diff --git a/.github/actions/install_smithy_dafny_codegen_dependencies/action.yml b/.github/actions/install_smithy_dafny_codegen_dependencies/action.yml
deleted file mode 100644
index d4df6ab8a..000000000
--- a/.github/actions/install_smithy_dafny_codegen_dependencies/action.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-#
-# This local action sets up code dependencies
-# to run Smithy-Dafny CI in GitHub Actions workflows.
-#
-
-name: "Install Smithy-Dafny codegen dependencies"
-description: "Install Java package dependencies required to run Smithy-Dafny codegen"
-runs:
-  using: "composite"
-  steps:
-    - name: Install smithy-dafny-codegen Rust dependencies locally
-      uses: gradle/gradle-build-action@v2
-      with:
-        arguments: :codegen-client:pTML :codegen-core:pTML :rust-runtime:pTML
-        build-root-directory: submodules/smithy-dafny/smithy-dafny-codegen-modules/smithy-rs
-
-    - name: Install smithy-dafny-codegen Python dependencies locally
-      uses: gradle/gradle-build-action@v2
-      with:
-        arguments: :smithy-python-codegen:pTML
-        build-root-directory: submodules/smithy-dafny/codegen/smithy-dafny-codegen-modules/smithy-python/codegen
diff --git a/.github/actions/polymorph_codegen/action.yml b/.github/actions/polymorph_codegen/action.yml
index 302523dae..193be9dda 100644
--- a/.github/actions/polymorph_codegen/action.yml
+++ b/.github/actions/polymorph_codegen/action.yml
@@ -66,6 +66,17 @@ runs:
         git pull
         git submodule update --init --recursive
 
+    - name: Setup Java 17 for smithy-dafny
+      uses: actions/setup-java@v3
+      with:
+        distribution: "corretto"
+        java-version: 17
+
+    - name: Install smithy-dafny dependencies locally
+      shell: bash
+      run: |
+        make -C submodules/smithy-dafny mvn_local_deploy_polymorph_dependencies
+
     - name: Update top-level project.properties file in MPL
       if: inputs.update-and-regenerate-mpl == 'true'
       shell: bash
diff --git a/.github/workflows/ci_codegen.yml b/.github/workflows/ci_codegen.yml
index 6bbee248d..c7d6cf6cd 100644
--- a/.github/workflows/ci_codegen.yml
+++ b/.github/workflows/ci_codegen.yml
@@ -51,15 +51,6 @@ jobs:
       - name: Create temporary global.json
         run: echo '{"sdk":{"rollForward":"latestFeature","version":"6.0.0"}}' > ./global.json
 
-      - name: Setup Java 17 for codegen
-        uses: actions/setup-java@v3
-        with:
-          distribution: "corretto"
-          java-version: "17"
-
-      - name: Install Smithy-Dafny codegen dependencies
-        uses: ./.github/actions/install_smithy_dafny_codegen_dependencies
-
       - uses: ./.github/actions/polymorph_codegen
         with:
           dafny: ${{ inputs.dafny }}
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 408eefe62..7ecd3ba9d 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -19,45 +19,45 @@ jobs:
     uses: ./.github/workflows/library_format.yml
     with:
       dafny: "nightly-latest"
-      regenerate-code: true
+      regenerate-code: false
   dafny-nightly-verification:
     # Don't run the cron builds on forks
     if: github.event_name != 'schedule' || github.repository_owner == 'aws'
     uses: ./.github/workflows/library_dafny_verification.yml
     with:
       dafny: "nightly-latest"
-      regenerate-code: true
+      regenerate-code: false
   dafny-nightly-test-vector-verification:
     # Don't run the cron builds on forks
     if: github.event_name != 'schedule' || github.repository_owner == 'aws'
     uses: ./.github/workflows/test_vector_verification.yml
     with:
       dafny: "nightly-latest"
-      regenerate-code: true
+      regenerate-code: false
   dafny-nightly-java:
     if: github.event_name != 'schedule' || github.repository_owner == 'aws'
     uses: ./.github/workflows/ci_test_java.yml
     with:
       dafny: "nightly-latest"
-      regenerate-code: true
+      regenerate-code: false
   dafny-nightly-test-vectors-java:
     if: github.event_name != 'schedule' || github.repository_owner == 'aws'
     uses: ./.github/workflows/ci_test_vector_java.yml
     with:
       dafny: "nightly-latest"
-      regenerate-code: true
+      regenerate-code: false
   dafny-nightly-net:
     if: github.event_name != 'schedule' || github.repository_owner == 'aws'
     uses: ./.github/workflows/ci_test_net.yml
     with:
       dafny: "nightly-latest"
-      regenerate-code: true
+      regenerate-code: false
   dafny-nightly-test-vectors-net:
     if: github.event_name != 'schedule' || github.repository_owner == 'aws'
     uses: ./.github/workflows/ci_test_vector_net.yml
     with:
       dafny: "nightly-latest"
-      regenerate-code: true
+      regenerate-code: false
 
   cut-issue-on-failure:
     runs-on: ubuntu-latest
diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/test/DynamoDbGetEncryptedDataKeyDescriptionTest.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/test/DynamoDbGetEncryptedDataKeyDescriptionTest.dfy
index 2f5cb02a8..67d315ad3 100644
--- a/DynamoDbEncryption/dafny/DynamoDbEncryption/test/DynamoDbGetEncryptedDataKeyDescriptionTest.dfy
+++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/test/DynamoDbGetEncryptedDataKeyDescriptionTest.dfy
@@ -156,7 +156,7 @@ module DynamoDbGetEncryptedDataKeyDescriptionTest {
     expect actualDataKeyDescription.EncryptedDataKeyDescriptionOutput[0].keyProviderInfo.value == "keyproviderInfo";
   }
 
-  method {:test} TestDDBItemInputAwsKmsHDataKeyCase()
+  method {:test} {:isolate_assertions} TestDDBItemInputAwsKmsHDataKeyCase()
   {
     var expectedHead := CreatePartialHeader(testVersion, testFlavor0, testMsgID, testLegend, testEncContext, [testAwsKmsHDataKey]);
     var serializedHeader := expectedHead.serialize() + expectedHead.msgID;
diff --git a/DynamoDbEncryption/dafny/StructuredEncryption/src/Canonize.dfy b/DynamoDbEncryption/dafny/StructuredEncryption/src/Canonize.dfy
index 85c6f93f9..51027dcdc 100644
--- a/DynamoDbEncryption/dafny/StructuredEncryption/src/Canonize.dfy
+++ b/DynamoDbEncryption/dafny/StructuredEncryption/src/Canonize.dfy
@@ -663,6 +663,14 @@ module {:options "/functionSyntax:4" } Canonize {
     exists x :: x in origData && Updated2(x, item, DoDecrypt)
   }
 
+  ghost function Updated2Item(origData : AuthList, item : CanonCryptoItem) : (result : AuthItem)
+    requires Updated2Exists(origData, item)
+    ensures Updated2(result, item, DoDecrypt)
+  {
+    var r :| Updated2(r, item, DoDecrypt);
+    r
+  }
+
   ghost predicate Updated5Exists(origData : CryptoList, item : CanonCryptoItem)
   {
     exists x :: x in origData && Updated5(x, item, DoEncrypt)
@@ -693,6 +701,9 @@ module {:options "/functionSyntax:4" } Canonize {
       assert forall val <- input :: exists x :: x in origData && Updated2(x, val, DoDecrypt);
       assert forall i | 0 <= i < |input| :: exists x :: x in origData && Updated2(x, input[i], DoDecrypt) by {
         InputIsInput(origData, input);
+        forall i | 0 <= i < |input| ensures exists x :: x in origData && Updated2(x, input[i], DoDecrypt) {
+          var x := Updated2Item(origData, input[i]);
+        }
       }
       assert forall newVal <- output :: exists x :: x in origData && Updated3(x, newVal, DoDecrypt);
     }