fix: make finalize step const

refactor: Extract invariant invocation into free checkInvariants runner
Move the invariant-check orchestration out of ApplyContext and Transactor into a free function xrpl::checkInvariants(ApplyContext&, TER, XRPAmount, optional<reference_wrapper<InvariantCheck>>). The two previously separate traversals (one in ApplyContext driving the protocol tuple fold, one in Transactor driving the tx-specific check) are merged into a single ctx.visit walk. Per-layer try/catch inside the lambda isolates collection faults: a throw in one layer stops only that layer from visiting further entries while the other continues. A layer whose collection faulted skips its finalize phase. ApplyContext loses checkInvariants/checkInvariantsHelper/failInvariantCheck. Transactor delegates to the free runner via a private InvariantCheckAdapter that bridges visitInvariantEntry+finalizeInvariants into the InvariantCheck interface. A SkipTxInvariants::Yes/No enum makes the fee-claim-reset call site explicit about omitting the tx-specific check. Protocol checks remain duck-typed in the InvariantChecks tuple (static dispatch, no vtable on the hot path). InvariantCheck is the runtime interface used only by InvariantCheckAdapter.
2026-06-09 11:46:49 +00:00 · 2026-06-09 13:21:46 +02:00 · 2026-06-09 13:16:37 +02:00
293 changed files with 2985 additions and 3385 deletions
--- a/.clang-tidy
+++ b/.clang-tidy
@@ -154,7 +154,7 @@ Checks: "-*,
  "
 # ---
 # readability-inconsistent-declaration-parameter-name, # in this codebase this check will break a lot of arg names
-# readability-static-accessed-through-instance,        # this check is probably unnecessary. It makes the code less readable
+# readability-static-accessed-through-instance,        # this check is probably unnecessary. it makes the code less readable
 # ---

 CheckOptions:
--- a/.gersemi/definitions.cmake
+++ b/.gersemi/definitions.cmake
@@ -11,6 +11,9 @@ endfunction()
 function(create_symbolic_link target link)
 endfunction()

+function(xrpl_add_test name)
+endfunction()
+
 macro(exclude_from_default target_)
 endmacro()

--- a/.github/actions/build-deps/action.yml
+++ b/.github/actions/build-deps/action.yml
@@ -35,8 +35,9 @@ runs:
        LOG_VERBOSITY: ${{ inputs.log_verbosity }}
        SANITIZERS: ${{ inputs.sanitizers }}
      run: |
+        echo 'Installing dependencies.'
        conan install \
-            --profile:all ci \
+            --profile ci \
            --build="${BUILD_OPTION}" \
            --options:host='&:tests=True' \
            --options:host='&:xrpld=True' \
--- a/.github/actions/set-compiler-env/action.yml
+++ b/.github/actions/set-compiler-env/action.yml
@@ -1,34 +0,0 @@
-name: Set compiler environment
-description: "Set CC and CXX environment variables for the given compiler."
-
-inputs:
-  compiler:
-    description: 'The compiler to use ("gcc" or "clang").'
-    required: true
-
-runs:
-  using: composite
-
-  steps:
-    - name: Set CC and CXX for gcc
-      if: ${{ inputs.compiler == 'gcc' }}
-      shell: bash
-      run: |
-        echo "CC=gcc" >>"${GITHUB_ENV}"
-        echo "CXX=g++" >>"${GITHUB_ENV}"
-
-    - name: Set CC and CXX for clang
-      if: ${{ inputs.compiler == 'clang' }}
-      shell: bash
-      run: |
-        echo "CC=clang" >>"${GITHUB_ENV}"
-        echo "CXX=clang++" >>"${GITHUB_ENV}"
-
-    - name: Fail on unknown compiler
-      if: ${{ inputs.compiler != 'gcc' && inputs.compiler != 'clang' }}
-      shell: bash
-      env:
-        COMPILER: ${{ inputs.compiler }}
-      run: |
-        echo "Unknown compiler: $COMPILER" >&2
-        exit 1
--- a/.github/actions/setup-conan/action.yml
+++ b/.github/actions/setup-conan/action.yml
@@ -15,35 +15,32 @@ runs:
  using: composite

  steps:
-    - name: Apply custom configuration to global.conf
+    - name: Set up Conan configuration
      shell: bash
      run: |
+        echo 'Installing configuration.'
        cat conan/global.conf ${{ runner.os == 'Linux' && '>>' || '>' }} $(conan config home)/global.conf

-    - name: Show global configuration
-      shell: bash
-      run: |
+        echo 'Conan configuration:'
        conan config show '*'

-    - name: Install profiles
+    - name: Set up Conan profile
      shell: bash
      run: |
+        echo 'Installing profile.'
        conan config install conan/profiles/ -tf $(conan config home)/profiles/

-    - name: Show CI profile
-      shell: bash
-      run: |
+        echo 'Conan profile:'
        conan profile show --profile ci

-    - name: Add a remote
+    - name: Set up Conan remote
      shell: bash
      env:
        REMOTE_NAME: ${{ inputs.remote_name }}
        REMOTE_URL: ${{ inputs.remote_url }}
      run: |
+        echo "Adding Conan remote '${REMOTE_NAME}' at '${REMOTE_URL}'."
        conan remote add --index 0 --force "${REMOTE_NAME}" "${REMOTE_URL}"

-    - name: List remotes
-      shell: bash
-      run: |
+        echo 'Listing Conan remotes.'
        conan remote list
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,12 +1,40 @@
 version: 2
 updates:
  - package-ecosystem: github-actions
-    directories:
-      - /
-      - .github/actions/build-deps/
-      - .github/actions/generate-version/
-      - .github/actions/set-compiler-env/
-      - .github/actions/setup-conan/
+    directory: /
+    schedule:
+      interval: weekly
+      day: monday
+      time: "04:00"
+      timezone: Etc/GMT
+    commit-message:
+      prefix: "ci: [DEPENDABOT] "
+    target-branch: develop
+
+  - package-ecosystem: github-actions
+    directory: .github/actions/build-deps/
+    schedule:
+      interval: weekly
+      day: monday
+      time: "04:00"
+      timezone: Etc/GMT
+    commit-message:
+      prefix: "ci: [DEPENDABOT] "
+    target-branch: develop
+
+  - package-ecosystem: github-actions
+    directory: .github/actions/generate-version/
+    schedule:
+      interval: weekly
+      day: monday
+      time: "04:00"
+      timezone: Etc/GMT
+    commit-message:
+      prefix: "ci: [DEPENDABOT] "
+    target-branch: develop
+
+  - package-ecosystem: github-actions
+    directory: .github/actions/setup-conan/
    schedule:
      interval: weekly
      day: monday
--- a/.github/scripts/rename/cmake.sh
+++ b/.github/scripts/rename/cmake.sh
@@ -43,6 +43,9 @@ pushd "${DIRECTORY}"
 # Rename the files.
 find cmake -type f -name 'Rippled*.cmake' -exec bash -c 'mv "${1}" "${1/Rippled/Xrpl}"' - {} \;
 find cmake -type f -name 'Ripple*.cmake' -exec bash -c 'mv "${1}" "${1/Ripple/Xrpl}"' - {} \;
+if [ -e cmake/xrpl_add_test.cmake ]; then
+    mv cmake/xrpl_add_test.cmake cmake/XrplAddTest.cmake
+fi
 if [ -e include/xrpl/proto/ripple.proto ]; then
    mv include/xrpl/proto/ripple.proto include/xrpl/proto/xrpl.proto
 fi
@@ -57,6 +60,7 @@ find cmake -type f -name '*.cmake' | while read -r FILE; do
 done
 ${SED_COMMAND} -i -E 's/Rippled?/Xrpl/g' CMakeLists.txt
 ${SED_COMMAND} -i 's/ripple/xrpl/g' CMakeLists.txt
+${SED_COMMAND} -i 's/include(xrpl_add_test)/include(XrplAddTest)/' src/tests/libxrpl/CMakeLists.txt
 ${SED_COMMAND} -i 's/ripple.pb.h/xrpl.pb.h/' include/xrpl/protocol/messages.h
 ${SED_COMMAND} -i 's/ripple.pb.h/xrpl.pb.h/' BUILD.md
 ${SED_COMMAND} -i 's/ripple.pb.h/xrpl.pb.h/' BUILD.md
--- a/.github/scripts/strategy-matrix/generate.py
+++ b/.github/scripts/strategy-matrix/generate.py
@@ -1,281 +1,384 @@
 #!/usr/bin/env python3
 import argparse
-import dataclasses
 import itertools
 import json
+from dataclasses import dataclass
 from pathlib import Path

 THIS_DIR = Path(__file__).parent.resolve()

-_BASE_CMAKE_ARGS = ["-Dtests=ON", "-Dwerr=ON", "-Dxrpld=ON", "-Dwextra=ON"]

-# Maps sanitizer names (as used in cmake) to short config-name suffixes.
-_SANITIZER_SUFFIX: dict[str, str] = {
-    "address": "asan",
-    "undefinedbehavior": "ubsan",
-    "thread": "tsan",
-}
-
-
-def get_cmake_args(build_type: str, extra_args: str) -> str:
-    """Get the full list of CMake arguments for a config."""
-    args = _BASE_CMAKE_ARGS.copy()
-    if build_type == "Release":
-        args.append("-Dassert=ON")
-    if extra_args:
-        args.extend(extra_args.split())
-    return " ".join(args)
-
-
-# ---------------------------------------------------------------------------
-# Input types — shapes of the JSON config files
-# ---------------------------------------------------------------------------
-
-
-@dataclasses.dataclass
-class LinuxConfig:
-    """One entry in linux.json's 'configs' or 'package_configs' arrays."""
-
-    compiler: list[str]
+@dataclass
+class Config:
+    architecture: list[dict]
+    os: list[dict]
    build_type: list[str]
-    arch: list[str]
-    sanitizers: list[str] = dataclasses.field(default_factory=list)
-    suffix: str = ""
-    extra_cmake_args: str = ""
-    image: str = ""  # only used by package_configs entries
+    cmake_args: list[str]


-@dataclasses.dataclass
-class LinuxFile:
-    """Shape of linux.json."""
+"""
+Generate a strategy matrix for GitHub Actions CI.

-    image_tag: str
-    configs: dict[str, list[LinuxConfig]]  # distro → configs
-    package_configs: dict[str, list[LinuxConfig]]  # distro → packaging configs
+On each PR commit we will build a selection of Debian, RHEL, Ubuntu, MacOS, and
+Windows configurations, while upon merge into the develop or release branches,
+we will build all configurations, and test most of them.

-    @classmethod
-    def load(cls, path: Path) -> "LinuxFile":
-        data = json.loads(path.read_text())
-
-        def parse(section: dict) -> dict[str, list[LinuxConfig]]:
-            return {
-                distro: [LinuxConfig(**c) for c in cfgs]
-                for distro, cfgs in section.items()
-            }
-
-        return cls(
-            image_tag=data["image_tag"],
-            configs=parse(data["configs"]),
-            package_configs=parse(data.get("package_configs", {})),
-        )
+We will further set additional CMake arguments as follows:
+- All builds will have the `tests`, `werr`, and `xrpld` options.
+- All builds will have the `wextra` option except for GCC 12 and Clang 16.
+- All release builds will have the `assert` option.
+- Certain Debian Bookworm configurations will change the reference fee, enable
+  codecov, and enable voidstar in PRs.
+"""


-@dataclasses.dataclass
-class PlatformConfig:
-    """One entry in macos.json's or windows.json's 'configs' array."""
-
-    build_type: list[str]
-    build_only: bool = False  # if true, skip tests (e.g. macos/Windows Debug)
-    extra_cmake_args: str = ""
-
-    def __post_init__(self) -> None:
-        if isinstance(self.build_type, str):
-            self.build_type = [self.build_type]
+def build_config_name(os_entry: dict[str, str], platform: str, build_type: str) -> str:
+    parts = [os_entry["distro_name"]]
+    for key in ("distro_version", "compiler_name", "compiler_version"):
+        if value := os_entry[key]:
+            parts.append(value)
+    parts.append("arm64" if "arm64" in platform else "amd64")
+    parts.append(build_type.lower())
+    return "-".join(parts)


-@dataclasses.dataclass
-class PlatformFile:
-    """Shape of macos.json and windows.json."""
-
-    platform: str  # e.g. "macos/arm64" or "windows/amd64"
-    runner: list[str]  # GitHub Actions runner labels
-    configs: list[PlatformConfig]
-
-    @classmethod
-    def load(cls, path: Path) -> "PlatformFile":
-        data = json.loads(path.read_text())
-        return cls(
-            platform=data["platform"],
-            runner=data["runner"],
-            configs=[PlatformConfig(**c) for c in data["configs"]],
-        )
-
-
-# ---------------------------------------------------------------------------
-# Output types — shapes of the generated GitHub Actions matrix entries
-# ---------------------------------------------------------------------------
-
-
-@dataclasses.dataclass
-class Architecture:
-    platform: str
-    runner: list[str]
-
-
-@dataclasses.dataclass
-class MatrixEntry:
-    """One entry in the generated build/test strategy matrix."""
-
-    config_name: str
-    cmake_args: str
-    cmake_target: str
-    build_only: bool
-    build_type: str
-    architecture: Architecture
-    sanitizers: str
-    image: str = ""  # container image; empty for macOS/Windows (runs natively)
-    compiler: str = ""  # compiler name ("gcc" or "clang"); empty for macOS/Windows
-
-
-@dataclasses.dataclass
-class PackagingEntry:
-    """One entry in the generated packaging strategy matrix."""
-
-    artifact_name: str
-    image: str
-    distro: str  # e.g. "debian" or "rhel"; drives package-format-specific steps
-
-
-# ---------------------------------------------------------------------------
-# Matrix expansion
-# ---------------------------------------------------------------------------
-
-_ARCHS: dict[str, Architecture] = {
-    "amd64": Architecture(
-        platform="linux/amd64", runner=["self-hosted", "Linux", "X64", "heavy"]
-    ),
-    "arm64": Architecture(
-        platform="linux/arm64",
-        runner=["self-hosted", "Linux", "ARM64", "heavy-arm64"],
-    ),
-}
-
-
-def expand_linux_matrix(linux: LinuxFile) -> list[MatrixEntry]:
-    """Expand a LinuxFile into a flat list of matrix entries.
-
-    Each config entry is expanded over the cross-product of its
-    compiler, build_type, sanitizers, and architecture lists.
+def generate_packaging_matrix(config: Config) -> list[dict]:
+    """Emit one entry per os entry with `package: true`. Architecture is
+    hardcoded to linux/amd64 here (and the runner is hardcoded at the
+    workflow level) until arm64 packaging is ready.
    """
-    entries: list[MatrixEntry] = []
+    return [
+        {
+            "artifact_name": f"xrpld-{build_config_name(os, 'linux/amd64', 'Release')}",
+            "os": os,
+        }
+        for os in config.os
+        if os.get("package", False)
+    ]

-    for distro, configs in linux.configs.items():
-        for cfg in configs:
-            # An empty sanitizers list means "one entry with no sanitizer".
-            effective_sanitizers = cfg.sanitizers or [""]
-            effective_archs = {arch: _ARCHS[arch] for arch in cfg.arch}

-            for compiler, build_type, sanitizer, (arch, arch_info) in itertools.product(
-                cfg.compiler,
-                cfg.build_type,
-                effective_sanitizers,
-                effective_archs.items(),
+def generate_strategy_matrix(all: bool, config: Config) -> list[dict]:
+    configurations = []
+    for architecture, os, build_type, cmake_args in itertools.product(
+        config.architecture, config.os, config.build_type, config.cmake_args
+    ):
+        # The default CMake target is 'all' for Linux and MacOS and 'install'
+        # for Windows, but it can get overridden for certain configurations.
+        cmake_target = "install" if os["distro_name"] == "windows" else "all"
+
+        # We build and test all configurations by default, except for Windows in
+        # Debug, because it is too slow, as well as when code coverage is
+        # enabled as that mode already runs the tests.
+        build_only = False
+        if os["distro_name"] == "windows" and build_type == "Debug":
+            build_only = True
+
+        # Only generate a subset of configurations in PRs.
+        if not all:
+            # Debian:
+            # - Bookworm using GCC 13: Debug on linux/amd64, set the reference
+            #   fee to 500 and enable code coverage (which will be done below).
+            # - Bookworm using GCC 15: Debug on linux/amd64, enable Address and
+            #   UB sanitizers (which will be done below).
+            # - Bookworm using Clang 16: Debug on linux/amd64, enable voidstar.
+            # - Bookworm using Clang 17: Release on linux/amd64, set the
+            #   reference fee to 1000.
+            # - Bookworm using Clang 20: Debug on linux/amd64, enable Address
+            #   and UB sanitizers (which will be done below).
+            if os["distro_name"] == "debian":
+                skip = True
+                if os["distro_version"] == "bookworm":
+                    if (
+                        f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-13"
+                        and build_type == "Debug"
+                        and architecture["platform"] == "linux/amd64"
+                    ):
+                        cmake_args = f"-DUNIT_TEST_REFERENCE_FEE=500 {cmake_args}"
+                        skip = False
+                    if (
+                        f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-15"
+                        and build_type == "Release"
+                        and architecture["platform"] == "linux/amd64"
+                    ):
+                        skip = False
+                    if (
+                        f"{os['compiler_name']}-{os['compiler_version']}" == "clang-16"
+                        and build_type == "Debug"
+                        and architecture["platform"] == "linux/amd64"
+                    ):
+                        cmake_args = f"-Dvoidstar=ON {cmake_args}"
+                        skip = False
+                    if (
+                        f"{os['compiler_name']}-{os['compiler_version']}" == "clang-17"
+                        and build_type == "Release"
+                        and architecture["platform"] == "linux/amd64"
+                    ):
+                        cmake_args = f"-DUNIT_TEST_REFERENCE_FEE=1000 {cmake_args}"
+                        skip = False
+                elif os["distro_version"] == "trixie":
+                    if (
+                        f"{os['compiler_name']}-{os['compiler_version']}" == "clang-22"
+                        and build_type == "Debug"
+                        and architecture["platform"] == "linux/amd64"
+                    ):
+                        skip = False
+                if skip:
+                    continue
+
+            # RHEL:
+            # - 9 using GCC 12: Debug and Release on linux/amd64
+            #   (Release is required for RPM packaging).
+            # - 10 using Clang: Release on linux/amd64.
+            if os["distro_name"] == "rhel":
+                skip = True
+                if os["distro_version"] == "9":
+                    if (
+                        f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-12"
+                        and build_type in ["Debug", "Release"]
+                        and architecture["platform"] == "linux/amd64"
+                    ):
+                        skip = False
+                elif os["distro_version"] == "10":
+                    if (
+                        f"{os['compiler_name']}-{os['compiler_version']}" == "clang-any"
+                        and build_type == "Release"
+                        and architecture["platform"] == "linux/amd64"
+                    ):
+                        skip = False
+                if skip:
+                    continue
+
+            # Ubuntu:
+            # - Jammy using GCC 12: Debug on linux/arm64, Release on
+            #   linux/amd64 (Release is required for DEB packaging).
+            # - Noble using GCC 14: Release on linux/amd64.
+            # - Noble using Clang 18: Debug on linux/amd64.
+            # - Noble using Clang 19: Release on linux/arm64.
+            if os["distro_name"] == "ubuntu":
+                skip = True
+                if os["distro_version"] == "jammy":
+                    if (
+                        f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-12"
+                        and build_type == "Debug"
+                        and architecture["platform"] == "linux/arm64"
+                    ):
+                        skip = False
+                    if (
+                        f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-12"
+                        and build_type == "Release"
+                        and architecture["platform"] == "linux/amd64"
+                    ):
+                        skip = False
+                elif os["distro_version"] == "noble":
+                    if (
+                        f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-14"
+                        and build_type == "Release"
+                        and architecture["platform"] == "linux/amd64"
+                    ):
+                        skip = False
+                    if (
+                        f"{os['compiler_name']}-{os['compiler_version']}" == "clang-18"
+                        and build_type == "Debug"
+                        and architecture["platform"] == "linux/amd64"
+                    ):
+                        skip = False
+                    if (
+                        f"{os['compiler_name']}-{os['compiler_version']}" == "clang-19"
+                        and build_type == "Release"
+                        and architecture["platform"] == "linux/arm64"
+                    ):
+                        skip = False
+                if skip:
+                    continue
+
+            # MacOS:
+            # - Debug on macos/arm64.
+            if os["distro_name"] == "macos" and not (
+                build_type == "Debug" and architecture["platform"] == "macos/arm64"
            ):
-                name = f"{distro}-{compiler}-{build_type.lower()}-{arch}"
-                suffix_parts = [
-                    s for s in [cfg.suffix, _SANITIZER_SUFFIX.get(sanitizer, "")] if s
-                ]
-                if suffix_parts:
-                    name += "-" + "-".join(suffix_parts)
+                continue

-                entries.append(
-                    MatrixEntry(
-                        config_name=name,
-                        image=f"ghcr.io/xrplf/xrpld/nix-{distro}:{linux.image_tag}",
-                        cmake_args=get_cmake_args(build_type, cfg.extra_cmake_args),
-                        cmake_target="all",
-                        build_only=False,
-                        build_type=build_type,
-                        architecture=arch_info,
-                        sanitizers=sanitizer,
-                        compiler=compiler,
-                    )
-                )
+            # Windows:
+            # - Release on windows/amd64.
+            if os["distro_name"] == "windows" and not (
+                build_type == "Release" and architecture["platform"] == "windows/amd64"
+            ):
+                continue

-    return entries
+        # Additional CMake arguments.
+        cmake_args = f"{cmake_args} -Dtests=ON -Dwerr=ON -Dxrpld=ON"
+        if not f"{os['compiler_name']}-{os['compiler_version']}" in [
+            "gcc-12",
+            "clang-16",
+        ]:
+            cmake_args = f"{cmake_args} -Dwextra=ON"
+        if build_type == "Release":
+            cmake_args = f"{cmake_args} -Dassert=ON"

+        # We skip all RHEL on arm64 due to a build failure that needs further
+        # investigation.
+        if os["distro_name"] == "rhel" and architecture["platform"] == "linux/arm64":
+            continue

-def expand_linux_packaging(linux: LinuxFile) -> list[PackagingEntry]:
-    """Generate the packaging matrix from a LinuxFile's package_configs section.
+        # We skip all clang 20+ on arm64 due to Boost build error.
+        if (
+            os["compiler_name"] == "clang"
+            and os["compiler_version"].isdigit()
+            and int(os["compiler_version"]) >= 20
+            and architecture["platform"] == "linux/arm64"
+        ):
+            continue

-    Packaging uses vanilla distro images (debian:bookworm, ubi9, …) instead of
-    the nix-based build images, because deb/rpm tooling (debhelper, rpm-build)
-    is taken from the distro's archive rather than from nixpkgs. Each config
-    entry carries its own 'image'.
-    """
-    entries = []
-    for distro, configs in linux.package_configs.items():
-        for cfg in configs:
-            for compiler, build_type in itertools.product(cfg.compiler, cfg.build_type):
-                entries.append(
-                    PackagingEntry(
-                        artifact_name=f"xrpld-{distro}-{compiler}-{build_type.lower()}-amd64",
-                        image=cfg.image,
-                        distro=distro,
-                    )
-                )
+        # Enable code coverage for Debian Bookworm using GCC 13 in Debug on
+        # linux/amd64.
+        if (
+            f"{os['distro_name']}-{os['distro_version']}" == "debian-bookworm"
+            and f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-13"
+            and build_type == "Debug"
+            and architecture["platform"] == "linux/amd64"
+        ):
+            cmake_args = f"{cmake_args} -Dcoverage=ON -Dcoverage_format=xml -DCODE_COVERAGE_VERBOSE=ON -DCMAKE_C_FLAGS=-O0 -DCMAKE_CXX_FLAGS=-O0"

-    return entries
+        # Enable unity build for Ubuntu Jammy using GCC 12 in Debug on
+        # linux/amd64.
+        if (
+            f"{os['distro_name']}-{os['distro_version']}" == "ubuntu-jammy"
+            and f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-12"
+            and build_type == "Debug"
+            and architecture["platform"] == "linux/amd64"
+        ):
+            cmake_args = f"{cmake_args} -Dunity=ON"

+        # Generate a unique name for the configuration, e.g. macos-arm64-debug
+        # or debian-bookworm-gcc-12-amd64-release.
+        config_name = build_config_name(os, architecture["platform"], build_type)
+        if "-Dcoverage=ON" in cmake_args:
+            config_name += "-coverage"
+        if "-Dunity=ON" in cmake_args:
+            config_name += "-unity"

-def expand_platform_matrix(pf: PlatformFile) -> list[MatrixEntry]:
-    """Expand a PlatformFile (macOS or Windows) into matrix entries."""
-    platform_name, arch = pf.platform.split("/")
-    is_windows = platform_name == "windows"
-
-    entries: list[MatrixEntry] = []
-    for cfg in pf.configs:
-        for build_type in cfg.build_type:
-            entries.append(
-                MatrixEntry(
-                    config_name=f"{platform_name}-{arch}-{build_type.lower()}",
-                    cmake_args=get_cmake_args(build_type, cfg.extra_cmake_args),
-                    cmake_target="install" if is_windows else "all",
-                    build_only=cfg.build_only,
-                    build_type=build_type,
-                    architecture=Architecture(platform=pf.platform, runner=pf.runner),
-                    sanitizers="",
-                )
+        # Add the configuration to the list, with the most unique fields first,
+        # so that they are easier to identify in the GitHub Actions UI, as long
+        # names get truncated.
+        # Add Address and UB sanitizers as separate configurations for specific
+        # bookworm distros. Thread sanitizer is currently disabled (see below).
+        # GCC-Asan xrpld-embedded tests are failing because of https://github.com/google/sanitizers/issues/856
+        if (
+            os["distro_version"] == "bookworm"
+            and f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-15"
+        ) or (
+            os["distro_version"] == "trixie"
+            and f"{os['compiler_name']}-{os['compiler_version']}" == "clang-22"
+        ):
+            # Add ASAN and UBSAN configurations for both gcc-15 and clang-22
+            configurations.append(
+                {
+                    "config_name": config_name + "-asan",
+                    "cmake_args": cmake_args,
+                    "cmake_target": cmake_target,
+                    "build_only": build_only,
+                    "build_type": build_type,
+                    "os": os,
+                    "architecture": architecture,
+                    "sanitizers": "address",
+                }
            )
-    return entries
+            configurations.append(
+                {
+                    "config_name": config_name + "-ubsan",
+                    "cmake_args": cmake_args,
+                    "cmake_target": cmake_target,
+                    "build_only": build_only,
+                    "build_type": build_type,
+                    "os": os,
+                    "architecture": architecture,
+                    "sanitizers": "undefinedbehavior",
+                }
+            )
+            # TSAN is deactivated due to seg faults with latest compilers.
+            activate_tsan = False
+            if activate_tsan:
+                configurations.append(
+                    {
+                        "config_name": config_name + "-tsan-ubsan",
+                        "cmake_args": cmake_args,
+                        "cmake_target": cmake_target,
+                        "build_only": build_only,
+                        "build_type": build_type,
+                        "os": os,
+                        "architecture": architecture,
+                        "sanitizers": "thread,undefinedbehavior",
+                    }
+                )
+        else:
+            configurations.append(
+                {
+                    "config_name": config_name,
+                    "cmake_args": cmake_args,
+                    "cmake_target": cmake_target,
+                    "build_only": build_only,
+                    "build_type": build_type,
+                    "os": os,
+                    "architecture": architecture,
+                    "sanitizers": "",
+                }
+            )
+
+    return configurations


-# ---------------------------------------------------------------------------
-# Entry point
-# ---------------------------------------------------------------------------
+def read_config(file: Path) -> Config:
+    config = json.loads(file.read_text())
+    if (
+        config["architecture"] is None
+        or config["os"] is None
+        or config["build_type"] is None
+        or config["cmake_args"] is None
+    ):
+        raise Exception("Invalid configuration file.")
+
+    return Config(**config)


 if __name__ == "__main__":
-    parser = argparse.ArgumentParser(
-        description="Generate a CI strategy matrix for all platforms or a specific one."
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+        "-a",
+        "--all",
+        help="Set to generate all configurations (generally used when merging a PR) or leave unset to generate a subset of configurations (generally used when committing to a PR).",
+        action="store_true",
    )
    parser.add_argument(
        "-c",
        "--config",
-        help="Platform to generate for ('linux', 'macos', or 'windows'). Defaults to all platforms.",
-        choices=["linux", "macos", "windows"],
-        default=None,
+        help="Path to the JSON file containing the strategy matrix configurations.",
+        required=False,
+        type=Path,
    )
    parser.add_argument(
        "-p",
        "--packaging",
-        help="Emit the Linux packaging matrix instead of the build/test matrix.",
+        help="Emit the packaging matrix (derived from the 'package' field on os entries) instead of the build/test matrix.",
        action="store_true",
    )
    args = parser.parse_args()

-    matrix: list[MatrixEntry] | list[PackagingEntry] = []
-
+    matrix = []
    if args.packaging:
-        matrix = expand_linux_packaging(LinuxFile.load(THIS_DIR / "linux.json"))
+        config_path = args.config if args.config else THIS_DIR / "linux.json"
+        matrix += generate_packaging_matrix(read_config(config_path))
+    elif args.config is None or args.config == "":
+        matrix += generate_strategy_matrix(
+            args.all, read_config(THIS_DIR / "linux.json")
+        )
+        matrix += generate_strategy_matrix(
+            args.all, read_config(THIS_DIR / "macos.json")
+        )
+        matrix += generate_strategy_matrix(
+            args.all, read_config(THIS_DIR / "windows.json")
+        )
    else:
-        if args.config in ("linux", None):
-            matrix += expand_linux_matrix(LinuxFile.load(THIS_DIR / "linux.json"))
-        if args.config in ("macos", None):
-            matrix += expand_platform_matrix(PlatformFile.load(THIS_DIR / "macos.json"))
-        if args.config in ("windows", None):
-            matrix += expand_platform_matrix(
-                PlatformFile.load(THIS_DIR / "windows.json")
-            )
+        matrix += generate_strategy_matrix(args.all, read_config(args.config))

-    print(f"matrix={json.dumps({'include': [dataclasses.asdict(e) for e in matrix]})}")
+    # Generate the strategy matrix.
+    print(f"matrix={json.dumps({'include': matrix})}")
--- a/.github/scripts/strategy-matrix/linux.json
+++ b/.github/scripts/strategy-matrix/linux.json
@@ -1,83 +1,221 @@
 {
-  "image_tag": "sha-63ffdc3",
-  "configs": {
-    "ubuntu": [
-      {
-        "compiler": ["gcc", "clang"],
-        "build_type": ["Debug", "Release"],
-        "arch": ["amd64", "arm64"]
-      },
-
-      {
-        "compiler": ["gcc", "clang"],
-        "build_type": ["Debug"],
-        "arch": ["amd64"],
-        "sanitizers": ["address", "undefinedbehavior"]
-      },
-
-      {
-        "compiler": ["gcc"],
-        "build_type": ["Debug"],
-        "arch": ["amd64"],
-        "suffix": "coverage",
-        "extra_cmake_args": "-DUNIT_TEST_REFERENCE_FEE=500 -Dcoverage=ON -Dcoverage_format=xml -DCODE_COVERAGE_VERBOSE=ON -DCMAKE_C_FLAGS=-O0 -DCMAKE_CXX_FLAGS=-O0"
-      },
-      {
-        "compiler": ["clang"],
-        "build_type": ["Debug"],
-        "arch": ["amd64"],
-        "suffix": "voidstar",
-        "extra_cmake_args": "-Dvoidstar=ON"
-      },
-      {
-        "compiler": ["clang"],
-        "build_type": ["Release"],
-        "arch": ["amd64"],
-        "suffix": "reffee",
-        "extra_cmake_args": "-DUNIT_TEST_REFERENCE_FEE=1000"
-      },
-      {
-        "compiler": ["gcc"],
-        "build_type": ["Debug"],
-        "arch": ["amd64"],
-        "suffix": "unity",
-        "extra_cmake_args": "-Dunity=ON"
-      }
-    ],
-
-    "debian": [
-      {
-        "compiler": ["gcc"],
-        "build_type": ["Release"],
-        "arch": ["amd64"]
-      }
-    ],
-
-    "rhel": [
-      {
-        "compiler": ["gcc"],
-        "build_type": ["Release"],
-        "arch": ["amd64"]
-      }
-    ]
-  },
-  "package_configs": {
-    "debian": [
-      {
-        "compiler": ["gcc"],
-        "build_type": ["Release"],
-        "arch": ["amd64"],
-        "image": "ghcr.io/xrplf/xrpld/packaging-debian:sha-63ffdc3"
-      }
-    ],
-
-    "rhel": [
-      {
-        "compiler": ["gcc"],
-        "build_type": ["Release"],
-        "arch": ["amd64"],
-        "image": "ghcr.io/xrplf/xrpld/packaging-rhel:sha-63ffdc3"
-      }
-    ]
-  }
+  "architecture": [
+    {
+      "platform": "linux/amd64",
+      "runner": ["self-hosted", "Linux", "X64", "heavy"]
+    },
+    {
+      "platform": "linux/arm64",
+      "runner": ["self-hosted", "Linux", "ARM64", "heavy-arm64"]
+    }
+  ],
+  "os": [
+    {
+      "distro_name": "debian",
+      "distro_version": "bookworm",
+      "compiler_name": "gcc",
+      "compiler_version": "12",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "debian",
+      "distro_version": "bookworm",
+      "compiler_name": "gcc",
+      "compiler_version": "13",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "debian",
+      "distro_version": "bookworm",
+      "compiler_name": "gcc",
+      "compiler_version": "14",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "debian",
+      "distro_version": "bookworm",
+      "compiler_name": "gcc",
+      "compiler_version": "15",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "debian",
+      "distro_version": "bookworm",
+      "compiler_name": "clang",
+      "compiler_version": "16",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "debian",
+      "distro_version": "bookworm",
+      "compiler_name": "clang",
+      "compiler_version": "17",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "debian",
+      "distro_version": "bookworm",
+      "compiler_name": "clang",
+      "compiler_version": "18",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "debian",
+      "distro_version": "bookworm",
+      "compiler_name": "clang",
+      "compiler_version": "19",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "debian",
+      "distro_version": "bookworm",
+      "compiler_name": "clang",
+      "compiler_version": "20",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "debian",
+      "distro_version": "trixie",
+      "compiler_name": "gcc",
+      "compiler_version": "14",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "debian",
+      "distro_version": "trixie",
+      "compiler_name": "gcc",
+      "compiler_version": "15",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "debian",
+      "distro_version": "trixie",
+      "compiler_name": "clang",
+      "compiler_version": "20",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "debian",
+      "distro_version": "trixie",
+      "compiler_name": "clang",
+      "compiler_version": "21",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "debian",
+      "distro_version": "trixie",
+      "compiler_name": "clang",
+      "compiler_version": "22",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "rhel",
+      "distro_version": "8",
+      "compiler_name": "gcc",
+      "compiler_version": "14",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "rhel",
+      "distro_version": "8",
+      "compiler_name": "clang",
+      "compiler_version": "any",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "rhel",
+      "distro_version": "9",
+      "compiler_name": "gcc",
+      "compiler_version": "12",
+      "image_sha": "4c086b9",
+      "package": true
+    },
+    {
+      "distro_name": "rhel",
+      "distro_version": "9",
+      "compiler_name": "gcc",
+      "compiler_version": "13",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "rhel",
+      "distro_version": "9",
+      "compiler_name": "gcc",
+      "compiler_version": "14",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "rhel",
+      "distro_version": "9",
+      "compiler_name": "clang",
+      "compiler_version": "any",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "rhel",
+      "distro_version": "10",
+      "compiler_name": "gcc",
+      "compiler_version": "14",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "rhel",
+      "distro_version": "10",
+      "compiler_name": "clang",
+      "compiler_version": "any",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "ubuntu",
+      "distro_version": "jammy",
+      "compiler_name": "gcc",
+      "compiler_version": "12",
+      "image_sha": "4c086b9",
+      "package": true
+    },
+    {
+      "distro_name": "ubuntu",
+      "distro_version": "noble",
+      "compiler_name": "gcc",
+      "compiler_version": "13",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "ubuntu",
+      "distro_version": "noble",
+      "compiler_name": "gcc",
+      "compiler_version": "14",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "ubuntu",
+      "distro_version": "noble",
+      "compiler_name": "clang",
+      "compiler_version": "16",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "ubuntu",
+      "distro_version": "noble",
+      "compiler_name": "clang",
+      "compiler_version": "17",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "ubuntu",
+      "distro_version": "noble",
+      "compiler_name": "clang",
+      "compiler_version": "18",
+      "image_sha": "4c086b9"
+    },
+    {
+      "distro_name": "ubuntu",
+      "distro_version": "noble",
+      "compiler_name": "clang",
+      "compiler_version": "19",
+      "image_sha": "4c086b9"
+    }
+  ],
+  "build_type": ["Debug", "Release"],
+  "cmake_args": [""]
 }
--- a/.github/scripts/strategy-matrix/macos.json
+++ b/.github/scripts/strategy-matrix/macos.json
@@ -1,15 +1,19 @@
 {
-  "platform": "macos/arm64",
-  "runner": ["self-hosted", "macOS", "ARM64", "mac-runner-m1"],
-  "configs": [
+  "architecture": [
    {
-      "build_type": "Release",
-      "extra_cmake_args": "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
-    },
-    {
-      "build_type": "Debug",
-      "extra_cmake_args": "-DCMAKE_POLICY_VERSION_MINIMUM=3.5",
-      "build_only": true
+      "platform": "macos/arm64",
+      "runner": ["self-hosted", "macOS", "ARM64", "mac-runner-m1"]
    }
-  ]
+  ],
+  "os": [
+    {
+      "distro_name": "macos",
+      "distro_version": "",
+      "compiler_name": "",
+      "compiler_version": "",
+      "image_sha": ""
+    }
+  ],
+  "build_type": ["Debug", "Release"],
+  "cmake_args": ["-DCMAKE_POLICY_VERSION_MINIMUM=3.5"]
 }
--- a/.github/scripts/strategy-matrix/windows.json
+++ b/.github/scripts/strategy-matrix/windows.json
@@ -1,8 +1,19 @@
 {
-  "platform": "windows/amd64",
-  "runner": ["self-hosted", "Windows", "devbox"],
-  "configs": [
-    { "build_type": "Release" },
-    { "build_type": "Debug", "build_only": true }
-  ]
+  "architecture": [
+    {
+      "platform": "windows/amd64",
+      "runner": ["self-hosted", "Windows", "devbox"]
+    }
+  ],
+  "os": [
+    {
+      "distro_name": "windows",
+      "distro_version": "",
+      "compiler_name": "",
+      "compiler_version": "",
+      "image_sha": ""
+    }
+  ],
+  "build_type": ["Debug", "Release"],
+  "cmake_args": [""]
 }
--- a/.github/workflows/build-nix-image.yml
+++ b/.github/workflows/build-nix-image.yml
@@ -0,0 +1,109 @@
+name: Build Nix Docker image
+
+on:
+  push:
+    branches:
+      - develop
+    paths:
+      - ".github/workflows/build-nix-image.yml"
+      - ".github/workflows/reusable-build-docker-image.yml"
+      - "docker/**"
+      - "flake.nix"
+      - "flake.lock"
+      - "nix/**"
+  pull_request:
+    paths:
+      - ".github/workflows/build-nix-image.yml"
+      - ".github/workflows/reusable-build-docker-image.yml"
+      - "docker/**"
+      - "flake.nix"
+      - "flake.lock"
+      - "nix/**"
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  build:
+    name: Build ${{ matrix.distro.name }} (${{ matrix.target.platform }})
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        # The base images are the oldest supported version of each distro
+        # that we want to build images for.
+        distro:
+          - name: nixos
+            base_image: nixos/nix:latest
+          - name: ubuntu
+            base_image: ubuntu:20.04
+          - name: rhel
+            base_image: registry.access.redhat.com/ubi9/ubi:latest
+          - name: debian
+            base_image: debian:bookworm
+        target:
+          - platform: linux/amd64
+            runner: ubuntu-latest
+          - platform: linux/arm64
+            runner: ubuntu-24.04-arm
+    uses: ./.github/workflows/reusable-build-docker-image.yml
+    with:
+      image_name: ghcr.io/xrplf/xrpld/nix-${{ matrix.distro.name }}
+      dockerfile: docker/nix.Dockerfile
+      base_image: ${{ matrix.distro.base_image }}
+      platform: ${{ matrix.target.platform }}
+      runner: ${{ matrix.target.runner }}
+      push: ${{ github.repository == 'XRPLF/rippled' && github.event_name == 'push' }}
+
+  merge:
+    name: Merge ${{ matrix.distro }} manifest
+    needs: build
+    if: ${{ github.repository == 'XRPLF/rippled' && github.event_name == 'push' }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        distro: [nixos, ubuntu, rhel, debian]
+    env:
+      IMAGE_NAME: ghcr.io/xrplf/xrpld/nix-${{ matrix.distro }}
+
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
+        with:
+          images: ${{ env.IMAGE_NAME }}
+          tags: |
+            type=sha,prefix=sha-,format=short
+            type=raw,value=latest
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create multi-arch manifests
+        run: |
+          for tag in $(jq -cr '.tags[]' <<<"$DOCKER_METADATA_OUTPUT_JSON"); do
+              docker buildx imagetools create -t "$tag" "${tag}-amd64" "${tag}-arm64"
+          done
+
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect "${IMAGE_NAME}:${{ steps.meta.outputs.version }}"
--- a/.github/workflows/build-nix-images.yml
+++ b/.github/workflows/build-nix-images.yml
@@ -1,54 +0,0 @@
-name: Build Nix Docker images
-
-on:
-  push:
-    branches:
-      - develop
-    paths:
-      - ".github/workflows/build-nix-images.yml"
-      - "flake.nix"
-      - "flake.lock"
-      - "nix/**"
-  pull_request:
-    paths:
-      - ".github/workflows/build-nix-images.yml"
-      - "flake.nix"
-      - "flake.lock"
-      - "nix/**"
-  workflow_dispatch:
-
-concurrency:
-  # Read `on-trigger.yml` for the rationale behind this concurrency group name.
-  group: ${{ github.workflow }}-${{ github.event_name == 'push' && github.ref == 'refs/heads/develop' && github.sha || github.ref }}
-  cancel-in-progress: true
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  build-merge:
-    name: Build and push nix-${{ matrix.distro.name }}
-    permissions:
-      contents: read
-      packages: write
-    strategy:
-      fail-fast: false
-      matrix:
-        # The base images are the oldest supported version of each distro
-        # that we want to build images for.
-        distro:
-          - name: nixos
-            base_image: nixos/nix:latest
-          - name: ubuntu
-            base_image: ubuntu:20.04
-          - name: debian
-            base_image: debian:bookworm
-          - name: rhel
-            base_image: registry.access.redhat.com/ubi9/ubi:latest
-    uses: XRPLF/actions/.github/workflows/build-multiarch-image.yml@c1b480188519e0cad040e6aa70db1cbc5a797e07
-    with:
-      image_name: ghcr.io/xrplf/xrpld/nix-${{ matrix.distro.name }}
-      dockerfile: nix/docker/Dockerfile
-      base_image: ${{ matrix.distro.base_image }}
-      push: ${{ github.repository == 'XRPLF/rippled' && github.event_name == 'push' }}
--- a/.github/workflows/build-packaging-images.yml
+++ b/.github/workflows/build-packaging-images.yml
@@ -1,46 +0,0 @@
-name: Build packaging Docker images
-
-on:
-  push:
-    branches:
-      - develop
-    paths:
-      - ".github/workflows/build-packaging-images.yml"
-      - "package/Dockerfile"
-      - "package/install-packaging-tools.sh"
-  pull_request:
-    paths:
-      - ".github/workflows/build-packaging-images.yml"
-      - "package/Dockerfile"
-      - "package/install-packaging-tools.sh"
-  workflow_dispatch:
-
-concurrency:
-  # Read `on-trigger.yml` for the rationale behind this concurrency group name.
-  group: ${{ github.workflow }}-${{ github.event_name == 'push' && github.ref == 'refs/heads/develop' && github.sha || github.ref }}
-  cancel-in-progress: true
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  build-merge:
-    name: Build and push packaging-${{ matrix.distro.name }}
-    permissions:
-      contents: read
-      packages: write
-    strategy:
-      fail-fast: false
-      matrix:
-        distro:
-          - name: debian
-            base_image: debian:bookworm
-          - name: rhel
-            base_image: registry.access.redhat.com/ubi9/ubi:latest
-    uses: XRPLF/actions/.github/workflows/build-multiarch-image.yml@c1b480188519e0cad040e6aa70db1cbc5a797e07
-    with:
-      image_name: ghcr.io/xrplf/xrpld/packaging-${{ matrix.distro.name }}
-      dockerfile: package/Dockerfile
-      base_image: ${{ matrix.distro.base_image }}
-      push: ${{ github.repository == 'XRPLF/rippled' && github.event_name == 'push' }}
--- a/.github/workflows/check-pr-description.yml
+++ b/.github/workflows/check-pr-description.yml
@@ -23,7 +23,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Write PR body to file
        env:
--- a/.github/workflows/on-pr.yml
+++ b/.github/workflows/on-pr.yml
@@ -33,7 +33,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Determine changed files
        # This step checks whether any files have changed that should
        # cause the next jobs to run. We do it this way rather than
--- a/.github/workflows/on-tag.yml
+++ b/.github/workflows/on-tag.yml
@@ -33,6 +33,7 @@ jobs:
    with:
      ccache_enabled: false
      os: ${{ matrix.os }}
+      strategy_matrix: minimal
    secrets:
      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

--- a/.github/workflows/on-trigger.yml
+++ b/.github/workflows/on-trigger.yml
@@ -88,6 +88,7 @@ jobs:
      # not identical to a regular compilation.
      ccache_enabled: ${{ github.repository_owner == 'XRPLF' && !startsWith(github.ref, 'refs/heads/release') }}
      os: ${{ matrix.os }}
+      strategy_matrix: ${{ github.event_name == 'schedule' && 'all' || 'minimal' }}
    secrets:
      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -14,7 +14,7 @@ on:
 jobs:
  # Call the workflow in the XRPLF/actions repo that runs the pre-commit hooks.
  run-hooks:
-    uses: XRPLF/actions/.github/workflows/pre-commit.yml@312aaab296060ff89d7f798dcab59f019bea6e02
+    uses: XRPLF/actions/.github/workflows/pre-commit.yml@cba1f0891650baf1a9c88624dc2d72573be2eb81
    with:
      runs_on: ubuntu-latest
      container: '{ "image": "ghcr.io/xrplf/ci/tools-rippled-pre-commit:sha-41ec7c1" }'
--- a/.github/workflows/publish-docs.yml
+++ b/.github/workflows/publish-docs.yml
@@ -41,13 +41,13 @@ env:
 jobs:
  build:
    runs-on: ubuntu-latest
-    container: ghcr.io/xrplf/xrpld/nix-ubuntu:sha-63ffdc3
+    container: ghcr.io/xrplf/ci/tools-rippled-documentation:sha-a8c7be1
    steps:
      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Prepare runner
-        uses: XRPLF/actions/prepare-runner@c47daebb2f9db64ffbac71b47d68a661498d5ce8
+        uses: XRPLF/actions/prepare-runner@90f11ee655d1687824fb8793db770477d52afbab
        with:
          enable_ccache: false

@@ -57,11 +57,19 @@ jobs:
        with:
          subtract: ${{ env.NPROC_SUBTRACT }}

-      - name: Print build environment
-        uses: XRPLF/actions/print-build-env@59dec886e4afb05a1724443af08baccbc045b574
+      - name: Check configuration
+        run: |
+          echo 'Checking path.'
+          echo ${PATH} | tr ':' '\n'

-      - name: Check Doxygen version
-        run: doxygen --version
+          echo 'Checking environment variables.'
+          env | sort
+
+          echo 'Checking CMake version.'
+          cmake --version
+
+          echo 'Checking Doxygen version.'
+          doxygen --version

      - name: Build documentation
        env:
--- a/.github/workflows/reusable-build-docker-image.yml
+++ b/.github/workflows/reusable-build-docker-image.yml
@@ -0,0 +1,89 @@
+# Build a single-platform Docker image. On push, the image is pushed to
+# GHCR with arch-suffixed tags (e.g. `:latest-amd64`, `:sha-abc-amd64`)
+# so the calling workflow can stitch per-arch builds into a multi-arch
+# manifest without needing to pass digests around.
+name: Reusable build Docker image (single platform)
+
+on:
+  workflow_call:
+    inputs:
+      image_name:
+        description: "Full image name without tag (e.g. 'ghcr.io/xrplf/xrpld/nix-ubuntu')"
+        required: true
+        type: string
+      dockerfile:
+        description: "Path to the Dockerfile, relative to the repository root"
+        required: true
+        type: string
+      base_image:
+        description: "Value passed to the Dockerfile as the BASE_IMAGE build arg"
+        required: true
+        type: string
+      platform:
+        description: "Docker platform string, e.g. linux/amd64"
+        required: true
+        type: string
+      runner:
+        description: "GitHub Actions runner label to build on"
+        required: true
+        type: string
+      push:
+        description: "Whether to push the image to GHCR"
+        required: true
+        type: boolean
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  build:
+    name: Build (${{ inputs.platform }})
+    runs-on: ${{ inputs.runner }}
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Determine arch
+        id: vars
+        env:
+          PLATFORM: ${{ inputs.platform }}
+        run: |
+          echo "arch=${PLATFORM##*/}" >>$GITHUB_OUTPUT
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+
+      - name: Login to GitHub Container Registry
+        if: inputs.push
+        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
+        with:
+          images: ${{ inputs.image_name }}
+          tags: |
+            type=sha,prefix=sha-,format=short
+            type=raw,value=latest
+          flavor: |
+            suffix=-${{ steps.vars.outputs.arch }},onlatest=true
+
+      - name: Build and push
+        uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
+        with:
+          context: .
+          file: ${{ inputs.dockerfile }}
+          platforms: ${{ inputs.platform }}
+          push: ${{ inputs.push }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: BASE_IMAGE=${{ inputs.base_image }}
--- a/.github/workflows/reusable-build-test-config.yml
+++ b/.github/workflows/reusable-build-test-config.yml
@@ -57,12 +57,6 @@ on:
        type: string
        default: ""

-      compiler:
-        description: 'The compiler to use ("gcc" or "clang"). Leave empty for macOS/Windows (uses system default).'
-        required: false
-        type: string
-        default: ""
-
    secrets:
      CODECOV_TOKEN:
        description: "The Codecov token to use for uploading coverage reports."
@@ -110,10 +104,10 @@ jobs:
        uses: XRPLF/actions/cleanup-workspace@c7d9ce5ebb03c752a354889ecd870cadfc2b1cd4

      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Prepare runner
-        uses: XRPLF/actions/prepare-runner@c47daebb2f9db64ffbac71b47d68a661498d5ce8
+        uses: XRPLF/actions/prepare-runner@90f11ee655d1687824fb8793db770477d52afbab
        with:
          enable_ccache: ${{ inputs.ccache_enabled }}

@@ -130,12 +124,6 @@ jobs:
        with:
          subtract: ${{ inputs.nproc_subtract }}

-      - name: Set compiler environment (Linux)
-        if: ${{ runner.os == 'Linux' }}
-        uses: ./.github/actions/set-compiler-env
-        with:
-          compiler: ${{ inputs.compiler }}
-
      - name: Setup Conan
        env:
          SANITIZERS: ${{ inputs.sanitizers }}
@@ -203,21 +191,6 @@ jobs:
              --parallel "${BUILD_NPROC}" \
              --target "${CMAKE_TARGET}"

-      # This step is needed to allow running in non-Nix environments
-      - name: Patch binary to use default loader and remove rpath (Linux)
-        if: ${{ runner.os == 'Linux' && env.SANITIZERS_ENABLED == 'false' }}
-        run: |
-          loader="$(/tmp/loader-path.sh)"
-          patchelf --set-interpreter "${loader}" --remove-rpath "${{ env.BUILD_DIR }}/xrpld"
-
-      # We're only running aarch64 Linux builds in Ubuntu-based images, so this is kept simple
-      - name: Install libatomic (Linux aarch64)
-        if: ${{ runner.os == 'Linux' && runner.arch == 'ARM64' }}
-        run: |
-          apt update --yes
-          apt install -y --no-install-recommends \
-              libatomic1
-
      - name: Show ccache statistics
        if: ${{ inputs.ccache_enabled }}
        run: |
@@ -236,15 +209,6 @@ jobs:
          retention-days: 3
          if-no-files-found: error

-      - name: Upload the test binary (Linux)
-        if: ${{ github.event.repository.visibility == 'public' && runner.os == 'Linux' }}
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
-        with:
-          name: xrpl_tests-${{ inputs.config_name }}
-          path: ${{ env.BUILD_DIR }}/xrpl_tests
-          retention-days: 3
-          if-no-files-found: error
-
      - name: Export server definitions
        if: ${{ runner.os != 'Windows' && !inputs.build_only && env.VOIDSTAR_ENABLED != 'true' }}
        working-directory: ${{ env.BUILD_DIR }}
@@ -253,7 +217,7 @@ jobs:
          ./xrpld --definitions | python3 -m json.tool >server_definitions.json

      - name: Upload server definitions
-        if: ${{ github.event.repository.visibility == 'public' && inputs.config_name == 'debian-gcc-release-amd64' }}
+        if: ${{ github.event.repository.visibility == 'public' && inputs.config_name == 'debian-bookworm-gcc-13-amd64-release' }}
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: server-definitions
@@ -295,8 +259,16 @@ jobs:

      - name: Run the separate tests
        if: ${{ !inputs.build_only }}
-        working-directory: ${{ runner.os == 'Windows' && format('{0}/{1}', env.BUILD_DIR, inputs.build_type) || env.BUILD_DIR }}
-        run: ./xrpl_tests
+        working-directory: ${{ env.BUILD_DIR }}
+        # Windows locks some of the build files while running tests, and parallel jobs can collide
+        env:
+          BUILD_TYPE: ${{ inputs.build_type }}
+          PARALLELISM: ${{ runner.os == 'Windows' && '1' || steps.nproc.outputs.nproc }}
+        run: |
+          ctest \
+              --output-on-failure \
+              -C "${BUILD_TYPE}" \
+              -j "${PARALLELISM}"

      - name: Run the embedded tests
        if: ${{ !inputs.build_only }}
@@ -307,25 +279,7 @@ jobs:
          set -o pipefail
          # Coverage builds are slower due to instrumentation; use fewer parallel jobs to avoid flakiness
          [ "$COVERAGE_ENABLED" = "true" ] && BUILD_NPROC=$((BUILD_NPROC - 2))
-
-          # The resolver/preload workaround is only correct for the ASan build:
-          # a regular build doesn't hit the __dn_expand interceptor bug, and must
-          # NOT have libasan injected. So only preload when xrpld is ASan-built.
-          #
-          # libresolv hosts getaddrinfo's resolver helpers (dn_expand, res_*). Under ASan
-          # these are intercepted via dlsym(RTLD_NEXT, ...), which yields a NULL pointer
-          # and crashes DNS resolution if libresolv isn't loaded. Linking it guarantees
-          # the symbols are present; it's a harmless no-op on glibc >= 2.34 (merged into
-          # libc) and is what the compiler driver already does for sanitizer builds.
-          #   https://github.com/llvm/llvm-project/issues/59007
-          #   https://github.com/google/sanitizers/issues/1592
-          if ldd ./xrpld | grep -q libasan; then
-              PRELOAD="$(gcc -print-file-name=libasan.so):/usr/lib/x86_64-linux-gnu/libresolv.so.2"
-          else
-              PRELOAD=""
-          fi
-
-          LD_PRELOAD="$PRELOAD" ./xrpld --unittest --unittest-jobs "${BUILD_NPROC}" 2>&1 | tee unittest.log
+          ./xrpld --unittest --unittest-jobs "${BUILD_NPROC}" 2>&1 | tee unittest.log

      - name: Show test failure summary
        if: ${{ failure() && !inputs.build_only }}
@@ -370,7 +324,7 @@ jobs:

      - name: Upload coverage report
        if: ${{ github.repository == 'XRPLF/rippled' && !inputs.build_only && env.COVERAGE_ENABLED == 'true' }}
-        uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
+        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
        with:
          disable_search: true
          disable_telem: true
--- a/.github/workflows/reusable-build-test.yml
+++ b/.github/workflows/reusable-build-test.yml
@@ -19,6 +19,13 @@ on:
        required: true
        type: string

+      strategy_matrix:
+        # TODO: Support additional strategies, e.g. "ubuntu" for generating all Ubuntu configurations.
+        description: 'The strategy matrix to use for generating the configurations ("minimal", "all").'
+        required: false
+        type: string
+        default: "minimal"
+
    secrets:
      CODECOV_TOKEN:
        description: "The Codecov token to use for uploading coverage reports."
@@ -30,6 +37,7 @@ jobs:
    uses: ./.github/workflows/reusable-strategy-matrix.yml
    with:
      os: ${{ inputs.os }}
+      strategy_matrix: ${{ inputs.strategy_matrix }}

  # Build and test the binary for each configuration.
  build-test-config:
@@ -39,6 +47,7 @@ jobs:
    strategy:
      fail-fast: ${{ github.event_name == 'merge_group' }}
      matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
+      max-parallel: 10
    with:
      build_only: ${{ matrix.build_only }}
      build_type: ${{ matrix.build_type }}
@@ -46,9 +55,8 @@ jobs:
      cmake_args: ${{ matrix.cmake_args }}
      cmake_target: ${{ matrix.cmake_target }}
      runs_on: ${{ toJSON(matrix.architecture.runner) }}
-      image: ${{ matrix.image || '' }}
+      image: ${{ contains(matrix.architecture.platform, 'linux') && format('ghcr.io/xrplf/ci/{0}-{1}:{2}-{3}-sha-{4}', matrix.os.distro_name, matrix.os.distro_version, matrix.os.compiler_name, matrix.os.compiler_version, matrix.os.image_sha) || '' }}
      config_name: ${{ matrix.config_name }}
      sanitizers: ${{ matrix.sanitizers }}
-      compiler: ${{ matrix.compiler || '' }}
    secrets:
      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/reusable-check-levelization.yml
+++ b/.github/workflows/reusable-check-levelization.yml
@@ -18,7 +18,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Check levelization
        run: python .github/scripts/levelization/generate.py
      - name: Check for differences
--- a/.github/workflows/reusable-check-rename.yml
+++ b/.github/workflows/reusable-check-rename.yml
@@ -18,7 +18,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Check definitions
        run: .github/scripts/rename/definitions.sh .
      - name: Check copyright notices
--- a/.github/workflows/reusable-clang-tidy.yml
+++ b/.github/workflows/reusable-clang-tidy.yml
@@ -29,23 +29,23 @@ jobs:
    if: ${{ inputs.check_only_changed }}
    permissions:
      contents: read
-    uses: XRPLF/actions/.github/workflows/determine-tidy-files.yml@312aaab296060ff89d7f798dcab59f019bea6e02
+    uses: XRPLF/actions/.github/workflows/determine-tidy-files.yml@224f3c48d3014d082a1129237b8291ff0b0a331f

  run-clang-tidy:
    name: Run clang tidy
    needs: [determine-files]
    if: ${{ always() && !cancelled() && (!inputs.check_only_changed || needs.determine-files.outputs.cpp_changed_files != '' || needs.determine-files.outputs.clang_tidy_config_changed == 'true') }}
    runs-on: ["self-hosted", "Linux", "X64", "heavy"]
-    container: "ghcr.io/xrplf/xrpld/nix-debian:sha-63ffdc3"
+    container: "ghcr.io/xrplf/ci/debian-trixie:clang-21-sha-53033a2"
    permissions:
      contents: read
      issues: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Prepare runner
-        uses: XRPLF/actions/prepare-runner@c47daebb2f9db64ffbac71b47d68a661498d5ce8
+        uses: XRPLF/actions/prepare-runner@90f11ee655d1687824fb8793db770477d52afbab
        with:
          enable_ccache: false

@@ -56,11 +56,6 @@ jobs:
        uses: XRPLF/actions/get-nproc@cf0433aa74563aead044a1e395610c96d65a37cf
        id: nproc

-      - name: Set compiler environment
-        uses: ./.github/actions/set-compiler-env
-        with:
-          compiler: clang
-
      - name: Setup Conan
        uses: ./.github/actions/setup-conan

--- a/.github/workflows/reusable-package.yml
+++ b/.github/workflows/reusable-package.yml
@@ -1,7 +1,8 @@
 # Build Linux packages (DEB and RPM) from pre-built binary artifacts.
-# Discovers which configurations to package from linux.json (configs in
-# "package_configs") and fans out one job per distro. Only linux/amd64 is
-# supported; the runner is hardcoded in the job below.
+# Discovers which configurations to package from linux.json (os entries
+# with "package": true) and fans out one job per entry. Today only
+# linux/amd64 is emitted; the architecture is hardcoded both here
+# (runner) and in generate.py.
 name: Package

 on:
@@ -27,17 +28,18 @@ jobs:
      matrix: ${{ steps.generate.outputs.matrix }}
    steps:
      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Set up Python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
-          python-version: "3.13"
+          python-version: 3.13

      - name: Generate packaging matrix
        id: generate
        working-directory: .github/scripts/strategy-matrix
-        run: ./generate.py --packaging >>"${GITHUB_OUTPUT}"
+        run: |
+          ./generate.py --packaging --config=linux.json >>"${GITHUB_OUTPUT}"

  generate-version:
    runs-on: ubuntu-latest
@@ -45,7 +47,7 @@ jobs:
      version: ${{ steps.version.outputs.version }}
    steps:
      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          sparse-checkout: |
            .github/actions/generate-version
@@ -64,12 +66,12 @@ jobs:
    permissions:
      contents: read
    runs-on: ["self-hosted", "Linux", "X64", "heavy"]
-    container: ${{ matrix.image }}
+    container: ${{ format('ghcr.io/xrplf/ci/{0}-{1}:{2}-{3}-sha-{4}', matrix.os.distro_name, matrix.os.distro_version, matrix.os.compiler_name, matrix.os.compiler_version, matrix.os.image_sha) }}
    timeout-minutes: 30

    steps:
      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Download pre-built binary
        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
--- a/.github/workflows/reusable-strategy-matrix.yml
+++ b/.github/workflows/reusable-strategy-matrix.yml
@@ -4,9 +4,15 @@ on:
  workflow_call:
    inputs:
      os:
-        description: 'The operating system to use for the build ("linux", "macos", "windows", or empty for all).'
+        description: 'The operating system to use for the build ("linux", "macos", "windows").'
        required: false
        type: string
+      strategy_matrix:
+        # TODO: Support additional strategies, e.g. "ubuntu" for generating all Ubuntu configurations.
+        description: 'The strategy matrix to use for generating the configurations ("minimal", "all").'
+        required: false
+        type: string
+        default: "minimal"
    outputs:
      matrix:
        description: "The generated strategy matrix."
@@ -23,16 +29,17 @@ jobs:
      matrix: ${{ steps.generate.outputs.matrix }}
    steps:
      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Set up Python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
-          python-version: "3.13"
+          python-version: 3.13

      - name: Generate strategy matrix
        working-directory: .github/scripts/strategy-matrix
        id: generate
        env:
-          GENERATE_CONFIG: ${{ inputs.os != '' && format('--config={0}', inputs.os) || '' }}
-        run: ./generate.py ${GENERATE_CONFIG} >>"${GITHUB_OUTPUT}"
+          GENERATE_CONFIG: ${{ inputs.os != '' && format('--config={0}.json', inputs.os) || '' }}
+          GENERATE_OPTION: ${{ inputs.strategy_matrix == 'all' && '--all' || '' }}
+        run: ./generate.py ${GENERATE_OPTION} ${GENERATE_CONFIG} >>"${GITHUB_OUTPUT}"
--- a/.github/workflows/reusable-upload-recipe.yml
+++ b/.github/workflows/reusable-upload-recipe.yml
@@ -40,10 +40,10 @@ defaults:
 jobs:
  upload:
    runs-on: ubuntu-latest
-    container: ghcr.io/xrplf/xrpld/nix-ubuntu:sha-63ffdc3
+    container: ghcr.io/xrplf/ci/ubuntu-noble:gcc-13-sha-5dd7158
    steps:
      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Generate build version number
        id: version
--- a/.github/workflows/upload-conan-deps.yml
+++ b/.github/workflows/upload-conan-deps.yml
@@ -48,6 +48,8 @@ jobs:
  # Generate the strategy matrix to be used by the following job.
  generate-matrix:
    uses: ./.github/workflows/reusable-strategy-matrix.yml
+    with:
+      strategy_matrix: ${{ github.event_name == 'pull_request' && 'minimal' || 'all' }}

  # Build and upload the dependencies for each configuration.
  run-upload-conan-deps:
@@ -56,18 +58,19 @@ jobs:
    strategy:
      fail-fast: false
      matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
+      max-parallel: 10
    runs-on: ${{ matrix.architecture.runner }}
-    container: ${{ matrix.image || null }}
+    container: ${{ contains(matrix.architecture.platform, 'linux') && format('ghcr.io/xrplf/ci/{0}-{1}:{2}-{3}-sha-{4}', matrix.os.distro_name, matrix.os.distro_version, matrix.os.compiler_name, matrix.os.compiler_version, matrix.os.image_sha) || null }}
    steps:
      - name: Cleanup workspace (macOS and Windows)
        if: ${{ runner.os == 'macOS' || runner.os == 'Windows' }}
        uses: XRPLF/actions/cleanup-workspace@c7d9ce5ebb03c752a354889ecd870cadfc2b1cd4

      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Prepare runner
-        uses: XRPLF/actions/prepare-runner@c47daebb2f9db64ffbac71b47d68a661498d5ce8
+        uses: XRPLF/actions/prepare-runner@90f11ee655d1687824fb8793db770477d52afbab
        with:
          enable_ccache: false

@@ -80,12 +83,6 @@ jobs:
        with:
          subtract: ${{ env.NPROC_SUBTRACT }}

-      - name: Set compiler environment (Linux)
-        if: ${{ runner.os == 'Linux' }}
-        uses: ./.github/actions/set-compiler-env
-        with:
-          compiler: ${{ matrix.compiler }}
-
      - name: Setup Conan
        env:
          SANITIZERS: ${{ matrix.sanitizers }}
--- a/cmake/XrplAddTest.cmake
+++ b/cmake/XrplAddTest.cmake
@@ -0,0 +1,22 @@
+include(isolate_headers)
+
+function(xrpl_add_test name)
+    set(target ${PROJECT_NAME}.test.${name})
+
+    file(
+        GLOB_RECURSE sources
+        CONFIGURE_DEPENDS
+        "${CMAKE_CURRENT_SOURCE_DIR}/${name}/*.cpp"
+        "${CMAKE_CURRENT_SOURCE_DIR}/${name}.cpp"
+    )
+    add_executable(${target} ${ARGN} ${sources})
+
+    isolate_headers(
+        ${target}
+        "${CMAKE_SOURCE_DIR}"
+        "${CMAKE_SOURCE_DIR}/tests/${name}"
+        PRIVATE
+    )
+
+    add_test(NAME ${target} COMMAND ${target})
+endfunction()
--- a/cmake/XrplCompiler.cmake
+++ b/cmake/XrplCompiler.cmake
@@ -145,39 +145,13 @@ else()
        INTERFACE
            -rdynamic
            $<$<BOOL:${is_linux}>:-Wl,-z,relro,-z,now,--build-id>
-            # link to static libc/c++ if:
-            # * static option set and
-            # * NOT APPLE (AppleClang does not support static libc/c++)
-            $<$<AND:$<BOOL:${static}>,$<NOT:$<BOOL:${APPLE}>>>:
+            # link to static libc/c++ iff: * static option set and * NOT APPLE (AppleClang does not support static
+            # libc/c++) and * NOT SANITIZERS (sanitizers typically don't work with static libc/c++)
+            $<$<AND:$<BOOL:${static}>,$<NOT:$<BOOL:${APPLE}>>,$<NOT:$<BOOL:${SANITIZERS_ENABLED}>>>:
            -static-libstdc++
            -static-libgcc
            >
    )
-
-    # Keep -stdlib=libstdc++ off the compile commands, but preserve it for linking.
-    #
-    # Conan turns `compiler.libcxx=libstdc++` into `-stdlib=libstdc++` and puts it in
-    # CMAKE_CXX_FLAGS, which CMake passes to BOTH compile and link steps. On a normal Clang
-    # the compile step consumes it while choosing the C++ stdlib include paths. The Nixpkgs
-    # Clang wrapper supplies those paths itself (via -nostdinc++), so at compile time the
-    # flag is unused -> Clang errors under our -Werror. At link time the flag IS consumed
-    # (it selects the C++ runtime), so we move it there instead of dropping it entirely.
-    get_filename_component(_cxx_real "${CMAKE_CXX_COMPILER}" REALPATH)
-    if(
-        _cxx_real MATCHES "^/nix/store/"
-        AND is_linux
-        AND is_clang
-        AND CMAKE_CXX_FLAGS MATCHES "stdlib=libstdc"
-    )
-        string(
-            REPLACE "-stdlib=libstdc++"
-            ""
-            CMAKE_CXX_FLAGS
-            "${CMAKE_CXX_FLAGS}"
-        )
-        string(STRIP "${CMAKE_CXX_FLAGS}" CMAKE_CXX_FLAGS)
-        add_link_options($<$<LINK_LANGUAGE:CXX>:-stdlib=libstdc++>)
-    endif()
 endif()

 # Antithesis instrumentation will only be built and deployed using machines running Linux.
--- a/cmake/XrplCov.cmake
+++ b/cmake/XrplCov.cmake
@@ -47,7 +47,7 @@ setup_target_for_coverage_gcovr(
        "include/xrpl/beast/test"
        "include/xrpl/beast/unit_test"
        "${CMAKE_BINARY_DIR}/pb-xrpl.libpb"
-    DEPENDENCIES xrpld xrpl_tests
+    DEPENDENCIES xrpld xrpl.tests
 )

 add_code_coverage_to_target(opts INTERFACE)
--- a/conan/profiles/ci
+++ b/conan/profiles/ci
@@ -1,8 +1 @@
-{% set os = detect_api.detect_os() %}
 include(sanitizers)
-
-[conf]
-{% if os == "Linux" %}
-user.package:libc_version=2.31
-tools.info.package_id:confs+=["user.package:libc_version"]
-{% endif %}
--- a/cspell.config.yaml
+++ b/cspell.config.yaml
@@ -50,7 +50,6 @@ words:
  - AMMXRP
  - amt
  - amts
-  - archs
  - asnode
  - asynchrony
  - attestation
--- a/nix/docker/check-tools.sh
+++ b/nix/docker/check-tools.sh
@@ -9,13 +9,11 @@ clang-format --version
 cmake --version
 conan --version
 curl --version
-doxygen --version
 g++ --version
 gcc --version
 gcov --version
 gcovr --version
 git --version
-git-cliff --version
 gpg --version
 less --version
 make --version
--- a/docker/install-sanitizer-libs.sh
+++ b/docker/install-sanitizer-libs.sh
@@ -0,0 +1,89 @@
+#!/bin/bash
+# Install sanitizer runtime libraries required to run binaries compiled with:
+#   -fsanitize=address   → libasan.so.8
+#   -fsanitize=thread    → libtsan.so.2
+#   -fsanitize=undefined → libubsan.so.1
+#
+# The exact SONAMEs required depend on the compiler toolchain used to build the
+# test binaries (see nix/ci-env.nix). If the toolchain is bumped and SONAMEs
+# change, update the list below (or detect them from the binaries).
+#
+# Supported base images:
+#   debian:bookworm
+#   ubuntu:20.04
+#   rhel:9
+#   nixos/nix        — tests are skipped; this script is not called
+
+set -euo pipefail
+
+if [ ! -f /etc/os-release ]; then
+    echo "ERROR: /etc/os-release not found; cannot detect OS" >&2
+    exit 1
+fi
+
+# shellcheck source=/dev/null
+. /etc/os-release
+
+echo "Detected OS: ${ID} ${VERSION_ID:-}"
+
+case "${ID}" in
+    debian)
+        apt-get update -y
+        apt-get install -y --no-install-recommends \
+            libasan8 \
+            libtsan2 \
+            libubsan1
+
+        apt-get clean
+        rm -rf /var/lib/apt/lists/*
+        ;;
+
+    ubuntu)
+        apt-get update -y
+        apt-get install -y --no-install-recommends \
+            gnupg \
+            software-properties-common
+        add-apt-repository -y ppa:ubuntu-toolchain-r/test
+        apt-get update -y
+        apt-get install -y --no-install-recommends \
+            libasan8 \
+            libtsan2 \
+            libubsan1
+
+        apt-get clean
+        rm -rf /var/lib/apt/lists/*
+        ;;
+
+    rhel | centos | rocky | almalinux)
+        dnf install -y \
+            libasan8 \
+            libtsan2 \
+            libubsan
+
+        dnf clean -y all
+        rm -rf /var/cache/dnf/*
+        ;;
+
+    *)
+        echo "ERROR: unsupported OS '${ID}'. Supported: debian, ubuntu, rhel-family" >&2
+        exit 1
+        ;;
+esac
+
+# Verify that every expected library is now resolvable by the dynamic linker.
+missing=0
+for lib in libasan.so.8 libtsan.so.2 libubsan.so.1; do
+    if ldconfig -p | grep -q "${lib}"; then
+        echo "OK: ${lib} found"
+    else
+        echo "ERROR: ${lib} not found after installation" >&2
+        missing=$((missing + 1))
+    fi
+done
+
+if [ "${missing}" -ne 0 ]; then
+    echo "ERROR: ${missing} library/libraries missing" >&2
+    exit 1
+fi
+
+echo "All sanitizer runtime libraries installed successfully."
--- a/nix/docker/loader-path.sh
+++ b/nix/docker/loader-path.sh
--- a/docker/nix.Dockerfile
+++ b/docker/nix.Dockerfile
@@ -56,7 +56,7 @@ ENV GIT_SSL_CAINFO="/nix/ci-env/etc/ssl/certs/ca-bundle.crt"
 # Externally-built dynamically-linked ELF binaries hard-code the loader path
 # (e.g. /lib64/ld-linux-x86-64.so.2) in their PT_INTERP header. Install it
 # from the Nix store when the base image doesn't already provide one.
-COPY nix/docker/loader-path.sh /tmp/loader-path.sh
+COPY docker/loader-path.sh /tmp/loader-path.sh

 RUN <<EOF
 target="$(/tmp/loader-path.sh)"
@@ -71,12 +71,12 @@ if [ ! -e "${target}" ]; then
 fi
 EOF

-COPY nix/docker/check-tools.sh /tmp/check-tools.sh
+COPY docker/check-tools.sh /tmp/check-tools.sh
 RUN /tmp/check-tools.sh

 # Sanity-check that the g++/clang++ are able to build binaries, including sanitizer-instrumented ones.
-COPY nix/docker/test_files/cpp_sources/ /tmp/cpp_sources/
-COPY nix/docker/test_files/compile-cpp-sources.sh /tmp/compile-cpp-sources.sh
+COPY docker/test_files/cpp_sources/ /tmp/cpp_sources/
+COPY docker/test_files/compile-cpp-sources.sh /tmp/compile-cpp-sources.sh
 RUN /tmp/compile-cpp-sources.sh /tmp/cpp_sources /tmp/bins

 # Tester: start from a clean BASE_IMAGE, install sanitizer runtime libraries,
@@ -93,8 +93,8 @@ RUN if echo "${BASE_IMAGE}" | grep -qiE 'nixos'; then \
 SHELL ["/bin/bash", "-e", "-o", "pipefail", "-c"]

 # Sanity-check that the built binaries run correctly in the vanilla base image, with the necessary sanitizer runtime libraries installed.
-COPY nix/docker/install-sanitizer-libs.sh /tmp/install-sanitizer-libs.sh
-COPY nix/docker/test_files/run-test-binaries.sh /tmp/run-test-binaries.sh
+COPY docker/install-sanitizer-libs.sh /tmp/install-sanitizer-libs.sh
+COPY docker/test_files/run-test-binaries.sh /tmp/run-test-binaries.sh
 COPY --from=final /tmp/bins /tmp/bins

 RUN <<EOF
--- a/nix/docker/test_files/compile-cpp-sources.sh
+++ b/nix/docker/test_files/compile-cpp-sources.sh
--- a/nix/docker/test_files/cpp_sources/asan.cpp
+++ b/nix/docker/test_files/cpp_sources/asan.cpp
--- a/nix/docker/test_files/cpp_sources/regular.cpp
+++ b/nix/docker/test_files/cpp_sources/regular.cpp
--- a/nix/docker/test_files/cpp_sources/tsan.cpp
+++ b/nix/docker/test_files/cpp_sources/tsan.cpp
--- a/nix/docker/test_files/cpp_sources/ubsan.cpp
+++ b/nix/docker/test_files/cpp_sources/ubsan.cpp
--- a/nix/docker/test_files/run-test-binaries.sh
+++ b/nix/docker/test_files/run-test-binaries.sh
--- a/include/xrpl/ledger/helpers/EscrowHelpers.h
+++ b/include/xrpl/ledger/helpers/EscrowHelpers.h
@@ -42,7 +42,7 @@ escrowUnlockApplyHelper<Issue>(
    beast::Journal journal)
 {
    Issue const& issue = amount.get<Issue>();
-    Keylet const trustLineKey = keylet::rippleState(receiver, issue);
+    Keylet const trustLineKey = keylet::line(receiver, issue);
    bool const recvLow = issuer > receiver;
    bool const senderIssuer = issuer == sender;
    bool const receiverIssuer = issuer == receiver;
@@ -175,7 +175,7 @@ escrowUnlockApplyHelper<MPTIssue>(
    bool const receiverIssuer = issuer == receiver;

    auto const mptID = amount.get<MPTIssue>().getMptID();
-    auto const issuanceKey = keylet::mptokenIssuance(mptID);
+    auto const issuanceKey = keylet::mptIssuance(mptID);
    if (!view.exists(keylet::mptoken(issuanceKey.key, receiver)) && createAsset && !receiverIssuer)
    {
        if (std::uint32_t const ownerCount = {sleDest->at(sfOwnerCount)};
--- a/include/xrpl/nodestore/detail/varint.h
+++ b/include/xrpl/nodestore/detail/varint.h
@@ -25,7 +25,7 @@ struct varint_traits<T, true>
 {
    explicit varint_traits() = default;

-    static constexpr std::size_t kMax = ((8 * sizeof(T)) + 6) / 7;
+    static constexpr std::size_t kMax = (8 * sizeof(T) + 6) / 7;
 };

 // Returns: Number of bytes consumed or 0 on error,
--- a/include/xrpl/protocol/Indexes.h
+++ b/include/xrpl/protocol/Indexes.h
@@ -68,15 +68,21 @@ skip(LedgerIndex ledger) noexcept;

 /** The (fixed) index of the object containing the ledger fees. */
 Keylet const&
-feeSettings() noexcept;
+fees() noexcept;

 /** The (fixed) index of the object containing the ledger negativeUNL. */
 Keylet const&
 negativeUNL() noexcept;

 /** The beginning of an order book */
-Keylet
-book(Book const& b);
+struct BookT
+{
+    explicit BookT() = default;
+
+    Keylet
+    operator()(Book const& b) const;
+};
+static BookT const kBook{};

 /** The index of a trust line for a given currency

@@ -87,12 +93,12 @@ book(Book const& b);
 */
 /** @{ */
 Keylet
-rippleState(AccountID const& id0, AccountID const& id1, Currency const& currency) noexcept;
+line(AccountID const& id0, AccountID const& id1, Currency const& currency) noexcept;

 inline Keylet
-rippleState(AccountID const& id, Issue const& issue) noexcept
+line(AccountID const& id, Issue const& issue) noexcept
 {
-    return rippleState(id, issue.account, issue.currency);
+    return line(id, issue.account, issue.currency);
 }
 /** @} */

@@ -113,27 +119,37 @@ Keylet
 quality(Keylet const& k, std::uint64_t q) noexcept;

 /** The directory for the next lower quality */
-Keylet
-next(Keylet const& k);
+struct NextT
+{
+    explicit NextT() = default;
+
+    Keylet
+    operator()(Keylet const& k) const;
+};
+static NextT const kNext{};

 /** A ticket belonging to an account */
-/** @{ */
-Keylet
-ticket(AccountID const& id, std::uint32_t ticketSeq);
-
-Keylet
-ticket(AccountID const& id, SeqProxy ticketSeq);
-
-inline Keylet
-ticket(uint256 const& key)
+struct TicketT
 {
-    return {ltTICKET, key};
-}
-/** @} */
+    explicit TicketT() = default;
+
+    Keylet
+    operator()(AccountID const& id, std::uint32_t ticketSeq) const;
+
+    Keylet
+    operator()(AccountID const& id, SeqProxy ticketSeq) const;
+
+    Keylet
+    operator()(uint256 const& key) const
+    {
+        return {ltTICKET, key};
+    }
+};
+static TicketT const kTicket{};

 /** A SignerList */
 Keylet
-signerList(AccountID const& account) noexcept;
+signers(AccountID const& account) noexcept;

 /** A Check */
 /** @{ */
@@ -193,7 +209,7 @@ escrow(AccountID const& src, std::uint32_t seq) noexcept;

 /** A PaymentChannel */
 Keylet
-payChannel(AccountID const& src, AccountID const& dst, std::uint32_t seq) noexcept;
+payChan(AccountID const& src, AccountID const& dst, std::uint32_t seq) noexcept;

 /** NFT page keylets

@@ -205,22 +221,22 @@ payChannel(AccountID const& src, AccountID const& dst, std::uint32_t seq) noexce
 /** @{ */
 /** A keylet for the owner's first possible NFT page. */
 Keylet
-nftokenPageMin(AccountID const& owner);
+nftpageMin(AccountID const& owner);

 /** A keylet for the owner's last possible NFT page. */
 Keylet
-nftokenPageMax(AccountID const& owner);
+nftpageMax(AccountID const& owner);

 Keylet
-nftokenPage(Keylet const& k, uint256 const& token);
+nftpage(Keylet const& k, uint256 const& token);
 /** @} */

 /** An offer from an account to buy or sell an NFT */
 Keylet
-nftokenOffer(AccountID const& owner, std::uint32_t seq);
+nftoffer(AccountID const& owner, std::uint32_t seq);

 inline Keylet
-nftokenOffer(uint256 const& offer)
+nftoffer(uint256 const& offer)
 {
    return {ltNFTOKEN_OFFER, offer};
 }
@@ -271,13 +287,13 @@ credential(uint256 const& key) noexcept
 }

 Keylet
-mptokenIssuance(std::uint32_t seq, AccountID const& issuer) noexcept;
+mptIssuance(std::uint32_t seq, AccountID const& issuer) noexcept;

 Keylet
-mptokenIssuance(MPTID const& issuanceID) noexcept;
+mptIssuance(MPTID const& issuanceID) noexcept;

 inline Keylet
-mptokenIssuance(uint256 const& issuanceKey)
+mptIssuance(uint256 const& issuanceKey)
 {
    return {ltMPTOKEN_ISSUANCE, issuanceKey};
 }
@@ -304,10 +320,10 @@ vault(uint256 const& vaultKey)
 }

 Keylet
-loanBroker(AccountID const& owner, std::uint32_t seq) noexcept;
+loanbroker(AccountID const& owner, std::uint32_t seq) noexcept;

 inline Keylet
-loanBroker(uint256 const& key)
+loanbroker(uint256 const& key)
 {
    return {ltLOAN_BROKER, key};
 }
@@ -360,15 +376,11 @@ struct KeyletDesc
 std::array<KeyletDesc<AccountID const&>, 6> const kDirectAccountKeylets{
    {{.function = &keylet::account, .expectedLEName = jss::AccountRoot, .includeInTests = false},
     {.function = &keylet::ownerDir, .expectedLEName = jss::DirectoryNode, .includeInTests = true},
-     {.function = &keylet::signerList, .expectedLEName = jss::SignerList, .includeInTests = true},
+     {.function = &keylet::signers, .expectedLEName = jss::SignerList, .includeInTests = true},
     // It's normally impossible to create an item at nftpage_min, but
     // test it anyway, since the invariant checks for it.
-     {.function = &keylet::nftokenPageMin,
-      .expectedLEName = jss::NFTokenPage,
-      .includeInTests = true},
-     {.function = &keylet::nftokenPageMax,
-      .expectedLEName = jss::NFTokenPage,
-      .includeInTests = true},
+     {.function = &keylet::nftpageMin, .expectedLEName = jss::NFTokenPage, .includeInTests = true},
+     {.function = &keylet::nftpageMax, .expectedLEName = jss::NFTokenPage, .includeInTests = true},
     {.function = &keylet::did, .expectedLEName = jss::DID, .includeInTests = true}}};

 MPTID
--- a/include/xrpl/protocol/detail/ledger_entries.macro
+++ b/include/xrpl/protocol/detail/ledger_entries.macro
@@ -21,7 +21,7 @@

 /** A ledger object which identifies an offer to buy or sell an NFT.

-    \sa keylet::nftokenOffer
+    \sa keylet::nftoffer
 */
 LEDGER_ENTRY(ltNFTOKEN_OFFER, 0x0037, NFTokenOffer, nft_offer, ({
    {sfOwner,                SoeRequired},
@@ -84,7 +84,7 @@ LEDGER_ENTRY(ltNEGATIVE_UNL, 0x004e, NegativeUNL, nunl, ({

 /** A ledger object which contains a list of NFTs

-    \sa keylet::nftokenPageMin, keylet::nftokenPageMax, keylet::nftokenPage
+    \sa keylet::nftpageMin, keylet::nftpageMax, keylet::nftpage
 */
 LEDGER_ENTRY(ltNFTOKEN_PAGE, 0x0050, NFTokenPage, nft_page, ({
    {sfPreviousPageMin,      SoeOptional},
@@ -96,7 +96,7 @@ LEDGER_ENTRY(ltNFTOKEN_PAGE, 0x0050, NFTokenPage, nft_page, ({

 /** A ledger object which contains a signer list for an account.

-    \sa keylet::signerList
+    \sa keylet::signers
 */
 // All fields are SoeRequired because there is always a SignerEntries.
 // If there are no SignerEntries the node is deleted.
@@ -112,7 +112,7 @@ LEDGER_ENTRY(ltSIGNER_LIST, 0x0053, SignerList, signer_list, ({

 /** A ledger object which describes a ticket.

-    \sa keylet::ticket
+    \sa keylet::kTicket
 */
 LEDGER_ENTRY(ltTICKET, 0x0054, Ticket, ticket, ({
    {sfAccount,              SoeRequired},
@@ -272,7 +272,7 @@ LEDGER_ENTRY(ltXCHAIN_OWNED_CLAIM_ID, 0x0071, XChainOwnedClaimID, xchain_owned_c

    @note Per Vinnie Falco this should be renamed to ltTRUST_LINE

-    \sa keylet::rippleState
+    \sa keylet::line
 */
 LEDGER_ENTRY(ltRIPPLE_STATE, 0x0072, RippleState, state, ({
    {sfBalance,              SoeRequired},
@@ -292,7 +292,7 @@ LEDGER_ENTRY(ltRIPPLE_STATE, 0x0072, RippleState, state, ({

    \note This is a singleton: only one such object exists in the ledger.

-    \sa keylet::feeSettings
+    \sa keylet::fees
 */
 LEDGER_ENTRY(ltFEE_SETTINGS, 0x0073, FeeSettings, fee, ({
    // Old version uses raw numbers
@@ -346,7 +346,7 @@ LEDGER_ENTRY(ltESCROW, 0x0075, Escrow, escrow, ({

 /** A ledger object describing a single unidirectional XRP payment channel.

-    \sa keylet::payChannel
+    \sa keylet::payChan
 */
 LEDGER_ENTRY(ltPAYCHAN, 0x0078, PayChannel, payment_channel, ({
    {sfAccount,              SoeRequired},
@@ -384,7 +384,7 @@ LEDGER_ENTRY(ltAMM, 0x0079, AMM, amm, ({
 }))

 /** A ledger object which tracks MPTokenIssuance
-    \sa keylet::mptokenIssuance
+    \sa keylet::mptIssuance
 */
 LEDGER_ENTRY(ltMPTOKEN_ISSUANCE, 0x007e, MPTokenIssuance, mpt_issuance, ({
    {sfIssuer,                   SoeRequired},
@@ -499,7 +499,7 @@ LEDGER_ENTRY(ltVAULT, 0x0084, Vault, vault, ({

 /** A ledger object representing a loan broker

-    \sa keylet::loanBroker
+    \sa keylet::loanbroker
 */
 LEDGER_ENTRY(ltLOAN_BROKER, 0x0088, LoanBroker, loan_broker, ({
    {sfPreviousTxnID,        SoeRequired},
--- a/include/xrpl/protocol/nft.h
+++ b/include/xrpl/protocol/nft.h
@@ -52,7 +52,7 @@ getTransferFee(uint256 const& id)
 }

 inline std::uint32_t
-getSequence(uint256 const& id)
+getSerial(uint256 const& id)
 {
    std::uint32_t seq = 0;
    memcpy(&seq, id.begin() + 28, 4);
@@ -92,7 +92,7 @@ getTaxon(uint256 const& id)

    // The taxon cipher is just an XOR, so it is reversible by applying the
    // XOR a second time.
-    return cipheredTaxon(getSequence(id), toTaxon(taxon));
+    return cipheredTaxon(getSerial(id), toTaxon(taxon));
 }

 inline AccountID
--- a/include/xrpl/tx/ApplyContext.h
+++ b/include/xrpl/tx/ApplyContext.h
@@ -103,23 +103,7 @@ public:
        view_->rawDestroyXRP(fee);
    }

-    /** Applies all invariant checkers one by one.
-
-        @param result the result generated by processing this transaction.
-        @param fee the fee charged for this transaction
-        @return the result code that should be returned for this transaction.
-     */
-    TER
-    checkInvariants(TER const result, XRPAmount const fee);
-
 private:
-    static TER
-    failInvariantCheck(TER const result);
-
-    template <std::size_t... Is>
-    TER
-    checkInvariantsHelper(TER const result, XRPAmount const fee, std::index_sequence<Is...>);
-
    OpenView& base_;
    ApplyFlags flags_;
    std::optional<ApplyViewImpl> view_;
--- a/include/xrpl/tx/Transactor.h
+++ b/include/xrpl/tx/Transactor.h
@@ -6,6 +6,7 @@
 #include <xrpl/protocol/XRPAmount.h>
 #include <xrpl/tx/ApplyContext.h>
 #include <xrpl/tx/applySteps.h>
+#include <xrpl/tx/invariants/CheckInvariants.h>

 #include <utility>

@@ -142,19 +143,30 @@ public:
        return ctx_.view();
    }

+    /** Whether to run the transaction-specific invariant check.
+     *
+     *  After a fee-claim reset the transaction's effects have been rolled back,
+     *  so only the protocol invariants are meaningful; pass @c Yes to skip the
+     *  transaction-specific check in that case.
+     */
+    enum class SkipTxInvariants : bool { No = false, Yes = true };
+
    /** Check all invariants for the current transaction.
     *
-     *  Runs transaction-specific invariants first (visitInvariantEntry +
-     *  finalizeInvariants), then protocol-level invariants.  Both layers
-     *  always run; the worst failure code is returned.
+     *  Delegates to the free @c xrpl::checkInvariants runner.  Unless @p skip is
+     *  @c SkipTxInvariants::Yes, the transaction-specific adapter is passed so
+     *  both layers share a single walk of the modified ledger entries.
+     *  Protocol faults (tefINVARIANT_FAILED) take priority over transaction
+     *  faults (tecINVARIANT_FAILED).
     *
     *  @param result  the tentative TER from transaction processing.
     *  @param fee     the fee consumed by the transaction.
+     *  @param skip    whether to skip the transaction-specific invariant check.
     *
     *  @return the final TER after all invariant checks.
     */
    [[nodiscard]] TER
-    checkInvariants(TER result, XRPAmount fee);
+    checkInvariants(TER result, XRPAmount fee, SkipTxInvariants skip);

    /////////////////////////////////////////////////////
    /*
@@ -287,7 +299,7 @@ protected:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) = 0;
+        beast::Journal const& j) const = 0;

    /** Compute the minimum fee required to process a transaction
        with a given baseFee based on the current server load.
@@ -404,20 +416,34 @@ private:
    static NotTEC
    preflightUniversal(PreflightContext const& ctx);

-    /** Check transaction-specific invariants only.
-     *
-     *  Walks every modified ledger entry via visitInvariantEntry, then
-     *  calls finalizeInvariants on the derived transactor.  Returns
-     *  tecINVARIANT_FAILED if any transaction invariant is violated.
-     *
-     *  @param result  the tentative TER from transaction processing.
-     *  @param fee     the fee consumed by the transaction.
-     *
-     *  @return the original result if all invariants pass, or
-     *          tecINVARIANT_FAILED otherwise.
-     */
-    [[nodiscard]] TER
-    checkTransactionInvariants(TER result, XRPAmount fee);
+    /** Bridges the transaction-specific two-phase invariant hooks
+     *  (visitInvariantEntry + finalizeInvariants) into the InvariantCheck
+     *  interface consumed by the free xrpl::checkInvariants runner. */
+    class InvariantCheckAdapter : public InvariantCheck
+    {
+        Transactor& self_;
+
+    public:
+        explicit InvariantCheckAdapter(Transactor& self) : self_(self)
+        {
+        }
+
+        void
+        visitEntry(bool isDelete, SLE::const_ref before, SLE::const_ref after) override
+        {
+            self_.visitInvariantEntry(isDelete, before, after);
+        }
+
+        [[nodiscard]] bool
+        finalize(
+            STTx const& tx,
+            TER result,
+            XRPAmount fee,
+            ReadView const& view,
+            beast::Journal const& j) const override;
+    };
+
+    InvariantCheckAdapter invariantCheck_{*this};
 };

 inline bool
--- a/include/xrpl/tx/invariants/CheckInvariants.h
+++ b/include/xrpl/tx/invariants/CheckInvariants.h
@@ -0,0 +1,129 @@
+#pragma once
+
+#include <xrpl/beast/utility/Journal.h>
+#include <xrpl/ledger/ReadView.h>
+#include <xrpl/protocol/STLedgerEntry.h>
+#include <xrpl/protocol/STTx.h>
+#include <xrpl/protocol/TER.h>
+#include <xrpl/protocol/XRPAmount.h>
+#include <xrpl/tx/ApplyContext.h>
+
+namespace xrpl {
+
+/**
+ * @brief Runtime interface for a transaction-specific invariant check.
+ *
+ * The free @c checkInvariants runner drives two layers of checks over a single
+ * walk of the modified ledger entries:
+ *
+ *  - **Protocol checks** are the concrete types in @c InvariantChecks, held in
+ *    a @c std::tuple and dispatched statically by a compile-time fold (no
+ *    virtual calls).  They are duck-typed against the two-phase contract
+ *    described below; see @c InvariantChecker_PROTOTYPE in InvariantCheck.h.
+ *  - **The transaction-specific check** is injected at runtime through this
+ *    interface, so the runner can call it without depending on the concrete
+ *    transactor type.
+ *
+ * Both layers honour the same two-phase protocol:
+ *
+ * **Phase 1 — state collection** (`visitEntry`)
+ * Called once for each ledger entry created, modified, or deleted by the
+ * transaction.  Implementations accumulate whatever state they need to
+ * evaluate their post-conditions.  Must not throw.
+ *
+ * **Phase 2 — condition evaluation** (`finalize`)
+ * Called once after every modified entry has been visited.  Returns true if
+ * all post-conditions hold, false to fail the transaction.
+ *
+ * ## Rules for implementing `finalize`
+ *
+ * ### Invariants must run regardless of transaction result
+ *
+ * `finalize` MUST perform meaningful checks even when the transaction has
+ * failed (`!isTesSuccess(result)`).  A bug or exploit could cause a failed
+ * transaction to mutate ledger state in unexpected ways; invariants are the
+ * last line of defense.
+ *
+ * The typical pattern: an invariant that expects a domain-specific state
+ * change (e.g. a Vault being created) should expect that change only when
+ * the transaction succeeded.  A failed VaultCreate must not have created a
+ * Vault.
+ *
+ * ### Privilege-gated checks apply to failed transactions too
+ *
+ * Failed transactions carry no privileges.  Any privilege-gated assertion
+ * must therefore also be enforced for failed transactions.
+ */
+class InvariantCheck
+{
+public:
+    virtual ~InvariantCheck() = default;
+
+    /**
+     * @brief Called for each ledger entry modified by the transaction.
+     *
+     * @param isDelete true if the SLE is being deleted.
+     * @param before   the entry's state before the transaction (nullptr for
+     *                 newly created entries).
+     * @param after    the entry's state after the transaction.  For deletions
+     *                 this is the SLE being erased; use @p isDelete rather than
+     *                 `after == nullptr` to detect deletions.
+     */
+    virtual void
+    visitEntry(bool isDelete, SLE::const_ref before, SLE::const_ref after) = 0;
+
+    /**
+     * @brief Called after all entries have been visited.
+     *
+     * @param tx     the transaction being applied.
+     * @param result the tentative TER result of the transaction.
+     * @param fee    the fee consumed by the transaction.
+     * @param view   read-only view of the ledger after the transaction.
+     * @param j      journal for logging invariant failures.
+     * @return true if all invariants hold; false to fail with
+     *         tecINVARIANT_FAILED / tefINVARIANT_FAILED.
+     */
+    [[nodiscard]] virtual bool
+    finalize(
+        STTx const& tx,
+        TER result,
+        XRPAmount fee,
+        ReadView const& view,
+        beast::Journal const& j) const = 0;
+};
+
+/**
+ * @brief Run all protocol invariant checks plus the transaction-specific check
+ * in a single pass over the modified entries.
+ *
+ * Both layers share one walk of the modified-entry set: @p txCheck's
+ * `visitEntry` accumulates state on the same traversal that drives the
+ * protocol checkers, then both layers' `finalize` run on the complete state.
+ * Protocol faults (tefINVARIANT_FAILED) take precedence over transaction
+ * faults (tecINVARIANT_FAILED).
+ *
+ * Every transaction is guaranteed to supply a @p txCheck (either a real check
+ * or a no-op stub).  The invariant contract requires @c finalize to handle
+ * failed results gracefully, so passing the same @p txCheck after a fee-claim
+ * reset is safe.
+ *
+ * @param ctx     the apply context for the current transaction.
+ * @param result  the tentative TER from transaction processing.
+ * @param fee     the fee consumed by the transaction.
+ * @param txCheck the transaction-specific invariant check.
+ * @return the final TER after all invariant checks.
+ */
+[[nodiscard]] TER
+checkInvariants(
+    ApplyContext& ctx,
+    TER result,
+    XRPAmount fee,
+    std::optional<std::reference_wrapper<InvariantCheck>> txCheck);
+
+[[nodiscard]] inline TER
+checkInvariants(ApplyContext& ctx, TER result, XRPAmount fee)
+{
+    return checkInvariants(ctx, result, fee, std::nullopt);
+}
+
+}  // namespace xrpl
--- a/include/xrpl/tx/paths/detail/StepChecks.h
+++ b/include/xrpl/tx/paths/detail/StepChecks.h
@@ -27,7 +27,7 @@ checkFreeze(
        }
    }

-    if (auto sle = view.read(keylet::rippleState(src, dst, currency)))
+    if (auto sle = view.read(keylet::line(src, dst, currency)))
    {
        if (sle->isFlag((dst > src) ? lsfHighFreeze : lsfLowFreeze))
        {
@@ -71,8 +71,8 @@ checkNoRipple(
    beast::Journal j)
 {
    // fetch the ripple lines into and out of this node
-    auto sleIn = view.read(keylet::rippleState(prev, cur, currency));
-    auto sleOut = view.read(keylet::rippleState(cur, next, currency));
+    auto sleIn = view.read(keylet::line(prev, cur, currency));
+    auto sleOut = view.read(keylet::line(cur, next, currency));

    if (!sleIn || !sleOut)
        return terNO_LINE;
--- a/include/xrpl/tx/transactors/account/AccountDelete.h
+++ b/include/xrpl/tx/transactors/account/AccountDelete.h
@@ -37,7 +37,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/account/AccountSet.h
+++ b/include/xrpl/tx/transactors/account/AccountSet.h
@@ -41,7 +41,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/account/SetRegularKey.h
+++ b/include/xrpl/tx/transactors/account/SetRegularKey.h
@@ -31,7 +31,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/account/SignerListSet.h
+++ b/include/xrpl/tx/transactors/account/SignerListSet.h
@@ -50,7 +50,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;

    // Interface used by AccountDelete
    static TER
--- a/include/xrpl/tx/transactors/bridge/XChainBridge.h
+++ b/include/xrpl/tx/transactors/bridge/XChainBridge.h
@@ -36,7 +36,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 class BridgeModify : public Transactor
@@ -69,7 +69,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 using XChainModifyBridge = BridgeModify;
@@ -113,7 +113,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 //------------------------------------------------------------------------------
@@ -151,7 +151,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 //------------------------------------------------------------------------------
@@ -191,7 +191,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 //------------------------------------------------------------------------------
@@ -231,7 +231,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 class XChainAddAccountCreateAttestation : public Transactor
@@ -262,7 +262,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 //------------------------------------------------------------------------------
@@ -317,7 +317,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 using XChainAccountCreateCommit = XChainCreateAccountCommit;
--- a/include/xrpl/tx/transactors/check/CheckCancel.h
+++ b/include/xrpl/tx/transactors/check/CheckCancel.h
@@ -31,7 +31,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/check/CheckCash.h
+++ b/include/xrpl/tx/transactors/check/CheckCash.h
@@ -34,7 +34,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/check/CheckCreate.h
+++ b/include/xrpl/tx/transactors/check/CheckCreate.h
@@ -34,7 +34,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/credentials/CredentialAccept.h
+++ b/include/xrpl/tx/transactors/credentials/CredentialAccept.h
@@ -34,7 +34,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/credentials/CredentialCreate.h
+++ b/include/xrpl/tx/transactors/credentials/CredentialCreate.h
@@ -34,7 +34,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/credentials/CredentialDelete.h
+++ b/include/xrpl/tx/transactors/credentials/CredentialDelete.h
@@ -34,7 +34,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/delegate/DelegateSet.h
+++ b/include/xrpl/tx/transactors/delegate/DelegateSet.h
@@ -31,7 +31,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;

    // Interface used by AccountDelete
    static TER
--- a/include/xrpl/tx/transactors/dex/AMMBid.h
+++ b/include/xrpl/tx/transactors/dex/AMMBid.h
@@ -72,7 +72,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/dex/AMMClawback.h
+++ b/include/xrpl/tx/transactors/dex/AMMClawback.h
@@ -37,7 +37,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;

 private:
    TER
--- a/include/xrpl/tx/transactors/dex/AMMCreate.h
+++ b/include/xrpl/tx/transactors/dex/AMMCreate.h
@@ -68,7 +68,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/dex/AMMDelete.h
+++ b/include/xrpl/tx/transactors/dex/AMMDelete.h
@@ -40,7 +40,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/dex/AMMDeposit.h
+++ b/include/xrpl/tx/transactors/dex/AMMDeposit.h
@@ -72,7 +72,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;

 private:
    std::pair<TER, bool>
--- a/include/xrpl/tx/transactors/dex/AMMVote.h
+++ b/include/xrpl/tx/transactors/dex/AMMVote.h
@@ -57,7 +57,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/dex/AMMWithdraw.h
+++ b/include/xrpl/tx/transactors/dex/AMMWithdraw.h
@@ -80,7 +80,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;

    /** Equal-asset withdrawal (LPTokens) of some AMM instance pools
     * shares represented by the number of LPTokens .
--- a/include/xrpl/tx/transactors/dex/OfferCancel.h
+++ b/include/xrpl/tx/transactors/dex/OfferCancel.h
@@ -32,7 +32,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/dex/OfferCreate.h
+++ b/include/xrpl/tx/transactors/dex/OfferCreate.h
@@ -49,7 +49,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;

 private:
    std::pair<TER, bool>
--- a/include/xrpl/tx/transactors/did/DIDDelete.h
+++ b/include/xrpl/tx/transactors/did/DIDDelete.h
@@ -34,7 +34,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/did/DIDSet.h
+++ b/include/xrpl/tx/transactors/did/DIDSet.h
@@ -28,7 +28,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/escrow/EscrowCancel.h
+++ b/include/xrpl/tx/transactors/escrow/EscrowCancel.h
@@ -31,7 +31,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/escrow/EscrowCreate.h
+++ b/include/xrpl/tx/transactors/escrow/EscrowCreate.h
@@ -37,7 +37,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/escrow/EscrowFinish.h
+++ b/include/xrpl/tx/transactors/escrow/EscrowFinish.h
@@ -40,7 +40,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/lending/LoanBrokerCoverClawback.h
+++ b/include/xrpl/tx/transactors/lending/LoanBrokerCoverClawback.h
@@ -34,7 +34,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 //------------------------------------------------------------------------------
--- a/include/xrpl/tx/transactors/lending/LoanBrokerCoverDeposit.h
+++ b/include/xrpl/tx/transactors/lending/LoanBrokerCoverDeposit.h
@@ -34,7 +34,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 //------------------------------------------------------------------------------
--- a/include/xrpl/tx/transactors/lending/LoanBrokerCoverWithdraw.h
+++ b/include/xrpl/tx/transactors/lending/LoanBrokerCoverWithdraw.h
@@ -34,7 +34,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 //------------------------------------------------------------------------------
--- a/include/xrpl/tx/transactors/lending/LoanBrokerDelete.h
+++ b/include/xrpl/tx/transactors/lending/LoanBrokerDelete.h
@@ -34,7 +34,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 //------------------------------------------------------------------------------
--- a/include/xrpl/tx/transactors/lending/LoanBrokerSet.h
+++ b/include/xrpl/tx/transactors/lending/LoanBrokerSet.h
@@ -37,7 +37,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 //------------------------------------------------------------------------------
--- a/include/xrpl/tx/transactors/lending/LoanDelete.h
+++ b/include/xrpl/tx/transactors/lending/LoanDelete.h
@@ -34,7 +34,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 //------------------------------------------------------------------------------
--- a/include/xrpl/tx/transactors/lending/LoanManage.h
+++ b/include/xrpl/tx/transactors/lending/LoanManage.h
@@ -68,7 +68,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 //------------------------------------------------------------------------------
--- a/include/xrpl/tx/transactors/lending/LoanPay.h
+++ b/include/xrpl/tx/transactors/lending/LoanPay.h
@@ -40,7 +40,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 //------------------------------------------------------------------------------
--- a/include/xrpl/tx/transactors/lending/LoanSet.h
+++ b/include/xrpl/tx/transactors/lending/LoanSet.h
@@ -47,7 +47,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;

 public:
    static constexpr std::uint32_t kMinPaymentTotal = 1;
--- a/include/xrpl/tx/transactors/nft/NFTokenAcceptOffer.h
+++ b/include/xrpl/tx/transactors/nft/NFTokenAcceptOffer.h
@@ -44,7 +44,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/nft/NFTokenBurn.h
+++ b/include/xrpl/tx/transactors/nft/NFTokenBurn.h
@@ -31,7 +31,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/nft/NFTokenCancelOffer.h
+++ b/include/xrpl/tx/transactors/nft/NFTokenCancelOffer.h
@@ -31,7 +31,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/nft/NFTokenCreateOffer.h
+++ b/include/xrpl/tx/transactors/nft/NFTokenCreateOffer.h
@@ -34,7 +34,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/nft/NFTokenMint.h
+++ b/include/xrpl/tx/transactors/nft/NFTokenMint.h
@@ -39,7 +39,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;

    // Public to support unit tests.
    static uint256
--- a/include/xrpl/tx/transactors/nft/NFTokenModify.h
+++ b/include/xrpl/tx/transactors/nft/NFTokenModify.h
@@ -31,7 +31,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/oracle/OracleDelete.h
+++ b/include/xrpl/tx/transactors/oracle/OracleDelete.h
@@ -40,7 +40,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;

    static TER
    deleteOracle(ApplyView& view, SLE::ref sle, AccountID const& account, beast::Journal j);
--- a/include/xrpl/tx/transactors/oracle/OracleSet.h
+++ b/include/xrpl/tx/transactors/oracle/OracleSet.h
@@ -40,7 +40,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/payment/DepositPreauth.h
+++ b/include/xrpl/tx/transactors/payment/DepositPreauth.h
@@ -34,7 +34,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;

    // Interface used by AccountDelete
    static TER
--- a/include/xrpl/tx/transactors/payment/Payment.h
+++ b/include/xrpl/tx/transactors/payment/Payment.h
@@ -49,7 +49,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/include/xrpl/tx/transactors/payment_channel/PaymentChannelClaim.h
+++ b/include/xrpl/tx/transactors/payment_channel/PaymentChannelClaim.h
@@ -37,7 +37,7 @@ public:
        TER result,
        XRPAmount fee,
        ReadView const& view,
-        beast::Journal const& j) override;
+        beast::Journal const& j) const override;
 };

 }  // namespace xrpl
--- a/Show More
+++ b/Show More