Cardano Updates

Make the Cardano HFC mk-free: Block.hs (CardanoLedgerState + era pattern
synonyms), CanHardFork (EraTranslation diff/values restructure), QueryHF (NS
projection with an era-typed filter), and protocolInfoCardano genesis, which
now produces the per-era genesis Values via the Nary embedding. The canonical
/serialise machinery is stripped from Cardano.Ledger.

There is deliberately no TxIn/TxOut instance for (HardForkBlock xs): tables
are per-era only. With this, lib:ouroboros-consensus:cardano is green.

TODO @js: CardanoTxOut and its IndexedMemPack codecs are retained only
for the deferred snapshot-converter tool.

autodocodec-schema emits draft-07-compatible schemas, and validators such as ajv accept draft-07 by default. Declaring draft 2020-12 was inaccurate and made ajv fail with "no schema with key or ref .../draft/2020-12/schema". Use the draft-07 $schema URI instead.

Add the File path newtype helpers (Basics) and the types shared between CLI arguments and the configuration files, such as NodeDatabasePaths (Common).

The pre-fix predicate used 'Map.lookupMax txOffsets'' to read the
peer's recorded tx size for the size check. When the same tx hash
was referenced in two EBs with disagreeing recorded sizes (a
malformed body delivered under one of them, or any inconsistency
between 'missingEbTxs' and 'reverseEbIndexByTx'), the lex-max EB's
size won the lookup and silently vetoed every peer that offered
the closure.

Replace 'lookupMax + ==' with 'Map.filter (size == target)'
followed by 'not (Map.null …)'. The request now carries the
offsets of every entry that agrees with the target's authoritative
size and a peer is selected as soon as any agreement exists.

matchShape's result type variable was generated from a value-namespace name
(makeRandomVariable), so implicit quantification in the signature did not bind
it and GHC reported 'not in scope'. Rebuild it as a type-variable-namespace
name. (Latent bug surfaced by the new Match activation test.)

Co-Authored-By: Claude Opus 4.8 <[email protected]>

by extracting the shared logic in helpers

so it can be reused in Alonzo

in `mkStAnnTx`

for more per-era control over revalidation of transactions

to replace `applyTxValidation`, operating on `ValidatedTx`.
Define `applyTxValidation` in terms of `applyTxWithValidation`

Adds tests for internal/config covering defaults, env-var loading, YAML loading and precedence, plus reliability hardening of SaveAtomic (F_FULLFSYNC on darwin, explicit enc.Close, per-path mutex via sync.Map, unique tmp via os.CreateTemp, fsynced parent dir with propagated non-ENOTSUP errors, clearConfigEnv test helper). Fixes a precedence bug where envconfig.Process ran after yaml.Unmarshal so env silently overrode YAML and adds LoadWithFlags(configFile, *pflag.FlagSet) which snapshots and re-applies pflag-Changed values so CLI wins over YAML/env per the documented precedence; cmd/adder/main.go now uses LoadWithFlags. Effective order is now CLI > YAML > env > defaults.

BREAKING: deployments that today set an env var to override a YAML key will see the YAML value win after this change.

Closes #708

Signed-off-by: Ales Verbic <[email protected]>

The Match destructor no longer uses head/(tail^n) to index the constructor's
arguments; it binds them with an explicit list pattern

  \case args_ of { [a0, a1, ...] -> f_ (decode a0) (decode a1) ...; _ -> PlutusTx.Builtins.error () }

The wildcard branch is unreachable for well-formed Data and uses the on-chain
error builtin, matching the previous head/tail crash-on-malformed behaviour.

Adds Match/Spec.hs (deriving (AsData, Match) via Plinth) which exercises
matchShape's dispatch + field decoding at runtime, so the codegen is verified
end-to-end in CI like the AsData test.

Co-Authored-By: Claude Opus 4.8 <[email protected]>