Cardano Updates

  Remove UTxO fields from ToCommit and ToDecommit constructors of
  IncrementalAction — the UTxO was already ignored at every callsite.
  Update setIncrementalActionMaybe and pattern matches in Close.hs and
  Contest.hs accordingly.

  Extract repeated BLS12-381 generator check into isG1Generator helper in
  Head.hs, and add a comment explaining why mustConserveValue uses geq
  rather than == (min-UTxO overhead on the head output).

Signed-off-by: Sasha Bogicevic <[email protected]>

  The accumulator-based headIsFinalizedWith used txInfoOutputs directly,
  which includes the wallet's change output appended by coverFee. Since
  that output is not in the accumulator, the KZG membership proof failed
  for every real on-chain fanout.

  Restore numberOfFanoutOutputs :: Integer to the Fanout redeemer (as in
  the original hash-based validator) so the validator slices txInfoOutputs
  to only the distributed UTxOs before running the pairing check and value
  conservation. Also update the FanOut.hs head output to carry the UTxO
  value so mustConserveValue passes, and add a unit test that appends a
  trailing wallet change output and asserts the transaction still
  evaluates — this would have caught the regression at the contract test
  level rather than requiring a devnet E2E run.

Signed-off-by: Sasha Bogicevic <[email protected]>

  The new accumulator-based headIsFinalizedWith validator checks that the
  head input value covers all distributed outputs. The test head output was
  missing UTxO.totalValue, causing H4 (HeadValueIsNotPreserved) failures.

Signed-off-by: Sasha Bogicevic <[email protected]>

Signed-off-by: Sasha Bogicevic <[email protected]>

Signed-off-by: Sasha Bogicevic <[email protected]>

  Remove utxoHash/alphaUTxOHash/omegaUTxOHash from ClosedDatum, all
  Close/Contest redeemers, and the snapshot signing tuple. The BLS
  accumulator already commits to the full UTxO set (utxo ∪ alpha ∪
  omega), making the three separate SHA256 hashes redundant.

  Full fanout now verifies outputs via a KZG membership proof (same as
  partial fanout) rather than hash comparison. The Fanout redeemer gains
  proof and crsRef fields; the three output-count fields are dropped.

  Snapshot signing shrinks from a 7-tuple to a 4-tuple
  (headId, version, snapshotNumber, accumulatorHash).

Signed-off-by: Sasha Bogicevic <[email protected]>

Also reduce a diff in the test code

Signed-off-by: Sasha Bogicevic <[email protected]>

Signed-off-by: Sasha Bogicevic <[email protected]>

  fanoutChunkSize and fanoutOutputThreshold are now defined once in
  Test.Hydra.Tx.Fixture and imported wherever needed, removing the
  per-file duplicates.

  prepareTxToPost gains explicit FanoutTx/FinalPartialFanoutTx branches
  (error) so GHC's exhaustiveness checker catches any future unhandled
  constructor, instead of silently falling through a wildcard.

  The two deadline-slot conversions in mkChain.postTx now throw
  FailedToConstructFanoutTx (a PostTxError Tx) instead of userError,
  so the exception is caught by Node.hs's PostTxError handler rather
  than propagating uncaught and crashing the node.

  Replace the hardcoded numToDistribute = totalUTxO - 1 in the partial
  fanout benchmarks with a binary search that finds the largest chunk
  actually fitting within both the tx size and execution budget, mirroring
  findFittingFanoutTx in the real node. The Remaining column in the output
  table now carries meaningful information instead of always showing 1.

  Also add ContestationDeadlineOutsideTimeHorizon to the PostTxError
  oneOf in api.yaml, which was defined in Chain.hs but missing from the
  schema, causing ServerOutputSpec to fail.

Signed-off-by: Sasha Bogicevic <[email protected]>

  computeFinalPartialFanOutCost was capped at 7 (fanoutChunkSize), hiding
  the real tx-size limit for the terminal fanout step. Now it sweeps a wide
  range and searches for the actual maximum, using a single preceding output
  as minimal setup to reach FanoutProgress.

  computePartialFanOutMixedCost also dropped its fanoutChunkSize cap and
  now distributes all-but-one outputs, consistent with the nominal benchmark.
  The stale description mentioning fanoutChunkSize is corrected accordingly.

Signed-off-by: Sasha Bogicevic <[email protected]>

  HeadLogic no longer uses fanoutChunkSize or fanoutOutputThreshold to decide
  which tx type to emit. For a fresh fanout it always emits FanoutTx; for an
  in-progress fanout it always emits FinalPartialFanoutTx. Handlers now owns the
  sizing decision: it tries the preferred tx first, then falls back to
  PartialFanoutTx with a decreasing chunk size (starting at N-1) until one fits
  within the execution budget, using a single shared findFittingFanoutTx helper.

  PartialFanoutTx is removed from PostChainTx — it is now an internal Handlers
  detail, never emitted by HeadLogic. fanoutChunkSize and fanoutOutputThreshold
  are removed from KZGTrustedSetup and all call sites.

Signed-off-by: Sasha Bogicevic <[email protected]>

- new behaviour in putMessage to handle grpc timeouts
- increase delays which triggered under significant loss

`cachix/install-nix-action@v30` uses the Determinate Systems Nix
installer which enables auto-optimise-store by default. This hard-links
identical store files to a shared `/nix/store/.links/<hash>` location.

On newer macOS, dyld resolves @loader_path using the canonical inode
path rather than the path used to exec the binary. So when a
haskell.nix-built binary (which links against `libHSghc-boot`
dynamically) gets hard-linked into `.links/`, dyld sees it as living
there and resolves `@loader_path` to `/nix/store/.links/` — making the
rpath `@loader_path/../lib/aarch64-osx-ghc-9.6.7` point to the
non-existent `/nix/store/lib/...` instead of the actual GHC library
directory.

Setting `auto-optimise-store = false` prevents the hard-linking, keeping
binaries at their proper store paths where `@loader_path` resolves
correctly.

<!-- Describe your change here -->

---

<!-- Consider each and tick it off one way or the other -->
* [ ] CHANGELOG updated or not needed
* [ ] Documentation updated or not needed
* [ ] Haddocks updated or not needed
* [ ] No new TODOs introduced or explained herafter

Co-authored-by: Noon <[email protected]>

Wait for #2324 to merge.

This makes a couple of changes to the tests:

1. Switch from hspec to tasty. Why? Few reasons, but 1 is I want to try
[tasty-cache](https://github.com/silky/tasty-cache);
2. We get some nice formatted test output in the PRs now:
<img width="870" height="1031" alt="image"
src="https://github.com/user-attachments/assets/0c660f0e-7103-4d78-a2cd-e1b3c2e0f5a6"
/>
3. Some more tests are ran in parallel

OpenDatum.accumulatorHash is only updated by on-chain Increment and
  Decrement transactions. Regular L2 snapshots are off-chain and never
  touch the Open datum, so the field is stale for any head that has
  processed L2 transactions.