Cardano Updates

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.267.0 to 0.282.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.267.0...v0.282.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-version: 0.274.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.30.1 to 10.30.3.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.30.1...v10.30.3)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-version: 10.30.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 7.0.0 to 7.2.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/d08e5c354a6adb9ed34480a06d141179aa583294...f9f3042f7e2789586610d6e8b85c8f03e5195baf)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/blinklabs-io/gouroboros](https://github.com/blinklabs-io/gouroboros) from 0.160.3 to 0.179.0.
- [Release notes](https://github.com/blinklabs-io/gouroboros/releases)
- [Changelog](https://github.com/blinklabs-io/gouroboros/blob/main/RELEASE_NOTES.md)
- [Commits](https://github.com/blinklabs-io/gouroboros/compare/v0.160.3...v0.179.0)

---
updated-dependencies:
- dependency-name: github.com/blinklabs-io/gouroboros
  dependency-version: 0.163.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Under heavy packet loss (pumba 90% in CI), 'broadcastMessages' retries
'putMessage' on transient GrpcDeadlineExceeded. The original put often
already committed server-side, so the retry creates a second etcd
revision with the same key and same value. The watcher delivers both,
HeadLogic processes the same ReqTx twice, and the second one emits
TxInvalid with reason 'ConwayMempoolFailure "All inputs are spent.
Transaction has probably already been included"'. The bench's invalid
counter goes non-zero and runSingle exits 1.

Hydra never legitimately re-broadcasts identical content from the same
peer (each msg has unique tx id / snapshot number / etc.), so a
content-equal watch event for a key whose last value we already
delivered is unambiguously a transport retry. Track lastValuesVar in
waitMessages and silently drop those duplicates.

Also fix the NetworkSpec 'handles compaction and lost local state' test
off-by-one (forM_ [5..100] overlapped the [1..5] batch above, so the
second msg=5 was a legitimate dedup target).

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

Signed-off-by: KtorZ <[email protected]>

Four internal ByteString allocations held the raw 128-byte extended
private key (ed25519 scalar || public key || chain code) in memory
without guaranteed zeroing on GC.  Switch them to ScrubbedBytes so
the memory package zeroes the pages when they are collected.

  - keyMaterialFromLegacyBytes: avoids an intermediate full :: ByteString
    carrying all 128 bytes; slices secret/pub/cc directly from ScrubbedBytes
  - legacyMaterialFromSecret / legacyMaterialFromMasterKey / legacyDerivePrivate:
    type annotations changed from ByteString to ScrubbedBytes so B.allocRet
    allocates scrubbed pages from the start

No public API or serialisation changes.

The plaintext 64-byte ed25519 scalar is now held in sodium_malloc'd
memory (MLockedSizedBytes 64) throughout its lifetime:
- locked against swapping (mlock)
- never moved by the GC
- zeroed on release via mlsbFinalize

ScrubbedBytes (GC-heap, moveable, swappable) is no longer used for
any secret key material.  The wrapping key (Argon2id output) remains
in ScrubbedBytes for now.

All public crypto operations are now IO (Either XPrvError X).  The
unsafePerformIO facade is gone except for:
- the two global IORef initialisations (runtimeKdfParamsRef, randomModeRef)
- encryptedDerivePublic (pure EC math, no secret key involved)

Callers of encryptedKeyMaterial receive a MLockedSizedBytes 64 and
are responsible for calling mlsbFinalize when done with it.

Adds cardano-crypto-class to library build-depends.

Vendors the ed25519-donna implementation from the cardano-crypto
package into this repository.

Adds round-trip, format, and signing tests plus a criterion benchmark
suite for the cardano-crypto-wallet package.

- secure_clear secret_key on the error path in cardano_wallet_encrypted_from_secret
- change cardano_wallet_encrypted_sign and cardano_wallet_encrypted_derive_private
  from void to int so Haskell callers can detect failures
- update FFI declarations from IO () to IO CInt and propagate errors as
  Left XPrvInternalError in encryptedSign and legacyDerivePrivate

- Rename testlib module Instances -> Arbitrary per project convention
- Use genByteString instead of replicateM in Arbitrary instances
- Align C/FFI types with libsodium (CULLong/CSize, no intermediate casts)
- Add TypeApplications annotations on fromIntegral at FFI call sites
- Fix async exception safety in encryptedChangePass/Sign/DerivePrivate
- Replace if/else pure () with when in CBOR decoders
- Replace tuple KDF param comparison with || conditions
- Add MasterKeyPtr newtype for 96-byte master key
- Use aroundAll_ in test harness for correct hspec setup
- Update copyright years to 2026

Adds encrypted_sign.c implementing HD wallet key operations using
libsodium (Argon2id KDF, XChaCha20-Poly1305 AEAD, HMAC-SHA512).
Updates ed25519-hash.h to use libsodium SHA-512 instead of crypton.

Correct indentation of do-block inside else branch of withEncryptedKeyOutput.

Adds the cardano-crypto-wallet Haskell package exposing
Cardano.Crypto.WalletHD.Encrypted, which provides authenticated
encryption and key derivation for HD wallet keys using the v2 envelope
format (Argon2id KDF + XChaCha20-Poly1305 AEAD via libsodium).

Signed-off-by: jeluard <[email protected]>

Signed-off-by: jeluard <[email protected]>

  Amaru perform the "begin epoch" steps when it restarts from a
  snapshot. This includes ratifying and enacting proposals. So in a
  certain way, this data is redundant.

Signed-off-by: KtorZ <[email protected]>

Signed-off-by: jeluard <[email protected]>

Signed-off-by: jeluard <[email protected]>

Signed-off-by: jeluard <[email protected]>

Signed-off-by: jeluard <[email protected]>

Signed-off-by: jeluard <[email protected]>

Signed-off-by: jeluard <[email protected]>