Reviewing files that changed from the base of the PR and between 272c951 and 0e835b3.

• configure.ac (2 hunks)
• contrib/guix/manifest.scm (1 hunks)
• doc/README.md (1 hunks)
• doc/multisig-tutorial.md (0 hunks)
• doc/offline-signing-tutorial.md (1 hunks)
• src/init.cpp (1 hunks)
• src/init/common.cpp (1 hunks)
• src/test/fuzz/fuzz.cpp (2 hunks)
• test/functional/p2p_add_connections.py (3 hunks)
• test/sanitizer_suppressions/ubsan (2 hunks)

• doc/multisig-tutorial.md

• GitHub Check: x86_64-w64-mingw32 / Build depends
• GitHub Check: x86_64-apple-darwin / Build depends
• GitHub Check: x86_64-pc-linux-gnu_nowallet / Build depends
• GitHub Check: x86_64-pc-linux-gnu / Build depends
• GitHub Check: x86_64-pc-linux-gnu_multiprocess / Build depends
• GitHub Check: arm-linux-gnueabihf / Build depends

src/init.cpp (2)

592-592: Simplified UPnP help text

The help text for the -upnp command line argument has been simplified by directly using strprintf without the translation marker _(). This is consistent with other networking options and avoids unnecessary translation overhead for technical terms.

---

597-597: Simplified NAT-PMP help text

Similar to the UPnP change, the help text for the -natpmp command line argument has been simplified by removing the translation marker. This maintains consistency with the UPnP option and other networking-related parameters.

src/init/common.cpp (1)

70-70: Improved -loglevel help text clarity and completeness

The help text for the -loglevel argument has been significantly improved:

1. It now clearly explains that this affects logging categories enabled with -debug or the logging RPC
2. Uses LogInstance().LogLevelsString() to dynamically list all possible values
3. Shows the default log level
4. Clarifies which levels are always logged (error, warning, info)
5. Better explains category-specific overrides

The flags were also updated to prevent negation and elision, which is appropriate for this parameter.

test/functional/p2p_add_connections.py (3)

2-2: Updated copyright year range

Changed copyright year from a specific year to a range "2020-present" which is good practice for ongoing development.

---

14-20: Added VersionSender class for P2P protocol testing

New test class that overrides the default P2P connection behavior to immediately send a version message upon connection, rather than waiting to receive one first. This allows testing of early version message handling.

The class properly validates that on_connection_send_msg is set before sending and cleared afterward.

---

118-130: Added test for proper version message handling protocol

This new test case validates important P2P behavior - ensuring that the node properly handles receiving a version message before it sends its own. The test confirms that the node:

1. Sends its own version message first
2. Then processes the early version message from the peer
3. Finally sends a verack message to complete the handshake

This is essential for ensuring protocol compliance with other nodes in the network.

doc/README.md (1)

80-80: Added link to Offline Signing Tutorial

Added a new entry in the Miscellaneous section linking to the offline-signing-tutorial.md document. This is a valuable addition as offline signing is an important security practice for handling high-value transactions.

configure.ac (2)

746-748: Good addition of Windows-specific compiler flag

The added check for -Wa,-muse-unaligned-vector-move specifically for Windows targets helps avoid issues with aligned vector instructions. This is a good mitigation for the GCC bug mentioned in the comment (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=54412).

---

1024-1024: Removal of sys/sysctl.h from header checks

The removal of sys/sysctl.h from the list of headers checked by AC_CHECK_HEADERS streamlines the configuration process. This aligns with the pattern in configure.ac where header checks are kept to the necessary minimum.

test/sanitizer_suppressions/ubsan (1)

22-22: Added secp256k1 suppressions for sanitizer checks

The addition of secp256k1/ to various sanitizer suppression categories is appropriate for cryptographic libraries that may contain intentional behavior that triggers sanitizer warnings. This change ensures clean sanitizer runs by suppressing known benign issues.

Also applies to: 31-31, 34-34, 37-37, 44-44

src/test/fuzz/fuzz.cpp (2)

80-96: Good implementation of coverage counter reset functionality

The newly added ResetCoverageCounters() function is well-implemented with proper conditional compilation and weak symbol linking. This allows the code to work correctly regardless of the compilation environment.

---

150-150: Appropriate usage of the new counter reset function

Adding the call to ResetCoverageCounters() at this point in the initialization process ensures that coverage counters are reset before fuzzing begins, leading to more accurate coverage metrics during fuzzing runs.

contrib/guix/manifest.scm (1)

430-431: Improved SSP enablement for mingw-w64 GCC package

The change from using make flags (gcc_cv_libc_provides_ssp=yes) to using a configure flag (--enable-default-ssp=yes) is a more modern and direct approach to enabling Stack Smashing Protector. This aligns with the changes in configure.ac that removed the runtime libssp check.

doc/offline-signing-tutorial.md (21)

1-6: Well structured introduction and clear goal.

The title and opening paragraphs succinctly explain the purpose and security benefits of an air‑gapped offline signing workflow.

---

9-11: Admonition style is clear.

The [!NOTE] block correctly highlights the mainnet vs signet distinction.

---

12-17: Overview section is comprehensive.

The heading, description, and bullet list clearly outline the two hosts and their roles.

---

20-22: Requirements list is clear.

Specifying jq as optional is helpful for users who prefer JSON CLI tools.

---

23-35: Code block formatting looks good.

The shell commands for creating the offline wallet are properly fenced and annotated.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~25-~25: Possible missing comma found.
Context: ...the offline_wallet 1. On the offline machine create a wallet named offline_wallet ...

(AI_HYDRA_LEO_MISSING_COMMA)

---

37-39: Helpful security reminder.

Emphasizing wallet encryption is important. The link to deeper guidance is appropriate.

---

40-46: Descriptor export steps are clear.

Using jq to extract descriptors is a nice touch for readability and portability.

---

48-50: Note on descriptor transfer is useful.

Reminding users to use physical media reinforces the air‑gap concept.

---

61-68: Watch‑only wallet creation commands are well formatted.

The use of -named flags and JSON response examples help onboard new users.

---

70-74: Descriptor import command is accurate.

Using $(cat /path/to/descriptors.json) within quotes is correct to handle JSON arrays.

---

76-100: Import result JSON is illustrative.

Showing multiple success responses clarifies why several descriptors are imported.

---

102-104: Helpful note on multiple descriptors.

Explaining the significance of multiple imports aids comprehension.

---

105-115: Funding instructions are straightforward.

Detailing both offline and online wallet address generation reinforces the key point.

---

121-141: Unspent output example is comprehensive.

The JSON sample covers all relevant fields, showcasing listunspent results.

🧰 Tools

🪛 Gitleaks (8.21.2)

130-130: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

168-194: Decoding and analysis examples are clear.

Providing both decodepsbt and analyzepsbt outputs helps users understand the missing signatures section.

---

198-206: Signing workflow instructions are accurate.

Unlocking, processing, signing, and finalizing are clearly broken into steps.

---

211-215: Final PSBT export command is correct.

Capturing .hex and redirecting output provides a ready-to-broadcast file.

---

218-224: Broadcast example is well demonstrated.

Using sendrawtransaction on the online node completes the workflow.

---

231-244: Balance confirmation steps are helpful.

Showing both balance and last processed block gives a full picture post‑broadcast.

---

250-255: Concluding transaction list command wraps up the tutorial.

Encouraging users to inspect transaction history rounds out the guide.

---

1-255: Ensure README linkage is updated.

This tutorial must be referenced in doc/README.md under "Miscellaneous" for discoverability. Please verify and add the link if missing.

🧰 Tools

🪛 LanguageTool

[style] ~18-~18: Consider a shorter alternative to avoid wordiness.
Context: ...ill receive some coins into the wallet. In order to spend these coins we'll create an unsig...

(IN_ORDER_TO_PREMIUM)

---

[typographical] ~18-~18: It seems that a comma is missing.
Context: ...nto the wallet. In order to spend these coins we'll create an unsigned PSBT using the...

(IN_ORDER_TO_VB_COMMA)

---

[uncategorized] ~25-~25: Possible missing comma found.
Context: ...the offline_wallet 1. On the offline machine create a wallet named offline_wallet ...

(AI_HYDRA_LEO_MISSING_COMMA)

---

[uncategorized] ~53-~53: Possible missing comma found.
Context: ...e watch_only_wallet 1. On the online machine create a blank watch-only wallet which ...

(AI_HYDRA_LEO_MISSING_COMMA)

---

[typographical] ~146-~146: It appears that a comma is missing.
Context: ...on address for the transaction. In this tutorial we'll be sending funds to the address `...

(DURING_THAT_TIME_COMMA)

🪛 Gitleaks (8.21.2)

130-130: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)