Cardano Updates

One bisect-safe implementation slice folds T010 (RED: six failing
parity scenarios in TransactionLedgerSpec), T011 (GREEN:
ScriptWitnesses extension + plumbing in Transaction/Ledger.hs +
default updates at all five call sites), and T012 (regression
re-run of the broader TransactionLedger pattern) into a single
subagent commit. The brief in tasks.md is self-contained — the
subagent loads no process skill.

T000-T002 (bootstrap + spec + plan stops) are already done.
T020-T023 are orchestrator-owned finalisation chores (gate
re-run, PR body refresh, finalization audit, drop gate.sh +
mark ready) and do not require a subagent.

The previous SQL paginated by epoch_stake.id (an auto-increment assigned
at insertion time by db-sync). Two replicas with identical chain data
can have different epoch_stake.id ranges for the same epoch — db-sync
recomputes the snapshot per epoch, and rollback/replay can leave gaps
or reorder insertions. Result: page 1 returned a different subset of
stake_address rows on each backend.

Verified on two backends with bit-identical data (md5 of the full set
matched) but different id ranges (91359..92937 vs 93823..95434 for the
same epoch 121, 1579 rows each).

Fix: order by the slot_no of the `delegation` row that established the
(addr, pool) pairing effective in this epoch. slot_no is pure chain
data, stable across any replica. Tiebreak on addr_id.

Applied to:
- /epochs/:number/stakes              (paged + unpaged)
- /epochs/:number/stakes/:pool_id     (paged + unpaged)

Same response shape, same set of rows — just deterministic ordering.

Plan cost: a correlated subquery on `delegation` fires once per
epoch_stake row, served by `idx_delegation_addr_id`. ~7 ms total on
preview's epoch 121 (1579 rows), unchanged from the previous 6.5 ms.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

Signed-off-by: Eric Torreborre <[email protected]>

- Introduced `applyDRepCert` function to streamline DRep certificate operations (register, update, retire) in `buildDRepCertTx.ts`.
- Updated `RegisterDRep`, `Retire`, and `UpdateDRep` components to utilize the new `applyDRepCert` function for better code reuse and clarity.
- Added Jest tests for DRep certificate functionality in `drepCert.test.ts`, covering various scenarios including registration, update, and retirement.
- Created utility functions and fixtures for testing in `cborUtils.ts`, `fixtures.ts`, and `mockProvider.ts`.
- Established a GitHub Actions workflow for running unit tests and uploading coverage reports.
- Set coverage thresholds for critical files to ensure code quality.

Signed-off-by: Akhil Repala <[email protected]>

utxoFromMempool initialized with UTxOInBabbageEra, causing all
evaluations to hit the Babbage rejection branch even for Conway
transactions. Changed to UTxOInConwayEra.

Reorder deserialiseCBOR to try Conway and Dijkstra before Babbage.
Conway transactions can successfully deserialize as Babbage (the
Babbage decoder accepts Conway-era CBOR), wrapping them as
GenTxBabbage and rejecting them as "unsupported era". Older eras
kept as fallbacks for specific diagnostics.

Use eraProtVerHigh in transaction deserialization to accept
transactions from any protocol version within an era (e.g.
Conway PV9 through PV11).

Co-Authored-By: Claude <[email protected]>

Prefer oneOf vs anyOf for the interval representations.
Use mutual exclusion (not/required) to make oneOf entries
non-overlapping when both bounds are present.

Co-Authored-By: Claude <[email protected]>

Schema fixes for Dijkstra-era validation:
- Add SubmitTransactionFailure entries: 3169 (PointerAddressInCollateralReturn),
  3170 (SpendingOutputFromSubTransaction)
- Add ScriptPurpose<Guard> and Clause<Guard> to cardano.json
- Fix AccountBalanceInterval: use anyOf instead of oneOf
- Make ProposedProtocolParameters minFeeReferenceScripts sub-fields optional

Enable Dijkstra ApplyTxError generator and Dijkstra GenTx generator.
GenTx uses genDijkstraShelleyTx which strips sub-transactions to
avoid MemoBytes CBOR round-trip failures in mock protocol peers.

Dijkstra block generation remains excluded: randomly generated blocks
fail CBOR round-tripping in the ChainSync mock peer, likely due to
block header/body hash inconsistency. The consensus codec itself
supports Dijkstra's 5-segment block body.

Add test dependencies: cardano-data, cardano-ledger-dijkstra:testlib.
Import Dijkstra Arbitrary instances.

Co-Authored-By: Claude <[email protected]>

- Add GenTxIdDijkstra to genGenTxId
- Add Dijkstra context error to genContextError
- Add Dijkstra-era MissingScript to genScriptFailure
- Add "guard" to script purpose enum in cardano.json
- Remove stale FIXME comment in Generators.hs
- Regenerate EvaluateTransactionResponse test vectors

Co-Authored-By: Claude <[email protected]>

Add schema definitions for new Dijkstra era fields:
- Transaction: requiredExtraGuards, directDeposits,
  accountBalanceIntervals, subTransactions, requiredTopLevelGuards
- ProtocolParameters: maxReferenceScriptsSizePerBlock
- New types: AccountBalanceInterval (with oneOf for bound variants),
  TopLevelGuard, SubTransaction

New JSON field names introduced across all Dijkstra commits:

  Transaction body (TopTx):
  - requiredExtraGuards: script hash guards (new Dijkstra field)
  - directDeposits: account address to coin map
  - accountBalanceIntervals: list of interval constraints per account
  - subTransactions: nested sub-transactions
  - fee: moved to TopTx-only (SubTx has no fee)

  Transaction body (SubTx):
  - requiredTopLevelGuards: guard credentials with optional datums

  AccountBalanceInterval fields:
  - greaterThanOrEqualTo: inclusive lower bound (coin)
  - strictlyLessThan: exclusive upper bound (coin)

  TopLevelGuard fields:
  - credential: guard credential (key hash or script hash)
  - datum: optional inline datum

  ProtocolParameters:
  - maxReferenceScriptsSizePerBlock: new Dijkstra param

  Script purpose enum:
  - "guard": new Dijkstra script purpose

  Error codes:
  - 3169: PointerAddressInCollateralReturn
  - 3170: SpendingOutputFromSubTransaction

Co-Authored-By: Claude <[email protected]>

Co-Authored-By: Claude <[email protected]>

Both full PParams and PParamsUpdate nest range and multiplier inside
minFeeReferenceScripts to preserve Conway's API shape. For full
PParams, all three sub-fields are always present. For updates, only
the sub-fields being updated are included, and the key is omitted
entirely when none of the three are updated.

Co-Authored-By: Claude <[email protected]>

Gate Dijkstra behind nodeToClientV > V_23 since V_23 is the latest
NodeToClientVersion in ouroboros-consensus 3.0.1.0 and is negotiated
by all networks with node 11.0.1.

On Dijkstra networks (future V_24+), Dijkstra is tried first. On
Conway networks, Conway is tried first. Each list is ordered from
most probable era to least probable.

Verified on preview and preprod that GenTxIdDijkstra does not crash
the node (returns false, loop continues), so this is a performance
optimization to avoid unnecessary round-trips on non-Dijkstra
networks.

Co-Authored-By: Claude <[email protected]>

Signed-off-by: Akhil Repala <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

`haskell-nix-cabal-project-local-sync` was previously included in
the shell's `nativeBuildInputs` and shellHook only when the
project's effective `cabalProjectLocal` had non-empty content.
For targets where none of the platform mkIfs fire and the user
hasn't set anything (e.g. ghcjs), the script was missing from
PATH — so any test that called it directly errored with
`command not found`, and the test's `import:
cabal.project.<targetPrefix>local` then failed because the file
didn't exist either.

Always include the script and always run the shellHook.  When
the project's `cabalProjectLocal` is empty, the script writes an
empty `cabal.project.<targetPrefix>local`, which cabal imports
harmlessly (no-op).  Removes the empty-content gate, so the
shape is the same across all targets.

Verified the ghcjs cabal-sublib-shell test now passes
(`aarch64-darwin.unstable.ghc9141.ghcjs.tests.cabal-sublib-shell.run`)
and the existing native/musl64/wasi32 paths are unchanged.

Real `armv7a-unknown-linux-androideabi-ghc-9.14.1` reports:

  ,("Target platform","armv7-unknown-linux")
  ,("target arch","ArchARM ARMv7 [VFPv3,NEON] SOFTFP")
  ,("target platform string","armv7-unknown-linux")

while dummy-ghc was emitting `armv7a-unknown-linux` / `ArchAArch32`,
diverging the dummy and real `--info` outputs and failing
`x86_64-linux.unstable.ghc9141.armv7a-android-prebuilt.tests.dummy-ghc-info`.

Two normalisations:

* `platformString`: map `cpu.name == "armv7a"` → `armv7`, mirroring
  the existing `i686 → i386` map.

* `target arch`: emit `ArchARM ARMv7 [VFPv3,NEON] SOFTFP` for
  `cpu.name == "armv7a"`, before the generic `isAarch32 →
  ArchAArch32` fallback.

Verified that the dummy-ghc-info test passes on
`armv7a-android-prebuilt` and is unchanged on aarch64-multiplatform,
aarch64-multiplatform-musl, aarch64-android-prebuilt, musl64,
ucrt64, and wasi32.

Bumps [andrewslotin/go-proxy-pull-action](https://github.com/andrewslotin/go-proxy-pull-action) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/andrewslotin/go-proxy-pull-action/releases)
- [Commits](https://github.com/andrewslotin/go-proxy-pull-action/compare/e5aea3b8b3478fc5b76befda4390513868ed2dc8...00af8a5a49c844d6dde0bbbc116b72d8fd7ae97c)

---
updated-dependencies:
- dependency-name: andrewslotin/go-proxy-pull-action
  dependency-version: 1.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>