ci: Run PR title and description checks on staging and release branches (#7331)

Co-authored-by: Bart <11445373+bthomee@users.noreply.github.com>

.clang-tidy

@@ -171,7 +171,7 @@ CheckOptions:
   readability-identifier-naming.EnumCase: CamelCase
   readability-identifier-naming.EnumConstantCase: CamelCase
   readability-identifier-naming.ScopedEnumConstantCase: CamelCase
-  readability-identifier-naming.GlobalConstantCase: UPPER_CASE
+  readability-identifier-naming.GlobalConstantCase: CamelCase
   readability-identifier-naming.GlobalConstantPrefix: "k"
   readability-identifier-naming.GlobalVariableCase: CamelCase
   readability-identifier-naming.GlobalVariablePrefix: "g"
@@ -179,25 +179,26 @@ CheckOptions:
   readability-identifier-naming.ConstexprMethodCase: camelBack
   readability-identifier-naming.ClassMethodCase: camelBack
   readability-identifier-naming.ClassMemberCase: camelBack
-  readability-identifier-naming.ClassConstantCase: UPPER_CASE
+  readability-identifier-naming.ClassConstantCase: CamelCase
   readability-identifier-naming.ClassConstantPrefix: "k"
-  readability-identifier-naming.StaticConstantCase: UPPER_CASE
+  readability-identifier-naming.StaticConstantCase: CamelCase
   readability-identifier-naming.StaticConstantPrefix: "k"
-  readability-identifier-naming.StaticVariableCase: UPPER_CASE
-  readability-identifier-naming.StaticVariablePrefix: "k"
-  readability-identifier-naming.ConstexprVariableCase: UPPER_CASE
-  readability-identifier-naming.ConstexprVariablePrefix: "k"
+  readability-identifier-naming.StaticVariableCase: camelBack
+  readability-identifier-naming.ConstexprVariableCase: camelBack
   readability-identifier-naming.LocalConstantCase: camelBack
   readability-identifier-naming.LocalVariableCase: camelBack
   readability-identifier-naming.TemplateParameterCase: CamelCase
   readability-identifier-naming.ParameterCase: camelBack
   readability-identifier-naming.FunctionCase: camelBack
   readability-identifier-naming.MemberCase: camelBack
+  readability-identifier-naming.PrivateMemberCase: camelBack
   readability-identifier-naming.PrivateMemberSuffix: _
+  readability-identifier-naming.ProtectedMemberCase: camelBack
   readability-identifier-naming.ProtectedMemberSuffix: _
+  readability-identifier-naming.PublicMemberCase: camelBack
   readability-identifier-naming.PublicMemberSuffix: ""
   readability-identifier-naming.GlobalFunctionIgnoredRegexp: "^(to_string|hash_append|tuple_hash)$"
 
-HeaderFilterRegex: '^.*/(test|xrpl|xrpld)/.*\.(h|hpp|ipp)$'
+HeaderFilterRegex: '^.*/(tests?|xrpl|xrpld)/.*\.(h|hpp|ipp)$'
 ExcludeHeaderFilterRegex: '^.*/protocol_autogen/.*\.(h|hpp)$'
 WarningsAsErrors: "*"

.github/scripts/rename/binary.sh

@@ -6,7 +6,7 @@ set -e
 # On MacOS, ensure that GNU sed is installed and available as `gsed`.
 SED_COMMAND=sed
 if [[ "${OSTYPE}" == 'darwin'* ]]; then
-    if ! command -v gsed &> /dev/null; then
+    if ! command -v gsed &>/dev/null; then
         echo "Error: gsed is not installed. Please install it using 'brew install gnu-sed'."
         exit 1
     fi

.github/scripts/rename/cmake.sh

@@ -8,12 +8,12 @@ set -e
 SED_COMMAND=sed
 HEAD_COMMAND=head
 if [[ "${OSTYPE}" == 'darwin'* ]]; then
-    if ! command -v gsed &> /dev/null; then
+    if ! command -v gsed &>/dev/null; then
         echo "Error: gsed is not installed. Please install it using 'brew install gnu-sed'."
         exit 1
     fi
     SED_COMMAND=gsed
-    if ! command -v ghead &> /dev/null; then
+    if ! command -v ghead &>/dev/null; then
         echo "Error: ghead is not installed. Please install it using 'brew install coreutils'."
         exit 1
     fi
@@ -74,10 +74,10 @@ if grep -q '"xrpld"' cmake/XrplCore.cmake; then
     # The script has been rerun, so just restore the name of the binary.
     ${SED_COMMAND} -i 's/"xrpld"/"rippled"/' cmake/XrplCore.cmake
 elif ! grep -q '"rippled"' cmake/XrplCore.cmake; then
-    ${HEAD_COMMAND} -n -1 cmake/XrplCore.cmake > cmake.tmp
-    echo '  # For the time being, we will keep the name of the binary as it was.' >> cmake.tmp
-    echo '  set_target_properties(xrpld PROPERTIES OUTPUT_NAME "rippled")' >> cmake.tmp
-    tail -1 cmake/XrplCore.cmake >> cmake.tmp
+    ${HEAD_COMMAND} -n -1 cmake/XrplCore.cmake >cmake.tmp
+    echo '  # For the time being, we will keep the name of the binary as it was.' >>cmake.tmp
+    echo '  set_target_properties(xrpld PROPERTIES OUTPUT_NAME "rippled")' >>cmake.tmp
+    tail -1 cmake/XrplCore.cmake >>cmake.tmp
     mv cmake.tmp cmake/XrplCore.cmake
 fi
 

.github/scripts/rename/config.sh

@@ -6,7 +6,7 @@ set -e
 # On MacOS, ensure that GNU sed is installed and available as `gsed`.
 SED_COMMAND=sed
 if [[ "${OSTYPE}" == 'darwin'* ]]; then
-    if ! command -v gsed &> /dev/null; then
+    if ! command -v gsed &>/dev/null; then
         echo "Error: gsed is not installed. Please install it using 'brew install gnu-sed'."
         exit 1
     fi
@@ -62,7 +62,7 @@ ${SED_COMMAND} -i 's@ripple/@xrpld/@g' src/test/core/Config_test.cpp
 ${SED_COMMAND} -i 's/Rippled/File/g' src/test/core/Config_test.cpp
 
 # Restore the old config file name in the code that maintains support for now.
-${SED_COMMAND} -i 's/kCONFIG_LEGACY_NAME = "xrpld.cfg"/kCONFIG_LEGACY_NAME = "rippled.cfg"/g' src/xrpld/core/detail/Config.cpp
+${SED_COMMAND} -i 's/kConfigLegacyName = "xrpld.cfg"/kConfigLegacyName = "rippled.cfg"/g' src/xrpld/core/detail/Config.cpp
 
 # Restore an URL.
 ${SED_COMMAND} -i 's/connect-your-xrpld-to-the-xrp-test-net.html/connect-your-rippled-to-the-xrp-test-net.html/g' cfg/xrpld-example.cfg

.github/scripts/rename/copyright.sh

@@ -6,7 +6,7 @@ set -e
 # On MacOS, ensure that GNU sed is installed and available as `gsed`.
 SED_COMMAND=sed
 if [[ "${OSTYPE}" == 'darwin'* ]]; then
-    if ! command -v gsed &> /dev/null; then
+    if ! command -v gsed &>/dev/null; then
         echo "Error: gsed is not installed. Please install it using 'brew install gnu-sed'."
         exit 1
     fi
@@ -62,37 +62,37 @@ done
 # restoring the verbiage that is already present in LICENSE.md. Ensure that if
 # the script is run multiple times, duplicate notices are not added.
 if ! grep -q 'Raw Material Software' include/xrpl/beast/core/CurrentThreadName.h; then
-    echo -e "// Portions of this file are from JUCE (http://www.juce.com).\n// Copyright (c) 2013 - Raw Material Software Ltd.\n// Please visit http://www.juce.com\n\n$(cat include/xrpl/beast/core/CurrentThreadName.h)" > include/xrpl/beast/core/CurrentThreadName.h
+    echo -e "// Portions of this file are from JUCE (http://www.juce.com).\n// Copyright (c) 2013 - Raw Material Software Ltd.\n// Please visit http://www.juce.com\n\n$(cat include/xrpl/beast/core/CurrentThreadName.h)" >include/xrpl/beast/core/CurrentThreadName.h
 fi
 if ! grep -q 'Dev Null' src/test/app/NetworkID_test.cpp; then
-    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/app/NetworkID_test.cpp)" > src/test/app/NetworkID_test.cpp
+    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/app/NetworkID_test.cpp)" >src/test/app/NetworkID_test.cpp
 fi
 if ! grep -q 'Dev Null' src/test/app/tx/apply_test.cpp; then
-    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/app/tx/apply_test.cpp)" > src/test/app/tx/apply_test.cpp
+    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/app/tx/apply_test.cpp)" >src/test/app/tx/apply_test.cpp
 fi
 if ! grep -q 'Dev Null' src/test/rpc/ManifestRPC_test.cpp; then
-    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/rpc/ManifestRPC_test.cpp)" > src/test/rpc/ManifestRPC_test.cpp
+    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/rpc/ManifestRPC_test.cpp)" >src/test/rpc/ManifestRPC_test.cpp
 fi
 if ! grep -q 'Dev Null' src/test/rpc/ValidatorInfo_test.cpp; then
-    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/rpc/ValidatorInfo_test.cpp)" > src/test/rpc/ValidatorInfo_test.cpp
+    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/rpc/ValidatorInfo_test.cpp)" >src/test/rpc/ValidatorInfo_test.cpp
 fi
 if ! grep -q 'Dev Null' src/xrpld/rpc/handlers/server_info/Manifest.cpp; then
-    echo -e "// Copyright (c) 2019 Dev Null Productions\n\n$(cat src/xrpld/rpc/handlers/server_info/Manifest.cpp)" > src/xrpld/rpc/handlers/server_info/Manifest.cpp
+    echo -e "// Copyright (c) 2019 Dev Null Productions\n\n$(cat src/xrpld/rpc/handlers/server_info/Manifest.cpp)" >src/xrpld/rpc/handlers/server_info/Manifest.cpp
 fi
 if ! grep -q 'Dev Null' src/xrpld/rpc/handlers/admin/status/ValidatorInfo.cpp; then
-    echo -e "// Copyright (c) 2019 Dev Null Productions\n\n$(cat src/xrpld/rpc/handlers/admin/status/ValidatorInfo.cpp)" > src/xrpld/rpc/handlers/admin/status/ValidatorInfo.cpp
+    echo -e "// Copyright (c) 2019 Dev Null Productions\n\n$(cat src/xrpld/rpc/handlers/admin/status/ValidatorInfo.cpp)" >src/xrpld/rpc/handlers/admin/status/ValidatorInfo.cpp
 fi
 if ! grep -q 'Bougalis' include/xrpl/basics/SlabAllocator.h; then
-    echo -e "// Copyright (c) 2022, Nikolaos D. Bougalis <nikb@bougalis.net>\n\n$(cat include/xrpl/basics/SlabAllocator.h)" > include/xrpl/basics/SlabAllocator.h # cspell: ignore Nikolaos Bougalis nikb
+    echo -e "// Copyright (c) 2022, Nikolaos D. Bougalis <nikb@bougalis.net>\n\n$(cat include/xrpl/basics/SlabAllocator.h)" >include/xrpl/basics/SlabAllocator.h # cspell: ignore Nikolaos Bougalis nikb
 fi
 if ! grep -q 'Bougalis' include/xrpl/basics/spinlock.h; then
-    echo -e "// Copyright (c) 2022, Nikolaos D. Bougalis <nikb@bougalis.net>\n\n$(cat include/xrpl/basics/spinlock.h)" > include/xrpl/basics/spinlock.h # cspell: ignore Nikolaos Bougalis nikb
+    echo -e "// Copyright (c) 2022, Nikolaos D. Bougalis <nikb@bougalis.net>\n\n$(cat include/xrpl/basics/spinlock.h)" >include/xrpl/basics/spinlock.h # cspell: ignore Nikolaos Bougalis nikb
 fi
 if ! grep -q 'Bougalis' include/xrpl/basics/tagged_integer.h; then
-    echo -e "// Copyright (c) 2014, Nikolaos D. Bougalis <nikb@bougalis.net>\n\n$(cat include/xrpl/basics/tagged_integer.h)" > include/xrpl/basics/tagged_integer.h # cspell: ignore Nikolaos Bougalis nikb
+    echo -e "// Copyright (c) 2014, Nikolaos D. Bougalis <nikb@bougalis.net>\n\n$(cat include/xrpl/basics/tagged_integer.h)" >include/xrpl/basics/tagged_integer.h # cspell: ignore Nikolaos Bougalis nikb
 fi
 if ! grep -q 'Ritchford' include/xrpl/beast/utility/Zero.h; then
-    echo -e "// Copyright (c) 2014, Tom Ritchford <tom@swirly.com>\n\n$(cat include/xrpl/beast/utility/Zero.h)" > include/xrpl/beast/utility/Zero.h # cspell: ignore Ritchford
+    echo -e "// Copyright (c) 2014, Tom Ritchford <tom@swirly.com>\n\n$(cat include/xrpl/beast/utility/Zero.h)" >include/xrpl/beast/utility/Zero.h # cspell: ignore Ritchford
 fi
 
 # Restore newlines and tabs in string literals in the affected file.

.github/scripts/rename/definitions.sh

@@ -6,7 +6,7 @@ set -e
 # On MacOS, ensure that GNU sed is installed and available as `gsed`.
 SED_COMMAND=sed
 if [[ "${OSTYPE}" == 'darwin'* ]]; then
-    if ! command -v gsed &> /dev/null; then
+    if ! command -v gsed &>/dev/null; then
         echo "Error: gsed is not installed. Please install it using 'brew install gnu-sed'."
         exit 1
     fi

.github/scripts/rename/docs.sh

@@ -6,7 +6,7 @@ set -e
 # On MacOS, ensure that GNU sed is installed and available as `gsed`.
 SED_COMMAND=sed
 if [[ "${OSTYPE}" == 'darwin'* ]]; then
-    if ! command -v gsed &> /dev/null; then
+    if ! command -v gsed &>/dev/null; then
         echo "Error: gsed is not installed. Please install it using 'brew install gnu-sed'."
         exit 1
     fi
@@ -90,7 +90,7 @@ ${SED_COMMAND} -i 's/www.ripple.com/www.xrpl.org/g' src/test/protocol/Seed_test.
 # Restore specific changes.
 ${SED_COMMAND} -i 's@b5efcc/src/xrpld@b5efcc/src/ripple@' include/xrpl/protocol/README.md
 ${SED_COMMAND} -i 's/dbPrefix_ = "xrpldb"/dbPrefix_ = "rippledb"/' src/xrpld/app/misc/SHAMapStoreImp.h # cspell: disable-line
-${SED_COMMAND} -i 's/kCONFIG_LEGACY_NAME = "xrpld.cfg"/kCONFIG_LEGACY_NAME = "rippled.cfg"/' src/xrpld/core/detail/Config.cpp
+${SED_COMMAND} -i 's/kConfigLegacyName = "xrpld.cfg"/kConfigLegacyName = "rippled.cfg"/' src/xrpld/core/detail/Config.cpp
 
 popd
 echo "Renaming complete."

.github/scripts/rename/namespace.sh

@@ -6,7 +6,7 @@ set -e
 # On MacOS, ensure that GNU sed is installed and available as `gsed`.
 SED_COMMAND=sed
 if [[ "${OSTYPE}" == 'darwin'* ]]; then
-    if ! command -v gsed &> /dev/null; then
+    if ! command -v gsed &>/dev/null; then
         echo "Error: gsed is not installed. Please install it using 'brew install gnu-sed'."
         exit 1
     fi

.github/scripts/strategy-matrix/generate.py

@@ -32,7 +32,32 @@ We will further set additional CMake arguments as follows:
 """
 
 
-def generate_strategy_matrix(all: bool, config: Config) -> list:
+def build_config_name(os_entry: dict[str, str], platform: str, build_type: str) -> str:
+    parts = [os_entry["distro_name"]]
+    for key in ("distro_version", "compiler_name", "compiler_version"):
+        if value := os_entry[key]:
+            parts.append(value)
+    parts.append("arm64" if "arm64" in platform else "amd64")
+    parts.append(build_type.lower())
+    return "-".join(parts)
+
+
+def generate_packaging_matrix(config: Config) -> list[dict]:
+    """Emit one entry per os entry with `package: true`. Architecture is
+    hardcoded to linux/amd64 here (and the runner is hardcoded at the
+    workflow level) until arm64 packaging is ready.
+    """
+    return [
+        {
+            "artifact_name": f"xrpld-{build_config_name(os, 'linux/amd64', 'Release')}",
+            "os": os,
+        }
+        for os in config.os
+        if os.get("package", False)
+    ]
+
+
+def generate_strategy_matrix(all: bool, config: Config) -> list[dict]:
     configurations = []
     for architecture, os, build_type, cmake_args in itertools.product(
         config.architecture, config.os, config.build_type, config.cmake_args
@@ -101,14 +126,15 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
                     continue
 
             # RHEL:
-            # - 9 using GCC 12: Debug on linux/amd64.
+            # - 9 using GCC 12: Debug and Release on linux/amd64
+            #   (Release is required for RPM packaging).
             # - 10 using Clang: Release on linux/amd64.
             if os["distro_name"] == "rhel":
                 skip = True
                 if os["distro_version"] == "9":
                     if (
                         f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-12"
-                        and build_type == "Debug"
+                        and build_type in ["Debug", "Release"]
                         and architecture["platform"] == "linux/amd64"
                     ):
                         skip = False
@@ -123,7 +149,8 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
                     continue
 
             # Ubuntu:
-            # - Jammy using GCC 12: Debug on linux/arm64.
+            # - Jammy using GCC 12: Debug on linux/arm64, Release on
+            #   linux/amd64 (Release is required for DEB packaging).
             # - Noble using GCC 14: Release on linux/amd64.
             # - Noble using Clang 18: Debug on linux/amd64.
             # - Noble using Clang 19: Release on linux/arm64.
@@ -136,6 +163,12 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
                         and architecture["platform"] == "linux/arm64"
                     ):
                         skip = False
+                    if (
+                        f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-12"
+                        and build_type == "Release"
+                        and architecture["platform"] == "linux/amd64"
+                    ):
+                        skip = False
                 elif os["distro_version"] == "noble":
                     if (
                         f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-14"
@@ -218,17 +251,7 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
 
         # Generate a unique name for the configuration, e.g. macos-arm64-debug
         # or debian-bookworm-gcc-12-amd64-release.
-        config_name = os["distro_name"]
-        if (n := os["distro_version"]) != "":
-            config_name += f"-{n}"
-        if (n := os["compiler_name"]) != "":
-            config_name += f"-{n}"
-        if (n := os["compiler_version"]) != "":
-            config_name += f"-{n}"
-        config_name += (
-            f"-{architecture['platform'][architecture['platform'].find('/')+1:]}"
-        )
-        config_name += f"-{build_type.lower()}"
+        config_name = build_config_name(os, architecture["platform"], build_type)
         if "-Dcoverage=ON" in cmake_args:
             config_name += "-coverage"
         if "-Dunity=ON" in cmake_args:
@@ -332,10 +355,19 @@ if __name__ == "__main__":
         required=False,
         type=Path,
     )
+    parser.add_argument(
+        "-p",
+        "--packaging",
+        help="Emit the packaging matrix (derived from the 'package' field on os entries) instead of the build/test matrix.",
+        action="store_true",
+    )
     args = parser.parse_args()
 
     matrix = []
-    if args.config is None or args.config == "":
+    if args.packaging:
+        config_path = args.config if args.config else THIS_DIR / "linux.json"
+        matrix += generate_packaging_matrix(read_config(config_path))
+    elif args.config is None or args.config == "":
         matrix += generate_strategy_matrix(
             args.all, read_config(THIS_DIR / "linux.json")
         )

.github/scripts/strategy-matrix/linux.json

@@ -127,7 +127,8 @@
       "distro_version": "9",
       "compiler_name": "gcc",
       "compiler_version": "12",
-      "image_sha": "4c086b9"
+      "image_sha": "4c086b9",
+      "package": true
     },
     {
       "distro_name": "rhel",
@@ -169,7 +170,8 @@
       "distro_version": "jammy",
       "compiler_name": "gcc",
       "compiler_version": "12",
-      "image_sha": "4c086b9"
+      "image_sha": "4c086b9",
+      "package": true
     },
     {
       "distro_name": "ubuntu",

.github/workflows/build-nix-image.yml

@@ -6,14 +6,16 @@ on:
       - develop
     paths:
       - ".github/workflows/build-nix-image.yml"
-      - "docker/nix.Dockerfile"
+      - ".github/workflows/reusable-build-docker-image.yml"
+      - "docker/**"
       - "flake.nix"
       - "flake.lock"
       - "nix/**"
   pull_request:
     paths:
       - ".github/workflows/build-nix-image.yml"
-      - "docker/nix.Dockerfile"
+      - ".github/workflows/reusable-build-docker-image.yml"
+      - "docker/**"
       - "flake.nix"
       - "flake.lock"
       - "nix/**"
@@ -27,75 +29,81 @@ defaults:
   run:
     shell: bash
 
-env:
-  UBUNTU_VERSION: "20.04"
-  RHEL_VERSION: "9"
-  DEBIAN_VERSION: "bookworm"
-
 jobs:
   build:
-    name: Build and push Nix image (${{ matrix.distro }})
+    name: Build ${{ matrix.distro.name }} (${{ matrix.target.platform }})
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        # The base images are the oldest supported version of each distro
+        # that we want to build images for.
+        distro:
+          - name: nixos
+            base_image: nixos/nix:latest
+          - name: ubuntu
+            base_image: ubuntu:20.04
+          - name: rhel
+            base_image: registry.access.redhat.com/ubi9/ubi:latest
+          - name: debian
+            base_image: debian:bookworm
+        target:
+          - platform: linux/amd64
+            runner: ubuntu-latest
+          - platform: linux/arm64
+            runner: ubuntu-24.04-arm
+    uses: ./.github/workflows/reusable-build-docker-image.yml
+    with:
+      image_name: ghcr.io/xrplf/xrpld/nix-${{ matrix.distro.name }}
+      dockerfile: docker/nix.Dockerfile
+      base_image: ${{ matrix.distro.base_image }}
+      platform: ${{ matrix.target.platform }}
+      runner: ${{ matrix.target.runner }}
+      push: ${{ github.repository == 'XRPLF/rippled' && github.event_name == 'push' }}
+
+  merge:
+    name: Merge ${{ matrix.distro }} manifest
+    needs: build
+    if: ${{ github.repository == 'XRPLF/rippled' && github.event_name == 'push' }}
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
     strategy:
+      fail-fast: false
       matrix:
-        include:
-          - distro: nixos
-          - distro: ubuntu
-          - distro: rhel
-          - distro: debian
+        distro: [nixos, ubuntu, rhel, debian]
+    env:
+      IMAGE_NAME: ghcr.io/xrplf/xrpld/nix-${{ matrix.distro }}
 
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-      - name: Determine base image
-        id: vars
-        run: |
-          case "${{ matrix.distro }}" in
-            nixos)
-              echo "base_image=nixos/nix:latest" >> $GITHUB_OUTPUT
-              ;;
-            ubuntu)
-              echo "base_image=ubuntu:${UBUNTU_VERSION}" >> $GITHUB_OUTPUT
-              ;;
-            rhel)
-              echo "base_image=registry.access.redhat.com/ubi${RHEL_VERSION}/ubi:latest" >> $GITHUB_OUTPUT
-              ;;
-            debian)
-              echo "base_image=debian:${DEBIAN_VERSION}" >> $GITHUB_OUTPUT
-              ;;
-          esac
-
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
+        with:
+          images: ${{ env.IMAGE_NAME }}
+          tags: |
+            type=sha,prefix=sha-,format=short
+            type=raw,value=latest
 
       - name: Login to GitHub Container Registry
-        if: github.event_name == 'push'
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Docker metadata
-        id: meta
-        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
-        with:
-          images: ghcr.io/xrplf/ci/nix-${{ matrix.distro }}
-          tags: |
-            type=sha,prefix=sha-,format=short
-            type=raw,value=latest
+      - name: Create multi-arch manifests
+        run: |
+          for tag in $(jq -cr '.tags[]' <<< "$DOCKER_METADATA_OUTPUT_JSON"); do
+            docker buildx imagetools create -t "$tag" "${tag}-amd64" "${tag}-arm64"
+          done
 
-      - name: Build and push
-        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
-        with:
-          context: .
-          file: docker/nix.Dockerfile
-          platforms: linux/amd64
-          push: ${{ github.event_name == 'push' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          build-args: BASE_IMAGE=${{ steps.vars.outputs.base_image }}
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect "${IMAGE_NAME}:${{ steps.meta.outputs.version }}"

.github/workflows/check-pr-description.yml

@@ -5,8 +5,17 @@ on:
     types:
       - checks_requested
   pull_request:
-    types: [opened, edited, reopened, synchronize, ready_for_review]
-    branches: [develop]
+    types:
+      - opened
+      - edited
+      - reopened
+      - synchronize
+      - ready_for_review
+    branches:
+      - develop
+      - "release-*"
+      - "release/*"
+      - "staging/*"
 
 jobs:
   check_description:

.github/workflows/check-pr-title.yml

@@ -5,10 +5,19 @@ on:
     types:
       - checks_requested
   pull_request:
-    types: [opened, edited, reopened, synchronize, ready_for_review]
-    branches: [develop]
+    types:
+      - opened
+      - edited
+      - reopened
+      - synchronize
+      - ready_for_review
+    branches:
+      - develop
+      - "release-*"
+      - "release/*"
+      - "staging/*"
 
 jobs:
   check_title:
     if: ${{ github.event.pull_request.draft != true }}
-    uses: XRPLF/actions/.github/workflows/check-pr-title.yml@a5d8dd35be543365e90a11358447130c8763871d
+    uses: XRPLF/actions/.github/workflows/check-pr-title.yml@291206777251b4d493641b5afbdf7c23009d2988

.github/workflows/on-pr.yml

@@ -64,11 +64,13 @@ jobs:
             .github/workflows/reusable-build-test-config.yml
             .github/workflows/reusable-build-test.yml
             .github/workflows/reusable-clang-tidy.yml
+            .github/workflows/reusable-package.yml
             .github/workflows/reusable-strategy-matrix.yml
             .github/workflows/reusable-test.yml
             .github/workflows/reusable-upload-recipe.yml
             .clang-tidy
             .codecov.yml
+            cfg/**
             cmake/**
             conan/**
             external/**
@@ -78,6 +80,10 @@ jobs:
             CMakeLists.txt
             conanfile.py
             conan.lock
+            LICENSE.md
+            package/**
+            README.md
+
       - name: Check whether to run
         # This step determines whether the rest of the workflow should
         # run. The rest of the workflow will run if this job runs AND at
@@ -134,6 +140,11 @@ jobs:
     secrets:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
+  package:
+    needs: [should-run, build-test]
+    if: ${{ needs.should-run.outputs.go == 'true' }}
+    uses: ./.github/workflows/reusable-package.yml
+
   upload-recipe:
     needs:
       - should-run
@@ -168,6 +179,7 @@ jobs:
       - check-rename
       - clang-tidy
       - build-test
+      - package
       - upload-recipe
       - notify-clio
     runs-on: ubuntu-latest

.github/workflows/on-tag.yml

@@ -1,5 +1,5 @@
-# This workflow uploads the libxrpl recipe to the Conan remote when a versioned
-# tag is pushed.
+# This workflow uploads the libxrpl recipe to the Conan remote and builds
+# release packages when a versioned tag is pushed.
 name: Tag
 
 on:
@@ -22,3 +22,22 @@ jobs:
     secrets:
       remote_username: ${{ secrets.CONAN_REMOTE_USERNAME }}
       remote_password: ${{ secrets.CONAN_REMOTE_PASSWORD }}
+
+  build-test:
+    if: ${{ github.repository == 'XRPLF/rippled' }}
+    uses: ./.github/workflows/reusable-build-test.yml
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [linux]
+    with:
+      ccache_enabled: false
+      os: ${{ matrix.os }}
+      strategy_matrix: minimal
+    secrets:
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
+  package:
+    if: ${{ github.repository == 'XRPLF/rippled' }}
+    needs: build-test
+    uses: ./.github/workflows/reusable-package.yml

.github/workflows/on-trigger.yml

@@ -21,11 +21,13 @@ on:
       - ".github/workflows/reusable-build-test-config.yml"
       - ".github/workflows/reusable-build-test.yml"
       - ".github/workflows/reusable-clang-tidy.yml"
+      - ".github/workflows/reusable-package.yml"
       - ".github/workflows/reusable-strategy-matrix.yml"
       - ".github/workflows/reusable-test.yml"
       - ".github/workflows/reusable-upload-recipe.yml"
       - ".clang-tidy"
       - ".codecov.yml"
+      - "cfg/**"
       - "cmake/**"
       - "conan/**"
       - "external/**"
@@ -35,6 +37,9 @@ on:
       - "CMakeLists.txt"
       - "conanfile.py"
       - "conan.lock"
+      - "LICENSE.md"
+      - "package/**"
+      - "README.md"
 
   # Run at 06:32 UTC on every day of the week from Monday through Friday. This
   # will force all dependencies to be rebuilt, which is useful to verify that
@@ -95,3 +100,7 @@ jobs:
     secrets:
       remote_username: ${{ secrets.CONAN_REMOTE_USERNAME }}
       remote_password: ${{ secrets.CONAN_REMOTE_PASSWORD }}
+
+  package:
+    needs: build-test
+    uses: ./.github/workflows/reusable-package.yml

.github/workflows/reusable-build-docker-image.yml

@@ -0,0 +1,89 @@
+# Build a single-platform Docker image. On push, the image is pushed to
+# GHCR with arch-suffixed tags (e.g. `:latest-amd64`, `:sha-abc-amd64`)
+# so the calling workflow can stitch per-arch builds into a multi-arch
+# manifest without needing to pass digests around.
+name: Reusable build Docker image (single platform)
+
+on:
+  workflow_call:
+    inputs:
+      image_name:
+        description: "Full image name without tag (e.g. 'ghcr.io/xrplf/xrpld/nix-ubuntu')"
+        required: true
+        type: string
+      dockerfile:
+        description: "Path to the Dockerfile, relative to the repository root"
+        required: true
+        type: string
+      base_image:
+        description: "Value passed to the Dockerfile as the BASE_IMAGE build arg"
+        required: true
+        type: string
+      platform:
+        description: "Docker platform string, e.g. linux/amd64"
+        required: true
+        type: string
+      runner:
+        description: "GitHub Actions runner label to build on"
+        required: true
+        type: string
+      push:
+        description: "Whether to push the image to GHCR"
+        required: true
+        type: boolean
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  build:
+    name: Build (${{ inputs.platform }})
+    runs-on: ${{ inputs.runner }}
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Determine arch
+        id: vars
+        env:
+          PLATFORM: ${{ inputs.platform }}
+        run: |
+          echo "arch=${PLATFORM##*/}" >> $GITHUB_OUTPUT
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+
+      - name: Login to GitHub Container Registry
+        if: inputs.push
+        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
+        with:
+          images: ${{ inputs.image_name }}
+          tags: |
+            type=sha,prefix=sha-,format=short
+            type=raw,value=latest
+          flavor: |
+            suffix=-${{ steps.vars.outputs.arch }},onlatest=true
+
+      - name: Build and push
+        uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
+        with:
+          context: .
+          file: ${{ inputs.dockerfile }}
+          platforms: ${{ inputs.platform }}
+          push: ${{ inputs.push }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: BASE_IMAGE=${{ inputs.base_image }}

.github/workflows/reusable-build-test-config.yml

@@ -181,7 +181,7 @@ jobs:
       - name: Build the binary
         working-directory: ${{ env.BUILD_DIR }}
         env:
-          BUILD_NPROC: ${{ runner.os == 'Linux' && '16' || steps.nproc.outputs.nproc }}
+          BUILD_NPROC: ${{ steps.nproc.outputs.nproc }}
           BUILD_TYPE: ${{ inputs.build_type }}
           CMAKE_TARGET: ${{ inputs.cmake_target }}
         run: |
@@ -324,7 +324,7 @@ jobs:
 
       - name: Upload coverage report
         if: ${{ github.repository == 'XRPLF/rippled' && !inputs.build_only && env.COVERAGE_ENABLED == 'true' }}
-        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
+        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
         with:
           disable_search: true
           disable_telem: true

.github/workflows/reusable-clang-tidy.yml

@@ -176,7 +176,7 @@ jobs:
 
       - name: Create issue
         if: ${{ steps.run_clang_tidy.outcome != 'success' && inputs.create_issue_on_failure }}
-        uses: XRPLF/actions/create-issue@fbcc16eb7f20dc3199eaf1aed0d3523a5ba9008c
+        uses: XRPLF/actions/create-issue@36d450d12d301e8410c1b7936e5de70c291cbe36
         with:
           title: "Clang-tidy check failed"
           body_file: ${{ env.ISSUE_FILE }}

.github/workflows/reusable-package.yml

@@ -0,0 +1,99 @@
+# Build Linux packages (DEB and RPM) from pre-built binary artifacts.
+# Discovers which configurations to package from linux.json (os entries
+# with "package": true) and fans out one job per entry. Today only
+# linux/amd64 is emitted; the architecture is hardcoded both here
+# (runner) and in generate.py.
+name: Package
+
+on:
+  workflow_call:
+    inputs:
+      pkg_release:
+        description: "Package release number. Increment when repackaging the same executable."
+        required: false
+        type: string
+        default: "1"
+
+defaults:
+  run:
+    shell: bash
+
+env:
+  BUILD_DIR: build
+
+jobs:
+  generate-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.generate.outputs.matrix }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Set up Python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        with:
+          python-version: 3.13
+
+      - name: Generate packaging matrix
+        id: generate
+        working-directory: .github/scripts/strategy-matrix
+        run: |
+          ./generate.py --packaging --config=linux.json >> "${GITHUB_OUTPUT}"
+
+  generate-version:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          sparse-checkout: |
+            .github/actions/generate-version
+            src/libxrpl/protocol/BuildInfo.cpp
+      - name: Generate version
+        id: version
+        uses: ./.github/actions/generate-version
+
+  package:
+    needs: [generate-matrix, generate-version]
+    if: ${{ github.event.repository.visibility == 'public' }}
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
+    name: "${{ matrix.artifact_name }}"
+    permissions:
+      contents: read
+    runs-on: ["self-hosted", "Linux", "X64", "heavy"]
+    container: ${{ format('ghcr.io/xrplf/ci/{0}-{1}:{2}-{3}-sha-{4}', matrix.os.distro_name, matrix.os.distro_version, matrix.os.compiler_name, matrix.os.compiler_version, matrix.os.image_sha) }}
+    timeout-minutes: 30
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Download pre-built binary
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        with:
+          name: ${{ matrix.artifact_name }}
+          path: ${{ env.BUILD_DIR }}
+
+      - name: Make binary executable
+        run: chmod +x "${BUILD_DIR}/xrpld"
+
+      - name: Build package
+        env:
+          PKG_VERSION: ${{ needs.generate-version.outputs.version }}
+          PKG_RELEASE: ${{ inputs.pkg_release }}
+        run: ./package/build_pkg.sh
+
+      - name: Upload package artifact
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: ${{ matrix.artifact_name }}-pkg-${{ needs.generate-version.outputs.version }}
+          path: |
+            ${{ env.BUILD_DIR }}/debbuild/*.deb
+            ${{ env.BUILD_DIR }}/debbuild/*.ddeb
+            ${{ env.BUILD_DIR }}/rpmbuild/RPMS/**/*.rpm
+          if-no-files-found: error

.pre-commit-config.yaml

@@ -37,37 +37,37 @@ repos:
         exclude: ^include/xrpl/protocol_autogen/(transactions|ledger_entries)/
 
   - repo: https://github.com/pre-commit/mirrors-clang-format
-    rev: cd481d7b0bfb5c7b3090c21846317f9a8262e891 # frozen: v22.1.0
+    rev: dd18dad857d6133e90bbe478f4f2f22ec0030269 # frozen: v22.1.5
     hooks:
       - id: clang-format
         args: [--style=file]
         "types_or": [c++, c, proto]
         exclude: ^include/xrpl/protocol_autogen/(transactions|ledger_entries)/
 
-  - repo: https://github.com/BlankSpruce/gersemi
-    rev: 0.26.0
+  - repo: https://github.com/BlankSpruce/gersemi-pre-commit
+    rev: faadd6a9d852369ca94f4d15b2404c967ba8cb01 # frozen: 0.27.6
     hooks:
       - id: gersemi
 
   - repo: https://github.com/rbubley/mirrors-prettier
-    rev: c2bc67fe8f8f549cc489e00ba8b45aa18ee713b1 # frozen: v3.8.1
+    rev: 515f543f5718ebfd6ce22e16708bb32c68ff96e1 # frozen: v3.8.3
     hooks:
       - id: prettier
         args: [--end-of-line=auto]
 
   - repo: https://github.com/psf/black-pre-commit-mirror
-    rev: ea488cebbfd88a5f50b8bd95d5c829d0bb76feb8 # frozen: 26.1.0
+    rev: 4160603246a6b365d4a2af661c6d71b0a0f50478 # frozen: 26.5.1
     hooks:
       - id: black
 
-  - repo: https://github.com/openstack/bashate
-    rev: 5798d24d571676fc407e81df574c1ef57b520f23 # frozen: 2.1.1
+  - repo: https://github.com/scop/pre-commit-shfmt
+    rev: 05c1426671b9237fb5e1444dd63aa5731bec0dfb # frozen: v3.13.1-1
     hooks:
-      - id: bashate
-        args: ["--ignore=E006"]
+      - id: shfmt
+        args: [--write, --indent=4, --case-indent=true]
 
   - repo: https://github.com/streetsidesoftware/cspell-cli
-    rev: a42085ade523f591dca134379a595e7859986445 # frozen: v9.7.0
+    rev: 4643f154907327ee0a2c7038f0296e0dd77d9776 # frozen: v10.0.0
     hooks:
       - id: cspell # Spell check changed files
         exclude: |

BUILD.md

@@ -427,16 +427,19 @@ install ccache --version 4.11.3 --allow-downgrade`.
    Single-config generators:
 
    ```
-   cmake --build .
+   cmake --build . --parallel N
    ```
 
    Multi-config generators:
 
    ```
-   cmake --build . --config Release
-   cmake --build . --config Debug
+   cmake --build . --config Release --parallel N
+   cmake --build . --config Debug --parallel N
    ```
 
+   Replace the `--parallel` parameter N with the desired number of parallel jobs. A common starting point is half of the number of available CPU
+   cores.
+
 5. Test xrpld.
 
    Single-config generators:

CMakeLists.txt

@@ -134,6 +134,7 @@ endif()
 include(XrplCore)
 include(XrplProtocolAutogen)
 include(XrplInstall)
+include(XrplPackaging)
 include(XrplValidatorKeys)
 
 if(tests)

bin/git/setup-upstreams.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
 if [[ $# -ne 1 || "$1" == "--help" || "$1" == "-h" ]]; then
-    name=$( basename $0 )
-    cat <<- USAGE
+    name=$(basename $0)
+    cat <<-USAGE
     Usage: $name <username>
 
     Where <username> is the Github username of the upstream repo. e.g. XRPLF
@@ -14,7 +14,7 @@ fi
 shift
 user="$1"
 # Get the origin URL. Expect it be an SSH-style URL
-origin=$( git remote get-url origin )
+origin=$(git remote get-url origin)
 if [[ "${origin}" == "" ]]; then
     echo Invalid origin remote >&2
     exit 1
@@ -22,11 +22,11 @@ fi
 # echo "Origin: ${origin}"
 # Parse the origin
 ifs_orig="${IFS}"
-IFS=':' read remote originpath <<< "${origin}"
+IFS=':' read remote originpath <<<"${origin}"
 # echo "Remote: ${remote}, Originpath: ${originpath}"
-IFS='@' read sshuser server <<< "${remote}"
+IFS='@' read sshuser server <<<"${remote}"
 # echo "SSHUser: ${sshuser}, Server: ${server}"
-IFS='/' read originuser repo <<< "${originpath}"
+IFS='/' read originuser repo <<<"${originpath}"
 # echo "Originuser: ${originuser}, Repo: ${repo}"
 if [[ "${sshuser}" == "" || "${server}" == "" || "${originuser}" == "" || "${repo}" == "" ]]; then
     echo "Can't parse origin URL: ${origin}" >&2
@@ -35,9 +35,9 @@ fi
 upstream="https://${server}/${user}/${repo}"
 upstreampush="${remote}:${user}/${repo}"
 upstreamgroup="upstream upstream-push"
-current=$( git remote get-url upstream 2>/dev/null )
-currentpush=$( git remote get-url upstream-push 2>/dev/null )
-currentgroup=$( git config remotes.upstreams )
+current=$(git remote get-url upstream 2>/dev/null)
+currentpush=$(git remote get-url upstream-push 2>/dev/null)
+currentgroup=$(git config remotes.upstreams)
 if [[ "${current}" == "${upstream}" ]]; then
     echo "Upstream already set up correctly. Skip"
 elif [[ -n "${current}" && "${current}" != "${upstream}" && "${current}" != "${upstreampush}" ]]; then
@@ -45,9 +45,9 @@ elif [[ -n "${current}" && "${current}" != "${upstream}" && "${current}" != "${u
 else
     if [[ "${current}" == "${upstreampush}" ]]; then
         echo "Upstream set to dangerous push URL. Update."
-        _run git remote rename upstream upstream-push || \
-        _run git remote remove upstream
-        currentpush=$( git remote get-url upstream-push 2>/dev/null )
+        _run git remote rename upstream upstream-push ||
+            _run git remote remove upstream
+        currentpush=$(git remote get-url upstream-push 2>/dev/null)
     fi
     _run git remote add upstream "${upstream}"
 fi

bin/git/squash-branches.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
 if [[ $# -lt 3 || "$1" == "--help" || "$1" = "-h" ]]; then
-    name=$( basename $0 )
-    cat <<- USAGE
+    name=$(basename $0)
+    cat <<-USAGE
     Usage: $name workbranch base/branch user/branch [user/branch [...]]
 
     * workbranch will be created locally from base/branch
@@ -16,7 +16,7 @@ fi
 work="$1"
 shift
 
-branches=( $( echo "${@}" | sed "s/:/\//" ) )
+branches=($(echo "${@}" | sed "s/:/\//"))
 base="${branches[0]}"
 unset branches[0]
 
@@ -24,10 +24,10 @@ set -e
 
 users=()
 for b in "${branches[@]}"; do
-    users+=( $( echo $b | cut -d/ -f1 ) )
+    users+=($(echo $b | cut -d/ -f1))
 done
 
-users=( $( printf '%s\n' "${users[@]}" | sort -u ) )
+users=($(printf '%s\n' "${users[@]}" | sort -u))
 
 git fetch --multiple upstreams "${users[@]}"
 git checkout -B "$work" --no-track "$base"
@@ -40,7 +40,7 @@ done
 # Make sure the commits look right
 git log --show-signature "$base..HEAD"
 
-parts=( $( echo $base | sed "s/\// /" ) )
+parts=($(echo $base | sed "s/\// /"))
 repo="${parts[0]}"
 b="${parts[1]}"
 push=$repo
@@ -50,7 +50,7 @@ fi
 if [[ "$repo" == "upstream" ]]; then
     repo="upstreams"
 fi
-cat << PUSH
+cat <<PUSH
 
 -------------------------------------------------------------------
 This script will not push. Verify everything is correct, then push

bin/git/update-version.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
 if [[ $# -ne 3 || "$1" == "--help" || "$1" = "-h" ]]; then
-    name=$( basename $0 )
-    cat <<- USAGE
+    name=$(basename $0)
+    cat <<-USAGE
     Usage: $name workbranch base/branch version
 
     * workbranch will be created locally from base/branch. If it exists,
@@ -16,7 +16,7 @@ fi
 work="$1"
 shift
 
-base=$( echo "$1" | sed "s/:/\//" )
+base=$(echo "$1" | sed "s/:/\//")
 shift
 
 version=$1
@@ -28,16 +28,16 @@ git fetch upstreams
 
 git checkout -B "${work}" --no-track "${base}"
 
-push=$( git rev-parse --abbrev-ref --symbolic-full-name '@{push}' \
-    2>/dev/null ) || true
+push=$(git rev-parse --abbrev-ref --symbolic-full-name '@{push}' \
+    2>/dev/null) || true
 if [[ "${push}" != "" ]]; then
     echo "Warning: ${push} may already exist."
 fi
 
-build=$( find -name BuildInfo.cpp )
-sed 's/\(^.*versionString =\).*$/\1 "'${version}'"/' ${build} > version.cpp && \
-diff "${build}" version.cpp && exit 1 || \
-mv -vi version.cpp ${build}
+build=$(find -name BuildInfo.cpp)
+sed 's/\(^.*versionString =\).*$/\1 "'${version}'"/' ${build} >version.cpp &&
+    diff "${build}" version.cpp && exit 1 ||
+    mv -vi version.cpp ${build}
 
 git diff
 
@@ -47,7 +47,7 @@ git commit -S -m "Set version to ${version}"
 
 git log --oneline --first-parent ${base}^..
 
-cat << PUSH
+cat <<PUSH
 
 -------------------------------------------------------------------
 This script will not push. Verify everything is correct, then push

bin/pre-commit/clang_tidy_check.py

@@ -168,7 +168,13 @@ def main():
     if not os.environ.get("TIDY"):
         return 0
 
-    repo_root = Path(__file__).parent.parent
+    repo_root = Path(
+        subprocess.check_output(
+            ["git", "rev-parse", "--show-toplevel"],
+            cwd=Path(__file__).parent,
+            text=True,
+        ).strip()
+    )
     files = staged_files(repo_root)
     if not files:
         return 0

cfg/validators-example.txt

@@ -28,7 +28,7 @@
 #    https://vl.ripple.com
 #    https://unl.xrplf.org
 #    http://127.0.0.1:8000
-#    file:///etc/opt/xrpld/vl.txt
+#    file:///etc/xrpld/vl.txt
 #
 # [validator_list_keys]
 #

cfg/xrpld-example.cfg

@@ -527,6 +527,17 @@
 #
 #       The current default (which is subject to change) is 300 seconds.
 #
+#   verify_endpoints = <0 | 1>
+#
+#       If set to 0, the server will skip validation of endpoint
+#       addresses received in TMEndpoints peer protocol messages,
+#       allowing addresses that are not publicly routable or have a
+#       port of 0. The default is 1 (verification enabled).
+#
+#       WARNING: Disabling this option is a security risk and should
+#       only be used for local testing and debugging. Do not disable
+#       on mainnet.
+#
 #
 # [transaction_queue] EXPERIMENTAL
 #
@@ -1455,10 +1466,7 @@ admin = 127.0.0.1
 protocol = http
 
 [port_peer]
-# Many servers still use the legacy port of 51235, so for backward-compatibility
-# we maintain that port number here. However, for new servers we recommend
-# changing this to the default port of 2459.
-port = 51235
+port = 2459
 ip = 0.0.0.0
 # alternatively, to accept connections on IPv4 + IPv6, use:
 #ip = ::

cmake/XrplPackaging.cmake

@@ -0,0 +1,44 @@
+#[===================================================================[
+   Linux packaging support: 'package' target.
+
+   The packaging script (package/build_pkg.sh) installs to FHS-standard
+   paths (/usr/bin, /etc/xrpld, etc.) regardless of CMAKE_INSTALL_PREFIX,
+   so no prefix guard is needed here.
+#]===================================================================]
+if(NOT is_linux)
+    message(STATUS "Packaging not supported on non-Linux hosts")
+    return()
+endif()
+
+if(NOT DEFINED pkg_release)
+    set(pkg_release 1)
+endif()
+
+find_program(RPMBUILD_EXECUTABLE rpmbuild)
+find_program(DPKG_BUILDPACKAGE_EXECUTABLE dpkg-buildpackage)
+
+if(NOT (RPMBUILD_EXECUTABLE OR DPKG_BUILDPACKAGE_EXECUTABLE))
+    message(
+        STATUS
+        "Neither rpmbuild nor dpkg-buildpackage found; 'package' target not available"
+    )
+    return()
+endif()
+
+set(package_env
+    SRC_DIR=${CMAKE_SOURCE_DIR}
+    BUILD_DIR=${CMAKE_BINARY_DIR}
+    PKG_VERSION=${xrpld_version}
+    PKG_RELEASE=${pkg_release}
+)
+
+add_custom_target(
+    package
+    COMMAND
+        ${CMAKE_COMMAND} -E env ${package_env}
+        ${CMAKE_SOURCE_DIR}/package/build_pkg.sh
+    WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
+    DEPENDS xrpld
+    COMMENT "Building Linux package (deb/rpm inferred from host tooling)"
+    VERBATIM
+)

cmake/scripts/codegen/requirements.in

@@ -0,0 +1,13 @@
+# Python dependencies for XRP Ledger code generation scripts
+#
+# These packages are required to run the code generation scripts that
+# parse macro files and generate C++ wrapper classes.
+
+# C preprocessor for Python - used to preprocess macro files
+pcpp>=1.30
+
+# Parser combinator library - used to parse the macro DSL
+pyparsing>=3.0.0
+
+# Template engine - used to generate C++ code from templates
+Mako>=1.2.2

cmake/scripts/codegen/requirements.txt

@@ -1,13 +1,105 @@
-# Python dependencies for XRP Ledger code generation scripts
-#
-# These packages are required to run the code generation scripts that
-# parse macro files and generate C++ wrapper classes.
-
-# C preprocessor for Python - used to preprocess macro files
-pcpp>=1.30
-
-# Parser combinator library - used to parse the macro DSL
-pyparsing>=3.0.0
-
-# Template engine - used to generate C++ code from templates
-Mako>=1.2.2
+# This file was autogenerated by uv via the following command:
+#    uv pip compile requirements.in --generate-hashes --output-file requirements.txt
+mako==1.3.12 \
+    --hash=sha256:8f61569480282dbf557145ce441e4ba888be453c30989f879f0d652e39f53ea9 \
+    --hash=sha256:9f778e93289bd410bb35daadeb4fc66d95a746f0b75777b942088b7fd7af550a
+    # via -r requirements.in
+markupsafe==3.0.3 \
+    --hash=sha256:0303439a41979d9e74d18ff5e2dd8c43ed6c6001fd40e5bf2e43f7bd9bbc523f \
+    --hash=sha256:068f375c472b3e7acbe2d5318dea141359e6900156b5b2ba06a30b169086b91a \
+    --hash=sha256:0bf2a864d67e76e5c9a34dc26ec616a66b9888e25e7b9460e1c76d3293bd9dbf \
+    --hash=sha256:0db14f5dafddbb6d9208827849fad01f1a2609380add406671a26386cdf15a19 \
+    --hash=sha256:0eb9ff8191e8498cca014656ae6b8d61f39da5f95b488805da4bb029cccbfbaf \
+    --hash=sha256:0f4b68347f8c5eab4a13419215bdfd7f8c9b19f2b25520968adfad23eb0ce60c \
+    --hash=sha256:1085e7fbddd3be5f89cc898938f42c0b3c711fdcb37d75221de2666af647c175 \
+    --hash=sha256:116bb52f642a37c115f517494ea5feb03889e04df47eeff5b130b1808ce7c219 \
+    --hash=sha256:12c63dfb4a98206f045aa9563db46507995f7ef6d83b2f68eda65c307c6829eb \
+    --hash=sha256:133a43e73a802c5562be9bbcd03d090aa5a1fe899db609c29e8c8d815c5f6de6 \
+    --hash=sha256:1353ef0c1b138e1907ae78e2f6c63ff67501122006b0f9abad68fda5f4ffc6ab \
+    --hash=sha256:15d939a21d546304880945ca1ecb8a039db6b4dc49b2c5a400387cdae6a62e26 \
+    --hash=sha256:177b5253b2834fe3678cb4a5f0059808258584c559193998be2601324fdeafb1 \
+    --hash=sha256:1872df69a4de6aead3491198eaf13810b565bdbeec3ae2dc8780f14458ec73ce \
+    --hash=sha256:1b4b79e8ebf6b55351f0d91fe80f893b4743f104bff22e90697db1590e47a218 \
+    --hash=sha256:1b52b4fb9df4eb9ae465f8d0c228a00624de2334f216f178a995ccdcf82c4634 \
+    --hash=sha256:1ba88449deb3de88bd40044603fafffb7bc2b055d626a330323a9ed736661695 \
+    --hash=sha256:1cc7ea17a6824959616c525620e387f6dd30fec8cb44f649e31712db02123dad \
+    --hash=sha256:218551f6df4868a8d527e3062d0fb968682fe92054e89978594c28e642c43a73 \
+    --hash=sha256:26a5784ded40c9e318cfc2bdb30fe164bdb8665ded9cd64d500a34fb42067b1c \
+    --hash=sha256:2713baf880df847f2bece4230d4d094280f4e67b1e813eec43b4c0e144a34ffe \
+    --hash=sha256:2a15a08b17dd94c53a1da0438822d70ebcd13f8c3a95abe3a9ef9f11a94830aa \
+    --hash=sha256:2f981d352f04553a7171b8e44369f2af4055f888dfb147d55e42d29e29e74559 \
+    --hash=sha256:32001d6a8fc98c8cb5c947787c5d08b0a50663d139f1305bac5885d98d9b40fa \
+    --hash=sha256:3524b778fe5cfb3452a09d31e7b5adefeea8c5be1d43c4f810ba09f2ceb29d37 \
+    --hash=sha256:3537e01efc9d4dccdf77221fb1cb3b8e1a38d5428920e0657ce299b20324d758 \
+    --hash=sha256:35add3b638a5d900e807944a078b51922212fb3dedb01633a8defc4b01a3c85f \
+    --hash=sha256:38664109c14ffc9e7437e86b4dceb442b0096dfe3541d7864d9cbe1da4cf36c8 \
+    --hash=sha256:3a7e8ae81ae39e62a41ec302f972ba6ae23a5c5396c8e60113e9066ef893da0d \
+    --hash=sha256:3b562dd9e9ea93f13d53989d23a7e775fdfd1066c33494ff43f5418bc8c58a5c \
+    --hash=sha256:457a69a9577064c05a97c41f4e65148652db078a3a509039e64d3467b9e7ef97 \
+    --hash=sha256:4bd4cd07944443f5a265608cc6aab442e4f74dff8088b0dfc8238647b8f6ae9a \
+    --hash=sha256:4e885a3d1efa2eadc93c894a21770e4bc67899e3543680313b09f139e149ab19 \
+    --hash=sha256:4faffd047e07c38848ce017e8725090413cd80cbc23d86e55c587bf979e579c9 \
+    --hash=sha256:509fa21c6deb7a7a273d629cf5ec029bc209d1a51178615ddf718f5918992ab9 \
+    --hash=sha256:5678211cb9333a6468fb8d8be0305520aa073f50d17f089b5b4b477ea6e67fdc \
+    --hash=sha256:591ae9f2a647529ca990bc681daebdd52c8791ff06c2bfa05b65163e28102ef2 \
+    --hash=sha256:5a7d5dc5140555cf21a6fefbdbf8723f06fcd2f63ef108f2854de715e4422cb4 \
+    --hash=sha256:69c0b73548bc525c8cb9a251cddf1931d1db4d2258e9599c28c07ef3580ef354 \
+    --hash=sha256:6b5420a1d9450023228968e7e6a9ce57f65d148ab56d2313fcd589eee96a7a50 \
+    --hash=sha256:722695808f4b6457b320fdc131280796bdceb04ab50fe1795cd540799ebe1698 \
+    --hash=sha256:729586769a26dbceff69f7a7dbbf59ab6572b99d94576a5592625d5b411576b9 \
+    --hash=sha256:77f0643abe7495da77fb436f50f8dab76dbc6e5fd25d39589a0f1fe6548bfa2b \
+    --hash=sha256:795e7751525cae078558e679d646ae45574b47ed6e7771863fcc079a6171a0fc \
+    --hash=sha256:7be7b61bb172e1ed687f1754f8e7484f1c8019780f6f6b0786e76bb01c2ae115 \
+    --hash=sha256:7c3fb7d25180895632e5d3148dbdc29ea38ccb7fd210aa27acbd1201a1902c6e \
+    --hash=sha256:7e68f88e5b8799aa49c85cd116c932a1ac15caaa3f5db09087854d218359e485 \
+    --hash=sha256:83891d0e9fb81a825d9a6d61e3f07550ca70a076484292a70fde82c4b807286f \
+    --hash=sha256:8485f406a96febb5140bfeca44a73e3ce5116b2501ac54fe953e488fb1d03b12 \
+    --hash=sha256:8709b08f4a89aa7586de0aadc8da56180242ee0ada3999749b183aa23df95025 \
+    --hash=sha256:8f71bc33915be5186016f675cd83a1e08523649b0e33efdb898db577ef5bb009 \
+    --hash=sha256:915c04ba3851909ce68ccc2b8e2cd691618c4dc4c4232fb7982bca3f41fd8c3d \
+    --hash=sha256:949b8d66bc381ee8b007cd945914c721d9aba8e27f71959d750a46f7c282b20b \
+    --hash=sha256:94c6f0bb423f739146aec64595853541634bde58b2135f27f61c1ffd1cd4d16a \
+    --hash=sha256:9a1abfdc021a164803f4d485104931fb8f8c1efd55bc6b748d2f5774e78b62c5 \
+    --hash=sha256:9b79b7a16f7fedff2495d684f2b59b0457c3b493778c9eed31111be64d58279f \
+    --hash=sha256:a320721ab5a1aba0a233739394eb907f8c8da5c98c9181d1161e77a0c8e36f2d \
+    --hash=sha256:a4afe79fb3de0b7097d81da19090f4df4f8d3a2b3adaa8764138aac2e44f3af1 \
+    --hash=sha256:ad2cf8aa28b8c020ab2fc8287b0f823d0a7d8630784c31e9ee5edea20f406287 \
+    --hash=sha256:b8512a91625c9b3da6f127803b166b629725e68af71f8184ae7e7d54686a56d6 \
+    --hash=sha256:bc51efed119bc9cfdf792cdeaa4d67e8f6fcccab66ed4bfdd6bde3e59bfcbb2f \
+    --hash=sha256:bdc919ead48f234740ad807933cdf545180bfbe9342c2bb451556db2ed958581 \
+    --hash=sha256:bdd37121970bfd8be76c5fb069c7751683bdf373db1ed6c010162b2a130248ed \
+    --hash=sha256:be8813b57049a7dc738189df53d69395eba14fb99345e0a5994914a3864c8a4b \
+    --hash=sha256:c0c0b3ade1c0b13b936d7970b1d37a57acde9199dc2aecc4c336773e1d86049c \
+    --hash=sha256:c47a551199eb8eb2121d4f0f15ae0f923d31350ab9280078d1e5f12b249e0026 \
+    --hash=sha256:c4ffb7ebf07cfe8931028e3e4c85f0357459a3f9f9490886198848f4fa002ec8 \
+    --hash=sha256:ccfcd093f13f0f0b7fdd0f198b90053bf7b2f02a3927a30e63f3ccc9df56b676 \
+    --hash=sha256:d2ee202e79d8ed691ceebae8e0486bd9a2cd4794cec4824e1c99b6f5009502f6 \
+    --hash=sha256:d53197da72cc091b024dd97249dfc7794d6a56530370992a5e1a08983ad9230e \
+    --hash=sha256:d6dd0be5b5b189d31db7cda48b91d7e0a9795f31430b7f271219ab30f1d3ac9d \
+    --hash=sha256:d88b440e37a16e651bda4c7c2b930eb586fd15ca7406cb39e211fcff3bf3017d \
+    --hash=sha256:de8a88e63464af587c950061a5e6a67d3632e36df62b986892331d4620a35c01 \
+    --hash=sha256:df2449253ef108a379b8b5d6b43f4b1a8e81a061d6537becd5582fba5f9196d7 \
+    --hash=sha256:e1c1493fb6e50ab01d20a22826e57520f1284df32f2d8601fdd90b6304601419 \
+    --hash=sha256:e1cf1972137e83c5d4c136c43ced9ac51d0e124706ee1c8aa8532c1287fa8795 \
+    --hash=sha256:e2103a929dfa2fcaf9bb4e7c091983a49c9ac3b19c9061b6d5427dd7d14d81a1 \
+    --hash=sha256:e56b7d45a839a697b5eb268c82a71bd8c7f6c94d6fd50c3d577fa39a9f1409f5 \
+    --hash=sha256:e8afc3f2ccfa24215f8cb28dcf43f0113ac3c37c2f0f0806d8c70e4228c5cf4d \
+    --hash=sha256:e8fc20152abba6b83724d7ff268c249fa196d8259ff481f3b1476383f8f24e42 \
+    --hash=sha256:eaa9599de571d72e2daf60164784109f19978b327a3910d3e9de8c97b5b70cfe \
+    --hash=sha256:ec15a59cf5af7be74194f7ab02d0f59a62bdcf1a537677ce67a2537c9b87fcda \
+    --hash=sha256:f190daf01f13c72eac4efd5c430a8de82489d9cff23c364c3ea822545032993e \
+    --hash=sha256:f34c41761022dd093b4b6896d4810782ffbabe30f2d443ff5f083e0cbbb8c737 \
+    --hash=sha256:f3e98bb3798ead92273dc0e5fd0f31ade220f59a266ffd8a4f6065e0a3ce0523 \
+    --hash=sha256:f42d0984e947b8adf7dd6dde396e720934d12c506ce84eea8476409563607591 \
+    --hash=sha256:f71a396b3bf33ecaa1626c255855702aca4d3d9fea5e051b41ac59a9c1c41edc \
+    --hash=sha256:f9e130248f4462aaa8e2552d547f36ddadbeaa573879158d721bbd33dfe4743a \
+    --hash=sha256:fed51ac40f757d41b7c48425901843666a6677e3e8eb0abcff09e4ba6e664f50
+    # via mako
+pcpp==1.30 \
+    --hash=sha256:05fe08292b6da57f385001c891a87f40d6aa7f46787b03e8ba326d20a3297c6e \
+    --hash=sha256:5af9fbce55f136d7931ae915fae03c34030a3b36c496e72d9636cedc8e2543a1
+    # via -r requirements.in
+pyparsing==3.3.2 \
+    --hash=sha256:850ba148bd908d7e2411587e247a1e4f0327839c40e2e5e6d05a007ecc69911d \
+    --hash=sha256:c777f4d763f140633dcb6d8a3eda953bf7a214dc4eff598413c070bcdc117cbc
+    # via -r requirements.in

cspell.config.yaml

@@ -99,12 +99,15 @@ words:
   - desync
   - desynced
   - determ
+  - disablerepo
   - distro
   - doxyfile
   - dxrpl
   - enabled
+  - enablerepo
   - endmacro
   - exceptioned
+  - EXPECT_STREQ
   - Falco
   - fcontext
   - finalizers
@@ -162,6 +165,7 @@ words:
   - Merkle
   - Metafuncton
   - misprediction
+  - missingok
   - mptbalance
   - MPTDEX
   - mptflags
@@ -193,11 +197,15 @@ words:
   - NOLINT
   - NOLINTNEXTLINE
   - nonxrp
+  - noreplace
   - noripple
+  - nostdinc
+  - notifempty
   - nudb
   - nullptr
   - nunl
   - Nyffenegger
+  - onlatest
   - ostr
   - pargs
   - partitioner
@@ -213,6 +221,7 @@ words:
   - preauthorize
   - preauthorizes
   - preclaim
+  - preun
   - protobuf
   - protos
   - ptrs
@@ -247,12 +256,15 @@ words:
   - sfields
   - shamap
   - shamapitem
+  - shfmt
+  - shlibs
   - sidechain
   - SIGGOOD
   - sle
   - sles
   - soci
   - socidb
+  - SRPMS
   - sslws
   - statsd
   - STATSDCOLLECTOR
@@ -280,8 +292,8 @@ words:
   - txn
   - txns
   - txs
-  - UBSAN
   - ubsan
+  - UBSAN
   - umant
   - unacquired
   - unambiguity
@@ -289,6 +301,7 @@ words:
   - unauthorizing
   - unergonomic
   - unfetched
+  - unfindable
   - unflatten
   - unfund
   - unimpair
@@ -318,7 +331,6 @@ words:
   - xbridge
   - xchain
   - ximinez
-  - EXPECT_STREQ
   - XMACRO
   - xrpkuwait
   - xrpl
@@ -326,3 +338,4 @@ words:
   - xrplf
   - xxhash
   - xxhasher
+  - CGNAT

docker/check-sanitizers.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# Sanity-check that the sanitizer runtimes shipped with g++/clang++ work
+# end-to-end against the system loader: compile each example with both
+# compilers, run it, and confirm the expected diagnostic is emitted.
+
+set -eo pipefail
+
+cpp_files_dir="${1:?usage: $0 <cpp_files_dir>}"
+
+case "$(uname -m)" in
+    x86_64) loader=/lib64/ld-linux-x86-64.so.2 ;;
+    aarch64) loader=/lib/ld-linux-aarch64.so.1 ;;
+    *)
+        echo "Unsupported arch: $(uname -m)" >&2
+        exit 1
+        ;;
+esac
+
+declare -A sanitize=(
+    [asan]="-fsanitize=address"
+    [tsan]="-fsanitize=thread"
+    [ubsan]="-fsanitize=undefined"
+)
+declare -A expect=(
+    [asan]="heap-use-after-free"
+    [tsan]="data race"
+    [ubsan]="signed integer overflow"
+)
+
+for compiler in g++ clang++; do
+    for name in asan tsan ubsan; do
+        bin="/tmp/${name}-${compiler}"
+        echo "=== Build ${name} with ${compiler} ==="
+        "$compiler" -std=c++20 -O1 -g ${sanitize[$name]} \
+            -Wl,--dynamic-linker=$loader \
+            "${cpp_files_dir}/${name}.cpp" -o "$bin"
+        echo "=== Run ${name}-${compiler} ==="
+        output=$("$bin" 2>&1) || true
+        echo "$output"
+        echo "$output" | grep -q "${expect[$name]}" ||
+            {
+                echo "expected '${expect[$name]}' from $bin"
+                exit 1
+            }
+        rm -f "$bin"
+    done
+done

docker/cpp_files/asan.cpp

@@ -0,0 +1,28 @@
+#include <atomic>
+#include <cstddef>
+#include <iostream>
+
+#if defined(__clang__) || defined(__GNUC__)
+__attribute__((noinline))
+#elif defined(_MSC_VER)
+__declspec(noinline)
+#endif
+int
+read_after_free(volatile int* array, std::size_t index)
+{
+    std::atomic_signal_fence(std::memory_order_seq_cst);
+    int value = array[index];
+    std::atomic_signal_fence(std::memory_order_seq_cst);
+    return value;
+}
+
+int
+main()
+{
+    int* array = new int[5]{10, 20, 30, 40, 50};
+    delete[] array;
+
+    std::cout << "Value at index 2: " << read_after_free(array, 2) << std::endl;
+
+    return 0;
+}

docker/cpp_files/tsan.cpp

@@ -0,0 +1,26 @@
+#include <iostream>
+#include <thread>
+
+static int kCounter = 0;
+
+void
+increment()
+{
+    for (int i = 0; i < 100'000; ++i)
+    {
+        ++kCounter;
+    }
+}
+
+int
+main()
+{
+    std::thread t1(increment);
+    std::thread t2(increment);
+
+    t1.join();
+    t2.join();
+
+    std::cout << "Final counter value: " << kCounter << std::endl;
+    return 0;
+}

docker/cpp_files/ubsan.cpp

@@ -0,0 +1,13 @@
+#include <iostream>
+#include <limits>
+
+int
+main()
+{
+    int maxInt = std::numeric_limits<int>::max();
+    int volatile one = 1;
+    std::cout << "Current max: " << maxInt << std::endl;
+    int overflowed = maxInt + one;
+    std::cout << "Overflowed result: " << overflowed << std::endl;
+    return 0;
+}

docker/nix.Dockerfile

@@ -45,8 +45,30 @@ COPY --from=builder /tmp/build/result /nix/ci-env
 
 ENV PATH="/nix/ci-env/bin:$PATH"
 
+# Externally-built dynamically-linked ELF binaries hard-code the loader path
+# (e.g. /lib64/ld-linux-x86-64.so.2) in their PT_INTERP header. Copy the
+# loader from the Nix store to that path when the base image doesn't already
+# provide one (i.e. on nixos/nix).
+RUN <<EOF
+case "$(uname -m)" in
+    x86_64)  target=/lib64/ld-linux-x86-64.so.2 ;;
+    aarch64) target=/lib/ld-linux-aarch64.so.1 ;;
+    *) echo "Unsupported arch: $(uname -m)" >&2; exit 1 ;;
+esac
+if [ ! -e "$target" ]; then
+    # Use the loader from the same glibc that gcc links libc against, so
+    # ld-linux and libc/libpthread share GLIBC_PRIVATE symbols at runtime.
+    src="$(dirname "$(gcc -print-file-name=libc.so.6)")/$(basename "$target")"
+    [ -e "$src" ] || { echo "ld-linux not found at $src" >&2; exit 1; }
+    mkdir -p "$(dirname "$target")"
+    cp "$src" "$target"
+fi
+EOF
+
 RUN <<EOF
 ccache --version
+clang --version
+clang++ --version
 clang-format --version
 cmake --version
 conan --version
@@ -64,3 +86,10 @@ python3 --version
 run-clang-tidy --help
 vim --version
 EOF
+
+# Sanity-check that the sanitizer runtimes shipped with g++/clang++ work
+# end-to-end against the system loader.
+COPY docker/cpp_files/ /tmp/cpp_files/
+COPY docker/check-sanitizers.sh /tmp/check-sanitizers.sh
+
+RUN grep -qi ubuntu /etc/os-release 2>/dev/null && /tmp/check-sanitizers.sh /tmp/cpp_files || true

flake.lock

@@ -15,7 +15,7 @@
         "type": "indirect"
       }
     },
-    "nixpkgs-glibc231": {
+    "nixpkgs-custom-glibc": {
       "flake": false,
       "locked": {
         "lastModified": 1593520194,
@@ -35,7 +35,7 @@
     "root": {
       "inputs": {
         "nixpkgs": "nixpkgs",
-        "nixpkgs-glibc231": "nixpkgs-glibc231"
+        "nixpkgs-custom-glibc": "nixpkgs-custom-glibc"
       }
     }
   },

flake.nix

@@ -6,16 +6,16 @@
     # version — matches the system libc on Ubuntu 20.04 LTS. Imported
     # manually (flake = false) because this revision predates nixpkgs'
     # own flake.nix.
-    nixpkgs-glibc231 = {
+    nixpkgs-custom-glibc = {
       url = "github:NixOS/nixpkgs/9cd98386a38891d1074fc18036b842dc4416f562";
       flake = false;
     };
   };
 
   outputs =
-    { nixpkgs, nixpkgs-glibc231, ... }:
+    { nixpkgs, nixpkgs-custom-glibc, ... }:
     let
-      forEachSystem = import ./nix/utils.nix { inherit nixpkgs nixpkgs-glibc231; };
+      forEachSystem = import ./nix/utils.nix { inherit nixpkgs nixpkgs-custom-glibc; };
     in
     {
       devShells = forEachSystem (import ./nix/devshell.nix);

include/xrpl/basics/IntrusivePointer.h

@@ -406,8 +406,8 @@ private:
     // pointer. The low bit must be masked to zero when converting back to a
     // pointer. If the low bit is '1', this is a weak pointer.
     std::uintptr_t tp_{0};
-    static constexpr std::uintptr_t kTAG_MASK = 1;
-    static constexpr std::uintptr_t kPTR_MASK = ~kTAG_MASK;
+    static constexpr std::uintptr_t kTagMask = 1;
+    static constexpr std::uintptr_t kPtrMask = ~kTagMask;
 
 private:
     /** Return the raw pointer held by this object.

include/xrpl/basics/IntrusivePointer.ipp

@@ -567,14 +567,14 @@ template <class T>
 bool
 SharedWeakUnion<T>::isStrong() const
 {
-    return (tp_ & kTAG_MASK) == 0u;
+    return (tp_ & kTagMask) == 0u;
 }
 
 template <class T>
 bool
 SharedWeakUnion<T>::isWeak() const
 {
-    return (tp_ & kTAG_MASK) != 0u;
+    return (tp_ & kTagMask) != 0u;
 }
 
 template <class T>
@@ -641,7 +641,7 @@ template <class T>
 T*
 SharedWeakUnion<T>::unsafeGetRawPtr() const
 {
-    return reinterpret_cast<T*>(tp_ & kPTR_MASK);
+    return reinterpret_cast<T*>(tp_ & kPtrMask);
 }
 
 template <class T>
@@ -650,7 +650,7 @@ SharedWeakUnion<T>::unsafeSetRawPtr(T* p, RefStrength rs)
 {
     tp_ = reinterpret_cast<std::uintptr_t>(p);
     if (tp_ && rs == RefStrength::Weak)
-        tp_ |= kTAG_MASK;
+        tp_ |= kTagMask;
 }
 
 template <class T>

include/xrpl/basics/IntrusiveRefCounts.h

@@ -98,11 +98,11 @@ private:
     // enough for strong pointers and 14 bit counts are enough for weak
     // pointers. Use type aliases to make it easy to switch types.
     using CountType = std::uint16_t;
-    static constexpr size_t kSTRONG_COUNT_NUM_BITS = sizeof(CountType) * 8;
-    static constexpr size_t kWEAK_COUNT_NUM_BITS = kSTRONG_COUNT_NUM_BITS - 2;
+    static constexpr size_t kStrongCountNumBits = sizeof(CountType) * 8;
+    static constexpr size_t kWeakCountNumBits = kStrongCountNumBits - 2;
     using FieldType = std::uint32_t;
-    static constexpr size_t kFIELD_TYPE_BITS = sizeof(FieldType) * 8;
-    static constexpr FieldType kONE = 1;
+    static constexpr size_t kFieldTypeBits = sizeof(FieldType) * 8;
+    static constexpr FieldType kOne = 1;
 
     /** `refCounts` consists of four fields that are treated atomically:
 
@@ -137,21 +137,21 @@ private:
 
          */
 
-    mutable std::atomic<FieldType> refCounts_{kSTRONG_DELTA};
+    mutable std::atomic<FieldType> refCounts_{kStrongDelta};
 
     /**  Amount to change the strong count when adding or releasing a reference
 
          Note: The strong count is stored in the low `StrongCountNumBits` bits
        of refCounts
       */
-    static constexpr FieldType kSTRONG_DELTA = 1;
+    static constexpr FieldType kStrongDelta = 1;
 
     /**  Amount to change the weak count when adding or releasing a reference
 
          Note: The weak count is stored in the high `WeakCountNumBits` bits of
          refCounts
       */
-    static constexpr FieldType kWEAK_DELTA = (kONE << kSTRONG_COUNT_NUM_BITS);
+    static constexpr FieldType kWeakDelta = (kOne << kStrongCountNumBits);
 
     /**  Flag that is set when the partialDestroy function has started running
          (or is about to start running).
@@ -159,34 +159,33 @@ private:
          See description of the `refCounts` field for a fuller description of
          this field.
       */
-    static constexpr FieldType kPARTIAL_DESTROY_STARTED_MASK = (kONE << (kFIELD_TYPE_BITS - 1));
+    static constexpr FieldType kPartialDestroyStartedMask = (kOne << (kFieldTypeBits - 1));
 
     /**  Flag that is set when the partialDestroy function has finished running
 
          See description of the `refCounts` field for a fuller description of
          this field.
       */
-    static constexpr FieldType kPARTIAL_DESTROY_FINISHED_MASK = (kONE << (kFIELD_TYPE_BITS - 2));
+    static constexpr FieldType kPartialDestroyFinishedMask = (kOne << (kFieldTypeBits - 2));
 
     /** Mask that will zero out all the `count` bits and leave the tag bits
         unchanged.
       */
-    static constexpr FieldType kTAG_MASK =
-        kPARTIAL_DESTROY_STARTED_MASK | kPARTIAL_DESTROY_FINISHED_MASK;
+    static constexpr FieldType kTagMask = kPartialDestroyStartedMask | kPartialDestroyFinishedMask;
 
     /** Mask that will zero out the `tag` bits and leave the count bits
         unchanged.
       */
-    static constexpr FieldType kVALUE_MASK = ~kTAG_MASK;
+    static constexpr FieldType kValueMask = ~kTagMask;
 
     /** Mask that will zero out everything except the strong count.
      */
-    static constexpr FieldType kSTRONG_MASK = ((kONE << kSTRONG_COUNT_NUM_BITS) - 1) & kVALUE_MASK;
+    static constexpr FieldType kStrongMask = ((kOne << kStrongCountNumBits) - 1) & kValueMask;
 
     /** Mask that will zero out everything except the weak count.
      */
-    static constexpr FieldType kWEAK_MASK =
-        (((kONE << kWEAK_COUNT_NUM_BITS) - 1) << kSTRONG_COUNT_NUM_BITS) & kVALUE_MASK;
+    static constexpr FieldType kWeakMask =
+        (((kOne << kWeakCountNumBits) - 1) << kStrongCountNumBits) & kValueMask;
 
     /** Unpack the count and tag fields from the packed atomic integer form. */
     struct RefCountPair
@@ -211,29 +210,29 @@ private:
         [[nodiscard]] FieldType
         combinedValue() const noexcept;
 
-        static constexpr CountType kMAX_STRONG_VALUE =
-            static_cast<CountType>((kONE << kSTRONG_COUNT_NUM_BITS) - 1);
-        static constexpr CountType kMAX_WEAK_VALUE =
-            static_cast<CountType>((kONE << kWEAK_COUNT_NUM_BITS) - 1);
+        static constexpr CountType kMaxStrongValue =
+            static_cast<CountType>((kOne << kStrongCountNumBits) - 1);
+        static constexpr CountType kMaxWeakValue =
+            static_cast<CountType>((kOne << kWeakCountNumBits) - 1);
         /**  Put an extra margin to detect when running up against limits.
              This is only used in debug code, and is useful if we reduce the
              number of bits in the strong and weak counts (to 16 and 14 bits).
          */
-        static constexpr CountType kCHECK_STRONG_MAX_VALUE = kMAX_STRONG_VALUE - 32;
-        static constexpr CountType kCHECK_WEAK_MAX_VALUE = kMAX_WEAK_VALUE - 32;
+        static constexpr CountType kCheckStrongMaxValue = kMaxStrongValue - 32;
+        static constexpr CountType kCheckWeakMaxValue = kMaxWeakValue - 32;
     };
 };
 
 inline void
 IntrusiveRefCounts::addStrongRef() const noexcept
 {
-    refCounts_.fetch_add(kSTRONG_DELTA, std::memory_order_acq_rel);
+    refCounts_.fetch_add(kStrongDelta, std::memory_order_acq_rel);
 }
 
 inline void
 IntrusiveRefCounts::addWeakRef() const noexcept
 {
-    refCounts_.fetch_add(kWEAK_DELTA, std::memory_order_acq_rel);
+    refCounts_.fetch_add(kWeakDelta, std::memory_order_acq_rel);
 }
 
 inline ReleaseStrongRefAction
@@ -252,10 +251,10 @@ IntrusiveRefCounts::releaseStrongRef() const
     {
         RefCountPair const prevVal{prevIntVal};
         XRPL_ASSERT(
-            (prevVal.strong >= kSTRONG_DELTA),
+            (prevVal.strong >= kStrongDelta),
             "xrpl::IntrusiveRefCounts::releaseStrongRef : previous ref "
             "higher than new");
-        auto nextIntVal = prevIntVal - kSTRONG_DELTA;
+        auto nextIntVal = prevIntVal - kStrongDelta;
         ReleaseStrongRefAction action = NoOp;
         if (prevVal.strong == 1)
         {
@@ -265,7 +264,7 @@ IntrusiveRefCounts::releaseStrongRef() const
             }
             else
             {
-                nextIntVal |= kPARTIAL_DESTROY_STARTED_MASK;
+                nextIntVal |= kPartialDestroyStartedMask;
                 action = PartialDestroy;
             }
         }
@@ -276,7 +275,7 @@ IntrusiveRefCounts::releaseStrongRef() const
             // count to zero can start a partial destroy, and that can't happen
             // twice.
             XRPL_ASSERT(
-                (action == NoOp) || !(prevIntVal & kPARTIAL_DESTROY_STARTED_MASK),
+                (action == NoOp) || !(prevIntVal & kPartialDestroyStartedMask),
                 "xrpl::IntrusiveRefCounts::releaseStrongRef : not in partial "
                 "destroy");
             return action;
@@ -289,8 +288,8 @@ IntrusiveRefCounts::addWeakReleaseStrongRef() const
 {
     using enum ReleaseStrongRefAction;
 
-    static_assert(kWEAK_DELTA > kSTRONG_DELTA);
-    auto constexpr kDELTA = kWEAK_DELTA - kSTRONG_DELTA;
+    static_assert(kWeakDelta > kStrongDelta);
+    static constexpr auto kDelta = kWeakDelta - kStrongDelta;
     auto prevIntVal = refCounts_.load(std::memory_order_acquire);
     // This loop will almost always run once. The loop is needed to atomically
     // change the counts and flags (the count could be atomically changed, but
@@ -312,7 +311,7 @@ IntrusiveRefCounts::addWeakReleaseStrongRef() const
             "xrpl::IntrusiveRefCounts::addWeakReleaseStrongRef : not in "
             "partial destroy");
 
-        auto nextIntVal = prevIntVal + kDELTA;
+        auto nextIntVal = prevIntVal + kDelta;
         ReleaseStrongRefAction action = NoOp;
         if (prevVal.strong == 1)
         {
@@ -322,14 +321,14 @@ IntrusiveRefCounts::addWeakReleaseStrongRef() const
             }
             else
             {
-                nextIntVal |= kPARTIAL_DESTROY_STARTED_MASK;
+                nextIntVal |= kPartialDestroyStartedMask;
                 action = PartialDestroy;
             }
         }
         if (refCounts_.compare_exchange_weak(prevIntVal, nextIntVal, std::memory_order_acq_rel))
         {
             XRPL_ASSERT(
-                (!(prevIntVal & kPARTIAL_DESTROY_STARTED_MASK)),
+                (!(prevIntVal & kPartialDestroyStartedMask)),
                 "xrpl::IntrusiveRefCounts::addWeakReleaseStrongRef : not "
                 "started partial destroy");
             return action;
@@ -340,7 +339,7 @@ IntrusiveRefCounts::addWeakReleaseStrongRef() const
 inline ReleaseWeakRefAction
 IntrusiveRefCounts::releaseWeakRef() const
 {
-    auto prevIntVal = refCounts_.fetch_sub(kWEAK_DELTA, std::memory_order_acq_rel);
+    auto prevIntVal = refCounts_.fetch_sub(kWeakDelta, std::memory_order_acq_rel);
     RefCountPair prev = prevIntVal;
     if (prev.weak == 1 && prev.strong == 0)
     {
@@ -357,7 +356,7 @@ IntrusiveRefCounts::releaseWeakRef() const
         {
             // partial destroy MUST finish before running a full destroy (when
             // using weak pointers)
-            refCounts_.wait(prevIntVal - kWEAK_DELTA, std::memory_order_acquire);
+            refCounts_.wait(prevIntVal - kWeakDelta, std::memory_order_acquire);
         }
         return ReleaseWeakRefAction::Destroy;
     }
@@ -376,7 +375,7 @@ IntrusiveRefCounts::checkoutStrongRefFromWeak() const noexcept
         if (prev.strong == 0u)
             return false;
 
-        desiredValue = curValue + kSTRONG_DELTA;
+        desiredValue = curValue + kStrongDelta;
     }
     return true;
 }
@@ -400,23 +399,22 @@ inline IntrusiveRefCounts::~IntrusiveRefCounts() noexcept
 #ifndef NDEBUG
     auto v = refCounts_.load(std::memory_order_acquire);
     XRPL_ASSERT(
-        (!(v & kVALUE_MASK)), "xrpl::IntrusiveRefCounts::~IntrusiveRefCounts : count must be zero");
-    auto t = v & kTAG_MASK;
-    XRPL_ASSERT(
-        (!t || t == kTAG_MASK), "xrpl::IntrusiveRefCounts::~IntrusiveRefCounts : valid tag");
+        (!(v & kValueMask)), "xrpl::IntrusiveRefCounts::~IntrusiveRefCounts : count must be zero");
+    auto t = v & kTagMask;
+    XRPL_ASSERT((!t || t == kTagMask), "xrpl::IntrusiveRefCounts::~IntrusiveRefCounts : valid tag");
 #endif
 }
 
 //------------------------------------------------------------------------------
 
 inline IntrusiveRefCounts::RefCountPair::RefCountPair(IntrusiveRefCounts::FieldType v) noexcept
-    : strong{static_cast<CountType>(v & kSTRONG_MASK)}
-    , weak{static_cast<CountType>((v & kWEAK_MASK) >> kSTRONG_COUNT_NUM_BITS)}
-    , partialDestroyStartedBit{v & kPARTIAL_DESTROY_STARTED_MASK}
-    , partialDestroyFinishedBit{v & kPARTIAL_DESTROY_FINISHED_MASK}
+    : strong{static_cast<CountType>(v & kStrongMask)}
+    , weak{static_cast<CountType>((v & kWeakMask) >> kStrongCountNumBits)}
+    , partialDestroyStartedBit{v & kPartialDestroyStartedMask}
+    , partialDestroyFinishedBit{v & kPartialDestroyFinishedMask}
 {
     XRPL_ASSERT(
-        (strong < kCHECK_STRONG_MAX_VALUE && weak < kCHECK_WEAK_MAX_VALUE),
+        (strong < kCheckStrongMaxValue && weak < kCheckWeakMaxValue),
         "xrpl::IntrusiveRefCounts::RefCountPair(FieldType) : inputs inside "
         "range");
 }
@@ -427,7 +425,7 @@ inline IntrusiveRefCounts::RefCountPair::RefCountPair(
     : strong{s}, weak{w}
 {
     XRPL_ASSERT(
-        (strong < kCHECK_STRONG_MAX_VALUE && weak < kCHECK_WEAK_MAX_VALUE),
+        (strong < kCheckStrongMaxValue && weak < kCheckWeakMaxValue),
         "xrpl::IntrusiveRefCounts::RefCountPair(CountType, CountType) : "
         "inputs inside range");
 }
@@ -436,11 +434,11 @@ inline IntrusiveRefCounts::FieldType
 IntrusiveRefCounts::RefCountPair::combinedValue() const noexcept
 {
     XRPL_ASSERT(
-        (strong < kCHECK_STRONG_MAX_VALUE && weak < kCHECK_WEAK_MAX_VALUE),
+        (strong < kCheckStrongMaxValue && weak < kCheckWeakMaxValue),
         "xrpl::IntrusiveRefCounts::RefCountPair::combinedValue : inputs "
         "inside range");
     return (static_cast<IntrusiveRefCounts::FieldType>(weak)
-            << IntrusiveRefCounts::kSTRONG_COUNT_NUM_BITS) |
+            << IntrusiveRefCounts::kStrongCountNumBits) |
         static_cast<IntrusiveRefCounts::FieldType>(strong) | partialDestroyStartedBit |
         partialDestroyFinishedBit;
 }
@@ -451,7 +449,7 @@ partialDestructorFinished(T** o)
 {
     T& self = **o;
     IntrusiveRefCounts::RefCountPair const p =
-        self.refCounts_.fetch_or(IntrusiveRefCounts::kPARTIAL_DESTROY_FINISHED_MASK);
+        self.refCounts_.fetch_or(IntrusiveRefCounts::kPartialDestroyFinishedMask);
     XRPL_ASSERT(
         (!p.partialDestroyFinishedBit && p.partialDestroyStartedBit && !p.strong),
         "xrpl::partialDestructorFinished : not a weak ref");

include/xrpl/basics/LocalValue.h

@@ -55,8 +55,8 @@ template <class = void>
 boost::thread_specific_ptr<detail::LocalValues>&
 getLocalValues()
 {
-    static boost::thread_specific_ptr<detail::LocalValues> kTSP(&detail::LocalValues::cleanup);
-    return kTSP;
+    static boost::thread_specific_ptr<detail::LocalValues> kTsp(&detail::LocalValues::cleanup);
+    return kTsp;
 }
 
 }  // namespace detail

include/xrpl/basics/Log.h

@@ -191,7 +191,7 @@ public:
 private:
     // Maximum line length for log messages.
     // If the message exceeds this length it will be truncated with ellipses.
-    static constexpr auto kMAXIMUM_MESSAGE_CHARACTERS = 12 * 1024;
+    static constexpr auto kMaximumMessageCharacters = 12 * 1024;
 
     static void
     format(

include/xrpl/basics/Number.h

@@ -7,7 +7,9 @@
 #include <limits>
 #include <optional>
 #include <ostream>
+#include <set>
 #include <string>
+#include <unordered_map>
 
 namespace xrpl {
 
@@ -44,11 +46,11 @@ isPowerOfTen(T value)
  * * min is a power of 10, and
  * * max = min * 10 - 1.
  *
- * The mantissa_scale enum indicates whether the range is "small" or "large".
- * This intentionally restricts the number of MantissaRanges that can be
- * instantiated to two: one for each scale.
+ * The MantissaScale enum indicates properties of the range: size, and some behavioral
+ * options. This intentionally restricts the number of unique MantissaRanges that can
+ * be instantiated: one for each scale.
  *
- * The "small" scale is based on the behavior of STAmount for IOUs. It has a min
+ * The "Small" scale is based on the behavior of STAmount for IOUs. It has a min
  * value of 10^15, and a max value of 10^16-1. This was sufficient for
  * uses before Lending Protocol was implemented, mostly related to AMM.
  *
@@ -59,29 +61,54 @@ isPowerOfTen(T value)
  * STNumber field type, and for internal calculations. That necessitated the
  * "large" scale.
  *
- * The "large" scale is intended to represent all values that can be represented
+ * The "Large" scales are intended to represent all values that can be represented
  * by an STAmount - IOUs, XRP, and MPTs. It has a min value of 10^18, and a max
- * value of 10^19-1.
+ * value of 10^19-1. "LargeLegacy" is like "Large", but preserves
+ * a rounding error when a computation results in a mantissa of
+ * Number::kMaxRep that needs to be rounded up, but rounds down
+ * instead. It will maintain consistent behavior until the fixCleanup3_2_0
+ * amendment is enabled.
  *
  * Note that if the mentioned amendments are eventually retired, this class
- * should be left in place, but the "small" scale option should be removed. This
+ * should be left in place, but the "Small" scale option should be removed. This
  * will allow for future expansion beyond 64-bits if it is ever needed.
  */
-struct MantissaRange
+struct MantissaRange final
 {
     using rep = std::uint64_t;
-    enum class MantissaScale { Small, Large };
+    enum class MantissaScale {
+        Small,
+        // LargeLegacy can be removed when fixCleanup3_2_0 is retired
+        LargeLegacy,
+        Large,
+    };
+
+    // This entire enum can be removed when fixCleanup3_2_0 is retired
+    enum class CuspRoundingFix : bool {
+        Disabled = false,
+        Enabled = true,
+    };
 
     explicit constexpr MantissaRange(MantissaScale scale)
-        : min(getMin(scale)), log(logTen(min).value_or(-1)), scale(scale)
+        : min(getMin(scale))
+        , cuspRoundingFixEnabled(isCuspFixEnabled(scale))
+        , log(logTen(min).value_or(-1))
+        , scale(scale)
     {
     }
 
     rep min;
     rep max{(min * 10) - 1};
+    CuspRoundingFix cuspRoundingFixEnabled;
     int log;
     MantissaScale scale;
 
+    static MantissaRange const&
+    getMantissaRange(MantissaScale scale);
+
+    static std::set<MantissaScale> const&
+    getAllScales();
+
 private:
     static constexpr rep
     getMin(MantissaScale scale)
@@ -90,15 +117,35 @@ private:
         {
             case MantissaScale::Small:
                 return 1'000'000'000'000'000ULL;
+            case MantissaScale::LargeLegacy:
             case MantissaScale::Large:
                 return 1'000'000'000'000'000'000ULL;
             default:
-                // Since this can never be called outside a non-constexpr
-                // context, this throw assures that the build fails if an
+                // If called in a constexpr context, this throw assures that the build fails if an
                 // invalid scale is used.
-                throw std::runtime_error("Unknown mantissa scale");
+                throw std::runtime_error("Unknown mantissa scale");  // LCOV_EXCL_LINE
         }
     }
+
+    static constexpr CuspRoundingFix
+    isCuspFixEnabled(MantissaScale scale)
+    {
+        switch (scale)
+        {
+            case MantissaScale::Small:
+            case MantissaScale::LargeLegacy:
+                return CuspRoundingFix::Disabled;
+            case MantissaScale::Large:
+                return CuspRoundingFix::Enabled;
+            default:
+                // If called in a constexpr context, this throw assures that the build fails if an
+                // invalid scale is used.
+                throw std::runtime_error("Unknown mantissa scale");  // LCOV_EXCL_LINE
+        }
+    }
+
+    static std::unordered_map<MantissaScale, MantissaRange> const&
+    getRanges();
 };
 
 // Like std::integral, but only 64-bit integral types.
@@ -203,7 +250,7 @@ concept Integral64 = std::is_same_v<T, std::int64_t> || std::is_same_v<T, std::u
  * amendments are enabled to determine which result to expect.
  *
  */
-class Number
+class Number final
 {
     using rep = std::int64_t;
     using internalrep = MantissaRange::rep;
@@ -214,12 +261,12 @@ class Number
 
 public:
     // The range for the exponent when normalized
-    constexpr static int kMIN_EXPONENT = -32768;
-    constexpr static int kMAX_EXPONENT = 32768;
+    static constexpr int kMinExponent = -32768;
+    static constexpr int kMaxExponent = 32768;
 
-    constexpr static internalrep kMAX_REP = std::numeric_limits<rep>::max();
-    static_assert(kMAX_REP == 9'223'372'036'854'775'807);
-    static_assert(-kMAX_REP == std::numeric_limits<rep>::min() + 1);
+    static constexpr internalrep kMaxRep = std::numeric_limits<rep>::max();
+    static_assert(kMaxRep == 9'223'372'036'854'775'807);
+    static_assert(-kMaxRep == std::numeric_limits<rep>::min() + 1);
 
     // May need to make unchecked private
     struct Unchecked
@@ -409,69 +456,49 @@ public:
     static internalrep
     minMantissa()
     {
-        return kRANGE.get().min;
+        return kRange.get().min;
     }
 
     static internalrep
     maxMantissa()
     {
-        return kRANGE.get().max;
+        return kRange.get().max;
     }
 
     static int
     mantissaLog()
     {
-        return kRANGE.get().log;
+        return kRange.get().log;
     }
 
-    /// oneSmall is needed because the ranges are private
-    constexpr static Number
-    oneSmall();
-    /// oneLarge is needed because the ranges are private
-    constexpr static Number
-    oneLarge();
-
-    // And one is needed because it needs to choose between oneSmall and
-    // oneLarge based on the current range
     static Number
     one();
 
-    template <Integral64 T>
+    template <
+        auto MinMantissa,
+        auto MaxMantissa,
+        Integral64 T = std::decay_t<decltype(MinMantissa)>,
+        Integral64 TMax = std::decay_t<decltype(MaxMantissa)>>
     [[nodiscard]]
     std::pair<T, int>
-    normalizeToRange(T minMantissa, T maxMantissa) const;
+    normalizeToRange() const;
 
 private:
     static thread_local RoundingMode mode;
     // The available ranges for mantissa
 
-    constexpr static MantissaRange kSMALL_RANGE{MantissaRange::MantissaScale::Small};
-    static_assert(isPowerOfTen(kSMALL_RANGE.min));
-    static_assert(kSMALL_RANGE.min == 1'000'000'000'000'000LL);
-    static_assert(kSMALL_RANGE.max == 9'999'999'999'999'999LL);
-    static_assert(kSMALL_RANGE.log == 15);
-    static_assert(kSMALL_RANGE.min < kMAX_REP);
-    static_assert(kSMALL_RANGE.max < kMAX_REP);
-    constexpr static MantissaRange kLARGE_RANGE{MantissaRange::MantissaScale::Large};
-    static_assert(isPowerOfTen(kLARGE_RANGE.min));
-    static_assert(kLARGE_RANGE.min == 1'000'000'000'000'000'000ULL);
-    static_assert(kLARGE_RANGE.max == internalrep(9'999'999'999'999'999'999ULL));
-    static_assert(kLARGE_RANGE.log == 18);
-    static_assert(kLARGE_RANGE.min < kMAX_REP);
-    static_assert(kLARGE_RANGE.max > kMAX_REP);
-
     // The range for the mantissa when normalized.
     // Use reference_wrapper to avoid making copies, and prevent accidentally
     // changing the values inside the range.
-    static thread_local std::reference_wrapper<MantissaRange const> kRANGE;
+    static thread_local std::reference_wrapper<MantissaRange const> kRange;
 
     void
-    normalize();
+    normalize(MantissaRange const& range);
 
     /** Normalize Number components to an arbitrary range.
      *
      * min/maxMantissa are parameters because this function is used by both
-     * normalize(), which reads from kRANGE, and by normalizeToRange,
+     * normalize(), which reads from kRange, and by normalizeToRange,
      * which is public and can accept an arbitrary range from the caller.
      */
     template <class T>
@@ -481,7 +508,8 @@ private:
         T& mantissa,
         int& exponent,
         internalrep const& minMantissa,
-        internalrep const& maxMantissa);
+        internalrep const& maxMantissa,
+        MantissaRange::CuspRoundingFix cuspRoundingFixEnabled);
 
     template <class T>
     friend void
@@ -490,7 +518,8 @@ private:
         T& mantissa,
         int& exponent,
         MantissaRange::rep const& minMantissa,
-        MantissaRange::rep const& maxMantissa);
+        MantissaRange::rep const& maxMantissa,
+        MantissaRange::CuspRoundingFix cuspRoundingFixEnabled);
 
     [[nodiscard]] bool
     isnormal() const noexcept;
@@ -521,12 +550,12 @@ constexpr Number::Number(internalrep mantissa, int exponent, Unchecked) noexcept
 {
 }
 
-constexpr static Number kNUM_ZERO{};
+static constexpr Number kNumZero{};
 
 inline Number::Number(bool negative, internalrep mantissa, int exponent, Normalized)
     : Number(negative, mantissa, exponent, Unchecked{})
 {
-    normalize();
+    normalize(kRange);
 }
 
 inline Number::Number(internalrep mantissa, int exponent, Normalized)
@@ -552,10 +581,10 @@ constexpr Number::rep
 Number::mantissa() const noexcept
 {
     auto m = mantissa_;
-    if (m > kMAX_REP)
+    if (m > kMaxRep)
     {
         XRPL_ASSERT_PARTS(
-            !isnormal() || (m % 10 == 0 && m / 10 <= kMAX_REP),
+            !isnormal() || (m % 10 == 0 && m / 10 <= kMaxRep),
             "xrpl::Number::mantissa",
             "large normalized mantissa has no remainder");
         m /= 10;
@@ -573,10 +602,10 @@ constexpr int
 Number::exponent() const noexcept
 {
     auto e = exponent_;
-    if (mantissa_ > kMAX_REP)
+    if (mantissa_ > kMaxRep)
     {
         XRPL_ASSERT_PARTS(
-            !isnormal() || (mantissa_ % 10 == 0 && mantissa_ / 10 <= kMAX_REP),
+            !isnormal() || (mantissa_ % 10 == 0 && mantissa_ / 10 <= kMaxRep),
             "xrpl::Number::exponent",
             "large normalized mantissa has no remainder");
         ++e;
@@ -671,35 +700,44 @@ operator/(Number const& x, Number const& y)
 inline Number
 Number::min() noexcept
 {
-    return Number{false, kRANGE.get().min, kMIN_EXPONENT, Unchecked{}};
+    return Number{false, kRange.get().min, kMinExponent, Unchecked{}};
 }
 
 inline Number
 Number::max() noexcept
 {
-    return Number{false, std::min(kRANGE.get().max, kMAX_REP), kMAX_EXPONENT, Unchecked{}};
+    return Number{false, std::min(kRange.get().max, kMaxRep), kMaxExponent, Unchecked{}};
 }
 
 inline Number
 Number::lowest() noexcept
 {
-    return Number{true, std::min(kRANGE.get().max, kMAX_REP), kMAX_EXPONENT, Unchecked{}};
+    return Number{true, std::min(kRange.get().max, kMaxRep), kMaxExponent, Unchecked{}};
 }
 
 inline bool
 Number::isnormal() const noexcept
 {
-    MantissaRange const& range = kRANGE;
+    MantissaRange const& range = kRange;
     auto const absM = mantissa_;
     return *this == Number{} ||
-        (range.min <= absM && absM <= range.max && (absM <= kMAX_REP || absM % 10 == 0) &&
-         kMIN_EXPONENT <= exponent_ && exponent_ <= kMAX_EXPONENT);
+        (range.min <= absM && absM <= range.max && (absM <= kMaxRep || absM % 10 == 0) &&
+         kMinExponent <= exponent_ && exponent_ <= kMaxExponent);
 }
 
-template <Integral64 T>
+template <auto MinMantissa, auto MaxMantissa, Integral64 T, Integral64 TMax>
 std::pair<T, int>
-Number::normalizeToRange(T minMantissa, T maxMantissa) const
+Number::normalizeToRange() const
 {
+    static_assert(std::is_same_v<T, std::uint64_t> || std::is_same_v<T, std::int64_t>);
+    static_assert(std::is_same_v<T, TMax>);
+    auto constexpr kMIN = static_cast<T>(MinMantissa);
+    auto constexpr kMAX = static_cast<T>(MaxMantissa);
+    static_assert(kMIN > 0);
+    static_assert(kMIN % 10 == 0);
+    static_assert(kMAX % 10 == 9);
+    static_assert((kMAX + 1) / 10 == kMIN);
+
     bool negative = negative_;
     internalrep mantissa = mantissa_;
     int exponent = exponent_;
@@ -711,7 +749,10 @@ Number::normalizeToRange(T minMantissa, T maxMantissa) const
             "xrpl::Number::normalizeToRange",
             "Number is non-negative for unsigned range.");
     }
-    Number::normalize(negative, mantissa, exponent, minMantissa, maxMantissa);
+    // Don't need to worry about the cuspRounding fix because rounding up will never take the
+    // mantissa over maxMantissa with a ones digit value other than 0. 0 can safely be truncated.
+    Number::normalize(
+        negative, mantissa, exponent, kMIN, kMAX, MantissaRange::CuspRoundingFix::Disabled);
 
     auto const sign = negative ? -1 : 1;
     return std::make_pair(static_cast<T>(sign * mantissa), exponent);
@@ -763,6 +804,8 @@ to_string(MantissaRange::MantissaScale const& scale)
     {
         case MantissaRange::MantissaScale::Small:
             return "small";
+        case MantissaRange::MantissaScale::LargeLegacy:
+            return "largeLegacy";
         case MantissaRange::MantissaScale::Large:
             return "large";
         default:

include/xrpl/basics/SharedWeakCachePointer.ipp

@@ -57,10 +57,10 @@ template <class T>
 std::shared_ptr<T> const&
 SharedWeakCachePointer<T>::getStrong() const
 {
-    static std::shared_ptr<T> const kEMPTY;
+    static std::shared_ptr<T> const kEmpty;
     if (auto p = std::get_if<std::shared_ptr<T>>(&combo_))
         return *p;
-    return kEMPTY;
+    return kEmpty;
 }
 
 template <class T>

include/xrpl/basics/StringUtilities.h

@@ -34,7 +34,7 @@ template <typename T>
 concept SomeChar = std::same_as<std::remove_cvref_t<T>, int8_t> ||
     std::same_as<std::remove_cvref_t<T>, char> || std::same_as<std::remove_cvref_t<T>, uint8_t>;
 
-inline constexpr std::array<std::optional<int>, 256> const kDIGIT_LOOKUP_TABLE = []() {
+inline constexpr std::array<std::optional<int>, 256> const kDigitLookupTable = []() {
     std::array<std::optional<int>, 256> t{};
 
     for (int i = 0; i < 10; ++i)
@@ -52,7 +52,7 @@ inline constexpr std::array<std::optional<int>, 256> const kDIGIT_LOOKUP_TABLE =
 inline std::optional<int>
 hexCharToInt(SomeChar auto hexChar)
 {
-    return kDIGIT_LOOKUP_TABLE[static_cast<uint8_t>(hexChar)];
+    return kDigitLookupTable[static_cast<uint8_t>(hexChar)];
 }
 
 }  // namespace detail

include/xrpl/basics/TaggedCache.h

@@ -181,14 +181,14 @@ private:
             beast::insight::Collector::ptr const& collector)
             : hook(collector->makeHook(handler))
             , size(collector->makeGauge(prefix, "size"))
-            , hit_rate(collector->makeGauge(prefix, "hit_rate"))
+            , hitRate(collector->makeGauge(prefix, "hit_rate"))
 
         {
         }
 
         beast::insight::Hook hook;
         beast::insight::Gauge size;
-        beast::insight::Gauge hit_rate;
+        beast::insight::Gauge hitRate;
 
         std::size_t hits{0};
         std::size_t misses{0};
@@ -197,16 +197,16 @@ private:
     class KeyOnlyEntry
     {
     public:
-        clock_type::time_point last_access;
+        clock_type::time_point lastAccess;
 
-        explicit KeyOnlyEntry(clock_type::time_point const& lastAccess) : last_access(lastAccess)
+        explicit KeyOnlyEntry(clock_type::time_point const& lastAccess) : lastAccess(lastAccess)
         {
         }
 
         void
         touch(clock_type::time_point const& now)
         {
-            last_access = now;
+            lastAccess = now;
         }
     };
 
@@ -214,10 +214,10 @@ private:
     {
     public:
         shared_weak_combo_pointer_type ptr;
-        clock_type::time_point last_access;
+        clock_type::time_point lastAccess;
 
         ValueEntry(clock_type::time_point const& lastAccess, shared_pointer_type const& ptr)
-            : ptr(ptr), last_access(lastAccess)
+            : ptr(ptr), lastAccess(lastAccess)
         {
         }
 
@@ -246,7 +246,7 @@ private:
         void
         touch(clock_type::time_point const& now)
         {
-            last_access = now;
+            lastAccess = now;
         }
     };
 
@@ -286,13 +286,13 @@ private:
     std::string name_;
 
     // Desired number of cache entries (0 = ignore)
-    int const target_size_;
+    int const targetSize_;
 
     // Desired maximum cache age
-    clock_type::duration const target_age_;
+    clock_type::duration const targetAge_;
 
     // Number of items cached
-    int cache_count_{0};
+    int cacheCount_{0};
     cache_type cache_;  // Hold strong reference to recent objects
     std::uint64_t hits_{0};
     std::uint64_t misses_{0};

include/xrpl/basics/TaggedCache.ipp

@@ -34,8 +34,8 @@ inline TaggedCache<
     , clock_(clock)
     , stats_(name, std::bind(&TaggedCache::collectMetrics, this), collector)
     , name_(name)
-    , target_size_(size)
-    , target_age_(expiration)
+    , targetSize_(size)
+    , targetAge_(expiration)
 {
 }
 
@@ -86,7 +86,7 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
     getCacheSize() const
 {
     std::scoped_lock const lock(mutex_);
-    return cache_count_;
+    return cacheCount_;
 }
 
 template <
@@ -139,7 +139,7 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
 {
     std::scoped_lock const lock(mutex_);
     cache_.clear();
-    cache_count_ = 0;
+    cacheCount_ = 0;
 }
 
 template <
@@ -157,7 +157,7 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
 {
     std::scoped_lock const lock(mutex_);
     cache_.clear();
-    cache_count_ = 0;
+    cacheCount_ = 0;
     hits_ = 0;
     misses_ = 0;
 }
@@ -213,21 +213,21 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
     {
         std::scoped_lock const lock(mutex_);
 
-        if (target_size_ == 0 || (static_cast<int>(cache_.size()) <= target_size_))
+        if (targetSize_ == 0 || (static_cast<int>(cache_.size()) <= targetSize_))
         {
-            whenExpire = now - target_age_;
+            whenExpire = now - targetAge_;
         }
         else
         {
-            whenExpire = now - (target_age_ * target_size_ / cache_.size());
+            whenExpire = now - (targetAge_ * targetSize_ / cache_.size());
 
             clock_type::duration const minimumAge(std::chrono::seconds(1));
             if (whenExpire > (now - minimumAge))
                 whenExpire = now - minimumAge;
 
             JLOG(journal_.trace())
-                << name_ << " is growing fast " << cache_.size() << " of " << target_size_
-                << " aging at " << (now - whenExpire).count() << " of " << target_age_.count();
+                << name_ << " is growing fast " << cache_.size() << " of " << targetSize_
+                << " aging at " << (now - whenExpire).count() << " of " << targetAge_.count();
         }
 
         std::vector<std::thread> workers;
@@ -242,7 +242,7 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
         for (std::thread& worker : workers)
             worker.join();
 
-        cache_count_ -= allRemovals;
+        cacheCount_ -= allRemovals;
     }
     // At this point allStuffToSweep will go out of scope outside the lock
     // and decrement the reference count on each strong pointer.
@@ -280,7 +280,7 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
 
     if (entry.isCached())
     {
-        --cache_count_;
+        --cacheCount_;
         entry.ptr.convertToWeak();
         ret = true;
     }
@@ -317,7 +317,7 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
             std::piecewise_construct,
             std::forward_as_tuple(key),
             std::forward_as_tuple(clock_.now(), data));
-        ++cache_count_;
+        ++cacheCount_;
         return false;
     }
 
@@ -366,12 +366,12 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
             data = cachedData;
         }
 
-        ++cache_count_;
+        ++cacheCount_;
         return true;
     }
 
     entry.ptr = data;
-    ++cache_count_;
+    ++cacheCount_;
 
     return false;
 }
@@ -477,7 +477,7 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
     auto [it, inserted] = cache_.emplace(
         std::piecewise_construct, std::forward_as_tuple(key), std::forward_as_tuple(now));
     if (!inserted)
-        it->second.last_access = now;
+        it->second.lastAccess = now;
     return inserted;
 }
 
@@ -626,7 +626,7 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
     if (entry.isCached())
     {
         // independent of cache size, so not counted as a hit
-        ++cache_count_;
+        ++cacheCount_;
         entry.touch(clock_.now());
         return entry.ptr.getStrong();
     }
@@ -658,7 +658,7 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
             if (total != 0)
                 hitRate = (hits_ * 100) / total;
         }
-        stats_.hit_rate.set(hitRate);
+        stats_.hitRate.set(hitRate);
     }
 }
 
@@ -706,7 +706,7 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
                         ++cit;
                     }
                 }
-                else if (cit->second.last_access <= whenExpire)
+                else if (cit->second.lastAccess <= whenExpire)
                 {
                     // strong, expired
                     ++cacheRemovals;
@@ -773,12 +773,12 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
             auto cit = partition.begin();
             while (cit != partition.end())
             {
-                if (cit->second.last_access > now)
+                if (cit->second.lastAccess > now)
                 {
-                    cit->second.last_access = now;
+                    cit->second.lastAccess = now;
                     ++cit;
                 }
-                else if (cit->second.last_access <= whenExpire)
+                else if (cit->second.lastAccess <= whenExpire)
                 {
                     cit = partition.erase(cit);
                 }

include/xrpl/basics/UptimeClock.h

@@ -30,8 +30,8 @@ public:
     now();  // seconds since xrpld program start
 
 private:
-    static std::atomic<rep> kNOW;
-    static std::atomic<bool> kSTOP;
+    static std::atomic<rep> kNow;
+    static std::atomic<bool> kStop;
 
     struct UpdateThread : private std::thread
     {

include/xrpl/basics/base_uint.h

@@ -73,12 +73,12 @@ class BaseUInt
 
     static_assert(Bits >= 64, "The length of a base_uint in bits must be at least 64.");
 
-    static constexpr std::size_t kWIDTH = Bits / 32;
+    static constexpr std::size_t kWidth = Bits / 32;
 
     // This is really big-endian in byte order.
     // We sometimes use std::uint32_t for speed.
 
-    std::array<std::uint32_t, kWIDTH> data_;
+    std::array<std::uint32_t, kWidth> data_;
 
 public:
     //--------------------------------------------------------------------------
@@ -86,8 +86,8 @@ public:
     // STL Container Interface
     //
 
-    static std::size_t constexpr kBYTES = Bits / 8;
-    static_assert(sizeof(data_) == kBYTES, "");
+    static constexpr std::size_t kBytes = Bits / 8;
+    static_assert(sizeof(data_) == kBytes, "");
 
     using size_type = std::size_t;
     using difference_type = std::ptrdiff_t;
@@ -121,7 +121,7 @@ public:
     iterator
     end()
     {
-        return data() + kBYTES;
+        return data() + kBytes;
     }
     [[nodiscard]] const_iterator
     begin() const
@@ -131,7 +131,7 @@ public:
     [[nodiscard]] const_iterator
     end() const
     {
-        return data() + kBYTES;
+        return data() + kBytes;
     }
     [[nodiscard]] const_iterator
     cbegin() const
@@ -141,7 +141,7 @@ public:
     [[nodiscard]] const_iterator
     cend() const
     {
-        return data() + kBYTES;
+        return data() + kBytes;
     }
 
     /** Value hashing function.
@@ -167,7 +167,7 @@ private:
 
     explicit BaseUInt(void const* data, VoidHelper)
     {
-        memcpy(data_.data(), data, kBYTES);
+        memcpy(data_.data(), data, kBytes);
     }
 
     // Helper function to initialize a base_uint from a std::string_view.
@@ -336,7 +336,7 @@ public:
     [[nodiscard]] constexpr int
     signum() const
     {
-        for (int i = 0; i < kWIDTH; i++)
+        for (int i = 0; i < kWidth; i++)
         {
             if (data_[i] != 0)
                 return 1;
@@ -348,7 +348,7 @@ public:
     bool
     operator!() const
     {
-        return *this == beast::kZERO;
+        return *this == beast::kZero;
     }
 
     constexpr BaseUInt
@@ -356,7 +356,7 @@ public:
     {
         BaseUInt ret;
 
-        for (int i = 0; i < kWIDTH; i++)
+        for (int i = 0; i < kWidth; i++)
             ret.data_[i] = ~data_[i];
 
         return ret;
@@ -365,7 +365,7 @@ public:
     BaseUInt&
     operator=(std::uint64_t uHost)
     {
-        *this = beast::kZERO;
+        *this = beast::kZero;
         // NOLINTBEGIN(cppcoreguidelines-pro-type-member-init)
         union
         {
@@ -375,15 +375,15 @@ public:
         // NOLINTEND(cppcoreguidelines-pro-type-member-init)
         // Put in least significant bits.
         ul = boost::endian::native_to_big(uHost);
-        data_[kWIDTH - 2] = u[0];
-        data_[kWIDTH - 1] = u[1];
+        data_[kWidth - 2] = u[0];
+        data_[kWidth - 1] = u[1];
         return *this;
     }
 
     BaseUInt&
     operator^=(BaseUInt const& b)
     {
-        for (int i = 0; i < kWIDTH; i++)
+        for (int i = 0; i < kWidth; i++)
             data_[i] ^= b.data_[i];
 
         return *this;
@@ -392,7 +392,7 @@ public:
     BaseUInt&
     operator&=(BaseUInt const& b)
     {
-        for (int i = 0; i < kWIDTH; i++)
+        for (int i = 0; i < kWidth; i++)
             data_[i] &= b.data_[i];
 
         return *this;
@@ -401,7 +401,7 @@ public:
     BaseUInt&
     operator|=(BaseUInt const& b)
     {
-        for (int i = 0; i < kWIDTH; i++)
+        for (int i = 0; i < kWidth; i++)
             data_[i] |= b.data_[i];
 
         return *this;
@@ -411,7 +411,7 @@ public:
     operator++()
     {
         // prefix operator
-        for (int i = kWIDTH - 1; i >= 0; --i)
+        for (int i = kWidth - 1; i >= 0; --i)
         {
             data_[i] = boost::endian::native_to_big(boost::endian::big_to_native(data_[i]) + 1);
             if (data_[i] != 0)
@@ -434,7 +434,7 @@ public:
     BaseUInt&
     operator--()
     {
-        for (int i = kWIDTH - 1; i >= 0; --i)
+        for (int i = kWidth - 1; i >= 0; --i)
         {
             auto prev = data_[i];
             data_[i] = boost::endian::native_to_big(boost::endian::big_to_native(data_[i]) - 1);
@@ -475,7 +475,7 @@ public:
     {
         std::uint64_t carry = 0;
 
-        for (int i = kWIDTH - 1; i >= 0; i--)
+        for (int i = kWidth - 1; i >= 0; i--)
         {
             std::uint64_t const n = carry + boost::endian::big_to_native(data_[i]) +
                 boost::endian::big_to_native(b.data_[i]);
@@ -526,10 +526,10 @@ public:
         return parseHex(std::string_view{str});
     }
 
-    constexpr static std::size_t
+    static constexpr std::size_t
     size()
     {
-        return kBYTES;
+        return kBytes;
     }
 
     BaseUInt<Bits, Tag>&
@@ -543,17 +543,17 @@ public:
     [[nodiscard]] bool
     isZero() const
     {
-        return *this == beast::kZERO;
+        return *this == beast::kZero;
     }
     [[nodiscard]] bool
     isNonZero() const
     {
-        return *this != beast::kZERO;
+        return *this != beast::kZero;
     }
     void
     zero()
     {
-        *this = beast::kZERO;
+        *this = beast::kZero;
     }
 };
 
@@ -639,7 +639,7 @@ template <std::size_t Bits, class Tag>
 inline std::string
 toShortString(BaseUInt<Bits, Tag> const& a)
 {
-    static_assert(BaseUInt<Bits, Tag>::kBYTES > 4, "For 4 bytes or less, use a native type");
+    static_assert(BaseUInt<Bits, Tag>::kBytes > 4, "For 4 bytes or less, use a native type");
     return strHex(a.cbegin(), a.cbegin() + 4) + "...";
 }
 

include/xrpl/basics/chrono.h

@@ -30,10 +30,10 @@ using weeks = std::chrono::duration<int, std::ratio_multiply<days::period, std::
     = seconds(946684800)
 */
 
-constexpr static std::chrono::seconds kEPOCH_OFFSET =
+static constexpr std::chrono::seconds kEpochOffset =
     date::sys_days{date::year{2000} / 1 / 1} - date::sys_days{date::year{1970} / 1 / 1};
 
-static_assert(kEPOCH_OFFSET.count() == 946684800);
+static_assert(kEpochOffset.count() == 946684800);
 
 class NetClock
 {
@@ -60,7 +60,7 @@ to_string(NetClock::time_point tp)
 {
     // 2000-01-01 00:00:00 UTC is 946684800s from 1970-01-01 00:00:00 UTC
     using namespace std::chrono;
-    return to_string(system_clock::time_point{tp.time_since_epoch() + kEPOCH_OFFSET});
+    return to_string(system_clock::time_point{tp.time_since_epoch() + kEpochOffset});
 }
 
 template <class Duration>
@@ -77,7 +77,7 @@ toStringIso(NetClock::time_point tp)
     // 2000-01-01 00:00:00 UTC is 946684800s from 1970-01-01 00:00:00 UTC
     // Note, NetClock::duration is seconds, as checked by static_assert
     static_assert(std::is_same_v<NetClock::duration::period, std::ratio<1>>);
-    return toStringIso(date::sys_time<NetClock::duration>{tp.time_since_epoch() + kEPOCH_OFFSET});
+    return toStringIso(date::sys_time<NetClock::duration>{tp.time_since_epoch() + kEpochOffset});
 }
 
 /** A clock for measuring elapsed time.

include/xrpl/basics/hardened_hash.h

@@ -31,9 +31,9 @@ makeSeedPair() noexcept
         // state_t(state_t const&) = delete;
         // state_t& operator=(state_t const&) = delete;
     };
-    static StateT kSTATE;
-    std::scoped_lock const lock(kSTATE.mutex);
-    return {kSTATE.dist(kSTATE.gen), kSTATE.dist(kSTATE.gen)};
+    static StateT kState;
+    std::scoped_lock const lock(kState.mutex);
+    return {kState.dist(kState.gen), kState.dist(kState.gen)};
 }
 
 }  // namespace detail

include/xrpl/basics/mulDiv.h

@@ -5,7 +5,7 @@
 #include <optional>
 
 namespace xrpl {
-auto constexpr kMULDIV_MAX = std::numeric_limits<std::uint64_t>::max();
+constexpr auto kMuldivMax = std::numeric_limits<std::uint64_t>::max();
 
 /** Return value*mul/div accurately.
     Computes the result of the multiplication and division in

include/xrpl/basics/random.h

@@ -47,7 +47,7 @@ inline beast::xor_shift_engine&
 defaultPrng()
 {
     // This is used to seed the thread-specific PRNGs on demand
-    static beast::xor_shift_engine kSEEDER = [] {
+    static beast::xor_shift_engine kSeeder = [] {
         std::random_device rng;
         std::uniform_int_distribution<std::uint64_t> distribution{1};
         return beast::xor_shift_engine(distribution(rng));
@@ -57,17 +57,17 @@ defaultPrng()
     static std::mutex kM;
 
     // The thread-specific PRNGs:
-    thread_local beast::xor_shift_engine kENGINE = [] {
+    thread_local beast::xor_shift_engine kEngine = [] {
         std::uint64_t seed = 0;
         {
             std::scoped_lock const lk(kM);
             std::uniform_int_distribution<std::uint64_t> distribution{1};
-            seed = distribution(kSEEDER);
+            seed = distribution(kSeeder);
         }
         return beast::xor_shift_engine{seed};
     }();
 
-    return kENGINE;
+    return kEngine;
 }
 
 /** Return a uniformly distributed random integer.

include/xrpl/basics/safe_cast.h

@@ -22,9 +22,9 @@ safeCast(Src s) noexcept
 {
     static_assert(
         std::is_signed_v<Dest> || std::is_unsigned_v<Src>, "Cannot cast signed to unsigned");
-    constexpr unsigned kNOT_SAME = std::is_signed_v<Dest> != std::is_signed_v<Src>;
+    constexpr unsigned kNotSame = std::is_signed_v<Dest> != std::is_signed_v<Src>;
     static_assert(
-        sizeof(Dest) >= sizeof(Src) + kNOT_SAME,
+        sizeof(Dest) >= sizeof(Src) + kNotSame,
         "Destination is too small to hold all values of source");
     return static_cast<Dest>(s);
 }

include/xrpl/basics/scope.h

@@ -24,20 +24,20 @@ namespace xrpl {
 template <class EF>
 class ScopeExit
 {
-    EF exit_function_;
-    bool execute_on_destruction_{true};
+    EF exitFunction_;
+    bool executeOnDestruction_{true};
 
 public:
     ~ScopeExit()
     {
-        if (execute_on_destruction_)
-            exit_function_();
+        if (executeOnDestruction_)
+            exitFunction_();
     }
 
     ScopeExit(ScopeExit&& rhs) noexcept(
         std::is_nothrow_move_constructible_v<EF> || std::is_nothrow_copy_constructible_v<EF>)
-        : exit_function_{std::forward<EF>(rhs.exit_function_)}
-        , execute_on_destruction_{rhs.execute_on_destruction_}
+        : exitFunction_{std::forward<EF>(rhs.exitFunction_)}
+        , executeOnDestruction_{rhs.executeOnDestruction_}
     {
         rhs.release();
     }
@@ -51,7 +51,7 @@ public:
         std::enable_if_t<
             !std::is_same_v<std::remove_cv_t<EFP>, ScopeExit> &&
             std::is_constructible_v<EF, EFP>>* = 0) noexcept
-        : exit_function_{std::forward<EFP>(f)}
+        : exitFunction_{std::forward<EFP>(f)}
     {
         static_assert(std::is_nothrow_constructible_v<EF, decltype(std::forward<EFP>(f))>);
     }
@@ -59,7 +59,7 @@ public:
     void
     release() noexcept
     {
-        execute_on_destruction_ = false;
+        executeOnDestruction_ = false;
     }
 };
 
@@ -69,22 +69,22 @@ ScopeExit(EF) -> ScopeExit<EF>;
 template <class EF>
 class ScopeFail
 {
-    EF exit_function_;
-    bool execute_on_destruction_{true};
-    int uncaught_on_creation_{std::uncaught_exceptions()};
+    EF exitFunction_;
+    bool executeOnDestruction_{true};
+    int uncaughtOnCreation_{std::uncaught_exceptions()};
 
 public:
     ~ScopeFail()
     {
-        if (execute_on_destruction_ && std::uncaught_exceptions() > uncaught_on_creation_)
-            exit_function_();
+        if (executeOnDestruction_ && std::uncaught_exceptions() > uncaughtOnCreation_)
+            exitFunction_();
     }
 
     ScopeFail(ScopeFail&& rhs) noexcept(
         std::is_nothrow_move_constructible_v<EF> || std::is_nothrow_copy_constructible_v<EF>)
-        : exit_function_{std::forward<EF>(rhs.exit_function_)}
-        , execute_on_destruction_{rhs.execute_on_destruction_}
-        , uncaught_on_creation_{rhs.uncaught_on_creation_}
+        : exitFunction_{std::forward<EF>(rhs.exitFunction_)}
+        , executeOnDestruction_{rhs.executeOnDestruction_}
+        , uncaughtOnCreation_{rhs.uncaughtOnCreation_}
     {
         rhs.release();
     }
@@ -98,7 +98,7 @@ public:
         std::enable_if_t<
             !std::is_same_v<std::remove_cv_t<EFP>, ScopeFail> &&
             std::is_constructible_v<EF, EFP>>* = 0) noexcept
-        : exit_function_{std::forward<EFP>(f)}
+        : exitFunction_{std::forward<EFP>(f)}
     {
         static_assert(std::is_nothrow_constructible_v<EF, decltype(std::forward<EFP>(f))>);
     }
@@ -106,7 +106,7 @@ public:
     void
     release() noexcept
     {
-        execute_on_destruction_ = false;
+        executeOnDestruction_ = false;
     }
 };
 
@@ -116,22 +116,22 @@ ScopeFail(EF) -> ScopeFail<EF>;
 template <class EF>
 class ScopeSuccess
 {
-    EF exit_function_;
-    bool execute_on_destruction_{true};
-    int uncaught_on_creation_{std::uncaught_exceptions()};
+    EF exitFunction_;
+    bool executeOnDestruction_{true};
+    int uncaughtOnCreation_{std::uncaught_exceptions()};
 
 public:
-    ~ScopeSuccess() noexcept(noexcept(exit_function_()))
+    ~ScopeSuccess() noexcept(noexcept(exitFunction_()))
     {
-        if (execute_on_destruction_ && std::uncaught_exceptions() <= uncaught_on_creation_)
-            exit_function_();
+        if (executeOnDestruction_ && std::uncaught_exceptions() <= uncaughtOnCreation_)
+            exitFunction_();
     }
 
     ScopeSuccess(ScopeSuccess&& rhs) noexcept(
         std::is_nothrow_move_constructible_v<EF> || std::is_nothrow_copy_constructible_v<EF>)
-        : exit_function_{std::forward<EF>(rhs.exit_function_)}
-        , execute_on_destruction_{rhs.execute_on_destruction_}
-        , uncaught_on_creation_{rhs.uncaught_on_creation_}
+        : exitFunction_{std::forward<EF>(rhs.exitFunction_)}
+        , executeOnDestruction_{rhs.executeOnDestruction_}
+        , uncaughtOnCreation_{rhs.uncaughtOnCreation_}
     {
         rhs.release();
     }
@@ -146,14 +146,14 @@ public:
             !std::is_same_v<std::remove_cv_t<EFP>, ScopeSuccess> &&
             std::is_constructible_v<EF, EFP>>* =
             0) noexcept(std::is_nothrow_constructible_v<EF, EFP> || std::is_nothrow_constructible_v<EF, EFP&>)
-        : exit_function_{std::forward<EFP>(f)}
+        : exitFunction_{std::forward<EFP>(f)}
     {
     }
 
     void
     release() noexcept
     {
-        execute_on_destruction_ = false;
+        executeOnDestruction_ = false;
     }
 };
 

include/xrpl/beast/clock/abstract_clock.h

@@ -83,8 +83,8 @@ template <class Facade, class Clock = Facade>
 AbstractClock<Facade>&
 getAbstractClock()
 {
-    static detail::AbstractClockWrapper<Facade, Clock> kCLOCK;
-    return kCLOCK;
+    static detail::AbstractClockWrapper<Facade, Clock> kClock;
+    return kClock;
 }
 
 }  // namespace beast

include/xrpl/beast/core/CurrentThreadName.h

@@ -21,7 +21,7 @@ setCurrentThreadName(std::string_view newThreadName);
 
 // On Linux, thread names are limited to 16 bytes including the null terminator.
 // Maximum number of characters is therefore 15.
-constexpr std::size_t kMAX_THREAD_NAME_LENGTH = 15;
+constexpr std::size_t kMaxThreadNameLength = 15;
 
 /** Sets the name of the caller thread with compile-time size checking.
     @tparam N The size of the string literal including null terminator
@@ -34,7 +34,7 @@ template <std::size_t N>
 void
 setCurrentThreadName(char const (&newThreadName)[N])
 {
-    static_assert(N <= kMAX_THREAD_NAME_LENGTH + 1, "Thread name cannot exceed 15 characters");
+    static_assert(N <= kMaxThreadNameLength + 1, "Thread name cannot exceed 15 characters");
 
     setCurrentThreadName(std::string_view(newThreadName, N - 1));
 }

include/xrpl/beast/hash/hash_append.h

@@ -53,7 +53,7 @@ inline void
 maybeReverseBytes(T& t, Hasher&)
 {
     maybeReverseBytes(
-        t, std::integral_constant<bool, Hasher::kENDIAN != boost::endian::order::native>{});
+        t, std::integral_constant<bool, Hasher::kEndian != boost::endian::order::native>{});
 }
 
 }  // namespace detail
@@ -154,7 +154,7 @@ struct IsContiguouslyHashable
     : public std::integral_constant<
           bool,
           IsUniquelyRepresented<T>::value &&
-              (sizeof(T) == 1 || HashAlgorithm::kENDIAN == boost::endian::order::native)>
+              (sizeof(T) == 1 || HashAlgorithm::kEndian == boost::endian::order::native)>
 {
     explicit IsContiguouslyHashable() = default;
 };

include/xrpl/beast/hash/xxhasher.h

@@ -21,9 +21,9 @@ private:
     static_assert(sizeof(std::size_t) == 8, "requires 64-bit std::size_t");
     // Have an internal buffer to avoid the streaming API
     // A 64-byte buffer should to be big enough for us
-    static constexpr std::size_t kINTERNAL_BUFFER_SIZE = 64;
+    static constexpr std::size_t kInternalBufferSize = 64;
 
-    alignas(64) std::array<std::uint8_t, kINTERNAL_BUFFER_SIZE> buffer_{};
+    alignas(64) std::array<std::uint8_t, kInternalBufferSize> buffer_{};
     std::span<std::uint8_t> readBuffer_;
     std::span<std::uint8_t> writeBuffer_;
 
@@ -102,7 +102,7 @@ private:
     }
 
 public:
-    static constexpr auto const kENDIAN = boost::endian::order::native;
+    static constexpr auto kEndian = boost::endian::order::native;
 
     Xxhasher(Xxhasher const&) = delete;
     Xxhasher&

include/xrpl/beast/unit_test/reporter.h

@@ -62,7 +62,7 @@ private:
     {
         using run_time = std::pair<std::string, typename clock_type::duration>;
 
-        static constexpr auto kMAX_TOP = 10;
+        static constexpr auto kMaxTop = 10;
 
         std::size_t suites = 0;
         std::size_t cases = 0;
@@ -77,8 +77,8 @@ private:
 
     std::ostream& os_;
     Results results_;
-    SuiteResults suite_results_;
-    CaseResults case_results_;
+    SuiteResults suiteResults_;
+    CaseResults caseResults_;
 
 public:
     Reporter(Reporter const&) = delete;
@@ -146,11 +146,11 @@ Reporter<Unused>::Results::add(SuiteResults const& r)
             });
         if (iter != top.end())
         {
-            if (top.size() == kMAX_TOP)
+            if (top.size() == kMaxTop)
                 top.resize(top.size() - 1);
             top.emplace(iter, r.name, elapsed);
         }
-        else if (top.size() < kMAX_TOP)
+        else if (top.size() < kMaxTop)
         {
             top.emplace_back(r.name, elapsed);
         }
@@ -196,22 +196,22 @@ template <class Unused>
 void
 Reporter<Unused>::onSuiteBegin(SuiteInfo const& info)
 {
-    suite_results_ = SuiteResults{info.fullName()};
+    suiteResults_ = SuiteResults{info.fullName()};
 }
 
 template <class Unused>
 void
 Reporter<Unused>::onSuiteEnd()
 {
-    results_.add(suite_results_);
+    results_.add(suiteResults_);
 }
 
 template <class Unused>
 void
 Reporter<Unused>::onCaseBegin(std::string const& name)
 {
-    case_results_ = CaseResults(name);
-    os_ << suite_results_.name << (case_results_.name.empty() ? "" : (" " + case_results_.name))
+    caseResults_ = CaseResults(name);
+    os_ << suiteResults_.name << (caseResults_.name.empty() ? "" : (" " + caseResults_.name))
         << std::endl;
 }
 
@@ -219,23 +219,23 @@ template <class Unused>
 void
 Reporter<Unused>::onCaseEnd()
 {
-    suite_results_.add(case_results_);
+    suiteResults_.add(caseResults_);
 }
 
 template <class Unused>
 void
 Reporter<Unused>::onPass()
 {
-    ++case_results_.total;
+    ++caseResults_.total;
 }
 
 template <class Unused>
 void
 Reporter<Unused>::onFail(std::string const& reason)
 {
-    ++case_results_.failed;
-    ++case_results_.total;
-    os_ << "#" << case_results_.total << " failed" << (reason.empty() ? "" : ": ") << reason
+    ++caseResults_.failed;
+    ++caseResults_.total;
+    os_ << "#" << caseResults_.total << " failed" << (reason.empty() ? "" : ": ") << reason
         << std::endl;
 }
 

include/xrpl/beast/unit_test/suite.h

@@ -299,8 +299,8 @@ private:
     static Suite**
     pThisSuite()
     {
-        static Suite* kP_TS = nullptr;  // NOLINT TODO
-        return &kP_TS;
+        static Suite* kPTs = nullptr;  // NOLINT TODO
+        return &kPTs;
     }
 
     /** Runs the suite. */

include/xrpl/beast/utility/Zero.h

@@ -27,7 +27,7 @@ struct Zero
 };
 
 namespace {
-constexpr Zero kZERO{};
+constexpr Zero kZero{};
 }  // namespace
 
 /** Default implementation of signum calls the method on the class. */
@@ -102,42 +102,42 @@ template <typename T>
 bool
 operator==(Zero, T const& t)
 {
-    return t == kZERO;
+    return t == kZero;
 }
 
 template <typename T>
 bool
 operator!=(Zero, T const& t)
 {
-    return t != kZERO;
+    return t != kZero;
 }
 
 template <typename T>
 bool
 operator<(Zero, T const& t)
 {
-    return t > kZERO;
+    return t > kZero;
 }
 
 template <typename T>
 bool
 operator>(Zero, T const& t)
 {
-    return t < kZERO;
+    return t < kZero;
 }
 
 template <typename T>
 bool
 operator>=(Zero, T const& t)
 {
-    return t <= kZERO;
+    return t <= kZero;
 }
 
 template <typename T>
 bool
 operator<=(Zero, T const& t)
 {
-    return t >= kZERO;
+    return t >= kZero;
 }
 
 }  // namespace beast

include/xrpl/beast/utility/rngfill.h

@@ -14,23 +14,23 @@ void
 rngfill(void* const buffer, std::size_t const bytes, Generator& g)
 {
     using result_type = typename Generator::result_type;
-    constexpr std::size_t kRESULT_SIZE = sizeof(result_type);
+    constexpr std::size_t kResultSize = sizeof(result_type);
 
     std::uint8_t* const bufferStart = static_cast<std::uint8_t*>(buffer);
-    std::size_t const completeIterations = bytes / kRESULT_SIZE;
-    std::size_t const bytesRemaining = bytes % kRESULT_SIZE;
+    std::size_t const completeIterations = bytes / kResultSize;
+    std::size_t const bytesRemaining = bytes % kResultSize;
 
     for (std::size_t count = 0; count < completeIterations; ++count)
     {
         result_type const v = g();
-        std::size_t const offset = count * kRESULT_SIZE;
-        std::memcpy(bufferStart + offset, &v, kRESULT_SIZE);
+        std::size_t const offset = count * kResultSize;
+        std::memcpy(bufferStart + offset, &v, kResultSize);
     }
 
     if (bytesRemaining > 0)
     {
         result_type const v = g();
-        std::size_t const offset = completeIterations * kRESULT_SIZE;
+        std::size_t const offset = completeIterations * kResultSize;
         std::memcpy(bufferStart + offset, &v, bytesRemaining);
     }
 }

include/xrpl/beast/xor_shift_engine.h

@@ -26,12 +26,14 @@ public:
     result_type
     operator()();
 
-    static result_type constexpr min()
+    static constexpr result_type
+    min()
     {
         return std::numeric_limits<result_type>::min();
     }
 
-    static result_type constexpr max()
+    static constexpr result_type
+    max()
     {
         return std::numeric_limits<result_type>::max();
     }

include/xrpl/conditions/Condition.h

@@ -27,7 +27,7 @@ public:
               that were previously considered valid to no longer
               be allowed.
     */
-    static constexpr std::size_t kMAX_SERIALIZED_CONDITION = 128;
+    static constexpr std::size_t kMaxSerializedCondition = 128;
 
     /** Load a condition from its binary form
 

include/xrpl/conditions/Fulfillment.h

@@ -16,7 +16,7 @@ public:
               that were previously considered valid to no longer
               be allowed.
     */
-    static constexpr std::size_t kMAX_SERIALIZED_FULFILLMENT = 256;
+    static constexpr std::size_t kMaxSerializedFulfillment = 256;
 
     /** Load a fulfillment from its binary form
 

include/xrpl/conditions/detail/PreimageSha256.h

@@ -23,7 +23,7 @@ public:
         While future versions of this code will never lower
         this limit, they may opt to raise it.
     */
-    static constexpr std::size_t kMAX_PREIMAGE_LENGTH = 128;
+    static constexpr std::size_t kMaxPreimageLength = 128;
 
     /** Parse the payload for a PreimageSha256 condition
 
@@ -65,7 +65,7 @@ public:
             return {};
         }
 
-        if (s.size() > kMAX_PREIMAGE_LENGTH)
+        if (s.size() > kMaxPreimageLength)
         {
             ec = Error::PreimageTooLong;
             return {};

include/xrpl/core/Coro.ipp

@@ -6,7 +6,7 @@ namespace xrpl {
 
 /// Coroutine stack size (1.5 MB). Increased from 1 MB because
 /// ASAN-instrumented deep call stacks exceeded the original limit.
-constexpr std::size_t kCORO_STACK_SIZE = 1536 * 1024;
+constexpr std::size_t kCoroStackSize = 1536 * 1024;
 
 template <class F>
 JobQueue::Coro::Coro(CoroCreateT, JobQueue& jq, JobType type, std::string name, F&& f)
@@ -14,7 +14,7 @@ JobQueue::Coro::Coro(CoroCreateT, JobQueue& jq, JobType type, std::string name,
     , type_(type)
     , name_(std::move(name))
     , coro_(
-          boost::context::protected_fixedsize_stack(kCORO_STACK_SIZE),
+          boost::context::protected_fixedsize_stack(kCoroStackSize),
           [this, fn = std::forward<F>(f)](boost::coroutines2::coroutine<void>::push_type& doYield) {
               yield_ = &doYield;
               yield();
@@ -47,7 +47,7 @@ inline bool
 JobQueue::Coro::post()
 {
     {
-        std::scoped_lock const lk(mutex_run_);
+        std::scoped_lock const lk(mutexRun_);
         running_ = true;
     }
 
@@ -58,7 +58,7 @@ JobQueue::Coro::post()
     }
 
     // The coroutine will not run.  Clean up running_.
-    std::scoped_lock const lk(mutex_run_);
+    std::scoped_lock const lk(mutexRun_);
     running_ = false;
     cv_.notify_all();
     return false;
@@ -68,7 +68,7 @@ inline void
 JobQueue::Coro::resume()
 {
     {
-        std::scoped_lock const lk(mutex_run_);
+        std::scoped_lock const lk(mutexRun_);
         running_ = true;
     }
     {
@@ -92,7 +92,7 @@ JobQueue::Coro::resume()
     }
     detail::getLocalValues().release();
     detail::getLocalValues().reset(saved);
-    std::scoped_lock const lk(mutex_run_);
+    std::scoped_lock const lk(mutexRun_);
     running_ = false;
     cv_.notify_all();
 }
@@ -127,7 +127,7 @@ JobQueue::Coro::expectEarlyExit()
 inline void
 JobQueue::Coro::join()
 {
-    std::unique_lock<std::mutex> lk(mutex_run_);
+    std::unique_lock<std::mutex> lk(mutexRun_);
     cv_.wait(lk, [this]() { return !running_; });
 }
 

include/xrpl/core/Job.h

@@ -127,7 +127,7 @@ private:
     std::function<void()> job_;
     std::shared_ptr<LoadEvent> loadEvent_;
     std::string name_;
-    clock_type::time_point queue_time_;
+    clock_type::time_point queueTime_;
 };
 
 using JobCounter = ClosureCounter<void>;

include/xrpl/core/JobQueue.h

@@ -52,7 +52,7 @@ public:
         std::string name_;
         bool running_{false};
         std::mutex mutex_;
-        std::mutex mutex_run_;
+        std::mutex mutexRun_;
         std::condition_variable cv_;
         boost::coroutines2::coroutine<void>::push_type* yield_{};
         boost::coroutines2::coroutine<void>::pull_type coro_;
@@ -246,7 +246,7 @@ private:
     // Statistics tracking
     perf::PerfLog& perfLog_;
     beast::insight::Collector::ptr collector_;
-    beast::insight::Gauge job_count_;
+    beast::insight::Gauge jobCount_;
     beast::insight::Hook hook_;
 
     std::condition_variable cv_;

include/xrpl/core/JobTypes.h

@@ -101,8 +101,8 @@ public:
     static JobTypes const&
     instance()
     {
-        static JobTypes const kTYPES;
-        return kTYPES;
+        static JobTypes const kTypes;
+        return kTypes;
     }
 
     static std::string const&

include/xrpl/json/Writer.h

@@ -161,7 +161,7 @@ public:
      *  While the JSON spec doesn't explicitly disallow this, you should avoid
      *  calling this method twice with the same tag for the same object.
      *
-     *  If CHECK_JSON_WRITER is defined, this function throws an exception if if
+     *  If CHECK_JSON_WRITER is defined, this function throws an exception if
      *  the tag you use has already been used in this object.
      */
     template <typename Type>

include/xrpl/json/json_reader.h

@@ -67,7 +67,7 @@ public:
     [[nodiscard]] std::string
     getFormattedErrorMessages() const;
 
-    static constexpr unsigned kNEST_LIMIT{25};
+    static constexpr unsigned kNestLimit{25};
 
 private:
     enum class TokenType {

include/xrpl/json/json_value.h

@@ -102,8 +102,8 @@ operator!=(StaticString x, std::string const& y)
 /** \brief Represents a <a HREF="http://www.json.org">JSON</a> value.
  *
  * This class is a discriminated union wrapper that can represent a:
- * - signed integer [range: Value::kMIN_INT - Value::kMAX_INT]
- * - unsigned integer (range: 0 - Value::kMAX_UINT)
+ * - signed integer [range: Value::kMinInt - Value::kMaxInt]
+ * - unsigned integer (range: 0 - Value::kMaxUInt)
  * - double
  * - UTF-8 string
  * - boolean
@@ -138,10 +138,10 @@ public:
     using Int = json::Int;
     using ArrayIndex = UInt;
 
-    static Value const kNULL;
-    static constexpr Int kMIN_INT = std::numeric_limits<Int>::min();
-    static constexpr Int kMAX_INT = std::numeric_limits<Int>::max();
-    static constexpr UInt kMAX_UINT = std::numeric_limits<UInt>::max();
+    static Value const kNull;
+    static constexpr Int kMinInt = std::numeric_limits<Int>::min();
+    static constexpr Int kMaxInt = std::numeric_limits<Int>::max();
+    static constexpr UInt kMaxUInt = std::numeric_limits<UInt>::max();
 
 private:
     class CZString
@@ -472,7 +472,7 @@ operator>=(Value const& x, Value const& y)
 class ValueAllocator
 {
 public:
-    static constexpr auto kUNKNOWN = (unsigned)-1;
+    static constexpr auto kUnknown = (unsigned)-1;
 
     virtual ~ValueAllocator() = default;
 
@@ -481,7 +481,7 @@ public:
     virtual void
     releaseMemberName(char* memberName) = 0;
     virtual char*
-    duplicateStringValue(char const* value, unsigned int length = kUNKNOWN) = 0;
+    duplicateStringValue(char const* value, unsigned int length = kUnknown) = 0;
     virtual void
     releaseStringValue(char* value) = 0;
 };

include/xrpl/ledger/BookDirs.h

@@ -9,7 +9,7 @@ class BookDirs
 private:
     ReadView const* view_ = nullptr;
     uint256 const root_;
-    uint256 const next_quality_;
+    uint256 const nextQuality_;
     uint256 const key_;
     std::shared_ptr<SLE const> sle_ = nullptr;
     unsigned int entry_ = 0;
@@ -67,15 +67,15 @@ private:
     friend class BookDirs;
 
     const_iterator(ReadView const& view, uint256 const& root, uint256 const& dirKey)
-        : view_(&view), root_(root), key_(dirKey), cur_key_(dirKey)
+        : view_(&view), root_(root), key_(dirKey), curKey_(dirKey)
     {
     }
 
     ReadView const* view_ = nullptr;
     uint256 root_;
-    uint256 next_quality_;
+    uint256 nextQuality_;
     uint256 key_;
-    uint256 cur_key_;
+    uint256 curKey_;
     std::shared_ptr<SLE const> sle_;
     unsigned int entry_ = 0;
     uint256 index_;

include/xrpl/ledger/Ledger.h

@@ -24,7 +24,7 @@ struct CreateGenesisT
 {
     explicit CreateGenesisT() = default;
 };
-extern CreateGenesisT const kCREATE_GENESIS;
+extern CreateGenesisT const kCreateGenesis;
 
 /** Holds a ledger.
 

include/xrpl/ledger/LedgerTiming.h

@@ -12,7 +12,7 @@ namespace xrpl {
     Values should not be duplicated.
     @see getNextLedgerTimeResolution
 */
-std::chrono::seconds constexpr kLEDGER_POSSIBLE_TIME_RESOLUTIONS[] = {
+constexpr std::chrono::seconds kLedgerPossibleTimeResolutions[] = {
     std::chrono::seconds{10},
     std::chrono::seconds{20},
     std::chrono::seconds{30},
@@ -21,16 +21,16 @@ std::chrono::seconds constexpr kLEDGER_POSSIBLE_TIME_RESOLUTIONS[] = {
     std::chrono::seconds{120}};
 
 //! Initial resolution of ledger close time.
-auto constexpr kLEDGER_DEFAULT_TIME_RESOLUTION = kLEDGER_POSSIBLE_TIME_RESOLUTIONS[2];
+constexpr auto kLedgerDefaultTimeResolution = kLedgerPossibleTimeResolutions[2];
 
 //! Close time resolution in genesis ledger
-auto constexpr kLEDGER_GENESIS_TIME_RESOLUTION = kLEDGER_POSSIBLE_TIME_RESOLUTIONS[0];
+constexpr auto kLedgerGenesisTimeResolution = kLedgerPossibleTimeResolutions[0];
 
 //! How often we increase the close time resolution (in numbers of ledgers)
-auto constexpr kINCREASE_LEDGER_TIME_RESOLUTION_EVERY = 8;
+constexpr auto kIncreaseLedgerTimeResolutionEvery = 8;
 
 //! How often we decrease the close time resolution (in numbers of ledgers)
-auto constexpr kDECREASE_LEDGER_TIME_RESOLUTION_EVERY = 1;
+constexpr auto kDecreaseLedgerTimeResolutionEvery = 1;
 
 /** Calculates the close time resolution for the specified ledger.
 
@@ -46,7 +46,7 @@ auto constexpr kDECREASE_LEDGER_TIME_RESOLUTION_EVERY = 1;
     @param ledgerSeq the sequence number of the new ledger
 
     @pre previousResolution must be a valid bin
-         from @ref kLEDGER_POSSIBLE_TIME_RESOLUTIONS
+         from @ref kLedgerPossibleTimeResolutions
 
     @tparam Rep Type representing number of ticks in std::chrono::duration
     @tparam Period An std::ratio representing tick period in
@@ -67,30 +67,30 @@ getNextLedgerTimeResolution(
     using namespace std::chrono;
     // Find the current resolution:
     auto iter = std::find(
-        std::begin(kLEDGER_POSSIBLE_TIME_RESOLUTIONS),
-        std::end(kLEDGER_POSSIBLE_TIME_RESOLUTIONS),
+        std::begin(kLedgerPossibleTimeResolutions),
+        std::end(kLedgerPossibleTimeResolutions),
         previousResolution);
     XRPL_ASSERT(
-        iter != std::end(kLEDGER_POSSIBLE_TIME_RESOLUTIONS),
+        iter != std::end(kLedgerPossibleTimeResolutions),
         "xrpl::getNextLedgerTimeResolution : found time resolution");
 
     // This should never happen, but just as a precaution
-    if (iter == std::end(kLEDGER_POSSIBLE_TIME_RESOLUTIONS))
+    if (iter == std::end(kLedgerPossibleTimeResolutions))
         return previousResolution;
 
     // If we did not previously agree, we try to decrease the resolution to
     // improve the chance that we will agree now.
-    if (!previousAgree && (ledgerSeq % Seq{kDECREASE_LEDGER_TIME_RESOLUTION_EVERY} == Seq{0}))
+    if (!previousAgree && (ledgerSeq % Seq{kDecreaseLedgerTimeResolutionEvery} == Seq{0}))
     {
-        if (++iter != std::end(kLEDGER_POSSIBLE_TIME_RESOLUTIONS))
+        if (++iter != std::end(kLedgerPossibleTimeResolutions))
             return *iter;
     }
 
     // If we previously agreed, we try to increase the resolution to determine
     // if we can continue to agree.
-    if (previousAgree && (ledgerSeq % Seq{kINCREASE_LEDGER_TIME_RESOLUTION_EVERY} == Seq{0}))
+    if (previousAgree && (ledgerSeq % Seq{kIncreaseLedgerTimeResolutionEvery} == Seq{0}))
     {
-        if (iter-- != std::begin(kLEDGER_POSSIBLE_TIME_RESOLUTIONS))
+        if (iter-- != std::begin(kLedgerPossibleTimeResolutions))
             return *iter;
     }
 

include/xrpl/ledger/OpenView.h

@@ -23,7 +23,7 @@ namespace xrpl {
 inline constexpr struct OpenLedgerT
 {
     explicit constexpr OpenLedgerT() = default;
-} kOPEN_LEDGER{};
+} kOpenLedger{};
 
 /** Batch view construction tag.
 
@@ -33,7 +33,7 @@ inline constexpr struct OpenLedgerT
 inline constexpr struct BatchViewT
 {
     explicit constexpr BatchViewT() = default;
-} kBATCH_VIEW{};
+} kBatchView{};
 
 //------------------------------------------------------------------------------
 
@@ -47,7 +47,7 @@ private:
     // Initial size for the monotonic_buffer_resource used for allocations
     // The size was chosen from the old `qalloc` code (which this replaces).
     // It is unclear how the size initially chosen in qalloc.
-    static constexpr size_t kINITIAL_BUFFER_SIZE = kilobytes(256);
+    static constexpr size_t kInitialBufferSize = kilobytes(256);
 
     class TxsIterImpl;
 
@@ -76,7 +76,7 @@ private:
 
     // monotonic_resource_ must outlive `items_`. Make a pointer so it may be
     // easily moved.
-    std::unique_ptr<boost::container::pmr::monotonic_buffer_resource> monotonic_resource_;
+    std::unique_ptr<boost::container::pmr::monotonic_buffer_resource> monotonicResource_;
     txs_map txs_;
     Rules rules_;
     LedgerHeader header_;
@@ -139,7 +139,7 @@ public:
         std::shared_ptr<void const> hold = nullptr);
 
     OpenView(OpenLedgerT, Rules const& rules, std::shared_ptr<ReadView const> const& base)
-        : OpenView(kOPEN_LEDGER, &*base, rules, base)
+        : OpenView(kOpenLedger, &*base, rules, base)
     {
     }
 

include/xrpl/ledger/View.h

@@ -57,7 +57,7 @@ isVaultPseudoAccountFrozen(
     ReadView const& view,
     AccountID const& account,
     MPTIssue const& mptShare,
-    int depth);
+    std::uint8_t depth);
 
 [[nodiscard]] bool
 isLPTokenFrozen(

include/xrpl/ledger/detail/RawStateTable.h

@@ -19,17 +19,17 @@ public:
     // Initial size for the monotonic_buffer_resource used for allocations
     // The size was chosen from the old `qalloc` code (which this replaces).
     // It is unclear how the size initially chosen in qalloc.
-    static constexpr size_t kINITIAL_BUFFER_SIZE = kilobytes(256);
+    static constexpr size_t kInitialBufferSize = kilobytes(256);
 
     RawStateTable()
-        : monotonic_resource_{std::make_unique<boost::container::pmr::monotonic_buffer_resource>(
-              kINITIAL_BUFFER_SIZE)}
-        , items_{monotonic_resource_.get()} {};
+        : monotonicResource_{std::make_unique<boost::container::pmr::monotonic_buffer_resource>(
+              kInitialBufferSize)}
+        , items_{monotonicResource_.get()} {};
 
     RawStateTable(RawStateTable const& rhs)
-        : monotonic_resource_{std::make_unique<boost::container::pmr::monotonic_buffer_resource>(
-              kINITIAL_BUFFER_SIZE)}
-        , items_{rhs.items_, monotonic_resource_.get()}
+        : monotonicResource_{std::make_unique<boost::container::pmr::monotonic_buffer_resource>(
+              kInitialBufferSize)}
+        , items_{rhs.items_, monotonicResource_.get()}
         , dropsDestroyed_{rhs.dropsDestroyed_} {};
 
     RawStateTable(RawStateTable&&) = default;
@@ -101,7 +101,7 @@ private:
         boost::container::pmr::polymorphic_allocator<std::pair<key_type const, SleAction>>>;
     // monotonic_resource_ must outlive `items_`. Make a pointer so it may be
     // easily moved.
-    std::unique_ptr<boost::container::pmr::monotonic_buffer_resource> monotonic_resource_;
+    std::unique_ptr<boost::container::pmr::monotonic_buffer_resource> monotonicResource_;
     items_t items_;
 
     XRPAmount dropsDestroyed_{0};

include/xrpl/ledger/helpers/AMMHelpers.h

@@ -25,11 +25,11 @@ namespace detail {
 Number
 reduceOffer(auto const& amount)
 {
-    static Number const kREDUCED_OFFER_PCT(9999, -4);
+    static Number const kReducedOfferPct(9999, -4);
 
     // Make sure the result is always less than amount or zero.
     NumberRoundModeGuard const mg(Number::RoundingMode::TowardsZero);
-    return amount * kREDUCED_OFFER_PCT;
+    return amount * kReducedOfferPct;
 }
 
 }  // namespace detail
@@ -177,7 +177,7 @@ getAMMOfferStartWithTakerGets(
     Quality const& targetQuality,
     std::uint16_t const& tfee)
 {
-    if (targetQuality.rate() == beast::kZERO)
+    if (targetQuality.rate() == beast::kZero)
         return std::nullopt;
 
     NumberRoundModeGuard const mg(Number::RoundingMode::ToNearest);
@@ -244,7 +244,7 @@ getAMMOfferStartWithTakerPays(
     Quality const& targetQuality,
     std::uint16_t tfee)
 {
-    if (targetQuality.rate() == beast::kZERO)
+    if (targetQuality.rate() == beast::kZero)
         return std::nullopt;
 
     NumberRoundModeGuard const mg(Number::RoundingMode::ToNearest);

include/xrpl/ledger/helpers/EscrowHelpers.h

@@ -70,21 +70,21 @@ escrowUnlockApplyHelper<Issue>(
         initialBalance.get<Issue>().account = noAccount();
 
         if (TER const ter = trustCreate(
-                view,                                           // payment sandbox
-                recvLow,                                        // is dest low?
-                issuer,                                         // source
-                receiver,                                       // destination
-                trustLineKey.key,                               // ledger index
-                sleDest,                                        // Account to add to
-                false,                                          // authorize account
-                (sleDest->getFlags() & lsfDefaultRipple) == 0,  //
-                false,                                          // freeze trust line
-                false,                                          // deep freeze trust line
-                initialBalance,                                 // zero initial balance
-                Issue(currency, receiver),                      // limit of zero
-                0,                                              // quality in
-                0,                                              // quality out
-                journal);                                       // journal
+                view,                                // payment sandbox
+                recvLow,                             // is dest low?
+                issuer,                              // source
+                receiver,                            // destination
+                trustLineKey.key,                    // ledger index
+                sleDest,                             // Account to add to
+                false,                               // authorize account
+                !sleDest->isFlag(lsfDefaultRipple),  //
+                false,                               // freeze trust line
+                false,                               // deep freeze trust line
+                initialBalance,                      // zero initial balance
+                Issue(currency, receiver),           // limit of zero
+                0,                                   // quality in
+                0,                                   // quality out
+                journal);                            // journal
             !isTesSuccess(ter))
         {
             return ter;  // LCOV_EXCL_LINE
@@ -111,7 +111,7 @@ escrowUnlockApplyHelper<Issue>(
     // whereas in a normal payment, the transfer fee is taken on top of the
     // sending amount.
     auto finalAmt = amount;
-    if ((!senderIssuer && !receiverIssuer) && lockedRate != kPARITY_RATE)
+    if ((!senderIssuer && !receiverIssuer) && lockedRate != kParityRate)
     {
         // compute transfer fee, if any
         auto const xferFee =
@@ -211,7 +211,7 @@ escrowUnlockApplyHelper<MPTIssue>(
     // whereas in a normal payment, the transfer fee is taken on top of the
     // sending amount.
     auto finalAmt = amount;
-    if ((!senderIssuer && !receiverIssuer) && lockedRate != kPARITY_RATE)
+    if ((!senderIssuer && !receiverIssuer) && lockedRate != kParityRate)
     {
         // compute transfer fee, if any
         auto const xferFee = amount.value() - divideRound(amount, lockedRate, amount.asset(), true);

include/xrpl/ledger/helpers/LendingHelpers.h

@@ -4,13 +4,43 @@
 #include <xrpl/protocol/Rules.h>
 #include <xrpl/protocol/st.h>
 
+#include <string_view>
+
 namespace xrpl {
 
+/**
+ * Broker cover preclaim precision guard (fixCleanup3_2_0).
+ *
+ * Prevents a "silent sub-ULP no-op" where a deposit, withdrawal, or clawback
+ * amount is so small that it rounds to zero at `sfCoverAvailable`'s scale.
+ * Without this guard, both the pseudo trust-line and `sfCoverAvailable` would
+ * identically absorb the rounded zero, resulting in a successful transaction
+ * (tesSUCCESS) where no funds actually moved.
+ *
+ * @param view       Read view (rules used for amendment gating).
+ * @param sleBroker  The loan broker SLE (read-only).
+ * @param vaultAsset The underlying vault asset (the broker's cover asset).
+ * @param amount     The effective subtraction/addition amount.
+ * @param j          Journal for logging.
+ * @param logPrefix  Transactor name for log diagnostics.
+ *
+ * @return `tecPRECISION_LOSS` if the request rounds to zero at cover scale.
+ * `tesSUCCESS` if the amendment is disabled or the request is safely supra-ULP.
+ */
+[[nodiscard]] TER
+canApplyToBrokerCover(
+    ReadView const& view,
+    SLE::const_ref sleBroker,
+    Asset const& vaultAsset,
+    STAmount const& amount,
+    beast::Journal j,
+    std::string_view logPrefix);
+
 // Lending protocol has dependencies, so capture them here.
 bool
 checkLendingProtocolDependencies(Rules const& rules, STTx const& tx);
 
-static constexpr std::uint32_t kSECONDS_IN_YEAR = 365 * 24 * 60 * 60;
+static constexpr std::uint32_t kSecondsInYear = 365 * 24 * 60 * 60;
 
 Number
 loanPeriodicRate(TenthBips32 interestRate, std::uint32_t paymentInterval);
@@ -42,14 +72,14 @@ struct LoanPaymentParts
     // The amount of principal paid that reduces the loan balance.
     // This amount is subtracted from sfPrincipalOutstanding in the Loan object
     // and paid to the Vault
-    Number principalPaid = kNUM_ZERO;
+    Number principalPaid = kNumZero;
 
     // The total amount of interest paid to the Vault.
     // This includes:
     // - Tracked interest from the amortization schedule
     // - Untracked interest (e.g., late payment penalty interest)
     // This value is always non-negative.
-    Number interestPaid = kNUM_ZERO;
+    Number interestPaid = kNumZero;
 
     // The change in the loan's total value outstanding.
     // - If valueChange < 0: Loan value decreased
@@ -62,7 +92,7 @@ struct LoanPaymentParts
     // - Late payments add penalty interest to the loan value
     // - Early full payment may increase or decrease the loan value based on
     // terms
-    Number valueChange = kNUM_ZERO;
+    Number valueChange = kNumZero;
 
     /* The total amount of fees paid to the Broker.
      * This includes:
@@ -70,7 +100,7 @@ struct LoanPaymentParts
      * - Untracked fees (e.g., late payment fees, service fees, origination
      * fees) This value is always non-negative.
      */
-    Number feePaid = kNUM_ZERO;
+    Number feePaid = kNumZero;
 
     LoanPaymentParts&
     operator+=(LoanPaymentParts const& other);
@@ -161,7 +191,7 @@ adjustImpreciseNumber(
 {
     value = roundToAsset(asset, value + adjustment, vaultScale);
 
-    if (*value < beast::kZERO)
+    if (*value < beast::kZero)
         value = 0;
 }
 
@@ -169,10 +199,25 @@ inline int
 getAssetsTotalScale(SLE::const_ref vaultSle)
 {
     if (!vaultSle)
-        return Number::kMIN_EXPONENT - 1;  // LCOV_EXCL_LINE
+        return Number::kMinExponent - 1;  // LCOV_EXCL_LINE
     return scale(vaultSle->at(sfAssetsTotal), vaultSle->at(sfAsset));
 }
 
+// Compute the minimum required broker cover, rounded consistently.
+// DebtTotal is a broker-level aggregate maintained at vault scale, so the
+// rounding must also use vault scale — never an individual loan's scale.
+inline Number
+minimumBrokerCover(Number const& debtTotal, TenthBips32 coverRateMinimum, SLE::const_ref vaultSle)
+{
+    XRPL_ASSERT(
+        vaultSle && vaultSle->getType() == ltVAULT, "xrpl::minimumBrokerCover : valid Vault sle");
+    NumberRoundModeGuard const mg(Number::RoundingMode::Upward);
+    return roundToAsset(
+        vaultSle->at(sfAsset),
+        tenthBipsOfValue(debtTotal, coverRateMinimum),
+        getAssetsTotalScale(vaultSle));
+}
+
 TER
 checkLoanGuards(
     Asset const& vaultAsset,
@@ -311,7 +356,7 @@ struct ExtendedPaymentComponents : public PaymentComponents
     // borrower is sufficient to cover all components of the payment.
     Number totalDue;
 
-    ExtendedPaymentComponents(PaymentComponents const& p, Number fee, Number interest = kNUM_ZERO)
+    ExtendedPaymentComponents(PaymentComponents const& p, Number fee, Number interest = kNumZero)
         : PaymentComponents(p)
         , untrackedManagementFee(fee)
         , untrackedInterest(interest)

include/xrpl/ledger/helpers/MPTokenHelpers.h

@@ -27,14 +27,18 @@ isGlobalFrozen(ReadView const& view, MPTIssue const& mptIssue);
 isIndividualFrozen(ReadView const& view, AccountID const& account, MPTIssue const& mptIssue);
 
 [[nodiscard]] bool
-isFrozen(ReadView const& view, AccountID const& account, MPTIssue const& mptIssue, int depth = 0);
+isFrozen(
+    ReadView const& view,
+    AccountID const& account,
+    MPTIssue const& mptIssue,
+    std::uint8_t depth = 0);
 
 [[nodiscard]] bool
 isAnyFrozen(
     ReadView const& view,
     std::initializer_list<AccountID> const& accounts,
     MPTIssue const& mptIssue,
-    int depth = 0);
+    std::uint8_t depth = 0);
 
 //------------------------------------------------------------------------------
 //
@@ -88,7 +92,7 @@ requireAuth(
     MPTIssue const& mptIssue,
     AccountID const& account,
     AuthType authType = AuthType::Legacy,
-    int depth = 0);
+    std::uint8_t depth = 0);
 
 /** Enforce account has MPToken to match its authorization.
  *
@@ -104,22 +108,77 @@ enforceMPTokenAuthorization(
     XRPAmount const& priorBalance,
     beast::Journal j);
 
-/** Check if the destination account is allowed
- *  to receive MPT. Return tecNO_AUTH if it doesn't
- *  and tesSUCCESS otherwise.
+/** Resolve the underlying asset of a vault share.
+ *
+ *  Reads sfReferenceHolding from @p sleShareIssuance to determine which
+ *  asset the vault wraps. @p sleHolding must be the SLE that
+ *  sfReferenceHolding points to — either an ltMPTOKEN (returns its
+ *  MPTIssue) or an ltRIPPLE_STATE (returns its low/high Issue).
+ *
+ *  @pre Both SLEs must exist and @p sleHolding must be of type ltMPTOKEN
+ *       or ltRIPPLE_STATE. Passing any other type is undefined behaviour.
+ *  @param sleShareIssuance  MPTokenIssuance SLE for the vault share token.
+ *  @param sleHolding        SLE referenced by sfReferenceHolding.
+ *  @return The underlying Asset (MPTIssue or Issue).
+ */
+[[nodiscard]] Asset
+assetOfHolding(SLE const& sleShareIssuance, SLE const& sleHolding);
+
+/** Check whether @p to may receive the given MPT from @p from.
+ *
+ *  The check passes when any of the following is true:
+ *  - @p waive is WaiveMPTCanTransfer::Yes (recovery-path exemption), or
+ *  - @p from or @p to is the issuer, or
+ *  - lsfMPTCanTransfer is set on the MPTokenIssuance.
+ *
+ *  For vault shares (MPTokenIssuances that carry sfReferenceHolding) the
+ *  check recurses into the underlying asset's transferability. This
+ *  recursion is defensive; vault-of-vault-shares is rejected at vault
+ *  creation, so in practice depth never exceeds 1.
+ *
+ *  @param view      Ledger state to read from.
+ *  @param mptIssue  The MPT issuance being transferred.
+ *  @param from      Sending account.
+ *  @param to        Receiving account.
+ *  @param waive     WaiveMPTCanTransfer::Yes skips the lsfMPTCanTransfer
+ *                   check. Use for recovery paths (e.g. unwinding SAV or
+ *                   Lending Protocol positions after an issuer revokes
+ *                   transferability).
+ *  @param depth     Recursion depth; bounded at kMaxAssetCheckDepth.
+ *  @return tesSUCCESS if the transfer is allowed, tecNO_AUTH otherwise.
  */
 [[nodiscard]] TER
 canTransfer(
     ReadView const& view,
     MPTIssue const& mptIssue,
     AccountID const& from,
-    AccountID const& to);
+    AccountID const& to,
+    WaiveMPTCanTransfer waive = WaiveMPTCanTransfer::No,
+    std::uint8_t depth = 0);
 
-/** Check if Asset can be traded on DEX. return tecNO_PERMISSION
- * if it doesn't and tesSUCCESS otherwise.
+/** Check whether @p asset may be traded on the DEX.
+ *
+ *  For IOU assets the check delegates to the existing offer/AMM freeze
+ *  logic. For MPT assets it checks lsfMPTCanTrade on the MPTokenIssuance.
+ *  Vault shares recurse into the underlying asset's tradability via
+ *  sfReferenceHolding; depth is bounded at kMaxAssetCheckDepth.
+ *
+ *  @param view   Ledger state to read from.
+ *  @param asset  The asset to check.
+ *  @param depth  Recursion depth; bounded at kMaxAssetCheckDepth.
+ *  @return tesSUCCESS if trading is allowed, tecNO_PERMISSION otherwise.
  */
 [[nodiscard]] TER
-canTrade(ReadView const& view, Asset const& asset);
+canTrade(ReadView const& view, Asset const& asset, std::uint8_t depth = 0);
+
+/** Convenience to combine canTrade/Transfer. Returns tesSUCCESS if Asset is Issue.
+ */
+[[nodiscard]] TER
+canMPTTradeAndTransfer(
+    ReadView const& v,
+    Asset const& asset,
+    AccountID const& from,
+    AccountID const& to);
 
 //------------------------------------------------------------------------------
 //
@@ -227,17 +286,4 @@ issuerFundsToSelfIssue(ReadView const& view, MPTIssue const& issue);
 void
 issuerSelfDebitHookMPT(ApplyView& view, MPTIssue const& issue, std::uint64_t amount);
 
-//------------------------------------------------------------------------------
-//
-// MPT DEX
-//
-//------------------------------------------------------------------------------
-
-/* Return true if a transaction is allowed for the specified MPT/account. The
- * function checks MPTokenIssuance and MPToken objects flags to determine if the
- * transaction is allowed.
- */
-TER
-checkMPTTxAllowed(ReadView const& v, TxType tx, Asset const& asset, AccountID const& accountID);
-
 }  // namespace xrpl

include/xrpl/ledger/helpers/RippleStateHelpers.h

@@ -93,7 +93,7 @@ isFrozen(ReadView const& view, AccountID const& account, Issue const& issue)
 // Overload with depth parameter for uniformity with MPTIssue version.
 // The depth parameter is ignored for IOUs since they don't have vault recursion.
 [[nodiscard]] inline bool
-isFrozen(ReadView const& view, AccountID const& account, Issue const& issue, int /*depth*/)
+isFrozen(ReadView const& view, AccountID const& account, Issue const& issue, std::uint8_t /*depth*/)
 {
     return isFrozen(view, account, issue);
 }
@@ -110,7 +110,7 @@ isDeepFrozen(
     ReadView const& view,
     AccountID const& account,
     Issue const& issue,
-    int = 0 /*ignored*/)
+    std::uint8_t = 0 /*ignored*/)
 {
     return isDeepFrozen(view, account, issue.currency, issue.account);
 }

include/xrpl/ledger/helpers/TokenHelpers.h

@@ -34,6 +34,15 @@ enum class WaiveTransferFee : bool { No = false, Yes };
 /** Controls whether accountSend is allowed to overflow OutstandingAmount **/
 enum class AllowMPTOverflow : bool { No = false, Yes };
 
+/** Controls whether canTransfer enforces lsfMPTCanTransfer on MPTs.
+ *
+ *  Default is No (enforce). Use Yes at call sites that must remain available
+ *  even when an MPT issuer has cleared lsfMPTCanTransfer - for example,
+ *  unwinding existing positions in SAV or the Lending Protocol. Has no
+ *  effect on the IOU branch of canTransfer.
+ */
+enum class WaiveMPTCanTransfer : bool { No = false, Yes };
+
 /* Check if MPToken (for MPT) or trust line (for IOU) exists:
  * - StrongAuth - before checking if authorization is required
  * - WeakAuth
@@ -54,16 +63,26 @@ enum class AuthType { StrongAuth, WeakAuth, Legacy };
 [[nodiscard]] bool
 isGlobalFrozen(ReadView const& view, Asset const& asset);
 
+[[nodiscard]] TER
+checkGlobalFrozen(ReadView const& view, Asset const& asset);
+
 [[nodiscard]] bool
 isIndividualFrozen(ReadView const& view, AccountID const& account, Asset const& asset);
 
+[[nodiscard]] TER
+checkIndividualFrozen(ReadView const& view, AccountID const& account, Asset const& asset);
+
 /**
  *   isFrozen check is recursive for MPT shares in a vault, descending to
  *   assets in the vault, up to maxAssetCheckDepth recursion depth. This is
  *   purely defensive, as we currently do not allow such vaults to be created.
  */
 [[nodiscard]] bool
-isFrozen(ReadView const& view, AccountID const& account, Asset const& asset, int depth = 0);
+isFrozen(
+    ReadView const& view,
+    AccountID const& account,
+    Asset const& asset,
+    std::uint8_t depth = 0);
 
 [[nodiscard]] TER
 checkFrozen(ReadView const& view, AccountID const& account, Issue const& issue);
@@ -85,14 +104,14 @@ isAnyFrozen(
     ReadView const& view,
     std::initializer_list<AccountID> const& accounts,
     Asset const& asset,
-    int depth = 0);
+    std::uint8_t depth = 0);
 
 [[nodiscard]] bool
 isDeepFrozen(
     ReadView const& view,
     AccountID const& account,
     MPTIssue const& mptIssue,
-    int depth = 0);
+    std::uint8_t depth = 0);
 
 /**
  *   isFrozen check is recursive for MPT shares in a vault, descending to
@@ -100,7 +119,11 @@ isDeepFrozen(
  *   purely defensive, as we currently do not allow such vaults to be created.
  */
 [[nodiscard]] bool
-isDeepFrozen(ReadView const& view, AccountID const& account, Asset const& asset, int depth = 0);
+isDeepFrozen(
+    ReadView const& view,
+    AccountID const& account,
+    Asset const& asset,
+    std::uint8_t depth = 0);
 
 [[nodiscard]] TER
 checkDeepFrozen(ReadView const& view, AccountID const& account, MPTIssue const& mptIssue);
@@ -234,7 +257,13 @@ requireAuth(
     AuthType authType = AuthType::Legacy);
 
 [[nodiscard]] TER
-canTransfer(ReadView const& view, Asset const& asset, AccountID const& from, AccountID const& to);
+canTransfer(
+    ReadView const& view,
+    Asset const& asset,
+    AccountID const& from,
+    AccountID const& to,
+    WaiveMPTCanTransfer waive = WaiveMPTCanTransfer::No,
+    std::uint8_t depth = 0);
 
 //------------------------------------------------------------------------------
 //

include/xrpl/ledger/helpers/VaultHelpers.h

@@ -1,5 +1,7 @@
 #pragma once
 
+#include <xrpl/ledger/ReadView.h>
+#include <xrpl/protocol/AccountID.h>
 #include <xrpl/protocol/STAmount.h>
 #include <xrpl/protocol/STLedgerEntry.h>
 
@@ -43,6 +45,14 @@ sharesToAssetsDeposit(
 /** Controls whether to truncate shares instead of rounding. */
 enum class TruncateShares : bool { No = false, Yes = true };
 
+/** Controls whether the withdraw conversion helpers
+    (assetsToSharesWithdraw and sharesToAssetsWithdraw) subtract
+    sfLossUnrealized from sfAssetsTotal before computing the exchange rate.
+    The default (No) applies the standard discounted rate; Yes is used when
+    the redeemer is the sole remaining shareholder.
+*/
+enum class WaiveUnrealizedLoss : bool { No = false, Yes = true };
+
 /** From the perspective of a vault, return the number of shares to demand from
     the depositor when they ask to withdraw a fixed amount of assets. Since
     shares are MPT this number is integral, and it will be rounded to nearest
@@ -52,6 +62,8 @@ enum class TruncateShares : bool { No = false, Yes = true };
     @param issuance The MPTokenIssuance SLE for the vault's shares.
     @param assets The amount of assets to convert.
     @param truncate Whether to truncate instead of rounding.
+    @param waive Whether to waive the unrealized-loss discount when computing
+                 the exchange rate.
 
     @return The number of shares, or nullopt on error.
 */
@@ -60,7 +72,8 @@ assetsToSharesWithdraw(
     std::shared_ptr<SLE const> const& vault,
     std::shared_ptr<SLE const> const& issuance,
     STAmount const& assets,
-    TruncateShares truncate = TruncateShares::No);
+    TruncateShares truncate = TruncateShares::No,
+    WaiveUnrealizedLoss waive = WaiveUnrealizedLoss::No);
 
 /** From the perspective of a vault, return the number of assets to give the
     depositor when they redeem a fixed amount of shares. Note, since shares are
@@ -69,6 +82,8 @@ assetsToSharesWithdraw(
     @param vault The vault SLE.
     @param issuance The MPTokenIssuance SLE for the vault's shares.
     @param shares The amount of shares to convert.
+    @param waive Whether to waive (i.e. not subtract) the vault's unrealized
+                 loss when computing the exchange rate.
 
     @return The number of assets, or nullopt on error.
 */
@@ -76,6 +91,22 @@ assetsToSharesWithdraw(
 sharesToAssetsWithdraw(
     std::shared_ptr<SLE const> const& vault,
     std::shared_ptr<SLE const> const& issuance,
-    STAmount const& shares);
+    STAmount const& shares,
+    WaiveUnrealizedLoss waive = WaiveUnrealizedLoss::No);
+
+/** Returns true iff `account` holds all of the vault's outstanding shares —
+    i.e. is the sole remaining shareholder. Returns false if the account
+    holds no shares or fewer than the total outstanding.
+
+    @param view The ledger view.
+    @param account The candidate sole shareholder.
+    @param issuance The MPTokenIssuance SLE for the vault's shares; provides
+                    both the share MPTID and the outstanding-amount total.
+*/
+[[nodiscard]] bool
+isSoleShareholder(
+    ReadView const& view,
+    AccountID const& account,
+    std::shared_ptr<SLE const> const& issuance);
 
 }  // namespace xrpl

include/xrpl/net/HTTPClient.h

@@ -20,7 +20,7 @@ class HTTPClient
 public:
     explicit HTTPClient() = default;
 
-    static constexpr auto kMAX_CLIENT_HEADER_BYTES = kilobytes(32);
+    static constexpr auto kMaxClientHeaderBytes = kilobytes(32);
 
     static void
     initializeSSLContext(

include/xrpl/net/HTTPClientSSLContext.h

@@ -21,13 +21,13 @@ public:
         bool sslVerify,
         beast::Journal j,
         boost::asio::ssl::context_base::method method = boost::asio::ssl::context::sslv23)
-        : ssl_context_{method}, j_(j), verify_{sslVerify}
+        : sslContext_{method}, j_(j), verify_{sslVerify}
     {
         boost::system::error_code ec;
 
         if (sslVerifyFile.empty())
         {
-            registerSSLCerts(ssl_context_, ec, j_);
+            registerSSLCerts(sslContext_, ec, j_);
 
             if (ec && sslVerifyDir.empty())
             {
@@ -37,12 +37,12 @@ public:
         }
         else
         {
-            ssl_context_.load_verify_file(sslVerifyFile);
+            sslContext_.load_verify_file(sslVerifyFile);
         }
 
         if (!sslVerifyDir.empty())
         {
-            ssl_context_.add_verify_path(sslVerifyDir, ec);
+            sslContext_.add_verify_path(sslVerifyDir, ec);
 
             if (ec)
             {
@@ -55,7 +55,7 @@ public:
     boost::asio::ssl::context&
     context()
     {
-        return ssl_context_;
+        return sslContext_;
     }
 
     [[nodiscard]] bool
@@ -153,7 +153,7 @@ public:
     }
 
 private:
-    boost::asio::ssl::context ssl_context_;
+    boost::asio::ssl::context sslContext_;
     beast::Journal const j_;
     bool const verify_;
 };

include/xrpl/nodestore/Backend.h

@@ -83,10 +83,6 @@ public:
     virtual Status
     fetch(uint256 const& hash, std::shared_ptr<NodeObject>* pObject) = 0;
 
-    /** Fetch a batch synchronously. */
-    virtual std::pair<std::vector<std::shared_ptr<NodeObject>>, Status>
-    fetchBatch(std::vector<uint256> const& hashes) = 0;
-
     /** Store a single object.
         Depending on the implementation this may happen immediately
         or deferred using a scheduled task.

include/xrpl/nodestore/NodeObject.h

@@ -29,7 +29,7 @@ enum class NodeObjectType : std::uint32_t {
 class NodeObject : public CountedObject<NodeObject>
 {
 public:
-    static constexpr std::size_t kKEY_BYTES = 32;
+    static constexpr std::size_t kKeyBytes = 32;
 
 private:
     // This hack is used to make the constructor effectively private

include/xrpl/nodestore/Types.h

@@ -9,13 +9,13 @@ namespace xrpl::NodeStore {
 // This is only used to pre-allocate the array for
 // batch objects and does not affect the amount written.
 //
-static constexpr auto kBATCH_WRITE_PREALLOCATION_SIZE = 256;
+static constexpr auto kBatchWritePreallocationSize = 256;
 
 // This sets a limit on the maximum number of writes
 // in a batch. Actual usage can be twice this since
 // we have a new batch growing as we write the old.
 //
-static constexpr auto kBATCH_WRITE_LIMIT_SIZE = 65536;
+static constexpr auto kBatchWriteLimitSize = 65536;
 
 /** Return codes from Backend operations. */
 enum class Status {

include/xrpl/nodestore/detail/DatabaseNodeImp.h

@@ -67,9 +67,6 @@ public:
         backend_->sync();
     }
 
-    std::vector<std::shared_ptr<NodeObject>>
-    fetchBatch(std::vector<uint256> const& hashes);
-
     void
     asyncFetch(
         uint256 const& hash,

include/xrpl/nodestore/detail/codec.h

@@ -55,7 +55,7 @@ lz4Compress(void const* in, std::size_t inSize, BufferFactory&& bf)
     using std::runtime_error;
     using namespace nudb::detail;
     std::pair<void const*, std::size_t> result;
-    std::array<std::uint8_t, varint_traits<std::size_t>::kMAX> vi{};
+    std::array<std::uint8_t, varint_traits<std::size_t>::kMax> vi{};
     auto const n = writeVarint(vi.data(), inSize);
     auto const outMax = LZ4_compressBound(inSize);
     std::uint8_t* out = reinterpret_cast<std::uint8_t*>(bf(n + outMax));
@@ -254,12 +254,12 @@ nodeobjectCompress(void const* in, std::size_t inSize, BufferFactory&& bf)
         }
     }
 
-    std::array<std::uint8_t, varint_traits<std::size_t>::kMAX> vi{};
+    std::array<std::uint8_t, varint_traits<std::size_t>::kMax> vi{};
 
-    constexpr std::size_t kCODEC_TYPE = 1;
-    auto const vn = writeVarint(vi.data(), kCODEC_TYPE);
+    static constexpr std::size_t kCodecType = 1;
+    auto const vn = writeVarint(vi.data(), kCodecType);
     std::pair<void const*, std::size_t> result;
-    switch (kCODEC_TYPE)
+    switch (kCodecType)
     {
         // case 0 was uncompressed data; we always compress now.
         case 1:  // lz4
@@ -275,7 +275,7 @@ nodeobjectCompress(void const* in, std::size_t inSize, BufferFactory&& bf)
             break;
         }
         default:
-            Throw<std::logic_error>("nodeobject codec: unknown=" + std::to_string(kCODEC_TYPE));
+            Throw<std::logic_error>("nodeobject codec: unknown=" + std::to_string(kCodecType));
     };
     return result;
 }

include/xrpl/nodestore/detail/varint.h

@@ -25,7 +25,7 @@ struct varint_traits<T, true>
 {
     explicit varint_traits() = default;
 
-    static std::size_t constexpr kMAX = (8 * sizeof(T) + 6) / 7;
+    static constexpr std::size_t kMax = (8 * sizeof(T) + 6) / 7;
 };
 
 // Returns: Number of bytes consumed or 0 on error,

include/xrpl/protocol/AMMCore.h

@@ -8,21 +8,21 @@
 
 namespace xrpl {
 
-std::uint16_t constexpr kTRADING_FEE_THRESHOLD = 1000;  // 1%
+constexpr std::uint16_t kTradingFeeThreshold = 1000;  // 1%
 
 // Auction slot
-std::uint32_t constexpr kTOTAL_TIME_SLOT_SECS = 24 * 3600;
-std::uint16_t constexpr kAUCTION_SLOT_TIME_INTERVALS = 20;
-std::uint16_t constexpr kAUCTION_SLOT_MAX_AUTH_ACCOUNTS = 4;
-std::uint32_t constexpr kAUCTION_SLOT_FEE_SCALE_FACTOR = 100000;
-std::uint32_t constexpr kAUCTION_SLOT_DISCOUNTED_FEE_FRACTION = 10;
-std::uint32_t constexpr kAUCTION_SLOT_MIN_FEE_FRACTION = 25;
-std::uint32_t constexpr kAUCTION_SLOT_INTERVAL_DURATION =
-    kTOTAL_TIME_SLOT_SECS / kAUCTION_SLOT_TIME_INTERVALS;
+constexpr std::uint32_t kTotalTimeSlotSecs = 24 * 3600;
+constexpr std::uint16_t kAuctionSlotTimeIntervals = 20;
+constexpr std::uint16_t kAuctionSlotMaxAuthAccounts = 4;
+constexpr std::uint32_t kAuctionSlotFeeScaleFactor = 100000;
+constexpr std::uint32_t kAuctionSlotDiscountedFeeFraction = 10;
+constexpr std::uint32_t kAuctionSlotMinFeeFraction = 25;
+constexpr std::uint32_t kAuctionSlotIntervalDuration =
+    kTotalTimeSlotSecs / kAuctionSlotTimeIntervals;
 
 // Votes
-std::uint16_t constexpr kVOTE_MAX_SLOTS = 8;
-std::uint32_t constexpr kVOTE_WEIGHT_SCALE_FACTOR = 100000;
+constexpr std::uint16_t kVoteMaxSlots = 8;
+constexpr std::uint32_t kVoteWeightScaleFactor = 100000;
 
 class STObject;
 class STAmount;
@@ -77,7 +77,7 @@ ammEnabled(Rules const&);
 inline Number
 getFee(std::uint16_t tfee)
 {
-    return Number{tfee} / kAUCTION_SLOT_FEE_SCALE_FACTOR;
+    return Number{tfee} / kAuctionSlotFeeScaleFactor;
 }
 
 /** Get fee multiplier (1 - tfee)