Cardano Updates

I noticed the Publish Docs workflow has been failing on master lately.

The error is:

```bash
 cp: cannot stat 'result/build/*': No such file or directory
 ```
 The workflow does `nix build .#docs-unstable` and then `cp result/build/* $out -r`. The nix build succeeds but `result/build/` doesn't exist.
 
The workflow gets its output by running `yarn pack` to create tarball, then extracting it to `$out`.
Yarn respects `.gitignore` and `docs/.gitignore` lists exactly our `/build` folder.

This was not an issue before because the derivation was previously served from Cachix. The cache was invalidated by the `docs.nix` refactor in #2609 , which forced a fresh rebuild that exposed the issue.

The fix adds a `postInstall` hook that copies `build/` from the nix build sandbox directly into `$out/build/`.

<!-- Describe your change here -->

---

<!-- Consider each and tick it off one way or the other -->
* [ ] CHANGELOG updated or not needed
* [ ] Documentation updated or not needed
* [ ] Haddocks updated or not needed
* [ ] No new TODOs introduced or explained herafter

  Merge the two-callback interface (mkTx + fitsCheck) into one
  (Int -> m (Maybe tx)) where Nothing means doesn't fit and Just tx
  means fits. This enforces at the type level that construction and
  checking always happen together.

  Also rename mkTxM to buildTx in findFittingFanoutTx's where bindings.

Signed-off-by: Sasha Bogicevic <[email protected]>

  genFanoutTx generated a snapshot with utxoToCommit/utxoToDecommit but
  called unsafeFanout with mempty mempty — the BLS proof was built for a
  different accumulator than the one committed in the closed head datum,
  so every evaluateTx call failed script validation and the FanOut table
  produced no rows.

  Fix: pass utxoToCommit and utxoToDecommit through to unsafeFanout, and
  inflate the head output value by the total fanout value (same pattern as
  computePartialFanOutNominalCost) so mustConserveValue passes.

Signed-off-by: Sasha Bogicevic <[email protected]>

Co-authored-by: Noon <[email protected]>

  Remove UTxO fields from ToCommit and ToDecommit constructors of
  IncrementalAction — the UTxO was already ignored at every callsite.
  Update setIncrementalActionMaybe and pattern matches in Close.hs and
  Contest.hs accordingly.

  Extract repeated BLS12-381 generator check into isG1Generator helper in
  Head.hs, and add a comment explaining why mustConserveValue uses geq
  rather than == (min-UTxO overhead on the head output).

Signed-off-by: Sasha Bogicevic <[email protected]>

  The accumulator-based headIsFinalizedWith used txInfoOutputs directly,
  which includes the wallet's change output appended by coverFee. Since
  that output is not in the accumulator, the KZG membership proof failed
  for every real on-chain fanout.

  Restore numberOfFanoutOutputs :: Integer to the Fanout redeemer (as in
  the original hash-based validator) so the validator slices txInfoOutputs
  to only the distributed UTxOs before running the pairing check and value
  conservation. Also update the FanOut.hs head output to carry the UTxO
  value so mustConserveValue passes, and add a unit test that appends a
  trailing wallet change output and asserts the transaction still
  evaluates — this would have caught the regression at the contract test
  level rather than requiring a devnet E2E run.

Signed-off-by: Sasha Bogicevic <[email protected]>

  The new accumulator-based headIsFinalizedWith validator checks that the
  head input value covers all distributed outputs. The test head output was
  missing UTxO.totalValue, causing H4 (HeadValueIsNotPreserved) failures.

Signed-off-by: Sasha Bogicevic <[email protected]>

Signed-off-by: Sasha Bogicevic <[email protected]>

Signed-off-by: Sasha Bogicevic <[email protected]>

  Remove utxoHash/alphaUTxOHash/omegaUTxOHash from ClosedDatum, all
  Close/Contest redeemers, and the snapshot signing tuple. The BLS
  accumulator already commits to the full UTxO set (utxo ∪ alpha ∪
  omega), making the three separate SHA256 hashes redundant.

  Full fanout now verifies outputs via a KZG membership proof (same as
  partial fanout) rather than hash comparison. The Fanout redeemer gains
  proof and crsRef fields; the three output-count fields are dropped.

  Snapshot signing shrinks from a 7-tuple to a 4-tuple
  (headId, version, snapshotNumber, accumulatorHash).

Signed-off-by: Sasha Bogicevic <[email protected]>

Also reduce a diff in the test code

Signed-off-by: Sasha Bogicevic <[email protected]>

Signed-off-by: Sasha Bogicevic <[email protected]>

  fanoutChunkSize and fanoutOutputThreshold are now defined once in
  Test.Hydra.Tx.Fixture and imported wherever needed, removing the
  per-file duplicates.

  prepareTxToPost gains explicit FanoutTx/FinalPartialFanoutTx branches
  (error) so GHC's exhaustiveness checker catches any future unhandled
  constructor, instead of silently falling through a wildcard.

  The two deadline-slot conversions in mkChain.postTx now throw
  FailedToConstructFanoutTx (a PostTxError Tx) instead of userError,
  so the exception is caught by Node.hs's PostTxError handler rather
  than propagating uncaught and crashing the node.

  Replace the hardcoded numToDistribute = totalUTxO - 1 in the partial
  fanout benchmarks with a binary search that finds the largest chunk
  actually fitting within both the tx size and execution budget, mirroring
  findFittingFanoutTx in the real node. The Remaining column in the output
  table now carries meaningful information instead of always showing 1.

  Also add ContestationDeadlineOutsideTimeHorizon to the PostTxError
  oneOf in api.yaml, which was defined in Chain.hs but missing from the
  schema, causing ServerOutputSpec to fail.

Signed-off-by: Sasha Bogicevic <[email protected]>

  computeFinalPartialFanOutCost was capped at 7 (fanoutChunkSize), hiding
  the real tx-size limit for the terminal fanout step. Now it sweeps a wide
  range and searches for the actual maximum, using a single preceding output
  as minimal setup to reach FanoutProgress.

  computePartialFanOutMixedCost also dropped its fanoutChunkSize cap and
  now distributes all-but-one outputs, consistent with the nominal benchmark.
  The stale description mentioning fanoutChunkSize is corrected accordingly.

Signed-off-by: Sasha Bogicevic <[email protected]>

  HeadLogic no longer uses fanoutChunkSize or fanoutOutputThreshold to decide
  which tx type to emit. For a fresh fanout it always emits FanoutTx; for an
  in-progress fanout it always emits FinalPartialFanoutTx. Handlers now owns the
  sizing decision: it tries the preferred tx first, then falls back to
  PartialFanoutTx with a decreasing chunk size (starting at N-1) until one fits
  within the execution budget, using a single shared findFittingFanoutTx helper.

  PartialFanoutTx is removed from PostChainTx — it is now an internal Handlers
  detail, never emitted by HeadLogic. fanoutChunkSize and fanoutOutputThreshold
  are removed from KZGTrustedSetup and all call sites.

Signed-off-by: Sasha Bogicevic <[email protected]>