Stub mpt_verify_send_proof for throughput ceiling measurement

Skip bulletproof range proof verification in ConfidentialMPTSend to measure the upper bound on Send throughput when verification is free. NOT FOR PRODUCTION USE. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Refactor confidential Test into 2 files (#7351 )
2026-06-06 10:16:45 +00:00 · 2026-06-05 16:21:07 -04:00 · 2026-05-29 14:14:41 -04:00 · 2026-05-26 13:44:36 -04:00 · 2026-05-15 14:08:58 -04:00 · 2026-05-15 10:26:43 -04:00
584 changed files with 24018 additions and 5942 deletions
--- a/.clang-tidy
+++ b/.clang-tidy
@@ -156,13 +156,7 @@ Checks: "-*,
 # readability-inconsistent-declaration-parameter-name, # in this codebase this check will break a lot of arg names
 # readability-static-accessed-through-instance,        # this check is probably unnecessary. it makes the code less readable
 # ---
-
 CheckOptions:
-  bugprone-unsafe-functions.ReportMoreUnsafeFunctions: true
-  bugprone-unused-return-value.CheckedReturnTypes: ::std::error_code;::std::error_condition;::std::errc
-
-  misc-include-cleaner.IgnoreHeaders: ".*/(detail|impl)/.*;.*fwd\\.h(pp)?;time.h;stdlib.h;sqlite3.h;netinet/in\\.h;sys/resource\\.h;sys/sysinfo\\.h;linux/sysinfo\\.h;__chrono/.*;bits/.*;_abort\\.h;boost/uuid/uuid_hash.hpp;boost/beast/core/flat_buffer\\.hpp;boost/beast/http/field\\.hpp;boost/beast/http/dynamic_body\\.hpp;boost/beast/http/message\\.hpp;boost/beast/http/read\\.hpp;boost/beast/http/write\\.hpp;openssl/obj_mac\\.h"
-
  readability-braces-around-statements.ShortStatementLines: 2
  readability-identifier-naming.MacroDefinitionCase: UPPER_CASE
  readability-identifier-naming.ClassCase: CamelCase
@@ -197,7 +191,9 @@ CheckOptions:
  readability-identifier-naming.ProtectedMemberSuffix: _
  readability-identifier-naming.PublicMemberSuffix: ""
  readability-identifier-naming.GlobalFunctionIgnoredRegexp: "^(to_string|hash_append|tuple_hash)$"
-
+  bugprone-unsafe-functions.ReportMoreUnsafeFunctions: true
+  bugprone-unused-return-value.CheckedReturnTypes: ::std::error_code;::std::error_condition;::std::errc
+  misc-include-cleaner.IgnoreHeaders: ".*/(detail|impl)/.*;.*fwd\\.h(pp)?;time.h;stdlib.h;sqlite3.h;netinet/in\\.h;sys/resource\\.h;sys/sysinfo\\.h;linux/sysinfo\\.h;__chrono/.*;bits/.*;_abort\\.h;boost/uuid/uuid_hash.hpp;boost/beast/core/flat_buffer\\.hpp;boost/beast/http/field\\.hpp;boost/beast/http/dynamic_body\\.hpp;boost/beast/http/message\\.hpp;boost/beast/http/read\\.hpp;boost/beast/http/write\\.hpp;openssl/obj_mac\\.h"
 HeaderFilterRegex: '^.*/(test|xrpl|xrpld)/.*\.(h|hpp|ipp)$'
 ExcludeHeaderFilterRegex: '^.*/protocol_autogen/.*\.(h|hpp)$'
 WarningsAsErrors: "*"
--- a/.github/scripts/strategy-matrix/generate.py
+++ b/.github/scripts/strategy-matrix/generate.py
@@ -72,7 +72,7 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
                        skip = False
                    if (
                        f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-15"
-                        and build_type == "Release"
+                        and build_type == "Debug"
                        and architecture["platform"] == "linux/amd64"
                    ):
                        skip = False
@@ -90,9 +90,8 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
                    ):
                        cmake_args = f"-DUNIT_TEST_REFERENCE_FEE=1000 {cmake_args}"
                        skip = False
-                elif os["distro_version"] == "trixie":
                    if (
-                        f"{os['compiler_name']}-{os['compiler_version']}" == "clang-22"
+                        f"{os['compiler_name']}-{os['compiler_version']}" == "clang-20"
                        and build_type == "Debug"
                        and architecture["platform"] == "linux/amd64"
                    ):
@@ -189,9 +188,8 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:

        # We skip all clang 20+ on arm64 due to Boost build error.
        if (
-            os["compiler_name"] == "clang"
-            and os["compiler_version"].isdigit()
-            and int(os["compiler_version"]) >= 20
+            f"{os['compiler_name']}-{os['compiler_version']}"
+            in ["clang-20", "clang-21"]
            and architecture["platform"] == "linux/arm64"
        ):
            continue
@@ -240,14 +238,13 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
        # Add Address and UB sanitizers as separate configurations for specific
        # bookworm distros. Thread sanitizer is currently disabled (see below).
        # GCC-Asan xrpld-embedded tests are failing because of https://github.com/google/sanitizers/issues/856
-        if (
-            os["distro_version"] == "bookworm"
-            and f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-15"
-        ) or (
-            os["distro_version"] == "trixie"
-            and f"{os['compiler_name']}-{os['compiler_version']}" == "clang-22"
-        ):
-            # Add ASAN and UBSAN configurations for both gcc-15 and clang-22
+        if os[
+            "distro_version"
+        ] == "bookworm" and f"{os['compiler_name']}-{os['compiler_version']}" in [
+            "gcc-15",
+            "clang-20",
+        ]:
+            # Add ASAN configuration.
            configurations.append(
                {
                    "config_name": config_name + "-asan",
@@ -260,6 +257,7 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
                    "sanitizers": "address",
                }
            )
+            # Add UBSAN configuration.
            configurations.append(
                {
                    "config_name": config_name + "-ubsan",
--- a/.github/scripts/strategy-matrix/linux.json
+++ b/.github/scripts/strategy-matrix/linux.json
@@ -15,203 +15,196 @@
      "distro_version": "bookworm",
      "compiler_name": "gcc",
      "compiler_version": "12",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "debian",
      "distro_version": "bookworm",
      "compiler_name": "gcc",
      "compiler_version": "13",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "debian",
      "distro_version": "bookworm",
      "compiler_name": "gcc",
      "compiler_version": "14",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "debian",
      "distro_version": "bookworm",
      "compiler_name": "gcc",
      "compiler_version": "15",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "debian",
      "distro_version": "bookworm",
      "compiler_name": "clang",
      "compiler_version": "16",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "debian",
      "distro_version": "bookworm",
      "compiler_name": "clang",
      "compiler_version": "17",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "debian",
      "distro_version": "bookworm",
      "compiler_name": "clang",
      "compiler_version": "18",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "debian",
      "distro_version": "bookworm",
      "compiler_name": "clang",
      "compiler_version": "19",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "debian",
      "distro_version": "bookworm",
      "compiler_name": "clang",
      "compiler_version": "20",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "debian",
      "distro_version": "trixie",
      "compiler_name": "gcc",
      "compiler_version": "14",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "debian",
      "distro_version": "trixie",
      "compiler_name": "gcc",
      "compiler_version": "15",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "debian",
      "distro_version": "trixie",
      "compiler_name": "clang",
      "compiler_version": "20",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "debian",
      "distro_version": "trixie",
      "compiler_name": "clang",
      "compiler_version": "21",
-      "image_sha": "4c086b9"
-    },
-    {
-      "distro_name": "debian",
-      "distro_version": "trixie",
-      "compiler_name": "clang",
-      "compiler_version": "22",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "rhel",
      "distro_version": "8",
      "compiler_name": "gcc",
      "compiler_version": "14",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "rhel",
      "distro_version": "8",
      "compiler_name": "clang",
      "compiler_version": "any",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "rhel",
      "distro_version": "9",
      "compiler_name": "gcc",
      "compiler_version": "12",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "rhel",
      "distro_version": "9",
      "compiler_name": "gcc",
      "compiler_version": "13",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "rhel",
      "distro_version": "9",
      "compiler_name": "gcc",
      "compiler_version": "14",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "rhel",
      "distro_version": "9",
      "compiler_name": "clang",
      "compiler_version": "any",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "rhel",
      "distro_version": "10",
      "compiler_name": "gcc",
      "compiler_version": "14",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "rhel",
      "distro_version": "10",
      "compiler_name": "clang",
      "compiler_version": "any",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "ubuntu",
      "distro_version": "jammy",
      "compiler_name": "gcc",
      "compiler_version": "12",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "ubuntu",
      "distro_version": "noble",
      "compiler_name": "gcc",
      "compiler_version": "13",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "ubuntu",
      "distro_version": "noble",
      "compiler_name": "gcc",
      "compiler_version": "14",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "ubuntu",
      "distro_version": "noble",
      "compiler_name": "clang",
      "compiler_version": "16",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "ubuntu",
      "distro_version": "noble",
      "compiler_name": "clang",
      "compiler_version": "17",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "ubuntu",
      "distro_version": "noble",
      "compiler_name": "clang",
      "compiler_version": "18",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    },
    {
      "distro_name": "ubuntu",
      "distro_version": "noble",
      "compiler_name": "clang",
      "compiler_version": "19",
-      "image_sha": "4c086b9"
+      "image_sha": "ab4d1f0"
    }
  ],
  "build_type": ["Debug", "Release"],
--- a/.github/workflows/build-nix-image.yml
+++ b/.github/workflows/build-nix-image.yml
@@ -1,101 +0,0 @@
-name: Build Nix Docker image
-
-on:
-  push:
-    branches:
-      - develop
-    paths:
-      - ".github/workflows/build-nix-image.yml"
-      - "docker/nix.Dockerfile"
-      - "flake.nix"
-      - "flake.lock"
-      - "nix/**"
-  pull_request:
-    paths:
-      - ".github/workflows/build-nix-image.yml"
-      - "docker/nix.Dockerfile"
-      - "flake.nix"
-      - "flake.lock"
-      - "nix/**"
-  workflow_dispatch:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-defaults:
-  run:
-    shell: bash
-
-env:
-  UBUNTU_VERSION: "20.04"
-  RHEL_VERSION: "9"
-  DEBIAN_VERSION: "bookworm"
-
-jobs:
-  build:
-    name: Build and push Nix image (${{ matrix.distro }})
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-    strategy:
-      matrix:
-        include:
-          - distro: nixos
-          - distro: ubuntu
-          - distro: rhel
-          - distro: debian
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-      - name: Determine base image
-        id: vars
-        run: |
-          case "${{ matrix.distro }}" in
-            nixos)
-              echo "base_image=nixos/nix:latest" >> $GITHUB_OUTPUT
-              ;;
-            ubuntu)
-              echo "base_image=ubuntu:${UBUNTU_VERSION}" >> $GITHUB_OUTPUT
-              ;;
-            rhel)
-              echo "base_image=registry.access.redhat.com/ubi${RHEL_VERSION}/ubi:latest" >> $GITHUB_OUTPUT
-              ;;
-            debian)
-              echo "base_image=debian:${DEBIAN_VERSION}" >> $GITHUB_OUTPUT
-              ;;
-          esac
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
-
-      - name: Login to GitHub Container Registry
-        if: github.event_name == 'push'
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Docker metadata
-        id: meta
-        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
-        with:
-          images: ghcr.io/xrplf/ci/nix-${{ matrix.distro }}
-          tags: |
-            type=sha,prefix=sha-,format=short
-            type=raw,value=latest
-
-      - name: Build and push
-        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
-        with:
-          context: .
-          file: docker/nix.Dockerfile
-          platforms: linux/amd64
-          push: ${{ github.event_name == 'push' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          build-args: BASE_IMAGE=${{ steps.vars.outputs.base_image }}
--- a/.github/workflows/reusable-build-test-config.yml
+++ b/.github/workflows/reusable-build-test-config.yml
@@ -143,6 +143,7 @@ jobs:
        working-directory: ${{ env.BUILD_DIR }}
        env:
          BUILD_TYPE: ${{ inputs.build_type }}
+          SANITIZERS: ${{ inputs.sanitizers }}
          CMAKE_ARGS: ${{ inputs.cmake_args }}
        run: |
          cmake \
@@ -181,7 +182,7 @@ jobs:
      - name: Build the binary
        working-directory: ${{ env.BUILD_DIR }}
        env:
-          BUILD_NPROC: ${{ runner.os == 'Linux' && '16' || steps.nproc.outputs.nproc }}
+          BUILD_NPROC: ${{ steps.nproc.outputs.nproc }}
          BUILD_TYPE: ${{ inputs.build_type }}
          CMAKE_TARGET: ${{ inputs.cmake_target }}
        run: |
@@ -283,16 +284,8 @@ jobs:

      - name: Show test failure summary
        if: ${{ failure() && !inputs.build_only }}
-        env:
-          WORKING_DIR: ${{ runner.os == 'Windows' && format('{0}\{1}', env.BUILD_DIR, inputs.build_type) || env.BUILD_DIR }}
+        working-directory: ${{ runner.os == 'Windows' && format('{0}/{1}', env.BUILD_DIR, inputs.build_type) || env.BUILD_DIR }}
        run: |
-          if [ ! -d "${WORKING_DIR}" ]; then
-            echo "Working directory '${WORKING_DIR}' does not exist."
-            exit 0
-          fi
-
-          cd "${WORKING_DIR}"
-
          if [ ! -f unittest.log ]; then
            echo "unittest.log not found; embedded tests may not have run."
            exit 0
--- a/.github/workflows/reusable-clang-tidy.yml
+++ b/.github/workflows/reusable-clang-tidy.yml
@@ -29,7 +29,7 @@ jobs:
    if: ${{ inputs.check_only_changed }}
    permissions:
      contents: read
-    uses: XRPLF/actions/.github/workflows/determine-tidy-files.yml@224f3c48d3014d082a1129237b8291ff0b0a331f
+    uses: XRPLF/actions/.github/workflows/determine-tidy-files.yml@12f5dbc98a2260259a66970e57fa4d26fb7f285c

  run-clang-tidy:
    name: Run clang tidy
@@ -39,7 +39,6 @@ jobs:
    container: "ghcr.io/xrplf/ci/debian-trixie:clang-21-sha-53033a2"
    permissions:
      contents: read
-      issues: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -93,11 +92,6 @@ jobs:
          set -o pipefail
          run-clang-tidy -j ${{ steps.nproc.outputs.nproc }} -p "${BUILD_DIR}" -quiet -fix -allow-no-checks ${TARGETS} 2>&1 | tee "${OUTPUT_FILE}"

-      - name: Print errors
-        if: ${{ steps.run_clang_tidy.outcome != 'success' }}
-        run: |
-          sed '/error\||/!d' "${OUTPUT_FILE}"
-
      - name: Upload clang-tidy output
        if: ${{ github.event.repository.visibility == 'public' && steps.run_clang_tidy.outcome != 'success' }}
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
@@ -106,24 +100,13 @@ jobs:
          archive: false
          retention-days: 30

-      - name: Check for changes
-        id: files_changed
-        continue-on-error: true
-        run: |
-          git diff --exit-code
-
-      - name: Fix style
-        if: ${{ steps.files_changed.outcome != 'success' }}
-        run: |
-          pre-commit run --all-files || true
-
      - name: Generate git diff
-        if: ${{ steps.files_changed.outcome != 'success' }}
+        if: ${{ steps.run_clang_tidy.outcome != 'success' }}
        run: |
          git diff | tee "${DIFF_FILE}"

      - name: Upload clang-tidy diff output
-        if: ${{ github.event.repository.visibility == 'public' && steps.files_changed.outcome != 'success' }}
+        if: ${{ github.event.repository.visibility == 'public' && steps.run_clang_tidy.outcome != 'success' }}
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          path: ${{ env.DIFF_FILE }}
@@ -133,16 +116,24 @@ jobs:
      - name: Write issue header
        if: ${{ steps.run_clang_tidy.outcome != 'success' }}
        run: |
+          # Prepare issue body with clang-tidy output
          cat > "${ISSUE_FILE}" <<EOF
          ## Clang-tidy Check Failed

+          **Workflow:** ${{ github.workflow }}
+          **Run ID:** ${{ github.run_id }}
+          **Commit:** ${{ github.sha }}
+          **Branch/Ref:** ${{ github.ref }}
+          **Triggered by:** ${{ github.actor }}
+
          ### Clang-tidy Output:
          \`\`\`
          EOF

-      - name: Append clang-tidy output to issue body (filter for errors and warnings)
+      - name: Append clang-tidy output to issue body
        if: ${{ steps.run_clang_tidy.outcome != 'success' }}
        run: |
+          # Append clang-tidy output (filter for errors and warnings)
          if [ -f "${OUTPUT_FILE}" ]; then
            # Extract lines containing 'error:', 'warning:', or 'note:'
            grep -E '(error:|warning:|note:)' "${OUTPUT_FILE}" > filtered-output.txt || true
@@ -170,21 +161,53 @@ jobs:
          cat >> "${ISSUE_FILE}" <<EOF
          \`\`\`

+          **Workflow run:** ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+
          ---
          *This issue was automatically created by the clang-tidy workflow.*
          EOF

-      - name: Create issue
-        if: ${{ steps.run_clang_tidy.outcome != 'success' && inputs.create_issue_on_failure }}
-        uses: XRPLF/actions/create-issue@fbcc16eb7f20dc3199eaf1aed0d3523a5ba9008c
+      - name: Upload issue body artifact
+        if: ${{ github.event.repository.visibility == 'public' && steps.run_clang_tidy.outcome != 'success' }}
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
-          title: "Clang-tidy check failed"
-          body_file: ${{ env.ISSUE_FILE }}
-          labels: "Bug,Clang-tidy"
-          assignees: "godexsoft,mathbunnyru"
+          path: ${{ env.ISSUE_FILE }}
+          archive: false
+          retention-days: 30

      - name: Fail if clang-tidy found issues
        if: ${{ steps.run_clang_tidy.outcome != 'success' }}
        run: |
          echo "Clang-tidy check failed!"
          exit 1
+
+  create-issue-on-failure:
+    name: Create GitHub issue on failure
+    runs-on: ubuntu-latest
+    needs: [run-clang-tidy]
+    if: ${{ always() && !cancelled() && inputs.create_issue_on_failure && needs.run-clang-tidy.result == 'failure' && github.event.repository.visibility == 'public' }}
+    permissions:
+      issues: write
+      contents: read
+    steps:
+      - name: Download clang-tidy-issue.md
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        with:
+          name: ${{ env.ISSUE_FILE }}
+
+      - name: Create GitHub issue
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          # Create the issue
+          gh issue create \
+            --label "Bug,Clang-tidy" \
+            --title "Clang-tidy check failed" \
+            --body-file ./"${ISSUE_FILE}" \
+            > create_issue.log
+
+      - name: Output created issue number
+        run: |
+          created_issue="$(sed 's|.*/||' create_issue.log)"
+          echo "created_issue=$created_issue" >> $GITHUB_OUTPUT
+          echo "Created issue #$created_issue"
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -70,11 +70,7 @@ repos:
    rev: a42085ade523f591dca134379a595e7859986445 # frozen: v9.7.0
    hooks:
      - id: cspell # Spell check changed files
-        exclude: |
-          (?x)^(
-              .config/cspell.config.yaml|
-              include/xrpl/protocol_autogen/(transactions|ledger_entries)/.*
-          )$
+        exclude: (.config/cspell.config.yaml|^include/xrpl/protocol_autogen/(transactions|ledger_entries)/)
      - id: cspell # Spell check the commit message
        name: check commit message spelling
        args:
--- a/BUILD.md
+++ b/BUILD.md
@@ -141,7 +141,7 @@ Alternatively, you can pull our recipes from the repository and export them loca

 ```bash
 # Define which recipes to export.
-recipes=('abseil' 'ed25519' 'mpt-crypto' 'openssl' 'secp256k1' 'snappy' 'soci' 'wasm-xrplf' 'wasmi')
+recipes=('abseil' 'ed25519' 'grpc' 'm4' 'mpt-crypto' 'openssl' 'secp256k1' 'snappy' 'soci' 'wasm-xrplf' 'wasmi')

 # Selectively check out the recipes from our CCI fork.
 cd external
@@ -530,15 +530,15 @@ stored inside the build directory, as either of:
 ## Sanitizers

 To build dependencies and xrpld with sanitizer instrumentation, set the
-`SANITIZERS` environment variable when running `conan install` and use the `sanitizers` profile:
+`SANITIZERS` environment variable (only once before running conan and cmake) and use the `sanitizers` profile in conan:

 ```bash
 export SANITIZERS=address,undefinedbehavior

 conan install .. --output-folder . --profile:all sanitizers --build missing --settings build_type=Debug
-```

-You can then build and test as usual, with the generated `xrpld` binary containing the sanitizer instrumentation. When you run it, it will report any sanitizer errors it detects in the console output.
+cmake -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake -DCMAKE_BUILD_TYPE=Debug -Dxrpld=ON -Dtests=ON ..
+```

 See [Sanitizers docs](./docs/build/sanitizers.md) for more details.

--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -88,6 +88,7 @@ find_package(ed25519 REQUIRED)
 find_package(gRPC REQUIRED)
 find_package(LibArchive REQUIRED)
 find_package(lz4 REQUIRED)
+find_package(mpt-crypto REQUIRED)
 find_package(nudb REQUIRED)
 find_package(OpenSSL REQUIRED)
 find_package(secp256k1 REQUIRED)
@@ -100,6 +101,7 @@ target_link_libraries(
    INTERFACE
        ed25519::ed25519
        lz4::lz4
+        mpt-crypto::mpt-crypto
        OpenSSL::Crypto
        OpenSSL::SSL
        secp256k1::secp256k1
--- a/cfg/xrpld-example.cfg
+++ b/cfg/xrpld-example.cfg
@@ -1258,7 +1258,7 @@
 #       default. Don't change this without understanding the consequences.
 #
 #       Example:
-#           account_reserve = 1000000   # 1 XRP
+#           account_reserve = 10000000   # 10 XRP
 #
 #   owner_reserve = <drops>
 #
@@ -1270,7 +1270,7 @@
 #       default. Don't change this without understanding the consequences.
 #
 #       Example:
-#           owner_reserve = 200000      # 0.2 XRP
+#           owner_reserve = 2000000      # 2 XRP
 #
 #-------------------------------------------------------------------------------
 #
--- a/cmake/XrplSanitizers.cmake
+++ b/cmake/XrplSanitizers.cmake
@@ -1,33 +1,140 @@
 #[===================================================================[
-   Apply sanitizer flags built by the Conan profile.
+   Configure sanitizers based on environment variables.

-   Parsing, validation, and flag construction are performed in conan/profiles/sanitizers.
-   This module reads the following CMake variables injected by the Conan toolchain via extra_variables:
+   This module reads the following environment variables:
+   - SANITIZERS: The sanitizers to enable. Possible values:
+     - "address"
+     - "address,undefinedbehavior"
+     - "thread"
+     - "thread,undefinedbehavior"
+     - "undefinedbehavior"

-   - SANITIZERS:                The active sanitizers (e.g. "address,undefinedbehavior").
-   - SANITIZERS_COMPILER_FLAGS: Space-separated compiler flags.
-   - SANITIZERS_LINKER_FLAGS:   Space-separated linker flags.
+   The compiler type and platform are detected in CompilationEnv.cmake.
+   The sanitizer compile options are applied to the 'common' interface library
+   which is linked to all targets in the project.

-   The flags are applied to the 'common' interface library which is linked to all targets in the project.
+   Internal flag variables set by this module:
+
+   - SANITIZER_TYPES: List of sanitizer types to enable (e.g., "address",
+     "thread", "undefined"). And two more flags for undefined behavior sanitizer (e.g., "float-divide-by-zero", "unsigned-integer-overflow").
+     This list is joined with commas and passed to -fsanitize=<list>.
+
+   - SANITIZERS_COMPILE_FLAGS: Compiler flags for sanitizer instrumentation.
+     Includes:
+     * -fno-omit-frame-pointer: Preserves frame pointers for stack traces
+     * -O1: Minimum optimization for reasonable performance
+     * -fsanitize=<types>: Enables sanitizer instrumentation
+     * -fsanitize-ignorelist=<path>: (Clang only) Compile-time ignorelist
+     * -mcmodel=large/medium: (GCC only) Code model for large binaries
+     * -Wno-stringop-overflow: (GCC only) Suppresses false positive warnings
+     * -Wno-tsan: (For GCC TSAN combination only) Suppresses atomic_thread_fence warnings
+
+   - SANITIZERS_LINK_FLAGS: Linker flags for sanitizer runtime libraries.
+     Includes:
+     * -fsanitize=<types>: Links sanitizer runtime libraries
+     * -mcmodel=large/medium: (GCC only) Matches compile-time code model
+
+   - SANITIZERS_RELOCATION_FLAGS: (GCC only, x86_64 only) Code model flags for linking.
+     Used to handle large instrumented binaries on x86_64:
+     * -mcmodel=large: For AddressSanitizer (prevents relocation errors)
+     * -mcmodel=medium: For ThreadSanitizer (large model is incompatible)
+     On ARM64, these flags are omitted since GCC does not support
+     -mcmodel=large with -fPIC, and -mcmodel=medium does not exist.
 #]===================================================================]

-include_guard(GLOBAL)
 include(CompilationEnv)

-if(NOT DEFINED SANITIZERS)
+# Read environment variable
+set(SANITIZERS "")
+if(DEFINED ENV{SANITIZERS})
+    set(SANITIZERS "$ENV{SANITIZERS}")
+endif()
+
+# Set SANITIZERS_ENABLED flag for use in other modules
+if(SANITIZERS MATCHES "address|thread|undefinedbehavior")
+    set(SANITIZERS_ENABLED TRUE)
+else()
    set(SANITIZERS_ENABLED FALSE)
    return()
 endif()
-set(SANITIZERS_ENABLED TRUE)

-message(STATUS "=== Configuring Sanitizers ===")
-message(STATUS "  SANITIZERS: ${SANITIZERS}")
-message(STATUS "  Compile flags: ${SANITIZERS_COMPILER_FLAGS}")
-message(STATUS "  Link flags: ${SANITIZERS_LINKER_FLAGS}")
+# Sanitizers are not supported on Windows/MSVC
+if(is_msvc)
+    message(
+        FATAL_ERROR
+        "Sanitizers are not supported on Windows/MSVC. "
+        "Please unset the SANITIZERS environment variable."
+    )
+endif()

-# GCC with sanitizers is incompatible with mold, gold, and lld linkers.
-# Namely, the instrumented binary exceeds size limits imposed by these linkers.
+message(STATUS "Configuring sanitizers: ${SANITIZERS}")
+
+# Parse SANITIZERS value to determine which sanitizers to enable
+set(enable_asan FALSE)
+set(enable_tsan FALSE)
+set(enable_ubsan FALSE)
+
+# Normalize SANITIZERS into a list
+set(san_list "${SANITIZERS}")
+string(REPLACE "," ";" san_list "${san_list}")
+separate_arguments(san_list)
+
+foreach(san IN LISTS san_list)
+    if(san STREQUAL "address")
+        set(enable_asan TRUE)
+    elseif(san STREQUAL "thread")
+        set(enable_tsan TRUE)
+    elseif(san STREQUAL "undefinedbehavior")
+        set(enable_ubsan TRUE)
+    else()
+        message(
+            FATAL_ERROR
+            "Unsupported sanitizer type: ${san}"
+            "Supported: address, thread, undefinedbehavior and their combinations."
+        )
+    endif()
+endforeach()
+
+# Validate sanitizer compatibility
+if(enable_asan AND enable_tsan)
+    message(
+        FATAL_ERROR
+        "AddressSanitizer and ThreadSanitizer are incompatible and cannot be enabled simultaneously. "
+        "Use 'address' or 'thread', optionally with 'undefinedbehavior'."
+    )
+endif()
+
+# Frame pointer is required for meaningful stack traces. Sanitizers recommend minimum of -O1 for reasonable performance
+set(SANITIZERS_COMPILE_FLAGS "-fno-omit-frame-pointer" "-O1")
+
+# Build the sanitizer flags list
+set(SANITIZER_TYPES)
+
+if(enable_asan)
+    list(APPEND SANITIZER_TYPES "address")
+elseif(enable_tsan)
+    list(APPEND SANITIZER_TYPES "thread")
+endif()
+
+if(enable_ubsan)
+    # UB sanitizer flags
+    list(APPEND SANITIZER_TYPES "undefined" "float-divide-by-zero")
+    if(is_clang)
+        # Clang supports additional UB checks. More info here
+        # https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
+        list(APPEND SANITIZER_TYPES "unsigned-integer-overflow")
+    endif()
+endif()
+
+# Configure code model for GCC on amd64 Use large code model for ASAN to avoid relocation errors Use medium code model
+# for TSAN (large is not compatible with TSAN)
+set(SANITIZERS_RELOCATION_FLAGS)
+
+# Compiler-specific configuration
 if(is_gcc)
+    # Disable mold, gold and lld linkers for GCC with sanitizers Use default linker (bfd/ld) which is more lenient with
+    # mixed code models This is needed since the size of instrumented binary exceeds the limits set by mold, lld and
+    # gold linkers
    set(use_mold OFF CACHE BOOL "Use mold linker" FORCE)
    set(use_gold OFF CACHE BOOL "Use gold linker" FORCE)
    set(use_lld OFF CACHE BOOL "Use lld linker" FORCE)
@@ -35,62 +142,82 @@ if(is_gcc)
        STATUS
        "  Disabled mold, gold, and lld linkers for GCC with sanitizers"
    )
+
+    # Suppress false positive warnings in GCC with stringop-overflow
+    list(APPEND SANITIZERS_COMPILE_FLAGS "-Wno-stringop-overflow")
+
+    if(is_amd64 AND enable_asan)
+        message(STATUS "  Using large code model (-mcmodel=large)")
+        list(APPEND SANITIZERS_COMPILE_FLAGS "-mcmodel=large")
+        list(APPEND SANITIZERS_RELOCATION_FLAGS "-mcmodel=large")
+    elseif(enable_tsan)
+        # GCC doesn't support atomic_thread_fence with tsan. Suppress warnings.
+        list(APPEND SANITIZERS_COMPILE_FLAGS "-Wno-tsan")
+        if(is_amd64)
+            message(STATUS "  Using medium code model (-mcmodel=medium)")
+            list(APPEND SANITIZERS_COMPILE_FLAGS "-mcmodel=medium")
+            list(APPEND SANITIZERS_RELOCATION_FLAGS "-mcmodel=medium")
+        endif()
+    endif()
+
+    # Join sanitizer flags with commas for -fsanitize option
+    list(JOIN SANITIZER_TYPES "," SANITIZER_TYPES_STR)
+
+    # Add sanitizer to compile and link flags
+    list(APPEND SANITIZERS_COMPILE_FLAGS "-fsanitize=${SANITIZER_TYPES_STR}")
+    set(SANITIZERS_LINK_FLAGS
+        "${SANITIZERS_RELOCATION_FLAGS}"
+        "-fsanitize=${SANITIZER_TYPES_STR}"
+    )
+elseif(is_clang)
+    # Add ignorelist for Clang (GCC doesn't support this) Use CMAKE_SOURCE_DIR to get the path to the ignorelist
+    set(IGNORELIST_PATH
+        "${CMAKE_SOURCE_DIR}/sanitizers/suppressions/sanitizer-ignorelist.txt"
+    )
+    if(NOT EXISTS "${IGNORELIST_PATH}")
+        message(
+            FATAL_ERROR
+            "Sanitizer ignorelist not found: ${IGNORELIST_PATH}"
+        )
+    endif()
+
+    list(
+        APPEND SANITIZERS_COMPILE_FLAGS
+        "-fsanitize-ignorelist=${IGNORELIST_PATH}"
+    )
+    message(STATUS "  Using sanitizer ignorelist: ${IGNORELIST_PATH}")
+
+    # Join sanitizer flags with commas for -fsanitize option
+    list(JOIN SANITIZER_TYPES "," SANITIZER_TYPES_STR)
+
+    # Add sanitizer to compile and link flags
+    list(APPEND SANITIZERS_COMPILE_FLAGS "-fsanitize=${SANITIZER_TYPES_STR}")
+    set(SANITIZERS_LINK_FLAGS "-fsanitize=${SANITIZER_TYPES_STR}")
 endif()

-# Flags arrive as space-separated strings; split into CMake lists before use
-separate_arguments(
-    sanitizers_compiler_flags
-    UNIX_COMMAND
-    "${SANITIZERS_COMPILER_FLAGS}"
-)
-separate_arguments(
-    sanitizers_linker_flags
-    UNIX_COMMAND
-    "${SANITIZERS_LINKER_FLAGS}"
-)
+message(STATUS "  Compile flags: ${SANITIZERS_COMPILE_FLAGS}")
+message(STATUS "  Link flags: ${SANITIZERS_LINK_FLAGS}")

+# Apply the sanitizer flags to the 'common' interface library This is the same library used by XrplCompiler.cmake
 target_compile_options(
    common
    INTERFACE
-        $<$<COMPILE_LANGUAGE:CXX>:${sanitizers_compiler_flags}>
-        $<$<COMPILE_LANGUAGE:C>:${sanitizers_compiler_flags}>
+        $<$<COMPILE_LANGUAGE:CXX>:${SANITIZERS_COMPILE_FLAGS}>
+        $<$<COMPILE_LANGUAGE:C>:${SANITIZERS_COMPILE_FLAGS}>
 )
-target_link_options(common INTERFACE ${sanitizers_linker_flags})

-# This module appends -fsanitize-ignorelist=<path> for Clang builds.
-# The ignorelist path contains CMAKE_SOURCE_DIR, so it must be set here, rather than in the Conan profile.
-# GCC does not support -fsanitize-ignorelist.
-if(is_clang)
-    set(ignorelist_path
-        "${CMAKE_SOURCE_DIR}/sanitizers/suppressions/sanitizer-ignorelist.txt"
-    )
-    if(NOT EXISTS "${ignorelist_path}")
-        message(
-            FATAL_ERROR
-            "Sanitizer ignorelist not found: ${ignorelist_path}"
-        )
-    endif()
-    target_compile_options(
-        common
-        INTERFACE
-            $<$<COMPILE_LANGUAGE:CXX>:-fsanitize-ignorelist=${ignorelist_path}>
-            $<$<COMPILE_LANGUAGE:C>:-fsanitize-ignorelist=${ignorelist_path}>
-    )
-    message(STATUS "  Ignorelist: ${ignorelist_path}")
-endif()
+# Apply linker flags
+target_link_options(common INTERFACE ${SANITIZERS_LINK_FLAGS})

 # Define SANITIZERS macro for BuildInfo.cpp
 set(sanitizers_list)
-if(SANITIZERS MATCHES "address")
-    set(enable_asan ON)
+if(enable_asan)
    list(APPEND sanitizers_list "ASAN")
 endif()
-if(SANITIZERS MATCHES "thread")
-    set(enable_tsan ON)
+if(enable_tsan)
    list(APPEND sanitizers_list "TSAN")
 endif()
-if(SANITIZERS MATCHES "undefinedbehavior")
-    set(enable_ubsan ON)
+if(enable_ubsan)
    list(APPEND sanitizers_list "UBSAN")
 endif()

--- a/cmake/scripts/codegen/requirements.txt
+++ b/cmake/scripts/codegen/requirements.txt
@@ -10,4 +10,4 @@ pcpp>=1.30
 pyparsing>=3.0.0

 # Template engine - used to generate C++ code from templates
-Mako>=1.2.2
+Mako>=1.2.0
--- a/conan.lock
+++ b/conan.lock
@@ -1,39 +1,41 @@
 {
    "version": "0.5",
    "requires": [
-        "zlib/1.3.2#1cb806da49011867778ffb6ac7190fcb%1777558780.503",
+        "zlib/1.3.1#cac0f6daea041b0ccf42934163defb20%1774439233.809",
        "xxhash/0.8.3#681d36a0a6111fc56e5e45ea182c19cc%1765850149.987",
-        "sqlite3/3.53.0#324ada52333108388a9a6108bfa96734%1776096494.149",
+        "sqlite3/3.51.0#66aa11eabd0e34954c5c1c061ad44abe%1774467355.988",
        "soci/4.0.3#fe32b9ad5eb47e79ab9e45a68f363945%1774450067.231",
        "snappy/1.1.10#968fef506ff261592ec30c574d4a7809%1765850147.878",
        "secp256k1/0.7.1#481881709eb0bdd0185a12b912bbe8ad%1770910500.329",
        "rocksdb/10.5.1#4a197eca381a3e5ae8adf8cffa5aacd0%1765850186.86",
        "re2/20251105#8579cfd0bda4daf0683f9e3898f964b4%1774398111.888",
        "protobuf/6.33.5#d96d52ba5baaaa532f47bda866ad87a5%1774467363.12",
-        "openssl/3.6.2#4789bbf131b77d0515d15e094c8f697f%1778071755.506",
-        "nudb/2.0.9#11149c73f8f2baff9a0198fe25971fc7%1775040983.408",
+        "openssl/3.6.1#e6399de266349245a4542fc5f6c71552%1774458290.139",
+        "nudb/2.0.9#11149c73f8f2baff9a0198fe25971fc7%1774883011.384",
+        "mpt-crypto/0.3.0-rc1#468344c6855d4aeaa8bd31fb2c403f89%1776358155.918",
        "lz4/1.10.0#59fc63cac7f10fbe8e05c7e62c2f3504%1765850143.914",
        "libiconv/1.17#1e65319e945f2d31941a9d28cc13c058%1765842973.492",
        "libbacktrace/cci.20210118#a7691bfccd8caaf66309df196790a5a1%1765842973.03",
-        "libarchive/3.8.7#c446109bd1f1d8ba7936c94189bc50e6%1776147552.838",
-        "jemalloc/5.3.1#1fc58d55316041f10fbc1e8a2eae632a%1776700028.228",
+        "libarchive/3.8.1#ffee18995c706e02bf96e7a2f7042e0d%1765850144.736",
+        "jemalloc/5.3.0#e951da9cf599e956cebc117880d2d9f8%1729241615.244",
        "gtest/1.17.0#5224b3b3ff3b4ce1133cbdd27d53ee7d%1768312129.152",
        "grpc/1.78.1#b1a9e74b145cc471bed4dc64dc6eb2c1%1774467387.342",
        "ed25519/2015.03#ae761bdc52730a843f0809bdf6c1b1f6%1765850143.772",
        "date/3.0.4#862e11e80030356b53c2c38599ceb32b%1765850143.772",
        "c-ares/1.34.6#545240bb1c40e2cacd4362d6b8967650%1774439234.681",
        "bzip2/1.0.8#c470882369c2d95c5c77e970c0c7e321%1765850143.837",
-        "boost/1.91.0#ea540ca2133d831b560036aa24dece3c%1778050991.9",
+        "boost/1.90.0#d5e8defe7355494953be18524a7f135b%1769454080.269",
        "abseil/20250127.0#bb0baf1f362bc4a725a24eddd419b8f7%1774365460.196"
    ],
    "build_requires": [
-        "zlib/1.3.2#1cb806da49011867778ffb6ac7190fcb%1777558780.503",
+        "zlib/1.3.1#cac0f6daea041b0ccf42934163defb20%1774439233.809",
        "strawberryperl/5.32.1.1#8d114504d172cfea8ea1662d09b6333e%1774447376.964",
        "protobuf/6.33.5#d96d52ba5baaaa532f47bda866ad87a5%1774467363.12",
        "nasm/2.16.01#31e26f2ee3c4346ecd347911bd126904%1765850144.707",
        "msys2/cci.latest#d22fe7b2808f5fd34d0a7923ace9c54f%1770657326.649",
-        "m4/1.4.19#4523e4347b55cd26ae918bd5770cab9a%1778062762.471",
+        "m4/1.4.19#5d7a4994e5875d76faf7acf3ed056036%1774365463.87",
        "cmake/4.3.0#b939a42e98f593fb34d3a8c5cc860359%1774439249.183",
+        "cmake/3.31.10#313d16a1aa16bbdb2ca0792467214b76%1765850153.479",
        "b2/5.4.2#ffd6084a119587e70f11cd45d1a386e2%1774439233.447",
        "automake/1.16.5#b91b7c384c3deaa9d535be02da14d04f%1755524470.56",
        "autoconf/2.71#51077f068e61700d65bb05541ea1e4b0%1731054366.86",
@@ -48,16 +50,22 @@
            "lz4/1.10.0"
        ],
        "boost/[>=1.83.0 <1.91.0]": [
-            "boost/1.91.0"
+            "boost/1.90.0"
        ],
        "sqlite3/[>=3.44 <4]": [
-            "sqlite3/3.53.0"
+            "sqlite3/3.51.0"
        ],
        "boost/1.83.0": [
-            "boost/1.91.0"
+            "boost/1.90.0"
        ],
        "lz4/[>=1.9.4 <2]": [
            "lz4/1.10.0#59fc63cac7f10fbe8e05c7e62c2f3504"
+        ],
+        "openssl/3.5.5": [
+            "openssl/3.6.1"
+        ],
+        "openssl/[>=3 <4]": [
+            "openssl/3.6.1"
        ]
    },
    "config_requires": []
--- a/conan/global.conf
+++ b/conan/global.conf
@@ -3,5 +3,3 @@
 core:non_interactive=True
 core.download:parallel={{ os.cpu_count() }}
 core.upload:parallel={{ os.cpu_count() }}
-tools.files.download:retry=5
-tools.files.download:retry_wait=10
--- a/conan/profiles/ci
+++ b/conan/profiles/ci
@@ -1 +1 @@
-include(sanitizers)
+ include(sanitizers)
--- a/conan/profiles/sanitizers
+++ b/conan/profiles/sanitizers
@@ -3,120 +3,96 @@ include(default)
 {% set arch = detect_api.detect_arch() %}
 {% set sanitizers = os.getenv("SANITIZERS") %}

-{% if not sanitizers %}
-{# Sanitizers not configured; no additional settings needed #}
-{% else %}
+[conf]
+{% if sanitizers %}
+    {% if compiler == "gcc" %}
+        {% if "address" in sanitizers or "thread" in sanitizers or "undefinedbehavior" in sanitizers %}
+            {% set sanitizer_list = [] %}
+            {% set defines = [] %}
+            {% set model_code = "" %}
+            {% set extra_cxxflags = ["-fno-omit-frame-pointer", "-O1", "-Wno-stringop-overflow"] %}

-{% if compiler == "msvc" %}
-    {{ "Sanitizers are not supported on Windows/MSVC. Please unset the SANITIZERS environment variable." }}
-{% endif %}
+            {% if "address" in sanitizers %}
+                {% set _ = sanitizer_list.append("address") %}
+                {% if arch == "x86_64" %}
+                    {% set model_code = "-mcmodel=large" %}
+                {% endif %}
+                {% set _ = defines.append("BOOST_USE_ASAN")%}
+                {% set _ = defines.append("BOOST_USE_UCONTEXT")%}
+            {% elif "thread" in sanitizers %}
+                {% set _ = sanitizer_list.append("thread") %}
+                {% if arch == "x86_64" %}
+                    {% set model_code = "-mcmodel=medium" %}
+                {% endif %}
+                {% set _ = extra_cxxflags.append("-Wno-tsan") %}
+                {% set _ = defines.append("BOOST_USE_TSAN")%}
+                {% set _ = defines.append("BOOST_USE_UCONTEXT")%}
+            {% endif %}

-{% set known_sanitizers = ["address", "thread", "undefinedbehavior"] %}
-{% set provided_sanitizers = [] %}
-{% for san in sanitizers.split(",") %}
-    {% set san = san.strip() %}
-    {% if san not in known_sanitizers %}
-        {{ "Unknown sanitizer in SANITIZERS: " ~ san }}
-    {% endif %}
-    {% set _ = provided_sanitizers.append(san) %}
-{% endfor %}
+            {% if "undefinedbehavior" in sanitizers %}
+                {% set _ = sanitizer_list.append("undefined") %}
+                {% set _ = sanitizer_list.append("float-divide-by-zero") %}
+            {% endif %}

-{% set enable_asan = "address" in provided_sanitizers %}
-{% set enable_tsan = "thread" in provided_sanitizers %}
-{% set enable_ubsan = "undefinedbehavior" in provided_sanitizers %}
+            {% set sanitizer_flags = "-fsanitize=" ~ ",".join(sanitizer_list) ~ " " ~ model_code %}

-{% if enable_asan and enable_tsan %}
-    {{ "AddressSanitizer and ThreadSanitizer are incompatible and cannot be enabled simultaneously." }}
-{% endif %}
+            tools.build:cxxflags+=['{{sanitizer_flags}} {{" ".join(extra_cxxflags)}}']
+            tools.build:sharedlinkflags+=['{{sanitizer_flags}}']
+            tools.build:exelinkflags+=['{{sanitizer_flags}}']
+            tools.build:defines+={{defines}}
+        {% endif %}
+    {% elif compiler == "apple-clang" or compiler == "clang" %}
+        {% if "address" in sanitizers or "thread" in sanitizers or "undefinedbehavior" in sanitizers %}
+            {% set sanitizer_list = [] %}
+            {% set defines = [] %}
+            {% set extra_cxxflags = ["-fno-omit-frame-pointer", "-O1"] %}

-{% set sanitizer_types = [] %}
-{% set defines = [] %}
+            {% if "address" in sanitizers %}
+                {% set _ = sanitizer_list.append("address") %}
+                {% set _ = defines.append("BOOST_USE_ASAN")%}
+                {% set _ = defines.append("BOOST_USE_UCONTEXT")%}
+            {% elif "thread" in sanitizers %}
+                {% set _ = sanitizer_list.append("thread") %}
+                {% set _ = defines.append("BOOST_USE_TSAN")%}
+                {% set _ = defines.append("BOOST_USE_UCONTEXT")%}
+            {% endif %}

-{% if enable_asan %}
-    {% set _ = sanitizer_types.append("address") %}
-    {% set _ = defines.append("BOOST_USE_ASAN") %}
-    {% set _ = defines.append("BOOST_USE_UCONTEXT") %}
-{% elif enable_tsan %}
-    {% set _ = sanitizer_types.append("thread") %}
-    {% set _ = defines.append("BOOST_USE_TSAN") %}
-    {% set _ = defines.append("BOOST_USE_UCONTEXT") %}
-{% endif %}
+            {% if "undefinedbehavior" in sanitizers %}
+                {% set _ = sanitizer_list.append("undefined") %}
+                {% set _ = sanitizer_list.append("float-divide-by-zero") %}
+                {% set _ = sanitizer_list.append("unsigned-integer-overflow") %}
+            {% endif %}

-{% if enable_ubsan %}
-    {% set _ = sanitizer_types.append("undefined") %}
-    {% set _ = sanitizer_types.append("float-divide-by-zero") %}
-    {# Clang supports additional UB checks beyond the GCC baseline #}
-    {% if compiler == "clang" or compiler == "apple-clang" %}
-        {% set _ = sanitizer_types.append("unsigned-integer-overflow") %}
-    {% endif %}
-{% endif %}
+            {% set sanitizer_flags = "-fsanitize=" ~ ",".join(sanitizer_list) %}

-{# Frame pointer required for meaningful stack traces; -O1 for reasonable performance #}
-{% set compile_flags = ["-fno-omit-frame-pointer", "-O1"] %}
-
-{% if compiler == "gcc" %}
-    {# Suppress false positive warnings with GCC #}
-    {% set _ = compile_flags.append("-Wno-stringop-overflow") %}
-
-    {% set relocation_flags = [] %}
-
-    {% if arch == "x86_64" and enable_asan %}
-        {# Large code model prevents relocation errors in instrumented ASAN binaries #}
-        {% set _ = compile_flags.append("-mcmodel=large") %}
-        {% set _ = relocation_flags.append("-mcmodel=large") %}
-    {% elif enable_tsan %}
-        {# GCC doesn't support atomic_thread_fence with TSAN; suppress warnings #}
-        {% set _ = compile_flags.append("-Wno-tsan") %}
-        {% if arch == "x86_64" %}
-            {# Medium code model for TSAN; large is incompatible #}
-            {% set _ = compile_flags.append("-mcmodel=medium") %}
-            {% set _ = relocation_flags.append("-mcmodel=medium") %}
+            tools.build:cxxflags+=['{{sanitizer_flags}} {{" ".join(extra_cxxflags)}}']
+            tools.build:sharedlinkflags+=['{{sanitizer_flags}}']
+            tools.build:exelinkflags+=['{{sanitizer_flags}}']
+            tools.build:defines+={{defines}}
        {% endif %}
    {% endif %}
-
-    {% set fsanitize = "-fsanitize=" ~ ",".join(sanitizer_types) %}
-    {% set _ = compile_flags.append(fsanitize) %}
-    {% set _ = relocation_flags.append(fsanitize) %}
-
-    {% set sanitizer_compiler_flags = " ".join(compile_flags) %}
-    {% set sanitizer_linker_flags = " ".join(relocation_flags) %}
-{% elif compiler == "clang" or compiler == "apple-clang" %}
-    {% set fsanitize = "-fsanitize=" ~ ",".join(sanitizer_types) %}
-    {% set _ = compile_flags.append(fsanitize) %}
-
-    {% set sanitizer_compiler_flags = " ".join(compile_flags) %}
-    {% set sanitizer_linker_flags = fsanitize %}
 {% endif %}

-[conf]
-tools.build:defines+={{defines}}
-tools.build:cxxflags+=['{{sanitizer_compiler_flags}}']
-tools.build:sharedlinkflags+=['{{sanitizer_linker_flags}}']
-tools.build:exelinkflags+=['{{sanitizer_linker_flags}}']
-
 tools.info.package_id:confs+=["tools.build:cxxflags", "tools.build:exelinkflags", "tools.build:sharedlinkflags", "tools.build:defines"]

-# &: means "apply only to the consumer/root package"
-&:tools.cmake.cmaketoolchain:extra_variables={"SANITIZERS": "{{sanitizers}}", "SANITIZERS_COMPILER_FLAGS": "{{sanitizer_compiler_flags}}", "SANITIZERS_LINKER_FLAGS": "{{sanitizer_linker_flags}}"}
-
 [options]
-{% if enable_asan %}
-    # Build Boost.Context with ucontext backend (not fcontext) so that
-    # ASAN fiber-switching annotations (__sanitizer_start/finish_switch_fiber)
-    # are compiled into the library. fcontext (assembly) has no ASAN support.
-    # define=BOOST_USE_ASAN=1 is critical: it must be defined when building
-    # Boost.Context itself so the ucontext backend compiles in the ASAN annotations.
-    boost/*:extra_b2_flags=context-impl=ucontext address-sanitizer=on define=BOOST_USE_ASAN=1
-    boost/*:without_context=False
-    # Boost stacktrace fails to build with some sanitizers
-    boost/*:without_stacktrace=True
-{% elif enable_tsan %}
-    # Build Boost.Context with ucontext backend for TSAN. fcontext (assembly)
-    # has no TSAN annotations, so without this the BOOST_USE_TSAN/BOOST_USE_UCONTEXT
-    # defines in [conf] would be ineffective.
-    boost/*:extra_b2_flags=context-impl=ucontext thread-sanitizer=on define=BOOST_USE_TSAN=1
-    boost/*:without_context=False
-    boost/*:without_stacktrace=True
-{% endif %}
-
+{% if sanitizers %}
+    {% if "address" in sanitizers %}
+        # Build Boost.Context with ucontext backend (not fcontext) so that
+        # ASAN fiber-switching annotations (__sanitizer_start/finish_switch_fiber)
+        # are compiled into the library. fcontext (assembly) has no ASAN support.
+        # define=BOOST_USE_ASAN=1 is critical: it must be defined when building
+        # Boost.Context itself so the ucontext backend compiles in the ASAN annotations.
+        boost/*:extra_b2_flags=context-impl=ucontext address-sanitizer=on define=BOOST_USE_ASAN=1
+        boost/*:without_context=False
+        # Boost stacktrace fails to build with some sanitizers
+        boost/*:without_stacktrace=True
+    {% elif "thread" in sanitizers %}
+        # Build Boost.Context with ucontext backend for TSAN. fcontext (assembly)
+        # has no TSAN annotations, so without this the BOOST_USE_TSAN/BOOST_USE_UCONTEXT
+        # defines in [conf] would be ineffective.
+        boost/*:extra_b2_flags=context-impl=ucontext thread-sanitizer=on define=BOOST_USE_TSAN=1
+        boost/*:without_context=False
+        boost/*:without_stacktrace=True
+    {% endif %}
 {% endif %}
--- a/conanfile.py
+++ b/conanfile.py
@@ -1,3 +1,4 @@
+import os
 import re

 from conan.tools.cmake import CMake, CMakeToolchain, cmake_layout
@@ -29,12 +30,13 @@ class Xrpl(ConanFile):
    requires = [
        "ed25519/2015.03",
        "grpc/1.78.1",
-        "libarchive/3.8.7",
+        "libarchive/3.8.1",
+        "mpt-crypto/0.3.0-rc1",
        "nudb/2.0.9",
-        "openssl/3.6.2",
+        "openssl/3.6.1",
        "secp256k1/0.7.1",
        "soci/4.0.3",
-        "zlib/1.3.2",
+        "zlib/1.3.1",
    ]

    test_requires = [
@@ -56,7 +58,6 @@ class Xrpl(ConanFile):
        "tests": False,
        "unity": False,
        "xrpld": False,
-        "boost/*:without_cobalt": True,
        "boost/*:without_context": False,
        "boost/*:without_coroutine": True,
        "boost/*:without_coroutine2": False,
@@ -130,13 +131,13 @@ class Xrpl(ConanFile):
            self.options["boost"].without_cobalt = True

    def requirements(self):
-        self.requires("boost/1.91.0", force=True, transitive_headers=True)
+        self.requires("boost/1.90.0", force=True, transitive_headers=True)
        self.requires("date/3.0.4", transitive_headers=True)
        self.requires("lz4/1.10.0", force=True)
        self.requires("protobuf/6.33.5", force=True)
-        self.requires("sqlite3/3.53.0", force=True)
+        self.requires("sqlite3/3.51.0", force=True)
        if self.options.jemalloc:
-            self.requires("jemalloc/5.3.1")
+            self.requires("jemalloc/5.3.0")
        if self.options.rocksdb:
            self.requires("rocksdb/10.5.1")
        self.requires("xxhash/0.8.3", transitive_headers=True)
@@ -208,6 +209,7 @@ class Xrpl(ConanFile):
            "grpc::grpc++",
            "libarchive::libarchive",
            "lz4::lz4",
+            "mpt-crypto::mpt-crypto",
            "nudb::nudb",
            "openssl::crypto",
            "protobuf::libprotobuf",
--- a/cspell.config.yaml
+++ b/cspell.config.yaml
@@ -59,11 +59,11 @@ words:
  - autobridging
  - bimap
  - bindir
+  - blindings
  - bookdir
  - Bougalis
  - Britto
  - Btrfs
-  - Buildx
  - canonicality
  - changespq
  - checkme
@@ -72,7 +72,6 @@ words:
  - citardauq
  - clawback
  - clawbacks
-  - cmaketoolchain
  - coeffs
  - coldwallet
  - compr
@@ -93,6 +92,7 @@ words:
  - daria
  - dcmake
  - dearmor
+  - decryptor
  - deleteme
  - demultiplexer
  - deserializaton
@@ -102,6 +102,7 @@ words:
  - distro
  - doxyfile
  - dxrpl
+  - elgamal
  - enabled
  - endmacro
  - exceptioned
@@ -112,11 +113,11 @@ words:
  - fmtdur
  - fsanitize
  - funclets
+  - Gamal
  - gcov
  - gcovr
  - ghead
  - Gnutella
-  - godexsoft
  - gpgcheck
  - gpgkey
  - hotwallet
@@ -203,6 +204,7 @@ words:
  - partitioner
  - paychan
  - paychans
+  - Pedersen
  - permdex
  - perminute
  - permissioned
@@ -223,6 +225,8 @@ words:
  - queuable
  - Raphson
  - replayer
+  - rerandomization
+  - rerandomized
  - rerere
  - retriable
  - RIPD
@@ -239,6 +243,7 @@ words:
  - sahyadri
  - Satoshi
  - scons
+  - Schnorr
  - secp
  - sendq
  - seqit
@@ -266,6 +271,7 @@ words:
  - stvar
  - stvector
  - stxchainattestations
+  - summands
  - superpeer
  - superpeers
  - takergets
--- a/docker/nix.Dockerfile
+++ b/docker/nix.Dockerfile
@@ -1,66 +0,0 @@
-ARG BASE_IMAGE=nixos/nix:latest
-
-# Nix builder
-FROM nixos/nix:latest AS builder-source
-
-RUN mkdir -p ~/.config/nix && \
-    echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
-
-# Copy our source and setup our working dir.
-COPY nix/ci-env.nix /tmp/build/nix/ci-env.nix
-COPY nix/packages.nix /tmp/build/nix/packages.nix
-COPY nix/utils.nix /tmp/build/nix/utils.nix
-COPY flake.nix /tmp/build/
-COPY flake.lock /tmp/build/
-WORKDIR /tmp/build
-
-FROM builder-source AS builder
-
-# Build our Nix CI environment (all build tools in a single store path)
-RUN nix \
-    --option filter-syscalls false \
-    build
-
-# Copy the Nix store closure into a directory. The Nix store closure is the
-# entire set of Nix store values that we need for our build.
-RUN mkdir /tmp/nix-store-closure && \
-    cp -R $(nix-store -qR result/) /tmp/nix-store-closure
-
-# Final image
-FROM ${BASE_IMAGE}
-
-# bash is not located at /bin/bash in nixos/nix, so we need to create a symlink to it.
-RUN if [ -d /nix ]; then \
-        ln -s /root/.nix-profile/bin/bash /bin/bash; \
-    fi
-
-# Use Bash as the default shell for RUN commands, using the options
-# `set -o errexit -o pipefail`, and as the entrypoint.
-SHELL ["/bin/bash", "-e", "-o", "pipefail", "-c"]
-ENTRYPOINT ["/bin/bash"]
-
-# Copy /nix/store and the env symlink tree
-COPY --from=builder /tmp/nix-store-closure /nix/store
-COPY --from=builder /tmp/build/result /nix/ci-env
-
-ENV PATH="/nix/ci-env/bin:$PATH"
-
-RUN <<EOF
-ccache --version
-clang-format --version
-cmake --version
-conan --version
-g++ --version
-gcc --version
-gcovr --version
-git --version
-make --version
-mold --version
-ninja --version
-perl --version
-pkg-config --version
-pre-commit --version
-python3 --version
-run-clang-tidy --help
-vim --version
-EOF
--- a/docs/build/sanitizers.md
+++ b/docs/build/sanitizers.md
@@ -1,17 +1,15 @@
 # Sanitizer Configuration for Xrpld

-This document explains how to properly configure and run sanitizers (`AddressSanitizer`, `UndefinedBehaviorSanitizer`, `ThreadSanitizer`) with the xrpld project.
+This document explains how to properly configure and run sanitizers (AddressSanitizer, undefinedbehaviorSanitizer, ThreadSanitizer) with the xrpld project.
 Corresponding suppression files are located in the `sanitizers/suppressions` directory.

-> [!CAUTION]
-> Do not mix Address and Thread sanitizers - they are incompatible.
-> Also, we don't yet support MSVC sanitizers, so this is only for Clang/GCC builds.
-
 - [Sanitizer Configuration for Xrpld](#sanitizer-configuration-for-xrpld)
  - [Building with Sanitizers](#building-with-sanitizers)
    - [Summary](#summary)
    - [Build steps:](#build-steps)
      - [Install dependencies](#install-dependencies)
+      - [Call CMake](#call-cmake)
+      - [Build](#build)
  - [Running Tests with Sanitizers](#running-tests-with-sanitizers)
    - [AddressSanitizer (ASAN)](#addresssanitizer-asan)
    - [ThreadSanitizer (TSan)](#threadsanitizer-tsan)
@@ -35,13 +33,9 @@ Corresponding suppression files are located in the `sanitizers/suppressions` dir
 Follow the same instructions as mentioned in [BUILD.md](../../BUILD.md) but with the following changes:

 1. Make sure you have a clean build directory.
-2. Set the `SANITIZERS` environment variable before calling `conan install`. Only set it once.
+2. Set the `SANITIZERS` environment variable before calling conan install and cmake. Only set it once. Make sure both conan and cmake read the same values.
   Example: `export SANITIZERS=address,undefinedbehavior`
-3. Use `--profile:all sanitizers` with Conan to build dependencies with sanitizer instrumentation.
-
-   > [!NOTE]
-   > Building with sanitizer-instrumented dependencies is slower but produces fewer false positives.
-
+3. Optionally use `--profile:all sanitizers` with Conan to build dependencies with sanitizer instrumentation. [!NOTE]Building with sanitizer-instrumented dependencies is slower but produces fewer false positives.
 4. Set `ASAN_OPTIONS`, `LSAN_OPTIONS`, `UBSAN_OPTIONS` and `TSAN_OPTIONS` environment variables to configure sanitizer behavior when running executables. [More details below](#running-tests-with-sanitizers).

 ---
@@ -57,13 +51,36 @@ cd .build

 #### Install dependencies

-The `SANITIZERS` environment variable is used during `conan install` command.
+The `SANITIZERS` environment variable is used by both Conan and CMake.

 ```bash
-SANITIZERS=address,undefinedbehavior conan install .. --output-folder . --build missing --settings build_type=Debug --profile:all sanitizers
+export SANITIZERS=address,undefinedbehavior
+# Standard build (without instrumenting dependencies)
+conan install .. --output-folder . --build missing --settings build_type=Debug
+
+# Or with sanitizer-instrumented dependencies (takes longer but fewer false positives)
+conan install .. --output-folder . --profile:all sanitizers --build missing --settings build_type=Debug
 ```

-Proceed with the rest of the build instructions as mentioned in [BUILD.md](../../BUILD.md).
+[!CAUTION]
+Do not mix Address and Thread sanitizers - they are incompatible.
+
+Since you already set the `SANITIZERS` environment variable when running Conan, same values will be read for the next part.
+
+#### Call CMake
+
+```bash
+cmake .. -G Ninja \
+    -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake \
+    -DCMAKE_BUILD_TYPE=Debug \
+    -Dtests=ON -Dxrpld=ON
+```
+
+#### Build
+
+```bash
+cmake --build . --parallel 4
+```

 ## Running Tests with Sanitizers

--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1777954456,
-        "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
+        "lastModified": 1769461804,
+        "narHash": "sha256-6h5sROT/3CTHvzPy9koKBmoCa2eJKh4fzQK8eYFEgl8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
+        "rev": "b579d443b37c9c5373044201ea77604e37e748c8",
        "type": "github"
      },
      "original": {
@@ -15,27 +15,9 @@
        "type": "indirect"
      }
    },
-    "nixpkgs-glibc231": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1593520194,
-        "narHash": "sha256-+TZW+2I7kLL9JglPNOagm1ywjf9ua0JYGoptq/dzVn0=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "9cd98386a38891d1074fc18036b842dc4416f562",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "9cd98386a38891d1074fc18036b842dc4416f562",
-        "type": "github"
-      }
-    },
    "root": {
      "inputs": {
-        "nixpkgs": "nixpkgs",
-        "nixpkgs-glibc231": "nixpkgs-glibc231"
+        "nixpkgs": "nixpkgs"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@@ -2,24 +2,15 @@
  description = "Nix related things for xrpld";
  inputs = {
    nixpkgs.url = "nixpkgs/nixos-unstable";
-    # nixpkgs snapshot (2020-06-30) that shipped glibc 2.31 as the primary
-    # version — matches the system libc on Ubuntu 20.04 LTS. Imported
-    # manually (flake = false) because this revision predates nixpkgs'
-    # own flake.nix.
-    nixpkgs-glibc231 = {
-      url = "github:NixOS/nixpkgs/9cd98386a38891d1074fc18036b842dc4416f562";
-      flake = false;
-    };
  };

  outputs =
-    { nixpkgs, nixpkgs-glibc231, ... }:
+    { nixpkgs, ... }:
    let
-      forEachSystem = import ./nix/utils.nix { inherit nixpkgs nixpkgs-glibc231; };
+      forEachSystem = (import ./nix/utils.nix { inherit nixpkgs; }).forEachSystem;
    in
    {
      devShells = forEachSystem (import ./nix/devshell.nix);
-      packages = forEachSystem (import ./nix/ci-env.nix);
      formatter = forEachSystem ({ pkgs, ... }: pkgs.nixfmt);
    };
 }
--- a/include/xrpl/basics/Expected.h
+++ b/include/xrpl/basics/Expected.h
@@ -148,23 +148,17 @@ public:
    }

    [[nodiscard]] constexpr E const&
-    error() const&
+    error() const
    {
        return Base::error();
    }

-    [[nodiscard]] constexpr E&
-    error() &
+    constexpr E&
+    error()
    {
        return Base::error();
    }

-    [[nodiscard]] constexpr E&&
-    error() &&
-    {
-        return std::move(Base::error());
-    }
-
    constexpr explicit
    operator bool() const
    {
@@ -221,23 +215,17 @@ public:
    }

    [[nodiscard]] constexpr E const&
-    error() const&
+    error() const
    {
        return Base::error();
    }

-    [[nodiscard]] constexpr E&
-    error() &
+    constexpr E&
+    error()
    {
        return Base::error();
    }

-    [[nodiscard]] constexpr E&&
-    error() &&
-    {
-        return std::move(Base::error());
-    }
-
    constexpr explicit
    operator bool() const
    {
--- a/include/xrpl/basics/Log.h
+++ b/include/xrpl/basics/Log.h
@@ -10,11 +10,24 @@
 #include <map>
 #include <memory>
 #include <mutex>
-#include <optional>
 #include <utility>

 namespace xrpl {

+// DEPRECATED use beast::severities::Severity instead
+// NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+enum LogSeverity {
+    LSInvalid = -1,  // used to indicate an invalid severity
+    LSTrace = 0,     // Very low-level progress information, details inside
+                     // an operation
+    LSDebug = 1,     // Function-level progress information, operations
+    LSInfo = 2,      // Server-level progress information, major operations
+    LSWarning = 3,   // Conditions that warrant human attention, may indicate
+                     // a problem
+    LSError = 4,     // A condition that indicates a problem
+    LSFatal = 5      // A severe condition that indicates a server problem
+};
+
 /** Manages partitions for logging. */
 class Logs
 {
@@ -26,17 +39,17 @@ private:
        std::string partition_;

    public:
-        Sink(std::string partition, beast::Severity thresh, Logs& logs);
+        Sink(std::string partition, beast::severities::Severity thresh, Logs& logs);

        Sink(Sink const&) = delete;
        Sink&
        operator=(Sink const&) = delete;

        void
-        write(beast::Severity level, std::string const& text) override;
+        write(beast::severities::Severity level, std::string const& text) override;

        void
-        writeAlways(beast::Severity level, std::string const& text) override;
+        writeAlways(beast::severities::Severity level, std::string const& text) override;
    };

    /** Manages a system file containing logged output.
@@ -123,12 +136,12 @@ private:

    std::mutex mutable mutex_;
    std::map<std::string, std::unique_ptr<beast::Journal::Sink>, boost::beast::iless> sinks_;
-    beast::Severity thresh_;
+    beast::severities::Severity thresh_;
    File file_;
    bool silent_ = false;

 public:
-    Logs(beast::Severity level);
+    Logs(beast::severities::Severity level);

    Logs(Logs const&) = delete;
    Logs&
@@ -148,18 +161,18 @@ public:
    beast::Journal
    journal(std::string const& name);

-    beast::Severity
+    beast::severities::Severity
    threshold() const;

    void
-    threshold(beast::Severity thresh);
+    threshold(beast::severities::Severity thresh);

    std::vector<std::pair<std::string, std::string>>
    partitionSeverities() const;

    void
    write(
-        beast::Severity level,
+        beast::severities::Severity level,
        std::string const& partition,
        std::string const& text,
        bool console);
@@ -179,25 +192,36 @@ public:
    }

    virtual std::unique_ptr<beast::Journal::Sink>
-    makeSink(std::string const& partition, beast::Severity startingLevel);
+    makeSink(std::string const& partition, beast::severities::Severity startingLevel);

 public:
-    static std::string
-    toString(beast::Severity s);
+    static LogSeverity
+    fromSeverity(beast::severities::Severity level);

-    static std::optional<beast::Severity>
+    static beast::severities::Severity
+    toSeverity(LogSeverity level);
+
+    static std::string
+    toString(LogSeverity s);
+
+    static LogSeverity
    fromString(std::string const& s);

 private:
-    // Maximum line length for log messages.
-    // If the message exceeds this length it will be truncated with ellipses.
-    static constexpr auto kMAXIMUM_MESSAGE_CHARACTERS = 12 * 1024;
+    // Need to be named before converting
+    // NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+    enum {
+        // Maximum line length for log messages.
+        // If the message exceeds this length it will be truncated with
+        // ellipses.
+        MaximumMessageCharacters = 12 * 1024
+    };

    static void
    format(
        std::string& output,
        std::string const& message,
-        beast::Severity severity,
+        beast::severities::Severity severity,
        std::string const& partition);
 };

--- a/include/xrpl/basics/SHAMapHash.h
+++ b/include/xrpl/basics/SHAMapHash.h
@@ -21,12 +21,12 @@ public:
    }

    [[nodiscard]] uint256 const&
-    asUInt256() const
+    asUint256() const
    {
        return hash_;
    }
    uint256&
-    asUInt256()
+    asUint256()
    {
        return hash_;
    }
@@ -93,7 +93,7 @@ template <>
 inline std::size_t
 extract(SHAMapHash const& key)
 {
-    return *reinterpret_cast<std::size_t const*>(key.asUInt256().data());
+    return *reinterpret_cast<std::size_t const*>(key.asUint256().data());
 }

 }  // namespace xrpl
--- a/include/xrpl/basics/StringUtilities.h
+++ b/include/xrpl/basics/StringUtilities.h
@@ -7,11 +7,9 @@
 #include <boost/utility/string_view.hpp>

 #include <array>
-#include <concepts>
 #include <cstdint>
 #include <optional>
 #include <string>
-#include <type_traits>

 namespace xrpl {

@@ -28,39 +26,28 @@ namespace xrpl {
 std::string
 sqlBlobLiteral(Blob const& blob);

-namespace detail {
-
-template <typename T>
-concept SomeChar = std::same_as<std::remove_cvref_t<T>, int8_t> ||
-    std::same_as<std::remove_cvref_t<T>, char> || std::same_as<std::remove_cvref_t<T>, uint8_t>;
-
-inline constexpr std::array<std::optional<int>, 256> const kDIGIT_LOOKUP_TABLE = []() {
-    std::array<std::optional<int>, 256> t{};
-
-    for (int i = 0; i < 10; ++i)
-        t['0' + i] = i;
-
-    for (int i = 0; i < 6; ++i)
-    {
-        t['A' + i] = 10 + i;
-        t['a' + i] = 10 + i;
-    }
-
-    return t;
-}();
-
-inline std::optional<int>
-hexCharToInt(SomeChar auto hexChar)
-{
-    return kDIGIT_LOOKUP_TABLE[static_cast<uint8_t>(hexChar)];
-}
-
-}  // namespace detail
-
 template <class Iterator>
 std::optional<Blob>
 strUnHex(std::size_t strSize, Iterator begin, Iterator end)
 {
+    static constexpr std::array<int, 256> const kDIGIT_LOOKUP_TABLE = []() {
+        std::array<int, 256> t{};
+
+        for (auto& x : t)
+            x = -1;
+
+        for (int i = 0; i < 10; ++i)
+            t['0' + i] = i;
+
+        for (int i = 0; i < 6; ++i)
+        {
+            t['A' + i] = 10 + i;
+            t['a' + i] = 10 + i;
+        }
+
+        return t;
+    }();
+
    Blob out;

    out.reserve((strSize + 1) / 2);
@@ -69,26 +56,27 @@ strUnHex(std::size_t strSize, Iterator begin, Iterator end)

    if (strSize & 1)
    {
-        auto const c = detail::hexCharToInt(*iter++);
-        if (!c.has_value())
+        int c = kDIGIT_LOOKUP_TABLE[*iter++];
+
+        if (c < 0)
            return {};

-        out.push_back(static_cast<unsigned char>(*c));
+        out.push_back(c);
    }

    while (iter != end)
    {
-        auto const cHigh = detail::hexCharToInt(*iter++);
+        int const cHigh = kDIGIT_LOOKUP_TABLE[*iter++];

-        if (!cHigh.has_value())
+        if (cHigh < 0)
            return {};

-        auto const cLow = detail::hexCharToInt(*iter++);
+        int const cLow = kDIGIT_LOOKUP_TABLE[*iter++];

-        if (!cLow.has_value())
+        if (cLow < 0)
            return {};

-        out.push_back(static_cast<unsigned char>((*cHigh << 4) | *cLow));
+        out.push_back(static_cast<unsigned char>((cHigh << 4) | cLow));
    }

    return {std::move(out)};
@@ -132,7 +120,7 @@ std::string
 trimWhitespace(std::string str);

 std::optional<std::uint64_t>
-toUInt64(std::string const& s);
+toUint64(std::string const& s);

 /** Determines if the given string looks like a TOML-file hosting domain.

--- a/include/xrpl/basics/base_uint.h
+++ b/include/xrpl/basics/base_uint.h
@@ -46,11 +46,6 @@ struct IsContiguousContainer<Slice> : std::true_type
 {
 };

-template <typename...>
-struct AlwaysFalseT : std::bool_constant<false>
-{
-};
-
 }  // namespace detail

 /** Integers of any length that is a multiple of 32-bits
@@ -67,7 +62,7 @@ struct AlwaysFalseT : std::bool_constant<false>
                      number of bits.
 */
 template <std::size_t Bits, class Tag = void>
-class BaseUInt
+class BaseUint
 {
    static_assert((Bits % 32) == 0, "The length of a base_uint in bits must be a multiple of 32.");

@@ -165,7 +160,7 @@ private:
        explicit VoidHelper() = default;
    };

-    explicit BaseUInt(void const* data, VoidHelper)
+    explicit BaseUint(void const* data, VoidHelper)
    {
        memcpy(data_.data(), data, kBYTES);
    }
@@ -249,15 +244,15 @@ private:
    }

 public:
-    constexpr BaseUInt() : data_{}
+    constexpr BaseUint() : data_{}
    {
    }

-    constexpr BaseUInt(beast::Zero) : data_{}
+    constexpr BaseUint(beast::Zero) : data_{}
    {
    }

-    explicit BaseUInt(std::uint64_t b)
+    explicit BaseUint(std::uint64_t b)
    {
        *this = b;
    }
@@ -265,7 +260,7 @@ public:
    // This constructor is intended to be used at compile time since it might
    // throw at runtime.  Consider declaring this constructor consteval once
    // we get to C++23.
-    explicit constexpr BaseUInt(std::string_view sv) noexcept(false)
+    explicit constexpr BaseUint(std::string_view sv) noexcept(false)
        : data_(parseFromStringViewThrows(sv))
    {
    }
@@ -275,42 +270,24 @@ public:
        class = std::enable_if_t<
            detail::IsContiguousContainer<Container>::value &&
            std::is_trivially_copyable_v<typename Container::value_type>>>
-    explicit BaseUInt(Container const& c)
+    explicit BaseUint(Container const& c)
    {
-        // Use AlwaysFalseT so the static_assert condition is dependent
-        // and only triggers when this constructor template is instantiated.
-        static_assert(
-            detail::AlwaysFalseT<Container>::value,
-            "This constructor is not intended to be used and will be soon removed. "
-            "Use base_uint::fromRaw instead.");
-    }
-
-    template <
-        class Container,
-        class = std::enable_if_t<
-            detail::IsContiguousContainer<Container>::value &&
-            std::is_trivially_copyable_v<typename Container::value_type>>>
-    static BaseUInt
-    fromRaw(Container const& c)
-    {
-        BaseUInt result;
        XRPL_ASSERT(
            c.size() * sizeof(typename Container::value_type) == size(),
-            "xrpl::BaseUInt::fromRaw(Container auto) : input size match");
-        std::memcpy(result.data_.data(), c.data(), size());
-        return result;
+            "xrpl::base_uint::base_uint(Container auto) : input size match");
+        std::memcpy(data_.data(), c.data(), size());
    }

    template <class Container>
    std::enable_if_t<
        detail::IsContiguousContainer<Container>::value &&
            std::is_trivially_copyable_v<typename Container::value_type>,
-        BaseUInt&>
+        BaseUint&>
    operator=(Container const& c)
    {
        XRPL_ASSERT(
            c.size() * sizeof(typename Container::value_type) == size(),
-            "xrpl::BaseUInt::operator=(Container auto) : input size match");
+            "xrpl::base_uint::operator=(Container auto) : input size match");
        std::memcpy(data_.data(), c.data(), size());
        return *this;
    }
@@ -318,14 +295,14 @@ public:
    /* Construct from a raw pointer.
        The buffer pointed to by `data` must be at least Bits/8 bytes.
    */
-    static BaseUInt
+    static BaseUint
    fromVoid(void const* data)
    {
-        return BaseUInt(data, VoidHelper());
+        return BaseUint(data, VoidHelper());
    }

    template <class T>
-    static std::optional<BaseUInt>
+    static std::optional<BaseUint>
    fromVoidChecked(T const& from)
    {
        if (from.size() != size())
@@ -351,10 +328,10 @@ public:
        return *this == beast::kZERO;
    }

-    constexpr BaseUInt
+    constexpr BaseUint
    operator~() const
    {
-        BaseUInt ret;
+        BaseUint ret;

        for (int i = 0; i < kWIDTH; i++)
            ret.data_[i] = ~data_[i];
@@ -362,7 +339,7 @@ public:
        return ret;
    }

-    BaseUInt&
+    BaseUint&
    operator=(std::uint64_t uHost)
    {
        *this = beast::kZERO;
@@ -380,8 +357,8 @@ public:
        return *this;
    }

-    BaseUInt&
-    operator^=(BaseUInt const& b)
+    BaseUint&
+    operator^=(BaseUint const& b)
    {
        for (int i = 0; i < kWIDTH; i++)
            data_[i] ^= b.data_[i];
@@ -389,8 +366,8 @@ public:
        return *this;
    }

-    BaseUInt&
-    operator&=(BaseUInt const& b)
+    BaseUint&
+    operator&=(BaseUint const& b)
    {
        for (int i = 0; i < kWIDTH; i++)
            data_[i] &= b.data_[i];
@@ -398,8 +375,8 @@ public:
        return *this;
    }

-    BaseUInt&
-    operator|=(BaseUInt const& b)
+    BaseUint&
+    operator|=(BaseUint const& b)
    {
        for (int i = 0; i < kWIDTH; i++)
            data_[i] |= b.data_[i];
@@ -407,7 +384,7 @@ public:
        return *this;
    }

-    BaseUInt&
+    BaseUint&
    operator++()
    {
        // prefix operator
@@ -421,17 +398,17 @@ public:
        return *this;
    }

-    BaseUInt
+    BaseUint
    operator++(int)
    {
        // postfix operator
-        BaseUInt const ret = *this;
+        BaseUint const ret = *this;
        ++(*this);

        return ret;
    }

-    BaseUInt&
+    BaseUint&
    operator--()
    {
        for (int i = kWIDTH - 1; i >= 0; --i)
@@ -446,32 +423,32 @@ public:
        return *this;
    }

-    BaseUInt
+    BaseUint
    operator--(int)
    {
        // postfix operator
-        BaseUInt const ret = *this;
+        BaseUint const ret = *this;
        --(*this);

        return ret;
    }

-    [[nodiscard]] BaseUInt
+    [[nodiscard]] BaseUint
    next() const
    {
        auto ret = *this;
        return ++ret;
    }

-    [[nodiscard]] BaseUInt
+    [[nodiscard]] BaseUint
    prev() const
    {
        auto ret = *this;
        return --ret;
    }

-    BaseUInt&
-    operator+=(BaseUInt const& b)
+    BaseUint&
+    operator+=(BaseUint const& b)
    {
        std::uint64_t carry = 0;

@@ -489,7 +466,7 @@ public:

    template <class Hasher>
    friend void
-    hash_append(Hasher& h, BaseUInt const& a) noexcept
+    hash_append(Hasher& h, BaseUint const& a) noexcept
    {
        // Do not allow any endian transformations on this memory
        h(a.data_.data(), sizeof(a.data_));
@@ -532,7 +509,7 @@ public:
        return kBYTES;
    }

-    BaseUInt<Bits, Tag>&
+    BaseUint<Bits, Tag>&
    operator=(beast::Zero)
    {
        data_.fill(0);
@@ -557,14 +534,14 @@ public:
    }
 };

-using uint128 = BaseUInt<128>;
-using uint160 = BaseUInt<160>;
-using uint256 = BaseUInt<256>;
-using uint192 = BaseUInt<192>;
+using uint128 = BaseUint<128>;
+using uint160 = BaseUint<160>;
+using uint256 = BaseUint<256>;
+using uint192 = BaseUint<192>;

 template <std::size_t Bits, class Tag>
 [[nodiscard]] constexpr std::strong_ordering
-operator<=>(BaseUInt<Bits, Tag> const& lhs, BaseUInt<Bits, Tag> const& rhs)
+operator<=>(BaseUint<Bits, Tag> const& lhs, BaseUint<Bits, Tag> const& rhs)
 {
    // This comparison might seem wrong on a casual inspection because it
    // compares data internally stored as std::uint32_t byte-by-byte. But
@@ -585,7 +562,7 @@ operator<=>(BaseUInt<Bits, Tag> const& lhs, BaseUInt<Bits, Tag> const& rhs)

 template <std::size_t Bits, typename Tag>
 [[nodiscard]] constexpr bool
-operator==(BaseUInt<Bits, Tag> const& lhs, BaseUInt<Bits, Tag> const& rhs)
+operator==(BaseUint<Bits, Tag> const& lhs, BaseUint<Bits, Tag> const& rhs)
 {
    return (lhs <=> rhs) == 0;
 }
@@ -593,59 +570,59 @@ operator==(BaseUInt<Bits, Tag> const& lhs, BaseUInt<Bits, Tag> const& rhs)
 //------------------------------------------------------------------------------
 template <std::size_t Bits, class Tag>
 constexpr bool
-operator==(BaseUInt<Bits, Tag> const& a, std::uint64_t b)
+operator==(BaseUint<Bits, Tag> const& a, std::uint64_t b)
 {
-    return a == BaseUInt<Bits, Tag>(b);
+    return a == BaseUint<Bits, Tag>(b);
 }

 //------------------------------------------------------------------------------
 template <std::size_t Bits, class Tag>
-constexpr BaseUInt<Bits, Tag>
-operator^(BaseUInt<Bits, Tag> const& a, BaseUInt<Bits, Tag> const& b)
+constexpr BaseUint<Bits, Tag>
+operator^(BaseUint<Bits, Tag> const& a, BaseUint<Bits, Tag> const& b)
 {
-    return BaseUInt<Bits, Tag>(a) ^= b;
+    return BaseUint<Bits, Tag>(a) ^= b;
 }

 template <std::size_t Bits, class Tag>
-constexpr BaseUInt<Bits, Tag>
-operator&(BaseUInt<Bits, Tag> const& a, BaseUInt<Bits, Tag> const& b)
+constexpr BaseUint<Bits, Tag>
+operator&(BaseUint<Bits, Tag> const& a, BaseUint<Bits, Tag> const& b)
 {
-    return BaseUInt<Bits, Tag>(a) &= b;
+    return BaseUint<Bits, Tag>(a) &= b;
 }

 template <std::size_t Bits, class Tag>
-constexpr BaseUInt<Bits, Tag>
-operator|(BaseUInt<Bits, Tag> const& a, BaseUInt<Bits, Tag> const& b)
+constexpr BaseUint<Bits, Tag>
+operator|(BaseUint<Bits, Tag> const& a, BaseUint<Bits, Tag> const& b)
 {
-    return BaseUInt<Bits, Tag>(a) |= b;
+    return BaseUint<Bits, Tag>(a) |= b;
 }

 template <std::size_t Bits, class Tag>
-constexpr BaseUInt<Bits, Tag>
-operator+(BaseUInt<Bits, Tag> const& a, BaseUInt<Bits, Tag> const& b)
+constexpr BaseUint<Bits, Tag>
+operator+(BaseUint<Bits, Tag> const& a, BaseUint<Bits, Tag> const& b)
 {
-    return BaseUInt<Bits, Tag>(a) += b;
+    return BaseUint<Bits, Tag>(a) += b;
 }

 //------------------------------------------------------------------------------
 template <std::size_t Bits, class Tag>
 inline std::string
-to_string(BaseUInt<Bits, Tag> const& a)
+to_string(BaseUint<Bits, Tag> const& a)
 {
    return strHex(a.cbegin(), a.cend());
 }

 template <std::size_t Bits, class Tag>
 inline std::string
-toShortString(BaseUInt<Bits, Tag> const& a)
+toShortString(BaseUint<Bits, Tag> const& a)
 {
-    static_assert(BaseUInt<Bits, Tag>::kBYTES > 4, "For 4 bytes or less, use a native type");
+    static_assert(BaseUint<Bits, Tag>::kBYTES > 4, "For 4 bytes or less, use a native type");
    return strHex(a.cbegin(), a.cbegin() + 4) + "...";
 }

 template <std::size_t Bits, class Tag>
 inline std::ostream&
-operator<<(std::ostream& out, BaseUInt<Bits, Tag> const& u)
+operator<<(std::ostream& out, BaseUint<Bits, Tag> const& u)
 {
    return out << to_string(u);
 }
@@ -673,7 +650,7 @@ static_assert(sizeof(uint256) == 256 / 8, "There should be no padding bytes");
 namespace beast {

 template <std::size_t Bits, class Tag>
-struct IsUniquelyRepresented<xrpl::BaseUInt<Bits, Tag>> : public std::true_type
+struct IsUniquelyRepresented<xrpl::BaseUint<Bits, Tag>> : public std::true_type
 {
    explicit IsUniquelyRepresented() = default;
 };
--- a/include/xrpl/basics/partitioned_unordered_map.h
+++ b/include/xrpl/basics/partitioned_unordered_map.h
@@ -236,7 +236,7 @@ public:
        map_.resize(partitions_);
        XRPL_ASSERT(
            partitions_,
-            "xrpl::PartitionedUnorderedMap::PartitionedUnorderedMap : "
+            "xrpl::partitioned_unordered_map::partitioned_unordered_map : "
            "nonzero partitions");
    }

--- a/include/xrpl/basics/random.h
+++ b/include/xrpl/basics/random.h
@@ -94,7 +94,7 @@ template <class Engine, class Integral>
 std::enable_if_t<std::is_integral_v<Integral> && detail::is_engine<Engine>::value, Integral>
 randInt(Engine& engine, Integral min, Integral max)
 {
-    XRPL_ASSERT(max > min, "xrpl::randInt : max over min inputs");
+    XRPL_ASSERT(max > min, "xrpl::rand_int : max over min inputs");

    // This should have no state and constructing it should
    // be very cheap. If that turns out not to be the case
--- a/include/xrpl/basics/safe_cast.h
+++ b/include/xrpl/basics/safe_cast.h
@@ -81,7 +81,7 @@ safeDowncast(Src* s) noexcept
    return static_cast<Dest>(s);  // NOLINT(cppcoreguidelines-pro-type-static-cast-downcast)
 #else
    auto* result = dynamic_cast<Dest>(s);
-    XRPL_ASSERT(result != nullptr, "xrpl::safeDowncast : pointer downcast is valid");
+    XRPL_ASSERT(result != nullptr, "xrpl::safe_downcast : pointer downcast is valid");
    return result;
 #endif
 }
@@ -94,7 +94,7 @@ safeDowncast(Src& s) noexcept
 #ifndef NDEBUG
    XRPL_ASSERT(
        dynamic_cast<std::add_pointer_t<std::remove_reference_t<Dest>>>(&s) != nullptr,
-        "xrpl::safeDowncast : reference downcast is valid");
+        "xrpl::safe_downcast : reference downcast is valid");
 #endif
    return static_cast<Dest>(s);  // NOLINT(cppcoreguidelines-pro-type-static-cast-downcast)
 }
--- a/include/xrpl/basics/scope.h
+++ b/include/xrpl/basics/scope.h
@@ -205,7 +205,7 @@ class ScopeUnlock
 public:
    explicit ScopeUnlock(std::unique_lock<Mutex>& lock) noexcept(true) : plock_(&lock)
    {
-        XRPL_ASSERT(plock_->owns_lock(), "xrpl::ScopeUnlock::ScopeUnlock : mutex must be locked");
+        XRPL_ASSERT(plock_->owns_lock(), "xrpl::scope_unlock::scope_unlock : mutex must be locked");
        plock_->unlock();
    }

--- a/include/xrpl/basics/spinlock.h
+++ b/include/xrpl/basics/spinlock.h
@@ -103,7 +103,7 @@ public:
    {
        XRPL_ASSERT(
            index >= 0 && (mask_ != 0),
-            "xrpl::PackedSpinlock::PackedSpinlock : valid index and mask");
+            "xrpl::packed_spinlock::packed_spinlock : valid index and mask");
    }

    [[nodiscard]] bool
--- a/include/xrpl/beast/asio/io_latency_probe.h
+++ b/include/xrpl/beast/asio/io_latency_probe.h
@@ -15,7 +15,7 @@ namespace beast {

 /** Measures handler latency on an io_context queue. */
 template <class Clock>
-class IOLatencyProbe
+class IoLatencyProbe
 {
 private:
    using duration = typename Clock::duration;
@@ -30,12 +30,12 @@ private:
    bool cancel_{false};

 public:
-    IOLatencyProbe(duration const& period, boost::asio::io_context& ios)
+    IoLatencyProbe(duration const& period, boost::asio::io_context& ios)
        : period_(period), ios_(ios), timer_(ios_)
    {
    }

-    ~IOLatencyProbe()
+    ~IoLatencyProbe()
    {
        std::unique_lock<decltype(mutex_)> lock(mutex_);
        cancel(lock, true);
@@ -85,7 +85,7 @@ public:
    {
        std::scoped_lock const lock(mutex_);
        if (cancel_)
-            throw std::logic_error("IOLatencyProbe is canceled");
+            throw std::logic_error("io_latency_probe is canceled");
        boost::asio::post(
            ios_, SampleOp<Handler>(std::forward<Handler>(handler), Clock::now(), false, this));
    }
@@ -100,7 +100,7 @@ public:
    {
        std::scoped_lock const lock(mutex_);
        if (cancel_)
-            throw std::logic_error("IOLatencyProbe is canceled");
+            throw std::logic_error("io_latency_probe is canceled");
        boost::asio::post(
            ios_, SampleOp<Handler>(std::forward<Handler>(handler), Clock::now(), true, this));
    }
@@ -140,18 +140,18 @@ private:
        Handler handler;
        time_point start;
        bool repeat;
-        IOLatencyProbe* probe;
+        IoLatencyProbe* probe;

        SampleOp(
            Handler const& handler,
            time_point const& start,
            bool repeat,
-            IOLatencyProbe* probe)
+            IoLatencyProbe* probe)
            : handler(handler), start(start), repeat(repeat), probe(probe)
        {
            XRPL_ASSERT(
                probe,
-                "beast::IOLatencyProbe::SampleOp::SampleOp : non-null "
+                "beast::io_latency_probe::sample_op::sample_op : non-null "
                "probe input");
            probe->addref();
        }
@@ -164,7 +164,7 @@ private:
        {
            XRPL_ASSERT(
                probe,
-                "beast::IOLatencyProbe::SampleOp::SampleOp(SampleOp&&) : "
+                "beast::io_latency_probe::sample_op::sample_op(sample_op&&) : "
                "non-null probe input");
            from.probe = nullptr;
        }
--- a/include/xrpl/beast/container/detail/aged_unordered_container.h
+++ b/include/xrpl/beast/container/detail/aged_unordered_container.h
@@ -1370,7 +1370,7 @@ private:
            buck_.resize(size() + additional, cont_);
        XRPL_ASSERT(
            loadFactor() <= maxLoadFactor(),
-            "beast::detail::AgedUnorderedContainer::maybeRehash : maximum "
+            "beast::detail::AgedUnorderedContainer::maybe_rehash : maximum "
            "load factor");
    }

--- a/include/xrpl/beast/unit_test/reporter.h
+++ b/include/xrpl/beast/unit_test/reporter.h
@@ -62,7 +62,9 @@ private:
    {
        using run_time = std::pair<std::string, typename clock_type::duration>;

-        static constexpr auto kMAX_TOP = 10;
+        // Need to be named before converting
+        // NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+        enum { MaxTop = 10 };

        std::size_t suites = 0;
        std::size_t cases = 0;
@@ -146,11 +148,11 @@ Reporter<Unused>::Results::add(SuiteResults const& r)
            });
        if (iter != top.end())
        {
-            if (top.size() == kMAX_TOP)
+            if (top.size() == MaxTop)
                top.resize(top.size() - 1);
            top.emplace(iter, r.name, elapsed);
        }
-        else if (top.size() < kMAX_TOP)
+        else if (top.size() < MaxTop)
        {
            top.emplace_back(r.name, elapsed);
        }
--- a/include/xrpl/beast/utility/Journal.h
+++ b/include/xrpl/beast/utility/Journal.h
@@ -2,25 +2,29 @@

 #include <xrpl/beast/utility/instrumentation.h>

-#include <cstdint>
 #include <sstream>

 namespace beast {

+/** A namespace for easy access to logging severity values. */
+namespace severities {
 /** Severity level / threshold of a Journal message. */
-enum class Severity : std::uint8_t {
-    All = 0,
+// Hundreds of usages via logging macros
+// NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+enum Severity {
+    KAll = 0,

-    Trace = All,
-    Debug = 1,
-    Info = 2,
-    Warning = 3,
-    Error = 4,
-    Fatal = 5,
+    KTrace = KAll,
+    KDebug = 1,
+    KInfo = 2,
+    KWarning = 3,
+    KError = 4,
+    KFatal = 5,

-    Disabled = 6,
-    None = Disabled
+    KDisabled = 6,
+    KNone = KDisabled
 };
+}  // namespace severities

 /** A generic endpoint for log messages.

@@ -40,6 +44,9 @@ public:
    class Sink;

 private:
+    // Severity level / threshold of a Journal message.
+    using Severity = severities::Severity;
+
    // Invariant: sink_ always points to a valid Sink
    Sink* sink_;

@@ -176,7 +183,7 @@ public:
    {
    public:
        /** Create a stream which produces no output. */
-        explicit Stream() : sink_(getNullSink()), level_(Severity::Disabled)
+        explicit Stream() : sink_(getNullSink()), level_(severities::KDisabled)
        {
        }

@@ -187,7 +194,7 @@ public:
        Stream(Sink& sink, Severity level) : sink_(sink), level_(level)
        {
            XRPL_ASSERT(
-                level_ < Severity::Disabled, "beast::Journal::Stream::Stream : maximum level");
+                level_ < severities::KDisabled, "beast::Journal::Stream::Stream : maximum level");
        }

        /** Construct or copy another Stream. */
@@ -290,37 +297,37 @@ public:
    [[nodiscard]] Stream
    trace() const
    {
-        return {*sink_, Severity::Trace};
+        return {*sink_, severities::KTrace};
    }

    [[nodiscard]] Stream
    debug() const
    {
-        return {*sink_, Severity::Debug};
+        return {*sink_, severities::KDebug};
    }

    [[nodiscard]] Stream
    info() const
    {
-        return {*sink_, Severity::Info};
+        return {*sink_, severities::KInfo};
    }

    [[nodiscard]] Stream
    warn() const
    {
-        return {*sink_, Severity::Warning};
+        return {*sink_, severities::KWarning};
    }

    [[nodiscard]] Stream
    error() const
    {
-        return {*sink_, Severity::Error};
+        return {*sink_, severities::KError};
    }

    [[nodiscard]] Stream
    fatal() const
    {
-        return {*sink_, Severity::Fatal};
+        return {*sink_, severities::KFatal};
    }
    /** @} */
 };
--- a/include/xrpl/beast/utility/WrappedSink.h
+++ b/include/xrpl/beast/utility/WrappedSink.h
@@ -36,7 +36,7 @@ public:
    }

    [[nodiscard]] bool
-    active(beast::Severity level) const override
+    active(beast::severities::Severity level) const override
    {
        return sink_.active(level);
    }
@@ -53,27 +53,27 @@ public:
        sink_.console(output);
    }

-    [[nodiscard]] beast::Severity
+    [[nodiscard]] beast::severities::Severity
    threshold() const override
    {
        return sink_.threshold();
    }

    void
-    threshold(beast::Severity thresh) override
+    threshold(beast::severities::Severity thresh) override
    {
        sink_.threshold(thresh);
    }

    void
-    write(beast::Severity level, std::string const& text) override
+    write(beast::severities::Severity level, std::string const& text) override
    {
        using beast::Journal;
        sink_.write(level, prefix_ + text);
    }

    void
-    writeAlways(Severity level, std::string const& text) override
+    writeAlways(severities::Severity level, std::string const& text) override
    {
        using beast::Journal;
        sink_.writeAlways(level, prefix_ + text);
--- a/include/xrpl/json/JsonPropertyStream.h
+++ b/include/xrpl/json/JsonPropertyStream.h
@@ -5,7 +5,7 @@

 namespace xrpl {

-/** A PropertyStream::Sink which produces a json::Value of type ValueType::Object. */
+/** A PropertyStream::Sink which produces a json::Value of type objectValue. */
 class JsonPropertyStream : public beast::PropertyStream
 {
 public:
--- a/include/xrpl/json/json_reader.h
+++ b/include/xrpl/json/json_reader.h
@@ -70,22 +70,24 @@ public:
    static constexpr unsigned kNEST_LIMIT{25};

 private:
-    enum class TokenType {
-        EndOfStream = 0,
-        ObjectBegin,
-        ObjectEnd,
-        ArrayBegin,
-        ArrayEnd,
-        String,
-        Integer,
-        Double,
-        True,
-        False,
-        Null,
-        ArraySeparator,
-        MemberSeparator,
-        Comment,
-        Error
+    // 53 files, protocol-wide
+    // NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+    enum TokenType {
+        TokenEndOfStream = 0,
+        TokenObjectBegin,
+        TokenObjectEnd,
+        TokenArrayBegin,
+        TokenArrayEnd,
+        TokenString,
+        TokenInteger,
+        TokenDouble,
+        TokenTrue,
+        TokenFalse,
+        TokenNull,
+        TokenArraySeparator,
+        TokenMemberSeparator,
+        TokenComment,
+        TokenError
    };

    class Token
--- a/include/xrpl/json/json_value.h
+++ b/include/xrpl/json/json_value.h
@@ -15,20 +15,22 @@ namespace json {

 /** \brief Type of the value held by a Value object.
 */
-enum class ValueType {
-    Null = 0,  ///< 'null' value
-    Int,       ///< signed integer value
-    UInt,      ///< unsigned integer value
-    Real,      ///< double value
-    String,    ///< UTF-8 string value
-    Boolean,   ///< bool value
-    Array,     ///< array value (ordered list)
-    Object     ///< object value (collection of name/value pairs).
+// Used throughout JSON layer
+// NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+enum ValueType {
+    NullValue = 0,  ///< 'null' value
+    IntValue,       ///< signed integer value
+    UintValue,      ///< unsigned integer value
+    RealValue,      ///< double value
+    StringValue,    ///< UTF-8 string value
+    BooleanValue,   ///< bool value
+    ArrayValue,     ///< array value (ordered list)
+    ObjectValue     ///< object value (collection of name/value pairs).
 };

 /** \brief Lightweight wrapper to tag static string.
 *
- * Value constructor and ValueType::Object member assignment takes advantage of the
+ * Value constructor and objectValue member assignment takes advantage of the
 * StaticString and avoid the cost of string duplication when storing the
 * string or the member name.
 *
@@ -102,8 +104,8 @@ operator!=(StaticString x, std::string const& y)
 /** \brief Represents a <a HREF="http://www.json.org">JSON</a> value.
 *
 * This class is a discriminated union wrapper that can represent a:
- * - signed integer [range: Value::kMIN_INT - Value::kMAX_INT]
- * - unsigned integer (range: 0 - Value::kMAX_UINT)
+ * - signed integer [range: Value::minInt - Value::maxInt]
+ * - unsigned integer (range: 0 - Value::maxUInt)
 * - double
 * - UTF-8 string
 * - boolean
@@ -114,16 +116,16 @@ operator!=(StaticString x, std::string const& y)
 * The type of the held value is represented by a #ValueType and
 * can be obtained using type().
 *
- * values of an ValueType::Object or ValueType::Array can be accessed using operator[]()
- * methods. Non const methods will automatically create the a ValueType::Null element
+ * values of an #objectValue or #arrayValue can be accessed using operator[]()
+ * methods. Non const methods will automatically create the a #nullValue element
 * if it does not exist.
- * The sequence of an ValueType::Array will be automatically resize and initialized
- * with ValueType::Null. resize() can be used to enlarge or truncate an ValueType::Array.
+ * The sequence of an #arrayValue will be automatically resize and initialized
+ * with #nullValue. resize() can be used to enlarge or truncate an #arrayValue.
 *
 * The get() methods can be used to obtain a default value in the case the
 * required element does not exist.
 *
- * It is possible to iterate over the list of a ValueType::Object values using
+ * It is possible to iterate over the list of a #objectValue values using
 * the getMemberNames() method.
 */
 class Value
@@ -141,13 +143,15 @@ public:
    static Value const kNULL;
    static constexpr Int kMIN_INT = std::numeric_limits<Int>::min();
    static constexpr Int kMAX_INT = std::numeric_limits<Int>::max();
-    static constexpr UInt kMAX_UINT = std::numeric_limits<UInt>::max();
+    static constexpr UInt kMAX_U_INT = std::numeric_limits<UInt>::max();

 private:
    class CZString
    {
    public:
-        enum class DuplicationPolicy { NoDuplication = 0, Duplicate, DuplicateOnCopy };
+        // Stored as int field, implicit conversion
+        // NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+        enum DuplicationPolicy { NoDuplication = 0, Duplicate, DuplicateOnCopy };

        CZString(int index);
        CZString(char const* cstr, DuplicationPolicy allocate);
@@ -178,19 +182,19 @@ public:
    /** \brief Create a default Value of the given type.

      This is a very useful constructor.
-      To create an empty array, pass ValueType::Array.
-      To create an empty object, pass ValueType::Object.
+      To create an empty array, pass arrayValue.
+      To create an empty object, pass objectValue.
      Another Value can then be set to this one by assignment.
    This is useful since clear() and resize() will not alter types.

           Examples:
    \code
    json::Value null_value; // null
-    json::Value arr_value(json::ValueType::Array); // []
-    json::Value obj_value(json::ValueType::Object); // {}
+    json::Value arr_value(json::arrayValue); // []
+    json::Value obj_value(json::objectValue); // {}
    \endcode
         */
-    Value(ValueType type = ValueType::Null);
+    Value(ValueType type = NullValue);
    Value(Int value);
    Value(UInt value);
    Value(double value);
@@ -286,7 +290,7 @@ public:
    operator bool() const;

    /// Remove all object members and array elements.
-    /// \pre type() is ValueType::Array, ValueType::Object, or ValueType::Null
+    /// \pre type() is arrayValue, objectValue, or nullValue
    /// \post type() is unchanged
    void
    clear();
@@ -363,7 +367,7 @@ public:
    ///
    /// Do nothing if it did not exist.
    /// \return the removed Value, or null.
-    /// \pre type() is ValueType::Object or ValueType::Null
+    /// \pre type() is objectValue or nullValue
    /// \post type() is unchanged
    Value
    removeMember(char const* key);
@@ -384,8 +388,8 @@ public:
    /// \brief Return a list of the member names.
    ///
    /// If null, return an empty list.
-    /// \pre type() is ValueType::Object or ValueType::Null
-    /// \post if type() was ValueType::Null, it remains ValueType::Null
+    /// \pre type() is objectValue or nullValue
+    /// \post if type() was nullValue, it remains nullValue
    [[nodiscard]] Members
    getMemberNames() const;

@@ -465,14 +469,16 @@ operator>=(Value const& x, Value const& y)
 * string value memory management done by Value.
 *
 * - makeMemberName() and releaseMemberName() are called to respectively
- * duplicate and free an json::ValueType::Object member name.
+ * duplicate and free an json::objectValue member name.
 * - duplicateStringValue() and releaseStringValue() are called similarly to
- *   duplicate and free a json::ValueType::String value.
+ *   duplicate and free a json::stringValue value.
 */
 class ValueAllocator
 {
 public:
-    static constexpr auto kUNKNOWN = (unsigned)-1;
+    // Need to be named before converting
+    // NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+    enum { Unknown = (unsigned)-1 };

    virtual ~ValueAllocator() = default;

@@ -481,7 +487,7 @@ public:
    virtual void
    releaseMemberName(char* memberName) = 0;
    virtual char*
-    duplicateStringValue(char const* value, unsigned int length = kUNKNOWN) = 0;
+    duplicateStringValue(char const* value, unsigned int length = Unknown) = 0;
    virtual void
    releaseStringValue(char* value) = 0;
 };
@@ -517,12 +523,12 @@ public:
    [[nodiscard]] Value
    key() const;

-    /// Return the index of the referenced Value. -1 if it is not an ValueType::Array.
+    /// Return the index of the referenced Value. -1 if it is not an arrayValue.
    [[nodiscard]] UInt
    index() const;

    /// Return the member name of the referenced Value. "" if it is not an
-    /// ValueType::Object.
+    /// objectValue.
    [[nodiscard]] char const*
    memberName() const;

--- a/include/xrpl/json/json_writer.h
+++ b/include/xrpl/json/json_writer.h
@@ -204,31 +204,31 @@ writeValue(Write const& write, Value const& value)
 {
    switch (value.type())
    {
-        case ValueType::Null:
+        case NullValue:
            write("null", 4);
            break;

-        case ValueType::Int:
+        case IntValue:
            writeString(write, valueToString(value.asInt()));
            break;

-        case ValueType::UInt:
+        case UintValue:
            writeString(write, valueToString(value.asUInt()));
            break;

-        case ValueType::Real:
+        case RealValue:
            writeString(write, valueToString(value.asDouble()));
            break;

-        case ValueType::String:
+        case StringValue:
            writeString(write, valueToQuotedString(value.asCString()));
            break;

-        case ValueType::Boolean:
+        case BooleanValue:
            writeString(write, valueToString(value.asBool()));
            break;

-        case ValueType::Array: {
+        case ArrayValue: {
            write("[", 1);
            int const size = value.size();
            for (int index = 0; index < size; ++index)
@@ -241,7 +241,7 @@ writeValue(Write const& write, Value const& value)
            break;
        }

-        case ValueType::Object: {
+        case ObjectValue: {
            Value::Members const members = value.getMemberNames();
            write("{", 1);
            for (auto it = members.begin(); it != members.end(); ++it)
--- a/include/xrpl/ledger/AmendmentTable.h
+++ b/include/xrpl/ledger/AmendmentTable.h
@@ -67,7 +67,7 @@ public:
    [[nodiscard]] virtual json::Value
    getJson(bool isAdmin) const = 0;

-    /** Returns a json::ValueType::Object. */
+    /** Returns a json::objectValue. */
    [[nodiscard]] virtual json::Value
    getJson(uint256 const& amendment, bool isAdmin) const = 0;

--- a/include/xrpl/ledger/helpers/CredentialHelpers.h
+++ b/include/xrpl/ledger/helpers/CredentialHelpers.h
@@ -19,10 +19,14 @@ namespace credentials {

 // Check if credential sfExpiration field has passed ledger's parentCloseTime
 bool
-checkExpired(SLE const& sleCredential, NetClock::time_point const& closed);
+checkExpired(std::shared_ptr<SLE const> const& sleCredential, NetClock::time_point const& closed);
+
+// Return true if any expired credential was found in arr (and deleted)
+bool
+removeExpired(ApplyView& view, STVector256 const& arr, beast::Journal const j);

 // Actually remove a credentials object from the ledger
-[[nodiscard]] TER
+TER
 deleteSLE(ApplyView& view, std::shared_ptr<SLE> const& sleCredential, beast::Journal j);

 // Amendment and parameters checks for sfCredentialIDs field
@@ -63,6 +67,20 @@ checkArray(STArray const& credentials, unsigned maxSize, beast::Journal j);
 TER
 verifyValidDomain(ApplyView& view, AccountID const& account, uint256 domainID, beast::Journal j);

+// Check DepositPreauth authorization
+TER
+checkDepositPreauth(
+    STTx const& tx,
+    ReadView const& view,
+    AccountID const& src,
+    AccountID const& dst,
+    std::shared_ptr<SLE const> const& sleDst,
+    beast::Journal j);
+
+// Remove expired credentials
+TER
+cleanupExpiredCredentials(STTx const& tx, ApplyView& view, beast::Journal j);
+
 // Check expired credentials and for existing DepositPreauth ledger object
 TER
 verifyDepositPreauth(
--- a/include/xrpl/ledger/helpers/LendingHelpers.h
+++ b/include/xrpl/ledger/helpers/LendingHelpers.h
@@ -184,7 +184,6 @@ checkLoanGuards(

 LoanState
 computeTheoreticalLoanState(
-    Rules const& rules,
    Number const& periodicPayment,
    Number const& periodicRate,
    std::uint32_t const paymentRemaining,
@@ -354,7 +353,6 @@ struct LoanStateDeltas

 Expected<std::pair<LoanPaymentParts, LoanProperties>, TER>
 tryOverpayment(
-    Rules const& rules,
    Asset const& asset,
    std::int32_t loanScale,
    ExtendedPaymentComponents const& overpaymentComponents,
@@ -365,17 +363,11 @@ tryOverpayment(
    TenthBips16 const managementFeeRate,
    beast::Journal j);

-[[nodiscard]] Number
-computePowerMinusOne(Number const& periodicRate, std::uint32_t paymentsRemaining);
+Number
+computeRaisedRate(Number const& periodicRate, std::uint32_t paymentsRemaining);

-[[nodiscard]] Number
-computePowerMinusOneHybrid(Number const& periodicRate, std::uint32_t paymentsRemaining);
-
-[[nodiscard]] Number
-computePaymentFactor(
-    Rules const& rules,
-    Number const& periodicRate,
-    std::uint32_t paymentsRemaining);
+Number
+computePaymentFactor(Number const& periodicRate, std::uint32_t paymentsRemaining);

 std::pair<Number, Number>
 computeInterestAndFeeParts(
@@ -386,14 +378,12 @@ computeInterestAndFeeParts(

 Number
 loanPeriodicPayment(
-    Rules const& rules,
    Number const& principalOutstanding,
    Number const& periodicRate,
    std::uint32_t paymentsRemaining);

 Number
 loanPrincipalFromPeriodicPayment(
-    Rules const& rules,
    Number const& periodicPayment,
    Number const& periodicRate,
    std::uint32_t paymentsRemaining);
@@ -425,7 +415,6 @@ computeOverpaymentComponents(

 PaymentComponents
 computePaymentComponents(
-    Rules const& rules,
    Asset const& asset,
    std::int32_t scale,
    Number const& totalValueOutstanding,
@@ -449,7 +438,6 @@ operator+(LoanState const& lhs, detail::LoanStateDeltas const& rhs);

 LoanProperties
 computeLoanProperties(
-    Rules const& rules,
    Asset const& asset,
    Number const& principalOutstanding,
    TenthBips32 interestRate,
@@ -460,7 +448,6 @@ computeLoanProperties(

 LoanProperties
 computeLoanProperties(
-    Rules const& rules,
    Asset const& asset,
    Number const& principalOutstanding,
    Number const& periodicRate,
--- a/include/xrpl/nodestore/Types.h
+++ b/include/xrpl/nodestore/Types.h
@@ -6,16 +6,20 @@

 namespace xrpl::NodeStore {

-// This is only used to pre-allocate the array for
-// batch objects and does not affect the amount written.
-//
-static constexpr auto kBATCH_WRITE_PREALLOCATION_SIZE = 256;
+// Need to be named before converting
+// NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+enum {
+    // This is only used to pre-allocate the array for
+    // batch objects and does not affect the amount written.
+    //
+    BatchWritePreallocationSize = 256,

-// This sets a limit on the maximum number of writes
-// in a batch. Actual usage can be twice this since
-// we have a new batch growing as we write the old.
-//
-static constexpr auto kBATCH_WRITE_LIMIT_SIZE = 65536;
+    // This sets a limit on the maximum number of writes
+    // in a batch. Actual usage can be twice this since
+    // we have a new batch growing as we write the old.
+    //
+    BatchWriteLimitSize = 65536
+};

 /** Return codes from Backend operations. */
 enum class Status {
--- a/include/xrpl/protocol/AccountID.h
+++ b/include/xrpl/protocol/AccountID.h
@@ -25,7 +25,7 @@ public:
 }  // namespace detail

 /** A 160-bit unsigned that uniquely identifies an account. */
-using AccountID = BaseUInt<160, detail::AccountIDTag>;
+using AccountID = BaseUint<160, detail::AccountIDTag>;

 /** Convert AccountID to base58 checked string */
 std::string
--- a/include/xrpl/protocol/ApiVersion.h
+++ b/include/xrpl/protocol/ApiVersion.h
@@ -61,7 +61,7 @@ setVersion(json::Value& parent, unsigned int apiVersion, bool betaEnabled)
 {
    XRPL_ASSERT(apiVersion != kAPI_INVALID_VERSION, "xrpl::RPC::setVersion : input is valid");

-    auto& retObj = parent[jss::version] = json::ValueType::Object;
+    auto& retObj = parent[jss::version] = json::ObjectValue;

    if (apiVersion == kAPI_VERSION_IF_UNSPECIFIED)
    {
--- a/include/xrpl/protocol/ConfidentialTransfer.h
+++ b/include/xrpl/protocol/ConfidentialTransfer.h
@@ -0,0 +1,391 @@
+#pragma once
+
+#include <xrpl/basics/Slice.h>
+#include <xrpl/basics/base_uint.h>
+#include <xrpl/protocol/Indexes.h>
+#include <xrpl/protocol/MPTIssue.h>
+#include <xrpl/protocol/Protocol.h>
+#include <xrpl/protocol/Rate.h>
+#include <xrpl/protocol/STLedgerEntry.h>
+#include <xrpl/protocol/STObject.h>
+#include <xrpl/protocol/Serializer.h>
+#include <xrpl/protocol/TER.h>
+#include <xrpl/protocol/TxFormats.h>
+#include <xrpl/protocol/detail/secp256k1.h>
+
+#include <secp256k1_mpt.h>
+
+namespace xrpl {
+
+/**
+ * @brief Bundles an ElGamal public key with its associated encrypted amount.
+ *
+ * Used to represent a recipient in confidential transfers, containing both
+ * the recipient's ElGamal public key and the ciphertext encrypting the
+ * transfer amount under that key.
+ */
+struct ConfidentialRecipient
+{
+    Slice publicKey;        ///< The recipient's ElGamal public key (size=xrpl::ecPubKeyLength).
+    Slice encryptedAmount;  ///< The encrypted amount ciphertext
+                            ///< (size=xrpl::ecGamalEncryptedTotalLength).
+};
+
+/// Holds two secp256k1 public key components representing an ElGamal ciphertext (C1, C2).
+struct EcPair
+{
+    secp256k1_pubkey c1;
+    secp256k1_pubkey c2;
+};
+
+/**
+ * @brief Increments the confidential balance version counter on an MPToken.
+ *
+ * The version counter is used to prevent replay attacks by binding proofs
+ * to a specific state of the account's confidential balance. Wraps to 0
+ * on overflow (defined behavior for unsigned integers).
+ *
+ * @param mptoken The MPToken ledger entry to update.
+ */
+inline void
+incrementConfidentialVersion(STObject& mptoken)
+{
+    // Retrieve current version and increment.
+    // Unsigned integer overflow is defined behavior in C++ (wraps to 0),
+    // which is acceptable here.
+    mptoken[sfConfidentialBalanceVersion] = mptoken[~sfConfidentialBalanceVersion].valueOr(0u) + 1u;
+}
+
+/**
+ * @brief Generates the context hash for ConfidentialMPTSend transactions.
+ *
+ * Creates a unique 256-bit hash that binds the zero-knowledge proofs to
+ * this specific send transaction, preventing proof reuse across transactions.
+ *
+ * @param account     The sender's account ID.
+ * @param issuanceID  The MPToken Issuance ID.
+ * @param sequence    The transaction sequence number or ticket number.
+ * @param destination The destination account ID.
+ * @param version     The sender's confidential balance version.
+ * @return A 256-bit context hash unique to this transaction.
+ */
+uint256
+getSendContextHash(
+    AccountID const& account,
+    uint192 const& issuanceID,
+    std::uint32_t sequence,
+    AccountID const& destination,
+    std::uint32_t version);
+
+/**
+ * @brief Generates the context hash for ConfidentialMPTClawback transactions.
+ *
+ * Creates a unique 256-bit hash that binds the equality proof to this
+ * specific clawback transaction.
+ *
+ * @param account    The issuer's account ID.
+ * @param issuanceID The MPToken Issuance ID.
+ * @param sequence   The transaction sequence number or ticket number.
+ * @param holder     The holder's account ID being clawed back from.
+ * @return A 256-bit context hash unique to this transaction.
+ */
+uint256
+getClawbackContextHash(
+    AccountID const& account,
+    uint192 const& issuanceID,
+    std::uint32_t sequence,
+    AccountID const& holder);
+
+/**
+ * @brief Generates the context hash for ConfidentialMPTConvert transactions.
+ *
+ * Creates a unique 256-bit hash that binds the Schnorr proof (for key
+ * registration) to this specific convert transaction.
+ *
+ * @param account    The holder's account ID.
+ * @param issuanceID The MPToken Issuance ID.
+ * @param sequence   The transaction sequence number or a ticket number.
+ * @return A 256-bit context hash unique to this transaction.
+ */
+uint256
+getConvertContextHash(AccountID const& account, uint192 const& issuanceID, std::uint32_t sequence);
+
+/**
+ * @brief Generates the context hash for ConfidentialMPTConvertBack transactions.
+ *
+ * Creates a unique 256-bit hash that binds the zero-knowledge proofs to
+ * this specific convert-back transaction.
+ *
+ * @param account    The holder's account ID.
+ * @param issuanceID The MPToken Issuance ID.
+ * @param sequence   The transaction sequence number or a ticket number.
+ * @param version    The holder's confidential balance version.
+ * @return A 256-bit context hash unique to this transaction.
+ */
+uint256
+getConvertBackContextHash(
+    AccountID const& account,
+    uint192 const& issuanceID,
+    std::uint32_t sequence,
+    std::uint32_t version);
+
+/**
+ * @brief Parses an ElGamal ciphertext into two secp256k1 public key components.
+ *
+ * Breaks a 66-byte encrypted amount (two 33-byte compressed EC points) into
+ * a pair containing (C1, C2) for use in cryptographic operations.
+ *
+ * @param buffer The 66-byte buffer containing the compressed ciphertext.
+ * @return The parsed pair (c1, c2) if successful, std::nullopt if the buffer is invalid.
+ */
+std::optional<EcPair>
+makeEcPair(Slice const& buffer);
+
+/**
+ * @brief Serializes an EcPair into compressed form.
+ *
+ * Converts an EcPair (C1, C2) back into a 66-byte buffer containing
+ * two 33-byte compressed EC points.
+ *
+ * @param pair The EcPair to serialize.
+ * @return The 66-byte buffer, or std::nullopt if serialization fails.
+ */
+std::optional<Buffer>
+serializeEcPair(EcPair const& pair);
+
+/**
+ * @brief Verifies that a buffer contains two valid, parsable EC public keys.
+ *
+ * @param buffer The input buffer containing two concatenated components.
+ * @return true if both components can be parsed successfully, false otherwise.
+ */
+bool
+isValidCiphertext(Slice const& buffer);
+
+/**
+ * @brief Verifies that a buffer contains a valid, parsable compressed EC point.
+ *
+ * Can be used to validate both compressed public keys and Pedersen commitments.
+ * Fails early if the prefix byte is not 0x02 or 0x03.
+ *
+ * @param buffer The input buffer containing a compressed EC point (33 bytes).
+ * @return true if the point can be parsed successfully, false otherwise.
+ */
+bool
+isValidCompressedECPoint(Slice const& buffer);
+
+/**
+ * @brief Homomorphically adds two ElGamal ciphertexts.
+ *
+ * Uses the additive homomorphic property of ElGamal encryption to compute
+ * Enc(a + b) from Enc(a) and Enc(b) without decryption.
+ *
+ * @param a The first ciphertext (66 bytes).
+ * @param b The second ciphertext (66 bytes).
+ * @return The resulting ciphertext Enc(a + b), or std::nullopt on failure.
+ */
+std::optional<Buffer>
+homomorphicAdd(Slice const& a, Slice const& b);
+
+/**
+ * @brief Homomorphically subtracts two ElGamal ciphertexts.
+ *
+ * Uses the additive homomorphic property of ElGamal encryption to compute
+ * Enc(a - b) from Enc(a) and Enc(b) without decryption.
+ *
+ * @param a The minuend ciphertext (66 bytes).
+ * @param b The subtrahend ciphertext (66 bytes).
+ * @return The resulting ciphertext Enc(a - b), or std::nullopt on failure.
+ */
+std::optional<Buffer>
+homomorphicSubtract(Slice const& a, Slice const& b);
+
+/**
+ * @brief Encrypts an amount using ElGamal encryption.
+ *
+ * Produces a ciphertext C = (C1, C2) where C1 = r*G and C2 = m*G + r*Pk,
+ * using the provided blinding factor r.
+ *
+ * @param amt            The plaintext amount to encrypt.
+ * @param pubKeySlice    The recipient's ElGamal public key (size=xrpl::ecPubKeyLength).
+ * @param blindingFactor The randomness used as blinding factor r
+ * (size=xrpl::ecBlindingFactorLength).
+ * @return The ciphertext (size=xrpl::ecGamalEncryptedTotalLength), or std::nullopt on failure.
+ */
+std::optional<Buffer>
+encryptAmount(uint64_t const amt, Slice const& pubKeySlice, Slice const& blindingFactor);
+
+/**
+ * @brief Generates the canonical zero encryption for a specific MPToken.
+ *
+ * Creates a deterministic encryption of zero that is unique to the account
+ * and MPT issuance. Used to initialize confidential balance fields.
+ *
+ * @param pubKeySlice The holder's ElGamal public key (size=xrpl::ecPubKeyLength).
+ * @param account     The account ID of the token holder.
+ * @param mptId       The MPToken Issuance ID.
+ * @return The canonical zero ciphertext (size=xrpl::ecGamalEncryptedTotalLength), or std::nullopt
+ * on failure.
+ */
+std::optional<Buffer>
+encryptCanonicalZeroAmount(Slice const& pubKeySlice, AccountID const& account, MPTID const& mptId);
+
+/**
+ * @brief Verifies a Schnorr proof of knowledge of an ElGamal private key.
+ *
+ * Proves that the submitter knows the secret key corresponding to the
+ * provided public key, without revealing the secret key itself.
+ *
+ * @param pubKeySlice The ElGamal public key (size=xrpl::ecPubKeyLength).
+ * @param proofSlice  The Schnorr proof (size=xrpl::ecSchnorrProofLength).
+ * @param contextHash The 256-bit context hash binding the proof.
+ * @return tesSUCCESS if valid, or an error code otherwise.
+ */
+TER
+verifySchnorrProof(Slice const& pubKeySlice, Slice const& proofSlice, uint256 const& contextHash);
+
+/**
+ * @brief Validates the format of encrypted amount fields in a transaction.
+ *
+ * Checks that all ciphertext fields in the transaction object have the
+ * correct length and contain valid EC points. This function is only used
+ * by ConfidentialMPTConvert and ConfidentialMPTConvertBack transactions.
+ *
+ * @param object The transaction object containing encrypted amount fields.
+ * @return tesSUCCESS if all formats are valid, temMALFORMED if required fields
+ *         are missing, or temBAD_CIPHERTEXT if format validation fails.
+ */
+NotTEC
+checkEncryptedAmountFormat(STObject const& object);
+
+/**
+ * @brief Verifies revealed amount encryptions for all recipients.
+ *
+ * Validates that the same amount was correctly encrypted for the holder,
+ * issuer, and optionally the auditor using their respective public keys.
+ *
+ * @param amount         The revealed plaintext amount.
+ * @param blindingFactor The blinding factor used in all encryptions
+ * (size=xrpl::ecBlindingFactorLength).
+ * @param holder         The holder's public key and encrypted amount.
+ * @param issuer         The issuer's public key and encrypted amount.
+ * @param auditor        Optional auditor's public key and encrypted amount.
+ * @return tesSUCCESS if all encryptions are valid, or an error code otherwise.
+ */
+TER
+verifyRevealedAmount(
+    uint64_t const amount,
+    Slice const& blindingFactor,
+    ConfidentialRecipient const& holder,
+    ConfidentialRecipient const& issuer,
+    std::optional<ConfidentialRecipient> const& auditor);
+
+/**
+ * @brief Returns the number of recipients in a confidential transfer.
+ *
+ * Returns 4 if an auditor is present (sender, destination, issuer, auditor),
+ * or 3 if no auditor (sender, destination, issuer).
+ *
+ * @param hasAuditor Whether the issuance has an auditor configured.
+ * @return The number of recipients (3 or 4).
+ */
+constexpr uint8_t
+getConfidentialRecipientCount(bool hasAuditor)
+{
+    return hasAuditor ? 4 : 3;
+}
+
+/**
+ * @brief Verifies a compact sigma clawback proof.
+ *
+ * Proves that the issuer knows the exact amount encrypted in the holder's
+ * balance ciphertext. Used in ConfidentialMPTClawback to verify the issuer
+ * can decrypt the balance using their private key.
+ *
+ * @param amount      The revealed plaintext amount.
+ * @param proof       The zero-knowledge proof bytes (ecClawbackProofLength).
+ * @param pubKeySlice The issuer's ElGamal public key (ecPubKeyLength bytes).
+ * @param ciphertext  The issuer's encrypted balance on the holder's account
+ * (ecGamalEncryptedTotalLength bytes).
+ * @param contextHash The 256-bit context hash binding the proof.
+ * @return tesSUCCESS if the proof is valid, or an error code otherwise.
+ */
+TER
+verifyClawbackProof(
+    uint64_t const amount,
+    Slice const& proof,
+    Slice const& pubKeySlice,
+    Slice const& ciphertext,
+    uint256 const& contextHash);
+
+/**
+ * @brief Generates a cryptographically secure 32-byte blinding factor.
+ *
+ * Produces random bytes suitable for use as an ElGamal blinding factor
+ * or Pedersen commitment randomness.
+ *
+ * @return A 32-byte buffer containing the random blinding factor.
+ */
+Buffer
+generateBlindingFactor();
+
+/**
+ * @brief Verifies all zero-knowledge proofs for a ConfidentialMPTSend transaction.
+ *
+ * This function calls mpt_verify_send_proof API in the mpt-crypto utility lib, which verifies the
+ * equality proof, amount linkage, balance linkage, and range proof.
+ * Equality proof: Proves the same value is encrypted for the sender, receiver, issuer, and auditor.
+ * Amount linkage: Proves the send amount matches the amount Pedersen commitment.
+ * Balance linkage: Proves the sender's balance matches the balance Pedersen
+ * commitment.
+ * Range proof: Proves the amount and the remaining balance are within range [0, 2^64-1].
+ *
+ * @param proof             The full proof blob.
+ * @param sender            The sender's public key and encrypted amount.
+ * @param destination       The destination's public key and encrypted amount.
+ * @param issuer            The issuer's public key and encrypted amount.
+ * @param auditor           The auditor's public key and encrypted amount if present.
+ * @param spendingBalance   The sender's current spending balance ciphertext.
+ * @param amountCommitment  The Pedersen commitment to the send amount.
+ * @param balanceCommitment The Pedersen commitment to the sender's balance.
+ * @param contextHash       The context hash binding the proof.
+ * @return tesSUCCESS if all proofs are valid, or an error code otherwise.
+ */
+TER
+verifySendProof(
+    Slice const& proof,
+    ConfidentialRecipient const& sender,
+    ConfidentialRecipient const& destination,
+    ConfidentialRecipient const& issuer,
+    std::optional<ConfidentialRecipient> const& auditor,
+    Slice const& spendingBalance,
+    Slice const& amountCommitment,
+    Slice const& balanceCommitment,
+    uint256 const& contextHash);
+
+/**
+ * @brief Verifies all zero-knowledge proofs for a ConfidentialMPTConvertBack transaction.
+ *
+ * This function calls mpt_verify_convert_back_proof API in the mpt-crypto utility lib, which
+ * verifies the balance linkage proof and range proof. Balance linkage proof: proves the balance
+ * commitment matches the spending ciphertext. Range proof: proves the remaining balance after
+ * convert back is within range [0, 2^64-1].
+ *
+ * @param proof             The full proof blob.
+ * @param pubKeySlice       The holder's public key.
+ * @param spendingBalance   The holder's spending balance ciphertext.
+ * @param balanceCommitment The Pedersen commitment to the balance.
+ * @param amount            The amount being converted back to public.
+ * @param contextHash       The context hash binding the proof.
+ * @return tesSUCCESS if all proofs are valid, or an error code otherwise.
+ */
+TER
+verifyConvertBackProof(
+    Slice const& proof,
+    Slice const& pubKeySlice,
+    Slice const& spendingBalance,
+    Slice const& balanceCommitment,
+    uint64_t amount,
+    uint256 const& contextHash);
+
+}  // namespace xrpl
--- a/include/xrpl/protocol/LedgerFormats.h
+++ b/include/xrpl/protocol/LedgerFormats.h
@@ -177,7 +177,8 @@ enum LedgerEntryType : std::uint16_t {
        LSF_FLAG(lsfMPTCanEscrow, 0x00000008)                                                                                      \
        LSF_FLAG(lsfMPTCanTrade, 0x00000010)                                                                                       \
        LSF_FLAG(lsfMPTCanTransfer, 0x00000020)                                                                                    \
-        LSF_FLAG(lsfMPTCanClawback, 0x00000040))                                                                                   \
+        LSF_FLAG(lsfMPTCanClawback, 0x00000040)                                                                                    \
+        LSF_FLAG(lsfMPTCanConfidentialAmount, 0x00000080))                                                                                    \
                                                                                                                                   \
    LEDGER_OBJECT(MPTokenIssuanceMutable,                                                                                          \
        LSF_FLAG(lsmfMPTCanMutateCanLock, 0x00000002)                                                                              \
@@ -187,7 +188,8 @@ enum LedgerEntryType : std::uint16_t {
        LSF_FLAG(lsmfMPTCanMutateCanTransfer, 0x00000020)                                                                          \
        LSF_FLAG(lsmfMPTCanMutateCanClawback, 0x00000040)                                                                          \
        LSF_FLAG(lsmfMPTCanMutateMetadata, 0x00010000)                                                                             \
-        LSF_FLAG(lsmfMPTCanMutateTransferFee, 0x00020000))                                                                         \
+        LSF_FLAG(lsmfMPTCanMutateTransferFee, 0x00020000)                                                                          \
+        LSF_FLAG(lsmfMPTCannotMutateCanConfidentialAmount, 0x00040000))                                                                          \
                                                                                                                                   \
    LEDGER_OBJECT(MPToken,                                                                                                         \
        LSF_FLAG2(lsfMPTLocked, 0x00000001)                                                                                        \
--- a/include/xrpl/protocol/Protocol.h
+++ b/include/xrpl/protocol/Protocol.h
@@ -307,4 +307,54 @@ std::size_t constexpr kPERMISSION_MAX_SIZE = 10;
 /** The maximum number of transactions that can be in a batch. */
 std::size_t constexpr kMAX_BATCH_TX_COUNT = 8;

+/** Length of one component of EC ElGamal ciphertext */
+std::size_t constexpr kEC_GAMAL_ENCRYPTED_LENGTH = 33;
+
+/** EC ElGamal ciphertext length: two 33-byte components concatenated */
+std::size_t constexpr kEC_GAMAL_ENCRYPTED_TOTAL_LENGTH = kEC_GAMAL_ENCRYPTED_LENGTH * 2;
+
+/** Length of EC point (compressed) */
+std::size_t constexpr kCOMPRESSED_EC_POINT_LENGTH = 33;
+
+/** Length of EC public key (compressed) */
+std::size_t constexpr kEC_PUB_KEY_LENGTH = kCOMPRESSED_EC_POINT_LENGTH;
+
+/** Length of EC private key in bytes */
+std::size_t constexpr kEC_PRIV_KEY_LENGTH = 32;
+
+/** Length of the EC blinding factor in bytes */
+std::size_t constexpr kEC_BLINDING_FACTOR_LENGTH = 32;
+
+/** Length of Schnorr ZKProof for public key registration (compact form) in bytes */
+std::size_t constexpr kEC_SCHNORR_PROOF_LENGTH = 64;
+
+/** Length of Pedersen Commitment (compressed) */
+std::size_t constexpr kEC_PEDERSEN_COMMITMENT_LENGTH = kCOMPRESSED_EC_POINT_LENGTH;
+
+/** Length of single bulletproof (range proof for 1 commitment) in bytes */
+std::size_t constexpr kEC_SINGLE_BULLETPROOF_LENGTH = 688;
+
+/** Length of double bulletproof (range proof for 2 commitments) in bytes */
+std::size_t constexpr kEC_DOUBLE_BULLETPROOF_LENGTH = 754;
+
+/** Length of the ZKProof for ConfidentialMPTSend.
+ *  192 bytes compact sigma proof + 754 bytes double bulletproof. */
+std::size_t constexpr kEC_SEND_PROOF_LENGTH = 946;
+
+/** Length of the ZKProof for ConfidentialMPTConvertBack.
+ *  128 bytes compact sigma proof + 688 bytes single bulletproof. */
+std::size_t constexpr kEC_CONVERT_BACK_PROOF_LENGTH = 816;
+
+/** Length of the ZKProof for ConfidentialMPTClawback. */
+std::size_t constexpr kEC_CLAWBACK_PROOF_LENGTH = 64;
+
+/** Extra base fee multiplier charged to confidential MPT transactions. */
+std::uint32_t constexpr kCONFIDENTIAL_FEE_MULTIPLIER = 9;
+
+/** Compressed EC point prefix for even y-coordinate */
+std::uint8_t constexpr kEC_COMPRESSED_PREFIX_EVEN_Y = 0x02;
+
+/** Compressed EC point prefix for odd y-coordinate */
+std::uint8_t constexpr kEC_COMPRESSED_PREFIX_ODD_Y = 0x03;
+
 }  // namespace xrpl
--- a/include/xrpl/protocol/PublicKey.h
+++ b/include/xrpl/protocol/PublicKey.h
@@ -267,10 +267,10 @@ getOrThrow(json::Value const& v, xrpl::SField const& field)
 {
    using namespace xrpl;
    std::string const b58 = getOrThrow<std::string>(v, field);
-    if (auto pubKeyBlob = strUnHex(b58);
-        pubKeyBlob.has_value() && publicKeyType(makeSlice(*pubKeyBlob)))
+    if (auto pubKeyBlob = strUnHex(b58); pubKeyBlob && publicKeyType(makeSlice(*pubKeyBlob)))
    {
-        return PublicKey{makeSlice(*pubKeyBlob)};
+        return PublicKey{makeSlice(
+            *pubKeyBlob)};  // NOLINT(bugprone-unchecked-optional-access) checked in condition above
    }
    for (auto const tokenType : {TokenType::NodePublic, TokenType::AccountPublic})
    {
--- a/include/xrpl/protocol/SField.h
+++ b/include/xrpl/protocol/SField.h
@@ -129,20 +129,23 @@ fieldCode(int id, int index)
 class SField
 {
 public:
-    static constexpr auto kSMD_NEVER = 0x00;
-    static constexpr auto kSMD_CHANGE_ORIG = 0x01;   // original value when it changes
-    static constexpr auto kSMD_CHANGE_NEW = 0x02;    // new value when it changes
-    static constexpr auto kSMD_DELETE_FINAL = 0x04;  // final value when it is deleted
-    static constexpr auto kSMD_CREATE = 0x08;        // value when it's created
-    static constexpr auto kSMD_ALWAYS = 0x10;    // value when node containing it is affected at all
-    static constexpr auto kSMD_BASE_TEN = 0x20;  // value is treated as base 10, overriding behavior
-    static constexpr auto kSMD_PSEUDO_ACCOUNT = 0x40;  // if this field is set in an ACCOUNT_ROOT
-                                                       // _only_, then it is a pseudo-account
-    static constexpr auto kSMD_NEEDS_ASSET = 0x80;     // This field needs to be associated with an
-                                                       // asset before it is serialized as a ledger
-                                                       // object. Intended for STNumber.
-    static constexpr auto kSMD_DEFAULT =
-        kSMD_CHANGE_ORIG | kSMD_CHANGE_NEW | kSMD_DELETE_FINAL | kSMD_CREATE;
+    // Need to be named before converting
+    // NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+    enum {
+        SMdNever = 0x00,
+        SMdChangeOrig = 0x01,     // original value when it changes
+        SMdChangeNew = 0x02,      // new value when it changes
+        SMdDeleteFinal = 0x04,    // final value when it is deleted
+        SMdCreate = 0x08,         // value when it's created
+        SMdAlways = 0x10,         // value when node containing it is affected at all
+        SMdBaseTen = 0x20,        // value is treated as base 10, overriding behavior
+        SMdPseudoAccount = 0x40,  // if this field is set in an ACCOUNT_ROOT
+                                  // _only_, then it is a pseudo-account
+        SMdNeedsAsset = 0x80,     // This field needs to be associated with an
+                                  // asset before it is serialized as a ledger
+                                  // object. Intended for STNumber.
+        SMdDefault = SMdChangeOrig | SMdChangeNew | SMdDeleteFinal | SMdCreate
+    };

    enum class IsSigning : unsigned char { No, Yes };
    static IsSigning const kNOT_SIGNING = IsSigning::No;
@@ -172,7 +175,7 @@ public:
        SerializedTypeID tid,
        int fv,
        char const* fn,
-        int meta = kSMD_DEFAULT,
+        int meta = SMdDefault,
        IsSigning signing = IsSigning::Yes);
    explicit SField(PrivateAccessTagT, int fc, char const* fn);

--- a/include/xrpl/protocol/STAmount.h
+++ b/include/xrpl/protocol/STAmount.h
@@ -241,7 +241,7 @@ public:
    [[nodiscard]] std::string
    getText() const override;

-    [[nodiscard]] json::Value getJson(JsonOptions = JsonOptions::Values::None) const override;
+    [[nodiscard]] json::Value getJson(JsonOptions = JsonOptions::KNone) const override;

    void
    add(Serializer& s) const override;
--- a/include/xrpl/protocol/STBase.h
+++ b/include/xrpl/protocol/STBase.h
@@ -18,23 +18,23 @@ struct JsonOptions
    using underlying_t = unsigned int;
    underlying_t value;

-    enum class Values : underlying_t {
-        None = 0b0000'0000,
-        IncludeDate = 0b0000'0001,
-        DisableApiPriorV2 = 0b0000'0010,
+    // Bitwise flags with operator~
+    // NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+    enum Values : underlying_t {
+        // clang-format off
+        KNone                       = 0b0000'0000,
+        KIncludeDate               = 0b0000'0001,
+        KDisableApiPriorV2       = 0b0000'0010,

-        // IMPORTANT `All` must be union of all of the above; see also operator~
-        All = IncludeDate | DisableApiPriorV2  // 0b0000'0011
+        // IMPORTANT `kALL` must be union of all of the above; see also operator~
+        KAll                        = 0b0000'0011
+        // clang-format on
    };

    constexpr JsonOptions(underlying_t v) noexcept : value(v)
    {
    }

-    constexpr JsonOptions(Values v) noexcept : value(static_cast<JsonOptions::underlying_t>(v))
-    {
-    }
-
    [[nodiscard]] constexpr explicit
    operator underlying_t() const noexcept
    {
@@ -69,18 +69,18 @@ struct JsonOptions
    [[nodiscard]] constexpr JsonOptions friend
    operator~(JsonOptions v) noexcept
    {
-        return {~v.value & static_cast<underlying_t>(Values::All)};
+        return {~v.value & static_cast<underlying_t>(KAll)};
    }
 };

 template <typename T>
    requires requires(T const& t) {
-        { t.getJson(JsonOptions::Values::None) } -> std::convertible_to<json::Value>;
+        { t.getJson(JsonOptions::KNone) } -> std::convertible_to<json::Value>;
    }
 json::Value
 toJson(T const& t)
 {
-    return t.getJson(JsonOptions::Values::None);
+    return t.getJson(JsonOptions::KNone);
 }

 namespace detail {
@@ -148,7 +148,7 @@ public:
    [[nodiscard]] virtual std::string
    getText() const;

-    [[nodiscard]] virtual json::Value getJson(JsonOptions = JsonOptions::Values::None) const;
+    [[nodiscard]] virtual json::Value getJson(JsonOptions = JsonOptions::KNone) const;

    virtual void
    add(Serializer& s) const;
--- a/include/xrpl/protocol/STBitString.h
+++ b/include/xrpl/protocol/STBitString.h
@@ -16,7 +16,7 @@ class STBitString final : public STBase, public CountedObject<STBitString<Bits>>
    static_assert(Bits > 0, "Number of bits must be positive");

 public:
-    using value_type = BaseUInt<Bits>;
+    using value_type = BaseUint<Bits>;

 private:
    value_type value_{};
@@ -46,7 +46,7 @@ public:

    template <typename Tag>
    void
-    setValue(BaseUInt<Bits, Tag> const& v);
+    setValue(BaseUint<Bits, Tag> const& v);

    [[nodiscard]] value_type const&
    value() const;
@@ -157,7 +157,7 @@ STBitString<Bits>::add(Serializer& s) const
 template <int Bits>
 template <typename Tag>
 void
-STBitString<Bits>::setValue(BaseUInt<Bits, Tag> const& v)
+STBitString<Bits>::setValue(BaseUint<Bits, Tag> const& v)
 {
    value_ = v;
 }
--- a/include/xrpl/protocol/STLedgerEntry.h
+++ b/include/xrpl/protocol/STLedgerEntry.h
@@ -38,7 +38,7 @@ public:
    getText() const override;

    [[nodiscard]] json::Value
-    getJson(JsonOptions options = JsonOptions::Values::None) const override;
+    getJson(JsonOptions options = JsonOptions::KNone) const override;

    /** Returns the 'key' (or 'index') of this item.
        The key identifies this entry's position in
--- a/include/xrpl/protocol/STObject.h
+++ b/include/xrpl/protocol/STObject.h
@@ -132,7 +132,7 @@ public:
    getText() const override;

    // TODO(tom): options should be an enum.
-    [[nodiscard]] json::Value getJson(JsonOptions = JsonOptions::Values::None) const override;
+    [[nodiscard]] json::Value getJson(JsonOptions = JsonOptions::KNone) const override;

    void
    addWithoutSigningFields(Serializer& s) const;
@@ -381,7 +381,7 @@ public:

    template <class Tag>
    void
-    setFieldH160(SField const& field, BaseUInt<160, Tag> const& v);
+    setFieldH160(SField const& field, BaseUint<160, Tag> const& v);

    STObject&
    peekFieldObject(SField const& field);
@@ -1143,7 +1143,7 @@ STObject::at(OptionaledField<T> const& of) -> OptionalProxy<T>

 template <class Tag>
 void
-STObject::setFieldH160(SField const& field, BaseUInt<160, Tag> const& v)
+STObject::setFieldH160(SField const& field, BaseUint<160, Tag> const& v)
 {
    STBase* rf = getPField(field, true);

--- a/include/xrpl/protocol/STParsedJSON.h
+++ b/include/xrpl/protocol/STParsedJSON.h
@@ -6,13 +6,6 @@

 namespace xrpl {

-/** Maximum JSON object nesting depth permitted during parsing. */
-inline constexpr std::size_t kMAX_PARSED_JSON_DEPTH = 64;
-
-/** Maximum number of elements permitted in any JSON array field during parsing.
-    Requests exceeding this limit are rejected with an invalidParams error. */
-inline constexpr std::size_t kMAX_PARSED_JSON_ARRAY_SIZE = 512;
-
 /** Holds the serialized result of parsing an input JSON object.
    This does validation and checking on the provided JSON.
 */
--- a/include/xrpl/protocol/STValidation.h
+++ b/include/xrpl/protocol/STValidation.h
@@ -161,7 +161,7 @@ STValidation::STValidation(SerialIter& sit, LookupNodeID&& lookupNodeID, bool ch
    if (checkSignature && !isValid())
    {
        JLOG(debugLog().error()) << "Invalid signature in validation: "
-                                 << getJson(JsonOptions::Values::None);
+                                 << getJson(JsonOptions::KNone);
        Throw<std::runtime_error>("Invalid signature in validation");
    }

--- a/include/xrpl/protocol/Serializer.h
+++ b/include/xrpl/protocol/Serializer.h
@@ -102,7 +102,7 @@ public:

    template <std::size_t Bits, class Tag>
    int
-    addBitString(BaseUInt<Bits, Tag> const& v)
+    addBitString(BaseUint<Bits, Tag> const& v)
    {
        return addRaw(v.data(), v.size());
    }
@@ -151,7 +151,7 @@ public:

    template <std::size_t Bits, typename Tag = void>
    bool
-    getBitString(BaseUInt<Bits, Tag>& data, int offset) const
+    getBitString(BaseUint<Bits, Tag>& data, int offset) const
    {
        auto success = (offset + (Bits / 8)) <= data_.size();
        if (success)
@@ -369,7 +369,7 @@ public:
    geti64();

    template <std::size_t Bits, class Tag = void>
-    BaseUInt<Bits, Tag>
+    BaseUint<Bits, Tag>
    getBitString();

    uint128
@@ -428,7 +428,7 @@ public:
 };

 template <std::size_t Bits, class Tag>
-BaseUInt<Bits, Tag>
+BaseUint<Bits, Tag>
 SerialIter::getBitString()
 {
    auto const n = Bits / 8;
@@ -442,7 +442,7 @@ SerialIter::getBitString()
    used_ += n;
    remain_ -= n;

-    return BaseUInt<Bits, Tag>::fromVoid(x);
+    return BaseUint<Bits, Tag>::fromVoid(x);
 }

 }  // namespace xrpl
--- a/include/xrpl/protocol/TER.h
+++ b/include/xrpl/protocol/TER.h
@@ -128,6 +128,7 @@ enum TEMcodes : TERUnderlyingType {
    temBAD_TRANSFER_FEE,
    temINVALID_INNER_BATCH,
    temBAD_MPT,
+    temBAD_CIPHERTEXT,
 };

 //------------------------------------------------------------------------------
@@ -358,6 +359,11 @@ enum TECcodes : TERUnderlyingType {
    tecLIMIT_EXCEEDED = 195,
    tecPSEUDO_ACCOUNT = 196,
    tecPRECISION_LOSS = 197,
+    // DEPRECATED: This error code tecNO_DELEGATE_PERMISSION is reserved for
+    // backward compatibility with historical data on non-prod networks, can be
+    // reclaimed after those networks reset.
+    tecNO_DELEGATE_PERMISSION = 198,
+    tecBAD_PROOF = 199,
 };

 //------------------------------------------------------------------------------
--- a/include/xrpl/protocol/TxFlags.h
+++ b/include/xrpl/protocol/TxFlags.h
@@ -140,7 +140,8 @@ inline constexpr FlagValue tfUniversalMask = ~tfUniversal;
        TF_FLAG(tfMPTCanEscrow, lsfMPTCanEscrow)                                                                                                               \
        TF_FLAG(tfMPTCanTrade, lsfMPTCanTrade)                                                                                                                 \
        TF_FLAG(tfMPTCanTransfer, lsfMPTCanTransfer)                                                                                                           \
-        TF_FLAG(tfMPTCanClawback, lsfMPTCanClawback),                                                                                                          \
+        TF_FLAG(tfMPTCanClawback, lsfMPTCanClawback)                                                                                                           \
+        TF_FLAG(tfMPTCanConfidentialAmount, lsfMPTCanConfidentialAmount),                                                                                                            \
        MASK_ADJ(0))                                                                                                                                           \
                                                                                                                                                               \
    TRANSACTION(MPTokenAuthorize,                                                                                                                              \
@@ -349,10 +350,12 @@ inline constexpr FlagValue tmfMPTCanMutateCanTransfer = lsmfMPTCanMutateCanTrans
 inline constexpr FlagValue tmfMPTCanMutateCanClawback = lsmfMPTCanMutateCanClawback;
 inline constexpr FlagValue tmfMPTCanMutateMetadata = lsmfMPTCanMutateMetadata;
 inline constexpr FlagValue tmfMPTCanMutateTransferFee = lsmfMPTCanMutateTransferFee;
-inline constexpr FlagValue tmfMPTokenIssuanceCreateMutableMask =
-    ~(tmfMPTCanMutateCanLock | tmfMPTCanMutateRequireAuth | tmfMPTCanMutateCanEscrow |
-      tmfMPTCanMutateCanTrade | tmfMPTCanMutateCanTransfer | tmfMPTCanMutateCanClawback |
-      tmfMPTCanMutateMetadata | tmfMPTCanMutateTransferFee);
+inline constexpr FlagValue tmfMPTCannotMutateCanConfidentialAmount =
+    lsmfMPTCannotMutateCanConfidentialAmount;
+inline constexpr FlagValue tmfMPTokenIssuanceCreateMutableMask = ~(
+    tmfMPTCanMutateCanLock | tmfMPTCanMutateRequireAuth | tmfMPTCanMutateCanEscrow |
+    tmfMPTCanMutateCanTrade | tmfMPTCanMutateCanTransfer | tmfMPTCanMutateCanClawback |
+    tmfMPTCanMutateMetadata | tmfMPTCanMutateTransferFee | tmfMPTCannotMutateCanConfidentialAmount);

 // MPTokenIssuanceSet MutableFlags:
 // Set or Clear flags.
@@ -369,10 +372,13 @@ inline constexpr FlagValue tmfMPTSetCanTransfer = 0x00000100;
 inline constexpr FlagValue tmfMPTClearCanTransfer = 0x00000200;
 inline constexpr FlagValue tmfMPTSetCanClawback = 0x00000400;
 inline constexpr FlagValue tmfMPTClearCanClawback = 0x00000800;
-inline constexpr FlagValue tmfMPTokenIssuanceSetMutableMask = ~(
-    tmfMPTSetCanLock | tmfMPTClearCanLock | tmfMPTSetRequireAuth | tmfMPTClearRequireAuth |
-    tmfMPTSetCanEscrow | tmfMPTClearCanEscrow | tmfMPTSetCanTrade | tmfMPTClearCanTrade |
-    tmfMPTSetCanTransfer | tmfMPTClearCanTransfer | tmfMPTSetCanClawback | tmfMPTClearCanClawback);
+inline constexpr FlagValue tmfMPTSetCanConfidentialAmount = 0x00001000;
+inline constexpr FlagValue tmfMPTClearCanConfidentialAmount = 0x00002000;
+inline constexpr FlagValue tmfMPTokenIssuanceSetMutableMask =
+    ~(tmfMPTSetCanLock | tmfMPTClearCanLock | tmfMPTSetRequireAuth | tmfMPTClearRequireAuth |
+      tmfMPTSetCanEscrow | tmfMPTClearCanEscrow | tmfMPTSetCanTrade | tmfMPTClearCanTrade |
+      tmfMPTSetCanTransfer | tmfMPTClearCanTransfer | tmfMPTSetCanClawback |
+      tmfMPTClearCanClawback | tmfMPTSetCanConfidentialAmount | tmfMPTClearCanConfidentialAmount);

 // Prior to fixRemoveNFTokenAutoTrustLine, transfer of an NFToken between accounts allowed a
 // TrustLine to be added to the issuer of that token without explicit permission from that issuer.
--- a/include/xrpl/protocol/UintTypes.h
+++ b/include/xrpl/protocol/UintTypes.h
@@ -30,21 +30,21 @@ public:

 /** Directory is an index into the directory of offer books.
    The last 64 bits of this are the quality. */
-using Directory = BaseUInt<256, detail::DirectoryTag>;
+using Directory = BaseUint<256, detail::DirectoryTag>;

 /** Currency is a hash representing a specific currency. */
-using Currency = BaseUInt<160, detail::CurrencyTag>;
+using Currency = BaseUint<160, detail::CurrencyTag>;

 /** NodeID is a 160-bit hash representing one node. */
-using NodeID = BaseUInt<160, detail::NodeIDTag>;
+using NodeID = BaseUint<160, detail::NodeIDTag>;

 /** MPTID is a 192-bit value representing MPT Issuance ID,
 * which is a concatenation of a 32-bit sequence (big endian)
 * and a 160-bit account */
-using MPTID = BaseUInt<192>;
+using MPTID = BaseUint<192>;

 /** Domain is a 256-bit hash representing a specific domain. */
-using Domain = BaseUInt<256>;
+using Domain = BaseUint<256>;

 /** XRP currency. */
 Currency const&
--- a/include/xrpl/protocol/detail/features.macro
+++ b/include/xrpl/protocol/detail/features.macro
@@ -15,10 +15,12 @@
 // Add new amendments to the top of this list.
 // Keep it sorted in reverse chronological order.

-XRPL_FIX    (Cleanup3_2_0,                Supported::No,  VoteBehavior::DefaultNo)
-XRPL_FEATURE(MPTokensV2,                  Supported::No,  VoteBehavior::DefaultNo)
-XRPL_FIX    (Cleanup3_1_3,                Supported::Yes, VoteBehavior::DefaultYes)
-XRPL_FIX    (BatchInnerSigs,              Supported::No,  VoteBehavior::DefaultNo)
+XRPL_FEATURE(ConfidentialTransfer,        Supported::No, VoteBehavior::DefaultNo)
+XRPL_FIX    (Cleanup3_2_0,                Supported::No, VoteBehavior::DefaultNo)
+XRPL_FEATURE(MPTokensV2,                  Supported::No, VoteBehavior::DefaultNo)
+XRPL_FIX    (Security3_1_3,               Supported::No, VoteBehavior::DefaultNo)
+XRPL_FIX    (PermissionedDomainInvariant, Supported::Yes, VoteBehavior::DefaultNo)
+XRPL_FIX    (BatchInnerSigs,              Supported::No, VoteBehavior::DefaultNo)
 XRPL_FEATURE(LendingProtocol,             Supported::Yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(PermissionDelegationV1_1,    Supported::No,  VoteBehavior::DefaultNo)
 XRPL_FIX    (DirectoryLimit,              Supported::Yes, VoteBehavior::DefaultNo)
@@ -33,7 +35,7 @@ XRPL_FIX    (EnforceNFTokenTrustlineV2,   Supported::Yes, VoteBehavior::DefaultN
 XRPL_FIX    (AMMv1_3,                     Supported::Yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(PermissionedDEX,             Supported::Yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(Batch,                       Supported::No,  VoteBehavior::DefaultNo)
-XRPL_FEATURE(SingleAssetVault,            Supported::Yes, VoteBehavior::DefaultNo)
+XRPL_FEATURE(SingleAssetVault,            Supported::Yes,  VoteBehavior::DefaultNo)
 XRPL_FIX    (PayChanCancelAfter,          Supported::Yes, VoteBehavior::DefaultNo)
 // Check flags in Credential transactions
 XRPL_FIX    (InvalidTxFlags,             Supported::Yes, VoteBehavior::DefaultNo)
@@ -45,6 +47,9 @@ XRPL_FEATURE(Credentials,                Supported::Yes, VoteBehavior::DefaultNo
 XRPL_FEATURE(AMMClawback,                Supported::Yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (AMMv1_2,                    Supported::Yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(MPTokensV1,                 Supported::Yes, VoteBehavior::DefaultNo)
+// InvariantsV1_1 will be changes to Supported::yes when all the
+// invariants expected to be included under it are complete.
+XRPL_FEATURE(InvariantsV1_1,             Supported::No,  VoteBehavior::DefaultNo)
 XRPL_FIX    (NFTokenPageLinks,           Supported::Yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (InnerObjTemplate2,          Supported::Yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (EnforceNFTokenTrustline,    Supported::Yes, VoteBehavior::DefaultNo)
--- a/include/xrpl/protocol/detail/ledger_entries.macro
+++ b/include/xrpl/protocol/detail/ledger_entries.macro
@@ -386,33 +386,47 @@ LEDGER_ENTRY(ltAMM, 0x0079, AMM, amm, ({
 /** A ledger object which tracks MPTokenIssuance
    \sa keylet::mptIssuance
 */
-LEDGER_ENTRY(ltMPTOKEN_ISSUANCE, 0x007e, MPTokenIssuance, mpt_issuance, ({
-    {sfIssuer,                   SoeRequired},
-    {sfSequence,                 SoeRequired},
-    {sfTransferFee,              SoeDefault},
-    {sfOwnerNode,                SoeRequired},
-    {sfAssetScale,               SoeDefault},
-    {sfMaximumAmount,            SoeOptional},
-    {sfOutstandingAmount,        SoeRequired},
-    {sfLockedAmount,             SoeOptional},
-    {sfMPTokenMetadata,          SoeOptional},
-    {sfPreviousTxnID,            SoeRequired},
-    {sfPreviousTxnLgrSeq,        SoeRequired},
-    {sfDomainID,                 SoeOptional},
-    {sfMutableFlags,             SoeDefault},
+LEDGER_ENTRY(
+    ltMPTOKEN_ISSUANCE,
+    0x007e,
+    MPTokenIssuance,
+    mpt_issuance,
+    ({
+        {sfIssuer, SoeRequired},
+        {sfSequence, SoeRequired},
+        {sfTransferFee, SoeDefault},
+        {sfOwnerNode, SoeRequired},
+        {sfAssetScale, SoeDefault},
+        {sfMaximumAmount, SoeOptional},
+        {sfOutstandingAmount, SoeRequired},
+        {sfLockedAmount, SoeOptional},
+        {sfMPTokenMetadata, SoeOptional},
+        {sfPreviousTxnID, SoeRequired},
+        {sfPreviousTxnLgrSeq, SoeRequired},
+        {sfDomainID, SoeOptional},
+        {sfMutableFlags, SoeDefault},
+        {sfIssuerEncryptionKey, SoeOptional},
+        {sfAuditorEncryptionKey, SoeOptional},
+        {sfConfidentialOutstandingAmount, SoeDefault},
 }))

 /** A ledger object which tracks MPToken
    \sa keylet::mptoken
 */
 LEDGER_ENTRY(ltMPTOKEN, 0x007f, MPToken, mptoken, ({
-    {sfAccount,                  SoeRequired},
-    {sfMPTokenIssuanceID,        SoeRequired},
-    {sfMPTAmount,                SoeDefault},
-    {sfLockedAmount,             SoeOptional},
-    {sfOwnerNode,                SoeRequired},
-    {sfPreviousTxnID,            SoeRequired},
-    {sfPreviousTxnLgrSeq,        SoeRequired},
+    {sfAccount,                     SoeRequired},
+    {sfMPTokenIssuanceID,           SoeRequired},
+    {sfMPTAmount,                   SoeDefault},
+    {sfLockedAmount,                SoeOptional},
+    {sfOwnerNode,                   SoeRequired},
+    {sfPreviousTxnID,               SoeRequired},
+    {sfPreviousTxnLgrSeq,           SoeRequired},
+    {sfConfidentialBalanceInbox,    SoeOptional},
+    {sfConfidentialBalanceSpending, SoeOptional},
+    {sfConfidentialBalanceVersion,  SoeDefault},
+    {sfIssuerEncryptedBalance,      SoeOptional},
+    {sfAuditorEncryptedBalance,     SoeOptional},
+    {sfHolderEncryptionKey,         SoeOptional},
 }))

 /** A ledger object which tracks Oracle
--- a/include/xrpl/protocol/detail/secp256k1.h
+++ b/include/xrpl/protocol/detail/secp256k1.h
@@ -11,7 +11,10 @@ secp256k1Context()
    struct Holder
    {
        secp256k1_context* impl;
-        Holder() : impl(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY | SECP256K1_CONTEXT_SIGN))
+        // SECP256K1_CONTEXT_SIGN and SECP256K1_CONTEXT_VERIFY were
+        // deprecated. All contexts support both signing and verification, so
+        // SECP256K1_CONTEXT_NONE is the correct flag to use.
+        Holder() : impl(secp256k1_context_create(SECP256K1_CONTEXT_NONE))
        {
        }

--- a/include/xrpl/protocol/detail/sfields.macro
+++ b/include/xrpl/protocol/detail/sfields.macro
@@ -27,7 +27,7 @@ TYPED_SFIELD(sfWasLockingChainSend,      UINT8,     19)
 TYPED_SFIELD(sfWithdrawalPolicy,         UINT8,     20)

 // 16-bit integers (common)
-TYPED_SFIELD(sfLedgerEntryType,          UINT16,     1, SField::kSMD_NEVER)
+TYPED_SFIELD(sfLedgerEntryType,          UINT16,     1, SField::SMdNever)
 TYPED_SFIELD(sfTransactionType,          UINT16,     2)
 TYPED_SFIELD(sfSignerWeight,             UINT16,     3)
 TYPED_SFIELD(sfTransferFee,              UINT16,     4)
@@ -48,7 +48,7 @@ TYPED_SFIELD(sfNetworkID,                UINT32,     1)
 TYPED_SFIELD(sfFlags,                    UINT32,     2)
 TYPED_SFIELD(sfSourceTag,                UINT32,     3)
 TYPED_SFIELD(sfSequence,                 UINT32,     4)
-TYPED_SFIELD(sfPreviousTxnLgrSeq,        UINT32,     5, SField::kSMD_DELETE_FINAL)
+TYPED_SFIELD(sfPreviousTxnLgrSeq,        UINT32,     5, SField::SMdDeleteFinal)
 TYPED_SFIELD(sfLedgerSequence,           UINT32,     6)
 TYPED_SFIELD(sfCloseTime,                UINT32,     7)
 TYPED_SFIELD(sfParentCloseTime,          UINT32,     8)
@@ -113,6 +113,7 @@ TYPED_SFIELD(sfInterestRate,             UINT32,    65) // 1/10 basis points (bi
 TYPED_SFIELD(sfLateInterestRate,         UINT32,    66) // 1/10 basis points (bips)
 TYPED_SFIELD(sfCloseInterestRate,        UINT32,    67) // 1/10 basis points (bips)
 TYPED_SFIELD(sfOverpaymentInterestRate,  UINT32,    68) // 1/10 basis points (bips)
+TYPED_SFIELD(sfConfidentialBalanceVersion, UINT32,  69)

 // 64-bit integers (common)
 TYPED_SFIELD(sfIndexNext,                UINT64,     1)
@@ -138,14 +139,15 @@ TYPED_SFIELD(sfXChainClaimID,            UINT64,    20)
 TYPED_SFIELD(sfXChainAccountCreateCount, UINT64,    21)
 TYPED_SFIELD(sfXChainAccountClaimCount,  UINT64,    22)
 TYPED_SFIELD(sfAssetPrice,               UINT64,    23)
-TYPED_SFIELD(sfMaximumAmount,            UINT64,    24, SField::kSMD_BASE_TEN|SField::kSMD_DEFAULT)
-TYPED_SFIELD(sfOutstandingAmount,        UINT64,    25, SField::kSMD_BASE_TEN|SField::kSMD_DEFAULT)
-TYPED_SFIELD(sfMPTAmount,                UINT64,    26, SField::kSMD_BASE_TEN|SField::kSMD_DEFAULT)
+TYPED_SFIELD(sfMaximumAmount,            UINT64,    24, SField::SMdBaseTen|SField::SMdDefault)
+TYPED_SFIELD(sfOutstandingAmount,        UINT64,    25, SField::SMdBaseTen|SField::SMdDefault)
+TYPED_SFIELD(sfMPTAmount,                UINT64,    26, SField::SMdBaseTen|SField::SMdDefault)
 TYPED_SFIELD(sfIssuerNode,               UINT64,    27)
 TYPED_SFIELD(sfSubjectNode,              UINT64,    28)
-TYPED_SFIELD(sfLockedAmount,             UINT64,    29, SField::kSMD_BASE_TEN|SField::kSMD_DEFAULT)
+TYPED_SFIELD(sfLockedAmount,             UINT64,    29, SField::SMdBaseTen|SField::SMdDefault)
 TYPED_SFIELD(sfVaultNode,                UINT64,    30)
 TYPED_SFIELD(sfLoanBrokerNode,           UINT64,    31)
+TYPED_SFIELD(sfConfidentialOutstandingAmount, UINT64, 32, SField::SMdBaseTen|SField::SMdDefault)

 // 128-bit
 TYPED_SFIELD(sfEmailHash,                UINT128,    1)
@@ -167,17 +169,17 @@ TYPED_SFIELD(sfLedgerHash,               UINT256,    1)
 TYPED_SFIELD(sfParentHash,               UINT256,    2)
 TYPED_SFIELD(sfTransactionHash,          UINT256,    3)
 TYPED_SFIELD(sfAccountHash,              UINT256,    4)
-TYPED_SFIELD(sfPreviousTxnID,            UINT256,    5, SField::kSMD_DELETE_FINAL)
+TYPED_SFIELD(sfPreviousTxnID,            UINT256,    5, SField::SMdDeleteFinal)
 TYPED_SFIELD(sfLedgerIndex,              UINT256,    6)
 TYPED_SFIELD(sfWalletLocator,            UINT256,    7)
-TYPED_SFIELD(sfRootIndex,                UINT256,    8, SField::kSMD_ALWAYS)
+TYPED_SFIELD(sfRootIndex,                UINT256,    8, SField::SMdAlways)
 TYPED_SFIELD(sfAccountTxnID,             UINT256,    9)
 TYPED_SFIELD(sfNFTokenID,                UINT256,   10)
 TYPED_SFIELD(sfEmitParentTxnID,          UINT256,   11)
 TYPED_SFIELD(sfEmitNonce,                UINT256,   12)
 TYPED_SFIELD(sfEmitHookHash,             UINT256,   13)
 TYPED_SFIELD(sfAMMID,                    UINT256,   14,
-    SField::kSMD_PSEUDO_ACCOUNT | SField::kSMD_DEFAULT)
+    SField::SMdPseudoAccount | SField::SMdDefault)

 // 256-bit (uncommon)
 TYPED_SFIELD(sfBookDirectory,            UINT256,   16)
@@ -200,30 +202,31 @@ TYPED_SFIELD(sfHookNamespace,            UINT256,   32)
 TYPED_SFIELD(sfHookSetTxnID,             UINT256,   33)
 TYPED_SFIELD(sfDomainID,                 UINT256,   34)
 TYPED_SFIELD(sfVaultID,                  UINT256,   35,
-    SField::kSMD_PSEUDO_ACCOUNT | SField::kSMD_DEFAULT)
+    SField::SMdPseudoAccount | SField::SMdDefault)
 TYPED_SFIELD(sfParentBatchID,            UINT256,   36)
 TYPED_SFIELD(sfLoanBrokerID,             UINT256,   37,
-    SField::kSMD_PSEUDO_ACCOUNT | SField::kSMD_DEFAULT)
+    SField::SMdPseudoAccount | SField::SMdDefault)
 TYPED_SFIELD(sfLoanID,                   UINT256,   38)
+TYPED_SFIELD(sfBlindingFactor,           UINT256,   39)

 // number (common)
 TYPED_SFIELD(sfNumber,                   NUMBER,     1)
-TYPED_SFIELD(sfAssetsAvailable,          NUMBER,     2, SField::kSMD_NEEDS_ASSET | SField::kSMD_DEFAULT)
-TYPED_SFIELD(sfAssetsMaximum,            NUMBER,     3, SField::kSMD_NEEDS_ASSET | SField::kSMD_DEFAULT)
-TYPED_SFIELD(sfAssetsTotal,              NUMBER,     4, SField::kSMD_NEEDS_ASSET | SField::kSMD_DEFAULT)
-TYPED_SFIELD(sfLossUnrealized,           NUMBER,     5, SField::kSMD_NEEDS_ASSET | SField::kSMD_DEFAULT)
-TYPED_SFIELD(sfDebtTotal,                NUMBER,     6, SField::kSMD_NEEDS_ASSET | SField::kSMD_DEFAULT)
-TYPED_SFIELD(sfDebtMaximum,              NUMBER,     7, SField::kSMD_NEEDS_ASSET | SField::kSMD_DEFAULT)
-TYPED_SFIELD(sfCoverAvailable,           NUMBER,     8, SField::kSMD_NEEDS_ASSET | SField::kSMD_DEFAULT)
+TYPED_SFIELD(sfAssetsAvailable,          NUMBER,     2, SField::SMdNeedsAsset | SField::SMdDefault)
+TYPED_SFIELD(sfAssetsMaximum,            NUMBER,     3, SField::SMdNeedsAsset | SField::SMdDefault)
+TYPED_SFIELD(sfAssetsTotal,              NUMBER,     4, SField::SMdNeedsAsset | SField::SMdDefault)
+TYPED_SFIELD(sfLossUnrealized,           NUMBER,     5, SField::SMdNeedsAsset | SField::SMdDefault)
+TYPED_SFIELD(sfDebtTotal,                NUMBER,     6, SField::SMdNeedsAsset | SField::SMdDefault)
+TYPED_SFIELD(sfDebtMaximum,              NUMBER,     7, SField::SMdNeedsAsset | SField::SMdDefault)
+TYPED_SFIELD(sfCoverAvailable,           NUMBER,     8, SField::SMdNeedsAsset | SField::SMdDefault)
 TYPED_SFIELD(sfLoanOriginationFee,       NUMBER,     9)
 TYPED_SFIELD(sfLoanServiceFee,           NUMBER,     10)
 TYPED_SFIELD(sfLatePaymentFee,           NUMBER,     11)
 TYPED_SFIELD(sfClosePaymentFee,          NUMBER,     12)
-TYPED_SFIELD(sfPrincipalOutstanding,     NUMBER,     13, SField::kSMD_NEEDS_ASSET | SField::kSMD_DEFAULT)
+TYPED_SFIELD(sfPrincipalOutstanding,     NUMBER,     13, SField::SMdNeedsAsset | SField::SMdDefault)
 TYPED_SFIELD(sfPrincipalRequested,       NUMBER,     14)
-TYPED_SFIELD(sfTotalValueOutstanding,    NUMBER,     15, SField::kSMD_NEEDS_ASSET | SField::kSMD_DEFAULT)
+TYPED_SFIELD(sfTotalValueOutstanding,    NUMBER,     15, SField::SMdNeedsAsset | SField::SMdDefault)
 TYPED_SFIELD(sfPeriodicPayment,          NUMBER,     16)
-TYPED_SFIELD(sfManagementFeeOutstanding, NUMBER,     17, SField::kSMD_NEEDS_ASSET | SField::kSMD_DEFAULT)
+TYPED_SFIELD(sfManagementFeeOutstanding, NUMBER,     17, SField::SMdNeedsAsset | SField::SMdDefault)

 // int32
 TYPED_SFIELD(sfLoanScale,                INT32,      1)
@@ -269,9 +272,9 @@ TYPED_SFIELD(sfLPTokenBalance,           AMOUNT,    31)
 TYPED_SFIELD(sfPublicKey,                VL,         1)
 TYPED_SFIELD(sfMessageKey,               VL,         2)
 TYPED_SFIELD(sfSigningPubKey,            VL,         3)
-TYPED_SFIELD(sfTxnSignature,             VL,         4, SField::kSMD_DEFAULT, SField::kNOT_SIGNING)
+TYPED_SFIELD(sfTxnSignature,             VL,         4, SField::SMdDefault, SField::kNOT_SIGNING)
 TYPED_SFIELD(sfURI,                      VL,         5)
-TYPED_SFIELD(sfSignature,                VL,         6, SField::kSMD_DEFAULT, SField::kNOT_SIGNING)
+TYPED_SFIELD(sfSignature,                VL,         6, SField::SMdDefault, SField::kNOT_SIGNING)
 TYPED_SFIELD(sfDomain,                   VL,         7)
 TYPED_SFIELD(sfFundCode,                 VL,         8)
 TYPED_SFIELD(sfRemoveCode,               VL,         9)
@@ -284,7 +287,7 @@ TYPED_SFIELD(sfMemoFormat,               VL,        14)
 // variable length (uncommon)
 TYPED_SFIELD(sfFulfillment,              VL,        16)
 TYPED_SFIELD(sfCondition,                VL,        17)
-TYPED_SFIELD(sfMasterSignature,          VL,        18, SField::kSMD_DEFAULT, SField::kNOT_SIGNING)
+TYPED_SFIELD(sfMasterSignature,          VL,        18, SField::SMdDefault, SField::kNOT_SIGNING)
 TYPED_SFIELD(sfUNLModifyValidator,       VL,        19)
 TYPED_SFIELD(sfValidatorToDisable,       VL,        20)
 TYPED_SFIELD(sfValidatorToReEnable,      VL,        21)
@@ -298,6 +301,21 @@ TYPED_SFIELD(sfAssetClass,               VL,        28)
 TYPED_SFIELD(sfProvider,                 VL,        29)
 TYPED_SFIELD(sfMPTokenMetadata,          VL,        30)
 TYPED_SFIELD(sfCredentialType,           VL,        31)
+TYPED_SFIELD(sfConfidentialBalanceInbox, VL,        32)
+TYPED_SFIELD(sfConfidentialBalanceSpending, VL,     33)
+TYPED_SFIELD(sfIssuerEncryptedBalance,   VL,        34)
+TYPED_SFIELD(sfIssuerEncryptionKey,      VL,        35)
+TYPED_SFIELD(sfHolderEncryptionKey,      VL,        36)
+TYPED_SFIELD(sfZKProof,                  VL,        37)
+TYPED_SFIELD(sfHolderEncryptedAmount,    VL,        38)
+TYPED_SFIELD(sfIssuerEncryptedAmount,    VL,        39)
+TYPED_SFIELD(sfSenderEncryptedAmount,    VL,        40)
+TYPED_SFIELD(sfDestinationEncryptedAmount, VL,      41)
+TYPED_SFIELD(sfAuditorEncryptedBalance,  VL,        42)
+TYPED_SFIELD(sfAuditorEncryptedAmount,   VL,        43)
+TYPED_SFIELD(sfAuditorEncryptionKey,     VL,        44)
+TYPED_SFIELD(sfAmountCommitment,         VL,        45)
+TYPED_SFIELD(sfBalanceCommitment,        VL,        46)

 // account (common)
 TYPED_SFIELD(sfAccount,                  ACCOUNT,    1)
@@ -326,7 +344,7 @@ TYPED_SFIELD(sfBorrower,                 ACCOUNT,   25)
 TYPED_SFIELD(sfCounterparty,             ACCOUNT,   26)

 // vector of 256-bit
-TYPED_SFIELD(sfIndexes,                  VECTOR256,  1, SField::kSMD_NEVER)
+TYPED_SFIELD(sfIndexes,                  VECTOR256,  1, SField::SMdNever)
 TYPED_SFIELD(sfHashes,                   VECTOR256,  2)
 TYPED_SFIELD(sfAmendments,               VECTOR256,  3)
 TYPED_SFIELD(sfNFTokenOffers,            VECTOR256,  4)
@@ -387,13 +405,13 @@ UNTYPED_SFIELD(sfCredential,             OBJECT,    33)
 UNTYPED_SFIELD(sfRawTransaction,         OBJECT,    34)
 UNTYPED_SFIELD(sfBatchSigner,            OBJECT,    35)
 UNTYPED_SFIELD(sfBook,                   OBJECT,    36)
-UNTYPED_SFIELD(sfCounterpartySignature,  OBJECT,    37, SField::kSMD_DEFAULT, SField::kNOT_SIGNING)
+UNTYPED_SFIELD(sfCounterpartySignature,  OBJECT,    37, SField::SMdDefault, SField::kNOT_SIGNING)

 // array of objects (common)
 // ARRAY/1 is reserved for end of array
 // sfSigningAccounts has never been used.
 //UNTYPED_SFIELD(sfSigningAccounts,        ARRAY,      2)
-UNTYPED_SFIELD(sfSigners,                ARRAY,      3, SField::kSMD_DEFAULT, SField::kNOT_SIGNING)
+UNTYPED_SFIELD(sfSigners,                ARRAY,      3, SField::SMdDefault, SField::kNOT_SIGNING)
 UNTYPED_SFIELD(sfSignerEntries,          ARRAY,      4)
 UNTYPED_SFIELD(sfTemplate,               ARRAY,      5)
 UNTYPED_SFIELD(sfNecessary,              ARRAY,      6)
@@ -421,4 +439,4 @@ UNTYPED_SFIELD(sfUnauthorizeCredentials, ARRAY,     27)
 UNTYPED_SFIELD(sfAcceptedCredentials,    ARRAY,     28)
 UNTYPED_SFIELD(sfPermissions,            ARRAY,     29)
 UNTYPED_SFIELD(sfRawTransactions,        ARRAY,     30)
-UNTYPED_SFIELD(sfBatchSigners,           ARRAY,     31, SField::kSMD_DEFAULT, SField::kNOT_SIGNING)
+UNTYPED_SFIELD(sfBatchSigners,           ARRAY,     31, SField::SMdDefault, SField::kNOT_SIGNING)
--- a/include/xrpl/protocol/detail/transactions.macro
+++ b/include/xrpl/protocol/detail/transactions.macro
@@ -734,6 +734,8 @@ TRANSACTION(ttMPTOKEN_ISSUANCE_SET, 56, MPTokenIssuanceSet,
    {sfMPTokenMetadata, SoeOptional},
    {sfTransferFee, SoeOptional},
    {sfMutableFlags, SoeOptional},
+    {sfIssuerEncryptionKey, SoeOptional},
+    {sfAuditorEncryptionKey, SoeOptional},
 }))

 /** This transaction type authorizes a MPToken instance */
@@ -1076,6 +1078,91 @@ TRANSACTION(ttLOAN_PAY, 84, LoanPay,
    {sfAmount, SoeRequired, SoeMptSupported},
 }))

+/** This transaction type converts into confidential MPT balance. */
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/token/ConfidentialMPTConvert.h>
+#endif
+TRANSACTION(ttCONFIDENTIAL_MPT_CONVERT, 85, ConfidentialMPTConvert,
+    Delegation::Delegable,
+    featureConfidentialTransfer,
+    NoPriv,
+    ({
+    {sfMPTokenIssuanceID, SoeRequired},
+    {sfMPTAmount, SoeRequired},
+    {sfHolderEncryptionKey, SoeOptional},
+    {sfHolderEncryptedAmount, SoeRequired},
+    {sfIssuerEncryptedAmount, SoeRequired},
+    {sfAuditorEncryptedAmount, SoeOptional},
+    {sfBlindingFactor, SoeRequired},
+    {sfZKProof, SoeOptional},
+}))
+
+/** This transaction type merges MPT inbox. */
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/token/ConfidentialMPTMergeInbox.h>
+#endif
+TRANSACTION(ttCONFIDENTIAL_MPT_MERGE_INBOX, 86, ConfidentialMPTMergeInbox,
+    Delegation::Delegable,
+    featureConfidentialTransfer,
+    NoPriv,
+    ({
+    {sfMPTokenIssuanceID, SoeRequired},
+}))
+
+/** This transaction type converts back into public MPT balance. */
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/token/ConfidentialMPTConvertBack.h>
+#endif
+TRANSACTION(ttCONFIDENTIAL_MPT_CONVERT_BACK, 87, ConfidentialMPTConvertBack,
+    Delegation::Delegable,
+    featureConfidentialTransfer,
+    NoPriv,
+    ({
+    {sfMPTokenIssuanceID, SoeRequired},
+    {sfMPTAmount, SoeRequired},
+    {sfHolderEncryptedAmount, SoeRequired},
+    {sfIssuerEncryptedAmount, SoeRequired},
+    {sfAuditorEncryptedAmount, SoeOptional},
+    {sfBlindingFactor, SoeRequired},
+    {sfZKProof, SoeRequired},
+    {sfBalanceCommitment, SoeRequired},
+}))
+
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/token/ConfidentialMPTSend.h>
+#endif
+TRANSACTION(ttCONFIDENTIAL_MPT_SEND, 88, ConfidentialMPTSend,
+    Delegation::Delegable,
+    featureConfidentialTransfer,
+    NoPriv,
+    ({
+    {sfMPTokenIssuanceID, SoeRequired},
+    {sfDestination, SoeRequired},
+    {sfDestinationTag, SoeOptional},
+    {sfSenderEncryptedAmount, SoeRequired},
+    {sfDestinationEncryptedAmount, SoeRequired},
+    {sfIssuerEncryptedAmount, SoeRequired},
+    {sfAuditorEncryptedAmount, SoeOptional},
+    {sfZKProof, SoeRequired},
+    {sfAmountCommitment, SoeRequired},
+    {sfBalanceCommitment, SoeRequired},
+    {sfCredentialIDs, SoeOptional},
+}))
+
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/token/ConfidentialMPTClawback.h>
+#endif
+TRANSACTION(ttCONFIDENTIAL_MPT_CLAWBACK, 89, ConfidentialMPTClawback,
+    Delegation::Delegable,
+    featureConfidentialTransfer,
+    NoPriv,
+    ({
+    {sfMPTokenIssuanceID, SoeRequired},
+    {sfHolder, SoeRequired},
+    {sfMPTAmount, SoeRequired},
+    {sfZKProof, SoeRequired},
+}))
+
 /** This system-generated transaction type is used to update the status of the various amendments.

    For details, see: https://xrpl.org/amendments.html
--- a/include/xrpl/protocol/jss.h
+++ b/include/xrpl/protocol/jss.h
@@ -137,6 +137,7 @@ JSS(authorized_credentials);      // in: ledger_entry DepositPreauth
 JSS(auth_accounts);               // out: amm_info
 JSS(auth_change);                 // out: AccountInfo
 JSS(auth_change_queued);          // out: AccountInfo
+JSS(auditor_encrypted_balance);   // out: mpt_holders (confidential MPT)
 JSS(available);                   // out: ValidatorList
 JSS(avg_bps_recv);                // out: Peers
 JSS(avg_bps_sent);                // out: Peers
@@ -161,9 +162,6 @@ JSS(build_path);                  // in: TransactionSign
 JSS(build_version);               // out: NetworkOPs
 JSS(cancel_after);                // out: AccountChannels
 JSS(can_delete);                  // out: CanDelete
-JSS(mpt_amount);                  // out: mpt_holders
-JSS(mpt_issuance_id);             // in: Payment, mpt_holders
-JSS(mptoken_index);               // out: mpt_holders
 JSS(changes);                     // out: BookChanges
 JSS(channel_id);                  // out: AccountChannels
 JSS(channels);                    // out: AccountChannels
@@ -185,165 +183,170 @@ JSS(command);                     // in: RPCHandler
 JSS(common);                      // out: RPC server_definitions
 JSS(complete);                    // out: NetworkOPs, InboundLedger
 JSS(complete_ledgers);            // out: NetworkOPs, PeerImp
-JSS(consensus);                   // out: NetworkOPs, LedgerConsensus
-JSS(converge_time);               // out: NetworkOPs
-JSS(converge_time_s);             // out: NetworkOPs
-JSS(cookie);                      // out: NetworkOPs
-JSS(count);                       // in: AccountTx*, ValidatorList
-JSS(counters);                    // in/out: retrieve counters
-JSS(credentials);                 // in: deposit_authorized
-JSS(credential_type);             // in: LedgerEntry DepositPreauth
-JSS(ctid);                        // in/out: Tx RPC
-JSS(currency_a);                  // out: BookChanges
-JSS(currency_b);                  // out: BookChanges
-JSS(currency);                    // in: paths/PathRequest, STAmount
-                                  // out: STPathSet, STAmount, AccountLines
-JSS(current);                     // out: OwnerInfo
-JSS(current_activities);          //
-JSS(current_ledger_size);         // out: TxQ
-JSS(current_queue_size);          // out: TxQ
-JSS(data);                        // out: LedgerData
-JSS(date);                        // out: tx/Transaction, NetworkOPs
-JSS(dbKBLedger);                  // out: getCounts
-JSS(dbKBTotal);                   // out: getCounts
-JSS(dbKBTransaction);             // out: getCounts
-JSS(debug_signing);               // in: TransactionSign
-JSS(deletion_blockers_only);      // in: AccountObjects
-JSS(delivered_amount);            // out: insertDeliveredAmount
-JSS(deposit_authorized);          // out: deposit_authorized
-JSS(deprecated);                  //
-JSS(descending);                  // in: AccountTx*
-JSS(description);                 // in/out: Reservations
-JSS(destination);                 // in: nft_buy_offers, nft_sell_offers
-JSS(destination_account);         // in: PathRequest, RipplePathFind, account_lines
-                                  // out: AccountChannels
-JSS(destination_amount);          // in: PathRequest, RipplePathFind
-JSS(destination_currencies);      // in: PathRequest, RipplePathFind
-JSS(destination_tag);             // in: PathRequest
-                                  // out: AccountChannels
-JSS(details);                     // out: Manifest, server_info
-JSS(dir_entry);                   // out: DirectoryEntryIterator
-JSS(dir_index);                   // out: DirectoryEntryIterator
-JSS(dir_root);                    // out: DirectoryEntryIterator
-JSS(discounted_fee);              // out: amm_info
-JSS(domain);                      // out: ValidatorInfo, Manifest
-JSS(drops);                       // out: TxQ
-JSS(duration_us);                 // out: NetworkOPs
-JSS(effective);                   // out: ValidatorList
-                                  // in: UNL
-JSS(enabled);                     // out: AmendmentTable
-JSS(engine_result);               // out: NetworkOPs, TransactionSign, Submit
-JSS(engine_result_code);          // out: NetworkOPs, TransactionSign, Submit
-JSS(engine_result_message);       // out: NetworkOPs, TransactionSign, Submit
-JSS(entire_set);                  // out: get_aggregate_price
-JSS(ephemeral_key);               // out: ValidatorInfo
-                                  // in/out: Manifest
-JSS(error);                       // out: error
-JSS(errored);                     //
-JSS(error_code);                  // out: error
-JSS(error_exception);             // out: Submit
-JSS(error_message);               // out: error
-JSS(expand);                      // in: handler/Ledger
-JSS(expected_date);               // out: any (warnings)
-JSS(expected_date_UTC);           // out: any (warnings)
-JSS(expected_ledger_size);        // out: TxQ
-JSS(expiration);                  // out: AccountOffers, AccountChannels, ValidatorList, amm_info
-JSS(fail_hard);                   // in: Sign, Submit
-JSS(failed);                      // out: InboundLedger
-JSS(feature);                     // in: Feature
-JSS(features);                    // out: Feature
-JSS(fee_base);                    // out: NetworkOPs
-JSS(fee_div_max);                 // in: TransactionSign
-JSS(fee_level);                   // out: AccountInfo
-JSS(fee_mult_max);                // in: TransactionSign
-JSS(fee_ref);                     // out: NetworkOPs, DEPRECATED
-JSS(fetch_pack);                  // out: NetworkOPs
-JSS(FIELDS);                      // out: RPC server_definitions
-                                  // matches definitions.json format
-JSS(first);                       // out: rpc/Version
-JSS(finished);                    //
-JSS(fix_txns);                    // in: LedgerCleaner
-JSS(flags);                       // out: AccountOffers, NetworkOPs
-JSS(forward);                     // in: AccountTx
-JSS(freeze);                      // out: AccountLines
-JSS(freeze_peer);                 // out: AccountLines
-JSS(deep_freeze);                 // out: AccountLines
-JSS(deep_freeze_peer);            // out: AccountLines
-JSS(frozen_balances);             // out: GatewayBalances
-JSS(full);                        // in: LedgerClearer, handlers/Ledger
-JSS(full_reply);                  // out: PathFind
-JSS(fullbelow_size);              // out: GetCounts
-JSS(git);                         // out: server_info
-JSS(good);                        // out: RPCVersion
-JSS(hash);                        // out: NetworkOPs, InboundLedger, LedgerToJson, STTx; field
-JSS(have_header);                 // out: InboundLedger
-JSS(have_state);                  // out: InboundLedger
-JSS(have_transactions);           // out: InboundLedger
-JSS(high);                        // out: BookChanges
-JSS(highest_sequence);            // out: AccountInfo
-JSS(highest_ticket);              // out: AccountInfo
-JSS(historical_perminute);        // historical_perminute.
-JSS(holders);                     // out: MPTHolders
-JSS(hostid);                      // out: NetworkOPs
-JSS(hotwallet);                   // in: GatewayBalances
-JSS(id);                          // websocket.
-JSS(ident);                       // in: AccountCurrencies, AccountInfo, OwnerInfo
-JSS(ignore_default);              // in: AccountLines
-JSS(in);                          // out: OverlayImpl
-JSS(inLedger);                    // out: tx/Transaction
-JSS(inbound);                     // out: PeerImp
-JSS(index);                       // in: LedgerEntry
-                                  // out: STLedgerEntry, LedgerEntry, TxHistory, LedgerData
-JSS(info);                        // out: ServerInfo, ConsensusInfo, FetchInfo
-JSS(initial_sync_duration_us);    //
-JSS(internal_command);            // in: Internal
-JSS(invalid_API_version);         // out: Many, when a request has an invalid version
-JSS(io_latency_ms);               // out: NetworkOPs
-JSS(ip);                          // in: Connect, out: OverlayImpl
-JSS(is_burned);                   // out: nft_info (clio)
-JSS(isSerialized);                // out: RPC server_definitions
-                                  // matches definitions.json format
-JSS(isSigningField);              // out: RPC server_definitions
-                                  // matches definitions.json format
-JSS(isVLEncoded);                 // out: RPC server_definitions
-                                  // matches definitions.json format
-JSS(issuer);                      // in: RipplePathFind, Subscribe, Unsubscribe, BookOffers
-                                  // out: STPathSet, STAmount
-JSS(job);                         //
-JSS(job_queue);                   //
-JSS(jobs);                        //
-JSS(jsonrpc);                     // json version
-JSS(jq_trans_overflow);           // JobQueue transaction limit overflow.
-JSS(kept);                        // out: SubmitTransaction
-JSS(key);                         // out
-JSS(key_type);                    // in/out: WalletPropose, TransactionSign
-JSS(latency);                     // out: PeerImp
-JSS(last);                        // out: RPCVersion
-JSS(last_close);                  // out: NetworkOPs
-JSS(last_refresh_time);           // out: ValidatorSite
-JSS(last_refresh_status);         // out: ValidatorSite
-JSS(last_refresh_message);        // out: ValidatorSite
-JSS(ledger);                      // in: NetworkOPs, LedgerCleaner, RPCHelpers
-                                  // out: NetworkOPs, PeerImp
-JSS(ledger_current_index);        // out: NetworkOPs, RPCHelpers, LedgerCurrent, LedgerAccept,
-                                  //      AccountLines
-JSS(ledger_data);                 // out: LedgerHeader
-JSS(ledger_hash);                 // in: RPCHelpers, LedgerRequest, RipplePathFind,
-                                  //     TransactionEntry, handlers/Ledger
-                                  // out: NetworkOPs, RPCHelpers, LedgerClosed, LedgerData,
-                                  //      AccountLines
-JSS(ledger_hit_rate);             // out: GetCounts
-JSS(ledger_index);                // in/out: many
-JSS(ledger_index_max);            // in, out: AccountTx*
-JSS(ledger_index_min);            // in, out: AccountTx*
-JSS(ledger_max);                  // in, out: AccountTx*
-JSS(ledger_min);                  // in, out: AccountTx*
-JSS(ledger_time);                 // out: NetworkOPs
-JSS(LEDGER_ENTRY_TYPES);          // out: RPC server_definitions
-                                  // matches definitions.json format
-JSS(LEDGER_ENTRY_FLAGS);          // out: RPC server_definitions
-JSS(LEDGER_ENTRY_FORMATS);        // out: RPC server_definitions
-JSS(levels);                      // LogLevels
+JSS(confidential_balance_inbox);  // out: mpt_holders (confidential MPT)
+JSS(confidential_balance_spending);  // out: mpt_holders (confidential MPT)
+JSS(confidential_balance_version);   // out: mpt_holders (confidential MPT)
+JSS(consensus);                      // out: NetworkOPs, LedgerConsensus
+JSS(converge_time);                  // out: NetworkOPs
+JSS(converge_time_s);                // out: NetworkOPs
+JSS(cookie);                         // out: NetworkOPs
+JSS(count);                          // in: AccountTx*, ValidatorList
+JSS(counters);                       // in/out: retrieve counters
+JSS(credentials);                    // in: deposit_authorized
+JSS(credential_type);                // in: LedgerEntry DepositPreauth
+JSS(ctid);                           // in/out: Tx RPC
+JSS(currency_a);                     // out: BookChanges
+JSS(currency_b);                     // out: BookChanges
+JSS(currency);                       // in: paths/PathRequest, STAmount
+                                     // out: STPathSet, STAmount, AccountLines
+JSS(current);                        // out: OwnerInfo
+JSS(current_activities);             //
+JSS(current_ledger_size);            // out: TxQ
+JSS(current_queue_size);             // out: TxQ
+JSS(data);                           // out: LedgerData
+JSS(date);                           // out: tx/Transaction, NetworkOPs
+JSS(dbKBLedger);                     // out: getCounts
+JSS(dbKBTotal);                      // out: getCounts
+JSS(dbKBTransaction);                // out: getCounts
+JSS(debug_signing);                  // in: TransactionSign
+JSS(deletion_blockers_only);         // in: AccountObjects
+JSS(delivered_amount);               // out: insertDeliveredAmount
+JSS(deposit_authorized);             // out: deposit_authorized
+JSS(deprecated);                     //
+JSS(descending);                     // in: AccountTx*
+JSS(description);                    // in/out: Reservations
+JSS(destination);                    // in: nft_buy_offers, nft_sell_offers
+JSS(destination_account);            // in: PathRequest, RipplePathFind, account_lines
+                                     // out: AccountChannels
+JSS(destination_amount);             // in: PathRequest, RipplePathFind
+JSS(destination_currencies);         // in: PathRequest, RipplePathFind
+JSS(destination_tag);                // in: PathRequest
+                                     // out: AccountChannels
+JSS(details);                        // out: Manifest, server_info
+JSS(dir_entry);                      // out: DirectoryEntryIterator
+JSS(dir_index);                      // out: DirectoryEntryIterator
+JSS(dir_root);                       // out: DirectoryEntryIterator
+JSS(discounted_fee);                 // out: amm_info
+JSS(domain);                         // out: ValidatorInfo, Manifest
+JSS(drops);                          // out: TxQ
+JSS(duration_us);                    // out: NetworkOPs
+JSS(effective);                      // out: ValidatorList
+                                     // in: UNL
+JSS(enabled);                        // out: AmendmentTable
+JSS(engine_result);                  // out: NetworkOPs, TransactionSign, Submit
+JSS(engine_result_code);             // out: NetworkOPs, TransactionSign, Submit
+JSS(engine_result_message);          // out: NetworkOPs, TransactionSign, Submit
+JSS(entire_set);                     // out: get_aggregate_price
+JSS(ephemeral_key);                  // out: ValidatorInfo
+                                     // in/out: Manifest
+JSS(error);                          // out: error
+JSS(errored);                        //
+JSS(error_code);                     // out: error
+JSS(error_exception);                // out: Submit
+JSS(error_message);                  // out: error
+JSS(expand);                         // in: handler/Ledger
+JSS(expected_date);                  // out: any (warnings)
+JSS(expected_date_UTC);              // out: any (warnings)
+JSS(expected_ledger_size);           // out: TxQ
+JSS(expiration);                     // out: AccountOffers, AccountChannels, ValidatorList, amm_info
+JSS(fail_hard);                      // in: Sign, Submit
+JSS(failed);                         // out: InboundLedger
+JSS(feature);                        // in: Feature
+JSS(features);                       // out: Feature
+JSS(fee_base);                       // out: NetworkOPs
+JSS(fee_div_max);                    // in: TransactionSign
+JSS(fee_level);                      // out: AccountInfo
+JSS(fee_mult_max);                   // in: TransactionSign
+JSS(fee_ref);                        // out: NetworkOPs, DEPRECATED
+JSS(fetch_pack);                     // out: NetworkOPs
+JSS(FIELDS);                         // out: RPC server_definitions
+                                     // matches definitions.json format
+JSS(first);                          // out: rpc/Version
+JSS(finished);                       //
+JSS(fix_txns);                       // in: LedgerCleaner
+JSS(flags);                          // out: AccountOffers, NetworkOPs
+JSS(forward);                        // in: AccountTx
+JSS(freeze);                         // out: AccountLines
+JSS(freeze_peer);                    // out: AccountLines
+JSS(deep_freeze);                    // out: AccountLines
+JSS(deep_freeze_peer);               // out: AccountLines
+JSS(frozen_balances);                // out: GatewayBalances
+JSS(full);                           // in: LedgerClearer, handlers/Ledger
+JSS(full_reply);                     // out: PathFind
+JSS(fullbelow_size);                 // out: GetCounts
+JSS(git);                            // out: server_info
+JSS(good);                           // out: RPCVersion
+JSS(hash);                           // out: NetworkOPs, InboundLedger, LedgerToJson, STTx; field
+JSS(have_header);                    // out: InboundLedger
+JSS(have_state);                     // out: InboundLedger
+JSS(have_transactions);              // out: InboundLedger
+JSS(high);                           // out: BookChanges
+JSS(highest_sequence);               // out: AccountInfo
+JSS(highest_ticket);                 // out: AccountInfo
+JSS(historical_perminute);           // historical_perminute.
+JSS(holders);                        // out: MPTHolders
+JSS(holder_encryption_key);          // out: mpt_holders (confidential MPT)
+JSS(hostid);                         // out: NetworkOPs
+JSS(hotwallet);                      // in: GatewayBalances
+JSS(id);                             // websocket.
+JSS(ident);                          // in: AccountCurrencies, AccountInfo, OwnerInfo
+JSS(ignore_default);                 // in: AccountLines
+JSS(in);                             // out: OverlayImpl
+JSS(inLedger);                       // out: tx/Transaction
+JSS(inbound);                        // out: PeerImp
+JSS(index);                          // in: LedgerEntry
+                                     // out: STLedgerEntry, LedgerEntry, TxHistory, LedgerData
+JSS(info);                           // out: ServerInfo, ConsensusInfo, FetchInfo
+JSS(initial_sync_duration_us);       //
+JSS(internal_command);               // in: Internal
+JSS(invalid_API_version);            // out: Many, when a request has an invalid version
+JSS(io_latency_ms);                  // out: NetworkOPs
+JSS(ip);                             // in: Connect, out: OverlayImpl
+JSS(is_burned);                      // out: nft_info (clio)
+JSS(isSerialized);                   // out: RPC server_definitions
+                                     // matches definitions.json format
+JSS(isSigningField);                 // out: RPC server_definitions
+                                     // matches definitions.json format
+JSS(isVLEncoded);                    // out: RPC server_definitions
+                                     // matches definitions.json format
+JSS(issuer);                         // in: RipplePathFind, Subscribe, Unsubscribe, BookOffers
+                                     // out: STPathSet, STAmount
+JSS(issuer_encrypted_balance);       // out: mpt_holders (confidential MPT)
+JSS(job);                            //
+JSS(job_queue);                      //
+JSS(jobs);                           //
+JSS(jsonrpc);                        // json version
+JSS(jq_trans_overflow);              // JobQueue transaction limit overflow.
+JSS(kept);                           // out: SubmitTransaction
+JSS(key);                            // out
+JSS(key_type);                       // in/out: WalletPropose, TransactionSign
+JSS(latency);                        // out: PeerImp
+JSS(last);                           // out: RPCVersion
+JSS(last_close);                     // out: NetworkOPs
+JSS(last_refresh_time);              // out: ValidatorSite
+JSS(last_refresh_status);            // out: ValidatorSite
+JSS(last_refresh_message);           // out: ValidatorSite
+JSS(ledger);                         // in: NetworkOPs, LedgerCleaner, RPCHelpers
+                                     // out: NetworkOPs, PeerImp
+JSS(ledger_current_index);           // out: NetworkOPs, RPCHelpers, LedgerCurrent, LedgerAccept,
+                                     //      AccountLines
+JSS(ledger_data);                    // out: LedgerHeader
+JSS(ledger_hash);                    // in: RPCHelpers, LedgerRequest, RipplePathFind,
+                                     //     TransactionEntry, handlers/Ledger
+                                     // out: NetworkOPs, RPCHelpers, LedgerClosed, LedgerData,
+                                     //      AccountLines
+JSS(ledger_hit_rate);                // out: GetCounts
+JSS(ledger_index);                   // in/out: many
+JSS(ledger_index_max);               // in, out: AccountTx*
+JSS(ledger_index_min);               // in, out: AccountTx*
+JSS(ledger_max);                     // in, out: AccountTx*
+JSS(ledger_min);                     // in, out: AccountTx*
+JSS(ledger_time);                    // out: NetworkOPs
+JSS(LEDGER_ENTRY_TYPES);             // out: RPC server_definitions
+                                     // matches definitions.json format
+JSS(LEDGER_ENTRY_FLAGS);             // out: RPC server_definitions
+JSS(LEDGER_ENTRY_FORMATS);           // out: RPC server_definitions
+JSS(levels);                         // LogLevels
 JSS(limit);                       // in/out: AccountTx*, AccountOffers, AccountLines, AccountObjects
                                  // in: LedgerData, BookOffers
 JSS(limit_peer);                  // out: AccountLines
@@ -401,6 +404,9 @@ JSS(min_ledger);                  // in: LedgerCleaner
 JSS(minimum_fee);                 // out: TxQ
 JSS(minimum_level);               // out: TxQ
 JSS(missingCommand);              // error
+JSS(mpt_amount);                  // out: mpt_holders
+JSS(mpt_issuance_id);             // in: Payment, mpt_holders
+JSS(mptoken_index);               // out: mpt_holders
 JSS(mpt_issuance_id_a);           // out: BookChanges
 JSS(mpt_issuance_id_b);           // out: BookChanges
 JSS(name);                        // out: AmendmentTableImpl, PeerImp
--- a/include/xrpl/protocol_autogen/ledger_entries/MPToken.h
+++ b/include/xrpl/protocol_autogen/ledger_entries/MPToken.h
@@ -147,6 +147,150 @@ public:
    {
        return this->sle_->at(sfPreviousTxnLgrSeq);
    }
+
+    /**
+     * @brief Get sfConfidentialBalanceInbox (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_VL::type::value_type>
+    getConfidentialBalanceInbox() const
+    {
+        if (hasConfidentialBalanceInbox())
+            return this->sle_->at(sfConfidentialBalanceInbox);
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfConfidentialBalanceInbox is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasConfidentialBalanceInbox() const
+    {
+        return this->sle_->isFieldPresent(sfConfidentialBalanceInbox);
+    }
+
+    /**
+     * @brief Get sfConfidentialBalanceSpending (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_VL::type::value_type>
+    getConfidentialBalanceSpending() const
+    {
+        if (hasConfidentialBalanceSpending())
+            return this->sle_->at(sfConfidentialBalanceSpending);
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfConfidentialBalanceSpending is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasConfidentialBalanceSpending() const
+    {
+        return this->sle_->isFieldPresent(sfConfidentialBalanceSpending);
+    }
+
+    /**
+     * @brief Get sfConfidentialBalanceVersion (SoeDefault)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_UINT32::type::value_type>
+    getConfidentialBalanceVersion() const
+    {
+        if (hasConfidentialBalanceVersion())
+            return this->sle_->at(sfConfidentialBalanceVersion);
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfConfidentialBalanceVersion is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasConfidentialBalanceVersion() const
+    {
+        return this->sle_->isFieldPresent(sfConfidentialBalanceVersion);
+    }
+
+    /**
+     * @brief Get sfIssuerEncryptedBalance (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_VL::type::value_type>
+    getIssuerEncryptedBalance() const
+    {
+        if (hasIssuerEncryptedBalance())
+            return this->sle_->at(sfIssuerEncryptedBalance);
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfIssuerEncryptedBalance is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasIssuerEncryptedBalance() const
+    {
+        return this->sle_->isFieldPresent(sfIssuerEncryptedBalance);
+    }
+
+    /**
+     * @brief Get sfAuditorEncryptedBalance (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_VL::type::value_type>
+    getAuditorEncryptedBalance() const
+    {
+        if (hasAuditorEncryptedBalance())
+            return this->sle_->at(sfAuditorEncryptedBalance);
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfAuditorEncryptedBalance is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasAuditorEncryptedBalance() const
+    {
+        return this->sle_->isFieldPresent(sfAuditorEncryptedBalance);
+    }
+
+    /**
+     * @brief Get sfHolderEncryptionKey (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_VL::type::value_type>
+    getHolderEncryptionKey() const
+    {
+        if (hasHolderEncryptionKey())
+            return this->sle_->at(sfHolderEncryptionKey);
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfHolderEncryptionKey is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasHolderEncryptionKey() const
+    {
+        return this->sle_->isFieldPresent(sfHolderEncryptionKey);
+    }
 };

 /**
@@ -270,6 +414,72 @@ public:
        return *this;
    }

+    /**
+     * @brief Set sfConfidentialBalanceInbox (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    MPTokenBuilder&
+    setConfidentialBalanceInbox(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfConfidentialBalanceInbox] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfConfidentialBalanceSpending (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    MPTokenBuilder&
+    setConfidentialBalanceSpending(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfConfidentialBalanceSpending] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfConfidentialBalanceVersion (SoeDefault)
+     * @return Reference to this builder for method chaining.
+     */
+    MPTokenBuilder&
+    setConfidentialBalanceVersion(std::decay_t<typename SF_UINT32::type::value_type> const& value)
+    {
+        object_[sfConfidentialBalanceVersion] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfIssuerEncryptedBalance (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    MPTokenBuilder&
+    setIssuerEncryptedBalance(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfIssuerEncryptedBalance] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfAuditorEncryptedBalance (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    MPTokenBuilder&
+    setAuditorEncryptedBalance(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfAuditorEncryptedBalance] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfHolderEncryptionKey (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    MPTokenBuilder&
+    setHolderEncryptionKey(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfHolderEncryptionKey] = value;
+        return *this;
+    }
+
    /**
     * @brief Build and return the completed MPToken wrapper.
     * @param index The ledger entry index.
--- a/include/xrpl/protocol_autogen/ledger_entries/MPTokenIssuance.h
+++ b/include/xrpl/protocol_autogen/ledger_entries/MPTokenIssuance.h
@@ -278,6 +278,78 @@ public:
    {
        return this->sle_->isFieldPresent(sfMutableFlags);
    }
+
+    /**
+     * @brief Get sfIssuerEncryptionKey (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_VL::type::value_type>
+    getIssuerEncryptionKey() const
+    {
+        if (hasIssuerEncryptionKey())
+            return this->sle_->at(sfIssuerEncryptionKey);
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfIssuerEncryptionKey is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasIssuerEncryptionKey() const
+    {
+        return this->sle_->isFieldPresent(sfIssuerEncryptionKey);
+    }
+
+    /**
+     * @brief Get sfAuditorEncryptionKey (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_VL::type::value_type>
+    getAuditorEncryptionKey() const
+    {
+        if (hasAuditorEncryptionKey())
+            return this->sle_->at(sfAuditorEncryptionKey);
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfAuditorEncryptionKey is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasAuditorEncryptionKey() const
+    {
+        return this->sle_->isFieldPresent(sfAuditorEncryptionKey);
+    }
+
+    /**
+     * @brief Get sfConfidentialOutstandingAmount (SoeDefault)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_UINT64::type::value_type>
+    getConfidentialOutstandingAmount() const
+    {
+        if (hasConfidentialOutstandingAmount())
+            return this->sle_->at(sfConfidentialOutstandingAmount);
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfConfidentialOutstandingAmount is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasConfidentialOutstandingAmount() const
+    {
+        return this->sle_->isFieldPresent(sfConfidentialOutstandingAmount);
+    }
 };

 /**
@@ -469,6 +541,39 @@ public:
        return *this;
    }

+    /**
+     * @brief Set sfIssuerEncryptionKey (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    MPTokenIssuanceBuilder&
+    setIssuerEncryptionKey(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfIssuerEncryptionKey] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfAuditorEncryptionKey (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    MPTokenIssuanceBuilder&
+    setAuditorEncryptionKey(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfAuditorEncryptionKey] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfConfidentialOutstandingAmount (SoeDefault)
+     * @return Reference to this builder for method chaining.
+     */
+    MPTokenIssuanceBuilder&
+    setConfidentialOutstandingAmount(std::decay_t<typename SF_UINT64::type::value_type> const& value)
+    {
+        object_[sfConfidentialOutstandingAmount] = value;
+        return *this;
+    }
+
    /**
     * @brief Build and return the completed MPTokenIssuance wrapper.
     * @param index The ledger entry index.
--- a/include/xrpl/protocol_autogen/transactions/ConfidentialMPTClawback.h
+++ b/include/xrpl/protocol_autogen/transactions/ConfidentialMPTClawback.h
@@ -0,0 +1,201 @@
+// This file is auto-generated. Do not edit.
+#pragma once
+
+#include <xrpl/protocol/STTx.h>
+#include <xrpl/protocol/STParsedJSON.h>
+#include <xrpl/protocol/jss.h>
+#include <xrpl/protocol_autogen/TransactionBase.h>
+#include <xrpl/protocol_autogen/TransactionBuilderBase.h>
+#include <xrpl/json/json_value.h>
+
+#include <stdexcept>
+#include <optional>
+
+namespace xrpl::transactions {
+
+class ConfidentialMPTClawbackBuilder;
+
+/**
+ * @brief Transaction: ConfidentialMPTClawback
+ *
+ * Type: ttCONFIDENTIAL_MPT_CLAWBACK (89)
+ * Delegable: Delegation::Delegable
+ * Amendment: featureConfidentialTransfer
+ * Privileges: NoPriv
+ *
+ * Immutable wrapper around STTx providing type-safe field access.
+ * Use ConfidentialMPTClawbackBuilder to construct new transactions.
+ */
+class ConfidentialMPTClawback : public TransactionBase
+{
+public:
+    static constexpr xrpl::TxType txType = ttCONFIDENTIAL_MPT_CLAWBACK;
+
+    /**
+     * @brief Construct a ConfidentialMPTClawback transaction wrapper from an existing STTx object.
+     * @throws std::runtime_error if the transaction type doesn't match.
+     */
+    explicit ConfidentialMPTClawback(std::shared_ptr<STTx const> tx)
+        : TransactionBase(std::move(tx))
+    {
+        // Verify transaction type
+        if (tx_->getTxnType() != txType)
+        {
+            throw std::runtime_error("Invalid transaction type for ConfidentialMPTClawback");
+        }
+    }
+
+    // Transaction-specific field getters
+
+    /**
+     * @brief Get sfMPTokenIssuanceID (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_UINT192::type::value_type
+    getMPTokenIssuanceID() const
+    {
+        return this->tx_->at(sfMPTokenIssuanceID);
+    }
+
+    /**
+     * @brief Get sfHolder (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_ACCOUNT::type::value_type
+    getHolder() const
+    {
+        return this->tx_->at(sfHolder);
+    }
+
+    /**
+     * @brief Get sfMPTAmount (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_UINT64::type::value_type
+    getMPTAmount() const
+    {
+        return this->tx_->at(sfMPTAmount);
+    }
+
+    /**
+     * @brief Get sfZKProof (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_VL::type::value_type
+    getZKProof() const
+    {
+        return this->tx_->at(sfZKProof);
+    }
+};
+
+/**
+ * @brief Builder for ConfidentialMPTClawback transactions.
+ *
+ * Provides a fluent interface for constructing transactions with method chaining.
+ * Uses STObject internally for flexible transaction construction.
+ * Inherits common field setters from TransactionBuilderBase.
+ */
+class ConfidentialMPTClawbackBuilder : public TransactionBuilderBase<ConfidentialMPTClawbackBuilder>
+{
+public:
+    /**
+     * @brief Construct a new ConfidentialMPTClawbackBuilder with required fields.
+     * @param account The account initiating the transaction.
+     * @param mPTokenIssuanceID The sfMPTokenIssuanceID field value.
+     * @param holder The sfHolder field value.
+     * @param mPTAmount The sfMPTAmount field value.
+     * @param zKProof The sfZKProof field value.
+     * @param sequence Optional sequence number for the transaction.
+     * @param fee Optional fee for the transaction.
+     */
+    ConfidentialMPTClawbackBuilder(SF_ACCOUNT::type::value_type account,
+                     std::decay_t<typename SF_UINT192::type::value_type> const& mPTokenIssuanceID,                     std::decay_t<typename SF_ACCOUNT::type::value_type> const& holder,                     std::decay_t<typename SF_UINT64::type::value_type> const& mPTAmount,                     std::decay_t<typename SF_VL::type::value_type> const& zKProof,                    std::optional<SF_UINT32::type::value_type> sequence = std::nullopt,
+                    std::optional<SF_AMOUNT::type::value_type> fee = std::nullopt
+)
+        : TransactionBuilderBase<ConfidentialMPTClawbackBuilder>(ttCONFIDENTIAL_MPT_CLAWBACK, account, sequence, fee)
+    {
+        setMPTokenIssuanceID(mPTokenIssuanceID);
+        setHolder(holder);
+        setMPTAmount(mPTAmount);
+        setZKProof(zKProof);
+    }
+
+    /**
+     * @brief Construct a ConfidentialMPTClawbackBuilder from an existing STTx object.
+     * @param tx The existing transaction to copy from.
+     * @throws std::runtime_error if the transaction type doesn't match.
+     */
+    ConfidentialMPTClawbackBuilder(std::shared_ptr<STTx const> tx)
+    {
+        if (tx->getTxnType() != ttCONFIDENTIAL_MPT_CLAWBACK)
+        {
+            throw std::runtime_error("Invalid transaction type for ConfidentialMPTClawbackBuilder");
+        }
+        object_ = *tx;
+    }
+
+    /** @brief Transaction-specific field setters */
+
+    /**
+     * @brief Set sfMPTokenIssuanceID (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTClawbackBuilder&
+    setMPTokenIssuanceID(std::decay_t<typename SF_UINT192::type::value_type> const& value)
+    {
+        object_[sfMPTokenIssuanceID] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfHolder (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTClawbackBuilder&
+    setHolder(std::decay_t<typename SF_ACCOUNT::type::value_type> const& value)
+    {
+        object_[sfHolder] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfMPTAmount (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTClawbackBuilder&
+    setMPTAmount(std::decay_t<typename SF_UINT64::type::value_type> const& value)
+    {
+        object_[sfMPTAmount] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfZKProof (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTClawbackBuilder&
+    setZKProof(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfZKProof] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Build and return the ConfidentialMPTClawback wrapper.
+     * @param publicKey The public key for signing.
+     * @param secretKey The secret key for signing.
+     * @return The constructed transaction wrapper.
+     */
+    ConfidentialMPTClawback
+    build(PublicKey const& publicKey, SecretKey const& secretKey)
+    {
+        sign(publicKey, secretKey);
+        return ConfidentialMPTClawback{std::make_shared<STTx>(std::move(object_))};
+    }
+};
+
+}  // namespace xrpl::transactions
--- a/include/xrpl/protocol_autogen/transactions/ConfidentialMPTConvert.h
+++ b/include/xrpl/protocol_autogen/transactions/ConfidentialMPTConvert.h
@@ -0,0 +1,336 @@
+// This file is auto-generated. Do not edit.
+#pragma once
+
+#include <xrpl/protocol/STTx.h>
+#include <xrpl/protocol/STParsedJSON.h>
+#include <xrpl/protocol/jss.h>
+#include <xrpl/protocol_autogen/TransactionBase.h>
+#include <xrpl/protocol_autogen/TransactionBuilderBase.h>
+#include <xrpl/json/json_value.h>
+
+#include <stdexcept>
+#include <optional>
+
+namespace xrpl::transactions {
+
+class ConfidentialMPTConvertBuilder;
+
+/**
+ * @brief Transaction: ConfidentialMPTConvert
+ *
+ * Type: ttCONFIDENTIAL_MPT_CONVERT (85)
+ * Delegable: Delegation::Delegable
+ * Amendment: featureConfidentialTransfer
+ * Privileges: NoPriv
+ *
+ * Immutable wrapper around STTx providing type-safe field access.
+ * Use ConfidentialMPTConvertBuilder to construct new transactions.
+ */
+class ConfidentialMPTConvert : public TransactionBase
+{
+public:
+    static constexpr xrpl::TxType txType = ttCONFIDENTIAL_MPT_CONVERT;
+
+    /**
+     * @brief Construct a ConfidentialMPTConvert transaction wrapper from an existing STTx object.
+     * @throws std::runtime_error if the transaction type doesn't match.
+     */
+    explicit ConfidentialMPTConvert(std::shared_ptr<STTx const> tx)
+        : TransactionBase(std::move(tx))
+    {
+        // Verify transaction type
+        if (tx_->getTxnType() != txType)
+        {
+            throw std::runtime_error("Invalid transaction type for ConfidentialMPTConvert");
+        }
+    }
+
+    // Transaction-specific field getters
+
+    /**
+     * @brief Get sfMPTokenIssuanceID (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_UINT192::type::value_type
+    getMPTokenIssuanceID() const
+    {
+        return this->tx_->at(sfMPTokenIssuanceID);
+    }
+
+    /**
+     * @brief Get sfMPTAmount (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_UINT64::type::value_type
+    getMPTAmount() const
+    {
+        return this->tx_->at(sfMPTAmount);
+    }
+
+    /**
+     * @brief Get sfHolderEncryptionKey (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_VL::type::value_type>
+    getHolderEncryptionKey() const
+    {
+        if (hasHolderEncryptionKey())
+        {
+            return this->tx_->at(sfHolderEncryptionKey);
+        }
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfHolderEncryptionKey is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasHolderEncryptionKey() const
+    {
+        return this->tx_->isFieldPresent(sfHolderEncryptionKey);
+    }
+
+    /**
+     * @brief Get sfHolderEncryptedAmount (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_VL::type::value_type
+    getHolderEncryptedAmount() const
+    {
+        return this->tx_->at(sfHolderEncryptedAmount);
+    }
+
+    /**
+     * @brief Get sfIssuerEncryptedAmount (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_VL::type::value_type
+    getIssuerEncryptedAmount() const
+    {
+        return this->tx_->at(sfIssuerEncryptedAmount);
+    }
+
+    /**
+     * @brief Get sfAuditorEncryptedAmount (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_VL::type::value_type>
+    getAuditorEncryptedAmount() const
+    {
+        if (hasAuditorEncryptedAmount())
+        {
+            return this->tx_->at(sfAuditorEncryptedAmount);
+        }
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfAuditorEncryptedAmount is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasAuditorEncryptedAmount() const
+    {
+        return this->tx_->isFieldPresent(sfAuditorEncryptedAmount);
+    }
+
+    /**
+     * @brief Get sfBlindingFactor (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_UINT256::type::value_type
+    getBlindingFactor() const
+    {
+        return this->tx_->at(sfBlindingFactor);
+    }
+
+    /**
+     * @brief Get sfZKProof (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_VL::type::value_type>
+    getZKProof() const
+    {
+        if (hasZKProof())
+        {
+            return this->tx_->at(sfZKProof);
+        }
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfZKProof is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasZKProof() const
+    {
+        return this->tx_->isFieldPresent(sfZKProof);
+    }
+};
+
+/**
+ * @brief Builder for ConfidentialMPTConvert transactions.
+ *
+ * Provides a fluent interface for constructing transactions with method chaining.
+ * Uses STObject internally for flexible transaction construction.
+ * Inherits common field setters from TransactionBuilderBase.
+ */
+class ConfidentialMPTConvertBuilder : public TransactionBuilderBase<ConfidentialMPTConvertBuilder>
+{
+public:
+    /**
+     * @brief Construct a new ConfidentialMPTConvertBuilder with required fields.
+     * @param account The account initiating the transaction.
+     * @param mPTokenIssuanceID The sfMPTokenIssuanceID field value.
+     * @param mPTAmount The sfMPTAmount field value.
+     * @param holderEncryptedAmount The sfHolderEncryptedAmount field value.
+     * @param issuerEncryptedAmount The sfIssuerEncryptedAmount field value.
+     * @param blindingFactor The sfBlindingFactor field value.
+     * @param sequence Optional sequence number for the transaction.
+     * @param fee Optional fee for the transaction.
+     */
+    ConfidentialMPTConvertBuilder(SF_ACCOUNT::type::value_type account,
+                     std::decay_t<typename SF_UINT192::type::value_type> const& mPTokenIssuanceID,                     std::decay_t<typename SF_UINT64::type::value_type> const& mPTAmount,                     std::decay_t<typename SF_VL::type::value_type> const& holderEncryptedAmount,                     std::decay_t<typename SF_VL::type::value_type> const& issuerEncryptedAmount,                     std::decay_t<typename SF_UINT256::type::value_type> const& blindingFactor,                    std::optional<SF_UINT32::type::value_type> sequence = std::nullopt,
+                    std::optional<SF_AMOUNT::type::value_type> fee = std::nullopt
+)
+        : TransactionBuilderBase<ConfidentialMPTConvertBuilder>(ttCONFIDENTIAL_MPT_CONVERT, account, sequence, fee)
+    {
+        setMPTokenIssuanceID(mPTokenIssuanceID);
+        setMPTAmount(mPTAmount);
+        setHolderEncryptedAmount(holderEncryptedAmount);
+        setIssuerEncryptedAmount(issuerEncryptedAmount);
+        setBlindingFactor(blindingFactor);
+    }
+
+    /**
+     * @brief Construct a ConfidentialMPTConvertBuilder from an existing STTx object.
+     * @param tx The existing transaction to copy from.
+     * @throws std::runtime_error if the transaction type doesn't match.
+     */
+    ConfidentialMPTConvertBuilder(std::shared_ptr<STTx const> tx)
+    {
+        if (tx->getTxnType() != ttCONFIDENTIAL_MPT_CONVERT)
+        {
+            throw std::runtime_error("Invalid transaction type for ConfidentialMPTConvertBuilder");
+        }
+        object_ = *tx;
+    }
+
+    /** @brief Transaction-specific field setters */
+
+    /**
+     * @brief Set sfMPTokenIssuanceID (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBuilder&
+    setMPTokenIssuanceID(std::decay_t<typename SF_UINT192::type::value_type> const& value)
+    {
+        object_[sfMPTokenIssuanceID] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfMPTAmount (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBuilder&
+    setMPTAmount(std::decay_t<typename SF_UINT64::type::value_type> const& value)
+    {
+        object_[sfMPTAmount] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfHolderEncryptionKey (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBuilder&
+    setHolderEncryptionKey(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfHolderEncryptionKey] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfHolderEncryptedAmount (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBuilder&
+    setHolderEncryptedAmount(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfHolderEncryptedAmount] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfIssuerEncryptedAmount (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBuilder&
+    setIssuerEncryptedAmount(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfIssuerEncryptedAmount] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfAuditorEncryptedAmount (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBuilder&
+    setAuditorEncryptedAmount(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfAuditorEncryptedAmount] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfBlindingFactor (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBuilder&
+    setBlindingFactor(std::decay_t<typename SF_UINT256::type::value_type> const& value)
+    {
+        object_[sfBlindingFactor] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfZKProof (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBuilder&
+    setZKProof(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfZKProof] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Build and return the ConfidentialMPTConvert wrapper.
+     * @param publicKey The public key for signing.
+     * @param secretKey The secret key for signing.
+     * @return The constructed transaction wrapper.
+     */
+    ConfidentialMPTConvert
+    build(PublicKey const& publicKey, SecretKey const& secretKey)
+    {
+        sign(publicKey, secretKey);
+        return ConfidentialMPTConvert{std::make_shared<STTx>(std::move(object_))};
+    }
+};
+
+}  // namespace xrpl::transactions
--- a/include/xrpl/protocol_autogen/transactions/ConfidentialMPTConvertBack.h
+++ b/include/xrpl/protocol_autogen/transactions/ConfidentialMPTConvertBack.h
@@ -0,0 +1,310 @@
+// This file is auto-generated. Do not edit.
+#pragma once
+
+#include <xrpl/protocol/STTx.h>
+#include <xrpl/protocol/STParsedJSON.h>
+#include <xrpl/protocol/jss.h>
+#include <xrpl/protocol_autogen/TransactionBase.h>
+#include <xrpl/protocol_autogen/TransactionBuilderBase.h>
+#include <xrpl/json/json_value.h>
+
+#include <stdexcept>
+#include <optional>
+
+namespace xrpl::transactions {
+
+class ConfidentialMPTConvertBackBuilder;
+
+/**
+ * @brief Transaction: ConfidentialMPTConvertBack
+ *
+ * Type: ttCONFIDENTIAL_MPT_CONVERT_BACK (87)
+ * Delegable: Delegation::Delegable
+ * Amendment: featureConfidentialTransfer
+ * Privileges: NoPriv
+ *
+ * Immutable wrapper around STTx providing type-safe field access.
+ * Use ConfidentialMPTConvertBackBuilder to construct new transactions.
+ */
+class ConfidentialMPTConvertBack : public TransactionBase
+{
+public:
+    static constexpr xrpl::TxType txType = ttCONFIDENTIAL_MPT_CONVERT_BACK;
+
+    /**
+     * @brief Construct a ConfidentialMPTConvertBack transaction wrapper from an existing STTx object.
+     * @throws std::runtime_error if the transaction type doesn't match.
+     */
+    explicit ConfidentialMPTConvertBack(std::shared_ptr<STTx const> tx)
+        : TransactionBase(std::move(tx))
+    {
+        // Verify transaction type
+        if (tx_->getTxnType() != txType)
+        {
+            throw std::runtime_error("Invalid transaction type for ConfidentialMPTConvertBack");
+        }
+    }
+
+    // Transaction-specific field getters
+
+    /**
+     * @brief Get sfMPTokenIssuanceID (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_UINT192::type::value_type
+    getMPTokenIssuanceID() const
+    {
+        return this->tx_->at(sfMPTokenIssuanceID);
+    }
+
+    /**
+     * @brief Get sfMPTAmount (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_UINT64::type::value_type
+    getMPTAmount() const
+    {
+        return this->tx_->at(sfMPTAmount);
+    }
+
+    /**
+     * @brief Get sfHolderEncryptedAmount (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_VL::type::value_type
+    getHolderEncryptedAmount() const
+    {
+        return this->tx_->at(sfHolderEncryptedAmount);
+    }
+
+    /**
+     * @brief Get sfIssuerEncryptedAmount (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_VL::type::value_type
+    getIssuerEncryptedAmount() const
+    {
+        return this->tx_->at(sfIssuerEncryptedAmount);
+    }
+
+    /**
+     * @brief Get sfAuditorEncryptedAmount (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_VL::type::value_type>
+    getAuditorEncryptedAmount() const
+    {
+        if (hasAuditorEncryptedAmount())
+        {
+            return this->tx_->at(sfAuditorEncryptedAmount);
+        }
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfAuditorEncryptedAmount is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasAuditorEncryptedAmount() const
+    {
+        return this->tx_->isFieldPresent(sfAuditorEncryptedAmount);
+    }
+
+    /**
+     * @brief Get sfBlindingFactor (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_UINT256::type::value_type
+    getBlindingFactor() const
+    {
+        return this->tx_->at(sfBlindingFactor);
+    }
+
+    /**
+     * @brief Get sfZKProof (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_VL::type::value_type
+    getZKProof() const
+    {
+        return this->tx_->at(sfZKProof);
+    }
+
+    /**
+     * @brief Get sfBalanceCommitment (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_VL::type::value_type
+    getBalanceCommitment() const
+    {
+        return this->tx_->at(sfBalanceCommitment);
+    }
+};
+
+/**
+ * @brief Builder for ConfidentialMPTConvertBack transactions.
+ *
+ * Provides a fluent interface for constructing transactions with method chaining.
+ * Uses STObject internally for flexible transaction construction.
+ * Inherits common field setters from TransactionBuilderBase.
+ */
+class ConfidentialMPTConvertBackBuilder : public TransactionBuilderBase<ConfidentialMPTConvertBackBuilder>
+{
+public:
+    /**
+     * @brief Construct a new ConfidentialMPTConvertBackBuilder with required fields.
+     * @param account The account initiating the transaction.
+     * @param mPTokenIssuanceID The sfMPTokenIssuanceID field value.
+     * @param mPTAmount The sfMPTAmount field value.
+     * @param holderEncryptedAmount The sfHolderEncryptedAmount field value.
+     * @param issuerEncryptedAmount The sfIssuerEncryptedAmount field value.
+     * @param blindingFactor The sfBlindingFactor field value.
+     * @param zKProof The sfZKProof field value.
+     * @param balanceCommitment The sfBalanceCommitment field value.
+     * @param sequence Optional sequence number for the transaction.
+     * @param fee Optional fee for the transaction.
+     */
+    ConfidentialMPTConvertBackBuilder(SF_ACCOUNT::type::value_type account,
+                     std::decay_t<typename SF_UINT192::type::value_type> const& mPTokenIssuanceID,                     std::decay_t<typename SF_UINT64::type::value_type> const& mPTAmount,                     std::decay_t<typename SF_VL::type::value_type> const& holderEncryptedAmount,                     std::decay_t<typename SF_VL::type::value_type> const& issuerEncryptedAmount,                     std::decay_t<typename SF_UINT256::type::value_type> const& blindingFactor,                     std::decay_t<typename SF_VL::type::value_type> const& zKProof,                     std::decay_t<typename SF_VL::type::value_type> const& balanceCommitment,                    std::optional<SF_UINT32::type::value_type> sequence = std::nullopt,
+                    std::optional<SF_AMOUNT::type::value_type> fee = std::nullopt
+)
+        : TransactionBuilderBase<ConfidentialMPTConvertBackBuilder>(ttCONFIDENTIAL_MPT_CONVERT_BACK, account, sequence, fee)
+    {
+        setMPTokenIssuanceID(mPTokenIssuanceID);
+        setMPTAmount(mPTAmount);
+        setHolderEncryptedAmount(holderEncryptedAmount);
+        setIssuerEncryptedAmount(issuerEncryptedAmount);
+        setBlindingFactor(blindingFactor);
+        setZKProof(zKProof);
+        setBalanceCommitment(balanceCommitment);
+    }
+
+    /**
+     * @brief Construct a ConfidentialMPTConvertBackBuilder from an existing STTx object.
+     * @param tx The existing transaction to copy from.
+     * @throws std::runtime_error if the transaction type doesn't match.
+     */
+    ConfidentialMPTConvertBackBuilder(std::shared_ptr<STTx const> tx)
+    {
+        if (tx->getTxnType() != ttCONFIDENTIAL_MPT_CONVERT_BACK)
+        {
+            throw std::runtime_error("Invalid transaction type for ConfidentialMPTConvertBackBuilder");
+        }
+        object_ = *tx;
+    }
+
+    /** @brief Transaction-specific field setters */
+
+    /**
+     * @brief Set sfMPTokenIssuanceID (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBackBuilder&
+    setMPTokenIssuanceID(std::decay_t<typename SF_UINT192::type::value_type> const& value)
+    {
+        object_[sfMPTokenIssuanceID] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfMPTAmount (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBackBuilder&
+    setMPTAmount(std::decay_t<typename SF_UINT64::type::value_type> const& value)
+    {
+        object_[sfMPTAmount] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfHolderEncryptedAmount (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBackBuilder&
+    setHolderEncryptedAmount(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfHolderEncryptedAmount] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfIssuerEncryptedAmount (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBackBuilder&
+    setIssuerEncryptedAmount(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfIssuerEncryptedAmount] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfAuditorEncryptedAmount (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBackBuilder&
+    setAuditorEncryptedAmount(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfAuditorEncryptedAmount] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfBlindingFactor (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBackBuilder&
+    setBlindingFactor(std::decay_t<typename SF_UINT256::type::value_type> const& value)
+    {
+        object_[sfBlindingFactor] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfZKProof (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBackBuilder&
+    setZKProof(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfZKProof] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfBalanceCommitment (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTConvertBackBuilder&
+    setBalanceCommitment(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfBalanceCommitment] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Build and return the ConfidentialMPTConvertBack wrapper.
+     * @param publicKey The public key for signing.
+     * @param secretKey The secret key for signing.
+     * @return The constructed transaction wrapper.
+     */
+    ConfidentialMPTConvertBack
+    build(PublicKey const& publicKey, SecretKey const& secretKey)
+    {
+        sign(publicKey, secretKey);
+        return ConfidentialMPTConvertBack{std::make_shared<STTx>(std::move(object_))};
+    }
+};
+
+}  // namespace xrpl::transactions
--- a/include/xrpl/protocol_autogen/transactions/ConfidentialMPTMergeInbox.h
+++ b/include/xrpl/protocol_autogen/transactions/ConfidentialMPTMergeInbox.h
@@ -0,0 +1,129 @@
+// This file is auto-generated. Do not edit.
+#pragma once
+
+#include <xrpl/protocol/STTx.h>
+#include <xrpl/protocol/STParsedJSON.h>
+#include <xrpl/protocol/jss.h>
+#include <xrpl/protocol_autogen/TransactionBase.h>
+#include <xrpl/protocol_autogen/TransactionBuilderBase.h>
+#include <xrpl/json/json_value.h>
+
+#include <stdexcept>
+#include <optional>
+
+namespace xrpl::transactions {
+
+class ConfidentialMPTMergeInboxBuilder;
+
+/**
+ * @brief Transaction: ConfidentialMPTMergeInbox
+ *
+ * Type: ttCONFIDENTIAL_MPT_MERGE_INBOX (86)
+ * Delegable: Delegation::Delegable
+ * Amendment: featureConfidentialTransfer
+ * Privileges: NoPriv
+ *
+ * Immutable wrapper around STTx providing type-safe field access.
+ * Use ConfidentialMPTMergeInboxBuilder to construct new transactions.
+ */
+class ConfidentialMPTMergeInbox : public TransactionBase
+{
+public:
+    static constexpr xrpl::TxType txType = ttCONFIDENTIAL_MPT_MERGE_INBOX;
+
+    /**
+     * @brief Construct a ConfidentialMPTMergeInbox transaction wrapper from an existing STTx object.
+     * @throws std::runtime_error if the transaction type doesn't match.
+     */
+    explicit ConfidentialMPTMergeInbox(std::shared_ptr<STTx const> tx)
+        : TransactionBase(std::move(tx))
+    {
+        // Verify transaction type
+        if (tx_->getTxnType() != txType)
+        {
+            throw std::runtime_error("Invalid transaction type for ConfidentialMPTMergeInbox");
+        }
+    }
+
+    // Transaction-specific field getters
+
+    /**
+     * @brief Get sfMPTokenIssuanceID (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_UINT192::type::value_type
+    getMPTokenIssuanceID() const
+    {
+        return this->tx_->at(sfMPTokenIssuanceID);
+    }
+};
+
+/**
+ * @brief Builder for ConfidentialMPTMergeInbox transactions.
+ *
+ * Provides a fluent interface for constructing transactions with method chaining.
+ * Uses STObject internally for flexible transaction construction.
+ * Inherits common field setters from TransactionBuilderBase.
+ */
+class ConfidentialMPTMergeInboxBuilder : public TransactionBuilderBase<ConfidentialMPTMergeInboxBuilder>
+{
+public:
+    /**
+     * @brief Construct a new ConfidentialMPTMergeInboxBuilder with required fields.
+     * @param account The account initiating the transaction.
+     * @param mPTokenIssuanceID The sfMPTokenIssuanceID field value.
+     * @param sequence Optional sequence number for the transaction.
+     * @param fee Optional fee for the transaction.
+     */
+    ConfidentialMPTMergeInboxBuilder(SF_ACCOUNT::type::value_type account,
+                     std::decay_t<typename SF_UINT192::type::value_type> const& mPTokenIssuanceID,                    std::optional<SF_UINT32::type::value_type> sequence = std::nullopt,
+                    std::optional<SF_AMOUNT::type::value_type> fee = std::nullopt
+)
+        : TransactionBuilderBase<ConfidentialMPTMergeInboxBuilder>(ttCONFIDENTIAL_MPT_MERGE_INBOX, account, sequence, fee)
+    {
+        setMPTokenIssuanceID(mPTokenIssuanceID);
+    }
+
+    /**
+     * @brief Construct a ConfidentialMPTMergeInboxBuilder from an existing STTx object.
+     * @param tx The existing transaction to copy from.
+     * @throws std::runtime_error if the transaction type doesn't match.
+     */
+    ConfidentialMPTMergeInboxBuilder(std::shared_ptr<STTx const> tx)
+    {
+        if (tx->getTxnType() != ttCONFIDENTIAL_MPT_MERGE_INBOX)
+        {
+            throw std::runtime_error("Invalid transaction type for ConfidentialMPTMergeInboxBuilder");
+        }
+        object_ = *tx;
+    }
+
+    /** @brief Transaction-specific field setters */
+
+    /**
+     * @brief Set sfMPTokenIssuanceID (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTMergeInboxBuilder&
+    setMPTokenIssuanceID(std::decay_t<typename SF_UINT192::type::value_type> const& value)
+    {
+        object_[sfMPTokenIssuanceID] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Build and return the ConfidentialMPTMergeInbox wrapper.
+     * @param publicKey The public key for signing.
+     * @param secretKey The secret key for signing.
+     * @return The constructed transaction wrapper.
+     */
+    ConfidentialMPTMergeInbox
+    build(PublicKey const& publicKey, SecretKey const& secretKey)
+    {
+        sign(publicKey, secretKey);
+        return ConfidentialMPTMergeInbox{std::make_shared<STTx>(std::move(object_))};
+    }
+};
+
+}  // namespace xrpl::transactions
--- a/include/xrpl/protocol_autogen/transactions/ConfidentialMPTSend.h
+++ b/include/xrpl/protocol_autogen/transactions/ConfidentialMPTSend.h
@@ -0,0 +1,408 @@
+// This file is auto-generated. Do not edit.
+#pragma once
+
+#include <xrpl/protocol/STTx.h>
+#include <xrpl/protocol/STParsedJSON.h>
+#include <xrpl/protocol/jss.h>
+#include <xrpl/protocol_autogen/TransactionBase.h>
+#include <xrpl/protocol_autogen/TransactionBuilderBase.h>
+#include <xrpl/json/json_value.h>
+
+#include <stdexcept>
+#include <optional>
+
+namespace xrpl::transactions {
+
+class ConfidentialMPTSendBuilder;
+
+/**
+ * @brief Transaction: ConfidentialMPTSend
+ *
+ * Type: ttCONFIDENTIAL_MPT_SEND (88)
+ * Delegable: Delegation::Delegable
+ * Amendment: featureConfidentialTransfer
+ * Privileges: NoPriv
+ *
+ * Immutable wrapper around STTx providing type-safe field access.
+ * Use ConfidentialMPTSendBuilder to construct new transactions.
+ */
+class ConfidentialMPTSend : public TransactionBase
+{
+public:
+    static constexpr xrpl::TxType txType = ttCONFIDENTIAL_MPT_SEND;
+
+    /**
+     * @brief Construct a ConfidentialMPTSend transaction wrapper from an existing STTx object.
+     * @throws std::runtime_error if the transaction type doesn't match.
+     */
+    explicit ConfidentialMPTSend(std::shared_ptr<STTx const> tx)
+        : TransactionBase(std::move(tx))
+    {
+        // Verify transaction type
+        if (tx_->getTxnType() != txType)
+        {
+            throw std::runtime_error("Invalid transaction type for ConfidentialMPTSend");
+        }
+    }
+
+    // Transaction-specific field getters
+
+    /**
+     * @brief Get sfMPTokenIssuanceID (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_UINT192::type::value_type
+    getMPTokenIssuanceID() const
+    {
+        return this->tx_->at(sfMPTokenIssuanceID);
+    }
+
+    /**
+     * @brief Get sfDestination (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_ACCOUNT::type::value_type
+    getDestination() const
+    {
+        return this->tx_->at(sfDestination);
+    }
+
+    /**
+     * @brief Get sfDestinationTag (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_UINT32::type::value_type>
+    getDestinationTag() const
+    {
+        if (hasDestinationTag())
+        {
+            return this->tx_->at(sfDestinationTag);
+        }
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfDestinationTag is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasDestinationTag() const
+    {
+        return this->tx_->isFieldPresent(sfDestinationTag);
+    }
+
+    /**
+     * @brief Get sfSenderEncryptedAmount (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_VL::type::value_type
+    getSenderEncryptedAmount() const
+    {
+        return this->tx_->at(sfSenderEncryptedAmount);
+    }
+
+    /**
+     * @brief Get sfDestinationEncryptedAmount (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_VL::type::value_type
+    getDestinationEncryptedAmount() const
+    {
+        return this->tx_->at(sfDestinationEncryptedAmount);
+    }
+
+    /**
+     * @brief Get sfIssuerEncryptedAmount (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_VL::type::value_type
+    getIssuerEncryptedAmount() const
+    {
+        return this->tx_->at(sfIssuerEncryptedAmount);
+    }
+
+    /**
+     * @brief Get sfAuditorEncryptedAmount (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_VL::type::value_type>
+    getAuditorEncryptedAmount() const
+    {
+        if (hasAuditorEncryptedAmount())
+        {
+            return this->tx_->at(sfAuditorEncryptedAmount);
+        }
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfAuditorEncryptedAmount is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasAuditorEncryptedAmount() const
+    {
+        return this->tx_->isFieldPresent(sfAuditorEncryptedAmount);
+    }
+
+    /**
+     * @brief Get sfZKProof (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_VL::type::value_type
+    getZKProof() const
+    {
+        return this->tx_->at(sfZKProof);
+    }
+
+    /**
+     * @brief Get sfAmountCommitment (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_VL::type::value_type
+    getAmountCommitment() const
+    {
+        return this->tx_->at(sfAmountCommitment);
+    }
+
+    /**
+     * @brief Get sfBalanceCommitment (SoeRequired)
+     * @return The field value.
+     */
+    [[nodiscard]]
+    SF_VL::type::value_type
+    getBalanceCommitment() const
+    {
+        return this->tx_->at(sfBalanceCommitment);
+    }
+
+    /**
+     * @brief Get sfCredentialIDs (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_VECTOR256::type::value_type>
+    getCredentialIDs() const
+    {
+        if (hasCredentialIDs())
+        {
+            return this->tx_->at(sfCredentialIDs);
+        }
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfCredentialIDs is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasCredentialIDs() const
+    {
+        return this->tx_->isFieldPresent(sfCredentialIDs);
+    }
+};
+
+/**
+ * @brief Builder for ConfidentialMPTSend transactions.
+ *
+ * Provides a fluent interface for constructing transactions with method chaining.
+ * Uses STObject internally for flexible transaction construction.
+ * Inherits common field setters from TransactionBuilderBase.
+ */
+class ConfidentialMPTSendBuilder : public TransactionBuilderBase<ConfidentialMPTSendBuilder>
+{
+public:
+    /**
+     * @brief Construct a new ConfidentialMPTSendBuilder with required fields.
+     * @param account The account initiating the transaction.
+     * @param mPTokenIssuanceID The sfMPTokenIssuanceID field value.
+     * @param destination The sfDestination field value.
+     * @param senderEncryptedAmount The sfSenderEncryptedAmount field value.
+     * @param destinationEncryptedAmount The sfDestinationEncryptedAmount field value.
+     * @param issuerEncryptedAmount The sfIssuerEncryptedAmount field value.
+     * @param zKProof The sfZKProof field value.
+     * @param amountCommitment The sfAmountCommitment field value.
+     * @param balanceCommitment The sfBalanceCommitment field value.
+     * @param sequence Optional sequence number for the transaction.
+     * @param fee Optional fee for the transaction.
+     */
+    ConfidentialMPTSendBuilder(SF_ACCOUNT::type::value_type account,
+                     std::decay_t<typename SF_UINT192::type::value_type> const& mPTokenIssuanceID,                     std::decay_t<typename SF_ACCOUNT::type::value_type> const& destination,                     std::decay_t<typename SF_VL::type::value_type> const& senderEncryptedAmount,                     std::decay_t<typename SF_VL::type::value_type> const& destinationEncryptedAmount,                     std::decay_t<typename SF_VL::type::value_type> const& issuerEncryptedAmount,                     std::decay_t<typename SF_VL::type::value_type> const& zKProof,                     std::decay_t<typename SF_VL::type::value_type> const& amountCommitment,                     std::decay_t<typename SF_VL::type::value_type> const& balanceCommitment,                    std::optional<SF_UINT32::type::value_type> sequence = std::nullopt,
+                    std::optional<SF_AMOUNT::type::value_type> fee = std::nullopt
+)
+        : TransactionBuilderBase<ConfidentialMPTSendBuilder>(ttCONFIDENTIAL_MPT_SEND, account, sequence, fee)
+    {
+        setMPTokenIssuanceID(mPTokenIssuanceID);
+        setDestination(destination);
+        setSenderEncryptedAmount(senderEncryptedAmount);
+        setDestinationEncryptedAmount(destinationEncryptedAmount);
+        setIssuerEncryptedAmount(issuerEncryptedAmount);
+        setZKProof(zKProof);
+        setAmountCommitment(amountCommitment);
+        setBalanceCommitment(balanceCommitment);
+    }
+
+    /**
+     * @brief Construct a ConfidentialMPTSendBuilder from an existing STTx object.
+     * @param tx The existing transaction to copy from.
+     * @throws std::runtime_error if the transaction type doesn't match.
+     */
+    ConfidentialMPTSendBuilder(std::shared_ptr<STTx const> tx)
+    {
+        if (tx->getTxnType() != ttCONFIDENTIAL_MPT_SEND)
+        {
+            throw std::runtime_error("Invalid transaction type for ConfidentialMPTSendBuilder");
+        }
+        object_ = *tx;
+    }
+
+    /** @brief Transaction-specific field setters */
+
+    /**
+     * @brief Set sfMPTokenIssuanceID (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTSendBuilder&
+    setMPTokenIssuanceID(std::decay_t<typename SF_UINT192::type::value_type> const& value)
+    {
+        object_[sfMPTokenIssuanceID] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfDestination (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTSendBuilder&
+    setDestination(std::decay_t<typename SF_ACCOUNT::type::value_type> const& value)
+    {
+        object_[sfDestination] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfDestinationTag (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTSendBuilder&
+    setDestinationTag(std::decay_t<typename SF_UINT32::type::value_type> const& value)
+    {
+        object_[sfDestinationTag] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfSenderEncryptedAmount (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTSendBuilder&
+    setSenderEncryptedAmount(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfSenderEncryptedAmount] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfDestinationEncryptedAmount (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTSendBuilder&
+    setDestinationEncryptedAmount(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfDestinationEncryptedAmount] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfIssuerEncryptedAmount (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTSendBuilder&
+    setIssuerEncryptedAmount(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfIssuerEncryptedAmount] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfAuditorEncryptedAmount (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTSendBuilder&
+    setAuditorEncryptedAmount(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfAuditorEncryptedAmount] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfZKProof (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTSendBuilder&
+    setZKProof(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfZKProof] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfAmountCommitment (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTSendBuilder&
+    setAmountCommitment(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfAmountCommitment] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfBalanceCommitment (SoeRequired)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTSendBuilder&
+    setBalanceCommitment(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfBalanceCommitment] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfCredentialIDs (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    ConfidentialMPTSendBuilder&
+    setCredentialIDs(std::decay_t<typename SF_VECTOR256::type::value_type> const& value)
+    {
+        object_[sfCredentialIDs] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Build and return the ConfidentialMPTSend wrapper.
+     * @param publicKey The public key for signing.
+     * @param secretKey The secret key for signing.
+     * @return The constructed transaction wrapper.
+     */
+    ConfidentialMPTSend
+    build(PublicKey const& publicKey, SecretKey const& secretKey)
+    {
+        sign(publicKey, secretKey);
+        return ConfidentialMPTSend{std::make_shared<STTx>(std::move(object_))};
+    }
+};
+
+}  // namespace xrpl::transactions
--- a/include/xrpl/protocol_autogen/transactions/MPTokenIssuanceSet.h
+++ b/include/xrpl/protocol_autogen/transactions/MPTokenIssuanceSet.h
@@ -187,6 +187,58 @@ public:
    {
        return this->tx_->isFieldPresent(sfMutableFlags);
    }
+
+    /**
+     * @brief Get sfIssuerEncryptionKey (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_VL::type::value_type>
+    getIssuerEncryptionKey() const
+    {
+        if (hasIssuerEncryptionKey())
+        {
+            return this->tx_->at(sfIssuerEncryptionKey);
+        }
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfIssuerEncryptionKey is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasIssuerEncryptionKey() const
+    {
+        return this->tx_->isFieldPresent(sfIssuerEncryptionKey);
+    }
+
+    /**
+     * @brief Get sfAuditorEncryptionKey (SoeOptional)
+     * @return The field value, or std::nullopt if not present.
+     */
+    [[nodiscard]]
+    protocol_autogen::Optional<SF_VL::type::value_type>
+    getAuditorEncryptionKey() const
+    {
+        if (hasAuditorEncryptionKey())
+        {
+            return this->tx_->at(sfAuditorEncryptionKey);
+        }
+        return std::nullopt;
+    }
+
+    /**
+     * @brief Check if sfAuditorEncryptionKey is present.
+     * @return True if the field is present, false otherwise.
+     */
+    [[nodiscard]]
+    bool
+    hasAuditorEncryptionKey() const
+    {
+        return this->tx_->isFieldPresent(sfAuditorEncryptionKey);
+    }
 };

 /**
@@ -297,6 +349,28 @@ public:
        return *this;
    }

+    /**
+     * @brief Set sfIssuerEncryptionKey (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    MPTokenIssuanceSetBuilder&
+    setIssuerEncryptionKey(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfIssuerEncryptionKey] = value;
+        return *this;
+    }
+
+    /**
+     * @brief Set sfAuditorEncryptionKey (SoeOptional)
+     * @return Reference to this builder for method chaining.
+     */
+    MPTokenIssuanceSetBuilder&
+    setAuditorEncryptionKey(std::decay_t<typename SF_VL::type::value_type> const& value)
+    {
+        object_[sfAuditorEncryptionKey] = value;
+        return *this;
+    }
+
    /**
     * @brief Build and return the MPTokenIssuanceSet wrapper.
     * @param publicKey The public key for signing.
--- a/include/xrpl/resource/detail/Entry.h
+++ b/include/xrpl/resource/detail/Entry.h
@@ -67,7 +67,7 @@ struct Entry : public beast::List<Entry>::Node
    int refcount;

    // Exponentially decaying balance of resource consumption
-    DecayingSample<kDECAY_WINDOW_SECONDS, clock_type> local_balance;
+    DecayingSample<DecayWindowSeconds, clock_type> local_balance;

    // Normalized balance contribution from imports
    int remote_balance;
--- a/include/xrpl/resource/detail/Logic.h
+++ b/include/xrpl/resource/detail/Logic.h
@@ -180,16 +180,16 @@ public:
    json::Value
    getJson()
    {
-        return getJson(kWARNING_THRESHOLD);
+        return getJson(WarningThreshold);
    }

-    /** Returns a json::ValueType::Object. */
+    /** Returns a json::objectValue. */
    json::Value
    getJson(int threshold)
    {
        clock_type::time_point const now(clock_.now());

-        json::Value ret(json::ValueType::Object);
+        json::Value ret(json::ObjectValue);
        std::scoped_lock const _(lock_);

        for (auto& inboundEntry : inbound_)
@@ -197,7 +197,7 @@ public:
            int const localBalance = inboundEntry.local_balance.value(now);
            if ((localBalance + inboundEntry.remote_balance) >= threshold)
            {
-                json::Value& entry = (ret[inboundEntry.toString()] = json::ValueType::Object);
+                json::Value& entry = (ret[inboundEntry.toString()] = json::ObjectValue);
                entry[jss::local] = localBalance;
                entry[jss::remote] = inboundEntry.remote_balance;
                entry[jss::type] = "inbound";
@@ -208,7 +208,7 @@ public:
            int const localBalance = outboundEntry.local_balance.value(now);
            if ((localBalance + outboundEntry.remote_balance) >= threshold)
            {
-                json::Value& entry = (ret[outboundEntry.toString()] = json::ValueType::Object);
+                json::Value& entry = (ret[outboundEntry.toString()] = json::ObjectValue);
                entry[jss::local] = localBalance;
                entry[jss::remote] = outboundEntry.remote_balance;
                entry[jss::type] = "outbound";
@@ -219,7 +219,7 @@ public:
            int const localBalance = adminEntry.local_balance.value(now);
            if ((localBalance + adminEntry.remote_balance) >= threshold)
            {
-                json::Value& entry = (ret[adminEntry.toString()] = json::ValueType::Object);
+                json::Value& entry = (ret[adminEntry.toString()] = json::ObjectValue);
                entry[jss::local] = localBalance;
                entry[jss::remote] = adminEntry.remote_balance;
                entry[jss::type] = "admin";
@@ -243,7 +243,7 @@ public:
        {
            Gossip::Item item;
            item.balance = inboundEntry.local_balance.value(now);
-            if (item.balance >= kMINIMUM_GOSSIP_BALANCE)
+            if (item.balance >= MinimumGossipBalance)
            {
                item.address = inboundEntry.key->address;
                gossip.items.push_back(item);
@@ -363,10 +363,10 @@ public:
    static Disposition
    disposition(int balance)
    {
-        if (balance >= kDROP_THRESHOLD)
+        if (balance >= DropThreshold)
            return Disposition::Drop;

-        if (balance >= kWARNING_THRESHOLD)
+        if (balance >= WarningThreshold)
            return Disposition::Warn;

        return Disposition::Ok;
@@ -461,7 +461,7 @@ public:
        std::scoped_lock const _(lock_);
        bool notify(false);
        auto const elapsed = clock_.now();
-        if (entry.balance(clock_.now()) >= kWARNING_THRESHOLD && elapsed != entry.lastWarningTime)
+        if (entry.balance(clock_.now()) >= WarningThreshold && elapsed != entry.lastWarningTime)
        {
            charge(entry, kFEE_WARNING);
            notify = true;
@@ -485,10 +485,10 @@ public:
        bool drop(false);
        clock_type::time_point const now(clock_.now());
        int const balance(entry.balance(now));
-        if (balance >= kDROP_THRESHOLD)
+        if (balance >= DropThreshold)
        {
            JLOG(journal_.warn()) << "Consumer entry " << entry << " dropped with balance "
-                                  << balance << " at or above drop threshold " << kDROP_THRESHOLD;
+                                  << balance << " at or above drop threshold " << DropThreshold;

            // Adding feeDrop at this point keeps the dropped connection
            // from re-connecting for at least a little while after it is
--- a/include/xrpl/resource/detail/Tuning.h
+++ b/include/xrpl/resource/detail/Tuning.h
@@ -5,23 +5,30 @@
 namespace xrpl::Resource {

 /** Tunable constants. */
+// Need to be named before converting
+// NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+enum {
+    // Balance at which a warning is issued
+    WarningThreshold = 5000

-// balance at which a warning is issued
-static constexpr auto kWARNING_THRESHOLD = 5000;
+    // Balance at which the consumer is disconnected
+    ,
+    DropThreshold = 25000

-// balance at which the consumer is disconnected
-static constexpr auto kDROP_THRESHOLD = 25000;
+    // The number of seconds in the exponential decay window
+    // (This should be a power of two)
+    ,
+    DecayWindowSeconds = 32

-// seconds in exponential decay window (power of two)
-static constexpr auto kDECAY_WINDOW_SECONDS = 32;
-
-// minimum balance to include a load source in gossip
-static constexpr auto kMINIMUM_GOSSIP_BALANCE = 1000;
+    // The minimum balance required in order to include a load source in gossip
+    ,
+    MinimumGossipBalance = 1000
+};

 // The number of seconds until an inactive table item is removed
-static constexpr std::chrono::seconds kSECONDS_UNTIL_EXPIRATION{300};
+std::chrono::seconds constexpr kSECONDS_UNTIL_EXPIRATION{300};

 // Number of seconds until imported gossip expires
-static constexpr std::chrono::seconds kGOSSIP_EXPIRATION_SECONDS{30};
+std::chrono::seconds constexpr kGOSSIP_EXPIRATION_SECONDS{30};

 }  // namespace xrpl::Resource
--- a/include/xrpl/server/detail/BaseHTTPPeer.h
+++ b/include/xrpl/server/detail/BaseHTTPPeer.h
@@ -30,7 +30,7 @@ namespace xrpl {

 /** Represents an active connection. */
 template <class Handler, class Impl>
-class BaseHTTPPeer : public IOList::Work, public Session
+class BaseHTTPPeer : public IoList::Work, public Session
 {
 protected:
    using clock_type = std::chrono::system_clock;
@@ -38,9 +38,16 @@ protected:
    using endpoint_type = boost::asio::ip::tcp::endpoint;
    using yield_context = boost::asio::yield_context;

-    static constexpr auto kBUFFER_SIZE = 4 * 1024;     // size of read/write buffer
-    static constexpr auto kTIMEOUT_SECONDS = 30;       // max seconds without completing a message
-    static constexpr auto kTIMEOUT_SECONDS_LOCAL = 3;  // used for localhost clients
+    // Need to be named before converting
+    // NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+    enum {
+        // Size of our read/write buffer
+        BufferSize = 4 * 1024,
+
+        // Max seconds without completing a message
+        TimeoutSeconds = 30,
+        TimeoutSecondsLocal = 3  // used for localhost clients
+    };

    struct Buffer
    {
@@ -245,8 +252,7 @@ BaseHTTPPeer<Handler, Impl>::startTimer()
    boost::beast::get_lowest_layer(impl().stream_)
        .expires_after(
            std::chrono::seconds(
-                remote_address_.address().is_loopback() ? kTIMEOUT_SECONDS_LOCAL
-                                                        : kTIMEOUT_SECONDS));
+                remote_address_.address().is_loopback() ? TimeoutSecondsLocal : TimeoutSeconds));
 }

 // Convenience for discarding the error code
@@ -358,7 +364,7 @@ BaseHTTPPeer<Handler, Impl>::doWriter(

    for (;;)
    {
-        if (!writer->prepare(kBUFFER_SIZE, resume))
+        if (!writer->prepare(BufferSize, resume))
            return;
        error_code ec;
        auto const bytesTransferred = boost::asio::async_write(
--- a/include/xrpl/server/detail/BasePeer.h
+++ b/include/xrpl/server/detail/BasePeer.h
@@ -17,7 +17,7 @@ namespace xrpl {

 // Common part of all peers
 template <class Handler, class Impl>
-class BasePeer : public IOList::Work
+class BasePeer : public IoList::Work
 {
 protected:
    using clock_type = std::chrono::system_clock;
--- a/include/xrpl/server/detail/Door.h
+++ b/include/xrpl/server/detail/Door.h
@@ -39,7 +39,7 @@ namespace xrpl {

 /** A listening socket. */
 template <class Handler>
-class Door : public IOList::Work, public std::enable_shared_from_this<Door<Handler>>
+class Door : public IoList::Work, public std::enable_shared_from_this<Door<Handler>>
 {
 private:
    using clock_type = std::chrono::steady_clock;
@@ -53,7 +53,7 @@ private:
    using stream_type = boost::beast::tcp_stream;

    // Detects SSL on a socket
-    class Detector : public IOList::Work, public std::enable_shared_from_this<Detector>
+    class Detector : public IoList::Work, public std::enable_shared_from_this<Detector>
    {
    private:
        Port const& port_;
--- a/include/xrpl/server/detail/ServerImpl.h
+++ b/include/xrpl/server/detail/ServerImpl.h
@@ -62,7 +62,9 @@ class ServerImpl : public Server
 private:
    using clock_type = std::chrono::system_clock;

-    static constexpr auto kHISTORY_SIZE = 100;
+    // Need to be named before converting
+    // NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+    enum { HistorySize = 100 };

    Handler& handler_;
    beast::Journal const j_;
@@ -76,7 +78,7 @@ private:
    int high_ = 0;
    std::array<std::size_t, 64> hist_{};

-    IOList ios_;
+    IoList ios_;

 public:
    ServerImpl(Handler& handler, boost::asio::io_context& ioContext, beast::Journal journal);
@@ -95,7 +97,7 @@ public:
    void
    close() override;

-    IOList&
+    IoList&
    ios()
    {
        return ios_;
--- a/include/xrpl/server/detail/io_list.h
+++ b/include/xrpl/server/detail/io_list.h
@@ -12,7 +12,7 @@
 namespace xrpl {

 /** Manages a set of objects performing asynchronous I/O. */
-class IOList final
+class IoList final
 {
 public:
    class Work
@@ -21,8 +21,8 @@ public:
        void
        destroy();

-        friend class IOList;
-        IOList* ios_ = nullptr;
+        friend class IoList;
+        IoList* ios_ = nullptr;

    public:
        virtual ~Work()
@@ -30,13 +30,13 @@ public:
            destroy();
        }

-        /** Return the IOList associated with the work.
+        /** Return the IoList associated with the work.

            Requirements:
-                The call to IOList::emplace to
+                The call to IoList::emplace to
                create the work has already returned.
        */
-        IOList&
+        IoList&
        ios()
        {
            return *ios_;
@@ -59,17 +59,17 @@ private:
    std::function<void(void)> f_;

 public:
-    IOList() = default;
+    IoList() = default;

    /** Destroy the list.

        Effects:
-            Closes the IOList if it was not previously
+            Closes the IoList if it was not previously
                closed. No finisher is invoked in this case.

            Blocks until all work is destroyed.
    */
-    ~IOList()
+    ~IoList()
    {
        destroy();
    }
@@ -159,7 +159,7 @@ public:

 template <class>
 void
-IOList::Work::destroy()
+IoList::Work::destroy()
 {
    if (!ios_)
        return;
@@ -179,7 +179,7 @@ IOList::Work::destroy()

 template <class>
 void
-IOList::destroy()
+IoList::destroy()
 {
    close();
    join();
@@ -187,9 +187,9 @@ IOList::destroy()

 template <class T, class... Args>
 std::shared_ptr<T>
-IOList::emplace(Args&&... args)
+IoList::emplace(Args&&... args)
 {
-    static_assert(std::is_base_of_v<Work, T>, "T must derive from IOList::Work");
+    static_assert(std::is_base_of_v<Work, T>, "T must derive from IoList::Work");
    if (closed_)
        return nullptr;
    auto sp = std::make_shared<T>(std::forward<Args>(args)...);
@@ -211,7 +211,7 @@ IOList::emplace(Args&&... args)

 template <class Finisher>
 void
-IOList::close(Finisher&& f)
+IoList::close(Finisher&& f)
 {
    std::unique_lock<std::mutex> lock(m_);
    if (closed_)
@@ -237,7 +237,7 @@ IOList::close(Finisher&& f)

 template <class>
 void
-IOList::join()
+IoList::join()
 {
    std::unique_lock<std::mutex> lock(m_);
    cv_.wait(lock, [&] { return closed_ && n_ == 0; });
--- a/include/xrpl/shamap/FullBelowCache.h
+++ b/include/xrpl/shamap/FullBelowCache.h
@@ -22,7 +22,9 @@ private:
    using CacheType = KeyCache;

 public:
-    static constexpr auto kDEFAULT_CACHE_TARGET_SIZE = 0;
+    // Need to be named before converting
+    // NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+    enum { DefaultCacheTargetSize = 0 };

    using key_type = uint256;
    using clock_type = typename CacheType::clock_type;
@@ -39,7 +41,7 @@ public:
        clock_type& clock,
        beast::Journal j,
        beast::insight::Collector::ptr const& collector = beast::insight::NullCollector::make(),
-        std::size_t targetSize = kDEFAULT_CACHE_TARGET_SIZE,
+        std::size_t targetSize = DefaultCacheTargetSize,
        std::chrono::seconds expiration = std::chrono::minutes{2})
        : cache_(name, targetSize, expiration, clock, j, collector), gen_(1)
    {
--- a/include/xrpl/shamap/SHAMap.h
+++ b/include/xrpl/shamap/SHAMap.h
@@ -624,7 +624,7 @@ private:

 inline SHAMap::ConstIterator::ConstIterator(SHAMap const* map) : map_(map)
 {
-    XRPL_ASSERT(map_, "xrpl::SHAMap::ConstIterator::ConstIterator : non-null input");
+    XRPL_ASSERT(map_, "xrpl::SHAMap::const_iterator::const_iterator : non-null input");

    if (auto temp = map_->peekFirstItem(stack_))
        item_ = temp->peekItem().get();
--- a/include/xrpl/shamap/SHAMapItem.h
+++ b/include/xrpl/shamap/SHAMapItem.h
@@ -139,7 +139,7 @@ inline boost::intrusive_ptr<SHAMapItem>
 makeShamapitem(uint256 const& tag, Slice data)
 {
    XRPL_ASSERT(
-        data.size() <= megabytes<std::size_t>(16), "xrpl::makeShamapitem : maximum input size");
+        data.size() <= megabytes<std::size_t>(16), "xrpl::make_shamapitem : maximum input size");

    // NOLINTNEXTLINE(misc-const-correctness)
    std::uint8_t* raw = detail::gSlabber.allocate(data.size());
--- a/include/xrpl/shamap/SHAMapTreeNode.h
+++ b/include/xrpl/shamap/SHAMapTreeNode.h
@@ -7,7 +7,6 @@
 #include <xrpl/shamap/SHAMapItem.h>
 #include <xrpl/shamap/SHAMapNodeID.h>

-#include <cstddef>
 #include <cstdint>
 #include <string>

@@ -21,9 +20,6 @@ static constexpr unsigned char const kWIRE_TYPE_INNER = 2;
 static constexpr unsigned char const kWIRE_TYPE_COMPRESSED_INNER = 3;
 static constexpr unsigned char const kWIRE_TYPE_TRANSACTION_WITH_META = 4;

-// Lower bound on SHAMap leaf item payload size, in bytes.
-inline constexpr std::size_t kMIN_SHA_MAP_ITEM_BYTES = 12;
-
 enum class SHAMapNodeType {
    TnInner = 1,
    TnTransactionNm = 2,  // transaction, no metadata
--- a/include/xrpl/tx/Transactor.h
+++ b/include/xrpl/tx/Transactor.h
@@ -123,8 +123,9 @@ public:
    Transactor(Transactor const&) = delete;
    Transactor&
    operator=(Transactor const&) = delete;
-
-    enum class ConsequencesFactoryType { Normal, Blocker, Custom };
+    // 68 transactor subclass files
+    // NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
+    enum ConsequencesFactoryType { Normal, Blocker, Custom };

    /** Process the transaction. */
    ApplyResult
--- a/include/xrpl/tx/invariants/InvariantCheck.h
+++ b/include/xrpl/tx/invariants/InvariantCheck.h
@@ -399,6 +399,7 @@ using InvariantChecks = std::tuple<
    ValidLoanBroker,
    ValidLoan,
    ValidVault,
+    ValidConfidentialMPToken,
    ValidMPTPayment>;

 /**
--- a/include/xrpl/tx/invariants/InvariantCheckPrivilege.h
+++ b/include/xrpl/tx/invariants/InvariantCheckPrivilege.h
@@ -25,7 +25,7 @@ not have the relevant amendments enabled_. It's intentionally a pain in the neck
 so that bad code gets caught and fixed as early as possible.
 */

-// Bitwise flags, 86 files, used in macros files
+// Bitwise flags, 86 files
 // NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
 enum Privilege {
    NoPriv = 0x0000,              // The transaction can not do any of the enumerated operations
--- a/include/xrpl/tx/invariants/MPTInvariant.h
+++ b/include/xrpl/tx/invariants/MPTInvariant.h
@@ -56,4 +56,47 @@ public:
    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
 };

+/**
+ * @brief Invariants: Confidential MPToken consistency
+ *
+ * - Convert/ConvertBack symmetry:
+ * Regular MPToken balance change (±X) == COA (Confidential Outstanding Amount) change (∓X)
+ * - Cannot delete MPToken with non-zero confidential state:
+ * Cannot delete if sfIssuerEncryptedBalance exists
+ * Cannot delete if sfConfidentialBalanceInbox and sfConfidentialBalanceSpending exist
+ * - Privacy flag consistency:
+ * MPToken confidential balance fields can only be created or changed if
+ * lsfMPTCanConfidentialAmount is set on the issuance.
+ * - Encrypted field existence consistency:
+ * If sfConfidentialBalanceSpending/sfConfidentialBalanceInbox exists, then
+ * sfIssuerEncryptedBalance must also exist (and vice versa).
+ * - COA <= OutstandingAmount:
+ * Confidential outstanding balance cannot exceed total outstanding.
+ * - Verifies sfConfidentialBalanceVersion is changed whenever sfConfidentialBalanceSpending is
+ * modified on an MPToken.
+ */
+class ValidConfidentialMPToken
+{
+    struct Changes
+    {
+        std::int64_t mptAmountDelta = 0;
+        std::int64_t coaDelta = 0;
+        std::int64_t outstandingDelta = 0;
+        SLE::const_pointer issuance;
+        bool deletedWithEncrypted = false;
+        bool badConsistency = false;
+        bool badCOA = false;
+        bool changesConfidentialFields = false;
+        bool badVersion = false;
+    };
+    std::map<uint192, Changes> changes_;
+
+public:
+    void
+    visitEntry(bool, std::shared_ptr<SLE const> const&, std::shared_ptr<SLE const> const&);
+
+    bool
+    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
+};
+
 }  // namespace xrpl
--- a/include/xrpl/tx/invariants/PermissionedDEXInvariant.h
+++ b/include/xrpl/tx/invariants/PermissionedDEXInvariant.h
@@ -11,8 +11,8 @@ namespace xrpl {
 class ValidPermissionedDEX
 {
    bool regularOffers_ = false;
-    bool badHybridsOld_ = false;  // pre-fixCleanup3_1_3: missing field/domain or size > 1
-    bool badHybrids_ = false;     // post-fixCleanup3_1_3: also catches size == 0 (size != 1)
+    bool badHybridsOld_ = false;  // pre-fixSecurity3_1_3: missing field/domain or size > 1
+    bool badHybrids_ = false;     // post-fixSecurity3_1_3: also catches size == 0 (size != 1)
    hash_set<uint256> domains_;

 public:
--- a/include/xrpl/tx/transactors/account/AccountDelete.h
+++ b/include/xrpl/tx/transactors/account/AccountDelete.h
@@ -7,7 +7,7 @@ namespace xrpl {
 class AccountDelete : public Transactor
 {
 public:
-    static constexpr auto kCONSEQUENCES_FACTORY = ConsequencesFactoryType::Blocker;
+    static constexpr ConsequencesFactoryType kCONSEQUENCES_FACTORY{Blocker};

    explicit AccountDelete(ApplyContext& ctx) : Transactor(ctx)
    {
--- a/include/xrpl/tx/transactors/account/AccountSet.h
+++ b/include/xrpl/tx/transactors/account/AccountSet.h
@@ -8,7 +8,7 @@ namespace xrpl {
 class AccountSet : public Transactor
 {
 public:
-    static constexpr auto kCONSEQUENCES_FACTORY = ConsequencesFactoryType::Custom;
+    static constexpr ConsequencesFactoryType kCONSEQUENCES_FACTORY{Custom};

    explicit AccountSet(ApplyContext& ctx) : Transactor(ctx)
    {
--- a/include/xrpl/tx/transactors/account/SetRegularKey.h
+++ b/include/xrpl/tx/transactors/account/SetRegularKey.h
@@ -7,7 +7,7 @@ namespace xrpl {
 class SetRegularKey : public Transactor
 {
 public:
-    static constexpr auto kCONSEQUENCES_FACTORY = ConsequencesFactoryType::Blocker;
+    static constexpr ConsequencesFactoryType kCONSEQUENCES_FACTORY{Blocker};

    explicit SetRegularKey(ApplyContext& ctx) : Transactor(ctx)
    {
--- a/include/xrpl/tx/transactors/account/SignerListSet.h
+++ b/include/xrpl/tx/transactors/account/SignerListSet.h
@@ -24,7 +24,7 @@ private:
    std::vector<SignerEntries::SignerEntry> signers_;

 public:
-    static constexpr auto kCONSEQUENCES_FACTORY = ConsequencesFactoryType::Blocker;
+    static constexpr ConsequencesFactoryType kCONSEQUENCES_FACTORY{Blocker};

    explicit SignerListSet(ApplyContext& ctx) : Transactor(ctx)
    {
--- a/include/xrpl/tx/transactors/bridge/XChainBridge.h
+++ b/include/xrpl/tx/transactors/bridge/XChainBridge.h
@@ -12,7 +12,7 @@ constexpr size_t kXBRIDGE_MAX_ACCOUNT_CREATE_CLAIMS = 128;
 class XChainCreateBridge : public Transactor
 {
 public:
-    static constexpr auto kCONSEQUENCES_FACTORY = ConsequencesFactoryType::Normal;
+    static constexpr ConsequencesFactoryType kCONSEQUENCES_FACTORY{Normal};

    explicit XChainCreateBridge(ApplyContext& ctx) : Transactor(ctx)
    {
@@ -45,7 +45,7 @@ public:
 class BridgeModify : public Transactor
 {
 public:
-    static constexpr auto kCONSEQUENCES_FACTORY = ConsequencesFactoryType::Normal;
+    static constexpr ConsequencesFactoryType kCONSEQUENCES_FACTORY{Normal};

    explicit BridgeModify(ApplyContext& ctx) : Transactor(ctx)
    {
@@ -95,7 +95,7 @@ class XChainClaim : public Transactor
 {
 public:
    // Blocker since we cannot accurately calculate the consequences
-    static constexpr auto kCONSEQUENCES_FACTORY = ConsequencesFactoryType::Blocker;
+    static constexpr ConsequencesFactoryType kCONSEQUENCES_FACTORY{Blocker};

    explicit XChainClaim(ApplyContext& ctx) : Transactor(ctx)
    {
@@ -133,7 +133,7 @@ public:
 class XChainCommit : public Transactor
 {
 public:
-    static constexpr auto kCONSEQUENCES_FACTORY = ConsequencesFactoryType::Custom;
+    static constexpr ConsequencesFactoryType kCONSEQUENCES_FACTORY{Custom};

    static TxConsequences
    makeTxConsequences(PreflightContext const& ctx);
@@ -179,7 +179,7 @@ public:
 class XChainCreateClaimID : public Transactor
 {
 public:
-    static constexpr auto kCONSEQUENCES_FACTORY = ConsequencesFactoryType::Normal;
+    static constexpr ConsequencesFactoryType kCONSEQUENCES_FACTORY{Normal};

    explicit XChainCreateClaimID(ApplyContext& ctx) : Transactor(ctx)
    {
@@ -222,7 +222,7 @@ class XChainAddClaimAttestation : public Transactor
 {
 public:
    // Blocker since we cannot accurately calculate the consequences
-    static constexpr auto kCONSEQUENCES_FACTORY = ConsequencesFactoryType::Blocker;
+    static constexpr ConsequencesFactoryType kCONSEQUENCES_FACTORY{Blocker};

    explicit XChainAddClaimAttestation(ApplyContext& ctx) : Transactor(ctx)
    {
@@ -256,7 +256,7 @@ class XChainAddAccountCreateAttestation : public Transactor
 {
 public:
    // Blocker since we cannot accurately calculate the consequences
-    static constexpr auto kCONSEQUENCES_FACTORY = ConsequencesFactoryType::Blocker;
+    static constexpr ConsequencesFactoryType kCONSEQUENCES_FACTORY{Blocker};

    explicit XChainAddAccountCreateAttestation(ApplyContext& ctx) : Transactor(ctx)
    {
@@ -314,7 +314,7 @@ public:
 class XChainCreateAccountCommit : public Transactor
 {
 public:
-    static constexpr auto kCONSEQUENCES_FACTORY = ConsequencesFactoryType::Normal;
+    static constexpr ConsequencesFactoryType kCONSEQUENCES_FACTORY{Normal};

    explicit XChainCreateAccountCommit(ApplyContext& ctx) : Transactor(ctx)
    {
--- a/include/xrpl/tx/transactors/check/CheckCancel.h
+++ b/include/xrpl/tx/transactors/check/CheckCancel.h
@@ -7,7 +7,7 @@ namespace xrpl {
 class CheckCancel : public Transactor
 {
 public:
-    static constexpr auto kCONSEQUENCES_FACTORY = ConsequencesFactoryType::Normal;
+    static constexpr ConsequencesFactoryType kCONSEQUENCES_FACTORY{Normal};

    explicit CheckCancel(ApplyContext& ctx) : Transactor(ctx)
    {
--- a/Show More
+++ b/Show More