Cardano Updates

fix(auth): normalize all userAddress sources in layout to bech32 (stuck "Loading…")

THE root-cause fix for the stuck "Loading…": layout fed userAddress / the
session check / createUser from hex-encoded addresses (react-2.0 useAddress()
and raw CIP-30 getUsedAddresses/getUnusedAddresses), but user records and
sessions are keyed by bech32 — so getUserByAddress(hex) returned null and the
app hung. Confirmed live on preprod: getUserByAddress(addr1qyvgdy2…) finds the
user; getUserByAddress(0118869144…) → null (same wallet).

- Normalize `address` once at the useAddress() source so every consumer
  (store sync, walletAddressForSession/Check, createUser) uses bech32.
- Normalize the getUsedAddresses()/getUnusedAddresses() setUserAddress sites.

(The equivalent change was authored alongside #281 but merged after that PR
was already squashed, so it never reached preprod — this carries it, plus the
session/createUser hardening, with the required import.)

Co-Authored-By: Claude Fable 5 <[email protected]>

Root cause of the stuck "Loading…": layout synced userAddress to the store
from useAddress() and raw activeWallet.getUsedAddresses()/getUnusedAddresses()
WITHOUT normalizing. react-2.0's useAddress and raw CIP-30 wallets return
hex-encoded address bytes, but user records are keyed by bech32. So the store
held the hex form, getUserByAddress(hex) returned null, `user` stayed null,
and the connect button spun "Loading…" forever.

Confirmed live on preprod: getUserByAddress(addr1qyvgdy2…) → user found;
getUserByAddress(0118869144…) → null (same wallet).

connect-wallet.tsx already normalized at its setUserAddress; layout's three
call sites were missed. Normalize all of them via normalizeAddressToBech32.

Co-Authored-By: Claude Fable 5 <[email protected]>

fix(auth): recover from stuck "Loading…" when wallet has no session

When a wallet connects but authorization doesn't complete (auto-authorize
failed/cancelled — common when multiple Cardano extensions fight over
window.cardano), layout sets hasCheckedSession=true and never reopens the
auth modal. createUser stays 403 (no session), `user` stays null, and the
Connect button spins "Loading…" forever with no recovery path.

- Relabel that state: connected + user-query-resolved-empty now shows an
  actionable "Authorize" instead of an infinite "Loading…" spinner.
- Add an "Authorize wallet" item to the connect dropdown (shown when
  connected but unauthorized) that bumps a new reauthNonce signal.
- layout watches reauthNonce, clears the hasCheckedSession latch, and
  refetches the session so the existing session-check effect reopens the
  (now signData-fixed) WalletAuthModal.

Additive and manual-trigger only — no change to connect/sign/session logic,
no auto-retry loop.

Co-Authored-By: Claude Fable 5 <[email protected]>

Release: preprod → main

- Fix for the lightmode using koios for getting the current dRep status
- Minimum versions for the cardano-node and cardano-cli are now 11.0.0
- Update contains cardano-signer 1.35.0

Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.
- [Commits](https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4)

---
updated-dependencies:
- dependency-name: joi
  dependency-version: 17.13.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* feat(ledger): implement GetStakePools local-state-query

cardano-cli issues the GetStakePools ledger-state query while balancing a
transaction (e.g. `transaction build`). Dingo did not handle it, so the
query returned an "unsupported query type" error, which tears down the
local-state-query connection — the client sees
`BearerClosed "<socket: 11> closed when reading data"`.

Implement the query: return the key hashes of the currently active
(registered, non-retired) stake pools as a CBOR set (tag 258) of pool IDs.
cardano-cli is strict about the encoding — a plain (untagged) array fails to
decode with "expected tag", and an unsorted set fails with "Canonicity
violation while decoding Set" — so the IDs are emitted in ascending
canonical byte order, wrapped in the single-element result array the
query's result type decodes from.

Adds a Database.GetActivePoolKeyHashes wrapper over the existing metadata
store method. Verified end-to-end against a Conway devnet with cardano-cli
11.0.0.0: `query stake-pools` now returns the pool set and decodes
successfully, matching cardano-node.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

* feat(ledger): implement GetDRepState local-state-query

The second ledger-state query cardano-cli issues while balancing a
transaction (after GetStakePools). Like the others, leaving it unhandled
tore down the local-state-query connection.

Return the registration state of the requested DReps — or of all DReps when
the credential set is empty (matching the Haskell ledger's "empty means
all") — as a map of stake credential -> {expiry epoch, optional anchor,
deposit}, wrapped in the single-element result array cardano-cli expects.
The wire shape was verified against cardano-node: an empty result is the
CBOR `81 a0` ([ {} ]) — note gouroboros' own DRepStateResult client type
omits that wrapper, so cardano-node's bytes are the reference, not the type.

Verified with cardano-cli 11.0.0.0 against the Conway devnet:
`query drep-state --all-dreps` now returns `[]`, matching cardano-node, and
`transaction build` progresses past GetDRepState.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

* feat(ledger): implement GetAccountState local-state-query

The final ledger-state query cardano-cli issues while balancing a
transaction. Return the chain's treasury and reserves pots (from the network
state) wrapped in the single-element result array, so the wire shape is
[ [treasury, reserves] ], matching cardano-node. Values are signed because
Coin is an Integer in the ledger.

With this, GetStakePools + GetDRepState + GetAccountState cover the full
query set cardano-cli sends, and `cardano-cli conway transaction build`
completes against Dingo, producing a valid Tx ConwayEra (verified on a Conway
devnet with cardano-cli 11.0.0.0).

Depends on the gouroboros GetAccountState query type; requires a gouroboros
release and a go.mod bump before this builds in CI.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

* fix(ledger): guard currentPParams read with RLock in drepDeposit

drepDeposit read ls.currentPParams without the read lock, racing concurrent
ledger updates during local-state-query handling. Take ls.RLock() like the
other currentPParams readers; the sole caller (queryShelleyDRepState) does
not hold the lock, so there is no double-acquire.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

* fix(ledger): guard against nil DReps in GetDRepState

Defensively skip nil entries when building the GetDRepState result so the
dereferences (drep.Credential, drep.ExpiryEpoch) can't panic. The current
contracts already prevent nil — Database.GetDrep returns ErrDrepNotFound
rather than (nil, nil), and GetActiveDreps yields no nil entries — but the
guard covers both the filtered and all-DReps paths at the dereference site
and is robust to future contract changes.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

---------

Signed-off-by: Chris Guiney <[email protected]>
Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>

Signed-off-by: Jenita <[email protected]>

Signed-off-by: Jenita <[email protected]>