This was a high-velocity week for rippled development, with 38 PRs merged to the develop branch spanning a massive code-generator for transactions/ledger entries, sustained clang-tidy code quality improvements, ASAN/TSAN sanitizer fixes, and several protocol-level fixes for Oracle, NFT, Permission Delegation, and DID features. On the standards side, XRPL-Standards merged governance improvements to prevent unauthorized XLS number assignments. In Clio (the API server), fallback writer recovery — flagged as "In Progress" last week — merged successfully. No tagged releases shipped this week.
This was a heavy development week for the XRP Ledger codebase, though no new software releases shipped. The most significant technical change landed in rippled's development branch (which is not yet live on the network): a new auto-generation pipeline that builds typed code representations for every transaction type and ledger entry directly from the schema. Previously, developers had to manually maintain these files — now they're generated automatically. This reduces the chance of mistakes when new features are added and makes the codebase easier to extend.
For the API server Clio — used by many node operators and developers for efficient read queries — a meaningful reliability improvement merged this week. In a Clio cluster (multiple nodes working together), any single node could get stuck in a "Fallback" mode with no way to exit except restarting the whole cluster. The fix adds a one-hour recovery timer: stuck nodes will now automatically try to resume normal operation on their own. Separately, a new Clio bug was flagged by the community: the transactions_proposed subscription stream behaves differently than documented when API version 2 is specified — something Clio developers are now tracking. Also noteworthy in the standards area: the rules for how new XLS spec numbers get assigned were tightened. Previously anyone could trigger the bot to self-assign a number; now a maintainer must approve first.
A wave of new bug reports — over 10 in total — was filed against rippled this week, covering edge cases in Oracle pricing, NFT transactions, Decentralized Identity (DID), Multi-Purpose Tokens (MPT), and the Permissioned DEX. All are currently open; none are confirmed vulnerabilities or have labeled severity beyond "Bug." Two are explicitly marked as good starting points for new contributors: one about the Oracle's get_aggregate_price API accepting duplicate entries that skew results, and another about book_offers not checking whether a specified domain actually exists in the ledger.
For ongoing updates, follow @XRPLF and @RippleXDev on X, and check the XRPLF GitHub organization directly for the latest merged work.
Note: All rippled changes below were merged to the develop branch and are not yet live on the network. A tagged release is required for any change to reach production.
Code generator for transactions and ledger entries (rippled#6443, +59,363/−5 across 237 files, merged to develop) — The largest single merge this week by line count. Adds an auto-generation pipeline that produces typed C++ classes for every transaction type and ledger entry directly from the schema, eliminating hand-maintained boilerplate. This lays groundwork for the Typed Ledger Entry Views proposal and will reduce the maintenance burden when new transaction types are added. Submitted by an external contributor.
A sustained push to harden the codebase with clang-tidy checks produced multiple large merges this week:
cppcoreguidelines checks (rippled#6538, +425/−398 across 148 files) — Enables the rest of the core guidelines checks; approved by a core team reviewer.bugprone-use-after-move (rippled#6476, +43/−38 across 7 files) — Prevents use of moved-from objects; approved.bugprone-unused-return-value (rippled#6475, +12/−7 across 8 files) — Flags intentionally ignored return values at call sites; approved.bugprone-unchecked-optional-access test fixes (rippled#6502, +495/−150 across 55 files) — Companion test cleanup for the unchecked-optional check; approved by a core team reviewer.bugprone-crtp-constructor-accessibility check; approved.switch-missing-default-case (rippled#6461, +51/−45 across 12 files) — Requires default cases in switch statements.isTesSuccess patterns (rippled#6409, +178/−177 across 60 files) — Replaces inline == tesSUCCESS comparisons with the helper function for readability.Switch to boost::coroutine2 (rippled#6372, +82/−42 across 9 files) — Replaces boost::coroutine (v1) with boost::coroutine2 and the ucontext backend so ASAN can correctly track coroutine context switches, eliminating a large class of false positives. Submitted by an external contributor; approved.
Add no-ASAN macro for Throw statements (rippled#6373, +31/−4 across 4 files) — Adds a suppression macro around the Throw function where exception unwinding confuses ASAN stack tracking; approved.
Move sanitizer runtime options to dedicated files (rippled#6371, +40/−17 across 9 files) — Consolidates ASAN/TSAN runtime options from scattered definitions into shared files usable by both CI and local developer runs.
Fix memory leaks in HTTPClient (rippled#6370, +93/−62 across 4 files) — Adds cleanupSSLContext() and refactors tests to use RAII so the global SSL context is never leaked; approved by a core team reviewer.
Remove nonexistent boost::coroutine2 library reference (rippled#6561, 0/−1) — Follow-up cleanup from #6372; approved.
Rename transactor files/classes to match transaction names (rippled#6580, +197/−226 across 47 files) — Aligns class/file names with canonical transaction names (e.g., SetTrust → TrustSet, PayChanCreate → PaymentChannelCreate). Long-standing annoyance resolved; approved.
Move ledger entry helper functions to dedicated files (rippled#6453, +4,836/−4,348 across 42 files) — Reorganizes View.h/View.cpp helper functions into per-ledger-entry-type files (DirectoryHelpers, etc.) as a preparatory step for Typed Ledger Entry Views. Approved by a core team reviewer; needs one additional review before merge.
Clean up getFeePayer, mSourceBalance, mPriorBalance (rippled#6478, +88/−87 across 33 files) — Introduces STTx::getFeePayer(), removes mSourceBalance, renames mPriorBalance to preFeeBalance_ for clarity. Simplifies Permission Delegation code; approved by 2 reviewers.
Remove dead code in escrow helper (rippled#6553, +3/−4) and clean up tec object deletion logic (rippled#6588, +61/−46) — Small targeted cleanups.
SecretKey comparison operators moved to test-only code (rippled#6503, +48/−21 across 6 files) — Removes operator==/operator!= on SecretKey from the public library header to prevent accidental use in production code.
Rename system name from ripple to xrpld (rippled#6347) — Per XLS-95, renames the system name used for config paths. Currently has outstanding change requests from a core team reviewer (minor naming edge case).
Fix empty permission list handling in DelegateSet (rippled#6542, +55/−31 across 2 files) — Under Permission Delegation (XLS-75): if no Delegate object exists, an empty permission list is now rejected in preclaim (only valid when deleting an existing Delegate). Previously the error wasn't caught until doApply.
Confidential MPT: update sfBlindingFactor to uint256 and refactor helpers (rippled#6565, +108/−111 across 10 files) — Confidential MPT (XLS-96) in-development work: type correction and helper function refactor returning std::optional.
Rename privacy flags and public key names (rippled#6550, +233/−220 across 18 files) — Renames fields like sfIssuerElGamalPublicKey → sfIssuerEncryptionKey in the Confidential MPT feature. Mirrors the XRPL-Standards change below.
Rename fixLendingProtocolV1_1 to featureLendingProtocolV1_1 (rippled#6527, +13/−13 across 4 files) — Corrects the amendment macro: LendingProtocolV1_1 is a feature amendment, not a fix.
Assorted Oracle fixes (rippled#6570) — Fixes a potential negative value in an unsigned variable and improves get_aggregate_price performance by avoiding repeat computation.
Assorted NFT fixes (rippled#6566) — Fixes incorrect flag references in NFT code (same value, different variable — no amendment needed).
Assorted DID fixes (rippled#6552) — Fixes tests that were silently not running, renames Attestation to Data, and scopes a helper function.
Peer crawler port field type inconsistency fixed (rippled#6318, closes #5029) — The port field in the peer crawler API was returned as a string for outbound peers but an integer for inbound peers. Now consistently returned as an integer. Submitted by an AI-assisted contributor; approved.
Remove superfluous view update from credentials (rippled#6545) — When an issuer creates credentials, the subject account's ledger entry was unnecessarily being updated. Removed.
Fallback writer recovery (clio#3000, +738/−37 across 16 files, closes #2997) — Noted as "close to landing" last week, this is now merged. Adds a FallbackRecovery state and hourly timer so Clio nodes can automatically attempt to exit a stuck Fallback database writer state without requiring a full cluster restart. Approved by a core team reviewer.
Fix proxy IP resolution (clio#3006) — Resolves the proxy IP before any request processing begins; approved.
Clang-tidy auto-fixes (clio#3004, closes clio#3003) — Automated fixes for clang-tidy-detected issues.
Governance: XLS numbers now require maintainer approval (XRPL-Standards#483) — The bot that assigns XLS numbers will now only do so after a maintainer approves the PR, preventing any contributor from self-assigning a number. Companion PR #467 adds concurrency handling to prevent collisions when multiple PRs are assigned simultaneously.
Rename Confidential MPT privacy fields (XRPL-Standards#501) — Renames ElGamal key fields to encryption key fields in the XLS-96 spec; mirrors the rippled change above.
Navbar icon refresh (xrpl-dev-portal#3544, +99/−103 across 20 files) — Resizes all navbar SVG icons from 24×24 to 18×18 with updated artwork, adds dedicated icons for Community submenu items, and standardizes fill colors as part of the ongoing brand refresh.
IOPS improvement for NuDB and RocksDB (rippled#6569, +852/−62 across 9 files, draft) — Parallelizes reads and writes in both database backends using thread pools (NuDB) and new read/write options (RocksDB). Still in draft/DraftRunCI stage; an AI reviewer flagged potential race conditions and division-by-zero risks. Worth watching for operators concerned about storage performance.
Protocol version 2.3: Replace node ID with depth in TMLedgerNode (rippled#6353, +778/−114 across 21 files, QE test required) — Introduces protocol version LedgerNodeDepth, reducing the per-message footprint for leaf nodes by replacing a 32-byte node ID with a 2-byte depth field. Addresses an earlier finding where a crafted message with a mismatched node ID could cause issues. AI-approved; awaiting QE testing.
Identifier naming: largest draft in flight (rippled#6571, +28,619/−33,267 across 737 files, draft) — Applies clang-tidy readability-identifier-naming rules uniformly across the entire codebase. Still a draft/exploratory PR; its size means it will require careful sequencing with other in-flight changes.
Enable more readability checks (rippled#6595, +971/−952 across 249 files, draft) — Another batch of readability check enablements; still in draft.
Concentrated Liquidity AMM (CLAMM) implementation (rippled#6605, +15,130/−46 across 57 files) — External contributor submitted a full implementation of XLS-99, introducing 4 new ledger entries (CLAMM, CLAMMTick, CLAMMPosition, auction slot), 7 transaction types, and 4 RPCs. This is early-stage — the spec itself was just assigned XLS-99 — but notable as the first implementation draft.
Transaction-specific invariant checking (rippled#6551, +2,406/−13 across 139 files) — Introduces visitInvariantEntry/finalizeInvariants virtual methods on Transactor so each transaction type can define its own post-condition checks, complementing the existing protocol-wide invariants. Under AI and human review.
Granular permission template for delegation (rippled#6613, +240/−41 across 8 files) — Permission Delegation (XLS-75): adds per-transaction granular templates to permissions.macro, enforcing which fields and flags are valid in a delegated transaction. Under review; AI flagged potential sandbox validation issues.
Decouple reserve from fee in delegate payment (rippled#6568, +121/−4 across 2 files) — Fixes Payment.cpp logic when the fee payer is not the transaction source account.
Deduplicate oracle entries in get_aggregate_price (rippled#6586, closes #6583) — External contributor addressing a filed bug: the same oracle could be listed multiple times in the request, inflating aggregate statistics. Tests being refined; awaiting maintainer decision on "error vs. silently deduplicate."
Add MPT support to DEX (XLS-82) (rippled#5285, +34,251/−3,985 across 199 files, labeled "Blocked: Needs Final XLS") — Large in-progress PR enabling MPTs in Payment, OfferCreate, CheckCash, and AMM transactions. Active review comments; blocked on the final XLS-82 spec.
Confidential MPT (XLS-96) (rippled#5860, labeled "Blocked: Needs Final XLS") — WIP for confidential transfers on MPTs; ongoing audit fixes. Active development continues.
Token-Enabled Payment Channels (XLS-93) (rippled#5448, labeled "Blocked: Needs Draft XLS") — Allows payment channels to carry token (MPT/IOU) balances. Waiting on a formal draft XLS before it can proceed.
xrpl-py: XLS-68 Sponsored Fees and Reserves (xrpl-py#921, +3,272/−41 across 33 files) — Updated and renamed from last week's #920; adds SponsorSignerSet, SponsorSignerTransfer transaction types and related ledger entries to the Python SDK. Under automated review; active development.
xrpl.js: Add algorithm property to Wallet class (xrpl.js#3220) — Adds a public readonly algorithm field to the Wallet class so developers can always determine which signing algorithm (secp256k1 or ed25519) was used. Closes #3190; active review.
xrpl.js: Add missing fields to request/response types (xrpl.js#3217) — Adds limit/marker pagination fields to NFT offer types, account to AMMInfoRequest, and ledger index fields to AccountNFTsResponse. Under active review; CI issues being addressed.
xrpl-dev-portal: Account deletion doc update + new tutorial (xrpl-dev-portal#3529, +789/−17 across 13 files, approved) — Updates account deletion requirements to reflect newer deletion blockers (NFT-related, etc.) and adds a new JavaScript + Python tutorial. Approved by a reviewer; awaiting merge. Labeled as needing Japanese translation.
xrpl-dev-portal: XLS-82 MPT DEX Integration docs (xrpl-dev-portal#3537) — Updates concept and reference docs for MPTs on the DEX. JSON examples still need real transactions; amendment disclaimer badge pending.
xrpl4j: Single Asset Vault support (XLS-65) (xrpl4j#713, +7,543/−155 across 95 files) — Adds all six Vault transactions (VaultCreate, VaultSet, VaultDelete, VaultDeposit, VaultWithdraw, VaultClawback), ledger objects, RPC, and binary codec changes to the Java SDK. Uses rippled 3.1.0 as source of truth.
xrpl4j: XLS-68 Sponsored Fees and Reserves (xrpl4j#716, +2,889/−4 across 39 files) — Parallel to xrpl-py work: adds sponsorship support to the Java SDK.
xrpl4j: XLS-82 MPT-DEX support (xrpl4j#704, +7,430/−1,292 across 58 files) — Java SDK support for MPTs on the DEX; build currently broken per reviewer comment.
opensource.ripple.com: XLS-96 Confidential Transfers docs (opensource.ripple.com#201, +772/−0 across 12 files, approved) — Reference and concept documentation for Confidential Transfers (XLS-96). Approved; tutorials will be added in a follow-up PR.
LedgerNodeDepth): This introduces a new rippled protocol version. Once it clears QE testing, it will affect how nodes communicate during ledger sync. Validators and operators should track this for upgrade planning.get_aggregate_price — worth following if you use price oracle aggregation.XLS number governance tightened — Two infrastructure PRs merged this week (XRPL-Standards#483 and #467) prevent contributors from self-assigning XLS numbers and add concurrency safeguards to the assignment bot. The XLS-98 assignment (XRPL-Standards#493) showed the old system in action — a contributor self-assigned, the bot then reassigned correctly.
New wave of rippled issues filed — A core team collaborator filed 10+ new issues this week covering bugs across NFT, Oracle, DID, MPT, Permissioned DEX, and escrow. Notable ones labeled Bug: #6614 (removeDeletedTrustLines skips all cleanup when trust line count exceeds limit), #6611 (incomplete temEMPTY_DID check in DIDSet allows some empty transactions to pass), #6591 (CheckCash returns wrong error code when issuer freezes after check creation), and #6584 (Oracle URI field cannot be cleared once set). #6589 (book_offers doesn't validate domain existence) and #6583 (duplicate oracle entries skew aggregate pricing) are labeled Good First Issue.
Clio: transactions_proposed stream inconsistency — A new issue (clio#3007) was filed after a community report on X about inconsistent behavior in Clio's transactions_proposed subscription stream when api_version=2 is specified. According to the report, proposed transactions were not being returned in the format the API docs describe for v2.
Zero-Trust AI Oracles discussion (XRPL-Standards#500) — A community member opened a pre-proposal discussion for an "XLS-Draft: Zero-Trust AI Oracles (ZTAO)" concept, describing a standard for verifying off-chain AI inference on-ledger using cryptographic enclaves. Currently a discussion only, with no assigned XLS number.
Vault Metadata Standard (XLS-98) (XRPL-Standards#493) — A community member building a yield protocol on XRPL commented in support of the proposed vault metadata fields, noting they're directly useful for discoverability in multi-vault scenarios.
Developer portal: sidebar badges and "for LLMs" export bugs — Two issues filed by a core team collaborator: #3545 proposes conventions for new Redocly sidebar badges (feature flag status, amendment state), and #3542 reports that the Markdown/"for LLMs" export of pages omits content rendered by custom Markdoc components like {% child-pages /%} — meaning the machine-readable version of key reference pages is incomplete.
Compared to last week (March 9–15, 2026):
| Metric | This Week | Last Week | Change |
| Repos with activity | 8 | 7 | ↑1 |
| rippled PRs merged | 38 | 33 | ↑5 |
| rippled PRs opened | 28 | 17 | ↑11 |
| rippled commits | 40 | 34 | ↑6 |
| rippled new issues filed | 11 | 4 | ↑7 |
| xrpl-dev-portal PRs merged | 1 | 2 | ↓1 |
| xrpl-dev-portal PRs opened | 5 | 0 | ↑5 |
| xrpl.js PRs merged | 2 | 1 | ↑1 |
| xrpl.js PRs opened | 9 | 1 | ↑8 |
| xrpl.js commits | 2 | 1 | ↑1 |
| xrpl-py PRs opened | 1 | 1 | flat |
| XRPL-Standards PRs merged | 4 | 0 | ↑4 |
| XRPL-Standards PRs opened | 4 | 6 | ↓2 |
| XRPL-Standards commits | 4 | — | — |
| clio PRs merged | 3 | 13 | ↓10 |
| clio PRs opened | 1 | 1 | flat |
| clio commits | 4 | 15 | ↓11 |
| xrpl4j PRs merged | 2 | 1 | ↑1 |
| xrpl4j PRs opened | 4 | 2 | ↑2 |
| xrpl4j commits | 2 | 1 | ↑1 |
| opensource.ripple.com PRs opened | 1 | 1 | flat |
| Releases | 1 | 2 | ↓1 (Clio nightly only) |
Notable carryover: clio#3000 (fallback writer recovery) was "In Progress" last week and merged this week. The clang-tidy push in rippled remains at an elevated pace — approximately 10 checks merged this week, consistent with the prior two weeks.