refactor: Rename (mostly keylet) functions to more closely match the docs (#7059)

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

.clang-tidy

@@ -11,6 +11,7 @@ Checks: "-*,
   bugprone-copy-constructor-init,
   bugprone-crtp-constructor-accessibility,
   bugprone-dangling-handle,
+  bugprone-derived-method-shadowing-base-method,
   bugprone-dynamic-static-initializers,
   bugprone-empty-catch,
   bugprone-fold-init-type,
@@ -21,6 +22,7 @@ Checks: "-*,
   bugprone-incorrect-roundings,
   bugprone-infinite-loop,
   bugprone-integer-division,
+  bugprone-invalid-enum-default-initialization,
   bugprone-lambda-function-name,
   bugprone-macro-parentheses,
   bugprone-macro-repeated-side-effects,
@@ -137,6 +139,7 @@ Checks: "-*,
   readability-enum-initial-value,
   readability-identifier-naming,
   readability-implicit-bool-conversion,
+  readability-inconsistent-ifelse-braces,
   readability-make-member-function-const,
   readability-math-missing-parentheses,
   readability-misleading-indentation,
@@ -145,7 +148,9 @@ Checks: "-*,
   readability-redundant-declaration,
   readability-redundant-inline-specifier,
   readability-redundant-member-init,
+  readability-redundant-parentheses,
   readability-redundant-string-init,
+  readability-redundant-typename,
   readability-reference-to-constructed-temporary,
   readability-simplify-boolean-expr,
   readability-static-definition-in-anonymous-namespace,
@@ -153,7 +158,8 @@ Checks: "-*,
   readability-use-std-min-max
   "
 # ---
-# bugprone-narrowing-conversions,                      # this will break a lot of code but we should enable it in the future because it can eliminate a lot of bugs
+# bugprone-narrowing-conversions,                      # This will break a lot of code but we should enable it in the future because it can eliminate a lot of bugs
+# misc-override-with-different-visibility,             # Will be addressed in a future PR, but for now it generates too many warnings
 # readability-inconsistent-declaration-parameter-name, # In this codebase this check will break a lot of arg names
 # readability-static-accessed-through-instance,        # this check is probably unnecessary. It makes the code less readable
 # ---

.gersemi/definitions.cmake

@@ -96,3 +96,6 @@ function(verbose_find_path variable name)
         ${ARGN}
     )
 endfunction()
+
+function(patch_nix_binary target)
+endfunction()

.github/actions/setup-conan/action.yml

@@ -9,7 +9,7 @@ inputs:
   remote_url:
     description: "The URL of the Conan endpoint to use."
     required: false
-    default: https://conan.ripplex.io
+    default: https://conan.xrplf.org/repository/conan/
 
 runs:
   using: composite

.github/scripts/levelization/results/ordering.txt

@@ -83,7 +83,6 @@ test.conditions > xrpl.basics
 test.conditions > xrpl.conditions
 test.consensus > test.csf
 test.consensus > test.jtx
-test.consensus > test.toplevel
 test.consensus > test.unit_test
 test.consensus > xrpl.basics
 test.consensus > xrpld.app

.github/scripts/strategy-matrix/linux.json

@@ -1,5 +1,5 @@
 {
-  "image_tag": "sha-fe4c8ae",
+  "image_tag": "sha-e29b523",
   "configs": {
     "ubuntu": [
       {

.github/scripts/strategy-matrix/windows.json

@@ -1,6 +1,6 @@
 {
   "platform": "windows/amd64",
-  "runner": ["self-hosted", "Windows", "devbox"],
+  "runner": ["self-hosted", "Windows", "dev-box-windows-2026"],
   "configs": [
     { "build_type": "Release" },
     {

.github/workflows/build-nix-images.yml

@@ -54,9 +54,9 @@ jobs:
             base_image: debian:bookworm
           - name: rhel
             base_image: registry.access.redhat.com/ubi9/ubi:latest
-    uses: XRPLF/actions/.github/workflows/build-multiarch-image.yml@c1b480188519e0cad040e6aa70db1cbc5a797e07
+    uses: XRPLF/actions/.github/workflows/build-multiarch-image.yml@ee03d31bcc4501d7599dc1b1ecd7a34af582ad1c
     with:
-      image_name: ghcr.io/xrplf/xrpld/nix-${{ matrix.distro.name }}
+      image_name: xrpld/nix-${{ matrix.distro.name }}
       dockerfile: nix/docker/Dockerfile
       base_image: ${{ matrix.distro.base_image }}
-      push: ${{ github.repository == 'XRPLF/rippled' && github.event_name == 'push' }}
+      push: ${{ github.event_name == 'push' }}

.github/workflows/build-packaging-images.yml

@@ -38,9 +38,9 @@ jobs:
             base_image: debian:bookworm
           - name: rhel
             base_image: registry.access.redhat.com/ubi9/ubi:latest
-    uses: XRPLF/actions/.github/workflows/build-multiarch-image.yml@c1b480188519e0cad040e6aa70db1cbc5a797e07
+    uses: XRPLF/actions/.github/workflows/build-multiarch-image.yml@ee03d31bcc4501d7599dc1b1ecd7a34af582ad1c
     with:
-      image_name: ghcr.io/xrplf/xrpld/packaging-${{ matrix.distro.name }}
+      image_name: xrpld/packaging-${{ matrix.distro.name }}
       dockerfile: package/Dockerfile
       base_image: ${{ matrix.distro.base_image }}
-      push: ${{ github.repository == 'XRPLF/rippled' && github.event_name == 'push' }}
+      push: ${{ github.event_name == 'push' }}

.github/workflows/check-pr-description.yml

@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
 
       - name: Write PR body to file
         env:

.github/workflows/on-pr.yml

@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       - name: Determine changed files
         # This step checks whether any files have changed that should
         # cause the next jobs to run. We do it this way rather than
@@ -70,6 +70,7 @@ jobs:
             .github/workflows/reusable-upload-recipe.yml
             .clang-tidy
             .codecov.yml
+            bin/check-tools.sh
             cfg/**
             cmake/**
             conan/**
@@ -153,8 +154,8 @@ jobs:
     if: ${{ github.repository == 'XRPLF/rippled' && needs.should-run.outputs.go == 'true' && github.event_name == 'pull_request' && startsWith(github.event.pull_request.base.ref, 'release') }}
     uses: ./.github/workflows/reusable-upload-recipe.yml
     secrets:
-      remote_username: ${{ secrets.CONAN_REMOTE_USERNAME }}
-      remote_password: ${{ secrets.CONAN_REMOTE_PASSWORD }}
+      remote_username: ${{ secrets.NEXUS_REMOTE_USERNAME }}
+      remote_password: ${{ secrets.NEXUS_REMOTE_PASSWORD }}
 
   notify-clio:
     needs: upload-recipe

.github/workflows/on-tag.yml

@@ -20,8 +20,8 @@ jobs:
     if: ${{ github.repository == 'XRPLF/rippled' }}
     uses: ./.github/workflows/reusable-upload-recipe.yml
     secrets:
-      remote_username: ${{ secrets.CONAN_REMOTE_USERNAME }}
-      remote_password: ${{ secrets.CONAN_REMOTE_PASSWORD }}
+      remote_username: ${{ secrets.NEXUS_REMOTE_USERNAME }}
+      remote_password: ${{ secrets.NEXUS_REMOTE_PASSWORD }}
 
   build-test:
     if: ${{ github.repository == 'XRPLF/rippled' }}

.github/workflows/on-trigger.yml

@@ -27,6 +27,7 @@ on:
       - ".github/workflows/reusable-upload-recipe.yml"
       - ".clang-tidy"
       - ".codecov.yml"
+      - "bin/check-tools.sh"
       - "cfg/**"
       - "cmake/**"
       - "conan/**"
@@ -97,8 +98,8 @@ jobs:
     if: ${{ github.repository == 'XRPLF/rippled' && github.event_name == 'push' && github.ref == 'refs/heads/develop' }}
     uses: ./.github/workflows/reusable-upload-recipe.yml
     secrets:
-      remote_username: ${{ secrets.CONAN_REMOTE_USERNAME }}
-      remote_password: ${{ secrets.CONAN_REMOTE_PASSWORD }}
+      remote_username: ${{ secrets.NEXUS_REMOTE_USERNAME }}
+      remote_password: ${{ secrets.NEXUS_REMOTE_PASSWORD }}
 
   package:
     needs: build-test

.github/workflows/pre-commit.yml

@@ -14,7 +14,7 @@ on:
 jobs:
   # Call the workflow in the XRPLF/actions repo that runs the pre-commit hooks.
   run-hooks:
-    uses: XRPLF/actions/.github/workflows/pre-commit.yml@312aaab296060ff89d7f798dcab59f019bea6e02
+    uses: XRPLF/actions/.github/workflows/pre-commit.yml@e06d4138c9ec8dceeb7c818645faa38087ea9e3d
     with:
       runs_on: ubuntu-latest
       container: '{ "image": "ghcr.io/xrplf/ci/tools-rippled-pre-commit:sha-41ec7c1" }'

.github/workflows/publish-docs.yml

@@ -41,10 +41,10 @@ env:
 jobs:
   build:
     runs-on: ubuntu-latest
-    container: ghcr.io/xrplf/xrpld/nix-ubuntu:sha-fe4c8ae
+    container: ghcr.io/xrplf/xrpld/nix-ubuntu:sha-e29b523
     steps:
       - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
 
       - name: Prepare runner
         uses: XRPLF/actions/prepare-runner@c47daebb2f9db64ffbac71b47d68a661498d5ce8

.github/workflows/reusable-build-test-config.yml

@@ -82,7 +82,7 @@ jobs:
     name: ${{ inputs.config_name }}
     runs-on: ${{ fromJSON(inputs.runs_on) }}
     container: ${{ inputs.image != '' && inputs.image || null }}
-    timeout-minutes: ${{ inputs.sanitizers != '' && 360 || 90 }}
+    timeout-minutes: ${{ inputs.sanitizers != '' && 360 || 180 }}
     env:
       # Use a namespace to keep the objects separate for each configuration.
       CCACHE_NAMESPACE: ${{ inputs.config_name }}
@@ -110,7 +110,7 @@ jobs:
         uses: XRPLF/actions/cleanup-workspace@c7d9ce5ebb03c752a354889ecd870cadfc2b1cd4
 
       - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
 
       - name: Prepare runner
         uses: XRPLF/actions/prepare-runner@c47daebb2f9db64ffbac71b47d68a661498d5ce8
@@ -163,7 +163,7 @@ jobs:
           CMAKE_ARGS: ${{ inputs.cmake_args }}
         run: |
           cmake \
-              -G '${{ runner.os == 'Windows' && 'Visual Studio 17 2022' || 'Ninja' }}' \
+              -G '${{ runner.os == 'Windows' && 'Visual Studio 18 2026' || 'Ninja' }}' \
               -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake \
               -DCMAKE_BUILD_TYPE="${BUILD_TYPE}" \
               ${CMAKE_ARGS} \
@@ -229,21 +229,6 @@ jobs:
               --parallel "${BUILD_NPROC}" \
               --target "${CMAKE_TARGET}"
 
-      # This step is needed to allow running in non-Nix environments
-      - name: Patch binary to use default loader and remove rpath (Linux)
-        if: ${{ runner.os == 'Linux' && env.SANITIZERS_ENABLED == 'false' }}
-        run: |
-          loader="$(/tmp/loader-path.sh)"
-          patchelf --set-interpreter "${loader}" --remove-rpath "${{ env.BUILD_DIR }}/xrpld"
-
-      # We're only running aarch64 Linux builds in Ubuntu-based images, so this is kept simple
-      - name: Install libatomic (Linux aarch64)
-        if: ${{ runner.os == 'Linux' && runner.arch == 'ARM64' }}
-        run: |
-          apt update --yes
-          apt install -y --no-install-recommends \
-              libatomic1
-
       - name: Show ccache statistics
         if: ${{ inputs.ccache_enabled }}
         run: |

.github/workflows/reusable-check-levelization.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       - name: Check levelization
         run: python .github/scripts/levelization/generate.py
       - name: Check for differences

.github/workflows/reusable-check-rename.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       - name: Check definitions
         run: .github/scripts/rename/definitions.sh .
       - name: Check copyright notices

.github/workflows/reusable-clang-tidy.yml

@@ -32,20 +32,20 @@ jobs:
     if: ${{ inputs.check_only_changed }}
     permissions:
       contents: read
-    uses: XRPLF/actions/.github/workflows/determine-tidy-files.yml@312aaab296060ff89d7f798dcab59f019bea6e02
+    uses: XRPLF/actions/.github/workflows/determine-tidy-files.yml@c7045074aafe9fb92fa537aa4446f81fbfc17e8b
 
   run-clang-tidy:
     name: Run clang tidy
     needs: [determine-files]
     if: ${{ always() && !cancelled() && (!inputs.check_only_changed || needs.determine-files.outputs.cpp_changed_files != '' || needs.determine-files.outputs.clang_tidy_config_changed == 'true') }}
     runs-on: ["self-hosted", "Linux", "X64", "heavy"]
-    container: "ghcr.io/xrplf/xrpld/nix-debian:sha-fe4c8ae"
+    container: "ghcr.io/xrplf/xrpld/nix-debian:sha-e29b523"
     permissions:
       contents: read
       issues: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
 
       - name: Prepare runner
         uses: XRPLF/actions/prepare-runner@c47daebb2f9db64ffbac71b47d68a661498d5ce8

.github/workflows/reusable-package.yml

@@ -27,7 +27,7 @@ jobs:
       matrix: ${{ steps.generate.outputs.matrix }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
 
       - name: Set up Python
         uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
@@ -39,23 +39,8 @@ jobs:
         working-directory: .github/scripts/strategy-matrix
         run: ./generate.py --packaging >>"${GITHUB_OUTPUT}"
 
-  generate-version:
-    runs-on: ubuntu-latest
-    outputs:
-      version: ${{ steps.version.outputs.version }}
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          sparse-checkout: |
-            .github/actions/generate-version
-            src/libxrpl/protocol/BuildInfo.cpp
-      - name: Generate version
-        id: version
-        uses: ./.github/actions/generate-version
-
   package:
-    needs: [generate-matrix, generate-version]
+    needs: [generate-matrix]
     if: ${{ github.event.repository.visibility == 'public' }}
     strategy:
       fail-fast: false
@@ -69,7 +54,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
 
       - name: Download pre-built binary
         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
@@ -82,14 +67,13 @@ jobs:
 
       - name: Build package
         env:
-          PKG_VERSION: ${{ needs.generate-version.outputs.version }}
           PKG_RELEASE: ${{ inputs.pkg_release }}
         run: ./package/build_pkg.sh
 
       - name: Upload package artifact
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
-          name: ${{ matrix.artifact_name }}-pkg-${{ needs.generate-version.outputs.version }}
+          name: ${{ matrix.artifact_name }}-pkg
           path: |
             ${{ env.BUILD_DIR }}/debbuild/*.deb
             ${{ env.BUILD_DIR }}/debbuild/*.ddeb

.github/workflows/reusable-strategy-matrix.yml

@@ -23,7 +23,7 @@ jobs:
       matrix: ${{ steps.generate.outputs.matrix }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
 
       - name: Set up Python
         uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0

.github/workflows/reusable-upload-recipe.yml

@@ -14,7 +14,7 @@ on:
         description: "The URL of the Conan endpoint to use."
         required: false
         type: string
-        default: https://conan.ripplex.io
+        default: https://conan.xrplf.org/repository/conan/
 
     secrets:
       remote_username:
@@ -40,10 +40,14 @@ defaults:
 jobs:
   upload:
     runs-on: ubuntu-latest
-    container: ghcr.io/xrplf/xrpld/nix-ubuntu:sha-fe4c8ae
+    container: ghcr.io/xrplf/xrpld/nix-ubuntu:sha-e29b523
+    env:
+      REMOTE_NAME: ${{ inputs.remote_name }}
+      CONAN_LOGIN_USERNAME_XRPLF: ${{ secrets.remote_username }}
+      CONAN_PASSWORD_XRPLF: ${{ secrets.remote_password }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
 
       - name: Generate build version number
         id: version
@@ -56,15 +60,9 @@ jobs:
           remote_url: ${{ inputs.remote_url }}
 
       - name: Log into Conan remote
-        env:
-          REMOTE_NAME: ${{ inputs.remote_name }}
-          REMOTE_USERNAME: ${{ secrets.remote_username }}
-          REMOTE_PASSWORD: ${{ secrets.remote_password }}
-        run: conan remote login "${REMOTE_NAME}" "${REMOTE_USERNAME}" --password "${REMOTE_PASSWORD}"
+        run: conan remote login "${REMOTE_NAME}" "${CONAN_LOGIN_USERNAME_XRPLF}" --password "${CONAN_PASSWORD_XRPLF}"
 
       - name: Upload Conan recipe (version)
-        env:
-          REMOTE_NAME: ${{ inputs.remote_name }}
         run: |
           conan export . --version=${{ steps.version.outputs.version }}
           conan upload --confirm --check --remote="${REMOTE_NAME}" xrpl/${{ steps.version.outputs.version }}
@@ -73,8 +71,6 @@ jobs:
       # 'develop' branch, see on-trigger.yml.
       - name: Upload Conan recipe (develop)
         if: ${{ github.event_name == 'push' }}
-        env:
-          REMOTE_NAME: ${{ inputs.remote_name }}
         run: |
           conan export . --version=develop
           conan upload --confirm --check --remote="${REMOTE_NAME}" xrpl/develop
@@ -83,8 +79,6 @@ jobs:
       # one of the 'release' branches, see on-pr.yml.
       - name: Upload Conan recipe (rc)
         if: ${{ github.event_name == 'pull_request' }}
-        env:
-          REMOTE_NAME: ${{ inputs.remote_name }}
         run: |
           conan export . --version=rc
           conan upload --confirm --check --remote="${REMOTE_NAME}" xrpl/rc
@@ -93,8 +87,6 @@ jobs:
       # release, see on-tag.yml.
       - name: Upload Conan recipe (release)
         if: ${{ startsWith(github.ref, 'refs/tags/') }}
-        env:
-          REMOTE_NAME: ${{ inputs.remote_name }}
         run: |
           conan export . --version=release
           conan upload --confirm --check --remote="${REMOTE_NAME}" xrpl/release

.github/workflows/upload-conan-deps.yml

@@ -34,7 +34,7 @@ on:
 
 env:
   CONAN_REMOTE_NAME: xrplf
-  CONAN_REMOTE_URL: https://conan.ripplex.io
+  CONAN_REMOTE_URL: https://conan.xrplf.org/repository/conan/
   NPROC_SUBTRACT: 2
 
 concurrency:
@@ -65,7 +65,7 @@ jobs:
         uses: XRPLF/actions/cleanup-workspace@c7d9ce5ebb03c752a354889ecd870cadfc2b1cd4
 
       - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
 
       - name: Prepare runner
         uses: XRPLF/actions/prepare-runner@c47daebb2f9db64ffbac71b47d68a661498d5ce8
@@ -108,10 +108,12 @@ jobs:
 
       - name: Log into Conan remote
         if: ${{ github.repository == 'XRPLF/rippled' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}
-        run: conan remote login "${CONAN_REMOTE_NAME}" "${{ secrets.CONAN_REMOTE_USERNAME }}" --password "${{ secrets.CONAN_REMOTE_PASSWORD }}"
+        run: conan remote login "${CONAN_REMOTE_NAME}" "${{ secrets.NEXUS_REMOTE_USERNAME }}" --password "${{ secrets.NEXUS_REMOTE_PASSWORD }}"
 
       - name: Upload Conan packages
         if: ${{ github.repository == 'XRPLF/rippled' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}
         env:
           FORCE_OPTION: ${{ github.event.inputs.force_upload == 'true' && '--force' || '' }}
+          CONAN_LOGIN_USERNAME_XRPLF: ${{ secrets.NEXUS_REMOTE_USERNAME }}
+          CONAN_PASSWORD_XRPLF: ${{ secrets.NEXUS_REMOTE_PASSWORD }}
         run: conan upload "*" --remote="${CONAN_REMOTE_NAME}" --confirm ${FORCE_OPTION}

.pre-commit-config.yaml

@@ -15,6 +15,7 @@ repos:
     hooks:
       - id: check-added-large-files
         args: [--maxkb=400, --enforce-all]
+      - id: check-executables-have-shebangs
       - id: trailing-whitespace
       - id: end-of-file-fixer
       - id: check-merge-conflict
@@ -35,13 +36,18 @@ repos:
         language: python
         types_or: [c++, c]
         exclude: ^include/xrpl/protocol_autogen/(transactions|ledger_entries)/
+      - id: fix-pragma-once
+        name: fix missing '#pragma once' declarations in header files
+        language: python
+        entry: ./bin/pre-commit/fix_pragma_once.py
+        files: \.(h|hpp)$
 
   - repo: https://github.com/pre-commit/mirrors-clang-format
     rev: dd18dad857d6133e90bbe478f4f2f22ec0030269 # frozen: v22.1.5
     hooks:
       - id: clang-format
         args: [--style=file]
-        "types_or": [c++, c, proto]
+        types_or: [c++, c, proto]
         exclude: ^include/xrpl/protocol_autogen/(transactions|ledger_entries)/
 
   - repo: https://github.com/BlankSpruce/gersemi-pre-commit

BUILD.md

@@ -101,7 +101,7 @@ More information on customizing Conan can be found in the [Advanced Conan config
 Run the following command to add the `xrplf` remote, which hosts some of our dependencies:
 
 ```bash
-conan remote add --index 0 --force xrplf https://conan.ripplex.io
+conan remote add --index 0 --force xrplf https://conan.xrplf.org/repository/conan/
 ```
 
 ### Set Up Ccache

CMakeLists.txt

@@ -57,6 +57,8 @@ if(target)
     )
 endif()
 
+include(PatchNixBinary)
+
 include(XrplSanity)
 include(XrplVersion)
 include(XrplSettings)

bin/check-tools.sh

@@ -90,16 +90,19 @@ if [ "${os}" = "linux" ] || [ "${os}" = "macos" ]; then
     check perl
     check pkg-config
     check vim
+    check zip
 
     # These tools are present in our Linux CI images and in local development
     # setups, but not in the macOS CI environment. So check them everywhere
     # except when running in CI on macOS.
     if [ "${os}" = "linux" ] || [ -z "${CI:-}" ]; then
         check clang-format
+        check dot
         check doxygen
         check gcovr
         check gh
         check git-cliff
+        check git-lfs
         check gpg
         # pre-commit, or its alternative implementation prek
         check pre-commit sh -c 'pre-commit --version || prek --version'

bin/pre-commit/fix_pragma_once.py

@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+
+"""
+Adds "#pragma once" to the top of header files that don't already have it.
+
+Usage: ./bin/pre-commit/fix_pragma_once.py <file1> <file2> ...
+"""
+
+import sys
+from pathlib import Path
+
+PRAGMA_ONCE = "#pragma once\n\n"
+
+
+def fix_pragma_once(path: Path) -> bool:
+    original = path.read_text(encoding="utf-8")
+    if PRAGMA_ONCE not in original:
+        path.write_text(PRAGMA_ONCE + original, encoding="utf-8")
+        return False
+    return True
+
+
+def main() -> int:
+    files = [Path(f) for f in sys.argv[1:]]
+    success = True
+
+    for path in files:
+        success &= fix_pragma_once(path)
+
+    return 0 if success else 1
+
+
+if __name__ == "__main__":
+    sys.exit(main())

cmake/CompilationEnv.cmake

@@ -56,3 +56,16 @@ elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "aarch64|arm64|ARM64")
 else()
     message(FATAL_ERROR "Unknown architecture: ${CMAKE_SYSTEM_PROCESSOR}")
 endif()
+
+# --------------------------------------------------------------------
+# Sanitizers
+# --------------------------------------------------------------------
+# SANITIZERS is injected by the Conan toolchain when a sanitizer build is
+# requested (see conan/profiles/sanitizers). The flags are applied to the
+# 'common' target in XrplSanitizers; this flag lets other modules know a
+# sanitizer build is active without depending on that module.
+if(DEFINED SANITIZERS)
+    set(SANITIZERS_ENABLED TRUE)
+else()
+    set(SANITIZERS_ENABLED FALSE)
+endif()

cmake/PatchNixBinary.cmake

@@ -0,0 +1,53 @@
+#[===================================================================[
+   Patch executables to run in non-Nix environments.
+
+   The Nix-based CI image links binaries against an ELF interpreter (loader)
+   that lives in the Nix store, so the resulting binaries don't run elsewhere
+   (including once installed from the .deb package). `patch_nix_binary` adds a
+   POST_BUILD step that resets the interpreter to the system default loader and
+   drops the rpath.
+
+   This is only active inside the Nix-based image, detected by the presence of
+   /tmp/loader-path.sh (shipped by that image, resolves the default loader). It
+   is skipped for sanitizer builds, whose runtime libraries are resolved through
+   the rpath. Everywhere else `patch_nix_binary` is a no-op.
+#]===================================================================]
+
+include_guard(GLOBAL)
+
+include(CompilationEnv)
+
+# Provided by the Nix-based CI image; prints the system default ELF loader path.
+set(_loader_path_script "/tmp/loader-path.sh")
+
+if(is_linux AND NOT SANITIZERS_ENABLED AND EXISTS "${_loader_path_script}")
+    execute_process(
+        COMMAND "${_loader_path_script}"
+        OUTPUT_VARIABLE DEFAULT_LOADER_PATH
+        OUTPUT_STRIP_TRAILING_WHITESPACE
+        COMMAND_ERROR_IS_FATAL ANY
+    )
+    find_program(PATCHELF_COMMAND patchelf REQUIRED)
+    set(PATCH_NIX_BINARIES TRUE)
+    message(
+        STATUS
+        "Binaries will be patched to use loader '${DEFAULT_LOADER_PATH}'"
+    )
+else()
+    set(PATCH_NIX_BINARIES FALSE)
+endif()
+
+function(patch_nix_binary target)
+    if(NOT PATCH_NIX_BINARIES)
+        return()
+    endif()
+    add_custom_command(
+        TARGET ${target}
+        POST_BUILD
+        COMMAND
+            "${PATCHELF_COMMAND}" --set-interpreter "${DEFAULT_LOADER_PATH}"
+            --remove-rpath "$<TARGET_FILE:${target}>"
+        COMMENT "Patching ${target}: set default loader, remove rpath"
+        VERBATIM
+    )
+endfunction()

cmake/XrplCompiler.cmake

@@ -154,6 +154,15 @@ else()
             >
     )
 
+    # On aarch64, libatomic is required for atomic operations. It is not needed on x86_64.
+    # Linking it statically on Linux
+    if(is_arm64 AND is_linux)
+        target_link_options(
+            common
+            INTERFACE -Wl,--push-state -Wl,-Bstatic -latomic -Wl,--pop-state
+        )
+    endif()
+
     # Keep -stdlib=libstdc++ off the compile commands, but preserve it for linking.
     #
     # Conan turns `compiler.libcxx=libstdc++` into `-stdlib=libstdc++` and puts it in

cmake/XrplCore.cmake

@@ -247,6 +247,7 @@ target_link_modules(
 
 if(xrpld)
     add_executable(xrpld)
+    patch_nix_binary(xrpld)
     if(tests)
         target_compile_definitions(xrpld PUBLIC ENABLE_TESTS)
         target_compile_definitions(

cmake/XrplPackaging.cmake

@@ -28,7 +28,6 @@ endif()
 set(package_env
     SRC_DIR=${CMAKE_SOURCE_DIR}
     BUILD_DIR=${CMAKE_BINARY_DIR}
-    PKG_VERSION=${xrpld_version}
     PKG_RELEASE=${pkg_release}
 )
 

cmake/XrplSanitizers.cmake

@@ -14,11 +14,9 @@
 include_guard(GLOBAL)
 include(CompilationEnv)
 
-if(NOT DEFINED SANITIZERS)
-    set(SANITIZERS_ENABLED FALSE)
+if(NOT SANITIZERS_ENABLED)
     return()
 endif()
-set(SANITIZERS_ENABLED TRUE)
 
 message(STATUS "=== Configuring Sanitizers ===")
 message(STATUS "  SANITIZERS: ${SANITIZERS}")

conan.lock

@@ -1,43 +1,43 @@
 {
     "version": "0.5",
     "requires": [
-        "zlib/1.3.2#1cb806da49011867778ffb6ac7190fcb%1777558780.503",
-        "xxhash/0.8.3#681d36a0a6111fc56e5e45ea182c19cc%1765850149.987",
-        "sqlite3/3.53.0#324ada52333108388a9a6108bfa96734%1776096494.149",
-        "soci/4.0.3#fe32b9ad5eb47e79ab9e45a68f363945%1774450067.231",
-        "snappy/1.1.10#968fef506ff261592ec30c574d4a7809%1765850147.878",
-        "secp256k1/0.7.1#481881709eb0bdd0185a12b912bbe8ad%1770910500.329",
-        "rocksdb/10.5.1#4a197eca381a3e5ae8adf8cffa5aacd0%1765850186.86",
-        "re2/20251105#8579cfd0bda4daf0683f9e3898f964b4%1774398111.888",
-        "protobuf/6.33.5#d96d52ba5baaaa532f47bda866ad87a5%1774467363.12",
-        "openssl/3.6.2#4789bbf131b77d0515d15e094c8f697f%1778071755.506",
-        "nudb/2.0.9#11149c73f8f2baff9a0198fe25971fc7%1775040983.408",
-        "lz4/1.10.0#59fc63cac7f10fbe8e05c7e62c2f3504%1765850143.914",
-        "libiconv/1.17#1e65319e945f2d31941a9d28cc13c058%1765842973.492",
-        "libbacktrace/cci.20210118#a7691bfccd8caaf66309df196790a5a1%1765842973.03",
-        "libarchive/3.8.7#c446109bd1f1d8ba7936c94189bc50e6%1776147552.838",
+        "zlib/1.3.2#1cb806da49011867778ffb6ac7190fcb%1782392402.122708",
+        "xxhash/0.8.3#681d36a0a6111fc56e5e45ea182c19cc%1782392402.420688",
+        "sqlite3/3.53.0#324ada52333108388a9a6108bfa96734%1782392403.185447",
+        "soci/4.0.3#e726491a03468795453f7c83fc924a96%1782392402.679521",
+        "snappy/1.1.10#968fef506ff261592ec30c574d4a7809%1782307151.633168",
+        "secp256k1/0.7.1#b1f450b7f78a36fff75bb6934a356f3a%1782338841.3729",
+        "rocksdb/10.5.1#4a197eca381a3e5ae8adf8cffa5aacd0%1782392413.075713",
+        "re2/20251105#8579cfd0bda4daf0683f9e3898f964b4%1782392402.431897",
+        "protobuf/6.33.5#ff253ead763bd8d9904a52979cd21e81%1782392410.233933",
+        "openssl/3.6.3#1163d4ddc603907084d08a6a0c6e580f%1782307150.583886",
+        "nudb/2.0.9#11149c73f8f2baff9a0198fe25971fc7%1782392402.297166",
+        "lz4/1.10.0#982d9b673900f665a1da109e09c17cab%1782392402.164188",
+        "libiconv/1.17#9923bc6dc6f106646d6967e0039a5ada%1782392792.775744",
+        "libbacktrace/cci.20210118#a7691bfccd8caaf66309df196790a5a1%1782392402.420732",
+        "libarchive/3.8.7#c446109bd1f1d8ba7936c94189bc50e6%1782392403.066892",
         "jemalloc/5.3.1#1fc58d55316041f10fbc1e8a2eae632a%1776700028.228",
-        "gtest/1.17.0#5224b3b3ff3b4ce1133cbdd27d53ee7d%1768312129.152",
-        "grpc/1.78.1#b1a9e74b145cc471bed4dc64dc6eb2c1%1774467387.342",
-        "ed25519/2015.03#ae761bdc52730a843f0809bdf6c1b1f6%1765850143.772",
-        "date/3.0.4#862e11e80030356b53c2c38599ceb32b%1765850143.772",
-        "c-ares/1.34.6#545240bb1c40e2cacd4362d6b8967650%1774439234.681",
-        "bzip2/1.0.8#c470882369c2d95c5c77e970c0c7e321%1765850143.837",
-        "boost/1.91.0#ea540ca2133d831b560036aa24dece3c%1778050991.9",
-        "abseil/20250127.0#bb0baf1f362bc4a725a24eddd419b8f7%1774365460.196"
+        "gtest/1.17.0#5224b3b3ff3b4ce1133cbdd27d53ee7d%1782392402.791979",
+        "grpc/1.81.1#5217e6ef0544c42b46f4af35d5e7f649%1782307148.845616",
+        "ed25519/2015.03#ae761bdc52730a843f0809bdf6c1b1f6%1782307148.15562",
+        "date/3.0.4#862e11e80030356b53c2c38599ceb32b%1782392402.538492",
+        "c-ares/1.34.6#545240bb1c40e2cacd4362d6b8967650%1782392402.681654",
+        "bzip2/1.0.8#c470882369c2d95c5c77e970c0c7e321%1782392402.296732",
+        "boost/1.91.0#ea540ca2133d831b560036aa24dece3c%1782392419.475605",
+        "abseil/20250127.0#bb0baf1f362bc4a725a24eddd419b8f7%1782307147.395833"
     ],
     "build_requires": [
-        "zlib/1.3.2#1cb806da49011867778ffb6ac7190fcb%1777558780.503",
-        "strawberryperl/5.32.1.1#8d114504d172cfea8ea1662d09b6333e%1774447376.964",
-        "protobuf/6.33.5#d96d52ba5baaaa532f47bda866ad87a5%1774467363.12",
-        "nasm/2.16.01#31e26f2ee3c4346ecd347911bd126904%1765850144.707",
+        "zlib/1.3.2#1cb806da49011867778ffb6ac7190fcb%1782392402.122708",
+        "strawberryperl/5.32.1.1#8d114504d172cfea8ea1662d09b6333e%1782395692.540639",
+        "protobuf/6.33.5#ff253ead763bd8d9904a52979cd21e81%1782392410.233933",
+        "nasm/2.16.01#31e26f2ee3c4346ecd347911bd126904%1782395690.33162",
         "msys2/cci.latest#d22fe7b2808f5fd34d0a7923ace9c54f%1770657326.649",
-        "m4/1.4.19#4523e4347b55cd26ae918bd5770cab9a%1778062762.471",
-        "cmake/4.3.0#b939a42e98f593fb34d3a8c5cc860359%1774439249.183",
-        "b2/5.4.2#ffd6084a119587e70f11cd45d1a386e2%1774439233.447",
+        "m4/1.4.19#34c4bbc3eeebe98ca6edf2f52d602e7d%1777282960.259",
+        "cmake/4.3.3#840cf00ea09777e05c2050a50a82c722%1782392418.696091",
+        "b2/5.4.2#ffd6084a119587e70f11cd45d1a386e2%1782392402.624226",
         "automake/1.16.5#b91b7c384c3deaa9d535be02da14d04f%1755524470.56",
         "autoconf/2.71#51077f068e61700d65bb05541ea1e4b0%1731054366.86",
-        "abseil/20250127.0#bb0baf1f362bc4a725a24eddd419b8f7%1774365460.196"
+        "abseil/20250127.0#bb0baf1f362bc4a725a24eddd419b8f7%1782307147.395833"
     ],
     "python_requires": [],
     "overrides": {
@@ -57,7 +57,7 @@
             "boost/1.91.0"
         ],
         "lz4/[>=1.9.4 <2]": [
-            "lz4/1.10.0#59fc63cac7f10fbe8e05c7e62c2f3504"
+            "lz4/1.10.0#982d9b673900f665a1da109e09c17cab"
         ]
     },
     "config_requires": []

conan/lockfile/regenerate.sh

@@ -14,7 +14,7 @@ export CONAN_HOME="$TEMP_DIR"
 # Ensure that the xrplf remote is the first to be consulted, so any recipes we
 # patched are used. We also add it there to not created huge diff when the
 # official Conan Center Index is updated.
-conan remote add --force --index 0 xrplf https://conan.ripplex.io
+conan remote add --force --index 0 xrplf https://conan.xrplf.org/repository/conan/
 
 # Delete any existing lockfile.
 rm -f conan.lock

conanfile.py

@@ -28,10 +28,10 @@ class Xrpl(ConanFile):
 
     requires = [
         "ed25519/2015.03",
-        "grpc/1.78.1",
+        "grpc/1.81.1",
         "libarchive/3.8.7",
         "nudb/2.0.9",
-        "openssl/3.6.2",
+        "openssl/3.6.3",
         "secp256k1/0.7.1",
         "soci/4.0.3",
         "zlib/1.3.2",

cspell.config.yaml

@@ -301,6 +301,7 @@ words:
   - txs
   - ubsan
   - UBSAN
+  - ufdio
   - umant
   - unacquired
   - unambiguity

docs/build/advanced_conan.md

@@ -34,7 +34,7 @@ higher index than the default Conan Center remote, so it is consulted first. You
 can do this by running:
 
 ```bash
-conan remote add --index 0 --force xrplf https://conan.ripplex.io
+conan remote add --index 0 --force xrplf https://conan.xrplf.org/repository/conan/
 ```
 
 Alternatively, you can pull our recipes from the repository and export them locally:

include/xrpl/basics/DecayingSample.h

@@ -12,8 +12,8 @@ template <int Window, typename Clock>
 class DecayingSample
 {
 public:
-    using value_type = typename Clock::duration::rep;
-    using time_point = typename Clock::time_point;
+    using value_type = Clock::duration::rep;
+    using time_point = Clock::time_point;
 
     DecayingSample() = delete;
 
@@ -93,7 +93,7 @@ template <int HalfLife, class Clock>
 class DecayWindow
 {
 public:
-    using time_point = typename Clock::time_point;
+    using time_point = Clock::time_point;
 
     explicit DecayWindow(time_point now) : when_(now)
     {

include/xrpl/basics/Log.h

@@ -206,8 +206,7 @@ private:
 #ifndef JLOG
 #define JLOG(x) \
     if (!(x))   \
-    {           \
-    }           \
+        ;       \
     else        \
         x
 #endif

include/xrpl/basics/TaggedCache.h

@@ -9,6 +9,7 @@
 #include <xrpl/beast/insight/Insight.h>
 
 #include <atomic>
+#include <cstddef>
 #include <functional>
 #include <mutex>
 #include <thread>
@@ -17,6 +18,22 @@
 
 namespace xrpl {
 
+namespace detail {
+
+// Replace-policy tags selecting how TaggedCache::canonicalizeImpl resolves a
+// collision when the key already exists (defined in TaggedCache.ipp):
+//   - ReplaceCached: always replace the cached value with `data`. `data` is
+//     never written back and may be const.
+//   - ReplaceClient: keep the cached value and write it back into `data` (the
+//     client's pointer), which must therefore be writable.
+//   - ReplaceDynamically: call the supplied callback to decide per call; `data`
+//     is written back when the cached value is kept, so it must be writable.
+struct ReplaceCached;
+struct ReplaceClient;
+struct ReplaceDynamically;
+
+}  // namespace detail
+
 /** Map/cache combination.
     This class implements a cache and a map. The cache keeps objects alive
     in the map. The map allows multiple code paths that reference objects
@@ -96,6 +113,32 @@ public:
     bool
     del(key_type const& key, bool valid);
 
+private:
+    // Selects the `data` parameter type of canonicalizeImpl from the replace
+    // policy: const for detail::ReplaceCached (never written back), otherwise
+    // writable.
+    template <typename Policy>
+    using CanonicalizeClientPointerType = std::conditional_t<
+        std::is_same_v<detail::ReplaceCached, Policy>,
+        SharedPointerType const&,
+        SharedPointerType&>;
+
+    /** Shared implementation of the canonicalize family.
+
+        `policy` selects how a collision is resolved when `key` already exists:
+        detail::ReplaceCached, detail::ReplaceClient or
+        detail::ReplaceDynamically. For ReplaceDynamically `replaceCallback` is
+        invoked with the existing strong pointer and returns whether to replace
+        the cached value with `data`; for the tag policies it is unused.
+    */
+    template <class Policy, class Callback = std::nullptr_t>
+    bool
+    canonicalizeImpl(
+        key_type const& key,
+        CanonicalizeClientPointerType<Policy> data,
+        Policy policy,
+        Callback&& replaceCallback = nullptr);
+
 public:
     /** Replace aliased objects with originals.
 
@@ -104,19 +147,52 @@ public:
         This routine eliminates the duplicate and performs a replacement
         on the callers shared pointer if needed.
 
+        `replaceCallback` is a callable taking the existing strong pointer and
+        returning whether to replace the cached value with `data` (true) or to
+        keep the cached value and write it back into `data` (false). Because the
+        write-back case mutates `data`, `data` must be writable.
+
         @param key The key corresponding to the object
         @param data A shared pointer to the data corresponding to the object.
-        @param replace Function that decides if cache should be replaced
+        @param replaceCallback A callable (existing strong pointer -> bool).
 
-        @return `true` If the key already existed.
-    */
-    template <class R>
+        @return `true` if an existing live entry was found and used; `false` if a new entry was
+                inserted or an expired tracked entry was re-cached.
+    **/
+    template <class Callback>
     bool
-    canonicalize(key_type const& key, SharedPointerType& data, R&& replaceCallback);
+    canonicalize(key_type const& key, SharedPointerType& data, Callback&& replaceCallback);
 
+    /** Insert/update the canonical entry for `key`, always replacing the
+        cached value with `data`.
+
+        If an entry already exists for `key`, the cached value is unconditionally
+        replaced with `data`; otherwise `data` is inserted. `data` is never
+        written back, so it may be const.
+
+        @param key The key corresponding to the object.
+        @param data A shared pointer to the data corresponding to the object.
+
+        @return `true` if an existing live entry was found and used; `false` if a new entry was
+                inserted or an expired tracked entry was re-cached.
+    **/
     bool
     canonicalizeReplaceCache(key_type const& key, SharedPointerType const& data);
 
+    /** Insert the canonical entry for `key`, keeping any existing cached value.
+
+        If an entry already exists for `key`, the cached value is kept and
+        written back into `data` so the caller ends up with the canonical
+        object; otherwise `data` is inserted. Because `data` may be overwritten
+        it must be writable.
+
+        @param key The key corresponding to the object.
+        @param data A shared pointer to the data corresponding to the object;
+                    updated to the canonical value when one already exists.
+
+        @return `true` if an existing live entry was found and used; `false` if a new entry was
+                inserted or an expired tracked entry was re-cached.
+    **/
     bool
     canonicalizeReplaceClient(key_type const& key, SharedPointerType& data);
 
@@ -262,7 +338,7 @@ private:
     sweepHelper(
         clock_type::time_point const& whenExpire,
         [[maybe_unused]] clock_type::time_point const& now,
-        typename KeyValueCacheType::map_type& partition,
+        KeyValueCacheType::map_type& partition,
         SweptPointersVector& stuffToSweep,
         std::atomic<int>& allRemovals,
         std::scoped_lock<std::recursive_mutex> const&);
@@ -271,7 +347,7 @@ private:
     sweepHelper(
         clock_type::time_point const& whenExpire,
         clock_type::time_point const& now,
-        typename KeyOnlyCacheType::map_type& partition,
+        KeyOnlyCacheType::map_type& partition,
         SweptPointersVector&,
         std::atomic<int>& allRemovals,
         std::scoped_lock<std::recursive_mutex> const&);

include/xrpl/basics/TaggedCache.ipp

@@ -5,6 +5,30 @@
 
 namespace xrpl {
 
+namespace detail {
+
+// Replace-policy tags selecting how TaggedCache::canonicalizeImpl resolves a
+// collision when the key already exists:
+//   - ReplaceCached: always replace the cached value with `data`. `data` is
+//     never written back and may be const.
+//   - ReplaceClient: keep the cached value and write it back into `data` (the
+//     client's pointer), which must therefore be writable.
+//   - ReplaceDynamically: call the supplied callback to decide per call; `data`
+//     is written back when the cached value is kept, so it must be writable.
+struct ReplaceCached
+{
+};
+
+struct ReplaceClient
+{
+};
+
+struct ReplaceDynamically
+{
+};
+
+}  // namespace detail
+
 template <
     class Key,
     class T,
@@ -300,13 +324,29 @@ template <
     class Hash,
     class KeyEqual,
     class Mutex>
-template <class R>
+template <class Policy, class Callback>
 inline bool
 TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash, KeyEqual, Mutex>::
-    canonicalize(key_type const& key, SharedPointerType& data, R&& replaceCallback)
+    canonicalizeImpl(
+        key_type const& key,
+        CanonicalizeClientPointerType<Policy> data,
+        [[maybe_unused]] Policy policy,
+        [[maybe_unused]] Callback&& replaceCallback)
 {
     // Return canonical value, store if needed, refresh in cache
     // Return values: true=we had the data already
+
+    // `Policy` is one of:
+    //   - detail::ReplaceCached: always replace the cached value with `data`;
+    //     `data` is never written back and may be const.
+    //   - detail::ReplaceClient: keep the cached value and write it back into
+    //     `data` (the client's pointer), which must therefore be writable.
+    //   - detail::ReplaceDynamically: call `replaceCallback` to decide at run
+    //     time; `data` must be writable.
+    // For the latter two the write-back below requires a mutable `data`, so
+    // passing a const argument is a compile error.
+    constexpr bool replaceCached = std::is_same_v<Policy, detail::ReplaceCached>;
+
     std::scoped_lock const lock(mutex_);
 
     auto cit = cache_.find(key);
@@ -324,13 +364,14 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
     Entry& entry = cit->second;
     entry.touch(clock_.now());
 
-    auto shouldReplace = [&] {
-        if constexpr (std::is_invocable_r_v<bool, R>)
+    auto shouldReplaceCached = [&] {
+        if constexpr (replaceCached)
         {
-            // The reason for this extra complexity is for intrusive
-            // strong/weak combo getting a strong is relatively expensive
-            // and not needed for many cases.
-            return replaceCallback();
+            return true;
+        }
+        else if constexpr (std::is_same_v<Policy, detail::ReplaceClient>)
+        {
+            return false;
         }
         else
         {
@@ -340,11 +381,11 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
 
     if (entry.isCached())
     {
-        if (shouldReplace())
+        if (shouldReplaceCached())
         {
             entry.ptr = data;
         }
-        else
+        else if constexpr (!replaceCached)
         {
             data = entry.ptr.getStrong();
         }
@@ -356,11 +397,11 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
 
     if (cachedData)
     {
-        if (shouldReplace())
+        if (shouldReplaceCached())
         {
             entry.ptr = data;
         }
-        else
+        else if constexpr (!replaceCached)
         {
             entry.ptr.convertToStrong();
             data = cachedData;
@@ -376,6 +417,24 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
     return false;
 }
 
+template <
+    class Key,
+    class T,
+    bool IsKeyCache,
+    class SharedWeakUnionPointer,
+    class SharedPointerType,
+    class Hash,
+    class KeyEqual,
+    class Mutex>
+template <class Callback>
+inline bool
+TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash, KeyEqual, Mutex>::
+    canonicalize(key_type const& key, SharedPointerType& data, Callback&& replaceCallback)
+{
+    return canonicalizeImpl(
+        key, data, detail::ReplaceDynamically{}, std::forward<Callback>(replaceCallback));
+}
+
 template <
     class Key,
     class T,
@@ -389,7 +448,7 @@ inline bool
 TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash, KeyEqual, Mutex>::
     canonicalizeReplaceCache(key_type const& key, SharedPointerType const& data)
 {
-    return canonicalize(key, const_cast<SharedPointerType&>(data), []() { return true; });
+    return canonicalizeImpl(key, data, detail::ReplaceCached{});
 }
 
 template <
@@ -405,7 +464,7 @@ inline bool
 TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash, KeyEqual, Mutex>::
     canonicalizeReplaceClient(key_type const& key, SharedPointerType& data)
 {
-    return canonicalize(key, data, []() { return false; });
+    return canonicalizeImpl(key, data, detail::ReplaceClient{});
 }
 
 template <
@@ -676,7 +735,7 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
     sweepHelper(
         clock_type::time_point const& whenExpire,
         [[maybe_unused]] clock_type::time_point const& now,
-        typename KeyValueCacheType::map_type& partition,
+        KeyValueCacheType::map_type& partition,
         SweptPointersVector& stuffToSweep,
         std::atomic<int>& allRemovals,
         std::scoped_lock<std::recursive_mutex> const&)
@@ -756,7 +815,7 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
     sweepHelper(
         clock_type::time_point const& whenExpire,
         clock_type::time_point const& now,
-        typename KeyOnlyCacheType::map_type& partition,
+        KeyOnlyCacheType::map_type& partition,
         SweptPointersVector&,
         std::atomic<int>& allRemovals,
         std::scoped_lock<std::recursive_mutex> const&)

include/xrpl/basics/hardened_hash.h

@@ -75,7 +75,7 @@ private:
     detail::seed_pair seeds_{detail::makeSeedPair<>()};
 
 public:
-    using result_type = typename HashAlgorithm::result_type;
+    using result_type = HashAlgorithm::result_type;
 
     HardenedHash() = default;
 

include/xrpl/basics/partitioned_unordered_map.h

@@ -57,8 +57,8 @@ public:
     {
         using iterator_category = std::forward_iterator_tag;
         partition_map_type* map{nullptr};
-        typename partition_map_type::iterator ait{};
-        typename map_type::iterator mit;
+        partition_map_type::iterator ait{};
+        map_type::iterator mit;
 
         Iterator() = default;
 
@@ -126,8 +126,8 @@ public:
         using iterator_category = std::forward_iterator_tag;
 
         partition_map_type* map{nullptr};
-        typename partition_map_type::iterator ait{};
-        typename map_type::iterator mit;
+        partition_map_type::iterator ait{};
+        map_type::iterator mit;
 
         ConstIterator() = default;
 

include/xrpl/basics/random.h

@@ -29,6 +29,7 @@ static_assert(
 namespace detail {
 
 // Determines if a type can be called like an Engine
+// NOLINTNEXTLINE(readability-redundant-typename): typename required by MSVC
 template <class Engine, class Result = typename Engine::result_type>
 using is_engine = std::is_invocable_r<Result, Engine>;
 }  // namespace detail

include/xrpl/beast/asio/io_latency_probe.h

@@ -18,8 +18,8 @@ template <class Clock>
 class IOLatencyProbe
 {
 private:
-    using duration = typename Clock::duration;
-    using time_point = typename Clock::time_point;
+    using duration = Clock::duration;
+    using time_point = Clock::time_point;
 
     std::recursive_mutex mutex_;
     std::condition_variable_any cond_;

include/xrpl/beast/clock/abstract_clock.h

@@ -34,10 +34,10 @@ template <class Clock>
 class AbstractClock
 {
 public:
-    using rep = typename Clock::rep;
-    using period = typename Clock::period;
-    using duration = typename Clock::duration;
-    using time_point = typename Clock::time_point;
+    using rep = Clock::rep;
+    using period = Clock::period;
+    using duration = Clock::duration;
+    using time_point = Clock::time_point;
     using clock_type = Clock;
 
     static bool const is_steady = Clock::is_steady;  // NOLINT(readability-identifier-naming)

include/xrpl/beast/clock/basic_seconds_clock.h

@@ -20,10 +20,10 @@ public:
 
     explicit BasicSecondsClock() = default;
 
-    using rep = typename Clock::rep;
-    using period = typename Clock::period;
-    using duration = typename Clock::duration;
-    using time_point = typename Clock::time_point;
+    using rep = Clock::rep;
+    using period = Clock::period;
+    using duration = Clock::duration;
+    using time_point = Clock::time_point;
 
     static bool const is_steady =  // NOLINT(readability-identifier-naming)
         Clock::is_steady;

include/xrpl/beast/container/detail/aged_container_iterator.h

@@ -16,15 +16,15 @@ template <bool IsConst, class Iterator>
 class AgedContainerIterator
 {
 public:
-    using iterator_category = typename std::iterator_traits<Iterator>::iterator_category;
+    using iterator_category = std::iterator_traits<Iterator>::iterator_category;
     using value_type = std::conditional_t<
         IsConst,
         typename Iterator::value_type::Stashed::value_type const,
         typename Iterator::value_type::Stashed::value_type>;
-    using difference_type = typename std::iterator_traits<Iterator>::difference_type;
+    using difference_type = std::iterator_traits<Iterator>::difference_type;
     using pointer = value_type*;
     using reference = value_type&;
-    using time_point = typename Iterator::value_type::Stashed::time_point;
+    using time_point = Iterator::value_type::Stashed::time_point;
 
     AgedContainerIterator() = default;
 

include/xrpl/beast/container/detail/aged_ordered_container.h

@@ -62,8 +62,8 @@ class AgedOrderedContainer
 {
 public:
     using clock_type = AbstractClock<Clock>;
-    using time_point = typename clock_type::time_point;
-    using duration = typename clock_type::duration;
+    using time_point = clock_type::time_point;
+    using duration = clock_type::duration;
     using key_type = Key;
     using mapped_type = T;
     using value_type = std::conditional_t<IsMap, std::pair<Key const, T>, Key>;
@@ -94,8 +94,8 @@ private:
         {
             explicit Stashed() = default;
 
-            using value_type = typename AgedOrderedContainer::value_type;
-            using time_point = typename AgedOrderedContainer::time_point;
+            using value_type = AgedOrderedContainer::value_type;
+            using time_point = AgedOrderedContainer::time_point;
         };
 
         Element(time_point const& when, value_type const& value) : value(value), when(when)
@@ -192,8 +192,8 @@ private:
         }
     };
 
-    using list_type = typename boost::intrusive::
-        make_list<Element, boost::intrusive::constant_time_size<false>>::type;
+    using list_type =
+        boost::intrusive::make_list<Element, boost::intrusive::constant_time_size<false>>::type;
 
     using cont_type = std::conditional_t<
         IsMulti,
@@ -206,8 +206,7 @@ private:
             boost::intrusive::constant_time_size<true>,
             boost::intrusive::compare<KeyValueCompare>>::type>;
 
-    using ElementAllocator =
-        typename std::allocator_traits<Allocator>::template rebind_alloc<Element>;
+    using ElementAllocator = std::allocator_traits<Allocator>::template rebind_alloc<Element>;
 
     using ElementAllocatorTraits = std::allocator_traits<ElementAllocator>;
 
@@ -373,8 +372,8 @@ public:
     using allocator_type = Allocator;
     using reference = value_type&;
     using const_reference = value_type const&;
-    using pointer = typename std::allocator_traits<Allocator>::pointer;
-    using const_pointer = typename std::allocator_traits<Allocator>::const_pointer;
+    using pointer = std::allocator_traits<Allocator>::pointer;
+    using const_pointer = std::allocator_traits<Allocator>::const_pointer;
 
     // A set iterator (IsMap==false) is always const
     // because the elements of a set are immutable.
@@ -617,7 +616,7 @@ public:
         bool MaybeMulti = IsMulti,
         bool MaybeMap = IsMap,
         class = std::enable_if_t<MaybeMap && !MaybeMulti>>
-    typename std::conditional<IsMap, T, void*>::type const&
+    std::conditional<IsMap, T, void*>::type const&
     at(K const& k) const;
 
     template <
@@ -1146,7 +1145,7 @@ private:
     void
     touch(
         beast::detail::AgedContainerIterator<IsConst, Iterator> pos,
-        typename clock_type::time_point const& now);
+        clock_type::time_point const& now);
 
     template <
         bool MaybePropagate = std::allocator_traits<Allocator>::propagate_on_container_swap::value>
@@ -1393,7 +1392,7 @@ AgedOrderedContainer<IsMulti, IsMap, Key, T, Clock, Compare, Allocator>::at(K co
 
 template <bool IsMulti, bool IsMap, class Key, class T, class Clock, class Compare, class Allocator>
 template <class K, bool MaybeMulti, bool MaybeMap, class>
-typename std::conditional<IsMap, T, void*>::type const&
+std::conditional<IsMap, T, void*>::type const&
 AgedOrderedContainer<IsMulti, IsMap, Key, T, Clock, Compare, Allocator>::at(K const& k) const
 {
     auto const iter(cont_.find(k, std::cref(config_.keyCompare())));
@@ -1732,7 +1731,7 @@ AgedOrderedContainer<IsMulti, IsMap, Key, T, Clock, Compare, Allocator>::operato
         cend(),
         other.cbegin(),
         other.cend(),
-        [&eq, &other](value_type const& lhs, typename Other::value_type const& rhs) {
+        [&eq, &other](value_type const& lhs, Other::value_type const& rhs) {
             return eq(extract(lhs), other.extract(rhs));
         });
 }
@@ -1744,7 +1743,7 @@ template <bool IsConst, class Iterator, class>
 void
 AgedOrderedContainer<IsMulti, IsMap, Key, T, Clock, Compare, Allocator>::touch(
     beast::detail::AgedContainerIterator<IsConst, Iterator> pos,
-    typename clock_type::time_point const& now)
+    clock_type::time_point const& now)
 {
     auto& e(*pos.iterator());
     e.when = now;

include/xrpl/beast/container/detail/aged_unordered_container.h

@@ -67,8 +67,8 @@ class AgedUnorderedContainer
 {
 public:
     using clock_type = AbstractClock<Clock>;
-    using time_point = typename clock_type::time_point;
-    using duration = typename clock_type::duration;
+    using time_point = clock_type::time_point;
+    using duration = clock_type::duration;
     using key_type = Key;
     using mapped_type = T;
     using value_type = std::conditional_t<IsMap, std::pair<Key const, T>, Key>;
@@ -99,8 +99,8 @@ private:
         {
             explicit Stashed() = default;
 
-            using value_type = typename AgedUnorderedContainer::value_type;
-            using time_point = typename AgedUnorderedContainer::time_point;
+            using value_type = AgedUnorderedContainer::value_type;
+            using time_point = AgedUnorderedContainer::time_point;
         };
 
         Element(time_point const& when, value_type const& value) : value(value), when(when)
@@ -201,8 +201,8 @@ private:
         }
     };
 
-    using list_type = typename boost::intrusive::
-        make_list<Element, boost::intrusive::constant_time_size<false>>::type;
+    using list_type =
+        boost::intrusive::make_list<Element, boost::intrusive::constant_time_size<false>>::type;
 
     using cont_type = std::conditional_t<
         IsMulti,
@@ -219,16 +219,14 @@ private:
             boost::intrusive::equal<KeyValueEqual>,
             boost::intrusive::cache_begin<true>>::type>;
 
-    using bucket_type = typename cont_type::bucket_type;
-    using bucket_traits = typename cont_type::bucket_traits;
+    using bucket_type = cont_type::bucket_type;
+    using bucket_traits = cont_type::bucket_traits;
 
-    using ElementAllocator =
-        typename std::allocator_traits<Allocator>::template rebind_alloc<Element>;
+    using ElementAllocator = std::allocator_traits<Allocator>::template rebind_alloc<Element>;
 
     using ElementAllocatorTraits = std::allocator_traits<ElementAllocator>;
 
-    using BucketAllocator =
-        typename std::allocator_traits<Allocator>::template rebind_alloc<Element>;
+    using BucketAllocator = std::allocator_traits<Allocator>::template rebind_alloc<Element>;
 
     using BucketAllocatorTraits = std::allocator_traits<BucketAllocator>;
 
@@ -542,8 +540,8 @@ public:
     using allocator_type = Allocator;
     using reference = value_type&;
     using const_reference = value_type const&;
-    using pointer = typename std::allocator_traits<Allocator>::pointer;
-    using const_pointer = typename std::allocator_traits<Allocator>::const_pointer;
+    using pointer = std::allocator_traits<Allocator>::pointer;
+    using const_pointer = std::allocator_traits<Allocator>::const_pointer;
 
     // A set iterator (IsMap==false) is always const
     // because the elements of a set are immutable.
@@ -850,7 +848,7 @@ public:
         bool MaybeMulti = IsMulti,
         bool MaybeMap = IsMap,
         class = std::enable_if_t<MaybeMap && !MaybeMulti>>
-    typename std::conditional<IsMap, T, void*>::type const&
+    std::conditional<IsMap, T, void*>::type const&
     at(K const& k) const;
 
     template <
@@ -1414,7 +1412,7 @@ private:
     void
     touch(
         beast::detail::AgedContainerIterator<IsConst, Iterator> pos,
-        typename clock_type::time_point const& now)
+        clock_type::time_point const& now)
     {
         auto& e(*pos.iterator());
         e.when = now;
@@ -2111,7 +2109,7 @@ template <
     class KeyEqual,
     class Allocator>
 template <class K, bool MaybeMulti, bool MaybeMap, class>
-typename std::conditional<IsMap, T, void*>::type const&
+std::conditional<IsMap, T, void*>::type const&
 AgedUnorderedContainer<IsMulti, IsMap, Key, T, Clock, Hash, KeyEqual, Allocator>::at(
     K const& k) const
 {

include/xrpl/beast/core/List.h

@@ -24,7 +24,7 @@ struct CopyConst<T const, U>
 {
     explicit CopyConst() = default;
 
-    using type = typename std::remove_const<U>::type const;
+    using type = std::remove_const<U>::type const;
 };
 /** @} */
 
@@ -56,7 +56,7 @@ class ListIterator
 {
 public:
     using iterator_category = std::bidirectional_iterator_tag;
-    using value_type = typename beast::detail::CopyConst<N, typename N::value_type>::type;
+    using value_type = beast::detail::CopyConst<N, typename N::value_type>::type;
     using difference_type = std::ptrdiff_t;
     using pointer = value_type*;
     using reference = value_type&;
@@ -259,7 +259,7 @@ template <typename T, typename Tag = void>
 class List
 {
 public:
-    using Node = typename detail::ListNode<T, Tag>;
+    using Node = detail::ListNode<T, Tag>;
 
     using value_type = T;
     using pointer = value_type*;

include/xrpl/beast/core/LockFreeStack.h

@@ -12,13 +12,13 @@ template <class Container, bool IsConst>
 class LockFreeStackIterator
 {
 protected:
-    using Node = typename Container::Node;
+    using Node = Container::Node;
     using NodePtr = std::conditional_t<IsConst, Node const*, Node*>;
 
 public:
     using iterator_category = std::forward_iterator_tag;
-    using value_type = typename Container::value_type;
-    using difference_type = typename Container::difference_type;
+    using value_type = Container::value_type;
+    using difference_type = Container::difference_type;
     using pointer =
         std::conditional_t<IsConst, typename Container::const_pointer, typename Container::pointer>;
     using reference = std::

include/xrpl/beast/hash/uhash.h

@@ -11,7 +11,7 @@ struct Uhash
 {
     Uhash() = default;
 
-    using result_type = typename Hasher::result_type;
+    using result_type = Hasher::result_type;
 
     template <class T>
     result_type

include/xrpl/beast/rfc2616.h

@@ -102,7 +102,7 @@ Result
 split(FwdIt first, FwdIt last, Char delim)
 {
     using namespace detail;
-    using string = typename Result::value_type;
+    using string = Result::value_type;
 
     Result result;
 

include/xrpl/beast/unit_test/detail/const_container.h

@@ -32,11 +32,11 @@ protected:
     }
 
 public:
-    using value_type = typename cont_type::value_type;
-    using size_type = typename cont_type::size_type;
-    using difference_type = typename cont_type::difference_type;
-    using iterator = typename cont_type::const_iterator;
-    using const_iterator = typename cont_type::const_iterator;
+    using value_type = cont_type::value_type;
+    using size_type = cont_type::size_type;
+    using difference_type = cont_type::difference_type;
+    using iterator = cont_type::const_iterator;
+    using const_iterator = cont_type::const_iterator;
 
     /** Returns `true` if the container is empty. */
     [[nodiscard]] bool

include/xrpl/beast/unit_test/reporter.h

@@ -48,7 +48,7 @@ private:
         std::size_t cases = 0;
         std::size_t total = 0;
         std::size_t failed = 0;
-        typename clock_type::time_point start = clock_type::now();
+        clock_type::time_point start = clock_type::now();
 
         explicit SuiteResults(std::string name = "") : name(std::move(name))
         {
@@ -60,7 +60,7 @@ private:
 
     struct Results
     {
-        using run_time = std::pair<std::string, typename clock_type::duration>;
+        using run_time = std::pair<std::string, clock_type::duration>;
 
         static constexpr auto kMaxTop = 10;
 
@@ -69,7 +69,7 @@ private:
         std::size_t total = 0;
         std::size_t failed = 0;
         std::vector<run_time> top;
-        typename clock_type::time_point start = clock_type::now();
+        clock_type::time_point start = clock_type::now();
 
         void
         add(SuiteResults const& r);
@@ -91,7 +91,7 @@ public:
 
 private:
     static std::string
-    fmtdur(typename clock_type::duration const& d);
+    fmtdur(clock_type::duration const& d);
 
     void
     onSuiteBegin(SuiteInfo const& info) override;
@@ -141,9 +141,7 @@ Reporter<Unused>::Results::add(SuiteResults const& r)
             top.begin(),
             top.end(),
             elapsed,
-            [](run_time const& t1, typename clock_type::duration const& t2) {
-                return t1.second > t2;
-            });
+            [](run_time const& t1, clock_type::duration const& t2) { return t1.second > t2; });
         if (iter != top.end())
         {
             if (top.size() == kMaxTop)
@@ -181,7 +179,7 @@ Reporter<Unused>::~Reporter()
 
 template <class Unused>
 std::string
-Reporter<Unused>::fmtdur(typename clock_type::duration const& d)
+Reporter<Unused>::fmtdur(clock_type::duration const& d)
 {
     using namespace std::chrono;
     auto const ms = duration_cast<milliseconds>(d);

include/xrpl/beast/utility/Journal.h

@@ -411,9 +411,9 @@ class BasicLogstream : public std::basic_ostream<CharT, Traits>
 {
     using char_type = CharT;
     using traits_type = Traits;
-    using int_type = typename traits_type::int_type;
-    using pos_type = typename traits_type::pos_type;
-    using off_type = typename traits_type::off_type;
+    using int_type = traits_type::int_type;
+    using pos_type = traits_type::pos_type;
+    using off_type = traits_type::off_type;
 
     detail::LogStreamBuf<CharT, Traits> buf_;
 

include/xrpl/beast/utility/maybe_const.h

@@ -15,6 +15,6 @@ struct MaybeConst
 
 /** Alias for omitting `typename`. */
 template <bool IsConst, class T>
-using maybe_const_t = typename MaybeConst<IsConst, T>::type;
+using maybe_const_t = MaybeConst<IsConst, T>::type;
 
 }  // namespace beast

include/xrpl/beast/utility/rngfill.h

@@ -13,7 +13,7 @@ template <class Generator>
 void
 rngfill(void* const buffer, std::size_t const bytes, Generator& g)
 {
-    using result_type = typename Generator::result_type;
+    using result_type = Generator::result_type;
     constexpr std::size_t kResultSize = sizeof(result_type);
 
     std::uint8_t* const bufferStart = static_cast<std::uint8_t*>(buffer);
@@ -42,7 +42,7 @@ template <
 void
 rngfill(std::array<std::uint8_t, N>& a, Generator& g)
 {
-    using result_type = typename Generator::result_type;
+    using result_type = Generator::result_type;
     auto i = N / sizeof(result_type);
     result_type* p = reinterpret_cast<result_type*>(a.data());
     while (i--)

include/xrpl/json/json_value.h

@@ -566,6 +566,7 @@ public:
     using SelfType = ValueConstIterator;
 
     ValueConstIterator() = default;
+    ValueConstIterator(ValueConstIterator const& other) = default;
 
 private:
     /*! \internal Use by Value to create an iterator.
@@ -574,12 +575,12 @@ private:
 
 public:
     SelfType&
-    operator=(ValueIteratorBase const& other);
+    operator=(SelfType const& other);
 
     SelfType
     operator++(int)
     {
-        SelfType temp(*this);
+        SelfType const temp(*this);
         ++*this;
         return temp;
     }
@@ -587,7 +588,7 @@ public:
     SelfType
     operator--(int)
     {
-        SelfType temp(*this);
+        SelfType const temp(*this);
         --*this;
         return temp;
     }

include/xrpl/ledger/helpers/AMMHelpers.h

@@ -37,6 +37,8 @@ reduceOffer(auto const& amount)
 
 enum class IsDeposit : bool { No = false, Yes = true };
 
+inline Number const kAMMInvariantRelativeTolerance{1, -11};
+
 /** Calculate LP Tokens given AMM pool reserves.
  * @param asset1 AMM one side of the pool reserve
  * @param asset2 AMM another side of the pool reserve
@@ -738,6 +740,30 @@ ammPoolHolds(
     AuthHandling authHandling,
     beast::Journal const j);
 
+/** Check AMM pool product invariant after an AMM operation that changes LP tokens
+ * (deposit/withdraw/clawback) from an already calculated pool product mean.
+ * Returns tecPRECISION_LOSS if poolProductMean < newLPTokenBalance beyond the
+ * invariant tolerance,
+ * tesSUCCESS otherwise. Skips check when newLPTokenBalance is zero (last withdrawal).
+ */
+TER
+checkAMMPrecisionLoss(Number const& poolProductMean, STAmount const& newLPTokenBalance);
+
+/** Check AMM pool product invariant after an AMM operation that changes LP tokens
+ * (deposit/withdraw/clawback).
+ * Returns tecPRECISION_LOSS if sqrt(asset1 * asset2) < newLPTokenBalance beyond
+ * the invariant tolerance,
+ * tesSUCCESS otherwise. Skips check when newLPTokenBalance is zero (last withdrawal).
+ */
+TER
+checkAMMPrecisionLoss(
+    ReadView const& view,
+    AccountID const& ammAccountID,
+    Asset const& asset1,
+    Asset const& asset2,
+    STAmount const& newLPTokenBalance,
+    beast::Journal const j);
+
 /** Get AMM pool and LP token balances. If both optIssue are
  * provided then they are used as the AMM token pair issues.
  * Otherwise the missing issues are fetched from ammSle.

include/xrpl/ledger/helpers/DelegateHelpers.h

@@ -23,13 +23,9 @@ checkTxPermission(SLE::const_ref delegate, STTx const& tx);
  * @param delegate The delegate account.
  * @param type Used to determine which granted granular permissions to load,
  * based on the transaction type.
- * @param granularPermissions Granted granular permissions tied to the
- * transaction type.
+ * @return the granted granular permissions tied to the transaction type.
  */
-void
-loadGranularPermission(
-    SLE::const_ref delegate,
-    TxType const& type,
-    std::unordered_set<GranularPermissionType>& granularPermissions);
+std::unordered_set<GranularPermissionType>
+getGranularPermission(SLE::const_ref delegate, TxType const& type);
 
 }  // namespace xrpl

include/xrpl/ledger/helpers/EscrowHelpers.h

@@ -42,7 +42,7 @@ escrowUnlockApplyHelper<Issue>(
     beast::Journal journal)
 {
     Issue const& issue = amount.get<Issue>();
-    Keylet const trustLineKey = keylet::line(receiver, issue);
+    Keylet const trustLineKey = keylet::trustLine(receiver, issue);
     bool const recvLow = issuer > receiver;
     bool const senderIssuer = issuer == sender;
     bool const receiverIssuer = issuer == receiver;
@@ -175,7 +175,7 @@ escrowUnlockApplyHelper<MPTIssue>(
     bool const receiverIssuer = issuer == receiver;
 
     auto const mptID = amount.get<MPTIssue>().getMptID();
-    auto const issuanceKey = keylet::mptIssuance(mptID);
+    auto const issuanceKey = keylet::mptokenIssuance(mptID);
     if (!view.exists(keylet::mptoken(issuanceKey.key, receiver)) && createAsset && !receiverIssuer)
     {
         if (std::uint32_t const ownerCount = {sleDest->at(sfOwnerCount)};

include/xrpl/ledger/helpers/PermissionedDEXHelpers.h

@@ -1,4 +1,5 @@
 #pragma once
+
 #include <xrpl/ledger/View.h>
 
 namespace xrpl::permissioned_dex {

include/xrpl/protocol/Batch.h

@@ -1,3 +1,5 @@
+#pragma once
+
 #include <xrpl/protocol/HashPrefix.h>
 #include <xrpl/protocol/STVector256.h>
 #include <xrpl/protocol/Serializer.h>

include/xrpl/protocol/Indexes.h

@@ -68,21 +68,15 @@ skip(LedgerIndex ledger) noexcept;
 
 /** The (fixed) index of the object containing the ledger fees. */
 Keylet const&
-fees() noexcept;
+feeSettings() noexcept;
 
 /** The (fixed) index of the object containing the ledger negativeUNL. */
 Keylet const&
 negativeUNL() noexcept;
 
 /** The beginning of an order book */
-struct BookT
-{
-    explicit BookT() = default;
-
-    Keylet
-    operator()(Book const& b) const;
-};
-static BookT const kBook{};
+Keylet
+book(Book const& b);
 
 /** The index of a trust line for a given currency
 
@@ -93,12 +87,12 @@ static BookT const kBook{};
 */
 /** @{ */
 Keylet
-line(AccountID const& id0, AccountID const& id1, Currency const& currency) noexcept;
+trustLine(AccountID const& id0, AccountID const& id1, Currency const& currency) noexcept;
 
 inline Keylet
-line(AccountID const& id, Issue const& issue) noexcept
+trustLine(AccountID const& id, Issue const& issue) noexcept
 {
-    return line(id, issue.account, issue.currency);
+    return trustLine(id, issue.account, issue.currency);
 }
 /** @} */
 
@@ -119,37 +113,27 @@ Keylet
 quality(Keylet const& k, std::uint64_t q) noexcept;
 
 /** The directory for the next lower quality */
-struct NextT
-{
-    explicit NextT() = default;
-
-    Keylet
-    operator()(Keylet const& k) const;
-};
-static NextT const kNext{};
+Keylet
+next(Keylet const& k);
 
 /** A ticket belonging to an account */
-struct TicketT
+/** @{ */
+Keylet
+ticket(AccountID const& id, std::uint32_t ticketSeq);
+
+Keylet
+ticket(AccountID const& id, SeqProxy ticketSeq);
+
+inline Keylet
+ticket(uint256 const& key)
 {
-    explicit TicketT() = default;
-
-    Keylet
-    operator()(AccountID const& id, std::uint32_t ticketSeq) const;
-
-    Keylet
-    operator()(AccountID const& id, SeqProxy ticketSeq) const;
-
-    Keylet
-    operator()(uint256 const& key) const
-    {
-        return {ltTICKET, key};
-    }
-};
-static TicketT const kTicket{};
+    return {ltTICKET, key};
+}
+/** @} */
 
 /** A SignerList */
 Keylet
-signers(AccountID const& account) noexcept;
+signerList(AccountID const& account) noexcept;
 
 /** A Check */
 /** @{ */
@@ -209,7 +193,7 @@ escrow(AccountID const& src, std::uint32_t seq) noexcept;
 
 /** A PaymentChannel */
 Keylet
-payChan(AccountID const& src, AccountID const& dst, std::uint32_t seq) noexcept;
+payChannel(AccountID const& src, AccountID const& dst, std::uint32_t seq) noexcept;
 
 /** NFT page keylets
 
@@ -221,22 +205,22 @@ payChan(AccountID const& src, AccountID const& dst, std::uint32_t seq) noexcept;
 /** @{ */
 /** A keylet for the owner's first possible NFT page. */
 Keylet
-nftpageMin(AccountID const& owner);
+nftokenPageMin(AccountID const& owner);
 
 /** A keylet for the owner's last possible NFT page. */
 Keylet
-nftpageMax(AccountID const& owner);
+nftokenPageMax(AccountID const& owner);
 
 Keylet
-nftpage(Keylet const& k, uint256 const& token);
+nftokenPage(Keylet const& k, uint256 const& token);
 /** @} */
 
 /** An offer from an account to buy or sell an NFT */
 Keylet
-nftoffer(AccountID const& owner, std::uint32_t seq);
+nftokenOffer(AccountID const& owner, std::uint32_t seq);
 
 inline Keylet
-nftoffer(uint256 const& offer)
+nftokenOffer(uint256 const& offer)
 {
     return {ltNFTOKEN_OFFER, offer};
 }
@@ -287,13 +271,13 @@ credential(uint256 const& key) noexcept
 }
 
 Keylet
-mptIssuance(std::uint32_t seq, AccountID const& issuer) noexcept;
+mptokenIssuance(std::uint32_t seq, AccountID const& issuer) noexcept;
 
 Keylet
-mptIssuance(MPTID const& issuanceID) noexcept;
+mptokenIssuance(MPTID const& issuanceID) noexcept;
 
 inline Keylet
-mptIssuance(uint256 const& issuanceKey)
+mptokenIssuance(uint256 const& issuanceKey)
 {
     return {ltMPTOKEN_ISSUANCE, issuanceKey};
 }
@@ -320,10 +304,10 @@ vault(uint256 const& vaultKey)
 }
 
 Keylet
-loanbroker(AccountID const& owner, std::uint32_t seq) noexcept;
+loanBroker(AccountID const& owner, std::uint32_t seq) noexcept;
 
 inline Keylet
-loanbroker(uint256 const& key)
+loanBroker(uint256 const& key)
 {
     return {ltLOAN_BROKER, key};
 }
@@ -376,11 +360,15 @@ struct KeyletDesc
 std::array<KeyletDesc<AccountID const&>, 6> const kDirectAccountKeylets{
     {{.function = &keylet::account, .expectedLEName = jss::AccountRoot, .includeInTests = false},
      {.function = &keylet::ownerDir, .expectedLEName = jss::DirectoryNode, .includeInTests = true},
-     {.function = &keylet::signers, .expectedLEName = jss::SignerList, .includeInTests = true},
+     {.function = &keylet::signerList, .expectedLEName = jss::SignerList, .includeInTests = true},
      // It's normally impossible to create an item at nftpage_min, but
      // test it anyway, since the invariant checks for it.
-     {.function = &keylet::nftpageMin, .expectedLEName = jss::NFTokenPage, .includeInTests = true},
-     {.function = &keylet::nftpageMax, .expectedLEName = jss::NFTokenPage, .includeInTests = true},
+     {.function = &keylet::nftokenPageMin,
+      .expectedLEName = jss::NFTokenPage,
+      .includeInTests = true},
+     {.function = &keylet::nftokenPageMax,
+      .expectedLEName = jss::NFTokenPage,
+      .includeInTests = true},
      {.function = &keylet::did, .expectedLEName = jss::DID, .includeInTests = true}}};
 
 MPTID

include/xrpl/protocol/KnownFormats.h

@@ -118,13 +118,13 @@ public:
     }
 
     // begin() and end() are provided for testing purposes.
-    [[nodiscard]] typename std::forward_list<Item>::const_iterator
+    [[nodiscard]] std::forward_list<Item>::const_iterator
     begin() const
     {
         return formats_.begin();
     }
 
-    [[nodiscard]] typename std::forward_list<Item>::const_iterator
+    [[nodiscard]] std::forward_list<Item>::const_iterator
     end() const
     {
         return formats_.end();

include/xrpl/protocol/LedgerFormats.h

@@ -180,12 +180,12 @@ enum LedgerEntryType : std::uint16_t {
         LSF_FLAG(lsfMPTCanClawback, 0x00000040))                                                                                   \
                                                                                                                                    \
     LEDGER_OBJECT(MPTokenIssuanceMutable,                                                                                          \
-        LSF_FLAG(lsmfMPTCanMutateCanLock, 0x00000002)                                                                              \
-        LSF_FLAG(lsmfMPTCanMutateRequireAuth, 0x00000004)                                                                          \
-        LSF_FLAG(lsmfMPTCanMutateCanEscrow, 0x00000008)                                                                            \
-        LSF_FLAG(lsmfMPTCanMutateCanTrade, 0x00000010)                                                                             \
-        LSF_FLAG(lsmfMPTCanMutateCanTransfer, 0x00000020)                                                                          \
-        LSF_FLAG(lsmfMPTCanMutateCanClawback, 0x00000040)                                                                          \
+        LSF_FLAG(lsmfMPTCanEnableCanLock, 0x00000002)                                                                              \
+        LSF_FLAG(lsmfMPTCanEnableRequireAuth, 0x00000004)                                                                          \
+        LSF_FLAG(lsmfMPTCanEnableCanEscrow, 0x00000008)                                                                            \
+        LSF_FLAG(lsmfMPTCanEnableCanTrade, 0x00000010)                                                                             \
+        LSF_FLAG(lsmfMPTCanEnableCanTransfer, 0x00000020)                                                                          \
+        LSF_FLAG(lsmfMPTCanEnableCanClawback, 0x00000040)                                                                          \
         LSF_FLAG(lsmfMPTCanMutateMetadata, 0x00010000)                                                                             \
         LSF_FLAG(lsmfMPTCanMutateTransferFee, 0x00020000))                                                                         \
                                                                                                                                    \

include/xrpl/protocol/Permissions.h

@@ -7,8 +7,13 @@
 #include <optional>
 #include <string>
 #include <unordered_map>
+#include <unordered_set>
+#include <vector>
 
 namespace xrpl {
+
+class STTx;
+
 /**
  * We have both transaction type permissions and granular type permissions.
  * Since we will reuse the TransactionFormats to parse the Transaction
@@ -19,15 +24,15 @@ namespace xrpl {
 // Macro-generated, complex
 // NOLINTNEXTLINE(cppcoreguidelines-use-enum-class)
 enum GranularPermissionType : std::uint32_t {
-#pragma push_macro("PERMISSION")
-#undef PERMISSION
+#pragma push_macro("GRANULAR_PERMISSION")
+#undef GRANULAR_PERMISSION
 
-#define PERMISSION(type, txType, value) type = (value),
+#define GRANULAR_PERMISSION(name, txType, value, ...) name = (value),
 
 #include <xrpl/protocol/detail/permissions.macro>
 
-#undef PERMISSION
-#pragma pop_macro("PERMISSION")
+#undef GRANULAR_PERMISSION
+#pragma pop_macro("GRANULAR_PERMISSION")
 };
 
 // Injected bare enumerators (xrpl::delegable / xrpl::notDelegable) are required by preprocessor
@@ -40,15 +45,30 @@ class Permission
 private:
     Permission();
 
-    std::unordered_map<std::uint16_t, uint256> txFeatureMap_;
+    struct GranularPermissionEntry
+    {
+        std::string name;
+        TxType txType;
+        std::uint32_t permittedFlags;
+        SOTemplate permittedFields;
 
-    std::unordered_map<std::uint16_t, Delegation> delegableTx_;
+        GranularPermissionEntry(
+            std::string name,
+            TxType txType,
+            std::uint32_t permittedFlags,
+            std::vector<SOElement> fields);
+    };
 
-    std::unordered_map<std::string, GranularPermissionType> granularPermissionMap_;
+    struct TxDelegationEntry
+    {
+        uint256 amendment;
+        Delegation delegable{NotDelegable};
+    };
 
-    std::unordered_map<GranularPermissionType, std::string> granularNameMap_;
-
-    std::unordered_map<GranularPermissionType, TxType> granularTxTypeMap_;
+    std::unordered_set<TxType> granularTxTypes_;
+    std::unordered_map<TxType, TxDelegationEntry> txDelegationMap_;
+    std::unordered_map<std::string, GranularPermissionType> granularPermissionsByName_;
+    std::unordered_map<GranularPermissionType, GranularPermissionEntry> granularPermissions_;
 
 public:
     static Permission const&
@@ -59,30 +79,52 @@ public:
     operator=(Permission const&) = delete;
 
     [[nodiscard]] std::optional<std::string>
-    getPermissionName(std::uint32_t const value) const;
+    getPermissionName(std::uint32_t value) const;
 
     [[nodiscard]] std::optional<std::uint32_t>
     getGranularValue(std::string const& name) const;
 
     [[nodiscard]] std::optional<std::string>
-    getGranularName(GranularPermissionType const& value) const;
+    getGranularName(GranularPermissionType value) const;
 
     [[nodiscard]] std::optional<TxType>
-    getGranularTxType(GranularPermissionType const& gpType) const;
+    getGranularTxType(GranularPermissionType gpType) const;
 
+    // Returns a reference to avoid copying uint256 - 32 bytes. std::optional
+    // cannot hold references directly, so std::reference_wrapper is used.
     [[nodiscard]] std::optional<std::reference_wrapper<uint256 const>>
     getTxFeature(TxType txType) const;
 
     [[nodiscard]] bool
-    isDelegable(std::uint32_t const& permissionValue, Rules const& rules) const;
+    isDelegable(std::uint32_t permissionValue, Rules const& rules) const;
+
+    [[nodiscard]] bool
+    hasGranularPermissions(TxType txType) const;
 
     // for tx level permission, permission value is equal to tx type plus one
-    static uint32_t
-    txToPermissionType(TxType const& type);
+    [[nodiscard]] static uint32_t
+    txToPermissionType(TxType type);
 
     // tx type value is permission value minus one
-    static TxType
-    permissionToTxType(uint32_t const& value);
+    [[nodiscard]] static TxType
+    permissionToTxType(std::uint32_t value);
+
+    /**
+     * @brief Verifies a delegated transaction against its granular permission template.
+     *
+     * @note WARNING: Do not move this check before standard transaction-level
+     * format checks, which is in preclaim. This function assumes the transaction's
+     * base structural integrity (fees, sequence, signatures) has already been
+     * validated.
+     *
+     * @param tx The transaction to verify.
+     * @param heldPermissions The granular permissions that the sender hold.
+     * @return true if the transaction fields and flags comply with the granular template.
+     */
+    [[nodiscard]] bool
+    checkGranularSandbox(
+        STTx const& tx,
+        std::unordered_set<GranularPermissionType> const& heldPermissions) const;
 };
 
 }  // namespace xrpl

include/xrpl/protocol/STBitString.h

@@ -163,7 +163,7 @@ STBitString<Bits>::setValue(BaseUInt<Bits, Tag> const& v)
 }
 
 template <int Bits>
-typename STBitString<Bits>::value_type const&
+STBitString<Bits>::value_type const&
 STBitString<Bits>::value() const
 {
     return value_;

include/xrpl/protocol/STInteger.h

@@ -120,7 +120,7 @@ STInteger<Integer>::operator=(value_type const& v)
 }
 
 template <typename Integer>
-inline typename STInteger<Integer>::value_type
+inline STInteger<Integer>::value_type
 STInteger<Integer>::value() const noexcept
 {
     return value_;

include/xrpl/protocol/STObject.h

@@ -243,7 +243,7 @@ public:
         @throws STObject::FieldErr if the field is not present.
     */
     template <class T>
-    typename T::value_type
+    T::value_type
     operator[](TypedField<T> const& f) const;
 
     /** Get the value of a field as a std::optional
@@ -290,7 +290,7 @@ public:
         @throws STObject::FieldErr if the field is not present.
     */
     template <class T>
-    [[nodiscard]] typename T::value_type
+    [[nodiscard]] T::value_type
     at(TypedField<T> const& f) const;
 
     /** Get the value of a field as std::optional
@@ -478,7 +478,7 @@ template <class T>
 class STObject::Proxy
 {
 public:
-    using value_type = typename T::value_type;
+    using value_type = T::value_type;
 
     [[nodiscard]] value_type
     value() const;
@@ -513,13 +513,10 @@ protected:
 template <typename U>
 concept IsArithmeticNumber =
     std::is_arithmetic_v<U> || std::is_same_v<U, Number> || std::is_same_v<U, STAmount>;
-template <
-    typename U,
-    typename Value = typename U::value_type,
-    typename Unit = typename U::unit_type>
+template <typename U, typename Value = U::value_type, typename Unit = U::unit_type>
 concept IsArithmeticValueUnit = std::is_same_v<U, unit::ValueUnit<Unit, Value>> &&
     IsArithmeticNumber<Value> && std::is_class_v<Unit>;
-template <typename U, typename Value = typename U::value_type>
+template <typename U, typename Value = U::value_type>
 concept IsArithmeticST = !IsArithmeticValueUnit<U> && IsArithmeticNumber<Value>;
 template <typename U>
 concept IsArithmetic = IsArithmeticNumber<U> || IsArithmeticST<U> || IsArithmeticValueUnit<U>;
@@ -534,7 +531,7 @@ template <class T>
 class STObject::ValueProxy : public Proxy<T>
 {
 private:
-    using value_type = typename T::value_type;
+    using value_type = T::value_type;
 
 public:
     ValueProxy(ValueProxy const&) = default;
@@ -576,7 +573,7 @@ template <class T>
 class STObject::OptionalProxy : public Proxy<T>
 {
 private:
-    using value_type = typename T::value_type;
+    using value_type = T::value_type;
 
     using optional_type = std::optional<std::decay_t<value_type>>;
 
@@ -840,7 +837,7 @@ operator typename STObject::OptionalProxy<T>::optional_type() const
 }
 
 template <class T>
-typename STObject::OptionalProxy<T>::optional_type
+STObject::OptionalProxy<T>::optional_type
 STObject::OptionalProxy<T>::operator~() const
 {
     return optionalValue();
@@ -933,7 +930,7 @@ STObject::OptionalProxy<T>::optionalValue() const -> optional_type
 }
 
 template <class T>
-typename STObject::OptionalProxy<T>::value_type
+STObject::OptionalProxy<T>::value_type
 STObject::OptionalProxy<T>::valueOr(value_type val) const
 {
     return engaged() ? this->value() : val;
@@ -1040,7 +1037,7 @@ STObject::getPIndex(int offset)
 }
 
 template <class T>
-typename T::value_type
+T::value_type
 STObject::operator[](TypedField<T> const& f) const
 {
     return at(f);
@@ -1068,7 +1065,7 @@ STObject::operator[](OptionaledField<T> const& of) -> OptionalProxy<T>
 }
 
 template <class T>
-[[nodiscard]] typename T::value_type
+[[nodiscard]] T::value_type
 STObject::at(TypedField<T> const& f) const
 {
     auto const b = peekAtPField(f);

include/xrpl/protocol/TER.h

@@ -657,13 +657,13 @@ inline bool
 isTesSuccess(TER x) noexcept
 {
     // Makes use of TERSubset::operator bool()
-    return !(x);
+    return !x;
 }
 
 inline bool
 isTecClaim(TER x) noexcept
 {
-    return ((x) >= tecCLAIM);
+    return (x >= tecCLAIM);
 }
 
 std::unordered_map<TERUnderlyingType, std::pair<char const* const, char const* const>> const&

include/xrpl/protocol/TxFlags.h

@@ -341,38 +341,32 @@ inline constexpr FlagValue tfTrustSetPermissionMask =
 
 // MPTokenIssuanceCreate MutableFlags:
 // Indicating specific fields or flags may be changed after issuance.
-inline constexpr FlagValue tmfMPTCanMutateCanLock = lsmfMPTCanMutateCanLock;
-inline constexpr FlagValue tmfMPTCanMutateRequireAuth = lsmfMPTCanMutateRequireAuth;
-inline constexpr FlagValue tmfMPTCanMutateCanEscrow = lsmfMPTCanMutateCanEscrow;
-inline constexpr FlagValue tmfMPTCanMutateCanTrade = lsmfMPTCanMutateCanTrade;
-inline constexpr FlagValue tmfMPTCanMutateCanTransfer = lsmfMPTCanMutateCanTransfer;
-inline constexpr FlagValue tmfMPTCanMutateCanClawback = lsmfMPTCanMutateCanClawback;
+inline constexpr FlagValue tmfMPTCanEnableCanLock = lsmfMPTCanEnableCanLock;
+inline constexpr FlagValue tmfMPTCanEnableRequireAuth = lsmfMPTCanEnableRequireAuth;
+inline constexpr FlagValue tmfMPTCanEnableCanEscrow = lsmfMPTCanEnableCanEscrow;
+inline constexpr FlagValue tmfMPTCanEnableCanTrade = lsmfMPTCanEnableCanTrade;
+inline constexpr FlagValue tmfMPTCanEnableCanTransfer = lsmfMPTCanEnableCanTransfer;
+inline constexpr FlagValue tmfMPTCanEnableCanClawback = lsmfMPTCanEnableCanClawback;
 inline constexpr FlagValue tmfMPTCanMutateMetadata = lsmfMPTCanMutateMetadata;
 inline constexpr FlagValue tmfMPTCanMutateTransferFee = lsmfMPTCanMutateTransferFee;
 inline constexpr FlagValue tmfMPTokenIssuanceCreateMutableMask =
-    ~(tmfMPTCanMutateCanLock | tmfMPTCanMutateRequireAuth | tmfMPTCanMutateCanEscrow |
-      tmfMPTCanMutateCanTrade | tmfMPTCanMutateCanTransfer | tmfMPTCanMutateCanClawback |
+    ~(tmfMPTCanEnableCanLock | tmfMPTCanEnableRequireAuth | tmfMPTCanEnableCanEscrow |
+      tmfMPTCanEnableCanTrade | tmfMPTCanEnableCanTransfer | tmfMPTCanEnableCanClawback |
       tmfMPTCanMutateMetadata | tmfMPTCanMutateTransferFee);
 
 // MPTokenIssuanceSet MutableFlags:
-// Set or Clear flags.
+// Enable mutable capability flags. These flags are one-way: once enabled,
+// the corresponding capability cannot be disabled by MPTokenIssuanceSet.
 
 inline constexpr FlagValue tmfMPTSetCanLock = 0x00000001;
-inline constexpr FlagValue tmfMPTClearCanLock = 0x00000002;
-inline constexpr FlagValue tmfMPTSetRequireAuth = 0x00000004;
-inline constexpr FlagValue tmfMPTClearRequireAuth = 0x00000008;
-inline constexpr FlagValue tmfMPTSetCanEscrow = 0x00000010;
-inline constexpr FlagValue tmfMPTClearCanEscrow = 0x00000020;
-inline constexpr FlagValue tmfMPTSetCanTrade = 0x00000040;
-inline constexpr FlagValue tmfMPTClearCanTrade = 0x00000080;
-inline constexpr FlagValue tmfMPTSetCanTransfer = 0x00000100;
-inline constexpr FlagValue tmfMPTClearCanTransfer = 0x00000200;
-inline constexpr FlagValue tmfMPTSetCanClawback = 0x00000400;
-inline constexpr FlagValue tmfMPTClearCanClawback = 0x00000800;
-inline constexpr FlagValue tmfMPTokenIssuanceSetMutableMask = ~(
-    tmfMPTSetCanLock | tmfMPTClearCanLock | tmfMPTSetRequireAuth | tmfMPTClearRequireAuth |
-    tmfMPTSetCanEscrow | tmfMPTClearCanEscrow | tmfMPTSetCanTrade | tmfMPTClearCanTrade |
-    tmfMPTSetCanTransfer | tmfMPTClearCanTransfer | tmfMPTSetCanClawback | tmfMPTClearCanClawback);
+inline constexpr FlagValue tmfMPTSetRequireAuth = 0x00000002;
+inline constexpr FlagValue tmfMPTSetCanEscrow = 0x00000004;
+inline constexpr FlagValue tmfMPTSetCanTrade = 0x00000008;
+inline constexpr FlagValue tmfMPTSetCanTransfer = 0x00000010;
+inline constexpr FlagValue tmfMPTSetCanClawback = 0x00000020;
+inline constexpr FlagValue tmfMPTokenIssuanceSetMutableMask =
+    ~(tmfMPTSetCanLock | tmfMPTSetRequireAuth | tmfMPTSetCanEscrow | tmfMPTSetCanTrade |
+      tmfMPTSetCanTransfer | tmfMPTSetCanClawback);
 
 // Prior to fixRemoveNFTokenAutoTrustLine, transfer of an NFToken between accounts allowed a
 // TrustLine to be added to the issuer of that token without explicit permission from that issuer.

include/xrpl/protocol/Units.h

@@ -391,7 +391,7 @@ mulDivU(Source1 value, Dest mul, Source2 div)
         return std::nullopt;
     }
 
-    using desttype = typename Dest::value_type;
+    using desttype = Dest::value_type;
     constexpr auto kMax = std::numeric_limits<desttype>::max();
 
     // Shortcuts, since these happen a lot in the real world

include/xrpl/protocol/XChainAttestations.h

@@ -379,16 +379,16 @@ public:
     [[nodiscard]] STArray
     toSTArray() const;
 
-    [[nodiscard]] typename AttCollection::const_iterator
+    [[nodiscard]] AttCollection::const_iterator
     begin() const;
 
-    [[nodiscard]] typename AttCollection::const_iterator
+    [[nodiscard]] AttCollection::const_iterator
     end() const;
 
-    typename AttCollection::iterator
+    AttCollection::iterator
     begin();
 
-    typename AttCollection::iterator
+    AttCollection::iterator
     end();
 
     template <class F>
@@ -419,7 +419,7 @@ operator==(
 }
 
 template <class TAttestation>
-inline typename XChainAttestationsBase<TAttestation>::AttCollection const&
+inline XChainAttestationsBase<TAttestation>::AttCollection const&
 XChainAttestationsBase<TAttestation>::attestations() const
 {
     return attestations_;

include/xrpl/protocol/detail/features.macro

@@ -21,10 +21,10 @@ XRPL_FEATURE(MPTokensV2,                  Supported::No,  VoteBehavior::DefaultN
 XRPL_FIX    (Cleanup3_1_3,                Supported::Yes, VoteBehavior::DefaultYes)
 XRPL_FIX    (BatchInnerSigs,              Supported::No,  VoteBehavior::DefaultNo)
 XRPL_FEATURE(LendingProtocol,             Supported::Yes, VoteBehavior::DefaultNo)
-XRPL_FEATURE(PermissionDelegationV1_1,    Supported::No,  VoteBehavior::DefaultNo)
+XRPL_FEATURE(PermissionDelegationV1_1,    Supported::Yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (DirectoryLimit,              Supported::Yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (IncludeKeyletFields,         Supported::Yes, VoteBehavior::DefaultNo)
-XRPL_FEATURE(DynamicMPT,                  Supported::No,  VoteBehavior::DefaultNo)
+XRPL_FEATURE(DynamicMPT,                  Supported::Yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (TokenEscrowV1,               Supported::Yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (PriceOracleOrder,            Supported::Yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (MPTDeliveredAmount,          Supported::Yes, VoteBehavior::DefaultNo)

include/xrpl/protocol/detail/ledger_entries.macro

@@ -21,7 +21,7 @@
 
 /** A ledger object which identifies an offer to buy or sell an NFT.
 
-    \sa keylet::nftoffer
+    \sa keylet::nftokenOffer
  */
 LEDGER_ENTRY(ltNFTOKEN_OFFER, 0x0037, NFTokenOffer, nft_offer, ({
     {sfOwner,                SoeRequired},
@@ -84,7 +84,7 @@ LEDGER_ENTRY(ltNEGATIVE_UNL, 0x004e, NegativeUNL, nunl, ({
 
 /** A ledger object which contains a list of NFTs
 
-    \sa keylet::nftpageMin, keylet::nftpageMax, keylet::nftpage
+    \sa keylet::nftokenPageMin, keylet::nftokenPageMax, keylet::nftokenPage
  */
 LEDGER_ENTRY(ltNFTOKEN_PAGE, 0x0050, NFTokenPage, nft_page, ({
     {sfPreviousPageMin,      SoeOptional},
@@ -96,7 +96,7 @@ LEDGER_ENTRY(ltNFTOKEN_PAGE, 0x0050, NFTokenPage, nft_page, ({
 
 /** A ledger object which contains a signer list for an account.
 
-    \sa keylet::signers
+    \sa keylet::signerList
  */
 // All fields are SoeRequired because there is always a SignerEntries.
 // If there are no SignerEntries the node is deleted.
@@ -112,7 +112,7 @@ LEDGER_ENTRY(ltSIGNER_LIST, 0x0053, SignerList, signer_list, ({
 
 /** A ledger object which describes a ticket.
 
-    \sa keylet::kTicket
+    \sa keylet::ticket
  */
 LEDGER_ENTRY(ltTICKET, 0x0054, Ticket, ticket, ({
     {sfAccount,              SoeRequired},
@@ -272,7 +272,7 @@ LEDGER_ENTRY(ltXCHAIN_OWNED_CLAIM_ID, 0x0071, XChainOwnedClaimID, xchain_owned_c
 
     @note Per Vinnie Falco this should be renamed to ltTRUST_LINE
 
-    \sa keylet::line
+    \sa keylet::trustLine
  */
 LEDGER_ENTRY(ltRIPPLE_STATE, 0x0072, RippleState, state, ({
     {sfBalance,              SoeRequired},
@@ -292,7 +292,7 @@ LEDGER_ENTRY(ltRIPPLE_STATE, 0x0072, RippleState, state, ({
 
     \note This is a singleton: only one such object exists in the ledger.
 
-    \sa keylet::fees
+    \sa keylet::feeSettings
  */
 LEDGER_ENTRY(ltFEE_SETTINGS, 0x0073, FeeSettings, fee, ({
     // Old version uses raw numbers
@@ -346,7 +346,7 @@ LEDGER_ENTRY(ltESCROW, 0x0075, Escrow, escrow, ({
 
 /** A ledger object describing a single unidirectional XRP payment channel.
 
-    \sa keylet::payChan
+    \sa keylet::payChannel
  */
 LEDGER_ENTRY(ltPAYCHAN, 0x0078, PayChannel, payment_channel, ({
     {sfAccount,              SoeRequired},
@@ -384,7 +384,7 @@ LEDGER_ENTRY(ltAMM, 0x0079, AMM, amm, ({
 }))
 
 /** A ledger object which tracks MPTokenIssuance
-    \sa keylet::mptIssuance
+    \sa keylet::mptokenIssuance
  */
 LEDGER_ENTRY(ltMPTOKEN_ISSUANCE, 0x007e, MPTokenIssuance, mpt_issuance, ({
     {sfIssuer,                   SoeRequired},
@@ -499,7 +499,7 @@ LEDGER_ENTRY(ltVAULT, 0x0084, Vault, vault, ({
 
 /** A ledger object representing a loan broker
 
-    \sa keylet::loanbroker
+    \sa keylet::loanBroker
  */
 LEDGER_ENTRY(ltLOAN_BROKER, 0x0088, LoanBroker, loan_broker, ({
     {sfPreviousTxnID,        SoeRequired},

include/xrpl/protocol/detail/permissions.macro

@@ -1,49 +1,74 @@
-#if !defined(PERMISSION)
-#error "undefined macro: PERMISSION"
+#if !defined(GRANULAR_PERMISSION)
+#error "undefined macro: GRANULAR_PERMISSION"
 #endif
 
 /**
- * PERMISSION(name, type, txType, value)
+ * GRANULAR_PERMISSION(name, txType, value, allowedFlags, allowedFields)
  *
- * This macro defines a permission:
- * name: the name of the permission.
- * type: the GranularPermissionType enum.
- * txType: the corresponding TxType for this permission.
- * value: the uint32 numeric value for the enum type.
+ * Defines a granular permission:
+ *   name:          the granular permission name.
+ *   txType:        the corresponding TxType for this permission.
+ *   value:         the uint32 numeric value for the enum type.
+ *   allowedFlags:  transaction flags permitted under this permission.
+ *   allowedFields: transaction fields permitted under this permission.
  */
 
-/** This permission grants the delegated account the ability to authorize a trustline. */
-PERMISSION(TrustlineAuthorize, ttTRUST_SET, 65537)
+/** Grants the ability to authorize a trustline. */
+GRANULAR_PERMISSION(TrustlineAuthorize, ttTRUST_SET, 65537, tfUniversal | tfSetfAuth,
+    ({{sfLimitAmount, SoeRequired}}))
 
-/** This permission grants the delegated account the ability to freeze a trustline. */
-PERMISSION(TrustlineFreeze, ttTRUST_SET, 65538)
+/** Grants the ability to freeze a trustline. */
+GRANULAR_PERMISSION(TrustlineFreeze, ttTRUST_SET, 65538, tfUniversal | tfSetFreeze,
+    ({{sfLimitAmount, SoeRequired}}))
 
-/** This permission grants the delegated account the ability to unfreeze a trustline. */
-PERMISSION(TrustlineUnfreeze, ttTRUST_SET, 65539)
+/** Grants the ability to unfreeze a trustline. */
+GRANULAR_PERMISSION(TrustlineUnfreeze, ttTRUST_SET, 65539, tfUniversal | tfClearFreeze,
+    ({{sfLimitAmount, SoeRequired}}))
 
-/** This permission grants the delegated account the ability to set Domain. */
-PERMISSION(AccountDomainSet, ttACCOUNT_SET, 65540)
+/** Grants the ability to set Domain. */
+GRANULAR_PERMISSION(AccountDomainSet, ttACCOUNT_SET, 65540, tfUniversal,
+    ({{sfDomain, SoeOptional}}))
 
-/** This permission grants the delegated account the ability to set EmailHashSet. */
-PERMISSION(AccountEmailHashSet, ttACCOUNT_SET, 65541)
+/** Grants the ability to set EmailHash. */
+GRANULAR_PERMISSION(AccountEmailHashSet, ttACCOUNT_SET, 65541, tfUniversal,
+    ({{sfEmailHash, SoeOptional}}))
 
-/** This permission grants the delegated account the ability to set MessageKey. */
-PERMISSION(AccountMessageKeySet, ttACCOUNT_SET, 65542)
+/** Grants the ability to set MessageKey. */
+GRANULAR_PERMISSION(AccountMessageKeySet, ttACCOUNT_SET, 65542, tfUniversal,
+    ({{sfMessageKey, SoeOptional}}))
 
-/** This permission grants the delegated account the ability to set TransferRate. */
-PERMISSION(AccountTransferRateSet, ttACCOUNT_SET, 65543)
+/** Grants the ability to set TransferRate. */
+GRANULAR_PERMISSION(AccountTransferRateSet, ttACCOUNT_SET, 65543, tfUniversal,
+    ({{sfTransferRate, SoeOptional}}))
 
-/** This permission grants the delegated account the ability to set TickSize. */
-PERMISSION(AccountTickSizeSet, ttACCOUNT_SET, 65544)
+/** Grants the ability to set TickSize. */
+GRANULAR_PERMISSION(AccountTickSizeSet, ttACCOUNT_SET, 65544, tfUniversal,
+    ({{sfTickSize, SoeOptional}}))
 
-/** This permission grants the delegated account the ability to mint payment, which means sending a payment for a currency where the sending account is the issuer. */
-PERMISSION(PaymentMint, ttPAYMENT, 65545)
+/** Grants the ability to mint payment (sending account is the issuer). Cross-currency payments are disallowed. */
+GRANULAR_PERMISSION(PaymentMint, ttPAYMENT, 65545, tfUniversal,
+    ({{sfDestination, SoeRequired},
+      {sfAmount, SoeRequired},
+      {sfSendMax, SoeOptional},
+      {sfInvoiceID, SoeOptional},
+      {sfDestinationTag, SoeOptional},
+      {sfCredentialIDs, SoeOptional}}))
 
-/** This permission grants the delegated account the ability to burn payment, which means sending a payment for a currency where the destination account is the issuer */
-PERMISSION(PaymentBurn, ttPAYMENT, 65546)
+/** Grants the ability to burn payment (destination account is the issuer). Cross-currency payments are disallowed. */
+GRANULAR_PERMISSION(PaymentBurn, ttPAYMENT, 65546, tfUniversal,
+    ({{sfDestination, SoeRequired},
+      {sfAmount, SoeRequired},
+      {sfSendMax, SoeOptional},
+      {sfInvoiceID, SoeOptional},
+      {sfDestinationTag, SoeOptional},
+      {sfCredentialIDs, SoeOptional}}))
 
-/** This permission grants the delegated account the ability to lock MPToken. */
-PERMISSION(MPTokenIssuanceLock, ttMPTOKEN_ISSUANCE_SET, 65547)
+/** Grants the ability to lock an MPToken. */
+GRANULAR_PERMISSION(MPTokenIssuanceLock, ttMPTOKEN_ISSUANCE_SET, 65547, tfUniversal | tfMPTLock,
+    ({{sfMPTokenIssuanceID, SoeRequired},
+      {sfHolder, SoeOptional}}))
 
-/** This permission grants the delegated account the ability to unlock MPToken. */
-PERMISSION(MPTokenIssuanceUnlock, ttMPTOKEN_ISSUANCE_SET, 65548)
+/** Grants the ability to unlock an MPToken. */
+GRANULAR_PERMISSION(MPTokenIssuanceUnlock, ttMPTOKEN_ISSUANCE_SET, 65548, tfUniversal | tfMPTUnlock,
+    ({{sfMPTokenIssuanceID, SoeRequired},
+      {sfHolder, SoeOptional}}))

include/xrpl/protocol/digest.h

@@ -206,7 +206,7 @@ sha512Half(Args const&... args)
     sha512_half_hasher h;
     using beast::hash_append;
     hash_append(h, args...);
-    return static_cast<typename sha512_half_hasher::result_type>(h);
+    return static_cast<sha512_half_hasher::result_type>(h);
 }
 
 /** Returns the SHA512-Half of a series of objects.
@@ -222,7 +222,7 @@ sha512HalfS(Args const&... args)
     sha512_half_hasher_s h;
     using beast::hash_append;
     hash_append(h, args...);
-    return static_cast<typename sha512_half_hasher_s::result_type>(h);
+    return static_cast<sha512_half_hasher_s::result_type>(h);
 }
 
 }  // namespace xrpl

include/xrpl/protocol/nft.h

@@ -52,7 +52,7 @@ getTransferFee(uint256 const& id)
 }
 
 inline std::uint32_t
-getSerial(uint256 const& id)
+getSequence(uint256 const& id)
 {
     std::uint32_t seq = 0;
     memcpy(&seq, id.begin() + 28, 4);
@@ -92,7 +92,7 @@ getTaxon(uint256 const& id)
 
     // The taxon cipher is just an XOR, so it is reversible by applying the
     // XOR a second time.
-    return cipheredTaxon(getSerial(id), toTaxon(taxon));
+    return cipheredTaxon(getSequence(id), toTaxon(taxon));
 }
 
 inline AccountID

include/xrpl/shamap/FullBelowCache.h

@@ -25,7 +25,7 @@ public:
     static constexpr auto kDefaultCacheTargetSize = 0;
 
     using key_type = uint256;
-    using clock_type = typename CacheType::clock_type;
+    using clock_type = CacheType::clock_type;
 
     /** Construct the cache.
 

include/xrpl/tx/Transactor.h

@@ -7,6 +7,7 @@
 #include <xrpl/tx/ApplyContext.h>
 #include <xrpl/tx/applySteps.h>
 
+#include <tuple>
 #include <utility>
 
 namespace xrpl {
@@ -222,8 +223,63 @@ public:
         return tesSUCCESS;
     }
 
+    /**
+     * This function can be overridden to introduce additional semantic constraints beyond the
+     * granular template validation for granular permissions. It is called by the base
+     * invokeCheckPermission method only after the transaction has successfully passed
+     * checkGranularSandbox.
+     */
     static NotTEC
-    checkPermission(ReadView const& view, STTx const& tx);
+    checkGranularSemantics(
+        ReadView const& view,
+        STTx const& tx,
+        std::unordered_set<GranularPermissionType> const& heldGranularPermissions)
+    {
+        return tesSUCCESS;
+    }
+
+    /**
+     * Checks whether the transaction is authorized to be executed by the delegated account.
+     * This function enforces the strict permission check hierarchy. It is explicitly
+     * designed NOT to be overridden. Derived transactors must instead implement
+     * checkGranularSemantics to add custom validation logic for granular permissions.
+     *
+     * The evaluation proceeds as follows:
+     * - If transaction-level permission is granted, the function immediately returns tesSUCCESS.
+     * - If transaction-level permission is not granted, the function checks whether the transaction
+     * matches the granular permission template defined in permissions.macro. If it does, it then
+     * calls checkGranularSemantics to perform any additional, fine-grained validation.
+     *
+     */
+    template <class T>
+    static NotTEC
+    invokeCheckPermission(ReadView const& view, STTx const& tx)
+    {
+        // heldGranularPermissions is passed by reference into checkPermission.
+        // It is populated with the sender’s granular permissions only when the sender
+        // lacks tx-level permission but has granular permissions that satisfy the
+        // granular permission template.
+        //
+        // - result is terNO_DELEGATE_PERMISSION: return immediately.
+        // - result is tesSUCCESS and heldGranularPermissions is empty: tx-level permission was
+        // granted, so we returned success before populating it.
+        // - result is tesSUCCESS and heldGranularPermissions is not empty: tx-level permission was
+        // not granted, but the held granular permissions passed checkGranularSandbox, so we proceed
+        // to checkGranularSemantics.
+        //
+        // WARNING: Do not simplify checkPermission to return only
+        // heldGranularPermissions or the ter code. Both the result and the
+        // populated set are required to enforce the strict permission hierarchy
+        // described above.
+        std::unordered_set<GranularPermissionType> heldGranularPermissions;
+        if (NotTEC const result = checkPermission(view, tx, heldGranularPermissions);
+            !isTesSuccess(result) || heldGranularPermissions.empty())
+        {
+            return result;
+        }
+
+        return T::checkGranularSemantics(view, tx, heldGranularPermissions);
+    }
     /////////////////////////////////////////////////////
 
     // Interface used by AccountDelete
@@ -353,13 +409,24 @@ protected:
         unit::ValueUnit<Unit, T> min = unit::ValueUnit<Unit, T>{});
 
 private:
+    static NotTEC
+    checkPermission(
+        ReadView const& view,
+        STTx const& tx,
+        std::unordered_set<GranularPermissionType>& heldGranularPermissions);
+
     std::pair<TER, XRPAmount>
     reset(XRPAmount fee);
 
     TER
     consumeSeqProxy(SLE::pointer const& sleAccount);
+
     TER
     payFee();
+
+    std::tuple<TER, XRPAmount, bool>
+    processPersistentChanges(TER result, XRPAmount fee);
+
     static NotTEC
     checkSingleSign(
         ReadView const& view,
@@ -367,6 +434,7 @@ private:
         AccountID const& idAccount,
         SLE::const_pointer sleAccount,
         beast::Journal const j);
+
     static NotTEC
     checkMultiSign(
         ReadView const& view,

include/xrpl/tx/invariants/AMMInvariant.h

@@ -15,7 +15,9 @@ class ValidAMM
     std::optional<AccountID> ammAccount_;
     std::optional<STAmount> lptAMMBalanceAfter_;
     std::optional<STAmount> lptAMMBalanceBefore_;
+    std::optional<STAmount> lptAMMBalanceBeforeDeletion_;
     bool ammPoolChanged_{false};
+    bool ammDeleted_{false};
 
 public:
     enum class ZeroAllowed : bool { No = false, Yes = true };
@@ -35,12 +37,17 @@ private:
     [[nodiscard]] bool
     finalizeCreate(STTx const&, ReadView const&, bool enforce, beast::Journal const&) const;
     [[nodiscard]] bool
-    finalizeDelete(bool enforce, TER res, beast::Journal const&) const;
+    finalizeDelete(bool enforce, bool enforceAMMDelete, TER res, beast::Journal const&) const;
     [[nodiscard]] bool
     finalizeDeposit(STTx const&, ReadView const&, bool enforce, beast::Journal const&) const;
     // Includes clawback
     [[nodiscard]] bool
-    finalizeWithdraw(STTx const&, ReadView const&, bool enforce, beast::Journal const&) const;
+    finalizeWithdraw(
+        STTx const&,
+        ReadView const&,
+        bool enforce,
+        bool enforceAMMDelete,
+        beast::Journal const&) const;
     [[nodiscard]] bool
     finalizeDEX(bool enforce, beast::Journal const&) const;
     [[nodiscard]] bool

include/xrpl/tx/paths/detail/FlowDebugInfo.h

@@ -3,7 +3,6 @@
 #include <xrpl/ledger/PaymentSandbox.h>
 #include <xrpl/protocol/IOUAmount.h>
 #include <xrpl/protocol/XRPAmount.h>
-#include <xrpl/tx/paths/detail/AmountSpec.h>
 
 #include <boost/container/flat_map.hpp>
 

include/xrpl/tx/paths/detail/StepChecks.h

@@ -27,7 +27,7 @@ checkFreeze(
         }
     }
 
-    if (auto sle = view.read(keylet::line(src, dst, currency)))
+    if (auto sle = view.read(keylet::trustLine(src, dst, currency)))
     {
         if (sle->isFlag((dst > src) ? lsfHighFreeze : lsfLowFreeze))
         {
@@ -71,8 +71,8 @@ checkNoRipple(
     beast::Journal j)
 {
     // fetch the ripple lines into and out of this node
-    auto sleIn = view.read(keylet::line(prev, cur, currency));
-    auto sleOut = view.read(keylet::line(cur, next, currency));
+    auto sleIn = view.read(keylet::trustLine(prev, cur, currency));
+    auto sleOut = view.read(keylet::trustLine(cur, next, currency));
 
     if (!sleIn || !sleOut)
         return terNO_LINE;

include/xrpl/tx/paths/detail/StrandFlow.h

@@ -9,7 +9,6 @@
 #include <xrpl/protocol/IOUAmount.h>
 #include <xrpl/protocol/XRPAmount.h>
 #include <xrpl/tx/paths/Flow.h>
-#include <xrpl/tx/paths/detail/AmountSpec.h>
 #include <xrpl/tx/paths/detail/FlatSets.h>
 #include <xrpl/tx/paths/detail/FlowDebugInfo.h>
 #include <xrpl/tx/paths/detail/Steps.h>

include/xrpl/tx/transactors/account/AccountSet.h

@@ -23,9 +23,6 @@ public:
     static NotTEC
     preflight(PreflightContext const& ctx);
 
-    static NotTEC
-    checkPermission(ReadView const& view, STTx const& tx);
-
     static TER
     preclaim(PreclaimContext const& ctx);
 

include/xrpl/tx/transactors/payment/Payment.h

@@ -32,7 +32,10 @@ public:
     preflight(PreflightContext const& ctx);
 
     static NotTEC
-    checkPermission(ReadView const& view, STTx const& tx);
+    checkGranularSemantics(
+        ReadView const& view,
+        STTx const& tx,
+        std::unordered_set<GranularPermissionType> const& heldGranularPermissions);
 
     static TER
     preclaim(PreclaimContext const& ctx);

include/xrpl/tx/transactors/token/MPTokenIssuanceSet.h

@@ -22,9 +22,6 @@ public:
     static NotTEC
     preflight(PreflightContext const& ctx);
 
-    static NotTEC
-    checkPermission(ReadView const& view, STTx const& tx);
-
     static TER
     preclaim(PreclaimContext const& ctx);
 

include/xrpl/tx/transactors/token/TrustSet.h

@@ -21,7 +21,10 @@ public:
     preflight(PreflightContext const& ctx);
 
     static NotTEC
-    checkPermission(ReadView const& view, STTx const& tx);
+    checkGranularSemantics(
+        ReadView const& view,
+        STTx const& tx,
+        std::unordered_set<GranularPermissionType> const& heldGranularPermissions);
 
     static TER
     preclaim(PreclaimContext const& ctx);

package/README.md

@@ -6,10 +6,10 @@ This directory contains all files needed to build RPM and Debian packages for `x
 
 ```
 package/
-  build_pkg.sh      Staging and build script (called by CMake targets and CI)
+  build_pkg.sh      Staging and build script (called by the CMake `package` target and CI)
   rpm/
-    xrpld.spec      RPM spec (xrpld_version/pkg_release passed via rpmbuild --define)
-  debian/           Debian control files (control, rules, install, links, conffiles, ...)
+    xrpld.spec      RPM spec
+  debian/           Debian control files (control, rules, copyright, xrpld.docs, xrpld.links, source/format)
   shared/
     xrpld.service       systemd unit file (used by both RPM and DEB)
     xrpld.sysusers      sysusers.d config (used by both RPM and DEB)
@@ -21,21 +21,19 @@ package/
 
 Packaging targets and their container images are declared in
 [`.github/scripts/strategy-matrix/linux.json`](../.github/scripts/strategy-matrix/linux.json)
-inside `package_configs` configurations. Today only
-`linux/amd64` is emitted. The package format
-(deb or rpm) is inferred at build time from the container's package manager
-(`apt-get` -> deb, `dnf`/`yum` -> rpm). The image tag is composed as
-`ghcr.io/xrplf/xrpld/packaging-<distro>:sha-<git_sha>` —
-the same scheme used by `reusable-build-test.yml`. Bump `image_sha` in
-`linux.json` and both CI and local builds pick up the new image with no
-workflow edits.
+under `package_configs`, one entry per distro. Today only `linux/amd64` is
+emitted. Each entry pins its full container image in an `image` field; to move
+to a new image, edit that field and both CI and local builds pick it up. The
+package format (deb or rpm) is inferred at build time from the container's
+package manager (`apt-get` -> deb, `dnf`/`yum` -> rpm).
 
-| Package type | Image (derived from `linux.json`)                    | Tool required                                                   |
-| ------------ | ---------------------------------------------------- | --------------------------------------------------------------- |
-| RPM          | `ghcr.io/xrplf/xrpld/packaging-rhel:sha-<git_sha>`   | `rpmbuild`                                                      |
-| DEB          | `ghcr.io/xrplf/xrpld/packaging-debian:sha-<git_sha>` | `dpkg-buildpackage`, `debhelper (>= 13)`, `dh-sequence-systemd` |
+| Package type | Image (`package_configs.<distro>[].image` in `linux.json`) | Tools required                                      |
+| ------------ | ---------------------------------------------------------- | --------------------------------------------------- |
+| RPM          | `ghcr.io/xrplf/xrpld/packaging-rhel:sha-<sha>`             | `rpmbuild`                                          |
+| DEB          | `ghcr.io/xrplf/xrpld/packaging-debian:sha-<sha>`           | `dpkg-buildpackage`, debhelper with compat level 13 |
 
-To print the exact image tags for the current `linux.json`:
+To print the full packaging matrix (artifact names and images) for the current
+`linux.json`:
 
 ```bash
 ./.github/scripts/strategy-matrix/generate.py --packaging
@@ -46,12 +44,13 @@ To print the exact image tags for the current `linux.json`:
 ### Via CI
 
 Caller workflows (`on-pr.yml`, `on-tag.yml`, `on-trigger.yml`) call
-`reusable-strategy-matrix.yml` with `mode: packaging` to generate the matrix of
-`{artifact_name, os}` entries, then fan out to
-`reusable-package.yml` per entry. That workflow downloads the pre-built `xrpld`
-binary artifact, detects the package format from the container, and calls
-`build_pkg.sh` directly — no CMake configure or build step is needed inside
-the packaging job.
+`reusable-package.yml`. That workflow generates its own packaging matrix from
+`package_configs` in `linux.json` (via `generate.py --packaging`) and fans out
+one job per distro. Each job downloads the pre-built `xrpld` binary artifact and
+runs in that distro's container, so the package format follows from the
+container's package manager. The packaging script derives the package version
+from the downloaded binary's `xrpld --version` output; no CMake configure or
+build step is needed inside the packaging job.
 
 ### Locally (mirrors CI)
 
@@ -60,22 +59,19 @@ inside the same container CI uses. The image tag is derived from `linux.json`
 so you don't need to hardcode a SHA.
 
 ```bash
-# From the repo root. Pick any image flagged with `"package": true` in
-# linux.json; the package format is inferred from the container's package
-# manager. Example for the rpm-producing image:
-IMAGE=$(jq -r '
-  .os | map(select(.package == true))[0] |
-  "ghcr.io/xrplf/ci/\(.distro_name)-\(.distro_version):\(.compiler_name)-\(.compiler_version)-sha-\(.image_sha)"
-' .github/scripts/strategy-matrix/linux.json)
+# From the repo root. Each distro's container image is the `image` field of its
+# package_configs entry in linux.json; the package format is inferred from the
+# container's package manager. Example for the rpm-producing image (use
+# .package_configs.debian[0].image for the deb image):
+IMAGE=$(jq -r '.package_configs.rhel[0].image' .github/scripts/strategy-matrix/linux.json)
 
-VERSION=2.4.0-local
 PKG_RELEASE=1
 
 docker run --rm \
     -v "$(pwd):/src" \
     -w /src \
-    "$IMAGE" \
-    ./package/build_pkg.sh --pkg-version "$VERSION" --pkg-release "$PKG_RELEASE"
+    "${IMAGE}" \
+    ./package/build_pkg.sh --pkg-release "${PKG_RELEASE}"
 
 # Output:
 #   build/debbuild/*.deb         (DEB + dbgsym .ddeb)
@@ -91,41 +87,73 @@ needed, but the host toolchain replaces the pinned CI image:
 ```bash
 cmake \
     -Dxrpld=ON \
-    -Dxrpld_version=2.4.0-local \
+    -Dpkg_release=1 \
     -Dtests=OFF \
     ..
 
 cmake --build . --target package # deb on Debian/Ubuntu, rpm on RHEL
 ```
 
-The `cmake/XrplPackaging.cmake` module defines the target only if at least one
-of `rpmbuild` / `dpkg-buildpackage` is present; `build_pkg.sh` then infers the
-package format from the host's package manager. The packaging script installs
-to FHS-standard paths (`/usr/bin`, `/etc/xrpld`, etc.) regardless of
+The `cmake/XrplPackaging.cmake` module defines the `package` target only if at
+least one of `rpmbuild` / `dpkg-buildpackage` is present; `build_pkg.sh` then
+infers the package format from the host's package manager. The packaging script
+installs to FHS-standard paths (`/usr/bin`, `/etc/xrpld`, etc.) regardless of
 `CMAKE_INSTALL_PREFIX`.
 
+The package version is not a CMake input on this path: `build_pkg.sh` derives it
+from the just-built `xrpld` binary's `xrpld --version` output. The package
+release defaults to 1 and is overridable with `-Dpkg_release=N`.
+
 ## How `build_pkg.sh` works
 
-`build_pkg.sh` accepts long-form flags, each of which can also be set via an
-environment variable. Flags override env vars; env vars override the built-in
-defaults. Run `./package/build_pkg.sh --help` for the same table:
+`build_pkg.sh` derives the `xrpld` software version from
+`${BUILD_DIR}/xrpld --version` in both package formats.
 
-| Flag                       | Env var             | Default                       | Purpose                             |
-| -------------------------- | ------------------- | ----------------------------- | ----------------------------------- |
-| `--src-dir DIR`            | `SRC_DIR`           | `$PWD`                        | repo root                           |
-| `--build-dir DIR`          | `BUILD_DIR`         | `$PWD/build`                  | directory holding pre-built `xrpld` |
-| `--pkg-version STR`        | `PKG_VERSION`       | parsed from `xrpld --version` | version string, e.g. `3.2.0-b1`     |
-| `--pkg-release N`          | `PKG_RELEASE`       | `1`                           | package release number              |
-| `--source-date-epoch SECS` | `SOURCE_DATE_EPOCH` | latest git commit ctime       | reproducibility timestamp           |
+The binary's version is already SemVer-validated by `BuildInfo`.
+`build_pkg.sh` converts pre-release versions such as `3.2.0-b1` or
+`3.2.0-rc1` from `-` to `~` for package metadata so pre-releases sort before
+the final release. If that normalized package version still contains `-`,
+packaging fails because RPM forbids `-` in `Version`, and Debian uses `-` as
+the upstream/revision separator.
+
+`pkg_version` is the normalized package metadata version derived inside
+`build_pkg.sh` from the binary-reported `xrpld` version (`-` pre-release
+separator converted to `~`). It is not a separate user input.
+
+`PKG_RELEASE` is a different value: the package release iteration for that
+`xrpld` version. RPM receives the normalized `pkg_version` and `PKG_RELEASE` as
+the `pkg_version` and `pkg_release` macros for its `Version` and `Release`
+values; DEB writes them as `${pkg_version}-${PKG_RELEASE}` in
+`debian/changelog`.
+
+With `PKG_RELEASE=1`, the package metadata becomes:
+
+| Input version      | RPM version/release          | Debian version       |
+| ------------------ | ---------------------------- | -------------------- |
+| `3.2.0`            | `3.2.0-1%{?dist}`            | `3.2.0-1`            |
+| `3.2.0-b0+abc1234` | `3.2.0~b0+abc1234-1%{?dist}` | `3.2.0~b0+abc1234-1` |
+| `3.2.0-b1`         | `3.2.0~b1-1%{?dist}`         | `3.2.0~b1-1`         |
+| `3.2.0-rc1`        | `3.2.0~rc1-1%{?dist}`        | `3.2.0~rc1-1`        |
+
+The Debian changelog entry carries the repository component: final releases use
+`stable`, `b0` builds, including `b0+metadata`, use `develop`, and `bN`/`rcN`
+pre-releases use `unstable`.
+Build metadata on a final release, such as `3.2.0+abc123`, is rejected.
+
+The RPM path intentionally uses `~` in `Version`, matching the Debian
+pre-release ordering convention, so RPM filenames/NVRs begin with forms like
+`xrpld-3.2.0~b1-...` and `xrpld-3.2.0~rc1-...` instead of encoding
+pre-releases with an older `0.<release>.<suffix>` RPM `Release` value.
 
 The package format (`deb` or `rpm`) is inferred from the host's package
 manager (`apt-get` -> deb, `dnf`/`yum` -> rpm). Hosts without one of those
 fail early.
 
 Flags are for explicit invocation; environment variables are intended for
-CMake/systemd/CI integration. The CI workflow and the CMake `package` target
-both invoke `build_pkg.sh` with no flags, configuring it entirely via env
-(see `cmake/XrplPackaging.cmake`).
+CMake/CI integration. The CI workflow and the CMake `package` target both invoke
+`build_pkg.sh` with no flags; CMake supplies `SRC_DIR`, `BUILD_DIR`, and
+`PKG_RELEASE` via env, while CI supplies `BUILD_DIR` and `PKG_RELEASE` via env
+and lets the script use defaults for the rest.
 
 It resolves `SRC_DIR` and `BUILD_DIR` to absolute paths, then calls
 `stage_common()` to copy the binary, config files, and shared support files
@@ -134,18 +162,32 @@ into the staging area, and invokes the platform build tool.
 ### RPM
 
 1. Creates the standard `rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}` tree inside the build directory.
-2. Copies `xrpld.spec` and all source files (binary, configs, service files) into `SOURCES/`.
-3. Runs `rpmbuild -bb --define "xrpld_version ..." --define "pkg_release ..."`. The spec uses manual `install` commands to place files.
+2. Copies `xrpld.spec` and all shared source files (binary, configs, service files) into `SOURCES/`.
+3. Runs `rpmbuild -bb`, passing the normalized package metadata version as the
+   `pkg_version` RPM macro and `PKG_RELEASE` as the `pkg_release` RPM macro.
+   The spec uses manual `install` commands to place files, disables `dwz`, and
+   writes uncompressed RPM payloads while generating debuginfo packages.
 4. Output: `rpmbuild/RPMS/x86_64/xrpld-*.rpm`
 
+The uncompressed RPM payload setting is intentionally unconditional for
+generated RPMs. It trades larger RPM artifacts for much shorter package
+build/validation time, which keeps RPM package validation in the same rough time
+class as Debian package validation.
+
+RPM upgrades intentionally do not restart a running `xrpld` service. The spec
+uses `%systemd_postun`, matching Debian's `dh_installsystemd
+--no-stop-on-upgrade` behavior; operators pick up the new binary on the next
+service restart.
+
 ### DEB
 
 1. Creates a staging source tree at `debbuild/source/` inside the build directory.
 2. Stages the binary, configs, `README.md`, and `LICENSE.md`.
 3. Copies `package/debian/` control files into `debbuild/source/debian/`.
 4. Copies shared service/sysusers/tmpfiles into `debian/` where `dh_installsystemd`, `dh_installsysusers`, and `dh_installtmpfiles` pick them up automatically.
-5. Generates a minimal `debian/changelog` (pre-release versions use `~` instead of `-`).
-6. Runs `dpkg-buildpackage -b --no-sign`. `debian/rules` uses manual `install` commands.
+5. Generates a minimal `debian/changelog` using `${pkg_version}-${PKG_RELEASE}`,
+   where `pkg_version` is derived from the binary-reported `xrpld` version.
+6. Runs `dpkg-buildpackage -b --no-sign -d` (`-d` skips the build-dependency check, since the binary is already built). `debian/rules` uses manual `install` commands.
 7. Output: `debbuild/*.deb` and `debbuild/*.ddeb` (dbgsym package)
 
 ## Post-build verification
@@ -161,11 +203,14 @@ rpm -qlp rpmbuild/RPMS/x86_64/*.rpm
 
 ## Reproducibility
 
-The following environment variables improve build reproducibility. They are not
-set automatically by `build_pkg.sh`; set them manually if needed:
+`build_pkg.sh` already defaults `SOURCE_DATE_EPOCH` to the latest git commit
+time, or the current time outside a git tree, and exports it (override with
+`--source-date-epoch` / `SOURCE_DATE_EPOCH`); the RPM spec clamps file
+modification times to it via `%build_mtime_policy`. The remaining variables
+below further improve reproducibility but are _not_ set by the script — export
+them yourself if needed:
 
 ```bash
-export SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)
 export TZ=UTC
 export LC_ALL=C.UTF-8
 export GZIP=-n

package/build_pkg.sh

@@ -3,20 +3,18 @@ set -euo pipefail
 
 # Build an RPM or Debian package from a pre-built xrpld binary.
 #
-# Flags override env vars; env vars override defaults. Env vars are intended
-# for CMake/systemd/CI integration; flags are for explicit invocation.
+# Flags override env vars; env vars override defaults.
 
 usage() {
     cat <<'EOF'
 Usage: build_pkg.sh [options]
 
 Options (each can also be set via the env var shown):
-  --src-dir DIR             repo root                  [SRC_DIR;           default: $PWD]
-  --build-dir DIR           directory holding xrpld    [BUILD_DIR;         default: $PWD/build]
-  --pkg-version STR         version, e.g. 3.2.0-b1     [PKG_VERSION;       default: parsed from xrpld --version]
-  --pkg-release N           package release number     [PKG_RELEASE;       default: 1]
-  --source-date-epoch SECS  reproducibility timestamp  [SOURCE_DATE_EPOCH; default: latest git commit ctime]
-  -h, --help                show this help and exit
+  --src-dir DIR            repo root                 [SRC_DIR;           default: ${PWD}]
+  --build-dir DIR          directory holding xrpld   [BUILD_DIR;         default: ${PWD}/build]
+  --pkg-release N          package release iteration [PKG_RELEASE;       default: 1]
+  --source-date-epoch SECS reproducibility timestamp [SOURCE_DATE_EPOCH; latest git ctime; fallback: current time]
+  -h, --help               show this help and exit
 EOF
 }
 
@@ -30,8 +28,7 @@ need_arg() {
 # Seed from env. CLI parsing below overrides these directly.
 SRC_DIR="${SRC_DIR:-}"
 BUILD_DIR="${BUILD_DIR:-}"
-PKG_VERSION="${PKG_VERSION:-}"
-PKG_RELEASE="${PKG_RELEASE:-}"
+PKG_RELEASE="${PKG_RELEASE:-1}"
 SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-}"
 
 while [[ $# -gt 0 ]]; do
@@ -46,11 +43,6 @@ while [[ $# -gt 0 ]]; do
             BUILD_DIR="$2"
             shift 2
             ;;
-        --pkg-version)
-            need_arg "$@"
-            PKG_VERSION="$2"
-            shift 2
-            ;;
         --pkg-release)
             need_arg "$@"
             PKG_RELEASE="$2"
@@ -74,19 +66,61 @@ while [[ $# -gt 0 ]]; do
 done
 
 SRC_DIR="$(cd "${SRC_DIR:-${PWD}}" && pwd)"
-BUILD_DIR="$(cd "${BUILD_DIR:-${PWD}/build}" && pwd)"
-PKG_RELEASE="${PKG_RELEASE:-1}"
-
-if [[ -z "${PKG_VERSION}" ]]; then
-    PKG_VERSION="$("${BUILD_DIR}/xrpld" --version | awk 'NR==1 {print $3; exit}')"
+BUILD_DIR="${BUILD_DIR:-${PWD}/build}"
+if [[ ! -d "${BUILD_DIR}" ]]; then
+    echo "build_pkg.sh: build directory not found: ${BUILD_DIR}" >&2
+    echo "Build xrpld before packaging, or set BUILD_DIR to the directory containing xrpld." >&2
+    exit 1
 fi
+BUILD_DIR="$(cd "${BUILD_DIR}" && pwd)"
 
-if [[ -z "${PKG_VERSION}" ]]; then
-    echo "PKG_VERSION is empty (not provided and could not be derived)." >&2
+xrpld_binary="${BUILD_DIR}/xrpld"
+if [[ ! -x "${xrpld_binary}" ]]; then
+    echo "build_pkg.sh: expected executable xrpld binary at ${xrpld_binary}." >&2
+    echo "Build xrpld before packaging, or set BUILD_DIR to the directory containing xrpld." >&2
     exit 1
 fi
 
-VERSION="${PKG_VERSION}"
+xrpld_version="$("${xrpld_binary}" --version | awk 'NR == 1 { print $3 }')"
+
+if [[ -z "${xrpld_version}" ]]; then
+    echo "build_pkg.sh: unable to derive xrpld version from ${xrpld_binary} --version." >&2
+    exit 1
+fi
+
+# The version as the package formats consume it: identical to xrpld_version
+# except a pre-release uses '~' (3.2.0-b1 -> 3.2.0~b1), which also sorts before
+# the final 3.2.0; a no-op for a final release. Lowercase = derived internally,
+# not an input (cf. pkg_type).
+pkg_version="${xrpld_version}"
+pre_release=""
+if [[ "${xrpld_version}" == *-* ]]; then
+    pre_release="${xrpld_version#*-}"
+    pkg_version="${xrpld_version%%-*}~${pre_release}"
+fi
+
+# BuildInfo already SemVer-validates the binary's version. Packaging adds one
+# narrower constraint: after pre-release normalization, the package version must
+# not contain '-' because RPM forbids it in Version and Debian uses it as the
+# upstream/revision separator.
+if [[ "${pkg_version}" == *-* ]]; then
+    echo "build_pkg.sh: unsupported xrpld version '${xrpld_version}'." >&2
+    echo "Package version '${pkg_version}' cannot contain '-'." >&2
+    echo "Use a single-token pre-release like 3.2.0-b1 or 3.2.0-rc2." >&2
+    exit 1
+fi
+
+if [[ -z "${pre_release}" && "${xrpld_version}" == *+* ]]; then
+    echo "build_pkg.sh: unsupported xrpld version '${xrpld_version}'." >&2
+    echo "Build metadata is only supported on bN/rcN pre-releases." >&2
+    exit 1
+fi
+
+if [[ -n "${pre_release}" && ! "${pre_release}" =~ ^(b0|b[1-9][0-9]*|rc[0-9]+)(\+.*)?$ ]]; then
+    echo "build_pkg.sh: unsupported xrpld pre-release '${pre_release}'." >&2
+    echo "Use bN or rcN, e.g. 3.2.0-b1 or 3.2.0-rc2." >&2
+    exit 1
+fi
 
 if command -v apt-get >/dev/null 2>&1; then
     pkg_type=deb
@@ -98,32 +132,15 @@ else
 fi
 
 if [[ -z "${SOURCE_DATE_EPOCH}" ]]; then
-    if git -C "$SRC_DIR" rev-parse --is-inside-work-tree >/dev/null 2>&1; then
-        SOURCE_DATE_EPOCH="$(git -C "$SRC_DIR" log -1 --format=%ct)"
+    if git -C "${SRC_DIR}" rev-parse --is-inside-work-tree >/dev/null 2>&1; then
+        SOURCE_DATE_EPOCH="$(git -C "${SRC_DIR}" log -1 --format=%ct)"
     else
         SOURCE_DATE_EPOCH="$(date +%s)"
     fi
 fi
 
 export SOURCE_DATE_EPOCH
-CHANGELOG_DATE="$(date -u -R -d "@$SOURCE_DATE_EPOCH")"
-
-# Split VERSION at the first '-' into base and optional pre-release suffix.
-# Examples: "3.2.0" -> ("3.2.0", ""); "3.2.0-b1" -> ("3.2.0", "b1").
-VER_BASE="${VERSION%%-*}"
-VER_SUFFIX="${VERSION#*-}"
-[[ "${VER_SUFFIX}" == "${VERSION}" ]] && VER_SUFFIX=""
-
-# Reject multi-segment suffixes (e.g. "beta-1", "rc1-15-gabc123"). Neither an
-# RPM Version nor a Debian upstream version may contain '-' (it's the NVR /
-# version-revision separator), and the convention here is single-token
-# suffixes like b1 or rc2. Fail early with a clear message rather than letting
-# the package tooling blow up or silently mangle dashes.
-if [[ "${VER_SUFFIX}" == *-* ]]; then
-    echo "build_pkg.sh: multi-segment pre-release in VERSION='${VERSION}' (suffix '${VER_SUFFIX}')." >&2
-    echo "Use single-token suffixes like 3.2.0-b1 or 3.2.0-rc2." >&2
-    exit 1
-fi
+CHANGELOG_DATE="$(date -u -R -d "@${SOURCE_DATE_EPOCH}")"
 
 SHARED="${SRC_DIR}/package/shared"
 DEBIAN_DIR="${SRC_DIR}/package/debian"
@@ -143,7 +160,6 @@ stage_common() {
     cp "${SHARED}/xrpld.sysusers" "${dest}/xrpld.sysusers"
     cp "${SHARED}/xrpld.tmpfiles" "${dest}/xrpld.tmpfiles"
     cp "${SHARED}/xrpld.logrotate" "${dest}/xrpld.logrotate"
-    cp "${SHARED}/50-xrpld.preset" "${dest}/50-xrpld.preset"
 }
 
 build_rpm() {
@@ -154,18 +170,11 @@ build_rpm() {
     cp "${SRC_DIR}/package/rpm/xrpld.spec" "${topdir}/SPECS/xrpld.spec"
     stage_common "${topdir}/SOURCES"
 
-    # Pre-releases use the modern rpm '~' convention (rpm >= 4.10): the suffix
-    # goes in Version (e.g. 3.2.0~b1), which rpmvercmp sorts *before* the final
-    # 3.2.0 — identical semantics to Debian's '~'. Release is just the package
-    # release number. This replaces the older "0.<release>.<suffix>" Release
-    # hack and keeps the RPM and DEB version strings symmetric.
-    local rpm_version="${VER_BASE}${VER_SUFFIX:+~${VER_SUFFIX}}"
-
     set -x
     rpmbuild -bb \
         --define "_topdir ${topdir}" \
-        --define "xrpld_version ${rpm_version}" \
-        --define "xrpld_release ${PKG_RELEASE}" \
+        --define "pkg_version ${pkg_version}" \
+        --define "pkg_release ${PKG_RELEASE}" \
         "${topdir}/SPECS/xrpld.spec"
 }
 
@@ -182,23 +191,26 @@ build_deb() {
     cp "${staging}/xrpld.tmpfiles" "${staging}/debian/xrpld.tmpfiles"
     cp "${staging}/xrpld.logrotate" "${staging}/debian/xrpld.logrotate"
 
-    # Debian '~' marks a pre-release; 3.2.0~b1 sorts before 3.2.0.
-    local deb_full_version="${VER_BASE}${VER_SUFFIX:+~${VER_SUFFIX}}-${PKG_RELEASE}"
-
-    # Derive release channel from the version suffix:
-    #   (none)      -> stable    (tagged release)
-    #   b0          -> develop   (develop-branch build)
-    #   b<N>, rc<N> -> unstable  (pre-release)
-    local deb_distribution
-    case "${VER_SUFFIX}" in
-        "") deb_distribution="stable" ;;
-        b0) deb_distribution="develop" ;;
-        *) deb_distribution="unstable" ;;
-    esac
+    # Choose the Debian repository component for this package.
+    #   3.2.0 -> stable, *-b0[+metadata] -> develop,
+    #   bN/rcN pre-releases -> unstable.
+    local deb_component
+    if [[ -z "${pre_release}" ]]; then
+        deb_component="stable"
+    elif [[ "${pre_release}" =~ ^b0(\+.*)?$ ]]; then
+        deb_component="develop"
+    elif [[ "${pre_release}" =~ ^(b[1-9][0-9]*|rc[0-9]+)(\+.*)?$ ]]; then
+        deb_component="unstable"
+    else
+        echo "build_pkg.sh: unsupported xrpld pre-release '${pre_release}'." >&2
+        echo "Use bN or rcN, e.g. 3.2.0-b1 or 3.2.0-rc2." >&2
+        exit 1
+    fi
 
+    # Debian version is <upstream>[~<pre>]-<pkg release>.
     cat >"${staging}/debian/changelog" <<EOF
-xrpld (${deb_full_version}) ${deb_distribution}; urgency=medium
-  * Release ${VERSION}.
+xrpld (${pkg_version}-${PKG_RELEASE}) ${deb_component}; urgency=medium
+  * Release ${xrpld_version}.
 
  -- XRPL Foundation <contact@xrplf.org>  ${CHANGELOG_DATE}
 EOF

package/rpm/xrpld.spec

@@ -1,6 +1,14 @@
+%if "%{?pkg_version}" == ""
+%{error:pkg_version must be defined}
+%endif
+
+%if "%{?pkg_release}" == ""
+%{error:pkg_release must be defined}
+%endif
+
 Name:     xrpld
-Version:  %{xrpld_version}
-Release:  %{xrpld_release}%{?dist}
+Version:  %{pkg_version}
+Release:  %{pkg_release}%{?dist}
 Summary:  XRP Ledger daemon
 
 License:  ISC
@@ -11,6 +19,9 @@ BuildRequires: systemd-rpm-macros
 
 %undefine _debugsource_packages
 %debug_package
+# Intentionally trade larger RPM artifacts for faster package validation.
+%global _binary_payload w.ufdio
+%global _find_debuginfo_dwz_opts %{nil}
 
 %build_mtime_policy clamp_to_source_date_epoch
 
@@ -37,7 +48,10 @@ install -Dm0644 %{_sourcedir}/validators.txt       %{buildroot}%{_sysconfdir}/%{
 install -Dm0644 %{_sourcedir}/xrpld.service        %{buildroot}%{_unitdir}/xrpld.service
 install -Dm0644 %{_sourcedir}/xrpld.sysusers       %{buildroot}%{_sysusersdir}/xrpld.conf
 install -Dm0644 %{_sourcedir}/xrpld.tmpfiles       %{buildroot}%{_tmpfilesdir}/xrpld.conf
-install -Dm0644 %{_sourcedir}/50-xrpld.preset      %{buildroot}%{_presetdir}/50-xrpld.preset
+install -Dm0644 /dev/null %{buildroot}%{_presetdir}/50-xrpld.preset
+cat >%{buildroot}%{_presetdir}/50-xrpld.preset <<'EOF'
+enable xrpld.service
+EOF
 
 # Logrotate config
 install -Dm0644 %{_sourcedir}/xrpld.logrotate      %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
@@ -62,7 +76,7 @@ systemd-tmpfiles --create %{_tmpfilesdir}/xrpld.conf || :
 %systemd_preun xrpld.service
 
 %postun
-%systemd_postun_with_restart xrpld.service
+%systemd_postun xrpld.service
 
 %files
 %license %{_docdir}/%{name}/LICENSE.md

package/shared/50-xrpld.preset

@@ -1,2 +0,0 @@
-# /usr/lib/systemd/system-preset/50-xrpld.preset
-enable xrpld.service

package/shared/xrpld.service

@@ -17,6 +17,10 @@ ProtectHome=true
 PrivateTmp=true
 User=xrpld
 Group=xrpld
+StateDirectory=xrpld
+StateDirectoryMode=0750
+LogsDirectory=xrpld
+LogsDirectoryMode=0750
 LimitNOFILE=65536
 SystemCallArchitectures=native
 

src/libxrpl/json/json_valueiterator.cpp

@@ -132,7 +132,7 @@ ValueConstIterator::ValueConstIterator(Value::ObjectValues::iterator const& curr
 }
 
 ValueConstIterator&
-ValueConstIterator::operator=(ValueIteratorBase const& other)
+ValueConstIterator::operator=(SelfType const& other)
 {
     copy(other);
     return *this;

src/libxrpl/ledger/Ledger.cpp

@@ -180,7 +180,7 @@ Ledger::Ledger(
     }
 
     {
-        auto sle = std::make_shared<SLE>(keylet::fees());
+        auto sle = std::make_shared<SLE>(keylet::feeSettings());
         // Whether featureXRPFees is supported will depend on startup options.
         if (std::ranges::find(amendments, featureXRPFees) != amendments.end())
         {
@@ -560,7 +560,7 @@ Ledger::setup()
 
     try
     {
-        if (auto const sle = read(keylet::fees()))
+        if (auto const sle = read(keylet::feeSettings()))
         {
             bool oldFees = false;
             bool newFees = false;