Review feedback

This change enables the following clang-tidy checks:
-  readability-avoid-nested-conditional-operator,
-  readability-avoid-return-with-void-value,
-  readability-braces-around-statements,
-  readability-const-return-type,
-  readability-container-contains,
-  readability-container-size-empty,
-  readability-else-after-return,
-  readability-make-member-function-const,
-  readability-redundant-casting,
-  readability-redundant-inline-specifier,
-  readability-redundant-member-init,
-  readability-redundant-string-init,
-  readability-reference-to-constructed-temporary,
-  readability-static-definition

.clang-tidy

@@ -8,12 +8,14 @@ Checks: "-*,
   bugprone-chained-comparison,
   bugprone-compare-pointer-to-member-virtual-function,
   bugprone-copy-constructor-init,
+  bugprone-crtp-constructor-accessibility,
   bugprone-dangling-handle,
   bugprone-dynamic-static-initializers,
   bugprone-empty-catch,
   bugprone-fold-init-type,
   bugprone-forward-declaration-namespace,
   bugprone-inaccurate-erase,
+  bugprone-inc-dec-in-conditions,
   bugprone-incorrect-enable-if,
   bugprone-incorrect-roundings,
   bugprone-infinite-loop,
@@ -30,9 +32,12 @@ Checks: "-*,
   bugprone-multiple-statement-macro,
   bugprone-no-escape,
   bugprone-non-zero-enum-to-bool-conversion,
+  bugprone-optional-value-conversion,
   bugprone-parent-virtual-call,
+  bugprone-pointer-arithmetic-on-polymorphic-object,
   bugprone-posix-return,
   bugprone-redundant-branch-condition,
+  bugprone-reserved-identifier,
   bugprone-return-const-ref-from-parameter,
   bugprone-shared-ptr-array-mismatch,
   bugprone-signal-handler,
@@ -53,17 +58,31 @@ Checks: "-*,
   bugprone-suspicious-realloc-usage,
   bugprone-suspicious-semicolon,
   bugprone-suspicious-string-compare,
+  bugprone-suspicious-stringview-data-usage,
   bugprone-swapped-arguments,
+  bugprone-switch-missing-default-case,
   bugprone-terminating-continue,
   bugprone-throw-keyword-missing,
+  bugprone-too-small-loop-variable,
+  # bugprone-unchecked-optional-access, # see https://github.com/XRPLF/rippled/pull/6502
   bugprone-undefined-memory-manipulation,
   bugprone-undelegated-constructor,
   bugprone-unhandled-exception-at-new,
+  bugprone-unhandled-self-assignment,
   bugprone-unique-ptr-array-mismatch,
   bugprone-unsafe-functions,
+  bugprone-use-after-move,
+  bugprone-unused-raii,
+  bugprone-unused-return-value,
   bugprone-unused-local-non-trivial-variable,
   bugprone-virtual-near-miss,
+  cppcoreguidelines-init-variables,
+  cppcoreguidelines-misleading-capture-default-by-value,
   cppcoreguidelines-no-suspend-with-lock,
+  cppcoreguidelines-pro-type-member-init,
+  cppcoreguidelines-pro-type-static-cast-downcast,
+  cppcoreguidelines-rvalue-reference-param-not-moved,
+  cppcoreguidelines-use-default-member-init,
   cppcoreguidelines-virtual-class-destructor,
   hicpp-ignored-remove-result,
   misc-definitions-in-headers,
@@ -73,69 +92,48 @@ Checks: "-*,
   misc-throw-by-value-catch-by-reference,
   misc-unused-alias-decls,
   misc-unused-using-decls,
-  readability-duplicate-include,
-  readability-enum-initial-value,
-  readability-misleading-indentation,
-  readability-non-const-parameter,
-  readability-redundant-declaration,
-  readability-reference-to-constructed-temporary,
   modernize-deprecated-headers,
   modernize-make-shared,
   modernize-make-unique,
   performance-implicit-conversion-in-loop,
   performance-move-constructor-init,
-  performance-trivially-destructible
+  performance-trivially-destructible,
+  readability-avoid-nested-conditional-operator,
+  readability-avoid-return-with-void-value,
+  readability-braces-around-statements,
+  readability-const-return-type,
+  readability-container-contains,
+  readability-container-size-empty,
+  readability-duplicate-include,
+  readability-else-after-return,
+  readability-enum-initial-value,
+  readability-make-member-function-const,
+  readability-misleading-indentation,
+  readability-non-const-parameter,
+  readability-redundant-casting,
+  readability-redundant-declaration,
+  readability-redundant-inline-specifier,
+  readability-redundant-member-init,
+  readability-redundant-string-init,
+  readability-reference-to-constructed-temporary,
+  readability-static-definition-in-anonymous-namespace,
+  readability-use-std-min-max
   "
 # ---
 # checks that have some issues that need to be resolved:
 #
-# bugprone-crtp-constructor-accessibility,
-# bugprone-inc-dec-in-conditions,
-# bugprone-reserved-identifier,
-# bugprone-move-forwarding-reference,
-# bugprone-switch-missing-default-case,
-# bugprone-suspicious-stringview-data-usage,
-# bugprone-pointer-arithmetic-on-polymorphic-object,
-# bugprone-optional-value-conversion,
-# bugprone-too-small-loop-variable,
-# bugprone-unused-return-value,
-# bugprone-use-after-move,
-# bugprone-unhandled-self-assignment,
-# bugprone-unused-raii,
-#
-# cppcoreguidelines-misleading-capture-default-by-value,
-# cppcoreguidelines-init-variables,
-# cppcoreguidelines-pro-type-member-init,
-# cppcoreguidelines-pro-type-static-cast-downcast,
-# cppcoreguidelines-use-default-member-init,
-# cppcoreguidelines-rvalue-reference-param-not-moved,
-#
 # llvm-namespace-comment,
 # misc-const-correctness,
 # misc-include-cleaner,
 # misc-redundant-expression,
 #
-# readability-avoid-nested-conditional-operator,
-# readability-avoid-return-with-void-value,
-# readability-braces-around-statements,
-# readability-container-contains,
-# readability-container-size-empty,
 # readability-convert-member-functions-to-static,
-# readability-const-return-type,
-# readability-else-after-return,
 # readability-implicit-bool-conversion,
 # readability-inconsistent-declaration-parameter-name,
 # readability-identifier-naming,
-# readability-make-member-function-const,
 # readability-math-missing-parentheses,
-# readability-redundant-inline-specifier,
-# readability-redundant-member-init,
-# readability-redundant-casting,
-# readability-redundant-string-init,
 # readability-simplify-boolean-expr,
-# readability-static-definition-in-anonymous-namespace,
 # readability-suspicious-call-argument,
-# readability-use-std-min-max,
 # readability-static-accessed-through-instance,
 #
 # modernize-concat-nested-namespaces,
@@ -159,7 +157,7 @@ Checks: "-*,
 # ---
 #
 CheckOptions:
-  #   readability-braces-around-statements.ShortStatementLines: 2
+  readability-braces-around-statements.ShortStatementLines: 2
   #   readability-identifier-naming.MacroDefinitionCase: UPPER_CASE
   #   readability-identifier-naming.ClassCase: CamelCase
   #   readability-identifier-naming.StructCase: CamelCase
@@ -194,7 +192,7 @@ CheckOptions:
   #   readability-identifier-naming.PublicMemberSuffix: ""
   #   readability-identifier-naming.FunctionIgnoredRegexp: ".*tag_invoke.*"
   bugprone-unsafe-functions.ReportMoreUnsafeFunctions: true
-#   bugprone-unused-return-value.CheckedReturnTypes: ::std::error_code;::std::error_condition;::std::errc
+  bugprone-unused-return-value.CheckedReturnTypes: ::std::error_code;::std::error_condition;::std::errc
 #   misc-include-cleaner.IgnoreHeaders: '.*/(detail|impl)/.*;.*(expected|unexpected).*;.*ranges_lower_bound\.h;time.h;stdlib.h;__chrono/.*;fmt/chrono.h;boost/uuid/uuid_hash.hpp'
 #
 # HeaderFilterRegex: '^.*/(src|tests)/.*\.(h|hpp)$'

.github/pull_request_template.md

@@ -29,22 +29,6 @@ If a refactor, how is this better than the previous implementation?
 If there is a spec or design document for this feature, please link it here.
 -->
 
-### Type of Change
-
-<!--
-Please check [x] relevant options, delete irrelevant ones.
--->
-
-- [ ] Bug fix (non-breaking change which fixes an issue)
-- [ ] New feature (non-breaking change which adds functionality)
-- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
-- [ ] Refactor (non-breaking change that only restructures code)
-- [ ] Performance (increase or change in throughput and/or latency)
-- [ ] Tests (you added tests for code that already exists, or your new feature included in this PR)
-- [ ] Documentation update
-- [ ] Chore (no impact to binary, e.g. `.gitignore`, formatting, dropping support for older tooling)
-- [ ] Release
-
 ### API Impact
 
 <!--

.github/scripts/levelization/README.md

@@ -70,7 +70,7 @@ that `test` code should _never_ be included in `xrpl` or `xrpld` code.)
 
 ## Validation
 
-The [levelization](generate.sh) script takes no parameters,
+The [levelization](generate.py) script takes no parameters,
 reads no environment variables, and can be run from any directory,
 as long as it is in the expected location in the rippled repo.
 It can be run at any time from within a checked out repo, and will
@@ -104,7 +104,7 @@ It generates many files of [results](results):
   Github Actions workflow to test that levelization loops haven't
   changed. Unfortunately, if changes are detected, it can't tell if
   they are improvements or not, so if you have resolved any issues or
-  done anything else to improve levelization, run `levelization.sh`,
+  done anything else to improve levelization, run `generate.py`,
   and commit the updated results.
 
 The `loops.txt` and `ordering.txt` files relate the modules
@@ -128,7 +128,7 @@ The committed files hide the detailed values intentionally, to
 prevent false alarms and merging issues, and because it's easy to
 get those details locally.
 
-1. Run `levelization.sh`
+1. Run `generate.py`
 2. Grep the modules in `paths.txt`.
    - For example, if a cycle is found `A ~= B`, simply `grep -w
 A .github/scripts/levelization/results/paths.txt | grep -w B`

.github/scripts/levelization/generate.py

@@ -0,0 +1,335 @@
+#!/usr/bin/env python3
+
+"""
+Usage: generate.py
+This script takes no parameters, and can be called from any directory in the file system.
+"""
+
+import os
+import re
+import subprocess
+import sys
+from collections import defaultdict
+from pathlib import Path
+from typing import Dict, List, Tuple, Set, Optional
+
+# Compile regex patterns once at module level
+INCLUDE_PATTERN = re.compile(r"^\s*#include.*/.*\.h")
+INCLUDE_PATH_PATTERN = re.compile(r'[<"]([^>"]+)[>"]')
+
+
+def dictionary_sort_key(s: str) -> str:
+    """
+    Create a sort key that mimics 'sort -d' (dictionary order).
+    Dictionary order only considers blanks and alphanumeric characters.
+    This means punctuation like '.' is ignored during sorting.
+    """
+    # Keep only alphanumeric characters and spaces
+    return "".join(c for c in s if c.isalnum() or c.isspace())
+
+
+def get_level(file_path: str) -> str:
+    """
+    Extract the level from a file path (second and third directory components).
+    Equivalent to bash: cut -d/ -f 2,3
+
+    Examples:
+        src/xrpld/app/main.cpp -> xrpld.app
+        src/libxrpl/protocol/STObject.cpp -> libxrpl.protocol
+        include/xrpl/basics/base_uint.h -> xrpl.basics
+    """
+    parts = file_path.split("/")
+
+    # Get fields 2 and 3 (indices 1 and 2 in 0-based indexing)
+    if len(parts) >= 3:
+        level = f"{parts[1]}/{parts[2]}"
+    elif len(parts) >= 2:
+        level = f"{parts[1]}/toplevel"
+    else:
+        level = file_path
+
+    # If the "level" indicates a file, cut off the filename
+    if "." in level.split("/")[-1]:  # Avoid Path object creation
+        # Use the "toplevel" label as a workaround for `sort`
+        # inconsistencies between different utility versions
+        level = level.rsplit("/", 1)[0] + "/toplevel"
+
+    return level.replace("/", ".")
+
+
+def extract_include_level(include_line: str) -> Optional[str]:
+    """
+    Extract the include path from an #include directive.
+    Gets the first two directory components from the include path.
+    Equivalent to bash: cut -d/ -f 1,2
+
+    Examples:
+        #include <xrpl/basics/base_uint.h> -> xrpl.basics
+        #include "xrpld/app/main/Application.h" -> xrpld.app
+    """
+    # Remove everything before the quote or angle bracket
+    match = INCLUDE_PATH_PATTERN.search(include_line)
+    if not match:
+        return None
+
+    include_path = match.group(1)
+    parts = include_path.split("/")
+
+    # Get first two fields (indices 0 and 1)
+    if len(parts) >= 2:
+        include_level = f"{parts[0]}/{parts[1]}"
+    else:
+        include_level = include_path
+
+    # If the "includelevel" indicates a file, cut off the filename
+    if "." in include_level.split("/")[-1]:  # Avoid Path object creation
+        include_level = include_level.rsplit("/", 1)[0] + "/toplevel"
+
+    return include_level.replace("/", ".")
+
+
+def find_repository_directories(
+    start_path: Path, depth_limit: int = 10
+) -> Tuple[Path, List[Path]]:
+    """
+    Find the repository root by looking for src or include folders.
+    Walks up the directory tree from the start path.
+    """
+    current = start_path.resolve()
+
+    # Walk up the directory tree
+    for _ in range(depth_limit):  # Limit search depth to prevent infinite loops
+        src_path = current / "src"
+        include_path = current / "include"
+        # Check if this directory has src or include folders
+        has_src = src_path.exists()
+        has_include = include_path.exists()
+
+        if has_src or has_include:
+            return current, [src_path, include_path]
+
+        # Move up one level
+        parent = current.parent
+        if parent == current:  # Reached filesystem root
+            break
+        current = parent
+
+    # If we couldn't find it, raise an error
+    raise RuntimeError(
+        "Could not find repository root. "
+        "Expected to find a directory containing 'src' and/or 'include' folders."
+    )
+
+
+def main():
+    # Change to the script's directory
+    script_dir = Path(__file__).parent.resolve()
+    os.chdir(script_dir)
+
+    # Clean up and create results directory.
+    results_dir = script_dir / "results"
+    if results_dir.exists():
+        import shutil
+
+        shutil.rmtree(results_dir)
+    results_dir.mkdir()
+
+    # Find the repository root by searching for src and include directories.
+    try:
+        repo_root, scan_dirs = find_repository_directories(script_dir)
+
+        print(f"Found repository root: {repo_root}")
+        print(f"Scanning directories:")
+        for scan_dir in scan_dirs:
+            print(f"  - {scan_dir.relative_to(repo_root)}")
+    except RuntimeError as e:
+        print(f"Error: {e}", file=sys.stderr)
+        sys.exit(1)
+
+    print("\nScanning for raw includes...")
+    # Find all #include directives
+    raw_includes: List[Tuple[str, str]] = []
+    rawincludes_file = results_dir / "rawincludes.txt"
+
+    # Write to file as we go to avoid storing everything in memory.
+    with open(rawincludes_file, "w", buffering=8192) as raw_f:
+        for dir_path in scan_dirs:
+            print(f"  Scanning {dir_path.relative_to(repo_root)}...")
+
+            for file_path in dir_path.rglob("*"):
+                if not file_path.is_file():
+                    continue
+
+                try:
+                    rel_path_str = str(file_path.relative_to(repo_root))
+
+                    # Read file with a large buffer for performance.
+                    with open(
+                        file_path,
+                        "r",
+                        encoding="utf-8",
+                        errors="ignore",
+                        buffering=8192,
+                    ) as f:
+                        for line in f:
+                            # Quick check before regex
+                            if "#include" not in line or "boost" in line:
+                                continue
+
+                            if INCLUDE_PATTERN.match(line):
+                                line_stripped = line.strip()
+                                entry = f"{rel_path_str}:{line_stripped}\n"
+                                print(entry, end="")
+                                raw_f.write(entry)
+                                raw_includes.append((rel_path_str, line_stripped))
+                except Exception as e:
+                    print(f"Error reading {file_path}: {e}", file=sys.stderr)
+
+    # Build levelization paths and count directly (no need to sort first).
+    print("Build levelization paths")
+    path_counts: Dict[Tuple[str, str], int] = defaultdict(int)
+
+    for file_path, include_line in raw_includes:
+        include_level = extract_include_level(include_line)
+        if not include_level:
+            continue
+
+        level = get_level(file_path)
+        if level != include_level:
+            path_counts[(level, include_level)] += 1
+
+    # Sort and deduplicate paths (using dictionary order like bash 'sort -d').
+    print("Sort and deduplicate paths")
+
+    paths_file = results_dir / "paths.txt"
+    with open(paths_file, "w") as f:
+        # Sort using dictionary order: only alphanumeric and spaces matter
+        sorted_items = sorted(
+            path_counts.items(),
+            key=lambda x: (dictionary_sort_key(x[0][0]), dictionary_sort_key(x[0][1])),
+        )
+        for (level, include_level), count in sorted_items:
+            line = f"{count:7} {level} {include_level}\n"
+            print(line.rstrip())
+            f.write(line)
+
+    # Split into flat-file database
+    print("Split into flat-file database")
+    includes_dir = results_dir / "includes"
+    included_by_dir = results_dir / "included_by"
+    includes_dir.mkdir()
+    included_by_dir.mkdir()
+
+    # Batch writes by grouping data first to avoid repeated file opens.
+    includes_data: Dict[str, List[Tuple[str, int]]] = defaultdict(list)
+    included_by_data: Dict[str, List[Tuple[str, int]]] = defaultdict(list)
+
+    # Process in sorted order to match bash script behaviour (dictionary order).
+    sorted_items = sorted(
+        path_counts.items(),
+        key=lambda x: (dictionary_sort_key(x[0][0]), dictionary_sort_key(x[0][1])),
+    )
+    for (level, include_level), count in sorted_items:
+        includes_data[level].append((include_level, count))
+        included_by_data[include_level].append((level, count))
+
+    # Write all includes files in sorted order (dictionary order).
+    for level in sorted(includes_data.keys(), key=dictionary_sort_key):
+        entries = includes_data[level]
+        with open(includes_dir / level, "w") as f:
+            for include_level, count in entries:
+                line = f"{include_level} {count}\n"
+                print(line.rstrip())
+                f.write(line)
+
+    # Write all included_by files in sorted order (dictionary order).
+    for include_level in sorted(included_by_data.keys(), key=dictionary_sort_key):
+        entries = included_by_data[include_level]
+        with open(included_by_dir / include_level, "w") as f:
+            for level, count in entries:
+                line = f"{level} {count}\n"
+                print(line.rstrip())
+                f.write(line)
+
+    # Search for loops
+    print("Search for loops")
+    loops_file = results_dir / "loops.txt"
+    ordering_file = results_dir / "ordering.txt"
+
+    loops_found: Set[Tuple[str, str]] = set()
+
+    # Pre-load all include files into memory to avoid repeated I/O.
+    # This is the biggest optimisation - we were reading files repeatedly in nested loops.
+    # Use list of tuples to preserve file order.
+    includes_cache: Dict[str, List[Tuple[str, int]]] = {}
+    includes_lookup: Dict[str, Dict[str, int]] = {}  # For fast lookup
+
+    # Note: bash script uses 'for source in *' which uses standard glob sorting,
+    # NOT dictionary order. So we use standard sorted() here, not dictionary_sort_key.
+    for include_file in sorted(includes_dir.iterdir(), key=lambda p: p.name):
+        if not include_file.is_file():
+            continue
+
+        includes_cache[include_file.name] = []
+        includes_lookup[include_file.name] = {}
+        with open(include_file, "r") as f:
+            for line in f:
+                parts = line.strip().split()
+                if len(parts) >= 2:
+                    include_name = parts[0]
+                    include_count = int(parts[1])
+                    includes_cache[include_file.name].append(
+                        (include_name, include_count)
+                    )
+                    includes_lookup[include_file.name][include_name] = include_count
+
+    with open(loops_file, "w", buffering=8192) as loops_f, open(
+        ordering_file, "w", buffering=8192
+    ) as ordering_f:
+
+        # Use standard sorting to match bash glob expansion 'for source in *'.
+        for source in sorted(includes_cache.keys()):
+            source_includes = includes_cache[source]
+
+            for include, include_freq in source_includes:
+                # Check if include file exists and references source
+                if include not in includes_lookup:
+                    continue
+
+                source_freq = includes_lookup[include].get(source)
+
+                if source_freq is not None:
+                    # Found a loop
+                    loop_key = tuple(sorted([source, include]))
+                    if loop_key in loops_found:
+                        continue
+                    loops_found.add(loop_key)
+
+                    loops_f.write(f"Loop: {source} {include}\n")
+
+                    # If the counts are close, indicate that the two modules are
+                    # on the same level, though they shouldn't be.
+                    diff = include_freq - source_freq
+                    if diff > 3:
+                        loops_f.write(f"  {source} > {include}\n\n")
+                    elif diff < -3:
+                        loops_f.write(f"  {include} > {source}\n\n")
+                    elif source_freq == include_freq:
+                        loops_f.write(f"  {include} == {source}\n\n")
+                    else:
+                        loops_f.write(f"  {include} ~= {source}\n\n")
+                else:
+                    ordering_f.write(f"{source} > {include}\n")
+
+    # Print results
+    print("\nOrdering:")
+    with open(ordering_file, "r") as f:
+        print(f.read(), end="")
+
+    print("\nLoops:")
+    with open(loops_file, "r") as f:
+        print(f.read(), end="")
+
+
+if __name__ == "__main__":
+    main()

.github/scripts/levelization/generate.sh

@@ -1,130 +0,0 @@
-#!/bin/bash
-
-# Usage: generate.sh
-# This script takes no parameters, reads no environment variables,
-# and can be run from any directory, as long as it is in the expected
-# location in the repo.
-
-pushd $( dirname $0 )
-
-if [ -v PS1 ]
-then
-  # if the shell is interactive, clean up any flotsam before analyzing
-  git clean -ix
-fi
-
-# Ensure all sorting is ASCII-order consistently across platforms.
-export LANG=C
-
-rm -rfv results
-mkdir results
-includes="$( pwd )/results/rawincludes.txt"
-pushd ../../..
-echo Raw includes:
-grep -r '^[ ]*#include.*/.*\.h' include src | \
-    grep -v boost | tee ${includes}
-popd
-pushd results
-
-oldifs=${IFS}
-IFS=:
-mkdir includes
-mkdir included_by
-echo Build levelization paths
-exec 3< ${includes} # open rawincludes.txt for input
-while read -r -u 3 file include
-do
-    level=$( echo ${file} | cut -d/ -f 2,3 )
-    # If the "level" indicates a file, cut off the filename
-    if [[ "${level##*.}" != "${level}" ]]
-    then
-        # Use the "toplevel" label as a workaround for `sort`
-        # inconsistencies between different utility versions
-        level="$( dirname ${level} )/toplevel"
-    fi
-    level=$( echo ${level} | tr '/' '.' )
-
-    includelevel=$( echo ${include} | sed 's/.*["<]//; s/[">].*//' | \
-        cut -d/ -f 1,2 )
-    if [[ "${includelevel##*.}" != "${includelevel}" ]]
-    then
-        # Use the "toplevel" label as a workaround for `sort`
-        # inconsistencies between different utility versions
-        includelevel="$( dirname ${includelevel} )/toplevel"
-    fi
-    includelevel=$( echo ${includelevel} | tr '/' '.' )
-
-    if [[ "$level" != "$includelevel" ]]
-    then
-        echo $level $includelevel | tee -a paths.txt
-    fi
-done
-echo Sort and deduplicate paths
-sort -ds paths.txt | uniq -c | tee sortedpaths.txt
-mv sortedpaths.txt paths.txt
-exec 3>&- #close fd 3
-IFS=${oldifs}
-unset oldifs
-
-echo Split into flat-file database
-exec 4<paths.txt # open paths.txt for input
-while read -r -u 4 count level include
-do
-    echo ${include} ${count} | tee -a includes/${level}
-    echo ${level} ${count} | tee -a included_by/${include}
-done
-exec 4>&- #close fd 4
-
-loops="$( pwd )/loops.txt"
-ordering="$( pwd )/ordering.txt"
-pushd includes
-echo Search for loops
-# Redirect stdout to a file
-exec 4>&1
-exec 1>"${loops}"
-for source in *
-do
-  if [[ -f "$source" ]]
-  then
-    exec 5<"${source}" # open for input
-    while read -r -u 5 include includefreq
-    do
-      if [[ -f $include ]]
-      then
-        if grep -q -w $source $include
-        then
-          if grep -q -w "Loop: $include $source" "${loops}"
-          then
-            continue
-          fi
-          sourcefreq=$( grep -w $source $include | cut -d\  -f2 )
-          echo "Loop: $source $include"
-          # If the counts are close, indicate that the two modules are
-          # on the same level, though they shouldn't be
-          if [[ $(( $includefreq - $sourcefreq )) -gt 3 ]]
-          then
-              echo -e "  $source > $include\n"
-          elif [[ $(( $sourcefreq - $includefreq )) -gt 3 ]]
-          then
-              echo -e "  $include > $source\n"
-          elif [[ $sourcefreq -eq $includefreq ]]
-          then
-              echo -e "  $include == $source\n"
-          else
-              echo -e "  $include ~= $source\n"
-          fi
-        else
-          echo "$source > $include" >> "${ordering}"
-        fi
-      fi
-    done
-    exec 5>&- #close fd 5
-  fi
-done
-exec 1>&4 #close fd 1
-exec 4>&- #close fd 4
-cat "${ordering}"
-cat "${loops}"
-popd
-popd
-popd

.github/scripts/levelization/results/ordering.txt

@@ -134,6 +134,7 @@ test.peerfinder > xrpld.core
 test.peerfinder > xrpld.peerfinder
 test.peerfinder > xrpl.protocol
 test.protocol > test.toplevel
+test.protocol > test.unit_test
 test.protocol > xrpl.basics
 test.protocol > xrpl.json
 test.protocol > xrpl.protocol
@@ -171,6 +172,7 @@ test.shamap > xrpl.shamap
 test.toplevel > test.csf
 test.toplevel > xrpl.json
 test.unit_test > xrpl.basics
+test.unit_test > xrpl.protocol
 tests.libxrpl > xrpl.basics
 tests.libxrpl > xrpl.json
 tests.libxrpl > xrpl.net

.github/scripts/strategy-matrix/generate.py

@@ -55,7 +55,7 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
             #   fee to 500.
             # - Bookworm using GCC 15: Debug on linux/amd64, enable code
             #   coverage (which will be done below).
-            # - Bookworm using Clang 16: Debug on linux/arm64, enable voidstar.
+            # - Bookworm using Clang 16: Debug on linux/amd64, enable voidstar.
             # - Bookworm using Clang 17: Release on linux/amd64, set the
             #   reference fee to 1000.
             # - Bookworm using Clang 20: Debug on linux/amd64.
@@ -78,7 +78,7 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
                     if (
                         f"{os['compiler_name']}-{os['compiler_version']}" == "clang-16"
                         and build_type == "Debug"
-                        and architecture["platform"] == "linux/arm64"
+                        and architecture["platform"] == "linux/amd64"
                     ):
                         cmake_args = f"-Dvoidstar=ON {cmake_args}"
                         skip = False

.github/workflows/check-pr-title.yml

@@ -1,10 +1,13 @@
 name: Check PR title
 
 on:
+  merge_group:
+    types:
+      - checks_requested
   pull_request:
     types: [opened, edited, reopened, synchronize]
     branches: [develop]
 
 jobs:
   check_title:
-    uses: XRPLF/actions/.github/workflows/check-pr-title.yml@943eb8277e8f4b010fde0c826ce4154c36c39509
+    uses: XRPLF/actions/.github/workflows/check-pr-title.yml@c6311685db43aa07971c4a6764320fecbc2acdcd

.github/workflows/on-pr.yml

@@ -141,9 +141,8 @@ jobs:
     needs:
       - should-run
       - build-test
-    # Only run when committing to a PR that targets a release branch in the
-    # XRPLF repository.
-    if: ${{ github.repository_owner == 'XRPLF' && needs.should-run.outputs.go == 'true' && startsWith(github.ref, 'refs/heads/release') }}
+    # Only run when committing to a PR that targets a release branch.
+    if: ${{ github.repository == 'XRPLF/rippled' && needs.should-run.outputs.go == 'true' && github.event_name == 'pull_request' && startsWith(github.event.pull_request.base.ref, 'release') }}
     uses: ./.github/workflows/reusable-upload-recipe.yml
     secrets:
       remote_username: ${{ secrets.CONAN_REMOTE_USERNAME }}

.github/workflows/on-tag.yml

@@ -17,8 +17,7 @@ defaults:
 
 jobs:
   upload-recipe:
-    # Only run when a tag is pushed to the XRPLF repository.
-    if: ${{ github.repository_owner == 'XRPLF' }}
+    if: ${{ github.repository == 'XRPLF/rippled' }}
     uses: ./.github/workflows/reusable-upload-recipe.yml
     secrets:
       remote_username: ${{ secrets.CONAN_REMOTE_USERNAME }}

.github/workflows/on-trigger.yml

@@ -92,8 +92,8 @@ jobs:
 
   upload-recipe:
     needs: build-test
-    # Only run when pushing to the develop branch in the XRPLF repository.
-    if: ${{ github.repository_owner == 'XRPLF' && github.event_name == 'push' && github.ref == 'refs/heads/develop' }}
+    # Only run when pushing to the develop branch.
+    if: ${{ github.repository == 'XRPLF/rippled' && github.event_name == 'push' && github.ref == 'refs/heads/develop' }}
     uses: ./.github/workflows/reusable-upload-recipe.yml
     secrets:
       remote_username: ${{ secrets.CONAN_REMOTE_USERNAME }}

.github/workflows/pre-commit.yml

@@ -1,6 +1,9 @@
 name: Run pre-commit hooks
 
 on:
+  merge_group:
+    types:
+      - checks_requested
   pull_request:
   push:
     branches:
@@ -11,7 +14,7 @@ on:
 jobs:
   # Call the workflow in the XRPLF/actions repo that runs the pre-commit hooks.
   run-hooks:
-    uses: XRPLF/actions/.github/workflows/pre-commit.yml@56de1bdf19639e009639a50b8d17c28ca954f267
+    uses: XRPLF/actions/.github/workflows/pre-commit.yml@44856eb0d6ecb7d376370244324ab3dc8b863bad
     with:
       runs_on: ubuntu-latest
       container: '{ "image": "ghcr.io/xrplf/ci/tools-rippled-pre-commit:sha-41ec7c1" }'

.github/workflows/reusable-build-test-config.yml

@@ -76,7 +76,7 @@ jobs:
     name: ${{ inputs.config_name }}
     runs-on: ${{ fromJSON(inputs.runs_on) }}
     container: ${{ inputs.image != '' && inputs.image || null }}
-    timeout-minutes: 60
+    timeout-minutes: ${{ inputs.sanitizers != '' && 360 || 60 }}
     env:
       # Use a namespace to keep the objects separate for each configuration.
       CCACHE_NAMESPACE: ${{ inputs.config_name }}
@@ -176,7 +176,7 @@ jobs:
           fi
 
       - name: Upload the binary (Linux)
-        if: ${{ github.repository_owner == 'XRPLF' && runner.os == 'Linux' }}
+        if: ${{ github.repository == 'XRPLF/rippled' && runner.os == 'Linux' }}
         uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: xrpld-${{ inputs.config_name }}
@@ -204,11 +204,17 @@ jobs:
 
       - name: Set sanitizer options
         if: ${{ !inputs.build_only && env.SANITIZERS_ENABLED == 'true' }}
+        env:
+          CONFIG_NAME: ${{ inputs.config_name }}
         run: |
-          echo "ASAN_OPTIONS=print_stacktrace=1:detect_container_overflow=0:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/asan.supp" >> ${GITHUB_ENV}
-          echo "TSAN_OPTIONS=second_deadlock_stack=1:halt_on_error=0:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/tsan.supp" >> ${GITHUB_ENV}
-          echo "UBSAN_OPTIONS=suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/ubsan.supp" >> ${GITHUB_ENV}
-          echo "LSAN_OPTIONS=suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/lsan.supp" >> ${GITHUB_ENV}
+          ASAN_OPTS="include=${GITHUB_WORKSPACE}/sanitizers/suppressions/runtime-asan-options.txt:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/asan.supp"
+          if [[ "${CONFIG_NAME}" == *gcc* ]]; then
+            ASAN_OPTS="${ASAN_OPTS}:alloc_dealloc_mismatch=0"
+          fi
+          echo "ASAN_OPTIONS=${ASAN_OPTS}" >> ${GITHUB_ENV}
+          echo "TSAN_OPTIONS=include=${GITHUB_WORKSPACE}/sanitizers/suppressions/runtime-tsan-options.txt:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/tsan.supp" >> ${GITHUB_ENV}
+          echo "UBSAN_OPTIONS=include=${GITHUB_WORKSPACE}/sanitizers/suppressions/runtime-ubsan-options.txt:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/ubsan.supp" >> ${GITHUB_ENV}
+          echo "LSAN_OPTIONS=include=${GITHUB_WORKSPACE}/sanitizers/suppressions/runtime-lsan-options.txt:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/lsan.supp" >> ${GITHUB_ENV}
 
       - name: Run the separate tests
         if: ${{ !inputs.build_only }}
@@ -230,6 +236,8 @@ jobs:
           BUILD_NPROC: ${{ steps.nproc.outputs.nproc }}
         run: |
           set -o pipefail
+          # Coverage builds are slower due to instrumentation; use fewer parallel jobs to avoid flakiness
+          [ "$COVERAGE_ENABLED" = "true" ] && BUILD_NPROC=$(( BUILD_NPROC - 2 ))
           ./xrpld --unittest --unittest-jobs "${BUILD_NPROC}" 2>&1 | tee unittest.log
 
       - name: Show test failure summary
@@ -266,7 +274,7 @@ jobs:
             --target coverage
 
       - name: Upload coverage report
-        if: ${{ github.repository_owner == 'XRPLF' && !inputs.build_only && env.COVERAGE_ENABLED == 'true' }}
+        if: ${{ github.repository == 'XRPLF/rippled' && !inputs.build_only && env.COVERAGE_ENABLED == 'true' }}
         uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
         with:
           disable_search: true

.github/workflows/reusable-check-levelization.yml

@@ -20,7 +20,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Check levelization
-        run: .github/scripts/levelization/generate.sh
+        run: python .github/scripts/levelization/generate.py
       - name: Check for differences
         env:
           MESSAGE: |
@@ -32,7 +32,7 @@ jobs:
             removed from loops.txt, it's probably an improvement, while if
             something was added, it's probably a regression.
 
-            Run '.github/scripts/levelization/generate.sh' in your repo, commit
+            Run '.github/scripts/levelization/generate.py' in your repo, commit
             and push the changes. See .github/scripts/levelization/README.md for
             more info.
         run: |

.github/workflows/reusable-clang-tidy.yml

@@ -51,5 +51,5 @@ jobs:
     if: ${{ always() && !cancelled() && (!inputs.check_only_changed || needs.determine-files.outputs.any_cpp_changed == 'true' || needs.determine-files.outputs.clang_tidy_config_changed == 'true') }}
     uses: ./.github/workflows/reusable-clang-tidy-files.yml
     with:
-      files: ${{ (needs.determine-files.outputs.clang_tidy_config_changed == 'true' && '') || (inputs.check_only_changed && needs.determine-files.outputs.all_changed_files || '') }}
+      files: ${{ needs.determine-files.outputs.clang_tidy_config_changed == 'true' && '' || (inputs.check_only_changed && needs.determine-files.outputs.all_changed_files || '') }}
       create_issue_on_failure: ${{ inputs.create_issue_on_failure }}

.github/workflows/reusable-upload-recipe.yml

@@ -69,22 +69,28 @@ jobs:
           conan export . --version=${{ steps.version.outputs.version }}
           conan upload --confirm --check --remote="${REMOTE_NAME}" xrpl/${{ steps.version.outputs.version }}
 
+      # When this workflow is triggered by a push event, it will always be when merging into the
+      # 'develop' branch, see on-trigger.yml.
       - name: Upload Conan recipe (develop)
-        if: ${{ github.ref == 'refs/heads/develop' }}
+        if: ${{ github.event_name == 'push' }}
         env:
           REMOTE_NAME: ${{ inputs.remote_name }}
         run: |
           conan export . --version=develop
           conan upload --confirm --check --remote="${REMOTE_NAME}" xrpl/develop
 
+      # When this workflow is triggered by a pull request event, it will always be when merging into
+      # one of the 'release' branches, see on-pr.yml.
       - name: Upload Conan recipe (rc)
-        if: ${{ startsWith(github.ref, 'refs/heads/release') }}
+        if: ${{ github.event_name == 'pull_request' }}
         env:
           REMOTE_NAME: ${{ inputs.remote_name }}
         run: |
           conan export . --version=rc
           conan upload --confirm --check --remote="${REMOTE_NAME}" xrpl/rc
 
+      # When this workflow is triggered by a tag event, it will always be when tagging a final
+      # release, see on-tag.yml.
       - name: Upload Conan recipe (release)
         if: ${{ github.event_name == 'tag' }}
         env:

.github/workflows/upload-conan-deps.yml

@@ -103,11 +103,11 @@ jobs:
           sanitizers: ${{ matrix.sanitizers }}
 
       - name: Log into Conan remote
-        if: ${{ github.repository_owner == 'XRPLF' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}
+        if: ${{ github.repository == 'XRPLF/rippled' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}
         run: conan remote login "${CONAN_REMOTE_NAME}" "${{ secrets.CONAN_REMOTE_USERNAME }}" --password "${{ secrets.CONAN_REMOTE_PASSWORD }}"
 
       - name: Upload Conan packages
-        if: ${{ github.repository_owner == 'XRPLF' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}
+        if: ${{ github.repository == 'XRPLF/rippled' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}
         env:
           FORCE_OPTION: ${{ github.event.inputs.force_upload == 'true' && '--force' || '' }}
         run: conan upload "*" --remote="${CONAN_REMOTE_NAME}" --confirm ${FORCE_OPTION}

.gitignore

@@ -75,6 +75,9 @@ DerivedData
 /.claude
 /CLAUDE.md
 
+# Python
+__pycache__
+
 # Direnv's directory
 /.direnv
 

API-CHANGELOG.md

@@ -35,6 +35,10 @@ This section contains changes targeting a future version.
   - `LEDGER_ENTRY_FLAGS`: Maps ledger entry type names to their flags and flag values.
   - `ACCOUNT_SET_FLAGS`: Maps AccountSet flag names (asf flags) to their numeric values.
 
+### Bugfixes
+
+- Peer Crawler: The `port` field in `overlay.active[]` now consistently returns an integer instead of a string for outbound peers. [#6318](https://github.com/XRPLF/rippled/pull/6318)
+
 ## XRP Ledger server version 3.1.0
 
 [Version 3.1.0](https://github.com/XRPLF/rippled/releases/tag/3.1.0) was released on Jan 27, 2026.

CMakeLists.txt

@@ -88,7 +88,6 @@ find_package(ed25519 REQUIRED)
 find_package(gRPC REQUIRED)
 find_package(LibArchive REQUIRED)
 find_package(lz4 REQUIRED)
-find_package(mpt-crypto REQUIRED)
 find_package(nudb REQUIRED)
 find_package(OpenSSL REQUIRED)
 find_package(secp256k1 REQUIRED)
@@ -101,7 +100,6 @@ target_link_libraries(
     INTERFACE
         ed25519::ed25519
         lz4::lz4
-        mpt-crypto::mpt-crypto
         OpenSSL::Crypto
         OpenSSL::SSL
         secp256k1::secp256k1
@@ -133,7 +131,6 @@ if(coverage)
     include(XrplCov)
 endif()
 
-set(PROJECT_EXPORT_SET XrplExports)
 include(XrplCore)
 include(XrplInstall)
 include(XrplValidatorKeys)

CONTRIBUTING.md

@@ -127,26 +127,6 @@ tl;dr
 > 6. Wrap the body at 72 characters.
 > 7. Use the body to explain what and why vs. how.
 
-In addition to those guidelines, please add one of the following
-prefixes to the subject line if appropriate.
-
-- `fix:` - The primary purpose is to fix an existing bug.
-- `perf:` - The primary purpose is performance improvements.
-- `refactor:` - The changes refactor code without affecting
-  functionality.
-- `test:` - The changes _only_ affect unit tests.
-- `docs:` - The changes _only_ affect documentation. This can
-  include code comments in addition to `.md` files like this one.
-- `build:` - The changes _only_ affect the build process,
-  including CMake and/or Conan settings.
-- `chore:` - Other tasks that don't affect the binary, but don't fit
-  any of the other cases. e.g. formatting, git settings, updating
-  Github Actions jobs.
-
-Whenever possible, when updating commits after the PR is open, please
-add the PR number to the end of the subject line. e.g. `test: Add
-unit tests for Feature X (#1234)`.
-
 ## Pull requests
 
 In general, pull requests use `develop` as the base branch.
@@ -180,6 +160,23 @@ credibility of the existing approvals is insufficient.
 Pull requests must be merged by [squash-and-merge][squash]
 to preserve a linear history for the `develop` branch.
 
+### Type of Change
+
+In addition to those guidelines, please start your PR title with one of the following:
+
+- `build:` - The changes _only_ affect the build process, including CMake and/or Conan settings.
+- `feat`: New feature (change which adds functionality).
+- `fix:` - The primary purpose is to fix an existing bug.
+- `docs:` - The changes _only_ affect documentation.
+- `test:` - The changes _only_ affect unit tests.
+- `ci`: Continuous Integration (changes to our CI configuration files and scripts).
+- `style`: Code style (formatting).
+- `refactor:` - The changes refactor code without affecting functionality.
+- `perf:` - The primary purpose is performance improvements.
+- `chore:` - Other tasks that don't affect the binary, but don't fit any of the other cases. e.g. `git` settings, `clang-tidy`, removing dead code, dropping support for older tooling.
+
+First letter after the type prefix should be capitalized, and the type prefix should be followed by a colon and a space. e.g. `feat: Add support for Borrowing Protocol`.
+
 ### "Ready to merge"
 
 A pull request should only have the "Ready to merge" label added when it

cmake/XrplCompiler.cmake

@@ -118,7 +118,7 @@ if(MSVC)
             NOMINMAX
             # TODO: Resolve these warnings, don't just silence them
             _SILENCE_ALL_CXX17_DEPRECATION_WARNINGS
-            $<$<AND:$<COMPILE_LANGUAGE:CXX>,$<CONFIG:Debug>>:_CRTDBG_MAP_ALLOC>
+            $<$<AND:$<COMPILE_LANGUAGE:CXX>,$<CONFIG:Debug>,$<NOT:$<BOOL:${is_ci}>>>:_CRTDBG_MAP_ALLOC>
     )
     target_link_libraries(common INTERFACE -errorreport:none -machine:X64)
 else()

cmake/XrplConfig.cmake

@@ -1,60 +0,0 @@
-include(CMakeFindDependencyMacro)
-# need to represent system dependencies of the lib here
-#[=========================================================[
-  Boost
-#]=========================================================]
-if(static OR APPLE OR MSVC)
-    set(Boost_USE_STATIC_LIBS ON)
-endif()
-set(Boost_USE_MULTITHREADED ON)
-if(static OR MSVC)
-    set(Boost_USE_STATIC_RUNTIME ON)
-else()
-    set(Boost_USE_STATIC_RUNTIME OFF)
-endif()
-find_dependency(
-    Boost
-    COMPONENTS
-    chrono
-    container
-    context
-    coroutine
-    date_time
-    filesystem
-    program_options
-    regex
-    system
-    thread
-)
-#[=========================================================[
-  OpenSSL
-#]=========================================================]
-if(NOT DEFINED OPENSSL_ROOT_DIR)
-    if(DEFINED ENV{OPENSSL_ROOT})
-        set(OPENSSL_ROOT_DIR $ENV{OPENSSL_ROOT})
-    elseif(APPLE)
-        find_program(homebrew brew)
-        if(homebrew)
-            execute_process(
-                COMMAND ${homebrew} --prefix openssl
-                OUTPUT_VARIABLE OPENSSL_ROOT_DIR
-                OUTPUT_STRIP_TRAILING_WHITESPACE
-            )
-        endif()
-    endif()
-    file(TO_CMAKE_PATH "${OPENSSL_ROOT_DIR}" OPENSSL_ROOT_DIR)
-endif()
-
-if(static OR APPLE OR MSVC)
-    set(OPENSSL_USE_STATIC_LIBS ON)
-endif()
-set(OPENSSL_MSVC_STATIC_RT ON)
-find_dependency(OpenSSL REQUIRED)
-find_dependency(ZLIB)
-find_dependency(date)
-if(TARGET ZLIB::ZLIB)
-    set_target_properties(
-        OpenSSL::Crypto
-        PROPERTIES INTERFACE_LINK_LIBRARIES ZLIB::ZLIB
-    )
-endif()

cmake/XrplInstall.cmake

@@ -2,100 +2,38 @@
    install stuff
 #]===================================================================]
 
-include(create_symbolic_link)
+include(GNUInstallDirs)
 
-# If no suffix is defined for executables (e.g. Windows uses .exe but Linux
-# and macOS use none), then explicitly set it to the empty string.
-if(NOT DEFINED suffix)
-    set(suffix "")
+if(is_root_project AND TARGET xrpld)
+    install(
+        TARGETS xrpld
+        RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}" COMPONENT runtime
+    )
+
+    install(
+        FILES "${CMAKE_CURRENT_SOURCE_DIR}/cfg/xrpld-example.cfg"
+        DESTINATION "${CMAKE_INSTALL_SYSCONFDIR}/xrpld"
+        RENAME xrpld.cfg
+        COMPONENT runtime
+    )
+
+    install(
+        FILES "${CMAKE_CURRENT_SOURCE_DIR}/cfg/validators-example.txt"
+        DESTINATION "${CMAKE_INSTALL_SYSCONFDIR}/xrpld"
+        RENAME validators.txt
+        COMPONENT runtime
+    )
 endif()
 
 install(
-    TARGETS
-        common
-        opts
-        xrpl_boost
-        xrpl_libs
-        xrpl_syslibs
-        xrpl.imports.main
-        xrpl.libpb
-        xrpl.libxrpl
-        xrpl.libxrpl.basics
-        xrpl.libxrpl.beast
-        xrpl.libxrpl.conditions
-        xrpl.libxrpl.core
-        xrpl.libxrpl.crypto
-        xrpl.libxrpl.git
-        xrpl.libxrpl.json
-        xrpl.libxrpl.rdb
-        xrpl.libxrpl.ledger
-        xrpl.libxrpl.net
-        xrpl.libxrpl.nodestore
-        xrpl.libxrpl.protocol
-        xrpl.libxrpl.resource
-        xrpl.libxrpl.server
-        xrpl.libxrpl.shamap
-        xrpl.libxrpl.tx
-        antithesis-sdk-cpp
-    EXPORT XrplExports
-    LIBRARY DESTINATION lib
-    ARCHIVE DESTINATION lib
-    RUNTIME DESTINATION bin
-    INCLUDES DESTINATION include
+    TARGETS xrpl.libpb xrpl.libxrpl
+    LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}" COMPONENT development
+    ARCHIVE DESTINATION "${CMAKE_INSTALL_LIBDIR}" COMPONENT development
+    RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}" COMPONENT development
 )
 
 install(
     DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/include/xrpl"
     DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}"
-)
-
-install(
-    EXPORT XrplExports
-    FILE XrplTargets.cmake
-    NAMESPACE Xrpl::
-    DESTINATION lib/cmake/xrpl
-)
-include(CMakePackageConfigHelpers)
-write_basic_package_version_file(
-    XrplConfigVersion.cmake
-    VERSION ${xrpld_version}
-    COMPATIBILITY SameMajorVersion
-)
-
-if(is_root_project AND TARGET xrpld)
-    install(TARGETS xrpld RUNTIME DESTINATION bin)
-    set_target_properties(xrpld PROPERTIES INSTALL_RPATH_USE_LINK_PATH ON)
-    # sample configs should not overwrite existing files
-    # install if-not-exists workaround as suggested by
-    # https://cmake.org/Bug/view.php?id=12646
-    install(
-        CODE
-            "
-    macro (copy_if_not_exists SRC DEST NEWNAME)
-      if (NOT EXISTS \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\${DEST}/\${NEWNAME}\")
-        file (INSTALL FILE_PERMISSIONS OWNER_READ OWNER_WRITE DESTINATION \"\${CMAKE_INSTALL_PREFIX}/\${DEST}\" FILES \"\${SRC}\" RENAME \"\${NEWNAME}\")
-      else ()
-        message (\"-- Skipping : \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\${DEST}/\${NEWNAME}\")
-      endif ()
-    endmacro()
-    copy_if_not_exists(\"${CMAKE_CURRENT_SOURCE_DIR}/cfg/xrpld-example.cfg\" etc xrpld.cfg)
-    copy_if_not_exists(\"${CMAKE_CURRENT_SOURCE_DIR}/cfg/validators-example.txt\" etc validators.txt)
-  "
-    )
-    install(
-        CODE
-            "
-    set(CMAKE_MODULE_PATH \"${CMAKE_MODULE_PATH}\")
-    include(create_symbolic_link)
-    create_symbolic_link(xrpld${suffix} \
-       \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR}/rippled${suffix})
-  "
-    )
-endif()
-
-install(
-    FILES
-        ${CMAKE_CURRENT_SOURCE_DIR}/cmake/XrplConfig.cmake
-        ${CMAKE_CURRENT_BINARY_DIR}/XrplConfigVersion.cmake
-    DESTINATION lib/cmake/xrpl
+    COMPONENT development
 )

cmake/XrplInterface.cmake

@@ -23,7 +23,7 @@ target_compile_definitions(
         BOOST_FILESYSTEM_NO_DEPRECATED
         >
         $<$<NOT:$<BOOL:${boost_show_deprecated}>>:
-        BOOST_COROUTINES_NO_DEPRECATION_WARNING
+        BOOST_COROUTINES2_NO_DEPRECATION_WARNING
         BOOST_BEAST_ALLOW_DEPRECATED
         BOOST_FILESYSTEM_DEPRECATED
         >

cmake/XrplSanity.cmake

@@ -50,6 +50,13 @@ if(MSVC AND CMAKE_GENERATOR_PLATFORM STREQUAL "Win32")
     message(FATAL_ERROR "Visual Studio 32-bit build is not supported.")
 endif()
 
+if(voidstar AND NOT is_amd64)
+    message(
+        FATAL_ERROR
+        "The voidstar library only supported on amd64/x86_64. Detected archictecture was: ${CMAKE_SYSTEM_PROCESSOR}"
+    )
+endif()
+
 if(APPLE AND NOT HOMEBREW)
     find_program(HOMEBREW brew)
 endif()

cmake/deps/Boost.cmake

@@ -7,7 +7,7 @@ find_package(
     COMPONENTS
         chrono
         container
-        coroutine
+        context
         date_time
         filesystem
         json
@@ -26,7 +26,7 @@ target_link_libraries(
         Boost::headers
         Boost::chrono
         Boost::container
-        Boost::coroutine
+        Boost::context
         Boost::date_time
         Boost::filesystem
         Boost::json
@@ -38,23 +38,26 @@ target_link_libraries(
 if(Boost_COMPILER)
     target_link_libraries(xrpl_boost INTERFACE Boost::disable_autolinking)
 endif()
-if(SANITIZERS_ENABLED AND is_clang)
-    # TODO: gcc does not support -fsanitize-blacklist...can we do something else for gcc ?
-    if(NOT Boost_INCLUDE_DIRS AND TARGET Boost::headers)
-        get_target_property(
-            Boost_INCLUDE_DIRS
-            Boost::headers
-            INTERFACE_INCLUDE_DIRECTORIES
-        )
-    endif()
-    message(STATUS "Adding [${Boost_INCLUDE_DIRS}] to sanitizer blacklist")
-    file(
-        WRITE ${CMAKE_CURRENT_BINARY_DIR}/san_bl.txt
-        "src:${Boost_INCLUDE_DIRS}/*"
-    )
-    target_compile_options(
-        opts
-        INTERFACE # ignore boost headers for sanitizing
-            -fsanitize-blacklist=${CMAKE_CURRENT_BINARY_DIR}/san_bl.txt
+
+# GCC 14+ has a false positive -Wuninitialized warning in Boost.Coroutine2's
+# state.hpp when compiled with -O3. This is due to GCC's intentional behavior
+# change (Bug #98871, #119388) where warnings from inlined system header code
+# are no longer suppressed by -isystem. The warning occurs in operator|= in
+# boost/coroutine2/detail/state.hpp when inlined from push_control_block::destroy().
+# See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119388
+if(is_gcc AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 14)
+    target_compile_options(xrpl_boost INTERFACE -Wno-uninitialized)
+endif()
+
+# Boost.Context's ucontext backend has ASAN fiber-switching annotations
+# (start/finish_switch_fiber) that are compiled in when BOOST_USE_ASAN is defined.
+# This tells ASAN about coroutine stack switches, preventing false positive
+# stack-use-after-scope errors. BOOST_USE_UCONTEXT ensures the ucontext backend
+# is selected (fcontext does not support ASAN annotations).
+# These defines must match what Boost was compiled with (see conan/profiles/sanitizers).
+if(enable_asan)
+    target_compile_definitions(
+        xrpl_boost
+        INTERFACE BOOST_USE_ASAN BOOST_USE_UCONTEXT
     )
 endif()

conan.lock

@@ -6,13 +6,12 @@
         "sqlite3/3.49.1#8631739a4c9b93bd3d6b753bac548a63%1765850149.926",
         "soci/4.0.3#a9f8d773cd33e356b5879a4b0564f287%1765850149.46",
         "snappy/1.1.10#968fef506ff261592ec30c574d4a7809%1765850147.878",
-        "secp256k1/0.7.1#481881709eb0bdd0185a12b912bbe8ad%1770910500.329",
+        "secp256k1/0.7.1#3a61e95e220062ef32c48d019e9c81f7%1770306721.686",
         "rocksdb/10.5.1#4a197eca381a3e5ae8adf8cffa5aacd0%1765850186.86",
         "re2/20230301#ca3b241baec15bd31ea9187150e0b333%1765850148.103",
         "protobuf/6.32.1#f481fd276fc23a33b85a3ed1e898b693%1765850161.038",
-        "openssl/3.5.5#05a4ac5b7323f7a329b2db1391d9941f%1770229825.601",
+        "openssl/3.5.5#05a4ac5b7323f7a329b2db1391d9941f%1769599205.414",
         "nudb/2.0.9#0432758a24204da08fee953ec9ea03cb%1769436073.32",
-        "mpt-crypto/0.1.0-rc2#575de3d495f539e3e5eba957b324d260%1771955268.105",
         "lz4/1.10.0#59fc63cac7f10fbe8e05c7e62c2f3504%1765850143.914",
         "libiconv/1.17#1e65319e945f2d31941a9d28cc13c058%1765842973.492",
         "libbacktrace/cci.20210118#a7691bfccd8caaf66309df196790a5a1%1765842973.03",
@@ -32,7 +31,7 @@
         "strawberryperl/5.32.1.1#707032463aa0620fa17ec0d887f5fe41%1765850165.196",
         "protobuf/6.32.1#f481fd276fc23a33b85a3ed1e898b693%1765850161.038",
         "nasm/2.16.01#31e26f2ee3c4346ecd347911bd126904%1765850144.707",
-        "msys2/cci.latest#d22fe7b2808f5fd34d0a7923ace9c54f%1770657326.649",
+        "msys2/cci.latest#eea83308ad7e9023f7318c60d5a9e6cb%1770199879.083",
         "m4/1.4.19#70dc8bbb33e981d119d2acc0175cf381%1763158052.846",
         "cmake/4.2.0#ae0a44f44a1ef9ab68fd4b3e9a1f8671%1765850153.937",
         "cmake/3.31.10#313d16a1aa16bbdb2ca0792467214b76%1765850153.479",

conan/profiles/sanitizers

@@ -7,16 +7,21 @@ include(default)
     {% if compiler == "gcc" %}
         {% if "address" in sanitizers or "thread" in sanitizers or "undefinedbehavior" in sanitizers %}
             {% set sanitizer_list = [] %}
+            {% set defines = [] %}
             {% set model_code = "" %}
             {% set extra_cxxflags = ["-fno-omit-frame-pointer", "-O1", "-Wno-stringop-overflow"] %}
 
             {% if "address" in sanitizers %}
                 {% set _ = sanitizer_list.append("address") %}
                 {% set model_code = "-mcmodel=large" %}
+                {% set _ = defines.append("BOOST_USE_ASAN")%}
+                {% set _ = defines.append("BOOST_USE_UCONTEXT")%}
             {% elif "thread" in sanitizers %}
                 {% set _ = sanitizer_list.append("thread") %}
                 {% set model_code = "-mcmodel=medium" %}
                 {% set _ = extra_cxxflags.append("-Wno-tsan") %}
+                {% set _ = defines.append("BOOST_USE_TSAN")%}
+                {% set _ = defines.append("BOOST_USE_UCONTEXT")%}
             {% endif %}
 
             {% if "undefinedbehavior" in sanitizers %}
@@ -29,16 +34,22 @@ include(default)
             tools.build:cxxflags+=['{{sanitizer_flags}} {{" ".join(extra_cxxflags)}}']
             tools.build:sharedlinkflags+=['{{sanitizer_flags}}']
             tools.build:exelinkflags+=['{{sanitizer_flags}}']
+            tools.build:defines+={{defines}}
         {% endif %}
     {% elif compiler == "apple-clang" or compiler == "clang" %}
         {% if "address" in sanitizers or "thread" in sanitizers or "undefinedbehavior" in sanitizers %}
             {% set sanitizer_list = [] %}
+            {% set defines = [] %}
             {% set extra_cxxflags = ["-fno-omit-frame-pointer", "-O1"] %}
 
             {% if "address" in sanitizers %}
                 {% set _ = sanitizer_list.append("address") %}
+                {% set _ = defines.append("BOOST_USE_ASAN")%}
+                {% set _ = defines.append("BOOST_USE_UCONTEXT")%}
             {% elif "thread" in sanitizers %}
                 {% set _ = sanitizer_list.append("thread") %}
+                {% set _ = defines.append("BOOST_USE_TSAN")%}
+                {% set _ = defines.append("BOOST_USE_UCONTEXT")%}
             {% endif %}
 
             {% if "undefinedbehavior" in sanitizers %}
@@ -52,8 +63,24 @@ include(default)
             tools.build:cxxflags+=['{{sanitizer_flags}} {{" ".join(extra_cxxflags)}}']
             tools.build:sharedlinkflags+=['{{sanitizer_flags}}']
             tools.build:exelinkflags+=['{{sanitizer_flags}}']
+            tools.build:defines+={{defines}}
         {% endif %}
     {% endif %}
 {% endif %}
 
-tools.info.package_id:confs+=["tools.build:cxxflags", "tools.build:exelinkflags", "tools.build:sharedlinkflags"]
+tools.info.package_id:confs+=["tools.build:cxxflags", "tools.build:exelinkflags", "tools.build:sharedlinkflags", "tools.build:defines"]
+
+[options]
+{% if sanitizers %}
+    {% if "address" in sanitizers %}
+        # Build Boost.Context with ucontext backend (not fcontext) so that
+        # ASAN fiber-switching annotations (__sanitizer_start/finish_switch_fiber)
+        # are compiled into the library. fcontext (assembly) has no ASAN support.
+        # define=BOOST_USE_ASAN=1 is critical: it must be defined when building
+        # Boost.Context itself so the ucontext backend compiles in the ASAN annotations.
+        boost/*:extra_b2_flags=context-impl=ucontext address-sanitizer=on define=BOOST_USE_ASAN=1
+        boost/*:without_context=False
+        # Boost stacktrace fails to build with some sanitizers
+        boost/*:without_stacktrace=True
+    {% endif %}
+{% endif %}

conanfile.py

@@ -1,4 +1,5 @@
 import re
+import os
 
 from conan.tools.cmake import CMake, CMakeToolchain, cmake_layout
 
@@ -31,7 +32,6 @@ class Xrpl(ConanFile):
         "ed25519/2015.03",
         "grpc/1.72.0",
         "libarchive/3.8.1",
-        "mpt-crypto/0.1.0-rc2",
         "nudb/2.0.9",
         "openssl/3.5.5",
         "secp256k1/0.7.1",
@@ -58,6 +58,9 @@ class Xrpl(ConanFile):
         "tests": False,
         "unity": False,
         "xrpld": False,
+        "boost/*:without_context": False,
+        "boost/*:without_coroutine": True,
+        "boost/*:without_coroutine2": False,
         "date/*:header_only": True,
         "ed25519/*:shared": False,
         "grpc/*:shared": False,
@@ -127,6 +130,12 @@ class Xrpl(ConanFile):
         if self.settings.compiler in ["clang", "gcc"]:
             self.options["boost"].without_cobalt = True
 
+        # Check if environment variable exists
+        if "SANITIZERS" in os.environ:
+            sanitizers = os.environ["SANITIZERS"]
+            if "address" in sanitizers.lower():
+                self.default_options["fPIC"] = False
+
     def requirements(self):
         # Conan 2 requires transitive headers to be specified
         transitive_headers_opt = (
@@ -197,7 +206,7 @@ class Xrpl(ConanFile):
             "boost::headers",
             "boost::chrono",
             "boost::container",
-            "boost::coroutine",
+            "boost::context",
             "boost::date_time",
             "boost::filesystem",
             "boost::json",
@@ -210,7 +219,6 @@ class Xrpl(ConanFile):
             "grpc::grpc++",
             "libarchive::libarchive",
             "lz4::lz4",
-            "mpt-crypto::mpt-crypto",
             "nudb::nudb",
             "openssl::crypto",
             "protobuf::libprotobuf",

cspell.config.yaml

@@ -55,7 +55,6 @@ words:
   - autobridging
   - bimap
   - bindir
-  - blindings
   - bookdir
   - Bougalis
   - Britto
@@ -88,7 +87,6 @@ words:
   - daria
   - dcmake
   - dearmor
-  - decryptor
   - deleteme
   - demultiplexer
   - deserializaton
@@ -98,16 +96,15 @@ words:
   - distro
   - doxyfile
   - dxrpl
-  - elgamal
   - endmacro
   - exceptioned
   - Falco
+  - fcontext
   - finalizers
   - firewalled
   - fmtdur
   - fsanitize
   - funclets
-  - Gamal
   - gcov
   - gcovr
   - ghead
@@ -115,6 +112,7 @@ words:
   - gpgcheck
   - gpgkey
   - hotwallet
+  - hwaddress
   - hwrap
   - ifndef
   - inequation
@@ -193,7 +191,6 @@ words:
   - partitioner
   - paychan
   - paychans
-  - Pedersen
   - permdex
   - perminute
   - permissioned
@@ -229,7 +226,6 @@ words:
   - sahyadri
   - Satoshi
   - scons
-  - Schnorr
   - secp
   - sendq
   - seqit
@@ -256,7 +252,6 @@ words:
   - stvar
   - stvector
   - stxchainattestations
-  - summands
   - superpeer
   - superpeers
   - takergets

docs/build/sanitizers.md

@@ -89,8 +89,8 @@ cmake --build . --parallel 4
 **IMPORTANT**: ASAN with Boost produces many false positives. Use these options:
 
 ```bash
-export ASAN_OPTIONS="print_stacktrace=1:detect_container_overflow=0:suppressions=path/to/asan.supp:halt_on_error=0:log_path=asan.log"
-export LSAN_OPTIONS="suppressions=path/to/lsan.supp:halt_on_error=0:log_path=lsan.log"
+export ASAN_OPTIONS="include=sanitizers/suppressions/runtime-asan-options.txt:suppressions=sanitizers/suppressions/asan.supp"
+export LSAN_OPTIONS="include=sanitizers/suppressions/runtime-lsan-options.txt:suppressions=sanitizers/suppressions/lsan.supp"
 
 # Run tests
 ./xrpld --unittest --unittest-jobs=5
@@ -108,7 +108,7 @@ export LSAN_OPTIONS="suppressions=path/to/lsan.supp:halt_on_error=0:log_path=lsa
 ### ThreadSanitizer (TSan)
 
 ```bash
-export TSAN_OPTIONS="suppressions=path/to/tsan.supp halt_on_error=0 log_path=tsan.log"
+export TSAN_OPTIONS="include=sanitizers/suppressions/runtime-tsan-options.txt:suppressions=sanitizers/suppressions/tsan.supp"
 
 # Run tests
 ./xrpld --unittest --unittest-jobs=5
@@ -129,7 +129,7 @@ More details [here](https://github.com/google/sanitizers/wiki/AddressSanitizerLe
 ### UndefinedBehaviorSanitizer (UBSan)
 
 ```bash
-export UBSAN_OPTIONS="suppressions=path/to/ubsan.supp:print_stacktrace=1:halt_on_error=0:log_path=ubsan.log"
+export UBSAN_OPTIONS="include=sanitizers/suppressions/runtime-ubsan-options.txt:suppressions=sanitizers/suppressions/ubsan.supp"
 
 # Run tests
 ./xrpld --unittest --unittest-jobs=5

include/xrpl/basics/contract.h

@@ -1,5 +1,6 @@
 #pragma once
 
+#include <xrpl/basics/sanitizers.h>
 #include <xrpl/beast/type_name.h>
 
 #include <exception>
@@ -23,16 +24,28 @@ LogThrow(std::string const& title);
     When called from within a catch block, it will pass
     control to the next matching exception handler, if any.
     Otherwise, std::terminate will be called.
+
+    ASAN can't handle sudden jumps in control flow very well. This
+    function is marked as XRPL_NO_SANITIZE_ADDRESS to prevent it from
+    triggering false positives, since it throws.
 */
-[[noreturn]] inline void
+[[noreturn]] XRPL_NO_SANITIZE_ADDRESS inline void
 Rethrow()
 {
     LogThrow("Re-throwing exception");
     throw;
 }
 
+/*
+    Logs and throws an exception of type E.
+
+    ASAN can't handle sudden jumps in control flow very well. This
+    function is marked as XRPL_NO_SANITIZE_ADDRESS to prevent it from
+    triggering false positives, since it throws.
+*/
+
 template <class E, class... Args>
-[[noreturn]] inline void
+[[noreturn]] XRPL_NO_SANITIZE_ADDRESS inline void
 Throw(Args&&... args)
 {
     static_assert(

include/xrpl/basics/safe_cast.h

@@ -1,5 +1,7 @@
 #pragma once
 
+#include <xrpl/beast/utility/instrumentation.h>
+
 #include <type_traits>
 
 namespace xrpl {
@@ -70,4 +72,31 @@ unsafe_cast(Src s) noexcept
     return unsafe_cast<Dest>(static_cast<std::underlying_type_t<Src>>(s));
 }
 
+template <class Dest, class Src>
+    requires std::is_pointer_v<Dest>
+inline Dest
+safe_downcast(Src* s) noexcept
+{
+#ifdef NDEBUG
+    return static_cast<Dest>(s);  // NOLINT(cppcoreguidelines-pro-type-static-cast-downcast)
+#else
+    auto* result = dynamic_cast<Dest>(s);
+    XRPL_ASSERT(result != nullptr, "xrpl::safe_downcast : pointer downcast is valid");
+    return result;
+#endif
+}
+
+template <class Dest, class Src>
+    requires std::is_lvalue_reference_v<Dest>
+inline Dest
+safe_downcast(Src& s) noexcept
+{
+#ifndef NDEBUG
+    XRPL_ASSERT(
+        dynamic_cast<std::add_pointer_t<std::remove_reference_t<Dest>>>(&s) != nullptr,
+        "xrpl::safe_downcast : reference downcast is valid");
+#endif
+    return static_cast<Dest>(s);  // NOLINT(cppcoreguidelines-pro-type-static-cast-downcast)
+}
+
 }  // namespace xrpl

include/xrpl/basics/sanitizers.h

@@ -0,0 +1,13 @@
+#pragma once
+
+// Helper to disable ASan/HwASan for specific functions
+/*
+ ASAN flags some false positives with sudden jumps in control flow, like
+ exceptions, or when encountering coroutine stack switches. This macro can be used to disable ASAN
+ intrumentation for specific functions.
+*/
+#if defined(__GNUC__) || defined(__clang__)
+#define XRPL_NO_SANITIZE_ADDRESS __attribute__((no_sanitize("address", "hwaddress")))
+#else
+#define XRPL_NO_SANITIZE_ADDRESS
+#endif

include/xrpl/beast/core/List.h

@@ -43,8 +43,8 @@ private:
     template <typename>
     friend class ListIterator;
 
-    ListNode* m_next;
-    ListNode* m_prev;
+    ListNode* m_next = nullptr;
+    ListNode* m_prev = nullptr;
 };
 
 //------------------------------------------------------------------------------
@@ -567,7 +567,7 @@ private:
     }
 
 private:
-    size_type m_size;
+    size_type m_size = 0u;
     Node m_head;
     Node m_tail;
 };

include/xrpl/core/Coro.ipp

@@ -1,7 +1,5 @@
 #pragma once
 
-#include <xrpl/basics/ByteUtilities.h>
-
 namespace xrpl {
 
 template <class F>
@@ -11,16 +9,18 @@ JobQueue::Coro::Coro(Coro_create_t, JobQueue& jq, JobType type, std::string cons
     , name_(name)
     , running_(false)
     , coro_(
+          // Stack size of 1MB wasn't sufficient for deep calls. ASAN tests flagged the issue. Hence
+          // increasing the size to 1.5MB.
+          boost::context::protected_fixedsize_stack(1536 * 1024),
           [this, fn = std::forward<F>(f)](
-              boost::coroutines::asymmetric_coroutine<void>::push_type& do_yield) {
+              boost::coroutines2::asymmetric_coroutine<void>::push_type& do_yield) {
               yield_ = &do_yield;
               yield();
               fn(shared_from_this());
 #ifndef NDEBUG
               finished_ = true;
 #endif
-          },
-          boost::coroutines::attributes(megabytes(1)))
+          })
 {
 }
 

include/xrpl/core/JobQueue.h

@@ -7,7 +7,8 @@
 #include <xrpl/core/detail/Workers.h>
 #include <xrpl/json/json_value.h>
 
-#include <boost/coroutine/all.hpp>
+#include <boost/context/protected_fixedsize_stack.hpp>
+#include <boost/coroutine2/all.hpp>
 
 #include <set>
 
@@ -48,8 +49,8 @@ public:
         std::mutex mutex_;
         std::mutex mutex_run_;
         std::condition_variable cv_;
-        boost::coroutines::asymmetric_coroutine<void>::pull_type coro_;
-        boost::coroutines::asymmetric_coroutine<void>::push_type* yield_;
+        boost::coroutines2::coroutine<void>::pull_type coro_;
+        boost::coroutines2::coroutine<void>::push_type* yield_;
 #ifndef NDEBUG
         bool finished_ = false;
 #endif

include/xrpl/json/json_value.h

@@ -421,7 +421,7 @@ private:
         ObjectValues* map_{nullptr};
     } value_;
     ValueType type_ : 8;
-    int allocated_ : 1;  // Notes: if declared as bool, bitfield is useless.
+    int allocated_ : 1 {};  // Notes: if declared as bool, bitfield is useless.
 };
 
 inline Value

include/xrpl/json/json_writer.h

@@ -108,7 +108,7 @@ private:
     std::string indentString_;
     int rightMargin_;
     int indentSize_;
-    bool addChildValues_;
+    bool addChildValues_{};
 };
 
 /** \brief Writes a Value in <a HREF="http://www.json.org">JSON</a> format in a
@@ -175,7 +175,7 @@ private:
     std::string indentString_;
     int rightMargin_;
     std::string indentation_;
-    bool addChildValues_;
+    bool addChildValues_{};
 };
 
 std::string

include/xrpl/ledger/CredentialHelpers.h

@@ -49,7 +49,7 @@ validDomain(ReadView const& view, uint256 domainID, AccountID const& subject);
 // This function is only called when we about to return tecNO_PERMISSION
 // because all the checks for the DepositPreauth authorization failed.
 TER
-authorizedDepositPreauth(ApplyView const& view, STVector256 const& ctx, AccountID const& dst);
+authorizedDepositPreauth(ReadView const& view, STVector256 const& ctx, AccountID const& dst);
 
 // Sort credentials array, return empty set if there are duplicates
 std::set<std::pair<AccountID, Slice>>
@@ -74,7 +74,7 @@ verifyDepositPreauth(
     ApplyView& view,
     AccountID const& src,
     AccountID const& dst,
-    std::shared_ptr<SLE> const& sleDst,
+    std::shared_ptr<SLE const> const& sleDst,
     beast::Journal j);
 
 }  // namespace xrpl

include/xrpl/net/HTTPClient.h

@@ -29,6 +29,18 @@ public:
         bool sslVerify,
         beast::Journal j);
 
+    /** Destroys the global SSL context created by initializeSSLContext().
+     *
+     *  This releases the underlying boost::asio::ssl::context and any
+     *  associated OpenSSL resources. Must not be called while any
+     *  HTTPClient requests are in flight.
+     *
+     *  @note Currently only called from tests during teardown. In production,
+     *        the SSL context lives for the lifetime of the process.
+     */
+    static void
+    cleanupSSLContext();
+
     static void
     get(bool bSSL,
         boost::asio::io_context& io_context,

include/xrpl/nodestore/Backend.h

@@ -138,6 +138,9 @@ public:
     /** Returns the number of file descriptors the backend expects to need. */
     virtual int
     fdRequired() const = 0;
+
+    /** The number of hardware threads to use for compression of a batch. */
+    static unsigned int const numHardwareThreads;
 };
 
 }  // namespace NodeStore

include/xrpl/protocol/ConfidentialTransfer.h

@@ -1,484 +0,0 @@
-#pragma once
-
-#include <xrpl/basics/Slice.h>
-#include <xrpl/protocol/Indexes.h>
-#include <xrpl/protocol/MPTIssue.h>
-#include <xrpl/protocol/Protocol.h>
-#include <xrpl/protocol/Rate.h>
-#include <xrpl/protocol/STLedgerEntry.h>
-#include <xrpl/protocol/STObject.h>
-#include <xrpl/protocol/Serializer.h>
-#include <xrpl/protocol/TER.h>
-#include <xrpl/protocol/TxFormats.h>
-#include <xrpl/protocol/detail/secp256k1.h>
-
-#include <secp256k1_mpt.h>
-
-namespace xrpl {
-
-/**
- * @brief Bundles an ElGamal public key with its associated encrypted amount.
- *
- * Used to represent a recipient in confidential transfers, containing both
- * the recipient's ElGamal public key and the ciphertext encrypting the
- * transfer amount under that key.
- */
-struct ConfidentialRecipient
-{
-    Slice publicKey;        ///< The recipient's ElGamal public key (64 bytes).
-    Slice encryptedAmount;  ///< The encrypted amount ciphertext (128 bytes).
-};
-
-/// Holds two secp256k1 public key components representing an ElGamal ciphertext (C1, C2).
-struct EcPair
-{
-    secp256k1_pubkey c1;
-    secp256k1_pubkey c2;
-};
-
-/**
- * @brief Increments the confidential balance version counter on an MPToken.
- *
- * The version counter is used to prevent replay attacks by binding proofs
- * to a specific state of the account's confidential balance. Wraps to 0
- * on overflow (defined behavior for unsigned integers).
- *
- * @param mptoken The MPToken ledger entry to update.
- */
-inline void
-incrementConfidentialVersion(STObject& mptoken)
-{
-    // Retrieve current version and increment.
-    // Unsigned integer overflow is defined behavior in C++ (wraps to 0),
-    // which is acceptable here.
-    mptoken[sfConfidentialBalanceVersion] =
-        mptoken[~sfConfidentialBalanceVersion].value_or(0u) + 1u;
-}
-
-/**
- * @brief Adds common fields to a serializer for ZKP context hash generation.
- *
- * Serializes the transaction type, account, issuance ID and sequence/ticket number
- * into the provided serializer. These fields form the base of all context
- * hashes used in zero-knowledge proofs.
- *
- * @param s          The serializer to append fields to.
- * @param txType     The transaction type identifier.
- * @param account    The account ID of the transaction sender.
- * @param issuanceID The MPToken Issuance ID.
- * @param sequence   The transaction sequence number or ticket number.
- */
-void
-addCommonZKPFields(
-    Serializer& s,
-    std::uint16_t txType,
-    AccountID const& account,
-    std::uint32_t sequence,
-    uint192 const& issuanceID);
-
-/**
- * @brief Generates the context hash for ConfidentialMPTSend transactions.
- *
- * Creates a unique 256-bit hash that binds the zero-knowledge proofs to
- * this specific send transaction, preventing proof reuse across transactions.
- *
- * @param account     The sender's account ID.
- * @param issuanceID  The MPToken Issuance ID.
- * @param sequence    The transaction sequence number or ticket number.
- * @param destination The destination account ID.
- * @param version     The sender's confidential balance version.
- * @return A 256-bit context hash unique to this transaction.
- */
-uint256
-getSendContextHash(
-    AccountID const& account,
-    uint192 const& issuanceID,
-    std::uint32_t sequence,
-    AccountID const& destination,
-    std::uint32_t version);
-
-/**
- * @brief Generates the context hash for ConfidentialMPTClawback transactions.
- *
- * Creates a unique 256-bit hash that binds the equality proof to this
- * specific clawback transaction.
- *
- * @param account    The issuer's account ID.
- * @param issuanceID The MPToken Issuance ID.
- * @param sequence   The transaction sequence number or ticket number.
- * @param holder     The holder's account ID being clawed back from.
- * @return A 256-bit context hash unique to this transaction.
- */
-uint256
-getClawbackContextHash(
-    AccountID const& account,
-    uint192 const& issuanceID,
-    std::uint32_t sequence,
-    AccountID const& holder);
-
-/**
- * @brief Generates the context hash for ConfidentialMPTConvert transactions.
- *
- * Creates a unique 256-bit hash that binds the Schnorr proof (for key
- * registration) to this specific convert transaction.
- *
- * @param account    The holder's account ID.
- * @param issuanceID The MPToken Issuance ID.
- * @param sequence   The transaction sequence number or a ticket number.
- * @return A 256-bit context hash unique to this transaction.
- */
-uint256
-getConvertContextHash(AccountID const& account, uint192 const& issuanceID, std::uint32_t sequence);
-
-/**
- * @brief Generates the context hash for ConfidentialMPTConvertBack transactions.
- *
- * Creates a unique 256-bit hash that binds the zero-knowledge proofs to
- * this specific convert-back transaction.
- *
- * @param account    The holder's account ID.
- * @param issuanceID The MPToken Issuance ID.
- * @param sequence   The transaction sequence number or a ticket number.
- * @param version    The holder's confidential balance version.
- * @return A 256-bit context hash unique to this transaction.
- */
-uint256
-getConvertBackContextHash(
-    AccountID const& account,
-    uint192 const& issuanceID,
-    std::uint32_t sequence,
-    std::uint32_t version);
-
-/**
- * @brief Parses an ElGamal ciphertext into two secp256k1 public key components.
- *
- * Breaks a 66-byte encrypted amount (two 33-byte compressed EC points) into
- * a pair containing (C1, C2) for use in cryptographic operations.
- *
- * @param buffer The 66-byte buffer containing the compressed ciphertext.
- * @return The parsed pair (c1, c2) if successful, std::nullopt if the buffer is invalid.
- */
-std::optional<EcPair>
-makeEcPair(Slice const& buffer);
-
-/**
- * @brief Serializes an EcPair into compressed form.
- *
- * Converts an EcPair (C1, C2) back into a 66-byte buffer containing
- * two 33-byte compressed EC points.
- *
- * @param pair The EcPair to serialize.
- * @return The 66-byte buffer, or std::nullopt if serialization fails.
- */
-std::optional<Buffer>
-serializeEcPair(EcPair const& pair);
-
-/**
- * @brief Verifies that a buffer contains two valid, parsable EC public keys.
- *
- * @param buffer The input buffer containing two concatenated components.
- * @return true if both components can be parsed successfully, false otherwise.
- */
-bool
-isValidCiphertext(Slice const& buffer);
-
-/**
- * @brief Verifies that a buffer contains a valid, parsable compressed EC point.
- *
- * Can be used to validate both compressed public keys and Pedersen commitments.
- * Fails early if the prefix byte is not 0x02 or 0x03.
- *
- * @param buffer The input buffer containing a compressed EC point (33 bytes).
- * @return true if the point can be parsed successfully, false otherwise.
- */
-bool
-isValidCompressedECPoint(Slice const& buffer);
-
-/**
- * @brief Homomorphically adds two ElGamal ciphertexts.
- *
- * Uses the additive homomorphic property of ElGamal encryption to compute
- * Enc(a + b) from Enc(a) and Enc(b) without decryption.
- *
- * @param a The first ciphertext (66 bytes).
- * @param b The second ciphertext (66 bytes).
- * @return The resulting ciphertext Enc(a + b), or std::nullopt on failure.
- */
-std::optional<Buffer>
-homomorphicAdd(Slice const& a, Slice const& b);
-
-/**
- * @brief Homomorphically subtracts two ElGamal ciphertexts.
- *
- * Uses the additive homomorphic property of ElGamal encryption to compute
- * Enc(a - b) from Enc(a) and Enc(b) without decryption.
- *
- * @param a The minuend ciphertext (66 bytes).
- * @param b The subtrahend ciphertext (66 bytes).
- * @return The resulting ciphertext Enc(a - b), or std::nullopt on failure.
- */
-std::optional<Buffer>
-homomorphicSubtract(Slice const& a, Slice const& b);
-
-/**
- * @brief Encrypts an amount using ElGamal encryption.
- *
- * Produces a ciphertext C = (C1, C2) where C1 = r*G and C2 = m*G + r*Pk,
- * using the provided blinding factor r.
- *
- * @param amt            The plaintext amount to encrypt.
- * @param pubKeySlice    The recipient's ElGamal public key (64 bytes).
- * @param blindingFactor The 32-byte randomness used as blinding factor r.
- * @return The 66-byte ciphertext, or std::nullopt on failure.
- */
-std::optional<Buffer>
-encryptAmount(uint64_t const amt, Slice const& pubKeySlice, Slice const& blindingFactor);
-
-/**
- * @brief Generates the canonical zero encryption for a specific MPToken.
- *
- * Creates a deterministic encryption of zero that is unique to the account
- * and MPT issuance. Used to initialize confidential balance fields.
- *
- * @param pubKeySlice The holder's ElGamal public key (64 bytes).
- * @param account     The account ID of the token holder.
- * @param mptId       The MPToken Issuance ID.
- * @return The 66-byte canonical zero ciphertext, or std::nullopt on failure.
- */
-std::optional<Buffer>
-encryptCanonicalZeroAmount(Slice const& pubKeySlice, AccountID const& account, MPTID const& mptId);
-
-/**
- * @brief Verifies a Schnorr proof of knowledge of an ElGamal private key.
- *
- * Proves that the submitter knows the secret key corresponding to the
- * provided public key, without revealing the secret key itself.
- *
- * @param pubKeySlice The ElGamal public key (64 bytes).
- * @param proofSlice  The Schnorr proof (65 bytes).
- * @param contextHash The 256-bit context hash binding the proof.
- * @return tesSUCCESS if valid, or an error code otherwise.
- */
-TER
-verifySchnorrProof(Slice const& pubKeySlice, Slice const& proofSlice, uint256 const& contextHash);
-
-/**
- * @brief Verifies that a ciphertext correctly encrypts a revealed amount.
- *
- * Given the plaintext amount and blinding factor, verifies that the
- * ciphertext was correctly constructed using ElGamal encryption.
- *
- * @param amount         The revealed plaintext amount.
- * @param blindingFactor The 32-byte blinding factor used in encryption.
- * @param pubKeySlice    The recipient's ElGamal public key (64 bytes).
- * @param ciphertext     The ciphertext to verify (66 bytes).
- * @return tesSUCCESS if the encryption is valid, or an error code otherwise.
- */
-TER
-verifyElGamalEncryption(
-    uint64_t const amount,
-    Slice const& blindingFactor,
-    Slice const& pubKeySlice,
-    Slice const& ciphertext);
-
-/**
- * @brief Validates the format of encrypted amount fields in a transaction.
- *
- * Checks that all ciphertext fields in the transaction object have the
- * correct length and contain valid EC points. This function is only used
- * by ConfidentialMPTConvert and ConfidentialMPTConvertBack transactions.
- *
- * @param object The transaction object containing encrypted amount fields.
- * @return tesSUCCESS if all formats are valid, temMALFORMED if required fields
- *         are missing, or temBAD_CIPHERTEXT if format validation fails.
- */
-NotTEC
-checkEncryptedAmountFormat(STObject const& object);
-
-/**
- * @brief Verifies revealed amount encryptions for all recipients.
- *
- * Validates that the same amount was correctly encrypted for the holder,
- * issuer, and optionally the auditor using their respective public keys.
- *
- * @param amount         The revealed plaintext amount.
- * @param blindingFactor The 32-byte blinding factor used in all encryptions.
- * @param holder         The holder's public key and encrypted amount.
- * @param issuer         The issuer's public key and encrypted amount.
- * @param auditor        Optional auditor's public key and encrypted amount.
- * @return tesSUCCESS if all encryptions are valid, or an error code otherwise.
- */
-TER
-verifyRevealedAmount(
-    uint64_t const amount,
-    Slice const& blindingFactor,
-    ConfidentialRecipient const& holder,
-    ConfidentialRecipient const& issuer,
-    std::optional<ConfidentialRecipient> const& auditor);
-
-/**
- * @brief Returns the number of recipients in a confidential transfer.
- *
- * Returns 4 if an auditor is present (sender, destination, issuer, auditor),
- * or 3 if no auditor (sender, destination, issuer).
- *
- * @param hasAuditor Whether the issuance has an auditor configured.
- * @return The number of recipients (3 or 4).
- */
-constexpr std::size_t
-getConfidentialRecipientCount(bool hasAuditor)
-{
-    return hasAuditor ? 4 : 3;
-}
-
-/**
- * @brief Verifies a multi-ciphertext equality proof.
- *
- * Proves that all ciphertexts in the recipients vector encrypt the same
- * plaintext amount, without revealing the amount itself.
- *
- * @param proof       The zero-knowledge proof bytes.
- * @param recipients  Vector of recipients with their public keys and ciphertexts.
- * @param nRecipients The number of recipients (must match recipients.size()).
- * @param contextHash The 256-bit context hash binding the proof.
- * @return tesSUCCESS if the proof is valid, or an error code otherwise.
- */
-TER
-verifyMultiCiphertextEqualityProof(
-    Slice const& proof,
-    std::vector<ConfidentialRecipient> const& recipients,
-    std::size_t const nRecipients,
-    uint256 const& contextHash);
-
-/**
- * @brief Verifies a clawback equality proof.
- *
- * Proves that the issuer knows the exact amount encrypted in the holder's
- * balance ciphertext. Used in ConfidentialMPTClawback to verify the issuer
- * can decrypt the balance using their private key.
- *
- * @param amount      The revealed plaintext amount.
- * @param proof       The zero-knowledge proof bytes.
- * @param pubKeySlice The issuer's ElGamal public key (64 bytes).
- * @param ciphertext  The issuer's encrypted balance on the holder's account (66 bytes).
- * @param contextHash The 256-bit context hash binding the proof.
- * @return tesSUCCESS if the proof is valid, or an error code otherwise.
- */
-TER
-verifyClawbackEqualityProof(
-    uint64_t const amount,
-    Slice const& proof,
-    Slice const& pubKeySlice,
-    Slice const& ciphertext,
-    uint256 const& contextHash);
-
-/**
- * @brief Generates a cryptographically secure 32-byte blinding factor.
- *
- * Produces random bytes suitable for use as an ElGamal blinding factor
- * or Pedersen commitment randomness.
- *
- * @return A 32-byte buffer containing the random blinding factor.
- */
-Buffer
-generateBlindingFactor();
-
-/**
- * @brief Verifies the cryptographic link between an ElGamal Ciphertext and a
- * Pedersen Commitment for a transaction Amount.
- *
- * It proves that the ElGamal ciphertext `encAmt` encrypts the same value `m`
- * as the Pedersen Commitment `pcmSlice`, using the randomness `r`.
- * Proves Enc(m) <-> Pcm(m)
- *
- * @param proof       The Zero Knowledge Proof bytes.
- * @param encAmt      The ElGamal ciphertext of the amount (C1, C2).
- * @param pubKeySlice The sender's public key.
- * @param pcmSlice    The Pedersen Commitment to the amount.
- * @param contextHash The unique context hash for this transaction.
- * @return tesSUCCESS if the proof is valid, or an error code otherwise.
- */
-TER
-verifyAmountPcmLinkage(
-    Slice const& proof,
-    Slice const& encAmt,
-    Slice const& pubKeySlice,
-    Slice const& pcmSlice,
-    uint256 const& contextHash);
-
-/**
- * @brief Verifies the cryptographic link between an ElGamal Ciphertext and a
- * Pedersen Commitment for an account Balance.
- *
- * It proves that the ElGamal ciphertext `encAmt` encrypts the same value `b`
- * as the Pedersen Commitment `pcmSlice`, using the secret key `s`.
- * Proves Enc(b) <-> Pcm(b)
- *
- * Note: Swaps arguments (Pk <-> C1) to accommodate the different algebraic
- * structure.
- *
- * @param proof       The Zero Knowledge Proof bytes.
- * @param encAmt      The ElGamal ciphertext of the balance (C1, C2).
- * @param pubKeySlice The sender's public key.
- * @param pcmSlice    The Pedersen Commitment to the balance.
- * @param contextHash The unique context hash for this transaction.
- * @return tesSUCCESS if the proof is valid, or an error code otherwise.
- */
-TER
-verifyBalancePcmLinkage(
-    Slice const& proof,
-    Slice const& encAmt,
-    Slice const& pubKeySlice,
-    Slice const& pcmSlice,
-    uint256 const& contextHash);
-
-/**
- * @brief Verifies an aggregated Bulletproof range proof.
- *
- * This function verifies that all commitments in commitment_C_vec commit
- * to values within the valid 64-bit range [0, 2^64 - 1].
- *
- * @param proof       The serialized Bulletproof proof.
- * @param compressedCommitments Vector of compressed Pedersen commitments (each 33 bytes).
- * @param contextHash The unique context hash for this transaction.
- * @return tesSUCCESS if the proof is valid, tecBAD_PROOF if verification
- *         fails, or tecINTERNAL for internal errors.
- */
-TER
-verifyAggregatedBulletproof(
-    Slice const& proof,
-    std::vector<Slice> const& compressedCommitments,
-    uint256 const& contextHash);
-
-/**
- * @brief Computes the remainder commitment for ConfidentialMPTSend.
- *
- * Given a balance commitment PC_bal = m_bal*G + rho_bal*H and an amount
- * commitment PC_amt = m_amt*G + rho_amt*H, this function computes:
- * PC_rem = PC_bal - PC_amt = (m_bal - m_amt)*G + (rho_bal - rho_amt)*H
- *
- * This derived commitment is used in an aggregated range proof to ensure
- * the sender maintains a non-negative balance (m_bal - m_amt >= 0).
- *
- * @param balanceCommitment The compressed Pedersen commitment to the balance (33 bytes).
- * @param amountCommitment  The compressed Pedersen commitment to the amount (33 bytes).
- * @param out               Output buffer for the resulting remainder commitment (33 bytes).
- * @return tesSUCCESS on success, tecINTERNAL on failure.
- */
-TER
-computeSendRemainder(Slice const& balanceCommitment, Slice const& amountCommitment, Buffer& out);
-
-/**
- * @brief Computes the remainder commitment for ConvertBack.
- *
- * Given a Pedersen commitment PC = m*G + rho*H, this function computes
- * PC_rem = PC - amount*G = (m - amount)*G + rho*H
- *
- * @param commitment The compressed Pedersen commitment (33 bytes).
- * @param amount     The amount to subtract (must be non-zero).
- * @param out        Output buffer for the resulting commitment (33 bytes).
- * @return tesSUCCESS on success, tecINTERNAL on failure or if amount is 0.
- */
-TER
-computeConvertBackRemainder(Slice const& commitment, uint64_t amount, Buffer& out);
-}  // namespace xrpl

include/xrpl/protocol/Feature.h

@@ -64,6 +64,49 @@
 
 namespace xrpl {
 
+// Feature names must not exceed this length (in characters, excluding the null terminator).
+static constexpr std::size_t maxFeatureNameSize = 63;
+// Reserve this exact feature-name length (in characters/bytes, excluding the null terminator)
+// so that a 32-byte uint256 (for example, in WASM or other interop contexts) can be used
+// as a compact, fixed-size feature selector without conflicting with human-readable names.
+static constexpr std::size_t reservedFeatureNameSize = 32;
+
+// Both validFeatureNameSize and validFeatureName are consteval functions that can be used in
+// static_asserts to validate feature names at compile time. They are only used inside
+// enforceValidFeatureName in Feature.cpp, but are exposed here for testing. The expected
+// parameter `auto fn` is a constexpr lambda which returns a const char*, making it available
+// for compile-time evaluation. Read more in https://accu.org/journals/overload/30/172/wu/
+consteval auto
+validFeatureNameSize(auto fn) -> bool
+{
+    constexpr char const* n = fn();
+    // Note, std::strlen is not constexpr, we need to implement our own here.
+    constexpr std::size_t N = [](auto n) {
+        std::size_t ret = 0;
+        for (auto ptr = n; *ptr != '\0'; ret++, ++ptr)
+            ;
+        return ret;
+    }(n);
+    return N != reservedFeatureNameSize &&  //
+        N <= maxFeatureNameSize;
+}
+
+consteval auto
+validFeatureName(auto fn) -> bool
+{
+    constexpr char const* n = fn();
+    // Prevent the use of visually confusable characters and enforce that feature names
+    // are always valid ASCII. This is needed because C++ allows Unicode identifiers.
+    // Characters below 0x20 are nonprintable control characters, and characters with the 0x80 bit
+    // set are non-ASCII (e.g. UTF-8 encoding of Unicode), so both are disallowed.
+    for (auto ptr = n; *ptr != '\0'; ++ptr)
+    {
+        if (*ptr & 0x80 || *ptr < 0x20)
+            return false;
+    }
+    return true;
+}
+
 enum class VoteBehavior : int { Obsolete = -1, DefaultNo = 0, DefaultYes };
 enum class AmendmentSupport : int { Retired = -1, Supported = 0, Unsupported };
 

include/xrpl/protocol/LedgerFormats.h

@@ -173,8 +173,7 @@ enum LedgerEntryType : std::uint16_t {
         LSF_FLAG(lsfMPTCanEscrow, 0x00000008)                                                                                      \
         LSF_FLAG(lsfMPTCanTrade, 0x00000010)                                                                                       \
         LSF_FLAG(lsfMPTCanTransfer, 0x00000020)                                                                                    \
-        LSF_FLAG(lsfMPTCanClawback, 0x00000040)                                                                                    \
-        LSF_FLAG(lsfMPTCanConfidentialAmount, 0x00000080))                                                                                    \
+        LSF_FLAG(lsfMPTCanClawback, 0x00000040))                                                                                   \
                                                                                                                                    \
     LEDGER_OBJECT(MPTokenIssuanceMutable,                                                                                          \
         LSF_FLAG(lsmfMPTCanMutateCanLock, 0x00000002)                                                                              \
@@ -184,8 +183,7 @@ enum LedgerEntryType : std::uint16_t {
         LSF_FLAG(lsmfMPTCanMutateCanTransfer, 0x00000020)                                                                          \
         LSF_FLAG(lsmfMPTCanMutateCanClawback, 0x00000040)                                                                          \
         LSF_FLAG(lsmfMPTCanMutateMetadata, 0x00010000)                                                                             \
-        LSF_FLAG(lsmfMPTCanMutateTransferFee, 0x00020000)                                                                          \
-        LSF_FLAG(lsmfMPTCannotMutateCanConfidentialAmount, 0x00040000))                                                                          \
+        LSF_FLAG(lsmfMPTCanMutateTransferFee, 0x00020000))                                                                         \
                                                                                                                                    \
     LEDGER_OBJECT(MPToken,                                                                                                         \
         LSF_FLAG2(lsfMPTLocked, 0x00000001)                                                                                        \

include/xrpl/protocol/Permissions.h

@@ -65,7 +65,7 @@ public:
     std::optional<TxType>
     getGranularTxType(GranularPermissionType const& gpType) const;
 
-    std::optional<std::reference_wrapper<uint256 const>> const
+    std::optional<std::reference_wrapper<uint256 const>>
     getTxFeature(TxType txType) const;
 
     bool

include/xrpl/protocol/Protocol.h

@@ -209,7 +209,7 @@ std::size_t constexpr maxDIDDocumentLength = 256;
 std::size_t constexpr maxDIDURILength = 256;
 
 /** The maximum length of an Attestation inside a DID */
-std::size_t constexpr maxDIDAttestationLength = 256;
+std::size_t constexpr maxDIDDataLength = 256;
 
 /** The maximum length of a domain */
 std::size_t constexpr maxDomainLength = 256;
@@ -307,49 +307,4 @@ std::size_t constexpr permissionMaxSize = 10;
 /** The maximum number of transactions that can be in a batch. */
 std::size_t constexpr maxBatchTxCount = 8;
 
-/** EC ElGamal ciphertext length 33-byte */
-std::size_t constexpr ecGamalEncryptedLength = 33;
-
-/** EC ElGamal ciphertext length: two 33-byte components concatenated */
-std::size_t constexpr ecGamalEncryptedTotalLength = ecGamalEncryptedLength * 2;
-
-/** Length of equality ZKProof in bytes */
-std::size_t constexpr ecEqualityProofLength = 98;
-
-/** Length of EC point (compressed) */
-std::size_t constexpr compressedECPointLength = 33;
-
-/** Length of EC public key (compressed) */
-std::size_t constexpr ecPubKeyLength = compressedECPointLength;
-
-/** Length of EC private key in bytes */
-std::size_t constexpr ecPrivKeyLength = 32;
-
-/** Length of the EC blinding factor in bytes */
-std::size_t constexpr ecBlindingFactorLength = 32;
-
-/** Length of Schnorr ZKProof for public key registration in bytes */
-std::size_t constexpr ecSchnorrProofLength = 65;
-
-/** Length of ElGamal ciphertext equality proof in bytes */
-std::size_t constexpr ecCiphertextEqualityProofLength = 261;
-
-/** Length of ElGamal Pedersen linkage proof in bytes */
-std::size_t constexpr ecPedersenProofLength = 195;
-
-/** Length of Pedersen Commitment (compressed) */
-std::size_t constexpr ecPedersenCommitmentLength = compressedECPointLength;
-
-/** Length of single bulletproof (range proof for 1 commitment) in bytes */
-std::size_t constexpr ecSingleBulletproofLength = 688;
-
-/** Length of double bulletproof (range proof for 2 commitments) in bytes */
-std::size_t constexpr ecDoubleBulletproofLength = 754;
-
-/** Compressed EC point prefix for even y-coordinate */
-static constexpr std::uint8_t ecCompressedPrefixEvenY = 0x02;
-
-/** Compressed EC point prefix for odd y-coordinate */
-static constexpr std::uint8_t ecCompressedPrefixOddY = 0x03;
-
 }  // namespace xrpl

include/xrpl/protocol/PublicKey.h

@@ -44,7 +44,7 @@ protected:
     // All the constructed public keys are valid, non-empty and contain 33
     // bytes of data.
     static constexpr std::size_t size_ = 33;
-    std::uint8_t buf_[size_];  // should be large enough
+    std::uint8_t buf_[size_]{};  // should be large enough
 
 public:
     using const_iterator = std::uint8_t const*;

include/xrpl/protocol/STAccount.h

@@ -24,7 +24,7 @@ public:
     STAccount();
 
     STAccount(SField const& n);
-    STAccount(SField const& n, Buffer&& v);
+    STAccount(SField const& n, Buffer const& v);
     STAccount(SerialIter& sit, SField const& name);
     STAccount(SField const& n, AccountID const& v);
 

include/xrpl/protocol/STObject.h

@@ -57,7 +57,7 @@ class STObject : public STBase, public CountedObject<STObject>
     using list_type = std::vector<detail::STVar>;
 
     list_type v_;
-    SOTemplate const* mType;
+    SOTemplate const* mType{};
 
 public:
     using iterator = boost::transform_iterator<Transform, STObject::list_type::const_iterator>;
@@ -401,7 +401,7 @@ public:
     getStyle(SField const& field) const;
 
     bool
-    hasMatchingEntry(STBase const&);
+    hasMatchingEntry(STBase const&) const;
 
     bool
     operator==(STObject const& o) const;

include/xrpl/protocol/STTx.h

@@ -15,7 +15,7 @@
 
 namespace xrpl {
 
-enum TxnSql : char {
+enum class TxnSql : char {
     txnSqlNew = 'N',
     txnSqlConflict = 'C',
     txnSqlHeld = 'H',
@@ -83,6 +83,9 @@ public:
     std::uint32_t
     getSeqValue() const;
 
+    AccountID
+    getFeePayer() const;
+
     boost::container::flat_set<AccountID>
     getMentionedAccounts() const;
 
@@ -122,7 +125,7 @@ public:
     getMetaSQL(
         Serializer rawTxn,
         std::uint32_t inLedger,
-        char status,
+        TxnSql status,
         std::string const& escapedMetaData) const;
 
     std::vector<uint256> const&

include/xrpl/protocol/SecretKey.h

@@ -16,8 +16,11 @@ namespace xrpl {
 /** A secret key. */
 class SecretKey
 {
+public:
+    static constexpr std::size_t size_ = 32;
+
 private:
-    std::uint8_t buf_[32];
+    std::uint8_t buf_[size_]{};
 
 public:
     using const_iterator = std::uint8_t const*;
@@ -27,9 +30,14 @@ public:
     SecretKey&
     operator=(SecretKey const&) = default;
 
+    bool
+    operator==(SecretKey const&) = delete;
+    bool
+    operator!=(SecretKey const&) = delete;
+
     ~SecretKey();
 
-    SecretKey(std::array<std::uint8_t, 32> const& data);
+    SecretKey(std::array<std::uint8_t, size_> const& data);
     SecretKey(Slice const& slice);
 
     std::uint8_t const*
@@ -78,16 +86,10 @@ public:
 };
 
 inline bool
-operator==(SecretKey const& lhs, SecretKey const& rhs)
-{
-    return lhs.size() == rhs.size() && std::memcmp(lhs.data(), rhs.data(), rhs.size()) == 0;
-}
+operator==(SecretKey const& lhs, SecretKey const& rhs) = delete;
 
 inline bool
-operator!=(SecretKey const& lhs, SecretKey const& rhs)
-{
-    return !(lhs == rhs);
-}
+operator!=(SecretKey const& lhs, SecretKey const& rhs) = delete;
 
 //------------------------------------------------------------------------------
 

include/xrpl/protocol/Seed.h

@@ -13,7 +13,7 @@ namespace xrpl {
 class Seed
 {
 private:
-    std::array<uint8_t, 16> buf_;
+    std::array<uint8_t, 16> buf_{};
 
 public:
     using const_iterator = std::array<uint8_t, 16>::const_iterator;

include/xrpl/protocol/SystemParameters.h

@@ -14,7 +14,7 @@ namespace xrpl {
 static inline std::string const&
 systemName()
 {
-    static std::string const name = "ripple";
+    static std::string const name = "xrpld";
     return name;
 }
 

include/xrpl/protocol/TER.h

@@ -121,7 +121,6 @@ enum TEMcodes : TERUnderlyingType {
     temARRAY_TOO_LARGE,
     temBAD_TRANSFER_FEE,
     temINVALID_INNER_BATCH,
-    temBAD_CIPHERTEXT,
 };
 
 //------------------------------------------------------------------------------
@@ -347,7 +346,6 @@ enum TECcodes : TERUnderlyingType {
     // backward compatibility with historical data on non-prod networks, can be
     // reclaimed after those networks reset.
     tecNO_DELEGATE_PERMISSION = 198,
-    tecBAD_PROOF = 199,
 };
 
 //------------------------------------------------------------------------------

include/xrpl/protocol/TxFlags.h

@@ -138,8 +138,7 @@ inline constexpr FlagValue tfUniversalMask = ~tfUniversal;
         TF_FLAG(tfMPTCanEscrow, lsfMPTCanEscrow)                                                                                                               \
         TF_FLAG(tfMPTCanTrade, lsfMPTCanTrade)                                                                                                                 \
         TF_FLAG(tfMPTCanTransfer, lsfMPTCanTransfer)                                                                                                           \
-        TF_FLAG(tfMPTCanClawback, lsfMPTCanClawback)                                                                                                           \
-        TF_FLAG(tfMPTCanConfidentialAmount, lsfMPTCanConfidentialAmount),                                                                                                            \
+        TF_FLAG(tfMPTCanClawback, lsfMPTCanClawback),                                                                                                          \
         MASK_ADJ(0))                                                                                                                                           \
                                                                                                                                                                \
     TRANSACTION(MPTokenAuthorize,                                                                                                                              \
@@ -348,12 +347,10 @@ inline constexpr FlagValue tmfMPTCanMutateCanTransfer = lsmfMPTCanMutateCanTrans
 inline constexpr FlagValue tmfMPTCanMutateCanClawback = lsmfMPTCanMutateCanClawback;
 inline constexpr FlagValue tmfMPTCanMutateMetadata = lsmfMPTCanMutateMetadata;
 inline constexpr FlagValue tmfMPTCanMutateTransferFee = lsmfMPTCanMutateTransferFee;
-inline constexpr FlagValue tmfMPTCannotMutateCanConfidentialAmount =
-    lsmfMPTCannotMutateCanConfidentialAmount;
-inline constexpr FlagValue tmfMPTokenIssuanceCreateMutableMask = ~(
-    tmfMPTCanMutateCanLock | tmfMPTCanMutateRequireAuth | tmfMPTCanMutateCanEscrow |
-    tmfMPTCanMutateCanTrade | tmfMPTCanMutateCanTransfer | tmfMPTCanMutateCanClawback |
-    tmfMPTCanMutateMetadata | tmfMPTCanMutateTransferFee | tmfMPTCannotMutateCanConfidentialAmount);
+inline constexpr FlagValue tmfMPTokenIssuanceCreateMutableMask =
+    ~(tmfMPTCanMutateCanLock | tmfMPTCanMutateRequireAuth | tmfMPTCanMutateCanEscrow |
+      tmfMPTCanMutateCanTrade | tmfMPTCanMutateCanTransfer | tmfMPTCanMutateCanClawback |
+      tmfMPTCanMutateMetadata | tmfMPTCanMutateTransferFee);
 
 // MPTokenIssuanceSet MutableFlags:
 // Set or Clear flags.
@@ -370,13 +367,10 @@ inline constexpr FlagValue tmfMPTSetCanTransfer = 0x00000100;
 inline constexpr FlagValue tmfMPTClearCanTransfer = 0x00000200;
 inline constexpr FlagValue tmfMPTSetCanClawback = 0x00000400;
 inline constexpr FlagValue tmfMPTClearCanClawback = 0x00000800;
-inline constexpr FlagValue tmfMPTSetCanConfidentialAmount = 0x00001000;
-inline constexpr FlagValue tmfMPTClearCanConfidentialAmount = 0x00002000;
-inline constexpr FlagValue tmfMPTokenIssuanceSetMutableMask =
-    ~(tmfMPTSetCanLock | tmfMPTClearCanLock | tmfMPTSetRequireAuth | tmfMPTClearRequireAuth |
-      tmfMPTSetCanEscrow | tmfMPTClearCanEscrow | tmfMPTSetCanTrade | tmfMPTClearCanTrade |
-      tmfMPTSetCanTransfer | tmfMPTClearCanTransfer | tmfMPTSetCanClawback |
-      tmfMPTClearCanClawback | tmfMPTSetCanConfidentialAmount | tmfMPTClearCanConfidentialAmount);
+inline constexpr FlagValue tmfMPTokenIssuanceSetMutableMask = ~(
+    tmfMPTSetCanLock | tmfMPTClearCanLock | tmfMPTSetRequireAuth | tmfMPTClearRequireAuth |
+    tmfMPTSetCanEscrow | tmfMPTClearCanEscrow | tmfMPTSetCanTrade | tmfMPTClearCanTrade |
+    tmfMPTSetCanTransfer | tmfMPTClearCanTransfer | tmfMPTSetCanClawback | tmfMPTClearCanClawback);
 
 // Prior to fixRemoveNFTokenAutoTrustLine, transfer of an NFToken between accounts allowed a
 // TrustLine to be added to the issuer of that token without explicit permission from that issuer.

include/xrpl/protocol/detail/STVar.h

@@ -44,7 +44,7 @@ private:
     // The largest "small object" we can accommodate
     static std::size_t constexpr max_size = 72;
 
-    std::aligned_storage<max_size>::type d_;
+    std::aligned_storage<max_size>::type d_ = {};
     STBase* p_ = nullptr;
 
 public:

include/xrpl/protocol/detail/features.macro

@@ -15,7 +15,7 @@
 
 // Add new amendments to the top of this list.
 // Keep it sorted in reverse chronological order.
-XRPL_FEATURE(ConfidentialTransfer,       Supported::yes, VoteBehavior::DefaultNo)
+
 XRPL_FIX   (PermissionedDomainInvariant, Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (ExpiredNFTokenOfferRemoval, Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (BatchInnerSigs,             Supported::no, VoteBehavior::DefaultNo)

include/xrpl/protocol/detail/ledger_entries.macro

@@ -385,41 +385,32 @@ LEDGER_ENTRY(ltAMM, 0x0079, AMM, amm, ({
     \sa keylet::mptIssuance
  */
 LEDGER_ENTRY(ltMPTOKEN_ISSUANCE, 0x007e, MPTokenIssuance, mpt_issuance, ({
-    {sfIssuer,                        soeREQUIRED},
-    {sfSequence,                      soeREQUIRED},
-    {sfTransferFee,                   soeDEFAULT},
-    {sfOwnerNode,                     soeREQUIRED},
-    {sfAssetScale,                    soeDEFAULT},
-    {sfMaximumAmount,                 soeOPTIONAL},
-    {sfOutstandingAmount,             soeREQUIRED},
-    {sfLockedAmount,                  soeOPTIONAL},
-    {sfMPTokenMetadata,               soeOPTIONAL},
-    {sfPreviousTxnID,                 soeREQUIRED},
-    {sfPreviousTxnLgrSeq,             soeREQUIRED},
-    {sfDomainID,                      soeOPTIONAL},
-    {sfMutableFlags,                  soeDEFAULT},
-    {sfIssuerEncryptionKey,           soeOPTIONAL},
-    {sfAuditorEncryptionKey,          soeOPTIONAL},
-    {sfConfidentialOutstandingAmount, soeDEFAULT},
+    {sfIssuer,                   soeREQUIRED},
+    {sfSequence,                 soeREQUIRED},
+    {sfTransferFee,              soeDEFAULT},
+    {sfOwnerNode,                soeREQUIRED},
+    {sfAssetScale,               soeDEFAULT},
+    {sfMaximumAmount,            soeOPTIONAL},
+    {sfOutstandingAmount,        soeREQUIRED},
+    {sfLockedAmount,             soeOPTIONAL},
+    {sfMPTokenMetadata,          soeOPTIONAL},
+    {sfPreviousTxnID,            soeREQUIRED},
+    {sfPreviousTxnLgrSeq,        soeREQUIRED},
+    {sfDomainID,                 soeOPTIONAL},
+    {sfMutableFlags,             soeDEFAULT},
 }))
 
 /** A ledger object which tracks MPToken
     \sa keylet::mptoken
  */
 LEDGER_ENTRY(ltMPTOKEN, 0x007f, MPToken, mptoken, ({
-    {sfAccount,                     soeREQUIRED},
-    {sfMPTokenIssuanceID,           soeREQUIRED},
-    {sfMPTAmount,                   soeDEFAULT},
-    {sfLockedAmount,                soeOPTIONAL},
-    {sfOwnerNode,                   soeREQUIRED},
-    {sfPreviousTxnID,               soeREQUIRED},
-    {sfPreviousTxnLgrSeq,           soeREQUIRED},
-    {sfConfidentialBalanceInbox,    soeOPTIONAL},
-    {sfConfidentialBalanceSpending, soeOPTIONAL},
-    {sfConfidentialBalanceVersion,  soeDEFAULT},
-    {sfIssuerEncryptedBalance,      soeOPTIONAL},
-    {sfAuditorEncryptedBalance,     soeOPTIONAL},
-    {sfHolderEncryptionKey,         soeOPTIONAL},
+    {sfAccount,                  soeREQUIRED},
+    {sfMPTokenIssuanceID,        soeREQUIRED},
+    {sfMPTAmount,                soeDEFAULT},
+    {sfLockedAmount,             soeOPTIONAL},
+    {sfOwnerNode,                soeREQUIRED},
+    {sfPreviousTxnID,            soeREQUIRED},
+    {sfPreviousTxnLgrSeq,        soeREQUIRED},
 }))
 
 /** A ledger object which tracks Oracle

include/xrpl/protocol/detail/sfields.macro

@@ -114,7 +114,6 @@ TYPED_SFIELD(sfInterestRate,             UINT32,    65) // 1/10 basis points (bi
 TYPED_SFIELD(sfLateInterestRate,         UINT32,    66) // 1/10 basis points (bips)
 TYPED_SFIELD(sfCloseInterestRate,        UINT32,    67) // 1/10 basis points (bips)
 TYPED_SFIELD(sfOverpaymentInterestRate,  UINT32,    68) // 1/10 basis points (bips)
-TYPED_SFIELD(sfConfidentialBalanceVersion, UINT32,  69)
 
 // 64-bit integers (common)
 TYPED_SFIELD(sfIndexNext,                UINT64,     1)
@@ -148,7 +147,6 @@ TYPED_SFIELD(sfSubjectNode,              UINT64,    28)
 TYPED_SFIELD(sfLockedAmount,             UINT64,    29, SField::sMD_BaseTen|SField::sMD_Default)
 TYPED_SFIELD(sfVaultNode,                UINT64,    30)
 TYPED_SFIELD(sfLoanBrokerNode,           UINT64,    31)
-TYPED_SFIELD(sfConfidentialOutstandingAmount, UINT64, 32, SField::sMD_BaseTen|SField::sMD_Default)
 
 // 128-bit
 TYPED_SFIELD(sfEmailHash,                UINT128,    1)
@@ -299,22 +297,6 @@ TYPED_SFIELD(sfAssetClass,               VL,        28)
 TYPED_SFIELD(sfProvider,                 VL,        29)
 TYPED_SFIELD(sfMPTokenMetadata,          VL,        30)
 TYPED_SFIELD(sfCredentialType,           VL,        31)
-TYPED_SFIELD(sfConfidentialBalanceInbox, VL,        32)
-TYPED_SFIELD(sfConfidentialBalanceSpending, VL,     33)
-TYPED_SFIELD(sfIssuerEncryptedBalance,   VL,        34)
-TYPED_SFIELD(sfIssuerEncryptionKey,      VL,        35)
-TYPED_SFIELD(sfHolderEncryptionKey,      VL,        36)
-TYPED_SFIELD(sfZKProof,                  VL,        37)
-TYPED_SFIELD(sfHolderEncryptedAmount,    VL,        38)
-TYPED_SFIELD(sfIssuerEncryptedAmount,    VL,        39)
-TYPED_SFIELD(sfSenderEncryptedAmount,    VL,        40)
-TYPED_SFIELD(sfDestinationEncryptedAmount, VL,      41)
-TYPED_SFIELD(sfAuditorEncryptedBalance,  VL,        42)
-TYPED_SFIELD(sfAuditorEncryptedAmount,   VL,        43)
-TYPED_SFIELD(sfAuditorEncryptionKey,     VL,        44)
-TYPED_SFIELD(sfBlindingFactor,           VL,        45)
-TYPED_SFIELD(sfAmountCommitment,         VL,        46)
-TYPED_SFIELD(sfBalanceCommitment,        VL,        47)
 
 // account (common)
 TYPED_SFIELD(sfAccount,                  ACCOUNT,    1)

include/xrpl/protocol/detail/transactions.macro

@@ -42,7 +42,7 @@ TRANSACTION(ttPAYMENT, 0, Payment,
 
 /** This transaction type creates an escrow object. */
 #if TRANSACTION_INCLUDE
-#   include <xrpl/tx/transactors/escrow/Escrow.h>
+#   include <xrpl/tx/transactors/escrow/EscrowCreate.h>
 #endif
 TRANSACTION(ttESCROW_CREATE, 1, EscrowCreate,
     Delegation::delegable,
@@ -58,6 +58,9 @@ TRANSACTION(ttESCROW_CREATE, 1, EscrowCreate,
 }))
 
 /** This transaction type completes an existing escrow. */
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/escrow/EscrowFinish.h>
+#endif
 TRANSACTION(ttESCROW_FINISH, 2, EscrowFinish,
     Delegation::delegable,
     uint256{},
@@ -94,7 +97,7 @@ TRANSACTION(ttACCOUNT_SET, 3, AccountSet,
 
 /** This transaction type cancels an existing escrow. */
 #if TRANSACTION_INCLUDE
-#   include <xrpl/tx/transactors/escrow/Escrow.h>
+#   include <xrpl/tx/transactors/escrow/EscrowCancel.h>
 #endif
 TRANSACTION(ttESCROW_CANCEL, 4, EscrowCancel,
     Delegation::delegable,
@@ -180,7 +183,7 @@ TRANSACTION(ttSIGNER_LIST_SET, 12, SignerListSet,
 
 /** This transaction type creates a new unidirectional XRP payment channel. */
 #if TRANSACTION_INCLUDE
-#   include <xrpl/tx/transactors/payment_channel/PayChan.h>
+#   include <xrpl/tx/transactors/payment_channel/PayChanCreate.h>
 #endif
 TRANSACTION(ttPAYCHAN_CREATE, 13, PaymentChannelCreate,
     Delegation::delegable,
@@ -196,6 +199,9 @@ TRANSACTION(ttPAYCHAN_CREATE, 13, PaymentChannelCreate,
 }))
 
 /** This transaction type funds an existing unidirectional XRP payment channel. */
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/payment_channel/PayChanFund.h>
+#endif
 TRANSACTION(ttPAYCHAN_FUND, 14, PaymentChannelFund,
     Delegation::delegable,
     uint256{},
@@ -207,6 +213,9 @@ TRANSACTION(ttPAYCHAN_FUND, 14, PaymentChannelFund,
 }))
 
 /** This transaction type submits a claim against an existing unidirectional payment channel. */
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/payment_channel/PayChanClaim.h>
+#endif
 TRANSACTION(ttPAYCHAN_CLAIM, 15, PaymentChannelClaim,
     Delegation::delegable,
     uint256{},
@@ -617,7 +626,7 @@ TRANSACTION(ttXCHAIN_CREATE_BRIDGE, 48, XChainCreateBridge,
 
 /** This transaction type creates or updates a DID */
 #if TRANSACTION_INCLUDE
-#   include <xrpl/tx/transactors/did/DID.h>
+#   include <xrpl/tx/transactors/did/DIDSet.h>
 #endif
 TRANSACTION(ttDID_SET, 49, DIDSet,
     Delegation::delegable,
@@ -630,6 +639,9 @@ TRANSACTION(ttDID_SET, 49, DIDSet,
 }))
 
 /** This transaction type deletes a DID */
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/did/DIDDelete.h>
+#endif
 TRANSACTION(ttDID_DELETE, 50, DIDDelete,
     Delegation::delegable,
     featureDID,
@@ -722,8 +734,6 @@ TRANSACTION(ttMPTOKEN_ISSUANCE_SET, 56, MPTokenIssuanceSet,
     {sfMPTokenMetadata, soeOPTIONAL},
     {sfTransferFee, soeOPTIONAL},
     {sfMutableFlags, soeOPTIONAL},
-    {sfIssuerEncryptionKey, soeOPTIONAL},
-    {sfAuditorEncryptionKey, soeOPTIONAL},
 }))
 
 /** This transaction type authorizes a MPToken instance */
@@ -741,7 +751,7 @@ TRANSACTION(ttMPTOKEN_AUTHORIZE, 57, MPTokenAuthorize,
 
 /** This transaction type create an Credential instance */
 #if TRANSACTION_INCLUDE
-#   include <xrpl/tx/transactors/credentials/Credentials.h>
+#   include <xrpl/tx/transactors/credentials/CredentialCreate.h>
 #endif
 TRANSACTION(ttCREDENTIAL_CREATE, 58, CredentialCreate,
     Delegation::delegable,
@@ -755,6 +765,9 @@ TRANSACTION(ttCREDENTIAL_CREATE, 58, CredentialCreate,
 }))
 
 /** This transaction type accept an Credential object */
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/credentials/CredentialAccept.h>
+#endif
 TRANSACTION(ttCREDENTIAL_ACCEPT, 59, CredentialAccept,
     Delegation::delegable,
     featureCredentials,
@@ -765,6 +778,9 @@ TRANSACTION(ttCREDENTIAL_ACCEPT, 59, CredentialAccept,
 }))
 
 /** This transaction type delete an Credential object */
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/credentials/CredentialDelete.h>
+#endif
 TRANSACTION(ttCREDENTIAL_DELETE, 60, CredentialDelete,
     Delegation::delegable,
     featureCredentials,
@@ -832,7 +848,7 @@ TRANSACTION(ttDELEGATE_SET, 64, DelegateSet,
 #   include <xrpl/tx/transactors/vault/VaultCreate.h>
 #endif
 TRANSACTION(ttVAULT_CREATE, 65, VaultCreate,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureSingleAssetVault,
     createPseudoAcct | createMPTIssuance | mustModifyVault,
     ({
@@ -850,7 +866,7 @@ TRANSACTION(ttVAULT_CREATE, 65, VaultCreate,
 #   include <xrpl/tx/transactors/vault/VaultSet.h>
 #endif
 TRANSACTION(ttVAULT_SET, 66, VaultSet,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureSingleAssetVault,
     mustModifyVault,
     ({
@@ -865,7 +881,7 @@ TRANSACTION(ttVAULT_SET, 66, VaultSet,
 #   include <xrpl/tx/transactors/vault/VaultDelete.h>
 #endif
 TRANSACTION(ttVAULT_DELETE, 67, VaultDelete,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureSingleAssetVault,
     mustDeleteAcct | destroyMPTIssuance | mustModifyVault,
     ({
@@ -877,7 +893,7 @@ TRANSACTION(ttVAULT_DELETE, 67, VaultDelete,
 #   include <xrpl/tx/transactors/vault/VaultDeposit.h>
 #endif
 TRANSACTION(ttVAULT_DEPOSIT, 68, VaultDeposit,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureSingleAssetVault,
     mayAuthorizeMPT | mustModifyVault,
     ({
@@ -890,7 +906,7 @@ TRANSACTION(ttVAULT_DEPOSIT, 68, VaultDeposit,
 #   include <xrpl/tx/transactors/vault/VaultWithdraw.h>
 #endif
 TRANSACTION(ttVAULT_WITHDRAW, 69, VaultWithdraw,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureSingleAssetVault,
     mayDeleteMPT | mayAuthorizeMPT | mustModifyVault,
     ({
@@ -905,7 +921,7 @@ TRANSACTION(ttVAULT_WITHDRAW, 69, VaultWithdraw,
 #   include <xrpl/tx/transactors/vault/VaultClawback.h>
 #endif
 TRANSACTION(ttVAULT_CLAWBACK, 70, VaultClawback,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureSingleAssetVault,
     mayDeleteMPT | mustModifyVault,
     ({
@@ -934,7 +950,7 @@ TRANSACTION(ttBATCH, 71, Batch,
 #   include <xrpl/tx/transactors/lending/LoanBrokerSet.h>
 #endif
 TRANSACTION(ttLOAN_BROKER_SET, 74, LoanBrokerSet,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     createPseudoAcct | mayAuthorizeMPT, ({
     {sfVaultID, soeREQUIRED},
@@ -951,7 +967,7 @@ TRANSACTION(ttLOAN_BROKER_SET, 74, LoanBrokerSet,
 #   include <xrpl/tx/transactors/lending/LoanBrokerDelete.h>
 #endif
 TRANSACTION(ttLOAN_BROKER_DELETE, 75, LoanBrokerDelete,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     mustDeleteAcct | mayAuthorizeMPT, ({
     {sfLoanBrokerID, soeREQUIRED},
@@ -962,7 +978,7 @@ TRANSACTION(ttLOAN_BROKER_DELETE, 75, LoanBrokerDelete,
 #   include <xrpl/tx/transactors/lending/LoanBrokerCoverDeposit.h>
 #endif
 TRANSACTION(ttLOAN_BROKER_COVER_DEPOSIT, 76, LoanBrokerCoverDeposit,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     noPriv, ({
     {sfLoanBrokerID, soeREQUIRED},
@@ -974,7 +990,7 @@ TRANSACTION(ttLOAN_BROKER_COVER_DEPOSIT, 76, LoanBrokerCoverDeposit,
 #   include <xrpl/tx/transactors/lending/LoanBrokerCoverWithdraw.h>
 #endif
 TRANSACTION(ttLOAN_BROKER_COVER_WITHDRAW, 77, LoanBrokerCoverWithdraw,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     mayAuthorizeMPT, ({
     {sfLoanBrokerID, soeREQUIRED},
@@ -989,7 +1005,7 @@ TRANSACTION(ttLOAN_BROKER_COVER_WITHDRAW, 77, LoanBrokerCoverWithdraw,
 #   include <xrpl/tx/transactors/lending/LoanBrokerCoverClawback.h>
 #endif
 TRANSACTION(ttLOAN_BROKER_COVER_CLAWBACK, 78, LoanBrokerCoverClawback,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     noPriv, ({
     {sfLoanBrokerID, soeOPTIONAL},
@@ -1001,7 +1017,7 @@ TRANSACTION(ttLOAN_BROKER_COVER_CLAWBACK, 78, LoanBrokerCoverClawback,
 #   include <xrpl/tx/transactors/lending/LoanSet.h>
 #endif
 TRANSACTION(ttLOAN_SET, 80, LoanSet,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     mayAuthorizeMPT | mustModifyVault, ({
     {sfLoanBrokerID, soeREQUIRED},
@@ -1028,7 +1044,7 @@ TRANSACTION(ttLOAN_SET, 80, LoanSet,
 #   include <xrpl/tx/transactors/lending/LoanDelete.h>
 #endif
 TRANSACTION(ttLOAN_DELETE, 81, LoanDelete,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     noPriv, ({
     {sfLoanID, soeREQUIRED},
@@ -1039,7 +1055,7 @@ TRANSACTION(ttLOAN_DELETE, 81, LoanDelete,
 #   include <xrpl/tx/transactors/lending/LoanManage.h>
 #endif
 TRANSACTION(ttLOAN_MANAGE, 82, LoanManage,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     // All of the LoanManage options will modify the vault, but the
     // transaction can succeed without options, essentially making it
@@ -1053,97 +1069,13 @@ TRANSACTION(ttLOAN_MANAGE, 82, LoanManage,
 #   include <xrpl/tx/transactors/lending/LoanPay.h>
 #endif
 TRANSACTION(ttLOAN_PAY, 84, LoanPay,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     mayAuthorizeMPT | mustModifyVault, ({
     {sfLoanID, soeREQUIRED},
     {sfAmount, soeREQUIRED, soeMPTSupported},
 }))
 
-/** This transaction type converts into confidential MPT balance. */
-#if TRANSACTION_INCLUDE
-#include <xrpl/tx/transactors/token/ConfidentialMPTConvert.h>
-#endif
-TRANSACTION(ttCONFIDENTIAL_MPT_CONVERT, 85, ConfidentialMPTConvert,
-    Delegation::delegable,
-    featureConfidentialTransfer,
-    noPriv,
-    ({
-    {sfMPTokenIssuanceID, soeREQUIRED},
-    {sfMPTAmount, soeREQUIRED},
-    {sfHolderEncryptionKey, soeOPTIONAL},
-    {sfHolderEncryptedAmount, soeREQUIRED},
-    {sfIssuerEncryptedAmount, soeREQUIRED},
-    {sfAuditorEncryptedAmount, soeOPTIONAL},
-    {sfBlindingFactor, soeREQUIRED},
-    {sfZKProof, soeOPTIONAL},
-}))
-
-/** This transaction type merges MPT inbox. */
-#if TRANSACTION_INCLUDE
-#include <xrpl/tx/transactors/token/ConfidentialMPTMergeInbox.h>
-#endif
-TRANSACTION(ttCONFIDENTIAL_MPT_MERGE_INBOX, 86, ConfidentialMPTMergeInbox,
-    Delegation::delegable,
-    featureConfidentialTransfer,
-    noPriv,
-    ({
-    {sfMPTokenIssuanceID, soeREQUIRED},
-}))
-
-/** This transaction type converts back into public MPT balance. */
-#if TRANSACTION_INCLUDE
-#include <xrpl/tx/transactors/token/ConfidentialMPTConvertBack.h>
-#endif
-TRANSACTION(ttCONFIDENTIAL_MPT_CONVERT_BACK, 87, ConfidentialMPTConvertBack,
-    Delegation::delegable,
-    featureConfidentialTransfer,
-    noPriv,
-    ({
-    {sfMPTokenIssuanceID, soeREQUIRED},
-    {sfMPTAmount, soeREQUIRED},
-    {sfHolderEncryptedAmount, soeREQUIRED},
-    {sfIssuerEncryptedAmount, soeREQUIRED},
-    {sfAuditorEncryptedAmount, soeOPTIONAL},
-    {sfBlindingFactor, soeREQUIRED},
-    {sfZKProof, soeREQUIRED},
-    {sfBalanceCommitment, soeREQUIRED},
-}))
-
-#if TRANSACTION_INCLUDE
-#include <xrpl/tx/transactors/token/ConfidentialMPTSend.h>
-#endif
-TRANSACTION(ttCONFIDENTIAL_MPT_SEND, 88, ConfidentialMPTSend,
-    Delegation::delegable,
-    featureConfidentialTransfer,
-    noPriv,
-    ({
-    {sfMPTokenIssuanceID, soeREQUIRED},
-    {sfDestination, soeREQUIRED},
-    {sfSenderEncryptedAmount, soeREQUIRED},
-    {sfDestinationEncryptedAmount, soeREQUIRED},
-    {sfIssuerEncryptedAmount, soeREQUIRED},
-    {sfAuditorEncryptedAmount, soeOPTIONAL},
-    {sfZKProof, soeREQUIRED},
-    {sfAmountCommitment, soeREQUIRED},
-    {sfBalanceCommitment, soeREQUIRED},
-    {sfCredentialIDs, soeOPTIONAL},
-}))
-
-#if TRANSACTION_INCLUDE
-#include <xrpl/tx/transactors/token/ConfidentialMPTClawback.h>
-#endif
-TRANSACTION(ttCONFIDENTIAL_MPT_CLAWBACK, 89, ConfidentialMPTClawback,
-    Delegation::delegable,
-    featureConfidentialTransfer,
-    noPriv,
-    ({
-    {sfMPTokenIssuanceID, soeREQUIRED},
-    {sfHolder, soeREQUIRED},
-    {sfMPTAmount, soeREQUIRED},
-    {sfZKProof, soeREQUIRED},
-}))
-
 /** This system-generated transaction type is used to update the status of the various amendments.
 
     For details, see: https://xrpl.org/amendments.html

include/xrpl/protocol/digest.h

@@ -40,7 +40,7 @@ public:
     operator result_type() noexcept;
 
 private:
-    char ctx_[96];
+    char ctx_[96]{};
 };
 
 /** SHA-512 digest
@@ -63,7 +63,7 @@ public:
     operator result_type() noexcept;
 
 private:
-    char ctx_[216];
+    char ctx_[216]{};
 };
 
 /** SHA-256 digest
@@ -86,7 +86,7 @@ public:
     operator result_type() noexcept;
 
 private:
-    char ctx_[112];
+    char ctx_[112]{};
 };
 
 //------------------------------------------------------------------------------

include/xrpl/protocol/jss.h

@@ -112,6 +112,7 @@ JSS(accounts);                // in: LedgerEntry, Subscribe,
                               //     handlers/Ledger, Unsubscribe
 JSS(accounts_proposed);       // in: Subscribe, Unsubscribe
 JSS(action);
+JSS(active);                  // out: OverlayImpl
 JSS(acquiring);               // out: LedgerRequest
 JSS(address);                 // out: PeerImp
 JSS(affected);                // out: AcceptedLedgerTx
@@ -300,6 +301,7 @@ JSS(id);                      // websocket.
 JSS(ident);                   // in: AccountCurrencies, AccountInfo,
                               //     OwnerInfo
 JSS(ignore_default);          // in: AccountLines
+JSS(in);                      // out: OverlayImpl
 JSS(inLedger);                // out: tx/Transaction
 JSS(inbound);                 // out: PeerImp
 JSS(index);                   // in: LedgerEntry
@@ -464,6 +466,7 @@ JSS(open_ledger_level);       // out: TxQ
 JSS(optionality);             // out: server_definitions
 JSS(oracles);                 // in: get_aggregate_price
 JSS(oracle_document_id);      // in: get_aggregate_price
+JSS(out);                     // out: OverlayImpl
 JSS(owner);                   // in: LedgerEntry, out: NetworkOPs
 JSS(owner_funds);             // in/out: Ledger, NetworkOPs, AcceptedLedgerTx
 JSS(page_index);

include/xrpl/server/InfoSub.h

@@ -173,7 +173,7 @@ public:
     send(Json::Value const& jvObj, bool broadcast) = 0;
 
     std::uint64_t
-    getSeq();
+    getSeq() const;
 
     void
     onSendEmpty();

include/xrpl/tx/Transactor.h

@@ -114,8 +114,7 @@ protected:
     beast::Journal const j_;
 
     AccountID const account_;
-    XRPAmount mPriorBalance;   // Balance before fees.
-    XRPAmount mSourceBalance;  // Balance after fees.
+    XRPAmount preFeeBalance_{};  // Balance before fees.
 
     virtual ~Transactor() = default;
     Transactor(Transactor const&) = delete;

include/xrpl/tx/applySteps.h

@@ -213,7 +213,7 @@ public:
         , flags(ctx_.flags)
         , j(ctx_.j)
         , ter(ter_)
-        , likelyToClaimFee(ter == tesSUCCESS || isTecClaimHardFail(ter, flags))
+        , likelyToClaimFee(isTesSuccess(ter) || isTecClaimHardFail(ter, flags))
     {
     }
 

include/xrpl/tx/invariants/InvariantCheck.h

@@ -27,6 +27,33 @@ namespace xrpl {
  * communicate the interface required of any invariant checker. Any invariant
  * check implementation should implement the public methods documented here.
  *
+ * ## Rules for implementing `finalize`
+ *
+ * ### Invariants must run regardless of transaction result
+ *
+ * An invariant's `finalize` method MUST perform meaningful checks even when
+ * the transaction has failed (i.e., `!isTesSuccess(tec)`). The following
+ * pattern is almost certainly wrong and must never be used:
+ *
+ * @code
+ * // WRONG: skipping all checks on failure defeats the purpose of invariants
+ * if (!isTesSuccess(tec))
+ *     return true;
+ * @endcode
+ *
+ * The entire purpose of invariants is to detect and prevent the impossible.
+ * A bug or exploit could cause a failed transaction to mutate ledger state in
+ * unexpected ways. Invariants are the last line of defense against such
+ * scenarios.
+ *
+ * In general: an invariant that expects a domain-specific state change to
+ * occur (e.g., a new object being created) should only expect that change
+ * when the transaction succeeded. A failed VaultCreate must not have created
+ * a Vault. A failed LoanSet must not have created a Loan.
+ *
+ * Also be aware that failed transactions, regardless of type, carry no
+ * Privileges. Any privilege-gated checks must therefore also be applied to
+ * failed transactions.
  */
 class InvariantChecker_PROTOTYPE
 {
@@ -48,7 +75,11 @@ public:
 
     /**
      * @brief called after all ledger entries have been visited to determine
-     * the final status of the check
+     * the final status of the check.
+     *
+     * This method MUST perform meaningful checks even when `tec` indicates a
+     * failed transaction. See the class-level documentation for the rules
+     * governing how failed transactions must be handled.
      *
      * @param tx the transaction being applied
      * @param tec the current TER result of the transaction
@@ -101,7 +132,7 @@ public:
     visitEntry(bool, std::shared_ptr<SLE const> const&, std::shared_ptr<SLE const> const&);
 
     bool
-    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
+    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&) const;
 };
 
 /**
@@ -121,7 +152,7 @@ public:
     visitEntry(bool, std::shared_ptr<SLE const> const&, std::shared_ptr<SLE const> const&);
 
     bool
-    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
+    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&) const;
 };
 
 /**
@@ -167,7 +198,7 @@ public:
     visitEntry(bool, std::shared_ptr<SLE const> const&, std::shared_ptr<SLE const> const&);
 
     bool
-    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
+    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&) const;
 };
 
 /**
@@ -184,7 +215,7 @@ public:
     visitEntry(bool, std::shared_ptr<SLE const> const&, std::shared_ptr<SLE const> const&);
 
     bool
-    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
+    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&) const;
 };
 
 /**
@@ -202,7 +233,7 @@ public:
     visitEntry(bool, std::shared_ptr<SLE const> const&, std::shared_ptr<SLE const> const&);
 
     bool
-    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
+    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&) const;
 };
 
 /**
@@ -221,7 +252,7 @@ public:
     visitEntry(bool, std::shared_ptr<SLE const> const&, std::shared_ptr<SLE const> const&);
 
     bool
-    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
+    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&) const;
 };
 
 /**
@@ -240,7 +271,7 @@ public:
     visitEntry(bool, std::shared_ptr<SLE const> const&, std::shared_ptr<SLE const> const&);
 
     bool
-    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
+    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&) const;
 };
 
 /**
@@ -256,7 +287,7 @@ public:
     visitEntry(bool, std::shared_ptr<SLE const> const&, std::shared_ptr<SLE const> const&);
 
     bool
-    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
+    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&) const;
 };
 
 /**
@@ -276,7 +307,7 @@ public:
     visitEntry(bool, std::shared_ptr<SLE const> const&, std::shared_ptr<SLE const> const&);
 
     bool
-    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
+    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&) const;
 };
 
 /**
@@ -297,7 +328,7 @@ public:
     visitEntry(bool, std::shared_ptr<SLE const> const&, std::shared_ptr<SLE const> const&);
 
     bool
-    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
+    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&) const;
 };
 
 /**
@@ -366,8 +397,7 @@ using InvariantChecks = std::tuple<
     ValidPseudoAccounts,
     ValidLoanBroker,
     ValidLoan,
-    ValidVault,
-    ValidConfidentialMPToken>;
+    ValidVault>;
 
 /**
  * @brief get a tuple of all invariant checks

include/xrpl/tx/invariants/MPTInvariant.h

@@ -25,50 +25,7 @@ public:
     visitEntry(bool, std::shared_ptr<SLE const> const&, std::shared_ptr<SLE const> const&);
 
     bool
-    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
-};
-
-/**
- * @brief Invariants: Confidential MPToken consistency
- *
- * - Convert/ConvertBack symmetry:
- * Regular MPToken balance change (±X) == COA (Confidential Outstanding Amount) change (∓X)
- * - Cannot delete MPToken with non-zero confidential state:
- * Cannot delete if sfIssuerEncryptedBalance exists
- * Cannot delete if sfConfidentialBalanceInbox and sfConfidentialBalanceSpending exist
- * - Privacy flag consistency:
- * MPToken can only have encrypted fields if lsfMPTCanConfidentialAmount is set on
- * issuance.
- * - Encrypted field existence consistency:
- * If sfConfidentialBalanceSpending/sfConfidentialBalanceInbox exists, then
- * sfIssuerEncryptedBalance must also exist (and vice versa).
- * - COA <= OutstandingAmount:
- * Confidential outstanding balance cannot exceed total outstanding.
- * - Verifies sfConfidentialBalanceVersion is changed whenever sfConfidentialBalanceSpending is
- * modified on an MPToken.
- */
-class ValidConfidentialMPToken
-{
-    struct Changes
-    {
-        std::int64_t mptAmountDelta = 0;
-        std::int64_t coaDelta = 0;
-        std::int64_t outstandingDelta = 0;
-        SLE::const_pointer issuance;
-        bool deletedWithEncrypted = false;
-        bool badConsistency = false;
-        bool badCOA = false;
-        bool requiresPrivacyFlag = false;
-        bool badVersion = false;
-    };
-    std::map<uint192, Changes> changes_;
-
-public:
-    void
-    visitEntry(bool, std::shared_ptr<SLE const> const&, std::shared_ptr<SLE const> const&);
-
-    bool
-    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
+    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&) const;
 };
 
 }  // namespace xrpl

include/xrpl/tx/invariants/NFTInvariant.h

@@ -36,7 +36,7 @@ public:
     visitEntry(bool, std::shared_ptr<SLE const> const&, std::shared_ptr<SLE const> const&);
 
     bool
-    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
+    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&) const;
 };
 
 /**
@@ -64,7 +64,7 @@ public:
     visitEntry(bool, std::shared_ptr<SLE const> const&, std::shared_ptr<SLE const> const&);
 
     bool
-    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&);
+    finalize(STTx const&, TER const, XRPAmount const, ReadView const&, beast::Journal const&) const;
 };
 
 }  // namespace xrpl

include/xrpl/tx/paths/BookTip.h

@@ -22,7 +22,7 @@ private:
     uint256 m_dir;
     uint256 m_index;
     std::shared_ptr<SLE> m_entry;
-    Quality m_quality;
+    Quality m_quality{};
 
 public:
     /** Create the iterator. */

include/xrpl/tx/transactors/credentials/CredentialAccept.h

@@ -0,0 +1,29 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class CredentialAccept : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
+
+    explicit CredentialAccept(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static std::uint32_t
+    getFlagsMask(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+}  // namespace xrpl

include/xrpl/tx/transactors/credentials/CredentialCreate.h

@@ -0,0 +1,29 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class CredentialCreate : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
+
+    explicit CredentialCreate(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static std::uint32_t
+    getFlagsMask(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+}  // namespace xrpl

include/xrpl/tx/transactors/credentials/CredentialDelete.h

@@ -0,0 +1,29 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class CredentialDelete : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
+
+    explicit CredentialDelete(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static std::uint32_t
+    getFlagsMask(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+}  // namespace xrpl

include/xrpl/tx/transactors/credentials/Credentials.h

@@ -1,77 +0,0 @@
-#pragma once
-
-#include <xrpl/tx/Transactor.h>
-
-namespace xrpl {
-
-class CredentialCreate : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit CredentialCreate(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static std::uint32_t
-    getFlagsMask(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-//------------------------------------------------------------------------------
-
-class CredentialDelete : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit CredentialDelete(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static std::uint32_t
-    getFlagsMask(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-//------------------------------------------------------------------------------
-
-class CredentialAccept : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit CredentialAccept(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static std::uint32_t
-    getFlagsMask(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-}  // namespace xrpl

include/xrpl/tx/transactors/dex/AMMHelpers.h

@@ -370,7 +370,7 @@ changeSpotPriceQuality(
     if (!amounts)
     {
         JLOG(j.trace()) << "changeSpotPrice calc failed: " << to_string(pool.in) << " "
-                        << to_string(pool.out) << " " << quality << " " << tfee << std::endl;
+                        << to_string(pool.out) << " " << quality << " " << tfee;
         return std::nullopt;
     }
 
@@ -639,9 +639,9 @@ getRoundedAsset(Rules const& rules, STAmount const& balance, A const& frac, IsDe
 STAmount
 getRoundedAsset(
     Rules const& rules,
-    std::function<Number()>&& noRoundCb,
+    std::function<Number()> const& noRoundCb,
     STAmount const& balance,
-    std::function<Number()>&& productCb,
+    std::function<Number()> const& productCb,
     IsDeposit isDeposit);
 
 /** Round AMM deposit/withdrawal LPToken amount. Deposit/withdrawal formulas
@@ -672,9 +672,9 @@ getRoundedLPTokens(
 STAmount
 getRoundedLPTokens(
     Rules const& rules,
-    std::function<Number()>&& noRoundCb,
+    std::function<Number()> const& noRoundCb,
     STAmount const& lptAMMBalance,
-    std::function<Number()>&& productCb,
+    std::function<Number()> const& productCb,
     IsDeposit isDeposit);
 
 /* Next two functions adjust asset in/out amount to factor in the adjusted

include/xrpl/tx/transactors/did/DIDDelete.h

@@ -4,24 +4,6 @@
 
 namespace xrpl {
 
-class DIDSet : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit DIDSet(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-//------------------------------------------------------------------------------
-
 class DIDDelete : public Transactor
 {
 public:

include/xrpl/tx/transactors/did/DIDSet.h

@@ -0,0 +1,23 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class DIDSet : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
+
+    explicit DIDSet(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+}  // namespace xrpl

include/xrpl/tx/transactors/escrow/Escrow.h

@@ -1,80 +0,0 @@
-#pragma once
-
-#include <xrpl/tx/Transactor.h>
-
-namespace xrpl {
-
-class EscrowCreate : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Custom};
-
-    explicit EscrowCreate(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static TxConsequences
-    makeTxConsequences(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-//------------------------------------------------------------------------------
-
-class EscrowFinish : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit EscrowFinish(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static bool
-    checkExtraFeatures(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static NotTEC
-    preflightSigValidated(PreflightContext const& ctx);
-
-    static XRPAmount
-    calculateBaseFee(ReadView const& view, STTx const& tx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-//------------------------------------------------------------------------------
-
-class EscrowCancel : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit EscrowCancel(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-}  // namespace xrpl

include/xrpl/tx/transactors/escrow/EscrowCancel.h

@@ -0,0 +1,26 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class EscrowCancel : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
+
+    explicit EscrowCancel(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+}  // namespace xrpl

include/xrpl/tx/transactors/escrow/EscrowCreate.h

@@ -0,0 +1,29 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class EscrowCreate : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Custom};
+
+    explicit EscrowCreate(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static TxConsequences
+    makeTxConsequences(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+}  // namespace xrpl

include/xrpl/tx/transactors/escrow/EscrowFinish.h

@@ -0,0 +1,35 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class EscrowFinish : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
+
+    explicit EscrowFinish(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static bool
+    checkExtraFeatures(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static NotTEC
+    preflightSigValidated(PreflightContext const& ctx);
+
+    static XRPAmount
+    calculateBaseFee(ReadView const& view, STTx const& tx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+}  // namespace xrpl

include/xrpl/tx/transactors/nft/NFTokenUtils.h

@@ -4,6 +4,7 @@
 #include <xrpl/ledger/ApplyView.h>
 #include <xrpl/protocol/AccountID.h>
 #include <xrpl/protocol/TER.h>
+#include <xrpl/protocol/TxFlags.h>
 #include <xrpl/protocol/nft.h>
 #include <xrpl/tx/Transactor.h>
 
@@ -54,7 +55,7 @@ removeToken(
     ApplyView& view,
     AccountID const& owner,
     uint256 const& nftokenID,
-    std::shared_ptr<SLE>&& page);
+    std::shared_ptr<SLE> const& page);
 
 /** Deletes the given token offer.
 
@@ -95,7 +96,7 @@ tokenOfferCreatePreflight(
     std::uint16_t nftFlags,
     Rules const& rules,
     std::optional<AccountID> const& owner = std::nullopt,
-    std::uint32_t txFlags = lsfSellNFToken);
+    std::uint32_t txFlags = tfSellNFToken);
 
 /** Preclaim checks shared by NFTokenCreateOffer and NFTokenMint */
 TER
@@ -109,7 +110,7 @@ tokenOfferCreatePreclaim(
     std::uint16_t xferFee,
     beast::Journal j,
     std::optional<AccountID> const& owner = std::nullopt,
-    std::uint32_t txFlags = lsfSellNFToken);
+    std::uint32_t txFlags = tfSellNFToken);
 
 /** doApply implementation shared by NFTokenCreateOffer and NFTokenMint */
 TER
@@ -123,7 +124,7 @@ tokenOfferCreateApply(
     uint256 const& nftokenID,
     XRPAmount const& priorBalance,
     beast::Journal j,
-    std::uint32_t txFlags = lsfSellNFToken);
+    std::uint32_t txFlags = tfSellNFToken);
 
 TER
 checkTrustlineAuthorized(

include/xrpl/tx/transactors/payment_channel/PayChan.h

@@ -1,83 +0,0 @@
-#pragma once
-
-#include <xrpl/tx/Transactor.h>
-
-namespace xrpl {
-
-class PayChanCreate : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Custom};
-
-    explicit PayChanCreate(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static TxConsequences
-    makeTxConsequences(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-using PaymentChannelCreate = PayChanCreate;
-
-//------------------------------------------------------------------------------
-
-class PayChanFund : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Custom};
-
-    explicit PayChanFund(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static TxConsequences
-    makeTxConsequences(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-using PaymentChannelFund = PayChanFund;
-
-//------------------------------------------------------------------------------
-
-class PayChanClaim : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit PayChanClaim(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static bool
-    checkExtraFeatures(PreflightContext const& ctx);
-
-    static std::uint32_t
-    getFlagsMask(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-using PaymentChannelClaim = PayChanClaim;
-
-}  // namespace xrpl

include/xrpl/tx/transactors/payment_channel/PayChanClaim.h

@@ -0,0 +1,34 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class PayChanClaim : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
+
+    explicit PayChanClaim(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static bool
+    checkExtraFeatures(PreflightContext const& ctx);
+
+    static std::uint32_t
+    getFlagsMask(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+using PaymentChannelClaim = PayChanClaim;
+
+}  // namespace xrpl

include/xrpl/tx/transactors/payment_channel/PayChanCreate.h

@@ -0,0 +1,31 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class PayChanCreate : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Custom};
+
+    explicit PayChanCreate(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static TxConsequences
+    makeTxConsequences(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+using PaymentChannelCreate = PayChanCreate;
+
+}  // namespace xrpl

include/xrpl/tx/transactors/payment_channel/PayChanFund.h

@@ -0,0 +1,28 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class PayChanFund : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Custom};
+
+    explicit PayChanFund(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static TxConsequences
+    makeTxConsequences(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+using PaymentChannelFund = PayChanFund;
+
+}  // namespace xrpl

include/xrpl/tx/transactors/system/Batch.h

@@ -49,11 +49,6 @@ public:
         ttLOAN_DELETE,
         ttLOAN_MANAGE,
         ttLOAN_PAY,
-        ttCONFIDENTIAL_MPT_SEND,
-        ttCONFIDENTIAL_MPT_CONVERT,
-        ttCONFIDENTIAL_MPT_CONVERT_BACK,
-        ttCONFIDENTIAL_MPT_MERGE_INBOX,
-        ttCONFIDENTIAL_MPT_CLAWBACK,
     });
 };
 

include/xrpl/tx/transactors/token/ConfidentialMPTClawback.h

@@ -1,42 +0,0 @@
-#pragma once
-
-#include <xrpl/tx/Transactor.h>
-
-namespace xrpl {
-
-/**
- * @brief Allows an MPT issuer to clawback confidential balances from a holder.
- *
- * This transaction enables the issuer of an MPToken Issuance (with clawback
- * enabled) to reclaim confidential tokens from a holder's account. Unlike
- * regular clawback, the issuer cannot see the holder's balance directly.
- * Instead, the issuer must provide a zero-knowledge proof that demonstrates
- * they know the exact encrypted balance amount.
- *
- * @par Cryptographic Operations:
- * - **Equality Proof Verification**: Verifies that the issuer's revealed
- *   amount matches the holder's encrypted balance using the issuer's
- *   ElGamal private key.
- *
- * @see ConfidentialMPTSend, ConfidentialMPTConvert
- */
-class ConfidentialMPTClawback : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit ConfidentialMPTClawback(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-}  // namespace xrpl

include/xrpl/tx/transactors/token/ConfidentialMPTConvert.h

@@ -1,44 +0,0 @@
-#pragma once
-
-#include <xrpl/tx/Transactor.h>
-
-namespace xrpl {
-
-/**
- * @brief Converts public (plaintext) MPT balance to confidential (encrypted)
- * balance.
- *
- * This transaction allows a token holder to convert their publicly visible
- * MPToken balance into an encrypted confidential balance. Once converted,
- * the balance can only be spent using ConfidentialMPTSend transactions and
- * remains hidden from public view on the ledger.
- *
- * @par Cryptographic Operations:
- * - **Schnorr Proof Verification**: When registering a new ElGamal public key,
- *   verifies proof of knowledge of the corresponding private key.
- * - **Revealed Amount Verification**: Verifies that the provided encrypted
- *   amounts (for holder, issuer, and optionally auditor) all encrypt the
- *   same plaintext amount using the provided blinding factor.
- *
- * @see ConfidentialMPTConvertBack, ConfidentialMPTSend
- */
-class ConfidentialMPTConvert : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit ConfidentialMPTConvert(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-}  // namespace xrpl

include/xrpl/tx/transactors/token/ConfidentialMPTConvertBack.h

@@ -1,45 +0,0 @@
-#pragma once
-
-#include <xrpl/tx/Transactor.h>
-
-namespace xrpl {
-
-/**
- * @brief Converts confidential (encrypted) MPT balance back to public
- * (plaintext) balance.
- *
- * This transaction allows a token holder to convert their encrypted
- * confidential balance back into a publicly visible MPToken balance. The
- * holder must prove they have sufficient confidential balance without
- * revealing the actual balance amount.
- *
- * @par Cryptographic Operations:
- * - **Revealed Amount Verification**: Verifies that the provided encrypted
- *   amounts correctly encrypt the conversion amount.
- * - **Pedersen Linkage Proof**: Verifies that the provided balance commitment
- *   correctly links to the holder's encrypted spending balance.
- * - **Bulletproof Range Proof**: Verifies that the remaining balance (after
- *   conversion) is non-negative, ensuring the holder has sufficient funds.
- *
- * @see ConfidentialMPTConvert, ConfidentialMPTSend
- */
-class ConfidentialMPTConvertBack : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit ConfidentialMPTConvertBack(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-}  // namespace xrpl

include/xrpl/tx/transactors/token/ConfidentialMPTMergeInbox.h

@@ -1,46 +0,0 @@
-#pragma once
-
-#include <xrpl/tx/Transactor.h>
-
-namespace xrpl {
-
-/**
- * @brief Merges the confidential inbox balance into the spending balance.
- *
- * In the confidential transfer system, incoming funds are deposited into an
- * "inbox" balance that the recipient cannot immediately spend. This prevents
- * front-running attacks where an attacker could invalidate a pending
- * transaction by sending funds to the sender. This transaction merges the
- * inbox into the spending balance, making those funds available for spending.
- *
- * @par Cryptographic Operations:
- * - **Homomorphic Addition**: Adds the encrypted inbox balance to the
- *   encrypted spending balance using ElGamal homomorphic properties.
- * - **Zero Encryption**: Resets the inbox to an encryption of zero.
- *
- * @note This transaction requires no zero-knowledge proofs because it only
- *       combines encrypted values that the holder already owns. The
- *       homomorphic properties of ElGamal encryption ensure correctness.
- *
- * @see ConfidentialMPTSend, ConfidentialMPTConvert
- */
-class ConfidentialMPTMergeInbox : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit ConfidentialMPTMergeInbox(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-}  // namespace xrpl

include/xrpl/tx/transactors/token/ConfidentialMPTSend.h

@@ -1,52 +0,0 @@
-#pragma once
-
-#include <xrpl/tx/Transactor.h>
-
-namespace xrpl {
-
-/**
- * @brief Transfers confidential MPT tokens between holders privately.
- *
- * This transaction enables private token transfers where the transfer amount
- * is hidden from public view. Both sender and recipient must have initialized
- * confidential balances. The transaction provides encrypted amounts for all
- * parties (sender, destination, issuer, and optionally auditor) along with
- * zero-knowledge proofs that verify correctness without revealing the amount.
- *
- * @par Cryptographic Operations:
- * - **Multi-Ciphertext Equality Proof**: Verifies that all encrypted amounts
- *   (sender, destination, issuer, auditor) encrypt the same plaintext value.
- * - **Amount Pedersen Linkage Proof**: Verifies that the amount commitment
- *   correctly links to the sender's encrypted amount.
- * - **Balance Pedersen Linkage Proof**: Verifies that the balance commitment
- *   correctly links to the sender's encrypted spending balance.
- * - **Bulletproof Range Proof**: Verifies remaining balance and
- *   transfer amount are non-negative.
- *
- * @note Funds are deposited into the destination's inbox, not spending
- *       balance. The recipient must call ConfidentialMPTMergeInbox to make
- *       received funds spendable.
- *
- * @see ConfidentialMPTMergeInbox, ConfidentialMPTConvert,
- * ConfidentialMPTConvertBack
- */
-class ConfidentialMPTSend : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit ConfidentialMPTSend(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-}  // namespace xrpl

sanitizers/suppressions/asan.supp

@@ -1,24 +1,6 @@
 # The idea is to empty this file gradually by fixing the underlying issues and removing suppressions.
 #
 # ASAN_OPTIONS="print_stacktrace=1:detect_container_overflow=0:suppressions=sanitizers/suppressions/asan.supp:halt_on_error=0"
-#
-# The detect_container_overflow=0 option disables false positives from:
-# - Boost intrusive containers (slist_iterator.hpp, hashtable.hpp, aged_unordered_container.h)
-# - Boost context/coroutine stack switching (Workers.cpp, thread.h)
-#
-# See: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow
-
-# Boost
-interceptor_name:boost/asio
-
-# Leaks in Doctest tests: xrpl.test.*
-interceptor_name:src/libxrpl/net/HTTPClient.cpp
-interceptor_name:src/libxrpl/net/RegisterSSLCerts.cpp
-interceptor_name:src/tests/libxrpl/net/HTTPClient.cpp
-interceptor_name:xrpl/net/AutoSocket.h
-interceptor_name:xrpl/net/HTTPClient.h
-interceptor_name:xrpl/net/HTTPClientSSLContext.h
-interceptor_name:xrpl/net/RegisterSSLCerts.h
 
 # Suppress false positive stack-buffer errors in thread stack allocation
 # Related to ASan's __asan_handle_no_return warnings (github.com/google/sanitizers/issues/189)

sanitizers/suppressions/lsan.supp

@@ -1,16 +1,5 @@
 # The idea is to empty this file gradually by fixing the underlying issues and removing suppresions.
 
-# Suppress leaks detected by asan in rippled code.
-leak:src/libxrpl/net/HTTPClient.cpp
-leak:src/libxrpl/net/RegisterSSLCerts.cpp
-leak:src/tests/libxrpl/net/HTTPClient.cpp
-leak:xrpl/net/AutoSocket.h
-leak:xrpl/net/HTTPClient.h
-leak:xrpl/net/HTTPClientSSLContext.h
-leak:xrpl/net/RegisterSSLCerts.h
-leak:ripple::HTTPClient
-leak:ripple::HTTPClientImp
-
 # Suppress leaks detected by asan in boost code.
 leak:boost::asio
 leak:boost/asio

sanitizers/suppressions/runtime-asan-options.txt

@@ -0,0 +1,8 @@
+detect_container_overflow=false
+detect_stack_use_after_return=false
+debug=true
+halt_on_error=false
+print_stats=true
+print_cmdline=true
+use_sigaltstack=0
+print_stacktrace=1

sanitizers/suppressions/runtime-lsan-options.txt

@@ -0,0 +1 @@
+halt_on_error=false

sanitizers/suppressions/runtime-tsan-options.txt

@@ -0,0 +1,3 @@
+halt_on_error=false
+verbosity=1
+second_deadlock_stack=1

sanitizers/suppressions/runtime-ubsan-options.txt

@@ -0,0 +1 @@
+halt_on_error=false

sanitizers/suppressions/sanitizer-ignorelist.txt

@@ -27,3 +27,11 @@ src:core/JobQueue.cpp
 src:libxrpl/beast/utility/beast_Journal.cpp
 src:test/beast/beast_PropertyStream_test.cpp
 src:src/test/app/Invariants_test.cpp
+
+# ASan false positive: stack-use-after-scope in ErrorCodes.h inline functions.
+# When Clang inlines the StaticString overloads (e.g. invalid_field_error(StaticString)),
+# ASan scope-poisons the temporary std::string before the inlined callee finishes reading
+# through the const ref. This corrupts the coroutine stack and crashes the Simulate test.
+# See asan.supp comments for full explanation and planned fix.
+[address]
+src:*ErrorCodes.h