May 21, 7-8 PM (27)
May 21, 8-9 PM (23)
May 21, 9-10 PM (3)
May 21, 10-11 PM (29)
May 21, 11-12 AM (10)
May 22, 12-1 AM (16)
May 22, 1-2 AM (6)
May 22, 2-3 AM (8)
May 22, 3-4 AM (4)
May 22, 4-5 AM (11)
May 22, 5-6 AM (10)
May 22, 6-7 AM (21)
May 22, 7-8 AM (13)
May 22, 8-9 AM (38)
May 22, 9-10 AM (12)
May 22, 10-11 AM (18)
May 22, 11-12 PM (25)
May 22, 12-1 PM (24)
May 22, 1-2 PM (34)
May 22, 2-3 PM (56)
May 22, 3-4 PM (13)
May 22, 4-5 PM (29)
May 22, 5-6 PM (13)
May 22, 6-7 PM (20)
May 22, 7-8 PM (20)
May 22, 8-9 PM (12)
May 22, 9-10 PM (12)
May 22, 10-11 PM (41)
May 22, 11-12 AM (12)
May 23, 12-1 AM (9)
May 23, 1-2 AM (0)
May 23, 2-3 AM (3)
May 23, 3-4 AM (1)
May 23, 4-5 AM (1)
May 23, 5-6 AM (4)
May 23, 6-7 AM (12)
May 23, 7-8 AM (1)
May 23, 8-9 AM (3)
May 23, 9-10 AM (1)
May 23, 10-11 AM (1)
May 23, 11-12 PM (5)
May 23, 12-1 PM (1)
May 23, 1-2 PM (6)
May 23, 2-3 PM (5)
May 23, 3-4 PM (5)
May 23, 4-5 PM (4)
May 23, 5-6 PM (0)
May 23, 6-7 PM (3)
May 23, 7-8 PM (23)
May 23, 8-9 PM (1)
May 23, 9-10 PM (9)
May 23, 10-11 PM (21)
May 23, 11-12 AM (27)
May 24, 12-1 AM (9)
May 24, 1-2 AM (0)
May 24, 2-3 AM (1)
May 24, 3-4 AM (1)
May 24, 4-5 AM (0)
May 24, 5-6 AM (3)
May 24, 6-7 AM (1)
May 24, 7-8 AM (2)
May 24, 8-9 AM (2)
May 24, 9-10 AM (4)
May 24, 10-11 AM (4)
May 24, 11-12 PM (1)
May 24, 12-1 PM (7)
May 24, 1-2 PM (46)
May 24, 2-3 PM (5)
May 24, 3-4 PM (3)
May 24, 4-5 PM (18)
May 24, 5-6 PM (2)
May 24, 6-7 PM (4)
May 24, 7-8 PM (13)
May 24, 8-9 PM (10)
May 24, 9-10 PM (15)
May 24, 10-11 PM (34)
May 24, 11-12 AM (42)
May 25, 12-1 AM (9)
May 25, 1-2 AM (5)
May 25, 2-3 AM (6)
May 25, 3-4 AM (1)
May 25, 4-5 AM (6)
May 25, 5-6 AM (14)
May 25, 6-7 AM (17)
May 25, 7-8 AM (17)
May 25, 8-9 AM (32)
May 25, 9-10 AM (43)
May 25, 10-11 AM (64)
May 25, 11-12 PM (33)
May 25, 12-1 PM (43)
May 25, 1-2 PM (40)
May 25, 2-3 PM (20)
May 25, 3-4 PM (27)
May 25, 4-5 PM (16)
May 25, 5-6 PM (6)
May 25, 6-7 PM (7)
May 25, 7-8 PM (11)
May 25, 8-9 PM (12)
May 25, 9-10 PM (16)
May 25, 10-11 PM (44)
May 25, 11-12 AM (26)
May 26, 12-1 AM (12)
May 26, 1-2 AM (11)
May 26, 2-3 AM (8)
May 26, 3-4 AM (11)
May 26, 4-5 AM (6)
May 26, 5-6 AM (9)
May 26, 6-7 AM (26)
May 26, 7-8 AM (43)
May 26, 8-9 AM (39)
May 26, 9-10 AM (42)
May 26, 10-11 AM (45)
May 26, 11-12 PM (59)
May 26, 12-1 PM (34)
May 26, 1-2 PM (50)
May 26, 2-3 PM (50)
May 26, 3-4 PM (18)
May 26, 4-5 PM (20)
May 26, 5-6 PM (13)
May 26, 6-7 PM (20)
May 26, 7-8 PM (12)
May 26, 8-9 PM (15)
May 26, 9-10 PM (15)
May 26, 10-11 PM (35)
May 26, 11-12 AM (30)
May 27, 12-1 AM (16)
May 27, 1-2 AM (8)
May 27, 2-3 AM (9)
May 27, 3-4 AM (5)
May 27, 4-5 AM (32)
May 27, 5-6 AM (9)
May 27, 6-7 AM (49)
May 27, 7-8 AM (63)
May 27, 8-9 AM (37)
May 27, 9-10 AM (74)
May 27, 10-11 AM (83)
May 27, 11-12 PM (30)
May 27, 12-1 PM (50)
May 27, 1-2 PM (38)
May 27, 2-3 PM (53)
May 27, 3-4 PM (37)
May 27, 4-5 PM (6)
May 27, 5-6 PM (17)
May 27, 6-7 PM (18)
May 27, 7-8 PM (25)
May 27, 8-9 PM (14)
May 27, 9-10 PM (13)
May 27, 10-11 PM (29)
May 27, 11-12 AM (27)
May 28, 12-1 AM (9)
May 28, 1-2 AM (3)
May 28, 2-3 AM (5)
May 28, 3-4 AM (2)
May 28, 4-5 AM (8)
May 28, 5-6 AM (34)
May 28, 6-7 AM (26)
May 28, 7-8 AM (83)
May 28, 8-9 AM (33)
May 28, 9-10 AM (54)
May 28, 10-11 AM (50)
May 28, 11-12 PM (19)
May 28, 12-1 PM (45)
May 28, 1-2 PM (50)
May 28, 2-3 PM (23)
May 28, 3-4 PM (43)
May 28, 4-5 PM (86)
May 28, 5-6 PM (12)
May 28, 6-7 PM (13)
May 28, 7-8 PM (0)
3,406 commits this week May 21, 2026 - May 28, 2026
fix(helpers): prevent unhandled rejection in CancellableTask.cancel()
The cancel() method previously used .catch() with a re-throw for non-AbortError rejections. Since the promise returned by .catch() was never consumed, this caused unhandled promise rejections.

Fixed by aborting the controller first, then attaching a no-op .catch() handler to silence the rejection. Any errors from the task remain accessible via the callback() method.

Signed-off-by: A-Chronicle <[email protected]>
Hoist cert-deposit helpers from Utxo to Certs (#1208)
Move six closed-form cert-deposit helpers from
src/Ledger/Dijkstra/Specification/Utxo.lagda.md to
src/Ledger/Dijkstra/Specification/Certs.lagda.md:

  + updateCertDeposit
  + updateCertDepositsStep  (new named extraction of the fold body)
  + updateCertDeposits
  + coinFromDeposits
  + depositsChange
  + newCertDeposits
  + refundCertDeposits

These helpers depend only on Certs-level definitions, so their natural
home is Certs.lagda.md.  Their placement in Utxo.lagda.md forced any
proof referencing them to take the larger TransactionStructure /
AbstractFunctions parameter set, blocking proofs in
Certs.Properties.PoV(Lemmas) (parameterised only by GovStructure) from
referring to them.

govProposalsDeposits stays in Utxo.lagda.md — it depends on GovProposal
from Gov.Actions, not on a Certs-level type.

Bundled bug fixes to updateCertDeposits:

  + Typo: DState.deposits was being set from the GState delta instead
    of the DState delta.

  + Fold direction: was foldr (right-to-left).  CERTS processes certs
    left-to-right via BS-ind's head-first decomposition.  Changed to
    foldl, matching Conway's left-to-right recursion and Dijkstra's
    own applyToRewards.  Counterexample under foldr:
    [delegate c d, dereg c (just d)] on a fresh credential should
    leave c ∉ deposits per CERTS, but foldr processes dereg first
    (a no-op) then delegate, ending with c ∈ deposits.

updateCertDepositsStep is the inner fold body extracted as a named
function so downstream proofs in Certs.Properties.PoV can state and
use a per-step pots equation about it.

Also: add HasCoin-UTxOState (Utxo.lagda.md) and HasCoin-LedgerState
(Ledger.lagda.md).  HasCoin-LedgerState sums UTxO state total, DState
rewards balance, and the three deposit pots via the hoisted
coinFromDeposits — the form needed to balance against the UTXO
batch-balance equation.

Closes #1208.
CIP-186 | spec patches addressing 9 ambiguities surfaced during impl
Bundled patches per PR #1189 comment 4566013539. Each is minimal and
surgical; no semantic re-litigation of decisions outside the listed
ambiguities.

1. Appendix C.1 nonce example: 36-char value (decodes to 27 bytes) ->
   32-char value `AgICAgICAgICAgICAgICAgICAgICAgIC` (24 bytes, matching
   the spec-mandated nonce length). Fix applied to both the constant
   listing and the request-URL example.
2. URI format ABNF: split `key` into `request-key` and `response-key`
   productions. Adds `aead` to request side (referenced in §Methods
   AEAD envelope, was missing from grammar). Adds `response`,
   `walletKey`, `nonce`, `payload`, `signature`, `errorCode`,
   `errorMessage` to response side (every response URL produced under
   §Response signing or §Methods rejection uses these, previously
   unenumerated).
3. §Unknown-key policy: updated to reference both ABNF productions so
   the strict-reject rule applies symmetrically to wallets (rejecting
   request URLs with unknown `request-key`) and dApps (rejecting
   response URLs with unknown `response-key`).
4. §Callback host binding: `errorCode=-4 RedirectHostMismatch` envelope
   MUST be delivered to the `connect`-time persisted `redirect`, NOT to
   the offending request's `redirect`. Closes the cross-host phishing
   defeat where -4 would otherwise sink into the attacker's domain.
5. §signTx response: dApp MUST verify `result-json.commit` echoes the
   request `commit`; mismatch is `errorCode=-2`. Promotes the echo from
   advisory to load-bearing (defence-in-depth complement to the
   wallet's pre-render commit check).
6. §signTx response: `partialSign=true` witness-set merge semantics.
   dApp concatenates returned `vkey_witnesses` array to existing array
   under map key 0 of `transaction_witness_set`; non-vkey keys (1, 3,
   4, 5, 6, 7) follow array-append. Replace-semantics silently drops
   prior co-signer witnesses.
7. §Conway transaction body extraction: literal-bytes rule. Wallet MUST
   slice the source CBOR's element-index-0 byte range; MUST NOT
   re-encode. The chain's `tx_id` is BLAKE2b-256 over the source
   bytes; any wallet re-canonicaliser that differs from the dApp's
   source encoder breaks every downstream hash-pin. dApp supplies
   canonical Conway-era CBOR; wallets MAY reject non-canonical input.
8. §Conway tx body: reference encoders pinned. cardano-ledger
   (Haskell), pallas-codec (Rust), cardano-multiplatform-lib (JS/Rust)
   are the three named reference implementations. Conformance against
   any is sufficient.
9. §Response signing canonical form: port inclusion explicit. Include
   port iff it appears literally in URL authority; default ports MUST
   NOT be emitted. Keeps the canonical subject byte-deterministic
   across libraries that disagree on RFC 3986 §3.2.3 default-port
   omission.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>