From a3a82faa3db588c0337fe12bd846d97dd60ae553 Mon Sep 17 00:00:00 2001
From: Shawn Xie <shawnxie920@gmail.com>
Date: Mon, 9 Mar 2026 14:23:22 -0400
Subject: [PATCH] fix conflicts and update modularization

---
 .../xrpl/protocol/detail/transactions.macro   | 10 ++--
 .../MPT}/ConfidentialMPTClawback.h            |  3 +-
 .../transactors/MPT}/ConfidentialMPTConvert.h |  3 +-
 .../MPT}/ConfidentialMPTConvertBack.h         |  3 +-
 .../MPT}/ConfidentialMPTMergeInbox.h          |  3 +-
 .../tx/transactors/MPT}/ConfidentialMPTSend.h |  3 +-
 .../MPT}/ConfidentialMPTClawback.cpp          |  9 +--
 .../MPT}/ConfidentialMPTConvert.cpp           | 26 ++++----
 .../MPT}/ConfidentialMPTConvertBack.cpp       | 34 +++++++----
 .../MPT}/ConfidentialMPTMergeInbox.cpp        | 14 +++--
 .../transactors/MPT}/ConfidentialMPTSend.cpp  | 59 ++++++++++++-------
 11 files changed, 103 insertions(+), 64 deletions(-)
 rename {src/xrpld/app/tx/detail => include/xrpl/tx/transactors/MPT}/ConfidentialMPTClawback.h (96%)
 rename {src/xrpld/app/tx/detail => include/xrpl/tx/transactors/MPT}/ConfidentialMPTConvert.h (96%)
 rename {src/xrpld/app/tx/detail => include/xrpl/tx/transactors/MPT}/ConfidentialMPTConvertBack.h (96%)
 rename {src/xrpld/app/tx/detail => include/xrpl/tx/transactors/MPT}/ConfidentialMPTMergeInbox.h (97%)
 rename {src/xrpld/app/tx/detail => include/xrpl/tx/transactors/MPT}/ConfidentialMPTSend.h (97%)
 rename src/{xrpld/app/tx/detail => libxrpl/tx/transactors/MPT}/ConfidentialMPTClawback.cpp (94%)
 rename src/{xrpld/app/tx/detail => libxrpl/tx/transactors/MPT}/ConfidentialMPTConvert.cpp (89%)
 rename src/{xrpld/app/tx/detail => libxrpl/tx/transactors/MPT}/ConfidentialMPTConvertBack.cpp (89%)
 rename src/{xrpld/app/tx/detail => libxrpl/tx/transactors/MPT}/ConfidentialMPTMergeInbox.cpp (86%)
 rename src/{xrpld/app/tx/detail => libxrpl/tx/transactors/MPT}/ConfidentialMPTSend.cpp (89%)

diff --git a/include/xrpl/protocol/detail/transactions.macro b/include/xrpl/protocol/detail/transactions.macro
index 2a6b6167dd..61a084782c 100644
--- a/include/xrpl/protocol/detail/transactions.macro
+++ b/include/xrpl/protocol/detail/transactions.macro
@@ -1062,7 +1062,7 @@ TRANSACTION(ttLOAN_PAY, 84, LoanPay,
 
 /** This transaction type converts into confidential MPT balance. */
 #if TRANSACTION_INCLUDE
-#include <xrpld/app/tx/detail/ConfidentialMPTConvert.h>
+#include <xrpl/tx/transactors/MPT/ConfidentialMPTConvert.h>
 #endif
 TRANSACTION(ttCONFIDENTIAL_MPT_CONVERT, 85, ConfidentialMPTConvert,
     Delegation::delegable,
@@ -1081,7 +1081,7 @@ TRANSACTION(ttCONFIDENTIAL_MPT_CONVERT, 85, ConfidentialMPTConvert,
 
 /** This transaction type merges MPT inbox. */
 #if TRANSACTION_INCLUDE
-#include <xrpld/app/tx/detail/ConfidentialMPTMergeInbox.h>
+#include <xrpl/tx/transactors/MPT/ConfidentialMPTMergeInbox.h>
 #endif
 TRANSACTION(ttCONFIDENTIAL_MPT_MERGE_INBOX, 86, ConfidentialMPTMergeInbox,
     Delegation::delegable,
@@ -1093,7 +1093,7 @@ TRANSACTION(ttCONFIDENTIAL_MPT_MERGE_INBOX, 86, ConfidentialMPTMergeInbox,
 
 /** This transaction type converts back into public MPT balance. */
 #if TRANSACTION_INCLUDE
-#include <xrpld/app/tx/detail/ConfidentialMPTConvertBack.h>
+#include <xrpl/tx/transactors/MPT/ConfidentialMPTConvertBack.h>
 #endif
 TRANSACTION(ttCONFIDENTIAL_MPT_CONVERT_BACK, 87, ConfidentialMPTConvertBack,
     Delegation::delegable,
@@ -1111,7 +1111,7 @@ TRANSACTION(ttCONFIDENTIAL_MPT_CONVERT_BACK, 87, ConfidentialMPTConvertBack,
 }))
 
 #if TRANSACTION_INCLUDE
-#include <xrpld/app/tx/detail/ConfidentialMPTSend.h>
+#include <xrpl/tx/transactors/MPT/ConfidentialMPTSend.h>
 #endif
 TRANSACTION(ttCONFIDENTIAL_MPT_SEND, 88, ConfidentialMPTSend,
     Delegation::delegable,
@@ -1131,7 +1131,7 @@ TRANSACTION(ttCONFIDENTIAL_MPT_SEND, 88, ConfidentialMPTSend,
 }))
 
 #if TRANSACTION_INCLUDE
-#include <xrpld/app/tx/detail/ConfidentialMPTClawback.h>
+#include <xrpl/tx/transactors/MPT/ConfidentialMPTClawback.h>
 #endif
 TRANSACTION(ttCONFIDENTIAL_MPT_CLAWBACK, 89, ConfidentialMPTClawback,
     Delegation::delegable,
diff --git a/src/xrpld/app/tx/detail/ConfidentialMPTClawback.h b/include/xrpl/tx/transactors/MPT/ConfidentialMPTClawback.h
similarity index 96%
rename from src/xrpld/app/tx/detail/ConfidentialMPTClawback.h
rename to include/xrpl/tx/transactors/MPT/ConfidentialMPTClawback.h
index 43a1e5c616..40e1577590 100644
--- a/src/xrpld/app/tx/detail/ConfidentialMPTClawback.h
+++ b/include/xrpl/tx/transactors/MPT/ConfidentialMPTClawback.h
@@ -1,6 +1,6 @@
 #pragma once
 
-#include <xrpld/app/tx/detail/Transactor.h>
+#include <xrpl/tx/Transactor.h>
 
 namespace xrpl {
 
@@ -40,3 +40,4 @@ public:
 };
 
 }  // namespace xrpl
+
diff --git a/src/xrpld/app/tx/detail/ConfidentialMPTConvert.h b/include/xrpl/tx/transactors/MPT/ConfidentialMPTConvert.h
similarity index 96%
rename from src/xrpld/app/tx/detail/ConfidentialMPTConvert.h
rename to include/xrpl/tx/transactors/MPT/ConfidentialMPTConvert.h
index f0208b396a..719cedbefc 100644
--- a/src/xrpld/app/tx/detail/ConfidentialMPTConvert.h
+++ b/include/xrpl/tx/transactors/MPT/ConfidentialMPTConvert.h
@@ -1,6 +1,6 @@
 #pragma once
 
-#include <xrpld/app/tx/detail/Transactor.h>
+#include <xrpl/tx/Transactor.h>
 
 namespace xrpl {
 
@@ -42,3 +42,4 @@ public:
 };
 
 }  // namespace xrpl
+
diff --git a/src/xrpld/app/tx/detail/ConfidentialMPTConvertBack.h b/include/xrpl/tx/transactors/MPT/ConfidentialMPTConvertBack.h
similarity index 96%
rename from src/xrpld/app/tx/detail/ConfidentialMPTConvertBack.h
rename to include/xrpl/tx/transactors/MPT/ConfidentialMPTConvertBack.h
index 48154aaa83..5b4aa889e2 100644
--- a/src/xrpld/app/tx/detail/ConfidentialMPTConvertBack.h
+++ b/include/xrpl/tx/transactors/MPT/ConfidentialMPTConvertBack.h
@@ -1,6 +1,6 @@
 #pragma once
 
-#include <xrpld/app/tx/detail/Transactor.h>
+#include <xrpl/tx/Transactor.h>
 
 namespace xrpl {
 
@@ -43,3 +43,4 @@ public:
 };
 
 }  // namespace xrpl
+
diff --git a/src/xrpld/app/tx/detail/ConfidentialMPTMergeInbox.h b/include/xrpl/tx/transactors/MPT/ConfidentialMPTMergeInbox.h
similarity index 97%
rename from src/xrpld/app/tx/detail/ConfidentialMPTMergeInbox.h
rename to include/xrpl/tx/transactors/MPT/ConfidentialMPTMergeInbox.h
index c35e87584f..2e4141ef0a 100644
--- a/src/xrpld/app/tx/detail/ConfidentialMPTMergeInbox.h
+++ b/include/xrpl/tx/transactors/MPT/ConfidentialMPTMergeInbox.h
@@ -1,6 +1,6 @@
 #pragma once
 
-#include <xrpld/app/tx/detail/Transactor.h>
+#include <xrpl/tx/Transactor.h>
 
 namespace xrpl {
 
@@ -44,3 +44,4 @@ public:
 };
 
 }  // namespace xrpl
+
diff --git a/src/xrpld/app/tx/detail/ConfidentialMPTSend.h b/include/xrpl/tx/transactors/MPT/ConfidentialMPTSend.h
similarity index 97%
rename from src/xrpld/app/tx/detail/ConfidentialMPTSend.h
rename to include/xrpl/tx/transactors/MPT/ConfidentialMPTSend.h
index 1eef54d646..f80dcfb827 100644
--- a/src/xrpld/app/tx/detail/ConfidentialMPTSend.h
+++ b/include/xrpl/tx/transactors/MPT/ConfidentialMPTSend.h
@@ -1,6 +1,6 @@
 #pragma once
 
-#include <xrpld/app/tx/detail/Transactor.h>
+#include <xrpl/tx/Transactor.h>
 
 namespace xrpl {
 
@@ -50,3 +50,4 @@ public:
 };
 
 }  // namespace xrpl
+
diff --git a/src/xrpld/app/tx/detail/ConfidentialMPTClawback.cpp b/src/libxrpl/tx/transactors/MPT/ConfidentialMPTClawback.cpp
similarity index 94%
rename from src/xrpld/app/tx/detail/ConfidentialMPTClawback.cpp
rename to src/libxrpl/tx/transactors/MPT/ConfidentialMPTClawback.cpp
index f8dac3913e..53aae73f8b 100644
--- a/src/xrpld/app/tx/detail/ConfidentialMPTClawback.cpp
+++ b/src/libxrpl/tx/transactors/MPT/ConfidentialMPTClawback.cpp
@@ -1,5 +1,3 @@
-#include <xrpld/app/tx/detail/ConfidentialMPTClawback.h>
-
 #include <xrpl/ledger/View.h>
 #include <xrpl/protocol/ConfidentialTransfer.h>
 #include <xrpl/protocol/Feature.h>
@@ -7,6 +5,7 @@
 #include <xrpl/protocol/LedgerFormats.h>
 #include <xrpl/protocol/TER.h>
 #include <xrpl/protocol/TxFlags.h>
+#include <xrpl/tx/transactors/MPT/ConfidentialMPTClawback.h>
 
 namespace xrpl {
 
@@ -83,7 +82,8 @@ ConfidentialMPTClawback::preclaim(PreclaimContext const& ctx)
     if (amount > (*sleIssuance)[~sfConfidentialOutstandingAmount].value_or(0))
         return tecINSUFFICIENT_FUNDS;
 
-    auto const contextHash = getClawbackContextHash(account, mptIssuanceID, ctx.tx.getSeqProxy().value(), holder);
+    auto const contextHash =
+        getClawbackContextHash(account, mptIssuanceID, ctx.tx.getSeqProxy().value(), holder);
 
     // Verify the revealed confidential amount by the issuer matches the exact
     // confidential balance of the holder.
@@ -136,7 +136,8 @@ ConfidentialMPTClawback::doApply()
 
         Slice const auditorPubKey = (*sleIssuance)[sfAuditorElGamalPublicKey];
 
-        auto const encZeroForAuditor = encryptCanonicalZeroAmount(auditorPubKey, holder, mptIssuanceID);
+        auto const encZeroForAuditor =
+            encryptCanonicalZeroAmount(auditorPubKey, holder, mptIssuanceID);
 
         if (!encZeroForAuditor)
             return tecINTERNAL;  // LCOV_EXCL_LINE
diff --git a/src/xrpld/app/tx/detail/ConfidentialMPTConvert.cpp b/src/libxrpl/tx/transactors/MPT/ConfidentialMPTConvert.cpp
similarity index 89%
rename from src/xrpld/app/tx/detail/ConfidentialMPTConvert.cpp
rename to src/libxrpl/tx/transactors/MPT/ConfidentialMPTConvert.cpp
index f9e5a3dbe5..0da62acdfb 100644
--- a/src/xrpld/app/tx/detail/ConfidentialMPTConvert.cpp
+++ b/src/libxrpl/tx/transactors/MPT/ConfidentialMPTConvert.cpp
@@ -1,5 +1,3 @@
-#include <xrpld/app/tx/detail/ConfidentialMPTConvert.h>
-
 #include <xrpl/ledger/View.h>
 #include <xrpl/protocol/ConfidentialTransfer.h>
 #include <xrpl/protocol/Feature.h>
@@ -7,6 +5,7 @@
 #include <xrpl/protocol/LedgerFormats.h>
 #include <xrpl/protocol/TER.h>
 #include <xrpl/protocol/TxFlags.h>
+#include <xrpl/tx/transactors/MPT/ConfidentialMPTConvert.h>
 
 namespace xrpl {
 
@@ -92,7 +91,8 @@ ConfidentialMPTConvert::preclaim(PreclaimContext const& ctx)
         return tecOBJECT_NOT_FOUND;
 
     auto const mptIssue = MPTIssue{issuanceID};
-    STAmount const mptAmount = STAmount(MPTAmount{static_cast<MPTAmount::value_type>(amount)}, mptIssue);
+    STAmount const mptAmount =
+        STAmount(MPTAmount{static_cast<MPTAmount::value_type>(amount)}, mptIssue);
     if (accountHolds(
             ctx.view,
             account,
@@ -120,7 +120,8 @@ ConfidentialMPTConvert::preclaim(PreclaimContext const& ctx)
     {
         holderPubKey = ctx.tx[sfHolderElGamalPublicKey];
 
-        auto const contextHash = getConvertContextHash(account, issuanceID, ctx.tx.getSeqProxy().value());
+        auto const contextHash =
+            getConvertContextHash(account, issuanceID, ctx.tx.getSeqProxy().value());
 
         // when register new pk, verify through schnorr proof
         if (!isTesSuccess(verifySchnorrProof(holderPubKey, ctx.tx[sfZKProof], contextHash)))
@@ -136,8 +137,8 @@ ConfidentialMPTConvert::preclaim(PreclaimContext const& ctx)
     std::optional<ConfidentialRecipient> auditor;
     if (hasAuditor)
     {
-        auditor.emplace(
-            ConfidentialRecipient{(*sleIssuance)[sfAuditorElGamalPublicKey], ctx.tx[sfAuditorEncryptedAmount]});
+        auditor.emplace(ConfidentialRecipient{
+            (*sleIssuance)[sfAuditorElGamalPublicKey], ctx.tx[sfAuditorEncryptedAmount]});
     }
 
     return verifyRevealedAmount(
@@ -188,7 +189,8 @@ ConfidentialMPTConvert::doApply()
         // Case 1: Add to existing inbox balance (holder will merge later)
         {
             Buffer sum(ecGamalEncryptedTotalLength);
-            if (TER const ter = homomorphicAdd(holderEc, (*sleMptoken)[sfConfidentialBalanceInbox], sum);
+            if (TER const ter =
+                    homomorphicAdd(holderEc, (*sleMptoken)[sfConfidentialBalanceInbox], sum);
                 !isTesSuccess(ter))
                 return tecINTERNAL;  // LCOV_EXCL_LINE
 
@@ -198,7 +200,8 @@ ConfidentialMPTConvert::doApply()
         // homomorphically add issuer's encrypted balance
         {
             Buffer sum(ecGamalEncryptedTotalLength);
-            if (TER const ter = homomorphicAdd(issuerEc, (*sleMptoken)[sfIssuerEncryptedBalance], sum);
+            if (TER const ter =
+                    homomorphicAdd(issuerEc, (*sleMptoken)[sfIssuerEncryptedBalance], sum);
                 !isTesSuccess(ter))
                 return tecINTERNAL;  // LCOV_EXCL_LINE
 
@@ -209,7 +212,8 @@ ConfidentialMPTConvert::doApply()
         if (auditorEc)
         {
             Buffer sum(ecGamalEncryptedTotalLength);
-            if (TER const ter = homomorphicAdd(*auditorEc, (*sleMptoken)[sfAuditorEncryptedBalance], sum);
+            if (TER const ter =
+                    homomorphicAdd(*auditorEc, (*sleMptoken)[sfAuditorEncryptedBalance], sum);
                 !isTesSuccess(ter))
                 return tecINTERNAL;  // LCOV_EXCL_LINE
 
@@ -231,8 +235,8 @@ ConfidentialMPTConvert::doApply()
 
         // Spending balance starts at zero. Must use canonical zero encryption
         // (deterministic ciphertext) so the ledger state is reproducible.
-        auto const zeroBalance =
-            encryptCanonicalZeroAmount((*sleMptoken)[sfHolderElGamalPublicKey], account_, mptIssuanceID);
+        auto const zeroBalance = encryptCanonicalZeroAmount(
+            (*sleMptoken)[sfHolderElGamalPublicKey], account_, mptIssuanceID);
 
         if (!zeroBalance)
             return tecINTERNAL;  // LCOV_EXCL_LINE
diff --git a/src/xrpld/app/tx/detail/ConfidentialMPTConvertBack.cpp b/src/libxrpl/tx/transactors/MPT/ConfidentialMPTConvertBack.cpp
similarity index 89%
rename from src/xrpld/app/tx/detail/ConfidentialMPTConvertBack.cpp
rename to src/libxrpl/tx/transactors/MPT/ConfidentialMPTConvertBack.cpp
index 27cdf36c15..7756da7c3d 100644
--- a/src/xrpld/app/tx/detail/ConfidentialMPTConvertBack.cpp
+++ b/src/libxrpl/tx/transactors/MPT/ConfidentialMPTConvertBack.cpp
@@ -1,5 +1,3 @@
-#include <xrpld/app/tx/detail/ConfidentialMPTConvertBack.h>
-
 #include <xrpl/ledger/View.h>
 #include <xrpl/protocol/ConfidentialTransfer.h>
 #include <xrpl/protocol/Feature.h>
@@ -7,6 +5,7 @@
 #include <xrpl/protocol/LedgerFormats.h>
 #include <xrpl/protocol/TER.h>
 #include <xrpl/protocol/TxFlags.h>
+#include <xrpl/tx/transactors/MPT/ConfidentialMPTConvertBack.h>
 
 #include <cstddef>
 
@@ -57,7 +56,10 @@ ConfidentialMPTConvertBack::preflight(PreflightContext const& ctx)
  * All proofs are verified before returning any error to prevent timing attacks.
  */
 static TER
-verifyProofs(STTx const& tx, std::shared_ptr<SLE const> const& issuance, std::shared_ptr<SLE const> const& mptoken)
+verifyProofs(
+    STTx const& tx,
+    std::shared_ptr<SLE const> const& issuance,
+    std::shared_ptr<SLE const> const& mptoken)
 {
     if (!mptoken->isFieldPresent(sfHolderElGamalPublicKey))
         return tecINTERNAL;  // LCOV_EXCL_LINE
@@ -69,14 +71,18 @@ verifyProofs(STTx const& tx, std::shared_ptr<SLE const> const& issuance, std::sh
     auto const holderPubKey = (*mptoken)[sfHolderElGamalPublicKey];
 
     auto const contextHash = getConvertBackContextHash(
-        account, mptIssuanceID, tx.getSeqProxy().value(), (*mptoken)[~sfConfidentialBalanceVersion].value_or(0));
+        account,
+        mptIssuanceID,
+        tx.getSeqProxy().value(),
+        (*mptoken)[~sfConfidentialBalanceVersion].value_or(0));
 
     // Prepare Auditor Info
     std::optional<ConfidentialRecipient> auditor;
     bool const hasAuditor = issuance->isFieldPresent(sfAuditorElGamalPublicKey);
     if (hasAuditor)
     {
-        auditor.emplace(ConfidentialRecipient{(*issuance)[sfAuditorElGamalPublicKey], tx[sfAuditorEncryptedAmount]});
+        auditor.emplace(ConfidentialRecipient{
+            (*issuance)[sfAuditorElGamalPublicKey], tx[sfAuditorEncryptedAmount]});
     }
 
     // Run all verifications before returning any error to prevent timing attacks
@@ -135,7 +141,8 @@ verifyProofs(STTx const& tx, std::shared_ptr<SLE const> const& issuance, std::sh
     {
         // Compute PC_rem = PC_balance - mG (the commitment to the remaining balance)
         Buffer pcRem;
-        if (auto const ter = computeConvertBackRemainder(tx[sfBalanceCommitment], amount, pcRem); !isTesSuccess(ter))
+        if (auto const ter = computeConvertBackRemainder(tx[sfBalanceCommitment], amount, pcRem);
+            !isTesSuccess(ter))
         {
             valid = false;
         }
@@ -143,7 +150,8 @@ verifyProofs(STTx const& tx, std::shared_ptr<SLE const> const& issuance, std::sh
         // The bulletproof verifies that the remaining balance is non-negative
         std::vector<Slice> commitments{Slice(pcRem.data(), pcRem.size())};
 
-        if (auto const ter = verifyAggregatedBulletproof(bulletproof, commitments, contextHash); !isTesSuccess(ter))
+        if (auto const ter = verifyAggregatedBulletproof(bulletproof, commitments, contextHash);
+            !isTesSuccess(ter))
         {
             valid = false;
         }
@@ -249,7 +257,9 @@ ConfidentialMPTConvertBack::doApply()
     {
         Buffer res(ecGamalEncryptedTotalLength);
         if (TER const ter = homomorphicSubtract(
-                (*sleMptoken)[sfConfidentialBalanceSpending], ctx_.tx[sfHolderEncryptedAmount], res);
+                (*sleMptoken)[sfConfidentialBalanceSpending],
+                ctx_.tx[sfHolderEncryptedAmount],
+                res);
             !isTesSuccess(ter))
             return tecINTERNAL;  // LCOV_EXCL_LINE
 
@@ -259,8 +269,8 @@ ConfidentialMPTConvertBack::doApply()
     // homomorphically subtract issuer's encrypted balance
     {
         Buffer res(ecGamalEncryptedTotalLength);
-        if (TER const ter =
-                homomorphicSubtract((*sleMptoken)[sfIssuerEncryptedBalance], ctx_.tx[sfIssuerEncryptedAmount], res);
+        if (TER const ter = homomorphicSubtract(
+                (*sleMptoken)[sfIssuerEncryptedBalance], ctx_.tx[sfIssuerEncryptedAmount], res);
             !isTesSuccess(ter))
             return tecINTERNAL;  // LCOV_EXCL_LINE
 
@@ -270,8 +280,8 @@ ConfidentialMPTConvertBack::doApply()
     if (auditorEc)
     {
         Buffer res(ecGamalEncryptedTotalLength);
-        if (TER const ter =
-                homomorphicSubtract((*sleMptoken)[sfAuditorEncryptedBalance], ctx_.tx[sfAuditorEncryptedAmount], res);
+        if (TER const ter = homomorphicSubtract(
+                (*sleMptoken)[sfAuditorEncryptedBalance], ctx_.tx[sfAuditorEncryptedAmount], res);
             !isTesSuccess(ter))
             return tecINTERNAL;  // LCOV_EXCL_LINE
 
diff --git a/src/xrpld/app/tx/detail/ConfidentialMPTMergeInbox.cpp b/src/libxrpl/tx/transactors/MPT/ConfidentialMPTMergeInbox.cpp
similarity index 86%
rename from src/xrpld/app/tx/detail/ConfidentialMPTMergeInbox.cpp
rename to src/libxrpl/tx/transactors/MPT/ConfidentialMPTMergeInbox.cpp
index b55bf660b9..c42ceff827 100644
--- a/src/xrpld/app/tx/detail/ConfidentialMPTMergeInbox.cpp
+++ b/src/libxrpl/tx/transactors/MPT/ConfidentialMPTMergeInbox.cpp
@@ -1,11 +1,10 @@
-#include <xrpld/app/tx/detail/ConfidentialMPTMergeInbox.h>
-
 #include <xrpl/protocol/ConfidentialTransfer.h>
 #include <xrpl/protocol/Feature.h>
 #include <xrpl/protocol/Indexes.h>
 #include <xrpl/protocol/LedgerFormats.h>
 #include <xrpl/protocol/TER.h>
 #include <xrpl/protocol/TxFlags.h>
+#include <xrpl/tx/transactors/MPT/ConfidentialMPTMergeInbox.h>
 
 namespace xrpl {
 
@@ -37,7 +36,8 @@ ConfidentialMPTMergeInbox::preclaim(PreclaimContext const& ctx)
     if (sleIssuance->getAccountID(sfIssuer) == ctx.tx[sfAccount])
         return tefINTERNAL;  // LCOV_EXCL_LINE
 
-    auto const sleMptoken = ctx.view.read(keylet::mptoken(ctx.tx[sfMPTokenIssuanceID], ctx.tx[sfAccount]));
+    auto const sleMptoken =
+        ctx.view.read(keylet::mptoken(ctx.tx[sfMPTokenIssuanceID], ctx.tx[sfAccount]));
     if (!sleMptoken)
         return tecOBJECT_NOT_FOUND;
 
@@ -70,7 +70,9 @@ ConfidentialMPTMergeInbox::doApply()
     // transfers sit in inbox and cannot be spent or converted back.
     Buffer sum(ecGamalEncryptedTotalLength);
     if (TER const ter = homomorphicAdd(
-            (*sleMptoken)[sfConfidentialBalanceSpending], (*sleMptoken)[sfConfidentialBalanceInbox], sum);
+            (*sleMptoken)[sfConfidentialBalanceSpending],
+            (*sleMptoken)[sfConfidentialBalanceInbox],
+            sum);
         !isTesSuccess(ter))
         return tecINTERNAL;  // LCOV_EXCL_LINE
 
@@ -78,8 +80,8 @@ ConfidentialMPTMergeInbox::doApply()
 
     // Reset inbox to encrypted zero. Must use canonical zero encryption
     // (deterministic ciphertext) so the ledger state is reproducible.
-    auto const zeroEncryption =
-        encryptCanonicalZeroAmount((*sleMptoken)[sfHolderElGamalPublicKey], account_, mptIssuanceID);
+    auto const zeroEncryption = encryptCanonicalZeroAmount(
+        (*sleMptoken)[sfHolderElGamalPublicKey], account_, mptIssuanceID);
 
     if (!zeroEncryption)
         return tecINTERNAL;  // LCOV_EXCL_LINE
diff --git a/src/xrpld/app/tx/detail/ConfidentialMPTSend.cpp b/src/libxrpl/tx/transactors/MPT/ConfidentialMPTSend.cpp
similarity index 89%
rename from src/xrpld/app/tx/detail/ConfidentialMPTSend.cpp
rename to src/libxrpl/tx/transactors/MPT/ConfidentialMPTSend.cpp
index ba817b0575..96df540d9f 100644
--- a/src/xrpld/app/tx/detail/ConfidentialMPTSend.cpp
+++ b/src/libxrpl/tx/transactors/MPT/ConfidentialMPTSend.cpp
@@ -1,5 +1,3 @@
-#include <xrpld/app/tx/detail/ConfidentialMPTSend.h>
-
 #include <xrpl/ledger/CredentialHelpers.h>
 #include <xrpl/ledger/View.h>
 #include <xrpl/protocol/ConfidentialTransfer.h>
@@ -8,6 +6,7 @@
 #include <xrpl/protocol/LedgerFormats.h>
 #include <xrpl/protocol/TER.h>
 #include <xrpl/protocol/TxFlags.h>
+#include <xrpl/tx/transactors/MPT/ConfidentialMPTSend.h>
 
 namespace xrpl {
 
@@ -44,17 +43,20 @@ ConfidentialMPTSend::preflight(PreflightContext const& ctx)
     auto const sizeEquality = secp256k1_mpt_proof_equality_shared_r_size(recipientCount);
     auto const sizePedersenLinkage = 2 * ecPedersenProofLength;
 
-    if (ctx.tx[sfZKProof].length() != sizeEquality + sizePedersenLinkage + ecDoubleBulletproofLength)
+    if (ctx.tx[sfZKProof].length() !=
+        sizeEquality + sizePedersenLinkage + ecDoubleBulletproofLength)
         return temMALFORMED;
 
     // Check the Pedersen commitments are valid
-    if (!isValidCompressedECPoint(ctx.tx[sfBalanceCommitment]) || !isValidCompressedECPoint(ctx.tx[sfAmountCommitment]))
+    if (!isValidCompressedECPoint(ctx.tx[sfBalanceCommitment]) ||
+        !isValidCompressedECPoint(ctx.tx[sfAmountCommitment]))
         return temMALFORMED;
 
     // Check the encrypted amount formats, this is more expensive so put it at
     // the end
     if (!isValidCiphertext(ctx.tx[sfSenderEncryptedAmount]) ||
-        !isValidCiphertext(ctx.tx[sfDestinationEncryptedAmount]) || !isValidCiphertext(ctx.tx[sfIssuerEncryptedAmount]))
+        !isValidCiphertext(ctx.tx[sfDestinationEncryptedAmount]) ||
+        !isValidCiphertext(ctx.tx[sfIssuerEncryptedAmount]))
         return temBAD_CIPHERTEXT;
 
     if (hasAuditor && !isValidCiphertext(ctx.tx[sfAuditorEncryptedAmount]))
@@ -123,13 +125,17 @@ verifySendProofs(
     std::vector<ConfidentialRecipient> recipients;
     recipients.reserve(recipientCount);
 
-    recipients.push_back({(*sleSenderMPToken)[sfHolderElGamalPublicKey], ctx.tx[sfSenderEncryptedAmount]});
-    recipients.push_back({(*sleDestinationMPToken)[sfHolderElGamalPublicKey], ctx.tx[sfDestinationEncryptedAmount]});
-    recipients.push_back({(*sleIssuance)[sfIssuerElGamalPublicKey], ctx.tx[sfIssuerEncryptedAmount]});
+    recipients.push_back(
+        {(*sleSenderMPToken)[sfHolderElGamalPublicKey], ctx.tx[sfSenderEncryptedAmount]});
+    recipients.push_back(
+        {(*sleDestinationMPToken)[sfHolderElGamalPublicKey], ctx.tx[sfDestinationEncryptedAmount]});
+    recipients.push_back(
+        {(*sleIssuance)[sfIssuerElGamalPublicKey], ctx.tx[sfIssuerEncryptedAmount]});
 
     if (hasAuditor)
     {
-        recipients.push_back({(*sleIssuance)[sfAuditorElGamalPublicKey], ctx.tx[sfAuditorEncryptedAmount]});
+        recipients.push_back(
+            {(*sleIssuance)[sfAuditorElGamalPublicKey], ctx.tx[sfAuditorEncryptedAmount]});
     }
 
     // Prepare the context hash
@@ -140,12 +146,13 @@ verifySendProofs(
         ctx.tx[sfDestination],
         (*sleSenderMPToken)[~sfConfidentialBalanceVersion].value_or(0));
 
-    // Use a boolean flag to track validity instead of returning early on failure to prevent leaking information about
-    // which proof failed through timing differences
+    // Use a boolean flag to track validity instead of returning early on failure to prevent leaking
+    // information about which proof failed through timing differences
     bool valid = true;
 
     // Verify the multi-ciphertext equality proof
-    if (auto const ter = verifyMultiCiphertextEqualityProof(equalityProof, recipients, recipientCount, contextHash);
+    if (auto const ter = verifyMultiCiphertextEqualityProof(
+            equalityProof, recipients, recipientCount, contextHash);
         !isTesSuccess(ter))
     {
         valid = false;
@@ -180,7 +187,8 @@ verifySendProofs(
         Buffer pcRem;
 
         // Derive PC_rem = PC_balance - PC_amount
-        if (auto const ter = computeSendRemainder(ctx.tx[sfBalanceCommitment], ctx.tx[sfAmountCommitment], pcRem);
+        if (auto const ter = computeSendRemainder(
+                ctx.tx[sfBalanceCommitment], ctx.tx[sfAmountCommitment], pcRem);
             !isTesSuccess(ter))
         {
             valid = false;
@@ -193,7 +201,8 @@ verifySendProofs(
             commitments.push_back(ctx.tx[sfAmountCommitment]);
             commitments.push_back(Slice{pcRem.data(), pcRem.size()});
 
-            if (auto const ter = verifyAggregatedBulletproof(rangeProof, commitments, contextHash); !isTesSuccess(ter))
+            if (auto const ter = verifyAggregatedBulletproof(rangeProof, commitments, contextHash);
+                !isTesSuccess(ter))
             {
                 valid = false;
             }
@@ -294,7 +303,8 @@ ConfidentialMPTSend::preclaim(PreclaimContext const& ctx)
     if (auto const ter = requireAuth(ctx.view, mptIssue, destination); !isTesSuccess(ter))
         return ter;
 
-    if (auto const err = credentials::valid(ctx.tx, ctx.view, ctx.tx[sfAccount], ctx.j); !isTesSuccess(err))
+    if (auto const err = credentials::valid(ctx.tx, ctx.view, ctx.tx[sfAccount], ctx.j);
+        !isTesSuccess(err))
         return err;
 
     return verifySendProofs(ctx, sleSenderMPToken, sleDestinationMPToken, sleIssuance);
@@ -314,7 +324,8 @@ ConfidentialMPTSend::doApply()
     if (!sleSenderMPToken || !sleDestinationMPToken || !sleDestAcct)
         return tecINTERNAL;  // LCOV_EXCL_LINE
 
-    if (auto err = verifyDepositPreauth(ctx_.tx, ctx_.view(), account_, destination, sleDestAcct, ctx_.journal);
+    if (auto err = verifyDepositPreauth(
+            ctx_.tx, ctx_.view(), account_, destination, sleDestAcct, ctx_.journal);
         !isTesSuccess(err))
         return err;
 
@@ -329,7 +340,8 @@ ConfidentialMPTSend::doApply()
         Slice const curSpending = (*sleSenderMPToken)[sfConfidentialBalanceSpending];
         Buffer newSpending(ecGamalEncryptedTotalLength);
 
-        if (TER const ter = homomorphicSubtract(curSpending, senderEc, newSpending); !isTesSuccess(ter))
+        if (TER const ter = homomorphicSubtract(curSpending, senderEc, newSpending);
+            !isTesSuccess(ter))
             return tecINTERNAL;  // LCOV_EXCL_LINE
 
         (*sleSenderMPToken)[sfConfidentialBalanceSpending] = newSpending;
@@ -340,7 +352,8 @@ ConfidentialMPTSend::doApply()
         Slice const curIssuerEnc = (*sleSenderMPToken)[sfIssuerEncryptedBalance];
         Buffer newIssuerEnc(ecGamalEncryptedTotalLength);
 
-        if (TER const ter = homomorphicSubtract(curIssuerEnc, issuerEc, newIssuerEnc); !isTesSuccess(ter))
+        if (TER const ter = homomorphicSubtract(curIssuerEnc, issuerEc, newIssuerEnc);
+            !isTesSuccess(ter))
             return tecINTERNAL;  // LCOV_EXCL_LINE
 
         (*sleSenderMPToken)[sfIssuerEncryptedBalance] = newIssuerEnc;
@@ -352,7 +365,8 @@ ConfidentialMPTSend::doApply()
         Slice const curAuditorEnc = (*sleSenderMPToken)[sfAuditorEncryptedBalance];
         Buffer newAuditorEnc(ecGamalEncryptedTotalLength);
 
-        if (TER const ter = homomorphicSubtract(curAuditorEnc, *auditorEc, newAuditorEnc); !isTesSuccess(ter))
+        if (TER const ter = homomorphicSubtract(curAuditorEnc, *auditorEc, newAuditorEnc);
+            !isTesSuccess(ter))
             return tecINTERNAL;  // LCOV_EXCL_LINE
 
         (*sleSenderMPToken)[sfAuditorEncryptedBalance] = newAuditorEnc;
@@ -374,7 +388,8 @@ ConfidentialMPTSend::doApply()
         Slice const curIssuerEnc = (*sleDestinationMPToken)[sfIssuerEncryptedBalance];
         Buffer newIssuerEnc(ecGamalEncryptedTotalLength);
 
-        if (TER const ter = homomorphicAdd(curIssuerEnc, issuerEc, newIssuerEnc); !isTesSuccess(ter))
+        if (TER const ter = homomorphicAdd(curIssuerEnc, issuerEc, newIssuerEnc);
+            !isTesSuccess(ter))
             return tecINTERNAL;  // LCOV_EXCL_LINE
 
         (*sleDestinationMPToken)[sfIssuerEncryptedBalance] = newIssuerEnc;
@@ -386,7 +401,8 @@ ConfidentialMPTSend::doApply()
         Slice const curAuditorEnc = (*sleDestinationMPToken)[sfAuditorEncryptedBalance];
         Buffer newAuditorEnc(ecGamalEncryptedTotalLength);
 
-        if (TER const ter = homomorphicAdd(curAuditorEnc, *auditorEc, newAuditorEnc); !isTesSuccess(ter))
+        if (TER const ter = homomorphicAdd(curAuditorEnc, *auditorEc, newAuditorEnc);
+            !isTesSuccess(ter))
             return tecINTERNAL;  // LCOV_EXCL_LINE
 
         (*sleDestinationMPToken)[sfAuditorEncryptedBalance] = newAuditorEnc;
@@ -399,4 +415,5 @@ ConfidentialMPTSend::doApply()
     view().update(sleDestinationMPToken);
     return tesSUCCESS;
 }
+
 }  // namespace xrpl