Cardano Updates

Defensively skip nil entries when building the GetDRepState result so the
dereferences (drep.Credential, drep.ExpiryEpoch) can't panic. The current
contracts already prevent nil — Database.GetDrep returns ErrDrepNotFound
rather than (nil, nil), and GetActiveDreps yields no nil entries — but the
guard covers both the filtered and all-DReps paths at the dereference site
and is robust to future contract changes.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

drepDeposit read ls.currentPParams without the read lock, racing concurrent
ledger updates during local-state-query handling. Take ls.RLock() like the
other currentPParams readers; the sole caller (queryShelleyDRepState) does
not hold the lock, so there is no double-acquire.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

The final ledger-state query cardano-cli issues while balancing a
transaction. Return the chain's treasury and reserves pots (from the network
state) wrapped in the single-element result array, so the wire shape is
[ [treasury, reserves] ], matching cardano-node. Values are signed because
Coin is an Integer in the ledger.

With this, GetStakePools + GetDRepState + GetAccountState cover the full
query set cardano-cli sends, and `cardano-cli conway transaction build`
completes against Dingo, producing a valid Tx ConwayEra (verified on a Conway
devnet with cardano-cli 11.0.0.0).

Depends on the gouroboros GetAccountState query type; requires a gouroboros
release and a go.mod bump before this builds in CI.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

The second ledger-state query cardano-cli issues while balancing a
transaction (after GetStakePools). Like the others, leaving it unhandled
tore down the local-state-query connection.

Return the registration state of the requested DReps — or of all DReps when
the credential set is empty (matching the Haskell ledger's "empty means
all") — as a map of stake credential -> {expiry epoch, optional anchor,
deposit}, wrapped in the single-element result array cardano-cli expects.
The wire shape was verified against cardano-node: an empty result is the
CBOR `81 a0` ([ {} ]) — note gouroboros' own DRepStateResult client type
omits that wrapper, so cardano-node's bytes are the reference, not the type.

Verified with cardano-cli 11.0.0.0 against the Conway devnet:
`query drep-state --all-dreps` now returns `[]`, matching cardano-node, and
`transaction build` progresses past GetDRepState.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

cardano-cli issues the GetStakePools ledger-state query while balancing a
transaction (e.g. `transaction build`). Dingo did not handle it, so the
query returned an "unsupported query type" error, which tears down the
local-state-query connection — the client sees
`BearerClosed "<socket: 11> closed when reading data"`.

Implement the query: return the key hashes of the currently active
(registered, non-retired) stake pools as a CBOR set (tag 258) of pool IDs.
cardano-cli is strict about the encoding — a plain (untagged) array fails to
decode with "expected tag", and an unsorted set fails with "Canonicity
violation while decoding Set" — so the IDs are emitted in ascending
canonical byte order, wrapped in the single-element result array the
query's result type decodes from.

Adds a Database.GetActivePoolKeyHashes wrapper over the existing metadata
store method. Verified end-to-end against a Conway devnet with cardano-cli
11.0.0.0: `query stake-pools` now returns the pool set and decodes
successfully, matching cardano-node.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

v0.183.0 removes leios as a ledger era: the endorser-block types
(LeiosEndorserBlock, LeiosTransactionReference,
NewLeiosEndorserBlockFromCbor) moved from ledger/leios to ledger/common,
and the leios era id and its block/tx/header type constants were dropped.

- Repoint the three endorser-block usages in ouroboros/leios_merged.go and
  ledger/forging/forger.go to ledger/common (types unchanged).
- Update the nonce-stability-window era-dispatch test to use Dijkstra — the
  real post-Conway Praos era that production already enumerates — as the
  4k/f regression guard in place of the removed Leios era.
- Bump ouroboros-mock to v0.13.0, which renames its Dijkstra-era fixture
  decoders off the removed leios constants; v0.12.0 fails to compile against
  gouroboros v0.183.0.

No production behavior change; the endorser-block CBOR and the post-Conway
4k/f window are unchanged.

Signed-off-by: Chris Guiney <[email protected]>
Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Hyperledger Bot <[email protected]>

Move the manual tmp_u5c_test checks into the streamlined e2e suite as three
`kind: u5c` legs against the Demeter utxorpc endpoints. Converts the old
time-bounded run.sh approach to the standard exit-code gate via a WorkStats
finalization policy (3 blocks → exit 0); a #921-style regression (reset loop,
no apply events) never finalizes → timeout → fail.

API keys are parameterized as ${DMTR_UTXORPC_KEY_*} (resolved by envsubst from
GitHub secrets) rather than hardcoded — the scratch files held real-looking
keys and this repo is public. The e2e image is built --all-features, so U5C is
available (and now TLS-safe per the preceding crypto-provider fix).

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

The U5C source connects over TLS via tonic/rustls. In builds that pull more
than one rustls crypto provider (e.g. the `aws` feature brings in aws-lc-rs
alongside ring), rustls has no process-default provider and panics on the
first TLS handshake (`no process-level CryptoProvider available`). Install the
ring provider once at startup, gated on the `u5c` feature.

This only surfaced now because nothing exercised U5C in a multi-provider build;
the manual u5c tests built `--features u5c` alone (single provider).

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

v0.183.0 removes leios as a ledger era: the endorser-block types
(LeiosEndorserBlock, LeiosTransactionReference,
NewLeiosEndorserBlockFromCbor) moved from ledger/leios to ledger/common,
and the leios era id and its block/tx/header type constants were dropped.

- Repoint the three endorser-block usages in ouroboros/leios_merged.go and
  ledger/forging/forger.go to ledger/common (types unchanged).
- Update the nonce-stability-window era-dispatch test to use Dijkstra — the
  real post-Conway Praos era that production already enumerates — as the
  4k/f regression guard in place of the removed Leios era.
- Bump ouroboros-mock to v0.13.0, which renames its Dijkstra-era fixture
  decoders off the removed leios constants; v0.12.0 fails to compile against
  gouroboros v0.183.0.

No production behavior change; the endorser-block CBOR and the post-Conway
4k/f window are unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

v0.183.0 removes leios as a ledger era and renames the Dijkstra era's
block/tx/header type constants accordingly. Update the fixture era decoders
to the new names: BlockTypeLeiosRanking -> BlockTypeDijkstra, TxTypeLeios ->
TxTypeDijkstra, BlockHeaderTypeLeios -> BlockHeaderTypeDijkstra (the
"dijkstra" era cases). No behavior change.

Signed-off-by: Chris Guiney <[email protected]>
Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Move the run/dmtrcli logic out of e2e.yaml into .github/e2e/scripts/
(run-test.sh, setup-dmtr-socket.sh, stop-dmtr-tunnel.sh), invoked from the
workflow steps. Scripts read the same env vars the steps already set; committed
with the executable bit so they run after checkout.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

The three relay.cnode-m1.demeter.run endpoints are different networks, not
redundant mainnet relays:
  :3000 = Mainnet, :3001 = PreProd, :3002 = Preview

Point the mainnet legs at :3000 (only) and the preview n2n legs at :3002,
replacing the public preview relay. (:3001/PreProd is unused — no preprod legs.)

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

Replace the IOG public mainnet relay with the three Demeter relay endpoints
(relay.cnode-m1.demeter.run:3000-3002) across the 5 mainnet n2n legs
(assert-n2n-mainnet-{origin,tip}, aws-{s3,sqs,lambda}).

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>