Cardano Updates

If the boundary epoch has no blocks, MAX(tx.id) returns NULL and the
`expired` predicate evaluates to NULL instead of FALSE, which silently
drops every row from BOTH `expired=true` and `expired=false` filter
results. COALESCE to 0 so the predicate is always a real boolean and
the "fails open" comment in the file is actually true.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

Two related fixes to the issue-#890 staging plumbing:

* Drop the per-tick LeiosDb.leiosDbQueryFetchWork call from the fetch
  loop. Its own API doc declared it startup-only (O(|leios.db|)). The
  synth pipeline now only derives missing EB *body* entries +
  per-peer offerings from the staging snapshot — no DB scan, no
  tx-closure synth, no strip dance. Gated on Map.null stagedNow so
  the synth block is skipped entirely in steady state, and the
  remaining synth is short-circuited against outstanding's
  acquiredEbBodies to avoid the per-tick re-add+filter round-trip.

  Restart recovery of partial tx closures (the case
  leiosDbQueryFetchWork was working around) is deferred to a
  follow-up that primes LeiosOutstanding from the DB once at
  MVar creation. Sketch in leios-fetch-loop-sketch.md (local).

* Block the BlockFetch client thread inside the staging gate until
  the drain releases the entry, instead of returning a synthetic
  AddBlockPromise that lied about blockWrittenToDisk. The previous
  approach + the getIsFetched widening together did not suppress
  BlockFetch's redecision, causing each staged CertRB to be
  re-fetched many times during the staging window. In iosim runs
  the resulting decision-loop spin was the dominant retainer of
  SimTrace state and made prop_leios_late_join OOM at numSlots=200.

  After this change, prop_leios_late_join @ numSlots=200 runs in
  ~52s at 134 MB peak residency (was 119s, OOM at 4 GB cap).
  Restoring numSlots=200 in the test.

  Cost: head-of-line blocking on the affected peer's BlockFetch
  pipeline for the closure-fetch duration. The closure fetch runs
  on a separate LeiosFetch channel so progress is not deadlocked.
  Caveat: a peer set that empties before the closure arrives would
  leak the parked client thread — see PR open point #4 (no GC of
  staged entries); the GC pass needs to wake parked threads with a
  FailedToAddBlock verdict before evicting an entry.

Add prepare_prover_input() to RollingState, executing 8 off-circuit steps:
1. SHA256 hash of protocol-message preimage to base-field element
2. Epoch classification (genesis / same-epoch / next-epoch)
3. Certificate accumulator: verify SNARK proof, extract DualMSM, collapse
4. Genesis signature: carry from rolling state unchanged
5. Witness construction: package genesis sig, merkle root, cert message, preimage
6. Chain state advancement: apply transition rules for msg, merkle root, params
7. Self-proof accumulator: trivial at genesis, verify previous IVC proof otherwise
8. Accumulator folding: combine [chain_acc, cert_acc, self_acc] and collapse

Genesis step special-casing: skips certificate proof verification and returns
a trivial accumulator from folding to match in-circuit scale_by_bit behavior.
Includes epoch validation (must be current or next), step counter overflow
protection via checked_add(), and typed error variants for all failure modes.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

Add verify_and_prepare_poseidon() to CertificateProof: verifies a PLONK proof
using a Poseidon transcript off-circuit and returns a DualMSM for downstream
accumulator folding. Accepts a raw VerifyingKey (matching IvcSetup storage
format) with a cheap pairing check for early abort and an empty transcript
assertion.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

- Remove #[cfg(test)] gates from StepCounter::as_u64(), CertificateProofBytes::as_bytes(),
  and IvcProofBytes::as_bytes() so they are available in production code
- Add StepCounter::as_u64() explicit implementation for state transition arithmetic
- Add new error variants: IvcProofRejected, StepCounterOverflow, InvalidEpoch
- Refactor EpochData to store epoch as raw u64 and expose typed accessors:
  current_epoch() -> BaseFieldElement, epoch_number() -> EpochNumber,
  next_merkle_tree_commitment(), next_protocol_parameters_hash()
- Add cert_proof field to IvcProverInput struct (required by IVC circuit downstream)

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

Augments the paginated /governance/dreps response so wallets can render and rank
DReps without a follow-up call per row. Each DRep now also returns has_script,
amount, retired, expired, last_active_epoch, and an embedded metadata object
matching the shape of /dreps/{drep_id}/metadata. Deprecated fields (active,
active_epoch) are intentionally omitted from this enriched response.

New query parameters:
- order_by=amount  (in addition to existing order=asc|desc)
- retired=true|false
- expired=true|false

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

fix: missing types in rust SDK

chore(nix): update `flake.lock`

config parsing

Replace locally-defined orphan `ToJSON`/`FromJSON` instances that
already exist in `Cardano.Network.OrphanInstances` (from the
`cardano-diffusion:orphan-instances` sublibrary) with imports of that
module:

- `TopologyP2P`: remove `FromJSON/ToJSON PeerTrustable`,
  `FromJSON/ToJSON (NetworkTopology UseBootstrapPeers PeerTrustable)`,
  and `FromJSON UseBootstrapPeers`; add `Cardano.Network.OrphanInstances ()`
  and `Ouroboros.Network.OrphanInstances ()` imports.

- `StateRep`: remove local `ToJSON/FromJSON NodeToNodeVersion`,
  `ToJSON/FromJSON NodeToClientVersion`, and `parseBoundedEnum`; add
  `Cardano.Network.OrphanInstances ()` import.

- `Tracers`: remove Show-based `ToJSON NodeToNodeVersionData` and
  `ToJSON NodeToClientVersionData` stubs; add
  `Cardano.Network.OrphanInstances ()` import.

Additionally fix two pre-existing issues in `Consensus.hs`:

- `deltaq`: use `toJSON gsv` (structured JSON via
  `Ouroboros.Network.OrphanInstances`) instead of `String . show`.

- `TraceDecisionEvent`: restore the `dtal >= DMaximum` conditional
  branch (replacing the reversed fold), using `forMachine DMaximum`
  for the verbose case.

In `Startup.hs`, fix `ConsensusNetworkVersionTuple` to emit proper
structured JSON for `nodeToClientVersion`/`nodeToNodeVersion` via
`ToJSON` from `Cardano.Network.OrphanInstances`, and fix the
`maxNodeToNode/ClientVersion` field to show only the version key
rather than the full `(key, value)` pair.

Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.5.6 to 7.6.2.
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.2/CHANGELOG.md)
- [Commits](https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.6.2)

---
updated-dependencies:
- dependency-name: protobufjs
  dependency-version: 7.6.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>