diff --git a/core/include/aes_gcm_dev.h b/core/include/aes_gcm_dev.h
index cd0f4d08..940fab23 100644
--- a/core/include/aes_gcm_dev.h
+++ b/core/include/aes_gcm_dev.h
@@ -1,5 +1,9 @@
 #pragma once
 
+#include <squareup/subzero/internal.pb.h>
+#include <stddef.h>
+#include <stdint.h>
+
 /* This header is meant for the dev target, and should only be included in the
  * dev implementation */
 
diff --git a/core/include/aes_gcm_ncipher.h b/core/include/aes_gcm_ncipher.h
index 2ecce228..de1646ef 100644
--- a/core/include/aes_gcm_ncipher.h
+++ b/core/include/aes_gcm_ncipher.h
@@ -1,5 +1,10 @@
 #pragma once
 
+#include <nfastapp.h>
+#include <squareup/subzero/internal.pb.h>
+#include <stddef.h>
+#include <stdint.h>
+
 /* This header is meant for the nCipher target, and should only be included in the
  * codesafe/ncipher implementation */
 
diff --git a/core/include/print.h b/core/include/print.h
index 10089d80..6628f49a 100644
--- a/core/include/print.h
+++ b/core/include/print.h
@@ -1,5 +1,8 @@
 #pragma once
 
+#include <stddef.h>
+#include <stdint.h>
+
 void print_uint8(uint8_t value);
 void print_uint16(uint16_t value);
 void print_uint32(uint32_t value);
diff --git a/core/include/qrsignatures.h b/core/include/qrsignatures.h
index 7fbca888..d3f281c2 100644
--- a/core/include/qrsignatures.h
+++ b/core/include/qrsignatures.h
@@ -1,5 +1,8 @@
 #pragma once
 
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
 
 /**
  * signature verification wrapper for trezor crypto util.
diff --git a/core/include/sign.h b/core/include/sign.h
index 1f64300a..f885011d 100644
--- a/core/include/sign.h
+++ b/core/include/sign.h
@@ -1,5 +1,7 @@
 #pragma once
 
+#include <squareup/subzero/internal.pb.h>
+
 Result handle_sign_tx(
     const InternalCommandRequest_SignTxRequest* const request,
     InternalCommandResponse_SignTxResponse *response);
diff --git a/core/src/checks/bip32.c b/core/src/checks/bip32.c
index 10eaf217..6729d3ee 100644
--- a/core/src/checks/bip32.c
+++ b/core/src/checks/bip32.c
@@ -1,15 +1,15 @@
-#include <stdio.h>
-#include <string.h>
-
 #include "bip32.h"
-#include "bip39.h"
-#include "curves.h"
 
-#include "config.h"
+#include "bip39.h"
 #include "checks.h"
+#include "config.h"
+#include "curves.h"
 #include "log.h"
 #include "squareup/subzero/internal.pb.h"
 
+#include <stdio.h>
+#include <string.h>
+
 /**
  * Perform BIP32 derivation using a hardcoded mnemonic and verify that we get
  * specific private/public keys back.
diff --git a/core/src/checks/check_sign_tx.c b/core/src/checks/check_sign_tx.c
index 5c03c80e..390203e7 100644
--- a/core/src/checks/check_sign_tx.c
+++ b/core/src/checks/check_sign_tx.c
@@ -1,34 +1,31 @@
 #include "base58.h"
 #include "bip32.h"
 #include "bip39.h"
+#include "checks.h"
+#include "conv.h"
 #include "curves.h"
+#include "ecdsa.h"
+#include "hash.h"
+#include "log.h"
+#include "memzero.h"
+#include "nist256p1.h"
+#include "print.h"
+#include "qrsignatures.h"
+#include "script.h"
+#include "sign.h"
+
 #include <assert.h>
 #include <config.h>
+#include <pb_decode.h>
+#include <pb_encode.h>
 #include <protection.h>
 #include <rpc.h>
-#include <pb_encode.h>
-#include <pb_decode.h>
 #include <squareup/subzero/common.pb.h>
 #include <squareup/subzero/internal.pb.h>
 #include <squareup/subzero/service.pb.h>
 #include <stdio.h>
 #include <string.h>
 
-#include <assert.h>
-
-#include "checks.h"
-#include "conv.h"
-#include "hash.h"
-#include "log.h"
-#include "print.h"
-#include "script.h"
-#include "sign.h"
-#include "ecdsa.h"
-#include "nist256p1.h"
-#include "memzero.h"
-#include "qrsignatures.h"
-
-
 // Return a constructed request for test
 static int construct_request(InternalCommandRequest_SignTxRequest *tx) {
 
diff --git a/core/src/checks/conv_checks.c b/core/src/checks/conv_checks.c
index 1f47283c..378af67a 100644
--- a/core/src/checks/conv_checks.c
+++ b/core/src/checks/conv_checks.c
@@ -1,10 +1,10 @@
-#include <inttypes.h>
-#include <stdint.h>
-
 #include "checks.h"
 #include "conv.h"
 #include "log.h"
 
+#include <inttypes.h>
+#include <stdint.h>
+
 int verify_conv_btc_to_satoshi(void) {
   uint32_t btc = 0;
   uint64_t satoshi = conv_btc_to_satoshi(btc);
diff --git a/core/src/checks/self_checks.c b/core/src/checks/self_checks.c
index 546a6f18..ce2f0f5d 100644
--- a/core/src/checks/self_checks.c
+++ b/core/src/checks/self_checks.c
@@ -1,9 +1,9 @@
-#include <stdio.h>
-#include <stdlib.h>
-
 #include "checks.h"
 #include "log.h"
 
+#include <stdio.h>
+#include <stdlib.h>
+
 typedef int (*self_check_function)(void);
 
 typedef struct self_check_function_info {
diff --git a/core/src/checks/validate_fees.c b/core/src/checks/validate_fees.c
index 81cf1e48..385b093c 100644
--- a/core/src/checks/validate_fees.c
+++ b/core/src/checks/validate_fees.c
@@ -1,10 +1,10 @@
-#include <stdio.h>
-
 #include "checks.h"
+#include "log.h"
 #include "rpc.h"
 #include "sign.h"
 #include "squareup/subzero/internal.pb.h"
-#include "log.h"
+
+#include <stdio.h>
 
 int verify_validate_fees(void) {
   int r = 0;
diff --git a/core/src/dev/aes_gcm.c b/core/src/dev/aes_gcm.c
index b3973b4f..0ab9c99e 100644
--- a/core/src/dev/aes_gcm.c
+++ b/core/src/dev/aes_gcm.c
@@ -1,11 +1,12 @@
-#include <stdint.h>
-#include <squareup/subzero/internal.pb.h> // For error codes
-#include "log.h"
-#include "memzero.h"
 #include "aes_gcm_dev.h"
 #include "gcm.h"
+#include "log.h"
+#include "memzero.h"
 #include "rand.h"
 
+#include <squareup/subzero/internal.pb.h> // For error codes
+#include <stdint.h>
+
 #define IV_SIZE_IN_BYTES (12)
 #define TAG_SIZE_IN_BYTES (16)
 
diff --git a/core/src/dev/execute_command_hooks.c b/core/src/dev/execute_command_hooks.c
index a0e123ab..bc435f9f 100644
--- a/core/src/dev/execute_command_hooks.c
+++ b/core/src/dev/execute_command_hooks.c
@@ -1,7 +1,7 @@
-#include <squareup/subzero/internal.pb.h>
-
 #include "rpc.h"
 
+#include <squareup/subzero/internal.pb.h>
+
 Result pre_execute_command(const InternalCommandRequest* const in) {
   (void)in;
   return Result_SUCCESS;
diff --git a/core/src/dev/init_wallet.c b/core/src/dev/init_wallet.c
index 2dfabe30..5d1975fd 100644
--- a/core/src/dev/init_wallet.c
+++ b/core/src/dev/init_wallet.c
@@ -1,21 +1,22 @@
-#include <assert.h>
-#include <pb_decode.h>
-#include <pb_encode.h>
-#include <squareup/subzero/common.pb.h>
-#include <squareup/subzero/internal.pb.h>
-#include <stdio.h>
+#include "init_wallet.h"
 
 #include "bip32.h"
 #include "bip39.h"
 #include "checks.h"
 #include "config.h"
 #include "curves.h"
-#include "init_wallet.h"
 #include "log.h"
 #include "protection.h"
 #include "rand.h"
 #include "rpc.h"
 
+#include <assert.h>
+#include <pb_decode.h>
+#include <pb_encode.h>
+#include <squareup/subzero/common.pb.h>
+#include <squareup/subzero/internal.pb.h>
+#include <stdio.h>
+
 /**
  * Initialize a wallet.
  * in prod:
diff --git a/core/src/dev/no_rollback.c b/core/src/dev/no_rollback.c
index 0fcd8958..c3d9cac2 100644
--- a/core/src/dev/no_rollback.c
+++ b/core/src/dev/no_rollback.c
@@ -1,12 +1,13 @@
+#include "no_rollback.h"
+
+#include "config.h"
+#include "log.h"
+
 #include <assert.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "no_rollback.h"
-#include "config.h"
-#include "log.h"
-
 Result no_rollback_read(const char* filename, char buf[static VERSION_SIZE]) {
   char tmp_file[100];
   snprintf(tmp_file, sizeof(tmp_file), "/tmp/%s", filename);
diff --git a/core/src/dev/protection.c b/core/src/dev/protection.c
index f3919171..2e97a5bf 100644
--- a/core/src/dev/protection.c
+++ b/core/src/dev/protection.c
@@ -1,13 +1,14 @@
-#include <assert.h>
-#include <protection.h>
-#include <squareup/subzero/common.pb.h>
-#include <squareup/subzero/internal.pb.h>
+#include "protection.h"
 
+#include "aes_gcm_dev.h"
 #include "log.h"
 #include "memzero.h"
-#include "aes_gcm_dev.h"
 #include "rand.h"
 
+#include <assert.h>
+#include <squareup/subzero/common.pb.h>
+#include <squareup/subzero/internal.pb.h>
+
 // Protection: developer edition.
 
 // Hardcoded master seed encryption key and public key encryption key
diff --git a/core/src/finalize_wallet.c b/core/src/finalize_wallet.c
index 00fdfa48..25c56d13 100644
--- a/core/src/finalize_wallet.c
+++ b/core/src/finalize_wallet.c
@@ -1,14 +1,14 @@
-#include <assert.h>
-#include <bip32.h>
-#include <curves.h>
-#include <squareup/subzero/internal.pb.h>
-
 #include "config.h"
 #include "log.h"
 #include "protection.h"
 #include "rpc.h"
 #include "strlcpy.h"
 
+#include <assert.h>
+#include <bip32.h>
+#include <curves.h>
+#include <squareup/subzero/internal.pb.h>
+
 Result
 handle_finalize_wallet(
     const InternalCommandRequest_FinalizeWalletRequest* const in,
diff --git a/core/src/fuzz.c b/core/src/fuzz.c
index b701d61a..f544252b 100644
--- a/core/src/fuzz.c
+++ b/core/src/fuzz.c
@@ -1,15 +1,15 @@
+#include "pb_decode.h"
+#include "pb_encode.h"
+#include "rpc.h"
+
+#include <errno.h>
+#include <fcntl.h>
 #include <stdio.h>
-#include <sys/stat.h>
 #include <stdlib.h>
 #include <string.h>
-#include <fcntl.h>
-#include <errno.h>
+#include <sys/stat.h>
 #include <unistd.h>
 
-#include "pb_decode.h"
-#include "pb_encode.h"
-#include "rpc.h"
-
 /* This is useful for debugging the fuzz driver. from nanopb docs. */
 static bool fwrite_callback(pb_ostream_t *stream, const uint8_t *buf, size_t count) {
    FILE *file = (FILE*) stream->state;
diff --git a/core/src/init_wallet.c b/core/src/init_wallet.c
index 764ec8c8..c7ad7dbb 100644
--- a/core/src/init_wallet.c
+++ b/core/src/init_wallet.c
@@ -1,4 +1,5 @@
 #include "init_wallet.h"
+
 #include "log.h"
 
 /**
diff --git a/core/src/main.c b/core/src/main.c
index a8dd848c..d16df64a 100644
--- a/core/src/main.c
+++ b/core/src/main.c
@@ -2,15 +2,6 @@
  * nCipher wallet code.
  */
 
-#include <arpa/inet.h>
-#include <netinet/in.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <unistd.h>
-#include <stdbool.h>
-
-#include "no_rollback.h"
 #include "checks.h"
 #include "config.h"
 #include "hash.h"
@@ -18,11 +9,20 @@
 #include "log.h"
 #include "memzero.h"
 #include "nanopb_stream.h"
+#include "no_rollback.h"
 #include "pb_decode.h"
 #include "pb_encode.h"
 #include "print.h"
 #include "rpc.h"
 
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <unistd.h>
+
 int main(int argc, char **argv) {
   int r;
   bool checks_only = false;
diff --git a/core/src/memzero.c b/core/src/memzero.c
index 03b8b9cc..efc9b069 100644
--- a/core/src/memzero.c
+++ b/core/src/memzero.c
@@ -1,7 +1,7 @@
-#include <stdint.h>
-
 #include "memzero.h"
 
+#include <stdint.h>
+
 /**
  * This function MUST NEVER be included in a file with any other functions.
  * Security relies on the fact that the linker cannot optimize function calls
diff --git a/core/src/nanopb_stream.c b/core/src/nanopb_stream.c
index 6216ee5f..7a00cda4 100644
--- a/core/src/nanopb_stream.c
+++ b/core/src/nanopb_stream.c
@@ -2,13 +2,13 @@
  * This file is mostly a copy of nanopb/examples/network_server/common.h
  */
 
+#include "nanopb_stream.h"
+
 #include <pb_decode.h>
 #include <pb_encode.h>
 #include <sys/socket.h>
 #include <sys/types.h>
 
-#include "nanopb_stream.h"
-
 static bool write_callback(pb_ostream_t *stream, const uint8_t *buf,
                            size_t count) {
   int fd = (intptr_t)stream->state;
diff --git a/core/src/ncipher/additional_checks.c b/core/src/ncipher/additional_checks.c
index e0d2e9fe..f22eeff5 100644
--- a/core/src/ncipher/additional_checks.c
+++ b/core/src/ncipher/additional_checks.c
@@ -1,13 +1,13 @@
-#include <nfastapp.h>
-#include <seelib.h>
-#include <stdint.h>
-#include <squareup/subzero/internal.pb.h> // For error codes
-
 #include "aes_gcm_ncipher.h"
 #include "checks.h"
 #include "log.h"
 #include "transact.h"
 
+#include <nfastapp.h>
+#include <seelib.h>
+#include <squareup/subzero/internal.pb.h> // For error codes
+#include <stdint.h>
+
 extern M_KeyID master_seed_encryption_key;
 extern M_KeyID pub_key_encryption_key;
 
diff --git a/core/src/ncipher/aes_gcm.c b/core/src/ncipher/aes_gcm.c
index 3bf1434f..ce208e4f 100644
--- a/core/src/ncipher/aes_gcm.c
+++ b/core/src/ncipher/aes_gcm.c
@@ -1,15 +1,14 @@
-#include <nfastapp.h>
-#include <seelib.h>
-#include <stdint.h>
-#include <string.h>
-#include <strings.h>
-#include <squareup/subzero/internal.pb.h> // For error codes
-
 #include "aes_gcm_ncipher.h"
 #include "log.h"
 #include "memzero.h"
 #include "transact.h"
 
+#include <nfastapp.h>
+#include <seelib.h>
+#include <squareup/subzero/internal.pb.h> // For error codes
+#include <stdint.h>
+#include <string.h>
+#include <strings.h>
 
 #define IV_SIZE_IN_BYTES (12)
 #define TAG_SIZE_IN_BYTES (16)
diff --git a/core/src/ncipher/execute_command_hooks.c b/core/src/ncipher/execute_command_hooks.c
index 05810aa1..b349e0ec 100644
--- a/core/src/ncipher/execute_command_hooks.c
+++ b/core/src/ncipher/execute_command_hooks.c
@@ -1,13 +1,3 @@
-#include <assert.h>
-#include <examples/network_server/common.h>
-#include <nfastapp.h>
-#include <pb_decode.h>
-#include <pb_encode.h>
-#include <seelib.h>
-#include <squareup/subzero/common.pb.h>
-#include <squareup/subzero/internal.pb.h>
-#include <stdio.h>
-
 #include "bip32.h"
 #include "bip39.h"
 #include "checks.h"
@@ -20,6 +10,16 @@
 #include "rpc.h"
 #include "transact.h"
 
+#include <assert.h>
+#include <examples/network_server/common.h>
+#include <nfastapp.h>
+#include <pb_decode.h>
+#include <pb_encode.h>
+#include <seelib.h>
+#include <squareup/subzero/common.pb.h>
+#include <squareup/subzero/internal.pb.h>
+#include <stdio.h>
+
 extern NFast_AppHandle app;
 
 static Result ticket2keyId(const uint8_t *ticket_bytes, uint32_t ticket_len, M_KeyID *key_id);
diff --git a/core/src/ncipher/init.c b/core/src/ncipher/init.c
index 078edeff..2c05c750 100644
--- a/core/src/ncipher/init.c
+++ b/core/src/ncipher/init.c
@@ -1,11 +1,11 @@
-#include <nfastapp.h>
-#include <stdbool.h>
-
-#include <squareup/subzero/internal.pb.h>
-
-#include "module_certificate.h"
 #include "init.h"
+
 #include "log.h"
+#include "module_certificate.h"
+
+#include <nfastapp.h>
+#include <squareup/subzero/internal.pb.h>
+#include <stdbool.h>
 
 NFastApp_Connection conn;
 NFast_AppHandle app;
diff --git a/core/src/ncipher/init_wallet.c b/core/src/ncipher/init_wallet.c
index 14375d34..27a7ce48 100644
--- a/core/src/ncipher/init_wallet.c
+++ b/core/src/ncipher/init_wallet.c
@@ -1,25 +1,26 @@
-#include <assert.h>
-#include <examples/network_server/common.h>
-#include <nfastapp.h>
-#include <pb_decode.h>
-#include <pb_encode.h>
-#include <seelib.h>
-#include <squareup/subzero/common.pb.h>
-#include <squareup/subzero/internal.pb.h>
-#include <stdio.h>
+#include "init_wallet.h"
 
 #include "bip32.h"
 #include "bip39.h"
 #include "checks.h"
 #include "config.h"
 #include "curves.h"
-#include "init_wallet.h"
 #include "log.h"
 #include "protection.h"
 #include "rand.h"
 #include "rpc.h"
 #include "transact.h"
 
+#include <assert.h>
+#include <examples/network_server/common.h>
+#include <nfastapp.h>
+#include <pb_decode.h>
+#include <pb_encode.h>
+#include <seelib.h>
+#include <squareup/subzero/common.pb.h>
+#include <squareup/subzero/internal.pb.h>
+#include <stdio.h>
+
 extern NFast_AppHandle app;
 
 static Result gen_random(uint8_t *buffer, uint32_t buffer_len);
diff --git a/core/src/ncipher/module_certificate.c b/core/src/ncipher/module_certificate.c
index 1eb26dea..c6f8008c 100644
--- a/core/src/ncipher/module_certificate.c
+++ b/core/src/ncipher/module_certificate.c
@@ -1,13 +1,14 @@
-#include <nfastapp.h>
-#include <seelib.h>
-#include <string.h>
-#include <stdlib.h>
-
 #include "module_certificate.h"
+
 #include "log.h"
 #include "memzero.h"
 #include "transact.h"
 
+#include <nfastapp.h>
+#include <seelib.h>
+#include <stdlib.h>
+#include <string.h>
+
 extern NFast_AppHandle app;
 
 /**
diff --git a/core/src/ncipher/no_rollback.c b/core/src/ncipher/no_rollback.c
index 8b28e6e0..b981fe90 100644
--- a/core/src/ncipher/no_rollback.c
+++ b/core/src/ncipher/no_rollback.c
@@ -1,3 +1,9 @@
+#include "no_rollback.h"
+
+#include "config.h"
+#include "log.h"
+#include "transact.h"
+
 #include <assert.h>
 #include <nfastapp.h>
 #include <seelib.h>
@@ -6,11 +12,6 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "no_rollback.h"
-#include "config.h"
-#include "log.h"
-#include "transact.h"
-
 extern NFast_AppHandle app;
 
 /**
diff --git a/core/src/ncipher/protection.c b/core/src/ncipher/protection.c
index bc7c4d7f..dd2294c9 100644
--- a/core/src/ncipher/protection.c
+++ b/core/src/ncipher/protection.c
@@ -1,3 +1,7 @@
+#include "aes_gcm_ncipher.h"
+#include "config.h"
+#include "log.h"
+
 #include <assert.h>
 #include <nfastapp.h>
 #include <protection.h>
@@ -5,10 +9,6 @@
 #include <squareup/subzero/common.pb.h>
 #include <squareup/subzero/internal.pb.h>
 
-#include "aes_gcm_ncipher.h"
-#include "config.h"
-#include "log.h"
-
 // Protection: ncipher edition.
 
 M_KeyID master_seed_encryption_key = 0;
diff --git a/core/src/ncipher/transact.c b/core/src/ncipher/transact.c
index 5bfa51c4..84abea48 100644
--- a/core/src/ncipher/transact.c
+++ b/core/src/ncipher/transact.c
@@ -1,7 +1,8 @@
-#include <nfastapp.h>
+#include "transact.h"
 
 #include "log.h"
-#include "transact.h"
+
+#include <nfastapp.h>
 
 /**
  * Sets certs_present and takes care of error handling.
diff --git a/core/src/no_rollback.c b/core/src/no_rollback.c
index 3be336db..da85f56a 100644
--- a/core/src/no_rollback.c
+++ b/core/src/no_rollback.c
@@ -1,8 +1,10 @@
-#include <stdlib.h> /* strtoul */
-#include <inttypes.h>
 #include "no_rollback.h"
+
 #include "log.h"
 
+#include <inttypes.h>
+#include <stdlib.h> /* strtoul */
+
 /**
  * Prevents running an older version of core after a newer version has been seen. The goal is to limit the attack
  * surface to only the current version (vs any version which ever existed).
diff --git a/core/src/print.c b/core/src/print.c
index 32d55710..556fdf13 100644
--- a/core/src/print.c
+++ b/core/src/print.c
@@ -1,8 +1,9 @@
-#include <stdint.h>
-#include <stdio.h>
+#include "print.h"
 
 #include "log.h"
-#include "print.h"
+
+#include <stdint.h>
+#include <stdio.h>
 
 // TODO: this file and hash.c have a lot of code in common. We should
 // pull the common code in a set of serializer_* functions.
diff --git a/core/src/qrsignatures.c b/core/src/qrsignatures.c
index 48e2bf6e..46075acf 100644
--- a/core/src/qrsignatures.c
+++ b/core/src/qrsignatures.c
@@ -1,15 +1,16 @@
-#include <unistd.h>
-#include <stdbool.h>
-#include <string.h>
-#include <stdio.h>
+#include "qrsignatures.h"
 
-#include "ecdsa.h"
+#include "config.h"
 #include "curves.h"
+#include "ecdsa.h"
+#include "log.h"
 #include "memzero.h"
 #include "nist256p1.h"
-#include "qrsignatures.h"
-#include "log.h"
-#include "config.h"
+
+#include <stdbool.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
 
 static const uint8_t QR_PUBKEY[65] = _QR_PUBKEY;
 bool check_qrsignature(const uint8_t * const data, size_t data_len, const uint8_t * const signature){
diff --git a/core/src/rpc.c b/core/src/rpc.c
index 7006babb..01ad29c7 100644
--- a/core/src/rpc.c
+++ b/core/src/rpc.c
@@ -1,16 +1,16 @@
-#include <stdio.h>
-
-#include <pb_decode.h>
-#include <pb_encode.h>
-#include <squareup/subzero/internal.pb.h>
-#include <squareup/subzero/service.pb.h>
+#include "rpc.h"
 
 #include "checks.h"
 #include "config.h"
 #include "log.h"
-#include "rpc.h"
-#include "sign.h"
 #include "qrsignatures.h"
+#include "sign.h"
+
+#include <pb_decode.h>
+#include <pb_encode.h>
+#include <squareup/subzero/internal.pb.h>
+#include <squareup/subzero/service.pb.h>
+#include <stdio.h>
 
 static void execute_command(const InternalCommandRequest* const cmd,
                             InternalCommandResponse *out);
diff --git a/core/src/script.c b/core/src/script.c
index 03c980c3..dced042f 100644
--- a/core/src/script.c
+++ b/core/src/script.c
@@ -1,4 +1,5 @@
 #include "script.h"
+
 #include <log.h>
 #include <squareup/subzero/internal.pb.h>
 
diff --git a/core/src/sign.c b/core/src/sign.c
index cca6c0a9..9444fbcb 100644
--- a/core/src/sign.c
+++ b/core/src/sign.c
@@ -1,3 +1,13 @@
+#include "sign.h"
+
+#include "bip32.h"
+#include "conv.h"
+#include "hash.h"
+#include "log.h"
+#include "memzero.h"
+#include "rpc.h"
+#include "script.h"
+
 #include <assert.h>
 #include <base58.h>
 #include <bip32.h>
@@ -11,15 +21,6 @@
 #include <stdbool.h>
 #include <stdio.h>
 
-#include "bip32.h"
-#include "conv.h"
-#include "hash.h"
-#include "log.h"
-#include "rpc.h"
-#include "script.h"
-#include "sign.h"
-#include "memzero.h"
-
 static void compute_prevout_hash(const TxInput* const inputs,
                                  pb_size_t inputs_count,
                                  uint8_t hash[static HASHER_DIGEST_LENGTH]) {