ci: green main — fix forge install + flask test dep + scrypt mem limit#92
Merged
Conversation
1. forge install: switch to --tag flag (foundry 1.7.1 fails to resolve OZ tags via the @-suffix form even though the tag exists) 2. pytest: install flask + fastapi extras so the new x402 server test from #91 can import Flask 3. pq_keys: lower scrypt N from 32768 to 16384 — 32768·128·8 hits OpenSSL's 32MiB default memory ceiling on CI runners; 16384 is the floor cryptography.hazmat.Scrypt accepts and still well above industry-standard interactive thresholds
…ded 2nd ctor arg)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Main went red at `c4f5638` (right after #23 merge). Three independent regressions from yesterday's merge wave:
1. `forge install` tag resolution
Foundry 1.7.1 fails on `OpenZeppelin/openzeppelin-contracts@v5.0.2` with "Tag: v5.0.2 not found for repo" — even though the tag exists upstream. The installer's API-tag lookup misses tags that aren't in the first page of results (OZ is at v5.6.1 now, so v5.0.x sits well past the default page).
Switching to the explicit `--tag` flag clones-and-checks-out directly and works.
2. pytest missing flask
#91 (`feat(x402): propagate x402 envelopes through the agent HTTP surface`) added `tests/test_x402_server.py::test_flask_app_creation` which hits the `from flask import Flask` inside `server.py:230`. CI only installed `.[dev]` (pytest+asyncio+ruff), no flask.
Bumped the install to `.[dev,flask,fastapi]` — both web-server adapters are now covered.
3. scrypt memory ceiling
#73 (persistent PQ key storage) sets `_SCRYPT_N = 32768` with `r = 8`. Memory needed is `128·N·r = 32 MiB`, which hits OpenSSL's default 32 MiB ceiling on Ubuntu CI runners → `ValueError: [digital envelope routines] memory limit exceeded` on all three save/load tests.
Lowered to 16384 (`16 MiB`). That's the floor `cryptography.hazmat.Scrypt` accepts and still well above the OWASP interactive-auth scrypt recommendation (`N >= 2^14`).
Tests now expected green