Cardano Updates

- golden-handles.txt: 25 commonly-known mainnet handles (cardano, hosky,
  minswap, bigpey, charles, ... incl. enterprise-address eth/satoshi/crypto),
  all verified present on mainnet. Names only — handles are transferable NFTs,
  so addresses are asserted by shape + round-trip, not pinned (drift-proof).
- run-golden-handles.sh: forward lookup (well-formed addr1.../stake1...) +
  reverse-by-payment-address round-trip for each golden handle.
- run-rest-spotchecks.sh: fix stdin/heredoc collision (data now passed via
  argv, not a pipe that the heredoc program shadowed) and switch the DB sampler
  to JSON output so arbitrary UTF-8 handle names parse safely; skip empty names.
- SKILL.md: document the golden step and files.

Validated live against the in-progress mainnet sync: golden 25/25, sample 10/10.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

Remove the comment block above isDraftPullRequest() in
slack-message-broker.yml and the ref-validation comment in
haddock-site.yml.

Remove duplicate Block Forging.
Added cardano-node CPU load panel.
Added GC time panel.

Recent develop commits (test: network params and usedCostModelLanguages,
feat: pass protocol params to transform transaction) added source code
that uses 3.1.0-only exports (CostModels, PLUTUS_LANGUAGES,
CostModelLanguageName) but didn't refresh yarn.lock, so CI's yarn install
keeps the lockfile-pinned 3.0.2 and tsc fails. The dependency range
^3.0.2 already allows 3.1.0; this commit just re-resolves the lockfile.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

Rework the user-facing API per review:

- Rename the flag to --allow-unrestricted-mode. It is now a *permission*,
  not a request: it authorizes hw-cli to use unrestricted mode if the tx
  requires it, but never forces it on a tx that doesn't.
- Auto-apply unrestricted mode when the tx structurally requires it (i.e.
  when no other mode would accept it). A new requiresUnrestrictedMode
  helper in util.ts encapsulates the detection; the initial trigger is a
  required_signers field without collateral inputs (ORDINARY and MULTISIG
  forbid required_signers, and PLUTUS is only auto-inferred when collateral
  is present). The set is extensible.
- determineSigningMode no longer takes the flag; it returns UNRESTRICTED
  automatically when required. The permission check now lives in
  commandExecutor: if the inferred mode is UNRESTRICTED, refuse unless
  --allow-unrestricted-mode was passed, and refuse if the connected
  device/app does not support unrestricted signing. The previous "graceful
  ignore + warn" path is removed; the flag is permission so an unsupported
  device must fail (the tx is unsignable anywhere else).
- New errors: UnrestrictedModeRequiredError and
  UnrestrictedModeUnsupportedByDeviceError.
- README and unit tests updated for the new flag and auto-detect semantics.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

Conway governance workload under fault injection: 2 block producers
(cardano-node 11.0.1) under faults, 1 fault-excluded relay, and a
sleeping gov-cli container whose composer drivers run cardano-cli
governance operations against the relay.

- gov-configurator: cardonnay conway_fast genesis (committee seeded)
  plus governance_data assets, generation-only (no nodes)
- gov-cli: per-operation composer drivers (setup, create-info, vote,
  validators) in two interchangeable sets — bash (cardano-cli) and
  python (cardano-clusterlib), selected by DRIVER_LANG build arg

cardano-crypto-wallet links against libsodium for Argon2id KDF and
XChaCha20-Poly1305 AEAD. Without this override, the Windows
cross-compiled DLL links against the default system libsodium, which
is not available in the Wine iserv environment (only libsodium-vrf is
present there, used by all other crypto packages).

This caused the iserv to crash (exit 1) at TH-module boundaries when
compiling cardano-wallet for Windows/ucrt64.

- wallet-key-export.hs: pattern-match HashedCredentials instead of
  tuple; V2 keys exit with a clear error (no XPrv export possible)
- wallet-key-export-test.hs: wrap serializeXPrv args in HashedCredentialsV1
- PersistPrivateKeySpec.hs: bind IO-returning encryptedCreate with >>=
- LayerSpec.hs: remove now-redundant XPrv import (Werror)
- Cardano.Wallet: use encryptedChainCode in decryptV2 to supply the
  missing 32-byte chain code so CC.xprv receives the full 96 bytes

The merged cardano-base PR changed encryptedCreateDirectWithTweak,
encryptedValidatePassphrase, and encryptedKeyMaterial to return IO
instead of pure Either, since they operate on locked memory.

- Bump SRP tag to cb068e0 (merged HEAD of cardano-base master)
- mkV2Credentials: lift to IO, bind encryptedCreateDirectWithTweak
- attachPrivateKeyFromPwd: bind mkV2Credentials with <-
- withRootKey: separate STM read from IO validation so
  encryptedValidatePassphrase can run outside atomically
- migrateV1toV2: bind encryptedCreateDirectWithTweak with >>=
- decryptV2: lift to IO; use mlsbToByteString + mlsbFinalize instead
  of BA.convert (MLockedSizedBytes has no ByteArrayAccess instance)

Tracks the rename from cardano-crypto-wallet-v2 to cardano-crypto-wallet
and the module rename from Cardano.Crypto.WalletV2.Encrypted to
Cardano.Crypto.WalletHD.Encrypted.

Integrates the new cardano-crypto-wallet-v2 package from cardano-base,
replacing the legacy PBKDF2/ChaCha20 passphrase scheme for root key
storage with an authenticated v2 envelope format.

Key changes:

- HashedCredentials is now a sum type (V1 / V2) stored in the same DB
  columns; v1 keys are the existing 128-byte XPrv blob, v2 keys are a
  longer CBOR envelope distinguished by byte length on read-back.

- withRootKey opportunistically migrates v1 keys to v2 on every
  successful passphrase use, atomically and silently, so no user action
  or schema migration is needed.

- attachPrivateKeyFromPwd now always creates v2 credentials for new
  wallets; a reattachPrivateKey helper handles wallet delete-recreate
  flows (shared wallet activation) preserving the credential format.

- GET /v2/wallets/:id now includes encryption_method in the passphrase
  object ("scrypt", "pbkdf2-hmac-sha512", or "argon2id-v2"), allowing
  frontends to detect legacy keys and prompt for a passphrase change.
  The Byron wallet handler also gains an EncryptWithArgon2idV2 branch
  that was previously a silent fallthrough to Nothing.

- PassphraseScheme gains a FromText instance to support JSON round-trips
  via ApiT.

Test coverage added:

- PersistPrivateKeySpec: 6 roundtrip tests covering V1 Shelley/Byron and
  V2 Shelley/Byron (no-payload and with-payload) serialization, plus
  column-length and empty-hash invariants for V2 keys. Uses seed
  0x02*32 (a valid ed25519 extended-key seed) for deterministic V2 key
  construction.

- WalletSpec: three migration scenario tests — V1→V2 upgrade on
  passphrase use, rejection on wrong passphrase, and V2 idempotency.

Supporting fixes:

- WalletFlavor: added instance for TestState so DummyState satisfies
  the WalletFlavor constraint needed by withRootKey and related ops.

- Credentials: added Show instance for HashedCredentials.

- DerivationSpec, LayerSpec, StoreSpec: updated to the new
  HashedCredentials API (constructors, serialization signatures).

Quoting "$SCRIPT_REF" stops shell word-splitting but git still parses a
standalone argument starting with '-' as an option (e.g. --upload-pack),
which matters because script_ref comes from a workflow_dispatch input /
github.ref_name and runs on a self-hosted runner.

- Validate the ref against an allowlist (^[A-Za-z0-9_][A-Za-z0-9._/-]*$),
  rejecting leading '-' and stray characters.
- Pass it after --end-of-options on git fetch.
- Use the 'git checkout <tree-ish> -- <path>' form.