diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h
index 5aebcacd..13e92255 100644
--- a/src/BPSecLib_Private.h
+++ b/src/BPSecLib_Private.h
@@ -1314,7 +1314,7 @@ int BSL_PolicyRegistry_InspectActions(const BSL_LibCtx_t *bsl, BSL_SecurityActio
  * @return 0 if success
  */
 int BSL_PolicyRegistry_FinalizeActions(const BSL_LibCtx_t *bsl, const BSL_SecurityActionSet_t *policy_actions,
-                                       const BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output);
+                                       BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output);
 
 /// @brief Callback interface to query policy provider to populate the action set
 typedef int (*BSL_PolicyInspect_f)(void *user_data, BSL_SecurityActionSet_t *output_action_set,
@@ -1323,7 +1323,7 @@ typedef int (*BSL_PolicyInspect_f)(void *user_data, BSL_SecurityActionSet_t *out
 /// @brief Callback interface to finalize policy provider over the action set. Finalize should ignore actions from
 /// different policy providers
 typedef int (*BSL_PolicyFinalize_f)(void *user_data, const BSL_SecurityActionSet_t *output_action_set,
-                                    const BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output);
+                                    BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output);
 
 /// @brief Callback interface for policy provider to shut down and release any resources
 typedef void (*BSL_PolicyDeinit_f)(void *user_data);
diff --git a/src/BPSecLib_Public.h b/src/BPSecLib_Public.h
index 2d475d05..a397a970 100644
--- a/src/BPSecLib_Public.h
+++ b/src/BPSecLib_Public.h
@@ -512,8 +512,8 @@ int BSL_API_RegisterPolicyProvider(BSL_LibCtx_t *lib, uint64_t pp_id, BSL_Policy
  * @returns 0 on success, negative on error. On zero, `output_action_set` will be populated.
  */
 BSL_REQUIRE_CHECK
-int BSL_API_QuerySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *output_action_set,
-                          const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location);
+int BSL_API_QuerySecurity(BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle,
+                          BSL_PolicyLocation_e location);
 
 /** @brief Performs the given security operations on a Bundle, modifying or even dropping it entirely.
  *
@@ -523,7 +523,7 @@ int BSL_API_QuerySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *outp
  * @param[in]     policy_actions  Pointer to policy actions, which was populated using the `QuerySecurity` function.
  */
 BSL_REQUIRE_CHECK
-int BSL_API_ApplySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *response_output, BSL_BundleRef_t *bundle,
+int BSL_API_ApplySecurity(BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *response_output, BSL_BundleRef_t *bundle,
                           const BSL_SecurityActionSet_t *policy_actions);
 
 #ifdef __cplusplus
diff --git a/src/backend/PolicyProvider.c b/src/backend/PolicyProvider.c
index 38632424..a104164d 100644
--- a/src/backend/PolicyProvider.c
+++ b/src/backend/PolicyProvider.c
@@ -62,7 +62,7 @@ int BSL_PolicyRegistry_InspectActions(const BSL_LibCtx_t *bsl, BSL_SecurityActio
 }
 
 int BSL_PolicyRegistry_FinalizeActions(const BSL_LibCtx_t *bsl, const BSL_SecurityActionSet_t *policy_actions,
-                                       const BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output)
+                                       BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output)
 {
     CHK_ARG_NONNULL(bsl);
     CHK_ARG_NONNULL(bsl->policy_reg);
diff --git a/src/backend/PublicInterfaceImpl.c b/src/backend/PublicInterfaceImpl.c
index b3a423d9..30c93665 100644
--- a/src/backend/PublicInterfaceImpl.c
+++ b/src/backend/PublicInterfaceImpl.c
@@ -134,8 +134,8 @@ int BSL_API_RegisterPolicyProvider(BSL_LibCtx_t *lib, uint64_t pp_id, BSL_Policy
     return BSL_SUCCESS;
 }
 
-int BSL_API_QuerySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *output_action_set,
-                          const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location)
+int BSL_API_QuerySecurity(BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle,
+                          BSL_PolicyLocation_e location)
 {
     CHK_ARG_NONNULL(bsl);
     CHK_ARG_NONNULL(output_action_set);
@@ -146,7 +146,7 @@ int BSL_API_QuerySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *outp
     int query_status = BSL_PolicyRegistry_InspectActions(bsl, output_action_set, bundle, location);
     BSL_LOG_INFO("Completed query: status=%d", query_status);
 
-    BSL_TlmCounters_IncrementCounter((BSL_LibCtx_t *)bsl, BSL_TLM_BUNDLE_INSPECTED_COUNT, 1);
+    BSL_TlmCounters_IncrementCounter(bsl, BSL_TLM_BUNDLE_INSPECTED_COUNT, 1);
 
     // Here - find the sec block numbers for all ASBs
 
@@ -214,7 +214,7 @@ int BSL_API_QuerySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *outp
     }
     BSL_PrimaryBlock_deinit(&primary_block);
 
-    if (BSL_SecCtx_ValidatePolicyActionSet((BSL_LibCtx_t *)bsl, bundle, output_action_set) == false)
+    if (BSL_SecCtx_ValidatePolicyActionSet(bsl, bundle, output_action_set) == false)
     {
         query_status = BSL_ERR_SECURITY_CONTEXT_VALIDATION_FAILED;
         BSL_LOG_WARNING("Security Context validation failed");
@@ -223,7 +223,7 @@ int BSL_API_QuerySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *outp
     return query_status;
 }
 
-int BSL_API_ApplySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *response_output, BSL_BundleRef_t *bundle,
+int BSL_API_ApplySecurity(BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *response_output, BSL_BundleRef_t *bundle,
                           const BSL_SecurityActionSet_t *policy_actions)
 {
     CHK_ARG_NONNULL(bsl);
@@ -233,7 +233,7 @@ int BSL_API_ApplySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *re
 
     BSL_SecurityResponseSet_Init(response_output);
 
-    int exec_code = BSL_SecCtx_ExecutePolicyActionSet((BSL_LibCtx_t *)bsl, response_output, bundle, policy_actions);
+    int exec_code = BSL_SecCtx_ExecutePolicyActionSet(bsl, response_output, bundle, policy_actions);
     if (exec_code < BSL_SUCCESS)
     {
         BSL_LOG_ERR("Failed to execute policy action set");
diff --git a/src/policy_provider/SamplePolicyProvider.c b/src/policy_provider/SamplePolicyProvider.c
index 7556b43a..05f6af85 100644
--- a/src/policy_provider/SamplePolicyProvider.c
+++ b/src/policy_provider/SamplePolicyProvider.c
@@ -305,7 +305,7 @@ int BSLP_QueryPolicy(void *user_data, BSL_SecurityActionSet_t *output_action_set
 }
 
 int BSLP_FinalizePolicy(void *user_data _U_, const BSL_SecurityActionSet_t *output_action_set _U_,
-                        const BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output _U_)
+                        BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output _U_)
 {
     int                    error_ret = BSL_SUCCESS;
     BSLP_PolicyProvider_t *self      = user_data;
@@ -355,7 +355,7 @@ int BSLP_FinalizePolicy(void *user_data _U_, const BSL_SecurityActionSet_t *outp
 
             if (conclusion != BSL_SECOP_CONCLUSION_SUCCESS)
             {
-                error_ret = BSLP_PolicyProvider_HandleFailures((BSL_BundleRef_t *)bundle, secop);
+                error_ret = BSLP_PolicyProvider_HandleFailures(bundle, secop);
             }
         }
     }
diff --git a/src/policy_provider/SamplePolicyProvider.h b/src/policy_provider/SamplePolicyProvider.h
index 668b9d1d..60c9dcf4 100644
--- a/src/policy_provider/SamplePolicyProvider.h
+++ b/src/policy_provider/SamplePolicyProvider.h
@@ -250,10 +250,12 @@ int BSLP_PolicyRule_EvaluateAsSecOper(const BSLP_PolicyRule_t *self, const BSLP_
                                       BSL_SecOper_t *sec_oper, const BSL_BundleRef_t *bundle,
                                       BSL_PolicyLocation_e location);
 
+/// Provides ::BSL_PolicyInspect_f
 int BSLP_QueryPolicy(void *user_data, BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle,
                      BSL_PolicyLocation_e location);
 
-int BSLP_FinalizePolicy(void *user_data, const BSL_SecurityActionSet_t *output_action_set,
-                        const BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output);
+/// Provides ::BSL_PolicyFinalize_f
+int BSLP_FinalizePolicy(void *user_data, const BSL_SecurityActionSet_t *output_action_set, BSL_BundleRef_t *bundle,
+                        const BSL_SecurityResponseSet_t *response_output);
 
 #endif // BSLP_SAMPLE_POLICY_PROVIDER_H
diff --git a/src/security_context/BCB_AES_GCM.c b/src/security_context/BCB_AES_GCM.c
index cacecb3e..3bbf0f5e 100644
--- a/src/security_context/BCB_AES_GCM.c
+++ b/src/security_context/BCB_AES_GCM.c
@@ -641,7 +641,7 @@ int BSLX_BCB_Execute(BSL_LibCtx_t *lib _U_, BSL_BundleRef_t *bundle, const BSL_S
     bcb_context.overwrite_btsd = BSL_SecOper_IsRoleAcceptor(sec_oper);
 
     // Select whether to call the encrypt or decrypt function
-    int (*crypto_fn)(BSLX_BCB_t *) = BSL_SecOper_IsRoleSource(sec_oper) ? BSLX_BCB_Encrypt : BSLX_BCB_Decrypt;
+    int (*crypto_fn)(BSLX_BCB_t *) = BSL_SecOper_IsRoleSource(sec_oper) ? &BSLX_BCB_Encrypt : &BSLX_BCB_Decrypt;
 
     // Perform the encryption/decryption
     if (BSL_SUCCESS != crypto_fn(&bcb_context))