Cardano Updates

* Document the limitation on the implementation of the support
  of Ogmios as a target that limits the throughput to one request
  in flight per round trip (Ogmios supports pipelining by JSON-RPC id,
  but we are not supporting it for now.

* Document that only submission goes through Ogmios:
  protocol-parameter and era queries as well as protocol startup still
  require the local node socket and config file.

* Route per-transaction rejections through the benchmark tracer instead
  of putStrLn, so they reach the trace stream like every other
  submission event instead of interleaving arbitrarily with it. The
  failure detail payload reported by Ogmios ('error.data'), which
  carries the actual ledger failure and was previously discarded, is
  included in the message along with the error code.

* Add `ogmiosUrl` to the README's connection-settings table plus a
  'Submitting through Ogmios' section, add a changelog entry for the
  feature (including the clean-exit behavior change for scripts that
  never start the benchmark machinery), and bump the package version
  to 2.17.

Defensively skip nil entries when building the GetDRepState result so the
dereferences (drep.Credential, drep.ExpiryEpoch) can't panic. The current
contracts already prevent nil — Database.GetDrep returns ErrDrepNotFound
rather than (nil, nil), and GetActiveDreps yields no nil entries — but the
guard covers both the filtered and all-DReps paths at the dereference site
and is robust to future contract changes.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

Support for new schemas with backwards compatibility

drepDeposit read ls.currentPParams without the read lock, racing concurrent
ledger updates during local-state-query handling. Take ls.RLock() like the
other currentPParams readers; the sole caller (queryShelleyDRepState) does
not hold the lock, so there is no double-acquire.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

The final ledger-state query cardano-cli issues while balancing a
transaction. Return the chain's treasury and reserves pots (from the network
state) wrapped in the single-element result array, so the wire shape is
[ [treasury, reserves] ], matching cardano-node. Values are signed because
Coin is an Integer in the ledger.

With this, GetStakePools + GetDRepState + GetAccountState cover the full
query set cardano-cli sends, and `cardano-cli conway transaction build`
completes against Dingo, producing a valid Tx ConwayEra (verified on a Conway
devnet with cardano-cli 11.0.0.0).

Depends on the gouroboros GetAccountState query type; requires a gouroboros
release and a go.mod bump before this builds in CI.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

The second ledger-state query cardano-cli issues while balancing a
transaction (after GetStakePools). Like the others, leaving it unhandled
tore down the local-state-query connection.

Return the registration state of the requested DReps — or of all DReps when
the credential set is empty (matching the Haskell ledger's "empty means
all") — as a map of stake credential -> {expiry epoch, optional anchor,
deposit}, wrapped in the single-element result array cardano-cli expects.
The wire shape was verified against cardano-node: an empty result is the
CBOR `81 a0` ([ {} ]) — note gouroboros' own DRepStateResult client type
omits that wrapper, so cardano-node's bytes are the reference, not the type.

Verified with cardano-cli 11.0.0.0 against the Conway devnet:
`query drep-state --all-dreps` now returns `[]`, matching cardano-node, and
`transaction build` progresses past GetDRepState.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

cardano-cli issues the GetStakePools ledger-state query while balancing a
transaction (e.g. `transaction build`). Dingo did not handle it, so the
query returned an "unsupported query type" error, which tears down the
local-state-query connection — the client sees
`BearerClosed "<socket: 11> closed when reading data"`.

Implement the query: return the key hashes of the currently active
(registered, non-retired) stake pools as a CBOR set (tag 258) of pool IDs.
cardano-cli is strict about the encoding — a plain (untagged) array fails to
decode with "expected tag", and an unsorted set fails with "Canonicity
violation while decoding Set" — so the IDs are emitted in ascending
canonical byte order, wrapped in the single-element result array the
query's result type decodes from.

Adds a Database.GetActivePoolKeyHashes wrapper over the existing metadata
store method. Verified end-to-end against a Conway devnet with cardano-cli
11.0.0.0: `query stake-pools` now returns the pool set and decodes
successfully, matching cardano-node.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

v0.183.0 removes leios as a ledger era: the endorser-block types
(LeiosEndorserBlock, LeiosTransactionReference,
NewLeiosEndorserBlockFromCbor) moved from ledger/leios to ledger/common,
and the leios era id and its block/tx/header type constants were dropped.

- Repoint the three endorser-block usages in ouroboros/leios_merged.go and
  ledger/forging/forger.go to ledger/common (types unchanged).
- Update the nonce-stability-window era-dispatch test to use Dijkstra — the
  real post-Conway Praos era that production already enumerates — as the
  4k/f regression guard in place of the removed Leios era.
- Bump ouroboros-mock to v0.13.0, which renames its Dijkstra-era fixture
  decoders off the removed leios constants; v0.12.0 fails to compile against
  gouroboros v0.183.0.

No production behavior change; the endorser-block CBOR and the post-Conway
4k/f window are unchanged.

Signed-off-by: Chris Guiney <[email protected]>
Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Hyperledger Bot <[email protected]>

Move the manual tmp_u5c_test checks into the streamlined e2e suite as three
`kind: u5c` legs against the Demeter utxorpc endpoints. Converts the old
time-bounded run.sh approach to the standard exit-code gate via a WorkStats
finalization policy (3 blocks → exit 0); a #921-style regression (reset loop,
no apply events) never finalizes → timeout → fail.

API keys are parameterized as ${DMTR_UTXORPC_KEY_*} (resolved by envsubst from
GitHub secrets) rather than hardcoded — the scratch files held real-looking
keys and this repo is public. The e2e image is built --all-features, so U5C is
available (and now TLS-safe per the preceding crypto-provider fix).

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

The U5C source connects over TLS via tonic/rustls. In builds that pull more
than one rustls crypto provider (e.g. the `aws` feature brings in aws-lc-rs
alongside ring), rustls has no process-default provider and panics on the
first TLS handshake (`no process-level CryptoProvider available`). Install the
ring provider once at startup, gated on the `u5c` feature.

This only surfaced now because nothing exercised U5C in a multi-provider build;
the manual u5c tests built `--features u5c` alone (single provider).

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

v0.183.0 removes leios as a ledger era: the endorser-block types
(LeiosEndorserBlock, LeiosTransactionReference,
NewLeiosEndorserBlockFromCbor) moved from ledger/leios to ledger/common,
and the leios era id and its block/tx/header type constants were dropped.

- Repoint the three endorser-block usages in ouroboros/leios_merged.go and
  ledger/forging/forger.go to ledger/common (types unchanged).
- Update the nonce-stability-window era-dispatch test to use Dijkstra — the
  real post-Conway Praos era that production already enumerates — as the
  4k/f regression guard in place of the removed Leios era.
- Bump ouroboros-mock to v0.13.0, which renames its Dijkstra-era fixture
  decoders off the removed leios constants; v0.12.0 fails to compile against
  gouroboros v0.183.0.

No production behavior change; the endorser-block CBOR and the post-Conway
4k/f window are unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

v0.183.0 removes leios as a ledger era and renames the Dijkstra era's
block/tx/header type constants accordingly. Update the fixture era decoders
to the new names: BlockTypeLeiosRanking -> BlockTypeDijkstra, TxTypeLeios ->
TxTypeDijkstra, BlockHeaderTypeLeios -> BlockHeaderTypeDijkstra (the
"dijkstra" era cases). No behavior change.

Signed-off-by: Chris Guiney <[email protected]>
Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Move the run/dmtrcli logic out of e2e.yaml into .github/e2e/scripts/
(run-test.sh, setup-dmtr-socket.sh, stop-dmtr-tunnel.sh), invoked from the
workflow steps. Scripts read the same env vars the steps already set; committed
with the executable bit so they run after checkout.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>