Cardano Updates

Surface the ready-to-run configs under examples/ in the v2 docs. Adds a
new Examples section with a how-to-run intro (run from the example dir),
a companion-files/setup guide, categorized index tables linking each
example to GitHub with a Setup column, and three inlined end-to-end
recipes. Cross-linked from the introduction page.

Excludes examples/pool_metadata (references the removed Deno filter) and
examples/_deprecated.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

Signed-off-by: KtorZ <[email protected]>

All three findings verified against the implementation:

- sql_db: `record` is `null` on reset events (hbs_data renders the reset
  template with record=None -> null), not omitted.
- zeromq: clarify that events without a record (resets) are skipped and
  not published (zeromq.rs returns early when record.is_none()).
- docker: reword the tags intro; only `sha-*` is per-build, while
  `latest`/`stable`/semver tags are gated by branch/tag triggers.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

The top-level [finalize] block is not wired to the runtime (ConfigRoot.finalize /
Context.finalize is deserialized but never consumed). The WorkStats filter is the
only working finalization mechanism, so document it as such. Follow-up to remove the
dead config tracked in #938.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

Flake lock file updates:

• Updated input 'CHaP':
    'github:input-output-hk/cardano-haskell-packages/bc93f1caabfdc4d38c5b44e6eea8f5b8f535775a?narHash=sha256-3YDsDhjAcm5QatdluTKuQ9WeDdwrxZMnKH587pVyv9o%3D' (2026-06-02)
  → 'github:input-output-hk/cardano-haskell-packages/0aa7afd943dbcf2dc51fe652c982da281f8cb621?narHash=sha256-lipiKNOJ/NIGO/pcwQT030%2BsSgbTkP3N0w/ck5jBJlw%3D' (2026-06-10)
• Updated input 'haskell-nix':
    'github:input-output-hk/haskell.nix/08b27295bfecb9e057eda635f676733b461bec64?narHash=sha256-ujViTkgO8rGoTRLSZxgWnPkciw%2BTGzBIVsL81KcRjz4%3D' (2026-06-07)
  → 'github:input-output-hk/haskell.nix/6c5002f0ff6c9ace7912f631037062b34217dfc4?narHash=sha256-qao/Z/C9VkPfReFAPMZdFJYfHT9wnXTAlU6sBDdLtss%3D' (2026-06-14)
• Updated input 'haskell-nix/hackage':
    'github:input-output-hk/hackage.nix/986511a754b71eeab27e5c61843b01f8f7d0bdd7?narHash=sha256-Vm3brZrmc%2BzcJCndzr0nmQZ%2BpskgbnZcOVxVIzfe/zo%3D' (2026-06-07)
  → 'github:input-output-hk/hackage.nix/47bf40dc8656dde45659f2cacf5a57b1316f6904?narHash=sha256-cvS8/no4kVkNQhtmCRnAWLCn1C%2B5VvCvwMDyvE3QtJ4%3D' (2026-06-14)
• Updated input 'haskell-nix/hackage-for-stackage':
    'github:input-output-hk/hackage.nix/4b4a5d5c7fe95e6e2e857e19a9380edd599eba08?narHash=sha256-Mqw%2Bw/IkQCKQ%2BoOUJdNccAPsZz/AJR6WlDrotVr%2B%2Bxc%3D' (2026-06-07)
  → 'github:input-output-hk/hackage.nix/caf95ada373db6002b152de311e10654a97b3ba7?narHash=sha256-bbFORKtmhvknFvPpSBwuDFQUW3j/vqgLjMe4X8xjDpY%3D' (2026-06-14)
• Updated input 'haskell-nix/stackage':
    'github:input-output-hk/stackage.nix/4c667204ecf3973b72a3f482572864fffcdabb25?narHash=sha256-Le3RUWp3CrAdH%2BXgXCBvxGqmosCgC9I/yQPhpC2PFdA%3D' (2026-06-07)
  → 'github:input-output-hk/stackage.nix/196744650c154c553c925bcbc5033b5b9548e248?narHash=sha256-mQs4Xo%2Bj9RzlcRHyb3KqVFK6RBAc6t7esSMAtMOLsB4%3D' (2026-06-14)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/ca14f513f38c08235d72944890596a4ddbbe76f0?narHash=sha256-qS0lSxHzqqq%2B7wuIC85QgqlAt76H4bBjxv63gOEziC4%3D' (2026-06-07)
  → 'github:NixOS/nixpkgs/86ab56c5680e27f7536d666f11620122f81b87a6?narHash=sha256-gMSeTjmluyNTrPehc77NR7oyTaG43GX9cAo2E8%2B9ig8%3D' (2026-06-14)

The docker install reference only mentioned `latest` plus a single
pre-release versioned example. The Docker CI workflow
(.github/workflows/docker.yml) actually publishes: latest (main tip),
stable (newest release), v{major}, v{major}.{minor}, v{version}, and
sha-{commit}.

- add a table covering every published tag and when it updates
- clarify that `latest` tracks `main`, not the latest release
- use the v2.1.0 release (not a pre-release) as the pin example

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

fix(db): cap pg pool + stop retrying pool saturation (Supabase EMAXCONNSESSION)

Audit of docs/v2 against src/ surfaced several config-breaking
inaccuracies, missing components, and stale field lists. All claims
verified directly against the config structs/enums (serde `tag = "type"`,
no `rename_all`, so type tags must match variant names verbatim).

Config-breaking fixes:
- webhook: type "Webhook" -> "WebHook"; drop nonexistent error_policy
- elasticsearch: type "Elastic" -> "ElasticSearch"
- gcp_cloudfunction: authorization (string) -> authentication (bool)
- pipeline_metrics: drop nonexistent `endpoint` field
- stateful_cursor: Memory is the default; File default path is
  ./cursor.json; document max_breadcrumbs/flush_interval and Redis backend

Newly documented components:
- sinks: SqlDb, Zeromq
- filters: IntoJson, WorkStats

Backfilled fields:
- kafka: ack_timeout_secs, paritioning
- redis sink: correct default (oura-sink), add stream_max_length
- terminal: adahandle_policy
- finalize: max_block_quantity

Data dictionary:
- document the v2-native pipeline data model (ChainEvent envelope and
  Record variants) alongside the legacy v1 event catalogue

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

chore: release 1.0.0-rc.2

deps: override npm to ^11 to clear bundled brace-expansion ReDoS

The last open Dependabot alert (brace-expansion <=2.0.1, GHSA-v6h2-p8h4-qcjw,
ReDoS) was a copy bundled inside [email protected], which @cardano-sdk/crypto pulls in
via `npm@^9.3.0`. That npm dependency is spurious — @cardano-sdk/crypto declares
it but never imports it in its compiled code — so it only drags in npm's vendored
dependency tree (including the vulnerable brace-expansion and the noise behind
`npm audit`'s large count).

A `brace-expansion` override can't fix this: npm overrides don't reach into a
bundled package's vendored node_modules, and a blanket brace-expansion override
instead downgrades the legitimate [email protected] that glob@11 / minimatch@10
require (named `expand` export), breaking glob.

Override `npm` to ^11 instead (resolves to 11.17.0), whose bundle ships the
patched [email protected]. Net effect:
- zero vulnerable brace-expansion instances remain in the tree
- glob / minimatch still resolve and brace-expand correctly
- safe because @cardano-sdk/crypto never executes npm

The lockfile was regenerated with npm 10.9.3 (matching CI's node:22-slim, not the
local npm 11) via `npm install --package-lock-only`, so it stays in sync for the
`npm ci` CI runs — npm 11 drops @auth/core's optional @simplewebauthn entries that
npm 10 keeps, which made `npm ci` fail. Churn is limited to the npm subtree.

The other 14 Dependabot alerts were already remediated in the committed lockfile
(next@16, [email protected], [email protected], ip/tar-fs absent, etc.) and dismissed.

Verified: `npm ci` (npm 10.9.3) succeeds; tsc --noEmit clean; next build --webpack succeeds.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

Removes [esbuild](https://github.com/evanw/esbuild). It's no longer used after updating ancestor dependencies [esbuild](https://github.com/evanw/esbuild), [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). These dependencies need to be updated together.


Removes `esbuild`

Updates `@vitejs/plugin-react` from 5.1.4 to 5.2.0
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/[email protected]/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/[email protected]/packages/plugin-react)

Updates `vite` from 7.3.2 to 8.0.16
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.16/packages/vite)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-version:
  dependency-type: indirect
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 5.2.0
  dependency-type: direct:development
- dependency-name: vite
  dependency-version: 8.0.16
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>

Reliable IPFS, rationale drafting/caching, and ballot CSV

Flake lock file updates:

• Updated input 'advisory-db':
    'github:rustsec/advisory-db/eaf48e7' (2026-05-29)
  → 'github:rustsec/advisory-db/09735e1' (2026-06-13)
• Updated input 'blockfrost-tests':
    'github:blockfrost/blockfrost-tests/e1f3b72' (2026-06-03)
  → 'github:blockfrost/blockfrost-tests/2a9b647' (2026-06-08)
• Updated input 'crane':
    'github:ipetkov/crane/0532eb1' (2026-05-30)
  → 'github:ipetkov/crane/59a82a1' (2026-06-04)
• Updated input 'fenix':
    'github:nix-community/fenix/2118601' (2026-05-30)
  → 'github:nix-community/fenix/aad7d8b' (2026-06-13)
• Updated input 'fenix/rust-analyzer-src':
    'github:rust-lang/rust-analyzer/5ebf65c' (2026-05-29)
  → 'github:rust-lang/rust-analyzer/3f92cd1' (2026-06-12)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/25f5383' (2026-05-26)
  → 'github:nixos/nixpkgs/e820eb4' (2026-06-08)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/790751f' (2026-04-08)
  → 'github:numtide/treefmt-nix/db94781' (2026-05-31)

Add an in-development stub for formal verification in the Smart Contracts module, featuring Blaster (Lean 4 proof automation), with the Lean-blaster repo to track progress.