Jun 05, 5-6 AM (5)
Jun 05, 6-7 AM (9)
Jun 05, 7-8 AM (12)
Jun 05, 8-9 AM (8)
Jun 05, 9-10 AM (11)
Jun 05, 10-11 AM (12)
Jun 05, 11-12 PM (8)
Jun 05, 12-1 PM (52)
Jun 05, 1-2 PM (61)
Jun 05, 2-3 PM (26)
Jun 05, 3-4 PM (24)
Jun 05, 4-5 PM (17)
Jun 05, 5-6 PM (7)
Jun 05, 6-7 PM (14)
Jun 05, 7-8 PM (12)
Jun 05, 8-9 PM (6)
Jun 05, 9-10 PM (2)
Jun 05, 10-11 PM (20)
Jun 05, 11-12 AM (9)
Jun 06, 12-1 AM (6)
Jun 06, 1-2 AM (0)
Jun 06, 2-3 AM (3)
Jun 06, 3-4 AM (4)
Jun 06, 4-5 AM (0)
Jun 06, 5-6 AM (24)
Jun 06, 6-7 AM (1)
Jun 06, 7-8 AM (2)
Jun 06, 8-9 AM (3)
Jun 06, 9-10 AM (0)
Jun 06, 10-11 AM (3)
Jun 06, 11-12 PM (6)
Jun 06, 12-1 PM (2)
Jun 06, 1-2 PM (2)
Jun 06, 2-3 PM (2)
Jun 06, 3-4 PM (18)
Jun 06, 4-5 PM (1)
Jun 06, 5-6 PM (6)
Jun 06, 6-7 PM (0)
Jun 06, 7-8 PM (6)
Jun 06, 8-9 PM (0)
Jun 06, 9-10 PM (1)
Jun 06, 10-11 PM (27)
Jun 06, 11-12 AM (9)
Jun 07, 12-1 AM (14)
Jun 07, 1-2 AM (2)
Jun 07, 2-3 AM (0)
Jun 07, 3-4 AM (0)
Jun 07, 4-5 AM (1)
Jun 07, 5-6 AM (1)
Jun 07, 6-7 AM (3)
Jun 07, 7-8 AM (0)
Jun 07, 8-9 AM (0)
Jun 07, 9-10 AM (1)
Jun 07, 10-11 AM (2)
Jun 07, 11-12 PM (2)
Jun 07, 12-1 PM (5)
Jun 07, 1-2 PM (35)
Jun 07, 2-3 PM (2)
Jun 07, 3-4 PM (4)
Jun 07, 4-5 PM (2)
Jun 07, 5-6 PM (4)
Jun 07, 6-7 PM (0)
Jun 07, 7-8 PM (0)
Jun 07, 8-9 PM (17)
Jun 07, 9-10 PM (1)
Jun 07, 10-11 PM (21)
Jun 07, 11-12 AM (9)
Jun 08, 12-1 AM (9)
Jun 08, 1-2 AM (5)
Jun 08, 2-3 AM (3)
Jun 08, 3-4 AM (4)
Jun 08, 4-5 AM (2)
Jun 08, 5-6 AM (9)
Jun 08, 6-7 AM (5)
Jun 08, 7-8 AM (25)
Jun 08, 8-9 AM (36)
Jun 08, 9-10 AM (40)
Jun 08, 10-11 AM (24)
Jun 08, 11-12 PM (22)
Jun 08, 12-1 PM (40)
Jun 08, 1-2 PM (48)
Jun 08, 2-3 PM (33)
Jun 08, 3-4 PM (27)
Jun 08, 4-5 PM (12)
Jun 08, 5-6 PM (23)
Jun 08, 6-7 PM (14)
Jun 08, 7-8 PM (3)
Jun 08, 8-9 PM (6)
Jun 08, 9-10 PM (19)
Jun 08, 10-11 PM (29)
Jun 08, 11-12 AM (8)
Jun 09, 12-1 AM (5)
Jun 09, 1-2 AM (3)
Jun 09, 2-3 AM (1)
Jun 09, 3-4 AM (3)
Jun 09, 4-5 AM (26)
Jun 09, 5-6 AM (5)
Jun 09, 6-7 AM (23)
Jun 09, 7-8 AM (50)
Jun 09, 8-9 AM (35)
Jun 09, 9-10 AM (45)
Jun 09, 10-11 AM (51)
Jun 09, 11-12 PM (46)
Jun 09, 12-1 PM (86)
Jun 09, 1-2 PM (84)
Jun 09, 2-3 PM (36)
Jun 09, 3-4 PM (38)
Jun 09, 4-5 PM (16)
Jun 09, 5-6 PM (18)
Jun 09, 6-7 PM (18)
Jun 09, 7-8 PM (19)
Jun 09, 8-9 PM (16)
Jun 09, 9-10 PM (16)
Jun 09, 10-11 PM (28)
Jun 09, 11-12 AM (10)
Jun 10, 12-1 AM (11)
Jun 10, 1-2 AM (16)
Jun 10, 2-3 AM (11)
Jun 10, 3-4 AM (19)
Jun 10, 4-5 AM (5)
Jun 10, 5-6 AM (2)
Jun 10, 6-7 AM (46)
Jun 10, 7-8 AM (82)
Jun 10, 8-9 AM (18)
Jun 10, 9-10 AM (59)
Jun 10, 10-11 AM (46)
Jun 10, 11-12 PM (134)
Jun 10, 12-1 PM (48)
Jun 10, 1-2 PM (33)
Jun 10, 2-3 PM (32)
Jun 10, 3-4 PM (28)
Jun 10, 4-5 PM (35)
Jun 10, 5-6 PM (12)
Jun 10, 6-7 PM (12)
Jun 10, 7-8 PM (38)
Jun 10, 8-9 PM (11)
Jun 10, 9-10 PM (9)
Jun 10, 10-11 PM (20)
Jun 10, 11-12 AM (7)
Jun 11, 12-1 AM (10)
Jun 11, 1-2 AM (2)
Jun 11, 2-3 AM (0)
Jun 11, 3-4 AM (2)
Jun 11, 4-5 AM (8)
Jun 11, 5-6 AM (12)
Jun 11, 6-7 AM (34)
Jun 11, 7-8 AM (106)
Jun 11, 8-9 AM (34)
Jun 11, 9-10 AM (20)
Jun 11, 10-11 AM (105)
Jun 11, 11-12 PM (25)
Jun 11, 12-1 PM (38)
Jun 11, 1-2 PM (37)
Jun 11, 2-3 PM (13)
Jun 11, 3-4 PM (19)
Jun 11, 4-5 PM (5)
Jun 11, 5-6 PM (7)
Jun 11, 6-7 PM (26)
Jun 11, 7-8 PM (90)
Jun 11, 8-9 PM (11)
Jun 11, 9-10 PM (3)
Jun 11, 10-11 PM (22)
Jun 11, 11-12 AM (5)
Jun 12, 12-1 AM (8)
Jun 12, 1-2 AM (2)
Jun 12, 2-3 AM (2)
Jun 12, 3-4 AM (4)
Jun 12, 4-5 AM (5)
Jun 12, 5-6 AM (4)
3,079 commits this week Jun 05, 2026 - Jun 12, 2026
QSchlegel
QSchlegel · · multisig
refactor(wallet): route all wallet ops through the Mesh 1.9 bridge + guardrail 
Every signing/wallet call must use useMeshWallet()/useActiveWallet() (the
Mesh 1.9 IWallet), never react-2.0's useWallet().wallet — the latter is a
low-level CIP-30 wallet whose signData(address, payload) / signTx(tx,
partialSign) signatures differ from 1.9, so a wrong-order call compiles
but signs the wrong bytes.

Fixes 3 live latent copies of that bug (same root cause as the WalletAuth
modal fix):
- HydraBudgetVote: signData on the react-2.0 wallet — the likely source of
  the ballot witness/body-hash divergence.
- instance-tab (cross-instance import): would fail with CIP-30 -2 on VESPR.
- api-docs bearer-token generation: same swapped-args failure.

Also migrates the remaining read-only useWallet().wallet sites (address /
network-id lookups, identical across versions) to the bridge so the
boundary is uniform, and adds null guards where the bridge wallet is
transiently null while enabling.

Guardrail: an ESLint no-restricted-syntax rule makes destructuring
`wallet` from useWallet() a build error, so this bug class can't regress.
useWallet() stays allowed for connection state (name/connected/connect/
disconnect). Verified the rule fires on a violation and passes the bridge.

Co-Authored-By: Claude Fable 5 <[email protected]>
753cadf2 · claude/consolidate-wallet-bridge · 12/61 ++ 26 --
QSchlegel
QSchlegel · · multisig
fix(auth): use Mesh 1.9 wallet so signData args aren't swapped (VESPR -2) (#277) 
WalletAuthModal signed the nonce with react-2.0's useWallet().wallet, a
low-level CIP-30 wallet whose signData(address, payload) argument order
is swapped relative to Mesh 1.9's signData(payload, address). The call
signData(nonce, address) therefore passed the nonce as the *address* and
the address as the *payload*, so VESPR tried to sign with a bogus signing
address and returned CIP-30 InternalError {code: -2}. (It also explains
the wallet dialog showing the address as the "Nachricht".)

Switch to the 1.9 BrowserWallet via useMeshWallet — the same instance and
(payload, address) order every other signing flow in the app uses. The
UTXOS MeshWallet path is also payload-first, so the single
signData(nonce, address) call is now correct for both wallet types.

Co-authored-by: Claude Fable 5 <[email protected]>
b41a11c9 · preprod · 1/13 ++ 4 --
QSchlegel
QSchlegel · · multisig
fix(auth): use Mesh 1.9 wallet so signData args aren't swapped (VESPR -2) 
WalletAuthModal signed the nonce with react-2.0's useWallet().wallet, a
low-level CIP-30 wallet whose signData(address, payload) argument order
is swapped relative to Mesh 1.9's signData(payload, address). The call
signData(nonce, address) therefore passed the nonce as the *address* and
the address as the *payload*, so VESPR tried to sign with a bogus signing
address and returned CIP-30 InternalError {code: -2}. (It also explains
the wallet dialog showing the address as the "Nachricht".)

Switch to the 1.9 BrowserWallet via useMeshWallet — the same instance and
(payload, address) order every other signing flow in the app uses. The
UTXOS MeshWallet path is also payload-first, so the single
signData(nonce, address) call is now correct for both wallet types.

Co-Authored-By: Claude Fable 5 <[email protected]>
206a3e2d · claude/consolidate-wallet-bridge · 1/13 ++ 4 --
QSchlegel
QSchlegel · · multisig
diag(auth): always show raw signData error, drop false-matching cancel heuristic (#276) 
The cancel/reject heuristic matched any wallet error message containing
"user" (etc.) and rewrote it to "Signing cancelled", which hid the real
UTXOS signData failure even after we started surfacing it. Show the raw
provider message verbatim so the true cause is visible.

Co-authored-by: Claude Fable 5 <[email protected]>
242a8422 · claude/consolidate-wallet-bridge · 1/5 ++ 14 --
v0d1ch
v0d1ch · · hydra-poc
Unify membership checks (#2619) 

  Unify membership checks via BLS accumulator
Replaces the three separate UTxO hash fields (utxoHash, alphaUTxOHash,
omegaUTxOHash) used in Close/Contest redeemers and snapshot signing with
a single accumulatorHash derived from the BLS KZG accumulator. Since the
accumulator already commits to the full UTxO set (utxo ∪ alpha ∪ omega),
the SHA-256 hashes are redundant.
  Key changes:
- Snapshot signing tuple shrinks from 7 fields to 4: (headId, version,
snapshotNumber, accumulatorHash)
- Full fanout now verifies outputs via KZG membership proof (same path
as partial fanout) instead of hash comparison; Fanout redeemer gains
proof, crsRef and numberOfFanoutOutputs fields
- Partial fanout chunk size is determined dynamically via binary search
(findLargestFitting) rather than a hardcoded constant
- isTxWithinSizeLimits added to TinyWallet for transaction size
validation in findFittingFanoutTx
- StalePartialFanoutTx error distinguishes "another node already posted
this step" from a construction failure

---

<!-- Consider each and tick it off one way or the other -->
* [x] CHANGELOG updated or not needed
* [x] Documentation updated or not needed
* [x] Haddocks updated or not needed
* [x] No new TODOs introduced or explained herafter
7994c832 · master · 114/3,575 ++ 1,475 --
QSchlegel
QSchlegel · · multisig
diag(auth): always show raw signData error, drop false-matching cancel heuristic 
The cancel/reject heuristic matched any wallet error message containing
"user" (etc.) and rewrote it to "Signing cancelled", which hid the real
UTXOS signData failure even after we started surfacing it. Show the raw
provider message verbatim so the true cause is visible.

Co-Authored-By: Claude Fable 5 <[email protected]>
0ff76ba7 · claude/auth-signdata-diagnostic · 1/5 ++ 14 --
QSchlegel
QSchlegel · · multisig
diag(auth): surface real wallet signData error instead of generic message (#275) 
WalletAuthModal swallowed the wallet's actual signData exception and
replaced it with "Failed to sign nonce. Please try again." On the UTXOS
smart wallet, signData fails inside the provider with a specific error
("Etwas ist schiefgelaufen") that we were discarding, leaving no way to
diagnose why authorization fails on mobile while getNonce succeeds
server-side.

Surface the underlying message in both the toast and console.error,
while keeping the friendly cancel/reject handling on top.

Co-authored-by: Claude Fable 5 <[email protected]>
fa159de6 · preprod · 1/27 ++ 13 --
QSchlegel
QSchlegel · · multisig
diag(auth): surface real wallet signData error instead of generic message 
WalletAuthModal swallowed the wallet's actual signData exception and
replaced it with "Failed to sign nonce. Please try again." On the UTXOS
smart wallet, signData fails inside the provider with a specific error
("Etwas ist schiefgelaufen") that we were discarding, leaving no way to
diagnose why authorization fails on mobile while getNonce succeeds
server-side.

Surface the underlying message in both the toast and console.error,
while keeping the friendly cancel/reject handling on top.

Co-Authored-By: Claude Fable 5 <[email protected]>
e4b5e0b4 · claude/auth-signdata-diagnostic · 1/27 ++ 13 --
arepala-uml
arepala-uml · · dingo
feat(midnight): Vendor Acropolis midnight_state.proto and add gRPC code generation (#2518) 
* feat(midnight): Added acropolis midnightState protobuf codegen

Signed-off-by: Akhil Repala <[email protected]>

* feat(midnight): Made changes to pin the protoc version used by make proto instead of relying on whichever protoc binary is available on PATH.

Signed-off-by: Akhil Repala <[email protected]>

* feat(midnight): Made changes to verify the downloaded protoc archive used by make proto with platform-specific SHA-256 checksums before extraction

Signed-off-by: Akhil Repala <[email protected]>

* feat(midnight): Made changes where checksum verification now uses sha256sum when available and falls back to shasum for macOS/other environments.

Signed-off-by: Akhil Repala <[email protected]>

---------

Signed-off-by: Akhil Repala <[email protected]>
Signed-off-by: Chris Gianelloni <[email protected]>
Co-authored-by: Chris Gianelloni <[email protected]>
a40e746e · main · 8/3,537 ++ 2 --
chrisguiney
chrisguiney · · dingo
feat(ledger): implement GetAccountState local-state-query 
The final ledger-state query cardano-cli issues while balancing a
transaction. Return the chain's treasury and reserves pots (from the network
state) wrapped in the single-element result array, so the wire shape is
[ [treasury, reserves] ], matching cardano-node. Values are signed because
Coin is an Integer in the ledger.

With this, GetStakePools + GetDRepState + GetAccountState cover the full
query set cardano-cli sends, and `cardano-cli conway transaction build`
completes against Dingo, producing a valid Tx ConwayEra (verified on a Conway
devnet with cardano-cli 11.0.0.0).

Depends on the gouroboros GetAccountState query type; requires a gouroboros
release and a go.mod bump before this builds in CI.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>
228a3e6f · pull/2547/head · 2/69 ++ 0 --
chrisguiney
chrisguiney · · gouroboros
feat(localstatequery): add GetAccountState query 
GetAccountState (Shelley/Conway block sub-query 29) was an unimplemented gap
in the query registry, so the server could not decode it and any client that
sent it (e.g. cardano-cli while balancing a transaction) had its connection
torn down.

Add the query type, register it for decoding, and add the result type and
client method. The result is the account state pots wrapped in the
single-element result array — on the wire [ [treasury, reserves] ] — both
signed, since Coin is an Integer in the ledger (a misconfigured network can
drive reserves negative). Verified against cardano-node's GetAccountState
reply on a Conway devnet.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>
d715162b · pull/1818/head · 3/107 ++ 0 --
chrisguiney
chrisguiney · · dingo
feat(ledger): implement GetDRepState local-state-query 
The second ledger-state query cardano-cli issues while balancing a
transaction (after GetStakePools). Like the others, leaving it unhandled
tore down the local-state-query connection.

Return the registration state of the requested DReps — or of all DReps when
the credential set is empty (matching the Haskell ledger's "empty means
all") — as a map of stake credential -> {expiry epoch, optional anchor,
deposit}, wrapped in the single-element result array cardano-cli expects.
The wire shape was verified against cardano-node: an empty result is the
CBOR `81 a0` ([ {} ]) — note gouroboros' own DRepStateResult client type
omits that wrapper, so cardano-node's bytes are the reference, not the type.

Verified with cardano-cli 11.0.0.0 against the Conway devnet:
`query drep-state --all-dreps` now returns `[]`, matching cardano-node, and
`transaction build` progresses past GetDRepState.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>
c7f1609f · pull/2546/head · 2/102 ++ 0 --
chrisguiney
chrisguiney · · dingo
feat(ledger): implement GetStakePools local-state-query 
cardano-cli issues the GetStakePools ledger-state query while balancing a
transaction (e.g. `transaction build`). Dingo did not handle it, so the
query returned an "unsupported query type" error, which tears down the
local-state-query connection — the client sees
`BearerClosed "<socket: 11> closed when reading data"`.

Implement the query: return the key hashes of the currently active
(registered, non-retired) stake pools as a CBOR set (tag 258) of pool IDs.
cardano-cli is strict about the encoding — a plain (untagged) array fails to
decode with "expected tag", and an unsorted set fails with "Canonicity
violation while decoding Set" — so the IDs are emitted in ascending
canonical byte order, wrapped in the single-element result array the
query's result type decodes from.

Adds a Database.GetActivePoolKeyHashes wrapper over the existing metadata
store method. Verified end-to-end against a Conway devnet with cardano-cli
11.0.0.0: `query stake-pools` now returns the pool set and decodes
successfully, matching cardano-node.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>
727e035a · pull/2546/head · 3/120 ++ 1 --
Showing 25 of 3079 recent commits.