Cardano Updates

Move the ghc-shim construction (cabal near-compiler aliases, ghcjs `ar command` settings patch, native-musl unlit/iserv aliases) out of `build-cabal-slice.nix` into `builder/ghc-shim.nix` so the v2 shell can use the same base.

`shell-for-v2.nix` previously did:

* cabal-store mode: `shellGhc = ghc` (raw) — no aliases, no `-B<libdir>` for musl, no ghcjs settings patch.  A `.lhs` compile or TH eval in this shell on musl ≥ 9.10 / ghcjs would hit exactly the same failures the slice did before the recent fixes.

* ghc-pkg mode: a `wrappedGhc` that took raw `ghc/bin/*` and wrapped just `ghc{,i,-version,i-version,-pkg}` / `runghc{,haskell}` / `haddock` with `GHC_ENVIRONMENT` / `GHC_PACKAGE_PATH` env vars.  Same alias gap.

Now both modes build on `baseShim = makeGhcShim { inherit ghc; }` (same derivation `build-cabal-slice` points `--with-compiler=` at):

* cabal-store mode: `shellGhc = baseShim` — byte-identical to the slice's ghc.

* ghc-pkg mode: `wrappedGhc` layers makeWrapper env-var wrappers on the shim's bins.  Wrapping a wrapper is fine — the outer wrapper exec's `baseShim/bin/...` which exec's real ghc with `-B<libdir>` (when applicable).  Symlinks every non-wrapped shim binary into `$out/bin/` so PATH still finds alex/happy/hsc2hs/unlit/etc.

No semantic change to the slice's behaviour; shell now inherits the alias fixes.

Verified on aarch64-darwin.unstable.ghc967.native.tests.shell-for-setup-deps.run.

Mirror v1's `ghc-for-component-wrapper.nix:136-139` workaround in v2's slice builder, and add `ghc-iserv-dyn` to v1.

Native-musl cross-ghc ≥ 9.10 ships only `<prefix>unlit` / `<prefix>ghc-iserv[-dyn|-prof]` in its `bin/` (no unprefixed alias).  GHC's literate / iserv lookup is relative to its own binary path (`<topdir>/bin/unlit`), so without an unprefixed alias under `<topdir>/bin/` it fails with `Literate pre-processor: could not execute …/bin/unlit`.

Fix in `build-cabal-slice.nix`: on native-musl ≥ 9.10, lndir real ghc's libdir into the shim, wrap the ghc binaries with `-B$out/<libRel>` (computed from `--print-libdir`), and add unprefixed aliases for `unlit` + `ghc-iserv*`.  The aliases are guarded on existence so a ghc lacking `ghc-iserv-dyn` (ghc967, ghc984) skips that one alias rather than dangling.

Fix in `ghc-for-component-wrapper.nix`: add `ghc-iserv-dyn` to the existing alias block.

Surveyed real ghc bin/ across ghc967, ghc984, ghc9103, ghc9124, ghc9141 musl64: 9.10+ have all four binaries; 9.6 / 9.8 have none (and their `>9.9` / `>=9.10` gate doesn't fire, so they don't try).

Verified passing on x86_64-linux.unstable.ghc9103.musl64.tests.literate-haskell.build.

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Flake lock file updates:

• Updated input 'CHaP':
    'github:input-output-hk/cardano-haskell-packages/61c9835abcfc3a6c9b6279226d4502fa877bb6a7?narHash=sha256-LI4R%2BYl7cy9uO/jWXpo93mUyVMR/UhOoDFVbHV7/abw%3D' (2026-05-08)
  → 'github:input-output-hk/cardano-haskell-packages/2d77199bbdf795a52169bbcf8eae88aee3794bad?narHash=sha256-6KW3OSVTA7yBvOEgFXmQrquSwN9wX3r5Hfk3mgnUfso%3D' (2026-05-13)
• Updated input 'emanote':
    'github:srid/emanote/37a89ab0d94f7c8f91a4604fc3b5bb4f1abb120a?narHash=sha256-UcsVa4YYAyBk5LQj%2BR8wOovEsm0CKYEvjSakHQTVdIk%3D' (2026-05-10)
  → 'github:srid/emanote/64a8635e8fd69de932d27dc4c823c49ae0eac594?narHash=sha256-AkTPllEo7ZHzhD2lrtGimISCIGDkqNccznMiKDmluns%3D' (2026-05-15)
• Updated input 'emanote/unionmount':
    'github:srid/unionmount/af0b6b817d89bc86c318d8ea9680f628d0e4978f?narHash=sha256-Jd6lx0G3Y9VCaXVPx1wP1STEUul2XKckxLUDMFMd4tY%3D' (2026-05-06)
  → 'github:srid/unionmount/7b631ebe44d1b9e3e6bc39c9acb97645ddf8b9ba?narHash=sha256-SyJUttW4blD%2B1OW8yCMWndN1OxVP/pSJRmboIE9bQDM%3D' (2026-05-11)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/0678d8986be1661af6bb555f3489f2fdfc31f6ff?narHash=sha256-qIoWPDs%2B0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ%3D' (2026-05-05)
  → 'github:hercules-ci/flake-parts/f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb?narHash=sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4%3D' (2026-05-13)
• Updated input 'haskell-nix':
    'github:input-output-hk/haskell.nix/3b751eced7673d91ae7de4fd84013eb99d57b85b?narHash=sha256-mpCxzNwQ5EX6JI5htVlzIRoSw5pUKBtnGgxusk5Xk/A%3D' (2026-05-10)
  → 'github:input-output-hk/haskell.nix/ecfcaa3151563f42565f5580307d4bbf99f0925c?narHash=sha256-aqMNjBtGXpO/ARrkihBJzldQQrW%2BLEKMqdt3Bbc7rfg%3D' (2026-05-17)
• Updated input 'haskell-nix/hackage':
    'github:input-output-hk/hackage.nix/4870bf28db0a1f79fc0ece18c544e944d7ccbec1?narHash=sha256-YtMmC8kLzAMp72xkLwxU6y%2BtKtxn9csuTqrjMLn8Nr0%3D' (2026-05-10)
  → 'github:input-output-hk/hackage.nix/fc0a8974b156018427014b23f21a3a7e553714d4?narHash=sha256-Ak1ZTnsu33IKx1PQdalx9qBTpDrGtb1xeCRj2/%2Bveqo%3D' (2026-05-17)
• Updated input 'haskell-nix/hackage-for-stackage':
    'github:input-output-hk/hackage.nix/d7afcbf497a457f51dfbb73798656c9bcc78c989?narHash=sha256-Oafnecz9FjEdsejwYszbxgqjsURnlQVWGiKyADKYIVI%3D' (2026-05-10)
  → 'github:input-output-hk/hackage.nix/318f304831f26ba2d9f8c0f9dcc914aff1878710?narHash=sha256-QJgROerh6vsyyTgHOSe8MBAgRaCDwKqkNQDZkGYmNeg%3D' (2026-05-17)
• Updated input 'haskell-nix/stackage':
    'github:input-output-hk/stackage.nix/166b880930f411975aec6c0238d95e498e0bc45e?narHash=sha256-DwLWzpWyPwubVRZCZLhsc2R4aUeNEGng1vL08kZZunk%3D' (2026-05-07)
  → 'github:input-output-hk/stackage.nix/ffee50f3d3732a3bcbfd0364105c10de0b28c711?narHash=sha256-hOaeX9sb8OToTbKVlLHzErIcHq28eD3RTtZIrPosWdU%3D' (2026-05-17)
• Updated input 'hercules-ci-effects':
    'github:hercules-ci/hercules-ci-effects/e2456ee419f9d75f8382e3d6c5af4690b316a5a8?narHash=sha256-wA%2BONiwbvQIy7ERJx/ruhV7y5xku6XKstXCII5bIbdI%3D' (2026-04-19)
  → 'github:hercules-ci/hercules-ci-effects/af4331c44f13977b6964745454eadcfee2d244d1?narHash=sha256-OOEWyt8ma7QAysDbiP65J7li7KIdtZfnbA11gFnwyEI%3D' (2026-05-16)
• Updated input 'hercules-ci-effects/flake-parts':
    'github:hercules-ci/flake-parts/3107b77cd68437b9a76194f0f7f9c55f2329ca5b?narHash=sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA%3D' (2026-04-01)
  → 'github:hercules-ci/flake-parts/f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb?narHash=sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4%3D' (2026-05-13)
• Updated input 'hercules-ci-effects/nixpkgs':
    'github:NixOS/nixpkgs/4c1018dae018162ec878d42fec712642d214fdfa?narHash=sha256-ar3rofg%2BawPB8QXDaFJhJ2jJhu%2BKqN/PRCXeyuXR76E%3D' (2026-04-09)
  → 'github:NixOS/nixpkgs/da5ad661ba4e5ef59ba743f0d112cbc30e474f32?narHash=sha256-zi7/fsqM/kFdNuED//4WOCUtezGtKKqRNORjMvfwjnA%3D' (2026-05-10)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9f15025aa9053aaadfdcd195d20c85a68c0900e6?narHash=sha256-zVzmkBPZy/1xqj0Vkj03K%2BmzHDPOVeMqq%2BUFAiJxRn8%3D' (2026-05-10)
  → 'github:NixOS/nixpkgs/65e451e0d2f4b9f3baa27566cd27cc430a4303ec?narHash=sha256-znYfvMw9Mh3f0c384cOUgqhjrb/vaTCXrcg9q6KtSkI%3D' (2026-05-17)
• Updated input 'pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/3cfd774b0a530725a077e17354fbdb87ea1c4aad?narHash=sha256-PcRvlWayisPSjd0UcRQbhG8Oqw78AcPE6x872cPRHN8%3D' (2026-04-21)
  → 'github:cachix/pre-commit-hooks.nix/61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a?narHash=sha256-kTwur1wV%2B01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs%3D' (2026-05-11)

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

cabal's per-compiler store dir is `ghc-<version>-<abi>`. GHC ≥ 9.8 reports `Project Unit Id: ghc-<version>-inplace` from which cabal infers `compiler-abi: inplace`; earlier GHCs omit the field and cabal records an empty abi (so the dir is just `ghc-<version>`).

shell-for-v2 hardcoded `ghc-<version>-inplace`, which mismatches the actual lndir-composed `ghc-<version>` dir for GHC < 9.8 — `tests.shell-for-setup-deps.run` on ghc967 failed with `ghc-pkg-9.6.7: /shell-store/ghc-9.6.7-inplace/package.db: getDirectoryContents:openDirStream: does not exist`.

Mirror dummy-ghc's own version gate (`pkgs.lib.versionAtLeast ghc.version "9.8"`) when picking the suffix. Verified on aarch64-darwin.unstable.ghc967.native.tests.shell-for-setup-deps.run.

Real GHC < 9.12 omits this field entirely across every target surveyed (mingw, aarch64-multiplatform, musl64, native); GHC ≥ 9.12 emits "YES" on wasm and "NO" elsewhere. The dummy was unconditionally emitting "NO" on every non-wasm branch (and used a free-standing "YES"/"NO" toggle on the wasm/ghcjs branch), so the dummy-ghc-info diff test now trips for ghc984.ucrt64 etc. after the recent un-ignoring of this field.

Gate the emission on `builtins.compareVersions ghc.version "9.12" >= 0` per branch; keep the "YES vs NO" choice for the wasm branch.

Verified passing on: aarch64-darwin.unstable.ghc984.ucrt64, aarch64-darwin.unstable.ghc9124.wasi32, aarch64-darwin.unstable.ghc9124.native.

also polish track_peers and peer_selections as well as weed out some
dead_code

Signed-off-by: Roland Kuhn <[email protected]>

Wasm 9.12+ GHC's RTS linker only supports shared libraries, and TH-eval's dyld needs a `.so` for every transitively reachable lib. Three connected fixes:

* `lib/dummy-ghc.nix`: real wasm 9.12+ GHC reports `target RTS linker only supports shared libraries: YES`; dummy was lying with `NO`. Per-version-gated so 9.6 / 9.8 / 9.10 wasm keep the legacy value.

* `test/dummy-ghc-info/default.nix`: un-ignore `target RTS linker only supports shared libraries` so the diff test catches this kind of divergence going forward. The prior comment claimed cabal didn't consult the field — that's true for the `pkgHashConfigInputs` hashing step, but the field still matters for shared-vs-static elaboration and is load-bearing for any other check that compares dummy vs real.

* `builder/comp-v2-builder.nix`: cabal's `--enable-shared` decision is driven by the `Support shared libraries` field (which real wasm GHC doesn't set), so plan-nix still records `--disable-shared` for wasm packages even with the dummy fix. v1 papered over this with the `enableShared || isWasm` clause in `comp-builder.nix:44`; v2 reads `configure-args` straight from plan-nix, so override the resulting pragma here to `shared: True` for wasm ≥ 9.12. Without this, TH-evaluating modules (e.g. `th-orphans`) fail at compile time with `dyld.findSystemLibrary(libHS…-…so): not found` plus `wasm-ld: error: unable to find library -lHS…-ghc<v>`.

* `builder/build-cabal-slice.nix`: add `gawk` to nativeBuildInputs. Darwin's stdenv `setup.sh` calls `awk` during fixup but darwin's default sandbox PATH doesn't carry it; build-cabal-slice's own diagnostics also use `awk`.

Verified on `aarch64-darwin.unstable.ghc9124.wasi32.tests.js-template-haskell.build` and `aarch64-darwin.unstable.ghc9124.{wasi32,native}.tests.dummy-ghc-info`.

Flip the ouroboros-network SRP pin from the upstream
'main-peras-5202-merged' tag to the local 'leios-prototype-remake' branch
(file://path so the project-specific repo can later pin the same SHA).
Adapt the consensus side to two API changes from chunk N:

1. BearerBytes class replaces dataSize on ProtocolSizeLimits.
   - byteLimitsLeiosFetch/byteLimitsLeiosNotify drop their (bytes -> Word)
     parameter.
   - Every byteLimits* call site loses its (const 0) / size argument
     (consensus diffusion's noByteLimits/byteLimits records and the
     PeerSimulator chainSyncNoSizeLimits/blockFetchNoSizeLimits).
   - mkApps on N2N and N2C grows BearerBytes constraints for each bytes
     parameter; Ouroboros.Network.Protocol.Limits is imported for it.

2. Reception arrival-time wrapping on channel recv.
   - Every (a, Maybe bytes) trailing in N2N/N2C aChainSync*/aBlockFetch*/
     etc. becomes (a, Maybe (Reception bytes)).
   - createConnectedChannelsWithDelay in ThreadNet/Network wraps recv'd
     values with `MkReception IntMap.empty` (mirroring how the network
     repo's tests/demos synthesise trailings — no real arrival times when
     the channel is an in-process TMVar).
   - PeerSimulator ChainSync/BlockFetch runners strip the Reception when
     packaging results into PeerSimulatorResult (`fmap received trailing`).
   - immdb-server's MiniProtocols re-add the arrival timestamps in the
     JSON tracers — restoring the `mux_at` field the C8 commit had to
     placeholder while the old SRP didn't carry them.

Unrelated upstream-drift fixes folded in:
- TraceSendMsg/TraceRecvMsg now carry a Time / Maybe Time argument; the
  PeerSimulator.Trace pattern is updated.
- FetchModeGenesis constructor renamed to GenesisFetchMode in
  Ouroboros.Network.BlockFetch.ConsensusInterface; updated in the
  BlockFetch test + PeerSimulator.BlockFetch.
- Node.hs: Cardano.LedgerPeersConsensusInterface's `getBlockHash` field
  renamed to `getImmutableBlockPoint` returning Either
  GetImmutableBlockPointError, with separate error cases for
  Genesis/NotYetImmutable.
- ChurnMode is now newtype { getFetchMode :: FetchMode }; replace
  `ChurnModeNormal` with `ChurnMode (PraosFetchMode FetchModeDeadline)`.
- Qualify NodeKernel.getFetchMode to disambiguate from
  Cardano.Network.PeerSelection.Churn's identically-named field.

End-to-end gate after migration:
- cabal build all (including --enable-tests): clean.
- cardano-test -p "Leios" --quickcheck-tests=200: PASS, 1/1, 78.6s.
- consensus-test -p "Peras": PASS, 7/7, 2.3s.
- leios-schedule-gen smoke + immdb-server --help: green.

Co-Authored-By: Claude Opus 4.7 <[email protected]>

Flake lock file updates:

• Updated input 'advisory-db':
    'github:rustsec/advisory-db/881a159' (2026-05-07)
  → 'github:rustsec/advisory-db/f2ae5fc' (2026-05-16)
• Updated input 'blockfrost-tests':
    'github:blockfrost/blockfrost-tests/dac734c' (2026-05-15)
  → 'github:blockfrost/blockfrost-tests/7c8dfa8' (2026-05-15)
• Updated input 'fenix':
    'github:nix-community/fenix/f54d645' (2026-05-09)
  → 'github:nix-community/fenix/ecd6d4f' (2026-05-16)
• Updated input 'fenix/rust-analyzer-src':
    'github:rust-lang/rust-analyzer/73ca1d4' (2026-05-08)
  → 'github:rust-lang/rust-analyzer/1a68212' (2026-05-15)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/0678d89' (2026-05-05)
  → 'github:hercules-ci/flake-parts/f7c1a2d' (2026-05-13)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/0c88e1f' (2026-05-05)
  → 'github:nixos/nixpkgs/d7a713c' (2026-05-14)

Brings back the immdb-server's Leios bits — the schedule-driven LeiosNotify
and LeiosFetch servers — plus the prototype's schedule generator as a
standalone binary.

Source modules (under unstable-cardano-tools):

- Cardano/Tools/ImmDBServer/Json.hs (+ Json/Say.hs + Json/SendRecv.hs)
  Atomic JSON-line tracer (`mkUltimateTracer`) used by the schedule-driven
  immdb-server.
- Cardano/Tools/ImmDBServer/MiniProtocols.hs
  Grafted onto main's structure: keep the modern `Cardano.Network.NodeToNode`
  imports + `PerasUnsupported` in `stdVersionDataNTN`, add the
  schedule-driven `leiosNotifyProt` / `leiosFetchProt`, plus the
  per-message send/recv JSON tracers (`maybeShowSendRecvCS/BF/LF`,
  `mapBFEvent`).  `chainSyncServer` now consults `getSlotDelay` so blocks
  are released at their wallclock slot.  Leios mini-protocol limits are
  inlined locally (5 MiB ingress queue) since `Consensus.N2N` no longer
  exposes leios-specific limit helpers.
- Cardano/Tools/ImmDBServer/Diffusion.hs
  Exports `LeiosSchedule` + extended `run` taking `getSlotDelay`,
  `leiosDbFile`, `LeiosSchedule`.  The scheduler thread feeds
  `MP.leiosMailbox` from the time-ordered schedule entries.  Server plumbing
  uses main's `Server.with`-shaped API.

Executables:

- app/immdb-server.hs gains `--leios-db`, `--leios-schedule`,
  `--initial-slot`, `--initial-time` (+ `--address`).  Slot-to-wallclock
  uses a 1-second slot assumption.
- app/leios-schedule-gen.hs is the prototype's `leiosdemo202510.hs` carrying
  only the `generate` subcommand: read a JSON manifest, write a SQLite
  Leios DB + a matching schedule JSON.  Per-message helper subcommands
  (MsgLeiosBlock*, ebId-to-point, fetch-logic-iteration, hash-txs,
  cache-copy) are intentionally dropped; those were used by the November
  demo shell scripts, which are out of scope.

Drift note: the JSON tracers now set `mux_at = Nothing` instead of an
arrival timestamp.  The prototype's "arrival-time on TraceRecvMsg" patch
lives on the leios-prototype `ouroboros-network` fork; until that pin is
flipped, `TraceSendMsg` / `TraceRecvMsg` here only carry the message.

Library deps added to `unstable-cardano-tools`: `io-classes:si-timers`,
`time`, `typed-protocols`.  `immdb-server` exe adds aeson, cardano-slotting,
time.  New `leios-schedule-gen` exe pulls direct-sqlite, base16-bytestring,
cardano-binary, cardano-crypto-class, cborg, random, vector, etc.

Smoke-tested end-to-end: a minimal manifest produces a valid SQLite DB and
a schedule JSON with the expected MsgLeiosBlockOffer/MsgLeiosBlockTxsOffer
entries.  `cabal build all` clean.

Refs: #1718, #1724, #1883

Co-Authored-By: Claude Opus 4.7 <[email protected]>

Pulls in the synthetic rollback vector corpus and the rollback-replay
reward-balance fix from blinklabs-io/ouroboros-mock#191 and #192.
TestRulesConformanceVectors now exercises 315 vectors (314 Amaru +
1 synthetic rollback) with 100% pass rate. No conformance-adapter
changes required — Reset() and LoadInitialState() on DingoStateManager
already satisfy the harness-side replay model.

Refs: blinklabs-io/dingo#1856 (phase 2C).

Signed-off-by: Chris Guiney <[email protected]>