Cardano Updates

  fitsTx now takes a Tracer and returns m Bool directly. Structural errors
  (script failures, TransactionInvalid, PParamsConversion) are logged
  internally via False <$ traceWith; transient misses (size exceeded,
  budget overrun) are silent pure False. Removes the Either return type
  and the empty-string sentinel that was used to distinguish the two.

  findLargestFitting returns Either () tx instead of Maybe tx, letting
  the call site use either instead of maybe. findFittingFanoutTx's where
  bindings are rewritten with combinators: findBest uses either + bool,
  mkTxM uses either to consolidate the duplicated traceWith + throwIO
  pair into a single handleErr, and fits collapses to a point-free
  partial application.

Signed-off-by: Sasha Bogicevic <[email protected]>

- Separates cost models from the rest of the parameters
- Uses an object for the cost model instead of an array

Were removed when the node started only considering valid what mainnet shipped with

spec-jq gets a dijkstra) case sourcing the zero preset's dijkstra-genesis.json; spec-modular falls back to jq for dijkstra since the Nix modules don't cover it yet

The pool relays we wrote into the Shelley genesis (via `pool-relays.json` and `cardano-cli ... --relays` / `--relay-specification-file`) are only consumed by ledger-peer discovery.

With ledger peers off and `publicRoots` empty, the relay records in genesis are never read.

Every workbench topology disables it:
- the supervisor (local / 127.0.0.1) backend gets `useLedgerAfterSlot: -1` from `cardano-topology projection-for`.
- the Nomad backend hardcodes the same value (nix/workbench/backend/nomad-job.nix).

Every era's genesis file is now genesis.<era>.json everywhere: genesis.byron.json, genesis.shelley.json, genesis.alonzo.json, genesis.conway.json, genesis.dijkstra.json.

Was converging to `create-staked` output, keep `create-testnet-data` layout:
- pools-keys/poolN/{cold,kes,vrf,opcert}.{skey,vkey,cert,counter}
- stake-delegators/delegatorN/{payment,staking}.{skey,vkey}
- drep-keys/drepN/drep.{skey,vkey}
- utxo-keys/utxoN/utxo.{skey,vkey}
- genesis-keys/genesisN/key.{skey,vkey}
- delegate-keys/delegateN/{key,kes,vrf,opcert}.{skey,vkey,cert,counter}
- byron-gen-command/

Details:
- create-testnet-data drops its symlink-creation block and the `link_keys` helper (no longer needed under the native layout).
- Removes `Massage_the_key_file_layout_to_match_AWS`, `key_depl` and `key_genesis`.

Genesis file names are unchanged here.

Replaces 'cardano-cli byron genesis genesis'.

Removes genesis-byron-{jq,modular} and the genesis-byron dispatcher.

A peer stuck on an unreconcilable fork re-intersects in a tight loop
(the original relay wedge spun at ~1.4 orphan/re-intersect per second).
The per-peer-id orphan cooldown in shared-consensus doesn't survive the
reconnect handovers that assign a fresh PeerId each time.

Rate-limit `NetworkCommand::ReIntersect` in the coordinator keyed by peer
*address* (stable across reconnects) with exponential backoff (1s → 30s).
All re-intersections — within a connection and across reconnect handovers
— flow through this command, so one throttle covers both. The first
attempt for an address always passes (legitimate single re-intersects are
never blocked); rapid repeats back off; a peer that goes quiet resets.

Measured on the round-robin divergent-backend repro: orphan/re-intersect
events dropped from ~26/90s (spin) to 3, and the follower makes progress
instead of freezing.

Co-Authored-By: Claude Opus 4.8 <[email protected]>

After reconnecting to a peer on a divergent fork (the round-robin
relay-backend handover), select_chain could perpetually fail to find a
common ancestor: the per-peer fragment is too short to reach the fork
point and `adopted_ancestors` may be truncated by pruning, so the
strictly-better peer is classified OrphanCandidate forever and the tip
freezes (the original relay wedge: "orphan — no common ancestor found",
looping on re-intersection).

`find_intersection` already probes back to genesis, so its anchor is the
authoritative common ancestor. Add a final fallback in select_chain: when
no ancestor is found via the fragment, trust the peer's intersection
anchor if it is a real block we hold and the resulting reorg is within k.
The bounded (<= k) reorg then proceeds via the existing
WaitingForBlocks/range-fetch path. Reorgs deeper than k are refused
(Praos finality — settled blocks). Origin/genesis anchors are excluded:
a switch sharing only genesis needs a full re-sync from block 1 that the
range fetch can't anchor at Origin, and isn't the round-robin case
(those backends share real history at the fork point).

Tests: select_chain_trusts_intersection_anchor_within_k (verified to fail
without the fallback) and select_chain_refuses_reorg_deeper_than_k. 308
shared-consensus tests pass.

Co-Authored-By: Claude Opus 4.8 <[email protected]>

  CloseUnusedDec + CloseUnusedInc → CloseUnused
  CloseUsedDec  + CloseUsedInc   → CloseUsed
  ContestCurrent + ContestUnusedDec + ContestUnusedInc → ContestUnused
  ContestUsedDec + ContestUsedInc → ContestUsed

  The Dec/Inc suffix was redundant: the accumulator hash already
  cryptographically commits to the nature of the pending UTxO action,
  so the on-chain validator does not need to distinguish them. The
  Unused/Used split (which version to use for signature verification)
  is preserved.

  As a consequence, contestTx no longer needs IncrementalAction at all
  — the version comparison alone determines the redeemer — so the
  parameter and the BothCommitAndDecommitInContest error variant are
  removed.

  Also bounds genStOpen and genFanoutTx UTxO sizes to [1..5] so full
  fanout transactions with maximumNumberOfParties stay within the
  14M memory execution budget.

Signed-off-by: Sasha Bogicevic <[email protected]>