Cardano Updates

v2 slices don't expose v1's per-component \`.shell\` / \`.env\`
attributes — \`shell\` is provided at the project level via
\`project.shellFor\`, and that mode covers what this test needs
(a wrapped \`ghc\` / \`runghc\` that can see the package's deps).
\`exposePackagesVia = "ghc-pkg"\` makes \`shell.ghc\` a wrapped
GHC stacking the composed package.db via \`GHC_ENVIRONMENT\`, so
\`runghc ./Point.hs\` and \`ghc Point.hs\` resolve the deps the
same way v1's \`library.env\` did.

Works under both v1 and v2 — no per-component shell required.

Co-authored-by: Copilot <[email protected]>
Signed-off-by: jeluard <[email protected]>

Signed-off-by: Eric Torreborre <[email protected]>

The slice's `$out/dist-newstyle/` carried cabal's source tarballs
and the build tree — hundreds of MB to GB per slice for nontrivial
projects.  Nothing downstream of a successfully-built slice reads
it: subsequent slices only pull from `$out/store/`, and the
diagnostic `checkAgainstPlan` is a separate derivation with its
own dist-newstyle.

Trim it at the end of `installPhase`, after
`comp-v2-builder.nix`'s test/bench install step (which does need
to find the unpinged binary in `dist-newstyle/build/.../<exe>`).
Lift `cache/plan.json` to `$out/plan.json` so it stays available
for human debugging — the rest of `cache/` is internal.

Verified on the ghc967.ghcjs.hello slice: $out shrinks from
~7.9GB to ~1MB, with `bin/`, `store/`, `plan.json`, `unit-ids`,
and `nix-support/` retained.

Signed-off-by: Seydi Charyyev <[email protected]>

v1 (Setup.hs install) for ghcjs preserves the
\`bin/<exe>.jsexe/all.js\` directory layout, which is why
\`comp-builder.nix:450\` appends \`.jsexe/all.js\` to the exe name
for \`isGhcjs && ghc < 9.8\`.  v2 builds via \`cabal v2-build\`,
whose install step bundles the \`.jsexe/\` contents into a single
self-contained \`#!/usr/bin/env node\` script at \`bin/<cname>\` —
there is no \`.jsexe/\` directory in the slice's output.  Use
the bundled-file path so v2's \`exePath\` / \`find\` lookup land
on the file cabal actually produced.

Verified against \`aarch64-darwin.unstable.ghc967.ghcjs.hello\`
(slice surfaced \`bin/hello\` cleanly, no placeholder fallback).

## Summary

Remaining call-site migration after #5270 merged. This branch is rebased
directly onto current `master` and contains the commits that switch
existing wallet call sites onto the ledger-native surfaces introduced by
#5270.

Base branch: `master`.
Follow-ups: #5271, then #5272.

## What is in this PR

| # | SHA | Purpose |
|---|---|---|
| 1 | `84bd668` | Use `constructUnsignedTxLedger` in `balanceTx` paths |
| 2 | `4c8b61b` | Replace `AnyCardanoEra` with `Read.EraValue` in
NetworkLayer |
| 3 | `55097e6` | Build delegation and voting certificates in
`balanceTx` paths |
| 4 | `f5b8ed2` | Replace `StakeAddress` with wallet-owned
`RewardAccount` |
| 5 | `26bad3e` | Migrate `TxMetadata` end-to-end to wallet-owned types
|
| 6 | `d543a6b` | Adapt singleton network conversions to #5270's
`sNetworkIdToLedger` helper |

The foundation work previously described here landed in #5270. In
particular, the wallet-owned `NetworkId`, `TxMetadata`, `SealedTx`,
ledger-native transaction builders, certificate helpers, and witness
helpers are now part of `master`.

## What this PR does not do

- It does not delete the remaining cardano-api bridges.
- It does not remove `cardano-api` from cabal files.
- It does not delete `lib/cardano-api-extra/`.
- It does not finish the `SealedTx` decommission; that remains split
across #5271 and #5272.

## Test plan

- [x] Rebased cleanly onto `origin/master` after #5270 merged
(2026-04-25).
- [x] `nix develop --command cabal build cardano-wallet
cardano-wallet-api cardano-wallet-unit:unit --enable-benchmarks
--enable-tests --minimize-conflict-set -O0 -v0`
- [ ] CI green on the rebased tip.

Note: `just build 'cardano-wallet cardano-wallet-unit:unit'` reaches
unrelated `cardano-wallet-read` deprecation/unused warnings promoted by
`-Werror` on this branch; the same target without `-Werror` passes.

Add a new constructor to `TraceTxSubmissionInbound` to record when
txids are announced by a peer, carrying the list of txids and the
absolute time of receipt.  This enables consumers to reconstruct the
peer metric state from the trace (matching announced txids against
later mempool submission results) and to model time-window expiry
correctly.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

Make ZeroTreasuryWithdrawals a permanent check in gov state transation rule

# Description

Retire the V1 LedgerDB and LMDB dependency along with the
now-unreachable plumbing in the API, the DBAnalyser, and the
snapshot-converter.

The change is structured as four commits so review can follow the
layers:

1. **Remove LedgerDB V1 implementation** — drop the `V1.*` module tree
(DbChangelog, DiffSeq, Forker, Lock, Snapshots, BackingStore +
LMDB/InMemory backends) and its wiring into `openDB`,
`LedgerDbBackendArgs`, `FlavorImplSpecificTrace`, and
  `SeqDiffMK`.
2. **Remove remaining V1 LedgerDB references** — V1-only
DBAnalyser/snapshot-converter options, the V1 BackingStore Lockstep/Mock
and DbChangelog/DiffSeq/LMDB test suites, the now-degenerate
`SerializeTablesHint` type family, unused cabal dependencies,
   and stale V1 notes in the Mempool and API haddocks.
3. **Remove `tryFlush` from the LedgerDB API** — `tryFlush` only ever
did work in V1; in V2 it was a no-op. V2's snapshot work is now run in a
forked thread so it doesn't block the caller.
4. **Drop the second monad parameter from `SnapshotManager`** — V1 took
snapshots in `ReadLocked m`, which is why `SnapshotManager` carried two
monads (`m` and `n`). With V1 gone, `n` collapses into `m`.

 ## Key changes

- Deleted modules: `Ouroboros.Consensus.Storage.LedgerDB.V1` and all its
submodules (`V1.Args`, `V1.BackingStore`, `V1.BackingStore.API`,
`V1.BackingStore.Impl.InMemory`, `V1.DbChangelog`, `V1.DiffSeq`,
`V1.Forker`, `V1.Lock`, `V1.Snapshots`).
- Deleted public sublibrary `ouroboros-consensus:lmdb` (which exposed
`V1.BackingStore.Impl.LMDB`, `.Bridge`, `.Status`).
  - Removed `SeqDiffMK` and the `SerializeTablesHint` type family.
  - Removed the `tryFlush` field of `LedgerDB`.
- Removed the V1 alternatives `LedgerDbBackendArgsV1` and
`FlavorImplSpecificTraceV1`; both types are now `newtype`s with only the
V2 constructor.
- Removed the db-analyser `--lmdb` flag and the `V1LMDB` constructor of
`LedgerDBBackend`.
- Removed the snapshot-converter `--monitor-lmdb-snapshots-in` /
`--input-lmdb` / `--output-lmdb` flags and the `LMDB` constructor of
`StandaloneFormat`.

## Type changes

- `SnapshotManager m n blk st` → `SnapshotManager m blk st`.
`initialize`, `snapshotsMapM_`, `destroySnapshots`, and `trimSnapshots`
lose the `n` parameter accordingly.
- `SerializeTablesWithHint` methods (`encodeTablesWithHint` /
`decodeTablesWithHint`) and their `default*` / `trivial*` helpers now
take `l blk EmptyMK` directly instead of `SerializeTablesHint l
(LedgerTables blk ValuesMK)`.
- `openDB` and `Cardano.Tools.DBAnalyser.Run.openLedgerDB` no longer
require the `LedgerDbSerialiseConstraints blk` constraint.