Cardano Updates

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Akhil Repala <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

* Add FromJSON (TxOut era) as EraTxOut superclass constraint
* Add FromJSON t as Val t superclass constraint
* Add ToJSON/FromJSON for Datum era
* Add FromJSON for ShelleyTxOut, AlonzoTxOut, BabbageTxOut
* Add FromJSON for MaryValue; fix FromJSON/FromJSONKey for AssetName to hex-decode
* Add round-trip JSON property test for TxOut era

* Add ToJSON, FromJSON and NFData as EraTxWits superclass constraints
* Add ToJSON/FromJSON for WitVKey, BootstrapWitness
* Add ToJSONKey/FromJSONKey for AccountId
* Add ToJSON/FromJSON for Inclusive and Exclusive
* Add FromJSON for TxIn; fix txInToText to use unTxIx
* Add FromJSON for PoolCert
* Add ToJSON/FromJSON for ShelleyTxWits era
* Add FromJSON for AsIx, AlonzoPlutusPurpose AsIx, TxDats, Redeemers, AlonzoTxWits
* Add FromJSON for ConwayDelegCert, ConwayGovCert, ConwayTxCert era, ConwayPlutusPurpose
* Add FromJSON for GovActionId, Voter, Vote, VotingProcedure, ProposalProcedure, GovAction, GovPurposeId
* Add ToJSON/FromJSON for AccountBalanceInterval, DijkstraScript
* Add FromJSON for DijkstraDelegCert, DijkstraTxCert era
* Add round-trip JSON property test for TxWits era

Bumps [github.com/ClickHouse/ch-go](https://github.com/ClickHouse/ch-go) from 0.61.5 to 0.65.0.
- [Release notes](https://github.com/ClickHouse/ch-go/releases)
- [Commits](https://github.com/ClickHouse/ch-go/compare/v0.61.5...v0.65.0)

---
updated-dependencies:
- dependency-name: github.com/ClickHouse/ch-go
  dependency-version: 0.65.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

  finalizedUTxO serializes as a JSON object (UTxO map), but the predicate
  was trying to decode it as [TxOut] which requires a JSON array. The parse
  always returned Nothing, causing every HeadIsFinalized match to fail and
  all fanout cluster tests to time out once HeadIsFinalized is actually
  emitted.

Signed-off-by: Sasha Bogicevic <[email protected]>

* Add ToJSON/FromJSON and NFData as EraTxAuxData superclass constraints
* Add ToJSON/FromJSON for Metadatum
* Add ToJSON/FromJSON for Data era and PlutusBinary
* Add FromJSON for PoolCert, ConwayGovCert, DijkstraDelegCert, DijkstraTxCert era
* Add ToJSON/FromJSON for ShelleyTxAuxData, AllegraTxAuxData, AlonzoTxAuxData
* Add round-trip JSON property test for TxAuxData era

* Add ToJSON/FromJSON as superclass constraints to EraScript
* Add ToJSON/FromJSON instances for MultiSig, Timelock and DijkstraNativeScript
* Add structured JSON serialisation for native scripts across all eras (Shelley, Allegra, Dijkstra)
* Add ToJSON/FromJSON instances for AlonzoScript with structured JSON format
* Rename kindObject (returning Value) to kindObjectValue; add new kindObject returning Aeson.Object
* Fix shelleyBasedEraNativeScriptToJSON and sizedNativeScriptGens to accept a child continuation to correctly handle nested scripts across eras
* Add round-trip JSON property tests for NativeScript and Script to the shared era spec

The "Another instance" import flow failed two ways on mobile:

- The exportWallet endpoints used the allowlist-based CORS middleware,
  so any instance not in CORS_ORIGINS got a rejected preflight and the
  browser surfaced an opaque "Load failed". These endpoints are designed
  for cross-instance calls (credentials omitted, CIP-30 signature
  protected), so give them a public Access-Control-Allow-Origin: *
  policy instead.

- instance-tab passed the raw getRewardAddresses()[0] — hex-encoded
  CBOR bytes in mobile in-app browsers — into Mesh signData (throws on
  hex) and into the origin's bech32 signer-list check (never matches).
  Normalize to bech32 client-side, and defensively server-side too for
  older deployed clients.

Also translate opaque cross-origin fetch errors into an actionable
message, and let the Upload JSON tab accept pasted backup JSON since
mobile in-app browsers often can't reach downloaded files.

Co-authored-by: Claude Fable 5 <[email protected]>

set_start_time rounded systemStart down to the previous 2-min boundary (up to 120s
in the past). Producers forge from genesis; the forecast horizon is 3k/f (75s at
k=5), so a backdate >75s leaves them past the horizon at boot -> NoLedgerView ->
chain dead at genesis. Clock-phase-gated, ~30% flaky. Genesis = now.

The "Another instance" import flow failed two ways on mobile:

- The exportWallet endpoints used the allowlist-based CORS middleware,
  so any instance not in CORS_ORIGINS got a rejected preflight and the
  browser surfaced an opaque "Load failed". These endpoints are designed
  for cross-instance calls (credentials omitted, CIP-30 signature
  protected), so give them a public Access-Control-Allow-Origin: *
  policy instead.

- instance-tab passed the raw getRewardAddresses()[0] — hex-encoded
  CBOR bytes in mobile in-app browsers — into Mesh signData (throws on
  hex) and into the origin's bech32 signer-list check (never matches).
  Normalize to bech32 client-side, and defensively server-side too for
  older deployed clients.

Also translate opaque cross-origin fetch errors into an actionable
message, and let the Upload JSON tab accept pasted backup JSON since
mobile in-app browsers often can't reach downloaded files.

Co-Authored-By: Claude Fable 5 <[email protected]>

  The previous H57 fix threaded snapshotUTxO as utxoForProof into
  FinalPartialFanoutTx, then recomputed presettled = snapshotUTxO -
  remaining inside finalPartialFanout. This included already-distributed
  batches in the presettled set, so buildAndVerifyAccumulator always
  failed with StaleChainState after the first partial batch.

  Fix: compute presettledUTxO = snapshotUTxO - computeFullFanoutUTxO
  once in HeadLogic where both values are available, and thread it
  directly as a named field. Downstream functions receive the exact
  fixed set of elements that are in the accumulator but never distributed
  (mempty in the normal case; utxoToDecommit or utxoToCommit in the
  edge cases).

  Add tests covering all four presettledUTxO cases for both partialFanout
  and finalPartialFanout, including a new genClosedStateWithUnconfirmedCommit
  generator for the pending-but-not-confirmed deposit case.

  Rename utxoForProof -> presettledUTxO in FinalPartialFanoutTx and
  update the api.yaml schema accordingly.

Signed-off-by: Sasha Bogicevic <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: yHSJ <[email protected]>

Deps for the builder/submit path:
- apollo/v2 via the renamed Blink fork (github.com/blinklabs-io/apollo/v2,
  portable pseudo-version; no replace directive)
- dingo v0.52.1 (utxorpc submit), gouroboros v0.182.0
- ch-go held at v0.61.5 (clickhouse-go v2.30.0 compat)

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

set_start_time rounded systemStart down to the previous 2-min boundary (up to 120s
in the past). Producers forge from genesis; the forecast horizon is 3k/f (75s at
k=5), so a backdate >75s leaves them past the horizon at boot -> NoLedgerView ->
chain dead at genesis. Clock-phase-gated, ~30% flaky. Genesis = now.

  When snapshotVersion < closedState.version (a DecrementTx was confirmed
  between the last snapshot and close), the closed-datum accumulator commits
  to snapshotUTxO = utxo <> utxoToDecommit, but fullUTxO for distribution
  excludes the decommit (already paid out). The remaining accumulator was
  built from fullUTxO - batch only, breaking the on-chain KZG split identity
  A_old = P_K · A_new for every chunk size → H57 for all chunks → fanout stuck.

  Fix: track presettled = UTxO.difference proofUTxO remainingUTxO and include
  it in the remaining accumulator at each partial fanout step, and in the proof
  accumulator at the final step. Thread utxoForProof through FinalPartialFanoutTx
  so the chain layer always has the original snapshotUTxO available.

Signed-off-by: Sasha Bogicevic <[email protected]>