a syntactically valid block hash that isn't in the index gets the generic `"must be a block hash or chain height"` message instead of the specific `"Block not found"` message. Fix: move the `LookupBlockIndex` call and null check outside the try/catch, or narrow the catch to only wrap `ParseBlock()`.

[thepastaclaw]

💬 Nitpick: Global deprecatedrpc=create_bdb prevents testing the deprecation error path

Setting deprecatedrpc=create_bdb globally for all test nodes means no functional test will exercise the code path that returns the deprecation error when creating BDB wallets without the flag. This is a pragmatic choice to avoid breaking existing legacy wallet tests, but it means the deprecation enforcement logic is untested in the functional test suite. Consider adding a dedicated test that verifies the deprecation error fires when the flag is absent.

_{source: ['claude']}

[thepastaclaw]

Code Review

The 4 incremental commits are correct. skip_type_check additions for evo RPCs are properly applied, getrawtransaction bool migration is complete, ParseBlockIndex catch-all removal is safe, and the RPCArg const removal is a clean upstream backport. No blocking issues found — only minor test hygiene suggestions.

Reviewed commit: 04e96e7

🟡 2 suggestion(s)

🤖 Prompt for all review comments with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `test/functional/test_framework/test_framework.py`:
- [SUGGESTION] line 1276: Pre-existing: collateral_vout has the same falsy-value bug that was fixed for operator_reward
  The operator_reward fix here correctly changed `operator_reward or self.operator_reward` to `operator_reward if operator_reward is not None else self.operator_reward`. However, `collateral_vout` at line 1271 still uses `collateral_vout or self.collateral_vout` — vout index 0 is valid but falsy. Worth fixing in a follow-up since the pattern bug was already identified and fixed for operator_reward in this same function.

In `test/functional/rpc_rawtransaction.py`:
- [SUGGESTION] lines 116-119: Duplicate assertion and missing negative tests after integer verbose removal
  Cases 3 and 4 now have identical first assertions (`getrawtransaction(txId, True)["hex"]`). Case 4's only unique value is testing `getrawtransactionmulti` with named args — consider removing the duplicate `getrawtransaction` call or updating the comment to clarify the intent.

Also, since type checking now rejects integers for BOOL params, the removed integer tests (0, 1) could be converted to negative test cases (asserting they raise type errors), similar to the existing string tests at lines 127-130.

[thepastaclaw]

🟡 Suggestion: Pre-existing: collateral_vout has the same falsy-value bug that was fixed for operator_reward

The operator_reward fix here correctly changed operator_reward or self.operator_reward to operator_reward if operator_reward is not None else self.operator_reward. However, collateral_vout at line 1271 still uses collateral_vout or self.collateral_vout — vout index 0 is valid but falsy. Worth fixing in a follow-up since the pattern bug was already identified and fixed for operator_reward in this same function.

_{source: ['claude']}

🤖 Fix this with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `test/functional/test_framework/test_framework.py`:
- [SUGGESTION] line 1276: Pre-existing: collateral_vout has the same falsy-value bug that was fixed for operator_reward
  The operator_reward fix here correctly changed `operator_reward or self.operator_reward` to `operator_reward if operator_reward is not None else self.operator_reward`. However, `collateral_vout` at line 1271 still uses `collateral_vout or self.collateral_vout` — vout index 0 is valid but falsy. Worth fixing in a follow-up since the pattern bug was already identified and fixed for operator_reward in this same function.

[thepastaclaw]

🟡 Suggestion: Duplicate assertion and missing negative tests after integer verbose removal

Cases 3 and 4 now have identical first assertions (getrawtransaction(txId, True)["hex"]). Case 4's only unique value is testing getrawtransactionmulti with named args — consider removing the duplicate getrawtransaction call or updating the comment to clarify the intent.

Also, since type checking now rejects integers for BOOL params, the removed integer tests (0, 1) could be converted to negative test cases (asserting they raise type errors), similar to the existing string tests at lines 127-130.

_{source: ['claude', 'claude-backport']}

🤖 Fix this with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `test/functional/rpc_rawtransaction.py`:
- [SUGGESTION] lines 116-119: Duplicate assertion and missing negative tests after integer verbose removal
  Cases 3 and 4 now have identical first assertions (`getrawtransaction(txId, True)["hex"]`). Case 4's only unique value is testing `getrawtransactionmulti` with named args — consider removing the duplicate `getrawtransaction` call or updating the comment to clarify the intent.

Also, since type checking now rejects integers for BOOL params, the removed integer tests (0, 1) could be converted to negative test cases (asserting they raise type errors), similar to the existing string tests at lines 127-130.

[thepastaclaw]

Code Review

Both findings are correctly identified issues but neither warrants a PR comment. The ParseBlock h<1 finding is pre-existing (not introduced in this delta) and must be dropped per incremental review policy. The positional-integer test suggestion exercises the same RPC type-checking codepath as the existing named-arg test, providing negligible additional coverage.

Reviewed commit: 4a0dab8