Cardano Updates

Problem
-------
When a node's peer TX backlog hits its cap (e.g. 10,000), incoming TXs
are silently dropped from self.txs.  If a dropped TX is referenced by a
pending Endorser Block, the EB's validation scan (try_validating_eb)
finds has_tx() = false and the EB is never marked all_txs_seen.  The EB
then misses its vote window and is orphaned by the next Ranking Block
(WrongEB).  Because the TX is never re-offered by peers, the one-shot
missing_txs trigger — already consumed by acknowledge_tx — cannot
re-fire, leaving the EB permanently stuck.

Under Poisson-clustered RB production (e.g. seed 4 at 0.200 MB/s), this
cascade produced 48 EBs with 19 uncertified (40%), 23M peer TX drops,
and a mean of only 348 votes/EB (well below the 450 quorum).

Fix
---
Two changes in propagate_tx():

1. Move the mempool insertion check (try_add_to_mempool) BEFORE
   acknowledge_tx, so that missing_txs has not yet been consumed at the
   point where we decide whether to drop.

2. When PeerBacklogFull fires, check whether the TX is referenced by a
   pending EB (self.leios.missing_txs.contains_key).  If yes, keep the
   TX in self.txs (skip the backlog, but preserve has_tx = true) and
   fall through to acknowledge_tx normally.  If no, drop as before.

This retains only EB-critical TXs — bounded by (pending_EBs × EB_size),
typically a few thousand entries and ~3 MB of HashMap overhead per node.
Non-critical TXs are still dropped, preserving the memory cap's purpose.

Effect on seed 4 sequential 0.200/wfa-ls (worst-case seed)
-----------------------------------------------------------
                  EBs  uncert  mean   WrongEB  drops   peak RSS
caps (before):    48   19      348    1138     23.2M   ~20 GB
caps-retain:      45    8      470    1330      5.9M   ~24 GB
nocaps (ref):     46    8      473    1516      0      ~35 GB

Uncertified EBs:  19 → 8  (40% → 18%)
Mean votes/EB:    348 → 470  (near nocaps 473)
Peer TX drops:    23.2M → 5.9M  (−74%)
Peak RSS:         ~20 → ~24 GB  (+20%, well below nocaps ~35 GB)

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

Signed-off-by: Roland Kuhn <[email protected]>

Signed-off-by: Roland Kuhn <[email protected]>

Move harness.sh next to docker-compose.yaml instead of
referencing ../../components/ which doesn't exist in
Antithesis's environment.

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: wcatz <[email protected]>

Use 'canonical' PlutusData encoding in machine's runtime builtin

Add four-phase parallel blockfetch improvements:

Phase 1 - Per-peer blockfetch latency EWMA: Track first-block response
latency per connection using exponential moving average (alpha=0.2).
New methods: RecordBlockfetchLatency, BlockfetchLatency on chainsync state.

Phase 2 - Latency tiebreaker in chain selection: When two peers have
equal observed tips, prefer the peer with lower blockfetch latency
before falling back to connection ID string comparison.

Phase 3 - Shadow blockfetch dispatch: For small near-tip batches
(<=4 headers), dispatch the same RequestRange to a second peer that
has already seen the block header. Accept blocks from whichever peer
responds first with hash-based dedup to prevent double-apply.

Phase 4 - Node wiring: Connect PeersWithBlock, RecordBlockfetchLatency,
and BlockfetchLatency callbacks through LedgerStateConfig and
ChainSelectorConfig.

Signed-off-by: wcatz <[email protected]>

GHC handles SIGINT (UserInterrupt) but not SIGTERM by default.
The harness converts SIGTERM to SIGINT so Haskell services
(ogmios, kupo) get a chance to clean up.

Both still exit 130 — upstream issue, needs filing.

See: https://github.com/IntersectMBO/cardano-node/issues/2267

parameters/no-caps.yaml disables all three memory caps for diagnostic
experiments (peer backlog, generated backlog, TX max age).

voting_results.csv captures the full 4-way matrix at 0.200/wfa-ls:
{turbo,sequential} × {caps,nocaps} × seeds 0-4. Key findings:

- Seed 4 is the stress seed: caps cause 40% uncertified (seq) vs 17%
  without caps. Root cause is a race in propagate_tx where
  acknowledge_tx consumes the one-shot missing_txs trigger before
  PeerBacklogFull drops the TX.
- Seeds 1,3 are cap-insensitive (well-spaced RBs).
- No-caps converges all seeds to 16-22% uncertified.
- Stale rows (pre-rayon-fix, pre-seed-wiring) labelled as such.

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

Bump actions/upload-pages-artifact from 4 to 5 in the actions group

Bumps the actions group with 1 update: [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact).


Updates `actions/upload-pages-artifact` from 4 to 5
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](https://github.com/actions/upload-pages-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-pages-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <[email protected]>