wallet/rpc: fix listdescriptors RPC fails to return descriptors with private key information when wallet contains descriptors missing any key #32471

Eunovo commented at 1:26 PM on May 12, 2025: contributor

TLDR: Currently, listdescriptors [private=true] will fail for a non-watch-only wallet if any descriptor has a missing private key(e.g tr(), multi(), etc.). This PR changes that while making sure listdescriptors [private=true] still fails if there no private keys. Closes #32078

In non-watch-only wallets, it's possible to import descriptors as long as at least one private key is included. It's important that users can still view these descriptors when they need to create a backup—even if some private keys are missing (#32078 (comment)). This change makes it possible to do so.

This change also helps prevent listdescriptors true from failing completely, because one descriptor is missing some private keys.

Notes

The new behaviour is applied to all descriptors including miniscript descriptors
listdescriptors true still fails for watch-only wallets to preserve existing behaviour #24361 (review)
Wallet migration logic previously used Descriptor::ToPrivateString() to determine which descriptor was watchonly. This means that modifying the ToPrivateString() behaviour caused descriptors that were previously recognized as "watchonly" to be "non-watchonly". In order to keep the scope of this PR limited to the RPC behaviour, this PR uses a different method to determine watchonly descriptors for the purpose of wallet migration. A follow-up PR can be opened to update migration logic to exclude descriptors with some private keys from the watchonly migration wallet.

Relevant PRs

#24361 #32186

Testing

Functional tests were added to test the new behaviour

EDIT listdescriptors [private=true] will still fail when there are no private keys because non-watchonly wallets must have private keys and calling listdescriptors [private=true] for watchonly wallet returns an error

DrahtBot commented at 1:26 PM on May 12, 2025: contributor

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32471.

Reviews

See the guideline for information on the review process.

Type	Reviewers
ACK	Sjors, achow101, w0xlt, rkrux
Concept NACK	vicjuma

If your review is incorrectly listed, please copy-paste <code></code> into the comment that the bot should ignore.

Conflicts

Reviewers, this pull request conflicts with the following ones:

#32489 (wallet: Add exportwatchonlywallet RPC to export a watchonly version of a wallet by achow101)
#31713 (miniscript refactor: Remove unique_ptr-indirection by hodlinator)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

LLM Linter (✨ experimental)

Possible typos and grammar issues:

at least one private key available. -> at least one private key is available. [Missing verb "is" makes the sentence ungrammatical.]

Possible places where named args for integral literals may be used (e.g. func(x, /*named_arg=*/0) in C++, and func(x, named_arg=0) in Python):

assert_raises_rpc_error(-4, 'Can't get private descriptor string for watch-only wallets', watch_only_wallet.listdescriptors, True) in test/functional/wallet_listdescriptors.py

2026-01-07

fanquake commented at 1:35 PM on May 12, 2025: member

/Users/runner/work/bitcoin/bitcoin/src/test/fuzz/miniscript.cpp:1040:42: error: no matching member function for call to 'ToString'
    std::optional<std::string> str{node->ToString(parser_ctx)};
                                   ~~~~~~^~~~~~~~
/Users/runner/work/bitcoin/bitcoin/src/script/miniscript.h:830:17: note: candidate function template not viable: requires 2 arguments, but 1 was provided
    std::string ToString(const CTx& ctx, bool& has_priv_key) const {
                ^
/Users/runner/work/bitcoin/bitcoin/src/test/fuzz/miniscript.cpp:1248:31: error: no matching member function for call to 'ToString'
    const auto str2 = parsed->ToString(parser_ctx);
                      ~~~~~~~~^~~~~~~~
/Users/runner/work/bitcoin/bitcoin/src/script/miniscript.h:830:17: note: candidate function template not viable: requires 2 arguments, but 1 was provided
    std::string ToString(const CTx& ctx, bool& has_priv_key) const {
                ^
2 errors generated.

DrahtBot added the label CI failed on May 12, 2025

DrahtBot commented at 1:38 PM on May 12, 2025: contributor

🚧 At least one of the CI tasks failed. Task tidy: https://github.com/bitcoin/bitcoin/runs/42059781761 LLM reason (✨ experimental): The CI failure is due to build errors in miniscript.cpp related to the ToString function call.

<details><summary>Hints</summary>

Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.
An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

</details>

Eunovo marked this as a draft on May 12, 2025

Eunovo commented at 1:51 PM on May 12, 2025: contributor

Putting draft while I fix some issues with the fuzz tests

Eunovo force-pushed on May 12, 2025

Eunovo force-pushed on May 13, 2025

DrahtBot removed the label CI failed on May 13, 2025

Eunovo marked this as ready for review on May 13, 2025

Eunovo commented at 4:02 PM on May 13, 2025: contributor

cc @rkrux @sipa

achow101 commented at 5:32 PM on May 13, 2025: member

Concept NACK

The purpose of the private argument is to show the private keys. If there are no private keys to show, I think it is a reasonable error to say that, rather than just showing the public descriptors. I think changing the behavior could result in a footgun where people use it thinking that they are being shown private keys when they actually are not.

vicjuma commented at 5:40 PM on May 13, 2025: none

Concept NACK

It's unclear why someone should receive public keys with private=true. Why not just use the default command, bitcoin-cli listdescriptors, which already shows public keys? I assume the user is certain about the nature of the descriptors they have in their wallet. Maybe if I do not fully understand this PR.

rkrux commented at 6:10 PM on May 13, 2025: contributor

If there are no private keys to show, I think it is a reasonable error to say that, rather than just showing the public descriptors.

I have not checked this PR yet but the original intention came from this issue: #32078 (comment)

The idea was to show results for descriptors that don't have all the private keys but do have at least one. This is not for the case when the descriptor doesn't have any private key.

I do like how the importdescriptors RPC returns a warning when the descriptor contains partial private keys: #32078 (comment). Maybe a similar warning can be returned in this case for listdescriptors true as well - to avoid the footgun.

[
  {
    "success": true,
    "warnings": [
      "Not all private keys provided. Some wallet functionality may return unexpected errors"
    ]
  }
]

Also, if the importdescriptors RPC allows importing a descriptor with partial private keys, then it seems reasonable to me to list that descriptor in the response of listdescriptors true with those partial private keys. Is there any other way to see those partial private keys?

Regardless of the above point, I do feel that preventing listdescriptors true from failing completely in the case a descriptor is missing few private keys is helpful for the user as the other descriptors with all the private keys will be returned in the response.

This change also helps prevent listdescriptors true from failing completely, because one descriptor is missing some private keys.

vicjuma commented at 6:29 PM on May 13, 2025: none

Maybe -rpcwallet=<wallet> will come in handy in this situation where you would have to use a different wallet for these situations to prevent the conflicts.

achow101 commented at 6:50 PM on May 13, 2025: member

The idea was to show results for descriptors that don't have all the private keys but do have at least one.

I think that's fine to show a result, but I don't think we should show any result if there are no private keys at all.

Eunovo commented at 6:19 AM on May 14, 2025: contributor

Concept NACK

The purpose of the private argument is to show the private keys. If there are no private keys to show, I think it is a reasonable error to say that, rather than just showing the public descriptors. I think changing the behavior could result in a footgun where people use it thinking that they are being shown private keys when they actually are not.

I think there has been a misunderstanding. There are private keys to show. This PR doesn't change the behaviour of listdescriptors true RPC to show any result when there are no private keys. Non-watchonly wallet descriptors must have at least one private key. The RPC still fails for watch only wallets

Eunovo commented at 6:22 AM on May 14, 2025: contributor

I think that's fine to show a result, but I don't think we should show any result if there are no private keys at all.

No result is shown if there are no private keys

Eunovo commented at 6:29 AM on May 14, 2025: contributor

It's unclear why someone should receive public keys with private=true. Why not just use the default command, bitcoin-cli listdescriptors, which already shows public keys? I assume the user is certain about the nature of the descriptors they have in their wallet. Maybe if I do not fully understand this PR.

It is possible to have descriptors with missing private keys in a non-watchonly wallet. importdescriptors only rejects descriptors without any private keys. Trying listdescriptors private=true in such a wallet will throw an error, preventing the user from being able to backup their descriptors. The default command only returns public information, I believe that modifying the default command to return private information sometimes will be the wrong decision. It's much better to allow private=true to work for these descriptors with some missing private keys.

Eunovo renamed this:
~~Fix listdescriptors true fails with 'Can't get descriptor string' in non-watch-only descriptor wallet~~
wallet/rpc: fix listdescriptors RPC fails to return descriptors with private key information when wallet contains descriptors missing any key
on May 14, 2025

rkrux commented at 1:02 PM on May 21, 2025: contributor

A similar problem happens in gethdkeys private=true as well and I think it's due to partial private keys when the following error is thrown:

➜  bitcoin git:(list-descriptors-with-partial-keys) ✗ bitcoinclireg -named gethdkeys private=true
error code: -1
error message:
map::at:  key not found

It appears to be coming from here when the xprv corresponding to the xpub can't be found: https://github.com/bitcoin/bitcoin/blob/7763e86afa045910a14ac9b2cd644927a447370b/src/wallet/rpc/wallet.cpp#L822

It's due to mismatch in the count of wallet_xprvs and wallet_xpubs calculated in the previous loop over spkms. I can create a separate issue later.

rkrux commented at 1:30 PM on July 16, 2025: contributor

Concept ACK bb14e8ac7d38f3698d76ea3d6dce09e1387d59f3

Started reviewing the PR.

in src/script/descriptor.h:127 in a0a458965c outdated

 115 | +    /** Convert the descriptor to a private string. This uses public keys if the relevant private keys are not in the SigningProvider.
 116 | +     *  If none of the relevant private keys are available, the output string in the "out" parameter will not contain any private key information,
 117 | +     *  and this function will return "false".
 118 | +     *  @param[in] provider The SigningProvider to query for private keys.
 119 | +     *  @param[out] out The resulting descriptor string, containing private keys if available.
 120 | +     */

rkrux commented at 2:37 PM on July 16, 2025:

In a0a458965c944434b1f3e4d83277257793435edb "descriptor: ToPrivateString() pass if at least 1 priv key exists"

+ [@return](/bitcoin-bitcoin/contributor/return/) true if at least one private key available

Eunovo commented at 3:15 PM on July 18, 2025:

Done

in src/script/descriptor.cpp:709 in a0a458965c outdated

 706 |  
 707 |      bool ToPrivateString(const SigningProvider& arg, std::string& out) const override
 708 |      {
 709 | -        bool ret = ToStringHelper(&arg, out, StringType::PRIVATE);
 710 | +        bool has_priv_key;
 711 | +        assert(ToStringHelper(&arg, out, StringType::PRIVATE, has_priv_key));

rkrux commented at 2:43 PM on July 16, 2025:

In a0a458965c944434b1f3e4d83277257793435edb "descriptor: ToPrivateString() pass if at least 1 priv key exists"

Fine to add assert here because for all intents and purposes I don't suppose there would ever be a case where ToStringHelper returns false here. Perhaps we can add a helpful assert message here for debugging purposes?

- assert(ToStringHelper(&arg, out, StringType::PRIVATE, has_priv_key));
+ assert(ToStringHelper(&arg, out, StringType::PRIVATE, has_priv_key), "");

rkrux commented at 2:15 PM on July 17, 2025:

In a0a458965c944434b1f3e4d83277257793435edb "descriptor: ToPrivateString() pass if at least 1 priv key exists"

This would also aid readability because under no condition has_priv_key can be false here.

Assume(has_priv_key);

Eunovo commented at 3:16 PM on July 18, 2025:

I couldn't add an assert message, but I added a comment.

Eunovo commented at 3:20 PM on July 18, 2025:

I'm confused here. Can you clarify what you're suggesting?

rkrux commented at 4:01 PM on July 18, 2025:

I had something like this in mind because in all the descriptors that can be added in a non-watch-only wallet, there must be at least 1 private key that is available. So, it seemed reasonable to me to add an Assume here on has_priv_key being true. I don't suppose ToPrivateString function would be called in any case for a watch-only wallet.

diff --git a/src/script/descriptor.cpp b/src/script/descriptor.cpp
index bd85ddd9e2..b22bf3fa4a 100644
--- a/src/script/descriptor.cpp
+++ b/src/script/descriptor.cpp
@@ -710,6 +710,7 @@ public:
         // ToStringHelper should never fail for StringType::PRIVATE,
         // because it falls back to StringType::PUBLIC when no private ke
y is available.
         assert(ToStringHelper(&arg, out, StringType::PRIVATE, &has_priv_k
ey));
+        Assume(has_priv_key);
         out = AddChecksum(out);
         return has_priv_key;
     }

The descriptor_tests unit test did fail for one case when I used an assert instead, the functional tests though pass on my system. Maybe I have missed some use case due to which it fails.

test/descriptor_tests.cpp:212: info: check parse_priv->ToPrivateString(keys_priv, prv1) has passed
test/descriptor_tests.cpp:216: info: check 'Private ser: combo(L4rK1yDtCWekvXuE6oXD9jCYfFNV2cWRpVuPLBcCU2z8TrisoyY1)#p5326pcv Private desc: combo(L4rK1yDtCWekvXuE6oXD9jCYfFNV2cWRpVuPLBcCU2z8TrisoyY1)' has passed
Assertion failed: (has_priv_key), function ToPrivateString, file descriptor.cpp, line 713.
unknown location:0: fatal error: in "descriptor_tests/descriptor_test": signal: SIGABRT (application abort requested)
test/descriptor_tests.cpp:218: last checkpoint
test/descriptor_tests.cpp:518: Leaving test case "descriptor_test"; testing time: 1795us

ISTM that the unit test case is more contrived than the functional tests as the below check fails.

BOOST_CHECK(!parse_priv->ToPrivateString(keys_pub, prv1));

You can ignore if this doesn't make sense.

Eunovo commented at 9:48 AM on July 19, 2025:

ToPrivateString will be called on a non-watch-only wallet when the user tries RPC listdescriptors[private=true]. In this case, has_priv_key will be false and the RPC call should fail as expected.

rkrux commented at 11:51 AM on July 21, 2025:

Sorry but I don't understand how the second statement follows the first one above. For a non-watch-only wallet, isn't it guaranteed that there must be at least one private key, which should turn has_priv_key to true?

Eunovo commented at 7:35 AM on July 22, 2025:

I forgot about the guard I added in https://github.com/bitcoin/bitcoin/pull/32471/commits/4202dca524aeef13e09380804c483d7c5402092d

You are right in the sense that it's not possible for a watch-only to even get to ToPrivateString() through the rpc; we could assert has_priv_key here. However, the descriptor unit tests often call ToPrivateString() on watch-only descriptors; asserting has_priv_key causes the tests to fail.

Eunovo commented at 7:38 AM on July 22, 2025:

To add this assertion, we will have to remove those checks, and I haven't seen the advantage in doing that.

rkrux commented at 9:47 AM on July 22, 2025:

However, the descriptor unit tests often call ToPrivateString() on watch-only descriptors

Yeah, I don't know why this was done.

To add this assertion, we will have to remove those checks, and I haven't seen the advantage in doing that.

Agree, doesn't need to be done right now.

in src/script/miniscript.h:847 in a0a458965c outdated

 840 | @@ -840,10 +841,16 @@ struct Node {
 841 |                      (node.fragment == Fragment::OR_I && node.subs[0]->fragment == Fragment::JUST_0) ||
 842 |                      (node.fragment == Fragment::OR_I && node.subs[1]->fragment == Fragment::JUST_0));
 843 |          };
 844 | +        auto toString = [&ctx, &has_priv_key](Key key) -> std::string {
 845 | +            bool tmp{false};
 846 | +            auto key_str{ctx.ToString(key, tmp)};
 847 | +            has_priv_key |= tmp;

rkrux commented at 2:44 PM on July 16, 2025:

In a0a458965c944434b1f3e4d83277257793435edb "descriptor: ToPrivateString() pass if at least 1 priv key exists"

Not a bug but bitwise or for boolean operations is not ideal.

- has_priv_key |= tmp;
+ has_priv_key = has_priv_key || tmp;

Eunovo commented at 3:16 PM on July 18, 2025:

Done

in test/functional/wallet_listdescriptors.py:158 in bb14e8ac7d outdated

 153 | +                {'active': False,
 154 | +                 'desc': miniscript_desc,
 155 | +                 'timestamp': TIME_GENESIS_BLOCK},
 156 | +            ],
 157 | +        }
 158 | +        assert_equal(expected, wallet.listdescriptors(True))

rkrux commented at 2:47 PM on July 16, 2025:

In bb14e8ac7d38f3698d76ea3d6dce09e1387d59f3 "test: Test listdescs with priv works even with missing priv keys"

Nit: I prefer to only check for the data that we really want to assert on, helps in keeping the tests code cleaner as well besides being minutely faster. Checking desc for every imported descriptor in this case.

Eunovo commented at 3:16 PM on July 18, 2025:

Done

in src/script/descriptor.cpp:492 in a0a458965c outdated

 487 | @@ -485,7 +488,10 @@ class BIP32PubkeyProvider final : public PubkeyProvider
 488 |      bool ToPrivateString(const SigningProvider& arg, std::string& out) const override
 489 |      {
 490 |          CExtKey key;
 491 | -        if (!GetExtKey(arg, key)) return false;
 492 | +        if (!GetExtKey(arg, key)) {
 493 | +            out = ToString();

rkrux commented at 2:54 PM on July 16, 2025:

In a0a458965c944434b1f3e4d83277257793435edb "descriptor: ToPrivateString() pass if at least 1 priv key exists"

Nit: To keep it consistent with the other pubkey providers and to make it explicit here. Though a default is specified in ToString.

- out = ToString();
+ out = ToString(StringType::PUBLIC);

Eunovo commented at 3:16 PM on July 18, 2025:

Done

in src/script/descriptor.cpp:264 in a0a458965c outdated

 254 | @@ -255,9 +255,9 @@ class OriginPubkeyProvider final : public PubkeyProvider
 255 |      bool ToPrivateString(const SigningProvider& arg, std::string& ret) const override

rkrux commented at 12:52 PM on July 17, 2025:

In a0a458965c944434b1f3e4d83277257793435edb "descriptor: ToPrivateString() pass if at least 1 priv key exists"

It would be helpful to update the function doc in PubkeyProvider struct to mention the new behaviour.

Eunovo commented at 3:16 PM on July 18, 2025:

Done

in src/script/descriptor.cpp:702 in a0a458965c outdated

 697 | @@ -686,20 +698,23 @@ class DescriptorImpl : public Descriptor
 698 |      std::string ToString(bool compat_format) const final
 699 |      {
 700 |          std::string ret;
 701 | -        ToStringHelper(nullptr, ret, compat_format ? StringType::COMPAT : StringType::PUBLIC);
 702 | +        bool has_priv_key;
 703 | +        ToStringHelper(nullptr, ret, compat_format ? StringType::COMPAT : StringType::PUBLIC, has_priv_key);

rkrux commented at 1:04 PM on July 17, 2025:

In https://github.com/bitcoin/bitcoin/commit/a0a458965c944434b1f3e4d83277257793435edb "descriptor: ToPrivateString() pass if at least 1 priv key exists"

- bool has_priv_key;
- ToStringHelper(nullptr, ret, compat_format ? StringType::COMPAT : StringType::PUBLIC, has_priv_key);
+ bool dummy;
+ ToStringHelper(nullptr, ret, compat_format ? StringType::COMPAT : StringType::PUBLIC, dummy);

Because there is no use of this variable in ToString. Same for ToNormalizedString function down below.

An alternative could be to use a pointer for has_priv_key instead of reference because, as noted here, there are use cases for nullptr. The ToStringHelper would need to accordingly check for the presence of pointer value though.

Eunovo commented at 3:18 PM on July 18, 2025:

ToStringHelper now accepts a pointer to has_priv_key in https://github.com/bitcoin/bitcoin/pull/32471/commits/2a1f1f0e32829af43436eb4220164c1be86229bb It does look cleaner, but there's a need to check for nullptr now.

in src/script/miniscript.h:846 in a0a458965c outdated

 840 | @@ -840,10 +841,16 @@ struct Node {
 841 |                      (node.fragment == Fragment::OR_I && node.subs[0]->fragment == Fragment::JUST_0) ||
 842 |                      (node.fragment == Fragment::OR_I && node.subs[1]->fragment == Fragment::JUST_0));
 843 |          };
 844 | +        auto toString = [&ctx, &has_priv_key](Key key) -> std::string {
 845 | +            bool tmp{false};
 846 | +            auto key_str{ctx.ToString(key, tmp)};

rkrux commented at 1:58 PM on July 17, 2025:

In a0a458965c944434b1f3e4d83277257793435edb "descriptor: ToPrivateString() pass if at least 1 priv key exists"

- bool tmp{false};
- auto key_str{ctx.ToString(key, tmp)};
+ bool fragment_has_private_key{false};
+ auto key_str{ctx.ToString(key, fragment_has_private_key)};

Eunovo commented at 3:18 PM on July 18, 2025:

Done

in src/script/descriptor.cpp:1720 in a0a458965c outdated

1714 | @@ -1700,8 +1715,9 @@ struct KeyParser {
1715 |          return key;
1716 |      }
1717 |  
1718 | -    std::optional<std::string> ToString(const Key& key) const
1719 | +    std::string ToString(const Key& key, bool& has_priv_key) const
1720 |      {
1721 | +        has_priv_key = false;

rkrux commented at 2:02 PM on July 17, 2025:

In a0a458965c944434b1f3e4d83277257793435edb "descriptor: ToPrivateString() pass if at least 1 priv key exists"

Maybe the pointer approach would avoid forcibly setting variables to false?

Eunovo commented at 3:19 PM on July 18, 2025:

Done

rkrux commented at 3:19 PM on July 17, 2025: contributor

Partial review bb14e8ac7d38f3698d76ea3d6dce09e1387d59f3

Eunovo force-pushed on Jul 18, 2025

in src/wallet/scriptpubkeyman.cpp:744 in 2551fdfdd6 outdated

 742 | +            if (GetKey(extpubkey.pubkey.GetID(), key)) {
 743 | +                privkey_count += 1;
 744 | +            }
 745 | +        }
 746 | +        size_t pubkey_count{pubkeys.size() + ext_pubkeys.size()};
 747 | +        bool watchonly{privkey_count == 0 || pubkey_count > privkey_count};

rkrux commented at 11:45 AM on July 21, 2025:

In 2551fdfdd662dfb4077c3059b437acf56bdbaf5b "wallet/migration: use count private key count to identify watchonly descs"

This evaluation of watchonly at a barebones level looks great to me! Though maybe we can put this inside a IsWatchOnly function in the Descriptor{Impl} class? Reading all these details in the migration flow might be distracting, and moreover this generic function might have its own use cases separate from this later. Following patch builds and tests fine on my system. I have added few minor renaming changes as well.

<details open> <summary>Descriptor IsWatchOnly()</summary>

diff --git a/src/script/descriptor.cpp b/src/script/descriptor.cpp
index bd85ddd9e2..bf67b8c43e 100644
--- a/src/script/descriptor.cpp
+++ b/src/script/descriptor.cpp
@@ -646,6 +646,31 @@ public:
         return false;
     }
 
+    bool IsWatchOnly(const SigningProvider& arg) const override
+    {
+        size_t privkey_count{0};
+        std::set<CPubKey> pubkeys;
+        std::set<CExtPubKey> ext_pubkeys;
+        this->GetPubKeys(pubkeys, ext_pubkeys);
+        auto output_type{this->GetOutputType()};
+        for (auto pubkey : pubkeys) {
+            CKey key;
+            if (arg.GetKey(pubkey.GetID(), key)) {
+                privkey_count += 1;
+            } else if (output_type.has_value() && *output_type == OutputType::BECH32M && arg.GetKeyByXOnly(XOnlyPubKey(pubkey), key)) {
+                privkey_count += 1;
+            }
+        }
+        for (auto extpubkey : ext_pubkeys) {
+            CKey dummy;
+            if (arg.GetKey(extpubkey.pubkey.GetID(), dummy)) {
+                privkey_count += 1;
+            }
+        }
+        size_t pubkey_count{pubkeys.size() + ext_pubkeys.size()};
+        return (privkey_count == 0 || pubkey_count > privkey_count);
+    }
+
     // NOLINTNEXTLINE(misc-no-recursion)
     virtual bool ToStringSubScriptHelper(const SigningProvider* arg, std::string& ret, const StringType type, bool* has_priv_key, const DescriptorCache* cache = nullptr) const
     {
diff --git a/src/script/descriptor.h b/src/script/descriptor.h
index 09e9840645..f2e40b7f7a 100644
--- a/src/script/descriptor.h
+++ b/src/script/descriptor.h
@@ -111,6 +111,9 @@ struct Descriptor {
     /** Whether this descriptor will return one scriptPubKey or multiple (aka is or is not combo) */
     virtual bool IsSingleType() const = 0;
 
+    /** Whether this descriptor doesn't contain any private key material */
+    virtual bool IsWatchOnly(const SigningProvider& provider) const = 0;
+
     /** Convert the descriptor to a private string. This uses public keys if the relevant private keys are not in the SigningProvider.
      *  If none of the relevant private keys are available, the output string in the "out" parameter will not contain any private key information,
      *  and this function will return "false".
diff --git a/src/wallet/scriptpubkeyman.cpp b/src/wallet/scriptpubkeyman.cpp
index 117fdd3a5e..e403bf3bbe 100644
--- a/src/wallet/scriptpubkeyman.cpp
+++ b/src/wallet/scriptpubkeyman.cpp
@@ -721,27 +721,7 @@ std::optional<MigrationData> LegacyDataSPKM::MigrateToDescriptor()
 
         std::vector<CScript> desc_spks;
 
-        size_t privkey_count{0};
-        std::set<CPubKey> pubkeys;
-        std::set<CExtPubKey> ext_pubkeys;
-        desc->GetPubKeys(pubkeys, ext_pubkeys);
-        auto output_type{desc->GetOutputType()};
-        for (auto pubkey : pubkeys) {
-            CKey key;
-            if (GetKey(pubkey.GetID(), key)) {
-                privkey_count += 1;
-            } else if (output_type.has_value() && *output_type == OutputType::BECH32M && GetKeyByXOnly(XOnlyPubKey(pubkey), key)) {
-                privkey_count += 1;
-            }
-        }
-        for (auto extpubkey : ext_pubkeys) {
-            CKey key;
-            if (GetKey(extpubkey.pubkey.GetID(), key)) {
-                privkey_count += 1;
-            }
-        }
-        size_t pubkey_count{pubkeys.size() + ext_pubkeys.size()};
-        bool watchonly{privkey_count == 0 || pubkey_count > privkey_count};
+        bool watchonly = desc->IsWatchOnly(*this);
         if (watchonly && !m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)) {
             out.watch_descs.emplace_back(desc->ToString(), creation_time);
 
diff --git a/src/wallet/test/walletload_tests.cpp b/src/wallet/test/walletload_tests.cpp
index 0c69849d0b..29f174be81 100644
--- a/src/wallet/test/walletload_tests.cpp
+++ b/src/wallet/test/walletload_tests.cpp
@@ -26,6 +26,7 @@ public:
     bool IsRange() const override { return false; }
     bool IsSolvable() const override { return false; }
     bool IsSingleType() const override { return true; }
+    bool IsWatchOnly(const SigningProvider&) const override { return false; }
     bool ToPrivateString(const SigningProvider& provider, std::string& out) const override { return false; }
     bool ToNormalizedString(const SigningProvider& provider, std::string& out, const DescriptorCache* cache = nullptr) const override { return false; }
     bool Expand(int pos, const SigningProvider& provider, std::vector<CScript>& output_scripts, FlatSigningProvider& out, DescriptorCache* write_cache = nullptr) const override { return false; };

</details>

Eunovo commented at 7:14 AM on July 22, 2025:

Nice idea. Added you as Co-author in the relevant commit.

Eunovo force-pushed on Jul 22, 2025

rkrux commented at 6:44 AM on July 30, 2025: contributor

Thanks for addressing the comments, I will take one final look and then a-c-k.

Tagging @furszy for review as he noticed this issue as well few months back.

in src/script/descriptor.h:114 in 2c0a84f1e2 outdated

 110 | @@ -111,6 +111,9 @@ struct Descriptor {
 111 |      /** Whether this descriptor will return one scriptPubKey or multiple (aka is or is not combo) */
 112 |      virtual bool IsSingleType() const = 0;
 113 |  
 114 | +    /** Whether this descriptor contains any private key material */

Sjors commented at 8:01 AM on July 30, 2025:

In 2c0a84f1e2ebe98bcf5066acb0de0ba5138c2101 descriptors: add IsWatchOnly(): this doesn't describe the actual behavior. IIUC:

/** Whether this descriptor is missing any private key material */

Eunovo commented at 7:52 PM on August 1, 2025:

Thanks for this. I've updated the comment.

in src/script/descriptor.cpp:640 in 2c0a84f1e2 outdated

 635 | +        auto output_type{this->GetOutputType()};
 636 | +        for (auto pubkey : pubkeys) {
 637 | +            CKey key;
 638 | +            if (arg.GetKey(pubkey.GetID(), key)) {
 639 | +                privkey_count += 1;
 640 | +            } else if (output_type.has_value() && *output_type == OutputType::BECH32M && arg.GetKeyByXOnly(XOnlyPubKey(pubkey), key)) {

Sjors commented at 8:19 AM on July 30, 2025:

In https://github.com/bitcoin/bitcoin/commit/2c0a84f1e2ebe98bcf5066acb0de0ba5138c2101 descriptors: add IsWatchOnly(): since c++17 you can safely compare std::optional<T> with T, see item 21 here: https://en.cppreference.com/w/cpp/utility/optional/operator_cmp.html

I also find it easier to read if privkey_count and pubkey_count are tracked in the same manner, but feel free to ignore:

diff --git a/src/script/descriptor.cpp b/src/script/descriptor.cpp
index 98ae29ceb3..a86b4743b3 100644
--- a/src/script/descriptor.cpp
+++ b/src/script/descriptor.cpp
@@ -628,26 +628,27 @@ public:

     bool IsWatchOnly(const SigningProvider& arg) const override
     {
+        size_t pubkey_count{0};
         size_t privkey_count{0};
         std::set<CPubKey> pubkeys;
         std::set<CExtPubKey> ext_pubkeys;
         this->GetPubKeys(pubkeys, ext_pubkeys);
-        auto output_type{this->GetOutputType()};
-        for (auto pubkey : pubkeys) {
-            CKey key;
-            if (arg.GetKey(pubkey.GetID(), key)) {
+        for (const CPubKey pubkey : pubkeys) {
+            pubkey_count++;
+            CKey dummy;
+            if (arg.GetKey(pubkey.GetID(), dummy)) {
                 privkey_count += 1;
-            } else if (output_type.has_value() && *output_type == OutputType::BECH32M && arg.GetKeyByXOnly(XOnlyPubKey(pubkey), key)) {
+            } else if (this->GetOutputType() == OutputType::BECH32M && arg.GetKeyByXOnly(XOnlyPubKey(pubkey), dummy)) {
                 privkey_count += 1;
             }
         }
-        for (auto extpubkey : ext_pubkeys) {
+        for (const CExtPubKey extpubkey : ext_pubkeys) {
+            pubkey_count++;
             CKey dummy;
             if (arg.GetKey(extpubkey.pubkey.GetID(), dummy)) {
                 privkey_count += 1;
             }
         }
-        size_t pubkey_count{pubkeys.size() + ext_pubkeys.size()};
         return (privkey_count == 0 || pubkey_count > privkey_count);
     }

Eunovo commented at 7:52 PM on August 1, 2025:

I didn't use this patch, but I put some effort into making the code more readable.

in src/test/miniscript_tests.cpp:191 in b32c2b290f outdated

 187 | @@ -188,7 +188,7 @@ struct KeyConverter {
 188 |          return g_testdata->pkmap.at(keyid);
 189 |      }
 190 |  
 191 | -    std::optional<std::string> ToString(const Key& key) const {
 192 | +    std::string ToString(const Key& key, bool* has_priv_key = nullptr) const {

Sjors commented at 8:44 AM on July 30, 2025:

In b32c2b290f8e4dcb7fe54ee4c81714a3785920a7 descriptor: ToPrivateString() pass if at least 1 priv key exists:

To preserve existing behaviour:

if (has_priv_key) *has_priv_key = true;

It's a bit worrying that the test passes whether I set this to false or true. But that's a pre-existing issue, as the following change to the original code doesn't break the test either:

diff --git a/src/test/miniscript_tests.cpp b/src/test/miniscript_tests.cpp
index 0a32727f37..0989f0c50a 100644
--- a/src/test/miniscript_tests.cpp
+++ b/src/test/miniscript_tests.cpp
@@ -189,7 +189,7 @@ struct KeyConverter {
     }

     std::optional<std::string> ToString(const Key& key) const {
-        return HexStr(ToPKBytes(key));
+        return {};
     }

     miniscript::MiniscriptContext MsContext() const {

cc @darosior

Eunovo commented at 8:06 PM on August 1, 2025:

has_priv_key is only relevant when ToPrivateString is called on an actual Descriptor instance. IIUC, this test doesn't do that, so the value of has_priv_key does not matter here. I'm not sure we should set it here, apart from the fact that it doesn't affect the test, the string returned doesn't have a private key.

Sjors commented at 8:52 AM on July 30, 2025: member

Mostly happy with d82dcf2eaa7efb3809ae559c8f97f74403a2ccd6, but in b32c2b290f8e4dcb7fe54ee4c81714a3785920a7 descriptor: ToPrivateString() pass if at least 1 priv key exists I find the miniscript change hard to follow (mostly because I find the miniscript code itself hard to follow). Can you split that out in a seperate commit that doesn't change behaviour?

Tested with https://github.com/Sjors/bitcoin/pull/91.

Also left some code style suggestions.

DrahtBot added the label Needs rebase on Jul 31, 2025

Eunovo force-pushed on Aug 1, 2025

DrahtBot added the label CI failed on Aug 1, 2025

DrahtBot commented at 2:41 PM on August 1, 2025: contributor

🚧 At least one of the CI tasks failed. Task ARM, unit tests, no functional tests: https://github.com/bitcoin/bitcoin/runs/47207844179 LLM reason (✨ experimental): The CI failure is caused by an assertion failure and subprocess abortion during a benchmark test, indicating a test-related error rather than a build or compilation issue.

<details><summary>Hints</summary>

Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.
An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

</details>

Eunovo force-pushed on Aug 1, 2025

DrahtBot removed the label Needs rebase on Aug 1, 2025

DrahtBot removed the label CI failed on Aug 1, 2025

Eunovo commented at 7:55 PM on August 1, 2025: contributor

Mostly happy with d82dcf2, but in b32c2b2 descriptor: ToPrivateString() pass if at least 1 priv key exists I find the miniscript change hard to follow (mostly because I find the miniscript code itself hard to follow). Can you split that out in a seperate commit that doesn't change behaviour?

I split the original commit into the following commits:

I'm not sure https://github.com/bitcoin/bitcoin/pull/32471/commits/d2b84af58073630f87df32a7b785971fe32cb9be makes the miniscript change in https://github.com/bitcoin/bitcoin/pull/32471/commits/49f41141c674f83d0b66262a5b21aad623704264 easier to follow. I still think they should be one commit, but let me know if it helps. @Sjors

in src/script/descriptor.cpp:862 in 64213213b3 outdated

 857 | +
 858 | +        for (auto pubkey : pubkeys) {
 859 | +            CKey key;
 860 | +            if (arg.GetKey(pubkey.GetID(), key)) {
 861 | +                privkey_count += 1;
 862 | +            } else if (output_type.has_value() && output_type == OutputType::BECH32M && arg.GetKeyByXOnly(XOnlyPubKey(pubkey), key)) {

Sjors commented at 12:03 PM on August 4, 2025:

In 64213213b3691c9d93de95f880f820a640cd3c35 descriptors: add IsWatchOnly(): nit: you don't need output_type.has_value()

Eunovo commented at 3:15 PM on August 8, 2025:

I rewrote the function, so this comment is now outdated.

in src/test/fuzz/miniscript.cpp:131 in 49f41141c6 outdated

 123 | @@ -124,10 +124,13 @@ struct ParserContext {
 124 |          return a < b;
 125 |      }
 126 |  
 127 | -    std::optional<std::string> ToString(const Key& key) const
 128 | +    std::string ToString(const Key& key, bool* has_priv_key) const
 129 |      {
 130 |          auto it = TEST_DATA.dummy_key_idx_map.find(key);
 131 | -        if (it == TEST_DATA.dummy_key_idx_map.end()) return {};
 132 | +        if (it == TEST_DATA.dummy_key_idx_map.end()) {

Sjors commented at 12:16 PM on August 4, 2025:

In 49f41141c674f83d0b66262a5b21aad623704264 descriptor: ToPrivateString() pass if at least 1 priv key exists: maybe for good measure:

*has_priv_key = false;

In both places it seems better to check that priv_key exists, even if that's always the case in this fuzzer. IIUC in that case you can leave out tmp{false} and just pass nullptr below.

Eunovo commented at 3:15 PM on August 8, 2025:

Done

Sjors approved

Sjors commented at 12:27 PM on August 4, 2025: member

ACK 45e06e05e7f8d638ecc91a1ba62e1b38a5133a2b

I find that the separation of 23431cde206bd6e18f274773f77bd914553bf2cc makes it easier to follow. The separation of https://github.com/bitcoin/bitcoin/commit/d2b84af58073630f87df32a7b785971fe32cb9be from https://github.com/bitcoin/bitcoin/commit/49f41141c674f83d0b66262a5b21aad623704264 is less useful, but fine by me. @achow101 can you update your concept opinion based on the updated behaviour? I think it makes sense to return a result if any private key is present in descriptor, rather than all.

DrahtBot requested review from rkrux on Aug 4, 2025

in src/script/descriptor.cpp:844 in 64213213b3 outdated

 840 | @@ -841,6 +841,38 @@ class DescriptorImpl : public Descriptor
 841 |          return true;
 842 |      }
 843 |  
 844 | +    bool IsWatchOnly(const SigningProvider& arg) const override

achow101 commented at 10:24 PM on August 6, 2025:

In 64213213b3691c9d93de95f880f820a640cd3c35 "descriptors: add IsWatchOnly()"

I think this function can be vastly simplified by calling GetPrivKey on all the PubkeyProvider, and IsWatchOnly on all subdescriptors.

nit: I don't like this function name since whether the descriptor is watchonly depends on the contents of the provided parameter. It's not a property like a Is* name implies. Watchonly also is not a property applied to descriptors as private keys are not actually part of the descriptor. Perhaps something like HavePrivateKeys instead.

Eunovo commented at 3:16 PM on August 8, 2025:

I was able to simplify the code as suggested, and I renamed it to HavePrivateKeys()

in src/script/descriptor.cpp:899 in 49f41141c6 outdated

 895 | @@ -896,24 +896,27 @@ class DescriptorImpl : public Descriptor
 896 |      }
 897 |  
 898 |      // NOLINTNEXTLINE(misc-no-recursion)
 899 | -    virtual bool ToStringSubScriptHelper(const SigningProvider* arg, std::string& ret, const StringType type, const DescriptorCache* cache = nullptr) const
 900 | +    virtual bool ToStringSubScriptHelper(const SigningProvider* arg, std::string& ret, const StringType type, bool* has_priv_key, const DescriptorCache* cache = nullptr) const

achow101 commented at 10:32 PM on August 6, 2025:

In 49f41141c674f83d0b66262a5b21aad623704264 "descriptor: ToPrivateString() pass if at least 1 priv key exists"

has_priv_key should be a reference not a pointer. The pointer-ness is never used in this function.

Eunovo commented at 3:18 PM on August 8, 2025:

The has_priv_key parameter has been removed.

in src/script/descriptor.cpp:928 in 49f41141c6 outdated

 924 | @@ -922,7 +925,8 @@ class DescriptorImpl : public Descriptor
 925 |                      if (!pubkey->ToNormalizedString(*arg, tmp, cache)) return false;
 926 |                      break;
 927 |                  case StringType::PRIVATE:
 928 | -                    if (!pubkey->ToPrivateString(*arg, tmp)) return false;
 929 | +                    assert(has_priv_key != nullptr);

achow101 commented at 10:33 PM on August 6, 2025:

In 49f41141c674f83d0b66262a5b21aad623704264 "descriptor: ToPrivateString() pass if at least 1 priv key exists"

If has_priv_key is never supposed to be null, then it should be a reference. Otherwise, this should be an if, we should not rely on caller behavior.

Eunovo commented at 3:19 PM on August 8, 2025:

Done.

in src/script/descriptor.cpp:961 in 49f41141c6 outdated

 954 | @@ -949,14 +955,17 @@ class DescriptorImpl : public Descriptor
 955 |  
 956 |      bool ToPrivateString(const SigningProvider& arg, std::string& out) const override
 957 |      {
 958 | -        bool ret = ToStringHelper(&arg, out, StringType::PRIVATE);
 959 | +        bool has_priv_key{false};
 960 | +        // ToStringHelper should never fail for StringType::PRIVATE,
 961 | +        // because it falls back to StringType::PUBLIC when no private key is available.
 962 | +        assert(ToStringHelper(&arg, out, StringType::PRIVATE, &has_priv_key));

achow101 commented at 10:36 PM on August 6, 2025:

In 49f41141c674f83d0b66262a5b21aad623704264 "descriptor: ToPrivateString() pass if at least 1 priv key exists"

asserts should not have side effects. If we are calling a function to actually do something, it should not be in an assert.

However, if the return value of ToStringHelper is always supposed to be true, then it should not be returning anything anyways. Furthermore, I don't see why ToStringHelper doesn't return whether the string has a private key, as we are doing in this function. That would allow us to drop has_priv_key from all of the function.

Eunovo commented at 3:21 PM on August 8, 2025:

I refactored the code as suggested and was able to drop has_priv_key from the parameter list. Now, has_priv_key is returned if type == StringType::PRIVATE.

achow101 commented at 10:44 PM on August 6, 2025: member

Concept ACK

Eunovo force-pushed on Aug 8, 2025

DrahtBot added the label CI failed on Aug 8, 2025

DrahtBot commented at 3:54 PM on August 8, 2025: contributor

🚧 At least one of the CI tasks failed. Task tidy: https://github.com/bitcoin/bitcoin/runs/47688035952 LLM reason (✨ experimental): The CI failure is caused by a clang-tidy error detecting recursive call chains in src/script/descriptor.cpp.

<details><summary>Hints</summary>

Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.
An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

</details>

DrahtBot removed the label CI failed on Aug 8, 2025

Eunovo commented at 4:03 AM on August 9, 2025: contributor

Thanks for the reviews! I have:

renamed IsWatchOnly() to HavePrivateKeys()
Added a test for HavePrivateKeys() to descriptor_tests
Removed the unnecessary asserts from ToStringHelper() and ToPrivateString()
Removed has_priv_key from ToStringHelper() and ToSubStringHelper() parameter lists

in src/script/descriptor.cpp:1432 in deed439bff outdated

1424 | @@ -1418,24 +1425,34 @@ class TRDescriptor final : public DescriptorImpl
1425 |      }
1426 |      bool ToStringSubScriptHelper(const SigningProvider* arg, std::string& ret, const StringType type, const DescriptorCache* cache = nullptr) const override
1427 |      {
1428 | -        if (m_depths.empty()) return true;
1429 | +        if (m_depths.empty()) {
1430 | +            // If there are no sub-descriptors and a PRIVATE string
1431 | +            // is requested, return `false` to indicate that the presence
1432 | +            // of a private key depends solely on the internal key, not on
1433 | +            // any sub-descriptor. This ensures correct behavior for

rkrux commented at 12:13 PM on August 11, 2025:

In deed439bff638abfc298a3b9c4f3d9f75fa18244 "descriptor: ToPrivateString() pass if at least 1 priv key exists"

Micro nit if retouched

-            // of a private key depends solely on the internal key, not on
-            // any sub-descriptor. This ensures correct behavior for
+           // of a private key depends solely on the internal key (which is checked
+           // in the caller), not on any sub-descriptor. This ensures correct behavior for

Eunovo commented at 3:25 PM on August 11, 2025:

Done

in src/script/descriptor.cpp:2123 in deed439bff outdated

2119 | @@ -2104,7 +2120,7 @@ struct KeyParser {
2120 |          return key;
2121 |      }
2122 |  
2123 | -    std::optional<std::string> ToString(const Key& key) const
2124 | +    std::string ToString(const Key& key, bool* has_priv_key = nullptr) const

rkrux commented at 12:20 PM on August 11, 2025:

In https://github.com/bitcoin/bitcoin/commit/deed439bff638abfc298a3b9c4f3d9f75fa18244 "descriptor: ToPrivateString() pass if at least 1 priv key exists"

Nit:

diff --git a/src/script/descriptor.cpp b/src/script/descriptor.cpp
index b6539ab12e..028a7299e5 100644
--- a/src/script/descriptor.cpp
+++ b/src/script/descriptor.cpp
@@ -2120,7 +2120,7 @@ struct KeyParser {
         return key;
     }
 
-    std::string ToString(const Key& key, bool* has_priv_key = nullptr) const
+    std::string ToString(const Key& key, bool*) const
     {
         return m_keys.at(key).at(0)->ToString();
     }

Eunovo commented at 3:26 PM on August 11, 2025:

Done

in src/script/descriptor.cpp:1548 in deed439bff outdated

1545 | +    std::string ToString(uint32_t key, bool* has_priv_key = nullptr) const
1546 |      {
1547 |          std::string ret;
1548 |          if (m_private) {
1549 | -            if (!m_pubkeys[key]->ToPrivateString(*m_arg, ret)) return {};
1550 | +            assert(has_priv_key != nullptr);

rkrux commented at 12:44 PM on August 11, 2025:

In https://github.com/bitcoin/bitcoin/commit/deed439bff638abfc298a3b9c4f3d9f75fa18244 "descriptor: ToPrivateString() pass if at least 1 priv key exists"

Looks like the same argument applies here too?

#32471 (review)

If has_priv_key is never supposed to be null, then it should be a reference.

Eunovo commented at 3:26 PM on August 11, 2025:

Fixed

rkrux commented at 12:45 PM on August 11, 2025: contributor

The miniscript code took some time for me to understand.

lgtm ACK 4241edfce6f9a4a51121b39bc20040c14d220551

DrahtBot requested review from Sjors on Aug 11, 2025

DrahtBot requested review from achow101 on Aug 11, 2025

in src/script/descriptor.h:119 in 726181bf5b outdated

 110 | @@ -111,6 +111,13 @@ struct Descriptor {
 111 |      /** Whether this descriptor will return one scriptPubKey or multiple (aka is or is not combo) */
 112 |      virtual bool IsSingleType() const = 0;
 113 |  
 114 | +    /** Whether the given provider has all private keys required by this descriptor.
 115 | +     * @return `false` if the descriptor doesn't have any keys or subdescriptors,
 116 | +     *         or if the provider does not have all private keys required by
 117 | +     *         the descriptor.
 118 | +     */
 119 | +    virtual bool HavePrivateKeys(const SigningProvider& provider) const = 0;

rkrux commented at 1:01 PM on August 11, 2025:

In 726181bf5bbf23e188156d2ec2db3e0dcb83b2ee "descriptors: add HavePrivateKeys()"

Naming nit because the function is a part of a singular Descriptor class, but I see there is a combination of Have* (not my preference) and Has* functions in the singular object classes in the codebase, so feel free to ignore.

- virtual bool HavePrivateKeys(const SigningProvider& provider) const = 0;
+ virtual bool HasPrivateKeys(const SigningProvider& provider) const = 0;

Eunovo force-pushed on Aug 11, 2025

rkrux approved

rkrux commented at 10:34 AM on August 15, 2025: contributor

ACK 46860de809a1e9c7d0a1d716f77e9df7fb0bcd1c

git range-diff 4241edf...46860de

Sjors commented at 12:33 PM on September 2, 2025: member

utACK 46860de809a1e9c7d0a1d716f77e9df7fb0bcd1c

I studied 4d07eff13002384ed59a3b7f592be56a25b88c15 from scratch since it had quite a few changes since my last review.

in src/script/descriptor.cpp:888 in 4d07eff130 outdated

 884 | @@ -885,13 +885,16 @@ class DescriptorImpl : public Descriptor
 885 |      virtual bool ToStringSubScriptHelper(const SigningProvider* arg, std::string& ret, const StringType type, const DescriptorCache* cache = nullptr) const
 886 |      {
 887 |          size_t pos = 0;
 888 | +        bool has_priv_key{false};

achow101 commented at 8:43 PM on September 11, 2025:

In 4d07eff13002384ed59a3b7f592be56a25b88c15 "descriptor: ToPrivateString() pass if at least 1 priv key

has_priv_key is a misnomer since for public strings, it has a completely different meaning. I would prefer naming this something more generic, like any_success, here and elsewhere.

Eunovo commented at 3:02 PM on September 12, 2025:

I think changing has_priv_key to any_success might make line 897 more confusing.

https://github.com/bitcoin/bitcoin/blob/4d07eff13002384ed59a3b7f592be56a25b88c15/src/script/descriptor.cpp#L897

rkrux commented at 7:27 AM on September 16, 2025:

has_priv_key is used only for PRIVATE type, consider the following that limits its usage to avoid it being considered a misnomer - related unit/functional tests pass.

diff --git a/src/script/descriptor.cpp b/src/script/descriptor.cpp
index f29e73e2e6..ef977a5912 100644
--- a/src/script/descriptor.cpp
+++ b/src/script/descriptor.cpp
@@ -891,7 +891,7 @@ public:
             std::string tmp;
             bool subscript_res{scriptarg->ToStringHelper(arg, tmp, type, cache)};
             if (type != StringType::PRIVATE && !subscript_res) return false;
-            has_priv_key = has_priv_key || subscript_res;
+            if (type == StringType::PRIVATE) has_priv_key = has_priv_key || subscript_res;
             ret += tmp;
         }
         return type == StringType::PRIVATE ? has_priv_key : true;

Eunovo commented at 6:58 AM on September 17, 2025:

I refactored the code a bit and changed has_priv_key to any_success.

in src/script/descriptor.cpp:1434 in 4d07eff130 outdated

1430 | +            // If there are no sub-descriptors and a PRIVATE string
1431 | +            // is requested, return `false` to indicate that the presence
1432 | +            // of a private key depends solely on the internal key (which is checked
1433 | +            // in the caller), not on any sub-descriptor. This ensures correct behavior for
1434 | +            // descriptors like tr(internal_key) when checking for private keys.
1435 | +            return type == StringType::PRIVATE ? false : true;

achow101 commented at 8:44 PM on September 11, 2025:

In 4d07eff13002384ed59a3b7f592be56a25b88c15 "descriptor: ToPrivateString() pass if at least 1 priv key exists"

nit: can be simplified to

            return type != StringType::PRIVATE

in src/script/miniscript.h:828 in 4d07eff130 outdated

 824 | @@ -825,7 +825,7 @@ struct Node {
 825 |      }
 826 |  
 827 |      template<typename CTx>
 828 | -    std::optional<std::string> ToString(const CTx& ctx) const {
 829 | +    std::string ToString(const CTx& ctx, bool* has_priv_key = nullptr) const {

achow101 commented at 8:45 PM on September 11, 2025:

In 4d07eff13002384ed59a3b7f592be56a25b88c15 "descriptor: ToPrivateString() pass if at least 1 priv key exists"

has_priv_key does not need to be a pointer here.

Eunovo commented at 3:05 PM on September 12, 2025:

I changed this to use a reference and added an overload that doesn't use the reference; callers that don't need has_priv_key can still do ToString(ctx)

DrahtBot requested review from achow101 on Sep 11, 2025

Eunovo force-pushed on Sep 12, 2025

Eunovo force-pushed on Sep 15, 2025

Eunovo requested review from rkrux on Sep 15, 2025

Eunovo force-pushed on Sep 17, 2025

Eunovo commented at 2:55 PM on September 17, 2025: contributor

Rebased on master @https://github.com/bitcoin/bitcoin/commit/2d6a0c4649 and refactored the code the based on suggestions from @achow101

in test/functional/wallet_listdescriptors.py:136 in 74521dd6d4

 131 | +        wallet = node.get_wallet_rpc('w5')
 132 | +        tr_desc = descsum_create('tr(' + node.get_deterministic_priv_key().key +
 133 | +                                 ',{pk(03cdabb7f2dce7bfbd8a0b9570c6fd1e712e5d64045e9d6b517b3d5072251dc204)' +
 134 | +                                 ',pk([d34db33f/44h/0h/0h]tpubD6NzVbkrYhZ4WaWSyoBvQwbpLkojyoTZPRsgXELWz3Popb3qkjcJyJUGLnL4qHHoQvao8ESaAstxYSnhyswJ76uZPStJRJCTKvosUCJZL5B/0)})')
 135 | +        miniscript_desc = descsum_create('wsh(and_v(v:ripemd160(095ff41131e5946f3c85f79e44adbcf8e27e080e),multi(1,' + node.get_deterministic_priv_key().key +
 136 | +                                            ',tpubD6NzVbkrYhZ4WaWSyoBvQwbpLkojyoTZPRsgXELWz3Popb3qkjcJyJUGLnL4qHHoQvao8ESaAstxYSnhyswJ76uZPStJRJCTKvosUCJZL5B/0)))')

rkrux commented at 9:28 AM on October 3, 2025:

In 74521dd6d4b65007547e64bda2bfbc6fe497677f "test: Test listdescs with priv works even with missing priv keys"

Consider importing few musig descriptors as well. Noticed this was an issue while reviewing #29675: #29675 (review)

Plus minor refactor to use set for importing and asserting to make it less redundant to read.

<details open> <summary>More musig tests and refactoring diff</summary>

diff --git a/test/functional/wallet_listdescriptors.py b/test/functional/wallet_listdescriptors.py
index ce4859e43f..5204971e33 100755
--- a/test/functional/wallet_listdescriptors.py
+++ b/test/functional/wallet_listdescriptors.py
@@ -127,27 +127,33 @@ class ListDescriptorsTest(BitcoinTestFramework):
         assert_equal(expected, wallet.listdescriptors())
 
         self.log.info('Test descriptor with missing private keys')
-        node.createwallet(wallet_name='w5', blank=True, descriptors=True)
+        node.createwallet(wallet_name='w5', blank=True)
         wallet = node.get_wallet_rpc('w5')
-        tr_desc = descsum_create('tr(' + node.get_deterministic_priv_key().key +
-                                 ',{pk(03cdabb7f2dce7bfbd8a0b9570c6fd1e712e5d64045e9d6b517b3d5072251dc204)' +
-                                 ',pk([d34db33f/44h/0h/0h]tpubD6NzVbkrYhZ4WaWSyoBvQwbpLkojyoTZPRsgXELWz3Popb3qkjcJyJUGLnL4qHHoQvao8ESaAstxYSnhyswJ76uZPStJRJCTKvosUCJZL5B/0)})')
-        miniscript_desc = descsum_create('wsh(and_v(v:ripemd160(095ff41131e5946f3c85f79e44adbcf8e27e080e),multi(1,' + node.get_deterministic_priv_key().key +
-                                            ',tpubD6NzVbkrYhZ4WaWSyoBvQwbpLkojyoTZPRsgXELWz3Popb3qkjcJyJUGLnL4qHHoQvao8ESaAstxYSnhyswJ76uZPStJRJCTKvosUCJZL5B/0)))')
-        wallet.importdescriptors([
-            {
-                'desc': tr_desc,
-                'timestamp': TIME_GENESIS_BLOCK,
-            },
-            {
-                'desc': miniscript_desc,
-                'timestamp': TIME_GENESIS_BLOCK,
-            }
-        ])
+
+        expected_descs = {
+            descsum_create('tr(' + node.get_deterministic_priv_key().key +
+                ',{pk(03cdabb7f2dce7bfbd8a0b9570c6fd1e712e5d64045e9d6b517b3d5072251dc204)' +
+                ',pk([d34db33f/44h/0h/0h]tpubD6NzVbkrYhZ4WaWSyoBvQwbpLkojyoTZPRsgXELWz3Popb3qkjcJyJUGLnL4qHHoQvao8ESaAstxYSnhyswJ76uZPStJRJCTKvosUCJZL5B/0)})'),
+            descsum_create('wsh(and_v(v:ripemd160(095ff41131e5946f3c85f79e44adbcf8e27e080e),multi(1,' + node.get_deterministic_priv_key().key +
+                ',tpubD6NzVbkrYhZ4WaWSyoBvQwbpLkojyoTZPRsgXELWz3Popb3qkjcJyJUGLnL4qHHoQvao8ESaAstxYSnhyswJ76uZPStJRJCTKvosUCJZL5B/0)))'),
+            descsum_create('tr(03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,pk(musig(tprv8ZgxMBicQKsPeNLUGrbv3b7qhUk1LQJZAGMuk9gVuKh9sd4BWGp1eMsehUni6qGb8bjkdwBxCbgNGdh2bYGACK5C5dRTaif9KBKGVnSezxV,tpubD6NzVbkrYhZ4XcACN3PEwNjRpR1g4tZjBVk5pdMR2B6dbd3HYhdGVZNKofAiFZd9okBserZvv58A6tBX4pE64UpXGNTSesfUW7PpW36HuKz)/7/8/*))'),
+            descsum_create('tr(03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,pk(musig(tprv8ZgxMBicQKsPeNLUGrbv3b7qhUk1LQJZAGMuk9gVuKh9sd4BWGp1eMsehUni6qGb8bjkdwBxCbgNGdh2bYGACK5C5dRTaif9KBKGVnSezxV/10,tpubD6NzVbkrYhZ4XcACN3PEwNjRpR1g4tZjBVk5pdMR2B6dbd3HYhdGVZNKofAiFZd9okBserZvv58A6tBX4pE64UpXGNTSesfUW7PpW36HuKz/11)/*))'),
+            descsum_create('tr(03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,{pk(musig(tpubD6NzVbkrYhZ4Wo2WcFSgSqRD9QWkGxddo6WSqsVBx7uQ8QEtM7WncKDRjhFEexK119NigyCsFygA4b7sAPQxqebyFGAZ9XVV1BtcgNzbCRR,tprv8ZgxMBicQKsPen4PGtDwURYnCtVMDejyE8vVwMGhQWfVqB2FBPdekhTacDW4vmsKTsgC1wsncVqXiZdX2YFGAnKoLXYf42M78fQJFzuDYFN)/12/*),pk(musig(tprv8ZgxMBicQKsPeNLUGrbv3b7qhUk1LQJZAGMuk9gVuKh9sd4BWGp1eMsehUni6qGb8bjkdwBxCbgNGdh2bYGACK5C5dRTaif9KBKGVnSezxV,tpubD6NzVbkrYhZ4XWb6fGPjyhgLxapUhXszv7ehQYrQWDgDX4nYWcNcbgWcM2RhYo9s2mbZcfZJ8t5LzYcr24FK79zVybsw5Qj3Rtqug8jpJMy)/13/*)})')
+        }
+
+        descs_to_import = []
+        for desc in expected_descs:
+            descs_to_import.append({'desc': desc, 'timestamp': TIME_GENESIS_BLOCK})
+
+        wallet.importdescriptors(descs_to_import)
         result = wallet.listdescriptors(True)
-        expected_descs = [tr_desc, miniscript_desc]
         actual_descs = [d['desc'] for d in result['descriptors']]
-        assert_equal(actual_descs, expected_descs)
+
+        assert_equal(len(actual_descs), len(expected_descs))
+        for desc in actual_descs:
+            if desc not in expected_descs:
+                raise AssertionError(f"{desc} missing")
+
 
 
 if __name__ == '__main__':

</details>

rkrux commented at 10:01 AM on October 3, 2025:

There appears to be an issue with the following MuSig descriptor that fails the test:

One of the MuSig portion in the descriptor doesn't contain any private key for which the listdescriptors(true) returns a pk() instead of defaulting to the public keys whereas the listdescriptors() works fine.

        desc = descsum_create('tr(03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,{pk(musig(tpubD6NzVbkrYhZ4Wo2WcFSgSqRD9QWkGxddo6WSqsVBx7uQ8QEtM7WncKDRjhFEexK119NigyCsFygA4b7sAPQxqebyFGAZ9XVV1BtcgNzbCRR,tpubD6NzVbkrYhZ4Wc3i6L6N1Pp7cyVeyMcdLrFGXGDGzCfdCa5F4Zs3EY46N72Ws8QDEUYBVwXfDfda2UKSseSdU1fsBegJBhGCZyxkf28bkQ6)/12/*),pk(musig(tprv8ZgxMBicQKsPeNLUGrbv3b7qhUk1LQJZAGMuk9gVuKh9sd4BWGp1eMsehUni6qGb8bjkdwBxCbgNGdh2bYGACK5C5dRTaif9KBKGVnSezxV,tpubD6NzVbkrYhZ4XWb6fGPjyhgLxapUhXszv7ehQYrQWDgDX4nYWcNcbgWcM2RhYo9s2mbZcfZJ8t5LzYcr24FK79zVybsw5Qj3Rtqug8jpJMy)/13/*)})')
        result = wallet.importdescriptors([{
            'desc': desc,
            'timestamp': TIME_GENESIS_BLOCK,
        }])
        result = wallet.listdescriptors(True)
        result = wallet.listdescriptors()

Debug Output for result object.

2025-10-03T09:56:03.473944Z TestFramework (INFO): Test descriptor with missing private keys
'tr(03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,{pk(musig(tpubD6NzVbkrYhZ4Wo2WcFSgSqRD9QWkGxddo6WSqsVBx7uQ8QEtM7WncKDRjhFEexK119NigyCsFygA4b7sAPQxqebyFGAZ9XVV1BtcgNzbCRR,tpubD6NzVbkrYhZ4Wc3i6L6N1Pp7cyVeyMcdLrFGXGDGzCfdCa5F4Zs3EY46N72Ws8QDEUYBVwXfDfda2UKSseSdU1fsBegJBhGCZyxkf28bkQ6)/12/*),pk(musig(tprv8ZgxMBicQKsPeNLUGrbv3b7qhUk1LQJZAGMuk9gVuKh9sd4BWGp1eMsehUni6qGb8bjkdwBxCbgNGdh2bYGACK5C5dRTaif9KBKGVnSezxV,tpubD6NzVbkrYhZ4XWb6fGPjyhgLxapUhXszv7ehQYrQWDgDX4nYWcNcbgWcM2RhYo9s2mbZcfZJ8t5LzYcr24FK79zVybsw5Qj3Rtqug8jpJMy)/13/*)})#jd2qx33n'
[{'success': True,
  'warnings': ['Range not given, using default keypool range',
               'Not all private keys provided. Some wallet functionality may '
               'return unexpected errors']}]
{'wallet_name': 'w5',
 'descriptors': [{'desc': 'tr(03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,{pk(),pk(musig(tprv8ZgxMBicQKsPeNLUGrbv3b7qhUk1LQJZAGMuk9gVuKh9sd4BWGp1eMsehUni6qGb8bjkdwBxCbgNGdh2bYGACK5C5dRTaif9KBKGVnSezxV,tpubD6NzVbkrYhZ4XWb6fGPjyhgLxapUhXszv7ehQYrQWDgDX4nYWcNcbgWcM2RhYo9s2mbZcfZJ8t5LzYcr24FK79zVybsw5Qj3Rtqug8jpJMy)/13/*)})#53ynphm7',
                  'timestamp': 1296688602,
                  'active': False,
                  'range': [0, 0],
                  'next': 0,
                  'next_index': 0}]}
{'wallet_name': 'w5',
 'descriptors': [{'desc': 'tr(03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,{pk(musig(tpubD6NzVbkrYhZ4Wo2WcFSgSqRD9QWkGxddo6WSqsVBx7uQ8QEtM7WncKDRjhFEexK119NigyCsFygA4b7sAPQxqebyFGAZ9XVV1BtcgNzbCRR,tpubD6NzVbkrYhZ4Wc3i6L6N1Pp7cyVeyMcdLrFGXGDGzCfdCa5F4Zs3EY46N72Ws8QDEUYBVwXfDfda2UKSseSdU1fsBegJBhGCZyxkf28bkQ6)/12/*),pk(musig(tpubD6NzVbkrYhZ4XqNGAWGWSzmxGWFwVjVTjZxh2fioKbVYi7Jx8fdbprVWsdW7mHwqjchBVas8TLZG4Xwuz4RKU4iaCqiCvoSkFCzQptqk5Y1,tpubD6NzVbkrYhZ4XWb6fGPjyhgLxapUhXszv7ehQYrQWDgDX4nYWcNcbgWcM2RhYo9s2mbZcfZJ8t5LzYcr24FK79zVybsw5Qj3Rtqug8jpJMy)/13/*)})#8396h37a',
                  'timestamp': 1296688602,
                  'active': False,
                  'range': [0, 0],
                  'next': 0,
                  'next_index': 0}]}

The following patch in MuSigPubkeyProvider seems to fix it.

out doesn't need to be cleared if no priv keys found. For non watch-only wallets, a descriptor without any private keys can't be imported anyway so there can't be a case wherein we need to propagate this check from MuSigPubkeyProvider to TrDescriptor.

It can be assumed that any other portion of the descriptor will have a private key.

I haven't verified this^ assumption for every possible scenario and I suggest adding few more cases in this test wherein a private key is present in different portions of the tr() descriptor with musig(). Few templates for reference from #29675 PR: https://github.com/bitcoin/bitcoin/pull/29675/commits/ac599c4a9cb3b2d424932d3fd91f9eed17426827#diff-c94f9555a2569240d362a00a82764f4714f6c65283e3f96725cf2a1043a296b5R224-R238

After this PR, pubkey->ToPrivateString defaults to returning the public key in tmp, so the subsequent else block is redundant now.

diff --git a/src/script/descriptor.cpp b/src/script/descriptor.cpp
index 6eafcaa94c..76d4c8bb02 100644
--- a/src/script/descriptor.cpp
+++ b/src/script/descriptor.cpp
@@ -726,17 +726,14 @@ public:
             std::string tmp;
             if (pubkey->ToPrivateString(arg, tmp)) {
                 any_privkeys = true;
-                out += tmp;
-            } else {
-                out += pubkey->ToString();
             }
+            out += tmp;
         }
         out += ")";
         out += FormatHDKeypath(m_path);
         if (IsRangedDerivation()) {
             out += "/*";
         }
-        if (!any_privkeys) out.clear();
         return any_privkeys;
     }
     bool ToNormalizedString(const SigningProvider& arg, std::string& out, const DescriptorCache* cache = nullptr) const override

Eunovo commented at 1:37 AM on October 5, 2025:

Thanks for pointing this out.

out doesn't need to be cleared if no priv keys found. For non watch-only wallets, a descriptor without any private keys can't be imported anyway so there can't be a case wherein we need to propagate this check from MuSigPubkeyProvider to TrDescriptor.

Yes, there must be a private key somewhere in the descriptor, so the MusigPubkeyProvider should not clear the string.

I used your patch and added you as co-author.

in src/wallet/rpc/backup.cpp:498 in a797b2ab6b outdated

 490 | @@ -490,6 +491,9 @@ RPCHelpMan listdescriptors()
 491 |      if (!wallet) return UniValue::VNULL;
 492 |  
 493 |      const bool priv = !request.params[0].isNull() && request.params[0].get_bool();
 494 | +    if (wallet->IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS) && priv) {
 495 | +        throw JSONRPCError(RPC_WALLET_ERROR, "Can't get private descriptor string for watch-only wallets");

rkrux commented at 9:32 AM on October 3, 2025:

In a797b2ab6ba69732a1b6f1b54b7785d4b802170e "walletrpc: reject listdes with priv key on w-only wallets"

Nit: To make it explicit in the error that the request params combination is invalid.

- throw JSONRPCError(RPC_WALLET_ERROR, "Can't get private descriptor string for watch-only wallets");
+ throw JSONRPCError(RPC_WALLET_ERROR, "Invalid request to get private descriptor string for watch-only wallets");

Eunovo commented at 1:40 AM on October 5, 2025:

I don't believe the suggested message is an improvement, so I will leave it as is.

rkrux changes_requested

rkrux commented at 11:02 AM on October 3, 2025: contributor

Requesting changes because found an issue with the musig() descriptor that can be fixed in this PR itself.

in src/test/descriptor_tests.cpp:52 in 74521dd6d4

  48 | @@ -49,7 +49,7 @@ constexpr int SIGNABLE = 1 << 3; // We can sign with this descriptor (this is no
  49 |  constexpr int DERIVE_HARDENED = 1 << 4; // The final derivation is hardened, i.e. ends with *' or *h
  50 |  constexpr int MIXED_PUBKEYS = 1 << 5;
  51 |  constexpr int XONLY_KEYS = 1 << 6; // X-only pubkeys are in use (and thus inferring/caching may swap parity of pubkeys/keyids)
  52 | -constexpr int MISSING_PRIVKEYS = 1 << 7; // Not all private keys are available, so ToPrivateString will fail.
  53 | +constexpr int MISSING_PRIVKEYS = 1 << 7; // Not all private keys are available, so ToPrivateString will fail and HavePrivateKeys() will return `true`.

DrahtBot commented at 11:16 AM on October 3, 2025:

Not all private keys are available, so ToPrivateString will fail and HavePrivateKeys() will return true. -> ... will return false. [The comment contradicts the flag name and intent — if private keys are missing, HavePrivateKeys() should be false; the current text stating true is likely a typo and is misleading.]

rkrux commented at 11:41 AM on October 3, 2025:

Is this comment in the code correct?

s/HavePrivateKeys/HasAllPrivateKeys because the current implementation of HavePrivateKeys returns false immediately if a corresponding private key is not found for a public key; the function doc suggests this too - "Whether the given provider has all private keys required by this descriptor."

Whereas ToPrivateString returns true if any private key is found, the usage of any_success also suggests this.

Eunovo commented at 1:39 AM on October 5, 2025:

I have updated the comment.

Eunovo force-pushed on Oct 5, 2025

rkrux approved

rkrux commented at 11:16 AM on October 6, 2025: contributor

lgtm ACK 8b4d4b3

Thanks for quickly addressing the comments.

git range-diff 74521dd...8b4d4b3

I have tried to think if the fix covers all the cases that could possibly arise in various descriptors containing private keys partially. Essentially, the ToPrivateString function of the descriptor classes returns true even if there is a single private key available for it, whereas the newly added HavePrivateKeys function returns true when all the private keys for the descriptor are available & hence, it's used in the wallet migration code now. Very good that the latest push also tests for the missing private keys case in the else block in the descriptor unit tests!

Note: I have limited exposure to the Miniscript code as of now; I might re-review later that portion again, but looks ok right now.

This issue has popped up in my own local quite a few times where it became hard for me to continue my workflow, hope it gets checked in soon!

in src/script/descriptor.cpp:859 in 8b4d4b392c outdated

 859 | +
 860 | +        for (const auto& pubkey : m_pubkey_args) {
 861 | +            FlatSigningProvider provider;
 862 | +            pubkey->GetPrivKey(0, arg, provider);
 863 | +            if (provider.keys.empty()) return false;
 864 | +        }

w0xlt commented at 12:58 PM on October 20, 2025:

nit: Could reuse one temporary provider to reduce alloc churn.

       FlatSigningProvider tmp_provider;
        for (const auto& pubkey : m_pubkey_args) {
            tmp_provider.keys.clear();
            pubkey->GetPrivKey(0, arg, tmp_provider);
            if (tmp_provider.keys.empty()) return false;
        }

Eunovo commented at 3:11 AM on October 21, 2025:

Done

Eunovo force-pushed on Oct 21, 2025

w0xlt commented at 7:53 AM on October 22, 2025: contributor

ACK https://github.com/bitcoin/bitcoin/pull/32471/commits/2b16014dfbe7e249e4929beafb4ce26415206e7a

DrahtBot requested review from rkrux on Oct 22, 2025

rkrux approved

rkrux commented at 1:45 PM on November 6, 2025: contributor

reACK 2b16014

git range-diff 8b4d4b3...2b16014

in src/script/descriptor.cpp:883 in 23f8b6035f outdated

 882 | @@ -883,13 +883,17 @@ class DescriptorImpl : public Descriptor
 883 |      virtual bool ToStringSubScriptHelper(const SigningProvider* arg, std::string& ret, const StringType type, const DescriptorCache* cache = nullptr) const
 884 |      {
 885 |          size_t pos = 0;
 886 | +        bool is_private{type == StringType::PRIVATE};
 887 | +        bool any_success{!is_private};

Sjors commented at 9:39 AM on November 12, 2025:

In 23f8b6035ff6538134be3d3df8a3ab8ba47f86c0 descriptor: ToPrivateString() pass if at least 1 priv key exists: the variable name any_success had me confused. If you have to retouch, it would be good to document its meaning or rename it.

// If a public string is requested, fail if no subscript returns
a public string. If a  private string is requested, fail if no 
subscript returns a private string.

Seems like any_success was suggested here: #32471 (review)

Eunovo commented at 4:03 PM on November 19, 2025:

I added comments where any_success was used.

Sjors commented at 1:26 PM on November 12, 2025: member

Was in the middle of a review, but had to leave. Some comments.

DrahtBot requested review from Sjors on Nov 12, 2025

DrahtBot added the label Needs rebase on Nov 18, 2025

Eunovo force-pushed on Nov 19, 2025

DrahtBot added the label CI failed on Nov 19, 2025

DrahtBot removed the label Needs rebase on Nov 19, 2025

Eunovo force-pushed on Nov 19, 2025

DrahtBot removed the label CI failed on Nov 19, 2025

Eunovo commented at 8:32 AM on November 20, 2025: contributor

Rebased on master. I updated the Miniscript implementation slightly due to changes from https://github.com/bitcoin/bitcoin/pull/31734

in src/wallet/test/walletload_tests.cpp:29 in 1441145f34

  25 | @@ -26,6 +26,7 @@ class DummyDescriptor final : public Descriptor {
  26 |      bool IsRange() const override { return false; }
  27 |      bool IsSolvable() const override { return false; }
  28 |      bool IsSingleType() const override { return true; }
  29 | +    bool HavePrivateKeys(const SigningProvider&) const override { return true; }

Sjors commented at 5:33 AM on January 6, 2026:

In 1441145f34f3cf6f9e30599a67defd276c9ef114 descriptors: add HavePrivateKeys() nit: this is an odd default for the test, because e.g. ToPrivateString is false by default.

Eunovo commented at 9:35 AM on January 7, 2026:

Changed to false.

in src/wallet/scriptpubkeyman.cpp:722 in 7e2af06190 outdated

 716 | @@ -717,10 +717,7 @@ std::optional<MigrationData> LegacyDataSPKM::MigrateToDescriptor()
 717 |  
 718 |          std::vector<CScript> desc_spks;
 719 |  
 720 | -        // Make the descriptor string with private keys
 721 | -        std::string desc_str;
 722 | -        bool watchonly = !desc->ToPrivateString(*this, desc_str);
 723 | -        if (watchonly && !m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)) {
 724 | +        if (!desc->HavePrivateKeys(*this) && !m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)) {

Sjors commented at 6:00 AM on January 6, 2026:

In 7e2af0619058858138fe0b1b942d98324338c0da wallet/migration: use HavePrivateKeys in place of ToPrivateString: we should have a comment here to explain what this if condition if trying to achieve. The original comment (now deleted) wasn't great either. Try:

// If we can't provide all private keys for this inferred descriptor,
// but this wallet is not watch-only, migrate it to the watch-only wallet.
if (...

It's useful to know, as you write in the PR description:

In order to keep the scope of this PR limited to the RPC behaviour, this PR uses a different method to determine watchonly descriptors for the purpose of wallet migration. A follow-up PR can be opened to update migration logic to exclude descriptors with some private keys from the watchonly migration wallet.

Not sure if we want to further expand the comment, but let's add that to the commit message. That way future devs can understand why migration is inconsistent with RPC behaviour.

I do agree it's good to limit the PR scope in this way.

Eunovo commented at 9:36 AM on January 7, 2026:

I added your comment as is and updated the commit message.

in src/test/fuzz/miniscript.cpp:1245 in 4dc37d89de

1245 | @@ -1242,7 +1246,6 @@ FUZZ_TARGET(miniscript_string, .init = FuzzInit)
1246 |      if (!parsed) return;
1247 |  
1248 |      const auto str2 = parsed->ToString(parser_ctx);
1249 | -    assert(str2);

Sjors commented at 9:20 AM on January 6, 2026:

In 4dc37d89de0b8b39b3e5ca802067663cfc3bb529 descriptor: ToPrivateString() pass if at least 1 priv key exists: I wouldn't drop this assert; you're still referencing it the next line.

in src/test/fuzz/miniscript.cpp:1040 in 4dc37d89de

1036 | @@ -1033,7 +1037,7 @@ void TestNode(const MsCtx script_ctx, const NodeRef& node, FuzzedDataProvider& p
1037 |  
1038 |      // Check that it roundtrips to text representation
1039 |      const ParserContext parser_ctx{script_ctx};
1040 | -    std::optional<std::string> str{node->ToString(parser_ctx)};
1041 | +    auto str{node->ToString(parser_ctx)};

Sjors commented at 9:29 AM on January 6, 2026:

In 4dc37d89de0b8b39b3e5ca802067663cfc3bb529 descriptor: ToPrivateString() pass if at least 1 priv key exists: there's no need to change this?

Sjors commented at 12:43 PM on January 6, 2026: member

I still need to (re-)review the non-test changes of 4dc37d89de0b8b39b3e5ca802067663cfc3bb529, but everything else looks fine.

I wrote an expansion of the fuzzer so it actually covers has_priv_key, see https://github.com/Eunovo/bitcoin/pull/3, but it can wait for a followup.

The commit message for 583797341106abab8e6e9bd4bbaf91d5cc7f0cc9 walletrpc: reject listdes with priv key on w-only wallets could mention that this improves the error message.

descriptors: add HavePrivateKeys()

Previously, to determine if a desc is watchonly, `ToPrivateString()`, was used.
It returns `false` if there is at least one pubkey in the descriptor for which
the provider  does not have a private key.

ToPrivateString() behaviour will change in the following commits to only
return `false` if no priv keys could be found for the pub keys in the descriptor.

HavePrivateKeys() is added here to replace the use of ToPrivateString() for determining
if a descriptor is 'watchonly'.

Co-authored-by: rkrux <rkrux.connect@gmail.com>

e842eb90bb

wallet/migration: use HavePrivateKeys in place of ToPrivateString

ToPrivateString() behaviour will be modified in the following commits.

In order to keep the scope of this PR limited to the RPC behaviour,
this commit updates wallet migration to use 'Descriptor::HavePrivateKeys()'
in place of 'Descriptor::ToPrivateString()' to determine watchonly descriptors.

A follow-up PR can be opened to update migration logic to exclude
descriptors with some private keys from the watchonly migration wallet.

2dc74e3f4e

descriptor: refactor ToPrivateString for providers

This commit modifies the Pubkey providers to return the public string
if private data is not available.
This is setup for a future commit to make Descriptor::ToPrivateString
return strings with missing private key information.

Co-authored-by: rkrux <rkrux.connect@gmail.com>

5c4db25b61

in src/script/descriptor.cpp:1602 in 4dc37d89de outdated

1602 | -        }
1603 | -        return false;
1604 | +        bool has_priv_key{false};
1605 | +        auto res = m_node->ToString(StringMaker(arg, m_pubkey_args, type, cache), has_priv_key);
1606 | +        if (res) out = *res;
1607 | +        return type == StringType::PRIVATE ? has_priv_key : res.has_value();

Sjors commented at 9:20 AM on January 7, 2026:

In 4dc37d89de0b8b39b3e5ca802067663cfc3bb529 descriptor: ToPrivateString() pass if at least 1 priv key exists:

The following makes it more clear why for private strings we only look at has_priv_key and don't care about whether res has a value:

if (type == StringType::PRIVATE) {
    Assume(res.has_value());
    return has_priv_key;
} else {
    return res.has_value();
}

Or a bit shorter:

return res.has_value() && (type != StringType::PRIVATE || has_priv_key);

Though in the edge case of StringType::PRIVATE with no res, this would return false which is a bit unexpected.

Eunovo commented at 9:55 AM on January 7, 2026:

The Assume check here is useful because we expect res to always have a value, so I think the longer version is better. I have rebased the PR with the change.

Sjors commented at 10:01 AM on January 7, 2026:

Sounds good, I rebased https://github.com/Sjors/bitcoin/pull/108 on top of your latest push to see if it survives the current fuzz corpus sanity check.

Eunovo force-pushed on Jan 7, 2026

Sjors commented at 9:42 AM on January 7, 2026: member

ACK 165f7283ea56e32ce336f17ac20f6b04357a145d

Just left one more (vague) suggestion above.

DrahtBot requested review from rkrux on Jan 7, 2026

DrahtBot requested review from w0xlt on Jan 7, 2026

descriptor: ToPrivateString() pass if at least 1 priv key exists

- Refactor Descriptor::ToPrivateString() to allow descriptors with
  missing private keys to be printed. Useful in descriptors with
  multiple keys e.g tr() etc.
- The existing behaviour of listdescriptors is preserved as much as
  possible, if no private keys are availablle ToPrivateString will
  return false

9e5e9824f1

walletrpc: reject listdes with priv key on w-only wallets ed945a6854

test: Test listdescs with priv works even with missing priv keys

Co-authored-by: rkrux <rkrux.connect@gmail.com>

9c7e4771b1

Eunovo force-pushed on Jan 7, 2026

DrahtBot added the label CI failed on Jan 7, 2026

DrahtBot removed the label CI failed on Jan 7, 2026

Sjors commented at 8:35 AM on January 9, 2026: member

ACK 9c7e4771b13d4729fd20ea08b7e2e3209b134fff

achow101 commented at 10:53 PM on January 19, 2026: member

ACK 9c7e4771b13d4729fd20ea08b7e2e3209b134fff

in test/functional/wallet_listdescriptors.py:176 in 9c7e4771b1

 171 | +        actual_descs = [d['desc'] for d in result['descriptors']]
 172 | +
 173 | +        assert_equal(len(actual_descs), len(expected_descs))
 174 | +        for desc in actual_descs:
 175 | +            if desc not in expected_descs:
 176 | +                raise AssertionError(f"{desc} missing")

w0xlt commented at 1:05 AM on January 20, 2026:

                raise AssertionError(f"Unexpected descriptor: {desc}")

Eunovo commented at 12:40 PM on January 20, 2026:

Will fix if I retouch.

in src/script/descriptor.cpp:1603 in 9c7e4771b1

1601 | -            return true;
1602 | +        bool has_priv_key{false};
1603 | +        auto res = m_node->ToString(StringMaker(arg, m_pubkey_args, type, cache), has_priv_key);
1604 | +        if (res) out = *res;
1605 | +        if (type == StringType::PRIVATE) {
1606 | +            Assume(res.has_value());

w0xlt commented at 1:16 AM on January 20, 2026:

nit: if the Assume() somehow fails in release, out will be empty string rather than undefined.

            if (!res) out.clear();  
            Assume(res.has_value());

Eunovo commented at 12:40 PM on January 20, 2026:

Will fix if I retouch.

w0xlt commented at 1:17 AM on January 20, 2026: contributor

reACK https://github.com/bitcoin/bitcoin/pull/32471/commits/9c7e4771b13d4729fd20ea08b7e2e3209b134fff with minor nits

rkrux approved

rkrux commented at 11:45 AM on January 20, 2026: contributor

re-ACK 9c7e4771b13d4729fd20ea08b7e2e3209b134fff

but with a caveat that I have only looked at the range-diff and the latest commit messages this time. I've reviewed this PR before quite a few times and have now developed review fatigue for this PR. I'm relying on my previous acks to bolster this reack.

git range-diff 2b16014...9c7e477

achow101 merged this on Jan 20, 2026

achow101 closed this on Jan 20, 2026

rkrux commented at 7:48 AM on January 23, 2026: contributor

Regarding my earlier comment #32471 (comment) on this PR, I created an issue for it #34378 and raised the corresponding PR #34379.