Experiment: Always delete the root

This change moves two functions, `setVersion` and `getAPIVersionNumber`, from `RPCHelpers.h` to `ApiVersion.h`.

.github/actions/build-deps/action.yml

@@ -10,24 +10,40 @@ inputs:
   build_type:
     description: 'The build type to use ("Debug", "Release").'
     required: true
+  build_nproc:
+    description: "The number of processors to use for building."
+    required: true
   force_build:
     description: 'Force building of all dependencies ("true", "false").'
     required: false
     default: "false"
+  log_verbosity:
+    description: "The logging verbosity."
+    required: false
+    default: "verbose"
 
 runs:
   using: composite
   steps:
     - name: Install Conan dependencies
       shell: bash
+      env:
+        BUILD_DIR: ${{ inputs.build_dir }}
+        BUILD_NPROC: ${{ inputs.build_nproc }}
+        BUILD_OPTION: ${{ inputs.force_build == 'true' && '*' || 'missing' }}
+        BUILD_TYPE: ${{ inputs.build_type }}
+        LOG_VERBOSITY: ${{ inputs.log_verbosity }}
       run: |
         echo 'Installing dependencies.'
-        mkdir -p ${{ inputs.build_dir }}
-        cd ${{ inputs.build_dir }}
+        mkdir -p "${BUILD_DIR}"
+        cd "${BUILD_DIR}"
         conan install \
           --output-folder . \
-          --build ${{ inputs.force_build == 'true' && '"*"' || 'missing' }} \
-          --options:host '&:tests=True' \
-          --options:host '&:xrpld=True' \
-          --settings:all build_type=${{ inputs.build_type }} \
+          --build="${BUILD_OPTION}" \
+          --options:host='&:tests=True' \
+          --options:host='&:xrpld=True' \
+          --settings:all build_type="${BUILD_TYPE}" \
+          --conf:all tools.build:jobs=${BUILD_NPROC} \
+          --conf:all tools.build:verbosity="${LOG_VERBOSITY}" \
+          --conf:all tools.compilation:verbosity="${LOG_VERBOSITY}" \
           ..

.github/actions/build-test/action.yml

@@ -1,96 +0,0 @@
-# This action build and tests the binary. The Conan dependencies must have
-# already been installed (see the build-deps action).
-name: Build and Test
-description: "Build and test the binary."
-
-# Note that actions do not support 'type' and all inputs are strings, see
-# https://docs.github.com/en/actions/reference/workflows-and-actions/metadata-syntax#inputs.
-inputs:
-  build_dir:
-    description: "The directory where to build."
-    required: true
-  build_only:
-    description: 'Whether to only build or to build and test the code ("true", "false").'
-    required: false
-    default: "false"
-  build_type:
-    description: 'The build type to use ("Debug", "Release").'
-    required: true
-  cmake_args:
-    description: "Additional arguments to pass to CMake."
-    required: false
-    default: ""
-  cmake_target:
-    description: "The CMake target to build."
-    required: true
-  codecov_token:
-    description: "The Codecov token to use for uploading coverage reports."
-    required: false
-    default: ""
-  os:
-    description: 'The operating system to use for the build ("linux", "macos", "windows").'
-    required: true
-
-runs:
-  using: composite
-  steps:
-    - name: Configure CMake
-      shell: bash
-      working-directory: ${{ inputs.build_dir }}
-      run: |
-        echo 'Configuring CMake.'
-        cmake \
-          -G '${{ inputs.os == 'windows' && 'Visual Studio 17 2022' || 'Ninja' }}' \
-          -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake \
-          -DCMAKE_BUILD_TYPE=${{ inputs.build_type }} \
-          ${{ inputs.cmake_args }} \
-          ..
-    - name: Build the binary
-      shell: bash
-      working-directory: ${{ inputs.build_dir }}
-      run: |
-        echo 'Building binary.'
-        cmake \
-          --build . \
-          --config ${{ inputs.build_type }} \
-          --parallel $(nproc) \
-          --target ${{ inputs.cmake_target }}
-    - name: Check linking
-      if: ${{ inputs.os == 'linux' }}
-      shell: bash
-      working-directory: ${{ inputs.build_dir }}
-      run: |
-        echo 'Checking linking.'
-        ldd ./rippled
-        if [ "$(ldd ./rippled | grep -E '(libstdc\+\+|libgcc)' | wc -l)" -eq 0 ]; then
-          echo 'The binary is statically linked.'
-        else
-          echo 'The binary is dynamically linked.'
-          exit 1
-        fi
-    - name: Verify voidstar
-      if: ${{ contains(inputs.cmake_args, '-Dvoidstar=ON') }}
-      shell: bash
-      working-directory: ${{ inputs.build_dir }}
-      run: |
-        echo 'Verifying presence of instrumentation.'
-        ./rippled --version | grep libvoidstar
-    - name: Test the binary
-      if: ${{ inputs.build_only == 'false' }}
-      shell: bash
-      working-directory: ${{ inputs.build_dir }}/${{ inputs.os == 'windows' && inputs.build_type || '' }}
-      run: |
-        echo 'Testing binary.'
-        ./rippled --unittest --unittest-jobs $(nproc)
-        ctest -j $(nproc) --output-on-failure
-    - name: Upload coverage report
-      if: ${{ inputs.cmake_target == 'coverage' }}
-      uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
-      with:
-        disable_search: true
-        disable_telem: true
-        fail_ci_if_error: true
-        files: ${{ inputs.build_dir }}/coverage.xml
-        plugins: noop
-        token: ${{ inputs.codecov_token }}
-        verbose: true

.github/actions/print-env/action.yml

@@ -0,0 +1,43 @@
+name: Print build environment
+description: "Print environment and some tooling versions"
+
+runs:
+  using: composite
+  steps:
+    - name: Check configuration (Windows)
+      if: ${{ runner.os == 'Windows' }}
+      shell: bash
+      run: |
+        echo 'Checking environment variables.'
+        set
+
+        echo 'Checking CMake version.'
+        cmake --version
+
+        echo 'Checking Conan version.'
+        conan --version
+
+    - name: Check configuration (Linux and macOS)
+      if: ${{ runner.os == 'Linux' || runner.os == 'macOS' }}
+      shell: bash
+      run: |
+        echo 'Checking path.'
+        echo ${PATH} | tr ':' '\n'
+
+        echo 'Checking environment variables.'
+        env | sort
+
+        echo 'Checking CMake version.'
+        cmake --version
+
+        echo 'Checking compiler version.'
+        ${{ runner.os == 'Linux' && '${CC}' || 'clang' }} --version
+
+        echo 'Checking Conan version.'
+        conan --version
+
+        echo 'Checking Ninja version.'
+        ninja --version
+
+        echo 'Checking nproc version.'
+        nproc --version

.github/actions/setup-conan/action.yml

@@ -35,9 +35,12 @@ runs:
 
     - name: Set up Conan remote
       shell: bash
+      env:
+        CONAN_REMOTE_NAME: ${{ inputs.conan_remote_name }}
+        CONAN_REMOTE_URL: ${{ inputs.conan_remote_url }}
       run: |
-        echo "Adding Conan remote '${{ inputs.conan_remote_name }}' at ${{ inputs.conan_remote_url }}."
-        conan remote add --index 0 --force ${{ inputs.conan_remote_name }} ${{ inputs.conan_remote_url }}
+        echo "Adding Conan remote '${CONAN_REMOTE_NAME}' at '${CONAN_REMOTE_URL}'."
+        conan remote add --index 0 --force "${CONAN_REMOTE_NAME}" "${CONAN_REMOTE_URL}"
 
         echo 'Listing Conan remotes.'
         conan remote list

.github/scripts/levelization/README.md

@@ -72,15 +72,15 @@ It generates many files of [results](results):
   desired as described above. In a perfect repo, this file will be
   empty.
   This file is committed to the repo, and is used by the [levelization
-  Github workflow](../../workflows/check-levelization.yml) to validate
+  Github workflow](../../workflows/reusable-check-levelization.yml) to validate
   that nothing changed.
 - [`ordering.txt`](results/ordering.txt): A list showing relationships
   between modules where there are no loops as they actually exist, as
   opposed to how they are desired as described above.
   This file is committed to the repo, and is used by the [levelization
-  Github workflow](../../workflows/check-levelization.yml) to validate
+  Github workflow](../../workflows/reusable-check-levelization.yml) to validate
   that nothing changed.
-- [`levelization.yml`](../../workflows/check-levelization.yml)
+- [`levelization.yml`](../../workflows/reusable-check-levelization.yml)
   Github Actions workflow to test that levelization loops haven't
   changed. Unfortunately, if changes are detected, it can't tell if
   they are improvements or not, so if you have resolved any issues or

.github/scripts/levelization/results/loops.txt

@@ -17,7 +17,7 @@ Loop: xrpld.app xrpld.rpc
   xrpld.rpc > xrpld.app
 
 Loop: xrpld.app xrpld.shamap
-  xrpld.app > xrpld.shamap
+  xrpld.shamap ~= xrpld.app
 
 Loop: xrpld.core xrpld.perflog
   xrpld.perflog == xrpld.core

.github/scripts/levelization/results/ordering.txt

@@ -8,6 +8,10 @@ libxrpl.ledger > xrpl.ledger
 libxrpl.ledger > xrpl.protocol
 libxrpl.net > xrpl.basics
 libxrpl.net > xrpl.net
+libxrpl.nodestore > xrpl.basics
+libxrpl.nodestore > xrpl.json
+libxrpl.nodestore > xrpl.nodestore
+libxrpl.nodestore > xrpl.protocol
 libxrpl.protocol > xrpl.basics
 libxrpl.protocol > xrpl.json
 libxrpl.protocol > xrpl.protocol
@@ -18,6 +22,9 @@ libxrpl.server > xrpl.basics
 libxrpl.server > xrpl.json
 libxrpl.server > xrpl.protocol
 libxrpl.server > xrpl.server
+libxrpl.shamap > xrpl.basics
+libxrpl.shamap > xrpl.protocol
+libxrpl.shamap > xrpl.shamap
 test.app > test.jtx
 test.app > test.rpc
 test.app > test.toplevel
@@ -25,11 +32,11 @@ test.app > test.unit_test
 test.app > xrpl.basics
 test.app > xrpld.app
 test.app > xrpld.core
-test.app > xrpld.nodestore
 test.app > xrpld.overlay
 test.app > xrpld.rpc
 test.app > xrpl.json
 test.app > xrpl.ledger
+test.app > xrpl.nodestore
 test.app > xrpl.protocol
 test.app > xrpl.resource
 test.basics > test.jtx
@@ -86,8 +93,7 @@ test.nodestore > test.toplevel
 test.nodestore > test.unit_test
 test.nodestore > xrpl.basics
 test.nodestore > xrpld.core
-test.nodestore > xrpld.nodestore
-test.nodestore > xrpld.unity
+test.nodestore > xrpl.nodestore
 test.overlay > test.jtx
 test.overlay > test.toplevel
 test.overlay > test.unit_test
@@ -95,8 +101,8 @@ test.overlay > xrpl.basics
 test.overlay > xrpld.app
 test.overlay > xrpld.overlay
 test.overlay > xrpld.peerfinder
-test.overlay > xrpld.shamap
 test.overlay > xrpl.protocol
+test.overlay > xrpl.shamap
 test.peerfinder > test.beast
 test.peerfinder > test.unit_test
 test.peerfinder > xrpl.basics
@@ -131,17 +137,21 @@ test.server > xrpl.json
 test.server > xrpl.server
 test.shamap > test.unit_test
 test.shamap > xrpl.basics
-test.shamap > xrpld.nodestore
-test.shamap > xrpld.shamap
+test.shamap > xrpl.nodestore
 test.shamap > xrpl.protocol
+test.shamap > xrpl.shamap
 test.toplevel > test.csf
 test.toplevel > xrpl.json
 test.unit_test > xrpl.basics
 tests.libxrpl > xrpl.basics
+tests.libxrpl > xrpl.json
+tests.libxrpl > xrpl.net
 xrpl.json > xrpl.basics
 xrpl.ledger > xrpl.basics
 xrpl.ledger > xrpl.protocol
 xrpl.net > xrpl.basics
+xrpl.nodestore > xrpl.basics
+xrpl.nodestore > xrpl.protocol
 xrpl.protocol > xrpl.basics
 xrpl.protocol > xrpl.json
 xrpl.resource > xrpl.basics
@@ -150,17 +160,21 @@ xrpl.resource > xrpl.protocol
 xrpl.server > xrpl.basics
 xrpl.server > xrpl.json
 xrpl.server > xrpl.protocol
+xrpl.shamap > xrpl.basics
+xrpl.shamap > xrpl.nodestore
+xrpl.shamap > xrpl.protocol
 xrpld.app > test.unit_test
 xrpld.app > xrpl.basics
 xrpld.app > xrpld.conditions
 xrpld.app > xrpld.consensus
-xrpld.app > xrpld.nodestore
 xrpld.app > xrpld.perflog
 xrpld.app > xrpl.json
 xrpld.app > xrpl.ledger
 xrpld.app > xrpl.net
+xrpld.app > xrpl.nodestore
 xrpld.app > xrpl.protocol
 xrpld.app > xrpl.resource
+xrpld.app > xrpl.shamap
 xrpld.conditions > xrpl.basics
 xrpld.conditions > xrpl.protocol
 xrpld.consensus > xrpl.basics
@@ -170,11 +184,6 @@ xrpld.core > xrpl.basics
 xrpld.core > xrpl.json
 xrpld.core > xrpl.net
 xrpld.core > xrpl.protocol
-xrpld.nodestore > xrpl.basics
-xrpld.nodestore > xrpld.core
-xrpld.nodestore > xrpld.unity
-xrpld.nodestore > xrpl.json
-xrpld.nodestore > xrpl.protocol
 xrpld.overlay > xrpl.basics
 xrpld.overlay > xrpld.core
 xrpld.overlay > xrpld.peerfinder
@@ -190,13 +199,11 @@ xrpld.perflog > xrpl.basics
 xrpld.perflog > xrpl.json
 xrpld.rpc > xrpl.basics
 xrpld.rpc > xrpld.core
-xrpld.rpc > xrpld.nodestore
 xrpld.rpc > xrpl.json
 xrpld.rpc > xrpl.ledger
 xrpld.rpc > xrpl.net
+xrpld.rpc > xrpl.nodestore
 xrpld.rpc > xrpl.protocol
 xrpld.rpc > xrpl.resource
 xrpld.rpc > xrpl.server
-xrpld.shamap > xrpl.basics
-xrpld.shamap > xrpld.nodestore
-xrpld.shamap > xrpl.protocol
+xrpld.shamap > xrpl.shamap

.github/scripts/strategy-matrix/generate.py

@@ -74,14 +74,14 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
                     continue
 
             # RHEL:
-            # - 9.4 using GCC 12: Debug and Unity on linux/amd64.
-            # - 9.6 using Clang: Release and no Unity on linux/amd64.
+            # - 9 using GCC 12: Debug and Unity on linux/amd64.
+            # - 10 using Clang: Release and no Unity on linux/amd64.
             if os['distro_name'] == 'rhel':
                 skip = True
-                if os['distro_version'] == '9.4':
+                if os['distro_version'] == '9':
                     if f'{os['compiler_name']}-{os['compiler_version']}' == 'gcc-12' and build_type == 'Debug' and '-Dunity=ON' in cmake_args and architecture['platform'] == 'linux/amd64':
                         skip = False
-                elif os['distro_version'] == '9.6':
+                elif os['distro_version'] == '10':
                     if f'{os['compiler_name']}-{os['compiler_version']}' == 'clang-any' and build_type == 'Release' and '-Dunity=OFF' in cmake_args and architecture['platform'] == 'linux/amd64':
                         skip = False
                 if skip:
@@ -162,7 +162,7 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
             'config_name': config_name,
             'cmake_args': cmake_args,
             'cmake_target': cmake_target,
-            'build_only': 'true' if build_only else 'false',
+            'build_only': build_only,
             'build_type': build_type,
             'os': os,
             'architecture': architecture,

.github/scripts/strategy-matrix/linux.json

@@ -14,139 +14,169 @@
       "distro_name": "debian",
       "distro_version": "bookworm",
       "compiler_name": "gcc",
-      "compiler_version": "12"
+      "compiler_version": "12",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "debian",
       "distro_version": "bookworm",
       "compiler_name": "gcc",
-      "compiler_version": "13"
+      "compiler_version": "13",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "debian",
       "distro_version": "bookworm",
       "compiler_name": "gcc",
-      "compiler_version": "14"
+      "compiler_version": "14",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "debian",
       "distro_version": "bookworm",
       "compiler_name": "gcc",
-      "compiler_version": "15"
+      "compiler_version": "15",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "debian",
       "distro_version": "bookworm",
       "compiler_name": "clang",
-      "compiler_version": "16"
+      "compiler_version": "16",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "debian",
       "distro_version": "bookworm",
       "compiler_name": "clang",
-      "compiler_version": "17"
+      "compiler_version": "17",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "debian",
       "distro_version": "bookworm",
       "compiler_name": "clang",
-      "compiler_version": "18"
+      "compiler_version": "18",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "debian",
       "distro_version": "bookworm",
       "compiler_name": "clang",
-      "compiler_version": "19"
+      "compiler_version": "19",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "debian",
       "distro_version": "bookworm",
       "compiler_name": "clang",
-      "compiler_version": "20"
+      "compiler_version": "20",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "rhel",
-      "distro_version": "9.4",
+      "distro_version": "8",
       "compiler_name": "gcc",
-      "compiler_version": "12"
+      "compiler_version": "14",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "rhel",
-      "distro_version": "9.4",
-      "compiler_name": "gcc",
-      "compiler_version": "13"
-    },
-    {
-      "distro_name": "rhel",
-      "distro_version": "9.4",
-      "compiler_name": "gcc",
-      "compiler_version": "14"
-    },
-    {
-      "distro_name": "rhel",
-      "distro_version": "9.6",
-      "compiler_name": "gcc",
-      "compiler_version": "13"
-    },
-    {
-      "distro_name": "rhel",
-      "distro_version": "9.6",
-      "compiler_name": "gcc",
-      "compiler_version": "14"
-    },
-    {
-      "distro_name": "rhel",
-      "distro_version": "9.4",
+      "distro_version": "8",
       "compiler_name": "clang",
-      "compiler_version": "any"
+      "compiler_version": "any",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "rhel",
-      "distro_version": "9.6",
+      "distro_version": "9",
+      "compiler_name": "gcc",
+      "compiler_version": "12",
+      "image_sha": "97ba375"
+    },
+    {
+      "distro_name": "rhel",
+      "distro_version": "9",
+      "compiler_name": "gcc",
+      "compiler_version": "13",
+      "image_sha": "97ba375"
+    },
+    {
+      "distro_name": "rhel",
+      "distro_version": "9",
+      "compiler_name": "gcc",
+      "compiler_version": "14",
+      "image_sha": "97ba375"
+    },
+    {
+      "distro_name": "rhel",
+      "distro_version": "9",
       "compiler_name": "clang",
-      "compiler_version": "any"
+      "compiler_version": "any",
+      "image_sha": "97ba375"
+    },
+    {
+      "distro_name": "rhel",
+      "distro_version": "10",
+      "compiler_name": "gcc",
+      "compiler_version": "14",
+      "image_sha": "97ba375"
+    },
+    {
+      "distro_name": "rhel",
+      "distro_version": "10",
+      "compiler_name": "clang",
+      "compiler_version": "any",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "ubuntu",
       "distro_version": "jammy",
       "compiler_name": "gcc",
-      "compiler_version": "12"
+      "compiler_version": "12",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "ubuntu",
       "distro_version": "noble",
       "compiler_name": "gcc",
-      "compiler_version": "13"
+      "compiler_version": "13",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "ubuntu",
       "distro_version": "noble",
       "compiler_name": "gcc",
-      "compiler_version": "14"
+      "compiler_version": "14",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "ubuntu",
       "distro_version": "noble",
       "compiler_name": "clang",
-      "compiler_version": "16"
+      "compiler_version": "16",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "ubuntu",
       "distro_version": "noble",
       "compiler_name": "clang",
-      "compiler_version": "17"
+      "compiler_version": "17",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "ubuntu",
       "distro_version": "noble",
       "compiler_name": "clang",
-      "compiler_version": "18"
+      "compiler_version": "18",
+      "image_sha": "97ba375"
     },
     {
       "distro_name": "ubuntu",
       "distro_version": "noble",
       "compiler_name": "clang",
-      "compiler_version": "19"
+      "compiler_version": "19",
+      "image_sha": "97ba375"
     }
   ],
   "build_type": ["Debug", "Release"],

.github/scripts/strategy-matrix/macos.json

@@ -10,7 +10,8 @@
       "distro_name": "macos",
       "distro_version": "",
       "compiler_name": "",
-      "compiler_version": ""
+      "compiler_version": "",
+      "image_sha": ""
     }
   ],
   "build_type": ["Debug", "Release"],

.github/scripts/strategy-matrix/windows.json

@@ -10,7 +10,8 @@
       "distro_name": "windows",
       "distro_version": "",
       "compiler_name": "",
-      "compiler_version": ""
+      "compiler_version": "",
+      "image_sha": ""
     }
   ],
   "build_type": ["Debug", "Release"],

.github/workflows/build-test.yml

@@ -1,147 +0,0 @@
-# This workflow builds and tests the binary for various configurations.
-name: Build and test
-
-# This workflow can only be triggered by other workflows. Note that the
-# workflow_call event does not support the 'choice' input type, see
-# https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#onworkflow_callinputsinput_idtype,
-# so we use 'string' instead.
-on:
-  workflow_call:
-    inputs:
-      build_dir:
-        description: "The directory where to build."
-        required: false
-        type: string
-        default: ".build"
-      dependencies_force_build:
-        description: "Force building of all dependencies."
-        required: false
-        type: boolean
-        default: false
-      dependencies_force_upload:
-        description: "Force uploading of all dependencies."
-        required: false
-        type: boolean
-        default: false
-      os:
-        description: 'The operating system to use for the build ("linux", "macos", "windows").'
-        required: true
-        type: string
-      strategy_matrix:
-        # TODO: Support additional strategies, e.g. "ubuntu" for generating all Ubuntu configurations.
-        description: 'The strategy matrix to use for generating the configurations ("minimal", "all").'
-        required: false
-        type: string
-        default: "minimal"
-    secrets:
-      codecov_token:
-        description: "The Codecov token to use for uploading coverage reports."
-        required: false
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ inputs.os }}
-  cancel-in-progress: true
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  # Generate the strategy matrix to be used by the following job.
-  generate-matrix:
-    uses: ./.github/workflows/reusable-strategy-matrix.yml
-    with:
-      os: ${{ inputs.os }}
-      strategy_matrix: ${{ inputs.strategy_matrix }}
-
-  # Build and test the binary.
-  build-test:
-    needs:
-      - generate-matrix
-    strategy:
-      fail-fast: false
-      matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
-      max-parallel: 10
-    runs-on: ${{ matrix.architecture.runner }}
-    container: ${{ inputs.os == 'linux' && format('ghcr.io/xrplf/ci/{0}-{1}:{2}-{3}', matrix.os.distro_name, matrix.os.distro_version, matrix.os.compiler_name, matrix.os.compiler_version) || null }}
-    steps:
-      - name: Check strategy matrix
-        run: |
-          echo 'Operating system distro name: ${{ matrix.os.distro_name }}'
-          echo 'Operating system distro version: ${{ matrix.os.distro_version }}'
-          echo 'Operating system compiler name: ${{ matrix.os.compiler_name }}'
-          echo 'Operating system compiler version: ${{ matrix.os.compiler_version }}'
-          echo 'Architecture platform: ${{ matrix.architecture.platform }}'
-          echo 'Architecture runner: ${{ toJson(matrix.architecture.runner) }}'
-          echo 'Build type: ${{ matrix.build_type }}'
-          echo 'Build only: ${{ matrix.build_only }}'
-          echo 'CMake arguments: ${{ matrix.cmake_args }}'
-          echo 'CMake target: ${{ matrix.cmake_target }}'
-          echo 'Config name: ${{ matrix.config_name }}'
-
-      - name: Cleanup workspace
-        if: ${{ runner.os == 'macOS' }}
-        uses: XRPLF/actions/.github/actions/cleanup-workspace@3f044c7478548e3c32ff68980eeb36ece02b364e
-
-      - name: Checkout repository
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
-      - name: Prepare runner
-        uses: XRPLF/actions/.github/actions/prepare-runner@638e0dc11ea230f91bd26622fb542116bb5254d5
-        with:
-          disable_ccache: false
-
-      - name: Check configuration (Windows)
-        if: ${{ inputs.os == 'windows' }}
-        run: |
-          echo 'Checking environment variables.'
-          set
-
-          echo 'Checking CMake version.'
-          cmake --version
-
-          echo 'Checking Conan version.'
-          conan --version
-      - name: Check configuration (Linux and MacOS)
-        if: ${{ inputs.os == 'linux' || inputs.os == 'macos' }}
-        run: |
-          echo 'Checking path.'
-          echo ${PATH} | tr ':' '\n'
-
-          echo 'Checking environment variables.'
-          env | sort
-
-          echo 'Checking CMake version.'
-          cmake --version
-
-          echo 'Checking compiler version.'
-          ${{ inputs.os == 'linux' && '${CC}' || 'clang' }} --version
-
-          echo 'Checking Conan version.'
-          conan --version
-
-          echo 'Checking Ninja version.'
-          ninja --version
-
-          echo 'Checking nproc version.'
-          nproc --version
-
-      - name: Setup Conan
-        uses: ./.github/actions/setup-conan
-
-      - name: Build dependencies
-        uses: ./.github/actions/build-deps
-        with:
-          build_dir: ${{ inputs.build_dir }}
-          build_type: ${{ matrix.build_type }}
-          force_build: ${{ inputs.dependencies_force_build }}
-
-      - name: Build and test binary
-        uses: ./.github/actions/build-test
-        with:
-          build_dir: ${{ inputs.build_dir }}
-          build_only: ${{ matrix.build_only }}
-          build_type: ${{ matrix.build_type }}
-          cmake_args: ${{ matrix.cmake_args }}
-          cmake_target: ${{ matrix.cmake_target }}
-          codecov_token: ${{ secrets.codecov_token }}
-          os: ${{ inputs.os }}

.github/workflows/on-pr.yml

@@ -50,8 +50,8 @@ jobs:
           files: |
             # These paths are unique to `on-pr.yml`.
             .github/scripts/levelization/**
-            .github/workflows/check-levelization.yml
-            .github/workflows/notify-clio.yml
+            .github/workflows/reusable-check-levelization.yml
+            .github/workflows/reusable-notify-clio.yml
             .github/workflows/on-pr.yml
 
             # Keep the paths below in sync with those in `on-trigger.yml`.
@@ -59,8 +59,11 @@ jobs:
             .github/actions/build-test/**
             .github/actions/setup-conan/**
             .github/scripts/strategy-matrix/**
-            .github/workflows/build-test.yml
+            .github/workflows/reusable-build.yml
+            .github/workflows/reusable-build-test-config.yml
+            .github/workflows/reusable-build-test.yml
             .github/workflows/reusable-strategy-matrix.yml
+            .github/workflows/reusable-test.yml
             .codecov.yml
             cmake/**
             conan/**
@@ -93,26 +96,27 @@ jobs:
   check-levelization:
     needs: should-run
     if: ${{ needs.should-run.outputs.go == 'true' }}
-    uses: ./.github/workflows/check-levelization.yml
+    uses: ./.github/workflows/reusable-check-levelization.yml
 
   build-test:
     needs: should-run
     if: ${{ needs.should-run.outputs.go == 'true' }}
-    uses: ./.github/workflows/build-test.yml
+    uses: ./.github/workflows/reusable-build-test.yml
     strategy:
+      fail-fast: false
       matrix:
         os: [linux, macos, windows]
     with:
       os: ${{ matrix.os }}
     secrets:
-      codecov_token: ${{ secrets.CODECOV_TOKEN }}
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
   notify-clio:
     needs:
       - should-run
       - build-test
     if: ${{ needs.should-run.outputs.go == 'true' && contains(fromJSON('["release", "master"]'), github.ref_name) }}
-    uses: ./.github/workflows/notify-clio.yml
+    uses: ./.github/workflows/reusable-notify-clio.yml
     secrets:
       clio_notify_token: ${{ secrets.CLIO_NOTIFY_TOKEN }}
       conan_remote_username: ${{ secrets.CONAN_REMOTE_USERNAME }}

.github/workflows/on-trigger.yml

@@ -9,12 +9,12 @@ name: Trigger
 on:
   push:
     branches:
-      - develop
-      - release
-      - master
+      - "develop"
+      - "release*"
+      - "master"
     paths:
       # These paths are unique to `on-trigger.yml`.
-      - ".github/workflows/check-missing-commits.yml"
+      - ".github/workflows/reusable-check-missing-commits.yml"
       - ".github/workflows/on-trigger.yml"
       - ".github/workflows/publish-docs.yml"
 
@@ -23,8 +23,11 @@ on:
       - ".github/actions/build-test/**"
       - ".github/actions/setup-conan/**"
       - ".github/scripts/strategy-matrix/**"
-      - ".github/workflows/build-test.yml"
+      - ".github/workflows/reusable-build.yml"
+      - ".github/workflows/reusable-build-test-config.yml"
+      - ".github/workflows/reusable-build-test.yml"
       - ".github/workflows/reusable-strategy-matrix.yml"
+      - ".github/workflows/reusable-test.yml"
       - ".codecov.yml"
       - "cmake/**"
       - "conan/**"
@@ -43,25 +46,16 @@ on:
   schedule:
     - cron: "32 6 * * 1-5"
 
-  # Run when manually triggered via the GitHub UI or API. If `force_upload` is
-  # true, then the dependencies that were missing (`force_rebuild` is false) or
-  # rebuilt (`force_rebuild` is true) will be uploaded, overwriting existing
-  # dependencies if needed.
+  # Run when manually triggered via the GitHub UI or API.
   workflow_dispatch:
-    inputs:
-      dependencies_force_build:
-        description: "Force building of all dependencies."
-        required: false
-        type: boolean
-        default: false
-      dependencies_force_upload:
-        description: "Force uploading of all dependencies."
-        required: false
-        type: boolean
-        default: false
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
+  # When a PR is merged into the develop branch it will be assigned a unique
+  # group identifier, so execution will continue even if another PR is merged
+  # while it is still running. In all other cases the group identifier is shared
+  # per branch, so that any in-progress runs are cancelled when a new commit is
+  # pushed.
+  group: ${{ github.workflow }}-${{ github.event_name == 'push' && github.ref == 'refs/heads/develop' && github.sha || github.ref }}
   cancel-in-progress: true
 
 defaults:
@@ -71,15 +65,16 @@ defaults:
 jobs:
   check-missing-commits:
     if: ${{ github.event_name == 'push' && github.ref_type == 'branch' && contains(fromJSON('["develop", "release"]'), github.ref_name) }}
-    uses: ./.github/workflows/check-missing-commits.yml
+    uses: ./.github/workflows/reusable-check-missing-commits.yml
 
   build-test:
-    uses: ./.github/workflows/build-test.yml
+    uses: ./.github/workflows/reusable-build-test.yml
     strategy:
+      fail-fast: ${{ github.event_name == 'merge_group' }}
       matrix:
         os: [linux, macos, windows]
     with:
       os: ${{ matrix.os }}
       strategy_matrix: ${{ github.event_name == 'schedule' && 'all' || 'minimal' }}
     secrets:
-      codecov_token: ${{ secrets.CODECOV_TOKEN }}
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/pre-commit.yml

@@ -7,8 +7,9 @@ on:
   workflow_dispatch:
 
 jobs:
+  # Call the workflow in the XRPLF/actions repo that runs the pre-commit hooks.
   run-hooks:
-    uses: XRPLF/actions/.github/workflows/pre-commit.yml@af1b0f0d764cda2e5435f5ac97b240d4bd4d95d3
+    uses: XRPLF/actions/.github/workflows/pre-commit.yml@34790936fae4c6c751f62ec8c06696f9c1a5753a
     with:
       runs_on: ubuntu-latest
-      container: '{ "image": "ghcr.io/xrplf/ci/tools-rippled-pre-commit" }'
+      container: '{ "image": "ghcr.io/xrplf/ci/tools-rippled-pre-commit:sha-a8c7be1" }'

.github/workflows/publish-docs.yml

@@ -23,16 +23,24 @@ defaults:
 
 env:
   BUILD_DIR: .build
+  NPROC_SUBTRACT: 2
 
 jobs:
   publish:
     runs-on: ubuntu-latest
-    container: ghcr.io/xrplf/ci/tools-rippled-documentation
+    container: ghcr.io/xrplf/ci/tools-rippled-documentation:sha-a8c7be1
     permissions:
       contents: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Get number of processors
+        uses: XRPLF/actions/.github/actions/get-nproc@046b1620f6bfd6cd0985dc82c3df02786801fe0a
+        id: nproc
+        with:
+          subtract: ${{ env.NPROC_SUBTRACT }}
+
       - name: Check configuration
         run: |
           echo 'Checking path.'
@@ -46,12 +54,16 @@ jobs:
 
           echo 'Checking Doxygen version.'
           doxygen --version
+
       - name: Build documentation
+        env:
+          BUILD_NPROC: ${{ steps.nproc.outputs.nproc }}
         run: |
-          mkdir -p ${{ env.BUILD_DIR }}
-          cd ${{ env.BUILD_DIR }}
+          mkdir -p "${BUILD_DIR}"
+          cd "${BUILD_DIR}"
           cmake -Donly_docs=ON ..
-          cmake --build . --target docs --parallel $(nproc)
+          cmake --build . --target docs --parallel ${BUILD_NPROC}
+
       - name: Publish documentation
         if: ${{ github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch }}
         uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0

.github/workflows/reusable-build-test-config.yml

@@ -0,0 +1,77 @@
+name: Build and test configuration
+
+on:
+  workflow_call:
+    inputs:
+      build_dir:
+        description: "The directory where to build."
+        required: true
+        type: string
+      build_only:
+        description: 'Whether to only build or to build and test the code ("true", "false").'
+        required: true
+        type: boolean
+      build_type:
+        description: 'The build type to use ("Debug", "Release").'
+        type: string
+        required: true
+      cmake_args:
+        description: "Additional arguments to pass to CMake."
+        required: false
+        type: string
+        default: ""
+      cmake_target:
+        description: "The CMake target to build."
+        type: string
+        required: true
+
+      runs_on:
+        description: Runner to run the job on as a JSON string
+        required: true
+        type: string
+      image:
+        description: "The image to run in (leave empty to run natively)"
+        required: true
+        type: string
+
+      config_name:
+        description: "The configuration string (used for naming artifacts and such)."
+        required: true
+        type: string
+
+      nproc_subtract:
+        description: "The number of processors to subtract when calculating parallelism."
+        required: false
+        type: number
+        default: 2
+
+    secrets:
+      CODECOV_TOKEN:
+        description: "The Codecov token to use for uploading coverage reports."
+        required: true
+
+jobs:
+  build:
+    uses: ./.github/workflows/reusable-build.yml
+    with:
+      build_dir: ${{ inputs.build_dir }}
+      build_type: ${{ inputs.build_type }}
+      cmake_args: ${{ inputs.cmake_args }}
+      cmake_target: ${{ inputs.cmake_target }}
+      runs_on: ${{ inputs.runs_on }}
+      image: ${{ inputs.image }}
+      config_name: ${{ inputs.config_name }}
+      nproc_subtract: ${{ inputs.nproc_subtract }}
+    secrets:
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
+  test:
+    needs: build
+    uses: ./.github/workflows/reusable-test.yml
+    with:
+      run_tests: ${{ !inputs.build_only }}
+      verify_voidstar: ${{ contains(inputs.cmake_args, '-Dvoidstar=ON') }}
+      runs_on: ${{ inputs.runs_on }}
+      image: ${{ inputs.image }}
+      config_name: ${{ inputs.config_name }}
+      nproc_subtract: ${{ inputs.nproc_subtract }}

.github/workflows/reusable-build-test.yml

@@ -0,0 +1,58 @@
+# This workflow builds and tests the binary for various configurations.
+name: Build and test
+
+# This workflow can only be triggered by other workflows. Note that the
+# workflow_call event does not support the 'choice' input type, see
+# https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#onworkflow_callinputsinput_idtype,
+# so we use 'string' instead.
+on:
+  workflow_call:
+    inputs:
+      build_dir:
+        description: "The directory where to build."
+        required: false
+        type: string
+        default: ".build"
+      os:
+        description: 'The operating system to use for the build ("linux", "macos", "windows").'
+        required: true
+        type: string
+      strategy_matrix:
+        # TODO: Support additional strategies, e.g. "ubuntu" for generating all Ubuntu configurations.
+        description: 'The strategy matrix to use for generating the configurations ("minimal", "all").'
+        required: false
+        type: string
+        default: "minimal"
+    secrets:
+      CODECOV_TOKEN:
+        description: "The Codecov token to use for uploading coverage reports."
+        required: true
+
+jobs:
+  # Generate the strategy matrix to be used by the following job.
+  generate-matrix:
+    uses: ./.github/workflows/reusable-strategy-matrix.yml
+    with:
+      os: ${{ inputs.os }}
+      strategy_matrix: ${{ inputs.strategy_matrix }}
+
+  # Build and test the binary for each configuration.
+  build-test-config:
+    needs:
+      - generate-matrix
+    uses: ./.github/workflows/reusable-build-test-config.yml
+    strategy:
+      fail-fast: ${{ github.event_name == 'merge_group' }}
+      matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
+      max-parallel: 10
+    with:
+      build_dir: ${{ inputs.build_dir }}
+      build_only: ${{ matrix.build_only }}
+      build_type: ${{ matrix.build_type }}
+      cmake_args: ${{ matrix.cmake_args }}
+      cmake_target: ${{ matrix.cmake_target }}
+      runs_on: ${{ toJSON(matrix.architecture.runner) }}
+      image: ${{ contains(matrix.architecture.platform, 'linux') && format('ghcr.io/xrplf/ci/{0}-{1}:{2}-{3}-sha-{4}', matrix.os.distro_name, matrix.os.distro_version, matrix.os.compiler_name, matrix.os.compiler_version, matrix.os.image_sha) || '' }}
+      config_name: ${{ matrix.config_name }}
+    secrets:
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/reusable-build.yml

@@ -0,0 +1,154 @@
+name: Build rippled
+
+on:
+  workflow_call:
+    inputs:
+      build_dir:
+        description: "The directory where to build."
+        required: true
+        type: string
+      build_type:
+        description: 'The build type to use ("Debug", "Release").'
+        required: true
+        type: string
+      cmake_args:
+        description: "Additional arguments to pass to CMake."
+        required: true
+        type: string
+      cmake_target:
+        description: "The CMake target to build."
+        required: true
+        type: string
+
+      runs_on:
+        description: Runner to run the job on as a JSON string
+        required: true
+        type: string
+      image:
+        description: "The image to run in (leave empty to run natively)"
+        required: true
+        type: string
+
+      config_name:
+        description: "The name of the configuration."
+        required: true
+        type: string
+
+      nproc_subtract:
+        description: "The number of processors to subtract when calculating parallelism."
+        required: true
+        type: number
+
+    secrets:
+      CODECOV_TOKEN:
+        description: "The Codecov token to use for uploading coverage reports."
+        required: true
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  build:
+    name: Build ${{ inputs.config_name }}
+    runs-on: ${{ fromJSON(inputs.runs_on) }}
+    container: ${{ inputs.image != '' && inputs.image || null }}
+    timeout-minutes: 60
+    steps:
+      - name: Cleanup workspace
+        if: ${{ runner.os == 'macOS' }}
+        uses: XRPLF/actions/.github/actions/cleanup-workspace@3f044c7478548e3c32ff68980eeb36ece02b364e
+
+      - name: Checkout repository
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Prepare runner
+        uses: XRPLF/actions/.github/actions/prepare-runner@99685816bb60a95a66852f212f382580e180df3a
+        with:
+          disable_ccache: false
+
+      - name: Print build environment
+        uses: ./.github/actions/print-env
+
+      - name: Get number of processors
+        uses: XRPLF/actions/.github/actions/get-nproc@046b1620f6bfd6cd0985dc82c3df02786801fe0a
+        id: nproc
+        with:
+          subtract: ${{ inputs.nproc_subtract }}
+
+      - name: Setup Conan
+        uses: ./.github/actions/setup-conan
+
+      - name: Build dependencies
+        uses: ./.github/actions/build-deps
+        with:
+          build_dir: ${{ inputs.build_dir }}
+          build_nproc: ${{ steps.nproc.outputs.nproc }}
+          build_type: ${{ inputs.build_type }}
+          # Set the verbosity to "quiet" for Windows to avoid an excessive
+          # amount of logs. For other OSes, the "verbose" logs are more useful.
+          log_verbosity: ${{ runner.os == 'Windows' && 'quiet' || 'verbose' }}
+
+      - name: Configure CMake
+        shell: bash
+        working-directory: ${{ inputs.build_dir }}
+        env:
+          BUILD_TYPE: ${{ inputs.build_type }}
+          CMAKE_ARGS: ${{ inputs.cmake_args }}
+        run: |
+          cmake \
+            -G '${{ runner.os == 'Windows' && 'Visual Studio 17 2022' || 'Ninja' }}' \
+            -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake \
+            -DCMAKE_BUILD_TYPE="${BUILD_TYPE}" \
+            ${CMAKE_ARGS} \
+            ..
+
+      - name: Build the binary
+        shell: bash
+        working-directory: ${{ inputs.build_dir }}
+        env:
+          BUILD_NPROC: ${{ steps.nproc.outputs.nproc }}
+          BUILD_TYPE: ${{ inputs.build_type }}
+          CMAKE_TARGET: ${{ inputs.cmake_target }}
+        run: |
+          cmake \
+            --build . \
+            --config "${BUILD_TYPE}" \
+            --parallel ${BUILD_NPROC} \
+            --target "${CMAKE_TARGET}"
+
+      - name: Put built binaries in one location
+        shell: bash
+        working-directory: ${{ inputs.build_dir }}
+        env:
+          BUILD_TYPE_DIR: ${{ runner.os == 'Windows' && inputs.build_type || '' }}
+          CMAKE_TARGET: ${{ inputs.cmake_target }}
+        run: |
+          mkdir -p ./binaries/doctest/
+
+          cp ./${BUILD_TYPE_DIR}/rippled* ./binaries/
+          if [ "${CMAKE_TARGET}" != 'coverage' ]; then
+            cp ./src/tests/libxrpl/${BUILD_TYPE_DIR}/xrpl.test.* ./binaries/doctest/
+          fi
+
+      - name: Upload rippled artifact
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        env:
+          BUILD_DIR: ${{ inputs.build_dir }}
+        with:
+          name: rippled-${{ inputs.config_name }}
+          path: ${{ env.BUILD_DIR }}/binaries/
+          retention-days: 3
+          if-no-files-found: error
+
+      - name: Upload coverage report
+        if: ${{ github.repository_owner == 'XRPLF' && inputs.cmake_target == 'coverage' }}
+        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        with:
+          disable_search: true
+          disable_telem: true
+          fail_ci_if_error: true
+          files: ${{ inputs.build_dir }}/coverage.xml
+          plugins: noop
+          token: ${{ secrets.CODECOV_TOKEN }}
+          verbose: true

.github/workflows/reusable-notify-clio.yml

@@ -40,47 +40,52 @@ jobs:
   upload:
     if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
     runs-on: ubuntu-latest
-    container: ghcr.io/xrplf/ci/ubuntu-noble:gcc-13
+    container: ghcr.io/xrplf/ci/ubuntu-noble:gcc-13-sha-5dd7158
     steps:
       - name: Checkout repository
         uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
       - name: Generate outputs
         id: generate
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
         run: |
           echo 'Generating user and channel.'
           echo "user=clio" >> "${GITHUB_OUTPUT}"
-          echo "channel=pr_${{ github.event.pull_request.number }}" >> "${GITHUB_OUTPUT}"
+          echo "channel=pr_${PR_NUMBER}" >> "${GITHUB_OUTPUT}"
           echo 'Extracting version.'
           echo "version=$(cat src/libxrpl/protocol/BuildInfo.cpp | grep "versionString =" | awk -F '"' '{print $2}')" >> "${GITHUB_OUTPUT}"
       - name: Calculate conan reference
         id: conan_ref
         run: |
           echo "conan_ref=${{ steps.generate.outputs.version }}@${{ steps.generate.outputs.user }}/${{ steps.generate.outputs.channel }}" >> "${GITHUB_OUTPUT}"
-
       - name: Set up Conan
         uses: ./.github/actions/setup-conan
         with:
           conan_remote_name: ${{ inputs.conan_remote_name }}
           conan_remote_url: ${{ inputs.conan_remote_url }}
-
       - name: Log into Conan remote
-        run: conan remote login ${{ inputs.conan_remote_name }} "${{ secrets.conan_remote_username }}" --password "${{ secrets.conan_remote_password }}"
+        env:
+          CONAN_REMOTE_NAME: ${{ inputs.conan_remote_name }}
+        run: conan remote login "${CONAN_REMOTE_NAME}" "${{ secrets.conan_remote_username }}" --password "${{ secrets.conan_remote_password }}"
       - name: Upload package
+        env:
+          CONAN_REMOTE_NAME: ${{ inputs.conan_remote_name }}
         run: |
           conan export --user=${{ steps.generate.outputs.user }} --channel=${{ steps.generate.outputs.channel }} .
-          conan upload --confirm --check --remote=${{ inputs.conan_remote_name }} xrpl/${{ steps.conan_ref.outputs.conan_ref }}
+          conan upload --confirm --check --remote="${CONAN_REMOTE_NAME}" xrpl/${{ steps.conan_ref.outputs.conan_ref }}
     outputs:
       conan_ref: ${{ steps.conan_ref.outputs.conan_ref }}
 
   notify:
     needs: upload
     runs-on: ubuntu-latest
-    env:
-      GH_TOKEN: ${{ secrets.clio_notify_token }}
     steps:
       - name: Notify Clio
+        env:
+          GH_TOKEN: ${{ secrets.clio_notify_token }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
         run: |
           gh api --method POST -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \
           /repos/xrplf/clio/dispatches -f "event_type=check_libxrpl" \
           -F "client_payload[conan_ref]=${{ needs.upload.outputs.conan_ref }}" \
-          -F "client_payload[pr_url]=${{ github.event.pull_request.html_url }}"
+          -F "client_payload[pr_url]=${PR_URL}"

.github/workflows/reusable-strategy-matrix.yml

@@ -35,4 +35,7 @@ jobs:
       - name: Generate strategy matrix
         working-directory: .github/scripts/strategy-matrix
         id: generate
-        run: ./generate.py ${{ inputs.strategy_matrix == 'all' && '--all' || '' }} ${{ inputs.os != '' && format('--config={0}.json', inputs.os) || '' }} >> "${GITHUB_OUTPUT}"
+        env:
+          GENERATE_CONFIG: ${{ inputs.os != '' && format('--config={0}.json', inputs.os) || '' }}
+          GENERATE_OPTION: ${{ inputs.strategy_matrix == 'all' && '--all' || '' }}
+        run: ./generate.py ${GENERATE_OPTION} ${GENERATE_CONFIG} >> "${GITHUB_OUTPUT}"

.github/workflows/reusable-test.yml

@@ -0,0 +1,111 @@
+name: Test rippled
+
+on:
+  workflow_call:
+    inputs:
+      verify_voidstar:
+        description: "Whether to verify the presence of voidstar instrumentation."
+        required: true
+        type: boolean
+      run_tests:
+        description: "Whether to run unit tests"
+        required: true
+        type: boolean
+
+      runs_on:
+        description: Runner to run the job on as a JSON string
+        required: true
+        type: string
+      image:
+        description: "The image to run in (leave empty to run natively)"
+        required: true
+        type: string
+
+      config_name:
+        description: "The name of the configuration."
+        required: true
+        type: string
+
+      nproc_subtract:
+        description: "The number of processors to subtract when calculating parallelism."
+        required: true
+        type: number
+
+jobs:
+  test:
+    name: Test ${{ inputs.config_name }}
+    runs-on: ${{ fromJSON(inputs.runs_on) }}
+    container: ${{ inputs.image != '' && inputs.image || null }}
+    timeout-minutes: 30
+    steps:
+      - name: Cleanup workspace
+        if: ${{ runner.os == 'macOS' }}
+        uses: XRPLF/actions/.github/actions/cleanup-workspace@3f044c7478548e3c32ff68980eeb36ece02b364e
+
+      - name: Get number of processors
+        uses: XRPLF/actions/.github/actions/get-nproc@046b1620f6bfd6cd0985dc82c3df02786801fe0a
+        id: nproc
+        with:
+          subtract: ${{ inputs.nproc_subtract }}
+
+      - name: Download rippled artifact
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          name: rippled-${{ inputs.config_name }}
+
+      - name: Make binary executable (Linux and macOS)
+        shell: bash
+        if: ${{ runner.os == 'Linux' || runner.os == 'macOS' }}
+        run: |
+          chmod +x ./rippled
+
+      - name: Check linking (Linux)
+        if: ${{ runner.os == 'Linux' }}
+        shell: bash
+        run: |
+          ldd ./rippled
+          if [ "$(ldd ./rippled | grep -E '(libstdc\+\+|libgcc)' | wc -l)" -eq 0 ]; then
+            echo 'The binary is statically linked.'
+          else
+            echo 'The binary is dynamically linked.'
+            exit 1
+          fi
+
+      - name: Verifying presence of instrumentation
+        if: ${{ inputs.verify_voidstar }}
+        shell: bash
+        run: |
+          ./rippled --version | grep libvoidstar
+
+      - name: Run the embedded tests
+        if: ${{ inputs.run_tests }}
+        shell: bash
+        env:
+          BUILD_NPROC: ${{ steps.nproc.outputs.nproc }}
+        run: |
+          ./rippled --unittest --unittest-jobs ${BUILD_NPROC}
+
+      - name: Run the separate tests
+        if: ${{ inputs.run_tests }}
+        env:
+          EXT: ${{ runner.os == 'Windows' && '.exe' || '' }}
+        shell: bash
+        run: |
+          for test_file in ./doctest/*${EXT}; do
+            echo "Executing $test_file"
+            chmod +x "$test_file"
+            if [[ "${{ runner.os }}" == "Windows" && "$test_file" == "./doctest/xrpl.test.net.exe" ]]; then
+              echo "Skipping $test_file on Windows"
+            else
+              "$test_file"
+            fi
+          done
+
+      - name: Debug failure (Linux)
+        if: ${{ failure() && runner.os == 'Linux' && inputs.run_tests }}
+        shell: bash
+        run: |
+          echo "IPv4 local port range:"
+          cat /proc/sys/net/ipv4/ip_local_port_range
+          echo "Netstat:"
+          netstat -an

.github/workflows/upload-conan-deps.yml

@@ -24,30 +24,30 @@ on:
     branches: [develop]
     paths:
       - .github/workflows/upload-conan-deps.yml
-
       - .github/workflows/reusable-strategy-matrix.yml
-
       - .github/actions/build-deps/action.yml
       - .github/actions/setup-conan/action.yml
       - ".github/scripts/strategy-matrix/**"
-
       - conanfile.py
       - conan.lock
 
 env:
   CONAN_REMOTE_NAME: xrplf
   CONAN_REMOTE_URL: https://conan.ripplex.io
+  NPROC_SUBTRACT: 2
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
+  # Generate the strategy matrix to be used by the following job.
   generate-matrix:
     uses: ./.github/workflows/reusable-strategy-matrix.yml
     with:
       strategy_matrix: ${{ github.event_name == 'pull_request' && 'minimal' || 'all' }}
 
+  # Build and upload the dependencies for each configuration.
   run-upload-conan-deps:
     needs:
       - generate-matrix
@@ -56,19 +56,29 @@ jobs:
       matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
       max-parallel: 10
     runs-on: ${{ matrix.architecture.runner }}
-    container: ${{ contains(matrix.architecture.platform, 'linux') && format('ghcr.io/xrplf/ci/{0}-{1}:{2}-{3}', matrix.os.distro_name, matrix.os.distro_version, matrix.os.compiler_name, matrix.os.compiler_version) || null }}
-
+    container: ${{ contains(matrix.architecture.platform, 'linux') && format('ghcr.io/xrplf/ci/{0}-{1}:{2}-{3}-sha-{4}', matrix.os.distro_name, matrix.os.distro_version, matrix.os.compiler_name, matrix.os.compiler_version, matrix.os.image_sha) || null }}
     steps:
       - name: Cleanup workspace
         if: ${{ runner.os == 'macOS' }}
         uses: XRPLF/actions/.github/actions/cleanup-workspace@3f044c7478548e3c32ff68980eeb36ece02b364e
 
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - name: Checkout repository
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
       - name: Prepare runner
-        uses: XRPLF/actions/.github/actions/prepare-runner@638e0dc11ea230f91bd26622fb542116bb5254d5
+        uses: XRPLF/actions/.github/actions/prepare-runner@99685816bb60a95a66852f212f382580e180df3a
         with:
           disable_ccache: false
 
+      - name: Print build environment
+        uses: ./.github/actions/print-env
+
+      - name: Get number of processors
+        uses: XRPLF/actions/.github/actions/get-nproc@046b1620f6bfd6cd0985dc82c3df02786801fe0a
+        id: nproc
+        with:
+          subtract: ${{ env.NPROC_SUBTRACT }}
+
       - name: Setup Conan
         uses: ./.github/actions/setup-conan
         with:
@@ -79,13 +89,19 @@ jobs:
         uses: ./.github/actions/build-deps
         with:
           build_dir: .build
+          build_nproc: ${{ steps.nproc.outputs.nproc }}
           build_type: ${{ matrix.build_type }}
           force_build: ${{ github.event_name == 'schedule' || github.event.inputs.force_source_build == 'true' }}
+          # Set the verbosity to "quiet" for Windows to avoid an excessive
+          # amount of logs. For other OSes, the "verbose" logs are more useful.
+          log_verbosity: ${{ runner.os == 'Windows' && 'quiet' || 'verbose' }}
 
       - name: Log into Conan remote
-        if: ${{ github.repository_owner == 'XRPLF' && github.event_name != 'pull_request' }}
-        run: conan remote login ${{ env.CONAN_REMOTE_NAME }} "${{ secrets.CONAN_REMOTE_USERNAME }}" --password "${{ secrets.CONAN_REMOTE_PASSWORD }}"
+        if: ${{ github.repository_owner == 'XRPLF' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}
+        run: conan remote login "${CONAN_REMOTE_NAME}" "${{ secrets.CONAN_REMOTE_USERNAME }}" --password "${{ secrets.CONAN_REMOTE_PASSWORD }}"
 
       - name: Upload Conan packages
-        if: ${{ github.repository_owner == 'XRPLF' && github.event_name != 'pull_request' && github.event_name != 'schedule' }}
-        run: conan upload "*" -r=${{ env.CONAN_REMOTE_NAME }} --confirm ${{ github.event.inputs.force_upload == 'true' && '--force' || '' }}
+        if: ${{ github.repository_owner == 'XRPLF' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}
+        env:
+          FORCE_OPTION: ${{ github.event.inputs.force_upload == 'true' && '--force' || '' }}
+        run: conan upload "*" --remote="${CONAN_REMOTE_NAME}" --confirm ${FORCE_OPTION}

BUILD.md

@@ -39,17 +39,12 @@ found here](./docs/build/environment.md).
 
 - [Python 3.11](https://www.python.org/downloads/), or higher
 - [Conan 2.17](https://conan.io/downloads.html)[^1], or higher
-- [CMake 3.22](https://cmake.org/download/)[^2], or higher
+- [CMake 3.22](https://cmake.org/download/), or higher
 
 [^1]:
     It is possible to build with Conan 1.60+, but the instructions are
     significantly different, which is why we are not recommending it.
 
-[^2]:
-    CMake 4 is not yet supported by all dependencies required by this project.
-    If you are affected by this issue, follow [conan workaround for cmake
-    4](#workaround-for-cmake-4)
-
 `rippled` is written in the C++20 dialect and includes the `<concepts>` header.
 The [minimum compiler versions][2] required are:
 
@@ -282,21 +277,6 @@ sed -i.bak -e 's|^arch=.*$|arch=x86_64|' $(conan config home)/profiles/default
 sed -i.bak -e 's|^compiler\.runtime=.*$|compiler.runtime=static|' $(conan config home)/profiles/default
 ```
 
-#### Workaround for CMake 4
-
-If your system CMake is version 4 rather than 3, you may have to configure Conan
-profile to use CMake version 3 for dependencies, by adding the following two
-lines to your profile:
-
-```text
-[tool_requires]
-!cmake/*: cmake/[>=3 <4]
-```
-
-This will force Conan to download and use a locally cached CMake 3 version, and
-is needed because some of the dependencies used by this project do not support
-CMake 4.
-
 #### Clang workaround for grpc
 
 If your compiler is clang, version 19 or later, or apple-clang, version 17 or

cfg/rippled-example.cfg

@@ -975,6 +975,47 @@
 #                           number of ledger records online. Must be greater
 #                           than or equal to ledger_history.
 #
+#   Optional keys for NuDB only:
+#
+#       nudb_block_size     EXPERIMENTAL: Block size in bytes for NuDB storage.
+#                           Must be a power of 2 between 4096 and 32768. Default is 4096.
+#
+#                           This parameter controls the fundamental storage unit
+#                           size for NuDB's internal data structures. The choice
+#                           of block size can significantly impact performance
+#                           depending on your storage hardware and filesystem:
+#
+#                           - 4096 bytes: Optimal for most standard SSDs and
+#                             traditional filesystems (ext4, NTFS, HFS+).
+#                             Provides good balance of performance and storage
+#                             efficiency. Recommended for most deployments.
+#                             Minimizes memory footprint and provides consistent
+#                             low-latency access patterns across diverse hardware.
+#
+#                           - 8192-16384 bytes: May improve performance on
+#                             high-end NVMe SSDs and copy-on-write filesystems
+#                             like ZFS or Btrfs that benefit from larger block
+#                             alignment. Can reduce metadata overhead for large
+#                             databases. Offers better sequential throughput and
+#                             reduced I/O operations at the cost of higher memory
+#                             usage per operation.
+#
+#                           - 32768 bytes (32K): Maximum supported block size
+#                             for high-performance scenarios with very fast
+#                             storage. May increase memory usage and reduce
+#                             efficiency for smaller databases. Best suited for
+#                             enterprise environments with abundant RAM.
+#
+#                           Performance testing is recommended before deploying
+#                           any non-default block size in production environments.
+#
+#                           Note: This setting cannot be changed after database
+#                           creation without rebuilding the entire database.
+#                           Choose carefully based on your hardware and expected
+#                           database size.
+#
+#                           Example: nudb_block_size=4096
+#
 #       These keys modify the behavior of online_delete, and thus are only
 #       relevant if online_delete is defined and non-zero:
 #
@@ -1471,6 +1512,7 @@ secure_gateway = 127.0.0.1
 [node_db]
 type=NuDB
 path=/var/lib/rippled/db/nudb
+nudb_block_size=4096
 online_delete=512
 advisory_delete=0
 

cmake/RippleConfig.cmake

@@ -45,7 +45,7 @@ if (static OR APPLE OR MSVC)
   set (OPENSSL_USE_STATIC_LIBS ON)
 endif ()
 set (OPENSSL_MSVC_STATIC_RT ON)
-find_dependency (OpenSSL 1.1.1 REQUIRED)
+find_dependency (OpenSSL REQUIRED)
 find_dependency (ZLIB)
 find_dependency (date)
 if (TARGET ZLIB::ZLIB)

cmake/RippledCore.cmake

@@ -53,14 +53,15 @@ add_library(xrpl.imports.main INTERFACE)
 
 target_link_libraries(xrpl.imports.main
   INTERFACE
-    LibArchive::LibArchive
-    OpenSSL::Crypto
-    Ripple::boost
-    Ripple::opts
-    Ripple::syslibs
     absl::random_random
     date::date
     ed25519::ed25519
+    LibArchive::LibArchive
+    OpenSSL::Crypto
+    Ripple::boost
+    Ripple::libs
+    Ripple::opts
+    Ripple::syslibs
     secp256k1::secp256k1
     xrpl.libpb
     xxHash::xxhash
@@ -111,6 +112,21 @@ target_link_libraries(xrpl.libxrpl.net PUBLIC
 add_module(xrpl server)
 target_link_libraries(xrpl.libxrpl.server PUBLIC xrpl.libxrpl.protocol)
 
+add_module(xrpl nodestore)
+target_link_libraries(xrpl.libxrpl.nodestore PUBLIC
+        xrpl.libxrpl.basics
+        xrpl.libxrpl.json
+        xrpl.libxrpl.protocol
+)
+
+add_module(xrpl shamap)
+target_link_libraries(xrpl.libxrpl.shamap PUBLIC
+        xrpl.libxrpl.basics
+        xrpl.libxrpl.crypto
+        xrpl.libxrpl.protocol
+        xrpl.libxrpl.nodestore
+)
+
 add_module(xrpl ledger)
 target_link_libraries(xrpl.libxrpl.ledger PUBLIC
   xrpl.libxrpl.basics
@@ -136,6 +152,8 @@ target_link_modules(xrpl PUBLIC
   protocol
   resource
   server
+  nodestore
+  shamap
   net
   ledger
 )

cmake/RippledInstall.cmake

@@ -8,20 +8,23 @@ install (
   TARGETS
     common
     opts
-    ripple_syslibs
     ripple_boost
+    ripple_libs
+    ripple_syslibs
     xrpl.imports.main
     xrpl.libpb
+    xrpl.libxrpl
     xrpl.libxrpl.basics
     xrpl.libxrpl.beast
     xrpl.libxrpl.crypto
     xrpl.libxrpl.json
+    xrpl.libxrpl.ledger
+    xrpl.libxrpl.net
+    xrpl.libxrpl.nodestore
     xrpl.libxrpl.protocol
     xrpl.libxrpl.resource
-    xrpl.libxrpl.ledger
     xrpl.libxrpl.server
-    xrpl.libxrpl.net
-    xrpl.libxrpl
+    xrpl.libxrpl.shamap
     antithesis-sdk-cpp
   EXPORT RippleExports
   LIBRARY DESTINATION lib
@@ -38,7 +41,7 @@ install(CODE "
   set(CMAKE_MODULE_PATH \"${CMAKE_MODULE_PATH}\")
   include(create_symbolic_link)
   create_symbolic_link(xrpl \
-    \${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_INCLUDEDIR}/ripple)
+    \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_INCLUDEDIR}/ripple)
 ")
 
 install (EXPORT RippleExports
@@ -72,7 +75,7 @@ if (is_root_project AND TARGET rippled)
     set(CMAKE_MODULE_PATH \"${CMAKE_MODULE_PATH}\")
     include(create_symbolic_link)
     create_symbolic_link(rippled${suffix} \
-      \${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR}/xrpld${suffix})
+       \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR}/xrpld${suffix})
   ")
 endif ()
 

cmake/RippledValidatorKeys.cmake

@@ -1,4 +1,4 @@
-option (validator_keys "Enables building of validator-keys-tool as a separate target (imported via FetchContent)" OFF)
+option (validator_keys "Enables building of validator-keys tool as a separate target (imported via FetchContent)" OFF)
 
 if (validator_keys)
   git_branch (current_branch)
@@ -6,17 +6,15 @@ if (validator_keys)
   if (NOT (current_branch STREQUAL "release"))
     set (current_branch "master")
   endif ()
-  message (STATUS "tracking ValidatorKeys branch: ${current_branch}")
+  message (STATUS "Tracking ValidatorKeys branch: ${current_branch}")
 
   FetchContent_Declare (
-    validator_keys_src
+    validator_keys
     GIT_REPOSITORY https://github.com/ripple/validator-keys-tool.git
     GIT_TAG        "${current_branch}"
   )
-  FetchContent_GetProperties (validator_keys_src)
-  if (NOT validator_keys_src_POPULATED)
-    message (STATUS "Pausing to download ValidatorKeys...")
-    FetchContent_Populate (validator_keys_src)
-  endif ()
-  add_subdirectory (${validator_keys_src_SOURCE_DIR} ${CMAKE_BINARY_DIR}/validator-keys)
+  FetchContent_MakeAvailable(validator_keys)
+  set_target_properties(validator-keys PROPERTIES RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}")
+  install(TARGETS validator-keys RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
+
 endif ()

cmake/xrpl_add_test.cmake

@@ -7,7 +7,7 @@ function(xrpl_add_test name)
   "${CMAKE_CURRENT_SOURCE_DIR}/${name}/*.cpp"
   "${CMAKE_CURRENT_SOURCE_DIR}/${name}.cpp"
   )
-  add_executable(${target} EXCLUDE_FROM_ALL ${ARGN} ${sources})
+  add_executable(${target} ${ARGN} ${sources})
 
   isolate_headers(
     ${target}

conan.lock

@@ -9,7 +9,7 @@
         "rocksdb/10.0.1#85537f46e538974d67da0c3977de48ac%1756234304.347",
         "re2/20230301#dfd6e2bf050eb90ddd8729cfb4c844a4%1756234257.976",
         "protobuf/3.21.12#d927114e28de9f4691a6bbcdd9a529d1%1756234251.614",
-        "openssl/3.5.2#0c5a5e15ae569f45dff57adcf1770cf7%1756234259.61",
+        "openssl/3.5.4#a1d5835cc6ed5c5b8f3cd5b9b5d24205%1759746684.671",
         "nudb/2.0.9#c62cfd501e57055a7e0d8ee3d5e5427d%1756234237.107",
         "lz4/1.10.0#59fc63cac7f10fbe8e05c7e62c2f3504%1756234228.999",
         "libiconv/1.17#1e65319e945f2d31941a9d28cc13c058%1756223727.64",

conan/global.conf

@@ -1,9 +1,5 @@
 # Global configuration for Conan. This is used to set the number of parallel
-# downloads, uploads, and build jobs. The verbosity is set to verbose to
-# provide more information during the build process.
+# downloads and uploads.
 core:non_interactive=True
 core.download:parallel={{ os.cpu_count() }}
 core.upload:parallel={{ os.cpu_count() }}
-tools.build:jobs={{ (os.cpu_count() * 4/5) | int }}
-tools.build:verbosity=verbose
-tools.compilation:verbosity=verbose

conan/profiles/default

@@ -21,14 +21,11 @@ compiler.libcxx={{detect_api.detect_libcxx(compiler, version, compiler_exe)}}
 
 [conf]
 {% if compiler == "clang" and compiler_version >= 19 %}
-tools.build:cxxflags=['-Wno-missing-template-arg-list-after-template-kw']
+grpc/1.50.1:tools.build:cxxflags+=['-Wno-missing-template-arg-list-after-template-kw']
 {% endif %}
 {% if compiler == "apple-clang" and compiler_version >= 17 %}
-tools.build:cxxflags=['-Wno-missing-template-arg-list-after-template-kw']
+grpc/1.50.1:tools.build:cxxflags+=['-Wno-missing-template-arg-list-after-template-kw']
 {% endif %}
 {% if compiler == "gcc" and compiler_version < 13 %}
-tools.build:cxxflags=['-Wno-restrict']
+tools.build:cxxflags+=['-Wno-restrict']
 {% endif %}
-
-[tool_requires]
-!cmake/*: cmake/[>=3 <4]

conanfile.py

@@ -27,7 +27,7 @@ class Xrpl(ConanFile):
         'grpc/1.50.1',
         'libarchive/3.8.1',
         'nudb/2.0.9',
-        'openssl/3.5.2',
+        'openssl/3.5.4',
         'soci/4.0.3',
         'zlib/1.3.1',
     ]

include/xrpl/basics/IntrusivePointer.ipp

@@ -654,12 +654,14 @@ SharedWeakUnion<T>::convertToWeak()
             break;
         case destroy:
             // We just added a weak ref. How could we destroy?
+            // LCOV_EXCL_START
             UNREACHABLE(
                 "ripple::SharedWeakUnion::convertToWeak : destroying freshly "
                 "added ref");
             delete p;
             unsafeSetRawPtr(nullptr);
             return true;  // Should never happen
+            // LCOV_EXCL_STOP
         case partialDestroy:
             // This is a weird case. We just converted the last strong
             // pointer to a weak pointer.

include/xrpl/beast/net/IPAddress.h

@@ -94,7 +94,11 @@ hash_append(Hasher& h, beast::IP::Address const& addr) noexcept
     else if (addr.is_v6())
         hash_append(h, addr.to_v6().to_bytes());
     else
+    {
+        // LCOV_EXCL_START
         UNREACHABLE("beast::hash_append : invalid address type");
+        // LCOV_EXCL_STOP
+    }
 }
 }  // namespace beast
 

include/xrpl/json/json_writer.h

@@ -46,7 +46,7 @@ public:
  * without formatting (not human friendly).
  *
  * The JSON document is written in a single line. It is not intended for 'human'
- * consumption, but may be useful to support feature such as RPC where bandwith
+ * consumption, but may be useful to support feature such as RPC where bandwidth
  * is limited. \sa Reader, Value
  */
 

include/xrpl/ledger/ApplyView.h

@@ -284,12 +284,14 @@ public:
     {
         if (key.type != ltOFFER)
         {
+            // LCOV_EXCL_START
             UNREACHABLE(
                 "ripple::ApplyView::dirAppend : only Offers are appended to "
                 "book directories");
             // Only Offers are appended to book directories. Call dirInsert()
             // instead
             return std::nullopt;
+            // LCOV_EXCL_STOP
         }
         return dirAdd(true, directory, key.key, describe);
     }

include/xrpl/nodestore/Backend.h

@@ -20,7 +20,7 @@
 #ifndef RIPPLE_NODESTORE_BACKEND_H_INCLUDED
 #define RIPPLE_NODESTORE_BACKEND_H_INCLUDED
 
-#include <xrpld/nodestore/Types.h>
+#include <xrpl/nodestore/Types.h>
 
 #include <cstdint>
 
@@ -53,6 +53,14 @@ public:
     virtual std::string
     getName() = 0;
 
+    /** Get the block size for backends that support it
+     */
+    virtual std::optional<std::size_t>
+    getBlockSize() const
+    {
+        return std::nullopt;
+    }
+
     /** Open the backend.
         @param createIfMissing Create the database files if necessary.
         This allows the caller to catch exceptions.

include/xrpl/nodestore/Database.h

@@ -20,13 +20,12 @@
 #ifndef RIPPLE_NODESTORE_DATABASE_H_INCLUDED
 #define RIPPLE_NODESTORE_DATABASE_H_INCLUDED
 
-#include <xrpld/nodestore/Backend.h>
-#include <xrpld/nodestore/NodeObject.h>
-#include <xrpld/nodestore/Scheduler.h>
-
 #include <xrpl/basics/BasicConfig.h>
 #include <xrpl/basics/Log.h>
 #include <xrpl/basics/TaggedCache.ipp>
+#include <xrpl/nodestore/Backend.h>
+#include <xrpl/nodestore/NodeObject.h>
+#include <xrpl/nodestore/Scheduler.h>
 #include <xrpl/protocol/SystemParameters.h>
 
 #include <condition_variable>

include/xrpl/nodestore/DatabaseRotating.h

@@ -20,7 +20,7 @@
 #ifndef RIPPLE_NODESTORE_DATABASEROTATING_H_INCLUDED
 #define RIPPLE_NODESTORE_DATABASEROTATING_H_INCLUDED
 
-#include <xrpld/nodestore/Database.h>
+#include <xrpl/nodestore/Database.h>
 
 namespace ripple {
 namespace NodeStore {

include/xrpl/nodestore/DummyScheduler.h

@@ -20,7 +20,7 @@
 #ifndef RIPPLE_NODESTORE_DUMMYSCHEDULER_H_INCLUDED
 #define RIPPLE_NODESTORE_DUMMYSCHEDULER_H_INCLUDED
 
-#include <xrpld/nodestore/Scheduler.h>
+#include <xrpl/nodestore/Scheduler.h>
 
 namespace ripple {
 namespace NodeStore {

include/xrpl/nodestore/Factory.h

@@ -20,11 +20,10 @@
 #ifndef RIPPLE_NODESTORE_FACTORY_H_INCLUDED
 #define RIPPLE_NODESTORE_FACTORY_H_INCLUDED
 
-#include <xrpld/nodestore/Backend.h>
-#include <xrpld/nodestore/Scheduler.h>
-
 #include <xrpl/basics/BasicConfig.h>
 #include <xrpl/beast/utility/Journal.h>
+#include <xrpl/nodestore/Backend.h>
+#include <xrpl/nodestore/Scheduler.h>
 
 #include <nudb/store.hpp>
 

include/xrpl/nodestore/Manager.h

@@ -20,8 +20,8 @@
 #ifndef RIPPLE_NODESTORE_MANAGER_H_INCLUDED
 #define RIPPLE_NODESTORE_MANAGER_H_INCLUDED
 
-#include <xrpld/nodestore/DatabaseRotating.h>
-#include <xrpld/nodestore/Factory.h>
+#include <xrpl/nodestore/DatabaseRotating.h>
+#include <xrpl/nodestore/Factory.h>
 
 namespace ripple {
 

include/xrpl/nodestore/Scheduler.h

@@ -20,7 +20,7 @@
 #ifndef RIPPLE_NODESTORE_SCHEDULER_H_INCLUDED
 #define RIPPLE_NODESTORE_SCHEDULER_H_INCLUDED
 
-#include <xrpld/nodestore/Task.h>
+#include <xrpl/nodestore/Task.h>
 
 #include <chrono>
 

include/xrpl/nodestore/Types.h

@@ -20,7 +20,7 @@
 #ifndef RIPPLE_NODESTORE_TYPES_H_INCLUDED
 #define RIPPLE_NODESTORE_TYPES_H_INCLUDED
 
-#include <xrpld/nodestore/NodeObject.h>
+#include <xrpl/nodestore/NodeObject.h>
 
 #include <vector>
 

include/xrpl/nodestore/detail/BatchWriter.h

@@ -20,9 +20,9 @@
 #ifndef RIPPLE_NODESTORE_BATCHWRITER_H_INCLUDED
 #define RIPPLE_NODESTORE_BATCHWRITER_H_INCLUDED
 
-#include <xrpld/nodestore/Scheduler.h>
-#include <xrpld/nodestore/Task.h>
-#include <xrpld/nodestore/Types.h>
+#include <xrpl/nodestore/Scheduler.h>
+#include <xrpl/nodestore/Task.h>
+#include <xrpl/nodestore/Types.h>
 
 #include <condition_variable>
 #include <mutex>

include/xrpl/nodestore/detail/DatabaseNodeImp.h

@@ -20,10 +20,9 @@
 #ifndef RIPPLE_NODESTORE_DATABASENODEIMP_H_INCLUDED
 #define RIPPLE_NODESTORE_DATABASENODEIMP_H_INCLUDED
 
-#include <xrpld/nodestore/Database.h>
-
 #include <xrpl/basics/TaggedCache.h>
 #include <xrpl/basics/chrono.h>
+#include <xrpl/nodestore/Database.h>
 
 namespace ripple {
 namespace NodeStore {

include/xrpl/nodestore/detail/DatabaseRotatingImp.h

@@ -20,7 +20,7 @@
 #ifndef RIPPLE_NODESTORE_DATABASEROTATINGIMP_H_INCLUDED
 #define RIPPLE_NODESTORE_DATABASEROTATINGIMP_H_INCLUDED
 
-#include <xrpld/nodestore/DatabaseRotating.h>
+#include <xrpl/nodestore/DatabaseRotating.h>
 
 #include <mutex>
 

include/xrpl/nodestore/detail/DecodedBlob.h

@@ -20,7 +20,7 @@
 #ifndef RIPPLE_NODESTORE_DECODEDBLOB_H_INCLUDED
 #define RIPPLE_NODESTORE_DECODEDBLOB_H_INCLUDED
 
-#include <xrpld/nodestore/NodeObject.h>
+#include <xrpl/nodestore/NodeObject.h>
 
 namespace ripple {
 namespace NodeStore {

include/xrpl/nodestore/detail/EncodedBlob.h

@@ -20,9 +20,8 @@
 #ifndef RIPPLE_NODESTORE_ENCODEDBLOB_H_INCLUDED
 #define RIPPLE_NODESTORE_ENCODEDBLOB_H_INCLUDED
 
-#include <xrpld/nodestore/NodeObject.h>
-
 #include <xrpl/beast/utility/instrumentation.h>
+#include <xrpl/nodestore/NodeObject.h>
 
 #include <boost/align/align_up.hpp>
 

include/xrpl/nodestore/detail/ManagerImp.h

@@ -20,7 +20,7 @@
 #ifndef RIPPLE_NODESTORE_MANAGERIMP_H_INCLUDED
 #define RIPPLE_NODESTORE_MANAGERIMP_H_INCLUDED
 
-#include <xrpld/nodestore/Manager.h>
+#include <xrpl/nodestore/Manager.h>
 
 namespace ripple {
 
@@ -39,7 +39,7 @@ public:
     static void
     missing_backend();
 
-    ManagerImp() = default;
+    ManagerImp();
 
     ~ManagerImp() = default;
 

include/xrpl/nodestore/detail/codec.h

@@ -23,11 +23,10 @@
 // Disable lz4 deprecation warning due to incompatibility with clang attributes
 #define LZ4_DISABLE_DEPRECATE_WARNINGS
 
-#include <xrpld/nodestore/NodeObject.h>
-#include <xrpld/nodestore/detail/varint.h>
-
 #include <xrpl/basics/contract.h>
 #include <xrpl/basics/safe_cast.h>
+#include <xrpl/nodestore/NodeObject.h>
+#include <xrpl/nodestore/detail/varint.h>
 #include <xrpl/protocol/HashPrefix.h>
 
 #include <nudb/detail/field.hpp>

include/xrpl/protocol/ApiVersion.h

@@ -20,6 +20,11 @@
 #ifndef RIPPLE_PROTOCOL_APIVERSION_H_INCLUDED
 #define RIPPLE_PROTOCOL_APIVERSION_H_INCLUDED
 
+#include <xrpl/beast/core/SemanticVersion.h>
+#include <xrpl/beast/utility/instrumentation.h>
+#include <xrpl/json/json_value.h>
+#include <xrpl/protocol/jss.h>
+
 #include <type_traits>
 #include <utility>
 
@@ -72,6 +77,77 @@ static_assert(apiMaximumSupportedVersion >= apiMinimumSupportedVersion);
 static_assert(apiBetaVersion >= apiMaximumSupportedVersion);
 static_assert(apiMaximumValidVersion >= apiMaximumSupportedVersion);
 
+template <class JsonObject>
+void
+setVersion(JsonObject& parent, unsigned int apiVersion, bool betaEnabled)
+{
+    XRPL_ASSERT(
+        apiVersion != apiInvalidVersion,
+        "ripple::RPC::setVersion : input is valid");
+    auto& retObj = addObject(parent, jss::version);
+
+    if (apiVersion == apiVersionIfUnspecified)
+    {
+        // API version numbers used in API version 1
+        static beast::SemanticVersion const firstVersion{"1.0.0"};
+        static beast::SemanticVersion const goodVersion{"1.0.0"};
+        static beast::SemanticVersion const lastVersion{"1.0.0"};
+
+        retObj[jss::first] = firstVersion.print();
+        retObj[jss::good] = goodVersion.print();
+        retObj[jss::last] = lastVersion.print();
+    }
+    else
+    {
+        retObj[jss::first] = apiMinimumSupportedVersion.value;
+        retObj[jss::last] =
+            betaEnabled ? apiBetaVersion : apiMaximumSupportedVersion;
+    }
+}
+
+/**
+ * Retrieve the api version number from the json value
+ *
+ * Note that APIInvalidVersion will be returned if
+ * 1) the version number field has a wrong format
+ * 2) the version number retrieved is out of the supported range
+ * 3) the version number is unspecified and
+ *    APIVersionIfUnspecified is out of the supported range
+ *
+ * @param jv a Json value that may or may not specifies
+ *        the api version number
+ * @param betaEnabled if the beta API version is enabled
+ * @return the api version number
+ */
+inline unsigned int
+getAPIVersionNumber(Json::Value const& jv, bool betaEnabled)
+{
+    static Json::Value const minVersion(RPC::apiMinimumSupportedVersion);
+    Json::Value const maxVersion(
+        betaEnabled ? RPC::apiBetaVersion : RPC::apiMaximumSupportedVersion);
+
+    if (jv.isObject())
+    {
+        if (jv.isMember(jss::api_version))
+        {
+            auto const specifiedVersion = jv[jss::api_version];
+            if (!specifiedVersion.isInt() && !specifiedVersion.isUInt())
+            {
+                return RPC::apiInvalidVersion;
+            }
+            auto const specifiedVersionInt = specifiedVersion.asInt();
+            if (specifiedVersionInt < minVersion ||
+                specifiedVersionInt > maxVersion)
+            {
+                return RPC::apiInvalidVersion;
+            }
+            return specifiedVersionInt;
+        }
+    }
+
+    return RPC::apiVersionIfUnspecified;
+}
+
 }  // namespace RPC
 
 template <unsigned minVer, unsigned maxVer, typename Fn, typename... Args>

include/xrpl/protocol/LedgerFormats.h

@@ -188,14 +188,14 @@ enum LedgerSpecificFlags {
     lsfMPTCanTransfer = 0x00000020,
     lsfMPTCanClawback = 0x00000040,
 
-    lmfMPTCanMutateCanLock = 0x00000002,
-    lmfMPTCanMutateRequireAuth = 0x00000004,
-    lmfMPTCanMutateCanEscrow = 0x00000008,
-    lmfMPTCanMutateCanTrade = 0x00000010,
-    lmfMPTCanMutateCanTransfer = 0x00000020,
-    lmfMPTCanMutateCanClawback = 0x00000040,
-    lmfMPTCanMutateMetadata = 0x00010000,
-    lmfMPTCanMutateTransferFee = 0x00020000,
+    lsmfMPTCanMutateCanLock = 0x00000002,
+    lsmfMPTCanMutateRequireAuth = 0x00000004,
+    lsmfMPTCanMutateCanEscrow = 0x00000008,
+    lsmfMPTCanMutateCanTrade = 0x00000010,
+    lsmfMPTCanMutateCanTransfer = 0x00000020,
+    lsmfMPTCanMutateCanClawback = 0x00000040,
+    lsmfMPTCanMutateMetadata = 0x00010000,
+    lsmfMPTCanMutateTransferFee = 0x00020000,
 
     // ltMPTOKEN
     lsfMPTAuthorized = 0x00000002,

include/xrpl/protocol/Permissions.h

@@ -74,6 +74,9 @@ public:
     Permission&
     operator=(Permission const&) = delete;
 
+    std::optional<std::string>
+    getPermissionName(std::uint32_t const value) const;
+
     std::optional<std::uint32_t>
     getGranularValue(std::string const& name) const;
 
@@ -83,6 +86,9 @@ public:
     std::optional<TxType>
     getGranularTxType(GranularPermissionType const& gpType) const;
 
+    std::optional<std::reference_wrapper<uint256 const>> const
+    getTxFeature(TxType txType) const;
+
     bool
     isDelegatable(std::uint32_t const& permissionValue, Rules const& rules)
         const;

include/xrpl/protocol/Protocol.h

@@ -55,7 +55,10 @@ std::size_t constexpr oversizeMetaDataCap = 5200;
 /** The maximum number of entries per directory page */
 std::size_t constexpr dirNodeMaxEntries = 32;
 
-/** The maximum number of pages allowed in a directory */
+/** The maximum number of pages allowed in a directory
+
+    Made obsolete by fixDirectoryLimit amendment.
+*/
 std::uint64_t constexpr dirNodeMaxPages = 262144;
 
 /** The maximum number of items in an NFT page */

include/xrpl/protocol/PublicKey.h

@@ -21,6 +21,7 @@
 #define RIPPLE_PROTOCOL_PUBLICKEY_H_INCLUDED
 
 #include <xrpl/basics/Slice.h>
+#include <xrpl/beast/net/IPEndpoint.h>
 #include <xrpl/protocol/KeyType.h>
 #include <xrpl/protocol/STExchange.h>
 #include <xrpl/protocol/UintTypes.h>
@@ -264,6 +265,24 @@ calcNodeID(PublicKey const&);
 AccountID
 calcAccountID(PublicKey const& pk);
 
+inline std::string
+getFingerprint(
+    beast::IP::Endpoint const& address,
+    std::optional<PublicKey> const& publicKey = std::nullopt,
+    std::optional<std::string> const& id = std::nullopt)
+{
+    std::stringstream ss;
+    ss << "IP Address: " << address;
+    if (publicKey.has_value())
+    {
+        ss << ", Public Key: " << toBase58(TokenType::NodePublic, *publicKey);
+    }
+    if (id.has_value())
+    {
+        ss << ", Id: " << id.value();
+    }
+    return ss.str();
+}
 }  // namespace ripple
 
 //------------------------------------------------------------------------------

include/xrpl/protocol/SField.h

@@ -72,8 +72,10 @@ class STCurrency;
     STYPE(STI_VL, 7)                              \
     STYPE(STI_ACCOUNT, 8)                         \
     STYPE(STI_NUMBER, 9)                          \
+    STYPE(STI_INT32, 10)                          \
+    STYPE(STI_INT64, 11)                          \
                                                   \
-    /* 10-13 are reserved */                      \
+    /* 12-13 are reserved */                      \
     STYPE(STI_OBJECT, 14)                         \
     STYPE(STI_ARRAY, 15)                          \
                                                   \
@@ -356,6 +358,9 @@ using SF_UINT256 = TypedField<STBitString<256>>;
 using SF_UINT384 = TypedField<STBitString<384>>;
 using SF_UINT512 = TypedField<STBitString<512>>;
 
+using SF_INT32 = TypedField<STInteger<std::int32_t>>;
+using SF_INT64 = TypedField<STInteger<std::int64_t>>;
+
 using SF_ACCOUNT = TypedField<STAccount>;
 using SF_AMOUNT = TypedField<STAmount>;
 using SF_ISSUE = TypedField<STIssue>;

include/xrpl/protocol/STAmount.h

@@ -709,37 +709,6 @@ canAdd(STAmount const& amt1, STAmount const& amt2);
 bool
 canSubtract(STAmount const& amt1, STAmount const& amt2);
 
-// Since `canonicalize` does not have access to a ledger, this is needed to put
-// the low-level routine stAmountCanonicalize on an amendment switch. Only
-// transactions need to use this switchover. Outside of a transaction it's safe
-// to unconditionally use the new behavior.
-
-bool
-getSTAmountCanonicalizeSwitchover();
-
-void
-setSTAmountCanonicalizeSwitchover(bool v);
-
-/** RAII class to set and restore the STAmount canonicalize switchover.
- */
-
-class STAmountSO
-{
-public:
-    explicit STAmountSO(bool v) : saved_(getSTAmountCanonicalizeSwitchover())
-    {
-        setSTAmountCanonicalizeSwitchover(v);
-    }
-
-    ~STAmountSO()
-    {
-        setSTAmountCanonicalizeSwitchover(saved_);
-    }
-
-private:
-    bool saved_;
-};
-
 }  // namespace ripple
 
 //------------------------------------------------------------------------------

include/xrpl/protocol/STInteger.h

@@ -81,6 +81,8 @@ using STUInt16 = STInteger<std::uint16_t>;
 using STUInt32 = STInteger<std::uint32_t>;
 using STUInt64 = STInteger<std::uint64_t>;
 
+using STInt32 = STInteger<std::int32_t>;
+
 template <typename Integer>
 inline STInteger<Integer>::STInteger(Integer v) : value_(v)
 {

include/xrpl/protocol/STObject.h

@@ -231,6 +231,8 @@ public:
     getFieldH192(SField const& field) const;
     uint256
     getFieldH256(SField const& field) const;
+    std::int32_t
+    getFieldI32(SField const& field) const;
     AccountID
     getAccountID(SField const& field) const;
 
@@ -242,6 +244,9 @@ public:
     getFieldPathSet(SField const& field) const;
     STVector256 const&
     getFieldV256(SField const& field) const;
+    // If not found, returns an object constructed with the given field
+    STObject
+    getFieldObject(SField const& field) const;
     STArray const&
     getFieldArray(SField const& field) const;
     STCurrency const&
@@ -365,6 +370,8 @@ public:
     void
     setFieldH256(SField const& field, uint256 const&);
     void
+    setFieldI32(SField const& field, std::int32_t);
+    void
     setFieldVL(SField const& field, Blob const&);
     void
     setFieldVL(SField const& field, Slice const&);
@@ -386,6 +393,8 @@ public:
     setFieldV256(SField const& field, STVector256 const& v);
     void
     setFieldArray(SField const& field, STArray const& v);
+    void
+    setFieldObject(SField const& field, STObject const& v);
 
     template <class Tag>
     void

include/xrpl/protocol/STParsedJSON.h

@@ -54,34 +54,6 @@ public:
     Json::Value error;
 };
 
-/** Holds the serialized result of parsing an input JSON array.
-    This does validation and checking on the provided JSON.
-*/
-class STParsedJSONArray
-{
-public:
-    /** Parses and creates an STParsedJSON array.
-        The result of the parsing is stored in array and error.
-        Exceptions:
-            Does not throw.
-        @param name The name of the JSON field, used in diagnostics.
-        @param json The JSON-RPC to parse.
-    */
-    STParsedJSONArray(std::string const& name, Json::Value const& json);
-
-    STParsedJSONArray() = delete;
-    STParsedJSONArray(STParsedJSONArray const&) = delete;
-    STParsedJSONArray&
-    operator=(STParsedJSONArray const&) = delete;
-    ~STParsedJSONArray() = default;
-
-    /** The STArray if the parse was successful. */
-    std::optional<STArray> array;
-
-    /** On failure, an appropriate set of error values. */
-    Json::Value error;
-};
-
 }  // namespace ripple
 
 #endif

include/xrpl/protocol/STTx.h

@@ -87,8 +87,14 @@ public:
     getFullText() const override;
 
     // Outer transaction functions / signature functions.
+    static Blob
+    getSignature(STObject const& sigObject);
+
     Blob
-    getSignature() const;
+    getSignature() const
+    {
+        return getSignature(*this);
+    }
 
     uint256
     getSigningHash() const;
@@ -119,13 +125,20 @@ public:
     getJson(JsonOptions options, bool binary) const;
 
     void
-    sign(PublicKey const& publicKey, SecretKey const& secretKey);
+    sign(
+        PublicKey const& publicKey,
+        SecretKey const& secretKey,
+        std::optional<std::reference_wrapper<SField const>> signatureTarget =
+            {});
 
-    /** Check the signature.
-        @return `true` if valid signature. If invalid, the error message string.
-    */
     enum class RequireFullyCanonicalSig : bool { no, yes };
 
+    /** Check the signature.
+        @param requireCanonicalSig If `true`, check that the signature is fully
+            canonical. If `false`, only check that the signature is valid.
+        @param rules The current ledger rules.
+        @return `true` if valid signature. If invalid, the error message string.
+    */
     Expected<void, std::string>
     checkSign(RequireFullyCanonicalSig requireCanonicalSig, Rules const& rules)
         const;
@@ -150,17 +163,34 @@ public:
         char status,
         std::string const& escapedMetaData) const;
 
-    std::vector<uint256>
+    std::vector<uint256> const&
     getBatchTransactionIDs() const;
 
 private:
+    /** Check the signature.
+        @param requireCanonicalSig If `true`, check that the signature is fully
+            canonical. If `false`, only check that the signature is valid.
+        @param rules The current ledger rules.
+        @param sigObject Reference to object that contains the signature fields.
+            Will be *this more often than not.
+        @return `true` if valid signature. If invalid, the error message string.
+    */
     Expected<void, std::string>
-    checkSingleSign(RequireFullyCanonicalSig requireCanonicalSig) const;
+    checkSign(
+        RequireFullyCanonicalSig requireCanonicalSig,
+        Rules const& rules,
+        STObject const& sigObject) const;
+
+    Expected<void, std::string>
+    checkSingleSign(
+        RequireFullyCanonicalSig requireCanonicalSig,
+        STObject const& sigObject) const;
 
     Expected<void, std::string>
     checkMultiSign(
         RequireFullyCanonicalSig requireCanonicalSig,
-        Rules const& rules) const;
+        Rules const& rules,
+        STObject const& sigObject) const;
 
     Expected<void, std::string>
     checkBatchSingleSign(
@@ -179,7 +209,7 @@ private:
     move(std::size_t n, void* buf) override;
 
     friend class detail::STVar;
-    mutable std::vector<uint256> batch_txn_ids_;
+    mutable std::vector<uint256> batchTxnIds_;
 };
 
 bool

include/xrpl/protocol/SystemParameters.h

@@ -73,14 +73,8 @@ static constexpr std::uint32_t XRP_LEDGER_EARLIEST_SEQ{32570u};
  * used in asserts and tests. */
 static constexpr std::uint32_t XRP_LEDGER_EARLIEST_FEES{562177u};
 
-/** The minimum amount of support an amendment should have.
-
-    @note This value is used by legacy code and will become obsolete
-          once the fixAmendmentMajorityCalc amendment activates.
-*/
-constexpr std::ratio<204, 256> preFixAmendmentMajorityCalcThreshold;
-
-constexpr std::ratio<80, 100> postFixAmendmentMajorityCalcThreshold;
+/** The minimum amount of support an amendment should have. */
+constexpr std::ratio<80, 100> amendmentMajorityCalcThreshold;
 
 /** The minimum amount of time an amendment must hold a majority */
 constexpr std::chrono::seconds const defaultAmendmentMajorityTime = weeks{2};

include/xrpl/protocol/TER.h

@@ -225,8 +225,9 @@ enum TERcodes : TERUnderlyingType {
     terQUEUED,       // Transaction is being held in TxQ until fee drops
     terPRE_TICKET,   // Ticket is not yet in ledger but might be on its way
     terNO_AMM,       // AMM doesn't exist for the asset pair
-    terADDRESS_COLLISION,  // Failed to allocate AccountID when trying to
-                           // create a pseudo-account
+    terADDRESS_COLLISION,       // Failed to allocate AccountID when trying to
+                                // create a pseudo-account
+    terNO_DELEGATE_PERMISSION,  // Delegate does not have permission
 };
 
 //------------------------------------------------------------------------------
@@ -361,6 +362,9 @@ enum TECcodes : TERUnderlyingType {
     tecLIMIT_EXCEEDED = 195,
     tecPSEUDO_ACCOUNT = 196,
     tecPRECISION_LOSS = 197,
+    // DEPRECATED: This error code tecNO_DELEGATE_PERMISSION is reserved for
+    // backward compatibility with historical data on non-prod networks, can be
+    // reclaimed after those networks reset.
     tecNO_DELEGATE_PERMISSION = 198,
 };
 
@@ -673,7 +677,8 @@ isTerRetry(TER x) noexcept
 inline bool
 isTesSuccess(TER x) noexcept
 {
-    return (x == tesSUCCESS);
+    // Makes use of TERSubset::operator bool()
+    return !(x);
 }
 
 inline bool

include/xrpl/protocol/TxFlags.h

@@ -156,14 +156,14 @@ constexpr std::uint32_t const tfMPTokenIssuanceCreateMask  =
 
 // MPTokenIssuanceCreate MutableFlags:
 // Indicating specific fields or flags may be changed after issuance.
-constexpr std::uint32_t const tmfMPTCanMutateCanLock = lmfMPTCanMutateCanLock;
-constexpr std::uint32_t const tmfMPTCanMutateRequireAuth = lmfMPTCanMutateRequireAuth;
-constexpr std::uint32_t const tmfMPTCanMutateCanEscrow = lmfMPTCanMutateCanEscrow;
-constexpr std::uint32_t const tmfMPTCanMutateCanTrade = lmfMPTCanMutateCanTrade;
-constexpr std::uint32_t const tmfMPTCanMutateCanTransfer = lmfMPTCanMutateCanTransfer;
-constexpr std::uint32_t const tmfMPTCanMutateCanClawback = lmfMPTCanMutateCanClawback;
-constexpr std::uint32_t const tmfMPTCanMutateMetadata = lmfMPTCanMutateMetadata;
-constexpr std::uint32_t const tmfMPTCanMutateTransferFee = lmfMPTCanMutateTransferFee;
+constexpr std::uint32_t const tmfMPTCanMutateCanLock = lsmfMPTCanMutateCanLock;
+constexpr std::uint32_t const tmfMPTCanMutateRequireAuth = lsmfMPTCanMutateRequireAuth;
+constexpr std::uint32_t const tmfMPTCanMutateCanEscrow = lsmfMPTCanMutateCanEscrow;
+constexpr std::uint32_t const tmfMPTCanMutateCanTrade = lsmfMPTCanMutateCanTrade;
+constexpr std::uint32_t const tmfMPTCanMutateCanTransfer = lsmfMPTCanMutateCanTransfer;
+constexpr std::uint32_t const tmfMPTCanMutateCanClawback = lsmfMPTCanMutateCanClawback;
+constexpr std::uint32_t const tmfMPTCanMutateMetadata = lsmfMPTCanMutateMetadata;
+constexpr std::uint32_t const tmfMPTCanMutateTransferFee = lsmfMPTCanMutateTransferFee;
 constexpr std::uint32_t const tmfMPTokenIssuanceCreateMutableMask =
   ~(tmfMPTCanMutateCanLock | tmfMPTCanMutateRequireAuth | tmfMPTCanMutateCanEscrow | tmfMPTCanMutateCanTrade
     | tmfMPTCanMutateCanTransfer | tmfMPTCanMutateCanClawback | tmfMPTCanMutateMetadata | tmfMPTCanMutateTransferFee);

include/xrpl/protocol/TxMeta.h

@@ -33,51 +33,35 @@ namespace ripple {
 
 class TxMeta
 {
-private:
-    struct CtorHelper
-    {
-        explicit CtorHelper() = default;
-    };
-    template <class T>
-    TxMeta(
-        uint256 const& txID,
-        std::uint32_t ledger,
-        T const& data,
-        CtorHelper);
-
 public:
-    TxMeta(
-        uint256 const& transactionID,
-        std::uint32_t ledger,
-        std::optional<uint256> parentBatchId = std::nullopt);
+    TxMeta(uint256 const& transactionID, std::uint32_t ledger);
     TxMeta(uint256 const& txID, std::uint32_t ledger, Blob const&);
-    TxMeta(uint256 const& txID, std::uint32_t ledger, std::string const&);
     TxMeta(uint256 const& txID, std::uint32_t ledger, STObject const&);
 
     uint256 const&
     getTxID() const
     {
-        return mTransactionID;
+        return transactionID_;
     }
     std::uint32_t
     getLgrSeq() const
     {
-        return mLedger;
+        return ledgerSeq_;
     }
     int
     getResult() const
     {
-        return mResult;
+        return result_;
     }
     TER
     getResultTER() const
     {
-        return TER::fromInt(mResult);
+        return TER::fromInt(result_);
     }
     std::uint32_t
     getIndex() const
     {
-        return mIndex;
+        return index_;
     }
 
     void
@@ -104,66 +88,52 @@ public:
     STArray&
     getNodes()
     {
-        return (mNodes);
+        return nodes_;
     }
     STArray const&
     getNodes() const
     {
-        return (mNodes);
+        return nodes_;
     }
 
     void
-    setDeliveredAmount(STAmount const& delivered)
+    setAdditionalFields(STObject const& obj)
     {
-        mDelivered = delivered;
+        if (obj.isFieldPresent(sfDeliveredAmount))
+            deliveredAmount_ = obj.getFieldAmount(sfDeliveredAmount);
+
+        if (obj.isFieldPresent(sfParentBatchID))
+            parentBatchID_ = obj.getFieldH256(sfParentBatchID);
     }
 
-    STAmount
+    std::optional<STAmount> const&
     getDeliveredAmount() const
     {
-        XRPL_ASSERT(
-            hasDeliveredAmount(),
-            "ripple::TxMeta::getDeliveredAmount : non-null delivered amount");
-        return *mDelivered;
-    }
-
-    bool
-    hasDeliveredAmount() const
-    {
-        return static_cast<bool>(mDelivered);
+        return deliveredAmount_;
     }
 
     void
-    setParentBatchId(uint256 const& parentBatchId)
+    setDeliveredAmount(std::optional<STAmount> const& amount)
     {
-        mParentBatchId = parentBatchId;
+        deliveredAmount_ = amount;
     }
 
-    uint256
-    getParentBatchId() const
+    void
+    setParentBatchID(std::optional<uint256> const& id)
     {
-        XRPL_ASSERT(
-            hasParentBatchId(),
-            "ripple::TxMeta::getParentBatchId : non-null batch id");
-        return *mParentBatchId;
-    }
-
-    bool
-    hasParentBatchId() const
-    {
-        return static_cast<bool>(mParentBatchId);
+        parentBatchID_ = id;
     }
 
 private:
-    uint256 mTransactionID;
-    std::uint32_t mLedger;
-    std::uint32_t mIndex;
-    int mResult;
+    uint256 transactionID_;
+    std::uint32_t ledgerSeq_;
+    std::uint32_t index_;
+    int result_;
 
-    std::optional<STAmount> mDelivered;
-    std::optional<uint256> mParentBatchId;
+    std::optional<STAmount> deliveredAmount_;
+    std::optional<uint256> parentBatchID_;
 
-    STArray mNodes;
+    STArray nodes_;
 };
 
 }  // namespace ripple

include/xrpl/protocol/detail/b58_utils.h

@@ -129,10 +129,12 @@ inplace_bigint_div_rem(std::span<uint64_t> numerator, std::uint64_t divisor)
     {
         // should never happen, but if it does then it seems natural to define
         // the a null set of numbers to be zero, so the remainder is also zero.
+        // LCOV_EXCL_START
         UNREACHABLE(
             "ripple::b58_fast::detail::inplace_bigint_div_rem : empty "
             "numerator");
         return 0;
+        // LCOV_EXCL_STOP
     }
 
     auto to_u128 = [](std::uint64_t high,

include/xrpl/protocol/detail/features.macro

@@ -29,15 +29,14 @@
 
 // Add new amendments to the top of this list.
 // Keep it sorted in reverse chronological order.
-// If you add an amendment here, then do not forget to increment `numFeatures`
-// in include/xrpl/protocol/Feature.h.
 
-XRPL_FIX    (IncludeKeyletFields,        Supported::no,  VoteBehavior::DefaultNo)
+XRPL_FEATURE(PermissionDelegationV1_1,   Supported::no,  VoteBehavior::DefaultNo)
+XRPL_FIX    (DirectoryLimit,             Supported::yes, VoteBehavior::DefaultNo)
+XRPL_FIX    (IncludeKeyletFields,        Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(DynamicMPT,                 Supported::no,  VoteBehavior::DefaultNo)
 XRPL_FIX    (TokenEscrowV1,              Supported::yes, VoteBehavior::DefaultNo)
-XRPL_FIX    (DelegateV1_1,               Supported::no,  VoteBehavior::DefaultNo)
-XRPL_FIX    (PriceOracleOrder,           Supported::no,  VoteBehavior::DefaultNo)
-XRPL_FIX    (MPTDeliveredAmount,         Supported::no,  VoteBehavior::DefaultNo)
+XRPL_FIX    (PriceOracleOrder,           Supported::yes, VoteBehavior::DefaultNo)
+XRPL_FIX    (MPTDeliveredAmount,         Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (AMMClawbackRounding,        Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(TokenEscrow,                Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (EnforceNFTokenTrustlineV2,  Supported::yes, VoteBehavior::DefaultNo)
@@ -45,7 +44,6 @@ XRPL_FIX    (AMMv1_3,                    Supported::yes, VoteBehavior::DefaultNo
 XRPL_FEATURE(PermissionedDEX,            Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(Batch,                      Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(SingleAssetVault,           Supported::no,  VoteBehavior::DefaultNo)
-XRPL_FEATURE(PermissionDelegation,       Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (PayChanCancelAfter,         Supported::yes, VoteBehavior::DefaultNo)
 // Check flags in Credential transactions
 XRPL_FIX    (InvalidTxFlags,             Supported::yes, VoteBehavior::DefaultNo)
@@ -79,45 +77,24 @@ XRPL_FIX    (DisallowIncomingV1,         Supported::yes, VoteBehavior::DefaultNo
 XRPL_FEATURE(XChainBridge,               Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(AMM,                        Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(Clawback,                   Supported::yes, VoteBehavior::DefaultNo)
-XRPL_FIX    (ReducedOffersV1,            Supported::yes, VoteBehavior::DefaultNo)
-XRPL_FIX    (NFTokenRemint,              Supported::yes, VoteBehavior::DefaultNo)
-XRPL_FIX    (NonFungibleTokensV1_2,      Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (UniversalNumber,            Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(XRPFees,                    Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(DisallowIncoming,           Supported::yes, VoteBehavior::DefaultNo)
-XRPL_FEATURE(ImmediateOfferKilled,       Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (RemoveNFTokenAutoTrustLine, Supported::yes, VoteBehavior::DefaultYes)
 XRPL_FIX    (TrustLinesToSelf,           Supported::yes, VoteBehavior::DefaultNo)
-XRPL_FEATURE(NonFungibleTokensV1_1,      Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(ExpandedSignerList,         Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(CheckCashMakesTrustLine,    Supported::yes, VoteBehavior::DefaultNo)
-XRPL_FIX    (RmSmallIncreasedQOffers,    Supported::yes, VoteBehavior::DefaultYes)
-XRPL_FIX    (STAmountCanonicalize,       Supported::yes, VoteBehavior::DefaultYes)
 XRPL_FEATURE(FlowSortStrands,            Supported::yes, VoteBehavior::DefaultYes)
 XRPL_FEATURE(TicketBatch,                Supported::yes, VoteBehavior::DefaultYes)
 XRPL_FEATURE(NegativeUNL,                Supported::yes, VoteBehavior::DefaultYes)
-XRPL_FIX    (AmendmentMajorityCalc,      Supported::yes, VoteBehavior::DefaultYes)
 XRPL_FEATURE(HardenedValidations,        Supported::yes, VoteBehavior::DefaultYes)
-// fix1781: XRPEndpointSteps should be included in the circular payment check
-XRPL_FIX    (1781,                       Supported::yes, VoteBehavior::DefaultYes)
 XRPL_FEATURE(RequireFullyCanonicalSig,   Supported::yes, VoteBehavior::DefaultYes)
-XRPL_FIX    (QualityUpperBound,          Supported::yes, VoteBehavior::DefaultYes)
 XRPL_FEATURE(DeletableAccounts,          Supported::yes, VoteBehavior::DefaultYes)
 XRPL_FIX    (PayChanRecipientOwnerDir,   Supported::yes, VoteBehavior::DefaultYes)
-XRPL_FIX    (CheckThreading,             Supported::yes, VoteBehavior::DefaultYes)
-XRPL_FIX    (MasterKeyAsRegularKey,      Supported::yes, VoteBehavior::DefaultYes)
-XRPL_FIX    (TakerDryOfferRemoval,       Supported::yes, VoteBehavior::DefaultYes)
 XRPL_FEATURE(MultiSignReserve,           Supported::yes, VoteBehavior::DefaultYes)
-XRPL_FIX    (1578,                       Supported::yes, VoteBehavior::DefaultYes)
-// fix1515: Use liquidity from strands that consume max offers, but mark as dry
-XRPL_FIX    (1515,                       Supported::yes, VoteBehavior::DefaultYes)
 XRPL_FEATURE(DepositPreauth,             Supported::yes, VoteBehavior::DefaultYes)
-XRPL_FIX    (1623,                       Supported::yes, VoteBehavior::DefaultYes)
-XRPL_FIX    (1543,                       Supported::yes, VoteBehavior::DefaultYes)
-XRPL_FIX    (1571,                       Supported::yes, VoteBehavior::DefaultYes)
 XRPL_FEATURE(Checks,                     Supported::yes, VoteBehavior::DefaultYes)
 XRPL_FEATURE(DepositAuth,                Supported::yes, VoteBehavior::DefaultYes)
-XRPL_FIX    (1513,                       Supported::yes, VoteBehavior::DefaultYes)
 XRPL_FEATURE(Flow,                       Supported::yes, VoteBehavior::DefaultYes)
 
 // The following amendments are obsolete, but must remain supported
@@ -131,28 +108,46 @@ XRPL_FEATURE(Flow,                       Supported::yes, VoteBehavior::DefaultYe
 //
 // If a feature remains obsolete for long enough that no clients are able
 // to vote for it, the feature can be removed (entirely?) from the code.
-XRPL_FIX    (NFTokenNegOffer,       Supported::yes, VoteBehavior::Obsolete)
-XRPL_FIX    (NFTokenDirV1,          Supported::yes, VoteBehavior::Obsolete)
-XRPL_FEATURE(NonFungibleTokensV1,   Supported::yes, VoteBehavior::Obsolete)
 XRPL_FEATURE(CryptoConditionsSuite, Supported::yes, VoteBehavior::Obsolete)
 
 // The following amendments have been active for at least two years. Their
 // pre-amendment code has been removed and the identifiers are deprecated.
-// All known amendments and amendments that may appear in a validated
-// ledger must be registered either here or above with the "active" amendments
-XRPL_RETIRE(MultiSign)
-XRPL_RETIRE(TrustSetAuth)
-XRPL_RETIRE(FeeEscalation)
-XRPL_RETIRE(PayChan)
-XRPL_RETIRE(CryptoConditions)
-XRPL_RETIRE(TickSize)
-XRPL_RETIRE(fix1368)
-XRPL_RETIRE(Escrow)
-XRPL_RETIRE(fix1373)
-XRPL_RETIRE(EnforceInvariants)
-XRPL_RETIRE(SortedDirectories)
+// All known amendments and amendments that may appear in a validated ledger
+// must be registered either here or above with the "active" amendments
+//
+// Please keep this list sorted alphabetically for convenience.
 XRPL_RETIRE(fix1201)
+XRPL_RETIRE(fix1368)
+XRPL_RETIRE(fix1373)
 XRPL_RETIRE(fix1512)
+XRPL_RETIRE(fix1513)
+XRPL_RETIRE(fix1515)
 XRPL_RETIRE(fix1523)
 XRPL_RETIRE(fix1528)
+XRPL_RETIRE(fix1543)
+XRPL_RETIRE(fix1571)
+XRPL_RETIRE(fix1578)
+XRPL_RETIRE(fix1623)
+XRPL_RETIRE(fix1781)
+XRPL_RETIRE(fixAmendmentMajorityCalc)
+XRPL_RETIRE(fixCheckThreading)
+XRPL_RETIRE(fixNonFungibleTokensV1_2)
+XRPL_RETIRE(fixNFTokenRemint)
+XRPL_RETIRE(fixMasterKeyAsRegularKey)
+XRPL_RETIRE(fixQualityUpperBound)
+XRPL_RETIRE(fixReducedOffersV1)
+XRPL_RETIRE(fixRmSmallIncreasedQOffers)
+XRPL_RETIRE(fixSTAmountCanonicalize)
+XRPL_RETIRE(fixTakerDryOfferRemoval)
+XRPL_RETIRE(CryptoConditions)
+XRPL_RETIRE(Escrow)
+XRPL_RETIRE(EnforceInvariants)
+XRPL_RETIRE(FeeEscalation)
 XRPL_RETIRE(FlowCross)
+XRPL_RETIRE(ImmediateOfferKilled)
+XRPL_RETIRE(MultiSign)
+XRPL_RETIRE(NonFungibleTokensV1_1)
+XRPL_RETIRE(PayChan)
+XRPL_RETIRE(SortedDirectories)
+XRPL_RETIRE(TickSize)
+XRPL_RETIRE(TrustSetAuth)

include/xrpl/protocol/detail/ledger_entries.macro

@@ -457,7 +457,7 @@ LEDGER_ENTRY(ltCREDENTIAL, 0x0081, Credential, credential, ({
     {sfExpiration,           soeOPTIONAL},
     {sfURI,                  soeOPTIONAL},
     {sfIssuerNode,           soeREQUIRED},
-    {sfSubjectNode,          soeREQUIRED},
+    {sfSubjectNode,          soeOPTIONAL},
     {sfPreviousTxnID,        soeREQUIRED},
     {sfPreviousTxnLgrSeq,    soeREQUIRED},
 }))

include/xrpl/protocol/detail/sfields.macro

@@ -208,6 +208,12 @@ TYPED_SFIELD(sfAssetsMaximum,            NUMBER,     3)
 TYPED_SFIELD(sfAssetsTotal,              NUMBER,     4)
 TYPED_SFIELD(sfLossUnrealized,           NUMBER,     5)
 
+// int32
+// NOTE: Do not use `sfDummyInt32`. It's so far the only use of INT32
+// in this file and has been defined here for test only.
+// TODO: Replace `sfDummyInt32` with actually useful field.
+TYPED_SFIELD(sfDummyInt32,               INT32,      1) // for tests only
+
 // currency amount (common)
 TYPED_SFIELD(sfAmount,                   AMOUNT,     1)
 TYPED_SFIELD(sfBalance,                  AMOUNT,     2)

include/xrpl/protocol/detail/transactions.macro

@@ -316,7 +316,7 @@ TRANSACTION(ttTRUST_SET, 20, TrustSet,
 #endif
 TRANSACTION(ttACCOUNT_DELETE, 21, AccountDelete,
     Delegation::notDelegatable,
-    uint256{},
+    featureDeletableAccounts,
     mustDeleteAcct,
     ({
     {sfDestination, soeREQUIRED},
@@ -332,7 +332,7 @@ TRANSACTION(ttACCOUNT_DELETE, 21, AccountDelete,
 #endif
 TRANSACTION(ttNFTOKEN_MINT, 25, NFTokenMint,
     Delegation::delegatable,
-    featureNonFungibleTokensV1,
+    uint256{},
     changeNFTCounts,
     ({
     {sfNFTokenTaxon, soeREQUIRED},
@@ -350,7 +350,7 @@ TRANSACTION(ttNFTOKEN_MINT, 25, NFTokenMint,
 #endif
 TRANSACTION(ttNFTOKEN_BURN, 26, NFTokenBurn,
     Delegation::delegatable,
-    featureNonFungibleTokensV1,
+    uint256{},
     changeNFTCounts,
     ({
     {sfNFTokenID, soeREQUIRED},
@@ -363,7 +363,7 @@ TRANSACTION(ttNFTOKEN_BURN, 26, NFTokenBurn,
 #endif
 TRANSACTION(ttNFTOKEN_CREATE_OFFER, 27, NFTokenCreateOffer,
     Delegation::delegatable,
-    featureNonFungibleTokensV1,
+    uint256{},
     noPriv,
     ({
     {sfNFTokenID, soeREQUIRED},
@@ -379,7 +379,7 @@ TRANSACTION(ttNFTOKEN_CREATE_OFFER, 27, NFTokenCreateOffer,
 #endif
 TRANSACTION(ttNFTOKEN_CANCEL_OFFER, 28, NFTokenCancelOffer,
     Delegation::delegatable,
-    featureNonFungibleTokensV1,
+    uint256{},
     noPriv,
     ({
     {sfNFTokenOffers, soeREQUIRED},
@@ -391,7 +391,7 @@ TRANSACTION(ttNFTOKEN_CANCEL_OFFER, 28, NFTokenCancelOffer,
 #endif
 TRANSACTION(ttNFTOKEN_ACCEPT_OFFER, 29, NFTokenAcceptOffer,
     Delegation::delegatable,
-    featureNonFungibleTokensV1,
+    uint256{},
     noPriv,
     ({
     {sfNFTokenBuyOffer, soeOPTIONAL},
@@ -837,7 +837,7 @@ TRANSACTION(ttPERMISSIONED_DOMAIN_DELETE, 63, PermissionedDomainDelete,
 #endif
 TRANSACTION(ttDELEGATE_SET, 64, DelegateSet,
     Delegation::notDelegatable,
-    featurePermissionDelegation,
+    featurePermissionDelegationV1_1,
     noPriv,
     ({
     {sfAuthorize, soeREQUIRED},
@@ -851,7 +851,7 @@ TRANSACTION(ttDELEGATE_SET, 64, DelegateSet,
 TRANSACTION(ttVAULT_CREATE, 65, VaultCreate,
     Delegation::delegatable,
     featureSingleAssetVault,
-    createPseudoAcct | createMPTIssuance,
+    createPseudoAcct | createMPTIssuance | mustModifyVault,
     ({
     {sfAsset, soeREQUIRED, soeMPTSupported},
     {sfAssetsMaximum, soeOPTIONAL},
@@ -869,7 +869,7 @@ TRANSACTION(ttVAULT_CREATE, 65, VaultCreate,
 TRANSACTION(ttVAULT_SET, 66, VaultSet,
     Delegation::delegatable,
     featureSingleAssetVault,
-    noPriv,
+    mustModifyVault,
     ({
     {sfVaultID, soeREQUIRED},
     {sfAssetsMaximum, soeOPTIONAL},
@@ -884,7 +884,7 @@ TRANSACTION(ttVAULT_SET, 66, VaultSet,
 TRANSACTION(ttVAULT_DELETE, 67, VaultDelete,
     Delegation::delegatable,
     featureSingleAssetVault,
-    mustDeleteAcct | destroyMPTIssuance,
+    mustDeleteAcct | destroyMPTIssuance | mustModifyVault,
     ({
     {sfVaultID, soeREQUIRED},
 }))
@@ -896,7 +896,7 @@ TRANSACTION(ttVAULT_DELETE, 67, VaultDelete,
 TRANSACTION(ttVAULT_DEPOSIT, 68, VaultDeposit,
     Delegation::delegatable,
     featureSingleAssetVault,
-    mayAuthorizeMPT,
+    mayAuthorizeMPT | mustModifyVault,
     ({
     {sfVaultID, soeREQUIRED},
     {sfAmount, soeREQUIRED, soeMPTSupported},
@@ -909,7 +909,7 @@ TRANSACTION(ttVAULT_DEPOSIT, 68, VaultDeposit,
 TRANSACTION(ttVAULT_WITHDRAW, 69, VaultWithdraw,
     Delegation::delegatable,
     featureSingleAssetVault,
-    mayDeleteMPT,
+    mayDeleteMPT | mayAuthorizeMPT | mustModifyVault,
     ({
     {sfVaultID, soeREQUIRED},
     {sfAmount, soeREQUIRED, soeMPTSupported},
@@ -924,7 +924,7 @@ TRANSACTION(ttVAULT_WITHDRAW, 69, VaultWithdraw,
 TRANSACTION(ttVAULT_CLAWBACK, 70, VaultClawback,
     Delegation::delegatable,
     featureSingleAssetVault,
-    mayDeleteMPT,
+    mayDeleteMPT | mustModifyVault,
     ({
     {sfVaultID, soeREQUIRED},
     {sfHolder, soeREQUIRED},

include/xrpl/protocol/jss.h

@@ -569,6 +569,7 @@ JSS(settle_delay);            // out: AccountChannels
 JSS(severity);                // in: LogLevel
 JSS(shares);                  // out: VaultInfo
 JSS(signature);               // out: NetworkOPs, ChannelAuthorize
+JSS(signature_target);        // in: TransactionSign
 JSS(signature_verified);      // out: ChannelVerify
 JSS(signing_key);             // out: NetworkOPs
 JSS(signing_keys);            // out: ValidatorList

include/xrpl/resource/Consumer.h

@@ -21,6 +21,7 @@
 #define RIPPLE_RESOURCE_CONSUMER_H_INCLUDED
 
 #include <xrpl/basics/Log.h>
+#include <xrpl/protocol/PublicKey.h>
 #include <xrpl/resource/Charge.h>
 #include <xrpl/resource/Disposition.h>
 
@@ -87,6 +88,9 @@ public:
     Entry&
     entry();
 
+    void
+    setPublicKey(PublicKey const& publicKey);
+
 private:
     Logic* m_logic;
     Entry* m_entry;

include/xrpl/resource/detail/Entry.h

@@ -53,7 +53,7 @@ struct Entry : public beast::List<Entry>::Node
     std::string
     to_string() const
     {
-        return key->address.to_string();
+        return getFingerprint(key->address, publicKey);
     }
 
     /**
@@ -82,6 +82,9 @@ struct Entry : public beast::List<Entry>::Node
         return local_balance.add(charge, now) + remote_balance;
     }
 
+    // The public key of the peer
+    std::optional<PublicKey> publicKey;
+
     // Back pointer to the map key (bit of a hack here)
     Key const* key;
 

include/xrpl/resource/detail/Logic.h

@@ -436,10 +436,12 @@ public:
                     admin_.erase(admin_.iterator_to(entry));
                     break;
                 default:
+                    // LCOV_EXCL_START
                     UNREACHABLE(
                         "ripple::Resource::Logic::release : invalid entry "
                         "kind");
                     break;
+                    // LCOV_EXCL_STOP
             }
             inactive_.push_back(entry);
             entry.whenExpires = m_clock.now() + secondsUntilExpiration;

include/xrpl/server/detail/Door.h

@@ -30,15 +30,29 @@
 #include <boost/asio/buffer.hpp>
 #include <boost/asio/io_context.hpp>
 #include <boost/asio/ip/tcp.hpp>
+#include <boost/asio/post.hpp>
 #include <boost/asio/spawn.hpp>
+#include <boost/asio/steady_timer.hpp>
 #include <boost/beast/core/detect_ssl.hpp>
 #include <boost/beast/core/multi_buffer.hpp>
 #include <boost/beast/core/tcp_stream.hpp>
 #include <boost/container/flat_map.hpp>
+#include <boost/predef.h>
 
+#if !BOOST_OS_WINDOWS
+#include <sys/resource.h>
+
+#include <dirent.h>
+#include <unistd.h>
+#endif
+
+#include <algorithm>
 #include <chrono>
+#include <cstdint>
 #include <functional>
 #include <memory>
+#include <optional>
+#include <sstream>
 
 namespace ripple {
 
@@ -98,10 +112,27 @@ private:
     boost::asio::strand<boost::asio::io_context::executor_type> strand_;
     bool ssl_;
     bool plain_;
+    static constexpr std::chrono::milliseconds INITIAL_ACCEPT_DELAY{50};
+    static constexpr std::chrono::milliseconds MAX_ACCEPT_DELAY{2000};
+    std::chrono::milliseconds accept_delay_{INITIAL_ACCEPT_DELAY};
+    boost::asio::steady_timer backoff_timer_;
+    static constexpr double FREE_FD_THRESHOLD = 0.70;
+
+    struct FDStats
+    {
+        std::uint64_t used{0};
+        std::uint64_t limit{0};
+    };
 
     void
     reOpen();
 
+    std::optional<FDStats>
+    query_fd_stats() const;
+
+    bool
+    should_throttle_for_fds();
+
 public:
     Door(
         Handler& handler,
@@ -299,6 +330,7 @@ Door<Handler>::Door(
     , plain_(
           port_.protocol.count("http") > 0 || port_.protocol.count("ws") > 0 ||
           port_.protocol.count("ws2"))
+    , backoff_timer_(io_context)
 {
     reOpen();
 }
@@ -323,6 +355,7 @@ Door<Handler>::close()
         return boost::asio::post(
             strand_,
             std::bind(&Door<Handler>::close, this->shared_from_this()));
+    backoff_timer_.cancel();
     error_code ec;
     acceptor_.close(ec);
 }
@@ -368,6 +401,17 @@ Door<Handler>::do_accept(boost::asio::yield_context do_yield)
 {
     while (acceptor_.is_open())
     {
+        if (should_throttle_for_fds())
+        {
+            backoff_timer_.expires_after(accept_delay_);
+            boost::system::error_code tec;
+            backoff_timer_.async_wait(do_yield[tec]);
+            accept_delay_ = std::min(accept_delay_ * 2, MAX_ACCEPT_DELAY);
+            JLOG(j_.warn()) << "Throttling do_accept for "
+                            << accept_delay_.count() << "ms.";
+            continue;
+        }
+
         error_code ec;
         endpoint_type remote_address;
         stream_type stream(ioc_);
@@ -377,15 +421,28 @@ Door<Handler>::do_accept(boost::asio::yield_context do_yield)
         {
             if (ec == boost::asio::error::operation_aborted)
                 break;
-            JLOG(j_.error()) << "accept: " << ec.message();
-            if (ec == boost::asio::error::no_descriptors)
+
+            if (ec == boost::asio::error::no_descriptors ||
+                ec == boost::asio::error::no_buffer_space)
             {
-                JLOG(j_.info()) << "re-opening acceptor";
-                reOpen();
+                JLOG(j_.warn()) << "accept: Too many open files. Pausing for "
+                                << accept_delay_.count() << "ms.";
+
+                backoff_timer_.expires_after(accept_delay_);
+                boost::system::error_code tec;
+                backoff_timer_.async_wait(do_yield[tec]);
+
+                accept_delay_ = std::min(accept_delay_ * 2, MAX_ACCEPT_DELAY);
+            }
+            else
+            {
+                JLOG(j_.error()) << "accept error: " << ec.message();
             }
             continue;
         }
 
+        accept_delay_ = INITIAL_ACCEPT_DELAY;
+
         if (ssl_ && plain_)
         {
             if (auto sp = ios().template emplace<Detector>(
@@ -408,6 +465,60 @@ Door<Handler>::do_accept(boost::asio::yield_context do_yield)
     }
 }
 
+template <class Handler>
+std::optional<typename Door<Handler>::FDStats>
+Door<Handler>::query_fd_stats() const
+{
+#if BOOST_OS_WINDOWS
+    return std::nullopt;
+#else
+    FDStats s;
+    struct rlimit rl;
+    if (getrlimit(RLIMIT_NOFILE, &rl) != 0 || rl.rlim_cur == RLIM_INFINITY)
+        return std::nullopt;
+    s.limit = static_cast<std::uint64_t>(rl.rlim_cur);
+#if BOOST_OS_LINUX
+    constexpr char const* kFdDir = "/proc/self/fd";
+#else
+    constexpr char const* kFdDir = "/dev/fd";
+#endif
+    if (DIR* d = ::opendir(kFdDir))
+    {
+        std::uint64_t cnt = 0;
+        while (::readdir(d) != nullptr)
+            ++cnt;
+        ::closedir(d);
+        // readdir counts '.', '..', and the DIR* itself shows in the list
+        s.used = (cnt >= 3) ? (cnt - 3) : 0;
+        return s;
+    }
+    return std::nullopt;
+#endif
+}
+
+template <class Handler>
+bool
+Door<Handler>::should_throttle_for_fds()
+{
+#if BOOST_OS_WINDOWS
+    return false;
+#else
+    auto const stats = query_fd_stats();
+    if (!stats || stats->limit == 0)
+        return false;
+
+    auto const& s = *stats;
+    auto const free = (s.limit > s.used) ? (s.limit - s.used) : 0ull;
+    double const free_ratio =
+        static_cast<double>(free) / static_cast<double>(s.limit);
+    if (free_ratio < FREE_FD_THRESHOLD)
+    {
+        return true;
+    }
+    return false;
+#endif
+}
+
 }  // namespace ripple
 
 #endif

include/xrpl/shamap/Family.h

@@ -20,11 +20,10 @@
 #ifndef RIPPLE_SHAMAP_FAMILY_H_INCLUDED
 #define RIPPLE_SHAMAP_FAMILY_H_INCLUDED
 
-#include <xrpld/nodestore/Database.h>
-#include <xrpld/shamap/FullBelowCache.h>
-#include <xrpld/shamap/TreeNodeCache.h>
-
 #include <xrpl/beast/utility/Journal.h>
+#include <xrpl/nodestore/Database.h>
+#include <xrpl/shamap/FullBelowCache.h>
+#include <xrpl/shamap/TreeNodeCache.h>
 
 #include <cstdint>
 

include/xrpl/shamap/SHAMap.h

@@ -20,21 +20,19 @@
 #ifndef RIPPLE_SHAMAP_SHAMAP_H_INCLUDED
 #define RIPPLE_SHAMAP_SHAMAP_H_INCLUDED
 
-#include <xrpld/nodestore/Database.h>
-#include <xrpld/nodestore/NodeObject.h>
-#include <xrpld/shamap/Family.h>
-#include <xrpld/shamap/SHAMapAddNode.h>
-#include <xrpld/shamap/SHAMapInnerNode.h>
-#include <xrpld/shamap/SHAMapItem.h>
-#include <xrpld/shamap/SHAMapLeafNode.h>
-#include <xrpld/shamap/SHAMapMissingNode.h>
-#include <xrpld/shamap/SHAMapTreeNode.h>
-#include <xrpld/shamap/TreeNodeCache.h>
-
 #include <xrpl/basics/IntrusivePointer.h>
 #include <xrpl/basics/UnorderedContainers.h>
 #include <xrpl/beast/utility/Journal.h>
 #include <xrpl/beast/utility/instrumentation.h>
+#include <xrpl/nodestore/Database.h>
+#include <xrpl/nodestore/NodeObject.h>
+#include <xrpl/shamap/Family.h>
+#include <xrpl/shamap/SHAMapAddNode.h>
+#include <xrpl/shamap/SHAMapInnerNode.h>
+#include <xrpl/shamap/SHAMapItem.h>
+#include <xrpl/shamap/SHAMapLeafNode.h>
+#include <xrpl/shamap/SHAMapMissingNode.h>
+#include <xrpl/shamap/SHAMapTreeNode.h>
 
 #include <set>
 #include <stack>

include/xrpl/shamap/SHAMapAccountStateLeafNode.h

@@ -20,12 +20,11 @@
 #ifndef RIPPLE_SHAMAP_SHAMAPACCOUNTSTATELEAFNODE_H_INCLUDED
 #define RIPPLE_SHAMAP_SHAMAPACCOUNTSTATELEAFNODE_H_INCLUDED
 
-#include <xrpld/shamap/SHAMapItem.h>
-#include <xrpld/shamap/SHAMapLeafNode.h>
-
 #include <xrpl/basics/CountedObject.h>
 #include <xrpl/protocol/HashPrefix.h>
 #include <xrpl/protocol/digest.h>
+#include <xrpl/shamap/SHAMapItem.h>
+#include <xrpl/shamap/SHAMapLeafNode.h>
 
 namespace ripple {
 

include/xrpl/shamap/SHAMapInnerNode.h

@@ -20,10 +20,9 @@
 #ifndef RIPPLE_SHAMAP_SHAMAPINNERNODE_H_INCLUDED
 #define RIPPLE_SHAMAP_SHAMAPINNERNODE_H_INCLUDED
 
-#include <xrpld/shamap/SHAMapNodeID.h>
-#include <xrpld/shamap/detail/TaggedPointer.h>
-
 #include <xrpl/basics/IntrusivePointer.h>
+#include <xrpl/shamap/SHAMapNodeID.h>
+#include <xrpl/shamap/detail/TaggedPointer.h>
 
 #include <atomic>
 #include <cstdint>

include/xrpl/shamap/SHAMapLeafNode.h

@@ -20,8 +20,8 @@
 #ifndef RIPPLE_SHAMAP_SHAMAPLEAFNODE_H_INCLUDED
 #define RIPPLE_SHAMAP_SHAMAPLEAFNODE_H_INCLUDED
 
-#include <xrpld/shamap/SHAMapItem.h>
-#include <xrpld/shamap/SHAMapTreeNode.h>
+#include <xrpl/shamap/SHAMapItem.h>
+#include <xrpl/shamap/SHAMapTreeNode.h>
 
 #include <cstdint>
 

include/xrpl/shamap/SHAMapMissingNode.h

@@ -20,9 +20,8 @@
 #ifndef RIPPLE_SHAMAP_SHAMAPMISSINGNODE_H_INCLUDED
 #define RIPPLE_SHAMAP_SHAMAPMISSINGNODE_H_INCLUDED
 
-#include <xrpld/shamap/SHAMapTreeNode.h>
-
 #include <xrpl/basics/base_uint.h>
+#include <xrpl/shamap/SHAMapTreeNode.h>
 
 #include <iosfwd>
 #include <stdexcept>

include/xrpl/shamap/SHAMapSyncFilter.h

@@ -20,7 +20,7 @@
 #ifndef RIPPLE_SHAMAP_SHAMAPSYNCFILTER_H_INCLUDED
 #define RIPPLE_SHAMAP_SHAMAPSYNCFILTER_H_INCLUDED
 
-#include <xrpld/shamap/SHAMapTreeNode.h>
+#include <xrpl/shamap/SHAMapTreeNode.h>
 
 #include <optional>
 

include/xrpl/shamap/SHAMapTreeNode.h

@@ -20,13 +20,12 @@
 #ifndef RIPPLE_SHAMAP_SHAMAPTREENODE_H_INCLUDED
 #define RIPPLE_SHAMAP_SHAMAPTREENODE_H_INCLUDED
 
-#include <xrpld/shamap/SHAMapItem.h>
-#include <xrpld/shamap/SHAMapNodeID.h>
-
 #include <xrpl/basics/IntrusivePointer.h>
 #include <xrpl/basics/IntrusiveRefCounts.h>
 #include <xrpl/basics/SHAMapHash.h>
 #include <xrpl/protocol/Serializer.h>
+#include <xrpl/shamap/SHAMapItem.h>
+#include <xrpl/shamap/SHAMapNodeID.h>
 
 #include <cstdint>
 #include <string>

include/xrpl/shamap/SHAMapTxLeafNode.h

@@ -20,12 +20,11 @@
 #ifndef RIPPLE_SHAMAP_SHAMAPTXLEAFNODE_H_INCLUDED
 #define RIPPLE_SHAMAP_SHAMAPTXLEAFNODE_H_INCLUDED
 
-#include <xrpld/shamap/SHAMapItem.h>
-#include <xrpld/shamap/SHAMapLeafNode.h>
-
 #include <xrpl/basics/CountedObject.h>
 #include <xrpl/protocol/HashPrefix.h>
 #include <xrpl/protocol/digest.h>
+#include <xrpl/shamap/SHAMapItem.h>
+#include <xrpl/shamap/SHAMapLeafNode.h>
 
 namespace ripple {
 

include/xrpl/shamap/SHAMapTxPlusMetaLeafNode.h

@@ -20,12 +20,11 @@
 #ifndef RIPPLE_SHAMAP_SHAMAPLEAFTXPLUSMETANODE_H_INCLUDED
 #define RIPPLE_SHAMAP_SHAMAPLEAFTXPLUSMETANODE_H_INCLUDED
 
-#include <xrpld/shamap/SHAMapItem.h>
-#include <xrpld/shamap/SHAMapLeafNode.h>
-
 #include <xrpl/basics/CountedObject.h>
 #include <xrpl/protocol/HashPrefix.h>
 #include <xrpl/protocol/digest.h>
+#include <xrpl/shamap/SHAMapItem.h>
+#include <xrpl/shamap/SHAMapLeafNode.h>
 
 namespace ripple {