Add AI documentation source files (.ai.md + .ai.json)

.clang-tidy

@@ -191,14 +191,11 @@ CheckOptions:
   readability-identifier-naming.ParameterCase: camelBack
   readability-identifier-naming.FunctionCase: camelBack
   readability-identifier-naming.MemberCase: camelBack
-  readability-identifier-naming.PrivateMemberCase: camelBack
   readability-identifier-naming.PrivateMemberSuffix: _
-  readability-identifier-naming.ProtectedMemberCase: camelBack
   readability-identifier-naming.ProtectedMemberSuffix: _
-  readability-identifier-naming.PublicMemberCase: camelBack
   readability-identifier-naming.PublicMemberSuffix: ""
   readability-identifier-naming.GlobalFunctionIgnoredRegexp: "^(to_string|hash_append|tuple_hash)$"
 
-HeaderFilterRegex: '^.*/(tests?|xrpl|xrpld)/.*\.(h|hpp|ipp)$'
+HeaderFilterRegex: '^.*/(test|xrpl|xrpld)/.*\.(h|hpp|ipp)$'
 ExcludeHeaderFilterRegex: '^.*/protocol_autogen/.*\.(h|hpp)$'
 WarningsAsErrors: "*"

.github/actions/build-deps/action.yml

@@ -37,12 +37,12 @@ runs:
       run: |
         echo 'Installing dependencies.'
         conan install \
-            --profile ci \
-            --build="${BUILD_OPTION}" \
-            --options:host='&:tests=True' \
-            --options:host='&:xrpld=True' \
-            --settings:all build_type="${BUILD_TYPE}" \
-            --conf:all tools.build:jobs=${BUILD_NPROC} \
-            --conf:all tools.build:verbosity="${LOG_VERBOSITY}" \
-            --conf:all tools.compilation:verbosity="${LOG_VERBOSITY}" \
-            .
+          --profile ci \
+          --build="${BUILD_OPTION}" \
+          --options:host='&:tests=True' \
+          --options:host='&:xrpld=True' \
+          --settings:all build_type="${BUILD_TYPE}" \
+          --conf:all tools.build:jobs=${BUILD_NPROC} \
+          --conf:all tools.build:verbosity="${LOG_VERBOSITY}" \
+          --conf:all tools.compilation:verbosity="${LOG_VERBOSITY}" \
+          .

.github/actions/generate-version/action.yml

@@ -15,7 +15,7 @@ runs:
       shell: bash
       env:
         VERSION: ${{ github.ref_name }}
-      run: echo "VERSION=${VERSION}" >>"${GITHUB_ENV}"
+      run: echo "VERSION=${VERSION}" >> "${GITHUB_ENV}"
 
     # When a tag is not pushed, then the version (e.g. 1.2.3-b0) is extracted
     # from the BuildInfo.cpp file and the shortened commit hash appended to it.
@@ -28,17 +28,17 @@ runs:
         echo 'Extracting version from BuildInfo.cpp.'
         VERSION="$(cat src/libxrpl/protocol/BuildInfo.cpp | grep "versionString =" | awk -F '"' '{print $2}')"
         if [[ -z "${VERSION}" ]]; then
-            echo 'Unable to extract version from BuildInfo.cpp.'
-            exit 1
+          echo 'Unable to extract version from BuildInfo.cpp.'
+          exit 1
         fi
 
         echo 'Appending shortened commit hash to version.'
         SHA='${{ github.sha }}'
         VERSION="${VERSION}+${SHA:0:7}"
 
-        echo "VERSION=${VERSION}" >>"${GITHUB_ENV}"
+        echo "VERSION=${VERSION}" >> "${GITHUB_ENV}"
 
     - name: Output version
       id: version
       shell: bash
-      run: echo "version=${VERSION}" >>"${GITHUB_OUTPUT}"
+      run: echo "version=${VERSION}" >> "${GITHUB_OUTPUT}"

.github/scripts/format-inline-bash.py

@@ -1,403 +0,0 @@
-#!/usr/bin/env python3
-
-"""
-Format embedded shell snippets using the shfmt hook configured in
-.pre-commit-config.yaml.
-
-Two shapes are recognised:
-
-* YAML workflow/action files: literal block-scalar runs (`run: |`) and
-  single-line runs (`run: some command`). A single-line run is upgraded to
-  a `run: |` block scalar if shfmt's output spans multiple lines.
-
-* Markdown files: ``` ```bash ``` fenced code blocks.
-
-Any block that shfmt cannot parse is skipped with a warning on stderr, so
-the file is left untouched and surrounding blocks still get formatted.
-
-For each occurrence the body is dedented, written to a temp .sh file,
-formatted via `pre-commit run shfmt --files <temp>` (falling back to
-`prek`), then re-indented and written back in place.
-
-When invoked without arguments, every .yml/.yaml under .github/ plus every
-.md file in the repo is scanned. When invoked with file arguments (the
-pre-commit case), only those files are processed.
-"""
-
-from __future__ import annotations
-
-import re
-import shutil
-import subprocess
-import sys
-import tempfile
-from dataclasses import dataclass
-from pathlib import Path
-from typing import Union
-
-REPO = Path(__file__).resolve().parents[2]
-
-_HOOK_RUNNER = next((cmd for cmd in ("pre-commit", "prek") if shutil.which(cmd)), None)
-if _HOOK_RUNNER is None:
-    sys.exit("error: neither `pre-commit` nor `prek` found on PATH")
-
-RUN_BLOCK_RE = re.compile(r"^(?P<prefix>[ \t]*(?:- )?)run:[ \t]*\|[+-]?[ \t]*$")
-RUN_INLINE_RE = re.compile(
-    r"^(?P<prefix>[ \t]*(?:- )?)run:[ \t]+" r"(?P<value>(?!\|[+-]?[ \t]*$)\S.*?)[ \t]*$"
-)
-MD_BASH_OPEN_RE = re.compile(r"^(?P<indent>[ ]{0,3})`{3}bash[ \t]*$")
-MD_FENCE_CLOSE_RE = re.compile(r"^[ ]{0,3}`{3,}[ \t]*$")
-
-
-@dataclass(frozen=True)
-class BlockRun:
-    """A `run: |` block scalar; `body_start:body_end` slices into `lines`."""
-
-    body_start: int
-    body_end: int
-    body_indent: int
-
-
-@dataclass(frozen=True)
-class InlineRun:
-    """A single-line `run: value` at `line_idx`."""
-
-    line_idx: int
-    prefix: str
-    value: str
-
-
-@dataclass(frozen=True)
-class MdBashBlock:
-    """A markdown ``` ```bash ``` fenced code block.
-
-    `body_start:body_end` slices into the file's lines; `open_line_idx`
-    points at the opening fence line.
-    """
-
-    open_line_idx: int
-    body_start: int
-    body_end: int
-    body_indent: int
-
-
-RunItem = Union[BlockRun, InlineRun]
-
-
-def _scan_block_body(
-    lines: list[str], body_start: int, run_col: int
-) -> tuple[int | None, int]:
-    """Locate the body of a `run: |` block scalar starting at `body_start`.
-
-    Returns `(body_indent, scan_end)`. `scan_end` is the line index where the
-    outer scanner should resume. `body_indent` is `None` when no body is
-    present (the scalar is empty, or the next non-blank line has indent
-    `<= run_col`).
-    """
-    body_indent: int | None = None
-    scan_end = len(lines)
-    for idx in range(body_start, len(lines)):
-        line = lines[idx]
-        if line.strip() == "":
-            continue
-        indent = len(line) - len(line.lstrip(" "))
-        if body_indent is None:
-            if indent > run_col:
-                body_indent = indent
-            else:
-                scan_end = idx
-                break
-        elif indent < body_indent:
-            scan_end = idx
-            break
-    if body_indent is not None:
-        while scan_end > body_start and lines[scan_end - 1].strip() == "":
-            scan_end -= 1
-        if scan_end <= body_start:
-            body_indent = None
-    return body_indent, scan_end
-
-
-def find_run_blocks(lines: list[str]) -> list[RunItem]:
-    """Return run items in document order."""
-    items: list[RunItem] = []
-    line_idx = 0
-    while line_idx < len(lines):
-        line = lines[line_idx]
-        if block_match := RUN_BLOCK_RE.match(line):
-            run_col = len(block_match.group("prefix"))
-            body_start = line_idx + 1
-            body_indent, scan_end = _scan_block_body(lines, body_start, run_col)
-            if body_indent is not None:
-                items.append(
-                    BlockRun(
-                        body_start=body_start,
-                        body_end=scan_end,
-                        body_indent=body_indent,
-                    )
-                )
-            line_idx = scan_end
-            continue
-        if inline_match := RUN_INLINE_RE.match(line):
-            items.append(
-                InlineRun(
-                    line_idx=line_idx,
-                    prefix=inline_match.group("prefix"),
-                    value=inline_match.group("value"),
-                )
-            )
-        line_idx += 1
-    return items
-
-
-def find_md_bash_blocks(lines: list[str]) -> list[MdBashBlock]:
-    """Return ``` ```bash ``` fenced code blocks in document order."""
-    blocks: list[MdBashBlock] = []
-    line_idx = 0
-    while line_idx < len(lines):
-        open_match = MD_BASH_OPEN_RE.match(lines[line_idx])
-        if not open_match:
-            line_idx += 1
-            continue
-        body_start = line_idx + 1
-        close_idx = next(
-            (
-                j
-                for j in range(body_start, len(lines))
-                if MD_FENCE_CLOSE_RE.match(lines[j])
-            ),
-            None,
-        )
-        if close_idx is None:
-            line_idx = body_start
-            continue
-        body = lines[body_start:close_idx]
-        non_blank = [b for b in body if b.strip()]
-        body_indent = (
-            min(len(b) - len(b.lstrip(" ")) for b in non_blank)
-            if non_blank
-            else len(open_match.group("indent"))
-        )
-        blocks.append(
-            MdBashBlock(
-                open_line_idx=line_idx,
-                body_start=body_start,
-                body_end=close_idx,
-                body_indent=body_indent,
-            )
-        )
-        line_idx = close_idx + 1
-    return blocks
-
-
-def dedent(lines: list[str], n: int) -> list[str]:
-    pad = " " * n
-    return [
-        (
-            ""
-            if line.strip() == ""
-            else (line[n:] if line.startswith(pad) else line.lstrip(" "))
-        )
-        for line in lines
-    ]
-
-
-def reindent(lines: list[str], n: int) -> list[str]:
-    pad = " " * n
-    return [pad + line if line else "" for line in lines]
-
-
-_SHFMT_ERR_RE = re.compile(r"\.sh:\d+:\d+:\s")
-_GHA_EXPR_RE = re.compile(r"\$\{\{.*?\}\}", re.DOTALL)
-_GHA_PLACEHOLDER_RE = re.compile(r"__GHA_EXPR_(\d+)__")
-
-
-def _encode_gha_exprs(text: str) -> tuple[str, list[str]]:
-    """Replace `${{ ... }}` expressions with bash-safe placeholder identifiers."""
-    exprs: list[str] = []
-
-    def repl(match: re.Match[str]) -> str:
-        exprs.append(match.group(0))
-        return f"__GHA_EXPR_{len(exprs) - 1}__"
-
-    return _GHA_EXPR_RE.sub(repl, text), exprs
-
-
-def _decode_gha_exprs(text: str, exprs: list[str]) -> str:
-    """Restore `${{ ... }}` expressions from placeholder identifiers."""
-    return _GHA_PLACEHOLDER_RE.sub(lambda m: exprs[int(m.group(1))], text)
-
-
-def shfmt_via_hook(tmp_path: Path) -> tuple[bool, str]:
-    # `${{ ... }}` is not valid shell, so swap it for a placeholder identifier
-    # that shfmt can parse, then restore it after formatting.
-    encoded, exprs = _encode_gha_exprs(tmp_path.read_text())
-    if exprs:
-        tmp_path.write_text(encoded)
-    res = subprocess.run(
-        [_HOOK_RUNNER, "run", "shfmt", "--files", str(tmp_path)],
-        cwd=REPO,
-        capture_output=True,
-        text=True,
-    )
-    output = res.stdout + res.stderr
-    # shfmt emits parse errors as "<path>:<line>:<col>: <message>".
-    parse_err = bool(_SHFMT_ERR_RE.search(output))
-    # A non-zero exit that is neither a parse error nor pre-commit's "I had
-    # to modify files" signal means the hook itself failed to run (missing
-    # binary, install failure, bad config, ...). Surface that loudly rather
-    # than silently treating it as a no-op.
-    if (
-        res.returncode != 0
-        and not parse_err
-        and "files were modified by this hook" not in output
-    ):
-        sys.exit(
-            f"error: `{_HOOK_RUNNER} run shfmt` failed with exit {res.returncode}:\n{output}"
-        )
-    if exprs and not parse_err:
-        tmp_path.write_text(_decode_gha_exprs(tmp_path.read_text(), exprs))
-    return not parse_err, output
-
-
-def _skip(path: Path, where: int, kind: str, output: str) -> None:
-    print(
-        f"  shfmt could not parse {kind} at {path}:{where + 1} — skipped",
-        file=sys.stderr,
-    )
-    print(f"    {output.strip()}", file=sys.stderr)
-
-
-def process_yaml_file(path: Path, tmp_path: Path) -> int:
-    text = path.read_text()
-    had_nl = text.endswith("\n")
-    lines = text.split("\n")
-    if had_nl:
-        lines = lines[:-1]
-    items = find_run_blocks(lines)
-    if not items:
-        return 0
-    changed = 0
-    # Process in reverse so earlier indices remain valid as we splice.
-    for item in reversed(items):
-        if isinstance(item, BlockRun):
-            body = lines[item.body_start : item.body_end]
-            tmp_path.write_text("\n".join(dedent(body, item.body_indent)) + "\n")
-            ok, output = shfmt_via_hook(tmp_path)
-            if not ok:
-                _skip(path, item.body_start, "block", output)
-                continue
-            formatted = tmp_path.read_text().rstrip("\n")
-            new_body = reindent(formatted.split("\n"), item.body_indent)
-            if new_body != body:
-                lines[item.body_start : item.body_end] = new_body
-                changed += 1
-        else:
-            tmp_path.write_text(item.value + "\n")
-            ok, output = shfmt_via_hook(tmp_path)
-            if not ok:
-                _skip(path, item.line_idx, "inline run", output)
-                continue
-            formatted = tmp_path.read_text().rstrip("\n")
-            if formatted == item.value:
-                continue
-            formatted_lines = formatted.split("\n")
-            if len(formatted_lines) == 1:
-                lines[item.line_idx] = f"{item.prefix}run: {formatted}"
-            else:
-                body_indent = len(item.prefix) + 2
-                lines[item.line_idx : item.line_idx + 1] = [
-                    f"{item.prefix}run: |",
-                    *reindent(formatted_lines, body_indent),
-                ]
-            changed += 1
-    new_text = "\n".join(lines) + ("\n" if had_nl else "")
-    if new_text != text:
-        path.write_text(new_text)
-    return changed
-
-
-def process_md_file(path: Path, tmp_path: Path) -> int:
-    text = path.read_text()
-    had_nl = text.endswith("\n")
-    lines = text.split("\n")
-    if had_nl:
-        lines = lines[:-1]
-    blocks = find_md_bash_blocks(lines)
-    if not blocks:
-        return 0
-    changed = 0
-    for block in reversed(blocks):
-        body = lines[block.body_start : block.body_end]
-        tmp_path.write_text("\n".join(dedent(body, block.body_indent)) + "\n")
-        ok, output = shfmt_via_hook(tmp_path)
-        if not ok:
-            _skip(path, block.open_line_idx, "```bash block", output)
-            continue
-        formatted = tmp_path.read_text().rstrip("\n")
-        formatted_lines = formatted.split("\n") if formatted else []
-        new_body = reindent(formatted_lines, block.body_indent)
-        if new_body != body:
-            lines[block.body_start : block.body_end] = new_body
-            changed += 1
-    new_text = "\n".join(lines) + ("\n" if had_nl else "")
-    if new_text != text:
-        path.write_text(new_text)
-    return changed
-
-
-def process_file(path: Path, tmp_path: Path) -> int:
-    if path.suffix in (".yml", ".yaml"):
-        return process_yaml_file(path, tmp_path)
-    if path.suffix == ".md":
-        return process_md_file(path, tmp_path)
-    return 0
-
-
-def gather_files(argv: list[str]) -> list[Path]:
-    """Return YAML workflow/action files and markdown files that we should
-    process — either the paths in `argv` or, when `argv` is empty, every
-    such file in the repo (skipping `external/`)."""
-    if argv:
-        candidates: list[Path] = [
-            (REPO / a).resolve() if not Path(a).is_absolute() else Path(a) for a in argv
-        ]
-    else:
-        gh = REPO / ".github"
-        candidates = [
-            *gh.rglob("*.yml"),
-            *gh.rglob("*.yaml"),
-            *(
-                p
-                for p in REPO.rglob("*.md")
-                if "external" not in p.relative_to(REPO).parts
-            ),
-        ]
-    return sorted(
-        p
-        for p in candidates
-        if p.exists()
-        and (
-            (p.suffix in (".yml", ".yaml") and ".github" in p.parts)
-            or p.suffix == ".md"
-        )
-    )
-
-
-def main(argv: list[str]) -> int:
-    files = gather_files(argv)
-    if not files:
-        return 0
-    with tempfile.TemporaryDirectory(prefix="format-inline-bash-") as tmpdir:
-        tmp_path = Path(tmpdir) / "shfmt.sh"
-        total = 0
-        for f in files:
-            n = process_file(f, tmp_path)
-            if n:
-                print(f"{f.relative_to(REPO)}: reformatted {n} block(s)")
-                total += n
-        return 1 if total else 0
-
-
-if __name__ == "__main__":
-    sys.exit(main(sys.argv[1:]))

.github/scripts/levelization/results/loops.txt

@@ -4,9 +4,6 @@ Loop: test.jtx test.toplevel
 Loop: test.jtx test.unit_test
   test.unit_test ~= test.jtx
 
-Loop: xrpl.telemetry xrpld.rpc
-  xrpld.rpc > xrpl.telemetry
-
 Loop: xrpld.app xrpld.overlay
   xrpld.app > xrpld.overlay
 

.github/scripts/levelization/results/ordering.txt

@@ -41,8 +41,6 @@ libxrpl.shamap > xrpl.basics
 libxrpl.shamap > xrpl.nodestore
 libxrpl.shamap > xrpl.protocol
 libxrpl.shamap > xrpl.shamap
-libxrpl.telemetry > xrpl.basics
-libxrpl.telemetry > xrpl.telemetry
 libxrpl.tx > xrpl.basics
 libxrpl.tx > xrpl.conditions
 libxrpl.tx > xrpl.core
@@ -199,7 +197,6 @@ tests.libxrpl > xrpl.protocol
 tests.libxrpl > xrpl.protocol_autogen
 tests.libxrpl > xrpl.server
 tests.libxrpl > xrpl.shamap
-tests.libxrpl > xrpl.telemetry
 tests.libxrpl > xrpl.tx
 xrpl.conditions > xrpl.basics
 xrpl.conditions > xrpl.protocol
@@ -234,7 +231,6 @@ xrpl.server > xrpl.shamap
 xrpl.shamap > xrpl.basics
 xrpl.shamap > xrpl.nodestore
 xrpl.shamap > xrpl.protocol
-xrpl.telemetry > xrpl.basics
 xrpl.tx > xrpl.basics
 xrpl.tx > xrpl.core
 xrpl.tx > xrpl.ledger
@@ -253,7 +249,6 @@ xrpld.app > xrpl.rdb
 xrpld.app > xrpl.resource
 xrpld.app > xrpl.server
 xrpld.app > xrpl.shamap
-xrpld.app > xrpl.telemetry
 xrpld.app > xrpl.tx
 xrpld.consensus > xrpl.basics
 xrpld.consensus > xrpl.json

.github/scripts/rename/binary.sh

@@ -6,7 +6,7 @@ set -e
 # On MacOS, ensure that GNU sed is installed and available as `gsed`.
 SED_COMMAND=sed
 if [[ "${OSTYPE}" == 'darwin'* ]]; then
-    if ! command -v gsed &>/dev/null; then
+    if ! command -v gsed &> /dev/null; then
         echo "Error: gsed is not installed. Please install it using 'brew install gnu-sed'."
         exit 1
     fi

.github/scripts/rename/cmake.sh

@@ -8,12 +8,12 @@ set -e
 SED_COMMAND=sed
 HEAD_COMMAND=head
 if [[ "${OSTYPE}" == 'darwin'* ]]; then
-    if ! command -v gsed &>/dev/null; then
+    if ! command -v gsed &> /dev/null; then
         echo "Error: gsed is not installed. Please install it using 'brew install gnu-sed'."
         exit 1
     fi
     SED_COMMAND=gsed
-    if ! command -v ghead &>/dev/null; then
+    if ! command -v ghead &> /dev/null; then
         echo "Error: ghead is not installed. Please install it using 'brew install coreutils'."
         exit 1
     fi
@@ -74,10 +74,10 @@ if grep -q '"xrpld"' cmake/XrplCore.cmake; then
     # The script has been rerun, so just restore the name of the binary.
     ${SED_COMMAND} -i 's/"xrpld"/"rippled"/' cmake/XrplCore.cmake
 elif ! grep -q '"rippled"' cmake/XrplCore.cmake; then
-    ${HEAD_COMMAND} -n -1 cmake/XrplCore.cmake >cmake.tmp
-    echo '  # For the time being, we will keep the name of the binary as it was.' >>cmake.tmp
-    echo '  set_target_properties(xrpld PROPERTIES OUTPUT_NAME "rippled")' >>cmake.tmp
-    tail -1 cmake/XrplCore.cmake >>cmake.tmp
+    ${HEAD_COMMAND} -n -1 cmake/XrplCore.cmake > cmake.tmp
+    echo '  # For the time being, we will keep the name of the binary as it was.' >> cmake.tmp
+    echo '  set_target_properties(xrpld PROPERTIES OUTPUT_NAME "rippled")' >> cmake.tmp
+    tail -1 cmake/XrplCore.cmake >> cmake.tmp
     mv cmake.tmp cmake/XrplCore.cmake
 fi
 

.github/scripts/rename/config.sh

@@ -6,7 +6,7 @@ set -e
 # On MacOS, ensure that GNU sed is installed and available as `gsed`.
 SED_COMMAND=sed
 if [[ "${OSTYPE}" == 'darwin'* ]]; then
-    if ! command -v gsed &>/dev/null; then
+    if ! command -v gsed &> /dev/null; then
         echo "Error: gsed is not installed. Please install it using 'brew install gnu-sed'."
         exit 1
     fi

.github/scripts/rename/copyright.sh

@@ -6,7 +6,7 @@ set -e
 # On MacOS, ensure that GNU sed is installed and available as `gsed`.
 SED_COMMAND=sed
 if [[ "${OSTYPE}" == 'darwin'* ]]; then
-    if ! command -v gsed &>/dev/null; then
+    if ! command -v gsed &> /dev/null; then
         echo "Error: gsed is not installed. Please install it using 'brew install gnu-sed'."
         exit 1
     fi
@@ -62,37 +62,37 @@ done
 # restoring the verbiage that is already present in LICENSE.md. Ensure that if
 # the script is run multiple times, duplicate notices are not added.
 if ! grep -q 'Raw Material Software' include/xrpl/beast/core/CurrentThreadName.h; then
-    echo -e "// Portions of this file are from JUCE (http://www.juce.com).\n// Copyright (c) 2013 - Raw Material Software Ltd.\n// Please visit http://www.juce.com\n\n$(cat include/xrpl/beast/core/CurrentThreadName.h)" >include/xrpl/beast/core/CurrentThreadName.h
+    echo -e "// Portions of this file are from JUCE (http://www.juce.com).\n// Copyright (c) 2013 - Raw Material Software Ltd.\n// Please visit http://www.juce.com\n\n$(cat include/xrpl/beast/core/CurrentThreadName.h)" > include/xrpl/beast/core/CurrentThreadName.h
 fi
 if ! grep -q 'Dev Null' src/test/app/NetworkID_test.cpp; then
-    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/app/NetworkID_test.cpp)" >src/test/app/NetworkID_test.cpp
+    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/app/NetworkID_test.cpp)" > src/test/app/NetworkID_test.cpp
 fi
 if ! grep -q 'Dev Null' src/test/app/tx/apply_test.cpp; then
-    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/app/tx/apply_test.cpp)" >src/test/app/tx/apply_test.cpp
+    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/app/tx/apply_test.cpp)" > src/test/app/tx/apply_test.cpp
 fi
 if ! grep -q 'Dev Null' src/test/rpc/ManifestRPC_test.cpp; then
-    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/rpc/ManifestRPC_test.cpp)" >src/test/rpc/ManifestRPC_test.cpp
+    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/rpc/ManifestRPC_test.cpp)" > src/test/rpc/ManifestRPC_test.cpp
 fi
 if ! grep -q 'Dev Null' src/test/rpc/ValidatorInfo_test.cpp; then
-    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/rpc/ValidatorInfo_test.cpp)" >src/test/rpc/ValidatorInfo_test.cpp
+    echo -e "// Copyright (c) 2020 Dev Null Productions\n\n$(cat src/test/rpc/ValidatorInfo_test.cpp)" > src/test/rpc/ValidatorInfo_test.cpp
 fi
 if ! grep -q 'Dev Null' src/xrpld/rpc/handlers/server_info/Manifest.cpp; then
-    echo -e "// Copyright (c) 2019 Dev Null Productions\n\n$(cat src/xrpld/rpc/handlers/server_info/Manifest.cpp)" >src/xrpld/rpc/handlers/server_info/Manifest.cpp
+    echo -e "// Copyright (c) 2019 Dev Null Productions\n\n$(cat src/xrpld/rpc/handlers/server_info/Manifest.cpp)" > src/xrpld/rpc/handlers/server_info/Manifest.cpp
 fi
 if ! grep -q 'Dev Null' src/xrpld/rpc/handlers/admin/status/ValidatorInfo.cpp; then
-    echo -e "// Copyright (c) 2019 Dev Null Productions\n\n$(cat src/xrpld/rpc/handlers/admin/status/ValidatorInfo.cpp)" >src/xrpld/rpc/handlers/admin/status/ValidatorInfo.cpp
+    echo -e "// Copyright (c) 2019 Dev Null Productions\n\n$(cat src/xrpld/rpc/handlers/admin/status/ValidatorInfo.cpp)" > src/xrpld/rpc/handlers/admin/status/ValidatorInfo.cpp
 fi
 if ! grep -q 'Bougalis' include/xrpl/basics/SlabAllocator.h; then
-    echo -e "// Copyright (c) 2022, Nikolaos D. Bougalis <nikb@bougalis.net>\n\n$(cat include/xrpl/basics/SlabAllocator.h)" >include/xrpl/basics/SlabAllocator.h # cspell: ignore Nikolaos Bougalis nikb
+    echo -e "// Copyright (c) 2022, Nikolaos D. Bougalis <nikb@bougalis.net>\n\n$(cat include/xrpl/basics/SlabAllocator.h)" > include/xrpl/basics/SlabAllocator.h # cspell: ignore Nikolaos Bougalis nikb
 fi
 if ! grep -q 'Bougalis' include/xrpl/basics/spinlock.h; then
-    echo -e "// Copyright (c) 2022, Nikolaos D. Bougalis <nikb@bougalis.net>\n\n$(cat include/xrpl/basics/spinlock.h)" >include/xrpl/basics/spinlock.h # cspell: ignore Nikolaos Bougalis nikb
+    echo -e "// Copyright (c) 2022, Nikolaos D. Bougalis <nikb@bougalis.net>\n\n$(cat include/xrpl/basics/spinlock.h)" > include/xrpl/basics/spinlock.h # cspell: ignore Nikolaos Bougalis nikb
 fi
 if ! grep -q 'Bougalis' include/xrpl/basics/tagged_integer.h; then
-    echo -e "// Copyright (c) 2014, Nikolaos D. Bougalis <nikb@bougalis.net>\n\n$(cat include/xrpl/basics/tagged_integer.h)" >include/xrpl/basics/tagged_integer.h # cspell: ignore Nikolaos Bougalis nikb
+    echo -e "// Copyright (c) 2014, Nikolaos D. Bougalis <nikb@bougalis.net>\n\n$(cat include/xrpl/basics/tagged_integer.h)" > include/xrpl/basics/tagged_integer.h # cspell: ignore Nikolaos Bougalis nikb
 fi
 if ! grep -q 'Ritchford' include/xrpl/beast/utility/Zero.h; then
-    echo -e "// Copyright (c) 2014, Tom Ritchford <tom@swirly.com>\n\n$(cat include/xrpl/beast/utility/Zero.h)" >include/xrpl/beast/utility/Zero.h # cspell: ignore Ritchford
+    echo -e "// Copyright (c) 2014, Tom Ritchford <tom@swirly.com>\n\n$(cat include/xrpl/beast/utility/Zero.h)" > include/xrpl/beast/utility/Zero.h # cspell: ignore Ritchford
 fi
 
 # Restore newlines and tabs in string literals in the affected file.

.github/scripts/rename/definitions.sh

@@ -6,7 +6,7 @@ set -e
 # On MacOS, ensure that GNU sed is installed and available as `gsed`.
 SED_COMMAND=sed
 if [[ "${OSTYPE}" == 'darwin'* ]]; then
-    if ! command -v gsed &>/dev/null; then
+    if ! command -v gsed &> /dev/null; then
         echo "Error: gsed is not installed. Please install it using 'brew install gnu-sed'."
         exit 1
     fi

.github/scripts/rename/docs.sh

@@ -6,7 +6,7 @@ set -e
 # On MacOS, ensure that GNU sed is installed and available as `gsed`.
 SED_COMMAND=sed
 if [[ "${OSTYPE}" == 'darwin'* ]]; then
-    if ! command -v gsed &>/dev/null; then
+    if ! command -v gsed &> /dev/null; then
         echo "Error: gsed is not installed. Please install it using 'brew install gnu-sed'."
         exit 1
     fi

.github/scripts/rename/namespace.sh

@@ -6,7 +6,7 @@ set -e
 # On MacOS, ensure that GNU sed is installed and available as `gsed`.
 SED_COMMAND=sed
 if [[ "${OSTYPE}" == 'darwin'* ]]; then
-    if ! command -v gsed &>/dev/null; then
+    if ! command -v gsed &> /dev/null; then
         echo "Error: gsed is not installed. Please install it using 'brew install gnu-sed'."
         exit 1
     fi

.github/workflows/build-nix-image.yml

@@ -6,16 +6,14 @@ on:
       - develop
     paths:
       - ".github/workflows/build-nix-image.yml"
-      - ".github/workflows/reusable-build-docker-image.yml"
-      - "docker/**"
+      - "docker/nix.Dockerfile"
       - "flake.nix"
       - "flake.lock"
       - "nix/**"
   pull_request:
     paths:
       - ".github/workflows/build-nix-image.yml"
-      - ".github/workflows/reusable-build-docker-image.yml"
-      - "docker/**"
+      - "docker/nix.Dockerfile"
       - "flake.nix"
       - "flake.lock"
       - "nix/**"
@@ -29,81 +27,75 @@ defaults:
   run:
     shell: bash
 
+env:
+  UBUNTU_VERSION: "20.04"
+  RHEL_VERSION: "9"
+  DEBIAN_VERSION: "bookworm"
+
 jobs:
   build:
-    name: Build ${{ matrix.distro.name }} (${{ matrix.target.platform }})
-    permissions:
-      contents: read
-      packages: write
-    strategy:
-      fail-fast: false
-      matrix:
-        # The base images are the oldest supported version of each distro
-        # that we want to build images for.
-        distro:
-          - name: nixos
-            base_image: nixos/nix:latest
-          - name: ubuntu
-            base_image: ubuntu:20.04
-          - name: rhel
-            base_image: registry.access.redhat.com/ubi9/ubi:latest
-          - name: debian
-            base_image: debian:bookworm
-        target:
-          - platform: linux/amd64
-            runner: ubuntu-latest
-          - platform: linux/arm64
-            runner: ubuntu-24.04-arm
-    uses: ./.github/workflows/reusable-build-docker-image.yml
-    with:
-      image_name: ghcr.io/xrplf/xrpld/nix-${{ matrix.distro.name }}
-      dockerfile: docker/nix.Dockerfile
-      base_image: ${{ matrix.distro.base_image }}
-      platform: ${{ matrix.target.platform }}
-      runner: ${{ matrix.target.runner }}
-      push: ${{ github.repository == 'XRPLF/rippled' && github.event_name == 'push' }}
-
-  merge:
-    name: Merge ${{ matrix.distro }} manifest
-    needs: build
-    if: ${{ github.repository == 'XRPLF/rippled' && github.event_name == 'push' }}
+    name: Build and push Nix image (${{ matrix.distro }})
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
     strategy:
-      fail-fast: false
       matrix:
-        distro: [nixos, ubuntu, rhel, debian]
-    env:
-      IMAGE_NAME: ghcr.io/xrplf/xrpld/nix-${{ matrix.distro }}
+        include:
+          - distro: nixos
+          - distro: ubuntu
+          - distro: rhel
+          - distro: debian
 
     steps:
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - name: Docker metadata
-        id: meta
-        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
-        with:
-          images: ${{ env.IMAGE_NAME }}
-          tags: |
-            type=sha,prefix=sha-,format=short
-            type=raw,value=latest
+      - name: Determine base image
+        id: vars
+        run: |
+          case "${{ matrix.distro }}" in
+            nixos)
+              echo "base_image=nixos/nix:latest" >> $GITHUB_OUTPUT
+              ;;
+            ubuntu)
+              echo "base_image=ubuntu:${UBUNTU_VERSION}" >> $GITHUB_OUTPUT
+              ;;
+            rhel)
+              echo "base_image=registry.access.redhat.com/ubi${RHEL_VERSION}/ubi:latest" >> $GITHUB_OUTPUT
+              ;;
+            debian)
+              echo "base_image=debian:${DEBIAN_VERSION}" >> $GITHUB_OUTPUT
+              ;;
+          esac
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        if: github.event_name == 'push'
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Create multi-arch manifests
-        run: |
-          for tag in $(jq -cr '.tags[]' <<<"$DOCKER_METADATA_OUTPUT_JSON"); do
-              docker buildx imagetools create -t "$tag" "${tag}-amd64" "${tag}-arm64"
-          done
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
+        with:
+          images: ghcr.io/xrplf/ci/nix-${{ matrix.distro }}
+          tags: |
+            type=sha,prefix=sha-,format=short
+            type=raw,value=latest
 
-      - name: Inspect image
-        run: |
-          docker buildx imagetools inspect "${IMAGE_NAME}:${{ steps.meta.outputs.version }}"
+      - name: Build and push
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
+        with:
+          context: .
+          file: docker/nix.Dockerfile
+          platforms: linux/amd64
+          push: ${{ github.event_name == 'push' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: BASE_IMAGE=${{ steps.vars.outputs.base_image }}

.github/workflows/check-pr-description.yml

@@ -5,17 +5,8 @@ on:
     types:
       - checks_requested
   pull_request:
-    types:
-      - opened
-      - edited
-      - reopened
-      - synchronize
-      - ready_for_review
-    branches:
-      - develop
-      - "release-*"
-      - "release/*"
-      - "staging/*"
+    types: [opened, edited, reopened, synchronize, ready_for_review]
+    branches: [develop]
 
 jobs:
   check_description:
@@ -29,11 +20,11 @@ jobs:
         env:
           PR_BODY: ${{ github.event.pull_request.body }}
         if: ${{ github.event_name == 'pull_request' }}
-        run: printenv PR_BODY >pr_body.md
+        run: printenv PR_BODY > pr_body.md
 
       - name: Check PR description differs from template
         if: ${{ github.event_name == 'pull_request' }}
-        run: |
-          python .github/scripts/check-pr-description.py \
-              --template-file .github/pull_request_template.md \
-              --pr-body-file pr_body.md
+        run: >
+          python .github/scripts/check-pr-description.py
+          --template-file .github/pull_request_template.md
+          --pr-body-file pr_body.md

.github/workflows/check-pr-title.yml

@@ -5,19 +5,10 @@ on:
     types:
       - checks_requested
   pull_request:
-    types:
-      - opened
-      - edited
-      - reopened
-      - synchronize
-      - ready_for_review
-    branches:
-      - develop
-      - "release-*"
-      - "release/*"
-      - "staging/*"
+    types: [opened, edited, reopened, synchronize, ready_for_review]
+    branches: [develop]
 
 jobs:
   check_title:
     if: ${{ github.event.pull_request.draft != true }}
-    uses: XRPLF/actions/.github/workflows/check-pr-title.yml@cba1f0891650baf1a9c88624dc2d72573be2eb81
+    uses: XRPLF/actions/.github/workflows/check-pr-title.yml@291206777251b4d493641b5afbdf7c23009d2988

.github/workflows/on-pr.yml

@@ -98,7 +98,7 @@ jobs:
           READY: ${{ contains(github.event.pull_request.labels.*.name, 'Ready to merge') }}
           MERGE: ${{ github.event_name == 'merge_group' }}
         run: |
-          echo "go=${{ (env.DRAFT != 'true' && env.READY == 'true') || env.FILES == 'true' || env.MERGE == 'true' }}" >>"${GITHUB_OUTPUT}"
+          echo "go=${{ (env.DRAFT != 'true' && env.READY == 'true') || env.FILES == 'true' || env.MERGE == 'true' }}" >> "${GITHUB_OUTPUT}"
           cat "${GITHUB_OUTPUT}"
     outputs:
       go: ${{ steps.go.outputs.go == 'true' }}
@@ -168,9 +168,9 @@ jobs:
           PR_URL: ${{ github.event.pull_request.html_url }}
         run: |
           gh api --method POST -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \
-              /repos/xrplf/clio/dispatches -f "event_type=check_libxrpl" \
-              -F "client_payload[ref]=${{ needs.upload-recipe.outputs.recipe_ref }}" \
-              -F "client_payload[pr_url]=${PR_URL}"
+          /repos/xrplf/clio/dispatches -f "event_type=check_libxrpl" \
+          -F "client_payload[ref]=${{ needs.upload-recipe.outputs.recipe_ref }}" \
+          -F "client_payload[pr_url]=${PR_URL}"
 
   passed:
     if: failure() || cancelled()

.github/workflows/pre-commit.yml

@@ -14,7 +14,7 @@ on:
 jobs:
   # Call the workflow in the XRPLF/actions repo that runs the pre-commit hooks.
   run-hooks:
-    uses: XRPLF/actions/.github/workflows/pre-commit.yml@cba1f0891650baf1a9c88624dc2d72573be2eb81
+    uses: XRPLF/actions/.github/workflows/pre-commit.yml@5e942d61bf32f7557a7c159cfac4712a687b3e3a
     with:
       runs_on: ubuntu-latest
       container: '{ "image": "ghcr.io/xrplf/ci/tools-rippled-pre-commit:sha-41ec7c1" }'

.github/workflows/reusable-build-docker-image.yml

@@ -1,89 +0,0 @@
-# Build a single-platform Docker image. On push, the image is pushed to
-# GHCR with arch-suffixed tags (e.g. `:latest-amd64`, `:sha-abc-amd64`)
-# so the calling workflow can stitch per-arch builds into a multi-arch
-# manifest without needing to pass digests around.
-name: Reusable build Docker image (single platform)
-
-on:
-  workflow_call:
-    inputs:
-      image_name:
-        description: "Full image name without tag (e.g. 'ghcr.io/xrplf/xrpld/nix-ubuntu')"
-        required: true
-        type: string
-      dockerfile:
-        description: "Path to the Dockerfile, relative to the repository root"
-        required: true
-        type: string
-      base_image:
-        description: "Value passed to the Dockerfile as the BASE_IMAGE build arg"
-        required: true
-        type: string
-      platform:
-        description: "Docker platform string, e.g. linux/amd64"
-        required: true
-        type: string
-      runner:
-        description: "GitHub Actions runner label to build on"
-        required: true
-        type: string
-      push:
-        description: "Whether to push the image to GHCR"
-        required: true
-        type: boolean
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  build:
-    name: Build (${{ inputs.platform }})
-    runs-on: ${{ inputs.runner }}
-    permissions:
-      contents: read
-      packages: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-      - name: Determine arch
-        id: vars
-        env:
-          PLATFORM: ${{ inputs.platform }}
-        run: |
-          echo "arch=${PLATFORM##*/}" >>$GITHUB_OUTPUT
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
-
-      - name: Login to GitHub Container Registry
-        if: inputs.push
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Docker metadata
-        id: meta
-        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
-        with:
-          images: ${{ inputs.image_name }}
-          tags: |
-            type=sha,prefix=sha-,format=short
-            type=raw,value=latest
-          flavor: |
-            suffix=-${{ steps.vars.outputs.arch }},onlatest=true
-
-      - name: Build and push
-        uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
-        with:
-          context: .
-          file: ${{ inputs.dockerfile }}
-          platforms: ${{ inputs.platform }}
-          push: ${{ inputs.push }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          build-args: BASE_IMAGE=${{ inputs.base_image }}

.github/workflows/reusable-build-test-config.yml

@@ -113,7 +113,7 @@ jobs:
 
       - name: Set ccache log file
         if: ${{ inputs.ccache_enabled && runner.debug == '1' }}
-        run: echo "CCACHE_LOGFILE=${{ runner.temp }}/ccache.log" >>"${GITHUB_ENV}"
+        run: echo "CCACHE_LOGFILE=${{ runner.temp }}/ccache.log" >> "${GITHUB_ENV}"
 
       - name: Print build environment
         uses: XRPLF/actions/print-build-env@59dec886e4afb05a1724443af08baccbc045b574
@@ -146,11 +146,11 @@ jobs:
           CMAKE_ARGS: ${{ inputs.cmake_args }}
         run: |
           cmake \
-              -G '${{ runner.os == 'Windows' && 'Visual Studio 17 2022' || 'Ninja' }}' \
-              -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake \
-              -DCMAKE_BUILD_TYPE="${BUILD_TYPE}" \
-              ${CMAKE_ARGS} \
-              ..
+            -G '${{ runner.os == 'Windows' && 'Visual Studio 17 2022' || 'Ninja' }}' \
+            -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake \
+            -DCMAKE_BUILD_TYPE="${BUILD_TYPE}" \
+            ${CMAKE_ARGS} \
+            ..
 
       - name: Check protocol autogen files are up-to-date
         working-directory: ${{ env.BUILD_DIR }}
@@ -172,32 +172,32 @@ jobs:
           cmake --build . --target code_gen
           DIFF=$(git -C .. status --porcelain -- include/xrpl/protocol_autogen src/tests/libxrpl/protocol_autogen)
           if [ -n "${DIFF}" ]; then
-              echo "::error::Generated protocol files are out of date"
-              git -C .. diff -- include/xrpl/protocol_autogen src/tests/libxrpl/protocol_autogen
-              echo "${MESSAGE}"
-              exit 1
+            echo "::error::Generated protocol files are out of date"
+            git -C .. diff -- include/xrpl/protocol_autogen src/tests/libxrpl/protocol_autogen
+            echo "${MESSAGE}"
+            exit 1
           fi
 
       - name: Build the binary
         working-directory: ${{ env.BUILD_DIR }}
         env:
-          BUILD_NPROC: ${{ steps.nproc.outputs.nproc }}
+          BUILD_NPROC: ${{ runner.os == 'Linux' && '16' || steps.nproc.outputs.nproc }}
           BUILD_TYPE: ${{ inputs.build_type }}
           CMAKE_TARGET: ${{ inputs.cmake_target }}
         run: |
           cmake \
-              --build . \
-              --config "${BUILD_TYPE}" \
-              --parallel "${BUILD_NPROC}" \
-              --target "${CMAKE_TARGET}"
+            --build . \
+            --config "${BUILD_TYPE}" \
+            --parallel "${BUILD_NPROC}" \
+            --target "${CMAKE_TARGET}"
 
       - name: Show ccache statistics
         if: ${{ inputs.ccache_enabled }}
         run: |
           ccache --show-stats -vv
           if [ '${{ runner.debug }}' = '1' ]; then
-              cat "${CCACHE_LOGFILE}"
-              curl ${CCACHE_REMOTE_STORAGE%|*}/status || true
+            cat "${CCACHE_LOGFILE}"
+            curl ${CCACHE_REMOTE_STORAGE%|*}/status || true
           fi
 
       - name: Upload the binary (Linux)
@@ -214,7 +214,7 @@ jobs:
         working-directory: ${{ env.BUILD_DIR }}
         run: |
           set -o pipefail
-          ./xrpld --definitions | python3 -m json.tool >server_definitions.json
+          ./xrpld --definitions | python3 -m json.tool > server_definitions.json
 
       - name: Upload server definitions
         if: ${{ github.event.repository.visibility == 'public' && inputs.config_name == 'debian-bookworm-gcc-13-amd64-release' }}
@@ -231,10 +231,10 @@ jobs:
         run: |
           ldd ./xrpld
           if [ "$(ldd ./xrpld | grep -E '(libstdc\+\+|libgcc)' | wc -l)" -eq 0 ]; then
-              echo 'The binary is statically linked.'
+            echo 'The binary is statically linked.'
           else
-              echo 'The binary is dynamically linked.'
-              exit 1
+            echo 'The binary is dynamically linked.'
+            exit 1
           fi
 
       - name: Verify presence of instrumentation (Linux)
@@ -250,12 +250,12 @@ jobs:
         run: |
           ASAN_OPTS="include=${GITHUB_WORKSPACE}/sanitizers/suppressions/runtime-asan-options.txt:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/asan.supp"
           if [[ "${CONFIG_NAME}" == *gcc* ]]; then
-              ASAN_OPTS="${ASAN_OPTS}:alloc_dealloc_mismatch=0"
+            ASAN_OPTS="${ASAN_OPTS}:alloc_dealloc_mismatch=0"
           fi
-          echo "ASAN_OPTIONS=${ASAN_OPTS}" >>${GITHUB_ENV}
-          echo "TSAN_OPTIONS=include=${GITHUB_WORKSPACE}/sanitizers/suppressions/runtime-tsan-options.txt:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/tsan.supp" >>${GITHUB_ENV}
-          echo "UBSAN_OPTIONS=include=${GITHUB_WORKSPACE}/sanitizers/suppressions/runtime-ubsan-options.txt:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/ubsan.supp" >>${GITHUB_ENV}
-          echo "LSAN_OPTIONS=include=${GITHUB_WORKSPACE}/sanitizers/suppressions/runtime-lsan-options.txt:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/lsan.supp" >>${GITHUB_ENV}
+          echo "ASAN_OPTIONS=${ASAN_OPTS}" >> ${GITHUB_ENV}
+          echo "TSAN_OPTIONS=include=${GITHUB_WORKSPACE}/sanitizers/suppressions/runtime-tsan-options.txt:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/tsan.supp" >> ${GITHUB_ENV}
+          echo "UBSAN_OPTIONS=include=${GITHUB_WORKSPACE}/sanitizers/suppressions/runtime-ubsan-options.txt:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/ubsan.supp" >> ${GITHUB_ENV}
+          echo "LSAN_OPTIONS=include=${GITHUB_WORKSPACE}/sanitizers/suppressions/runtime-lsan-options.txt:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/lsan.supp" >> ${GITHUB_ENV}
 
       - name: Run the separate tests
         if: ${{ !inputs.build_only }}
@@ -266,9 +266,9 @@ jobs:
           PARALLELISM: ${{ runner.os == 'Windows' && '1' || steps.nproc.outputs.nproc }}
         run: |
           ctest \
-              --output-on-failure \
-              -C "${BUILD_TYPE}" \
-              -j "${PARALLELISM}"
+            --output-on-failure \
+            -C "${BUILD_TYPE}" \
+            -j "${PARALLELISM}"
 
       - name: Run the embedded tests
         if: ${{ !inputs.build_only }}
@@ -278,7 +278,7 @@ jobs:
         run: |
           set -o pipefail
           # Coverage builds are slower due to instrumentation; use fewer parallel jobs to avoid flakiness
-          [ "$COVERAGE_ENABLED" = "true" ] && BUILD_NPROC=$((BUILD_NPROC - 2))
+          [ "$COVERAGE_ENABLED" = "true" ] && BUILD_NPROC=$(( BUILD_NPROC - 2 ))
           ./xrpld --unittest --unittest-jobs "${BUILD_NPROC}" 2>&1 | tee unittest.log
 
       - name: Show test failure summary
@@ -287,19 +287,19 @@ jobs:
           WORKING_DIR: ${{ runner.os == 'Windows' && format('{0}\{1}', env.BUILD_DIR, inputs.build_type) || env.BUILD_DIR }}
         run: |
           if [ ! -d "${WORKING_DIR}" ]; then
-              echo "Working directory '${WORKING_DIR}' does not exist."
-              exit 0
+            echo "Working directory '${WORKING_DIR}' does not exist."
+            exit 0
           fi
 
           cd "${WORKING_DIR}"
 
           if [ ! -f unittest.log ]; then
-              echo "unittest.log not found; embedded tests may not have run."
-              exit 0
+            echo "unittest.log not found; embedded tests may not have run."
+            exit 0
           fi
 
           if ! grep -E "failed" unittest.log; then
-              echo "Log present but no failure lines found in unittest.log."
+            echo "Log present but no failure lines found in unittest.log."
           fi
       - name: Debug failure (Linux)
         if: ${{ failure() && runner.os == 'Linux' && !inputs.build_only }}
@@ -317,14 +317,14 @@ jobs:
           BUILD_TYPE: ${{ inputs.build_type }}
         run: |
           cmake \
-              --build . \
-              --config "${BUILD_TYPE}" \
-              --parallel "${BUILD_NPROC}" \
-              --target coverage
+            --build . \
+            --config "${BUILD_TYPE}" \
+            --parallel "${BUILD_NPROC}" \
+            --target coverage
 
       - name: Upload coverage report
         if: ${{ github.repository == 'XRPLF/rippled' && !inputs.build_only && env.COVERAGE_ENABLED == 'true' }}
-        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
         with:
           disable_search: true
           disable_telem: true

.github/workflows/reusable-check-levelization.yml

@@ -38,9 +38,9 @@ jobs:
         run: |
           DIFF=$(git status --porcelain)
           if [ -n "${DIFF}" ]; then
-              # Print the differences to give the contributor a hint about what to
-              # expect when running levelization on their own machine.
-              git diff
-              echo "${MESSAGE}"
-              exit 1
+            # Print the differences to give the contributor a hint about what to
+            # expect when running levelization on their own machine.
+            git diff
+            echo "${MESSAGE}"
+            exit 1
           fi

.github/workflows/reusable-check-rename.yml

@@ -48,9 +48,9 @@ jobs:
         run: |
           DIFF=$(git status --porcelain)
           if [ -n "${DIFF}" ]; then
-              # Print the differences to give the contributor a hint about what to
-              # expect when running the renaming scripts on their own machine.
-              git diff
-              echo "${MESSAGE}"
-              exit 1
+            # Print the differences to give the contributor a hint about what to
+            # expect when running the renaming scripts on their own machine.
+            git diff
+            echo "${MESSAGE}"
+            exit 1
           fi

.github/workflows/reusable-clang-tidy.yml

@@ -70,13 +70,13 @@ jobs:
         working-directory: ${{ env.BUILD_DIR }}
         run: |
           cmake \
-              -G 'Ninja' \
-              -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake \
-              -DCMAKE_BUILD_TYPE="${BUILD_TYPE}" \
-              -Dtests=ON \
-              -Dwerr=ON \
-              -Dxrpld=ON \
-              ..
+            -G 'Ninja' \
+            -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake \
+            -DCMAKE_BUILD_TYPE="${BUILD_TYPE}" \
+            -Dtests=ON \
+            -Dwerr=ON \
+            -Dxrpld=ON \
+            ..
 
       # clang-tidy needs headers generated from proto files
       - name: Build libxrpl.libpb
@@ -133,7 +133,7 @@ jobs:
       - name: Write issue header
         if: ${{ steps.run_clang_tidy.outcome != 'success' }}
         run: |
-          cat >"${ISSUE_FILE}" <<EOF
+          cat > "${ISSUE_FILE}" <<EOF
           ## Clang-tidy Check Failed
 
           ### Clang-tidy Output:
@@ -144,30 +144,30 @@ jobs:
         if: ${{ steps.run_clang_tidy.outcome != 'success' }}
         run: |
           if [ -f "${OUTPUT_FILE}" ]; then
-              # Extract lines containing 'error:', 'warning:', or 'note:'
-              grep -E '(error:|warning:|note:)' "${OUTPUT_FILE}" >filtered-output.txt || true
+            # Extract lines containing 'error:', 'warning:', or 'note:'
+            grep -E '(error:|warning:|note:)' "${OUTPUT_FILE}" > filtered-output.txt || true
 
-              # If filtered output is empty, use original (might be a different error format)
-              if [ ! -s filtered-output.txt ]; then
-                  cp "${OUTPUT_FILE}" filtered-output.txt
-              fi
+            # If filtered output is empty, use original (might be a different error format)
+            if [ ! -s filtered-output.txt ]; then
+              cp "${OUTPUT_FILE}" filtered-output.txt
+            fi
 
-              # Truncate if too large
-              head -c 60000 filtered-output.txt >>"${ISSUE_FILE}"
-              if [ "$(wc -c <filtered-output.txt)" -gt 60000 ]; then
-                  echo "" >>"${ISSUE_FILE}"
-                  echo "... (output truncated, see artifacts for full output)" >>"${ISSUE_FILE}"
-              fi
+            # Truncate if too large
+            head -c 60000 filtered-output.txt >> "${ISSUE_FILE}"
+            if [ "$(wc -c < filtered-output.txt)" -gt 60000 ]; then
+              echo "" >> "${ISSUE_FILE}"
+              echo "... (output truncated, see artifacts for full output)" >> "${ISSUE_FILE}"
+            fi
 
-              rm filtered-output.txt
+            rm filtered-output.txt
           else
-              echo "No output file found" >>"${ISSUE_FILE}"
+            echo "No output file found" >> "${ISSUE_FILE}"
           fi
 
       - name: Append issue footer
         if: ${{ steps.run_clang_tidy.outcome != 'success' }}
         run: |
-          cat >>"${ISSUE_FILE}" <<EOF
+          cat >> "${ISSUE_FILE}" <<EOF
           \`\`\`
 
           ---
@@ -176,7 +176,7 @@ jobs:
 
       - name: Create issue
         if: ${{ steps.run_clang_tidy.outcome != 'success' && inputs.create_issue_on_failure }}
-        uses: XRPLF/actions/create-issue@2b8bc36af85b88bca0dd7bfac2e2dc05f94ad712
+        uses: XRPLF/actions/create-issue@36d450d12d301e8410c1b7936e5de70c291cbe36
         with:
           title: "Clang-tidy check failed"
           body_file: ${{ env.ISSUE_FILE }}

.github/workflows/reusable-package.yml

@@ -39,7 +39,7 @@ jobs:
         id: generate
         working-directory: .github/scripts/strategy-matrix
         run: |
-          ./generate.py --packaging --config=linux.json >>"${GITHUB_OUTPUT}"
+          ./generate.py --packaging --config=linux.json >> "${GITHUB_OUTPUT}"
 
   generate-version:
     runs-on: ubuntu-latest
@@ -58,7 +58,6 @@ jobs:
 
   package:
     needs: [generate-matrix, generate-version]
-    if: ${{ github.event.repository.visibility == 'public' }}
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
@@ -89,7 +88,8 @@ jobs:
         run: ./package/build_pkg.sh
 
       - name: Upload package artifact
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        if: ${{ github.event.repository.visibility == 'public' }}
         with:
           name: ${{ matrix.artifact_name }}-pkg-${{ needs.generate-version.outputs.version }}
           path: |

.github/workflows/reusable-strategy-matrix.yml

@@ -42,4 +42,4 @@ jobs:
         env:
           GENERATE_CONFIG: ${{ inputs.os != '' && format('--config={0}.json', inputs.os) || '' }}
           GENERATE_OPTION: ${{ inputs.strategy_matrix == 'all' && '--all' || '' }}
-        run: ./generate.py ${GENERATE_OPTION} ${GENERATE_CONFIG} >>"${GITHUB_OUTPUT}"
+        run: ./generate.py ${GENERATE_OPTION} ${GENERATE_CONFIG} >> "${GITHUB_OUTPUT}"

.pre-commit-config.yaml

@@ -37,50 +37,37 @@ repos:
         exclude: ^include/xrpl/protocol_autogen/(transactions|ledger_entries)/
 
   - repo: https://github.com/pre-commit/mirrors-clang-format
-    rev: dd18dad857d6133e90bbe478f4f2f22ec0030269 # frozen: v22.1.5
+    rev: cd481d7b0bfb5c7b3090c21846317f9a8262e891 # frozen: v22.1.0
     hooks:
       - id: clang-format
         args: [--style=file]
         "types_or": [c++, c, proto]
         exclude: ^include/xrpl/protocol_autogen/(transactions|ledger_entries)/
 
-  - repo: https://github.com/BlankSpruce/gersemi-pre-commit
-    rev: faadd6a9d852369ca94f4d15b2404c967ba8cb01 # frozen: 0.27.6
+  - repo: https://github.com/BlankSpruce/gersemi
+    rev: 0.26.0
     hooks:
       - id: gersemi
 
   - repo: https://github.com/rbubley/mirrors-prettier
-    rev: 515f543f5718ebfd6ce22e16708bb32c68ff96e1 # frozen: v3.8.3
+    rev: c2bc67fe8f8f549cc489e00ba8b45aa18ee713b1 # frozen: v3.8.1
     hooks:
       - id: prettier
         args: [--end-of-line=auto]
 
   - repo: https://github.com/psf/black-pre-commit-mirror
-    rev: 4160603246a6b365d4a2af661c6d71b0a0f50478 # frozen: 26.5.1
+    rev: ea488cebbfd88a5f50b8bd95d5c829d0bb76feb8 # frozen: 26.1.0
     hooks:
       - id: black
 
-  - repo: https://github.com/scop/pre-commit-shfmt
-    rev: 05c1426671b9237fb5e1444dd63aa5731bec0dfb # frozen: v3.13.1-1
+  - repo: https://github.com/openstack/bashate
+    rev: 5798d24d571676fc407e81df574c1ef57b520f23 # frozen: 2.1.1
     hooks:
-      - id: shfmt
-        args: [--write, --indent=4, --case-indent=true]
-
-  - repo: local
-    hooks:
-      - id: format-inline-bash-workflows
-        name: "format `run:` blocks in workflows/actions"
-        entry: ./.github/scripts/format-inline-bash.py
-        language: python
-        files: ^\.github/(workflows|actions)/.*\.ya?ml$
-      - id: format-inline-bash-markdown
-        name: "format ```bash blocks in markdown"
-        entry: ./.github/scripts/format-inline-bash.py
-        language: python
-        files: \.md$
+      - id: bashate
+        args: ["--ignore=E006"]
 
   - repo: https://github.com/streetsidesoftware/cspell-cli
-    rev: 4643f154907327ee0a2c7038f0296e0dd77d9776 # frozen: v10.0.0
+    rev: a42085ade523f591dca134379a595e7859986445 # frozen: v9.7.0
     hooks:
       - id: cspell # Spell check changed files
         exclude: |

BUILD.md

@@ -151,8 +151,8 @@ git init
 git remote add origin git@github.com:XRPLF/conan-center-index.git
 git sparse-checkout init
 for recipe in "${recipes[@]}"; do
-    echo "Checking out recipe '${recipe}'..."
-    git sparse-checkout add recipes/${recipe}
+  echo "Checking out recipe '${recipe}'..."
+  git sparse-checkout add recipes/${recipe}
 done
 git fetch origin master
 git checkout master
@@ -180,7 +180,7 @@ the new recipe will be automatically pulled from the official Conan Center.
 
 If you see an error similar to the following after running `conan profile show`:
 
-```text
+```bash
 ERROR: Invalid setting '17' is not a valid 'settings.compiler.version' value.
 Possible values are ['5.0', '5.1', '6.0', '6.1', '7.0', '7.3', '8.0', '8.1',
 '9.0', '9.1', '10.0', '11.0', '12.0', '13', '13.0', '13.1', '14', '14.0', '15',
@@ -427,19 +427,16 @@ install ccache --version 4.11.3 --allow-downgrade`.
    Single-config generators:
 
    ```
-   cmake --build . --parallel N
+   cmake --build .
    ```
 
    Multi-config generators:
 
    ```
-   cmake --build . --config Release --parallel N
-   cmake --build . --config Debug --parallel N
+   cmake --build . --config Release
+   cmake --build . --config Debug
    ```
 
-   Replace the `--parallel` parameter N with the desired number of parallel jobs. A common starting point is half of the number of available CPU
-   cores.
-
 5. Test xrpld.
 
    Single-config generators:

CMakeLists.txt

@@ -117,18 +117,6 @@ if(rocksdb)
     target_link_libraries(xrpl_libs INTERFACE RocksDB::rocksdb)
 endif()
 
-# OpenTelemetry distributed tracing (optional).
-# When ON, links against opentelemetry-cpp and defines XRPL_ENABLE_TELEMETRY
-# so that SpanGuard factory methods produce real OTel spans.
-# When OFF (default), all tracing code compiles to no-ops with zero overhead.
-# Enable via: conan install -o telemetry=True, or cmake -Dtelemetry=ON.
-option(telemetry "Enable OpenTelemetry tracing" ON)
-if(telemetry)
-    find_package(opentelemetry-cpp CONFIG REQUIRED)
-    add_compile_definitions(XRPL_ENABLE_TELEMETRY)
-    message(STATUS "OpenTelemetry tracing enabled")
-endif()
-
 # Work around changes to Conan recipe for now.
 if(TARGET nudb::core)
     set(nudb nudb::core)

OpenTelemetryPlan/00-tracing-fundamentals.md

@@ -1,567 +0,0 @@
-# Distributed Tracing Fundamentals
-
-> **Parent Document**: [OpenTelemetryPlan.md](./OpenTelemetryPlan.md)
-> **Next**: [Architecture Analysis](./01-architecture-analysis.md)
-
----
-
-## What is Distributed Tracing?
-
-Distributed tracing is a method for tracking data objects as they flow through distributed systems. In a network like XRP Ledger, a single transaction touches multiple independent nodes—each with no shared memory or logging. Distributed tracing connects these dots.
-
-**Without tracing:** You see isolated logs on each node with no way to correlate them.
-
-**With tracing:** You see the complete journey of a transaction or an event across all nodes it touched.
-
----
-
-## Actors and Actions at a Glance
-
-### Actors
-
-| Who (Plain English)                            | Technical Term  |
-| ---------------------------------------------- | --------------- |
-| A single unit of work being tracked            | Span            |
-| The complete journey of a request              | Trace           |
-| Data that links spans across services          | Trace Context   |
-| Code that creates spans and propagates context | Instrumentation |
-| Service that receives and processes traces     | Collector       |
-| Storage and visualization system               | Backend (Tempo) |
-| Decision logic for which traces to keep        | Sampler         |
-
-### Actions
-
-| What Happens (Plain English)            | Technical Term          |
-| --------------------------------------- | ----------------------- |
-| Start tracking a new operation          | Create a Span           |
-| Connect a child operation to its parent | Set `parent_span_id`    |
-| Group all related operations together   | Share a `trace_id`      |
-| Pass tracking data between services     | Context Propagation     |
-| Decide whether to record a trace        | Sampling (Head or Tail) |
-| Send completed traces to storage        | Export (OTLP)           |
-
----
-
-## Core Concepts
-
-### 1. Trace
-
-A **trace** represents the entire journey of a request through the system. It has a unique `trace_id` that stays constant across all nodes.
-
-```
-Trace ID: abc123
-├── Node A: received transaction
-├── Node B: relayed transaction
-├── Node C: included in consensus
-└── Node D: applied to ledger
-```
-
-### 2. Span
-
-A **span** represents a single unit of work within a trace. Each span has:
-
-| Attribute        | Description                      | Example                    |
-| ---------------- | -------------------------------- | -------------------------- |
-| `trace_id`       | Identifies the trace             | `event123`                 |
-| `span_id`        | Unique identifier                | `span456`                  |
-| `parent_span_id` | Parent span (if any)             | `p_span123`                |
-| `name`           | Operation name                   | `rpc.submit`               |
-| `start_time`     | When work began (local time)     | `2024-01-15T10:30:00Z`     |
-| `end_time`       | When work completed (local time) | `2024-01-15T10:30:00.050Z` |
-| `attributes`     | Key-value metadata               | `tx.hash=ABC...`           |
-| `status`         | OK, ERROR MSG                    | `OK`                       |
-
-### 3. Trace Context
-
-**Trace context** is the data that propagates between services to link spans together. It contains:
-
-- `trace_id` - The trace this span belongs to
-- `span_id` - The current span (becomes parent for child spans)
-- `trace_flags` - Sampling decisions
-
----
-
-## How Spans Form a Trace
-
-Spans have parent-child relationships forming a tree structure:
-
-```mermaid
-flowchart TB
-    subgraph trace["Trace: abc123"]
-        A["tx.submit<br/>span_id: 001<br/>50ms"] --> B["tx.validate<br/>span_id: 002<br/>5ms"]
-        A --> C["tx.relay<br/>span_id: 003<br/>10ms"]
-        A --> D["tx.apply<br/>span_id: 004<br/>30ms"]
-        D --> E["ledger.update<br/>span_id: 005<br/>20ms"]
-    end
-
-    style A fill:#0d47a1,stroke:#082f6a,color:#ffffff
-    style B fill:#1b5e20,stroke:#0d3d14,color:#ffffff
-    style C fill:#1b5e20,stroke:#0d3d14,color:#ffffff
-    style D fill:#1b5e20,stroke:#0d3d14,color:#ffffff
-    style E fill:#bf360c,stroke:#8c2809,color:#ffffff
-```
-
-**Reading the diagram:**
-
-- **tx.submit (blue, root)**: The top-level span representing the entire transaction submission; all other spans are its descendants.
-- **tx.validate, tx.relay, tx.apply (green)**: Direct children of tx.submit, representing the three main stages -- validation, relay to peers, and application to the ledger.
-- **ledger.update (red)**: A grandchild span nested under tx.apply, representing the actual ledger state mutation triggered by applying the transaction.
-- **Arrows (parent to child)**: Each arrow indicates a parent-child span relationship where the parent's completion depends on the child finishing.
-
-The same trace visualized as a **timeline (Gantt chart)**:
-
-```
-Time →   0ms    10ms    20ms    30ms    40ms    50ms
-         ├───────────────────────────────────────────┤
-tx.submit│▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓│
-         ├─────┤
-tx.valid │▓▓▓▓▓│
-         │     ├──────────┤
-tx.relay │     │▓▓▓▓▓▓▓▓▓▓│
-         │               ├────────────────────────────┤
-tx.apply │               │▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓│
-         │                         ├──────────────────┤
-ledger   │                         │▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓│
-```
-
----
-
-## Span Relationships
-
-Spans don't always form simple parent-child trees. Distributed tracing defines several relationship types to capture different causal patterns:
-
-### 1. Parent-Child (ChildOf)
-
-The default relationship. The parent span **depends on** or **contains** the child span. The child runs within the scope of the parent.
-
-```
-tx.submit (parent)
-├── tx.validate (child)     ← parent waits for this
-├── tx.relay (child)        ← parent waits for this
-└── tx.apply (child)        ← parent waits for this
-```
-
-**When to use:** Synchronous calls, nested operations, any case where the parent's completion depends on the child.
-
-### 2. Follows-From
-
-A causal relationship where the first span **triggers** the second, but does **not wait** for it. The originator fires and moves on.
-
-```
-Time →
-
-tx.receive [=======]
-                     ↓ triggers (follows-from)
-              tx.relay   [===========]   ← runs independently
-```
-
-**When to use:** Asynchronous jobs, queued work, fire-and-forget patterns. For example, a node receives a transaction and queues it for relay — the relay span _follows from_ the receive span but the receiver doesn't wait for relaying to complete.
-
-> **OpenTracing** defined `FollowsFrom` as a first-class reference type alongside `ChildOf`.
-> **OpenTelemetry** represents this using **Span Links** with descriptive attributes instead (see below).
-
-### 3. Span Links (Cross-Trace and Non-Hierarchical)
-
-Links connect spans that are **causally related but not in a parent-child hierarchy**. Unlike parent-child, links can cross trace boundaries.
-
-```
-Trace A                          Trace B
-──────                           ──────
-batch.schedule                   batch.execute
-├─ item.enqueue (span X)    ┌──► process.item
-├─ item.enqueue (span Y) ───┤    (links to X, Y, Z)
-├─ item.enqueue (span Z)    └──►
-```
-
-**Use cases:**
-
-| Pattern              | Description                                                                 |
-| -------------------- | --------------------------------------------------------------------------- |
-| **Batch processing** | A batch span links back to all individual spans that contributed to it      |
-| **Fan-in**           | An aggregation span links to the multiple producer spans it merges          |
-| **Fan-out**          | Multiple downstream spans link back to the single span that triggered them  |
-| **Async handoff**    | A deferred job links back to the request that queued it (follows-from)      |
-| **Cross-trace**      | Correlating spans across independent traces (e.g., retries, related events) |
-
-**Link structure:** Each link carries the target span's context plus optional attributes:
-
-```
-Link {
-    trace_id:   <target trace>
-    span_id:    <target span>
-    attributes: { "link.description": "triggered by batch scheduler" }
-}
-```
-
-### Relationship Summary
-
-```mermaid
-flowchart LR
-    subgraph parent_child["Parent-Child"]
-        direction TB
-        P["Parent"] --> C["Child"]
-    end
-
-    subgraph follows_from["Follows-From"]
-        direction TB
-        A["Span A"] -.->|triggers| B["Span B"]
-    end
-
-    subgraph links["Span Links"]
-        direction TB
-        X["Span X\n(Trace 1)"] -.-|link| Y["Span Y\n(Trace 2)"]
-    end
-
-    parent_child ~~~ follows_from ~~~ links
-
-    style P fill:#0d47a1,stroke:#082f6a,color:#ffffff
-    style C fill:#1b5e20,stroke:#0d3d14,color:#ffffff
-    style A fill:#0d47a1,stroke:#082f6a,color:#ffffff
-    style B fill:#bf360c,stroke:#8c2809,color:#ffffff
-    style X fill:#4a148c,stroke:#38006b,color:#ffffff
-    style Y fill:#4a148c,stroke:#38006b,color:#ffffff
-```
-
-| Relationship     | Same Trace? | Dependency?                | OTel Mechanism    |
-| ---------------- | ----------- | -------------------------- | ----------------- |
-| **Parent-Child** | Yes         | Parent depends on child    | `parent_span_id`  |
-| **Follows-From** | Usually     | Causal but no dependency   | Link + attributes |
-| **Span Link**    | Either      | Correlation, no dependency | Link + attributes |
-
----
-
-## Trace ID Generation
-
-A `trace_id` is a 128-bit (16-byte) identifier that groups all spans belonging to one logical operation. How it's generated determines how easily you can find and correlate traces later.
-
-### General Approaches
-
-#### 1. Random (W3C Default)
-
-Generate a random 128-bit ID when a trace starts. Standard approach for most services.
-
-```
-trace_id = random_128_bits()
-```
-
-| Pros                        | Cons                                          |
-| --------------------------- | --------------------------------------------- |
-| Simple, standard            | No natural correlation to domain events       |
-| Guaranteed unique per trace | If propagation is lost, trace is broken       |
-| Works with all OTel tooling | "Find trace for TX abc" requires index lookup |
-
-#### 2. Deterministic (Derived from Domain Data)
-
-Compute the trace_id from a hash of a natural identifier. Every node independently derives the **same** trace_id for the same event.
-
-```
-trace_id = SHA-256(domain_identifier)[0:16]   // truncate to 128 bits
-```
-
-| Pros                                                | Cons                                                       |
-| --------------------------------------------------- | ---------------------------------------------------------- |
-| Propagation-resilient — same ID computed everywhere | Same event processed twice (retry) shares trace_id         |
-| Natural search — domain ID maps directly to trace   | Non-standard (tooling assumes random)                      |
-| No coordination needed between nodes                | 256→128 bit truncation (collision risk negligible at ~2⁶⁴) |
-
-#### 3. Hybrid (Deterministic Prefix + Random Suffix)
-
-First 8 bytes derived from domain data, last 8 bytes random.
-
-```
-trace_id = SHA-256(domain_identifier)[0:8] || random_64_bits()
-```
-
-| Pros                                        | Cons                                     |
-| ------------------------------------------- | ---------------------------------------- |
-| Prefix search: "find all traces for TX abc" | Must propagate to maintain full trace_id |
-| Unique per processing instance              | More complex generation logic            |
-| Retries get distinct trace_ids              | Partial correlation only (prefix match)  |
-
-### XRPL Workflow Analysis
-
-XRPL has a unique advantage: its core workflows produce **globally unique 256-bit hashes** that are known on every node. This makes deterministic trace_id generation practical in ways most systems can't achieve.
-
-#### Natural Identifiers by Workflow
-
-| Workflow            | Natural Identifier                | Size       | Known at Start?               | Same on All Nodes?               |
-| ------------------- | --------------------------------- | ---------- | ----------------------------- | -------------------------------- |
-| **Transaction**     | Transaction hash (`tid_`)         | 256-bit    | Yes — computed before signing | Yes — hash of canonical tx data  |
-| **Consensus round** | Previous ledger hash + ledger seq | 256+32 bit | Yes — known when round opens  | Yes — all validators agree       |
-| **Validation**      | Ledger hash being validated       | 256-bit    | Yes — from consensus result   | Yes — same closed ledger         |
-| **Ledger catch-up** | Target ledger hash                | 256-bit    | Yes — we know what to fetch   | Yes — identifies ledger globally |
-
-#### Where These Identifiers Live in Code
-
-```
-Transaction:     STTx::getTransactionID()     → uint256 tid_
-                 TMTransaction::rawTransaction → recompute hash from bytes
-
-Consensus:       ConsensusProposal::prevLedger_ → uint256 (previous ledger hash)
-                 ConsensusProposal::position_   → uint256 (TxSet hash)
-                 LedgerHeader::seq              → uint32_t (ledger sequence)
-
-Validation:      STValidation::getLedgerHash()  → uint256
-                 STValidation::getNodeID()      → NodeID (160-bit)
-
-Ledger fetch:    InboundLedger constructor      → uint256 hash, uint32_t seq
-                 TMGetLedger::ledgerHash        → bytes (uint256)
-```
-
-### Recommended Strategy: Workflow-Scoped Deterministic
-
-Each workflow type derives its trace_id from its natural domain identifier:
-
-```
-Transaction trace:   trace_id = SHA-256("tx"    || tx_hash)[0:16]
-Consensus trace:     trace_id = SHA-256("cons"  || prev_ledger_hash || ledger_seq)[0:16]
-Ledger catch-up:     trace_id = SHA-256("fetch" || target_ledger_hash)[0:16]
-```
-
-The string prefix (`"tx"`, `"cons"`, `"fetch"`) prevents collisions between workflows that might share underlying hashes.
-
-**Why this works for XRPL:**
-
-1. **Propagation-resilient** — Even if a P2P message drops trace context, every node independently computes the same trace_id from the same tx_hash or ledger_hash. Spans still correlate.
-
-2. **Zero-cost search** — "Show me the trace for transaction ABC" becomes a direct lookup: compute `SHA-256("tx" || ABC)[0:16]` and query. No secondary index needed.
-
-3. **Cross-workflow linking via Span Links** — A consensus trace links to individual transaction traces. A validation span links to the consensus trace. This connects the full picture without forcing everything into one giant trace.
-
-### Cross-Workflow Correlation
-
-Each workflow gets its own trace. Span Links tie them together:
-
-```mermaid
-flowchart TB
-    subgraph tx_trace["Transaction Trace"]
-        direction LR
-        Tn["trace_id = f(tx_hash)"]:::note --> T1["tx.receive"] --> T2["tx.validate"] --> T3["tx.relay"]
-    end
-
-    subgraph cons_trace["Consensus Trace"]
-        direction LR
-        Cn["trace_id = f(prev_ledger, seq)"]:::note --> C1["cons.open"] --> C2["cons.propose"] --> C3["cons.accept"]
-    end
-
-    subgraph val_trace["Validation"]
-        direction LR
-        Vn["spans within consensus trace"]:::note --> V1["val.create"] --> V2["val.broadcast"]
-    end
-
-    subgraph fetch_trace["Catch-Up Trace"]
-        direction LR
-        Fn["trace_id = f(ledger_hash)"]:::note --> F1["fetch.request"] --> F2["fetch.receive"] --> F3["fetch.apply"]
-    end
-
-    C1 -.-|"span link\n(tx traces)"| T3
-    C3 --> V1
-    F1 -.-|"span link\n(target ledger)"| C3
-
-    classDef note fill:none,stroke:#888,stroke-dasharray:5 5,color:#333,font-style:italic
-    style T1 fill:#0d47a1,stroke:#082f6a,color:#ffffff
-    style T2 fill:#0d47a1,stroke:#082f6a,color:#ffffff
-    style T3 fill:#0d47a1,stroke:#082f6a,color:#ffffff
-    style C1 fill:#1b5e20,stroke:#0d3d14,color:#ffffff
-    style C2 fill:#1b5e20,stroke:#0d3d14,color:#ffffff
-    style C3 fill:#1b5e20,stroke:#0d3d14,color:#ffffff
-    style V1 fill:#bf360c,stroke:#8c2809,color:#ffffff
-    style V2 fill:#bf360c,stroke:#8c2809,color:#ffffff
-    style F1 fill:#4a148c,stroke:#38006b,color:#ffffff
-    style F2 fill:#4a148c,stroke:#38006b,color:#ffffff
-    style F3 fill:#4a148c,stroke:#38006b,color:#ffffff
-```
-
-**Reading the diagram:**
-
-- **Transaction Trace (blue)**: An independent trace whose `trace_id` is deterministically derived from the transaction hash. Contains receive, validate, and relay spans.
-- **Consensus Trace (green)**: An independent trace whose `trace_id` is derived from the previous ledger hash and sequence number. Covers the open, propose, and accept phases.
-- **Validation (red)**: Validation spans live within the consensus trace (not a separate trace). They are created after the accept phase completes.
-- **Catch-Up Trace (purple)**: An independent trace for ledger acquisition, derived from the target ledger hash. Used when a node is behind and fetching missing ledgers.
-- **Dotted arrows (span links)**: Cross-trace correlations. Consensus links to transaction traces it included; catch-up links to the consensus trace that produced the target ledger.
-- **Solid arrow (C3 to V1)**: A parent-child relationship -- validation spans are direct children of the consensus accept span within the same trace.
-
-**How a query flows:**
-
-```
-"Why was TX abc slow?"
-  1. Compute trace_id = SHA-256("tx" || abc)[0:16]
-  2. Find transaction trace → see it was included in consensus round N
-  3. Follow span link → consensus trace for round N
-  4. See which phase was slow (propose? accept?)
-  5. If a node was catching up, follow link → catch-up trace
-```
-
-### Trade-offs to Consider
-
-| Concern                       | Mitigation                                                                                                                    |
-| ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------- |
-| **Retries get same trace_id** | Add `attempt` attribute to root span; spans have unique span_ids and timestamps                                               |
-| **256→128 bit truncation**    | Birthday-bound collision at ~2⁶⁴ operations — negligible for XRPL's throughput                                                |
-| **Non-standard generation**   | OTel spec allows any 16-byte non-zero value; tooling works on the hex string                                                  |
-| **Hash computation cost**     | SHA-256 is ~0.3μs per call; XRPL already computes these hashes for other purposes                                             |
-| **Late-binding identifiers**  | Ledger hash isn't known until after consensus — validation spans use ledger_seq as fallback, then link to the consensus trace |
-
----
-
-## Distributed Traces Across Nodes
-
-In distributed systems like xrpld, traces span **multiple independent nodes**. The trace context must be propagated in network messages:
-
-```mermaid
-sequenceDiagram
-    participant Client
-    participant NodeA as Node A
-    participant NodeB as Node B
-    participant NodeC as Node C
-
-    Client->>NodeA: Submit TX<br/>(no trace context)
-
-    Note over NodeA: Creates new trace<br/>trace_id: abc123<br/>span: tx.receive
-
-    NodeA->>NodeB: Relay TX<br/>(trace_id: abc123, parent: 001)
-
-    Note over NodeB: Creates child span<br/>span: tx.relay<br/>parent_span_id: 001
-
-    NodeA->>NodeC: Relay TX<br/>(trace_id: abc123, parent: 001)
-
-    Note over NodeC: Creates child span<br/>span: tx.relay<br/>parent_span_id: 001
-
-    Note over NodeA,NodeC: All spans share trace_id: abc123<br/>enabling correlation across nodes
-```
-
-**Reading the diagram:**
-
-- **Client**: The external entity that submits a transaction. It does not carry trace context -- the trace originates at the first node.
-- **Node A**: The entry point that creates a new trace (trace_id: abc123) and the root span `tx.receive`. It relays the transaction to peers with trace context attached.
-- **Node B and Node C**: Peer nodes that receive the relayed transaction along with the propagated trace context. Each creates a child span under Node A's span, preserving the same `trace_id`.
-- **Arrows with trace context**: The relay messages carry `trace_id` and `parent_span_id`, allowing each downstream node to link its spans back to the originating span on Node A.
-
----
-
-## Context Propagation
-
-For traces to work across nodes, **trace context must be propagated** in messages.
-
-### What's in the Context (~26 bytes)
-
-| Field         | Size     | Description                                             |
-| ------------- | -------- | ------------------------------------------------------- |
-| `trace_id`    | 16 bytes | Identifies the entire trace (constant across all nodes) |
-| `span_id`     | 8 bytes  | The sender's current span (becomes parent on receiver)  |
-| `trace_flags` | 1 byte   | Sampling decision (bit 0 = sampled; bits 1-7 reserved)  |
-| `trace_state` | variable | Optional vendor-specific data (typically omitted)       |
-
-### How span_id Changes at Each Hop
-
-Only **one** `span_id` travels in the context - the sender's current span. Each node:
-
-1. Extracts the received `span_id` and uses it as the `parent_span_id`
-2. Creates a **new** `span_id` for its own span
-3. Sends its own `span_id` as the parent when forwarding
-
-```
-Node A                      Node B                      Node C
-──────                      ──────                      ──────
-
-Span AAA                    Span BBB                    Span CCC
-   │                           │                           │
-   ▼                           ▼                           ▼
-Context out:                Context out:                Context out:
-├─ trace_id: abc123         ├─ trace_id: abc123         ├─ trace_id: abc123
-├─ span_id: AAA ──────────► ├─ span_id: BBB ──────────► ├─ span_id: CCC ──────►
-└─ flags: 01                └─ flags: 01                └─ flags: 01
-                               │                           │
-                          parent = AAA               parent = BBB
-```
-
-The `trace_id` stays constant, but `span_id` **changes at every hop** to maintain the parent-child chain.
-
-### Propagation Formats
-
-There are two patterns:
-
-### HTTP/RPC Headers (W3C Trace Context)
-
-```
-traceparent: 00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01
-             │  │                                │                │
-             │  │                                │                └── Flags (sampled)
-             │  │                                └── Parent span ID (16 hex)
-             │  └── Trace ID (32 hex)
-             └── Version
-```
-
-### Protocol Buffers (xrpld P2P messages)
-
-```protobuf
-message TMTransaction {
-    bytes rawTransaction = 1;
-    // ... existing fields ...
-
-    // Trace context extension
-    bytes trace_parent = 100;  // W3C traceparent
-    bytes trace_state = 101;   // W3C tracestate
-}
-```
-
----
-
-## Sampling
-
-Not every trace needs to be recorded. **Sampling** reduces overhead:
-
-### Head Sampling (at trace start)
-
-```
-Request arrives → Random 10% chance → Record or skip entire trace
-```
-
-- ✅ Low overhead
-- ❌ May miss interesting traces
-
-### Tail Sampling (after trace completes)
-
-```
-Trace completes → Collector evaluates:
-                  - Error? → KEEP
-                  - Slow? → KEEP
-                  - Normal? → Sample 10%
-```
-
-- ✅ Never loses important traces
-- ❌ Higher memory usage at collector
-
----
-
-## Key Benefits for xrpld
-
-| Challenge                          | How Tracing Helps                        |
-| ---------------------------------- | ---------------------------------------- |
-| "Where is my transaction?"         | Follow trace across all nodes it touched |
-| "Why was consensus slow?"          | See timing breakdown of each phase       |
-| "Which node is the bottleneck?"    | Compare span durations across nodes      |
-| "What happened during the outage?" | Correlate errors across the network      |
-
----
-
-## Glossary
-
-| Term                 | Definition                                                          |
-| -------------------- | ------------------------------------------------------------------- |
-| **Trace**            | Complete journey of a request, identified by `trace_id`             |
-| **Span**             | Single operation within a trace                                     |
-| **Parent-Child**     | Span relationship where the parent depends on the child             |
-| **Follows-From**     | Causal relationship where originator doesn't wait for the result    |
-| **Span Link**        | Non-hierarchical connection between spans, possibly across traces   |
-| **Deterministic ID** | Trace ID derived from domain data (e.g., tx_hash) instead of random |
-| **Context**          | Data propagated between services (`trace_id`, `span_id`, flags)     |
-| **Instrumentation**  | Code that creates spans and propagates context                      |
-| **Collector**        | Service that receives, processes, and exports traces                |
-| **Backend**          | Storage/visualization system (Tempo)                                |
-| **Head Sampling**    | Sampling decision at trace start                                    |
-| **Tail Sampling**    | Sampling decision after trace completes                             |
-
----
-
-_Next: [Architecture Analysis](./01-architecture-analysis.md)_ | _Back to: [Overview](./OpenTelemetryPlan.md)_

OpenTelemetryPlan/01-architecture-analysis.md

@@ -1,467 +0,0 @@
-# Architecture Analysis
-
-> **Parent Document**: [OpenTelemetryPlan.md](./OpenTelemetryPlan.md)
-> **Related**: [Design Decisions](./02-design-decisions.md) | [Implementation Strategy](./03-implementation-strategy.md)
-
----
-
-## 1.1 Current xrpld Architecture Overview
-
-> **WS** = WebSocket | **UNL** = Unique Node List | **TxQ** = Transaction Queue | **StatsD** = Statistics Daemon
-
-The xrpld node software consists of several interconnected components that need instrumentation for distributed tracing:
-
-```mermaid
-flowchart TB
-    subgraph xrpld["xrpld Node"]
-        subgraph services["Core Services"]
-            RPC["RPC Server<br/>(HTTP/WS/gRPC)"]
-            Overlay["Overlay<br/>(P2P Network)"]
-            Consensus["Consensus<br/>(RCLConsensus)"]
-            ValidatorList["ValidatorList<br/>(UNL Mgmt)"]
-        end
-
-        JobQueue["JobQueue<br/>(Thread Pool)"]
-
-        subgraph processing["Processing Layer"]
-            NetworkOPs["NetworkOPs<br/>(Tx Processing)"]
-            LedgerMaster["LedgerMaster<br/>(Ledger Mgmt)"]
-            NodeStore["NodeStore<br/>(Database)"]
-            InboundLedgers["InboundLedgers<br/>(Ledger Sync)"]
-        end
-
-        subgraph appservices["Application Services"]
-            PathFind["PathFinding<br/>(Payment Paths)"]
-            TxQ["TxQ<br/>(Fee Escalation)"]
-            LoadMgr["LoadManager<br/>(Fee/Load)"]
-        end
-
-        subgraph observability["Existing Observability"]
-            PerfLog["PerfLog<br/>(JSON)"]
-            Insight["Insight<br/>(StatsD)"]
-            Logging["Logging<br/>(Journal)"]
-        end
-
-        services --> JobQueue
-        JobQueue --> processing
-        JobQueue --> appservices
-    end
-
-    style xrpld fill:#424242,stroke:#212121,color:#ffffff
-    style services fill:#1565c0,stroke:#0d47a1,color:#ffffff
-    style processing fill:#2e7d32,stroke:#1b5e20,color:#ffffff
-    style appservices fill:#6a1b9a,stroke:#4a148c,color:#ffffff
-    style observability fill:#e65100,stroke:#bf360c,color:#ffffff
-```
-
-**Reading the diagram:**
-
-- **Core Services (blue)**: The entry points into xrpld -- RPC Server handles client requests, Overlay manages peer-to-peer networking, Consensus drives agreement, and ValidatorList manages trusted validators.
-- **JobQueue (center)**: The asynchronous thread pool that decouples Core Services from the Processing and Application layers. All work flows through it.
-- **Processing Layer (green)**: Core business logic -- NetworkOPs processes transactions, LedgerMaster manages ledger state, NodeStore handles persistence, and InboundLedgers synchronizes missing data.
-- **Application Services (purple)**: Higher-level features -- PathFinding computes payment routes, TxQ manages fee-based queuing, and LoadManager tracks server load.
-- **Existing Observability (orange)**: The current monitoring stack (PerfLog, Insight, Journal logging) that OpenTelemetry will complement, not replace.
-- **Arrows (Services to JobQueue to layers)**: Work originates at Core Services, is enqueued onto the JobQueue, and dispatched to Processing or Application layers for execution.
-
----
-
-## 1.1.1 Actors and Actions
-
-### Actors
-
-| Who (Plain English)                       | Technical Term             |
-| ----------------------------------------- | -------------------------- |
-| Network node running XRPL software        | xrpld node                 |
-| External client submitting requests       | RPC Client                 |
-| Network neighbor sharing data             | Peer (PeerImp)             |
-| Request handler for client queries        | RPC Server (ServerHandler) |
-| Command executor for specific RPC methods | RPCHandler                 |
-| Agreement process between nodes           | Consensus (RCLConsensus)   |
-| Transaction processing coordinator        | NetworkOPs                 |
-| Background task scheduler                 | JobQueue                   |
-| Ledger state manager                      | LedgerMaster               |
-| Payment route calculator                  | PathFinding (Pathfinder)   |
-| Transaction waiting room                  | TxQ (Transaction Queue)    |
-| Fee adjustment system                     | LoadManager                |
-| Trusted validator list manager            | ValidatorList              |
-| Protocol upgrade tracker                  | AmendmentTable             |
-| Ledger state hash tree                    | SHAMap                     |
-| Persistent key-value storage              | NodeStore                  |
-
-### Actions
-
-| What Happens (Plain English)                   | Technical Term         |
-| ---------------------------------------------- | ---------------------- |
-| Client sends a request to a node               | `rpc.request`          |
-| Node executes a specific RPC command           | `rpc.command.*`        |
-| Node receives a transaction from a peer        | `tx.receive`           |
-| Node checks if a transaction is valid          | `tx.validate`          |
-| Node forwards a transaction to neighbors       | `tx.relay`             |
-| Nodes agree on which transactions to include   | `consensus.round`      |
-| Consensus progresses through phases            | `consensus.phase.*`    |
-| Node builds a new confirmed ledger             | `ledger.build`         |
-| Node fetches missing ledger data from peers    | `ledger.acquire`       |
-| Node computes payment routes                   | `pathfind.compute`     |
-| Node queues a transaction for later processing | `txq.enqueue`          |
-| Node increases fees due to high load           | `fee.escalate`         |
-| Node fetches the latest trusted validator list | `validator.list.fetch` |
-| Node votes on a protocol amendment             | `amendment.vote`       |
-| Node synchronizes state tree data              | `shamap.sync`          |
-
----
-
-## 1.2 Key Components for Instrumentation
-
-> **TxQ** = Transaction Queue | **UNL** = Unique Node List
-
-| Component          | Location                                   | Purpose                  | Trace Value                      |
-| ------------------ | ------------------------------------------ | ------------------------ | -------------------------------- |
-| **Overlay**        | `src/xrpld/overlay/`                       | P2P communication        | Message propagation timing       |
-| **PeerImp**        | `src/xrpld/overlay/detail/PeerImp.cpp`     | Individual peer handling | Per-peer latency                 |
-| **RCLConsensus**   | `src/xrpld/app/consensus/RCLConsensus.cpp` | Consensus algorithm      | Round timing, phase analysis     |
-| **NetworkOPs**     | `src/xrpld/app/misc/NetworkOPs.cpp`        | Transaction processing   | Tx lifecycle tracking            |
-| **ServerHandler**  | `src/xrpld/rpc/detail/ServerHandler.cpp`   | RPC entry point          | Request latency                  |
-| **RPCHandler**     | `src/xrpld/rpc/detail/RPCHandler.cpp`      | Command execution        | Per-command timing               |
-| **JobQueue**       | `src/xrpl/core/JobQueue.h`                 | Async task execution     | Queue wait times                 |
-| **PathFinding**    | `src/xrpld/app/paths/`                     | Payment path computation | Path latency, cache hits         |
-| **TxQ**            | `src/xrpld/app/misc/TxQ.cpp`               | Transaction queue/fees   | Queue depth, eviction rates      |
-| **LoadManager**    | `src/xrpld/app/main/LoadManager.cpp`       | Fee escalation/load      | Fee levels, load factors         |
-| **InboundLedgers** | `src/xrpld/app/ledger/InboundLedgers.cpp`  | Ledger acquisition       | Sync time, peer reliability      |
-| **ValidatorList**  | `src/xrpld/app/misc/ValidatorList.cpp`     | UNL management           | List freshness, fetch failures   |
-| **AmendmentTable** | `src/xrpld/app/misc/AmendmentTable.cpp`    | Protocol amendments      | Voting status, activation events |
-| **SHAMap**         | `src/xrpld/shamap/`                        | State hash tree          | Sync speed, missing nodes        |
-
----
-
-## 1.3 Transaction Flow Diagram
-
-Transaction flow spans multiple nodes in the network. Each node creates linked spans to form a distributed trace:
-
-```mermaid
-sequenceDiagram
-    participant Client
-    participant PeerA as Peer A (Receive)
-    participant PeerB as Peer B (Relay)
-    participant PeerC as Peer C (Validate)
-
-    Client->>PeerA: 1. Submit TX
-
-    rect rgb(230, 245, 255)
-        Note over PeerA: tx.receive SPAN START
-        PeerA->>PeerA: HashRouter Deduplication
-        PeerA->>PeerA: tx.validate (child span)
-    end
-
-    PeerA->>PeerB: 2. Relay TX (with trace ctx)
-
-    rect rgb(230, 245, 255)
-        Note over PeerB: tx.receive (linked span)
-    end
-
-    PeerB->>PeerC: 3. Relay TX
-
-    rect rgb(230, 245, 255)
-        Note over PeerC: tx.receive (linked span)
-        PeerC->>PeerC: tx.process
-    end
-
-    Note over Client,PeerC: DISTRIBUTED TRACE (same trace_id: abc123)
-```
-
-**Reading the diagram:**
-
-- **Client**: The external entity that submits a transaction to Peer A. It has no trace context -- the trace starts at the first node.
-- **Peer A (Receive)**: The entry node that creates the root span `tx.receive`, runs HashRouter deduplication to avoid processing duplicates, and creates a child `tx.validate` span.
-- **Peer A to Peer B arrow**: The relay message carries trace context (trace_id + parent span_id), enabling Peer B to create a linked span under the same trace.
-- **Peer B (Relay)**: Receives the transaction and trace context, creates a `tx.receive` span linked to Peer A's trace, then relays onward.
-- **Peer C (Validate)**: Final hop in this example. Creates a linked `tx.receive` span and runs `tx.process` to fully process the transaction.
-- **Blue rectangles**: Highlight the span boundaries on each node, showing where instrumentation creates and closes spans.
-
-### Trace Structure
-
-```
-trace_id: abc123
-├── span: tx.receive (Peer A)
-│   ├── span: tx.validate
-│   └── span: tx.relay
-├── span: tx.receive (Peer B) [parent: Peer A]
-│   └── span: tx.relay
-└── span: tx.receive (Peer C) [parent: Peer B]
-    └── span: tx.process
-```
-
----
-
-## 1.4 Consensus Round Flow
-
-Consensus rounds are multi-phase operations that benefit significantly from tracing:
-
-```mermaid
-flowchart TB
-    subgraph round["consensus.round (root span)"]
-        attrs["Attributes:<br/>xrpl.consensus.ledger.seq = 12345678<br/>xrpl.consensus.mode = proposing<br/>xrpl.consensus.proposers = 35"]
-
-        subgraph open["consensus.phase.open"]
-            open_desc["Duration: ~3s<br/>Waiting for transactions"]
-        end
-
-        subgraph establish["consensus.phase.establish"]
-            est_attrs["proposals_received = 28<br/>disputes_resolved = 3"]
-            est_children["├── consensus.proposal.receive (×28)<br/>├── consensus.proposal.send (×1)<br/>└── consensus.dispute.resolve (×3)"]
-        end
-
-        subgraph accept["consensus.phase.accept"]
-            acc_attrs["transactions_applied = 150<br/>ledger.hash = DEF456..."]
-            acc_children["├── ledger.build<br/>└── ledger.validate"]
-        end
-
-        attrs --> open
-        open --> establish
-        establish --> accept
-    end
-
-    style round fill:#f57f17,stroke:#e65100,color:#ffffff
-    style open fill:#1565c0,stroke:#0d47a1,color:#ffffff
-    style establish fill:#2e7d32,stroke:#1b5e20,color:#ffffff
-    style accept fill:#c2185b,stroke:#880e4f,color:#ffffff
-```
-
-**Reading the diagram:**
-
-- **consensus.round (orange, root span)**: The top-level span encompassing the entire consensus round, with attributes like ledger sequence, mode, and proposer count.
-- **consensus.phase.open (blue)**: The first phase where the node waits (~3s) to collect incoming transactions before proposing.
-- **consensus.phase.establish (green)**: The negotiation phase where validators exchange proposals, resolve disputes, and converge on a transaction set. Child spans track each proposal received/sent and each dispute resolved.
-- **consensus.phase.accept (pink)**: The final phase where the agreed transaction set is applied, a new ledger is built, and the ledger is validated. Child spans cover `ledger.build` and `ledger.validate`.
-- **Arrows (open to establish to accept)**: The sequential flow through the three consensus phases. Each phase must complete before the next begins.
-
----
-
-## 1.5 RPC Request Flow
-
-> **WS** = WebSocket
-
-RPC requests support W3C Trace Context headers for distributed tracing across services:
-
-```mermaid
-flowchart TB
-    subgraph request["rpc.request (root span)"]
-        http["HTTP Request — POST /<br/>traceparent:<br/>00-abc123...-def456...-01"]
-
-        attrs["Attributes:<br/>http.method = POST<br/>net.peer.ip = 192.168.1.100<br/>command = submit"]
-
-        subgraph enqueue["jobqueue.enqueue"]
-            job_attr["xrpl.job.type = jtCLIENT_RPC"]
-        end
-
-        subgraph command["rpc.command.submit"]
-            cmd_attrs["version = 2<br/>rpc_role = user"]
-            cmd_children["├── tx.deserialize<br/>├── tx.validate_local<br/>└── tx.submit_to_network"]
-        end
-
-        response["Response: 200 OK<br/>Duration: 45ms"]
-
-        http --> attrs
-        attrs --> enqueue
-        enqueue --> command
-        command --> response
-    end
-
-    style request fill:#2e7d32,stroke:#1b5e20,color:#ffffff
-    style enqueue fill:#1565c0,stroke:#0d47a1,color:#ffffff
-    style command fill:#e65100,stroke:#bf360c,color:#ffffff
-```
-
-**Reading the diagram:**
-
-- **rpc.request (green, root span)**: The outermost span representing the full RPC request lifecycle, from HTTP receipt to response. Carries the W3C `traceparent` header for distributed tracing.
-- **HTTP Request node**: Shows the incoming POST request with its `traceparent` header and extracted attributes (method, peer IP, command name).
-- **jobqueue.enqueue (blue)**: The span covering the asynchronous handoff from the RPC thread to the JobQueue worker thread. The trace context is preserved across this async boundary.
-- **rpc.command.submit (orange)**: The span for the actual command execution, with child spans for deserialization, local validation, and network submission.
-- **Response node**: The final output with HTTP status and total duration, marking the end of the root span.
-- **Arrows (top to bottom)**: The sequential processing pipeline -- receive request, extract attributes, enqueue job, execute command, return response.
-
----
-
-## 1.6 Key Trace Points
-
-> **TxQ** = Transaction Queue
-
-The following table identifies priority instrumentation points across the codebase:
-
-| Category        | Span Name              | File                   | Method                  | Priority |
-| --------------- | ---------------------- | ---------------------- | ----------------------- | -------- |
-| **Transaction** | `tx.receive`           | `PeerImp.cpp`          | `handleTransaction()`   | High     |
-| **Transaction** | `tx.validate`          | `NetworkOPs.cpp`       | `processTransaction()`  | High     |
-| **Transaction** | `tx.process`           | `NetworkOPs.cpp`       | `doTransactionSync()`   | High     |
-| **Transaction** | `tx.relay`             | `OverlayImpl.cpp`      | `relay()`               | Medium   |
-| **Consensus**   | `consensus.round`      | `RCLConsensus.cpp`     | `startRound()`          | High     |
-| **Consensus**   | `consensus.phase.*`    | `Consensus.h`          | `timerEntry()`          | High     |
-| **Consensus**   | `consensus.proposal.*` | `RCLConsensus.cpp`     | `peerProposal()`        | Medium   |
-| **RPC**         | `rpc.request`          | `ServerHandler.cpp`    | `onRequest()`           | High     |
-| **RPC**         | `rpc.command.*`        | `RPCHandler.cpp`       | `doCommand()`           | High     |
-| **Peer**        | `peer.connect`         | `OverlayImpl.cpp`      | `onHandoff()`           | Low      |
-| **Peer**        | `peer.message.*`       | `PeerImp.cpp`          | `onMessage()`           | Low      |
-| **Ledger**      | `ledger.acquire`       | `InboundLedgers.cpp`   | `acquire()`             | Medium   |
-| **Ledger**      | `ledger.build`         | `RCLConsensus.cpp`     | `buildLCL()`            | High     |
-| **PathFinding** | `pathfind.request`     | `PathRequest.cpp`      | `doUpdate()`            | High     |
-| **PathFinding** | `pathfind.compute`     | `Pathfinder.cpp`       | `findPaths()`           | High     |
-| **TxQ**         | `txq.enqueue`          | `TxQ.cpp`              | `apply()`               | High     |
-| **TxQ**         | `txq.apply`            | `TxQ.cpp`              | `processClosedLedger()` | High     |
-| **Fee**         | `fee.escalate`         | `LoadManager.cpp`      | `raiseLocalFee()`       | Medium   |
-| **Ledger**      | `ledger.replay`        | `LedgerReplayer.h`     | `replay()`              | Medium   |
-| **Ledger**      | `ledger.delta`         | `LedgerDeltaAcquire.h` | `processData()`         | Medium   |
-| **Validator**   | `validator.list.fetch` | `ValidatorList.cpp`    | `verify()`              | Medium   |
-| **Validator**   | `validator.manifest`   | `Manifest.cpp`         | `applyManifest()`       | Low      |
-| **Amendment**   | `amendment.vote`       | `AmendmentTable.cpp`   | `doVoting()`            | Low      |
-| **SHAMap**      | `shamap.sync`          | `SHAMap.cpp`           | `fetchRoot()`           | Medium   |
-
----
-
-## 1.7 Instrumentation Priority
-
-> **TxQ** = Transaction Queue
-
-```mermaid
-quadrantChart
-    title Instrumentation Priority Matrix
-    x-axis Low Complexity --> High Complexity
-    y-axis Low Value --> High Value
-    quadrant-1 Implement First
-    quadrant-2 Plan Carefully
-    quadrant-3 Quick Wins
-    quadrant-4 Consider Later
-
-    RPC Tracing: [0.2, 0.92]
-    Transaction Tracing: [0.55, 0.88]
-    Consensus Tracing: [0.78, 0.82]
-    PathFinding: [0.38, 0.75]
-    TxQ and Fees: [0.25, 0.65]
-    Ledger Sync: [0.62, 0.58]
-    Peer Message Tracing: [0.35, 0.25]
-    JobQueue Tracing: [0.2, 0.48]
-    Validator Mgmt: [0.48, 0.42]
-    Amendment Tracking: [0.15, 0.32]
-    SHAMap Operations: [0.72, 0.45]
-```
-
----
-
-## 1.8 Observable Outcomes
-
-> **TxQ** = Transaction Queue | **UNL** = Unique Node List
-
-After implementing OpenTelemetry, operators and developers will gain visibility into the following:
-
-### 1.8.1 What You Will See: Traces
-
-| Trace Type                 | Description                                                                                 | Example Query in Grafana/Tempo                       |
-| -------------------------- | ------------------------------------------------------------------------------------------- | ---------------------------------------------------- |
-| **Transaction Lifecycle**  | Full journey from RPC submission through validation, relay, consensus, and ledger inclusion | `{service.name="xrpld" && xrpl.tx.hash="ABC123..."}` |
-| **Cross-Node Propagation** | Transaction path across multiple xrpld nodes with timing                                    | `{xrpl.tx.relay_count > 0}`                          |
-| **Consensus Rounds**       | Complete round with all phases (open, establish, accept)                                    | `{span.name=~"consensus.round.*"}`                   |
-| **RPC Request Processing** | Individual command execution with timing breakdown                                          | `{command="account_info"}`                           |
-| **Ledger Acquisition**     | Peer-to-peer ledger data requests and responses                                             | `{span.name="ledger.acquire"}`                       |
-| **PathFinding Latency**    | Path computation time and cache effectiveness for payment RPCs                              | `{span.name="pathfind.compute"}`                     |
-| **TxQ Behavior**           | Queue depth, eviction patterns, fee escalation during congestion                            | `{span.name=~"txq.*"}`                               |
-| **Ledger Sync**            | Full acquisition timeline including delta and transaction fetches                           | `{span.name=~"ledger.acquire.*"}`                    |
-| **Validator Health**       | UNL fetch success, manifest updates, stale list detection                                   | `{span.name=~"validator.*"}`                         |
-
-### 1.8.2 What You Will See: Metrics (Derived from Traces)
-
-| Metric                        | Description                             | Dashboard Panel             |
-| ----------------------------- | --------------------------------------- | --------------------------- |
-| **RPC Latency (p50/p95/p99)** | Response time distribution per command  | Heatmap by command          |
-| **Transaction Throughput**    | Transactions processed per second       | Time series graph           |
-| **Consensus Round Duration**  | Time to complete consensus phases       | Histogram                   |
-| **Cross-Node Latency**        | Time for transaction to reach N nodes   | Line chart with percentiles |
-| **Error Rate**                | Failed transactions/RPC calls by type   | Stacked bar chart           |
-| **PathFinding Latency**       | Path computation time per currency pair | Heatmap by currency         |
-| **TxQ Depth**                 | Queued transactions over time           | Time series with thresholds |
-| **Fee Escalation Level**      | Current fee multiplier                  | Gauge with alert thresholds |
-| **Ledger Sync Duration**      | Time to acquire missing ledgers         | Histogram                   |
-
-### 1.8.3 Concrete Dashboard Examples
-
-**Transaction Trace View (Tempo):**
-
-```
-┌────────────────────────────────────────────────────────────────────────────────┐
-│ Trace: abc123... (Transaction Submission)                    Duration: 847ms   │
-├────────────────────────────────────────────────────────────────────────────────┤
-│ ├── rpc.request [ServerHandler]                              ████░░░░░░  45ms  │
-│ │   └── rpc.command.submit [RPCHandler]                      ████░░░░░░  42ms  │
-│ │       └── tx.receive [NetworkOPs]                          ███░░░░░░░  35ms  │
-│ │           ├── tx.validate [TxQ]                            █░░░░░░░░░   8ms  │
-│ │           └── tx.relay [Overlay]                           ██░░░░░░░░  15ms  │
-│ │               ├── tx.receive [Node-B]                      █████░░░░░  52ms  │
-│ │               │   └── tx.relay [Node-B]                    ██░░░░░░░░  18ms  │
-│ │               └── tx.receive [Node-C]                      ██████░░░░  65ms  │
-│ └── consensus.round [RCLConsensus]                           ████████░░ 720ms  │
-│     ├── consensus.phase.open                                 ██░░░░░░░░ 180ms  │
-│     ├── consensus.phase.establish                            █████░░░░░ 480ms  │
-│     └── consensus.phase.accept                               █░░░░░░░░░  60ms  │
-└────────────────────────────────────────────────────────────────────────────────┘
-```
-
-**RPC Performance Dashboard Panel:**
-
-```
-┌─────────────────────────────────────────────────────────────┐
-│ RPC Command Latency (Last 1 Hour)                           │
-├─────────────────────────────────────────────────────────────┤
-│ Command          │ p50    │ p95    │ p99    │ Errors │ Rate │
-│──────────────────┼────────┼────────┼────────┼────────┼──────│
-│ account_info     │  12ms  │  45ms  │  89ms  │  0.1%  │ 150/s│
-│ submit           │  35ms  │ 120ms  │ 250ms  │  2.3%  │  45/s│
-│ ledger           │   8ms  │  25ms  │  55ms  │  0.0%  │  80/s│
-│ tx               │  15ms  │  50ms  │ 100ms  │  0.5%  │  60/s│
-│ server_info      │   5ms  │  12ms  │  20ms  │  0.0%  │ 200/s│
-└─────────────────────────────────────────────────────────────┘
-```
-
-**Consensus Health Dashboard Panel:**
-
-```mermaid
----
-config:
-    xyChart:
-        width: 1200
-        height: 400
-        plotReservedSpacePercent: 50
-        chartOrientation: vertical
-    themeVariables:
-        xyChart:
-            plotColorPalette: "#3498db"
----
-xychart-beta
-    title "Consensus Round Duration (Last 24 Hours)"
-    x-axis "Time of Day (Hours)" [0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24]
-    y-axis "Duration (seconds)" 1 --> 5
-    line [2.1, 2.4, 2.8, 3.2, 3.8, 4.3, 4.5, 5.0, 4.7, 4.0, 3.2, 2.6, 2.0]
-```
-
-### 1.8.4 Operator Actionable Insights
-
-| Scenario                  | What You'll See                                                              | Action                                           |
-| ------------------------- | ---------------------------------------------------------------------------- | ------------------------------------------------ |
-| **Slow RPC**              | Span showing which phase is slow (parsing, execution, serialization)         | Optimize specific code path                      |
-| **Transaction Stuck**     | Trace stops at validation; error attribute shows reason                      | Fix transaction parameters                       |
-| **Consensus Delay**       | Phase.establish taking too long; proposer attribute shows missing validators | Investigate network connectivity                 |
-| **Memory Spike**          | Large batch of spans correlating with memory increase                        | Tune batch_size or sampling                      |
-| **Network Partition**     | Traces missing cross-node links for specific peer                            | Check peer connectivity                          |
-| **Path Computation Slow** | pathfind.compute span shows high latency; cache miss rate in attributes      | Warm the RippleLineCache, check order book depth |
-| **TxQ Full**              | txq.enqueue spans show evictions; fee.escalate spans increasing              | Monitor fee levels, alert operators              |
-| **Ledger Sync Stalled**   | ledger.acquire spans timing out; peer reliability attributes show issues     | Check peer connectivity, add trusted peers       |
-| **UNL Stale**             | validator.list.fetch spans failing; last_update attribute aging              | Verify validator site URLs, check DNS            |
-
-### 1.8.5 Developer Debugging Workflow
-
-1. **Find Transaction**: Query by `xrpl.tx.hash` to get full trace
-2. **Identify Bottleneck**: Look at span durations to find slowest component
-3. **Check Attributes**: Review `xrpl.tx.validity`, `rpc_status` for errors
-4. **Correlate Logs**: Use `trace_id` to find related PerfLog entries
-5. **Compare Nodes**: Filter by `service.instance.id` to compare behavior across nodes
-
----
-
-_Next: [Design Decisions](./02-design-decisions.md)_ | _Back to: [Overview](./OpenTelemetryPlan.md)_

OpenTelemetryPlan/02-design-decisions.md

@@ -1,633 +0,0 @@
-# Design Decisions
-
-> **Parent Document**: [OpenTelemetryPlan.md](./OpenTelemetryPlan.md)
-> **Related**: [Architecture Analysis](./01-architecture-analysis.md) | [Code Samples](./04-code-samples.md)
-
----
-
-## 2.1 OpenTelemetry Components
-
-> **OTLP** = OpenTelemetry Protocol
-
-### 2.1.1 SDK Selection
-
-**Primary Choice**: OpenTelemetry C++ SDK (`opentelemetry-cpp`)
-
-| Component                               | Purpose                | Required                  |
-| --------------------------------------- | ---------------------- | ------------------------- |
-| `opentelemetry-cpp::api`                | Tracing API headers    | Yes                       |
-| `opentelemetry-cpp::sdk`                | SDK implementation     | Yes                       |
-| `opentelemetry-cpp::ext`                | Extensions (exporters) | Yes                       |
-| `opentelemetry-cpp::otlp_http_exporter` | OTLP/HTTP export       | Yes (shipped in Phase 1b) |
-| `opentelemetry-cpp::otlp_grpc_exporter` | OTLP/gRPC export       | Future (not yet wired up) |
-
-### 2.1.2 Instrumentation Strategy
-
-**Manual Instrumentation** (recommended):
-
-| Approach   | Pros                                                            | Cons                                                    |
-| ---------- | --------------------------------------------------------------- | ------------------------------------------------------- |
-| **Manual** | Precise control, optimized placement, xrpld-specific attributes | More development effort                                 |
-| **Auto**   | Less code, automatic coverage                                   | Less control, potential overhead, limited customization |
-
----
-
-## 2.2 Exporter Configuration
-
-> **OTLP** = OpenTelemetry Protocol
-
-```mermaid
-flowchart TB
-    subgraph nodes["xrpld Nodes"]
-        node1["xrpld<br/>Node 1"]
-        node2["xrpld<br/>Node 2"]
-        node3["xrpld<br/>Node 3"]
-    end
-
-    collector["OpenTelemetry<br/>Collector<br/>(sidecar or standalone)"]
-
-    subgraph backends["Observability Backends"]
-        tempo["Tempo"]
-        elastic["Elastic<br/>APM"]
-    end
-
-    node1 -->|"OTLP/HTTP<br/>:4318"| collector
-    node2 -->|"OTLP/HTTP<br/>:4318"| collector
-    node3 -->|"OTLP/HTTP<br/>:4318"| collector
-
-    collector --> tempo
-    collector --> elastic
-
-    style nodes fill:#0d47a1,stroke:#082f6a,color:#ffffff
-    style backends fill:#1b5e20,stroke:#0d3d14,color:#ffffff
-    style collector fill:#bf360c,stroke:#8c2809,color:#ffffff
-```
-
-**Reading the diagram:**
-
-- **xrpld Nodes (blue)**: The source of telemetry data. Each xrpld node exports spans via OTLP/HTTP on port 4318 (the only exporter shipped in Phase 1b).
-- **OpenTelemetry Collector (red)**: The central aggregation point that receives spans from all nodes. Can run as a sidecar (per-node) or standalone (shared). Handles batching, filtering, and routing.
-- **Observability Backends (green)**: The storage and visualization destinations. Tempo is the recommended backend for both development and production, and Elastic APM is an alternative. The Collector routes to one or more backends.
-- **Arrows (nodes to collector to backends)**: The data pipeline -- spans flow from nodes to the Collector over HTTP, then the Collector fans out to the configured backends.
-
-### 2.2.1 OTLP/HTTP (Shipped in Phase 1b)
-
-```cpp
-// Configuration for OTLP over HTTP (the only exporter currently wired up).
-namespace otlp = opentelemetry::exporter::otlp;
-
-otlp::OtlpHttpExporterOptions opts;
-opts.url = "http://localhost:4318/v1/traces";
-opts.content_type = otlp::HttpRequestContentType::kJson;  // or kBinary
-```
-
-### 2.2.2 OTLP/gRPC (Future Work — Planned Upgrade)
-
-OTLP/gRPC is planned as a future upgrade from the HTTP exporter. The gRPC
-transport offers lower per-span overhead and tighter back-pressure semantics
-than HTTP/JSON, making it attractive for production deployments once the HTTP
-path is validated in earlier phases.
-
-Required to land this upgrade:
-
-1. Add `opentelemetry-cpp::otlp_grpc_exporter` to the Conan recipe (the
-   dependency already exists but is not linked in Phase 1b builds).
-2. Extend `TelemetryConfig.cpp` to parse an `exporter` key (`otlp_http`
-   default, `otlp_grpc` opt-in) and a gRPC endpoint override.
-3. In `Telemetry::start()` branch on the parsed exporter type and construct
-   either `OtlpHttpExporterFactory::Create(httpOpts)` or
-   `OtlpGrpcExporterFactory::Create(grpcOpts)` accordingly.
-4. Update the runbook and dashboards to document the alternate port and TLS
-   settings.
-
-Example Phase 1b+ gRPC configuration (when wired up):
-
-```cpp
-// Configuration for OTLP over gRPC (future work).
-namespace otlp = opentelemetry::exporter::otlp;
-
-otlp::OtlpGrpcExporterOptions opts;
-opts.endpoint = "<otel-collector-host>:4317";
-opts.use_ssl_credentials = true;
-opts.ssl_credentials_cacert_path = "/path/to/ca.crt";
-```
-
-Until that work lands, `OtlpGrpcExporterOptions` is **not** used by any code
-path in Phase 1b through Phase 5.
-
----
-
-## 2.3 Span Naming Conventions
-
-> **TxQ** = Transaction Queue | **UNL** = Unique Node List | **WS** = WebSocket
-
-### 2.3.1 Naming Schema
-
-```
-<component>.<operation>[.<sub-operation>]
-```
-
-**Examples**:
-
-- `tx.receive` - Transaction received from peer
-- `consensus.phase.establish` - Consensus establish phase
-- `rpc.command.server_info` - server_info RPC command
-
-### 2.3.2 Complete Span Catalog
-
-```yaml
-# Transaction Spans
-tx:
-  receive: "Transaction received from network"
-  validate: "Transaction signature/format validation"
-  process: "Full transaction processing"
-  relay: "Transaction relay to peers"
-  apply: "Apply transaction to ledger"
-
-# Consensus Spans
-consensus:
-  round: "Complete consensus round"
-  phase:
-    open: "Open phase - collecting transactions"
-    establish: "Establish phase - reaching agreement"
-    accept: "Accept phase - applying consensus"
-  proposal:
-    receive: "Receive peer proposal"
-    send: "Send our proposal"
-  validation:
-    receive: "Receive peer validation"
-    send: "Send our validation"
-
-# RPC Spans
-rpc:
-  request: "HTTP/WebSocket request handling"
-  command:
-    "*": "Specific RPC command (dynamic)"
-
-# Peer Spans
-peer:
-  connect: "Peer connection establishment"
-  disconnect: "Peer disconnection"
-  message:
-    send: "Send protocol message"
-    receive: "Receive protocol message"
-
-# Ledger Spans
-ledger:
-  acquire: "Ledger acquisition from network"
-  build: "Build new ledger"
-  validate: "Ledger validation"
-  close: "Close ledger"
-  replay: "Ledger replay executed"
-  delta: "Delta-based ledger acquired"
-
-# PathFinding Spans
-pathfind:
-  request: "Path request initiated"
-  compute: "Path computation executed"
-
-# TxQ Spans
-txq:
-  enqueue: "Transaction queued"
-  apply: "Queued transaction applied"
-
-# Fee/Load Spans
-fee:
-  escalate: "Fee escalation triggered"
-
-# Validator Spans
-validator:
-  list:
-    fetch: "UNL list fetched"
-  manifest: "Manifest update processed"
-
-# Amendment Spans
-amendment:
-  vote: "Amendment voting executed"
-
-# SHAMap Spans
-shamap:
-  sync: "State tree synchronization"
-
-# Job Spans
-job:
-  enqueue: "Job added to queue"
-  execute: "Job execution"
-```
-
----
-
-## 2.4 Attribute Schema
-
-> **TxQ** = Transaction Queue | **UNL** = Unique Node List | **OTLP** = OpenTelemetry Protocol
-
-### 2.4.1 Resource Attributes (Set Once at Startup)
-
-```cpp
-// Standard OpenTelemetry semantic conventions
-resource::SemanticConventions::SERVICE_NAME        = "xrpld"
-resource::SemanticConventions::SERVICE_VERSION     = BuildInfo::getVersionString()
-resource::SemanticConventions::SERVICE_INSTANCE_ID = <node_public_key_base58>
-
-// Custom xrpld attributes
-"xrpl.network.id"      = <network_id>           // e.g., 0 for mainnet
-"xrpl.network.type"    = "mainnet" | "testnet" | "devnet" | "standalone"
-"xrpl.node.type"       = "validator" | "stock" | "reporting"
-"xrpl.node.cluster"    = <cluster_name>         // If clustered
-```
-
-### 2.4.2 Span Attributes by Category
-
-#### Transaction Attributes
-
-```cpp
-"xrpl.tx.hash"         = string   // Transaction hash (hex)
-"xrpl.tx.type"         = string   // "Payment", "OfferCreate", etc.
-"xrpl.tx.account"      = string   // Source account (redacted in prod)
-"xrpl.tx.sequence"     = int64    // Account sequence number
-"xrpl.tx.fee"          = int64    // Fee in drops
-"xrpl.tx.result"       = string   // "tesSUCCESS", "tecPATH_DRY", etc.
-"xrpl.tx.ledger_index" = int64    // Ledger containing transaction
-```
-
-#### Consensus Attributes
-
-```cpp
-"xrpl.consensus.round"          = int64    // Round number
-"xrpl.consensus.phase"          = string   // "open", "establish", "accept"
-"xrpl.consensus.mode"           = string   // "proposing", "observing", etc.
-"xrpl.consensus.proposers"      = int64    // Number of proposers
-"xrpl.consensus.ledger.prev"    = string   // Previous ledger hash
-"xrpl.consensus.ledger.seq"     = int64    // Ledger sequence
-"xrpl.consensus.tx_count"       = int64    // Transactions in consensus set
-"xrpl.consensus.duration_ms"    = float64  // Round duration
-```
-
-#### RPC Attributes
-
-```cpp
-"command"              = string   // Command name
-"version"              = int64    // API version
-"rpc_role"             = string   // "admin" or "user"
-"xrpl.rpc.params"      = string   // Sanitized parameters (optional, planned)
-```
-
-#### Peer & Message Attributes
-
-```cpp
-"xrpl.peer.id"            = string   // Peer public key (base58)
-"xrpl.peer.address"       = string   // IP:port
-"xrpl.peer.latency_ms"    = float64  // Measured latency
-"xrpl.peer.cluster"       = string   // Cluster name if clustered
-"xrpl.message.type"       = string   // Protocol message type name
-"xrpl.message.size_bytes" = int64    // Message size
-"xrpl.message.compressed" = bool     // Whether compressed
-```
-
-#### Ledger & Job Attributes
-
-```cpp
-"xrpl.ledger.hash"       = string   // Ledger hash
-"xrpl.ledger.index"      = int64    // Ledger sequence/index
-"xrpl.ledger.close_time" = int64    // Close time (epoch)
-"xrpl.ledger.tx_count"   = int64    // Transaction count
-"xrpl.job.type"          = string   // Job type name
-"xrpl.job.queue_ms"      = float64  // Time spent in queue
-"xrpl.job.worker"        = int64    // Worker thread ID
-```
-
-#### PathFinding Attributes
-
-```cpp
-"source_currency"  = string   // Source currency code (planned, not yet implemented)
-"dest_currency"    = string   // Destination currency code (planned, not yet implemented)
-"path_count"       = int64    // Number of paths found (planned, not yet implemented)
-"cache_hit"        = bool     // RippleLineCache hit (planned, not yet implemented)
-```
-
-#### TxQ Attributes
-
-```cpp
-"xrpl.txq.queue_depth"      = int64    // Current queue depth
-"xrpl.txq.fee_level"        = int64    // Fee level of transaction
-"xrpl.txq.eviction_reason"  = string   // Why transaction was evicted
-```
-
-#### Fee Attributes
-
-```cpp
-"xrpl.fee.load_factor"      = int64    // Current load factor
-"xrpl.fee.escalation_level" = int64    // Fee escalation multiplier
-```
-
-#### Validator Attributes
-
-```cpp
-"xrpl.validator.list_size"    = int64    // UNL size
-"xrpl.validator.list_age_sec" = int64    // Seconds since last update
-```
-
-#### Amendment Attributes
-
-```cpp
-"xrpl.amendment.name"         = string   // Amendment name
-"xrpl.amendment.status"       = string   // "enabled", "vetoed", "supported"
-```
-
-#### SHAMap Attributes
-
-```cpp
-"xrpl.shamap.type"            = string   // "transaction", "state", "account_state"
-"xrpl.shamap.missing_nodes"   = int64    // Number of missing nodes during sync
-"xrpl.shamap.duration_ms"     = float64  // Sync duration
-```
-
-### 2.4.3 Data Collection Summary
-
-The following table summarizes what data is collected by category:
-
-| Category        | Attributes Collected                                                                                             | Purpose                      |
-| --------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------- |
-| **Transaction** | `tx.hash`, `tx.type`, `tx.result`, `tx.fee`, `ledger_index`                                                      | Trace transaction lifecycle  |
-| **Consensus**   | `round`, `phase`, `mode`, `proposers` (public keys), `duration_ms`                                               | Analyze consensus timing     |
-| **RPC**         | `command`, `version`, `status`, `duration_ms`                                                                    | Monitor RPC performance      |
-| **Peer**        | `peer.id` (public key), `latency_ms`, `message.type`, `message.size`                                             | Network topology analysis    |
-| **Ledger**      | `ledger.hash`, `ledger.index`, `close_time`, `tx_count`                                                          | Ledger progression tracking  |
-| **Job**         | `job.type`, `queue_ms`, `worker`                                                                                 | JobQueue performance         |
-| **PathFinding** | `pathfind_fast`, `pathfind_search_level`, `pathfind_num_paths`, `pathfind_ledger_index`, `pathfind_num_requests` | Payment path analysis        |
-| **TxQ**         | `txq.queue_depth`, `fee_level`, `eviction_reason`                                                                | Queue depth and fee tracking |
-| **Fee**         | `fee.load_factor`, `escalation_level`                                                                            | Fee escalation monitoring    |
-| **Validator**   | `validator.list_size`, `list_age_sec`                                                                            | UNL health monitoring        |
-| **Amendment**   | `amendment.name`, `status`                                                                                       | Protocol upgrade tracking    |
-| **SHAMap**      | `shamap.type`, `missing_nodes`, `duration_ms`                                                                    | State tree sync performance  |
-
-### 2.4.4 Privacy & Sensitive Data Policy
-
-> **PII** = Personally Identifiable Information
-
-OpenTelemetry instrumentation is designed to collect **operational metadata only**, never sensitive content.
-
-#### Data NOT Collected
-
-The following data is explicitly **excluded** from telemetry collection:
-
-| Excluded Data           | Reason                                    |
-| ----------------------- | ----------------------------------------- |
-| **Private Keys**        | Never exposed; not relevant to tracing    |
-| **Account Balances**    | Financial data; privacy sensitive         |
-| **Transaction Amounts** | Financial data; privacy sensitive         |
-| **Raw TX Payloads**     | May contain sensitive memo/data fields    |
-| **Personal Data**       | No PII collected                          |
-| **IP Addresses**        | Configurable; excluded by default in prod |
-
-#### Privacy Protection Mechanisms
-
-| Mechanism                     | Description                                                               |
-| ----------------------------- | ------------------------------------------------------------------------- |
-| **Account Hashing**           | `xrpl.tx.account` is hashed at collector level before storage             |
-| **Configurable Redaction**    | Sensitive fields can be excluded via `[telemetry]` config section         |
-| **Sampling**                  | Only 10% of traces recorded by default, reducing data exposure            |
-| **Local Control**             | Node operators have full control over what gets exported                  |
-| **No Raw Payloads**           | Transaction content is never recorded, only metadata (hash, type, result) |
-| **Collector-Level Filtering** | Additional redaction/hashing can be configured at OTel Collector          |
-
-#### Collector-Level Data Protection
-
-The OpenTelemetry Collector can be configured to hash or redact sensitive attributes before export:
-
-```yaml
-processors:
-  attributes:
-    actions:
-      # Hash account addresses before storage
-      - key: xrpl.tx.account
-        action: hash
-      # Remove IP addresses entirely
-      - key: xrpl.peer.address
-        action: delete
-      # Redact specific fields
-      - key: xrpl.rpc.params
-        action: delete
-```
-
-#### Configuration Options for Privacy
-
-In `xrpld.cfg`, operators can control data collection granularity:
-
-```ini
-[telemetry]
-enabled=1
-
-# Disable collection of specific components
-trace_transactions=1
-trace_consensus=1
-trace_rpc=1
-trace_peer=0          # Disable peer tracing (high volume, includes addresses)
-
-# Redact specific attributes
-redact_account=1      # Hash account addresses before export
-redact_peer_address=1 # Remove peer IP addresses
-```
-
-> **Note**: The `redact_account` configuration in `xrpld.cfg` controls SDK-level redaction before export, while collector-level filtering (see [Collector-Level Data Protection](#collector-level-data-protection) above) provides an additional defense-in-depth layer. Both can operate independently.
-
-> **Key Principle**: Telemetry collects **operational metadata** (timing, counts, hashes) — never **sensitive content** (keys, balances, amounts, raw payloads).
-
----
-
-## 2.5 Context Propagation Design
-
-> **WS** = WebSocket
-
-### 2.5.1 Propagation Boundaries
-
-```mermaid
-flowchart TB
-    subgraph http["HTTP/WebSocket (RPC)"]
-        w3c["W3C Trace Context Headers:<br/>traceparent:<br/>00-trace_id-span_id-flags<br/>tracestate: xrpld=..."]
-    end
-
-    subgraph protobuf["Protocol Buffers (P2P)"]
-        proto["message TraceContext {<br/>  bytes trace_id = 1;  // 16 bytes<br/>  bytes span_id = 2;   // 8 bytes<br/>  uint32 trace_flags = 3;<br/>  string trace_state = 4;<br/>}"]
-    end
-
-    subgraph jobqueue["JobQueue (Internal Async)"]
-        job["Context captured at job creation,<br/>restored at execution<br/><br/>class Job {<br/>  otel::context::Context<br/>    traceContext_;<br/>};"]
-    end
-
-    style http fill:#0d47a1,stroke:#082f6a,color:#ffffff
-    style protobuf fill:#1b5e20,stroke:#0d3d14,color:#ffffff
-    style jobqueue fill:#bf360c,stroke:#8c2809,color:#ffffff
-```
-
-**Reading the diagram:**
-
-- **HTTP/WebSocket - RPC (blue)**: For client-facing RPC requests, trace context is propagated using the W3C `traceparent` header. This is the standard approach and works with any OTel-compatible client.
-- **Protocol Buffers - P2P (green)**: For peer-to-peer messages between xrpld nodes, trace context is embedded as a protobuf `TraceContext` message carrying trace_id, span_id, flags, and optional trace_state.
-- **JobQueue - Internal Async (red)**: For asynchronous work within a single node, the OTel context is captured when a job is created and restored when the job executes on a worker thread. This bridges the async gap so spans remain linked.
-
----
-
-## 2.6 Integration with Existing Observability
-
-> **OTLP** = OpenTelemetry Protocol | **WS** = WebSocket
-
-### 2.6.1 Existing Frameworks Comparison
-
-xrpld already has two observability mechanisms. OpenTelemetry complements (not replaces) them:
-
-| Aspect                | PerfLog                       | Beast Insight (StatsD)       | OpenTelemetry             |
-| --------------------- | ----------------------------- | ---------------------------- | ------------------------- |
-| **Type**              | Logging                       | Metrics                      | Distributed Tracing       |
-| **Data**              | JSON log entries              | Counters, gauges, histograms | Spans with context        |
-| **Scope**             | Single node                   | Single node                  | **Cross-node**            |
-| **Output**            | `perf.log` file               | StatsD server                | OTLP Collector            |
-| **Question answered** | "What happened on this node?" | "How many? How fast?"        | "What was the journey?"   |
-| **Correlation**       | By timestamp                  | By metric name               | By `trace_id`             |
-| **Overhead**          | Low (file I/O)                | Low (UDP packets)            | Low-Medium (configurable) |
-
-### 2.6.2 What Each Framework Does Best
-
-#### PerfLog
-
-- **Purpose**: Detailed local event logging for RPC and job execution
-- **Strengths**:
-  - Rich JSON output with timing data
-  - Already integrated in RPC handlers
-  - File-based, no external dependencies
-- **Limitations**:
-  - Single-node only (no cross-node correlation)
-  - No parent-child relationships between events
-  - Manual log parsing required
-
-```json
-// Example PerfLog entry
-{
-  "time": "2024-01-15T10:30:00.123Z",
-  "method": "submit",
-  "duration_us": 1523,
-  "result": "tesSUCCESS"
-}
-```
-
-#### Beast Insight (StatsD)
-
-- **Purpose**: Real-time metrics for monitoring dashboards
-- **Strengths**:
-  - Aggregated metrics (counters, gauges, histograms)
-  - Low overhead (UDP, fire-and-forget)
-  - Good for alerting thresholds
-- **Limitations**:
-  - No request-level detail
-  - No causal relationships
-  - Single-node perspective
-
-```cpp
-// Example StatsD usage in xrpld
-insight.increment("rpc.submit.count");
-insight.gauge("ledger.age", age);
-insight.timing("consensus.round", duration);
-```
-
-#### OpenTelemetry (NEW)
-
-- **Purpose**: Distributed request tracing across nodes
-- **Strengths**:
-  - **Cross-node correlation** via `trace_id`
-  - Parent-child span relationships
-  - Rich attributes per span
-  - Industry standard (CNCF)
-- **Limitations**:
-  - Requires collector infrastructure
-  - Higher complexity than logging
-
-```cpp
-// Example OpenTelemetry span
-auto span = telemetry.startSpan("tx.relay");
-span->SetAttribute("tx.hash", hash);
-span->SetAttribute("peer.id", peerId);
-// Span automatically linked to parent via context
-```
-
-### 2.6.3 When to Use Each
-
-| Scenario                                | PerfLog    | StatsD | OpenTelemetry |
-| --------------------------------------- | ---------- | ------ | ------------- |
-| "How many TXs per second?"              | ❌         | ✅     | ✅            |
-| "What's the p99 RPC latency?"           | ❌         | ✅     | ✅            |
-| "Why was this specific TX slow?"        | ⚠️ partial | ❌     | ✅            |
-| "Which node delayed consensus?"         | ❌         | ❌     | ✅            |
-| "What happened on node X at time T?"    | ✅         | ❌     | ✅            |
-| "Show me the TX journey across 5 nodes" | ❌         | ❌     | ✅            |
-
-### 2.6.4 Coexistence Strategy
-
-```mermaid
-flowchart TB
-    subgraph xrpld["xrpld Process"]
-        perflog["PerfLog<br/>(JSON to file)"]
-        insight["Beast Insight<br/>(StatsD)"]
-        otel["OpenTelemetry<br/>(Tracing)"]
-    end
-
-    perflog --> perffile["perf.log"]
-    insight --> statsd["StatsD Server"]
-    otel --> collector["OTLP Collector"]
-
-    perffile --> grafana["Grafana<br/>(Unified UI)"]
-    statsd --> grafana
-    collector --> grafana
-
-    style xrpld fill:#212121,stroke:#0a0a0a,color:#ffffff
-    style grafana fill:#bf360c,stroke:#8c2809,color:#ffffff
-```
-
-**Reading the diagram:**
-
-- **xrpld Process (dark gray)**: The single xrpld node running all three observability frameworks side by side. Each framework operates independently with no interference.
-- **PerfLog to perf.log**: PerfLog writes JSON-formatted event logs to a local file. Grafana can ingest these via Loki or a file-based datasource.
-- **Beast Insight to StatsD Server**: Insight sends aggregated metrics (counters, gauges) over UDP to a StatsD server. Grafana reads from StatsD-compatible backends like Graphite or Prometheus (via StatsD exporter).
-- **OpenTelemetry to OTLP Collector**: OTel exports spans over OTLP/gRPC to a Collector, which then forwards to a trace backend (Tempo).
-- **Grafana (red, unified UI)**: All three data streams converge in Grafana, enabling operators to correlate logs, metrics, and traces in a single dashboard.
-
-### 2.6.5 Correlation with PerfLog
-
-Trace IDs can be correlated with existing PerfLog entries for comprehensive debugging:
-
-```cpp
-// In RPCHandler.cpp - correlate trace with PerfLog
-Status doCommand(RPC::JsonContext& context, Json::Value& result)
-{
-    // Start OpenTelemetry span
-    auto span = context.app.getTelemetry().startSpan(
-        "rpc.command." + context.method);
-
-    // Get trace ID for correlation
-    auto traceId = span->GetContext().trace_id().IsValid()
-        ? toHex(span->GetContext().trace_id())
-        : "";
-
-    // Use existing PerfLog with trace correlation
-    auto const curId = context.app.getPerfLog().currentId();
-    context.app.getPerfLog().rpcStart(context.method, curId);
-
-    // Future: Add trace ID to PerfLog entry
-    // context.app.getPerfLog().setTraceId(curId, traceId);
-
-    try {
-        auto ret = handler(context, result);
-        context.app.getPerfLog().rpcFinish(context.method, curId);
-        span->SetStatus(opentelemetry::trace::StatusCode::kOk);
-        return ret;
-    } catch (std::exception const& e) {
-        context.app.getPerfLog().rpcError(context.method, curId);
-        span->RecordException(e);
-        span->SetStatus(opentelemetry::trace::StatusCode::kError, e.what());
-        throw;
-    }
-}
-```
-
----
-
-_Previous: [Architecture Analysis](./01-architecture-analysis.md)_ | _Next: [Implementation Strategy](./03-implementation-strategy.md)_ | _Back to: [Overview](./OpenTelemetryPlan.md)_

OpenTelemetryPlan/03-implementation-strategy.md

@@ -1,530 +0,0 @@
-# Implementation Strategy
-
-> **Parent Document**: [OpenTelemetryPlan.md](./OpenTelemetryPlan.md)
-> **Related**: [Code Samples](./04-code-samples.md) | [Configuration Reference](./05-configuration-reference.md)
-
----
-
-## 3.1 Directory Structure
-
-The telemetry implementation follows xrpld's existing code organization pattern:
-
-```
-include/xrpl/
-├── telemetry/
-│   ├── Telemetry.h              # Main telemetry interface (global singleton)
-│   ├── TelemetryConfig.h        # Configuration structures
-│   ├── TraceContext.h           # Context propagation utilities
-│   ├── SpanGuard.h              # RAII span management with factory methods + discard()
-│   ├── DiscardFlag.h            # Thread-local discard flag
-│   └── SpanAttributes.h         # Attribute helper functions
-
-src/libxrpl/
-├── telemetry/
-│   ├── Telemetry.cpp            # Implementation + FilteringSpanProcessor
-│   ├── TelemetryConfig.cpp      # Config parsing
-│   ├── TraceContext.cpp         # Context serialization
-│   └── NullTelemetry.cpp        # No-op implementation
-```
-
----
-
-## 3.2 Implementation Approach
-
-<div align="center">
-
-```mermaid
-%%{init: {'flowchart': {'nodeSpacing': 20, 'rankSpacing': 30}}}%%
-flowchart TB
-    subgraph phase1["Phase 1: Core"]
-        direction LR
-        sdk["SDK Integration"] ~~~ interface["Telemetry Interface"] ~~~ config["Configuration"]
-    end
-
-    subgraph phase2["Phase 2: RPC"]
-        direction LR
-        http["HTTP Context"] ~~~ rpc["RPC Handlers"]
-    end
-
-    subgraph phase3["Phase 3: P2P"]
-        direction LR
-        proto["Protobuf Context"] ~~~ tx["Transaction Relay"]
-    end
-
-    subgraph phase4["Phase 4: Consensus"]
-        direction LR
-        consensus["Consensus Rounds"] ~~~ proposals["Proposals"]
-    end
-
-    phase1 --> phase2 --> phase3 --> phase4
-
-    style phase1 fill:#1565c0,stroke:#0d47a1,color:#ffffff
-    style phase2 fill:#2e7d32,stroke:#1b5e20,color:#ffffff
-    style phase3 fill:#e65100,stroke:#bf360c,color:#ffffff
-    style phase4 fill:#c2185b,stroke:#880e4f,color:#ffffff
-```
-
-</div>
-
-### Key Principles
-
-1. **Minimal Intrusion**: Instrumentation should not alter existing control flow
-2. **Zero-Cost When Disabled**: Use compile-time flags and no-op implementations
-3. **Backward Compatibility**: Protocol Buffer extensions use high field numbers
-4. **Graceful Degradation**: Tracing failures must not affect node operation
-
----
-
-## 3.3 Performance Overhead Summary
-
-> **OTLP** = OpenTelemetry Protocol
-
-| Metric        | Overhead   | Notes                                            |
-| ------------- | ---------- | ------------------------------------------------ |
-| CPU           | 1-3%       | Of per-transaction CPU cost (~200μs baseline)    |
-| Memory        | ~10 MB     | SDK statics + batch buffer + worker thread stack |
-| Network       | 10-50 KB/s | Compressed OTLP export to collector              |
-| Latency (p99) | <2%        | With proper sampling configuration               |
-
----
-
-## 3.4 Detailed CPU Overhead Analysis
-
-### 3.4.1 Per-Operation Costs
-
-> **Note on hardware assumptions**: The costs below are based on the official OTel C++ SDK CI benchmarks
-> (969 runs on GitHub Actions 2-core shared runners). On production server hardware (3+ GHz Xeon),
-> expect costs at the **lower end** of each range (~30-50% improvement over CI hardware).
-
-| Operation             | Time (ns) | Frequency              | Impact     |
-| --------------------- | --------- | ---------------------- | ---------- |
-| Span creation         | 500-1000  | Every traced operation | Low        |
-| Span end              | 100-200   | Every traced operation | Low        |
-| SetAttribute (string) | 80-120    | 3-5 per span           | Low        |
-| SetAttribute (int)    | 40-60     | 2-3 per span           | Negligible |
-| AddEvent              | 100-200   | 0-2 per span           | Low        |
-| Context injection     | 150-250   | Per outgoing message   | Low        |
-| Context extraction    | 100-180   | Per incoming message   | Low        |
-| GetCurrent context    | 10-20     | Thread-local access    | Negligible |
-
-**Source**: Span creation based on OTel C++ SDK `BM_SpanCreation` benchmark (AlwaysOnSampler +
-SimpleSpanProcessor + InMemoryExporter), median ~1,000 ns on CI hardware. AddEvent includes
-timestamp read + string copy + vector push + mutex acquisition. Context injection/extraction
-confirmed by `BM_SpanCreationWithScope` benchmark delta (~160 ns).
-
-### 3.4.2 Transaction Processing Overhead
-
-<div align="center">
-
-```mermaid
-%%{init: {'pie': {'textPosition': 0.75}}}%%
-pie showData
-    "tx.receive (1400ns)" : 1400
-    "tx.validate (1200ns)" : 1200
-    "tx.relay (1200ns)" : 1200
-    "Context inject (200ns)" : 200
-```
-
-**Transaction Tracing Overhead (~4.0μs total)**
-
-</div>
-
-**Overhead percentage**: 4.0 μs / 200 μs (avg tx processing) = **~2.0%**
-
-> **Breakdown**: Each span (tx.receive, tx.validate, tx.relay) costs ~1,000 ns for creation plus
-> ~200-400 ns for 3-5 attribute sets. Context injection is ~200 ns (confirmed by benchmarks).
-> On production hardware, expect ~2.6 μs total (~1.3% overhead) due to faster span creation (~500-600 ns).
-
-### 3.4.3 Consensus Round Overhead
-
-| Operation              | Count | Cost (ns) | Total      |
-| ---------------------- | ----- | --------- | ---------- |
-| consensus.round span   | 1     | ~1200     | ~1.2 μs    |
-| consensus.phase spans  | 3     | ~1100     | ~3.3 μs    |
-| proposal.receive spans | ~20   | ~1100     | ~22 μs     |
-| proposal.send spans    | ~3    | ~1100     | ~3.3 μs    |
-| Context operations     | ~30   | ~200      | ~6 μs      |
-| **TOTAL**              |       |           | **~36 μs** |
-
-> **Why higher**: Each span costs ~1,000 ns creation + ~100-200 ns for 1-2 attributes, totaling ~1,100-1,200 ns.
-> Context operations remain ~200 ns (confirmed by benchmarks). On production hardware, expect ~24 μs total.
-
-**Overhead percentage**: 36 μs / 3s (typical round) = **~0.001%** (negligible)
-
-### 3.4.4 RPC Request Overhead
-
-| Operation        | Cost (ns)    |
-| ---------------- | ------------ |
-| rpc.request span | ~1200        |
-| rpc.command span | ~1100        |
-| Context extract  | ~250         |
-| Context inject   | ~200         |
-| **TOTAL**        | **~2.75 μs** |
-
-> **Why higher**: Each span costs ~1,000 ns creation + ~100-200 ns for attributes (command name,
-> version, role). Context extract/inject costs are confirmed by OTel C++ benchmarks.
-
-- Fast RPC (1ms): 2.75 μs / 1ms = **~0.275%**
-- Slow RPC (100ms): 2.75 μs / 100ms = **~0.003%**
-
----
-
-## 3.5 Memory Overhead Analysis
-
-> **OTLP** = OpenTelemetry Protocol
-
-### 3.5.1 Static Memory
-
-| Component                            | Size        | Allocated  |
-| ------------------------------------ | ----------- | ---------- |
-| TracerProvider singleton             | ~64 KB      | At startup |
-| BatchSpanProcessor (circular buffer) | ~16 KB      | At startup |
-| BatchSpanProcessor (worker thread)   | ~8 MB       | At startup |
-| OTLP exporter (gRPC channel init)    | ~256 KB     | At startup |
-| Propagator registry                  | ~8 KB       | At startup |
-| **Total static**                     | **~8.3 MB** |            |
-
-> **Why higher than earlier estimate**: The BatchSpanProcessor's circular buffer itself is only ~16 KB
-> (2049 x 8-byte `AtomicUniquePtr` entries), but it spawns a dedicated worker thread whose default
-> stack size on Linux is ~8 MB. The OTLP gRPC exporter allocates memory for channel stubs and TLS
-> initialization. The worker thread stack dominates the static footprint.
-
-### 3.5.2 Dynamic Memory
-
-| Component            | Size per unit  | Max units  | Peak            |
-| -------------------- | -------------- | ---------- | --------------- |
-| Active span          | ~500-800 bytes | 1000       | ~500-800 KB     |
-| Queued span (export) | ~500 bytes     | 2048       | ~1 MB           |
-| Attribute storage    | ~80 bytes      | 5 per span | Included        |
-| Context storage      | ~64 bytes      | Per thread | ~6.4 KB         |
-| **Total dynamic**    |                |            | **~1.5-1.8 MB** |
-
-> **Why active spans are larger**: An active `Span` object includes the wrapper (~88 bytes: shared_ptr,
-> mutex, unique_ptr to Recordable) plus `SpanData` (~250 bytes: SpanContext, timestamps, name, status,
-> empty containers) plus attribute storage (~200-500 bytes for 3-5 string attributes in a `std::map`).
-> Source: `sdk/src/trace/span.h` and `sdk/include/opentelemetry/sdk/trace/span_data.h`.
-> Queued spans release the wrapper, keeping only `SpanData` + attributes (~500 bytes).
-
-### 3.5.3 Memory Growth Characteristics
-
-```mermaid
----
-config:
-    xyChart:
-        width: 700
-        height: 400
----
-xychart-beta
-    title "Memory Usage vs Span Rate (bounded by queue limit)"
-    x-axis "Spans/second" [0, 200, 400, 600, 800, 1000]
-    y-axis "Memory (MB)" 0 --> 12
-    line [8.5, 9.2, 9.6, 9.9, 10.0, 10.0]
-```
-
-**Notes**:
-
-- Memory increases with span rate but **plateaus at queue capacity** (default 2048 spans)
-- Batch export prevents unbounded growth
-- At queue limit, oldest spans are dropped (not blocked)
-- Maximum memory is bounded: ~8.3 MB static (dominated by worker thread stack) + 2048 queued spans x ~500 bytes (~1 MB) + active spans (~0.8 MB) ≈ **~10 MB ceiling**
-- The worker thread stack (~8 MB) is virtual memory; actual RSS depends on stack usage (typically much less)
-
-### 3.5.4 Performance Data Sources
-
-The overhead estimates in Sections 3.3-3.5 are derived from the following sources:
-
-| Source                                           | What it covers                                        | URL                                                                                                                                        |
-| ------------------------------------------------ | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ |
-| OTel C++ SDK CI benchmarks (969 runs)            | Span creation, context activation, sampler overhead   | [Benchmark Dashboard](https://open-telemetry.github.io/opentelemetry-cpp/benchmarks/)                                                      |
-| `api/test/trace/span_benchmark.cc`               | API-level span creation (~22 ns no-op)                | [Source](https://github.com/open-telemetry/opentelemetry-cpp/blob/main/api/test/trace/span_benchmark.cc)                                   |
-| `sdk/test/trace/sampler_benchmark.cc`            | SDK span creation with samplers (~1,000 ns AlwaysOn)  | [Source](https://github.com/open-telemetry/opentelemetry-cpp/blob/main/sdk/test/trace/sampler_benchmark.cc)                                |
-| `sdk/include/.../span_data.h`                    | SpanData memory layout (~250 bytes base)              | [Source](https://github.com/open-telemetry/opentelemetry-cpp/blob/main/sdk/include/opentelemetry/sdk/trace/span_data.h)                    |
-| `sdk/src/trace/span.h`                           | Span wrapper memory layout (~88 bytes)                | [Source](https://github.com/open-telemetry/opentelemetry-cpp/blob/main/sdk/src/trace/span.h)                                               |
-| `sdk/include/.../batch_span_processor_options.h` | Default queue size (2048), batch size (512)           | [Source](https://github.com/open-telemetry/opentelemetry-cpp/blob/main/sdk/include/opentelemetry/sdk/trace/batch_span_processor_options.h) |
-| `sdk/include/.../circular_buffer.h`              | CircularBuffer implementation (AtomicUniquePtr array) | [Source](https://github.com/open-telemetry/opentelemetry-cpp/blob/main/sdk/include/opentelemetry/sdk/common/circular_buffer.h)             |
-| OTLP proto definition                            | Serialized span size estimation                       | [Proto](https://github.com/open-telemetry/opentelemetry-proto/blob/main/opentelemetry/proto/trace/v1/trace.proto)                          |
-
----
-
-## 3.6 Network Overhead Analysis
-
-### 3.6.1 Export Bandwidth
-
-> **Bytes per span**: Estimates use ~500 bytes/span (conservative upper bound). OTLP protobuf analysis
-> shows a typical span with 3-5 string attributes serializes to ~200-300 bytes raw; with gzip
-> compression (~60-70% of raw) and batching (amortized headers), ~350 bytes/span is more realistic.
-> The table uses the conservative estimate for capacity planning.
-
-| Sampling Rate | Spans/sec | Bandwidth | Notes            |
-| ------------- | --------- | --------- | ---------------- |
-| 100%          | ~500      | ~250 KB/s | Development only |
-| 10%           | ~50       | ~25 KB/s  | Staging          |
-| 1%            | ~5        | ~2.5 KB/s | Production       |
-| Error-only    | ~1        | ~0.5 KB/s | Minimal overhead |
-
-### 3.6.2 Trace Context Propagation
-
-| Message Type           | Context Size | Messages/sec | Overhead    |
-| ---------------------- | ------------ | ------------ | ----------- |
-| TMTransaction          | 25 bytes     | ~100         | ~2.5 KB/s   |
-| TMProposeSet           | 25 bytes     | ~10          | ~250 B/s    |
-| TMValidation           | 25 bytes     | ~50          | ~1.25 KB/s  |
-| **Total P2P overhead** |              |              | **~4 KB/s** |
-
----
-
-## 3.7 Optimization Strategies
-
-### 3.7.1 Sampling Strategies
-
-#### Tail Sampling
-
-```mermaid
-flowchart TD
-    trace["New Trace"]
-
-    trace --> errors{"Is Error?"}
-    errors -->|Yes| sample["SAMPLE"]
-    errors -->|No| consensus{"Is Consensus?"}
-
-    consensus -->|Yes| sample
-    consensus -->|No| slow{"Is Slow?"}
-
-    slow -->|Yes| sample
-    slow -->|No| prob{"Random < 10%?"}
-
-    prob -->|Yes| sample
-    prob -->|No| drop["DROP"]
-
-    style sample fill:#4caf50,stroke:#388e3c,color:#fff
-    style drop fill:#f44336,stroke:#c62828,color:#fff
-```
-
-### 3.7.2 Batch Tuning Recommendations
-
-| Environment        | Batch Size | Batch Delay | Max Queue |
-| ------------------ | ---------- | ----------- | --------- |
-| Low-latency        | 128        | 1000ms      | 512       |
-| High-throughput    | 1024       | 10000ms     | 8192      |
-| Memory-constrained | 256        | 2000ms      | 512       |
-
-### 3.7.3 Conditional Instrumentation
-
-SpanGuard's static factory methods handle both compile-time and runtime
-checks internally. When `XRPL_ENABLE_TELEMETRY` is not defined, the
-entire SpanGuard class compiles to a no-op stub with empty method bodies.
-When it is defined, the factory methods check the global Telemetry
-instance and the relevant component filter before creating a span:
-
-```cpp
-// SpanGuard factory methods handle all conditional logic internally.
-// When XRPL_ENABLE_TELEMETRY is not defined, these are no-ops.
-// When defined, they check Telemetry::getInstance() and the
-// component filter (e.g. shouldTracePeer()) at runtime.
-auto span = telemetry::SpanGuard::peerSpan("peer.message.receive");
-span.setAttribute("xrpl.peer.id", peerId);
-// No overhead when telemetry is disabled at compile time or runtime
-```
-
----
-
-## 3.8 Links to Detailed Documentation
-
-- **[Code Samples](./04-code-samples.md)**: Complete implementation code for all components
-- **[Configuration Reference](./05-configuration-reference.md)**: Configuration options and collector setup
-- **[Implementation Phases](./06-implementation-phases.md)**: Detailed timeline and milestones
-
----
-
-## 3.9 Code Intrusiveness Assessment
-
-> **TxQ** = Transaction Queue
-
-This section provides a detailed assessment of how intrusive the OpenTelemetry integration is to the existing xrpld codebase.
-
-### 3.9.1 Files Modified Summary
-
-| Component             | Files Modified | Lines Added | Lines Changed | Architectural Impact |
-| --------------------- | -------------- | ----------- | ------------- | -------------------- |
-| **Core Telemetry**    | 7 new files    | ~800        | 0             | None (new module)    |
-| **Application Init**  | 2 files        | ~30         | ~5            | Minimal              |
-| **RPC Layer**         | 3 files        | ~80         | ~20           | Minimal              |
-| **Transaction Relay** | 4 files        | ~120        | ~40           | Low                  |
-| **Consensus**         | 3 files        | ~100        | ~30           | Low-Medium           |
-| **Protocol Buffers**  | 1 file         | ~25         | 0             | Low                  |
-| **CMake/Build**       | 3 files        | ~50         | ~10           | Minimal              |
-| **PathFinding**       | 2              | ~80         | ~5            | Minimal              |
-| **TxQ/Fee**           | 2              | ~60         | ~5            | Minimal              |
-| **Validator/Amend**   | 3              | ~40         | ~5            | Minimal              |
-| **Total**             | **~27 files**  | **~1,490**  | **~120**      | **Low**              |
-
-### 3.9.2 Detailed File Impact
-
-```mermaid
-pie title Code Changes by Component
-    "New Telemetry Module" : 800
-    "Transaction Relay" : 160
-    "Consensus" : 130
-    "RPC Layer" : 100
-    "PathFinding" : 80
-    "TxQ/Fee" : 60
-    "Validator/Amendment" : 40
-    "Application Init" : 35
-    "Protocol Buffers" : 25
-    "Build System" : 60
-```
-
-#### New Files (No Impact on Existing Code)
-
-| File                                        | Lines | Purpose                                               |
-| ------------------------------------------- | ----- | ----------------------------------------------------- |
-| `include/xrpl/telemetry/Telemetry.h`        | ~160  | Main interface (global singleton)                     |
-| `include/xrpl/telemetry/SpanGuard.h`        | ~250  | RAII wrapper + factory methods + discard + no-op stub |
-| `include/xrpl/telemetry/DiscardFlag.h`      | ~28   | Thread-local discard flag                             |
-| `include/xrpl/telemetry/TraceContext.h`     | ~80   | Context propagation                                   |
-| `src/libxrpl/telemetry/Telemetry.cpp`       | ~400  | Implementation + FilteringSpanProcessor               |
-| `src/libxrpl/telemetry/TelemetryConfig.cpp` | ~60   | Config parsing                                        |
-| `src/libxrpl/telemetry/NullTelemetry.cpp`   | ~40   | No-op implementation                                  |
-
-#### Modified Files (Existing Xrpld Code)
-
-| File                                              | Lines Added | Lines Changed | Risk Level |
-| ------------------------------------------------- | ----------- | ------------- | ---------- |
-| `src/xrpld/app/main/Application.cpp`              | ~15         | ~3            | Low        |
-| `include/xrpl/core/ServiceRegistry.h`             | ~5          | ~2            | Low        |
-| `src/xrpld/rpc/detail/ServerHandler.cpp`          | ~40         | ~10           | Low        |
-| `src/xrpld/rpc/handlers/*.cpp`                    | ~30         | ~8            | Low        |
-| `src/xrpld/overlay/detail/PeerImp.cpp`            | ~60         | ~15           | Medium     |
-| `src/xrpld/overlay/detail/OverlayImpl.cpp`        | ~30         | ~10           | Medium     |
-| `src/xrpld/app/consensus/RCLConsensus.cpp`        | ~50         | ~15           | Medium     |
-| `src/xrpld/app/consensus/RCLConsensusAdaptor.cpp` | ~40         | ~12           | Medium     |
-| `src/xrpld/core/JobQueue.cpp`                     | ~20         | ~5            | Low        |
-| `src/xrpld/app/paths/PathRequest.cpp`             | ~40         | ~3            | Low        |
-| `src/xrpld/app/paths/Pathfinder.cpp`              | ~40         | ~2            | Low        |
-| `src/xrpld/app/misc/TxQ.cpp`                      | ~40         | ~3            | Low        |
-| `src/xrpld/app/main/LoadManager.cpp`              | ~20         | ~2            | Low        |
-| `src/xrpld/app/misc/ValidatorList.cpp`            | ~20         | ~2            | Low        |
-| `src/xrpld/app/misc/AmendmentTable.cpp`           | ~10         | ~2            | Low        |
-| `src/xrpld/app/misc/Manifest.cpp`                 | ~10         | ~1            | Low        |
-| `src/xrpld/shamap/SHAMap.cpp`                     | ~20         | ~3            | Low        |
-| `src/xrpld/overlay/detail/ripple.proto`           | ~25         | 0             | Low        |
-| `CMakeLists.txt`                                  | ~40         | ~8            | Low        |
-| `cmake/FindOpenTelemetry.cmake`                   | ~50         | 0             | None (new) |
-
-### 3.9.3 Risk Assessment by Component
-
-<div align="center">
-
-**Do First** ↖ ↗ **Plan Carefully**
-
-```mermaid
-quadrantChart
-    title Code Intrusiveness Risk Matrix
-    x-axis Low Risk --> High Risk
-    y-axis Low Value --> High Value
-
-    RPC Tracing: [0.2, 0.55]
-    Transaction Relay: [0.55, 0.85]
-    Consensus Tracing: [0.75, 0.92]
-    Peer Message Tracing: [0.85, 0.35]
-    JobQueue Context: [0.3, 0.42]
-    Ledger Acquisition: [0.48, 0.65]
-    PathFinding: [0.38, 0.72]
-    TxQ and Fees: [0.25, 0.62]
-    Validator Mgmt: [0.15, 0.35]
-```
-
-**Optional** ↙ ↘ **Avoid**
-
-</div>
-
-#### Risk Level Definitions
-
-| Risk Level | Definition                                                       | Mitigation                         |
-| ---------- | ---------------------------------------------------------------- | ---------------------------------- |
-| **Low**    | Additive changes only; no modification to existing logic         | Standard code review               |
-| **Medium** | Minor modifications to existing functions; clear boundaries      | Comprehensive unit tests           |
-| **High**   | Changes to core logic or data structures; potential side effects | Integration tests + staged rollout |
-
-### 3.9.4 Architectural Impact Assessment
-
-| Aspect               | Impact  | Justification                                                                    |
-| -------------------- | ------- | -------------------------------------------------------------------------------- |
-| **Data Flow**        | Minimal | Read-only instrumentation; no modification to consensus or transaction data flow |
-| **Threading Model**  | Minimal | Context propagation uses thread-local storage (standard OTel pattern)            |
-| **Memory Model**     | Low     | Bounded queues prevent unbounded growth; RAII ensures cleanup                    |
-| **Network Protocol** | Low     | Optional fields in protobuf (high field numbers); backward compatible            |
-| **Configuration**    | None    | New config section; existing configs unaffected                                  |
-| **Build System**     | Low     | Optional CMake flag; builds work without OpenTelemetry                           |
-| **Dependencies**     | Low     | OpenTelemetry SDK is optional; null implementation when disabled                 |
-
-### 3.9.5 Backward Compatibility
-
-| Compatibility   | Status  | Notes                                                 |
-| --------------- | ------- | ----------------------------------------------------- |
-| **Config File** | ✅ Full | New `[telemetry]` section is optional                 |
-| **Protocol**    | ✅ Full | Optional protobuf fields with high field numbers      |
-| **Build**       | ✅ Full | `XRPL_ENABLE_TELEMETRY=OFF` produces identical binary |
-| **Runtime**     | ✅ Full | `enabled=0` produces zero overhead                    |
-| **API**         | ✅ Full | No changes to public RPC or P2P APIs                  |
-
-### 3.9.6 Rollback Strategy
-
-If issues are discovered after deployment:
-
-1. **Immediate**: Set `enabled=0` in config and restart (zero code change)
-2. **Quick**: Rebuild with `XRPL_ENABLE_TELEMETRY=OFF`
-3. **Complete**: Revert telemetry commits (clean separation makes this easy)
-
-### 3.9.7 Code Change Examples
-
-**Minimal RPC Instrumentation (Low Intrusiveness):**
-
-```cpp
-// Before
-void ServerHandler::onRequest(...) {
-    auto result = processRequest(req);
-    send(result);
-}
-
-// After (only ~4 lines added)
-void ServerHandler::onRequest(...) {
-    auto span = telemetry::SpanGuard::rpcSpan("rpc.request");   // +1 line
-    span.setAttribute("command", command);                        // +1 line
-
-    auto result = processRequest(req);
-
-    span.setAttribute("rpc_status", status);                      // +1 line
-    send(result);
-}
-```
-
-SpanGuard factory methods (`rpcSpan`, `txSpan`, `consensusSpan`, etc.)
-access the global `Telemetry` instance internally and check the relevant
-component filter (`shouldTraceRpc()`, etc.) before creating a span. The
-public SpanGuard header has zero `opentelemetry/` includes -- all OTel
-types are hidden behind the pimpl idiom.
-
-**Consensus Instrumentation (Medium Intrusiveness):**
-
-```cpp
-// Before
-void RCLConsensusAdaptor::startRound(...) {
-    // ... existing logic
-}
-
-// After (context storage required)
-void RCLConsensusAdaptor::startRound(...) {
-    auto span = telemetry::SpanGuard::consensusSpan("consensus.round");
-    span.setAttribute("xrpl.consensus.ledger.seq", seq);
-
-    // Store context for child spans in phase transitions
-    currentRoundContext_ = span.context();  // New member variable
-
-    // ... existing logic unchanged
-}
-```
-
----
-
-_Previous: [Design Decisions](./02-design-decisions.md)_ | _Next: [Code Samples](./04-code-samples.md)_ | _Back to: [Overview](./OpenTelemetryPlan.md)_

OpenTelemetryPlan/05-configuration-reference.md

@@ -1,972 +0,0 @@
-# Configuration Reference
-
-> **Parent Document**: [OpenTelemetryPlan.md](./OpenTelemetryPlan.md)
-> **Related**: [Code Samples](./04-code-samples.md) | [Implementation Phases](./06-implementation-phases.md)
-
----
-
-## 5.1 xrpld Configuration
-
-> **OTLP** = OpenTelemetry Protocol | **TxQ** = Transaction Queue
-
-### 5.1.1 Configuration File Section
-
-Add to `cfg/xrpld-example.cfg`:
-
-```ini
-# ═══════════════════════════════════════════════════════════════════════════════
-# TELEMETRY (OpenTelemetry Distributed Tracing)
-# ═══════════════════════════════════════════════════════════════════════════════
-#
-# Enables distributed tracing for transaction flow, consensus, and RPC calls.
-# Traces are exported to an OpenTelemetry Collector using OTLP protocol.
-#
-# [telemetry]
-#
-# # Enable/disable telemetry (default: 0 = disabled)
-# enabled=1
-#
-# # OTLP endpoint (default: http://localhost:4318/v1/traces - OTLP/HTTP)
-# # Note: only OTLP/HTTP is shipped in Phase 1b. OTLP/gRPC support is
-# # planned as future work and is not yet parsed by TelemetryConfig.cpp.
-# endpoint=http://localhost:4318/v1/traces
-#
-# # Use TLS for exporter connection (default: 0)
-# use_tls=0
-#
-# # Path to CA certificate for TLS (optional)
-# # tls_ca_cert=/path/to/ca.crt
-#
-# # Sampling ratio: 0.0-1.0 (default: 1.0 = 100% sampling)
-# # Use lower values in production to reduce overhead
-# # Default: 1.0 (all traces). For production deployments with high
-# # throughput, 0.1 (10%) is recommended to reduce overhead.
-# # See Section 7.4.2 for sampling strategy details.
-# sampling_ratio=0.1
-#
-# # Batch processor settings
-# batch_size=512           # Spans per batch (default: 512)
-# batch_delay_ms=5000      # Max delay before sending batch (default: 5000)
-# max_queue_size=2048      # Max queued spans (default: 2048)
-#
-# # Component-specific tracing (default: all enabled except peer)
-# trace_transactions=1     # Transaction relay and processing
-# trace_consensus=1        # Consensus rounds and proposals
-# trace_rpc=1              # RPC request handling
-# trace_peer=0             # Peer messages (high volume, disabled by default)
-# trace_ledger=1           # Ledger acquisition and building
-#
-# # Planned (not yet parsed by TelemetryConfig.cpp):
-# # trace_pathfind=1       # Path computation (Phase 2)
-# # trace_txq=1            # Transaction queue (Phase 3)
-# # trace_validator=0      # Validator list / manifest (future)
-# # trace_amendment=0      # Amendment voting (future)
-#
-# # Service identification (automatically detected if not specified)
-# # service_name=xrpld
-# # service_instance_id=<node_public_key>
-
-[telemetry]
-enabled=0
-```
-
-### 5.1.2 Configuration Options Summary
-
-| Option                | Type   | Default                           | Description                               |
-| --------------------- | ------ | --------------------------------- | ----------------------------------------- |
-| `enabled`             | bool   | `false`                           | Enable/disable telemetry                  |
-| `endpoint`            | string | `http://localhost:4318/v1/traces` | OTLP/HTTP collector endpoint              |
-| `use_tls`             | bool   | `false`                           | Enable TLS for exporter connection        |
-| `tls_ca_cert`         | string | `""`                              | Path to CA certificate file               |
-| `sampling_ratio`      | float  | `1.0`                             | Sampling ratio (0.0-1.0)                  |
-| `batch_size`          | uint   | `512`                             | Spans per export batch                    |
-| `batch_delay_ms`      | uint   | `5000`                            | Max delay before sending batch (ms)       |
-| `max_queue_size`      | uint   | `2048`                            | Maximum queued spans                      |
-| `trace_transactions`  | bool   | `true`                            | Enable transaction tracing                |
-| `trace_consensus`     | bool   | `true`                            | Enable consensus tracing                  |
-| `trace_rpc`           | bool   | `true`                            | Enable RPC tracing                        |
-| `trace_peer`          | bool   | `false`                           | Enable peer message tracing (high volume) |
-| `trace_ledger`        | bool   | `true`                            | Enable ledger tracing                     |
-| `service_name`        | string | `"xrpld"`                         | Service name for traces                   |
-| `service_instance_id` | string | `<node_pubkey>`                   | Instance identifier                       |
-
-**Planned (not yet implemented)**: the following options appear in the design
-documents but are not parsed by `TelemetryConfig.cpp` in Phase 1b and later
-phases. They will be added as the corresponding subsystems are instrumented:
-
-| Option            | Planned Phase | Purpose                                  |
-| ----------------- | ------------- | ---------------------------------------- |
-| `exporter`        | Future        | Select between OTLP/HTTP and OTLP/gRPC   |
-| `trace_pathfind`  | Phase 2       | Path computation tracing toggle          |
-| `trace_txq`       | Phase 3       | Transaction queue tracing toggle         |
-| `trace_validator` | Future        | Validator list / manifest update tracing |
-| `trace_amendment` | Future        | Amendment voting tracing                 |
-
----
-
-## 5.2 Configuration Parser
-
-> **TxQ** = Transaction Queue
-
-```cpp
-// src/libxrpl/telemetry/TelemetryConfig.cpp
-
-#include <xrpl/telemetry/Telemetry.h>
-#include <xrpl/basics/Log.h>
-
-namespace xrpl {
-namespace telemetry {
-
-Telemetry::Setup
-setupTelemetry(
-    Section const& section,
-    std::string const& nodePublicKey,
-    std::string const& version)
-{
-    Telemetry::Setup setup;
-
-    // Basic settings
-    setup.enabled = section.value_or("enabled", false);
-    setup.serviceName = section.value_or("service_name", "xrpld");
-    setup.serviceVersion = version;
-    setup.serviceInstanceId = section.value_or(
-        "service_instance_id", nodePublicKey);
-
-    // Exporter settings
-    setup.exporterType = section.value_or("exporter", "otlp_grpc");
-
-    if (setup.exporterType == "otlp_grpc")
-        setup.exporterEndpoint = section.value_or("endpoint", "localhost:4317");
-    else if (setup.exporterType == "otlp_http")
-        setup.exporterEndpoint = section.value_or("endpoint", "localhost:4318");
-
-    setup.useTls = section.value_or("use_tls", false);
-    setup.tlsCertPath = section.value_or("tls_ca_cert", "");
-
-    // Sampling
-    setup.samplingRatio = section.value_or("sampling_ratio", 1.0);
-    if (setup.samplingRatio < 0.0 || setup.samplingRatio > 1.0)
-    {
-        Throw<std::runtime_error>(
-            "telemetry.sampling_ratio must be between 0.0 and 1.0");
-    }
-
-    // Batch processor
-    setup.batchSize = section.value_or("batch_size", 512u);
-    setup.batchDelay = std::chrono::milliseconds{
-        section.value_or("batch_delay_ms", 5000u)};
-    setup.maxQueueSize = section.value_or("max_queue_size", 2048u);
-
-    // Component filtering
-    setup.traceTransactions = section.value_or("trace_transactions", true);
-    setup.traceConsensus = section.value_or("trace_consensus", true);
-    setup.traceRpc = section.value_or("trace_rpc", true);
-    setup.tracePeer = section.value_or("trace_peer", false);
-    setup.traceLedger = section.value_or("trace_ledger", true);
-    setup.tracePathfind = section.value_or("trace_pathfind", true);
-    setup.traceTxQ = section.value_or("trace_txq", true);
-    setup.traceValidator = section.value_or("trace_validator", false);
-    setup.traceAmendment = section.value_or("trace_amendment", false);
-
-    return setup;
-}
-
-} // namespace telemetry
-} // namespace xrpl
-```
-
----
-
-## 5.3 Application Integration
-
-### 5.3.1 ApplicationImp Changes
-
-> **Deferred identity**: The node public key (`nodeIdentity_`) is not
-> available during `ApplicationImp`'s member initializer list — it is
-> resolved later in `setup()`. The `Telemetry` object is therefore
-> constructed with an empty `serviceInstanceId` and patched via
-> `setServiceInstanceId()` once `setup()` has called `getNodeIdentity()`.
-
-```cpp
-// src/xrpld/app/main/Application.cpp (modified)
-
-#include <xrpl/telemetry/Telemetry.h>
-
-class ApplicationImp : public Application, public BasicApp
-{
-    // ... existing members (perfLog_, etc.) ...
-
-    // Telemetry — constructed in the member initializer list with
-    // an empty serviceInstanceId, patched in setup().
-    std::unique_ptr<telemetry::Telemetry> telemetry_;
-
-    // Member initializer list (excerpt):
-    // ...
-    // , telemetry_(
-    //       telemetry::makeTelemetry(
-    //           telemetry::setupTelemetry(
-    //               config_->section("telemetry"),
-    //               "",  // Updated later via setServiceInstanceId()
-    //               BuildInfo::getVersionString()),
-    //           logs_->journal("Telemetry")))
-    // ...
-
-    bool setup(...) override
-    {
-        // ... existing setup code ...
-
-        nodeIdentity_ = getNodeIdentity(*this, cmdline);
-
-        // Inject node identity into telemetry resource attributes,
-        // unless the user already set a custom service_instance_id.
-        if (!config_->section("telemetry").exists("service_instance_id"))
-            telemetry_->setServiceInstanceId(
-                toBase58(TokenType::NodePublic, nodeIdentity_->first));
-
-        // ... rest of setup ...
-    }
-
-    void start(bool withTimers) override
-    {
-        // ... existing start code ...
-        telemetry_->start();
-    }
-
-    void run() override
-    {
-        // ... existing run/shutdown code ...
-        telemetry_->stop();
-    }
-
-    telemetry::Telemetry&
-    getTelemetry() override
-    {
-        return *telemetry_;
-    }
-};
-```
-
-### 5.3.2 ServiceRegistry Interface Addition
-
-```cpp
-// include/xrpl/core/ServiceRegistry.h (modified)
-
-namespace telemetry {
-class Telemetry;
-}  // namespace telemetry
-
-class ServiceRegistry
-{
-public:
-    // ... existing virtual methods ...
-
-    /** Get the telemetry system for distributed tracing. */
-    virtual telemetry::Telemetry&
-    getTelemetry() = 0;
-};
-```
-
-> **Note:** `Application` extends `ServiceRegistry`, so `getTelemetry()` is
-> available on both. Components that hold a `ServiceRegistry&` (e.g.
-> `NetworkOPsImp`) call `registry_.get().getTelemetry()`. Components that
-> still hold an `Application&` (e.g. `ServerHandler`, `PeerImp`,
-> `RCLConsensusAdaptor`) call `app_.getTelemetry()` directly.
-
----
-
-## 5.4 CMake Integration
-
-> **OTLP** = OpenTelemetry Protocol
-
-### 5.4.1 Find OpenTelemetry Module
-
-```cmake
-# cmake/FindOpenTelemetry.cmake
-
-# Find OpenTelemetry C++ SDK
-#
-# This module defines:
-#   OpenTelemetry_FOUND - System has OpenTelemetry
-#   OpenTelemetry::api - API library target
-#   OpenTelemetry::sdk - SDK library target
-#   OpenTelemetry::otlp_grpc_exporter - OTLP gRPC exporter target
-#   OpenTelemetry::otlp_http_exporter - OTLP HTTP exporter target
-
-find_package(opentelemetry-cpp CONFIG QUIET)
-
-if(opentelemetry-cpp_FOUND)
-    set(OpenTelemetry_FOUND TRUE)
-
-    # Create imported targets if not already created by config
-    if(NOT TARGET OpenTelemetry::api)
-        add_library(OpenTelemetry::api ALIAS opentelemetry-cpp::api)
-    endif()
-    if(NOT TARGET OpenTelemetry::sdk)
-        add_library(OpenTelemetry::sdk ALIAS opentelemetry-cpp::sdk)
-    endif()
-    if(NOT TARGET OpenTelemetry::otlp_grpc_exporter)
-        add_library(OpenTelemetry::otlp_grpc_exporter ALIAS
-            opentelemetry-cpp::otlp_grpc_exporter)
-    endif()
-else()
-    # Try pkg-config fallback
-    find_package(PkgConfig QUIET)
-    if(PKG_CONFIG_FOUND)
-        pkg_check_modules(OTEL opentelemetry-cpp QUIET)
-        if(OTEL_FOUND)
-            set(OpenTelemetry_FOUND TRUE)
-            # Create imported targets from pkg-config
-            add_library(OpenTelemetry::api INTERFACE IMPORTED)
-            target_include_directories(OpenTelemetry::api INTERFACE
-                ${OTEL_INCLUDE_DIRS})
-        endif()
-    endif()
-endif()
-
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(OpenTelemetry
-    REQUIRED_VARS OpenTelemetry_FOUND)
-```
-
-### 5.4.2 CMakeLists.txt Changes
-
-```cmake
-# CMakeLists.txt (additions)
-
-# ═══════════════════════════════════════════════════════════════════════════════
-# TELEMETRY OPTIONS
-# ═══════════════════════════════════════════════════════════════════════════════
-
-option(XRPL_ENABLE_TELEMETRY
-    "Enable OpenTelemetry distributed tracing support" OFF)
-
-if(XRPL_ENABLE_TELEMETRY)
-    find_package(OpenTelemetry REQUIRED)
-
-    # Define compile-time flag
-    add_compile_definitions(XRPL_ENABLE_TELEMETRY)
-
-    message(STATUS "OpenTelemetry tracing: ENABLED")
-else()
-    message(STATUS "OpenTelemetry tracing: DISABLED")
-endif()
-
-# ═══════════════════════════════════════════════════════════════════════════════
-# TELEMETRY LIBRARY
-# ═══════════════════════════════════════════════════════════════════════════════
-
-if(XRPL_ENABLE_TELEMETRY)
-    add_library(xrpl_telemetry
-        src/libxrpl/telemetry/Telemetry.cpp
-        src/libxrpl/telemetry/TelemetryConfig.cpp
-        src/libxrpl/telemetry/TraceContext.cpp
-    )
-
-    target_include_directories(xrpl_telemetry
-        PUBLIC
-            ${CMAKE_CURRENT_SOURCE_DIR}/include
-    )
-
-    target_link_libraries(xrpl_telemetry
-        PUBLIC
-            OpenTelemetry::api
-            OpenTelemetry::sdk
-            OpenTelemetry::otlp_grpc_exporter
-        PRIVATE
-            xrpl_basics
-    )
-
-    # Add to main library dependencies
-    target_link_libraries(xrpld PRIVATE xrpl_telemetry)
-else()
-    # Create null implementation library
-    add_library(xrpl_telemetry
-        src/libxrpl/telemetry/NullTelemetry.cpp
-    )
-    target_include_directories(xrpl_telemetry
-        PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include
-    )
-endif()
-```
-
----
-
-## 5.5 OpenTelemetry Collector Configuration
-
-> **OTLP** = OpenTelemetry Protocol | **APM** = Application Performance Monitoring
-
-### 5.5.1 Development Configuration
-
-```yaml
-# otel-collector-dev.yaml
-# Minimal configuration for local development
-
-receivers:
-  otlp:
-    protocols:
-      grpc:
-        endpoint: 0.0.0.0:4317
-      http:
-        endpoint: 0.0.0.0:4318
-
-processors:
-  batch:
-    timeout: 1s
-    send_batch_size: 100
-
-exporters:
-  # Console output for debugging
-  logging:
-    verbosity: detailed
-    sampling_initial: 5
-    sampling_thereafter: 200
-
-  # Tempo for trace storage
-  otlp/tempo:
-    endpoint: tempo:4317
-    tls:
-      insecure: true
-
-service:
-  pipelines:
-    traces:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [logging, otlp/tempo]
-```
-
-### 5.5.2 Production Configuration
-
-```yaml
-# otel-collector-prod.yaml
-# Production configuration with filtering, sampling, and multiple backends
-
-receivers:
-  otlp:
-    protocols:
-      grpc:
-        endpoint: 0.0.0.0:4317
-        tls:
-          cert_file: /etc/otel/server.crt
-          key_file: /etc/otel/server.key
-          ca_file: /etc/otel/ca.crt
-
-processors:
-  # Memory limiter to prevent OOM
-  memory_limiter:
-    check_interval: 1s
-    limit_mib: 1000
-    spike_limit_mib: 200
-
-  # Batch processing for efficiency
-  batch:
-    timeout: 5s
-    send_batch_size: 512
-    send_batch_max_size: 1024
-
-  # Tail-based sampling (keep errors and slow traces)
-  tail_sampling:
-    decision_wait: 10s
-    num_traces: 100000
-    expected_new_traces_per_sec: 1000
-    policies:
-      # Always keep error traces
-      - name: errors
-        type: status_code
-        status_code:
-          status_codes: [ERROR]
-      # Keep slow consensus rounds (>5s)
-      - name: slow-consensus
-        type: latency
-        latency:
-          threshold_ms: 5000
-      # Keep slow RPC requests (>1s)
-      - name: slow-rpc
-        type: and
-        and:
-          and_sub_policy:
-            - name: rpc-spans
-              type: string_attribute
-              string_attribute:
-                key: command
-                values: [".*"]
-                enabled_regex_matching: true
-            - name: latency
-              type: latency
-              latency:
-                threshold_ms: 1000
-      # Probabilistic sampling for the rest
-      - name: probabilistic
-        type: probabilistic
-        probabilistic:
-          sampling_percentage: 10
-
-  # Attribute processing
-  attributes:
-    actions:
-      # Hash sensitive data
-      - key: xrpl.tx.account
-        action: hash
-      # Add deployment info
-      - key: deployment.environment
-        value: production
-        action: upsert
-
-exporters:
-  # Grafana Tempo for long-term storage
-  otlp/tempo:
-    endpoint: tempo.monitoring:4317
-    tls:
-      insecure: false
-      ca_file: /etc/otel/tempo-ca.crt
-
-  # Elastic APM for correlation with logs
-  otlp/elastic:
-    endpoint: apm.elastic:8200
-    headers:
-      Authorization: "Bearer ${ELASTIC_APM_TOKEN}"
-
-extensions:
-  health_check:
-    endpoint: 0.0.0.0:13133
-  zpages:
-    endpoint: 0.0.0.0:55679
-
-service:
-  extensions: [health_check, zpages]
-  pipelines:
-    traces:
-      receivers: [otlp]
-      processors: [memory_limiter, tail_sampling, attributes, batch]
-      exporters: [otlp/tempo, otlp/elastic]
-```
-
----
-
-## 5.6 Docker Compose Development Environment
-
-> **OTLP** = OpenTelemetry Protocol
-
-```yaml
-# docker-compose-telemetry.yaml
-version: "3.8"
-
-services:
-  # OpenTelemetry Collector
-  otel-collector:
-    image: otel/opentelemetry-collector-contrib:0.92.0
-    container_name: otel-collector
-    command: ["--config=/etc/otel-collector-config.yaml"]
-    volumes:
-      - ./otel-collector-dev.yaml:/etc/otel-collector-config.yaml:ro
-    ports:
-      - "4317:4317" # OTLP gRPC
-      - "4318:4318" # OTLP HTTP
-      - "13133:13133" # Health check
-    depends_on:
-      - tempo
-
-  # Tempo for trace storage
-  tempo:
-    image: grafana/tempo:2.6.1
-    container_name: tempo
-    ports:
-      - "3200:3200" # Tempo HTTP API
-      - "4317" # OTLP gRPC (internal)
-
-  # Grafana for dashboards
-  grafana:
-    image: grafana/grafana:10.2.3
-    container_name: grafana
-    environment:
-      - GF_AUTH_ANONYMOUS_ENABLED=true
-      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
-    volumes:
-      - ./grafana/provisioning:/etc/grafana/provisioning:ro
-      - ./grafana/dashboards:/var/lib/grafana/dashboards:ro
-    ports:
-      - "3000:3000"
-    depends_on:
-      - tempo
-
-  # Prometheus for metrics (optional, for correlation)
-  prometheus:
-    image: prom/prometheus:v2.48.1
-    container_name: prometheus
-    volumes:
-      - ./prometheus.yaml:/etc/prometheus/prometheus.yml:ro
-    ports:
-      - "9090:9090"
-
-networks:
-  default:
-    name: xrpld-telemetry
-```
-
----
-
-## 5.7 Configuration Architecture
-
-> **OTLP** = OpenTelemetry Protocol
-
-```mermaid
-flowchart TB
-    subgraph config["Configuration Sources"]
-        cfgFile["xrpld.cfg<br/>[telemetry] section"]
-        cmake["CMake<br/>XRPL_ENABLE_TELEMETRY"]
-    end
-
-    subgraph init["Initialization"]
-        parse["setupTelemetry()"]
-        factory["makeTelemetry()"]
-    end
-
-    subgraph runtime["Runtime Components"]
-        tracer["TracerProvider"]
-        exporter["OTLP Exporter"]
-        processor["BatchProcessor"]
-    end
-
-    subgraph collector["Collector Pipeline"]
-        recv["Receivers"]
-        proc["Processors"]
-        exp["Exporters"]
-    end
-
-    cfgFile --> parse
-    cmake -->|"compile flag"| parse
-    parse --> factory
-    factory --> tracer
-    tracer --> processor
-    processor --> exporter
-    exporter -->|"OTLP"| recv
-    recv --> proc
-    proc --> exp
-
-    style config fill:#e3f2fd,stroke:#1976d2
-    style runtime fill:#e8f5e9,stroke:#388e3c
-    style collector fill:#fff3e0,stroke:#ff9800
-```
-
-**Reading the diagram:**
-
-- **Configuration Sources**: `xrpld.cfg` provides runtime settings (endpoint, sampling) while the CMake flag controls whether telemetry is compiled in at all.
-- **Initialization**: `setupTelemetry()` parses config values, then `makeTelemetry()` constructs the provider, processor, and exporter objects.
-- **Runtime Components**: The `TracerProvider` creates spans, the `BatchProcessor` buffers them, and the `OTLP Exporter` serializes and sends them over the wire.
-- **OTLP arrow to Collector**: Trace data leaves the xrpld process via OTLP (gRPC or HTTP) and enters the external Collector pipeline.
-- **Collector Pipeline**: `Receivers` ingest OTLP data, `Processors` apply sampling/filtering/enrichment, and `Exporters` forward traces to storage backends (Tempo, etc.).
-
----
-
-## 5.8 Grafana Integration
-
-> **APM** = Application Performance Monitoring
-
-Step-by-step instructions for integrating xrpld traces with Grafana.
-
-### 5.8.1 Data Source Configuration
-
-#### Tempo (Recommended)
-
-```yaml
-# grafana/provisioning/datasources/tempo.yaml
-apiVersion: 1
-
-datasources:
-  - name: Tempo
-    type: tempo
-    access: proxy
-    url: http://tempo:3200
-    jsonData:
-      httpMethod: GET
-      tracesToLogs:
-        datasourceUid: loki
-        tags: ["service.name", "xrpl.tx.hash"]
-        mappedTags: [{ key: "trace_id", value: "traceID" }]
-        mapTagNamesEnabled: true
-        filterByTraceID: true
-      serviceMap:
-        datasourceUid: prometheus
-      nodeGraph:
-        enabled: true
-      search:
-        hide: false
-      lokiSearch:
-        datasourceUid: loki
-```
-
-#### Elastic APM
-
-```yaml
-# grafana/provisioning/datasources/elastic-apm.yaml
-apiVersion: 1
-
-datasources:
-  - name: Elasticsearch-APM
-    type: elasticsearch
-    access: proxy
-    url: http://elasticsearch:9200
-    database: "apm-*"
-    jsonData:
-      esVersion: "8.0.0"
-      timeField: "@timestamp"
-      logMessageField: message
-      logLevelField: log.level
-```
-
-### 5.8.2 Dashboard Provisioning
-
-```yaml
-# grafana/provisioning/dashboards/dashboards.yaml
-apiVersion: 1
-
-providers:
-  - name: "xrpld-dashboards"
-    orgId: 1
-    folder: "xrpld"
-    folderUid: "xrpld"
-    type: file
-    disableDeletion: false
-    updateIntervalSeconds: 30
-    options:
-      path: /var/lib/grafana/dashboards/rippled
-```
-
-### 5.8.3 Example Dashboard: RPC Performance
-
-```json
-{
-  "title": "xrpld RPC Performance",
-  "uid": "xrpld-rpc-performance",
-  "panels": [
-    {
-      "title": "RPC Latency by Command",
-      "type": "heatmap",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\" && span.command != \"\"} | histogram_over_time(duration) by (span.command)"
-        }
-      ],
-      "gridPos": { "h": 8, "w": 12, "x": 0, "y": 0 }
-    },
-    {
-      "title": "RPC Error Rate",
-      "type": "timeseries",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\" && status.code=error} | rate() by (span.command)"
-        }
-      ],
-      "gridPos": { "h": 8, "w": 12, "x": 12, "y": 0 }
-    },
-    {
-      "title": "Top 10 Slowest RPC Commands",
-      "type": "table",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\" && span.command != \"\"} | avg(duration) by (span.command) | topk(10)"
-        }
-      ],
-      "gridPos": { "h": 8, "w": 24, "x": 0, "y": 8 }
-    },
-    {
-      "title": "Recent Traces",
-      "type": "table",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\"}"
-        }
-      ],
-      "gridPos": { "h": 8, "w": 24, "x": 0, "y": 16 }
-    }
-  ]
-}
-```
-
-### 5.8.4 Example Dashboard: Transaction Tracing
-
-```json
-{
-  "title": "xrpld Transaction Tracing",
-  "uid": "xrpld-tx-tracing",
-  "panels": [
-    {
-      "title": "Transaction Throughput",
-      "type": "stat",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\" && name=\"tx.receive\"} | rate()"
-        }
-      ],
-      "gridPos": { "h": 4, "w": 6, "x": 0, "y": 0 }
-    },
-    {
-      "title": "Cross-Node Relay Count",
-      "type": "timeseries",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\" && name=\"tx.relay\"} | avg(span.xrpl.tx.relay_count)"
-        }
-      ],
-      "gridPos": { "h": 8, "w": 12, "x": 0, "y": 4 }
-    },
-    {
-      "title": "Transaction Validation Errors",
-      "type": "table",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\" && name=\"tx.validate\" && status.code=error}"
-        }
-      ],
-      "gridPos": { "h": 8, "w": 12, "x": 12, "y": 4 }
-    }
-  ]
-}
-```
-
-### 5.8.5 TraceQL Query Examples
-
-Common queries for xrpld traces:
-
-```
-# Find all traces for a specific transaction hash
-{resource.service.name="xrpld" && span.xrpl.tx.hash="ABC123..."}
-
-# Find slow RPC commands (>100ms)
-{resource.service.name="xrpld" && name=~"rpc.command.*"} | duration > 100ms
-
-# Find consensus rounds taking >5 seconds
-{resource.service.name="xrpld" && name="consensus.round"} | duration > 5s
-
-# Find failed transactions with error details
-{resource.service.name="xrpld" && name="tx.validate" && status.code=error}
-
-# Find transactions relayed to many peers
-{resource.service.name="xrpld" && name="tx.relay"} | span.xrpl.tx.relay_count > 10
-
-# Compare latency across nodes
-{resource.service.name="xrpld" && name="rpc.command.account_info"} | avg(duration) by (resource.service.instance.id)
-```
-
-### 5.8.6 Correlation with PerfLog
-
-To correlate OpenTelemetry traces with existing PerfLog data:
-
-**Step 1: Configure Loki to ingest PerfLog**
-
-```yaml
-# promtail-config.yaml
-scrape_configs:
-  - job_name: xrpld-perflog
-    static_configs:
-      - targets:
-          - localhost
-        labels:
-          job: xrpld
-          __path__: /var/log/rippled/perf*.log
-    pipeline_stages:
-      - json:
-          expressions:
-            trace_id: trace_id
-            ledger_seq: ledger_seq
-            tx_hash: tx_hash
-      - labels:
-          trace_id:
-          ledger_seq:
-          tx_hash:
-```
-
-**Step 2: Add trace_id to PerfLog entries**
-
-Modify PerfLog to include trace_id when available:
-
-```cpp
-// In PerfLog output, add trace_id from current span context
-void logPerf(Json::Value& entry) {
-    auto span = opentelemetry::trace::GetSpan(
-        opentelemetry::context::RuntimeContext::GetCurrent());
-    if (span && span->GetContext().IsValid()) {
-        char traceIdHex[33];
-        span->GetContext().trace_id().ToLowerBase16(traceIdHex);
-        entry["trace_id"] = std::string(traceIdHex, 32);
-    }
-    // ... existing logging
-}
-```
-
-**Step 3: Configure Grafana trace-to-logs link**
-
-In Tempo data source configuration, set up the derived field:
-
-```yaml
-jsonData:
-  tracesToLogs:
-    datasourceUid: loki
-    tags: ["trace_id", "xrpl.tx.hash"]
-    filterByTraceID: true
-    filterBySpanID: false
-```
-
-### 5.8.7 Correlation with Insight/StatsD Metrics
-
-To correlate traces with existing Beast Insight metrics:
-
-**Step 1: Export Insight metrics to Prometheus**
-
-```yaml
-# prometheus.yaml
-scrape_configs:
-  - job_name: "xrpld-statsd"
-    static_configs:
-      - targets: ["statsd-exporter:9102"]
-```
-
-**Step 2: Add exemplars to metrics**
-
-OpenTelemetry SDK automatically adds exemplars (trace IDs) to metrics when using the Prometheus exporter. This links metrics spikes to specific traces.
-
-**Step 3: Configure Grafana metric-to-trace link**
-
-```yaml
-# In Prometheus data source
-jsonData:
-  exemplarTraceIdDestinations:
-    - name: trace_id
-      datasourceUid: tempo
-```
-
-**Step 4: Dashboard panel with exemplars**
-
-```json
-{
-  "title": "RPC Latency with Trace Links",
-  "type": "timeseries",
-  "datasource": "Prometheus",
-  "targets": [
-    {
-      "expr": "histogram_quantile(0.99, rate(xrpld_rpc_duration_seconds_bucket[5m]))",
-      "exemplar": true
-    }
-  ]
-}
-```
-
-This allows clicking on metric data points to jump directly to the related trace.
-
----
-
-_Previous: [Code Samples](./04-code-samples.md)_ | _Next: [Implementation Phases](./06-implementation-phases.md)_ | _Back to: [Overview](./OpenTelemetryPlan.md)_

OpenTelemetryPlan/06-implementation-phases.md

@@ -1,575 +0,0 @@
-# Implementation Phases
-
-> **Parent Document**: [OpenTelemetryPlan.md](./OpenTelemetryPlan.md)
-> **Related**: [Configuration Reference](./05-configuration-reference.md) | [Observability Backends](./07-observability-backends.md)
-
----
-
-## 6.1 Phase Overview
-
-> **TxQ** = Transaction Queue
-
-```mermaid
-gantt
-    title OpenTelemetry Implementation Timeline
-    dateFormat  YYYY-MM-DD
-    axisFormat  Week %W
-
-    section Phase 1
-    Core Infrastructure        :p1, 2024-01-01, 2w
-    SDK Integration           :p1a, 2024-01-01, 4d
-    Telemetry Interface       :p1b, after p1a, 3d
-    Configuration & CMake     :p1c, after p1b, 3d
-    Unit Tests                :p1d, after p1c, 2d
-    Buffer & Integration      :p1e, after p1d, 2d
-
-    section Phase 2
-    RPC Tracing               :p2, after p1, 2w
-    HTTP Context Extraction   :p2a, after p1, 2d
-    RPC Handler Instrumentation :p2b, after p2a, 4d
-    PathFinding Instrumentation :p2f, after p2b, 2d
-    TxQ Instrumentation       :p2g, after p2f, 2d
-    WebSocket Support         :p2c, after p2g, 2d
-    Integration Tests         :p2d, after p2c, 2d
-    Buffer & Review           :p2e, after p2d, 4d
-
-    section Phase 3
-    Transaction Tracing       :p3, after p2, 2w
-    Protocol Buffer Extension :p3a, after p2, 2d
-    PeerImp Instrumentation   :p3b, after p3a, 3d
-    Fee Escalation Instrumentation :p3f, after p3b, 2d
-    Relay Context Propagation :p3c, after p3f, 3d
-    Multi-node Tests          :p3d, after p3c, 2d
-    Buffer & Review           :p3e, after p3d, 4d
-
-    section Phase 4
-    Consensus Tracing         :p4, after p3, 2w
-    Consensus Round Spans     :p4a, after p3, 3d
-    Proposal Handling         :p4b, after p4a, 3d
-    Validator List & Manifest Tracing :p4f, after p4b, 2d
-    Amendment Voting Tracing  :p4g, after p4f, 2d
-    SHAMap Sync Tracing       :p4h, after p4g, 2d
-    Validation Tests          :p4c, after p4h, 4d
-    Buffer & Review           :p4e, after p4c, 4d
-
-    section Phase 5
-    Documentation & Deploy    :p5, after p4, 1w
-```
-
----
-
-## 6.2 Phase 1: Core Infrastructure (Weeks 1-2)
-
-**Objective**: Establish foundational telemetry infrastructure
-
-### Tasks
-
-| Task | Description                                           |
-| ---- | ----------------------------------------------------- |
-| 1.1  | Add OpenTelemetry C++ SDK to Conan/CMake              |
-| 1.2  | Implement `Telemetry` interface and factory           |
-| 1.3  | Implement `SpanGuard` RAII wrapper                    |
-| 1.4  | Implement configuration parser                        |
-| 1.5  | Integrate into `ApplicationImp`                       |
-| 1.6  | Add conditional compilation (`XRPL_ENABLE_TELEMETRY`) |
-| 1.7  | Create `NullTelemetry` no-op implementation           |
-| 1.8  | Unit tests for core infrastructure                    |
-
-### Exit Criteria
-
-- [ ] OpenTelemetry SDK compiles and links
-- [ ] Telemetry can be enabled/disabled via config
-- [ ] Basic span creation works
-- [ ] No performance regression when disabled
-- [ ] Unit tests passing
-
----
-
-## 6.3 Phase 2: RPC Tracing (Weeks 3-4)
-
-> **TxQ** = Transaction Queue
-
-**Objective**: Complete tracing for all RPC operations
-
-### Tasks
-
-| Task | Description                                                                |
-| ---- | -------------------------------------------------------------------------- |
-| 2.1  | Implement W3C Trace Context HTTP header extraction                         |
-| 2.2  | Instrument `ServerHandler::onRequest()`                                    |
-| 2.3  | Instrument `RPCHandler::doCommand()`                                       |
-| 2.4  | Add RPC-specific attributes                                                |
-| 2.5  | Instrument WebSocket handler                                               |
-| 2.6  | PathFinding instrumentation (`pathfind.request`, `pathfind.compute` spans) |
-| 2.7  | TxQ instrumentation (`txq.enqueue`, `txq.apply` spans)                     |
-| 2.8  | Integration tests for RPC tracing                                          |
-| 2.9  | Performance benchmarks                                                     |
-| 2.10 | Documentation                                                              |
-
-### Exit Criteria
-
-- [ ] All RPC commands traced
-- [ ] Trace context propagates from HTTP headers
-- [ ] WebSocket and HTTP both instrumented
-- [ ] <1ms overhead per RPC call
-- [ ] Integration tests passing
-
----
-
-## 6.4 Phase 3: Transaction Tracing (Weeks 5-6)
-
-**Objective**: Trace transaction lifecycle across network
-
-### Tasks
-
-| Task | Description                                          |
-| ---- | ---------------------------------------------------- |
-| 3.1  | Define `TraceContext` Protocol Buffer message        |
-| 3.2  | Implement protobuf context serialization             |
-| 3.3  | Instrument `PeerImp::handleTransaction()`            |
-| 3.4  | Instrument `NetworkOPs::submitTransaction()`         |
-| 3.5  | Instrument HashRouter integration                    |
-| 3.6  | Fee escalation instrumentation (`fee.escalate` span) |
-| 3.7  | Implement relay context propagation                  |
-| 3.8  | Integration tests (multi-node)                       |
-| 3.9  | Performance benchmarks                               |
-
-### Exit Criteria
-
-- [ ] Transaction traces span across nodes
-- [ ] Trace context in Protocol Buffer messages
-- [ ] HashRouter deduplication visible in traces
-- [ ] Multi-node integration tests passing
-- [ ] <5% overhead on transaction throughput
-
----
-
-## 6.5 Phase 4: Consensus Tracing (Weeks 7-8)
-
-**Objective**: Full observability into consensus rounds
-
-### Tasks
-
-| Task | Description                                    |
-| ---- | ---------------------------------------------- |
-| 4.1  | Instrument `RCLConsensusAdaptor::startRound()` |
-| 4.2  | Instrument phase transitions                   |
-| 4.3  | Instrument proposal handling                   |
-| 4.4  | Instrument validation handling                 |
-| 4.5  | Add consensus-specific attributes              |
-| 4.6  | Correlate with transaction traces              |
-| 4.7  | Validator list and manifest tracing            |
-| 4.8  | Amendment voting tracing                       |
-| 4.9  | SHAMap sync tracing                            |
-| 4.10 | Multi-validator integration tests              |
-| 4.11 | Performance validation                         |
-
-### Exit Criteria
-
-- [ ] Complete consensus round traces
-- [ ] Phase transitions visible
-- [ ] Proposals and validations traced
-- [ ] No impact on consensus timing
-- [ ] Multi-validator test network validated
-
-### Implementation Status — Phase 4a Plan
-
-Phase 4a (establish-phase gap fill & cross-node correlation) will add:
-
-- **Deterministic trace ID** derived from `previousLedger.id()` so all validators
-  in the same round share the same `trace_id` (switchable via
-  `consensus_trace_strategy` config: `"deterministic"` or `"attribute"`).
-  See [Configuration Reference](./05-configuration-reference.md) for full
-  configuration options.
-- **Round lifecycle spans**: `consensus.round` with round-to-round span links.
-- **Establish phase**: `consensus.establish`, `consensus.update_positions` (with
-  `dispute.resolve` events), `consensus.check` (with threshold tracking).
-- **Mode changes**: `consensus.mode_change` spans.
-- **Validation**: `consensus.validation.send` with span link to round span
-  (thread-safe cross-thread access via `roundSpanContext_` snapshot).
-- **Separation of concerns**: telemetry extracted to private helpers
-  (`startRoundTracing`, `createValidationSpan`, `startEstablishTracing`,
-  `updateEstablishTracing`, `endEstablishTracing`).
-
-The `Phase4_taskList.md` spec document is introduced in the Phase 2 PR (#6424)
-and will contain the full task breakdown and implementation notes.
-
----
-
-## 6.6 Phase 5: Documentation & Deployment (Week 9)
-
-**Objective**: Production readiness
-
-### Tasks
-
-| Task | Description                   |
-| ---- | ----------------------------- |
-| 5.1  | Operator runbook              |
-| 5.2  | Grafana dashboards            |
-| 5.3  | Alert definitions             |
-| 5.4  | Collector deployment examples |
-| 5.5  | Developer documentation       |
-| 5.6  | Training materials            |
-| 5.7  | Final integration testing     |
-
----
-
-## 6.7 Risk Assessment
-
-```mermaid
-quadrantChart
-    title Risk Assessment Matrix
-    x-axis Low Impact --> High Impact
-    y-axis Low Likelihood --> High Likelihood
-    quadrant-1 Mitigate Immediately
-    quadrant-2 Plan Mitigation
-    quadrant-3 Accept Risk
-    quadrant-4 Monitor Closely
-
-    SDK Compat: [0.2, 0.18]
-    Protocol Chg: [0.75, 0.72]
-    Perf Overhead: [0.58, 0.42]
-    Context Prop: [0.4, 0.55]
-    Memory Leaks: [0.85, 0.25]
-```
-
-### Risk Details
-
-| Risk                                 | Likelihood | Impact | Mitigation                              |
-| ------------------------------------ | ---------- | ------ | --------------------------------------- |
-| Protocol changes break compatibility | Medium     | High   | Use high field numbers, optional fields |
-| Performance overhead unacceptable    | Medium     | Medium | Sampling, conditional compilation       |
-| Context propagation complexity       | Medium     | Medium | Phased rollout, extensive testing       |
-| SDK compatibility issues             | Low        | Medium | Pin SDK version, fallback to no-op      |
-| Memory leaks in long-running nodes   | Low        | High   | Memory profiling, bounded queues        |
-
----
-
-## 6.8 Success Metrics
-
-| Metric                   | Target                                                         | Measurement           |
-| ------------------------ | -------------------------------------------------------------- | --------------------- |
-| Trace coverage           | >95% of transaction code paths (independent of sampling ratio) | Sampling verification |
-| CPU overhead             | <3%                                                            | Benchmark tests       |
-| Memory overhead          | <10 MB                                                         | Memory profiling      |
-| Latency impact (p99)     | <2%                                                            | Performance tests     |
-| Trace completeness       | >99% spans with required attrs                                 | Validation script     |
-| Cross-node trace linkage | >90% of multi-hop transactions                                 | Integration tests     |
-
----
-
-## 6.9 Quick Wins and Crawl-Walk-Run Strategy
-
-> **TxQ** = Transaction Queue
-
-This section outlines a prioritized approach to maximize ROI with minimal initial investment.
-
-### 6.9.1 Crawl-Walk-Run Overview
-
-<div align="center">
-
-```mermaid
-flowchart TB
-    subgraph crawl["🐢 CRAWL (Week 1-2)"]
-        direction LR
-        c1[Core SDK Setup] ~~~ c2[RPC Tracing Only] ~~~ c3[PathFinding + TxQ Tracing] ~~~ c4[Single Node]
-    end
-
-    subgraph walk["🚶 WALK (Week 3-5)"]
-        direction LR
-        w1[Transaction Tracing] ~~~ w2[Fee Escalation Tracing] ~~~ w3[Cross-Node Context] ~~~ w4[Basic Dashboards]
-    end
-
-    subgraph run["🏃 RUN (Week 6-9)"]
-        direction LR
-        r1[Consensus Tracing] ~~~ r2[Validator, Amendment,<br/>SHAMap Tracing] ~~~ r3[Full Correlation] ~~~ r4[Production Deploy]
-    end
-
-    crawl --> walk --> run
-
-    style crawl fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style walk fill:#bf360c,stroke:#8c2809,color:#fff
-    style run fill:#0d47a1,stroke:#082f6a,color:#fff
-    style c1 fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style c2 fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style c3 fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style c4 fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style w1 fill:#ffe0b2,stroke:#ffcc80,color:#1e293b
-    style w2 fill:#ffe0b2,stroke:#ffcc80,color:#1e293b
-    style w3 fill:#ffe0b2,stroke:#ffcc80,color:#1e293b
-    style w4 fill:#ffe0b2,stroke:#ffcc80,color:#1e293b
-    style r1 fill:#0d47a1,stroke:#082f6a,color:#fff
-    style r2 fill:#0d47a1,stroke:#082f6a,color:#fff
-    style r3 fill:#0d47a1,stroke:#082f6a,color:#fff
-    style r4 fill:#0d47a1,stroke:#082f6a,color:#fff
-```
-
-</div>
-
-**Reading the diagram:**
-
-- **CRAWL (Weeks 1-2)**: Minimal investment -- set up the SDK, instrument RPC and PathFinding/TxQ handlers, and verify on a single node. Delivers immediate latency visibility.
-- **WALK (Weeks 3-5)**: Expand to transaction lifecycle tracing, fee escalation, cross-node context propagation, and basic Grafana dashboards. This is where distributed tracing starts working.
-- **RUN (Weeks 6-9)**: Full consensus instrumentation, validator/amendment/SHAMap tracing, end-to-end correlation, and production deployment with sampling and alerting.
-- **Arrows (crawl → walk → run)**: Each phase builds on the prior one; you cannot skip ahead because later phases depend on infrastructure established earlier.
-
-### 6.9.2 Quick Wins (Immediate Value)
-
-| Quick Win                      | Value  | When to Deploy |
-| ------------------------------ | ------ | -------------- |
-| **RPC Command Tracing**        | High   | Week 2         |
-| **RPC Latency Histograms**     | High   | Week 2         |
-| **Error Rate Dashboard**       | Medium | Week 2         |
-| **Transaction Submit Tracing** | High   | Week 3         |
-| **Consensus Round Duration**   | Medium | Week 6         |
-
-### 6.9.3 CRAWL Phase (Weeks 1-2)
-
-**Goal**: Get basic tracing working with minimal code changes.
-
-**What You Get**:
-
-- RPC request/response traces for all commands
-- Latency breakdown per RPC command
-- PathFinding and TxQ tracing (directly impacts RPC latency)
-- Error visibility with stack traces
-- Basic Grafana dashboard
-
-**Code Changes**: ~15 lines in `ServerHandler.cpp`, ~40 lines in new telemetry module
-
-**Why Start Here**:
-
-- RPC is the lowest-risk, highest-visibility component
-- PathFinding and TxQ are RPC-adjacent and directly affect latency
-- Immediate value for debugging client issues
-- No cross-node complexity
-- Single file modification to existing code
-
-### 6.9.4 WALK Phase (Weeks 3-5)
-
-**Goal**: Add transaction lifecycle tracing across nodes.
-
-**What You Get**:
-
-- End-to-end transaction traces from submit to relay
-- Fee escalation tracing within the transaction pipeline
-- Cross-node correlation (see transaction path)
-- HashRouter deduplication visibility
-- Relay latency metrics
-
-**Code Changes**: ~120 lines across 4 files, plus protobuf extension
-
-**Why Do This Second**:
-
-- Builds on RPC tracing (transactions submitted via RPC)
-- Fee escalation is integral to the transaction processing pipeline
-- Moderate complexity (requires context propagation)
-- High value for debugging transaction issues
-
-### 6.9.5 RUN Phase (Weeks 6-9)
-
-**Goal**: Full observability including consensus.
-
-**What You Get**:
-
-- Complete consensus round visibility
-- Phase transition timing
-- Validator proposal tracking
-- Validator list and manifest tracing
-- Amendment voting tracing
-- SHAMap sync tracing
-- Full end-to-end traces (client → RPC → TX → consensus → ledger)
-
-**Code Changes**: ~100 lines across 3 consensus files, plus validator/amendment/SHAMap modules
-
-**Why Do This Last**:
-
-- Highest complexity (consensus is critical path)
-- Validator, amendment, and SHAMap components are lower priority
-- Requires thorough testing
-- Lower relative value (consensus issues are rarer)
-
-### 6.9.6 ROI Prioritization Matrix
-
-```mermaid
-quadrantChart
-    title Implementation ROI Matrix
-    x-axis Low Effort --> High Effort
-    y-axis Low Value --> High Value
-    quadrant-1 Quick Wins - Do First
-    quadrant-2 Major Projects - Plan Carefully
-    quadrant-3 Nice to Have - Optional
-    quadrant-4 Time Sinks - Avoid
-
-    RPC Tracing: [0.15, 0.92]
-    TX Submit Trace: [0.3, 0.78]
-    TX Relay Trace: [0.5, 0.88]
-    Consensus Trace: [0.72, 0.72]
-    Peer Msg Trace: [0.85, 0.3]
-    Ledger Acquire: [0.55, 0.52]
-```
-
----
-
-## 6.10 Definition of Done
-
-> **TxQ** = Transaction Queue | **HA** = High Availability
-
-Clear, measurable criteria for each phase.
-
-### 6.10.1 Phase 1: Core Infrastructure
-
-| Criterion       | Measurement                                                | Target                       |
-| --------------- | ---------------------------------------------------------- | ---------------------------- |
-| SDK Integration | `cmake --build` succeeds with `-DXRPL_ENABLE_TELEMETRY=ON` | ✅ Compiles                  |
-| Runtime Toggle  | `enabled=0` produces zero overhead                         | <0.1% CPU difference         |
-| Span Creation   | Unit test creates and exports span                         | Span appears in Tempo        |
-| Configuration   | All config options parsed correctly                        | Config validation tests pass |
-| Documentation   | Developer guide exists                                     | PR approved                  |
-
-**Definition of Done**: All criteria met, PR merged, no regressions in CI.
-
-### 6.10.2 Phase 2: RPC Tracing
-
-| Criterion          | Measurement                        | Target                     |
-| ------------------ | ---------------------------------- | -------------------------- |
-| Coverage           | All RPC commands instrumented      | 100% of commands           |
-| Context Extraction | traceparent header propagates      | Integration test passes    |
-| Attributes         | Command, status, duration recorded | Validation script confirms |
-| Performance        | RPC latency overhead               | <1ms p99                   |
-| Dashboard          | Grafana dashboard deployed         | Screenshot in docs         |
-
-**Definition of Done**: RPC traces visible in Tempo for all commands, dashboard shows latency distribution.
-
-### 6.10.3 Phase 3: Transaction Tracing
-
-| Criterion        | Measurement                     | Target                             |
-| ---------------- | ------------------------------- | ---------------------------------- |
-| Local Trace      | Submit → validate → TxQ traced  | Single-node test passes            |
-| Cross-Node       | Context propagates via protobuf | Multi-node test passes             |
-| Relay Visibility | relay_count attribute correct   | Spot check 100 txs                 |
-| HashRouter       | Deduplication visible in trace  | Duplicate txs show suppressed=true |
-| Performance      | TX throughput overhead          | <5% degradation                    |
-
-**Definition of Done**: Transaction traces span 3+ nodes in test network, performance within bounds.
-
-### 6.10.4 Phase 4: Consensus Tracing
-
-| Criterion            | Measurement                   | Target                    |
-| -------------------- | ----------------------------- | ------------------------- |
-| Round Tracing        | startRound creates root span  | Unit test passes          |
-| Phase Visibility     | All phases have child spans   | Integration test confirms |
-| Proposer Attribution | Proposer ID in attributes     | Spot check 50 rounds      |
-| Timing Accuracy      | Phase durations match PerfLog | <5% variance              |
-| No Consensus Impact  | Round timing unchanged        | Performance test passes   |
-
-**Definition of Done**: Consensus rounds fully traceable, no impact on consensus timing.
-
-### 6.10.5 Phase 5: Production Deployment
-
-| Criterion    | Measurement                  | Target                     |
-| ------------ | ---------------------------- | -------------------------- |
-| Collector HA | Multiple collectors deployed | No single point of failure |
-| Sampling     | Tail sampling configured     | 10% base + errors + slow   |
-| Retention    | Data retained per policy     | 7 days hot, 30 days warm   |
-| Alerting     | Alerts configured            | Error spike, high latency  |
-| Runbook      | Operator documentation       | Approved by ops team       |
-| Training     | Team trained                 | Session completed          |
-
-**Definition of Done**: Telemetry running in production, operators trained, alerts active.
-
-### 6.10.6 Success Metrics Summary
-
-| Phase   | Primary Metric         | Secondary Metric            | Deadline      |
-| ------- | ---------------------- | --------------------------- | ------------- |
-| Phase 1 | SDK compiles and runs  | Zero overhead when disabled | End of Week 2 |
-| Phase 2 | 100% RPC coverage      | <1ms latency overhead       | End of Week 4 |
-| Phase 3 | Cross-node traces work | <5% throughput impact       | End of Week 6 |
-| Phase 4 | Consensus fully traced | No consensus timing impact  | End of Week 8 |
-| Phase 5 | Production deployment  | Operators trained           | End of Week 9 |
-
----
-
-## 6.11 Recommended Implementation Order
-
-Based on ROI analysis, implement in this exact order:
-
-```mermaid
-flowchart TB
-    subgraph week1["Week 1"]
-        t1[1. OpenTelemetry SDK<br/>Conan/CMake integration]
-        t2[2. Telemetry interface<br/>SpanGuard, config]
-    end
-
-    subgraph week2["Week 2"]
-        t3[3. RPC ServerHandler<br/>instrumentation]
-        t4[4. Basic Tempo setup<br/>for testing]
-    end
-
-    subgraph week3["Week 3"]
-        t5[5. Transaction submit<br/>tracing]
-        t6[6. Grafana dashboard<br/>v1]
-    end
-
-    subgraph week4["Week 4"]
-        t7[7. Protobuf context<br/>extension]
-        t8[8. PeerImp tx.relay<br/>instrumentation]
-    end
-
-    subgraph week5["Week 5"]
-        t9[9. Multi-node<br/>integration tests]
-        t10[10. Performance<br/>benchmarks]
-    end
-
-    subgraph week6_8["Weeks 6-8"]
-        t11[11. Consensus<br/>instrumentation]
-        t12[12. Full integration<br/>testing]
-    end
-
-    subgraph week9["Week 9"]
-        t13[13. Production<br/>deployment]
-        t14[14. Documentation<br/>& training]
-    end
-
-    t1 --> t2 --> t3 --> t4
-    t4 --> t5 --> t6
-    t6 --> t7 --> t8
-    t8 --> t9 --> t10
-    t10 --> t11 --> t12
-    t12 --> t13 --> t14
-
-    style week1 fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style week2 fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style week3 fill:#bf360c,stroke:#8c2809,color:#fff
-    style week4 fill:#bf360c,stroke:#8c2809,color:#fff
-    style week5 fill:#bf360c,stroke:#8c2809,color:#fff
-    style week6_8 fill:#0d47a1,stroke:#082f6a,color:#fff
-    style week9 fill:#4a148c,stroke:#2e0d57,color:#fff
-    style t1 fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style t2 fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style t3 fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style t4 fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style t5 fill:#ffe0b2,stroke:#ffcc80,color:#1e293b
-    style t6 fill:#ffe0b2,stroke:#ffcc80,color:#1e293b
-    style t7 fill:#ffe0b2,stroke:#ffcc80,color:#1e293b
-    style t8 fill:#ffe0b2,stroke:#ffcc80,color:#1e293b
-    style t9 fill:#ffe0b2,stroke:#ffcc80,color:#1e293b
-    style t10 fill:#ffe0b2,stroke:#ffcc80,color:#1e293b
-    style t11 fill:#0d47a1,stroke:#082f6a,color:#fff
-    style t12 fill:#0d47a1,stroke:#082f6a,color:#fff
-    style t13 fill:#4a148c,stroke:#2e0d57,color:#fff
-    style t14 fill:#4a148c,stroke:#2e0d57,color:#fff
-```
-
-**Reading the diagram:**
-
-- **Week 1 (tasks 1-2)**: Foundation work -- integrate the OpenTelemetry SDK via Conan/CMake and build the `Telemetry` interface with `SpanGuard` and config parsing.
-- **Week 2 (tasks 3-4)**: First observable output -- instrument `ServerHandler` for RPC tracing and stand up Tempo so developers can see traces immediately.
-- **Weeks 3-5 (tasks 5-10)**: Transaction lifecycle -- add submit tracing, build the first Grafana dashboard, extend protobuf for cross-node context, instrument `PeerImp` relay, then validate with multi-node integration tests and performance benchmarks.
-- **Weeks 6-8 (tasks 11-12)**: Consensus deep-dive -- instrument consensus rounds and phases, then run full integration testing across all instrumented paths.
-- **Week 9 (tasks 13-14)**: Go-live -- deploy to production with sampling/alerting configured, and deliver documentation and operator training.
-- **Arrow chain (t1 → ... → t14)**: Strict sequential dependency; each task's output is a prerequisite for the next.
-
----
-
-_Previous: [Configuration Reference](./05-configuration-reference.md)_ | _Next: [Observability Backends](./07-observability-backends.md)_ | _Back to: [Overview](./OpenTelemetryPlan.md)_

OpenTelemetryPlan/07-observability-backends.md

@@ -1,641 +0,0 @@
-# Observability Backend Recommendations
-
-> **Parent Document**: [OpenTelemetryPlan.md](./OpenTelemetryPlan.md)
-> **Related**: [Implementation Phases](./06-implementation-phases.md) | [Appendix](./08-appendix.md)
-
----
-
-## 7.1 Development/Testing Backends
-
-> **OTLP** = OpenTelemetry Protocol
-
-| Backend    | Pros                                | Cons                   | Use Case            |
-| ---------- | ----------------------------------- | ---------------------- | ------------------- |
-| **Tempo**  | Cost-effective, Grafana integration | Requires Grafana stack | Local dev, CI, Prod |
-| **Zipkin** | Simple, lightweight                 | Basic features         | Quick prototyping   |
-
-### Quick Start with Tempo
-
-```bash
-# Start Tempo with OTLP support
-docker run -d --name tempo \
-    -p 3200:3200 \
-    -p 4317:4317 \
-    -p 4318:4318 \
-    grafana/tempo:2.6.1
-```
-
----
-
-## 7.2 Production Backends
-
-> **APM** = Application Performance Monitoring
-
-| Backend           | Pros                                      | Cons                   | Use Case                    |
-| ----------------- | ----------------------------------------- | ---------------------- | --------------------------- |
-| **Grafana Tempo** | Cost-effective, Grafana integration       | Requires Grafana stack | Most production deployments |
-| **Elastic APM**   | Full observability stack, log correlation | Resource intensive     | Existing Elastic users      |
-| **Honeycomb**     | Excellent query, high cardinality         | SaaS cost              | Deep debugging needs        |
-| **Datadog APM**   | Full platform, easy setup                 | SaaS cost              | Enterprise with budget      |
-
-### Backend Selection Flowchart
-
-```mermaid
-flowchart TD
-    start[Select Backend] --> budget{Budget<br/>Constraints?}
-
-    budget -->|Yes| oss[Open Source]
-    budget -->|No| saas{Prefer<br/>SaaS?}
-
-    oss --> existing{Existing<br/>Stack?}
-    existing -->|Grafana| tempo[Grafana Tempo]
-    existing -->|Elastic| elastic[Elastic APM]
-    existing -->|None| tempo
-
-    saas -->|Yes| enterprise{Enterprise<br/>Support?}
-    saas -->|No| oss
-
-    enterprise -->|Yes| datadog[Datadog APM]
-    enterprise -->|No| honeycomb[Honeycomb]
-
-    tempo --> final[Configure Collector]
-    elastic --> final
-    honeycomb --> final
-    datadog --> final
-
-    style start fill:#0f172a,stroke:#020617,color:#fff
-    style budget fill:#334155,stroke:#1e293b,color:#fff
-    style oss fill:#1e293b,stroke:#0f172a,color:#fff
-    style existing fill:#334155,stroke:#1e293b,color:#fff
-    style saas fill:#334155,stroke:#1e293b,color:#fff
-    style enterprise fill:#334155,stroke:#1e293b,color:#fff
-    style final fill:#0f172a,stroke:#020617,color:#fff
-    style tempo fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style elastic fill:#bf360c,stroke:#8c2809,color:#fff
-    style honeycomb fill:#0d47a1,stroke:#082f6a,color:#fff
-    style datadog fill:#4a148c,stroke:#2e0d57,color:#fff
-```
-
-**Reading the diagram:**
-
-- **Budget Constraints? (Yes)**: Leads to open-source options. If you already run Grafana or Elastic, pick the matching backend; otherwise default to Grafana Tempo.
-- **Budget Constraints? (No) → Prefer SaaS?**: If you want a managed service, choose between Datadog (enterprise support) and Honeycomb (developer-focused). If not, fall back to open-source.
-- **Terminal nodes (Tempo / Elastic / Honeycomb / Datadog)**: Each represents a concrete backend choice, all of which feed into the same final step.
-- **Configure Collector**: Regardless of backend, you always finish by configuring the OTel Collector to export to your chosen destination.
-
----
-
-## 7.3 Recommended Production Architecture
-
-> **OTLP** = OpenTelemetry Protocol | **APM** = Application Performance Monitoring | **HA** = High Availability
-
-```mermaid
-flowchart TB
-    subgraph validators["Validator Nodes"]
-        v1[xrpld<br/>Validator 1]
-        v2[xrpld<br/>Validator 2]
-    end
-
-    subgraph stock["Stock Nodes"]
-        s1[xrpld<br/>Stock 1]
-        s2[xrpld<br/>Stock 2]
-    end
-
-    subgraph collector["OTel Collector Cluster"]
-        c1[Collector<br/>DC1]
-        c2[Collector<br/>DC2]
-    end
-
-    subgraph backends["Storage Backends"]
-        tempo[(Grafana<br/>Tempo)]
-        elastic[(Elastic<br/>APM)]
-        archive[(S3/GCS<br/>Archive)]
-    end
-
-    subgraph ui["Visualization"]
-        grafana[Grafana<br/>Dashboards]
-    end
-
-    v1 -->|OTLP| c1
-    v2 -->|OTLP| c1
-    s1 -->|OTLP| c2
-    s2 -->|OTLP| c2
-
-    c1 --> tempo
-    c1 --> elastic
-    c2 --> tempo
-    c2 --> archive
-
-    tempo --> grafana
-    elastic --> grafana
-
-    %% Note: simplified single-collector-per-DC topology shown for clarity
-
-    style validators fill:#b71c1c,stroke:#7f1d1d,color:#ffffff
-    style stock fill:#0d47a1,stroke:#082f6a,color:#ffffff
-    style collector fill:#bf360c,stroke:#8c2809,color:#ffffff
-    style backends fill:#1b5e20,stroke:#0d3d14,color:#ffffff
-    style ui fill:#4a148c,stroke:#2e0d57,color:#ffffff
-```
-
-**Reading the diagram:**
-
-- **Validator / Stock Nodes**: All xrpld nodes emit trace data via OTLP. Validators and stock nodes are grouped separately because they may reside in different network zones.
-- **Collector Cluster (DC1, DC2)**: Regional collectors receive OTLP from nodes in their datacenter, apply processing (sampling, enrichment), and fan out to multiple backends.
-- **Storage Backends**: Tempo and Elastic provide queryable trace storage; S3/GCS Archive provides long-term cold storage for compliance or post-incident analysis.
-- **Grafana Dashboards**: The single visualization layer that queries both Tempo and Elastic, giving operators a unified view of all traces.
-- **Data flow direction**: Nodes → Collectors → Storage → Grafana. Each arrow represents a network hop; minimizing collector-to-backend hops reduces latency.
-
-> **Note**: Production deployments should use multiple collector instances behind a load balancer for high availability. The diagram shows a simplified single-collector topology for clarity.
-
----
-
-## 7.4 Architecture Considerations
-
-### 7.4.1 Collector Placement
-
-| Strategy      | Description          | Pros                     | Cons                    |
-| ------------- | -------------------- | ------------------------ | ----------------------- |
-| **Sidecar**   | Collector per node   | Isolation, simple config | Resource overhead       |
-| **DaemonSet** | Collector per host   | Shared resources         | Complexity              |
-| **Gateway**   | Central collector(s) | Centralized processing   | Single point of failure |
-
-**Recommendation**: Use **Gateway** pattern with regional collectors for xrpld networks:
-
-- One collector cluster per datacenter/region
-- Tail-based sampling at collector level
-- Multiple export destinations for redundancy
-
-### 7.4.2 Sampling Strategy
-
-```mermaid
-flowchart LR
-    subgraph head["Head Sampling (Node)"]
-        hs[Node-level head sampling<br/>configurable, default: 100%<br/>recommended production: 10%]
-    end
-
-    subgraph tail["Tail Sampling (Collector)"]
-        ts1[Keep all errors]
-        ts2[Keep slow >5s]
-        ts3[Keep 10% rest]
-    end
-
-    head --> tail
-
-    ts1 --> final[Final Traces]
-    ts2 --> final
-    ts3 --> final
-
-    style head fill:#0d47a1,stroke:#082f6a,color:#fff
-    style tail fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style hs fill:#0d47a1,stroke:#082f6a,color:#fff
-    style ts1 fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style ts2 fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style ts3 fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style final fill:#bf360c,stroke:#8c2809,color:#fff
-```
-
-**Reading the diagram:**
-
-- **Head Sampling (Node)**: The first filter -- each xrpld node decides whether to sample a trace at creation time (default 100%, recommended 10% in production). This controls the volume leaving the node.
-- **Tail Sampling (Collector)**: The second filter -- the collector inspects completed traces and applies rules: keep all errors, keep anything slower than 5 seconds, and keep 10% of the remainder.
-- **Arrow head → tail**: All head-sampled traces flow to the collector, where tail sampling further reduces volume while preserving the most valuable data.
-- **Final Traces**: The output after both sampling stages; this is what gets stored and queried. The two-stage approach balances cost with debuggability.
-
-### 7.4.3 Data Retention
-
-| Environment | Hot Storage | Warm Storage | Cold Archive |
-| ----------- | ----------- | ------------ | ------------ |
-| Development | 24 hours    | N/A          | N/A          |
-| Staging     | 7 days      | N/A          | N/A          |
-| Production  | 7 days      | 30 days      | many years   |
-
----
-
-## 7.5 Integration Checklist
-
-- [ ] Choose primary backend (Tempo recommended for cost/features)
-- [ ] Deploy collector cluster with high availability
-- [ ] Configure tail-based sampling for error/latency traces
-- [ ] Set up Grafana dashboards for trace visualization
-- [ ] Configure alerts for trace anomalies
-- [ ] Establish data retention policies
-- [ ] Test trace correlation with logs and metrics
-
----
-
-## 7.6 Grafana Dashboard Examples
-
-Pre-built dashboards for xrpld observability.
-
-### 7.6.1 Consensus Health Dashboard
-
-```json
-{
-  "title": "xrpld Consensus Health",
-  "uid": "xrpld-consensus-health",
-  "tags": ["xrpld", "consensus", "tracing"],
-  "panels": [
-    {
-      "title": "Consensus Round Duration",
-      "type": "timeseries",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\" && name=\"consensus.round\"} | avg(duration) by (resource.service.instance.id)"
-        }
-      ],
-      "fieldConfig": {
-        "defaults": {
-          "unit": "ms",
-          "thresholds": {
-            "steps": [
-              { "color": "green", "value": null },
-              { "color": "yellow", "value": 4000 },
-              { "color": "red", "value": 5000 }
-            ]
-          }
-        }
-      },
-      "gridPos": { "h": 8, "w": 12, "x": 0, "y": 0 }
-    },
-    {
-      "title": "Phase Duration Breakdown",
-      "type": "barchart",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\" && name=~\"consensus.phase.*\"} | avg(duration) by (name)"
-        }
-      ],
-      "gridPos": { "h": 8, "w": 12, "x": 12, "y": 0 }
-    },
-    {
-      "title": "Proposers per Round",
-      "type": "stat",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\" && name=\"consensus.round\"} | avg(span.xrpl.consensus.proposers)"
-        }
-      ],
-      "gridPos": { "h": 4, "w": 6, "x": 0, "y": 8 }
-    },
-    {
-      "title": "Recent Slow Rounds (>5s)",
-      "type": "table",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\" && name=\"consensus.round\"} | duration > 5s"
-        }
-      ],
-      "gridPos": { "h": 8, "w": 24, "x": 0, "y": 12 }
-    }
-  ]
-}
-```
-
-### 7.6.2 Node Overview Dashboard
-
-```json
-{
-  "title": "xrpld Node Overview",
-  "uid": "xrpld-node-overview",
-  "panels": [
-    {
-      "title": "Active Nodes",
-      "type": "stat",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\"} | count_over_time() by (resource.service.instance.id) | count()"
-        }
-      ],
-      "gridPos": { "h": 4, "w": 4, "x": 0, "y": 0 }
-    },
-    {
-      "title": "Total Transactions (1h)",
-      "type": "stat",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\" && name=\"tx.receive\"} | count()"
-        }
-      ],
-      "gridPos": { "h": 4, "w": 4, "x": 4, "y": 0 }
-    },
-    {
-      "title": "Error Rate",
-      "type": "gauge",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\" && status.code=error} | rate() / {resource.service.name=\"xrpld\"} | rate() * 100"
-        }
-      ],
-      "fieldConfig": {
-        "defaults": {
-          "unit": "percent",
-          "max": 10,
-          "thresholds": {
-            "steps": [
-              { "color": "green", "value": null },
-              { "color": "yellow", "value": 1 },
-              { "color": "red", "value": 5 }
-            ]
-          }
-        }
-      },
-      "gridPos": { "h": 4, "w": 4, "x": 8, "y": 0 }
-    },
-    {
-      "title": "Service Map",
-      "type": "nodeGraph",
-      "datasource": "Tempo",
-      "gridPos": { "h": 12, "w": 12, "x": 12, "y": 0 }
-    }
-  ]
-}
-```
-
-### 7.6.3 Alert Rules
-
-```yaml
-# grafana/provisioning/alerting/rippled-alerts.yaml
-apiVersion: 1
-
-groups:
-  - name: xrpld-tracing-alerts
-    folder: xrpld
-    interval: 1m
-    rules:
-      - uid: consensus-slow
-        title: Consensus Round Slow
-        condition: A
-        data:
-          - refId: A
-            datasourceUid: tempo
-            model:
-              queryType: traceql
-              query: '{resource.service.name="xrpld" && name="consensus.round"} | avg(duration) > 5s'
-              # Note: Verify TraceQL aggregate queries are supported by your
-              # Tempo version. Aggregate alerting (e.g., avg(duration)) requires
-              # Tempo 2.3+ with TraceQL metrics enabled.
-        for: 5m
-        annotations:
-          summary: Consensus rounds taking >5 seconds
-          description: "Consensus duration: {{ $value }}ms"
-        labels:
-          severity: warning
-
-      - uid: rpc-error-spike
-        title: RPC Error Rate Spike
-        condition: B
-        data:
-          - refId: B
-            datasourceUid: tempo
-            model:
-              queryType: traceql
-              query: '{resource.service.name="xrpld" && name=~"rpc.command.*" && status.code=error} | rate() > 0.05'
-              # Note: Verify TraceQL aggregate queries are supported by your
-              # Tempo version. Aggregate alerting (e.g., rate()) requires
-              # Tempo 2.3+ with TraceQL metrics enabled.
-        for: 2m
-        annotations:
-          summary: RPC error rate >5%
-        labels:
-          severity: critical
-
-      - uid: tx-throughput-drop
-        title: Transaction Throughput Drop
-        condition: C
-        data:
-          - refId: C
-            datasourceUid: tempo
-            model:
-              queryType: traceql
-              query: '{resource.service.name="xrpld" && name="tx.receive"} | rate() < 10'
-        for: 10m
-        annotations:
-          summary: Transaction throughput below threshold
-        labels:
-          severity: warning
-```
-
----
-
-## 7.7 PerfLog and Insight Correlation
-
-> **OTLP** = OpenTelemetry Protocol
-
-How to correlate OpenTelemetry traces with existing xrpld observability.
-
-### 7.7.1 Correlation Architecture
-
-```mermaid
-flowchart TB
-    subgraph xrpld["xrpld Node"]
-        otel[OpenTelemetry<br/>Spans]
-        perflog[PerfLog<br/>JSON Logs]
-        insight[Beast Insight<br/>StatsD Metrics]
-    end
-
-    subgraph collectors["Data Collection"]
-        otelc[OTel Collector]
-        promtail[Promtail/Fluentd]
-        statsd[StatsD Exporter]
-    end
-
-    subgraph storage["Storage"]
-        tempo[(Tempo)]
-        loki[(Loki)]
-        prom[(Prometheus)]
-    end
-
-    subgraph grafana["Grafana"]
-        traces[Trace View]
-        logs[Log View]
-        metrics[Metrics View]
-        corr[Correlation<br/>Panel]
-    end
-
-    otel -->|OTLP| otelc --> tempo
-    perflog -->|JSON| promtail --> loki
-    insight -->|StatsD| statsd --> prom
-
-    tempo --> traces
-    loki --> logs
-    prom --> metrics
-
-    traces --> corr
-    logs --> corr
-    metrics --> corr
-
-    style xrpld fill:#0d47a1,stroke:#082f6a,color:#fff
-    style collectors fill:#bf360c,stroke:#8c2809,color:#fff
-    style storage fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style grafana fill:#4a148c,stroke:#2e0d57,color:#fff
-    style otel fill:#0d47a1,stroke:#082f6a,color:#fff
-    style perflog fill:#0d47a1,stroke:#082f6a,color:#fff
-    style insight fill:#0d47a1,stroke:#082f6a,color:#fff
-    style otelc fill:#bf360c,stroke:#8c2809,color:#fff
-    style promtail fill:#bf360c,stroke:#8c2809,color:#fff
-    style statsd fill:#bf360c,stroke:#8c2809,color:#fff
-    style tempo fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style loki fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style prom fill:#1b5e20,stroke:#0d3d14,color:#fff
-    style traces fill:#4a148c,stroke:#2e0d57,color:#fff
-    style logs fill:#4a148c,stroke:#2e0d57,color:#fff
-    style metrics fill:#4a148c,stroke:#2e0d57,color:#fff
-    style corr fill:#4a148c,stroke:#2e0d57,color:#fff
-```
-
-**Reading the diagram:**
-
-- **xrpld Node (three sources)**: A single node emits three independent data streams -- OpenTelemetry spans, PerfLog JSON logs, and Beast Insight StatsD metrics.
-- **Data Collection layer**: Each stream has its own collector -- OTel Collector for spans, Promtail/Fluentd for logs, and a StatsD exporter for metrics. They operate independently.
-- **Storage layer (Tempo, Loki, Prometheus)**: Each data type lands in a purpose-built store optimized for its query patterns (trace search, log grep, metric aggregation).
-- **Grafana Correlation Panel**: The key integration point -- Grafana queries all three stores and links them via shared fields (`trace_id`, `xrpl.tx.hash`, `ledger_seq`), enabling a single-pane debugging experience.
-
-### 7.7.2 Correlation Fields
-
-| Source      | Field                       | Link To       | Purpose                    |
-| ----------- | --------------------------- | ------------- | -------------------------- |
-| **Trace**   | `trace_id`                  | Logs          | Find log entries for trace |
-| **Trace**   | `xrpl.tx.hash`              | Logs, Metrics | Find TX-related data       |
-| **Trace**   | `xrpl.consensus.ledger.seq` | Logs          | Find ledger-related logs   |
-| **PerfLog** | `trace_id` (new)            | Traces        | Jump to trace from log     |
-| **PerfLog** | `ledger_seq`                | Traces        | Find consensus trace       |
-| **Insight** | `exemplar.trace_id`         | Traces        | Jump from metric spike     |
-
-### 7.7.3 Example: Debugging a Slow Transaction
-
-**Step 1: Find the trace**
-
-```
-# In Grafana Explore with Tempo
-{resource.service.name="xrpld" && span.xrpl.tx.hash="ABC123..."}
-```
-
-**Step 2: Get the trace_id from the trace view**
-
-```
-Trace ID: 4bf92f3577b34da6a3ce929d0e0e4736
-```
-
-**Step 3: Find related PerfLog entries**
-
-```
-# In Grafana Explore with Loki
-{job="xrpld"} |= "4bf92f3577b34da6a3ce929d0e0e4736"
-```
-
-**Step 4: Check Insight metrics for the time window**
-
-```
-# In Grafana with Prometheus
-rate(xrpld_tx_applied_total[1m])
-  @ timestamp_from_trace
-```
-
-### 7.7.4 Unified Dashboard Example
-
-```json
-{
-  "title": "xrpld Unified Observability",
-  "uid": "xrpld-unified",
-  "panels": [
-    {
-      "title": "Transaction Latency (Traces)",
-      "type": "timeseries",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\" && name=\"tx.receive\"} | histogram_over_time(duration)"
-        }
-      ],
-      "gridPos": { "h": 6, "w": 8, "x": 0, "y": 0 }
-    },
-    {
-      "title": "Transaction Rate (Metrics)",
-      "type": "timeseries",
-      "datasource": "Prometheus",
-      "targets": [
-        {
-          "expr": "rate(xrpld_tx_received_total[5m])",
-          "legendFormat": "{{ instance }}"
-        }
-      ],
-      "fieldConfig": {
-        "defaults": {
-          "links": [
-            {
-              "title": "View traces",
-              "url": "/explore?left={\"datasource\":\"Tempo\",\"query\":\"{resource.service.name=\\\"xrpld\\\" && name=\\\"tx.receive\\\"}\"}"
-            }
-          ]
-        }
-      },
-      "gridPos": { "h": 6, "w": 8, "x": 8, "y": 0 }
-    },
-    {
-      "title": "Recent Logs",
-      "type": "logs",
-      "datasource": "Loki",
-      "targets": [
-        {
-          "expr": "{job=\"xrpld\"} | json"
-        }
-      ],
-      "gridPos": { "h": 6, "w": 8, "x": 16, "y": 0 }
-    },
-    {
-      "title": "Trace Search",
-      "type": "table",
-      "datasource": "Tempo",
-      "targets": [
-        {
-          "queryType": "traceql",
-          "query": "{resource.service.name=\"xrpld\"}"
-        }
-      ],
-      "fieldConfig": {
-        "overrides": [
-          {
-            "matcher": { "id": "byName", "options": "traceID" },
-            "properties": [
-              {
-                "id": "links",
-                "value": [
-                  {
-                    "title": "View trace",
-                    "url": "/explore?left={\"datasource\":\"Tempo\",\"query\":\"${__value.raw}\"}"
-                  },
-                  {
-                    "title": "View logs",
-                    "url": "/explore?left={\"datasource\":\"Loki\",\"query\":\"{job=\\\"xrpld\\\"} |= \\\"${__value.raw}\\\"\"}"
-                  }
-                ]
-              }
-            ]
-          }
-        ]
-      },
-      "gridPos": { "h": 12, "w": 24, "x": 0, "y": 6 }
-    }
-  ]
-}
-```
-
----
-
-_Previous: [Implementation Phases](./06-implementation-phases.md)_ | _Next: [Appendix](./08-appendix.md)_ | _Back to: [Overview](./OpenTelemetryPlan.md)_

OpenTelemetryPlan/08-appendix.md

@@ -1,200 +0,0 @@
-# Appendix
-
-> **Parent Document**: [OpenTelemetryPlan.md](./OpenTelemetryPlan.md)
-> **Related**: [Observability Backends](./07-observability-backends.md)
-
----
-
-## 8.1 Glossary
-
-> **OTLP** = OpenTelemetry Protocol | **TxQ** = Transaction Queue
-
-| Term                  | Definition                                                 |
-| --------------------- | ---------------------------------------------------------- |
-| **Span**              | A unit of work with start/end time, name, and attributes   |
-| **Trace**             | A collection of spans representing a complete request flow |
-| **Trace ID**          | 128-bit unique identifier for a trace                      |
-| **Span ID**           | 64-bit unique identifier for a span within a trace         |
-| **Context**           | Carrier for trace/span IDs across boundaries               |
-| **Propagator**        | Component that injects/extracts context                    |
-| **Sampler**           | Decides which traces to record                             |
-| **Exporter**          | Sends spans to backend                                     |
-| **Collector**         | Receives, processes, and forwards telemetry                |
-| **OTLP**              | OpenTelemetry Protocol (wire format)                       |
-| **W3C Trace Context** | Standard HTTP headers for trace propagation                |
-| **Baggage**           | Key-value pairs propagated across service boundaries       |
-| **Resource**          | Entity producing telemetry (service, host, etc.)           |
-| **Instrumentation**   | Code that creates telemetry data                           |
-
-### xrpld-Specific Terms
-
-| Term              | Definition                                                    |
-| ----------------- | ------------------------------------------------------------- |
-| **Overlay**       | P2P network layer managing peer connections                   |
-| **Consensus**     | XRP Ledger consensus algorithm (RCL)                          |
-| **Proposal**      | Validator's suggested transaction set for a ledger            |
-| **Validation**    | Validator's signature on a closed ledger                      |
-| **HashRouter**    | Component for transaction deduplication                       |
-| **JobQueue**      | Thread pool for asynchronous task execution                   |
-| **PerfLog**       | Existing performance logging system in xrpld                  |
-| **Beast Insight** | Existing metrics framework in xrpld                           |
-| **PathFinding**   | Payment path computation engine for cross-currency payments   |
-| **TxQ**           | Transaction queue managing fee-based prioritization           |
-| **LoadManager**   | Dynamic fee escalation based on network load                  |
-| **SHAMap**        | SHA-256 hash-based map (Merkle trie variant) for ledger state |
-
----
-
-## 8.2 Span Hierarchy Visualization
-
-> **TxQ** = Transaction Queue
-
-```mermaid
-flowchart TB
-    subgraph trace["Trace: Transaction Lifecycle"]
-        rpc["rpc.request<br/>(entry point)"]
-        validate["tx.validate"]
-        relay["tx.relay<br/>(parent span)"]
-
-        subgraph peers["Peer Spans"]
-            p1["peer.send<br/>Peer A"]
-            p2["peer.send<br/>Peer B"]
-            p3["peer.send<br/>Peer C"]
-        end
-
-        subgraph pathfinding["PathFinding Spans"]
-            pathfind["pathfind.request"]
-            pathcomp["pathfind.compute"]
-        end
-
-        consensus["consensus.round"]
-        apply["tx.apply"]
-
-        subgraph txqueue["TxQ Spans"]
-            txq["txq.enqueue"]
-            txqApply["txq.apply"]
-        end
-
-        feeCalc["fee.escalate"]
-    end
-
-    subgraph validators["Validator Spans"]
-        valFetch["validator.list.fetch"]
-        valManifest["validator.manifest"]
-    end
-
-    rpc --> validate
-    rpc --> pathfind
-    pathfind --> pathcomp
-    validate --> relay
-    relay --> p1
-    relay --> p2
-    relay --> p3
-    p1 -.->|"context propagation"| consensus
-    consensus --> apply
-    apply --> txq
-    txq --> txqApply
-    txq --> feeCalc
-
-    style trace fill:#0f172a,stroke:#020617,color:#fff
-    style peers fill:#1e3a8a,stroke:#172554,color:#fff
-    style pathfinding fill:#134e4a,stroke:#0f766e,color:#fff
-    style txqueue fill:#064e3b,stroke:#047857,color:#fff
-    style validators fill:#4c1d95,stroke:#6d28d9,color:#fff
-    style rpc fill:#1d4ed8,stroke:#1e40af,color:#fff
-    style validate fill:#047857,stroke:#064e3b,color:#fff
-    style relay fill:#047857,stroke:#064e3b,color:#fff
-    style p1 fill:#0e7490,stroke:#155e75,color:#fff
-    style p2 fill:#0e7490,stroke:#155e75,color:#fff
-    style p3 fill:#0e7490,stroke:#155e75,color:#fff
-    style consensus fill:#fef3c7,stroke:#fde68a,color:#1e293b
-    style apply fill:#047857,stroke:#064e3b,color:#fff
-    style pathfind fill:#0e7490,stroke:#155e75,color:#fff
-    style pathcomp fill:#0e7490,stroke:#155e75,color:#fff
-    style txq fill:#047857,stroke:#064e3b,color:#fff
-    style txqApply fill:#047857,stroke:#064e3b,color:#fff
-    style feeCalc fill:#047857,stroke:#064e3b,color:#fff
-    style valFetch fill:#6d28d9,stroke:#4c1d95,color:#fff
-    style valManifest fill:#6d28d9,stroke:#4c1d95,color:#fff
-```
-
-**Reading the diagram:**
-
-- **rpc.request (blue, top)**: The entry point — every traced transaction starts as an RPC call; this root span is the parent of all downstream work.
-- **tx.validate and pathfind.request (green/teal, first fork)**: The RPC request fans out into transaction validation and, for cross-currency payments, a PathFinding branch (`pathfind.request` -> `pathfind.compute`).
-- **tx.relay -> Peer Spans (teal, middle)**: After validation, the transaction is relayed to peers A, B, and C in parallel; each `peer.send` is a sibling child span showing fan-out across the network.
-- **context propagation (dashed arrow)**: The dotted line from `peer.send Peer A` to `consensus.round` represents the trace context crossing a node boundary — the receiving validator picks up the same `trace_id` and continues the trace.
-- **consensus.round -> tx.apply -> TxQ Spans (green, lower)**: Once consensus accepts the transaction, it is applied to the ledger; the TxQ spans (`txq.enqueue`, `txq.apply`, `fee.escalate`) capture queue depth and fee escalation behavior.
-- **Validator Spans (purple, detached)**: `validator.list.fetch` and `validator.manifest` are independent workflows for UNL management — they run on their own traces and are linked to consensus via Span Links, not parent-child relationships.
-
----
-
-## 8.3 References
-
-> **OTLP** = OpenTelemetry Protocol
-
-### OpenTelemetry Resources
-
-1. [OpenTelemetry C++ SDK](https://github.com/open-telemetry/opentelemetry-cpp)
-2. [OpenTelemetry Specification](https://opentelemetry.io/docs/specs/otel/)
-3. [OpenTelemetry Collector](https://opentelemetry.io/docs/collector/)
-4. [OTLP Protocol Specification](https://opentelemetry.io/docs/specs/otlp/)
-
-### Standards
-
-5. [W3C Trace Context](https://www.w3.org/TR/trace-context/)
-6. [W3C Baggage](https://www.w3.org/TR/baggage/)
-7. [Protocol Buffers](https://protobuf.dev/)
-
-### xrpld Resources
-
-8. [xrpld Source Code](https://github.com/XRPLF/rippled)
-9. [XRP Ledger Documentation](https://xrpl.org/docs/)
-10. [xrpld Overlay README](https://github.com/XRPLF/rippled/blob/develop/src/xrpld/overlay/README.md)
-11. [xrpld RPC README](https://github.com/XRPLF/rippled/blob/develop/src/xrpld/rpc/README.md)
-12. [xrpld Consensus README](https://github.com/XRPLF/rippled/blob/develop/src/xrpld/app/consensus/README.md)
-
----
-
-## 8.4 Version History
-
-| Version | Date       | Author | Changes                                                        |
-| ------- | ---------- | ------ | -------------------------------------------------------------- |
-| 1.0     | 2026-02-12 | -      | Initial implementation plan                                    |
-| 1.1     | 2026-02-13 | -      | Refactored into modular documents                              |
-| 1.2     | 2026-03-24 | -      | Review fixes: accuracy corrections, cross-document consistency |
-
----
-
-## 8.5 Document Index
-
-### Plan Documents
-
-| Document                                                         | Description                                  |
-| ---------------------------------------------------------------- | -------------------------------------------- |
-| [OpenTelemetryPlan.md](./OpenTelemetryPlan.md)                   | Master overview and executive summary        |
-| [00-tracing-fundamentals.md](./00-tracing-fundamentals.md)       | Distributed tracing concepts and OTel primer |
-| [01-architecture-analysis.md](./01-architecture-analysis.md)     | xrpld architecture and trace points          |
-| [02-design-decisions.md](./02-design-decisions.md)               | SDK selection, exporters, span conventions   |
-| [03-implementation-strategy.md](./03-implementation-strategy.md) | Directory structure, performance analysis    |
-| [04-code-samples.md](./04-code-samples.md)                       | C++ code examples for all components         |
-| [05-configuration-reference.md](./05-configuration-reference.md) | xrpld config, CMake, Collector configs       |
-| [06-implementation-phases.md](./06-implementation-phases.md)     | Timeline, tasks, risks, success metrics      |
-| [07-observability-backends.md](./07-observability-backends.md)   | Backend selection and architecture           |
-| [08-appendix.md](./08-appendix.md)                               | Glossary, references, version history        |
-| [presentation.md](./presentation.md)                             | Slide deck for OTel plan overview            |
-
-### Task Lists
-
-| Document                                   | Description                                         |
-| ------------------------------------------ | --------------------------------------------------- |
-| [POC_taskList.md](./POC_taskList.md)       | Proof-of-concept telemetry integration              |
-| [Phase2_taskList.md](./Phase2_taskList.md) | RPC layer trace instrumentation                     |
-| [Phase3_taskList.md](./Phase3_taskList.md) | Peer overlay & consensus tracing                    |
-| [Phase4_taskList.md](./Phase4_taskList.md) | Transaction lifecycle tracing                       |
-| [Phase5_taskList.md](./Phase5_taskList.md) | Ledger processing & advanced tracing                |
-| [presentation.md](./presentation.md)       | Presentation slides for OpenTelemetry plan overview |
-
----
-
-_Previous: [Observability Backends](./07-observability-backends.md)_ | _Back to: [Overview](./OpenTelemetryPlan.md)_

OpenTelemetryPlan/OpenTelemetryPlan.md

@@ -1,231 +0,0 @@
-# [OpenTelemetry](00-tracing-fundamentals.md) Distributed Tracing Implementation Plan for xrpld (xrpld)
-
-## Executive Summary
-
-> **OTLP** = OpenTelemetry Protocol
-
-This document provides a comprehensive implementation plan for integrating OpenTelemetry distributed tracing into the xrpld XRP Ledger node software. The plan addresses the unique challenges of a decentralized peer-to-peer system where trace context must propagate across network boundaries between independent nodes.
-
-### Key Benefits
-
-- **End-to-end transaction visibility**: Track transactions from submission through consensus to ledger inclusion
-- **Consensus round analysis**: Understand timing and behavior of consensus phases across validators
-- **RPC performance insights**: Identify slow handlers and optimize response times
-- **Network topology understanding**: Visualize message propagation patterns between peers
-- **Incident debugging**: Correlate events across distributed nodes during issues
-
-### Estimated Performance Overhead
-
-| Metric        | Overhead   | Notes                               |
-| ------------- | ---------- | ----------------------------------- |
-| CPU           | 1-3%       | Span creation and attribute setting |
-| Memory        | 2-5 MB     | Batch buffer for pending spans      |
-| Network       | 10-50 KB/s | Compressed OTLP export to collector |
-| Latency (p99) | <2%        | With proper sampling configuration  |
-
----
-
-## Document Structure
-
-This implementation plan is organized into modular documents for easier navigation:
-
-<div align="center">
-
-```mermaid
-flowchart TB
-    overview["📋 OpenTelemetryPlan.md<br/>(This Document)"]
-
-    subgraph fundamentals["Fundamentals"]
-        fund["00-tracing-fundamentals.md"]
-    end
-
-    subgraph analysis["Analysis & Design"]
-        arch["01-architecture-analysis.md"]
-        design["02-design-decisions.md"]
-    end
-
-    subgraph impl["Implementation"]
-        strategy["03-implementation-strategy.md"]
-        code["04-code-samples.md"]
-        config["05-configuration-reference.md"]
-    end
-
-    subgraph deploy["Deployment & Planning"]
-        phases["06-implementation-phases.md"]
-        backends["07-observability-backends.md"]
-        appendix["08-appendix.md"]
-        poc["POC_taskList.md"]
-    end
-
-    overview --> fundamentals
-    overview --> analysis
-    overview --> impl
-    overview --> deploy
-
-    fund --> arch
-    arch --> design
-    design --> strategy
-    strategy --> code
-    code --> config
-    config --> phases
-    phases --> backends
-    backends --> appendix
-    phases --> poc
-
-    style overview fill:#1b5e20,stroke:#0d3d14,color:#fff,stroke-width:2px
-    style fundamentals fill:#00695c,stroke:#004d40,color:#fff
-    style fund fill:#00695c,stroke:#004d40,color:#fff
-    style analysis fill:#0d47a1,stroke:#082f6a,color:#fff
-    style impl fill:#bf360c,stroke:#8c2809,color:#fff
-    style deploy fill:#4a148c,stroke:#2e0d57,color:#fff
-    style arch fill:#0d47a1,stroke:#082f6a,color:#fff
-    style design fill:#0d47a1,stroke:#082f6a,color:#fff
-    style strategy fill:#bf360c,stroke:#8c2809,color:#fff
-    style code fill:#bf360c,stroke:#8c2809,color:#fff
-    style config fill:#bf360c,stroke:#8c2809,color:#fff
-    style phases fill:#4a148c,stroke:#2e0d57,color:#fff
-    style backends fill:#4a148c,stroke:#2e0d57,color:#fff
-    style appendix fill:#4a148c,stroke:#2e0d57,color:#fff
-    style poc fill:#4a148c,stroke:#2e0d57,color:#fff
-```
-
-</div>
-
----
-
-## Table of Contents
-
-| Section | Document                                                   | Description                                                            |
-| ------- | ---------------------------------------------------------- | ---------------------------------------------------------------------- |
-| **0**   | [Tracing Fundamentals](./00-tracing-fundamentals.md)       | Distributed tracing concepts, span relationships, context propagation  |
-| **1**   | [Architecture Analysis](./01-architecture-analysis.md)     | xrpld component analysis, trace points, instrumentation priorities     |
-| **2**   | [Design Decisions](./02-design-decisions.md)               | SDK selection, exporters, span naming, attributes, context propagation |
-| **3**   | [Implementation Strategy](./03-implementation-strategy.md) | Directory structure, key principles, performance optimization          |
-| **4**   | [Code Samples](./04-code-samples.md)                       | C++ implementation examples for core infrastructure and key modules    |
-| **5**   | [Configuration Reference](./05-configuration-reference.md) | xrpld config, CMake integration, Collector configurations              |
-| **6**   | [Implementation Phases](./06-implementation-phases.md)     | 5-phase timeline, tasks, risks, success metrics                        |
-| **7**   | [Observability Backends](./07-observability-backends.md)   | Backend selection guide and production architecture                    |
-| **8**   | [Appendix](./08-appendix.md)                               | Glossary, references, version history                                  |
-| **POC** | [POC Task List](./POC_taskList.md)                         | Proof of concept tasks for RPC tracing end-to-end demo                 |
-
----
-
-## 0. Tracing Fundamentals
-
-This document introduces distributed tracing concepts for readers unfamiliar with the domain. It covers what traces and spans are, how parent-child and follows-from relationships model causality, how context propagates across service boundaries, and how sampling controls data volume. It also maps these concepts to xrpld-specific scenarios like transaction relay and consensus.
-
-➡️ **[Read Tracing Fundamentals](./00-tracing-fundamentals.md)**
-
----
-
-## 1. Architecture Analysis
-
-> **WS** = WebSocket | **TxQ** = Transaction Queue
-
-The xrpld node consists of several key components that require instrumentation for comprehensive distributed tracing. The main areas include the RPC server (HTTP/WebSocket), Overlay P2P network, Consensus mechanism (RCLConsensus), JobQueue for async task execution, PathFinding, Transaction Queue (TxQ), fee escalation (LoadManager), ledger acquisition, validator management, and existing observability infrastructure (PerfLog, Insight/StatsD, Journal logging).
-
-Key trace points span across transaction submission via RPC, peer-to-peer message propagation, consensus round execution, ledger building, path computation, transaction queue behavior, fee escalation, and validator health. The implementation prioritizes high-value, low-risk components first: RPC handlers provide immediate value with minimal risk, while consensus tracing requires careful implementation to avoid timing impacts.
-
-➡️ **[Read full Architecture Analysis](./01-architecture-analysis.md)**
-
----
-
-## 2. Design Decisions
-
-> **OTLP** = OpenTelemetry Protocol | **CNCF** = Cloud Native Computing Foundation
-
-The OpenTelemetry C++ SDK is selected for its CNCF backing, active development, and native performance characteristics. Traces are exported via OTLP/gRPC (primary) or OTLP/HTTP (fallback) to an OpenTelemetry Collector, which provides flexible routing and sampling.
-
-Span naming follows a hierarchical `<component>.<operation>` convention (e.g., `rpc.submit`, `tx.relay`, `consensus.round`). Context propagation uses W3C Trace Context headers for HTTP and embedded Protocol Buffer fields for P2P messages. The implementation coexists with existing PerfLog and Insight observability systems through correlation IDs.
-
-**Data Collection & Privacy**: Telemetry collects only operational metadata (timing, counts, hashes) — never sensitive content (private keys, balances, amounts, raw payloads). Privacy protection includes account hashing, configurable redaction, sampling, and collector-level filtering. Node operators retain full control over telemetry configuration.
-
-➡️ **[Read full Design Decisions](./02-design-decisions.md)**
-
----
-
-## 3. Implementation Strategy
-
-The telemetry code is organized under `include/xrpl/telemetry/` for headers and `src/libxrpl/telemetry/` for implementation. Key principles include RAII-based span management via `SpanGuard` (with `discard()` for dropping unwanted spans), a `FilteringSpanProcessor` that intercepts `OnEnd()` to prevent discarded spans from entering the export pipeline, conditional compilation with `XRPL_ENABLE_TELEMETRY`, and minimal runtime overhead through batch processing and efficient sampling.
-
-Performance optimization strategies include probabilistic head sampling (10% default), tail-based sampling at the collector for errors and slow traces, batch export to reduce network overhead, and conditional instrumentation that compiles to no-ops when disabled.
-
-➡️ **[Read full Implementation Strategy](./03-implementation-strategy.md)**
-
----
-
-## 4. Code Samples
-
-C++ implementation examples are provided for the core telemetry infrastructure and key modules:
-
-- `Telemetry.h` - Core interface for tracer access and span creation
-- `SpanGuard.h` - RAII wrapper for automatic span lifecycle management with `discard()` support
-- `DiscardFlag.h` - Thread-local flag for span discard signaling between SpanGuard and FilteringSpanProcessor
-- `SpanGuard.cpp` - Pimpl implementation confining all OTel SDK types
-- Protocol Buffer extensions for trace context propagation
-- Module-specific instrumentation (RPC, Consensus, P2P, JobQueue)
-- Remaining modules (PathFinding, TxQ, Validator, etc.) follow the same patterns
-
-➡️ **[View all Code Samples](./04-code-samples.md)**
-
----
-
-## 5. Configuration Reference
-
-> **OTLP** = OpenTelemetry Protocol | **APM** = Application Performance Monitoring
-
-Configuration is handled through the `[telemetry]` section in `xrpld.cfg` with options for enabling/disabling, exporter selection, endpoint configuration, sampling ratios, and component-level filtering. CMake integration includes a `XRPL_ENABLE_TELEMETRY` option for compile-time control.
-
-OpenTelemetry Collector configurations are provided for development and production (with tail-based sampling, Tempo, and Elastic APM). Docker Compose examples enable quick local development environment setup.
-
-➡️ **[View full Configuration Reference](./05-configuration-reference.md)**
-
----
-
-## 6. Implementation Phases
-
-The implementation spans 9 weeks across 5 phases:
-
-| Phase | Duration  | Focus               | Key Deliverables                                    |
-| ----- | --------- | ------------------- | --------------------------------------------------- |
-| 1     | Weeks 1-2 | Core Infrastructure | SDK integration, Telemetry interface, Configuration |
-| 2     | Weeks 3-4 | RPC Tracing         | HTTP context extraction, Handler instrumentation    |
-| 3     | Weeks 5-6 | Transaction Tracing | Protocol Buffer context, Relay propagation          |
-| 4     | Weeks 7-8 | Consensus Tracing   | Round spans, Proposal/validation tracing            |
-| 5     | Week 9    | Documentation       | Runbook, Dashboards, Training                       |
-
-**Total Effort**: 47 person-days (2 developers working in parallel)
-
-➡️ **[View full Implementation Phases](./06-implementation-phases.md)**
-
----
-
-## 7. Observability Backends
-
-> **APM** = Application Performance Monitoring | **GCS** = Google Cloud Storage
-
-Grafana Tempo is recommended for all environments due to its cost-effectiveness and Grafana integration, while Elastic APM is ideal for organizations with existing Elastic infrastructure.
-
-The recommended production architecture uses a gateway collector pattern with regional collectors performing tail-based sampling, routing traces to multiple backends (Tempo for primary storage, Elastic for log correlation, S3/GCS for long-term archive).
-
-➡️ **[View Observability Backend Recommendations](./07-observability-backends.md)**
-
----
-
-## 8. Appendix
-
-The appendix contains a glossary of OpenTelemetry and xrpld-specific terms, references to external documentation and specifications, version history for this implementation plan, and a complete document index.
-
-➡️ **[View Appendix](./08-appendix.md)**
-
----
-
-## POC Task List
-
-A step-by-step task list for building a minimal end-to-end proof of concept that demonstrates distributed tracing in xrpld. The POC scope is limited to RPC tracing — showing request traces flowing from xrpld through an OpenTelemetry Collector into Tempo, viewable in Grafana.
-
-➡️ **[View POC Task List](./POC_taskList.md)**
-
----
-
-_This document provides a comprehensive implementation plan for integrating OpenTelemetry distributed tracing into the xrpld XRP Ledger node software. For detailed information on any section, follow the links to the corresponding sub-documents._

OpenTelemetryPlan/POC_taskList.md

@@ -1,628 +0,0 @@
-# OpenTelemetry POC Task List
-
-> **Goal**: Build a minimal end-to-end proof of concept that demonstrates distributed tracing in xrpld. A successful POC will show RPC request traces flowing from xrpld through an OTel Collector into Tempo, viewable in Grafana.
->
-> **Scope**: RPC tracing only (highest value, lowest risk per the [CRAWL phase](./06-implementation-phases.md#6102-quick-wins-immediate-value) in the implementation phases). No cross-node P2P context propagation or consensus tracing in the POC.
-
-### Related Plan Documents
-
-| Document                                                         | Relevance to POC                                                                                                                                        |
-| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| [00-tracing-fundamentals.md](./00-tracing-fundamentals.md)       | Core concepts: traces, spans, context propagation, sampling                                                                                             |
-| [01-architecture-analysis.md](./01-architecture-analysis.md)     | RPC request flow (§1.5), key trace points (§1.6), instrumentation priority (§1.7)                                                                       |
-| [02-design-decisions.md](./02-design-decisions.md)               | SDK selection (§2.1), exporter config (§2.2), span naming (§2.3), attribute schema (§2.4), coexistence with PerfLog/Insight (§2.6)                      |
-| [03-implementation-strategy.md](./03-implementation-strategy.md) | Directory structure (§3.1), key principles (§3.2), performance overhead (§3.3-3.6), conditional compilation (§3.7.3), code intrusiveness (§3.9)         |
-| [04-code-samples.md](./04-code-samples.md)                       | Telemetry interface (§4.1), SpanGuard factory methods (§4.2-4.3), RPC instrumentation (§4.5.3)                                                          |
-| [05-configuration-reference.md](./05-configuration-reference.md) | xrpld config (§5.1), config parser (§5.2), Application integration (§5.3), CMake (§5.4), Collector config (§5.5), Docker Compose (§5.6), Grafana (§5.8) |
-| [06-implementation-phases.md](./06-implementation-phases.md)     | Phase 1 core tasks (§6.2), Phase 2 RPC tasks (§6.3), quick wins (§6.10), definition of done (§6.11)                                                     |
-| [07-observability-backends.md](./07-observability-backends.md)   | Tempo dev setup (§7.1), Grafana dashboards (§7.6), alert rules (§7.6.3)                                                                                 |
-
----
-
-## Task 0: Docker Observability Stack Setup
-
-> **OTLP** = OpenTelemetry Protocol
-
-**Objective**: Stand up the backend infrastructure to receive, store, and display traces.
-
-**What to do**:
-
-- Create `docker/telemetry/docker-compose.yml` in the repo with three services:
-  1. **OpenTelemetry Collector** (`otel/opentelemetry-collector-contrib:0.92.0`)
-     - Expose ports `4317` (OTLP gRPC) and `4318` (OTLP HTTP)
-     - Expose port `13133` (health check)
-     - Mount a config file `docker/telemetry/otel-collector-config.yaml`
-  2. **Tempo** (`grafana/tempo:2.6.1`)
-     - Expose port `3200` (HTTP API) and `4317` (OTLP gRPC, internal)
-  3. **Grafana** (`grafana/grafana:latest`) — optional but useful
-     - Expose port `3000`
-     - Enable anonymous admin access for local dev (`GF_AUTH_ANONYMOUS_ENABLED=true`, `GF_AUTH_ANONYMOUS_ORG_ROLE=Admin`)
-     - Provision Tempo as a data source via `docker/telemetry/grafana/provisioning/datasources/tempo.yaml`
-
-- Create `docker/telemetry/otel-collector-config.yaml`:
-
-  ```yaml
-  receivers:
-    otlp:
-      protocols:
-        grpc:
-          endpoint: 0.0.0.0:4317
-        http:
-          endpoint: 0.0.0.0:4318
-
-  processors:
-    batch:
-      timeout: 1s
-      send_batch_size: 100
-
-  exporters:
-    logging:
-      verbosity: detailed
-    otlp/tempo:
-      endpoint: tempo:4317
-      tls:
-        insecure: true
-
-  service:
-    pipelines:
-      traces:
-        receivers: [otlp]
-        processors: [batch]
-        exporters: [logging, otlp/tempo]
-  ```
-
-- Create Grafana Tempo datasource provisioning file at `docker/telemetry/grafana/provisioning/datasources/tempo.yaml`:
-  ```yaml
-  apiVersion: 1
-  datasources:
-    - name: Tempo
-      type: tempo
-      access: proxy
-      url: http://tempo:3200
-  ```
-
-**Verification**: Run `docker compose -f docker/telemetry/docker-compose.yml up -d`, then:
-
-- `curl http://localhost:13133` returns healthy (Collector)
-- `http://localhost:3000` opens Grafana (Tempo datasource available, no traces yet)
-
-**Reference**:
-
-- [05-configuration-reference.md §5.5](./05-configuration-reference.md) — Collector config (dev YAML with Tempo exporter)
-- [05-configuration-reference.md §5.6](./05-configuration-reference.md) — Docker Compose development environment
-- [07-observability-backends.md §7.1](./07-observability-backends.md) — Tempo quick start and backend selection
-- [05-configuration-reference.md §5.8](./05-configuration-reference.md) — Grafana datasource provisioning and dashboards
-
----
-
-## Task 1: Add OpenTelemetry C++ SDK Dependency
-
-**Objective**: Make `opentelemetry-cpp` available to the build system.
-
-**What to do**:
-
-- Edit `conanfile.py` to add `opentelemetry-cpp` as an **optional** dependency. The gRPC otel plugin flag (`"grpc/*:otel_plugin": False`) in the existing conanfile may need to remain false — we pull the OTel SDK separately.
-  - Add a Conan option: `with_telemetry = [True, False]` defaulting to `False`
-  - When `with_telemetry` is `True`, add `opentelemetry-cpp` to `self.requires()`
-  - Required OTel Conan components: `opentelemetry-cpp` (which bundles api, sdk, and exporters). If the package isn't in Conan Center, consider using `FetchContent` in CMake or building from source as a fallback.
-- Edit `CMakeLists.txt`:
-  - Add option: `option(XRPL_ENABLE_TELEMETRY "Enable OpenTelemetry tracing" OFF)`
-  - When ON, `find_package(opentelemetry-cpp CONFIG REQUIRED)` and add compile definition `XRPL_ENABLE_TELEMETRY`
-  - When OFF, do nothing (zero build impact)
-- Verify the build succeeds with `-DXRPL_ENABLE_TELEMETRY=OFF` (no regressions) and with `-DXRPL_ENABLE_TELEMETRY=ON` (SDK links successfully).
-
-**Key files**:
-
-- `conanfile.py`
-- `CMakeLists.txt`
-
-**Reference**:
-
-- [05-configuration-reference.md §5.4](./05-configuration-reference.md) — CMake integration, `FindOpenTelemetry.cmake`, `XRPL_ENABLE_TELEMETRY` option
-- [03-implementation-strategy.md §3.2](./03-implementation-strategy.md) — Key principle: zero-cost when disabled via compile-time flags
-- [02-design-decisions.md §2.1](./02-design-decisions.md) — SDK selection rationale and required OTel components
-
----
-
-## Task 2: Create Core Telemetry Interface and NullTelemetry
-
-**Objective**: Define the `Telemetry` abstract interface and a no-op implementation so the rest of the codebase can reference telemetry without hard-depending on the OTel SDK.
-
-**What to do**:
-
-- Create `include/xrpl/telemetry/Telemetry.h`:
-  - Define `namespace xrpl::telemetry`
-  - Define `struct Telemetry::Setup` holding: `enabled`, `exporterEndpoint`, `samplingRatio`, `serviceName`, `serviceVersion`, `serviceInstanceId`, `traceRpc`, `traceTransactions`, `traceConsensus`, `tracePeer`
-  - Define abstract `class Telemetry` with:
-    - `virtual void start() = 0;`
-    - `virtual void stop() = 0;`
-    - `virtual bool isEnabled() const = 0;`
-    - `virtual nostd::shared_ptr<Tracer> getTracer(string_view name = "xrpld") = 0;`
-    - `virtual nostd::shared_ptr<Span> startSpan(string_view name, SpanKind kind = kInternal) = 0;`
-    - `virtual nostd::shared_ptr<Span> startSpan(string_view name, Context const& parentContext, SpanKind kind = kInternal) = 0;`
-    - `virtual bool shouldTraceRpc() const = 0;`
-    - `virtual bool shouldTraceTransactions() const = 0;`
-    - `virtual bool shouldTraceConsensus() const = 0;`
-  - Factory: `std::unique_ptr<Telemetry> makeTelemetry(Setup const&, beast::Journal);`
-  - Config parser: `Telemetry::Setup setupTelemetry(Section const&, std::string const& nodePublicKey, std::string const& version);`
-
-- Create `include/xrpl/telemetry/SpanGuard.h`:
-  - RAII guard with static factory methods (`rpcSpan()`, `txSpan()`, `consensusSpan()`, etc.) that access the global `Telemetry::getInstance()` singleton internally.
-  - Uses pimpl idiom to hide all OTel types -- the public header has zero `opentelemetry/` includes.
-  - Convenience instance methods: `setAttribute()`, `setOk()`, `setStatus()`, `addEvent()`, `recordException()`, `context()`, `discard()`
-  - When `XRPL_ENABLE_TELEMETRY` is not defined, the entire class compiles to a no-op stub.
-  - See [04-code-samples.md](./04-code-samples.md) §4.2-4.3 for the full API reference.
-
-- Create `src/libxrpl/telemetry/NullTelemetry.cpp`:
-  - Implements `Telemetry` with all no-ops.
-  - `isEnabled()` returns `false`, `startSpan()` returns a noop span.
-  - This is used when `XRPL_ENABLE_TELEMETRY` is OFF or `enabled=0` in config.
-
-- Guard all OTel SDK headers behind `#ifdef XRPL_ENABLE_TELEMETRY`. The `NullTelemetry` implementation should compile without the OTel SDK present.
-
-**Key new files**:
-
-- `include/xrpl/telemetry/Telemetry.h`
-- `include/xrpl/telemetry/SpanGuard.h`
-- `src/libxrpl/telemetry/NullTelemetry.cpp`
-
-**Reference**:
-
-- [04-code-samples.md §4.1](./04-code-samples.md) — Full `Telemetry` interface with `Setup` struct, lifecycle, tracer access, span creation, and component filtering methods
-- [04-code-samples.md §4.2-4.3](./04-code-samples.md) — SpanGuard with factory methods, pimpl design, no-op stub, and discard support
-- [03-implementation-strategy.md §3.1](./03-implementation-strategy.md) — Directory structure: `include/xrpl/telemetry/` for headers, `src/libxrpl/telemetry/` for implementation
-- [03-implementation-strategy.md §3.7.3](./03-implementation-strategy.md) — Conditional instrumentation and zero-cost compile-time disabled pattern
-
----
-
-## Task 3: Implement OTel-Backed Telemetry
-
-> **OTLP** = OpenTelemetry Protocol
-
-**Objective**: Implement the real `Telemetry` class that initializes the OTel SDK, configures the OTLP exporter and batch processor, and creates tracers/spans.
-
-**What to do**:
-
-- Create `src/libxrpl/telemetry/Telemetry.cpp` (compiled only when `XRPL_ENABLE_TELEMETRY=ON`):
-  - `class TelemetryImpl : public Telemetry` that:
-    - In `start()`: creates a `TracerProvider` with:
-      - Resource attributes: `service.name`, `service.version`, `service.instance.id`
-      - An `OtlpHttpExporter` pointed at `setup.exporterEndpoint` (default `localhost:4318`)
-      - A `BatchSpanProcessor` with configurable batch size and delay
-      - A `TraceIdRatioBasedSampler` using `setup.samplingRatio`
-    - Sets the global `TracerProvider`
-    - In `stop()`: calls `ForceFlush()` then shuts down the provider
-    - In `startSpan()`: delegates to `getTracer()->StartSpan(name, ...)`
-    - `shouldTraceRpc()` etc. read from `Setup` fields
-
-- Create `src/libxrpl/telemetry/TelemetryConfig.cpp`:
-  - `setupTelemetry()` parses the `[telemetry]` config section from `xrpld.cfg`
-  - Maps config keys: `enabled`, `exporter`, `endpoint`, `sampling_ratio`, `trace_rpc`, `trace_transactions`, `trace_consensus`, `trace_peer`
-
-- Wire `makeTelemetry()` factory:
-  - If `setup.enabled` is true AND `XRPL_ENABLE_TELEMETRY` is defined: return `TelemetryImpl`
-  - Otherwise: return `NullTelemetry`
-
-- Add telemetry source files to CMake. When `XRPL_ENABLE_TELEMETRY=ON`, compile `Telemetry.cpp` and `TelemetryConfig.cpp` and link against `opentelemetry-cpp::api`, `opentelemetry-cpp::sdk`, `opentelemetry-cpp::otlp_grpc_exporter`. When OFF, compile only `NullTelemetry.cpp`.
-
-**Key new files**:
-
-- `src/libxrpl/telemetry/Telemetry.cpp`
-- `src/libxrpl/telemetry/TelemetryConfig.cpp`
-
-**Key modified files**:
-
-- `CMakeLists.txt` (add telemetry library target)
-
-**Reference**:
-
-- [04-code-samples.md §4.1](./04-code-samples.md) — `Telemetry` interface that `TelemetryImpl` must implement
-- [05-configuration-reference.md §5.2](./05-configuration-reference.md) — `setupTelemetry()` config parser implementation
-- [02-design-decisions.md §2.2](./02-design-decisions.md) — OTLP/gRPC exporter config (endpoint, TLS options)
-- [02-design-decisions.md §2.4.1](./02-design-decisions.md) — Resource attributes: `service.name`, `service.version`, `service.instance.id`, `xrpl.network.id`
-- [03-implementation-strategy.md §3.4](./03-implementation-strategy.md) — Per-operation CPU costs and overhead budget for span creation
-- [03-implementation-strategy.md §3.5](./03-implementation-strategy.md) — Memory overhead: static (~456 KB) and dynamic (~1.2 MB) budgets
-
----
-
-## Task 4: Integrate Telemetry into Application Lifecycle
-
-**Objective**: Wire the `Telemetry` object into the `ServiceRegistry` / `Application` so all components can access it.
-
-**What to do**:
-
-- Edit `include/xrpl/core/ServiceRegistry.h`:
-  - Forward-declare `namespace telemetry { class Telemetry; }` inside `namespace xrpl`
-  - Add pure virtual method: `virtual telemetry::Telemetry& getTelemetry() = 0;`
-  - (`Application` extends `ServiceRegistry`, so this is automatically available on `Application` too)
-
-- Edit `src/xrpld/app/main/Application.cpp` (the `ApplicationImp` class):
-  - Add member: `std::unique_ptr<telemetry::Telemetry> telemetry_;`
-  - In the member initializer list, construct telemetry with an empty
-    `serviceInstanceId` (node identity is not yet known):
-    ```cpp
-    , telemetry_(
-          telemetry::makeTelemetry(
-              telemetry::setupTelemetry(
-                  config_->section("telemetry"),
-                  "",  // Updated later via setServiceInstanceId()
-                  BuildInfo::getVersionString()),
-              logs_->journal("Telemetry")))
-    ```
-  - In `setup()`, after `nodeIdentity_` is resolved, inject the node
-    public key as the service instance ID:
-    ```cpp
-    if (!config_->section("telemetry").exists("service_instance_id"))
-        telemetry_->setServiceInstanceId(
-            toBase58(TokenType::NodePublic, nodeIdentity_->first));
-    ```
-  - In `start()`: call `telemetry_->start()`
-  - In `run()` (shutdown path): call `telemetry_->stop()` (to flush pending spans)
-  - Implement `getTelemetry()` override: return `*telemetry_`
-
-- Add `[telemetry]` section to the example config `cfg/xrpld-example.cfg`:
-  ```ini
-  # [telemetry]
-  # enabled=1
-  # endpoint=http://localhost:4318/v1/traces
-  # sampling_ratio=1.0
-  # trace_rpc=1
-  ```
-
-> **Access patterns**: Components holding `ServiceRegistry&` (e.g.
-> `NetworkOPsImp`) call `registry_.get().getTelemetry()`. Components
-> holding `Application&` (e.g. `ServerHandler`, `PeerImp`,
-> `RCLConsensusAdaptor`) call `app_.getTelemetry()` directly. Both
-> resolve to the same `Telemetry` instance.
-
-**Key modified files**:
-
-- `include/xrpl/core/ServiceRegistry.h`
-- `src/xrpld/app/main/Application.cpp`
-- `cfg/xrpld-example.cfg` (example config)
-
-**Reference**:
-
-- [05-configuration-reference.md §5.3](./05-configuration-reference.md) — `ApplicationImp` changes: member declaration, constructor init, `start()`/`stop()` wiring, `getTelemetry()` override
-- [05-configuration-reference.md §5.1](./05-configuration-reference.md) — `[telemetry]` config section format and all option defaults
-- [03-implementation-strategy.md §3.9.2](./03-implementation-strategy.md) — File impact assessment: `Application.cpp` ~15 lines added, ~3 changed (Low risk)
-
----
-
-## Task 5: Add SpanGuard Factory Methods
-
-**Objective**: Add static factory methods to SpanGuard that provide type-safe, one-liner instrumentation and compile to zero-cost no-ops when telemetry is disabled. This replaces the earlier macro-based approach (`TracingInstrumentation.h` has been removed).
-
-**What to do**:
-
-- Update `include/xrpl/telemetry/SpanGuard.h`:
-  - Add static factory methods that access the global `Telemetry::getInstance()` singleton and check the relevant component filter before creating a span:
-
-    ```cpp
-    // Each factory checks the global Telemetry instance internally.
-    // No Telemetry& reference needed at the call site.
-    auto span = telemetry::SpanGuard::rpcSpan("rpc.request");
-    span.setAttribute("command", command);
-    span.setAttribute("rpc_status", status);
-    ```
-
-  - Factory methods: `rpcSpan()`, `txSpan()`, `consensusSpan()`, `peerSpan()`, `ledgerSpan()`, `span()`
-  - Use the pimpl idiom to hide all OTel types from the public header (zero `opentelemetry/` includes)
-  - When `XRPL_ENABLE_TELEMETRY` is NOT defined, the entire class compiles to a no-op stub with empty inline method bodies
-
-- No separate `TracingInstrumentation.h` file is needed. All instrumentation call sites use `#include <xrpl/telemetry/SpanGuard.h>` directly.
-
-**Key modified file**:
-
-- `include/xrpl/telemetry/SpanGuard.h`
-
-**Reference**:
-
-- [04-code-samples.md §4.3](./04-code-samples.md) — SpanGuard API reference: factory methods, usage patterns, compile-time disabled behavior, and discard support
-- [03-implementation-strategy.md §3.7.3](./03-implementation-strategy.md) — Conditional instrumentation pattern: factory methods handle compile-time and runtime checks internally
-- [03-implementation-strategy.md §3.9.7](./03-implementation-strategy.md) — Before/after code examples showing minimal intrusiveness (~1-3 lines per instrumentation point)
-
----
-
-## Task 6: Instrument RPC ServerHandler
-
-> **WS** = WebSocket
-
-**Objective**: Add tracing to the HTTP RPC entry point so every incoming RPC request creates a span.
-
-**What to do**:
-
-- Edit `src/xrpld/rpc/detail/ServerHandler.cpp`:
-  - `#include <xrpl/telemetry/SpanGuard.h>`
-  - In `ServerHandler::onRequest(Session& session)`:
-    - At the top of the method, add: `auto span = telemetry::SpanGuard::rpcSpan("rpc.request");`
-    - After the RPC command name is extracted, set attribute: `span.setAttribute("command", command);`
-    - After the response status is known, set: `span.setAttribute("http.status_code", static_cast<int64_t>(statusCode));`
-    - Wrap error paths with: `span.recordException(e);`
-  - In `ServerHandler::processRequest(...)`:
-    - Add a child span: `auto span = telemetry::SpanGuard::rpcSpan("rpc.process");`
-    - Set method attribute: `span.setAttribute("method", request_method);`
-  - In `ServerHandler::onWSMessage(...)` (WebSocket path):
-    - Add: `auto span = telemetry::SpanGuard::rpcSpan("rpc.ws.message");`
-
-- The goal is to see spans like:
-  ```
-  rpc.request
-    └── rpc.process
-  ```
-  in Tempo/Grafana for every HTTP RPC call.
-
-**Key modified file**:
-
-- `src/xrpld/rpc/detail/ServerHandler.cpp` (~15-25 lines added)
-
-**Reference**:
-
-- [04-code-samples.md §4.5.3](./04-code-samples.md) — Complete `ServerHandler::onRequest()` instrumented code sample using SpanGuard factory methods
-- [01-architecture-analysis.md §1.5](./01-architecture-analysis.md) — RPC request flow diagram: HTTP request -> attributes -> jobqueue.enqueue -> rpc.command -> response
-- [01-architecture-analysis.md §1.6](./01-architecture-analysis.md) — Key trace points table: `rpc.request` in `ServerHandler.cpp::onRequest()` (Priority: High)
-- [02-design-decisions.md §2.3](./02-design-decisions.md) — Span naming convention: `rpc.request`, `rpc.command.*`
-- [02-design-decisions.md §2.4.2](./02-design-decisions.md) — RPC span attributes: `command`, `version`, `rpc_role`, `xrpl.rpc.params`
-- [03-implementation-strategy.md §3.9.2](./03-implementation-strategy.md) — File impact: `ServerHandler.cpp` ~40 lines added, ~10 changed (Low risk)
-
----
-
-## Task 7: Instrument RPC Command Execution
-
-**Objective**: Add per-command tracing inside the RPC handler so each command (e.g., `submit`, `account_info`, `server_info`) gets its own child span.
-
-**What to do**:
-
-- Edit `src/xrpld/rpc/detail/RPCHandler.cpp`:
-  - `#include <xrpl/telemetry/SpanGuard.h>`
-  - In `doCommand(RPC::JsonContext& context, Json::Value& result)`:
-    - At the top: `auto span = telemetry::SpanGuard::rpcSpan("rpc.command." + context.method);`
-    - Set attributes:
-      - `span.setAttribute("command", context.method);`
-      - `span.setAttribute("version", static_cast<int64_t>(context.apiVersion));`
-      - `span.setAttribute("rpc_role", (context.role == Role::ADMIN) ? "admin" : "user");`
-    - On success: `span.setAttribute("rpc_status", "success");`
-    - On error: `span.setAttribute("rpc_status", "error");` and set the error message
-
-- After this, traces in Tempo/Grafana should look like:
-  ```
-  rpc.request  (command=account_info)
-    └── rpc.process
-          └── rpc.command.account_info  (version=2, rpc_role=user, rpc_status=success)
-  ```
-
-**Key modified file**:
-
-- `src/xrpld/rpc/detail/RPCHandler.cpp` (~15-20 lines added)
-
-**Reference**:
-
-- [04-code-samples.md §4.5.3](./04-code-samples.md) — `ServerHandler::onRequest()` code sample (includes child span pattern for `rpc.command.*`)
-- [02-design-decisions.md §2.3](./02-design-decisions.md) — Span naming: `rpc.command.*` pattern with dynamic command name (e.g., `rpc.command.server_info`)
-- [02-design-decisions.md §2.4.2](./02-design-decisions.md) — RPC attribute schema: `command`, `version`, `rpc_role`, `rpc_status`
-- [01-architecture-analysis.md §1.6](./01-architecture-analysis.md) — Key trace points table: `rpc.command.*` in `RPCHandler.cpp::doCommand()` (Priority: High)
-- [02-design-decisions.md §2.6.5](./02-design-decisions.md) — Correlation with PerfLog: how `doCommand()` can link trace_id with existing PerfLog entries
-- [03-implementation-strategy.md §3.4.4](./03-implementation-strategy.md) — RPC request overhead budget: ~1.75 μs total per request
-
----
-
-## Task 8: Build, Run, and Verify End-to-End
-
-> **OTLP** = OpenTelemetry Protocol
-
-**Objective**: Prove the full pipeline works: xrpld emits traces -> OTel Collector receives them -> Tempo stores them for Grafana visualization.
-
-**What to do**:
-
-1. **Start the Docker stack**:
-
-   ```bash
-   docker compose -f docker/telemetry/docker-compose.yml up -d
-   ```
-
-   Verify Collector health: `curl http://localhost:13133`
-
-2. **Build xrpld with telemetry**:
-
-   ```bash
-   # Adjust for your actual build workflow
-   conan install . --build=missing -o with_telemetry=True
-   cmake --preset default -DXRPL_ENABLE_TELEMETRY=ON
-   cmake --build --preset default
-   ```
-
-3. **Configure xrpld**:
-   Add to `xrpld.cfg` (or your local test config):
-
-   ```ini
-   [telemetry]
-   enabled=1
-   endpoint=localhost:4317
-   sampling_ratio=1.0
-   trace_rpc=1
-   ```
-
-4. **Start xrpld** in standalone mode:
-
-   ```bash
-   ./rippled --conf xrpld.cfg -a --start
-   ```
-
-5. **Generate RPC traffic**:
-
-   ```bash
-   # server_info
-   curl -s -X POST http://localhost:5005 \
-       -H "Content-Type: application/json" \
-       -d '{"method":"server_info","params":[{}]}'
-
-   # ledger
-   curl -s -X POST http://localhost:5005 \
-       -H "Content-Type: application/json" \
-       -d '{"method":"ledger","params":[{"ledger_index":"current"}]}'
-
-   # account_info (will error in standalone, that's fine — we trace errors too)
-   curl -s -X POST http://localhost:5005 \
-       -H "Content-Type: application/json" \
-       -d '{"method":"account_info","params":[{"account":"rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh"}]}'
-   ```
-
-6. **Verify in Grafana (Tempo)**:
-   - Open `http://localhost:3000`
-   - Navigate to Explore → select Tempo datasource
-   - Search for service `xrpld`
-   - Confirm you see traces with spans: `rpc.request` -> `rpc.process` -> `rpc.command.server_info`
-   - Click into a trace and verify attributes: `command`, `rpc_status`, `version`
-
-7. **Verify zero-overhead when disabled**:
-   - Rebuild with `XRPL_ENABLE_TELEMETRY=OFF`, or set `enabled=0` in config
-   - Run the same RPC calls
-   - Confirm no new traces appear and no errors in xrpld logs
-
-**Verification Checklist**:
-
-- [ ] Docker stack starts without errors
-- [ ] xrpld builds with `-DXRPL_ENABLE_TELEMETRY=ON`
-- [ ] xrpld starts and connects to OTel Collector (check xrpld logs for telemetry messages)
-- [ ] Traces appear in Grafana/Tempo under service "xrpld"
-- [ ] Span hierarchy is correct (parent-child relationships)
-- [ ] Span attributes are populated (`command`, `rpc_status`, etc.)
-- [ ] Error spans show error status and message
-- [ ] Building with `XRPL_ENABLE_TELEMETRY=OFF` produces no regressions
-- [ ] Setting `enabled=0` at runtime produces no traces and no errors
-
-**Reference**:
-
-- [06-implementation-phases.md §6.11.1](./06-implementation-phases.md) — Phase 1 definition of done: SDK compiles, runtime toggle works, span creation verified in Tempo, config validation passes
-- [06-implementation-phases.md §6.11.2](./06-implementation-phases.md#6112-phase-2-rpc-tracing) — Phase 2 definition of done: 100% RPC coverage, traceparent propagation, <1ms p99 overhead, dashboard deployed
-- [06-implementation-phases.md §6.8](./06-implementation-phases.md) — Success metrics: trace coverage >95%, CPU overhead <3%, memory <5 MB, latency impact <2%
-- [03-implementation-strategy.md §3.9.5](./03-implementation-strategy.md) — Backward compatibility: config optional, protocol unchanged, `XRPL_ENABLE_TELEMETRY=OFF` produces identical binary
-- [01-architecture-analysis.md §1.8](./01-architecture-analysis.md) — Observable outcomes: what traces, metrics, and dashboards to expect
-
----
-
-## Task 9: Document POC Results and Next Steps
-
-> **OTLP** = OpenTelemetry Protocol | **WS** = WebSocket
-
-**Objective**: Capture findings, screenshots, and remaining work for the team.
-
-**What to do**:
-
-- Take screenshots of Grafana/Tempo showing:
-  - The service list with "xrpld"
-  - A trace with the full span tree
-  - Span detail view showing attributes
-- Document any issues encountered (build issues, SDK quirks, missing attributes)
-- Note performance observations (build time impact, any noticeable runtime overhead)
-- Write a short summary of what the POC proves and what it doesn't cover yet:
-  - **Proves**: OTel SDK integrates with xrpld, OTLP export works, RPC traces visible
-  - **Doesn't cover**: Cross-node P2P context propagation, consensus tracing, protobuf trace context, W3C traceparent header extraction, tail-based sampling, production deployment
-- Outline next steps (mapping to the full plan phases):
-  - [Phase 2](./06-implementation-phases.md) completion: [W3C header extraction](./02-design-decisions.md) (§2.5), WebSocket tracing, all [RPC handlers](./01-architecture-analysis.md) (§1.6)
-  - [Phase 3](./06-implementation-phases.md): [Protobuf `TraceContext` message](./04-code-samples.md) (§4.4), [transaction relay tracing](./04-code-samples.md) (§4.5.1) across nodes
-  - [Phase 4](./06-implementation-phases.md): [Consensus round and phase tracing](./04-code-samples.md) (§4.5.2)
-  - [Phase 5](./06-implementation-phases.md): [Production collector config](./05-configuration-reference.md) (§5.5.2), [Grafana dashboards](./07-observability-backends.md) (§7.6), [alerting](./07-observability-backends.md) (§7.6.3)
-
-**Reference**:
-
-- [06-implementation-phases.md §6.1](./06-implementation-phases.md) — Full 5-phase timeline overview and Gantt chart
-- [06-implementation-phases.md §6.10](./06-implementation-phases.md) — Crawl-Walk-Run strategy: POC is the CRAWL phase, next steps are WALK and RUN
-- [06-implementation-phases.md §6.12](./06-implementation-phases.md) — Recommended implementation order (14 steps across 9 weeks)
-- [03-implementation-strategy.md §3.9](./03-implementation-strategy.md) — Code intrusiveness assessment and risk matrix for each remaining component
-- [07-observability-backends.md §7.2](./07-observability-backends.md) — Production backend selection (Tempo, Elastic APM, Honeycomb, Datadog)
-- [02-design-decisions.md §2.5](./02-design-decisions.md) — Context propagation design: W3C HTTP headers, protobuf P2P, JobQueue internal
-- [00-tracing-fundamentals.md](./00-tracing-fundamentals.md) — Reference for team onboarding on distributed tracing concepts
-
----
-
-## Summary
-
-| Task | Description                          | New Files | Modified Files | Depends On |
-| ---- | ------------------------------------ | --------- | -------------- | ---------- |
-| 0    | Docker observability stack           | 4         | 0              | —          |
-| 1    | OTel C++ SDK dependency              | 0         | 2              | —          |
-| 2    | Core Telemetry interface + NullImpl  | 3         | 0              | 1          |
-| 3    | OTel-backed Telemetry implementation | 2         | 1              | 1, 2       |
-| 4    | Application lifecycle integration    | 0         | 3              | 2, 3       |
-| 5    | SpanGuard factory methods            | 0         | 1              | 2          |
-| 6    | Instrument RPC ServerHandler         | 0         | 1              | 4, 5       |
-| 7    | Instrument RPC command execution     | 0         | 1              | 4, 5       |
-| 8    | End-to-end verification              | 0         | 0              | 0-7        |
-| 9    | Document results and next steps      | 1         | 0              | 8          |
-
-**Parallel work**: Tasks 0 and 1 can run in parallel. Tasks 2 and 5 have no dependency on each other. Tasks 6 and 7 can be done in parallel once Tasks 4 and 5 are complete.
-
----
-
-## Next Steps (Post-POC)
-
-> **OTLP** = OpenTelemetry Protocol | **WS** = WebSocket
-
-### Metrics Pipeline for Grafana Dashboards
-
-The current POC exports **traces only**. Grafana's Explore view can query Tempo for individual traces, but time-series charts (latency histograms, request throughput, error rates) require a **metrics pipeline**. To enable this:
-
-1. **Add a `spanmetrics` connector** to the OTel Collector config that derives RED metrics (Rate, Errors, Duration) from trace spans automatically:
-
-   ```yaml
-   connectors:
-     spanmetrics:
-       histogram:
-         explicit:
-           buckets: [1ms, 5ms, 10ms, 25ms, 50ms, 100ms, 250ms, 500ms, 1s, 5s]
-       dimensions:
-         - name: command
-         - name: rpc_status
-
-   exporters:
-     prometheus:
-       endpoint: 0.0.0.0:8889
-
-   service:
-     pipelines:
-       traces:
-         receivers: [otlp]
-         processors: [batch]
-         exporters: [debug, otlp/tempo, spanmetrics]
-       metrics:
-         receivers: [spanmetrics]
-         exporters: [prometheus]
-   ```
-
-2. **Add Prometheus** to the Docker Compose stack to scrape the collector's metrics endpoint.
-
-3. **Add Prometheus as a Grafana datasource** and build dashboards for:
-   - RPC request latency (p50/p95/p99) by command
-   - RPC throughput (requests/sec) by command
-   - Error rate by command
-   - Span duration distribution
-
-### Additional Instrumentation
-
-- **W3C `traceparent` header extraction** in `ServerHandler` to support cross-service context propagation from external callers
-- **WebSocket RPC tracing** in `ServerHandler::onWSMessage()`
-- **Transaction relay tracing** across nodes using protobuf `TraceContext` messages
-- **Consensus round and phase tracing** for validator coordination visibility
-- **Ledger close tracing** to measure close-to-validated latency
-
-### Production Hardening
-
-- **Tail-based sampling** in the OTel Collector to reduce volume while retaining error/slow traces
-- **TLS configuration** for the OTLP exporter in production deployments
-- **Resource limits** on the batch processor queue to prevent unbounded memory growth
-- **Health monitoring** for the telemetry pipeline itself (collector lag, export failures)
-
-### POC Lessons Learned
-
-Issues encountered during POC implementation that inform future work:
-
-| Issue                                                                                              | Resolution                                                                    | Impact on Future Work                                            |
-| -------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------- | ---------------------------------------------------------------- |
-| Conan lockfile rejected `opentelemetry-cpp/1.18.0`                                                 | Used `--lockfile=""` to bypass                                                | Lockfile must be regenerated when adding new dependencies        |
-| Conan package only builds OTLP HTTP exporter, not gRPC                                             | Switched from gRPC to HTTP exporter (`localhost:4318/v1/traces`)              | HTTP exporter is the default; gRPC requires custom Conan profile |
-| CMake target `opentelemetry-cpp::api` etc. don't exist in Conan package                            | Use umbrella target `opentelemetry-cpp::opentelemetry-cpp`                    | Conan targets differ from upstream CMake targets                 |
-| OTel Collector `logging` exporter deprecated                                                       | Renamed to `debug` exporter                                                   | Use `debug` in all collector configs going forward               |
-| Macro parameter `telemetry` collided with `::xrpl::telemetry::` namespace                          | Replaced macros with SpanGuard factory methods (no macros needed)             | Factory methods avoid macro hygiene issues entirely              |
-| `opentelemetry::trace::Scope` creates new context on move                                          | Store scope as member, create once in constructor                             | SpanGuard move semantics need care with Scope lifecycle          |
-| `TracerProviderFactory::Create` returns `unique_ptr<sdk::TracerProvider>`, not `nostd::shared_ptr` | Use `std::shared_ptr` member, wrap in `nostd::shared_ptr` for global provider | OTel SDK factory return types don't match API provider types     |

OpenTelemetryPlan/Phase2_taskList.md

@@ -1,206 +0,0 @@
-# Phase 2: RPC Tracing Completion Task List
-
-> **Goal**: Complete RPC tracing coverage with unit tests, Grafana search filters, PathFind instrumentation, and config hardening. Build on the Phase 1c SpanGuard factory foundation to achieve production-quality RPC observability.
->
-> **Scope**: Unit tests for core telemetry, Grafana Tempo search filters, PathFind RPC tracing, config validation (`std::clamp`).
->
-> **Branch**: `pratik/otel-phase2-rpc-tracing` (from `pratik/otel-phase1c-rpc-integration`)
-
-### Related Plan Documents
-
-| Document                                                     | Relevance                                                     |
-| ------------------------------------------------------------ | ------------------------------------------------------------- |
-| [04-code-samples.md](./04-code-samples.md)                   | TraceContextPropagator (§4.4.2), RPC instrumentation (§4.5.3) |
-| [02-design-decisions.md](./02-design-decisions.md)           | W3C Trace Context (§2.5), span attributes (§2.4.2)            |
-| [06-implementation-phases.md](./06-implementation-phases.md) | Phase 2 tasks (§6.3), definition of done (§6.11.2)            |
-
----
-
-## Task 2.1: W3C Trace Context HTTP Header Extraction
-
-**Status**: DEFERRED → Phase 3
-
-**Reason**: W3C context propagation (`traceparent`/`tracestate` headers) requires a consumer — in Phase 2, RPC spans are entirely local to the node. Phase 3 introduces cross-node transaction tracing via protobuf context propagation, which is the first use case for extracted trace context. Implementing it here without a consumer would be dead code.
-
-**Implemented in**: `pratik/otel-phase3-tx-tracing` — `TraceContextPropagator.h/.cpp`
-
----
-
-## Task 2.2: Per-Category Span Creation
-
-**Status**: COMPLETE (superseded by Phase 1c design)
-
-**Original plan**: Add `XRPL_TRACE_PEER` and `XRPL_TRACE_LEDGER` macros.
-
-**Actual implementation**: Phase 1c replaced all tracing macros with the `SpanGuard::span(TraceCategory, prefix, name)` factory pattern. The `TraceCategory` enum (`Rpc`, `Transactions`, `Consensus`, `Peer`, `Ledger`) serves the same conditional-creation purpose without macros. No separate task needed — the factory already supports all categories.
-
----
-
-## Task 2.3: Add shouldTraceLedger() to Telemetry Interface
-
-**Objective**: The `Setup` struct has a `traceLedger` field but there's no corresponding virtual method. Add it for interface completeness.
-
-**What to do**:
-
-- Edit `include/xrpl/telemetry/Telemetry.h`:
-  - Add `virtual bool shouldTraceLedger() const = 0;`
-
-- Update all implementations:
-  - `src/libxrpl/telemetry/Telemetry.cpp` (TelemetryImpl, NullTelemetryOtel)
-  - `src/libxrpl/telemetry/NullTelemetry.cpp` (NullTelemetry)
-
-**Key modified files**:
-
-- `include/xrpl/telemetry/Telemetry.h`
-- `src/libxrpl/telemetry/Telemetry.cpp`
-- `src/libxrpl/telemetry/NullTelemetry.cpp`
-
----
-
-## Task 2.4: Unit Tests for Core Telemetry Infrastructure
-
-**Status**: COMPLETE
-
-**Objective**: Add unit tests for the core telemetry abstractions to validate correctness and catch regressions.
-
-**Implemented**:
-
-- `src/tests/libxrpl/telemetry/TelemetryConfig.cpp`:
-  - Test Setup defaults (all fields have correct initial values)
-  - Test `setupTelemetry` config parser (empty section, full section, edge cases)
-  - Test `samplingRatio` clamping (values outside 0.0-1.0)
-
-- `src/tests/libxrpl/telemetry/SpanGuardFactory.cpp`:
-  - Test null guard methods are safe (setAttribute, setOk, setError, addEvent on null)
-  - Test category span returns null when telemetry disabled
-  - Test child/linked span null when no parent context
-  - Test move construction transfers ownership
-  - Test recordException safe on null guard
-  - Test discard() safe on null guard
-
-- `src/tests/libxrpl/telemetry/main.cpp` — GTest runner
-- `src/tests/libxrpl/CMakeLists.txt` — test target with optional OTel linking
-
----
-
-## Task 2.5: Enhance RPC Span Attributes
-
-**Status**: DEFERRED (low priority)
-
-**Reason**: The high-value attributes (`command`, `version`, `role`, `status`) are already set by Phase 1c. The remaining HTTP transport-level attributes (`http.method`, `net.peer.ip`, `http.status_code`) provide limited additional insight since:
-
-- `http.method` is always POST for JSON-RPC
-- `net.peer.ip` is debug-level info available in logs
-- `duration_ms` is redundant with span duration (OTel captures start/end time natively)
-
-These can be added later if dashboard queries specifically need them. The node health attributes (Task 2.8) provide far more operational value and were prioritized instead.
-
----
-
-## Task 2.6: Build Verification and Performance Baseline
-
-**Objective**: Verify the build succeeds with and without telemetry, and establish a performance baseline.
-
-**What to do**:
-
-1. Build with `telemetry=ON` and verify no compilation errors
-2. Build with `telemetry=OFF` and verify no regressions
-3. Run existing unit tests to verify no breakage
-4. Document any build issues in lessons.md
-
-**Verification Checklist**:
-
-- [ ] `conan install . --build=missing -o telemetry=True` succeeds
-- [ ] `cmake --preset default -Dtelemetry=ON` configures correctly
-- [ ] Build succeeds with telemetry ON
-- [ ] Build succeeds with telemetry OFF
-- [ ] Existing tests pass with telemetry ON
-- [ ] Existing tests pass with telemetry OFF
-
----
-
-## Task 2.8: RPC Span Attribute Enrichment — Node Health Context
-
-**Status**: DROPPED.
-
-Node health (`amendment_blocked`, `server_state`) is not part of the telemetry surface. Operators consume the same data via the existing `server_info` / `server_state` RPC commands, so duplicating it on traces adds storage and cardinality cost without new value. The OTel C++ SDK 1.18.0 also does not support runtime updates to the resource, ruling out resource-level emission of these dynamic-by-nature flags.
-
----
-
-## Task 2.9: PathFind RPC Instrumentation
-
-**Status**: COMPLETE
-
-**Objective**: Trace the path_find and ripple_path_find RPC handlers to capture request latency and computation cost.
-
-**Spans added**:
-
-- `pathfind.request` — wraps `doPathFind()` and `doRipplePathFind()` RPC handlers
-- `pathfind.compute` — wraps `PathRequest::doUpdate()` (`pathfind_fast` attr)
-- `pathfind.update_all` — wraps `PathRequestManager::updateAll()` on ledger close (`pathfind_ledger_index`, `pathfind_num_requests` attrs; emitted only when active subscriptions exist)
-- `pathfind.discover` — wraps the entire per-source-asset loop in `PathRequest::findPaths()` (`pathfind_search_level`, `pathfind_num_paths` attrs). One span per RPC call instead of N (one per source asset). Trade-off: per-asset breakdown is lost; storage and cardinality bounded.
-
-**Attribute namespacing**: All pathfind attributes use the `pathfind_*` underscore form per the Phase 1c naming-spec rule 5.
-
-**New file**: `src/xrpld/rpc/detail/PathFindSpanNames.h`
-
-**Modified files**:
-
-- `src/xrpld/rpc/handlers/orderbook/PathFind.cpp`
-- `src/xrpld/rpc/handlers/orderbook/RipplePathFind.cpp`
-- `src/xrpld/rpc/detail/PathRequest.cpp`
-- `src/xrpld/rpc/detail/PathRequestManager.cpp`
-- `src/xrpld/rpc/detail/Pathfinder.cpp`
-
----
-
-## Task 2.10: RPC and PathFind Span Attribute Gap Fill
-
-**Status**: COMPLETE
-
-**Objective**: Wire up workflow-identifying attributes that enable filtering and grouping traces by request characteristics without drilling into child spans.
-
-**Attributes added**:
-
-| Span                | Attribute                    | Type   | Source                            |
-| ------------------- | ---------------------------- | ------ | --------------------------------- |
-| `rpc.http_request`  | `request_payload_size`       | int64  | `request.body().size()`           |
-| `rpc.process`       | `is_batch`                   | bool   | `method == "batch"` check         |
-| `rpc.process`       | `batch_size`                 | int64  | `params.size()` (only when batch) |
-| `rpc.ws_message`    | `command`                    | string | `jv[command]` or `jv[method]`     |
-| `rpc.command.*`     | `load_type`                  | string | `context.loadType.label()`        |
-| `pathfind.compute`  | `pathfind_dest_amount`       | string | `saDstAmount_.getFullText()`      |
-| `pathfind.compute`  | `pathfind_dest_currency`     | string | `to_string(saDstAmount_.asset())` |
-| `pathfind.discover` | `pathfind_num_source_assets` | int64  | `sourceAssets.size()`             |
-
-**New attr keys**: `RpcSpanNames.h` (`isBatch`, `batchSize`, `loadType`), `PathFindSpanNames.h` (`destAmount`, `destCurrency`, `numSourceAssets`).
-
-**Modified files**:
-
-- `src/xrpld/rpc/detail/RpcSpanNames.h`
-- `src/xrpld/rpc/detail/PathFindSpanNames.h`
-- `src/xrpld/rpc/detail/ServerHandler.cpp`
-- `src/xrpld/rpc/detail/RPCHandler.cpp`
-- `src/xrpld/rpc/detail/PathRequest.cpp`
-
----
-
-## Summary
-
-| Task | Description                                 | Status              | Notes                                                     |
-| ---- | ------------------------------------------- | ------------------- | --------------------------------------------------------- |
-| 2.1  | W3C Trace Context header extraction         | Deferred → Phase 3  | No consumer in Phase 2; needs cross-node tracing          |
-| 2.2  | Per-category span creation                  | Complete (Phase 1c) | Superseded by TraceCategory enum + SpanGuard              |
-| 2.3  | Add shouldTraceLedger() interface method    | Complete (Phase 1c) | Delivered in Phase 1c base branch                         |
-| 2.4  | Unit tests for core telemetry               | Complete            | TelemetryConfig + SpanGuardFactory tests                  |
-| 2.5  | Enhanced RPC span attributes (HTTP-level)   | Deferred            | Low value; span duration covers timing natively           |
-| 2.6  | Build verification and performance baseline | Complete            | Verified in CI on Phase 1c                                |
-| 2.7  | Grafana Tempo search filters                | Complete            | rpc-command, rpc-status, rpc-role filters                 |
-| 2.8  | RPC span attribute enrichment (node health) | Dropped             | Available via `server_info`/`server_state` RPC            |
-| 2.9  | PathFind RPC instrumentation                | Complete            | request, compute, update_all, discover                    |
-| 2.10 | RPC/PathFind span attribute gap fill        | Complete            | Batch detection, payload size, load cost, pathfind params |
-
-**Delivered in this branch**: Tasks 2.4, 2.7, 2.9, 2.10.
-**Deferred with rationale**: Tasks 2.1 (→Phase 3), 2.5 (low priority).
-**Dropped**: Task 2.8 (node health not duplicated on traces).
-**Superseded**: Task 2.2 (Phase 1c SpanGuard factory covers this).

OpenTelemetryPlan/Phase3_taskList.md

@@ -1,238 +0,0 @@
-# Phase 3: Transaction Tracing Task List
-
-> **Goal**: Trace the full transaction lifecycle from RPC submission through peer relay, including cross-node context propagation via Protocol Buffer extensions. This is the WALK phase that demonstrates true distributed tracing.
->
-> **Scope**: Protocol Buffer `TraceContext` message, context serialization, PeerImp transaction instrumentation, NetworkOPs processing instrumentation, HashRouter visibility, and multi-node relay context propagation.
->
-> **Branch**: `pratik/otel-phase3-tx-tracing` (from `pratik/otel-phase2-rpc-tracing`)
-
-### Related Plan Documents
-
-| Document                                                     | Relevance                                                                                        |
-| ------------------------------------------------------------ | ------------------------------------------------------------------------------------------------ |
-| [04-code-samples.md](./04-code-samples.md)                   | TraceContext protobuf (§4.4.1), PeerImp instrumentation (§4.5.1), context serialization (§4.4.2) |
-| [01-architecture-analysis.md](./01-architecture-analysis.md) | Transaction flow (§1.3), key trace points (§1.6)                                                 |
-| [06-implementation-phases.md](./06-implementation-phases.md) | Phase 3 tasks (§6.4), definition of done (§6.11.3)                                               |
-| [02-design-decisions.md](./02-design-decisions.md)           | Context propagation design (§2.5), attribute schema (§2.4.3)                                     |
-
----
-
-## Task 3.1: Define TraceContext Protocol Buffer Message
-
-**Objective**: Add trace context fields to the P2P protocol messages so trace IDs can propagate across nodes.
-
-**What to do**:
-
-- Edit `include/xrpl/proto/xrpl.proto` (or `src/xrpld/proto/ripple.proto`, wherever the proto is):
-  - Add `TraceContext` message definition:
-    ```protobuf
-    message TraceContext {
-        bytes trace_id = 1;      // 16-byte trace identifier
-        bytes span_id = 2;       // 8-byte span identifier
-        uint32 trace_flags = 3;  // bit 0 = sampled
-        string trace_state = 4;  // W3C tracestate value
-    }
-    ```
-  - Add `optional TraceContext trace_context = 1001;` to:
-    - `TMTransaction`
-    - `TMProposeSet` (for Phase 4 use)
-    - `TMValidation` (for Phase 4 use)
-  - Use high field numbers (1001+) to avoid conflicts with existing fields
-
-- Regenerate protobuf C++ code
-
-**Key modified files**:
-
-- `include/xrpl/proto/xrpl.proto` (or equivalent)
-
-**Reference**:
-
-- [04-code-samples.md §4.4.1](./04-code-samples.md) — TraceContext message definition
-- [02-design-decisions.md §2.5.2](./02-design-decisions.md) — Protocol buffer context propagation design
-
----
-
-## Task 3.2: Implement Protobuf Context Serialization
-
-**Objective**: Create utilities to serialize/deserialize OTel trace context to/from protobuf `TraceContext` messages.
-
-**What to do**:
-
-- Create `include/xrpl/telemetry/TraceContextPropagator.h` (extend from Phase 2 if exists, or add protobuf methods):
-  - Add protobuf-specific methods:
-    - `static Context extractFromProtobuf(protocol::TraceContext const& proto)` — reconstruct OTel context from protobuf fields
-    - `static void injectToProtobuf(Context const& ctx, protocol::TraceContext& proto)` — serialize current span context into protobuf fields
-  - Both methods guard behind `#ifdef XRPL_ENABLE_TELEMETRY`
-
-- Create/extend `src/libxrpl/telemetry/TraceContextPropagator.cpp`:
-  - Implement extraction: read trace_id (16 bytes), span_id (8 bytes), trace_flags from protobuf, construct `SpanContext`, wrap in `Context`
-  - Implement injection: get current span from context, serialize its TraceId, SpanId, and TraceFlags into protobuf fields
-
-**Key new/modified files**:
-
-- `include/xrpl/telemetry/TraceContextPropagator.h`
-- `src/libxrpl/telemetry/TraceContextPropagator.cpp`
-
-**Reference**:
-
-- [04-code-samples.md §4.4.2](./04-code-samples.md) — Full extract/inject implementation
-
----
-
-## Task 3.3: Instrument PeerImp Transaction Handling
-
-**Objective**: Add trace spans to the peer-level transaction receive and relay path.
-
-**What to do**:
-
-- Edit `src/xrpld/overlay/detail/PeerImp.cpp`:
-  - In `onMessage(TMTransaction)` / `handleTransaction()`:
-    - Extract parent trace context from incoming `TMTransaction::trace_context` field (if present)
-    - Create `tx.receive` span as child of extracted context (or new root if none)
-    - Set attributes: `xrpl.tx.hash`, `xrpl.peer.id`, `xrpl.tx.status`
-    - On HashRouter suppression (duplicate): set `xrpl.tx.suppressed=true`, add `tx.duplicate` event
-    - Wrap validation call with child span `tx.validate`
-    - Wrap relay with `tx.relay` span
-  - When relaying to peers:
-    - Inject current trace context into outgoing `TMTransaction::trace_context`
-    - Set `xrpl.tx.relay_count` attribute
-
-- Include `TracingInstrumentation.h` and use `XRPL_TRACE_TX` macro
-
-**Key modified files**:
-
-- `src/xrpld/overlay/detail/PeerImp.cpp`
-
-**Reference**:
-
-- [04-code-samples.md §4.5.1](./04-code-samples.md) — Full PeerImp instrumentation example
-- [01-architecture-analysis.md §1.3](./01-architecture-analysis.md) — Transaction flow diagram
-- [01-architecture-analysis.md §1.6](./01-architecture-analysis.md) — tx.receive trace point
-
----
-
-## Task 3.4: Instrument NetworkOPs Transaction Processing
-
-**Objective**: Trace the transaction processing pipeline in NetworkOPs, covering both sync and async paths.
-
-**What to do**:
-
-- Edit `src/xrpld/app/misc/NetworkOPs.cpp`:
-  - In `processTransaction()`:
-    - Create `tx.process` span
-    - Set attributes: `xrpl.tx.hash`, `xrpl.tx.type`, `xrpl.tx.local` (whether from RPC or peer)
-    - Record whether sync or async path is taken
-
-  - In `doTransactionAsync()`:
-    - Capture parent context before queuing
-    - Create `tx.queue` span with queue depth attribute
-    - Add event when transaction is dequeued for processing
-
-  - In `doTransactionSync()`:
-    - Create `tx.process_sync` span
-    - Record result (applied, queued, rejected)
-
-**Key modified files**:
-
-- `src/xrpld/app/misc/NetworkOPs.cpp`
-
-**Reference**:
-
-- [01-architecture-analysis.md §1.6](./01-architecture-analysis.md) — tx.validate and tx.process trace points
-- [02-design-decisions.md §2.4.3](./02-design-decisions.md) — Transaction attribute schema
-
----
-
-## Task 3.5: Instrument HashRouter for Dedup Visibility
-
-**Objective**: Make transaction deduplication visible in traces by recording HashRouter decisions as span attributes/events.
-
-**What to do**:
-
-- Edit `src/xrpld/overlay/detail/PeerImp.cpp` (in handleTransaction):
-  - After calling `HashRouter::shouldProcess()` or `addSuppressionPeer()`:
-    - Record `xrpl.tx.suppressed` attribute (true/false)
-    - Record `xrpl.tx.flags` showing current HashRouter state (SAVED, TRUSTED, etc.)
-    - Add `tx.first_seen` or `tx.duplicate` event
-
-- This is NOT a modification to HashRouter itself — just recording its decisions as span attributes in the existing PeerImp instrumentation from Task 3.3.
-
-**Key modified files**:
-
-- `src/xrpld/overlay/detail/PeerImp.cpp` (same changes as 3.3, logically grouped)
-
----
-
-## Task 3.6: Context Propagation in Transaction Relay
-
-**Objective**: Ensure trace context flows correctly when transactions are relayed between peers, creating linked spans across nodes.
-
-**What to do**:
-
-- Verify the relay path injects trace context:
-  - When `PeerImp` relays a transaction, the `TMTransaction` message should carry `trace_context`
-  - When a remote peer receives it, the context is extracted and used as parent
-
-- Test context propagation:
-  - Manually verify with 2+ node setup that trace IDs match across nodes
-  - Confirm parent-child span relationships are correct in Tempo
-
-- Handle edge cases:
-  - Missing trace context (older peers): create new root span
-  - Corrupted trace context: log warning, create new root span
-  - Sampled-out traces: respect trace flags
-
-**Key modified files**:
-
-- `src/xrpld/overlay/detail/PeerImp.cpp`
-- `src/xrpld/overlay/detail/OverlayImpl.cpp` (if relay method needs context param)
-
-**Reference**:
-
-- [02-design-decisions.md §2.5](./02-design-decisions.md) — Context propagation design
-- [04-code-samples.md §4.5.1](./04-code-samples.md) — Relay context injection pattern
-
----
-
-## Task 3.7: Build Verification and Testing
-
-**Objective**: Verify all Phase 3 changes compile and work correctly.
-
-**What to do**:
-
-1. Build with `telemetry=ON` — verify no compilation errors
-2. Build with `telemetry=OFF` — verify no regressions
-3. Run existing unit tests
-4. Verify protobuf regeneration produces correct C++ code
-5. Document any issues encountered
-
-**Verification Checklist**:
-
-- [ ] Protobuf changes generate valid C++
-- [ ] Build succeeds with telemetry ON
-- [ ] Build succeeds with telemetry OFF
-- [ ] Existing tests pass
-- [ ] No undefined symbols from new telemetry calls
-
----
-
-## Summary
-
-| Task | Description                         | New Files | Modified Files | Depends On |
-| ---- | ----------------------------------- | --------- | -------------- | ---------- |
-| 3.1  | TraceContext protobuf message       | 0         | 1              | Phase 2    |
-| 3.2  | Protobuf context serialization      | 1-2       | 0              | 3.1        |
-| 3.3  | PeerImp transaction instrumentation | 0         | 1              | 3.2        |
-| 3.4  | NetworkOPs transaction processing   | 0         | 1              | Phase 2    |
-| 3.5  | HashRouter dedup visibility         | 0         | 1              | 3.3        |
-| 3.6  | Relay context propagation           | 0         | 1-2            | 3.3, 3.5   |
-| 3.7  | Build verification and testing      | 0         | 0              | 3.1-3.6    |
-
-**Parallel work**: Tasks 3.1 and 3.4 can start in parallel. Task 3.2 depends on 3.1. Tasks 3.3 and 3.5 depend on 3.2. Task 3.6 depends on 3.3 and 3.5.
-
-**Exit Criteria** (from [06-implementation-phases.md §6.11.3](./06-implementation-phases.md)):
-
-- [ ] Transaction traces span across nodes
-- [ ] Trace context in Protocol Buffer messages
-- [ ] HashRouter deduplication visible in traces
-- [ ] <5% overhead on transaction throughput

OpenTelemetryPlan/Phase4_taskList.md

@@ -1,221 +0,0 @@
-# Phase 4: Consensus Tracing Task List
-
-> **Goal**: Full observability into consensus rounds — track round lifecycle, phase transitions, proposal handling, and validation. This is the RUN phase that completes the distributed tracing story.
->
-> **Scope**: RCLConsensus instrumentation for round starts, phase transitions (open/establish/accept), proposal send/receive, validation handling, and correlation with transaction traces from Phase 3.
->
-> **Branch**: `pratik/otel-phase4-consensus-tracing` (from `pratik/otel-phase3-tx-tracing`)
-
-### Related Plan Documents
-
-| Document                                                     | Relevance                                                   |
-| ------------------------------------------------------------ | ----------------------------------------------------------- |
-| [04-code-samples.md](./04-code-samples.md)                   | Consensus instrumentation (§4.5.2), consensus span patterns |
-| [01-architecture-analysis.md](./01-architecture-analysis.md) | Consensus round flow (§1.4), key trace points (§1.6)        |
-| [06-implementation-phases.md](./06-implementation-phases.md) | Phase 4 tasks (§6.5), definition of done (§6.11.4)          |
-| [02-design-decisions.md](./02-design-decisions.md)           | Consensus attribute schema (§2.4.4)                         |
-
----
-
-## Task 4.1: Instrument Consensus Round Start
-
-**Objective**: Create a root span for each consensus round that captures the round's key parameters.
-
-**What to do**:
-
-- Edit `src/xrpld/app/consensus/RCLConsensus.cpp`:
-  - In `RCLConsensus::startRound()` (or the Adaptor's startRound):
-    - Create `consensus.round` span using `XRPL_TRACE_CONSENSUS` macro
-    - Set attributes:
-      - `xrpl.consensus.ledger.prev` — previous ledger hash
-      - `xrpl.consensus.ledger.seq` — target ledger sequence
-      - `xrpl.consensus.proposers` — number of trusted proposers
-      - `xrpl.consensus.mode` — "proposing" or "observing"
-    - Store the span context for use by child spans in phase transitions
-
-- Add a member to hold current round trace context:
-  - `opentelemetry::context::Context currentRoundContext_` (guarded by `#ifdef`)
-  - Updated at round start, used by phase transition spans
-
-**Key modified files**:
-
-- `src/xrpld/app/consensus/RCLConsensus.cpp`
-- `src/xrpld/app/consensus/RCLConsensus.h` (add context member)
-
-**Reference**:
-
-- [04-code-samples.md §4.5.2](./04-code-samples.md) — startRound instrumentation example
-- [01-architecture-analysis.md §1.4](./01-architecture-analysis.md) — Consensus round flow
-
----
-
-## Task 4.2: Instrument Phase Transitions
-
-**Objective**: Create child spans for each consensus phase (open, establish, accept) to show timing breakdown.
-
-**What to do**:
-
-- Edit `src/xrpld/app/consensus/RCLConsensus.cpp`:
-  - Identify where phase transitions occur (the `Consensus<Adaptor>` template drives this)
-  - For each phase entry:
-    - Create span as child of `currentRoundContext_`: `consensus.phase.open`, `consensus.phase.establish`, `consensus.phase.accept`
-    - Set `xrpl.consensus.phase` attribute
-    - Add `phase.enter` event at start, `phase.exit` event at end
-    - Record phase duration in milliseconds
-
-  - In the `onClose` adaptor method:
-    - Create `consensus.ledger_close` span
-    - Set attributes: close_time, mode, transaction count in initial position
-
-  - Note: The Consensus template class in `include/xrpl/consensus/Consensus.h` drives phase transitions — check if instrumentation goes there or in the Adaptor
-
-**Key modified files**:
-
-- `src/xrpld/app/consensus/RCLConsensus.cpp`
-- Possibly `include/xrpl/consensus/Consensus.h` (for template-level phase tracking)
-
-**Reference**:
-
-- [04-code-samples.md §4.5.2](./04-code-samples.md) — phaseTransition instrumentation
-
----
-
-## Task 4.3: Instrument Proposal Handling
-
-**Objective**: Trace proposal send and receive to show validator coordination.
-
-**What to do**:
-
-- Edit `src/xrpld/app/consensus/RCLConsensus.cpp`:
-  - In `Adaptor::propose()`:
-    - Create `consensus.proposal.send` span
-    - Set attributes: `xrpl.consensus.round` (proposal sequence), proposal hash
-    - Inject trace context into outgoing `TMProposeSet::trace_context` (from Phase 3 protobuf)
-
-  - In `Adaptor::peerProposal()` (or wherever peer proposals are received):
-    - Extract trace context from incoming `TMProposeSet::trace_context`
-    - Create `consensus.proposal.receive` span as child of extracted context
-    - Set attributes: `xrpl.consensus.proposer` (node ID), `xrpl.consensus.round`
-
-  - In `Adaptor::share(RCLCxPeerPos)`:
-    - Create `consensus.proposal.relay` span for relaying peer proposals
-
-**Key modified files**:
-
-- `src/xrpld/app/consensus/RCLConsensus.cpp`
-
-**Reference**:
-
-- [04-code-samples.md §4.5.2](./04-code-samples.md) — peerProposal instrumentation
-- [02-design-decisions.md §2.4.4](./02-design-decisions.md) — Consensus attribute schema
-
----
-
-## Task 4.4: Instrument Validation Handling
-
-**Objective**: Trace validation send and receive to show ledger validation flow.
-
-**What to do**:
-
-- Edit `src/xrpld/app/consensus/RCLConsensus.cpp` (or the validation handler):
-  - When sending our validation:
-    - Create `consensus.validation.send` span
-    - Set attributes: validated ledger hash, sequence, signing time
-
-  - When receiving a peer validation:
-    - Extract trace context from `TMValidation::trace_context` (if present)
-    - Create `consensus.validation.receive` span
-    - Set attributes: `xrpl.consensus.validator` (node ID), ledger hash
-
-**Key modified files**:
-
-- `src/xrpld/app/consensus/RCLConsensus.cpp`
-- `src/xrpld/app/misc/NetworkOPs.cpp` (if validation handling is here)
-
----
-
-## Task 4.5: Add Consensus-Specific Attributes
-
-**Objective**: Enrich consensus spans with detailed attributes for debugging and analysis.
-
-**What to do**:
-
-- Review all consensus spans and ensure they include:
-  - `xrpl.consensus.ledger.seq` — target ledger sequence number
-  - `xrpl.consensus.round` — consensus round number
-  - `xrpl.consensus.mode` — proposing/observing/wrongLedger
-  - `xrpl.consensus.phase` — current phase name
-  - `xrpl.consensus.phase_duration_ms` — time spent in phase
-  - `xrpl.consensus.proposers` — number of trusted proposers
-  - `xrpl.consensus.tx_count` — transactions in proposed set
-  - `xrpl.consensus.disputes` — number of disputed transactions
-  - `xrpl.consensus.converge_percent` — convergence percentage
-
-**Key modified files**:
-
-- `src/xrpld/app/consensus/RCLConsensus.cpp`
-
----
-
-## Task 4.6: Correlate Transaction and Consensus Traces
-
-**Objective**: Link transaction traces from Phase 3 with consensus traces so you can follow a transaction from submission through consensus into the ledger.
-
-**What to do**:
-
-- In `onClose()` or `onAccept()`:
-  - When building the consensus position, link the round span to individual transaction spans using span links (if OTel SDK supports it) or events
-  - At minimum, record the transaction hashes included in the consensus set as span events: `tx.included` with `xrpl.tx.hash` attribute
-
-- In `processTransactionSet()` (NetworkOPs):
-  - If the consensus round span context is available, create child spans for each transaction applied to the ledger
-
-**Key modified files**:
-
-- `src/xrpld/app/consensus/RCLConsensus.cpp`
-- `src/xrpld/app/misc/NetworkOPs.cpp`
-
----
-
-## Task 4.7: Build Verification and Testing
-
-**Objective**: Verify all Phase 4 changes compile and don't affect consensus timing.
-
-**What to do**:
-
-1. Build with `telemetry=ON` — verify no compilation errors
-2. Build with `telemetry=OFF` — verify no regressions (critical for consensus code)
-3. Run existing consensus-related unit tests
-4. Verify that all macros expand to no-ops when disabled
-5. Check that no consensus-critical code paths are affected by instrumentation overhead
-
-**Verification Checklist**:
-
-- [ ] Build succeeds with telemetry ON
-- [ ] Build succeeds with telemetry OFF
-- [ ] Existing consensus tests pass
-- [ ] No new includes in consensus headers when telemetry is OFF
-- [ ] Phase timing instrumentation doesn't use blocking operations
-
----
-
-## Summary
-
-| Task | Description                           | New Files | Modified Files | Depends On    |
-| ---- | ------------------------------------- | --------- | -------------- | ------------- |
-| 4.1  | Consensus round start instrumentation | 0         | 2              | Phase 3       |
-| 4.2  | Phase transition instrumentation      | 0         | 1-2            | 4.1           |
-| 4.3  | Proposal handling instrumentation     | 0         | 1              | 4.1           |
-| 4.4  | Validation handling instrumentation   | 0         | 1-2            | 4.1           |
-| 4.5  | Consensus-specific attributes         | 0         | 1              | 4.2, 4.3, 4.4 |
-| 4.6  | Transaction-consensus correlation     | 0         | 2              | 4.2, Phase 3  |
-| 4.7  | Build verification and testing        | 0         | 0              | 4.1-4.6       |
-
-**Parallel work**: Tasks 4.2, 4.3, and 4.4 can run in parallel after 4.1 is complete. Task 4.5 depends on all three. Task 4.6 depends on 4.2 and Phase 3.
-
-**Exit Criteria** (from [06-implementation-phases.md §6.11.4](./06-implementation-phases.md)):
-
-- [ ] Complete consensus round traces
-- [ ] Phase transitions visible
-- [ ] Proposals and validations traced
-- [ ] No impact on consensus timing

OpenTelemetryPlan/Phase5_taskList.md

@@ -1,241 +0,0 @@
-# Phase 5: Documentation & Deployment Task List
-
-> **Goal**: Production readiness — Grafana dashboards, spanmetrics pipeline, operator runbook, alert definitions, and final integration testing. This phase ensures the telemetry system is useful and maintainable in production.
->
-> **Scope**: Grafana dashboard definitions, OTel Collector spanmetrics connector, Prometheus integration, alert rules, operator documentation, and production-ready Docker Compose stack.
->
-> **Branch**: `pratik/otel-phase5-docs-deployment` (from `pratik/otel-phase4-consensus-tracing`)
-
-### Related Plan Documents
-
-| Document                                                         | Relevance                                                                  |
-| ---------------------------------------------------------------- | -------------------------------------------------------------------------- |
-| [07-observability-backends.md](./07-observability-backends.md)   | Tempo setup (§7.1), Grafana dashboards (§7.6), alerts (§7.6.3)             |
-| [05-configuration-reference.md](./05-configuration-reference.md) | Collector config (§5.5), production config (§5.5.2), Docker Compose (§5.6) |
-| [06-implementation-phases.md](./06-implementation-phases.md)     | Phase 5 tasks (§6.6), definition of done (§6.11.5)                         |
-
----
-
-## Task 5.1: Add Spanmetrics Connector to OTel Collector
-
-**Objective**: Derive RED metrics (Rate, Errors, Duration) from trace spans automatically, enabling Grafana time-series dashboards.
-
-**What to do**:
-
-- Edit `docker/telemetry/otel-collector-config.yaml`:
-  - Add `spanmetrics` connector:
-    ```yaml
-    connectors:
-      spanmetrics:
-        histogram:
-          explicit:
-            buckets: [1ms, 5ms, 10ms, 25ms, 50ms, 100ms, 250ms, 500ms, 1s, 5s]
-        dimensions:
-          - name: xrpl.rpc.command
-          - name: xrpl.rpc.status
-          - name: xrpl.consensus.phase
-          - name: xrpl.tx.type
-    ```
-  - Add `prometheus` exporter:
-    ```yaml
-    exporters:
-      prometheus:
-        endpoint: 0.0.0.0:8889
-    ```
-  - Wire the pipeline:
-    ```yaml
-    service:
-      pipelines:
-        traces:
-          receivers: [otlp]
-          processors: [batch]
-          exporters: [debug, otlp/tempo, spanmetrics]
-        metrics:
-          receivers: [spanmetrics]
-          exporters: [prometheus]
-    ```
-
-- Edit `docker/telemetry/docker-compose.yml`:
-  - Expose port `8889` on the collector for Prometheus scraping
-  - Add Prometheus service
-  - Add Prometheus as Grafana datasource
-
-**Key modified files**:
-
-- `docker/telemetry/otel-collector-config.yaml`
-- `docker/telemetry/docker-compose.yml`
-
-**Key new files**:
-
-- `docker/telemetry/prometheus.yml` (Prometheus scrape config)
-- `docker/telemetry/grafana/provisioning/datasources/prometheus.yaml`
-
-**Reference**:
-
-- [POC_taskList.md §Next Steps](./POC_taskList.md) — Metrics pipeline for Grafana dashboards
-
----
-
-## Task 5.2: Create Grafana Dashboards
-
-**Objective**: Provide pre-built Grafana dashboards for RPC performance, transaction lifecycle, and consensus health.
-
-**What to do**:
-
-- Create `docker/telemetry/grafana/provisioning/dashboards/dashboards.yaml` (provisioning config)
-- Create dashboard JSON files:
-  1. **RPC Performance Dashboard** (`rpc-performance.json`):
-     - RPC request latency (p50/p95/p99) by command — histogram panel
-     - RPC throughput (requests/sec) by command — time series
-     - RPC error rate by command — bar gauge
-     - Top slowest RPC commands — table
-
-  2. **Transaction Overview Dashboard** (`transaction-overview.json`):
-     - Transaction processing rate — time series
-     - Transaction latency distribution — histogram
-     - Suppression rate (duplicates) — stat panel
-     - Transaction processing path (sync vs async) — pie chart
-
-  3. **Consensus Health Dashboard** (`consensus-health.json`):
-     - Consensus round duration — time series
-     - Phase duration breakdown (open/establish/accept) — stacked bar
-     - Proposals sent/received per round — stat panel
-     - Consensus mode distribution (proposing/observing) — pie chart
-
-- Store dashboards in `docker/telemetry/grafana/dashboards/`
-
-**Key new files**:
-
-- `docker/telemetry/grafana/provisioning/dashboards/dashboards.yaml`
-- `docker/telemetry/grafana/dashboards/rpc-performance.json`
-- `docker/telemetry/grafana/dashboards/transaction-overview.json`
-- `docker/telemetry/grafana/dashboards/consensus-health.json`
-
-**Reference**:
-
-- [07-observability-backends.md §7.6](./07-observability-backends.md) — Grafana dashboard specifications
-- [01-architecture-analysis.md §1.8.3](./01-architecture-analysis.md) — Dashboard panel examples
-
----
-
-## Task 5.3: Define Alert Rules
-
-**Objective**: Create alert definitions for key telemetry anomalies.
-
-**What to do**:
-
-- Create `docker/telemetry/grafana/provisioning/alerting/alerts.yaml`:
-  - **RPC Latency Alert**: p99 latency > 1s for any command over 5 minutes
-  - **RPC Error Rate Alert**: Error rate > 5% for any command over 5 minutes
-  - **Consensus Duration Alert**: Round duration > 10s (warn), > 30s (critical)
-  - **Transaction Processing Alert**: Processing rate drops below threshold
-  - **Telemetry Pipeline Health**: No spans received for > 2 minutes
-
-**Key new files**:
-
-- `docker/telemetry/grafana/provisioning/alerting/alerts.yaml`
-
-**Reference**:
-
-- [07-observability-backends.md §7.6.3](./07-observability-backends.md) — Alert rule definitions
-
----
-
-## Task 5.4: Production Collector Configuration
-
-**Objective**: Create a production-ready OTel Collector configuration with tail-based sampling and resource limits.
-
-**What to do**:
-
-- Create `docker/telemetry/otel-collector-config-production.yaml`:
-  - Tail-based sampling policy:
-    - Always sample errors and slow traces
-    - 10% base sampling rate for normal traces
-    - Always sample first trace for each unique RPC command
-  - Resource limits:
-    - Memory limiter processor (80% of available memory)
-    - Queued retry for export failures
-  - TLS configuration for production endpoints
-  - Health check endpoint
-
-**Key new files**:
-
-- `docker/telemetry/otel-collector-config-production.yaml`
-
-**Reference**:
-
-- [05-configuration-reference.md §5.5.2](./05-configuration-reference.md) — Production collector config
-
----
-
-## Task 5.5: Operator Runbook
-
-**Objective**: Create operator documentation for managing the telemetry system in production.
-
-**What to do**:
-
-- Create `docs/telemetry-runbook.md`:
-  - **Setup**: How to enable telemetry in xrpld
-  - **Configuration**: All config options with descriptions
-  - **Collector Deployment**: Docker Compose vs. Kubernetes vs. bare metal
-  - **Troubleshooting**: Common issues and resolutions
-    - No traces appearing
-    - High memory usage from telemetry
-    - Collector connection failures
-    - Sampling configuration tuning
-  - **Performance Tuning**: Batch size, queue size, sampling ratio guidelines
-  - **Upgrading**: How to upgrade OTel SDK and Collector versions
-
-**Key new files**:
-
-- `docs/telemetry-runbook.md`
-
----
-
-## Task 5.6: Final Integration Testing
-
-**Objective**: Validate the complete telemetry stack end-to-end.
-
-**What to do**:
-
-1. Start full Docker stack (Collector, Tempo, Grafana, Prometheus)
-2. Build xrpld with `telemetry=ON`
-3. Run in standalone mode with telemetry enabled
-4. Generate RPC traffic and verify traces in Tempo
-5. Verify dashboards populate in Grafana
-6. Verify alerts trigger correctly
-7. Test telemetry OFF path (no regressions)
-8. Run full test suite
-
-**Verification Checklist**:
-
-- [ ] Docker stack starts without errors
-- [ ] Traces appear in Tempo with correct hierarchy
-- [ ] Grafana dashboards show metrics derived from spans
-- [ ] Prometheus scrapes spanmetrics successfully
-- [ ] Alerts can be triggered by simulated conditions
-- [ ] Build succeeds with telemetry ON and OFF
-- [ ] Full test suite passes
-
----
-
-## Summary
-
-| Task | Description                        | New Files | Modified Files | Depends On |
-| ---- | ---------------------------------- | --------- | -------------- | ---------- |
-| 5.1  | Spanmetrics connector + Prometheus | 2         | 2              | Phase 4    |
-| 5.2  | Grafana dashboards                 | 4         | 0              | 5.1        |
-| 5.3  | Alert definitions                  | 1         | 0              | 5.1        |
-| 5.4  | Production collector config        | 1         | 0              | Phase 4    |
-| 5.5  | Operator runbook                   | 1         | 0              | Phase 4    |
-| 5.6  | Final integration testing          | 0         | 0              | 5.1-5.5    |
-
-**Parallel work**: Tasks 5.1, 5.4, and 5.5 can run in parallel. Tasks 5.2 and 5.3 depend on 5.1. Task 5.6 depends on all others.
-
-**Exit Criteria** (from [06-implementation-phases.md §6.11.5](./06-implementation-phases.md)):
-
-- [ ] Dashboards deployed and showing data
-- [ ] Alerts configured and tested
-- [ ] Operator documentation complete
-- [ ] Production collector config ready
-- [ ] Full test suite passes

OpenTelemetryPlan/presentation.md

@@ -1,673 +0,0 @@
-# OpenTelemetry Distributed Tracing for xrpld
-
----
-
-## Slide 1: Introduction
-
-> **CNCF** = Cloud Native Computing Foundation
-
-### What is OpenTelemetry?
-
-OpenTelemetry is an open-source, CNCF-backed observability framework for distributed tracing, metrics, and logs.
-
-### Why OpenTelemetry for xrpld?
-
-- **End-to-End Transaction Visibility**: Track transactions from submission → consensus → ledger inclusion
-- **Cross-Node Correlation**: Follow requests across multiple independent nodes using a unique `trace_id`
-- **Consensus Round Analysis**: Understand timing and behavior across validators
-- **Incident Debugging**: Correlate events across distributed nodes during issues
-
-```mermaid
-flowchart LR
-    A["Node A<br/>tx.receive<br/>trace_id: abc123"] --> B["Node B<br/>tx.relay<br/>trace_id: abc123"] --> C["Node C<br/>tx.validate<br/>trace_id: abc123"] --> D["Node D<br/>ledger.apply<br/>trace_id: abc123"]
-
-    style A fill:#1565c0,stroke:#0d47a1,color:#fff
-    style B fill:#2e7d32,stroke:#1b5e20,color:#fff
-    style C fill:#2e7d32,stroke:#1b5e20,color:#fff
-    style D fill:#e65100,stroke:#bf360c,color:#fff
-```
-
-**Reading the diagram:**
-
-- **Node A (blue, leftmost)**: The originating node that first receives the transaction and assigns a new `trace_id: abc123`; this ID becomes the correlation key for the entire distributed trace.
-- **Node B and Node C (green, middle)**: Relay and validation nodes — each creates its own span but carries the same `trace_id`, so their work is linked to the original submission without any central coordinator.
-- **Node D (orange, rightmost)**: The final node that applies the transaction to the ledger; the trace now spans the full lifecycle from submission to ledger inclusion.
-- **Left-to-right flow**: The horizontal progression shows the real-world message path — a transaction hops from node to node, and the shared `trace_id` stitches all hops into a single queryable trace.
-
-> **Trace ID: abc123** — All nodes share the same trace, enabling cross-node correlation.
-
----
-
-## Slide 2: OpenTelemetry vs Open Source Alternatives
-
-> **CNCF** = Cloud Native Computing Foundation
-
-| Feature             | OpenTelemetry    | Jaeger           | Zipkin             | SkyWalking | Pinpoint   | Prometheus |
-| ------------------- | ---------------- | ---------------- | ------------------ | ---------- | ---------- | ---------- |
-| **Tracing**         | YES              | YES              | YES                | YES        | YES        | NO         |
-| **Metrics**         | YES              | NO               | NO                 | YES        | YES        | YES        |
-| **Logs**            | YES              | NO               | NO                 | YES        | NO         | NO         |
-| **C++ SDK**         | YES Official     | YES (Deprecated) | YES (Unmaintained) | NO         | NO         | YES        |
-| **Vendor Neutral**  | YES Primary goal | NO               | NO                 | NO         | NO         | NO         |
-| **Instrumentation** | Manual + Auto    | Manual           | Manual             | Auto-first | Auto-first | Manual     |
-| **Backend**         | Any (exporters)  | Self             | Self               | Self       | Self       | Self       |
-| **CNCF Status**     | Incubating       | Graduated        | NO                 | Incubating | NO         | Graduated  |
-
-> **Why OpenTelemetry?** It's the only actively maintained, full-featured C++ option with vendor neutrality — allowing export to Tempo, Prometheus, Grafana, or any commercial backend without changing instrumentation.
-
----
-
-## Slide 3: Adoption Scope — Traces Only (Current Plan)
-
-OpenTelemetry supports three signal types: **Traces**, **Metrics**, and **Logs**. xrpld already captures metrics (StatsD via Beast Insight) and logs (Journal/PerfLog). The question is: how much of OTel do we adopt?
-
-> **Scenario A**: Add distributed tracing. Keep StatsD for metrics and Journal for logs.
-
-```mermaid
-flowchart LR
-    subgraph xrpld["xrpld Process"]
-        direction TB
-        OTel["OTel SDK<br/>(Traces)"]
-        Insight["Beast Insight<br/>(StatsD Metrics)"]
-        Journal["Journal + PerfLog<br/>(Logging)"]
-    end
-
-    OTel -->|"OTLP"| Collector["OTel Collector"]
-    Insight -->|"UDP"| StatsD["StatsD Server"]
-    Journal -->|"File I/O"| LogFile["perf.log / debug.log"]
-
-    Collector --> Tempo["Tempo"]
-    StatsD --> Graphite["Graphite / Grafana"]
-    LogFile --> Loki["Loki (optional)"]
-
-    style xrpld fill:#424242,stroke:#212121,color:#fff
-    style OTel fill:#2e7d32,stroke:#1b5e20,color:#fff
-    style Insight fill:#1565c0,stroke:#0d47a1,color:#fff
-    style Journal fill:#e65100,stroke:#bf360c,color:#fff
-    style Collector fill:#2e7d32,stroke:#1b5e20,color:#fff
-```
-
-| Aspect                         | Details                                                                                                         |
-| ------------------------------ | --------------------------------------------------------------------------------------------------------------- |
-| **What changes for operators** | Deploy OTel Collector + trace backend. Existing StatsD and log pipelines stay as-is.                            |
-| **Codebase impact**            | New `Telemetry` module (~1500 LOC). Beast Insight and Journal untouched.                                        |
-| **New capabilities**           | Cross-node trace correlation, span-based debugging, request lifecycle visibility.                               |
-| **What we still can't do**     | Correlate metrics with specific traces natively. StatsD metrics remain fire-and-forget with no trace exemplars. |
-| **Maintenance burden**         | Three separate observability systems to maintain (OTel + StatsD + Journal).                                     |
-| **Risk**                       | Lowest — additive change, no existing systems disturbed.                                                        |
-
----
-
-## Slide 4: Future Adoption — Metrics & Logs via OTel
-
-### Scenario B: + OTel Metrics (Replace StatsD)
-
-> Migrate StatsD to OTel Metrics API, exposing Prometheus-compatible metrics. Remove Beast Insight.
-
-```mermaid
-flowchart LR
-    subgraph xrpld["xrpld Process"]
-        direction TB
-        OTel["OTel SDK<br/>(Traces + Metrics)"]
-        Journal["Journal + PerfLog<br/>(Logging)"]
-    end
-
-    OTel -->|"OTLP"| Collector["OTel Collector"]
-    Journal -->|"File I/O"| LogFile["perf.log / debug.log"]
-
-    Collector --> Tempo["Tempo<br/>(Traces)"]
-    Collector --> Prom["Prometheus<br/>(Metrics)"]
-    LogFile --> Loki["Loki (optional)"]
-
-    style xrpld fill:#424242,stroke:#212121,color:#fff
-    style OTel fill:#2e7d32,stroke:#1b5e20,color:#fff
-    style Journal fill:#e65100,stroke:#bf360c,color:#fff
-    style Collector fill:#2e7d32,stroke:#1b5e20,color:#fff
-```
-
-- **Better metrics?** Yes — Prometheus gives native histograms (p50/p95/p99), multi-dimensional labels, and exemplars linking metric spikes to traces.
-- **Codebase**: Remove `Beast::Insight` + `StatsDCollector` (~2000 LOC). Single SDK for traces and metrics.
-- **Operator effort**: Rewrite dashboards from StatsD/Graphite queries to PromQL. Run both in parallel during transition.
-- **Risk**: Medium — operators must migrate monitoring infrastructure.
-
-### Scenario C: + OTel Logs (Full Stack)
-
-> Also replace Journal logging with OTel Logs API. Single SDK for everything.
-
-```mermaid
-flowchart LR
-    subgraph xrpld["xrpld Process"]
-        OTel["OTel SDK<br/>(Traces + Metrics + Logs)"]
-    end
-
-    OTel -->|"OTLP"| Collector["OTel Collector"]
-
-    Collector --> Tempo["Tempo<br/>(Traces)"]
-    Collector --> Prom["Prometheus<br/>(Metrics)"]
-    Collector --> Loki["Loki / Elastic<br/>(Logs)"]
-
-    style xrpld fill:#424242,stroke:#212121,color:#fff
-    style OTel fill:#2e7d32,stroke:#1b5e20,color:#fff
-    style Collector fill:#2e7d32,stroke:#1b5e20,color:#fff
-```
-
-- **Structured logging**: OTel Logs API outputs structured records with `trace_id`, `span_id`, severity, and attributes by design.
-- **Full correlation**: Every log line carries `trace_id`. Click trace → see logs. Click metric spike → see trace → see logs.
-- **Codebase**: Remove Beast Insight (~2000 LOC) + simplify Journal/PerfLog (~3000 LOC). One dependency instead of three.
-- **Risk**: Highest — `beast::Journal` is deeply embedded in every component. Large refactor. OTel C++ Logs API is newer (stable since v1.11, less battle-tested).
-
-### Recommendation
-
-```mermaid
-flowchart LR
-    A["Phase 1<br/><b>Traces Only</b><br/>(Current Plan)"] --> B["Phase 2<br/><b>+ Metrics</b><br/>(Replace StatsD)"] --> C["Phase 3<br/><b>+ Logs</b><br/>(Full OTel)"]
-
-    style A fill:#2e7d32,stroke:#1b5e20,color:#fff
-    style B fill:#1565c0,stroke:#0d47a1,color:#fff
-    style C fill:#e65100,stroke:#bf360c,color:#fff
-```
-
-| Phase                | Signal    | Strategy                                                       | Risk   |
-| -------------------- | --------- | -------------------------------------------------------------- | ------ |
-| **Phase 1** (now)    | Traces    | Add OTel traces. Keep StatsD and Journal. Prove value.         | Low    |
-| **Phase 2** (future) | + Metrics | Migrate StatsD → Prometheus via OTel. Remove Beast Insight.    | Medium |
-| **Phase 3** (future) | + Logs    | Adopt OTel Logs API. Align with structured logging initiative. | High   |
-
-> **Key Takeaway**: Start with traces (unique value, lowest risk), then incrementally adopt metrics and logs as the OTel infrastructure proves itself.
-
----
-
-## Slide 5: Comparison with xrpld's Existing Solutions
-
-### Current Observability Stack
-
-| Aspect                | PerfLog (JSON)        | StatsD (Metrics)      | OpenTelemetry (NEW)         |
-| --------------------- | --------------------- | --------------------- | --------------------------- |
-| **Type**              | Logging               | Metrics               | Distributed Tracing         |
-| **Scope**             | Single node           | Single node           | **Cross-node**              |
-| **Data**              | JSON log entries      | Counters, gauges      | Spans with context          |
-| **Correlation**       | By timestamp          | By metric name        | By `trace_id`               |
-| **Overhead**          | Low (file I/O)        | Low (UDP)             | Low-Medium (configurable)   |
-| **Question Answered** | "What happened here?" | "How many? How fast?" | **"What was the journey?"** |
-
-### Use Case Matrix
-
-| Scenario                         | PerfLog | StatsD | OpenTelemetry |
-| -------------------------------- | ------- | ------ | ------------- |
-| "How many TXs per second?"       | ❌      | ✅     | ❌            |
-| "Why was this specific TX slow?" | ⚠️      | ❌     | ✅            |
-| "Which node delayed consensus?"  | ❌      | ❌     | ✅            |
-| "Show TX journey across 5 nodes" | ❌      | ❌     | ✅            |
-
-> **Key Insight**: In the **traces-only** approach (Phase 1), OpenTelemetry **complements** existing systems. In future phases, OTel metrics and logs could **replace** StatsD and Journal respectively — see Slides 3-4 for the full adoption roadmap.
-
----
-
-## Slide 6: Architecture
-
-> **OTLP** = OpenTelemetry Protocol | **WS** = WebSocket
-
-### High-Level Integration Architecture
-
-```mermaid
-flowchart TB
-    subgraph xrpld["xrpld Node"]
-        subgraph services["Core Services"]
-            direction LR
-            RPC["RPC Server<br/>(HTTP/WS)"] ~~~ Overlay["Overlay<br/>(P2P Network)"] ~~~ Consensus["Consensus<br/>(RCLConsensus)"]
-        end
-
-        Telemetry["Telemetry Module<br/>(OpenTelemetry SDK)"]
-
-        services --> Telemetry
-    end
-
-    Telemetry -->|OTLP/gRPC| Collector["OTel Collector"]
-
-    Collector --> Tempo["Grafana Tempo"]
-    Collector --> Elastic["Elastic APM"]
-
-    style xrpld fill:#424242,stroke:#212121,color:#fff
-    style services fill:#1565c0,stroke:#0d47a1,color:#fff
-    style Telemetry fill:#2e7d32,stroke:#1b5e20,color:#fff
-    style Collector fill:#e65100,stroke:#bf360c,color:#fff
-```
-
-**Reading the diagram:**
-
-- **Core Services (blue, top)**: RPC Server, Overlay, and Consensus are the three primary components that generate trace data — they represent the entry points for client requests, peer messages, and consensus rounds respectively.
-- **Telemetry Module (green, middle)**: The OpenTelemetry SDK sits below the core services and receives span data from all three; it acts as a single collection point within the xrpld process.
-- **OTel Collector (orange, center)**: An external process that receives spans over OTLP/gRPC from the Telemetry Module; it decouples xrpld from backend choices and handles batching, sampling, and routing.
-- **Backends (bottom row)**: Tempo and Elastic APM are interchangeable — the Collector fans out to any combination, so operators can switch backends without modifying xrpld code.
-- **Top-to-bottom flow**: Data flows from instrumented code down through the SDK, out over the network to the Collector, and finally into storage/visualization backends.
-
-### Context Propagation
-
-```mermaid
-sequenceDiagram
-    participant Client
-    participant NodeA as Node A
-    participant NodeB as Node B
-
-    Client->>NodeA: Submit TX (no context)
-    Note over NodeA: Creates trace_id: abc123<br/>span: tx.receive
-    NodeA->>NodeB: Relay TX<br/>(traceparent: abc123)
-    Note over NodeB: Links to trace_id: abc123<br/>span: tx.relay
-```
-
-- **HTTP/RPC**: W3C Trace Context headers (`traceparent`)
-- **P2P Messages**: Protocol Buffer extension fields
-
----
-
-## Slide 7: Implementation Plan
-
-### 5-Phase Rollout (9 Weeks)
-
-> **Note**: Dates shown are relative to project start, not calendar dates.
-
-```mermaid
-gantt
-    title Implementation Timeline
-    dateFormat  YYYY-MM-DD
-    axisFormat  Week %W
-
-    section Phase 1
-    Core Infrastructure    :p1, 2024-01-01, 2w
-
-    section Phase 2
-    RPC Tracing           :p2, after p1, 2w
-
-    section Phase 3
-    Transaction Tracing   :p3, after p2, 2w
-
-    section Phase 4
-    Consensus Tracing     :p4, after p3, 2w
-
-    section Phase 5
-    Documentation         :p5, after p4, 1w
-```
-
-### Phase Details
-
-| Phase | Focus               | Key Deliverables                             | Effort  |
-| ----- | ------------------- | -------------------------------------------- | ------- |
-| 1     | Core Infrastructure | SDK integration, Telemetry interface, Config | 10 days |
-| 2     | RPC Tracing         | HTTP context extraction, Handler spans       | 10 days |
-| 3     | Transaction Tracing | Protobuf context, P2P relay propagation      | 10 days |
-| 4     | Consensus Tracing   | Round spans, Proposal/validation tracing     | 10 days |
-| 5     | Documentation       | Runbook, Dashboards, Training                | 7 days  |
-
-**Total Effort**: ~47 developer-days (2 developers)
-
-> **Future Phases** (not in current scope): After traces are stable, OTel metrics can replace StatsD (~3 weeks), and OTel logs can replace Journal (~4 weeks, aligned with structured logging initiative). See Slides 3-4 for the full adoption roadmap.
-
----
-
-## Slide 8: Performance Overhead
-
-> **OTLP** = OpenTelemetry Protocol
-
-### Estimated System Impact
-
-| Metric            | Overhead   | Notes                                            |
-| ----------------- | ---------- | ------------------------------------------------ |
-| **CPU**           | 1-3%       | Span creation and attribute setting              |
-| **Memory**        | ~10 MB     | SDK statics + batch buffer + worker thread stack |
-| **Network**       | 10-50 KB/s | Compressed OTLP export to collector              |
-| **Latency (p99)** | <2%        | With proper sampling configuration               |
-
-#### How We Arrived at These Numbers
-
-**Assumptions (XRPL mainnet baseline)**:
-
-| Parameter                 | Value                  | Source                                                                                              |
-| ------------------------- | ---------------------- | --------------------------------------------------------------------------------------------------- |
-| Transaction throughput    | ~25 TPS (peaks to ~50) | Mainnet average                                                                                     |
-| Default peers per node    | 21                     | `peerfinder/detail/Tuning.h` (`defaultMaxPeers`)                                                    |
-| Consensus round frequency | ~1 round / 3-4 seconds | `ConsensusParms.h` (`ledgerMIN_CONSENSUS=1950ms`)                                                   |
-| Proposers per round       | ~20-35                 | Mainnet UNL size                                                                                    |
-| P2P message rate          | ~160 msgs/sec          | See message breakdown below                                                                         |
-| Avg TX processing time    | ~200 μs                | Profiled baseline                                                                                   |
-| Single span creation cost | 500-1000 ns            | OTel C++ SDK benchmarks (see [3.5.4](./03-implementation-strategy.md#354-performance-data-sources)) |
-
-**P2P message breakdown** (per node, mainnet):
-
-| Message Type  | Rate         | Derivation                                                            |
-| ------------- | ------------ | --------------------------------------------------------------------- |
-| TMTransaction | ~100/sec     | ~25 TPS × ~4 relay hops per TX, deduplicated by HashRouter            |
-| TMValidation  | ~50/sec      | ~35 validators × ~1 validation/3s round ≈ ~12/sec, plus relay fan-out |
-| TMProposeSet  | ~10/sec      | ~35 proposers / 3s round ≈ ~12/round, clustered in establish phase    |
-| **Total**     | **~160/sec** | **Only traced message types counted**                                 |
-
-**CPU (1-3%) — Calculation**:
-
-Per-transaction tracing cost breakdown:
-
-| Operation                                       | Cost        | Notes                                      |
-| ----------------------------------------------- | ----------- | ------------------------------------------ |
-| `tx.receive` span (create + end + 4 attributes) | ~1400 ns    | ~1000ns create + ~200ns end + 4×50ns attrs |
-| `tx.validate` span                              | ~1200 ns    | ~1000ns create + ~200ns for 2 attributes   |
-| `tx.relay` span                                 | ~1200 ns    | ~1000ns create + ~200ns for 2 attributes   |
-| Context injection into P2P message              | ~200 ns     | Serialize trace_id + span_id into protobuf |
-| **Total per TX**                                | **~4.0 μs** |                                            |
-
-> **CPU overhead**: 4.0 μs / 200 μs baseline = **~2.0% per transaction**. Under high load with consensus + RPC spans overlapping, reaches ~3%. Consensus itself adds only ~36 μs per 3-second round (~0.001%), so the TX path dominates. On production server hardware (3+ GHz Xeon), span creation drops to ~500-600 ns, bringing per-TX cost to ~2.6 μs (~1.3%). See [Section 3.5.4](./03-implementation-strategy.md#354-performance-data-sources) for benchmark sources.
-
-**Memory (~10 MB) — Calculation**:
-
-| Component                                     | Size               | Notes                                 |
-| --------------------------------------------- | ------------------ | ------------------------------------- |
-| TracerProvider + Exporter (gRPC channel init) | ~320 KB            | Allocated once at startup             |
-| BatchSpanProcessor (circular buffer)          | ~16 KB             | 2049 × 8-byte AtomicUniquePtr entries |
-| BatchSpanProcessor (worker thread stack)      | ~8 MB              | Default Linux thread stack size       |
-| Active spans (in-flight, max ~1000)           | ~500-800 KB        | ~500-800 bytes/span × 1000 concurrent |
-| Export queue (batch buffer, max 2048 spans)   | ~1 MB              | ~500 bytes/span × 2048 queue depth    |
-| Thread-local context storage (~100 threads)   | ~6.4 KB            | ~64 bytes/thread                      |
-| **Total**                                     | **~10 MB ceiling** |                                       |
-
-> Memory plateaus once the export queue fills — the `max_queue_size=2048` config bounds growth.
-> The worker thread stack (~8 MB) dominates the static footprint but is virtual memory; actual RSS
-> depends on stack usage (typically much less). Active spans are larger than originally estimated
-> (~500-800 bytes) because the OTel SDK `Span` object includes a mutex (~40 bytes), `SpanData`
-> recordable (~250 bytes base), and `std::map`-based attribute storage (~200-500 bytes for 3-5
-> string attributes). See [Section 3.5.4](./03-implementation-strategy.md#354-performance-data-sources) for source references.
-
-**Network (10-50 KB/s) — Calculation**:
-
-Two sources of network overhead:
-
-**(A) OTLP span export to Collector:**
-
-| Sampling Rate              | Effective Spans/sec | Avg Span Size (compressed) | Bandwidth    |
-| -------------------------- | ------------------- | -------------------------- | ------------ |
-| 100% (dev only)            | ~500                | ~500 bytes                 | ~250 KB/s    |
-| **10% (recommended prod)** | **~50**             | **~500 bytes**             | **~25 KB/s** |
-| 1% (minimal)               | ~5                  | ~500 bytes                 | ~2.5 KB/s    |
-
-> The ~500 spans/sec at 100% comes from: ~100 TX spans + ~160 P2P context spans + ~23 consensus spans/round + ~50 RPC spans = ~500/sec. OTLP protobuf with gzip compression yields ~500 bytes/span average.
-
-**(B) P2P trace context overhead** (added to existing messages, always-on regardless of sampling):
-
-| Message Type  | Rate     | Context Size | Bandwidth     |
-| ------------- | -------- | ------------ | ------------- |
-| TMTransaction | ~100/sec | 29 bytes     | ~2.9 KB/s     |
-| TMValidation  | ~50/sec  | 29 bytes     | ~1.5 KB/s     |
-| TMProposeSet  | ~10/sec  | 29 bytes     | ~0.3 KB/s     |
-| **Total P2P** |          |              | **~4.7 KB/s** |
-
-> **Combined**: 25 KB/s (OTLP export at 10%) + 5 KB/s (P2P context) ≈ **~30 KB/s typical**. The 10-50 KB/s range covers 10-20% sampling under normal to peak mainnet load.
-
-**Latency (<2%) — Calculation**:
-
-| Path                           | Tracing Cost | Baseline | Overhead |
-| ------------------------------ | ------------ | -------- | -------- |
-| Fast RPC (e.g., `server_info`) | 2.75 μs      | ~1 ms    | 0.275%   |
-| Slow RPC (e.g., `path_find`)   | 2.75 μs      | ~100 ms  | 0.003%   |
-| Transaction processing         | 4.0 μs       | ~200 μs  | 2.0%     |
-| Consensus round                | 36 μs        | ~3 sec   | 0.001%   |
-
-> At p99, even the worst case (TX processing at 2.0%) is within the 1-3% range. RPC and consensus overhead are negligible. On production hardware, TX overhead drops to ~1.3%.
-
-### Per-Message Overhead (Context Propagation)
-
-Each P2P message carries trace context with the following overhead:
-
-| Field         | Size          | Description                               |
-| ------------- | ------------- | ----------------------------------------- |
-| `trace_id`    | 16 bytes      | Unique identifier for the entire trace    |
-| `span_id`     | 8 bytes       | Current span (becomes parent on receiver) |
-| `trace_flags` | 1 byte        | Sampling decision flags                   |
-| `trace_state` | 0-4 bytes     | Optional vendor-specific data             |
-| **Total**     | **~29 bytes** | **Added per traced P2P message**          |
-
-```mermaid
-flowchart LR
-    subgraph msg["P2P Message with Trace Context"]
-        A["Original Message<br/>(variable size)"] --> B["+ TraceContext<br/>(~29 bytes)"]
-    end
-
-    subgraph breakdown["Context Breakdown"]
-        C["trace_id<br/>16 bytes"]
-        D["span_id<br/>8 bytes"]
-        E["flags<br/>1 byte"]
-        F["state<br/>0-4 bytes"]
-    end
-
-    B --> breakdown
-
-    style A fill:#424242,stroke:#212121,color:#fff
-    style B fill:#2e7d32,stroke:#1b5e20,color:#fff
-    style C fill:#1565c0,stroke:#0d47a1,color:#fff
-    style D fill:#1565c0,stroke:#0d47a1,color:#fff
-    style E fill:#e65100,stroke:#bf360c,color:#fff
-    style F fill:#4a148c,stroke:#2e0d57,color:#fff
-```
-
-**Reading the diagram:**
-
-- **Original Message (gray, left)**: The existing P2P message payload of variable size — this is unchanged; trace context is appended, never modifying the original data.
-- **+ TraceContext (green, right of message)**: The additional 29-byte context block attached to each traced message; the arrow from the original message shows it is a pure addition.
-- **Context Breakdown (right subgraph)**: The four fields — `trace_id` (16 bytes), `span_id` (8 bytes), `flags` (1 byte), and `state` (0-4 bytes) — show exactly what is added and their individual sizes.
-- **Color coding**: Blue fields (`trace_id`, `span_id`) are the core identifiers required for trace correlation; orange (`flags`) controls sampling decisions; purple (`state`) is optional vendor data typically omitted.
-
-> **Note**: 29 bytes represents ~1-6% overhead depending on message size (500B simple TX to 5KB proposal), which is acceptable for the observability benefits provided.
-
-### Mitigation Strategies
-
-```mermaid
-flowchart LR
-    A["Head Sampling<br/>10% default"] --> B["Tail Sampling<br/>Keep errors/slow"] --> C["Batch Export<br/>Reduce I/O"] --> D["Conditional Compile<br/>XRPL_ENABLE_TELEMETRY"]
-
-    style A fill:#1565c0,stroke:#0d47a1,color:#fff
-    style B fill:#2e7d32,stroke:#1b5e20,color:#fff
-    style C fill:#e65100,stroke:#bf360c,color:#fff
-    style D fill:#4a148c,stroke:#2e0d57,color:#fff
-```
-
-> For a detailed explanation of head vs. tail sampling, see Slide 9.
-
-### Kill Switches (Rollback Options)
-
-1. **Config Disable**: Set `enabled=0` in config → instant disable, no restart needed for sampling
-2. **Rebuild**: Compile with `XRPL_ENABLE_TELEMETRY=OFF` → zero overhead (no-op)
-3. **Full Revert**: Clean separation allows easy commit reversion
-
----
-
-## Slide 9: Sampling Strategies — Head vs. Tail
-
-> Sampling controls **which traces are recorded and exported**. Without sampling, every operation generates a trace — at 500+ spans/sec, this overwhelms storage and network. Sampling lets you keep the signal, discard the noise.
-
-### Head Sampling (Decision at Start)
-
-The sampling decision is made **when a trace begins**, before any work is done. A random number is generated; if it falls within the configured ratio, the entire trace is recorded. Otherwise, the trace is silently dropped.
-
-```mermaid
-flowchart LR
-    A["New Request<br/>Arrives"] --> B{"Random < 10%?"}
-    B -->|"Yes (1 in 10)"| C["Record Entire Trace<br/>(all spans)"]
-    B -->|"No (9 in 10)"| D["Drop Entire Trace<br/>(zero overhead)"]
-
-    style C fill:#2e7d32,stroke:#1b5e20,color:#fff
-    style D fill:#c62828,stroke:#8c2809,color:#fff
-    style B fill:#1565c0,stroke:#0d47a1,color:#fff
-```
-
-| Aspect                        | Details                                                                                                                                                                                                  |
-| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Where it runs**             | Inside xrpld (SDK-level). Configured via `sampling_ratio` in `xrpld.cfg`.                                                                                                                                |
-| **When the decision happens** | At trace creation time — before the first span is even populated.                                                                                                                                        |
-| **How it works**              | `sampling_ratio=0.1` means each trace has a 10% probability of being recorded. Dropped traces incur near-zero overhead (no spans created, no attributes set, no export).                                 |
-| **Propagation**               | Once a trace is sampled, the `trace_flags` field (1 byte in the context header) tells downstream nodes to also sample it. Unsampled traces propagate `trace_flags=0`, so downstream nodes skip them too. |
-| **Pros**                      | Lowest overhead. Simple to configure. Predictable resource usage.                                                                                                                                        |
-| **Cons**                      | **Blind** — it doesn't know if the trace will be interesting. A rare error or slow consensus round has only a 10% chance of being captured.                                                              |
-| **Best for**                  | High-volume, steady-state traffic where most traces look similar (e.g., routine RPC requests).                                                                                                           |
-
-**xrpld configuration**:
-
-```ini
-[telemetry]
-# Record 10% of traces (recommended for production)
-sampling_ratio=0.1
-```
-
-### Tail Sampling (Decision at End)
-
-The sampling decision is made **after the trace completes**, based on its actual content — was it slow? Did it error? Was it a consensus round? This requires buffering complete traces before deciding.
-
-```mermaid
-flowchart TB
-    A["All Traces<br/>Buffered (100%)"] --> B["OTel Collector<br/>Evaluates Rules"]
-
-    B --> C{"Error?"}
-    C -->|Yes| K["KEEP"]
-
-    C -->|No| D{"Slow?<br/>(>5s consensus,<br/>>1s RPC)"}
-    D -->|Yes| K
-
-    D -->|No| E{"Random < 10%?"}
-    E -->|Yes| K
-    E -->|No| F["DROP"]
-
-    style K fill:#2e7d32,stroke:#1b5e20,color:#fff
-    style F fill:#c62828,stroke:#8c2809,color:#fff
-    style B fill:#1565c0,stroke:#0d47a1,color:#fff
-    style C fill:#e65100,stroke:#bf360c,color:#fff
-    style D fill:#e65100,stroke:#bf360c,color:#fff
-    style E fill:#4a148c,stroke:#2e0d57,color:#fff
-```
-
-| Aspect                        | Details                                                                                                                                                                                                 |
-| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Where it runs**             | In the **OTel Collector** (external process), not inside xrpld. xrpld exports 100% of traces; the Collector decides what to keep.                                                                       |
-| **When the decision happens** | After the Collector has received all spans for a trace (waits `decision_wait=10s` for stragglers).                                                                                                      |
-| **How it works**              | Policy rules evaluate the completed trace: keep all errors, keep slow operations above a threshold, keep all consensus rounds, then probabilistically sample the rest at 10%.                           |
-| **Pros**                      | **Never misses important traces**. Errors, slow requests, and consensus anomalies are always captured regardless of probability.                                                                        |
-| **Cons**                      | Higher resource usage — xrpld must export 100% of spans to the Collector, which buffers them in memory before deciding. The Collector needs more RAM (configured via `num_traces` and `decision_wait`). |
-| **Best for**                  | Production troubleshooting where you can't afford to miss errors or anomalies.                                                                                                                          |
-
-**Collector configuration** (tail sampling rules for xrpld):
-
-```yaml
-processors:
-  tail_sampling:
-    decision_wait: 10s # Wait for all spans in a trace
-    num_traces: 100000 # Buffer up to 100K concurrent traces
-    policies:
-      - name: errors # Always keep error traces
-        type: status_code
-        status_code: { status_codes: [ERROR] }
-
-      - name: slow-consensus # Keep consensus rounds >5s
-        type: latency
-        latency: { threshold_ms: 5000 }
-
-      - name: slow-rpc # Keep slow RPC requests >1s
-        type: latency
-        latency: { threshold_ms: 1000 }
-
-      - name: probabilistic # Sample 10% of everything else
-        type: probabilistic
-        probabilistic: { sampling_percentage: 10 }
-```
-
-### Head vs. Tail — Side-by-Side
-
-|                               | Head Sampling                            | Tail Sampling                                    |
-| ----------------------------- | ---------------------------------------- | ------------------------------------------------ |
-| **Decision point**            | Trace start (inside xrpld)               | Trace end (in OTel Collector)                    |
-| **Knows trace content?**      | No (random coin flip)                    | Yes (evaluates completed trace)                  |
-| **Overhead on xrpld**         | Lowest (dropped traces = no-op)          | Higher (must export 100% to Collector)           |
-| **Collector resource usage**  | Low (receives only sampled traces)       | Higher (buffers all traces before deciding)      |
-| **Captures all errors?**      | No (only if trace was randomly selected) | **Yes** (error policy catches them)              |
-| **Captures slow operations?** | No (random)                              | **Yes** (latency policy catches them)            |
-| **Configuration**             | `xrpld.cfg`: `sampling_ratio=0.1`        | `otel-collector.yaml`: `tail_sampling` processor |
-| **Best for**                  | High-throughput steady-state             | Troubleshooting & anomaly detection              |
-
-### Recommended Strategy for xrpld
-
-Use **both** in a layered approach:
-
-```mermaid
-flowchart LR
-    subgraph xrpld["xrpld (Head Sampling)"]
-        HS["sampling_ratio=1.0<br/>(export everything)"]
-    end
-
-    subgraph collector["OTel Collector (Tail Sampling)"]
-        TS["Keep: errors + slow + 10% random<br/>Drop: routine traces"]
-    end
-
-    subgraph storage["Backend Storage"]
-        ST["Only interesting traces<br/>stored long-term"]
-    end
-
-    xrpld -->|"100% of spans"| collector -->|"~15-20% kept"| storage
-
-    style xrpld fill:#424242,stroke:#212121,color:#fff
-    style collector fill:#1565c0,stroke:#0d47a1,color:#fff
-    style storage fill:#2e7d32,stroke:#1b5e20,color:#fff
-```
-
-> **Why this works**: xrpld exports everything (no blind drops), the Collector applies intelligent filtering (keep errors/slow/anomalies, sample the rest), and only ~15-20% of traces reach storage. If Collector resource usage becomes a concern, add head sampling at `sampling_ratio=0.5` to halve the export volume while still giving the Collector enough data for good tail-sampling decisions.
-
----
-
-## Slide 10: Data Collection & Privacy
-
-### What Data is Collected
-
-| Category        | Attributes Collected                                                                 | Purpose                     |
-| --------------- | ------------------------------------------------------------------------------------ | --------------------------- |
-| **Transaction** | `tx.hash`, `tx.type`, `tx.result`, `tx.fee`, `ledger_index`                          | Trace transaction lifecycle |
-| **Consensus**   | `round`, `phase`, `mode`, `proposers` (count of proposing validators), `duration_ms` | Analyze consensus timing    |
-| **RPC**         | `command`, `version`, `status`, `duration_ms`                                        | Monitor RPC performance     |
-| **Peer**        | `peer.id`(public key), `latency_ms`, `message.type`, `message.size`                  | Network topology analysis   |
-| **Ledger**      | `ledger.hash`, `ledger.index`, `close_time`, `tx_count`                              | Ledger progression tracking |
-| **Job**         | `job.type`, `queue_ms`, `worker`                                                     | JobQueue performance        |
-
-### What is NOT Collected (Privacy Guarantees)
-
-```mermaid
-flowchart LR
-    subgraph notCollected["❌ NOT Collected"]
-        direction LR
-        A["Private Keys"] ~~~ B["Account Balances"] ~~~ C["Transaction Amounts"]
-    end
-
-    subgraph alsoNot["❌ Also Excluded"]
-        direction LR
-        D["IP Addresses<br/>(configurable)"] ~~~ E["Personal Data"] ~~~ F["Raw TX Payloads"]
-    end
-
-    style A fill:#c62828,stroke:#8c2809,color:#fff
-    style B fill:#c62828,stroke:#8c2809,color:#fff
-    style C fill:#c62828,stroke:#8c2809,color:#fff
-    style D fill:#c62828,stroke:#8c2809,color:#fff
-    style E fill:#c62828,stroke:#8c2809,color:#fff
-    style F fill:#c62828,stroke:#8c2809,color:#fff
-```
-
-**Reading the diagram:**
-
-- **NOT Collected (top row, red)**: Private Keys, Account Balances, and Transaction Amounts are explicitly excluded — these are financial/security-sensitive fields that telemetry never touches.
-- **Also Excluded (bottom row, red)**: IP Addresses (configurable per deployment), Personal Data, and Raw TX Payloads are also excluded — these protect operator and user privacy.
-- **All-red styling**: Every box is styled in red to visually reinforce that these are hard exclusions, not optional — the telemetry system has no code path to collect any of these fields.
-- **Two-row layout**: The split between "NOT Collected" and "Also Excluded" distinguishes between financial data (top) and operational/personal data (bottom), making the privacy boundaries clear to auditors.
-
-### Privacy Protection Mechanisms
-
-| Mechanism                  | Description                                                   |
-| -------------------------- | ------------------------------------------------------------- |
-| **Account Hashing**        | `xrpl.tx.account` is hashed at collector level before storage |
-| **Configurable Redaction** | Sensitive fields can be excluded via config                   |
-| **Sampling**               | Only 10% of traces recorded by default (reduces exposure)     |
-| **Local Control**          | Node operators control what gets exported                     |
-| **No Raw Payloads**        | Transaction content is never recorded, only metadata          |
-
-> **Key Principle**: Telemetry collects **operational metadata** (timing, counts, hashes) — never **sensitive content** (keys, balances, amounts).
-
----
-
-_End of Presentation_

bin/git/setup-upstreams.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
 if [[ $# -ne 1 || "$1" == "--help" || "$1" == "-h" ]]; then
-    name=$(basename $0)
-    cat <<-USAGE
+    name=$( basename $0 )
+    cat <<- USAGE
     Usage: $name <username>
 
     Where <username> is the Github username of the upstream repo. e.g. XRPLF
@@ -14,7 +14,7 @@ fi
 shift
 user="$1"
 # Get the origin URL. Expect it be an SSH-style URL
-origin=$(git remote get-url origin)
+origin=$( git remote get-url origin )
 if [[ "${origin}" == "" ]]; then
     echo Invalid origin remote >&2
     exit 1
@@ -22,11 +22,11 @@ fi
 # echo "Origin: ${origin}"
 # Parse the origin
 ifs_orig="${IFS}"
-IFS=':' read remote originpath <<<"${origin}"
+IFS=':' read remote originpath <<< "${origin}"
 # echo "Remote: ${remote}, Originpath: ${originpath}"
-IFS='@' read sshuser server <<<"${remote}"
+IFS='@' read sshuser server <<< "${remote}"
 # echo "SSHUser: ${sshuser}, Server: ${server}"
-IFS='/' read originuser repo <<<"${originpath}"
+IFS='/' read originuser repo <<< "${originpath}"
 # echo "Originuser: ${originuser}, Repo: ${repo}"
 if [[ "${sshuser}" == "" || "${server}" == "" || "${originuser}" == "" || "${repo}" == "" ]]; then
     echo "Can't parse origin URL: ${origin}" >&2
@@ -35,9 +35,9 @@ fi
 upstream="https://${server}/${user}/${repo}"
 upstreampush="${remote}:${user}/${repo}"
 upstreamgroup="upstream upstream-push"
-current=$(git remote get-url upstream 2>/dev/null)
-currentpush=$(git remote get-url upstream-push 2>/dev/null)
-currentgroup=$(git config remotes.upstreams)
+current=$( git remote get-url upstream 2>/dev/null )
+currentpush=$( git remote get-url upstream-push 2>/dev/null )
+currentgroup=$( git config remotes.upstreams )
 if [[ "${current}" == "${upstream}" ]]; then
     echo "Upstream already set up correctly. Skip"
 elif [[ -n "${current}" && "${current}" != "${upstream}" && "${current}" != "${upstreampush}" ]]; then
@@ -45,9 +45,9 @@ elif [[ -n "${current}" && "${current}" != "${upstream}" && "${current}" != "${u
 else
     if [[ "${current}" == "${upstreampush}" ]]; then
         echo "Upstream set to dangerous push URL. Update."
-        _run git remote rename upstream upstream-push ||
-            _run git remote remove upstream
-        currentpush=$(git remote get-url upstream-push 2>/dev/null)
+        _run git remote rename upstream upstream-push || \
+        _run git remote remove upstream
+        currentpush=$( git remote get-url upstream-push 2>/dev/null )
     fi
     _run git remote add upstream "${upstream}"
 fi

bin/git/squash-branches.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
 if [[ $# -lt 3 || "$1" == "--help" || "$1" = "-h" ]]; then
-    name=$(basename $0)
-    cat <<-USAGE
+    name=$( basename $0 )
+    cat <<- USAGE
     Usage: $name workbranch base/branch user/branch [user/branch [...]]
 
     * workbranch will be created locally from base/branch
@@ -16,7 +16,7 @@ fi
 work="$1"
 shift
 
-branches=($(echo "${@}" | sed "s/:/\//"))
+branches=( $( echo "${@}" | sed "s/:/\//" ) )
 base="${branches[0]}"
 unset branches[0]
 
@@ -24,10 +24,10 @@ set -e
 
 users=()
 for b in "${branches[@]}"; do
-    users+=($(echo $b | cut -d/ -f1))
+    users+=( $( echo $b | cut -d/ -f1 ) )
 done
 
-users=($(printf '%s\n' "${users[@]}" | sort -u))
+users=( $( printf '%s\n' "${users[@]}" | sort -u ) )
 
 git fetch --multiple upstreams "${users[@]}"
 git checkout -B "$work" --no-track "$base"
@@ -40,7 +40,7 @@ done
 # Make sure the commits look right
 git log --show-signature "$base..HEAD"
 
-parts=($(echo $base | sed "s/\// /"))
+parts=( $( echo $base | sed "s/\// /" ) )
 repo="${parts[0]}"
 b="${parts[1]}"
 push=$repo
@@ -50,7 +50,7 @@ fi
 if [[ "$repo" == "upstream" ]]; then
     repo="upstreams"
 fi
-cat <<PUSH
+cat << PUSH
 
 -------------------------------------------------------------------
 This script will not push. Verify everything is correct, then push

bin/git/update-version.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
 if [[ $# -ne 3 || "$1" == "--help" || "$1" = "-h" ]]; then
-    name=$(basename $0)
-    cat <<-USAGE
+    name=$( basename $0 )
+    cat <<- USAGE
     Usage: $name workbranch base/branch version
 
     * workbranch will be created locally from base/branch. If it exists,
@@ -16,7 +16,7 @@ fi
 work="$1"
 shift
 
-base=$(echo "$1" | sed "s/:/\//")
+base=$( echo "$1" | sed "s/:/\//" )
 shift
 
 version=$1
@@ -28,16 +28,16 @@ git fetch upstreams
 
 git checkout -B "${work}" --no-track "${base}"
 
-push=$(git rev-parse --abbrev-ref --symbolic-full-name '@{push}' \
-    2>/dev/null) || true
+push=$( git rev-parse --abbrev-ref --symbolic-full-name '@{push}' \
+    2>/dev/null ) || true
 if [[ "${push}" != "" ]]; then
     echo "Warning: ${push} may already exist."
 fi
 
-build=$(find -name BuildInfo.cpp)
-sed 's/\(^.*versionString =\).*$/\1 "'${version}'"/' ${build} >version.cpp &&
-    diff "${build}" version.cpp && exit 1 ||
-    mv -vi version.cpp ${build}
+build=$( find -name BuildInfo.cpp )
+sed 's/\(^.*versionString =\).*$/\1 "'${version}'"/' ${build} > version.cpp && \
+diff "${build}" version.cpp && exit 1 || \
+mv -vi version.cpp ${build}
 
 git diff
 
@@ -47,7 +47,7 @@ git commit -S -m "Set version to ${version}"
 
 git log --oneline --first-parent ${base}^..
 
-cat <<PUSH
+cat << PUSH
 
 -------------------------------------------------------------------
 This script will not push. Verify everything is correct, then push

bin/pre-commit/clang_tidy_check.py

@@ -168,13 +168,7 @@ def main():
     if not os.environ.get("TIDY"):
         return 0
 
-    repo_root = Path(
-        subprocess.check_output(
-            ["git", "rev-parse", "--show-toplevel"],
-            cwd=Path(__file__).parent,
-            text=True,
-        ).strip()
-    )
+    repo_root = Path(__file__).parent.parent
     files = staged_files(repo_root)
     if not files:
         return 0

cfg/xrpld-example.cfg

@@ -953,21 +953,6 @@
 #
 #   Optional keys for NuDB and RocksDB:
 #
-#       cache_size          Size of cache for database records. Default is 16384.
-#                           Setting this value to 0 will use the default value.
-#
-#       cache_age           Length of time in minutes to keep database records
-#                           cached. Default is 5 minutes. Setting this value to
-#                           0 will use the default value.
-#
-#                           Note: if cache_size or cache_age is not specified,
-#                           default values will be used for the unspecified
-#                           parameter.
-#
-#                           Note: the cache will not be created if online_delete
-#                           is specified, because the rotating NodeStore does
-#                           not use this cache).
-#
 #       fast_load           Boolean. If set, load the last persisted ledger
 #                           from disk upon process start before syncing to
 #                           the network. This is likely to improve performance
@@ -1481,7 +1466,10 @@ admin = 127.0.0.1
 protocol = http
 
 [port_peer]
-port = 2459
+# Many servers still use the legacy port of 51235, so for backward-compatibility
+# we maintain that port number here. However, for new servers we recommend
+# changing this to the default port of 2459.
+port = 51235
 ip = 0.0.0.0
 # alternatively, to accept connections on IPv4 + IPv6, use:
 #ip = ::
@@ -1621,97 +1609,3 @@ validators.txt
 # set to ssl_verify to 0.
 [ssl_verify]
 1
-#-------------------------------------------------------------------------------
-#
-# 11. Telemetry (OpenTelemetry Tracing)
-#
-#-------------------------------------------------------------------------------
-#
-# Enables distributed tracing via OpenTelemetry. Requires building with
-# -DXRPL_ENABLE_TELEMETRY=ON (telemetry Conan option).
-#
-# [telemetry]
-#
-# enabled=0
-#
-#   Enable or disable telemetry at runtime. Default: 0 (disabled).
-#
-# service_name=xrpld
-#
-#   OTel resource attribute `service.name`. Default: xrpld.
-#   The node's network ID (from [network_id]) is automatically added
-#   as the `xrpl.network.id` and `xrpl.network.type` resource attributes.
-#
-# service_instance_id=<node_public_key>
-#
-#   OTel resource attribute `service.instance.id`. Uniquely identifies
-#   this node. Default: the node's public key (auto-detected).
-#
-# endpoint=http://localhost:4318/v1/traces
-#
-#   The OTLP/HTTP exporter endpoint. The server sends trace data as
-#   protobuf-encoded HTTP POST requests to this URL.
-#   Default: http://localhost:4318/v1/traces.
-#
-# --- TLS settings for the OTLP exporter connection ---
-#
-# use_tls=0
-#
-#   Enable TLS for the OTLP/HTTP exporter connection. Default: 0 (off).
-#
-# tls_ca_cert=
-#
-#   Path to a PEM-encoded CA certificate bundle for TLS verification.
-#   Only used when use_tls=1. Default: empty (system CA store).
-#
-# sampling_ratio=1.0
-#
-#   Head-based sampling ratio using TraceIdRatioBasedSampler. The decision
-#   to record or drop a trace is made at span creation time, before the
-#   span starts, based on the trace ID. Values in [0.0, 1.0].
-#   1.0 = trace everything, 0.1 = sample ~10% of traces. Default: 1.0.
-#   For tail-based (post-hoc) filtering — where you decide to drop a span
-#   after inspecting its content — use SpanGuard::discard() in code.
-#
-# trace_rpc=1
-#
-#   Enable tracing for JSON-RPC and WebSocket API request handling —
-#   command parsing, execution, and response serialization. Default: 1.
-#
-# trace_transactions=1
-#
-#   Enable tracing for the transaction lifecycle — submission, validation,
-#   application to ledgers, and final disposition. Default: 1.
-#
-# trace_consensus=1
-#
-#   Enable tracing for the consensus round lifecycle — proposals,
-#   validations, mode changes, and ledger acceptance. Default: 1.
-#
-# trace_peer=0
-#
-#   Enable tracing for peer-to-peer protocol messages — overlay message
-#   send/receive, peer handshakes, and routing. High volume; disabled
-#   by default. Default: 0.
-#
-# trace_ledger=1
-#
-#   Enable tracing for ledger close and accept operations — ledger
-#   building, state hashing, and write-back to the node store. Default: 1.
-#
-# --- Batch processor tuning ---
-#
-# batch_size=512
-#
-#   Maximum number of spans exported in a single batch. Default: 512.
-#
-# batch_delay_ms=5000
-#
-#   Maximum delay (milliseconds) before a partial batch is flushed.
-#   Default: 5000 (5 seconds).
-#
-# max_queue_size=2048
-#
-#   Maximum number of spans queued in memory before drops occur.
-#   Default: 2048.
-#

cmake/XrplCore.cmake

@@ -192,23 +192,6 @@ target_link_libraries(
 add_module(xrpl tx)
 target_link_libraries(xrpl.libxrpl.tx PUBLIC xrpl.libxrpl.ledger)
 
-# Telemetry module — OpenTelemetry distributed tracing support.
-# Sources: include/xrpl/telemetry/ (headers), src/libxrpl/telemetry/ (impl).
-# When telemetry=ON, links the Conan-provided umbrella target
-# opentelemetry-cpp::opentelemetry-cpp (individual component targets like
-# ::api, ::sdk are not available in the Conan package).
-add_module(xrpl telemetry)
-target_link_libraries(
-    xrpl.libxrpl.telemetry
-    PUBLIC xrpl.libxrpl.basics xrpl.libxrpl.beast
-)
-if(telemetry)
-    target_link_libraries(
-        xrpl.libxrpl.telemetry
-        PUBLIC opentelemetry-cpp::opentelemetry-cpp
-    )
-endif()
-
 add_library(xrpl.libxrpl)
 set_target_properties(xrpl.libxrpl PROPERTIES OUTPUT_NAME xrpl)
 
@@ -240,7 +223,6 @@ target_link_modules(
     resource
     server
     shamap
-    telemetry
     tx
 )
 

cmake/scripts/codegen/requirements.in

@@ -1,13 +0,0 @@
-# Python dependencies for XRP Ledger code generation scripts
-#
-# These packages are required to run the code generation scripts that
-# parse macro files and generate C++ wrapper classes.
-
-# C preprocessor for Python - used to preprocess macro files
-pcpp>=1.30
-
-# Parser combinator library - used to parse the macro DSL
-pyparsing>=3.0.0
-
-# Template engine - used to generate C++ code from templates
-Mako>=1.2.2

cmake/scripts/codegen/requirements.txt

@@ -1,105 +1,13 @@
-# This file was autogenerated by uv via the following command:
-#    uv pip compile requirements.in --generate-hashes --output-file requirements.txt
-mako==1.3.12 \
-    --hash=sha256:8f61569480282dbf557145ce441e4ba888be453c30989f879f0d652e39f53ea9 \
-    --hash=sha256:9f778e93289bd410bb35daadeb4fc66d95a746f0b75777b942088b7fd7af550a
-    # via -r requirements.in
-markupsafe==3.0.3 \
-    --hash=sha256:0303439a41979d9e74d18ff5e2dd8c43ed6c6001fd40e5bf2e43f7bd9bbc523f \
-    --hash=sha256:068f375c472b3e7acbe2d5318dea141359e6900156b5b2ba06a30b169086b91a \
-    --hash=sha256:0bf2a864d67e76e5c9a34dc26ec616a66b9888e25e7b9460e1c76d3293bd9dbf \
-    --hash=sha256:0db14f5dafddbb6d9208827849fad01f1a2609380add406671a26386cdf15a19 \
-    --hash=sha256:0eb9ff8191e8498cca014656ae6b8d61f39da5f95b488805da4bb029cccbfbaf \
-    --hash=sha256:0f4b68347f8c5eab4a13419215bdfd7f8c9b19f2b25520968adfad23eb0ce60c \
-    --hash=sha256:1085e7fbddd3be5f89cc898938f42c0b3c711fdcb37d75221de2666af647c175 \
-    --hash=sha256:116bb52f642a37c115f517494ea5feb03889e04df47eeff5b130b1808ce7c219 \
-    --hash=sha256:12c63dfb4a98206f045aa9563db46507995f7ef6d83b2f68eda65c307c6829eb \
-    --hash=sha256:133a43e73a802c5562be9bbcd03d090aa5a1fe899db609c29e8c8d815c5f6de6 \
-    --hash=sha256:1353ef0c1b138e1907ae78e2f6c63ff67501122006b0f9abad68fda5f4ffc6ab \
-    --hash=sha256:15d939a21d546304880945ca1ecb8a039db6b4dc49b2c5a400387cdae6a62e26 \
-    --hash=sha256:177b5253b2834fe3678cb4a5f0059808258584c559193998be2601324fdeafb1 \
-    --hash=sha256:1872df69a4de6aead3491198eaf13810b565bdbeec3ae2dc8780f14458ec73ce \
-    --hash=sha256:1b4b79e8ebf6b55351f0d91fe80f893b4743f104bff22e90697db1590e47a218 \
-    --hash=sha256:1b52b4fb9df4eb9ae465f8d0c228a00624de2334f216f178a995ccdcf82c4634 \
-    --hash=sha256:1ba88449deb3de88bd40044603fafffb7bc2b055d626a330323a9ed736661695 \
-    --hash=sha256:1cc7ea17a6824959616c525620e387f6dd30fec8cb44f649e31712db02123dad \
-    --hash=sha256:218551f6df4868a8d527e3062d0fb968682fe92054e89978594c28e642c43a73 \
-    --hash=sha256:26a5784ded40c9e318cfc2bdb30fe164bdb8665ded9cd64d500a34fb42067b1c \
-    --hash=sha256:2713baf880df847f2bece4230d4d094280f4e67b1e813eec43b4c0e144a34ffe \
-    --hash=sha256:2a15a08b17dd94c53a1da0438822d70ebcd13f8c3a95abe3a9ef9f11a94830aa \
-    --hash=sha256:2f981d352f04553a7171b8e44369f2af4055f888dfb147d55e42d29e29e74559 \
-    --hash=sha256:32001d6a8fc98c8cb5c947787c5d08b0a50663d139f1305bac5885d98d9b40fa \
-    --hash=sha256:3524b778fe5cfb3452a09d31e7b5adefeea8c5be1d43c4f810ba09f2ceb29d37 \
-    --hash=sha256:3537e01efc9d4dccdf77221fb1cb3b8e1a38d5428920e0657ce299b20324d758 \
-    --hash=sha256:35add3b638a5d900e807944a078b51922212fb3dedb01633a8defc4b01a3c85f \
-    --hash=sha256:38664109c14ffc9e7437e86b4dceb442b0096dfe3541d7864d9cbe1da4cf36c8 \
-    --hash=sha256:3a7e8ae81ae39e62a41ec302f972ba6ae23a5c5396c8e60113e9066ef893da0d \
-    --hash=sha256:3b562dd9e9ea93f13d53989d23a7e775fdfd1066c33494ff43f5418bc8c58a5c \
-    --hash=sha256:457a69a9577064c05a97c41f4e65148652db078a3a509039e64d3467b9e7ef97 \
-    --hash=sha256:4bd4cd07944443f5a265608cc6aab442e4f74dff8088b0dfc8238647b8f6ae9a \
-    --hash=sha256:4e885a3d1efa2eadc93c894a21770e4bc67899e3543680313b09f139e149ab19 \
-    --hash=sha256:4faffd047e07c38848ce017e8725090413cd80cbc23d86e55c587bf979e579c9 \
-    --hash=sha256:509fa21c6deb7a7a273d629cf5ec029bc209d1a51178615ddf718f5918992ab9 \
-    --hash=sha256:5678211cb9333a6468fb8d8be0305520aa073f50d17f089b5b4b477ea6e67fdc \
-    --hash=sha256:591ae9f2a647529ca990bc681daebdd52c8791ff06c2bfa05b65163e28102ef2 \
-    --hash=sha256:5a7d5dc5140555cf21a6fefbdbf8723f06fcd2f63ef108f2854de715e4422cb4 \
-    --hash=sha256:69c0b73548bc525c8cb9a251cddf1931d1db4d2258e9599c28c07ef3580ef354 \
-    --hash=sha256:6b5420a1d9450023228968e7e6a9ce57f65d148ab56d2313fcd589eee96a7a50 \
-    --hash=sha256:722695808f4b6457b320fdc131280796bdceb04ab50fe1795cd540799ebe1698 \
-    --hash=sha256:729586769a26dbceff69f7a7dbbf59ab6572b99d94576a5592625d5b411576b9 \
-    --hash=sha256:77f0643abe7495da77fb436f50f8dab76dbc6e5fd25d39589a0f1fe6548bfa2b \
-    --hash=sha256:795e7751525cae078558e679d646ae45574b47ed6e7771863fcc079a6171a0fc \
-    --hash=sha256:7be7b61bb172e1ed687f1754f8e7484f1c8019780f6f6b0786e76bb01c2ae115 \
-    --hash=sha256:7c3fb7d25180895632e5d3148dbdc29ea38ccb7fd210aa27acbd1201a1902c6e \
-    --hash=sha256:7e68f88e5b8799aa49c85cd116c932a1ac15caaa3f5db09087854d218359e485 \
-    --hash=sha256:83891d0e9fb81a825d9a6d61e3f07550ca70a076484292a70fde82c4b807286f \
-    --hash=sha256:8485f406a96febb5140bfeca44a73e3ce5116b2501ac54fe953e488fb1d03b12 \
-    --hash=sha256:8709b08f4a89aa7586de0aadc8da56180242ee0ada3999749b183aa23df95025 \
-    --hash=sha256:8f71bc33915be5186016f675cd83a1e08523649b0e33efdb898db577ef5bb009 \
-    --hash=sha256:915c04ba3851909ce68ccc2b8e2cd691618c4dc4c4232fb7982bca3f41fd8c3d \
-    --hash=sha256:949b8d66bc381ee8b007cd945914c721d9aba8e27f71959d750a46f7c282b20b \
-    --hash=sha256:94c6f0bb423f739146aec64595853541634bde58b2135f27f61c1ffd1cd4d16a \
-    --hash=sha256:9a1abfdc021a164803f4d485104931fb8f8c1efd55bc6b748d2f5774e78b62c5 \
-    --hash=sha256:9b79b7a16f7fedff2495d684f2b59b0457c3b493778c9eed31111be64d58279f \
-    --hash=sha256:a320721ab5a1aba0a233739394eb907f8c8da5c98c9181d1161e77a0c8e36f2d \
-    --hash=sha256:a4afe79fb3de0b7097d81da19090f4df4f8d3a2b3adaa8764138aac2e44f3af1 \
-    --hash=sha256:ad2cf8aa28b8c020ab2fc8287b0f823d0a7d8630784c31e9ee5edea20f406287 \
-    --hash=sha256:b8512a91625c9b3da6f127803b166b629725e68af71f8184ae7e7d54686a56d6 \
-    --hash=sha256:bc51efed119bc9cfdf792cdeaa4d67e8f6fcccab66ed4bfdd6bde3e59bfcbb2f \
-    --hash=sha256:bdc919ead48f234740ad807933cdf545180bfbe9342c2bb451556db2ed958581 \
-    --hash=sha256:bdd37121970bfd8be76c5fb069c7751683bdf373db1ed6c010162b2a130248ed \
-    --hash=sha256:be8813b57049a7dc738189df53d69395eba14fb99345e0a5994914a3864c8a4b \
-    --hash=sha256:c0c0b3ade1c0b13b936d7970b1d37a57acde9199dc2aecc4c336773e1d86049c \
-    --hash=sha256:c47a551199eb8eb2121d4f0f15ae0f923d31350ab9280078d1e5f12b249e0026 \
-    --hash=sha256:c4ffb7ebf07cfe8931028e3e4c85f0357459a3f9f9490886198848f4fa002ec8 \
-    --hash=sha256:ccfcd093f13f0f0b7fdd0f198b90053bf7b2f02a3927a30e63f3ccc9df56b676 \
-    --hash=sha256:d2ee202e79d8ed691ceebae8e0486bd9a2cd4794cec4824e1c99b6f5009502f6 \
-    --hash=sha256:d53197da72cc091b024dd97249dfc7794d6a56530370992a5e1a08983ad9230e \
-    --hash=sha256:d6dd0be5b5b189d31db7cda48b91d7e0a9795f31430b7f271219ab30f1d3ac9d \
-    --hash=sha256:d88b440e37a16e651bda4c7c2b930eb586fd15ca7406cb39e211fcff3bf3017d \
-    --hash=sha256:de8a88e63464af587c950061a5e6a67d3632e36df62b986892331d4620a35c01 \
-    --hash=sha256:df2449253ef108a379b8b5d6b43f4b1a8e81a061d6537becd5582fba5f9196d7 \
-    --hash=sha256:e1c1493fb6e50ab01d20a22826e57520f1284df32f2d8601fdd90b6304601419 \
-    --hash=sha256:e1cf1972137e83c5d4c136c43ced9ac51d0e124706ee1c8aa8532c1287fa8795 \
-    --hash=sha256:e2103a929dfa2fcaf9bb4e7c091983a49c9ac3b19c9061b6d5427dd7d14d81a1 \
-    --hash=sha256:e56b7d45a839a697b5eb268c82a71bd8c7f6c94d6fd50c3d577fa39a9f1409f5 \
-    --hash=sha256:e8afc3f2ccfa24215f8cb28dcf43f0113ac3c37c2f0f0806d8c70e4228c5cf4d \
-    --hash=sha256:e8fc20152abba6b83724d7ff268c249fa196d8259ff481f3b1476383f8f24e42 \
-    --hash=sha256:eaa9599de571d72e2daf60164784109f19978b327a3910d3e9de8c97b5b70cfe \
-    --hash=sha256:ec15a59cf5af7be74194f7ab02d0f59a62bdcf1a537677ce67a2537c9b87fcda \
-    --hash=sha256:f190daf01f13c72eac4efd5c430a8de82489d9cff23c364c3ea822545032993e \
-    --hash=sha256:f34c41761022dd093b4b6896d4810782ffbabe30f2d443ff5f083e0cbbb8c737 \
-    --hash=sha256:f3e98bb3798ead92273dc0e5fd0f31ade220f59a266ffd8a4f6065e0a3ce0523 \
-    --hash=sha256:f42d0984e947b8adf7dd6dde396e720934d12c506ce84eea8476409563607591 \
-    --hash=sha256:f71a396b3bf33ecaa1626c255855702aca4d3d9fea5e051b41ac59a9c1c41edc \
-    --hash=sha256:f9e130248f4462aaa8e2552d547f36ddadbeaa573879158d721bbd33dfe4743a \
-    --hash=sha256:fed51ac40f757d41b7c48425901843666a6677e3e8eb0abcff09e4ba6e664f50
-    # via mako
-pcpp==1.30 \
-    --hash=sha256:05fe08292b6da57f385001c891a87f40d6aa7f46787b03e8ba326d20a3297c6e \
-    --hash=sha256:5af9fbce55f136d7931ae915fae03c34030a3b36c496e72d9636cedc8e2543a1
-    # via -r requirements.in
-pyparsing==3.3.2 \
-    --hash=sha256:850ba148bd908d7e2411587e247a1e4f0327839c40e2e5e6d05a007ecc69911d \
-    --hash=sha256:c777f4d763f140633dcb6d8a3eda953bf7a214dc4eff598413c070bcdc117cbc
-    # via -r requirements.in
+# Python dependencies for XRP Ledger code generation scripts
+#
+# These packages are required to run the code generation scripts that
+# parse macro files and generate C++ wrapper classes.
+
+# C preprocessor for Python - used to preprocess macro files
+pcpp>=1.30
+
+# Parser combinator library - used to parse the macro DSL
+pyparsing>=3.0.0
+
+# Template engine - used to generate C++ code from templates
+Mako>=1.2.2

conan.lock

@@ -1,24 +1,21 @@
 {
     "version": "0.5",
     "requires": [
-        "zlib/1.3.2#1cb806da49011867778ffb6ac7190fcb%1778091116.056",
+        "zlib/1.3.2#1cb806da49011867778ffb6ac7190fcb%1777558780.503",
         "xxhash/0.8.3#681d36a0a6111fc56e5e45ea182c19cc%1765850149.987",
-        "sqlite3/3.53.0#324ada52333108388a9a6108bfa96734%1778091117.311",
+        "sqlite3/3.53.0#324ada52333108388a9a6108bfa96734%1776096494.149",
         "soci/4.0.3#fe32b9ad5eb47e79ab9e45a68f363945%1774450067.231",
         "snappy/1.1.10#968fef506ff261592ec30c574d4a7809%1765850147.878",
         "secp256k1/0.7.1#481881709eb0bdd0185a12b912bbe8ad%1770910500.329",
         "rocksdb/10.5.1#4a197eca381a3e5ae8adf8cffa5aacd0%1765850186.86",
         "re2/20251105#8579cfd0bda4daf0683f9e3898f964b4%1774398111.888",
         "protobuf/6.33.5#d96d52ba5baaaa532f47bda866ad87a5%1774467363.12",
-        "opentelemetry-cpp/1.26.0#9d81768342c78cb897345fd419b358d2%1776934712.672",
         "openssl/3.6.2#4789bbf131b77d0515d15e094c8f697f%1778071755.506",
         "nudb/2.0.9#11149c73f8f2baff9a0198fe25971fc7%1775040983.408",
-        "nlohmann_json/3.11.3#45828be26eb619a2e04ca517bb7b828d%1701220705.259",
         "lz4/1.10.0#59fc63cac7f10fbe8e05c7e62c2f3504%1765850143.914",
         "libiconv/1.17#1e65319e945f2d31941a9d28cc13c058%1765842973.492",
-        "libcurl/8.20.0#465ac276192c197ddc6a9f4494004278%1779353234.048",
         "libbacktrace/cci.20210118#a7691bfccd8caaf66309df196790a5a1%1765842973.03",
-        "libarchive/3.8.7#c446109bd1f1d8ba7936c94189bc50e6%1778091117.848",
+        "libarchive/3.8.7#c446109bd1f1d8ba7936c94189bc50e6%1776147552.838",
         "jemalloc/5.3.1#1fc58d55316041f10fbc1e8a2eae632a%1776700028.228",
         "gtest/1.17.0#5224b3b3ff3b4ce1133cbdd27d53ee7d%1768312129.152",
         "grpc/1.78.1#b1a9e74b145cc471bed4dc64dc6eb2c1%1774467387.342",
@@ -26,22 +23,16 @@
         "date/3.0.4#862e11e80030356b53c2c38599ceb32b%1765850143.772",
         "c-ares/1.34.6#545240bb1c40e2cacd4362d6b8967650%1774439234.681",
         "bzip2/1.0.8#c470882369c2d95c5c77e970c0c7e321%1765850143.837",
-        "boost/1.91.0#ea540ca2133d831b560036aa24dece3c%1778091165.282",
+        "boost/1.91.0#ea540ca2133d831b560036aa24dece3c%1778050991.9",
         "abseil/20250127.0#bb0baf1f362bc4a725a24eddd419b8f7%1774365460.196"
     ],
     "build_requires": [
-        "zlib/1.3.2#1cb806da49011867778ffb6ac7190fcb%1778091116.056",
+        "zlib/1.3.2#1cb806da49011867778ffb6ac7190fcb%1777558780.503",
         "strawberryperl/5.32.1.1#8d114504d172cfea8ea1662d09b6333e%1774447376.964",
         "protobuf/6.33.5#d96d52ba5baaaa532f47bda866ad87a5%1774467363.12",
-        "pkgconf/2.5.1#93c2051284cba1279494a43a4fcfeae2%1757684701.089",
-        "opentelemetry-proto/1.7.0#ed6d5bd761bef0afb0ba09676420b9ea%1749461220.268",
-        "ninja/1.13.2#c8c5dc2a52ed6e4e42a66d75b4717ceb%1764096931.974",
         "nasm/2.16.01#31e26f2ee3c4346ecd347911bd126904%1765850144.707",
         "msys2/cci.latest#d22fe7b2808f5fd34d0a7923ace9c54f%1770657326.649",
-        "meson/1.10.2#9d2d10681fe7fe61c788c58626c89b25%1775558003.754",
         "m4/1.4.19#4523e4347b55cd26ae918bd5770cab9a%1778062762.471",
-        "libtool/2.4.7#14e7739cc128bc1623d2ed318008e47e%1755679003.847",
-        "gnu-config/cci.20210814#466e9d4d7779e1c142443f7ea44b4284%1762363589.329",
         "cmake/4.3.0#b939a42e98f593fb34d3a8c5cc860359%1774439249.183",
         "b2/5.4.2#ffd6084a119587e70f11cd45d1a386e2%1774439233.447",
         "automake/1.16.5#b91b7c384c3deaa9d535be02da14d04f%1755524470.56",
@@ -67,9 +58,6 @@
         ],
         "lz4/[>=1.9.4 <2]": [
             "lz4/1.10.0#59fc63cac7f10fbe8e05c7e62c2f3504"
-        ],
-        "protobuf/[>=4.25.3 <7]": [
-            "protobuf/6.33.5#d96d52ba5baaaa532f47bda866ad87a5"
         ]
     },
     "config_requires": []

conan/profiles/default

@@ -23,15 +23,3 @@ compiler.libcxx={{detect_api.detect_libcxx(compiler, version, compiler_exe)}}
 {% if compiler == "gcc" and compiler_version < 13 %}
 tools.build:cxxflags+=['-Wno-restrict']
 {% endif %}
-{% if os == "Windows" %}
-# opentelemetry-cpp's recipe removes the `shared` option on Windows and never
-# sets BUILD_SHARED_LIBS, so its upstream CMake defaults the protobuf-generated
-# `opentelemetry_proto` target to a DLL (opentelemetry_proto.dll). The rest of
-# the project links statically and nothing deploys that DLL next to the
-# executables, so the telemetry unit test fails to start with
-# STATUS_DLL_NOT_FOUND (0xC0000135). Force the dependency to build fully static
-# so no runtime DLL is produced. The conf is folded into the package id so a
-# fresh static binary is built instead of reusing a previously cached one.
-opentelemetry-cpp/*:tools.cmake.cmaketoolchain:extra_variables={"BUILD_SHARED_LIBS": "OFF"}
-opentelemetry-cpp/*:tools.info.package_id:confs+=["tools.cmake.cmaketoolchain:extra_variables"]
-{% endif %}

conanfile.py

@@ -21,7 +21,6 @@ class Xrpl(ConanFile):
         "rocksdb": [True, False],
         "shared": [True, False],
         "static": [True, False],
-        "telemetry": [True, False],
         "tests": [True, False],
         "unity": [True, False],
         "xrpld": [True, False],
@@ -54,7 +53,6 @@ class Xrpl(ConanFile):
         "rocksdb": True,
         "shared": False,
         "static": True,
-        "telemetry": True,
         "tests": False,
         "unity": False,
         "xrpld": False,
@@ -141,10 +139,6 @@ class Xrpl(ConanFile):
             self.requires("jemalloc/5.3.1")
         if self.options.rocksdb:
             self.requires("rocksdb/10.5.1")
-        # OpenTelemetry C++ SDK for distributed tracing (optional).
-        # Provides OTLP/HTTP exporter, batch span processor, and trace API.
-        if self.options.telemetry:
-            self.requires("opentelemetry-cpp/1.26.0")
         self.requires("xxhash/0.8.3", transitive_headers=True)
 
     exports_sources = (
@@ -173,7 +167,6 @@ class Xrpl(ConanFile):
         tc.variables["rocksdb"] = self.options.rocksdb
         tc.variables["BUILD_SHARED_LIBS"] = self.options.shared
         tc.variables["static"] = self.options.static
-        tc.variables["telemetry"] = self.options.telemetry
         tc.variables["unity"] = self.options.unity
         tc.variables["xrpld"] = self.options.xrpld
         tc.generate()
@@ -226,5 +219,3 @@ class Xrpl(ConanFile):
         ]
         if self.options.rocksdb:
             libxrpl.requires.append("rocksdb::librocksdb")
-        if self.options.telemetry:
-            libxrpl.requires.append("opentelemetry-cpp::opentelemetry-cpp")

cspell.config.yaml

@@ -65,7 +65,6 @@ words:
   - Btrfs
   - Buildx
   - canonicality
-  - CGNAT
   - changespq
   - checkme
   - choco
@@ -94,7 +93,6 @@ words:
   - daria
   - dcmake
   - dearmor
-  - dedented
   - deleteme
   - demultiplexer
   - deserializaton
@@ -117,8 +115,6 @@ words:
   - fmtdur
   - fsanitize
   - funclets
-  - gantt
-  - Gantt
   - gcov
   - gcovr
   - ghead
@@ -127,7 +123,6 @@ words:
   - gpgcheck
   - gpgkey
   - hotwallet
-  - hicpp
   - hwaddress
   - hwrap
   - ifndef
@@ -165,11 +160,12 @@ words:
   - mathbunnyru
   - mcmodel
   - MEMORYSTATUSEX
+  - MPTAMM
+  - MPTDEX
   - Merkle
   - Metafuncton
   - misprediction
   - missingok
-  - MPTAMM
   - mptbalance
   - MPTDEX
   - mptflags
@@ -203,16 +199,12 @@ words:
   - nonxrp
   - noreplace
   - noripple
-  - nostd
-  - nostdinc
   - notifempty
   - nudb
   - nullptr
   - nunl
   - Nyffenegger
-  - onlatest
   - ostr
-  - otelc
   - pargs
   - partitioner
   - paychan
@@ -220,7 +212,6 @@ words:
   - permdex
   - perminute
   - permissioned
-  - pimpl
   - pointee
   - populator
   - preauth
@@ -263,7 +254,6 @@ words:
   - sfields
   - shamap
   - shamapitem
-  - shfmt
   - shlibs
   - sidechain
   - SIGGOOD
@@ -291,7 +281,6 @@ words:
   - takerpays
   - ters
   - TMEndpointv2
-  - traceql
   - trixie
   - tx
   - txid
@@ -299,7 +288,6 @@ words:
   - txjson
   - txn
   - txns
-  - txqueue
   - txs
   - ubsan
   - UBSAN
@@ -310,7 +298,6 @@ words:
   - unauthorizing
   - unergonomic
   - unfetched
-  - unfindable
   - unflatten
   - unfund
   - unimpair
@@ -347,7 +334,4 @@ words:
   - xrplf
   - xxhash
   - xxhasher
-  - xychart
-  - zpages
-  - pratik
-  - dedup
+  - CGNAT

docker/check-sanitizers.sh

@@ -1,48 +0,0 @@
-#!/bin/bash
-
-# Sanity-check that the sanitizer runtimes shipped with g++/clang++ work
-# end-to-end against the system loader: compile each example with both
-# compilers, run it, and confirm the expected diagnostic is emitted.
-
-set -eo pipefail
-
-cpp_files_dir="${1:?usage: $0 <cpp_files_dir>}"
-
-case "$(uname -m)" in
-    x86_64) loader=/lib64/ld-linux-x86-64.so.2 ;;
-    aarch64) loader=/lib/ld-linux-aarch64.so.1 ;;
-    *)
-        echo "Unsupported arch: $(uname -m)" >&2
-        exit 1
-        ;;
-esac
-
-declare -A sanitize=(
-    [asan]="-fsanitize=address"
-    [tsan]="-fsanitize=thread"
-    [ubsan]="-fsanitize=undefined"
-)
-declare -A expect=(
-    [asan]="heap-use-after-free"
-    [tsan]="data race"
-    [ubsan]="signed integer overflow"
-)
-
-for compiler in g++ clang++; do
-    for name in asan tsan ubsan; do
-        bin="/tmp/${name}-${compiler}"
-        echo "=== Build ${name} with ${compiler} ==="
-        "$compiler" -std=c++20 -O1 -g ${sanitize[$name]} \
-            -Wl,--dynamic-linker=$loader \
-            "${cpp_files_dir}/${name}.cpp" -o "$bin"
-        echo "=== Run ${name}-${compiler} ==="
-        output=$("$bin" 2>&1) || true
-        echo "$output"
-        echo "$output" | grep -q "${expect[$name]}" ||
-            {
-                echo "expected '${expect[$name]}' from $bin"
-                exit 1
-            }
-        rm -f "$bin"
-    done
-done

docker/cpp_files/asan.cpp

@@ -1,28 +0,0 @@
-#include <atomic>
-#include <cstddef>
-#include <iostream>
-
-#if defined(__clang__) || defined(__GNUC__)
-__attribute__((noinline))
-#elif defined(_MSC_VER)
-__declspec(noinline)
-#endif
-int
-read_after_free(volatile int* array, std::size_t index)
-{
-    std::atomic_signal_fence(std::memory_order_seq_cst);
-    int value = array[index];
-    std::atomic_signal_fence(std::memory_order_seq_cst);
-    return value;
-}
-
-int
-main()
-{
-    int* array = new int[5]{10, 20, 30, 40, 50};
-    delete[] array;
-
-    std::cout << "Value at index 2: " << read_after_free(array, 2) << std::endl;
-
-    return 0;
-}

docker/cpp_files/tsan.cpp

@@ -1,26 +0,0 @@
-#include <iostream>
-#include <thread>
-
-static int kCounter = 0;
-
-void
-increment()
-{
-    for (int i = 0; i < 100'000; ++i)
-    {
-        ++kCounter;
-    }
-}
-
-int
-main()
-{
-    std::thread t1(increment);
-    std::thread t2(increment);
-
-    t1.join();
-    t2.join();
-
-    std::cout << "Final counter value: " << kCounter << std::endl;
-    return 0;
-}

docker/cpp_files/ubsan.cpp

@@ -1,13 +0,0 @@
-#include <iostream>
-#include <limits>
-
-int
-main()
-{
-    int maxInt = std::numeric_limits<int>::max();
-    int volatile one = 1;
-    std::cout << "Current max: " << maxInt << std::endl;
-    int overflowed = maxInt + one;
-    std::cout << "Overflowed result: " << overflowed << std::endl;
-    return 0;
-}

docker/nix.Dockerfile

@@ -45,30 +45,8 @@ COPY --from=builder /tmp/build/result /nix/ci-env
 
 ENV PATH="/nix/ci-env/bin:$PATH"
 
-# Externally-built dynamically-linked ELF binaries hard-code the loader path
-# (e.g. /lib64/ld-linux-x86-64.so.2) in their PT_INTERP header. Copy the
-# loader from the Nix store to that path when the base image doesn't already
-# provide one (i.e. on nixos/nix).
-RUN <<EOF
-case "$(uname -m)" in
-    x86_64)  target=/lib64/ld-linux-x86-64.so.2 ;;
-    aarch64) target=/lib/ld-linux-aarch64.so.1 ;;
-    *) echo "Unsupported arch: $(uname -m)" >&2; exit 1 ;;
-esac
-if [ ! -e "$target" ]; then
-    # Use the loader from the same glibc that gcc links libc against, so
-    # ld-linux and libc/libpthread share GLIBC_PRIVATE symbols at runtime.
-    src="$(dirname "$(gcc -print-file-name=libc.so.6)")/$(basename "$target")"
-    [ -e "$src" ] || { echo "ld-linux not found at $src" >&2; exit 1; }
-    mkdir -p "$(dirname "$target")"
-    cp "$src" "$target"
-fi
-EOF
-
 RUN <<EOF
 ccache --version
-clang --version
-clang++ --version
 clang-format --version
 cmake --version
 conan --version
@@ -86,10 +64,3 @@ python3 --version
 run-clang-tidy --help
 vim --version
 EOF
-
-# Sanity-check that the sanitizer runtimes shipped with g++/clang++ work
-# end-to-end against the system loader.
-COPY docker/cpp_files/ /tmp/cpp_files/
-COPY docker/check-sanitizers.sh /tmp/check-sanitizers.sh
-
-RUN grep -qi ubuntu /etc/os-release 2>/dev/null && /tmp/check-sanitizers.sh /tmp/cpp_files || true

docker/telemetry/docker-compose.yml

@@ -1,80 +0,0 @@
-# Docker Compose stack for xrpld OpenTelemetry observability.
-#
-# Provides services for local development:
-#   - otel-collector: receives OTLP traces from xrpld, batches and
-#     forwards them to Tempo. Listens on ports 4317 (gRPC)
-#     and 4318 (HTTP).
-#   - tempo: Grafana Tempo tracing backend, queryable via Grafana Explore
-#     on port 3000. Recommended for production (S3/GCS storage, TraceQL).
-#   - grafana: dashboards on port 3000, pre-configured with Tempo
-#     datasource.
-#
-# Usage:
-#   docker compose -f docker/telemetry/docker-compose.yml up -d
-#
-# Configure xrpld to export traces by adding to xrpld.cfg:
-#   [telemetry]
-#   enabled=1
-#   endpoint=http://localhost:4318/v1/traces
-
-services:
-  # OpenTelemetry Collector: receives spans from xrpld via OTLP protocol,
-  # batches them for efficiency, and forwards to Tempo for storage.
-  otel-collector:
-    image: otel/opentelemetry-collector-contrib:0.121.0
-    command: ["--config=/etc/otel-collector-config.yaml"]
-    ports:
-      - "4317:4317" # OTLP gRPC receiver
-      - "4318:4318" # OTLP HTTP receiver (xrpld sends traces here)
-      - "13133:13133" # Health check endpoint
-    volumes:
-      # Mount collector pipeline config (receivers → processors → exporters)
-      - ./otel-collector-config.yaml:/etc/otel-collector-config.yaml:ro
-    depends_on:
-      - tempo
-    networks:
-      - xrpld-telemetry
-
-  # Grafana Tempo: distributed tracing backend that stores and indexes
-  # spans. Queryable via TraceQL in Grafana Explore.
-  tempo:
-    image: grafana/tempo:2.7.2
-    command: ["-config.file=/etc/tempo.yaml"]
-    ports:
-      - "3200:3200" # Tempo HTTP API (health check, query)
-    volumes:
-      # Mount Tempo storage and ingestion config
-      - ./tempo.yaml:/etc/tempo.yaml:ro
-      # Persistent volume for trace data (WAL + blocks)
-      - tempo-data:/var/tempo
-    networks:
-      - xrpld-telemetry
-
-  # Grafana: visualization UI with Tempo pre-configured as a datasource.
-  # Anonymous admin access enabled for local development convenience.
-  grafana:
-    image: grafana/grafana:11.5.2
-    environment:
-      - GF_AUTH_ANONYMOUS_ENABLED=true # No login required for local dev
-      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin # Full access without auth
-    ports:
-      - "3000:3000" # Grafana web UI
-    volumes:
-      # Auto-provision Tempo datasource and search filters on startup
-      - ./grafana/provisioning:/etc/grafana/provisioning:ro
-    depends_on:
-      - tempo
-    networks:
-      - xrpld-telemetry
-
-# Named volume for Tempo trace storage (WAL and compacted blocks).
-# Data persists across container restarts. Remove with:
-#   docker compose -f docker/telemetry/docker-compose.yml down -v
-volumes:
-  tempo-data:
-
-# Isolated bridge network so services communicate by container name
-# (e.g., the collector reaches Tempo at http://tempo:4317).
-networks:
-  xrpld-telemetry:
-    driver: bridge

docker/telemetry/grafana/provisioning/datasources/tempo.yaml

@@ -1,108 +0,0 @@
-# Grafana datasource provisioning for Grafana Tempo.
-# Auto-configures Tempo as a trace data source on Grafana startup.
-# Access Grafana at http://localhost:3000, then use Explore -> Tempo
-# to browse xrpld traces using TraceQL.
-#
-# Search filters provide pre-configured dropdowns in the Explore UI.
-# Each phase adds filters for the span attributes it introduces.
-# Phase 1b (infra): Base filters — node identity, service, span name, status.
-# Phase 2 (RPC):    RPC command, status, role filters.
-
-apiVersion: 1
-
-datasources:
-  - name: Tempo
-    type: tempo
-    access: proxy
-    url: http://tempo:3200
-    uid: tempo
-    jsonData:
-      nodeGraph:
-        enabled: true
-      # Service map and traces-to-metrics require a Prometheus datasource
-      # (not included in this stack). These features are inactive until a
-      # Prometheus service is added to docker-compose.yml.
-      serviceMap:
-        datasourceUid: prometheus
-      tracesToMetrics:
-        datasourceUid: prometheus
-        spanStartTimeShift: "-1h"
-        spanEndTimeShift: "1h"
-      search:
-        filters:
-          # --- Node identification filters ---
-          # service.name: logical service name (default: "xrpld").
-          #   Useful when running multiple service types in the same collector.
-          - id: service-name
-            tag: service.name
-            operator: "="
-            scope: resource
-            type: static
-          # service.instance.id: unique node identifier — defaults to the
-          #   node's public key (e.g., nHB1X37...). Distinguishes individual
-          #   nodes in a multi-node cluster or network.
-          - id: node-id
-            tag: service.instance.id
-            operator: "="
-            scope: resource
-            type: static
-          # service.version: xrpld build version (e.g., "2.4.0-b1").
-          #   Filter traces from specific software releases.
-          - id: node-version
-            tag: service.version
-            operator: "="
-            scope: resource
-            type: dynamic
-          # xrpl.network.id: numeric network identifier
-          #   (0 = mainnet, 1 = testnet, 2 = devnet, etc.).
-          #   Derived from the [network_id] config section.
-          - id: network-id
-            tag: xrpl.network.id
-            operator: "="
-            scope: resource
-            type: dynamic
-          # xrpl.network.type: human-readable network name derived from
-          #   network ID ("mainnet", "testnet", "devnet", "unknown").
-          - id: network-type
-            tag: xrpl.network.type
-            operator: "="
-            scope: resource
-            type: static
-          # --- Span intrinsic filters ---
-          # name: the span operation name (e.g., "rpc.command.server_info").
-          #   Use to find traces for a specific RPC command or subsystem.
-          - id: span-name
-            tag: name
-            operator: "="
-            scope: intrinsic
-            type: static
-          # status: span completion status ("ok", "error", "unset").
-          #   Filter for failed operations to diagnose errors.
-          - id: span-status
-            tag: status
-            operator: "="
-            scope: intrinsic
-            type: static
-          # duration: span wall-clock duration. Use with ">" operator
-          #   to find slow operations (e.g., duration > 500ms).
-          - id: span-duration
-            tag: duration
-            operator: ">"
-            scope: intrinsic
-            type: static
-          # Phase 2: RPC tracing filters
-          - id: rpc-command
-            tag: command
-            operator: "="
-            scope: span
-            type: static
-          - id: rpc-status
-            tag: rpc_status
-            operator: "="
-            scope: span
-            type: dynamic
-          - id: rpc-role
-            tag: rpc_role
-            operator: "="
-            scope: span
-            type: dynamic

docker/telemetry/otel-collector-config.yaml

@@ -1,39 +0,0 @@
-# OpenTelemetry Collector configuration for xrpld development.
-#
-# Pipeline: OTLP receiver -> batch processor -> debug + Tempo.
-# xrpld sends traces via OTLP/HTTP to port 4318. The collector batches
-# them and forwards to Tempo via OTLP/gRPC on the Docker network. Tempo
-# is queryable via Grafana Explore using TraceQL.
-
-receivers:
-  otlp:
-    protocols:
-      grpc:
-        endpoint: 0.0.0.0:4317
-      http:
-        endpoint: 0.0.0.0:4318
-
-processors:
-  batch:
-    timeout: 1s
-    send_batch_size: 100
-
-exporters:
-  debug:
-    verbosity: detailed
-  otlp/tempo:
-    endpoint: tempo:4317
-    tls:
-      insecure: true
-
-extensions:
-  health_check:
-    endpoint: 0.0.0.0:13133
-
-service:
-  extensions: [health_check]
-  pipelines:
-    traces:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [debug, otlp/tempo]

docker/telemetry/tempo.yaml

@@ -1,61 +0,0 @@
-# Grafana Tempo configuration for xrpld telemetry stack.
-#
-# Runs in single-binary mode for local development.
-# Receives traces via OTLP/gRPC from the OTel Collector and stores
-# them locally. Queryable via Grafana Explore using the Tempo datasource.
-#
-# Search filters are configured on the Grafana datasource side
-# (grafana/provisioning/datasources/tempo.yaml). Tempo auto-indexes
-# all span attributes for search in single-binary mode.
-#
-# For production, replace local storage with S3/GCS backend and adjust
-# retention via the compactor settings. See:
-# https://grafana.com/docs/tempo/latest/configuration/
-
-stream_over_http_enabled: true
-
-server:
-  http_listen_port: 3200
-
-distributor:
-  receivers:
-    otlp:
-      protocols:
-        grpc:
-          endpoint: 0.0.0.0:4317
-
-ingester:
-  max_block_duration: 5m
-
-compactor:
-  compaction:
-    block_retention: 1h
-
-# Enable metrics generator for service graph and span metrics.
-# Produces RED metrics (rate, errors, duration) per service/span,
-# feeding Grafana's service map visualization.
-metrics_generator:
-  registry:
-    external_labels:
-      source: tempo
-  storage:
-    path: /var/tempo/generator/wal
-    # Uncomment and add a Prometheus service to docker-compose.yml
-    # to enable remote_write for service graph metrics:
-    # remote_write:
-    #   - url: http://prometheus:9090/api/v1/write
-
-overrides:
-  defaults:
-    metrics_generator:
-      processors:
-        - service-graphs
-        - span-metrics
-
-storage:
-  trace:
-    backend: local
-    wal:
-      path: /var/tempo/wal
-    local:
-      path: /var/tempo/blocks

docs/build/telemetry.md

@@ -1,299 +0,0 @@
-# OpenTelemetry Tracing for xrpld
-
-This document explains how to build xrpld with OpenTelemetry distributed tracing support, configure the runtime telemetry options, and set up the observability backend to view traces.
-
-- [OpenTelemetry Tracing for xrpld](#opentelemetry-tracing-for-xrpld)
-  - [Overview](#overview)
-  - [Building with Telemetry](#building-with-telemetry)
-    - [Summary](#summary)
-    - [Build steps](#build-steps)
-      - [Install dependencies](#install-dependencies)
-      - [Call CMake](#call-cmake)
-      - [Build](#build)
-    - [Building without telemetry](#building-without-telemetry)
-  - [Runtime Configuration](#runtime-configuration)
-    - [Configuration options](#configuration-options)
-  - [Observability Stack](#observability-stack)
-    - [Start the stack](#start-the-stack)
-    - [Verify the stack](#verify-the-stack)
-    - [View traces in Grafana Explore](#view-traces-in-grafana-explore)
-  - [Running Tests](#running-tests)
-  - [Troubleshooting](#troubleshooting)
-    - [No traces appear in Grafana](#no-traces-appear-in-grafana)
-    - [Conan lockfile error](#conan-lockfile-error)
-    - [CMake target not found](#cmake-target-not-found)
-  - [Architecture](#architecture)
-    - [Key files](#key-files)
-    - [Conditional compilation](#conditional-compilation)
-
-## Overview
-
-xrpld supports optional [OpenTelemetry](https://opentelemetry.io/) distributed tracing.
-When enabled, it instruments RPC requests with trace spans that are exported via
-OTLP/HTTP to an OpenTelemetry Collector, which forwards them to a tracing backend
-such as Grafana Tempo.
-
-Telemetry is **off by default** at both compile time and runtime:
-
-- **Compile time**: The Conan option `telemetry` and CMake option `telemetry` must be set to `True`/`ON`.
-  When disabled, all `SpanGuard` calls compile to inline no-ops (defined in `SpanGuard.h`)
-  with zero overhead — no OTel SDK dependency required.
-- **Runtime**: The `[telemetry]` config section must set `enabled=1`.
-  When disabled at runtime, a no-op implementation is used.
-
-## Building with Telemetry
-
-### Summary
-
-Follow the same instructions as mentioned in [BUILD.md](../../BUILD.md) but with the following changes:
-
-1. Pass `-o telemetry=True` to `conan install` to pull the `opentelemetry-cpp` dependency.
-2. CMake will automatically pick up `telemetry=ON` from the Conan-generated toolchain.
-3. Build as usual.
-
----
-
-### Build steps
-
-```bash
-cd /path/to/xrpld
-rm -rf .build
-mkdir .build
-cd .build
-```
-
-#### Install dependencies
-
-The `telemetry` option adds `opentelemetry-cpp/1.26.0` as a dependency.
-If the Conan lockfile does not yet include this package, bypass it with `--lockfile=""`.
-
-```bash
-conan install .. \
-    --output-folder . \
-    --build missing \
-    --settings build_type=Debug \
-    -o telemetry=True \
-    -o tests=True \
-    -o xrpld=True \
-    --lockfile=""
-```
-
-> **Note**: The first build with telemetry may take longer as `opentelemetry-cpp`
-> and its transitive dependencies are compiled from source.
-
-#### Call CMake
-
-The Conan-generated toolchain file sets `telemetry=ON` automatically.
-No additional CMake flags are needed beyond the standard ones.
-
-```bash
-cmake .. -G Ninja \
-    -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake \
-    -DCMAKE_BUILD_TYPE=Debug \
-    -Dtests=ON -Dxrpld=ON
-```
-
-You should see in the CMake output:
-
-```
--- OpenTelemetry tracing enabled
-```
-
-#### Build
-
-```bash
-cmake --build . --parallel $(nproc)
-```
-
-### Building without telemetry
-
-Omit the `-o telemetry=True` option (or pass `-o telemetry=False`).
-The `opentelemetry-cpp` dependency will not be downloaded,
-the `XRPL_ENABLE_TELEMETRY` preprocessor define will not be set,
-and all tracing macros will compile to no-ops.
-The resulting binary is identical to one built before telemetry support was added.
-
-## Runtime Configuration
-
-Add a `[telemetry]` section to your `xrpld.cfg` file:
-
-```ini
-[telemetry]
-enabled=1
-endpoint=http://localhost:4318/v1/traces
-sampling_ratio=1.0
-trace_rpc=1
-trace_transactions=1
-trace_consensus=1
-trace_peer=0
-trace_ledger=1
-```
-
-### Configuration options
-
-| Option                | Type   | Default                           | Description                                        |
-| --------------------- | ------ | --------------------------------- | -------------------------------------------------- |
-| `enabled`             | int    | `0`                               | Enable (`1`) or disable (`0`) telemetry at runtime |
-| `service_name`        | string | `xrpld`                           | Service name reported in traces                    |
-| `service_instance_id` | string | node public key                   | Unique instance identifier                         |
-| `endpoint`            | string | `http://localhost:4318/v1/traces` | OTLP/HTTP collector endpoint                       |
-| `use_tls`             | int    | `0`                               | Enable TLS for the exporter connection             |
-| `tls_ca_cert`         | string | (empty)                           | Path to CA certificate for TLS                     |
-| `sampling_ratio`      | double | `1.0`                             | Head-based sampling ratio (`0.0` to `1.0`)         |
-| `batch_size`          | uint32 | `512`                             | Maximum spans per export batch                     |
-| `batch_delay_ms`      | uint32 | `5000`                            | Maximum delay (ms) before flushing a batch         |
-| `max_queue_size`      | uint32 | `2048`                            | Maximum spans queued in memory                     |
-| `trace_rpc`           | int    | `1`                               | Enable RPC request tracing                         |
-| `trace_transactions`  | int    | `1`                               | Enable transaction lifecycle tracing               |
-| `trace_consensus`     | int    | `1`                               | Enable consensus round tracing                     |
-| `trace_peer`          | int    | `0`                               | Enable peer message tracing (high volume)          |
-| `trace_ledger`        | int    | `1`                               | Enable ledger close tracing                        |
-
-## Observability Stack
-
-A Docker Compose stack is provided in `docker/telemetry/` with three services:
-
-| Service            | Port                                           | Purpose                                             |
-| ------------------ | ---------------------------------------------- | --------------------------------------------------- |
-| **OTel Collector** | `4317` (gRPC), `4318` (HTTP), `13133` (health) | Receives OTLP spans, batches, and forwards to Tempo |
-| **Tempo**          | `3200` (HTTP API)                              | Trace storage backend                               |
-| **Grafana**        | `3000`                                         | Dashboards (Tempo pre-configured as datasource)     |
-
-### Start the stack
-
-```bash
-docker compose -f docker/telemetry/docker-compose.yml up -d
-```
-
-### Verify the stack
-
-```bash
-# Collector health
-curl http://localhost:13133
-
-# Grafana (Explore -> Tempo for traces)
-open http://localhost:3000
-```
-
-### View traces in Grafana Explore
-
-1. Open `http://localhost:3000` in a browser.
-2. Navigate to **Explore** and select the **Tempo** datasource.
-3. Use **Search** or **TraceQL** to find traces by service name (e.g. `xrpld`).
-4. Click into any trace to see the span tree and attributes.
-
-Traced RPC operations produce a span hierarchy like:
-
-```
-rpc.request
-  └── rpc.command.server_info  (command=server_info, rpc_status=success)
-```
-
-Each span includes attributes:
-
-- `command` — the RPC method name
-- `version` — API version
-- `rpc_role` — `admin` or `user`
-- `rpc_status` — `success` or `error`
-
-## Running Tests
-
-Unit tests run with the telemetry-enabled build regardless of whether the
-observability stack is running. When no collector is available, the exporter
-silently drops spans with no impact on test results.
-
-```bash
-# Run all RPC tests
-./xrpld --unittest=RPCCall,ServerInfo,AccountTx,LedgerRPC,Transaction --unittest-jobs $(nproc)
-
-# Run the full test suite
-./xrpld --unittest --unittest-jobs $(nproc)
-```
-
-To generate traces during manual testing, start xrpld in standalone mode:
-
-```bash
-./xrpld --conf /path/to/xrpld.cfg --standalone --start
-```
-
-Then send RPC requests:
-
-```bash
-curl -s -X POST http://127.0.0.1:5005/ \
-    -H "Content-Type: application/json" \
-    -d '{"method":"server_info","params":[{}]}'
-```
-
-## Troubleshooting
-
-### No traces appear in Grafana
-
-1. Confirm the OTel Collector is running: `docker compose -f docker/telemetry/docker-compose.yml ps`
-2. Check collector logs for errors: `docker compose -f docker/telemetry/docker-compose.yml logs otel-collector`
-3. Confirm `[telemetry] enabled=1` is set in the xrpld config.
-4. Confirm `endpoint` points to the correct collector address (`http://localhost:4318/v1/traces`).
-5. Wait for the batch delay to elapse (default `5000` ms) before checking Grafana Explore.
-
-### Conan lockfile error
-
-If you see `ERROR: Requirement 'opentelemetry-cpp/1.26.0' not in lockfile 'requires'`,
-the lockfile was generated without the telemetry dependency.
-Pass `--lockfile=""` to bypass the lockfile, or regenerate it with telemetry enabled.
-
-### CMake target not found
-
-If CMake reports that `opentelemetry-cpp` targets are not found,
-ensure you ran `conan install` with `-o telemetry=True` and that the
-Conan-generated toolchain file is being used.
-The Conan package provides a single umbrella target
-`opentelemetry-cpp::opentelemetry-cpp` (not individual component targets).
-
-## Architecture
-
-### Key files
-
-| File                                          | Purpose                                                      |
-| --------------------------------------------- | ------------------------------------------------------------ |
-| `include/xrpl/telemetry/Telemetry.h`          | Abstract telemetry interface and `Setup` struct              |
-| `include/xrpl/telemetry/SpanGuard.h`          | RAII span guard with `discard()` for dropping unwanted spans |
-| `include/xrpl/telemetry/DiscardFlag.h`        | Thread-local discard flag (zero-dependency header)           |
-| `src/libxrpl/telemetry/Telemetry.cpp`         | OTel SDK setup, `FilteringSpanProcessor`, provider lifecycle |
-| `src/libxrpl/telemetry/TelemetryConfig.cpp`   | Config parser (`setupTelemetry()`)                           |
-| `src/libxrpl/telemetry/NullTelemetry.cpp`     | No-op implementation (used when disabled)                    |
-| `src/libxrpl/telemetry/SpanGuard.cpp`         | Pimpl implementation for SpanGuard (all OTel types confined) |
-| `src/xrpld/rpc/detail/ServerHandler.cpp`      | RPC entry point instrumentation                              |
-| `src/xrpld/rpc/detail/RPCHandler.cpp`         | Per-command instrumentation                                  |
-| `docker/telemetry/docker-compose.yml`         | Observability stack (Collector + Tempo + Grafana)            |
-| `docker/telemetry/otel-collector-config.yaml` | OTel Collector pipeline configuration                        |
-
-### Span discard mechanism
-
-`SpanGuard::discard()` allows callers to silently drop spans that turn out to be
-uninteresting (e.g., failed preflight transactions). This saves both network bandwidth
-and storage by preventing the span from being exported.
-
-The mechanism uses a thread-local flag (`tl_discardCurrentSpan` in `DiscardFlag.h`) as a
-side-channel to the `FilteringSpanProcessor` (in `Telemetry.cpp`):
-
-1. `SpanGuard::discard()` sets the thread-local flag and calls `Span::End()`
-2. The OTel SDK calls `FilteringSpanProcessor::OnEnd()` synchronously on the same thread
-3. The processor checks the flag, clears it, and drops the span before it enters the batch queue
-
-```cpp
-SpanGuard guard(telemetry.startSpan("tx.process"));
-auto result = preflight(tx);
-if (result != tesSUCCESS)
-{
-    guard.discard();  // span is dropped, never exported
-    return result;
-}
-```
-
-### Conditional compilation
-
-All OpenTelemetry SDK types are hidden behind the pimpl idiom in `SpanGuard.cpp`.
-When `XRPL_ENABLE_TELEMETRY` is not defined, `SpanGuard.h` provides an all-inline
-no-op stub class with zero overhead and zero OTel dependencies.
-At runtime, if `enabled=0` is set in config (or the section is omitted), a
-`NullTelemetry` implementation is used that returns no-op spans.
-This two-layer approach ensures zero overhead when telemetry is not wanted.

flake.lock

@@ -15,7 +15,7 @@
         "type": "indirect"
       }
     },
-    "nixpkgs-custom-glibc": {
+    "nixpkgs-glibc231": {
       "flake": false,
       "locked": {
         "lastModified": 1593520194,
@@ -35,7 +35,7 @@
     "root": {
       "inputs": {
         "nixpkgs": "nixpkgs",
-        "nixpkgs-custom-glibc": "nixpkgs-custom-glibc"
+        "nixpkgs-glibc231": "nixpkgs-glibc231"
       }
     }
   },

flake.nix

@@ -6,16 +6,16 @@
     # version — matches the system libc on Ubuntu 20.04 LTS. Imported
     # manually (flake = false) because this revision predates nixpkgs'
     # own flake.nix.
-    nixpkgs-custom-glibc = {
+    nixpkgs-glibc231 = {
       url = "github:NixOS/nixpkgs/9cd98386a38891d1074fc18036b842dc4416f562";
       flake = false;
     };
   };
 
   outputs =
-    { nixpkgs, nixpkgs-custom-glibc, ... }:
+    { nixpkgs, nixpkgs-glibc231, ... }:
     let
-      forEachSystem = import ./nix/utils.nix { inherit nixpkgs nixpkgs-custom-glibc; };
+      forEachSystem = import ./nix/utils.nix { inherit nixpkgs nixpkgs-glibc231; };
     in
     {
       devShells = forEachSystem (import ./nix/devshell.nix);

include/xrpl/basics/Archive.h.ai.json

@@ -0,0 +1,32 @@
+{
+  "args": [
+    {
+      "lineno": 13,
+      "name": "src"
+    },
+    {
+      "lineno": 13,
+      "name": "dst"
+    }
+  ],
+  "classes": [],
+  "description": "Header file declaring a function to extract a tar archive compressed with lz4 using Boost Filesystem, within the xrpl namespace.",
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/Archive.h",
+  "functions": [
+    {
+      "args": [
+        "src",
+        "dst"
+      ],
+      "lineno": 13,
+      "name": "extractTarLz4"
+    }
+  ],
+  "language": "c header",
+  "namespaces": [
+    {
+      "lineno": 4,
+      "name": "xrpl"
+    }
+  ]
+}

include/xrpl/basics/Archive.h.ai.md

@@ -0,0 +1,31 @@
+# `Archive.h` — Tar/LZ4 Archive Extraction
+
+This header declares a single utility function within the `xrpl` namespace: `extractTarLz4`. Its purpose is narrowly scoped — providing the XRPL node software with the ability to unpack `.tar.lz4` archives to a target directory at runtime. The most natural use case is ledger database bootstrapping, where a node downloads a pre-built snapshot of the ledger state rather than replaying the entire transaction history from genesis.
+
+## The Interface
+
+```cpp
+void extractTarLz4(
+    boost::filesystem::path const& src,
+    boost::filesystem::path const& dst);
+```
+
+Both parameters are `boost::filesystem::path` rather than `std::string` or `std::filesystem::path`. This is consistent with the broader `xrpl/basics` module (see `FileUtilities.h`), which predates C++17's standard filesystem library and relies on Boost.Filesystem throughout. The function throws `std::runtime_error` on any failure — there is no return value to check or error code to inspect.
+
+## Implementation Design
+
+The implementation in `Archive.cpp` delegates all archive I/O to **libarchive**, a portable C library (`<archive.h>`, `<archive_entry.h>`). This is a deliberate choice over rolling a custom tar/lz4 parser: libarchive handles format detection, streaming decompression, and sparse file support in a well-tested, security-audited way.
+
+Resource management for the two libarchive handles — a reader (`ar`) and a disk writer (`aw`) — is handled via `std::unique_ptr` with custom deleters that call `archive_read_free` and `archive_write_free` respectively. This is the only safe pattern here: libarchive resources must be released even when intermediate steps throw, and wrapping them in `unique_ptr` ensures cleanup happens automatically as the stack unwinds.
+
+The reader is configured explicitly for the tar format and the lz4 filter (rather than using libarchive's auto-detection). This prevents the function from silently accepting other archive formats, keeping the interface contract tight. The file is opened with a 10240-byte block size, which matches the canonical recommendation in libarchive documentation.
+
+The disk writer is configured with `ARCHIVE_EXTRACT_TIME | ARCHIVE_EXTRACT_PERM | ARCHIVE_EXTRACT_ACL | ARCHIVE_EXTRACT_FFLAGS`, meaning extracted files faithfully preserve timestamps, permissions, access control lists, and BSD file flags from the archive. For a snapshot intended to be a drop-in replacement for a live ledger database directory, this fidelity matters: the consuming software may rely on mtime or permission bits being intact.
+
+A non-obvious detail is the pathname rewriting on line 65: before writing each entry to disk, the function prepends `dst` to the entry's stored path using Boost.Filesystem's `/` operator. This is what places all extracted content under `dst` rather than at absolute paths embedded in the archive, and it prevents path traversal issues where a maliciously constructed archive might attempt to write files outside the intended directory tree.
+
+## Error Handling
+
+All errors are surfaced through `xrpl::Throw<std::runtime_error>`, defined in `contract.h`. Unlike a raw `throw`, `Throw` first calls `LogThrow` to capture a stack trace before the exception propagates. This means extraction failures produce actionable diagnostics in the node's log — important for diagnosing corrupted snapshots or filesystem problems during a bootstrap operation that might otherwise appear as a silent crash.
+
+The function validates `src` is a regular file (not a directory or symlink) before opening it, providing a clear early error rather than letting libarchive fail with a less informative message.

include/xrpl/basics/BasicConfig.h.ai.json

@@ -0,0 +1,324 @@
+{
+  "args": [
+    {
+      "lineno": 15,
+      "name": "name"
+    },
+    {
+      "lineno": 0,
+      "name": "src"
+    },
+    {
+      "lineno": 0,
+      "name": "dst"
+    },
+    {
+      "lineno": 45,
+      "name": "value"
+    },
+    {
+      "lineno": 66,
+      "name": "key"
+    },
+    {
+      "lineno": 72,
+      "name": "lines"
+    },
+    {
+      "lineno": 78,
+      "name": "line"
+    },
+    {
+      "lineno": 94,
+      "name": "other"
+    },
+    {
+      "lineno": 156,
+      "name": "section"
+    },
+    {
+      "lineno": 193,
+      "name": "sectionName"
+    },
+    {
+      "lineno": 211,
+      "name": "ifs"
+    },
+    {
+      "lineno": 220,
+      "name": "target"
+    },
+    {
+      "lineno": 235,
+      "name": "defaultValue"
+    },
+    {
+      "lineno": 272,
+      "name": "v"
+    }
+  ],
+  "classes": [
+    {
+      "args": [
+        "name"
+      ],
+      "lineno": 13,
+      "name": "Section"
+    },
+    {
+      "args": [],
+      "lineno": 140,
+      "name": "BasicConfig"
+    }
+  ],
+  "description": "Defines classes and utility functions for handling configuration sections and key/value pairs, including parsing, storing, and retrieving configuration data for the xrpl project.",
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/BasicConfig.h",
+  "functions": [
+    {
+      "args": [],
+      "lineno": 23,
+      "name": "Section::name"
+    },
+    {
+      "args": [],
+      "lineno": 30,
+      "name": "Section::lines"
+    },
+    {
+      "args": [],
+      "lineno": 37,
+      "name": "Section::values"
+    },
+    {
+      "args": [
+        "value"
+      ],
+      "lineno": 44,
+      "name": "Section::legacy"
+    },
+    {
+      "args": [],
+      "lineno": 53,
+      "name": "Section::legacy"
+    },
+    {
+      "args": [
+        "key",
+        "value"
+      ],
+      "lineno": 65,
+      "name": "Section::set"
+    },
+    {
+      "args": [
+        "lines"
+      ],
+      "lineno": 71,
+      "name": "Section::append"
+    },
+    {
+      "args": [
+        "line"
+      ],
+      "lineno": 77,
+      "name": "Section::append"
+    },
+    {
+      "args": [
+        "name"
+      ],
+      "lineno": 82,
+      "name": "Section::exists"
+    },
+    {
+      "args": [
+        "name"
+      ],
+      "lineno": 85,
+      "name": "Section::get"
+    },
+    {
+      "args": [
+        "name",
+        "other"
+      ],
+      "lineno": 93,
+      "name": "Section::value_or"
+    },
+    {
+      "args": [],
+      "lineno": 101,
+      "name": "Section::had_trailing_comments"
+    },
+    {
+      "args": [],
+      "lineno": 110,
+      "name": "Section::empty"
+    },
+    {
+      "args": [],
+      "lineno": 115,
+      "name": "Section::size"
+    },
+    {
+      "args": [],
+      "lineno": 120,
+      "name": "Section::begin"
+    },
+    {
+      "args": [],
+      "lineno": 125,
+      "name": "Section::cbegin"
+    },
+    {
+      "args": [],
+      "lineno": 130,
+      "name": "Section::end"
+    },
+    {
+      "args": [],
+      "lineno": 135,
+      "name": "Section::cend"
+    },
+    {
+      "args": [
+        "name"
+      ],
+      "lineno": 151,
+      "name": "BasicConfig::exists"
+    },
+    {
+      "args": [
+        "name"
+      ],
+      "lineno": 155,
+      "name": "BasicConfig::section"
+    },
+    {
+      "args": [
+        "name"
+      ],
+      "lineno": 158,
+      "name": "BasicConfig::section"
+    },
+    {
+      "args": [
+        "name"
+      ],
+      "lineno": 161,
+      "name": "BasicConfig::operator[]"
+    },
+    {
+      "args": [
+        "name"
+      ],
+      "lineno": 165,
+      "name": "BasicConfig::operator[]"
+    },
+    {
+      "args": [
+        "section",
+        "key",
+        "value"
+      ],
+      "lineno": 171,
+      "name": "BasicConfig::overwrite"
+    },
+    {
+      "args": [
+        "section"
+      ],
+      "lineno": 176,
+      "name": "BasicConfig::deprecatedClearSection"
+    },
+    {
+      "args": [
+        "section",
+        "value"
+      ],
+      "lineno": 183,
+      "name": "BasicConfig::legacy"
+    },
+    {
+      "args": [
+        "sectionName"
+      ],
+      "lineno": 192,
+      "name": "BasicConfig::legacy"
+    },
+    {
+      "args": [],
+      "lineno": 201,
+      "name": "BasicConfig::had_trailing_comments"
+    },
+    {
+      "args": [
+        "ifs"
+      ],
+      "lineno": 210,
+      "name": "BasicConfig::build"
+    },
+    {
+      "args": [
+        "target",
+        "name",
+        "section"
+      ],
+      "lineno": 219,
+      "name": "set"
+    },
+    {
+      "args": [
+        "target",
+        "defaultValue",
+        "name",
+        "section"
+      ],
+      "lineno": 234,
+      "name": "set"
+    },
+    {
+      "args": [
+        "section",
+        "name",
+        "defaultValue"
+      ],
+      "lineno": 247,
+      "name": "get"
+    },
+    {
+      "args": [
+        "section",
+        "name",
+        "defaultValue"
+      ],
+      "lineno": 260,
+      "name": "get"
+    },
+    {
+      "args": [
+        "section",
+        "name",
+        "v"
+      ],
+      "lineno": 271,
+      "name": "get_if_exists"
+    },
+    {
+      "args": [
+        "section",
+        "name",
+        "v"
+      ],
+      "lineno": 277,
+      "name": "get_if_exists<bool>"
+    }
+  ],
+  "language": "c header",
+  "namespaces": [
+    {
+      "lineno": 10,
+      "name": "xrpl"
+    }
+  ]
+}

include/xrpl/basics/BasicConfig.h.ai.md

@@ -0,0 +1,44 @@
+# `BasicConfig.h` — INI-Style Configuration Substrate
+
+`BasicConfig.h` defines the foundational data model for the XRPL node's configuration system. It sits at the bottom of a two-layer design: this file provides the in-memory representation and query interface for section-based configuration data, while the concrete `Config` class (in `src/xrpld/core/Config.h`) inherits from `BasicConfig` and adds filesystem loading, application-specific typed fields, and validator management. The header comment on `Config` explicitly labels that derived class as deprecated, signaling that `BasicConfig`'s style — decentralized, per-module parsing — is the intended long-term direction.
+
+## Data Model: Two Representations in One `Section`
+
+The `Section` class maintains three parallel containers for the same underlying config content:
+
+- `lookup_` — an `unordered_map<string, string>` for `key = value` pairs, used for named lookups
+- `values_` — a `vector<string>` of non-key-value lines (bare tokens like IP addresses or file paths)
+- `lines_` — a `vector<string>` containing every non-empty, non-comment line in canonical form
+
+This triple storage isn't redundancy — it reflects the two distinct ways config sections are used in practice. Sections like `[server]` contain key=value pairs consumed by name; sections like `[validators]` contain bare values (one per line) iterated as a list. The `lines()` accessor preserves insertion order, which matters for list-type sections where positional meaning exists.
+
+The `append()` method is where parsing happens. It applies a Boost regex matching `^key=value` to each incoming line. Lines that match go into `lookup_` via `set()`; non-matching lines go into `values_`. Both go into `lines_`. The same method also handles inline comment stripping: `#` characters are treated as comment delimiters unless escaped with `\`. The escape character is consumed when found (`val.erase(comment - 1, 1)`), allowing literal `#` characters in values. This detail is tracked via `had_trailing_comments_`, which bubbles up through `BasicConfig::had_trailing_comments()` via `std::any_of` — presumably to emit a deprecation warning to operators about ambiguous config syntax.
+
+## The "Legacy" Pattern
+
+Some older config sections hold a single freeform value rather than key-value pairs — for example `[node_db]` in its pre-structured form. The `legacy()` getter/setter pair accommodates this by treating the first entry of `lines_` as the canonical value. Reading a `Section` as legacy on a multi-line section intentionally throws `std::runtime_error` via `Throw<>()`, enforcing that this access path is only valid for single-line sections. This prevents silent misreads where code expecting one value silently gets only the first of many.
+
+`BasicConfig` also exposes `legacy()` at the aggregate level, forwarding to the named section's `legacy()`. This provides `config.legacy("section_name")` as a convenience for the many legacy callsites in `Config.cpp`.
+
+## `BasicConfig`: Container and Access Protocol
+
+`BasicConfig` holds an `unordered_map<string, Section>`, keyed by section name. The critical behavioral difference between the const and non-const `section()` overloads reflects a deliberate design choice:
+
+- Non-const `section()` calls `map_.emplace(name, name)` — it auto-creates an empty section on first access. This allows callers to unconditionally call `config["new_section"].set(...)` without precondition checks.
+- Const `section()` returns a reference to a `static Section const none("")` sentinel when the section doesn't exist. This avoids exceptions during read-only configuration queries and makes `operator[]` safe to call on a const `BasicConfig` even for absent sections.
+
+The `overwrite()` method is specifically for command-line argument injection, layering CLI-provided values over whatever the config file contains. `deprecatedClearSection()` (name signals intent) wipes a section's content by replacing its `Section` object wholesale — used historically to clear sections before reloading.
+
+The `build()` method is `protected`, not `public`. It consumes an `IniFileSections` (a `unordered_map<string, vector<string>>`), which is the raw pre-parsed form produced by `parseIniFile()` in `Config.cpp`. Subclasses call `build()` after obtaining this intermediate representation, keeping the file I/O and INI parsing out of `BasicConfig` itself.
+
+## Free Function Query Layer
+
+The file exports three sets of free functions designed for module-level configuration consumption:
+
+`set(target, name, section)` reads a named key, casts it via `boost::lexical_cast<T>`, and assigns to `target` only on success — leaving `target` unchanged on missing key or bad cast. The two-argument variant adds an explicit default value applied on failure. Both return `bool` indicating whether the config file actually specified the value, which is important for distinguishing "user set this to the default" from "user didn't set this."
+
+`get(section, name, defaultValue)` is a value-returning variant; it catches `bad_lexical_cast` and falls back to the default silently. An overload handles `char const*` defaults to avoid awkward template deduction with string literals.
+
+`get_if_exists<bool>` is explicitly specialized to read boolean config values as integers (`0` or `1`) rather than as the string tokens `"true"` or `"false"`. This matches the XRPL config file convention where booleans are expressed numerically, and avoids `lexical_cast<bool>` which in Boost accepts `"true"` but not `"1"` depending on locale.
+
+Together these three free functions provide a consistent, exception-safe pattern that modules throughout the codebase use to pull typed values from their respective config sections without having to handle parse failures individually.

include/xrpl/basics/Blob.h.ai.json

@@ -0,0 +1,14 @@
+{
+  "args": [],
+  "classes": [],
+  "description": "Defines a type alias 'Blob' for storing linear binary data as a vector of unsigned char within the xrpl namespace.",
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/Blob.h",
+  "functions": [],
+  "language": "c header",
+  "namespaces": [
+    {
+      "lineno": 4,
+      "name": "xrpl"
+    }
+  ]
+}

include/xrpl/basics/Blob.h.ai.md

@@ -0,0 +1,17 @@
+# `include/xrpl/basics/Blob.h`
+
+`Blob.h` introduces a single named type alias used throughout the XRPL codebase for owning, mutable binary data:
+
+```cpp
+using Blob = std::vector<unsigned char>;
+```
+
+Its role is to give raw byte sequences a meaningful, searchable name rather than leaving `std::vector<unsigned char>` scattered as an anonymous type across the protocol and serialization layers. `Blob` appears as the internal storage buffer inside `Serializer` (`mData`), as the return type of serialization helpers, and in `StringUtilities` for hex encoding and SQL blob literals.
+
+`Blob` sits at one corner of the three-type binary data model in `xrpl::basics`:
+
+- **`Blob`** (`std::vector<unsigned char>`) — mutable, dynamically resizable, owns its memory. The right choice when data is built up incrementally, as in `Serializer`.
+- **`Buffer`** — fixed-size block allocated with `unique_ptr<uint8_t[]>`, no capacity overhead, suitable when size is known upfront and resizing is not required.
+- **`Slice`** — a non-owning, read-only `(pointer, length)` view. Cheap to copy and pass; `makeSlice()` factory overloads accept both `Blob` and `Buffer` seamlessly.
+
+The choice of `unsigned char` rather than `char` is deliberate: it avoids signed/unsigned arithmetic warnings when working with raw binary values and aligns with the `uint8_t` element type used by `Slice` and `Buffer`. Because `Blob` is simply a `std::vector`, callers get the full standard iterator interface, `push_back`, `resize`, and range-insert without any additional wrapper API.

include/xrpl/basics/Buffer.h.ai.json

@@ -0,0 +1,42 @@
+{
+  "args": [],
+  "classes": [
+    {
+      "args": [
+        "size",
+        "data",
+        "other",
+        "s"
+      ],
+      "lineno": 10,
+      "name": "Buffer"
+    }
+  ],
+  "description": "Defines a Buffer class for managing dynamic byte arrays, similar to std::vector<char> but optimized for use as a BufferFactory, including copy/move semantics, assignment from slices, and comparison operators.",
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/Buffer.h",
+  "functions": [
+    {
+      "args": [
+        "lhs",
+        "rhs"
+      ],
+      "lineno": 120,
+      "name": "operator=="
+    },
+    {
+      "args": [
+        "lhs",
+        "rhs"
+      ],
+      "lineno": 130,
+      "name": "operator!="
+    }
+  ],
+  "language": "c header",
+  "namespaces": [
+    {
+      "lineno": 7,
+      "name": "xrpl"
+    }
+  ]
+}

include/xrpl/basics/Buffer.h.ai.md

@@ -0,0 +1,35 @@
+# `include/xrpl/basics/Buffer.h`
+
+## Role in the System
+
+`Buffer` is the XRPL codebase's canonical owning byte container. It occupies a distinct position alongside two other byte-handling types: `Slice`, which is a non-owning, immutable view into existing memory, and `Blob` (a typedef for `std::vector<unsigned char>`), which is a general-purpose growable sequence. `Buffer` fills the gap between these: it owns its memory exclusively, is mutable, but makes no provision for incremental growth. When you need to allocate a block of bytes, write into it once, and pass it around by move, `Buffer` is the right tool.
+
+The class also satisfies an informal `BufferFactory` concept used by compression utilities — a callable that accepts a size and returns a `void*` to writable memory. This dual role as both a container and an allocator-callback is the most distinctive design choice in the file.
+
+## Ownership and Internal Layout
+
+The backing store is a `std::unique_ptr<std::uint8_t[]>`, giving the class clear exclusive ownership with automatic deallocation. The invariant enforced throughout is that an empty buffer (`size_ == 0`) always holds a null pointer — never a zero-byte allocation. This is visible in the size constructor: `new std::uint8_t[size]` is called only when `size` is non-zero, and `alloc()` resets to `nullptr` if `n == 0`. The test suite verifies this invariant explicitly via its `sane()` helper, which asserts `data() == nullptr` iff `empty()`. Treating null as the canonical empty state avoids any ambiguity at the call site and makes zero-initialization checks safe without checking both pointer and size.
+
+## The `alloc()` Pattern — Discard, Don't Resize
+
+The central API difference from `std::vector` is `alloc(std::size_t n)`, which reallocates the buffer to exactly `n` bytes and discards any existing content. Unlike `vector::resize()`, there is no attempt to preserve data. This is intentional: the primary workload for `Buffer` is receiving output from operations like decompression, where the caller pre-computes the required size and wants a fresh block to write into. Reallocation is skipped entirely if the requested size equals the current size, avoiding a pointless free/alloc cycle when the same `Buffer` is reused across calls of equal output length.
+
+The `operator()(std::size_t n)` overload simply delegates to `alloc()` and returns a `void*`, satisfying the `BufferFactory` concept expected by `lz4Compress` in `CompressionAlgorithms.h`. That template function calls `bf(outCapacity)` to obtain the destination buffer — passing a `Buffer` object directly fills both roles (allocation and storage) in a single object.
+
+## Slice Integration
+
+`Buffer` is tightly coupled to `Slice`. It provides an implicit conversion `operator Slice() const noexcept`, so any `Buffer` can be passed wherever a `Slice` is expected without an explicit cast. The reverse — constructing a `Buffer` from a `Slice` — is marked `explicit`, preventing accidental copies of view-only data.
+
+The `operator=(Slice)` assignment requires particular attention: before copying, it checks via `XRPL_ASSERT` that the source slice does not overlap with the `Buffer`'s own storage. The danger is that `alloc()` frees the old memory first, and if the incoming `Slice` pointed into that memory, the subsequent `memcpy` would be a use-after-free. The assertion guards against this specific self-overlapping scenario. Note that `operator=(Buffer const&)` uses a different path through `alloc()` + `memcpy`, which naturally handles self-assignment because `alloc()` is a no-op when sizes match — the existing pointer is reused and then `memcpy`-d over itself (which is defined behavior for `memcpy` with identical source and destination).
+
+## Move Semantics
+
+Both move constructor and move assignment are `noexcept`, a static guarantee the test suite verifies with `static_assert`. This ensures `Buffer` can be held in standard containers like `std::vector` without triggering copies on reallocation. After a move, the source is left in a valid empty state: `p_` is null (via `unique_ptr` move semantics) and `size_` is explicitly reset to zero.
+
+## Comparison and Iteration
+
+Equality comparison is implemented as a free function using `std::memcmp` after a size check. The class exposes only `const_iterator` (raw `uint8_t const*` pointers), meaning range-for loops and standard algorithms can consume the buffer's contents read-only. Mutable iteration is available only through `data()`, keeping the interface honest about the distinction between reading and writing into the buffer.
+
+## Contrast with `Blob`
+
+`Blob` (`std::vector<unsigned char>`) is still used extensively in the codebase for cases where the byte sequence grows incrementally, such as serialization output. `Buffer` is preferred when the size is known upfront, ownership transfer by move is the primary operation, or the `BufferFactory` pattern is required — for example, storing the output of an LZ4 decompression call without needing the capacity/size distinction that `vector` maintains internally.

include/xrpl/basics/ByteUtilities.h.ai.json

@@ -0,0 +1,38 @@
+{
+  "args": [
+    {
+      "lineno": 6,
+      "name": "value"
+    },
+    {
+      "lineno": 13,
+      "name": "value"
+    }
+  ],
+  "classes": [],
+  "description": "Provides constexpr utility functions to convert values to kilobytes and megabytes within the xrpl namespace.",
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/ByteUtilities.h",
+  "functions": [
+    {
+      "args": [
+        "value"
+      ],
+      "lineno": 6,
+      "name": "kilobytes"
+    },
+    {
+      "args": [
+        "value"
+      ],
+      "lineno": 13,
+      "name": "megabytes"
+    }
+  ],
+  "language": "c header",
+  "namespaces": [
+    {
+      "lineno": 3,
+      "name": "xrpl"
+    }
+  ]
+}

include/xrpl/basics/ByteUtilities.h.ai.md

@@ -0,0 +1,26 @@
+# `ByteUtilities.h` — Compile-Time Byte-Size Helpers
+
+`ByteUtilities.h` is a minimal, header-only utility in `xrpl/basics` that provides two `constexpr` template functions — `kilobytes()` and `megabytes()` — for expressing byte-count constants in human-readable units at compile time. The file exists purely to eliminate magic numbers from sites that configure buffer sizes, memory limits, and slab allocator parameters throughout the XRPL codebase.
+
+## The Functions
+
+`kilobytes(value)` multiplies its argument by 1024. `megabytes(value)` composes that twice — it calls `kilobytes(kilobytes(value))` — which gives the correct factor of 1,048,576 (2²⁰) without any separate literal. Both functions are templated on `T`, so they work with any integral or arithmetic type and return the same type that the arithmetic produces, letting the caller's type context drive the result without an explicit cast. Both are `constexpr` and `noexcept`, meaning the computation happens entirely at compile time and has no runtime overhead whatsoever.
+
+The `static_assert` lines immediately below the definitions act as inline tests: they verify `kilobytes(2) == 2048` and `megabytes(3) == 3145728` during every compilation, preventing any silent regression if the implementation were ever accidentally changed.
+
+## Design Rationale
+
+The template design over a fixed `size_t` signature is deliberate. Call sites like `megabytes(std::size_t(60))` in `SHAMapItem.h` need to produce `std::size_t` results for slab allocator configuration, while other uses such as `megabytes(256)` in `RPCCall.cpp` are happy with `int`-width results for comparison. By letting `auto` return the natural result of the arithmetic, the functions avoid both unwanted narrowing conversions and unwanted widening that could paper over a type mismatch.
+
+The composition `kilobytes(kilobytes(value))` for megabytes is a small but telling choice: it reuses the already-tested primitive rather than independently writing `value * 1024 * 1024`, keeping the chain of trust short and making the relationship between units self-documenting.
+
+## Usage Across the Codebase
+
+The functions appear at exactly the kinds of boundaries where misreading a magnitude would have serious consequences:
+
+- **Overlay message cap**: `src/xrpld/overlay/Message.h` defines `constexpr std::size_t maximumMessageSize = megabytes(64)`, bounding the maximum peer-to-peer message size to 64 MiB.
+- **RPC reply limit**: `src/xrpld/rpc/detail/RPCCall.cpp` defines `constexpr auto RPC_REPLY_MAX_BYTES = megabytes(256)` to guard against unbounded JSON responses.
+- **Ledger and open-view buffers**: `include/xrpl/ledger/OpenView.h` and `include/xrpl/ledger/detail/RawStateTable.h` both set `initialBufferSize = kilobytes(256)` for their serialisation scratch buffers.
+- **ShaMap slab allocator**: `SHAMapItem.h` uses `megabytes()` to express the per-size-class allocation limits for the slab allocator pools (60 MB, 46 MB, etc.), and `TaggedPointer.ipp` uses `kilobytes(512)` for the slab block granularity.
+
+The consistent use of these helpers rather than raw literals means that anyone reading any of those files immediately understands the intended scale without mental arithmetic, and the compiler catches any integer overflow that a bare literal might hide at the point of definition.

include/xrpl/basics/CompressionAlgorithms.h.ai.json

@@ -0,0 +1,93 @@
+{
+  "args": [
+    {
+      "lineno": 18,
+      "name": "in"
+    },
+    {
+      "lineno": 18,
+      "name": "inSize"
+    },
+    {
+      "lineno": 18,
+      "name": "bf"
+    },
+    {
+      "lineno": 41,
+      "name": "in"
+    },
+    {
+      "lineno": 41,
+      "name": "inSizeUnchecked"
+    },
+    {
+      "lineno": 41,
+      "name": "decompressed"
+    },
+    {
+      "lineno": 41,
+      "name": "decompressedSizeUnchecked"
+    },
+    {
+      "lineno": 62,
+      "name": "in"
+    },
+    {
+      "lineno": 62,
+      "name": "inSize"
+    },
+    {
+      "lineno": 62,
+      "name": "decompressed"
+    },
+    {
+      "lineno": 62,
+      "name": "decompressedSize"
+    }
+  ],
+  "classes": [],
+  "description": "Provides LZ4 block compression and decompression utilities, including template and inline functions for compressing and decompressing data buffers and streams within the xrpl::compression_algorithms namespace.",
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/CompressionAlgorithms.h",
+  "functions": [
+    {
+      "args": [
+        "in",
+        "inSize",
+        "bf"
+      ],
+      "lineno": 18,
+      "name": "lz4Compress"
+    },
+    {
+      "args": [
+        "in",
+        "inSizeUnchecked",
+        "decompressed",
+        "decompressedSizeUnchecked"
+      ],
+      "lineno": 41,
+      "name": "lz4Decompress"
+    },
+    {
+      "args": [
+        "in",
+        "inSize",
+        "decompressed",
+        "decompressedSize"
+      ],
+      "lineno": 62,
+      "name": "lz4Decompress"
+    }
+  ],
+  "language": "c header",
+  "namespaces": [
+    {
+      "lineno": 9,
+      "name": "xrpl"
+    },
+    {
+      "lineno": 11,
+      "name": "compression_algorithms"
+    }
+  ]
+}

include/xrpl/basics/CompressionAlgorithms.h.ai.md

@@ -0,0 +1,53 @@
+# `CompressionAlgorithms.h` — LZ4 Block Compression Primitives
+
+This header lives in `include/xrpl/basics/` and provides the low-level LZ4 compression and decompression routines used by the XRPL peer overlay network. It sits one abstraction layer below `src/xrpld/overlay/Compression.h`, which adds algorithm-selection logic and error suppression on top of what this file exposes.
+
+## Architectural Role
+
+When XRPL nodes exchange P2P messages they can optionally compress the payload before transmission. The overlay layer negotiates compression during the connection handshake and then routes compressed messages through the functions defined here. `CompressionAlgorithms.h` isolates the raw LZ4 calls — the `int`-based C API hazards, buffer management, and stream chunking — from the policy-level decisions that live in `Compression.h`.
+
+The functions are entirely in the `xrpl::compression_algorithms` namespace. There are no classes, no state, no singletons — just three free functions.
+
+## `lz4Compress` — Template with BufferFactory
+
+```cpp
+template <typename BufferFactory>
+std::size_t lz4Compress(void const* in, std::size_t inSize, BufferFactory&& bf)
+```
+
+The design choice to accept a `BufferFactory` callable rather than returning a `std::vector` is deliberate and important. The caller knows its allocation context: in the overlay code it may be writing into a Protobuf `CodedOutputStream` region or a pooled buffer. The factory receives the worst-case compressed size from `LZ4_compressBound` and returns a raw pointer; the template accepts any callable that satisfies this contract without virtual dispatch overhead.
+
+The sole pre-condition check guards against input larger than `UINT32_MAX`. LZ4's block API uses `int` internally, so exceeding that limit would silently truncate the size argument. The function throws via `Throw<std::runtime_error>`, which logs a call stack through `contract.h` before throwing — consistent with XRPL's "crash loudly with context" philosophy for invariant violations.
+
+## `lz4Decompress` — Raw Buffer Overload
+
+```cpp
+inline std::size_t lz4Decompress(
+    std::uint8_t const* in, std::size_t inSizeUnchecked,
+    std::uint8_t* decompressed, std::size_t decompressedSizeUnchecked)
+```
+
+The `Unchecked` naming in the parameters is the code's way of signalling that the `size_t` → `int` narrowing has not yet been validated. The function immediately casts both sizes to `int` and checks for `<= 0`. This catches two distinct failure modes: a genuinely zero-length buffer, and a `size_t` value large enough that the narrowing wrap produces a non-positive `int`. Separating these checks with distinct error messages makes debugging easier.
+
+`LZ4_decompress_safe` is used rather than the faster `LZ4_decompress_fast`. The safe variant takes the output buffer capacity as a bound and will not write past it even if the compressed data is malformed — essential when the input arrives from an untrusted peer on the network.
+
+The function enforces an exact-size postcondition: if `LZ4_decompress_safe` returns anything other than the expected `decompressedSize` it throws. This reflects the fact that, in the overlay protocol, the original message size is transmitted in the message header; any mismatch means either corruption or a peer bug.
+
+## `lz4Decompress` — Streaming ZeroCopyInputStream Overload
+
+```cpp
+template <typename InputStream>
+std::size_t lz4Decompress(
+    InputStream& in, std::size_t inSize,
+    std::uint8_t* decompressed, std::size_t decompressedSize)
+```
+
+This overload works with Protobuf-style `ZeroCopyInputStream` objects that expose data as a series of chunks rather than a single contiguous buffer. The key optimization is the fast path: if the very first chunk returned by `in.Next()` is at least `inSize` bytes long, the function uses that chunk's pointer directly and avoids any allocation. In practice, compressed P2P messages typically arrive in a single TCP read buffer, so this path is taken most of the time.
+
+When the data spans multiple chunks, the function lazily allocates a `std::vector<std::uint8_t>` of exactly `inSize` bytes (note the `compressed.resize(inSize)` is only reached on the second iteration) and copies chunks into it until the full compressed message is assembled. After reading, any bytes that were consumed from the stream beyond `inSize` are returned via `in.BackUp()`, preserving the stream cursor for the next message in the framing protocol.
+
+The final validation before delegating to the raw overload checks that the amount actually read matches what was requested. This guards against a stream that ends early — e.g., a truncated TCP connection or a framing bug where the declared size doesn't match the available data.
+
+## Relationship to `Compression.h`
+
+The overlay's `Compression.h` wraps these two functions inside `compress()` and `decompress()` functions that add an `Algorithm` enum parameter (currently `Algorithm::LZ4 = 0x90` or `Algorithm::None`). Those wrappers catch all exceptions from the functions here and return `0` on failure, converting the throw-on-error contract into a return-zero-on-error contract. The distinction is intentional: the raw primitives throw so that callers who want structured error handling can use them; the overlay wrapper normalises failures to a `0` return value to simplify the state machine in the peer message processing loop.

include/xrpl/basics/CountedObject.h.ai.json

@@ -0,0 +1,88 @@
+{
+  "args": [
+    {
+      "lineno": 23,
+      "name": "name"
+    },
+    {
+      "lineno": 16,
+      "name": "minimumThreshold"
+    },
+    {
+      "lineno": 65,
+      "name": "Object"
+    }
+  ],
+  "classes": [
+    {
+      "args": [],
+      "lineno": 7,
+      "name": "CountedObjects"
+    },
+    {
+      "args": [
+        "name"
+      ],
+      "lineno": 22,
+      "name": "Counter"
+    },
+    {
+      "args": [],
+      "lineno": 65,
+      "name": "CountedObject"
+    }
+  ],
+  "description": "Provides a mechanism to count and report the number of instances of various object types at runtime, using a lock-free linked list and atomic counters. Includes a base class for automatic instance counting.",
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/CountedObject.h",
+  "functions": [
+    {
+      "args": [],
+      "lineno": 10,
+      "name": "getInstance"
+    },
+    {
+      "args": [
+        "minimumThreshold"
+      ],
+      "lineno": 16,
+      "name": "getCounts"
+    },
+    {
+      "args": [],
+      "lineno": 36,
+      "name": "increment"
+    },
+    {
+      "args": [],
+      "lineno": 41,
+      "name": "decrement"
+    },
+    {
+      "args": [],
+      "lineno": 46,
+      "name": "getCount"
+    },
+    {
+      "args": [],
+      "lineno": 51,
+      "name": "getNext"
+    },
+    {
+      "args": [],
+      "lineno": 56,
+      "name": "getName"
+    },
+    {
+      "args": [],
+      "lineno": 71,
+      "name": "getCounter"
+    }
+  ],
+  "language": "c header",
+  "namespaces": [
+    {
+      "lineno": 6,
+      "name": "xrpl"
+    }
+  ]
+}

include/xrpl/basics/CountedObject.h.ai.md

@@ -0,0 +1,55 @@
+# `include/xrpl/basics/CountedObject.h`
+
+## Purpose
+
+This header provides a zero-per-instance-overhead mechanism for counting live objects of any given type throughout the rippled process lifetime. It exists for operational diagnostics: the `get_counts` admin RPC command interrogates `CountedObjects` to report how many instances of each tracked type are currently alive, helping operators identify memory growth, cache saturation, or unexpected object accumulation.
+
+## Design Pattern — CRTP Instance Counting
+
+The design uses the Curiously Recurring Template Pattern (CRTP). A class opts into counting by inheriting `CountedObject<Derived>`:
+
+```cpp
+class SHAMapItem : public CountedObject<SHAMapItem> { ... };
+class NodeObject  : public CountedObject<NodeObject>  { ... };
+class Job         : public CountedObject<Job>         { ... };
+```
+
+Across the codebase, roughly two dozen types follow this pattern — `STPathElement`, `STPath`, `InfoSub`, `HashRouter::Entry`, `Book`, `CanonicalTXSet`, and many more. Adding the base class is the entire integration cost; no other instrumentation is required.
+
+The key insight that makes this zero-per-instance overhead is that `CountedObject<T>::getCounter()` returns a **function-local static** `Counter` object — one per template instantiation, not one per live instance. The only per-instance cost is two atomic increments (constructor and destructor) touching a shared counter.
+
+## Three-Layer Architecture
+
+**`CountedObject<T>`** (template base class) — the public-facing layer. Its default constructor, copy constructor, and destructor call `getCounter().increment()` / `decrement()` respectively. The copy constructor is explicitly defined to increment because a copy produces a new live object; the assignment operator is `= default` because assigning between two existing objects doesn't change the total number of live instances. There is no explicit move constructor, so moves fall back to the copy constructor, which correctly increments for the new object while the source's destructor later decrements for the old one.
+
+**`CountedObjects::Counter`** (inner class) — the per-type bookkeeping node. Each `Counter` holds its type name (obtained via `beast::type_name<T>()`, which uses `typeid` plus GCC/Clang ABI demangling for a human-readable string), an `std::atomic<int>` live count, and a raw `Counter*` pointer to the next node in an intrusive singly-linked list.
+
+**`CountedObjects`** (singleton) — the global registry. It owns the head of the lock-free linked list and a count of registered counter types.
+
+## Lock-Free Registration
+
+`Counter` objects self-register when they are first constructed — which happens at first use of any given type, during static initialization of `getCounter()`'s local static. Registration must be thread-safe without a mutex, because many types can be instantiated concurrently at startup:
+
+```cpp
+Counter* head = nullptr;
+do {
+    head = instance.m_head.load();
+    next_ = head;
+} while (instance.m_head.exchange(this) != head);
+```
+
+This is a classic CAS (compare-and-swap) insertion loop: load the current head, set `next_` to it, then atomically exchange the head with `this`. If the head changed between the load and the exchange, retry. Because `Counter` objects are permanent (static lifetime), they are never removed from the list, so traversal during `getCounts()` never encounters a dangling pointer regardless of whether other registrations are happening concurrently.
+
+## `getCounts()` and the Reporting Path
+
+`CountedObjects::getCounts(int minimumThreshold)` traverses the linked list and collects `(name, count)` pairs for any type whose live count is at or above the threshold. It pre-reserves the result vector using `m_count.load()` as a hint (the comment in the implementation acknowledges this can be temporarily under-counted under concurrency — it is only an optimization). The results are sorted alphabetically before return.
+
+The `get_counts` admin RPC handler (`GetCounts.cpp`) calls this with a configurable `min_count` (defaulting to 10) and serializes the results into a JSON object, mixing them with cache statistics, database sizes, write load, and uptime. Object counts appear as top-level keys named by the demangled C++ type.
+
+## Concurrency Properties
+
+All per-type counts use `std::atomic<int>` with default sequential consistency, so `increment()` and `decrement()` are safe from any thread. The linked-list head pointer `m_head` is also `std::atomic<Counter*>`. There are no mutexes anywhere in this file. The only non-atomic operation is reading `Counter::next_` during traversal in `getCounts()`, which is safe because `next_` is written exactly once at construction time and never modified thereafter.
+
+## Why Not Alternatives
+
+A virtual-function approach (e.g., a pure virtual `typeName()` method) would require each instance to carry a vtable pointer and would not trivially aggregate counts across all instances of the same type without additional infrastructure. A manual registry with `std::map` would need a mutex. The CRTP-plus-static-counter approach achieves type safety, automatic demangled names, lock-free operation, and zero per-instance storage — at the cost of slightly surprising copy/move semantics that operators must understand when subclassing.

include/xrpl/basics/DecayingSample.h.ai.json

@@ -0,0 +1,115 @@
+{
+  "args": [
+    {
+      "lineno": 18,
+      "name": "now"
+    },
+    {
+      "lineno": 26,
+      "name": "value"
+    },
+    {
+      "lineno": 26,
+      "name": "now"
+    },
+    {
+      "lineno": 34,
+      "name": "now"
+    },
+    {
+      "lineno": 41,
+      "name": "now"
+    },
+    {
+      "lineno": 61,
+      "name": "now"
+    },
+    {
+      "lineno": 74,
+      "name": "value"
+    },
+    {
+      "lineno": 74,
+      "name": "now"
+    },
+    {
+      "lineno": 79,
+      "name": "now"
+    },
+    {
+      "lineno": 86,
+      "name": "now"
+    }
+  ],
+  "classes": [
+    {
+      "args": [
+        "time_point now"
+      ],
+      "lineno": 10,
+      "name": "DecayingSample"
+    },
+    {
+      "args": [
+        "time_point now"
+      ],
+      "lineno": 61,
+      "name": "DecayWindow"
+    }
+  ],
+  "description": "Provides two template classes for sampling functions using exponential decay: DecayingSample (with a fixed window) and DecayWindow (with a half-life), useful for tracking decaying averages or statistics over time.",
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/DecayingSample.h",
+  "functions": [
+    {
+      "args": [
+        "value",
+        "now"
+      ],
+      "lineno": 26,
+      "name": "DecayingSample::add"
+    },
+    {
+      "args": [
+        "now"
+      ],
+      "lineno": 34,
+      "name": "DecayingSample::value"
+    },
+    {
+      "args": [
+        "now"
+      ],
+      "lineno": 41,
+      "name": "DecayingSample::decay"
+    },
+    {
+      "args": [
+        "value",
+        "now"
+      ],
+      "lineno": 74,
+      "name": "DecayWindow::add"
+    },
+    {
+      "args": [
+        "now"
+      ],
+      "lineno": 79,
+      "name": "DecayWindow::value"
+    },
+    {
+      "args": [
+        "now"
+      ],
+      "lineno": 86,
+      "name": "DecayWindow::decay"
+    }
+  ],
+  "language": "c header",
+  "namespaces": [
+    {
+      "lineno": 4,
+      "name": "xrpl"
+    }
+  ]
+}

include/xrpl/basics/DecayingSample.h.ai.md

@@ -0,0 +1,39 @@
+# `DecayingSample.h` — Exponential Decay Accumulators
+
+This header provides two small template classes that maintain a running accumulation of values that automatically decay over time. Both are used throughout the XRPL node to answer the question "how much activity has happened recently?" without needing to store timestamped histories — the decay does the windowing implicitly.
+
+## `DecayingSample<Window, Clock>`
+
+`DecayingSample` maintains an integer accumulator that decays by approximately `1/Window` of its current value each second, producing a rate estimate normalized over the window length. It drives the resource manager's per-peer charge tracking: `Entry.h` declares `local_balance` as `DecayingSample<decayWindowSeconds, clock_type>` where `decayWindowSeconds = 32` (a power of two, per a comment in `Tuning.h`, so the division can be optimized to a bit-shift by the compiler).
+
+The core decay step is deliberately integer arithmetic with ceiling division:
+
+```cpp
+m_value -= (m_value + Window - 1) / Window;
+```
+
+This subtracts at least 1 when `m_value` is positive, so the value cannot stall at a non-zero integer indefinitely — a safety property important for rate limiting. Adding `Window - 1` before dividing implements ceiling division, meaning the decay rounds up rather than down. The practical effect is the balance decays slightly faster than the mathematically ideal `m_value *= (1 - 1/Window)^elapsed`, which is a conservative choice for load balancing: erring toward under-charging rather than over-charging.
+
+The `decay()` fast-path cuts off long idle periods: if more than `4 * Window` seconds have elapsed since the last update (which would leave the value at less than ~2% of its original magnitude), `m_value` is simply zeroed. This prevents the per-second loop from iterating hundreds of times on a reconnecting peer.
+
+`add()` ages the accumulator first, then adds the new sample, and returns `m_value / Window` — the normalized balance representing average load per second across the window. `value()` does the same without adding anything. Both methods demand a `time_point now` from the caller rather than reading a clock themselves; this makes the class testable and clock-agnostic.
+
+## `DecayWindow<HalfLife, Clock>`
+
+`DecayWindow` takes a different approach: it stores a `double` and applies the mathematically exact exponential half-life formula:
+
+```cpp
+value_ *= std::pow(2.0, -elapsed / HalfLife);
+```
+
+After exactly `HalfLife` seconds of inactivity, the accumulated value halves. After two half-lives it quarters, and so on. Unlike `DecayingSample`, which loops through whole seconds, `DecayWindow` casts the elapsed duration to `duration<double>`, giving it sub-second precision — appropriate when the caller's clock has higher resolution or when calls are frequent.
+
+`InboundLedgers.cpp` uses this class as `DecayWindow<30, clock_type> fetchRate_` to measure the rate at which ledgers are being fetched from peers. Each fetch fires `fetchRate_.add(1, now)`. The `fetchRate()` accessor returns `60 * fetchRate_.value(now)`, converting the per-second average to a per-minute rate for reporting.
+
+The `static_assert(HalfLife > 0)` guards against a zero divisor in `std::pow`, which would produce undefined floating-point behavior.
+
+## Design Rationale: Two Classes Rather Than One
+
+The two classes reflect different use cases that have incompatible requirements. `DecayingSample` works with integer `value_type` (derived from the clock's duration representation), which matters for the resource manager where charges are counted in discrete units and the result feeds integer comparison thresholds. Integer arithmetic also avoids floating-point instability in tight loops. `DecayWindow` accepts `double` inputs and uses `std::pow`, accepting the floating-point cost in exchange for smooth decay curves and sub-second accuracy — the right tradeoff when measuring continuous rates rather than discrete charges.
+
+Neither class is thread-safe on its own; callers are responsible for synchronization. `InboundLedgersImp` wraps `fetchRate_` with `fetchRateMutex_`, and the resource `Entry` is similarly protected by the table's lock.

include/xrpl/basics/Expected.h.ai.json

@@ -0,0 +1,109 @@
+{
+  "args": [
+    {
+      "lineno": 29,
+      "name": "Impl"
+    },
+    {
+      "lineno": 36,
+      "name": "Impl"
+    },
+    {
+      "lineno": 43,
+      "name": "Impl"
+    },
+    {
+      "lineno": 53,
+      "name": "E"
+    },
+    {
+      "lineno": 80,
+      "name": "U"
+    },
+    {
+      "lineno": 87,
+      "name": "U"
+    },
+    {
+      "lineno": 128,
+      "name": "U"
+    }
+  ],
+  "classes": [
+    {
+      "args": [],
+      "lineno": 16,
+      "name": "bad_expected_access"
+    },
+    {
+      "args": [],
+      "lineno": 27,
+      "name": "throw_policy"
+    },
+    {
+      "args": [
+        "E const& e",
+        "E&& e"
+      ],
+      "lineno": 53,
+      "name": "Unexpected"
+    },
+    {
+      "args": [
+        "U&& r",
+        "Unexpected<U> e"
+      ],
+      "lineno": 77,
+      "name": "Expected"
+    },
+    {
+      "args": [
+        "Expected()",
+        "Unexpected<U> e"
+      ],
+      "lineno": 120,
+      "name": "Expected<void, E>"
+    }
+  ],
+  "description": "This file provides an approximation of std::expected (proposed for C++23) using boost::outcome_v2::result, including custom error handling and policies for expected/unexpected result types.",
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/Expected.h",
+  "functions": [
+    {
+      "args": [],
+      "lineno": 18,
+      "name": "bad_expected_access"
+    },
+    {
+      "args": [
+        "Impl&& self"
+      ],
+      "lineno": 29,
+      "name": "wide_value_check"
+    },
+    {
+      "args": [
+        "Impl&& self"
+      ],
+      "lineno": 36,
+      "name": "wide_error_check"
+    },
+    {
+      "args": [
+        "Impl&& self"
+      ],
+      "lineno": 43,
+      "name": "wide_exception_check"
+    }
+  ],
+  "language": "c header",
+  "namespaces": [
+    {
+      "lineno": 7,
+      "name": "xrpl"
+    },
+    {
+      "lineno": 25,
+      "name": "detail"
+    }
+  ]
+}

include/xrpl/basics/Expected.h.ai.md

@@ -0,0 +1,41 @@
+# `include/xrpl/basics/Expected.h`
+
+## Role and Motivation
+
+This header provides `xrpl::Expected<T, E>`, a polyfill for the `std::expected<T, E>` type proposed for C++23 (P0323R10). At the time this code was written, `std::expected` was not yet available, so the implementation delegates all storage and state management to `boost::outcome_v2::result<T, E, Policy>` while exposing an API that closely mirrors the eventual standard — making a future migration straightforward.
+
+`Expected<T, E>` represents a value that is *either* a success of type `T` or an error of type `E`. Unlike `std::optional`, which only signals absence, `Expected` carries diagnostic information about *why* a result is missing. Unlike exceptions, it forces callers to explicitly inspect the outcome. The `[[nodiscard]]` attribute on both the primary template and the `void` specialization guarantees at compile time that callers cannot silently drop a return value — a critical safety property in a financial ledger where ignored error returns could mean silent transaction corruption.
+
+## Components
+
+### `bad_expected_access`
+
+A thin `std::runtime_error` subclass thrown whenever code tries to read the wrong half of an `Expected` — e.g., calling `value()` on an error-holding instance. It carries no additional data because the error value itself is available via `error()` and the point of failure is immediately clear from the stack trace. By inheriting from `std::runtime_error`, it integrates naturally with XRPL's existing exception hierarchy.
+
+### `detail::throw_policy`
+
+Boost.Outcome's policy mechanism controls what happens when the invariants of a `result` are violated. The default boost policy may assert or exhibit undefined behavior depending on build configuration; `throw_policy` replaces that with deterministic exception throwing. All three "wide" check entry points — `wide_value_check`, `wide_error_check`, and `wide_exception_check` — delegate to `Throw<bad_expected_access>()` (from `contract.h`) rather than a bare `throw`, so the violation is also logged before the exception propagates, consistent with XRPL's programming-by-contract philosophy.
+
+### `Unexpected<E>`
+
+A wrapper type that acts as an explicit tag for the error path. A function returning `Expected<T, E>` constructs the error branch by returning `Unexpected<E>(err)`, not a bare `E`. This prevents the implicit construction ambiguity that would arise if both `T` and `E` were, for example, `std::string`. The class provides all four value-category overloads of `value()` (lvalue/rvalue × const/non-const) for perfect forwarding into `Expected`'s constructor.
+
+The deduction guide `Unexpected(E (&)[N]) -> Unexpected<E const*>` makes it ergonomic to pass string literals: `Unexpected("bad input")` deduces to `Unexpected<char const*>` rather than to a fixed-length array type, avoiding obscure template errors.
+
+### `Expected<T, E>` (primary template)
+
+Privately inherits from `boost::outcome_v2::result<T, E, detail::throw_policy>`. Private inheritance is intentional — it exposes only the `std::expected`-shaped API and hides the broader Outcome API (which includes channel-specific accessors and other facilities that would pollute the interface). The two constructors use `requires std::convertible_to` constraints so that implicit narrowing is rejected at compile time.
+
+`operator bool`, `operator*`, and `operator->` map onto `has_value()` and `value()`, matching the pointer-like ergonomics of the standard proposal. Accessing `operator*` or `operator->` on an error-holding `Expected` triggers `throw_policy::wide_value_check`, which throws `bad_expected_access`. Similarly, calling `error()` on a value-holding instance triggers `wide_error_check`.
+
+### `Expected<void, E>` (partial specialization)
+
+Functions that either succeed (producing no value) or fail with a diagnostic use this specialization. Its default constructor calls `boost::outcome_v2::success()` to produce a successful instance — matching the proposed `std::expected<void, E>{}` default construction semantics. This is the pattern used in `STTx::checkSign()` and related signature-verification methods, which return `Expected<void, std::string>`: on success the caller simply checks `operator bool`; on failure the error string explains what went wrong.
+
+## Usage Patterns in the Codebase
+
+`tokens.h` defines a convenience alias `B58Result<T> = Expected<T, std::error_code>` for Base58Check encoding/decoding operations, where the error is a standard system error code. `base_uint.h` uses `Expected<decltype(data_), ParseResult>` for a `noexcept` hex-parsing path, capturing a per-character parse failure without throwing. `STTx.h` uses `Expected<void, std::string>` for all signature-check entry points — a natural fit because signature validation either passes silently or produces a human-readable error message.
+
+## Design Trade-offs
+
+Choosing `boost::outcome` over a hand-rolled type means the storage layout, move semantics, and triviality propagation are handled by a well-tested library, reducing the risk of subtle UB in low-level storage operations. The cost is a dependency on Boost and some mismatch between Outcome's three-state model (value / error / exception pointer) and `std::expected`'s two-state model; the `wide_exception_check` override in `throw_policy` handles the third state consistently by also throwing `bad_expected_access`, even though `Expected` itself never stores an exception pointer in practice. When C++23 `std::expected` becomes universally available, the migration path is clear: the public API is already a subset of the standard interface.

include/xrpl/basics/FileUtilities.h.ai.json

@@ -0,0 +1,58 @@
+{
+  "args": [
+    {
+      "lineno": 9,
+      "name": "ec"
+    },
+    {
+      "lineno": 10,
+      "name": "sourcePath"
+    },
+    {
+      "lineno": 11,
+      "name": "maxSize"
+    },
+    {
+      "lineno": 15,
+      "name": "ec"
+    },
+    {
+      "lineno": 16,
+      "name": "destPath"
+    },
+    {
+      "lineno": 17,
+      "name": "contents"
+    }
+  ],
+  "classes": [],
+  "description": "Provides utility functions for reading from and writing to files using Boost filesystem, with error handling and optional size limit.",
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/FileUtilities.h",
+  "functions": [
+    {
+      "args": [
+        "ec",
+        "sourcePath",
+        "maxSize"
+      ],
+      "lineno": 8,
+      "name": "getFileContents"
+    },
+    {
+      "args": [
+        "ec",
+        "destPath",
+        "contents"
+      ],
+      "lineno": 14,
+      "name": "writeFileContents"
+    }
+  ],
+  "language": "c header",
+  "namespaces": [
+    {
+      "lineno": 6,
+      "name": "xrpl"
+    }
+  ]
+}

include/xrpl/basics/FileUtilities.h.ai.md

@@ -0,0 +1,33 @@
+# `include/xrpl/basics/FileUtilities.h`
+
+This header declares two thin file I/O utilities — `getFileContents` and `writeFileContents` — that form the XRPL codebase's standard interface for synchronous file access. The design problem they solve is not the I/O itself, but the error-handling contract: the broader rippled codebase avoids exceptions in many subsystems and instead relies on `boost::system::error_code` for structured, non-throwing error propagation. These two functions provide a consistent, exception-free surface for the handful of places in the node that must read or write files.
+
+## Interface Design
+
+Both functions follow the same convention: an `error_code&` output parameter is the first argument, populated on failure while the function returns an empty result (or returns nothing for the write case). This is the classic Boost.Asio-style error-out-parameter pattern, chosen over exception-throwing I/O because the callers — configuration loading, validator list file reads, test scaffolding — operate in contexts where an error is a recoverable condition requiring a structured diagnostic path rather than a stack unwind.
+
+`getFileContents` takes a `boost::filesystem::path` and an optional `std::size_t` upper bound. The `std::optional<std::size_t> maxSize` parameter is the key safety valve: it allows callers to cap memory usage before any bytes are read into a `std::string`. When absent, the file is read in full. When present, the function checks the on-disk file size before opening the stream and returns `file_too_large` immediately if the limit is exceeded. This pre-check is cheap and prevents unbounded allocation when reading untrusted or potentially large files.
+
+`writeFileContents` takes a `boost::filesystem::path` and the string to write. It opens with `std::ios::out | std::ios::trunc`, guaranteeing the destination file is replaced atomically from the content's perspective — no partial appends. The function does not check or create intermediate directories; the caller is responsible for ensuring the destination path exists.
+
+## Implementation Notes (from the `.cpp`)
+
+`getFileContents` calls `boost::filesystem::canonical()` before doing anything else. This resolves symlinks and relative components into an absolute, normalized path, ensuring the subsequent `file_size()` check and stream open operate on the same physical file. Calling `canonical()` with the `ec` overload also intercepts path resolution errors (non-existent file, permission denied) through the same error-code channel rather than a filesystem exception.
+
+After path resolution, the implementation reads the file via a `std::istreambuf_iterator` range construction directly into a `std::string`. This is idiomatic C++ for slurping a whole file but has a subtle implication: for text-mode streams on some platforms, newline translation may occur. The stream is opened in `std::ios::in` (text mode), consistent with the intended use cases — TOML/JSON configuration and validator list JSON — where the content is human-readable text rather than binary data.
+
+Error checking is done at three points: path resolution failure, pre-open size check, and post-read `fileStream.bad()`. The `bad()` check (not `fail()`) specifically catches I/O errors during reading, not logical stream state issues, which is the correct guard for a hardware or OS-level read failure mid-stream.
+
+## Callers in Context
+
+The three primary call sites reveal the intended use scope:
+
+- `src/xrpld/core/detail/Config.cpp` uses `getFileContents` twice: once to load the main configuration file and once to load the validators file specified within that config. These are startup-time reads on the main thread, where a missing file is a fatal misconfiguration.
+- `src/xrpld/app/misc/detail/WorkFile.h` uses `getFileContents` with a hard cap of `megabytes(1)` to read validator list files fetched from the network. The 1 MB cap is a deliberate denial-of-service defense against a maliciously large or corrupted file consuming unbounded memory.
+- `src/xrpld/app/misc/detail/ValidatorList.cpp` uses `writeFileContents` to persist the current validator list as styled JSON after an update.
+
+The `maxSize` parameter's real motivation is visible in the `WorkFile` usage: without it, a 4 GB file at a validator list URL would allocate 4 GB of heap before the caller could inspect the error. The pre-check using `file_size()` is a TOCTOU (time-of-check/time-of-use) race in theory, but in practice the files involved are either local config files or freshly downloaded files in a controlled temp location, making the race window negligible.
+
+## Relationship to the `basics` Module
+
+Within `include/xrpl/basics/`, this header occupies the narrowest role: it is a leaf utility with no dependencies on other XRPL types. It depends only on Boost.Filesystem and `<optional>`, making it safe to include anywhere in the stack without pulling in heavier XRPL headers. The `ByteUtilities.h` header (which provides `kilobytes()` and `megabytes()`) is the natural companion when callers need to express size limits in readable units, as the test suite and `WorkFile` both demonstrate.

include/xrpl/basics/IntrusivePointer.h.ai.json

@@ -0,0 +1,115 @@
+{
+  "args": [
+    {
+      "lineno": 61,
+      "name": "T* p"
+    },
+    {
+      "lineno": 61,
+      "name": "TAdoptTag"
+    },
+    {
+      "lineno": 63,
+      "name": "SharedIntrusive const& rhs"
+    },
+    {
+      "lineno": 67,
+      "name": "SharedIntrusive<TT> const& rhs"
+    },
+    {
+      "lineno": 70,
+      "name": "SharedIntrusive&& rhs"
+    },
+    {
+      "lineno": 74,
+      "name": "SharedIntrusive<TT>&& rhs"
+    },
+    {
+      "lineno": 196,
+      "name": "TT"
+    },
+    {
+      "lineno": 196,
+      "name": "Args&&... args"
+    }
+  ],
+  "classes": [
+    {
+      "args": [],
+      "lineno": 11,
+      "name": "StaticCastTagSharedIntrusive"
+    },
+    {
+      "args": [],
+      "lineno": 19,
+      "name": "DynamicCastTagSharedIntrusive"
+    },
+    {
+      "args": [],
+      "lineno": 27,
+      "name": "SharedIntrusiveAdoptIncrementStrongTag"
+    },
+    {
+      "args": [],
+      "lineno": 34,
+      "name": "SharedIntrusiveAdoptNoIncrementTag"
+    },
+    {
+      "args": [
+        "T* p, TAdoptTag",
+        "SharedIntrusive const& rhs",
+        "SharedIntrusive<TT> const& rhs",
+        "SharedIntrusive&& rhs",
+        "SharedIntrusive<TT>&& rhs",
+        "StaticCastTagSharedIntrusive, SharedIntrusive<TT> const& rhs",
+        "StaticCastTagSharedIntrusive, SharedIntrusive<TT>&& rhs",
+        "DynamicCastTagSharedIntrusive, SharedIntrusive<TT> const& rhs",
+        "DynamicCastTagSharedIntrusive, SharedIntrusive<TT>&& rhs"
+      ],
+      "lineno": 54,
+      "name": "SharedIntrusive"
+    },
+    {
+      "args": [
+        "WeakIntrusive const& rhs",
+        "WeakIntrusive&& rhs",
+        "SharedIntrusive<T> const& rhs",
+        "SharedIntrusive<T> const&& rhs"
+      ],
+      "lineno": 151,
+      "name": "WeakIntrusive"
+    },
+    {
+      "args": [
+        "SharedWeakUnion const& rhs",
+        "SharedIntrusive<TT> const& rhs",
+        "SharedWeakUnion&& rhs",
+        "SharedIntrusive<TT>&& rhs"
+      ],
+      "lineno": 210,
+      "name": "SharedWeakUnion"
+    }
+  ],
+  "description": "This file implements shared and weak intrusive pointer classes (SharedIntrusive, WeakIntrusive, SharedWeakUnion) for reference-counted memory management, including utilities for casting and pointer creation, primarily for use in the XRPL codebase.",
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/IntrusivePointer.h",
+  "functions": [
+    {
+      "args": [
+        "Args&&... args"
+      ],
+      "lineno": 196,
+      "name": "make_SharedIntrusive"
+    }
+  ],
+  "language": "c header",
+  "namespaces": [
+    {
+      "lineno": 7,
+      "name": "xrpl"
+    },
+    {
+      "lineno": 222,
+      "name": "intr_ptr"
+    }
+  ]
+}

include/xrpl/basics/IntrusivePointer.h.ai.md

@@ -0,0 +1,52 @@
+# `include/xrpl/basics/IntrusivePointer.h`
+
+This header defines XRPL's custom intrusive smart pointer system: `SharedIntrusive<T>`, `WeakIntrusive<T>`, and `SharedWeakUnion<T>`. The system was designed specifically for `SHAMapInnerNode` — the inner nodes of the radix-16 Merkle trie at the heart of ledger state — but is general enough to serve other reference-counted types. The driver for building this rather than using `std::shared_ptr` is a lifecycle feature called the *partial destructor*, combined with a memory-efficient combined strong/weak pointer variant.
+
+## Why Not `std::shared_ptr`?
+
+The file's own comment names the key difference clearly. With `std::shared_ptr` created via `make_shared`, the control block (which contains both the strong and weak counts) lives alongside the object in a single allocation. That allocation is not reclaimed until both the strong *and* weak counts hit zero. So if something holds a `std::weak_ptr` to an inner node, the node's full allocation — including its 16 child pointers — stays live even after the last `shared_ptr` drops. For the SHAMap this is expensive: each inner node can hold up to 16 child `SharedIntrusive` pointers. The partial destructor mechanism exists specifically to release those children as soon as the strong count falls to zero, leaving only a shell waiting for the weak count to drain.
+
+## Reference Count Layout
+
+The actual counters live in `IntrusiveRefCounts` (`IntrusiveRefCounts.h`), which must be a base class of any type `T` used with these pointers. A single `std::atomic<uint32_t>` field encodes four things:
+
+- **Bits 0–15**: strong count (up to 65535 owners)
+- **Bits 16–29**: weak count (14 bits, up to 16383 weak holders)
+- **Bit 30**: `partialDestroyStarted` flag
+- **Bit 31**: `partialDestroyFinished` flag
+
+Packing counts and flags into one atomic integer means `releaseStrongRef()` can atomically decrement the count *and* set the `partialDestroyStarted` flag in a single CAS loop, avoiding a TOCTOU window where two threads could both decide to trigger partial destruction. The two flags are required to safely sequence concurrent partial- and full-destruction: the last weak pointer release spins on `atomic::wait()` if the partial destructor has started but not yet finished, preventing `delete` from racing with `partialDestructor()`.
+
+## `SharedIntrusive<T>` — The Strong Pointer
+
+`SharedIntrusive<T>` holds a raw `T* ptr_` whose lifetime is controlled by an intrusive strong count on `*ptr_`. Copy construction calls `ptr_->addStrongRef()`; move construction steals via `unsafeExchange(nullptr)` without touching the count. When the last strong holder releases (`unsafeReleaseAndStore(nullptr)` called from destructor or `reset()`), `releaseStrongRef()` returns one of three `ReleaseStrongRefAction` values:
+
+- `noop` — other strong holders remain
+- `destroy` — both counts are zero; `delete prev`
+- `partialDestroy` — weak holders remain; call `prev->partialDestructor()` then `partialDestructorFinished(&prev)`
+
+The call to `partialDestructorFinished` is the responsibility of the smart pointer class, not the pointee's `partialDestructor()`. This deliberate separation — noted in comments — forces every new `partialDestructor` implementation to explicitly arrange that call, making it harder to accidentally omit the step that wakes waiting threads.
+
+The `unsafe*` private methods (`unsafeGetRawPtr`, `unsafeSetRawPtr`, `unsafeExchange`, `unsafeReleaseAndStore`) are named with the "unsafe" prefix not because they are dangerous in isolation, but as an architectural seam: the comment explicitly anticipates a future patch where `ptr_` might become `std::atomic<T*>`, and isolating all direct pointer access through these methods makes such a change localized.
+
+## Adopt Tags and `make_SharedIntrusive`
+
+Two tag types — `SharedIntrusiveAdoptIncrementStrongTag` and `SharedIntrusiveAdoptNoIncrementTag` — control whether adopting a raw pointer bumps the strong count. `make_SharedIntrusive<TT>()` allocates a new object with `new TT(...)` and wraps it with `NoIncrement`. This is correct because `IntrusiveRefCounts` initializes its atomic field to `strongDelta` (= 1), meaning the object is born with a strong count of one; incrementing again would be a double-count. The `static_assert` in `make_SharedIntrusive` verifies that the adopting constructor is `noexcept`, since a throw after the raw `new` but before the pointer is wrapped would leak the allocation.
+
+## Cast Tags
+
+`StaticCastTagSharedIntrusive` and `DynamicCastTagSharedIntrusive` are dispatch tags for cast-constructors, enabling the `intr_ptr::static_pointer_cast<T>()` and `intr_ptr::dynamic_pointer_cast<T>()` free functions. The move variant of the dynamic-cast constructor handles failure carefully: it uses `unsafeExchange` to steal the pointer from `rhs`, attempts `dynamic_cast`, and if it fails, exchanges the pointer back into `rhs` so ownership is not lost.
+
+## `WeakIntrusive<T>` — The Weak Pointer
+
+`WeakIntrusive<T>` mirrors the weak semantics of `std::weak_ptr`. Copy construction calls `ptr_->addWeakRef()`; the destructor calls `unsafeReleaseNoStore()` which invokes `releaseWeakRef()`. The interesting method is `lock()`: it calls `checkoutStrongRefFromWeak()`, a CAS loop that increments the strong count only if it is already non-zero. If the strong count has already hit zero the lock fails and an empty `SharedIntrusive` is returned. Note that copy assignment from a `WeakIntrusive` is deleted — the comment explains this was omitted to simplify the implementation since no current use case required it.
+
+## `SharedWeakUnion<T>` — The Tagged Pointer
+
+`SharedWeakUnion<T>` is the most architecturally unusual piece. It stores both the pointer value and a strong/weak discriminator inside a single `uintptr_t` field `tp_` by using pointer tagging: if the low bit is `1`, the pointer represents a weak reference; if it is `0`, a strong reference. This works because `alignof(T) >= 2` is statically asserted, guaranteeing the low bit of any valid `T*` is always zero.
+
+The practical value is for tagged caches, where a cache slot should hold a strong pointer when the object is actively needed but can downgrade to a weak pointer to allow eviction without cache churn. `convertToStrong()` and `convertToWeak()` perform in-place promotion and demotion: `convertToStrong()` atomically promotes a weak checkout to a strong reference using `checkoutStrongRefFromWeak()` then releases the weak count; `convertToWeak()` uses the atomic `addWeakReleaseStrongRef()` operation to swap one strong count for one weak count in a single CAS loop, handling the `partialDestroy` case that arises if this was the very last strong pointer. The `lock()` method unifies weak and strong paths: if already strong, increment and return; if weak, attempt a checkout.
+
+## `intr_ptr` Namespace
+
+The nested `intr_ptr` namespace provides `std::shared_ptr`-style vocabulary aliases — `SharedPtr<T>`, `WeakPtr<T>`, `SharedWeakUnionPtr<T>`, `make_shared<T>()`, `static_pointer_cast<T>()`, `dynamic_pointer_cast<T>()` — used throughout the SHAMap subsystem. `SHAMapInnerNode` stores its 16 children as `intr_ptr::SharedPtr<SHAMapTreeNode>` and exposes `partialDestructor()` to reset them when the last strong holder drops.

include/xrpl/basics/IntrusivePointer.ipp.ai.json

@@ -0,0 +1,698 @@
+{
+  "args": [],
+  "classes": [],
+  "code_paths": [
+    {
+      "call_chain": [
+        "SharedIntrusive<T>::SharedIntrusive(T* p, TAdoptTag)",
+        "if constexpr (std::is_same_v<TAdoptTag, SharedIntrusiveAdoptIncrementStrongTag>)",
+        "if (p)",
+        "p->addStrongRef()"
+      ],
+      "entry_point": "SharedIntrusive<T>::SharedIntrusive(T* p, TAdoptTag)",
+      "purpose": "Constructs a SharedIntrusive from a raw pointer, optionally incrementing the strong ref count if adopting.",
+      "validation_points": [
+        "if (p) // Validates pointer before addStrongRef"
+      ]
+    },
+    {
+      "call_chain": [
+        "SharedIntrusive<T>::SharedIntrusive(SharedIntrusive const& rhs)",
+        "rhs.unsafeGetRawPtr()",
+        "if (p)",
+        "p->addStrongRef()"
+      ],
+      "entry_point": "SharedIntrusive<T>::SharedIntrusive(SharedIntrusive const& rhs)",
+      "purpose": "Copy constructor, increments strong ref if pointer is not null.",
+      "validation_points": [
+        "if (p) // Validates pointer before addStrongRef"
+      ]
+    },
+    {
+      "call_chain": [
+        "SharedIntrusive<T>::operator=(SharedIntrusive const& rhs)",
+        "if (this == &rhs)",
+        "rhs.unsafeGetRawPtr()",
+        "if (p)",
+        "p->addStrongRef()",
+        "unsafeReleaseAndStore(p)"
+      ],
+      "entry_point": "SharedIntrusive<T>::operator=(SharedIntrusive const& rhs)",
+      "purpose": "Assignment operator, handles self-assignment, increments ref if needed, releases old pointer.",
+      "validation_points": [
+        "if (this == &rhs) // Self-assignment check",
+        "if (p) // Validates pointer before addStrongRef"
+      ]
+    },
+    {
+      "call_chain": [
+        "SharedIntrusive<T>::operator=(SharedIntrusive<TT> const& rhs)",
+        "if constexpr (std::is_same_v<T, TT>)",
+        "if (this == &rhs)",
+        "rhs.unsafeGetRawPtr()",
+        "if (p)",
+        "p->addStrongRef()",
+        "unsafeReleaseAndStore(p)"
+      ],
+      "entry_point": "SharedIntrusive<T>::operator=(SharedIntrusive<TT> const& rhs)",
+      "purpose": "Assignment from convertible type, handles self-assignment, increments ref if needed, releases old pointer.",
+      "validation_points": [
+        "if (this == &rhs) // Self-assignment check (if T == TT)",
+        "if (p) // Validates pointer before addStrongRef"
+      ]
+    },
+    {
+      "call_chain": [
+        "SharedIntrusive<T>::adopt(T* p)",
+        "if constexpr (std::is_same_v<TAdoptTag, SharedIntrusiveAdoptIncrementStrongTag>)",
+        "if (p)",
+        "p->addStrongRef()",
+        "unsafeReleaseAndStore(p)"
+      ],
+      "entry_point": "SharedIntrusive<T>::adopt(T* p)",
+      "purpose": "Adopts a raw pointer, optionally increments ref count, releases old pointer.",
+      "validation_points": [
+        "if (p) // Validates pointer before addStrongRef"
+      ]
+    }
+  ],
+  "data_flows": [
+    {
+      "field": "ptr_",
+      "flow": [
+        "T* p (input or from rhs)",
+        "if (p) validation",
+        "p->addStrongRef() (if validated)",
+        "ptr_ = p"
+      ],
+      "origin": "Constructor argument (T* p) or rhs.unsafeGetRawPtr()",
+      "transformations": [
+        "Pointer is checked for null",
+        "Reference count incremented if not null",
+        "Stored in ptr_"
+      ],
+      "validated_at": "if (p) before addStrongRef"
+    },
+    {
+      "field": "rhs (SharedIntrusive const& rhs or SharedIntrusive<TT> const& rhs)",
+      "flow": [
+        "rhs (input)",
+        "if (this == &rhs) validation (self-assignment)",
+        "rhs.unsafeGetRawPtr()",
+        "if (p) validation",
+        "p->addStrongRef()",
+        "unsafeReleaseAndStore(p)"
+      ],
+      "origin": "Function argument",
+      "transformations": [
+        "Self-assignment check",
+        "Pointer extracted",
+        "Reference count incremented if not null",
+        "Old pointer released and replaced"
+      ],
+      "validated_at": "if (this == &rhs), if (p)"
+    },
+    {
+      "field": "T* p (adopt)",
+      "flow": [
+        "T* p (input)",
+        "if (p) validation",
+        "p->addStrongRef() (if validated)",
+        "unsafeReleaseAndStore(p)"
+      ],
+      "origin": "adopt(T* p) argument",
+      "transformations": [
+        "Pointer is checked for null",
+        "Reference count incremented if not null",
+        "Old pointer released and replaced"
+      ],
+      "validated_at": "if (p)"
+    }
+  ],
+  "description": "Implements the definitions for intrusive smart pointer types (SharedIntrusive, WeakIntrusive, SharedWeakUnion) used for reference-counted memory management in the xrpl namespace.",
+  "false_positive_patterns": [
+    {
+      "applies_to": [
+        "validation",
+        "input_validation"
+      ],
+      "confidence": 0.9,
+      "detection_keywords": [
+        "template type parameters (via static_assert and if constexpr)",
+        "validation",
+        "missing",
+        "check"
+      ],
+      "evidence": "Field template type parameters (via static_assert and if constexpr) validated by C++ type system, manual null checks, static_assert",
+      "issue_pattern": "Missing validation for template type parameters (via static_assert and if constexpr)",
+      "why_false_positive": "C++ type system, manual null checks, static_assert validates template type parameters (via static_assert and if constexpr) automatically"
+    },
+    {
+      "applies_to": [
+        "validation",
+        "input_validation"
+      ],
+      "confidence": 0.9,
+      "detection_keywords": [
+        "pointer nullness (via if (p))",
+        "validation",
+        "missing",
+        "check"
+      ],
+      "evidence": "Field pointer nullness (via if (p)) validated by C++ type system, manual null checks, static_assert",
+      "issue_pattern": "Missing validation for pointer nullness (via if (p))",
+      "why_false_positive": "C++ type system, manual null checks, static_assert validates pointer nullness (via if (p)) automatically"
+    },
+    {
+      "applies_to": [
+        "validation",
+        "null_empty"
+      ],
+      "confidence": 1.0,
+      "detection_keywords": [
+        "p (pointer to T)",
+        "empty",
+        "string",
+        "validation"
+      ],
+      "evidence": "if (p) at SharedIntrusive<T>::SharedIntrusive(T* p, TAdoptTag) noexcept",
+      "issue_pattern": "Missing empty string validation for p (pointer to T)",
+      "why_false_positive": "if (p) validates p (pointer to T) for empty strings"
+    },
+    {
+      "applies_to": [
+        "validation",
+        "null_empty"
+      ],
+      "confidence": 1.0,
+      "detection_keywords": [
+        "rhs (SharedIntrusive const& rhs)",
+        "empty",
+        "string",
+        "validation"
+      ],
+      "evidence": "if (p) at SharedIntrusive<T>::SharedIntrusive(SharedIntrusive const& rhs)",
+      "issue_pattern": "Missing empty string validation for rhs (SharedIntrusive const& rhs)",
+      "why_false_positive": "if (p) validates rhs (SharedIntrusive const& rhs) for empty strings"
+    },
+    {
+      "applies_to": [
+        "validation",
+        "null_empty"
+      ],
+      "confidence": 1.0,
+      "detection_keywords": [
+        "rhs (SharedIntrusive<TT> const& rhs)",
+        "empty",
+        "string",
+        "validation"
+      ],
+      "evidence": "if (p) at SharedIntrusive<T>::SharedIntrusive(SharedIntrusive<TT> const& rhs)",
+      "issue_pattern": "Missing empty string validation for rhs (SharedIntrusive<TT> const& rhs)",
+      "why_false_positive": "if (p) validates rhs (SharedIntrusive<TT> const& rhs) for empty strings"
+    },
+    {
+      "applies_to": [
+        "validation",
+        "null_empty"
+      ],
+      "confidence": 1.0,
+      "detection_keywords": [
+        "this and rhs (self-assignment)",
+        "empty",
+        "string",
+        "validation"
+      ],
+      "evidence": "if (this == &rhs) at SharedIntrusive<T>::operator=(SharedIntrusive const& rhs)",
+      "issue_pattern": "Missing empty string validation for this and rhs (self-assignment)",
+      "why_false_positive": "if (this == &rhs) validates this and rhs (self-assignment) for empty strings"
+    },
+    {
+      "applies_to": [
+        "validation",
+        "null_empty"
+      ],
+      "confidence": 1.0,
+      "detection_keywords": [
+        "this and rhs (self-assignment)",
+        "empty",
+        "string",
+        "validation"
+      ],
+      "evidence": "if (this == &rhs) at SharedIntrusive<T>::operator=(SharedIntrusive<TT> const& rhs)",
+      "issue_pattern": "Missing empty string validation for this and rhs (self-assignment)",
+      "why_false_positive": "if (this == &rhs) validates this and rhs (self-assignment) for empty strings"
+    },
+    {
+      "applies_to": [
+        "validation",
+        "null_empty"
+      ],
+      "confidence": 1.0,
+      "detection_keywords": [
+        "this and rhs (self-assignment)",
+        "empty",
+        "string",
+        "validation"
+      ],
+      "evidence": "if (this == &rhs) at SharedIntrusive<T>::operator=(SharedIntrusive&& rhs)",
+      "issue_pattern": "Missing empty string validation for this and rhs (self-assignment)",
+      "why_false_positive": "if (this == &rhs) validates this and rhs (self-assignment) for empty strings"
+    },
+    {
+      "applies_to": [
+        "validation",
+        "null_empty"
+      ],
+      "confidence": 1.0,
+      "detection_keywords": [
+        "TT (template type parameter)",
+        "empty",
+        "string",
+        "validation"
+      ],
+      "evidence": "static_assert(!std::is_same_v<T, TT>, ...) at SharedIntrusive<T>::operator=(SharedIntrusive<TT>&& rhs)",
+      "issue_pattern": "Missing empty string validation for TT (template type parameter)",
+      "why_false_positive": "static_assert(!std::is_same_v<T, TT>, ...) validates TT (template type parameter) for empty strings"
+    },
+    {
+      "applies_to": [
+        "validation",
+        "type_safety"
+      ],
+      "confidence": 0.85,
+      "detection_keywords": [
+        "TT (template type parameter)",
+        "type",
+        "validation",
+        "check"
+      ],
+      "evidence": "static_assert(!std::is_same_v<T, TT>, ...) at SharedIntrusive<T>::operator=(SharedIntrusive<TT>&& rhs)",
+      "issue_pattern": "Missing type validation for TT (template type parameter)",
+      "why_false_positive": "static_assert(!std::is_same_v<T, TT>, ...) validates TT (template type parameter) type"
+    },
+    {
+      "applies_to": [
+        "validation",
+        "null_empty"
+      ],
+      "confidence": 1.0,
+      "detection_keywords": [
+        "TAdoptTag (template type parameter)",
+        "empty",
+        "string",
+        "validation"
+      ],
+      "evidence": "if constexpr (std::is_same_v<TAdoptTag, SharedIntrusiveAdoptIncrementStrongTag>) at SharedIntrusive<T>::SharedIntrusive(T* p, TAdoptTag) noexcept and adopt(T* p)",
+      "issue_pattern": "Missing empty string validation for TAdoptTag (template type parameter)",
+      "why_false_positive": "if constexpr (std::is_same_v<TAdoptTag, SharedIntrusiveAdoptIncrementStrongTag>) validates TAdoptTag (template type parameter) for empty strings"
+    },
+    {
+      "applies_to": [
+        "validation",
+        "type_safety"
+      ],
+      "confidence": 0.85,
+      "detection_keywords": [
+        "TAdoptTag (template type parameter)",
+        "type",
+        "validation",
+        "check"
+      ],
+      "evidence": "if constexpr (std::is_same_v<TAdoptTag, SharedIntrusiveAdoptIncrementStrongTag>) at SharedIntrusive<T>::SharedIntrusive(T* p, TAdoptTag) noexcept and adopt(T* p)",
+      "issue_pattern": "Missing type validation for TAdoptTag (template type parameter)",
+      "why_false_positive": "if constexpr (std::is_same_v<TAdoptTag, SharedIntrusiveAdoptIncrementStrongTag>) validates TAdoptTag (template type parameter) type"
+    }
+  ],
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/IntrusivePointer.ipp",
+  "functions": [
+    {
+      "args": [
+        "SharedIntrusive const& rhs"
+      ],
+      "lineno": 61,
+      "name": "SharedIntrusive<T>::operator="
+    },
+    {
+      "args": [
+        "SharedIntrusive<TT> const& rhs"
+      ],
+      "lineno": 80,
+      "name": "SharedIntrusive<T>::operator="
+    },
+    {
+      "args": [
+        "SharedIntrusive&& rhs"
+      ],
+      "lineno": 99,
+      "name": "SharedIntrusive<T>::operator="
+    },
+    {
+      "args": [
+        "SharedIntrusive<TT>&& rhs"
+      ],
+      "lineno": 110,
+      "name": "SharedIntrusive<T>::operator="
+    },
+    {
+      "args": [
+        "std::nullptr_t"
+      ],
+      "lineno": 120,
+      "name": "SharedIntrusive<T>::operator!="
+    },
+    {
+      "args": [
+        "std::nullptr_t"
+      ],
+      "lineno": 126,
+      "name": "SharedIntrusive<T>::operator=="
+    },
+    {
+      "args": [
+        "T* p"
+      ],
+      "lineno": 132,
+      "name": "SharedIntrusive<T>::adopt"
+    },
+    {
+      "args": [],
+      "lineno": 142,
+      "name": "SharedIntrusive<T>::~SharedIntrusive"
+    },
+    {
+      "args": [],
+      "lineno": 170,
+      "name": "SharedIntrusive<T>::operator*"
+    },
+    {
+      "args": [],
+      "lineno": 176,
+      "name": "SharedIntrusive<T>::operator->"
+    },
+    {
+      "args": [],
+      "lineno": 182,
+      "name": "SharedIntrusive<T>::operator bool"
+    },
+    {
+      "args": [],
+      "lineno": 188,
+      "name": "SharedIntrusive<T>::reset"
+    },
+    {
+      "args": [],
+      "lineno": 193,
+      "name": "SharedIntrusive<T>::get"
+    },
+    {
+      "args": [],
+      "lineno": 198,
+      "name": "SharedIntrusive<T>::use_count"
+    },
+    {
+      "args": [],
+      "lineno": 206,
+      "name": "SharedIntrusive<T>::unsafeGetRawPtr"
+    },
+    {
+      "args": [
+        "T* p"
+      ],
+      "lineno": 211,
+      "name": "SharedIntrusive<T>::unsafeSetRawPtr"
+    },
+    {
+      "args": [
+        "T* p"
+      ],
+      "lineno": 216,
+      "name": "SharedIntrusive<T>::unsafeExchange"
+    },
+    {
+      "args": [
+        "T* next"
+      ],
+      "lineno": 221,
+      "name": "SharedIntrusive<T>::unsafeReleaseAndStore"
+    },
+    {
+      "args": [
+        "SharedIntrusive<TT> const& rhs"
+      ],
+      "lineno": 265,
+      "name": "WeakIntrusive<T>::operator="
+    },
+    {
+      "args": [
+        "T* ptr"
+      ],
+      "lineno": 274,
+      "name": "WeakIntrusive<T>::adopt"
+    },
+    {
+      "args": [],
+      "lineno": 280,
+      "name": "WeakIntrusive<T>::~WeakIntrusive"
+    },
+    {
+      "args": [],
+      "lineno": 285,
+      "name": "WeakIntrusive<T>::lock"
+    },
+    {
+      "args": [],
+      "lineno": 294,
+      "name": "WeakIntrusive<T>::expired"
+    },
+    {
+      "args": [],
+      "lineno": 299,
+      "name": "WeakIntrusive<T>::reset"
+    },
+    {
+      "args": [],
+      "lineno": 304,
+      "name": "WeakIntrusive<T>::unsafeReleaseNoStore"
+    },
+    {
+      "args": [
+        "SharedWeakUnion const& rhs"
+      ],
+      "lineno": 353,
+      "name": "SharedWeakUnion<T>::operator="
+    },
+    {
+      "args": [
+        "SharedIntrusive<TT> const& rhs"
+      ],
+      "lineno": 380,
+      "name": "SharedWeakUnion<T>::operator="
+    },
+    {
+      "args": [
+        "SharedIntrusive<TT>&& rhs"
+      ],
+      "lineno": 391,
+      "name": "SharedWeakUnion<T>::operator="
+    },
+    {
+      "args": [],
+      "lineno": 399,
+      "name": "SharedWeakUnion<T>::~SharedWeakUnion"
+    },
+    {
+      "args": [],
+      "lineno": 404,
+      "name": "SharedWeakUnion<T>::getStrong"
+    },
+    {
+      "args": [],
+      "lineno": 415,
+      "name": "SharedWeakUnion<T>::operator bool"
+    },
+    {
+      "args": [],
+      "lineno": 420,
+      "name": "SharedWeakUnion<T>::reset"
+    },
+    {
+      "args": [],
+      "lineno": 425,
+      "name": "SharedWeakUnion<T>::get"
+    },
+    {
+      "args": [],
+      "lineno": 430,
+      "name": "SharedWeakUnion<T>::use_count"
+    },
+    {
+      "args": [],
+      "lineno": 437,
+      "name": "SharedWeakUnion<T>::expired"
+    },
+    {
+      "args": [],
+      "lineno": 442,
+      "name": "SharedWeakUnion<T>::lock"
+    },
+    {
+      "args": [],
+      "lineno": 463,
+      "name": "SharedWeakUnion<T>::isStrong"
+    },
+    {
+      "args": [],
+      "lineno": 468,
+      "name": "SharedWeakUnion<T>::isWeak"
+    },
+    {
+      "args": [],
+      "lineno": 473,
+      "name": "SharedWeakUnion<T>::convertToStrong"
+    },
+    {
+      "args": [],
+      "lineno": 491,
+      "name": "SharedWeakUnion<T>::convertToWeak"
+    },
+    {
+      "args": [],
+      "lineno": 517,
+      "name": "SharedWeakUnion<T>::unsafeGetRawPtr"
+    },
+    {
+      "args": [
+        "T* p",
+        "RefStrength rs"
+      ],
+      "lineno": 522,
+      "name": "SharedWeakUnion<T>::unsafeSetRawPtr"
+    },
+    {
+      "args": [
+        "std::nullptr_t"
+      ],
+      "lineno": 528,
+      "name": "SharedWeakUnion<T>::unsafeSetRawPtr"
+    },
+    {
+      "args": [],
+      "lineno": 532,
+      "name": "SharedWeakUnion<T>::unsafeReleaseNoStore"
+    }
+  ],
+  "language": "cpp",
+  "language_patterns": {
+    "exception_patterns": [],
+    "namespace_accessors": [],
+    "raii_usage": [],
+    "smart_pointers": [],
+    "template_validation": []
+  },
+  "namespaces": [
+    {
+      "lineno": 6,
+      "name": "xrpl"
+    }
+  ],
+  "test_coverage_notes": "The code is a low-level utility for intrusive reference counting. Typical tests would be in files like IntrusivePointer_test.cpp or SharedIntrusive_test.cpp, likely under the 'test' or 'unittest' directories. Tests should cover: construction from raw pointer (null and non-null), copy/move construction, assignment (including self-assignment), adopt(), and destruction. Gaps may exist in testing edge cases such as self-assignment, null pointer handling, and cross-type assignment. No direct evidence of test files is present in this snippet, so coverage should be verified in the codebase.",
+  "validation_architecture": {
+    "auto_validated_fields": [
+      "template type parameters (via static_assert and if constexpr)",
+      "pointer nullness (via if (p))"
+    ],
+    "framework": "C++ type system, manual null checks, static_assert",
+    "validation_layer": "business_logic"
+  },
+  "validations": [
+    {
+      "confidence": 1.0,
+      "error_thrown": "none (conditional logic only)",
+      "field": "p (pointer to T)",
+      "location": "SharedIntrusive<T>::SharedIntrusive(T* p, TAdoptTag) noexcept",
+      "validated_by": "if (p)",
+      "validates": [
+        "Checks if pointer p is not null before calling p->addStrongRef()"
+      ],
+      "validation_type": "null check"
+    },
+    {
+      "confidence": 1.0,
+      "error_thrown": "none (conditional logic only)",
+      "field": "rhs (SharedIntrusive const& rhs)",
+      "location": "SharedIntrusive<T>::SharedIntrusive(SharedIntrusive const& rhs)",
+      "validated_by": "if (p)",
+      "validates": [
+        "Checks if pointer p (from rhs.unsafeGetRawPtr()) is not null before calling p->addStrongRef()"
+      ],
+      "validation_type": "null check"
+    },
+    {
+      "confidence": 1.0,
+      "error_thrown": "none (conditional logic only)",
+      "field": "rhs (SharedIntrusive<TT> const& rhs)",
+      "location": "SharedIntrusive<T>::SharedIntrusive(SharedIntrusive<TT> const& rhs)",
+      "validated_by": "if (p)",
+      "validates": [
+        "Checks if pointer p (from rhs.unsafeGetRawPtr()) is not null before calling p->addStrongRef()"
+      ],
+      "validation_type": "null check"
+    },
+    {
+      "confidence": 1.0,
+      "error_thrown": "none (early return)",
+      "field": "this and rhs (self-assignment)",
+      "location": "SharedIntrusive<T>::operator=(SharedIntrusive const& rhs)",
+      "validated_by": "if (this == &rhs)",
+      "validates": [
+        "Checks for self-assignment to avoid unnecessary operations"
+      ],
+      "validation_type": "business_logic"
+    },
+    {
+      "confidence": 1.0,
+      "error_thrown": "none (early return)",
+      "field": "this and rhs (self-assignment)",
+      "location": "SharedIntrusive<T>::operator=(SharedIntrusive<TT> const& rhs)",
+      "validated_by": "if (this == &rhs)",
+      "validates": [
+        "Checks for self-assignment to avoid unnecessary operations (only if T == TT)"
+      ],
+      "validation_type": "business_logic"
+    },
+    {
+      "confidence": 1.0,
+      "error_thrown": "none (early return)",
+      "field": "this and rhs (self-assignment)",
+      "location": "SharedIntrusive<T>::operator=(SharedIntrusive&& rhs)",
+      "validated_by": "if (this == &rhs)",
+      "validates": [
+        "Checks for self-assignment to avoid unnecessary operations"
+      ],
+      "validation_type": "business_logic"
+    },
+    {
+      "confidence": 1.0,
+      "error_thrown": "static_assert failure (compile-time error)",
+      "field": "TT (template type parameter)",
+      "location": "SharedIntrusive<T>::operator=(SharedIntrusive<TT>&& rhs)",
+      "validated_by": "static_assert(!std::is_same_v<T, TT>, ...)",
+      "validates": [
+        "Ensures that this overload is not instantiated for T == TT"
+      ],
+      "validation_type": "type"
+    },
+    {
+      "confidence": 1.0,
+      "error_thrown": "none (compile-time conditional)",
+      "field": "TAdoptTag (template type parameter)",
+      "location": "SharedIntrusive<T>::SharedIntrusive(T* p, TAdoptTag) noexcept and adopt(T* p)",
+      "validated_by": "if constexpr (std::is_same_v<TAdoptTag, SharedIntrusiveAdoptIncrementStrongTag>)",
+      "validates": [
+        "Ensures that addStrongRef() is only called if TAdoptTag is SharedIntrusiveAdoptIncrementStrongTag"
+      ],
+      "validation_type": "type"
+    }
+  ]
+}

include/xrpl/basics/IntrusivePointer.ipp.ai.md

@@ -0,0 +1,64 @@
+# `IntrusivePointer.ipp` — Intrusive Smart Pointer Method Definitions
+
+This file provides the out-of-line template method bodies for three intrusive smart pointer classes declared in `IntrusivePointer.h`: `SharedIntrusive<T>`, `WeakIntrusive<T>`, and `SharedWeakUnion<T>`. As is conventional for C++ template implementations that must be visible to all translation units, the definitions live in a `.ipp` file that `IntrusivePointer.h` includes, rather than in a `.cpp` file.
+
+## Why Not `std::shared_ptr`?
+
+The comment on `SharedIntrusive` in the header explains the core motivation: the XRPL codebase needs a smart pointer that can release an object's *data* when the last strong reference drops, while deferring the *memory* release until the last weak reference also drops. `std::shared_ptr` guarantees that the destructor runs at strong-count zero, but an implementation using `make_shared` keeps the entire memory block alive until weak-count zero. More importantly, `std::shared_ptr` provides no hook between "last strong gone" and "last weak gone."
+
+The intrusive design solves this by embedding reference counts directly in the pointee via `IntrusiveRefCounts` (a base struct the controlled type must inherit). When the strong count reaches zero, the pointer machinery calls a user-defined `partialDestructor()` — which can, for instance, reset `SHAMapInnerNode`'s child-pointer array to free the expensive working data — while the object shell continues to exist as long as any weak pointer holds on. Only when the weak count also reaches zero does `delete` run.
+
+## `SharedIntrusive<T>` — The Strong Pointer
+
+Construction and assignment follow a consistent pattern: acquire the new ref before releasing the old. The copy constructor uses a lambda initializer to atomically call `addStrongRef()` before storing the pointer in `ptr_`, ensuring the count is correct even if the lambda result is used to initialize a field directly:
+
+```cpp
+ptr_{[&] {
+    auto p = rhs.unsafeGetRawPtr();
+    if (p) p->addStrongRef();
+    return p;
+}()}
+```
+
+Move construction is cheaper: it calls `unsafeExchange(nullptr)` on the source to steal the pointer without touching ref counts. The `static_assert` in the heterogeneous move-assignment operator enforces at compile time that the same-type case is handled by the homogeneous overload, preventing this overload from being instantiated for `T == TT`.
+
+### The `TAdoptTag` Pattern
+
+The `adopt(T* p)` method and the raw-pointer constructor both take a `TAdoptTag` template parameter constrained by the `CAdoptTag` concept. Two tags exist: `SharedIntrusiveAdoptIncrementStrongTag` increments the strong count (for absorbing a raw pointer that hasn't had its count bumped yet), and `SharedIntrusiveAdoptNoIncrementTag` adopts the pointer without incrementing. `make_SharedIntrusive` allocates via `new T` — `IntrusiveRefCounts` initializes the strong count to 1 — and then adopts with `SharedIntrusiveAdoptNoIncrementTag` to avoid a double-count. The `noexcept` guarantee on that constructor path is enforced with a `static_assert` inside `make_SharedIntrusive` to prevent memory leaks if construction were to throw after allocation.
+
+### `unsafeReleaseAndStore` — The Core Destruction Path
+
+Every operation that replaces the stored pointer funnels through `unsafeReleaseAndStore(T* next)`. It atomically swaps the new pointer in via `std::exchange`, then calls `releaseStrongRef()` on the evicted pointer. The return value is a `ReleaseStrongRefAction` enum with three values:
+
+- `noop` — other strong pointers remain; do nothing.
+- `destroy` — no strong or weak pointers remain; call `delete`.
+- `partialDestroy` — the weak count is non-zero; call `partialDestructor()` then `partialDestructorFinished()`.
+
+The `partialDestructorFinished` template friend function sets the `partialDestroyFinishedMask` bit atomically on `IntrusiveRefCounts::refCounts`, and if the weak count has already reached zero it calls `notify_one()` to wake any thread that is waiting in `releaseWeakRef()` for the partial destructor to complete before running the full destructor.
+
+### Cast Constructors
+
+`SharedIntrusive` supports both `static_cast` and `dynamic_cast` construction from a `SharedIntrusive<TT>`. For the move variant of `dynamic_cast`, there is a subtle correctness invariant: if `dynamic_cast<T*>` returns null (the cast fails), the source pointer is restored via `rhs.unsafeExchange(toSet)` to prevent the controlled object from leaking. A code comment notes that the `unsafeExchange` structure is also kept in anticipation of a future atomic pointer mode.
+
+## `WeakIntrusive<T>` — The Weak Pointer
+
+`WeakIntrusive` manages a non-owning reference via `addWeakRef()` and `releaseWeakRef()`. Two deliberate omissions in the interface are worth noting:
+
+- Copy assignment from another `WeakIntrusive` is `delete`d. The header comment explains this is because there are currently no use cases, and omitting it simplifies implementation. It can be reintroduced if needed.
+- There is no move constructor from `SharedIntrusive<T>&&`. Moving a strong pointer into a weak pointer would require decrementing the strong count and adding a weak count, making it *more* expensive than copying the raw pointer and adding a weak ref. The deleted overload prevents this surprising hidden cost.
+
+`lock()` calls `checkoutStrongRefFromWeak()` on the raw pointer, which uses a CAS loop to atomically increment the strong count only if it is currently non-zero. On success, the new `SharedIntrusive` is constructed with `SharedIntrusiveAdoptNoIncrementTag` — the checkout already performed the increment, so a second increment must not occur.
+
+## `SharedWeakUnion<T>` — The Tagged-Pointer Union
+
+`SharedWeakUnion` packs both a strong and weak reference into the space of a single pointer word. It stores the pointer as a `std::uintptr_t` called `tp_`, uses the low bit as a tag (1 = weak, 0 = strong), and recovers the raw pointer by masking with `ptrMask = ~1`. A `static_assert` on `alignof(T) >= 2` enforces that the actual pointer will never set the low bit, keeping the encoding sound.
+
+`unsafeGetRawPtr()` applies the mask; `unsafeSetRawPtr(T*, RefStrength)` stores the pointer and conditionally ORs in the tag bit. `isStrong()` / `isWeak()` read the tag bit directly.
+
+`convertToStrong()` and `convertToWeak()` allow in-place reference strength switching. `convertToWeak()` uses `addWeakReleaseStrongRef()` — an atomic operation on `IntrusiveRefCounts` that adds a weak delta and subtracts a strong delta in one CAS loop — to avoid a window where the strong count is zero but the weak count hasn't been incremented yet. If the result is `partialDestroy`, `convertToWeak` handles the two-phase partial destruction, including the `partialDestructorFinished` call that clears the pointer variable.
+
+`get()` returns the raw pointer only if the union holds a strong reference; calling `get()` on a weak-tagged union returns null. `lock()` unifies both cases: if already strong, it bumps the strong count and returns; if weak, it attempts `checkoutStrongRefFromWeak()` and adopts without increment on success.
+
+## Naming Convention for Primitives
+
+All methods prefixed with `unsafe` are private and skip reference counting entirely. They manipulate the raw pointer field directly. This naming convention serves two purposes: it makes the separation between raw pointer mechanics and safe counted semantics immediately visible during code review, and the header comments note that these wrappers exist in anticipation of a future patch to support atomic pointer storage (which would require replacing `std::exchange` with `std::atomic::exchange` inside these one-line helpers).

include/xrpl/basics/IntrusiveRefCounts.h.ai.json

@@ -0,0 +1,118 @@
+{
+  "args": [
+    {
+      "lineno": 272,
+      "name": "v"
+    },
+    {
+      "lineno": 282,
+      "name": "s"
+    },
+    {
+      "lineno": 282,
+      "name": "w"
+    },
+    {
+      "lineno": 299,
+      "name": "o"
+    }
+  ],
+  "classes": [
+    {
+      "args": [],
+      "lineno": 38,
+      "name": "IntrusiveRefCounts"
+    },
+    {
+      "args": [
+        "FieldType v",
+        "CountType s, CountType w"
+      ],
+      "lineno": 101,
+      "name": "IntrusiveRefCounts::RefCountPair"
+    }
+  ],
+  "description": "Implements atomic reference counting for intrusive smart pointers, including strong and weak reference management, partial destruction, and thread-safe operations for use in the XRPL codebase.",
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/IntrusiveRefCounts.h",
+  "functions": [
+    {
+      "args": [],
+      "lineno": 120,
+      "name": "IntrusiveRefCounts::addStrongRef"
+    },
+    {
+      "args": [],
+      "lineno": 125,
+      "name": "IntrusiveRefCounts::addWeakRef"
+    },
+    {
+      "args": [],
+      "lineno": 130,
+      "name": "IntrusiveRefCounts::releaseStrongRef"
+    },
+    {
+      "args": [],
+      "lineno": 170,
+      "name": "IntrusiveRefCounts::addWeakReleaseStrongRef"
+    },
+    {
+      "args": [],
+      "lineno": 210,
+      "name": "IntrusiveRefCounts::releaseWeakRef"
+    },
+    {
+      "args": [],
+      "lineno": 235,
+      "name": "IntrusiveRefCounts::checkoutStrongRefFromWeak"
+    },
+    {
+      "args": [],
+      "lineno": 248,
+      "name": "IntrusiveRefCounts::expired"
+    },
+    {
+      "args": [],
+      "lineno": 253,
+      "name": "IntrusiveRefCounts::use_count"
+    },
+    {
+      "args": [],
+      "lineno": 258,
+      "name": "IntrusiveRefCounts::~IntrusiveRefCounts"
+    },
+    {
+      "args": [
+        "IntrusiveRefCounts::FieldType v"
+      ],
+      "lineno": 271,
+      "name": "IntrusiveRefCounts::RefCountPair::RefCountPair"
+    },
+    {
+      "args": [
+        "IntrusiveRefCounts::CountType s",
+        "IntrusiveRefCounts::CountType w"
+      ],
+      "lineno": 281,
+      "name": "IntrusiveRefCounts::RefCountPair::RefCountPair"
+    },
+    {
+      "args": [],
+      "lineno": 289,
+      "name": "IntrusiveRefCounts::RefCountPair::combinedValue"
+    },
+    {
+      "args": [
+        "T** o"
+      ],
+      "lineno": 299,
+      "name": "partialDestructorFinished"
+    }
+  ],
+  "language": "c header",
+  "namespaces": [
+    {
+      "lineno": 6,
+      "name": "xrpl"
+    }
+  ]
+}

include/xrpl/basics/IntrusiveRefCounts.h.ai.md

@@ -0,0 +1,56 @@
+# `IntrusiveRefCounts.h` — Atomic Reference Counting for Intrusive Smart Pointers
+
+## Role in the System
+
+`IntrusiveRefCounts` is the reference-counting backbone for XRPL's custom intrusive smart pointer family: `SharedIntrusive<T>`, `WeakIntrusive<T>`, and `SharedWeakUnion<T>`, all defined in `IntrusivePointer.h`. A class participates in this system simply by inheriting from `IntrusiveRefCounts`; the notable consumer is `SHAMapInnerNode`, whose billions-of-ops-per-second traversal patterns make every byte and every allocation matter.
+
+The design answers a specific criticism of `std::shared_ptr`: with `make_shared`, the control block and the object are co-allocated, which is efficient, but the memory cannot be reclaimed until the weak count also hits zero. XRPL's intrusive design embeds the counts directly in the object, saves the separate control-block allocation, and — crucially — introduces a *partial destruction* protocol that lets the object shed its expensive payload (e.g., child node pointers) the moment the strong count reaches zero, even while weak pointers keep the shell alive.
+
+## The Packed Atomic Field
+
+All state lives in a single `mutable std::atomic<uint32_t> refCounts`. The 32 bits are divided as follows:
+
+| Bits | Field |
+|------|-------|
+| 0–15 | Strong count (16 bits) |
+| 16–29 | Weak count (14 bits) |
+| 30 | `partialDestroyStartedBit` |
+| 31 | `partialDestroyFinishedBit` |
+
+Packing everything into one atomic word means that decrementing a count *and* setting a flag can be done as a single compare-and-swap, eliminating any window between the two operations that a second atomic would expose. The helper struct `RefCountPair` wraps the unpack/repack logic: its constructor extracts each field by masking and shifting, and `combinedValue()` reassembles them.
+
+## Destruction Lifecycle and the Partial Destructor
+
+When `releaseStrongRef()` finds that the strong count is dropping to exactly one (i.e., to zero), it branches on whether any weak references exist:
+
+- **No weak refs**: returns `ReleaseStrongRefAction::destroy`. The caller (in `IntrusivePointer.ipp`) runs `delete ptr`, calling the full destructor.
+- **Weak refs present**: atomically sets `partialDestroyStartedBit` *in the same CAS that decrements the count*, then returns `partialDestroy`. The caller invokes `ptr->partialDestructor()`, then calls the free function `partialDestructorFinished(&ptr)`.
+
+This CAS loop in `releaseStrongRef()` almost always executes once; looping is necessary only if another thread modifies `refCounts` between the `load` and `compare_exchange_weak`.
+
+`partialDestructorFinished()` is a `friend` function template declared in the class. It atomically sets `partialDestroyFinishedBit` via `fetch_or`, then — if the weak count is already zero at that point — calls `refCounts.notify_one()` to wake any thread blocked in `releaseWeakRef()`. The intentional `T**` (double-pointer) signature is a deliberate API ergonomic signal: after the call, `*o` is set to `nullptr` to discourage use-after-free, because another thread may immediately delete the object upon seeing the finished bit.
+
+## Why Two Bits for Partial Destroy
+
+There is a genuine race that a single bit cannot handle. Consider:
+
+1. Thread A: last strong pointer releases → strong count goes to zero, weak count is 1, `partialDestroyStarted` is about to be set (but has not been set yet).
+2. Thread B: last weak pointer releases → sees `strong == 0`, `weak == 1 → 0` → would naively call the full destructor, racing with Thread A's partial destructor.
+
+The `partialDestroyStarted` bit, set atomically in the same CAS that decrements the strong count, prevents Thread B from proceeding until the partial destructor's state is stable. The `partialDestroyFinished` bit then lets `releaseWeakRef()` know it is safe to destroy. When neither bit is set, `releaseWeakRef()` calls `refCounts.wait(…)` — a futex-style block on the atomic value — and rechecks upon wake-up.
+
+## Key Operations
+
+**`addStrongRef()` / `addWeakRef()`** use `fetch_add` with `acq_rel` ordering — the common fast path that requires no CAS loop.
+
+**`addWeakReleaseStrongRef()`** is an atomic composite operation needed when `SharedWeakUnion` converts itself from a strong to a weak reference. Doing these as two separate operations would create a transient moment where the object has neither kind of reference holding it, which could trigger premature destruction. The implementation computes `weakDelta - strongDelta` and applies it as one delta in a CAS loop, while still setting `partialDestroyStartedBit` if appropriate.
+
+**`checkoutStrongRefFromWeak()`** implements `lock()` semantics: it atomically increments the strong count, but only if the strong count is currently nonzero. If it reaches zero between load and CAS, the loop exits with `false`, signalling that the object is already being destroyed.
+
+## Design Notes and Tradeoffs
+
+The `addStrongRef()` is `noexcept` by requirement: `make_SharedIntrusive` calls it immediately after `new T(...)`, and if it could throw, the freshly allocated object would leak. The `static_assert` in `make_SharedIntrusive` enforces this.
+
+The `uint16_t` strong count cap of 65 535 and 14-bit weak count cap of 16 383 are annotated with a `TODO`: if audit reveals these are insufficient, both types would need to widen to `uint32_t`, moving the entire atomic to `uint64_t`. The `checkStrongMaxValue` and `checkWeakMaxValue` constants leave a 32-unit margin below the hard cap, and debug-mode assertions in `RefCountPair`'s constructors fire before the actual overflow, providing early warning.
+
+The `partialDestructorFinished()` free function is deliberately *not* called at the end of the `partialDestructor()` virtual method itself. This means any class that inherits `IntrusiveRefCounts` and implements its own `partialDestructor()` must explicitly call `partialDestructorFinished()` when done. The comment explains this was chosen to make the protocol visible at the call site rather than hiding it inside the smart-pointer machinery, reducing the chance that new subclasses silently skip the required notification.

include/xrpl/basics/KeyCache.h.ai.json

@@ -0,0 +1,14 @@
+{
+  "args": [],
+  "classes": [],
+  "description": "Defines a type alias KeyCache as a TaggedCache specialized for uint256 keys and int values within the xrpl namespace.",
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/KeyCache.h",
+  "functions": [],
+  "language": "c header",
+  "namespaces": [
+    {
+      "lineno": 5,
+      "name": "xrpl"
+    }
+  ]
+}

include/xrpl/basics/KeyCache.h.ai.md

@@ -0,0 +1,13 @@
+# `KeyCache.h` — Key-Only Cache Type Alias
+
+`KeyCache.h` provides a single-line type alias that expresses a common, narrow caching pattern throughout the XRPL codebase: track the *presence* of `uint256` keys over time, without attaching any value to them.
+
+```cpp
+using KeyCache = TaggedCache<uint256, int, true>;
+```
+
+The three template arguments to `TaggedCache` are: the key type (`uint256`, the 256-bit hash used pervasively in XRPL), a value type placeholder (`int`), and the `IsKeyCache` boolean flag set to `true`. That third argument is the critical one. Inside `TaggedCache`, `IsKeyCache = true` activates a compile-time branch via `std::conditional` that substitutes `KeyOnlyEntry` — a struct holding nothing but a `last_access` timestamp — in place of the full `ValueEntry` that carries a `shared_ptr` to an actual object. The `int` value type is therefore never stored or accessed; it exists only to satisfy the template parameter list.
+
+This design lets callers answer a single yes/no question efficiently: *"Have I seen this hash recently enough that I don't need to re-check it?"* The primary consumer is `FullBelowCache` in `include/xrpl/shamap/FullBelowCache.h`, which uses a `KeyCache` to remember which SHAMap tree nodes have all their descendants resident in the database. When a node is marked "full below," the ledger acquisition machinery can skip redundant subtree traversals, a meaningful performance win during sync.
+
+Because `KeyCache` is built directly on `TaggedCache`, it inherits the full sweep-based expiry mechanism, thread-safe access under `std::recursive_mutex`, and the `touch_if_exists` / `insert` interface — with `insert` enabled only in the key-only overload path when `IsKeyCache` is `true`.

include/xrpl/basics/LocalValue.h.ai.json

@@ -0,0 +1,76 @@
+{
+  "args": [
+    {
+      "lineno": 34,
+      "name": "lvs"
+    },
+    {
+      "lineno": 53,
+      "name": "Args... args"
+    }
+  ],
+  "classes": [
+    {
+      "args": [],
+      "lineno": 9,
+      "name": "LocalValues"
+    },
+    {
+      "args": [],
+      "lineno": 15,
+      "name": "BasicValue"
+    },
+    {
+      "args": [
+        "T",
+        "t"
+      ],
+      "lineno": 21,
+      "name": "Value"
+    },
+    {
+      "args": [
+        "Args... args"
+      ],
+      "lineno": 52,
+      "name": "LocalValue"
+    }
+  ],
+  "description": "Implements a thread- and coroutine-local storage utility for storing values specific to the calling thread or coroutine, using boost::thread_specific_ptr and custom value wrappers.",
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/LocalValue.h",
+  "functions": [
+    {
+      "args": [
+        "lvs"
+      ],
+      "lineno": 34,
+      "name": "cleanup"
+    },
+    {
+      "args": [],
+      "lineno": 41,
+      "name": "getLocalValues"
+    },
+    {
+      "args": [],
+      "lineno": 67,
+      "name": "operator*"
+    },
+    {
+      "args": [],
+      "lineno": 61,
+      "name": "operator->"
+    }
+  ],
+  "language": "c header",
+  "namespaces": [
+    {
+      "lineno": 6,
+      "name": "xrpl"
+    },
+    {
+      "lineno": 8,
+      "name": "detail"
+    }
+  ]
+}

include/xrpl/basics/LocalValue.h.ai.md

@@ -0,0 +1,64 @@
+# `LocalValue.h` — Coroutine-Aware Local Storage
+
+## Role and Motivation
+
+Standard `thread_local` storage is insufficient in a system that runs cooperative coroutines on a thread pool. XRPL's `JobQueue::Coro` coroutines (backed by `boost::coroutines2`) are created on one thread, suspended with `yield()`, and resumed — potentially on a different thread. If two coroutines share a worker thread, a naive `thread_local` variable would expose the state left behind by a previously suspended coroutine, producing subtle, hard-to-reproduce bugs.
+
+`LocalValue<T>` solves this by providing **coroutine-aware local storage**: each coroutine (or plain thread, as a fallback) gets its own independent copy of a `T`, keyed to its execution context rather than its OS thread.
+
+## Architecture
+
+The design has two interlocking layers: a per-coroutine dictionary (`LocalValues`) managed via a thread-local pointer, and a typed wrapper (`LocalValue<T>`) that uses its own address as a dictionary key.
+
+### `detail::LocalValues`
+
+`LocalValues` is a runtime dictionary that maps `void const*` keys to heap-allocated `BasicValue` instances. The keys are the addresses of `LocalValue<T>` objects; the values hold a type-erased `Value<T>` (a concrete subclass of `BasicValue`) accessed through a virtual `get()` that returns `void*`. This type-erasure pattern lets a single heterogeneous map hold values of arbitrary types without any registry or type-ID scheme — the `LocalValue<T>` template handles all casts.
+
+The `onCoro` flag distinguishes two ownership modes. When `onCoro == true`, the `LocalValues` is embedded directly in a `Coro` object (`detail::LocalValues lvs_`) and its lifetime is tied to the coroutine's. When `onCoro == false`, the `LocalValues` was heap-allocated for a plain thread worker, and the `cleanup()` deleter passed to `boost::thread_specific_ptr` will `delete` it on thread exit.
+
+### Thread-Local Pointer Swap in `Coro::resume()`
+
+The critical mechanism lives in `Coro.ipp`. Every time a coroutine is resumed, `Coro::resume()` performs a pointer swap:
+
+```cpp
+auto saved = detail::getLocalValues().release();
+detail::getLocalValues().reset(&lvs_);
+// ... run coroutine body ...
+detail::getLocalValues().release();
+detail::getLocalValues().reset(saved);
+```
+
+This installs the coroutine's private `lvs_` as the active `LocalValues` for the duration of the coroutine's time slice, then restores the previous state. Any `LocalValue<T>` dereference during that time slice will therefore see the coroutine's private dictionary. Because `lvs_` is owned by the `Coro` object and the `thread_specific_ptr` merely borrows it (it will not delete it thanks to `cleanup()`'s `onCoro` guard), there is no double-free risk.
+
+### `LocalValue<T>` — The Public Interface
+
+`LocalValue<T>` is a global or static object that holds a single "prototype" value `t_` set at construction time. The prototype is never mutated; it only serves as the initializer for per-context copies.
+
+`operator*()` implements the lookup:
+
+1. Call `detail::getLocalValues().get()` to retrieve (or lazily create) the `LocalValues` for the current context.
+2. If no `LocalValues` exists yet, allocate one with `onCoro = false` (plain thread path) and register it with the `thread_specific_ptr`.
+3. Search for `this` in `lvs->values`. On a hit, cast the `void*` back to `T&` and return it.
+4. On a miss, emplace a new `Value<T>` copy-initialized from `t_`, then return a reference to that new copy.
+
+`operator->()` is a trivial forwarding wrapper to `operator*()`.
+
+## Concrete Usage
+
+In `IOUAmount.cpp`, `LocalValue<bool>` governs whether IOU arithmetic uses the newer `STNumber` code path or the legacy one. Wrapping this flag in a `LocalValue` rather than `thread_local` ensures that two coroutines executing concurrently on the same thread pool can independently select their arithmetic mode without one overwriting the other's flag:
+
+```cpp
+static LocalValue<bool> r{true};
+```
+
+The coroutine test in `Coroutine_test.cpp` verifies the isolation property directly: four coroutines each set `*lv = id` (their own integer ID), interleave via yields, and confirm that no coroutine ever sees another's value. A plain-thread job running on the same pool also sees an independent copy.
+
+## Key Design Decisions
+
+**Address-keyed map instead of a registry.** Using `this` (the `LocalValue<T>*`) as the map key avoids any global registry or static ID counter. Each `LocalValue<T>` is naturally unique by address, and the approach requires no synchronization beyond what the `thread_specific_ptr` already provides.
+
+**Lazy allocation.** The per-context copy is created on first dereference rather than at construction. This keeps coroutine startup cheap when only some `LocalValue` instances are actually accessed.
+
+**`void*` type erasure with `unique_ptr<BasicValue>`.** A single `unordered_map` can hold values of unrelated types (`bool`, `int`, custom structs) because ownership and destruction are managed through the virtual destructor of `BasicValue`. The `LocalValue<T>` template retains type knowledge and performs the cast safely — the key equality guarantees that the `void*` behind a given key will always be a `T*`.
+
+**`onCoro` ownership flag.** The asymmetry between coroutine-owned and thread-owned `LocalValues` is handled by a single boolean rather than two separate code paths or a custom deleter per instance. The `boost::thread_specific_ptr` deleter is fixed at static-initialization time, so the flag is the only extensible hook available.

include/xrpl/basics/Log.h.ai.json

@@ -0,0 +1,62 @@
+{
+  "args": [
+    {
+      "lineno": 36,
+      "name": "partition"
+    },
+    {
+      "lineno": 36,
+      "name": "thresh"
+    },
+    {
+      "lineno": 36,
+      "name": "logs"
+    }
+  ],
+  "classes": [
+    {
+      "args": [
+        "level"
+      ],
+      "lineno": 27,
+      "name": "Logs"
+    },
+    {
+      "args": [
+        "partition",
+        "thresh",
+        "logs"
+      ],
+      "lineno": 33,
+      "name": "Logs::Sink"
+    },
+    {
+      "args": [],
+      "lineno": 61,
+      "name": "Logs::File"
+    }
+  ],
+  "description": "This file defines logging utilities for the XRPL project, including log severity levels, a Logs manager class for handling log partitions and files, and macros/utilities for debug logging.",
+  "file_path": "workflow/XRPLF-rippled-develop/source/include/xrpl/basics/Log.h",
+  "functions": [
+    {
+      "args": [
+        "sink"
+      ],
+      "lineno": 168,
+      "name": "setDebugLogSink"
+    },
+    {
+      "args": [],
+      "lineno": 175,
+      "name": "debugLog"
+    }
+  ],
+  "language": "c header",
+  "namespaces": [
+    {
+      "lineno": 18,
+      "name": "xrpl"
+    }
+  ]
+}