diff --git a/.ci/api-current.txt b/.ci/api-current.txt
index 952517db9a..f4435303d4 100644
--- a/.ci/api-current.txt
+++ b/.ci/api-current.txt
@@ -6505,10 +6505,6 @@ public final class net.corda.testing.node.NotarySpec extends java.lang.Object
   public int hashCode()
   public String toString()
 ##
-public interface net.corda.testing.node.ResponderFlowFactory
-  @NotNull
-  public abstract F invoke(net.corda.core.flows.FlowSession)
-##
 public final class net.corda.testing.node.StartedMockNode extends java.lang.Object
   @NotNull
   public final java.util.List<kotlin.Pair<F, net.corda.core.concurrent.CordaFuture<?>>> findStateMachines(Class<F>)
diff --git a/.ci/check-api-changes.sh b/.ci/check-api-changes.sh
index 2b01bfb74a..d79841d4e5 100755
--- a/.ci/check-api-changes.sh
+++ b/.ci/check-api-changes.sh
@@ -44,10 +44,12 @@ $newAbstracts
 EOF
 `
 
-#Get a list of any methods that expose classes in .internal. namespaces, and any classes which extend/implement
-#an internal class
+# Get a list of any methods that expose internal classes, which includes:
+# - classes in .internal. namespaces (excluding the kotlin.jvm.internal namespace)
+# - classes which extend/implement an internal class (see above)
+# - classes in the net.corda.node. namespace
 #TODO: check that only classes in a whitelist are part of the API rather than look for specific invalid cases going forward
-newInternalExposures=$(echo "$userDiffContents" | grep "^+" | grep "\.internal\." )
+newInternalExposures=$(echo "$userDiffContents" | grep "^+" | grep "(?<!kotlin\.jvm)\.internal\." )
 newNodeExposures=$(echo "$userDiffContents" | grep "^+" | grep "net\.corda\.node\.")
 
 internalCount=`grep -v "^$" <<EOF | wc -l
diff --git a/.idea/compiler.xml b/.idea/compiler.xml
index 4ecd10ebf5..804913cc66 100644
--- a/.idea/compiler.xml
+++ b/.idea/compiler.xml
@@ -44,6 +44,8 @@
       <module name="corda-core_integrationTest" target="1.8" />
       <module name="corda-core_smokeTest" target="1.8" />
       <module name="corda-finance_integrationTest" target="1.8" />
+      <module name="corda-isolated_main" target="1.8" />
+      <module name="corda-isolated_test" target="1.8" />
       <module name="corda-project_buildSrc_main" target="1.8" />
       <module name="corda-project_buildSrc_test" target="1.8" />
       <module name="corda-project_canonicalizer_main" target="1.8" />
@@ -158,6 +160,8 @@
       <module name="net.corda-blobinspector_test" target="1.8" />
       <module name="net.corda-finance-contracts-states_main" target="1.8" />
       <module name="net.corda-finance-contracts-states_test" target="1.8" />
+      <module name="net.corda-isolated_main" target="1.8" />
+      <module name="net.corda-isolated_test" target="1.8" />
       <module name="net.corda-verifier_main" target="1.8" />
       <module name="net.corda-verifier_test" target="1.8" />
       <module name="net.corda_buildSrc_main" target="1.8" />
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
index debfe40667..436ccfa28f 100644
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -14,6 +14,7 @@ see changes to this list.
 * Ajitha Thayaharan (BCS Technology International)
 * Alberto Arri (R3)
 * amiracam
+* Amol Pednekar
 * Andras Slemmer (R3)
 * Andrius Dagys (R3)
 * Andrzej Cichocki (R3)
@@ -79,6 +80,7 @@ see changes to this list.
 * Emanuel Russo (NTT DATA Italy)
 * Farzad Pezeshkpour (RBS)
 * fracting
+* Francisco Spadafora (NTT DATA Italy)
 * Frederic Dalibard (Natixis)
 * Garrett Macey (Wells Fargo)
 * gary-rowe
@@ -212,6 +214,7 @@ see changes to this list.
 * verymahler
 * Viktor Kolomeyko (R3)
 * Vipin Bharathan
+* Vitalij Reicherdt (Commerzbank AG)
 * Wawrzek Niewodniczanski (R3)
 * Wei Wu Zhang (Commonwealth Bank of Australia)
 * Zabrina Smith (Northern Trust)
diff --git a/LICENSE b/LICENSE
index 3e5757f3ff..e3a5c7f231 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,4 +1,4 @@
-  Copyright 2016 - 2018, R3 Limited.
+  Copyright 2016 - 2019, R3 Limited.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
diff --git a/README.md b/README.md
index a1232f8270..d453458f42 100644
--- a/README.md
+++ b/README.md
@@ -37,7 +37,9 @@ Corda is an open source blockchain project, designed for business from the start
 
 ## Contributing
 
-We welcome contributions to Corda! Please see our [CONTRIBUTING.md](./CONTRIBUTING.md).
+Corda is an open-source project and contributions are welcome!
+
+To find out how to contribute, please see our [contributing docs](https://docs.corda.net/head/contributing-index.html).
 
 ## License
 
diff --git a/build.gradle b/build.gradle
index 3a20bd5e99..53d5f7953f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -4,7 +4,7 @@ buildscript {
     file("$projectDir/constants.properties").withInputStream { constants.load(it) }
 
     // Our version: bump this on release.
-    ext.corda_release_version = "4.0-SNAPSHOT"
+    ext.corda_release_version = "5.0-SNAPSHOT"
     ext.corda_platform_version = constants.getProperty("platformVersion")
     ext.gradle_plugins_version = constants.getProperty("gradlePluginsVersion")
 
@@ -383,8 +383,6 @@ bintrayConfig {
             'corda-tools-explorer',
             'corda-tools-network-bootstrapper',
             'corda-tools-cliutils',
-            'corda-notary-raft',
-            'corda-notary-bft-smart',
             'corda-common-configuration-parsing',
             'corda-common-validation'
     ]
@@ -474,4 +472,4 @@ wrapper {
 buildScan {
     termsOfServiceUrl = 'https://gradle.com/terms-of-service'
     termsOfServiceAgree = 'yes'
-}
\ No newline at end of file
+}
diff --git a/client/jackson/src/test/kotlin/net/corda/client/jackson/JacksonSupportTest.kt b/client/jackson/src/test/kotlin/net/corda/client/jackson/JacksonSupportTest.kt
index fbdb10c67a..7f8db6e26f 100644
--- a/client/jackson/src/test/kotlin/net/corda/client/jackson/JacksonSupportTest.kt
+++ b/client/jackson/src/test/kotlin/net/corda/client/jackson/JacksonSupportTest.kt
@@ -10,6 +10,7 @@ import com.fasterxml.jackson.dataformat.yaml.YAMLFactory
 import com.fasterxml.jackson.module.kotlin.convertValue
 import com.nhaarman.mockito_kotlin.any
 import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.mock
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.client.jackson.internal.childrenAs
 import net.corda.client.jackson.internal.valueAs
@@ -24,7 +25,8 @@ import net.corda.core.internal.DigitalSignatureWithCert
 import net.corda.core.node.NodeInfo
 import net.corda.core.node.ServiceHub
 import net.corda.core.node.services.AttachmentStorage
-import net.corda.core.node.services.NetworkParametersStorage
+import net.corda.core.node.services.NetworkParametersService
+import net.corda.core.node.services.TransactionStorage
 import net.corda.core.serialization.CordaSerializable
 import net.corda.core.serialization.SerializedBytes
 import net.corda.core.serialization.serialize
@@ -94,10 +96,10 @@ class JacksonSupportTest(@Suppress("unused") private val name: String, factory:
         services = rigorousMock()
         cordappProvider = rigorousMock()
         val networkParameters = testNetworkParameters(minimumPlatformVersion = 4)
-        val networkParametersStorage = rigorousMock<NetworkParametersStorage>().also {
+        val networkParametersService = rigorousMock<NetworkParametersService>().also {
             doReturn(networkParameters.serialize().hash).whenever(it).currentHash
         }
-        doReturn(networkParametersStorage).whenever(services).networkParametersStorage
+        doReturn(networkParametersService).whenever(services).networkParametersService
         doReturn(cordappProvider).whenever(services).cordappProvider
         doReturn(networkParameters).whenever(services).networkParameters
         doReturn(attachments).whenever(services).attachments
@@ -237,6 +239,7 @@ class JacksonSupportTest(@Suppress("unused") private val name: String, factory:
         doReturn(attachmentId).whenever(cordappProvider).getContractAttachmentID(DummyContract.PROGRAM_ID)
         val attachmentStorage = rigorousMock<AttachmentStorage>()
         doReturn(attachmentStorage).whenever(services).attachments
+        doReturn(mock<TransactionStorage>()).whenever(services).validatedTransactions
         val attachment = rigorousMock<ContractAttachment>()
         doReturn(attachment).whenever(attachmentStorage).openAttachment(attachmentId)
         doReturn(attachmentId).whenever(attachment).id
diff --git a/client/jfx/src/integration-test/kotlin/net/corda/client/jfx/NodeMonitorModelTest.kt b/client/jfx/src/integration-test/kotlin/net/corda/client/jfx/NodeMonitorModelTest.kt
index 8f5c1fe4dd..3b446681d2 100644
--- a/client/jfx/src/integration-test/kotlin/net/corda/client/jfx/NodeMonitorModelTest.kt
+++ b/client/jfx/src/integration-test/kotlin/net/corda/client/jfx/NodeMonitorModelTest.kt
@@ -29,6 +29,7 @@ import net.corda.testing.driver.DriverParameters
 import net.corda.testing.driver.driver
 import net.corda.testing.internal.chooseIdentity
 import net.corda.testing.node.User
+import net.corda.testing.node.internal.FINANCE_CORDAPPS
 import org.junit.Test
 import rx.Observable
 
@@ -49,7 +50,7 @@ class NodeMonitorModelTest {
     private lateinit var newNode: (CordaX500Name) -> NodeInfo
 
     private fun setup(runTest: () -> Unit) {
-        driver(DriverParameters(extraCordappPackagesToScan = listOf("net.corda.finance"))) {
+        driver(DriverParameters(cordappsForAllNodes = FINANCE_CORDAPPS)) {
             val cashUser = User("user1", "test", permissions = setOf(all()))
             val aliceNodeHandle = startNode(providedName = ALICE_NAME, rpcUsers = listOf(cashUser)).getOrThrow()
             aliceNode = aliceNodeHandle.nodeInfo
diff --git a/client/rpc/build.gradle b/client/rpc/build.gradle
index f4d655d966..c30049ee08 100644
--- a/client/rpc/build.gradle
+++ b/client/rpc/build.gradle
@@ -57,10 +57,13 @@ processSmokeTestResources {
         rename 'corda-(.*)', 'corda.jar'
     }
     from(project(':finance:workflows').tasks['jar']) {
-        rename 'finance-workflows-(.*)', 'finance-workflows.jar'
+        rename '.*finance-workflows-.*', 'cordapp-finance-workflows.jar'
     }
     from(project(':finance:contracts').tasks['jar']) {
-        rename 'finance-contracts-(.*)', 'finance-contracts.jar'
+        rename '.*finance-contracts-.*', 'cordapp-finance-contracts.jar'
+    }
+    from(project(':confidential-identities').tasks['jar']) {
+        rename '.*confidential-identities-.*', 'cordapp-confidential-identities.jar'
     }
 }
 
@@ -87,6 +90,7 @@ dependencies {
     smokeTestCompile project(':smoke-test-utils')
     smokeTestCompile project(':finance:contracts')
     smokeTestCompile project(':finance:workflows')
+    smokeTestCompile project(':confidential-identities')
     smokeTestCompile "org.apache.logging.log4j:log4j-slf4j-impl:$log4j_version"
     smokeTestCompile "org.apache.logging.log4j:log4j-core:$log4j_version"
     smokeTestCompile "org.jetbrains.kotlin:kotlin-test:$kotlin_version"
diff --git a/client/rpc/src/main/kotlin/net/corda/client/rpc/CordaRPCClient.kt b/client/rpc/src/main/kotlin/net/corda/client/rpc/CordaRPCClient.kt
index 12b3785082..0b1d467140 100644
--- a/client/rpc/src/main/kotlin/net/corda/client/rpc/CordaRPCClient.kt
+++ b/client/rpc/src/main/kotlin/net/corda/client/rpc/CordaRPCClient.kt
@@ -3,12 +3,15 @@ package net.corda.client.rpc
 import com.github.benmanes.caffeine.cache.Caffeine
 import net.corda.client.rpc.internal.RPCClient
 import net.corda.client.rpc.internal.serialization.amqp.AMQPClientSerializationScheme
+import net.corda.core.internal.loadClassesImplementing
 import net.corda.core.context.Actor
 import net.corda.core.context.Trace
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.internal.PLATFORM_VERSION
 import net.corda.core.messaging.ClientRpcSslOptions
 import net.corda.core.messaging.CordaRPCOps
+import net.corda.core.serialization.SerializationCustomSerializer
+import net.corda.core.serialization.SerializationWhitelist
 import net.corda.core.serialization.internal.effectiveSerializationEnv
 import net.corda.core.utilities.NetworkHostAndPort
 import net.corda.core.utilities.days
@@ -19,6 +22,7 @@ import net.corda.serialization.internal.AMQP_RPC_CLIENT_CONTEXT
 import net.corda.serialization.internal.amqp.SerializationFactoryCacheKey
 import net.corda.serialization.internal.amqp.SerializerFactory
 import java.time.Duration
+import java.util.ServiceLoader
 
 /**
  * This class is essentially just a wrapper for an RPCConnection<CordaRPCOps> and can be treated identically.
@@ -240,6 +244,7 @@ open class CordaRPCClientConfiguration @JvmOverloads constructor(
  * @param configuration An optional configuration used to tweak client behaviour.
  * @param sslConfiguration An optional [ClientRpcSslOptions] used to enable secure communication with the server.
  * @param haAddressPool A list of [NetworkHostAndPort] representing the addresses of servers in HA mode.
+ * @param classLoader a classloader, which will be used (if provided) to discover available [SerializationCustomSerializer]s and [SerializationWhitelist]s
  * The client will attempt to connect to a live server by trying each address in the list. If the servers are not in
  * HA mode, the client will round-robin from the beginning of the list and try all servers.
  */
@@ -252,8 +257,9 @@ class CordaRPCClient private constructor(
 ) {
     @JvmOverloads
     constructor(hostAndPort: NetworkHostAndPort,
-                configuration: CordaRPCClientConfiguration = CordaRPCClientConfiguration.DEFAULT)
-            : this(hostAndPort, configuration, null)
+                configuration: CordaRPCClientConfiguration = CordaRPCClientConfiguration.DEFAULT,
+                classLoader: ClassLoader? = null)
+            : this(hostAndPort, configuration, null, classLoader = classLoader)
 
     /**
      * @param haAddressPool A list of [NetworkHostAndPort] representing the addresses of servers in HA mode.
@@ -287,7 +293,7 @@ class CordaRPCClient private constructor(
                 sslConfiguration: ClientRpcSslOptions? = null,
                 classLoader: ClassLoader? = null
         ): CordaRPCClient {
-            return CordaRPCClient(hostAndPort, configuration, sslConfiguration, classLoader)
+            return CordaRPCClient(hostAndPort, configuration, sslConfiguration, classLoader = classLoader)
         }
     }
 
@@ -296,7 +302,14 @@ class CordaRPCClient private constructor(
             effectiveSerializationEnv
         } catch (e: IllegalStateException) {
             try {
-                AMQPClientSerializationScheme.initialiseSerialization(classLoader, Caffeine.newBuilder().maximumSize(128).build<SerializationFactoryCacheKey, SerializerFactory>().asMap())
+                // If the client has provided a classloader, the associated classpath is checked for available custom serializers and serialization whitelists.
+                if (classLoader != null) {
+                    val customSerializers = loadClassesImplementing(classLoader, SerializationCustomSerializer::class.java)
+                    val serializationWhitelists = ServiceLoader.load(SerializationWhitelist::class.java, classLoader).toSet()
+                    AMQPClientSerializationScheme.initialiseSerialization(classLoader, customSerializers, serializationWhitelists, Caffeine.newBuilder().maximumSize(128).build<SerializationFactoryCacheKey, SerializerFactory>().asMap())
+                } else {
+                    AMQPClientSerializationScheme.initialiseSerialization(classLoader, serializerFactoriesForContexts =  Caffeine.newBuilder().maximumSize(128).build<SerializationFactoryCacheKey, SerializerFactory>().asMap())
+                }
             } catch (e: IllegalStateException) {
                 // Race e.g. two of these constructed in parallel, ignore.
             }
diff --git a/client/rpc/src/main/kotlin/net/corda/client/rpc/PermissionException.kt b/client/rpc/src/main/kotlin/net/corda/client/rpc/PermissionException.kt
index 92a78126a6..7e1fdf9477 100644
--- a/client/rpc/src/main/kotlin/net/corda/client/rpc/PermissionException.kt
+++ b/client/rpc/src/main/kotlin/net/corda/client/rpc/PermissionException.kt
@@ -10,4 +10,4 @@ import net.corda.nodeapi.exceptions.RpcSerializableError
  * Thrown to indicate that the calling user does not have permission for something they have requested (for example
  * calling a method).
  */
-class PermissionException(message: String) : CordaRuntimeException(message), RpcSerializableError, ClientRelevantError
\ No newline at end of file
+class PermissionException(val msg: String) : CordaRuntimeException(msg), RpcSerializableError, ClientRelevantError
\ No newline at end of file
diff --git a/client/rpc/src/main/kotlin/net/corda/client/rpc/internal/serialization/amqp/AMQPClientSerializationScheme.kt b/client/rpc/src/main/kotlin/net/corda/client/rpc/internal/serialization/amqp/AMQPClientSerializationScheme.kt
index dbb073b8a7..f920a8081d 100644
--- a/client/rpc/src/main/kotlin/net/corda/client/rpc/internal/serialization/amqp/AMQPClientSerializationScheme.kt
+++ b/client/rpc/src/main/kotlin/net/corda/client/rpc/internal/serialization/amqp/AMQPClientSerializationScheme.kt
@@ -5,6 +5,7 @@ import net.corda.core.internal.toSynchronised
 import net.corda.core.serialization.SerializationContext
 import net.corda.core.serialization.SerializationContext.UseCase
 import net.corda.core.serialization.SerializationCustomSerializer
+import net.corda.core.serialization.SerializationWhitelist
 import net.corda.core.serialization.internal.SerializationEnvironment
 import net.corda.core.serialization.internal.nodeSerializationEnv
 import net.corda.serialization.internal.*
@@ -17,24 +18,25 @@ import net.corda.serialization.internal.amqp.custom.RxNotificationSerializer
  */
 class AMQPClientSerializationScheme(
         cordappCustomSerializers: Set<SerializationCustomSerializer<*,*>>,
+        cordappSerializationWhitelists: Set<SerializationWhitelist>,
         serializerFactoriesForContexts: MutableMap<SerializationFactoryCacheKey, SerializerFactory>
-    ) : AbstractAMQPSerializationScheme(cordappCustomSerializers, serializerFactoriesForContexts) {
-    constructor(cordapps: List<Cordapp>) : this(cordapps.customSerializers, AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised())
-    constructor(cordapps: List<Cordapp>, serializerFactoriesForContexts: MutableMap<SerializationFactoryCacheKey, SerializerFactory>) : this(cordapps.customSerializers, serializerFactoriesForContexts)
+    ) : AbstractAMQPSerializationScheme(cordappCustomSerializers, cordappSerializationWhitelists, serializerFactoriesForContexts) {
+    constructor(cordapps: List<Cordapp>) : this(cordapps.customSerializers, cordapps.serializationWhitelists, AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised())
+    constructor(cordapps: List<Cordapp>, serializerFactoriesForContexts: MutableMap<SerializationFactoryCacheKey, SerializerFactory>) : this(cordapps.customSerializers, cordapps.serializationWhitelists, serializerFactoriesForContexts)
 
     @Suppress("UNUSED")
-    constructor() : this(emptySet(), AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised())
+    constructor() : this(emptySet(), emptySet(), AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised())
 
     companion object {
         /** Call from main only. */
-        fun initialiseSerialization(classLoader: ClassLoader? = null, serializerFactoriesForContexts: MutableMap<SerializationFactoryCacheKey, SerializerFactory> = AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised()) {
-            nodeSerializationEnv = createSerializationEnv(classLoader, serializerFactoriesForContexts)
+        fun initialiseSerialization(classLoader: ClassLoader? = null, customSerializers: Set<SerializationCustomSerializer<*, *>> = emptySet(), serializationWhitelists: Set<SerializationWhitelist> = emptySet(), serializerFactoriesForContexts: MutableMap<SerializationFactoryCacheKey, SerializerFactory> = AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised()) {
+            nodeSerializationEnv = createSerializationEnv(classLoader, customSerializers, serializationWhitelists, serializerFactoriesForContexts)
         }
 
-        fun createSerializationEnv(classLoader: ClassLoader? = null, serializerFactoriesForContexts: MutableMap<SerializationFactoryCacheKey, SerializerFactory> = AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised()): SerializationEnvironment {
+        fun createSerializationEnv(classLoader: ClassLoader? = null, customSerializers: Set<SerializationCustomSerializer<*, *>> = emptySet(), serializationWhitelists: Set<SerializationWhitelist> = emptySet(), serializerFactoriesForContexts: MutableMap<SerializationFactoryCacheKey, SerializerFactory> = AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised()): SerializationEnvironment {
             return SerializationEnvironment.with(
                     SerializationFactoryImpl().apply {
-                        registerScheme(AMQPClientSerializationScheme(emptyList(), serializerFactoriesForContexts))
+                        registerScheme(AMQPClientSerializationScheme(customSerializers, serializationWhitelists, serializerFactoriesForContexts))
                     },
                     storageContext = AMQP_STORAGE_CONTEXT,
                     p2pContext = if (classLoader != null) AMQP_P2P_CONTEXT.withClassLoader(classLoader) else AMQP_P2P_CONTEXT,
diff --git a/client/rpc/src/smoke-test/java/net/corda/java/rpc/StandaloneCordaRPCJavaClientTest.java b/client/rpc/src/smoke-test/java/net/corda/java/rpc/StandaloneCordaRPCJavaClientTest.java
index 32e2747072..9527a63b77 100644
--- a/client/rpc/src/smoke-test/java/net/corda/java/rpc/StandaloneCordaRPCJavaClientTest.java
+++ b/client/rpc/src/smoke-test/java/net/corda/java/rpc/StandaloneCordaRPCJavaClientTest.java
@@ -30,6 +30,27 @@ import static kotlin.test.AssertionsKt.fail;
 import static net.corda.finance.contracts.GetBalances.getCashBalance;
 
 public class StandaloneCordaRPCJavaClientTest {
+
+    public static void copyCordapps(NodeProcess.Factory factory, NodeConfig notaryConfig) {
+        Path cordappsDir = (factory.baseDirectory(notaryConfig).resolve(NodeProcess.CORDAPPS_DIR_NAME));
+        try {
+            Files.createDirectories(cordappsDir);
+        } catch (IOException ex) {
+            fail("Failed to create directories");
+        }
+        try (Stream<Path> paths = Files.walk(Paths.get("build", "resources", "smokeTest"))) {
+            paths.filter(path -> path.toFile().getName().startsWith("cordapp")).forEach(file -> {
+                try {
+                    Files.copy(file, cordappsDir.resolve(file.getFileName()));
+                } catch (IOException ex) {
+                    fail("Failed to copy cordapp jar");
+                }
+            });
+        } catch (IOException e) {
+            fail("Failed to walk files");
+        }
+    }
+
     private List<String> perms = Collections.singletonList("ALL");
     private Set<String> permSet = new HashSet<>(perms);
     private User rpcUser = new User("user1", "test", permSet);
@@ -55,7 +76,7 @@ public class StandaloneCordaRPCJavaClientTest {
     @Before
     public void setUp() {
         factory = new NodeProcess.Factory();
-        copyFinanceCordapp();
+        copyCordapps(factory, notaryConfig);
         notary = factory.create(notaryConfig);
         connection = notary.connect();
         rpcProxy = connection.getProxy();
@@ -73,28 +94,6 @@ public class StandaloneCordaRPCJavaClientTest {
         }
     }
 
-    private void copyFinanceCordapp() {
-        Path cordappsDir = (factory.baseDirectory(notaryConfig).resolve(NodeProcess.CORDAPPS_DIR_NAME));
-        try {
-            Files.createDirectories(cordappsDir);
-        } catch (IOException ex) {
-            fail("Failed to create directories");
-        }
-        try (Stream<Path> paths = Files.walk(Paths.get("build", "resources", "smokeTest"))) {
-            paths.forEach(file -> {
-                if (file.toString().contains("corda-finance")) {
-                    try {
-                        Files.copy(file, cordappsDir.resolve(file.getFileName()));
-                    } catch (IOException ex) {
-                        fail("Failed to copy finance jar");
-                    }
-                }
-            });
-        } catch (IOException e) {
-            fail("Failed to walk files");
-        }
-    }
-
     @Test
     public void testCashBalances() throws NoSuchFieldException, ExecutionException, InterruptedException {
         Amount<Currency> dollars123 = new Amount<>(123, Currency.getInstance("USD"));
diff --git a/client/rpc/src/smoke-test/kotlin/net/corda/kotlin/rpc/StandaloneCordaRPClientTest.kt b/client/rpc/src/smoke-test/kotlin/net/corda/kotlin/rpc/StandaloneCordaRPClientTest.kt
index d72b83ea04..18884a1ad5 100644
--- a/client/rpc/src/smoke-test/kotlin/net/corda/kotlin/rpc/StandaloneCordaRPClientTest.kt
+++ b/client/rpc/src/smoke-test/kotlin/net/corda/kotlin/rpc/StandaloneCordaRPClientTest.kt
@@ -6,12 +6,15 @@ import net.corda.client.rpc.CordaRPCConnection
 import net.corda.core.crypto.SecureHash
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
-import net.corda.core.internal.*
+import net.corda.core.internal.InputStreamAndHash
 import net.corda.core.messaging.*
 import net.corda.core.node.NodeInfo
 import net.corda.core.node.services.Vault
 import net.corda.core.node.services.vault.*
-import net.corda.core.utilities.*
+import net.corda.core.utilities.OpaqueBytes
+import net.corda.core.utilities.contextLogger
+import net.corda.core.utilities.getOrThrow
+import net.corda.core.utilities.seconds
 import net.corda.finance.DOLLARS
 import net.corda.finance.POUNDS
 import net.corda.finance.SWISS_FRANCS
@@ -21,6 +24,7 @@ import net.corda.finance.contracts.getCashBalance
 import net.corda.finance.contracts.getCashBalances
 import net.corda.finance.flows.CashIssueFlow
 import net.corda.finance.flows.CashPaymentFlow
+import net.corda.java.rpc.StandaloneCordaRPCJavaClientTest
 import net.corda.nodeapi.internal.config.User
 import net.corda.smoketesting.NodeConfig
 import net.corda.smoketesting.NodeProcess
@@ -31,11 +35,9 @@ import org.junit.Ignore
 import org.junit.Test
 import java.io.FilterInputStream
 import java.io.InputStream
-import java.nio.file.Paths
 import java.util.*
 import java.util.concurrent.CountDownLatch
 import java.util.concurrent.atomic.AtomicInteger
-import kotlin.streams.toList
 import kotlin.test.assertEquals
 import kotlin.test.assertFalse
 import kotlin.test.assertNotEquals
@@ -69,7 +71,7 @@ class StandaloneCordaRPClientTest {
     @Before
     fun setUp() {
         factory = NodeProcess.Factory()
-        copyFinanceCordapp()
+        StandaloneCordaRPCJavaClientTest.copyCordapps(factory, notaryConfig)
         notary = factory.create(notaryConfig)
         connection = notary.connect()
         rpcProxy = connection.proxy
@@ -86,15 +88,6 @@ class StandaloneCordaRPClientTest {
         }
     }
 
-    private fun copyFinanceCordapp() {
-        val cordappsDir = (factory.baseDirectory(notaryConfig) / NodeProcess.CORDAPPS_DIR_NAME).createDirectories()
-        // Find the finance jar file for the smoke tests of this module
-        val financeJars = Paths.get("build", "resources", "smokeTest").list {
-            it.filter { "corda-finance" in it.toString() }.toList()
-        }
-        financeJars.forEach { it.copyToDirectory(cordappsDir) }
-    }
-
 
     @Test
     fun `test attachments`() {
diff --git a/confidential-identities/build.gradle b/confidential-identities/build.gradle
index 38a2f43807..3e38d2a870 100644
--- a/confidential-identities/build.gradle
+++ b/confidential-identities/build.gradle
@@ -6,12 +6,13 @@ apply plugin: 'kotlin'
 apply plugin: CanonicalizerPlugin
 apply plugin: 'net.corda.plugins.publish-utils'
 apply plugin: 'net.corda.plugins.quasar-utils'
+apply plugin: 'net.corda.plugins.cordapp'
 apply plugin: 'com.jfrog.artifactory'
 
 description 'Corda Experimental Confidential Identities'
 
 dependencies {
-    compile project(':core')
+    cordaCompile project(':core')
 
     testCompile "org.jetbrains.kotlin:kotlin-test:$kotlin_version"
     testCompile "junit:junit:$junit_version"
@@ -26,6 +27,17 @@ dependencies {
     testCompile "org.assertj:assertj-core:$assertj_version"
 }
 
+cordapp {
+    targetPlatformVersion corda_platform_version.toInteger()
+    minimumPlatformVersion 1
+    workflow {
+        name "Corda Experimental Confidential Identities"
+        versionId 1
+        vendor "R3"
+        licence "Open Source (Apache 2)"
+    }
+}
+
 jar {
     baseName 'corda-confidential-identities'
 }
diff --git a/confidential-identities/src/main/kotlin/net/corda/confidential/SwapIdentitiesFlow.kt b/confidential-identities/src/main/kotlin/net/corda/confidential/SwapIdentitiesFlow.kt
index 50f21923cc..085aa22784 100644
--- a/confidential-identities/src/main/kotlin/net/corda/confidential/SwapIdentitiesFlow.kt
+++ b/confidential-identities/src/main/kotlin/net/corda/confidential/SwapIdentitiesFlow.kt
@@ -4,29 +4,49 @@ import co.paralleluniverse.fibers.Suspendable
 import net.corda.core.CordaInternal
 import net.corda.core.crypto.DigitalSignature
 import net.corda.core.crypto.verify
-import net.corda.core.flows.FlowException
-import net.corda.core.flows.FlowLogic
-import net.corda.core.flows.FlowSession
+import net.corda.core.flows.*
 import net.corda.core.identity.AnonymousParty
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
 import net.corda.core.identity.PartyAndCertificate
 import net.corda.core.internal.VisibleForTesting
+import net.corda.core.internal.cordapp.CordappResolver
+import net.corda.core.internal.warnOnce
 import net.corda.core.node.ServiceHub
 import net.corda.core.serialization.CordaSerializable
+import net.corda.core.serialization.SerializedBytes
+import net.corda.core.serialization.deserialize
 import net.corda.core.serialization.serialize
 import net.corda.core.utilities.ProgressTracker
 import net.corda.core.utilities.unwrap
 import java.security.PublicKey
 import java.security.SignatureException
+import java.util.*
 
 /**
  * Very basic flow which generates new confidential identities for parties in a transaction and exchanges the transaction
  * key and certificate paths between the parties. This is intended for use as a sub-flow of another flow which builds a
  * transaction. The flow running on the other side must also call this flow at the correct location.
+ *
+ * NOTE: This is an inlined flow but for backwards compatibility is annotated with [InitiatingFlow].
  */
-class SwapIdentitiesFlow @JvmOverloads constructor(private val otherSideSession: FlowSession,
-                                                   override val progressTracker: ProgressTracker = tracker()) : FlowLogic<SwapIdentitiesFlow.AnonymousResult>() {
+@InitiatingFlow
+class SwapIdentitiesFlow
+private constructor(private val otherSideSession: FlowSession?,
+                    private val otherParty: Party?,
+                    override val progressTracker: ProgressTracker) : FlowLogic<LinkedHashMap<Party, AnonymousParty>>() {
+
+    @JvmOverloads
+    constructor(otherSideSession: FlowSession, progressTracker: ProgressTracker = tracker()) : this(otherSideSession, null, progressTracker)
+
+    @Deprecated("It is unsafe to use this constructor as it requires nodes to automatically vend anonymous identities without first " +
+            "checking if they should. Instead, use the constructor that takes in an existing FlowSession.")
+    constructor(otherParty: Party, revocationEnabled: Boolean, progressTracker: ProgressTracker) : this(null, otherParty, progressTracker)
+
+    @Deprecated("It is unsafe to use this constructor as it requires nodes to automatically vend anonymous identities without first " +
+            "checking if they should. Instead, use the constructor that takes in an existing FlowSession.")
+    constructor(otherParty: Party) : this(null, otherParty, tracker())
+
     companion object {
         object GENERATING_IDENTITY : ProgressTracker.Step("Generating our anonymous identity")
         object SIGNING_IDENTITY : ProgressTracker.Step("Signing our anonymous identity")
@@ -69,38 +89,49 @@ class SwapIdentitiesFlow @JvmOverloads constructor(private val otherSideSession:
     }
 
     @Suspendable
-    override fun call(): AnonymousResult {
+    override fun call(): LinkedHashMap<Party, AnonymousParty> {
+        val session = otherSideSession ?: run {
+            logger.warnOnce("The current usage of SwapIdentitiesFlow is unsafe. Please consider upgrading your CorDapp to use " +
+                    "SwapIdentitiesFlow with FlowSessions. (${CordappResolver.currentCordapp?.info})")
+            initiateFlow(otherParty!!)
+        }
         progressTracker.currentStep = GENERATING_IDENTITY
         val ourAnonymousIdentity = serviceHub.keyManagementService.freshKeyAndCert(ourIdentityAndCert, false)
         val data = buildDataToSign(ourAnonymousIdentity)
         progressTracker.currentStep = SIGNING_IDENTITY
         val signature = serviceHub.keyManagementService.sign(data, ourAnonymousIdentity.owningKey).withoutKey()
-        val ourIdentWithSig = IdentityWithSignature(ourAnonymousIdentity, signature)
+        val ourIdentWithSig = IdentityWithSignature(ourAnonymousIdentity.serialize(), signature)
         progressTracker.currentStep = AWAITING_IDENTITY
-        val theirAnonymousIdentity = otherSideSession.sendAndReceive<IdentityWithSignature>(ourIdentWithSig).unwrap { theirIdentWithSig ->
+        val theirAnonymousIdentity = session.sendAndReceive<IdentityWithSignature>(ourIdentWithSig).unwrap { theirIdentWithSig ->
             progressTracker.currentStep = VERIFYING_IDENTITY
-            validateAndRegisterIdentity(serviceHub, otherSideSession.counterparty, theirIdentWithSig.identity, theirIdentWithSig.signature)
+            validateAndRegisterIdentity(serviceHub, session.counterparty, theirIdentWithSig.identity.deserialize(), theirIdentWithSig.signature)
         }
-        return AnonymousResult(ourAnonymousIdentity.party.anonymise(), theirAnonymousIdentity.party.anonymise())
+
+        val identities = LinkedHashMap<Party, AnonymousParty>()
+        identities[ourIdentity] = ourAnonymousIdentity.party.anonymise()
+        identities[session.counterparty] = theirAnonymousIdentity.party.anonymise()
+        return identities
     }
 
-    /**
-     * Result class containing the caller's anonymous identity ([ourIdentity]) and the counterparty's ([theirIdentity]).
-     */
     @CordaSerializable
-    data class AnonymousResult(val ourIdentity: AnonymousParty, val theirIdentity: AnonymousParty)
-
-    @CordaSerializable
-    private data class IdentityWithSignature(val identity: PartyAndCertificate, val signature: DigitalSignature)
-
-    /**
-     * Data class used only in the context of asserting that the owner of the private key for the listed key wants to use it
-     * to represent the named entity. This is paired with an X.509 certificate (which asserts the signing identity says
-     * the key represents the named entity) and protects against a malicious party incorrectly claiming others'
-     * keys.
-     */
-    @CordaSerializable
-    private data class CertificateOwnershipAssertion(val name: CordaX500Name, val owningKey: PublicKey)
+    data class IdentityWithSignature(val identity: SerializedBytes<PartyAndCertificate>, val signature: DigitalSignature)
 }
 
+// Data class used only in the context of asserting that the owner of the private key for the listed key wants to use it
+// to represent the named entity. This is paired with an X.509 certificate (which asserts the signing identity says
+// the key represents the named entity) and protects against a malicious party incorrectly claiming others'
+// keys.
+@CordaSerializable
+data class CertificateOwnershipAssertion(val x500Name: CordaX500Name, val publicKey: PublicKey)
+
 open class SwapIdentitiesException @JvmOverloads constructor(message: String, cause: Throwable? = null) : FlowException(message, cause)
+
+// This only exists for backwards compatibility
+@InitiatedBy(SwapIdentitiesFlow::class)
+private class SwapIdentitiesHandler(private val otherSide: FlowSession) : FlowLogic<Unit>() {
+    @Suspendable
+    override fun call() {
+        subFlow(SwapIdentitiesFlow(otherSide))
+        logger.warnOnce("Insecure API to swap anonymous identities was used by ${otherSide.counterparty} (${otherSide.getCounterpartyFlowInfo()})")
+    }
+}
diff --git a/confidential-identities/src/test/kotlin/net/corda/confidential/SwapIdentitiesFlowTests.kt b/confidential-identities/src/test/kotlin/net/corda/confidential/SwapIdentitiesFlowTests.kt
index 0b87a857bc..95b0664c98 100644
--- a/confidential-identities/src/test/kotlin/net/corda/confidential/SwapIdentitiesFlowTests.kt
+++ b/confidential-identities/src/test/kotlin/net/corda/confidential/SwapIdentitiesFlowTests.kt
@@ -171,10 +171,7 @@ class SwapIdentitiesFlowTests {
 @InitiatingFlow
 private class SwapIdentitiesInitiator(private val otherSide: Party) : FlowLogic<Map<Party, AnonymousParty>>() {
     @Suspendable
-    override fun call(): Map<Party, AnonymousParty> {
-        val (anonymousUs, anonymousThem) = subFlow(SwapIdentitiesFlow(initiateFlow(otherSide)))
-        return mapOf(ourIdentity to anonymousUs, otherSide to anonymousThem)
-    }
+    override fun call(): Map<Party, AnonymousParty> = subFlow(SwapIdentitiesFlow(initiateFlow(otherSide)))
 }
 
 @InitiatedBy(SwapIdentitiesInitiator::class)
diff --git a/config/dev/log4j2.xml b/config/dev/log4j2.xml
index 17ae160b02..6e27ecccb2 100644
--- a/config/dev/log4j2.xml
+++ b/config/dev/log4j2.xml
@@ -10,27 +10,59 @@
     </Properties>
 
     <Appenders>
-        <Console name="Console-Appender" target="SYSTEM_OUT">
-            <PatternLayout>
-                <ScriptPatternSelector defaultPattern="%highlight{[%level{length=5}] %date{HH:mm:ssZ} [%t] %c{2}.%method - %msg%n%throwable{short.message}%n}{INFO=white,WARN=red,FATAL=bright red}">
-                    <Script name="MDCSelector" language="javascript"><![CDATA[
-                    result = null;
-                    if (!logEvent.getContextData().size() == 0) {
-                        result = "WithMDC";
-                    } else {
-                        result = null;
-                    }
-                    result;
-               ]]>
-                    </Script>
-                    <PatternMatch key="WithMDC" pattern="%highlight{[%level{length=5}] %date{HH:mm:ssZ} [%t] %c{2}.%method - %msg %X%n%throwable{short.message}%n}{INFO=white,WARN=red,FATAL=bright red}"/>
-                </ScriptPatternSelector>
-            </PatternLayout>
-        </Console>
+        <ScriptAppenderSelector name="Console-Selector">
+            <Script language="nashorn"><![CDATA[
+                var System = Java.type('java.lang.System');
+                var level = System.getProperty("consoleLogLevel");
+                var enabled = System.getProperty("consoleLoggingEnabled");
+                enabled == "true" && (level == "debug" || level == "trace") ? "Console-Debug-Appender" : "Console-Appender";
+            ]]></Script>
+            <AppenderSet>
+
+                <!-- The default console appender - prints no exception information -->
+                <Console name="Console-Appender" target="SYSTEM_OUT">
+                    <PatternLayout>
+                        <ScriptPatternSelector
+                                defaultPattern="%highlight{[%level{length=5}] %date{HH:mm:ssZ} [%t] %c{2}.%method - %msg%n%throwable{0}}{INFO=white,WARN=red,FATAL=bright red}">
+                            <Script name="MDCSelector" language="javascript"><![CDATA[
+                                result = null;
+                                if (!logEvent.getContextData().size() == 0) {
+                                    result = "WithMDC";
+                                } else {
+                                    result = null;
+                                }
+                                result;
+                                ]]>
+                            </Script>
+                            <PatternMatch key="WithMDC" pattern="%highlight{[%level{length=5}] %date{HH:mm:ssZ} [%t] %c{2}.%method - %msg %X%n%throwable{0}}{INFO=white,WARN=red,FATAL=bright red}"/>
+                        </ScriptPatternSelector>
+                    </PatternLayout>
+                </Console>
+
+                <!-- The console appender when debug or trace level logging is specified. Prints full stack trace -->
+                <Console name="Console-Debug-Appender" target="SYSTEM_OUT">
+                    <PatternLayout>
+                        <ScriptPatternSelector defaultPattern="%highlight{[%level{length=5}] %date{HH:mm:ssZ} [%t] %c{2}.%method - %msg%n%throwable{}}{INFO=white,WARN=red,FATAL=bright red}">
+                            <Script name="MDCSelector" language="javascript"><![CDATA[
+                                result = null;
+                                if (!logEvent.getContextData().size() == 0) {
+                                    result = "WithMDC";
+                                } else {
+                                    result = null;
+                                }
+                                result;
+                                ]]>
+                            </Script>
+                            <PatternMatch key="WithMDC" pattern="%highlight{[%level{length=5}] %date{HH:mm:ssZ} [%t] %c{2}.%method - %msg %X%n%throwable{}}{INFO=white,WARN=red,FATAL=bright red}"/>
+                        </ScriptPatternSelector>
+                    </PatternLayout>
+                </Console>
+            </AppenderSet>
+        </ScriptAppenderSelector>
 
         <!-- Required for printBasicInfo -->
         <Console name="Console-Appender-Println" target="SYSTEM_OUT">
-            <PatternLayout pattern="%msg%n%throwable{short.message}" />
+            <PatternLayout pattern="%msg%n%throwable{0}" />
         </Console>
 
         <!-- Will generate up to 100 log files for a given day. During every rollover it will delete
@@ -73,8 +105,8 @@
 
         </RollingRandomAccessFile>
 
-        <Rewrite name="Console-ErrorCode-Appender">
-            <AppenderRef ref="Console-Appender"/>
+        <Rewrite name="Console-ErrorCode-Selector">
+            <AppenderRef ref="Console-Selector"/>
             <ErrorCodeRewritePolicy/>
         </Rewrite>
 
@@ -91,7 +123,7 @@
 
     <Loggers>
         <Root level="${defaultLogLevel}">
-            <AppenderRef ref="Console-ErrorCode-Appender" level="${consoleLogLevel}"/>
+            <AppenderRef ref="Console-ErrorCode-Selector" level="${consoleLogLevel}"/>
             <AppenderRef ref="RollingFile-ErrorCode-Appender"/>
         </Root>
         <Logger name="BasicInfo" additivity="false">
@@ -99,11 +131,11 @@
             <AppenderRef ref="RollingFile-ErrorCode-Appender"/>
         </Logger>
         <Logger name="org.hibernate.SQL" level="info" additivity="false">
-            <AppenderRef ref="Console-ErrorCode-Appender"/>
+            <AppenderRef ref="Console-ErrorCode-Selector"/>
             <AppenderRef ref="RollingFile-ErrorCode-Appender"/>
         </Logger>
         <Logger name="org.apache.activemq.artemis.core.server" level="error" additivity="false">
-            <AppenderRef ref="Console-ErrorCode-Appender"/>
+            <AppenderRef ref="Console-ErrorCode-Selector"/>
             <AppenderRef ref="RollingFile-ErrorCode-Appender"/>
         </Logger>
         <Logger name="org.jolokia" additivity="true" level="warn">
diff --git a/constants.properties b/constants.properties
index cfdf79b05d..b7ed08ca31 100644
--- a/constants.properties
+++ b/constants.properties
@@ -1,10 +1,10 @@
-gradlePluginsVersion=4.0.37
+gradlePluginsVersion=4.0.38
 kotlinVersion=1.2.71
 # ***************************************************************#
 # When incrementing platformVersion make sure to update          #
 # net.corda.core.internal.CordaUtilsKt.PLATFORM_VERSION as well. #
 # ***************************************************************#
-platformVersion=4
+platformVersion=5
 guavaVersion=25.1-jre
 proguardVersion=6.0.3
 bouncycastleVersion=1.60
diff --git a/core-deterministic/testing/data/src/test/kotlin/net/corda/deterministic/data/TransactionGenerator.kt b/core-deterministic/testing/data/src/test/kotlin/net/corda/deterministic/data/TransactionGenerator.kt
index ce51e917b1..4800c454a5 100644
--- a/core-deterministic/testing/data/src/test/kotlin/net/corda/deterministic/data/TransactionGenerator.kt
+++ b/core-deterministic/testing/data/src/test/kotlin/net/corda/deterministic/data/TransactionGenerator.kt
@@ -1,6 +1,7 @@
 package net.corda.deterministic.data
 
 import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.mock
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.crypto.entropyToKeyPair
 import net.corda.core.identity.AnonymousParty
@@ -39,7 +40,7 @@ object TransactionGenerator {
     private val MEGA_CORP_PUBKEY: PublicKey = megaCorp.keyPair.public
     private val MINI_CORP_PUBKEY: PublicKey = TestIdentity(CordaX500Name("MiniCorp", "London", "GB")).keyPair.public
 
-    private val ledgerServices = MockServices(emptyList(), MEGA_CORP.name, rigorousMock<IdentityServiceInternal>().also {
+    private val ledgerServices = MockServices(emptyList(), MEGA_CORP.name, mock<IdentityServiceInternal>().also {
         doReturn(MEGA_CORP).whenever(it).partyFromKey(MEGA_CORP_PUBKEY)
         doReturn(DUMMY_CASH_ISSUER.party).whenever(it).partyFromKey(DUMMY_CASH_ISSUER_KEY.public)
     })
diff --git a/core-deterministic/testing/src/test/kotlin/net/corda/core/internal/ClassLoadingUtils.kt b/core-deterministic/testing/src/test/kotlin/net/corda/core/internal/ClassLoadingUtils.kt
new file mode 100644
index 0000000000..f0d2532013
--- /dev/null
+++ b/core-deterministic/testing/src/test/kotlin/net/corda/core/internal/ClassLoadingUtils.kt
@@ -0,0 +1,8 @@
+package net.corda.core.internal
+
+/**
+ * Stubbing out non-deterministic method.
+ */
+fun <T: Any> loadClassesImplementing(classloader: ClassLoader, clazz: Class<T>): Set<T> {
+    return emptySet()
+}
\ No newline at end of file
diff --git a/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/LocalSerializationRule.kt b/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/LocalSerializationRule.kt
index 6bd4170d73..68cafaee17 100644
--- a/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/LocalSerializationRule.kt
+++ b/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/LocalSerializationRule.kt
@@ -4,6 +4,7 @@ import net.corda.core.serialization.ClassWhitelist
 import net.corda.core.serialization.SerializationContext
 import net.corda.core.serialization.SerializationContext.UseCase.P2P
 import net.corda.core.serialization.SerializationCustomSerializer
+import net.corda.core.serialization.SerializationWhitelist
 import net.corda.core.serialization.internal.SerializationEnvironment
 import net.corda.core.serialization.internal._contextSerializationEnv
 import net.corda.serialization.internal.*
@@ -57,15 +58,16 @@ class LocalSerializationRule(private val label: String) : TestRule {
 
     private fun createTestSerializationEnv(): SerializationEnvironment {
         val factory = SerializationFactoryImpl(mutableMapOf()).apply {
-            registerScheme(AMQPSerializationScheme(emptySet(), AccessOrderLinkedHashMap(128)))
+            registerScheme(AMQPSerializationScheme(emptySet(), emptySet(), AccessOrderLinkedHashMap(128)))
         }
         return SerializationEnvironment.with(factory, AMQP_P2P_CONTEXT)
     }
 
     private class AMQPSerializationScheme(
             cordappCustomSerializers: Set<SerializationCustomSerializer<*, *>>,
+            cordappSerializationWhitelists: Set<SerializationWhitelist>,
             serializerFactoriesForContexts: AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>
-    ) : AbstractAMQPSerializationScheme(cordappCustomSerializers, serializerFactoriesForContexts) {
+    ) : AbstractAMQPSerializationScheme(cordappCustomSerializers, cordappSerializationWhitelists, serializerFactoriesForContexts) {
         override fun rpcServerSerializerFactory(context: SerializationContext): SerializerFactory {
             throw UnsupportedOperationException()
         }
diff --git a/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/TransactionVerificationRequest.kt b/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/TransactionVerificationRequest.kt
index 0ed50800f9..c259f2791c 100644
--- a/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/TransactionVerificationRequest.kt
+++ b/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/TransactionVerificationRequest.kt
@@ -2,8 +2,8 @@ package net.corda.deterministic.verifier
 
 import net.corda.core.contracts.Attachment
 import net.corda.core.contracts.ContractAttachment
-import net.corda.core.contracts.ContractClassName
 import net.corda.core.internal.DEPLOYED_CORDAPP_UPLOADER
+import net.corda.core.internal.toLtxDjvmInternal
 import net.corda.core.node.NetworkParameters
 import net.corda.core.serialization.CordaSerializable
 import net.corda.core.serialization.SerializedBytes
@@ -25,13 +25,10 @@ class TransactionVerificationRequest(val wtxToVerify: SerializedBytes<WireTransa
         val attachmentMap = attachments
                 .mapNotNull { it as? MockContractAttachment }
                 .associateBy(Attachment::id) { ContractAttachment(it, it.contract, uploader = DEPLOYED_CORDAPP_UPLOADER) }
-        val contractAttachmentMap = emptyMap<ContractClassName, ContractAttachment>()
         @Suppress("DEPRECATION")
-        return wtxToVerify.deserialize().toLedgerTransaction(
-                resolveIdentity = { null },
+        return wtxToVerify.deserialize().toLtxDjvmInternal(
                 resolveAttachment = { attachmentMap[it] },
                 resolveStateRef = { deps[it.txhash]?.outputs?.get(it.index) },
-                resolveContractAttachment = { contractAttachmentMap[it.contract]?.id },
                 resolveParameters = { networkParameters.deserialize() }
         )
     }
diff --git a/core/build.gradle b/core/build.gradle
index 05e9716dc9..5a8edc4d97 100644
--- a/core/build.gradle
+++ b/core/build.gradle
@@ -111,6 +111,8 @@ dependencies {
 
     // required to use @Type annotation
     compile "org.hibernate:hibernate-core:$hibernate_version"
+
+    compile group: "io.github.classgraph", name: "classgraph", version: class_graph_version
 }
 
 // TODO Consider moving it to quasar-utils in the future (introduced with PR-1388)
diff --git a/core/src/main/kotlin/net/corda/core/contracts/BelongsToContract.kt b/core/src/main/kotlin/net/corda/core/contracts/BelongsToContract.kt
index def0a947fa..44b1523c7a 100644
--- a/core/src/main/kotlin/net/corda/core/contracts/BelongsToContract.kt
+++ b/core/src/main/kotlin/net/corda/core/contracts/BelongsToContract.kt
@@ -1,6 +1,7 @@
 package net.corda.core.contracts
 
 import kotlin.reflect.KClass
+import net.corda.core.contracts.TransactionVerificationException.TransactionContractConflictException
 
 /**
  * This annotation is required by any [ContractState] which needs to ensure that it is only ever processed as part of a
@@ -12,7 +13,8 @@ import kotlin.reflect.KClass
  * checked to ensure that their [ContractState]s match with their [Contract]s as specified either by this annotation, or
  * by their inner/outer class relationship.
  *
- * The transaction will write a warning to the log if any mismatch is detected.
+ * The transaction will write a warning to the log (for corDapps with a target version less than 4) or
+ * fail with a [TransactionContractConflictException] if any mismatch is detected.
  *
  * @param value The class of the [Contract] to which states of the annotated [ContractState] belong.
  */
diff --git a/core/src/main/kotlin/net/corda/core/contracts/StatePointer.kt b/core/src/main/kotlin/net/corda/core/contracts/StatePointer.kt
index 5f1cc39401..cc31b74121 100644
--- a/core/src/main/kotlin/net/corda/core/contracts/StatePointer.kt
+++ b/core/src/main/kotlin/net/corda/core/contracts/StatePointer.kt
@@ -65,6 +65,19 @@ class StaticPointer<T : ContractState>(override val pointer: StateRef, override
     override fun resolve(ltx: LedgerTransaction): StateAndRef<T> {
         return ltx.referenceInputRefsOfType(type).single { pointer == it.ref }
     }
+
+    override fun equals(other: Any?): Boolean {
+        if (this === other) return true
+        if (other !is StaticPointer<*>) return false
+
+        if (pointer != other.pointer) return false
+
+        return true
+    }
+
+    override fun hashCode(): Int {
+        return pointer.hashCode()
+    }
 }
 
 /**
@@ -118,4 +131,17 @@ class LinearPointer<T : LinearState>(override val pointer: UniqueIdentifier, ove
     override fun resolve(ltx: LedgerTransaction): StateAndRef<T> {
         return ltx.referenceInputRefsOfType(type).single { pointer == it.state.data.linearId }
     }
+
+    override fun equals(other: Any?): Boolean {
+        if (this === other) return true
+        if (other !is LinearPointer<*>) return false
+
+        if (pointer != other.pointer) return false
+
+        return true
+    }
+
+    override fun hashCode(): Int {
+        return pointer.hashCode()
+    }
 }
\ No newline at end of file
diff --git a/core/src/main/kotlin/net/corda/core/contracts/Structures.kt b/core/src/main/kotlin/net/corda/core/contracts/Structures.kt
index 82de997dc4..74a1de3149 100644
--- a/core/src/main/kotlin/net/corda/core/contracts/Structures.kt
+++ b/core/src/main/kotlin/net/corda/core/contracts/Structures.kt
@@ -237,6 +237,7 @@ interface MoveCommand : CommandData {
 data class CommandWithParties<out T : CommandData>(
         val signers: List<PublicKey>,
         /** If any public keys were recognised, the looked up institutions are available here */
+        @Deprecated("Should not be used in contract verification code as it is non-deterministic, will be disabled for some future target platform version onwards and will take effect only for CorDapps targeting those versions.")
         val signingParties: List<Party>,
         val value: T
 )
diff --git a/core/src/main/kotlin/net/corda/core/flows/FinalityFlow.kt b/core/src/main/kotlin/net/corda/core/flows/FinalityFlow.kt
index 01065d5da9..968e5a7624 100644
--- a/core/src/main/kotlin/net/corda/core/flows/FinalityFlow.kt
+++ b/core/src/main/kotlin/net/corda/core/flows/FinalityFlow.kt
@@ -7,11 +7,13 @@ import net.corda.core.identity.Party
 import net.corda.core.identity.groupAbstractPartyByWellKnownParty
 import net.corda.core.internal.cordapp.CordappResolver
 import net.corda.core.internal.pushToLoggingContext
+import net.corda.core.internal.warnOnce
 import net.corda.core.node.StatesToRecord
 import net.corda.core.node.StatesToRecord.ONLY_RELEVANT
 import net.corda.core.transactions.LedgerTransaction
 import net.corda.core.transactions.SignedTransaction
 import net.corda.core.utilities.ProgressTracker
+import net.corda.core.utilities.debug
 
 /**
  * Verifies the given transaction, then sends it to the named notary. If the notary agrees that the transaction
@@ -29,44 +31,74 @@ import net.corda.core.utilities.ProgressTracker
  * The flow returns the same transaction but with the additional signatures from the notary.
  *
  * NOTE: This is an inlined flow but for backwards compatibility is annotated with [InitiatingFlow].
- *
- * @param transaction What to commit.
- * @param sessions A collection of [FlowSession]s who will be given the notarised transaction. This list **must** include
- * all participants in the transaction (excluding the local identity).
  */
 // To maintain backwards compatibility with the old API, FinalityFlow can act both as an initiating flow and as an inlined flow.
 // This is only possible because a flow is only truly initiating when the first call to initiateFlow is made (where the
 // presence of @InitiatingFlow is checked). So the new API is inlined simply because that code path doesn't call initiateFlow.
 @InitiatingFlow
 class FinalityFlow private constructor(val transaction: SignedTransaction,
-                                       private val extraRecipients: Set<Party>,
+                                       private val oldParticipants: Collection<Party>,
                                        override val progressTracker: ProgressTracker,
-                                       private val sessions: Collection<FlowSession>?) : FlowLogic<SignedTransaction>() {
+                                       private val sessions: Collection<FlowSession>,
+                                       private val newApi: Boolean) : FlowLogic<SignedTransaction>() {
     @Deprecated(DEPRECATION_MSG)
     constructor(transaction: SignedTransaction, extraRecipients: Set<Party>, progressTracker: ProgressTracker) : this(
-            transaction, extraRecipients, progressTracker, null
+            transaction, extraRecipients, progressTracker, emptyList(), false
     )
     @Deprecated(DEPRECATION_MSG)
-    constructor(transaction: SignedTransaction, extraRecipients: Set<Party>) : this(transaction, extraRecipients, tracker(), null)
+    constructor(transaction: SignedTransaction, extraRecipients: Set<Party>) : this(transaction, extraRecipients, tracker(), emptyList(), false)
     @Deprecated(DEPRECATION_MSG)
-    constructor(transaction: SignedTransaction) : this(transaction, emptySet(), tracker(), null)
+    constructor(transaction: SignedTransaction) : this(transaction, emptySet(), tracker(), emptyList(), false)
     @Deprecated(DEPRECATION_MSG)
-    constructor(transaction: SignedTransaction, progressTracker: ProgressTracker) : this(transaction, emptySet(), progressTracker, null)
+    constructor(transaction: SignedTransaction, progressTracker: ProgressTracker) : this(transaction, emptySet(), progressTracker, emptyList(), false)
 
-    constructor(transaction: SignedTransaction, sessions: Collection<FlowSession>, progressTracker: ProgressTracker) : this(
-            transaction, emptySet(), progressTracker, sessions
-    )
-    constructor(transaction: SignedTransaction, sessions: Collection<FlowSession>) : this(
-            transaction, emptySet(), tracker(), sessions
-    )
+    /**
+     * Notarise the given transaction and broadcast it to the given [FlowSession]s. This list **must** at least include
+     * all the non-local participants of the transaction. Sessions to non-participants can also be provided.
+     *
+     * @param transaction What to commit.
+     */
     constructor(transaction: SignedTransaction, firstSession: FlowSession, vararg restSessions: FlowSession) : this(
-            transaction, emptySet(), tracker(), listOf(firstSession) + restSessions.asList()
+            transaction, listOf(firstSession) + restSessions.asList()
     )
 
+    /**
+     * Notarise the given transaction and broadcast it to all the participants.
+     *
+     * @param transaction What to commit.
+     * @param sessions A collection of [FlowSession]s for each non-local participant of the transaction. Sessions to non-participants can
+     * also be provided.
+     */
+    @JvmOverloads
+    constructor(
+            transaction: SignedTransaction,
+            sessions: Collection<FlowSession>,
+            progressTracker: ProgressTracker = tracker()
+    ) : this(transaction, emptyList(), progressTracker, sessions, true)
+
+    /**
+     * Notarise the given transaction and broadcast it to all the participants.
+     *
+     * @param transaction What to commit.
+     * @param sessions A collection of [FlowSession]s for each non-local participant.
+     * @param oldParticipants An **optional** collection of parties for participants who are still using the old API.
+     *
+     * You will only need to use this parameter if you have upgraded your CorDapp from the V3 FinalityFlow API but are required to provide
+     * backwards compatibility with participants running V3 nodes. If you're writing a new CorDapp then this does not apply and this
+     * parameter should be ignored.
+     */
+    @Deprecated(DEPRECATION_MSG)
+    constructor(
+            transaction: SignedTransaction,
+            sessions: Collection<FlowSession>,
+            oldParticipants: Collection<Party>,
+            progressTracker: ProgressTracker
+    ) : this(transaction, oldParticipants, progressTracker, sessions, true)
+
     companion object {
         private const val DEPRECATION_MSG = "It is unsafe to use this constructor as it requires nodes to automatically " +
                 "accept notarised transactions without first checking their relevancy. Instead, use one of the constructors " +
-                "that takes in existing FlowSessions."
+                "that requires only FlowSessions."
 
         object NOTARISING : ProgressTracker.Step("Requesting signature by notary service") {
             override fun childProgressTracker() = NotaryFlow.Client.tracker()
@@ -81,13 +113,13 @@ class FinalityFlow private constructor(val transaction: SignedTransaction,
     @Suspendable
     @Throws(NotaryException::class)
     override fun call(): SignedTransaction {
-        if (sessions == null) {
+        if (!newApi) {
             require(CordappResolver.currentTargetVersion < 4) {
                 "A flow session for each external participant to the transaction must be provided. If you wish to continue " +
                         "using this insecure API then specify a target platform version of less than 4 for your CorDapp."
             }
-            logger.warn("The current usage of FinalityFlow is unsafe. Please consider upgrading your CorDapp to use " +
-                    "FinalityFlow with FlowSessions.")
+            logger.warnOnce("The current usage of FinalityFlow is unsafe. Please consider upgrading your CorDapp to use " +
+                    "FinalityFlow with FlowSessions. (${CordappResolver.currentCordapp?.info})")
         } else {
             require(sessions.none { serviceHub.myInfo.isLegalIdentity(it.counterparty) }) {
                 "Do not provide flow sessions for the local node. FinalityFlow will record the notarised transaction locally."
@@ -103,30 +135,25 @@ class FinalityFlow private constructor(val transaction: SignedTransaction,
         transaction.pushToLoggingContext()
         logCommandData()
         val ledgerTransaction = verifyTx()
-        val externalParticipants = extractExternalParticipants(ledgerTransaction)
+        val externalTxParticipants = extractExternalParticipants(ledgerTransaction)
 
-        if (sessions != null) {
-            val missingRecipients = externalParticipants - sessions.map { it.counterparty }
+        if (newApi) {
+            val sessionParties = sessions.map { it.counterparty }
+            val missingRecipients = externalTxParticipants - sessionParties - oldParticipants
             require(missingRecipients.isEmpty()) {
                 "Flow sessions were not provided for the following transaction participants: $missingRecipients"
             }
+            sessionParties.intersect(oldParticipants).let {
+                require(it.isEmpty()) { "The following parties are specified both in flow sessions and in the oldParticipants list: $it" }
+            }
         }
 
         val notarised = notariseAndRecord()
 
-        // Each transaction has its own set of recipients, but extra recipients get them all.
         progressTracker.currentStep = BROADCASTING
 
-        if (sessions == null) {
-            val recipients = externalParticipants + (extraRecipients - serviceHub.myInfo.legalIdentities)
-            logger.info("Broadcasting transaction to parties ${recipients.joinToString(", ", "[", "]")}.")
-            for (recipient in recipients) {
-                logger.info("Sending transaction to party ${recipient.name}.")
-                val session = initiateFlow(recipient)
-                subFlow(SendTransactionFlow(session, notarised))
-                logger.info("Party $recipient received the transaction.")
-            }
-        } else {
+        if (newApi) {
+            oldV3Broadcast(notarised, oldParticipants.toSet())
             for (session in sessions) {
                 try {
                     subFlow(SendTransactionFlow(session, notarised))
@@ -140,6 +167,8 @@ class FinalityFlow private constructor(val transaction: SignedTransaction,
                     )
                 }
             }
+        } else {
+            oldV3Broadcast(notarised, (externalTxParticipants + oldParticipants).toSet())
         }
 
         logger.info("All parties received the transaction successfully.")
@@ -147,6 +176,18 @@ class FinalityFlow private constructor(val transaction: SignedTransaction,
         return notarised
     }
 
+    @Suspendable
+    private fun oldV3Broadcast(notarised: SignedTransaction, recipients: Set<Party>) {
+        for (recipient in recipients) {
+            if (!serviceHub.myInfo.isLegalIdentity(recipient)) {
+                logger.debug { "Sending transaction to party $recipient." }
+                val session = initiateFlow(recipient)
+                subFlow(SendTransactionFlow(session, notarised))
+                logger.info("Party $recipient received the transaction.")
+            }
+        }
+    }
+
     private fun logCommandData() {
         if (logger.isDebugEnabled) {
             val commandDataTypes = transaction.tx.commands.asSequence().mapNotNull { it.value::class.qualifiedName }.distinct()
diff --git a/core/src/main/kotlin/net/corda/core/flows/FlowLogic.kt b/core/src/main/kotlin/net/corda/core/flows/FlowLogic.kt
index 18af90b922..b7a47ee34d 100644
--- a/core/src/main/kotlin/net/corda/core/flows/FlowLogic.kt
+++ b/core/src/main/kotlin/net/corda/core/flows/FlowLogic.kt
@@ -95,6 +95,8 @@ abstract class FlowLogic<out T> {
                 fiber.suspend(request, maySkipCheckpoint = maySkipCheckpoint)
             }
         }
+
+        private val DEFAULT_TRACKER = { ProgressTracker() }
     }
 
     /**
@@ -345,7 +347,7 @@ abstract class FlowLogic<out T> {
      * Note that this has to return a tracker before the flow is invoked. You can't change your mind half way
      * through.
      */
-    open val progressTracker: ProgressTracker? = ProgressTracker.DEFAULT_TRACKER()
+    open val progressTracker: ProgressTracker? = DEFAULT_TRACKER()
 
     /**
      * This is where you fill out your business logic.
diff --git a/core/src/main/kotlin/net/corda/core/flows/NotaryChangeFlow.kt b/core/src/main/kotlin/net/corda/core/flows/NotaryChangeFlow.kt
index aabe51f2e8..20072e3b8f 100644
--- a/core/src/main/kotlin/net/corda/core/flows/NotaryChangeFlow.kt
+++ b/core/src/main/kotlin/net/corda/core/flows/NotaryChangeFlow.kt
@@ -34,7 +34,7 @@ class NotaryChangeFlow<out T : ContractState>(
                 inputs.map { it.ref },
                 originalState.state.notary,
                 modification,
-                serviceHub.networkParametersStorage.currentHash
+                serviceHub.networkParametersService.currentHash
         ).build()
 
         val participantKeys = inputs.flatMap { it.state.data.participants }.map { it.owningKey }.toSet()
diff --git a/core/src/main/kotlin/net/corda/core/flows/NotaryError.kt b/core/src/main/kotlin/net/corda/core/flows/NotaryError.kt
index 9ed781026c..835f0291ab 100644
--- a/core/src/main/kotlin/net/corda/core/flows/NotaryError.kt
+++ b/core/src/main/kotlin/net/corda/core/flows/NotaryError.kt
@@ -28,7 +28,7 @@ sealed class NotaryError {
             /** Specifies which states have already been consumed in another transaction. */
             val consumedStates: Map<StateRef, StateConsumptionDetails>
     ) : NotaryError() {
-        override fun toString() = "One or more input states have already been used in other transactions. Conflicting state count: ${consumedStates.size}, consumption details:\n" +
+        override fun toString() = "One or more input states or referenced states have already been used as input states in other transactions. Conflicting state count: ${consumedStates.size}, consumption details:\n" +
                 "${consumedStates.asSequence().joinToString(",\n", limit = 5) { it.key.toString() + " -> " + it.value }}.\n" +
                 "To find out if any of the conflicting transactions have been generated by this node you can use the hashLookup Corda shell command."
     }
@@ -76,7 +76,7 @@ sealed class NotaryError {
  */
 // TODO: include notary timestamp?
 @CordaSerializable
-    data class StateConsumptionDetails(
+data class StateConsumptionDetails(
         val hashOfTransactionId: SecureHash,
         val type: ConsumedStateType
 ) {
diff --git a/core/src/main/kotlin/net/corda/core/flows/NotaryFlow.kt b/core/src/main/kotlin/net/corda/core/flows/NotaryFlow.kt
index 56fe9da7ab..915ac30f58 100644
--- a/core/src/main/kotlin/net/corda/core/flows/NotaryFlow.kt
+++ b/core/src/main/kotlin/net/corda/core/flows/NotaryFlow.kt
@@ -10,7 +10,7 @@ import net.corda.core.crypto.TransactionSignature
 import net.corda.core.identity.Party
 import net.corda.core.internal.BackpressureAwareTimedFlow
 import net.corda.core.internal.FetchDataFlow
-import net.corda.core.internal.notary.HistoricNetworkParameterStorage
+import net.corda.core.internal.NetworkParametersServiceInternal
 import net.corda.core.internal.notary.generateSignature
 import net.corda.core.internal.notary.validateSignatures
 import net.corda.core.internal.pushToLoggingContext
@@ -107,7 +107,7 @@ class NotaryFlow {
                 check(stx.coreTransaction is NotaryChangeWireTransaction) {
                     "Notary $notaryParty is not on the network parameter whitelist. A non-whitelisted notary can only be used for notary change transactions"
                 }
-                val historicNotary = (serviceHub.networkParametersStorage as HistoricNetworkParameterStorage).getHistoricNotary(notaryParty)
+                val historicNotary = (serviceHub.networkParametersService as NetworkParametersServiceInternal).getHistoricNotary(notaryParty)
                         ?: throw IllegalStateException("The notary party $notaryParty specified by transaction ${stx.id}, is not recognised as a current or historic notary.")
                 historicNotary.validating
 
diff --git a/core/src/main/kotlin/net/corda/core/flows/ReceiveTransactionFlow.kt b/core/src/main/kotlin/net/corda/core/flows/ReceiveTransactionFlow.kt
index 189e19ad75..41b61ff15e 100644
--- a/core/src/main/kotlin/net/corda/core/flows/ReceiveTransactionFlow.kt
+++ b/core/src/main/kotlin/net/corda/core/flows/ReceiveTransactionFlow.kt
@@ -43,7 +43,7 @@ open class ReceiveTransactionFlow @JvmOverloads constructor(private val otherSid
             it.pushToLoggingContext()
             logger.info("Received transaction acknowledgement request from party ${otherSideSession.counterparty}.")
             checkParameterHash(it.networkParametersHash)
-            subFlow(ResolveTransactionsFlow(it, otherSideSession))
+            subFlow(ResolveTransactionsFlow(it, otherSideSession, statesToRecord))
             logger.info("Transaction dependencies resolution completed.")
             try {
                 it.verify(serviceHub, checkSufficientSignatures)
diff --git a/core/src/main/kotlin/net/corda/core/flows/WithReferencedStatesFlow.kt b/core/src/main/kotlin/net/corda/core/flows/WithReferencedStatesFlow.kt
index 39210a6923..99bcf46efb 100644
--- a/core/src/main/kotlin/net/corda/core/flows/WithReferencedStatesFlow.kt
+++ b/core/src/main/kotlin/net/corda/core/flows/WithReferencedStatesFlow.kt
@@ -4,11 +4,10 @@ import co.paralleluniverse.fibers.Suspendable
 import net.corda.core.contracts.StateRef
 import net.corda.core.internal.uncheckedCast
 import net.corda.core.utilities.ProgressTracker
-import net.corda.core.utilities.contextLogger
 
 /**
- * Given a flow which uses reference states, the [WithReferencedStatesFlow] will execute the the flow as a subFlow.
- * If the flow fails due to a [NotaryError.Conflict] for a reference state, then it will be suspended until the
+ * Given a flow which uses reference states, the [WithReferencedStatesFlow] will execute the flow as a subFlow.
+ * If the flow fails due to a [NotaryError.Conflict] for a reference state, then WithReferencedStatesFlow will be suspended until the
  * state refs for the reference states are consumed. In this case, a consumption means that:
  *
  * 1. the owner of the reference state has updated the state with a valid, notarised transaction
@@ -21,17 +20,16 @@ import net.corda.core.utilities.contextLogger
  * reference states. The flow using reference states should include checks to ensure that the reference data is
  * reasonable, especially if some economics transaction depends upon it.
  *
- * @param flowLogic a flow which uses reference states.
  * @param progressTracker a progress tracker instance.
+ * @param flowLogicProducer a lambda which creates the [FlowLogic] instance using reference states. This will be executed at least once.
+ * It is recommended a new [FlowLogic] instance be returned each time.
  */
-class WithReferencedStatesFlow<T : Any>(
-        val flowLogic: FlowLogic<T>,
-        override val progressTracker: ProgressTracker = WithReferencedStatesFlow.tracker()
+class WithReferencedStatesFlow<T : Any> @JvmOverloads constructor(
+        override val progressTracker: ProgressTracker = tracker(),
+        private val flowLogicProducer: () -> FlowLogic<T>
 ) : FlowLogic<T>() {
 
     companion object {
-        val logger = contextLogger()
-
         object ATTEMPT : ProgressTracker.Step("Attempting to run flow which uses reference states.")
         object RETRYING : ProgressTracker.Step("Reference states are out of date! Waiting for updated states...")
         object SUCCESS : ProgressTracker.Step("Flow ran successfully.")
@@ -40,10 +38,10 @@ class WithReferencedStatesFlow<T : Any>(
         fun tracker() = ProgressTracker(ATTEMPT, RETRYING, SUCCESS)
     }
 
-    private sealed class FlowResult {
-        data class Success<T : Any>(val value: T) : FlowResult()
-        data class Conflict(val stateRefs: Set<StateRef>) : FlowResult()
-    }
+    // This is not a sealed data class as that requires exposing Success and Conflict
+    private interface FlowResult
+    private data class Success<T : Any>(val value: T) : FlowResult
+    private data class Conflict(val stateRefs: Set<StateRef>) : FlowResult
 
     /**
      * Process the flow result. We don't care about anything other than NotaryExceptions. If it is a
@@ -58,13 +56,13 @@ class WithReferencedStatesFlow<T : Any>(
                     val conflictingReferenceStateRefs = error.consumedStates.filter {
                         it.value.type == StateConsumptionDetails.ConsumedStateType.REFERENCE_INPUT_STATE
                     }.map { it.key }.toSet()
-                    FlowResult.Conflict(conflictingReferenceStateRefs)
+                    Conflict(conflictingReferenceStateRefs)
                 } else {
                     throw result
                 }
             }
             is FlowException -> throw result
-            else -> FlowResult.Success(result)
+            else -> Success(result)
         }
     }
 
@@ -75,6 +73,7 @@ class WithReferencedStatesFlow<T : Any>(
         // Loop until the flow successfully completes. We need to
         // do this because there might be consecutive update races.
         while (true) {
+            val flowLogic = flowLogicProducer()
             // Return a successful flow result or a FlowException.
             logger.info("Attempting to run the supplied flow ${flowLogic.javaClass.canonicalName}.")
             val result = try {
@@ -91,12 +90,12 @@ class WithReferencedStatesFlow<T : Any>(
             //    states have been updated.
             @Suppress("UNCHECKED_CAST")
             when (processedResult) {
-                is FlowResult.Success<*> -> {
+                is Success<*> -> {
                     logger.info("Flow ${flowLogic.javaClass.canonicalName} completed successfully.")
                     progressTracker.currentStep = SUCCESS
                     return uncheckedCast(processedResult.value)
                 }
-                is FlowResult.Conflict -> {
+                is Conflict -> {
                     val conflicts = processedResult.stateRefs
                     logger.info("Flow ${flowLogic.javaClass.name} failed due to reference state conflicts: $conflicts.")
 
@@ -112,4 +111,4 @@ class WithReferencedStatesFlow<T : Any>(
             }
         }
     }
-}
\ No newline at end of file
+}
diff --git a/core/src/main/kotlin/net/corda/core/internal/ClassLoadingUtils.kt b/core/src/main/kotlin/net/corda/core/internal/ClassLoadingUtils.kt
new file mode 100644
index 0000000000..cf10760350
--- /dev/null
+++ b/core/src/main/kotlin/net/corda/core/internal/ClassLoadingUtils.kt
@@ -0,0 +1,31 @@
+package net.corda.core.internal
+
+import io.github.classgraph.ClassGraph
+import net.corda.core.CordaInternal
+import net.corda.core.DeleteForDJVM
+import net.corda.core.StubOutForDJVM
+import kotlin.reflect.full.createInstance
+
+/**
+ * Creates instances of all the classes in the classpath of the provided classloader, which implement the interface of the provided class.
+ * @param classloader the classloader, which will be searched for the classes.
+ * @param clazz the class of the interface, which the classes - to be returned - must implement.
+ *
+ * @return instances of the identified classes.
+ * @throws IllegalArgumentException if the classes found do not have proper constructors.
+ *
+ * Note: In order to be instantiated, the associated classes must:
+ * - be non-abstract
+ * - either be a Kotlin object or have a constructor with no parameters (or only optional ones)
+ */
+@StubOutForDJVM
+fun <T: Any> loadClassesImplementing(classloader: ClassLoader, clazz: Class<T>): Set<T> {
+    return ClassGraph().addClassLoader(classloader)
+            .enableAllInfo()
+            .scan()
+            .getClassesImplementing(clazz.name)
+            .filterNot { it.isAbstract }
+            .mapNotNull { classloader.loadClass(it.name).asSubclass(clazz) }
+            .map { it.kotlin.objectInstance ?: it.kotlin.createInstance() }
+            .toSet()
+}
\ No newline at end of file
diff --git a/core/src/main/kotlin/net/corda/core/internal/ContractUpgradeUtils.kt b/core/src/main/kotlin/net/corda/core/internal/ContractUpgradeUtils.kt
index 3557674927..be68c19c28 100644
--- a/core/src/main/kotlin/net/corda/core/internal/ContractUpgradeUtils.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/ContractUpgradeUtils.kt
@@ -21,7 +21,7 @@ object ContractUpgradeUtils {
             else -> getContractAttachmentId(stateAndRef.state.contract, services)
         }
         val upgradedContractAttachmentId = getContractAttachmentId(upgradedContractClass.name, services)
-        val networkParametersHash = services.networkParametersStorage.currentHash
+        val networkParametersHash = services.networkParametersService.currentHash
 
         val inputs = listOf(stateAndRef.ref)
         return ContractUpgradeTransactionBuilder(
diff --git a/core/src/main/kotlin/net/corda/core/internal/CordaUtils.kt b/core/src/main/kotlin/net/corda/core/internal/CordaUtils.kt
index f6c97377b8..d1b7ee1376 100644
--- a/core/src/main/kotlin/net/corda/core/internal/CordaUtils.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/CordaUtils.kt
@@ -1,6 +1,7 @@
 package net.corda.core.internal
 
 import net.corda.core.DeleteForDJVM
+import net.corda.core.contracts.ContractAttachment
 import net.corda.core.contracts.ContractClassName
 import net.corda.core.cordapp.Cordapp
 import net.corda.core.cordapp.CordappConfig
@@ -11,18 +12,28 @@ import net.corda.core.flows.FlowLogic
 import net.corda.core.node.NetworkParameters
 import net.corda.core.node.ServicesForResolution
 import net.corda.core.node.ZoneVersionTooLowException
+import net.corda.core.node.services.AttachmentStorage
+import net.corda.core.node.services.vault.AttachmentQueryCriteria
+import net.corda.core.node.services.vault.AttachmentSort
+import net.corda.core.node.services.vault.Builder
+import net.corda.core.node.services.vault.Sort
 import net.corda.core.serialization.CordaSerializable
 import net.corda.core.serialization.SerializationContext
+import net.corda.core.serialization.internal.AttachmentsClassLoaderBuilder
 import net.corda.core.transactions.LedgerTransaction
 import net.corda.core.transactions.SignedTransaction
 import net.corda.core.transactions.TransactionBuilder
 import net.corda.core.transactions.WireTransaction
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
 import org.slf4j.MDC
 import java.security.PublicKey
+import java.util.jar.JarEntry
+import java.util.jar.JarInputStream
 
 // *Internal* Corda-specific utilities.
 
-const val PLATFORM_VERSION = 4
+const val PLATFORM_VERSION = 5
 
 fun ServicesForResolution.ensureMinimumPlatformVersion(requiredMinPlatformVersion: Int, feature: String) {
     checkMinimumPlatformVersion(networkParameters.minimumPlatformVersion, requiredMinPlatformVersion, feature)
@@ -116,3 +127,34 @@ internal fun NetworkParameters.getPackageOwnerOf(contractClassNames: Set<Contrac
 fun noPackageOverlap(packages: Collection<String>): Boolean {
     return packages.all { outer -> packages.none { inner -> inner != outer && inner.startsWith("$outer.") } }
 }
+
+/**
+ * Scans trusted (installed locally) contract attachments to find all that contain the [className].
+ * This is required as a workaround until explicit cordapp dependencies are implemented.
+ * DO NOT USE IN CLIENT code.
+ *
+ * @return the contract attachments with the highest version.
+ *
+ * TODO: Should throw when the class is found in multiple contract attachments (not different versions).
+ */
+fun AttachmentStorage.internalFindTrustedAttachmentForClass(className: String): ContractAttachment?{
+    val allTrusted = queryAttachments(
+            AttachmentQueryCriteria.AttachmentsQueryCriteria().withUploader(Builder.`in`(TRUSTED_UPLOADERS)),
+            AttachmentSort(listOf(AttachmentSort.AttachmentSortColumn(AttachmentSort.AttachmentSortAttribute.VERSION, Sort.Direction.DESC))))
+
+    // TODO - add caching if performance is affected.
+    for (attId in allTrusted) {
+        val attch = openAttachment(attId)!!
+        if (attch is ContractAttachment && attch.openAsJAR().use { hasFile(it, "$className.class") }) return attch
+    }
+    return null
+}
+
+private fun hasFile(jarStream: JarInputStream, className: String): Boolean {
+    while (true) {
+        val e = jarStream.nextJarEntry ?: return false
+        if (e.name == className) {
+            return true
+        }
+    }
+}
diff --git a/core/src/main/kotlin/net/corda/core/internal/DjvmUtils.kt b/core/src/main/kotlin/net/corda/core/internal/DjvmUtils.kt
new file mode 100644
index 0000000000..755a7959e1
--- /dev/null
+++ b/core/src/main/kotlin/net/corda/core/internal/DjvmUtils.kt
@@ -0,0 +1,20 @@
+@file:KeepForDJVM
+
+package net.corda.core.internal
+
+import net.corda.core.KeepForDJVM
+import net.corda.core.contracts.Attachment
+import net.corda.core.contracts.StateRef
+import net.corda.core.contracts.TransactionState
+import net.corda.core.crypto.SecureHash
+import net.corda.core.node.NetworkParameters
+import net.corda.core.transactions.LedgerTransaction
+import net.corda.core.transactions.WireTransaction
+
+fun WireTransaction.toLtxDjvmInternal(
+        resolveAttachment: (SecureHash) -> Attachment?,
+        resolveStateRef: (StateRef) -> TransactionState<*>?,
+        resolveParameters: (SecureHash?) -> NetworkParameters?
+): LedgerTransaction {
+    return toLtxDjvmInternalBridge(resolveAttachment, resolveStateRef, resolveParameters)
+}
diff --git a/core/src/main/kotlin/net/corda/core/internal/notary/HistoricNetworkParameterStorage.kt b/core/src/main/kotlin/net/corda/core/internal/NetworkParametersServiceInternal.kt
similarity index 63%
rename from core/src/main/kotlin/net/corda/core/internal/notary/HistoricNetworkParameterStorage.kt
rename to core/src/main/kotlin/net/corda/core/internal/NetworkParametersServiceInternal.kt
index b12ee74251..7aacf46edf 100644
--- a/core/src/main/kotlin/net/corda/core/internal/notary/HistoricNetworkParameterStorage.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/NetworkParametersServiceInternal.kt
@@ -1,9 +1,10 @@
-package net.corda.core.internal.notary
+package net.corda.core.internal
 
 import net.corda.core.identity.Party
 import net.corda.core.node.NotaryInfo
+import net.corda.core.node.services.NetworkParametersService
 
-interface HistoricNetworkParameterStorage {
+interface NetworkParametersServiceInternal : NetworkParametersService {
     /**
      * Returns the [NotaryInfo] for a notary [party] in the current or any historic network parameter whitelist, or null if not found.
      */
diff --git a/core/src/main/kotlin/net/corda/core/internal/PathUtils.kt b/core/src/main/kotlin/net/corda/core/internal/PathUtils.kt
index 50e05c06b6..dfd873628f 100644
--- a/core/src/main/kotlin/net/corda/core/internal/PathUtils.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/PathUtils.kt
@@ -75,6 +75,9 @@ inline val Path.isReadable: Boolean get() = Files.isReadable(this)
 /** @see Files.size */
 inline val Path.size: Long get() = Files.size(this)
 
+/** @see Files.readAttributes */
+fun Path.attributes(vararg options: LinkOption): BasicFileAttributes = Files.readAttributes(this, BasicFileAttributes::class.java, *options)
+
 /** @see Files.getLastModifiedTime */
 fun Path.lastModifiedTime(vararg options: LinkOption): FileTime = Files.getLastModifiedTime(this, *options)
 
diff --git a/core/src/main/kotlin/net/corda/core/internal/ResolveTransactionsFlow.kt b/core/src/main/kotlin/net/corda/core/internal/ResolveTransactionsFlow.kt
index 4786d1f998..5816266db2 100644
--- a/core/src/main/kotlin/net/corda/core/internal/ResolveTransactionsFlow.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/ResolveTransactionsFlow.kt
@@ -20,12 +20,11 @@ import kotlin.math.min
 /**
  * Resolves transactions for the specified [txHashes] along with their full history (dependency graph) from [otherSide].
  * Each retrieved transaction is validated and inserted into the local transaction storage.
- *
- * @return a list of verified [SignedTransaction] objects, in a depth-first order.
  */
 @DeleteForDJVM
 class ResolveTransactionsFlow(txHashesArg: Set<SecureHash>,
-                              private val otherSide: FlowSession) : FlowLogic<Unit>() {
+                              private val otherSide: FlowSession,
+                              private val statesToRecord: StatesToRecord = StatesToRecord.NONE) : FlowLogic<Unit>() {
 
     // Need it ordered in terms of iteration. Needs to be a variable for the check-pointing logic to work.
     private val txHashes = txHashesArg.toList()
@@ -40,6 +39,10 @@ class ResolveTransactionsFlow(txHashesArg: Set<SecureHash>,
         this.signedTransaction = signedTransaction
     }
 
+    constructor(signedTransaction: SignedTransaction, otherSide: FlowSession, statesToRecord: StatesToRecord) : this(dependencyIDs(signedTransaction), otherSide, statesToRecord) {
+        this.signedTransaction = signedTransaction
+    }
+
     @DeleteForDJVM
     companion object {
         private fun dependencyIDs(stx: SignedTransaction) = stx.inputs.map { it.txhash }.toSet() + stx.references.map { it.txhash }.toSet()
@@ -87,13 +90,16 @@ class ResolveTransactionsFlow(txHashesArg: Set<SecureHash>,
         // Finish fetching data.
 
         val result = topologicalSort(newTxns)
+        // If transaction resolution is performed for a transaction where some states are relevant, then those should be
+        // recorded if this has not already occurred.
+        val usedStatesToRecord = if (statesToRecord == StatesToRecord.NONE) StatesToRecord.ONLY_RELEVANT else statesToRecord
         result.forEach {
             // For each transaction, verify it and insert it into the database. As we are iterating over them in a
             // depth-first order, we should not encounter any verification failures due to missing data. If we fail
             // half way through, it's no big deal, although it might result in us attempting to re-download data
             // redundantly next time we attempt verification.
             it.verify(serviceHub)
-            serviceHub.recordTransactions(StatesToRecord.NONE, listOf(it))
+            serviceHub.recordTransactions(usedStatesToRecord, listOf(it))
         }
     }
 
diff --git a/core/src/main/kotlin/net/corda/core/internal/StatePointerSearch.kt b/core/src/main/kotlin/net/corda/core/internal/StatePointerSearch.kt
index 60e8b93482..0ae69ff7ae 100644
--- a/core/src/main/kotlin/net/corda/core/internal/StatePointerSearch.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/StatePointerSearch.kt
@@ -1,18 +1,17 @@
 package net.corda.core.internal
 
 import net.corda.core.contracts.ContractState
-import net.corda.core.contracts.LinearPointer
 import net.corda.core.contracts.StatePointer
-import net.corda.core.contracts.StaticPointer
 import java.lang.reflect.Field
 import java.util.*
 
 /**
  * Uses reflection to search for instances of [StatePointer] within a [ContractState].
+ * TODO: Doesn't handle calculated properties. Add support for this.
  */
 class StatePointerSearch(val state: ContractState) {
     // Classes in these packages should not be part of a search.
-    private val blackListedPackages = setOf("java.", "javax.")
+    private val blackListedPackages = setOf("java.", "javax.", "org.bouncycastle.", "net.i2p.crypto.")
 
     // Type required for traversal.
     private data class FieldWithObject(val obj: Any, val field: Field)
@@ -21,14 +20,26 @@ class StatePointerSearch(val state: ContractState) {
     private val statePointers = mutableSetOf<StatePointer<*>>()
 
     // Record seen objects to avoid getting stuck in loops.
-    private val seenObjects = mutableSetOf<Any>().apply { add(state) }
+    private val seenObjects = Collections.newSetFromMap(IdentityHashMap<Any, Boolean>()).apply { add(state) }
 
     // Queue of fields to search.
     private val fieldQueue = ArrayDeque<FieldWithObject>().apply { addAllFields(state) }
 
+    // Get fields of class and all super-classes.
+    private fun getAllFields(clazz: Class<*>): List<Field> {
+        val fields = mutableListOf<Field>()
+        var currentClazz = clazz
+        while (currentClazz.superclass != null) {
+            fields.addAll(currentClazz.declaredFields)
+            currentClazz = currentClazz.superclass
+        }
+        return fields
+    }
+
     // Helper for adding all fields to the queue.
     private fun ArrayDeque<FieldWithObject>.addAllFields(obj: Any) {
-        val fields = obj::class.java.declaredFields
+        val fields = getAllFields(obj::class.java)
+
         val fieldsWithObjects = fields.mapNotNull { field ->
             // Ignore classes which have not been loaded.
             // Assumption: all required state classes are already loaded.
@@ -36,39 +47,44 @@ class StatePointerSearch(val state: ContractState) {
             if (packageName == null) {
                 null
             } else {
-                // Ignore JDK classes.
-                val isBlacklistedPackage = blackListedPackages.any { packageName.startsWith(it) }
-                if (isBlacklistedPackage) {
-                    null
-                } else {
-                    FieldWithObject(obj, field)
-                }
+                FieldWithObject(obj, field)
             }
         }
         addAll(fieldsWithObjects)
     }
 
-    private fun handleField(obj: Any, field: Field) {
-        when {
-            // StatePointer. Handles nullable StatePointers too.
-            field.type == LinearPointer::class.java -> statePointers.add(field.get(obj) as? LinearPointer<*> ?: return)
-            field.type == StaticPointer::class.java -> statePointers.add(field.get(obj) as? StaticPointer<*> ?: return)
-            // Not StatePointer.
+    private fun handleIterable(iterable: Iterable<*>) {
+        iterable.forEach { obj -> handleObject(obj) }
+    }
+
+    private fun handleMap(map: Map<*, *>) {
+        map.forEach { k, v ->
+            handleObject(k)
+            handleObject(v)
+        }
+    }
+
+    private fun handleObject(obj: Any?) {
+        if (obj == null) return
+        seenObjects.add(obj)
+        when (obj) {
+            is Map<*, *> -> handleMap(obj)
+            is StatePointer<*> -> statePointers.add(obj)
+            is Iterable<*> -> handleIterable(obj)
             else -> {
-                val newObj = field.get(obj) ?: return
-
-                // Ignore nulls.
-                if (newObj in seenObjects) {
-                    return
-                }
-
-                // Recurse.
-                fieldQueue.addAllFields(newObj)
-                seenObjects.add(obj)
+                val packageName = obj.javaClass.`package`.name
+                val isBlackListed = blackListedPackages.any { packageName.startsWith(it) }
+                if (isBlackListed.not()) fieldQueue.addAllFields(obj)
             }
         }
     }
 
+    private fun handleField(obj: Any, field: Field) {
+        val newObj = field.get(obj) ?: return
+        if (newObj in seenObjects) return
+        handleObject(newObj)
+    }
+
     fun search(): Set<StatePointer<*>> {
         while (fieldQueue.isNotEmpty()) {
             val (obj, field) = fieldQueue.pop()
diff --git a/core/src/main/kotlin/net/corda/core/internal/TransactionUtils.kt b/core/src/main/kotlin/net/corda/core/internal/TransactionUtils.kt
index cefa3da900..b4db980ace 100644
--- a/core/src/main/kotlin/net/corda/core/internal/TransactionUtils.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/TransactionUtils.kt
@@ -70,7 +70,7 @@ fun <T : Any> deserialiseComponentGroup(componentGroups: List<ComponentGroup>,
     // If the componentGroup is a [LazyMappedList] it means that the original deserialized version is already available.
     val components = group.components
     if (!forceDeserialize && components is LazyMappedList<*, OpaqueBytes>) {
-        return components.originalList as List<T>
+        return uncheckedCast(components.originalList)
     }
 
     return components.lazyMapped { component, internalIndex ->
@@ -166,7 +166,7 @@ fun FlowLogic<*>.checkParameterHash(networkParametersHash: SecureHash?) {
         if (serviceHub.networkParameters.minimumPlatformVersion < 4) return
         else throw IllegalArgumentException("Transaction for notarisation doesn't contain network parameters hash.")
     } else {
-        serviceHub.networkParametersStorage.lookup(networkParametersHash) ?: throw IllegalArgumentException("Transaction for notarisation contains unknown parameters hash: $networkParametersHash")
+        serviceHub.networkParametersService.lookup(networkParametersHash) ?: throw IllegalArgumentException("Transaction for notarisation contains unknown parameters hash: $networkParametersHash")
     }
 
     // TODO: [ENT-2666] Implement network parameters fuzzy checking. By design in Corda network we have propagation time delay.
diff --git a/core/src/main/kotlin/net/corda/core/internal/TransactionVerifierServiceInternal.kt b/core/src/main/kotlin/net/corda/core/internal/TransactionVerifierServiceInternal.kt
new file mode 100644
index 0000000000..bddec98b65
--- /dev/null
+++ b/core/src/main/kotlin/net/corda/core/internal/TransactionVerifierServiceInternal.kt
@@ -0,0 +1,408 @@
+package net.corda.core.internal
+
+import net.corda.core.DeleteForDJVM
+import net.corda.core.concurrent.CordaFuture
+import net.corda.core.contracts.*
+import net.corda.core.contracts.TransactionVerificationException.TransactionContractConflictException
+import net.corda.core.crypto.isFulfilledBy
+import net.corda.core.internal.cordapp.CordappImpl
+import net.corda.core.internal.rules.StateContractValidationEnforcementRule
+import net.corda.core.transactions.LedgerTransaction
+import net.corda.core.utilities.contextLogger
+
+@DeleteForDJVM
+interface TransactionVerifierServiceInternal {
+    /**
+     * Verifies the [transaction] but adds some [extraAttachments] to the classpath.
+     * Required for transactions built with Corda 3.x that might miss some dependencies due to a bug in that version.
+     */
+    fun verify(transaction: LedgerTransaction, extraAttachments: List<Attachment> ): CordaFuture<*>
+}
+
+/**
+ * Defined here for visibility reasons.
+ */
+fun LedgerTransaction.prepareVerify(extraAttachments: List<Attachment>) = this.internalPrepareVerify(extraAttachments)
+
+/**
+ * Because we create a separate [LedgerTransaction] onto which we need to perform verification, it becomes important we don't verify the
+ * wrong object instance. This class helps avoid that.
+ */
+class Verifier(val ltx: LedgerTransaction, val transactionClassLoader: ClassLoader, private val inputStatesContractClassNameToMaxVersion: Map<ContractClassName, Version>) {
+    private val inputStates: List<TransactionState<*>> = ltx.inputs.map { it.state }
+    private val allStates: List<TransactionState<*>> = inputStates + ltx.references.map { it.state } + ltx.outputs
+    private val contractAttachmentsByContract: Map<ContractClassName, Set<ContractAttachment>> = getContractAttachmentsByContract()
+
+    companion object {
+        private val logger = contextLogger()
+    }
+
+    fun verify() {
+        // checkNoNotaryChange and checkEncumbrancesValid are called here, and not in the c'tor, as they need access to the "outputs"
+        // list, the contents of which need to be deserialized under the correct classloader.
+        checkNoNotaryChange()
+        checkEncumbrancesValid()
+        validateContractVersions()
+        validatePackageOwnership()
+        validateStatesAgainstContract()
+        val hashToSignatureConstrainedContracts = verifyConstraintsValidity()
+        verifyConstraints(hashToSignatureConstrainedContracts)
+        verifyContracts()
+    }
+
+    // TODO: revisit to include contract version information
+    /**
+     *  This method may return more than one attachment for a given contract class.
+     *  Specifically, this is the case for transactions combining hash and signature constraints where the hash constrained contract jar
+     *  will be unsigned, and the signature constrained counterpart will be signed.
+     */
+    private fun getContractAttachmentsByContract(): Map<ContractClassName, Set<ContractAttachment>> {
+        val contractClasses = allStates.map { it.contract }.toSet()
+        val result = mutableMapOf<ContractClassName, Set<ContractAttachment>>()
+
+        for (attachment in ltx.attachments) {
+            if (attachment !is ContractAttachment) continue
+            for (contract in contractClasses) {
+                if (contract !in attachment.allContracts) continue
+                result[contract] = result.getOrDefault(contract, setOf(attachment)).plus(attachment)
+            }
+        }
+
+        return result
+    }
+
+    /**
+     * Make sure the notary has stayed the same. As we can't tell how inputs and outputs connect, if there
+     * are any inputs or reference inputs, all outputs must have the same notary.
+     *
+     * TODO: Is that the correct set of restrictions? May need to come back to this, see if we can be more
+     *       flexible on output notaries.
+     */
+    private fun checkNoNotaryChange() {
+        if (ltx.notary != null && (ltx.inputs.isNotEmpty() || ltx.references.isNotEmpty())) {
+            ltx.outputs.forEach {
+                if (it.notary != ltx.notary) {
+                    throw TransactionVerificationException.NotaryChangeInWrongTransactionType(ltx.id, ltx.notary, it.notary)
+                }
+            }
+        }
+    }
+
+    private fun checkEncumbrancesValid() {
+        // Validate that all encumbrances exist within the set of input states.
+        ltx.inputs
+                .filter { it.state.encumbrance != null }
+                .forEach { (state, ref) -> checkInputEncumbranceStateExists(state, ref) }
+
+        // Check that in the outputs,
+        // a) an encumbered state does not refer to itself as the encumbrance
+        // b) the number of outputs can contain the encumbrance
+        // c) the bi-directionality (full cycle) property is satisfied
+        // d) encumbered output states are assigned to the same notary.
+        val statesAndEncumbrance = ltx.outputs
+                .withIndex()
+                .filter { it.value.encumbrance != null }
+                .map { Pair(it.index, it.value.encumbrance!!) }
+        if (!statesAndEncumbrance.isEmpty()) {
+            checkBidirectionalOutputEncumbrances(statesAndEncumbrance)
+            checkNotariesOutputEncumbrance(statesAndEncumbrance)
+        }
+    }
+
+    private fun checkInputEncumbranceStateExists(state: TransactionState<ContractState>, ref: StateRef) {
+        val encumbranceStateExists = ltx.inputs.any {
+            it.ref.txhash == ref.txhash && it.ref.index == state.encumbrance
+        }
+        if (!encumbranceStateExists) {
+            throw TransactionVerificationException.TransactionMissingEncumbranceException(
+                    ltx.id,
+                    state.encumbrance!!,
+                    TransactionVerificationException.Direction.INPUT
+            )
+        }
+    }
+
+    // Using basic graph theory, a full cycle of encumbered (co-dependent) states should exist to achieve bi-directional
+    // encumbrances. This property is important to ensure that no states involved in an encumbrance-relationship
+    // can be spent on their own. Briefly, if any of the states is having more than one encumbrance references by
+    // other states, a full cycle detection will fail. As a result, all of the encumbered states must be present
+    // as "from" and "to" only once (or zero times if no encumbrance takes place). For instance,
+    // a -> b
+    // c -> b    and     a -> b
+    // b -> a            b -> c
+    // do not satisfy the bi-directionality (full cycle) property.
+    //
+    // In the first example "b" appears twice in encumbrance ("to") list and "c" exists in the encumbered ("from") list only.
+    // Due the above, one could consume "a" and "b" in the same transaction and then, because "b" is already consumed, "c" cannot be spent.
+    //
+    // Similarly, the second example does not form a full cycle because "a" and "c" exist in one of the lists only.
+    // As a result, one can consume "b" and "c" in the same transactions, which will make "a" impossible to be spent.
+    //
+    // On other hand the following are valid constructions:
+    // a -> b            a -> c
+    // b -> c    and     c -> b
+    // c -> a            b -> a
+    // and form a full cycle, meaning that the bi-directionality property is satisfied.
+    private fun checkBidirectionalOutputEncumbrances(statesAndEncumbrance: List<Pair<Int, Int>>) {
+        // [Set] of "from" (encumbered states).
+        val encumberedSet = mutableSetOf<Int>()
+        // [Set] of "to" (encumbrance states).
+        val encumbranceSet = mutableSetOf<Int>()
+        // Update both [Set]s.
+        statesAndEncumbrance.forEach { (statePosition, encumbrance) ->
+            // Check it does not refer to itself.
+            if (statePosition == encumbrance || encumbrance >= ltx.outputs.size) {
+                throw TransactionVerificationException.TransactionMissingEncumbranceException(
+                        ltx.id,
+                        encumbrance,
+                        TransactionVerificationException.Direction.OUTPUT
+                )
+            } else {
+                encumberedSet.add(statePosition) // Guaranteed to have unique elements.
+                if (!encumbranceSet.add(encumbrance)) {
+                    throw TransactionVerificationException.TransactionDuplicateEncumbranceException(ltx.id, encumbrance)
+                }
+            }
+        }
+        // At this stage we have ensured that "from" and "to" [Set]s are equal in size, but we should check their
+        // elements do indeed match. If they don't match, we return their symmetric difference (disjunctive union).
+        val symmetricDifference = (encumberedSet union encumbranceSet).subtract(encumberedSet intersect encumbranceSet)
+        if (symmetricDifference.isNotEmpty()) {
+            // At least one encumbered state is not in the [encumbranceSet] and vice versa.
+            throw TransactionVerificationException.TransactionNonMatchingEncumbranceException(ltx.id, symmetricDifference)
+        }
+    }
+
+    // Method to check if all encumbered states are assigned to the same notary Party.
+    // This method should be invoked after [checkBidirectionalOutputEncumbrances], because it assumes that the
+    // bi-directionality property is already satisfied.
+    private fun checkNotariesOutputEncumbrance(statesAndEncumbrance: List<Pair<Int, Int>>) {
+        // We only check for transactions in which notary is null (i.e., issuing transactions).
+        // Note that if a notary is defined for a transaction, we already check if all outputs are assigned
+        // to the same notary (transaction's notary) in [checkNoNotaryChange()].
+        if (ltx.notary == null) {
+            // indicesAlreadyChecked is used to bypass already checked indices and to avoid cycles.
+            val indicesAlreadyChecked = HashSet<Int>()
+            statesAndEncumbrance.forEach {
+                checkNotary(it.first, indicesAlreadyChecked)
+            }
+        }
+    }
+
+    private tailrec fun checkNotary(index: Int, indicesAlreadyChecked: HashSet<Int>) {
+        if (indicesAlreadyChecked.add(index)) {
+            val encumbranceIndex = ltx.outputs[index].encumbrance!!
+            if (ltx.outputs[index].notary != ltx.outputs[encumbranceIndex].notary) {
+                throw TransactionVerificationException.TransactionNotaryMismatchEncumbranceException(
+                        ltx.id,
+                        index,
+                        encumbranceIndex,
+                        ltx.outputs[index].notary,
+                        ltx.outputs[encumbranceIndex].notary
+                )
+            } else {
+                checkNotary(encumbranceIndex, indicesAlreadyChecked)
+            }
+        }
+    }
+
+    /**
+     * Verify that contract class versions of output states are not lower that versions of relevant input states.
+     */
+    private fun validateContractVersions() {
+        contractAttachmentsByContract.forEach { contractClassName, attachments ->
+            val outputVersion = attachments.signed?.version ?: attachments.unsigned?.version ?: CordappImpl.DEFAULT_CORDAPP_VERSION
+            inputStatesContractClassNameToMaxVersion[contractClassName]?.let {
+                if (it > outputVersion) {
+                    throw TransactionVerificationException.TransactionVerificationVersionException(ltx.id, contractClassName, "$it", "$outputVersion")
+                }
+            }
+        }
+    }
+
+    /**
+     * Verify that for each contract the network wide package owner is respected.
+     *
+     * TODO - revisit once transaction contains network parameters. - UPDATE: It contains them, but because of the API stability and the fact that
+     *  LedgerTransaction was data class i.e. exposed constructors that shouldn't had been exposed, we still need to keep them nullable :/
+     */
+    private fun validatePackageOwnership() {
+        val contractsAndOwners = allStates.mapNotNull { transactionState ->
+            val contractClassName = transactionState.contract
+            ltx.networkParameters!!.getPackageOwnerOf(contractClassName)?.let { contractClassName to it }
+        }.toMap()
+
+        contractsAndOwners.forEach { contract, owner ->
+            contractAttachmentsByContract[contract]?.filter { it.isSigned }?.forEach { attachment ->
+                if (!owner.isFulfilledBy(attachment.signerKeys))
+                    throw TransactionVerificationException.ContractAttachmentNotSignedByPackageOwnerException(ltx.id, attachment.id, contract)
+            } ?: throw TransactionVerificationException.ContractAttachmentNotSignedByPackageOwnerException(ltx.id, ltx.id, contract)
+        }
+    }
+
+    /**
+     * For all input and output [TransactionState]s, validates that the wrapped [ContractState] matches up with the
+     * wrapped [Contract], as declared by the [BelongsToContract] annotation on the [ContractState]'s class.
+     *
+     * If the target platform version of the current CorDapp is lower than 4.0, a warning will be written to the log
+     * if any mismatch is detected. If it is 4.0 or later, then [TransactionContractConflictException] will be thrown.
+     */
+    private fun validateStatesAgainstContract() = allStates.forEach(::validateStateAgainstContract)
+
+    private fun validateStateAgainstContract(state: TransactionState<ContractState>) {
+        val shouldEnforce = StateContractValidationEnforcementRule.shouldEnforce(state.data)
+
+        val requiredContractClassName = state.data.requiredContractClassName
+                ?: if (shouldEnforce) throw TransactionVerificationException.TransactionRequiredContractUnspecifiedException(ltx.id, state) else return
+
+        if (state.contract != requiredContractClassName)
+            if (shouldEnforce) {
+                throw TransactionContractConflictException(ltx.id, state, requiredContractClassName)
+            } else {
+                logger.warnOnce("""
+                            State of class ${state.data::class.java.typeName} belongs to contract $requiredContractClassName, but
+                            is bundled in TransactionState with ${state.contract}.
+
+                            For details see: https://docs.corda.net/api-contract-constraints.html#contract-state-agreement
+                            """.trimIndent().replace('\n', ' '))
+            }
+    }
+
+    /**
+     * Enforces the validity of the actual constraints.
+     * * Constraints should be one of the valid supported ones.
+     * * Constraints should propagate correctly if not marked otherwise.
+     *
+     * Returns set of contract classes that identify hash -> signature constraint switchover
+     */
+    private fun verifyConstraintsValidity(): MutableSet<ContractClassName> {
+        // First check that the constraints are valid.
+        for (state in allStates) {
+            checkConstraintValidity(state)
+        }
+
+        // Group the inputs and outputs by contract, and for each contract verify the constraints propagation logic.
+        // This is not required for reference states as there is nothing to propagate.
+        val inputContractGroups = ltx.inputs.groupBy { it.state.contract }
+        val outputContractGroups = ltx.outputs.groupBy { it.contract }
+
+        // identify any contract classes where input-output pair are transitioning from hash to signature constraints.
+        val hashToSignatureConstrainedContracts = mutableSetOf<ContractClassName>()
+
+        for (contractClassName in (inputContractGroups.keys + outputContractGroups.keys)) {
+            if (contractClassName.contractHasAutomaticConstraintPropagation(transactionClassLoader)) {
+                // Verify that the constraints of output states have at least the same level of restriction as the constraints of the
+                // corresponding input states.
+                val inputConstraints = inputContractGroups[contractClassName]?.map { it.state.constraint }?.toSet()
+                val outputConstraints = outputContractGroups[contractClassName]?.map { it.constraint }?.toSet()
+                outputConstraints?.forEach { outputConstraint ->
+                    inputConstraints?.forEach { inputConstraint ->
+                        val constraintAttachment = resolveAttachment(contractClassName)
+                        if (!(outputConstraint.canBeTransitionedFrom(inputConstraint, constraintAttachment))) {
+                            throw TransactionVerificationException.ConstraintPropagationRejection(
+                                    ltx.id,
+                                    contractClassName,
+                                    inputConstraint,
+                                    outputConstraint
+                            )
+                        }
+                        // Hash to signature constraints auto-migration
+                        if (outputConstraint is SignatureAttachmentConstraint && inputConstraint is HashAttachmentConstraint)
+                            hashToSignatureConstrainedContracts.add(contractClassName)
+                    }
+                }
+            } else {
+                contractClassName.warnContractWithoutConstraintPropagation()
+            }
+        }
+        return hashToSignatureConstrainedContracts
+    }
+
+    private fun resolveAttachment(contractClassName: ContractClassName): AttachmentWithContext {
+        val unsignedAttachment = contractAttachmentsByContract[contractClassName]!!.firstOrNull { !it.isSigned }
+        val signedAttachment = contractAttachmentsByContract[contractClassName]!!.firstOrNull { it.isSigned }
+        return when {
+            (unsignedAttachment != null && signedAttachment != null) -> AttachmentWithContext(signedAttachment, contractClassName, ltx.networkParameters!!)
+            (unsignedAttachment != null) -> AttachmentWithContext(unsignedAttachment, contractClassName, ltx.networkParameters!!)
+            (signedAttachment != null) -> AttachmentWithContext(signedAttachment, contractClassName, ltx.networkParameters!!)
+            else -> throw TransactionVerificationException.ContractConstraintRejection(ltx.id, contractClassName)
+        }
+    }
+
+    /**
+     * Verify that all contract constraints are passing before running any contract code.
+     *
+     * This check is running the [AttachmentConstraint.isSatisfiedBy] method for each corresponding [ContractAttachment].
+     *
+     * @throws TransactionVerificationException if the constraints fail to verify
+     */
+    private fun verifyConstraints(hashToSignatureConstrainedContracts: MutableSet<ContractClassName>) {
+        for (state in allStates) {
+            if (state.constraint is SignatureAttachmentConstraint) {
+                checkMinimumPlatformVersion(ltx.networkParameters!!.minimumPlatformVersion, 4, "Signature constraints")
+            }
+
+            val constraintAttachment = if (state.contract in hashToSignatureConstrainedContracts) {
+                // hash to to signature constraint migration logic:
+                // pass the unsigned attachment when verifying the constraint of the input state, and the signed attachment when verifying
+                // the constraint of the output state.
+                val unsignedAttachment = contractAttachmentsByContract[state.contract].unsigned
+                        ?: throw TransactionVerificationException.MissingAttachmentRejection(ltx.id, state.contract)
+                val signedAttachment = contractAttachmentsByContract[state.contract].signed
+                        ?: throw TransactionVerificationException.MissingAttachmentRejection(ltx.id, state.contract)
+                when {
+                    // use unsigned attachment if hash-constrained input state
+                    state.data in ltx.inputStates -> AttachmentWithContext(unsignedAttachment, state.contract, ltx.networkParameters!!)
+                    // use signed attachment if signature-constrained output state
+                    state.data in ltx.outputStates -> AttachmentWithContext(signedAttachment, state.contract, ltx.networkParameters!!)
+                    else -> throw IllegalStateException("${state.contract} must use either signed or unsigned attachment in hash to signature constraints migration")
+                }
+            } else {
+                // standard processing logic
+                val contractAttachment = contractAttachmentsByContract[state.contract]?.firstOrNull()
+                        ?: throw TransactionVerificationException.MissingAttachmentRejection(ltx.id, state.contract)
+                AttachmentWithContext(contractAttachment, state.contract, ltx.networkParameters!!)
+            }
+
+            if (!state.constraint.isSatisfiedBy(constraintAttachment)) {
+                throw TransactionVerificationException.ContractConstraintRejection(ltx.id, state.contract)
+            }
+        }
+    }
+
+    /**
+     * Check the transaction is contract-valid by running the verify() for each input and output state contract.
+     * If any contract fails to verify, the whole transaction is considered to be invalid.
+     */
+    private fun verifyContracts() {
+        val contractClasses = (inputStates + ltx.outputs).toSet()
+                .map { it.contract to contractClassFor(it.contract, it.data.javaClass.classLoader) }
+
+        val contractInstances = contractClasses.map { (contractClassName, contractClass) ->
+            try {
+                contractClass.newInstance()
+            } catch (e: Exception) {
+                throw TransactionVerificationException.ContractCreationError(ltx.id, contractClassName, e)
+            }
+        }
+
+        contractInstances.forEach { contract ->
+            try {
+                contract.verify(ltx)
+            } catch (e: Exception) {
+                throw TransactionVerificationException.ContractRejection(ltx.id, contract, e)
+            }
+        }
+    }
+
+    private fun contractClassFor(className: ContractClassName, classLoader: ClassLoader): Class<out Contract> {
+        return try {
+            classLoader.loadClass(className).asSubclass(Contract::class.java)
+        } catch (e: Exception) {
+            throw TransactionVerificationException.ContractCreationError(ltx.id, className, e)
+        }
+    }
+
+    private val Set<ContractAttachment>?.unsigned: ContractAttachment? get() = this?.firstOrNull { !it.isSigned }
+    private val Set<ContractAttachment>?.signed: ContractAttachment? get() = this?.firstOrNull { it.isSigned }
+}
diff --git a/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt b/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt
index ac53d8ae5f..721d06bc15 100644
--- a/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt
@@ -32,7 +32,7 @@ data class CordappImpl(
         override val jarHash: SecureHash.SHA256,
         override val minimumPlatformVersion: Int,
         override val targetPlatformVersion: Int,
-        val notaryService: Class<out NotaryService>?,
+        val notaryService: Class<out NotaryService>? = null,
         /** Indicates whether the CorDapp is loaded from external sources, or generated on node startup (virtual). */
         val isLoaded: Boolean = true
 ) : Cordapp {
diff --git a/core/src/main/kotlin/net/corda/core/node/ServiceHub.kt b/core/src/main/kotlin/net/corda/core/node/ServiceHub.kt
index 403a75b13b..00354743bb 100644
--- a/core/src/main/kotlin/net/corda/core/node/ServiceHub.kt
+++ b/core/src/main/kotlin/net/corda/core/node/ServiceHub.kt
@@ -38,8 +38,8 @@ interface ServicesForResolution {
     /** Provides access to anything relating to cordapps including contract attachment resolution and app context */
     val cordappProvider: CordappProvider
 
-    /** Provides access to storage of historical network parameters that are used in transaction resolution */
-    val networkParametersStorage: NetworkParametersStorage
+    /** Provides access to historical network parameters that are used in transaction resolution. */
+    val networkParametersService: NetworkParametersService
 
     /** Returns the network parameters the node is operating under. */
     val networkParameters: NetworkParameters
@@ -359,7 +359,7 @@ interface ServiceHub : ServicesForResolution {
      * and thus queryable data will include everything committed as of the last checkpoint.
      *
      * @throws IllegalStateException if called outside of a transaction.
-     * @return A new [Connection]
+     * @return A [Connection]
      */
     fun jdbcSession(): Connection
 
diff --git a/core/src/main/kotlin/net/corda/core/node/services/AttachmentStorage.kt b/core/src/main/kotlin/net/corda/core/node/services/AttachmentStorage.kt
index 5bb5b21395..b07de8a19c 100644
--- a/core/src/main/kotlin/net/corda/core/node/services/AttachmentStorage.kt
+++ b/core/src/main/kotlin/net/corda/core/node/services/AttachmentStorage.kt
@@ -1,7 +1,9 @@
 package net.corda.core.node.services
 
+import net.corda.core.CordaInternal
 import net.corda.core.DoNotImplement
 import net.corda.core.contracts.Attachment
+import net.corda.core.contracts.ContractAttachment
 import net.corda.core.crypto.SecureHash
 import net.corda.core.node.services.vault.AttachmentQueryCriteria
 import net.corda.core.node.services.vault.AttachmentSort
diff --git a/core/src/main/kotlin/net/corda/core/node/services/NetworkParametersStorage.kt b/core/src/main/kotlin/net/corda/core/node/services/NetworkParametersService.kt
similarity index 58%
rename from core/src/main/kotlin/net/corda/core/node/services/NetworkParametersStorage.kt
rename to core/src/main/kotlin/net/corda/core/node/services/NetworkParametersService.kt
index afb738c7a3..eca6f8b4bf 100644
--- a/core/src/main/kotlin/net/corda/core/node/services/NetworkParametersStorage.kt
+++ b/core/src/main/kotlin/net/corda/core/node/services/NetworkParametersService.kt
@@ -2,16 +2,14 @@ package net.corda.core.node.services
 
 import net.corda.core.DoNotImplement
 import net.corda.core.crypto.SecureHash
-import net.corda.core.identity.Party
 import net.corda.core.node.NetworkParameters
-import net.corda.core.node.NotaryInfo
 
 /**
- * Interface for handling network parameters storage used for resolving transactions according to parameters that were
+ * Service for retrieving network parameters used for resolving transactions according to parameters that were
  * historically in force in the network.
  */
 @DoNotImplement
-interface NetworkParametersStorage {
+interface NetworkParametersService {
     /**
      * Hash of the current parameters for the network.
      */
@@ -23,8 +21,7 @@ interface NetworkParametersStorage {
     val defaultHash: SecureHash
 
     /**
-     * Return network parameters for the given hash. Null if there are no parameters for this hash in the storage and we are unable to
-     * get them from network map.
+     * Return the network parameters with the given hash, or null if it doesn't exist.
      */
     fun lookup(hash: SecureHash): NetworkParameters?
 }
diff --git a/core/src/main/kotlin/net/corda/core/node/services/TransactionVerifierService.kt b/core/src/main/kotlin/net/corda/core/node/services/TransactionVerifierService.kt
index e1c731ce86..0a398aa102 100644
--- a/core/src/main/kotlin/net/corda/core/node/services/TransactionVerifierService.kt
+++ b/core/src/main/kotlin/net/corda/core/node/services/TransactionVerifierService.kt
@@ -3,6 +3,7 @@ package net.corda.core.node.services
 import net.corda.core.DeleteForDJVM
 import net.corda.core.DoNotImplement
 import net.corda.core.concurrent.CordaFuture
+import net.corda.core.contracts.Attachment
 import net.corda.core.transactions.LedgerTransaction
 
 /**
diff --git a/core/src/main/kotlin/net/corda/core/node/services/VaultService.kt b/core/src/main/kotlin/net/corda/core/node/services/VaultService.kt
index a9087e12af..1abaf49676 100644
--- a/core/src/main/kotlin/net/corda/core/node/services/VaultService.kt
+++ b/core/src/main/kotlin/net/corda/core/node/services/VaultService.kt
@@ -390,8 +390,11 @@ interface VaultService {
      *
      * @throws VaultQueryException if the query cannot be executed for any reason.
      *
-     * Notes: the snapshot part of the query adheres to the same behaviour as the [queryBy] function.
-     *        the [QueryCriteria] applies to both snapshot and deltas (streaming updates).
+     * Notes:
+     *    - The snapshot part of the query adheres to the same behaviour as the [queryBy] function.
+     *    - The update part of the query currently only supports query criteria filtering by contract
+     *      type(s) and state status(es). CID-731 <https://r3-cev.atlassian.net/browse/CID-731> proposes
+     *      adding the complete set of [QueryCriteria] filtering.
      */
     @Throws(VaultQueryException::class)
     fun <T : ContractState> _trackBy(criteria: QueryCriteria,
@@ -410,6 +413,10 @@ interface VaultService {
         return _queryBy(criteria, PageSpecification(), Sort(emptySet()), contractStateType)
     }
 
+    fun <T : ContractState> queryBy(contractStateType: Class<out T>, paging: PageSpecification): Vault.Page<T> {
+        return _queryBy(QueryCriteria.VaultQueryCriteria(), paging, Sort(emptySet()), contractStateType)
+    }
+
     fun <T : ContractState> queryBy(contractStateType: Class<out T>, criteria: QueryCriteria, paging: PageSpecification): Vault.Page<T> {
         return _queryBy(criteria, paging, Sort(emptySet()), contractStateType)
     }
@@ -430,6 +437,10 @@ interface VaultService {
         return _trackBy(criteria, PageSpecification(), Sort(emptySet()), contractStateType)
     }
 
+    fun <T : ContractState> trackBy(contractStateType: Class<out T>, paging: PageSpecification): DataFeed<Vault.Page<T>, Vault.Update<T>> {
+        return _trackBy(QueryCriteria.VaultQueryCriteria(), paging, Sort(emptySet()), contractStateType)
+    }
+
     fun <T : ContractState> trackBy(contractStateType: Class<out T>, criteria: QueryCriteria, paging: PageSpecification): DataFeed<Vault.Page<T>, Vault.Update<T>> {
         return _trackBy(criteria, paging, Sort(emptySet()), contractStateType)
     }
@@ -451,6 +462,10 @@ inline fun <reified T : ContractState> VaultService.queryBy(criteria: QueryCrite
     return _queryBy(criteria, PageSpecification(), Sort(emptySet()), T::class.java)
 }
 
+inline fun <reified T : ContractState> VaultService.queryBy(paging: PageSpecification): Vault.Page<T> {
+    return _queryBy(QueryCriteria.VaultQueryCriteria(), paging, Sort(emptySet()), T::class.java)
+}
+
 inline fun <reified T : ContractState> VaultService.queryBy(criteria: QueryCriteria, paging: PageSpecification): Vault.Page<T> {
     return _queryBy(criteria, paging, Sort(emptySet()), T::class.java)
 }
@@ -467,6 +482,10 @@ inline fun <reified T : ContractState> VaultService.trackBy(): DataFeed<Vault.Pa
     return _trackBy(QueryCriteria.VaultQueryCriteria(), PageSpecification(), Sort(emptySet()), T::class.java)
 }
 
+inline fun <reified T : ContractState> VaultService.trackBy(paging: PageSpecification): DataFeed<Vault.Page<T>, Vault.Update<T>> {
+    return _trackBy(QueryCriteria.VaultQueryCriteria(), paging, Sort(emptySet()), T::class.java)
+}
+
 inline fun <reified T : ContractState> VaultService.trackBy(criteria: QueryCriteria): DataFeed<Vault.Page<T>, Vault.Update<T>> {
     return _trackBy(criteria, PageSpecification(), Sort(emptySet()), T::class.java)
 }
diff --git a/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteria.kt b/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteria.kt
index 159535b34f..ee87882193 100644
--- a/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteria.kt
+++ b/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteria.kt
@@ -94,12 +94,39 @@ sealed class QueryCriteria : GenericQueryCriteria<QueryCriteria, IQueryCriteriaP
             val stateRefs: List<StateRef>? = null,
             val notary: List<AbstractParty>? = null,
             val softLockingCondition: SoftLockingCondition? = null,
-            val timeCondition: TimeCondition? = null,
-            override val relevancyStatus: Vault.RelevancyStatus = Vault.RelevancyStatus.ALL,
-            override val constraintTypes: Set<Vault.ConstraintInfo.Type> = emptySet(),
-            override val constraints: Set<Vault.ConstraintInfo> = emptySet(),
-            override val participants: List<AbstractParty>? = null
+            val timeCondition: TimeCondition? = null
     ) : CommonQueryCriteria() {
+        // These extra fields are handled this way to preserve Kotlin wire compatibility wrt additional parameters with default values.
+        constructor(
+                status: Vault.StateStatus = Vault.StateStatus.UNCONSUMED,
+                contractStateTypes: Set<Class<out ContractState>>? = null,
+                stateRefs: List<StateRef>? = null,
+                notary: List<AbstractParty>? = null,
+                softLockingCondition: SoftLockingCondition? = null,
+                timeCondition: TimeCondition? = null,
+                relevancyStatus: Vault.RelevancyStatus = Vault.RelevancyStatus.ALL,
+                constraintTypes: Set<Vault.ConstraintInfo.Type> = emptySet(),
+                constraints: Set<Vault.ConstraintInfo> = emptySet(),
+                participants: List<AbstractParty>? = null
+        ) : this(status, contractStateTypes, stateRefs, notary, softLockingCondition, timeCondition) {
+            this.relevancyStatus = relevancyStatus
+            this.constraintTypes = constraintTypes
+            this.constraints = constraints
+            this.participants = participants
+        }
+
+        override var relevancyStatus: Vault.RelevancyStatus = Vault.RelevancyStatus.ALL
+            private set
+
+        override var constraintTypes: Set<Vault.ConstraintInfo.Type> = emptySet()
+            private set
+
+        override var constraints: Set<Vault.ConstraintInfo> = emptySet()
+            private set
+
+        override var participants: List<AbstractParty>? = null
+            private set
+
         override fun visit(parser: IQueryCriteriaParser): Collection<Predicate> {
             super.visit(parser)
             return parser.parseCriteria(this)
@@ -111,7 +138,11 @@ sealed class QueryCriteria : GenericQueryCriteria<QueryCriteria, IQueryCriteriaP
                 stateRefs: List<StateRef>? = this.stateRefs,
                 notary: List<AbstractParty>? = this.notary,
                 softLockingCondition: SoftLockingCondition? = this.softLockingCondition,
-                timeCondition: TimeCondition? = this.timeCondition
+                timeCondition: TimeCondition? = this.timeCondition,
+                relevancyStatus: Vault.RelevancyStatus = this.relevancyStatus,
+                constraintTypes: Set<Vault.ConstraintInfo.Type> = this.constraintTypes,
+                constraints: Set<Vault.ConstraintInfo> = this.constraints,
+                participants: List<AbstractParty>? = this.participants
         ): VaultQueryCriteria {
             return VaultQueryCriteria(
                     status,
@@ -119,7 +150,11 @@ sealed class QueryCriteria : GenericQueryCriteria<QueryCriteria, IQueryCriteriaP
                     stateRefs,
                     notary,
                     softLockingCondition,
-                    timeCondition
+                    timeCondition,
+                    relevancyStatus,
+                    constraintTypes,
+                    constraints,
+                    participants
             )
         }
     }
@@ -238,9 +273,21 @@ sealed class QueryCriteria : GenericQueryCriteria<QueryCriteria, IQueryCriteriaP
     data class VaultCustomQueryCriteria<L : StatePersistable> @JvmOverloads constructor(
             val expression: CriteriaExpression<L, Boolean>,
             override val status: Vault.StateStatus = Vault.StateStatus.UNCONSUMED,
-            override val contractStateTypes: Set<Class<out ContractState>>? = null,
-            override val relevancyStatus: Vault.RelevancyStatus = Vault.RelevancyStatus.ALL
+            override val contractStateTypes: Set<Class<out ContractState>>? = null
     ) : CommonQueryCriteria() {
+        // These extra field is handled this way to preserve Kotlin wire compatibility wrt additional parameters with default values.
+        constructor(
+                expression: CriteriaExpression<L, Boolean>,
+                status: Vault.StateStatus = Vault.StateStatus.UNCONSUMED,
+                contractStateTypes: Set<Class<out ContractState>>? = null,
+                relevancyStatus: Vault.RelevancyStatus = Vault.RelevancyStatus.ALL
+        ) : this(expression, status, contractStateTypes) {
+            this.relevancyStatus = relevancyStatus
+        }
+
+        override var relevancyStatus: Vault.RelevancyStatus = Vault.RelevancyStatus.ALL
+            private set
+
         override fun visit(parser: IQueryCriteriaParser): Collection<Predicate> {
             super.visit(parser)
             return parser.parseCriteria(this)
@@ -249,12 +296,14 @@ sealed class QueryCriteria : GenericQueryCriteria<QueryCriteria, IQueryCriteriaP
         fun copy(
                 expression: CriteriaExpression<L, Boolean> = this.expression,
                 status: Vault.StateStatus = this.status,
-                contractStateTypes: Set<Class<out ContractState>>? = this.contractStateTypes
+                contractStateTypes: Set<Class<out ContractState>>? = this.contractStateTypes,
+                relevancyStatus: Vault.RelevancyStatus = this.relevancyStatus
         ): VaultCustomQueryCriteria<L> {
             return VaultCustomQueryCriteria(
                     expression,
                     status,
-                    contractStateTypes
+                    contractStateTypes,
+                    relevancyStatus
             )
         }
     }
diff --git a/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteriaUtils.kt b/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteriaUtils.kt
index efd7fd2ac8..a698038242 100644
--- a/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteriaUtils.kt
+++ b/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteriaUtils.kt
@@ -212,7 +212,7 @@ data class Sort(val columns: Collection<SortColumn>) : BaseSort() {
 data class AttachmentSort(val columns: Collection<AttachmentSortColumn>) : BaseSort() {
 
     enum class AttachmentSortAttribute(val columnName: String) {
-        INSERTION_DATE("insertion_date"),
+        INSERTION_DATE("insertionDate"),
         UPLOADER("uploader"),
         FILENAME("filename"),
         VERSION ("version")
diff --git a/core/src/main/kotlin/net/corda/core/serialization/SerializationAPI.kt b/core/src/main/kotlin/net/corda/core/serialization/SerializationAPI.kt
index 5ea4faf0b5..101329e05a 100644
--- a/core/src/main/kotlin/net/corda/core/serialization/SerializationAPI.kt
+++ b/core/src/main/kotlin/net/corda/core/serialization/SerializationAPI.kt
@@ -1,6 +1,7 @@
 @file:KeepForDJVM
 package net.corda.core.serialization
 
+import co.paralleluniverse.io.serialization.Serialization
 import net.corda.core.CordaInternal
 import net.corda.core.DeleteForDJVM
 import net.corda.core.DoNotImplement
@@ -160,6 +161,10 @@ interface SerializationContext {
      * The use case we are serializing or deserializing for.  See [UseCase].
      */
     val useCase: UseCase
+    /**
+     * Additional custom serializers that will be made available during (de)serialization.
+     */
+    val customSerializers: Set<SerializationCustomSerializer<*, *>>
 
     /**
      * Helper method to return a new context based on this context with the property added.
@@ -200,6 +205,11 @@ interface SerializationContext {
      */
     fun withWhitelisted(clazz: Class<*>): SerializationContext
 
+    /**
+     * Helper method to return a new context based on this context with the given serializers added.
+     */
+    fun withCustomSerializers(serializers: Set<SerializationCustomSerializer<*, *>>): SerializationContext
+
     /**
      * Helper method to return a new context based on this context but with serialization using the format this header sequence represents.
      */
@@ -335,3 +345,15 @@ interface ClassWhitelist {
 interface EncodingWhitelist {
     fun acceptEncoding(encoding: SerializationEncoding): Boolean
 }
+
+/**
+ * Helper method to return a new context based on this context with the given list of classes specifically whitelisted.
+ */
+fun SerializationContext.withWhitelist(classes: List<Class<*>>): SerializationContext {
+    var currentContext = this
+    classes.forEach {
+        clazz -> currentContext = currentContext.withWhitelisted(clazz)
+    }
+
+    return currentContext
+}
diff --git a/core/src/main/kotlin/net/corda/core/serialization/internal/AttachmentsClassLoader.kt b/core/src/main/kotlin/net/corda/core/serialization/internal/AttachmentsClassLoader.kt
index 3eb67da42d..a853ee27cf 100644
--- a/core/src/main/kotlin/net/corda/core/serialization/internal/AttachmentsClassLoader.kt
+++ b/core/src/main/kotlin/net/corda/core/serialization/internal/AttachmentsClassLoader.kt
@@ -1,17 +1,21 @@
 package net.corda.core.serialization.internal
 
+import net.corda.core.CordaException
+import net.corda.core.KeepForDJVM
+import net.corda.core.internal.loadClassesImplementing
 import net.corda.core.contracts.Attachment
 import net.corda.core.contracts.ContractAttachment
 import net.corda.core.contracts.TransactionVerificationException.OverlappingAttachmentsException
 import net.corda.core.crypto.SecureHash
 import net.corda.core.crypto.sha256
-import net.corda.core.internal.VisibleForTesting
+import net.corda.core.internal.*
 import net.corda.core.internal.cordapp.targetPlatformVersion
-import net.corda.core.internal.createSimpleCache
-import net.corda.core.internal.isUploaderTrusted
-import net.corda.core.internal.toSynchronised
+import net.corda.core.serialization.CordaSerializable
 import net.corda.core.serialization.MissingAttachmentsException
+import net.corda.core.serialization.SerializationCustomSerializer
 import net.corda.core.serialization.SerializationFactory
+import net.corda.core.serialization.SerializationWhitelist
+import net.corda.core.serialization.*
 import net.corda.core.serialization.internal.AttachmentURLStreamHandlerFactory.toUrl
 import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.debug
@@ -19,6 +23,7 @@ import java.io.ByteArrayOutputStream
 import java.io.IOException
 import java.io.InputStream
 import java.net.*
+import java.util.*
 
 /**
  * A custom ClassLoader that knows how to load classes from a set of attachments. The attachments themselves only
@@ -32,7 +37,7 @@ class AttachmentsClassLoader(attachments: List<Attachment>, parent: ClassLoader
     init {
         val untrusted = attachments.mapNotNull { it as? ContractAttachment }.filterNot { isUploaderTrusted(it.uploader) }.map(ContractAttachment::id)
         if(untrusted.isNotEmpty()) {
-            throw MissingAttachmentsException(untrusted, "Attempting to load Contract Attachments downloaded from the network")
+            throw UntrustedAttachmentsException(untrusted)
         }
         requireNoDuplicates(attachments)
     }
@@ -41,10 +46,11 @@ class AttachmentsClassLoader(attachments: List<Attachment>, parent: ClassLoader
         private val log = contextLogger()
 
         init {
-            // This is required to register the AttachmentURLStreamHandlerFactory.
-            URL.setURLStreamHandlerFactory(AttachmentURLStreamHandlerFactory)
+            // Apply our own URLStreamHandlerFactory to resolve attachments
+            setOrDecorateURLStreamHandlerFactory()
         }
 
+
         // Jolokia and Json-simple are dependencies that were bundled by mistake within contract jars.
         // In the AttachmentsClassLoader we just ignore any class in those 2 packages.
         private val ignoreDirectories = listOf("org/jolokia/", "org/json/simple/")
@@ -115,6 +121,50 @@ class AttachmentsClassLoader(attachments: List<Attachment>, parent: ClassLoader
                 return it.toByteArray()
             }
         }
+
+        /**
+         * Apply our custom factory either directly, if `URL.setURLStreamHandlerFactory` has not been called yet,
+         * or use a decorator and reflection to bypass the single-call-per-JVM restriction otherwise.
+         */
+        private fun setOrDecorateURLStreamHandlerFactory() {
+            // Retrieve the `URL.factory` field
+            val factoryField = URL::class.java.getDeclaredField("factory")
+            // Make it accessible
+            factoryField.isAccessible = true
+
+            // Check for preset factory, set directly if missing
+            val existingFactory: URLStreamHandlerFactory? = factoryField.get(null) as URLStreamHandlerFactory?
+            if (existingFactory == null) {
+                URL.setURLStreamHandlerFactory(AttachmentURLStreamHandlerFactory)
+            }
+            // Otherwise, decorate the existing and replace via reflection
+            // as calling `URL.setURLStreamHandlerFactory` again will throw an error
+            else {
+                log.warn("The URLStreamHandlerFactory was already set in the JVM. Please be aware that this is not recommended.")
+                // Retrieve the field "streamHandlerLock" of the class URL that
+                // is the lock used to synchronize access to the protocol handlers
+                val lockField = URL::class.java.getDeclaredField("streamHandlerLock")
+                // It is a private field so we need to make it accessible
+                // Note: this will only work as-is in JDK8.
+                lockField.isAccessible = true
+                // Use the same lock to reset the factory
+                synchronized(lockField.get(null)) {
+                    // Reset the value to prevent Error due to a factory already defined
+                    factoryField.set(null, null)
+                    // Set our custom factory and wrap the current one into it
+                    URL.setURLStreamHandlerFactory(
+                            // Set the factory to a decorator
+                            object : URLStreamHandlerFactory {
+                                // route between our own and the pre-existing factory
+                                override fun createURLStreamHandler(protocol: String): URLStreamHandler? {
+                                    return AttachmentURLStreamHandlerFactory.createURLStreamHandler(protocol)
+                                            ?: existingFactory.createURLStreamHandler(protocol)
+                                }
+                            }
+                    )
+                }
+            }
+        }
     }
 
     /**
@@ -130,34 +180,38 @@ class AttachmentsClassLoader(attachments: List<Attachment>, parent: ClassLoader
 }
 
 /**
- * This is just a factory that provides a cache to avoid constructing expensive [AttachmentsClassLoader]s.
+ * This is just a factory that provides caches to optimise expensive construction/loading of classloaders, serializers, whitelisted classes.
  */
 @VisibleForTesting
 internal object AttachmentsClassLoaderBuilder {
 
-    private const val ATTACHMENT_CLASSLOADER_CACHE_SIZE = 1000
+    private const val CACHE_SIZE = 1000
 
     // This runs in the DJVM so it can't use caffeine.
-    private val cache: MutableMap<List<SecureHash>, AttachmentsClassLoader> = createSimpleCache<List<SecureHash>, AttachmentsClassLoader>(ATTACHMENT_CLASSLOADER_CACHE_SIZE)
-            .toSynchronised()
-
-    fun build(attachments: List<Attachment>): AttachmentsClassLoader {
-        return cache.computeIfAbsent(attachments.map { it.id }.sorted()) {
-            AttachmentsClassLoader(attachments)
-        }
-    }
+    private val cache: MutableMap<Set<SecureHash>, SerializationContext> = createSimpleCache(CACHE_SIZE)
 
     fun <T> withAttachmentsClassloaderContext(attachments: List<Attachment>, block: (ClassLoader) -> T): T {
+        val attachmentIds = attachments.map { it.id }.toSet()
 
-        // Create classloader from the attachments.
-        val transactionClassLoader = AttachmentsClassLoaderBuilder.build(attachments)
+        val serializationContext = cache.computeIfAbsent(attachmentIds) {
+            // Create classloader and load serializers, whitelisted classes
+            val transactionClassLoader = AttachmentsClassLoader(attachments)
+            val serializers = loadClassesImplementing(transactionClassLoader, SerializationCustomSerializer::class.java)
+            val whitelistedClasses = ServiceLoader.load(SerializationWhitelist::class.java, transactionClassLoader)
+                    .flatMap { it.whitelist }
+                    .toList()
 
-        // Create a new serializationContext for the current Transaction.
-        val transactionSerializationContext = SerializationFactory.defaultFactory.defaultContext.withPreventDataLoss().withClassLoader(transactionClassLoader)
+            // Create a new serializationContext for the current Transaction.
+            SerializationFactory.defaultFactory.defaultContext
+                    .withPreventDataLoss()
+                    .withClassLoader(transactionClassLoader)
+                    .withWhitelist(whitelistedClasses)
+                    .withCustomSerializers(serializers)
+        }
 
         // Deserialize all relevant classes in the transaction classloader.
-        return SerializationFactory.defaultFactory.withCurrentContext(transactionSerializationContext) {
-            block(transactionClassLoader)
+        return SerializationFactory.defaultFactory.withCurrentContext(serializationContext) {
+            block(serializationContext.deserializationClassLoader)
         }
     }
 }
@@ -200,3 +254,12 @@ object AttachmentURLStreamHandlerFactory : URLStreamHandlerFactory {
         }
     }
 }
+
+/** Thrown during classloading upon encountering an untrusted attachment (eg. not in the [TRUSTED_UPLOADERS] list) */
+@KeepForDJVM
+@CordaSerializable
+class UntrustedAttachmentsException(val ids: List<SecureHash>) :
+        CordaException("Attempting to load untrusted Contract Attachments: $ids" +
+                "These may have been received over the p2p network from a remote node." +
+                "Please follow the operational steps outlined in https://docs.corda.net/cordapp-build-systems.html#cordapp-contract-attachments to continue."
+        )
diff --git a/core/src/main/kotlin/net/corda/core/transactions/ContractUpgradeTransactions.kt b/core/src/main/kotlin/net/corda/core/transactions/ContractUpgradeTransactions.kt
index da0763b668..50eede539a 100644
--- a/core/src/main/kotlin/net/corda/core/transactions/ContractUpgradeTransactions.kt
+++ b/core/src/main/kotlin/net/corda/core/transactions/ContractUpgradeTransactions.kt
@@ -111,8 +111,8 @@ data class ContractUpgradeWireTransaction(
                 ?: throw AttachmentResolutionException(legacyContractAttachmentId)
         val upgradedContractAttachment = services.attachments.openAttachment(upgradedContractAttachmentId)
                 ?: throw AttachmentResolutionException(upgradedContractAttachmentId)
-        val hashToResolve = networkParametersHash ?: services.networkParametersStorage.defaultHash
-        val resolvedNetworkParameters = services.networkParametersStorage.lookup(hashToResolve) ?: throw TransactionResolutionException(id)
+        val hashToResolve = networkParametersHash ?: services.networkParametersService.defaultHash
+        val resolvedNetworkParameters = services.networkParametersService.lookup(hashToResolve) ?: throw TransactionResolutionException(id)
         return ContractUpgradeLedgerTransaction(
                 resolvedInputs,
                 notary,
diff --git a/core/src/main/kotlin/net/corda/core/transactions/LedgerTransaction.kt b/core/src/main/kotlin/net/corda/core/transactions/LedgerTransaction.kt
index 155bfd1f55..02317b8354 100644
--- a/core/src/main/kotlin/net/corda/core/transactions/LedgerTransaction.kt
+++ b/core/src/main/kotlin/net/corda/core/transactions/LedgerTransaction.kt
@@ -3,14 +3,9 @@ package net.corda.core.transactions
 import net.corda.core.CordaInternal
 import net.corda.core.KeepForDJVM
 import net.corda.core.contracts.*
-import net.corda.core.contracts.TransactionVerificationException.TransactionContractConflictException
-import net.corda.core.contracts.TransactionVerificationException.TransactionRequiredContractUnspecifiedException
 import net.corda.core.crypto.SecureHash
-import net.corda.core.crypto.isFulfilledBy
 import net.corda.core.identity.Party
 import net.corda.core.internal.*
-import net.corda.core.internal.cordapp.CordappImpl.Companion.DEFAULT_CORDAPP_VERSION
-import net.corda.core.internal.rules.StateContractValidationEnforcementRule
 import net.corda.core.node.NetworkParameters
 import net.corda.core.serialization.ConstructorForDeserialization
 import net.corda.core.serialization.CordaSerializable
@@ -19,7 +14,6 @@ import net.corda.core.serialization.internal.AttachmentsClassLoaderBuilder
 import net.corda.core.utilities.contextLogger
 import java.util.*
 import java.util.function.Predicate
-import kotlin.collections.HashSet
 
 /**
  * A LedgerTransaction is derived from a [WireTransaction]. It is the result of doing the following operations:
@@ -54,7 +48,7 @@ private constructor(
         /** Network parameters that were in force when the transaction was notarised. */
         override val networkParameters: NetworkParameters?,
         override val references: List<StateAndRef<ContractState>>,
-        private val inputStatesContractClassNameToMaxVersion: Map<ContractClassName,Version>
+        private val inputStatesContractClassNameToMaxVersion: Map<ContractClassName, Version>
         //DOCEND 1
 ) : FullTransaction() {
     // These are not part of the c'tor above as that defines LedgerTransaction's serialisation format
@@ -66,8 +60,6 @@ private constructor(
         checkBaseInvariants()
         if (timeWindow != null) check(notary != null) { "Transactions with time-windows must be notarised" }
         checkNotaryWhitelisted()
-        checkNoNotaryChange()
-        checkEncumbrancesValid()
     }
 
     companion object {
@@ -101,9 +93,6 @@ private constructor(
     val inputStates: List<ContractState> get() = inputs.map { it.state.data }
     val referenceStates: List<ContractState> get() = references.map { it.state.data }
 
-    private val inputAndOutputStates = inputs.map { it.state } + outputs
-    private val allStates = inputAndOutputStates + references.map { it.state }
-
     /**
      * Returns the typed input StateAndRef at the specified index
      * @param index The index into the inputs.
@@ -129,216 +118,16 @@ private constructor(
             logger.warn("Network parameters on the LedgerTransaction with id: $id are null. Please don't use deprecated constructors of the LedgerTransaction. " +
                     "Use WireTransaction.toLedgerTransaction instead. The result of the verify method might not be accurate.")
         }
-        val contractAttachmentsByContract: Map<ContractClassName, Set<ContractAttachment>> = getContractAttachmentsByContract(allStates.map { it.contract }.toSet())
-
-        AttachmentsClassLoaderBuilder.withAttachmentsClassloaderContext(this.attachments) { transactionClassLoader ->
-
-            val internalTx = createLtxForVerification()
-
-            validateContractVersions(contractAttachmentsByContract)
-            validatePackageOwnership(contractAttachmentsByContract)
-            validateStatesAgainstContract(internalTx)
-            val hashToSignatureConstrainedContracts = verifyConstraintsValidity(internalTx, contractAttachmentsByContract, transactionClassLoader)
-            verifyConstraints(internalTx, contractAttachmentsByContract, hashToSignatureConstrainedContracts)
-            verifyContracts(internalTx)
-        }
+        val verifier = internalPrepareVerify(emptyList())
+        verifier.verify()
     }
 
     /**
-     * Verify that contract class versions of output states are not lower that versions of relevant input states.
+     * This method has to be called in a context where it has access to the database.
      */
-    @Throws(TransactionVerificationException::class)
-    private fun validateContractVersions(contractAttachmentsByContract: Map<ContractClassName, Set<ContractAttachment>>) {
-        contractAttachmentsByContract.forEach { contractClassName, attachments ->
-            val outputVersion = attachments.signed?.version ?: attachments.unsigned?.version ?: DEFAULT_CORDAPP_VERSION
-            inputStatesContractClassNameToMaxVersion[contractClassName]?.let {
-                if (it > outputVersion) {
-                    throw TransactionVerificationException.TransactionVerificationVersionException(this.id, contractClassName, "$it", "$outputVersion")
-                }
-            }
-        }
-    }
-
-    /**
-     * For all input and output [TransactionState]s, validates that the wrapped [ContractState] matches up with the
-     * wrapped [Contract], as declared by the [BelongsToContract] annotation on the [ContractState]'s class.
-     *
-     * If the target platform version of the current CorDapp is lower than 4.0, a warning will be written to the log
-     * if any mismatch is detected. If it is 4.0 or later, then [TransactionContractConflictException] will be thrown.
-     */
-    private fun validateStatesAgainstContract(internalTx: LedgerTransaction) =
-            internalTx.allStates.forEach(::validateStateAgainstContract)
-
-    private fun validateStateAgainstContract(state: TransactionState<ContractState>) {
-        val shouldEnforce = StateContractValidationEnforcementRule.shouldEnforce(state.data)
-
-        val requiredContractClassName = state.data.requiredContractClassName ?:
-            if (shouldEnforce) throw TransactionRequiredContractUnspecifiedException(id, state)
-            else return
-
-        if (state.contract != requiredContractClassName)
-            if (shouldEnforce) {
-                throw TransactionContractConflictException(id, state, requiredContractClassName)
-            } else {
-                logger.warnOnce("""
-                            State of class ${state.data::class.java.typeName} belongs to contract $requiredContractClassName, but
-                            is bundled in TransactionState with ${state.contract}.
-
-                            For details see: https://docs.corda.net/api-contract-constraints.html#contract-state-agreement
-                            """.trimIndent().replace('\n', ' '))
-            }
-    }
-
-    /**
-     * Verify that for each contract the network wide package owner is respected.
-     *
-     * TODO - revisit once transaction contains network parameters. - UPDATE: It contains them, but because of the API stability and the fact that
-     *  LedgerTransaction was data class i.e. exposed constructors that shouldn't had been exposed, we still need to keep them nullable :/
-     */
-    private fun validatePackageOwnership(contractAttachmentsByContract: Map<ContractClassName, Set<ContractAttachment>>) {
-        val contractsAndOwners = allStates.mapNotNull { transactionState ->
-            val contractClassName = transactionState.contract
-            networkParameters!!.getPackageOwnerOf(contractClassName)?.let { contractClassName to it }
-        }.toMap()
-
-        contractsAndOwners.forEach { contract, owner ->
-            contractAttachmentsByContract[contract]?.filter { it.isSigned }?.forEach { attachment ->
-                if (!owner.isFulfilledBy(attachment.signerKeys))
-                    throw TransactionVerificationException.ContractAttachmentNotSignedByPackageOwnerException(this.id, id, contract)
-            } ?: throw TransactionVerificationException.ContractAttachmentNotSignedByPackageOwnerException(this.id, id, contract)
-        }
-    }
-
-    /**
-     * Enforces the validity of the actual constraints.
-     * * Constraints should be one of the valid supported ones.
-     * * Constraints should propagate correctly if not marked otherwise.
-     *
-     * Returns set of contract classes that identify hash -> signature constraint switchover
-     */
-    private fun verifyConstraintsValidity(internalTx: LedgerTransaction, contractAttachmentsByContract: Map<ContractClassName, Set<ContractAttachment>>, transactionClassLoader: ClassLoader): MutableSet<ContractClassName> {
-        // First check that the constraints are valid.
-        for (state in internalTx.allStates) {
-            checkConstraintValidity(state)
-        }
-
-        // Group the inputs and outputs by contract, and for each contract verify the constraints propagation logic.
-        // This is not required for reference states as there is nothing to propagate.
-        val inputContractGroups = internalTx.inputs.groupBy { it.state.contract }
-        val outputContractGroups = internalTx.outputs.groupBy { it.contract }
-
-        // identify any contract classes where input-output pair are transitioning from hash to signature constraints.
-        val hashToSignatureConstrainedContracts = mutableSetOf<ContractClassName>()
-
-        for (contractClassName in (inputContractGroups.keys + outputContractGroups.keys)) {
-            if (contractClassName.contractHasAutomaticConstraintPropagation(transactionClassLoader)) {
-                // Verify that the constraints of output states have at least the same level of restriction as the constraints of the corresponding input states.
-                val inputConstraints = inputContractGroups[contractClassName]?.map { it.state.constraint }?.toSet()
-                val outputConstraints = outputContractGroups[contractClassName]?.map { it.constraint }?.toSet()
-                outputConstraints?.forEach { outputConstraint ->
-                    inputConstraints?.forEach { inputConstraint ->
-                        val constraintAttachment = resolveAttachment(contractClassName, contractAttachmentsByContract)
-                        if (!(outputConstraint.canBeTransitionedFrom(inputConstraint, constraintAttachment))) {
-                            throw TransactionVerificationException.ConstraintPropagationRejection(id, contractClassName, inputConstraint, outputConstraint)
-                        }
-                        // Hash to signature constraints auto-migration
-                        if (outputConstraint is SignatureAttachmentConstraint && inputConstraint is HashAttachmentConstraint)
-                            hashToSignatureConstrainedContracts.add(contractClassName)
-                    }
-                }
-            } else {
-                contractClassName.warnContractWithoutConstraintPropagation()
-            }
-        }
-        return hashToSignatureConstrainedContracts
-    }
-
-    private fun resolveAttachment(contractClassName: ContractClassName, contractAttachmentsByContract: Map<ContractClassName, Set<ContractAttachment>>): AttachmentWithContext {
-        val unsignedAttachment = contractAttachmentsByContract[contractClassName]!!.filter { !it.isSigned }.firstOrNull()
-        val signedAttachment = contractAttachmentsByContract[contractClassName]!!.filter { it.isSigned }.firstOrNull()
-        return when {
-            (unsignedAttachment != null && signedAttachment != null) -> AttachmentWithContext(signedAttachment, contractClassName, networkParameters!!)
-            (unsignedAttachment != null) -> AttachmentWithContext(unsignedAttachment, contractClassName, networkParameters!!)
-            (signedAttachment != null) -> AttachmentWithContext(signedAttachment, contractClassName, networkParameters!!)
-            else -> throw TransactionVerificationException.ContractConstraintRejection(id, contractClassName)
-        }
-    }
-
-    /**
-     * Verify that all contract constraints are passing before running any contract code.
-     *
-     * This check is running the [AttachmentConstraint.isSatisfiedBy] method for each corresponding [ContractAttachment].
-     *
-     * @throws TransactionVerificationException if the constraints fail to verify
-     */
-    private fun verifyConstraints(internalTx: LedgerTransaction, contractAttachmentsByContract: Map<ContractClassName, Set<ContractAttachment>>, hashToSignatureConstrainedContracts: MutableSet<ContractClassName>) {
-        for (state in internalTx.allStates) {
-            if (state.constraint is SignatureAttachmentConstraint)
-                checkMinimumPlatformVersion(networkParameters!!.minimumPlatformVersion, 4, "Signature constraints")
-
-            val constraintAttachment =
-                // hash to to signature constraint migration logic:
-                // pass the unsigned attachment when verifying the constraint of the input state, and the signed attachment when verifying the constraint of the output state.
-                if (state.contract in hashToSignatureConstrainedContracts) {
-                    val unsignedAttachment = contractAttachmentsByContract[state.contract].unsigned
-                            ?: throw TransactionVerificationException.MissingAttachmentRejection(id, state.contract)
-                    val signedAttachment = contractAttachmentsByContract[state.contract].signed
-                            ?: throw TransactionVerificationException.MissingAttachmentRejection(id, state.contract)
-                    when {
-                        // use unsigned attachment if hash-constrained input state
-                        state.data in inputStates -> AttachmentWithContext(unsignedAttachment, state.contract, networkParameters!!)
-                        // use signed attachment if signature-constrained output state
-                        state.data in outputStates -> AttachmentWithContext(signedAttachment, state.contract, networkParameters!!)
-                        else -> throw IllegalStateException("${state.contract} must use either signed or unsigned attachment in hash to signature constraints migration")
-                    }
-                }
-                // standard processing logic
-                else {
-                    val contractAttachment = contractAttachmentsByContract[state.contract]?.firstOrNull()
-                            ?: throw TransactionVerificationException.MissingAttachmentRejection(id, state.contract)
-                    AttachmentWithContext(contractAttachment, state.contract, networkParameters!!)
-                }
-
-            if (!state.constraint.isSatisfiedBy(constraintAttachment)) {
-                throw TransactionVerificationException.ContractConstraintRejection(id, state.contract)
-            }
-        }
-    }
-
-    private val Set<ContractAttachment>?.unsigned: ContractAttachment?
-        get() {
-            return this?.filter { !it.isSigned }?.firstOrNull()
-        }
-
-    private val Set<ContractAttachment>?.signed: ContractAttachment?
-        get() {
-            return this?.filter { it.isSigned }?.firstOrNull()
-        }
-
-    // TODO: revisit to include contract version information
-    /**
-     *  This method may return more than one attachment for a given contract class.
-     *  Specifically, this is the case for transactions combining hash and signature constraints where the hash constrained contract jar
-     *  will be unsigned, and the signature constrained counterpart will be signed.
-     */
-    private fun getContractAttachmentsByContract(contractClasses: Set<ContractClassName>): Map<ContractClassName, Set<ContractAttachment>> {
-        val result = mutableMapOf<ContractClassName, Set<ContractAttachment>>()
-
-        for (attachment in attachments) {
-            if (attachment !is ContractAttachment) continue
-            for (contract in contractClasses) {
-                if (!attachment.allContracts.contains(contract)) continue
-                result[contract] = result.getOrDefault(contract, setOf(attachment)).plus(attachment)
-            }
-        }
-
-        return result
-    }
-
-    private fun contractClassFor(className: ContractClassName, classLoader: ClassLoader): Class<out Contract> = try {
-        classLoader.loadClass(className).asSubclass(Contract::class.java)
-    } catch (e: Exception) {
-        throw TransactionVerificationException.ContractCreationError(id, className, e)
+    @CordaInternal
+    internal fun internalPrepareVerify(extraAttachments: List<Attachment>) = AttachmentsClassLoaderBuilder.withAttachmentsClassloaderContext(this.attachments + extraAttachments) { transactionClassLoader ->
+        Verifier(createLtxForVerification(), transactionClassLoader, inputStatesContractClassNameToMaxVersion)
     }
 
     private fun createLtxForVerification(): LedgerTransaction {
@@ -368,7 +157,7 @@ private constructor(
                     privacySalt = this.privacySalt,
                     networkParameters = this.networkParameters,
                     references = deserializedReferences,
-                    inputStatesContractClassNameToMaxVersion = emptyMap()
+                    inputStatesContractClassNameToMaxVersion = this.inputStatesContractClassNameToMaxVersion
             )
         } else {
             // This branch is only present for backwards compatibility.
@@ -378,156 +167,6 @@ private constructor(
         }
     }
 
-    /**
-     * Check the transaction is contract-valid by running the verify() for each input and output state contract.
-     * If any contract fails to verify, the whole transaction is considered to be invalid.
-     */
-    private fun verifyContracts(internalTx: LedgerTransaction) {
-        val contractClasses = (internalTx.inputs.map { it.state } + internalTx.outputs).toSet()
-                .map { it.contract to contractClassFor(it.contract, it.data.javaClass.classLoader) }
-
-        val contractInstances = contractClasses.map { (contractClassName, contractClass) ->
-            try {
-                contractClass.newInstance()
-            } catch (e: Exception) {
-                throw TransactionVerificationException.ContractCreationError(id, contractClassName, e)
-            }
-        }
-
-        contractInstances.forEach { contract ->
-            try {
-                contract.verify(internalTx)
-            } catch (e: Exception) {
-                throw TransactionVerificationException.ContractRejection(id, contract, e)
-            }
-        }
-    }
-
-    /**
-     * Make sure the notary has stayed the same. As we can't tell how inputs and outputs connect, if there
-     * are any inputs or reference inputs, all outputs must have the same notary.
-     *
-     * TODO: Is that the correct set of restrictions? May need to come back to this, see if we can be more
-     *       flexible on output notaries.
-     */
-    private fun checkNoNotaryChange() {
-        if (notary != null && (inputs.isNotEmpty() || references.isNotEmpty())) {
-            outputs.forEach {
-                if (it.notary != notary) {
-                    throw TransactionVerificationException.NotaryChangeInWrongTransactionType(id, notary, it.notary)
-                }
-            }
-        }
-    }
-
-    private fun checkEncumbrancesValid() {
-        // Validate that all encumbrances exist within the set of input states.
-        inputs.filter { it.state.encumbrance != null }
-                .forEach { (state, ref) -> checkInputEncumbranceStateExists(state, ref) }
-
-        // Check that in the outputs,
-        // a) an encumbered state does not refer to itself as the encumbrance
-        // b) the number of outputs can contain the encumbrance
-        // c) the bi-directionality (full cycle) property is satisfied
-        // d) encumbered output states are assigned to the same notary.
-        val statesAndEncumbrance = outputs.withIndex().filter { it.value.encumbrance != null }
-                .map { Pair(it.index, it.value.encumbrance!!) }
-        if (!statesAndEncumbrance.isEmpty()) {
-            checkBidirectionalOutputEncumbrances(statesAndEncumbrance)
-            checkNotariesOutputEncumbrance(statesAndEncumbrance)
-        }
-    }
-
-    // Method to check if all encumbered states are assigned to the same notary Party.
-    // This method should be invoked after [checkBidirectionalOutputEncumbrances], because it assumes that the
-    // bi-directionality property is already satisfied.
-    private fun checkNotariesOutputEncumbrance(statesAndEncumbrance: List<Pair<Int, Int>>) {
-        // We only check for transactions in which notary is null (i.e., issuing transactions).
-        // Note that if a notary is defined for a transaction, we already check if all outputs are assigned
-        // to the same notary (transaction's notary) in [checkNoNotaryChange()].
-        if (notary == null) {
-            // indicesAlreadyChecked is used to bypass already checked indices and to avoid cycles.
-            val indicesAlreadyChecked = HashSet<Int>()
-            statesAndEncumbrance.forEach {
-                checkNotary(it.first, indicesAlreadyChecked)
-            }
-        }
-    }
-
-    private tailrec fun checkNotary(index: Int, indicesAlreadyChecked: HashSet<Int>) {
-        if (indicesAlreadyChecked.add(index)) {
-            val encumbranceIndex = outputs[index].encumbrance!!
-            if (outputs[index].notary != outputs[encumbranceIndex].notary) {
-                throw TransactionVerificationException.TransactionNotaryMismatchEncumbranceException(id, index, encumbranceIndex, outputs[index].notary, outputs[encumbranceIndex].notary)
-            } else {
-                checkNotary(encumbranceIndex, indicesAlreadyChecked)
-            }
-        }
-    }
-
-    private fun checkInputEncumbranceStateExists(state: TransactionState<ContractState>, ref: StateRef) {
-        val encumbranceStateExists = inputs.any {
-            it.ref.txhash == ref.txhash && it.ref.index == state.encumbrance
-        }
-        if (!encumbranceStateExists) {
-            throw TransactionVerificationException.TransactionMissingEncumbranceException(
-                    id,
-                    state.encumbrance!!,
-                    TransactionVerificationException.Direction.INPUT
-            )
-        }
-    }
-
-    // Using basic graph theory, a full cycle of encumbered (co-dependent) states should exist to achieve bi-directional
-    // encumbrances. This property is important to ensure that no states involved in an encumbrance-relationship
-    // can be spent on their own. Briefly, if any of the states is having more than one encumbrance references by
-    // other states, a full cycle detection will fail. As a result, all of the encumbered states must be present
-    // as "from" and "to" only once (or zero times if no encumbrance takes place). For instance,
-    // a -> b
-    // c -> b    and     a -> b
-    // b -> a            b -> c
-    // do not satisfy the bi-directionality (full cycle) property.
-    //
-    // In the first example "b" appears twice in encumbrance ("to") list and "c" exists in the encumbered ("from") list only.
-    // Due the above, one could consume "a" and "b" in the same transaction and then, because "b" is already consumed, "c" cannot be spent.
-    //
-    // Similarly, the second example does not form a full cycle because "a" and "c" exist in one of the lists only.
-    // As a result, one can consume "b" and "c" in the same transactions, which will make "a" impossible to be spent.
-    //
-    // On other hand the following are valid constructions:
-    // a -> b            a -> c
-    // b -> c    and     c -> b
-    // c -> a            b -> a
-    // and form a full cycle, meaning that the bi-directionality property is satisfied.
-    private fun checkBidirectionalOutputEncumbrances(statesAndEncumbrance: List<Pair<Int, Int>>) {
-        // [Set] of "from" (encumbered states).
-        val encumberedSet = mutableSetOf<Int>()
-        // [Set] of "to" (encumbrance states).
-        val encumbranceSet = mutableSetOf<Int>()
-        // Update both [Set]s.
-        statesAndEncumbrance.forEach { (statePosition, encumbrance) ->
-            // Check it does not refer to itself.
-            if (statePosition == encumbrance || encumbrance >= outputs.size) {
-                throw TransactionVerificationException.TransactionMissingEncumbranceException(
-                        id,
-                        encumbrance,
-                        TransactionVerificationException.Direction.OUTPUT)
-            } else {
-                encumberedSet.add(statePosition) // Guaranteed to have unique elements.
-                if (!encumbranceSet.add(encumbrance)) {
-                    throw TransactionVerificationException.TransactionDuplicateEncumbranceException(id, encumbrance)
-                }
-            }
-        }
-        // At this stage we have ensured that "from" and "to" [Set]s are equal in size, but we should check their
-        // elements do indeed match. If they don't match, we return their symmetric difference (disjunctive union).
-        val symmetricDifference = (encumberedSet union encumbranceSet).subtract(encumberedSet intersect encumbranceSet)
-        if (symmetricDifference.isNotEmpty()) {
-            // At least one encumbered state is not in the [encumbranceSet] and vice versa.
-            throw TransactionVerificationException.TransactionNonMatchingEncumbranceException(id, symmetricDifference)
-        }
-    }
-
     /**
      * Given a type and a function that returns a grouping key, associates inputs and outputs together so that they
      * can be processed as one. The grouping key is any arbitrary object that can act as a map key (so must implement
diff --git a/core/src/main/kotlin/net/corda/core/transactions/NotaryChangeTransactions.kt b/core/src/main/kotlin/net/corda/core/transactions/NotaryChangeTransactions.kt
index ad946653be..811f079a43 100644
--- a/core/src/main/kotlin/net/corda/core/transactions/NotaryChangeTransactions.kt
+++ b/core/src/main/kotlin/net/corda/core/transactions/NotaryChangeTransactions.kt
@@ -78,8 +78,8 @@ data class NotaryChangeWireTransaction(
     @DeleteForDJVM
     fun resolve(services: ServicesForResolution, sigs: List<TransactionSignature>): NotaryChangeLedgerTransaction {
         val resolvedInputs = services.loadStates(inputs.toSet()).toList()
-        val hashToResolve = networkParametersHash ?: services.networkParametersStorage.defaultHash
-        val resolvedNetworkParameters = services.networkParametersStorage.lookup(hashToResolve)
+        val hashToResolve = networkParametersHash ?: services.networkParametersService.defaultHash
+        val resolvedNetworkParameters = services.networkParametersService.lookup(hashToResolve)
                 ?: throw TransactionResolutionException(id)
         return NotaryChangeLedgerTransaction.create(resolvedInputs, notary, newNotary, id, sigs, resolvedNetworkParameters)
     }
diff --git a/core/src/main/kotlin/net/corda/core/transactions/SignedTransaction.kt b/core/src/main/kotlin/net/corda/core/transactions/SignedTransaction.kt
index 52dd80090f..9ffa98c318 100644
--- a/core/src/main/kotlin/net/corda/core/transactions/SignedTransaction.kt
+++ b/core/src/main/kotlin/net/corda/core/transactions/SignedTransaction.kt
@@ -7,13 +7,16 @@ import net.corda.core.KeepForDJVM
 import net.corda.core.contracts.*
 import net.corda.core.crypto.*
 import net.corda.core.identity.Party
+import net.corda.core.internal.TransactionVerifierServiceInternal
 import net.corda.core.internal.VisibleForTesting
+import net.corda.core.internal.internalFindTrustedAttachmentForClass
 import net.corda.core.node.ServiceHub
 import net.corda.core.node.ServicesForResolution
 import net.corda.core.serialization.CordaSerializable
 import net.corda.core.serialization.SerializedBytes
 import net.corda.core.serialization.deserialize
 import net.corda.core.serialization.serialize
+import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.getOrThrow
 import java.security.KeyPair
 import java.security.PublicKey
@@ -200,8 +203,29 @@ data class SignedTransaction(val txBits: SerializedBytes<CoreTransaction>,
     @DeleteForDJVM
     private fun verifyRegularTransaction(services: ServiceHub, checkSufficientSignatures: Boolean) {
         val ltx = toLedgerTransaction(services, checkSufficientSignatures)
-        // TODO: allow non-blocking verification.
-        services.transactionVerifierService.verify(ltx).getOrThrow()
+        try {
+            // TODO: allow non-blocking verification.
+            services.transactionVerifierService.verify(ltx).getOrThrow()
+        } catch (e: NoClassDefFoundError) {
+            // Transactions created before Corda 4 can be missing dependencies on other cordapps.
+            // This code attempts to find the missing dependency in the attachment storage among the trusted contract attachments.
+            // When it finds one, it instructs the verifier to use it to create the transaction classloader.
+            // TODO - add check that transaction was created before Corda 4.
+
+            // TODO - should this be a [TransactionVerificationException]?
+            val missingClass = requireNotNull(e.message) { "Transaction $ltx is incorrectly formed." }
+
+            val attachment = requireNotNull(services.attachments.internalFindTrustedAttachmentForClass(missingClass)) {
+                "Transaction $ltx is incorrectly formed. Could not find local dependency for class: $missingClass."
+            }
+
+            log.warn("""Detected that transaction ${this.id} does not contain all cordapp dependencies.
+                |This may be the result of a bug in a previous version of Corda.
+                |Attempting to verify using the additional dependency: $attachment.
+                |Please check with the originator that this is a valid transaction.""".trimMargin())
+
+            (services.transactionVerifierService as TransactionVerifierServiceInternal).verify(ltx, listOf(attachment)).getOrThrow()
+        }
     }
 
     /**
@@ -219,7 +243,6 @@ data class SignedTransaction(val txBits: SerializedBytes<CoreTransaction>,
         }
     }
 
-
     /**
      * Resolves the underlying transaction with signatures and then returns it, handling any special case transactions
      * such as [NotaryChangeWireTransaction].
@@ -272,6 +295,8 @@ data class SignedTransaction(val txBits: SerializedBytes<CoreTransaction>,
                     "keys: ${missing.joinToString { it.toStringShort() }}, " +
                     "by signers: ${descriptions.joinToString()} "
         }
+
+        private val log = contextLogger()
     }
 
     @KeepForDJVM
diff --git a/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt b/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt
index 509462722a..d32a87b4ce 100644
--- a/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt
+++ b/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt
@@ -8,6 +8,7 @@ import net.corda.core.crypto.*
 import net.corda.core.identity.Party
 import net.corda.core.internal.*
 import net.corda.core.internal.cordapp.CordappImpl.Companion.DEFAULT_CORDAPP_VERSION
+import net.corda.core.internal.cordapp.CordappResolver
 import net.corda.core.node.NetworkParameters
 import net.corda.core.node.ServiceHub
 import net.corda.core.node.ServicesForResolution
@@ -55,6 +56,8 @@ open class TransactionBuilder @JvmOverloads constructor(
         private fun defaultReferencesList(): MutableList<StateRef> = arrayListOf()
 
         private fun defaultServiceHub(): ServiceHub? = (Strand.currentStrand() as? FlowStateMachine<*>)?.serviceHub
+
+        private const val CORDA_VERSION_THAT_INTRODUCED_FLATTENED_COMMANDS = 4
     }
 
     constructor(
@@ -146,7 +149,7 @@ open class TransactionBuilder @JvmOverloads constructor(
             checkConstraintValidity(state)
         }
 
-        return SerializationFactory.defaultFactory.withCurrentContext(serializationContext) {
+        val wireTx = SerializationFactory.defaultFactory.withCurrentContext(serializationContext) {
             WireTransaction(
                     createComponentGroups(
                             inputStates(),
@@ -156,10 +159,51 @@ open class TransactionBuilder @JvmOverloads constructor(
                             notary,
                             window,
                             referenceStates,
-                            services.networkParametersStorage.currentHash),
+                            services.networkParametersService.currentHash),
                     privacySalt
             )
         }
+
+        // Check the transaction for missing dependencies, and attempt to add them.
+        // This is a workaround as the current version of Corda does not support cordapp dependencies.
+        // It works by running transaction validation and then scan the attachment storage for missing classes.
+        // TODO - remove once proper support for cordapp dependencies is added.
+        val addedDependency = addMissingDependency(services, wireTx)
+
+        return if (addedDependency)
+            toWireTransactionWithContext(services, serializationContext)
+        else
+            wireTx
+    }
+
+    /**
+     * @return true if a new dependency was successfully added.
+     */
+    private fun addMissingDependency(services: ServicesForResolution, wireTx: WireTransaction): Boolean {
+        try {
+            wireTx.toLedgerTransaction(services).verify()
+        } catch (e: NoClassDefFoundError) {
+            val missingClass = e.message
+            requireNotNull(missingClass) { "Transaction is incorrectly formed." }
+
+            val attachment = services.attachments.internalFindTrustedAttachmentForClass(missingClass!!)
+                    ?: throw IllegalArgumentException("Attempted to find dependent attachment for class $missingClass, but could not find a suitable candidate.")
+
+            log.warnOnce("""The transaction currently built is missing an attachment for class: $missingClass.
+                    Automatically attaching contract dependency $attachment.
+                    It is strongly recommended to check that this is the desired attachment, and to manually add it to the transaction builder.
+                """.trimIndent())
+
+            addAttachment(attachment.id)
+            return true
+        // Ignore these exceptions as they will break unit tests.
+        //  The point here is only to detect missing dependencies. The other exceptions are irrelevant.
+        } catch (tve: TransactionVerificationException) {
+        } catch (tre: TransactionResolutionException) {
+        } catch (ise: IllegalStateException) {
+        } catch (ise: IllegalArgumentException) {
+        }
+        return false
     }
 
     /**
@@ -185,7 +229,8 @@ open class TransactionBuilder @JvmOverloads constructor(
 
         val explicitAttachmentContractsMap: Map<ContractClassName, SecureHash> = explicitAttachmentContracts.toMap()
 
-        val inputContractGroups: Map<ContractClassName, List<TransactionState<ContractState>>> = inputsWithTransactionState.map {it.state}.groupBy { it.contract }
+        val inputContractGroups: Map<ContractClassName, List<TransactionState<ContractState>>> = inputsWithTransactionState.map { it.state }
+                .groupBy { it.contract }
         val outputContractGroups: Map<ContractClassName, List<TransactionState<ContractState>>> = outputs.groupBy { it.contract }
 
         val allContracts: Set<ContractClassName> = inputContractGroups.keys + outputContractGroups.keys
@@ -199,7 +244,8 @@ open class TransactionBuilder @JvmOverloads constructor(
                     selectAttachmentThatSatisfiesConstraints(true, refStateEntry.key, refStateEntry.value, emptySet(), services)
                 }
 
-        val contractClassNameToInputStateRef : Map<ContractClassName, Set<StateRef>> = inputsWithTransactionState.map { Pair(it.state.contract,it.ref) }.groupBy { it.first }.mapValues { it.value.map { e -> e.second }.toSet() }
+        val contractClassNameToInputStateRef: Map<ContractClassName, Set<StateRef>> = inputsWithTransactionState.map { Pair(it.state.contract, it.ref) }
+                .groupBy { it.first }.mapValues { it.value.map { e -> e.second }.toSet() }
 
         // For each contract, resolve the AutomaticPlaceholderConstraint, and select the attachment.
         val contractAttachmentsAndResolvedOutputStates: List<Pair<Set<AttachmentId>, List<TransactionState<ContractState>>?>> = allContracts.toSet()
@@ -255,20 +301,21 @@ open class TransactionBuilder @JvmOverloads constructor(
         if (inputsHashConstraints.isNotEmpty() && (outputHashConstraints.isNotEmpty() || outputSignatureConstraints.isNotEmpty())) {
             val attachmentIds = services.attachments.getContractAttachments(contractClassName)
             // only switchover if we have both signed and unsigned attachments for the given contract class name
-            if (attachmentIds.isNotEmpty() && attachmentIds.size == 2)  {
+            if (attachmentIds.isNotEmpty() && attachmentIds.size == 2) {
                 val attachmentsToUse = attachmentIds.map {
                     services.attachments.openAttachment(it)?.let { it as ContractAttachment }
                             ?: throw IllegalArgumentException("Contract attachment $it for $contractClassName is missing.")
                 }
-                val signedAttachment = attachmentsToUse.filter { it.isSigned }.firstOrNull() ?: throw IllegalArgumentException("Signed contract attachment for $contractClassName is missing.")
+                val signedAttachment = attachmentsToUse.filter { it.isSigned }.firstOrNull()
+                        ?: throw IllegalArgumentException("Signed contract attachment for $contractClassName is missing.")
                 val outputConstraints =
-                    if (outputHashConstraints.isNotEmpty()) {
-                        log.warn("Switching output states from hash to signed constraints using signers in signed contract attachment given by ${signedAttachment.id}")
-                        val outputsSignatureConstraints = outputHashConstraints.map { it.copy(constraint = SignatureAttachmentConstraint(signedAttachment.signerKeys.first())) }
-                        outputs.addAll(outputsSignatureConstraints)
-                        outputs.removeAll(outputHashConstraints)
-                        outputsSignatureConstraints
-                    } else outputSignatureConstraints
+                        if (outputHashConstraints.isNotEmpty()) {
+                            log.warn("Switching output states from hash to signed constraints using signers in signed contract attachment given by ${signedAttachment.id}")
+                            val outputsSignatureConstraints = outputHashConstraints.map { it.copy(constraint = SignatureAttachmentConstraint(signedAttachment.signerKeys.first())) }
+                            outputs.addAll(outputsSignatureConstraints)
+                            outputs.removeAll(outputHashConstraints)
+                            outputsSignatureConstraints
+                        } else outputSignatureConstraints
                 return Pair(attachmentIds.toSet(), outputConstraints)
             }
         }
@@ -643,8 +690,15 @@ with @BelongsToContract, or supply an explicit contract parameter to addOutputSt
     /** Returns an immutable list of output [TransactionState]s. */
     fun outputStates(): List<TransactionState<*>> = ArrayList(outputs)
 
-    /** Returns an immutable list of [Command]s, grouping by [CommandData] and joining signers. */
-    fun commands(): List<Command<*>> = commands.groupBy { cmd -> cmd.value }.entries.map { (data, cmds) -> Command(data, cmds.flatMap(Command<*>::signers).toSet().toList()) }
+    /** Returns an immutable list of [Command]s, grouping by [CommandData] and joining signers (from v4, v3 and below return all commands with duplicates for different signers). */
+    fun commands(): List<Command<*>> {
+        return if (CordappResolver.currentTargetVersion >= CORDA_VERSION_THAT_INTRODUCED_FLATTENED_COMMANDS) {
+            commands.groupBy { cmd -> cmd.value }
+                    .entries.map { (data, cmds) -> Command(data, cmds.flatMap(Command<*>::signers).toSet().toList()) }
+        } else {
+            ArrayList(commands)
+        }
+    }
 
     /**
      * Sign the built transaction and return it. This is an internal function for use by the service hub, please use
diff --git a/core/src/main/kotlin/net/corda/core/transactions/WireTransaction.kt b/core/src/main/kotlin/net/corda/core/transactions/WireTransaction.kt
index 0e4f548b3a..2d0c76b950 100644
--- a/core/src/main/kotlin/net/corda/core/transactions/WireTransaction.kt
+++ b/core/src/main/kotlin/net/corda/core/transactions/WireTransaction.kt
@@ -105,8 +105,8 @@ class WireTransaction(componentGroups: List<ComponentGroup>, val privacySalt: Pr
                 resolveAttachment = { services.attachments.openAttachment(it) },
                 resolveStateRefAsSerialized = { resolveStateRefBinaryComponent(it, services) },
                 resolveParameters = {
-                    val hashToResolve = it ?: services.networkParametersStorage.defaultHash
-                    services.networkParametersStorage.lookup(hashToResolve)
+                    val hashToResolve = it ?: services.networkParametersService.defaultHash
+                    services.networkParametersService.lookup(hashToResolve)
                 },
                 resolveContractAttachment = { services.loadContractAttachment(it) }
         )
@@ -130,18 +130,37 @@ class WireTransaction(componentGroups: List<ComponentGroup>, val privacySalt: Pr
      */
     @Deprecated("Use toLedgerTransaction(ServicesForTransaction) instead")
     @Throws(AttachmentResolutionException::class, TransactionResolutionException::class)
-    @JvmOverloads
     fun toLedgerTransaction(
             resolveIdentity: (PublicKey) -> Party?,
             resolveAttachment: (SecureHash) -> Attachment?,
             resolveStateRef: (StateRef) -> TransactionState<*>?,
-            @Suppress("UNUSED_PARAMETER") resolveContractAttachment: (TransactionState<ContractState>) -> AttachmentId?,
-            resolveParameters: (SecureHash?) -> NetworkParameters? = { null } // TODO This { null } is left here only because of API stability. It doesn't make much sense anymore as it will fail on transaction verification.
+            @Suppress("UNUSED_PARAMETER") resolveContractAttachment: (TransactionState<ContractState>) -> AttachmentId?
     ): LedgerTransaction {
         // This reverts to serializing the resolved transaction state.
-        return toLedgerTransactionInternal(resolveIdentity, resolveAttachment, { stateRef -> resolveStateRef(stateRef)?.serialize() }, resolveParameters,
+        return toLedgerTransactionInternal(
+                resolveIdentity,
+                resolveAttachment,
+                { stateRef -> resolveStateRef(stateRef)?.serialize() },
+                { null },
                 // Returning a dummy `missingAttachment` Attachment allows this deprecated method to work and it disables "contract version no downgrade rule" as a dummy Attachment returns version 1
-                { it -> resolveAttachment(it.txhash) ?: missingAttachment })
+                { it -> resolveAttachment(it.txhash) ?: missingAttachment }
+        )
+    }
+
+    // Especially crafted for TransactionVerificationRequest
+    @CordaInternal
+    internal fun toLtxDjvmInternalBridge(
+            resolveAttachment: (SecureHash) -> Attachment?,
+            resolveStateRef: (StateRef) -> TransactionState<*>?,
+            resolveParameters: (SecureHash?) -> NetworkParameters?
+    ): LedgerTransaction {
+        return toLedgerTransactionInternal(
+                { null },
+                resolveAttachment,
+                { stateRef -> resolveStateRef(stateRef)?.serialize() },
+                resolveParameters,
+                { it -> resolveAttachment(it.txhash) ?: missingAttachment }
+        )
     }
 
     private fun toLedgerTransactionInternal(
diff --git a/core/src/main/kotlin/net/corda/core/utilities/ProgressTracker.kt b/core/src/main/kotlin/net/corda/core/utilities/ProgressTracker.kt
index 7660866f00..a42fab4e1e 100644
--- a/core/src/main/kotlin/net/corda/core/utilities/ProgressTracker.kt
+++ b/core/src/main/kotlin/net/corda/core/utilities/ProgressTracker.kt
@@ -287,13 +287,6 @@ class ProgressTracker(vararg inputSteps: Step) {
 
     /** Returns true if the progress tracker has ended, either by reaching the [DONE] step or prematurely with an error */
     val hasEnded: Boolean get() = _changes.hasCompleted() || _changes.hasThrowable()
-
-    companion object {
-        val DEFAULT_TRACKER = { ProgressTracker() }
-    }
 }
 // TODO: Expose the concept of errors.
 // TODO: It'd be helpful if this class was at least partly thread safe.
-
-
-
diff --git a/core/src/main/kotlin/net/corda/core/utilities/Try.kt b/core/src/main/kotlin/net/corda/core/utilities/Try.kt
index d68128cf77..98fc5c1764 100644
--- a/core/src/main/kotlin/net/corda/core/utilities/Try.kt
+++ b/core/src/main/kotlin/net/corda/core/utilities/Try.kt
@@ -3,6 +3,7 @@ package net.corda.core.utilities
 import net.corda.core.KeepForDJVM
 import net.corda.core.internal.uncheckedCast
 import net.corda.core.serialization.CordaSerializable
+import java.util.function.Consumer
 
 /**
  * Representation of an operation that has either succeeded with a result (represented by [Success]) or failed with an
@@ -12,15 +13,16 @@ import net.corda.core.serialization.CordaSerializable
 sealed class Try<out A> {
     companion object {
         /**
-         * Executes the given block of code and returns a [Success] capturing the result, or a [Failure] if an exception
-         * is thrown.
+         * Executes the given block of code and returns a [Success] capturing the result, or a [Failure] if a [Throwable] is thrown.
+         *
+         * It is recommended this be chained with [throwError] to ensure critial [Error]s are thrown and not captured.
          */
         @JvmStatic
         inline fun <T> on(body: () -> T): Try<T> {
             return try {
                 Success(body())
-            } catch (e: Exception) {
-                Failure(e)
+            } catch (t: Throwable) {
+                Failure(t)
             }
         }
     }
@@ -34,6 +36,15 @@ sealed class Try<out A> {
     /** Returns the value if a [Success] otherwise throws the exception if a [Failure]. */
     abstract fun getOrThrow(): A
 
+    /** If this is a [Failure] wrapping an [Error] then throw it, otherwise return `this` for chaining. */
+    fun throwError(): Try<A> {
+        if (this is Failure && exception is Error) {
+            throw exception
+        } else {
+            return this
+        }
+    }
+
     /** Maps the given function to the value from this [Success], or returns `this` if this is a [Failure]. */
     inline fun <B> map(function: (A) -> B): Try<B> = when (this) {
         is Success -> Success(function(value))
@@ -59,34 +70,21 @@ sealed class Try<out A> {
     }
 
     /** Applies the given action to the value if [Success], or does nothing if [Failure]. Returns `this` for chaining. */
-    fun doOnSuccess(action: (A) -> Unit): Try<A> {
-        when (this) {
-            is Success -> action.invoke(value)
-            is Failure -> {}
+    fun doOnSuccess(action: Consumer<in A>): Try<A> {
+        if (this is Success) {
+            action.accept(value)
         }
         return this
     }
 
     /** Applies the given action to the error if [Failure], or does nothing if [Success]. Returns `this` for chaining. */
-    fun doOnFailure(action: (Throwable) -> Unit): Try<A> {
-        when (this) {
-            is Success -> {}
-            is Failure -> action.invoke(exception)
+    fun doOnFailure(action: Consumer<Throwable>): Try<A> {
+        if (this is Failure) {
+            action.accept(exception)
         }
         return this
     }
 
-    /** Applies the given action to the exception if [Failure], rethrowing [Error]s. Does nothing if [Success]. Returns `this` for chaining. */
-    fun doOnException(action: (Exception) -> Unit): Try<A> {
-        return doOnFailure { error ->
-            if (error is Exception) {
-                action.invoke(error)
-            } else {
-                throw error
-            }
-        }
-    }
-
     @KeepForDJVM
     data class Success<out A>(val value: A) : Try<A>() {
         override val isSuccess: Boolean get() = true
diff --git a/core/src/test/java/net/corda/core/flows/FlowsInJavaTest.java b/core/src/test/java/net/corda/core/flows/FlowsInJavaTest.java
index 41bd180466..6237084f69 100644
--- a/core/src/test/java/net/corda/core/flows/FlowsInJavaTest.java
+++ b/core/src/test/java/net/corda/core/flows/FlowsInJavaTest.java
@@ -1,11 +1,11 @@
 package net.corda.core.flows;
 
 import co.paralleluniverse.fibers.Suspendable;
-import com.google.common.collect.ImmutableList;
 import com.google.common.primitives.Primitives;
 import net.corda.core.identity.Party;
 import net.corda.testing.core.TestConstants;
 import net.corda.testing.node.MockNetwork;
+import net.corda.testing.node.MockNetworkParameters;
 import net.corda.testing.node.StartedMockNode;
 import org.junit.After;
 import org.junit.Before;
@@ -15,11 +15,14 @@ import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Future;
 
 import static net.corda.testing.core.TestUtils.singleIdentity;
+import static net.corda.testing.node.internal.InternalTestUtilsKt.cordappsForPackages;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 import static org.junit.Assert.fail;
 
 public class FlowsInJavaTest {
-    private final MockNetwork mockNet = new MockNetwork(ImmutableList.of("net.corda.core.flows"));
+    private final MockNetwork mockNet = new MockNetwork(
+            new MockNetworkParameters().withCordappsForAllNodes(cordappsForPackages("net.corda.core.flows"))
+    );
     private StartedMockNode aliceNode;
     private StartedMockNode bobNode;
     private Party bob;
diff --git a/core/src/test/kotlin/net/corda/core/contracts/ConstraintsPropagationTests.kt b/core/src/test/kotlin/net/corda/core/contracts/ConstraintsPropagationTests.kt
index d77a660132..b7a9566b9c 100644
--- a/core/src/test/kotlin/net/corda/core/contracts/ConstraintsPropagationTests.kt
+++ b/core/src/test/kotlin/net/corda/core/contracts/ConstraintsPropagationTests.kt
@@ -83,7 +83,7 @@ class ConstraintsPropagationTests {
         ledgerServices = object : MockServices(
                 cordappPackages = listOf("net.corda.finance.contracts.asset"),
                 initialIdentity = ALICE,
-                identityService = rigorousMock<IdentityServiceInternal>().also {
+                identityService = mock<IdentityServiceInternal>().also {
                     doReturn(ALICE_PARTY).whenever(it).partyFromKey(ALICE_PUBKEY)
                     doReturn(BOB_PARTY).whenever(it).partyFromKey(BOB_PUBKEY)
                 },
diff --git a/core/src/test/kotlin/net/corda/core/contracts/PackageOwnershipVerificationTests.kt b/core/src/test/kotlin/net/corda/core/contracts/PackageOwnershipVerificationTests.kt
index 8a677fc25d..b08e510b90 100644
--- a/core/src/test/kotlin/net/corda/core/contracts/PackageOwnershipVerificationTests.kt
+++ b/core/src/test/kotlin/net/corda/core/contracts/PackageOwnershipVerificationTests.kt
@@ -1,6 +1,7 @@
 package net.corda.core.contracts
 
 import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.mock
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.crypto.Crypto
 import net.corda.core.crypto.SecureHash
@@ -40,7 +41,7 @@ class PackageOwnershipVerificationTests {
     private val ledgerServices = MockServices(
             cordappPackages = listOf("net.corda.finance.contracts.asset"),
             initialIdentity = ALICE,
-            identityService = rigorousMock<IdentityServiceInternal>().also {
+            identityService = mock<IdentityServiceInternal>().also {
                 doReturn(ALICE_PARTY).whenever(it).partyFromKey(ALICE_PUBKEY)
                 doReturn(BOB_PARTY).whenever(it).partyFromKey(BOB_PUBKEY)
             },
diff --git a/core/src/test/kotlin/net/corda/core/crypto/PartialMerkleTreeTest.kt b/core/src/test/kotlin/net/corda/core/crypto/PartialMerkleTreeTest.kt
index b30e7d5fca..93a129c728 100644
--- a/core/src/test/kotlin/net/corda/core/crypto/PartialMerkleTreeTest.kt
+++ b/core/src/test/kotlin/net/corda/core/crypto/PartialMerkleTreeTest.kt
@@ -1,6 +1,7 @@
 package net.corda.core.crypto
 
 import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.mock
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.contracts.*
 import net.corda.core.crypto.SecureHash.Companion.zeroHash
@@ -68,7 +69,7 @@ class PartialMerkleTreeTest {
         testLedger = MockServices(
                 cordappPackages = emptyList(),
                 initialIdentity = TestIdentity(MEGA_CORP.name),
-                identityService = rigorousMock<IdentityServiceInternal>().also {
+                identityService = mock<IdentityServiceInternal>().also {
                     doReturn(MEGA_CORP).whenever(it).partyFromKey(MEGA_CORP_PUBKEY)
                 },
                 networkParameters = testNetworkParameters(minimumPlatformVersion = 4, notaries = listOf(NotaryInfo(DUMMY_NOTARY, true)))
diff --git a/core/src/test/kotlin/net/corda/core/flows/FinalityFlowTests.kt b/core/src/test/kotlin/net/corda/core/flows/FinalityFlowTests.kt
index 8786696354..76251376bf 100644
--- a/core/src/test/kotlin/net/corda/core/flows/FinalityFlowTests.kt
+++ b/core/src/test/kotlin/net/corda/core/flows/FinalityFlowTests.kt
@@ -3,6 +3,7 @@ package net.corda.core.flows
 import com.natpryce.hamkrest.and
 import com.natpryce.hamkrest.assertion.assert
 import net.corda.core.flows.mixins.WithFinality
+import net.corda.core.flows.mixins.WithFinality.FinalityInvoker
 import net.corda.core.identity.Party
 import net.corda.core.internal.cordapp.CordappResolver
 import net.corda.core.transactions.SignedTransaction
@@ -75,15 +76,29 @@ class FinalityFlowTests : WithFinality {
 
     @Test
     fun `allow use of the old API if the CorDapp target version is 3`() {
-        // We need Bob to load at least one old CorDapp so that its FinalityHandler is enabled
-        val bob = createBob(cordapps = listOf(cordappWithPackages("com.template").copy(targetPlatformVersion = 3)))
-        val stx = aliceNode.issuesCashTo(bob)
+        val oldBob = createBob(cordapps = listOf(tokenOldCordapp()))
+        val stx = aliceNode.issuesCashTo(oldBob)
         val resultFuture = CordappResolver.withCordapp(targetPlatformVersion = 3) {
             @Suppress("DEPRECATION")
             aliceNode.startFlowAndRunNetwork(FinalityFlow(stx)).resultFuture
         }
         resultFuture.getOrThrow()
-        assertThat(bob.services.validatedTransactions.getTransaction(stx.id)).isNotNull()
+        assertThat(oldBob.services.validatedTransactions.getTransaction(stx.id)).isNotNull()
+    }
+
+    @Test
+    fun `broadcasting to both new and old participants`() {
+        val newCharlie = mockNet.createNode(InternalMockNodeParameters(legalName = CHARLIE_NAME))
+        val oldBob = createBob(cordapps = listOf(tokenOldCordapp()))
+        val stx = aliceNode.issuesCashTo(oldBob)
+        val resultFuture = aliceNode.startFlowAndRunNetwork(FinalityInvoker(
+                stx,
+                newRecipients = setOf(newCharlie.info.singleIdentity()),
+                oldRecipients = setOf(oldBob.info.singleIdentity())
+        )).resultFuture
+        resultFuture.getOrThrow()
+        assertThat(newCharlie.services.validatedTransactions.getTransaction(stx.id)).isNotNull()
+        assertThat(oldBob.services.validatedTransactions.getTransaction(stx.id)).isNotNull()
     }
 
     private fun createBob(cordapps: List<TestCordappInternal> = emptyList()): TestStartedNode {
@@ -100,4 +115,7 @@ class FinalityFlowTests : WithFinality {
         Cash().generateIssue(builder, amount, other, notary)
         return services.signInitialTransaction(builder)
     }
+
+    /** "Old" CorDapp which will force its node to keep its FinalityHandler enabled */
+    private fun tokenOldCordapp() = cordappWithPackages("com.template").copy(targetPlatformVersion = 3)
 }
diff --git a/core/src/test/kotlin/net/corda/core/flows/WithReferencedStatesFlowTests.kt b/core/src/test/kotlin/net/corda/core/flows/WithReferencedStatesFlowTests.kt
index d820c6d6f0..c956924351 100644
--- a/core/src/test/kotlin/net/corda/core/flows/WithReferencedStatesFlowTests.kt
+++ b/core/src/test/kotlin/net/corda/core/flows/WithReferencedStatesFlowTests.kt
@@ -149,7 +149,7 @@ class WithReferencedStatesFlowTests {
         val updatedRefState = updatedRefTx.tx.outRefsOfType<RefState.State>().single()
 
         // 4. Try to use the old reference state. This will throw a NotaryException.
-        val useRefTx = nodes[1].services.startFlow(WithReferencedStatesFlow(UseRefState(newRefState.state.data.linearId))).resultFuture
+        val useRefTx = nodes[1].services.startFlow(WithReferencedStatesFlow { UseRefState(newRefState.state.data.linearId) }).resultFuture
 
         // 5. Share the update reference state.
         nodes[0].services.startFlow(ShareRefState.Initiator(updatedRefState)).resultFuture.getOrThrow()
diff --git a/core/src/test/kotlin/net/corda/core/flows/mixins/WithFinality.kt b/core/src/test/kotlin/net/corda/core/flows/mixins/WithFinality.kt
index 23acfa28e9..45a2363151 100644
--- a/core/src/test/kotlin/net/corda/core/flows/mixins/WithFinality.kt
+++ b/core/src/test/kotlin/net/corda/core/flows/mixins/WithFinality.kt
@@ -17,7 +17,7 @@ import net.corda.testing.node.internal.TestStartedNode
 interface WithFinality : WithMockNet {
     //region Operations
     fun TestStartedNode.finalise(stx: SignedTransaction, vararg recipients: Party): FlowStateMachine<SignedTransaction> {
-        return startFlowAndRunNetwork(FinalityInvoker(stx, recipients.toSet()))
+        return startFlowAndRunNetwork(FinalityInvoker(stx, recipients.toSet(), emptySet()))
     }
 
     fun TestStartedNode.getValidatedTransaction(stx: SignedTransaction): SignedTransaction {
@@ -25,7 +25,7 @@ interface WithFinality : WithMockNet {
     }
 
     fun CordaRPCOps.finalise(stx: SignedTransaction, vararg recipients: Party): FlowHandle<SignedTransaction> {
-        return startFlow(::FinalityInvoker, stx, recipients.toSet()).andRunNetwork()
+        return startFlow(::FinalityInvoker, stx, recipients.toSet(), emptySet()).andRunNetwork()
     }
     //endregion
 
@@ -41,11 +41,13 @@ interface WithFinality : WithMockNet {
     @InitiatingFlow
     @StartableByRPC
     class FinalityInvoker(private val transaction: SignedTransaction,
-                          private val recipients: Set<Party>) : FlowLogic<SignedTransaction>() {
+                          private val newRecipients: Set<Party>,
+                          private val oldRecipients: Set<Party>) : FlowLogic<SignedTransaction>() {
         @Suspendable
         override fun call(): SignedTransaction {
-            val sessions = recipients.map(::initiateFlow)
-            return subFlow(FinalityFlow(transaction, sessions))
+            val sessions = newRecipients.map(::initiateFlow)
+            @Suppress("DEPRECATION")
+            return subFlow(FinalityFlow(transaction, sessions, oldRecipients, FinalityFlow.tracker()))
         }
     }
 
diff --git a/core/src/test/kotlin/net/corda/core/internal/ClassLoadingUtilsTest.kt b/core/src/test/kotlin/net/corda/core/internal/ClassLoadingUtilsTest.kt
new file mode 100644
index 0000000000..1e1a715dfd
--- /dev/null
+++ b/core/src/test/kotlin/net/corda/core/internal/ClassLoadingUtilsTest.kt
@@ -0,0 +1,34 @@
+package net.corda.core.internal
+
+import org.assertj.core.api.Assertions.assertThat
+import org.junit.Test
+import java.lang.IllegalArgumentException
+
+class ClassLoadingUtilsTest {
+
+    interface BaseInterface {}
+
+    interface BaseInterface2 {}
+
+    class ConcreteClassWithEmptyConstructor: BaseInterface {}
+
+    abstract class AbstractClass: BaseInterface
+
+    class ConcreteClassWithNonEmptyConstructor(private val someData: Int): BaseInterface2 {}
+
+    @Test
+    fun predicateClassAreLoadedSuccessfully() {
+        val classes = loadClassesImplementing(BaseInterface::class.java.classLoader, BaseInterface::class.java)
+
+        val classNames = classes.map { it.javaClass.name }
+
+        assertThat(classNames).contains(ConcreteClassWithEmptyConstructor::class.java.name)
+        assertThat(classNames).doesNotContain(AbstractClass::class.java.name)
+    }
+
+    @Test(expected = IllegalArgumentException::class)
+    fun throwsExceptionWhenClassDoesNotContainProperConstructors() {
+        val classes = loadClassesImplementing(BaseInterface::class.java.classLoader, BaseInterface2::class.java)
+    }
+
+}
\ No newline at end of file
diff --git a/core/src/test/kotlin/net/corda/core/internal/ResolveTransactionsFlowTest.kt b/core/src/test/kotlin/net/corda/core/internal/ResolveTransactionsFlowTest.kt
index 24683264e5..e83fa8cfa3 100644
--- a/core/src/test/kotlin/net/corda/core/internal/ResolveTransactionsFlowTest.kt
+++ b/core/src/test/kotlin/net/corda/core/internal/ResolveTransactionsFlowTest.kt
@@ -13,7 +13,9 @@ import net.corda.core.utilities.unwrap
 import net.corda.testing.contracts.DummyContract
 import net.corda.testing.core.singleIdentity
 import net.corda.testing.node.MockNetwork
+import net.corda.testing.node.MockNetworkParameters
 import net.corda.testing.node.StartedMockNode
+import net.corda.testing.node.internal.cordappsForPackages
 import org.junit.After
 import org.junit.Before
 import org.junit.Test
@@ -36,11 +38,9 @@ class ResolveTransactionsFlowTest {
     private lateinit var miniCorp: Party
     private lateinit var notary: Party
 
-    private lateinit var rootTx: SignedTransaction
-
     @Before
     fun setup() {
-        mockNet = MockNetwork(cordappPackages = listOf("net.corda.testing.contracts", "net.corda.core.internal"))
+        mockNet = MockNetwork(MockNetworkParameters(cordappsForAllNodes = cordappsForPackages("net.corda.testing.contracts", javaClass.packageName)))
         notaryNode = mockNet.defaultNotaryNode
         megaCorpNode = mockNet.createPartyNode(CordaX500Name("MegaCorp", "London", "GB"))
         miniCorpNode = mockNet.createPartyNode(CordaX500Name("MiniCorp", "London", "GB"))
diff --git a/core/src/test/kotlin/net/corda/core/internal/StatePointerSearchTests.kt b/core/src/test/kotlin/net/corda/core/internal/StatePointerSearchTests.kt
new file mode 100644
index 0000000000..716fa2c157
--- /dev/null
+++ b/core/src/test/kotlin/net/corda/core/internal/StatePointerSearchTests.kt
@@ -0,0 +1,77 @@
+package net.corda.core.internal
+
+import net.corda.core.contracts.*
+import net.corda.core.crypto.NullKeys
+import net.corda.core.identity.AbstractParty
+import net.corda.core.identity.AnonymousParty
+import net.corda.core.utilities.OpaqueBytes
+import org.junit.Test
+import kotlin.test.assertEquals
+
+class StatePointerSearchTests {
+
+    private val partyAndRef = PartyAndReference(AnonymousParty(NullKeys.NullPublicKey), OpaqueBytes.of(0))
+
+    private data class StateWithGeneric(val amount: Amount<Issued<LinearPointer<LinearState>>>) : ContractState {
+        override val participants: List<AbstractParty> get() = listOf()
+    }
+
+    private data class StateWithList(val pointerList: List<LinearPointer<LinearState>>) : ContractState {
+        override val participants: List<AbstractParty> get() = listOf()
+    }
+
+    private data class StateWithMap(val pointerMap: Map<Any, Any>) : ContractState {
+        override val participants: List<AbstractParty> get() = listOf()
+    }
+
+    private data class StateWithSet(val pointerSet: Set<LinearPointer<LinearState>>) : ContractState {
+        override val participants: List<AbstractParty> get() = listOf()
+    }
+
+    private data class StateWithListOfList(val pointerSet: List<List<LinearPointer<LinearState>>>) : ContractState {
+        override val participants: List<AbstractParty> get() = listOf()
+    }
+
+    @Test
+    fun `find pointer in state with generic type`() {
+        val linearPointer = LinearPointer(UniqueIdentifier(), LinearState::class.java)
+        val testState = StateWithGeneric(Amount(100L, Issued(partyAndRef, linearPointer)))
+        val results = StatePointerSearch(testState).search()
+        assertEquals(results, setOf(linearPointer))
+    }
+
+    @Test
+    fun `find pointers which are inside a list`() {
+        val linearPointerOne = LinearPointer(UniqueIdentifier(), LinearState::class.java)
+        val linearPointerTwo = LinearPointer(UniqueIdentifier(), LinearState::class.java)
+        val testState = StateWithList(listOf(linearPointerOne, linearPointerTwo))
+        val results = StatePointerSearch(testState).search()
+        assertEquals(results, setOf(linearPointerOne, linearPointerTwo))
+    }
+
+    @Test
+    fun `find pointers which are inside a map`() {
+        val linearPointerOne = LinearPointer(UniqueIdentifier(), LinearState::class.java)
+        val linearPointerTwo = LinearPointer(UniqueIdentifier(), LinearState::class.java)
+        val testState = StateWithMap(mapOf(linearPointerOne to 1, 2 to linearPointerTwo))
+        val results = StatePointerSearch(testState).search()
+        assertEquals(results, setOf(linearPointerOne, linearPointerTwo))
+    }
+
+    @Test
+    fun `find pointers which are inside a set`() {
+        val linearPointer = LinearPointer(UniqueIdentifier(), LinearState::class.java)
+        val testState = StateWithSet(setOf(linearPointer))
+        val results = StatePointerSearch(testState).search()
+        assertEquals(results, setOf(linearPointer))
+    }
+
+    @Test
+    fun `find pointers which are inside nested iterables`() {
+        val linearPointer = LinearPointer(UniqueIdentifier(), LinearState::class.java)
+        val testState = StateWithListOfList(listOf(listOf(linearPointer)))
+        val results = StatePointerSearch(testState).search()
+        assertEquals(results, setOf(linearPointer))
+    }
+
+}
\ No newline at end of file
diff --git a/core/src/test/kotlin/net/corda/core/node/NetworkParametersTest.kt b/core/src/test/kotlin/net/corda/core/node/NetworkParametersTest.kt
index 6639d8002a..9f2b549ddc 100644
--- a/core/src/test/kotlin/net/corda/core/node/NetworkParametersTest.kt
+++ b/core/src/test/kotlin/net/corda/core/node/NetworkParametersTest.kt
@@ -1,5 +1,7 @@
 package net.corda.core.node
 
+import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.crypto.generateKeyPair
 import net.corda.core.internal.getPackageOwnerOf
 import net.corda.core.utilities.OpaqueBytes
@@ -7,16 +9,15 @@ import net.corda.core.utilities.days
 import net.corda.core.utilities.getOrThrow
 import net.corda.finance.DOLLARS
 import net.corda.finance.flows.CashIssueFlow
+import net.corda.node.services.config.NotaryConfig
 import net.corda.nodeapi.internal.network.NetworkParametersCopier
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
 import net.corda.testing.core.DUMMY_NOTARY_NAME
 import net.corda.testing.core.singleIdentity
-import net.corda.testing.node.MockNetNotaryConfig
 import net.corda.testing.node.MockNetworkNotarySpec
 import net.corda.testing.node.MockNetworkParameters
-import net.corda.testing.node.MockNodeConfigOverrides
 import net.corda.testing.node.internal.InternalMockNetwork
 import net.corda.testing.node.internal.InternalMockNodeParameters
 import net.corda.testing.node.internal.MOCK_VERSION_INFO
@@ -66,8 +67,14 @@ class NetworkParametersTest {
     // Notaries tests
     @Test
     fun `choosing notary not specified in network parameters will fail`() {
-        val fakeNotary = mockNet.createNode(InternalMockNodeParameters(legalName = BOB_NAME,
-                configOverrides = MockNodeConfigOverrides(notary = MockNetNotaryConfig(validating = false))))
+        val fakeNotary = mockNet.createNode(
+                InternalMockNodeParameters(
+                        legalName = BOB_NAME,
+                        configOverrides = {
+                            doReturn(NotaryConfig(validating = false)).whenever(it).notary
+                        }
+                )
+        )
         val fakeNotaryId = fakeNotary.info.singleIdentity()
         val alice = mockNet.createPartyNode(ALICE_NAME)
         assertThat(alice.services.networkMapCache.notaryIdentities).doesNotContain(fakeNotaryId)
diff --git a/core/src/test/kotlin/net/corda/core/serialization/TransactionSerializationTests.kt b/core/src/test/kotlin/net/corda/core/serialization/TransactionSerializationTests.kt
index 5c93157357..55d6c72c76 100644
--- a/core/src/test/kotlin/net/corda/core/serialization/TransactionSerializationTests.kt
+++ b/core/src/test/kotlin/net/corda/core/serialization/TransactionSerializationTests.kt
@@ -1,5 +1,6 @@
 package net.corda.core.serialization
 
+import com.nhaarman.mockito_kotlin.mock
 import net.corda.core.contracts.*
 import net.corda.core.crypto.*
 import net.corda.core.identity.AbstractParty
@@ -69,7 +70,7 @@ class TransactionSerializationTests {
     val outputState = TransactionState(TestCash.State(depositRef, 600.POUNDS, MEGA_CORP), TEST_CASH_PROGRAM_ID, DUMMY_NOTARY)
     val changeState = TransactionState(TestCash.State(depositRef, 400.POUNDS, MEGA_CORP), TEST_CASH_PROGRAM_ID, DUMMY_NOTARY)
 
-    val megaCorpServices = object : MockServices(listOf("net.corda.core.serialization"), MEGA_CORP.name, rigorousMock(), testNetworkParameters(notaries = listOf(NotaryInfo(DUMMY_NOTARY, true))), MEGA_CORP_KEY) {
+    val megaCorpServices = object : MockServices(listOf("net.corda.core.serialization"), MEGA_CORP.name, mock(), testNetworkParameters(notaries = listOf(NotaryInfo(DUMMY_NOTARY, true))), MEGA_CORP_KEY) {
         //override mock implementation with a real one
         override fun loadContractAttachment(stateRef: StateRef, forContractClassName: ContractClassName?): Attachment = servicesForResolution.loadContractAttachment(stateRef, forContractClassName)
     }
diff --git a/core/src/test/kotlin/net/corda/core/transactions/AttachmentsClassLoaderSerializationTests.kt b/core/src/test/kotlin/net/corda/core/transactions/AttachmentsClassLoaderSerializationTests.kt
index c3364eeba3..a6150099ed 100644
--- a/core/src/test/kotlin/net/corda/core/transactions/AttachmentsClassLoaderSerializationTests.kt
+++ b/core/src/test/kotlin/net/corda/core/transactions/AttachmentsClassLoaderSerializationTests.kt
@@ -9,7 +9,7 @@ import net.corda.core.serialization.internal.AttachmentsClassLoaderBuilder
 import net.corda.core.serialization.serialize
 import net.corda.core.utilities.ByteSequence
 import net.corda.core.utilities.OpaqueBytes
-import net.corda.nodeapi.DummyContractBackdoor
+import net.corda.isolated.contracts.DummyContractBackdoor
 import net.corda.testing.core.DUMMY_NOTARY_NAME
 import net.corda.testing.core.SerializationEnvironmentRule
 import net.corda.testing.core.TestIdentity
@@ -26,15 +26,15 @@ import kotlin.test.assertFailsWith
 class AttachmentsClassLoaderSerializationTests {
 
     companion object {
-        val ISOLATED_CONTRACTS_JAR_PATH: URL = AttachmentsClassLoaderSerializationTests::class.java.getResource("isolated.jar")
-        private const val ISOLATED_CONTRACT_CLASS_NAME = "net.corda.finance.contracts.isolated.AnotherDummyContract"
+        val ISOLATED_CONTRACTS_JAR_PATH: URL = AttachmentsClassLoaderSerializationTests::class.java.getResource("/isolated.jar")
+        private const val ISOLATED_CONTRACT_CLASS_NAME = "net.corda.isolated.contracts.AnotherDummyContract"
     }
 
     @Rule
     @JvmField
     val testSerialization = SerializationEnvironmentRule()
 
-    val storage = MockAttachmentStorage()
+    private val storage = MockAttachmentStorage()
 
     @Test
     fun `Can serialize and deserialize with an attachment classloader`() {
diff --git a/core/src/test/kotlin/net/corda/core/transactions/AttachmentsClassLoaderTests.kt b/core/src/test/kotlin/net/corda/core/transactions/AttachmentsClassLoaderTests.kt
index 873b05f2ec..81d031689e 100644
--- a/core/src/test/kotlin/net/corda/core/transactions/AttachmentsClassLoaderTests.kt
+++ b/core/src/test/kotlin/net/corda/core/transactions/AttachmentsClassLoaderTests.kt
@@ -4,35 +4,38 @@ import net.corda.core.contracts.Attachment
 import net.corda.core.contracts.Contract
 import net.corda.core.contracts.TransactionVerificationException
 import net.corda.core.internal.declaredField
+import net.corda.core.internal.inputStream
+import net.corda.core.node.services.AttachmentId
 import net.corda.core.serialization.internal.AttachmentsClassLoader
 import net.corda.testing.core.internal.ContractJarTestUtils.signContractJar
 import net.corda.testing.internal.fakeAttachment
+import net.corda.testing.node.internal.FINANCE_CONTRACTS_CORDAPP
 import net.corda.testing.services.MockAttachmentStorage
 import org.apache.commons.io.IOUtils
 import org.junit.Assert.assertArrayEquals
 import org.junit.Assert.assertEquals
 import org.junit.Test
 import java.io.ByteArrayOutputStream
+import java.io.InputStream
 import java.net.URL
 import kotlin.test.assertFailsWith
 
 class AttachmentsClassLoaderTests {
-
     companion object {
-        val ISOLATED_CONTRACTS_JAR_PATH: URL = AttachmentsClassLoaderTests::class.java.getResource("isolated.jar")
+        // TODO Update this test to use the new isolated.jar
+        val ISOLATED_CONTRACTS_JAR_PATH: URL = AttachmentsClassLoaderTests::class.java.getResource("old-isolated.jar")
         val ISOLATED_CONTRACTS_JAR_PATH_V4: URL = AttachmentsClassLoaderTests::class.java.getResource("isolated-4.0.jar")
-        val FINANCE_JAR_PATH: URL = AttachmentsClassLoaderTests::class.java.getResource("finance.jar")
         private const val ISOLATED_CONTRACT_CLASS_NAME = "net.corda.finance.contracts.isolated.AnotherDummyContract"
 
         private fun readAttachment(attachment: Attachment, filepath: String): ByteArray {
-            ByteArrayOutputStream().use {
+            return ByteArrayOutputStream().let {
                 attachment.extractFile(filepath, it)
-                return it.toByteArray()
+                it.toByteArray()
             }
         }
     }
 
-    val storage = MockAttachmentStorage()
+    private val storage = MockAttachmentStorage()
 
     @Test
     fun `Loading AnotherDummyContract without using the AttachmentsClassLoader fails`() {
@@ -43,7 +46,7 @@ class AttachmentsClassLoaderTests {
 
     @Test
     fun `Dynamically load AnotherDummyContract from isolated contracts jar using the AttachmentsClassLoader`() {
-        val isolatedId = storage.importAttachment(ISOLATED_CONTRACTS_JAR_PATH.openStream(), "app", "isolated.jar")
+        val isolatedId = importAttachment(ISOLATED_CONTRACTS_JAR_PATH.openStream(), "app", "isolated.jar")
 
         val classloader = AttachmentsClassLoader(listOf(storage.openAttachment(isolatedId)!!))
         val contractClass = Class.forName(ISOLATED_CONTRACT_CLASS_NAME, true, classloader)
@@ -53,8 +56,8 @@ class AttachmentsClassLoaderTests {
 
     @Test
     fun `Test non-overlapping contract jar`() {
-        val att1 = storage.importAttachment(ISOLATED_CONTRACTS_JAR_PATH.openStream(), "app", "isolated.jar")
-        val att2 = storage.importAttachment(ISOLATED_CONTRACTS_JAR_PATH_V4.openStream(), "app", "isolated-4.0.jar")
+        val att1 = importAttachment(ISOLATED_CONTRACTS_JAR_PATH.openStream(), "app", "isolated.jar")
+        val att2 = importAttachment(ISOLATED_CONTRACTS_JAR_PATH_V4.openStream(), "app", "isolated-4.0.jar")
 
         assertFailsWith(TransactionVerificationException.OverlappingAttachmentsException::class) {
             AttachmentsClassLoader(arrayOf(att1, att2).map { storage.openAttachment(it)!! })
@@ -63,9 +66,9 @@ class AttachmentsClassLoaderTests {
 
     @Test
     fun `Test valid overlapping contract jar`() {
-        val isolatedId = storage.importAttachment(ISOLATED_CONTRACTS_JAR_PATH.openStream(), "app", "isolated.jar")
+        val isolatedId = importAttachment(ISOLATED_CONTRACTS_JAR_PATH.openStream(), "app", "isolated.jar")
         val signedJar = signContractJar(ISOLATED_CONTRACTS_JAR_PATH, copyFirst = true)
-        val isolatedSignedId = storage.importAttachment(signedJar.first.toUri().toURL().openStream(), "app", "isolated-signed.jar")
+        val isolatedSignedId = importAttachment(signedJar.first.toUri().toURL().openStream(), "app", "isolated-signed.jar")
 
         // does not throw OverlappingAttachments exception
         AttachmentsClassLoader(arrayOf(isolatedId, isolatedSignedId).map { storage.openAttachment(it)!! })
@@ -73,8 +76,8 @@ class AttachmentsClassLoaderTests {
 
     @Test
     fun `Test non-overlapping different contract jars`() {
-        val att1 = storage.importAttachment(ISOLATED_CONTRACTS_JAR_PATH.openStream(), "app", "isolated.jar")
-        val att2 = storage.importAttachment(FINANCE_JAR_PATH.openStream(), "app", "finance.jar")
+        val att1 = importAttachment(ISOLATED_CONTRACTS_JAR_PATH.openStream(), "app", "isolated.jar")
+        val att2 = importAttachment(FINANCE_CONTRACTS_CORDAPP.jarFile.inputStream(), "app", "finance.jar")
 
         // does not throw OverlappingAttachments exception
         AttachmentsClassLoader(arrayOf(att1, att2).map { storage.openAttachment(it)!! })
@@ -82,8 +85,8 @@ class AttachmentsClassLoaderTests {
 
     @Test
     fun `Load text resources from AttachmentsClassLoader`() {
-        val att1 = storage.importAttachment(fakeAttachment("file1.txt", "some data").inputStream(), "app", "file1.jar")
-        val att2 = storage.importAttachment(fakeAttachment("file2.txt", "some other data").inputStream(), "app", "file2.jar")
+        val att1 = importAttachment(fakeAttachment("file1.txt", "some data").inputStream(), "app", "file1.jar")
+        val att2 = importAttachment(fakeAttachment("file2.txt", "some other data").inputStream(), "app", "file2.jar")
 
         val cl = AttachmentsClassLoader(arrayOf(att1, att2).map { storage.openAttachment(it)!! })
         val txt = IOUtils.toString(cl.getResourceAsStream("file1.txt"), Charsets.UTF_8.name())
@@ -95,8 +98,8 @@ class AttachmentsClassLoaderTests {
 
     @Test
     fun `Test valid overlapping file condition`() {
-        val att1 = storage.importAttachment(fakeAttachment("file1.txt", "same data").inputStream(), "app", "file1.jar")
-        val att2 = storage.importAttachment(fakeAttachment("file1.txt", "same data").inputStream(), "app", "file2.jar")
+        val att1 = importAttachment(fakeAttachment("file1.txt", "same data").inputStream(), "app", "file1.jar")
+        val att2 = importAttachment(fakeAttachment("file1.txt", "same data").inputStream(), "app", "file2.jar")
 
         val cl = AttachmentsClassLoader(arrayOf(att1, att2).map { storage.openAttachment(it)!! })
         val txt = IOUtils.toString(cl.getResourceAsStream("file1.txt"), Charsets.UTF_8.name())
@@ -106,8 +109,8 @@ class AttachmentsClassLoaderTests {
     @Test
     fun `No overlapping exception thrown on certain META-INF files`() {
         listOf("meta-inf/manifest.mf", "meta-inf/license", "meta-inf/test.dsa", "meta-inf/test.sf").forEach { path ->
-            val att1 = storage.importAttachment(fakeAttachment(path, "some data").inputStream(), "app", "file1.jar")
-            val att2 = storage.importAttachment(fakeAttachment(path, "some other data").inputStream(), "app", "file2.jar")
+            val att1 = importAttachment(fakeAttachment(path, "some data").inputStream(), "app", "file1.jar")
+            val att2 = importAttachment(fakeAttachment(path, "some other data").inputStream(), "app", "file2.jar")
 
             AttachmentsClassLoader(arrayOf(att1, att2).map { storage.openAttachment(it)!! })
         }
@@ -115,10 +118,8 @@ class AttachmentsClassLoaderTests {
 
     @Test
     fun `Check platform independent path handling in attachment jars`() {
-        val storage = MockAttachmentStorage()
-
-        val att1 = storage.importAttachment(fakeAttachment("/folder1/foldera/file1.txt", "some data").inputStream(), "app", "file1.jar")
-        val att2 = storage.importAttachment(fakeAttachment("\\folder1\\folderb\\file2.txt", "some other data").inputStream(), "app", "file2.jar")
+        val att1 = importAttachment(fakeAttachment("/folder1/foldera/file1.txt", "some data").inputStream(), "app", "file1.jar")
+        val att2 = importAttachment(fakeAttachment("\\folder1\\folderb\\file2.txt", "some other data").inputStream(), "app", "file2.jar")
 
         val data1a = readAttachment(storage.openAttachment(att1)!!, "/folder1/foldera/file1.txt")
         assertArrayEquals("some data".toByteArray(), data1a)
@@ -132,4 +133,8 @@ class AttachmentsClassLoaderTests {
         val data2b = readAttachment(storage.openAttachment(att2)!!, "/folder1/folderb/file2.txt")
         assertArrayEquals("some other data".toByteArray(), data2b)
     }
+    
+    private fun importAttachment(jar: InputStream, uploader: String, filename: String?): AttachmentId {
+        return jar.use { storage.importAttachment(jar, uploader, filename) }
+    }
 }
diff --git a/core/src/test/kotlin/net/corda/core/transactions/LedgerTransactionQueryTests.kt b/core/src/test/kotlin/net/corda/core/transactions/LedgerTransactionQueryTests.kt
index 5becd099f4..d9bf2ae115 100644
--- a/core/src/test/kotlin/net/corda/core/transactions/LedgerTransactionQueryTests.kt
+++ b/core/src/test/kotlin/net/corda/core/transactions/LedgerTransactionQueryTests.kt
@@ -1,6 +1,7 @@
 package net.corda.core.transactions
 
 import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.mock
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.contracts.*
 import net.corda.core.crypto.generateKeyPair
@@ -34,7 +35,7 @@ class LedgerTransactionQueryTests {
     private val services = MockServices(
             listOf("net.corda.testing.contracts"),
             TestIdentity(CordaX500Name("MegaCorp", "London", "GB"), keyPair),
-            rigorousMock<IdentityServiceInternal>().also {
+            mock<IdentityServiceInternal>().also {
                 doReturn(null).whenever(it).partyFromKey(keyPair.public)
             },
             testNetworkParameters(notaries = listOf(NotaryInfo(DUMMY_NOTARY, true))),
diff --git a/core/src/test/kotlin/net/corda/core/transactions/ReferenceInputStateTests.kt b/core/src/test/kotlin/net/corda/core/transactions/ReferenceInputStateTests.kt
index 71f5c4d862..d93cacdb66 100644
--- a/core/src/test/kotlin/net/corda/core/transactions/ReferenceInputStateTests.kt
+++ b/core/src/test/kotlin/net/corda/core/transactions/ReferenceInputStateTests.kt
@@ -1,6 +1,7 @@
 package net.corda.core.transactions
 
 import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.mock
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.contracts.*
 import net.corda.core.contracts.Requirements.using
@@ -48,7 +49,7 @@ class ReferenceStateTests {
     private val ledgerServices = MockServices(
             cordappPackages = listOf("net.corda.core.transactions", "net.corda.finance.contracts.asset"),
             initialIdentity = ALICE,
-            identityService = rigorousMock<IdentityServiceInternal>().also {
+            identityService = mock<IdentityServiceInternal>().also {
                 doReturn(ALICE_PARTY).whenever(it).partyFromKey(ALICE_PUBKEY)
                 doReturn(BOB_PARTY).whenever(it).partyFromKey(BOB_PUBKEY)
             },
diff --git a/core/src/test/kotlin/net/corda/core/transactions/TransactionBuilderTest.kt b/core/src/test/kotlin/net/corda/core/transactions/TransactionBuilderTest.kt
index 22609823ae..7b192551f1 100644
--- a/core/src/test/kotlin/net/corda/core/transactions/TransactionBuilderTest.kt
+++ b/core/src/test/kotlin/net/corda/core/transactions/TransactionBuilderTest.kt
@@ -1,6 +1,7 @@
 package net.corda.core.transactions
 
 import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.mock
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.contracts.*
 import net.corda.core.cordapp.CordappProvider
@@ -9,12 +10,11 @@ import net.corda.core.crypto.SecureHash
 import net.corda.core.identity.Party
 import net.corda.core.internal.AbstractAttachment
 import net.corda.core.internal.PLATFORM_VERSION
-import net.corda.core.internal.RPC_UPLOADER
 import net.corda.core.internal.cordapp.CordappImpl.Companion.DEFAULT_CORDAPP_VERSION
 import net.corda.core.node.ServicesForResolution
 import net.corda.core.node.ZoneVersionTooLowException
 import net.corda.core.node.services.AttachmentStorage
-import net.corda.core.node.services.NetworkParametersStorage
+import net.corda.core.node.services.NetworkParametersService
 import net.corda.core.serialization.serialize
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.contracts.DummyContract
@@ -39,14 +39,14 @@ class TransactionBuilderTest {
     private val services = rigorousMock<ServicesForResolution>()
     private val contractAttachmentId = SecureHash.randomSHA256()
     private val attachments = rigorousMock<AttachmentStorage>()
-    private val networkParametersStorage = rigorousMock<NetworkParametersStorage>()
+    private val networkParametersService = mock<NetworkParametersService>()
 
     @Before
     fun setup() {
         val cordappProvider = rigorousMock<CordappProvider>()
         val networkParameters = testNetworkParameters(minimumPlatformVersion = PLATFORM_VERSION)
-        doReturn(networkParametersStorage).whenever(services).networkParametersStorage
-        doReturn(networkParameters.serialize().hash).whenever(networkParametersStorage).currentHash
+        doReturn(networkParametersService).whenever(services).networkParametersService
+        doReturn(networkParameters.serialize().hash).whenever(networkParametersService).currentHash
         doReturn(cordappProvider).whenever(services).cordappProvider
         doReturn(contractAttachmentId).whenever(cordappProvider).getContractAttachmentID(DummyContract.PROGRAM_ID)
         doReturn(networkParameters).whenever(services).networkParameters
@@ -77,7 +77,7 @@ class TransactionBuilderTest {
         val wtx = builder.toWireTransaction(services)
         assertThat(wtx.outputs).containsOnly(outputState)
         assertThat(wtx.commands).containsOnly(Command(DummyCommandData, notary.owningKey))
-        assertThat(wtx.networkParametersHash).isEqualTo(networkParametersStorage.currentHash)
+        assertThat(wtx.networkParametersHash).isEqualTo(networkParametersService.currentHash)
     }
 
     @Test
@@ -109,6 +109,7 @@ class TransactionBuilderTest {
                 .hasMessageContaining("Reference states")
 
         doReturn(testNetworkParameters(minimumPlatformVersion = 4)).whenever(services).networkParameters
+        doReturn(referenceState).whenever(services).loadState(referenceStateRef)
         val wtx = builder.toWireTransaction(services)
         assertThat(wtx.references).containsOnly(referenceStateRef)
     }
diff --git a/core/src/test/kotlin/net/corda/core/transactions/TransactionEncumbranceTests.kt b/core/src/test/kotlin/net/corda/core/transactions/TransactionEncumbranceTests.kt
index 599ad8c825..c03ece6397 100644
--- a/core/src/test/kotlin/net/corda/core/transactions/TransactionEncumbranceTests.kt
+++ b/core/src/test/kotlin/net/corda/core/transactions/TransactionEncumbranceTests.kt
@@ -1,6 +1,7 @@
 package net.corda.core.transactions
 
 import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.mock
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.contracts.*
 import net.corda.core.identity.AbstractParty
@@ -17,7 +18,7 @@ import net.corda.testing.core.TestIdentity
 import net.corda.testing.internal.rigorousMock
 import net.corda.testing.node.MockServices
 import net.corda.testing.node.ledger
-import org.assertj.core.api.AssertionsForClassTypes
+import org.assertj.core.api.AssertionsForClassTypes.assertThatExceptionOfType
 import org.junit.Rule
 import org.junit.Test
 import java.time.Instant
@@ -56,7 +57,7 @@ class TransactionEncumbranceTests {
         val ledgerServices = MockServices(
                 listOf("net.corda.core.transactions", "net.corda.finance.contracts.asset"),
                 MEGA_CORP.name,
-                rigorousMock<IdentityServiceInternal>().also {
+                mock<IdentityServiceInternal>().also {
                     doReturn(MEGA_CORP).whenever(it).partyFromKey(MEGA_CORP_PUBKEY)
                 },
                 testNetworkParameters(notaries = listOf(NotaryInfo(DUMMY_NOTARY, true)))
@@ -330,12 +331,13 @@ class TransactionEncumbranceTests {
                     .addOutputState(stateWithNewOwner, Cash.PROGRAM_ID, DUMMY_NOTARY2, 0, AutomaticHashConstraint)
                     .addCommand(Cash.Commands.Issue(), MEGA_CORP.owningKey)
                     .toLedgerTransaction(ledgerServices)
+                    .verify()
         }
 
         // More complex encumbrance (full cycle of size 4) where one of the encumbered states is assigned to a different notary.
         // 0 -> 1, 1 -> 3, 3 -> 2, 2 -> 0
         // We expect that state at index 3 cannot be encumbered with the state at index 2, due to mismatched notaries.
-        AssertionsForClassTypes.assertThatExceptionOfType(TransactionVerificationException.TransactionNotaryMismatchEncumbranceException::class.java)
+        assertThatExceptionOfType(TransactionVerificationException.TransactionNotaryMismatchEncumbranceException::class.java)
                 .isThrownBy {
                     TransactionBuilder()
                             .addOutputState(stateWithNewOwner, Cash.PROGRAM_ID, DUMMY_NOTARY, 1, AutomaticHashConstraint)
@@ -344,13 +346,15 @@ class TransactionEncumbranceTests {
                             .addOutputState(stateWithNewOwner, Cash.PROGRAM_ID, DUMMY_NOTARY, 2, AutomaticHashConstraint)
                             .addCommand(Cash.Commands.Issue(), MEGA_CORP.owningKey)
                             .toLedgerTransaction(ledgerServices)
+                            .verify()
                 }
-                .withMessageContaining("index 3 is assigned to notary [O=Notary Service, L=Zurich, C=CH], while its encumbrance with index 2 is assigned to notary [O=Notary Service2, L=Zurich, C=CH]")
+                .withMessageContaining("index 3 is assigned to notary [O=Notary Service, L=Zurich, C=CH], while its encumbrance with " +
+                        "index 2 is assigned to notary [O=Notary Service2, L=Zurich, C=CH]")
 
         // Two different encumbrance chains, where only one fails due to mismatched notary.
         // 0 -> 1, 1 -> 0, 2 -> 3, 3 -> 2 where encumbered states with indices 2 and 3, respectively, are assigned
         // to different notaries.
-        AssertionsForClassTypes.assertThatExceptionOfType(TransactionVerificationException.TransactionNotaryMismatchEncumbranceException::class.java)
+        assertThatExceptionOfType(TransactionVerificationException.TransactionNotaryMismatchEncumbranceException::class.java)
                 .isThrownBy {
                     TransactionBuilder()
                             .addOutputState(stateWithNewOwner, Cash.PROGRAM_ID, DUMMY_NOTARY, 1, AutomaticHashConstraint)
@@ -359,7 +363,9 @@ class TransactionEncumbranceTests {
                             .addOutputState(stateWithNewOwner, Cash.PROGRAM_ID, DUMMY_NOTARY2, 2, AutomaticHashConstraint)
                             .addCommand(Cash.Commands.Issue(), MEGA_CORP.owningKey)
                             .toLedgerTransaction(ledgerServices)
+                            .verify()
                 }
-                .withMessageContaining("index 2 is assigned to notary [O=Notary Service, L=Zurich, C=CH], while its encumbrance with index 3 is assigned to notary [O=Notary Service2, L=Zurich, C=CH]")
+                .withMessageContaining("index 2 is assigned to notary [O=Notary Service, L=Zurich, C=CH], while its encumbrance with " +
+                        "index 3 is assigned to notary [O=Notary Service2, L=Zurich, C=CH]")
     }
 }
diff --git a/core/src/test/kotlin/net/corda/core/transactions/TransactionTests.kt b/core/src/test/kotlin/net/corda/core/transactions/TransactionTests.kt
index 5d25980704..591f456737 100644
--- a/core/src/test/kotlin/net/corda/core/transactions/TransactionTests.kt
+++ b/core/src/test/kotlin/net/corda/core/transactions/TransactionTests.kt
@@ -170,6 +170,7 @@ class TransactionTests {
         val id = SecureHash.randomSHA256()
         val timeWindow: TimeWindow? = null
         val privacySalt = PrivacySalt()
+
         fun buildTransaction() = LedgerTransaction.create(
                 inputs,
                 outputs,
@@ -184,7 +185,7 @@ class TransactionTests {
                 inputStatesContractClassNameToMaxVersion = emptyMap()
         )
 
-        assertFailsWith<TransactionVerificationException.NotaryChangeInWrongTransactionType> { buildTransaction() }
+        assertFailsWith<TransactionVerificationException.NotaryChangeInWrongTransactionType> { buildTransaction().verify() }
     }
 
     @Test
diff --git a/core/src/test/kotlin/net/corda/nodeapi/DummyContractBackdoor.kt b/core/src/test/kotlin/net/corda/isolated/contracts/DummyContractBackdoor.kt
similarity index 84%
rename from core/src/test/kotlin/net/corda/nodeapi/DummyContractBackdoor.kt
rename to core/src/test/kotlin/net/corda/isolated/contracts/DummyContractBackdoor.kt
index 5d7e069c6f..98e23bc427 100644
--- a/core/src/test/kotlin/net/corda/nodeapi/DummyContractBackdoor.kt
+++ b/core/src/test/kotlin/net/corda/isolated/contracts/DummyContractBackdoor.kt
@@ -1,4 +1,4 @@
-package net.corda.nodeapi
+package net.corda.isolated.contracts
 
 import net.corda.core.contracts.ContractState
 import net.corda.core.contracts.PartyAndReference
@@ -6,7 +6,7 @@ import net.corda.core.identity.Party
 import net.corda.core.transactions.TransactionBuilder
 
 /**
- * This interface deliberately mirrors the one in the finance:isolated module.
+ * This interface deliberately mirrors the one in the isolated module.
  * We will actually link [AnotherDummyContract] against this interface rather
  * than the one inside isolated.jar, which means we won't need to use reflection
  * to execute the contract's generateInitial() method.
diff --git a/core/src/test/resources/isolated.jar b/core/src/test/resources/isolated.jar
new file mode 100644
index 0000000000..8026639a7e
Binary files /dev/null and b/core/src/test/resources/isolated.jar differ
diff --git a/core/src/test/resources/net/corda/core/transactions/finance.jar b/core/src/test/resources/net/corda/core/transactions/finance.jar
deleted file mode 100644
index 44daa3b431..0000000000
Binary files a/core/src/test/resources/net/corda/core/transactions/finance.jar and /dev/null differ
diff --git a/core/src/test/resources/net/corda/core/transactions/isolated.jar b/core/src/test/resources/net/corda/core/transactions/old-isolated.jar
similarity index 100%
rename from core/src/test/resources/net/corda/core/transactions/isolated.jar
rename to core/src/test/resources/net/corda/core/transactions/old-isolated.jar
diff --git a/djvm/src/test/kotlin/net/corda/djvm/DJVMTest.kt b/djvm/src/test/kotlin/net/corda/djvm/DJVMTest.kt
index 80bff50e9b..6d5b6d62c8 100644
--- a/djvm/src/test/kotlin/net/corda/djvm/DJVMTest.kt
+++ b/djvm/src/test/kotlin/net/corda/djvm/DJVMTest.kt
@@ -4,6 +4,7 @@ import org.assertj.core.api.Assertions.*
 import org.junit.Assert.*
 import org.junit.Test
 import sandbox.java.lang.sandbox
+import java.text.DecimalFormatSymbols
 
 class DJVMTest : TestBase() {
 
@@ -41,7 +42,8 @@ class DJVMTest : TestBase() {
             stringClass.getMethod("format", stringClass, Array<Any>::class.java)
                 .invoke(null, stringOf("%9.4f"), arrayOf(doubleOf(1234.5678))).toString()
         }
-        assertEquals("1234.5678", result)
+        val sep = DecimalFormatSymbols.getInstance().decimalSeparator
+        assertEquals("1234${sep}5678", result)
     }
 
     @Test
@@ -50,7 +52,8 @@ class DJVMTest : TestBase() {
             stringClass.getMethod("format", stringClass, Array<Any>::class.java)
                 .invoke(null, stringOf("%7.2f"), arrayOf(floatOf(1234.5678f))).toString()
         }
-        assertEquals("1234.57", result)
+        val sep = DecimalFormatSymbols.getInstance().decimalSeparator
+        assertEquals("1234${sep}57", result)
     }
 
     @Test
diff --git a/docs/source/api-contract-constraints.rst b/docs/source/api-contract-constraints.rst
index 5dc16ef8c9..1d80cd6cd6 100644
--- a/docs/source/api-contract-constraints.rst
+++ b/docs/source/api-contract-constraints.rst
@@ -230,6 +230,25 @@ The contract attachment non-downgrade rule is enforced in two locations:
 A version number is stored in the manifest information of the enclosing JAR file. This version identifier should be a whole number starting
 from 1. This information should be set using the Gradle cordapp plugin, or manually, as described in :doc:`versioning`.
 
+
+Uniqueness requirement Contract and Version for Signature Constraint
+--------------------------------------------------------------------
+
+CorDapps in Corda 4 may be signed (to use new signature constraints functionality) or unsigned, and versioned.
+The following controls are enforced for these different types of jars within the attachment store of a node:
+
+- Signed contract JARs must be uniquely versioned per contract class (or group of).
+  At runtime the node will throw a `DuplicateContractClassException`` exception if this condition is violated.
+
+- Unsigned contract JARs: there should not exist multiple instances of the same contract jar.
+  When a whitelisted JARs is imported and it doesn't contain a version number, the version will be copied from the position (counting from 1)
+  of this JAR in the whilelist. The same JAR can be present in many lists (if it contains many contracts),
+  in such case the version will be equal to the highest position of the JAR in all lists.
+  The new whitelist needs to be distributed to the node before the JAR is imported, otherwise it will receive default version.
+  At run-time the node will warn of duplicates encountered.
+  The most recent version given by insertionDate into the attachment storage will be used upon transaction building/resolution.
+
+
 Issues when using the HashAttachmentConstraint
 ----------------------------------------------
 
@@ -311,70 +330,6 @@ For example:
 For Contracts that are annotated with ``@NoConstraintPropagation``, the platform requires that the Transaction Builder specifies
 an actual constraint for the output states (the ``AutomaticPlaceholderConstraint`` can't be used) .
 
-
-Testing
--------
-
-Since all tests involving transactions now require attachments it is also required to load the correct attachments
-for tests. Unit test environments in JVM ecosystems tend to use class directories rather than JARs, and so CorDapp JARs
-typically aren't built for testing. Requiring this would add significant complexity to the build systems of Corda
-and CorDapps, so the test suite has a set of convenient functions to generate CorDapps from package names or
-to specify JAR URLs in the case that the CorDapp(s) involved in testing already exist. You can also just use
-``AlwaysAcceptAttachmentConstraint`` in your tests to disable the constraints mechanism.
-
-MockNetwork/MockNode
-********************
-
-The simplest way to ensure that a vanilla instance of a MockNode generates the correct CorDapps is to use the
-``cordappPackages`` constructor parameter (Kotlin) or the ``setCordappPackages`` method on ``MockNetworkParameters`` (Java)
-when creating the MockNetwork. This will cause the ``AbstractNode`` to use the named packages as sources for CorDapps. All files
-within those packages will be zipped into a JAR and added to the attachment store and loaded as CorDapps by the
-``CordappLoader``.
-
-An example of this usage would be:
-
-.. sourcecode:: java
-
-    class SomeTestClass {
-         MockNetwork network = null;
-
-         @Before
-         void setup() {
-             network = new MockNetwork(new MockNetworkParameters().setCordappPackages(Arrays.asList("com.domain.cordapp")))
-         }
-
-         ... // Your tests go here
-    }
-
-
-MockServices
-************
-
-If your test uses a ``MockServices`` directly you can instantiate it using a constructor that takes a list of packages
-to use as CorDapps using the ``cordappPackages`` parameter.
-
-.. sourcecode:: java
-
-    MockServices mockServices = new MockServices(Arrays.asList("com.domain.cordapp"))
-
-However - there is an easier way! If your unit tests are in the same package as the contract code itself, then you
-can use the no-args constructor of ``MockServices``. The package to be scanned for CorDapps will be the same as the
-the package of the class that constructed the object. This is a convenient default.
-
-Driver
-******
-
-The driver takes a parameter called ``extraCordappPackagesToScan`` which is a list of packages to use as CorDapps.
-
-.. sourcecode:: java
-
-   driver(new DriverParameters().setExtraCordappPackagesToScan(Arrays.asList("com.domain.cordapp"))) ...
-
-Full Nodes
-**********
-
-When testing against full nodes simply place your CorDapp into the cordapps directory of the node.
-
 Debugging
 ---------
 If an attachment constraint cannot be resolved, a ``MissingContractAttachments`` exception is thrown. There are two
diff --git a/docs/source/api-core-types.rst b/docs/source/api-core-types.rst
index 55de96a840..e8f57793bf 100644
--- a/docs/source/api-core-types.rst
+++ b/docs/source/api-core-types.rst
@@ -1,3 +1,9 @@
+.. highlight:: kotlin
+.. raw:: html
+
+   <script type="text/javascript" src="_static/jquery.js"></script>
+   <script type="text/javascript" src="_static/codesets.js"></script>
+
 API: Core types
 ===============
 
diff --git a/docs/source/api-identity.rst b/docs/source/api-identity.rst
index 6b7d57beff..7fd48a783f 100644
--- a/docs/source/api-identity.rst
+++ b/docs/source/api-identity.rst
@@ -1,3 +1,9 @@
+.. highlight:: kotlin
+.. raw:: html
+
+   <script type="text/javascript" src="_static/jquery.js"></script>
+   <script type="text/javascript" src="_static/codesets.js"></script>
+
 API: Identity
 =============
 
diff --git a/docs/source/api-persistence.rst b/docs/source/api-persistence.rst
index 222926e42b..03aa114d19 100644
--- a/docs/source/api-persistence.rst
+++ b/docs/source/api-persistence.rst
@@ -9,24 +9,26 @@ API: Persistence
 
 .. contents::
 
-Corda offers developers the option to expose all or some part of a contract state to an *Object Relational Mapping*
-(ORM) tool to be persisted in a RDBMS.  The purpose of this is to assist *vault* development by effectively indexing
-persisted contract states held in the vault for the purpose of running queries over them and to allow relational joins
-between Corda data and private data local to the organisation owning a node.
+Corda offers developers the option to expose all or some parts of a contract state to an *Object Relational Mapping*
+(ORM) tool to be persisted in a *Relational Database Management System* (RDBMS).
 
-The ORM mapping is specified using the `Java Persistence API <https://en.wikipedia.org/wiki/Java_Persistence_API>`_
-(JPA) as annotations and is converted to database table rows by the node automatically every time a state is recorded
-in the node's local vault as part of a transaction.
+The purpose of this, is to assist `vault <https://docs.corda.net/vault.html>`_
+development and allow for the persistence of state data to a custom database table. Persisted states held in the
+vault are indexed for the purposes of executing queries. This also allows for relational joins between Corda tables
+and the organization's existing data.
 
-.. note:: Presently the node includes an instance of the H2 database but any database that supports JDBC is a
-          candidate and the node will in the future support a range of database implementations via their JDBC drivers. Much
-          of the node internal state is also persisted there. You can access the internal H2 database via JDBC, please see the
-          info in ":doc:`node-administration`" for details.
+The Object Relational Mapping is specified using `Java Persistence API <https://en.wikipedia.org/wiki/Java_Persistence_API>`_
+(JPA) annotations. This mapping is persisted to the database as a table row (a single, implicitly structured data item) by the node
+automatically every time a state is recorded in the node's local vault as part of a transaction.
+
+.. note:: By default, nodes use an H2 database which is accessed using *Java Database Connectivity* JDBC. Any database
+          with a JDBC driver is a candidate and several integrations have been contributed to by the community.
+          Please see the info in ":doc:`node-database`" for details.
 
 Schemas
 -------
-Every ``ContractState`` can implement the ``QueryableState`` interface if it wishes to be inserted into the node's local
-database and accessible using SQL.
+Every ``ContractState`` may implement the ``QueryableState`` interface if it wishes to be inserted into a custom table in the node's
+database and made accessible using SQL.
 
 .. literalinclude:: ../../core/src/main/kotlin/net/corda/core/schemas/PersistentTypes.kt
     :language: kotlin
@@ -34,12 +36,12 @@ database and accessible using SQL.
     :end-before: DOCEND QueryableState
 
 The ``QueryableState`` interface requires the state to enumerate the different relational schemas it supports, for
-instance in cases where the schema has evolved, with each one being represented by a ``MappedSchema`` object return
-by the ``supportedSchemas()`` method.  Once a schema is selected it must generate that representation when requested
-via the ``generateMappedObject()`` method which is then passed to the ORM.
+instance in situations where the schema has evolved. Each relational schema is represented as a ``MappedSchema``
+object returned by the state's ``supportedSchemas`` method.
 
-Nodes have an internal ``SchemaService`` which decides what to persist and what not by selecting the ``MappedSchema``
-to use.
+Nodes have an internal ``SchemaService`` which decides what data to persist by selecting the ``MappedSchema`` to use.
+Once a ``MappedSchema`` is selected, the ``SchemaService`` will delegate to the ``QueryableState`` to generate a corresponding
+representation (mapped object) via the ``generateMappedObject`` method, the output of which is then passed to the *ORM*.
 
 .. literalinclude:: ../../node/src/main/kotlin/net/corda/node/services/api/SchemaService.kt
     :language: kotlin
@@ -51,13 +53,10 @@ to use.
     :start-after: DOCSTART MappedSchema
     :end-before: DOCEND MappedSchema
 
-The ``SchemaService`` can be configured by a node administrator to select the schemas used by each app. In this way the
-relational view of ledger states can evolve in a controlled fashion in lock-step with internal systems or other
-integration points and not necessarily with every upgrade to the contract code. It can select from the
-``MappedSchema`` offered by a ``QueryableState``, automatically upgrade to a later version of a schema or even
-provide a ``MappedSchema`` not originally offered by the ``QueryableState``.
+With this framework, the relational view of ledger states can evolve in a controlled fashion in lock-step with internal systems or other
+integration points and is not dependant on changes to the contract code.
 
-It is expected that multiple different contract state implementations might provide mappings within a single schema.
+It is expected that multiple contract state implementations might provide mappings within a single schema.
 For example an Interest Rate Swap contract and an Equity OTC Option contract might both provide a mapping to
 a Derivative contract within the same schema. The schemas should typically not be part of the contract itself and should exist independently
 to encourage re-use of a common set within a particular business area or Cordapp.
@@ -71,19 +70,19 @@ class name of a *schema family* class that is constant across versions, allowing
 preferred version of a schema.
 
 The ``SchemaService`` is also responsible for the ``SchemaOptions`` that can be configured for a particular
-``MappedSchema`` which allow the configuration of a database schema or table name prefixes to avoid any clash with
+``MappedSchema``. These allow the configuration of database schemas or table name prefixes to avoid clashes with
 other ``MappedSchema``.
 
-.. note:: It is intended that there should be plugin support for the ``SchemaService`` to offer the version upgrading
-   and additional schemas as part of Cordapps, and that the active schemas be configurable.  However the present
-   implementation offers none of this and simply results in all versions of all schemas supported by a
-   ``QueryableState`` being persisted. This will change in due course. Similarly, it does not currently support
+.. note:: It is intended that there should be plugin support for the ``SchemaService`` to offer version upgrading, implementation
+   of additional schemas, and enable active schemas as being configurable.  The present implementation does not include these features
+   and simply results in all versions of all schemas supported by a ``QueryableState`` being persisted.
+   This will change in due course. Similarly, the service does not currently support
    configuring ``SchemaOptions`` but will do so in the future.
 
 Custom schema registration
 --------------------------
-Custom contract schemas are automatically registered at startup time for CorDapps. The node bootstrap process will scan
-for schemas (any class that extends the ``MappedSchema`` interface) in the `plugins` configuration directory in your CorDapp jar.
+Custom contract schemas are automatically registered at startup time for CorDapps. The node bootstrap process will scan for states that implement
+the Queryable state interface. Tables are then created as specified by the ``MappedSchema``s identified by each states ``supportedSchemas`` method.
 
 For testing purposes it is necessary to manually register the packages containing custom schemas as follows:
 
@@ -94,16 +93,16 @@ For testing purposes it is necessary to manually register the packages containin
 
 Object relational mapping
 -------------------------
-The persisted representation of a ``QueryableState`` should be an instance of a ``PersistentState`` subclass,
-constructed either by the state itself or a plugin to the ``SchemaService``.  This allows the ORM layer to always
+To facilitate the ORM, the persisted representation of a ``QueryableState`` should be an instance of a ``PersistentState`` subclass,
+constructed either by the state itself or a plugin to the ``SchemaService``. This allows the ORM layer to always
 associate a ``StateRef`` with a persisted representation of a ``ContractState`` and allows joining with the set of
 unconsumed states in the vault.
 
 The ``PersistentState`` subclass should be marked up as a JPA 2.1 *Entity* with a defined table name and having
 properties (in Kotlin, getters/setters in Java) annotated to map to the appropriate columns and SQL types. Additional
-entities can be included to model these properties where they are more complex, for example collections, so the mapping
-does not have to be *flat*. The ``MappedSchema`` must provide a list of all of the JPA entity classes for that schema
-in order to initialise the ORM layer.
+entities can be included to model these properties where they are more complex, for example collections (:ref:`Persisting Hierarchical Data<persisting-hierarchical-data>`), so
+the mapping does not have to be *flat*. The ``MappedSchema`` constructor accepts a list of all JPA entity classes for that schema in
+the ``MappedTypes`` parameter. It must provide this list in order to initialise the ORM layer.
 
 Several examples of entities and mappings are provided in the codebase, including ``Cash.State`` and
 ``CommercialPaper.State``. For example, here's the first version of the cash schema.
@@ -116,6 +115,218 @@ Several examples of entities and mappings are provided in the codebase, includin
           Ensure that table and column names are compatible with the naming convention of the database vendors for which the Cordapp will be deployed,
           e.g. for Oracle database, prior to version 12.2 the maximum length of table/column name is 30 bytes (the exact number of characters depends on the database encoding).
 
+Persisting Hierarchical Data
+----------------------------
+
+You may wish to persist hierarchical relationships within states using multiple database tables
+
+You may wish to persist hierarchical relationships within state data using multiple database tables. In order to facillitate this, multiple ``PersistentState``
+subclasses may be implemented. The relationship between these classes is defined using JPA annotations. It is important to note that the ``MappedSchema``
+constructor requires a list of *all* of these subclasses.
+
+An example Schema implementing hierarchical relationships with JPA annotations has been implemented below. This Schema will cause ``parent_data`` and ``child_data` tables to be
+created.
+
+.. container:: codeset
+
+    .. sourcecode:: java
+
+        @CordaSerializable
+        public class SchemaV1 extends MappedSchema {
+
+            /**
+             * This class must extend the MappedSchema class. Its name is based on the SchemaFamily name and the associated version number abbreviation (V1, V2... Vn).
+             * In the constructor, use the super keyword to call the constructor of MappedSchema with the following arguments: a class literal representing the schema family,
+             * a version number and a collection of mappedTypes (class literals) which represent JPA entity classes that the ORM layer needs to be configured with for this schema.
+             */
+
+            public SchemaV1() {
+                super(Schema.class, 1, ImmutableList.of(PersistentParentToken.class, PersistentChildToken.class));
+            }
+
+            /**
+             * The @entity annotation signifies that the specified POJO class' non-transient fields should be persisted to a relational database using the services
+             * of an entity manager. The @table annotation specifies properties of the table that will be created to contain the persisted data, in this case we have
+             * specified a name argument which will be used the table's title.
+             */
+
+            @Entity
+            @Table(name = "parent_data")
+            public static class PersistentParentToken extends PersistentState {
+
+                /**
+                 * The @Column annotations specify the columns that will comprise the inserted table and specify the shape of the fields and associated
+                 * data types of each database entry.
+                 */
+
+                @Column(name = "owner") private final String owner;
+                @Column(name = "issuer") private final String issuer;
+                @Column(name = "amount") private final int amount;
+                @Column(name = "linear_id") public final UUID linearId;
+
+                /**
+                 * The @OneToMany annotation specifies a one-to-many relationship between this class and a collection included as a field.
+                 * The @JoinColumn and @JoinColumns annotations specify on which columns these tables will be joined on.
+                 */
+
+                @OneToMany(cascade = CascadeType.PERSIST)
+                @JoinColumns({
+                        @JoinColumn(name = "output_index", referencedColumnName = "output_index"),
+                        @JoinColumn(name = "transaction_id", referencedColumnName = "transaction_id"),
+                })
+                private final List<PersistentChildToken> listOfPersistentChildTokens;
+
+                public PersistentParentToken(String owner, String issuer, int amount, UUID linearId, List<PersistentChildToken> listOfPersistentChildTokens) {
+                    this.owner = owner;
+                    this.issuer = issuer;
+                    this.amount = amount;
+                    this.linearId = linearId;
+                    this.listOfPersistentChildTokens = listOfPersistentChildTokens;
+                }
+
+                // Default constructor required by hibernate.
+                public PersistentParentToken() {
+                    this.owner = "";
+                    this.issuer = "";
+                    this.amount = 0;
+                    this.linearId = UUID.randomUUID();
+                    this.listOfPersistentChildTokens = null;
+                }
+
+                public String getOwner() {
+                    return owner;
+                }
+
+                public String getIssuer() {
+                    return issuer;
+                }
+
+                public int getAmount() {
+                    return amount;
+                }
+
+                public UUID getLinearId() {
+                    return linearId;
+                }
+
+                public List<PersistentChildToken> getChildTokens() { return listOfPersistentChildTokens; }
+            }
+
+            @Entity
+            @CordaSerializable
+            @Table(name = "child_data")
+            public static class PersistentChildToken {
+                // The @Id annotation marks this field as the primary key of the persisted entity.
+                @Id
+                private final UUID Id;
+                @Column(name = "owner")
+                private final String owner;
+                @Column(name = "issuer")
+                private final String issuer;
+                @Column(name = "amount")
+                private final int amount;
+
+                /**
+                 * The @ManyToOne annotation specifies that this class will be present as a member of a collection on a parent class and that it should
+                 * be persisted with the joining columns specified in the parent class. It is important to note the targetEntity parameter which should correspond
+                 * to a class literal of the parent class.
+                 */
+
+                @ManyToOne(targetEntity = PersistentParentToken.class)
+                private final TokenState persistentParentToken;
+
+
+                public PersistentChildToken(String owner, String issuer, int amount) {
+                    this.Id = UUID.randomUUID();
+                    this.owner = owner;
+                    this.issuer = issuer;
+                    this.amount = amount;
+                    this.persistentParentToken = null;
+                }
+
+                // Default constructor required by hibernate.
+                public PersistentChildToken() {
+                    this.Id = UUID.randomUUID();
+                    this.owner = "";
+                    this.issuer = "";
+                    this.amount = 0;
+                    this.persistentParentToken = null;
+                }
+
+                public UUID getId() {
+                    return Id;
+                }
+
+                public String getOwner() {
+                    return owner;
+                }
+
+                public String getIssuer() {
+                    return issuer;
+                }
+
+                public int getAmount() {
+                    return amount;
+                }
+
+                public TokenState getPersistentToken() {
+                    return persistentToken;
+                }
+
+            }
+
+        }
+
+    .. sourcecode:: kotlin
+
+        @CordaSerializable
+        object SchemaV1 : MappedSchema(schemaFamily = Schema::class.java, version = 1, mappedTypes = listOf(PersistentParentToken::class.java, PersistentChildToken::class.java)) {
+
+            @Entity
+            @Table(name = "parent_data")
+            class PersistentParentToken(
+                    @Column(name = "owner")
+                    var owner: String,
+
+                    @Column(name = "issuer")
+                    var issuer: String,
+
+                    @Column(name = "amount")
+                    var currency: Int,
+
+                    @Column(name = "linear_id")
+                    var linear_id: UUID,
+
+                     @JoinColumns(JoinColumn(name = "transaction_id", referencedColumnName = "transaction_id"), JoinColumn(name = "output_index", referencedColumnName = "output_index"))
+
+                    var listOfPersistentChildTokens: MutableList<PersistentChildToken>
+            ) : PersistentState()
+
+            @Entity
+            @CordaSerializable
+            @Table(name = "child_data")
+            class PersistentChildToken(
+                    @Id
+                    var Id: UUID = UUID.randomUUID(),
+
+                    @Column(name = "owner")
+                    var owner: String,
+
+                    @Column(name = "issuer")
+                    var issuer: String,
+
+                    @Column(name = "amount")
+                    var currency: Int,
+
+                    @Column(name = "linear_id")
+                    var linear_id: UUID,
+
+                    @ManyToOne(targetEntity = PersistentParentToken::class)
+                    var persistentParentToken: TokenState
+
+            ) : PersistentState()
+
+
 Identity mapping
 ----------------
 Schema entity attributes defined by identity types (``AbstractParty``, ``Party``, ``AnonymousParty``) are automatically
@@ -161,8 +372,8 @@ In addition to ``jdbcSession``, ``ServiceHub`` also exposes the Java Persistence
 method. This method can be used to persist and query entities which inherit from ``MappedSchema``. This is particularly
 useful if off-ledger data must be maintained in conjunction with on-ledger state data.
 
-    .. note:: Your entity must be included as a mappedType in as part of a MappedSchema for it to be added to Hibernate
-              as a custom schema. See Samples below.
+    .. note:: Your entity must be included as a mappedType as part of a ``MappedSchema`` for it to be added to Hibernate
+              as a custom schema. If it's not included as a mappedType, a corresponding table will not be created. See Samples below.
 
 The code snippet below defines a ``PersistentFoo`` type inside ``FooSchemaV1``. Note that ``PersistentFoo`` is added to
 a list of mapped types which is passed to ``MappedSchema``. This is exactly how state schemas are defined, except that
@@ -201,7 +412,7 @@ the entity in this case should not subclass ``PersistentState`` (as it is not a
             class PersistentFoo(@Id @Column(name = "foo_id") var fooId: String, @Column(name = "foo_data") var fooData: String) : Serializable
         }
 
-Instances of ``PersistentFoo`` can be persisted inside a flow as follows:
+Instances of ``PersistentFoo`` can be manually persisted inside a flow as follows:
 
 .. container:: codeset
 
diff --git a/docs/source/api-states.rst b/docs/source/api-states.rst
index 1cca74f2f2..cc9b4135db 100644
--- a/docs/source/api-states.rst
+++ b/docs/source/api-states.rst
@@ -1,3 +1,9 @@
+.. highlight:: kotlin
+.. raw:: html
+
+   <script type="text/javascript" src="_static/jquery.js"></script>
+   <script type="text/javascript" src="_static/codesets.js"></script>
+
 API: States
 ===========
 
diff --git a/docs/source/api-testing.rst b/docs/source/api-testing.rst
index f72fb2750f..ae261a0e08 100644
--- a/docs/source/api-testing.rst
+++ b/docs/source/api-testing.rst
@@ -22,108 +22,20 @@ A ``MockNetwork`` is created as follows:
 
 .. container:: codeset
 
-   .. sourcecode:: kotlin
+    .. literalinclude:: ../../docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/MockNetworkTestsTutorial.kt
+        :language: kotlin
+        :start-after: DOCSTART 1
+        :end-before: DOCEND 1
 
-        class FlowTests {
-            private lateinit var mockNet: MockNetwork
+    .. literalinclude:: ../../docs/source/example-code/src/main/java/net/corda/docs/java/MockNetworkTestsTutorial.java
+        :language: java
+        :start-after: DOCSTART 1
+        :end-before: DOCEND 1
 
-            @Before
-            fun setup() {
-                network = MockNetwork(listOf("my.cordapp.package", "my.other.cordapp.package"))
-            }
-        }
+The ``MockNetwork`` requires at a minimum a list of CorDapps to be installed on each ``StartedMockNode``. The CorDapps are looked up on the
+classpath by package name, using ``TestCordapp.findCordapp``.
 
-
-   .. sourcecode:: java
-
-        public class IOUFlowTests {
-            private MockNetwork network;
-
-            @Before
-            public void setup() {
-                network = new MockNetwork(ImmutableList.of("my.cordapp.package", "my.other.cordapp.package"));
-            }
-        }
-
-The ``MockNetwork`` requires at a minimum a list of packages. Each package is packaged into a CorDapp JAR and installed
-as a CorDapp on each ``StartedMockNode``.
-
-Configuring the ``MockNetwork``
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The ``MockNetwork`` is configured automatically. You can tweak its configuration using a ``MockNetworkParameters``
-object, or by using named parameters in Kotlin:
-
-.. container:: codeset
-
-   .. sourcecode:: kotlin
-
-        val network = MockNetwork(
-                // A list of packages to scan. Any contracts, flows and Corda services within these
-                // packages will be automatically available to any nodes within the mock network
-                cordappPackages = listOf("my.cordapp.package", "my.other.cordapp.package"),
-                // If true then each node will be run in its own thread. This can result in race conditions in your
-                // code if not carefully written, but is more realistic and may help if you have flows in your app that
-                // do long blocking operations.
-                threadPerNode = false,
-                // The notaries to use on the mock network. By default you get one mock notary and that is usually
-                // sufficient.
-                notarySpecs = listOf(MockNetworkNotarySpec(DUMMY_NOTARY_NAME)),
-                // If true then messages will not be routed from sender to receiver until you use the
-                // [MockNetwork.runNetwork] method. This is useful for writing single-threaded unit test code that can
-                // examine the state of the mock network before and after a message is sent, without races and without
-                // the receiving node immediately sending a response.
-                networkSendManuallyPumped = false,
-                // How traffic is allocated in the case where multiple nodes share a single identity, which happens for
-                // notaries in a cluster. You don't normally ever need to change this: it is mostly useful for testing
-                // notary implementations.
-                servicePeerAllocationStrategy = InMemoryMessagingNetwork.ServicePeerAllocationStrategy.Random())
-
-        val network2 = MockNetwork(
-                // A list of packages to scan. Any contracts, flows and Corda services within these
-                // packages will be automatically available to any nodes within the mock network
-                listOf("my.cordapp.package", "my.other.cordapp.package"), MockNetworkParameters(
-                // If true then each node will be run in its own thread. This can result in race conditions in your
-                // code if not carefully written, but is more realistic and may help if you have flows in your app that
-                // do long blocking operations.
-                threadPerNode = false,
-                // The notaries to use on the mock network. By default you get one mock notary and that is usually
-                // sufficient.
-                notarySpecs = listOf(MockNetworkNotarySpec(DUMMY_NOTARY_NAME)),
-                // If true then messages will not be routed from sender to receiver until you use the
-                // [MockNetwork.runNetwork] method. This is useful for writing single-threaded unit test code that can
-                // examine the state of the mock network before and after a message is sent, without races and without
-                // the receiving node immediately sending a response.
-                networkSendManuallyPumped = false,
-                // How traffic is allocated in the case where multiple nodes share a single identity, which happens for
-                // notaries in a cluster. You don't normally ever need to change this: it is mostly useful for testing
-                // notary implementations.
-                servicePeerAllocationStrategy = InMemoryMessagingNetwork.ServicePeerAllocationStrategy.Random())
-        )
-
-   .. sourcecode:: java
-
-        MockNetwork network = MockNetwork(
-                // A list of packages to scan. Any contracts, flows and Corda services within these
-                // packages will be automatically available to any nodes within the mock network
-                ImmutableList.of("my.cordapp.package", "my.other.cordapp.package"),
-                new MockNetworkParameters()
-                        // If true then each node will be run in its own thread. This can result in race conditions in
-                        // your code if not carefully written, but is more realistic and may help if you have flows in
-                        // your app that do long blocking operations.
-                        .setThreadPerNode(false)
-                        // The notaries to use on the mock network. By default you get one mock notary and that is
-                        // usually sufficient.
-                        .setNotarySpecs(ImmutableList.of(new MockNetworkNotarySpec(DUMMY_NOTARY_NAME)))
-                        // If true then messages will not be routed from sender to receiver until you use the
-                        // [MockNetwork.runNetwork] method. This is useful for writing single-threaded unit test code
-                        // that can examine the state of the mock network before and after a message is sent, without
-                        // races and without the receiving node immediately sending a response.
-                        .setNetworkSendManuallyPumped(false)
-                        // How traffic is allocated in the case where multiple nodes share a single identity, which
-                        // happens for notaries in a cluster. You don't normally ever need to change this: it is mostly
-                        // useful for testing notary implementations.
-                        .setServicePeerAllocationStrategy(new InMemoryMessagingNetwork.ServicePeerAllocationStrategy.Random()));
+``MockNetworkParameters`` provides other properties for the network which can be tweaked. They default to sensible values if not specified.
 
 Adding nodes to the network
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -132,73 +44,21 @@ Nodes are created on the ``MockNetwork`` using:
 
 .. container:: codeset
 
-   .. sourcecode:: kotlin
+    .. literalinclude:: ../../docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/MockNetworkTestsTutorial.kt
+        :language: kotlin
+        :start-after: DOCSTART 2
+        :end-before: DOCEND 2
 
-        class FlowTests {
-            private lateinit var mockNet: MockNetwork
-            lateinit var nodeA: StartedMockNode
-            lateinit var nodeB: StartedMockNode
+    .. literalinclude:: ../../docs/source/example-code/src/main/java/net/corda/docs/java/MockNetworkTestsTutorial.java
+        :language: java
+        :start-after: DOCSTART 2
+        :end-before: DOCEND 2
 
-            @Before
-            fun setup() {
-                network = MockNetwork(listOf("my.cordapp.package", "my.other.cordapp.package"))
-                nodeA = network.createPartyNode()
-                // We can optionally give the node a name.
-                nodeB = network.createPartyNode(CordaX500Name("Bank B", "London", "GB"))
-            }
-        }
-
-
-   .. sourcecode:: java
-
-        public class IOUFlowTests {
-            private MockNetwork network;
-            private StartedMockNode a;
-            private StartedMockNode b;
-
-            @Before
-            public void setup() {
-                network = new MockNetwork(ImmutableList.of("my.cordapp.package", "my.other.cordapp.package"));
-                nodeA = network.createPartyNode(null);
-                // We can optionally give the node a name.
-                nodeB = network.createPartyNode(new CordaX500Name("Bank B", "London", "GB"));
-            }
-        }
-
-Nodes added using ``createPartyNode`` are provided a default set of node parameters. However, it is also possible to
-provide different parameters to each node using the following methods on ``MockNetwork``:
-
-.. container:: codeset
-
-    .. sourcecode:: kotlin
-
-        /**
-         * Create a started node with the given parameters.
-         *
-         * @param legalName The node's legal name.
-         * @param forcedID A unique identifier for the node.
-         * @param entropyRoot The initial entropy value to use when generating keys. Defaults to an (insecure) random value,
-         * but can be overridden to cause nodes to have stable or colliding identity/service keys.
-         * @param configOverrides Add/override the default configuration/behaviour of the node
-         * @param extraCordappPackages Extra CorDapp packages to add for this node.
-         */
-        @JvmOverloads
-        fun createNode(legalName: CordaX500Name? = null,
-                       forcedID: Int? = null,
-                       entropyRoot: BigInteger = BigInteger.valueOf(random63BitValue()),
-                       configOverrides: MockNodeConfigOverrides? = null,
-                       extraCordappPackages: List<String> = emptyList()
-        ): StartedMockNode
-
-        /** Create a started node with the given parameters. **/
-        fun createNode(parameters: MockNodeParameters = MockNodeParameters()): StartedMockNode
-
-As you can see above, parameters can be added individually or encapsulated within a ``MockNodeParameters`` object. Of
-particular interest are ``configOverrides`` which allow you to override some of the default node
-configuration options. Please refer to the ``MockNodeConfigOverrides`` class for details what can currently be overridden.
-Also, the ``extraCordappPackages`` parameter allows you to add extra CorDapps to a
-specific node. This is useful when you wish for all nodes to load a common CorDapp but for a subset of nodes to load
-CorDapps specific to their role in the network.
+Nodes added using ``createNode`` are provided a default set of node parameters. However, it is also possible to
+provide different parameters to each node using ``MockNodeParameters``. Of particular interest are ``configOverrides`` which allow you to
+override some of the default node configuration options. Please refer to the ``MockNodeConfigOverrides`` class for details what can currently
+be overridden. Also, the ``additionalCordapps`` parameter allows you to add extra CorDapps to a specific node. This is useful when you wish
+for all nodes to load a common CorDapp but for a subset of nodes to load CorDapps specific to their role in the network.
 
 Running the network
 ^^^^^^^^^^^^^^^^^^^
diff --git a/docs/source/api-transactions.rst b/docs/source/api-transactions.rst
index d3180c5c37..69927d88e3 100644
--- a/docs/source/api-transactions.rst
+++ b/docs/source/api-transactions.rst
@@ -94,25 +94,24 @@ to "walk the chain" and verify that each input was generated through a valid seq
 Reference input states
 ~~~~~~~~~~~~~~~~~~~~~~
 
-A reference input state is added to a transaction as a ``ReferencedStateAndRef``. A ``ReferencedStateAndRef`` can be
-obtained from a ``StateAndRef`` by calling the ``StateAndRef.referenced()`` method which returns a
-``ReferencedStateAndRef``.
-
 .. warning:: Reference states are only available on Corda networks with a minimum platform version >= 4.
 
+A reference input state is added to a transaction as a ``ReferencedStateAndRef``. A ``ReferencedStateAndRef`` can be
+obtained from a ``StateAndRef`` by calling the ``StateAndRef.referenced()`` method which returns a ``ReferencedStateAndRef``.
+
 .. container:: codeset
 
     .. literalinclude:: ../../docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/FlowCookbook.kt
-:language: kotlin
-            :start-after: DOCSTART 55
-            :end-before: DOCEND 55
-            :dedent: 8
+        :language: kotlin
+        :start-after: DOCSTART 55
+        :end-before: DOCEND 55
+        :dedent: 8
 
-        .. literalinclude:: ../../docs/source/example-code/src/main/java/net/corda/docs/java/FlowCookbook.java
-:language: java
-            :start-after: DOCSTART 55
-            :end-before: DOCEND 55
-            :dedent: 12
+    .. literalinclude:: ../../docs/source/example-code/src/main/java/net/corda/docs/java/FlowCookbook.java
+        :language: java
+        :start-after: DOCSTART 55
+        :end-before: DOCEND 55
+        :dedent: 12
 
 **Handling of update races:**
 
diff --git a/docs/source/api-vault-query.rst b/docs/source/api-vault-query.rst
index 7b5c63e2ff..9ac0179a97 100644
--- a/docs/source/api-vault-query.rst
+++ b/docs/source/api-vault-query.rst
@@ -64,7 +64,8 @@ filter criteria:
 - Use ``queryBy`` to obtain a current snapshot of data (for a given ``QueryCriteria``)
 - Use ``trackBy`` to obtain both a current snapshot and a future stream of updates (for a given ``QueryCriteria``)
   
-.. note:: Streaming updates are only filtered based on contract type and state status (UNCONSUMED, CONSUMED, ALL)
+.. note:: Streaming updates are only filtered based on contract type and state status (UNCONSUMED, CONSUMED, ALL).
+          They will not respect any other criteria that the initial query has been filtered by.
 
 Simple pagination (page number and size) and sorting (directional ordering using standard or custom property
 attributes) is also specifiable. Defaults are defined for paging (pageNumber = 1, pageSize = 200) and sorting
diff --git a/docs/source/app-upgrade-notes.rst b/docs/source/app-upgrade-notes.rst
index d528be6b0b..ee8d00a57b 100644
--- a/docs/source/app-upgrade-notes.rst
+++ b/docs/source/app-upgrade-notes.rst
@@ -28,7 +28,7 @@ Alter the versions you depend on in your Gradle file like so:
 .. sourcecode:: groovy
 
     ext.corda_release_version = '4.0'
-    ext.corda_gradle_plugins_version = '4.0.37'
+    ext.corda_gradle_plugins_version = '4.0.38'
     ext.kotlin_version = '1.2.71'
     ext.quasar_version = '0.7.10'
 
@@ -121,10 +121,13 @@ away to the new API, as otherwise things like business network membership checks
 
 This is a three step process:
 
-1. Change the flow that calls ``FinalityFlow``
+1. Change the flow that calls ``FinalityFlow``.
 2. Change or create the flow that will receive the finalised transaction.
 3. Make sure your application's minimum and target version numbers are both set to 4 (see step 2).
 
+Upgrading a non-initiating flow
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
 As an example, let's take a very simple flow that finalises a transaction without the involvement of a counterpart flow:
 
 .. container:: codeset
@@ -140,7 +143,7 @@ As an example, let's take a very simple flow that finalises a transaction withou
         :end-before: DOCEND SimpleFlowUsingOldApi
         :dedent: 4
 
-To use the new API, this flow needs to be annotated with ``InitiatingFlow`` and a ``FlowSession`` to the participant of the transaction must be
+To use the new API, this flow needs to be annotated with ``InitiatingFlow`` and a ``FlowSession`` to the participant(s) of the transaction must be
 passed to ``FinalityFlow`` :
 
 .. container:: codeset
@@ -175,10 +178,17 @@ to record the finalised transaction:
         :end-before: DOCEND SimpleNewResponderFlow
         :dedent: 4
 
-For flows which are already initiating counterpart flows then it's a simple matter of using the existing flow session.
+.. note:: All the nodes in your business network will need the new CorDapp, otherwise they won't know how to receive the transaction. **This
+   includes nodes which previously didn't have the old CorDapp.** If a node is sent a transaction and it doesn't have the new CorDapp loaded
+   then simply restart it with the CorDapp and the transaction will be recorded.
+
+Upgrading an initiating flow
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+For flows which are already initiating counterpart flows then it's a matter of using the existing flow session.
 Note however, the new ``FinalityFlow`` is inlined and so the sequence of sends and receives between the two flows will
 change and will be incompatible with your current flows. You can use the flow version API to write your flows in a
-backwards compatible way.
+backwards compatible manner.
 
 Here's what an upgraded initiating flow may look like:
 
@@ -212,8 +222,9 @@ finalised transaction. If the initiator is written in a backwards compatible way
         :end-before: DOCEND ExistingResponderFlow
         :dedent: 12
 
-The responder flow may be waiting for the finalised transaction to appear in the local node's vault using ``waitForLedgerCommit``.
-This is no longer necessary with ``ReceiveFinalityFlow`` and the call to ``waitForLedgerCommit`` can be removed.
+You may already be using ``waitForLedgerCommit`` in your responder flow for the finalised transaction to appear in the local node's vault.
+Now that it's calling ``ReceiveFinalityFlow``, which effectively does the same thing, this is no longer necessary. The call to
+``waitForLedgerCommit`` should be removed.
 
 Step 4. Security: Upgrade your use of SwapIdentitiesFlow
 --------------------------------------------------------
diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst
index f6e9778d3e..a0c4d876bc 100644
--- a/docs/source/changelog.rst
+++ b/docs/source/changelog.rst
@@ -52,18 +52,8 @@ Version 4.0
 
 * Fixed a problem that was preventing `Cash.generateSpend` to be used more than once per transaction (https://github.com/corda/corda/issues/4110).
 
-* ``SwapIdentitiesFlow``, from the experimental confidential-identities module, is now an inlined flow. Instead of passing in a ``Party`` with
-  whom to exchange the anonymous identity, a ``FlowSession`` to that party is required instead. The flow running on the other side must
-  also call ``SwapIdentitiesFlow``. This change was required as the previous API allowed any counterparty to generate anonoymous identities
-  with a node at will with no checks.
-
-  The result type has changed to a simple wrapper class, instead of a Map, to make extracting the identities easier. Also, the wire protocol
-  of the flow has slightly changed.
-
-  .. note:: V3 and V4 of confidential-identities are not compatible and confidential-identities V3 will not work with a V4 Corda node. CorDapps
-     in such scenarios using confidential-identities must be updated.
-
-  The ``confidential-identities`` dependency in your CorDapp must now be ``compile`` and not ``cordaCompile``.
+* The experimental confidential-identities is now a separate CorDapp and must now be loaded onto the node alongside any CorDapp that needs it.
+  This also means your gradle dependency for it should be ``cordapp`` and not ``cordaCompile``.
 
 * Fixed a bug resulting in poor vault query performance and incorrect results when sorting.
 
@@ -86,6 +76,9 @@ Version 4.0
 * Introduced new optional network bootstrapper command line options (--register-package-owner, --unregister-package-owner)
   to register/unregister a java package namespace with an associated owner in the network parameter packageOwnership whitelist.
 
+* BFT-Smart and Raft notary implementations have been move to the ``net.corda.notary.experimental`` package to emphasise
+  their experimental nature.
+
 * New "validate-configuration" sub-command to `corda.jar`, allowing to validate the actual node configuration without starting the node.
 
 * CorDapps now have the ability to specify a minimum platform version in their MANIFEST.MF to prevent old nodes from loading them.
@@ -99,39 +92,16 @@ Version 4.0
 
 * ``FinalityFlow`` is now an inlined flow and requires ``FlowSession`` s to each party intended to receive the transaction. This is to fix the
   security problem with the old API that required every node to accept any transaction it received without any checks. Existing CorDapp
-  binaries relying on this old behaviour will continue to function as previously. However, it is strongly recommended that CorDapps switch to
+  binaries relying on this old behaviour will continue to function as previously. However, it is strongly recommended CorDapps switch to
   this new API. See :doc:`app-upgrade-notes` for further details.
 
+* For similar reasons, ``SwapIdentitiesFlow``, from confidential-identities, is also now an inlined flow. The old API has been preserved but
+  it is strongly recommended CorDapps switch to this new API. See :doc:`app-upgrade-notes` for further details.
+
 * Introduced new optional network bootstrapper command line option (--minimum-platform-version) to set as a network parameter
 
-* BFT-Smart and Raft notary implementations have been extracted out of node into ``experimental`` CorDapps to emphasise
-  their experimental nature. Moreover, the BFT-Smart notary will only work in dev mode due to its use of Java serialization.
-
 * Vault storage of contract state constraints metadata and associated vault query functions to retrieve and sort by constraint type.
 
-* UPGRADE REQUIRED: changes have been made to how notary implementations are configured and loaded.
-  No upgrade steps are required for the single-node notary (both validating and non-validating variants).
-  Other notary implementations have been moved out of the Corda node into individual Cordapps, and require configuration
-  file updates.
-
-  To run a notary you will now need to include the appropriate notary CorDapp in the ``cordapps/`` directory:
-
-    * ``corda-notary-raft`` for the Raft notary.
-    * ``corda-notary-bft-smart`` for the BFT-Smart notary.
-
-  It is now required to specify the fully qualified notary service class name, ``className``, and the legal name of
-  the notary service in case of distributed notaries: ``serviceLegalName``.
-
-  Implementation-specific configuration values have been moved to the ``extraConfig`` configuration block.
-
-  Example configuration changes for the Raft notary:
-
-  .. image:: resources/notary-config-update.png
-
-  Example configuration changes for the BFT-Smart notary:
-
-  .. image:: resources/notary-config-update-bft.png
-
 * New overload for ``CordaRPCClient.start()`` method allowing to specify target legal identity to use for RPC call.
 
 * Case insensitive vault queries can be specified via a boolean on applicable SQL criteria builder operators. By default
@@ -145,7 +115,8 @@ Version 4.0
 
 * Removed experimental feature ``CordformDefinition``
 
-* Added ``registerResponderFlow`` method to ``StartedMockNode``, to support isolated testing of responder flow behaviour.
+* Added new overload of ``StartedMockNode.registerInitiatedFlow`` which allows registering custom initiating-responder flow pairs, which
+  can be useful for testing error cases.
 
 * "app", "rpc", "p2p" and "unknown" are no longer allowed as uploader values when importing attachments. These are used
   internally in security sensitive code.
@@ -340,6 +311,9 @@ Version 4.0
 * Finance CorDapp is now build as a sealed and signed JAR file.
   Custom classes can no longer be placed in the packages defined in Finance Cordapp or access it's non-public members.
 
+* Finance CorDapp was split into two separate apps: ``corda-finance-contracts`` and ``corda-finance-workflows``,
+  ``corda-finance`` is kept for backward compatibility, it is recommended to use separated jars.
+
 * The format of the shell commands' output can now be customized via the node shell, using the ``output-format`` command.
 
 * The ``node_transaction_mapping`` database table has been folded into the ``node_transactions`` database table as an additional column.
diff --git a/docs/source/clientrpc.rst b/docs/source/clientrpc.rst
index dbcee97aeb..8e511b4c7c 100644
--- a/docs/source/clientrpc.rst
+++ b/docs/source/clientrpc.rst
@@ -21,6 +21,8 @@ you.
    `CordaRPCClient`_ class. You can find an example of how to do this using the popular Spring Boot server
    `here <https://github.com/corda/spring-webserver>`_.
 
+.. _clientrpc_connect_ref:
+
 Connecting to a node via RPC
 ----------------------------
 To use `CordaRPCClient`_, you must add ``net.corda:corda-rpc:$corda_release_version`` as a ``cordaCompile`` dependency
diff --git a/docs/source/corda-api.rst b/docs/source/corda-api.rst
index 84c243173b..949fbfb95f 100644
--- a/docs/source/corda-api.rst
+++ b/docs/source/corda-api.rst
@@ -50,7 +50,7 @@ Corda incubating modules
 The following modules don't yet have a completely stable API, but we will do our best to minimise disruption to
 developers using them until we are able to graduate them into the public API:
 
-* **net.corda.confidential.identities**: experimental support for confidential identities on the ledger
+* **net.corda.confidential**: experimental support for confidential identities on the ledger
 * **net.corda.finance**: a range of elementary contracts (and associated schemas) and protocols, such as abstract fungible assets, cash, obligation and commercial paper
 * **net.corda.client.jfx**: support for Java FX UI
 * **net.corda.client.mock**: client mock utilities
diff --git a/docs/source/corda-network/governance-guidelines.md b/docs/source/corda-network/governance-guidelines.md
deleted file mode 100644
index 9c237c1ec8..0000000000
--- a/docs/source/corda-network/governance-guidelines.md
+++ /dev/null
@@ -1,545 +0,0 @@
-Corda Network Foundation : Governance Guidelines
-================================================
-
-23 October 2018 
-
-Version 0.95
-
-DRAFT for discussion
-
-This is a set of governance guidelines for the Corda Network Foundation. It provides a framework for the Foundation’s 
-Board, to steer and govern Corda Network effectively to realise its potential. It is not a set of binding legal obligations.
-
-1 Background to Corda and the Network
--------------------------------------
-
-Corda allows multiple independent applications and private networks to coexist, each with their own business models and 
-membership criteria, yet linked by the same underlying network (‘Corda Network’). This Network enables ‘interoperability’, 
-the exchange of data or assets via a secure, efficient ‘internet layer’, in a way that isn’t possible with competing 
-permissioned distributed ledger technologies or legacy systems.
-
-Corda Network operates the protocol of Corda currently, and is always expected to. The protocol is currently 
-specified in the Corda Open Source Project codebase, but later may be formalised in a protocol specification document, 
-which then will become canonical.
-
-1.1	Reason for a Corda Network Foundation
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-R3 has set up and governs by default Corda Network currently (along with Corda). This includes making key decisions 
-around establishing, maintaining and updating standards, policies, and procedures for participation in, and use of, 
-Corda Network.
-
-However, it is critically important that a commercial entity should not control Corda Network going forwards. It should 
-be governed transparently (to its Participants), with a fair and stable structure. Analysis and feedback show
-that Corda Network will be most effectively governed via a Foundation, a not-for-profit, independent entity in which 
-Network Participants elect, and can be elected to, a governing Board.
-
-A Foundation will enable Network Participants to be involved with, and also understand, how decisions are made (including 
-around issues of identity and permission), building trust and engagement from a wide range of stakeholders. This will 
-bring about the best decisions and outcomes for the Network’s long-term success.
-
-In other words, to achieve the community's objective of Corda ubiquity,  it is necessary to put in place a governance 
-structure which explicitly limits R3’s control of Corda Network, and enables this ubiquity. 
-
-2 The Corda Network Foundation
-------------------------------
-
-2.1	Mission and Values
-^^^^^^^^^^^^^^^^^^^^^^
-Following on from the Corda introduction and technical white papers, we see the mission of the Corda Network Foundation 
-to achieve the vision of Corda - whereby the state of transactions and agreements of business partners can be recorded 
-in a single global database, ending the need for costly reconciliation and error correction, while maintaining privacy. 
-Further details of the vision are laid out in the 
-[Corda Introductory White Paper](https://www.corda.net/content/corda-platform-whitepaper.pdf).
-
-Achieving this vision in its full ubiquity will involve running and maintaining a stable and secure Network with open 
-and fair governance, while also promoting the Network so as to ensure its more widespread use.
-
-Following on this, the Corda Network Foundation shall embody the following qualities in executing its mission:
-
-* Fairness and openness – Participants can join the Network and make up the Network’s governing board, elected through a 
-straightforward voting process.
-* Democracy and transparency – Key decisions and rationale are shared openly with Participants. 
-* Stability (with a long-term view) with flexibility – Board directors’ terms will last three years with a staggered 
-board, and the governance model will be flexible to adapt where required.
-* Efficiency – Staying a lean organisation, sufficient to commission and monitor an Operator to run any services, 
-physical infrastructure, or operational processes that may be needed to achieve the vision of Corda. Provide adequate 
-support, through advisory committees. 
-* Cost effectiveness - Funding received through participation fees pays for an Operator to run the Network securely, and 
-the Foundation shall not be a profit-making entity.
-* Independence – Corda Network Foundation makes its own decisions (within the law), and is not following another 
-entity’s rules.
-
-More specifically, the Foundation shall focus on the following commitments over the long-term:
-
-* Maintain the long-term standards, services and open governance model of the Network, ensuring it continues to be 
-updated to the current Corda protocol version. 
-* Hold the Trust Root for the Network, used for creation of operational certificates, independently of the Operator.
-* Commission the provision and operation of infrastructure and services for the Network, both of technical services, and 
-infrastructure needed for meetings, events and collaborative discussions, and provide structure around the business and 
-technical governance of the Network.
-* Facilitate a diverse and vibrant community of industry experts, Corda contributors, users and services, including 
-developers, service and solution providers and end users.
-* Set minimum standards for the external provision of notary and oracle services.
-* Enable the ubiquity and utility of Corda throughout all applicable industries and commercial use cases.
-* Balance the divergent interests of a wide range of stakeholders, including business network operators, Corda 
-customers, open source developers, and R3’s shareholders.
-
-2.2	Structure of the Foundation
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-The Foundation shall be a not-for-profit entity created exclusively to execute the mission set out in this Constitution. 
-With the advice of international lawyers, this is a ‘Stichting’ domiciled in Holland – a legal entity suited for 
-governance activities, able to act commercially, with limited liability but no shareholders, capital or dividends.
-
-The Foundation is defined in a set of Articles of Association and By-laws.
-
-The Foundation governance bodies shall include:
-
-1. A **Governing Board** (‘the Board’) of 11 representatives (‘Directors’) with privileges and responsibilities as set out 
-in section 3. 
-2. A **Technical Advisory Committee** (‘the TAC’), comprised of representatives of Participant organisations with 
-responsibilities set out in section 6.2.
-3. A **Governance Advisory Committee**, comprised of representatives of Participant organisations with responsibilities 
-set out in section 6.3.
-4. A **Network Operator** (‘the Operator’), charging the Foundation reasonable costs for providing network and 
-administration services, paid by the Foundation through membership funds, and accountable directly to the Board, set 
-out in section 7.
-
-Operating on behalf of:
-
-* A **General Membership** (‘the Participant Community’), which is open to any organisation participating in Corda Network, 
-and with privileges and responsibilities as set out in section 6.
-
-Any change to the structure of the Foundation is a constitutional change, described in section 5.1.
-
-3 Governing Board
------------------
-
-3.1	Role of the Board
-^^^^^^^^^^^^^^^^^^^^^
-The goal of the Board is primarily to ensure the stable and secure operation of the Network, as well as to achieve the 
-vision of Corda laid out in section 2.1. The fundamental responsibility of directors appointed to the Board is to 
-exercise their business judgement to act in what they believe to be the best interests of the Network, taking account 
-of the interests of the Network community as a whole (rather than any one individual interest). 
-
-Directors are expected to comply with the Conflict of Interest policy, which includes a responsibility to disclose 
-promptly any conflicts that may arise, and meet the expected standards specified in the Code of Conduct Guidelines for 
-ethical conduct and breach reporting.
-
-The Board is the formal decision-making authority of the Foundation, and actions of the Board reflect its collective 
-decision making.
-
-3.2	Relationship of the Board with the Operator
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-It is the duty of the Board to monitor the Operator’s performance to ensure that the Network operates in an effective, 
-efficient and ethical manner. The Board will also be responsible for overseeing the Operator in the development of the 
-Network’s strategic and tactical plans, ensuring that they will result in broad and open adoption of Corda. The Operator 
-is responsible to the Board for the execution of day to day operations, and the implementation of strategic and tactical 
-change.
-
-3.3	Composition and Establishment of the Board
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-### 3.3.1 Size
-The Board shall consist of 11 voting members (‘Directors’) in total, to allow broad representation but maintain an agile 
-decision-making ability. The selection process (using the Participant Community) is intended to ensure that the Board is 
-composed of members who display diversity in geography, culture, skills, experience and perspective, and that the 
-abilities and interests of Directors are aligned with those of Corda.
-
-R3 shall have the ongoing right to appoint two Directors, as the firm which developed Corda and funded the initial 
-construction of the Network. It represents the interests of its large and diverse alliance of commercial organisations, 
-financial institutions, and regulatory bodies. Similarly to the rest of the board, the Directors will have three-year 
-terms (unless the director resigns or leaves for another reason) and can be re-appointed without limit. Appointment will 
-be effective immediately. 
-
-The Chair of the board will be elected for a one year term by a vote of the Directors of the Board, at the first Board 
-meeting following the Board election.
-
-#### 3.3.2 Participation Criteria
-Participants shall be directed to vote to ensure that the Board is composed of Directors who in the aggregate produce 
-the broadest diversity on the Board, consistent with meeting the other criteria. In addition, the Board is to be 
-comprised of individuals who can demonstrate to Participants they meet the following requirements:
-
-* Hold an understanding and appreciation of the Corda protocol and community purpose.  
-* Have an awareness of cultural and geographic perspectives.
-* Demonstrate integrity, intelligence and objectivity.
-* Can work and communicate in written and spoken English. 
-
-To promote diversity, the following guidelines are adopted, in particular for steady-state governance (recognising that 
-these may not be possible to fulfil during the transition period):
-
-* No corporate group of participants may have more than one Director. In the event of votes for two different candidates 
-representing the same overall corporate group, the candidate with the most votes shall be considered.
-* Of the nine Directors, there should not be more than three Directors from any broad industry classification, according to 
-company classification data.
-* Of the nine Directors, there should not be more than three Directors from any continent (one must be based in the Americas, 
-Europe/Africa and Asia, to ensure geographic diversity. 
-* Of the nine Directors, there should not be more than three Directors representing any Corporate Group with more than 
-100,000 employees.
-* There is no restriction of re-election of Directors or the Chair of the Board.
-
-### 3.3.3 Establishment of the Board
-#### 3.3.3.1 Pre-Foundation 
-Initially R3 shall govern the Network to ensure rapid progress on its implementation. Once the Foundation is set-up and 
-at least three business networks are conducting live transactions using the network with at least three Participants each, the 
-'transition period' of one year will commence.
-#### 3.3.3.2	Transition: Initial set-up of Foundation Board: 
-For the transition year, the first three business networks shall have the right to choose three Participants, to 
-represent the interests of the business network. One of each of these must be based in the Americas, Europe/Africa and 
-Asia, to ensure geographic diversity, if the pool Participants allows.  Each selected Participant will appoint a 
-Director, to sit on the Board, making nine Directors in addition to the two Directors from R3. 
-
-After this start-up period, there will be a vote for Board Directors.
-
-For the first election only, of the nine vacant seats, three will be for a duration of one year, three for two years, and 
-three for three years. This will introduce a staggered board, so there is greater continuity at the end of each term. 
-Candidates with the most votes will fill the three-year seats first, followed by two-year and then one-year seats. In all other 
-respects, the first election will follow the steady state process.
-#### 3.3.3.3	Steady-State
-1. Participants may nominate candidates for Director election. Appointments to the nine rotating seats of the Board will be 
-by vote of the Participants, with three seats up for election each year. Any seats vacated mid-term will also be 
-elected at the same time. R3 may not put forward candidates for the nine rotating seats, and these may not be held by 
-R3 employees.
-2. Candidates will create a personal statement and short biography, which will be shared with all Participants.
-3. Participants may each cast up to three votes for three separate candidates.
-4. Subject to meeting certain criteria (including diversity of geography and industry), the most popular candidates 
-will be appointed as Directors. 
-5. Candidates will be considered in sequence from most popular to least, and if a seat is vacant according to the 
-diversity criteria in section 3.3.2, the candidate will be allocated to it. This may mean that occasionally a less 
-popular candidate fills a seat instead of a more popular one.
-6. R3 shall appoint Directors to the two remaining seats, when appropriate.
-#### 3.3.4	Removal from the Board and Re-election.
-Apart from the three-year expiry, Directors can otherwise leave the Board by resignation, prolonged non-attendance of 
-board meetings of more than six months, death, or if necessary, removal by a Mandatory Governance Event. In any case, a 
-vacant seat will be contested at the next annual election.
-
-3.4	Conduct of Board Meetings
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-Attendance may be in person or by video-conference.
-
-The Board shall meet not less than every six months, and may meet on the request of any Director, but not more than every 
-two months. At least two weeks’ notice shall be given to Directors. By exception, the Chair may convene an emergency 
-meeting with minimal notice, appropriate to the situation in the Chair's judgement. 
-
-The Board shall consider all Governance Events proposed since the previous meeting, except for an emergency convening.
-
-Board meetings shall be limited to the Board representatives, and shall follow the requirements for quorum and voting 
-outlined in this Constitution. 
-
-The Board may decide whether to allow one named representative to attend as an alternate, and typically these shall be 
-allowed.
-
-The Board meetings shall be conducted in private, but in the interest of transparency, public minutes shall be 
-published within two weeks following their approval by the Board.
-
-Participants who do not have representation on the Board may request an observer to be present at a Board meeting. 
-This is subject to a lottery held one week prior to the meeting, a limit of 20 observer places, and a limit of one 
-observer per unrepresented Participant. Observers may participate in discussions but shall not participate in any Board 
-vote, and may be asked to join by video-conference if there are logistical constraints. 
-
-4	Relation of the Foundation to Business Networks
----------------------------------------------------
-
-The global Network shall support the operation of any business networks which may be formed by industry-specific 
-operators on top of the Network. The Board shall ensure that there is a clear separation between areas of governance 
-for the Foundation and Network outlined in this document, and for individual business networks.
-
-Additionally, the structure and control processes defined for the Foundation shall be documented and made available 
-under a Creative Commons license, both for reuse by business network operators if business networks need a similar 
-governance structure, and so that such governance layers are complementary and not contradictory.
-
-5	Governance Events
----------------------
-
-All formal changes to the Network and the Foundation shall be controlled through a formal Governance Event process, and 
-the right to initiate this shall be held by all Directors and Participants. In the event of disruptive behaviour by an 
-individual Participant or group of Participants, this right may be curtailed, as described in 5.2.5.
-
-5.1	Types of Governance Events
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-There are three types of change that affect the Network and the Foundation, which require a controlled change process 
-and a vote described in 5.5, and are defined as Governance Events:
-
-1. All changes to the Stichting Articles of Association and By-laws are defined as Constitutional Governance Events.
-2. All changes to Network participation criteria, charges, budgets, change management process and other business areas not 
-defined in Articles of Association or By-laws are defined as Mandatory Governance Events in section 5.2. The Board shall 
-vote to accept or reject all such Mandatory Governance Events, and the outcomes are binding on Participants and the 
-Operator for implementation.
-3. All changes to technical parameters and notary criteria, which affect the nodes of participants, are defined as 
-Advisory Governance Events in section 5.3. While the Operator can implement these without Board approval, it may ask the 
-Board to provide an advisory (non-binding) vote. Conversely, the Board may require that it is given the opportunity to 
-provide an advisory vote.
-
-Any other changes in the day to day internal implementation of network services by the Operator, which do not require 
-changes to be implemented on the nodes of participants, are out of scope as Governance Events. 
-
-All Constitutional, Mandatory and Advisory Governance Events shall be supported by a formal proposal, using standard 
-structured documents and containing all relevant background information, to create an efficient process both for the 
-submitter and the Board. 
-Depending on the content of the Governance Event proposal, the Board or Operator may rely on the Governance or Technical 
-Advisory Committee to provide due diligence and make a recommendation for implementation.
-
-For all Governance Events, decisions and the rationale for the decision shall be published transparently. 
-
-5.2	Mandatory Governance Events
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-### 5.2.1 Access Standards
-The Corda system can be accessed by using software which implements the set of technical protocols which define 
-compatibility (see 5.3.1) above). The reference implementation of this software is open source and freely accessible at 
-[www.corda.net](https://www.corda.net).
-
-To join the Network, a participant running Corda compatible software also needs a unique and real-world identity. The 
-Foundation shall enforce this access requirement through the issuance of PKI certificates. Corda has a primary objective 
-to facilitate automation of real-world contracts between real-world parties, and has a particular requirement to ensure 
-that identities on the Network are unique and that all participants understand the basis on which they have been issued.
-The Foundation shall govern the operation of the technical infrastructure to enable a good level of service for identity 
-issuance.
-
-The access criteria for proving real world identity shall be defined by the Board and shall be transparent and objective. 
-Any party which can demonstrate they meet these criteria will be issued a certificate without prejudice. The goal to 
-ensure that the Operator which manages the issuance of the network certificates cannot act arbitrarily or 
-discriminatory. But lawful requests from regulatory authorities of the Foundation’s jurisdiction shall be accepted.
-
-These criteria may be subject to change over time to deal with changing circumstances, like regulatory requirements. 
-However, the changes shall be subject to Mandatory Governance Events. In this way the Network is able to provide its 
-participants with a strong and fair identity framework.
-
-Arbitration, suspension, and in extreme circumstances, revocation (for example for illegal behaviour or when a 
-participant no longer meets the standards set forth) shall be managed through an Emergency Governance Event, set out in 
-5.4. 
-
-#### 5.2.2	Budget, Expenditure and Participation Fees
-The Board shall annually prepare and approve a budget for the operations of the Foundation, taking into account the 
-not-for-profit status of the Foundation and the mission to promote the Corda Ecosystem.
-
-The Foundation shall charge a fee for Membership, as described in section 6.1.
-
-The Operator shall charge the Foundation for services that the Operator provides under the requirements of the contract 
-with the Foundation, including management of Participants, Network participation and access services, Network map 
-and Operator-provided notary services. The Operator may also provide fee-based services that are supplementary to those 
-needed to participate on the Network.
-
-#### 5.2.3 Change of Network Operator
-For three years upon establishment of the Foundation, R3 will undertake the role of Operator. Annually thereafter, the 
-Board will approve the appointment of the Operator, which may be changed with a Mandatory Governance Event and vote. 
-As noted, the Foundation shall hold the Trust Root, and the Operator and any services they operate shall be provisioned 
-with intermediate certificates that derive from this. The Operator must enter into an escrow arrangement upon 
-appointment, so that existing certificates continue to work, certificate revocation lists continue to be published, and 
-there is no disruption to Participants if the Operator is changed.
-
-#### 5.2.4 Change Management Process
-The Network will periodically require participating nodes to implement change. A change notification and management 
-process shall be defined and communicated; and any change to the change management process shall be the subject of a 
-Mandatory Governance Event.
-
-#### 5.2.5 Other Mandatory Governance Events
-Restrictions on individual Participants or a group to initiate Governance Events; in the event of disruptive behaviour.
-
-Audit: the Board may request an audit of the activities and services provided by the Operator, no more frequently than 
-every year, unless an emergency audit is authorised through a Mandatory Governance Event.
-
-Marketing, Trademark and Branding: R3 shall commit to license the Corda trademark to the Foundation. The Foundation 
-shall manage its own brand and any trademarks created.
-
-Certifications: Where the Foundation provides standards for certification of organisations, individuals or technologies, 
-the Board shall approve the standards and processes for certification.
-
-Change to the arbitration and dispute resolution process shall be the subject of a Mandatory Governance Event.
-
-Policies covering areas of operation not covered by the Constitution (e.g. code of conduct for Board Directors).
-
-5.3	Advisory Governance Events
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-#### 5.3.1	Technical Standards
-There is a set of technical standards, such as ‘network parameters’, which all Corda Network nodes need to comply with 
-in order to guarantee technical compatibility to other nodes and services within the Network. While Corda has stability 
-and backwards compatibility as key design goals, there may be circumstances under which these standards will need to 
-change. Where these changes require participants in the Network to update to remain compatible, these changes will be 
-subject to Governance Events. 
-
-Changes to technical standards, such as some network parameters, shall require formal design processes, and the Operator may 
-choose to delegate technical due diligence to the Technical Advisory Committee prior to formally accepting a change to 
-the technical standards.
-
-The Corda open source software is the reference implementation for the core technical standards adopted for the Network. 
-Corda implementations and distributions can vary in their internal details, but their core interfaces and Corda protocol 
-implementation must conform to this standard to be compatible with the Network. 
-
-#### 5.3.2	Consensus Standards
-The Foundation shall set minimum standards for notary clusters, to allow their use across different business 
-applications. The Operator shall ensure that standards are followed by notary service providers, and shall operate a 
-framework of audit and assessment, review, feedback, and certification, covering the following:
-
-1. Technical standards, such as meeting strict requirements for high-availability and data replication/security and 
-performance. 
-2. Compliance with necessary laws and regulations (for example privacy and data retention regulations) in the 
-jurisdictions in which they operate. 
-3. Availability for independent audits upon request by the Board.
-
-Additionally, the Operator shall manage a reference distributed notary service for the Network, using a Board-approved 
-crash or Byzantine fault tolerant (BFT) consensus algorithm, with nodes provided by a minimum number of identified and 
-independent entities. 
-
-#### 5.3.3	Dispute Resolution Process
-Disputes between Participants arising from the operation of a Corda application are anticipated to be resolved by the 
-business network operator, or directly if no business network is involved. If necessary, Participants may escalate to 
-the Board by creating an Advisory Governance Event.
-
-5.4	Emergency Governance Events
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-Certain Network incidents, which could impact one or more Network participants and that would be the subject of 
-Mandatory or Advisory Governance Events, shall require immediate resolution. In these cases, the Operator may make 
-emergency changes, but these shall be subject to post-event evaluation and standard Governance Event processing. Areas 
-of control that are the subject of Mandatory Governance Events are not expected to require emergency remediation, but 
-the Operator shall be entitled to make emergency changes to preserve the stability and integrity of the Network.
-
-5.5	Voting
-^^^^^^^^^^
-All Constitutional, Mandatory and Advisory Governance Events outlined in sections 5.2 and 5.3 shall be presented to the 
-Board for voting. The representatives of the Board shall vote on a one vote per Director basis to approve or reject the 
-Governance Event.
-
-Quorum for the Board shall require two thirds of the Directors to vote. Abstention is not a vote. The Board may continue 
-to meet if quorum is not met, but shall be prevented from making any decisions at the meeting. Decisions by electronic 
-vote without a meeting shall require a vote by two thirds majority of all Directors.
-
-Provided quorum is met, Constitutional Governance Events shall require a three quarters majority vote, and Mandatory 
-Governance Events shall require a two thirds majority vote.
-
-In the event of a tied vote (the odd number of representatives is intended to avoid tied votes) the vote of the Chair 
-shall carry the vote. If the Chair does not vote in the case of a tied vote, the Event will not be passed.
-
-All Governance Events proposed for consideration by the Board at a meeting shall be circulated in draft form to the 
-members of the Board at least one week prior to the date of the meeting, and the text of such draft events may be altered 
-at the meeting.
-
-The Foundation may chose to implement the tracking and voting for Governance Events using an on-ledger Corda application 
-in an attempt to simplify governance, provide transparency and lower costs, provided the application has been tested 
-thoroughly and has sufficient manual override controls.
-
-6	Participation
------------------
-
-6.1	General Membership
-^^^^^^^^^^^^^^^^^^^^^^
-Participation is open to any potential participant on the Network, subject to meeting normal Network access conditions 
-described in section 5.2.1, and paying a nominal annual participation fee to cover both the operational costs of Network 
-services and the Foundation, and to ensure that its activities are sufficiently resourced.
-
-The Participant Community have the right to:
-
-1. Propose a formal Governance Event to the Board for voting. This must meet the appropriate standards and formats.
-2. Request observer representation at a board meeting subject to logistical constraints. 
-3. Utilise any brand and marketing materials that may be provided by the Foundation to Participants.
-4. Identify themselves as participants of the Foundation.
-5. Vote in the periodic election of a new Board.  
-6. Participate in conferences, projects and initiatives of the Foundation. Numbers of participants and any additional 
-costs will depend on the individual event.
-7. Receive an identity necessary to operate a Corda node on the Network.
-8. Use the Network for live business activities running 'in production'.
-
-6.2	Technical Advisory Committee
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-The Technical Advisory Committee shall have limited participants appointed directly by the Board. Its mandate and 
-charter will be set by the Board. It shall act directly on the instructions of the Board or the Operator, which shall 
-set expected deliverables and timelines. It shall focus on specific technical topics and may have responsibility for 
-the following:
-
-1. Advise on technical decisions for the Operator.
-2. Advising the Board in technical matters.
-3. Provide feedback on the technical roadmap for Corda, from real-world and practical experience gained from observing 
-the operation of the Network.
-4. Conducting open design reviews and soliciting public input for technical proposals.
-5. Contributing to the Corda open source community from a Network perspective, to ensure that Corda retains a coherent, 
-elegant and practical system design
-
-6.3	Governance Advisory Committee
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-The Governance Advisory Committee shall have limited participants appointed directly by the board. Its purpose is to 
-recommend actions to the Board for approval on non-technical matters, where additional support is helpful. This may 
-include decisions on:
-
-1. Operator Due Diligence
-2. Identity and Permissions
-3. Risks and Escalations
-4. Interacting with Regulators
-5. Complaints and Whistle-blowing
-
-7 The Corda Network Operator
-----------------------------
-
-In order to pursue the mission of the Foundation as set out in section 1, there will need to be a set of operational 
-activities, including technical activities such as hosting services, marketing activities, community management and 
-promotion. These activities shall be funded through the participation fees and overseen by the Board, and they will 
-require operational staffing by the Operator. It is not envisaged (at least during the first year) that the Corda 
-Network Foundation will need separate staff. Administrative operations and meeting facilities will be provided by the 
-Operator.
-
-The Operator shall invoice the Foundation for the costs of operating the Network and minor administrative expenses, 
-initially on a cost-plus basis, and subject to annual review. Corda Network identity and map technical services 
-have been designed to be highly cacheable, and low-cost in operation.
-
-For the first three years, R3 shall act as the Operator. 
- 
-8 Costs and Participation Fees
-------------------------------
-
-8.1 Costs
-^^^^^^^^^
-In line with the mission and values of the Foundation, the Network Foundation is not a profit seeking entity. But the 
-Foundation needs to provide governance and technical services, and these will incur costs. The Foundation maintains these 
-cost principles, as ideals but not contractual standards:
-
-1. Costs for all services should be borne by all users of those services.
-2. One group of participants should not subsidise another.
-3. The costs shall be tightly managed, and the Foundation shall seek to provide the most cost-effective implementation 
-of all of its own administration, governance and technical services.
-4. Costs of one service should not be subsidised by another.
-5. The Foundation's cost model should be public, to demonstrate that the costs could not reasonably be lower.
-
-8.2 Participation Fee
-^^^^^^^^^^^^^^^^^^^^^
-The Foundation shall meet costs by levying a participation fee and notary fee for all Participants. The participation 
-fee will be independent of organisation size and number of transactions on Corda, to reflect the underlying cost of 
-identity issuance. 
-
-The fee shall be based on the number of Participants divided by an estimate of the cost of running the Foundation, 
-which is set out in section 7. There may be variance in the fee depending on whether the Participant is indirectly using a 
-Corda Network-powered application, and therefore the services which the Participant is able to access.
-
-Such fees shall be detailed in a separate schedule to be updated annually and approved by the Board by a Mandatory 
-Governance Event.
-
-The Operator may agree to provide the Foundation with a start-up commercial loan, in order to allow the Foundation to 
-cap fees for Participants initially. This will allow early widespread adoption, when early participant numbers will not 
-offset fixed operating costs. In this case, the fees will not fall to steady-state levels until the loan has been repaid.
-
-Subsidiaries of large organisations shall apply for membership separately, since the model for Corda usage is for one 
-identity per legal entity, unless varied by Mandatory Governance Event. The fee and voting right shall apply to each 
-subsidiary individually.
-
-The fee applies even if the Participants chooses not to operate a Corda node on the Network. Therefore, Participants 
-can be potential or active participants.
-
-8.3 Notary Fee
-^^^^^^^^^^^^^^
-Transaction notary fees will be charged separately, on a per-use basis. This reflects the variable cost of providing 
-notary services, with a wide orders-of-magnitude disparity between frequent and infrequent participant transaction 
-volumes. As a principle, notary fees shall not subsidise participation fees, nor vice versa.
-
-9 Community
------------
-Corda is a collaborative effort, and part of the Foundation’s mission is to help create and foster a technical community 
-that will benefit all Corda solution providers and users. As such, the Foundation will work to encourage further 
-participation of leading Participants of the ecosystem, including developers, service and solution providers and end 
-users. This community shall work towards furthering the adoption of Corda, and contribute to the specific capabilities 
-identified in the technical white paper.
-
-The Corda technical community should be broad and open, encouraging participation and active conversations on the 
-technology and applications, but this cannot be mandated by the Foundation.
-
-9.1	Non-Discrimination
-^^^^^^^^^^^^^^^^^^^^^^
-The Foundation will welcome any organization able to meet the Participation criteria, regardless of competitive 
-interests with other Participants. The Board shall not seek to exclude any Participant for any reasons other than those 
-that are reasonable, explicit and applied on a non-discriminatory basis to all Participants.
-
-END
diff --git a/docs/source/corda-network/governance-structure.md b/docs/source/corda-network/governance-structure.md
deleted file mode 100644
index 7405b42406..0000000000
--- a/docs/source/corda-network/governance-structure.md
+++ /dev/null
@@ -1,31 +0,0 @@
-Governance Structure
-====================
-
-It is critically important that a commercial entity should not control Corda Network going forwards, and that it should 
-be governed transparently, with a fair and representative structure that can deliver a stable operating environment for 
-its members in the long term.
-
-A separate entity called Corda Network Foundation will be set up, using a not-for-profit legal entity type known as a 
-Stichting, residing in the Netherlands. This type is suited for governance activities, able to act commercially, with 
-limited liability but no shareholders, capital or dividends. Its constitution is defined in a set of Articles of 
-Association and By-laws.
-
-A Foundation will enable Network members to be involved with, and also understand, how decisions are made (including 
-around issues of identity and permission), building trust and engagement from a wide range of stakeholders. We believe 
-this will bring about the best decisions and outcomes for the Network’s long-term success. 
-
-Its governance bodies shall include:
-
-- A **Governing Board** (‘the Board’) of 11 representatives (‘Directors’). 
-- A **Technical Advisory Committee** (‘the TAC’), comprised of representatives of Participant organisations. 
-- A **Governance Advisory Committee**, comprised of representatives of Participant organisations. 
-- A **Network Operator** (‘the Operator’), charging the Foundation reasonable costs for providing network and administration 
-services, paid by the Foundation through membership funds, and accountable directly to the Board.
-
-Operating on behalf of:
-
-- **Participants** (‘Participants’), open to any legal entity participating in Corda Network, and independent of R3 
-alliance membership.
-
-For more information about the intended governance of the network, please refer to the [Corda Network Foundation : 
-Governance Guidelines](governance-guidelines.md) document.
\ No newline at end of file
diff --git a/docs/source/corda-network/index.md b/docs/source/corda-network/index.md
index d020d9099f..e85af547d5 100644
--- a/docs/source/corda-network/index.md
+++ b/docs/source/corda-network/index.md
@@ -3,60 +3,65 @@ Corda Network
 
 Introduction to Corda Network
 -----------------------------
-Corda Network consists of Corda nodes operated by network participants, in which business transactions are created and 
-validated via Corda Distributed Applications (CorDapps) running on these nodes. Each node is identified by means of a 
-certificate issued by the Network's Certificate Authority, and will also be identifiable on a network map. 
+[Corda Network](https://corda.network/) is a publicly-available internet of Corda nodes operated by network participants. Each 
+node is identified by a certificate issued by the network's identity service, and will also be discoverable on a network map. 
 
 Corda Network enables interoperability – the exchange of data or assets via a secure, efficient internet layer – in a way 
-that isn't possible with competing permissioned distributed ledger technologies or legacy systems.
+that isn't possible with separate, isolated Corda networks. A common trust root surrounds all transactions, and a consistent set of 
+network parameters ensures all participants may transact with each other.
 
-The network is due to go live in December 2018, and initially it will be governed by R3. An independent, not-for-profit 
-Foundation is currently being set-up which is intended to govern the Network from mid 2019, after a transition period
-when control moves entirely to the Foundation. See the [governance model](governance-structure.md) for more detail.
+The network went live in December 2018, and is currently governed by R3. An independent, not-for-profit foundation has been 
+set up to govern the network, and a transitional board will be selected from initial participants in Spring 2019, which will oversee 
+the foundation until democratic elections are held a year later. See the [governance model](https://corda.network/governance/governance-guidelines.html) 
+for more detail.
 
-The Network will comprise many sub-groups many sub-groups of participants running particular CorDapps (sometimes but not 
-always referred to as 'business networks'), and such groups will often have a co-ordinating party (the 'Business 
-Network Operator') who manages the distribution of the app and rules (including around membership) for its use. 
+The network will support many sub-groups of participants running particular CorDapps (sometimes referred to as 'business networks'), 
+and these groups will often have a co-ordinating party (the 'business network operator') who manages the distribution of the 
+app and rules, including membership, for its use. There is a clear separation between areas of control for the network as a whole 
+and for individual business networks. Like the internet, Corda Network intends to exist as a background utility.
 
-Corda Network will support the operation of business networks by industry-specific operators within the Network. There 
-will be a clear separation between areas of governance for the Network and for individual business networks. For example, 
-rules around membership of business networks will be controlled by its Business Network Operators. 
+The main benefit of Corda Network for participants is being able to move cash, digital assets, and identity data from one application 
+or line of business to another. Business network operators also benefit by being able to access network-wide services, and reuse the 
+[trust root](https://corda.network/trust-root/index.html) and network services, instead of building and managing their own.
+
+The Corda Network website has a [high level overview](https://corda.network/participation/implementation-steps.html) of the joining process.
 
 Key services 
 ============
 
-Doorman
--------
-The Doorman controls admissions and exits of Participants into and out of Corda Network. The Service receives Certificate 
-Signing Requests (CSRs) from prospective Network Participants (sometimes via a Business Network Operator) and reviews the 
-information submitted. A digitally signed Participation Certificate is returned if:
+Identity Service
+----------------
+The Identity Service controls admissions of participants into Corda Network. The service receives certificate 
+signing requests (CSRs) from prospective network participants (sometimes via a business network operator) and reviews the 
+information submitted. A digitally signed participation certificate is returned if:
 
-* The prospective Corda Network Participant meets the requirements specified in the documentation;
-* Evidence is provided by the Participant or Business Network Operator of agreement to the Corda Network Participant Terms 
-of Use.
+* The participant meets the requirements specified in the [bylaws and policies](https://corda.network/policy/admission-criteria.html) 
+of the foundation (broadly speaking, limited to sanction screening only);
+* The participant agrees to Corda Network participant [terms of use](https://corda.network/participation/terms-of-use.html).
 
-The Corda Network Participant can then use the Participation Certificate to register itself with the R3 Network Map Service.
+The Corda Network node can then use the participation certificate to register itself with the Network Map Service.
 
-Network Map
------------ 
+Network Map Service
+------------------- 
 The Network Map Service accepts digitally signed documents describing network routing and identifying information from 
-Participants, based on the Participation Certificates signed by the Doorman, and makes this information available to all 
-Corda Network Participants.
+nodes, based on the participation certificates signed by the Identity Service, and makes this information available to all 
+Corda Network nodes.
 
-Notary 
-------
-Corda design separates correctness consensus from uniqueness consensus, and the latter is provided by one or more Notary 
-services. The Notary will digitally sign a transaction presented to it - provided no transaction referring to 
+Notary Service
+--------------
+The Corda design separates correctness consensus from uniqueness consensus, and the latter is provided by one or more Notary 
+Services. The Notary will digitally sign a transaction presented to it, provided no transaction referring to 
 any of the same inputs has been previously signed by the Notary, and the transaction timestamp is within bounds. 
 
-Business Network Operators and Network Participants may choose to enter into legal agreements which rely on the presence 
+Business network operators and network participants may choose to enter into legal agreements which rely on the presence 
 of such digital signatures when determining whether a transaction to which they are party, or upon the details of which they 
 otherwise rely, is to be treated as 'confirmed' in accordance with the terms of the underlying agreement. 
 
-Support 
--------
-The Support Service is provided to Participants and Business Network Operators to manage / resolve inquiries and incidents 
-relating to the Doorman, Network Map Service and Notary Service, and any other relevant services.
+
+Support Service 
+---------------
+The Support Service is provided to participants and business network operators to manage and resolve inquiries and incidents 
+relating to the Identity Service, Network Map Service and Notary Services.
 
 CRL configuration
 -----------------
@@ -71,5 +76,3 @@ In order to use this, add the following to your configuration file:
 
 This set-up ensures that the TLS-level certificates are embedded with the CRL distribution point referencing the CRL issued by R3.
 In cases where a proprietary CRL infrastructure is provided those values need to be changed accordingly.
-
-
diff --git a/docs/source/corda-network/joining-corda-network.md b/docs/source/corda-network/joining-corda-network.md
deleted file mode 100644
index 43aff317fd..0000000000
--- a/docs/source/corda-network/joining-corda-network.md
+++ /dev/null
@@ -1,36 +0,0 @@
-Joining Corda Network
-=====================
-
-Corda Network participation requires each node to possess a recognised Certificate Authority (CA) signed certificate 
-(“Participation Certificate”), which is used to derive other digital certificates required (such as legal entity signing 
-certificates and TLS certificates).
-
-Identity certificates must be issued by the Corda Network Operator (Doorman / Network Map), which guarantees that the identity 
-listed on the certificate is uniquely held by a single party within the network.
-
-A high-level outline of steps to join the Network is listed below. This assumes that Participants wish to operate a node 
-and already have access to at least one CorDapp which they wish to deploy. A more detailed step-by-step guide will soon 
-be available.
-
-1. Obtain Corda software - either the Enterprise version, via a Corda sales representative, or the open source version
-through [github](https://github.com/corda).
-2. For the time being, request the trust root certificate from Corda Network Doorman, by emailing doorman@r3.com, which 
-will be sent back as a truststore.jks file. In future, the Corda Network trust root will be packaged in the software
-distribution.
-3. [Start the node](https://docs.corda.net/deploying-a-node.html) - where applicable, with help from a Corda 
-representative. 
-4. [Configure the node](https://docs.corda.net/corda-configuration-file.html) – a node.conf file must be included in the 
-root directory of every Corda node. This includes: specifying an email address in relation to the certificate signing 
-request as well as choosing a distinguished name.
-5. Run the initial registration. This will send a Certificate Signing Request (with the relevant name and email) to the 
-Network Manager service (Doorman / Network Map).
-6. Sign Participant terms of use, either directly or indirectly:
-* **Sponsored model**: A Business Network Operator (BNO) requesting approval for a certificate on behalf of the Participant.
-* **Direct model**: The Participant requesting a certificate for themselves.
-7. Doorman verification checks – a number of identity-related checks will be conducted, before issuing a certificate, 
-including email and legal entity checks.
-8. Once identity checks have been completed, a signed CA certificate will be released by the Doorman to the 
-node.
-9. Completion - the node will then sign its node IP address and submit it to the Network Map, for broadcast to other 
-Participant nodes.
-
diff --git a/docs/source/cordapp-build-systems.rst b/docs/source/cordapp-build-systems.rst
index 61975291c0..300da04670 100644
--- a/docs/source/cordapp-build-systems.rst
+++ b/docs/source/cordapp-build-systems.rst
@@ -1,3 +1,9 @@
+.. highlight:: groovy
+.. raw:: html
+
+   <script type="text/javascript" src="_static/jquery.js"></script>
+   <script type="text/javascript" src="_static/codesets.js"></script>
+
 Building and installing a CorDapp
 =================================
 
@@ -22,11 +28,11 @@ Build tools
 In the instructions that follow, we assume you are using Gradle and the ``cordformation`` plugin to build your
 CorDapp. You can find examples of building a CorDapp using these tools in the 
 `Kotlin CorDapp Template <https://github.com/corda/cordapp-template-kotlin>`_ and the 
-`Java CorDapp Template <https://github.com/corda/cordapp-template-kotlin>`_.
+`Java CorDapp Template <https://github.com/corda/cordapp-template-java>`_.
 
 To ensure you are using the correct version of Gradle, you should use the provided Gradle Wrapper by copying across
 the following folder and files from the `Kotlin CorDapp Template <https://github.com/corda/cordapp-template-kotlin>`_ or the 
-`Java CorDapp Template <https://github.com/corda/cordapp-template-kotlin>`_ to the root of your project:
+`Java CorDapp Template <https://github.com/corda/cordapp-template-java>`_ to the root of your project:
 
 * ``gradle/``
 * ``gradlew``
@@ -49,7 +55,7 @@ Several ``ext`` variables are used in a CorDapp's ``build.gradle`` file to defin
 versions can be found here: https://bintray.com/r3/corda/cordapp. If in doubt, you should base yourself on the version
 numbers used in the ``build.gradle`` file of the
 `Kotlin CorDapp Template <https://github.com/corda/cordapp-template-kotlin>`_ and the
-`Java CorDapp Template <https://github.com/corda/cordapp-template-kotlin>`_.
+`Java CorDapp Template <https://github.com/corda/cordapp-template-java>`_.
 
 For example, to use version 3.0 of Corda, version 3.0.8 of the Corda gradle plugins, version 0.7.9 of Quasar, and
 version 1.1.60 of Kotlin, you'd write:
@@ -99,9 +105,10 @@ Here is an overview of the various Corda dependencies:
   functionality. Include manually if the utilities are useful or you are writing a library for Corda
 * ``corda-core-deterministic`` - Used by the Corda node for deterministic contracts. Not likely to be used externally
 * ``corda-djvm`` - Used by the Corda node for deterministic contracts. Not likely to be used externally
-* ``corda-finance`` - The Corda finance CorDapp. Only include as a ``cordaCompile`` dependency if using as a dependent
-  Cordapp or if you need access to the Corda finance types. Use as a ``cordapp`` dependency if using as a CorDapp
-  dependency (see below)
+* ``corda-finance-contracts``, ``corda-finance-workflows`` and deprecated ``corda-finance``. Corda finance CorDapp, use contracts and flows parts respectively.
+  ``corda-finance`` is left for backward compatibility purposes and should be replaced by former two where needed.
+  Only include as a ``cordaCompile`` dependency if using as a dependent Cordapp or if you need access to the Corda finance types.
+  Use as a ``cordapp`` dependency if using as a CorDapp dependency (see below)
 * ``corda-jackson`` - Corda Jackson support. Use if you plan to serialise Corda objects to and/or from JSON
 * ``corda-jfx`` - JavaFX utilities with some Corda-specific models and utilities. Only use with JavaFX apps
 * ``corda-mock`` - A small library of useful mocks. Use if the classes are useful to you
@@ -109,8 +116,6 @@ Here is an overview of the various Corda dependencies:
   frameworks
 * ``corda-node-api`` - The node API. Required to bootstrap a local network
 * ``corda-node-driver`` - Testing utility for programmatically starting nodes from JVM languages. Use for tests
-* ``corda-notary-bft-smart`` - A Corda notary implementation
-* ``corda-notary-raft`` - A Corda notary implementation
 * ``corda-rpc`` - The Corda RPC client library. Used when writing an RPC client
 * ``corda-serialization`` - The Corda core serialization library. Automatically included by other dependencies
 * ``corda-serialization-deterministic`` - The Corda core serialization library. Automatically included by other
@@ -126,7 +131,7 @@ Here is an overview of the various Corda dependencies:
 
 Dependencies on other CorDapps
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-You CorDapp may also depend on classes defined in another CorDapp, such as states, contracts and flows. There are two
+Your CorDapp may also depend on classes defined in another CorDapp, such as states, contracts and flows. There are two
 ways to add another CorDapp as a dependency in your CorDapp's ``build.gradle`` file:
 
 * ``cordapp project(":another-cordapp")`` (use this if the other CorDapp is defined in a module in the same project)
@@ -288,7 +293,7 @@ Example
 Below is a sample of what a CorDapp's Gradle dependencies block might look like. When building your own CorDapp, you
 should base yourself on the ``build.gradle`` file of the
 `Kotlin CorDapp Template <https://github.com/corda/cordapp-template-kotlin>`_ or the
-`Java CorDapp Template <https://github.com/corda/cordapp-template-kotlin>`_.
+`Java CorDapp Template <https://github.com/corda/cordapp-template-java>`_.
 
 .. container:: codeset
 
@@ -297,7 +302,8 @@ should base yourself on the ``build.gradle`` file of the
         dependencies {
             // Corda integration dependencies
             cordaCompile "net.corda:corda-core:$corda_release_version"
-            cordaCompile "net.corda:corda-finance:$corda_release_version"
+            cordaCompile "net.corda:corda-finance-contracts:$corda_release_version"
+            cordaCompile "net.corda:corda-finance-workflows:$corda_release_version"
             cordaCompile "net.corda:corda-jackson:$corda_release_version"
             cordaCompile "net.corda:corda-rpc:$corda_release_version"
             cordaCompile "net.corda:corda-node-api:$corda_release_version"
@@ -340,6 +346,9 @@ This is typically done by appending the version string to the CorDapp's name. Th
 once the JAR has been deployed on a node. If it does, make sure no one is relying on ``FlowContext.appName`` in their
 flows (see :doc:`versioning`).
 
+
+.. _cordapp_install_ref:
+
 Installing the CorDapp JAR
 --------------------------
 
@@ -465,4 +474,36 @@ For a CorDapp that contains flows and/or services we specify the `workflow` tag:
             }
         }
 
-.. note:: It is possible, but *not recommended*, to include everything in a single CorDapp jar and use both the ``contract`` and ``workflow`` Gradle plugin tags.
\ No newline at end of file
+.. note:: It is possible, but *not recommended*, to include everything in a single CorDapp jar and use both the ``contract`` and ``workflow`` Gradle plugin tags.
+
+.. _cordapp_contract_attachments_ref:
+
+CorDapp Contract Attachments
+----------------------------
+
+As of Corda 4, CorDapp Contract JARs must be installed on a node by a trusted uploader, either by
+
+- installing manually as per :ref:`Installing the CorDapp JAR <cordapp_install_ref>` and re-starting the node.
+
+- uploading the attachment JAR to the node via RPC, either programmatically (see :ref:`Connecting to a node via RPC <clientrpc_connect_ref>`)
+  or via the :doc:`shell` by issuing the following command:
+
+``>>> run uploadAttachment jar: path/to/the/file.jar``
+
+Contract attachments that are received from a peer over the p2p network are considered **untrusted** and will throw a `UntrustedAttachmentsException` exception
+when processed by a listening flow that cannot resolve that attachment from its local attachment storage. The flow will be aborted and sent to the nodes flow hospital for recovery and retry.
+The untrusted attachment JAR will be stored in the nodes local attachment store for review by a node operator. It can be downloaded for viewing using the following CRaSH shell command:
+
+``>>> run openAttachment id: <hash of untrusted attachment given by `UntrustedAttachmentsException` exception``
+
+Should the node operator deem the attachment trustworthy, they may then issue the following CRaSH shell command to reload it as trusted:
+
+``>>> run uploadAttachment jar: path/to/the/trusted-file.jar``
+
+and subsequently retry the failed flow (currently this requires a node re-start).
+
+.. note:: this behaviour is to protect the node from executing contract code that was not vetted. It is a temporary precaution until the
+   Deterministic JVM is integrated into Corda whereby execution takes place in a sandboxed environment which protects the node from malicious code.
+
+
+
diff --git a/docs/source/design/data-model-upgrades/migrate-to-signature-constraint.md b/docs/source/design/data-model-upgrades/migrate-to-signature-constraint.md
new file mode 100644
index 0000000000..c0da9c21a2
--- /dev/null
+++ b/docs/source/design/data-model-upgrades/migrate-to-signature-constraint.md
@@ -0,0 +1,151 @@
+# Migration from the hash constraint to the Signature constraint
+
+
+## Background
+
+Corda pre-V4 only supports HashConstraints and the WhitelistedByZoneConstraint.
+The default constraint, if no entry was added to the network parameters is the hash constraint.
+Thus, it's very likely that most first states were created with the Hash constraint.
+
+When changes will be required to the contract, the only alternative is the explicit upgrade, which creates a new contract, but inherits the HashConstraint (with the hash of the new jar this time). 
+
+**The current implementation of the explicit upgrade does not support changing the constraint.**
+
+It's very unlikely that these first deployments actually wanted a non-upgradeable version.
+
+This design doc is presenting a smooth migration path from the hash constraint to the signature constraint. 
+
+
+## Goals
+
+CorDapps that were released (states created) with the hash constraint should be able to transition to the signature constraint if the original developer decides to do that.
+
+A malicious party should not be able to attack this feature, by "taking ownership" of the original code.
+
+
+## Non-Goals
+
+Migration from the whitelist constraint was already implemented. so will not be addressed. (The cordapp developer or owner just needs to sign the jar and whitelist the signed jar.)
+
+Also versioning is being addressed in different design docs.
+
+
+## Design details
+
+### Requirements
+
+To migrate without disruption from the hash constraint, the jar that is attached to a spending transaction needs to satisfy both the hash constraint of the input state, as well as the signature constraint of the output state.
+
+Also, it needs to reassure future transaction verifiers - when doing transaction resolution - that this was a legitimate transition, and not a malicious attempt to replace the contract logic.
+
+
+### Process
+
+To achieve the first part, we can create this convention:
+
+- Developer signs the original jar (that was used with the hash constraint).
+- Nodes install it, thus whitelisting it.
+- The HashConstraint.verify method will be modified to verify the hash with and without signatures.
+- The nodes create normal transactions that spend an input state with the hashConstraint and output states with the signature constraint. No special spend-to-self transactions should be required.
+- This transaction would validate correctly as both constraints will pass - the unsigned hash matches, and the signatures are there.
+- This logic needs to be added to the constraint propagation transition matrix. This could be only enabled for states created pre-v4, when there was no alternative.
+    
+
+For the second part:
+    
+- The developer needs to claim the package (See package ownership). This will give confidence to future verifiers that it was the actual developer that continues to be the owner of that jar.  
+    
+
+To summarise, if a CorDapp developer wishes to migrate to the code it controls to the signature constraint for better flexibility:
+
+1. Claim the package. 
+2. Sign the jar and distribute it.
+3. In time all states will naturally transition to the signature constraint.
+4. Release new version as per the signature constraint. 
+
+
+A normal node would just download the signed jar using the normal process for that, and the platform will do the rest.
+
+
+### Caveats 
+
+###### Someone really wants to issue states with the HashConstraint, and ensure that can never change. 
+
+ - As mentioned above the transaction builder could only automatically transition states created pre-v4.  
+ 
+ - If this is the original developer of the cordapp, then they can just hardcode the check in the contract that the constraint must be the HashConstraint. 
+ 
+ - It is actually a third party that uses a contract it doesn't own, but wants to ensure that it's only that code that is used. 
+ This should not be allowed, as it would clash with states created without this constraint (that might have higher versions), and create incompatible states.  
+ The option in this case is to force such parties to actually create a new contract (maybe subclass the version they want), own it, and hardcode the check as above.
+
+
+######  Some nodes haven't upgraded all their states by the time a new release is already being used on the network.
+
+ - A transaction mixing an original HashConstraint state, and a v2 Signature constraint state will not pass. The only way out is to strongly "encourage" nodes to upgrade before the new release.
+  
+The problem is that, in a transaction, the attachment needs to pass the constraint of all states.
+
+If the rightful owner took over the contract of states originally released with the HashConstraint, and started releasing new versions then the following might happen:
+
+- NodeA did not migrate all his states to the Signature Constraint.
+- NodeB did, and already has states created with version 2.
+- If they decide to trade, NodeA will add his HashConstraint state, and NodeB will add his version2 SignatureConstraint state to a new transaction.
+This is an impossible transaction. Because if you select version1 of the contract you violate the non-downgrade rule. If you select version2 , you violate the initial HashConstraint.
+
+
+Note:  If we consider this to be a real problem, then we can implement a new NoOp Transaction type similar to the Notary change or the contract upgrade. The security implications need to be considered before such work is started.
+Nodes could use this type of transaction to change the constraint of existing states without the need to transact. 
+
+
+### Implementation details
+ 
+- Create a function to return the hash of a signed jar after it stripped the signatures. 
+- Change the HashConstraint to check against any of these 2 hashes.
+- Change the transaction builder logic to automatically transition constraints that are signed, owned, etc..
+- Change the constraint propagation transition logic to allow this.
+
+
+
+## Alternatives considered
+
+
+###  Migrating from the HashConstraint to the SignatureConstraint via the WhitelistConstraint. 
+
+We already have a strategy to migrate from the WhitelistConstraint to the Signature contraint:
+
+- Original developer (owner) signs the last version of the jar, and whitelists the signed version. 
+- The platform allows transitioning to the SignatureConstraint as long as all the signers of the jar are in the SignatureConstraint.  
+
+
+We could attempt to extend this strategy with a HashConstraint -> WhitelistConstraint path.
+
+#### The process would be:
+
+- Original developer of the contract that used the hashConstraint will make a whitelist contract request, and provide both the original jar and the original jar but signed.
+- The zone operator needs to make sure that this is the original developer who claims ownership of that corDapp. 
+
+##### Option 1: Skip the WhitelistConstraint when spending states. (InputState = HashConstraint, OutputState = SignatureConstraint)
+
+- This is not possible as one of the 2 constraints will fail.
+- Special constraint logic is needed which is risky.
+
+
+##### Option 2: Go through the WhitelistConstraint when spending states
+
+- When a state is spent, the transaction builder sees there is a whitelist constraint, and selects the first entry.
+- The transition matrix will allow the transition from hash to Whitelist.
+- Next time the state is spent, it will transition from the Whitelist constraint to the signature constraint.  
+
+
+##### Advantage:
+
+- The tricky step of removing the signature from a jar to calculate the hash is no longer required.
+
+
+##### Disadvantage:
+
+- The transition will happen in 2 steps, which will add another layer of surprise and of potential problems. 
+- The No-Op transaction will become mandatory for this, along with all the complexity it brings (all participants signing). It will need to be run twice. 
+- An unnecessary whitelist entry is added. If that developer also decides to claim the package (as probably most will do in the beginning), it will grow the network parameters and increase the workload on the Zone Operator.
+- We create an unintended migration path from the HashConstraint to the WhitelistConstraint.
diff --git a/docs/source/design/versioning/contract-versioning.md b/docs/source/design/versioning/contract-versioning.md
new file mode 100644
index 0000000000..30bd97b329
--- /dev/null
+++ b/docs/source/design/versioning/contract-versioning.md
@@ -0,0 +1,398 @@
+# Contract versioning and ensuring data integrity
+
+
+## Terminology used in this document:
+
+- ContractJAR = The code that contains the: State, Command, Contract and (optional) custom persistent Schema. This code is used to verify transactions and is stored on the ledger as an Attachment. (TODO: Find a better name.)
+- FlowsJAR = Code that contains the flows and services. This is installed on the node and exposes endpoints. (TODO: Find a better name.)
+- CorDapp = Distributed applications that run on the Corda platform (https://docs.corda.net/cordapp-overview.html). This term does not mean anything in this document, because it is including both of the above!
+- Attachment = A file that is stored on the "ledger" and is referenced by it's hash. In this document it is usually the ContractJAR.
+- Contract = The class that contains the verification logic. (lives in the ContractJar)
+- State schema or State = the fields that compose the ContractState class.
+
+
+## Background:
+
+This document addresses "Corda as a platform for applications" concerns. 
+
+These applications that run on Corda - CorDapps - as opposed to other blockchains are allowed to be updated to fix bugs and address new requirements.
+
+Corda also allows a lot of flexibility so CorDapps can depend on other CorDapps, which have different release cycles, and participants on the network can have any combination installed.
+
+This document is focused mainly on the "ContractJar" part of the CorDapps, as this is the Smart contract that lives on the ledger.
+
+Starting with version 3, Corda has introduced the WhitelistedByZone Contract Constraint, which is the first constraint that allows the contract and contract state type to evolve.
+In version 4 we will introduce the decentralized Signature Constraint, which is also an upgradable (allows evolving) constraint.
+This introduces a set of new problems that were not present when the Hash Constraint was the only alternative. (The Hash Constraint is non-upgradeable, as it pins the jar version to the hardcoded hash. It can only be upgraded via the "explicit" mechanism.)
+
+E.g.:
+Developer MegaCorp develops a token contract: `com.megacorp.tokens.MegaToken`.
+As various issues are discovered, and requirements change over time, MegaCorp constantly releases new versions and distributes them to node operators, who can use these new versions for new transactions.
+These versions could in theory either change the verification logic, change the meaning of various state fields, or even add/remove/rename fields.
+
+Also, this means that at any point in time, different nodes may have different versions of MegaToken installed. (and the associated MegaFlows that build transactions using this contract). But these nodes still need to communicate.
+
+Also in the vault of different nodes, there are states created by transactions with various versions of the token contract.
+
+Corda is designed such that the flow that builds the transaction (on its executing node) will have to choose the contract version that will be used to create the output states and also verify the current transaction. 
+
+But because input states are actually output states that are serialised with the previous transaction (built using a potentially different version of the contract), this means that states serialised with a version of the ContractJAR will need to be deserialisable with a different version. 
+
+
+.. image:: resources/tx-chain.png
+   :scale: 25%
+   :align: center
+
+
+## Goals
+
+- States should be correctly deserialized as an input state of a transaction that uses a different release of the contract code. 
+After the input states are correctly deserialised they can be correctly verified by the transaction contract.
+This is critical for the UTXO model of Corda to function correctly.
+
+- Define a simple process and basic tooling for contract code developers to ensure a consistent release process.   
+
+- Nodes should be prevented to select older buggy contract code for current transactions. 
+
+- Ensure basic mechanism for flows to not miss essential data when communicating with newer flows. 
+
+
+## Non-Goals
+
+This design is not about:
+
+- Addressing security issues discovered in an older version of a contract (that was used in transactions) without compromising the trust in the ledger. (There are proposals for this and can be extracted in a separate doc) 
+- Define the concept of "CorDapp identity" useful when flows or contracts are coded against third-party contracts.
+- Evolve states from the HashConstraint or the Whitelist constraint (addressed in a separate design).
+- Publishing And Distribution of applications to nodes.
+- Contract constraints, package ownership, or any operational concerns.
+
+## Issues considered but postponed for a future version of corda
+
+- How releasing new versions of contract code interacts with the explicit upgrade functionality. 
+- How contracts depend on other contracts.
+- Node to node communication using flows, and what impact different contract versions have on that. (Flows depending on contracts)
+- Versioning of flows and subflows and backwards compatibility concerns.
+
+
+### Assumptions and trade-offs made for the current version
+
+##### We assume that ContractStates will never change their semantics in a way that would impact other Contracts or Flows that depend on them.
+ 
+E.g.: If various contracts depend on Cash, the assumption is that no new field will be added to Cash that would have an influence over the amount or the owner (the fundamental fields of Cash).
+It is always safe to mix new CashStates with older states that depend on it. 
+
+This means that we can simplify the contract-to-contract dependency, also given that the UpgradeableContract is actually a contract that depends on another contract, it can be simplified too.
+
+This is not a very strong definition, so we will have to create more formalised rules in the next releases. 
+
+If any contract breaks this assumption, in Corda 4 there will be no platform support the transition to the new version. The burden of coordinating with all the other cordapp developers and nodes is on the original developer.
+
+
+##### Flow to Flow communication could be lossy for objects that are not ContractStates or Commands.
+
+Explanation: 
+Flows communicate by passing around various objects, and eventually the entire TransactionBuilder.
+As flows evolve, these objects might evolve too, even if the sequence stays the same. 
+The decision was that the node that sends data would decide (if his version is higher) if this new data is relevant for the other party.
+
+The objects that live on the ledger like ContractStates and Commands that the other party actually has to sign, will not be allowed to lose any data.
+ 
+
+##### We assume that cordapp developers will correctly understand all implications and handle backwards compatibility themselves.
+Basically they will have to realise that any version of a flow can talk to any other version, and code accordingly. 
+
+This get particularly tricky when there are reusable inline subflows involved.
+
+
+## Design details
+
+### Possible attack under the current implementation
+
+Cordapp developer Megacorp wants to release an update to their cordapp, and add support for accumulating debt on the token (which is a placeholder for something you really want to know about).
+
+- V1: com.megacorp.token.MegaToken(amount: Amount, owner: Party)
+- V2: com.megacorp.token.MegaToken(amount: Amount, owner: Party, accumulatedDebt: Amount? = 0)
+
+After they publish the new release, this sort of scenario could happen if we don't have a mechanism to stop it.
+
+1. Tx1: Alice transfers MegaToken to Bob, and selects V1 
+2. Tx2: Bob transfers to Chuck, but selects V2. The V1 output state will be deserialised with an accumulatedDebt=0, which is correct.
+3. After a while, Chuck accumulates some debt on this token.
+4. Txn: Chuck creates a transaction with Dan, but selects V1 as the contract version for this transaction, thus managing to "lose" the `accumulatedDebt`. (V1 does not know about the accumulatedDebt field)
+
+
+
+### High level description of the solution
+
+Currently we have the concept of "CorDapp" and, as described in the terminology section, this makes reasoning harder as it is actually composed of 2 parts. 
+
+Contracts and Flows should be able to evolve and be released independently, and have proper names and their own version, even if they share the same gradle multi-module build.
+
+Contract states need to be seen as evolvable objects that can be different from one version to the next.
+
+Corda uses a proprietary serialisation engine based on AMQP, which allows evolution of objects: https://docs.corda.net/serialization-enum-evolution.html.
+
+We can use features already implemented in the serialisation engine and add new features to make sure that data on the ledger is never lost from one transaction to the next. 
+
+
+### Contract Version 
+
+Contract code should live in it's own gradle module. This is already the way our examples are written.
+
+The Cordapp gradle plugin should be amended to differentiate between a "flows" module and a "contracts" module. 
+
+In the build.gradle file of the contracts module, there should be a `version` property that needs be incremented for each release.
+
+This `version' will be used for the regular release, and be part of the jar name.
+
+Also, when packaging the contract for release, the `version` should be added by the plugin to the manifest file, together with other properties like `target-platform-version.
+
+When loading the contractJar in the attachment storage, the version should be saved as a column, so it is easily accessible.
+ 
+The new cordapp plugin should also be able to deploy nodes with different versions of the code so that developers can test compatibility.
+
+Ideally the driver should be able to do this too.
+ 
+
+#### Alternatives considered
+
+The version can be of the `major.minor` format, so that developers can encode if they actually make a breaking change or not.
+Given that we assumed that breaking changes are not supported in this version, we can keep it to a simple `major`. 
+
+
+#### Backwards compatibility
+
+Contracts released before V4 will not have this metadata.
+
+Assuming that the constraints propagated correctly, when verifying a transaction where the constraint:
+
+    - is the HashConstraint the contract can be considered to have `version=1` 
+    - is the WhitelistedByZoneConstraint the contract can be considered: `version= Order_of_the_hash_in_the_whitelist` 
+
+Any signed ContractJars should be only considered valid if they have the version metadata. (As signing is a Corda4 feature)
+
+
+
+### Protection against losing data on the ledger
+
+The solution we propose is:
+
+- States can only evolve by respecting some predefined rules (see below).
+- The serialisation engine will need a new `Strict mode` feature to enforce the evolution rules.
+- The `version` metadata of the contract code can be used to make sure that nodes can't spend a state with an older version (downgrade).
+
+
+#### Contract State evolution
+
+States need to follow the general serialisation rules: https://docs.corda.net/serialization-default-evolution.html
+
+These are the possible evolutions based on these general rules:
+ - Adding nullable fields with default values is OK (deserialising old versions would populate the newer fields with the defaults)
+ - Adding non-nullable fields with default values is OK but requires extra serialisation annotation
+ - Removing fields is NotOK if that field was actually used during verification. (the removed field has to still be used by the verification logic.)
+ - Rename fields NOK ( will be possible in the future when the serialisation engine will support it)
+ - Changing type of field NOK (Serialisation engine would most likely fail )
+ - Deprecating fields OK (as long as it's not removed)
+
+
+Given the above reasoning, it means that states only support a subset of the general rules. Basically they can only evolve by adding new fields.
+ 
+Another way to look at this:
+
+    When Contract.verify is written (and compiled), it is in the same project as the current (from it's point of view) version of the State.
+    But, at runtime, the contract state it's operating with can actually be a deserialised version of any previous state.
+    That's why the current one needs to be a superset of all preceding states, and you can't verify with an older version.
+ 
+
+The serialisation engine needs to implement the above rules, and needs to run in this `Strict Mode` during transaction verification.
+This mode can be implemented as a new `SerializationContext`.
+
+The same serialization evolution `Strict Mode` needs to be enforced any time ContractStates or Commands are serialized. 
+This is to ensure that when flows communicate to older versions, the older node will not sign something that he doesn't know.
+ 
+
+##### Backwards compatibility
+
+The only case when this would break for existing transactions is when the Whitelist Constraint was used and states were evolved not according to the above rules.
+Should this rule be applied retroactively, or only for after-v4 transactions?
+
+
+### Non-downgrade rule
+
+To avoid the possibility of malicious nodes selecting old and buggy contract code when spending newer states, we need to enforce a `Non Downgrade rule`.
+
+Transactions contain an attachment for each contract. The version of the output states is the version of this contract attachment.
+(It can be seen as the version of code that instantiated and serialised those classes.)
+
+The rule is: the version of the code used in the transaction that spends a state needs to be >= any version of the input states. ``spending_version >= creation_version``
+
+This rule needs to be enforced at verification time, and also during transaction building.
+
+*Note:* This rule can be implemented as a normal contract constraint, as it is a constraint on the attachments that can be used on the spending transaction.
+We don't currently support multiple constraints on a state and don't have any delegation mechanism to implement it like that.
+ 
+
+#### Considered but decided against - Add Version field on TransactionState
+
+The `version` could also be stored redundantly to states on the ledger - as a field in ``TransactionState`` and also in the `vault_states` table.
+
+This would make the verification logic more clear and faster, and also expose the version of the input states to the contract verify code.
+
+Note:
+
+- When a transaction is verified the version of the attachment needs to match the version of the output states. 
+ 
+
+## Actions
+
+1. Implement the serialization `Strict Mode` and wire that during transaction verification, and more generally whenever it tries to deserialize ContractStates or Commands. 
+Also to define other possible evolutions and decide if possible or not (E.g: adding/removing interfaces).
+2. Find some good names for the `ContractJar` and the `FlowsJar`.
+3. Implement the gradle plugin changes to split the 'cordapp' into 'contract' (better name) and 'flows' (better name).
+4. Implement the versioning strategy proposed above in the 'contract' part of the plugin.
+5. When importing a ContractJar, read the version and save it as a database column. Also add it as a field to teh `ContractAttachment` class. 
+6. Implement the non-downgrade rule using the above `version`.
+7. Add support to the `cordapp` plugin and the driver to test multiple versions of the contractJar together.
+8. Document all the release process.
+9. Update samples with the new gradle plugin.
+10. Create an elaborate sample for some more complex flows and contract upgrade scenarios. 
+Ideally with new fields added to the state, new version of the flow protocol, internal flow objects changed, subflows, dependency on other contracts.
+This would be published as an example for how it should be done. 
+11. Use this elaborate  sample to create a comprehensive automated Behave Compatibility Test Suite.
+
+## Deferred tasks
+   
+1. Formalise the dependency rules between contracts, contracts and flows, and also subflow versioning.
+2. Find a way to hide the complexity of backwards compatibility from flow devlopers (maybe using a handshake).
+3. Remove custom contract state schema from ContractJar.
+
+## Appendix:
+
+This section contains various hypothetical scenarios to illustrate various issues and how they are solved by the current design.  
+
+These are the possible changes:
+ - changes to the state (fields added/removed from the state)
+ - changes to the verification logic (more restrictive, less restrictive, or both - for different checks)
+ - adding/removing/renaming of commands
+ - Persistent Schema changes (These are out of scope of this document, as they shouldn't be in contract jar in the first place)
+ - any combination of the above
+
+
+Terminology:
+
+- V1, V2 - are versions of the contract.
+- Tx1, Tx2 - are transactions between parties.
+
+
+#### Scenario 1 - Spending a state with an older contract. 
+- V1: com.megacorp.token.MegaToken(amount: Amount, owner: Party)
+- V2: com.megacorp.token.MegaToken(amount: Amount, owner: Party, accumulatedDebt: Amount? = 0)
+
+
+- Tx1: Alice transfers MegaToken to Bob, and selects V1 
+- Tx2: Bob transfers to Chuck, but selects V2. The V1 output state will be deserialised with an accumulatedDebt=0, which is correct.
+- After a while, Chuck accumulates some debt on this token.
+- Txn: Chuck creates a transaction with Dan, but selects V1 as the contract version for this transaction, thus managing to "lose" the accumulatedDebt. (V1 does not know about the accumulatedDebt field)
+
+
+Solution: This was analysed above. It will be solved by the non-downgrade rule and the serialization engine changes.
+
+
+#### Scenario 2: - Running an explicit upgrade  written against an older contract version.
+- V1: com.megacorp.token.MegaToken(amount: Amount, owner: Party)
+- V2: com.megacorp.token.MegaToken(amount: Amount, owner: Party, accumulatedDebt: Amount? = 0)
+- Another company creates a better com.gigacorp.token.GigaToken that is an UpgradedContract designed to replace the MegaToken via an explicit upgrade, but develop against V1 ( as V2 was not released at the time of development).
+
+Same as before:
+- Tx1: Alice transfers MegaToken to Bob, and selects V1 (the only version available at that time)
+- Tx2: Bob transfers to Chuck, but selects V2. The V1 output state will be deserialised with an accumulatedDebt=0, which is correct.
+- After a while, Chuck accumulates some debt on this token.
+- Chuck notices the GigaToken does not know about the accumulatedDebt field, so runs an explicit upgrade and transforms his MegaToken with debt into a clean GigaToken.
+
+Solution: This attack breaks the assumption we made that contracts will not be adding fields that change it fundamentally.
+
+
+#### Scenario 3 - Flows installed by 2 peers compiled against different contract versions.
+- Alice runs V1 of the MegaToken FlowsJAR, while Bob runs V2.
+- Bob builds a new transaction where he transfers a state with accumulatedDebt To Alice.
+- Alice is not able to correctly evaluate the business proposition, as she does not know that there even exists an accumulatedDebt field, but still signs it as if it was debt free.
+
+Solution: Solved by the assumption that peer-to-peer communication can be lossy, and the peer with the higher version is responsible to send the right data
+
+
+#### Scenario 4 - Developer attempts to rename a field from one version to the next. 
+- V1: com.megacorp.token.MegaToken(amount: Amount, owner: Party, accumulatedDebt: Amount )
+- V2: com.megacorp.token.MegaToken(amount: Amount, owner: Party, currentDebt: Amount)
+
+This is a rename of a field.  
+This would break as soon as you try to spend a V1 state with V2, because there is no default value for currentDebt.
+
+Solution: Not possible for now, as it breaks the serialisation evolution rules. Could be added as a new feature in the future.
+
+
+#### Scenario 5 - Contract verification logic becomes more strict in a new version. General concerns.
+- V1: check that amount > 10
+- V2: check that amount > 12 
+
+
+- Tx1: Alice transfers MegaToken(amount=11) to Bob, and selects V1
+- Tx2: Bob wants to forward it to Charlie, but in the meantime v2 is released, and Bob installs it.
+
+
+- If Bob selects V2, the contract will fail. So, Bob needs to select V1, but will Charlie accept it?
+
+The question is how important it is, that amount is >12?
+ - Is it a new regulation active from a date?
+ - Was it actually a (security) bug in V1?
+ - Is it just a change done for not good reason?
+
+Solution: This is not addressed in the current design doc. It needs to be explored in more depth.
+
+#### Scenario 6 - Contract verification logic becomes more strict in a new version. ???
+- V1: check that amount > 10
+- V2: check that amount > 12
+
+
+- Alice runs V1 of the MegaToken FlowsJAR, while Bob runs V2. So Alice does not know (yet) that in the future the amount will have to be >12.
+- Alice builds a transaction that transfers 11 token to Bob. This is a perfectly good transaction (from her point of view), with the V1 attachment.
+- Should Bob sign this transaction?	
+- This could be encoded in Bob's flow (who should know that the underlying contract has changed this way.). 
+
+Solution: Same as Scenario 5.
+
+
+#### Scenario 7 - Contract verification logic becomes less strict.
+- V1: check that amount > 12
+- V2: check that amount > 10 
+
+Alice runs V1 of the MegaToken FlowsJAR, while Bob runs V2.
+
+Because there was no change in the actual structure of the state it means the flow that Alice has installed is compatible with the newer version from Bob so Alice could download V2 from Bob.
+
+Solution: This should not require any change.
+
+
+#### Scenario 8 - Contract depends on another Contract.
+- V1: com.megacorp.token.MegaToken(amount: Amount, owner: Party)
+- V2: com.megacorp.token.MegaToken(amount: Amount, owner: Party, accumulatedDebt: Amount? = 0)
+
+A contract developed by a thirdparty: com.megabank.tokens.SuperToken depends on com.megacorp.token.MegaToken
+
+V1 of `com.megabank.tokens.SuperToken` is compiled against V1 of `com.megacorp.token.MegaToken`. So does not know about the new ``accumulatedDebt`` field.
+
+Alice swaps MegaToken-v2 for SuperToken-v1 with Bob in a transaction. If Alice select v1 of the SuperToken contract attachment, then it will not be able to correctly evaluate the transaction. 
+
+
+Solution: Solved by the assumption we made that contracts don't change fundamentally.
+
+
+#### Scenario 9 - A new command is added or removed 
+- V1 of com.megacorp.token.MegaToken has 3 Commands: Issue, Move, Exit
+- V2 of com.megacorp.token.MegaToken has 4 Commands: Issue, Move, Exit, AddDebt
+- V3 of com.megacorp.token.MegaToken has 3 Commands: Issue, Move, Exit
+
+There should not be any problem with adding/removing commands, as they apply only to transitions.
+Spending of a state should not be affected by the command that created it.  
+
+Solution: Does not require any change
diff --git a/docs/source/example-code/src/integration-test/java/net/corda/docs/java/tutorial/test/JavaIntegrationTestingTutorial.java b/docs/source/example-code/src/integration-test/java/net/corda/docs/java/tutorial/test/JavaIntegrationTestingTutorial.java
index 2446ccf699..c1253193f0 100644
--- a/docs/source/example-code/src/integration-test/java/net/corda/docs/java/tutorial/test/JavaIntegrationTestingTutorial.java
+++ b/docs/source/example-code/src/integration-test/java/net/corda/docs/java/tutorial/test/JavaIntegrationTestingTutorial.java
@@ -32,7 +32,7 @@ import static net.corda.testing.core.ExpectKt.expectEvents;
 import static net.corda.testing.core.TestConstants.ALICE_NAME;
 import static net.corda.testing.core.TestConstants.BOB_NAME;
 import static net.corda.testing.driver.Driver.driver;
-import static net.corda.testing.node.internal.TestCordappsUtilsKt.FINANCE_CORDAPPS;
+import static net.corda.testing.node.internal.InternalTestUtilsKt.FINANCE_CORDAPPS;
 import static org.junit.Assert.assertEquals;
 
 public class JavaIntegrationTestingTutorial {
diff --git a/docs/source/example-code/src/main/java/net/corda/docs/java/FinalityFlowMigration.java b/docs/source/example-code/src/main/java/net/corda/docs/java/FinalityFlowMigration.java
index ddb38ebd0b..2923792ec3 100644
--- a/docs/source/example-code/src/main/java/net/corda/docs/java/FinalityFlowMigration.java
+++ b/docs/source/example-code/src/main/java/net/corda/docs/java/FinalityFlowMigration.java
@@ -110,18 +110,21 @@ public class FinalityFlowMigration {
         @Suspendable
         @Override
         public Void call() throws FlowException {
+
+            // DOCSTART ExistingResponderFlow
+            // First we have to run the SignTransactionFlow, which will return a SignedTransaction.
             SignedTransaction txWeJustSigned = subFlow(new SignTransactionFlow(otherSide) {
                 @Suspendable
                 @Override
                 protected void checkTransaction(@NotNull SignedTransaction stx) throws FlowException {
-                    // Do checks here
+                    // Implement responder flow transaction checks here
                 }
             });
-            // DOCSTART ExistingResponderFlow
+
             if (otherSide.getCounterpartyFlowInfo().getFlowVersion() >= 2) {
                 // The other side is not using the old CorDapp so call ReceiveFinalityFlow to record the finalised transaction.
                 // If SignTransactionFlow is used then we can verify the tranaction we receive for recording is the same one
-                // that was just signed.
+                // that was just signed by passing the transaction id to ReceiveFinalityFlow.
                 subFlow(new ReceiveFinalityFlow(otherSide, txWeJustSigned.getId()));
             } else {
                 // Otherwise the other side is running the old CorDapp and so we don't need to do anything further. The node
diff --git a/docs/source/example-code/src/main/java/net/corda/docs/java/MockNetworkTestsTutorial.java b/docs/source/example-code/src/main/java/net/corda/docs/java/MockNetworkTestsTutorial.java
new file mode 100644
index 0000000000..6ee5480d67
--- /dev/null
+++ b/docs/source/example-code/src/main/java/net/corda/docs/java/MockNetworkTestsTutorial.java
@@ -0,0 +1,35 @@
+package net.corda.docs.java;
+
+// DOCSTART 1
+import net.corda.core.identity.CordaX500Name;
+import net.corda.testing.node.MockNetwork;
+import net.corda.testing.node.MockNetworkParameters;
+import net.corda.testing.node.StartedMockNode;
+import org.junit.After;
+import org.junit.Before;
+
+import static java.util.Collections.singletonList;
+import static net.corda.testing.node.TestCordapp.findCordapp;
+
+public class MockNetworkTestsTutorial {
+
+    private final MockNetwork mockNet = new MockNetwork(new MockNetworkParameters(singletonList(findCordapp("com.mycordapp.package"))));
+
+    @After
+    public void cleanUp() {
+        mockNet.stopNodes();
+    }
+// DOCEND 1
+
+// DOCSTART 2
+    private StartedMockNode nodeA;
+    private StartedMockNode nodeB;
+
+    @Before
+    public void setUp() {
+        nodeA = mockNet.createNode();
+        // We can optionally give the node a name.
+        nodeB = mockNet.createNode(new CordaX500Name("Bank B", "London", "GB"));
+    }
+// DOCEND 2
+}
diff --git a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/ClientRpcTutorial.kt b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/ClientRpcTutorial.kt
index dd0ea14b4f..b194b7956f 100644
--- a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/ClientRpcTutorial.kt
+++ b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/ClientRpcTutorial.kt
@@ -22,6 +22,7 @@ import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.driver.DriverParameters
 import net.corda.testing.node.User
 import net.corda.testing.driver.driver
+import net.corda.testing.node.internal.FINANCE_CORDAPPS
 import org.graphstream.graph.Edge
 import org.graphstream.graph.Node
 import org.graphstream.graph.implementations.MultiGraph
@@ -51,7 +52,7 @@ fun main(args: Array<String>) {
             startFlow<CashExitFlow>(),
             invokeRpc(CordaRPCOps::nodeInfo)
     ))
-    driver(DriverParameters(driverDirectory = baseDirectory, extraCordappPackagesToScan = listOf("net.corda.finance"), waitForAllNodesToFinish = true)) {
+    driver(DriverParameters(driverDirectory = baseDirectory, cordappsForAllNodes = FINANCE_CORDAPPS, waitForAllNodesToFinish = true)) {
         val node = startNode(providedName = ALICE_NAME, rpcUsers = listOf(user)).get()
         // END 1
 
diff --git a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/FinalityFlowMigration.kt b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/FinalityFlowMigration.kt
index 493105a875..64f52fc38e 100644
--- a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/FinalityFlowMigration.kt
+++ b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/FinalityFlowMigration.kt
@@ -70,13 +70,15 @@ class ExistingInitiatingFlow(private val counterparty: Party) : FlowLogic<Signed
 class ExistingResponderFlow(private val otherSide: FlowSession) : FlowLogic<Unit>() {
     @Suspendable
     override fun call() {
+        // DOCSTART ExistingResponderFlow
+        // First we have to run the SignTransactionFlow, which will return a SignedTransaction.
         val txWeJustSigned = subFlow(object : SignTransactionFlow(otherSide) {
             @Suspendable
             override fun checkTransaction(stx: SignedTransaction) {
-                // Do checks here
+                // Implement responder flow transaction checks here
             }
         })
-        // DOCSTART ExistingResponderFlow
+
         if (otherSide.getCounterpartyFlowInfo().flowVersion >= 2) {
             // The other side is not using the old CorDapp so call ReceiveFinalityFlow to record the finalised transaction.
             // If SignTransactionFlow is used then we can verify the tranaction we receive for recording is the same one
diff --git a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/MockNetworkTestsTutorial.kt b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/MockNetworkTestsTutorial.kt
new file mode 100644
index 0000000000..1a22076d9c
--- /dev/null
+++ b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/MockNetworkTestsTutorial.kt
@@ -0,0 +1,33 @@
+package net.corda.docs.kotlin
+
+// DOCSTART 1
+import net.corda.core.identity.CordaX500Name
+import net.corda.testing.node.MockNetwork
+import net.corda.testing.node.MockNetworkParameters
+import net.corda.testing.node.StartedMockNode
+import net.corda.testing.node.TestCordapp.Companion.findCordapp
+import org.junit.After
+import org.junit.Before
+
+class MockNetworkTestsTutorial {
+
+    private val mockNet = MockNetwork(MockNetworkParameters(listOf(findCordapp("com.mycordapp.package"))))
+
+    @After
+    fun cleanUp() {
+        mockNet.stopNodes()
+    }
+// DOCEND 1
+
+// DOCSTART 2
+    private lateinit var nodeA: StartedMockNode
+    private lateinit var nodeB: StartedMockNode
+
+    @Before
+    fun setUp() {
+        nodeA = mockNet.createNode()
+        // We can optionally give the node a name.
+        nodeB = mockNet.createNode(CordaX500Name("Bank B", "London", "GB"))
+    }
+// DOCEND 2
+}
diff --git a/docs/source/example-code/src/test/kotlin/net/corda/docs/kotlin/tutorial/testdsl/TutorialTestDSL.kt b/docs/source/example-code/src/test/kotlin/net/corda/docs/kotlin/tutorial/testdsl/TutorialTestDSL.kt
index 5069e8c11c..7b77ca27dd 100644
--- a/docs/source/example-code/src/test/kotlin/net/corda/docs/kotlin/tutorial/testdsl/TutorialTestDSL.kt
+++ b/docs/source/example-code/src/test/kotlin/net/corda/docs/kotlin/tutorial/testdsl/TutorialTestDSL.kt
@@ -3,6 +3,7 @@
 package net.corda.docs.kotlin.tutorial.testdsl
 
 import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.mock
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.contracts.TransactionVerificationException
 import net.corda.core.identity.CordaX500Name
@@ -47,7 +48,7 @@ class TutorialTestDSL {
             // You can also use the alternative parameter initialIdentityName which accepts a
             // [CordaX500Name]
             megaCorp,
-            rigorousMock<IdentityService>().also {
+            mock<IdentityService>().also {
         doReturn(megaCorp.party).whenever(it).partyFromKey(megaCorp.publicKey)
         doReturn(null).whenever(it).partyFromKey(bigCorp.publicKey)
         doReturn(null).whenever(it).partyFromKey(alice.publicKey)
diff --git a/docs/source/financial-model.rst b/docs/source/financial-model.rst
index b5f4e9d77c..d3252b6645 100644
--- a/docs/source/financial-model.rst
+++ b/docs/source/financial-model.rst
@@ -1,3 +1,9 @@
+.. highlight:: kotlin
+.. raw:: html
+
+   <script type="text/javascript" src="_static/jquery.js"></script>
+   <script type="text/javascript" src="_static/codesets.js"></script>
+
 Financial model
 ===============
 
diff --git a/docs/source/flow-overriding.rst b/docs/source/flow-overriding.rst
index 7c12b1d471..986b60606c 100644
--- a/docs/source/flow-overriding.rst
+++ b/docs/source/flow-overriding.rst
@@ -1,3 +1,9 @@
+.. highlight:: kotlin
+.. raw:: html
+
+   <script type="text/javascript" src="_static/jquery.js"></script>
+   <script type="text/javascript" src="_static/codesets.js"></script>
+
 Configuring Responder Flows
 ===========================
 
@@ -12,64 +18,9 @@ Subclassing a Flow
 If you have a workflow which is mostly common, but also requires slight alterations in specific situations, most developers would be familiar
 with refactoring into `Base` and `Sub` classes. A simple example is shown below.
 
-java
-~~~~
+.. container:: codeset
 
-   .. code-block:: java
-
-    @InitiatingFlow
-    public class Initiator extends FlowLogic<String> {
-        private final Party otherSide;
-
-        public Initiator(Party otherSide) {
-            this.otherSide = otherSide;
-        }
-
-        @Override
-        public String call() throws FlowException {
-            return initiateFlow(otherSide).receive(String.class).unwrap((it) -> it);
-        }
-    }
-
-    @InitiatedBy(Initiator.class)
-    public class BaseResponder extends FlowLogic<Void> {
-        private FlowSession counterpartySession;
-
-        public BaseResponder(FlowSession counterpartySession) {
-            super();
-            this.counterpartySession = counterpartySession;
-        }
-
-        @Override
-        public Void call() throws FlowException {
-            counterpartySession.send(getMessage());
-            return Void;
-        }
-
-
-        protected String getMessage() {
-            return "This Is the Legacy Responder";
-        }
-    }
-
-    public class SubResponder extends BaseResponder {
-
-        public SubResponder(FlowSession counterpartySession) {
-            super(counterpartySession);
-        }
-
-        @Override
-        protected String getMessage() {
-            return "This is the sub responder";
-        }
-    }
-
-
-
-kotlin
-~~~~~~
-
-    .. code-block:: kotlin
+   .. sourcecode:: kotlin
 
         @InitiatedBy(Initiator::class)
         open class BaseResponder(internal val otherSideSession: FlowSession) : FlowLogic<Unit>() {
@@ -87,8 +38,53 @@ kotlin
             }
         }
 
+   .. sourcecode:: java
+
+        @InitiatingFlow
+        public class Initiator extends FlowLogic<String> {
+            private final Party otherSide;
+
+            public Initiator(Party otherSide) {
+                this.otherSide = otherSide;
+            }
+
+            @Override
+            public String call() throws FlowException {
+                return initiateFlow(otherSide).receive(String.class).unwrap((it) -> it);
+            }
+        }
+
+        @InitiatedBy(Initiator.class)
+        public class BaseResponder extends FlowLogic<Void> {
+            private FlowSession counterpartySession;
+
+            public BaseResponder(FlowSession counterpartySession) {
+                super();
+                this.counterpartySession = counterpartySession;
+            }
+
+            @Override
+            public Void call() throws FlowException {
+                counterpartySession.send(getMessage());
+                return Void;
+            }
 
 
+            protected String getMessage() {
+                return "This Is the Legacy Responder";
+            }
+        }
+
+        public class SubResponder extends BaseResponder {
+            public SubResponder(FlowSession counterpartySession) {
+                super(counterpartySession);
+            }
+
+            @Override
+            protected String getMessage() {
+                return "This is the sub responder";
+            }
+        }
 
 
 Corda would detect that both ``BaseResponder`` and ``SubResponder`` are configured for responding to ``Initiator``.
diff --git a/docs/source/generating-a-node.rst b/docs/source/generating-a-node.rst
index 2277f80c69..496c031afb 100644
--- a/docs/source/generating-a-node.rst
+++ b/docs/source/generating-a-node.rst
@@ -140,13 +140,18 @@ To copy the same file to all nodes `ext.drivers` can be defined in the top level
 
 Signing Cordapp JARs
 ^^^^^^^^^^^^^^^^^^^^
-Cordform entry ``signing`` configures the signing of CorDapp JARs.
+The default behaviour of Cordform is to deploy CorDapp JARs "as built":
+
+ - prior to Corda 4 all CorDapp JARs were unsigned.
+ - as of Corda 4, CorDapp JARs created by the Gradle *cordapp* plugin are signed by a Corda development certificate by default.
+
+The Cordform ``signing`` entry can be used to override and customise the signing of CorDapp JARs.
 Signing the CorDapp enables its contract classes to use signature constraints instead of other types of the constraints :doc:`api-contract-constraints`.
-By default all CorDapp JARs are signed by Corda development certificate.
+
 The sign task may use an external keystore, or create a new one.
 The ``signing`` entry may contain the following parameters:
 
-* ``enabled`` the control flag to enable signing process, by default is set to ``true``, set to ``false`` to disable signing
+* ``enabled`` the control flag to enable signing process, by default is set to ``false``, set to ``true`` to enable signing
 * ``all`` if set to ``true`` (by default) all CorDapps inside *cordapp* subdirectory will be signed, otherwise if ``false`` then only the generated Cordapp will be signed
 * ``options`` any relevant parameters of `SignJar ANT task <https://ant.apache.org/manual/Tasks/signjar.html>`_ and `GenKey ANT task <https://ant.apache.org/manual/Tasks/genkey.html>`_,
   by default the JAR file is signed by Corda development key, the external keystore can be specified,
diff --git a/docs/source/index.rst b/docs/source/index.rst
index a0b17c7890..6677729d97 100644
--- a/docs/source/index.rst
+++ b/docs/source/index.rst
@@ -107,7 +107,4 @@ We look forward to seeing what you can do with Corda!
    :maxdepth: 2
    :if_tag: htmlmode
 
-   corda-network/index.md
-   corda-network/governance-structure.md
-   corda-network/governance-guidelines.md
-   corda-network/joining-corda-network.md
+   corda-network/index.md
\ No newline at end of file
diff --git a/docs/source/node-database.rst b/docs/source/node-database.rst
index 2f078cbaf5..97a9e0f39b 100644
--- a/docs/source/node-database.rst
+++ b/docs/source/node-database.rst
@@ -31,6 +31,7 @@ configuration for PostgreSQL:
     }
 
 Note that:
+
 * Database schema name can be set in JDBC URL string e.g. currentSchema=myschema
 * Database schema name must either match the ``dataSource.user`` value to end up
   on the standard schema search path according to the
diff --git a/docs/source/node-explorer.rst b/docs/source/node-explorer.rst
index cc68ad2970..f85281dba7 100644
--- a/docs/source/node-explorer.rst
+++ b/docs/source/node-explorer.rst
@@ -13,7 +13,10 @@ Running the UI
 **Other**::
 
     ./gradlew tools:explorer:run
-    
+
+.. note:: In order to connect to a given node, the node explorer must have access to all CorDapps loaded on that particular node.
+          By default, it only has access to the finance CorDapp.
+          All other CorDapps present on the node must be copied to a ``cordapps`` directory located within the directory from which the node explorer is run.
 
 Running demo nodes
 ------------------
diff --git a/docs/source/oracles.rst b/docs/source/oracles.rst
index 5066fe2f93..e9c7198c84 100644
--- a/docs/source/oracles.rst
+++ b/docs/source/oracles.rst
@@ -269,19 +269,10 @@ Here's an example of it in action from ``FixingFlow.Fixer``.
 Testing
 -------
 
-The ``MockNetwork`` allows the creation of ``MockNode`` instances, which are simplified nodes which can be used for
-testing (see :doc:`api-testing`). When creating the ``MockNetwork`` you supply a list of packages to scan for CorDapps.
-Make sure the packages you provide include your oracle service, and it automatically be installed in the test nodes.
-Then you can create an oracle node on the ``MockNetwork`` and insert any initialisation logic you want to use. In this
-case, our ``Oracle`` service is in the ``net.corda.irs.api`` package, so the following test setup will install
-the service in each node. Then an oracle node with an oracle service which is initialised with some data is created on
-the mock network:
-
-.. literalinclude:: ../../samples/irs-demo/cordapp/src/test/kotlin/net/corda/irs/api/OracleNodeTearOffTests.kt
-   :language: kotlin
-   :start-after: DOCSTART 1
-   :end-before: DOCEND 1
-   :dedent: 4
+The ``MockNetwork`` allows the creation of ``MockNode`` instances, which are simplified nodes which can be used for testing (see :doc:`api-testing`).
+When creating the ``MockNetwork`` you supply a list of ``TestCordapp`` objects which point to CorDapps on
+the classpath. These CorDapps will be installed on each node on the network. Make sure the packages you provide reference to the CorDapp
+containing your oracle service.
 
 You can then write tests on your mock network to verify the nodes interact with your Oracle correctly.
 
diff --git a/docs/source/release-notes.rst b/docs/source/release-notes.rst
index 920a724aea..8a371e12d5 100644
--- a/docs/source/release-notes.rst
+++ b/docs/source/release-notes.rst
@@ -287,7 +287,13 @@ The TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 family of ciphers is retired from the li
 as it is a legacy cipher family not supported by all native SSL/TLS implementations. We anticipate that this
 will have no impact on any deployed configurations.
 
-Miscelleneous changes
+Confidential identities
++++++++++++++++++++++++
+
+If any of your CorDapps use the experimental confidential-identities module then it also needs to be loaded as a separate CorDapp jar. This
+includes the demo finance CorDapp.
+
+Miscellaneous changes
 ~~~~~~~~~~~~~~~~~~~~~
 
 To learn more about smaller changes, please read the :doc:`changelog`.
diff --git a/docs/source/serialization-enum-evolution.rst b/docs/source/serialization-enum-evolution.rst
index 1b48594fe9..c0b94ef117 100644
--- a/docs/source/serialization-enum-evolution.rst
+++ b/docs/source/serialization-enum-evolution.rst
@@ -1,3 +1,9 @@
+.. highlight:: kotlin
+.. raw:: html
+
+   <script type="text/javascript" src="_static/jquery.js"></script>
+   <script type="text/javascript" src="_static/codesets.js"></script>
+
 Enum Evolution
 ==============
 
diff --git a/docs/source/tutorial-contract.rst b/docs/source/tutorial-contract.rst
index d47cb643d7..64b31c63fe 100644
--- a/docs/source/tutorial-contract.rst
+++ b/docs/source/tutorial-contract.rst
@@ -154,7 +154,7 @@ simple: it's given a class representing the transaction, and if the function ret
 acceptable. If it throws an exception, the transaction is rejected.
 
 Each transaction can have multiple input and output states of different types. The set of contracts to run is decided
-by taking the code references inside each state. Each contract is run only once. As an example, a contract that includes
+by taking the code references inside each state. Each contract is run only once. As an example, a transaction that includes
 2 cash states and 1 commercial paper state as input, and has as output 1 cash state and 1 commercial paper state, will
 run two contracts one time each: Cash and CommercialPaper.
 
diff --git a/docs/source/tutorial-observer-nodes.rst b/docs/source/tutorial-observer-nodes.rst
index 984230d7e4..9d3cdcfe75 100644
--- a/docs/source/tutorial-observer-nodes.rst
+++ b/docs/source/tutorial-observer-nodes.rst
@@ -47,8 +47,8 @@ Caveats
   later re-record the same transaction as an observer. This issue is tracked here:
   https://r3-cev.atlassian.net/browse/CORDA-883
 
-* Observer nodes will only record the states of the transactions sent to them, and not any states from any previous
-  transactions in the chain. If the observer node is required to follow the creation and deletion of states, then each
-  transaction in the chain involving those states must be sent individually. This is because the observer node does not
-  necessarily have any visibility into the states of intermediate transactions, and so cannot always determine whether
-  a previous state has been consumed when a new transaction is received.
+* When an observer node is sent a transaction with the ALL_VISIBLE flag set, any transactions in the transaction history
+  that have not already been received will also have ALL_VISIBLE states recorded. This mean a node that is both an observer
+  and a participant may have some transactions with all states recorded and some with only relevant states recorded, even
+  if those transactions are part of the same chain. As a result, there may be more states present in the vault than would be
+  expected if just those transactions sent with the ALL_VISIBLE recording flag were processed in this way.
diff --git a/docs/source/tutorial-tear-offs.rst b/docs/source/tutorial-tear-offs.rst
index 114257017b..926c552293 100644
--- a/docs/source/tutorial-tear-offs.rst
+++ b/docs/source/tutorial-tear-offs.rst
@@ -1,3 +1,9 @@
+.. highlight:: kotlin
+.. raw:: html
+
+   <script type="text/javascript" src="_static/jquery.js"></script>
+   <script type="text/javascript" src="_static/codesets.js"></script>
+
 Transaction tear-offs
 =====================
 
diff --git a/experimental/notary-bft-smart/build.gradle b/experimental/notary-bft-smart/build.gradle
deleted file mode 100644
index c94d9b8ba6..0000000000
--- a/experimental/notary-bft-smart/build.gradle
+++ /dev/null
@@ -1,47 +0,0 @@
-apply plugin: 'kotlin'
-apply plugin: 'kotlin-jpa'
-apply plugin: 'idea'
-apply plugin: 'net.corda.plugins.cordapp'
-apply plugin: 'net.corda.plugins.publish-utils'
-apply plugin: 'com.jfrog.artifactory'
-
-configurations {
-    integrationTestCompile.extendsFrom testCompile
-    integrationTestRuntime.extendsFrom testRuntime
-}
-
-dependencies {
-    cordaCompile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
-
-    // Corda integration dependencies
-    cordaCompile project(':node')
-
-    // BFT-SMaRt
-    compile 'commons-codec:commons-codec:1.10'
-    compile 'com.github.bft-smart:library:master-v1.1-beta-g6215ec8-87'
-
-    testCompile "junit:junit:$junit_version"
-    testCompile project(':node-driver')
-}
-
-idea {
-    module {
-        downloadJavadoc = true // defaults to false
-        downloadSources = true
-    }
-}
-
-publish {
-    name 'corda-notary-bft-smart'
-}
-
-cordapp {
-    targetPlatformVersion corda_platform_version.toInteger()
-    minimumPlatformVersion 1
-    workflow {
-        name "net/corda/experimental/notary-bft-smart"
-        versionId 1
-        vendor "R3"
-        licence "Open Source (Apache 2)"
-    }
-}
diff --git a/experimental/notary-raft/build.gradle b/experimental/notary-raft/build.gradle
deleted file mode 100644
index db5715bf7e..0000000000
--- a/experimental/notary-raft/build.gradle
+++ /dev/null
@@ -1,47 +0,0 @@
-apply plugin: 'kotlin'
-apply plugin: 'idea'
-apply plugin: 'net.corda.plugins.cordapp'
-apply plugin: 'net.corda.plugins.publish-utils'
-apply plugin: 'com.jfrog.artifactory'
-
-configurations {
-    integrationTestCompile.extendsFrom testCompile
-    integrationTestRuntime.extendsFrom testRuntime
-}
-
-dependencies {
-    cordaCompile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
-
-    // Corda integration dependencies
-    cordaCompile project(':node')
-
-    // Java Atomix: RAFT library
-    compile 'io.atomix.copycat:copycat-client:1.2.8'
-    compile 'io.atomix.copycat:copycat-server:1.2.8'
-    compile 'io.atomix.catalyst:catalyst-netty:1.2.1'
-
-    testCompile "junit:junit:$junit_version"
-    testCompile project(':node-driver')
-}
-
-idea {
-    module {
-        downloadJavadoc = true // defaults to false
-        downloadSources = true
-    }
-}
-
-publish {
-    name 'corda-notary-raft'
-}
-
-cordapp {
-    targetPlatformVersion corda_platform_version.toInteger()
-    minimumPlatformVersion 1
-    workflow {
-        name "net/corda/experimental/notary-raft"
-        versionId 1
-        vendor "R3"
-        licence "Open Source (Apache 2)"
-    }
-}
diff --git a/experimental/src/test/kotlin/net/corda/finance/contracts/universal/Cap.kt b/experimental/src/test/kotlin/net/corda/finance/contracts/universal/Cap.kt
index b276650b81..096e16da57 100644
--- a/experimental/src/test/kotlin/net/corda/finance/contracts/universal/Cap.kt
+++ b/experimental/src/test/kotlin/net/corda/finance/contracts/universal/Cap.kt
@@ -1,6 +1,7 @@
 package net.corda.finance.contracts.universal
 
 import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.mock
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.identity.CordaX500Name
 import net.corda.finance.contracts.BusinessCalendar
@@ -26,7 +27,7 @@ import java.time.LocalDate
 internal val DUMMY_NOTARY = TestIdentity(DUMMY_NOTARY_NAME, 20).party
 fun transaction(script: TransactionDSL<TransactionDSLInterpreter>.() -> EnforceVerifyOrFail) = run {
     MockServices(listOf("net.corda.finance.contracts.universal"), CordaX500Name("MegaCorp", "London", "GB"),
-            rigorousMock<IdentityServiceInternal>().also {
+            mock<IdentityServiceInternal>().also {
                 listOf(acmeCorp, highStreetBank, momAndPop).forEach { party ->
                     doReturn(null).whenever(it).partyFromKey(party.owningKey)
                 }
diff --git a/finance/contracts/build.gradle b/finance/contracts/build.gradle
index 89ac236954..d296ac46dd 100644
--- a/finance/contracts/build.gradle
+++ b/finance/contracts/build.gradle
@@ -15,7 +15,6 @@ dependencies {
     // cordapp project(':finance:workflows')
     // cordapp project(':finance:contracts')
     cordaCompile project(':core')
-    compile project(':confidential-identities')
 
     // For JSON
     compile "com.fasterxml.jackson.core:jackson-databind:${jackson_version}"
@@ -32,18 +31,14 @@ configurations {
     testArtifacts.extendsFrom testRuntime
 }
 
-task testJar(type: Jar) {
-    classifier "tests"
-    from sourceSets.test.output
-}
-
 jar {
     baseName 'corda-finance-contracts'
+    manifest {
+        attributes('Corda-Revision': 'n/a')
+        attributes('Corda-Vendor': 'Corda Open Source')
+    }
 }
 
-artifacts {
-    testArtifacts testJar
-}
 cordapp {
     targetPlatformVersion corda_platform_version.toInteger()
     minimumPlatformVersion 1
diff --git a/finance/contracts/src/main/kotlin/net/corda/finance/contracts/asset/Obligation.kt b/finance/contracts/src/main/kotlin/net/corda/finance/contracts/asset/Obligation.kt
index 38384d92d2..27265aa902 100644
--- a/finance/contracts/src/main/kotlin/net/corda/finance/contracts/asset/Obligation.kt
+++ b/finance/contracts/src/main/kotlin/net/corda/finance/contracts/asset/Obligation.kt
@@ -315,7 +315,7 @@ class Obligation<P : Any> : Contract {
         val outputAmount = outputs.sumObligations<P>()
         val issueCommands = tx.commands.select<Commands.Issue>()
         requireThat {
-            "output states are issued by a command signer" using (issuer.party in issueCommand.signingParties)
+            "output states are issued by a command signer" using (issuer.party.owningKey in issueCommand.signers)
             "output values sum to more than the inputs" using (outputAmount > inputAmount)
             "there is only a single issue command" using (issueCommands.count() == 1)
         }
diff --git a/finance/contracts/src/test/java/net/corda/finance/contracts/asset/CashTestsJava.java b/finance/contracts/src/test/java/net/corda/finance/contracts/asset/CashTestsJava.java
index f7f29b445d..78db47fcec 100644
--- a/finance/contracts/src/test/java/net/corda/finance/contracts/asset/CashTestsJava.java
+++ b/finance/contracts/src/test/java/net/corda/finance/contracts/asset/CashTestsJava.java
@@ -11,6 +11,7 @@ import net.corda.testing.core.TestIdentity;
 import net.corda.testing.node.MockServices;
 import org.junit.Rule;
 import org.junit.Test;
+import org.mockito.Mockito;
 
 import static java.util.Collections.emptyList;
 import static net.corda.finance.Currencies.DOLLARS;
@@ -19,6 +20,7 @@ import static net.corda.testing.node.NodeTestUtils.transaction;
 import static net.corda.testing.internal.RigorousMockKt.rigorousMock;
 import static net.corda.testing.core.TestConstants.DUMMY_NOTARY_NAME;
 import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.mock;
 
 /**
  * This is an incomplete Java replica of CashTests.kt to show how to use the Java test DSL
@@ -35,7 +37,7 @@ public class CashTestsJava {
 
     @Test
     public void trivial() {
-        IdentityServiceInternal identityService = rigorousMock(IdentityServiceInternal.class);
+        IdentityServiceInternal identityService = mock(IdentityServiceInternal.class);
         doReturn(MEGA_CORP.getParty()).when(identityService).partyFromKey(MEGA_CORP.getPublicKey());
         doReturn(MINI_CORP.getParty()).when(identityService).partyFromKey(MINI_CORP.getPublicKey());
         transaction(new MockServices(emptyList(), MEGA_CORP.getName(), identityService), DUMMY_NOTARY, tx -> {
diff --git a/finance/contracts/src/test/kotlin/net/corda/finance/contracts/asset/ObligationTests.kt b/finance/contracts/src/test/kotlin/net/corda/finance/contracts/asset/ObligationTests.kt
index 6cebecae9e..200bff756e 100644
--- a/finance/contracts/src/test/kotlin/net/corda/finance/contracts/asset/ObligationTests.kt
+++ b/finance/contracts/src/test/kotlin/net/corda/finance/contracts/asset/ObligationTests.kt
@@ -1,6 +1,7 @@
 package net.corda.finance.contracts.asset
 
 import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.mock
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.contracts.*
 import net.corda.core.crypto.NullKeys.NULL_PARTY
@@ -25,7 +26,6 @@ import net.corda.testing.core.*
 import net.corda.testing.dsl.*
 import net.corda.testing.internal.TEST_TX_TIME
 import net.corda.testing.internal.fakeAttachment
-import net.corda.testing.internal.rigorousMock
 import net.corda.testing.internal.vault.CommodityState
 import net.corda.testing.node.MockServices
 import net.corda.testing.node.ledger
@@ -81,12 +81,12 @@ class ObligationTests {
             beneficiary = CHARLIE
     )
     private val outState = inState.copy(beneficiary = AnonymousParty(BOB_PUBKEY))
-    private val miniCorpServices = object : MockServices(listOf("net.corda.finance.contracts.asset"), miniCorp, rigorousMock<IdentityService>()) {
+    private val miniCorpServices = object : MockServices(listOf("net.corda.finance.contracts.asset"), miniCorp, mock<IdentityService>()) {
         override fun loadState(stateRef: StateRef): TransactionState<*> = TransactionState(inState, Cash.PROGRAM_ID, dummyNotary.party) // Simulates the sate is recorded in node service
     }
 
-    private val notaryServices = MockServices(emptyList(), MEGA_CORP.name, rigorousMock(), dummyNotary.keyPair)
-    private val identityService = rigorousMock<IdentityServiceInternal>().also {
+    private val notaryServices = MockServices(emptyList(), MEGA_CORP.name, mock(), dummyNotary.keyPair)
+    private val identityService = mock<IdentityServiceInternal>().also {
         doReturn(null).whenever(it).partyFromKey(ALICE_PUBKEY)
         doReturn(null).whenever(it).partyFromKey(BOB_PUBKEY)
         doReturn(null).whenever(it).partyFromKey(CHARLIE.owningKey)
diff --git a/finance/contracts/src/test/kotlin/net/corda/finance/schemas/test/SampleCommercialPaperSchemaV1.kt b/finance/contracts/src/test/kotlin/net/corda/finance/schemas/test/SampleCommercialPaperSchemaV1.kt
deleted file mode 100644
index e7f5fa0def..0000000000
--- a/finance/contracts/src/test/kotlin/net/corda/finance/schemas/test/SampleCommercialPaperSchemaV1.kt
+++ /dev/null
@@ -1,53 +0,0 @@
-package net.corda.finance.schemas.test
-
-import net.corda.core.contracts.MAX_ISSUER_REF_SIZE
-import net.corda.core.schemas.MappedSchema
-import net.corda.core.schemas.PersistentState
-import net.corda.core.utilities.MAX_HASH_HEX_SIZE
-import org.hibernate.annotations.Type
-import java.time.Instant
-import javax.persistence.Column
-import javax.persistence.Entity
-import javax.persistence.Index
-import javax.persistence.Table
-
-/**
- * An object used to fully qualify the [CommercialPaperSchema] family name (i.e. independent of version).
- */
-object CommercialPaperSchema
-
-/**
- * First version of a commercial paper contract ORM schema that maps all fields of the [CommercialPaper] contract state
- * as it stood at the time of writing.
- */
-object SampleCommercialPaperSchemaV1 : MappedSchema(schemaFamily = CommercialPaperSchema.javaClass, version = 1, mappedTypes = listOf(PersistentCommercialPaperState::class.java)) {
-    @Entity
-    @Table(name = "cp_states", indexes = [Index(name = "ccy_code_index", columnList = "ccy_code"), Index(name = "maturity_index", columnList = "maturity_instant"), Index(name = "face_value_index", columnList = "face_value")])
-    class PersistentCommercialPaperState(
-            @Column(name = "issuance_key_hash", length = MAX_HASH_HEX_SIZE, nullable = false)
-            var issuancePartyHash: String,
-
-            @Column(name = "issuance_ref", nullable = false)
-            @Type(type = "corda-wrapper-binary")
-            var issuanceRef: ByteArray,
-
-            @Column(name = "owner_key_hash", length = MAX_HASH_HEX_SIZE, nullable = false)
-            var ownerHash: String,
-
-            @Column(name = "maturity_instant", nullable = false)
-            var maturity: Instant,
-
-            @Column(name = "face_value", nullable = false)
-            var faceValue: Long,
-
-            @Column(name = "ccy_code", length = 3, nullable = false)
-            var currency: String,
-
-            @Column(name = "face_value_issuer_key_hash", length = MAX_HASH_HEX_SIZE, nullable = false)
-            var faceValueIssuerPartyHash: String,
-
-            @Column(name = "face_value_issuer_ref", length = MAX_ISSUER_REF_SIZE, nullable = false)
-            @Type(type = "corda-wrapper-binary")
-            var faceValueIssuerRef: ByteArray
-    ) : PersistentState()
-}
diff --git a/finance/contracts/src/test/kotlin/net/corda/finance/schemas/test/SampleCommercialPaperSchemaV2.kt b/finance/contracts/src/test/kotlin/net/corda/finance/schemas/test/SampleCommercialPaperSchemaV2.kt
deleted file mode 100644
index eacd846df5..0000000000
--- a/finance/contracts/src/test/kotlin/net/corda/finance/schemas/test/SampleCommercialPaperSchemaV2.kt
+++ /dev/null
@@ -1,47 +0,0 @@
-package net.corda.finance.schemas.test
-
-import net.corda.core.contracts.MAX_ISSUER_REF_SIZE
-import net.corda.core.identity.AbstractParty
-import net.corda.core.schemas.CommonSchemaV1
-import net.corda.core.schemas.MappedSchema
-import net.corda.core.utilities.MAX_HASH_HEX_SIZE
-import net.corda.core.utilities.OpaqueBytes
-import org.hibernate.annotations.Type
-import java.time.Instant
-import javax.persistence.*
-
-/**
- * Second version of a cash contract ORM schema that extends the common
- * [VaultFungibleState] abstract schema
- */
-object SampleCommercialPaperSchemaV2 : MappedSchema(schemaFamily = CommercialPaperSchema.javaClass, version = 1,
-        mappedTypes = listOf(PersistentCommercialPaperState::class.java)) {
-    @Entity
-    @Table(name = "cp_states_v2", indexes = [Index(name = "ccy_code_index2", columnList = "ccy_code"), Index(name = "maturity_index2", columnList = "maturity_instant")])
-    class PersistentCommercialPaperState(
-            @Column(name = "maturity_instant", nullable = false)
-            var maturity: Instant,
-
-            @Column(name = "ccy_code", length = 3, nullable = false)
-            var currency: String,
-
-            @Column(name = "face_value_issuer_key_hash", length = MAX_HASH_HEX_SIZE, nullable = false)
-            var faceValueIssuerPartyHash: String,
-
-            @Column(name = "face_value_issuer_ref", length = MAX_ISSUER_REF_SIZE, nullable = false)
-            @Type(type = "corda-wrapper-binary")
-            var faceValueIssuerRef: ByteArray,
-
-            participants: Set<AbstractParty>,
-            owner: AbstractParty,
-            quantity: Long,
-            issuerParty: AbstractParty,
-            issuerRef: OpaqueBytes
-    ) : CommonSchemaV1.FungibleState(participants.toMutableSet(), owner, quantity, issuerParty, issuerRef.bytes) {
-
-        @ElementCollection
-        @Column(name = "participants")
-        @CollectionTable(name = "cp_states_v2_participants", joinColumns = [JoinColumn(name = "output_index", referencedColumnName = "output_index"), JoinColumn(name = "transaction_id", referencedColumnName = "transaction_id")])
-        override var participants: MutableSet<AbstractParty?>? = null
-    }
-}
diff --git a/finance/isolated/build.gradle b/finance/isolated/build.gradle
deleted file mode 100644
index 44166a1102..0000000000
--- a/finance/isolated/build.gradle
+++ /dev/null
@@ -1,6 +0,0 @@
-apply plugin: 'kotlin'
-apply plugin: CanonicalizerPlugin
-
-dependencies {
-    compileOnly project(':core')
-}
diff --git a/finance/isolated/src/main/kotlin/net/corda/finance/contracts/isolated/IsolatedDummyFlow.kt b/finance/isolated/src/main/kotlin/net/corda/finance/contracts/isolated/IsolatedDummyFlow.kt
deleted file mode 100644
index a065b49c43..0000000000
--- a/finance/isolated/src/main/kotlin/net/corda/finance/contracts/isolated/IsolatedDummyFlow.kt
+++ /dev/null
@@ -1,35 +0,0 @@
-package net.corda.finance.contracts.isolated
-
-import co.paralleluniverse.fibers.Suspendable
-import net.corda.core.flows.*
-import net.corda.core.identity.Party
-
-/**
- * Just sends a dummy state to the other side: used for testing whether attachments with code in them are being
- * loaded or blocked.
- */
-class IsolatedDummyFlow {
-    @StartableByRPC
-    @InitiatingFlow
-    class Initiator(val toWhom: Party) : FlowLogic<Unit>() {
-        @Suspendable
-        override fun call() {
-            val tx = AnotherDummyContract().generateInitial(
-                    serviceHub.myInfo.legalIdentities.first().ref(0),
-                    1234,
-                    serviceHub.networkMapCache.notaryIdentities.first()
-            )
-            val stx = serviceHub.signInitialTransaction(tx)
-            subFlow(SendTransactionFlow(initiateFlow(toWhom), stx))
-        }
-    }
-
-    @InitiatedBy(Initiator::class)
-    class Acceptor(val session: FlowSession) : FlowLogic<Unit>() {
-        @Suspendable
-        override fun call() {
-            val stx = subFlow(ReceiveTransactionFlow(session, checkSufficientSignatures = false))
-            stx.verify(serviceHub)
-        }
-    }
-}
diff --git a/finance/workflows/build.gradle b/finance/workflows/build.gradle
index 95c19859c5..7983d9d195 100644
--- a/finance/workflows/build.gradle
+++ b/finance/workflows/build.gradle
@@ -28,8 +28,8 @@ dependencies {
     // cordapp project(':finance:workflows')
     // cordapp project(':finance:contracts')
     cordaCompile project(':core')
-    compile project(':confidential-identities')
-
+    
+    cordapp project(':confidential-identities')
     cordapp project(':finance:contracts')
     
     testCompile project(':test-utils')
diff --git a/finance/workflows/src/main/kotlin/net/corda/finance/flows/CashPaymentFlow.kt b/finance/workflows/src/main/kotlin/net/corda/finance/flows/CashPaymentFlow.kt
index bed2aaadd1..940144ed67 100644
--- a/finance/workflows/src/main/kotlin/net/corda/finance/flows/CashPaymentFlow.kt
+++ b/finance/workflows/src/main/kotlin/net/corda/finance/flows/CashPaymentFlow.kt
@@ -52,7 +52,7 @@ open class CashPaymentFlow(
         val recipientSession = initiateFlow(recipient)
         recipientSession.send(anonymous)
         val anonymousRecipient = if (anonymous) {
-            subFlow(SwapIdentitiesFlow(recipientSession)).theirIdentity
+            subFlow(SwapIdentitiesFlow(recipientSession))[recipient]!!
         } else {
             recipient
         }
diff --git a/finance/workflows/src/main/kotlin/net/corda/finance/flows/TwoPartyDealFlow.kt b/finance/workflows/src/main/kotlin/net/corda/finance/flows/TwoPartyDealFlow.kt
index 3bfff54f01..cfc807db7c 100644
--- a/finance/workflows/src/main/kotlin/net/corda/finance/flows/TwoPartyDealFlow.kt
+++ b/finance/workflows/src/main/kotlin/net/corda/finance/flows/TwoPartyDealFlow.kt
@@ -55,7 +55,9 @@ object TwoPartyDealFlow {
         @Suspendable
         override fun call(): SignedTransaction {
             progressTracker.currentStep = GENERATING_ID
-            val (anonymousMe, anonymousCounterparty) = subFlow(SwapIdentitiesFlow(otherSideSession))
+            val txIdentities = subFlow(SwapIdentitiesFlow(otherSideSession))
+            val anonymousMe = txIdentities[ourIdentity]!!
+            val anonymousCounterparty = txIdentities[otherSideSession.counterparty]!!
             // DOCEND 2
             progressTracker.currentStep = SENDING_PROPOSAL
             // Make the first message we'll send to kick off the flow.
@@ -188,7 +190,7 @@ object TwoPartyDealFlow {
 
             // We set the transaction's time-window: it may be that none of the contracts need this!
             // But it can't hurt to have one.
-            ptx.setTimeWindow(serviceHub.clock.instant(), 30.seconds)
+            ptx.setTimeWindow(serviceHub.clock.instant(), 60.seconds)
             return Triple(ptx, arrayListOf(deal.participants.single { it is Party && serviceHub.myInfo.isLegalIdentity(it) }.owningKey), emptyList())
         }
     }
diff --git a/finance/workflows/src/test/kotlin/net/corda/finance/flows/CashSelectionTest.kt b/finance/workflows/src/test/kotlin/net/corda/finance/flows/CashSelectionTest.kt
index 5e379489d8..9aaa797b31 100644
--- a/finance/workflows/src/test/kotlin/net/corda/finance/flows/CashSelectionTest.kt
+++ b/finance/workflows/src/test/kotlin/net/corda/finance/flows/CashSelectionTest.kt
@@ -7,12 +7,12 @@ import net.corda.core.transactions.TransactionBuilder
 import net.corda.core.utilities.OpaqueBytes
 import net.corda.core.utilities.getOrThrow
 import net.corda.finance.DOLLARS
-import net.corda.finance.contracts.asset.Cash
 import net.corda.finance.contracts.asset.AbstractCashSelection
+import net.corda.finance.contracts.asset.Cash
 import net.corda.finance.contracts.getCashBalance
 import net.corda.finance.issuedBy
 import net.corda.testing.core.singleIdentity
-import net.corda.testing.node.internal.cordappsForPackages
+import net.corda.testing.node.internal.FINANCE_CORDAPPS
 import net.corda.testing.node.internal.InternalMockNetwork
 import net.corda.testing.node.internal.startFlow
 import org.assertj.core.api.Assertions.assertThat
@@ -20,7 +20,7 @@ import org.junit.After
 import org.junit.Test
 
 class CashSelectionTest {
-    private val mockNet = InternalMockNetwork(cordappsForAllNodes = cordappsForPackages("net.corda.finance"), threadPerNode = true)
+    private val mockNet = InternalMockNetwork(cordappsForAllNodes = FINANCE_CORDAPPS, threadPerNode = true)
 
     @After
     fun cleanUp() {
diff --git a/finance/workflows/src/test/kotlin/net/corda/finance/internal/CashConfigDataFlowTest.kt b/finance/workflows/src/test/kotlin/net/corda/finance/internal/CashConfigDataFlowTest.kt
index 29a84b9a4e..1461d67b09 100644
--- a/finance/workflows/src/test/kotlin/net/corda/finance/internal/CashConfigDataFlowTest.kt
+++ b/finance/workflows/src/test/kotlin/net/corda/finance/internal/CashConfigDataFlowTest.kt
@@ -1,28 +1,27 @@
 package net.corda.finance.internal
 
-import net.corda.core.internal.packageName
 import net.corda.core.utilities.getOrThrow
 import net.corda.finance.EUR
 import net.corda.finance.USD
 import net.corda.testing.node.MockNetwork
 import net.corda.testing.node.MockNetworkParameters
 import net.corda.testing.node.MockNodeParameters
-import net.corda.testing.node.internal.cordappWithPackages
+import net.corda.testing.node.internal.FINANCE_WORKFLOWS_CORDAPP
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.After
 import org.junit.Test
 
 class CashConfigDataFlowTest {
-    private val mockNet = MockNetwork(emptyList(), MockNetworkParameters(threadPerNode = true))
+    private val mockNet = MockNetwork(MockNetworkParameters(threadPerNode = true))
 
     @After
     fun cleanUp() = mockNet.stopNodes()
 
     @Test
     fun `issuable currencies read in from cordapp config`() {
-        val node = mockNet.createNode(MockNodeParameters(additionalCordapps = listOf(
-                cordappWithPackages(javaClass.packageName).copy(config = mapOf("issuableCurrencies" to listOf("EUR", "USD")))
-        )))
+        val node = mockNet.createNode(MockNodeParameters(
+                additionalCordapps = listOf(FINANCE_WORKFLOWS_CORDAPP.withConfig(mapOf("issuableCurrencies" to listOf("EUR", "USD"))))
+        ))
         val config = node.startFlow(CashConfigDataFlow()).getOrThrow()
         assertThat(config.issuableCurrencies).containsExactly(EUR, USD)
     }
diff --git a/isolated/build.gradle b/isolated/build.gradle
new file mode 100644
index 0000000000..45bd72e4af
--- /dev/null
+++ b/isolated/build.gradle
@@ -0,0 +1,29 @@
+apply plugin: 'kotlin'
+apply plugin: CanonicalizerPlugin
+apply plugin: 'net.corda.plugins.cordapp'
+
+description 'Isolated CorDapp for testing'
+
+dependencies {
+    cordaCompile project(':core')
+}
+
+cordapp {
+    targetPlatformVersion corda_platform_version.toInteger()
+    minimumPlatformVersion 1
+    sealing {
+        enabled false // This needs to be disabled for AttachmentsClassLoaderSerializationTests to work
+    }
+    contract {
+        name "Isolated Test CorDapp"
+        versionId 1
+        vendor "R3"
+        licence "Open Source (Apache 2)"
+    }
+    workflow {
+        name "Isolated Test CorDapp"
+        versionId 1
+        vendor "R3"
+        licence "Open Source (Apache 2)"
+    }
+}
diff --git a/finance/isolated/src/main/kotlin/net/corda/finance/contracts/isolated/AnotherDummyContract.kt b/isolated/src/main/kotlin/net/corda/isolated/contracts/AnotherDummyContract.kt
similarity index 85%
rename from finance/isolated/src/main/kotlin/net/corda/finance/contracts/isolated/AnotherDummyContract.kt
rename to isolated/src/main/kotlin/net/corda/isolated/contracts/AnotherDummyContract.kt
index d6e85290b8..994e6c49d7 100644
--- a/finance/isolated/src/main/kotlin/net/corda/finance/contracts/isolated/AnotherDummyContract.kt
+++ b/isolated/src/main/kotlin/net/corda/isolated/contracts/AnotherDummyContract.kt
@@ -1,13 +1,10 @@
-package net.corda.finance.contracts.isolated
+package net.corda.isolated.contracts
 
 import net.corda.core.contracts.*
 import net.corda.core.identity.AbstractParty
 import net.corda.core.identity.Party
 import net.corda.core.transactions.LedgerTransaction
 import net.corda.core.transactions.TransactionBuilder
-import net.corda.nodeapi.DummyContractBackdoor
-
-const val ANOTHER_DUMMY_PROGRAM_ID = "net.corda.finance.contracts.isolated.AnotherDummyContract"
 
 @Suppress("UNUSED")
 class AnotherDummyContract : Contract, DummyContractBackdoor {
@@ -32,4 +29,8 @@ class AnotherDummyContract : Contract, DummyContractBackdoor {
     }
 
     override fun inspectState(state: ContractState): Int = (state as State).magicNumber
+
+    companion object {
+        const val ANOTHER_DUMMY_PROGRAM_ID = "net.corda.isolated.contracts.AnotherDummyContract"
+    }
 }
\ No newline at end of file
diff --git a/finance/isolated/src/main/kotlin/net/corda/nodeapi/DummyContractBackdoor.kt b/isolated/src/main/kotlin/net/corda/isolated/contracts/DummyContractBackdoor.kt
similarity index 91%
rename from finance/isolated/src/main/kotlin/net/corda/nodeapi/DummyContractBackdoor.kt
rename to isolated/src/main/kotlin/net/corda/isolated/contracts/DummyContractBackdoor.kt
index 2b6e9c2eac..4598e78859 100644
--- a/finance/isolated/src/main/kotlin/net/corda/nodeapi/DummyContractBackdoor.kt
+++ b/isolated/src/main/kotlin/net/corda/isolated/contracts/DummyContractBackdoor.kt
@@ -1,4 +1,4 @@
-package net.corda.nodeapi
+package net.corda.isolated.contracts
 
 import net.corda.core.contracts.ContractState
 import net.corda.core.contracts.PartyAndReference
diff --git a/isolated/src/main/kotlin/net/corda/isolated/workflows/IsolatedIssuanceFlow.kt b/isolated/src/main/kotlin/net/corda/isolated/workflows/IsolatedIssuanceFlow.kt
new file mode 100644
index 0000000000..cb06e95257
--- /dev/null
+++ b/isolated/src/main/kotlin/net/corda/isolated/workflows/IsolatedIssuanceFlow.kt
@@ -0,0 +1,25 @@
+package net.corda.isolated.workflows
+
+import co.paralleluniverse.fibers.Suspendable
+import net.corda.core.contracts.ContractState
+import net.corda.core.contracts.StateRef
+import net.corda.core.flows.FlowLogic
+import net.corda.core.flows.StartableByRPC
+import net.corda.isolated.contracts.AnotherDummyContract
+
+@StartableByRPC
+class IsolatedIssuanceFlow(private val magicNumber: Int) : FlowLogic<StateRef>() {
+    @Suspendable
+    override fun call(): StateRef {
+        val stx = serviceHub.signInitialTransaction(
+                AnotherDummyContract().generateInitial(
+                        ourIdentity.ref(0),
+                        magicNumber,
+                        serviceHub.networkMapCache.notaryIdentities.first()
+                )
+        )
+        stx.verify(serviceHub)
+        serviceHub.recordTransactions(stx)
+        return stx.tx.outRef<ContractState>(0).ref
+    }
+}
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/exceptions/RpcExceptions.kt b/node-api/src/main/kotlin/net/corda/nodeapi/exceptions/RpcExceptions.kt
index 0ef6e6b295..6f3be3883a 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/exceptions/RpcExceptions.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/exceptions/RpcExceptions.kt
@@ -11,6 +11,12 @@ import net.corda.core.serialization.CordaSerializable
  */
 class DuplicateAttachmentException(attachmentHash: String) : java.nio.file.FileAlreadyExistsException(attachmentHash), ClientRelevantError
 
+/**
+ * Thrown to indicate that a contract class name of the same version was already uploaded to a Corda node.
+ */
+class DuplicateContractClassException(contractClassName: String, version: Int, attachmentHashes: List<String>) :
+        Exception("Contract $contractClassName version '$version' already present in the attachments $attachmentHashes"), ClientRelevantError
+
 /**
  * Thrown to indicate that a flow was not designed for RPC and should be started from an RPC client.
  */
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt
index b35ea6a762..18432d2a8b 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt
@@ -9,7 +9,9 @@ import net.corda.core.identity.PartyAndCertificate
 import net.corda.core.internal.hash
 import net.corda.core.internal.toX500Name
 import net.corda.nodeapi.internal.config.CertificateStore
-import net.corda.nodeapi.internal.crypto.*
+import net.corda.nodeapi.internal.crypto.CertificateAndKeyPair
+import net.corda.nodeapi.internal.crypto.CertificateType
+import net.corda.nodeapi.internal.crypto.X509Utilities
 import org.bouncycastle.asn1.x509.GeneralName
 import org.bouncycastle.asn1.x509.GeneralSubtree
 import org.bouncycastle.asn1.x509.NameConstraints
@@ -102,7 +104,12 @@ const val DEV_CA_TRUST_STORE_FILE: String = "cordatruststore.jks"
 const val DEV_CA_TRUST_STORE_PASS: String = "trustpass"
 const val DEV_CA_TRUST_STORE_PRIVATE_KEY_PASS: String = "trustpasskeypass"
 
-val DEV_PUB_KEY_HASHES: List<SecureHash.SHA256> get() = listOf(DEV_INTERMEDIATE_CA.certificate, DEV_ROOT_CA.certificate).map { it.publicKey.hash.sha256() }
+// A code signing policy is currently under design.
+// The following interim key represents a self-signed certificate produced using the Java keytool and located in the gradle cordapp plugins resources key store:
+// https://github.com/corda/corda-gradle-plugins/blob/master/cordapp/src/main/resources/certificates/cordadevcodesign.jks
+const val DEV_CORDAPP_CODE_SIGNING_STR = "AA59D829F2CA8FDDF5ABEA40D815F937E3E54E572B65B93B5C216AE6594E7D6B"
+
+val DEV_PUB_KEY_HASHES: List<SecureHash.SHA256> get() = listOf(DEV_INTERMEDIATE_CA.certificate, DEV_ROOT_CA.certificate).map { it.publicKey.hash.sha256() } + SecureHash.parse(DEV_CORDAPP_CODE_SIGNING_STR).sha256()
 
 // We need a class so that we can get hold of the class loader
 internal object DevCaHelper {
@@ -115,4 +122,4 @@ fun loadDevCaKeyStore(classLoader: ClassLoader = DevCaHelper::class.java.classLo
         "certificates/$DEV_CA_KEY_STORE_FILE", DEV_CA_KEY_STORE_PASS, DEV_CA_PRIVATE_KEY_PASS, classLoader)
 
 fun loadDevCaTrustStore(classLoader: ClassLoader = DevCaHelper::class.java.classLoader): CertificateStore = CertificateStore.fromResource(
-        "certificates/$DEV_CA_TRUST_STORE_FILE", DEV_CA_TRUST_STORE_PASS, DEV_CA_TRUST_STORE_PRIVATE_KEY_PASS, classLoader)
+        "certificates/$DEV_CA_TRUST_STORE_FILE", DEV_CA_TRUST_STORE_PASS, DEV_CA_TRUST_STORE_PRIVATE_KEY_PASS, classLoader)
\ No newline at end of file
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
index 9b5a866359..53bdd1cae7 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
@@ -163,7 +163,7 @@ internal constructor(private val initSerEnv: Boolean,
     private fun isBFTNotary(config: Config): Boolean {
         // TODO: pass a commandline parameter to the bootstrapper instead. Better yet, a notary config map
         //       specifying the notary identities and the type (single-node, CFT, BFT) of each notary to set up.
-        return config.getString("notary.className").contains("BFT", true)
+        return config.hasPath("notary.bftSMaRt")
     }
 
     private fun generateServiceIdentitiesForNotaryClusters(configs: Map<Path, Config>) {
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/AttachmentVersionNumberMigration.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/AttachmentVersionNumberMigration.kt
new file mode 100644
index 0000000000..c005100464
--- /dev/null
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/AttachmentVersionNumberMigration.kt
@@ -0,0 +1,102 @@
+package net.corda.nodeapi.internal.persistence
+
+import  liquibase.change.custom.CustomTaskChange
+import liquibase.database.Database
+import liquibase.database.jvm.JdbcConnection
+import liquibase.exception.ValidationErrors
+import liquibase.resource.ResourceAccessor
+import net.corda.core.node.NetworkParameters
+import net.corda.core.node.services.AttachmentId
+import net.corda.core.serialization.deserialize
+import net.corda.core.utilities.contextLogger
+
+class AttachmentVersionNumberMigration : CustomTaskChange {
+    companion object {
+        private val logger = contextLogger()
+    }
+
+    override fun execute(database: Database?) {
+        val connection = database?.connection as JdbcConnection
+        try {
+            logger.debug("Start executing...")
+            val networkParameters = getNetworkParameters(connection)
+            if (networkParameters == null) {
+                logger.debug("Network parameters not found.")
+                return
+            } else {
+                logger.debug("Network parameters epoch: ${networkParameters.epoch}, whitelistedContractImplementations: ${networkParameters.whitelistedContractImplementations}.")
+            }
+            val availableAttachments = getAttachmentsWithDefaultVersion(connection)
+            if (availableAttachments.isEmpty()) {
+                logger.debug("Attachments not found.")
+                return
+            } else {
+                logger.debug("Attachments with version '1': $availableAttachments")
+            }
+
+            availableAttachments.forEach { attachmentId ->
+                val versions = networkParameters?.whitelistedContractImplementations?.values.mapNotNull { it.indexOfFirst { it.toString() == attachmentId} }.filter { it >= 0 }
+                val maxPosition = versions.max() ?: 0
+                if (maxPosition > 0) {
+                    val version = maxPosition + 1
+                    val msg = "Updating version of attachment $attachmentId to '$version'"
+                    if (versions.toSet().size > 1)
+                        logger.warn("Several versions based on whitelistedContractImplementations position are available: ${versions.toSet()}. $msg")
+                    else
+                        logger.debug(msg)
+                    updateVersion(connection, attachmentId, version)
+                }
+            }
+
+            logger.debug("Done")
+        } catch (e: Exception) {
+            logger.error("Exception while retrieving network parameters ${e.message}", e)
+        }
+    }
+
+    override fun validate(database: Database?): ValidationErrors? {
+        return null
+    }
+
+    override fun getConfirmationMessage(): String? {
+        return null
+    }
+
+    override fun setFileOpener(resourceAccessor: ResourceAccessor?) {
+    }
+
+    override fun setUp() {
+    }
+
+    private fun getNetworkParameters(connection: JdbcConnection): NetworkParameters? =
+            connection.createStatement().use {
+                val rs = it.executeQuery("SELECT PARAMETERS_BYTES FROM NODE_NETWORK_PARAMETERS ORDER BY EPOCH DESC")
+                if (rs.next()) {
+                    val networkParametersBytes = rs.getBytes(1) as ByteArray
+                    val networkParameters: NetworkParameters = networkParametersBytes.deserialize()
+                    rs.close()
+                    networkParameters
+                } else
+                    null
+            }
+
+    private fun getAttachmentsWithDefaultVersion(connection: JdbcConnection): List<String> =
+            connection.createStatement().use {
+                val attachments = mutableListOf<String>()
+                val rs = it.executeQuery("SELECT ATT_ID FROM NODE_ATTACHMENTS WHERE VERSION = 1")
+                while (rs.next()) {
+                    val elem = rs.getString(1)
+                    attachments.add(elem)
+                }
+                rs.close()
+                attachments
+            }
+
+    private fun updateVersion(connection: JdbcConnection, attachmentId: String, version: Int) {
+        connection.prepareStatement("UPDATE NODE_ATTACHMENTS SET VERSION = ? WHERE ATT_ID = ?").use {
+            it.setInt(1, version)
+            it.setString(2, attachmentId)
+            it.executeUpdate()
+        }
+    }
+}
\ No newline at end of file
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/CordaPersistence.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/CordaPersistence.kt
index d1c1d3bf73..4122410d28 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/CordaPersistence.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/CordaPersistence.kt
@@ -60,10 +60,30 @@ enum class TransactionIsolationLevel {
     val jdbcValue: Int = java.sql.Connection::class.java.getField(jdbcString).get(null) as Int
 }
 
+internal val _prohibitDatabaseAccess = ThreadLocal.withInitial { false }
+
 private val _contextDatabase = InheritableThreadLocal<CordaPersistence>()
 var contextDatabase: CordaPersistence
-    get() = _contextDatabase.get() ?: error("Was expecting to find CordaPersistence set on current thread: ${Strand.currentStrand()}")
+    get() {
+        require(_prohibitDatabaseAccess.get() != true) { "Database access is disabled in this context." }
+        return _contextDatabase.get() ?: error("Was expecting to find CordaPersistence set on current thread: ${Strand.currentStrand()}")
+    }
     set(database) = _contextDatabase.set(database)
+
+/**
+ * The logic in the [block] will be prevented from opening a database transaction.
+ * Also will not be able to access database resources ( Like the context transaction or the [contextDatabase] ).
+ */
+fun <T> withoutDatabaseAccess(block: () -> T): T {
+    val oldValue = _prohibitDatabaseAccess.get()
+    _prohibitDatabaseAccess.set(true)
+    try {
+        return block()
+    } finally {
+        _prohibitDatabaseAccess.set(oldValue)
+    }
+}
+
 val contextDatabaseOrNull: CordaPersistence? get() = _contextDatabase.get()
 
 class CordaPersistence(
@@ -115,6 +135,9 @@ class CordaPersistence(
     private val liveTransactions = ConcurrentHashMap<UUID, DatabaseTransaction>()
 
     fun newTransaction(isolation: TransactionIsolationLevel = defaultIsolationLevel): DatabaseTransaction {
+        if (_prohibitDatabaseAccess.get()) {
+            throw IllegalAccessException("Database access is not allowed in the current context.")
+        }
         val outerTransaction = contextTransactionOrNull
         return DatabaseTransaction(isolation.jdbcValue, contextTransactionOrNull, this).also {
             contextTransactionOrNull = it
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/DatabaseTransaction.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/DatabaseTransaction.kt
index 5a12da37d7..5642c4d187 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/DatabaseTransaction.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/DatabaseTransaction.kt
@@ -10,11 +10,13 @@ import java.util.UUID
 import javax.persistence.EntityManager
 
 fun currentDBSession(): Session = contextTransaction.session
+
 private val _contextTransaction = ThreadLocal<DatabaseTransaction>()
 var contextTransactionOrNull: DatabaseTransaction?
-    get() = _contextTransaction.get()
+    get() = if (_prohibitDatabaseAccess.get() == true) throw IllegalAccessException("Database access is disabled in this context.") else _contextTransaction.get()
     set(transaction) = _contextTransaction.set(transaction)
-val contextTransaction get() = contextTransactionOrNull ?: error("Was expecting to find transaction set on current strand: ${Strand.currentStrand()}")
+val contextTransaction
+    get() = contextTransactionOrNull ?: error("Was expecting to find transaction set on current strand: ${Strand.currentStrand()}")
 
 class DatabaseTransaction(
         isolation: Int,
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/SchemaMigration.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/SchemaMigration.kt
index c79482d541..b78748b3da 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/SchemaMigration.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/SchemaMigration.kt
@@ -158,6 +158,10 @@ class SchemaMigration(
             if (schemas.any { schema -> schema.migrationResource == "node-notary.changelog-master" })
                 preV4Baseline.addAll(listOf("migration/node-notary.changelog-init.xml",
                         "migration/node-notary.changelog-v1.xml"))
+
+            if (schemas.any { schema -> schema.migrationResource == "notary-raft.changelog-master" })
+                preV4Baseline.addAll(listOf("migration/notary-raft.changelog-init.xml",
+                        "migration/notary-raft.changelog-v1.xml"))
         }
         if (isFinanceAppWithLiquibaseNotMigrated) {
             preV4Baseline.addAll(listOf("migration/cash.changelog-init.xml",
diff --git a/node-api/src/test/kotlin/net/corda/nodeapi/internal/AttachmentsClassLoaderStaticContractTests.kt b/node-api/src/test/kotlin/net/corda/nodeapi/internal/AttachmentsClassLoaderStaticContractTests.kt
index 76a4c3292c..a58df52a51 100644
--- a/node-api/src/test/kotlin/net/corda/nodeapi/internal/AttachmentsClassLoaderStaticContractTests.kt
+++ b/node-api/src/test/kotlin/net/corda/nodeapi/internal/AttachmentsClassLoaderStaticContractTests.kt
@@ -2,6 +2,7 @@ package net.corda.nodeapi.internal
 
 import com.nhaarman.mockito_kotlin.any
 import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.mock
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.contracts.*
 import net.corda.core.crypto.SecureHash
@@ -11,7 +12,7 @@ import net.corda.core.identity.Party
 import net.corda.core.internal.cordapp.CordappImpl.Companion.DEFAULT_CORDAPP_VERSION
 import net.corda.core.node.ServicesForResolution
 import net.corda.core.node.services.AttachmentStorage
-import net.corda.core.node.services.NetworkParametersStorage
+import net.corda.core.node.services.NetworkParametersService
 import net.corda.core.serialization.deserialize
 import net.corda.core.serialization.serialize
 import net.corda.core.transactions.LedgerTransaction
@@ -70,7 +71,7 @@ class AttachmentsClassLoaderStaticContractTests {
 
     private val networkParameters = testNetworkParameters()
 
-    private val networkParametersStorage get() = rigorousMock<NetworkParametersStorage>().also {
+    private val networkParametersService get() = mock<NetworkParametersService>().also {
         doReturn(networkParameters.serialize().hash).whenever(it).currentHash
     }
 
@@ -78,7 +79,7 @@ class AttachmentsClassLoaderStaticContractTests {
         val cordappProviderImpl = CordappProviderImpl(cordappLoaderForPackages(listOf("net.corda.nodeapi.internal")), MockCordappConfigProvider(), MockAttachmentStorage())
         cordappProviderImpl.start(testNetworkParameters().whitelistedContractImplementations)
         doReturn(cordappProviderImpl).whenever(it).cordappProvider
-        doReturn(networkParametersStorage).whenever(it).networkParametersStorage
+        doReturn(networkParametersService).whenever(it).networkParametersService
         doReturn(networkParameters).whenever(it).networkParameters
         val attachmentStorage = rigorousMock<AttachmentStorage>()
         doReturn(attachmentStorage).whenever(it).attachments
diff --git a/node/build.gradle b/node/build.gradle
index 81e1bb81ea..f6f302bd03 100644
--- a/node/build.gradle
+++ b/node/build.gradle
@@ -130,7 +130,6 @@ dependencies {
     testCompile project(':client:jfx')
     testCompile project(':finance:contracts')
     testCompile project(':finance:workflows')
-    testCompile project(':finance:isolated')
 
     // sample test schemas
     testCompile project(path: ':finance:contracts', configuration: 'testArtifacts')
@@ -169,6 +168,15 @@ dependencies {
     // AgentLoader: dynamic loading of JVM agents
     compile group: 'com.ea.agentloader', name: 'ea-agent-loader', version: "${eaagentloader_version}"
 
+    // BFT-Smart dependencies
+    compile 'commons-codec:commons-codec:1.10'
+    compile 'com.github.bft-smart:library:master-v1.1-beta-g6215ec8-87'
+
+    // Java Atomix: RAFT library
+    compile 'io.atomix.copycat:copycat-client:1.2.3'
+    compile 'io.atomix.copycat:copycat-server:1.2.3'
+    compile 'io.atomix.catalyst:catalyst-netty:1.1.2'
+
     // Jetty dependencies for NetworkMapClient test.
     // Web stuff: for HTTP[S] servlets
     testCompile "org.eclipse.jetty:jetty-servlet:${jetty_version}"
@@ -186,6 +194,7 @@ dependencies {
     compile "com.palominolabs.metrics:metrics-new-relic:${metrics_new_relic_version}"
 
     testCompile(project(':test-cli'))
+    testCompile(project(':test-utils'))
 }
 
 tasks.withType(JavaCompile) {
diff --git a/node/src/integration-test/kotlin/net/corda/node/AddressBindingFailureTests.kt b/node/src/integration-test/kotlin/net/corda/node/AddressBindingFailureTests.kt
index bc1da1cfad..f6044946f1 100644
--- a/node/src/integration-test/kotlin/net/corda/node/AddressBindingFailureTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/AddressBindingFailureTests.kt
@@ -55,7 +55,7 @@ class AddressBindingFailureTests {
 
         ServerSocket(0).use { socket ->
 
-            val address = InetSocketAddress(socket.localPort).toNetworkHostAndPort()
+            val address = InetSocketAddress("localhost", socket.localPort).toNetworkHostAndPort()
             driver(DriverParameters(startNodesInProcess = true, notarySpecs = emptyList(), inMemoryDB = false, portAllocation = portAllocation)) {
 
                 assertThatThrownBy { startNode(customOverrides = overrides(address)).getOrThrow() }.isInstanceOfSatisfying(AddressBindingException::class.java) { exception ->
diff --git a/node/src/integration-test/kotlin/net/corda/node/CordappConstraintsTests.kt b/node/src/integration-test/kotlin/net/corda/node/CordappConstraintsTests.kt
index 3cc05ea5b4..9d7ebc0f8f 100644
--- a/node/src/integration-test/kotlin/net/corda/node/CordappConstraintsTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/CordappConstraintsTests.kt
@@ -28,6 +28,7 @@ import net.corda.testing.node.NotarySpec
 import net.corda.testing.node.User
 import net.corda.testing.node.internal.cordappWithPackages
 import org.assertj.core.api.Assertions.assertThat
+import org.junit.Ignore
 import org.junit.Test
 
 class CordappConstraintsTests {
@@ -37,7 +38,7 @@ class CordappConstraintsTests {
                 invokeRpc(CordaRPCOps::wellKnownPartyFromX500Name),
                 invokeRpc(CordaRPCOps::notaryIdentities),
                 invokeRpc("vaultTrackByCriteria")))
-        val UNSIGNED_FINANCE_CORDAPP = cordappWithPackages("net.corda.finance")
+        val UNSIGNED_FINANCE_CORDAPP = cordappWithPackages("net.corda.finance", "migration", "META-INF.services")
         val SIGNED_FINANCE_CORDAPP = UNSIGNED_FINANCE_CORDAPP.signed()
     }
 
@@ -45,6 +46,7 @@ class CordappConstraintsTests {
     fun `issue cash using signature constraints`() {
         driver(DriverParameters(
                 networkParameters = testNetworkParameters(minimumPlatformVersion = 4),
+                cordappsForAllNodes = emptyList(),
                 inMemoryDB = false
         )) {
             val alice = startNode(NodeParameters(
@@ -71,6 +73,7 @@ class CordappConstraintsTests {
     fun `issue cash using hash and signature constraints`() {
         driver(DriverParameters(
                 networkParameters = testNetworkParameters(minimumPlatformVersion = 4),
+                cordappsForAllNodes = emptyList(),
                 inMemoryDB = false
         )) {
             println("Starting the node using unsigned contract jar ...")
diff --git a/node/src/integration-test/kotlin/net/corda/node/flows/AsymmetricCorDappsTests.kt b/node/src/integration-test/kotlin/net/corda/node/flows/AsymmetricCorDappsTests.kt
index e5c1510c16..9c231e7006 100644
--- a/node/src/integration-test/kotlin/net/corda/node/flows/AsymmetricCorDappsTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/flows/AsymmetricCorDappsTests.kt
@@ -50,11 +50,11 @@ class AsymmetricCorDappsTests {
         driver(DriverParameters(startNodesInProcess = false, cordappsForAllNodes = emptySet())) {
             val nodeA = startNode(NodeParameters(
                     providedName = ALICE_NAME,
-                    additionalCordapps = setOf(cordappForClasses(Ping::class.java))
+                    additionalCordapps = setOf(cordappForClasses(Ping::class.java, AsymmetricCorDappsTests::class.java))
             )).getOrThrow()
             val nodeB = startNode(NodeParameters(
                     providedName = BOB_NAME,
-                    additionalCordapps = setOf(cordappForClasses(Ping::class.java, Pong::class.java))
+                    additionalCordapps = setOf(cordappForClasses(Ping::class.java, Pong::class.java, AsymmetricCorDappsTests::class.java))
             )).getOrThrow()
             nodeA.rpc.startFlow(::Ping, nodeB.nodeInfo.singleIdentity(), 1).returnValue.getOrThrow()
         }
@@ -62,8 +62,8 @@ class AsymmetricCorDappsTests {
 
     @Test
     fun `shared cordapps with asymmetric specific classes`() {
-        val sharedCordapp = cordappForClasses(Ping::class.java)
-        val cordappForNodeB = cordappForClasses(Pong::class.java)
+        val sharedCordapp = cordappForClasses(Ping::class.java, AsymmetricCorDappsTests::class.java)
+        val cordappForNodeB = cordappForClasses(Pong::class.java, AsymmetricCorDappsTests::class.java)
         driver(DriverParameters(startNodesInProcess = false, cordappsForAllNodes = setOf(sharedCordapp))) {
             val (nodeA, nodeB) = listOf(
                     startNode(NodeParameters(providedName = ALICE_NAME)),
@@ -75,8 +75,8 @@ class AsymmetricCorDappsTests {
 
     @Test
     fun `shared cordapps with asymmetric specific classes in process`() {
-        val sharedCordapp = cordappForClasses(Ping::class.java)
-        val cordappForNodeB = cordappForClasses(Pong::class.java)
+        val sharedCordapp = cordappForClasses(Ping::class.java, AsymmetricCorDappsTests::class.java)
+        val cordappForNodeB = cordappForClasses(Pong::class.java, AsymmetricCorDappsTests::class.java)
         driver(DriverParameters(startNodesInProcess = true, cordappsForAllNodes = setOf(sharedCordapp))) {
             val (nodeA, nodeB) = listOf(
                     startNode(NodeParameters(providedName = ALICE_NAME)),
diff --git a/node/src/integration-test/kotlin/net/corda/node/flows/FlowCheckpointVersionNodeStartupCheckTest.kt b/node/src/integration-test/kotlin/net/corda/node/flows/FlowCheckpointVersionNodeStartupCheckTest.kt
index 24523b5bad..c2339e199a 100644
--- a/node/src/integration-test/kotlin/net/corda/node/flows/FlowCheckpointVersionNodeStartupCheckTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/flows/FlowCheckpointVersionNodeStartupCheckTest.kt
@@ -1,10 +1,7 @@
 package net.corda.node.flows
 
+import net.corda.core.internal.*
 import net.corda.core.internal.concurrent.transpose
-import net.corda.core.internal.div
-import net.corda.core.internal.list
-import net.corda.core.internal.moveTo
-import net.corda.core.internal.readLines
 import net.corda.core.messaging.startTrackedFlow
 import net.corda.core.utilities.getOrThrow
 import net.corda.node.internal.CheckpointIncompatibleException
@@ -18,9 +15,7 @@ import net.corda.testing.driver.DriverParameters
 import net.corda.testing.driver.NodeParameters
 import net.corda.testing.driver.driver
 import net.corda.testing.node.TestCordapp
-import net.corda.testing.node.internal.CustomCordapp
-import net.corda.testing.node.internal.ListenProcessDeathException
-import net.corda.testing.node.internal.cordappForClasses
+import net.corda.testing.node.internal.*
 import net.test.cordapp.v1.Record
 import net.test.cordapp.v1.SendMessageFlow
 import org.assertj.core.api.Assertions.assertThat
@@ -36,13 +31,8 @@ import kotlin.test.assertNotNull
 class FlowCheckpointVersionNodeStartupCheckTest {
     companion object {
         val message = Message("Hello world!")
-        val defaultCordapp = cordappForClasses(
-                MessageState::class.java,
-                MessageContract::class.java,
-                SendMessageFlow::class.java,
-                MessageSchema::class.java,
-                MessageSchemaV1::class.java,
-                Record::class.java
+        val defaultCordapp = cordappWithPackages(
+                MessageState::class.packageName, SendMessageFlow::class.packageName
         )
     }
 
@@ -57,7 +47,7 @@ class FlowCheckpointVersionNodeStartupCheckTest {
             val result = if (page.snapshot.states.isNotEmpty()) {
                 page.snapshot.states.first()
             } else {
-                val r = page.updates.timeout(5, TimeUnit.SECONDS).take(1).toBlocking().single()
+                val r = page.updates.timeout(10, TimeUnit.SECONDS).take(1).toBlocking().single()
                 if (r.consumed.isNotEmpty()) r.consumed.first() else r.produced.first()
             }
             assertNotNull(result)
@@ -90,18 +80,24 @@ class FlowCheckpointVersionNodeStartupCheckTest {
     @Test
     fun `restart node with incompatible version of suspended flow due to different jar hash`() {
         driver(parametersForRestartingNodes()) {
-            val uniqueName = "different-jar-hash-test-${UUID.randomUUID()}"
-            val cordapp = defaultCordapp.copy(name = uniqueName)
+            val uniqueWorkflowJarName = "different-jar-hash-test-${UUID.randomUUID()}"
+            val uniqueContractJarName = "contract-$uniqueWorkflowJarName"
+            val defaultWorkflowJar = cordappWithPackages(SendMessageFlow::class.packageName)
+            val defaultContractJar = cordappWithPackages(MessageState::class.packageName)
+            val contractJar = defaultContractJar.copy(name = uniqueContractJarName)
+            val workflowJar = defaultWorkflowJar.copy(name = uniqueWorkflowJarName)
 
-            val bobBaseDir = createSuspendedFlowInBob(setOf(cordapp))
+            val bobBaseDir = createSuspendedFlowInBob(setOf(workflowJar, contractJar))
 
             val cordappsDir = bobBaseDir / "cordapps"
-            val cordappJar = cordappsDir.list().single { it.toString().endsWith(".jar") }
+            val cordappJar = cordappsDir.list().single {
+               ! it.toString().contains(uniqueContractJarName) && it.toString().endsWith(".jar")
+            }
             // Make sure we're dealing with right jar
-            assertThat(cordappJar.fileName.toString()).contains(uniqueName)
+            assertThat(cordappJar.fileName.toString()).contains(uniqueWorkflowJarName)
 
             // The name is part of the MANIFEST so changing it is sufficient to change the jar hash
-            val modifiedCordapp = cordapp.copy(name = "${cordapp.name}-modified")
+            val modifiedCordapp = workflowJar.copy(name = "${workflowJar.name}-modified")
             val modifiedCordappJar = CustomCordapp.getJarFile(modifiedCordapp)
             modifiedCordappJar.moveTo(cordappJar, REPLACE_EXISTING)
 
@@ -135,14 +131,15 @@ class FlowCheckpointVersionNodeStartupCheckTest {
             )).getOrThrow()
         }
 
-        val logDir = baseDirectory(BOB_NAME) / NodeStartup.LOGS_DIRECTORY_NAME
-        val logFile = logDir.list { it.filter { it.fileName.toString().endsWith(".log") }.findAny().get() }
+        val logDir = baseDirectory(BOB_NAME)
+        val logFile = logDir.list { it.filter { it.fileName.toString().endsWith("out.log") }.findAny().get() }
         val matchingLineCount = logFile.readLines { it.filter { line -> logMessage in line }.count() }
         assertEquals(1, matchingLineCount)
     }
 
     private fun parametersForRestartingNodes(): DriverParameters {
         return DriverParameters(
+                isDebug = true,
                 startNodesInProcess = false, // Start nodes in separate processes to ensure CordappLoader is not shared between restarts
                 inMemoryDB = false, // Ensure database is persisted between node restarts so we can keep suspended flows
                 cordappsForAllNodes = emptyList()
diff --git a/node/src/integration-test/kotlin/net/corda/node/flows/FlowRetryTest.kt b/node/src/integration-test/kotlin/net/corda/node/flows/FlowRetryTest.kt
index b1b0f0443f..2719379beb 100644
--- a/node/src/integration-test/kotlin/net/corda/node/flows/FlowRetryTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/flows/FlowRetryTest.kt
@@ -16,6 +16,7 @@ import net.corda.core.utilities.ProgressTracker
 import net.corda.core.utilities.getOrThrow
 import net.corda.core.utilities.unwrap
 import net.corda.node.services.Permissions
+import net.corda.node.services.statemachine.FlowTimeoutException
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
 import net.corda.testing.core.singleIdentity
@@ -117,8 +118,6 @@ fun isQuasarAgentSpecified(): Boolean {
     return jvmArgs.any { it.startsWith("-javaagent:") && it.contains("quasar") }
 }
 
-class ExceptionToCauseRetry : SQLException("deadlock")
-
 class ExceptionToCauseFiniteRetry : ConstraintViolationException("Faked violation", SQLException("Fake"), "Fake name")
 
 @StartableByRPC
@@ -135,7 +134,7 @@ class InitiatorFlow(private val sessionsCount: Int, private val iterationsCount:
             val visited = Visited(sessionNum, iterationNum, step)
             if (visited !in seen) {
                 seen += visited
-                throw ExceptionToCauseRetry()
+                throw FlowTimeoutException()
             }
         }
     }
@@ -186,7 +185,7 @@ class InitiatedFlow(val session: FlowSession) : FlowLogic<Any>() {
             val visited = Visited(sessionNum, iterationNum, step)
             if (visited !in seen) {
                 seen += visited
-                throw ExceptionToCauseRetry()
+                throw FlowTimeoutException()
             }
         }
     }
diff --git a/node/src/integration-test/kotlin/net/corda/node/logging/ErrorCodeLoggingTests.kt b/node/src/integration-test/kotlin/net/corda/node/logging/ErrorCodeLoggingTests.kt
index a22ab7a8dc..bc3c0569a7 100644
--- a/node/src/integration-test/kotlin/net/corda/node/logging/ErrorCodeLoggingTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/logging/ErrorCodeLoggingTests.kt
@@ -43,6 +43,4 @@ private fun FlowHandle<*>.waitForCompletion() {
     } catch (e: Exception) {
         // This is expected to throw an exception, using getOrThrow() just to wait until done.
     }
-}
-
-private fun NodeHandle.logFile(): File = (baseDirectory / "logs").toFile().walk().filter { it.name.startsWith("node-") && it.extension == "log" }.single()
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/node/src/integration-test/kotlin/net/corda/node/logging/IssueCashLoggingTests.kt b/node/src/integration-test/kotlin/net/corda/node/logging/IssueCashLoggingTests.kt
new file mode 100644
index 0000000000..6647b7bb4f
--- /dev/null
+++ b/node/src/integration-test/kotlin/net/corda/node/logging/IssueCashLoggingTests.kt
@@ -0,0 +1,40 @@
+package net.corda.node.logging
+
+import net.corda.core.messaging.startFlow
+import net.corda.core.utilities.OpaqueBytes
+import net.corda.core.utilities.getOrThrow
+import net.corda.finance.DOLLARS
+import net.corda.finance.flows.CashIssueAndPaymentFlow
+import net.corda.node.services.Permissions.Companion.all
+import net.corda.testing.driver.DriverParameters
+import net.corda.testing.driver.driver
+import net.corda.testing.node.User
+import net.corda.testing.node.internal.FINANCE_CORDAPPS
+import org.assertj.core.api.Assertions.assertThat
+import org.junit.Test
+
+class IssueCashLoggingTests {
+
+    @Test
+    fun `issuing and sending cash as payment do not result in duplicate insertion warnings`() {
+        val user = User("mark", "dadada", setOf(all()))
+        driver(DriverParameters(cordappsForAllNodes = FINANCE_CORDAPPS)) {
+            val nodeA = startNode(rpcUsers = listOf(user)).getOrThrow()
+            val nodeB = startNode().getOrThrow()
+
+            val amount = 1.DOLLARS
+            val ref = OpaqueBytes.of(0)
+            val recipient = nodeB.nodeInfo.legalIdentities[0]
+
+            nodeA.rpc.startFlow(::CashIssueAndPaymentFlow, amount, ref, recipient, false, defaultNotaryIdentity).returnValue.getOrThrow()
+
+            val linesWithDuplicateInsertionWarningsInA = nodeA.logFile().useLines { lines -> lines.filter(String::containsDuplicateInsertWarning).toList() }
+            val linesWithDuplicateInsertionWarningsInB = nodeB.logFile().useLines { lines -> lines.filter(String::containsDuplicateInsertWarning).toList() }
+
+            assertThat(linesWithDuplicateInsertionWarningsInA).isEmpty()
+            assertThat(linesWithDuplicateInsertionWarningsInB).isEmpty()
+        }
+    }
+}
+
+private fun String.containsDuplicateInsertWarning(): Boolean = contains("Double insert") && contains("not inserting the second time")
\ No newline at end of file
diff --git a/node/src/integration-test/kotlin/net/corda/node/logging/PackageUtils.kt b/node/src/integration-test/kotlin/net/corda/node/logging/PackageUtils.kt
new file mode 100644
index 0000000000..cfaea5bcc7
--- /dev/null
+++ b/node/src/integration-test/kotlin/net/corda/node/logging/PackageUtils.kt
@@ -0,0 +1,7 @@
+package net.corda.node.logging
+
+import net.corda.core.internal.div
+import net.corda.testing.driver.NodeHandle
+import java.io.File
+
+fun NodeHandle.logFile(): File = (baseDirectory / "logs").toFile().walk().filter { it.name.startsWith("node-") && it.extension == "log" }.single()
\ No newline at end of file
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt b/node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt
index 1b90941582..c4f5525eec 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt
@@ -1,117 +1,143 @@
 package net.corda.node.services
 
-import com.nhaarman.mockito_kotlin.any
-import com.nhaarman.mockito_kotlin.doReturn
-import com.nhaarman.mockito_kotlin.whenever
-import net.corda.core.CordaRuntimeException
+import co.paralleluniverse.fibers.Suspendable
 import net.corda.core.contracts.*
-import net.corda.core.cordapp.CordappProvider
-import net.corda.core.flows.FlowLogic
+import net.corda.core.flows.*
+import net.corda.core.identity.AbstractParty
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
-import net.corda.core.internal.toLedgerTransaction
-import net.corda.core.node.NetworkParameters
-import net.corda.core.node.ServicesForResolution
-import net.corda.core.node.services.AttachmentStorage
-import net.corda.core.node.services.IdentityService
-import net.corda.core.node.services.NetworkParametersStorage
-import net.corda.core.serialization.SerializationFactory
-import net.corda.core.serialization.serialize
+import net.corda.core.internal.*
+import net.corda.core.internal.concurrent.transpose
+import net.corda.core.messaging.startFlow
+import net.corda.core.serialization.internal.UntrustedAttachmentsException
+import net.corda.core.transactions.LedgerTransaction
 import net.corda.core.transactions.TransactionBuilder
 import net.corda.core.utilities.getOrThrow
-import net.corda.node.VersionInfo
-import net.corda.node.internal.cordapp.CordappProviderImpl
-import net.corda.node.internal.cordapp.JarScanningCordappLoader
-import net.corda.testing.common.internal.testNetworkParameters
-import net.corda.testing.common.internal.addNotary
-import net.corda.testing.core.DUMMY_BANK_A_NAME
+import net.corda.core.utilities.unwrap
+import net.corda.testing.common.internal.checkNotOnClasspath
+import net.corda.testing.core.ALICE_NAME
+import net.corda.testing.core.BOB_NAME
 import net.corda.testing.core.DUMMY_NOTARY_NAME
-import net.corda.testing.core.SerializationEnvironmentRule
-import net.corda.testing.core.TestIdentity
+import net.corda.testing.core.singleIdentity
+import net.corda.testing.driver.DriverDSL
 import net.corda.testing.driver.DriverParameters
-import net.corda.testing.driver.NodeParameters
 import net.corda.testing.driver.driver
-import net.corda.testing.internal.MockCordappConfigProvider
-import net.corda.testing.internal.rigorousMock
-import net.corda.testing.internal.withoutTestSerialization
+import net.corda.testing.node.NotarySpec
 import net.corda.testing.node.internal.cordappsForPackages
-import net.corda.testing.services.MockAttachmentStorage
-import org.junit.Assert.assertEquals
-import org.junit.Rule
+import org.assertj.core.api.Assertions.assertThatThrownBy
 import org.junit.Test
+import java.net.URL
 import java.net.URLClassLoader
-import kotlin.test.assertFailsWith
 
 class AttachmentLoadingTests {
-    @Rule
-    @JvmField
-    val testSerialization = SerializationEnvironmentRule()
-    private val attachments = MockAttachmentStorage()
-    private val provider = CordappProviderImpl(JarScanningCordappLoader.fromJarUrls(listOf(isolatedJAR), VersionInfo.UNKNOWN), MockCordappConfigProvider(), attachments).apply {
-        start(testNetworkParameters().whitelistedContractImplementations)
-    }
-    private val cordapp get() = provider.cordapps.first()
-    private val attachmentId get() = provider.getCordappAttachmentId(cordapp)!!
-    private val appContext get() = provider.getAppContext(cordapp)
-
     private companion object {
-        val isolatedJAR = AttachmentLoadingTests::class.java.getResource("isolated.jar")!!
-        const val ISOLATED_CONTRACT_ID = "net.corda.finance.contracts.isolated.AnotherDummyContract"
+        val isolatedJar: URL = AttachmentLoadingTests::class.java.getResource("/isolated.jar")
+        val isolatedClassLoader = URLClassLoader(arrayOf(isolatedJar))
+        val issuanceFlowClass: Class<FlowLogic<StateRef>> = uncheckedCast(loadFromIsolated("net.corda.isolated.workflows.IsolatedIssuanceFlow"))
 
-        val bankAName = CordaX500Name("BankA", "Zurich", "CH")
-        val bankBName = CordaX500Name("BankB", "Zurich", "CH")
-        val flowInitiatorClass: Class<out FlowLogic<*>> =
-                Class.forName("net.corda.finance.contracts.isolated.IsolatedDummyFlow\$Initiator", true, URLClassLoader(arrayOf(isolatedJAR)))
-                        .asSubclass(FlowLogic::class.java)
-        val DUMMY_BANK_A = TestIdentity(DUMMY_BANK_A_NAME, 40).party
-        val DUMMY_NOTARY = TestIdentity(DUMMY_NOTARY_NAME, 20).party
-    }
-
-    private val services = object : ServicesForResolution {
-        private val testNetworkParameters = testNetworkParameters().addNotary(DUMMY_NOTARY)
-        override fun loadState(stateRef: StateRef): TransactionState<*> = throw NotImplementedError()
-        override fun loadStates(stateRefs: Set<StateRef>): Set<StateAndRef<ContractState>> = throw NotImplementedError()
-        override fun loadContractAttachment(stateRef: StateRef, interestedContractClassName : ContractClassName?): Attachment = throw NotImplementedError()
-        override val identityService = rigorousMock<IdentityService>().apply {
-            doReturn(null).whenever(this).partyFromKey(DUMMY_BANK_A.owningKey)
-        }
-        override val attachments: AttachmentStorage get() = this@AttachmentLoadingTests.attachments
-        override val cordappProvider: CordappProvider get() = this@AttachmentLoadingTests.provider
-        override val networkParameters: NetworkParameters = testNetworkParameters
-        override val networkParametersStorage: NetworkParametersStorage get() = rigorousMock<NetworkParametersStorage>().apply {
-            doReturn(testNetworkParameters.serialize().hash).whenever(this).currentHash
-            doReturn(testNetworkParameters).whenever(this).lookup(any())
-        }
-    }
-
-    @Test
-    fun `test a wire transaction has loaded the correct attachment`() {
-        val appClassLoader = appContext.classLoader
-        val contractClass = appClassLoader.loadClass(ISOLATED_CONTRACT_ID).asSubclass(Contract::class.java)
-        val generateInitialMethod = contractClass.getDeclaredMethod("generateInitial", PartyAndReference::class.java, Integer.TYPE, Party::class.java)
-        val contract = contractClass.newInstance()
-        val txBuilder = generateInitialMethod.invoke(contract, DUMMY_BANK_A.ref(1), 1, DUMMY_NOTARY) as TransactionBuilder
-        val context = SerializationFactory.defaultFactory.defaultContext.withClassLoader(appClassLoader)
-        val ledgerTx = txBuilder.toLedgerTransaction(services, context)
-        contract.verify(ledgerTx)
-
-        val actual = ledgerTx.attachments.first()
-        val expected = attachments.openAttachment(attachmentId)!!
-        assertEquals(expected, actual)
-    }
-
-    @Test
-    fun `test that attachments retrieved over the network are not used for code`() {
-        withoutTestSerialization {
-            driver(DriverParameters(startNodesInProcess = true, notarySpecs = emptyList(), cordappsForAllNodes = emptySet())) {
-                val additionalCordapps = cordappsForPackages("net.corda.finance.contracts.isolated")
-                val bankA = startNode(NodeParameters(providedName = bankAName, additionalCordapps = additionalCordapps)).getOrThrow()
-                val bankB = startNode(NodeParameters(providedName = bankBName, additionalCordapps = additionalCordapps)).getOrThrow()
-                assertFailsWith<CordaRuntimeException>("Party C=CH,L=Zurich,O=BankB rejected session request: Don't know net.corda.finance.contracts.isolated.IsolatedDummyFlow\$Initiator") {
-                    bankA.rpc.startFlowDynamic(flowInitiatorClass, bankB.nodeInfo.legalIdentities.first()).returnValue.getOrThrow()
-                }
+        init {
+            checkNotOnClasspath("net.corda.isolated.contracts.AnotherDummyContract") {
+                "isolated module cannot be on the classpath as otherwise it will be pulled into the nodes the driver creates and " +
+                        "contaminate the tests. This is a known issue with the driver and we must work around it until it's fixed."
             }
-            Unit
+        }
+
+        fun loadFromIsolated(className: String): Class<*> = Class.forName(className, false, isolatedClassLoader)
+    }
+
+    @Test
+    fun `contracts downloaded from the network are not executed without the DJVM`() {
+        driver(DriverParameters(
+                startNodesInProcess = false,
+                notarySpecs = listOf(NotarySpec(DUMMY_NOTARY_NAME, validating = false)),
+                cordappsForAllNodes = cordappsForPackages(javaClass.packageName)
+        )) {
+            installIsolatedCordapp(ALICE_NAME)
+
+            val (alice, bob) = listOf(
+                    startNode(providedName = ALICE_NAME),
+                    startNode(providedName = BOB_NAME)
+            ).transpose().getOrThrow()
+
+            val stateRef = alice.rpc.startFlowDynamic(issuanceFlowClass, 1234).returnValue.getOrThrow()
+
+            assertThatThrownBy { alice.rpc.startFlow(::ConsumeAndBroadcastFlow, stateRef, bob.nodeInfo.singleIdentity()).returnValue.getOrThrow() }
+                    // ConsumeAndBroadcastResponderFlow re-throws any non-FlowExceptions with just their class name in the message so that
+                    // we can verify here Bob threw the correct exception
+                    .hasMessage(UntrustedAttachmentsException::class.java.name)
         }
     }
-}
\ No newline at end of file
+
+    @Test
+    fun `contract is executed if installed locally`() {
+        driver(DriverParameters(
+                startNodesInProcess = false,
+                notarySpecs = listOf(NotarySpec(DUMMY_NOTARY_NAME, validating = false)),
+                cordappsForAllNodes = cordappsForPackages(javaClass.packageName)
+        )) {
+            installIsolatedCordapp(ALICE_NAME)
+            installIsolatedCordapp(BOB_NAME)
+
+            val (alice, bob) = listOf(
+                    startNode(providedName = ALICE_NAME),
+                    startNode(providedName = BOB_NAME)
+            ).transpose().getOrThrow()
+
+            val stateRef = alice.rpc.startFlowDynamic(issuanceFlowClass, 1234).returnValue.getOrThrow()
+            alice.rpc.startFlow(::ConsumeAndBroadcastFlow, stateRef, bob.nodeInfo.singleIdentity()).returnValue.getOrThrow()
+        }
+    }
+
+    private fun DriverDSL.installIsolatedCordapp(name: CordaX500Name) {
+        val cordappsDir = (baseDirectory(name) / "cordapps").createDirectories()
+        isolatedJar.toPath().copyToDirectory(cordappsDir)
+    }
+
+    @InitiatingFlow
+    @StartableByRPC
+    class ConsumeAndBroadcastFlow(private val stateRef: StateRef, private val otherSide: Party) : FlowLogic<Unit>() {
+        @Suspendable
+        override fun call() {
+            val notary = serviceHub.networkMapCache.notaryIdentities[0]
+            val stateAndRef = serviceHub.toStateAndRef<ContractState>(stateRef)
+            val stx = serviceHub.signInitialTransaction(
+                    TransactionBuilder(notary)
+                            .addInputState(stateAndRef)
+                            .addOutputState(ConsumeContract.State())
+                            .addCommand(Command(ConsumeContract.Cmd, ourIdentity.owningKey))
+            )
+            stx.verify(serviceHub, checkSufficientSignatures = false)
+            val session = initiateFlow(otherSide)
+            subFlow(FinalityFlow(stx, session))
+            // It's important we wait on this dummy receive, as otherwise it's possible we miss any errors the other side throws
+            session.receive<String>().unwrap { require(it == "OK") { "Not OK: $it"} }
+        }
+    }
+
+    @InitiatedBy(ConsumeAndBroadcastFlow::class)
+    class ConsumeAndBroadcastResponderFlow(private val otherSide: FlowSession) : FlowLogic<Unit>() {
+        @Suspendable
+        override fun call() {
+            try {
+                subFlow(ReceiveFinalityFlow(otherSide))
+            } catch (e: FlowException) {
+                throw e
+            } catch (e: Exception) {
+                throw FlowException(e.javaClass.name)
+            }
+            otherSide.send("OK")
+        }
+    }
+
+    class ConsumeContract : Contract {
+        override fun verify(tx: LedgerTransaction) {
+            // Accept everything
+        }
+
+        class State : ContractState {
+            override val participants: List<AbstractParty> get() = emptyList()
+        }
+
+        object Cmd : TypeOnlyCommandData()
+    }
+}
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/distributed/DistributedServiceTests.kt b/node/src/integration-test/kotlin/net/corda/node/services/distributed/DistributedServiceTests.kt
index 07ecdf2999..183f61553d 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/distributed/DistributedServiceTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/services/distributed/DistributedServiceTests.kt
@@ -22,6 +22,7 @@ import net.corda.testing.driver.driver
 import net.corda.testing.node.NotarySpec
 import net.corda.testing.node.User
 import net.corda.testing.node.internal.DummyClusterSpec
+import net.corda.testing.node.internal.FINANCE_CORDAPPS
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.Test
 import rx.Observable
@@ -42,7 +43,8 @@ class DistributedServiceTests {
                 invokeRpc(CordaRPCOps::stateMachinesFeed))
         )
         driver(DriverParameters(
-                extraCordappPackagesToScan = listOf("net.corda.finance", "net.corda.notary.raft"),
+                extraCordappPackagesToScan = listOf("net.corda.notary.raft"),
+                cordappsForAllNodes = FINANCE_CORDAPPS,
                 notarySpecs = listOf(NotarySpec(
                         DUMMY_NOTARY_NAME,
                         rpcUsers = listOf(testUser),
diff --git a/node/src/integration-test/kotlin/net/corda/node/utilities/registration/NodeRegistrationTest.kt b/node/src/integration-test/kotlin/net/corda/node/utilities/registration/NodeRegistrationTest.kt
index 5849f74b40..19139ace49 100644
--- a/node/src/integration-test/kotlin/net/corda/node/utilities/registration/NodeRegistrationTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/utilities/registration/NodeRegistrationTest.kt
@@ -100,17 +100,6 @@ class NodeRegistrationTest {
                     aliceName.organisation,
                     genevieveName.organisation,
                     notaryName.organisation)
-
-            // Check the nodes can communicate among themselves (and the notary).
-            val anonymous = false
-            genevieve.rpc.startFlow(
-                    ::CashIssueAndPaymentFlow,
-                    1000.DOLLARS,
-                    OpaqueBytes.of(12),
-                    alice.nodeInfo.singleIdentity(),
-                    anonymous,
-                    defaultNotaryIdentity
-            ).returnValue.getOrThrow()
         }
     }
 }
diff --git a/node/src/integration-test/kotlin/net/corda/services/messaging/AdditionP2PAddressModeTest.kt b/node/src/integration-test/kotlin/net/corda/services/messaging/AdditionP2PAddressModeTest.kt
index 2ceabb9f55..f05b690e1a 100644
--- a/node/src/integration-test/kotlin/net/corda/services/messaging/AdditionP2PAddressModeTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/services/messaging/AdditionP2PAddressModeTest.kt
@@ -20,6 +20,7 @@ import net.corda.testing.driver.DriverParameters
 import net.corda.testing.driver.driver
 import net.corda.testing.driver.internal.incrementalPortAllocation
 import net.corda.testing.node.User
+import net.corda.testing.node.internal.FINANCE_CORDAPPS
 import org.junit.Test
 import java.util.*
 
@@ -28,7 +29,7 @@ class AdditionP2PAddressModeTest {
     @Test
     fun `runs nodes with one configured to use additionalP2PAddresses`() {
         val testUser = User("test", "test", setOf(all()))
-        driver(DriverParameters(startNodesInProcess = true, inMemoryDB = true, extraCordappPackagesToScan = listOf("net.corda.finance"))) {
+        driver(DriverParameters(startNodesInProcess = true, inMemoryDB = true, cordappsForAllNodes = FINANCE_CORDAPPS)) {
             val mainAddress = portAllocation.nextHostAndPort().toString()
             val altAddress = portAllocation.nextHostAndPort().toString()
             val haConfig = mutableMapOf<String, Any?>()
diff --git a/node/src/integration-test/kotlin/net/corda/services/vault/VaultRestartTest.kt b/node/src/integration-test/kotlin/net/corda/services/vault/VaultRestartTest.kt
index a7d5650f2e..86e48b79c3 100644
--- a/node/src/integration-test/kotlin/net/corda/services/vault/VaultRestartTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/services/vault/VaultRestartTest.kt
@@ -20,8 +20,8 @@ class VaultRestartTest {
 
     @Test
     fun `restart and query vault after adding some cash states`() {
-        driver(DriverParameters(inMemoryDB = false, startNodesInProcess = false,
-                                extraCordappPackagesToScan = listOf("net.corda.finance.contracts", "net.corda.finance.schemas"))) {
+        driver(DriverParameters(inMemoryDB = false, startNodesInProcess = false, isDebug = true,
+                                extraCordappPackagesToScan = listOf("net.corda.finance", "migration"))) {
             val node = startNode(providedName = DUMMY_BANK_A_NAME, customOverrides = mapOf("p2pAddress" to "localhost:30000")).getOrThrow()
 
             val expected = 500.DOLLARS
diff --git a/node/src/integration-test/kotlin/net/corda/testMessage/MessageState.kt b/node/src/integration-test/kotlin/net/corda/testMessage/MessageState.kt
index 372dc2870b..9790eb6bb6 100644
--- a/node/src/integration-test/kotlin/net/corda/testMessage/MessageState.kt
+++ b/node/src/integration-test/kotlin/net/corda/testMessage/MessageState.kt
@@ -15,6 +15,7 @@ import javax.persistence.Table
 @CordaSerializable
 data class Message(val value: String)
 
+@BelongsToContract(MessageContract::class)
 data class MessageState(val message: Message, val by: Party, override val linearId: UniqueIdentifier = UniqueIdentifier()) : LinearState, QueryableState {
     override val participants: List<AbstractParty> = listOf(by)
 
diff --git a/node/src/integration-test/resources/isolated.jar b/node/src/integration-test/resources/isolated.jar
new file mode 100644
index 0000000000..8026639a7e
Binary files /dev/null and b/node/src/integration-test/resources/isolated.jar differ
diff --git a/node/src/integration-test/resources/net/corda/node/services/isolated.jar b/node/src/integration-test/resources/net/corda/node/services/isolated.jar
deleted file mode 100644
index 05544ab868..0000000000
Binary files a/node/src/integration-test/resources/net/corda/node/services/isolated.jar and /dev/null differ
diff --git a/node/src/main/kotlin/net/corda/node/cordapp/CordappLoader.kt b/node/src/main/kotlin/net/corda/node/cordapp/CordappLoader.kt
index 8a8feffc2d..2ecf6dc9d8 100644
--- a/node/src/main/kotlin/net/corda/node/cordapp/CordappLoader.kt
+++ b/node/src/main/kotlin/net/corda/node/cordapp/CordappLoader.kt
@@ -8,7 +8,7 @@ import net.corda.core.schemas.MappedSchema
 /**
  * Handles loading [Cordapp]s.
  */
-interface CordappLoader {
+interface CordappLoader : AutoCloseable {
 
     /**
      * Returns all [Cordapp]s found.
diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
index c2c5c49207..f9eba770d1 100644
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@@ -33,7 +33,6 @@ import net.corda.core.utilities.days
 import net.corda.core.utilities.getOrThrow
 import net.corda.core.utilities.minutes
 import net.corda.node.CordaClock
-import net.corda.node.SerialFilter
 import net.corda.node.VersionInfo
 import net.corda.node.cordapp.CordappLoader
 import net.corda.node.internal.classloading.requireAnnotation
@@ -93,7 +92,6 @@ import java.lang.reflect.InvocationTargetException
 import java.nio.file.Paths
 import java.security.KeyPair
 import java.security.KeyStoreException
-import java.security.PublicKey
 import java.security.cert.X509Certificate
 import java.sql.Connection
 import java.time.Clock
@@ -145,7 +143,10 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         }
     }
 
-    val cordappLoader: CordappLoader = makeCordappLoader(configuration, versionInfo)
+    private val notaryLoader = configuration.notary?.let {
+        NotaryLoader(it, versionInfo)
+    }
+    val cordappLoader: CordappLoader = makeCordappLoader(configuration, versionInfo).closeOnStop()
     val schemaService = NodeSchemaService(cordappLoader.cordappSchemas).tokenize()
     val identityService = PersistentIdentityService(cacheFactory).tokenize()
     val database: CordaPersistence = createCordaPersistence(
@@ -170,7 +171,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
     val attachments = NodeAttachmentService(metricRegistry, cacheFactory, database).tokenize()
     val cryptoService = configuration.makeCryptoService()
     @Suppress("LeakingThis")
-    val networkParametersStorage = makeParametersStorage()
+    val networkParametersStorage = makeNetworkParametersStorage()
     val cordappProvider = CordappProviderImpl(cordappLoader, CordappConfigFileProvider(configuration.cordappDirectories), attachments).tokenize()
     @Suppress("LeakingThis")
     val keyManagementService = makeKeyManagementService(identityService).tokenize()
@@ -178,7 +179,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         attachments.servicesForResolution = it
     }
     @Suppress("LeakingThis")
-    val vaultService = makeVaultService(keyManagementService, servicesForResolution, database).tokenize()
+    val vaultService = makeVaultService(keyManagementService, servicesForResolution, database, cordappLoader).tokenize()
     val nodeProperties = NodePropertiesPersistentStore(StubbedNodeUniqueIdProvider::value, database, cacheFactory)
     val flowLogicRefFactory = FlowLogicRefFactoryImpl(cordappLoader.appClassLoader)
     // TODO Cancelling parameters updates - if we do that, how we ensure that no one uses cancelled parameters in the transactions?
@@ -373,8 +374,8 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
             // the KMS is meant for derived temporary keys used in transactions, and we're not supposed to sign things with
             // the identity key. But the infrastructure to make that easy isn't here yet.
             keyManagementService.start(keyPairs)
-            val notaryService = makeNotaryService(myNotaryIdentity)
-            installCordaServices(myNotaryIdentity)
+            val notaryService = maybeStartNotaryService(myNotaryIdentity)
+            installCordaServices()
             contractUpgradeService.start()
             vaultService.start()
             ScheduledActivityObserver.install(vaultService, schedulerService, flowLogicRefFactory)
@@ -537,14 +538,13 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
     }
 
     private fun makeCordappLoader(configuration: NodeConfiguration, versionInfo: VersionInfo): CordappLoader {
-        val generatedCordapps = mutableListOf(VirtualCordapp.generateCoreCordapp(versionInfo))
-        if (isRunningSimpleNotaryService(configuration)) {
-            // For backwards compatibility purposes the single node notary implementation is built-in: a virtual
-            // CorDapp will be generated.
-            generatedCordapps += VirtualCordapp.generateSimpleNotaryCordapp(versionInfo)
+        val generatedCordapps = mutableListOf(VirtualCordapp.generateCore(versionInfo))
+        notaryLoader?.builtInNotary?.let { notaryImpl ->
+            generatedCordapps += notaryImpl
         }
+
         val blacklistedKeys = if (configuration.devMode) emptyList()
-        else configuration.cordappSignerKeyFingerprintBlacklist.mapNotNull {
+        else configuration.cordappSignerKeyFingerprintBlacklist.map {
             try {
                 SecureHash.parse(it)
             } catch (e: IllegalArgumentException) {
@@ -566,7 +566,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
 
     private class ServiceInstantiationException(cause: Throwable?) : CordaException("Service Instantiation Error", cause)
 
-    private fun installCordaServices(myNotaryIdentity: PartyAndCertificate?) {
+    private fun installCordaServices() {
         val loadedServices = cordappLoader.cordapps.flatMap { it.services }
         loadedServices.forEach {
             try {
@@ -711,7 +711,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         return DBTransactionStorage(database, cacheFactory)
     }
 
-    protected open fun makeParametersStorage(): NetworkParametersStorageInternal {
+    protected open fun makeNetworkParametersStorage(): NetworkParametersStorage {
         return DBNetworkParametersStorage(cacheFactory, database, networkMapClient).tokenize()
     }
 
@@ -781,20 +781,10 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         logVendorString(database, log)
     }
 
-    private fun makeNotaryService(myNotaryIdentity: PartyAndCertificate?): NotaryService? {
-        return configuration.notary?.let { notaryConfig ->
-            val serviceClass = getNotaryServiceClass(notaryConfig.className)
-            log.info("Starting notary service: $serviceClass")
-
-            val notaryKey = myNotaryIdentity?.owningKey
-                    ?: throw IllegalArgumentException("Unable to start notary service $serviceClass: notary identity not found")
-
-            /** Some notary implementations only work with Java serialization. */
-            maybeInstallSerializationFilter(serviceClass)
-
-            val constructor = serviceClass.getDeclaredConstructor(ServiceHubInternal::class.java, PublicKey::class.java)
-                    .apply { isAccessible = true }
-            val service = constructor.newInstance(services, notaryKey) as NotaryService
+    /** Loads and starts a notary service if it is configured. */
+    private fun maybeStartNotaryService(myNotaryIdentity: PartyAndCertificate?): NotaryService? {
+        return notaryLoader?.let { loader ->
+            val service = loader.loadService(myNotaryIdentity, services, cordappLoader)
 
             service.run {
                 tokenize()
@@ -806,30 +796,6 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         }
     }
 
-    /** Installs a custom serialization filter defined by a notary service implementation. Only supported in dev mode. */
-    private fun maybeInstallSerializationFilter(serviceClass: Class<out NotaryService>) {
-        try {
-            @Suppress("UNCHECKED_CAST")
-            val filter = serviceClass.getDeclaredMethod("getSerializationFilter").invoke(null) as ((Class<*>) -> Boolean)
-            if (configuration.devMode) {
-                log.warn("Installing a custom Java serialization filter, required by ${serviceClass.name}. " +
-                        "Note this is only supported in dev mode – a production node will fail to start if serialization filters are used.")
-                SerialFilter.install(filter)
-            } else {
-                throw UnsupportedOperationException("Unable to install a custom Java serialization filter, not in dev mode.")
-            }
-        } catch (e: NoSuchMethodException) {
-            // No custom serialization filter declared
-        }
-    }
-
-    private fun getNotaryServiceClass(className: String): Class<out NotaryService> {
-        val loadedImplementations = cordappLoader.cordapps.mapNotNull { it.notaryService }
-        log.debug("Notary service implementations found: ${loadedImplementations.joinToString(", ")}")
-        return loadedImplementations.firstOrNull { it.name == className }
-                ?: throw IllegalArgumentException("The notary service implementation specified in the configuration: $className is not found. Available implementations: ${loadedImplementations.joinToString(", ")}}")
-    }
-
     protected open fun makeKeyManagementService(identityService: PersistentIdentityService): KeyManagementServiceInternal {
         // Place the long term identity key in the KMS. Eventually, this is likely going to be separated again because
         // the KMS is meant for derived temporary keys used in transactions, and we're not supposed to sign things with
@@ -969,8 +935,9 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
 
     protected open fun makeVaultService(keyManagementService: KeyManagementService,
                                         services: ServicesForResolution,
-                                        database: CordaPersistence): VaultServiceInternal {
-        return NodeVaultService(platformClock, keyManagementService, services, database, schemaService)
+                                        database: CordaPersistence,
+                                        cordappLoader: CordappLoader): VaultServiceInternal {
+        return NodeVaultService(platformClock, keyManagementService, services, database, schemaService, cordappLoader.appClassLoader)
     }
 
     /** Load configured JVM agents */
@@ -1011,7 +978,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         override val configuration: NodeConfiguration get() = this@AbstractNode.configuration
         override val networkMapUpdater: NetworkMapUpdater get() = this@AbstractNode.networkMapUpdater
         override val cacheFactory: NamedCacheFactory get() = this@AbstractNode.cacheFactory
-        override val networkParametersStorage: NetworkParametersStorage get() = this@AbstractNode.networkParametersStorage
+        override val networkParametersService: NetworkParametersStorage get() = this@AbstractNode.networkParametersStorage
 
         private lateinit var _myInfo: NodeInfo
         override val myInfo: NodeInfo get() = _myInfo
diff --git a/node/src/main/kotlin/net/corda/node/internal/DBNetworkParametersStorage.kt b/node/src/main/kotlin/net/corda/node/internal/DBNetworkParametersStorage.kt
index cf5ad3d782..2cef9156c4 100644
--- a/node/src/main/kotlin/net/corda/node/internal/DBNetworkParametersStorage.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/DBNetworkParametersStorage.kt
@@ -5,10 +5,9 @@ import net.corda.core.identity.Party
 import net.corda.core.internal.DigitalSignatureWithCert
 import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.internal.SignedDataWithCert
-import net.corda.core.internal.notary.HistoricNetworkParameterStorage
+import net.corda.core.internal.NetworkParametersServiceInternal
 import net.corda.core.node.NetworkParameters
 import net.corda.core.node.NotaryInfo
-import net.corda.core.node.services.NetworkParametersStorage
 import net.corda.core.serialization.SerializedBytes
 import net.corda.core.serialization.SingletonSerializeAsToken
 import net.corda.core.serialization.deserialize
@@ -27,7 +26,7 @@ import org.apache.commons.lang.ArrayUtils
 import java.security.cert.X509Certificate
 import javax.persistence.*
 
-interface NetworkParametersStorageInternal : NetworkParametersStorage {
+interface NetworkParametersStorage : NetworkParametersServiceInternal {
     /**
      * Return parameters epoch for the given parameters hash. Null if there are no parameters for this hash in the storage and we are unable to
      * get them from network map.
@@ -50,7 +49,7 @@ class DBNetworkParametersStorage(
         // TODO It's very inefficient solution (at least at the beginning when node joins without historical data)
         // We could have historic parameters endpoint or always add parameters as an attachment to the transaction.
         private val networkMapClient: NetworkMapClient?
-) : NetworkParametersStorageInternal, HistoricNetworkParameterStorage, SingletonSerializeAsToken() {
+) : NetworkParametersStorage, SingletonSerializeAsToken() {
     private lateinit var trustRoot: X509Certificate
 
     companion object {
diff --git a/node/src/main/kotlin/net/corda/node/internal/Node.kt b/node/src/main/kotlin/net/corda/node/internal/Node.kt
index ca355988bc..63330980e3 100644
--- a/node/src/main/kotlin/net/corda/node/internal/Node.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/Node.kt
@@ -43,7 +43,9 @@ import net.corda.node.services.api.FlowStarter
 import net.corda.node.services.api.ServiceHubInternal
 import net.corda.node.services.api.StartedNodeServices
 import net.corda.node.services.config.*
-import net.corda.node.services.messaging.*
+import net.corda.node.services.messaging.ArtemisMessagingServer
+import net.corda.node.services.messaging.MessagingService
+import net.corda.node.services.messaging.P2PMessagingClient
 import net.corda.node.services.rpc.ArtemisRpcBroker
 import net.corda.node.services.rpc.InternalRPCMessagingClient
 import net.corda.node.services.rpc.RPCServerConfiguration
@@ -311,6 +313,9 @@ open class Node(configuration: NodeConfiguration,
 
     private fun getAdvertisedAddress(): NetworkHostAndPort {
         return with(configuration) {
+            require(p2pAddress.host != "0.0.0.0") {
+                "Invalid p2pAddress: $p2pAddress contains 0.0.0.0 which is not suitable as an advertised node address"
+            }
             val host = if (detectPublicIp) {
                 tryDetectIfNotPublicHost(p2pAddress.host) ?: p2pAddress.host
             } else {
@@ -323,10 +328,11 @@ open class Node(configuration: NodeConfiguration,
     /**
      * Checks whether the specified [host] is a public IP address or hostname. If not, tries to discover the current
      * machine's public IP address to be used instead by looking through the network interfaces.
-     * TODO this code used to rely on the networkmap node, we might want to look at a different solution.
      */
     private fun tryDetectIfNotPublicHost(host: String): String? {
-        return if (!AddressUtils.isPublic(host)) {
+        return if (host.toLowerCase() == "localhost") {
+            log.warn("p2pAddress specified as localhost. Trying to autodetect a suitable public address to advertise in network map." +
+                    "To disable autodetect set detectPublicIp = false in the node.conf, or consider using messagingServerAddress and messagingServerExternal")
             val foundPublicIP = AddressUtils.tryDetectPublicIP()
             if (foundPublicIP == null) {
                 try {
diff --git a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
index 20e80ee3f4..18268cf1b0 100644
--- a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
@@ -1,7 +1,10 @@
 package net.corda.node.internal
 
 import io.netty.channel.unix.Errors
-import net.corda.cliutils.*
+import net.corda.cliutils.CliWrapperBase
+import net.corda.cliutils.CordaCliWrapper
+import net.corda.cliutils.CordaVersionProvider
+import net.corda.cliutils.ExitCodes
 import net.corda.core.crypto.Crypto
 import net.corda.core.internal.*
 import net.corda.core.internal.concurrent.thenMatch
@@ -26,7 +29,7 @@ import net.corda.nodeapi.internal.persistence.DatabaseIncompatibleException
 import net.corda.tools.shell.InteractiveShell
 import org.fusesource.jansi.Ansi
 import org.slf4j.bridge.SLF4JBridgeHandler
-import picocli.CommandLine.*
+import picocli.CommandLine.Mixin
 import sun.misc.VMSupport
 import java.io.IOException
 import java.io.RandomAccessFile
@@ -35,6 +38,7 @@ import java.net.InetAddress
 import java.nio.file.Path
 import java.time.DayOfWeek
 import java.time.ZonedDateTime
+import java.util.function.Consumer
 
 /** An interface that can be implemented to tell the node what to do once it's intitiated. */
 interface RunAfterNodeInitialisation {
@@ -143,10 +147,10 @@ open class NodeStartup : NodeStartupLogging {
         val configuration = cmdLineOptions.parseConfiguration(rawConfig).doIfValid { logRawConfig(rawConfig) }.doOnErrors(::logConfigurationErrors).optional ?: return ExitCodes.FAILURE
 
         // Step 6. Configuring special serialisation requirements, i.e., bft-smart relies on Java serialization.
-        if (attempt { banJavaSerialisation(configuration) }.doOnException { error -> error.logAsUnexpected("Exception while configuring serialisation") } !is Try.Success) return ExitCodes.FAILURE
+        if (attempt { banJavaSerialisation(configuration) }.doOnFailure(Consumer { error -> error.logAsUnexpected("Exception while configuring serialisation") }) !is Try.Success) return ExitCodes.FAILURE
 
         // Step 7. Any actions required before starting up the Corda network layer.
-        if (attempt { preNetworkRegistration(configuration) }.doOnException(::handleRegistrationError) !is Try.Success) return ExitCodes.FAILURE
+        if (attempt { preNetworkRegistration(configuration) }.doOnFailure(Consumer(::handleRegistrationError)) !is Try.Success) return ExitCodes.FAILURE
 
         // Step 8. Log startup info.
         logStartupInfo(versionInfo, configuration)
@@ -155,7 +159,7 @@ open class NodeStartup : NodeStartupLogging {
         if (attempt {
                     cmdLineOptions.baseDirectory.createDirectories()
                     afterNodeInitialisation.run(createNode(configuration, versionInfo))
-                }.doOnException(::handleStartError) !is Try.Success) return ExitCodes.FAILURE
+                }.doOnFailure(Consumer(::handleStartError)) !is Try.Success) return ExitCodes.FAILURE
 
         return ExitCodes.SUCCESS
     }
@@ -395,24 +399,26 @@ interface NodeStartupLogging {
         val startupErrors = setOf(MultipleCordappsForFlowException::class, CheckpointIncompatibleException::class, AddressBindingException::class, NetworkParametersReader::class, DatabaseIncompatibleException::class)
     }
 
-    fun <RESULT> attempt(action: () -> RESULT): Try<RESULT> = Try.on(action)
+    fun <RESULT> attempt(action: () -> RESULT): Try<RESULT> = Try.on(action).throwError()
 
-    fun Exception.logAsExpected(message: String? = this.message, print: (String?) -> Unit = logger::error) = print(message)
+    fun Throwable.logAsExpected(message: String? = this.message, print: (String?) -> Unit = logger::error) = print(message)
 
-    fun Exception.logAsUnexpected(message: String? = this.message, error: Exception = this, print: (String?, Throwable) -> Unit = logger::error) = print("$message${this.message?.let { ": $it" } ?: ""}", error)
+    fun Throwable.logAsUnexpected(message: String? = this.message, error: Throwable = this, print: (String?, Throwable) -> Unit = logger::error) {
+        print("$message${this.message?.let { ": $it" } ?: ""}", error)
+    }
 
-    fun handleRegistrationError(error: Exception) {
+    fun handleRegistrationError(error: Throwable) {
         when (error) {
             is NodeRegistrationException -> error.logAsExpected("Issue with Node registration: ${error.message}")
             else -> error.logAsUnexpected("Exception during node registration")
         }
     }
 
-    fun Exception.isOpenJdkKnownIssue() = message?.startsWith("Unknown named curve:") == true
+    fun Throwable.isOpenJdkKnownIssue() = message?.startsWith("Unknown named curve:") == true
 
-    fun Exception.isExpectedWhenStartingNode() = startupErrors.any { error -> error.isInstance(this) }
+    fun Throwable.isExpectedWhenStartingNode() = startupErrors.any { error -> error.isInstance(this) }
 
-    fun handleStartError(error: Exception) {
+    fun handleStartError(error: Throwable) {
         when {
             error.isExpectedWhenStartingNode() -> error.logAsExpected()
             error is CouldNotCreateDataSourceException -> error.logAsUnexpected()
@@ -426,6 +432,7 @@ interface NodeStartupLogging {
 fun CliWrapperBase.initLogging(baseDirectory: Path) {
     System.setProperty("defaultLogLevel", specifiedLogLevel) // These properties are referenced from the XML config file.
     if (verbose) {
+        System.setProperty("consoleLoggingEnabled", "true")
         System.setProperty("consoleLogLevel", specifiedLogLevel)
         Node.renderBasicInfoToConsole = false
     }
diff --git a/node/src/main/kotlin/net/corda/node/internal/ServicesForResolutionImpl.kt b/node/src/main/kotlin/net/corda/node/internal/ServicesForResolutionImpl.kt
index 63b6101032..e4b447dcf5 100644
--- a/node/src/main/kotlin/net/corda/node/internal/ServicesForResolutionImpl.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/ServicesForResolutionImpl.kt
@@ -6,8 +6,8 @@ import net.corda.core.internal.SerializedStateAndRef
 import net.corda.core.node.NetworkParameters
 import net.corda.core.node.ServicesForResolution
 import net.corda.core.node.services.AttachmentStorage
-import net.corda.core.node.services.NetworkParametersStorage
 import net.corda.core.node.services.IdentityService
+import net.corda.core.node.services.NetworkParametersService
 import net.corda.core.node.services.TransactionStorage
 import net.corda.core.transactions.ContractUpgradeWireTransaction
 import net.corda.core.transactions.NotaryChangeWireTransaction
@@ -18,10 +18,10 @@ data class ServicesForResolutionImpl(
         override val identityService: IdentityService,
         override val attachments: AttachmentStorage,
         override val cordappProvider: CordappProvider,
-        override val networkParametersStorage: NetworkParametersStorage,
+        override val networkParametersService: NetworkParametersService,
         private val validatedTransactions: TransactionStorage
 ) : ServicesForResolution {
-    override val networkParameters: NetworkParameters get() = networkParametersStorage.lookup(networkParametersStorage.currentHash) ?:
+    override val networkParameters: NetworkParameters get() = networkParametersService.lookup(networkParametersService.currentHash) ?:
             throw IllegalArgumentException("No current parameters in network parameters storage")
 
     @Throws(TransactionResolutionException::class)
diff --git a/node/src/main/kotlin/net/corda/node/internal/cordapp/CordappProviderImpl.kt b/node/src/main/kotlin/net/corda/node/internal/cordapp/CordappProviderImpl.kt
index 9a6c83711a..86b3e1a0da 100644
--- a/node/src/main/kotlin/net/corda/node/internal/cordapp/CordappProviderImpl.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/cordapp/CordappProviderImpl.kt
@@ -39,28 +39,12 @@ open class CordappProviderImpl(val cordappLoader: CordappLoader,
 
     fun start(whitelistedContractImplementations: Map<String, List<AttachmentId>>) {
         cordappAttachments.putAll(loadContractsIntoAttachmentStore())
-        verifyInstalledCordapps(whitelistedContractImplementations)
+        verifyInstalledCordapps()
     }
 
-    private fun verifyInstalledCordapps(whitelistedContractImplementations: Map<String, List<AttachmentId>>) {
+    private fun verifyInstalledCordapps() {
         // This will invoke the lazy flowCordappMap property, thus triggering the MultipleCordappsForFlow check.
         cordappLoader.flowCordappMap
-
-        if (whitelistedContractImplementations.isEmpty()) {
-            log.warn("The network parameters don't specify any whitelisted contract implementations. Please contact your zone operator. See https://docs.corda.net/network-map.html")
-            return
-        }
-
-        // Verify that the installed contract classes correspond with the whitelist hash
-        // And warn if node is not using latest CorDapp
-        cordappAttachments.keys.map(attachmentStorage::openAttachment).mapNotNull { it as? ContractAttachment }.forEach { attch ->
-            (attch.allContracts intersect whitelistedContractImplementations.keys).forEach { contractClassName ->
-                when {
-                    attch.id !in whitelistedContractImplementations[contractClassName]!! -> log.error("Contract $contractClassName found in attachment ${attch.id} is not whitelisted in the network parameters. If this is a production node contact your zone operator. See https://docs.corda.net/network-map.html")
-                    attch.id != whitelistedContractImplementations[contractClassName]!!.last() -> log.warn("You are not using the latest CorDapp version for contract: $contractClassName. Please contact your zone operator.")
-                }
-            }
-        }
     }
 
     override fun getAppContext(): CordappContext {
diff --git a/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt b/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
index 4a319df1eb..b883258466 100644
--- a/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
@@ -43,13 +43,6 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
                                                    private val versionInfo: VersionInfo = VersionInfo.UNKNOWN,
                                                    extraCordapps: List<CordappImpl>,
                                                    private val signerKeyFingerprintBlacklist: List<SecureHash.SHA256> = emptyList()) : CordappLoaderTemplate() {
-
-    override val cordapps: List<CordappImpl> by lazy {
-        loadCordapps() + extraCordapps
-    }
-
-    override val appClassLoader: ClassLoader = URLClassLoader(cordappJarPaths.stream().map { it.url }.toTypedArray(), javaClass.classLoader)
-
     init {
         if (cordappJarPaths.isEmpty()) {
             logger.info("No CorDapp paths provided")
@@ -58,6 +51,12 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
         }
     }
 
+    override val cordapps: List<CordappImpl> by lazy { loadCordapps() + extraCordapps }
+
+    override val appClassLoader: URLClassLoader = URLClassLoader(cordappJarPaths.stream().map { it.url }.toTypedArray(), javaClass.classLoader)
+
+    override fun close() = appClassLoader.close()
+
     companion object {
         private val logger = contextLogger()
 
@@ -260,7 +259,10 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
     }
 
     private fun findPlugins(cordappJarPath: RestrictedURL): List<SerializationWhitelist> {
-        return ServiceLoader.load(SerializationWhitelist::class.java, URLClassLoader(arrayOf(cordappJarPath.url), appClassLoader)).toList().filter {
+        val whitelists = URLClassLoader(arrayOf(cordappJarPath.url)).use {
+            ServiceLoader.load(SerializationWhitelist::class.java, it).toList()
+        }
+        return whitelists.filter {
             it.javaClass.location == cordappJarPath.url && it.javaClass.name.startsWith(cordappJarPath.qualifiedNamePrefix)
         } + DefaultWhitelist // Always add the DefaultWhitelist to the whitelist for an app.
     }
@@ -378,8 +380,4 @@ abstract class CordappLoaderTemplate : CordappLoader {
     override val cordappSchemas: Set<MappedSchema> by lazy {
         cordapps.flatMap { it.customSchemas }.toSet()
     }
-
-    override val appClassLoader: ClassLoader by lazy {
-        URLClassLoader(cordapps.stream().map { it.jarPath }.toTypedArray(), javaClass.classLoader)
-    }
 }
diff --git a/node/src/main/kotlin/net/corda/node/internal/cordapp/VirtualCordapps.kt b/node/src/main/kotlin/net/corda/node/internal/cordapp/VirtualCordapps.kt
index 6bc82c032a..3f9e3b85f9 100644
--- a/node/src/main/kotlin/net/corda/node/internal/cordapp/VirtualCordapps.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/cordapp/VirtualCordapps.kt
@@ -8,6 +8,10 @@ import net.corda.core.internal.location
 import net.corda.node.VersionInfo
 import net.corda.node.services.transactions.NodeNotarySchemaV1
 import net.corda.node.services.transactions.SimpleNotaryService
+import net.corda.notary.experimental.bftsmart.BFTSmartNotarySchemaV1
+import net.corda.notary.experimental.bftsmart.BFTSmartNotaryService
+import net.corda.notary.experimental.raft.RaftNotarySchemaV1
+import net.corda.notary.experimental.raft.RaftNotaryService
 
 internal object VirtualCordapp {
     /** A list of the core RPC flows present in Corda */
@@ -18,7 +22,7 @@ internal object VirtualCordapp {
     )
 
     /** A Cordapp representing the core package which is not scanned automatically. */
-    fun generateCoreCordapp(versionInfo: VersionInfo): CordappImpl {
+    fun generateCore(versionInfo: VersionInfo): CordappImpl {
         return CordappImpl(
                 contractClassNames = listOf(),
                 initiatedFlows = listOf(),
@@ -33,7 +37,7 @@ internal object VirtualCordapp {
                 allFlows = listOf(),
                 jarPath = ContractUpgradeFlow.javaClass.location, // Core JAR location
                 jarHash = SecureHash.allOnesHash,
-                minimumPlatformVersion = 1,
+                minimumPlatformVersion = versionInfo.platformVersion,
                 targetPlatformVersion = versionInfo.platformVersion,
                 notaryService = null,
                 isLoaded = false
@@ -41,7 +45,7 @@ internal object VirtualCordapp {
     }
 
     /** A Cordapp for the built-in notary service implementation. */
-    fun generateSimpleNotaryCordapp(versionInfo: VersionInfo): CordappImpl {
+    fun generateSimpleNotary(versionInfo: VersionInfo): CordappImpl {
         return CordappImpl(
                 contractClassNames = listOf(),
                 initiatedFlows = listOf(),
@@ -56,10 +60,56 @@ internal object VirtualCordapp {
                 allFlows = listOf(),
                 jarPath = SimpleNotaryService::class.java.location,
                 jarHash = SecureHash.allOnesHash,
-                minimumPlatformVersion = 1,
+                minimumPlatformVersion = versionInfo.platformVersion,
                 targetPlatformVersion = versionInfo.platformVersion,
                 notaryService = SimpleNotaryService::class.java,
                 isLoaded = false
         )
     }
+
+    /** A Cordapp for the built-in Raft notary service implementation. */
+    fun generateRaftNotary(versionInfo: VersionInfo): CordappImpl {
+        return CordappImpl(
+                contractClassNames = listOf(),
+                initiatedFlows = listOf(),
+                rpcFlows = listOf(),
+                serviceFlows = listOf(),
+                schedulableFlows = listOf(),
+                services = listOf(),
+                serializationWhitelists = listOf(),
+                serializationCustomSerializers = listOf(),
+                customSchemas = setOf(RaftNotarySchemaV1),
+                info = Cordapp.Info.Default("corda-notary-raft", versionInfo.vendor, versionInfo.releaseVersion, "Open Source (Apache 2)"),
+                allFlows = listOf(),
+                jarPath = RaftNotaryService::class.java.location,
+                jarHash = SecureHash.allOnesHash,
+                minimumPlatformVersion = versionInfo.platformVersion,
+                targetPlatformVersion = versionInfo.platformVersion,
+                notaryService = RaftNotaryService::class.java,
+                isLoaded = false
+        )
+    }
+
+    /** A Cordapp for the built-in BFT-Smart notary service implementation. */
+    fun generateBFTSmartNotary(versionInfo: VersionInfo): CordappImpl {
+        return CordappImpl(
+                contractClassNames = listOf(),
+                initiatedFlows = listOf(),
+                rpcFlows = listOf(),
+                serviceFlows = listOf(),
+                schedulableFlows = listOf(),
+                services = listOf(),
+                serializationWhitelists = listOf(),
+                serializationCustomSerializers = listOf(),
+                customSchemas = setOf(BFTSmartNotarySchemaV1),
+                info = Cordapp.Info.Default("corda-notary-bft-smart", versionInfo.vendor, versionInfo.releaseVersion, "Open Source (Apache 2)"),
+                allFlows = listOf(),
+                jarPath = BFTSmartNotaryService::class.java.location,
+                jarHash = SecureHash.allOnesHash,
+                minimumPlatformVersion = versionInfo.platformVersion,
+                targetPlatformVersion = versionInfo.platformVersion,
+                notaryService = BFTSmartNotaryService::class.java,
+                isLoaded = false
+        )
+    }
 }
\ No newline at end of file
diff --git a/node/src/main/kotlin/net/corda/node/internal/subcommands/InitialRegistrationCli.kt b/node/src/main/kotlin/net/corda/node/internal/subcommands/InitialRegistrationCli.kt
index 372a104bd4..228f6e3400 100644
--- a/node/src/main/kotlin/net/corda/node/internal/subcommands/InitialRegistrationCli.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/subcommands/InitialRegistrationCli.kt
@@ -16,6 +16,7 @@ import picocli.CommandLine.Mixin
 import picocli.CommandLine.Option
 import java.io.File
 import java.nio.file.Path
+import java.util.function.Consumer
 
 class InitialRegistrationCli(val startup: NodeStartup): CliWrapperBase("initial-registration", "Start initial node registration with Corda network to obtain certificate from the permissioning server.") {
     @Option(names = ["-t", "--network-root-truststore"], description = ["Network root trust store obtained from network operator."])
@@ -83,7 +84,7 @@ class InitialRegistration(val baseDirectory: Path, private val networkRootTrustS
 
     private fun initialRegistration(config: NodeConfiguration) {
         // Null checks for [compatibilityZoneURL], [rootTruststorePath] and [rootTruststorePassword] has been done in [CmdLineOptions.loadConfig]
-        attempt { registerWithNetwork(config) }.doOnException(this::handleRegistrationError) as Try.Success
+        attempt { registerWithNetwork(config) }.doOnFailure(Consumer(this::handleRegistrationError)) as Try.Success
         // At this point the node registration was successful. We can delete the marker file.
         deleteNodeRegistrationMarker(baseDirectory)
     }
diff --git a/node/src/main/kotlin/net/corda/node/serialization/amqp/AMQPServerSerializationScheme.kt b/node/src/main/kotlin/net/corda/node/serialization/amqp/AMQPServerSerializationScheme.kt
index 8a07fcc4bb..ab801c9cde 100644
--- a/node/src/main/kotlin/net/corda/node/serialization/amqp/AMQPServerSerializationScheme.kt
+++ b/node/src/main/kotlin/net/corda/node/serialization/amqp/AMQPServerSerializationScheme.kt
@@ -4,6 +4,7 @@ import net.corda.core.cordapp.Cordapp
 import net.corda.core.internal.toSynchronised
 import net.corda.core.serialization.SerializationContext
 import net.corda.core.serialization.SerializationCustomSerializer
+import net.corda.core.serialization.SerializationWhitelist
 import net.corda.serialization.internal.CordaSerializationMagic
 import net.corda.serialization.internal.amqp.*
 import net.corda.serialization.internal.amqp.custom.RxNotificationSerializer
@@ -14,12 +15,13 @@ import net.corda.serialization.internal.amqp.custom.RxNotificationSerializer
  */
 class AMQPServerSerializationScheme(
         cordappCustomSerializers: Set<SerializationCustomSerializer<*, *>>,
+        cordappSerializationWhitelists: Set<SerializationWhitelist>,
         serializerFactoriesForContexts: MutableMap<SerializationFactoryCacheKey, SerializerFactory>
-) : AbstractAMQPSerializationScheme(cordappCustomSerializers, serializerFactoriesForContexts) {
-    constructor(cordapps: List<Cordapp>) : this(cordapps.customSerializers, AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised())
-    constructor(cordapps: List<Cordapp>, serializerFactoriesForContexts: MutableMap<SerializationFactoryCacheKey, SerializerFactory>) : this(cordapps.customSerializers, serializerFactoriesForContexts)
+) : AbstractAMQPSerializationScheme(cordappCustomSerializers, cordappSerializationWhitelists, serializerFactoriesForContexts) {
+    constructor(cordapps: List<Cordapp>) : this(cordapps.customSerializers, cordapps.serializationWhitelists, AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised())
+    constructor(cordapps: List<Cordapp>, serializerFactoriesForContexts: MutableMap<SerializationFactoryCacheKey, SerializerFactory>) : this(cordapps.customSerializers, cordapps.serializationWhitelists, serializerFactoriesForContexts)
 
-    constructor() : this(emptySet(), AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised() )
+    constructor() : this(emptySet(), emptySet(), AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised() )
 
     override fun rpcClientSerializerFactory(context: SerializationContext): SerializerFactory {
         throw UnsupportedOperationException()
diff --git a/node/src/main/kotlin/net/corda/node/services/CoreFlowHandlers.kt b/node/src/main/kotlin/net/corda/node/services/CoreFlowHandlers.kt
index 64c3a38cc8..f7bde34363 100644
--- a/node/src/main/kotlin/net/corda/node/services/CoreFlowHandlers.kt
+++ b/node/src/main/kotlin/net/corda/node/services/CoreFlowHandlers.kt
@@ -7,6 +7,7 @@ import net.corda.core.contracts.requireThat
 import net.corda.core.flows.*
 import net.corda.core.identity.Party
 import net.corda.core.internal.ContractUpgradeUtils
+import net.corda.core.internal.warnOnce
 import net.corda.core.node.StatesToRecord
 import net.corda.core.transactions.ContractUpgradeWireTransaction
 import net.corda.core.transactions.SignedTransaction
@@ -15,6 +16,7 @@ class FinalityHandler(val sender: FlowSession) : FlowLogic<Unit>() {
     @Suspendable
     override fun call() {
         subFlow(ReceiveTransactionFlow(sender, true, StatesToRecord.ONLY_RELEVANT))
+        logger.warnOnce("Insecure API to record finalised transaction was used by ${sender.counterparty} (${sender.getCounterpartyFlowInfo()})")
     }
 }
 
diff --git a/node/src/main/kotlin/net/corda/node/services/api/IdentityServiceInternal.kt b/node/src/main/kotlin/net/corda/node/services/api/IdentityServiceInternal.kt
index 07057b113a..070e5b0ed1 100644
--- a/node/src/main/kotlin/net/corda/node/services/api/IdentityServiceInternal.kt
+++ b/node/src/main/kotlin/net/corda/node/services/api/IdentityServiceInternal.kt
@@ -72,7 +72,7 @@ interface IdentityServiceInternal : IdentityService {
         }
         // Ensure we record the first identity of the same name, first
         val wellKnownCert = identityCertChain.single { CertRole.extract(it)?.isWellKnown ?: false }
-        if (wellKnownCert != identity.certificate) {
+        if (wellKnownCert != identity.certificate && !isNewRandomIdentity) {
             val idx = identityCertChain.lastIndexOf(wellKnownCert)
             val firstPath = X509Utilities.buildCertPath(identityCertChain.slice(idx until identityCertChain.size))
             verifyAndRegisterIdentity(trustAnchor, PartyAndCertificate(firstPath))
diff --git a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
index cf4f84c884..01836b6bc7 100644
--- a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
@@ -16,6 +16,8 @@ import net.corda.nodeapi.internal.config.MutualSslConfiguration
 import net.corda.nodeapi.internal.config.User
 import net.corda.nodeapi.internal.cryptoservice.CryptoService
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
+import net.corda.notary.experimental.bftsmart.BFTSmartConfig
+import net.corda.notary.experimental.raft.RaftConfig
 import net.corda.tools.shell.SSHDConfiguration
 import java.net.URL
 import java.nio.file.Path
@@ -34,6 +36,7 @@ interface NodeConfiguration {
     val security: SecurityConfiguration?
     val devMode: Boolean
     val devModeOptions: DevModeOptions?
+    @Deprecated(message = "Use of single compatibility zone URL is deprecated", replaceWith = ReplaceWith("networkServices.networkMapURL"))
     val compatibilityZoneURL: URL?
     val networkServices: NetworkServicesConfig?
     @Suppress("DEPRECATION")
@@ -140,7 +143,7 @@ data class NotaryConfig(
         /** The legal name of cluster in case of a distributed notary service. */
         val serviceLegalName: CordaX500Name? = null,
         /** The name of the notary service class to load. */
-        val className: String = "net.corda.node.services.transactions.SimpleNotaryService",
+        val className: String? = null,
         /**
          * If the wait time estimate on the internal queue exceeds this value, the notary may send
          * a wait time update to the client (implementation specific and dependent on the counter
@@ -148,7 +151,9 @@ data class NotaryConfig(
          */
         val etaMessageThresholdSeconds: Int = NotaryServiceFlow.defaultEstimatedWaitTime.seconds.toInt(),
         /** Notary implementation-specific configuration parameters. */
-        val extraConfig: Config? = null
+        val extraConfig: Config? = null,
+        val raft: RaftConfig? = null,
+        val bftSMaRt: BFTSmartConfig? = null
 )
 
 /**
diff --git a/node/src/main/kotlin/net/corda/node/services/config/schema/v1/ConfigSections.kt b/node/src/main/kotlin/net/corda/node/services/config/schema/v1/ConfigSections.kt
index c81c0390c4..882a254196 100644
--- a/node/src/main/kotlin/net/corda/node/services/config/schema/v1/ConfigSections.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/schema/v1/ConfigSections.kt
@@ -43,6 +43,8 @@ import net.corda.nodeapi.internal.config.User
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.nodeapi.internal.persistence.TransactionIsolationLevel
 import net.corda.nodeapi.internal.persistence.SchemaInitializationType
+import net.corda.notary.experimental.bftsmart.BFTSmartConfig
+import net.corda.notary.experimental.raft.RaftConfig
 import net.corda.tools.shell.SSHDConfiguration
 
 internal object UserSpec : Configuration.Specification<User>("User") {
@@ -165,15 +167,38 @@ internal object FlowTimeoutConfigurationSpec : Configuration.Specification<FlowT
 internal object NotaryConfigSpec : Configuration.Specification<NotaryConfig>("NotaryConfig") {
     private val validating by boolean()
     private val serviceLegalName by string().mapValid(::toCordaX500Name).optional()
-    private val className by string().optional().withDefaultValue("net.corda.node.services.transactions.SimpleNotaryService")
+    private val className by string().optional()
     private val etaMessageThresholdSeconds by int().optional().withDefaultValue(NotaryServiceFlow.defaultEstimatedWaitTime.seconds.toInt())
     private val extraConfig by nestedObject().map(ConfigObject::toConfig).optional()
+    private val raft by nested(RaftConfigSpec).optional()
+    private val bftSMaRt by nested(BFTSmartConfigSpec).optional()
 
     override fun parseValid(configuration: Config): Valid<NotaryConfig> {
-        return valid(NotaryConfig(configuration[validating], configuration[serviceLegalName], configuration[className], configuration[etaMessageThresholdSeconds], configuration[extraConfig]))
+        return valid(NotaryConfig(configuration[validating], configuration[serviceLegalName], configuration[className], configuration[etaMessageThresholdSeconds], configuration[extraConfig], configuration[raft], configuration[bftSMaRt]))
     }
 }
 
+internal object RaftConfigSpec : Configuration.Specification<RaftConfig>("RaftConfig") {
+    private val nodeAddress by string().mapValid(::toNetworkHostAndPort)
+    private val clusterAddresses by string().mapValid(::toNetworkHostAndPort).listOrEmpty()
+
+    override fun parseValid(configuration: Config): Valid<RaftConfig> {
+        return valid(RaftConfig(configuration[nodeAddress], configuration[clusterAddresses]))
+    }
+}
+
+internal object BFTSmartConfigSpec : Configuration.Specification<BFTSmartConfig>("BFTSmartConfig") {
+    private val replicaId by int()
+    private val clusterAddresses by string().mapValid(::toNetworkHostAndPort).listOrEmpty()
+    private val debug by boolean().optional().withDefaultValue(false)
+    private val exposeRaces by boolean().optional().withDefaultValue(false)
+
+    override fun parseValid(configuration: Config): Valid<BFTSmartConfig> {
+        return valid(BFTSmartConfig(configuration[replicaId], configuration[clusterAddresses], configuration[debug], configuration[exposeRaces]))
+    }
+}
+
+
 internal object NodeRpcSettingsSpec : Configuration.Specification<NodeRpcSettings>("NodeRpcSettings") {
     internal object BrokerRpcSslOptionsSpec : Configuration.Specification<BrokerRpcSslOptions>("BrokerRpcSslOptions") {
         private val keyStorePath by string().mapValid(::toPath)
diff --git a/node/src/main/kotlin/net/corda/node/services/identity/PersistentIdentityService.kt b/node/src/main/kotlin/net/corda/node/services/identity/PersistentIdentityService.kt
index 32cd247bb3..712d96f5ca 100644
--- a/node/src/main/kotlin/net/corda/node/services/identity/PersistentIdentityService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/identity/PersistentIdentityService.kt
@@ -188,12 +188,10 @@ class PersistentIdentityService(cacheFactory: NamedCacheFactory) : SingletonSeri
 
     lateinit var ourNames: Set<CordaX500Name>
 
-    // Allows us to cheaply eliminate keys we know belong to others by using the cache contents without triggering loading.
-    fun stripCachedPeerKeys(keys: Iterable<PublicKey>): Iterable<PublicKey> {
-        return keys.filter {
-            val party = keyToParties.getIfCached(mapToKey(it))?.party?.name
-            party == null || party in ourNames
-        }
+    // Allows us to eliminate keys we know belong to others by using the cache contents that might have been seen during other identity activity.
+    // Concentrating activity on the identity cache works better than spreading checking across identity and key management, because we cache misses too.
+    fun stripNotOurKeys(keys: Iterable<PublicKey>): Iterable<PublicKey> {
+        return keys.filter { certificateFromKey(it)?.name in ourNames }
     }
 
 }
diff --git a/node/src/main/kotlin/net/corda/node/services/keys/BasicHSMKeyManagementService.kt b/node/src/main/kotlin/net/corda/node/services/keys/BasicHSMKeyManagementService.kt
index ba5329daa6..bda7ca928f 100644
--- a/node/src/main/kotlin/net/corda/node/services/keys/BasicHSMKeyManagementService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/keys/BasicHSMKeyManagementService.kt
@@ -1,13 +1,13 @@
 package net.corda.node.services.keys
 
 import net.corda.core.crypto.*
+import net.corda.core.crypto.internal.AliasPrivateKey
 import net.corda.core.identity.PartyAndCertificate
 import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.serialization.SingletonSerializeAsToken
 import net.corda.core.serialization.serialize
 import net.corda.core.utilities.MAX_HASH_HEX_SIZE
 import net.corda.node.services.identity.PersistentIdentityService
-import net.corda.core.crypto.internal.AliasPrivateKey
 import net.corda.node.utilities.AppendOnlyPersistentMap
 import net.corda.nodeapi.internal.cryptoservice.CryptoService
 import net.corda.nodeapi.internal.persistence.CordaPersistence
@@ -103,7 +103,7 @@ class BasicHSMKeyManagementService(cacheFactory: NamedCacheFactory, val identity
     }
 
     override fun filterMyKeys(candidateKeys: Iterable<PublicKey>): Iterable<PublicKey> = database.transaction {
-        identityService.stripCachedPeerKeys(candidateKeys).filter { containsPublicKey(it) } // TODO: bulk cache access.
+        identityService.stripNotOurKeys(candidateKeys)
     }
 
     // Unlike initial keys, freshkey() is related confidential keys and it utilises platform's software key generation
diff --git a/node/src/main/kotlin/net/corda/node/services/keys/PersistentKeyManagementService.kt b/node/src/main/kotlin/net/corda/node/services/keys/PersistentKeyManagementService.kt
index b3a3a7892f..74a022fadb 100644
--- a/node/src/main/kotlin/net/corda/node/services/keys/PersistentKeyManagementService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/keys/PersistentKeyManagementService.kt
@@ -71,7 +71,7 @@ class PersistentKeyManagementService(cacheFactory: NamedCacheFactory, val identi
     override val keys: Set<PublicKey> get() = database.transaction { keysMap.allPersisted().map { it.first }.toSet() }
 
     override fun filterMyKeys(candidateKeys: Iterable<PublicKey>): Iterable<PublicKey> = database.transaction {
-        identityService.stripCachedPeerKeys(candidateKeys).filter { keysMap[it] != null } // TODO: bulk cache access.
+        identityService.stripNotOurKeys(candidateKeys)
     }
 
     override fun freshKey(): PublicKey {
diff --git a/node/src/main/kotlin/net/corda/node/services/network/NetworkMapUpdater.kt b/node/src/main/kotlin/net/corda/node/services/network/NetworkMapUpdater.kt
index 899cb975c9..a3e4ca8ab2 100644
--- a/node/src/main/kotlin/net/corda/node/services/network/NetworkMapUpdater.kt
+++ b/node/src/main/kotlin/net/corda/node/services/network/NetworkMapUpdater.kt
@@ -13,7 +13,7 @@ import net.corda.core.node.services.KeyManagementService
 import net.corda.core.serialization.serialize
 import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.minutes
-import net.corda.node.internal.NetworkParametersStorageInternal
+import net.corda.node.internal.NetworkParametersStorage
 import net.corda.node.services.api.NetworkMapCacheInternal
 import net.corda.node.services.config.NetworkParameterAcceptanceSettings
 import net.corda.node.utilities.NamedThreadFactory
@@ -41,7 +41,7 @@ class NetworkMapUpdater(private val networkMapCache: NetworkMapCacheInternal,
                         private val networkMapClient: NetworkMapClient?,
                         private val baseDirectory: Path,
                         private val extraNetworkMapKeys: List<UUID>,
-                        private val networkParametersStorage: NetworkParametersStorageInternal
+                        private val networkParametersStorage: NetworkParametersStorage
 ) : AutoCloseable {
     companion object {
         private val logger = contextLogger()
diff --git a/node/src/main/kotlin/net/corda/node/services/persistence/NodeAttachmentService.kt b/node/src/main/kotlin/net/corda/node/services/persistence/NodeAttachmentService.kt
index 985e7693fc..ddbcf4b675 100644
--- a/node/src/main/kotlin/net/corda/node/services/persistence/NodeAttachmentService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/persistence/NodeAttachmentService.kt
@@ -29,6 +29,7 @@ import net.corda.node.utilities.InfrequentlyMutatedCache
 import net.corda.node.utilities.NonInvalidatingCache
 import net.corda.node.utilities.NonInvalidatingWeightBasedCache
 import net.corda.nodeapi.exceptions.DuplicateAttachmentException
+import net.corda.nodeapi.exceptions.DuplicateContractClassException
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.NODE_DATABASE_PREFIX
 import net.corda.nodeapi.internal.persistence.currentDBSession
@@ -305,11 +306,42 @@ class NodeAttachmentService(
         currentDBSession().find(NodeAttachmentService.DBAttachment::class.java, attachmentId.toString()) != null
     }
 
+    private fun verifyVersionUniquenessForSignedAttachments(contractClassNames: List<ContractClassName>, contractVersion: Int, signers: List<PublicKey>?){
+        if (signers != null && signers.isNotEmpty()) {
+            contractClassNames.forEach {
+                val existingContractsImplementations = queryAttachments(AttachmentQueryCriteria.AttachmentsQueryCriteria(
+                        contractClassNamesCondition = Builder.equal(listOf(it)),
+                        versionCondition = Builder.equal(contractVersion),
+                        uploaderCondition = Builder.`in`(TRUSTED_UPLOADERS),
+                        isSignedCondition = Builder.equal(true))
+                )
+                if (existingContractsImplementations.isNotEmpty()) {
+                    throw DuplicateContractClassException(it, contractVersion, existingContractsImplementations.map { it.toString() })
+                }
+            }
+        }
+    }
+
+    private fun increaseDefaultVersionIfWhitelistedAttachment(contractClassNames: List<ContractClassName>, contractVersionFromFile: Int, attachmentId : AttachmentId) =
+        if (contractVersionFromFile == DEFAULT_CORDAPP_VERSION) {
+            val versions = contractClassNames.mapNotNull { servicesForResolution.networkParameters.whitelistedContractImplementations[it]?.indexOf(attachmentId) }.filter { it >= 0 }.map { it + 1 } // +1 as versions starts from 1 not 0
+            val max = versions.max()
+            if (max != null && max > contractVersionFromFile) {
+                val msg = "Updating version of attachment $attachmentId from '$contractVersionFromFile' to '$max'"
+                if (versions.toSet().size > 1)
+                    log.warn("Several versions based on whitelistedContractImplementations position are available: ${versions.toSet()}. $msg")
+                else
+                    log.debug(msg)
+                max
+            } else contractVersionFromFile
+        }
+        else contractVersionFromFile
+
     // TODO: PLT-147: The attachment should be randomised to prevent brute force guessing and thus privacy leaks.
     private fun import(jar: InputStream, uploader: String?, filename: String?): AttachmentId {
         return database.transaction {
             withContractsInJar(jar) { contractClassNames, inputStream ->
-                require(inputStream !is JarInputStream){"Input stream must not be a JarInputStream"}
+                require(inputStream !is JarInputStream) { "Input stream must not be a JarInputStream" }
 
                 // Read the file into RAM and then calculate its hash. The attachment must fit into memory.
                 // TODO: Switch to a two-phase insert so we can handle attachments larger than RAM.
@@ -322,8 +354,11 @@ class NodeAttachmentService(
                 if (!hasAttachment(id)) {
                     checkIsAValidJAR(bytes.inputStream())
                     val jarSigners = getSigners(bytes)
-                    val contractVersion = getVersion(bytes)
+                    val contractVersion = increaseDefaultVersionIfWhitelistedAttachment(contractClassNames, getVersion(bytes), id)
                     val session = currentDBSession()
+
+                    verifyVersionUniquenessForSignedAttachments(contractClassNames, contractVersion, jarSigners)
+
                     val attachment = NodeAttachmentService.DBAttachment(
                             attId = id.toString(),
                             content = bytes,
@@ -335,23 +370,28 @@ class NodeAttachmentService(
                     )
                     session.save(attachment)
                     attachmentCount.inc()
-                    log.info("Stored new attachment $id")
+                    log.info("Stored new attachment: id=$id uploader=$uploader filename=$filename")
                     contractClassNames.forEach { contractsCache.invalidate(it) }
                     return@withContractsInJar id
                 }
                 if (isUploaderTrusted(uploader)) {
                     val session = currentDBSession()
                     val attachment = session.get(NodeAttachmentService.DBAttachment::class.java, id.toString())
-                    // update the `upLoader` field (as the existing attachment may have been resolved from a peer)
+                    // update the `uploader` field (as the existing attachment may have been resolved from a peer)
                     if (attachment.uploader != uploader) {
+                        verifyVersionUniquenessForSignedAttachments(contractClassNames, attachment.version, attachment.signers)
                         attachment.uploader = uploader
                         session.saveOrUpdate(attachment)
                         log.info("Updated attachment $id with uploader $uploader")
                         contractClassNames.forEach { contractsCache.invalidate(it) }
-                        // TODO: this is racey. ENT-2870
-                        attachmentCache.invalidate(id)
-                        attachmentContentCache.invalidate(id)
+                        loadAttachmentContent(id)?.let { attachmentAndContent ->
+                            // TODO: this is racey. ENT-2870
+                            attachmentContentCache.put(id, Optional.of(attachmentAndContent))
+                            attachmentCache.put(id, Optional.of(attachmentAndContent.first))
+                        }
+                        return@withContractsInJar id
                     }
+                    // If the uploader is the same, throw the exception because the attachment cannot be overridden by the same uploader.
                 }
                 throw DuplicateAttachmentException(id.toString())
             }
@@ -359,16 +399,16 @@ class NodeAttachmentService(
     }
 
     private fun getSigners(attachmentBytes: ByteArray) =
-        JarSignatureCollector.collectSigners(JarInputStream(attachmentBytes.inputStream()))
+            JarSignatureCollector.collectSigners(JarInputStream(attachmentBytes.inputStream()))
 
     private fun getVersion(attachmentBytes: ByteArray) =
-        JarInputStream(attachmentBytes.inputStream()).use {
-            try {
-                it.manifest?.mainAttributes?.getValue(CORDAPP_CONTRACT_VERSION)?.toInt() ?: DEFAULT_CORDAPP_VERSION
-            } catch (e: NumberFormatException) {
-                DEFAULT_CORDAPP_VERSION
+            JarInputStream(attachmentBytes.inputStream()).use {
+                try {
+                    it.manifest?.mainAttributes?.getValue(CORDAPP_CONTRACT_VERSION)?.toInt() ?: DEFAULT_CORDAPP_VERSION
+                } catch (e: NumberFormatException) {
+                    DEFAULT_CORDAPP_VERSION
+                }
             }
-        }
 
     @Suppress("OverridingDeprecatedMember")
     override fun importOrGetAttachment(jar: InputStream): AttachmentId {
@@ -409,8 +449,8 @@ class NodeAttachmentService(
         }
 
         fun toList(): List<AttachmentId> =
-                if(signed != null) {
-                    if(unsigned != null) {
+                if (signed != null) {
+                    if (unsigned != null) {
                         listOf(signed, unsigned)
                     } else listOf(signed)
                 } else listOf(unsigned!!)
@@ -426,7 +466,8 @@ class NodeAttachmentService(
     private fun getContractAttachmentVersions(contractClassName: String): NavigableMap<Version, AttachmentIds> = contractsCache.get(contractClassName) { name ->
         val attachmentQueryCriteria = AttachmentQueryCriteria.AttachmentsQueryCriteria(contractClassNamesCondition = Builder.equal(listOf(name)),
                 versionCondition = Builder.greaterThanOrEqual(0), uploaderCondition = Builder.`in`(TRUSTED_UPLOADERS))
-        val attachmentSort = AttachmentSort(listOf(AttachmentSort.AttachmentSortColumn(AttachmentSort.AttachmentSortAttribute.VERSION, Sort.Direction.DESC)))
+        val attachmentSort = AttachmentSort(listOf(AttachmentSort.AttachmentSortColumn(AttachmentSort.AttachmentSortAttribute.VERSION, Sort.Direction.DESC),
+                AttachmentSort.AttachmentSortColumn(AttachmentSort.AttachmentSortAttribute.INSERTION_DATE, Sort.Direction.DESC)))
         database.transaction {
             val session = currentDBSession()
             val criteriaBuilder = session.criteriaBuilder
@@ -443,15 +484,17 @@ class NodeAttachmentService(
             val query = session.createQuery(criteriaQuery)
 
             // execution
-            TreeMap(query.resultList.groupBy { it.version }.map { makeAttachmentIds(it) }.toMap())
+            TreeMap(query.resultList.groupBy { it.version }.map { makeAttachmentIds(it, name) }.toMap())
         }
     }
 
-    private fun makeAttachmentIds(it: Map.Entry<Int, List<DBAttachment>>): Pair<Version, AttachmentIds> {
-        check(it.value.size <= 2)
-        val signed = it.value.filter { it.signers?.isNotEmpty() ?: false }.map { AttachmentId.parse(it.attId) }.singleOrNull()
-        val unsigned = it.value.filter { it.signers?.isEmpty() ?: true }.map { AttachmentId.parse(it.attId) }.singleOrNull()
-        return it.key to AttachmentIds(signed, unsigned)
+    private fun makeAttachmentIds(it: Map.Entry<Int, List<DBAttachment>>, contractClassName: String): Pair<Version, AttachmentIds> {
+        val signed = it.value.filter { it.signers?.isNotEmpty() ?: false }.map { AttachmentId.parse(it.attId) }
+        check (signed.size <= 1) //sanity check
+        val unsigned = it.value.filter { it.signers?.isEmpty() ?: true }.map { AttachmentId.parse(it.attId) }
+        if (unsigned.size > 1)
+            log.warn("Selecting attachment ${unsigned.first()} from duplicated, unsigned attachments ${unsigned.map { it.toString() }} for contract $contractClassName version '${it.key}'.")
+        return it.key to AttachmentIds(signed.singleOrNull(), unsigned.firstOrNull())
     }
 
     override fun getContractAttachmentWithHighestContractVersion(contractClassName: String, minContractVersion: Int): AttachmentId? {
@@ -464,5 +507,4 @@ class NodeAttachmentService(
         val versions: NavigableMap<Version, AttachmentIds> = getContractAttachmentVersions(contractClassName)
         return versions.values.flatMap { it.toList() }.toSet()
     }
-
 }
\ No newline at end of file
diff --git a/node/src/main/kotlin/net/corda/node/services/schema/NodeSchemaService.kt b/node/src/main/kotlin/net/corda/node/services/schema/NodeSchemaService.kt
index 5be4d20fb2..460e4b2e24 100644
--- a/node/src/main/kotlin/net/corda/node/services/schema/NodeSchemaService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/schema/NodeSchemaService.kt
@@ -60,7 +60,8 @@ class NodeSchemaService(private val extraSchemas: Set<MappedSchema> = emptySet()
     fun internalSchemas() = requiredSchemas.keys + extraSchemas.filter { schema -> // when mapped schemas from the finance module are present, they are considered as internal ones
         schema::class.qualifiedName == "net.corda.finance.schemas.CashSchemaV1" ||
                 schema::class.qualifiedName == "net.corda.finance.schemas.CommercialPaperSchemaV1" ||
-                schema::class.qualifiedName == "net.corda.node.services.transactions.NodeNotarySchemaV1"
+                schema::class.qualifiedName == "net.corda.node.services.transactions.NodeNotarySchemaV1" ||
+                schema::class.qualifiedName?.startsWith("net.corda.notary.") ?: false
     }
 
     override val schemaOptions: Map<MappedSchema, SchemaService.SchemaOptions> = requiredSchemas + extraSchemas.associateBy({ it }, { SchemaOptions() })
diff --git a/node/src/main/kotlin/net/corda/node/services/transactions/InMemoryTransactionVerifierService.kt b/node/src/main/kotlin/net/corda/node/services/transactions/InMemoryTransactionVerifierService.kt
index 6a419e40f1..a567ff0026 100644
--- a/node/src/main/kotlin/net/corda/node/services/transactions/InMemoryTransactionVerifierService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/transactions/InMemoryTransactionVerifierService.kt
@@ -1,13 +1,28 @@
 package net.corda.node.services.transactions
 
-import net.corda.core.internal.concurrent.fork
+import net.corda.core.concurrent.CordaFuture
+import net.corda.core.contracts.Attachment
+import net.corda.core.internal.TransactionVerifierServiceInternal
+import net.corda.core.internal.concurrent.openFuture
+import net.corda.core.internal.prepareVerify
 import net.corda.core.node.services.TransactionVerifierService
 import net.corda.core.serialization.SingletonSerializeAsToken
 import net.corda.core.transactions.LedgerTransaction
-import java.util.concurrent.Executors
+import net.corda.nodeapi.internal.persistence.withoutDatabaseAccess
 
-class InMemoryTransactionVerifierService(numberOfWorkers: Int) : SingletonSerializeAsToken(), TransactionVerifierService, AutoCloseable {
-    private val workerPool = Executors.newFixedThreadPool(numberOfWorkers)
-    override fun verify(transaction: LedgerTransaction) = workerPool.fork(transaction::verify)
-    override fun close() = workerPool.shutdown()
+class InMemoryTransactionVerifierService(numberOfWorkers: Int) : SingletonSerializeAsToken(), TransactionVerifierService, TransactionVerifierServiceInternal, AutoCloseable {
+    override fun verify(transaction: LedgerTransaction): CordaFuture<Unit> = this.verify(transaction, emptyList())
+
+    override fun verify(transaction: LedgerTransaction, extraAttachments: List<Attachment>): CordaFuture<Unit> {
+        return openFuture<Unit>().apply {
+            capture {
+                val verifier = transaction.prepareVerify(extraAttachments)
+                withoutDatabaseAccess {
+                    verifier.verify()
+                }
+            }
+        }
+    }
+
+    override fun close() {}
 }
diff --git a/node/src/main/kotlin/net/corda/node/services/transactions/NonValidatingNotaryFlow.kt b/node/src/main/kotlin/net/corda/node/services/transactions/NonValidatingNotaryFlow.kt
index a0b48a76cf..6d34720b2f 100644
--- a/node/src/main/kotlin/net/corda/node/services/transactions/NonValidatingNotaryFlow.kt
+++ b/node/src/main/kotlin/net/corda/node/services/transactions/NonValidatingNotaryFlow.kt
@@ -72,13 +72,13 @@ class NonValidatingNotaryFlow(otherSideSession: FlowSession, service: SinglePart
             if (attachedParameterHash == null) {
                 throw IllegalArgumentException("Transaction must contain network parameters.")
             }
-            val attachedParameters = serviceHub.networkParametersStorage.lookup(attachedParameterHash)
+            val attachedParameters = serviceHub.networkParametersService.lookup(attachedParameterHash)
                     ?: throw IllegalStateException("Unable to resolve network parameters from hash: $attachedParameterHash")
 
             checkInWhitelist(attachedParameters, notary)
         } else {
             // Using current network parameters for platform versions 3 or earlier.
-            val defaultParams = with(serviceHub.networkParametersStorage) {
+            val defaultParams = with(serviceHub.networkParametersService) {
                 lookup(currentHash)
                         ?: throw IllegalStateException("Unable to verify whether the notary $notary is whitelisted: current network parameters not set.")
             }
diff --git a/node/src/main/kotlin/net/corda/node/services/vault/HibernateQueryCriteriaParser.kt b/node/src/main/kotlin/net/corda/node/services/vault/HibernateQueryCriteriaParser.kt
index 358c35a4cc..3e0a72fe67 100644
--- a/node/src/main/kotlin/net/corda/node/services/vault/HibernateQueryCriteriaParser.kt
+++ b/node/src/main/kotlin/net/corda/node/services/vault/HibernateQueryCriteriaParser.kt
@@ -231,11 +231,12 @@ class HibernateAttachmentQueryCriteriaParser(override val criteriaBuilder: Crite
         }
 
         criteria.isSignedCondition?.let { isSigned ->
-            val joinDBAttachmentToSigners = root.joinList<NodeAttachmentService.DBAttachment, PublicKey>("signers")
-            if (isSigned == Builder.equal(true))
+            if (isSigned == Builder.equal(true)) {
+                val joinDBAttachmentToSigners = root.joinList<NodeAttachmentService.DBAttachment, PublicKey>("signers")
                 predicateSet.add(criteriaBuilder.and(joinDBAttachmentToSigners.isNotNull))
-            else
-                predicateSet.add(criteriaBuilder.and(joinDBAttachmentToSigners.isNull))
+            } else {
+                predicateSet.add(criteriaBuilder.equal(criteriaBuilder.size(root.get<List<PublicKey>?>("signers")),0))
+            }
         }
 
         criteria.versionCondition?.let {
diff --git a/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt b/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt
index 1b79ecfe92..2b33863632 100644
--- a/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt
@@ -16,6 +16,7 @@ import net.corda.core.schemas.PersistentStateRef
 import net.corda.core.serialization.SingletonSerializeAsToken
 import net.corda.core.transactions.*
 import net.corda.core.utilities.*
+import net.corda.node.cordapp.CordappLoader
 import net.corda.node.services.api.SchemaService
 import net.corda.node.services.api.VaultServiceInternal
 import net.corda.node.services.schema.PersistentStateService
@@ -57,7 +58,8 @@ class NodeVaultService(
         private val keyManagementService: KeyManagementService,
         private val servicesForResolution: ServicesForResolution,
         private val database: CordaPersistence,
-        private val schemaService: SchemaService
+        private val schemaService: SchemaService,
+        private val appClassloader: ClassLoader
 ) : SingletonSerializeAsToken(), VaultServiceInternal {
     private companion object {
         private val log = contextLogger()
@@ -637,7 +639,7 @@ class NodeVaultService(
         val unknownTypes = mutableSetOf<String>()
         distinctTypes.forEach { type ->
             val concreteType: Class<ContractState>? = try {
-                uncheckedCast(Class.forName(type))
+                uncheckedCast(Class.forName(type, true, appClassloader))
             } catch (e: ClassNotFoundException) {
                 unknownTypes += type
                 null
diff --git a/node/src/main/kotlin/net/corda/node/utilities/AppendOnlyPersistentMap.kt b/node/src/main/kotlin/net/corda/node/utilities/AppendOnlyPersistentMap.kt
index 84c344025c..0f15fae4b8 100644
--- a/node/src/main/kotlin/net/corda/node/utilities/AppendOnlyPersistentMap.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/AppendOnlyPersistentMap.kt
@@ -8,8 +8,7 @@ import net.corda.nodeapi.internal.persistence.DatabaseTransaction
 import net.corda.nodeapi.internal.persistence.contextTransaction
 import net.corda.nodeapi.internal.persistence.currentDBSession
 import java.lang.ref.WeakReference
-import java.util.HashSet
-import java.util.NoSuchElementException
+import java.util.*
 import java.util.concurrent.ConcurrentHashMap
 import java.util.concurrent.atomic.AtomicBoolean
 import java.util.concurrent.atomic.AtomicReference
@@ -137,19 +136,6 @@ abstract class AppendOnlyPersistentMapBase<K, V, E, out EK>(
 
     operator fun contains(key: K) = get(key) != null
 
-    /**
-     * Allow checking the cache content without falling back to database if there's a miss.
-     *
-     * @param key The cache key
-     * @return The value in the cache, or null if not present.
-     */
-    fun getIfCached(key: K): V? {
-        val transactional = cache.getIfPresent(key!!)
-        return if (transactional?.isPresent ?: false) {
-            transactional?.value
-        } else null
-    }
-
     /**
      * Removes all of the mappings from this map and underlying storage. The map will be empty after this call returns.
      * WARNING!! The method is not thread safe.
diff --git a/node/src/main/kotlin/net/corda/node/utilities/NotaryLoader.kt b/node/src/main/kotlin/net/corda/node/utilities/NotaryLoader.kt
new file mode 100644
index 0000000000..d221af2607
--- /dev/null
+++ b/node/src/main/kotlin/net/corda/node/utilities/NotaryLoader.kt
@@ -0,0 +1,93 @@
+package net.corda.node.utilities
+
+import net.corda.core.identity.PartyAndCertificate
+import net.corda.core.internal.cordapp.CordappImpl
+import net.corda.core.internal.notary.NotaryService
+import net.corda.core.utilities.contextLogger
+import net.corda.node.SerialFilter
+import net.corda.node.VersionInfo
+import net.corda.node.cordapp.CordappLoader
+import net.corda.node.internal.cordapp.VirtualCordapp
+import net.corda.node.services.api.ServiceHubInternal
+import net.corda.node.services.config.NotaryConfig
+import net.corda.node.services.transactions.SimpleNotaryService
+import net.corda.notary.experimental.bftsmart.BFTSmartNotaryService
+import net.corda.notary.experimental.raft.RaftNotaryService
+import java.security.PublicKey
+
+class NotaryLoader(
+        private val config: NotaryConfig,
+        versionInfo: VersionInfo
+) {
+    companion object {
+        private val log = contextLogger()
+    }
+
+    /**
+     * A virtual CorDapp containing the notary implementation if one of the built-in notaries is used.
+     * [Null] if a notary implementation is expected to be loaded from an external CorDapp.
+     */
+    val builtInNotary: CordappImpl?
+    private val builtInServiceClass: Class<out NotaryService>?
+
+    init {
+        builtInServiceClass = if (config.className.isNullOrBlank()) {
+            // Using a built-in notary
+            when {
+                config.bftSMaRt != null -> {
+                    builtInNotary = VirtualCordapp.generateBFTSmartNotary(versionInfo)
+                    BFTSmartNotaryService::class.java
+                }
+                config.raft != null -> {
+                    builtInNotary = VirtualCordapp.generateRaftNotary(versionInfo)
+                    RaftNotaryService::class.java
+                }
+                else -> {
+                    builtInNotary = VirtualCordapp.generateSimpleNotary(versionInfo)
+                    SimpleNotaryService::class.java
+                }
+            }
+        } else {
+            // Using a notary from an external CorDapp
+            builtInNotary = null
+            null
+        }
+    }
+
+    fun loadService(myNotaryIdentity: PartyAndCertificate?, services: ServiceHubInternal, cordappLoader: CordappLoader): NotaryService {
+        val serviceClass = builtInServiceClass ?: scanCorDapps(cordappLoader)
+        log.info("Starting notary service: $serviceClass")
+
+        val notaryKey = myNotaryIdentity?.owningKey
+                ?: throw IllegalArgumentException("Unable to start notary service $serviceClass: notary identity not found")
+
+        /** Some notary implementations only work with Java serialization. */
+        maybeInstallSerializationFilter(serviceClass)
+
+        val constructor = serviceClass
+                .getDeclaredConstructor(ServiceHubInternal::class.java, PublicKey::class.java)
+                .apply { isAccessible = true }
+        return constructor.newInstance(services, notaryKey)
+    }
+
+    /** Looks for the config specified notary service implementation in loaded CorDapps. This mechanism is for internal use only. */
+    private fun scanCorDapps(cordappLoader: CordappLoader): Class<out NotaryService> {
+        val loadedImplementations = cordappLoader.cordapps.mapNotNull { it.notaryService }
+        log.debug("Notary service implementations found: ${loadedImplementations.joinToString(", ")}")
+        return loadedImplementations.firstOrNull { it.name == config.className }
+                ?: throw IllegalArgumentException("The notary service implementation specified in the configuration: ${config.className} is not found. Available implementations: ${loadedImplementations.joinToString(", ")}}")
+    }
+
+    /** Installs a custom serialization filter defined by a notary service implementation. Only supported in dev mode. */
+    private fun maybeInstallSerializationFilter(serviceClass: Class<out NotaryService>) {
+        try {
+            @Suppress("UNCHECKED_CAST")
+            val filter = serviceClass
+                    .getDeclaredMethod("getSerializationFilter")
+                    .invoke(null) as ((Class<*>) -> Boolean)
+            SerialFilter.install(filter)
+        } catch (e: NoSuchMethodException) {
+            // No custom serialization filter declared
+        }
+    }
+}
\ No newline at end of file
diff --git a/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt b/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
index 58cea399d2..d1cc073a7b 100644
--- a/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
@@ -43,7 +43,9 @@ open class NetworkRegistrationHelper(
         networkRootTrustStorePassword: String,
         private val nodeCaKeyAlias: String,
         private val certRole: CertRole,
-        private val nextIdleDuration: (Duration?) -> Duration? = FixedPeriodLimitedRetrialStrategy(10, Duration.ofMinutes(1))
+        private val nextIdleDuration: (Duration?) -> Duration? = FixedPeriodLimitedRetrialStrategy(10, Duration.ofMinutes(1)),
+        protected val logProgress: (String) -> Unit = ::println,
+        protected val logError: (String) -> Unit = System.err::println
 ) {
 
     companion object {
@@ -86,7 +88,7 @@ open class NetworkRegistrationHelper(
 
         // SELF_SIGNED_PRIVATE_KEY is used as progress indicator.
         if (certStore.contains(nodeCaKeyAlias) && !certStore.contains(SELF_SIGNED_PRIVATE_KEY)) {
-            println("Certificate already exists, Corda node will now terminate...")
+            logProgress("Certificate already exists, Corda node will now terminate...")
             return
         }
 
@@ -106,7 +108,7 @@ open class NetworkRegistrationHelper(
         certStore.setCertPathOnly(nodeCaKeyAlias, nodeCaCertificates)
         certStore.value.internal.deleteEntry(SELF_SIGNED_PRIVATE_KEY)
         certStore.value.save()
-        println("Private key '$nodeCaKeyAlias' and its certificate-chain stored successfully.")
+        logProgress("Private key '$nodeCaKeyAlias' and its certificate-chain stored successfully.")
 
         onSuccess(nodeCaPublicKey, cryptoService.getSigner(nodeCaKeyAlias), nodeCaCertificates, tlsCrlIssuerCert?.subjectX500Principal?.toX500Name())
         // All done, clean up temp files.
@@ -124,9 +126,9 @@ open class NetworkRegistrationHelper(
     private fun getTlsCrlIssuerCert(): X509Certificate? {
         val tlsCrlIssuerCert = validateAndGetTlsCrlIssuerCert()
         if (tlsCrlIssuerCert == null && isTlsCrlIssuerCertRequired()) {
-            System.err.println("""tlsCrlIssuerCert config does not match the root certificate issuer and nor is there any other certificate in the trust store with a matching issuer.
+            logError("""tlsCrlIssuerCert config does not match the root certificate issuer and nor is there any other certificate in the trust store with a matching issuer.
                     | Please make sure the config is correct or that the correct certificate for the CRL issuer is added to the node's trust store.
-                    | The node will now terminate.""".trimMargin())
+                    | The node registration will now terminate.""".trimMargin())
             throw IllegalArgumentException("TLS CRL issuer certificate not found in the trust store.")
         }
         return tlsCrlIssuerCert
@@ -161,7 +163,7 @@ open class NetworkRegistrationHelper(
 
         // Validate certificate chain returned from the doorman with the root cert obtained via out-of-band process, to prevent MITM attack on doorman server.
         X509Utilities.validateCertificateChain(rootCert, certificates)
-        println("Certificate signing request approved, storing private key with the certificate chain.")
+        logProgress("Certificate signing request approved, storing private key with the certificate chain.")
     }
 
     private fun CertificateStore.loadOrCreateKeyPair(alias: String, entryPassword: String = password): KeyPair {
@@ -188,7 +190,7 @@ open class NetworkRegistrationHelper(
      */
     private fun pollServerForCertificates(requestId: String): List<X509Certificate> {
         try {
-            println("Start polling server for certificate signing approval.")
+            logProgress("Start polling server for certificate signing approval.")
             // Poll server to download the signed certificate once request has been approved.
             var idlePeriodDuration: Duration? = null
             while (true) {
@@ -209,9 +211,9 @@ open class NetworkRegistrationHelper(
                 }
             }
         } catch (certificateRequestException: CertificateRequestException) {
-            System.err.println(certificateRequestException.message)
-            System.err.println("Please make sure the details in configuration file are correct and try again.")
-            System.err.println("Corda node will now terminate.")
+            certificateRequestException.message?.let { logError(it) }
+            logError("Please make sure the details in configuration file are correct and try again.")
+            logError("Corda node registration will now terminate.")
             requestIdStore.deleteIfExists()
             throw certificateRequestException
         }
@@ -233,24 +235,21 @@ open class NetworkRegistrationHelper(
                 JcaPEMWriter(writer).use {
                     it.writeObject(PemObject("CERTIFICATE REQUEST", request.encoded))
                 }
-                println("Certificate signing request with the following information will be submitted to the Corda certificate signing server.")
-                println()
-                println("Legal Name: $myLegalName")
-                println("Email: $emailAddress")
-                println()
-                println("Public Key: $publicKey")
-                println()
-                println("$writer")
+                logProgress("Certificate signing request with the following information will be submitted to the Corda certificate signing server.")
+                logProgress("Legal Name: $myLegalName")
+                logProgress("Email: $emailAddress")
+                logProgress("Public Key: $publicKey")
+                logProgress("$writer")
                 // Post request to signing server via http.
-                println("Submitting certificate signing request to Corda certificate signing server.")
+                logProgress("Submitting certificate signing request to Corda certificate signing server.")
                 val requestId = certService.submitRequest(request)
                 // Persists request ID to file in case of node shutdown.
                 requestIdStore.writeLines(listOf(requestId))
-                println("Successfully submitted request to Corda certificate signing server, request ID: $requestId.")
+                logProgress("Successfully submitted request to Corda certificate signing server, request ID: $requestId.")
                 requestId
             } else {
                 val requestId = requestIdStore.readLines { it.findFirst().get() }
-                println("Resuming from previous certificate signing request, request ID: $requestId.")
+                logProgress("Resuming from previous certificate signing request, request ID: $requestId.")
                 requestId
             }
         } catch (e: Exception) {
@@ -274,15 +273,19 @@ class NodeRegistrationException(
 
 class NodeRegistrationHelper(
         private val config: NodeConfiguration,
-        certService: NetworkRegistrationService, regConfig: NodeRegistrationOption, computeNextIdleDoormanConnectionPollInterval: (Duration?) -> Duration? = FixedPeriodLimitedRetrialStrategy(10, Duration.ofMinutes(1))) :
-        NetworkRegistrationHelper(
-                config,
-                certService,
-                regConfig.networkRootTrustStorePath,
-                regConfig.networkRootTrustStorePassword,
-                CORDA_CLIENT_CA,
-                CertRole.NODE_CA,
-                computeNextIdleDoormanConnectionPollInterval) {
+        certService: NetworkRegistrationService,
+        regConfig: NodeRegistrationOption,
+        computeNextIdleDoormanConnectionPollInterval: (Duration?) -> Duration? = FixedPeriodLimitedRetrialStrategy(10, Duration.ofMinutes(1)),
+        logProgress: (String) -> Unit = ::println,
+        logError: (String) -> Unit = System.err::println) :
+            NetworkRegistrationHelper(
+                    config,
+                    certService,
+                    regConfig.networkRootTrustStorePath,
+                    regConfig.networkRootTrustStorePassword,
+                    CORDA_CLIENT_CA,
+                    CertRole.NODE_CA,
+                    computeNextIdleDoormanConnectionPollInterval, logProgress, logError) {
 
     companion object {
         val logger = contextLogger()
@@ -297,7 +300,7 @@ class NodeRegistrationHelper(
         val keyStore = config.p2pSslOptions.keyStore
         val certificateStore = keyStore.get(createNew = true)
         certificateStore.update {
-            println("Generating SSL certificate for node messaging service.")
+            logProgress("Generating SSL certificate for node messaging service.")
             val sslKeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
             val issuerCertificate = nodeCaCertificateChain.first()
             val validityWindow = X509Utilities.getCertificateValidityWindow(DEFAULT_VALIDITY_WINDOW.first, DEFAULT_VALIDITY_WINDOW.second, issuerCertificate)
@@ -319,7 +322,7 @@ class NodeRegistrationHelper(
             X509Utilities.validateCertificateChain(rootCert, sslCertificateChain)
             setPrivateKey(CORDA_CLIENT_TLS, sslKeyPair.private, sslCertificateChain, keyStore.entryPassword)
         }
-        println("SSL private key and certificate chain stored in ${keyStore.path}.")
+        logProgress("SSL private key and certificate chain stored in ${keyStore.path}.")
     }
 
     private fun createTruststore(rootCertificate: X509Certificate) {
@@ -328,7 +331,7 @@ class NodeRegistrationHelper(
             if (this.aliases().hasNext()) {
                 logger.warn("The node's trust store already exists. The following certificates will be overridden: ${this.aliases().asSequence()}")
             }
-            println("Generating trust store for corda node.")
+            logProgress("Generating trust store for corda node.")
             // Assumes certificate chain always starts with client certificate and end with root certificate.
             setCertificate(CORDA_ROOT_CA, rootCertificate)
             // Copy remaining certificates from the network-trust-store
@@ -338,7 +341,7 @@ class NodeRegistrationHelper(
                 setCertificate(it, certificate)
             }
         }
-        println("Node trust store stored in ${config.p2pSslOptions.trustStore.path}.")
+        logProgress("Node trust store stored in ${config.p2pSslOptions.trustStore.path}.")
     }
 
     override fun validateAndGetTlsCrlIssuerCert(): X509Certificate? {
diff --git a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRt.kt b/node/src/main/kotlin/net/corda/notary/experimental/bftsmart/BFTSmart.kt
similarity index 83%
rename from experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRt.kt
rename to node/src/main/kotlin/net/corda/notary/experimental/bftsmart/BFTSmart.kt
index a825b3c1a5..5e85bf2de6 100644
--- a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRt.kt
+++ b/node/src/main/kotlin/net/corda/notary/experimental/bftsmart/BFTSmart.kt
@@ -1,4 +1,4 @@
-package net.corda.notary.bftsmart
+package net.corda.notary.experimental.bftsmart
 
 import bftsmart.communication.ServerCommunicationSystem
 import bftsmart.communication.client.netty.NettyClientServerCommunicationSystemClientSide
@@ -37,8 +37,8 @@ import net.corda.node.services.api.ServiceHubInternal
 import net.corda.node.services.transactions.PersistentUniquenessProvider
 import net.corda.node.utilities.AppendOnlyPersistentMap
 import net.corda.nodeapi.internal.persistence.currentDBSession
-import net.corda.notary.bftsmart.BFTSMaRt.Client
-import net.corda.notary.bftsmart.BFTSMaRt.Replica
+import net.corda.notary.experimental.bftsmart.BFTSmart.Client
+import net.corda.notary.experimental.bftsmart.BFTSmart.Replica
 import java.nio.file.Path
 import java.security.PublicKey
 import java.util.*
@@ -55,7 +55,7 @@ import java.util.*
 //       perhaps a design doc. In general, it seems possible to use the state machine to reconfigure the cluster (reaching
 //       consensus about  membership changes). Nodes that join the cluster for the first time or re-join can go through
 //       a "recovering" state and request missing data from their peers.
-object BFTSMaRt {
+object BFTSmart {
     /** Sent from [Client] to [Replica]. */
     @CordaSerializable
     data class CommitRequest(val payload: NotarisationPayload, val callerIdentity: Party)
@@ -79,7 +79,7 @@ object BFTSMaRt {
         fun waitUntilAllReplicasHaveInitialized()
     }
 
-    class Client(config: BFTSMaRtConfig, private val clientId: Int, private val cluster: Cluster, private val notaryService: BftSmartNotaryService) : SingletonSerializeAsToken() {
+    class Client(config: BFTSmartConfigInternal, private val clientId: Int, private val cluster: Cluster, private val notaryService: BFTSmartNotaryService) : SingletonSerializeAsToken() {
         companion object {
             private val log = contextLogger()
         }
@@ -176,10 +176,10 @@ object BFTSMaRt {
      *
      * The validation logic can be specified by implementing the [executeCommand] method.
      */
-    abstract class Replica(config: BFTSMaRtConfig,
+    abstract class Replica(config: BFTSmartConfigInternal,
                            replicaId: Int,
                            createMap: () -> AppendOnlyPersistentMap<StateRef, SecureHash,
-                                   BftSmartNotaryService.CommittedState, PersistentStateRef>,
+                                   BFTSmartNotaryService.CommittedState, PersistentStateRef>,
                            protected val services: ServiceHubInternal,
                            protected val notaryIdentityKey: PublicKey) : DefaultRecoverable() {
         companion object {
@@ -203,7 +203,7 @@ object BFTSMaRt {
         private val replica = run {
             config.waitUntilReplicaWillNotPrintStackTrace(replicaId)
             @Suppress("LeakingThis")
-            CordaServiceReplica(replicaId, config.path, this)
+            (CordaServiceReplica(replicaId, config.path, this))
         }
 
         fun dispose() {
@@ -251,22 +251,61 @@ object BFTSMaRt {
                 checkConflict(conflictingStates, references, StateConsumptionDetails.ConsumedStateType.REFERENCE_INPUT_STATE)
 
                 if (conflictingStates.isNotEmpty()) {
-                    if (!isConsumedByTheSameTx(txId.sha256(), conflictingStates)) {
-                        log.debug { "Failure, input states or references already committed: ${conflictingStates.keys}" }
-                        throw NotaryInternalException(NotaryError.Conflict(txId, conflictingStates))
+                    if (states.isEmpty()) {
+                        handleReferenceConflicts(txId, conflictingStates)
+                    } else {
+                        handleConflicts(txId, conflictingStates)
                     }
                 } else {
-                    val outsideTimeWindowError = validateTimeWindow(services.clock.instant(), timeWindow)
-                    if (outsideTimeWindowError == null) {
-                        states.forEach { commitLog[it] = txId }
-                        log.debug { "Successfully committed all input states: $states" }
-                    } else {
-                        throw NotaryInternalException(outsideTimeWindowError)
-                    }
+                    handleNoConflicts(timeWindow, states, txId)
                 }
             }
         }
 
+        private fun previouslyCommitted(txId: SecureHash): Boolean {
+            val session = currentDBSession()
+            return session.find(BFTSmartNotaryService.CommittedTransaction::class.java, txId.toString()) != null
+        }
+
+        private fun handleReferenceConflicts(txId: SecureHash, conflictingStates: LinkedHashMap<StateRef, StateConsumptionDetails>) {
+            if (!previouslyCommitted(txId)) {
+                val conflictError = NotaryError.Conflict(txId, conflictingStates)
+                log.debug { "Failure, input states already committed: ${conflictingStates.keys}" }
+                throw NotaryInternalException(conflictError)
+            }
+            log.debug { "Transaction $txId already notarised" }
+        }
+
+        private fun handleConflicts(txId: SecureHash, conflictingStates: LinkedHashMap<StateRef, StateConsumptionDetails>) {
+            if (isConsumedByTheSameTx(txId.sha256(), conflictingStates)) {
+                log.debug { "Transaction $txId already notarised" }
+                return
+            } else {
+                log.debug { "Failure, input states already committed: ${conflictingStates.keys}" }
+                val conflictError = NotaryError.Conflict(txId, conflictingStates)
+                throw NotaryInternalException(conflictError)
+            }
+        }
+
+        private fun handleNoConflicts(timeWindow: TimeWindow?, states: List<StateRef>, txId: SecureHash) {
+            // Skip if this is a re-notarisation of a reference-only transaction
+            if (states.isEmpty() && previouslyCommitted(txId)) {
+                return
+            }
+
+            val outsideTimeWindowError = validateTimeWindow(services.clock.instant(), timeWindow)
+            if (outsideTimeWindowError == null) {
+                states.forEach { stateRef ->
+                    commitLog[stateRef] = txId
+                }
+                val session = currentDBSession()
+                session.persist(BFTSmartNotaryService.CommittedTransaction(txId.toString()))
+                log.debug { "Successfully committed all input states: $states" }
+            } else {
+                throw NotaryInternalException(outsideTimeWindowError)
+            }
+        }
+
         private fun logRequest(txId: SecureHash, callerName: CordaX500Name, requestSignature: NotarisationRequestSignature) {
             val request = PersistentUniquenessProvider.Request(
                     consumingTxHash = txId.toString(),
diff --git a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfig.kt b/node/src/main/kotlin/net/corda/notary/experimental/bftsmart/BFTSmartConfigInternal.kt
similarity index 88%
rename from experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfig.kt
rename to node/src/main/kotlin/net/corda/notary/experimental/bftsmart/BFTSmartConfigInternal.kt
index a69985bafc..a33fe68bd3 100644
--- a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfig.kt
+++ b/node/src/main/kotlin/net/corda/notary/experimental/bftsmart/BFTSmartConfigInternal.kt
@@ -1,4 +1,4 @@
-package net.corda.notary.bftsmart
+package net.corda.notary.experimental.bftsmart
 
 import net.corda.core.internal.div
 import net.corda.core.internal.writer
@@ -13,7 +13,7 @@ import java.net.SocketException
 import java.nio.file.Files
 import java.util.concurrent.TimeUnit.MILLISECONDS
 
-data class BFTSMaRtConfiguration(
+data class BFTSmartConfig(
         /** The zero-based index of the current replica. All replicas must specify a unique replica id. */
         val replicaId: Int,
         /**
@@ -32,11 +32,11 @@ data class BFTSMaRtConfiguration(
 }
 
 /**
- * BFT SMaRt can only be configured via files in a configHome directory.
+ * BFT Smart can only be configured via files in a configHome directory.
  * Each instance of this class creates such a configHome, accessible via [path].
  * The files are deleted on [close] typically via [use], see [PathManager] for details.
  */
-class BFTSMaRtConfig(private val replicaAddresses: List<NetworkHostAndPort>, debug: Boolean, val exposeRaces: Boolean) : PathManager<BFTSMaRtConfig>(Files.createTempDirectory("bft-smart-config")) {
+class BFTSmartConfigInternal(private val replicaAddresses: List<NetworkHostAndPort>, debug: Boolean, val exposeRaces: Boolean) : PathManager<BFTSmartConfigInternal>(Files.createTempDirectory("bft-smart-config")) {
     companion object {
         private val log = contextLogger()
         internal const val portIsClaimedFormat = "Port %s is claimed by another replica: %s"
@@ -81,7 +81,7 @@ class BFTSMaRtConfig(private val replicaAddresses: List<NetworkHostAndPort>, deb
         val peerId = contextReplicaId - 1
         if (peerId < 0) return
         // The printStackTrace we want to avoid is in replica-replica communication code:
-        val address = BFTSMaRtPort.FOR_REPLICAS.ofReplica(replicaAddresses[peerId])
+        val address = BFTSmartPort.FOR_REPLICAS.ofReplica(replicaAddresses[peerId])
         log.debug { "Waiting for replica $peerId to start listening on: $address" }
         while (!address.isListening()) MILLISECONDS.sleep(200)
         log.debug { "Replica $peerId is ready for P2P." }
@@ -89,11 +89,11 @@ class BFTSMaRtConfig(private val replicaAddresses: List<NetworkHostAndPort>, deb
 
     private fun replicaPorts(replicaId: Int): List<NetworkHostAndPort> {
         val base = replicaAddresses[replicaId]
-        return BFTSMaRtPort.values().map { it.ofReplica(base) }
+        return BFTSmartPort.values().map { it.ofReplica(base) }
     }
 }
 
-private enum class BFTSMaRtPort(private val off: Int) {
+private enum class BFTSmartPort(private val off: Int) {
     FOR_CLIENTS(0),
     FOR_REPLICAS(1);
 
diff --git a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BftSmartNotaryService.kt b/node/src/main/kotlin/net/corda/notary/experimental/bftsmart/BFTSmartNotaryService.kt
similarity index 83%
rename from experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BftSmartNotaryService.kt
rename to node/src/main/kotlin/net/corda/notary/experimental/bftsmart/BFTSmartNotaryService.kt
index 905a8fe569..aba8189a91 100644
--- a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BftSmartNotaryService.kt
+++ b/node/src/main/kotlin/net/corda/notary/experimental/bftsmart/BFTSmartNotaryService.kt
@@ -1,4 +1,4 @@
-package net.corda.notary.bftsmart
+package net.corda.notary.experimental.bftsmart
 
 import co.paralleluniverse.fibers.Suspendable
 import com.google.common.util.concurrent.SettableFuture
@@ -22,10 +22,11 @@ import net.corda.core.utilities.unwrap
 import net.corda.node.services.api.ServiceHubInternal
 import net.corda.node.services.transactions.PersistentUniquenessProvider
 import net.corda.node.utilities.AppendOnlyPersistentMap
-import net.corda.nodeapi.internal.config.parseAs
 import net.corda.nodeapi.internal.persistence.NODE_DATABASE_PREFIX
 import java.security.PublicKey
+import javax.persistence.Column
 import javax.persistence.Entity
+import javax.persistence.Id
 import javax.persistence.Table
 import kotlin.concurrent.thread
 
@@ -34,7 +35,7 @@ import kotlin.concurrent.thread
  *
  * A transaction is notarised when the consensus is reached by the cluster on its uniqueness, and time-window validity.
  */
-class BftSmartNotaryService(
+class BFTSmartNotaryService(
         override val services: ServiceHubInternal,
         override val notaryIdentityKey: PublicKey
 ) : NotaryService() {
@@ -54,29 +55,27 @@ class BftSmartNotaryService(
     }
 
     private val notaryConfig = services.configuration.notary
-            ?: throw IllegalArgumentException("Failed to register ${BftSmartNotaryService::class.java}: notary configuration not present")
+            ?: throw IllegalArgumentException("Failed to register ${BFTSmartNotaryService::class.java}: notary configuration not present")
 
-    private val bftSMaRtConfig = try {
-        notaryConfig.extraConfig!!.parseAs<BFTSMaRtConfiguration>()
-    } catch (e: Exception) {
-        throw IllegalArgumentException("Failed to register ${BftSmartNotaryService::class.java}: BFT-Smart configuration not present")
-    }
+    private val bftSMaRtConfig = notaryConfig.bftSMaRt
+            ?: throw IllegalArgumentException("Failed to register ${BFTSmartNotaryService::class.java}: BFT-Smart configuration not present")
 
-    private val cluster: BFTSMaRt.Cluster = makeBFTCluster(notaryIdentityKey, bftSMaRtConfig)
+    private val cluster: BFTSmart.Cluster = makeBFTCluster(notaryIdentityKey, bftSMaRtConfig)
 
-    protected open fun makeBFTCluster(notaryKey: PublicKey, bftSMaRtConfig: BFTSMaRtConfiguration): BFTSMaRt.Cluster {
-        return object : BFTSMaRt.Cluster {
+    protected open fun makeBFTCluster(notaryKey: PublicKey, bftSMaRtConfig: BFTSmartConfig): BFTSmart.Cluster {
+        return object : BFTSmart.Cluster {
             override fun waitUntilAllReplicasHaveInitialized() {
                 log.warn("A BFT replica may still be initializing, in which case the upcoming consensus change may cause it to spin.")
             }
         }
     }
 
-    private val client: BFTSMaRt.Client
+    private val client: BFTSmart.Client
     private val replicaHolder = SettableFuture.create<Replica>()
 
     init {
-        client = BFTSMaRtConfig(bftSMaRtConfig.clusterAddresses, bftSMaRtConfig.debug, bftSMaRtConfig.exposeRaces).use {
+        client = BFTSmartConfigInternal(bftSMaRtConfig.clusterAddresses, bftSMaRtConfig.debug, bftSMaRtConfig.exposeRaces)
+                .use {
             val replicaId = bftSMaRtConfig.replicaId
             val configHandle = it.handle()
             // Replica startup must be in parallel with other replicas, otherwise the constructor may not return:
@@ -87,7 +86,7 @@ class BftSmartNotaryService(
                     log.info("BFT SMaRt replica $replicaId is running.")
                 }
             }
-            BFTSMaRt.Client(it, replicaId, cluster, this)
+                    BFTSmart.Client(it, replicaId, cluster, this)
         }
     }
 
@@ -100,7 +99,7 @@ class BftSmartNotaryService(
 
     override fun createServiceFlow(otherPartySession: FlowSession): FlowLogic<Void?> = ServiceFlow(otherPartySession, this)
 
-    private class ServiceFlow(val otherSideSession: FlowSession, val service: BftSmartNotaryService) : FlowLogic<Void?>() {
+    private class ServiceFlow(val otherSideSession: FlowSession, val service: BFTSmartNotaryService) : FlowLogic<Void?>() {
         @Suspendable
         override fun call(): Void? {
             val payload = otherSideSession.receive<NotarisationPayload>().unwrap { it }
@@ -112,12 +111,12 @@ class BftSmartNotaryService(
         private fun commit(payload: NotarisationPayload): NotarisationResponse {
             val response = service.commitTransaction(payload, otherSideSession.counterparty)
             when (response) {
-                is BFTSMaRt.ClusterResponse.Error -> {
+                is BFTSmart.ClusterResponse.Error -> {
                     // TODO: here we assume that all error will be the same, but there might be invalid onces from mailicious nodes
                     val responseError = response.errors.first().verified()
                     throw NotaryException(responseError, payload.coreTransaction.id)
                 }
-                is BFTSMaRt.ClusterResponse.Signatures -> {
+                is BFTSmart.ClusterResponse.Signatures -> {
                     log.debug("All input states of transaction ${payload.coreTransaction.id} have been committed")
                     return NotarisationResponse(response.txSignatures)
                 }
@@ -125,6 +124,14 @@ class BftSmartNotaryService(
         }
     }
 
+    @Entity
+    @Table(name = "${NODE_DATABASE_PREFIX}bft_committed_txs")
+    class CommittedTransaction(
+            @Id
+            @Column(name = "transaction_id", nullable = false, length = 64)
+            val transactionId: String
+    )
+
     @Entity
     @Table(name = "${NODE_DATABASE_PREFIX}bft_committed_states")
     class CommittedState(id: PersistentStateRef, consumingTxHash: String) : PersistentUniquenessProvider.BaseComittedState(id, consumingTxHash)
@@ -153,20 +160,20 @@ class BftSmartNotaryService(
         )
     }
 
-    private class Replica(config: BFTSMaRtConfig,
+    private class Replica(config: BFTSmartConfigInternal,
                           replicaId: Int,
                           createMap: () -> AppendOnlyPersistentMap<StateRef, SecureHash, CommittedState, PersistentStateRef>,
                           services: ServiceHubInternal,
-                          notaryIdentityKey: PublicKey) : BFTSMaRt.Replica(config, replicaId, createMap, services, notaryIdentityKey) {
+                          notaryIdentityKey: PublicKey) : BFTSmart.Replica(config, replicaId, createMap, services, notaryIdentityKey) {
 
         override fun executeCommand(command: ByteArray): ByteArray {
-            val commitRequest = command.deserialize<BFTSMaRt.CommitRequest>()
+            val commitRequest = command.deserialize<BFTSmart.CommitRequest>()
             verifyRequest(commitRequest)
             val response = verifyAndCommitTx(commitRequest.payload.coreTransaction, commitRequest.callerIdentity, commitRequest.payload.requestSignature)
             return response.serialize().bytes
         }
 
-        private fun verifyAndCommitTx(transaction: CoreTransaction, callerIdentity: Party, requestSignature: NotarisationRequestSignature): BFTSMaRt.ReplicaResponse {
+        private fun verifyAndCommitTx(transaction: CoreTransaction, callerIdentity: Party, requestSignature: NotarisationRequestSignature): BFTSmart.ReplicaResponse {
             return try {
                 val id = transaction.id
                 val inputs = transaction.inputs
@@ -176,17 +183,17 @@ class BftSmartNotaryService(
                 if (notary !in services.myInfo.legalIdentities) throw NotaryInternalException(NotaryError.WrongNotary)
                 commitInputStates(inputs, id, callerIdentity.name, requestSignature, timeWindow, references)
                 log.debug { "Inputs committed successfully, signing $id" }
-                BFTSMaRt.ReplicaResponse.Signature(sign(id))
+                BFTSmart.ReplicaResponse.Signature(sign(id))
             } catch (e: NotaryInternalException) {
                 log.debug { "Error processing transaction: ${e.error}" }
                 val serializedError = e.error.serialize()
                 val errorSignature = sign(serializedError.bytes)
                 val signedError = SignedData(serializedError, errorSignature)
-                BFTSMaRt.ReplicaResponse.Error(signedError)
+                BFTSmart.ReplicaResponse.Error(signedError)
             }
         }
 
-        private fun verifyRequest(commitRequest: BFTSMaRt.CommitRequest) {
+        private fun verifyRequest(commitRequest: BFTSmart.CommitRequest) {
             val transaction = commitRequest.payload.coreTransaction
             val notarisationRequest = NotarisationRequest(transaction.inputs, transaction.id)
             notarisationRequest.verifySignature(commitRequest.payload.requestSignature, commitRequest.callerIdentity)
diff --git a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/Schema.kt b/node/src/main/kotlin/net/corda/notary/experimental/bftsmart/Schema.kt
similarity index 57%
rename from experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/Schema.kt
rename to node/src/main/kotlin/net/corda/notary/experimental/bftsmart/Schema.kt
index 360c1af5df..f6be8b17d3 100644
--- a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/Schema.kt
+++ b/node/src/main/kotlin/net/corda/notary/experimental/bftsmart/Schema.kt
@@ -1,18 +1,18 @@
-package net.corda.notary.bftsmart
+package net.corda.notary.experimental.bftsmart
 
 import net.corda.core.schemas.MappedSchema
 import net.corda.node.services.transactions.PersistentUniquenessProvider
-import net.corda.notary.bftsmart.BftSmartNotaryService
 
-object BftSmartNotarySchema
+object BFTSmartNotarySchema
 
-object BftSmartNotarySchemaV1 : MappedSchema(
-        schemaFamily = BftSmartNotarySchema.javaClass,
+object BFTSmartNotarySchemaV1 : MappedSchema(
+        schemaFamily = BFTSmartNotarySchema.javaClass,
         version = 1,
         mappedTypes = listOf(
                 PersistentUniquenessProvider.BaseComittedState::class.java,
                 PersistentUniquenessProvider.Request::class.java,
-                BftSmartNotaryService.CommittedState::class.java
+                BFTSmartNotaryService.CommittedState::class.java,
+                BFTSmartNotaryService.CommittedTransaction::class.java
         )
 ) {
     override val migrationResource: String?
diff --git a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftConfig.kt b/node/src/main/kotlin/net/corda/notary/experimental/raft/RaftConfig.kt
similarity index 94%
rename from experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftConfig.kt
rename to node/src/main/kotlin/net/corda/notary/experimental/raft/RaftConfig.kt
index 75996a6ebf..b14f88a976 100644
--- a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftConfig.kt
+++ b/node/src/main/kotlin/net/corda/notary/experimental/raft/RaftConfig.kt
@@ -1,4 +1,4 @@
-package net.corda.notary.raft
+package net.corda.notary.experimental.raft
 
 import net.corda.core.utilities.NetworkHostAndPort
 
diff --git a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftNotaryService.kt b/node/src/main/kotlin/net/corda/notary/experimental/raft/RaftNotaryService.kt
similarity index 83%
rename from experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftNotaryService.kt
rename to node/src/main/kotlin/net/corda/notary/experimental/raft/RaftNotaryService.kt
index 023476d7aa..8f97564cb0 100644
--- a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftNotaryService.kt
+++ b/node/src/main/kotlin/net/corda/notary/experimental/raft/RaftNotaryService.kt
@@ -1,13 +1,12 @@
-package net.corda.notary.raft
+package net.corda.notary.experimental.raft
 
 import net.corda.core.flows.FlowSession
-import net.corda.core.internal.notary.SinglePartyNotaryService
 import net.corda.core.internal.notary.NotaryServiceFlow
+import net.corda.core.internal.notary.SinglePartyNotaryService
 import net.corda.core.utilities.seconds
 import net.corda.node.services.api.ServiceHubInternal
 import net.corda.node.services.transactions.NonValidatingNotaryFlow
 import net.corda.node.services.transactions.ValidatingNotaryFlow
-import net.corda.nodeapi.internal.config.parseAs
 import java.security.PublicKey
 
 /** A highly available notary service using the Raft algorithm to achieve consensus. */
@@ -19,11 +18,9 @@ class RaftNotaryService(
             ?: throw IllegalArgumentException("Failed to register ${RaftNotaryService::class.java}: notary configuration not present")
 
     override val uniquenessProvider = with(services) {
-        val raftConfig = try {
-            notaryConfig.extraConfig!!.parseAs<RaftConfig>()
-        } catch (e: Exception) {
-            throw IllegalArgumentException("Failed to register ${RaftNotaryService::class.java}: raft configuration not present")
-        }
+        val raftConfig = notaryConfig.raft
+                ?: throw IllegalArgumentException("Failed to register ${RaftNotaryService::class.java}: raft configuration not present")
+
         RaftUniquenessProvider(
                 configuration.baseDirectory,
                 configuration.p2pSslOptions,
diff --git a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftTransactionCommitLog.kt b/node/src/main/kotlin/net/corda/notary/experimental/raft/RaftTransactionCommitLog.kt
similarity index 79%
rename from experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftTransactionCommitLog.kt
rename to node/src/main/kotlin/net/corda/notary/experimental/raft/RaftTransactionCommitLog.kt
index a6fcd0b8a3..d6ae994154 100644
--- a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftTransactionCommitLog.kt
+++ b/node/src/main/kotlin/net/corda/notary/experimental/raft/RaftTransactionCommitLog.kt
@@ -1,4 +1,4 @@
-package net.corda.notary.raft
+package net.corda.notary.experimental.raft
 
 import io.atomix.catalyst.buffer.BufferInput
 import io.atomix.catalyst.buffer.BufferOutput
@@ -20,10 +20,11 @@ import net.corda.core.flows.StateConsumptionDetails
 import net.corda.core.internal.VisibleForTesting
 import net.corda.core.internal.notary.isConsumedByTheSameTx
 import net.corda.core.internal.notary.validateTimeWindow
-import net.corda.core.serialization.*
+import net.corda.core.serialization.SerializationDefaults
+import net.corda.core.serialization.deserialize
 import net.corda.core.serialization.internal.CheckpointSerializationDefaults
-
 import net.corda.core.serialization.internal.checkpointSerialize
+import net.corda.core.serialization.serialize
 import net.corda.core.utilities.ByteSequence
 import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.debug
@@ -90,28 +91,64 @@ class RaftTransactionCommitLog<E, EK>(
                 log.debug("State machine commit: attempting to store entries with keys (${commitCommand.states.joinToString()})")
                 checkConflict(commitCommand.states, StateConsumptionDetails.ConsumedStateType.INPUT_STATE)
                 checkConflict(commitCommand.references, StateConsumptionDetails.ConsumedStateType.REFERENCE_INPUT_STATE)
+
                 if (conflictingStates.isNotEmpty()) {
-                    if (isConsumedByTheSameTx(commitCommand.txId.sha256(), conflictingStates)) {
-                        null
+                    if (commitCommand.states.isEmpty()) {
+                        handleReferenceConflicts(txId, conflictingStates)
                     } else {
-                        log.debug { "Failure, input states already committed: ${conflictingStates.keys}" }
-                        NotaryError.Conflict(txId, conflictingStates)
+                        handleConflicts(txId, conflictingStates)
                     }
                 } else {
-                    val outsideTimeWindowError = validateTimeWindow(clock.instant(), commitCommand.timeWindow)
-                    if (outsideTimeWindowError == null) {
-                        val entries = commitCommand.states.map { it to Pair(index, txId) }.toMap()
-                        map.putAll(entries)
-                        log.debug { "Successfully committed all input states: ${commitCommand.states}" }
-                        null
-                    } else {
-                        outsideTimeWindowError
-                    }
+                    handleNoConflicts(commitCommand.timeWindow, commitCommand.states, txId, index)
                 }
             }
         }
     }
 
+    private fun handleReferenceConflicts(txId: SecureHash, conflictingStates: LinkedHashMap<StateRef, StateConsumptionDetails>): NotaryError? {
+        if (!previouslyCommitted(txId)) {
+            val conflictError = NotaryError.Conflict(txId, conflictingStates)
+            log.debug { "Failure, input states already committed: ${conflictingStates.keys}" }
+            return conflictError
+        }
+        log.debug { "Transaction $txId already notarised" }
+        return null
+    }
+
+    private fun handleConflicts(txId: SecureHash, conflictingStates: java.util.LinkedHashMap<StateRef, StateConsumptionDetails>): NotaryError? {
+        return if (isConsumedByTheSameTx(txId.sha256(), conflictingStates)) {
+            log.debug { "Transaction $txId already notarised" }
+            null
+        } else {
+            log.debug { "Failure, input states already committed: ${conflictingStates.keys}" }
+            NotaryError.Conflict(txId, conflictingStates)
+        }
+    }
+
+    private fun handleNoConflicts(timeWindow: TimeWindow?, states: List<StateRef>, txId: SecureHash, index: Long): NotaryError? {
+        // Skip if this is a re-notarisation of a reference-only transaction
+        if (states.isEmpty() && previouslyCommitted(txId)) {
+            return null
+        }
+
+        val outsideTimeWindowError = validateTimeWindow(clock.instant(), timeWindow)
+        return if (outsideTimeWindowError == null) {
+            val entries = states.map { it to Pair(index, txId) }.toMap()
+            map.putAll(entries)
+            val session = currentDBSession()
+            session.persist(RaftUniquenessProvider.CommittedTransaction(txId.toString()))
+            log.debug { "Successfully committed all input states: $states" }
+            null
+        } else {
+            outsideTimeWindowError
+        }
+    }
+
+    private fun previouslyCommitted(txId: SecureHash): Boolean {
+        val session = currentDBSession()
+        return session.find(RaftUniquenessProvider.CommittedTransaction::class.java, txId.toString()) != null
+    }
+
     private fun logRequest(commitCommand: Commands.CommitTransaction) {
         val request = PersistentUniquenessProvider.Request(
                 consumingTxHash = commitCommand.txId.toString(),
diff --git a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt b/node/src/main/kotlin/net/corda/notary/experimental/raft/RaftUniquenessProvider.kt
similarity index 79%
rename from experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt
rename to node/src/main/kotlin/net/corda/notary/experimental/raft/RaftUniquenessProvider.kt
index 98bdbf4566..364477494e 100644
--- a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt
+++ b/node/src/main/kotlin/net/corda/notary/experimental/raft/RaftUniquenessProvider.kt
@@ -1,4 +1,4 @@
-package net.corda.notary.raft
+package net.corda.notary.experimental.raft
 
 import com.codahale.metrics.Gauge
 import com.codahale.metrics.MetricRegistry
@@ -22,8 +22,9 @@ import net.corda.core.identity.Party
 import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.internal.concurrent.openFuture
 import net.corda.core.internal.notary.UniquenessProvider
-import net.corda.core.schemas.PersistentStateRef
+import net.corda.core.serialization.SerializationDefaults
 import net.corda.core.serialization.SingletonSerializeAsToken
+import net.corda.core.serialization.deserialize
 import net.corda.core.serialization.serialize
 import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.debug
@@ -31,15 +32,12 @@ import net.corda.node.utilities.AppendOnlyPersistentMap
 import net.corda.nodeapi.internal.config.MutualSslConfiguration
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.NODE_DATABASE_PREFIX
-import net.corda.notary.raft.RaftTransactionCommitLog.Commands.CommitTransaction
+import net.corda.notary.experimental.raft.RaftTransactionCommitLog.Commands.CommitTransaction
 import java.nio.file.Path
 import java.time.Clock
 import java.util.concurrent.CompletableFuture
 import javax.annotation.concurrent.ThreadSafe
-import javax.persistence.Column
-import javax.persistence.EmbeddedId
-import javax.persistence.Entity
-import javax.persistence.Table
+import javax.persistence.*
 
 /**
  * A uniqueness provider that records committed input states in a distributed collection replicated and
@@ -51,7 +49,8 @@ import javax.persistence.Table
  */
 @ThreadSafe
 class RaftUniquenessProvider(
-        private val storagePath: Path,
+        /** If *null* the Raft log will be stored in memory. */
+        private val storagePath: Path? = null,
         private val transportConfiguration: MutualSslConfiguration,
         private val db: CordaPersistence,
         private val clock: Clock,
@@ -61,24 +60,26 @@ class RaftUniquenessProvider(
 ) : UniquenessProvider, SingletonSerializeAsToken() {
     companion object {
         private val log = contextLogger()
-        fun createMap(cacheFactory: NamedCacheFactory): AppendOnlyPersistentMap<StateRef, Pair<Long, SecureHash>, CommittedState, PersistentStateRef> =
+        fun createMap(cacheFactory: NamedCacheFactory): AppendOnlyPersistentMap<StateRef, Pair<Long, SecureHash>, CommittedState, String> =
                 AppendOnlyPersistentMap(
                         cacheFactory = cacheFactory,
                         name = "RaftUniquenessProvider_transactions",
-                        toPersistentEntityKey = { PersistentStateRef(it) },
+                        toPersistentEntityKey = { it.encoded() },
                         fromPersistentEntity = {
-                            val txId = it.id.txId
-                            val index = it.id.index
                             Pair(
-                                    StateRef(txhash = SecureHash.parse(txId), index = index),
-                                    Pair(it.index, SecureHash.parse(it.value) as SecureHash))
-
+                                    it.key.parseStateRef(),
+                                    Pair(
+                                            it.index,
+                                            it.value.deserialize<SecureHash>(context = SerializationDefaults.STORAGE_CONTEXT)
+                                    )
+                            )
                         },
                         toPersistentEntity = { k: StateRef, (first, second) ->
-                            CommittedState(
-                                    PersistentStateRef(k),
-                                    second.toString(),
-                                    first)
+                            CommittedState().apply {
+                                key = k.encoded()
+                                value = second.serialize(context = SerializationDefaults.STORAGE_CONTEXT).bytes
+                                index = first
+                            }
 
                         },
                         persistentEntityClass = CommittedState::class.java
@@ -91,14 +92,26 @@ class RaftUniquenessProvider(
     @Entity
     @Table(name = "${NODE_DATABASE_PREFIX}raft_committed_states")
     class CommittedState(
-            @EmbeddedId
-            val id: PersistentStateRef,
-            @Column(name = "consuming_transaction_id", nullable = true)
-            var value: String? = "",
-            @Column(name = "raft_log_index", nullable = false)
+            @Id
+            @Column(name = "id", nullable = false)
+            var key: String = "",
+
+            @Lob
+            @Column(name = "state_value", nullable = false)
+            var value: ByteArray = ByteArray(0),
+
+            @Column(name = "state_index")
             var index: Long = 0
     )
 
+    @Entity
+    @Table(name = "${NODE_DATABASE_PREFIX}raft_committed_txs")
+    class CommittedTransaction(
+            @Id
+            @Column(name = "transaction_id", nullable = false, length = 64)
+            val transactionId: String
+    )
+
     private lateinit var _clientFuture: CompletableFuture<CopycatClient>
     private lateinit var server: CopycatServer
 
@@ -110,9 +123,9 @@ class RaftUniquenessProvider(
         get() = _clientFuture.get()
 
     fun start() {
-        log.info("Creating Copycat server, log stored in: ${storagePath.toAbsolutePath()}")
+        log.info("Creating Copycat server, log stored in: ${storagePath?.toAbsolutePath() ?: " memory"}")
         val stateMachineFactory = {
-            RaftTransactionCommitLog(db, clock, { createMap(cacheFactory) })
+            RaftTransactionCommitLog(db, clock) { createMap(cacheFactory) }
         }
         val address = raftConfig.nodeAddress.let { Address(it.host, it.port) }
         val storage = buildStorage(storagePath)
@@ -149,11 +162,14 @@ class RaftUniquenessProvider(
         server.shutdown()
     }
 
-    private fun buildStorage(storagePath: Path): Storage? {
-        return Storage.builder()
-                .withDirectory(storagePath.toFile())
-                .withStorageLevel(StorageLevel.DISK)
-                .build()
+    private fun buildStorage(storagePath: Path?): Storage? {
+        val builder = Storage.builder()
+        if (storagePath != null) {
+            builder.withDirectory(storagePath.toFile()).withStorageLevel(StorageLevel.DISK)
+        } else {
+            builder.withStorageLevel(StorageLevel.MEMORY)
+        }
+        return builder.build()
     }
 
     private fun buildTransport(config: MutualSslConfiguration): Transport? {
diff --git a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/Schema.kt b/node/src/main/kotlin/net/corda/notary/experimental/raft/Schema.kt
similarity index 83%
rename from experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/Schema.kt
rename to node/src/main/kotlin/net/corda/notary/experimental/raft/Schema.kt
index 3a93164875..15c1911c24 100644
--- a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/Schema.kt
+++ b/node/src/main/kotlin/net/corda/notary/experimental/raft/Schema.kt
@@ -1,4 +1,4 @@
-package net.corda.notary.raft
+package net.corda.notary.experimental.raft
 
 import net.corda.core.schemas.MappedSchema
 import net.corda.node.services.transactions.PersistentUniquenessProvider
@@ -11,7 +11,8 @@ object RaftNotarySchemaV1 : MappedSchema(
         mappedTypes = listOf(
                 PersistentUniquenessProvider.BaseComittedState::class.java,
                 PersistentUniquenessProvider.Request::class.java,
-                RaftUniquenessProvider.CommittedState::class.java
+                RaftUniquenessProvider.CommittedState::class.java,
+                RaftUniquenessProvider.CommittedTransaction::class.java
         )
 ) {
     override val migrationResource: String?
diff --git a/node/src/main/resources/migration/node-core.changelog-master.xml b/node/src/main/resources/migration/node-core.changelog-master.xml
index 60a5cee360..bb852326c2 100644
--- a/node/src/main/resources/migration/node-core.changelog-master.xml
+++ b/node/src/main/resources/migration/node-core.changelog-master.xml
@@ -14,5 +14,5 @@
     <include file="migration/node-core.changelog-tx-mapping.xml"/>
     <include file="migration/node-core.changelog-v9.xml"/>
     <include file="migration/node-core.changelog-v10.xml"/>
-
+    <include file="migration/node-core.changelog-v11.xml"/>
 </databaseChangeLog>
diff --git a/node/src/main/resources/migration/node-core.changelog-v11.xml b/node/src/main/resources/migration/node-core.changelog-v11.xml
new file mode 100644
index 0000000000..fd22c75f99
--- /dev/null
+++ b/node/src/main/resources/migration/node-core.changelog-v11.xml
@@ -0,0 +1,11 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd"
+                   logicalFilePath="migration/node-services.changelog-init.xml">
+
+    <changeSet author="R3.Corda" id="update-version-of-whitelisted-jars">
+        <customChange class="net.corda.nodeapi.internal.persistence.AttachmentVersionNumberMigration">
+        </customChange>
+    </changeSet>
+</databaseChangeLog>
diff --git a/node/src/main/resources/migration/notary-bft-smart.changelog-committed-transactions-table.xml b/node/src/main/resources/migration/notary-bft-smart.changelog-committed-transactions-table.xml
new file mode 100644
index 0000000000..5825b5bc23
--- /dev/null
+++ b/node/src/main/resources/migration/notary-bft-smart.changelog-committed-transactions-table.xml
@@ -0,0 +1,14 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet author="R3.Corda" id="create-bft-committed-transactions-table">
+        <createTable tableName="node_bft_committed_txs">
+            <column name="transaction_id" type="NVARCHAR(64)">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <addPrimaryKey columnNames="transaction_id" constraintName="node_bft_transactions_pkey" tableName="node_bft_committed_txs"/>
+    </changeSet>
+</databaseChangeLog>
diff --git a/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-init.xml b/node/src/main/resources/migration/notary-bft-smart.changelog-init.xml
similarity index 100%
rename from experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-init.xml
rename to node/src/main/resources/migration/notary-bft-smart.changelog-init.xml
diff --git a/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-master.xml b/node/src/main/resources/migration/notary-bft-smart.changelog-master.xml
similarity index 65%
rename from experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-master.xml
rename to node/src/main/resources/migration/notary-bft-smart.changelog-master.xml
index fdf0632cf8..520ef606e4 100644
--- a/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-master.xml
+++ b/node/src/main/resources/migration/notary-bft-smart.changelog-master.xml
@@ -3,7 +3,8 @@
                    xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
-    <include file="migration/node-bft-smart.changelog-init.xml"/>
-    <include file="migration/node-bft-smart.changelog-v1.xml"/>
-    <include file="migration/node-bft-smart.changelog-pkey.xml"/>
+    <include file="migration/notary-bft-smart.changelog-init.xml"/>
+    <include file="migration/notary-bft-smart.changelog-v1.xml"/>
+    <include file="migration/notary-bft-smart.changelog-pkey.xml"/>
+    <include file="migration/notary-bft-smart.changelog-committed-transactions-table.xml"/>
 </databaseChangeLog>
diff --git a/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-pkey.xml b/node/src/main/resources/migration/notary-bft-smart.changelog-pkey.xml
similarity index 100%
rename from experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-pkey.xml
rename to node/src/main/resources/migration/notary-bft-smart.changelog-pkey.xml
diff --git a/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-v1.xml b/node/src/main/resources/migration/notary-bft-smart.changelog-v1.xml
similarity index 100%
rename from experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-v1.xml
rename to node/src/main/resources/migration/notary-bft-smart.changelog-v1.xml
diff --git a/node/src/main/resources/migration/notary-raft.changelog-committed-transactions-table.xml b/node/src/main/resources/migration/notary-raft.changelog-committed-transactions-table.xml
new file mode 100644
index 0000000000..7d4a133e86
--- /dev/null
+++ b/node/src/main/resources/migration/notary-raft.changelog-committed-transactions-table.xml
@@ -0,0 +1,14 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet author="R3.Corda" id="create-raft-committed-transactions-table">
+        <createTable tableName="node_raft_committed_txs">
+            <column name="transaction_id" type="NVARCHAR(64)">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <addPrimaryKey columnNames="transaction_id" constraintName="node_raft_transactions_pkey" tableName="node_raft_committed_txs"/>
+    </changeSet>
+</databaseChangeLog>
diff --git a/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-init.xml b/node/src/main/resources/migration/notary-raft.changelog-init.xml
similarity index 82%
rename from experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-init.xml
rename to node/src/main/resources/migration/notary-raft.changelog-init.xml
index 5fe85ce568..316b0fc491 100644
--- a/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-init.xml
+++ b/node/src/main/resources/migration/notary-raft.changelog-init.xml
@@ -6,14 +6,11 @@
                    logicalFilePath="migration/node-services.changelog-init.xml">
     <changeSet author="R3.Corda" id="1511451595465-18">
         <createTable tableName="node_raft_committed_states">
-            <column name="transaction_id" type="NVARCHAR(64)">
+            <column name="id" type="NVARCHAR(128)">
                 <constraints nullable="false"/>
             </column>
-            <column name="output_index" type="INT">
-                <constraints nullable="false"/>
-            </column>
-            <column name="raft_log_index" type="BIGINT"/>
-            <column name="consuming_transaction_id" type="NVARCHAR(64)"/>
+            <column name="state_index" type="BIGINT"/>
+            <column name="state_value" type="BLOB"/>
         </createTable>
     </changeSet>
     <changeSet author="R3.Corda" id="1521131680317-17">
@@ -36,7 +33,7 @@
         </createTable>
     </changeSet>
     <changeSet author="R3.Corda" id="1511451595465-43">
-        <addPrimaryKey columnNames="output_index, transaction_id" constraintName="node_raft_state_pkey"
+        <addPrimaryKey columnNames="id" constraintName="node_raft_state_pkey"
                        tableName="node_raft_committed_states"/>
     </changeSet>
     <changeSet author="R3.Corda" id="1521131680317-48">
diff --git a/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-master.xml b/node/src/main/resources/migration/notary-raft.changelog-master.xml
similarity index 67%
rename from experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-master.xml
rename to node/src/main/resources/migration/notary-raft.changelog-master.xml
index 555344167e..901dd31f48 100644
--- a/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-master.xml
+++ b/node/src/main/resources/migration/notary-raft.changelog-master.xml
@@ -3,9 +3,8 @@
                    xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
-
-    <include file="migration/node-notary-raft.changelog-init.xml"/>
-    <include file="migration/node-notary-raft.changelog-v1.xml"/>
-    <include file="migration/node-notary-raft.changelog-pkey.xml"/>
-
+    <include file="migration/notary-raft.changelog-init.xml"/>
+    <include file="migration/notary-raft.changelog-v1.xml"/>
+    <include file="migration/notary-raft.changelog-pkey.xml"/>
+    <include file="migration/notary-raft.changelog-committed-transactions-table.xml" />
 </databaseChangeLog>
diff --git a/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-pkey.xml b/node/src/main/resources/migration/notary-raft.changelog-pkey.xml
similarity index 100%
rename from experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-pkey.xml
rename to node/src/main/resources/migration/notary-raft.changelog-pkey.xml
diff --git a/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-v1.xml b/node/src/main/resources/migration/notary-raft.changelog-v1.xml
similarity index 84%
rename from experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-v1.xml
rename to node/src/main/resources/migration/notary-raft.changelog-v1.xml
index f95c8e7923..ee3405d703 100644
--- a/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-v1.xml
+++ b/node/src/main/resources/migration/notary-raft.changelog-v1.xml
@@ -5,7 +5,7 @@
                    xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd"
                    logicalFilePath="migration/node-services.changelog-init.xml">
     <changeSet author="R3.Corda" id="nullability">
-        <addNotNullConstraint tableName="node_raft_committed_states" columnName="raft_log_index" columnDataType="BIGINT"/>
-        <addNotNullConstraint tableName="node_raft_committed_states" columnName="consuming_transaction_id" columnDataType="NVARCHAR(64)"/>
+        <addNotNullConstraint tableName="node_raft_committed_states" columnName="state_index" columnDataType="BIGINT"/>
+        <addNotNullConstraint tableName="node_raft_committed_states" columnName="state_value" columnDataType="BLOB"/>
     </changeSet>
 </databaseChangeLog>
\ No newline at end of file
diff --git a/experimental/notary-bft-smart/src/main/resources/net/corda/notary/bftsmart/system.config.printf b/node/src/main/resources/net/corda/notary/experimental/bftsmart/system.config.printf
similarity index 100%
rename from experimental/notary-bft-smart/src/main/resources/net/corda/notary/bftsmart/system.config.printf
rename to node/src/main/resources/net/corda/notary/experimental/bftsmart/system.config.printf
diff --git a/node/src/test/java/net/corda/node/services/vault/VaultQueryJavaTests.java b/node/src/test/java/net/corda/node/services/vault/VaultQueryJavaTests.java
index d16b8d317a..cea9b63455 100644
--- a/node/src/test/java/net/corda/node/services/vault/VaultQueryJavaTests.java
+++ b/node/src/test/java/net/corda/node/services/vault/VaultQueryJavaTests.java
@@ -11,6 +11,7 @@ import net.corda.core.identity.AbstractParty;
 import net.corda.core.identity.CordaX500Name;
 import net.corda.core.identity.Party;
 import net.corda.core.messaging.DataFeed;
+import net.corda.core.node.ServicesForResolution;
 import net.corda.core.node.services.AttachmentStorage;
 import net.corda.core.node.services.IdentityService;
 import net.corda.core.node.services.Vault;
@@ -23,7 +24,7 @@ import net.corda.core.node.services.vault.AttachmentQueryCriteria.AttachmentsQue
 import net.corda.finance.contracts.DealState;
 import net.corda.finance.contracts.asset.Cash;
 import net.corda.finance.schemas.CashSchemaV1;
-import net.corda.finance.schemas.test.SampleCashSchemaV2;
+import net.corda.finance.test.SampleCashSchemaV2;
 import net.corda.node.services.api.IdentityServiceInternal;
 import net.corda.node.services.persistence.NodeAttachmentService;
 import net.corda.nodeapi.internal.persistence.CordaPersistence;
@@ -58,12 +59,14 @@ import static net.corda.core.node.services.vault.Builder.equal;
 import static net.corda.core.node.services.vault.Builder.sum;
 import static net.corda.core.node.services.vault.QueryCriteriaUtils.*;
 import static net.corda.core.utilities.ByteArrays.toHexString;
+import static net.corda.testing.common.internal.ParametersUtilitiesKt.testNetworkParameters;
 import static net.corda.testing.core.internal.ContractJarTestUtils.INSTANCE;
 import static net.corda.testing.core.TestConstants.*;
-import static net.corda.testing.internal.RigorousMockKt.rigorousMock;
 import static net.corda.testing.node.MockServices.makeTestDatabaseAndMockServices;
 import static net.corda.testing.node.MockServicesKt.makeTestIdentityService;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.mock;
 
 public class VaultQueryJavaTests {
     private static final TestIdentity BOC = new TestIdentity(BOC_NAME);
@@ -82,19 +85,22 @@ public class VaultQueryJavaTests {
 
     @Before
     public void setUp() {
-        List<String> cordappPackages = asList("net.corda.testing.internal.vault", "net.corda.finance.contracts.asset", CashSchemaV1.class.getPackage().getName());
+        List<String> cordappPackages = asList("net.corda.testing.internal.vault", "net.corda.finance.contracts.asset", CashSchemaV1.class.getPackage().getName(), SampleCashSchemaV2.class.getPackage().getName());
         IdentityService identitySvc = makeTestIdentityService(MEGA_CORP.getIdentity(), DUMMY_CASH_ISSUER_INFO.getIdentity(), DUMMY_NOTARY.getIdentity());
         Pair<CordaPersistence, MockServices> databaseAndServices = makeTestDatabaseAndMockServices(
                 cordappPackages,
                 identitySvc,
                 MEGA_CORP,
                 DUMMY_NOTARY.getKeyPair());
-        issuerServices = new MockServices(cordappPackages, DUMMY_CASH_ISSUER_INFO, rigorousMock(IdentityServiceInternal.class), BOC.getKeyPair());
+        issuerServices = new MockServices(cordappPackages, DUMMY_CASH_ISSUER_INFO, mock(IdentityServiceInternal.class), BOC.getKeyPair());
         database = databaseAndServices.getFirst();
         MockServices services = databaseAndServices.getSecond();
         vaultFiller = new VaultFiller(services, DUMMY_NOTARY);
         vaultService = services.getVaultService();
         storage = new NodeAttachmentService(new MetricRegistry(), new TestingNamedCacheFactory(100), database);
+        ServicesForResolution serviceForResolution = mock(ServicesForResolution.class);
+        ((NodeAttachmentService) storage).servicesForResolution = serviceForResolution;
+        doReturn(testNetworkParameters()).when(serviceForResolution).getNetworkParameters();
     }
 
     @After
diff --git a/finance/contracts/src/test/kotlin/net/corda/finance/contracts/asset/test/DummyFungibleContract.kt b/node/src/test/kotlin/net/corda/finance/contracts/asset/test/DummyFungibleContract.kt
similarity index 97%
rename from finance/contracts/src/test/kotlin/net/corda/finance/contracts/asset/test/DummyFungibleContract.kt
rename to node/src/test/kotlin/net/corda/finance/contracts/asset/test/DummyFungibleContract.kt
index aec5b1f088..e4a993a47d 100644
--- a/finance/contracts/src/test/kotlin/net/corda/finance/contracts/asset/test/DummyFungibleContract.kt
+++ b/node/src/test/kotlin/net/corda/finance/contracts/asset/test/DummyFungibleContract.kt
@@ -9,9 +9,9 @@ import net.corda.core.schemas.PersistentState
 import net.corda.core.schemas.QueryableState
 import net.corda.core.transactions.LedgerTransaction
 import net.corda.finance.contracts.asset.OnLedgerAsset
-import net.corda.finance.schemas.test.SampleCashSchemaV1
-import net.corda.finance.schemas.test.SampleCashSchemaV2
-import net.corda.finance.schemas.test.SampleCashSchemaV3
+import net.corda.finance.test.SampleCashSchemaV1
+import net.corda.finance.test.SampleCashSchemaV2
+import net.corda.finance.test.SampleCashSchemaV3
 import net.corda.finance.utils.sumCash
 import net.corda.finance.utils.sumCashOrNull
 import net.corda.finance.utils.sumCashOrZero
diff --git a/node/src/test/kotlin/net/corda/node/CordaRPCOpsImplTest.kt b/node/src/test/kotlin/net/corda/node/CordaRPCOpsImplTest.kt
index a15ef1d97e..233705771a 100644
--- a/node/src/test/kotlin/net/corda/node/CordaRPCOpsImplTest.kt
+++ b/node/src/test/kotlin/net/corda/node/CordaRPCOpsImplTest.kt
@@ -280,7 +280,7 @@ class CordaRPCOpsImplTest {
     }
 
     @Test
-    fun `can't upload the same attachment`() {
+    fun `cannot upload the same attachment`() {
         withPermissions(invokeRpc(CordaRPCOps::uploadAttachment), invokeRpc(CordaRPCOps::attachmentExists)) {
             val inputJar1 = Thread.currentThread().contextClassLoader.getResourceAsStream(testJar)
             val inputJar2 = Thread.currentThread().contextClassLoader.getResourceAsStream(testJar)
diff --git a/node/src/test/kotlin/net/corda/node/internal/FlowRegistrationTest.kt b/node/src/test/kotlin/net/corda/node/internal/FlowRegistrationTest.kt
index 8b59037248..0bbb43147e 100644
--- a/node/src/test/kotlin/net/corda/node/internal/FlowRegistrationTest.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/FlowRegistrationTest.kt
@@ -10,6 +10,7 @@ import net.corda.core.identity.Party
 import net.corda.core.utilities.unwrap
 import net.corda.testing.core.singleIdentity
 import net.corda.testing.node.MockNetwork
+import net.corda.testing.node.MockNetworkParameters
 import net.corda.testing.node.MockNodeParameters
 import net.corda.testing.node.StartedMockNode
 import org.junit.After
@@ -26,7 +27,7 @@ class FlowRegistrationTest {
     @Before
     fun setup() {
         // no cordapps scanned so it can be tested in isolation
-        mockNetwork = MockNetwork(emptyList())
+        mockNetwork = MockNetwork(MockNetworkParameters())
         initiator = mockNetwork.createNode(MockNodeParameters(legalName = CordaX500Name("initiator", "Reading", "GB")))
         responder = mockNetwork.createNode(MockNodeParameters(legalName = CordaX500Name("responder", "Reading", "GB")))
         mockNetwork.runNetwork()
diff --git a/node/src/test/kotlin/net/corda/node/internal/cordapp/CordappProviderImplTests.kt b/node/src/test/kotlin/net/corda/node/internal/cordapp/CordappProviderImplTests.kt
index 77d97f5715..cff8ba4bca 100644
--- a/node/src/test/kotlin/net/corda/node/internal/cordapp/CordappProviderImplTests.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/cordapp/CordappProviderImplTests.kt
@@ -15,10 +15,10 @@ import java.net.URL
 
 class CordappProviderImplTests {
     private companion object {
-        val isolatedJAR = this::class.java.getResource("isolated.jar")!!
+        val isolatedJAR: URL = this::class.java.getResource("/isolated.jar")
         // TODO: Cordapp name should differ from the JAR name
         const val isolatedCordappName = "isolated"
-        val emptyJAR = this::class.java.getResource("empty.jar")!!
+        val emptyJAR: URL = this::class.java.getResource("empty.jar")
         val validConfig: Config = ConfigFactory.parseString("key=value")
 
         val stubConfigProvider = object : CordappConfigProvider {
@@ -52,7 +52,7 @@ class CordappProviderImplTests {
     @Test
     fun `test that we find a cordapp class that is loaded into the store`() {
         val provider = newCordappProvider(isolatedJAR)
-        val className = "net.corda.finance.contracts.isolated.AnotherDummyContract"
+        val className = "net.corda.isolated.contracts.AnotherDummyContract"
 
         val expected = provider.cordapps.first()
         val actual = provider.getCordappForClass(className)
@@ -62,9 +62,9 @@ class CordappProviderImplTests {
     }
 
     @Test
-    fun `test that we find an attachment for a cordapp contrat class`() {
+    fun `test that we find an attachment for a cordapp contract class`() {
         val provider = newCordappProvider(isolatedJAR)
-        val className = "net.corda.finance.contracts.isolated.AnotherDummyContract"
+        val className = "net.corda.isolated.contracts.AnotherDummyContract"
         val expected = provider.getAppContext(provider.cordapps.first()).attachmentId
         val actual = provider.getContractAttachmentID(className)
 
diff --git a/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt b/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
index a2f4121b72..58f36530a8 100644
--- a/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
@@ -36,8 +36,8 @@ class DummyRPCFlow : FlowLogic<Unit>() {
 
 class JarScanningCordappLoaderTest {
     private companion object {
-        const val isolatedContractId = "net.corda.finance.contracts.isolated.AnotherDummyContract"
-        const val isolatedFlowName = "net.corda.finance.contracts.isolated.IsolatedDummyFlow\$Initiator"
+        const val isolatedContractId = "net.corda.isolated.contracts.AnotherDummyContract"
+        const val isolatedFlowName = "net.corda.isolated.workflows.IsolatedIssuanceFlow"
     }
 
     @Test
@@ -49,15 +49,15 @@ class JarScanningCordappLoaderTest {
 
     @Test
     fun `isolated JAR contains a CorDapp with a contract and plugin`() {
-        val isolatedJAR = JarScanningCordappLoaderTest::class.java.getResource("isolated.jar")!!
+        val isolatedJAR = JarScanningCordappLoaderTest::class.java.getResource("/isolated.jar")
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(isolatedJAR))
 
         assertThat(loader.cordapps).hasSize(1)
 
         val actualCordapp = loader.cordapps.single()
         assertThat(actualCordapp.contractClassNames).isEqualTo(listOf(isolatedContractId))
-        assertThat(actualCordapp.initiatedFlows.first().name).isEqualTo("net.corda.finance.contracts.isolated.IsolatedDummyFlow\$Acceptor")
-        assertThat(actualCordapp.rpcFlows).isEmpty()
+        assertThat(actualCordapp.initiatedFlows).isEmpty()
+        assertThat(actualCordapp.rpcFlows.first().name).isEqualTo(isolatedFlowName)
         assertThat(actualCordapp.schedulableFlows).isEmpty()
         assertThat(actualCordapp.services).isEmpty()
         assertThat(actualCordapp.serializationWhitelists).hasSize(1)
@@ -83,7 +83,7 @@ class JarScanningCordappLoaderTest {
     // being used internally. Later iterations will use a classloader per cordapp and this test can be retired.
     @Test
     fun `cordapp classloader can load cordapp classes`() {
-        val isolatedJAR = JarScanningCordappLoaderTest::class.java.getResource("isolated.jar")!!
+        val isolatedJAR = JarScanningCordappLoaderTest::class.java.getResource("/isolated.jar")
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(isolatedJAR), VersionInfo.UNKNOWN)
 
         loader.appClassLoader.loadClass(isolatedContractId)
diff --git a/node/src/test/kotlin/net/corda/node/internal/serialization/RoundTripObservableSerializerTests.kt b/node/src/test/kotlin/net/corda/node/internal/serialization/RoundTripObservableSerializerTests.kt
index e3e85e73ab..e3393b4208 100644
--- a/node/src/test/kotlin/net/corda/node/internal/serialization/RoundTripObservableSerializerTests.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/serialization/RoundTripObservableSerializerTests.kt
@@ -59,7 +59,7 @@ class RoundTripObservableSerializerTests {
     @Test
     fun roundTripTest1() {
         val serializationScheme = AMQPRoundTripRPCSerializationScheme(
-                serializationContext, emptySet(), AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised())
+                serializationContext, emptySet(), emptySet(), AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised())
 
         // Fake up a message ID, needs to be used on both "sides". The server setting it in the subscriptionMap,
         // the client as a property of the deserializer which, in the actual RPC client, is pulled off of
diff --git a/node/src/test/kotlin/net/corda/node/internal/serialization/testutils/AMQPTestSerialiationScheme.kt b/node/src/test/kotlin/net/corda/node/internal/serialization/testutils/AMQPTestSerialiationScheme.kt
index 0305ef41c4..7234380773 100644
--- a/node/src/test/kotlin/net/corda/node/internal/serialization/testutils/AMQPTestSerialiationScheme.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/serialization/testutils/AMQPTestSerialiationScheme.kt
@@ -4,6 +4,7 @@ import net.corda.client.rpc.internal.serialization.amqp.RpcClientObservableDeSer
 import net.corda.core.context.Trace
 import net.corda.core.serialization.SerializationContext
 import net.corda.core.serialization.SerializationCustomSerializer
+import net.corda.core.serialization.SerializationWhitelist
 import net.corda.node.serialization.amqp.RpcServerObservableSerializer
 import net.corda.nodeapi.RPCApi
 import net.corda.serialization.internal.CordaSerializationMagic
@@ -20,9 +21,10 @@ import net.corda.client.rpc.internal.ObservableContext as ClientObservableContex
 class AMQPRoundTripRPCSerializationScheme(
         private val serializationContext: SerializationContext,
         cordappCustomSerializers: Set<SerializationCustomSerializer<*, *>>,
+        cordappSerializationWhitelists: Set<SerializationWhitelist>,
         serializerFactoriesForContexts: MutableMap<SerializationFactoryCacheKey, SerializerFactory>)
     : AbstractAMQPSerializationScheme(
-        cordappCustomSerializers, serializerFactoriesForContexts
+        cordappCustomSerializers, cordappSerializationWhitelists, serializerFactoriesForContexts
 ) {
     override fun rpcClientSerializerFactory(context: SerializationContext): SerializerFactory {
         return SerializerFactoryBuilder.build(AllWhitelist, javaClass.classLoader).apply {
diff --git a/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt b/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt
index 19edce0d3d..1aeddd0256 100644
--- a/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt
@@ -1,16 +1,15 @@
 package net.corda.node.services
 
 import co.paralleluniverse.fibers.Suspendable
+import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.mock
+import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.concurrent.CordaFuture
 import net.corda.core.contracts.AlwaysAcceptAttachmentConstraint
 import net.corda.core.contracts.StateRef
 import net.corda.core.contracts.TimeWindow
 import net.corda.core.crypto.SecureHash
-import net.corda.core.flows.FinalityFlow
-import net.corda.core.flows.FlowLogic
-import net.corda.core.flows.FlowSession
-import net.corda.core.flows.NotarisationRequestSignature
-import net.corda.core.flows.NotaryFlow
+import net.corda.core.flows.*
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
 import net.corda.core.internal.FlowIORequest
@@ -26,6 +25,9 @@ import net.corda.core.utilities.ProgressTracker
 import net.corda.core.utilities.minutes
 import net.corda.core.utilities.seconds
 import net.corda.node.services.api.ServiceHubInternal
+import net.corda.node.services.config.FlowTimeoutConfiguration
+import net.corda.node.services.config.NodeConfiguration
+import net.corda.node.services.config.NotaryConfig
 import net.corda.node.services.transactions.NonValidatingNotaryFlow
 import net.corda.nodeapi.internal.DevIdentityGenerator
 import net.corda.nodeapi.internal.network.NetworkParametersCopier
@@ -35,15 +37,8 @@ import net.corda.testing.core.dummyCommand
 import net.corda.testing.core.singleIdentity
 import net.corda.testing.internal.LogHelper
 import net.corda.testing.node.InMemoryMessagingNetwork
-import net.corda.testing.node.MockNetFlowTimeOut
-import net.corda.testing.node.MockNetNotaryConfig
 import net.corda.testing.node.MockNetworkParameters
-import net.corda.testing.node.MockNodeConfigOverrides
-import net.corda.testing.node.internal.InternalMockNetwork
-import net.corda.testing.node.internal.InternalMockNodeParameters
-import net.corda.testing.node.internal.TestStartedNode
-import net.corda.testing.node.internal.cordappsForPackages
-import net.corda.testing.node.internal.startFlow
+import net.corda.testing.node.internal.*
 import org.junit.AfterClass
 import org.junit.Before
 import org.junit.BeforeClass
@@ -88,7 +83,6 @@ class TimedFlowTests {
             notary = started.first
             node = started.second
             patientNode = started.third
-
         }
 
         @AfterClass
@@ -105,33 +99,38 @@ class TimedFlowTests {
                     serviceLegalName)
 
             val networkParameters = NetworkParametersCopier(testNetworkParameters(listOf(NotaryInfo(notaryIdentity, false))))
-            val notaryConfig = MockNetNotaryConfig(
-                    serviceLegalName = serviceLegalName,
-                    validating = false,
-                    className = TestNotaryService::class.java.name
-            )
+            val notaryConfig = mock<NotaryConfig> {
+                whenever(it.serviceLegalName).thenReturn(serviceLegalName)
+                whenever(it.validating).thenReturn(true)
+                whenever(it.className).thenReturn(TestNotaryService::class.java.name)
+            }
 
             val notaryNodes = (0 until CLUSTER_SIZE).map {
-                mockNet.createUnstartedNode(InternalMockNodeParameters(configOverrides = MockNodeConfigOverrides(
-                        notary = notaryConfig
-                )))
+                mockNet.createUnstartedNode(InternalMockNodeParameters(configOverrides = {
+                    doReturn(notaryConfig).whenever(it).notary
+                }))
             }
 
             val aliceNode = mockNet.createUnstartedNode(
                     InternalMockNodeParameters(
                             legalName = CordaX500Name("Alice", "AliceCorp", "GB"),
-                            configOverrides = MockNodeConfigOverrides(flowTimeout = MockNetFlowTimeOut(2.seconds, 3, 1.0))
+                            configOverrides = { conf: NodeConfiguration ->
+                                val retryConfig = FlowTimeoutConfiguration(1.seconds, 3, 1.0)
+                                doReturn(retryConfig).whenever(conf).flowTimeout
+                            }
                     )
             )
 
             val patientNode = mockNet.createUnstartedNode(
                     InternalMockNodeParameters(
                             legalName = CordaX500Name("Bob", "BobCorp", "GB"),
-                            configOverrides = MockNodeConfigOverrides(flowTimeout = MockNetFlowTimeOut(10.seconds, 3, 1.0))
+                            configOverrides = { conf: NodeConfiguration ->
+                                val retryConfig = FlowTimeoutConfiguration(10.seconds, 3, 1.0)
+                                doReturn(retryConfig).whenever(conf).flowTimeout
+                            }
                     )
             )
 
-
             // MockNetwork doesn't support notary clusters, so we create all the nodes we need unstarted, and then install the
             // network-parameters in their directories before they're started.
             val nodes = (notaryNodes + aliceNode + patientNode).map { node ->
diff --git a/node/src/test/kotlin/net/corda/node/services/identity/PersistentIdentityServiceTests.kt b/node/src/test/kotlin/net/corda/node/services/identity/PersistentIdentityServiceTests.kt
index bf8a16880f..26886a011d 100644
--- a/node/src/test/kotlin/net/corda/node/services/identity/PersistentIdentityServiceTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/identity/PersistentIdentityServiceTests.kt
@@ -7,7 +7,6 @@ import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
 import net.corda.core.identity.PartyAndCertificate
 import net.corda.core.node.services.UnknownAnonymousPartyException
-import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.crypto.CertificateType
 import net.corda.nodeapi.internal.crypto.X509Utilities
 import net.corda.nodeapi.internal.crypto.x509Certificates
@@ -16,6 +15,7 @@ import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.core.*
 import net.corda.testing.internal.DEV_INTERMEDIATE_CA
 import net.corda.testing.internal.DEV_ROOT_CA
+import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.testing.internal.configureDatabase
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import net.corda.testing.node.makeTestIdentityService
@@ -96,21 +96,21 @@ class PersistentIdentityServiceTests {
     }
 
     @Test
-    fun `stripping others when none registered does not strip`() {
-        assertEquals(identityService.stripCachedPeerKeys(listOf(BOB_PUBKEY)).first(), BOB_PUBKEY)
+    fun `stripping others when none registered strips`() {
+        assertEquals(identityService.stripNotOurKeys(listOf(BOB_PUBKEY)).firstOrNull(), null)
     }
 
     @Test
-    fun `stripping others when only us registered does not strip`() {
+    fun `stripping others when only us registered strips`() {
         identityService.verifyAndRegisterIdentity(ALICE_IDENTITY)
-        assertEquals(identityService.stripCachedPeerKeys(listOf(BOB_PUBKEY)).first(), BOB_PUBKEY)
+        assertEquals(identityService.stripNotOurKeys(listOf(BOB_PUBKEY)).firstOrNull(), null)
     }
 
     @Test
     fun `stripping others when us and others registered does not strip us`() {
         identityService.verifyAndRegisterIdentity(ALICE_IDENTITY)
         identityService.verifyAndRegisterIdentity(BOB_IDENTITY)
-        val stripped = identityService.stripCachedPeerKeys(listOf(ALICE_PUBKEY, BOB_PUBKEY))
+        val stripped = identityService.stripNotOurKeys(listOf(ALICE_PUBKEY, BOB_PUBKEY))
         assertEquals(stripped.single(), ALICE_PUBKEY)
     }
 
diff --git a/node/src/test/kotlin/net/corda/node/services/network/DBNetworkParametersStorageTest.kt b/node/src/test/kotlin/net/corda/node/services/network/DBNetworkParametersStorageTest.kt
index 9e690f0396..30ae1e4bff 100644
--- a/node/src/test/kotlin/net/corda/node/services/network/DBNetworkParametersStorageTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/network/DBNetworkParametersStorageTest.kt
@@ -8,7 +8,7 @@ import com.sun.xml.internal.messaging.saaj.util.ByteOutputStream
 import net.corda.core.crypto.SecureHash
 import net.corda.core.internal.SignedDataWithCert
 import net.corda.core.node.NetworkParameters
-import net.corda.core.node.services.NetworkParametersStorage
+import net.corda.core.node.services.NetworkParametersService
 import net.corda.node.internal.DBNetworkParametersStorage
 import net.corda.nodeapi.internal.createDevNetworkMapCa
 import net.corda.nodeapi.internal.crypto.CertificateAndKeyPair
@@ -35,7 +35,7 @@ class DBNetworkParametersStorageTest {
     val testSerialization = SerializationEnvironmentRule(true)
 
     private lateinit var networkMapClient: NetworkMapClient
-    private lateinit var nodeParametersStorage: NetworkParametersStorage
+    private lateinit var networkParametersService: NetworkParametersService
     private lateinit var database: CordaPersistence
 
     private val certKeyPair: CertificateAndKeyPair = createDevNetworkMapCa()
@@ -61,7 +61,7 @@ class DBNetworkParametersStorageTest {
                 { null }
         )
         networkMapClient = createMockNetworkMapClient()
-        nodeParametersStorage = DBNetworkParametersStorage(TestingNamedCacheFactory(), database, networkMapClient).apply {
+        networkParametersService = DBNetworkParametersStorage(TestingNamedCacheFactory(), database, networkMapClient).apply {
             database.transaction {
                 setCurrentParameters(netParams1, DEV_ROOT_CA.certificate)
             }
@@ -75,21 +75,21 @@ class DBNetworkParametersStorageTest {
 
     @Test
     fun `set current parameters`() {
-        assertThat(nodeParametersStorage.currentHash).isEqualTo(hash1)
-        assertThat(nodeParametersStorage.lookup(hash1)).isEqualTo(netParams1.verified())
+        assertThat(networkParametersService.currentHash).isEqualTo(hash1)
+        assertThat(networkParametersService.lookup(hash1)).isEqualTo(netParams1.verified())
     }
 
     @Test
     fun `get default parameters`() {
         // TODO After implementing default endpoint on network map check it is correct, for now we set it to current.
-        assertThat(nodeParametersStorage.defaultHash).isEqualTo(hash1)
+        assertThat(networkParametersService.defaultHash).isEqualTo(hash1)
     }
 
     @Test
     fun `download parameters from network map server`() {
         database.transaction {
-            val netParams = nodeParametersStorage.lookup(hash2)
-            assertThat(nodeParametersStorage.lookup(hash2)).isEqualTo(netParams)
+            val netParams = networkParametersService.lookup(hash2)
+            assertThat(networkParametersService.lookup(hash2)).isEqualTo(netParams)
             verify(networkMapClient, times(1)).getNetworkParameters(hash2)
 
         }
@@ -99,7 +99,7 @@ class DBNetworkParametersStorageTest {
     fun `try save parameters with incorrect signature`() {
         database.transaction {
             val consoleOutput = interceptConsoleOutput {
-                nodeParametersStorage.lookup(hash3)
+                networkParametersService.lookup(hash3)
             }
             assertThat(consoleOutput).anySatisfy {
                 it.contains("Caused by: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed")
@@ -119,7 +119,7 @@ class DBNetworkParametersStorageTest {
     private fun createMockNetworkMapClient(): NetworkMapClient {
         return mock {
             on { getNetworkParameters(any()) }.then {
-                val hash = it.getArguments()[0]
+                val hash = it.arguments[0]
                 when (hash) {
                     hash1 -> netParams1
                     hash2 -> netParams2
diff --git a/node/src/test/kotlin/net/corda/node/services/network/NetworkMapUpdaterTest.kt b/node/src/test/kotlin/net/corda/node/services/network/NetworkMapUpdaterTest.kt
index f70ca0fc18..5528fd59b0 100644
--- a/node/src/test/kotlin/net/corda/node/services/network/NetworkMapUpdaterTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/network/NetworkMapUpdaterTest.kt
@@ -18,7 +18,7 @@ import net.corda.core.node.services.AttachmentId
 import net.corda.core.serialization.serialize
 import net.corda.core.utilities.millis
 import net.corda.node.VersionInfo
-import net.corda.node.internal.NetworkParametersStorageInternal
+import net.corda.node.internal.NetworkParametersStorage
 import net.corda.node.services.api.NetworkMapCacheInternal
 import net.corda.node.services.config.NetworkParameterAcceptanceSettings
 import net.corda.nodeapi.internal.NodeInfoAndSigned
@@ -71,7 +71,7 @@ class NetworkMapUpdaterTest {
     private val networkMapCache = createMockNetworkMapCache()
     private lateinit var ourKeyPair: KeyPair
     private lateinit var ourNodeInfo: SignedNodeInfo
-    private val networkParametersStorage: NetworkParametersStorageInternal = mock()
+    private val networkParametersStorage: NetworkParametersStorage = mock()
     private lateinit var server: NetworkMapServer
     private lateinit var networkMapClient: NetworkMapClient
     private var updater: NetworkMapUpdater? = null
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/AppendOnlyPersistentMapTest.kt b/node/src/test/kotlin/net/corda/node/services/persistence/AppendOnlyPersistentMapTest.kt
index 05edf376ff..a054ae24a3 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/AppendOnlyPersistentMapTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/AppendOnlyPersistentMapTest.kt
@@ -9,9 +9,7 @@ import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.testing.internal.configureDatabase
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import org.junit.After
-import org.junit.Assert.assertEquals
-import org.junit.Assert.assertNull
-import org.junit.Assert.assertTrue
+import org.junit.Assert.*
 import org.junit.Test
 import org.junit.runner.RunWith
 import org.junit.runners.Parameterized
@@ -25,20 +23,20 @@ import javax.persistence.PersistenceException
 class AppendOnlyPersistentMapTest(var scenario: Scenario) {
     companion object {
         private val scenarios = arrayOf<Scenario>(
-                Scenario(false, ReadOrWrite.Read, ReadOrWrite.Read, Outcome.Fail, Outcome.Fail, isCached = false),
-                Scenario(false, ReadOrWrite.Write, ReadOrWrite.Read, Outcome.Success, Outcome.Fail, Outcome.Success, null),
-                Scenario(false, ReadOrWrite.Read, ReadOrWrite.Write, Outcome.Fail, Outcome.Success, isCached = false),
-                Scenario(false, ReadOrWrite.Write, ReadOrWrite.Write, Outcome.Success, Outcome.SuccessButErrorOnCommit, isCached = null),
-                Scenario(false, ReadOrWrite.WriteDuplicateAllowed, ReadOrWrite.Read, Outcome.Success, Outcome.Fail, Outcome.Success, null),
-                Scenario(false, ReadOrWrite.Read, ReadOrWrite.WriteDuplicateAllowed, Outcome.Fail, Outcome.Success, isCached = true),
-                Scenario(false, ReadOrWrite.WriteDuplicateAllowed, ReadOrWrite.WriteDuplicateAllowed, Outcome.Success, Outcome.SuccessButErrorOnCommit, Outcome.Fail, null),
-                Scenario(true, ReadOrWrite.Read, ReadOrWrite.Read, Outcome.Success, Outcome.Success, isCached = false),
-                Scenario(true, ReadOrWrite.Write, ReadOrWrite.Read, Outcome.SuccessButErrorOnCommit, Outcome.Success, isCached = null),
-                Scenario(true, ReadOrWrite.Read, ReadOrWrite.Write, Outcome.Success, Outcome.Fail, isCached = true),
-                Scenario(true, ReadOrWrite.Write, ReadOrWrite.Write, Outcome.SuccessButErrorOnCommit, Outcome.SuccessButErrorOnCommit, isCached = null),
-                Scenario(true, ReadOrWrite.WriteDuplicateAllowed, ReadOrWrite.Read, Outcome.Fail, Outcome.Success, isCached = null),
-                Scenario(true, ReadOrWrite.Read, ReadOrWrite.WriteDuplicateAllowed, Outcome.Success, Outcome.Fail, isCached = true),
-                Scenario(true, ReadOrWrite.WriteDuplicateAllowed, ReadOrWrite.WriteDuplicateAllowed, Outcome.Fail, Outcome.Fail, isCached = null)
+                Scenario(false, ReadOrWrite.Read, ReadOrWrite.Read, Outcome.Fail, Outcome.Fail),
+                Scenario(false, ReadOrWrite.Write, ReadOrWrite.Read, Outcome.Success, Outcome.Fail, Outcome.Success),
+                Scenario(false, ReadOrWrite.Read, ReadOrWrite.Write, Outcome.Fail, Outcome.Success),
+                Scenario(false, ReadOrWrite.Write, ReadOrWrite.Write, Outcome.Success, Outcome.SuccessButErrorOnCommit),
+                Scenario(false, ReadOrWrite.WriteDuplicateAllowed, ReadOrWrite.Read, Outcome.Success, Outcome.Fail, Outcome.Success),
+                Scenario(false, ReadOrWrite.Read, ReadOrWrite.WriteDuplicateAllowed, Outcome.Fail, Outcome.Success),
+                Scenario(false, ReadOrWrite.WriteDuplicateAllowed, ReadOrWrite.WriteDuplicateAllowed, Outcome.Success, Outcome.SuccessButErrorOnCommit, Outcome.Fail),
+                Scenario(true, ReadOrWrite.Read, ReadOrWrite.Read, Outcome.Success, Outcome.Success),
+                Scenario(true, ReadOrWrite.Write, ReadOrWrite.Read, Outcome.SuccessButErrorOnCommit, Outcome.Success),
+                Scenario(true, ReadOrWrite.Read, ReadOrWrite.Write, Outcome.Success, Outcome.Fail),
+                Scenario(true, ReadOrWrite.Write, ReadOrWrite.Write, Outcome.SuccessButErrorOnCommit, Outcome.SuccessButErrorOnCommit),
+                Scenario(true, ReadOrWrite.WriteDuplicateAllowed, ReadOrWrite.Read, Outcome.Fail, Outcome.Success),
+                Scenario(true, ReadOrWrite.Read, ReadOrWrite.WriteDuplicateAllowed, Outcome.Success, Outcome.Fail),
+                Scenario(true, ReadOrWrite.WriteDuplicateAllowed, ReadOrWrite.WriteDuplicateAllowed, Outcome.Fail, Outcome.Fail)
         )
 
         @Parameterized.Parameters(name = "{0}")
@@ -54,8 +52,7 @@ class AppendOnlyPersistentMapTest(var scenario: Scenario) {
                         val b: ReadOrWrite,
                         val aExpected: Outcome,
                         val bExpected: Outcome,
-                        val bExpectedIfSingleThreaded: Outcome = bExpected,
-                        val isCached: Boolean?)
+                        val bExpectedIfSingleThreaded: Outcome = bExpected)
 
     private val database = configureDatabase(makeTestDataSourceProperties(),
             DatabaseConfig(),
@@ -67,36 +64,6 @@ class AppendOnlyPersistentMapTest(var scenario: Scenario) {
         database.close()
     }
 
-    @Test
-    fun `getIfCached behaves as expected`() {
-        if (scenario.isCached != null) {
-            prepopulateIfRequired()
-            val map = createMap()
-            when (scenario.b) {
-                ReadOrWrite.Read -> { /* Do nothing */
-                }
-                ReadOrWrite.Write -> {
-                    // Cause a read-thru
-                    database.transaction { map.get(1) }
-                }
-                ReadOrWrite.WriteDuplicateAllowed -> {
-                    // Write a value that overwrites anything pre-populated potentially.
-                    database.transaction { map.addWithDuplicatesAllowed(1, "Y") }
-                }
-            }
-
-            val cachedValue = map.getIfCached(1)
-            val expectedValue = if (scenario.isCached!!) {
-                when (scenario.b) {
-                    ReadOrWrite.Read -> throw IllegalStateException("Do nothing and isCached = true is not a valid combination.")
-                    ReadOrWrite.Write -> "X"
-                    ReadOrWrite.WriteDuplicateAllowed -> "Y"
-                }
-            } else null
-            assertEquals(expectedValue, cachedValue)
-        }
-    }
-
     @Test
     fun `concurrent test no purge between A and B`() {
         prepopulateIfRequired()
@@ -156,7 +123,7 @@ class AppendOnlyPersistentMapTest(var scenario: Scenario) {
     @Test
     fun `concurrent test purge between A and B`() {
         // Writes intentionally do not check the database first, so purging between read and write changes behaviour
-        val remapped = mapOf(Scenario(true, ReadOrWrite.Read, ReadOrWrite.Write, Outcome.Success, Outcome.Fail, isCached = true) to Scenario(true, ReadOrWrite.Read, ReadOrWrite.Write, Outcome.Success, Outcome.SuccessButErrorOnCommit, isCached = true))
+        val remapped = mapOf(Scenario(true, ReadOrWrite.Read, ReadOrWrite.Write, Outcome.Success, Outcome.Fail) to Scenario(true, ReadOrWrite.Read, ReadOrWrite.Write, Outcome.Success, Outcome.SuccessButErrorOnCommit))
         scenario = remapped[scenario] ?: scenario
         prepopulateIfRequired()
         val map = createMap()
@@ -191,8 +158,8 @@ class AppendOnlyPersistentMapTest(var scenario: Scenario) {
     fun `test purge mid-way in a single transaction`() {
         // Writes intentionally do not check the database first, so purging between read and write changes behaviour
         // Also, a purge after write causes the subsequent read to flush to the database, causing the read to generate a constraint violation when single threaded (in same database transaction).
-        val remapped = mapOf(Scenario(true, ReadOrWrite.Read, ReadOrWrite.Write, Outcome.Success, Outcome.Fail, isCached = true) to Scenario(true, ReadOrWrite.Read, ReadOrWrite.Write, Outcome.SuccessButErrorOnCommit, Outcome.SuccessButErrorOnCommit, isCached = true),
-                Scenario(true, ReadOrWrite.Write, ReadOrWrite.Read, Outcome.SuccessButErrorOnCommit, Outcome.Success, isCached = null) to Scenario(true, ReadOrWrite.Write, ReadOrWrite.Read, Outcome.SuccessButErrorOnCommit, Outcome.SuccessButErrorOnCommit, isCached = null))
+        val remapped = mapOf(Scenario(true, ReadOrWrite.Read, ReadOrWrite.Write, Outcome.Success, Outcome.Fail) to Scenario(true, ReadOrWrite.Read, ReadOrWrite.Write, Outcome.SuccessButErrorOnCommit, Outcome.SuccessButErrorOnCommit),
+                Scenario(true, ReadOrWrite.Write, ReadOrWrite.Read, Outcome.SuccessButErrorOnCommit, Outcome.Success) to Scenario(true, ReadOrWrite.Write, ReadOrWrite.Read, Outcome.SuccessButErrorOnCommit, Outcome.SuccessButErrorOnCommit))
         scenario = remapped[scenario] ?: scenario
         prepopulateIfRequired()
         val map = createMap()
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/ExposeJpaToFlowsTests.kt b/node/src/test/kotlin/net/corda/node/services/persistence/ExposeJpaToFlowsTests.kt
index 7b42e089f6..b359a32fdf 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/ExposeJpaToFlowsTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/ExposeJpaToFlowsTests.kt
@@ -5,12 +5,15 @@ import com.esotericsoftware.kryo.KryoException
 import net.corda.core.contracts.UniqueIdentifier
 import net.corda.core.flows.FlowLogic
 import net.corda.core.identity.CordaX500Name
+import net.corda.core.internal.packageName
 import net.corda.core.schemas.MappedSchema
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.core.TestIdentity
 import net.corda.testing.node.MockNetwork
+import net.corda.testing.node.MockNetworkParameters
 import net.corda.testing.node.MockServices
+import net.corda.testing.node.internal.cordappsForPackages
 import net.corda.testing.node.makeTestIdentityService
 import org.junit.After
 import org.junit.Before
@@ -34,16 +37,15 @@ class ExposeJpaToFlowsTests {
     }
 
     val myself = TestIdentity(CordaX500Name("Me", "London", "GB"))
-    val cordapps = listOf("net.corda.node.services.persistence")
     lateinit var mockNet: MockNetwork
     lateinit var services: MockServices
     lateinit var database: CordaPersistence
 
     @Before
     fun setUp() {
-        mockNet = MockNetwork(cordapps)
+        mockNet = MockNetwork(MockNetworkParameters(cordappsForAllNodes = cordappsForPackages(javaClass.packageName)))
         val (db, mockServices) = MockServices.makeTestDatabaseAndMockServices(
-                cordappPackages = cordapps,
+                cordappPackages = listOf(javaClass.packageName),
                 identityService = makeTestIdentityService(myself.identity),
                 initialIdentity = myself,
                 networkParameters = testNetworkParameters(minimumPlatformVersion = 4)
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/HibernateColumnConverterTests.kt b/node/src/test/kotlin/net/corda/node/services/persistence/HibernateColumnConverterTests.kt
index 816b704f95..47e0c82cfd 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/HibernateColumnConverterTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/HibernateColumnConverterTests.kt
@@ -2,24 +2,21 @@ package net.corda.node.services.persistence
 
 import co.paralleluniverse.fibers.Suspendable
 import net.corda.core.contracts.Amount
+import net.corda.core.flows.FlowLogic
+import net.corda.core.flows.StartableByRPC
 import net.corda.core.identity.Party
-import net.corda.core.node.NotaryInfo
-import net.corda.core.serialization.CordaSerializable
 import net.corda.core.transactions.TransactionBuilder
 import net.corda.core.utilities.OpaqueBytes
-import net.corda.core.utilities.ProgressTracker
 import net.corda.core.utilities.getOrThrow
 import net.corda.finance.DOLLARS
 import net.corda.finance.`issued by`
 import net.corda.finance.contracts.asset.Cash
 import net.corda.finance.flows.AbstractCashFlow
-import net.corda.finance.flows.CashIssueFlow
 import net.corda.finance.issuedBy
-import net.corda.node.internal.NetworkParametersStorageInternal
 import net.corda.node.services.identity.PersistentIdentityService
 import net.corda.node.services.keys.E2ETestKeyManagementService
-import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.testing.core.BOC_NAME
+import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.testing.node.InMemoryMessagingNetwork
 import net.corda.testing.node.MockNetwork
 import net.corda.testing.node.StartedMockNode
@@ -48,7 +45,7 @@ class HibernateColumnConverterTests {
             return Result(tx, ourIdentity)
         }
     }
-
+    
     @Before
     fun start() {
         mockNet = MockNetwork(
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/HibernateConfigurationTest.kt b/node/src/test/kotlin/net/corda/node/services/persistence/HibernateConfigurationTest.kt
index 726d6b1cb6..7c82b8e933 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/HibernateConfigurationTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/HibernateConfigurationTest.kt
@@ -25,9 +25,9 @@ import net.corda.finance.SWISS_FRANCS
 import net.corda.finance.contracts.asset.Cash
 import net.corda.finance.contracts.asset.test.DummyFungibleContract
 import net.corda.finance.schemas.CashSchemaV1
-import net.corda.finance.schemas.test.SampleCashSchemaV1
-import net.corda.finance.schemas.test.SampleCashSchemaV2
-import net.corda.finance.schemas.test.SampleCashSchemaV3
+import net.corda.finance.test.SampleCashSchemaV1
+import net.corda.finance.test.SampleCashSchemaV2
+import net.corda.finance.test.SampleCashSchemaV3
 import net.corda.finance.utils.sumCash
 import net.corda.node.services.api.IdentityServiceInternal
 import net.corda.node.services.api.WritableTransactionStorage
@@ -100,12 +100,12 @@ class HibernateConfigurationTest {
     @Before
     fun setUp() {
         val cordappPackages = listOf("net.corda.testing.internal.vault", "net.corda.finance.contracts.asset", "net.corda.finance.schemas")
-        bankServices = MockServices(cordappPackages, BOC.name, rigorousMock(), BOC_KEY)
-        issuerServices = MockServices(cordappPackages, dummyCashIssuer, rigorousMock<IdentityService>())
-        notaryServices = MockServices(cordappPackages, dummyNotary, rigorousMock<IdentityService>())
+        bankServices = MockServices(cordappPackages, BOC.name, mock(), BOC_KEY)
+        issuerServices = MockServices(cordappPackages, dummyCashIssuer, mock<IdentityService>())
+        notaryServices = MockServices(cordappPackages, dummyNotary, mock<IdentityService>())
         notary = notaryServices.myInfo.singleIdentity()
         val dataSourceProps = makeTestDataSourceProperties()
-        val identityService = rigorousMock<IdentityService>().also { mock ->
+        val identityService = mock<IdentityService>().also { mock ->
             doReturn(null).whenever(mock).wellKnownPartyFromAnonymous(any<AbstractParty>())
             listOf(dummyCashIssuer, dummyNotary).forEach {
                 doReturn(it.party).whenever(mock).wellKnownPartyFromAnonymous(it.party)
@@ -118,10 +118,10 @@ class HibernateConfigurationTest {
             hibernateConfig = database.hibernateConfig
 
             // `consumeCash` expects we can self-notarise transactions
-            services = object : MockServices(cordappPackages, BOB_NAME, rigorousMock<IdentityServiceInternal>().also {
+            services = object : MockServices(cordappPackages, BOB_NAME, mock<IdentityServiceInternal>().also {
                 doNothing().whenever(it).justVerifyAndRegisterIdentity(argThat { name == BOB_NAME }, any())
             }, generateKeyPair(), dummyNotary.keyPair) {
-                override val vaultService = NodeVaultService(Clock.systemUTC(), keyManagementService, servicesForResolution, database, schemaService).apply { start() }
+                override val vaultService = NodeVaultService(Clock.systemUTC(), keyManagementService, servicesForResolution, database, schemaService, cordappClassloader).apply { start() }
                 override fun recordTransactions(statesToRecord: StatesToRecord, txs: Iterable<SignedTransaction>) {
                     for (stx in txs) {
                         (validatedTransactions as WritableTransactionStorage).addTransaction(stx)
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/MessageChainState.kt b/node/src/test/kotlin/net/corda/node/services/persistence/MessageChainState.kt
index a81f796756..37dfdbb61e 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/MessageChainState.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/MessageChainState.kt
@@ -15,8 +15,8 @@ import javax.persistence.Table
 @CordaSerializable
 data class MessageData(val value: String)
 
-data class MessageChainState(val message: MessageData, val by: Party, override val linearId: UniqueIdentifier = UniqueIdentifier()) : LinearState, QueryableState {
-    override val participants: List<AbstractParty> = listOf(by)
+data class MessageChainState(val message: MessageData, val by: Party, override val linearId: UniqueIdentifier = UniqueIdentifier(), val extraParty: Party? = null) : LinearState, QueryableState {
+    override val participants: List<AbstractParty> = if (extraParty == null) listOf(by) else listOf(by, extraParty)
 
     override fun generateMappedObject(schema: MappedSchema): PersistentState {
         return when (schema) {
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt b/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt
index 4dac20e949..af32b57b3c 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt
@@ -4,6 +4,8 @@ import co.paralleluniverse.fibers.Suspendable
 import com.codahale.metrics.MetricRegistry
 import com.google.common.jimfs.Configuration
 import com.google.common.jimfs.Jimfs
+import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.contracts.ContractAttachment
 import net.corda.core.crypto.SecureHash
 import net.corda.core.crypto.sha256
@@ -17,21 +19,22 @@ import net.corda.core.node.services.vault.Builder
 import net.corda.core.node.services.vault.Sort
 import net.corda.core.utilities.getOrThrow
 import net.corda.node.services.transactions.PersistentUniquenessProvider
+import net.corda.nodeapi.exceptions.DuplicateAttachmentException
+import net.corda.nodeapi.exceptions.DuplicateContractClassException
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
+import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.core.internal.ContractJarTestUtils.makeTestContractJar
 import net.corda.testing.core.internal.ContractJarTestUtils.makeTestJar
 import net.corda.testing.core.internal.ContractJarTestUtils.makeTestSignedContractJar
 import net.corda.testing.core.internal.SelfCleaningDir
-import net.corda.testing.internal.LogHelper
-import net.corda.testing.internal.TestingNamedCacheFactory
-import net.corda.testing.internal.configureDatabase
-import net.corda.testing.internal.rigorousMock
+import net.corda.testing.internal.*
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import net.corda.testing.node.internal.InternalMockNetwork
 import net.corda.testing.node.internal.startFlow
-import org.assertj.core.api.Assertions.assertThatIllegalArgumentException
+import org.assertj.core.api.Assertions.*
 import org.junit.After
+import org.junit.Assert.assertTrue
 import org.junit.Before
 import org.junit.Ignore
 import org.junit.Test
@@ -51,7 +54,9 @@ class NodeAttachmentServiceTest {
     private lateinit var fs: FileSystem
     private lateinit var database: CordaPersistence
     private lateinit var storage: NodeAttachmentService
-    private val services = rigorousMock<ServicesForResolution>()
+    private val services = rigorousMock<ServicesForResolution>().also {
+        doReturn(testNetworkParameters()).whenever(it).networkParameters
+    }
 
     @Before
     fun setUp() {
@@ -121,6 +126,43 @@ class NodeAttachmentServiceTest {
         }
     }
 
+    @Test
+    fun `attachment can be overridden by trusted uploader`() {
+        SelfCleaningDir().use { file ->
+            val contractJarName = makeTestContractJar(file.path, "com.example.MyContract")
+            val attachment = file.path.resolve(contractJarName)
+            val expectedAttachmentId = attachment.readAll().sha256()
+
+            val initialUploader = "test"
+            val attachmentId = attachment.read { storage.privilegedImportAttachment(it, initialUploader, null) }
+            assertThat(attachmentId).isEqualTo(expectedAttachmentId)
+            assertThat((storage.openAttachment(expectedAttachmentId) as ContractAttachment).uploader).isEqualTo(initialUploader)
+
+            val trustedUploader = TRUSTED_UPLOADERS.randomOrNull()!!
+
+            val overriddenAttachmentId = attachment.read { storage.privilegedImportAttachment(it, trustedUploader, null) }
+            assertThat(overriddenAttachmentId).isEqualTo(expectedAttachmentId)
+            assertThat((storage.openAttachment(expectedAttachmentId) as ContractAttachment).uploader).isEqualTo(trustedUploader)
+        }
+    }
+
+    @Test
+    fun `attachment cannot be overridden by untrusted uploader`() {
+        SelfCleaningDir().use { file ->
+            val contractJarName = makeTestContractJar(file.path, "com.example.MyContract")
+            val attachment = file.path.resolve(contractJarName)
+            val expectedAttachmentId = attachment.readAll().sha256()
+
+            val trustedUploader = TRUSTED_UPLOADERS.randomOrNull()!!
+            val attachmentId = attachment.read { storage.privilegedImportAttachment(it, trustedUploader, null) }
+            assertThat(attachmentId).isEqualTo(expectedAttachmentId)
+            assertThat((storage.openAttachment(expectedAttachmentId) as ContractAttachment).uploader).isEqualTo(trustedUploader)
+
+            val untrustedUploader = "test"
+            assertThatThrownBy { attachment.read { storage.privilegedImportAttachment(it, untrustedUploader, null) } }.isInstanceOf(DuplicateAttachmentException::class.java)
+        }
+    }
+
     @Test
     fun `insert contract attachment as an untrusted uploader and then as trusted CorDapp uploader`() {
         SelfCleaningDir().use { file ->
@@ -230,10 +272,18 @@ class NodeAttachmentServiceTest {
                     storage.queryAttachments(AttachmentsQueryCriteria(signersCondition = Builder.equal(listOf(publicKey)))).size
             )
 
-            assertEquals(
-                    3,
-                    storage.queryAttachments(AttachmentsQueryCriteria(isSignedCondition = Builder.equal(true))).size
-            )
+            val allAttachments = storage.queryAttachments(AttachmentsQueryCriteria())
+            assertEquals(6, allAttachments.size)
+
+            val signedAttachments = storage.queryAttachments(AttachmentsQueryCriteria(isSignedCondition = Builder.equal(true)))
+            assertEquals(3, signedAttachments.size)
+
+            val unsignedAttachments = storage.queryAttachments(AttachmentsQueryCriteria(isSignedCondition = Builder.equal(false)))
+            assertEquals(3, unsignedAttachments.size)
+
+            assertNotEquals(signedAttachments.toSet(), unsignedAttachments.toSet())
+
+            assertEquals(signedAttachments.toSet() + unsignedAttachments.toSet(), allAttachments.toSet())
 
             assertEquals(
                     1,
@@ -277,6 +327,138 @@ class NodeAttachmentServiceTest {
         }
     }
 
+    @Test
+    fun `cannot import jar with duplicated contract class, version and signers for trusted uploader`() {
+        SelfCleaningDir().use { file ->
+            val (contractJar, _) = makeTestSignedContractJar(file.path, "com.example.MyContract")
+            val anotherContractJar = makeTestContractJar(file.path, listOf( "com.example.MyContract", "com.example.AnotherContract"), true, generateManifest = false, jarFileName = "another-sample.jar")
+            contractJar.read { storage.privilegedImportAttachment(it, "app", "sample.jar") }
+
+            assertThatExceptionOfType(DuplicateContractClassException::class.java).isThrownBy {
+                anotherContractJar.read { storage.privilegedImportAttachment(it, "app", "another-sample.jar") }
+            }
+        }
+    }
+
+    @Test
+    fun `can import jar with duplicated contract class, version and signers - when one uploader is trusted and other isnt`() {
+        SelfCleaningDir().use { file ->
+            val (contractJar, _) = makeTestSignedContractJar(file.path, "com.example.MyContract")
+            val anotherContractJar = makeTestContractJar(file.path, listOf( "com.example.MyContract", "com.example.AnotherContract"), true, generateManifest = false, jarFileName = "another-sample.jar")
+            val attachmentId =  contractJar.read { storage.importAttachment(it, "uploaderA", "sample.jar") }
+            val anotherAttachmentId = anotherContractJar.read { storage.privilegedImportAttachment(it, "app", "another-sample.jar") }
+            assertNotEquals(attachmentId, anotherAttachmentId)
+        }
+    }
+
+    @Test
+    fun `can promote to trusted uploader for the same attachment`() {
+        SelfCleaningDir().use { file ->
+            val (contractJar, _) = makeTestSignedContractJar(file.path, "com.example.MyContract")
+            val attachmentId = contractJar.read { storage.importAttachment(it, "uploaderA", "sample.jar") }
+            val reimportedAttachmentId = contractJar.read { storage.privilegedImportAttachment(it, "app", "sample.jar") }
+            assertEquals(attachmentId, reimportedAttachmentId)
+        }
+    }
+
+    @Test
+    fun `cannot promote to trusted uploader if other trusted attachment already has duplicated contract class, version and signers`() {
+        SelfCleaningDir().use { file ->
+            val (contractJar, _) = makeTestSignedContractJar(file.path, "com.example.MyContract")
+            contractJar.read { storage.importAttachment(it, "uploaderA", "sample.jar") }
+            val anotherContractJar = makeTestContractJar(file.path, listOf( "com.example.MyContract", "com.example.AnotherContract"), true, generateManifest = false, jarFileName = "another-sample.jar")
+            anotherContractJar.read { storage.privilegedImportAttachment(it, "app", "another-sample.jar") }
+
+            assertThatExceptionOfType(DuplicateContractClassException::class.java).isThrownBy {
+                contractJar.read { storage.privilegedImportAttachment(it, "app", "sample.jar") }
+            }
+
+        }
+    }
+
+    @Test
+    fun `cannot promote to trusted uploder the same jar if other trusted uplodaer `() {
+        SelfCleaningDir().use { file ->
+            val (contractJar, _) = makeTestSignedContractJar(file.path, "com.example.MyContract")
+            val anotherContractJar = makeTestContractJar(file.path, listOf( "com.example.MyContract", "com.example.AnotherContract"), true, generateManifest = false, jarFileName = "another-sample.jar")
+            contractJar.read { storage.privilegedImportAttachment(it, "app", "sample.jar") }
+
+            assertThatExceptionOfType(DuplicateContractClassException::class.java).isThrownBy {
+                anotherContractJar.read { storage.privilegedImportAttachment(it, "app", "another-sample.jar") }
+            }
+        }
+    }
+
+    @Test
+    fun `can import duplicated contract class and signers if versions differ`() {
+        SelfCleaningDir().use { file ->
+            val (contractJar, _) = makeTestSignedContractJar(file.path, "com.example.MyContract",  2)
+            val anotherContractJar = makeTestContractJar(file.path, listOf( "com.example.MyContract", "com.example.AnotherContract"), true, generateManifest = false, jarFileName = "another-sample.jar")
+            contractJar.read { storage.importAttachment(it, "uploaderA", "sample.jar") }
+            anotherContractJar.read { storage.importAttachment(it, "uploaderA", "another-sample.jar") }
+
+            val attachments = storage.queryAttachments(AttachmentsQueryCriteria(contractClassNamesCondition = Builder.equal(listOf("com.example.MyContract"))))
+            assertEquals(2, attachments.size)
+            attachments.forEach {
+                assertTrue("com.example.MyContract" in (storage.openAttachment(it) as ContractAttachment).allContracts)
+            }
+        }
+    }
+
+    @Test
+    fun `can import duplicated contract class and version from unsiged attachment if a signed attachment already exists`() {
+        SelfCleaningDir().use { file ->
+            val (contractJar, _) = makeTestSignedContractJar(file.path, "com.example.MyContract")
+            val anotherContractJar = makeTestContractJar(file.path, listOf( "com.example.MyContract", "com.example.AnotherContract"), generateManifest = false, jarFileName = "another-sample.jar")
+            contractJar.read { storage.importAttachment(it, "uploaderA", "sample.jar") }
+            anotherContractJar.read { storage.importAttachment(it, "uploaderB", "another-sample.jar") }
+
+            val attachments = storage.queryAttachments(AttachmentsQueryCriteria(contractClassNamesCondition = Builder.equal(listOf("com.example.MyContract"))))
+            assertEquals(2, attachments.size)
+            attachments.forEach {
+                val att = storage.openAttachment(it)
+                assertTrue(att is ContractAttachment)
+                assertTrue("com.example.MyContract" in (att as ContractAttachment).allContracts)
+            }
+        }
+    }
+
+    @Test
+    fun `can import duplicated contract class and version from siged attachment if an unsigned attachment already exists`() {
+        SelfCleaningDir().use { file ->
+            val contractJar = makeTestContractJar(file.path, "com.example.MyContract")
+            val anotherContractJar = makeTestContractJar(file.path, listOf( "com.example.MyContract", "com.example.AnotherContract"), true, generateManifest = false, jarFileName = "another-sample.jar")
+            contractJar.read { storage.importAttachment(it, "uploaderA", "sample.jar") }
+            anotherContractJar.read { storage.importAttachment(it, "uploaderB", "another-sample.jar") }
+
+            val attachments = storage.queryAttachments(AttachmentsQueryCriteria(contractClassNamesCondition = Builder.equal(listOf("com.example.MyContract"))))
+            assertEquals(2, attachments.size)
+            attachments.forEach {
+                val att = storage.openAttachment(it)
+                assertTrue(att is ContractAttachment)
+                assertTrue("com.example.MyContract" in (att as ContractAttachment).allContracts)
+            }
+        }
+    }
+
+    @Test
+    fun `can import duplicated contract class and version for unsigned attachments`() {
+        SelfCleaningDir().use { file ->
+            val contractJar = makeTestContractJar(file.path, "com.example.MyContract")
+            val anotherContractJar = makeTestContractJar(file.path, listOf( "com.example.MyContract", "com.example.AnotherContract"), generateManifest = false, jarFileName = "another-sample.jar")
+            contractJar.read { storage.importAttachment(it, "uploaderA", "sample.jar") }
+            anotherContractJar.read { storage.importAttachment(it, "uploaderB", "another-sample.jar") }
+
+            val attachments = storage.queryAttachments(AttachmentsQueryCriteria(contractClassNamesCondition = Builder.equal(listOf("com.example.MyContract"))))
+            assertEquals(2, attachments.size)
+            attachments.forEach {
+                val att = storage.openAttachment(it)
+                assertTrue(att is ContractAttachment)
+                assertTrue("com.example.MyContract" in (att as ContractAttachment).allContracts)
+            }
+        }
+    }
+
     @Test
     fun `sorting and compound conditions work`() {
         val (jarA, hashA) = makeTestJar(listOf(Pair("a", "a")))
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/TransactionOrderingTests.kt b/node/src/test/kotlin/net/corda/node/services/persistence/TransactionOrderingTests.kt
new file mode 100644
index 0000000000..507c72bd03
--- /dev/null
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/TransactionOrderingTests.kt
@@ -0,0 +1,115 @@
+package net.corda.node.services.persistence
+
+import co.paralleluniverse.fibers.Suspendable
+import net.corda.core.contracts.Command
+import net.corda.core.contracts.StateAndContract
+import net.corda.core.contracts.StateAndRef
+import net.corda.core.contracts.StateRef
+import net.corda.core.flows.*
+import net.corda.core.identity.Party
+import net.corda.core.internal.packageName
+import net.corda.core.node.StatesToRecord
+import net.corda.core.node.services.Vault
+import net.corda.core.node.services.vault.QueryCriteria
+import net.corda.core.transactions.SignedTransaction
+import net.corda.core.transactions.TransactionBuilder
+import net.corda.core.utilities.getOrThrow
+import net.corda.testing.core.ALICE_NAME
+import net.corda.testing.core.BOB_NAME
+import net.corda.testing.node.internal.InternalMockNetwork
+import net.corda.testing.node.internal.cordappWithPackages
+import net.corda.testing.node.internal.startFlow
+import org.junit.After
+import org.junit.Before
+import org.junit.Test
+import kotlin.test.assertEquals
+
+class TransactionOrderingTests {
+    private lateinit var mockNet: InternalMockNetwork
+
+    @Before
+    fun start() {
+        mockNet = InternalMockNetwork(
+                cordappsForAllNodes = listOf(cordappWithPackages(MessageChainState::class.packageName)),
+                networkSendManuallyPumped = false,
+                threadPerNode = true)
+    }
+
+    @After
+    fun cleanUp() {
+        mockNet.stopNodes()
+    }
+
+    @Test
+    fun `Out of order transactions are recorded in vault correctly`() {
+        val alice = mockNet.createPartyNode(ALICE_NAME)
+        val aliceID = alice.info.identityFromX500Name(ALICE_NAME)
+
+        val bob = mockNet.createPartyNode(BOB_NAME)
+        val bobID = bob.info.identityFromX500Name(BOB_NAME)
+        bob.registerInitiatedFlow(ReceiveTx::class.java)
+
+        val notary = mockNet.defaultNotaryNode
+        val notaryID = mockNet.defaultNotaryIdentity
+
+        fun signTx(txBuilder: TransactionBuilder): SignedTransaction {
+            val first = alice.services.signInitialTransaction(txBuilder)
+            val second = bob.services.addSignature(first)
+            return notary.services.addSignature(second)
+        }
+
+        val state1 = MessageChainState(MessageData("A"), aliceID, extraParty = bobID)
+        val command = Command(MessageChainContract.Commands.Send(), state1.participants.map {it.owningKey})
+        val tx1Builder = TransactionBuilder(notaryID).withItems(
+                StateAndContract(state1, MESSAGE_CHAIN_CONTRACT_PROGRAM_ID),
+                command)
+        val stx1 = signTx(tx1Builder)
+
+        val state2 = MessageChainState(MessageData("AA"), aliceID, state1.linearId, extraParty = bobID)
+        val tx2Builder = TransactionBuilder(notaryID).withItems(
+                StateAndContract(state2, MESSAGE_CHAIN_CONTRACT_PROGRAM_ID),
+                command,
+                StateAndRef(stx1.coreTransaction.outputs[0], StateRef(stx1.coreTransaction.id, 0))
+        )
+        val stx2 = signTx(tx2Builder)
+
+        val state3 = MessageChainState(MessageData("AAA"), aliceID, state1.linearId, extraParty = bobID)
+        val tx3Builder = TransactionBuilder(notaryID).withItems(
+                StateAndContract(state3, MESSAGE_CHAIN_CONTRACT_PROGRAM_ID),
+                command,
+                StateAndRef(stx2.coreTransaction.outputs[0], StateRef(stx2.coreTransaction.id, 0))
+        )
+        val stx3 = signTx(tx3Builder)
+
+        alice.services.recordTransactions(listOf(stx1, stx2, stx3))
+
+        alice.services.startFlow(SendTx(bobID, stx3)).resultFuture.getOrThrow()
+        alice.services.startFlow(SendTx(bobID, stx1)).resultFuture.getOrThrow()
+        alice.services.startFlow(SendTx(bobID, stx2)).resultFuture.getOrThrow()
+
+        val queryCriteria = QueryCriteria.VaultQueryCriteria(Vault.StateStatus.ALL)
+        val bobStates = bob.services.vaultService.queryBy(MessageChainState::class.java, queryCriteria)
+        assertEquals(3, bobStates.states.size)
+    }
+}
+
+@InitiatingFlow
+@StartableByRPC
+class SendTx(private val party: Party,
+             private val stx: SignedTransaction) : FlowLogic<Unit>() {
+    @Suspendable
+    override fun call() {
+        val session = initiateFlow(party)
+        subFlow(SendTransactionFlow(session, stx))
+        session.receive<Unit>()
+    }
+}
+
+@InitiatedBy(SendTx::class)
+class ReceiveTx(private val otherSideSession: FlowSession) : FlowLogic<Unit>() {
+    @Suspendable
+    override fun call() {
+        subFlow(ReceiveTransactionFlow(otherSideSession, true, StatesToRecord.ONLY_RELEVANT))
+        otherSideSession.send(Unit)
+    }
+}
\ No newline at end of file
diff --git a/node/src/test/kotlin/net/corda/node/services/statemachine/IdempotentFlowTests.kt b/node/src/test/kotlin/net/corda/node/services/statemachine/IdempotentFlowTests.kt
index 51f8fe7458..c6706d77b4 100644
--- a/node/src/test/kotlin/net/corda/node/services/statemachine/IdempotentFlowTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/statemachine/IdempotentFlowTests.kt
@@ -1,6 +1,8 @@
 package net.corda.node.services.statemachine
 
 import co.paralleluniverse.fibers.Suspendable
+import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.crypto.SecureHash
 import net.corda.core.flows.FlowLogic
 import net.corda.core.flows.InitiatingFlow
@@ -9,8 +11,7 @@ import net.corda.core.internal.IdempotentFlow
 import net.corda.core.internal.TimedFlow
 import net.corda.core.internal.packageName
 import net.corda.core.utilities.seconds
-import net.corda.testing.node.MockNetFlowTimeOut
-import net.corda.testing.node.MockNodeConfigOverrides
+import net.corda.node.services.config.FlowTimeoutConfiguration
 import net.corda.testing.node.internal.*
 import org.junit.After
 import org.junit.Before
@@ -35,7 +36,10 @@ class IdempotentFlowTests {
         mockNet = InternalMockNetwork(threadPerNode = true, cordappsForAllNodes = cordappsForPackages(this.javaClass.packageName))
         nodeA = mockNet.createNode(InternalMockNodeParameters(
                 legalName = CordaX500Name("Alice", "AliceCorp", "GB"),
-                configOverrides = MockNodeConfigOverrides(flowTimeout = MockNetFlowTimeOut(1.seconds, 3, 1.0))
+                configOverrides = {
+                    val retryConfig = FlowTimeoutConfiguration(1.seconds, 3, 1.0)
+                    doReturn(retryConfig).whenever(it).flowTimeout
+                }
         ))
         nodeB = mockNet.createNode()
         mockNet.startNodes()
@@ -71,7 +75,7 @@ class IdempotentFlowTests {
         @Suspendable
         override fun call() {
             subFlowExecutionCounter.incrementAndGet() // No checkpoint should be taken before invoking IdempotentSubFlow,
-                                                      // so this should be replayed when TimedSubFlow restarts.
+            // so this should be replayed when TimedSubFlow restarts.
             subFlow(IdempotentSubFlow()) // Checkpoint shouldn't be taken before invoking the sub-flow.
         }
     }
diff --git a/node/src/test/kotlin/net/corda/node/services/transactions/NotaryServiceTests.kt b/node/src/test/kotlin/net/corda/node/services/transactions/NotaryServiceTests.kt
index 0aaa80595f..d57fa9c465 100644
--- a/node/src/test/kotlin/net/corda/node/services/transactions/NotaryServiceTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/transactions/NotaryServiceTests.kt
@@ -22,7 +22,6 @@ import net.corda.testing.node.internal.*
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.After
 import org.junit.Before
-import org.junit.Ignore
 import org.junit.Test
 import kotlin.test.assertFailsWith
 
@@ -89,7 +88,7 @@ class NotaryServiceTests {
 
         private fun generateTransaction(node: TestStartedNode,
                                         party: Party, notary: Party,
-                                        paramsHash: SecureHash? = node.services.networkParametersStorage.currentHash,
+                                        paramsHash: SecureHash? = node.services.networkParametersService.currentHash,
                                         numberOfInputs: Int = 10_005): SignedTransaction {
             val txHash = SecureHash.randomSHA256()
             val inputs = (1..numberOfInputs).map { StateRef(txHash, it) }
diff --git a/node/src/test/kotlin/net/corda/node/services/transactions/NotaryWhitelistTests.kt b/node/src/test/kotlin/net/corda/node/services/transactions/NotaryWhitelistTests.kt
index dd05aa31b5..7f78e0c3ef 100644
--- a/node/src/test/kotlin/net/corda/node/services/transactions/NotaryWhitelistTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/transactions/NotaryWhitelistTests.kt
@@ -222,7 +222,7 @@ class NotaryWhitelistTests(
                 listOf(inputState.ref),
                 fakeNotaryParty,
                 oldNotary,
-                aliceNode.services.networkParametersStorage.currentHash
+                aliceNode.services.networkParametersService.currentHash
         ).build()
 
         val notaryChangeAliceSig = getAliceSig(notaryChangeTx)
diff --git a/node/src/test/kotlin/net/corda/node/services/transactions/ResolveStatePointersTest.kt b/node/src/test/kotlin/net/corda/node/services/transactions/ResolveStatePointersTest.kt
index e6c6f06aa9..0d7326b790 100644
--- a/node/src/test/kotlin/net/corda/node/services/transactions/ResolveStatePointersTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/transactions/ResolveStatePointersTest.kt
@@ -87,7 +87,7 @@ class ResolveStatePointersTest {
     @Test
     fun `resolving nested pointers is possible`() {
         // Create barOne.
-        createPointedToState(barOne)
+        val barOneStateAndRef = createPointedToState(barOne)
 
         // Create another Bar - barTwo - which points to barOne.
         val barTwoStateAndRef = createPointedToState(barTwo)
@@ -105,6 +105,7 @@ class ResolveStatePointersTest {
 
         // Check both Bar StateRefs have been added to the transaction.
         assertEquals(2, tx.referenceStates().size)
+        assertEquals(setOf(barOneStateAndRef.ref, barTwoStateAndRef.ref), tx.referenceStates().toSet())
     }
 
     @Test
diff --git a/node/src/test/kotlin/net/corda/node/services/transactions/UniquenessProviderTests.kt b/node/src/test/kotlin/net/corda/node/services/transactions/UniquenessProviderTests.kt
index 298119c1c7..23fcb3919f 100644
--- a/node/src/test/kotlin/net/corda/node/services/transactions/UniquenessProviderTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/transactions/UniquenessProviderTests.kt
@@ -1,5 +1,6 @@
 package net.corda.node.services.transactions
 
+import com.codahale.metrics.MetricRegistry
 import net.corda.core.contracts.TimeWindow
 import net.corda.core.crypto.DigitalSignature
 import net.corda.core.crypto.NullKeys
@@ -10,16 +11,21 @@ import net.corda.core.flows.NotaryError
 import net.corda.core.flows.StateConsumptionDetails
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.internal.notary.UniquenessProvider
+import net.corda.core.utilities.NetworkHostAndPort
 import net.corda.core.utilities.minutes
 import net.corda.node.services.schema.NodeSchemaService
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
+import net.corda.notary.experimental.raft.RaftConfig
+import net.corda.notary.experimental.raft.RaftNotarySchemaV1
+import net.corda.notary.experimental.raft.RaftUniquenessProvider
 import net.corda.testing.core.SerializationEnvironmentRule
 import net.corda.testing.core.TestIdentity
 import net.corda.testing.core.generateStateRef
 import net.corda.testing.internal.LogHelper
 import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.testing.internal.configureDatabase
+import net.corda.testing.internal.configureTestSSL
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import net.corda.testing.node.TestClock
 import org.junit.After
@@ -39,7 +45,8 @@ class UniquenessProviderTests(
         @JvmStatic
         @Parameterized.Parameters(name = "{0}")
         fun data(): Collection<UniquenessProviderFactory> = listOf(
-                PersistentUniquenessProviderFactory()
+                PersistentUniquenessProviderFactory(),
+                RaftUniquenessProviderFactory()
         )
     }
 
@@ -152,11 +159,16 @@ class UniquenessProviderTests(
                 .get()
         assertEquals(UniquenessProvider.Result.Success, result)
 
-        // Idempotency: can re-notarise successfully.
-        testClock.advanceBy(90.minutes)
-        val result2 = uniquenessProvider.commit(emptyList(), firstTxId, identity, requestSignature, timeWindow, references = listOf(referenceState))
+        // The reference state gets consumed.
+        val result2 = uniquenessProvider.commit(listOf(referenceState), SecureHash.randomSHA256(), identity, requestSignature, timeWindow)
                 .get()
         assertEquals(UniquenessProvider.Result.Success, result2)
+
+        // Idempotency: can re-notarise successfully.
+        testClock.advanceBy(90.minutes)
+        val result3 = uniquenessProvider.commit(emptyList(), firstTxId, identity, requestSignature, timeWindow, references = listOf(referenceState))
+                .get()
+        assertEquals(UniquenessProvider.Result.Success, result3)
     }
 
     @Test
@@ -389,3 +401,34 @@ class PersistentUniquenessProviderFactory : UniquenessProviderFactory {
         database?.close()
     }
 }
+
+class RaftUniquenessProviderFactory : UniquenessProviderFactory {
+    private var database: CordaPersistence? = null
+    private var provider: RaftUniquenessProvider? = null
+
+    override fun create(clock: Clock): UniquenessProvider {
+        database?.close()
+        database = configureDatabase(makeTestDataSourceProperties(), DatabaseConfig(), { null }, { null }, NodeSchemaService(extraSchemas = setOf(RaftNotarySchemaV1)))
+
+        val testSSL = configureTestSSL(CordaX500Name("Raft", "London", "GB"))
+        val raftNodePort = 10987
+
+        return RaftUniquenessProvider(
+                null,
+                testSSL,
+                database!!,
+                clock,
+                MetricRegistry(),
+                TestingNamedCacheFactory(),
+                RaftConfig(NetworkHostAndPort("localhost", raftNodePort), emptyList())
+        ).apply {
+            start()
+            provider = this
+        }
+    }
+
+    override fun cleanUp() {
+        provider?.stop()
+        database?.close()
+    }
+}
diff --git a/node/src/test/kotlin/net/corda/node/services/vault/ExternalIdMappingTest.kt b/node/src/test/kotlin/net/corda/node/services/vault/ExternalIdMappingTest.kt
index 8a487ac56b..ec74b820b9 100644
--- a/node/src/test/kotlin/net/corda/node/services/vault/ExternalIdMappingTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/vault/ExternalIdMappingTest.kt
@@ -1,6 +1,7 @@
 package net.corda.node.services.vault
 
 import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.mock
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.identity.AbstractParty
 import net.corda.core.identity.AnonymousParty
@@ -46,7 +47,7 @@ class ExternalIdMappingTest {
     fun setUp() {
         val (db, mockServices) = MockServices.makeTestDatabaseAndMockServices(
                 cordappPackages = cordapps,
-                identityService = rigorousMock<IdentityServiceInternal>().also {
+                identityService = mock<IdentityServiceInternal>().also {
                     doReturn(notary.party).whenever(it).partyFromKey(notary.publicKey)
                     doReturn(notary.party).whenever(it).wellKnownPartyFromAnonymous(notary.party)
                     doReturn(notary.party).whenever(it).wellKnownPartyFromX500Name(notary.name)
diff --git a/node/src/test/kotlin/net/corda/node/services/vault/NodeVaultServiceTest.kt b/node/src/test/kotlin/net/corda/node/services/vault/NodeVaultServiceTest.kt
index 305f079449..18b8dd7853 100644
--- a/node/src/test/kotlin/net/corda/node/services/vault/NodeVaultServiceTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/vault/NodeVaultServiceTest.kt
@@ -1,10 +1,7 @@
 package net.corda.node.services.vault
 
 import co.paralleluniverse.fibers.Suspendable
-import com.nhaarman.mockito_kotlin.any
-import com.nhaarman.mockito_kotlin.argThat
-import com.nhaarman.mockito_kotlin.doNothing
-import com.nhaarman.mockito_kotlin.whenever
+import com.nhaarman.mockito_kotlin.*
 import net.corda.core.contracts.*
 import net.corda.core.crypto.NullKeys
 import net.corda.core.crypto.generateKeyPair
@@ -35,16 +32,12 @@ import net.corda.testing.contracts.DummyContract
 import net.corda.testing.contracts.DummyState
 import net.corda.testing.core.*
 import net.corda.testing.internal.LogHelper
-import net.corda.testing.internal.rigorousMock
 import net.corda.testing.internal.vault.*
 import net.corda.testing.node.MockServices
 import net.corda.testing.node.makeTestIdentityService
 import org.assertj.core.api.Assertions.assertThat
 import org.assertj.core.api.Assertions.assertThatExceptionOfType
-import org.junit.After
-import org.junit.Before
-import org.junit.Rule
-import org.junit.Test
+import org.junit.*
 import rx.observers.TestSubscriber
 import java.math.BigDecimal
 import java.util.*
@@ -103,8 +96,8 @@ class NodeVaultServiceTest {
         vaultFiller = VaultFiller(services, dummyNotary)
         // This is safe because MockServices only ever have a single identity
         identity = services.myInfo.singleIdentityAndCert()
-        issuerServices = MockServices(cordappPackages, dummyCashIssuer, rigorousMock<IdentityService>(), parameters)
-        bocServices = MockServices(cordappPackages, bankOfCorda, rigorousMock<IdentityService>(), parameters)
+        issuerServices = MockServices(cordappPackages, dummyCashIssuer, mock<IdentityService>(), parameters)
+        bocServices = MockServices(cordappPackages, bankOfCorda, mock<IdentityService>(), parameters)
         services.identityService.verifyAndRegisterIdentity(DUMMY_CASH_ISSUER_IDENTITY)
         services.identityService.verifyAndRegisterIdentity(BOC_IDENTITY)
     }
@@ -133,10 +126,10 @@ class NodeVaultServiceTest {
         return tryLockFungibleStatesForSpending(lockId, baseCriteria, amount, Cash.State::class.java)
     }
 
+    class FungibleFoo(override val amount: Amount<Currency>, override val participants: List<AbstractParty>) : FungibleState<Currency>
     @Test
     fun `fungible state selection test`() {
         val issuerParty = services.myInfo.legalIdentities.first()
-        class FungibleFoo(override val amount: Amount<Currency>, override val participants: List<AbstractParty>) : FungibleState<Currency>
         val fungibleFoo = FungibleFoo(100.DOLLARS, listOf(issuerParty))
         services.apply {
             val tx = signInitialTransaction(TransactionBuilder(DUMMY_NOTARY).apply {
@@ -182,7 +175,7 @@ class NodeVaultServiceTest {
             assertThat(w1).hasSize(3)
 
             val originalVault = vaultService
-            val services2 = object : MockServices(emptyList(), MEGA_CORP.name, rigorousMock()) {
+            val services2 = object : MockServices(emptyList(), MEGA_CORP.name, mock()) {
                 override val vaultService: NodeVaultService get() = originalVault
                 override fun recordTransactions(statesToRecord: StatesToRecord, txs: Iterable<SignedTransaction>) {
                     for (stx in txs) {
@@ -525,7 +518,7 @@ class NodeVaultServiceTest {
 
     @Test
     fun addNoteToTransaction() {
-        val megaCorpServices = MockServices(cordappPackages, MEGA_CORP.name, rigorousMock(), MEGA_CORP_KEY)
+        val megaCorpServices = MockServices(cordappPackages, MEGA_CORP.name, mock(), MEGA_CORP_KEY)
         database.transaction {
             val freshKey = identity.owningKey
 
@@ -631,7 +624,7 @@ class NodeVaultServiceTest {
         val identity = services.myInfo.singleIdentityAndCert()
         assertEquals(services.identityService.partyFromKey(identity.owningKey), identity.party)
         val anonymousIdentity = services.keyManagementService.freshKeyAndCert(identity, false)
-        val thirdPartyServices = MockServices(emptyList(), MEGA_CORP.name, rigorousMock<IdentityServiceInternal>().also {
+        val thirdPartyServices = MockServices(emptyList(), MEGA_CORP.name, mock<IdentityServiceInternal>().also {
             doNothing().whenever(it).justVerifyAndRegisterIdentity(argThat { name == MEGA_CORP.name }, any())
         })
         val thirdPartyIdentity = thirdPartyServices.keyManagementService.freshKeyAndCert(thirdPartyServices.myInfo.singleIdentityAndCert(), false)
@@ -650,7 +643,7 @@ class NodeVaultServiceTest {
         // Change notary
         services.identityService.verifyAndRegisterIdentity(DUMMY_NOTARY_IDENTITY)
         val newNotary = DUMMY_NOTARY
-        val changeNotaryTx = NotaryChangeTransactionBuilder(listOf(initialCashState.ref), issueStx.notary!!, newNotary, services.networkParametersStorage.currentHash).build()
+        val changeNotaryTx = NotaryChangeTransactionBuilder(listOf(initialCashState.ref), issueStx.notary!!, newNotary, services.networkParametersService.currentHash).build()
         val cashStateWithNewNotary = StateAndRef(initialCashState.state.copy(notary = newNotary), StateRef(changeNotaryTx.id, 0))
 
         database.transaction {
@@ -861,4 +854,43 @@ class NodeVaultServiceTest {
             vaultService.queryBy<DummyDealContract.State>().states.size
         })
     }
+
+    @Test
+    @Ignore
+    fun `trackByCriteria filters updates and snapshots`() {
+        /*
+         * This test is ignored as the functionality it tests is not yet implemented - see CORDA-2389
+         */
+        fun addCashToVault() {
+            database.transaction {
+                vaultFiller.fillWithSomeTestCash(100.DOLLARS, issuerServices, 1, DUMMY_CASH_ISSUER)
+            }
+        }
+
+        fun addDummyToVault() {
+            database.transaction {
+                vaultFiller.fillWithDummyState()
+            }
+        }
+        addCashToVault()
+        addDummyToVault()
+        val criteria = VaultQueryCriteria(contractStateTypes = setOf(Cash.State::class.java))
+        val data = vaultService.trackBy<ContractState>(criteria)
+        for (state in data.snapshot.states) {
+            assertEquals(Cash.PROGRAM_ID, state.state.contract)
+        }
+
+        val allCash = data.updates.all {
+            it.produced.all {
+                it.state.contract == Cash.PROGRAM_ID
+            }
+        }
+
+        addCashToVault()
+        addDummyToVault()
+        addCashToVault()
+        allCash.subscribe {
+            assertTrue(it)
+        }
+    }
 }
diff --git a/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryExceptionsTests.kt b/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryExceptionsTests.kt
index 7615755807..b77da36fcf 100644
--- a/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryExceptionsTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryExceptionsTests.kt
@@ -6,7 +6,7 @@ import net.corda.core.node.services.vault.*
 import net.corda.core.node.services.vault.QueryCriteria.*
 import net.corda.finance.*
 import net.corda.finance.contracts.asset.Cash
-import net.corda.finance.schemas.test.SampleCashSchemaV3
+import net.corda.finance.test.SampleCashSchemaV3
 import net.corda.testing.core.*
 import net.corda.testing.internal.vault.DummyLinearStateSchemaV1
 import org.assertj.core.api.Assertions.assertThatThrownBy
diff --git a/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt b/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt
index 19a1cf94ed..5d48696e2a 100644
--- a/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt
@@ -1,5 +1,6 @@
 package net.corda.node.services.vault
 
+import com.nhaarman.mockito_kotlin.mock
 import net.corda.core.contracts.*
 import net.corda.core.crypto.*
 import net.corda.core.identity.AbstractParty
@@ -22,8 +23,8 @@ import net.corda.finance.contracts.asset.AbstractCashSelection
 import net.corda.finance.schemas.CashSchemaV1
 import net.corda.finance.schemas.CashSchemaV1.PersistentCashState
 import net.corda.finance.schemas.CommercialPaperSchemaV1
-import net.corda.finance.schemas.test.SampleCashSchemaV2
-import net.corda.finance.schemas.test.SampleCashSchemaV3
+import net.corda.finance.test.SampleCashSchemaV2
+import net.corda.finance.test.SampleCashSchemaV3
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.nodeapi.internal.persistence.DatabaseTransaction
@@ -141,7 +142,7 @@ open class VaultQueryTestRule : ExternalResource(), VaultQueryParties {
         services = databaseAndServices.second
         vaultFiller = VaultFiller(services, dummyNotary)
         vaultFillerCashNotary = VaultFiller(services, dummyNotary, CASH_NOTARY)
-        notaryServices = MockServices(cordappPackages, dummyNotary, rigorousMock(), dummyCashIssuer.keyPair, BOC_KEY, MEGA_CORP_KEY)
+        notaryServices = MockServices(cordappPackages, dummyNotary, mock(), dummyCashIssuer.keyPair, BOC_KEY, MEGA_CORP_KEY)
         identitySvc = services.identityService
         // Register all of the identities we're going to use
         (notaryServices.myInfo.legalIdentitiesAndCerts + BOC_IDENTITY + CASH_NOTARY_IDENTITY + MINI_CORP_IDENTITY + MEGA_CORP_IDENTITY).forEach { identity ->
@@ -1907,15 +1908,15 @@ abstract class VaultQueryTestsBase : VaultQueryParties {
     fun `unconsumed fungible assets for selected issuer parties`() {
         // GBP issuer
         val gbpCashIssuerName = CordaX500Name(organisation = "British Pounds Cash Issuer", locality = "London", country = "GB")
-        val gbpCashIssuerServices = MockServices(cordappPackages, gbpCashIssuerName, rigorousMock(), generateKeyPair())
+        val gbpCashIssuerServices = MockServices(cordappPackages, gbpCashIssuerName, mock(), generateKeyPair())
         val gbpCashIssuer = gbpCashIssuerServices.myInfo.singleIdentityAndCert()
         // USD issuer
         val usdCashIssuerName = CordaX500Name(organisation = "US Dollars Cash Issuer", locality = "New York", country = "US")
-        val usdCashIssuerServices = MockServices(cordappPackages, usdCashIssuerName, rigorousMock(), generateKeyPair())
+        val usdCashIssuerServices = MockServices(cordappPackages, usdCashIssuerName, mock(), generateKeyPair())
         val usdCashIssuer = usdCashIssuerServices.myInfo.singleIdentityAndCert()
         // CHF issuer
         val chfCashIssuerName = CordaX500Name(organisation = "Swiss Francs Cash Issuer", locality = "Zurich", country = "CH")
-        val chfCashIssuerServices = MockServices(cordappPackages, chfCashIssuerName, rigorousMock(), generateKeyPair())
+        val chfCashIssuerServices = MockServices(cordappPackages, chfCashIssuerName, mock(), generateKeyPair())
         val chfCashIssuer = chfCashIssuerServices.myInfo.singleIdentityAndCert()
         listOf(gbpCashIssuer, usdCashIssuer, chfCashIssuer).forEach { identity ->
             services.identityService.verifyAndRegisterIdentity(identity)
diff --git a/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt b/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt
index 218fefd925..184993c947 100644
--- a/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt
@@ -20,6 +20,7 @@ import net.corda.core.utilities.NonEmptySet
 import net.corda.core.utilities.OpaqueBytes
 import net.corda.core.utilities.getOrThrow
 import net.corda.core.utilities.unwrap
+import net.corda.node.cordapp.CordappLoader
 import net.corda.node.services.api.VaultServiceInternal
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.testing.core.singleIdentity
@@ -82,9 +83,10 @@ class VaultSoftLockManagerTest {
         object : InternalMockNetwork.MockNode(args) {
             override fun makeVaultService(keyManagementService: KeyManagementService,
                                           services: ServicesForResolution,
-                                          database: CordaPersistence): VaultServiceInternal {
+                                          database: CordaPersistence,
+                                          cordappLoader: CordappLoader): VaultServiceInternal {
                 val node = this
-                val realVault = super.makeVaultService(keyManagementService, services, database)
+                val realVault = super.makeVaultService(keyManagementService, services, database, cordappLoader)
                 return object : VaultServiceInternal by realVault {
                     override fun softLockRelease(lockId: UUID, stateRefs: NonEmptySet<StateRef>?) {
                         // Should be called before flow is removed
diff --git a/node/src/test/kotlin/net/corda/node/services/vault/VaultWithCashTest.kt b/node/src/test/kotlin/net/corda/node/services/vault/VaultWithCashTest.kt
index 299b15ddaa..e81b570023 100644
--- a/node/src/test/kotlin/net/corda/node/services/vault/VaultWithCashTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/vault/VaultWithCashTest.kt
@@ -1,5 +1,6 @@
 package net.corda.node.services.vault
 
+import com.nhaarman.mockito_kotlin.mock
 import net.corda.core.contracts.ContractState
 import net.corda.core.contracts.InsufficientBalanceException
 import net.corda.core.contracts.LinearState
@@ -27,7 +28,6 @@ import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.common.internal.addNotary
 import net.corda.testing.core.*
 import net.corda.testing.internal.LogHelper
-import net.corda.testing.internal.rigorousMock
 import net.corda.testing.internal.vault.*
 import net.corda.testing.node.MockServices
 import net.corda.testing.node.MockServices.Companion.makeTestDatabaseAndMockServices
@@ -88,8 +88,8 @@ class VaultWithCashTest {
         vaultFiller = VaultFiller(services, dummyNotary)
 
 
-        issuerServices = MockServices(cordappPackages, dummyCashIssuer, rigorousMock(), networkParameters, MEGA_CORP_KEY)
-        notaryServices = MockServices(cordappPackages, dummyNotary, rigorousMock(), networkParameters)
+        issuerServices = MockServices(cordappPackages, dummyCashIssuer, mock(), networkParameters, MEGA_CORP_KEY)
+        notaryServices = MockServices(cordappPackages, dummyNotary, mock(), networkParameters)
         notary = notaryServices.myInfo.legalIdentitiesAndCerts.single().party
     }
 
@@ -119,7 +119,7 @@ class VaultWithCashTest {
 
     @Test
     fun `issue and spend total correctly and irrelevant ignored`() {
-        val megaCorpServices = MockServices(cordappPackages, MEGA_CORP.name, rigorousMock(), MEGA_CORP_KEY)
+        val megaCorpServices = MockServices(cordappPackages, MEGA_CORP.name, mock(), MEGA_CORP_KEY)
         val freshKey = services.keyManagementService.freshKey()
 
         val usefulTX =
diff --git a/experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTNotaryServiceTests.kt b/node/src/test/kotlin/net/corda/notary/experimental/bftsmart/BFTNotaryServiceTests.kt
similarity index 91%
rename from experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTNotaryServiceTests.kt
rename to node/src/test/kotlin/net/corda/notary/experimental/bftsmart/BFTNotaryServiceTests.kt
index b3571e4f32..fe3298b704 100644
--- a/experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTNotaryServiceTests.kt
+++ b/node/src/test/kotlin/net/corda/notary/experimental/bftsmart/BFTNotaryServiceTests.kt
@@ -1,5 +1,7 @@
-package net.corda.notary.bftsmart
+package net.corda.notary.experimental.bftsmart
 
+import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.contracts.AlwaysAcceptAttachmentConstraint
 import net.corda.core.contracts.ContractState
 import net.corda.core.contracts.StateRef
@@ -19,21 +21,23 @@ import net.corda.core.utilities.NetworkHostAndPort
 import net.corda.core.utilities.Try
 import net.corda.core.utilities.getOrThrow
 import net.corda.core.utilities.seconds
+import net.corda.node.services.config.NotaryConfig
 import net.corda.nodeapi.internal.DevIdentityGenerator
-import net.corda.nodeapi.internal.config.toConfig
 import net.corda.nodeapi.internal.network.NetworkParametersCopier
+import net.corda.notary.experimental.bftsmart.BFTSmartConfig
+import net.corda.notary.experimental.bftsmart.minClusterSize
+import net.corda.notary.experimental.bftsmart.minCorrectReplicas
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.contracts.DummyContract
 import net.corda.testing.core.dummyCommand
 import net.corda.testing.core.singleIdentity
-import net.corda.testing.node.MockNetNotaryConfig
-import net.corda.testing.node.MockNodeConfigOverrides
 import net.corda.testing.node.TestClock
 import net.corda.testing.node.internal.*
 import org.hamcrest.Matchers.instanceOf
 import org.junit.AfterClass
 import org.junit.Assert.assertThat
 import org.junit.BeforeClass
+import org.junit.Ignore
 import org.junit.Test
 import java.nio.file.Paths
 import java.time.Duration
@@ -45,6 +49,8 @@ import kotlin.test.assertEquals
 import kotlin.test.assertFailsWith
 import kotlin.test.assertTrue
 
+// This test is excluded from CI due to the experimental nature of the BFT notary
+@Ignore
 class BFTNotaryServiceTests {
     companion object {
         private lateinit var mockNet: InternalMockNetwork
@@ -54,7 +60,7 @@ class BFTNotaryServiceTests {
         @BeforeClass
         @JvmStatic
         fun before() {
-            mockNet = InternalMockNetwork(cordappsForAllNodes = cordappsForPackages("net.corda.testing.contracts", "net.corda.notary.bftsmart"))
+            mockNet = InternalMockNetwork(cordappsForAllNodes = cordappsForPackages("net.corda.testing.contracts"))
             val clusterSize = minClusterSize(1)
             val started = startBftClusterAndNode(clusterSize, mockNet)
             notary = started.first
@@ -80,12 +86,15 @@ class BFTNotaryServiceTests {
             val clusterAddresses = replicaIds.map { NetworkHostAndPort("localhost", 11000 + it * 10) }
 
             val nodes = replicaIds.map { replicaId ->
-                mockNet.createUnstartedNode(InternalMockNodeParameters(configOverrides = MockNodeConfigOverrides(notary = MockNetNotaryConfig(
+                mockNet.createUnstartedNode(InternalMockNodeParameters(configOverrides = {
+                    val notary = NotaryConfig(
                             validating = false,
-                            extraConfig = BFTSMaRtConfiguration(replicaId, clusterAddresses, exposeRaces = exposeRaces).toConfig(),
-                            className = "net.corda.notary.bftsmart.BftSmartNotaryService",
+                            bftSMaRt = BFTSmartConfig(replicaId, clusterAddresses, exposeRaces = exposeRaces),
                             serviceLegalName = serviceLegalName
-                ))))
+                    )
+                    doReturn(notary).whenever(it).notary
+                }))
+
             } + mockNet.createUnstartedNode()
 
             // MockNetwork doesn't support BFT clusters, so we create all the nodes we need unstarted, and then install the
diff --git a/experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfigTests.kt b/node/src/test/kotlin/net/corda/notary/experimental/bftsmart/BFTSmartConfigTests.kt
similarity index 72%
rename from experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfigTests.kt
rename to node/src/test/kotlin/net/corda/notary/experimental/bftsmart/BFTSmartConfigTests.kt
index cdf5364b83..c077312ccf 100644
--- a/experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfigTests.kt
+++ b/node/src/test/kotlin/net/corda/notary/experimental/bftsmart/BFTSmartConfigTests.kt
@@ -1,12 +1,16 @@
-package net.corda.notary.bftsmart
+package net.corda.notary.experimental.bftsmart
 
 import net.corda.core.utilities.NetworkHostAndPort
-import net.corda.notary.bftsmart.BFTSMaRtConfig.Companion.portIsClaimedFormat
+import net.corda.notary.experimental.bftsmart.BFTSmartConfigInternal
+import net.corda.notary.experimental.bftsmart.BFTSmartConfigInternal.Companion.portIsClaimedFormat
+import net.corda.notary.experimental.bftsmart.maxFaultyReplicas
+import net.corda.notary.experimental.bftsmart.minClusterSize
+import net.corda.notary.experimental.bftsmart.minCorrectReplicas
 import org.assertj.core.api.Assertions.assertThatThrownBy
 import org.junit.Test
 import kotlin.test.assertEquals
 
-class BFTSMaRtConfigTests {
+class BFTSmartConfigTests {
     @Test
     fun `replica arithmetic`() {
         (1..20).forEach { n ->
@@ -28,7 +32,7 @@ class BFTSMaRtConfigTests {
 
     @Test
     fun `overlapping port ranges are rejected`() {
-        fun config(vararg ports: Int) = BFTSMaRtConfig(ports.map { NetworkHostAndPort("localhost", it) }, false, false)
+        fun config(vararg ports: Int) = BFTSmartConfigInternal(ports.map { NetworkHostAndPort("localhost", it) }, false, false)
         assertThatThrownBy { config(11000, 11001).use {} }
                 .isInstanceOf(IllegalArgumentException::class.java)
                 .hasMessage(portIsClaimedFormat.format("localhost:11001", setOf("localhost:11000", "localhost:11001")))
diff --git a/experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftNotaryServiceTests.kt b/node/src/test/kotlin/net/corda/notary/experimental/raft/RaftNotaryServiceTests.kt
similarity index 98%
rename from experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftNotaryServiceTests.kt
rename to node/src/test/kotlin/net/corda/notary/experimental/raft/RaftNotaryServiceTests.kt
index d9a388cea7..d0454487a5 100644
--- a/experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftNotaryServiceTests.kt
+++ b/node/src/test/kotlin/net/corda/notary/experimental/raft/RaftNotaryServiceTests.kt
@@ -1,4 +1,4 @@
-package net.corda.notary.raft
+package net.corda.notary.experimental.raft
 
 import net.corda.core.contracts.StateAndRef
 import net.corda.core.contracts.StateRef
diff --git a/experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftTransactionCommitLogTests.kt b/node/src/test/kotlin/net/corda/notary/experimental/raft/RaftTransactionCommitLogTests.kt
similarity index 98%
rename from experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftTransactionCommitLogTests.kt
rename to node/src/test/kotlin/net/corda/notary/experimental/raft/RaftTransactionCommitLogTests.kt
index ee8edaea98..b61f1d3d85 100644
--- a/experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftTransactionCommitLogTests.kt
+++ b/node/src/test/kotlin/net/corda/notary/experimental/raft/RaftTransactionCommitLogTests.kt
@@ -1,4 +1,4 @@
-package net.corda.notary.raft
+package net.corda.notary.experimental.raft
 
 import io.atomix.catalyst.transport.Address
 import io.atomix.copycat.client.ConnectionStrategies
@@ -17,6 +17,7 @@ import net.corda.core.utilities.getOrThrow
 import net.corda.node.services.schema.NodeSchemaService
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
+import net.corda.notary.experimental.raft.RaftNotarySchemaV1
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.SerializationEnvironmentRule
 import net.corda.testing.driver.internal.incrementalPortAllocation
diff --git a/node/src/test/resources/isolated.jar b/node/src/test/resources/isolated.jar
new file mode 100644
index 0000000000..8026639a7e
Binary files /dev/null and b/node/src/test/resources/isolated.jar differ
diff --git a/node/src/test/resources/net/corda/node/internal/cordapp/isolated.jar b/node/src/test/resources/net/corda/node/internal/cordapp/isolated.jar
deleted file mode 100644
index 408e70145d..0000000000
Binary files a/node/src/test/resources/net/corda/node/internal/cordapp/isolated.jar and /dev/null differ
diff --git a/node/src/test/resources/net/corda/notary/experimental/bftsmart/system.config.printf b/node/src/test/resources/net/corda/notary/experimental/bftsmart/system.config.printf
new file mode 100644
index 0000000000..f8724f81f9
--- /dev/null
+++ b/node/src/test/resources/net/corda/notary/experimental/bftsmart/system.config.printf
@@ -0,0 +1,118 @@
+# Copyright (c) 2007-2013 Alysson Bessani, Eduardo Alchieri, Paulo Sousa, and the authors indicated in the @author tags
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+############################################
+####### Communication Configurations #######
+############################################
+
+#HMAC algorithm used to authenticate messages between processes (HmacMD5 is the default value)
+#This parameter is not currently being used being used
+#system.authentication.hmacAlgorithm = HmacSHA1
+
+#Specify if the communication system should use a thread to send data (true or false)
+system.communication.useSenderThread = true
+
+#Force all processes to use the same public/private keys pair and secret key. This is useful when deploying experiments
+#and benchmarks, but must not be used in production systems.
+system.communication.defaultkeys = true
+
+############################################
+### Replication Algorithm Configurations ###
+############################################
+
+#Number of servers in the group
+system.servers.num = %s
+
+#Maximum number of faulty replicas
+system.servers.f = %s
+
+#Timeout to asking for a client request
+system.totalordermulticast.timeout = 2000
+
+
+#Maximum batch size (in number of messages)
+system.totalordermulticast.maxbatchsize = 400
+
+#Number of nonces (for non-determinism actions) generated
+system.totalordermulticast.nonces = 10
+
+#if verification of leader-generated timestamps are increasing
+#it can only be used on systems in which the network clocks
+#are synchronized
+system.totalordermulticast.verifyTimestamps = false
+
+#Quantity of messages that can be stored in the receive queue of the communication system
+system.communication.inQueueSize = 500000
+
+# Quantity of messages that can be stored in the send queue of each replica
+system.communication.outQueueSize = 500000
+
+#Set to 1 if SMaRt should use signatures, set to 0 if otherwise
+system.communication.useSignatures = 0
+
+#Set to 1 if SMaRt should use MAC's, set to 0 if otherwise
+system.communication.useMACs = 1
+
+#Set to 1 if SMaRt should use the standard output to display debug messages, set to 0 if otherwise
+system.debug = %s
+
+#Print information about the replica when it is shutdown
+system.shutdownhook = true
+
+############################################
+###### State Transfer Configurations #######
+############################################
+
+#Activate the state transfer protocol ('true' to activate, 'false' to de-activate)
+system.totalordermulticast.state_transfer = false
+
+#Maximum ahead-of-time message not discarded
+system.totalordermulticast.highMark = 10000
+
+#Maximum ahead-of-time message not discarded when the replica is still on EID 0 (after which the state transfer is triggered)
+system.totalordermulticast.revival_highMark = 10
+
+#Number of ahead-of-time messages necessary to trigger the state transfer after a request timeout occurs
+system.totalordermulticast.timeout_highMark = 200
+
+############################################
+###### Log and Checkpoint Configurations ###
+############################################
+
+system.totalordermulticast.log = false
+system.totalordermulticast.log_parallel = false
+system.totalordermulticast.log_to_disk = false
+system.totalordermulticast.sync_log = false
+
+#Period at which BFT-SMaRt requests the state to the application (for the state transfer state protocol)
+system.totalordermulticast.checkpoint_period = 1
+system.totalordermulticast.global_checkpoint_period = 1
+
+system.totalordermulticast.checkpoint_to_disk = false
+system.totalordermulticast.sync_ckp = false
+
+
+############################################
+###### Reconfiguration Configurations ######
+############################################
+
+#Replicas ID for the initial view, separated by a comma.
+# The number of replicas in this parameter should be equal to that specified in 'system.servers.num'
+system.initial.view = %s
+
+#The ID of the trust third party (TTP)
+system.ttp.id = 7002
+
+#This sets if the system will function in Byzantine or crash-only mode. Set to "true" to support Byzantine faults
+system.bft = true
diff --git a/samples/attachment-demo/src/integration-test/kotlin/net/corda/attachmentdemo/AttachmentDemoTest.kt b/samples/attachment-demo/src/integration-test/kotlin/net/corda/attachmentdemo/AttachmentDemoTest.kt
index 053957b81d..98aef3eebd 100644
--- a/samples/attachment-demo/src/integration-test/kotlin/net/corda/attachmentdemo/AttachmentDemoTest.kt
+++ b/samples/attachment-demo/src/integration-test/kotlin/net/corda/attachmentdemo/AttachmentDemoTest.kt
@@ -23,7 +23,7 @@ class AttachmentDemoTest {
                     startNode(providedName = DUMMY_BANK_A_NAME, rpcUsers = demoUser, maximumHeapSize = "1g"),
                     startNode(providedName = DUMMY_BANK_B_NAME, rpcUsers = demoUser, maximumHeapSize = "1g")
             ).map { it.getOrThrow() }
-            val webserverHandle = startWebserver(nodeB).getOrThrow()
+            val webserverHandle = startWebserver(nodeB, "1g").getOrThrow()
 
             val senderThread = supplyAsync {
                 CordaRPCClient(nodeA.rpcAddress).start(demoUser[0].username, demoUser[0].password).use {
diff --git a/samples/bank-of-corda-demo/build.gradle b/samples/bank-of-corda-demo/build.gradle
index e2d1533d01..52bc2be8e2 100644
--- a/samples/bank-of-corda-demo/build.gradle
+++ b/samples/bank-of-corda-demo/build.gradle
@@ -11,6 +11,7 @@ dependencies {
     // The bank of corda CorDapp depends upon Cash CorDapp features
     cordapp project(':finance:contracts')
     cordapp project(':finance:workflows')
+    cordapp project(':confidential-identities')
 
     // Corda integration dependencies
     cordaRuntime project(path: ":node:capsule", configuration: 'runtimeArtifacts')
@@ -37,6 +38,7 @@ task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask,
     nodeDefaults {
         cordapp project(':finance:workflows')
         cordapp project(':finance:contracts')
+        cordapp project(':confidential-identities')
     }
     node {
         name "O=Notary Service,L=Zurich,C=CH"
diff --git a/samples/irs-demo/cordapp/src/main/kotlin/net/corda/irs/flows/FixingFlow.kt b/samples/irs-demo/cordapp/src/main/kotlin/net/corda/irs/flows/FixingFlow.kt
index 2ac6cb1bcf..e074ae3ed9 100644
--- a/samples/irs-demo/cordapp/src/main/kotlin/net/corda/irs/flows/FixingFlow.kt
+++ b/samples/irs-demo/cordapp/src/main/kotlin/net/corda/irs/flows/FixingFlow.kt
@@ -63,7 +63,7 @@ object FixingFlow {
 
                     // We set the transaction's time-window: it may be that none of the contracts need this!
                     // But it can't hurt to have one.
-                    ptx.setTimeWindow(serviceHub.clock.instant(), 30.seconds)
+                    ptx.setTimeWindow(serviceHub.clock.instant(), 60.seconds)
                 }
 
                 @Suspendable
diff --git a/samples/irs-demo/cordapp/src/test/kotlin/net/corda/irs/api/OracleNodeTearOffTests.kt b/samples/irs-demo/cordapp/src/test/kotlin/net/corda/irs/api/OracleNodeTearOffTests.kt
index e77a092913..93ccb99ff6 100644
--- a/samples/irs-demo/cordapp/src/test/kotlin/net/corda/irs/api/OracleNodeTearOffTests.kt
+++ b/samples/irs-demo/cordapp/src/test/kotlin/net/corda/irs/api/OracleNodeTearOffTests.kt
@@ -68,7 +68,7 @@ class OracleNodeTearOffTests {
         mockNet.stopNodes()
     }
 
-    // DOCSTART 2
+    // DOCSTART 1
     @Test
     fun `verify that the oracle signs the transaction if the interest rate within allowed limit`() {
         // Create a partial transaction
@@ -93,7 +93,7 @@ class OracleNodeTearOffTests {
         // Check that the transaction has been signed by the oracle
         assertContains(fix.signers, oracle.owningKey)
     }
-    // DOCEND 2
+    // DOCEND 1
 
     @Test
     fun `verify that the oracle rejects the transaction if the interest rate is outside the allowed limit`() {
diff --git a/samples/irs-demo/cordapp/src/test/kotlin/net/corda/irs/contract/IRSTests.kt b/samples/irs-demo/cordapp/src/test/kotlin/net/corda/irs/contract/IRSTests.kt
index a1de14fd7b..93ee0483a6 100644
--- a/samples/irs-demo/cordapp/src/test/kotlin/net/corda/irs/contract/IRSTests.kt
+++ b/samples/irs-demo/cordapp/src/test/kotlin/net/corda/irs/contract/IRSTests.kt
@@ -1,6 +1,7 @@
 package net.corda.irs.contract
 
 import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.mock
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.contracts.Amount
 import net.corda.core.contracts.UniqueIdentifier
@@ -20,7 +21,6 @@ import net.corda.testing.core.DUMMY_NOTARY_NAME
 import net.corda.testing.core.SerializationEnvironmentRule
 import net.corda.testing.core.TestIdentity
 import net.corda.testing.dsl.*
-import net.corda.testing.internal.rigorousMock
 import net.corda.testing.node.MockServices
 import net.corda.testing.node.ledger
 import net.corda.testing.node.transaction
@@ -228,13 +228,13 @@ class IRSTests {
     val testSerialization = SerializationEnvironmentRule()
     private val cordappPackages = listOf("net.corda.irs.contract")
     private val networkParameters = testNetworkParameters().addNotary(dummyNotary.party)
-    private val megaCorpServices = MockServices(cordappPackages, megaCorp, rigorousMock(), networkParameters, megaCorp.keyPair)
-    private val miniCorpServices = MockServices(cordappPackages, miniCorp, rigorousMock(), networkParameters,  miniCorp.keyPair)
-    private val notaryServices = MockServices(cordappPackages, dummyNotary, rigorousMock(), networkParameters, dummyNotary.keyPair)
+    private val megaCorpServices = MockServices(cordappPackages, megaCorp, mock(), networkParameters, megaCorp.keyPair)
+    private val miniCorpServices = MockServices(cordappPackages, miniCorp, mock(), networkParameters,  miniCorp.keyPair)
+    private val notaryServices = MockServices(cordappPackages, dummyNotary, mock(), networkParameters, dummyNotary.keyPair)
     private val ledgerServices = MockServices(
             emptyList(),
             megaCorp,
-            rigorousMock<IdentityServiceInternal>().also {
+            mock<IdentityServiceInternal>().also {
                 doReturn(megaCorp.party).whenever(it).partyFromKey(megaCorp.publicKey)
                 doReturn(null).whenever(it).partyFromKey(ORACLE_PUBKEY)
             },
@@ -336,7 +336,7 @@ class IRSTests {
     @Test
     fun generateIRSandFixSome() {
         val services = MockServices(listOf("net.corda.irs.contract"), MEGA_CORP.name,
-                rigorousMock<IdentityServiceInternal>().also {
+                mock<IdentityServiceInternal>().also {
                     listOf(MEGA_CORP, MINI_CORP).forEach { party ->
                         doReturn(party).whenever(it).partyFromKey(party.owningKey)
                     }
diff --git a/samples/irs-demo/src/integration-test/kotlin/net/corda/irs/IRSDemoTest.kt b/samples/irs-demo/src/integration-test/kotlin/net/corda/irs/IRSDemoTest.kt
index 854014a863..08a62e2ca1 100644
--- a/samples/irs-demo/src/integration-test/kotlin/net/corda/irs/IRSDemoTest.kt
+++ b/samples/irs-demo/src/integration-test/kotlin/net/corda/irs/IRSDemoTest.kt
@@ -33,6 +33,7 @@ import net.corda.testing.node.NotarySpec
 import net.corda.testing.node.User
 import org.apache.commons.io.IOUtils
 import org.assertj.core.api.Assertions.assertThat
+import org.junit.Ignore
 import org.junit.Test
 import rx.Observable
 import java.time.Duration
@@ -53,9 +54,9 @@ class IRSDemoTest {
         springDriver(DriverParameters(
                 useTestClock = true,
                 notarySpecs = listOf(NotarySpec(DUMMY_NOTARY_NAME, rpcUsers = rpcUsers)),
-                extraCordappPackagesToScan = listOf("net.corda.irs")
+                extraCordappPackagesToScan = listOf("net.corda.irs", "net.corda.finance", "migration")
         )) {
-            val (controller, nodeA, nodeB) = listOf(
+            val (notary, nodeA, nodeB, controller) = listOf(
                     defaultNotaryNode,
                     startNode(providedName = DUMMY_BANK_A_NAME, rpcUsers = rpcUsers),
                     startNode(providedName = DUMMY_BANK_B_NAME, rpcUsers = rpcUsers),
diff --git a/samples/notary-demo/build.gradle b/samples/notary-demo/build.gradle
index 5435d4fbd8..15447cf4d0 100644
--- a/samples/notary-demo/build.gradle
+++ b/samples/notary-demo/build.gradle
@@ -22,10 +22,6 @@ dependencies {
     cordaCompile project(':client:jfx')
     cordaCompile project(':client:rpc')
     cordaCompile project(':test-utils')
-
-    // Notary implementations
-    cordapp project(':experimental:notary-raft')
-    cordapp project(':experimental:notary-bft-smart')
 }
 
 def nodeTask = tasks.getByPath(':node:capsule:assemble')
@@ -87,11 +83,10 @@ task deployNodesCustom(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
 }
 
 task deployNodesRaft(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
-    def className = "net.corda.notary.raft.RaftNotaryService"
+    def className = ""
     directory file("$buildDir/nodes/nodesRaft")
     nodeDefaults {
         extraConfig = [h2Settings: [address: "localhost:0"]]
-        cordapp project(':experimental:notary-raft')
     }
     node {
         name "O=Alice Corp,L=Madrid,C=ES"
@@ -112,10 +107,9 @@ task deployNodesRaft(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
         notary = [
                 validating: true,
                 serviceLegalName: "O=Raft,L=Zurich,C=CH",
-                extraConfig: [
+                raft: [
                         nodeAddress: "localhost:10008"
-                ],
-                className: className
+                ]
         ]
     }
     node {
@@ -128,11 +122,10 @@ task deployNodesRaft(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
         notary = [
                 validating: true,
                 serviceLegalName: "O=Raft,L=Zurich,C=CH",
-                extraConfig: [
+                raft: [
                         nodeAddress: "localhost:10012",
                         clusterAddresses: ["localhost:10008"]
-                ],
-                className: className
+                ]
         ]
     }
     node {
@@ -145,22 +138,19 @@ task deployNodesRaft(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
         notary = [
                 validating: true,
                 serviceLegalName: "O=Raft,L=Zurich,C=CH",
-                extraConfig: [
+                raft: [
                         nodeAddress: "localhost:10016",
                         clusterAddresses: ["localhost:10008"]
-                ],
-                className: className
+                ]
         ]
     }
 }
 
 task deployNodesBFT(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
     def clusterAddresses = ["localhost:11000", "localhost:11010", "localhost:11020", "localhost:11030"]
-    def className = "net.corda.notary.bftsmart.BftSmartNotaryService"
     directory file("$buildDir/nodes/nodesBFT")
     nodeDefaults {
         extraConfig = [h2Settings: [address: "localhost:0"]]
-        cordapp project(':experimental:notary-bft-smart')
     }
     node {
         name "O=Alice Corp,L=Madrid,C=ES"
@@ -181,11 +171,10 @@ task deployNodesBFT(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
         notary = [
                 validating: false,
                 serviceLegalName: "O=BFT,L=Zurich,C=CH",
-                extraConfig: [
+                bftSMaRt: [
                         replicaId: 0,
                         clusterAddresses: clusterAddresses
-                ],
-                className: className
+                ]
         ]
     }
     node {
@@ -198,11 +187,10 @@ task deployNodesBFT(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
         notary = [
                 validating: false,
                 serviceLegalName: "O=BFT,L=Zurich,C=CH",
-                extraConfig: [
+                bftSMaRt: [
                         replicaId: 1,
                         clusterAddresses: clusterAddresses
-                ],
-                className: className
+                ]
         ]
     }
     node {
@@ -215,11 +203,10 @@ task deployNodesBFT(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
         notary = [
                 validating: false,
                 serviceLegalName: "O=BFT,L=Zurich,C=CH",
-                extraConfig: [
+                bftSMaRt: [
                         replicaId: 2,
                         clusterAddresses: clusterAddresses
-                ],
-                className: className
+                ]
         ]
     }
     node {
@@ -232,11 +219,10 @@ task deployNodesBFT(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
         notary = [
                 validating: false,
                 serviceLegalName: "O=BFT,L=Zurich,C=CH",
-                extraConfig: [
+                bftSMaRt: [
                         replicaId: 3,
                         clusterAddresses: clusterAddresses
-                ],
-                className: className
+                ]
         ]
     }
 }
diff --git a/samples/notary-demo/src/main/kotlin/net/corda/notarydemo/flows/DummyIssueAndMove.kt b/samples/notary-demo/src/main/kotlin/net/corda/notarydemo/flows/DummyIssueAndMove.kt
index 5ea916d51e..a14d5c0768 100644
--- a/samples/notary-demo/src/main/kotlin/net/corda/notarydemo/flows/DummyIssueAndMove.kt
+++ b/samples/notary-demo/src/main/kotlin/net/corda/notarydemo/flows/DummyIssueAndMove.kt
@@ -1,6 +1,7 @@
 package net.corda.notarydemo.flows
 
 import co.paralleluniverse.fibers.Suspendable
+import net.corda.core.contracts.BelongsToContract
 import net.corda.core.contracts.CommandData
 import net.corda.core.contracts.Contract
 import net.corda.core.contracts.ContractState
@@ -24,6 +25,7 @@ class DummyIssueAndMove(private val notary: Party, private val counterpartyNode:
 
     data class DummyCommand(val dummy: Int = 0) : CommandData
 
+    @BelongsToContract(DoNothingContract::class)
     data class State(override val participants: List<AbstractParty>, val discriminator: Int) : ContractState
 
     @Suspendable
diff --git a/samples/simm-valuation-demo/build.gradle b/samples/simm-valuation-demo/build.gradle
index b7db45d7aa..a9708fdebd 100644
--- a/samples/simm-valuation-demo/build.gradle
+++ b/samples/simm-valuation-demo/build.gradle
@@ -33,6 +33,7 @@ dependencies {
     cordapp project(':finance:workflows')
     cordapp project(path: ':samples:simm-valuation-demo:contracts-states', configuration: 'shrinkArtifacts')
     cordapp project(':samples:simm-valuation-demo:flows')
+    cordapp project(':confidential-identities')
 
     // Corda integration dependencies
     cordaRuntime project(path: ":node:capsule", configuration: 'runtimeArtifacts')
@@ -71,6 +72,7 @@ task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask,
         cordapp project(':finance:workflows')
         cordapp project(':samples:simm-valuation-demo:contracts-states')
         cordapp project(':samples:simm-valuation-demo:flows')
+        cordapp project(':confidential-identities')
         rpcUsers = [['username': "default", 'password': "default", 'permissions': [ 'ALL' ]]]
     }
     node {
diff --git a/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/SimmPluginRegistry.kt b/samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/SimmContractsPluginRegistry.kt
similarity index 94%
rename from samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/SimmPluginRegistry.kt
rename to samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/SimmContractsPluginRegistry.kt
index 2c8bc6f473..1e6abdfd0f 100644
--- a/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/SimmPluginRegistry.kt
+++ b/samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/SimmContractsPluginRegistry.kt
@@ -14,7 +14,6 @@ import com.opengamma.strata.market.param.ParameterMetadata
 import net.corda.core.serialization.SerializationWhitelist
 import net.corda.vega.analytics.CordaMarketData
 import net.corda.vega.analytics.InitialMarginTriple
-import net.corda.webserver.services.WebServerPluginRegistry
 
 /**
  * [SimmService] is the object that makes available the flows and services for the Simm agreement / evaluation flow.
@@ -22,7 +21,7 @@ import net.corda.webserver.services.WebServerPluginRegistry
  * It is also the object that enables a human usable web service for demo purpose
  * It is loaded via discovery see [WebServerPluginRegistry].
  */
-class SimmPluginRegistry : SerializationWhitelist {
+class SimmContractsPluginRegistry : SerializationWhitelist {
     override val whitelist = listOf(
             MultiCurrencyAmount::class.java,
             Ordering.natural<Comparable<Any>>().javaClass,
diff --git a/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/customserializers/CurrencyParameterSensitivitiesSerializer.kt b/samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/customserializers/CurrencyParameterSensitivitiesSerializer.kt
similarity index 100%
rename from samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/customserializers/CurrencyParameterSensitivitiesSerializer.kt
rename to samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/customserializers/CurrencyParameterSensitivitiesSerializer.kt
diff --git a/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/customserializers/CurrencyParameterSensitivitySerialiser.kt b/samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/customserializers/CurrencyParameterSensitivitySerialiser.kt
similarity index 100%
rename from samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/customserializers/CurrencyParameterSensitivitySerialiser.kt
rename to samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/customserializers/CurrencyParameterSensitivitySerialiser.kt
diff --git a/samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/customserializers/CurrencySerializer.kt b/samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/customserializers/CurrencySerializer.kt
new file mode 100644
index 0000000000..4b438c08d9
--- /dev/null
+++ b/samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/customserializers/CurrencySerializer.kt
@@ -0,0 +1,30 @@
+package net.corda.vega.plugin.customserializers
+
+import com.opengamma.strata.basics.currency.Currency
+import net.corda.core.serialization.SerializationCustomSerializer
+
+@Suppress("UNUSED")
+class CurrencySerializer : SerializationCustomSerializer<Currency, CurrencySerializer.Proxy> {
+    data class Proxy(val currency: String)
+
+    override fun fromProxy(proxy: Proxy): Currency {
+        return withCurrentClassLoader { Currency.parse(proxy.currency) }
+    }
+    override fun toProxy(obj: Currency) = Proxy(obj.toString())
+
+    /**
+     * The initialization of [Currency] uses the classpath to identify needed resources.
+     * However, it gives priority to the classloader in the thread context over the one this class was loaded with.
+     * See: [com.opengamma.strata.collect.io.ResourceLocator.classLoader]
+     *
+     * This is the reason we temporarily override the class loader in the thread context here, with the classloader of this
+     * class, which is guaranteed to contain everything in the 3rd party library's classpath.
+     */
+    private fun withCurrentClassLoader(serializationFunction: () -> Currency): Currency {
+        val threadClassLoader = Thread.currentThread().contextClassLoader
+        Thread.currentThread().contextClassLoader = this.javaClass.classLoader
+        val result =serializationFunction()
+        Thread.currentThread().contextClassLoader = threadClassLoader
+        return result
+    }
+}
diff --git a/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/customserializers/DoubleArraySerializer.kt b/samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/customserializers/DoubleArraySerializer.kt
similarity index 100%
rename from samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/customserializers/DoubleArraySerializer.kt
rename to samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/customserializers/DoubleArraySerializer.kt
diff --git a/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/customserializers/MultiCurrencyAmountSerializer.kt b/samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/customserializers/MultiCurrencyAmountSerializer.kt
similarity index 100%
rename from samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/customserializers/MultiCurrencyAmountSerializer.kt
rename to samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/customserializers/MultiCurrencyAmountSerializer.kt
diff --git a/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/customserializers/TenorDateParameterMetadataSerializer.kt b/samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/customserializers/TenorDateParameterMetadataSerializer.kt
similarity index 100%
rename from samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/customserializers/TenorDateParameterMetadataSerializer.kt
rename to samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/customserializers/TenorDateParameterMetadataSerializer.kt
diff --git a/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/customserializers/TenorSerializer.kt b/samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/customserializers/TenorSerializer.kt
similarity index 100%
rename from samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/customserializers/TenorSerializer.kt
rename to samples/simm-valuation-demo/contracts-states/src/main/kotlin/net/corda/vega/plugin/customserializers/TenorSerializer.kt
diff --git a/samples/simm-valuation-demo/contracts-states/src/main/resources/META-INF/services/net.corda.core.serialization.SerializationWhitelist b/samples/simm-valuation-demo/contracts-states/src/main/resources/META-INF/services/net.corda.core.serialization.SerializationWhitelist
new file mode 100644
index 0000000000..0076252578
--- /dev/null
+++ b/samples/simm-valuation-demo/contracts-states/src/main/resources/META-INF/services/net.corda.core.serialization.SerializationWhitelist
@@ -0,0 +1 @@
+net.corda.vega.plugin.SimmContractsPluginRegistry
diff --git a/samples/simm-valuation-demo/src/integration-test/kotlin/net/corda/vega/SimmValuationTest.kt b/samples/simm-valuation-demo/src/integration-test/kotlin/net/corda/vega/SimmValuationTest.kt
index 7a3844b5ed..256ba37301 100644
--- a/samples/simm-valuation-demo/src/integration-test/kotlin/net/corda/vega/SimmValuationTest.kt
+++ b/samples/simm-valuation-demo/src/integration-test/kotlin/net/corda/vega/SimmValuationTest.kt
@@ -9,9 +9,13 @@ import net.corda.serialization.internal.amqp.AbstractAMQPSerializationScheme
 import net.corda.testing.common.internal.ProjectStructure.projectRootDir
 import net.corda.testing.core.DUMMY_BANK_A_NAME
 import net.corda.testing.core.DUMMY_BANK_B_NAME
+import net.corda.testing.core.DUMMY_NOTARY_NAME
 import net.corda.testing.driver.DriverParameters
 import net.corda.testing.driver.driver
 import net.corda.testing.http.HttpApi
+import net.corda.testing.node.NotarySpec
+import net.corda.testing.node.internal.FINANCE_CORDAPPS
+import net.corda.testing.node.internal.findCordapp
 import net.corda.vega.api.PortfolioApi
 import net.corda.vega.api.PortfolioApiUtils
 import net.corda.vega.api.SwapDataModel
@@ -20,6 +24,7 @@ import net.corda.vega.plugin.customserializers.CurrencyParameterSensitivitiesSer
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.After
 import org.junit.Before
+import org.junit.Ignore
 import org.junit.Test
 import java.math.BigDecimal
 import java.time.LocalDate
@@ -47,15 +52,16 @@ class SimmValuationTest {
     fun `runs SIMM valuation demo`() {
         val logConfigFile = projectRootDir / "samples" / "simm-valuation-demo" / "src" / "main" / "resources" / "log4j2.xml"
         assertThat(logConfigFile).isRegularFile()
-        driver(DriverParameters(
-                extraCordappPackagesToScan = listOf("net.corda.vega.contracts", "net.corda.vega.plugin.customserializers"),
-                systemProperties = mapOf("log4j.configurationFile" to logConfigFile.toString()))
+        driver(DriverParameters(isDebug = true,
+                cordappsForAllNodes = listOf(findCordapp("net.corda.vega.flows"), findCordapp("net.corda.vega.contracts"), findCordapp("net.corda.confidential")) + FINANCE_CORDAPPS,
+                systemProperties = mapOf("log4j.configurationFile" to logConfigFile.toString()),
+                notarySpecs = listOf(NotarySpec(DUMMY_NOTARY_NAME, maximumHeapSize = "1g")))
         ) {
-            val nodeAFuture = startNode(providedName = nodeALegalName)
-            val nodeBFuture = startNode(providedName = nodeBLegalName)
+            val nodeAFuture = startNode(providedName = nodeALegalName, maximumHeapSize = "1g")
+            val nodeBFuture = startNode(providedName = nodeBLegalName, maximumHeapSize = "1g")
             val (nodeA, nodeB) = listOf(nodeAFuture, nodeBFuture).map { it.getOrThrow() }
-            val nodeAWebServerFuture = startWebserver(nodeA)
-            val nodeBWebServerFuture = startWebserver(nodeB)
+            val nodeAWebServerFuture = startWebserver(nodeA, "1g")
+            val nodeBWebServerFuture = startWebserver(nodeB, "1g")
             val nodeAApi = HttpApi.fromHostAndPort(nodeAWebServerFuture.getOrThrow().listenAddress, "api/simmvaluationdemo")
             val nodeBApi = HttpApi.fromHostAndPort(nodeBWebServerFuture.getOrThrow().listenAddress, "api/simmvaluationdemo")
             val nodeBParty = getPartyWithName(nodeAApi, nodeBLegalName)
@@ -64,6 +70,7 @@ class SimmValuationTest {
             createTradeBetween(nodeAApi, nodeBParty, testTradeId)
             assertTradeExists(nodeBApi, nodeAParty, testTradeId)
             assertTradeExists(nodeAApi, nodeBParty, testTradeId)
+
             runValuationsBetween(nodeAApi, nodeBParty)
             assertValuationExists(nodeBApi, nodeAParty)
             assertValuationExists(nodeAApi, nodeBParty)
diff --git a/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/customserializers/CurrencySerializer.kt b/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/customserializers/CurrencySerializer.kt
deleted file mode 100644
index 45bffc8ae2..0000000000
--- a/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/customserializers/CurrencySerializer.kt
+++ /dev/null
@@ -1,12 +0,0 @@
-package net.corda.vega.plugin.customserializers
-
-import com.opengamma.strata.basics.currency.Currency
-import net.corda.core.serialization.SerializationCustomSerializer
-
-@Suppress("UNUSED")
-class CurrencySerializer : SerializationCustomSerializer<Currency, CurrencySerializer.Proxy> {
-    data class Proxy(val currency: String)
-
-    override fun fromProxy(proxy: Proxy): Currency = Currency.parse(proxy.currency)
-    override fun toProxy(obj: Currency) = Proxy(obj.toString())
-}
diff --git a/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/SimmPlugin.kt b/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/webplugin/SimmPlugin.kt
similarity index 96%
rename from samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/SimmPlugin.kt
rename to samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/webplugin/SimmPlugin.kt
index daf4cdcb07..24aeda987b 100644
--- a/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/plugin/SimmPlugin.kt
+++ b/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/webplugin/SimmPlugin.kt
@@ -1,4 +1,4 @@
-package net.corda.vega.plugin
+package net.corda.vega.webplugin
 
 import com.fasterxml.jackson.databind.ObjectMapper
 import net.corda.core.serialization.SerializationWhitelist
diff --git a/samples/simm-valuation-demo/src/main/resources/META-INF/services/net.corda.core.serialization.SerializationWhitelist b/samples/simm-valuation-demo/src/main/resources/META-INF/services/net.corda.core.serialization.SerializationWhitelist
deleted file mode 100644
index 78b86947ec..0000000000
--- a/samples/simm-valuation-demo/src/main/resources/META-INF/services/net.corda.core.serialization.SerializationWhitelist
+++ /dev/null
@@ -1 +0,0 @@
-net.corda.vega.plugin.SimmPluginRegistry
diff --git a/samples/simm-valuation-demo/src/main/resources/META-INF/services/net.corda.webserver.services.WebServerPluginRegistry b/samples/simm-valuation-demo/src/main/resources/META-INF/services/net.corda.webserver.services.WebServerPluginRegistry
index 95a1afd507..418058fa6b 100644
--- a/samples/simm-valuation-demo/src/main/resources/META-INF/services/net.corda.webserver.services.WebServerPluginRegistry
+++ b/samples/simm-valuation-demo/src/main/resources/META-INF/services/net.corda.webserver.services.WebServerPluginRegistry
@@ -1,2 +1,2 @@
 # Register a ServiceLoader service extending from net.corda.webserver.services.WebServerPluginRegistry
-net.corda.vega.plugin.SimmPlugin
+net.corda.vega.webplugin.SimmPlugin
diff --git a/samples/trader-demo/build.gradle b/samples/trader-demo/build.gradle
index b41ae8877a..9734d435d7 100644
--- a/samples/trader-demo/build.gradle
+++ b/samples/trader-demo/build.gradle
@@ -25,15 +25,14 @@ dependencies {
     // The trader demo CorDapp depends upon Cash CorDapp features
     cordapp project(':finance:contracts')
     cordapp project(':finance:workflows')
+    cordapp project(':confidential-identities')
+    cordapp project(':samples:bank-of-corda-demo')
 
     // Corda integration dependencies
     cordaRuntime project(path: ":node:capsule", configuration: 'runtimeArtifacts')
     cordaRuntime project(path: ":webserver:webcapsule", configuration: 'runtimeArtifacts')
     cordaCompile project(':core')
 
-    // Corda Plugins: dependent flows and services
-    cordapp project(':samples:bank-of-corda-demo')
-
     testCompile project(':test-utils')
     testCompile "junit:junit:$junit_version"
     testCompile "org.assertj:assertj-core:${assertj_version}"
@@ -43,9 +42,12 @@ def nodeTask = tasks.getByPath(':node:capsule:assemble')
 def webTask = tasks.getByPath(':webserver:webcapsule:assemble')
 task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask, webTask]) {
     ext.rpcUsers = [['username': "demo", 'password': "demo", 'permissions': ["ALL"]]]
-
+    nodeDefaults {
+        cordapp project(':finance:workflows')
+        cordapp project(':finance:contracts')
+        cordapp project(':confidential-identities')
+    }
     directory "./build/nodes"
-    // This name "Notary" is hard-coded into TraderDemoClientApi so if you change it here, change it there too.
     node {
         name "O=Notary Service,L=Zurich,C=CH"
         notary = [validating : true]
@@ -55,12 +57,10 @@ task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask,
             adminAddress "localhost:10004"
         }
         extraConfig = ['h2Settings.address' : 'localhost:10014']
-        cordapps = ["$project.group:workflows:$corda_release_version", "$project.group:contracts:$corda_release_version"]
     }
     node {
         name "O=Bank A,L=London,C=GB"
         p2pPort 10005
-        cordapps = ["$project.group:workflows:$corda_release_version", "$project.group:contracts:$corda_release_version"]
         rpcUsers = ext.rpcUsers
         rpcSettings {
             address "localhost:10006"
@@ -71,7 +71,6 @@ task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask,
     node {
         name "O=Bank B,L=New York,C=US"
         p2pPort 10008
-        cordapps = ["$project.group:workflows:$corda_release_version", "$project.group:contracts:$corda_release_version"]
         rpcUsers = ext.rpcUsers
         rpcSettings {
             address "localhost:10009"
@@ -82,7 +81,6 @@ task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask,
     node {
         name "O=BankOfCorda,L=New York,C=US"
         p2pPort 10011
-        cordapps = ["$project.group:workflows:$corda_release_version", "$project.group:contracts:$corda_release_version"]
         rpcUsers = ext.rpcUsers
         rpcSettings {
             address "localhost:10012"
@@ -95,7 +93,6 @@ task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask,
     node {
         name "O=LoggingBank,L=London,C=GB"
         p2pPort 10025
-        cordapps = ["$project.group:workflows:$corda_release_version", "$project.group:contracts:$corda_release_version"]
         rpcUsers = ext.rpcUsers
         rpcSettings {
             address "localhost:10026"
diff --git a/samples/trader-demo/src/integration-test/kotlin/net/corda/traderdemo/TraderDemoTest.kt b/samples/trader-demo/src/integration-test/kotlin/net/corda/traderdemo/TraderDemoTest.kt
index e4a093ad61..f36db3eaa2 100644
--- a/samples/trader-demo/src/integration-test/kotlin/net/corda/traderdemo/TraderDemoTest.kt
+++ b/samples/trader-demo/src/integration-test/kotlin/net/corda/traderdemo/TraderDemoTest.kt
@@ -9,15 +9,15 @@ import net.corda.finance.flows.CashIssueFlow
 import net.corda.finance.flows.CashPaymentFlow
 import net.corda.node.services.Permissions.Companion.all
 import net.corda.node.services.Permissions.Companion.startFlow
-import net.corda.testing.core.BOC_NAME
-import net.corda.testing.core.DUMMY_BANK_A_NAME
-import net.corda.testing.core.DUMMY_BANK_B_NAME
-import net.corda.testing.core.singleIdentity
+import net.corda.testing.core.*
 import net.corda.testing.driver.DriverParameters
 import net.corda.testing.driver.InProcess
 import net.corda.testing.driver.OutOfProcess
 import net.corda.testing.driver.driver
+import net.corda.testing.node.NotarySpec
+import net.corda.testing.node.TestCordapp
 import net.corda.testing.node.User
+import net.corda.testing.node.internal.FINANCE_CORDAPPS
 import net.corda.testing.node.internal.poll
 import net.corda.traderdemo.flow.CommercialPaperIssueFlow
 import net.corda.traderdemo.flow.SellerFlow
@@ -34,11 +34,16 @@ class TraderDemoTest {
                 startFlow<CashPaymentFlow>(),
                 startFlow<CommercialPaperIssueFlow>(),
                 all()))
-        driver(DriverParameters(startNodesInProcess = true, inMemoryDB = false, extraCordappPackagesToScan = listOf("net.corda.finance"))) {
+        driver(DriverParameters(
+                startNodesInProcess = true,
+                inMemoryDB = false,
+                cordappsForAllNodes = FINANCE_CORDAPPS + TestCordapp.findCordapp("net.corda.traderdemo"),
+                notarySpecs = listOf(NotarySpec(DUMMY_NOTARY_NAME, maximumHeapSize = "1g"))
+        )) {
             val (nodeA, nodeB, bankNode) = listOf(
-                    startNode(providedName = DUMMY_BANK_A_NAME, rpcUsers = listOf(demoUser)),
-                    startNode(providedName = DUMMY_BANK_B_NAME, rpcUsers = listOf(demoUser)),
-                    startNode(providedName = BOC_NAME, rpcUsers = listOf(bankUser))
+                    startNode(providedName = DUMMY_BANK_A_NAME, rpcUsers = listOf(demoUser), maximumHeapSize = "1g"),
+                    startNode(providedName = DUMMY_BANK_B_NAME, rpcUsers = listOf(demoUser), maximumHeapSize = "1g"),
+                    startNode(providedName = BOC_NAME, rpcUsers = listOf(bankUser), maximumHeapSize = "1g")
             ).map { (it.getOrThrow() as InProcess) }
 
             val (nodeARpc, nodeBRpc) = listOf(nodeA, nodeB).map {
@@ -76,8 +81,12 @@ class TraderDemoTest {
     }
 
     @Test
-    fun `Tudor test`() {
-        driver(DriverParameters(startNodesInProcess = false, inMemoryDB = false, extraCordappPackagesToScan = listOf("net.corda.finance"))) {
+    fun `Test restart node during flow works properly`() {
+        driver(DriverParameters(
+                startNodesInProcess = false,
+                inMemoryDB = false,
+                cordappsForAllNodes = FINANCE_CORDAPPS + TestCordapp.findCordapp("net.corda.traderdemo")
+        )) {
             val demoUser = User("demo", "demo", setOf(startFlow<SellerFlow>(), all()))
             val bankUser = User("user1", "test", permissions = setOf(all()))
             val (nodeA, nodeB, bankNode) = listOf(
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/ClientContexts.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/ClientContexts.kt
index 5df12028a9..8f8e9d4cb6 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/ClientContexts.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/ClientContexts.kt
@@ -21,5 +21,6 @@ val AMQP_RPC_CLIENT_CONTEXT = SerializationContextImpl(
         emptyMap(),
         true,
         SerializationContext.UseCase.RPCClient,
-        null
+        null,
+        lenientCarpenterEnabled = true
 )
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/SerializationScheme.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/SerializationScheme.kt
index dbee7d4b35..9c6162a874 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/SerializationScheme.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/SerializationScheme.kt
@@ -26,7 +26,8 @@ data class SerializationContextImpl @JvmOverloads constructor(override val prefe
                                                               override val encoding: SerializationEncoding?,
                                                               override val encodingWhitelist: EncodingWhitelist = NullEncodingWhitelist,
                                                               override val lenientCarpenterEnabled: Boolean = false,
-                                                              override val preventDataLoss: Boolean = false) : SerializationContext {
+                                                              override val preventDataLoss: Boolean = false,
+                                                              override val customSerializers: Set<SerializationCustomSerializer<*, *>> = emptySet()) : SerializationContext {
     /**
      * {@inheritDoc}
      */
@@ -56,6 +57,10 @@ data class SerializationContextImpl @JvmOverloads constructor(override val prefe
         })
     }
 
+    override fun withCustomSerializers(serializers: Set<SerializationCustomSerializer<*, *>>): SerializationContextImpl {
+        return copy(customSerializers = customSerializers.union(serializers))
+    }
+
     override fun withPreferredSerializationVersion(magic: SerializationMagic) = copy(preferredSerializationVersion = magic)
     override fun withEncoding(encoding: SerializationEncoding?) = copy(encoding = encoding)
     override fun withEncodingWhitelist(encodingWhitelist: EncodingWhitelist) = copy(encodingWhitelist = encodingWhitelist)
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/ServerContexts.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/ServerContexts.kt
index d19a177d2a..160c12298b 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/ServerContexts.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/ServerContexts.kt
@@ -36,5 +36,6 @@ val AMQP_RPC_SERVER_CONTEXT = SerializationContextImpl(
         emptyMap(),
         true,
         SerializationContext.UseCase.RPCServer,
-        null
+        null,
+        lenientCarpenterEnabled = true
 )
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/AMQPSerializationScheme.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/AMQPSerializationScheme.kt
index fe131ac5b0..360689f62d 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/AMQPSerializationScheme.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/AMQPSerializationScheme.kt
@@ -22,7 +22,10 @@ import java.util.*
 
 val AMQP_ENABLED get() = SerializationDefaults.P2P_CONTEXT.preferredSerializationVersion == amqpMagic
 
-data class SerializationFactoryCacheKey(val classWhitelist: ClassWhitelist, val deserializationClassLoader: ClassLoader, val preventDataLoss: Boolean)
+data class SerializationFactoryCacheKey(val classWhitelist: ClassWhitelist,
+                                        val deserializationClassLoader: ClassLoader,
+                                        val preventDataLoss: Boolean,
+                                        val customSerializers: Set<SerializationCustomSerializer<*, *>>)
 
 fun SerializerFactory.addToWhitelist(vararg types: Class<*>) {
     require(types.toSet().size == types.size) {
@@ -43,11 +46,12 @@ interface SerializerFactoryFactory {
 @KeepForDJVM
 abstract class AbstractAMQPSerializationScheme(
         private val cordappCustomSerializers: Set<SerializationCustomSerializer<*, *>>,
+        private val cordappSerializationWhitelists: Set<SerializationWhitelist>,
         maybeNotConcurrentSerializerFactoriesForContexts: MutableMap<SerializationFactoryCacheKey, SerializerFactory>,
         val sff: SerializerFactoryFactory = createSerializerFactoryFactory()
 ) : SerializationScheme {
     @DeleteForDJVM
-    constructor(cordapps: List<Cordapp>) : this(cordapps.customSerializers, AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised())
+    constructor(cordapps: List<Cordapp>) : this(cordapps.customSerializers, cordapps.serializationWhitelists, AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>(128).toSynchronised())
 
     // This is a bit gross but a broader check for ConcurrentMap is not allowed inside DJVM.
     private val serializerFactoriesForContexts: MutableMap<SerializationFactoryCacheKey, SerializerFactory> = if (maybeNotConcurrentSerializerFactoriesForContexts is AccessOrderLinkedHashMap<*, *>) {
@@ -98,9 +102,12 @@ abstract class AbstractAMQPSerializationScheme(
         @DeleteForDJVM
         val List<Cordapp>.customSerializers
             get() = flatMap { it.serializationCustomSerializers }.toSet()
+
+        @DeleteForDJVM
+        val List<Cordapp>.serializationWhitelists
+            get() = flatMap { it.serializationWhitelists }.toSet()
     }
 
-    // Parameter "context" is unused directly but passed in by reflection. Removing it will cause failures.
     private fun registerCustomSerializers(context: SerializationContext, factory: SerializerFactory) {
         with(factory) {
             register(publicKeySerializer)
@@ -135,9 +142,6 @@ abstract class AbstractAMQPSerializationScheme(
             register(net.corda.serialization.internal.amqp.custom.ContractAttachmentSerializer(this))
             registerNonDeterministicSerializers(factory)
         }
-        for (whitelistProvider in serializationWhitelists) {
-            factory.addToWhitelist(*whitelistProvider.whitelist.toTypedArray())
-        }
 
         // If we're passed in an external list we trust that, otherwise revert to looking at the scan of the
         // classpath to find custom serializers.
@@ -146,6 +150,15 @@ abstract class AbstractAMQPSerializationScheme(
                 factory.registerExternal(CorDappCustomSerializer(customSerializer, factory))
             }
         } else {
+            // This step is registering custom serializers, which have been added after node initialisation (i.e. via attachments during transaction verification).
+            // Note: the order between the registration of customSerializers and cordappCustomSerializers must be preserved as-is. The reason is the following:
+            // Currently, the serialization infrastructure does not support multiple versions of a class (the first one that is registered dominates).
+            // As a result, when inside a context with attachments class loader, we prioritize serializers loaded on-demand from attachments to serializers that had been
+            // loaded during node initialisation, by scanning the cordapps folder.
+            context.customSerializers.forEach { customSerializer ->
+                factory.registerExternal(CorDappCustomSerializer(customSerializer, factory))
+            }
+
             logger.debug("Custom Serializer list loaded - not scanning classpath")
             cordappCustomSerializers.forEach { customSerializer ->
                 factory.registerExternal(CorDappCustomSerializer(customSerializer, factory))
@@ -159,6 +172,17 @@ abstract class AbstractAMQPSerializationScheme(
         }
     }
 
+    private fun registerCustomWhitelists(factory: SerializerFactory) {
+        serializationWhitelists.forEach {
+            factory.addToWhitelist(*it.whitelist.toTypedArray())
+        }
+        cordappSerializationWhitelists.forEach {
+            it.whitelist.forEach {
+                clazz -> factory.addToWhitelist(clazz)
+            }
+        }
+    }
+
     /*
      * Register the serializers which will be excluded from the DJVM.
      */
@@ -176,7 +200,7 @@ abstract class AbstractAMQPSerializationScheme(
     open val publicKeySerializer: CustomSerializer<*> = net.corda.serialization.internal.amqp.custom.PublicKeySerializer
 
     fun getSerializerFactory(context: SerializationContext): SerializerFactory {
-        val key = SerializationFactoryCacheKey(context.whitelist, context.deserializationClassLoader, context.preventDataLoss)
+        val key = SerializationFactoryCacheKey(context.whitelist, context.deserializationClassLoader, context.preventDataLoss, context.customSerializers)
         // ConcurrentHashMap.get() is lock free, but computeIfAbsent is not, even if the key is in the map already.
         return serializerFactoriesForContexts[key] ?: serializerFactoriesForContexts.computeIfAbsent(key) {
             when (context.useCase) {
@@ -187,6 +211,7 @@ abstract class AbstractAMQPSerializationScheme(
                 else -> sff.make(context)
             }.also {
                 registerCustomSerializers(context, it)
+                registerCustomWhitelists(it)
             }
         }
     }
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/custom/OptionalSerializer.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/custom/OptionalSerializer.kt
index 632cc4c511..2c2275af8c 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/custom/OptionalSerializer.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/custom/OptionalSerializer.kt
@@ -7,7 +7,7 @@ import java.time.OffsetTime
 import java.util.*
 
 /**
- * A serializer for [OffsetTime] that uses a proxy object to write out the time and zone offset.
+ * A serializer for [Optional] that uses a proxy object to write out the value stored in the optional or [Optional.EMPTY].
  */
 class OptionalSerializer(factory: SerializerFactory) : CustomSerializer.Proxy<Optional<*>, OptionalSerializer.OptionalProxy>(Optional::class.java, OptionalProxy::class.java, factory) {
 
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/CordaClassResolverTests.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/CordaClassResolverTests.kt
index e42724c66e..cd7d002413 100644
--- a/serialization/src/test/kotlin/net/corda/serialization/internal/CordaClassResolverTests.kt
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/CordaClassResolverTests.kt
@@ -11,11 +11,11 @@ import com.nhaarman.mockito_kotlin.verify
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.internal.DEPLOYED_CORDAPP_UPLOADER
 import net.corda.core.node.services.AttachmentStorage
-import net.corda.core.serialization.internal.CheckpointSerializationContext
 import net.corda.core.serialization.ClassWhitelist
 import net.corda.core.serialization.CordaSerializable
-import net.corda.core.serialization.MissingAttachmentsException
 import net.corda.core.serialization.internal.AttachmentsClassLoader
+import net.corda.core.serialization.internal.CheckpointSerializationContext
+import net.corda.core.serialization.internal.UntrustedAttachmentsException
 import net.corda.node.serialization.kryo.CordaClassResolver
 import net.corda.node.serialization.kryo.CordaKryo
 import net.corda.testing.internal.rigorousMock
@@ -23,7 +23,6 @@ import net.corda.testing.services.MockAttachmentStorage
 import org.junit.Rule
 import org.junit.Test
 import org.junit.rules.ExpectedException
-import java.lang.IllegalStateException
 import java.net.URL
 import java.sql.Connection
 import java.util.*
@@ -115,11 +114,12 @@ class CordaClassResolverTests {
         val emptyListClass = listOf<Any>().javaClass
         val emptySetClass = setOf<Any>().javaClass
         val emptyMapClass = mapOf<Any, Any>().javaClass
-        val ISOLATED_CONTRACTS_JAR_PATH: URL = CordaClassResolverTests::class.java.getResource("isolated.jar")
+        val ISOLATED_CONTRACTS_JAR_PATH: URL = CordaClassResolverTests::class.java.getResource("/isolated.jar")
     }
 
     private val emptyWhitelistContext: CheckpointSerializationContext = CheckpointSerializationContextImpl(this.javaClass.classLoader, EmptyWhitelist, emptyMap(), true, null)
     private val allButBlacklistedContext: CheckpointSerializationContext = CheckpointSerializationContextImpl(this.javaClass.classLoader, AllButBlacklisted, emptyMap(), true, null)
+
     @Test
     fun `Annotation on enum works for specialised entries`() {
         CordaClassResolver(emptyWhitelistContext).getRegistration(Foo.Bar::class.java)
@@ -212,16 +212,16 @@ class CordaClassResolverTests {
         val storage = MockAttachmentStorage()
         val attachmentHash = importJar(storage)
         val classLoader = AttachmentsClassLoader(arrayOf(attachmentHash).map { storage.openAttachment(it)!! })
-        val attachedClass = Class.forName("net.corda.finance.contracts.isolated.AnotherDummyContract", true, classLoader)
+        val attachedClass = Class.forName("net.corda.isolated.contracts.AnotherDummyContract", true, classLoader)
         CordaClassResolver(emptyWhitelistContext).getRegistration(attachedClass)
     }
 
-    @Test(expected = MissingAttachmentsException::class)
-    fun `Attempt to load contract attachment with the incorrect uploader should fails with MissingAttachmentsException`() {
+    @Test(expected = UntrustedAttachmentsException::class)
+    fun `Attempt to load contract attachment with untrusted uploader should fail with UntrustedAttachmentsException`() {
         val storage = MockAttachmentStorage()
         val attachmentHash = importJar(storage, "some_uploader")
         val classLoader = AttachmentsClassLoader(arrayOf(attachmentHash).map { storage.openAttachment(it)!! })
-        val attachedClass = Class.forName("net.corda.finance.contracts.isolated.AnotherDummyContract", true, classLoader)
+        val attachedClass = Class.forName("net.corda.isolated.contracts.AnotherDummyContract", true, classLoader)
         CordaClassResolver(emptyWhitelistContext).getRegistration(attachedClass)
     }
 
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/AbstractAMQPSerializationSchemeTest.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/AbstractAMQPSerializationSchemeTest.kt
index ffabd913a0..821a045f82 100644
--- a/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/AbstractAMQPSerializationSchemeTest.kt
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/AbstractAMQPSerializationSchemeTest.kt
@@ -40,7 +40,7 @@ class AbstractAMQPSerializationSchemeTest {
         val factory = SerializerFactoryBuilder.build(TESTING_CONTEXT.whitelist, TESTING_CONTEXT.deserializationClassLoader)
         val maxFactories = 512
         val backingMap = AccessOrderLinkedHashMap<SerializationFactoryCacheKey, SerializerFactory>({ maxFactories }).toSynchronised()
-        val scheme = object : AbstractAMQPSerializationScheme(emptySet(), backingMap, createSerializerFactoryFactory()) {
+        val scheme = object : AbstractAMQPSerializationScheme(emptySet(), emptySet(), backingMap, createSerializerFactoryFactory()) {
             override fun rpcClientSerializerFactory(context: SerializationContext): SerializerFactory {
                 return factory
             }
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/DeserializeQueryableStateTest.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/DeserializeQueryableStateTest.kt
new file mode 100644
index 0000000000..901fcccf88
--- /dev/null
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/DeserializeQueryableStateTest.kt
@@ -0,0 +1,64 @@
+package net.corda.serialization.internal.amqp
+
+import net.corda.client.rpc.internal.serialization.amqp.AMQPClientSerializationScheme
+import net.corda.core.identity.AbstractParty
+import net.corda.core.schemas.MappedSchema
+import net.corda.core.schemas.PersistentState
+import net.corda.core.schemas.QueryableState
+import net.corda.core.serialization.SerializedBytes
+import net.corda.node.serialization.amqp.AMQPServerSerializationScheme
+import net.corda.serialization.internal.AMQP_RPC_CLIENT_CONTEXT
+import net.corda.serialization.internal.AMQP_RPC_SERVER_CONTEXT
+import net.corda.serialization.internal.AllWhitelist
+import net.corda.testing.core.DUMMY_BANK_A_NAME
+import net.corda.testing.core.TestIdentity
+import org.junit.Test
+import kotlin.test.assertEquals
+import kotlin.test.assertFailsWith
+
+data class TestState(override val participants: List<AbstractParty>): QueryableState {
+    override fun generateMappedObject(schema: MappedSchema): PersistentState {
+        throw NotImplementedError()
+    }
+    override fun supportedSchemas(): Iterable<MappedSchema> {
+        // return dummy value
+        return listOf(MappedSchema(TestState::class.java, 432, listOf()))
+    }
+}
+
+
+/**
+ * A class loader that excludes [TestState].
+ */
+class ClassLoaderWithoutTestState(classLoader: ClassLoader) : ClassLoader(classLoader) {
+    override fun loadClass(name: String?, resolve: Boolean): Class<*> {
+        if (name != null && name == TestState::class.java.name) {
+            throw ClassNotFoundException()
+        }
+        return super.loadClass(name, resolve)
+    }
+}
+
+class DeserializeQueryableStateTest {
+
+    /**
+     * https://r3-cev.atlassian.net/browse/CORDA-2330
+     */
+    @Test
+    fun `should deserialize subclass of QueryableState that is not present in the class loader`() {
+        val testParty = TestIdentity(DUMMY_BANK_A_NAME).identity.party
+        val instance = TestState(listOf(testParty))
+
+        val scheme = AMQPServerSerializationScheme(emptyList())
+        val serialized = scheme.serialize(instance, AMQP_RPC_SERVER_CONTEXT)
+
+        val clientContext = AMQP_RPC_CLIENT_CONTEXT.copy(whitelist = AllWhitelist, deserializationClassLoader = ClassLoaderWithoutTestState(ClassLoader.getSystemClassLoader()))
+        val serializedBytes = SerializedBytes<QueryableState>(serialized.bytes)
+        val clientScheme = AMQPClientSerializationScheme(emptyList())
+
+        // this operation used to fail because AMQP_RPC_CLIENT_CONTEXT.lenientCarpenterEnabled was false
+        val deserialized = clientScheme.deserialize(serializedBytes, QueryableState::class.java, clientContext)
+        assertFailsWith<AbstractMethodError> { deserialized.supportedSchemas() }
+        assertEquals(deserialized.participants.first(), testParty)
+    }
+}
\ No newline at end of file
diff --git a/serialization/src/test/resources/isolated.jar b/serialization/src/test/resources/isolated.jar
new file mode 100644
index 0000000000..8026639a7e
Binary files /dev/null and b/serialization/src/test/resources/isolated.jar differ
diff --git a/serialization/src/test/resources/net/corda/serialization/internal/isolated.jar b/serialization/src/test/resources/net/corda/serialization/internal/isolated.jar
deleted file mode 100644
index 17bf0c2436..0000000000
Binary files a/serialization/src/test/resources/net/corda/serialization/internal/isolated.jar and /dev/null differ
diff --git a/settings.gradle b/settings.gradle
index ed8e05f0e8..035c71f0f3 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -5,7 +5,7 @@ include 'confidential-identities'
 include 'finance'   // maintained for backwards compatibility only
 include 'finance:contracts'
 include 'finance:workflows'
-include 'finance:isolated'
+include 'isolated'
 include 'core'
 include 'docs'
 include 'node-api'
@@ -25,8 +25,6 @@ include 'experimental:avalanche'
 include 'experimental:behave'
 include 'experimental:quasar-hook'
 include 'experimental:corda-utils'
-include 'experimental:notary-raft'
-include 'experimental:notary-bft-smart'
 include 'jdk8u-deterministic'
 include 'test-common'
 include 'test-cli'
diff --git a/testing/node-driver/build.gradle b/testing/node-driver/build.gradle
index cdcb25d649..102249761e 100644
--- a/testing/node-driver/build.gradle
+++ b/testing/node-driver/build.gradle
@@ -25,8 +25,6 @@ sourceSets {
 }
 
 dependencies {
-    // Bundling in the Raft notary service for tests involving distributed notaries
-    compile project(':experimental:notary-raft')
     compile project(':test-utils')
 
     // Integration test helpers
diff --git a/testing/node-driver/src/integration-test/kotlin/net/corda/testing/node/MockNetworkIntegrationTests.kt b/testing/node-driver/src/integration-test/kotlin/net/corda/testing/node/MockNetworkIntegrationTests.kt
index cf82aec871..52ae6cbe69 100644
--- a/testing/node-driver/src/integration-test/kotlin/net/corda/testing/node/MockNetworkIntegrationTests.kt
+++ b/testing/node-driver/src/integration-test/kotlin/net/corda/testing/node/MockNetworkIntegrationTests.kt
@@ -10,7 +10,7 @@ class MockNetworkIntegrationTests {
     companion object {
         @JvmStatic
         fun main(args: Array<String>) {
-            MockNetwork(emptyList()).run {
+            MockNetwork(MockNetworkParameters()).run {
                 repeat(2) { createNode() }
                 runNetwork()
                 stopNodes()
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt
index d8299d0cb0..1b98472fec 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt
@@ -248,7 +248,9 @@ data class DriverParameters(
         val notaryCustomOverrides: Map<String, Any?> = emptyMap(),
         val inMemoryDB: Boolean = true,
         val cordappsForAllNodes: Collection<TestCordapp>? = null
-    ) {
+) {
+    constructor(cordappsForAllNodes: Collection<TestCordapp>) : this(isDebug = false, cordappsForAllNodes = cordappsForAllNodes)
+
     constructor(
             isDebug: Boolean = false,
             driverDirectory: Path = Paths.get("build") / "node-driver" /  getTimestampAsDirectoryName(),
@@ -313,38 +315,6 @@ data class DriverParameters(
             cordappsForAllNodes = null
     )
 
-    constructor(
-            isDebug: Boolean,
-            driverDirectory: Path,
-            portAllocation: PortAllocation,
-            debugPortAllocation: PortAllocation,
-            systemProperties: Map<String, String>,
-            useTestClock: Boolean,
-            startNodesInProcess: Boolean,
-            waitForAllNodesToFinish: Boolean,
-            notarySpecs: List<NotarySpec>,
-            extraCordappPackagesToScan: List<String>,
-            jmxPolicy: JmxPolicy,
-            networkParameters: NetworkParameters,
-            cordappsForAllNodes: Collection<TestCordapp>? = null
-    ) : this(
-            isDebug,
-            driverDirectory,
-            portAllocation,
-            debugPortAllocation,
-            systemProperties,
-            useTestClock,
-            startNodesInProcess,
-            waitForAllNodesToFinish,
-            notarySpecs,
-            extraCordappPackagesToScan,
-            jmxPolicy,
-            networkParameters,
-            emptyMap(),
-            true,
-            cordappsForAllNodes
-    )
-
     constructor(
             isDebug: Boolean,
             driverDirectory: Path,
@@ -377,39 +347,6 @@ data class DriverParameters(
             cordappsForAllNodes = null
     )
 
-    constructor(
-            isDebug: Boolean,
-            driverDirectory: Path,
-            portAllocation: PortAllocation,
-            debugPortAllocation: PortAllocation,
-            systemProperties: Map<String, String>,
-            useTestClock: Boolean,
-            startNodesInProcess: Boolean,
-            waitForAllNodesToFinish: Boolean,
-            notarySpecs: List<NotarySpec>,
-            extraCordappPackagesToScan: List<String>,
-            jmxPolicy: JmxPolicy,
-            networkParameters: NetworkParameters,
-            inMemoryDB: Boolean,
-            cordappsForAllNodes: Set<TestCordapp>? = null
-    ) : this(
-            isDebug,
-            driverDirectory,
-            portAllocation,
-            debugPortAllocation,
-            systemProperties,
-            useTestClock,
-            startNodesInProcess,
-            waitForAllNodesToFinish,
-            notarySpecs,
-            extraCordappPackagesToScan,
-            jmxPolicy,
-            networkParameters,
-            emptyMap(),
-            inMemoryDB,
-            cordappsForAllNodes
-    )
-
     fun withIsDebug(isDebug: Boolean): DriverParameters = copy(isDebug = isDebug)
     fun withDriverDirectory(driverDirectory: Path): DriverParameters = copy(driverDirectory = driverDirectory)
     fun withPortAllocation(portAllocation: PortAllocation): DriverParameters = copy(portAllocation = portAllocation)
@@ -419,6 +356,8 @@ data class DriverParameters(
     fun withStartNodesInProcess(startNodesInProcess: Boolean): DriverParameters = copy(startNodesInProcess = startNodesInProcess)
     fun withWaitForAllNodesToFinish(waitForAllNodesToFinish: Boolean): DriverParameters = copy(waitForAllNodesToFinish = waitForAllNodesToFinish)
     fun withNotarySpecs(notarySpecs: List<NotarySpec>): DriverParameters = copy(notarySpecs = notarySpecs)
+    @Deprecated("extraCordappPackagesToScan does not preserve the original CorDapp's versioning and metadata, which may lead to " +
+            "misleading results in tests. Use withCordappsForAllNodes instead.")
     fun withExtraCordappPackagesToScan(extraCordappPackagesToScan: List<String>): DriverParameters = copy(extraCordappPackagesToScan = extraCordappPackagesToScan)
     fun withJmxPolicy(jmxPolicy: JmxPolicy): DriverParameters = copy(jmxPolicy = jmxPolicy)
     fun withNetworkParameters(networkParameters: NetworkParameters): DriverParameters = copy(networkParameters = networkParameters)
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockNetwork.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockNetwork.kt
index e12b07500b..eb23b72146 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockNetwork.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockNetwork.kt
@@ -4,16 +4,14 @@ import com.google.common.jimfs.Jimfs
 import net.corda.core.concurrent.CordaFuture
 import net.corda.core.crypto.random63BitValue
 import net.corda.core.flows.FlowLogic
-import net.corda.core.flows.FlowSession
+import net.corda.core.flows.InitiatedBy
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
 import net.corda.core.internal.uncheckedCast
 import net.corda.core.node.NetworkParameters
 import net.corda.core.node.NodeInfo
 import net.corda.core.node.ServiceHub
-import net.corda.core.toFuture
 import net.corda.core.utilities.getOrThrow
-import net.corda.node.internal.InitiatedFlowFactory
 import net.corda.node.services.config.NodeConfiguration
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.core.DUMMY_NOTARY_NAME
@@ -24,7 +22,6 @@ import net.corda.testing.node.internal.newContext
 import rx.Observable
 import java.math.BigInteger
 import java.nio.file.Path
-import java.util.concurrent.Future
 
 /**
  * Immutable builder for configuring a [StartedMockNode] or an [UnstartedMockNode] via [MockNetwork.createNode] and
@@ -64,8 +61,7 @@ data class MockNodeParameters(
 }
 
 /**
- * Immutable builder for configuring a [MockNetwork]. Kotlin users can also use named parameters to the constructor
- * of [MockNetwork], which is more convenient.
+ * Immutable builder for configuring a [MockNetwork].
  *
  * @property networkSendManuallyPumped If false then messages will not be routed from sender to receiver until you use
  * the [MockNetwork.runNetwork] method. This is useful for writing single-threaded unit test code that can examine the
@@ -98,6 +94,8 @@ data class MockNetworkParameters(
                 networkParameters: NetworkParameters
     ) : this(networkSendManuallyPumped, threadPerNode, servicePeerAllocationStrategy, notarySpecs, networkParameters, emptyList())
 
+    constructor(cordappsForAllNodes: Collection<TestCordapp>) : this(threadPerNode = false, cordappsForAllNodes = cordappsForAllNodes)
+
     fun withNetworkParameters(networkParameters: NetworkParameters): MockNetworkParameters = copy(networkParameters = networkParameters)
     fun withNetworkSendManuallyPumped(networkSendManuallyPumped: Boolean): MockNetworkParameters = copy(networkSendManuallyPumped = networkSendManuallyPumped)
     fun withThreadPerNode(threadPerNode: Boolean): MockNetworkParameters = copy(threadPerNode = threadPerNode)
@@ -111,7 +109,8 @@ data class MockNetworkParameters(
              threadPerNode: Boolean,
              servicePeerAllocationStrategy: InMemoryMessagingNetwork.ServicePeerAllocationStrategy,
              notarySpecs: List<MockNetworkNotarySpec>,
-             networkParameters: NetworkParameters): MockNetworkParameters {
+             networkParameters: NetworkParameters
+    ): MockNetworkParameters {
         return MockNetworkParameters(networkSendManuallyPumped, threadPerNode, servicePeerAllocationStrategy, notarySpecs, networkParameters, emptyList())
     }
 }
@@ -175,13 +174,31 @@ class StartedMockNode private constructor(private val node: TestStartedNode) {
 
     /**
      * Starts an already constructed flow. Note that you must be on the server thread to call this method.
-     * @param context indicates who started the flow, see: [InvocationContext].
      */
     fun <T> startFlow(logic: FlowLogic<T>): CordaFuture<T> = node.services.startFlow(logic, node.services.newContext()).getOrThrow().resultFuture
 
-    /** Register a flow that is initiated by another flow .**/
+    /**
+     * Manually register an initiating-responder flow pair based on the [FlowLogic] annotations.
+     *
+     * @param initiatedFlowClass [FlowLogic] class which is annotated with [InitiatedBy].
+     * @return An [Observable] which emits responder flows each time one is executed.
+     */
     fun <F : FlowLogic<*>> registerInitiatedFlow(initiatedFlowClass: Class<F>): Observable<F> = node.registerInitiatedFlow(initiatedFlowClass)
 
+    /**
+     * Register a *custom* relationship between initiating and receiving flow on a node-by-node basis. This is used when
+     * we want to manually specify that a particular initiating flow class will have a particular responder.
+     *
+     * Note that this change affects _only_ the node on which this method is called, and not the entire network.
+     *
+     * @param initiatingFlowClass The [FlowLogic]-inheriting class to register a new responder for.
+     * @param initiatedFlowClass The class of the responder flow.
+     * @return An [Observable] which emits responder flows each time one is executed.
+     */
+    fun <F : FlowLogic<*>> registerInitiatedFlow(initiatingFlowClass: Class<out FlowLogic<*>>, initiatedFlowClass: Class<F>): Observable<F> {
+        return node.registerInitiatedFlow(initiatingFlowClass, initiatedFlowClass)
+    }
+
     /** Stop the node. **/
     fun stop() = node.internals.stop()
 
@@ -209,65 +226,8 @@ class StartedMockNode private constructor(private val node: TestStartedNode) {
             statement()
         }
     }
-
-    /**
-     * Register an [InitiatedFlowFactory], to control relationship between initiating and receiving flow classes
-     * explicitly on a node-by-node basis. This is used when we want to manually specify that a particular initiating
-     * flow class will have a particular responder.
-     *
-     * An [ResponderFlowFactory] is responsible for converting a [FlowSession] into the [FlowLogic] that will respond
-     * to the initiated flow. The registry records one responder type, and hence one factory, for each initiator flow
-     * type. If a factory is already registered for the type, it is overwritten in the registry when a new factory is
-     * registered.
-     *
-     * Note that this change affects _only_ the node on which this method is called, and not the entire network.
-     *
-     * @property initiatingFlowClass The [FlowLogic]-inheriting class to register a new responder for.
-     * @property flowFactory The flow factory that will create the responding flow.
-     * @property responderFlowClass The class of the responder flow.
-     * @return A [CordaFuture] that will complete the first time the responding flow is created.
-     */
-    fun <F : FlowLogic<*>> registerResponderFlow(initiatingFlowClass: Class<out FlowLogic<*>>,
-                                                 flowFactory: ResponderFlowFactory<F>,
-                                                 responderFlowClass: Class<F>): CordaFuture<F> =
-
-            node.registerInitiatedFlow(initiatingFlowClass, responderFlowClass).toFuture()
 }
 
-/**
- * Responsible for converting a [FlowSession] into the [FlowLogic] that will respond to an initiated flow.
- *
- * @param F The [FlowLogic]-inherited type of the responder class this factory creates.
- */
-@FunctionalInterface
-interface ResponderFlowFactory<F : FlowLogic<*>> {
-    /**
-     * Given the provided [FlowSession], create a responder [FlowLogic] of the desired type.
-     *
-     * @param flowSession The [FlowSession] to use to create the responder flow object.
-     * @return The constructed responder flow object.
-     */
-    fun invoke(flowSession: FlowSession): F
-}
-
-/**
- * Kotlin-only utility function using a reified type parameter and a lambda parameter to simplify the
- * [InitiatedFlowFactory.registerFlowFactory] function.
- *
- * @param F The [FlowLogic]-inherited type of the responder to register.
- * @property initiatingFlowClass The [FlowLogic]-inheriting class to register a new responder for.
- * @property flowFactory A lambda converting a [FlowSession] into an instance of the responder class [F].
- * @return A [CordaFuture] that will complete the first time the responding flow is created.
- */
-inline fun <reified F : FlowLogic<*>> StartedMockNode.registerResponderFlow(
-        initiatingFlowClass: Class<out FlowLogic<*>>,
-        noinline flowFactory: (FlowSession) -> F): Future<F> = registerResponderFlow(
-        initiatingFlowClass,
-        object : ResponderFlowFactory<F> {
-            override fun invoke(flowSession: FlowSession) = flowFactory(flowSession)
-        },
-        F::class.java)
-
 /**
  * A mock node brings up a suite of in-memory services in a fast manner suitable for unit testing.
  * Components that do IO are either swapped out for mocks, or pointed to a [Jimfs] in memory filesystem or an in
@@ -282,16 +242,12 @@ inline fun <reified F : FlowLogic<*>> StartedMockNode.registerResponderFlow(
  * method. If you want messages to flow automatically, use automatic pumping with a thread per node but watch out
  * for code running parallel to your unit tests: you will need to use futures correctly to ensure race-free results.
  *
- * You can get a printout of every message sent by using code like:
- *
- *    LogHelper.setLevel("+messages")
- *
  * By default a single notary node is automatically started, which forms part of the network parameters for all the nodes.
  * This node is available by calling [defaultNotaryNode].
  *
+ * @property defaultParameters The default parameters for the network. If any of the remaining constructor parameters are specified then
+ * their values are taken instead of the corresponding value in [defaultParameters].
  * @property cordappPackages A [List] of cordapp packages to scan for any cordapp code, e.g. contract verification code, flows and services.
- * @property defaultParameters A [MockNetworkParameters] object which contains the same parameters as the constructor, provided
- * as a convenience for Java users.
  * @property networkSendManuallyPumped If false then messages will not be routed from sender to receiver until you use
  * the [MockNetwork.runNetwork] method. This is useful for writing single-threaded unit test code that can examine the
  * state of the mock network before and after a message is sent, without races and without the receiving node immediately
@@ -321,10 +277,11 @@ open class MockNetwork(
     @Deprecated("cordappPackages does not preserve the original CorDapp's versioning and metadata, which may lead to " +
             "misleading results in tests. Use MockNetworkParameters.cordappsForAllNodes instead.")
     @JvmOverloads
-    constructor(cordappPackages: List<String>, parameters: MockNetworkParameters = MockNetworkParameters()) : this(cordappPackages, defaultParameters = parameters)
+    constructor(cordappPackages: List<String>, parameters: MockNetworkParameters = MockNetworkParameters()) : this(
+            cordappPackages, defaultParameters = parameters
+    )
 
-    @JvmOverloads
-    constructor(parameters: MockNetworkParameters = MockNetworkParameters()) : this(emptyList(), parameters)
+    constructor(parameters: MockNetworkParameters) : this(emptyList(), defaultParameters = parameters)
 
     private val internalMockNetwork = InternalMockNetwork(
             cordappPackages,
@@ -361,7 +318,7 @@ open class MockNetwork(
     fun createPartyNode(legalName: CordaX500Name? = null): StartedMockNode = StartedMockNode.create(internalMockNetwork.createPartyNode(legalName))
 
     /** Create a started node with the given parameters. **/
-    fun createNode(parameters: MockNodeParameters = MockNodeParameters()): StartedMockNode {
+    fun createNode(parameters: MockNodeParameters): StartedMockNode {
         return StartedMockNode.create(internalMockNetwork.createNode(InternalMockNodeParameters(parameters)))
     }
 
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt
index ceefd1d956..c1828295ac 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt
@@ -66,7 +66,7 @@ fun makeTestIdentityService(vararg identities: PartyAndCertificate): IdentitySer
  * must have at least an identity of its own. The other components have defaults that work in most situations.
  */
 open class MockServices private constructor(
-        cordappLoader: CordappLoader,
+        private val cordappLoader: CordappLoader,
         override val validatedTransactions: TransactionStorage,
         override val identityService: IdentityService,
         private val initialNetworkParameters: NetworkParameters,
@@ -118,8 +118,8 @@ open class MockServices private constructor(
             val database = configureDatabase(dataSourceProps, DatabaseConfig(), identityService::wellKnownPartyFromX500Name, identityService::wellKnownPartyFromAnonymous, schemaService, schemaService.internalSchemas())
             val mockService = database.transaction {
                 object : MockServices(cordappLoader, identityService, networkParameters, initialIdentity, moreKeys) {
-                    override val networkParametersStorage: NetworkParametersStorage = MockNetworkParametersStorage(networkParameters)
-                    override val vaultService: VaultService = makeVaultService(schemaService, database)
+                    override val networkParametersService: NetworkParametersService = MockNetworkParametersStorage(networkParameters)
+                    override val vaultService: VaultService = makeVaultService(schemaService, database, cordappLoader)
                     override fun recordTransactions(statesToRecord: StatesToRecord, txs: Iterable<SignedTransaction>) {
                         ServiceHubInternal.recordTransactions(statesToRecord, txs,
                                 validatedTransactions as WritableTransactionStorage,
@@ -282,6 +282,12 @@ open class MockServices private constructor(
      */
     constructor() : this(listOf(getCallerPackage(MockServices::class)!!), CordaX500Name("TestIdentity", "", "GB"), makeTestIdentityService())
 
+    /**
+     * Returns the classloader containing all jar deployed in the 'cordapps' folder.
+     */
+    val cordappClassloader: ClassLoader
+        get() = cordappLoader.appClassLoader
+
     override fun recordTransactions(statesToRecord: StatesToRecord, txs: Iterable<SignedTransaction>) {
         txs.forEach {
             (validatedTransactions as WritableTransactionStorage).addTransaction(it)
@@ -289,7 +295,7 @@ open class MockServices private constructor(
     }
 
     override val networkParameters: NetworkParameters
-        get() = networkParametersStorage.run { lookup(currentHash)!! }
+        get() = networkParametersService.run { lookup(currentHash)!! }
 
     final override val attachments = MockAttachmentStorage()
     override val keyManagementService: KeyManagementService by lazy { MockKeyManagementService(identityService, *arrayOf(initialIdentity.keyPair) + moreKeys) }
@@ -306,15 +312,13 @@ open class MockServices private constructor(
         it.start(initialNetworkParameters.whitelistedContractImplementations)
     }
     override val cordappProvider: CordappProvider get() = mockCordappProvider
-    override val networkParametersStorage: NetworkParametersStorage = MockNetworkParametersStorage(initialNetworkParameters)
+    override val networkParametersService: NetworkParametersService = MockNetworkParametersStorage(initialNetworkParameters)
 
     protected val servicesForResolution: ServicesForResolution
-        get() {
-            return ServicesForResolutionImpl(identityService, attachments, cordappProvider, networkParametersStorage, validatedTransactions)
-        }
+        get() = ServicesForResolutionImpl(identityService, attachments, cordappProvider, networkParametersService, validatedTransactions)
 
-    internal fun makeVaultService(schemaService: SchemaService, database: CordaPersistence): VaultServiceInternal {
-        return NodeVaultService(clock, keyManagementService, servicesForResolution, database, schemaService).apply { start() }
+    internal fun makeVaultService(schemaService: SchemaService, database: CordaPersistence, cordappLoader: CordappLoader): VaultServiceInternal {
+        return NodeVaultService(clock, keyManagementService, servicesForResolution, database, schemaService, cordappLoader.appClassLoader).apply { start() }
     }
 
     // This needs to be internal as MutableClassToInstanceMap is a guava type and shouldn't be part of our public API
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/NodeTestUtils.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/NodeTestUtils.kt
index 0e5b10f4ef..ab6f7dcf20 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/NodeTestUtils.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/NodeTestUtils.kt
@@ -23,14 +23,14 @@ fun ServiceHub.ledger(
         notary: Party = TestIdentity.fresh("ledger notary").party,
         script: LedgerDSL<TestTransactionDSLInterpreter, TestLedgerDSLInterpreter>.() -> Unit
 ): LedgerDSL<TestTransactionDSLInterpreter, TestLedgerDSLInterpreter> {
-    val currentParameters = networkParametersStorage.run {
+    val currentParameters = networkParametersService.run {
         lookup(currentHash) ?: throw IllegalStateException("Current network parameters not found, $currentHash")
 
     }
     if (currentParameters.notaries.none { it.identity == notary }) {
         // Add the notary to the whitelist. Otherwise no constructed transactions will verify.
         val newParameters = currentParameters.addNotary(notary)
-        (networkParametersStorage as MockNetworkParametersStorage).setCurrentParametersUnverified(newParameters)
+        (networkParametersService as MockNetworkParametersStorage).setCurrentParametersUnverified(newParameters)
     }
 
     return withTestSerializationEnvIfNotSet {
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/NotarySpec.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/NotarySpec.kt
index afde454e63..584c70d94f 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/NotarySpec.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/NotarySpec.kt
@@ -20,7 +20,19 @@ data class NotarySpec(
         val rpcUsers: List<User> = emptyList(),
         val verifierType: VerifierType = VerifierType.InMemory,
         val cluster: ClusterSpec? = null
-)
+) {
+    // These extra fields are handled this way to preserve Kotlin wire compatibility wrt additional parameters with default values.
+    constructor(name: CordaX500Name,
+                validating: Boolean = true,
+                rpcUsers: List<User> = emptyList(),
+                verifierType: VerifierType = VerifierType.InMemory,
+                cluster: ClusterSpec? = null,
+                maximumHeapSize: String = "512m"): this(name, validating, rpcUsers, verifierType, cluster) {
+        this.maximumHeapSize = maximumHeapSize
+    }
+
+    var maximumHeapSize: String = "512m"
+}
 
 /**
  * Abstract class specifying information about the consensus algorithm used for a cluster of nodes.
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/TestCordapp.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/TestCordapp.kt
index c4f986e049..92cc1f1a78 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/TestCordapp.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/TestCordapp.kt
@@ -6,36 +6,34 @@ import net.corda.testing.driver.NodeParameters
 import net.corda.testing.node.internal.TestCordappImpl
 
 /**
- * Encapsulates a CorDapp that exists on the current classpath, which can be pulled in for testing. Use [TestCordapp.Factory.findCordapp]
+ * Encapsulates a CorDapp that exists on the current classpath, which can be pulled in for testing. Use [TestCordapp.findCordapp]
  * to locate an existing CorDapp.
  *
+ * This is a replacement API to [DriverParameters.extraCordappPackagesToScan] and [MockNetwork.cordappPackages] as they create custom jars
+ * which do not preserve any CorDapp metadata.
+ *
  * @see DriverParameters.cordappsForAllNodes
  * @see NodeParameters.additionalCordapps
  * @see MockNetworkParameters.cordappsForAllNodes
  * @see MockNodeParameters.additionalCordapps
  */
 @DoNotImplement
-interface TestCordapp {
-    /** The package used to find the CorDapp. This may not be the root package of the CorDapp. */
-    val scanPackage: String
-
+abstract class TestCordapp {
     /** Returns the config for on this CorDapp, defaults to empty if not specified. */
-    val config: Map<String, Any>
+    abstract val config: Map<String, Any>
 
     /** Returns a copy of this [TestCordapp] but with the specified CorDapp config. */
-    fun withConfig(config: Map<String, Any>): TestCordapp
+    abstract fun withConfig(config: Map<String, Any>): TestCordapp
 
-    class Factory {
-        companion object {
-            /**
-             * Scans the current classpath to find the CorDapp that contains the given package. All the CorDapp's metdata present in its
-             * MANIFEST are inherited. If more than one location containing the package is found then an exception is thrown. An exception
-             * is also thrown if no CorDapp is found.
-             *
-             * @param scanPackage The package name used to find the CorDapp. This does not need to be the root package.
-             */
-            @JvmStatic
-            fun findCordapp(scanPackage: String): TestCordapp = TestCordappImpl(scanPackage = scanPackage, config = emptyMap())
-        }
+    companion object {
+        /**
+         * Scans the current classpath to find the CorDapp that contains the given package. All the CorDapp's metdata present in its
+         * MANIFEST are inherited. If more than one location containing the package is found then an exception is thrown. An exception
+         * is also thrown if no CorDapp is found.
+         *
+         * @param scanPackage The package name used to find the CorDapp. This does not need to be the root package of the CorDapp.
+         */
+        @JvmStatic
+        fun findCordapp(scanPackage: String): TestCordapp = TestCordappImpl(scanPackage = scanPackage, config = emptyMap())
     }
 }
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/CustomCordapp.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/CustomCordapp.kt
index 9832edbb60..00ecf42dd5 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/CustomCordapp.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/CustomCordapp.kt
@@ -32,15 +32,13 @@ data class CustomCordapp(
         val classes: Set<Class<*>> = emptySet(),
         val signingInfo: SigningInfo? = null,
         override val config: Map<String, Any> = emptyMap()
-) : TestCordappInternal {
+) : TestCordappInternal() {
     init {
         require(packages.isNotEmpty() || classes.isNotEmpty()) { "At least one package or class must be specified" }
     }
 
     override val jarFile: Path get() = getJarFile(this)
 
-    override val scanPackage: String get() = throw UnsupportedOperationException()
-
     override fun withConfig(config: Map<String, Any>): CustomCordapp = copy(config = config)
 
     override fun withOnlyJarContents(): CustomCordapp = CustomCordapp(packages = packages, classes = classes)
@@ -49,7 +47,9 @@ data class CustomCordapp(
 
     @VisibleForTesting
     internal fun packageAsJar(file: Path) {
-        val scanResult = ClassGraph()
+        val classGraph = ClassGraph()
+        classes.forEach { classGraph.addClassLoader(it.classLoader) }
+        val scanResult = classGraph
                 .whitelistPackages(*packages.toTypedArray())
                 .whitelistClasses(*classes.map { it.name }.toTypedArray())
                 .scan()
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
index 9d200c2ae3..c39bc14594 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
@@ -37,6 +37,7 @@ import net.corda.nodeapi.internal.crypto.X509KeyStore
 import net.corda.nodeapi.internal.crypto.X509Utilities
 import net.corda.nodeapi.internal.network.NetworkParametersCopier
 import net.corda.nodeapi.internal.network.NodeInfoFilesCopier
+import net.corda.notary.experimental.raft.RaftConfig
 import net.corda.serialization.internal.amqp.AbstractAMQPSerializationScheme
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
@@ -52,6 +53,7 @@ import okhttp3.OkHttpClient
 import okhttp3.Request
 import rx.Subscription
 import rx.schedulers.Schedulers
+import java.io.File
 import java.lang.management.ManagementFactory
 import java.net.ConnectException
 import java.net.URL
@@ -332,7 +334,9 @@ class DriverDSLImpl(
         _executorService = Executors.newScheduledThreadPool(2, ThreadFactoryBuilder().setNameFormat("driver-pool-thread-%d").build())
         _shutdownManager = ShutdownManager(executorService)
 
-        extraCustomCordapps = cordappsForPackages(extraCordappPackagesToScan + getCallerPackage())
+        val callerPackage = getCallerPackage().toMutableList()
+        if(callerPackage.firstOrNull()?.startsWith("net.corda.node") == true) callerPackage.add("net.corda.testing")
+        extraCustomCordapps = cordappsForPackages(extraCordappPackagesToScan + callerPackage)
 
         val notaryInfosFuture = if (compatibilityZone == null) {
             // If no CZ is specified then the driver does the generation of the network parameters and the copying of the
@@ -484,23 +488,22 @@ class DriverDSLImpl(
         return startRegisteredNode(
                 spec.name,
                 localNetworkMap,
-                NodeParameters(rpcUsers = spec.rpcUsers, verifierType = spec.verifierType, customOverrides = notaryConfig + customOverrides)
+                NodeParameters(rpcUsers = spec.rpcUsers, verifierType = spec.verifierType, customOverrides = notaryConfig + customOverrides, maximumHeapSize = spec.maximumHeapSize)
         ).map { listOf(it) }
     }
 
     private fun startRaftNotaryCluster(spec: NotarySpec, localNetworkMap: LocalNetworkMap?): CordaFuture<List<NodeHandle>> {
         fun notaryConfig(nodeAddress: NetworkHostAndPort, clusterAddress: NetworkHostAndPort? = null): Map<String, Any> {
             val clusterAddresses = if (clusterAddress != null) listOf(clusterAddress) else emptyList()
-            val config = configOf("notary" to mapOf(
-                    "validating" to spec.validating,
-                    "serviceLegalName" to spec.name.toString(),
-                    "className" to "net.corda.notary.raft.RaftNotaryService",
-                    "extraConfig" to mapOf(
-                            "nodeAddress" to nodeAddress.toString(),
-                            "clusterAddresses" to clusterAddresses.map { it.toString() }
-                    ))
+            val config = NotaryConfig(
+                    validating = spec.validating,
+                    serviceLegalName = spec.name,
+                    raft = RaftConfig(
+                            nodeAddress = nodeAddress,
+                            clusterAddresses = clusterAddresses
+                    )
             )
-            return config.root().unwrapped()
+            return mapOf("notary" to config.toConfig().root().unwrapped())
         }
 
         val nodeNames = generateNodeNames(spec)
@@ -763,13 +766,21 @@ class DriverDSLImpl(
                 it += extraCmdLineFlag
             }.toList()
 
+            // This excludes the samples and the finance module from the system classpath of the out of process nodes
+            // as they will be added to the cordapps folder.
+            val exclude = listOf("samples", "finance", "integrationTest", "test", "corda-mock")
+            val cp = ProcessUtilities.defaultClassPath.filterNot { cpEntry ->
+                exclude.any { token -> cpEntry.contains("${File.separatorChar}$token") } || cpEntry.endsWith("-tests.jar")
+            }
+
             return ProcessUtilities.startJavaProcess(
                     className = "net.corda.node.Corda", // cannot directly get class for this, so just use string
                     arguments = arguments,
                     jdwpPort = debugPort,
                     extraJvmArguments = extraJvmArguments,
                     workingDirectory = config.corda.baseDirectory,
-                    maximumHeapSize = maximumHeapSize
+                    maximumHeapSize = maximumHeapSize,
+                    classPath = cp
             )
         }
 
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt
index 6cb9186099..c6f1b4fbff 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt
@@ -30,15 +30,12 @@ import net.corda.core.utilities.seconds
 import net.corda.node.VersionInfo
 import net.corda.node.internal.AbstractNode
 import net.corda.node.internal.InitiatedFlowFactory
-import net.corda.node.internal.NetworkParametersStorageInternal
+import net.corda.node.internal.NetworkParametersStorage
 import net.corda.node.internal.NodeFlowManager
 import net.corda.node.services.api.FlowStarter
 import net.corda.node.services.api.ServiceHubInternal
 import net.corda.node.services.api.StartedNodeServices
-import net.corda.node.services.config.FlowTimeoutConfiguration
-import net.corda.node.services.config.NetworkParameterAcceptanceSettings
-import net.corda.node.services.config.NodeConfiguration
-import net.corda.node.services.config.VerifierType
+import net.corda.node.services.config.*
 import net.corda.node.services.identity.PersistentIdentityService
 import net.corda.node.services.keys.E2ETestKeyManagementService
 import net.corda.node.services.keys.KeyManagementServiceInternal
@@ -90,7 +87,7 @@ data class InternalMockNodeParameters(
         val forcedID: Int? = null,
         val legalName: CordaX500Name? = null,
         val entropyRoot: BigInteger = BigInteger.valueOf(random63BitValue()),
-        val configOverrides: MockNodeConfigOverrides? = null,
+        val configOverrides: (NodeConfiguration) -> Any? = {},
         val version: VersionInfo = MOCK_VERSION_INFO,
         val additionalCordapps: Collection<TestCordappInternal> = emptyList(),
         val flowManager: MockNodeFlowManager = MockNodeFlowManager()) {
@@ -98,7 +95,7 @@ data class InternalMockNodeParameters(
             mockNodeParameters.forcedID,
             mockNodeParameters.legalName,
             mockNodeParameters.entropyRoot,
-            mockNodeParameters.configOverrides,
+            { mockNodeParameters.configOverrides?.applyMockNodeOverrides(it) },
             MOCK_VERSION_INFO,
             uncheckedCast(mockNodeParameters.additionalCordapps)
     )
@@ -260,7 +257,7 @@ open class InternalMockNetwork(cordappPackages: List<String> = emptyList(),
         return notarySpecs.map { (name, validating) ->
             createNode(InternalMockNodeParameters(
                     legalName = name,
-                    configOverrides = MockNodeConfigOverrides(notary = MockNetNotaryConfig(validating))
+                    configOverrides = { doReturn(NotaryConfig(validating)).whenever(it).notary }
             ))
         }
     }
@@ -437,9 +434,7 @@ open class InternalMockNetwork(cordappPackages: List<String> = emptyList(),
             }
         }
 
-        override fun makeParametersStorage(): NetworkParametersStorageInternal {
-            return MockNetworkParametersStorage()
-        }
+        override fun makeNetworkParametersStorage(): NetworkParametersStorage = MockNetworkParametersStorage()
     }
 
     fun createUnstartedNode(parameters: InternalMockNodeParameters = InternalMockNodeParameters()): MockNode {
@@ -470,7 +465,7 @@ open class InternalMockNetwork(cordappPackages: List<String> = emptyList(),
             doReturn(makeTestDataSourceProperties("node_${id}_net_$networkId")).whenever(it).dataSourceProperties
             doReturn(emptyList<SecureHash>()).whenever(it).extraNetworkMapKeys
             doReturn(listOf(baseDirectory / "cordapps")).whenever(it).cordappDirectories
-            parameters.configOverrides?.applyMockNodeOverrides(it)
+            parameters.configOverrides(it)
         }
 
         TestCordappInternal.installCordapps(baseDirectory, parameters.additionalCordapps.toSet(), combinedCordappsForAllNodes)
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetworkConfigOverrides.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetworkConfigOverrides.kt
index e5606d0b47..15c4755e7e 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetworkConfigOverrides.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetworkConfigOverrides.kt
@@ -9,11 +9,7 @@ import net.corda.testing.node.MockNetNotaryConfig
 import net.corda.testing.node.MockNodeConfigOverrides
 
 fun MockNetNotaryConfig.toNotaryConfig(): NotaryConfig {
-    return if (this.className == null) {
-        NotaryConfig(validating = this.validating, extraConfig = this.extraConfig, serviceLegalName = this.serviceLegalName)
-    } else {
-        NotaryConfig(validating = this.validating, extraConfig = this.extraConfig, serviceLegalName = this.serviceLegalName, className = this.className)
-    }
+    return NotaryConfig(validating = this.validating, extraConfig = this.extraConfig, serviceLegalName = this.serviceLegalName, className = this.className)
 }
 
 fun MockNodeConfigOverrides.applyMockNodeOverrides(config: NodeConfiguration) {
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalTestUtils.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalTestUtils.kt
index e37370bc50..da13ab9e7f 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalTestUtils.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalTestUtils.kt
@@ -7,6 +7,7 @@ import net.corda.core.concurrent.CordaFuture
 import net.corda.core.context.InvocationContext
 import net.corda.core.flows.FlowLogic
 import net.corda.core.internal.FlowStateMachine
+import net.corda.core.internal.VisibleForTesting
 import net.corda.core.internal.concurrent.openFuture
 import net.corda.core.internal.times
 import net.corda.core.messaging.CordaRPCOps
@@ -24,6 +25,7 @@ import net.corda.testing.internal.chooseIdentity
 import net.corda.testing.internal.createTestSerializationEnv
 import net.corda.testing.internal.inVMExecutors
 import net.corda.testing.node.InMemoryMessagingNetwork
+import net.corda.testing.node.TestCordapp
 import net.corda.testing.node.User
 import net.corda.testing.node.testContext
 import org.slf4j.LoggerFactory
@@ -37,9 +39,82 @@ import java.util.concurrent.ScheduledExecutorService
 import java.util.concurrent.TimeUnit
 import java.util.jar.JarOutputStream
 import java.util.zip.ZipEntry
+import kotlin.reflect.KClass
 
 private val log = LoggerFactory.getLogger("net.corda.testing.internal.InternalTestUtils")
 
+/**
+ * Reference to the finance-contracts CorDapp in this repo. The metadata is taken directly from finance/contracts/build.gradle, including the
+ * fact that the jar is signed. If you need an unsigned jar then use `cordappWithPackages("net.corda.finance.contracts")`.
+ *
+ * You will probably need to use [FINANCE_CORDAPPS] instead to get access to the flows as well.
+ */
+// TODO We can't use net.corda.finance.contracts as finance-workflows contains the package net.corda.finance.contracts.asset.cash.selection. This should be renamed.
+@JvmField
+val FINANCE_CONTRACTS_CORDAPP: TestCordappImpl = findCordapp("net.corda.finance.schemas")
+
+/**
+ * Reference to the finance-workflows CorDapp in this repo. The metadata is taken directly from finance/workflows/build.gradle, including the
+ * fact that the jar is signed. If you need an unsigned jar then use `cordappWithPackages("net.corda.finance.flows")`.
+ *
+ * You will probably need to use [FINANCE_CORDAPPS] instead to get access to the contract classes as well.
+ */
+@JvmField
+val FINANCE_WORKFLOWS_CORDAPP: TestCordappImpl = findCordapp("net.corda.finance.flows")
+
+@JvmField
+val FINANCE_CORDAPPS: Set<TestCordappInternal> = setOf(FINANCE_CONTRACTS_CORDAPP, FINANCE_WORKFLOWS_CORDAPP)
+
+fun cordappsForPackages(vararg packageNames: String): Set<CustomCordapp> = cordappsForPackages(packageNames.asList())
+
+fun cordappsForPackages(packageNames: Iterable<String>): Set<CustomCordapp> {
+    return simplifyScanPackages(packageNames).mapTo(HashSet()) { cordappWithPackages(it) }
+}
+
+/**
+ * Create a *custom* CorDapp which contains all the classes and resoures located in the given packages. The CorDapp's metadata will be the
+ * default values as defined in the [CustomCordapp] c'tor. Use the `copy` to change them. This means the metadata will *not* be the one defined
+ * in the original CorDapp(s) that the given packages may represent. If this is not what you want then use [findCordapp] instead.
+ */
+fun cordappWithPackages(vararg packageNames: String): CustomCordapp = CustomCordapp(packages = simplifyScanPackages(packageNames.asList()))
+
+/** Create a *custom* CorDapp which contains just the given classes. */
+// TODO Rename to cordappWithClasses
+fun cordappForClasses(vararg classes: Class<*>): CustomCordapp = CustomCordapp(packages = emptySet(), classes = classes.toSet())
+
+/**
+ * Find the single CorDapp jar on the current classpath which contains the given package. This is a convenience method for
+ * [TestCordapp.findCordapp] but returns the internal [TestCordappImpl].
+ */
+fun findCordapp(scanPackage: String): TestCordappImpl = TestCordapp.findCordapp(scanPackage) as TestCordappImpl
+
+private fun getCallerClass(directCallerClass: KClass<*>): Class<*>? {
+    val stackTrace = Throwable().stackTrace
+    val index = stackTrace.indexOfLast { it.className == directCallerClass.java.name }
+    if (index == -1) return null
+    return try {
+        Class.forName(stackTrace[index + 1].className)
+    } catch (e: ClassNotFoundException) {
+        null
+    }
+}
+
+fun getCallerPackage(directCallerClass: KClass<*>): String? = getCallerClass(directCallerClass)?.`package`?.name
+
+/**
+ * Squashes child packages if the parent is present. Example: ["com.foo", "com.foo.bar"] into just ["com.foo"].
+ */
+@VisibleForTesting
+internal fun simplifyScanPackages(scanPackages: Iterable<String>): Set<String> {
+    return scanPackages.sorted().fold(emptySet()) { soFar, packageName ->
+        when {
+            soFar.isEmpty() -> setOf(packageName)
+            packageName.startsWith("${soFar.last()}.") -> soFar
+            else -> soFar + packageName
+        }
+    }
+}
+
 /**
  * @throws ListenProcessDeathException if [listenProcess] dies before the check succeeds, i.e. the check can't succeed as intended.
  */
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/MockNetworkParametersStorage.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/MockNetworkParametersService.kt
similarity index 92%
rename from testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/MockNetworkParametersStorage.kt
rename to testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/MockNetworkParametersService.kt
index f5a502f80d..497c249843 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/MockNetworkParametersStorage.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/MockNetworkParametersService.kt
@@ -3,18 +3,17 @@ package net.corda.testing.node.internal
 import net.corda.core.crypto.SecureHash
 import net.corda.core.identity.Party
 import net.corda.core.internal.SignedDataWithCert
-import net.corda.core.internal.notary.HistoricNetworkParameterStorage
 import net.corda.core.node.NetworkParameters
 import net.corda.core.node.NotaryInfo
 import net.corda.core.serialization.serialize
-import net.corda.node.internal.NetworkParametersStorageInternal
+import net.corda.node.internal.NetworkParametersStorage
 import net.corda.nodeapi.internal.network.verifiedNetworkMapCert
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.internal.withTestSerializationEnvIfNotSet
 import java.security.cert.X509Certificate
 import java.time.Instant
 
-class MockNetworkParametersStorage(private var currentParameters: NetworkParameters = testNetworkParameters(modifiedTime = Instant.MIN)) : NetworkParametersStorageInternal, HistoricNetworkParameterStorage {
+class MockNetworkParametersStorage(private var currentParameters: NetworkParameters = testNetworkParameters(modifiedTime = Instant.MIN)) : NetworkParametersStorage {
     private val hashToParametersMap: HashMap<SecureHash, NetworkParameters> = HashMap()
 
     init {
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappImpl.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappImpl.kt
index 0f6e666e02..c741b71738 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappImpl.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappImpl.kt
@@ -13,12 +13,12 @@ import kotlin.streams.toList
 /**
  * Implementation of the public [TestCordapp] API.
  *
- * As described in [TestCordapp.Factory.findCordapp], this represents a single CorDapp jar on the current classpath. The [scanPackage] may
+ * As described in [TestCordapp.findCordapp], this represents a single CorDapp jar on the current classpath. The [scanPackage] may
  * be for an external dependency to the project that's using this API, in which case that dependency jar is referenced as is. On the other hand,
  * the [scanPackage] may reference a gradle CorDapp project on the local system. In this scenerio the project's "jar" task is executed to
  * build the CorDapp jar. This allows us to inherit the CorDapp's MANIFEST information without having to do any extra processing.
  */
-data class TestCordappImpl(override val scanPackage: String, override val config: Map<String, Any>) : TestCordappInternal {
+data class TestCordappImpl(val scanPackage: String, override val config: Map<String, Any>) : TestCordappInternal() {
     override fun withConfig(config: Map<String, Any>): TestCordappImpl = copy(config = config)
 
     override fun withOnlyJarContents(): TestCordappImpl = copy(config = emptyMap())
@@ -27,9 +27,11 @@ data class TestCordappImpl(override val scanPackage: String, override val config
         get() {
             val jars = TestCordappImpl.findJars(scanPackage)
             when (jars.size) {
-                0 -> throw IllegalArgumentException("Package $scanPackage does not exist")
+                0 -> throw IllegalArgumentException("There are no CorDapps containing the package $scanPackage on the classpath. Make sure " +
+                        "the package name is correct and that the CorDapp is added as a gradle dependency.")
                 1 -> return jars.first()
-                else -> throw IllegalArgumentException("More than one jar found containing package $scanPackage: $jars")
+                else -> throw IllegalArgumentException("There is more than one CorDapp containing the package $scanPackage on the classpath " +
+                        "$jars. Specify a package name which is unique to the CorDapp.")
             }
         }
 
@@ -76,13 +78,12 @@ data class TestCordappImpl(override val scanPackage: String, override val config
         private fun buildCordappJar(projectRoot: Path): Path {
             return projectRootToBuiltJar.computeIfAbsent(projectRoot) {
                 val gradlew = findGradlewDir(projectRoot) / (if (SystemUtils.IS_OS_WINDOWS) "gradlew.bat" else "gradlew")
-                val libs = projectRoot / "build" / "libs"
-                libs.deleteRecursively()
                 log.info("Generating CorDapp jar from local project in $projectRoot ...")
                 val exitCode = ProcessBuilder(gradlew.toString(), "jar").directory(projectRoot.toFile()).inheritIO().start().waitFor()
-                check(exitCode == 0) { "Unable to generate CorDapp jar from local project in $projectRoot ($exitCode)" }
-                val jars = libs.list { it.filter { it.toString().endsWith(".jar") }.toList() }
-                checkNotNull(jars.singleOrNull()) { "Expecting a single built jar in $libs, but instead got $jars" }
+                check(exitCode == 0) { "Unable to generate CorDapp jar from local project in $projectRoot (exit=$exitCode)" }
+                val libs = projectRoot / "build" / "libs"
+                val jars = libs.list { it.filter { it.toString().endsWith(".jar") }.toList() }.sortedBy { it.attributes().creationTime() }
+                checkNotNull(jars.lastOrNull()) { "No jars were built in $libs" }
             }
         }
 
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappInternal.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappInternal.kt
index 13d7d94428..1a14b28000 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappInternal.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappInternal.kt
@@ -14,14 +14,16 @@ import java.nio.file.StandardCopyOption.REPLACE_EXISTING
  *
  * @property jarFile The jar file this CorDapp represents. Different CorDapps may point to the same file.
  */
-interface TestCordappInternal : TestCordapp {
-    val jarFile: Path
+abstract class TestCordappInternal : TestCordapp() {
+    abstract val jarFile: Path
 
     /** Return a copy of this TestCordappInternal but without any metadata, such as configs and signing information. */
-    fun withOnlyJarContents(): TestCordappInternal
+    abstract fun withOnlyJarContents(): TestCordappInternal
 
     companion object {
-        fun installCordapps(baseDirectory: Path, nodeSpecificCordapps: Set<TestCordappInternal>, generalCordapps: Set<TestCordappInternal>) {
+        fun installCordapps(baseDirectory: Path,
+                            nodeSpecificCordapps: Set<TestCordappInternal>,
+                            generalCordapps: Set<TestCordappInternal> = emptySet()) {
             val nodeSpecificCordappsWithoutMeta = checkNoConflicts(nodeSpecificCordapps)
             checkNoConflicts(generalCordapps)
 
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappsUtils.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappsUtils.kt
deleted file mode 100644
index 250c38fbaa..0000000000
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappsUtils.kt
+++ /dev/null
@@ -1,75 +0,0 @@
-package net.corda.testing.node.internal
-
-import net.corda.testing.node.TestCordapp
-import kotlin.reflect.KClass
-
-/**
- * Reference to the finance-contracts CorDapp in this repo. The metadata is taken directly from finance/contracts/build.gradle, including the
- * fact that the jar is signed. If you need an unsigned jar then use `cordappWithPackages("net.corda.finance.contracts")`.
- *
- * You will probably need to use [FINANCE_CORDAPPS] instead to get access to the flows as well.
- */
-// TODO We can't use net.corda.finance.contracts as finance-workflows contains the package net.corda.finance.contracts.asset.cash.selection. This should be renamed.
-@JvmField
-val FINANCE_CONTRACTS_CORDAPP: TestCordappImpl = findCordapp("net.corda.finance.schemas")
-
-/**
- * Reference to the finance-workflows CorDapp in this repo. The metadata is taken directly from finance/workflows/build.gradle, including the
- * fact that the jar is signed. If you need an unsigned jar then use `cordappWithPackages("net.corda.finance.flows")`.
- *
- * You will probably need to use [FINANCE_CORDAPPS] instead to get access to the contract classes as well.
- */
-@JvmField
-val FINANCE_WORKFLOWS_CORDAPP: TestCordappImpl = findCordapp("net.corda.finance.flows")
-
-@JvmField
-val FINANCE_CORDAPPS: List<TestCordappInternal> = listOf(FINANCE_CONTRACTS_CORDAPP, FINANCE_WORKFLOWS_CORDAPP)
-
-fun cordappsForPackages(vararg packageNames: String): Set<CustomCordapp> = cordappsForPackages(packageNames.asList())
-
-fun cordappsForPackages(packageNames: Iterable<String>): Set<CustomCordapp> {
-    return simplifyScanPackages(packageNames).mapTo(HashSet()) { cordappWithPackages(it) }
-}
-
-/**
- * Create a *custom* CorDapp which contains all the classes and resoures located in the given packages. The CorDapp's metadata will be the
- * default values as defined in the [CustomCordapp] c'tor. Use the `copy` to change them. This means the metadata will *not* be the one defined
- * in the original CorDapp(s) that the given packages may represent. If this is not what you want then use [findCordapp] instead.
- */
-fun cordappWithPackages(vararg packageNames: String): CustomCordapp = CustomCordapp(packages = simplifyScanPackages(packageNames.asList()))
-
-/** Create a *custom* CorDapp which contains just the given classes. */
-// TODO Rename to cordappWithClasses
-fun cordappForClasses(vararg classes: Class<*>): CustomCordapp = CustomCordapp(packages = emptySet(), classes = classes.toSet())
-
-/**
- * Find the single CorDapp jar on the current classpath which contains the given package. This is a convenience method for
- * [TestCordapp.Factory.findCordapp] but returns the internal [TestCordappImpl].
- */
-fun findCordapp(scanPackage: String): TestCordappImpl = TestCordapp.Factory.findCordapp(scanPackage) as TestCordappImpl
-
-fun getCallerClass(directCallerClass: KClass<*>): Class<*>? {
-    val stackTrace = Throwable().stackTrace
-    val index = stackTrace.indexOfLast { it.className == directCallerClass.java.name }
-    if (index == -1) return null
-    return try {
-        Class.forName(stackTrace[index + 1].className)
-    } catch (e: ClassNotFoundException) {
-        null
-    }
-}
-
-fun getCallerPackage(directCallerClass: KClass<*>): String? = getCallerClass(directCallerClass)?.`package`?.name
-
-/**
- * Squashes child packages if the parent is present. Example: ["com.foo", "com.foo.bar"] into just ["com.foo"].
- */
-fun simplifyScanPackages(scanPackages: Iterable<String>): Set<String> {
-    return scanPackages.sorted().fold(emptySet()) { soFar, packageName ->
-        when {
-            soFar.isEmpty() -> setOf(packageName)
-            packageName.startsWith("${soFar.last()}.") -> soFar
-            else -> soFar + packageName
-        }
-    }
-}
diff --git a/testing/node-driver/src/test/java/net/corda/testing/node/MockNodeFactoryInJavaTest.java b/testing/node-driver/src/test/java/net/corda/testing/node/MockNodeFactoryInJavaTest.java
deleted file mode 100644
index 1491c39d28..0000000000
--- a/testing/node-driver/src/test/java/net/corda/testing/node/MockNodeFactoryInJavaTest.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package net.corda.testing.node;
-
-import static java.util.Collections.emptyList;
-
-@SuppressWarnings("unused")
-public class MockNodeFactoryInJavaTest {
-    /**
-     * Does not need to run, only compile.
-     */
-    @SuppressWarnings("unused")
-    private static void factoryIsEasyToPassInUsingJava() {
-        //noinspection Convert2MethodRef
-        new MockNetwork(emptyList());
-        new MockNetwork(emptyList(), new MockNetworkParameters().withThreadPerNode(true));
-        //noinspection Convert2MethodRef
-        new MockNetwork(emptyList()).createNode(new MockNodeParameters());
-    }
-}
diff --git a/testing/node-driver/src/test/java/net/corda/testing/node/TestResponseFlowInIsolationInJava.java b/testing/node-driver/src/test/java/net/corda/testing/node/TestResponseFlowInIsolationInJava.java
index af4bb5a14b..64871a45aa 100644
--- a/testing/node-driver/src/test/java/net/corda/testing/node/TestResponseFlowInIsolationInJava.java
+++ b/testing/node-driver/src/test/java/net/corda/testing/node/TestResponseFlowInIsolationInJava.java
@@ -1,6 +1,7 @@
 package net.corda.testing.node;
 
 import co.paralleluniverse.fibers.Suspendable;
+import net.corda.core.Utils;
 import net.corda.core.concurrent.CordaFuture;
 import net.corda.core.flows.*;
 import net.corda.core.identity.Party;
@@ -12,7 +13,7 @@ import org.junit.rules.ExpectedException;
 
 import java.util.concurrent.Future;
 
-import static java.util.Collections.singletonList;
+import static net.corda.testing.node.internal.InternalTestUtilsKt.cordappsForPackages;
 import static org.hamcrest.Matchers.instanceOf;
 
 /**
@@ -24,7 +25,7 @@ import static org.hamcrest.Matchers.instanceOf;
  */
 public class TestResponseFlowInIsolationInJava {
 
-    private final MockNetwork network = new MockNetwork(singletonList("com.template"));
+    private final MockNetwork network = new MockNetwork(new MockNetworkParameters().withCordappsForAllNodes(cordappsForPackages("com.template")));
     private final StartedMockNode a = network.createNode();
     private final StartedMockNode b = network.createNode();
 
@@ -39,10 +40,10 @@ public class TestResponseFlowInIsolationInJava {
     @Test
     public void test() throws Exception {
         // This method returns the Responder flow object used by node B.
-        Future<Responder> initiatedResponderFlowFuture = b.registerResponderFlow(
+        Future<Responder> initiatedResponderFlowFuture = Utils.toFuture(b.registerInitiatedFlow(
                 // We tell node B to respond to BadInitiator with Responder.
                 // We want to observe the Responder flow object to check for errors.
-                BadInitiator.class, Responder::new, Responder.class);
+                BadInitiator.class, Responder.class));
 
         // We run the BadInitiator flow on node A.
         BadInitiator flow = new BadInitiator(b.getInfo().getLegalIdentities().get(0));
diff --git a/testing/node-driver/src/test/kotlin/net/corda/testing/node/MockNetworkTest.kt b/testing/node-driver/src/test/kotlin/net/corda/testing/node/MockNetworkTest.kt
index e9aa07276d..1e841a2acc 100644
--- a/testing/node-driver/src/test/kotlin/net/corda/testing/node/MockNetworkTest.kt
+++ b/testing/node-driver/src/test/kotlin/net/corda/testing/node/MockNetworkTest.kt
@@ -16,7 +16,7 @@ class MockNetworkTest {
 
     @Before
     fun setup() {
-        mockNetwork = MockNetwork(cordappPackages = emptyList())
+        mockNetwork = MockNetwork(MockNetworkParameters())
     }
 
     @After
diff --git a/testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/CustomCordappTest.kt b/testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/CustomCordappTest.kt
index 1844ee45a0..9d2c2097a6 100644
--- a/testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/CustomCordappTest.kt
+++ b/testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/CustomCordappTest.kt
@@ -17,12 +17,12 @@ class CustomCordappTest {
 
     @Test
     fun `packageAsJar writes out the CorDapp info into the manifest`() {
-        val cordapp = cordappWithPackages("net.corda.testing.node.internal").copy(targetPlatformVersion = 123, name = "TestCordappsUtilsTest")
+        val cordapp = cordappWithPackages("net.corda.testing.node.internal").copy(targetPlatformVersion = 123, name = "CustomCordappTest")
         val jarFile = packageAsJar(cordapp)
         JarInputStream(jarFile.inputStream()).use {
             assertThat(it.manifest[CordappImpl.TARGET_PLATFORM_VERSION]).isEqualTo("123")
-            assertThat(it.manifest[CordappImpl.CORDAPP_CONTRACT_NAME]).isEqualTo("TestCordappsUtilsTest")
-            assertThat(it.manifest[CordappImpl.CORDAPP_WORKFLOW_NAME]).isEqualTo("TestCordappsUtilsTest")
+            assertThat(it.manifest[CordappImpl.CORDAPP_CONTRACT_NAME]).isEqualTo("CustomCordappTest")
+            assertThat(it.manifest[CordappImpl.CORDAPP_WORKFLOW_NAME]).isEqualTo("CustomCordappTest")
         }
     }
 
@@ -31,7 +31,7 @@ class CustomCordappTest {
         val entries = packageAsJarThenReadBack(cordappWithPackages("net.corda.testing.node.internal"))
 
         assertThat(entries).contains(
-                "net/corda/testing/node/internal/TestCordappsUtilsTest.class",
+                "net/corda/testing/node/internal/CustomCordappTest.class",
                 "net/corda/testing/node/internal/resource.txt" // Make sure non-class resource files are also picked up
         ).doesNotContain(
                 "net/corda/testing/node/MockNetworkTest.class"
@@ -46,7 +46,7 @@ class CustomCordappTest {
         val entries = packageAsJarThenReadBack(cordappWithPackages("net.corda.testing.node"))
 
         assertThat(entries).contains(
-                "net/corda/testing/node/internal/TestCordappsUtilsTest.class",
+                "net/corda/testing/node/internal/CustomCordappTest.class",
                 "net/corda/testing/node/internal/resource.txt",
                 "net/corda/testing/node/MockNetworkTest.class"
         )
diff --git a/testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/TestCordappsUtilsTest.kt b/testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/InternalTestUtilsTest.kt
similarity index 97%
rename from testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/TestCordappsUtilsTest.kt
rename to testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/InternalTestUtilsTest.kt
index 4aa06a0a41..9219705166 100644
--- a/testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/TestCordappsUtilsTest.kt
+++ b/testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/InternalTestUtilsTest.kt
@@ -3,7 +3,7 @@ package net.corda.testing.node.internal
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.Test
 
-class TestCordappsUtilsTest {
+class InternalTestUtilsTest {
     @Test
     fun `test simplifyScanPackages`() {
         assertThat(simplifyScanPackages(emptyList())).isEmpty()
diff --git a/testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/TestResponseFlowInIsolation.kt b/testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/TestResponseFlowInIsolation.kt
index 07e260019d..7090496772 100644
--- a/testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/TestResponseFlowInIsolation.kt
+++ b/testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/TestResponseFlowInIsolation.kt
@@ -3,15 +3,15 @@ package net.corda.testing.node.internal
 import co.paralleluniverse.fibers.Suspendable
 import net.corda.core.flows.*
 import net.corda.core.identity.Party
+import net.corda.core.toFuture
+import net.corda.core.utilities.getOrThrow
 import net.corda.core.utilities.unwrap
 import net.corda.testing.internal.chooseIdentity
 import net.corda.testing.node.MockNetwork
-import net.corda.testing.node.registerResponderFlow
-import org.assertj.core.api.Assertions.assertThat
+import net.corda.testing.node.MockNetworkParameters
+import org.assertj.core.api.Assertions.assertThatExceptionOfType
 import org.junit.After
 import org.junit.Test
-import java.util.concurrent.ExecutionException
-import kotlin.test.assertFailsWith
 
 /**
  * Test based on the example given as an answer to this SO question:
@@ -22,7 +22,7 @@ import kotlin.test.assertFailsWith
  */
 class TestResponseFlowInIsolation {
 
-    private val network: MockNetwork = MockNetwork(listOf("com.template"))
+    private val network: MockNetwork = MockNetwork(MockNetworkParameters(cordappsForAllNodes = cordappsForPackages("com.template")))
     private val a = network.createNode()
     private val b = network.createNode()
 
@@ -31,7 +31,7 @@ class TestResponseFlowInIsolation {
 
     // This is the real implementation of Initiator.
     @InitiatingFlow
-    open class Initiator(val counterparty: Party) : FlowLogic<Unit>() {
+    open class Initiator(private val counterparty: Party) : FlowLogic<Unit>() {
         @Suspendable
         override fun call() {
             val session = initiateFlow(counterparty)
@@ -41,7 +41,7 @@ class TestResponseFlowInIsolation {
 
     // This is the response flow that we want to isolate for testing.
     @InitiatedBy(Initiator::class)
-    class Responder(val counterpartySession: FlowSession) : FlowLogic<Unit>() {
+    class Responder(private val counterpartySession: FlowSession) : FlowLogic<Unit>() {
         @Suspendable
         override fun call() {
             val string = counterpartySession.receive<String>().unwrap { contents -> contents }
@@ -53,7 +53,7 @@ class TestResponseFlowInIsolation {
 
     // This is a fake implementation of Initiator to check how Responder responds to non-golden-path scenarios.
     @InitiatingFlow
-    class BadInitiator(val counterparty: Party): FlowLogic<Unit>() {
+    class BadInitiator(private val counterparty: Party): FlowLogic<Unit>() {
         @Suspendable
         override fun call() {
             val session = initiateFlow(counterparty)
@@ -62,12 +62,10 @@ class TestResponseFlowInIsolation {
     }
 
     @Test
-    fun `test`() {
+    fun test() {
         // This method returns the Responder flow object used by node B.
         // We tell node B to respond to BadInitiator with Responder.
-        val initiatedResponderFlowFuture = b.registerResponderFlow(
-                initiatingFlowClass = BadInitiator::class.java,
-                flowFactory = ::Responder)
+        val initiatedResponderFlowFuture = b.registerInitiatedFlow(BadInitiator::class.java, Responder::class.java).toFuture()
 
         // We run the BadInitiator flow on node A.
         val flow = BadInitiator(b.info.chooseIdentity())
@@ -76,14 +74,11 @@ class TestResponseFlowInIsolation {
         future.get()
 
         // We check that the invocation of the Responder flow object has caused an ExecutionException.
-        val initiatedResponderFlow = initiatedResponderFlowFuture.get()
+        val initiatedResponderFlow = initiatedResponderFlowFuture.getOrThrow()
         val initiatedResponderFlowResultFuture = initiatedResponderFlow.stateMachine.resultFuture
 
-        val exceptionFromFlow = assertFailsWith<ExecutionException> {
-            initiatedResponderFlowResultFuture.get()
-        }.cause
-        assertThat(exceptionFromFlow)
-                .isInstanceOf(FlowException::class.java)
-                .hasMessage("String did not contain the expected message.")
+        assertThatExceptionOfType(FlowException::class.java)
+                .isThrownBy { initiatedResponderFlowResultFuture.getOrThrow() }
+                .withMessage("String did not contain the expected message.")
     }
-}
\ No newline at end of file
+}
diff --git a/testing/test-common/src/main/kotlin/net/corda/testing/common/internal/ParametersUtilities.kt b/testing/test-common/src/main/kotlin/net/corda/testing/common/internal/ParametersUtilities.kt
index 588ee182a3..27d61381f4 100644
--- a/testing/test-common/src/main/kotlin/net/corda/testing/common/internal/ParametersUtilities.kt
+++ b/testing/test-common/src/main/kotlin/net/corda/testing/common/internal/ParametersUtilities.kt
@@ -9,6 +9,7 @@ import java.security.PublicKey
 import java.time.Duration
 import java.time.Instant
 
+@JvmOverloads
 fun testNetworkParameters(
         notaries: List<NotaryInfo> = emptyList(),
         minimumPlatformVersion: Int = 1,
diff --git a/testing/test-utils/build.gradle b/testing/test-utils/build.gradle
index 5ff7c3121c..5154820e4f 100644
--- a/testing/test-utils/build.gradle
+++ b/testing/test-utils/build.gradle
@@ -26,6 +26,7 @@ dependencies {
 
     // OkHTTP: Simple HTTP library.
     compile "com.squareup.okhttp3:okhttp:$okhttp_version"
+    compile project(':confidential-identities') 
 }
 
 jar {
diff --git a/finance/contracts/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV1.kt b/testing/test-utils/src/main/kotlin/net/corda/finance/test/SampleCashSchemaV1.kt
similarity index 97%
rename from finance/contracts/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV1.kt
rename to testing/test-utils/src/main/kotlin/net/corda/finance/test/SampleCashSchemaV1.kt
index b3b1262803..90e50c215f 100644
--- a/finance/contracts/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV1.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/finance/test/SampleCashSchemaV1.kt
@@ -1,4 +1,4 @@
-package net.corda.finance.schemas.test
+package net.corda.finance.test
 
 import net.corda.core.contracts.MAX_ISSUER_REF_SIZE
 import net.corda.core.schemas.MappedSchema
diff --git a/finance/contracts/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV2.kt b/testing/test-utils/src/main/kotlin/net/corda/finance/test/SampleCashSchemaV2.kt
similarity index 97%
rename from finance/contracts/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV2.kt
rename to testing/test-utils/src/main/kotlin/net/corda/finance/test/SampleCashSchemaV2.kt
index ba6473f4b8..975988aa24 100644
--- a/finance/contracts/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV2.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/finance/test/SampleCashSchemaV2.kt
@@ -1,4 +1,4 @@
-package net.corda.finance.schemas.test
+package net.corda.finance.test
 
 import net.corda.core.identity.AbstractParty
 import net.corda.core.schemas.CommonSchemaV1
diff --git a/finance/contracts/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV3.kt b/testing/test-utils/src/main/kotlin/net/corda/finance/test/SampleCashSchemaV3.kt
similarity index 97%
rename from finance/contracts/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV3.kt
rename to testing/test-utils/src/main/kotlin/net/corda/finance/test/SampleCashSchemaV3.kt
index eded7dfbdf..5664ced7c6 100644
--- a/finance/contracts/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV3.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/finance/test/SampleCashSchemaV3.kt
@@ -1,4 +1,4 @@
-package net.corda.finance.schemas.test
+package net.corda.finance.test
 
 import net.corda.core.contracts.MAX_ISSUER_REF_SIZE
 import net.corda.core.identity.AbstractParty
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/core/internal/ContractJarTestUtils.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/core/internal/ContractJarTestUtils.kt
index 573aa77bb3..4bda623a87 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/core/internal/ContractJarTestUtils.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/core/internal/ContractJarTestUtils.kt
@@ -44,15 +44,20 @@ object ContractJarTestUtils {
         }
     }
 
-    @JvmOverloads
-    fun makeTestSignedContractJar(workingDir: Path, contractName: String, version: Int = 1): Pair<Path, PublicKey> {
+    private fun Path.signWithDummyKey(jarName: Path): PublicKey{
         val alias = "testAlias"
         val pwd = "testPassword"
-        workingDir.generateKey(alias, pwd, ALICE_NAME.toString())
+        this.generateKey(alias, pwd, ALICE_NAME.toString())
+        val signer = this.signJar(jarName.toAbsolutePath().toString(), alias, pwd)
+        (this / "_shredder").delete()
+        (this / "_teststore").delete()
+        return signer
+    }
+
+    @JvmOverloads
+    fun makeTestSignedContractJar(workingDir: Path, contractName: String, version: Int = 1): Pair<Path, PublicKey> {
         val jarName = makeTestContractJar(workingDir, contractName, true, version)
-        val signer = workingDir.signJar(jarName.toAbsolutePath().toString(), alias, pwd)
-        (workingDir / "_shredder").delete()
-        (workingDir / "_teststore").delete()
+        val signer = workingDir.signWithDummyKey(jarName)
         return workingDir.resolve(jarName) to signer
     }
 
@@ -67,6 +72,23 @@ object ContractJarTestUtils {
         return workingDir.resolve(jarName)
     }
 
+    @JvmOverloads
+    fun makeTestContractJar(workingDir: Path, contractNames: List<String>, signed: Boolean = false, version: Int = 1, generateManifest: Boolean = true, jarFileName : String? = null): Path {
+        contractNames.forEach {
+            val packages = it.split(".")
+            val className = packages.last()
+            createTestClass(workingDir, className, packages.subList(0, packages.size - 1))
+        }
+        val packages = contractNames.first().split(".")
+        val jarName = jarFileName ?: "attachment-${packages.last()}-$version-${(if (signed) "signed" else "")}.jar"
+        workingDir.createJar(jarName, *contractNames.map{ "${it.replace(".", "/")}.class" }.toTypedArray() )
+        if (generateManifest)
+            workingDir.addManifest(jarName, Pair(Attributes.Name(CORDAPP_CONTRACT_VERSION), version.toString()))
+        if (signed)
+            workingDir.signWithDummyKey(workingDir.resolve(jarName))
+        return workingDir.resolve(jarName)
+    }
+
     private fun createTestClass(workingDir: Path, className: String, packages: List<String>): Path {
         val newClass = """package ${packages.joinToString(".")};
                 import net.corda.core.contracts.*;
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/core/internal/JarSignatureTestUtils.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/core/internal/JarSignatureTestUtils.kt
index 83fe9582ea..073bff3491 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/core/internal/JarSignatureTestUtils.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/core/internal/JarSignatureTestUtils.kt
@@ -67,11 +67,13 @@ object JarSignatureTestUtils {
         return ks.getCertificate(alias).publicKey
     }
 
-    fun Path.getPublicKey(alias: String, storePassword: String) : PublicKey {
-        val ks = loadKeyStore(this.resolve("_teststore"), storePassword)
+    fun Path.getPublicKey(alias: String, storeName: String, storePassword: String) : PublicKey {
+        val ks = loadKeyStore(this.resolve(storeName), storePassword)
         return ks.getCertificate(alias).publicKey
     }
 
+    fun Path.getPublicKey(alias: String, storePassword: String) = getPublicKey(alias, "_teststore", storePassword)
+
     fun Path.getJarSigners(fileName: String) =
             JarInputStream(FileInputStream((this / fileName).toFile())).use(JarSignatureCollector::collectSigners)
 
@@ -82,7 +84,7 @@ object JarSignatureTestUtils {
                 manifest.mainAttributes[attributeName] = value
             }
             val output = JarOutputStream(FileOutputStream((this / fileName).toFile()), manifest)
-            var entry= input.nextEntry
+            var entry = input.nextEntry
             val buffer = ByteArray(1 shl 14)
             while (true) {
                 output.putNextEntry(entry)
@@ -97,4 +99,4 @@ object JarSignatureTestUtils {
             output.close()
         }
     }
-}
\ No newline at end of file
+}
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/InternalSerializationTestHelpers.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/InternalSerializationTestHelpers.kt
index 5fe08e5f4a..24ecaa2386 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/InternalSerializationTestHelpers.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/InternalSerializationTestHelpers.kt
@@ -2,33 +2,16 @@ package net.corda.testing.internal
 
 import net.corda.client.rpc.internal.serialization.amqp.AMQPClientSerializationScheme
 import net.corda.core.serialization.internal.SerializationEnvironment
-import net.corda.core.serialization.internal._contextSerializationEnv
-import net.corda.core.serialization.internal._inheritableContextSerializationEnv
 import net.corda.node.serialization.amqp.AMQPServerSerializationScheme
 import net.corda.node.serialization.kryo.KRYO_CHECKPOINT_CONTEXT
 import net.corda.node.serialization.kryo.KryoCheckpointSerializer
 import net.corda.serialization.internal.*
 import net.corda.testing.common.internal.asContextEnv
-import net.corda.testing.core.SerializationEnvironmentRule
 import java.util.concurrent.ConcurrentHashMap
 import java.util.concurrent.ExecutorService
 
 val inVMExecutors = ConcurrentHashMap<SerializationEnvironment, ExecutorService>()
 
-/**
- * For example your test class uses [SerializationEnvironmentRule] but you want to turn it off for one method.
- * Use sparingly, ideally a test class shouldn't mix serializers init mechanisms.
- */
-fun <T> withoutTestSerialization(callable: () -> T): T { // TODO: Delete this, see CORDA-858.
-    val (property, env) = listOf(_contextSerializationEnv, _inheritableContextSerializationEnv).map { Pair(it, it.get()) }.single { it.second != null }
-    property.set(null)
-    try {
-        return callable()
-    } finally {
-        property.set(env)
-    }
-}
-
 fun createTestSerializationEnv(): SerializationEnvironment {
     val factory = SerializationFactoryImpl().apply {
         registerScheme(AMQPClientSerializationScheme(emptyList()))
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/services/MockAttachmentStorage.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/services/MockAttachmentStorage.kt
index 8dda8ff73b..87e532d6bb 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/services/MockAttachmentStorage.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/services/MockAttachmentStorage.kt
@@ -5,11 +5,8 @@ import net.corda.core.contracts.ContractAttachment
 import net.corda.core.contracts.ContractClassName
 import net.corda.core.crypto.SecureHash
 import net.corda.core.crypto.sha256
-import net.corda.core.internal.AbstractAttachment
-import net.corda.core.internal.TRUSTED_UPLOADERS
-import net.corda.core.internal.UNKNOWN_UPLOADER
+import net.corda.core.internal.*
 import net.corda.core.internal.cordapp.CordappImpl.Companion.DEFAULT_CORDAPP_VERSION
-import net.corda.core.internal.readFully
 import net.corda.core.node.services.AttachmentId
 import net.corda.core.node.services.AttachmentStorage
 import net.corda.core.node.services.vault.AttachmentQueryCriteria
diff --git a/tools/shell/src/main/kotlin/net/corda/tools/shell/utlities/ANSIProgressRenderer.kt b/tools/shell/src/main/kotlin/net/corda/tools/shell/utlities/ANSIProgressRenderer.kt
index e1bddd8a55..aa520a2e2d 100644
--- a/tools/shell/src/main/kotlin/net/corda/tools/shell/utlities/ANSIProgressRenderer.kt
+++ b/tools/shell/src/main/kotlin/net/corda/tools/shell/utlities/ANSIProgressRenderer.kt
@@ -2,6 +2,7 @@ package net.corda.tools.shell.utlities
 
 import net.corda.core.internal.Emoji
 import net.corda.core.messaging.FlowProgressHandle
+import org.apache.commons.lang.SystemUtils
 import org.apache.logging.log4j.LogManager
 import org.apache.logging.log4j.core.LogEvent
 import org.apache.logging.log4j.core.LoggerContext
@@ -22,6 +23,7 @@ abstract class ANSIProgressRenderer {
 
     protected var usingANSI = false
     protected var checkEmoji = false
+    private val usingUnicode = !SystemUtils.IS_OS_WINDOWS
 
     protected var treeIndex: Int = 0
     protected var treeIndexProcessed: MutableSet<Int> = mutableSetOf()
@@ -83,6 +85,7 @@ abstract class ANSIProgressRenderer {
             stepsTreeFeed?.apply {
                 tree = snapshot
                 subscriptionTree = updates.subscribe({
+                    remapIndices(it)
                     tree = it
                     draw(true)
                 }, { done(it) }, { done(null) })
@@ -90,7 +93,15 @@ abstract class ANSIProgressRenderer {
         }
     }
 
-
+    private fun remapIndices(newTree: List<Pair<Int, String>>) {
+        val newIndices = newTree.filter {
+            treeIndexProcessed.contains(tree.indexOf(it))
+        }.map {
+            newTree.indexOf(it)
+        }.toMutableSet()
+        treeIndex = newIndices.max() ?: 0
+        treeIndexProcessed = if (newIndices.isNotEmpty()) newIndices else mutableSetOf(0)
+    }
 
     @Synchronized protected fun draw(moveUp: Boolean, error: Throwable? = null) {
         if (!usingANSI) {
@@ -115,7 +126,8 @@ abstract class ANSIProgressRenderer {
             var newLinesDrawn = 1 + renderLevel(ansi, error != null)
 
             if (error != null) {
-                ansi.a("${Emoji.skullAndCrossbones} ${error.message}")
+                val errorIcon = if (usingUnicode) Emoji.skullAndCrossbones else "ERROR: "
+                ansi.a("$errorIcon ${error.message}")
                 ansi.eraseLine(Ansi.Erase.FORWARD)
                 ansi.newline()
                 newLinesDrawn++
@@ -152,10 +164,10 @@ abstract class ANSIProgressRenderer {
                 val activeStep = index == treeIndex
 
                 val marker = when {
-                    processedStep -> " ${Emoji.greenTick} "
+                    activeStep -> if (usingUnicode) "${Emoji.rightArrow} " else "CURRENT: "
+                    processedStep -> if (usingUnicode) " ${Emoji.greenTick} " else "DONE: "
                     skippedStep -> "      "
-                    activeStep -> "${Emoji.rightArrow} "
-                    error -> "${Emoji.noEntry} "
+                    error -> if (usingUnicode) "${Emoji.noEntry} " else "ERROR: "
                     else -> "    "   // Not reached yet.
                 }
                 a("    ".repeat(step.first))
@@ -226,7 +238,6 @@ object StdoutANSIProgressRenderer : ANSIProgressRenderer() {
 
     override fun setup() {
         AnsiConsole.systemInstall()
-
         checkEmoji = true
 
         // This line looks weird as hell because the magic code to decide if we really have a TTY or not isn't
diff --git a/tools/shell/src/test/kotlin/net/corda/tools/shell/utilities/ANSIProgressRendererTest.kt b/tools/shell/src/test/kotlin/net/corda/tools/shell/utilities/ANSIProgressRendererTest.kt
index 55a1e09413..b20c89168d 100644
--- a/tools/shell/src/test/kotlin/net/corda/tools/shell/utilities/ANSIProgressRendererTest.kt
+++ b/tools/shell/src/test/kotlin/net/corda/tools/shell/utilities/ANSIProgressRendererTest.kt
@@ -1,14 +1,13 @@
 package net.corda.tools.shell.utilities
 
-import com.nhaarman.mockito_kotlin.argumentCaptor
-import com.nhaarman.mockito_kotlin.mock
-import com.nhaarman.mockito_kotlin.verify
+import com.nhaarman.mockito_kotlin.*
 import net.corda.core.flows.StateMachineRunId
 import net.corda.core.internal.concurrent.openFuture
 import net.corda.core.messaging.DataFeed
 import net.corda.core.messaging.FlowProgressHandleImpl
 import net.corda.tools.shell.utlities.ANSIProgressRenderer
 import net.corda.tools.shell.utlities.CRaSHANSIProgressRenderer
+import org.apache.commons.lang.SystemUtils
 import org.assertj.core.api.Assertions.assertThat
 import org.crsh.text.RenderPrintWriter
 import org.junit.Test
@@ -27,38 +26,68 @@ class ANSIProgressRendererTest {
         private const val STEP_1_LABEL = "Running step 1"
         private const val STEP_2_LABEL = "Running step 2"
         private const val STEP_3_LABEL = "Running step 3"
+        private const val STEP_4_LABEL = "Running step 4"
+        private const val STEP_5_LABEL = "Running step 5"
 
-        private const val STEP_1_SUCCESS_OUTPUT = """✓ $STEP_1_LABEL"""
-        private const val STEP_2_SKIPPED_OUTPUT = """  $INTENSITY_FAINT_ON_ASCII$STEP_2_LABEL$INTENSITY_OFF_ASCII"""
-        private const val STEP_3_ACTIVE_OUTPUT  = """✓ $INTENSITY_BOLD_ON_ASCII$STEP_3_LABEL$INTENSITY_OFF_ASCII"""
+        fun stepSuccess(stepLabel: String): String {
+            return if (SystemUtils.IS_OS_WINDOWS) """DONE: $stepLabel""" else """✓ $stepLabel"""
+        }
+
+        fun stepSkipped(stepLabel: String): String {
+            return """  $INTENSITY_FAINT_ON_ASCII$stepLabel$INTENSITY_OFF_ASCII"""
+        }
+
+        fun stepActive(stepLabel: String): String {
+            return if (SystemUtils.IS_OS_WINDOWS) """CURRENT: $INTENSITY_BOLD_ON_ASCII$stepLabel$INTENSITY_OFF_ASCII""" else """▶︎ $INTENSITY_BOLD_ON_ASCII$stepLabel$INTENSITY_OFF_ASCII"""
+        }
     }
 
     lateinit var printWriter: RenderPrintWriter
     lateinit var progressRenderer: ANSIProgressRenderer
+    lateinit var indexSubject: PublishSubject<Int>
+    lateinit var feedSubject: PublishSubject<List<Pair<Int, String>>>
+    lateinit var flowProgressHandle: FlowProgressHandleImpl<*>
 
     @Before
     fun setup() {
         printWriter = mock()
         progressRenderer = CRaSHANSIProgressRenderer(printWriter)
+        indexSubject = PublishSubject.create<Int>()
+        feedSubject = PublishSubject.create<List<Pair<Int, String>>>()
+        val stepsTreeIndexFeed = DataFeed<Int, Int>(0, indexSubject)
+        val stepsTreeFeed = DataFeed<List<Pair<Int, String>>, List<Pair<Int, String>>>(listOf(), feedSubject)
+        flowProgressHandle = FlowProgressHandleImpl(StateMachineRunId.createRandom(), openFuture<String>(), Observable.empty(), stepsTreeIndexFeed, stepsTreeFeed)
     }
 
     @Test
     fun `test that steps are rendered appropriately depending on their status`() {
-        val indexSubject = PublishSubject.create<Int>()
-        val feedSubject = PublishSubject.create<List<Pair<Int, String>>>()
-        val stepsTreeIndexFeed = DataFeed<Int, Int>(0, indexSubject)
-        val stepsTreeFeed = DataFeed<List<Pair<Int, String>>, List<Pair<Int, String>>>(listOf(), feedSubject)
-        val flowProgressHandle = FlowProgressHandleImpl(StateMachineRunId.createRandom(), openFuture<String>(), Observable.empty(), stepsTreeIndexFeed, stepsTreeFeed)
-
         progressRenderer.render(flowProgressHandle)
+        feedSubject.onNext(listOf(Pair(0, STEP_1_LABEL), Pair(0, STEP_2_LABEL), Pair(0, STEP_3_LABEL)))
         // The flow is currently at step 3, while step 1 has been completed and step 2 has been skipped.
         indexSubject.onNext(2)
-        feedSubject.onNext(listOf(Pair(0, STEP_1_LABEL), Pair(0, STEP_2_LABEL), Pair(0, STEP_3_LABEL)))
 
         val captor = argumentCaptor<Ansi>()
-        verify(printWriter).print(captor.capture())
-        assertThat(captor.firstValue.toString()).containsSequence(STEP_1_SUCCESS_OUTPUT, STEP_2_SKIPPED_OUTPUT, STEP_3_ACTIVE_OUTPUT)
-        verify(printWriter).flush()
+        verify(printWriter, times(2)).print(captor.capture())
+        assertThat(captor.secondValue.toString()).containsSequence(stepSuccess(STEP_1_LABEL), stepSkipped(STEP_2_LABEL), stepActive(STEP_3_LABEL))
+        verify(printWriter, times(2)).flush()
     }
 
+    @Test
+    fun `changing tree causes correct steps to be marked as done`() {
+        progressRenderer.render(flowProgressHandle)
+        feedSubject.onNext(listOf(Pair(0, STEP_1_LABEL), Pair(1, STEP_2_LABEL), Pair(1, STEP_3_LABEL), Pair(0, STEP_4_LABEL), Pair(0, STEP_5_LABEL)))
+        indexSubject.onNext(1)
+        indexSubject.onNext(2)
+
+        val captor = argumentCaptor<Ansi>()
+        verify(printWriter, times(3)).print(captor.capture())
+        assertThat(captor.lastValue.toString()).containsSequence(stepSuccess(STEP_1_LABEL), stepSuccess(STEP_2_LABEL), stepActive(STEP_3_LABEL))
+        verify(printWriter, times(3)).flush()
+
+        feedSubject.onNext(listOf(Pair(0, STEP_1_LABEL), Pair(0, STEP_4_LABEL), Pair(0, STEP_5_LABEL)))
+        verify(printWriter, times(4)).print(captor.capture())
+        assertThat(captor.lastValue.toString()).containsSequence(stepActive(STEP_1_LABEL))
+        assertThat(captor.lastValue.toString()).doesNotContain(stepActive(STEP_5_LABEL))
+        verify(printWriter, times(4)).flush()
+    }
 }
\ No newline at end of file
diff --git a/webserver/src/integration-test/kotlin/net/corda/webserver/WebserverDriverTests.kt b/webserver/src/integration-test/kotlin/net/corda/webserver/WebserverDriverTests.kt
index 0a8e34340d..a2dd16b04d 100644
--- a/webserver/src/integration-test/kotlin/net/corda/webserver/WebserverDriverTests.kt
+++ b/webserver/src/integration-test/kotlin/net/corda/webserver/WebserverDriverTests.kt
@@ -31,7 +31,7 @@ class WebserverDriverTests {
     fun `starting a node and independent web server works`() {
         val addr = driver(DriverParameters(notarySpecs = emptyList())) {
             val node = startNode(providedName = DUMMY_BANK_A_NAME).getOrThrow()
-            val webserverHandle = startWebserver(node).getOrThrow()
+            val webserverHandle = startWebserver(node, "512m").getOrThrow()
             webserverMustBeUp(webserverHandle)
             webserverHandle.listenAddress
         }
diff --git a/webserver/src/main/kotlin/net/corda/webserver/internal/NodeWebServer.kt b/webserver/src/main/kotlin/net/corda/webserver/internal/NodeWebServer.kt
index 9ca4e03546..7615a4af5a 100644
--- a/webserver/src/main/kotlin/net/corda/webserver/internal/NodeWebServer.kt
+++ b/webserver/src/main/kotlin/net/corda/webserver/internal/NodeWebServer.kt
@@ -199,7 +199,7 @@ class NodeWebServer(val config: WebServerConfig) {
 
     private fun connectLocalRpcAsNodeUser(): CordaRPCOps {
         log.info("Connecting to node at ${config.rpcAddress} as ${config.runAs}")
-        val client = CordaRPCClient(config.rpcAddress)
+        val client = CordaRPCClient(config.rpcAddress, classLoader = javaClass.classLoader)
         val connection = client.start(config.runAs.username, config.runAs.password)
         return connection.proxy
     }